Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Click.171.origin
- Android.Xiny.197
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) tra####.nob####.com:80
- TCP(HTTP/1.1) www.technol####.co.uk:80
- TCP(HTTP/1.1) api.cloud####.net:80
- TCP(HTTP/1.1) ndl.m####.com:80
- TCP(HTTP/1.1) f####.google####.com:80
- TCP(HTTP/1.1) 2####.177.13.68:8288
- TCP(HTTP/1.1) t####.conser####.com:80
- TCP(HTTP/1.1) dpl.b####.com:80
- TCP(HTTP/1.1) down####.wild####.appl####.####.net:80
- TCP(HTTP/1.1) sc####.mobpowe####.com:80
- TCP(HTTP/1.1) se####.sources####.com:80
- TCP(HTTP/1.1) so####.moboh####.com:80
- TCP(HTTP/1.1) o####.dolphin####.com:80
- TCP(HTTP/1.1) con####.mobog####.com:80
- TCP(HTTP/1.1) u####.b####.com:80
- TCP(HTTP/1.1) www.face####.com:80
- TCP(HTTP/1.1) ma####.sources####.com:80
- TCP(HTTP/1.1) p####.cy-secu####.com:80
- TCP(HTTP/1.1) mo.freeind####.com:80
- TCP(HTTP/1.1) net.ray####.com:80
- TCP(HTTP/1.1) f####.cdn.1####.com:80
- TCP(HTTP/1.1) ipv6-wi####.appl####.com.####.net:80
- TCP(HTTP/1.1) 75a2####.cdn.uc####.####.cn:80
- TCP(HTTP/1.1) synct####.com:80
- TCP(HTTP/1.1) applovi####.edg####.net:80
- TCP(HTTP/1.1) gl####.mobt####.site:80
- TCP(HTTP/1.1) c####.wallof####.com:80
- TCP(HTTP/1.1) s####.mob####.b####.com:80
- TCP(HTTP/1.1) fk-mt####.ray####.com:80
- TCP(HTTP/1.1) se####.mobog####.com:80
- TCP(HTTP/1.1) a####.adsbt####.com:80
- TCP(HTTP/1.1) api.mob####.b####.com:80
- TCP(HTTP/1.1) gl####.ymtrac####.com:80
- TCP(HTTP/1.1) api.mobpowe####.com:80
- TCP(HTTP/1.1) www.mmmmmm####.com:80
- TCP(HTTP/1.1) serv####.m####.com:80
- TCP(HTTP/1.1) f####.gst####.com:80
- TCP(HTTP/1.1) l.a####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) d####.2gl.xyz:80
- TCP(HTTP/1.1) ald####.com:80
- TCP(HTTP/1.1) mobotoo####.mobog####.com:80
- TCP(HTTP/1.1) rdl.sources####.com:80
- TCP(HTTP/1.1) real####.icec####.org:80
- TCP(HTTP/1.1) sl####.1####.com:8111
- TCP(HTTP/1.1) pl####.mob####.b####.com:80
- TCP(HTTP/1.1) se####.moboh####.com:80
- TCP(HTTP/1.1) apilo####.a####.com:80
- TCP(HTTP/1.1) s####.ad.mobog####.com:80
- TCP(HTTP/1.1) koolm####.info:80
- TCP(HTTP/1.1) ac.mobilea####.com:80
- TCP(HTTP/1.1) pass####.moboh####.com:80
- TCP(HTTP/1.1) se####.moboga####.com:80
- TCP(HTTP/1.1) t####.global:80
- TCP(HTTP/1.1) api.mo####.sdk.####.com:80
- TCP(HTTP/1.1) www.admobim####.com:80
- TCP(HTTP/1.1) cpgnrot####.com:80
- TCP(HTTP/1.1) ak.icec####.org:80
- TCP(HTTP/1.1) set####.ray####.com:80
- TCP(HTTP/1.1) p####.moboh####.com:80
- TCP(HTTP/1.1) se####.m####.com:80
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) pass####.moboh####.com:443
- TCP(TLS/1.0) a####.belugab####.com:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) a####.gold:443
- TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) e.crashly####.com:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) bestper####.site:443
- TCP(TLS/1.0) pass####.mobog####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) adse####.leblonm####.com:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) st####.xx.f####.net:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP umengj####.m.ta####.com:443
- TCP 1####.205.160.76:443
Запросы DNS:
- a####.adsbt####.com
- a####.belugab####.com
- a####.gold
- a.appl####.com
- ac.mobilea####.com
- adse####.leblonm####.com
- ag####.m.ta####.com
- ak.icec####.org
- ald####.com
- api####.a####.com
- api.cloud####.net
- api.mo####.sdk.####.com
- api.mob####.b####.com
- api.mobpowe####.com
- bestper####.site
- c####.wallof####.com
- cdn####.ray####.com
- con####.mobog####.com
- cpgnrot####.com
- d####.2gl.xyz
- d.appl####.com
- dpl.b####.com
- e.crashly####.com
- f####.cdn.1####.com
- f####.google####.com
- f####.gst####.com
- fk-mt####.ray####.com
- g####.face####.com
- gl####.mobt####.site
- gl####.ymtrac####.com
- googl####.g.doublec####.net
- koolm####.info
- l.a####.com
- ma####.m####.com
- ma####.sources####.com
- mo.freeind####.com
- mobotoo####.mobog####.com
- msg.umengc####.com
- na####.sno####.1####.com
- ndl.m####.com
- net.ray####.com
- o####.dolphin####.com
- p####.cy-secu####.com
- p####.mobog####.com
- p####.moboh####.com
- pag####.googles####.com
- pass####.mobog####.com
- pass####.moboh####.com
- pl####.mob####.b####.com
- r####.appl####.com
- rdl.sources####.com
- real####.icec####.org
- rt.appl####.com
- s####.ad.mobog####.com
- s####.mob####.b####.com
- sc####.mobpowe####.com
- se####.m####.com
- se####.mobog####.com
- se####.moboga####.com
- se####.moboh####.com
- se####.sources####.com
- serv####.m####.com
- set####.ray####.com
- sett####.crashly####.com
- so####.moboh####.com
- st####.xx.f####.net
- stage####.appl####.com
- stage-a####.appl####.com
- synct####.com
- t####.conser####.com
- t####.global
- tpc.googles####.com
- tra####.nob####.com
- u####.b####.com
- umengj####.m.ta####.com
- www.admobim####.com
- www.face####.com
- www.go####.com
- www.google-####.com
- www.mmmmmm####.com
- www.technol####.co.uk
Запросы HTTP GET:
- a####.adsbt####.com/c/245d96912e3e4930
- api.mo####.sdk.####.com/adunion/slot/getDlAd?h=####&w=####&model=####&ve...
- api.mo####.sdk.####.com/adunion/slot/getSrcPrio?h=####&w=####&model=####...
- api.mob####.b####.com/index.php?r=####&al=####&l=####&p=####&hp=####&lc=...
- api.mob####.b####.com/strategy/api/v1/rule/get?p=####&hp=####&l=####&c=#...
- applovi####.edg####.net/ob13c7a6/e3dd810fc3b5aaa60467d9bae0bf3d98185997a...
- c####.wallof####.com/?utm_medium=####&utm_campaign=####&cid=####&1=####
- d####.2gl.xyz/?s3=####&s1=####&kw=####
- dpl.b####.com/M01/01/AD/CvJJDVmdK42AXDR-AArECpZhGVo032.zip
- f####.google####.com/css?family=####&ver=####
- f####.gst####.com/s/lato/v13/MZ1aViPqjfvZwVD_tzjjkwLUuEpTyoUstqEm5AMlJo4...
- f####.gst####.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJTdGNerWpg2Hn6A-Bx...
- ipv6-wi####.appl####.com.####.net/2.0/ad?v1=####&model=####&dx=####&dy=#...
- ipv6-wi####.appl####.com.####.net/2.0/ad?v1=####&model=####&etf=####&dx=...
- ipv6-wi####.appl####.com.####.net/nad?v1=####&model=####&dx=####&dy=####...
- pag####.googles####.com/pagead/js/adsbygoogle.js
- pag####.googles####.com/pagead/js/r20170830/r20170110/reactive_library.js
- pag####.googles####.com/pagead/js/r20170830/r20170110/show_ads_impl.js
- serv####.m####.com/119987?t=0.8490540978964418&ref=&lu=http://www.techno...
- t####.conser####.com/?utm_medium=####&utm_campaign=####&1=####&cid=####&...
- t####.conser####.com/?utm_term=####&clickverify=####&utm_content=####
- t####.conser####.com/proc.php?079d03e####
- tra####.nob####.com/?p=####&media_type=####&pi=####&sub_id=####&click_id...
- u####.b####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&pro...
- www.face####.com/plugins/likebox.php?href=####&w####&height=####&colorsc...
Запросы HTTP POST:
- apilo####.a####.com/v3/log/init
- con####.mobog####.com/log/log_apps
- ipv6-wi####.appl####.com.####.net/device?api_key=####
- ipv6-wi####.appl####.com.####.net/pix?event=####&ts=####&platform=####&m...
- l.a####.com/l.php
- l.a####.com/sal.php
- mo.freeind####.com/detail/getOfferListNew?enc=####
- pl####.mob####.b####.com/ad_dex.php
- rdl.sources####.com/android/appDownloadLog.htm
- rdl.sources####.com/dload/resource.htm
- s####.mob####.b####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
- sl####.1####.com:8111/native/api/v1/update
- sl####.1####.com:8111/native/sdk/api/ad/client_action
- sl####.1####.com:8111/native/sdk/api/regclient
- www.mmmmmm####.com/osp/oaen_get.action?tasktype=####&imei=####&imsi=####...
- www.mmmmmm####.com/osp/oaen_reg.action
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.mbj/####/classes.zip
- <Package Folder>/app_osdk/adflash_shell.jar
- <Package Folder>/app_osdk/t.zip
- <Package Folder>/cache/####/0548391082cfd49909b29fe2d1b80226.0.tmp
- <Package Folder>/cache/####/0548391082cfd49909b29fe2d1b80226.1.tmp
- <Package Folder>/cache/####/0a87f5bf5080eacdaf7bbd5bbff8ab2d.0
- <Package Folder>/cache/####/0a87f5bf5080eacdaf7bbd5bbff8ab2d.1
- <Package Folder>/cache/####/1023f3782981e18c451ca286c7d4f80b.0.tmp
- <Package Folder>/cache/####/1023f3782981e18c451ca286c7d4f80b.1.tmp
- <Package Folder>/cache/####/10d0f4fe07dbedb0d0b344981a7a89a4.0.tmp
- <Package Folder>/cache/####/10d0f4fe07dbedb0d0b344981a7a89a4.1.tmp
- <Package Folder>/cache/####/13735725e8a6e2d2d4822a27c0083bbb.0.tmp
- <Package Folder>/cache/####/13735725e8a6e2d2d4822a27c0083bbb.1.tmp
- <Package Folder>/cache/####/1eeba40ff3a4dea030f4e97fb8ce4985.0.tmp
- <Package Folder>/cache/####/1eeba40ff3a4dea030f4e97fb8ce4985.1.tmp
- <Package Folder>/cache/####/30cc98a6f06b8b5f19deec0955453df0.0.tmp
- <Package Folder>/cache/####/30cc98a6f06b8b5f19deec0955453df0.1.tmp
- <Package Folder>/cache/####/3b93c5c1ac97ca94744f7498b1ea2f1e.0
- <Package Folder>/cache/####/3b93c5c1ac97ca94744f7498b1ea2f1e.1
- <Package Folder>/cache/####/41ba75ce537cdc7a41ecd03d63b07376.0.tmp
- <Package Folder>/cache/####/41ba75ce537cdc7a41ecd03d63b07376.1.tmp
- <Package Folder>/cache/####/42a55ceb87a05db410ff579c7e1a30ad.0.tmp
- <Package Folder>/cache/####/42a55ceb87a05db410ff579c7e1a30ad.1.tmp
- <Package Folder>/cache/####/42bb2c40dc2ca15b2761c01f02e5c6c3.0.tmp
- <Package Folder>/cache/####/42bb2c40dc2ca15b2761c01f02e5c6c3.1.tmp
- <Package Folder>/cache/####/43ac7febeba4a78cbb548d6181769ac9.0
- <Package Folder>/cache/####/43ac7febeba4a78cbb548d6181769ac9.1
- <Package Folder>/cache/####/44f0af0637bd634b756a5d1d06fdf697.0.tmp
- <Package Folder>/cache/####/44f0af0637bd634b756a5d1d06fdf697.1.tmp
- <Package Folder>/cache/####/46df816f53cd58091df7f27417eeb28c.0.tmp
- <Package Folder>/cache/####/46df816f53cd58091df7f27417eeb28c.1.tmp
- <Package Folder>/cache/####/46f7020114fc9dc3978d9887b1d2c28e.0.tmp
- <Package Folder>/cache/####/46f7020114fc9dc3978d9887b1d2c28e.1.tmp
- <Package Folder>/cache/####/48c6318a5a067fb9b7234f8e4074eb41.0.tmp
- <Package Folder>/cache/####/48c6318a5a067fb9b7234f8e4074eb41.1.tmp
- <Package Folder>/cache/####/49eb148dc22340267445bb08d868904d.0.tmp
- <Package Folder>/cache/####/49eb148dc22340267445bb08d868904d.1.tmp
- <Package Folder>/cache/####/4a260e247b5c4973d0bf723c35b09ec8.0.tmp
- <Package Folder>/cache/####/4a260e247b5c4973d0bf723c35b09ec8.1.tmp
- <Package Folder>/cache/####/4ba63647cc079d1b8c7c8d9f46ac3b88.0
- <Package Folder>/cache/####/4ba63647cc079d1b8c7c8d9f46ac3b88.1
- <Package Folder>/cache/####/5c43131b40d72ff73fd9ba2480206065.0.tmp
- <Package Folder>/cache/####/5c43131b40d72ff73fd9ba2480206065.1.tmp
- <Package Folder>/cache/####/62914e8747d0ec10a91cfe53315bb925.0.tmp
- <Package Folder>/cache/####/62914e8747d0ec10a91cfe53315bb925.1.tmp
- <Package Folder>/cache/####/637bcf779e8a476965fb4296552b99c7.0.tmp
- <Package Folder>/cache/####/637bcf779e8a476965fb4296552b99c7.1.tmp
- <Package Folder>/cache/####/6fd81df2e2096486b6aea8a8aae2282c.0.tmp
- <Package Folder>/cache/####/6fd81df2e2096486b6aea8a8aae2282c.1.tmp
- <Package Folder>/cache/####/70594694b795809267b00a383e3a0e3e.0.tmp
- <Package Folder>/cache/####/70594694b795809267b00a383e3a0e3e.1.tmp
- <Package Folder>/cache/####/72f2407ed2f8d08b53239151d6614ac9.0.tmp
- <Package Folder>/cache/####/72f2407ed2f8d08b53239151d6614ac9.1.tmp
- <Package Folder>/cache/####/773390b9cdd2cdbc2ce3cbd62e4da82a.0.tmp
- <Package Folder>/cache/####/773390b9cdd2cdbc2ce3cbd62e4da82a.1.tmp
- <Package Folder>/cache/####/7fb1610b7134fdd44cf5ccd8f3a32a3e.0.tmp
- <Package Folder>/cache/####/7fb1610b7134fdd44cf5ccd8f3a32a3e.1.tmp
- <Package Folder>/cache/####/8d22b9cb01ab8d32007fad43db9db19d.0.tmp
- <Package Folder>/cache/####/8d22b9cb01ab8d32007fad43db9db19d.1.tmp
- <Package Folder>/cache/####/9eef5ea43e5d602010ae5c732279b385.0.tmp
- <Package Folder>/cache/####/9eef5ea43e5d602010ae5c732279b385.1.tmp
- <Package Folder>/cache/####/a4648f06d16f0cf7483354560710b3cb.0.tmp
- <Package Folder>/cache/####/a4648f06d16f0cf7483354560710b3cb.1.tmp
- <Package Folder>/cache/####/b078f8d73a55a17093959cbb90ce08f5.0.tmp
- <Package Folder>/cache/####/b078f8d73a55a17093959cbb90ce08f5.1.tmp
- <Package Folder>/cache/####/b4353c78e773bcb0a0fbc4a48ad7f658.0.tmp
- <Package Folder>/cache/####/b4353c78e773bcb0a0fbc4a48ad7f658.1.tmp
- <Package Folder>/cache/####/c3efe84419ecfbfdfc1daabab5063982.0.tmp
- <Package Folder>/cache/####/c3efe84419ecfbfdfc1daabab5063982.1.tmp
- <Package Folder>/cache/####/c67536911405198e44e745323d41466b.0.tmp
- <Package Folder>/cache/####/c67536911405198e44e745323d41466b.1.tmp
- <Package Folder>/cache/####/cd5b0275952b90255bcef40f4aa7e6e2.0.tmp
- <Package Folder>/cache/####/cd5b0275952b90255bcef40f4aa7e6e2.1.tmp
- <Package Folder>/cache/####/d36d6c69bdaa984dd47d498dcf0e62a3.0.tmp
- <Package Folder>/cache/####/d36d6c69bdaa984dd47d498dcf0e62a3.1.tmp
- <Package Folder>/cache/####/d7f1261c6dd3edfdcd456e5dfce2b180.0.tmp
- <Package Folder>/cache/####/d7f1261c6dd3edfdcd456e5dfce2b180.1.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e18e8ada4e8896ca26fc7fcba26c065b.0.tmp
- <Package Folder>/cache/####/e18e8ada4e8896ca26fc7fcba26c065b.1.tmp
- <Package Folder>/cache/####/ec5d91e93363de633d8d539a76b3500b.0.tmp
- <Package Folder>/cache/####/ec5d91e93363de633d8d539a76b3500b.1.tmp
- <Package Folder>/cache/####/f2aff028378c63903f55016512f79cdd.0.tmp
- <Package Folder>/cache/####/f2aff028378c63903f55016512f79cdd.1.tmp
- <Package Folder>/cache/####/f8f8966e0efd77af1dda28efd846e625.0.tmp
- <Package Folder>/cache/####/f8f8966e0efd77af1dda28efd846e625.1.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/fbd467f165466ffc916a44792d98761f.0.tmp
- <Package Folder>/cache/####/fbd467f165466ffc916a44792d98761f.1.tmp
- <Package Folder>/cache/####/fe5c93839b1d1122297543ab980f0ecd.0.tmp
- <Package Folder>/cache/####/fe5c93839b1d1122297543ab980f0ecd.1.tmp
- <Package Folder>/cache/####/fe93c452e4b3b62b11a1eb31d59d04c7.0.tmp
- <Package Folder>/cache/####/fe93c452e4b3b62b11a1eb31d59d04c7.1.tmp
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code_cache/####/<Package>-1.apk.classes-665575817.zip
- <Package Folder>/code_cache/####/<Package>-1.apk.classes-669247106.zip
- <Package Folder>/databases/MessageStore.db-journal
- <Package Folder>/databases/MsgLogStore.db-journal
- <Package Folder>/databases/accs.db-journal
- <Package Folder>/databases/adblib.db-journal
- <Package Folder>/databases/arrkii.native.sdk.db-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/download_file.db-journal
- <Package Folder>/databases/du_ad_cache.db-journal
- <Package Folder>/databases/du_ad_parse.db-journal
- <Package Folder>/databases/du_ad_ts.db-journal
- <Package Folder>/databases/du_weather_data.db-journal
- <Package Folder>/databases/message_accs_db
- <Package Folder>/databases/message_accs_db-journal
- <Package Folder>/databases/mobogenie.db
- <Package Folder>/databases/mobogenie.db-journal
- <Package Folder>/databases/mobogenie_music.db
- <Package Folder>/databases/mobogenie_music.db-journal
- <Package Folder>/databases/mobogenie_update.db
- <Package Folder>/databases/mobogenie_update.db-journal
- <Package Folder>/databases/mobpower.db-journal
- <Package Folder>/databases/mobvista.msdk.db-journal
- <Package Folder>/databases/my.db-journal
- <Package Folder>/databases/self_ad_db
- <Package Folder>/databases/self_ad_db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-jou...leted)
- <Package Folder>/databases/ztrack.db-journal
- <Package Folder>/eudemon
- <Package Folder>/files/####/59846949039B-0001-082F-F5DCB4DAC3A8...s_temp
- <Package Folder>/files/####/5984694A00F4-0001-084B-F5DCB4DAC3A8...pp.cls
- <Package Folder>/files/####/5984694A00F4-0001-084B-F5DCB4DAC3A8...s_temp
- <Package Folder>/files/####/com.crashlytics.settings.json
- <Package Folder>/files/####/initialization_marker
- <Package Folder>/files/####/mp_agent_log
- <Package Folder>/files/####/sa_b42b58c6-e365-4ce9-bb02-6200fec1...39.tap
- <Package Folder>/files/####/sa_b50367c8-f6be-4e3e-b462-b307eb2d...11.tap
- <Package Folder>/files/####/session_analytics.tap
- <Package Folder>/files/####/session_analytics.tap.tmp
- <Package Folder>/files/DaemonServer
- <Package Folder>/files/adflashcore.jar
- <Package Folder>/files/agoo.pid
- <Package Folder>/files/cwd
- <Package Folder>/files/google.db
- <Package Folder>/files/mobclick_agent_cached_<Package>302162
- <Package Folder>/files/rk.jar
- <Package Folder>/files/t.jar
- <Package Folder>/files/uninstall
- <Package Folder>/files/watch_server
- <Package Folder>/shared_prefs/0def24353a3d8f0f7144f3755d8f7744.xml
- <Package Folder>/shared_prefs/0def24353a3d8f0f7144f3755d8f7744.xml.bak
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak (deleted)
- <Package Folder>/shared_prefs/<Package>_ui_preferences.xml
- <Package Folder>/shared_prefs/ACCS_BIND.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml.bak
- <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
- <Package Folder>/shared_prefs/AGOO_BIND.xml
- <Package Folder>/shared_prefs/ActivatePreUtil.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml.bak
- <Package Folder>/shared_prefs/Agoo_AppStore.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/BusinessPreUtil.xml
- <Package Folder>/shared_prefs/BusinessPreUtil.xml.bak
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/FirstNewUninstallTime.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml.bak
- <Package Folder>/shared_prefs/MobogeniePrefsFile.xml
- <Package Folder>/shared_prefs/MobogeniePrefsFile.xml.bak
- <Package Folder>/shared_prefs/OfferPreUtil.xml
- <Package Folder>/shared_prefs/PUSH_PRE.xml
- <Package Folder>/shared_prefs/PUSH_PRE.xml.bak
- <Package Folder>/shared_prefs/PUSH_PRE.xml.bak (deleted)
- <Package Folder>/shared_prefs/SCORE_PRE.xml
- <Package Folder>/shared_prefs/SETTING_DOMAIN.xml
- <Package Folder>/shared_prefs/SETTING_DOMAIN.xml.bak
- <Package Folder>/shared_prefs/SETTING_PRE.xml
- <Package Folder>/shared_prefs/SETTING_PRE.xml.bak
- <Package Folder>/shared_prefs/SUBSCRIBE_AD.xml
- <Package Folder>/shared_prefs/SUBSCRIBE_AD.xml.bak
- <Package Folder>/shared_prefs/TOKEN.xml
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/shared_prefs/USERINFO.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml
- <Package Folder>/shared_prefs/_toolbox_prefs.xml.bak
- <Package Folder>/shared_prefs/_toolbox_prefs.xml.bak (deleted)
- <Package Folder>/shared_prefs/_weather_prefs.xml
- <Package Folder>/shared_prefs/_weather_prefs.xml.bak
- <Package Folder>/shared_prefs/_weather_prefs.xml.bak (deleted)
- <Package Folder>/shared_prefs/adflash.xml
- <Package Folder>/shared_prefs/adflash.xml.bak
- <Package Folder>/shared_prefs/ak.native.sdk.xml
- <Package Folder>/shared_prefs/ak.native.sdk.xml.bak
- <Package Folder>/shared_prefs/aps.xml
- <Package Folder>/shared_prefs/aps.xml.bak
- <Package Folder>/shared_prefs/apsad.xml
- <Package Folder>/shared_prefs/apsad.xml.bak
- <Package Folder>/shared_prefs/apscomm.xml
- <Package Folder>/shared_prefs/arrkiiad.xml
- <Package Folder>/shared_prefs/clean.xml
- <Package Folder>/shared_prefs/clean_version_sp.xml
- <Package Folder>/shared_prefs/clean_version_sp.xml.bak
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml.bak
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml.bak (deleted)
- <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQue...in.xml
- <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQue...ml.bak
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answe...gs.xml
- <Package Folder>/shared_prefs/com.facebook.internal.preferences...GS.xml
- <Package Folder>/shared_prefs/com.mobpower.xml
- <Package Folder>/shared_prefs/com.mobpower.xml.bak
- <Package Folder>/shared_prefs/ct_default.xml
- <Package Folder>/shared_prefs/device_info.xml
- <Package Folder>/shared_prefs/hunter_config.xml
- <Package Folder>/shared_prefs/install.xml
- <Package Folder>/shared_prefs/install.xml.bak (deleted)
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.f....q.xml
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.f...leted)
- <Package Folder>/shared_prefs/last_know_location.xml
- <Package Folder>/shared_prefs/mobvista.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/other_config.xml
- <Package Folder>/shared_prefs/remain.xml
- <Package Folder>/shared_prefs/self_adextend.xml
- <Package Folder>/shared_prefs/self_adextend.xml.bak
- <Package Folder>/shared_prefs/service_config.xml
- <Package Folder>/shared_prefs/service_config.xml.bak
- <Package Folder>/shared_prefs/settingsLog.xml
- <Package Folder>/shared_prefs/settingsLog.xml.bak
- <Package Folder>/shared_prefs/share_date.xml
- <Package Folder>/shared_prefs/share_date.xml.bak (deleted)
- <Package Folder>/shared_prefs/sp_config.xml
- <Package Folder>/shared_prefs/sp_config.xml.bak
- <Package Folder>/shared_prefs/strategy_sp.xml
- <Package Folder>/shared_prefs/t_ini.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/shared_prefs/v71.xml
- <Package Folder>/shared_prefs/v71.xml.bak
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.androidsystem/####/49.x-4.3.5-vs.apk
- <SD-Card>/.androidsystem/####/PlugShareData
- <SD-Card>/.androidsystem/####/files.db
- <SD-Card>/.androidsystem/####/plugxml.xml
- <SD-Card>/.androidsystem/####/syncfiles.db
- <SD-Card>/.androidsystem/Plugin.zip
- <SD-Card>/Android/####/.0.tmp (deleted)
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/0548391082cfd49909b29fe2d1b80226.0.tmp
- <SD-Card>/Android/####/0880d1ae6dcf7ad5284e4d0714c31ba9b4f75bd3...v1.png
- <SD-Card>/Android/####/09ac570d10a28c0c08ecee080ceb90a7.0.tmp
- <SD-Card>/Android/####/1023f3782981e18c451ca286c7d4f80b.0.tmp
- <SD-Card>/Android/####/10d0f4fe07dbedb0d0b344981a7a89a4.0.tmp
- <SD-Card>/Android/####/13735725e8a6e2d2d4822a27c0083bbb.0.tmp
- <SD-Card>/Android/####/1eeba40ff3a4dea030f4e97fb8ce4985.0.tmp
- <SD-Card>/Android/####/277b2e6013d3e0d19fb2fe0c410a8b1f.0.tmp
- <SD-Card>/Android/####/30cc98a6f06b8b5f19deec0955453df0.0.tmp
- <SD-Card>/Android/####/41ba75ce537cdc7a41ecd03d63b07376.0.tmp
- <SD-Card>/Android/####/42a55ceb87a05db410ff579c7e1a30ad.0.tmp
- <SD-Card>/Android/####/42bb2c40dc2ca15b2761c01f02e5c6c3.0.tmp
- <SD-Card>/Android/####/44f0af0637bd634b756a5d1d06fdf697.0.tmp
- <SD-Card>/Android/####/46df816f53cd58091df7f27417eeb28c.0.tmp
- <SD-Card>/Android/####/46f7020114fc9dc3978d9887b1d2c28e.0.tmp
- <SD-Card>/Android/####/48c6318a5a067fb9b7234f8e4074eb41.0.tmp
- <SD-Card>/Android/####/49eb148dc22340267445bb08d868904d.0.tmp
- <SD-Card>/Android/####/5285044de8e4db72b86e7246f9aee7c2.0.tmp
- <SD-Card>/Android/####/5c43131b40d72ff73fd9ba2480206065.0.tmp
- <SD-Card>/Android/####/62914e8747d0ec10a91cfe53315bb925.0.tmp
- <SD-Card>/Android/####/637bcf779e8a476965fb4296552b99c7.0.tmp
- <SD-Card>/Android/####/6fd81df2e2096486b6aea8a8aae2282c.0.tmp
- <SD-Card>/Android/####/70594694b795809267b00a383e3a0e3e.0.tmp
- <SD-Card>/Android/####/71bd5e215c19e55403412e9d82bf69e0.0.tmp
- <SD-Card>/Android/####/769404f8c79b545515b26b4b568de61c.0.tmp
- <SD-Card>/Android/####/773390b9cdd2cdbc2ce3cbd62e4da82a.0.tmp
- <SD-Card>/Android/####/7fb1610b7134fdd44cf5ccd8f3a32a3e.0.tmp
- <SD-Card>/Android/####/9eef5ea43e5d602010ae5c732279b385.0.tmp
- <SD-Card>/Android/####/a4648f06d16f0cf7483354560710b3cb.0.tmp
- <SD-Card>/Android/####/b078f8d73a55a17093959cbb90ce08f5.0.tmp
- <SD-Card>/Android/####/b4353c78e773bcb0a0fbc4a48ad7f658.0.tmp
- <SD-Card>/Android/####/c67536911405198e44e745323d41466b.0.tmp
- <SD-Card>/Android/####/d36d6c69bdaa984dd47d498dcf0e62a3.0.tmp
- <SD-Card>/Android/####/e18e8ada4e8896ca26fc7fcba26c065b.0.tmp
- <SD-Card>/Android/####/e3dd810fc3b5aaa60467d9bae0bf3d98185997a9...ne.mp4
- <SD-Card>/Android/####/ec5d91e93363de633d8d539a76b3500b.0.tmp
- <SD-Card>/Android/####/f2aff028378c63903f55016512f79cdd.0.tmp
- <SD-Card>/Android/####/f5207858b63ffe4989d6854637e08ea1.0.tmp
- <SD-Card>/Android/####/f6fd6936ee65918b5035e185ada6ad88.0.tmp
- <SD-Card>/Android/####/f7ce3b076b72812f03ea9998223200b1.0.tmp
- <SD-Card>/Android/####/f8f8966e0efd77af1dda28efd846e625.0.tmp
- <SD-Card>/Android/####/fbd467f165466ffc916a44792d98761f.0.tmp
- <SD-Card>/Android/####/fe5c93839b1d1122297543ab980f0ecd.0.tmp
- <SD-Card>/Android/####/fe93c452e4b3b62b11a1eb31d59d04c7.0.tmp
- <SD-Card>/Android/####/inapp_dev.txt
- <SD-Card>/Android/####/journal
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/Android/####/jquery-2.1.1.min.js
- <SD-Card>/Android/####/playable_BP_p_05.js
- <SD-Card>/Android/####/playable_c2_pathfind_02.min.js
- <SD-Card>/Android/####/playable_playable_close.png
- <SD-Card>/Android/####/playable_playable_fallback.png
- <SD-Card>/Android/####/playable_playable_loader.gif
- <SD-Card>/Android/####/sound_off.png
- <SD-Card>/Android/####/sound_on.png
- <SD-Card>/Download/####/accs_election
- <SD-Card>/LogN/####/sp
- <SD-Card>/baidu/####/journal
- <SD-Card>/baidu/.cuid
- <SD-Card>/mobogenie/####/101_.d95b966e76110b6af4cc7918873ffc72
- <SD-Card>/mobogenie/####/all_search_hotwords.json
- <SD-Card>/mobogenie/####/all_search_hotwords.json (deleted)
- <SD-Card>/mobogenie/####/facebook_ads_position.json
- <SD-Card>/mobogenie/####/gl_app_category.json
- <SD-Card>/mobogenie/####/gl_app_feature_quick_entry_fast_track_...e.json
- <SD-Card>/mobogenie/####/gl_app_home_all_json
- <SD-Card>/mobogenie/####/mobogenie.uuid
- <SD-Card>/mobogenie/####/splashbanner.png
- <SD-Card>/mobogenie/mobosd.bin
- <SD-Card>/mobogenie/mobosd.bin-journal
Другие:
Запускает следующие shell-скрипты:
- /data/user/0/<Package>/files/watch_server /data/user/0/<Package> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"","utdid":"WYRpSoApPsEDAGdzx1G33Yg8","sdkVersion":"212"} -I agoodm.m.taobao.com -O 80 -T -Z
- <Package Folder>/files/cwd 0
- <Package Folder>/files/uninstall 0 http://m.mobogenie.com/en/uninstall/uninstall.html?channel_id=777&uuid=b2a0aef3-6d35-43a1-8c12-fe64e2accbfc&android=a967d2bb56f7bc6b&imei=<IMEI>&versionCode=302162&versionName=3.2.16.2&site=GL
- <Package Folder>/files/watch_server <Package Folder> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
- cat /proc/cpuinfo
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 755 /data/user/0/<Package>/files/watch_server
- chmod 755 <Package Folder>/files/watch_server
- sh
- sh /data/user/0/<Package>/files/watch_server /data/user/0/<Package> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
- sh <Package Folder>/files/cwd 0
- sh <Package Folder>/files/uninstall 0 http://m.mobogenie.com/en/uninstall/uninstall.html?channel_id=777&uuid=b2a0aef3-6d35-43a1-8c12-fe64e2accbfc&android=a967d2bb56f7bc6b&imei=<IMEI>&versionCode=302162&versionName=3.2.16.2&site=GL
- sh <Package Folder>/files/watch_server <Package Folder> http://redirect.mobogenie.com?pn=<Package>&v=302162&an=<Package>&lc=en_US&tag=mobogenie com.android.browser/com.android.browser.BrowserActivity 0
Загружает динамические библиотеки:
- tnet-3.1
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-NoPadding
- AES-ECB-PKCS5Padding
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
- desede-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- desede-ECB-PKCS5Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
