Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Loki.50
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.you####.com:80
- TCP(HTTP/1.1) flying####.com:80
- TCP(HTTP/1.1) ck2.mobi-####.org:13631
- TCP(HTTP/1.1) www.red####.com:80
- TCP(HTTP/1.1) b####.com:80
- TCP(HTTP/1.1) ck1.mobi-####.org:13631
- TCP(HTTP/1.1) www.por####.com:80
- TCP(HTTP/1.1) www.x####.com:80
- TCP(HTTP/1.1) up.press####.com:80
- TCP(HTTP/1.1) ln.nobv####.com:80
- TCP(HTTP/1.1) www.b####.com:80
- TCP(TLS/1.0) m.tna####.com:443
- TCP(TLS/1.0) b####.com:443
- TCP(TLS/1.0) www.p####.com:443
- TCP(TLS/1.0) box.jom####.com:443
- TCP(TLS/1.0) ti####.jom####.com:443
- TCP(TLS/1.0) www.por####.com:443
- TCP(TLS/1.0) www.you####.com:443
- TCP(TLS/1.0) hpd.b####.com:443
- TCP(TLS/1.0) wap.n.sh####.com:443
- TCP(TLS/1.0) www.red####.com:443
- TCP(TLS/1.0) tna.traffic####.net:443
Запросы DNS:
- b####.com
- ck1.mobi-####.org
- ck2.mobi-####.org
- f####.b####.com
- flying####.com
- g####.bdst####.com
- hpd.b####.com
- i####.yy####.com
- ln.nobv####.com
- m.b####.com
- m.tna####.com
- mt####.go####.com
- s.bdst####.com
- ss0.b####.com
- ss0.bdst####.com
- ss1.b####.com
- sv.bdst####.com
- ti####.b####.com
- up.press####.com
- www.b####.com
- www.p####.com
- www.por####.com
- www.red####.com
- www.tna####.com
- www.x####.com
- www.you####.com
- www.you####.com
Запросы HTTP GET:
- ck1.mobi-####.org:13631/cnls/CN9119
- ck2.mobi-####.org:13631/cnls/CN9119
- flying####.com/favicon.ico
- ln.nobv####.com/imgs/a60.png
- ln.nobv####.com/imgs/a61.png
- ln.nobv####.com/imgs/a62.png
- www.b####.com/
- www.por####.com/favicon.ico
- www.red####.com/favicon.ico
- www.you####.com/favicon.ico
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_lib/libmain.so
- <Package Folder>/cache/####/0d1342925ed695f30a96b84ee024634fcf6....0.tmp
- <Package Folder>/cache/####/1032e1056cc66745ea5cd96e052e58b4c60....0.tmp
- <Package Folder>/cache/####/121fdc1892df6b09d6287de72bbe91534ca....0.tmp
- <Package Folder>/cache/####/1988b2ff8f5721a90b6254bfa11c2a6b31b....0.tmp
- <Package Folder>/cache/####/3caf3bfca9cf2890412578f98b31f05b391....0.tmp
- <Package Folder>/cache/####/478a5488f1d2693fed93ee07a346e5ba1d0....0.tmp
- <Package Folder>/cache/####/669ebae8ca33bbf1b2907e6f9ba5125717d....0.tmp
- <Package Folder>/cache/####/70d45fdd92cfd7059380336b67508e75f17....0.tmp
- <Package Folder>/cache/####/80ef8f39fa3a5867ad6ed8ec70d80ae4348....0.tmp
- <Package Folder>/cache/####/ace5d961b21f9217ec0aa5bebdea98b9303....0.tmp
- <Package Folder>/cache/####/b3908576adb48987ee0cffc61e0ce724de8....0.tmp
- <Package Folder>/cache/####/b74f936114e1720b6e2cfa16c701dd9dded....0.tmp
- <Package Folder>/cache/####/b9886195523ac3c31622ff1b8735c3127d0....0.tmp
- <Package Folder>/cache/####/bde263088dca67ce892ee6fed024953941a....0.tmp
- <Package Folder>/cache/####/c32c490e3082eb3df137dec30c89a903077....0.tmp
- <Package Folder>/cache/####/caf978b5d4e1f58f89a3fa83013dd320fdd....0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/dbcb1da1f9b206a1515a0db1c749f622870....0.tmp
- <Package Folder>/cache/####/df906287f5c220e13bb4a0eb1cec6c04dea....0.tmp
- <Package Folder>/cache/####/e32c1ad74fa01ca4d419e0f32d942ed422f....0.tmp
- <Package Folder>/cache/####/e7af50ffb8016cd228869bf978c6f017ee5....0.tmp
- <Package Folder>/cache/####/ef15e1b6db7e84e3129c1cf5a32af684de0....0.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/icon.jpg
- <Package Folder>/cache/####/icon1.jpg
- <Package Folder>/cache/####/icon2.jpg
- <Package Folder>/cache/####/icon4.jpg
- <Package Folder>/cache/####/icon5.jpg
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/fankingbox/####/fsdk80000.apk
- <Package Folder>/files/####/hotfix.dex
- <Package Folder>/files/####/installed.meta
- <Package Folder>/files/####/newPathinfo
- <Package Folder>/files/####/pathinfo
- <Package Folder>/files/libassist.so
- <Package Folder>/shared_prefs/WebViewSettings.xml
- <Package Folder>/shared_prefs/fanking.sdk.xml
- <Package Folder>/shared_prefs/hotfix.xml
- <Package Folder>/shared_prefs/preference.db.xml
- <Package Folder>/shared_prefs/preference_videos.xml
- <Package Folder>/shared_prefs/static_date.xml
- <Package Folder>/shared_prefs/test.xml
- <SD-Card>/.tmp_
- <SD-Card>/Android/####/hotfix.jar
Другие:
Запускает следующие shell-скрипты:
- chmod 775 <Package Folder>/app_lib
Загружает динамические библиотеки:
- libassist
Отрисовывает собственные окна поверх других приложений.
