Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.3394
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) nos.net####.com:80
- TCP(HTTP/1.1) api.lof####.net####.com:80
- TCP(HTTP/1.1) mr.da.net####.com:80
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) regi####.xm####.xi####.com:443
Запросы DNS:
- a####.u####.com
- api.lof####.net####.com
- mr.da.net####.com
- nos.net####.com
- regi####.xm####.xi####.com
- sett####.crashly####.com
Запросы HTTP GET:
- api.lof####.net####.com/Server/ad
- api.lof####.net####.com/Server/getFilterTeamMaxVersion
- api.lof####.net####.com/Server/version.check?sys=####
- nos.net####.com/loftcam-photo/ABH1010?NOSAccessKeyId=####&Expires=####&S...
- nos.net####.com/loftcam-photo/AFP23?NOSAccessKeyId=####&Expires=####&Sig...
- nos.net####.com/loftcam-photo/ASH1006?NOSAccessKeyId=####&Expires=####&S...
Запросы HTTP POST:
- a####.u####.com/app_logs
- api.lof####.net####.com/Server/FilterTeamDetail
- api.lof####.net####.com/Server/FilterTeams
- mr.da.net####.com/receiver
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_dfzftom/<Package>.apk
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/cache/####/01371b443f27998d80c65df129e91ac596d....0.tmp
- <Package Folder>/cache/####/0da34699464225f27990a24420e38ee58ed....0.tmp
- <Package Folder>/cache/####/0f6d34ba3ff02b1f4f2121e0fad444e5bda....0.tmp
- <Package Folder>/cache/####/121fa0a53bf0704cddd3cad3aae9c8f987b....0.tmp
- <Package Folder>/cache/####/219140379edcf73c7e05ce41bb2af4b8136....0.tmp
- <Package Folder>/cache/####/22ac9e3fa222f9aa7a08e6386dfcd6ae752....0.tmp
- <Package Folder>/cache/####/23e75fb2af9d7e0fab732c60712d11e3e48....0.tmp
- <Package Folder>/cache/####/25e1884a15df4791bdf1f73a22554231bb9....0.tmp
- <Package Folder>/cache/####/2b5d298c9504113eb673f5a0f0b47b9d7bb....0.tmp
- <Package Folder>/cache/####/3e6fe59cf563b7c5d634c27d77e532edadc....0.tmp
- <Package Folder>/cache/####/3fcc09755c5ac5284c44c3312a7366140a8....0.tmp
- <Package Folder>/cache/####/40ce1aee5374cc7e74907eef00aa7ae6e54....0.tmp
- <Package Folder>/cache/####/47619e648900700774033cd2ea1d9ae55b9....0.tmp
- <Package Folder>/cache/####/47e59202b26c290abfe9f48b97877f62b4c....0.tmp
- <Package Folder>/cache/####/51fb391bee63252506ca10e49c2e6b57c20....0.tmp
- <Package Folder>/cache/####/5316c96c92435035f13478899026e5f8d07....0.tmp
- <Package Folder>/cache/####/55ed19215b999331facbde8e6e88e63de69....0.tmp
- <Package Folder>/cache/####/583bbc8c3ffaa87c51aa2ddaa9ac20d76b7....0.tmp
- <Package Folder>/cache/####/5d546f925084c054f02e16f97389d39f64c....0.tmp
- <Package Folder>/cache/####/60aab5da64b9f503448ff07cc6d04476107....0.tmp
- <Package Folder>/cache/####/721d1781a504d260e1e5d629f8e5d32a39e....0.tmp
- <Package Folder>/cache/####/72be3cc8420227552c7bbbc5c1bb632c0b3....0.tmp
- <Package Folder>/cache/####/86ecae08a0b8e1124849e1067de93c46a6a....0.tmp
- <Package Folder>/cache/####/9596cde01ff75ea1307ae43767089cb28f1....0.tmp
- <Package Folder>/cache/####/9c7a1e85aa5dcd319cbc457329c56a6d5ab....0.tmp
- <Package Folder>/cache/####/9ebf8f0eb0c44040a29993d4929101889d7....0.tmp
- <Package Folder>/cache/####/a57b13465d297d269f9c46f397189757612....0.tmp
- <Package Folder>/cache/####/a9deec75691a4e3bba4c942d5a03f633cc8....0.tmp
- <Package Folder>/cache/####/afa5db2be57537c6c7231a168f728099644....0.tmp
- <Package Folder>/cache/####/b7c1958c27bd62f50fd94dda6fb97e30fc6....0.tmp
- <Package Folder>/cache/####/c079445fee6c1354d77a1e90cd41f582027....0.tmp
- <Package Folder>/cache/####/c227e500b7e328b9b5dd08fb8dff62cb81c....0.tmp
- <Package Folder>/cache/####/cd0fdf2d4ad65f0b03df8c982af7b66d728....0.tmp
- <Package Folder>/cache/####/d23f22ec58f39515505ef7cb199e98b88f6....0.tmp
- <Package Folder>/cache/####/d3034a27e0e7b6603f8c4edd58137f3ba29....0.tmp
- <Package Folder>/cache/####/e423b8855699832802282582b931ab5b59a....0.tmp
- <Package Folder>/cache/####/e69a193e530c3174a8759d5563b47d3ffd0....0.tmp
- <Package Folder>/cache/####/eb16d2131a98e4cdb8e1dd06e2d139febd5....0.tmp
- <Package Folder>/cache/####/f40c94baf0bf3adf37bc1ac4171a115a8b2....0.tmp
- <Package Folder>/cache/####/fd3c809bf1b9a5dabcddffbc67cb1f5c8ee....0.tmp
- <Package Folder>/cache/####/fe1c837d3f27c146702f8817759c2f78409....0.tmp
- <Package Folder>/cache/####/ff4879afe80f9d618389ca17dd12efb5727....0.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/filters.db
- <Package Folder>/databases/filters.db-journal
- <Package Folder>/databases/mobidroid.sqlite-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/5A0D854B00E0-0001-0829-368AE1291C41...s_temp
- <Package Folder>/files/####/5A0D854C0109-0001-084E-368AE1291C41...s_temp
- <Package Folder>/files/####/5A0D854C0109-0001-084E-368AE1291C41.cls_temp
- <Package Folder>/files/####/5A0D855103C8-0002-0829-368AE1291C41...s_temp
- <Package Folder>/files/####/5A0D855203BE-0001-089B-368AE1291C41...s_temp
- <Package Folder>/files/####/5A0D855203BE-0001-089B-368AE1291C41.cls_temp
- <Package Folder>/files/####/5A0D85550049-0002-089B-368AE1291C41...s_temp
- <Package Folder>/files/####/5A0D855503AB-0001-08D8-368AE1291C41...s_temp
- <Package Folder>/files/####/com.crashlytics.settings.json
- <Package Folder>/files/####/crash_marker
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/initialization_marker
- <Package Folder>/files/####/sa_17007da1-60ed-47e1-9ebe-ca4402e7...97.tap
- <Package Folder>/files/####/session_analytics.tap
- <Package Folder>/files/####/session_analytics.tap (deleted)
- <Package Folder>/files/####/session_analytics.tap.tmp
- <Package Folder>/files/.imprint
- <Package Folder>/files/mobclick_agent_cached_<Package>323
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>.xml
- <Package Folder>/shared_prefs/NEW_TAG.xml
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answe...gs.xml
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;a.a.a.a.v.xml
- <Package Folder>/shared_prefs/mipush.xml
- <Package Folder>/shared_prefs/mipush_extra.xml
- <Package Folder>/shared_prefs/qihoo_jiagu_crash_report.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_socialize_qq.xml
- <SD-Card>/Android/####/log.lock
- <SD-Card>/Android/####/log1.txt
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- libjiagu
- pl_droidsonroids_gif
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
