Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.306
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) is.sn####.com:80
- TCP(HTTP/1.1) p1.ps####.com.####.com:80
- TCP(HTTP/1.1) p2.ps####.com:80
- TCP(HTTP/1.1) p3.ps####.com:80
- TCP(HTTP/1.1) lf.sn####.com:80
- TCP(HTTP/1.1) p9.ps####.com.####.com:80
- TCP(TLS/1.0) is.sn####.com:443
Запросы DNS:
- a####.u####.com
- gp.hz####.com
- is.sn####.com
- lf.sn####.com
- p1.ps####.com
- p2.ps####.com
- p3.ps####.com
- p9.ps####.com
- qq####.com
- tou####.com
Запросы HTTP GET:
- p1.ps####.com.####.com/list/300x196/4a42000f8901feb942fa.webp
- p1.ps####.com.####.com/list/300x196/4ae900017919cd174914.webp
- p1.ps####.com.####.com/list/640x360/468d0002ae7a8210b689
- p1.ps####.com.####.com/thumb/16aa0010e57d9539a460
- p1.ps####.com.####.com/thumb/46c5000e97bf6001a6e3
- p1.ps####.com.####.com/thumb/78f0014d8d81419ce2d
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_mdex/abc.zip
- <Package Folder>/app_mdex/classes.dex
- <Package Folder>/cache/####/01f8d73cf0d7a0cd770f46afd4b88eb3338....0.tmp
- <Package Folder>/cache/####/057d599d8d159f6f112cf7d0e536db341de....0.tmp
- <Package Folder>/cache/####/06e9db45a8e33624e4def27faebabcde8a7....0.tmp
- <Package Folder>/cache/####/0be9261f9bdab2c5d6270edc8ab24db7626....0.tmp
- <Package Folder>/cache/####/0dcea382dc599750b8e291875f9fdb93.0.tmp
- <Package Folder>/cache/####/0dcea382dc599750b8e291875f9fdb93.1.tmp
- <Package Folder>/cache/####/11eadf978390413dfc67f91211a2052ab26....0.tmp
- <Package Folder>/cache/####/17b060cb52afa1ed15b33758cc37e5c79f7....0.tmp
- <Package Folder>/cache/####/2e6f402fc366e0ff28f8aece17bca175165....0.tmp
- <Package Folder>/cache/####/65a5d6b45f9284d63825179857e6bc4c0e1....0.tmp
- <Package Folder>/cache/####/7aa72c6563087bcdfb9df170deb7cd2420f....0.tmp
- <Package Folder>/cache/####/7ae4b29ab075ddd4e00cde7f7d50d31ec03....0.tmp
- <Package Folder>/cache/####/7bdf46b6d3eb23cf2ed9e5b2ebb6eb78.0.tmp
- <Package Folder>/cache/####/7bdf46b6d3eb23cf2ed9e5b2ebb6eb78.1.tmp
- <Package Folder>/cache/####/7cb801e62a3544573fefe721065de131f11....0.tmp
- <Package Folder>/cache/####/839bfa018a51b768d6cea5e5aebf47ae8e1....0.tmp
- <Package Folder>/cache/####/87d0413a1eb09f87fe7f70939ed30abce76....0.tmp
- <Package Folder>/cache/####/8e021639d1227600848a8b0a09d00de158a....0.tmp
- <Package Folder>/cache/####/b01141894465a0563afff34656675599.0.tmp
- <Package Folder>/cache/####/b01141894465a0563afff34656675599.1
- <Package Folder>/cache/####/c74a04ba7b490bc307d08f9dfe6d2d2e576....0.tmp
- <Package Folder>/cache/####/da81312e16eef1691525317c3024aeebab7....0.tmp
- <Package Folder>/cache/####/e21255b0b44c6011142df4853cdbbbfd.0.tmp
- <Package Folder>/cache/####/e21255b0b44c6011142df4853cdbbbfd.1.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/Toutiao-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/191b4c2906deb77b720dfc4c4ce744cc
- <Package Folder>/files/exid.dat
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/CookiePersistence.xml
- <Package Folder>/shared_prefs/MediaChannelView.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
Другие:
Загружает динамические библиотеки:
- com_meiji_toutiao
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
