Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.HiddenAds.125.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.HiddenAds.125.origin
Сетевая активность:
Подключается к:
- a####.####.com
- a####.####.org
- admobim####.com
- b####.####.com
- busi####.####.com
- c####.####.com
- co####.####.com
- d####.####.com
- ex####.####.com
- f####.####.com
- face####.com
- g####.####.net
- j####.####.com
- m####.####.com
- mmmmmm####.com
- n####.####.com
- p####.####.com
- pag####.####.com
- pl####.####.com
- r####.####.com
- real####.####.org
- s####.####.cn
- s####.####.com
- serv####.####.com
- st####.####.ly
- t####.####.info
- technol####.####.uk
- u####.####.com
Запросы HTTP GET:
- a####.####.com/index.php?r=####&al=####&l=####&p=####&hp=####&lc=####&sd...
- a####.####.org/rule?platform=####&os_version=####&package_name=####&app_...
- b####.####.com/beacon.js
- c####.####.com/i.js
- c####.####.com/postback/getOfferjurl?info=####&adc=####&retry=####
- co####.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&vendor=###...
- d####.####.com/M00/01/AB/CvJKDllHcqqAOjPYAAVgw7HaWPk396.zip
- ex####.####.com/p?s=####&t=####&_ex=####&_ts=####&_ms=####&_os=####&_osv...
- f####.####.com/css?family=####&ver=####
- f####.####.com/feedback/notify?model=####&signmd5=####&op=####&vendor=##...
- f####.####.com/proc.php?5ddb902####
- f####.####.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJTdGNerWpg2Hn6A-BxWgZ...
- face####.com/plugins/likebox.php?href=####&w####&height=####&colorscheme...
- g####.####.net//prod/upload/adunion/images/09b/244_244_924ca399d16b0d1c....
- j####.####.com/t/e/technologycraze.net.105160.js?t=####
- m####.####.com/mghtml/framehtml/c/t/e/technologycraze.net.105160.html
- n####.####.com/get?model=####&signmd5=####&op=####&vendor=####&locale=##...
- pag####.####.com/pagead/js/r20170626/r20170110/show_ads_impl.js
- real####.####.org/realtime?platform=####&os_version=####&package_name=##...
- s####.####.cn/apks/icon/icon_
- s####.####.com/public/uploads/dsp-files/apk/98f33ae32a463019366985af133b...
- serv####.####.com/105160/1?w=####&h=####&cols=####&pv=####&cbuster=####&...
- st####.####.ly/themes/metronic3/assets/frontend/site/index/prod/20151027...
- t####.####.info/click?_type=####&sdk_redir=####&campid=####&sub_channel=...
- technol####.####.uk/mobile/<System Property>/<System Property>-galaxy-8-...
- u####.####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&prod...
Запросы HTTP POST:
- a####.####.com/detail/getOfferListNew?enc=####
- admobim####.com/surl/api2_reg.action
- busi####.####.com/business/request
- mmmmmm####.com/osp/oaen_reg.action
- p####.####.com/api/data?token=####&tk=####&sv=####
- pl####.####.com/ad_dex.php
- r####.####.com/business/active
- r####.####.com/orts/rpb?h=####&w=####&model=####&vendor=####&sdk=####&dp...
- s####.####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.mbj/####/classes.zip
- <Package Folder>/cache/####/1cfb8a8772b2a4c097386e6700ea23ae.0
- <Package Folder>/cache/####/1cfb8a8772b2a4c097386e6700ea23ae.1.tmp
- <Package Folder>/cache/####/3ecc611cf658958e5631b95006c1bb0b.0
- <Package Folder>/cache/####/3ecc611cf658958e5631b95006c1bb0b.1
- <Package Folder>/cache/####/481b57b01897e7e826b2af669193f0f7.0.tmp
- <Package Folder>/cache/####/481b57b01897e7e826b2af669193f0f7.1.tmp
- <Package Folder>/cache/####/5562d68ea04c87b846febd3bf29971ab.0.tmp
- <Package Folder>/cache/####/5562d68ea04c87b846febd3bf29971ab.1.tmp
- <Package Folder>/cache/####/5b4f161a326ecedcb29de656d40207cf.0.tmp
- <Package Folder>/cache/####/5b4f161a326ecedcb29de656d40207cf.1
- <Package Folder>/cache/####/8a59b23c5b5a87f2fb37689c8afb6501.0
- <Package Folder>/cache/####/8a59b23c5b5a87f2fb37689c8afb6501.1
- <Package Folder>/cache/####/8dfe0cb4572efedd70f3851fd4aec336.0
- <Package Folder>/cache/####/8dfe0cb4572efedd70f3851fd4aec336.1
- <Package Folder>/cache/####/935a4974da7afbc14436e5b89daab029.0
- <Package Folder>/cache/####/935a4974da7afbc14436e5b89daab029.1
- <Package Folder>/cache/####/ae331a6c7da123fc015be7a631aacce9.0.tmp
- <Package Folder>/cache/####/ae331a6c7da123fc015be7a631aacce9.1.tmp
- <Package Folder>/cache/####/b58b6f28ce14de440d36ed3ef88558af.0
- <Package Folder>/cache/####/be043966b932831258e8a47037c277d1.0.tmp
- <Package Folder>/cache/####/be043966b932831258e8a47037c277d1.1.tmp (deleted)
- <Package Folder>/cache/####/c9a9d78b6ab9a486fc4493698d9c4657.0.tmp
- <Package Folder>/cache/####/c9a9d78b6ab9a486fc4493698d9c4657.1.tmp
- <Package Folder>/cache/####/cdc89d3d15d98074bae4cc426422f305.0
- <Package Folder>/cache/####/cdc89d3d15d98074bae4cc426422f305.1
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e9e72142f3117519189e8047e12b3e68.0
- <Package Folder>/cache/####/e9e72142f3117519189e8047e12b3e68.1
- <Package Folder>/cache/####/ec5d4bdf825e09b5a35580bd0b235d50.0
- <Package Folder>/cache/####/ec5d4bdf825e09b5a35580bd0b235d50.1
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/adblib.db-journal
- <Package Folder>/databases/appPackageName.db
- <Package Folder>/databases/appPackageName.db-journal
- <Package Folder>/databases/arrkii.asa.sdk.db-journal
- <Package Folder>/databases/batterycurve.db-journal
- <Package Folder>/databases/d-journal
- <Package Folder>/databases/dufamily_cache.db-journal
- <Package Folder>/databases/duresultcard_image.db-journal
- <Package Folder>/databases/duscene_mobula.db-journal
- <Package Folder>/databases/dx_chargings.db-journal
- <Package Folder>/databases/emergency.sp-journal
- <Package Folder>/databases/i-journal
- <Package Folder>/databases/integral.db-journal
- <Package Folder>/databases/my.db
- <Package Folder>/databases/my.db-journal
- <Package Folder>/databases/notify_items.sp-journal
- <Package Folder>/databases/scenery_app_info-journal
- <Package Folder>/databases/scenery_games_from_server.db-journal
- <Package Folder>/databases/scenery_games_name.db-journal
- <Package Folder>/databases/sk
- <Package Folder>/databases/sk-journal
- <Package Folder>/databases/toolbox.db-journal
- <Package Folder>/databases/toolbox_cache.db-journal
- <Package Folder>/databases/toolbox_ts.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/databases/z
- <Package Folder>/databases/z-journal
- <Package Folder>/files/####/1496217036435
- <Package Folder>/files/####/1496217036435_log
- <Package Folder>/files/####/3ecc611cf658958e5631b95006c1bb0b.0
- <Package Folder>/files/####/498f45a54c71f16813804dfa8794492e.0
- <Package Folder>/files/####/935a4974da7afbc14436e5b89daab029.0
- <Package Folder>/files/####/cdc89d3d15d98074bae4cc426422f305.0.tmp
- <Package Folder>/files/####/e9e72142f3117519189e8047e12b3e68.0
- <Package Folder>/files/####/ec5d4bdf825e09b5a35580bd0b235d50.0
- <Package Folder>/files/####/journal
- <Package Folder>/files/####/journal (deleted)
- <Package Folder>/files/AppEventsLogger.persistedsessioninfo
- <Package Folder>/files/google.db
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_shell_dlsdk_reflux_global.xml
- <Package Folder>/shared_prefs/<Package>_shell_scenerydispatcher_global.xml
- <Package Folder>/shared_prefs/<Package>_shell_scenerydispatcher_global.xml.bak
- <Package Folder>/shared_prefs/<Package>_shell_scenerydispatcher_private.xml
- <Package Folder>/shared_prefs/<Package>_shell_scenerydispatcher_private.xml.bak
- <Package Folder>/shared_prefs/<Package>_sp_file_grid.xml
- <Package Folder>/shared_prefs/<Package>_sp_file_grid.xml.bak
- <Package Folder>/shared_prefs/<Package>_sp_file_scenery_global.xml
- <Package Folder>/shared_prefs/<Package>_sp_file_scenery_global.xml.bak
- <Package Folder>/shared_prefs/<Package>_sp_file_scenery_private.xml
- <Package Folder>/shared_prefs/<Package>_sp_file_scenery_private.xml.bak
- <Package Folder>/shared_prefs/ActivatePreUtil.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml.bak
- <Package Folder>/shared_prefs/AppWhiteList.xml
- <Package Folder>/shared_prefs/ChargingConfig.xml
- <Package Folder>/shared_prefs/CloudConfig.xml
- <Package Folder>/shared_prefs/DianxinDXB.xml
- <Package Folder>/shared_prefs/DuSwipeSharedPref.xml
- <Package Folder>/shared_prefs/DuSwipeSharedPref.xml.bak
- <Package Folder>/shared_prefs/FBAdPrefs.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml
- <Package Folder>/shared_prefs/RootRequestTimeRecord.xml
- <Package Folder>/shared_prefs/SDKIDFA.xml
- <Package Folder>/shared_prefs/SettingsConfig.xml
- <Package Folder>/shared_prefs/TryTimeRecord.xml
- <Package Folder>/shared_prefs/_common_toolbox_coin_config.xml
- <Package Folder>/shared_prefs/_duf_prefs.xml
- <Package Folder>/shared_prefs/_duf_prefs.xml.bak
- <Package Folder>/shared_prefs/_duscene_module_prefs.xml
- <Package Folder>/shared_prefs/_search_prefs.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml.bak
- <Package Folder>/shared_prefs/ad_count_limit.xml
- <Package Folder>/shared_prefs/ad_count_limit.xml.bak
- <Package Folder>/shared_prefs/ak.salvia.sdk.xml
- <Package Folder>/shared_prefs/ak.salvia.sdk.xml.bak
- <Package Folder>/shared_prefs/app_actions.xml
- <Package Folder>/shared_prefs/app_lock_global_config.xml
- <Package Folder>/shared_prefs/app_lock_global_config.xml.bak
- <Package Folder>/shared_prefs/app_lock_global_config.xml.bak (deleted)
- <Package Folder>/shared_prefs/app_urgentnotice.xml
- <Package Folder>/shared_prefs/appsflyer-data.xml
- <Package Folder>/shared_prefs/appsflyer-data.xml.bak
- <Package Folder>/shared_prefs/aps.xml
- <Package Folder>/shared_prefs/aps.xml.bak
- <Package Folder>/shared_prefs/apsad.xml
- <Package Folder>/shared_prefs/apsad.xml.bak
- <Package Folder>/shared_prefs/apscomm.xml
- <Package Folder>/shared_prefs/apsol.xml
- <Package Folder>/shared_prefs/apspri.xml
- <Package Folder>/shared_prefs/battery_global_configs_sp.xml
- <Package Folder>/shared_prefs/battery_global_configs_sp.xml.bak
- <Package Folder>/shared_prefs/bt_sp.xml
- <Package Folder>/shared_prefs/charging_configs_sp.xml
- <Package Folder>/shared_prefs/charging_configs_sp.xml.bak
- <Package Folder>/shared_prefs/charging_configs_sp.xml.bak (deleted)
- <Package Folder>/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
- <Package Folder>/shared_prefs/com.facebook.internal.preferences.APP_SETTINGS.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.attributionTracking.xml
- <Package Folder>/shared_prefs/d.xml
- <Package Folder>/shared_prefs/device_info.xml
- <Package Folder>/shared_prefs/front_scene.xml
- <Package Folder>/shared_prefs/global_config.xml
- <Package Folder>/shared_prefs/global_config.xml.bak
- <Package Folder>/shared_prefs/h.xml
- <Package Folder>/shared_prefs/hunter_config.xml
- <Package Folder>/shared_prefs/i.xml
- <Package Folder>/shared_prefs/landing_page_data.xml
- <Package Folder>/shared_prefs/landing_page_data.xml.bak
- <Package Folder>/shared_prefs/lazy_global_config.xml
- <Package Folder>/shared_prefs/ls_sp_date.xml
- <Package Folder>/shared_prefs/ls_sp_date.xml.bak
- <Package Folder>/shared_prefs/mode_settings.xml
- <Package Folder>/shared_prefs/mode_settings.xml.bak
- <Package Folder>/shared_prefs/mode_settings.xml.bak (deleted)
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/other_config.xml
- <Package Folder>/shared_prefs/performace_monitor.xml
- <Package Folder>/shared_prefs/rrpolicy.xml
- <Package Folder>/shared_prefs/rrpolicy.xml.bak
- <Package Folder>/shared_prefs/rt.xml
- <Package Folder>/shared_prefs/sdk_(unknown)_pref.xml
- <Package Folder>/shared_prefs/sdk_gmk_sp.xml
- <Package Folder>/shared_prefs/sdk_gmk_sp.xml.bak
- <Package Folder>/shared_prefs/service_config.xml
- <Package Folder>/shared_prefs/service_config.xml.bak
- <Package Folder>/shared_prefs/smart_settings.xml
- <Package Folder>/shared_prefs/sp_config.xml
- <Package Folder>/shared_prefs/sp_config.xml.bak
- <Package Folder>/shared_prefs/sp_file_card_private.xml
- <Package Folder>/shared_prefs/t_ini.xml
- <Package Folder>/shared_prefs/t_ini.xml.bak
- <Package Folder>/shared_prefs/time_strategy.xml
- <Package Folder>/shared_prefs/time_strategy.xml.bak
- <Package Folder>/shared_prefs/utils.xml
- <Package Folder>/shared_prefs/widget_config.xml
- <SD-Card>/.adslib/com.google.onlinesvideo@10.apk
- <SD-Card>/.androidsystem/####/49.x-3.0.1.apk
- <SD-Card>/.androidsystem/####/PlugShareData
- <SD-Card>/.androidsystem/####/files.db
- <SD-Card>/.androidsystem/####/gads.db
- <SD-Card>/.androidsystem/####/plugxml.xml
- <SD-Card>/.androidsystem/####/syncfiles.db
- <SD-Card>/.androidsystem/776dde5de3494d8488d3bf598d67d1b0.jpg
- <SD-Card>/.androidsystem/Plugin.zip
- <SD-Card>/.userReturn
- <SD-Card>/LogN/####/sp
- <SD-Card>/baidu/####/journal.tmp
- <SD-Card>/baidu/.cuid
- <SD-Card>/dianxin/####/8e2f88e5a3482af6fd2eb12ac25917e2.0
- <SD-Card>/dianxin/####/journal
- <SD-Card>/dianxin/####/journal.tmp
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/meminfo
- /system/bin/cat /sys/block/mmcblk0/device/cid
- /system/bin/cat /sys/block/mmcblk1/device/cid
- /system/bin/cat /sys/block/mmcblk2/device/cid
- /system/bin/cat /sys/block/mmcblk3/device/cid
- <dexopt>
