Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.MobiDash.2.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) lb.apr-####.edgecas####.net:80
- TCP(HTTP/1.1) sto####.ws.pho.to:80
- TCP(HTTP/1.1) c####.ws.pho.to:80
- TCP(HTTP/1.1) plas####.ws.pho.to:80
- TCP(HTTP/1.1) androi####.ws.pho.to:80
- TCP(HTTP/1.1) co####.in####.com:80
- TCP(HTTP/1.1) photola####.pho.to:80
- TCP(HTTP/???) androi####.ws.pho.to:80
- TCP(TLS/1.0) d3v1lb8####.cloudf####.net:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) adc3-la####.adco####.com:443
- TCP(TLS/1.0) cd####.vu####.ak####.net:443
- TCP(TLS/1.0) a####.adco####.com:443
- TCP(TLS/1.0) pag####.googlea####.com:443
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) events####.adco####.com:443
- TCP(TLS/1.0) e.crashly####.com:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) api.vu####.com.####.net:443
- TCP(TLS/1.0) applovi####.edg####.net:443
- TCP(TLS/1.0) ssl.google-####.com:443
- TCP(TLS/1.0) lh3.googleu####.com:443
- TCP(TLS/1.0) wd.adco####.com:443
- TCP(TLS/1.0) ipv6-wi####.appl####.com.####.net:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) down####.wild####.appl####.####.net:443
- TCP(TLS/1.0) eve####.adco####.com:443
- TCP(TLS/1.0) s3.amazo####.com:443
Запросы DNS:
- a####.adco####.com
- a.appl####.com
- adc3-la####.adco####.com
- and####.cli####.go####.com
- androi####.ws.pho.to
- api.vu####.com
- as####.appl####.com
- c####.ws.pho.to
- cd####.vu####.com
- co####.in####.com
- d.appl####.com
- d3v1lb8####.cloudf####.net
- e.crashly####.com
- eve####.adco####.com
- events####.adco####.com
- f####.google####.com
- f####.gst####.com
- g####.face####.com
- googl####.g.doublec####.net
- img.appl####.com
- lh3.googleu####.com
- pag####.googlea####.com
- pag####.googles####.com
- photola####.pho.to
- plas####.ws.pho.to
- r####.appl####.com
- rt.appl####.com
- s3.amazo####.com
- sett####.crashly####.com
- ssl.google-####.com
- sto####.ws.pho.to
- tpc.googles####.com
- wd.adco####.com
- wpc.2####.edgecas####.net
Запросы HTTP GET:
- androi####.ws.pho.to/?&uuid=####&screen_h=####&os=####&config_id=####&ap...
- lb.apr-####.edgecas####.net/80250F/s3videos/output/videos/hd_48035.m4v
- photola####.pho.to/api/v1/feed/best?country=####&lang=####&appId=####&ap...
- photola####.pho.to/api/v1/feed?country=####&lang=####&appId=####&app_ver...
Запросы HTTP HEAD:
- c####.ws.pho.to/androidphotolab/conf.json?&country=####&lang=####&appId=...
Запросы HTTP POST:
- co####.in####.com/config-server/v1/config/secure.cfg
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_app_apk/t16_funny_photo.dat.jar
- <Package Folder>/cache/####/-515249652-975763097
- <Package Folder>/cache/####/0169b9c8c2c96cd7aae1b06b7c231d6a47e....0.tmp
- <Package Folder>/cache/####/16e066bd56990677c3d2bd14fb29e0dff12....0.tmp
- <Package Folder>/cache/####/36802e889b75d11dbb3a07a346eafdf7d60....0.tmp
- <Package Folder>/cache/####/3f5731906d4a5e36ca27aa3c5069c98d2af....0.tmp
- <Package Folder>/cache/####/5cb73b7b968b585d12acf8d79e806e58d49....0.tmp
- <Package Folder>/cache/####/6133418466e84fc343a0826cd9ca64a5fea....0.tmp
- <Package Folder>/cache/####/6146526a485eceb25f79bfe3794f6773a48....0.tmp
- <Package Folder>/cache/####/6ce1af9114f54b38413998d831a71fc704a....0.tmp
- <Package Folder>/cache/####/93753f8ebd5136cf8e110080046c266eae9....0.tmp
- <Package Folder>/cache/####/9490fa3db2b36d8cccf39e20e39d4652ea1....0.tmp
- <Package Folder>/cache/####/960e2547ddb823fc2faae52350cf80590c6....0.tmp
- <Package Folder>/cache/####/b72951b5418679d3cd15ffe6576557284f4....0.tmp
- <Package Folder>/cache/####/bf769920e7dcb56ca1d153ec6b308949b1a....0.tmp
- <Package Folder>/cache/####/d3db3137ae7e36c20103046a90d8dc4824c....0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e2757ec30a16eb33a0889d268536bdb7031....0.tmp
- <Package Folder>/cache/####/f3efb4d97495a348572fb087c7712a1d9ce....0.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/1496809943795.jar
- <Package Folder>/cache/1496809943795.tmp
- <Package Folder>/cache/ApplicationCache.db-journal
- <Package Folder>/code_cache/####/MultiDex.lock
- <Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes-17...53.zip
- <Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes626411528.zip
- <Package Folder>/databases/####/https_googleads.g.doubleclick.n...ournal
- <Package Folder>/databases/com.im_6.2.3.db-journal
- <Package Folder>/databases/google_analytics_v4.db-journal
- <Package Folder>/databases/google_app_measurement_local.db
- <Package Folder>/databases/google_app_measurement_local.db-journal
- <Package Folder>/databases/photolab.db-journal
- <Package Folder>/databases/vungle-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/####/026ae9c9824b3e483fa6c71fa88f57ae27816141
- <Package Folder>/files/####/40b7c3f0-26c6-49d4-a14a-ad216764ad26
- <Package Folder>/files/####/422de421e0f4e019426b9abfd780746bc40740eb
- <Package Folder>/files/####/59FDF4250264-0001-0819-63A4C5FF8898...s_temp
- <Package Folder>/files/####/5d06bc56-5776-4a60-b5cb-9d6cc0d64a31
- <Package Folder>/files/####/693c06a6-e703-4fd2-87a6-ece848279662
- <Package Folder>/files/####/6a0c4dfb-d016-4ae8-b252-44cdb879bb3b
- <Package Folder>/files/####/7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5
- <Package Folder>/files/####/7db5c1cf-5e59-495e-8873-ec64a823baf3.m4v
- <Package Folder>/files/####/8cac37ca-68d9-46a5-8bda-a7908c0305ba
- <Package Folder>/files/####/AppInfo
- <Package Folder>/files/####/AppVersion
- <Package Folder>/files/####/a4ec61a3-077a-4b1d-b9b3-872702684e9c
- <Package Folder>/files/####/ad_cache_report.txt
- <Package Folder>/files/####/c5d1a1aa-ace6-4dd3-89d8-e7a146b974ad
- <Package Folder>/files/####/com.crashlytics.settings.json
- <Package Folder>/files/####/initialization_marker
- <Package Folder>/files/####/media
- <Package Folder>/files/####/network_requests
- <Package Folder>/files/####/sa_02833610-ee22-4115-a338-39180b9e...00.tap
- <Package Folder>/files/####/sa_eb99e095-15d6-49ec-ab4d-d25f8936...45.tap
- <Package Folder>/files/####/session_analytics.tap
- <Package Folder>/files/####/session_analytics.tap.tmp
- <Package Folder>/files/AppEventsLogger.persistedevents
- <Package Folder>/files/INSTALLATION
- <Package Folder>/files/UmTSkbSgt
- <Package Folder>/files/gaClientId
- <Package Folder>/files/settings.json
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/AnalyticsWrapper.xml
- <Package Folder>/shared_prefs/DbImpl.xml
- <Package Folder>/shared_prefs/FBAdPrefs.xml
- <Package Folder>/shared_prefs/FaceFinderService.xml
- <Package Folder>/shared_prefs/SDKIDFA.xml
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/shared_prefs/VMAnalyticManager.xml
- <Package Folder>/shared_prefs/VMVicmanAnalyticProv.xml
- <Package Folder>/shared_prefs/VUNGLE_PUB_APP_INFO.xml
- <Package Folder>/shared_prefs/admob.xml
- <Package Folder>/shared_prefs/com.applovin.sdk.1.xml
- <Package Folder>/shared_prefs/com.applovin.sdk.impl.postbackQue...in.xml
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android.crash...re.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answe...gs.xml
- <Package Folder>/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
- <Package Folder>/shared_prefs/com.facebook.internal.preferences...GS.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- <Package Folder>/shared_prefs/com.facebook.sdk.attributionTracking.xml
- <Package Folder>/shared_prefs/com.google.android.gms.analytics.prefs.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.aes_key_store.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.config_store.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.sdk_version_store.xml
- <Package Folder>/shared_prefs/com.im.keyValueStore.uid_store.xml
- <Package Folder>/shared_prefs/firstrun.xml
- <Package Folder>/shared_prefs/google_ads_flags_meta.xml
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.f...ng.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/remote_config.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/1476158467_512x512_opt_v1.png
- <SD-Card>/Android/####/360.png
- <SD-Card>/Android/####/DeviceOrientationController.js
- <SD-Card>/Android/####/Star_Sprite.png
- <SD-Card>/Android/####/button_1.png
- <SD-Card>/Android/####/finger.png
- <SD-Card>/Android/####/gradient-landscape.png
- <SD-Card>/Android/####/gradient.png
- <SD-Card>/Android/####/image.js
- <SD-Card>/Android/####/index.html
- <SD-Card>/Android/####/jquery-1.9.1.min.js
- <SD-Card>/Android/####/jquery.knob.js
- <SD-Card>/Android/####/localVideo.mp4
- <SD-Card>/Android/####/logo.png
- <SD-Card>/Android/####/ob13c7a6_48b95eddfdf9a1861481045b1935f99...11.gif
- <SD-Card>/Android/####/ob13c7a6_fc4d733f2299f386f667b6cf579095e...ne.jpg
- <SD-Card>/Android/####/postRoll.zip
- <SD-Card>/Android/####/style.css
- <SD-Card>/Android/####/three.min.js
- <SD-Card>/Android/####/vungicon-v2-1.eot
- <SD-Card>/Android/####/vungicon-v2-1.svg
- <SD-Card>/Android/####/vungicon-v2-1.ttf
- <SD-Card>/Android/####/vungicon-v2-1.woff
- <SD-Card>/Android/####/vungle.css
- <SD-Card>/Android/####/vungle.js
- <SD-Card>/Android/####/zepto-1.1.3.min.js
Другие:
Загружает динамические библиотеки:
- ImageBlur
- UmTSkbSgt
- adcolony
- js
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
