Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Загружает из Интернета следующие детектируемые угрозы:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- s####.####.com
- com####.####.com
- mo####.####.com
- h####.####.com
- d####.####.cn
- y####.####.cn
- p####.####.com
- c####.####.com
- d####.####.com
- e####.####.com
- b####.####.cn
- m####.####.com
- a####.####.com
Запросы HTTP GET:
- d####.####.com/js/wap/libs/zepto.min.js
- d####.####.com/allimg/121212/4_121212155825_1.jpg
- mo####.####.com/cpro/ui/mads.php?code2=####&b1496213086462=####
- d####.####.com/allimg/mmtl/mhfm/kuaidixia.jpg
- d####.####.com/allimg/160224/32_160224170050_1.jpg
- d####.####.com/130607/4-13060GA340X1.jpg
- d####.####.com/allimg/150407/33_150407155028_1.jpg
- d####.####.com/allimg/mmtl/mhfm/xixingji3.jpg
- m####.####.com/manhua/
- m####.####.com/mh/zaowufaze/
- d####.####.com/allimg/160229/32_160229172541_1.jpg
- d####.####.com/allimg/170317/41_170317111526_1.jpg
- d####.####.com/allimg/mmtl/mhfm/xiaxingjiutian.jpg
- mo####.####.com/cpro/ui/mads.php?code2=####
- d####.####.com/allimg/160902/29_160902140841_1.jpg
- d####.####.com/allimg/zlhht/mhfm/hhyjx.jpg
- d####.####.com/allimg/mmtl/mhfm/yaosushan.jpg
- mo####.####.com/ads/pa/__pasys.apk
- d####.####.com/allimg/150605/32_150605112049_1.jpg
- d####.####.com/allimg/121220/4_121220144112_2.jpg
- d####.####.com/js/wap/libs/hammer.js
- mo####.####.com/ads/js/c.js
- d####.####.com/allimg/zlhht/mhfm/bichulideshaonian.jpg
- d####.####.com/images/wap/manhua/v1/logo.png
- d####.####.com/allimg/140122/15_140122154757_2.jpg
- h####.####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&...
- d####.####.com/allimg/mmtl/mhfm/wzdwsty.jpg
- d####.####.com/mh/zaowufaze/094u/002.jpg?20####
- d####.####.com/allimg/mmtl/mhfm/lingzhu.jpg
- d####.####.com/allimg/mmtl/mhfm/bailianchengshen.jpg
- d####.####.com/allimg/120712/4_120712113822_1.jpg
- d####.####.com/allimg/160901/32_160901160000_1.jpg
- d####.####.com/js/wap/libs/m.dialog.js?v=####
- d####.####.com/allimg/mmtl/mhfm/yerenwahaha.jpg
- mo####.####.com/ads/css/min/main.css
- d####.####.com/js/wap/libs/m.dialog.js
- d####.####.com/allimg/130318/15_130318173347_1.jpg
- mo####.####.com/cpro/ui/mads.php?code2=####&b1496213105265=####
- d####.####.com/allimg/120809/4_120809144335_1.jpg
- d####.####.com/allimg/121017/4_121017153145_1.jpg
- d####.####.com/js/wap/libs/baiduTemplate.js
- d####.####.com/css/wap/manhua/v1/style.css
- d####.####.com/images/wap/manhua/v1/icon.png
- d####.####.com/allimg/130704/15_130704155809_2.jpg
- d####.####.com/allimg/121030/4_121030154750_1.jpg
- d####.####.com/allimg/120717/6_120717173427_1.jpg
- m####.####.com/images/jiujiu/15.gif
- d####.####.com/allimg/130403/7_130403124125_1.jpg
- mo####.####.com/ads/ads.appcache
- d####.####.com/allimg/mmtl/mhfm/muqiling.jpg
- d####.####.com/allimg/mmtl/rexue.jpg
- mo####.####.com/ads/pa/__pasys_remote_banner.php?v=####&tp=####&os=####&...
- d####.####.com/allimg/mmtl/mhsy/zaowufaze.jpg
- mo####.####.com/cpro/ui/mads.php?code2=####&b1496213116814=####
- mo####.####.com/ads/pa/__pasys.php
- d####.####.com/allimg/mmtl/mhfm/henxiyou.jpg
- m####.####.com/manhua/category/
- d####.####.com/js/wap/commons/m.comment.js
- d####.####.com/js/dmcount.js
- com####.####.com/images/douwa/07.gif
- d####.####.com/allimg/160125/32_160125172450_1.jpg
- s####.####.com/img/pic.gif
- d####.####.com/allimg/mmtl/mhfm/jiyinlieren4.jpg
- d####.####.com/allimg/mmtl/mhfm/langmanshizhong1.jpg
- d####.####.com/js/wap/libs/m.toggleText.js
- d####.####.com/allimg/120717/17_120717231713_1.jpg
- d####.####.com/allimg/zlhht/mhfm/ywfg.jpg
- c####.####.com/9.gif?abc=####&rnd=####
- d####.####.com/allimg/mmtl/mhfm/wandouxiaozhuan.jpg
- mo####.####.com/ads/js/ads.trunk.js
- mo####.####.com/ads/index.htm
- com####.####.com/images/douwa/12.gif
- d####.####.com/allimg/160307/32_160307173122_1.jpg
- d####.####.com/allimg/zlhht/mhfm/chukouweiling.jpg
- d####.####.com/js/wap/libs/fastclick.js
- d####.####.com/css/wap/commons/m.comment_rem.css
- d####.####.com/allimg/160905/7_160905143836_1.jpg
- m####.####.com/search/mh_cata_search.php?type=####
- d####.####.com/allimg/130513/15_130513154746_1.jpg
- d####.####.com/allimg/mmtl/mhfm/mengjun.jpg
- d####.####.com/allimg/170216/6_170216101235_1.jpg
- d####.####.com/allimg/170527/41_170527111647_1.jpg
- e####.####.com/hmt/icon/21.gif
- d####.####.com/allimg/mmtl/mhfm/jiuxiangygnpy120.jpg
- a####.####.com/2373903822/small
- d####.####.com/allimg/160901/28_160901152802_1.jpg
- d####.####.com/js/wap/manhua/v1/mpage.js
- d####.####.com/allimg/mmtl/mhfm/zilaishui2.jpg
- d####.####.cn/jarFile/SDKAutoUpdate/wet4.jar
- d####.####.com/images/wap/manhua/v1/i_exp.png
- mo####.####.com/cpro/ui/mads.php?code2=####&b1496213089541=####
- m####.####.com/manhua/history/
- d####.####.com/allimg/160125/32_160125172422_1.jpg
- d####.####.com/allimg/mmtl/mhfm/huaguoysz120.jpg
- d####.####.com/allimg/160125/32_160125172338_1.jpg
- d####.####.com/js/wap/libs/m.slide.js?v=####
- d####.####.com/allimg/160125/32_160125172506_1.jpg
- b####.####.cn/s/blog_dae7be800102wthm.html
- d####.####.com/allimg/xiugai/2561x.jpg
- d####.####.com/allimg/170421/42_170421162836_1.jpg
- d####.####.com/allimg/130403/7_130403115123_1.jpg
- d####.####.com/allimg/160324/32_160324165525_1.jpg
- mo####.####.com/cpro/ui/mads.php?code2=####&b1496213086451=####
- s####.####.com/stat.php?id=####&web_id=####&show=####
- a####.####.com/2198323072/small
- p####.####.com/cityjson?ie=####
- d####.####.com/allimg/mmtl/mhfm/cshmzqsgl120.jpg
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln...
- m####.####.com/mh/zaowufaze/294236.html
- a####.####.com/0/small
- d####.####.com/allimg/120605/15_120605163132_1.jpg
- mo####.####.com/ads/pa/__pasys_remote_banner.jar
- d####.####.com/allimg/150521/32_150521105842_1.jpg
- d####.####.com/allimg/160125/32_160125172407_1.jpg
- mo####.####.com/cpro/ui/mads.php?code2=####&b1496213088584=####
- d####.####.com/allimg/zlhht/mhfm/diqiumori.jpg
- d####.####.com/allimg/mmtl/mhfm/guangying2.jpg
- m####.####.com/images/jiujiu/59.gif
- d####.####.com/allimg/mmtl/mhfm/chuling.jpg
- d####.####.com/allimg/130403/7_130403120355_1.jpg
- d####.####.com/allimg/mmtl/mhfm/mengsanguo120.jpg
- d####.####.com/130701/4-130F1151422548.jpg
- d####.####.com/130624/4-130624163F0426.jpg
- d####.####.com/allimg/150522/6_150522145234_1.jpg
- s####.####.com/core.php?web_id=####&show=####&t=####
- com####.####.com/comic/8983/8983_1_js.html
- d####.####.com/allimg/160125/32_160125172518_1.jpg
- d####.####.com/css/wap/commons/m.dialog.css?v=####
- d####.####.com/allimg/xiugai/1690d.jpg
- d####.####.com/130916/4-130916162435291.jpg
- d####.####.com/allimg/130520/15_130520174041_1.jpg
- d####.####.com/js/wap/manhua/v1/mpage160922.js?v=####
- d####.####.com/allimg/mmtl/mhfm/biaoren.jpg
- d####.####.com/allimg/xiaduo/151.jpg
- a####.####.com/870265378/small
- h####.####.com/h.js?6bed68d####
- d####.####.com/allimg/mmtl/mhfm/niyudaodeyaoguai.jpg
- d####.####.com/mh/zaowufaze/094u/001.jpg?20####
- d####.####.com/allimg/mmtl/mhfm/xisijkgsh120.jpg
- d####.####.com/css/wap/manhua/v1/style.css?v=####
- com####.####.com/images/douwa/08.gif
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja...
- d####.####.com/allimg/xiugai/2427x.jpg
- d####.####.com/allimg/xiugai/2427d.jpg
Запросы HTTP POST:
- y####.####.cn/k2?protocol=####&version=####&cid=####
- a####.####.com/app_logs
- y####.####.cn/k1?requestId=####&g=####&ua=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/files/__pasys_remote_banner.tmp.jar
- <Package Folder>/files/.imprint
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/cache/webviewCacheChromium/f_00000a
- <Package Folder>/cache/webviewCacheChromium/f_00000c
- <Package Folder>/cache/webviewCacheChromium/f_00000b
- <Package Folder>/cache/webviewCacheChromium/f_00000e
- <Package Folder>/cache/webviewCacheChromium/f_00000d
- <Package Folder>/app_database/ApplicationCache.db-journal
- <Package Folder>/files/__pasys.apk.beforesign
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/files/.umeng/exchangeIdentity.json
- <Package Folder>/app_database/localstorage/http_m.4399dmw.com_0.localstorage-journal
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/cache/webviewCacheChromium/f_000009
- <Package Folder>/cache/webviewCacheChromium/f_000008
- <Package Folder>/files/exid.dat
- <Package Folder>/files/__pasys_remote_banner.jar.beforesign
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/webviewCacheChromium/f_000005
- <Package Folder>/cache/webviewCacheChromium/f_000004
- <Package Folder>/cache/webviewCacheChromium/f_000007
- <Package Folder>/cache/webviewCacheChromium/f_000006
- <Package Folder>/databases/downloadswc
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/databases/ua.db
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/app_database/localstorage/http_mobads.baidu.com_0.localstorage-journal
- <Package Folder>/shared_prefs/WebViewSettings.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
