Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Plague.1.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) s.wagbr####.alibaba####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) s2.icaipia####.com:80
- TCP(HTTP/1.1) cdn-boo####.b0.a####.com:80
- TCP(HTTP/1.1) icaipia####.com:80
Запросы DNS:
- a####.u####.com
- au.u####.co
- au.u####.com
- cdn.boo####.com
- cdn.hch####.cn
- feed####.u####.com
- icaipia####.com
- odqcj####.bkt.clo####.com
- p.wangca####.com
- p.zhangko####.cn
- s1.icaipia####.com
- s2.icaipia####.com
- s3.icaipia####.com
- t.cnap####.com
- t1.cnap####.com
- t2.cnap####.com
Запросы HTTP GET:
- cdn-boo####.b0.a####.com/bootstrap/3.3.0/css/bootstrap.min.css
- cdn-boo####.b0.a####.com/jquery/jquery-1.8.3.min.js
- icaipia####.com/config/hostsconfig
- s2.icaipia####.com/api/v1/trend/table/shuangseqiu
- s2.icaipia####.com/api/v2/rank/landing?lottery_key=####
- s2.icaipia####.com/api/v2/rank/rank/19?master_type=####&count=####&start...
- s2.icaipia####.com/api/v2/rank/rank/7?master_type=####&count=####&start=...
- s2.icaipia####.com/static/js/share.js
- t####.c####.q####.####.com/114.jpg
- t####.c####.q####.####.com/20160322/74375db372988ae1e0a930f706ab1652
- t####.c####.q####.####.com/20160831/207b5645e52d1a1c3b84edabd6181aa3.jpg
- t####.c####.q####.####.com/20170915/B42DAAB18B4A06852E0AFEA874BD7C97.jpg
- t####.c####.q####.####.com/20171202/543D05EAA419294466B053A3E2281568.jpg
- t####.c####.q####.####.com/20171224/FD6AD0567348028F8D7E79CE15C2D6A1.jpg
- t####.c####.q####.####.com/908400D049D2E6B79B37C14AA359B767.jpg
- t####.c####.q####.####.com/933AC94B8F7A2F16150ABEFB4A3FC4FB.jpg
- t####.c####.q####.####.com/A7221197CFF1059D1DAD26DDB8B9230F.jpg
- t####.c####.q####.####.com/A806C328970829C244206078150C7B76.jpg
- t####.c####.q####.####.com/BB28E27FAD4C3B7E2CCD4B3DA8D9048C.jpg
- t####.c####.q####.####.com/C752B2187C4F6B6AF0A3CD5F6C3B08EA.jpg
- t####.c####.q####.####.com/C808AD548865CBD5DBB15262B176FB07.jpg
- t####.c####.q####.####.com/E57E062D57BC2D1D4D3C0CA3D595408D.jpg
- t####.c####.q####.####.com/F2350B702E004B7FF86FEFF5EB46CBE3.jpg
- t####.c####.q####.####.com/gongzhonghao6.jpg
- t####.c####.q####.####.com/qi61.jpg
- t####.c####.q####.####.com/recommend/master/171023132946/105.jpg
- t####.c####.q####.####.com/recommend/master/171023132946/120.jpg
- t####.c####.q####.####.com/recommend/master/171023132946/178.jpg
- t####.c####.q####.####.com/recommend/master/171023132946/700.jpg
- t####.c####.q####.####.com/recommend/master/171023132946/729.jpg
- t####.c####.q####.####.com/shuang3.jpg
- t####.c####.q####.####.com/zishen27.jpg
Запросы HTTP POST:
- a####.u####.com/app_logs
- s.wagbr####.alibaba####.com/api/check_app_update
- s2.icaipia####.com/api/v2/rank/views?category=####&master_id=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_pmun/classes.jar
- <Package Folder>/cache/####/-1240566270-1840388227
- <Package Folder>/cache/####/-1307573023-1840388227
- <Package Folder>/cache/####/-1525233285133232723
- <Package Folder>/cache/####/-1525233285320375795
- <Package Folder>/cache/####/-16369951661503415205
- <Package Folder>/cache/####/-16369951661568985196
- <Package Folder>/cache/####/-1636995166477978020
- <Package Folder>/cache/####/-1636995166530618717
- <Package Folder>/cache/####/-1636995166681152640
- <Package Folder>/cache/####/-2074540081686399898
- <Package Folder>/cache/####/-407011877-991566930
- <Package Folder>/cache/####/-585897743757967507
- <Package Folder>/cache/####/-598037035-1378912322
- <Package Folder>/cache/####/-873502706426073179
- <Package Folder>/cache/####/-873502770-337069460
- <Package Folder>/cache/####/-8735258001648890930
- <Package Folder>/cache/####/-982960744-251894831
- <Package Folder>/cache/####/1578975456-868080470
- <Package Folder>/cache/####/1578975456129828312
- <Package Folder>/cache/####/1578975464-867402275
- <Package Folder>/cache/####/15789754642137358340
- <Package Folder>/cache/####/15789754652131130130
- <Package Folder>/cache/####/1578975466-1808160735
- <Package Folder>/cache/####/15789754661333983579
- <Package Folder>/cache/####/1578975468-1489749424
- <Package Folder>/cache/####/15789754691804461216
- <Package Folder>/cache/####/1751112396489535313
- <Package Folder>/cache/####/1816724389-119718588
- <Package Folder>/cache/####/18167243891325059281
- <Package Folder>/cache/####/18167243891325094837
- <Package Folder>/cache/####/1847744196-119718588
- <Package Folder>/cache/####/19509068891338750681
- <Package Folder>/cache/####/267533816778613264
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/index
- <Package Folder>/databases/dbeab-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/.imprint
- <Package Folder>/files/host_file_name
- <Package Folder>/files/mobclick_agent_cached_<Package>20170929
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/umeng_feedback_conversations.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
Другие:
Загружает динамические библиотеки:
- bspatch
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
