ПОЛЬЗОВАТЕЛЯМ

Поддержка
Круглосуточная поддержка

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

Android.Packed.28422

Добавлен в вирусную базу Dr.Web: 2017-09-02

Описание добавлено:

Техническая информация

Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
  • Android.Click.171.origin
  • Android.Xiny.197
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
  • UDP(DNS) <Google DNS>
  • TCP(GCM) <Google Host>
  • TCP(HTTP/1.1) tra####.nob####.com:80
  • TCP(HTTP/1.1) www.technol####.co.uk:80
  • TCP(HTTP/1.1) api.cloud####.net:80
  • TCP(HTTP/1.1) ndl.m####.com:80
  • TCP(HTTP/1.1) f####.google####.com:80
  • TCP(HTTP/1.1) 2####.177.13.68:8288
  • TCP(HTTP/1.1) t####.conser####.com:80
  • TCP(HTTP/1.1) dpl.b####.com:80
  • TCP(HTTP/1.1) down####.wild####.appl####.####.net:80
  • TCP(HTTP/1.1) sc####.mobpowe####.com:80
  • TCP(HTTP/1.1) se####.sources####.com:80
  • TCP(HTTP/1.1) so####.moboh####.com:80
  • TCP(HTTP/1.1) o####.dolphin####.com:80
  • TCP(HTTP/1.1) con####.mobog####.com:80
  • TCP(HTTP/1.1) u####.b####.com:80
  • TCP(HTTP/1.1) www.face####.com:80
  • TCP(HTTP/1.1) ma####.sources####.com:80
  • TCP(HTTP/1.1) p####.cy-secu####.com:80
  • TCP(HTTP/1.1) mo.freeind####.com:80
  • TCP(HTTP/1.1) net.ray####.com:80
  • TCP(HTTP/1.1) f####.cdn.1####.com:80
  • TCP(HTTP/1.1) ipv6-wi####.appl####.com.####.net:80
  • TCP(HTTP/1.1) 75a2####.cdn.uc####.####.cn:80
  • TCP(HTTP/1.1) synct####.com:80
  • TCP(HTTP/1.1) applovi####.edg####.net:80
  • TCP(HTTP/1.1) gl####.mobt####.site:80
  • TCP(HTTP/1.1) c####.wallof####.com:80
  • TCP(HTTP/1.1) s####.mob####.b####.com:80
  • TCP(HTTP/1.1) fk-mt####.ray####.com:80
  • TCP(HTTP/1.1) se####.mobog####.com:80
  • TCP(HTTP/1.1) a####.adsbt####.com:80
  • TCP(HTTP/1.1) api.mob####.b####.com:80
  • TCP(HTTP/1.1) gl####.ymtrac####.com:80
  • TCP(HTTP/1.1) api.mobpowe####.com:80
  • TCP(HTTP/1.1) www.mmmmmm####.com:80
  • TCP(HTTP/1.1) serv####.m####.com:80
  • TCP(HTTP/1.1) f####.gst####.com:80
  • TCP(HTTP/1.1) l.a####.com:80
  • TCP(HTTP/1.1) pag####.googles####.com:80
  • TCP(HTTP/1.1) d####.2gl.xyz:80
  • TCP(HTTP/1.1) ald####.com:80
  • TCP(HTTP/1.1) mobotoo####.mobog####.com:80
  • TCP(HTTP/1.1) rdl.sources####.com:80
  • TCP(HTTP/1.1) real####.icec####.org:80
  • TCP(HTTP/1.1) sl####.1####.com:8111
  • TCP(HTTP/1.1) pl####.mob####.b####.com:80
  • TCP(HTTP/1.1) se####.moboh####.com:80
  • TCP(HTTP/1.1) apilo####.a####.com:80
  • TCP(HTTP/1.1) s####.ad.mobog####.com:80
  • TCP(HTTP/1.1) koolm####.info:80
  • TCP(HTTP/1.1) ac.mobilea####.com:80
  • TCP(HTTP/1.1) pass####.moboh####.com:80
  • TCP(HTTP/1.1) se####.moboga####.com:80
  • TCP(HTTP/1.1) t####.global:80
  • TCP(HTTP/1.1) api.mo####.sdk.####.com:80
  • TCP(HTTP/1.1) www.admobim####.com:80
  • TCP(HTTP/1.1) cpgnrot####.com:80
  • TCP(HTTP/1.1) ak.icec####.org:80
  • TCP(HTTP/1.1) set####.ray####.com:80
  • TCP(HTTP/1.1) p####.moboh####.com:80
  • TCP(HTTP/1.1) se####.m####.com:80
  • TCP(TLS/1.0) f####.gst####.com:443
  • TCP(TLS/1.0) pass####.moboh####.com:443
  • TCP(TLS/1.0) a####.belugab####.com:443
  • TCP(TLS/1.0) tpc.googles####.com:443
  • TCP(TLS/1.0) a####.gold:443
  • TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
  • TCP(TLS/1.0) googl####.g.doublec####.net:443
  • TCP(TLS/1.0) e.crashly####.com:443
  • TCP(TLS/1.0) pag####.googles####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) bestper####.site:443
  • TCP(TLS/1.0) pass####.mobog####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) adse####.leblonm####.com:443
  • TCP(TLS/1.0) www.face####.com:443
  • TCP(TLS/1.0) f####.google####.com:443
  • TCP(TLS/1.0) api.face####.com:443
  • TCP(TLS/1.0) st####.xx.f####.net:443
  • TCP(TLS/1.0) sett####.crashly####.com:443
  • TCP umengj####.m.ta####.com:443
  • TCP 1####.205.160.76:443
Запросы DNS:
  • a####.adsbt####.com
  • a####.belugab####.com
  • a####.gold
  • a.appl####.com
  • ac.mobilea####.com
  • adse####.leblonm####.com
  • ag####.m.ta####.com
  • ak.icec####.org
  • ald####.com
  • api####.a####.com
  • api.cloud####.net
  • api.mo####.sdk.####.com
  • api.mob####.b####.com
  • api.mobpowe####.com
  • bestper####.site
  • c####.wallof####.com
  • cdn####.ray####.com
  • con####.mobog####.com
  • cpgnrot####.com
  • d####.2gl.xyz
  • d.appl####.com
  • dpl.b####.com
  • e.crashly####.com
  • f####.cdn.1####.com
  • f####.google####.com
  • f####.gst####.com
  • fk-mt####.ray####.com
  • g####.face####.com
  • gl####.mobt####.site
  • gl####.ymtrac####.com
  • googl####.g.doublec####.net
  • koolm####.info
  • l.a####.com
  • ma####.m####.com
  • ma####.sources####.com
  • mo.freeind####.com
  • mobotoo####.mobog####.com
  • msg.umengc####.com
  • na####.sno####.1####.com
  • ndl.m####.com
  • net.ray####.com
  • o####.dolphin####.com
  • p####.cy-secu####.com
  • p####.mobog####.com
  • p####.moboh####.com
  • pag####.googles####.com
  • pass####.mobog####.com
  • pass####.moboh####.com
  • pl####.mob####.b####.com
  • r####.appl####.com
  • rdl.sources####.com
  • real####.icec####.org
  • rt.appl####.com
  • s####.ad.mobog####.com
  • s####.mob####.b####.com
  • sc####.mobpowe####.com
  • se####.m####.com
  • se####.mobog####.com
  • se####.moboga####.com
  • se####.moboh####.com
  • se####.sources####.com
  • serv####.m####.com
  • set####.ray####.com
  • sett####.crashly####.com
  • so####.moboh####.com
  • st####.xx.f####.net
  • stage####.appl####.com
  • stage-a####.appl####.com
  • synct####.com
  • t####.conser####.com
  • t####.global
  • tpc.googles####.com
  • tra####.nob####.com
  • u####.b####.com
  • umengj####.m.ta####.com
  • www.admobim####.com
  • www.face####.com
  • www.go####.com
  • www.google-####.com
  • www.mmmmmm####.com
  • www.technol####.co.uk
Запросы HTTP GET:
  • a####.adsbt####.com/c/245d96912e3e4930
  • api.mo####.sdk.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&ve...
  • api.mo####.sdk.####.com/adunion/slot/getSrcPrio?h=####&w=####&model=####...
  • api.mob####.b####.com/index.php?r=####&al=####&l=####&p=####&hp=####&lc=...
  • api.mob####.b####.com/strategy/api/v1/rule/get?p=####&hp=####&l=####&c=#...
  • applovi####.edg####.net/ob13c7a6/e3dd810fc3b5aaa60467d9bae0bf3d98185997a...
  • c####.wallof####.com/?utm_medium=####&utm_campaign=####&cid=####&1=####
  • d####.2gl.xyz/?s3=####&s1=####&kw=####
  • dpl.b####.com/M01/01/AD/CvJJDVmdK42AXDR-AArECpZhGVo032.zip
  • f####.google####.com/css?family=####&ver=####
  • f####.gst####.com/s/lato/v13/MZ1aViPqjfvZwVD_tzjjkwLUuEpTyoUstqEm5AMlJo4...
  • f####.gst####.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJTdGNerWpg2Hn6A-Bx...
  • ipv6-wi####.appl####.com.####.net/2.0/ad?v1=####&model=####&dx=####&dy=#...
  • ipv6-wi####.appl####.com.####.net/2.0/ad?v1=####&model=####&etf=####&dx=...
  • ipv6-wi####.appl####.com.####.net/nad?v1=####&model=####&dx=####&dy=####...
  • pag####.googles####.com/pagead/js/adsbygoogle.js
  • pag####.googles####.com/pagead/js/r20170830/r20170110/reactive_library.js
  • pag####.googles####.com/pagead/js/r20170830/r20170110/show_ads_impl.js
  • serv####.m####.com/119987?t=0.8490540978964418&ref=&lu=http://www.techno...
  • t####.conser####.com/?utm_medium=####&utm_campaign=####&1=####&cid=####&...
  • t####.conser####.com/?utm_term=####&clickverify=####&utm_content=####
  • t####.conser####.com/proc.php?079d03e####
  • tra####.nob####.com/?p=####&media_type=####&pi=####&sub_id=####&click_id...
  • u####.b####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&pro...
  • www.face####.com/plugins/likebox.php?href=####&w####&height=####&colorsc...
Запросы HTTP POST:
  • apilo####.a####.com/v3/log/init
  • con####.mobog####.com/log/log_apps
  • ipv6-wi####.appl####.com.####.net/device?api_key=####
  • ipv6-wi####.appl####.com.####.net/pix?event=####&ts=####&platform=####&m...
  • l.a####.com/l.php
  • l.a####.com/sal.php
  • mo.freeind####.com/detail/getOfferListNew?enc=####
  • pl####.mob####.b####.com/ad_dex.php
  • rdl.sources####.com/android/appDownloadLog.htm
  • rdl.sources####.com/dload/resource.htm
  • s####.mob####.b####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
  • sl####.1####.com:8111/native/api/v1/update
  • sl####.1####.com:8111/native/sdk/api/ad/client_action
  • sl####.1####.com:8111/native/sdk/api/regclient
  • www.mmmmmm####.com/osp/oaen_get.action?tasktype=####&imei=####&imsi=####...
  • www.mmmmmm####.com/osp/oaen_reg.action
Изменения в файловой системе:
Создает следующие файлы:
  • <Package Folder>/.mbj/####/classes.zip
  • <Package Folder>/app_osdk/adflash_shell.jar
  • <Package Folder>/app_osdk/t.zip
  • <Package Folder>/cache/####/0548391082cfd49909b29fe2d1b80226.0.tmp
  • <Package Folder>/cache/####/0548391082cfd49909b29fe2d1b80226.1.tmp
  • <Package Folder>/cache/####/0a87f5bf5080eacdaf7bbd5bbff8ab2d.0
  • <Package Folder>/cache/####/0a87f5bf5080eacdaf7bbd5bbff8ab2d.1
  • <Package Folder>/cache/####/1023f3782981e18c451ca286c7d4f80b.0.tmp
  • <Package Folder>/cache/####/1023f3782981e18c451ca286c7d4f80b.1.tmp
  • <Package Folder>/cache/####/10d0f4fe07dbedb0d0b344981a7a89a4.0.tmp
  • <Package Folder>/cache/####/10d0f4fe07dbedb0d0b344981a7a89a4.1.tmp
  • <Package Folder>/cache/####/13735725e8a6e2d2d4822a27c0083bbb.0.tmp
  • <Package Folder>/cache/####/13735725e8a6e2d2d4822a27c0083bbb.1.tmp
  • <Package Folder>/cache/####/1eeba40ff3a4dea030f4e97fb8ce4985.0.tmp
  • <Package Folder>/cache/####/1eeba40ff3a4dea030f4e97fb8ce4985.1.tmp
  • <Package Folder>/cache/####/30cc98a6f06b8b5f19deec0955453df0.0.tmp
  • <Package Folder>/cache/####/30cc98a6f06b8b5f19deec0955453df0.1.tmp
  • <Package Folder>/cache/####/3b93c5c1ac97ca94744f7498b1ea2f1e.0
  • <Package Folder>/cache/####/3b93c5c1ac97ca94744f7498b1ea2f1e.1
  • <Package Folder>/cache/####/41ba75ce537cdc7a41ecd03d63b07376.0.tmp
  • <Package Folder>/cache/####/41ba75ce537cdc7a41ecd03d63b07376.1.tmp
  • <Package Folder>/cache/####/42a55ceb87a05db410ff579c7e1a30ad.0.tmp
  • <Package Folder>/cache/####/42a55ceb87a05db410ff579c7e1a30ad.1.tmp
  • <Package Folder>/cache/####/42bb2c40dc2ca15b2761c01f02e5c6c3.0.tmp
  • <Package Folder>/cache/####/42bb2c40dc2ca15b2761c01f02e5c6c3.1.tmp
  • <Package Folder>/cache/####/43ac7febeba4a78cbb548d6181769ac9.0
  • <Package Folder>/cache/####/43ac7febeba4a78cbb548d6181769ac9.1
  • <Package Folder>/cache/####/44f0af0637bd634b756a5d1d06fdf697.0.tmp
  • <Package Folder>/cache/####/44f0af0637bd634b756a5d1d06fdf697.1.tmp
  • <Package Folder>/cache/####/46df816f53cd58091df7f27417eeb28c.0.tmp
  • <Package Folder>/cache/####/46df816f53cd58091df7f27417eeb28c.1.tmp
  • <Package Folder>/cache/####/46f7020114fc9dc3978d9887b1d2c28e.0.tmp
  • <Package Folder>/cache/####/46f7020114fc9dc3978d9887b1d2c28e.1.tmp
  • <Package Folder>/cache/####/48c6318a5a067fb9b7234f8e4074eb41.0.tmp
  • <Package Folder>/cache/####/48c6318a5a067fb9b7234f8e4074eb41.1.tmp
  • <Package Folder>/cache/####/49eb148dc22340267445bb08d868904d.0.tmp
  • <Package Folder>/cache/####/49eb148dc22340267445bb08d868904d.1.tmp
  • <Package Folder>/cache/####/4a260e247b5c4973d0bf723c35b09ec8.0.tmp
  • <Package Folder>/cache/####/4a260e247b5c4973d0bf723c35b09ec8.1.tmp
  • <Package Folder>/cache/####/4ba63647cc079d1b8c7c8d9f46ac3b88.0
  • <Package Folder>/cache/####/4ba63647cc079d1b8c7c8d9f46ac3b88.1
  • <Package Folder>/cache/####/5c43131b40d72ff73fd9ba2480206065.0.tmp
  • <Package Folder>/cache/####/5c43131b40d72ff73fd9ba2480206065.1.tmp
  • <Package Folder>/cache/####/62914e8747d0ec10a91cfe53315bb925.0.tmp
  • <Package Folder>/cache/####/62914e8747d0ec10a91cfe53315bb925.1.tmp
  • <Package Folder>/cache/####/637bcf779e8a476965fb4296552b99c7.0.tmp
  • <Package Folder>/cache/####/637bcf779e8a476965fb4296552b99c7.1.tmp
  • <Package Folder>/cache/####/6fd81df2e2096486b6aea8a8aae2282c.0.tmp
  • <Package Folder>/cache/####/6fd81df2e2096486b6aea8a8aae2282c.1.tmp
  • <Package Folder>/cache/####/70594694b795809267b00a383e3a0e3e.0.tmp
  • <Package Folder>/cache/####/70594694b795809267b00a383e3a0e3e.1.tmp
  • <Package Folder>/cache/####/72f2407ed2f8d08b53239151d6614ac9.0.tmp
  • <Package Folder>/cache/####/72f2407ed2f8d08b53239151d6614ac9.1.tmp
  • <Package Folder>/cache/####/773390b9cdd2cdbc2ce3cbd62e4da82a.0.tmp
  • <Package Folder>/cache/####/773390b9cdd2cdbc2ce3cbd62e4da82a.1.tmp
  • <Package Folder>/cache/####/7fb1610b7134fdd44cf5ccd8f3a32a3e.0.tmp
  • <Package Folder>/cache/####/7fb1610b7134fdd44cf5ccd8f3a32a3e.1.tmp
  • <Package Folder>/cache/####/8d22b9cb01ab8d32007fad43db9db19d.0.tmp
  • <Package Folder>/cache/####/8d22b9cb01ab8d32007fad43db9db19d.1.tmp
  • <Package Folder>/cache/####/9eef5ea43e5d602010ae5c732279b385.0.tmp
  • <Package Folder>/cache/####/9eef5ea43e5d602010ae5c732279b385.1.tmp
  • <Package Folder>/cache/####/a4648f06d16f0cf7483354560710b3cb.0.tmp
  • <Package Folder>/cache/####/a4648f06d16f0cf7483354560710b3cb.1.tmp
  • <Package Folder>/cache/####/b078f8d73a55a17093959cbb90ce08f5.0.tmp
  • <Package Folder>/cache/####/b078f8d73a55a17093959cbb90ce08f5.1.tmp
  • <Package Folder>/cache/####/b4353c78e773bcb0a0fbc4a48ad7f658.0.tmp
  • <Package Folder>/cache/####/b4353c78e773bcb0a0fbc4a48ad7f658.1.tmp
  • <Package Folder>/cache/####/c3efe84419ecfbfdfc1daabab5063982.0.tmp
  • <Package Folder>/cache/####/c3efe84419ecfbfdfc1daabab5063982.1.tmp
  • <Package Folder>/cache/####/c67536911405198e44e745323d41466b.0.tmp
  • <Package Folder>/cache/####/c67536911405198e44e745323d41466b.1.tmp
  • <Package Folder>/cache/####/cd5b0275952b90255bcef40f4aa7e6e2.0.tmp
  • <Package Folder>/cache/####/cd5b0275952b90255bcef40f4aa7e6e2.1.tmp
  • <Package Folder>/cache/####/d36d6c69bdaa984dd47d498dcf0e62a3.0.tmp
  • <Package Folder>/cache/####/d36d6c69bdaa984dd47d498dcf0e62a3.1.tmp
  • <Package Folder>/cache/####/d7f1261c6dd3edfdcd456e5dfce2b180.0.tmp
  • <Package Folder>/cache/####/d7f1261c6dd3edfdcd456e5dfce2b180.1.tmp
  • <Package Folder>/cache/####/data_0
  • <Package Folder>/cache/####/data_1
  • <Package Folder>/cache/####/data_2
  • <Package Folder>/cache/####/data_3
  • <Package Folder>/cache/####/e18e8ada4e8896ca26fc7fcba26c065b.0.tmp
  • <Package Folder>/cache/####/e18e8ada4e8896ca26fc7fcba26c065b.1.tmp
  • <Package Folder>/cache/####/ec5d91e93363de633d8d539a76b3500b.0.tmp
  • <Package Folder>/cache/####/ec5d91e93363de633d8d539a76b3500b.1.tmp
  • <Package Folder>/cache/####/f2aff028378c63903f55016512f79cdd.0.tmp
  • <Package Folder>/cache/####/f2aff028378c63903f55016512f79cdd.1.tmp
  • <Package Folder>/cache/####/f8f8966e0efd77af1dda28efd846e625.0.tmp
  • <Package Folder>/cache/####/f8f8966e0efd77af1dda28efd846e625.1.tmp
  • <Package Folder>/cache/####/f_000001
  • <Package Folder>/cache/####/f_000002
  • <Package Folder>/cache/####/f_000003
  • <Package Folder>/cache/####/f_000004
  • <Package Folder>/cache/####/f_000005
  • <Package Folder>/cache/####/f_000006
  • <Package Folder>/cache/####/f_000007
  • <Package Folder>/cache/####/f_000008
  • <Package Folder>/cache/####/f_000009
  • <Package Folder>/cache/####/f_00000a
  • <Package Folder>/cache/####/f_00000b
  • <Package Folder>/cache/####/f_00000c
  • <Package Folder>/cache/####/f_00000d
  • <Package Folder>/cache/####/f_00000e
  • <Package Folder>/cache/####/fbd467f165466ffc916a44792d98761f.0.tmp
  • <Package Folder>/cache/####/fbd467f165466ffc916a44792d98761f.1.tmp
  • <Package Folder>/cache/####/fe5c93839b1d1122297543ab980f0ecd.0.tmp
  • <Package Folder>/cache/####/fe5c93839b1d1122297543ab980f0ecd.1.tmp
  • <Package Folder>/cache/####/fe93c452e4b3b62b11a1eb31d59d04c7.0.tmp
  • <Package Folder>/cache/####/fe93c452e4b3b62b11a1eb31d59d04c7.1.tmp
  • <Package Folder>/cache/####/index
  • <Package Folder>/cache/####/journal.tmp
  • <Package Folder>/code_cache/####/<Package>-1.apk.classes-665575817.zip
  • <Package Folder>/code_cache/####/<Package>-1.apk.classes-669247106.zip
  • <Package Folder>/databases/MessageStore.db-journal
  • <Package Folder>/databases/MsgLogStore.db-journal
  • <Package Folder>/databases/accs.db-journal
  • <Package Folder>/databases/adblib.db-journal
  • <Package Folder>/databases/arrkii.native.sdk.db-journal
  • <Package Folder>/databases/cc.db
  • <Package Folder>/databases/cc.db-journal
  • <Package Folder>/databases/download_file.db-journal
  • <Package Folder>/databases/du_ad_cache.db-journal
  • <Package Folder>/databases/du_ad_parse.db-journal
  • <Package Folder>/databases/du_ad_ts.db-journal
  • <Package Folder>/databases/du_weather_data.db-journal
  • <Package Folder>/databases/message_accs_db
  • <Package Folder>/databases/message_accs_db-journal
  • <Package Folder>/databases/mobogenie.db
  • <Package Folder>/databases/mobogenie.db-journal
  • <Package Folder>/databases/mobogenie_music.db
  • <Package Folder>/databases/mobogenie_music.db-journal
  • <Package Folder>/databases/mobogenie_update.db
  • <Package Folder>/databases/mobogenie_update.db-journal
  • <Package Folder>/databases/mobpower.db-journal
  • <Package Folder>/databases/mobvista.msdk.db-journal
  • <Package Folder>/databases/my.db-journal
  • <Package Folder>/databases/self_ad_db
  • <Package Folder>/databases/self_ad_db-journal
  • <Package Folder>/databases/webview.db-journal
  • <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
  • <Package Folder>/databases/webviewCookiesChromiumPrivate.db-jou...leted)
  • <Package Folder>/databases/ztrack.db-journal
  • <Package Folder>/eudemon
  • <Package Folder>/files/####/59846949039B-0001-082F-F5DCB4DAC3A8...s_temp
  • <Package Folder>/files/####/5984694A00F4-0001-084B-F5DCB4DAC3A8...pp.cls
  • <Package Folder>/files/####/5984694A00F4-0001-084B-F5DCB4DAC3A8...s_temp
  • <Package Folder>/files/####/com.crashlytics.settings.json
  • <Package Folder>/files/####/initialization_marker
  • <Package Folder>/files/####/mp_agent_log
  • <Package Folder>/files/####/sa_b42b58c6-e365-4ce9-bb02-6200fec1...39.tap
  • <Package Folder>/files/####/sa_b50367c8-f6be-4e3e-b462-b307eb2d...11.tap
  • <Package Folder>/files/####/session_analytics.tap
  • <Package Folder>/files/####/session_analytics.tap.tmp
  • <Package Folder>/files/DaemonServer
  • <Package Folder>/files/adflashcore.jar
  • <Package Folder>/files/agoo.pid
  • <Package Folder>/files/cwd
  • <Package Folder>/files/google.db
  • <Package Folder>/files/mobclick_agent_cached_<Package>302162
  • <Package Folder>/files/rk.jar
  • <Package Folder>/files/t.jar
  • <Package Folder>/files/uninstall
  • <Package Folder>/files/watch_server
  • <Package Folder>/shared_prefs/0def24353a3d8f0f7144f3755d8f7744.xml
  • <Package Folder>/shared_prefs/0def24353a3d8f0f7144f3755d8f7744.xml.bak
  • <Package Folder>/shared_prefs/<Package>_preferences.xml
  • <Package Folder>/shared_prefs/<Package>_preferences.xml.bak (deleted)
  • <Package Folder>/shared_prefs/<Package>_ui_preferences.xml
  • <Package Folder>/shared_prefs/ACCS_BIND.xml
  • <Package Folder>/shared_prefs/ACCS_SDK.xml
  • <Package Folder>/shared_prefs/ACCS_SDK.xml.bak
  • <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
  • <Package Folder>/shared_prefs/AGOO_BIND.xml
  • <Package Folder>/shared_prefs/ActivatePreUtil.xml
  • <Package Folder>/shared_prefs/AdsBusiness-data.xml
  • <Package Folder>/shared_prefs/AdsBusiness-data.xml.bak
  • <Package Folder>/shared_prefs/Agoo_AppStore.xml
  • <Package Folder>/shared_prefs/Alvin2.xml
  • <Package Folder>/shared_prefs/BusinessPreUtil.xml
  • <Package Folder>/shared_prefs/BusinessPreUtil.xml.bak
  • <Package Folder>/shared_prefs/ContextData.xml
  • <Package Folder>/shared_prefs/FirstNewUninstallTime.xml
  • <Package Folder>/shared_prefs/LoginPreUtil.xml
  • <Package Folder>/shared_prefs/LoginPreUtil.xml.bak
  • <Package Folder>/shared_prefs/MobogeniePrefsFile.xml
  • <Package Folder>/shared_prefs/MobogeniePrefsFile.xml.bak
  • <Package Folder>/shared_prefs/OfferPreUtil.xml
  • <Package Folder>/shared_prefs/PUSH_PRE.xml
  • <Package Folder>/shared_prefs/PUSH_PRE.xml.bak
  • <Package Folder>/shared_prefs/PUSH_PRE.xml.bak (deleted)
  • <Package Folder>/shared_prefs/SCORE_PRE.xml
  • <Package Folder>/shared_prefs/SETTING_DOMAIN.xml
  • <Package Folder>/shared_prefs/SETTING_DOMAIN.xml.bak
  • <Package Folder>/shared_prefs/SETTING_PRE.xml
  • <Package Folder>/shared_prefs/SETTING_PRE.xml.bak
  • <Package Folder>/shared_prefs/SUBSCRIBE_AD.xml
  • <Package Folder>/shared_prefs/SUBSCRIBE_AD.xml.bak
  • <Package Folder>/shared_prefs/TOKEN.xml
  • <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
  • <Package Folder>/shared_prefs/USERINFO.xml
  • <Package Folder>/shared_prefs/_toolbox_prefs.xml
  • <Package Folder>/shared_prefs/_toolbox_prefs.xml.bak
  • <Package Folder>/shared_prefs/_toolbox_prefs.xml.bak (deleted)
  • <Package Folder>/shared_prefs/_weather_prefs.xml
  • <Package Folder>/shared_prefs/_weather_prefs.xml.bak
  • <Package Folder>/shared_prefs/_weather_prefs.xml.bak (deleted)
  • <Package Folder>/shared_prefs/adflash.xml
  • <Package Folder>/shared_prefs/adflash.xml.bak
  • <Package Folder>/shared_prefs/ak.native.sdk.xml
  • <Package Folder>/shared_prefs/ak.native.sdk.xml.bak
  • <Package Folder>/shared_prefs/aps.xml
  • <Package Folder>/shared_prefs/aps.xml.bak
  • <Package Folder>/shared_prefs/apsad.xml
  • <Package Folder>/shared_prefs/apsad.xml.bak
  • <Package Folder>/shared_prefs/apscomm.xml
  • <Package Folder>/shared_prefs/arrkiiad.xml
  • <Package Folder>/shared_prefs/clean.xml
  • <Package Folder>/shared_prefs/clean_version_sp.xml
  • <Package Folder>/shared_prefs/clean_version_sp.xml.bak
  • <Package Folder>/shared_prefs/com.applovin.sdk.1.xml
  • <Package Folder>/shared_prefs/com.applovin.sdk.1.xml.bak
  • <Package Folder>/shared_prefs/com.applovin.sdk.1.xml.bak (deleted)
  • <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQue...in.xml
  • <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQue...ml.bak
  • <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
  • <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answe...gs.xml
  • <Package Folder>/shared_prefs/com.facebook.internal.preferences...GS.xml
  • <Package Folder>/shared_prefs/com.mobpower.xml
  • <Package Folder>/shared_prefs/com.mobpower.xml.bak
  • <Package Folder>/shared_prefs/ct_default.xml
  • <Package Folder>/shared_prefs/device_info.xml
  • <Package Folder>/shared_prefs/hunter_config.xml
  • <Package Folder>/shared_prefs/install.xml
  • <Package Folder>/shared_prefs/install.xml.bak (deleted)
  • <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.f....q.xml
  • <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.f...leted)
  • <Package Folder>/shared_prefs/last_know_location.xml
  • <Package Folder>/shared_prefs/mobvista.xml
  • <Package Folder>/shared_prefs/multidex.version.xml
  • <Package Folder>/shared_prefs/other_config.xml
  • <Package Folder>/shared_prefs/remain.xml
  • <Package Folder>/shared_prefs/self_adextend.xml
  • <Package Folder>/shared_prefs/self_adextend.xml.bak
  • <Package Folder>/shared_prefs/service_config.xml
  • <Package Folder>/shared_prefs/service_config.xml.bak
  • <Package Folder>/shared_prefs/settingsLog.xml
  • <Package Folder>/shared_prefs/settingsLog.xml.bak
  • <Package Folder>/shared_prefs/share_date.xml
  • <Package Folder>/shared_prefs/share_date.xml.bak (deleted)
  • <Package Folder>/shared_prefs/sp_config.xml
  • <Package Folder>/shared_prefs/sp_config.xml.bak
  • <Package Folder>/shared_prefs/strategy_sp.xml
  • <Package Folder>/shared_prefs/t_ini.xml
  • <Package Folder>/shared_prefs/umeng_general_config.xml
  • <Package Folder>/shared_prefs/umeng_general_config.xml.bak
  • <Package Folder>/shared_prefs/v71.xml
  • <Package Folder>/shared_prefs/v71.xml.bak
  • <SD-Card>/.DataStorage/ContextData.xml
  • <SD-Card>/.UTSystemConfig/####/Alvin2.xml
  • <SD-Card>/.androidsystem/####/49.x-4.3.5-vs.apk
  • <SD-Card>/.androidsystem/####/PlugShareData
  • <SD-Card>/.androidsystem/####/files.db
  • <SD-Card>/.androidsystem/####/plugxml.xml
  • <SD-Card>/.androidsystem/####/syncfiles.db
  • <SD-Card>/.androidsystem/Plugin.zip
  • <SD-Card>/Android/####/.0.tmp (deleted)
  • <SD-Card>/Android/####/.nomedia
  • <SD-Card>/Android/####/0548391082cfd49909b29fe2d1b80226.0.tmp
  • <SD-Card>/Android/####/0880d1ae6dcf7ad5284e4d0714c31ba9b4f75bd3...v1.png
  • <SD-Card>/Android/####/09ac570d10a28c0c08ecee080ceb90a7.0.tmp
  • <SD-Card>/Android/####/1023f3782981e18c451ca286c7d4f80b.0.tmp
  • <SD-Card>/Android/####/10d0f4fe07dbedb0d0b344981a7a89a4.0.tmp
  • <SD-Card>/Android/####/13735725e8a6e2d2d4822a27c0083bbb.0.tmp
  • <SD-Card>/Android/####/1eeba40ff3a4dea030f4e97fb8ce4985.0.tmp
  • <SD-Card>/Android/####/277b2e6013d3e0d19fb2fe0c410a8b1f.0.tmp
  • <SD-Card>/Android/####/30cc98a6f06b8b5f19deec0955453df0.0.tmp
  • <SD-Card>/Android/####/41ba75ce537cdc7a41ecd03d63b07376.0.tmp
  • <SD-Card>/Android/####/42a55ceb87a05db410ff579c7e1a30ad.0.tmp
  • <SD-Card>/Android/####/42bb2c40dc2ca15b2761c01f02e5c6c3.0.tmp
  • <SD-Card>/Android/####/44f0af0637bd634b756a5d1d06fdf697.0.tmp
  • <SD-Card>/Android/####/46df816f53cd58091df7f27417eeb28c.0.tmp
  • <SD-Card>/Android/####/46f7020114fc9dc3978d9887b1d2c28e.0.tmp
  • <SD-Card>/Android/####/48c6318a5a067fb9b7234f8e4074eb41.0.tmp
  • <SD-Card>/Android/####/49eb148dc22340267445bb08d868904d.0.tmp
  • <SD-Card>/Android/####/5285044de8e4db72b86e7246f9aee7c2.0.tmp
  • <SD-Card>/Android/####/5c43131b40d72ff73fd9ba2480206065.0.tmp
  • <SD-Card>/Android/####/62914e8747d0ec10a91cfe53315bb925.0.tmp
  • <SD-Card>/Android/####/637bcf779e8a476965fb4296552b99c7.0.tmp
  • <SD-Card>/Android/####/6fd81df2e2096486b6aea8a8aae2282c.0.tmp
  • <SD-Card>/Android/####/70594694b795809267b00a383e3a0e3e.0.tmp
  • <SD-Card>/Android/####/71bd5e215c19e55403412e9d82bf69e0.0.tmp
  • <SD-Card>/Android/####/769404f8c79b545515b26b4b568de61c.0.tmp
  • <SD-Card>/Android/####/773390b9cdd2cdbc2ce3cbd62e4da82a.0.tmp
  • <SD-Card>/Android/####/7fb1610b7134fdd44cf5ccd8f3a32a3e.0.tmp
  • <SD-Card>/Android/####/9eef5ea43e5d602010ae5c732279b385.0.tmp
  • <SD-Card>/Android/####/a4648f06d16f0cf7483354560710b3cb.0.tmp
  • <SD-Card>/Android/####/b078f8d73a55a17093959cbb90ce08f5.0.tmp
  • <SD-Card>/Android/####/b4353c78e773bcb0a0fbc4a48ad7f658.0.tmp
  • <SD-Card>/Android/####/c67536911405198e44e745323d41466b.0.tmp
  • <SD-Card>/Android/####/d36d6c69bdaa984dd47d498dcf0e62a3.0.tmp
  • <SD-Card>/Android/####/e18e8ada4e8896ca26fc7fcba26c065b.0.tmp
  • <SD-Card>/Android/####/e3dd810fc3b5aaa60467d9bae0bf3d98185997a9...ne.mp4
  • <SD-Card>/Android/####/ec5d91e93363de633d8d539a76b3500b.0.tmp
  • <SD-Card>/Android/####/f2aff028378c63903f55016512f79cdd.0.tmp
  • <SD-Card>/Android/####/f5207858b63ffe4989d6854637e08ea1.0.tmp
  • <SD-Card>/Android/####/f6fd6936ee65918b5035e185ada6ad88.0.tmp
  • <SD-Card>/Android/####/f7ce3b076b72812f03ea9998223200b1.0.tmp
  • <SD-Card>/Android/####/f8f8966e0efd77af1dda28efd846e625.0.tmp
  • <SD-Card>/Android/####/fbd467f165466ffc916a44792d98761f.0.tmp
  • <SD-Card>/Android/####/fe5c93839b1d1122297543ab980f0ecd.0.tmp
  • <SD-Card>/Android/####/fe93c452e4b3b62b11a1eb31d59d04c7.0.tmp
  • <SD-Card>/Android/####/inapp_dev.txt
  • <SD-Card>/Android/####/journal
  • <SD-Card>/Android/####/journal.tmp
  • <SD-Card>/Android/####/jquery-2.1.1.min.js
  • <SD-Card>/Android/####/playable_BP_p_05.js
  • <SD-Card>/Android/####/playable_c2_pathfind_02.min.js
  • <SD-Card>/Android/####/playable_playable_close.png
  • <SD-Card>/Android/####/playable_playable_fallback.png
  • <SD-Card>/Android/####/playable_playable_loader.gif
  • <SD-Card>/Android/####/sound_off.png
  • <SD-Card>/Android/####/sound_on.png
  • <SD-Card>/Download/####/accs_election
  • <SD-Card>/LogN/####/sp
  • <SD-Card>/baidu/####/journal
  • <SD-Card>/baidu/.cuid
  • <SD-Card>/mobogenie/####/101_.d95b966e76110b6af4cc7918873ffc72
  • <SD-Card>/mobogenie/####/all_search_hotwords.json
  • <SD-Card>/mobogenie/####/all_search_hotwords.json (deleted)
  • <SD-Card>/mobogenie/####/facebook_ads_position.json
  • <SD-Card>/mobogenie/####/gl_app_category.json
  • <SD-Card>/mobogenie/####/gl_app_feature_quick_entry_fast_track_...e.json
  • <SD-Card>/mobogenie/####/gl_app_home_all_json
  • <SD-Card>/mobogenie/####/mobogenie.uuid
  • <SD-Card>/mobogenie/####/splashbanner.png
  • <SD-Card>/mobogenie/mobosd.bin
  • <SD-Card>/mobogenie/mobosd.bin-journal
Другие:
Запускает следующие shell-скрипты:
  • /data/user/0/<Package>/files/watch_server /data/user/0/<Package> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"","utdid":"WYRpSoApPsEDAGdzx1G33Yg8","sdkVersion":"212"} -I agoodm.m.taobao.com -O 80 -T -Z
  • <Package Folder>/files/cwd 0
  • <Package Folder>/files/uninstall 0 http://m.mobogenie.com/en/uninstall/uninstall.html?channel_id=777&uuid=b2a0aef3-6d35-43a1-8c12-fe64e2accbfc&android=a967d2bb56f7bc6b&imei=<IMEI>&versionCode=302162&versionName=3.2.16.2&site=GL
  • <Package Folder>/files/watch_server <Package Folder> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
  • cat /proc/cpuinfo
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 755 /data/user/0/<Package>/files/watch_server
  • chmod 755 <Package Folder>/files/watch_server
  • sh
  • sh /data/user/0/<Package>/files/watch_server /data/user/0/<Package> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
  • sh <Package Folder>/files/cwd 0
  • sh <Package Folder>/files/uninstall 0 http://m.mobogenie.com/en/uninstall/uninstall.html?channel_id=777&uuid=b2a0aef3-6d35-43a1-8c12-fe64e2accbfc&android=a967d2bb56f7bc6b&imei=<IMEI>&versionCode=302162&versionName=3.2.16.2&site=GL
  • sh <Package Folder>/files/watch_server <Package Folder> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
Загружает динамические библиотеки:
  • tnet-3.1
Использует следующие алгоритмы для шифрования данных:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-ECB-NoPadding
  • AES-ECB-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
  • desede-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
  • AES
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
  • desede-ECB-PKCS5Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.

Рекомендации по лечению


Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Российский разработчик антивирусов Dr.Web с 1992 года
Dr.Web в Реестре Отечественного ПО
Dr.Web совместим с российскими ОС и оборудованием
Dr.Web пользуются в 200+ странах мира
Техническая поддержка 24х7х365 Рус | En

© «Доктор Веб»
2003 — 2022

«Доктор Веб» — российский производитель антивирусных средств защиты информации под маркой Dr.Web. Продукты Dr.Web разрабатываются с 1992 года.

125124, Россия, Москва, 3-я улица Ямского поля, д.2, корп.12А