Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) s####.ad-####.com:80
- TCP(HTTP/1.1) t.api.w####.cn:80
- TCP(HTTP/1.1) img.piq####.com:80
- TCP(HTTP/1.1) any.sp.gmoss####.####.net:80
- TCP(HTTP/1.1) b####.ly:80
- TCP(HTTP/1.1) cf.cdn.inmob####.####.net:80
- TCP(HTTP/1.1) decob####.com:80
- TCP(HTTP/1.1) js.w.in####.com:80
- TCP(HTTP/1.1) c####.jq####.com:80
- TCP(HTTP/1.1) cm.g.doublec####.net:80
- TCP(HTTP/1.1) s####.i-mo####.co.jp:80
- TCP(HTTP/1.1) js.ad-####.com:80
- TCP(HTTP/1.1) cdnyxzf####.b0.a####.com:80
- TCP(HTTP/1.1) l####.chunzhe####.cn:80
- TCP(HTTP/1.1) s####.f####.jp:80
- TCP(HTTP/1.1) x.bidsw####.net:80
- TCP(HTTP/1.1) tr.ad-####.com:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) piq####.com:80
- TCP(HTTP/1.1) ad.ad-####.com:80
- TCP(TLS/1.0) u####.jp:443
- TCP(TLS/1.0) adsd-####.am####.a####.com:443
- TCP(TLS/1.0) p####.go####.com:443
- TCP(TLS/1.0) s####.ad-####.com:443
- TCP(TLS/1.0) api.critter####.com:443
Запросы DNS:
- a####.sp.gmoss####.jp
- ad.ad-####.com
- adsd-####.am####.a####.com
- api.critter####.com
- b####.ly
- c####.jq####.com
- cdn.app.kac####.cn
- cf.cdn.in####.com
- cm.g.doublec####.net
- decob####.com
- dex.a####.jp
- img.piq####.com
- js.ad-####.com
- js.w.in####.com
- l####.chunzhe####.cn
- mt####.go####.com
- p####.go####.com
- piq####.com
- s####.ad-####.com
- s####.f####.jp
- s####.i-mo####.co.jp
- t.api.w####.cn
- tr.ad-####.com
- u####.jp
- www.google-####.com
- x.bidsw####.net
Запросы HTTP GET:
- ad.ad-####.com/ad?app_id=####&ad_spot_no=####&locale=####&ut=####&topfra...
- ad.ad-####.com/ad?app_id=MEDIA-1419ff2a&ad_spot_no=4&locale=en&ut=150184...
- ad.ad-####.com/ad?app_id=MEDIA-1419ff2a&ad_spot_no=5&locale=en&ut=150184...
- c####.jq####.com/jquery-1.9.1.min.js
- cf.cdn.inmob####.####.net/ad/inmobi.js
- cm.g.doublec####.net/pixel?google_nid=####&googl####&googl####
- cm.g.doublec####.net/pixel?google_nid=####&google_cm=####&google_sc=####...
- decob####.com/gateway/share-ad/?ver=####
- img.piq####.com/upload/j/jtpd20/1-4c5056c9c7.jpg
- img.piq####.com/upload/k/katsu1030/1-65033ad363.jpg
- img.piq####.com/upload/s/sasahara/2-b37271699f.jpg
- img.piq####.com/upload/s/sasahara/3-58ff5f1130.jpg
- img.piq####.com/upload/t/tkychr/5-b3c7f18cef.jpg
- img.piq####.com/upload/t/tkychr/6-ead3764bda.jpg
- img.piq####.com/upload/y/yantoocool/profile.png?x=####
- js.ad-####.com/js/adstir.js?2013####
- js.w.in####.com/showad?mk-siteid=####&mk-ad-slot=####&mk-ads=####&mk-ver...
- piq####.com/ad-finish/image?id=####
- piq####.com/ad-finish/json?cid=####&platform=####&lang=####
- piq####.com/ad-interstitial/json?cid=####&platform=####&lang=####
- piq####.com/ad-mediation/json?app_id=####&unit_id=####&platform=####&lan...
- piq####.com/ad/adstir/spot-hot?small=####
- piq####.com/css/common.css
- piq####.com/css/feed.css
- piq####.com/images/common/home/btn_title_catalog.png
- piq####.com/images/common/home/hdpi/ic_horizontalellipsis_selected.png
- piq####.com/images/common/home/mdpi/ic_comment.png
- piq####.com/images/common/home/mdpi/ic_good.png
- piq####.com/images/common/home/mdpi/ic_good_selected.png
- piq####.com/images/common/home/mdpi/ic_tag_symbol.png
- piq####.com/index/gw-hot?platform=####&app=####&lang=####
- piq####.com/js/fs/site/LazyLoad.js
- piq####.com/js/fs/site/ad.js
- piq####.com/js/fs/site/bottom.js
- piq####.com/js/fs/site/feed.js
- piq####.com/js/fs/site/popup.js
- piq####.com/js/fs/site/timeline.js
- piq####.com/timeline/new/?dtype=####
- piq####.com/yantoocool/feed/eid/1
- s####.ad-####.com/?symbol=####&uid=####
- s####.ad-####.com/?symbol=####&uid=####&google_cver=####
- s####.ad-####.com/sync?symbol=####&imp=####
- s####.ad-####.com/v2?symbol=####&uid=####
- s####.f####.jp/sync?xid=####&uid=####
- s####.i-mo####.co.jp/app/api/ad_deliver.ashx?spt=####&lang=####&pid=####...
- s####.i-mo####.co.jp/app/api/ad_imp_count.ashx?spt=####&lang=####&pid=##...
- s####.i-mo####.co.jp/app/api/ad_spot_environment.ashx?spt=####&lang=####...
- www.google-####.com/__utm.gif?utmwv=####&utms=####&utmn=####&utmhn=####&...
- www.google-####.com/__utm.gif?utmwv=5.7.0&utms=2&utmn=1146213834&utmhn=p...
- www.google-####.com/collect?ul=####&sr=####&a=####&sc=####&aid=####&cid=...
- www.google-####.com/ga.js
- www.google-####.com/r/__utm.gif?utmwv=5.7.0&utms=1&utmn=2032513371&utmhn...
Запросы HTTP POST:
- l####.chunzhe####.cn/jzbdt/lff/buodu/frh
- l####.chunzhe####.cn/jzbdt/mvxl/idih
- l####.chunzhe####.cn/jzbdt/wct/dunf
- l####.chunzhe####.cn/jzbdt/z/dhoy
- t.api.w####.cn/jzbdt/gatiz/te
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/index
- <Package Folder>/cache/ads136969874.jar
- <Package Folder>/databases/colorful.db
- <Package Folder>/databases/colorful.db-journal
- <Package Folder>/databases/google_analytics_v2.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/gaClientId
- <Package Folder>/files/sx.jar
- <Package Folder>/files/uv.jar
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/MyPreference.xml
- <Package Folder>/shared_prefs/MyPreference.xml.bak
- <Package Folder>/shared_prefs/com.crittercism.crashes.xml
- <Package Folder>/shared_prefs/com.crittercism.exceptions.xml
- <Package Folder>/shared_prefs/com.crittercism.loads.xml
- <Package Folder>/shared_prefs/com.crittercism.prefs.xml
- <Package Folder>/shared_prefs/dsi.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/kr.xml (deleted)
- <Package Folder>/shared_prefs/kr.xml.bak
- <Package Folder>/shared_prefs/sfe.xml
- <Package Folder>/shared_prefs/sfe.xml.bak
- <Package Folder>/shared_prefs/wv.xml
- <Package Folder>/shared_prefs/wv.xml.bak
- <SD-Card>/Android/####/V2.7.4.1.txt
Другие:
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
