Техническая информация
Вредоносные функции:
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) clou####.ir:80
- TCP(TLS/1.0) 1####.217.19.206:443
Запросы DNS:
- clou####.ir
Запросы HTTP GET:
- clou####.ir/wp-content/plugins/wcp-openweather/theme/default/assets/imag...
- clou####.ir/wp-content/uploads/2017/10/1488032796-rain-sms-300x187.jpg
- clou####.ir/wp-content/uploads/2017/10/40679a58-9480-4bf2-a062-03cf22745...
- clou####.ir/wp-content/uploads/2017/10/57580390-300x169.jpg
- clou####.ir/wp-content/uploads/2017/10/6361520092764087151787655102_natu...
- clou####.ir/wp-content/uploads/2017/10/82554325-71659160-300x211.jpg
- clou####.ir/wp-content/uploads/2017/10/Amazon_shutterstock-300x169.jpg
- clou####.ir/wp-content/uploads/2017/10/Mashhad-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/Quince-ipad-plates-300x185.jpg
- clou####.ir/wp-content/uploads/2017/10/Snow-Rain-Pictures-14-300x169.jpg
- clou####.ir/wp-content/uploads/2017/10/ahvaz-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/app-header-banner.jpg
- clou####.ir/wp-content/uploads/2017/10/deylaman-2-300x188.jpg
- clou####.ir/wp-content/uploads/2017/10/espahan-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/espahan.jpg
- clou####.ir/wp-content/uploads/2017/10/karaj-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/karaj.jpg
- clou####.ir/wp-content/uploads/2017/10/qom-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/rageh-300x169.jpg
- clou####.ir/wp-content/uploads/2017/10/shiraz-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/street-2-300x188.jpg
- clou####.ir/wp-content/uploads/2017/10/tabriz-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/tehran-300x300.jpg
- clou####.ir/wp-content/uploads/2017/10/truth-afford-travel-300x169.jpg
- clou####.ir/wp-content/uploads/2017/10/weather2-300x200.jpg
- clou####.ir/wp-content/uploads/2017/10/what-to-eat-in-vietnam-300x169.jpg
- clou####.ir/wp-content/uploads/2017/11/10531476910155975083-300x188.jpg
- clou####.ir/wp-content/uploads/2017/11/n82666472-71872057-300x169.jpg
- clou####.ir/wp-content/uploads/2017/11/n82666472-71872057.jpg
Запросы HTTP POST:
- clou####.ir/
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/060c7a9020ccefd851bf74ffd63cbc33522....0.tmp
- <Package Folder>/cache/####/074a3559188200da6a65c62cc620a55cd55....0.tmp
- <Package Folder>/cache/####/0d604b2ff3e0dd41db0482e02605a9180ff....0.tmp
- <Package Folder>/cache/####/1386a219d46d3bbb7cc0d6a58325ec914e7....0.tmp
- <Package Folder>/cache/####/141265d01c6cdc5d23d42838b84bb712f78....0.tmp
- <Package Folder>/cache/####/18cf7b1cc218a2065510012c0426f3f5
- <Package Folder>/cache/####/22771be0d55f54e298f83aef739140ff076....0.tmp
- <Package Folder>/cache/####/23e3a3a1ebf125f375d49c75079e62aeb0b....0.tmp
- <Package Folder>/cache/####/302ddc3776433048861805cca751a7b9769....0.tmp
- <Package Folder>/cache/####/32c2a149ea2152e2a40191be40e8342f
- <Package Folder>/cache/####/40e5a07b2be79aef23fffefbf4cc4fd91da....0.tmp
- <Package Folder>/cache/####/43377b87c5ae6c289265eadfbbd33a02
- <Package Folder>/cache/####/44b44d4d0f83d66c0d0d9f9c17a185d0f01....0.tmp
- <Package Folder>/cache/####/4c29d46a8d552da930dd173a684ca1761b7....0.tmp
- <Package Folder>/cache/####/4e5e7f649565a6405f346003e84ecec6014....0.tmp
- <Package Folder>/cache/####/5096ff26f447edb5d37273b1a89520ac
- <Package Folder>/cache/####/5c5a7dbbe2296b681cc589cd2894f56fee2....0.tmp
- <Package Folder>/cache/####/624be64a90fcec3da1b4281fab7c610ba80....0.tmp
- <Package Folder>/cache/####/69a8a1a0342ecf615b57afec7655955a12c....0.tmp
- <Package Folder>/cache/####/6f20e6b4a3471d2cc7d5f655d6d50c60a02....0.tmp
- <Package Folder>/cache/####/700c1fad96967b29e998c12dcdc87f72958....0.tmp
- <Package Folder>/cache/####/7f82998031d807138983f32b842b8c92896....0.tmp
- <Package Folder>/cache/####/8510b5b6f3a818225cc7d5fe5bc23eb5670....0.tmp
- <Package Folder>/cache/####/8adce28390924314547005e7d1ea737ff11....0.tmp
- <Package Folder>/cache/####/93e75d0b58c10092e18e8ca65bbbe9c6a73....0.tmp
- <Package Folder>/cache/####/956b02ba52f6d82b5e9d95c6b8bcb808172....0.tmp
- <Package Folder>/cache/####/abfed11d3368fb8da32b761fe5ce5ce5651....0.tmp
- <Package Folder>/cache/####/b3cb17872ae176f8e5f10ddd6e870ab2305....0.tmp
- <Package Folder>/cache/####/bc2e53e1fc64f287544216ae6ea898fad86....0.tmp
- <Package Folder>/cache/####/bf746cdb4ee5e5ed2be70caa698b7535
- <Package Folder>/cache/####/cb7b375a40793d1ebe9bdf8214417d0f
- <Package Folder>/cache/####/d3aeef3a1610dabc1aa580fd9cb6e2f8e69....0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e48c174018b539e2ee1c4992b79c5250
- <Package Folder>/cache/####/e5be8c6544f6c32961f201d226e59fd4f50....0.tmp
- <Package Folder>/cache/####/f355cc9fc194e82a948860ca0d0a6625
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/__pushe_base_lib_db-journal
- <Package Folder>/databases/evernote_jobs.db
- <Package Folder>/databases/evernote_jobs.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/unsent_requests
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/co.ronash.pushe.keystore.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
Другие:
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
