Android.Packed.29474

Техническая информация

Вредоносные функции:

Загружает на исполнение код следующих детектируемых угроз:

Tool.SilentInstaller.3.origin

Сетевая активность:

Подключается к:

UDP(DNS) <Google DNS>
TCP(GCM) <Google Host>
TCP(HTTP/1.1) l####.tbs.qq.com:80
TCP(HTTP/1.1) sh.wagbr####.alibaba####.com:80
TCP(HTTP/1.1) a####.u####.com:80
TCP(HTTP/1.1) dtann####.oss-cn-####.aliy####.com:80
TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
TCP(TLS/1.0) id####.oss-cn-####.aliy####.com:443
TCP(TLS/1.0) res.id####.com:443
TCP(TLS/1.0) d####.upt####.com:443
TCP(TLS/1.0) n####.wede####.com:443
TCP(TLS/1.0) a####.m.ta####.com:443
TCP(TLS/1.0) dtann####.oss-cn-####.aliy####.com:443
TCP umengj####.m.ta####.com:443
TCP ope####.m.ta####.com:443
TCP 1####.168.66.254:53882

Запросы DNS:

a####.m.ta####.com
a####.u####.com
ag####.m.ta####.com
d####.upt####.com
dtann####.oss-cn-####.aliy####.com
id####.oss-cn-####.aliy####.com
l####.tbs.qq.com
log.u####.com
msg.umengc####.com
n####.wede####.com
res.id####.com
s####.u####.com
so####.wede####.com
umen####.m.ta####.com
umengj####.m.ta####.com

Запросы HTTP GET:

dtann####.oss-cn-####.aliy####.com/1477014401508_cxng.png
dtann####.oss-cn-####.aliy####.com/1477014404188_lhxg.png
dtann####.oss-cn-####.aliy####.com/1477014405616_sjqd.png
dtann####.oss-cn-####.aliy####.com/1477014410662_ztyc.png
dtann####.oss-cn-####.aliy####.com/1478165961213_jzwj.png

Запросы HTTP POST:

l####.tbs.qq.com/ajax?c=####&k=####
l####.tbs.qq.com/ajax?c=####&v=####&k=####

Изменения в файловой системе:

Создает следующие файлы:

<Package Folder>/.jiagu/libjiagu.so
<Package Folder>/app_bin/daemon
<Package Folder>/app_tbs/####/core_info
<Package Folder>/app_tbs/####/debug.conf
<Package Folder>/app_tbs/####/tbscoreinstall.txt
<Package Folder>/app_tbs/####/tbslock.txt
<Package Folder>/cache/####/data_0
<Package Folder>/cache/####/data_1
<Package Folder>/cache/####/data_2
<Package Folder>/cache/####/data_3
<Package Folder>/cache/####/index
<Package Folder>/cache/ApplicationCache.db-journal (deleted)
<Package Folder>/databases/MessageStore.db-journal
<Package Folder>/databases/MsgLogStore.db-journal
<Package Folder>/databases/accs.db-journal
<Package Folder>/databases/beacon.db-journal
<Package Folder>/databases/cc.db
<Package Folder>/databases/cc.db-journal
<Package Folder>/databases/message_accs_db
<Package Folder>/databases/message_accs_db-journal
<Package Folder>/databases/ua.db
<Package Folder>/databases/ua.db-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
<Package Folder>/databases/webviewCookiesChromiumPrivate.db-jou...leted)
<Package Folder>/eudemon
<Package Folder>/files/####/.jg.ic
<Package Folder>/files/####/exchangeIdentity.json
<Package Folder>/files/####/messageCenter0
<Package Folder>/files/####/push_switch.bat
<Package Folder>/files/####/selectedStrategyList.bat
<Package Folder>/files/####/strategyList.bat
<Package Folder>/files/.imprint
<Package Folder>/files/DaemonServer
<Package Folder>/files/agoo.pid
<Package Folder>/files/exid.dat
<Package Folder>/files/pick.bat
<Package Folder>/files/portfolio_indexes.bat
<Package Folder>/files/umeng_it.cache
<Package Folder>/shared_prefs/ACCS_BINDumeng;55c41a01e0f55a30f8002c95.xml
<Package Folder>/shared_prefs/ACCS_SDK.xml
<Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
<Package Folder>/shared_prefs/AGOO_BIND.xml
<Package Folder>/shared_prefs/Agoo_AppStore.xml
<Package Folder>/shared_prefs/Alvin2.xml
<Package Folder>/shared_prefs/ContextData.xml
<Package Folder>/shared_prefs/data_pref.xml
<Package Folder>/shared_prefs/dengta_setting_pref.xml
<Package Folder>/shared_prefs/dt_web_sdk.xml
<Package Folder>/shared_prefs/multidex.version.xml
<Package Folder>/shared_prefs/tbs_download_config.xml
<Package Folder>/shared_prefs/tbs_download_stat.xml
<Package Folder>/shared_prefs/umeng_general_config.xml
<Package Folder>/shared_prefs/umeng_message_state.xml
<Package Folder>/shared_prefs/umeng_socialize.xml
<SD-Card>/.DataStorage/ContextData.xml
<SD-Card>/.UTSystemConfig/####/Alvin2.xml
<SD-Card>/Android/####/-4874212960.tmp
<SD-Card>/Android/####/.nomedia
<SD-Card>/Android/####/10384574370.tmp
<SD-Card>/Android/####/11058234930.tmp
<SD-Card>/Android/####/11300098040.tmp
<SD-Card>/Android/####/12139105040.tmp
<SD-Card>/Android/####/12347491150.tmp
<SD-Card>/Android/####/1699832230.tmp
<SD-Card>/Android/####/20186477150.tmp
<SD-Card>/Android/####/6283019560.tmp
<SD-Card>/Android/####/8379771260.tmp
<SD-Card>/Android/####/9053720080.tmp
<SD-Card>/Android/####/92e72ea85ab04f6693c40aa3a921294c
<SD-Card>/Android/####/a12c7c62243d4932a394120f6ecca1ce
<SD-Card>/Android/####/ahPremium.html
<SD-Card>/Android/####/app.config
<SD-Card>/Android/####/articleDetail.css
<SD-Card>/Android/####/articleDetail.html
<SD-Card>/Android/####/be54020fa8c121b735d56dbc399d53c1.download
<SD-Card>/Android/####/beaconUrl.js
<SD-Card>/Android/####/brotherSchool.html
<SD-Card>/Android/####/brotherSchoolCate.html
<SD-Card>/Android/####/bsChart.js
<SD-Card>/Android/####/bsSignal.css
<SD-Card>/Android/####/bsSignal.html
<SD-Card>/Android/####/chartHistory.js
<SD-Card>/Android/####/chartHistoryNew.js
<SD-Card>/Android/####/chipChart.js
<SD-Card>/Android/####/chipDistribution.css
<SD-Card>/Android/####/chipDistribution.html
<SD-Card>/Android/####/commentDetail.html
<SD-Card>/Android/####/common.css
<SD-Card>/Android/####/common.js
<SD-Card>/Android/####/coords.js
<SD-Card>/Android/####/d3.css
<SD-Card>/Android/####/d3.min.js
<SD-Card>/Android/####/d3Chart.js
<SD-Card>/Android/####/d3Charts-line.js
<SD-Card>/Android/####/d3Charts.js
<SD-Card>/Android/####/data.js
<SD-Card>/Android/####/deviceToken
<SD-Card>/Android/####/diagnoseList.html
<SD-Card>/Android/####/directionalAddIssuance.css
<SD-Card>/Android/####/directionalAddIssuance.html
<SD-Card>/Android/####/directionalAddIssuanceDetail.html
<SD-Card>/Android/####/directionalAddIssuanceLiftedDetail.html
<SD-Card>/Android/####/distinctionStockDetail.html
<SD-Card>/Android/####/distinctionStockList.html
<SD-Card>/Android/####/drapeCompetitionList.html
<SD-Card>/Android/####/dtLive.html
<SD-Card>/Android/####/dtPrivilegeDetail.html
<SD-Card>/Android/####/echarts.js
<SD-Card>/Android/####/event.js
<SD-Card>/Android/####/eventDetail.html
<SD-Card>/Android/####/eventReminder.html
<SD-Card>/Android/####/faqAccumulatePoints.html
<SD-Card>/Android/####/faqAhPremium.html
<SD-Card>/Android/####/faqBsSignal.html
<SD-Card>/Android/####/faqChipDistribution.html
<SD-Card>/Android/####/faqDirectionalAddIssuance.html
<SD-Card>/Android/####/faqDistinctionStockDetail.html
<SD-Card>/Android/####/faqDtIndex.html
<SD-Card>/Android/####/faqDtLive.html
<SD-Card>/Android/####/faqFinancingTracking.html
<SD-Card>/Android/####/faqFunctionIntro.html
<SD-Card>/Android/####/faqFundExp.html
<SD-Card>/Android/####/faqHistoryCheck.html
<SD-Card>/Android/####/faqInvestmentMap.html
<SD-Card>/Android/####/faqMarginTradingExp.html
<SD-Card>/Android/####/faqMarketSecurityMargin.html
<SD-Card>/Android/####/faqMyCoupons.html
<SD-Card>/Android/####/faqNewStock1.html
<SD-Card>/Android/####/faqNewStock2.html
<SD-Card>/Android/####/faqNewStock3.html
<SD-Card>/Android/####/faqNewStock4.html
<SD-Card>/Android/####/faqNewStock5.html
<SD-Card>/Android/####/faqPrivatizationTracking1.html
<SD-Card>/Android/####/faqPrivatizationTracking2.html
<SD-Card>/Android/####/faqPrivatizationTracking3.html
<SD-Card>/Android/####/faqPrivatizationTracking4.html
<SD-Card>/Android/####/faqPrivatizationTracking5.html
<SD-Card>/Android/####/faqQrCode.html
<SD-Card>/Android/####/faqServiceProtocol.html
<SD-Card>/Android/####/faqSimilarShape.html
<SD-Card>/Android/####/faqStockLive.html
<SD-Card>/Android/####/faqValuationExp.html
<SD-Card>/Android/####/financingTracking.css
<SD-Card>/Android/####/financingTracking.html
<SD-Card>/Android/####/find.css
<SD-Card>/Android/####/findDetail.css
<SD-Card>/Android/####/findDetail.html
<SD-Card>/Android/####/findNews.html
<SD-Card>/Android/####/findPool.html
<SD-Card>/Android/####/findStock.html
<SD-Card>/Android/####/ftChart.js
<SD-Card>/Android/####/global_1501849354015_1
<SD-Card>/Android/####/gmu.js
<SD-Card>/Android/####/h5_res.zip
<SD-Card>/Android/####/historyCheck.css
<SD-Card>/Android/####/historyCheck.html
<SD-Card>/Android/####/hotChart.js
<SD-Card>/Android/####/hotReading.css
<SD-Card>/Android/####/hotReading.html
<SD-Card>/Android/####/index.js
<SD-Card>/Android/####/infiniteScroll.js
<SD-Card>/Android/####/integralDetail.html
<SD-Card>/Android/####/intelligentAnswer.css
<SD-Card>/Android/####/intelligentAnswer.js
<SD-Card>/Android/####/intelligentDiagnosis.css
<SD-Card>/Android/####/intelligentDiagnosis.html
<SD-Card>/Android/####/intelligentDiagnosisSearch.html
<SD-Card>/Android/####/interface.js
<SD-Card>/Android/####/investEduCommon.css
<SD-Card>/Android/####/investEduCommon.js
<SD-Card>/Android/####/investEduDetail.html
<SD-Card>/Android/####/investEduInterface.js
<SD-Card>/Android/####/investmentDNA.html
<SD-Card>/Android/####/investmentDNAChart.js
<SD-Card>/Android/####/investmentManager.html
<SD-Card>/Android/####/investmentMap.css
<SD-Card>/Android/####/investmentMap.html
<SD-Card>/Android/####/investmentMapIntro.html
<SD-Card>/Android/####/investmentMapMore.html
<SD-Card>/Android/####/investmentMore.html
<SD-Card>/Android/####/inviteFellow.html
<SD-Card>/Android/####/iscroll-lite.js
<SD-Card>/Android/####/iscroll-probe.min.js
<SD-Card>/Android/####/journal.tmp
<SD-Card>/Android/####/jumpIframe.html
<SD-Card>/Android/####/largeItemTrack.html
<SD-Card>/Android/####/livingData.js
<SD-Card>/Android/####/log_1501849354015_1
<SD-Card>/Android/####/main.js
<SD-Card>/Android/####/mapdata.min.js
<SD-Card>/Android/####/mapv.min.js
<SD-Card>/Android/####/marketDailyReport.html
<SD-Card>/Android/####/marketQuotation.css
<SD-Card>/Android/####/marketSecurityMargin.html
<SD-Card>/Android/####/marketWarning.css
<SD-Card>/Android/####/marketWarning.html
<SD-Card>/Android/####/md5.js
<SD-Card>/Android/####/md5.min.js
<SD-Card>/Android/####/moban.js
<SD-Card>/Android/####/monthSwitcher.js
<SD-Card>/Android/####/newStockCenter.html
<SD-Card>/Android/####/newStockDetail.html
<SD-Card>/Android/####/news.html
<SD-Card>/Android/####/newsDetail.css
<SD-Card>/Android/####/newsSubject.css
<SD-Card>/Android/####/newsSubject.html
<SD-Card>/Android/####/opinionDetail.html
<SD-Card>/Android/####/optionalStrategy.html
<SD-Card>/Android/####/picker.js
<SD-Card>/Android/####/picker.min.js
<SD-Card>/Android/####/plateFlowList.html
<SD-Card>/Android/####/plateMargin.html
<SD-Card>/Android/####/plateRankList.html
<SD-Card>/Android/####/privatizationTracking.html
<SD-Card>/Android/####/privatizationTrackingDetail.html
<SD-Card>/Android/####/privatizationTrackingFAQ.html
<SD-Card>/Android/####/privilege.css
<SD-Card>/Android/####/privilege.js
<SD-Card>/Android/####/publicData.js
<SD-Card>/Android/####/react-dom.js
<SD-Card>/Android/####/react.js
<SD-Card>/Android/####/relatedNewsList.html
<SD-Card>/Android/####/reportChart.js
<SD-Card>/Android/####/sTime.js
<SD-Card>/Android/####/searchBar.js
<SD-Card>/Android/####/selectEvaluateExp.html
<SD-Card>/Android/####/selfChooseDailyReport.css
<SD-Card>/Android/####/selfChooseDailyReport.html
<SD-Card>/Android/####/seriesData.js
<SD-Card>/Android/####/similarK.css
<SD-Card>/Android/####/similarK.html
<SD-Card>/Android/####/similarKChart.js
<SD-Card>/Android/####/similarKExp.html
<SD-Card>/Android/####/similarShape.css
<SD-Card>/Android/####/similarShape.html
<SD-Card>/Android/####/similarShapeChart.js
<SD-Card>/Android/####/stockCommonList.html
<SD-Card>/Android/####/stockDailyReport.css
<SD-Card>/Android/####/stockDailyReport.html
<SD-Card>/Android/####/stockLive.css
<SD-Card>/Android/####/stockLive.html
<SD-Card>/Android/####/stockMap.css
<SD-Card>/Android/####/stockMap.html
<SD-Card>/Android/####/stockPortrait.css
<SD-Card>/Android/####/stockPortrait.html
<SD-Card>/Android/####/strategyList.css
<SD-Card>/Android/####/strategyList.html
<SD-Card>/Android/####/strategyRank.html
<SD-Card>/Android/####/strategySets.html
<SD-Card>/Android/####/styleJson.js
<SD-Card>/Android/####/suspentionDetail.html
<SD-Card>/Android/####/swiper.js
<SD-Card>/Android/####/swiper.min.js
<SD-Card>/Android/####/table-sorter.js
<SD-Card>/Android/####/table.css
<SD-Card>/Android/####/theme-black.css
<SD-Card>/Android/####/unlockDetail.html
<SD-Card>/Android/####/upUserServiceProtocol.html
<SD-Card>/Android/####/userAgreement.html
<SD-Card>/Android/####/yiAdvancedTeacher.html
<SD-Card>/Android/####/yiClass.css
<SD-Card>/Android/####/yiDetail.html
<SD-Card>/Android/####/yiList.html
<SD-Card>/Android/####/yiTeacher.html
<SD-Card>/Android/####/zepto.min.js

Другие:

Запускает следующие shell-скрипты:

<Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:55c41a01e0f55a30f8002c95","utdid":"WYRnCRaCkTgDAGdzx1He/kO7","sdkVersion":"220"} -I agoodm.m.taobao.com -O 80 -T -Z
chmod 500 <Package Folder>/files/DaemonServer
chmod 700 <Package Folder>/app_bin/daemon
chmod 755 <Package Folder>/.jiagu/libjiagu.so
getprop ro.product.cpu.abi
mars_d -p <Package> -s <Package>.component.keepalive.EmptyService2 -p1r 42 -p1w 43 -p2r 44 -p2w 45
sh

Загружает динамические библиотеки:

daemon_api20
libjiagu
tnet-3.1

Использует следующие алгоритмы для шифрования данных:

AES-CBC-NoPadding
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
DESede-ECB-PKCS5Padding
RSA-ECB-NoPadding

Использует следующие алгоритмы для расшифровки данных:

AES-CBC-NoPadding
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding

Использует специальную библиотеку для скрытия исполняемого байткода.

Осуществляет доступ к информации о геолокации.

Осуществляет доступ к информации о сети.

Осуществляет доступ к информации о телефоне (номер, imei и тд.).

Осуществляет доступ к информации об установленных приложениях.

Осуществляет доступ к информации о запущенных приложениях.

Добавляет задания в системный планировщик.

Отрисовывает собственные окна поверх других приложений.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней