Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 1556: DK HDC6
- 8005: TVA CHANNEL 8028 1 <IMEI> 3125
Сетевая активность:
Подключается к:
- a####.####.me
- ga####.com
- cdn-con####.####.com
Запросы HTTP GET:
- ga####.com/api.php?token=####&item=####&action=####
- ga####.com/g4v-content/uploads/2017/05/1-41-480x390.jpg
- ga####.com/g4v-content/uploads/2017/05/h1-giftcode-480x480.jpg
- ga####.com/g4v-content/uploads/2017/05/fsafafaf-480x337.jpg
- ga####.com/g4v-content/uploads/2017/05/217639_screenshot_06_l-480x270.jpg
- ga####.com/g4v-content/themes/mono/statics/libs/font-awesome-4.1.0/css/f...
- ga####.com/g4v-content/uploads/2017/05/1-2-480x203.png
- cdn-con####.####.com/themes/mono/css/style-min.css?v=####&ver=####
- cdn-con####.####.com/themes/mono/statics/libs/mmenu/css/jquery.mmenu.css...
- ga####.com/g4v-content/uploads/2017/05/disgaea5complete_screens-_5_-480x...
- ga####.com/g4v-content/uploads/2017/05/Disgaea-5-Complete-480x240.jpg
Запросы HTTP POST:
- ga####.com/api.php?token=####&cat=####&lm=####&page=####
- ga####.com/api.php?token=####&lm=####&page=####
- a####.####.me/check_reg.php?token=####&imei=####&appId=####&telco=####&r...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/databasesgame4vdblog-journal
- <Package Folder>/cache/ads1585762006.jar
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/app_sslcache/api.parse.com.443
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970306-0002-0848-CCD6F823DDB3SessionOS.cls_temp
- <Package Folder>/app_Parse/CommandCache/CachedCommand_0000015c154ece34_00000001_-1302279432
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970045-0001-0848-CCD6F823DDB3BeginSession.cls_temp
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answers;com.crashlytics.android.answers.Answers.xml
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/initialization_marker
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics.tap.tmp
- <Package Folder>/databasesgame4vdblog
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970045-0001-0848-CCD6F823DDB3SessionUser.cls_temp
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/databases/game4vdblog-journal
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics_to_send/sa_548e6bed-bfdd-42d2-ab49-37565daf8b05_1495006103799.tap
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.fabric.sdk.android.Onboarding.xml
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/shared_prefs/sub.xml
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970306-0002-0848-CCD6F823DDB3BeginSession.cls_temp
- <Package Folder>/app_Parse/CommandCache/CachedCommand_0000015c154ec446_00000000_913979117
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/webviewCacheChromium/f_000004
- <Package Folder>/app_Parse/installationId
- <Package Folder>/app_Parse/LocalId/local_f8e8c7be2ebfe9d7
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970306-0002-0848-CCD6F823DDB3SessionApp.cls_temp
- <Package Folder>/app_Parse/LocalId/local_bc78629809b5263f
- <Package Folder>/files/.Fabric/io.fabric.sdk.android;fabric/com.crashlytics.settings.json
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970306-0002-0848-CCD6F823DDB3SessionDevice.cls_temp
- <Package Folder>/cache/com.parse/applicationId
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android;answers/session_analytics.tap
- <Package Folder>/databases/game4vdblog
- <Package Folder>/app_Parse/pushState
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970045-0001-0848-CCD6F823DDB3SessionDevice.cls_temp
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970045-0001-0848-CCD6F823DDB3SessionOS.cls_temp
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/app_Parse/CommandCache/CachedCommand_0000015c154ec062_00000000_913979117
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/591BFB970045-0001-0848-CCD6F823DDB3SessionApp.cls_temp
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/cache/ApplicationCache.db-journal
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
