Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.433.origin
- Android.DownLoader.552.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Backdoor.433.origin
- Android.DownLoader.552.origin
Сетевая активность:
Подключается к:
- 7j####.####.com
- a####.####.com
- c####.####.com
- c-h####.####.com
- co####.####.com
- datacol####.####.com
- i####.####.com
- m####.####.com
- o####.####.com
- p####.####.com
- s####.####.com
- sdk-ope####.####.com
- t####.####.com
- trac####.####.cn
- u####.####.com
Запросы HTTP GET:
- 7j####.####.com/tdata_pxK929
- a####.####.com/v7/switch.php?type=####&app_channel=####&ckey=####
- c####.####.com/fipre/nC10UqQZ_zh_0.jpg
- c####.####.com/s?v####
- c####.####.com/title.png
- i####.####.com/cimg.png?pic=####&size=####&aid=####&name=####&desc=####&...
- m####.####.com/rtb?type=####&d=####&b=####&p=####&l=####&s=####&m=####&z...
- p####.####.com//lnk/desktop/create?appKey=####&channel=####&v=####
- p####.####.com/c/1496213107376
- p####.####.com/t016f589ecb1cdd37e5.jpg
- s####.####.com/config/bj-bjv4.conf
- t####.####.com/guidthv600.php?uuid=####&platform=####&channel=####&kerne...
- trac####.####.cn/s?type=####&r=####&tid=####&finfo=####&enup=####&mvid=#...
Запросы HTTP POST:
- a####.####.com/app_logs
- c-h####.####.com/api.php?format=####&t=####
- co####.####.com/config-server/v1/config/secure.cfg
- datacol####.####.com/api.php?type=####&duid=####&version=####
- i####.####.com/showad.asm
- o####.####.com/v2/get_update_time
- sdk-ope####.####.com/api.php?format=####&t=####
- t####.####.com/v7/dsp_stat.php
- u####.####.com/frontend/web/index.php?r=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/agencyss
- <Package Folder>/app_cache/res.png
- <Package Folder>/app_cache/res.zip
- <Package Folder>/app_yoqdqb/9B67192FFC9A7EF12BD155A19944B36D.jar
- <Package Folder>/cache/####/0a375cc050edac01d6c937cf22fbe3e835982161095b09ebcb17e9911012d7ca.0.tmp
- <Package Folder>/cache/####/0f25ea2550492d4de45e592742dfa7c21003c45f464d17e7e1afa33398e88b9b.0.tmp
- <Package Folder>/cache/####/12494329d8ca451877ccf37ee345d01e36cde53bef148b0c774be1a1751cfafb.0.tmp
- <Package Folder>/cache/####/1f92676eb6e91dfa1bdfadc58eb432139c1fea6c8dd68d99ec84949a182f6d67.0.tmp
- <Package Folder>/cache/####/22a570e2ee4aa2a6a6d4faf82bc5182eb9f2c0782d352ce8a60048c55b37df01.0.tmp
- <Package Folder>/cache/####/243f93d6598964e392d834ffccc954537d8044a99fa5fe1c1c7d1a97b5b9a561.0.tmp
- <Package Folder>/cache/####/2ba56c7da6b91d26fe535b304975bd0ab8edacf3248927ccc7cae2f7ca1b108d.0.tmp
- <Package Folder>/cache/####/31d7fbfa4ceaa91ae1c48dcd788d4d11e2cdc633fd238f87efe02dd448ee9bd9.0.tmp
- <Package Folder>/cache/####/356c93733b648fe93e13f4ec230d32d911e68ce56dbdce83db0241d5f5fc0240.0.tmp
- <Package Folder>/cache/####/3795efd0b29e95c81e15acacaedf13356e890eb1201fdc67374ffd597459898d.0.tmp
- <Package Folder>/cache/####/38e235ce88c38733ff1f0a652f1d3eb18cfa4887f074c66577f1fb3297b7c659.0.tmp
- <Package Folder>/cache/####/4f9869b8c6aadf5759bd4576b2902f5aa986f279af768b66e1d1b822c6205bb5.0.tmp
- <Package Folder>/cache/####/55324bd08aebed98c4f686ff3ddfb49163024d7d57bb47373550cb66b4b2b651.0.tmp
- <Package Folder>/cache/####/59ec773ff9fa8e213f39f3bd380000254432aac41046a470c390022cc17940de.0.tmp
- <Package Folder>/cache/####/7398d5ac5ab59832282412d78c1a0b3152af4410734f092bfd53f8d7adbe68c5.0.tmp
- <Package Folder>/cache/####/759aa7ff89a5efb79d4af5b861430a7c757cdcdf916969255fdbd96511ee11ae.0.tmp
- <Package Folder>/cache/####/88b086d505853d97689de6dee7554c6a4e0ab40bc205791548640e5f5d09e680.0.tmp
- <Package Folder>/cache/####/c87f0dfdb2d97de0c7c7740565532f2be72f63daae60454673ffddbd09d87c36.0.tmp
- <Package Folder>/cache/####/d3a98e8cdd00dd2caaf4a4af1a5e074f252d5c40d3731aa08c34a89ceeee7113.0.tmp
- <Package Folder>/cache/####/e11ae4295d3541599de72174ebd1160ef76d158793652a2c53f5f00e61c93edc.0.tmp
- <Package Folder>/cache/####/e624bd813b377c9a190bd59ac5289d8bb5ec6b35326213c33887fb4d46bd7cbd.0.tmp
- <Package Folder>/cache/####/fb29028c4560fe6d5cc121a6498d19166e5e9bcbde38a9795d31d075264510bc.0.tmp
- <Package Folder>/cache/####/fdc6932425bf1cd1553606b7b5ba35f261b8f9ae3cd38f3a8a5cbea08e196780.0.tmp
- <Package Folder>/cache/####/fdc82096cc22f381a26d9f2450d5b4800729cfffa9dfa142b02c5bb7a4cae197.0.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code_cache/####/<Package>-1.apk.classes-918004563.zip
- <Package Folder>/code_cache/####/<Package>-1.apk.classes1332785004.zip
- <Package Folder>/databases/ad_down_db-journal
- <Package Folder>/databases/campaign_db
- <Package Folder>/databases/campaign_db-journal
- <Package Folder>/databases/com.im_6.2.0.db-journal
- <Package Folder>/databases/download_db-journal
- <Package Folder>/databases/ghost_web_view.db-journal
- <Package Folder>/databases/google_app_measurement_local.db
- <Package Folder>/databases/google_app_measurement_local.db-journal
- <Package Folder>/databases/increment.db-journal
- <Package Folder>/databases/pushg.db-journal
- <Package Folder>/databases/pushsdk.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/zitiguanjia.db-journal
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/finalcore.jar
- <Package Folder>/files/####/flow_pack.apk
- <Package Folder>/files/.imprint
- <Package Folder>/files/INSTALLATION
- <Package Folder>/files/init.pid
- <Package Folder>/files/mobclick_agent_cached_<Package>374
- <Package Folder>/files/pid
- <Package Folder>/files/push.pid
- <Package Folder>/files/qhcgfl
- <Package Folder>/files/run.pid
- <Package Folder>/files/tdata_JsY425.jar
- <Package Folder>/files/tdata_JsY425.tmp
- <Package Folder>/files/tdata_NDe635.jar
- <Package Folder>/files/tdata_NDe635.tmp
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/DEVICE_UNIQ_FILE.xml
- <Package Folder>/shared_prefs/FontManager.xml
- <Package Folder>/shared_prefs/META_INFO.xml
- <Package Folder>/shared_prefs/META_INFO.xml.bak
- <Package Folder>/shared_prefs/SP_CACHE.xml
- <Package Folder>/shared_prefs/SP_CACHE.xml.bak
- <Package Folder>/shared_prefs/advisers.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml.bak
- <Package Folder>/shared_prefs/com.im.keyValueStore.aes_key_store.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.aes_key_store.xml.bak
- <Package Folder>/shared_prefs/com.im.keyValueStore.config_store.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.config_store.xml.bak
- <Package Folder>/shared_prefs/com.im.keyValueStore.sdk_version_store.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.sdk_version_store.xml.bak
- <Package Folder>/shared_prefs/com.im.keyValueStore.uid_store.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.uid_store.xml.bak
- <Package Folder>/shared_prefs/dcSharedPreferences.dat.xml
- <Package Folder>/shared_prefs/file_message.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/onlineconfig_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/policy.xml
- <Package Folder>/shared_prefs/policy.xml.bak
- <Package Folder>/shared_prefs/post_info.xml
- <Package Folder>/shared_prefs/rg_sp_cache.xml
- <Package Folder>/shared_prefs/rg_sp_cache.xml.bak
- <Package Folder>/shared_prefs/sdk_config.xml
- <Package Folder>/shared_prefs/sdk_config.xml.bak
- <Package Folder>/shared_prefs/startCount.xml
- <Package Folder>/shared_prefs/umeng_feedback_conversations.xml
- <Package Folder>/shared_prefs/umeng_feedback_user_info.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/.sfp/.sfp
- <SD-Card>/.testf
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/1496d616fb0b4875cdf07a560e700555.0.tmp
- <SD-Card>/Android/####/1496d616fb0b4875cdf07a560e700555.1.tmp
- <SD-Card>/Android/####/491d5fc9adc696954f337c69b0dbb140.0.tmp
- <SD-Card>/Android/####/491d5fc9adc696954f337c69b0dbb140.1.tmp
- <SD-Card>/Android/####/5cbdb61baa230c35fac8ea648c945806.0.tmp
- <SD-Card>/Android/####/5cbdb61baa230c35fac8ea648c945806.1.tmp
- <SD-Card>/Android/####/63472b88aaef4203927bc4d4faf6112d.0.tmp
- <SD-Card>/Android/####/63472b88aaef4203927bc4d4faf6112d.1.tmp
- <SD-Card>/Android/####/87d483d9b65a54479091ad23ca2640c7.0.tmp
- <SD-Card>/Android/####/87d483d9b65a54479091ad23ca2640c7.1.tmp
- <SD-Card>/Android/####/adv
- <SD-Card>/Android/####/config
- <SD-Card>/Android/####/deviceId
- <SD-Card>/Android/####/ecbe11c558b6cedfa1080b08bf53f568.0.tmp
- <SD-Card>/Android/####/ecbe11c558b6cedfa1080b08bf53f568.1.tmp
- <SD-Card>/Android/####/f64c178bc2c235a0a22759a47857013c.0.tmp
- <SD-Card>/Android/####/f64c178bc2c235a0a22759a47857013c.1.tmp
- <SD-Card>/Android/####/f8e44e8a48ba926cc4ab22aeeb29d271.0.tmp
- <SD-Card>/Android/####/f8e44e8a48ba926cc4ab22aeeb29d271.1.tmp
- <SD-Card>/Android/####/fcaf8612e2ed1295a90dceb7e66ebcbd.0.tmp
- <SD-Card>/Android/####/fcaf8612e2ed1295a90dceb7e66ebcbd.1.tmp
- <SD-Card>/Android/####/journal
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Android/####/master
- <SD-Card>/Android/####/master.lock
- <SD-Card>/Android/####/sys_install
- <SD-Card>/com.qisi.koala/####/1496213082554
- <SD-Card>/com.qisi.koala/####/1496213084860
- <SD-Card>/com.qisi.koala/meta_data.dat
- <SD-Card>/font/####/011f469bc937a69b5a098fe84ba9f26c.dat
- <SD-Card>/font/####/0d5614e10390787fc6b3d5fbc32b2d63.dat
- <SD-Card>/font/####/1758a39d79e8832d0ee12b9aff412979.dat
- <SD-Card>/font/####/1972fef3059e205b55cf5260390571a7.dat
- <SD-Card>/font/####/30227b8a369dcf725bd3cfd61ebddfc8.dat
- <SD-Card>/font/####/3644a52316956a834581c8aa1ad34c33.dat
- <SD-Card>/font/####/3d792973cafe7bcc4224d170a8186d0f.dat
- <SD-Card>/font/####/444bed885fadfe35fc81bfab5292e0bf.dat
- <SD-Card>/font/####/5d9b942e7116eb00612b0e1fab04c2b8.dat
- <SD-Card>/font/####/5eec735503618662cfe05df457766383.dat
- <SD-Card>/font/####/80373562e889cbf5388bc1b6b93027e8.dat
- <SD-Card>/font/####/933690d464343ca3ced0d00af0440831.dat
- <SD-Card>/font/####/DroidNaskh-Regular.ttf
- <SD-Card>/font/####/DroidNaskhUI-Regular.ttf
- <SD-Card>/font/####/DroidSans-Bold.ttf
- <SD-Card>/font/####/DroidSans.ttf
- <SD-Card>/font/####/DroidSansFallback.ttf
- <SD-Card>/font/####/DroidSansMono.ttf
- <SD-Card>/font/####/MTLmr3m.ttf
- <SD-Card>/font/####/Roboto-BoldItalic.ttf
- <SD-Card>/font/####/Roboto-Light.ttf
- <SD-Card>/font/####/Roboto-Regular.ttf
- <SD-Card>/font/####/RobotoCondensed-Regular.ttf
- <SD-Card>/font/####/a2fa8d5caa4eb41961ea28e8fd253a23.dat
- <SD-Card>/font/####/be73f47bd404d560d51a97214983fcc9.dat
- <SD-Card>/font/####/bee537f2952893ff512c8c19fb64d10c.dat
- <SD-Card>/font/####/d38cec029757310434e2dd852ac1510c.dat
- <SD-Card>/font/####/db2031babf565dd9570a07338186698e.dat
- <SD-Card>/font/####/db2706b655e18d79fe3cace09a4bde1c.dat
- <SD-Card>/font/####/edeaccce4c781a9e2da81ccc78f63b22.dat
- <SD-Card>/font/####/f2120d99157f500905955bb9ed253f5d.dat
- <SD-Card>/font/####/f7fb77c815cf3bff01e46100d745bb1a.dat
- <SD-Card>/libs/<Package>.db
- <SD-Card>/libs/app.db
- <SD-Card>/libs/com.igexin.sdk.deviceId.db
- <SD-Card>/system/####/tdata_JsY425
- <SD-Card>/system/####/tdata_NDe635
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- <Package Folder>/agencyss <Package>/open.lib.supplies.daemon.ProtectService
- <dexopt>
- <su-internal:request>
- <su-internal:result>
- app_process /system/bin com.android.commands.am.Am startservice --user 0 -n <Package>/open.lib.supplies.daemon.ProtectService
- cat /sys/class/net/wlan0/address
- chmod 777 <Package Folder>/agencyss
- dd if=<Package Folder>/lib/libnativeservices.so of=<Package Folder>/agencyss
- getprop
- getprop ro.vivo.os.name
- sh
- su
Использует повышенные привилегии.
