Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Mixi.16.origin
- Android.Mixi.21.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Mixi.16.origin
- Android.Mixi.21.origin
Сетевая активность:
Подключается к:
- 1####.####.225
- d####.####.com
- g####.####.com
- i####.####.cn
- m####.####.cn
- p####.####.com
- s####.####.com
- sysupg####.####.cn
Запросы HTTP GET:
- d####.####.com/api/game/getrescnt?package=####&app_id=####&channel_id=##...
- g####.####.com/cr/sv/getGoFile?name=####
- i####.####.cn/appstore/developer/icon/201706/201706141058081547957.webp
- m####.####.cn/appSelfUpgrade?nt=####&pkgName=####&model=####&e=####&sn2=...
- p####.####.com/2017-07-07_595f07b754332.jpeg/thumblist
- s####.####.com/cr/sdk/170417/goplaysdk_statistics_all_1704171.dat
- sysupg####.####.cn/checkapp/query?public_model=####&nt=####&model=####&s...
Запросы HTTP POST:
- 1####.####.225/dreport
Изменения в файловой системе:
Создает следующие файлы:
- /data/anr/traces.txt
- <Package Folder>/PreExcuModsInfo.txt
- <Package Folder>/ReadyHost.txt
- <Package Folder>/XmSmLockFile.txt
- <Package Folder>/app_file_dex/MasterControl.jar
- <Package Folder>/databases/RawDownloads.db-journal
- <Package Folder>/databases/hjdata.db-journal
- <Package Folder>/databases/itemInfo.db-journal
- <Package Folder>/databases/message.db-journal
- <Package Folder>/files/####/5xkno2<System Property>46
- <Package Folder>/files/####/<Package>12<System Property>2
- <Package Folder>/files/####/f001.gif
- <Package Folder>/files/####/f002.gif
- <Package Folder>/files/####/f003.gif
- <Package Folder>/files/####/f004.gif
- <Package Folder>/files/####/f005.gif
- <Package Folder>/files/####/f006.gif
- <Package Folder>/files/####/f007.gif
- <Package Folder>/files/####/f008.gif
- <Package Folder>/files/####/f009.gif
- <Package Folder>/files/####/f010.gif
- <Package Folder>/files/####/f011.gif
- <Package Folder>/files/####/f012.gif
- <Package Folder>/files/####/f013.gif
- <Package Folder>/files/####/f014.gif
- <Package Folder>/files/####/f015.gif
- <Package Folder>/files/####/f016.gif
- <Package Folder>/files/####/f017.gif
- <Package Folder>/files/####/f018.gif
- <Package Folder>/files/####/f019.gif
- <Package Folder>/files/####/f020.gif
- <Package Folder>/files/####/f021.gif
- <Package Folder>/files/####/f022.gif
- <Package Folder>/files/####/f023.gif
- <Package Folder>/files/####/f024.gif
- <Package Folder>/files/####/f025.gif
- <Package Folder>/files/####/f026.gif
- <Package Folder>/files/####/f027.gif
- <Package Folder>/files/####/f028.gif
- <Package Folder>/files/####/f029.gif
- <Package Folder>/files/####/f030.gif
- <Package Folder>/files/####/f031.gif
- <Package Folder>/files/####/f032.gif
- <Package Folder>/files/####/f033.gif
- <Package Folder>/files/####/f034.gif
- <Package Folder>/files/####/f035.gif
- <Package Folder>/files/####/f036.gif
- <Package Folder>/files/####/f037.gif
- <Package Folder>/files/####/f038.gif
- <Package Folder>/files/####/f039.gif
- <Package Folder>/files/####/f040.gif
- <Package Folder>/files/####/f041.gif
- <Package Folder>/files/####/f042.gif
- <Package Folder>/files/####/f043.gif
- <Package Folder>/files/####/f044.gif
- <Package Folder>/files/####/f045.gif
- <Package Folder>/files/####/f046.gif
- <Package Folder>/files/####/f047.gif
- <Package Folder>/files/####/f048.gif
- <Package Folder>/files/####/f049.gif
- <Package Folder>/files/####/f050.gif
- <Package Folder>/files/####/f051.gif
- <Package Folder>/files/####/f052.gif
- <Package Folder>/files/####/f053.gif
- <Package Folder>/files/####/f054.gif
- <Package Folder>/files/####/f055.gif
- <Package Folder>/files/####/f056.gif
- <Package Folder>/files/####/f057.gif
- <Package Folder>/files/####/f058.gif
- <Package Folder>/files/####/f059.gif
- <Package Folder>/files/####/f060.gif
- <Package Folder>/files/####/f061.gif
- <Package Folder>/files/####/f062.gif
- <Package Folder>/files/####/f063.gif
- <Package Folder>/files/####/f064.gif
- <Package Folder>/files/####/f065.gif
- <Package Folder>/files/####/f066.gif
- <Package Folder>/files/####/f067.gif
- <Package Folder>/files/####/f068.gif
- <Package Folder>/files/####/f069.gif
- <Package Folder>/files/####/f070.gif
- <Package Folder>/files/####/f071.gif
- <Package Folder>/files/####/f072.gif
- <Package Folder>/files/####/f073.gif
- <Package Folder>/files/####/f074.gif
- <Package Folder>/files/####/f075.gif
- <Package Folder>/files/####/f076.gif
- <Package Folder>/files/####/f077.gif
- <Package Folder>/files/####/f078.gif
- <Package Folder>/files/####/f079.gif
- <Package Folder>/files/####/f080.gif
- <Package Folder>/files/####/f081.gif
- <Package Folder>/files/####/f082.gif
- <Package Folder>/files/####/f083.gif
- <Package Folder>/files/####/f084.gif
- <Package Folder>/files/####/f085.gif
- <Package Folder>/files/####/f086.gif
- <Package Folder>/files/####/f087.gif
- <Package Folder>/files/####/f088.gif
- <Package Folder>/files/####/f089.gif
- <Package Folder>/files/####/f090.gif
- <Package Folder>/files/####/f091.gif
- <Package Folder>/files/####/f092.gif
- <Package Folder>/files/####/f093.gif
- <Package Folder>/files/####/f094.gif
- <Package Folder>/files/####/f095.gif
- <Package Folder>/files/####/f096.gif
- <Package Folder>/files/####/f097.gif
- <Package Folder>/files/####/f098.gif
- <Package Folder>/files/####/f099.gif
- <Package Folder>/files/####/f100.gif
- <Package Folder>/files/####/f101.gif
- <Package Folder>/files/####/f102.gif
- <Package Folder>/files/####/f103.gif
- <Package Folder>/files/####/f104.gif
- <Package Folder>/files/####/f105.gif
- <Package Folder>/files/####/face.xml
- <Package Folder>/files/####/p001.png
- <Package Folder>/files/####/p002.png
- <Package Folder>/files/####/p003.png
- <Package Folder>/files/####/p004.png
- <Package Folder>/files/####/p005.png
- <Package Folder>/files/####/p006.png
- <Package Folder>/files/####/p007.png
- <Package Folder>/files/####/p008.png
- <Package Folder>/files/####/p009.png
- <Package Folder>/files/####/p010.png
- <Package Folder>/files/####/p011.png
- <Package Folder>/files/####/p012.png
- <Package Folder>/files/####/p013.png
- <Package Folder>/files/####/p014.png
- <Package Folder>/files/####/p015.png
- <Package Folder>/files/####/p016.png
- <Package Folder>/files/####/p017.png
- <Package Folder>/files/####/p018.png
- <Package Folder>/files/####/p019.png
- <Package Folder>/files/####/p020.png
- <Package Folder>/files/####/p021.png
- <Package Folder>/files/####/p022.png
- <Package Folder>/files/####/p023.png
- <Package Folder>/files/####/p024.png
- <Package Folder>/files/####/p025.png
- <Package Folder>/files/####/p026.png
- <Package Folder>/files/####/p027.png
- <Package Folder>/files/####/p028.png
- <Package Folder>/files/####/p029.png
- <Package Folder>/files/####/p030.png
- <Package Folder>/files/####/p031.png
- <Package Folder>/files/####/p032.png
- <Package Folder>/files/####/p033.png
- <Package Folder>/files/####/p034.png
- <Package Folder>/files/####/p035.png
- <Package Folder>/files/####/p036.png
- <Package Folder>/files/####/p037.png
- <Package Folder>/files/####/p038.png
- <Package Folder>/files/####/p039.png
- <Package Folder>/files/####/p040.png
- <Package Folder>/files/####/p041.png
- <Package Folder>/files/####/p042.png
- <Package Folder>/files/####/p043.png
- <Package Folder>/files/####/p044.png
- <Package Folder>/files/####/p045.png
- <Package Folder>/files/####/p046.png
- <Package Folder>/files/####/p047.png
- <Package Folder>/files/####/p048.png
- <Package Folder>/files/####/p049.png
- <Package Folder>/files/####/p050.png
- <Package Folder>/files/####/p051.png
- <Package Folder>/files/####/p052.png
- <Package Folder>/files/####/p053.png
- <Package Folder>/files/####/p054.png
- <Package Folder>/files/####/p055.png
- <Package Folder>/files/####/p056.png
- <Package Folder>/files/####/p057.png
- <Package Folder>/files/####/p058.png
- <Package Folder>/files/####/p059.png
- <Package Folder>/files/####/p060.png
- <Package Folder>/files/####/p061.png
- <Package Folder>/files/####/p062.png
- <Package Folder>/files/####/p063.png
- <Package Folder>/files/####/p064.png
- <Package Folder>/files/####/p065.png
- <Package Folder>/files/####/p066.png
- <Package Folder>/files/####/p067.png
- <Package Folder>/files/####/p068.png
- <Package Folder>/files/####/p069.png
- <Package Folder>/files/####/p070.png
- <Package Folder>/files/####/p071.png
- <Package Folder>/files/####/p072.png
- <Package Folder>/files/####/p073.png
- <Package Folder>/files/####/p074.png
- <Package Folder>/files/####/p075.png
- <Package Folder>/files/####/p076.png
- <Package Folder>/files/####/p077.png
- <Package Folder>/files/####/p078.png
- <Package Folder>/files/####/p079.png
- <Package Folder>/files/####/p080.png
- <Package Folder>/files/####/p081.png
- <Package Folder>/files/####/p082.png
- <Package Folder>/files/####/p083.png
- <Package Folder>/files/####/p084.png
- <Package Folder>/files/####/p085.png
- <Package Folder>/files/####/p086.png
- <Package Folder>/files/####/p087.png
- <Package Folder>/files/####/p088.png
- <Package Folder>/files/####/p089.png
- <Package Folder>/files/####/p090.png
- <Package Folder>/files/####/p091.png
- <Package Folder>/files/####/p092.png
- <Package Folder>/files/####/p093.png
- <Package Folder>/files/####/p094.png
- <Package Folder>/files/####/p095.png
- <Package Folder>/files/####/p096.png
- <Package Folder>/files/####/p097.png
- <Package Folder>/files/####/p098.png
- <Package Folder>/files/####/p099.png
- <Package Folder>/files/####/p100.png
- <Package Folder>/files/####/p101.png
- <Package Folder>/files/####/p102.png
- <Package Folder>/files/####/p103.png
- <Package Folder>/files/####/p104.png
- <Package Folder>/files/####/p105.png
- <Package Folder>/files/1496217046391_V17041703Aj1so32.so
- <Package Folder>/files/<System Property>112.jar
- <Package Folder>/files/hftJcw46N.jar
- <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- <Package Folder>/shared_prefs/<Package>.load_data_num.xml
- <Package Folder>/shared_prefs/<Package>.new_version.xml
- <Package Folder>/shared_prefs/<Package>.xml
- <Package Folder>/shared_prefs/<Package>.xml.bak
- <Package Folder>/shared_prefs/<Package>_data_cache.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/com.vivo.push.xml
- <Package Folder>/shared_prefs/com.vivo.push_preferences.xml
- <Package Folder>/shared_prefs/hj_datasdk_settings.xml
- <Package Folder>/shared_prefs/hj_datasdk_settings.xml.bak
- <Package Folder>/shared_prefs/vivo_upgrade_prefs.xml
- <SD-Card>/.VivoGame/####/.nomedia
- <SD-Card>/.VivoGame/####/16d2c1p427mcyz6lcfm636505.0.tmp
- <SD-Card>/.VivoGame/####/1c0u2knzv8cfgkxi7duxt2ws3.0.tmp
- <SD-Card>/.VivoGame/####/2inha12gxn4sd4fumj8jbiji4.0.tmp
- <SD-Card>/.VivoGame/####/3500d8zgqedreawbz0884mvg8.0.tmp
- <SD-Card>/.VivoGame/####/3n86tsgmr0s4381wrjyuqx0fp.0.tmp
- <SD-Card>/.VivoGame/####/3ofggaf7pyj073q7ppxqgev0v.0.tmp
- <SD-Card>/.VivoGame/####/3qw36htlmfan5jfx775j1l9zs.0.tmp
- <SD-Card>/.VivoGame/####/3vqh58srnx5fhitcfb624rttu.0.tmp
- <SD-Card>/.VivoGame/####/493jhfe6l45eb4ijk9f7bdu6g.0
- <SD-Card>/.VivoGame/####/4a6fhlxwidjlfie4bpk5xonjy.0.tmp
- <SD-Card>/.VivoGame/####/4adrl7tneefd1xnfklk0jdh9o.0.tmp
- <SD-Card>/.VivoGame/####/4dggm75lcsrr3ymupdm18tvx4.0.tmp
- <SD-Card>/.VivoGame/####/4q8wyoovzn6zyv5cktdyb12p8.0.tmp
- <SD-Card>/.VivoGame/####/4vxja6l2be0l0l8s4nr1utj4f.0.tmp
- <SD-Card>/.VivoGame/####/519q34f19rl49rc48nc8o0hwm.0.tmp
- <SD-Card>/.VivoGame/####/52iw17ry4h3wjff47opu0r9rz.0.tmp
- <SD-Card>/.VivoGame/####/563732548.tmp
- <SD-Card>/.VivoGame/####/565e5xcfqcxejvg87s0aykl9p.0.tmp
- <SD-Card>/.VivoGame/####/5j3o4rvui4n356q4q5sfaoo0.0.tmp
- <SD-Card>/.VivoGame/####/5k2e4g361yij37ggy5e5ufbzf.0.tmp
- <SD-Card>/.VivoGame/####/630h44os49ri1mpubcnixw8zi.0.tmp
- <SD-Card>/.VivoGame/####/654zptrb6h9thqnetvy7xx6lc.0.tmp
- <SD-Card>/.VivoGame/####/6d1ca7brfjlil2n53q52ptx5u.0.tmp
- <SD-Card>/.VivoGame/####/6e9uunfhs8vxmmadhlpfpafl6.0.tmp
- <SD-Card>/.VivoGame/####/6ixn7mhn10hmwnjpxl6jb5sb3.0.tmp
- <SD-Card>/.VivoGame/####/6j9mwljnoot32fy7hrl0lv0qu.0.tmp
- <SD-Card>/.VivoGame/####/739p7jqtke8fr4u1zm4xm2d5r.0.tmp
- <SD-Card>/.VivoGame/####/7545p3mjnrhfc2sm31ztw2p24.0.tmp
- <SD-Card>/.VivoGame/####/78e6w6belvrbxx8ql8walmpcj.0.tmp
- <SD-Card>/.VivoGame/####/7g2ppvcv055dpd7ofkos8cuh6.0.tmp
- <SD-Card>/.VivoGame/####/8fk5wtiviuc2nk2ptqyywl8f.0.tmp
- <SD-Card>/.VivoGame/####/journal.tmp
- <SD-Card>/.VivoGame/####/kfrztra2cuoo1takg3gaonyq.0.tmp
- <SD-Card>/.VivoGame/####/koyltn1vni2fsfbma5zngept.0.tmp
- <SD-Card>/.VivoGame/####/nlkj16qwq8c0vlref26l2z9j.0.tmp
- <SD-Card>/.vivo/####/vivopush_1.0.0.db-journal
- <SD-Card>/huanju/####/config.properties
- <SD-Card>/huanju/.cuid
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.vivo.xkno/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/com.vivo.xkno/.syslib-
- <dexopt>
- chmod 0771 /data/data/com.vivo.xkno/.syslib-
- chmod 0771 <Package Folder>/.syslib-
- getenforce
- rm -f <Package Folder>/files/hftJcw46N.dex
- rm -f <Package Folder>/files/hftJcw46N.jar
- rm -f <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- rm <Package Folder>/files/hftJcw46N.dex
- rm <Package Folder>/files/hftJcw46N.jar
- rm <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/hftJcw46N.jar > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c rm <Package Folder>/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c rm <Package Folder>/files/hftJcw46N.jar > /dev/null 2>&1
- sh -c rm <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c rm -f <Package Folder>/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c rm -f <Package Folder>/files/hftJcw46N.jar > /dev/null 2>&1
- sh -c rm -f <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa <Package Folder>/.syslib-
