Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.HiddenAds.125.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- a####.####.com
- a####.####.net
- a####.####.org
- admobim####.com
- ald####.com
- api####.####.com
- apirepo####.####.com
- b####.com
- c####.####.com
- cdn####.####.com
- con####.####.com
- cpgnrot####.com
- d####.####.com
- d####.####.xyz
- f####.####.com
- face####.com
- fk-mt####.####.com
- g####.####.com
- g####.####.net
- i####.####.com
- m####.####.com
- ma####.####.com
- mmmmmm####.com
- mobilem####.me
- mobotoo####.####.com
- n####.####.com
- o####.####.com
- p####.####.com
- pag####.####.com
- pass####.####.com
- pl####.####.com
- r####.####.com
- real####.####.org
- s####.####.com
- sc####.####.com
- se####.####.com
- serv####.####.com
- set####.####.com
- synct####.com
- t####.####.com
- t####.global
- technol####.####.uk
- trac####.####.com
- u####.####.com
Запросы HTTP GET:
- a####.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&vendor=####...
- a####.####.com/index.php?r=####&al=####&l=####&p=####&hp=####&lc=####&sd...
- a####.####.com/mpapi/ad?model=####&fomat=####&mcc=####&os_v=####&directi...
- a####.####.net/api/v2/template/get?slot_id=####&update_time=####
- a####.####.org/rule?platform=####&os_version=####&package_name=####&app_...
- ald####.com/ck.php?line_item_id=####&cid=####&site=####&_uu=####
- apirepo####.####.com/apiClick?ts=####&clickId=####&ifa=####&cidRev=####&...
- b####.com/rms/AutoSug/cj,nj/48de7247/3afd2d12.js?bu=####
- c####.####.com/?utm_medium=####&utm_campaign=####&cid=####&1=####
- c####.####.com/click?transaction_id=####&aff_sub=####&aff_sub2=####&aff_...
- cdn####.####.com/cdn-adn/offersync/17/05/19/17/35/591ebc46dd6cf.png
- cpgnrot####.com/campaign/2292%7C518?tag=####&website=####&placement=####
- d####.####.com/M00/01/AB/CvJMDVlBJNyAE3AUAAVgxYzjtNE875.zip
- d####.####.xyz/?s3=####&s1=####&kw=####
- f####.####.com/css?family=####&ver=####
- f####.####.com/s/lato/v13/MZ1aViPqjfvZwVD_tzjjkwLUuEpTyoUstqEm5AMlJo4.ttf
- face####.com/plugins/likebox.php?href=####&w####&height=####&colorscheme...
- fk-mt####.####.com/ad/log/pv?k=####&mp=####&source_url=####
- g####.####.com/?utm_medium=####&utm_campaign=####&1=####&cid=####
- g####.####.net/bulk?aid=####&aaid=####&pid=####&nid=####&puid=####&affid...
- i####.####.com/sound_on.png
- ma####.####.com/frontend/cardList.htm?isrecmd=####&ran=####&ismsg=####&i...
- mobilem####.me/r/c216bc5a-7f07-11e7-ac85-1144b377e414/1/
- mobotoo####.####.com/mobotoolpush/addispsort.json?facebook=####&language...
- n####.####.com/mu3/game/20161112/00/1478882027637/icon/icon_o.png
- n####.####.com/openapi/ad/v3?app_id=####&unit_id=####&category=####&req_...
- o####.####.com/ipo/api/gray/status?appvc=####&os=####&appvn=####&avn=###...
- p####.####.com/ads-service/ads/service/getAdlist.do?adnum=####&adid=####...
- p####.####.com/notification/android/message.json?pname=####&version=####...
- pag####.####.com/pagead/js/r20170807/r20170110/reactive_library.js
- pass####.####.com/android/v2/getDoSignInfo.htm?uid=####&versionCode=####...
- r####.####.com/2.0/ad?v1=####&model=####&etf=####&dx=####&dy=####&accept...
- real####.####.org/realtime?platform=####&os_version=####&package_name=##...
- sc####.####.com/v1/scheme/placement?model=####&mcc=####&os_v=####&direct...
- serv####.####.com/119987?t=####&ref=####&lu=####
- set####.####.com/setting?app_id=####&sign=####&platform=####&os_version=...
- synct####.com/d/26252559142536b2530?sub=####
- t####.####.com/click?_type=####&sdk_redir=####&campid=####&sub_channel=#...
- t####.global/view/apvir0egqVHNMIy4NMBOLVBIQPpNLO7sULpjV8hrtsULpvnwg?c=##...
- technol####.####.uk/wp-content/themes/yeahthemes-sparkle/style.css
- trac####.####.com/aff_r?offer_id=####&aff_id=####&url=####&urlauth=####
- u####.####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&prod...
Запросы HTTP POST:
- admobim####.com/surl/api2_reg.action
- api####.####.com/v3/log/init
- con####.####.com/log/log_apps
- m####.####.com/detail/getOfferListNew?enc=####
- mmmmmm####.com/osp/oaen_reg.action
- p####.####.com/getUpMessage.htm
- pl####.####.com/ad_dex.php
- s####.####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
- se####.####.com/android/checkIn.htm
- se####.####.com/initRequestDomain.htm
- se####.####.com/moboapi/switch.htm
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.mbj/####/classes.zip
- <Package Folder>/cache/####/0548391082cfd49909b29fe2d1b80226.0.tmp
- <Package Folder>/cache/####/0548391082cfd49909b29fe2d1b80226.1.tmp
- <Package Folder>/cache/####/09ac570d10a28c0c08ecee080ceb90a7.0.tmp
- <Package Folder>/cache/####/09ac570d10a28c0c08ecee080ceb90a7.1.tmp
- <Package Folder>/cache/####/10d0f4fe07dbedb0d0b344981a7a89a4.0.tmp
- <Package Folder>/cache/####/10d0f4fe07dbedb0d0b344981a7a89a4.1.tmp
- <Package Folder>/cache/####/11af0edbf3eeb4b4caca07dd33c58438.0.tmp
- <Package Folder>/cache/####/11af0edbf3eeb4b4caca07dd33c58438.1.tmp
- <Package Folder>/cache/####/1c569af055d95d85afea5e8b9a0509e8.0.tmp
- <Package Folder>/cache/####/1c569af055d95d85afea5e8b9a0509e8.1.tmp
- <Package Folder>/cache/####/2059e716def740632c3fc5a2fb76d9fc.0
- <Package Folder>/cache/####/2059e716def740632c3fc5a2fb76d9fc.1
- <Package Folder>/cache/####/277b2e6013d3e0d19fb2fe0c410a8b1f.0.tmp
- <Package Folder>/cache/####/277b2e6013d3e0d19fb2fe0c410a8b1f.1.tmp
- <Package Folder>/cache/####/27895a4bc1899bce42a934e85086ee28.0.tmp
- <Package Folder>/cache/####/27895a4bc1899bce42a934e85086ee28.1
- <Package Folder>/cache/####/3cf350287a763838884a8bb61fd07087.0.tmp
- <Package Folder>/cache/####/3cf350287a763838884a8bb61fd07087.1
- <Package Folder>/cache/####/42a55ceb87a05db410ff579c7e1a30ad.0.tmp
- <Package Folder>/cache/####/42a55ceb87a05db410ff579c7e1a30ad.1.tmp
- <Package Folder>/cache/####/48c6318a5a067fb9b7234f8e4074eb41.0.tmp
- <Package Folder>/cache/####/48c6318a5a067fb9b7234f8e4074eb41.1.tmp
- <Package Folder>/cache/####/5285044de8e4db72b86e7246f9aee7c2.0.tmp
- <Package Folder>/cache/####/5285044de8e4db72b86e7246f9aee7c2.1.tmp
- <Package Folder>/cache/####/637bcf779e8a476965fb4296552b99c7.0.tmp
- <Package Folder>/cache/####/637bcf779e8a476965fb4296552b99c7.1.tmp
- <Package Folder>/cache/####/644442ef6580bfada6d1901e8aa8c634.0.tmp
- <Package Folder>/cache/####/644442ef6580bfada6d1901e8aa8c634.1
- <Package Folder>/cache/####/6ac6c5727bb621cf17d8acf4851aaa7e.0.tmp
- <Package Folder>/cache/####/6ac6c5727bb621cf17d8acf4851aaa7e.1.tmp
- <Package Folder>/cache/####/70594694b795809267b00a383e3a0e3e.0.tmp
- <Package Folder>/cache/####/70594694b795809267b00a383e3a0e3e.1.tmp
- <Package Folder>/cache/####/71bd5e215c19e55403412e9d82bf69e0.0.tmp
- <Package Folder>/cache/####/71bd5e215c19e55403412e9d82bf69e0.1.tmp
- <Package Folder>/cache/####/8111375db8866aa753a70243c875a9d6.0.tmp
- <Package Folder>/cache/####/8111375db8866aa753a70243c875a9d6.1.tmp
- <Package Folder>/cache/####/838f49755978596f822d8b720455f8c4.0.tmp
- <Package Folder>/cache/####/838f49755978596f822d8b720455f8c4.1.tmp
- <Package Folder>/cache/####/8817f1e992adaecf7cca9cc729f74fe6.0.tmp
- <Package Folder>/cache/####/8817f1e992adaecf7cca9cc729f74fe6.1
- <Package Folder>/cache/####/8b36120f32df50b26f7118d145a05622.0
- <Package Folder>/cache/####/8b36120f32df50b26f7118d145a05622.1
- <Package Folder>/cache/####/9412abff4f1a5b74bd1f89efa6399653.0.tmp
- <Package Folder>/cache/####/9412abff4f1a5b74bd1f89efa6399653.1.tmp
- <Package Folder>/cache/####/a64e4940b33d43d5a587d9716add3915.0
- <Package Folder>/cache/####/a64e4940b33d43d5a587d9716add3915.1
- <Package Folder>/cache/####/a9412cf8e19ce1d974da7adbc0e8b6d1.0
- <Package Folder>/cache/####/a9412cf8e19ce1d974da7adbc0e8b6d1.1
- <Package Folder>/cache/####/b195cc01392a3906aa3f30cbd40aa30a.0.tmp
- <Package Folder>/cache/####/b195cc01392a3906aa3f30cbd40aa30a.1.tmp
- <Package Folder>/cache/####/b4353c78e773bcb0a0fbc4a48ad7f658.0.tmp
- <Package Folder>/cache/####/b4353c78e773bcb0a0fbc4a48ad7f658.1.tmp
- <Package Folder>/cache/####/b5d7c103da328273f242d39a4edee629.0.tmp
- <Package Folder>/cache/####/b5d7c103da328273f242d39a4edee629.1
- <Package Folder>/cache/####/b684a1df8e6e9cf3ecfd65d14240b55a.0
- <Package Folder>/cache/####/b684a1df8e6e9cf3ecfd65d14240b55a.1
- <Package Folder>/cache/####/b783222caa502b23d6c4bbe601883052.0
- <Package Folder>/cache/####/b783222caa502b23d6c4bbe601883052.1
- <Package Folder>/cache/####/bc33d0cfe23094f1c13d21db9d6a20cd.0.tmp
- <Package Folder>/cache/####/bc33d0cfe23094f1c13d21db9d6a20cd.1
- <Package Folder>/cache/####/bd022463c18c12a547cd53bb06a0d973.0.tmp
- <Package Folder>/cache/####/bd022463c18c12a547cd53bb06a0d973.1
- <Package Folder>/cache/####/bd08377fa23a2e3798c4958334924cfd.0.tmp
- <Package Folder>/cache/####/bd08377fa23a2e3798c4958334924cfd.1.tmp
- <Package Folder>/cache/####/d149467676fd959a5a11be2498d059cc.0.tmp
- <Package Folder>/cache/####/d149467676fd959a5a11be2498d059cc.1.tmp
- <Package Folder>/cache/####/d4019feee87eb584ffb1ec32787a018f.0.tmp
- <Package Folder>/cache/####/d4019feee87eb584ffb1ec32787a018f.1
- <Package Folder>/cache/####/d5c00ba6d8782f42877959bfb7be7b58.0.tmp
- <Package Folder>/cache/####/d5c00ba6d8782f42877959bfb7be7b58.1.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e645cb595a9b4e63ca75975bc68cb856.0
- <Package Folder>/cache/####/e645cb595a9b4e63ca75975bc68cb856.1
- <Package Folder>/cache/####/f5207858b63ffe4989d6854637e08ea1.0.tmp
- <Package Folder>/cache/####/f5207858b63ffe4989d6854637e08ea1.1.tmp
- <Package Folder>/cache/####/f6fd6936ee65918b5035e185ada6ad88.0.tmp
- <Package Folder>/cache/####/f6fd6936ee65918b5035e185ada6ad88.1.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/f_000011
- <Package Folder>/cache/####/f_000012
- <Package Folder>/cache/####/f_000013
- <Package Folder>/cache/####/f_000014
- <Package Folder>/cache/####/f_000015
- <Package Folder>/cache/####/f_000016
- <Package Folder>/cache/####/f_000017
- <Package Folder>/cache/####/fe5c93839b1d1122297543ab980f0ecd.0.tmp
- <Package Folder>/cache/####/fe5c93839b1d1122297543ab980f0ecd.1.tmp
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code_cache/####/<Package>-1.apk.classes-1866561024.zip
- <Package Folder>/databases/MessageStore.db-journal
- <Package Folder>/databases/MsgLogStore.db-journal
- <Package Folder>/databases/accs.db-journal
- <Package Folder>/databases/adblib.db-journal
- <Package Folder>/databases/arrkii.asa.sdk.db-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/download_file.db-journal
- <Package Folder>/databases/du_ad_cache.db-journal
- <Package Folder>/databases/du_ad_parse.db-journal
- <Package Folder>/databases/du_ad_ts.db-journal
- <Package Folder>/databases/du_weather_data.db-journal
- <Package Folder>/databases/evernote_jobs.db-journal
- <Package Folder>/databases/message_accs_db
- <Package Folder>/databases/message_accs_db-journal
- <Package Folder>/databases/mobogenie.db
- <Package Folder>/databases/mobogenie.db-journal
- <Package Folder>/databases/mobogenie_music.db
- <Package Folder>/databases/mobogenie_music.db-journal
- <Package Folder>/databases/mobogenie_update.db
- <Package Folder>/databases/mobogenie_update.db-journal
- <Package Folder>/databases/mobpower.db-journal
- <Package Folder>/databases/mobvista.msdk.db-journal
- <Package Folder>/databases/my.db
- <Package Folder>/databases/my.db-journal
- <Package Folder>/databases/self_ad_db
- <Package Folder>/databases/self_ad_db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal (deleted)
- <Package Folder>/databases/ztrack.db-journal
- <Package Folder>/eudemon
- <Package Folder>/files/####/598466FB03DA-0001-0855-B67E0B992680BeginSession.cls
- <Package Folder>/files/####/598466FB03DA-0001-0855-B67E0B992680SessionApp.cls_temp
- <Package Folder>/files/####/598466FB03DA-0001-0855-B67E0B992680SessionDevice.cls_temp
- <Package Folder>/files/####/598466FB03DA-0001-0855-B67E0B992680SessionOS.cls_temp
- <Package Folder>/files/####/598466FB03DA-0001-0855-B67E0B992680SessionUser.cls_temp
- <Package Folder>/files/####/598466FC006A-0001-0837-B67E0B992680BeginSession.cls_temp
- <Package Folder>/files/####/598466FC006A-0001-0837-B67E0B992680SessionApp.cls_temp
- <Package Folder>/files/####/598466FC006A-0001-0837-B67E0B992680SessionDevice.cls_temp
- <Package Folder>/files/####/598466FC006A-0001-0837-B67E0B992680SessionOS.cls_temp
- <Package Folder>/files/####/com.crashlytics.settings.json
- <Package Folder>/files/####/initialization_marker
- <Package Folder>/files/####/mp_agent_log
- <Package Folder>/files/####/sa_99c7aac6-0e5f-4112-910f-3b9517a30387_1501849340447.tap
- <Package Folder>/files/####/session_analytics.tap
- <Package Folder>/files/####/session_analytics.tap.tmp
- <Package Folder>/files/DaemonServer
- <Package Folder>/files/agoo.pid
- <Package Folder>/files/cwd
- <Package Folder>/files/google.db
- <Package Folder>/files/mobclick_agent_cached_<Package>302161
- <Package Folder>/files/rk.jar
- <Package Folder>/files/uninstall
- <Package Folder>/files/watch_server
- <Package Folder>/shared_prefs/0def24353a3d8f0f7144f3755d8f7744.xml
- <Package Folder>/shared_prefs/0def24353a3d8f0f7144f3755d8f7744.xml.bak
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_ui_preferences.xml
- <Package Folder>/shared_prefs/ACCS_BIND.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml.bak
- <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
- <Package Folder>/shared_prefs/AGOO_BIND.xml
- <Package Folder>/shared_prefs/ActivatePreUtil.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml.bak
- <Package Folder>/shared_prefs/Agoo_AppStore.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/FLOAT_WINDOW.xml
- <Package Folder>/shared_prefs/FirstNewUninstallTime.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml.bak
- <Package Folder>/shared_prefs/MobogeniePrefsFile.xml
- <Package Folder>/shared_prefs/MobogeniePrefsFile.xml.bak
- <Package Folder>/shared_prefs/PUSH_PRE.xml
- <Package Folder>/shared_prefs/PUSH_PRE.xml.bak
- <Package Folder>/shared_prefs/SCORE_PRE.xml
- <Package Folder>/shared_prefs/SCORE_PRE.xml.bak
- <Package Folder>/shared_prefs/SETTING_DOMAIN.xml
- <Package Folder>/shared_prefs/SETTING_DOMAIN.xml.bak
- <Package Folder>/shared_prefs/SETTING_PRE.xml
- <Package Folder>/shared_prefs/SETTING_PRE.xml.bak
- <Package Folder>/shared_prefs/SUBSCRIBE_AD.xml
- <Package Folder>/shared_prefs/TOKEN.xml
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/shared_prefs/USERINFO.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml.bak
- <Package Folder>/shared_prefs/_weather_prefs.xml
- <Package Folder>/shared_prefs/_weather_prefs.xml.bak
- <Package Folder>/shared_prefs/ak.salvia.sdk.xml
- <Package Folder>/shared_prefs/ak.salvia.sdk.xml.bak
- <Package Folder>/shared_prefs/aps.xml
- <Package Folder>/shared_prefs/aps.xml.bak
- <Package Folder>/shared_prefs/apsad.xml
- <Package Folder>/shared_prefs/apsad.xml.bak
- <Package Folder>/shared_prefs/apscomm.xml
- <Package Folder>/shared_prefs/clean.xml
- <Package Folder>/shared_prefs/clean_version_sp.xml
- <Package Folder>/shared_prefs/clean_version_sp.xml.bak
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml.bak
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml.bak (deleted)
- <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQueue.domain.xml
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answers;settings.xml
- <Package Folder>/shared_prefs/com.facebook.internal.preferences.APP_SETTINGS.xml
- <Package Folder>/shared_prefs/com.mobpower.xml
- <Package Folder>/shared_prefs/com.mobpower.xml.bak
- <Package Folder>/shared_prefs/ct_default.xml
- <Package Folder>/shared_prefs/dcSharedPreferences.dat.xml
- <Package Folder>/shared_prefs/device_info.xml
- <Package Folder>/shared_prefs/evernote_jobs.xml
- <Package Folder>/shared_prefs/evernote_jobs.xml.bak
- <Package Folder>/shared_prefs/hunter_config.xml
- <Package Folder>/shared_prefs/install.xml
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.fabric.sdk.android.q.xml
- <Package Folder>/shared_prefs/last_know_location.xml
- <Package Folder>/shared_prefs/mobvista.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/other_config.xml
- <Package Folder>/shared_prefs/self_adextend.xml
- <Package Folder>/shared_prefs/service_config.xml
- <Package Folder>/shared_prefs/service_config.xml.bak
- <Package Folder>/shared_prefs/share_date.xml
- <Package Folder>/shared_prefs/share_date.xml.bak
- <Package Folder>/shared_prefs/sp_config.xml
- <Package Folder>/shared_prefs/sp_config.xml.bak
- <Package Folder>/shared_prefs/strategy_sp.xml
- <Package Folder>/shared_prefs/t_ini.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.androidsystem/####/49.x-3.0.1.apk
- <SD-Card>/.androidsystem/####/PlugShareData
- <SD-Card>/.androidsystem/####/files.db
- <SD-Card>/.androidsystem/####/plugxml.xml
- <SD-Card>/.androidsystem/####/syncfiles.db
- <SD-Card>/.androidsystem/Plugin.zip
- <SD-Card>/Android/####/.0.tmp (deleted)
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/0548391082cfd49909b29fe2d1b80226.0.tmp
- <SD-Card>/Android/####/09ac570d10a28c0c08ecee080ceb90a7.0.tmp
- <SD-Card>/Android/####/0b25dc3a69aa67dc4ab981654cf210409e85475c_v23_phone.mp4
- <SD-Card>/Android/####/10d0f4fe07dbedb0d0b344981a7a89a4.0.tmp
- <SD-Card>/Android/####/1380229154.js
- <SD-Card>/Android/####/1c569af055d95d85afea5e8b9a0509e8.0.tmp
- <SD-Card>/Android/####/277b2e6013d3e0d19fb2fe0c410a8b1f.0.tmp
- <SD-Card>/Android/####/27895a4bc1899bce42a934e85086ee28.0.tmp
- <SD-Card>/Android/####/42a55ceb87a05db410ff579c7e1a30ad.0.tmp
- <SD-Card>/Android/####/48c6318a5a067fb9b7234f8e4074eb41.0.tmp
- <SD-Card>/Android/####/5285044de8e4db72b86e7246f9aee7c2.0.tmp
- <SD-Card>/Android/####/637bcf779e8a476965fb4296552b99c7.0.tmp
- <SD-Card>/Android/####/70594694b795809267b00a383e3a0e3e.0.tmp
- <SD-Card>/Android/####/71bd5e215c19e55403412e9d82bf69e0.0.tmp
- <SD-Card>/Android/####/838f49755978596f822d8b720455f8c4.0.tmp
- <SD-Card>/Android/####/9412abff4f1a5b74bd1f89efa6399653.0.tmp
- <SD-Card>/Android/####/b4353c78e773bcb0a0fbc4a48ad7f658.0
- <SD-Card>/Android/####/d71a508778a7dfd54b25610aa9fe09fb7c7fe77d_768x1024_opt_v1.jpeg
- <SD-Card>/Android/####/f5207858b63ffe4989d6854637e08ea1.0.tmp
- <SD-Card>/Android/####/f6fd6936ee65918b5035e185ada6ad88.0.tmp
- <SD-Card>/Android/####/fe5c93839b1d1122297543ab980f0ecd.0.tmp
- <SD-Card>/Android/####/journal
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Android/####/jquery-1.9.1.min.js
- <SD-Card>/Android/####/jquery.knob.js
- <SD-Card>/Android/####/sound_off.png
- <SD-Card>/Android/####/sound_on.png
- <SD-Card>/Download/####/accs_election
- <SD-Card>/LogN/####/sp
- <SD-Card>/baidu/####/journal
- <SD-Card>/baidu/.cuid
- <SD-Card>/mobogenie/####/all_search_hotwords.json
- <SD-Card>/mobogenie/####/all_search_hotwords.json (deleted)
- <SD-Card>/mobogenie/####/facebook_ads_position.json
- <SD-Card>/mobogenie/####/gl_app_home_all_json
- <SD-Card>/mobogenie/####/mobogenie.uuid
- <SD-Card>/mobogenie/####/splashbanner.png
- <SD-Card>/mobogenie/mobosd.bin
- <SD-Card>/mobogenie/mobosd.bin-journal
Другие:
Запускает следующие shell-скрипты:
- /data/user/0/<Package>/files/watch_server /data/user/0/<Package> http://redirect.mobogenie.com?pn=<Package>&v=302161&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D %7B%22package%22%3A%22<Package>%22%2C%22appKey%22%3A%22%22%2C%22utdid%22%3A%22WYRm%2FHGnkwUDAGdzx1FsAmvh%22%2C%22sdkVersion%22%3A%22212%22%7D -I agoodm.m.taobao.com -O 80 -T -Z
- <Package Folder>/files/cwd 0
- <Package Folder>/files/uninstall 0 http://m.mobogenie.com/en/uninstall/uninstall.html?channel_id=1030&uuid=00c8e6a2-cb98-4cb4-bc00-94d0225597eb&android=a967d2bb56f7bc6b&imei=<IMEI>&versionCode=302161&versionName=3.2.16.1&site=GL
- <Package Folder>/files/watch_server <Package Folder> http://redirect.mobogenie.com?pn=<Package>&v=302161&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
- cat /proc/cpuinfo
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 755 /data/user/0/<Package>/files/watch_server
- chmod 755 <Package Folder>/files/watch_server
- sh
- sh /data/user/0/<Package>/files/watch_server /data/user/0/<Package> http://redirect.mobogenie.com?pn=<Package>&v=302161&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
- sh <Package Folder>/files/cwd 0
- sh <Package Folder>/files/uninstall 0 http://m.mobogenie.com/en/uninstall/uninstall.html?channel_id=1030&uuid=00c8e6a2-cb98-4cb4-bc00-94d0225597eb&android=a967d2bb56f7bc6b&imei=<IMEI>&versionCode=302161&versionName=3.2.16.1&site=GL
Загружает динамические библиотеки:
- tnet-3.1
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-ECB-NoPadding
- AES-ECB-PKCS5Padding
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES-CBC-PKCS5Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
