Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Загружает из Интернета следующие детектируемые угрозы:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- 2####.####.33
- 3####.####.com
- b####.####.cn
- d####.####.cn
- m####.####.com
- m####.####.com:8757
- s####.####.cn
- s####.####.com
Запросы HTTP GET:
- 2####.####.33/d.xiongjiong.com.cn/jarFile/SDKAutoUpdate/ber.jar?wsiphost...
- d####.####.cn/jarFile/SDKAutoUpdate/ber.jar
- m####.####.com/sdk.html
- s####.####.cn/bb_small/DhduwiaBa7ldic4a2MLy6C7U11tRSdz9RkWou7WKx3SbED1zW...
- s####.####.com/store_raw_download?buid=####&uuid=####
Запросы HTTP POST:
- 3####.####.com/BabyTingPicAudio/changwei/changwei_config.txt
- b####.####.cn/cw/interface!u2.action?protocol=####&version=####&cid=####
- m####.####.com:8757/sdk.html
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/shared_prefs/a.xml.bak
- <Package Folder>/shared_prefs/babyting_shared.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/11f0lz4pchifnf8rs4m4dn1bb
- <SD-Card>/Android/####/17ek1xswpn3n7lvj1k2u92oo4
- <SD-Card>/Android/####/1bx2mpcqq5s8uv1wvuz2cs9rx
- <SD-Card>/Android/####/1j3ovrq5v4ocjuq0cbxpo320o
- <SD-Card>/Android/####/1o3bttxnnejx6hagcbcb52b1t
- <SD-Card>/Android/####/1q377fl3fk1ptsay65qu26mj5
- <SD-Card>/Android/####/256xair7tnoq3gwvs6ciq80io
- <SD-Card>/Android/####/2c94iptfwfwtd5u1lsp67faue
- <SD-Card>/Android/####/2rnvmplw6z1fepp0qqwr0b05u
- <SD-Card>/Android/####/2unf0tritdcjieuifae2o24i1
- <SD-Card>/Android/####/2yam3appe82pj5ebhtsav93je
- <SD-Card>/Android/####/2zph6flzs8lwim0d9s4vjec8w
- <SD-Card>/Android/####/31iwfehgx1e57hh5n4pdiaxj3
- <SD-Card>/Android/####/36xric04cjd891ebhz21mqo0w
- <SD-Card>/Android/####/37nsmfs6vbrftgtv7jqt303z9
- <SD-Card>/Android/####/3bl9g14boflaxb9aonl40sidn
- <SD-Card>/Android/####/3yd0jnqmly4faaggnzgl96tmd
- <SD-Card>/Android/####/47t4dmo5kqh762631jnq3efib
- <SD-Card>/Android/####/48mfxex3x7bsunxlj48u0kqpx
- <SD-Card>/Android/####/4abyutf6qzf20lvb1sz74f8ir
- <SD-Card>/Android/####/4aqn92bh066oisidcl33tzwij
- <SD-Card>/Android/####/4by0lcqim0gsgo4mlueykqthz
- <SD-Card>/Android/####/4dfdhnkyef2ec3sk5no2535ho
- <SD-Card>/Android/####/4j4j1niog1ms6knxq1887n98x
- <SD-Card>/Android/####/4krifemqlhhlxxwuid9hjon6a
- <SD-Card>/Android/####/4lvc4ml1vlwibcy1089upfqio
- <SD-Card>/Android/####/4s4ropix7vvp54lnioxtjqnng
- <SD-Card>/Android/####/4ta77awqsf48py5fg6279z7ve
- <SD-Card>/Android/####/4u87zrun2hpzew6ujgbcu65l
- <SD-Card>/Android/####/50ouvblgvf77mugpn07o2h59j
- <SD-Card>/Android/####/51gwxytd7v74p3h98jy456e4v
- <SD-Card>/Android/####/51xb5i99tywkf0enh964guu34
- <SD-Card>/Android/####/5by0u8dghzubtxthu0afjxv9
- <SD-Card>/Android/####/5c6ava2px92n8eo1p3xp3dg5o
- <SD-Card>/Android/####/5dswy2dj9epv3d7g1ai0r7e95
- <SD-Card>/Android/####/5havtaugc6h98mws2t3g7fg48
- <SD-Card>/Android/####/5k0bkd1ed3rdo19y3ssmpe89
- <SD-Card>/Android/####/5oirzv720hlw7dblw64vqdx6v
- <SD-Card>/Android/####/5vpl9019yka4rlwir6kqpwvzw
- <SD-Card>/Android/####/5wkjdts81eirilemeei2v9432
- <SD-Card>/Android/####/60ea92clofv0yoc5pqsq3xe9r
- <SD-Card>/Android/####/63qak3bspmka35y9nj3yx5tyj
- <SD-Card>/Android/####/66m562vilperp8esnjmn98uzx
- <SD-Card>/Android/####/6iuflwig1t1hhohcgctzhx11q
- <SD-Card>/Android/####/6zelx5mwefcdwf5t4t3ejcv5w
- <SD-Card>/Android/####/705ow9gozby5l8ysxey4lpa8e
- <SD-Card>/Android/####/77n2tvrd20zc0slwb6s6tm2wc
- <SD-Card>/Android/####/7gfeu8cqjluy3tl6akulo9iof
- <SD-Card>/Android/####/84yg9zez889i26j2f17afmmk
- <SD-Card>/Android/####/aevpvozmv0qsjogcjstrlpns
- <SD-Card>/Android/####/awsrqgzojgkkwp3gk4tpfu4z
- <SD-Card>/Android/####/benxkq4t8bvluvv0k4a583cj
- <SD-Card>/Android/####/e73z2r0tn04dgjxy618gfnje
- <SD-Card>/Android/####/ejinag9gffzribrnp137qfb7
- <SD-Card>/Android/####/l4rvshmhkea02yg7ehf3jmms
- <SD-Card>/Android/####/lo5wgbshsbl12y4p76m99fbf
- <SD-Card>/Android/####/o7uev7dqvsbpq6u4rmt3pq2j
- <SD-Card>/Android/####/qg8w4c2axb4ry598qhyjdn1
- <SD-Card>/Android/####/sb4k7hw5pvk210hwmkkpeykp
- <SD-Card>/Download/####/4.7_ber.jar.tmp
- <SD-Card>/dt/restime.dat
- <SD-Card>/x.jar
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
