Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.DownLoader.589.origin
Сетевая активность:
Подключается к:
- a####.####.com
- c####.####.com
- c####.####.top
- o####.####.com
- p####.####.com
Запросы HTTP GET:
- c####.####.com/11999_ccover_026c5ed45f4eaa6e.jpg?imageVi####
- c####.####.top/upload/201704/26/img/20170426180253795.png
- c####.####.top/upload/201706/5/app/20170605115942974.apk
Запросы HTTP POST:
- a####.####.com/app_logs
- a####.####.com/conn
- a####.####.com/errconf
- o####.####.com/v2/check_config_update
- p####.####.com/epinfo
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/cache/V2.8.8.1.txt
- <Package Folder>/databases/ThrowalbeLog.db-journal
- <Package Folder>/databases/icomico_db-journal
- <Package Folder>/databases/sharesdk.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/.imprint
- <Package Folder>/files/ha.jar
- <Package Folder>/files/mobclick_agent_cached_<Package>596
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/files/wl.jar
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/AppStore.xml
- <Package Folder>/shared_prefs/AppStore.xml.bak
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/ICOMICO_PREFERENCE.xml
- <Package Folder>/shared_prefs/ICOMICO_PREFERENCE.xml.bak
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/kr.xml.bak
- <Package Folder>/shared_prefs/mob_sdk_exception_1.xml
- <Package Folder>/shared_prefs/mob_sdk_exception_1.xml.bak
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/share_sdk_1.xml
- <Package Folder>/shared_prefs/share_sdk_1.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak (deleted)
- <Package Folder>/shared_prefs/umeng_message_state.xml
- <Package Folder>/shared_prefs/vbz.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/11tehvsza9ccxm40ftagquiny.0.tmp
- <SD-Card>/Android/####/12vbfuc06p201p4utj4x2u93s.0.tmp
- <SD-Card>/Android/####/15pn2lhclm5fe78z1csrbwdk7.0.tmp
- <SD-Card>/Android/####/15pn2lhclm5fe78z1csrbwdk7.downtmp.downtmp
- <SD-Card>/Android/####/1dbo2pe7xwnh76zukyj42e0u9.0.tmp
- <SD-Card>/Android/####/1gkzmckj6ycq3o3m3uxq913a8.0.tmp
- <SD-Card>/Android/####/1h3mb6xpuxfeczmyvwafux861.0.tmp
- <SD-Card>/Android/####/1kwxsunn0r6qmsmx5wi0ih3n2.0
- <SD-Card>/Android/####/1uba65bawv4pmz4tnpcsay7b.0.tmp
- <SD-Card>/Android/####/1wvx9k6k4wa08dpjlnsi6f90g.0.tmp
- <SD-Card>/Android/####/1yuhqujh87isio2n5jpuq18za.0.tmp
- <SD-Card>/Android/####/1yuhqujh87isio2n5jpuq18za.downtmp.downtmp
- <SD-Card>/Android/####/20ijqxa9f3nt8lla53mj53cdm.0
- <SD-Card>/Android/####/21vo7ri8ead7aaqtxe200i39v.0.tmp
- <SD-Card>/Android/####/24oh34gn3zkg96lxe07vgy0g.0.tmp
- <SD-Card>/Android/####/29it4qvvnefxyd3etxep0mjhq.0.tmp
- <SD-Card>/Android/####/29it4qvvnefxyd3etxep0mjhq.downtmp.downtmp
- <SD-Card>/Android/####/2a10zzjs2vltdv65f0da4mvm3.0.tmp
- <SD-Card>/Android/####/2a10zzjs2vltdv65f0da4mvm3.downtmp.downtmp
- <SD-Card>/Android/####/2hard7yursxroqyy5l406aoo0.0.tmp
- <SD-Card>/Android/####/2hard7yursxroqyy5l406aoo0.downtmp.downtmp
- <SD-Card>/Android/####/2hvvl48an3hmib0jkvojj9zaj.0.tmp
- <SD-Card>/Android/####/2hvvl48an3hmib0jkvojj9zaj.downtmp.downtmp
- <SD-Card>/Android/####/2u2euw02c0fti4mshlc9htijo.0.tmp
- <SD-Card>/Android/####/2u2euw02c0fti4mshlc9htijo.downtmp.downtmp
- <SD-Card>/Android/####/3bwzvkh93rka1vxqbs4fk3j7r.0.tmp
- <SD-Card>/Android/####/3im3oj1wog076vh27ud2tn3k3.0.tmp
- <SD-Card>/Android/####/3im3oj1wog076vh27ud2tn3k3.downtmp.downtmp
- <SD-Card>/Android/####/3k7cskei54dpcyms6ploc74dv.0.tmp
- <SD-Card>/Android/####/3nq3anrga2ir3cud6x86o409t.0.tmp
- <SD-Card>/Android/####/3zk8jnhxlx8wvtnc3lwshtsp0.0.tmp
- <SD-Card>/Android/####/424967r4pljx5kia702xsnh90.0.tmp
- <SD-Card>/Android/####/424h1a5jj9wkddxzm463dcu3i.0.tmp
- <SD-Card>/Android/####/44bm7fhbmg6cnks5pvtqj9csw.0
- <SD-Card>/Android/####/44bm7fhbmg6cnks5pvtqj9csw.downtmp (deleted)
- <SD-Card>/Android/####/44bm7fhbmg6cnks5pvtqj9csw.downtmp.downtmp
- <SD-Card>/Android/####/44yq3lqizxju0jza02j027avu.0.tmp
- <SD-Card>/Android/####/47z4bw96npvsqu7qkewbkej6k.0.tmp
- <SD-Card>/Android/####/4aqzz9nnzi4zedknbdcl5smop.0.tmp
- <SD-Card>/Android/####/4aqzz9nnzi4zedknbdcl5smop.downtmp.downtmp
- <SD-Card>/Android/####/4fhrcbiayzvn5uydh34gwll8j.0.tmp
- <SD-Card>/Android/####/4fhrcbiayzvn5uydh34gwll8j.downtmp.downtmp
- <SD-Card>/Android/####/4mscy42ww0jqyn9f2fu7y29c9.0.tmp
- <SD-Card>/Android/####/4ngo5meq9r4w2sxuhgkkrtrtu.0.tmp
- <SD-Card>/Android/####/4qfd0eldghvgf1upimxxi4a0k.0.tmp
- <SD-Card>/Android/####/4tg0ypc0pfrkv6etnculscloe.0.tmp
- <SD-Card>/Android/####/4ve4sfqmp9xx10o0odobt6bw5.0.tmp
- <SD-Card>/Android/####/4wgoybv13v8x40jkg8us9shgc.0.tmp
- <SD-Card>/Android/####/4ybp3j464qvmd5zhea1dpubfr.0.tmp
- <SD-Card>/Android/####/4ybp3j464qvmd5zhea1dpubfr.downtmp.downtmp
- <SD-Card>/Android/####/51q41d7sputpt718bwc3v8q99.0.tmp
- <SD-Card>/Android/####/560gk0dl1xk5e8grnspiznfcr.0.tmp
- <SD-Card>/Android/####/560gk0dl1xk5e8grnspiznfcr.downtmp.downtmp
- <SD-Card>/Android/####/57t7qq9w5peino10p7rxpj0qg.0.tmp
- <SD-Card>/Android/####/58qbmiyqb2eoy1mhsoz6ezh55.0.tmp
- <SD-Card>/Android/####/5arzahzwnsj99jd7wfxfefvr1.0.tmp
- <SD-Card>/Android/####/5arzahzwnsj99jd7wfxfefvr1.downtmp.downtmp
- <SD-Card>/Android/####/5cqapjyez5x469jixpsysp2yg.0.tmp
- <SD-Card>/Android/####/5fx56wfqexhmxcncydrxijqje.0.tmp
- <SD-Card>/Android/####/5grzw8ljrfkl7i5zmvmo5tp08.0.tmp
- <SD-Card>/Android/####/5lxkjvzuwjoxiib8gzfhfhy7y.0.tmp
- <SD-Card>/Android/####/5lxoenifvr7m2x033pja0e1dm.0.tmp
- <SD-Card>/Android/####/5m8o3xs4pgxwkuyexwgipyzqj.0.tmp
- <SD-Card>/Android/####/5njvmagdf2env1msa4v7t8qfu.0
- <SD-Card>/Android/####/5o1jmqp7ssuste35cf21dcipm.0.tmp
- <SD-Card>/Android/####/5rxhxnzqwsn1l19uvhlx4i21l.0.tmp
- <SD-Card>/Android/####/5ssw2rwbdeepptq8ewjt9x5y7.0.tmp
- <SD-Card>/Android/####/5ssw2rwbdeepptq8ewjt9x5y7.downtmp.downtmp
- <SD-Card>/Android/####/5u6ov3zxn7u3yuhk1sb8mvb1g.0.tmp
- <SD-Card>/Android/####/5ztozpx7vyf1rdxg9bfehowhk.0.tmp
- <SD-Card>/Android/####/5zu3ln48sbvthjn6aq6ila2ql.0.tmp
- <SD-Card>/Android/####/620af6b667da3
- <SD-Card>/Android/####/66vwrhldh9t5eca0i10c1h0yb.0.tmp
- <SD-Card>/Android/####/6873e5erznfzowie5nzswl9xg.0.tmp
- <SD-Card>/Android/####/69n7297846p8inpx2elot9su8.0.tmp (deleted)
- <SD-Card>/Android/####/6dg8u2g4trwdw5d49wq3szdij.0.tmp
- <SD-Card>/Android/####/6er1pbyux3ds5leb7wv057c5u.0.tmp
- <SD-Card>/Android/####/6ksu5mg1neq0kb8rxbuklz9s4.0.tmp
- <SD-Card>/Android/####/6ksu5mg1neq0kb8rxbuklz9s4.downtmp.downtmp
- <SD-Card>/Android/####/6umz5102o6je9d4z6gc3jd4mq.0.tmp
- <SD-Card>/Android/####/6umz5102o6je9d4z6gc3jd4mq.downtmp.downtmp
- <SD-Card>/Android/####/6xlih54530ut2w0og65iupjgw.0.tmp
- <SD-Card>/Android/####/6xlih54530ut2w0og65iupjgw.downtmp.downtmp
- <SD-Card>/Android/####/6yeo9wsq55oks5z5es1vfompa.0.tmp
- <SD-Card>/Android/####/72r38vjc900geg02tk3u4xh9j.0.tmp
- <SD-Card>/Android/####/73hyl6l311ivxeptmpyid0v89.0.tmp
- <SD-Card>/Android/####/77xfavsttzh53ikolp7hyu99u.0.tmp
- <SD-Card>/Android/####/78d10be7831efbcd1e62a93023a126bc.apk
- <SD-Card>/Android/####/78kl1tpaqwbb7m5ofdoje7ba6.0.tmp
- <SD-Card>/Android/####/78kl1tpaqwbb7m5ofdoje7ba6.downtmp.downtmp
- <SD-Card>/Android/####/79sh9i9it9z6k84x8cco52pz5.0.tmp
- <SD-Card>/Android/####/79sh9i9it9z6k84x8cco52pz5.downtmp.downtmp
- <SD-Card>/Android/####/7a0webgjtpx94a7pgox3a4ixb.0.tmp
- <SD-Card>/Android/####/7f4e1382a0b0c0d4e15234f004f13971
- <SD-Card>/Android/####/7f4e1382a0b0c0d4e15234f004f13971.downtmp
- <SD-Card>/Android/####/7fgcuj3paipg5gtxjkyrq3ith.0.tmp
- <SD-Card>/Android/####/8d1aa86fb6d02d0a6fc3a5840cdae135.downtmp
- <SD-Card>/Android/####/9c14d31a5b67851082e189f39122139b.downtmp
- <SD-Card>/Android/####/a0a73f383405181707c17a31343799f6.downtmp
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/ec2d3d5f373a43b5d6b251e9968c4ac4.downtmp
- <SD-Card>/Android/####/gq88p6mpzswo6u5qsov1sce1.0.tmp
- <SD-Card>/Android/####/inmmbfcov0v7gwcke9rdfmxq.0.tmp
- <SD-Card>/Android/####/inmmbfcov0v7gwcke9rdfmxq.downtmp.downtmp
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Android/####/r1yxldc40o1ms7jwyxg2bkyj.0.tmp
- <SD-Card>/Android/####/r1yxldc40o1ms7jwyxg2bkyj.downtmp.downtmp
- <SD-Card>/Android/####/ti3hhxo126kxrfod88qs4b09.0.tmp
- <SD-Card>/Android/####/vnboibjujnh5pbb8ihcqiu7u.0.tmp
- <SD-Card>/Android/####/wqvrhh7ufx1ep5xgdbh0bctd.0.tmp
- <SD-Card>/Android/####/wqvrhh7ufx1ep5xgdbh0bctd.downtmp.downtmp
- <SD-Card>/ShareSDK/####/.lock
- <SD-Card>/ShareSDK/.ba
- <SD-Card>/ShareSDK/.dk
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
- chmod 755 /data/data/com.txj.anime.cartoon/.jiagu/libjiagu.so
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/78d10be7831efbcd1e62a93023a126bc.apk
- chmod 777 /storage/emulated/0/Android/data/com.txj.anime.cartoon/files/Download/Android/azb/78d10be7831efbcd1e62a93023a126bc.apk
Использует специальную библиотеку для скрытия исполняемого байткода.
