Android.Triada.386

Техническая информация

Вредоносные функции:

Загружает на исполнение код следующих детектируемых угроз:

Android.Triada.243

Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).

Сетевая активность:

Подключается к:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) cf.gdata####.net:80
TCP(HTTP/1.1) rd.gdata####.net:80

Запросы DNS:

cf.gdata####.net
cl.mo####.u####.com
rd.gdata####.net

Запросы HTTP POST:

rd.gdata####.net/config/update
rd.gdata####.net/dc/sync_adr

Изменения в файловой системе:

Создает следующие файлы:

/data/anr/traces.txt
<Package Folder>/.jiagu/libjiagu.so
<Package Folder>/databases/dataeye_database_87E030F22A3A0A5D218...024.db
<Package Folder>/databases/dataeye_database_87E030F22A3A0A5D218...ournal
<Package Folder>/databases/vi_db_pay-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/files/####/.jg.ic
<Package Folder>/files/####/111.png
<Package Folder>/files/####/2.png
<Package Folder>/files/####/3.png
<Package Folder>/files/####/andanxia.png
<Package Folder>/files/####/choujiang.png
<Package Folder>/files/####/dakai.png
<Package Folder>/files/####/ershiba.png
<Package Folder>/files/####/ershiyuan.png
<Package Folder>/files/####/guanka.png
<Package Folder>/files/####/hongbao.png
<Package Folder>/files/####/huang.png
<Package Folder>/files/####/jiayou1.png
<Package Folder>/files/####/jindan.png
<Package Folder>/files/####/jinghua.png
<Package Folder>/files/####/kaijiang.png
<Package Folder>/files/####/keng_30.png
<Package Folder>/files/####/letGo.png
<Package Folder>/files/####/liangyuan.png
<Package Folder>/files/####/likai.png
<Package Folder>/files/####/lose.png
<Package Folder>/files/####/m_goumai.png
<Package Folder>/files/####/naxia.png
<Package Folder>/files/####/nothing.png
<Package Folder>/files/####/quxiao.png
<Package Folder>/files/####/s2.png
<Package Folder>/files/####/s3.png
<Package Folder>/files/####/sanshiyuan.png
<Package Folder>/files/####/shang.png
<Package Folder>/files/####/shenmidan.png
<Package Folder>/files/####/shou.png
<Package Folder>/files/####/shou111.png
<Package Folder>/files/####/success.png
<Package Folder>/files/####/tenyua11n.png
<Package Folder>/files/####/tenyuan.png
<Package Folder>/files/####/tuichu.png
<Package Folder>/files/####/xiayiguan.png
<Package Folder>/files/####/yao_20.png
<Package Folder>/files/####/yao_28.png
<Package Folder>/files/####/zaici.png
<Package Folder>/files/1000jinbi.png
<Package Folder>/files/200jinbi.png
<Package Folder>/files/28.png
<Package Folder>/files/30.png
<Package Folder>/files/500.png
<Package Folder>/files/A_huimeng.png
<Package Folder>/files/Aer28.png
<Package Folder>/files/Aer_30.png
<Package Folder>/files/Ancha.png
<Package Folder>/files/Marker Felt.ttf
<Package Folder>/files/PaoRena.png
<Package Folder>/files/SuiPian1.png
<Package Folder>/files/SuiPian2.png
<Package Folder>/files/SuiPian3.png
<Package Folder>/files/SuiPian4.png
<Package Folder>/files/aa2.png
<Package Folder>/files/addLife.ogg
<Package Folder>/files/addSpeedTitle.png
<Package Folder>/files/again_tiao1.png
<Package Folder>/files/again_tiao2.png
<Package Folder>/files/aixin1.png
<Package Folder>/files/aixinfu.plist
<Package Folder>/files/aixinfu.png
<Package Folder>/files/app.icf
<Package Folder>/files/baohu.plist
<Package Folder>/files/baohu.png
<Package Folder>/files/baoxiang.ogg
<Package Folder>/files/bd.png
<Package Folder>/files/beijingyue.mp3
<Package Folder>/files/bet.mp3
<Package Folder>/files/bian_daoju.png
<Package Folder>/files/bian_daoju2.png
<Package Folder>/files/bian_daoju3.png
<Package Folder>/files/bian_daoju4.png
<Package Folder>/files/bian_daoju5.png
<Package Folder>/files/bianda_lock.png
<Package Folder>/files/bianda_menu.png
<Package Folder>/files/biandalu.png
<Package Folder>/files/bigLoad.ogg
<Package Folder>/files/bigLoad.plist
<Package Folder>/files/bigLoad.png
<Package Folder>/files/bing_1.tmx
<Package Folder>/files/bing_10.tmx
<Package Folder>/files/bing_11.tmx
<Package Folder>/files/bing_2.tmx
<Package Folder>/files/bing_3.tmx
<Package Folder>/files/bing_4.tmx
<Package Folder>/files/bing_5.tmx
<Package Folder>/files/bing_6.tmx
<Package Folder>/files/bing_7.tmx
<Package Folder>/files/bing_8.tmx
<Package Folder>/files/bing_9.tmx
<Package Folder>/files/bing_jing.jpg
<Package Folder>/files/boxling.png
<Package Folder>/files/boxlinglo.png
<Package Folder>/files/broken.ogg
<Package Folder>/files/broken.plist
<Package Folder>/files/broken.png
<Package Folder>/files/caidan1.png
<Package Folder>/files/caidan2.png
<Package Folder>/files/cha.png
<Package Folder>/files/chongxin1.png
<Package Folder>/files/chongxin2.png
<Package Folder>/files/chou_cha.png
<Package Folder>/files/choujiang.png
<Package Folder>/files/choujiang1.png
<Package Folder>/files/choujiang2.png
<Package Folder>/files/citie.png
<Package Folder>/files/coin.png
<Package Folder>/files/coin.tsx
<Package Folder>/files/coin_big_droping.mp3
<Package Folder>/files/daojishi.plist
<Package Folder>/files/daojishi.png
<Package Folder>/files/daoju.plist
<Package Folder>/files/daoju.png
<Package Folder>/files/development.icf
<Package Folder>/files/dh.png
<Package Folder>/files/dh1.png
<Package Folder>/files/dianwo.png
<Package Folder>/files/disappear.plist
<Package Folder>/files/disappear.png
<Package Folder>/files/disui.png
<Package Folder>/files/ditiepaoku.jpg
<Package Folder>/files/eat.plist
<Package Folder>/files/eat.png
<Package Folder>/files/enemyDied.mp3
<Package Folder>/files/fafafa.png
<Package Folder>/files/fan_dd.png
<Package Folder>/files/fanzhuan.mp3
<Package Folder>/files/fei3.png
<Package Folder>/files/fengsan.plist
<Package Folder>/files/fengsan.png
<Package Folder>/files/first_beijing.jpg
<Package Folder>/files/forest.png
<Package Folder>/files/fp3.png
<Package Folder>/files/fp4.png
<Package Folder>/files/fp7.png
<Package Folder>/files/fp8.png
<Package Folder>/files/fuhuo.png
<Package Folder>/files/fuhuo_go.png
<Package Folder>/files/gonglu.png
<Package Folder>/files/goumai.png
<Package Folder>/files/ground.png
<Package Folder>/files/ground.tsx
<Package Folder>/files/guaiwu.plist
<Package Folder>/files/guaiwu.png
<Package Folder>/files/guan_anniuhuang.png
<Package Folder>/files/guan_beijing.jpg
<Package Folder>/files/guan_huianniu.png
<Package Folder>/files/guan_wa.tmx
<Package Folder>/files/guanbi1.png
<Package Folder>/files/guanbi2.png
<Package Folder>/files/guangshu.png
<Package Folder>/files/guangsu.png
<Package Folder>/files/guanka_jinru.png
<Package Folder>/files/guanka_jinru2.png
<Package Folder>/files/guanka_ziti.png
<Package Folder>/files/guanreturn.png
<Package Folder>/files/guanreturn2.png
<Package Folder>/files/gundong.plist
<Package Folder>/files/gundong.png
<Package Folder>/files/help_Index1 .png
<Package Folder>/files/help_Index2.png
<Package Folder>/files/hinderHurt.mp3
<Package Folder>/files/hongbao_arrived.mp3
<Package Folder>/files/hongcha.png
<Package Folder>/files/hongdeng.plist
<Package Folder>/files/hongdeng.png
<Package Folder>/files/hu_1.png
<Package Folder>/files/hu_2.png
<Package Folder>/files/huaban.png
<Package Folder>/files/huangkuang.png
<Package Folder>/files/hudun.png
<Package Folder>/files/hudun1.png
<Package Folder>/files/hudun2.png
<Package Folder>/files/huicheng.png
<Package Folder>/files/huoche.png
<Package Folder>/files/huoche02.png
<Package Folder>/files/huoche03.png
<Package Folder>/files/jewel.ogg
<Package Folder>/files/jewel2.ogg
<Package Folder>/files/jia.png
<Package Folder>/files/jiangtai.png
<Package Folder>/files/jianzui.png
<Package Folder>/files/jiasu.png
<Package Folder>/files/jindu.png
<Package Folder>/files/jingbao.png
<Package Folder>/files/jingcha.mp3
<Package Folder>/files/jump.ogg
<Package Folder>/files/jump2.ogg
<Package Folder>/files/jump_light.plist
<Package Folder>/files/jump_light.png
<Package Folder>/files/juxuyouxilock.png
<Package Folder>/files/kai_xiang.png
<Package Folder>/files/kaiguan.png
<Package Folder>/files/kaiguan2.png
<Package Folder>/files/kaixiang.png
<Package Folder>/files/koushao.mp3
<Package Folder>/files/kuaidao.plist
<Package Folder>/files/kuaidao.png
<Package Folder>/files/kuaisu1.png
<Package Folder>/files/kuxuyouxi.png
<Package Folder>/files/lainhe.png
<Package Folder>/files/languang.png
<Package Folder>/files/light.jpg
<Package Folder>/files/liwu.png
<Package Folder>/files/load_new.plist
<Package Folder>/files/load_new.png
<Package Folder>/files/loading.jpg
<Package Folder>/files/loding_1.png
<Package Folder>/files/loding_3.png
<Package Folder>/files/logo_huo_2.plist
<Package Folder>/files/lose.ogg
<Package Folder>/files/m_baoxiang.png
<Package Folder>/files/m_fanga.png
<Package Folder>/files/m_gui_2.png
<Package Folder>/files/m_hua.png
<Package Folder>/files/m_huaban.plist
<Package Folder>/files/m_huaban.png
<Package Folder>/files/m_xijin.plist
<Package Folder>/files/m_xijin.png
<Package Folder>/files/mao.plist
<Package Folder>/files/meiri_qian.png
<Package Folder>/files/menu.ogg
<Package Folder>/files/mubiao1.png
<Package Folder>/files/mubiao10.png
<Package Folder>/files/mubiao11.png
<Package Folder>/files/mubiao12.png
<Package Folder>/files/mubiao2.png
<Package Folder>/files/mubiao3.png
<Package Folder>/files/mubiao4.png
<Package Folder>/files/mubiao5.png
<Package Folder>/files/mubiao6.png
<Package Folder>/files/mubiao7.png
<Package Folder>/files/mubiao8.png
<Package Folder>/files/mubiao9.png
<Package Folder>/files/mubiao_zuo.png
<Package Folder>/files/myban.png
<Package Folder>/files/new_root.tsx
<Package Folder>/files/next1.png
<Package Folder>/files/next2.png
<Package Folder>/files/next3.png
<Package Folder>/files/nubiao_shang.png
<Package Folder>/files/nvhai.plist
<Package Folder>/files/nvhai.png
<Package Folder>/files/nvhuo1.png
<Package Folder>/files/nvhuo2.png
<Package Folder>/files/openBox.ogg
<Package Folder>/files/pao.plist
<Package Folder>/files/pao.png
<Package Folder>/files/paoren.plist
<Package Folder>/files/paoren.png
<Package Folder>/files/paylib.jar
<Package Folder>/files/pingguo.png
<Package Folder>/files/power_bar.png
<Package Folder>/files/power_progress.png
<Package Folder>/files/qian_dao.png
<Package Folder>/files/qian_ling.png
<Package Folder>/files/qiandao.png
<Package Folder>/files/qianjing.png
<Package Folder>/files/return_1.png
<Package Folder>/files/return_2.png
<Package Folder>/files/root.plist
<Package Folder>/files/root.png
<Package Folder>/files/sd.plist
<Package Folder>/files/sd.png
<Package Folder>/files/shandian2.png
<Package Folder>/files/shangdian.png
<Package Folder>/files/shanghai.png
<Package Folder>/files/shouru.png
<Package Folder>/files/shu2.png
<Package Folder>/files/shu_1.tmx
<Package Folder>/files/shu_10.tmx
<Package Folder>/files/shu_11.tmx
<Package Folder>/files/shu_2.tmx
<Package Folder>/files/shu_3.tmx
<Package Folder>/files/shu_4.tmx
<Package Folder>/files/shu_5.tmx
<Package Folder>/files/shu_6.tmx
<Package Folder>/files/shu_7.tmx
<Package Folder>/files/shu_8.tmx
<Package Folder>/files/shu_9.tmx
<Package Folder>/files/shuzhuang.png
<Package Folder>/files/shuzi1.png
<Package Folder>/files/shuzi2.png
<Package Folder>/files/shuzi3.png
<Package Folder>/files/shuzi4.png
<Package Folder>/files/snow.png
<Package Folder>/files/start_1.png
<Package Folder>/files/start_2.png
<Package Folder>/files/sui_back.png
<Package Folder>/files/sui_huaban.png
<Package Folder>/files/sui_hudun.png
<Package Folder>/files/sui_jinbi.png
<Package Folder>/files/sui_mubiao.png
<Package Folder>/files/sui_sp1.png
<Package Folder>/files/sui_sp2.png
<Package Folder>/files/sui_sp3.png
<Package Folder>/files/sui_xiexie.png
<Package Folder>/files/sui_zhuan.png
<Package Folder>/files/temp.zip
<Package Folder>/files/tiao.plist
<Package Folder>/files/tiao.png
<Package Folder>/files/tiaoJump.png
<Package Folder>/files/tiaoJump1.png
<Package Folder>/files/tielu.png
<Package Folder>/files/title_yan.plist
<Package Folder>/files/toastNum.png
<Package Folder>/files/toolNum.png
<Package Folder>/files/tuhuo.plist
<Package Folder>/files/tuhuo.png
<Package Folder>/files/wancehng.png
<Package Folder>/files/wanjuxiong.png
<Package Folder>/files/win.ogg
<Package Folder>/files/wodao.png
<Package Folder>/files/wodaolock.png
<Package Folder>/files/x1.png
<Package Folder>/files/x2.png
<Package Folder>/files/x3.png
<Package Folder>/files/x4.png
<Package Folder>/files/x5.png
<Package Folder>/files/xiangzi.png
<Package Folder>/files/xiexie.png
<Package Folder>/files/xiong_hurt.png
<Package Folder>/files/xue.png
<Package Folder>/files/yaoshui.ogg
<Package Folder>/files/yinxiao.png
<Package Folder>/files/yinxiao2.png
<Package Folder>/files/yinyue.png
<Package Folder>/files/yinyue2.png
<Package Folder>/files/yonghu1.png
<Package Folder>/files/yonghu2.png
<Package Folder>/files/yonghu3.png
<Package Folder>/files/yonghu4.png
<Package Folder>/files/yuan.png
<Package Folder>/files/yuncai1.png
<Package Folder>/files/yuncai2.png
<Package Folder>/files/yuncai3.png
<Package Folder>/files/z.png
<Package Folder>/files/zhantin2.png
<Package Folder>/files/zhanting.png
<Package Folder>/files/zhua1.png
<Package Folder>/files/zhua2.png
<Package Folder>/files/zhuai.png
<Package Folder>/files/zhuan.mp3
<Package Folder>/files/zuofanhui.png
<Package Folder>/shared_prefs/Cocos2dxPrefsFile.xml
<Package Folder>/shared_prefs/SP_REPLACE_CLASSLOADER_CLASS_NAME.xml
<Package Folder>/shared_prefs/dc.87E030F22A3A0A5D2188829AC18090...es.xml
<Package Folder>/shared_prefs/qihoo_jiagu_crash_report.xml
<Package Folder>/shared_prefs/umeng_general_config.xml
<Package Folder>/shared_prefs/unknown.xml
<SD-Card>/.SystemService/####/uid

Другие:

Запускает следующие shell-скрипты:

/system/bin/sh
cat /sys/block/mmcblk0/device/cid
chmod 755 <Package Folder>/.jiagu/libjiagu.so
ls -l /sbin/su
ls -l /system/bin/su
ls -l /system/sbin/su
ls -l /system/xbin/su
ls -l /vendor/bin/su

Загружает динамические библиотеки:

cocos2dcpp
libjiagu

Использует специальную библиотеку для скрытия исполняемого байткода.

Осуществляет доступ к информации о геолокации.

Осуществляет доступ к информации о сети.

Осуществляет доступ к информации о телефоне (номер, imei и тд.).

Осуществляет доступ к информации об установленных приложениях.

Осуществляет доступ к информации об отправленых/принятых смс.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней