Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.MobiDash.2.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) walkthr####.gamedis####.com:80
- TCP(HTTP/1.1) f####.gst####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) ko####.com:80
- TCP(HTTP/1.1) f####.google####.com:80
- TCP(HTTP/1.1) st####.kogst####.com:80
- TCP(HTTP/1.1) www.ko####.com:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) www.googlet####.com:80
- TCP(HTTP/1.1) 957fed1####.optim####.com:80
- TCP(HTTP/???) www.ko####.com:80
- TCP(TLS/1.0) s0.2####.net:443
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) adser####.go####.nl:443
- TCP(TLS/1.0) adser####.go####.com:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
Запросы DNS:
- adser####.go####.com
- adser####.go####.nl
- api####.k####.com
- common-####.t####.com
- f####.google####.com
- f####.gst####.com
- im####.google####.com
- ko####.com
- mt####.go####.com
- pag####.googles####.com
- pu####.g.doublec####.net
- s####.g.doublec####.net
- s0.2####.net
- securep####.g.doublec####.net
- st####.kogst####.com
- video-s####.v####.com
- walkthr####.gamedis####.com
- www.google-####.com
- www.googlet####.com
- www.ko####.com
- www.kogst####.com
Запросы HTTP GET:
- 957fed1####.optim####.com/api/libs/md5/md5.js
- 957fed1####.optim####.com/libs/gd/gd.js
- f####.google####.com/css?family=####&subset=####
- f####.google####.com/js/core/bridge3.187.0_en.html
- f####.google####.com/js/sdkloader/ima3.js
- f####.gst####.com/s/opensans/v15/cJZKeOuBrn4kERxqtaUH3SZ2oysoEQEeKwjgmXL...
- f####.gst####.com/s/opensans/v15/k3k702ZOKiLJc3WVjuplzJS3E-kSBmtLoNJPDtb...
- ko####.com/m/?wel####
- pag####.googles####.com/pagead/gen_204?error=####&vis=####&lid=####&sdkv...
- pag####.googles####.com/pagead/gen_204?request_type=####&lid=####&sdkv=#...
- pag####.googles####.com/pagead/gen_204?rt=####&ec=####&lid=####&sdkv=###...
- pag####.googles####.com/pagead/gen_204?rt=####&lid=####&sdkv=####&e=####...
- st####.kogst####.com/be16d08_nl_NL.js
- st####.kogst####.com/fontello.svg
- st####.kogst####.com/gen_cache/03/0d/030df60e-3adb-4265-9c01-3a15b4a42c6...
- st####.kogst####.com/gen_cache/04/85/04854bc21c12428ca33637d434b4ac3b_46...
- st####.kogst####.com/gen_cache/05/a7/05a722e2-64bc-4e35-912a-9258be02ffd...
- st####.kogst####.com/gen_cache/0a/7c/0a7ca858-ca19-497b-aba8-6cc8969a967...
- st####.kogst####.com/gen_cache/0e/27/0e277983-8e18-42e8-b40a-33d72dacdd8...
- st####.kogst####.com/gen_cache/11/18/1118cb45-45f0-43e9-8de6-cd82a9159a4...
- st####.kogst####.com/gen_cache/13/82/1382cd3beb544a2485520e8081881ae0_35...
- st####.kogst####.com/gen_cache/16/fa/16fa28c0-87ac-4472-939a-558255fe362...
- st####.kogst####.com/gen_cache/19/bc/19bcf6e5-5ce8-4da6-a795-dbf26631d6b...
- st####.kogst####.com/gen_cache/1d/08/1d085911343141bbad840419f1130d04_64...
- st####.kogst####.com/gen_cache/1f/18/1f18596679a540a896d2717c4f414b7e_35...
- st####.kogst####.com/gen_cache/1f/a6/1fa6a1a56e394ea3896c48482a7c89c3_35...
- st####.kogst####.com/gen_cache/21/c1/21c133b1-01b6-4df9-a4dd-f1b004b17d4...
- st####.kogst####.com/gen_cache/27/af/27afe24acfd547c997893f4d16d80a5a_79...
- st####.kogst####.com/gen_cache/27/e7/27e73d4f-d5fa-45d6-9f0e-1ef4f4a1151...
- st####.kogst####.com/gen_cache/2a/2a/2a2a11ac40f441bb9a0df30888351a29_35...
- st####.kogst####.com/gen_cache/2a/79/2a798a0c-9870-4899-b7ed-40083e45aa6...
- st####.kogst####.com/gen_cache/2a/ec/2aeca901-763a-4014-9a66-736a30f2f72...
- st####.kogst####.com/gen_cache/2b/cc/2bcc7386-6f35-4aa3-8859-19fefbc2343...
- st####.kogst####.com/gen_cache/34/b2/34b2cebf9b7440fe9dbe3a61776a9f5e_35...
- st####.kogst####.com/gen_cache/40/3f/403f5efb-7464-4703-9654-55ca0ddacc0...
- st####.kogst####.com/gen_cache/4a/55/4a5518f6dac74497a0c12fc196b0496b_46...
- st####.kogst####.com/gen_cache/4a/d5/4ad5a6a4-17ce-4c88-a9f1-32b8583af4f...
- st####.kogst####.com/gen_cache/4c/b0/4cb0c398d0b042ffad129dff5c0916f7_35...
- st####.kogst####.com/gen_cache/4d/1d/4d1dfc99d43049709bda3926c2ecf3a9_35...
- st####.kogst####.com/gen_cache/4e/4e/4e4e58593dfb4ed5aff03b040b03a04a_46...
- st####.kogst####.com/gen_cache/4f/5a/4f5a81e20fd74aa5ab36653c5f83d046_79...
- st####.kogst####.com/gen_cache/4f/de/4fde67da-50c3-42d4-8146-5844729dcf5...
- st####.kogst####.com/gen_cache/53/a6/53a6980d-0247-47cb-9d02-09c156e66ec...
- st####.kogst####.com/gen_cache/54/ac/54ace2d895a34c39bb4ecba003b4f0e3_79...
- st####.kogst####.com/gen_cache/57/06/5706b8f0-4443-4f06-8904-bb82311e770...
- st####.kogst####.com/gen_cache/5d/b3/5db35489c9e546559ab1661905b19c82_35...
- st####.kogst####.com/gen_cache/60/b7/60b7d6a0-4cf7-46d4-990e-c72a8677af6...
- st####.kogst####.com/gen_cache/61/69/616963093a20446ea714e422f03d11b0_35...
- st####.kogst####.com/gen_cache/65/ee/65ee5dbcec6342f6820767ca964ed005_35...
- st####.kogst####.com/gen_cache/68/c2/68c2e8b7e3ce4382bdd5516b17cd3dd6_46...
- st####.kogst####.com/gen_cache/69/b5/69b54d1151114e7790312474ffc1a203_32...
- st####.kogst####.com/gen_cache/6d/37/6d371b7a2be54a6eb7cb60ae78f1f6e9_32...
- st####.kogst####.com/gen_cache/72/2f/722fe624681e44928babf256ae3b6834_46...
- st####.kogst####.com/gen_cache/72/8e/728ec8b8-96e9-4f24-85c0-de7e179018c...
- st####.kogst####.com/gen_cache/75/10/7510fb1f706e4c6baee15dd29c9cd2d4_32...
- st####.kogst####.com/gen_cache/77/fd/77fde260-54f1-4c30-b75d-31969bb1a72...
- st####.kogst####.com/gen_cache/79/07/7907a0bd7b264823b1517f74384f1bad_35...
- st####.kogst####.com/gen_cache/79/9f/799fa9ea-3fda-488e-8c7d-67ecb637643...
- st####.kogst####.com/gen_cache/7a/2a/7a2a5966c28d48e9af7a1da0e7e58ebf_35...
- st####.kogst####.com/gen_cache/7a/3c/7a3c094f-d944-44ca-bbb9-310bea15163...
- st####.kogst####.com/gen_cache/85/ce/85ce2bab-c75e-40f3-b4e3-bc5f063eaf9...
- st####.kogst####.com/gen_cache/87/be/87be1f38-e6e6-4818-ad1b-9e94266e8b8...
- st####.kogst####.com/gen_cache/87/d0/87d095e6-c2a3-4915-a91f-f12a1d48eb8...
- st####.kogst####.com/gen_cache/88/c3/88c37758-d181-49d3-a38e-b9318a076e9...
- st####.kogst####.com/gen_cache/8b/d9/8bd9ed0280354db5b4860ad568349462_32...
- st####.kogst####.com/gen_cache/8d/58/8d58a773-4140-4e52-a491-2e4e0639404...
- st####.kogst####.com/gen_cache/90/5f/905f401320874e71a38e0a4438553697_35...
- st####.kogst####.com/gen_cache/93/9f/939ff8169cf949abbb621ac82870215a_35...
- st####.kogst####.com/gen_cache/94/57/94570c8e-da9f-4af0-8f68-98daeb6dd76...
- st####.kogst####.com/gen_cache/94/91/94911b79861549c6b2d32e0703aeebb9_35...
- st####.kogst####.com/gen_cache/99/94/9994ee3ad5564fbe8dd9a22d356d2fd8_79...
- st####.kogst####.com/gen_cache/99/c6/99c674bc6ef9433e80ff4f5d12eeea44_32...
- st####.kogst####.com/gen_cache/9f/dd/9fddc771-ad0e-482a-8c2d-a4227af9d4e...
- st####.kogst####.com/gen_cache/a1/14/a1146c59-04ff-4305-b055-d8fa36dc1b7...
- st####.kogst####.com/gen_cache/a7/04/a704c170-d302-4db1-ba93-38c5865b6f5...
- st####.kogst####.com/gen_cache/ac/8a/ac8a3121a4f94f3496129c9cd29749c1_79...
- st####.kogst####.com/gen_cache/avatar_images/girl_46x46.jpg
- st####.kogst####.com/gen_cache/avatar_images/kingoffire_46x46.jpg
- st####.kogst####.com/gen_cache/avatar_images/panda_46x46.jpg
- st####.kogst####.com/gen_cache/avatar_images/robot_46x46.jpg
- st####.kogst####.com/gen_cache/b0/b0/b0b03318-485d-4228-a953-cc0ec8e852a...
- st####.kogst####.com/gen_cache/b6/13/b613ccc9bd924e6b83d1e390a56a6fa0_79...
- st####.kogst####.com/gen_cache/b6/32/b632237a-52f0-4274-805f-18aafd26515...
- st####.kogst####.com/gen_cache/b6/77/b67761e6-0423-4fc8-9f9f-71dc1023e62...
- st####.kogst####.com/gen_cache/bc/86/bc8657b0-71f9-4f3c-b90b-4105d773896...
- st####.kogst####.com/gen_cache/bf/7c/bf7c2ffd-bf09-4399-be32-596415d7e20...
- st####.kogst####.com/gen_cache/c2/2a/c22a898f-df5f-4bf5-af4b-81686d57f31...
- st####.kogst####.com/gen_cache/c2/2d/c22dd6fe1055403d99ac23e125095e77_35...
- st####.kogst####.com/gen_cache/c3/19/c3197419-a889-4468-afa7-94dd4adba8c...
- st####.kogst####.com/gen_cache/c7/07/c707533d-cda5-42ef-b9d6-05ad76304fc...
- st####.kogst####.com/gen_cache/c8/49/c8495b0e-638c-468f-a281-70665986f6f...
- st####.kogst####.com/gen_cache/cb/61/cb611039-eefb-4966-b99f-fadb1390fa3...
- st####.kogst####.com/gen_cache/ce/ce/cece31fcc58a4eba9205f7bbef9d4b7c_46...
- st####.kogst####.com/gen_cache/d2/0f/d20fa148-4182-4570-a1fa-9e61984ce5a...
- st####.kogst####.com/gen_cache/d6/5e/d65e0784e67a4219814c66fad37ee407_35...
- st####.kogst####.com/gen_cache/df/d2/dfd2f953e92f469ebb763d8d33f335f1_35...
- st####.kogst####.com/gen_cache/e3/39/e3398aef-58a6-46e9-9c9d-87d3d73e4de...
- st####.kogst####.com/gen_cache/e3/46/e34662cf-66a4-45ea-a57c-af224498ebd...
- st####.kogst####.com/gen_cache/eb/c0/ebc0e60e75644551be1e4fc0901cc2b6_35...
- st####.kogst####.com/gen_cache/ed/3a/ed3a45bc58da490089a98a946eccfa82_35...
- st####.kogst####.com/gen_cache/f3/85/f3858cd893e541bbb4420a437d7417c8_32...
- st####.kogst####.com/gen_cache/f4/68/f4680017f12444ceb173aa2c44f1c72d_35...
- st####.kogst####.com/gen_cache/f5/96/f5963013-7b4c-4b10-9de6-23f3444d72e...
- st####.kogst####.com/gen_cache/f9/23/f9233707e4634b648e867607981700bd_79...
- st####.kogst####.com/gen_cache/fb/af/fbafefdeb6bd42de8a1c4c259c90b75f_32...
- st####.kogst####.com/gen_cache/ff/bc/ffbca60f-d1d7-457d-be4c-886d734ee2d...
- st####.kogst####.com/kogama_icon-grayscale-64x64.png
- st####.kogst####.com/mobile_be16d08.css
- walkthr####.gamedis####.com/api/player/findv2/?pageId=####&gameId=####&t...
- www.google-####.com/analytics.js
- www.google-####.com/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####...
- www.google-####.com/collect?v=1&_v=j66&a=136675028&t=exception&_s=2&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=136675028&t=exception&_s=3&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=136675028&t=exception&_s=4&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=136675028&t=pageview&_s=1&dl=ht...
- www.google-####.com/collect?v=1&_v=j66&a=257124932&t=exception&_s=2&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=257124932&t=exception&_s=3&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=257124932&t=exception&_s=4&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=819154308&t=exception&_s=2&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=819154308&t=exception&_s=3&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=819154308&t=exception&_s=4&dl=h...
- www.google-####.com/collect?v=1&_v=j66&a=819154308&t=pageview&_s=1&dl=ht...
- www.google-####.com/r/collect?v=1&_v=j66&a=257124932&t=pageview&_s=1&dl=...
- www.googlet####.com/tag/js/gpt.js
- www.ko####.com/api/app/regions/
- www.ko####.com/game/5277275/comment/
- www.ko####.com/game/5325203/comment/
- www.ko####.com/game/5787831/comment/
- www.ko####.com/game/5817239/comment/
- www.ko####.com/games/
- www.ko####.com/games/play/5277275/
- www.ko####.com/games/play/5325203/
- www.ko####.com/games/play/5787831/
- www.ko####.com/games/play/5817239/
- www.ko####.com/games/playing/
- www.ko####.com/login/
- www.ko####.com/m/?wel####
- www.ko####.com/news/
- www.ko####.com/news/news/
- www.ko####.com/static/img/default/blockboy_small_46x46.jpg
- www.ko####.com/static/img/google-play-badge.png
- www.ko####.com/static/img/logo_bluewhite_7.png
- www.ko####.com/v1/locator/session/92ced849-1642-4b02-ba1a-0d25b246b4d6/p...
- www.ko####.com/v1/locator/session/?objectID=####&profileID=####&lang=###...
- www.ko####.com/v1/stat/p/?k=####&v=####&c=####&t=####&k=####&v=####&c=##...
Запросы HTTP POST:
- walkthr####.gamedis####.com/api/player/find/
- www.ko####.com/auth/login/
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_app_apk/kogama.dat.jar
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/f_000011
- <Package Folder>/cache/####/f_000012
- <Package Folder>/cache/####/f_000013
- <Package Folder>/cache/####/f_000014
- <Package Folder>/cache/####/f_000015
- <Package Folder>/cache/####/f_000016
- <Package Folder>/cache/####/f_000017
- <Package Folder>/cache/####/f_000018
- <Package Folder>/cache/####/f_000019
- <Package Folder>/cache/####/f_00001a
- <Package Folder>/cache/####/f_00001b
- <Package Folder>/cache/####/f_00001c
- <Package Folder>/cache/####/f_00001d
- <Package Folder>/cache/####/f_00001e
- <Package Folder>/cache/####/f_00001f
- <Package Folder>/cache/####/f_000020
- <Package Folder>/cache/####/f_000021
- <Package Folder>/cache/####/f_000022
- <Package Folder>/cache/####/f_000023
- <Package Folder>/cache/####/f_000024
- <Package Folder>/cache/####/f_000025
- <Package Folder>/cache/####/f_000026
- <Package Folder>/cache/####/f_000027
- <Package Folder>/cache/####/f_000028
- <Package Folder>/cache/####/f_000029
- <Package Folder>/cache/####/f_00002a
- <Package Folder>/cache/####/f_00002b
- <Package Folder>/cache/####/f_00002c
- <Package Folder>/cache/####/f_00002d
- <Package Folder>/cache/####/f_00002e
- <Package Folder>/cache/####/f_00002f
- <Package Folder>/cache/####/f_000030
- <Package Folder>/cache/####/f_000031
- <Package Folder>/cache/####/f_000032
- <Package Folder>/cache/####/f_000033
- <Package Folder>/cache/####/f_000034
- <Package Folder>/cache/####/f_000035
- <Package Folder>/cache/####/f_000036
- <Package Folder>/cache/####/f_000037
- <Package Folder>/cache/####/f_000038
- <Package Folder>/cache/####/f_000039
- <Package Folder>/cache/####/f_00003a
- <Package Folder>/cache/####/f_00003b
- <Package Folder>/cache/####/f_00003c
- <Package Folder>/cache/####/f_00003d
- <Package Folder>/cache/####/index
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/####/<Package>-1.apk.classes1133293.zip
- <Package Folder>/files/noEBRIYbs
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/multidex.version.xml
Другие:
Загружает динамические библиотеки:
- noEBRIYbs
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
