Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 10004520: 2
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) www.jiv####.ir:80
- TCP(HTTP/1.1) t.dts####.com:80
- TCP(HTTP/1.1) jiv####.ir:80
- TCP(HTTP/1.1) g####.com:80
- TCP(HTTP/1.1) e.dts####.com:80
- TCP(HTTP/1.1) t.dt####.com:80
- TCP(HTTP/1.1) stat####.face####.com:80
- TCP(HTTP/1.1) t####.blu####.com.####.net:80
- TCP(HTTP/1.1) en####.webg####.ir:80
- TCP(HTTP/1.1) www.webg####.com:80
- TCP(HTTP/1.1) e.taple####.com:80
- TCP(HTTP/1.1) n.nextr####.com:80
- TCP(HTTP/1.1) jiv####.com:80
- TCP(HTTP/1.1) www.webg####.ir:80
- TCP(HTTP/1.1) con####.face####.net:80
- TCP(HTTP/1.1) 2-01-2c####.cdx.ced####.net:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) s10.his####.com.####.me:80
- TCP(HTTP/1.1) s4.his####.com:80
- TCP(SSL/3.0) n-cdn-o####.areyoua####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) stat####.face####.com:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) 2-01-2c####.cdx.ced####.net:443
- TCP(TLS/1.0) n-cdn-o####.areyoua####.com:443
- TCP(TLS/1.0) n####.areyoua####.com:443
- TCP(TLS/1.0) a####.google####.com:443
- TCP(TLS/1.0) st####.xx.f####.net:443
Запросы DNS:
- a####.google####.com
- and####.cli####.go####.com
- con####.face####.net
- e.dts####.com
- e.taple####.com
- en####.webg####.ir
- g####.com
- jiv####.com
- jiv####.ir
- n####.areyoua####.com
- n-cdn-o####.areyoua####.com
- n.nextr####.com
- plat####.link####.com
- s10.his####.com
- s4.his####.com
- st####.l####.com
- st####.xx.f####.net
- stat####.face####.com
- t####.blu####.com
- t.dt####.com
- t.dts####.com
- www.face####.com
- www.google-####.com
- www.jiv####.ir
- www.link####.com
- www.webg####.com
- www.webg####.ir
Запросы HTTP GET:
- 2-01-2c####.cdx.ced####.net/in.js
- con####.face####.net/fa_IR/all.js
- e.dts####.com/e/?v=####&pid=####&site=####&l=####&j=####
- en####.webg####.ir/counter/xstat.aspx?t=####&code=####&rnd=####&s=####&c...
- en####.webg####.ir/counter/xstat.aspx?t=stat4&code=3608283&rnd=21895&s=8...
- en####.webg####.ir/counter/xstat.aspx?t=stat4&code=3608283&rnd=26948&s=8...
- en####.webg####.ir/counter/xstat.aspx?t=stat4&code=3608283&rnd=5664&s=80...
- jiv####.ir//plugins/content/bt_socialshare/assets/bt_socialshare.css
- jiv####.ir//plugins/content/bt_socialshare/assets/share.png
- jiv####.ir/audio/صدای-مشتریان-شهریور-95?layout=####
- jiv####.ir/images/audio/shahrivar/audio134.mp3
- jiv####.ir/images/icon/srugstore.png
- jiv####.ir/images/igallery/banner/optimize/666_515a45d3f035a96db425cc44f...
- jiv####.ir/images/igallery/banner/optimize/icon6_dec0ef4c0164a51239d63a8...
- jiv####.ir/images/igallery/banner/optimize/services_0738660a98feef5de66a...
- jiv####.ir/images/igallery/social/aparat.png
- jiv####.ir/images/igallery/social/instagram.png
- jiv####.ir/images/logo.png
- jiv####.ir/images/shampo_06.png
- jiv####.ir/images/shampo_08.png
- jiv####.ir/images/top.png
- jiv####.ir/index.php?option=####&view=####&layout=####&id=####&activeSli...
- jiv####.ir/media/com_acymailing/css/module_default.css
- jiv####.ir/media/com_acymailing/js/acymailing_module.js?v=####
- jiv####.ir/media/jui/js/jquery-migrate.min.js
- jiv####.ir/media/k2/assets/js/k2.noconflict.js
- jiv####.ir/media/system/css/system.css
- jiv####.ir/media/system/js/caption.js
- jiv####.ir/media/system/js/core.js
- jiv####.ir/media/system/js/mootools-core.js
- jiv####.ir/modules/mod_maximenuck/assets/moomaximenuck.js
- jiv####.ir/modules/mod_maximenuck/themes/css3megamenu/css/maximenuhck_rt...
- jiv####.ir/modules/mod_maximenuck/themes/css3megamenu/css/moo_maximenuhc...
- jiv####.ir/plugins/system/compare/js/tipsy.js
- jiv####.ir/plugins/system/jqueryeasy/jquerynoconflict.js
- jiv####.ir/plugins/system/sl_scrolltotop/assets/js/skyline_scrolltotop.m...
- jiv####.ir/poj/index.php/per/captcha/captchastring/form/1505805989?_=####
- jiv####.ir/poj/index.php/per/captcha/captchastring/form/1505805993?_=####
- jiv####.ir/poj/index.php/per/chat/chatcheckoperatormessage/(department)/...
- jiv####.ir/poj/index.php/per/chat/chatcheckstatus/(department)/1/(status...
- jiv####.ir/poj/index.php/per/chat/getstatus/(click)/internal/(position)/...
- jiv####.ir/poj/index.php/per/chat/readoperatormessage/(department)/1/(vi...
- jiv####.ir/templates/npco-template/css/template.css
- jiv####.ir/templates/npco-template/fonts/BYekan.ttf
- jiv####.ir/templates/npco-template/fonts/DroidArabicKufi.ttf
- jiv####.ir/templates/npco-template/images/body.png
- jiv####.ir/templates/npco-template/images/footer.png
- jiv####.ir/templates/npco-template/images/search.png
- jiv####.ir/templates/system/css/system.css
- jiv####.ir/user/login
- s10.his####.com.####.me/js15.js
- s10.his####.com.####.me/js15_as.js
- stat####.face####.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=####
- t####.blu####.com.####.net/site/27675?id=####&ret=####&phint=_####&phint...
- t####.blu####.com.####.net/site/27675?id=D9E9B66B85C6C059C66B1D53026BFA5...
- t####.blu####.com.####.net/site/27676?dt=####&r=####&sig=####&bkca=####
- t####.blu####.com.####.net/site/27676?dt=####&r=####&sig=####&bkca=KJ####
- www.google-####.com/ga.js
- www.webg####.com/counter/pic/stat4.gif
Запросы HTTP POST:
- jiv####.ir/poj/index.php/per/chat/readoperatormessage/(department)/1/(vi...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/f_000011
- <Package Folder>/cache/####/f_000012
- <Package Folder>/cache/####/f_000013
- <Package Folder>/cache/####/f_000014
- <Package Folder>/cache/####/f_000015
- <Package Folder>/cache/####/f_000016
- <Package Folder>/cache/####/f_000017
- <Package Folder>/cache/####/f_000018
- <Package Folder>/cache/####/f_000019
- <Package Folder>/cache/####/f_00001a
- <Package Folder>/cache/####/f_00001b
- <Package Folder>/cache/####/f_00001c
- <Package Folder>/cache/####/f_00001d
- <Package Folder>/cache/####/f_00001e
- <Package Folder>/cache/####/f_00001f
- <Package Folder>/cache/####/f_000020
- <Package Folder>/cache/####/f_000021
- <Package Folder>/cache/####/f_000022
- <Package Folder>/cache/####/f_000023
- <Package Folder>/cache/####/f_000024
- <Package Folder>/cache/####/getApplicationId
- <Package Folder>/cache/####/index
- <Package Folder>/databases/google_app_measurement_local.db
- <Package Folder>/databases/google_app_measurement_local.db-journal
- <Package Folder>/databases/tapleader_offline.db
- <Package Folder>/databases/tapleader_offline.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/APP_5040.xml
- <Package Folder>/shared_prefs/App_info.xml
- <Package Folder>/shared_prefs/WebViewSettings.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measuremen...ml.bak
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
Другие:
Может автоматически отправлять СМС-сообщения.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
