Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.RemoteCode.32
Сетевая активность:
Подключается к:
- tb####.com
- i####.####.com
Запросы HTTP GET:
- tb####.com/image/cr05.jpg
- tb####.com/image/nv06.jpg
- tb####.com/image/cr31.jpg
- tb####.com/image/nv04.jpg
- tb####.com/image/mt06.jpg
- tb####.com/image/cr41.jpg
- tb####.com/image/cr37.jpg
- tb####.com/image/cr34.jpg
- tb####.com/image/cr21.jpg
- tb####.com/image/cr15.jpg
- tb####.com/image/v08.jpg
- i####.####.com/service/getIpInfo2.php?ip=####
- tb####.com/image/cr28.jpg
- tb####.com/image/cr01.jpg
- tb####.com/image/cr10.jpg
- tb####.com/image/mt02.jpg
- tb####.com/image/mt05.jpg
- tb####.com/image/cr25.jpg
- tb####.com/image/cr45.jpg
- tb####.com/image/cr18.jpg
- tb####.com/image/lb03.jpg
- tb####.com/image/lb05.jpg
- tb####.com/image/cr14.jpg
- tb####.com/image/nv05.jpg
- tb####.com/image/cr33.jpg
- tb####.com/image/cr35.jpg
- tb####.com/image/v07.jpg
- tb####.com/image/cr17.jpg
- tb####.com/image/mt03.jpg
- tb####.com/image/sk01.jpg
- tb####.com/image/cr38.jpg
- tb####.com/image/sk02.jpg
- tb####.com/image/cr42.jpg
- tb####.com/image/cr30.jpg
- tb####.com/image/cr44.jpg
- tb####.com/image/lb01.jpg
- tb####.com/image/nv01.jpg
- tb####.com/image/cr16.jpg
- tb####.com/image/cr39.jpg
- tb####.com/image/cr26.jpg
- tb####.com/image/cr29.jpg
- tb####.com/image/wm45.jpg
- tb####.com/image/v05.jpg
- tb####.com/image/cr20.jpg
- tb####.com/image/cr23.jpg
- tb####.com/image/cr36.jpg
- tb####.com/image/cr06.jpg
- tb####.com/image/cr12.jpg
- tb####.com/image/cr40.jpg
- tb####.com/image/cr03.jpg
- tb####.com/image/cr32.jpg
- tb####.com/image/cr19.jpg
- tb####.com/image/nv03.jpg
- tb####.com/image/cr07.jpg
- tb####.com/image/cr09.jpg
- tb####.com/image/lb04.jpg
- tb####.com/image/mt04.jpg
- tb####.com/image/lb06.jpg
- tb####.com/image/cr24.jpg
- tb####.com/image/cr22.jpg
- tb####.com/image/cr43.jpg
- tb####.com/image/cr08.jpg
- tb####.com/image/mt01.jpg
- tb####.com/image/cr04.jpg
- tb####.com/image/v06.jpg
- tb####.com/image/nv02.jpg
- tb####.com/image/lb02.jpg
- tb####.com/image/cr02.jpg
- tb####.com/image/wm01.jpg
- tb####.com/image/cr27.jpg
- tb####.com/image/cr13.jpg
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/EOZTzhVG.jar
- <Package Folder>/files/.libs/libus.so
- <Package Folder>/shared_prefs/MYYR.xml
- <Package Folder>/files/.libs/libvia_pay.so
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
