Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) mes####.ca####.com:16080
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) 2####.243.193.48:80
- TCP(HTTP/1.1) beau####.id####.com:8008
- TCP(HTTP/1.1) t####.idot####.com:16070
- TCP(HTTP/1.1) d.xiongj####.com.####.com:80
- TCP(HTTP/1.1) r.eli####.cn:80
- TCP(HTTP/1.1) yes.yuchan####.com.cn:80
- TCP(HTTP/1.1) beau####.id####.com:16080
Запросы DNS:
- a####.u####.com
- beau####.id####.com
- d.xiongj####.com.cn
- mes####.ca####.com
- r.eli####.cn
- t####.idot####.com
- yes.yuchan####.com.cn
Запросы HTTP GET:
- beau####.id####.com:16080/topic?id=####
- beau####.id####.com:8008/beautify/banner/cover/19e4d9cd5e4641ffbcbfc205a...
- beau####.id####.com:8008/beautify/banner/cover/37aef4f8498f4d19ade5e1785...
- beau####.id####.com:8008/beautify/banner/cover/d86b83796be844c99f71c18f0...
- beau####.id####.com:8008/beautify/lockscreen/preview/0b95c2feba9941b288d...
- beau####.id####.com:8008/beautify/lockscreen/preview/2b3db3a9981d467ab36...
- beau####.id####.com:8008/beautify/lockscreen/preview/7c09032bcc624a8ba2d...
- beau####.id####.com:8008/beautify/lockscreen/preview/7c372b3e3e094f10a12...
- beau####.id####.com:8008/beautify/lockscreen/preview/b0885afd778c4760a8a...
- beau####.id####.com:8008/beautify/lockscreen/preview/c22080f8942a49fa825...
- beau####.id####.com:8008/beautify/lockscreen/preview/e7b2ef17e40b48f6843...
- beau####.id####.com:8008/beautify/lockscreen/preview/ffaf6a4fde654adfb73...
- d.xiongj####.com.####.com/jfile/gou.jar
- mes####.ca####.com:16080/home
- mes####.ca####.com:16080/img/icons.png?1####
- mes####.ca####.com:16080/js/idotools/idotoolsjs.server.min.js?3####
- t####.idot####.com:16070/getLockScreen?publishType=####&packageName=####
- t####.idot####.com:16070/themes?simCIso=####&localC=####&market=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/index
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/.imprint
- <Package Folder>/files/mobclick_agent_cached_<Package>4
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_pref.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <SD-Card>/Download/####/4.8_gou.jar.tmp
- <SD-Card>/dotools/####/2017-8-4_12-34-25_u-10044_p-2064_<Package>.log
- <SD-Card>/dt/restime.dat
- <SD-Card>/iDoLockscreen/####/<Package>.iDoD
- <SD-Card>/iDoLockscreen/####/camera_icon.png
- <SD-Card>/iDoLockscreen/####/errorPage.html
- <SD-Card>/iDoLockscreen/####/notification_delete_icon.png
- <SD-Card>/iDoLockscreen/####/notification_item_bg.png
- <SD-Card>/iDoLockscreen/####/pattern_image_normal.png
- <SD-Card>/iDoLockscreen/####/pattern_image_select.png
- <SD-Card>/iDoLockscreen/####/pingcode_delete_normal.png
- <SD-Card>/iDoLockscreen/####/pingcode_delete_press.png
- <SD-Card>/iDoLockscreen/####/pingcode_label_input.png
- <SD-Card>/iDoLockscreen/####/pingcode_label_normal.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_0.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_1.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_2.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_3.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_4.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_5.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_6.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_7.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_8.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_9.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_press_0.png
- <SD-Card>/iDoLockscreen/####/pingcode_number_press_1.png
Другие:
Загружает динамические библиотеки:
- dot-zipio
- vovkeut
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
