Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.433.origin
- Android.DownLoader.552.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Backdoor.433.origin
- Android.DownLoader.552.origin
Сетевая активность:
Подключается к:
- 1####.####.207
- 1####.####.207:8009
- 1####.####.212
- 1####.####.212:8009
- 3####.####.com
- a####.####.com
- a####.####.net
- boo####.####.cn
- c####.####.com
- c-h####.####.com
- datacol####.####.com
- h####.####.cn
- isds####.####.com
- m####.####.cn
- m####.####.com
- o####.####.com
- p####.####.com
- p####.####.com:6088
- ping####.####.com
- q####.####.cn
- r####.####.net
- s####.####.cn
- s####.####.com
- s####.####.net
- sdk-ope####.####.com
- t####.####.com
- t####.####.net
- u####.####.com
Запросы HTTP GET:
- 3####.####.com/webapp_octopus/img/common_headpic.png
- a####.####.com/o/ajax/log/ActionLog?page=####&fromcase=####&type=####&id...
- a####.####.com/v7/policy.php?d=####&t=####
- a####.####.net/offer/dist/aos/pkg/2.6.1/offers_2.6.1.zip
- a####.####.net/v3/zip_upd?s=####
- boo####.####.cn/cppartner/1x1/11x0/110x0/11000076770/11000076770.jpg
- c####.####.com/newwfs/banner_pic/%E6%B5%B7%E6%B4%8B%E4%BD%932.jpg
- h####.####.cn/mkkydcn/images/app_down/sprite.png
- isds####.####.com/cgi-bin/r.cgi?flag1=####&flag2=####&flag3=####&flag5=#...
- m####.####.cn/js/javascript/php_index.js?v=####
- m####.####.com/rtb?type=####&d=####&b=####&p=####&l=####&s=####&m=####&z...
- p####.####.com//lnk/desktop/create?appKey=####&channel=####&v=####
- p####.####.com/c/1496217931886
- p####.####.com/ma_pic2/0/shot_10416650_3_1496977732/550
- p####.####.com/qqmobile/qqapi.js?_bid=####
- ping####.####.com/pingd?scl=####&tt=####&tz=####&vs=####&dm=####&url=###...
- q####.####.cn/g?b=####&k=####&s=####&t=####
- r####.####.net/spot/aos/v2/reqv3?s=####
- s####.####.cn/ma_icon/0/icon_10416650_1496977734/96
- s####.####.com/config/hz-bjv4.conf
- s####.####.com/core/aos-dex/1608/6440/26b46b6e.jar
- s####.####.com/galileo/cbf7676eb52d196793aed303509eb936.jpg
- s####.####.com/s?type=####&r=####&tid=####&finfo=####&enup=####&mvid=###...
- s####.####.net/aos/v3/initf?s=####
- s####.####.net/stat/aos/v3/pkc?s=####
- t####.####.com/update.php?channel=####&uid=####&from=####&kernelVersion=...
Запросы HTTP POST:
- 1####.####.207/data.php?wType=####&channelCode=####&kkydinfoid=####&visi...
- 1####.####.207:8009/data.php?wType=####&channelCode=####&kkydinfoid=####...
- 1####.####.212/logpd.php
- 1####.####.212:8009/logpd.php
- a####.####.com/app_logs
- c-h####.####.com/api.php?format=####&t=####
- datacol####.####.com/api.php?type=####&duid=####&version=####
- o####.####.com/v2/check_config_update
- p####.####.com:6088/s/
- sdk-ope####.####.com/api.php?format=####&t=####
- t####.####.com/v7/dsp_stat.php
- t####.####.net/v2/android/pkgtime?rt=####&sign=####
- u####.####.com/frontend/web/index.php?r=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/agencyss
- <Package Folder>/app_cache/res.png
- <Package Folder>/app_cache/res.zip
- <Package Folder>/app_libs/ymdex.jar.new
- <Package Folder>/app_yoqdqb/9B67192FFC9A7EF12BD155A19944B36D.jar
- <Package Folder>/cache/####/0a375cc050edac01d6c937cf22fbe3e835982161095b09ebcb17e9911012d7ca.0.tmp
- <Package Folder>/cache/####/0f25ea2550492d4de45e592742dfa7c21003c45f464d17e7e1afa33398e88b9b.0.tmp
- <Package Folder>/cache/####/12494329d8ca451877ccf37ee345d01e36cde53bef148b0c774be1a1751cfafb.0.tmp
- <Package Folder>/cache/####/1f92676eb6e91dfa1bdfadc58eb432139c1fea6c8dd68d99ec84949a182f6d67.0.tmp
- <Package Folder>/cache/####/22a570e2ee4aa2a6a6d4faf82bc5182eb9f2c0782d352ce8a60048c55b37df01.0.tmp
- <Package Folder>/cache/####/356c93733b648fe93e13f4ec230d32d911e68ce56dbdce83db0241d5f5fc0240.0.tmp
- <Package Folder>/cache/####/3795efd0b29e95c81e15acacaedf13356e890eb1201fdc67374ffd597459898d.0.tmp
- <Package Folder>/cache/####/38e235ce88c38733ff1f0a652f1d3eb18cfa4887f074c66577f1fb3297b7c659.0.tmp
- <Package Folder>/cache/####/4f9869b8c6aadf5759bd4576b2902f5aa986f279af768b66e1d1b822c6205bb5.0.tmp
- <Package Folder>/cache/####/55324bd08aebed98c4f686ff3ddfb49163024d7d57bb47373550cb66b4b2b651.0.tmp
- <Package Folder>/cache/####/59ec773ff9fa8e213f39f3bd380000254432aac41046a470c390022cc17940de.0.tmp
- <Package Folder>/cache/####/7398d5ac5ab59832282412d78c1a0b3152af4410734f092bfd53f8d7adbe68c5.0.tmp
- <Package Folder>/cache/####/759aa7ff89a5efb79d4af5b861430a7c757cdcdf916969255fdbd96511ee11ae.0.tmp
- <Package Folder>/cache/####/88b086d505853d97689de6dee7554c6a4e0ab40bc205791548640e5f5d09e680.0.tmp
- <Package Folder>/cache/####/aa701d4bb2b4f8e8b47a48abe23d3f19bb172176b9f3faa174e7917ccf5fbc92.0.tmp
- <Package Folder>/cache/####/c87f0dfdb2d97de0c7c7740565532f2be72f63daae60454673ffddbd09d87c36.0.tmp
- <Package Folder>/cache/####/d3a98e8cdd00dd2caaf4a4af1a5e074f252d5c40d3731aa08c34a89ceeee7113.0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e11ae4295d3541599de72174ebd1160ef76d158793652a2c53f5f00e61c93edc.0.tmp
- <Package Folder>/cache/####/e624bd813b377c9a190bd59ac5289d8bb5ec6b35326213c33887fb4d46bd7cbd.0.tmp
- <Package Folder>/cache/####/f7b9aed2656f0a34c80a783302156d64435a39ae5dc662df165a5eacb5252c23.0.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/fb29028c4560fe6d5cc121a6498d19166e5e9bcbde38a9795d31d075264510bc.0.tmp
- <Package Folder>/cache/####/fdc6932425bf1cd1553606b7b5ba35f261b8f9ae3cd38f3a8a5cbea08e196780.0.tmp
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code_cache/####/<Package>-1.apk.classes-1753326807.zip
- <Package Folder>/databases/698fd5baf0305c5b15319671ec70193d
- <Package Folder>/databases/698fd5baf0305c5b15319671ec70193d-journal
- <Package Folder>/databases/6feab07fe3fa1fca4da91448c2740bf8
- <Package Folder>/databases/6feab07fe3fa1fca4da91448c2740bf8-journal
- <Package Folder>/databases/OxgHkj2lz09F
- <Package Folder>/databases/OxgHkj2lz09F-journal
- <Package Folder>/databases/P15pKIjsm64m
- <Package Folder>/databases/P15pKIjsm64m-journal
- <Package Folder>/databases/T1oX0rhhuXWt
- <Package Folder>/databases/T1oX0rhhuXWt-journal
- <Package Folder>/databases/XKwVoK0huy3R
- <Package Folder>/databases/XKwVoK0huy3R-journal
- <Package Folder>/databases/ad_down_db-journal
- <Package Folder>/databases/campaign_db
- <Package Folder>/databases/campaign_db-journal
- <Package Folder>/databases/f84a698c5549cafb3e31c272d9cb32d6-journal
- <Package Folder>/databases/ghost_web_view.db-journal
- <Package Folder>/databases/increment.db-journal
- <Package Folder>/databases/jqIqJYOT3JpT
- <Package Folder>/databases/jqIqJYOT3JpT-journal
- <Package Folder>/databases/pushsdk.db-journal
- <Package Folder>/databases/wIU6pTyUBYWX
- <Package Folder>/databases/wIU6pTyUBYWX-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/databases/wsUL1uCdKvjD
- <Package Folder>/databases/wsUL1uCdKvjD-journal
- <Package Folder>/databases/zitiguanjia.db-journal
- <Package Folder>/files/####/arrow-left.png
- <Package Folder>/files/####/arrow-right.png
- <Package Folder>/files/####/blank.gif
- <Package Folder>/files/####/close-icon.png
- <Package Folder>/files/####/default.png
- <Package Folder>/files/####/detail-wx.html
- <Package Folder>/files/####/detail-wx.js
- <Package Folder>/files/####/detail.html
- <Package Folder>/files/####/detail.js
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/feedback.html
- <Package Folder>/files/####/feedback.js
- <Package Folder>/files/####/finalcore.jar
- <Package Folder>/files/####/flow_pack.apk
- <Package Folder>/files/####/form.css
- <Package Folder>/files/####/global.js
- <Package Folder>/files/####/lists.css
- <Package Folder>/files/####/lists.html
- <Package Folder>/files/####/lists.js
- <Package Folder>/files/####/md5.js
- <Package Folder>/files/####/pic_m.png
- <Package Folder>/files/####/pic_tips_01.png
- <Package Folder>/files/####/pic_tips_02.png
- <Package Folder>/files/####/result.png
- <Package Folder>/files/####/rule.html
- <Package Folder>/files/####/sdetail.html
- <Package Folder>/files/####/share.css
- <Package Folder>/files/####/share.html
- <Package Folder>/files/####/share.js
- <Package Folder>/files/####/sprite-face.png
- <Package Folder>/files/####/sprite-icons.png
- <Package Folder>/files/####/sprite-icons2.png
- <Package Folder>/files/####/wx-step1.jpg
- <Package Folder>/files/####/wx-step2.jpg
- <Package Folder>/files/####/wx-step3.jpg
- <Package Folder>/files/####/wx-step4.jpg
- <Package Folder>/files/####/wx-step5.jpg
- <Package Folder>/files/.imprint
- <Package Folder>/files/INSTALLATION
- <Package Folder>/files/f16aa53997476bdf0bdd4596c918f481.zip
- <Package Folder>/files/init.pid
- <Package Folder>/files/mobclick_agent_cached_<Package>368
- <Package Folder>/files/pid
- <Package Folder>/files/push.pid
- <Package Folder>/files/qhcgfl
- <Package Folder>/files/run.pid
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml
- <Package Folder>/shared_prefs/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml.bak (deleted)
- <Package Folder>/shared_prefs/CE94557724F842149D690D0E8CBB1CBD.xml
- <Package Folder>/shared_prefs/DEVICE_UNIQ_FILE.xml
- <Package Folder>/shared_prefs/FontManager.xml
- <Package Folder>/shared_prefs/META_INFO.xml
- <Package Folder>/shared_prefs/META_INFO.xml.bak
- <Package Folder>/shared_prefs/OFFERSCONFIG1.xml
- <Package Folder>/shared_prefs/SP_CACHE.xml
- <Package Folder>/shared_prefs/SP_CACHE.xml.bak
- <Package Folder>/shared_prefs/advisers.xml
- <Package Folder>/shared_prefs/dcSharedPreferences.dat.xml
- <Package Folder>/shared_prefs/file_message.xml
- <Package Folder>/shared_prefs/onlineconfig_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/policy.xml
- <Package Folder>/shared_prefs/policy.xml.bak
- <Package Folder>/shared_prefs/post_info.xml
- <Package Folder>/shared_prefs/rg_sp_cache.xml
- <Package Folder>/shared_prefs/sdk_config.xml
- <Package Folder>/shared_prefs/sdk_config.xml.bak
- <Package Folder>/shared_prefs/spotData.xml
- <Package Folder>/shared_prefs/startCount.xml
- <Package Folder>/shared_prefs/umeng_feedback_conversations.xml
- <Package Folder>/shared_prefs/umeng_feedback_user_info.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/.sfp/.sfp
- <SD-Card>/.testf
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/373240561418738c721572c1da14b85e
- <SD-Card>/Android/####/373240561418738c721572c1da14b85e.ymtf
- <SD-Card>/Android/####/3993ed8d67d825d2d072d2b9ea0e0901.0.tmp
- <SD-Card>/Android/####/3993ed8d67d825d2d072d2b9ea0e0901.1
- <SD-Card>/Android/####/43143323b7d993e87a253c48e0e3da8c.0.tmp
- <SD-Card>/Android/####/43143323b7d993e87a253c48e0e3da8c.1
- <SD-Card>/Android/####/DXTX902KJZX9JASLDJF
- <SD-Card>/Android/####/DXTX902KJZX9JASLDJF.ymtf
- <SD-Card>/Android/####/adv
- <SD-Card>/Android/####/config
- <SD-Card>/Android/####/deviceId
- <SD-Card>/Android/####/fcaf8612e2ed1295a90dceb7e66ebcbd.0.tmp
- <SD-Card>/Android/####/fcaf8612e2ed1295a90dceb7e66ebcbd.1.tmp
- <SD-Card>/Android/####/i42d45df023jnkdd93la483f9xGFKXI
- <SD-Card>/Android/####/journal
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Android/####/master
- <SD-Card>/Android/####/master.lock
- <SD-Card>/Android/####/s92TjjdfoP2n3o9dfji2l9s1olkjf0p
- <SD-Card>/Android/####/sys_install
- <SD-Card>/com.qisi.koala/####/1496217916656
- <SD-Card>/com.qisi.koala/####/1496217918312
- <SD-Card>/com.qisi.koala/meta_data.dat
- <SD-Card>/font/####/0006a48021f1aeb9be42e3395f0d0e8a.dat
- <SD-Card>/font/####/011f469bc937a69b5a098fe84ba9f26c.dat
- <SD-Card>/font/####/083a21df8eac3cba74361adbb2cea912.dat
- <SD-Card>/font/####/1758a39d79e8832d0ee12b9aff412979.dat
- <SD-Card>/font/####/30227b8a369dcf725bd3cfd61ebddfc8.dat
- <SD-Card>/font/####/5eec735503618662cfe05df457766383.dat
- <SD-Card>/font/####/812413e3fa87d2ef8a9af84e38e88bf5.dat
- <SD-Card>/font/####/DroidNaskh-Regular.ttf
- <SD-Card>/font/####/DroidNaskhUI-Regular.ttf
- <SD-Card>/font/####/DroidSans-Bold.ttf
- <SD-Card>/font/####/DroidSans.ttf
- <SD-Card>/font/####/DroidSansFallback.ttf
- <SD-Card>/font/####/DroidSansMono.ttf
- <SD-Card>/font/####/MTLmr3m.ttf
- <SD-Card>/font/####/Roboto-BoldItalic.ttf
- <SD-Card>/font/####/Roboto-Light.ttf
- <SD-Card>/font/####/Roboto-Regular.ttf
- <SD-Card>/font/####/RobotoCondensed-Regular.ttf
- <SD-Card>/font/####/a2fa8d5caa4eb41961ea28e8fd253a23.dat
- <SD-Card>/font/####/be73f47bd404d560d51a97214983fcc9.dat
- <SD-Card>/font/####/bee537f2952893ff512c8c19fb64d10c.dat
- <SD-Card>/font/####/d2f29f4602e9a366e14306820635ade6.dat
- <SD-Card>/font/####/db2031babf565dd9570a07338186698e.dat
- <SD-Card>/font/####/db2706b655e18d79fe3cace09a4bde1c.dat
- <SD-Card>/font/####/f2120d99157f500905955bb9ed253f5d.dat
- <SD-Card>/font/####/f7fb77c815cf3bff01e46100d745bb1a.dat
- <SD-Card>/libs/<Package>.db
- <SD-Card>/libs/app.db
- <SD-Card>/libs/com.igexin.sdk.deviceId.db
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/kernel_max
- <dexopt>
- <error:2>
- <su-internal:result>
- app_process /system/bin com.android.commands.am.Am startservice --user 0 -n <Package>/open.lib.supplies.daemon.ProtectService
- cat /sys/class/net/wlan0/address
- dd if=<Package Folder>/lib/libnativeservices.so of=<Package Folder>/agencyss
- getprop
- getprop ro.vivo.os.name
- ls -l /system/bin/su
- sh
- su
Использует повышенные привилегии.
