Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.226.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Triada.226.origin
Сетевая активность:
Подключается к:
- 0####.####.com
- 6####.####.140
- a####.####.com
- ad####.####.com
- ada####.####.com
- d####.####.com
- i####.####.com
- lian####.####.com
- m####.####.com
- q####.####.cn
- q####.####.com
- statist####.####.com
- w####.####.cn
Запросы HTTP GET:
- 0####.####.com/mobile/20170618/20170618132402_559da3cd4550c2bb383f07c170...
- 6####.####.140/ando/i/mon?k=####&d=####
- ad####.####.com/rest/gc2?ak=####&av=####&c=####&d=####&sv=####&t=####&is...
- i####.####.com/ando-res/ads/4/5/d73ab4a4-4c75-43a7-a3c9-5bdabd9437c8/d26...
- m####.####.com/mobile/170617031820677.html
- q####.####.cn/qqapp/1104868242/D0FF2F311B98F4D9FD756B9AA0730CC4/100
- w####.####.cn/mmopen/bgWNqyqFjMJBSmscYzCibeZKm7ickjwg4ibJep8LRNcC53iat7g...
Запросы HTTP POST:
- a####.####.com/app_logs
- ada####.####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=####&sv...
- d####.####.com/dfh_dingyue/newsrewards
- lian####.####.com/union/api
- q####.####.com/c/324f4598888150ff?d=####&v=####
- statist####.####.com/api/statistics/order.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/0896a3633f4af6297a2d3fc6ce1f1967c1bcf80ec32567a25e36a6f85c78d3b3.0.tmp
- <Package Folder>/cache/####/119524e9daa0716569c7503151a60471121108b06004f1b598e58af6be6d3c95.0.tmp
- <Package Folder>/cache/####/17067f718793cbeedd56868c3d0f50228b7473c87bab1de58b1cb794bfb199d9.0.tmp
- <Package Folder>/cache/####/2101fb94cc8685423ff53eda8c2623933b63012584bd35fd2368e765f92b4d25.0.tmp
- <Package Folder>/cache/####/4814c9320b8546fe67a2162800632efc684e65e3f19f347be0443231b96314cb.0.tmp
- <Package Folder>/cache/####/5ab28625544fac95a5643293d31463152c154d1ef61032c9edb417adeeb6b6ff.0.tmp
- <Package Folder>/cache/####/5ec08ce5204415c27066ef9c18f0d25df65fc0e34b6a5a7fddb3abd02b448c36.0.tmp
- <Package Folder>/cache/####/66d3c9e7a1f63882810cbc8e835b547d16f1b12b48e658514cd937443258e5bb.0.tmp
- <Package Folder>/cache/####/7372cab5ae10ce60698a4d3d9e79b38020dddc8d90e68545714f21d5e01f556b.0.tmp
- <Package Folder>/cache/####/8e088b94c85bfa0f2418ffe81e8acf54bc9fd3f2e81b7fd61a10832758ba4bbf.0.tmp
- <Package Folder>/cache/####/92e432b12c3e6864de4347c1b536b12e9ddbb7e6b79bf2a685c4ab0340382c9e.0.tmp
- <Package Folder>/cache/####/987bab086d7b9f05ac7cd77561cc73b2a12c91084fd092f862546b5e1aae9e99.0.tmp
- <Package Folder>/cache/####/a8b10336a60bc3b88414a8d02da2492293ee7627bdf346c7e667cf9f5f65b774.0.tmp
- <Package Folder>/cache/####/a91147807b821b6a0bcb3a36d81a56f6f6cef59cf18401422a489d3d8c60a15b.0.tmp
- <Package Folder>/cache/####/bf34c8853b60305ff6d75211f99788670479eab8e1813c68d476bd4213118926.0.tmp
- <Package Folder>/cache/####/c60933ecff134d8e5732812fd045dfc4787b5f761c95956c3f8e049f93cd2556.0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/ebb03f5f16a56e874ab28a0b00e5796c7b3d533d8008127501bbb1b8bca6a1ac.0.tmp
- <Package Folder>/cache/####/f0374d66f723b0351047c326e9e72954b06e6b632062db54dd66d769a39174cf.0.tmp
- <Package Folder>/cache/####/f499fef0e4e8965ce772e1aa92b2a6a038d44d8cc6e5e4a5d4058872b51e8988.0.tmp
- <Package Folder>/cache/####/f5f995628a9e208dba9ae839546375eb16faac58e90fd808a550f30e6bcdb71e.0.tmp
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/machine_list
- <Package Folder>/cache/video_channel_list
- <Package Folder>/cache/weather_city.db
- <Package Folder>/cache/weather_city.db-journal
- <Package Folder>/code-5696218/####/kClubR7I8Ph67amP.jar
- <Package Folder>/code-5696218/gE7D2wZCvldkqJxl
- <Package Folder>/code_cache/####/<Package>-1.apk.classes-1587655196.zip
- <Package Folder>/code_cache/####/<Package>-1.apk.classes1798117159.zip
- <Package Folder>/code_cache/####/<Package>-1.apk.classes2092550355.zip
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_UiT-0G18tD4=-journal
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_W0rwpySG3fUj4D5iRIEZ6-WAFg8=
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_W0rwpySG3fUj4D5iRIEZ6-WAFg8=-journal
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_b0rIhIHX9cmvp2R5
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_b0rIhIHX9cmvp2R5-journal
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_jpZY-xfEMkYtqG201YQ45w==
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_jpZY-xfEMkYtqG201YQ45w==-journal
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_sGUWdjt6u5r9crUt0yGOcg==
- <Package Folder>/databases/-d4eIWZ2B2YundCo6d-a8TcuJBps7A4B_sGUWdjt6u5r9crUt0yGOcg==-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/east_news_db
- <Package Folder>/databases/east_news_db-journal
- <Package Folder>/databases/jpush_local_notification.db
- <Package Folder>/databases/jpush_local_notification.db-journal
- <Package Folder>/databases/jpush_statistics.db
- <Package Folder>/databases/jpush_statistics.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/ut.db
- <Package Folder>/databases/ut.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/1tuN7ewBpIVFKQ0nSx_MT3L_mA1666p6a2SXC2X8tcQ=.new
- <Package Folder>/files/####/59ppBl9_YzNIgN1p6hdIoF74lk7SiKts_R1PxQ==.new
- <Package Folder>/files/####/84a092ea-2ff7-4af1-aa43-d8f3c9ca87de.pic.temp
- <Package Folder>/files/####/B-06J5SI1x3U73zeVOIK77mDzw8WY7N2iDNDDg==.new
- <Package Folder>/files/####/DsOzVxcf1gpP6ANQt48GLcqIhjfTHd9kX9cPMoKzxII=.new
- <Package Folder>/files/####/Lh0k92IjoH30kIeArDYywKqA73XbY5G-.new
- <Package Folder>/files/####/MAdlkv-qDMoISZKub-w_inW76RiOyRHU.new
- <Package Folder>/files/####/Nja_43BIb2aNhaA-j73WYA==
- <Package Folder>/files/####/Nja_43BIb2aNhaA-j73WYA==.new
- <Package Folder>/files/####/Q4DedcXg8_cf07_HMe4IYSTERL4=
- <Package Folder>/files/####/Q4DedcXg8_cf07_HMe4IYSTERL4=.new
- <Package Folder>/files/####/S8ZTopHsDZJlOvPXUfN1HHMyNVE=.new
- <Package Folder>/files/####/Uk2Q2ihy7ve3xogkRPA2TQ==
- <Package Folder>/files/####/UsLIx15gBwz3TA9h68rg2UNCHcI=
- <Package Folder>/files/####/VTk-BTnf7Gc4-uqhQ3A0VIrpoPI=
- <Package Folder>/files/####/VTk-BTnf7Gc4-uqhQ3A0VIrpoPI=.new
- <Package Folder>/files/####/WLnmS0HZIdSj_dSmsNrsGawOzHnr2D_P.new
- <Package Folder>/files/####/YI3bR8Zm_lK_RMakuVJY9w==
- <Package Folder>/files/####/YI3bR8Zm_lK_RMakuVJY9w==.new
- <Package Folder>/files/####/_pYAS7PTQj_UAzozjpdeGPo2efI=
- <Package Folder>/files/####/a8df2067-9d93-4689-8949-bdee75f79aff.pic
- <Package Folder>/files/####/aaa0cb55-ecec-4dff-b8ac-cf689c1e3059.pic
- <Package Folder>/files/####/b3b0e160-5073-4a75-8314-90a9513a66be.pic.temp
- <Package Folder>/files/####/bSgJJF815o0u00autbC_Eg==
- <Package Folder>/files/####/bbd2f7d2-01b8-45a3-9910-91f9ca633061.pic.temp
- <Package Folder>/files/####/bj56Rcpc49ZxcrO_XsSqgg==
- <Package Folder>/files/####/bj56Rcpc49ZxcrO_XsSqgg==.new
- <Package Folder>/files/####/c1c7373e-f70f-4ab2-97fe-048fbbe14325.pic.temp
- <Package Folder>/files/####/common.min.css
- <Package Folder>/files/####/cuFmasS_kRJQ2pntUfgS7Ra4KjW8LbkA.new
- <Package Folder>/files/####/default-skin.css
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/f8846509-238b-415c-a7ea-27f432c784d2.pic.temp
- <Package Folder>/files/####/fc7ee934-a93e-4527-a7d9-23cbad3dbd61.pic.temp
- <Package Folder>/files/####/gANrjk-EERVKS0U8Gy_keJX6ZDHMPBzCjIq3-g==.new
- <Package Folder>/files/####/iUeraoXhxYjSKqSyYhI6u_MgI9PE-hP6
- <Package Folder>/files/####/iUeraoXhxYjSKqSyYhI6u_MgI9PE-hP6.new
- <Package Folder>/files/####/iUeraoXhxYjSKqSyYhI6u_MgI9PE-hP6.old (deleted)
- <Package Folder>/files/####/kWstHYksFwUyX-6cSjGQayWQ8QiUGODeZ8HUEtyCECs=.new
- <Package Folder>/files/####/kXYp3P9vZLnGSNux.new
- <Package Folder>/files/####/n5rIpf-3kXbax_M2mbcv6ylo0jaCVT8f.new
- <Package Folder>/files/####/nDQa-qfC2BBZFuumJPzC3ThqhBLDm5bCNLdY7Prn7KA=.new
- <Package Folder>/files/####/oDIhhHgYNaSwVzWD
- <Package Folder>/files/####/page.tmpl
- <Package Folder>/files/####/page_details.min.css
- <Package Folder>/files/####/page_details_v4.min.css
- <Package Folder>/files/####/photoswipe.css
- <Package Folder>/files/####/photoswipe.min.css
- <Package Folder>/files/####/rDm6IXmXoL1zHiNODp4lnkOtzfom_bDR.new
- <Package Folder>/files/####/runner_info.prop.new
- <Package Folder>/files/####/save_server_control_add_channel_name
- <Package Folder>/files/####/save_server_control_delete_channel_name
- <Package Folder>/files/####/save_server_control_hot_tpoic_channel_name
- <Package Folder>/files/####/sbGDbxSc11YGtPeQ.zip
- <Package Folder>/files/####/secondChannel
- <Package Folder>/files/####/server_vertical_channel
- <Package Folder>/files/####/serverchannel
- <Package Folder>/files/####/static.css
- <Package Folder>/files/####/static_day.css
- <Package Folder>/files/####/static_night.css
- <Package Folder>/files/####/toutiao
- <Package Folder>/files/####/tuyibw_f.zip
- <Package Folder>/files/####/zTIeSTcrUZAgW8dFJGdZb85y0KM=.new
- <Package Folder>/files/####/zyONAmd9MqF5Y9S5OAjzKoK3rV_4si_G.new
- <Package Folder>/files/.imprint
- <Package Folder>/files/ap.Lock
- <Package Folder>/files/appPackageNames
- <Package Folder>/files/btnClickLogSwitch
- <Package Folder>/files/exid.dat
- <Package Folder>/files/jpush_stat_cache.json
- <Package Folder>/files/jpush_stat_cache_history.json
- <Package Folder>/files/msg_queue
- <Package Folder>/files/rdata_commnvedasf.new
- <Package Folder>/files/subscribe_list
- <Package Folder>/files/timestamp
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/JPushSA_Config.xml
- <Package Folder>/shared_prefs/JPushSA_Config.xml.bak
- <Package Folder>/shared_prefs/ReadingPosition.xml
- <Package Folder>/shared_prefs/SettingPreference.xml
- <Package Folder>/shared_prefs/UTCommon.xml
- <Package Folder>/shared_prefs/cn.jpush.android.user.profile.xml
- <Package Folder>/shared_prefs/cn.jpush.android.user.profile.xml.bak
- <Package Folder>/shared_prefs/cn.jpush.android.user.profile.xml.bak (deleted)
- <Package Folder>/shared_prefs/cn.jpush.preferences.v2.xml
- <Package Folder>/shared_prefs/cn.jpush.preferences.v2.xml.bak
- <Package Folder>/shared_prefs/config.xml
- <Package Folder>/shared_prefs/disk_entries_list_image_cache_-386753287.xml
- <Package Folder>/shared_prefs/eastday.xml
- <Package Folder>/shared_prefs/eastnews.xml
- <Package Folder>/shared_prefs/eastnews.xml.bak
- <Package Folder>/shared_prefs/eastnews.xml.bak (deleted)
- <Package Folder>/shared_prefs/imei.xml
- <Package Folder>/shared_prefs/jpush_device_info.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/patch_server_config.xml
- <Package Folder>/shared_prefs/tb_session.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/tinker_server/324f4598888150ff_version.info
- <Package Folder>/tinker_server/version.lock
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.armsd/####/1f210152-2b61-4cd1-9032-466e47becf4c.res
- <SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- <SD-Card>/.armsd/####/750c46c4-a40e-41f1-a6d2-736bfaf86cae.res
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- <SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
- <SD-Card>/.armsd/####/a9c23882-ec92-4eeb-aadc-e294b00a291a.res
- <SD-Card>/.armsd/####/b0c3adbd-da0d-48e5-819a-ebc88ea56d05.res
- <SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
- <SD-Card>/.env/.uunique.new
- <SD-Card>/Android/####/2017-05-31_trace.log
- <SD-Card>/Android/####/channel_sync
- <SD-Card>/Android/####/icon_east.png
- <SD-Card>/Android/####/saved_user_delete_force_add_channel_name
- <SD-Card>/Debug/userlog.log
- <SD-Card>/data/.push_deviceid
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.songheng.eastnews/code-5696218/gE7D2wZCvldkqJxl -p com.songheng.eastnews -c com.mnve.dasf.vlmxbg.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <dexopt>
- sh <Package Folder>/code-5696218/gE7D2wZCvldkqJxl -p <Package> -c com.mnve.dasf.vlmxbg.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
