Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.MobiDash.1.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.MobiDash.1.origin
Сетевая активность:
Подключается к:
- i####.####.com
- im####.####.com
- r####.####.com
Запросы HTTP GET:
- i####.####.com/1.3/trackdownload?publisherId=####&productId=####&os=####...
- i####.####.com/InApp/resources/info_s.png
- im####.####.com/image/fetch/f_auto,q_80,w_84,h_84/http%3A%2F%2Flh3.googl...
- r####.####.com/1.3/gethtmlad?publisherId=####&productId=####&os=####&sdk...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_app_apk/ui.dat.jar
- <Package Folder>/app_outdex/ui.dat.dex (deleted)
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/index
- <Package Folder>/cache/-1046965711
- <Package Folder>/cache/-1050713937
- <Package Folder>/cache/-1098848888
- <Package Folder>/cache/-1147242271
- <Package Folder>/cache/-1223442597
- <Package Folder>/cache/-1243492292
- <Package Folder>/cache/-1471145549
- <Package Folder>/cache/-1507407806
- <Package Folder>/cache/-1558913047
- <Package Folder>/cache/-156744385
- <Package Folder>/cache/-1591057352
- <Package Folder>/cache/-1684992756
- <Package Folder>/cache/-1894194004
- <Package Folder>/cache/-1930694282
- <Package Folder>/cache/-2000648992
- <Package Folder>/cache/-2025216219
- <Package Folder>/cache/-224410372
- <Package Folder>/cache/-302467380
- <Package Folder>/cache/-317738405
- <Package Folder>/cache/-445671490
- <Package Folder>/cache/-456066902
- <Package Folder>/cache/-478963949
- <Package Folder>/cache/-567195415
- <Package Folder>/cache/-676964142
- <Package Folder>/cache/-695601689
- <Package Folder>/cache/-845193793
- <Package Folder>/cache/-861391249
- <Package Folder>/cache/-868815860
- <Package Folder>/cache/-936682504
- <Package Folder>/cache/1156888975
- <Package Folder>/cache/1248587908
- <Package Folder>/cache/1454620182
- <Package Folder>/cache/1478097699
- <Package Folder>/cache/1534272944
- <Package Folder>/cache/1541916729
- <Package Folder>/cache/1544296322
- <Package Folder>/cache/1547057220
- <Package Folder>/cache/1587922649
- <Package Folder>/cache/166830395
- <Package Folder>/cache/1683535382
- <Package Folder>/cache/1695073577
- <Package Folder>/cache/1698344559
- <Package Folder>/cache/1712032655
- <Package Folder>/cache/18262731
- <Package Folder>/cache/1948807874
- <Package Folder>/cache/1958451279
- <Package Folder>/cache/1975146123
- <Package Folder>/cache/2094107751
- <Package Folder>/cache/217702641
- <Package Folder>/cache/226711854
- <Package Folder>/cache/285500553
- <Package Folder>/cache/299475319
- <Package Folder>/cache/325967270
- <Package Folder>/cache/325967443
- <Package Folder>/cache/394871662
- <Package Folder>/cache/396063430
- <Package Folder>/cache/421734682
- <Package Folder>/cache/514648213
- <Package Folder>/cache/566159687
- <Package Folder>/cache/811167758
- <Package Folder>/cache/830182030
- <Package Folder>/cache/860368722
- <Package Folder>/cache/966424142
- <Package Folder>/code_cache/####/<Package>-1.apk.classes1743540823.zip
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/libsplash.png.so
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/apk_extractor_prefence.xml
- <Package Folder>/shared_prefs/com.startapp.android.publish.CookiePrefsFile.xml
- <Package Folder>/shared_prefs/com.startapp.android.publish.CookiePrefsFile.xml.bak
- <Package Folder>/shared_prefs/com.startapp.android.publish.xml
- <Package Folder>/shared_prefs/com.startapp.android.publish.xml.bak
- <Package Folder>/shared_prefs/multidex.version.xml
- <SD-Card>/ExtractedApks/Android System_4.3.1-eng.tmv.20170425.102645_18.apk
- <SD-Card>/ExtractedApks/Basic Daydreams_4.3.1-eng.tmv.20170524.141154_18.apk
- <SD-Card>/ExtractedApks/Black Hole_1.0_1.apk
- <SD-Card>/ExtractedApks/Search Applications Provider_4.3.1-eng.tmv.20170524.141154_18.apk
- <SD-Card>/ExtractedApks/Settings Storage_4.3.1-eng.tmv.20170524.141154_18.apk
- <SD-Card>/ExtractedApks/Settings_4.3.1-eng.tmv.20170524.141154_18.apk
- <SD-Card>/ExtractedApks/Simple message receiver_4.3.1-eng.tmv.20170524.141154_18.apk
- <SD-Card>/ExtractedApks/Speech Recorder_4.3.1-eng.tmv.20170524.141154_18.apk
- <SD-Card>/ExtractedApks/System UI_4.3.1-eng.tmv.20170524.141154_18.apk
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Использует права администратора.
