Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) c####.im.qq.com:80
- TCP(HTTP/1.1) m.b####.cn:80
- TCP(HTTP/1.1) go.1mi####.cn:80
- TCP(HTTP/1.1) www.ty####.cn:80
- TCP(HTTP/1.1) up.soso####.com:80
- TCP(HTTP/1.1) d.xiongj####.com.####.com:80
- TCP(HTTP/1.1) re####.b####.sc####.com:80
- TCP(HTTP/1.1) cs.bukama####.com:8000
- TCP(HTTP/1.1) i####.bukama####.com:8000
Запросы DNS:
- a####.u####.com
- c####.i####.cn
- c####.im.qq.com
- cs.bukama####.com
- d.xiongj####.com.cn
- go.1mi####.cn
- i####.bukama####.com
- i####.i####.cn
- i####.soso####.cn
- m.b####.cn
- mt####.go####.com
- up.soso####.com
- www.ty####.cn
Запросы HTTP GET:
- d.xiongj####.com.####.com/jfile/ter.jar
- i####.bukama####.com:8000/user/head/20171001/9432596-002257.jpg
- m.b####.cn/article/57124?p=####
- m.b####.cn/article/57125?p=####
- m.b####.cn/article/57126?p=####
- up.soso####.com/android/ver.php?chn=####&model=####&manu=####&ver=####&h...
Запросы HTTP POST:
- c####.im.qq.com/cgi-bin/cgi_svrtime
- www.ty####.cn/n
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_buka_manga/cache_request_main_recom.tmp
- <Package Folder>/app_buka_manga/cache_request_manga_categories.tmp
- <Package Folder>/app_buka_manga/discovery_cache_one.tmp
- <Package Folder>/app_buka_manga/discovery_cache_three.tmp
- <Package Folder>/app_buka_manga/discovery_cache_two.tmp
- <Package Folder>/app_buka_manga/manga_purchase_records.txt
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/index
- <Package Folder>/databases/article.db-journal
- <Package Folder>/databases/buka.db-journal
- <Package Folder>/databases/downloadinfo.db-journal
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/databases/history.db-journal
- <Package Folder>/databases/statcache.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/.imprint
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/shared_prefs/z.xml
- <SD-Card>/Download/####/5.0ter.jar
- <SD-Card>/dt/restime.dat
- <SD-Card>/ibuka/####/-03Go527FwEsaNx_SeHPb9nUNU0.256073513.tmp
- <SD-Card>/ibuka/####/3i698s5yxUJAubSR3ojYxXHnn_k.1529590039.tmp
- <SD-Card>/ibuka/####/5TRXYRWQHT_KySp5DKo4XS358e8.543277313.tmp
- <SD-Card>/ibuka/####/5jnabW2_P87fSo2dYe1YkGLEYs4.363080656.tmp
- <SD-Card>/ibuka/####/6BLrJX3oz75f94kxUkvUhg5D7-A.1798193546.tmp
- <SD-Card>/ibuka/####/6NPpJnuXDEZfS6a5uYK0a3za8b0.1604529060.tmp
- <SD-Card>/ibuka/####/6rgnIooiCe1hpKMUsYQldXM8bRg.-207536694.tmp
- <SD-Card>/ibuka/####/8j96xcZv_b7DIuaTmnRRmrYDEz4.549755516.tmp
- <SD-Card>/ibuka/####/9OzeIK-B8VDiK0Vr8aJ-6Y91o24.-1955849169.tmp
- <SD-Card>/ibuka/####/9UGGowRTYCKahyhOoRyq3w8lpCg.684625160.tmp
- <SD-Card>/ibuka/####/9wWWaL3HKiPYGbRzRjqB-SoItB8.725515923.tmp
- <SD-Card>/ibuka/####/Acp8IqgZNJjIhVrHb1_bFUarHTw.1304392840.tmp
- <SD-Card>/ibuka/####/CNkNB6tt5V4uFZsNiW2RocZ5flQ.-543462766.tmp
- <SD-Card>/ibuka/####/Cmk2H3qLI7Hq4rWTmA8rZRyBkaY.-1919588905.tmp
- <SD-Card>/ibuka/####/DrauGRP8XQy0DTbw4ykU10iRhVQ.-1886810063.tmp
- <SD-Card>/ibuka/####/HPgqy-dFRGWnPCrRqNeOgKcCaps.1159823130.tmp
- <SD-Card>/ibuka/####/HTgbDjx4L-00o4rzf0T2goQOVvA.-384818676.tmp
- <SD-Card>/ibuka/####/IrS_H3lKtdQQR9ngT-q4FSyfMq8.1567828607.tmp
- <SD-Card>/ibuka/####/KB5jKJP65z4V12tfOU6Nb3wSJwM.588376992.tmp
- <SD-Card>/ibuka/####/LAUILyCG7AQLnq4oJ31TdLXjf08.-968339155.tmp
- <SD-Card>/ibuka/####/Li2JAeypzkZLXBZEST7dfnvTpJ0.1084883971.tmp
- <SD-Card>/ibuka/####/MHToxdGSvcKy9H9HUaghm20oZFI.1459911947.tmp
- <SD-Card>/ibuka/####/MahKFIMYYMIo6q4IiU7_mDInJUw.1482142270.tmp
- <SD-Card>/ibuka/####/MzwHnpCkwUNVo-j_-5gUj--Swts.1078243974.tmp
- <SD-Card>/ibuka/####/OG2RBGE5cPIfNYT8WH5JkV9jsec.1186428537.tmp
- <SD-Card>/ibuka/####/PhmxyZCJAlYpuut3ssjaBITPRDk.-1029083103.tmp
- <SD-Card>/ibuka/####/Q7q7wXbScJGNxABqE9u5miNzP-o.-496779837.tmp
- <SD-Card>/ibuka/####/RAp67kPGFfEKe4L0_GUssaTUmIk.-1299288681.tmp
- <SD-Card>/ibuka/####/SEv4R083CgfA1djYxuPdSBaS6Yc.1808252201.tmp
- <SD-Card>/ibuka/####/SYlTUVC_GGEyryVuFZkg7YDJd-0.-941367869.tmp
- <SD-Card>/ibuka/####/U0Ndgf0TwoU_itJKqJHAvmW01mg.282336299.tmp
- <SD-Card>/ibuka/####/UTELvBg3oF0-87c_Q3XMm-FwoIo.1673074088.tmp
- <SD-Card>/ibuka/####/XYzZEiUflezlE8RffXHMFyYjl-g.1463313230.tmp
- <SD-Card>/ibuka/####/XaEKix_ExAB9ZoESui7Yu3yTxoQ.-1656818268.tmp
- <SD-Card>/ibuka/####/Y7jwm5UUTA6_Zs-LBg3nxu5Zeik.305910202.tmp
- <SD-Card>/ibuka/####/Z68DPxia1zYTsQLAZVEJqI5Mam8.-913336903.tmp
- <SD-Card>/ibuka/####/_CXQ_QAfN_1tXV-yWa-owEAAXVc.1467737544.tmp
- <SD-Card>/ibuka/####/aMuZWwrDH2X5MsIpVNBU_q5g_iM.-829398682.tmp
- <SD-Card>/ibuka/####/bZlyp35p2FaaAm10VM_xaqahSfg.-1964243594.tmp
- <SD-Card>/ibuka/####/c48JdI41rpYOcZIYg9P97-JxloQ.-1994089185.tmp
- <SD-Card>/ibuka/####/cJFEG59hbrczB-ba848qYFtsHRI.-463958715.tmp
- <SD-Card>/ibuka/####/cngKIXqY9rS0whZfjyeaWk-DmlE.-136025808.tmp
- <SD-Card>/ibuka/####/dGD_jFn65opUS9dbnuo_FJkbQfs.7538978.tmp
- <SD-Card>/ibuka/####/evwckRTOUnU5chiRRuRTKRt0a0I.480501996.tmp
- <SD-Card>/ibuka/####/gmvB5cCyqjsrtKqVtc0dwFqXTzc.-837853151.tmp
- <SD-Card>/ibuka/####/hPrxO8OkvY9NDQWLjncc7NWQEBk.-935033331.tmp
- <SD-Card>/ibuka/####/jFY2277sVFiTlGn2775xwNlZvxE.815804770.tmp
- <SD-Card>/ibuka/####/jXR7c-IW91Tazl0qXNH1HtvPOfA.1162848844.tmp
- <SD-Card>/ibuka/####/jZGoLG3X4K99KwvZsXKciqyPGDw.-1961224165.tmp
- <SD-Card>/ibuka/####/k9iPDJVO3C0Qy6TLkBQUSLF2HDM.1257109538.tmp
- <SD-Card>/ibuka/####/kNoDt9zaXPM9NnfWKf1-6eTjge8.-1769900080.tmp
- <SD-Card>/ibuka/####/kNrCj2eR4Ymm7Z2ollfmf3nbfRA.236175293.tmp
- <SD-Card>/ibuka/####/kPLVHoIfN3rSkrKmnyNeySTu-vw.-882304360.tmp
- <SD-Card>/ibuka/####/lM_GxImpqVpQ1P94KkfvsWf_-90.-1199483635.tmp
- <SD-Card>/ibuka/####/ljbsXebYzavO5mpD2STczJmvvHU.1254124613.tmp
- <SD-Card>/ibuka/####/luQri6cp6Adw5LW5jdjtHmzDfxE.975452472.tmp
- <SD-Card>/ibuka/####/q_kYV_VSGHzib7OJXe6-LSx4etI.977671390.tmp
- <SD-Card>/ibuka/####/rE-C_Xsjo_2uqbx5bL_ktMLWgeQ.1474235703.tmp
- <SD-Card>/ibuka/####/rpbAO_ikSla76y8m3Tdovf-hkcY.827677568.tmp
- <SD-Card>/ibuka/####/s95OSUEq7rc5pqzZKzIANRKwPoM.115501253.tmp
- <SD-Card>/ibuka/####/slWNwbyK2uFmAPvpva6Zjc42Ie8.-559721855.tmp
- <SD-Card>/ibuka/####/t7KB22RR0r-cpIVdk3mtT5l2nFQ.-1528933913.tmp
- <SD-Card>/ibuka/####/v2m0DGFZHG-Hs28Ox4yckiXgsWY.218737791.tmp
- <SD-Card>/ibuka/####/vIPhanPhExJqTqYbZ7Cz3OWlLjg.-98298448.tmp
- <SD-Card>/ibuka/####/wQnjYQYqhVtIoNqQ0w32MPm-v3Y.857761753.tmp
- <SD-Card>/ibuka/####/x6PsGseJLVIV7hp7U18_EULAY6I.1912983098.tmp
- <SD-Card>/ibuka/####/xExHtyjQTUEvwn8olI3XPGmDf34.-926266827.tmp
- <SD-Card>/ibuka/.asset
- <SD-Card>/ibuka/.nomedia
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- bitmaps
- libjiagu
- memchunk
- pl_droidsonroids_gif
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
