Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.HiddenAds.125.origin
Сетевая активность:
Подключается к:
- 2####.####.68:8288
- a####.####.com
- a####.####.com:8001
- a####.####.org
- admobim####.com
- d####.####.com
- hl####.####.com
- m####.####.com
- mmmmmm####.com
- p####.####.com
- pl####.####.com
- real####.####.org
- s####.####.com
- synct####.com
- t####.####.com
- t####.####.info
- u####.####.com
Запросы HTTP GET:
- a####.####.com/Uploads/image/2017-05-06/14940860455342484.jpg
- a####.####.com/index.php?r=####&al=####&l=####&p=####&hp=####&lc=####&sd...
- a####.####.org/rule?platform=####&os_version=####&package_name=####&app_...
- d####.####.com/M01/01/AB/CvJMDVloIRuAf5dhAAYnO0hHtxI972.zip
- hl####.####.com/hubble/app/sm/peco_thumbnail/e4a6b3688b7628dbf5875288392...
- p####.####.com/pic/a/0e/526f1195048.jpg
- real####.####.org/realtime?platform=####&os_version=####&package_name=##...
- synct####.com/gw?url=####&vId=####&ef=####&ch=####&nid=####&sub=####&sou...
- t####.####.com/click?_type=####&sdk_redir=####&campid=####&sub_channel=#...
- t####.####.info/click?_type=####&sdk_redir=####&campid=####&sub_channel=...
- u####.####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&prod...
Запросы HTTP POST:
- 2####.####.68:8288/logsp.do
- a####.####.com/app_logs
- a####.####.com:8001/search/getSiteListByCategory
- admobim####.com/surl/api2_reg.action
- m####.####.com/detail/getOfferListNew?enc=####
- mmmmmm####.com/osp/oaen_get.action?tasktype=####&imei=####&imsi=####&cid...
- pl####.####.com/ad_dex.php
- s####.####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.mbj/####/classes.zip
- <Package Folder>/app_icons/WebpageIcons.db-journal (deleted)
- <Package Folder>/cache/####/-1673251091-1069175266
- <Package Folder>/cache/####/-16732510911124916332
- <Package Folder>/cache/####/-1676526310-228073323
- <Package Folder>/cache/####/-1676526310-797251824
- <Package Folder>/cache/####/-1676526310822374415
- <Package Folder>/cache/####/-1772212559
- <Package Folder>/cache/####/-432708002-284618842
- <Package Folder>/cache/####/-432708002-534743362
- <Package Folder>/cache/####/-432708002683525365
- <Package Folder>/cache/####/-529046126-1584866444
- <Package Folder>/cache/####/-5290461261305140983
- <Package Folder>/cache/####/-561019875
- <Package Folder>/cache/####/0f49005b65f7ea1d2e8051918383d22a7c805a27d24ba90df3eb3a282100dfdd.0.tmp
- <Package Folder>/cache/####/106516c15c3285620bfc7982ee1c440c0998169d6d6f6a3132eaf894e00014c9.0.tmp
- <Package Folder>/cache/####/1266727833
- <Package Folder>/cache/####/1381594262
- <Package Folder>/cache/####/1507080992
- <Package Folder>/cache/####/21352408
- <Package Folder>/cache/####/2be66d43ebcd1bf6b928b8095743d4474ff4b56da7f6dd185ff80d8b94c644f1.0.tmp
- <Package Folder>/cache/####/317827567fb2b1fd66f9c1e0bcc9c6d5f5b5ec87d5b022449ccb98f5a3e14665.0.tmp
- <Package Folder>/cache/####/34dfb8bb9aba95b26ce564e2cc70be25c177f5bed9d8ae0911e057aa70ba0320.0.tmp
- <Package Folder>/cache/####/405636146
- <Package Folder>/cache/####/4357e0c02824345859af5ad4dedde89d8a9db2f776cf4d87fb98b0b03c8f123c.0.tmp
- <Package Folder>/cache/####/493dcffdcd314a4ce03b7b7293dce78f2e676905dec2f5736a8e478bb091dd7e.0.tmp
- <Package Folder>/cache/####/53a39f84f49176616858ef8b28dffe035fe6f8bae16d821c59f80fa90e662a77.0.tmp
- <Package Folder>/cache/####/5bf2d79f94fa9fc3c3ab7a5212ff94e145679e522e0de1956b37a77cca80d14d.0.tmp
- <Package Folder>/cache/####/6d15369bf8c3fce3a4f48074131b07a275f2525b22b9d41ebee2ac5c2e605dbc.0.tmp
- <Package Folder>/cache/####/700d8702526250faaa8ef3d52105e232b34edaf346eaa4f5a9307f6a1d883d0c.0.tmp
- <Package Folder>/cache/####/770b87210e7b8aa0fc5b204550582f5c50f273b8fef9f7649cb9ab376600a844.0.tmp
- <Package Folder>/cache/####/779439326-384111555
- <Package Folder>/cache/####/784218d3e31acb253472ffeb98b2e1f1ef50866a19b4f0e93dacb44554619bda.0.tmp
- <Package Folder>/cache/####/7922864b34c0276d06c4f923c7f95df9e5ccc0d91cc62589a5211e25470b9bc5.0.tmp
- <Package Folder>/cache/####/7b0ddd5b0fda7cbab20e85e33c4e05d8fb7c84c5c7cc434255c28e298a244a20.0.tmp
- <Package Folder>/cache/####/7bdee4326885d404eb36c8696dee4e254deb8b3d44d1c7e3b2aecb6404f16f4c.0.tmp
- <Package Folder>/cache/####/7bfb42692ac005c9e4fa23ccb303e7aa0861fd68e07c4a6d8e10731facdaeded.0.tmp
- <Package Folder>/cache/####/856af85171e62e21d5603a8053f5f55914e9290431e81daa738961e5dfba6665.0.tmp
- <Package Folder>/cache/####/989398655
- <Package Folder>/cache/####/9c6b5ffa993c7a4756d19c32c2a4af16da2679167f15d334f7fdc4109984c649.0.tmp
- <Package Folder>/cache/####/9dd015e5a08d9a3a840fc2322b142ddffc382d2d1cf3f28d8c601e550b5b023b.0.tmp
- <Package Folder>/cache/####/c45905a70a631a9c92495fc5ada81e41d770470e7181bd0f3ed1c98fcf245f04.0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/db823fbad14e3c5905e0bfad66c6392e7ab4367dcc93313c79569cbc4e2d84da.0.tmp
- <Package Folder>/cache/####/e185fd579f6da4982a2c9a99c7df54675b733e99020212769899abac69ecf398.0.tmp
- <Package Folder>/cache/####/efbb05f8f39eb2e525a5e4e4f4d3385f6f73fb6ec90c325b91c4ece9a1b8c90c.0.tmp
- <Package Folder>/cache/####/f26054347a98679646763faed9fef04904a8e03c3e522a235d45024a0a1240eb.0.tmp
- <Package Folder>/cache/####/f4ebe365ea1c724b76c0ddc20ddd616229cbd9102681f4889618b8e17b5de405.0.tmp
- <Package Folder>/cache/####/f62b5643c7e205b7a8b342984fe399cc44efbf99486a8ca9f7dbaf9e8c1ba756.0.tmp
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/adblib.db-journal
- <Package Folder>/databases/arrkii.native.sdk.db-journal
- <Package Folder>/databases/historyManager
- <Package Folder>/databases/historyManager-journal
- <Package Folder>/databases/my.db
- <Package Folder>/databases/my.db-journal
- <Package Folder>/databases/search.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/.imprint
- <Package Folder>/files/L-mbv-1501141189182-1539390184.log
- <Package Folder>/files/bookmarks.dat
- <Package Folder>/files/google.db
- <Package Folder>/files/mobclick_agent_cached_<Package>18
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/ActivatePreUtil.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml.bak
- <Package Folder>/shared_prefs/BusinessPreUtil.xml
- <Package Folder>/shared_prefs/BusinessPreUtil.xml.bak
- <Package Folder>/shared_prefs/LoginPreUtil.xml
- <Package Folder>/shared_prefs/OfferPreUtil.xml
- <Package Folder>/shared_prefs/ak.native.sdk.xml
- <Package Folder>/shared_prefs/ak.native.sdk.xml.bak
- <Package Folder>/shared_prefs/aps.xml
- <Package Folder>/shared_prefs/aps.xml.bak
- <Package Folder>/shared_prefs/apsad.xml
- <Package Folder>/shared_prefs/apsad.xml.bak
- <Package Folder>/shared_prefs/apscomm.xml
- <Package Folder>/shared_prefs/common_preferences.xml
- <Package Folder>/shared_prefs/common_preferences.xml.bak
- <Package Folder>/shared_prefs/device_info.xml
- <Package Folder>/shared_prefs/hunter_config.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/other_config.xml
- <Package Folder>/shared_prefs/pconfig_preferences.xml
- <Package Folder>/shared_prefs/pconfig_preferences.xml.bak
- <Package Folder>/shared_prefs/service_config.xml
- <Package Folder>/shared_prefs/service_config.xml.bak
- <Package Folder>/shared_prefs/settings.xml
- <Package Folder>/shared_prefs/sp_config.xml
- <Package Folder>/shared_prefs/t_ini.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/.androidsystem/####/49.x-4.1.1-1520.apk
- <SD-Card>/.androidsystem/####/PlugShareData
- <SD-Card>/.androidsystem/####/files.db
- <SD-Card>/.androidsystem/####/plugxml.xml
- <SD-Card>/.androidsystem/####/syncfiles.db
- <SD-Card>/.androidsystem/Plugin.zip
- <SD-Card>/.system/####/config.db
- <SD-Card>/LogN/####/sp
- <SD-Card>/baidu/####/journal.tmp
- <SD-Card>/baidu/.cuid
Другие:
Запускает следующие shell-скрипты:
- ls -l /system/bin/su
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-ECB-NoPadding
- DES-CBC-PKCS5Padding
- desede-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- DES-CBC-PKCS5Padding
- desede-ECB-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
