Android.Packed.25609

Техническая информация

Вредоносные функции:

Загружает на исполнение код следующих детектируемых угроз:

Android.Triada.247.origin
Android.Triada.248.origin

Загружает из Интернета следующие детектируемые угрозы:

Android.Triada.247.origin
Android.Triada.248.origin

Сетевая активность:

Подключается к:

1####.####.1
1####.####.1:8088
1####.####.88
1####.####.88:8999
6####.####.140
a####.####.com
i####.####.com
l####.####.com

Запросы HTTP GET:

1####.####.88/catServer/upload/images/757fd26d-51f6-473b-a9ee-5b2fa51225...
6####.####.140/ando/i/mon?k=####&d=####
i####.####.com/ando-res/ads/black/640x270.png

Запросы HTTP POST:

1####.####.1/sdkserver/v2/appActive
1####.####.1:8088/sdkserver/v2/addSdk
1####.####.88:8999/catServer/recommend!status.action
a####.####.com/app_logs
l####.####.com/sdk.php

Изменения в файловой системе:

Создает следующие файлы:

<Package Folder>/cache/####/00b7e3f18016367f69efc8fd995efdb563ab8eda7565af58aaa65d342d167b71.0.tmp
<Package Folder>/cache/####/056e8f7b36c4fb0f11acbb07988aee0106918f6ad06dc17d562d161aa59edfb1.0.tmp
<Package Folder>/cache/####/075a75bf025fe0f361e400b52216e9767846c4f9cda26e694ea57426c62432c6.0.tmp
<Package Folder>/cache/####/0a6527013df727a1c60c80cc05665969030acfb0cbc4b38e3bbff4e45d01d164.0.tmp
<Package Folder>/cache/####/0b8c7508f6a26b156560eed15aa4e2ef27fc552959647a4f1947561d1d650418.0.tmp
<Package Folder>/cache/####/1620e5071130b02e3a99f795ef7c7130c477ca04e48fd1fcb839c59d9473b4f7.0.tmp
<Package Folder>/cache/####/16c59c26be623719f3f1f4f2e571e4af34ced2afd4df2ce372129b218e364d95.0.tmp
<Package Folder>/cache/####/1799ad83db351a8de906409e322f6042224ad1b8df57698089377ed7fc318fe3.0.tmp
<Package Folder>/cache/####/1c8addf5c0fc863be99d026db07164f75bf78f2ab18f6c856f537be3f4421f84.0.tmp
<Package Folder>/cache/####/1fb08911ef6690d0316836ddd16d8296ae4d1d04dbbf2d3954e221a457b477e8.0.tmp
<Package Folder>/cache/####/21e5021497ed30f8189ff28b9a266ca56ba9bab6c5ba0175b27457456b8796ea.0.tmp
<Package Folder>/cache/####/26bb903f5e700c7f38418aad790a865c72879f9b35172f765b10bdd19216d957.0.tmp
<Package Folder>/cache/####/2a1c335514d38c3c62d5c96eba7735fdf3a07fb166a8f8dcdf35c4a97eee3f1d.0.tmp
<Package Folder>/cache/####/3418f75a202009673033ae2fcd101f62475f793c586925c246f4c84e24d02059.0.tmp
<Package Folder>/cache/####/52d5cfa6503b7fb46fc4961f2b72f9b9adf65f6f14d59e55f0cb7d43f4ea82ec.0.tmp
<Package Folder>/cache/####/5ad5890b336aaef785404c061f68287ed549b6008fc7c964bddec8c236046921.0.tmp
<Package Folder>/cache/####/65f0854e790a0f39ce76b6d6ac8382d036e4306695b927bd0f9c623d89aed2cb.0.tmp
<Package Folder>/cache/####/67d5cb279c09968046f2da4552703725a99c9063bd226fe9a11b3af839015ff0.0.tmp
<Package Folder>/cache/####/6cae4c483664d641e4627e27abd23566abecfe8515c32988ffa52b9d3a89ee05.0.tmp
<Package Folder>/cache/####/6ebfb632f8cb491454fb7843028983fda20ecbf6e7a319fb829344c4dd130287.0.tmp
<Package Folder>/cache/####/75fe8c30f121248139e00893a0723b2438922df355d0f20788b4d5f4142990ea.0.tmp
<Package Folder>/cache/####/7f9322b79c970cb7bae53e1b777567ba7fd9044bb8382a7318cc053d241dc23a.0.tmp
<Package Folder>/cache/####/896f4bca74685f52ba1cf563fe4e78553ff36bd2f594ee162a212b56c7f89c55.0.tmp
<Package Folder>/cache/####/8c14831ec6bf3173d32009503bee243345f3e63b2f62dfa827f72305ddd73891.0.tmp
<Package Folder>/cache/####/8d32ff2cb3263fbdd4771923b0eb187166e8cce8f07326b1579896ad9c01df06.0.tmp
<Package Folder>/cache/####/983f44d465fd4321dec88d8be6729dffbdbaf3baf9cc1f00aea9eba77ccf173b.0.tmp
<Package Folder>/cache/####/a990adc6e9679d05b21e295633228158f2d717d9129c49c2d61cf691f39ee997.0.tmp
<Package Folder>/cache/####/b27f04bf4a5dc547d1864632c1360099c394627a975a6a4d982a7bbe1a640334.0.tmp
<Package Folder>/cache/####/b9a36cb9f7b4cf2f29131319b729de8429aff9e631914f9b28602d41e84d7d10.0.tmp
<Package Folder>/cache/####/bf1c9e08c773c42ccf456aef6e0eb72c7fa7c7cd68bbfb007351f13a4e4f8bd6.0.tmp
<Package Folder>/cache/####/c4cc4740f5e5086d9bda3120e5f00a0e64aaef6ac3ce89dd56abff33df31681a.0.tmp
<Package Folder>/cache/####/cb42d59e3feca975172fc163dc575466095e15a6e3f7e144db629a8a2f210ef8.0.tmp
<Package Folder>/cache/####/d73c5b2498403fc79a1419a87a40b681ebde69cae8ab67a5693b32c2bdc8984a.0.tmp
<Package Folder>/cache/####/d79fcb2652113d7830b3aecad9579bffe6a8db45b491bdc270f595994e5595c2.0.tmp
<Package Folder>/cache/####/data_0
<Package Folder>/cache/####/data_1
<Package Folder>/cache/####/data_2
<Package Folder>/cache/####/data_3
<Package Folder>/cache/####/e0e6c02e5c74d94747617238febe3ac47ff1b0fb2184f35ac2ffe614b1421bb7.0.tmp
<Package Folder>/cache/####/e336adc1b3f560a3c85718aca708daa08b45c683b7b1dc2eaaf652045596e0f0.0.tmp
<Package Folder>/cache/####/e97dc33113b9410e8a0c1bef10ab346a74c1fa9ec33e174ec906298f68a8061e.0.tmp
<Package Folder>/cache/####/f43b4d7f48b277cc92cb17364da01b06a3b84a5bfa7515fc426ee22b15d98613.0.tmp
<Package Folder>/cache/####/f49a3af25bc9535dab9443aff05a186738a81610016c533ad01b487459bfb536.0.tmp
<Package Folder>/cache/####/f625520c23a242d329088512dceface2146044b55397a25a6b8d96d91a995958.0.tmp
<Package Folder>/cache/####/f6d4455222f7c4781ab670c57297fa3a767e448253f28f741b3dbb0902642334.0.tmp
<Package Folder>/cache/####/f_000001
<Package Folder>/cache/####/index
<Package Folder>/cache/####/journal.tmp
<Package Folder>/code-2988805/OV7My241398KFRlZ
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_34BSyZL39iGB9YYIwSscVcFKUJU=
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_34BSyZL39iGB9YYIwSscVcFKUJU=-journal
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_6Kz-eE6d6l7kTdLgJ8r1TQ==
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_6Kz-eE6d6l7kTdLgJ8r1TQ==-journal
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_E2UNg5g49J2xaFTKcqHe6A==
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_E2UNg5g49J2xaFTKcqHe6A==-journal
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_eHMV8l3HPHA1CcKK
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_eHMV8l3HPHA1CcKK-journal
<Package Folder>/databases/XGbZrxr0Ugj6S3CDvZasM3nMoItfofT7NKKTfTtRm6A=_qwpwLdwN1P0=-journal
<Package Folder>/databases/cc.db
<Package Folder>/databases/cc.db-journal
<Package Folder>/databases/download.db-journal
<Package Folder>/databases/ua.db
<Package Folder>/databases/ua.db-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
<Package Folder>/files/####/01qyeJCL7Avv2toPJA3ICjpPDPjUAp7J.new
<Package Folder>/files/####/0WlhtfnjVgp2BSio.zip
<Package Folder>/files/####/0xSKJUkgLwWLADxNUFbZjwHi4U-lCxW1.new
<Package Folder>/files/####/1158a39a-9987-41ab-9432-56a3cb9045d3.pic.temp
<Package Folder>/files/####/1179710e-de66-4514-a59a-f4870ac4b4a3.pic.temp
<Package Folder>/files/####/16566664-eb3e-4103-8236-785a34b35fc4.pic.temp
<Package Folder>/files/####/1769b22c-2451-450b-b317-53b33ac40a6e.pic.temp
<Package Folder>/files/####/30bc1fd0-32d3-44d1-b115-f968811882bb.pic.temp
<Package Folder>/files/####/3XHGhTVS_mfNuA9XJz9hswFJW_g=.new
<Package Folder>/files/####/40CffEF8JfC5MJYwQDkAexF_-WatFdCO.new
<Package Folder>/files/####/4f2CdI-oIsKU5YuNMPXvg0m_0x4=.new
<Package Folder>/files/####/5KuO6aP_t8wWBjdKl8zz_kduO5ylunJjt12rPg==.new
<Package Folder>/files/####/643d977b-a2ea-4c4c-bce7-d145f58a29f9.pic.temp
<Package Folder>/files/####/694f7edd-637a-4729-a5f5-a51559234af6.pic
<Package Folder>/files/####/7RDDWfLNhpZNS_mx5tV0virxN71dBZGcAQzBLMmunJo=.new
<Package Folder>/files/####/7a6436e9-41e0-4cbb-b9ea-544402bc5436.pic.temp
<Package Folder>/files/####/7f211cc1-46d9-4bc0-9748-f3e33854f64e.pic.temp
<Package Folder>/files/####/84c282b3-55dc-482b-b3f9-8049ee0500f1.pic
<Package Folder>/files/####/90_rpEvDvWqn7f_-.new
<Package Folder>/files/####/9162c063-84f1-41bd-bf63-f7d2e5ef2111.pic.temp
<Package Folder>/files/####/957f5a7b-4b20-470c-945a-f088ba87e655.pic.temp
<Package Folder>/files/####/9a0f3551-3636-4fb8-a22e-850c3b661b3c.pic.temp
<Package Folder>/files/####/AVPBi795FYhmuVtM_CtGmg==.new
<Package Folder>/files/####/D3pyU8EGr3ZePVpw
<Package Folder>/files/####/D4K8ZEUaVatPr353QE50EBsYO0501jwV.new
<Package Folder>/files/####/G4hskoX5ZJ-SItFh3r82cb5jFj_6JpgJ.new
<Package Folder>/files/####/HZK4AW_Fm96dngX1PsBYamfTwrQ=
<Package Folder>/files/####/H_t4lqWxt2UHp1rwJJAJA29dB3xx3NtAKn5cUg==.new
<Package Folder>/files/####/HonasbibWvgEwNERZzSI_tMtebXfo-jNHDnMVDyvMXA=.new
<Package Folder>/files/####/UNPYuN5inVGlBkGUHqtaDg==.new
<Package Folder>/files/####/Uj_hXDnBHAE64grrPaGfrGzUSmG46ktmOr3-HMeumNs=.new
<Package Folder>/files/####/XsLCYPQZcxuKGoCc6Hs6SYKeTeA8O4ke.new
<Package Folder>/files/####/ZOw7fflL91xopaQID6tcHJ-VWeo=.new
<Package Folder>/files/####/acfbea99-3d5e-4e59-b141-dd95cfe4704a.pic.temp
<Package Folder>/files/####/b42b3fed-1507-4f9e-a8b2-4499e8bdd4a3.pic.temp
<Package Folder>/files/####/b4f13aaf-0cd4-42dd-a7b2-00ed8637c3a0.pic.temp
<Package Folder>/files/####/b80ac86a-a750-42a7-8561-8cdf73a87d31.pic.temp
<Package Folder>/files/####/bda56cd1-4eba-40b5-ab27-1bc251490e61.pic.temp
<Package Folder>/files/####/c132d909-5fe4-4ec4-bf1b-81fd16ac5428.pic.temp
<Package Folder>/files/####/de7a351e-2a0b-4dfd-a592-6237de0a3fb6.pic.temp
<Package Folder>/files/####/e5d2d8c5-af1e-4e9f-a4b7-b8316b07365a.pic.temp
<Package Folder>/files/####/e643ebab-3353-4070-9b17-6ba28152c85d.pic.temp
<Package Folder>/files/####/exchangeIdentity.json
<Package Folder>/files/####/gr9Z-HG1eLAjzuwsSSbtv5vniwgfhl6g756-Mg==.new
<Package Folder>/files/####/gvthDKzyQenis3up6W4zfCGPXJ7NsiDY.new
<Package Folder>/files/####/he3EGGMU2qlPKce7THE039KdXRLqxX6ShqF2Rr-5eMI=.new
<Package Folder>/files/####/j1CtV8k6BEaQwwud9Al5KcFoFY8YJG5I
<Package Folder>/files/####/j1CtV8k6BEaQwwud9Al5KcFoFY8YJG5I.new
<Package Folder>/files/####/j1CtV8k6BEaQwwud9Al5KcFoFY8YJG5I.old (deleted)
<Package Folder>/files/####/jKGe5cnBoJmOsoBJ-UASrQ==
<Package Folder>/files/####/lQv2yBYrdeb08-mZb6tAWg==
<Package Folder>/files/####/lQv2yBYrdeb08-mZb6tAWg==.new
<Package Folder>/files/####/n0hfizZl3Lr2XqWzk6uYd95yS0g=.new
<Package Folder>/files/####/qPs-iXdI-nwbP-z6XqUq5ZGN9OI=
<Package Folder>/files/####/runner_info.prop.new
<Package Folder>/files/####/txdcxq_f.zip
<Package Folder>/files/####/vrBbjE3UQq3hnpX75a2_iA==
<Package Folder>/files/.imprint
<Package Folder>/files/exid.dat
<Package Folder>/files/rdata_comandroidsupport.new
<Package Folder>/files/umeng_it.cache
<Package Folder>/shared_prefs/Alvin2.xml
<Package Folder>/shared_prefs/ContextData.xml
<Package Folder>/shared_prefs/share_data.xml
<Package Folder>/shared_prefs/share_data.xml.bak
<Package Folder>/shared_prefs/umeng_general_config.xml
<Package Folder>/shared_prefs/umeng_general_config.xml.bak
<SD-Card>/.DataStorage/ContextData.xml
<SD-Card>/.UTSystemConfig/####/Alvin2.xml
<SD-Card>/.armsd/####/0a337793-fe00-4e4f-9aea-bc1e1681167e.res
<SD-Card>/.armsd/####/1cf41e2d-1c66-4fe6-adea-ac6e90e7d246.res
<SD-Card>/.armsd/####/305f0a24-9d4f-4245-b03f-b43dab14eb70.res
<SD-Card>/.armsd/####/3186d603-0c7a-43dd-8f48-865b494b984d.res
<SD-Card>/.armsd/####/5206bc2e-28d2-4a9e-bccd-d5f852207b8a.res
<SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
<SD-Card>/.armsd/####/6c526dbb-6da5-4494-aa2b-6a4e823fbe9b.res
<SD-Card>/.armsd/####/851c72fd-9c81-4843-9736-05d13d2c0483.res
<SD-Card>/.armsd/####/85712b27-f7ec-41ab-aa41-a0fb30aa9a57.res
<SD-Card>/.armsd/####/9e577bf8-b953-489c-8f34-801c732601a4.res
<SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
<SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
<SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
<SD-Card>/.armsd/####/d2d45a30-eba3-4e76-927e-276af9801802.res
<SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
<SD-Card>/.env/.uunique.new

Другие:

Запускает следующие shell-скрипты:

/data/data/com.yuan7.lovemytalkinghank.bd/code-2988805/OV7My241398KFRlZ -p com.yuan7.lovemytalkinghank.bd -c com.android.support.vajdxa.hi.hi.pw.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
<dexopt>
sh <Package Folder>/code-2988805/OV7My241398KFRlZ -p <Package> -c com.android.support.vajdxa.hi.hi.pw.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней