Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Mixi.16.origin
- Android.Mixi.21.origin
Сетевая активность:
Подключается к:
- g####.####.com
- i####.####.cn
- lydownl####.####.com
- s####.####.com
Запросы HTTP GET:
- g####.####.com/cr/sv/getGoFile?name=####
- g####.####.com/cr/sv/getRecord?eids=####&appKey=####&flag=####
- i####.####.cn/iplookup/iplookup.php?format=####
- lydownl####.####.com/video/UI2/kaiping2.jpg
- lydownl####.####.com/video/api/AivMainA.dat
- lydownl####.####.com/video/api/pinglun_head.dat
- lydownl####.####.com/video/api/pinglun_name.dat
- lydownl####.####.com/video/api/pinglun_text.dat
- lydownl####.####.com/video/config2.dat
- lydownl####.####.com/video/image2/0305ee4bf43d94be5110486fb925e920.png
- lydownl####.####.com/video/image2/0351906caf31c7c0fd0887a828d64d1a.jpg
- lydownl####.####.com/video/image2/05574274d31c0b8c8d3b07b29fd64339.png
- lydownl####.####.com/video/image2/0b91a769f7e4e62c40f0ba0c7ef1c695.jpg
- lydownl####.####.com/video/image2/1188f47f9849616037dec03ae396c076.jpg
- lydownl####.####.com/video/image2/12756d25f3b40fe8dcbfb3e1d3a51e2c.jpg
- lydownl####.####.com/video/image2/14925c939660bde733bc3956f0e94d27.jpg
- lydownl####.####.com/video/image2/17d98aec62f53183aa46afa549a3cd1c.png
- lydownl####.####.com/video/image2/17dfaaedc61c915bc7274952df833bfc.png
- lydownl####.####.com/video/image2/196188b7cbd8911a6190253486f62044.png
- lydownl####.####.com/video/image2/1c4f97c2aaf873deb019fbd424c3f47b.jpg
- lydownl####.####.com/video/image2/1e42db315cc49fc81439a94751d462e5.jpg
- lydownl####.####.com/video/image2/1ead31b8ff30d68ac407ed46815291e5.jpg
- lydownl####.####.com/video/image2/226f826730d2b19894ed282150bb19fb.jpg
- lydownl####.####.com/video/image2/252f023ff38d5502e9e8c97e8c538b96.jpg
- lydownl####.####.com/video/image2/28efaec57a784009791b12b5a21f92fb.jpg
- lydownl####.####.com/video/image2/2fc3f6d58456efb9b9cb22ab40fb2df8.jpg
- lydownl####.####.com/video/image2/3269b06974dd7943ebc2bfdef0ba5d43.jpg
- lydownl####.####.com/video/image2/36868e2662c5aa3d3935ed87e25654a2.jpg
- lydownl####.####.com/video/image2/37b114c26d371be8af2327752963b3f8.jpg
- lydownl####.####.com/video/image2/3801170fdf1dad89c3c506fd588e3842.jpg
- lydownl####.####.com/video/image2/3b15e123b67e60cbf294f6b24f13b9d4.jpg
- lydownl####.####.com/video/image2/4915e727dd95454680e08184eec46b8f.jpg
- lydownl####.####.com/video/image2/4996307b77b0add6165bba116d6e86f2.jpg
- lydownl####.####.com/video/image2/5dba1fee64c44a885f9faa6248788acf.jpg
- lydownl####.####.com/video/image2/608da7fe2d84e1e29d6d3a9416aa5624.jpg
- lydownl####.####.com/video/image2/631dae5cfe7357368ad8df8955920cb1.jpg
- lydownl####.####.com/video/image2/69e0d7f0b2a71001eb32dc3708f71bad.png
- lydownl####.####.com/video/image2/6c61cc6337e013d6f0144019f177da21.jpg
- lydownl####.####.com/video/image2/6cf59cf2934bb2bec596cb344d0b03c0.jpg
- lydownl####.####.com/video/image2/6d28055884c7d8e3af52bb4e132cfcfb.jpg
- lydownl####.####.com/video/image2/706875e4a3947f1950141a1b38936473.jpg
- lydownl####.####.com/video/image2/709263653fd846e3a2f9a9f05f2ee30e.jpg
- lydownl####.####.com/video/image2/753f140aea95df54f2904b2f395d477f.jpg
- lydownl####.####.com/video/image2/7acd3d8c94b0f104ba8f842e29417871.jpg
- lydownl####.####.com/video/image2/7e1855cfa13cef2ce6677cc82170959b.jpg
- lydownl####.####.com/video/image2/843adb483347c3f0f45b5ddf7073cbcb.png
- lydownl####.####.com/video/image2/848070e623023874b75ca002a971371c.jpg
- lydownl####.####.com/video/image2/84fbe1961ef52455f944c28131f91766.jpg
- lydownl####.####.com/video/image2/8bed2cd586e00119d05d36f61b41ad54.jpg
- lydownl####.####.com/video/image2/8ddbf8fa7c44615dfa481ebc21fa48fd.jpg
- lydownl####.####.com/video/image2/9025194ff3660271ef538ff8c8bdbf02.jpg
- lydownl####.####.com/video/image2/93b2a793069008d1152b9717d3f31962.jpg
- lydownl####.####.com/video/image2/960cfaf74e91145da0c229ebacac4e8d.jpg
- lydownl####.####.com/video/image2/96c61a820a55431ccb980596dd570ca1.png
- lydownl####.####.com/video/image2/9eb7e159ab09014731b29d67b79a8bd5.jpg
- lydownl####.####.com/video/image2/a2ba0a1b81fabbf8dff825c3e7311419.jpg
- lydownl####.####.com/video/image2/a328c3887fd14eb7807769d3872f7999.jpg
- lydownl####.####.com/video/image2/a588be9bbbd26fab07d0e631b701b0fd.jpg
- lydownl####.####.com/video/image2/a6fabcd47c8be5273d66912642fafca3.jpg
- lydownl####.####.com/video/image2/a935e7a9057e05e3089907b65b367786.jpg
- lydownl####.####.com/video/image2/ac7e8df6f8bc010f5dfd7a44e8e4594a.jpg
- lydownl####.####.com/video/image2/b8aa22dd269842d9d706df3fb3b0dec2.jpg
- lydownl####.####.com/video/image2/bad77433317d5acbf73b20c820f7c10c.jpg
- lydownl####.####.com/video/image2/bba20c5251c7b400b684913493792e41.jpg
- lydownl####.####.com/video/image2/bce5fe395e1d8af92e943cb5652eca73.jpg
- lydownl####.####.com/video/image2/bd6a79e6dcbcfd737b7076170bbda519.jpg
- lydownl####.####.com/video/image2/bf75e73390fa36bd3ffffa95dcded1f2.jpg
- lydownl####.####.com/video/image2/c012609036318cbc879805a0a16bccaf.jpg
- lydownl####.####.com/video/image2/c211e84c1c085e91a427ad8cb5dcaaf2.jpg
- lydownl####.####.com/video/image2/c22cde5fdd211ae04637990735fed9e3.jpg
- lydownl####.####.com/video/image2/c3acb400210cddd68f5fcc0ad6138d39.jpg
- lydownl####.####.com/video/image2/c5925a7f55114671ac2d98fc1c5587e5.jpg
- lydownl####.####.com/video/image2/cb74a8e011efac8458b7ad08bd4f1d60.jpg
- lydownl####.####.com/video/image2/cf2d5421b427feb0a5e8b05d59618854.jpg
- lydownl####.####.com/video/image2/cff9ef52ec8529120a4ae6517499347b.jpg
- lydownl####.####.com/video/image2/d34c5a41999d372ff626b581529d340b.jpg
- lydownl####.####.com/video/image2/d46c18f24dbf7069c73eea0bbe834884.jpg
- lydownl####.####.com/video/image2/de3f57dcd5d1ff87a754547449577546.jpg
- lydownl####.####.com/video/image2/e1bb930899100b98391b7f52302a3204.jpg
- lydownl####.####.com/video/image2/e2236225b6b8e029b233de4f1d51c9f9.jpg
- lydownl####.####.com/video/image2/ef4943ef4099a6ae6ae9246b27484144.jpg
- lydownl####.####.com/video/image2/f19bce7dda3d2f66d7c8c4309a188e3f.jpg
- lydownl####.####.com/video/image2/f1ed21fc0adf20e36ebf24751995a777.jpg
- lydownl####.####.com/video/image2/fa6ae466cd28285ed066f01f8fed6c4f.jpg
- lydownl####.####.com/video/video/c6839b32451f4c65b7fd025efdc982ac.mp4
- s####.####.com/cr/sdk/170417/des_V17041703Aj1so32.zip
- s####.####.com/cr/sdk/170417/goplaysdk_statistics_all_1704171.dat
Запросы HTTP POST:
- g####.####.com/cr/sv/getEPList
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/PreExcuModsInfo.txt
- <Package Folder>/ReadyHost.txt
- <Package Folder>/XmSmLockFile.txt
- <Package Folder>/app_file_dex/MasterControl.jar
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/files/####/5fhd2<System Property>46
- <Package Folder>/files/####/<Package>12<System Property>2
- <Package Folder>/files/1501849933117_V17041703Aj1so32.so
- <Package Folder>/files/<System Property>112.jar
- <Package Folder>/files/hftJcw46N.jar
- <Package Folder>/files/mobclick_agent_cached_<Package>145756
- <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- <Package Folder>/shared_prefs/<Package>__save_data__.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/NndAppAiv_Video/####/0530082cd4ff87b25669e1f58c55980c
- <SD-Card>/NndAppAiv_Video/####/053d82e95e6e0049dce29db243adacc5
- <SD-Card>/NndAppAiv_Video/####/08ece614c08ade6ca31cc97722a21fc6
- <SD-Card>/NndAppAiv_Video/####/0a57a66be99b9dce073340aaaab8240d
- <SD-Card>/NndAppAiv_Video/####/19199f9e3d339f95e9c6929244b04786
- <SD-Card>/NndAppAiv_Video/####/19199f9e3d339f95e9c6929244b04786.dat
- <SD-Card>/NndAppAiv_Video/####/19199f9e3d339f95e9c6929244b04786.dat.tmp
- <SD-Card>/NndAppAiv_Video/####/1ff2ccf6a1676abb92a45f15c56b4ef3
- <SD-Card>/NndAppAiv_Video/####/20e24b7d27329ebdfdb231145e79c196
- <SD-Card>/NndAppAiv_Video/####/225fb933e1385b802ceb49a0cae07fbb
- <SD-Card>/NndAppAiv_Video/####/287af61d9e5ecdd56d36de358b0ea9b5
- <SD-Card>/NndAppAiv_Video/####/2f41ff0b1a813e33ab37f8fc584b48b8
- <SD-Card>/NndAppAiv_Video/####/2f8d9cb1f35c14b14cc5489b2d51b386
- <SD-Card>/NndAppAiv_Video/####/30c1f8805f5831483362f8f89f3a7c75
- <SD-Card>/NndAppAiv_Video/####/31816183a86da5bf627f7eed2caa0861
- <SD-Card>/NndAppAiv_Video/####/31816183a86da5bf627f7eed2caa0861.dat
- <SD-Card>/NndAppAiv_Video/####/31816183a86da5bf627f7eed2caa0861.dat.tmp
- <SD-Card>/NndAppAiv_Video/####/31f4804a17c14991a50429cd49a8db0f
- <SD-Card>/NndAppAiv_Video/####/31f4804a17c14991a50429cd49a8db0f.dat
- <SD-Card>/NndAppAiv_Video/####/31f4804a17c14991a50429cd49a8db0f.dat.tmp
- <SD-Card>/NndAppAiv_Video/####/3a76f99cbb3070edbff9a8a32890c957
- <SD-Card>/NndAppAiv_Video/####/3c6a88042a9e09ab15360bd407b9ad3c
- <SD-Card>/NndAppAiv_Video/####/44c3144ec7f106d1efbca9c5897cfae9
- <SD-Card>/NndAppAiv_Video/####/4f379f5866ca550fb8c97c88180d788e
- <SD-Card>/NndAppAiv_Video/####/5000a1b4c17b9aed9255f1fb2b2588b3
- <SD-Card>/NndAppAiv_Video/####/509c2ca19afef556d827b89c9727d487
- <SD-Card>/NndAppAiv_Video/####/5530804a8631a8f16eac354a40cc8f72
- <SD-Card>/NndAppAiv_Video/####/5c7609eea172677b64e6ea5c4bfba841
- <SD-Card>/NndAppAiv_Video/####/5d0a143a927550800e43bae74d9d6c2d
- <SD-Card>/NndAppAiv_Video/####/641295c72c2662baf21a5c1be428cc65
- <SD-Card>/NndAppAiv_Video/####/69842917a22f1cf7265d91402ee2351d
- <SD-Card>/NndAppAiv_Video/####/6cfc22be71c743f50488b8b912fc4fb3
- <SD-Card>/NndAppAiv_Video/####/707db1fd30c4d49453c2f8cbc9f4521a
- <SD-Card>/NndAppAiv_Video/####/707db1fd30c4d49453c2f8cbc9f4521a.dat
- <SD-Card>/NndAppAiv_Video/####/707db1fd30c4d49453c2f8cbc9f4521a.dat.tmp
- <SD-Card>/NndAppAiv_Video/####/709b0073f0a41e84f072f2efd20154c8
- <SD-Card>/NndAppAiv_Video/####/709c512a47aeea67729b24688c70f91e
- <SD-Card>/NndAppAiv_Video/####/71f39d7213893865ddeb803107cdef62
- <SD-Card>/NndAppAiv_Video/####/732ead1a68772e040524709c605bcb34
- <SD-Card>/NndAppAiv_Video/####/7b2c1de8020823a4ca5ab6a40fa84ca9
- <SD-Card>/NndAppAiv_Video/####/7e74e6094a24edabb35044d9f7807e5a
- <SD-Card>/NndAppAiv_Video/####/7e822e02fca3e3939b5f5d5a34e128b5
- <SD-Card>/NndAppAiv_Video/####/84f1df53601480bd925a437f2acb3538
- <SD-Card>/NndAppAiv_Video/####/883e0d82001335c67b8c4ab77bca94bd
- <SD-Card>/NndAppAiv_Video/####/8aeebbcb6e74d429e8efafca1595d20e
- <SD-Card>/NndAppAiv_Video/####/8b0df89eaa261e6329f03b76770c12e9
- <SD-Card>/NndAppAiv_Video/####/8be5ebce885d8c3b781f1b74c7f856c1
- <SD-Card>/NndAppAiv_Video/####/8be5ebce885d8c3b781f1b74c7f856c1.dat
- <SD-Card>/NndAppAiv_Video/####/8be5ebce885d8c3b781f1b74c7f856c1.dat.tmp
- <SD-Card>/NndAppAiv_Video/####/8dbf08a7d8c9a54dd71e501342ad5209
- <SD-Card>/NndAppAiv_Video/####/8df714dc78da011a29a31ed287d0b06b
- <SD-Card>/NndAppAiv_Video/####/8f03e84c25663faf8a1ac56b423e5e24
- <SD-Card>/NndAppAiv_Video/####/9304e70073a7f00aab440e92807ac2fa
- <SD-Card>/NndAppAiv_Video/####/98a4a00e3a0577a3c88fd32323915391
- <SD-Card>/NndAppAiv_Video/####/9af258a97b01dafb59182d34b9e2a4bb
- <SD-Card>/NndAppAiv_Video/####/9db3e58f33c92b278021f45d680e9f74
- <SD-Card>/NndAppAiv_Video/####/a59d50765b287b07e404da184e93e1a0
- <SD-Card>/NndAppAiv_Video/####/a85c90b9d9a7fc0bb232c93040f49fc2
- <SD-Card>/NndAppAiv_Video/####/ac4054331ecbbe0457d593af13b9ccb3
- <SD-Card>/NndAppAiv_Video/####/adced6d6a5dd7b6c85bfda38932bc0d2
- <SD-Card>/NndAppAiv_Video/####/b43ebf710cc7498148afed821c8a154d
- <SD-Card>/NndAppAiv_Video/####/b6c730f6bae8c0829c0de9f7e0b74e75
- <SD-Card>/NndAppAiv_Video/####/b82fdbcdcd5cb3680d7db17af6e6630b
- <SD-Card>/NndAppAiv_Video/####/b9d463bd7eed694711f3360e6c55b3c5
- <SD-Card>/NndAppAiv_Video/####/bf7cba76603002b343264cf2a6b80f58
- <SD-Card>/NndAppAiv_Video/####/c4cf63665a236442f8f079302d704303
- <SD-Card>/NndAppAiv_Video/####/c6dc65aebce52c71234aab211d91a97a
- <SD-Card>/NndAppAiv_Video/####/c9567066de3d009c3926d428f18ecb42
- <SD-Card>/NndAppAiv_Video/####/c9c32c1b4ce23e3d2fde62e0e55ef9f4
- <SD-Card>/NndAppAiv_Video/####/ceaaaf1dbfc5c5487bb1517f83361c6d
- <SD-Card>/NndAppAiv_Video/####/cf6e3a505ea029e8de30ad8d81fa295f
- <SD-Card>/NndAppAiv_Video/####/d1a35a37af099437038fc3e356427a8e
- <SD-Card>/NndAppAiv_Video/####/d21207fcab8607cea673bb982f700854
- <SD-Card>/NndAppAiv_Video/####/d2d5ce5739b244aba69dbac7c8c252de
- <SD-Card>/NndAppAiv_Video/####/d55cf344ecf88ecfba99a8b1bd5a2cfc
- <SD-Card>/NndAppAiv_Video/####/d83570b427293a36dd6260f102585454
- <SD-Card>/NndAppAiv_Video/####/d97bb192a39e52cd99dcc412211b44ea
- <SD-Card>/NndAppAiv_Video/####/d9ad0e26c075ca98a4d2b3c6886c9c40
- <SD-Card>/NndAppAiv_Video/####/dcb7600798ada00d5fd8f0c3ea038c53
- <SD-Card>/NndAppAiv_Video/####/dec342b0e405513ff15f9555c24444de
- <SD-Card>/NndAppAiv_Video/####/df72126e56700d3e63bdda92e390dffd
- <SD-Card>/NndAppAiv_Video/####/e065ad1fb10f76d9e9a22b42c97998ef
- <SD-Card>/NndAppAiv_Video/####/e549297821ef7a3be970a2ef73567236
- <SD-Card>/NndAppAiv_Video/####/e5d4797aad66532082e80bf42d07b9e0
- <SD-Card>/NndAppAiv_Video/####/e90c1f2ec48621d1ae557433e1c7b21f
- <SD-Card>/NndAppAiv_Video/####/e988e90d4f740897e73f940ad8429471
- <SD-Card>/NndAppAiv_Video/####/ed51eac0839e84f90c053d9f63ed5dab
- <SD-Card>/NndAppAiv_Video/####/f15466e9c06a902b162f0ec10329b27b
- <SD-Card>/NndAppAiv_Video/####/f9c70695a573fc646c1ddf61769e54fb
- <SD-Card>/NndAppAiv_Video/####/fb511dcab23cdd1a9f9ad187692f4a2a
- <SD-Card>/NndAppAiv_Video/####/ff9c0d4012a8f798acef33b61057606c
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa <Package Folder>/.syslib-
- chmod 0771 <Package Folder>/.syslib-
- getenforce
- getprop apps.customerservice.device
- rm -f <Package Folder>/files/hftJcw46N.dex
- rm -f <Package Folder>/files/hftJcw46N.jar
- rm -f <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- rm <Package Folder>/files/hftJcw46N.dex
- rm <Package Folder>/files/hftJcw46N.jar
- rm <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/hftJcw46N.jar > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c rm <Package Folder>/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c rm <Package Folder>/files/hftJcw46N.jar > /dev/null 2>&1
- sh -c rm <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c rm -f <Package Folder>/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c rm -f <Package Folder>/files/hftJcw46N.jar > /dev/null 2>&1
- sh -c rm -f <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh <Package Folder>/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa <Package Folder>/.syslib-
Загружает динамические библиотеки:
- 1501849933117_V17041703Aj1so32
- tm_pay
Использует следующие алгоритмы для шифрования данных:
- AES-ECB-PKCS5Padding
- RSA
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
