Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.607.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) h5####.hz####.cn:80
- TCP(HTTP/1.1) dqhmu04####.cloudf####.net:80
- TCP(HTTP/1.1) sdk-112####.us-we####.elb.####.com:80
- TCP(HTTP/1.1) img.h5####.hz####.cn:80
Запросы DNS:
- a####.u####.com
- a####.umengc####.com
- dqhmu04####.cloudf####.net
- h5####.hz####.cn
- img.h5####.hz####.cn
- sdk-112####.us-we####.elb.####.com
Запросы HTTP GET:
- img.h5####.hz####.cn/Arcade/Angry-Necromancer/icon.png
- img.h5####.hz####.cn/Arcade/Basket-Ball/icon.png
- img.h5####.hz####.cn/Arcade/Color-Circles/icon.png
- img.h5####.hz####.cn/Arcade/Pirates-Of-Islets/icon.png
- img.h5####.hz####.cn/Arcade/Sheepop/icon.png
- img.h5####.hz####.cn/Arcade/Slot-Arabian-Nights/icon.png
- img.h5####.hz####.cn/Bubble-Shooter/Sea-Bubble-Shooter/icon.png
- img.h5####.hz####.cn/Cards/Solitaire-Classic/icon.png
- img.h5####.hz####.cn/Cards/Tri-Peaks-Solitaire-Classic/icon.png
- img.h5####.hz####.cn/GameType/Arcade.jpg
- img.h5####.hz####.cn/GameType/Bubble-Shooter.jpg
- img.h5####.hz####.cn/GameType/Cards.jpg
- img.h5####.hz####.cn/GameType/Girls.jpg
- img.h5####.hz####.cn/GameType/Jump-Run.jpg
- img.h5####.hz####.cn/GameType/Match.jpg
- img.h5####.hz####.cn/GameType/Puzzle.jpg
- img.h5####.hz####.cn/GameType/Quiz.jpg
- img.h5####.hz####.cn/GameType/Racing.jpg
- img.h5####.hz####.cn/GameType/Sport.jpg
- img.h5####.hz####.cn/Girls/Butterfly-Chocolate-Cake-Cooking-with-Emma/ic...
- img.h5####.hz####.cn/Girls/Cuties-Kitty-Rescue/icon.png
- img.h5####.hz####.cn/Girls/Doctor-Teeth/icon.png
- img.h5####.hz####.cn/Girls/Emilys-Hopes-and-Fears/icon.png
- img.h5####.hz####.cn/Girls/Fairy-Princess/icon.png
- img.h5####.hz####.cn/Girls/My-Puppy/icon.png
- img.h5####.hz####.cn/Girls/Potato-Salad-Cooking-with-Emma/icon.png
- img.h5####.hz####.cn/Girls/Roxelane-True-Make-Up/icon.png
- img.h5####.hz####.cn/Girls/Save-the-Date/icon.png
- img.h5####.hz####.cn/Girls/Selena-True-Make-Up/icon.png
- img.h5####.hz####.cn/Girls/Summer-Lily/icon.png
- img.h5####.hz####.cn/Girls/Super-Loom-Triple-Single/icon.png
- img.h5####.hz####.cn/Girls/Super-Looms-Fishtail/icon.png
- img.h5####.hz####.cn/Girls/Tris-Fashionista-Dolly/icon.png
- img.h5####.hz####.cn/Girls/Zucchini-Spaghetti-Bolognese-Cooking-with-Emm...
- img.h5####.hz####.cn/ImgSlide/1.jpg
- img.h5####.hz####.cn/ImgSlide/2.jpg
- img.h5####.hz####.cn/ImgSlide/3.jpg
- img.h5####.hz####.cn/Jump-Run/Basket-Ball/icon.png
- img.h5####.hz####.cn/Jump-Run/Fishy-Rush/icon.png
- img.h5####.hz####.cn/Jump-Run/Greedy-Rabbit/icon.png
- img.h5####.hz####.cn/Jump-Run/Jetpack-Master/icon.png
- img.h5####.hz####.cn/Jump-Run/Key-Shield/icon.png
- img.h5####.hz####.cn/Jump-Run/Kiba-Kumba-High-Jump/icon.png
- img.h5####.hz####.cn/Jump-Run/Kiba-Kumba-Jungle-Chaos/icon.png
- img.h5####.hz####.cn/Jump-Run/Kiba-Kumba-Shadow-Run/icon.png
- img.h5####.hz####.cn/Jump-Run/Nut-Rush-3-Snow-Scramble/icon.png
- img.h5####.hz####.cn/Jump-Run/Nut-Rush/icon.png
- img.h5####.hz####.cn/Jump-Run/Outcome/icon.png
- img.h5####.hz####.cn/Jump-Run/Princess-Goldblade-And-The-Dangerous-Water...
- img.h5####.hz####.cn/Jump-Run/Red-Head/icon.png
- img.h5####.hz####.cn/Jump-Run/Snowball-Christmas-World/icon.png
- img.h5####.hz####.cn/Jump-Run/Snowball-World/icon.png
- img.h5####.hz####.cn/Jump-Run/Sweets-Monster/icon.png
- img.h5####.hz####.cn/Jump-Run/The-Green-Mission/icon.png
- img.h5####.hz####.cn/Jump-Run/Ufo-Run/icon.png
- img.h5####.hz####.cn/Jump-Run/Yeti-Sensation/icon.png
- img.h5####.hz####.cn/Match-3/Back-To-Candyland-Episode-1/icon.png
- img.h5####.hz####.cn/Match-3/Fancy-Diver/icon.png
- img.h5####.hz####.cn/Match-3/Finders-Critters/icon.png
- img.h5####.hz####.cn/Match-3/Fruita-Swipe/icon.png
- img.h5####.hz####.cn/Match-3/Gold-Rush/icon.png
- img.h5####.hz####.cn/Match-3/Match-3-Squared/icon.png
- img.h5####.hz####.cn/Match-3/Sheeps-Adventure/icon.png
- img.h5####.hz####.cn/Match-3/Stones-of-the-Pharaoh/icon.png
- img.h5####.hz####.cn/Puzzle/Ale-or-Gold/icon.png
- img.h5####.hz####.cn/Puzzle/Animals-Puzzle/icon.png
- img.h5####.hz####.cn/Puzzle/Blobs-Plops/icon.png
- img.h5####.hz####.cn/Puzzle/Blue-Box/icon.png
- img.h5####.hz####.cn/Puzzle/Connect-me-factory/icon.png
- img.h5####.hz####.cn/Puzzle/Fancy-Constructor/icon.png
- img.h5####.hz####.cn/Puzzle/Fire-Truck/icon.png
- img.h5####.hz####.cn/Puzzle/Hex-Puzzle/icon.png
- img.h5####.hz####.cn/Puzzle/Jigsaw-Puzzle-XMas/icon.png
- img.h5####.hz####.cn/Puzzle/Kiba-Kumba-Jigsaw-Puzzle/icon.png
- img.h5####.hz####.cn/Puzzle/Koutack/icon.png
- img.h5####.hz####.cn/Puzzle/Let-me-grow/icon.png
- img.h5####.hz####.cn/Puzzle/Puzzletag/icon.png
- img.h5####.hz####.cn/Puzzle/Snap-The-Shape-Spring/icon.png
- img.h5####.hz####.cn/Puzzle/Spider-Solitaire/icon.png
- img.h5####.hz####.cn/Puzzle/Sudoku-Classic/icon.png
- img.h5####.hz####.cn/Puzzle/Vampirizer/icon.png
- img.h5####.hz####.cn/Quiz/Cartoon-Quiz/icon.png
- img.h5####.hz####.cn/Quiz/Flag-Quiz/icon.png
- img.h5####.hz####.cn/Quiz/Fluffy-Egg/icon.png
- img.h5####.hz####.cn/Quiz/Movie-Quiz/icon.png
- img.h5####.hz####.cn/Racing/Burnin-Rubber/icon.png
- img.h5####.hz####.cn/Racing/Speed-Club-Nitro/icon.png
- img.h5####.hz####.cn/Racing/StreetRace-Fury/icon.png
- img.h5####.hz####.cn/Sport/Basketball/icon.png
- img.h5####.hz####.cn/Sport/Classic-Bowling/icon.png
- img.h5####.hz####.cn/Sport/Football-Tricks-World-Cup-2014/icon.png
- img.h5####.hz####.cn/Sport/Skeet-Challenge/icon.png
- img.h5####.hz####.cn/Sport/Soccer-Girl/icon.png
- img.h5####.hz####.cn/imgs/icon/Candyland3.jpg
- img.h5####.hz####.cn/imgs/icon/DiamondHunt.jpg
- img.h5####.hz####.cn/imgs/icon/DragonPhysics.jpg
- img.h5####.hz####.cn/imgs/icon/Dreamy.jpg
- img.h5####.hz####.cn/imgs/icon/LetMeGrow_icon.jpg
- img.h5####.hz####.cn/imgs/icon/baoshi_icon.jpg
- img.h5####.hz####.cn/imgs/icon/bwzj_icon.jpg
- img.h5####.hz####.cn/imgs/icon/cjlhj_icon.jpg
- img.h5####.hz####.cn/imgs/icon/dbfl_icon.jpg
- img.h5####.hz####.cn/imgs/icon/fwhq_icon.jpg
- img.h5####.hz####.cn/imgs/icon/grf.jpg
- img.h5####.hz####.cn/imgs/icon/guaiwu_icon.jpg
- img.h5####.hz####.cn/imgs/icon/hlppl.jpg
- img.h5####.hz####.cn/imgs/icon/jixian_icon.jpg
- img.h5####.hz####.cn/imgs/icon/jslpd_icon.jpg
- img.h5####.hz####.cn/imgs/icon/lrsl_icon.jpg
- img.h5####.hz####.cn/imgs/icon/meinvbo_icon.jpg
- img.h5####.hz####.cn/imgs/icon/ncdwxxk_icon.jpg
Запросы HTTP POST:
- img.h5####.hz####.cn/appstart.aspx
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_bGlicmVz/nlim.bin
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/um_cache_1509544207433.env
- <Package Folder>/files/exid.dat
- <Package Folder>/files/ncore.jar
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/U.xml
- <Package Folder>/shared_prefs/all_info_data.xml
- <Package Folder>/shared_prefs/apprater.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/Android/####/-1004593806.tmp
- <SD-Card>/Android/####/-1012865036.tmp
- <SD-Card>/Android/####/-1036227284.tmp
- <SD-Card>/Android/####/-1042800299.tmp
- <SD-Card>/Android/####/-1070318167.tmp
- <SD-Card>/Android/####/-1074578949.tmp
- <SD-Card>/Android/####/-1086572413.tmp
- <SD-Card>/Android/####/-1157791612.tmp
- <SD-Card>/Android/####/-1205700673.tmp
- <SD-Card>/Android/####/-1213714872.tmp
- <SD-Card>/Android/####/-1238106391.tmp
- <SD-Card>/Android/####/-1274669519.tmp
- <SD-Card>/Android/####/-128755997.tmp
- <SD-Card>/Android/####/-1355425586.tmp
- <SD-Card>/Android/####/-1363026326.tmp
- <SD-Card>/Android/####/-1406007686.tmp
- <SD-Card>/Android/####/-1457282817.tmp
- <SD-Card>/Android/####/-1571381151.tmp
- <SD-Card>/Android/####/-1589292974.tmp
- <SD-Card>/Android/####/-161467218.tmp
- <SD-Card>/Android/####/-164992168.tmp
- <SD-Card>/Android/####/-1834004387.tmp
- <SD-Card>/Android/####/-1849682531.tmp
- <SD-Card>/Android/####/-189016364.tmp
- <SD-Card>/Android/####/-194326014.tmp
- <SD-Card>/Android/####/-1948629168.tmp
- <SD-Card>/Android/####/-1973804209.tmp
- <SD-Card>/Android/####/-1981881498.tmp
- <SD-Card>/Android/####/-1991815816.tmp
- <SD-Card>/Android/####/-199590432.tmp
- <SD-Card>/Android/####/-2065468143.tmp
- <SD-Card>/Android/####/-2066391664.tmp
- <SD-Card>/Android/####/-2067315185.tmp
- <SD-Card>/Android/####/-2067685141.tmp
- <SD-Card>/Android/####/-2085996747.tmp
- <SD-Card>/Android/####/-2093960329.tmp
- <SD-Card>/Android/####/-2094039685.tmp
- <SD-Card>/Android/####/-2145141769.tmp
- <SD-Card>/Android/####/-332282183.tmp
- <SD-Card>/Android/####/-334256348.tmp
- <SD-Card>/Android/####/-364156639.tmp
- <SD-Card>/Android/####/-37244956.tmp
- <SD-Card>/Android/####/-381392190.tmp
- <SD-Card>/Android/####/-417525650.tmp
- <SD-Card>/Android/####/-433510311.tmp
- <SD-Card>/Android/####/-479167640.tmp
- <SD-Card>/Android/####/-504069104.tmp
- <SD-Card>/Android/####/-511623229.tmp
- <SD-Card>/Android/####/-60527355.tmp
- <SD-Card>/Android/####/-653989586.tmp
- <SD-Card>/Android/####/-665730251.tmp
- <SD-Card>/Android/####/-704932694.tmp
- <SD-Card>/Android/####/-726992061.tmp
- <SD-Card>/Android/####/-762555224.tmp
- <SD-Card>/Android/####/-855501630.tmp
- <SD-Card>/Android/####/-880254971.tmp
- <SD-Card>/Android/####/-908780667.tmp
- <SD-Card>/Android/####/-918466600.tmp
- <SD-Card>/Android/####/-921470485.tmp
- <SD-Card>/Android/####/-933756286.tmp
- <SD-Card>/Android/####/-967046064.tmp
- <SD-Card>/Android/####/-989518410.tmp
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/102237767.tmp
- <SD-Card>/Android/####/1097113572.tmp
- <SD-Card>/Android/####/1189686817.tmp
- <SD-Card>/Android/####/1302207343.tmp
- <SD-Card>/Android/####/1318767179.tmp
- <SD-Card>/Android/####/1370466337.tmp
- <SD-Card>/Android/####/1410195955.tmp
- <SD-Card>/Android/####/1424292937.tmp
- <SD-Card>/Android/####/1441030067.tmp
- <SD-Card>/Android/####/145883188.tmp
- <SD-Card>/Android/####/1573370134.tmp
- <SD-Card>/Android/####/1573555572.tmp
- <SD-Card>/Android/####/1588274254.tmp
- <SD-Card>/Android/####/1638648222.tmp
- <SD-Card>/Android/####/1644123658.tmp
- <SD-Card>/Android/####/1658498238.tmp
- <SD-Card>/Android/####/1666533017.tmp
- <SD-Card>/Android/####/1671723548.tmp
- <SD-Card>/Android/####/1689438941.tmp
- <SD-Card>/Android/####/1713822639.tmp
- <SD-Card>/Android/####/1715417370.tmp
- <SD-Card>/Android/####/1732939303.tmp
- <SD-Card>/Android/####/179017222.tmp
- <SD-Card>/Android/####/1804892948.tmp
- <SD-Card>/Android/####/185347688.tmp
- <SD-Card>/Android/####/1888725562.tmp
- <SD-Card>/Android/####/1898360908.tmp
- <SD-Card>/Android/####/191817721.tmp
- <SD-Card>/Android/####/1918688911.tmp
- <SD-Card>/Android/####/1930349738.tmp
- <SD-Card>/Android/####/1936968592.tmp
- <SD-Card>/Android/####/197040649.tmp
- <SD-Card>/Android/####/1984682636.tmp
- <SD-Card>/Android/####/1995978513.tmp
- <SD-Card>/Android/####/2025788917.tmp
- <SD-Card>/Android/####/228710797.tmp
- <SD-Card>/Android/####/24569144.tmp
- <SD-Card>/Android/####/264895284.tmp
- <SD-Card>/Android/####/334191030.tmp
- <SD-Card>/Android/####/337175952.tmp
- <SD-Card>/Android/####/445529791.tmp
- <SD-Card>/Android/####/496276392.tmp
- <SD-Card>/Android/####/559239875.tmp
- <SD-Card>/Android/####/577815492.tmp
- <SD-Card>/Android/####/717506896.tmp
- <SD-Card>/Android/####/737378167.tmp
- <SD-Card>/Android/####/782043376.tmp
- <SD-Card>/Android/####/826051401.tmp
- <SD-Card>/Android/####/911219539.tmp
Другие:
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
