Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.309
- Android.Triada.373.origin
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_vf/####/1.png
- <Package Folder>/app_vf/####/1000.png
- <Package Folder>/app_vf/####/1500.png
- <Package Folder>/app_vf/####/2.png
- <Package Folder>/app_vf/####/3.png
- <Package Folder>/app_vf/####/4.png
- <Package Folder>/app_vf/####/4000.png
- <Package Folder>/app_vf/####/5.png
- <Package Folder>/app_vf/####/6.png
- <Package Folder>/app_vf/####/800.png
- <Package Folder>/app_vf/####/ActivateBG.jpg
- <Package Folder>/app_vf/####/BeautyFont.png
- <Package Folder>/app_vf/####/BeautyTitle.png
- <Package Folder>/app_vf/####/BgOn.png
- <Package Folder>/app_vf/####/BlackRound.png
- <Package Folder>/app_vf/####/ButtonGameOut.png
- <Package Folder>/app_vf/####/ButtonHelpNormal.png
- <Package Folder>/app_vf/####/ButtonHelpSelect.png
- <Package Folder>/app_vf/####/ButtonPauseNormal.png
- <Package Folder>/app_vf/####/ButtonPhotoNormal.png
- <Package Folder>/app_vf/####/ButtonPhotoReturn1.png
- <Package Folder>/app_vf/####/ButtonPhotoReturn2.png
- <Package Folder>/app_vf/####/ButtonPhotoSelect.png
- <Package Folder>/app_vf/####/ButtonPropsHammer.png
- <Package Folder>/app_vf/####/ButtonPropsHeart.png
- <Package Folder>/app_vf/####/ButtonPropsMissile.png
- <Package Folder>/app_vf/####/ButtonPropsSelect.png
- <Package Folder>/app_vf/####/ButtonPropsTime.png
- <Package Folder>/app_vf/####/ButtonStartGame1.png
- <Package Folder>/app_vf/####/ButtonStartGame2.png
- <Package Folder>/app_vf/####/ButtonVolueClose.png
- <Package Folder>/app_vf/####/ButtonVolueOpen.png
- <Package Folder>/app_vf/####/Button_Disable.png
- <Package Folder>/app_vf/####/Direction.png
- <Package Folder>/app_vf/####/GiftBag1.jpg
- <Package Folder>/app_vf/####/GiftBag2.jpg
- <Package Folder>/app_vf/####/GiftClose.png
- <Package Folder>/app_vf/####/HeartDown.png
- <Package Folder>/app_vf/####/HeartRed.png
- <Package Folder>/app_vf/####/ImageFile.png
- <Package Folder>/app_vf/####/LevelPHotoFont.png
- <Package Folder>/app_vf/####/LevelPHotoTitle.png
- <Package Folder>/app_vf/####/Level_1.png
- <Package Folder>/app_vf/####/Level_2.png
- <Package Folder>/app_vf/####/Level_3.png
- <Package Folder>/app_vf/####/Level_4.png
- <Package Folder>/app_vf/####/Level_5.png
- <Package Folder>/app_vf/####/Level_6.png
- <Package Folder>/app_vf/####/MainBackGround.jpg
- <Package Folder>/app_vf/####/MainTitle.png
- <Package Folder>/app_vf/####/Money.png
- <Package Folder>/app_vf/####/MoneyDown.png
- <Package Folder>/app_vf/####/PhotoBackGround.png
- <Package Folder>/app_vf/####/PhotoFont.png
- <Package Folder>/app_vf/####/PhotoSelect.png
- <Package Folder>/app_vf/####/PhotoTitle.png
- <Package Folder>/app_vf/####/PropsDown.png
- <Package Folder>/app_vf/####/PropsDown3.png
- <Package Folder>/app_vf/####/PropsHammer.png
- <Package Folder>/app_vf/####/PropsHeart.png
- <Package Folder>/app_vf/####/PropsMissile.png
- <Package Folder>/app_vf/####/PropsTitle.png
- <Package Folder>/app_vf/####/RedRound.png
- <Package Folder>/app_vf/####/ResurrectionFont.png
- <Package Folder>/app_vf/####/ResurrectionTitle.png
- <Package Folder>/app_vf/####/SelectMask.png
- <Package Folder>/app_vf/####/Time1.png
- <Package Folder>/app_vf/####/Time2.png
- <Package Folder>/app_vf/####/Time3.png
- <Package Folder>/app_vf/####/Time4.png
- <Package Folder>/app_vf/####/Time5.png
- <Package Folder>/app_vf/####/TimeBoxDown.png
- <Package Folder>/app_vf/####/TimeDown.png
- <Package Folder>/app_vf/####/TimeOn.png
- <Package Folder>/app_vf/####/TipsBox.png
- <Package Folder>/app_vf/####/TipsBoxAllBeauyt.png
- <Package Folder>/app_vf/####/TipsBoxMoney.png
- <Package Folder>/app_vf/####/TipsBoxOutGame.png
- <Package Folder>/app_vf/####/TipsBoxPause.png
- <Package Folder>/app_vf/####/TipsBoxStartGame.png
- <Package Folder>/app_vf/####/TipsBoxTime.png
- <Package Folder>/app_vf/####/TipsBoxWin.png
- <Package Folder>/app_vf/####/a.plist
- <Package Folder>/app_vf/####/a.png
- <Package Folder>/app_vf/####/b.plist
- <Package Folder>/app_vf/####/b.png
- <Package Folder>/app_vf/####/bCancel1.png
- <Package Folder>/app_vf/####/bCancel2.png
- <Package Folder>/app_vf/####/bCountinue1.png
- <Package Folder>/app_vf/####/bCountinue2.png
- <Package Folder>/app_vf/####/bOO.png
- <Package Folder>/app_vf/####/bReturnMain1.png
- <Package Folder>/app_vf/####/bReturnMain2.png
- <Package Folder>/app_vf/####/bSure1.png
- <Package Folder>/app_vf/####/bSure2.png
- <Package Folder>/app_vf/####/bXX.png
- <Package Folder>/app_vf/####/backGround.mp3
- <Package Folder>/app_vf/####/bgm_red_pack_1.png
- <Package Folder>/app_vf/####/bgm_red_pack_2.png
- <Package Folder>/app_vf/####/btn_get_red.png
- <Package Folder>/app_vf/####/btn_red_pack.png
- <Package Folder>/app_vf/####/button.ogg
- <Package Folder>/app_vf/####/c.plist
- <Package Folder>/app_vf/####/c.png
- <Package Folder>/app_vf/####/d.plist
- <Package Folder>/app_vf/####/d.png
- <Package Folder>/app_vf/####/gandepiaoliang.png
- <Package Folder>/app_vf/####/gg_ss1.jpg
- <Package Folder>/app_vf/####/gg_ss1_out.jpg
- <Package Folder>/app_vf/####/gg_ss2.jpg
- <Package Folder>/app_vf/####/gg_ss2_out.jpg
- <Package Folder>/app_vf/####/gg_ss3.jpg
- <Package Folder>/app_vf/####/gg_ss3_out.jpg
- <Package Folder>/app_vf/####/gg_ss4.jpg
- <Package Folder>/app_vf/####/gg_ss4_out.jpg
- <Package Folder>/app_vf/####/gg_ss5.jpg
- <Package Folder>/app_vf/####/gg_ss5_out.jpg
- <Package Folder>/app_vf/####/gg_ss6.jpg
- <Package Folder>/app_vf/####/gg_ss6_out.jpg
- <Package Folder>/app_vf/####/heart.mp3
- <Package Folder>/app_vf/####/invitation_bgm.png
- <Package Folder>/app_vf/####/item_s_1.ogg
- <Package Folder>/app_vf/####/item_s_10.ogg
- <Package Folder>/app_vf/####/item_s_2.ogg
- <Package Folder>/app_vf/####/item_s_3.ogg
- <Package Folder>/app_vf/####/item_s_4.ogg
- <Package Folder>/app_vf/####/item_s_5.ogg
- <Package Folder>/app_vf/####/item_s_6.ogg
- <Package Folder>/app_vf/####/item_s_7.ogg
- <Package Folder>/app_vf/####/item_s_8.ogg
- <Package Folder>/app_vf/####/item_s_9.ogg
- <Package Folder>/app_vf/####/jiaochengbeijing.png
- <Package Folder>/app_vf/####/jiaochengqueding.png
- <Package Folder>/app_vf/####/jiaochengquxiao.png
- <Package Folder>/app_vf/####/lock.png
- <Package Folder>/app_vf/####/nizhenlihai.png
- <Package Folder>/app_vf/####/s1.ogg
- <Package Folder>/app_vf/####/s2.ogg
- <Package Folder>/app_vf/####/s3.ogg
- <Package Folder>/app_vf/####/s4.ogg
- <Package Folder>/app_vf/####/s5.ogg
- <Package Folder>/app_vf/####/s6.ogg
- <Package Folder>/app_vf/####/tanhao.png
- <Package Folder>/app_vf/####/time.mp3
- <Package Folder>/app_vf/####/tip_1.png
- <Package Folder>/app_vf/####/tip_10.png
- <Package Folder>/app_vf/####/tip_2.png
- <Package Folder>/app_vf/####/tip_3.png
- <Package Folder>/app_vf/####/tip_4.png
- <Package Folder>/app_vf/####/tip_5.png
- <Package Folder>/app_vf/####/tutorialHand.png
- <Package Folder>/app_vf/####/vague_gg_per1.jpg
- <Package Folder>/app_vf/####/vague_gg_per2.jpg
- <Package Folder>/app_vf/####/vague_gg_per3.jpg
- <Package Folder>/app_vf/####/vague_gg_per4.jpg
- <Package Folder>/app_vf/####/vague_gg_per5.jpg
- <Package Folder>/app_vf/####/vague_gg_per6.jpg
- <Package Folder>/app_vf/####/yangguang.png
- <Package Folder>/app_vf/1.csb
- <Package Folder>/app_vf/10.csb
- <Package Folder>/app_vf/11.csb
- <Package Folder>/app_vf/11.png
- <Package Folder>/app_vf/12.png
- <Package Folder>/app_vf/13.png
- <Package Folder>/app_vf/14.png
- <Package Folder>/app_vf/15.png
- <Package Folder>/app_vf/16.jpg
- <Package Folder>/app_vf/17.jpg
- <Package Folder>/app_vf/18.jpg
- <Package Folder>/app_vf/2.csb
- <Package Folder>/app_vf/3.csb
- <Package Folder>/app_vf/4.csb
- <Package Folder>/app_vf/5.csb
- <Package Folder>/app_vf/6.csb
- <Package Folder>/app_vf/7.csb
- <Package Folder>/app_vf/8.csb
- <Package Folder>/app_vf/88.plist
- <Package Folder>/app_vf/9.csb
- <Package Folder>/app_vf/a.csb
- <Package Folder>/app_vf/bSure_big_area.png
- <Package Folder>/app_vf/btn_buy_gg.png
- <Package Folder>/app_vf/btn_enter_game.png
- <Package Folder>/app_vf/futura-48.fnt
- <Package Folder>/app_vf/futura-48.png
- <Package Folder>/app_vf/nb_gg_cn_oo.xml
- <Package Folder>/databases/sdk_DB
- <Package Folder>/databases/sdk_DB-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/skvcbg_f.dex (deleted)
- <Package Folder>/files/####/skvcbg_f.zip
- <Package Folder>/shared_prefs/csdksession.xml
- <Package Folder>/shared_prefs/qihoo_jiagu_crash_report.xml
- <Package Folder>/shared_prefs/vdw.xml
- <SD-Card>/Android/####/KSE.DAT
- <SD-Card>/Android/####/NDID.DAT
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- cocos2dcpp
- libjiagu
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
