Техническая информация
Вредоносные функции:
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) sh####.360t####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) 1####.201.253.34:2120
- TCP(HTTP/1.1) s.3####.cn:80
- TCP(HTTP/1.1) pt####.pinxu####.com:80
- TCP(HTTP/1.1) a.appj####.com:80
- TCP(HTTP/1.1) ope####.mob####.360.cn:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) t####.c####.l####.####.com:80
- TCP c####.g####.ig####.com:5227
- TCP sdk.o####.t####.####.com:5224
Запросы DNS:
- 7j####.c####.z0.####.com
- a####.u####.com
- a.appj####.com
- c####.g####.ig####.com
- c-h####.g####.com
- l####.tbs.qq.com
- mt####.go####.com
- ope####.mob####.360.cn
- pt####.pinxu####.com
- pt####.pinxu####.com
- pub-####.qin####.com
- s.3####.cn
- sdk.c####.ig####.com
- sdk.o####.i####.####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- sh####.360t####.com
Запросы HTTP GET:
- ope####.mob####.360.cn/index/upgrade?package=####&version=####&apk_versi...
- pt####.pinxu####.com/image/default/2017/0429/201704295903ebb8cbd29.jpg
- pt####.pinxu####.com/image/default/2017/0710/20170710596334c0460ae.jpg
- pt####.pinxu####.com/image/default/2017/0710/20170710596337d32e9c5.jpg
- pt####.pinxu####.com/image/default/2017/0710/2017071059633e1ff1c93.jpg
- pt####.pinxu####.com/image/default/2017/0710/2017071059633e9da78c4.jpg
- pt####.pinxu####.com/image/default/2017/0711/20170711596498fb70f26.jpg
- pt####.pinxu####.com/image/goods/2017/0327/58d8e8ee528c6.jpg
- pt####.pinxu####.com/image/goods/2017/0429/5903eb39c9553.jpg
- pt####.pinxu####.com/image/goods/2017/0429/5903eb8196666.jpg
- pt####.pinxu####.com/image/goods/2017/0429/5903ebad49456.jpg
- pt####.pinxu####.com/image/goods/2017/0429/5903ebb153c60.jpg
- pt####.pinxu####.com/image/goods/2017/0429/590402bdc49e3.jpg
- pt####.pinxu####.com/image/goods/2017/0927/59cb631fbb91f.jpg
- t####.c####.l####.####.com/config/hz-hzv3.conf
Запросы HTTP POST:
- a.appj####.com/ad-service/ad/mark
- l####.tbs.qq.com/ajax?c=####&k=####
- l####.tbs.qq.com/ajax?c=####&v=####&k=####
- pt####.pinxu####.com/
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/app_tbs/####/core_info
- <Package Folder>/app_tbs/####/debug.conf
- <Package Folder>/app_tbs/####/tbscoreinstall.txt
- <Package Folder>/app_tbs/####/tbslock.txt
- <Package Folder>/cache/####/-550457501-490174597
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/libpatch.so
- <Package Folder>/cache/####/libpatch1.so
- <Package Folder>/cache/####/temp.tmp~
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/increment.db-journal
- <Package Folder>/databases/pushext.db-journal
- <Package Folder>/databases/pushg.db-journal
- <Package Folder>/databases/pushsdk.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/108.png
- <Package Folder>/files/####/109.png
- <Package Folder>/files/####/110.png
- <Package Folder>/files/####/address-list.html.js
- <Package Folder>/files/####/address-list.js
- <Package Folder>/files/####/app-counter.html.js
- <Package Folder>/files/####/app-district.html.js
- <Package Folder>/files/####/app-footer.html.js
- <Package Folder>/files/####/app-form.html.js
- <Package Folder>/files/####/app-goods-list.html.js
- <Package Folder>/files/####/app-header.html.js
- <Package Folder>/files/####/app-list-filter.html.js
- <Package Folder>/files/####/app-popup-form.html.js
- <Package Folder>/files/####/app-recommend-goods.html.js
- <Package Folder>/files/####/app-recommend-spike.html.js
- <Package Folder>/files/####/app-search-goods-list.html.js
- <Package Folder>/files/####/app-search-goods-list.js
- <Package Folder>/files/####/app-search-header.html.js
- <Package Folder>/files/####/app-search-popup.html.js
- <Package Folder>/files/####/app-subject-list.html.js
- <Package Folder>/files/####/app-swipe.html.js
- <Package Folder>/files/####/app-upload-img.html.js
- <Package Folder>/files/####/app-upload-replace.html.js
- <Package Folder>/files/####/app-widgets-show.html.js
- <Package Folder>/files/####/article-detail.html.js
- <Package Folder>/files/####/article-detail.js
- <Package Folder>/files/####/article-list.html.js
- <Package Folder>/files/####/article-list.js
- <Package Folder>/files/####/bridge.js
- <Package Folder>/files/####/category.html.js
- <Package Folder>/files/####/category.js
- <Package Folder>/files/####/channel.html.js
- <Package Folder>/files/####/channel.js
- <Package Folder>/files/####/checkout.html.js
- <Package Folder>/files/####/checkout.js
- <Package Folder>/files/####/combo.js
- <Package Folder>/files/####/common.css
- <Package Folder>/files/####/constant.css
- <Package Folder>/files/####/coupons.html.js
- <Package Folder>/files/####/coupons.js
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/feedback-type.html.js
- <Package Folder>/files/####/feedback-type.js
- <Package Folder>/files/####/feedback.html.js
- <Package Folder>/files/####/feedback.js
- <Package Folder>/files/####/food.png
- <Package Folder>/files/####/function.css
- <Package Folder>/files/####/furniture_v2.png
- <Package Folder>/files/####/goods-detail.html.js
- <Package Folder>/files/####/goods-detail.js
- <Package Folder>/files/####/goods.html.js
- <Package Folder>/files/####/goods.js
- <Package Folder>/files/####/group.html.js
- <Package Folder>/files/####/group.js
- <Package Folder>/files/####/haitao.html.js
- <Package Folder>/files/####/haitao.js
- <Package Folder>/files/####/iconfont.eot
- <Package Folder>/files/####/iconfont.svg
- <Package Folder>/files/####/iconfont.ttf
- <Package Folder>/files/####/iconfont.woff
- <Package Folder>/files/####/id_card_header.png
- <Package Folder>/files/####/index.html
- <Package Folder>/files/####/index.html.js
- <Package Folder>/files/####/index.js
- <Package Folder>/files/####/invite.html.js
- <Package Folder>/files/####/invite.js
- <Package Folder>/files/####/invite_footer.png
- <Package Folder>/files/####/invite_logo.png
- <Package Folder>/files/####/invite_screen.png
- <Package Folder>/files/####/lib.js
- <Package Folder>/files/####/likes.html.js
- <Package Folder>/files/####/likes.js
- <Package Folder>/files/####/localResizeIMG.js
- <Package Folder>/files/####/login.html.js
- <Package Folder>/files/####/login.js
- <Package Folder>/files/####/logistics-info.html.js
- <Package Folder>/files/####/logistics-info.js
- <Package Folder>/files/####/logo.jpg
- <Package Folder>/files/####/mine.html.js
- <Package Folder>/files/####/mine.js
- <Package Folder>/files/####/mobileBUGFix.mini.js
- <Package Folder>/files/####/mobile_user_avatar.png
- <Package Folder>/files/####/my-free.html.js
- <Package Folder>/files/####/my-free.js
- <Package Folder>/files/####/my-group.html.js
- <Package Folder>/files/####/my-group.js
- <Package Folder>/files/####/my-refund.html.js
- <Package Folder>/files/####/my-refund.js
- <Package Folder>/files/####/new-arrivals.html.js
- <Package Folder>/files/####/new-arrivals.js
- <Package Folder>/files/####/order-detail.html.js
- <Package Folder>/files/####/order-detail.js
- <Package Folder>/files/####/orders.html.js
- <Package Folder>/files/####/orders.js
- <Package Folder>/files/####/page-address-list.css
- <Package Folder>/files/####/page-article-detail.css
- <Package Folder>/files/####/page-article-list.css
- <Package Folder>/files/####/page-category.css
- <Package Folder>/files/####/page-channel.css
- <Package Folder>/files/####/page-checkout.css
- <Package Folder>/files/####/page-coupons.css
- <Package Folder>/files/####/page-feedback-type.css
- <Package Folder>/files/####/page-feedback.css
- <Package Folder>/files/####/page-goods-detail.css
- <Package Folder>/files/####/page-goods.css
- <Package Folder>/files/####/page-group.css
- <Package Folder>/files/####/page-haitao.css
- <Package Folder>/files/####/page-index.css
- <Package Folder>/files/####/page-invite.css
- <Package Folder>/files/####/page-likes.css
- <Package Folder>/files/####/page-login.css
- <Package Folder>/files/####/page-logistics-info.css
- <Package Folder>/files/####/page-mine.css
- <Package Folder>/files/####/page-my-free.css
- <Package Folder>/files/####/page-my-group.css
- <Package Folder>/files/####/page-my-refund.css
- <Package Folder>/files/####/page-new-arrivals.css
- <Package Folder>/files/####/page-order-detail.css
- <Package Folder>/files/####/page-orders.css
- <Package Folder>/files/####/page-refund-apply.css
- <Package Folder>/files/####/page-refund-detail.css
- <Package Folder>/files/####/page-refund-log.css
- <Package Folder>/files/####/page-return-log.css
- <Package Folder>/files/####/page-setting.css
- <Package Folder>/files/####/page-specials.css
- <Package Folder>/files/####/page-spike-sellout.css
- <Package Folder>/files/####/page-spike.css
- <Package Folder>/files/####/page-subjects.css
- <Package Folder>/files/####/page-template.css
- <Package Folder>/files/####/qrcode.min.js
- <Package Folder>/files/####/refund-apply.html.js
- <Package Folder>/files/####/refund-apply.js
- <Package Folder>/files/####/refund-detail.html.js
- <Package Folder>/files/####/refund-detail.js
- <Package Folder>/files/####/refund-log.html.js
- <Package Folder>/files/####/refund-log.js
- <Package Folder>/files/####/return-log.html.js
- <Package Folder>/files/####/return-log.js
- <Package Folder>/files/####/sea.js
- <Package Folder>/files/####/select-bg.png
- <Package Folder>/files/####/setting.html.js
- <Package Folder>/files/####/setting.js
- <Package Folder>/files/####/socket.io.js
- <Package Folder>/files/####/special99.png
- <Package Folder>/files/####/specials.html.js
- <Package Folder>/files/####/specials.js
- <Package Folder>/files/####/spike-sellout.html.js
- <Package Folder>/files/####/spike-sellout.js
- <Package Folder>/files/####/spike.html.js
- <Package Folder>/files/####/spike.js
- <Package Folder>/files/####/spike.png
- <Package Folder>/files/####/subject_502.png
- <Package Folder>/files/####/subjects.html.js
- <Package Folder>/files/####/subjects.js
- <Package Folder>/files/####/subjects_15.png
- <Package Folder>/files/####/subjects_20.png
- <Package Folder>/files/####/swipe.js
- <Package Folder>/files/####/vue.lazyload.js
- <Package Folder>/files/####/vue.min.js
- <Package Folder>/files/####/vue.route.min.js
- <Package Folder>/files/.imprint
- <Package Folder>/files/96ddd9aeb4d5
- <Package Folder>/files/exid.dat
- <Package Folder>/files/gdaemon_20161017
- <Package Folder>/files/init.pid
- <Package Folder>/files/init_c.pid
- <Package Folder>/files/push.pid
- <Package Folder>/files/run.pid
- <Package Folder>/files/tdata_VrM483
- <Package Folder>/files/tdata_VrM483.jar
- <Package Folder>/files/tdata_qNf317
- <Package Folder>/files/tdata_qNf317.jar
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/libs/####/libpatch
- <Package Folder>/libs/####/libpatch1
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/WebViewSettings.xml
- <Package Folder>/shared_prefs/gx_sp.xml
- <Package Folder>/shared_prefs/jg_app_update_settings_random.xml
- <Package Folder>/shared_prefs/qiyu_save_3423f85d67ffc5aa619d486...26.xml
- <Package Folder>/shared_prefs/share_data_updatesdk.xml
- <Package Folder>/shared_prefs/sharedPreferences.xml
- <Package Folder>/shared_prefs/tbs_download_config.xml
- <Package Folder>/shared_prefs/tbs_download_stat.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/unicorn#cheese#
- <Package Folder>/update.qh
- <SD-Card>/<Package>/####/.nomedia
- <SD-Card>/<Package>/.nomedia
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/libs/<Package>.db
- <SD-Card>/libs/app.db
- <SD-Card>/libs/com.getui.sdk.deviceId.db
- <SD-Card>/libs/com.igexin.sdk.deviceId.db
- <SD-Card>/libs/test.log
- <SD-Card>/system/####/tdata_VrM483
- <SD-Card>/system/####/tdata_qNf317
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25053 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- chmod 755 <Package Folder>/cache/360Download
- getprop ro.product.cpu.abi
- mount
Загружает динамические библиотеки:
- libjiagu
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS7Padding
- DESede-ECB-PKCS5Padding
- RSA-ECB-NoPadding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
