Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Загружает из Интернета следующие детектируемые угрозы:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- 2####.####.31
- a####.####.com
- c####.####.com
- d####.####.cn
- o####.####.com
- r####.####.cn
Запросы HTTP GET:
- 2####.####.31/d.xiongjiong.com.cn/jarFile/SDKAutoUpdate/gou.jar?wsiphost...
- d####.####.cn/jarFile/SDKAutoUpdate/gou.jar
Запросы HTTP POST:
- a####.####.com/app_logs
- c####.####.com/ad/splash/stats.html
- o####.####.com/check_config_update
- r####.####.cn/k1?requestId=####&g=####&ua=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/databases/exercises_data.db
- <Package Folder>/databases/exercises_data.db-journal
- <Package Folder>/databases/fitness_nutrition_db.db
- <Package Folder>/databases/jianshen.db
- <Package Folder>/databases/news_data.db
- <Package Folder>/databases/routine_data_new.db
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/mobclick_agent_sealed_<Package>
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/movie/aaa1.mp4
- <Package Folder>/movie/aaa2.mp4
- <Package Folder>/movie/aaa22.mp4
- <Package Folder>/movie/aaa3.mp4
- <Package Folder>/movie/aab1.mp4
- <Package Folder>/movie/aab2.mp4
- <Package Folder>/movie/aab3.mp4
- <Package Folder>/movie/aac1.mp4
- <Package Folder>/movie/aac2.mp4
- <Package Folder>/movie/aac3.mp4
- <Package Folder>/movie/aad1.mp4
- <Package Folder>/movie/aba1.mp4
- <Package Folder>/movie/aba2.mp4
- <Package Folder>/movie/aba3.mp4
- <Package Folder>/movie/abb1.mp4
- <Package Folder>/movie/abb2.mp4
- <Package Folder>/movie/abc1.mp4
- <Package Folder>/movie/abc2.mp4
- <Package Folder>/movie/abc3.mp4
- <Package Folder>/movie/abd1.mp4
- <Package Folder>/movie/aca1.mp4
- <Package Folder>/movie/aca2.mp4
- <Package Folder>/movie/aca3.mp4
- <Package Folder>/movie/acc1.mp4
- <Package Folder>/movie/acc2.mp4
- <Package Folder>/movie/acc3.mp4
- <Package Folder>/movie/acd1.mp4
- <Package Folder>/movie/baa1.mp4
- <Package Folder>/movie/baa2.mp4
- <Package Folder>/movie/baa3.mp4
- <Package Folder>/movie/baa4.mp4
- <Package Folder>/movie/bab1.mp4
- <Package Folder>/movie/bab2.mp4
- <Package Folder>/movie/bab3.mp4
- <Package Folder>/movie/bac1.mp4
- <Package Folder>/movie/bac2.mp4
- <Package Folder>/movie/bac3.mp4
- <Package Folder>/movie/caa1.mp4
- <Package Folder>/movie/caa2.mp4
- <Package Folder>/movie/caa3.mp4
- <Package Folder>/movie/caa4.mp4
- <Package Folder>/movie/caa5.mp4
- <Package Folder>/movie/cab1.mp4
- <Package Folder>/movie/cab2.mp4
- <Package Folder>/movie/cab3.mp4
- <Package Folder>/movie/cac1.mp4
- <Package Folder>/movie/cac2.mp4
- <Package Folder>/movie/cac3.mp4
- <Package Folder>/movie/cba1.mp4
- <Package Folder>/movie/cba2.mp4
- <Package Folder>/movie/cba3.mp4
- <Package Folder>/movie/cbb1.mp4
- <Package Folder>/movie/cbb2.mp4
- <Package Folder>/movie/cbb3.mp4
- <Package Folder>/movie/cbc1.mp4
- <Package Folder>/movie/cbc2.mp4
- <Package Folder>/movie/cbc3.mp4
- <Package Folder>/movie/cbd1.mp4
- <Package Folder>/movie/cbd2.mp4
- <Package Folder>/movie/cbe1.mp4
- <Package Folder>/movie/cbe2.mp4
- <Package Folder>/movie/daa1.mp4
- <Package Folder>/movie/daa2.mp4
- <Package Folder>/movie/daa3.mp4
- <Package Folder>/movie/dab1.mp4
- <Package Folder>/movie/dab2.mp4
- <Package Folder>/movie/dab3.mp4
- <Package Folder>/movie/dac1.mp4
- <Package Folder>/movie/dac2.mp4
- <Package Folder>/movie/dac3.mp4
- <Package Folder>/movie/dad1.mp4
- <Package Folder>/movie/dad2.mp4
- <Package Folder>/movie/dad3.mp4
- <Package Folder>/movie/dba1.mp4
- <Package Folder>/movie/dba2.mp4
- <Package Folder>/movie/dbb1.mp4
- <Package Folder>/movie/dbc1.mp4
- <Package Folder>/movie/dbc2.mp4
- <Package Folder>/movie/dbc3.mp4
- <Package Folder>/movie/dbd1.mp4
- <Package Folder>/movie/dbd2.mp4
- <Package Folder>/movie/dca1.mp4
- <Package Folder>/movie/dca2.mp4
- <Package Folder>/movie/dca3.mp4
- <Package Folder>/movie/dcc1.mp4
- <Package Folder>/movie/eaa1.mp4
- <Package Folder>/movie/eaa2.mp4
- <Package Folder>/movie/eaa3.mp4
- <Package Folder>/movie/eab1.mp4
- <Package Folder>/movie/eab2.mp4
- <Package Folder>/movie/eac1.mp4
- <Package Folder>/movie/eac2.mp4
- <Package Folder>/movie/eac3.mp4
- <Package Folder>/movie/ead1.mp4
- <Package Folder>/movie/ead2.mp4
- <Package Folder>/movie/eae1.mp4
- <Package Folder>/movie/eae2.mp4
- <Package Folder>/movie/eae3.mp4
- <Package Folder>/movie/eba1.mp4
- <Package Folder>/movie/eba2.mp4
- <Package Folder>/movie/eba3.mp4
- <Package Folder>/movie/ebb1.mp4
- <Package Folder>/movie/ebc1.mp4
- <Package Folder>/movie/ebc2.mp4
- <Package Folder>/movie/ebd1.mp4
- <Package Folder>/movie/ebe1.mp4
- <Package Folder>/movie/faa1.mp4
- <Package Folder>/movie/fab1.mp4
- <Package Folder>/movie/fab2.mp4
- <Package Folder>/movie/fac1.mp4
- <Package Folder>/movie/fac2.mp4
- <Package Folder>/movie/fae1.mp4
- <Package Folder>/movie/fae2.mp4
- <Package Folder>/movie/fae3.mp4
- <Package Folder>/movie/fae4.mp4
- <Package Folder>/movie/fae5.mp4
- <Package Folder>/movie/fae6.mp4
- <Package Folder>/movie/fba1.mp4
- <Package Folder>/movie/fbb1.mp4
- <Package Folder>/movie/fbb2.mp4
- <Package Folder>/movie/fbb3.mp4
- <Package Folder>/movie/fbe1.mp4
- <Package Folder>/movie/fbe2.mp4
- <Package Folder>/movie/fbe3.mp4
- <Package Folder>/movie/fca1.mp4
- <Package Folder>/movie/fca2.mp4
- <Package Folder>/movie/fca3.mp4
- <Package Folder>/movie/fcb1.mp4
- <Package Folder>/movie/fcb2.mp4
- <Package Folder>/movie/fcc1.mp4
- <Package Folder>/movie/fce1.mp4
- <Package Folder>/movie/fce2.mp4
- <Package Folder>/movie/fce3.mp4
- <Package Folder>/movie/fce4.mp4
- <Package Folder>/movie/gaa1.mp4
- <Package Folder>/movie/gaa2.mp4
- <Package Folder>/movie/gaa3.mp4
- <Package Folder>/movie/gab1.mp4
- <Package Folder>/movie/gab2.mp4
- <Package Folder>/movie/gab3.mp4
- <Package Folder>/movie/gad1.mp4
- <Package Folder>/movie/gad2.mp4
- <Package Folder>/movie/gad3.mp4
- <Package Folder>/movie/gae1.mp4
- <Package Folder>/movie/gae2.mp4
- <Package Folder>/movie/gae3.mp4
- <Package Folder>/movie/gba1.mp4
- <Package Folder>/movie/gbc1.mp4
- <Package Folder>/movie/gbd1.mp4
- <Package Folder>/movie/gbd2.mp4
- <Package Folder>/movie/haa1.mp4
- <Package Folder>/movie/hab1.mp4
- <Package Folder>/movie/hab2.mp4
- <Package Folder>/movie/had1.mp4
- <Package Folder>/movie/had2.mp4
- <Package Folder>/movie/had3.mp4
- <Package Folder>/movie/had4.mp4
- <Package Folder>/movie/iaa1.mp4
- <Package Folder>/movie/iaa2.mp4
- <Package Folder>/movie/iaa3.mp4
- <Package Folder>/movie/iaa4.mp4
- <Package Folder>/movie/iaa5.mp4
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/shared_prefs/a.xml.bak
- <Package Folder>/shared_prefs/ad_show_time.xml
- <Package Folder>/shared_prefs/forhealthy_base_config.xml
- <Package Folder>/shared_prefs/jg_app_update_settings_random.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml.bak
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/umeng_feedback_conversations.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/Download/####/4.8_gou.jar.tmp
- <SD-Card>/dt/restime.dat
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
- chmod 755 /data/data/com.rebeltwins.daddywasathiefmod/.jiagu/libjiagu.so
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Использует специальную библиотеку для скрытия исполняемого байткода.
