Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.463.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.DownLoader.463.origin
Сетевая активность:
Подключается к:
- 1####.####.cn
- 1####.####.cn:88
- a####.####.com
- b####.com
- c####.####.cn
- c####.####.org
- c####.####.org:13631
- h####.com
- i####.####.com
- im####.####.cn
- iy####.com
- p####.####.com
- s####.####.in
- t####.####.cn
- w####.com
- zd####.com
Запросы HTTP GET:
- 1####.####.cn/Discuz/forum/201211/21/141024m9hwhvchs115wcs5.jpg
- 1####.####.cn:88/Discuz/forum/201211/21/141024m9hwhvchs115wcs5.jpg
- b####.com/uploads/allimg/130618/1-13061PU442.jpg
- c####.####.cn/chinese/zwyichan/photo/S0605/images/1-1.jpg
- c####.####.org/cnls/CN9086
- c####.####.org:13631/cnls/CN9086
- h####.com/
- i####.####.com/2014/f6/96/d/84.jpg
- i####.####.com/tuku/yulantu/140421/330226-1404211P51621.jpg
- i####.####.com/uploadImages/2012/236/MY5VY3I33BF9.jpg
- i####.####.com/uploads/sc/jpg/HD/5/3007.jpg
- im####.####.cn/allimg/1/20150119230206.jpg
- iy####.com/yodlq/attachement/jpg/site2/20080823/00138f2576900a1a3c5f56.jpg
- p####.####.com/fengjingbizhi/shijieshanshuifengguanghejikuanpingbizhi/sh...
- s####.####.in/coopic/home.php?udid=####&os=####&osv=####&dt=####&dml=###...
- t####.####.cn/xhForum/xhdisk002/M00/07/C6/wKhJC1JojlQEAAAAAAAAAAAAAAA105...
- w####.com/d/file/20130422/77372871eb47ee00ba3b2dad9b072725.jpg
- zd####.com/pic001/jd11/2006051016410636219.jpg
Запросы HTTP POST:
- a####.####.com/app_logs
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_lib/libmain.so
- <Package Folder>/cache/####/icon.jpg
- <Package Folder>/cache/####/icon1.jpg
- <Package Folder>/cache/####/icon2.jpg
- <Package Folder>/cache/####/icon4.jpg
- <Package Folder>/cache/####/icon5.jpg
- <Package Folder>/files/####/.myd
- <Package Folder>/files/####/.x.sh
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/killall
- <Package Folder>/files/####/r0
- <Package Folder>/files/####/r1
- <Package Folder>/files/####/r2
- <Package Folder>/files/####/r3
- <Package Folder>/files/####/r4
- <Package Folder>/files/####/r5
- <Package Folder>/files/####/r6
- <Package Folder>/files/####/r8
- <Package Folder>/files/####/su
- <Package Folder>/files/####/su2
- <Package Folder>/files/.an.prop
- <Package Folder>/files/.imprint
- <Package Folder>/files/.m.jar
- <Package Folder>/files/.m.prop
- <Package Folder>/files/Test.Myd.zip
- <Package Folder>/files/Test.ToolAbs.zip
- <Package Folder>/files/Test.bbox.zip
- <Package Folder>/files/busybox
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/.y.jar
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/gallst.xml
- <Package Folder>/shared_prefs/mkad.xml
- <Package Folder>/shared_prefs/mobads.xml
- <Package Folder>/shared_prefs/test.xml
- <Package Folder>/shared_prefs/tmp0a01.xml.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/._X0
- <SD-Card>/._X1
- <SD-Card>/.tmp_
- <SD-Card>/Android/####/._LOST_.DATA.B
- <SD-Card>/Android/####/._LOST_.DATA.D
- <SD-Card>/Android/####/._LOST_.DATA.E
- <SD-Card>/Android/####/._LOST_.DATA.T
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/2310jatosq0s5mr6o05epl2uh0.tmp
- <SD-Card>/Android/####/2dh12qcpbeexnjv0x710we68e0.tmp
- <SD-Card>/Android/####/2joiw8apqqartxrx863i0hdzx0.tmp
- <SD-Card>/Android/####/2z3zv38nhncwqu39q4xt848ag0.tmp
- <SD-Card>/Android/####/3lf9lz30goscoqtpo30nw0aiu0
- <SD-Card>/Android/####/3ndzf2kvfoj68yo6p4ietlr8z0
- <SD-Card>/Android/####/3ndzf2kvfoj68yo6p4ietlr8z0.tmp
- <SD-Card>/Android/####/444wllp9g5hb6sdapbaz4d69e0
- <SD-Card>/Android/####/5emxf1wwngu7zdmtf7xssqzyp0.tmp
- <SD-Card>/Android/####/5h7swvglzrwflzcdcy2t541sf0.tmp
- <SD-Card>/Android/####/5yft6fn571szao3qrn9nze2k00.tmp
- <SD-Card>/Android/####/6931tnrv5qsdz5o69s74iwmq50
- <SD-Card>/Android/####/7g85s5tjijvmb1doqtvz4nt1i0
- <SD-Card>/Android/####/journal
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Android/...130
- <SD-Card>/Android/...131
- <SD-Card>/Android/...180
- <SD-Card>/Android/...181
- <SD-Card>/Android/...190
- <SD-Card>/Android/...191
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.slim.gallery/files/.z/r0 -c /data/data/com.slim.gallery/files/.z/.x.sh
- /data/data/com.slim.gallery/files/.z/r1 -C '/data/data/com.slim.gallery/files/.z/.x.sh'
- /data/data/com.slim.gallery/files/.z/r1 -auto
- /data/data/com.slim.gallery/files/.z/r1 /data/data/com.slim.gallery/files/.z/.x.sh
- /data/data/com.slim.gallery/files/.z/r2
- /data/data/com.slim.gallery/files/.z/r2 -c /data/data/com.slim.gallery/files/.z/.x.sh
- /data/data/com.slim.gallery/files/.z/r3
- /data/data/com.slim.gallery/files/.z/r3 -c /data/data/com.slim.gallery/files/.z/.x.sh
- /data/data/com.slim.gallery/files/.z/r4 -c /data/data/com.slim.gallery/files/.z/.x.sh
- /data/data/com.slim.gallery/files/.z/r4 PFMMehxvMFk2VSFN8Aw8XGXh91UNiESr/iPn2mHZOg== 3u5ydeZkuIN7B1MIi0sjkwufUjbm /system/bin/sh
- /data/data/com.slim.gallery/files/.z/r5 /system/bin/sh
- /data/data/com.slim.gallery/files/.z/r6 /system/bin/sh
- /data/data/com.slim.gallery/files/.z/r8
- /data/data/com.slim.gallery/files/.z/su2 HygZRm2IHTKWpp7Hll/sS0uY66xdcw== /data/data/com.slim.gallery/files/.z/.x.sh
- /data/data/com.slim.gallery/files/.z/su2 al1s7jBFNtn9faBmC0Jb9A9NslGZSg== /data/data/com.slim.gallery/files/.z/.x.sh
- /data/data/com.slim.gallery/files/.z/su2 f0h5zguZ9aJXbCZExMaN2kDhh6V0Uw== /data/data/com.slim.gallery/files/.z/.x.sh
- <dexopt>
- <error:2>
- chmod 775 /data/data/com.slim.gallery/app_lib
- chmod 775 <Package Folder>/app_lib
- sh <Package Folder>/files/.z/r0 -c <Package Folder>/files/.z/.x.sh
- sh <Package Folder>/files/.z/r1 -C '<Package Folder>/files/.z/.x.sh'
- sh <Package Folder>/files/.z/r1 -auto
- sh <Package Folder>/files/.z/r1 <Package Folder>/files/.z/.x.sh
- sh <Package Folder>/files/.z/r2
- sh <Package Folder>/files/.z/r2 -c <Package Folder>/files/.z/.x.sh
- sh <Package Folder>/files/.z/r3
- sh <Package Folder>/files/.z/r3 -c <Package Folder>/files/.z/.x.sh
- sh <Package Folder>/files/.z/r4 -c <Package Folder>/files/.z/.x.sh
- sh <Package Folder>/files/.z/r4 PFMMehxvMFk2VSFN8Aw8XGXh91UNiESr/iPn2mHZOg== 3u5ydeZkuIN7B1MIi0sjkwufUjbm /system/bin/sh
- sh <Package Folder>/files/.z/r5 /system/bin/sh
- sh <Package Folder>/files/.z/r6 /system/bin/sh
- sh <Package Folder>/files/.z/r8
- sh <Package Folder>/files/.z/su2 HygZRm2IHTKWpp7Hll/sS0uY66xdcw== <Package Folder>/files/.z/.x.sh
- sh <Package Folder>/files/.z/su2 al1s7jBFNtn9faBmC0Jb9A9NslGZSg== <Package Folder>/files/.z/.x.sh
- sh <Package Folder>/files/.z/su2 f0h5zguZ9aJXbCZExMaN2kDhh6V0Uw== <Package Folder>/files/.z/.x.sh
