Техническая информация
Вредоносные функции:
Скрывает свою иконку с экрана устройства.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google Host>
- TCP(Google Services) <Google Host>
- TCP(HTTP/1.1) www.findmy####.com:80
- TCP(HTTP/1.1) ge####.b####.com:80
- TCP(HTTP/1.1) stat####.face####.com:80
- TCP(HTTP/1.1) www.grav####.com:80
- TCP(HTTP/1.1) api.k####.info:80
- TCP(HTTP/1.1) r.se####.y####.com:80
- TCP(HTTP/1.1) img.info####.com:80
- TCP(HTTP/1.1) c####.b####.com:80
- TCP(HTTP/1.1) tr####.mobitec####.xyz:80
- TCP(HTTP/1.1) sourcef####.net:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) sf####.sourcef####.net:80
- TCP(HTTP/1.1) www.sweetho####.com:80
- TCP(HTTP/1.1) co####.highqua####.com:80
- TCP(HTTP/1.1) con####.face####.net:80
- TCP(HTTP/1.1) www.n####.com:80
- TCP(SSL/3.0) pm.w####.net:443
- TCP(TLS/1.1) s.y####.com:443
- TCP(TLS/1.1) m####.vindico####.com:443
- TCP(TLS/1.1) x.bidsw####.net:443
- TCP(TLS/1.1) c####.cloudf####.com:443
- TCP(TLS/1.1) stat####.face####.com:443
- TCP(TLS/1.1) m####.ad####.org:443
- TCP(TLS/1.1) log-####.a####.tv:443
- TCP(TLS/1.1) www.you####.com:443
- TCP(TLS/1.1) g.geo####.com:443
- TCP(TLS/1.1) nl.im####.se####.####.com:443
- TCP(TLS/1.1) sourcef####.net:443
- TCP(TLS/1.1) www.go####.com:443
- TCP(TLS/1.1) st####.tu####.com:443
- TCP(TLS/1.1) www.pa####.com.####.net:443
- TCP(TLS/1.1) rp.gwa####.com:443
- TCP(TLS/1.1) ge####.b####.com:443
- TCP(TLS/1.1) www.google-####.com:443
- TCP(TLS/1.1) p####.t####.com:443
- TCP(TLS/1.1) geo.y####.com:443
- TCP(TLS/1.1) www.face####.com:443
- TCP(TLS/1.1) www.promi####.org:443
- TCP(TLS/1.1) ssum####.casalem####.com.####.net:443
- TCP(TLS/1.1) c####.b####.com:443
- TCP(TLS/1.1) 2-01-2c####.cdx.ced####.net:443
- TCP(TLS/1.1) nl.se####.y####.com:443
- TCP(TLS/1.1) sp.y####.com:443
- TCP(TLS/1.1) www.googlet####.com:443
- TCP(TLS/1.1) pm.w####.net:443
- TCP(TLS/1.1) p####.re####.net:443
- TCP(TLS/1.1) cm.g.doublec####.net:443
- TCP(TLS/1.1) tr####.mobitec####.xyz:443
- TCP(TLS/1.1) u####.o####.net:443
- TCP(TLS/1.1) st####.xx.f####.net:443
- TCP(TLS/1.1) future####.co.nz:443
- TCP(TLS/1.1) tse1-mm####.a-####.a-ms####.net:443
- TCP(TLS/1.1) ssl.google-####.com:443
- TCP(TLS/1.1) mpp.vindico####.com:443
- TCP(TLS/1.1) a####.google####.com:443
- TCP(TLS/1.1) p####.ybp.y####.com:443
Запросы DNS:
- a####.google####.com
- a####.u####.com
- api.k####.info
- c####.b####.com
- c####.cloudf####.com
- cdn.jsde####.net
- cm.g.doublec####.net
- co####.highqua####.com
- con####.face####.net
- future####.co.nz
- ge####.b####.com
- geo.y####.com
- ib.a####.com
- img.info####.com
- m####.ad####.org
- m####.vindico####.com
- mpp.vindico####.com
- mt####.go####.com
- nl.im####.se####.####.com
- nl.se####.y####.com
- p####.re####.net
- p####.t####.com
- p####.ybp.y####.com
- pm.w####.net
- r.se####.y####.com
- rp.gwa####.com
- s####.ad####.adverti####.com
- s.y####.com
- sf####.sourcef####.net
- sourcef####.net
- sp.y####.com
- ssl.google-####.com
- ssum####.casalem####.com
- st####.tu####.com
- st####.xx.f####.net
- stat####.face####.com
- t####.mm.b####.net
- tr####.mobitec####.xyz
- u####.o####.net
- www.face####.com
- www.findmy####.com
- www.go####.com
- www.google-####.com
- www.googlet####.com
- www.grav####.com
- www.n####.com
- www.pa####.com
- www.promi####.org
- www.sweetho####.com
- www.you####.com
- x.bidsw####.net
Запросы HTTP GET:
- api.k####.info/v6/index.php?action=####&android=####&app_id=####&app_ver...
- con####.face####.net/en_US/sdk.js
- ge####.b####.com/v1/map/68e4318f0f7098c3/1644627113173162177/
- img.info####.com/awards/si-award-epick5.png
- r.se####.y####.com/_ylt=Az_6xdZrfKFZiCEAC00oAopQ;_ylu=X3oDMTBxNG1oMmE2BH...
- sourcef####.net/sflogo.php?group_id=####&type=####
- stat####.face####.com/connect/xd_arbiter/r/0sTQzbapM8j.js?version=####
- www.findmy####.com/review2_5_Sweet Home 3D_award.png
- www.grav####.com/avatar/0cc90663f57ace0d6c1c293d5201e510?s=####
- www.grav####.com/avatar/41b88a3232a0b5f7a67f26974c55b672?s=####
- www.grav####.com/avatar/76a5a3e2567d9a002c6482514a05dbf3?s=####
- www.grav####.com/avatar/b6915020d6412ca9161dc5478461a437?s=####
- www.sweetho####.com/SweetHome3D.js
- www.sweetho####.com/blog/2011/04.html
- www.sweetho####.com/blog/2014/02/24/textures_libraries_1_0.html
- www.sweetho####.com/blog/FCKeditor/fckeditor.js
- www.sweetho####.com/blog/common/images/feed-icon-10x10.png
- www.sweetho####.com/blog/dwr/interface/Pebble.js
- www.sweetho####.com/blog/dwr/util.js
- www.sweetho####.com/blog/images/SH3T-1.0/SweetHome3DExample3-originalCol...
- www.sweetho####.com/blog/images/SH3T-1.0/SweetHome3DExample3-otherColors...
- www.sweetho####.com/blog/pebble.css
- www.sweetho####.com/blog/scripts/builder.js
- www.sweetho####.com/blog/scripts/controls.js
- www.sweetho####.com/blog/scripts/dragdrop.js
- www.sweetho####.com/blog/scripts/dwr-engine.js
- www.sweetho####.com/blog/scripts/effects.js
- www.sweetho####.com/blog/scripts/pebble.js
- www.sweetho####.com/blog/scripts/prototype.js
- www.sweetho####.com/blog/scripts/scriptaculous.js
- www.sweetho####.com/blog/scripts/slider.js
- www.sweetho####.com/blog/scripts/sound.js
- www.sweetho####.com/blog/themes/_pebble/handheld.css
- www.sweetho####.com/blog/themes/sweethome3d/images/sidebarbottom.gif
- www.sweetho####.com/blog/themes/sweethome3d/images/sidebaritem.gif
- www.sweetho####.com/blog/themes/sweethome3d/images/sidebartitle.gif
- www.sweetho####.com/blog/themes/sweethome3d/print.css
- www.sweetho####.com/blog/themes/sweethome3d/screen.css
- www.sweetho####.com/documentation.jsp
- www.sweetho####.com/images/SweetHome3DHelp.png
- www.sweetho####.com/images/SweetHome3DLogo.png
- www.sweetho####.com/images/awards/rockybytesRecommendedSoftware.png
- www.sweetho####.com/images/awards/soft82_award_88x88.gif
- www.sweetho####.com/images/awards/softonicEditorChoice.png
- www.sweetho####.com/images/awards/softpediaAward.png
- www.sweetho####.com/images/backg.jpg
- www.sweetho####.com/images/bullet.gif
- www.sweetho####.com/images/decoration/headerBackground.gif
- www.sweetho####.com/images/decoration/headerSeparator.gif
- www.sweetho####.com/images/decoration/menuBackground.gif
- www.sweetho####.com/images/decoration/menuContourBottom.gif
- www.sweetho####.com/images/decoration/menuContourBottomLeft.gif
- www.sweetho####.com/images/decoration/menuContourBottomRight.gif
- www.sweetho####.com/images/decoration/menuContourLeft.gif
- www.sweetho####.com/images/decoration/menuContourRight.gif
- www.sweetho####.com/images/decoration/menuContourTop.gif
- www.sweetho####.com/images/decoration/menuContourTopLeft.gif
- www.sweetho####.com/images/decoration/menuContourTopLeft2.gif
- www.sweetho####.com/images/decoration/menuContourTopRight.gif
- www.sweetho####.com/images/decoration/menuContourTopRight2.gif
- www.sweetho####.com/images/decoration/menuItemBackground.gif
- www.sweetho####.com/images/decoration/menuItemContourBottom.gif
- www.sweetho####.com/images/decoration/menuItemContourBottomLeft.gif
- www.sweetho####.com/images/decoration/menuItemContourBottomRight.gif
- www.sweetho####.com/images/decoration/menuItemContourLeft.gif
- www.sweetho####.com/images/decoration/menuItemContourRight.gif
- www.sweetho####.com/images/decoration/optionsContourBottom.gif
- www.sweetho####.com/images/decoration/optionsContourBottomLeft.gif
- www.sweetho####.com/images/decoration/optionsContourBottomRight.gif
- www.sweetho####.com/images/decoration/optionsContourLeft.gif
- www.sweetho####.com/images/decoration/optionsContourRight.gif
- www.sweetho####.com/images/decoration/optionsContourTop.gif
- www.sweetho####.com/images/decoration/optionsContourTopLeft.gif
- www.sweetho####.com/images/decoration/optionsContourTopRight.gif
- www.sweetho####.com/images/decoration/topMenuContourTop.gif
- www.sweetho####.com/images/decoration/topMenuContourTopLeft.gif
- www.sweetho####.com/images/decoration/topMenuContourTopRight.gif
- www.sweetho####.com/images/eteks.gif
- www.sweetho####.com/images/filler.gif
- www.sweetho####.com/images/flags/bg.gif
- www.sweetho####.com/images/flags/cs.gif
- www.sweetho####.com/images/flags/de.gif
- www.sweetho####.com/images/flags/el.gif
- www.sweetho####.com/images/flags/en.gif
- www.sweetho####.com/images/flags/es.gif
- www.sweetho####.com/images/flags/fr.gif
- www.sweetho####.com/images/flags/hu.gif
- www.sweetho####.com/images/flags/it.gif
- www.sweetho####.com/images/flags/ja.gif
- www.sweetho####.com/images/flags/nl.gif
- www.sweetho####.com/images/flags/pl.gif
- www.sweetho####.com/images/flags/pt.gif
- www.sweetho####.com/images/flags/ru.gif
- www.sweetho####.com/images/flags/sl.gif
- www.sweetho####.com/images/flags/sv.gif
- www.sweetho####.com/images/flags/vi.gif
- www.sweetho####.com/images/flags/zh_CN.gif
- www.sweetho####.com/images/flags/zh_TW.gif
- www.sweetho####.com/images/search.gif
- www.sweetho####.com/sweethome3d.css
- www.sweetho####.com/textures/contributions/beech.jpg
- www.sweetho####.com/textures/contributions/birch.jpg
- www.sweetho####.com/textures/contributions/bleachedWood.jpg
- www.sweetho####.com/textures/contributions/cherry.jpg
- www.sweetho####.com/textures/contributions/darkBlueTiles.jpg
- www.sweetho####.com/textures/contributions/darkBrown.jpg
- www.sweetho####.com/textures/contributions/grass2.jpg
- www.sweetho####.com/textures/contributions/oak.jpg
- www.sweetho####.com/textures/contributions/oak2.jpg
- www.sweetho####.com/textures/contributions/oak3.jpg
- www.sweetho####.com/textures/contributions/oldWood.jpg
- www.sweetho####.com/textures/contributions/persianCarpet.jpg
- www.sweetho####.com/textures/contributions/pine.jpg
- www.sweetho####.com/textures/contributions/poplar.jpg
- www.sweetho####.com/textures/contributions/rawPine.jpg
- www.sweetho####.com/textures/contributions/redOak.jpg
- www.sweetho####.com/textures/contributions/swimmingPool.jpg
- www.sweetho####.com/textures/eteks-scopia/basic-white-tile.jpg
- www.sweetho####.com/textures/eteks-scopia/beige-granite-cook-tops.jpg
- www.sweetho####.com/textures/eteks-scopia/beige-leather.jpg
- www.sweetho####.com/textures/eteks-scopia/beige_fabric.jpg
- www.sweetho####.com/textures/eteks-scopia/beige_fabric2.jpg
- www.sweetho####.com/textures/eteks-scopia/beige_pattern.png
- www.sweetho####.com/textures/eteks-scopia/beige_waves_wallpaper.png
- www.sweetho####.com/textures/eteks-scopia/blue-wall-pattern.jpg
- www.sweetho####.com/textures/eteks-scopia/brown-cercles.png
- www.sweetho####.com/textures/eteks-scopia/butterflies_wallpaper.png
- www.sweetho####.com/textures/eteks-scopia/chess-parquet.jpg
- www.sweetho####.com/textures/eteks-scopia/dark-carpet.jpg
- www.sweetho####.com/textures/eteks-scopia/dark-ceramic-tiles.jpg
- www.sweetho####.com/textures/eteks-scopia/dark-granite-cook-tops.jpg
- www.sweetho####.com/textures/eteks-scopia/dark-leather.jpg
- www.sweetho####.com/textures/eteks-scopia/dark-wall-paper.png
- www.sweetho####.com/textures/eteks-scopia/english-parquet-1.jpg
- www.sweetho####.com/textures/eteks-scopia/english-parquet-2.jpg
- www.sweetho####.com/textures/eteks-scopia/english-parquet-3.jpg
- www.sweetho####.com/textures/eteks-scopia/english-parquet-dark.jpg
- www.sweetho####.com/textures/eteks-scopia/floor-carpet-grey-and-white.jpg
- www.sweetho####.com/textures/eteks-scopia/floor-carpeting-grey.jpg
- www.sweetho####.com/textures/eteks-scopia/grass.jpg
- www.sweetho####.com/textures/eteks-scopia/grass_darker.jpg
- www.sweetho####.com/textures/eteks-scopia/grey-ceramic-tiles.jpg
- www.sweetho####.com/textures/eteks-scopia/hungarian_parquet.jpg
- www.sweetho####.com/textures/eteks-scopia/irregular-cercles.png
- www.sweetho####.com/textures/eteks-scopia/light-brown-tiles.jpg
- www.sweetho####.com/textures/eteks-scopia/marble-floor-tiles.jpg
- www.sweetho####.com/textures/eteks-scopia/marble-tiles.jpg
- www.sweetho####.com/textures/eteks-scopia/moon-and-stars.png
- www.sweetho####.com/textures/eteks-scopia/orange-leather.jpg
- www.sweetho####.com/textures/eteks-scopia/orange-napkin-texture.png
- www.sweetho####.com/textures/eteks-scopia/orange_pattern.png
- www.sweetho####.com/textures/eteks-scopia/paneling-for-interior.jpg
- www.sweetho####.com/textures/eteks-scopia/pavement_2.jpg
- www.sweetho####.com/textures/eteks-scopia/pink-carpet.jpg
- www.sweetho####.com/textures/eteks-scopia/square_shapes.png
- www.sweetho####.com/textures/eteks-scopia/swimming-pool-ceramic.jpg
- www.sweetho####.com/textures/eteks-scopia/swimming-pool-top-cyan.jpg
- www.sweetho####.com/textures/eteks-scopia/swimming-pool-top.jpg
- www.sweetho####.com/textures/eteks-scopia/terrazo-floor.jpg
- www.sweetho####.com/textures/eteks-scopia/travertine-tiles.jpg
- www.sweetho####.com/textures/eteks-scopia/vertical_blue_lines.png
- www.sweetho####.com/textures/eteks-scopia/vertical_brown_lines.png
- www.sweetho####.com/textures/eteks-scopia/vertical_lines.png
- www.sweetho####.com/textures/eteks-scopia/wall-tile-bathroom.jpg
- www.sweetho####.com/textures/eteks-scopia/wall-tiles-brown.jpg
- www.sweetho####.com/textures/eteks-scopia/white-marble.jpg
- www.sweetho####.com/textures/eteks-scopia/yellow-carpet.jpg
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_cache/ApplicationCache.db-journal (deleted)
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/f_000011
- <Package Folder>/cache/####/f_000012
- <Package Folder>/cache/####/f_000013
- <Package Folder>/cache/####/f_000014
- <Package Folder>/cache/####/f_000015
- <Package Folder>/cache/####/f_000016
- <Package Folder>/cache/####/f_000017
- <Package Folder>/cache/####/f_000018
- <Package Folder>/cache/####/f_000019
- <Package Folder>/cache/####/f_00001a
- <Package Folder>/cache/####/f_00001b
- <Package Folder>/cache/####/f_00001c
- <Package Folder>/cache/####/f_00001d
- <Package Folder>/cache/####/f_00001e
- <Package Folder>/cache/####/f_00001f
- <Package Folder>/cache/####/f_000020
- <Package Folder>/cache/####/f_000021
- <Package Folder>/cache/####/f_000022
- <Package Folder>/cache/####/f_000023
- <Package Folder>/cache/####/f_000024
- <Package Folder>/cache/####/f_000025
- <Package Folder>/cache/####/f_000026
- <Package Folder>/cache/####/f_000027
- <Package Folder>/cache/####/f_000028
- <Package Folder>/cache/####/f_000029
- <Package Folder>/cache/####/f_00002a
- <Package Folder>/cache/####/f_00002b
- <Package Folder>/cache/####/f_00002c
- <Package Folder>/cache/####/f_00002d
- <Package Folder>/cache/####/f_00002e
- <Package Folder>/cache/####/f_00002f
- <Package Folder>/cache/####/f_000030
- <Package Folder>/cache/####/f_000031
- <Package Folder>/cache/####/f_000032
- <Package Folder>/cache/####/f_000033
- <Package Folder>/cache/####/f_000034
- <Package Folder>/cache/####/f_000035
- <Package Folder>/cache/####/f_000036
- <Package Folder>/cache/####/f_000037
- <Package Folder>/cache/####/f_000038
- <Package Folder>/cache/####/f_000039
- <Package Folder>/cache/####/f_00003a
- <Package Folder>/cache/####/f_00003b
- <Package Folder>/cache/####/f_00003c
- <Package Folder>/cache/####/f_00003d
- <Package Folder>/cache/####/f_00003e
- <Package Folder>/cache/####/f_00003f
- <Package Folder>/cache/####/f_000040
- <Package Folder>/cache/####/f_000041
- <Package Folder>/cache/####/f_000042
- <Package Folder>/cache/####/f_000043
- <Package Folder>/cache/####/f_000044
- <Package Folder>/cache/####/f_000045
- <Package Folder>/cache/####/f_000046
- <Package Folder>/cache/####/f_000047
- <Package Folder>/cache/####/f_000048
- <Package Folder>/cache/####/f_000049
- <Package Folder>/cache/####/f_00004a
- <Package Folder>/cache/####/f_00004b
- <Package Folder>/cache/####/f_00004c
- <Package Folder>/cache/####/f_00004d
- <Package Folder>/cache/####/f_00004e
- <Package Folder>/cache/####/f_00004f
- <Package Folder>/cache/####/f_000050
- <Package Folder>/cache/####/f_000051
- <Package Folder>/cache/####/f_000052
- <Package Folder>/cache/####/f_000053
- <Package Folder>/cache/####/f_000054
- <Package Folder>/cache/####/f_000055
- <Package Folder>/cache/####/f_000056
- <Package Folder>/cache/####/f_000057
- <Package Folder>/cache/####/f_000058
- <Package Folder>/cache/####/f_000059
- <Package Folder>/cache/####/index
- <Package Folder>/databases/altamob_ads-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/google_analytics_v2.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/.imprint
- <Package Folder>/files/1.jar
- <Package Folder>/files/altamob_device
- <Package Folder>/files/dog_x86
- <Package Folder>/files/exid.dat
- <Package Folder>/files/gaClientId
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/altamob_sp_sdk.xml
- <Package Folder>/shared_prefs/altamob_sp_sdk.xml (deleted)
- <Package Folder>/shared_prefs/altamob_sp_sdk.xml.bak
- <Package Folder>/shared_prefs/altamob_sp_sdk.xml.bak (deleted)
- <Package Folder>/shared_prefs/pref_landlord.xml
- <Package Folder>/shared_prefs/pref_landlord.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml (deleted)
- <SD-Card>/cuteword
Другие:
Запускает следующие shell-скрипты:
- /system/bin/netcfg
- <Package Folder>/files/dog_x86 -ps <Package>/com.land.lord.WorkerService -s com.land.lord:worker_service
- app_process /system/bin com.android.commands.am.Am startservice --user 0 -n <Package>/com.land.lord.WorkerService
- chmod 755 <Package Folder>/files/dog_x86
- sh -c su -c ' echo ttta'
- sh -c su -c ' mount -o remount,rw /system; cat /data/app/<Package>-1.apk > /system/priv-app/<Package>.apk; chmod 644 /system/priv-app/<Package>.apk; chattr +i /system/priv-app/<Package>.apk; '
- su -c echo ttta
- su -c mount -o remount,rw /system; cat /data/app/<Package>-1.apk > /system/priv-app/<Package>.apk; chmod 644 /system/priv-app/<Package>.apk; chattr +i /system/priv-app/<Package>.apk;
Загружает динамические библиотеки:
- landlord
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS7Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
Использует повышенные привилегии.
Использует права администратора.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
