Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Plague.1.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) s####.io:80
- TCP(HTTP/1.1) static####.b####.jp:80
- TCP(HTTP/1.1) msg.si####.b####.jp:80
- TCP(TLS/1.0) t####.appsf####.com:443
- TCP(TLS/1.0) api.appsf####.com:443
- TCP(TLS/1.0) c####.ime.b####.jp:443
Запросы DNS:
- api.appsf####.com
- c####.ime.b####.jp
- ch.bo####.com
- ch1bo####.com
- ch2.bo####.com
- msg.si####.b####.jp
- s####.io
- static####.b####.jp
- t####.appsf####.com
Запросы HTTP GET:
- msg.si####.b####.jp/getmsg?id=####&app_ver=####&ver_code=####&os_ver=###...
- s####.io/simeji-skins/android/getSkinUpdateList?pixel=####&density=####&...
- s####.io/simeji-skins/android/getVipThemeList?pixel=####&density=####&ve...
- s####.io/simeji-skins/android/homepage?category=####&pixel=####&density=...
- s####.io/simeji-skins/callback?method=####&identifier=####&version=####
- s####.io/simeji-skins/getThumbnail?device=####&id=####
- static####.b####.jp/simeji-skins/getBanner?device=####&id=####
- static####.b####.jp/simeji-skins/getThumbnail?device=####&id=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/app_mfruzclasses.jar
- <Package Folder>/databases/OcrDataHelper-journal
- <Package Folder>/databases/STAMP_DB-journal
- <Package Folder>/databases/SimejiProvider.db-journal
- <Package Folder>/databases/cloudfixedphrase.db-journal
- <Package Folder>/databases/dbpjjzt-journal
- <Package Folder>/databases/tray.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/simeji.dat1
- <Package Folder>/files/AF_INSTALLATION
- <Package Folder>/files/rcg
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/PREFS_NAME_REWARD_RELATED.xml
- <Package Folder>/shared_prefs/ReferralParamsFile.xml
- <Package Folder>/shared_prefs/appsflyer-data.xml
- <Package Folder>/shared_prefs/key_isskin_refresh.xml
- <Package Folder>/shared_prefs/red_points_preference.xml
- <Package Folder>/shared_prefs/simeji_ad_spef.xml
- <Package Folder>/shared_prefs/simeji_ext_pref.xml
- <Package Folder>/shared_prefs/simeji_multi.xml
- <Package Folder>/shared_prefs/simeji_skin_spef.xml
- <SD-Card>/Simeji/####/0c39d725c45794f4da0206873f440ab2.0.tmp
- <SD-Card>/Simeji/####/0c39d725c45794f4da0206873f440ab2.1.tmp
- <SD-Card>/Simeji/####/1211f6e29362995b<SMS Address>ed6fb776d52bb.0.tmp
- <SD-Card>/Simeji/####/1211f6e29362995b<SMS Address>ed6fb776d52bb.1.tmp
- <SD-Card>/Simeji/####/1ae60ff634a4eace9e2a3bed9988acdf.0.tmp
- <SD-Card>/Simeji/####/1ae60ff634a4eace9e2a3bed9988acdf.1.tmp
- <SD-Card>/Simeji/####/2a3ba3005d82f76e0fbe55528df5fcba.0.tmp
- <SD-Card>/Simeji/####/2a3ba3005d82f76e0fbe55528df5fcba.1.tmp
- <SD-Card>/Simeji/####/2b6007188571a6add479bb553ea27dd8.0.tmp
- <SD-Card>/Simeji/####/2b6007188571a6add479bb553ea27dd8.1.tmp
- <SD-Card>/Simeji/####/3224b8b941dec6442eff7f4f4be9a8f4.0.tmp
- <SD-Card>/Simeji/####/3224b8b941dec6442eff7f4f4be9a8f4.1.tmp
- <SD-Card>/Simeji/####/38a37d8f88571ffb6d5902de7921f0e9.0.tmp
- <SD-Card>/Simeji/####/38a37d8f88571ffb6d5902de7921f0e9.1.tmp
- <SD-Card>/Simeji/####/39f8a9c8348a835e371d86cceb1cf463.0.tmp
- <SD-Card>/Simeji/####/39f8a9c8348a835e371d86cceb1cf463.1.tmp
- <SD-Card>/Simeji/####/4e80d3788060281f81b07011470c8ec5.0.tmp
- <SD-Card>/Simeji/####/4e80d3788060281f81b07011470c8ec5.1.tmp
- <SD-Card>/Simeji/####/4f2eb9803aeab4875f9317c640212d5d.0.tmp
- <SD-Card>/Simeji/####/4f2eb9803aeab4875f9317c640212d5d.1.tmp
- <SD-Card>/Simeji/####/548b0fb38f488de403d1a7e0ff2ddc96.0.tmp
- <SD-Card>/Simeji/####/548b0fb38f488de403d1a7e0ff2ddc96.1.tmp
- <SD-Card>/Simeji/####/6051537d68dbb23e321f40f9df330cc7.0.tmp
- <SD-Card>/Simeji/####/6051537d68dbb23e321f40f9df330cc7.1.tmp
- <SD-Card>/Simeji/####/67189917be5d59f4485dc892a47764ba.0.tmp
- <SD-Card>/Simeji/####/67189917be5d59f4485dc892a47764ba.1.tmp
- <SD-Card>/Simeji/####/6d5fb40c18d7a195e6d065e5a276270c.0.tmp
- <SD-Card>/Simeji/####/6d5fb40c18d7a195e6d065e5a276270c.1.tmp
- <SD-Card>/Simeji/####/6de42964afd73084befd1fb59a697741.0.tmp
- <SD-Card>/Simeji/####/6de42964afd73084befd1fb59a697741.1.tmp
- <SD-Card>/Simeji/####/7194c6c3cb4ea4f556890ef07aadee59.0.tmp
- <SD-Card>/Simeji/####/7194c6c3cb4ea4f556890ef07aadee59.1.tmp
- <SD-Card>/Simeji/####/801a4347913340e0becc2d2cd2f2da61.0.tmp
- <SD-Card>/Simeji/####/801a4347913340e0becc2d2cd2f2da61.1.tmp
- <SD-Card>/Simeji/####/81af2b1c16b619ce90ff9bf398279586.0.tmp
- <SD-Card>/Simeji/####/81af2b1c16b619ce90ff9bf398279586.1.tmp
- <SD-Card>/Simeji/####/84f3908a404c904fa700a7f80c5b5335.0.tmp
- <SD-Card>/Simeji/####/84f3908a404c904fa700a7f80c5b5335.1.tmp
- <SD-Card>/Simeji/####/85040621d3e44b9e4b849427ad5b5717.0.tmp
- <SD-Card>/Simeji/####/85040621d3e44b9e4b849427ad5b5717.1.tmp
- <SD-Card>/Simeji/####/ae43a9f84d3564c3fea8e04524bc69b5.0.tmp
- <SD-Card>/Simeji/####/ae43a9f84d3564c3fea8e04524bc69b5.1.tmp
- <SD-Card>/Simeji/####/b4e7722b44e6d078078537c8f94805d3.0.tmp
- <SD-Card>/Simeji/####/b4e7722b44e6d078078537c8f94805d3.1.tmp
- <SD-Card>/Simeji/####/c59a0900433a82d44c3bc41e0c9cbd16.0.tmp
- <SD-Card>/Simeji/####/c59a0900433a82d44c3bc41e0c9cbd16.1.tmp
- <SD-Card>/Simeji/####/c66af64584cc3cd6fe814fe848679e9c.0.tmp
- <SD-Card>/Simeji/####/c66af64584cc3cd6fe814fe848679e9c.1.tmp
- <SD-Card>/Simeji/####/cda511bb132f73d572bd6465b14e3dec.0.tmp
- <SD-Card>/Simeji/####/cda511bb132f73d572bd6465b14e3dec.1.tmp
- <SD-Card>/Simeji/####/ce026719b149e4c0a4c6d8567f0efcb0.0.tmp
- <SD-Card>/Simeji/####/ce026719b149e4c0a4c6d8567f0efcb0.1.tmp
- <SD-Card>/Simeji/####/cf34effb13217241f588ca4b15e0d774.0.tmp
- <SD-Card>/Simeji/####/cf34effb13217241f588ca4b15e0d774.1.tmp
- <SD-Card>/Simeji/####/d36c1ada3821656a8b2964d2bb5ca573.0.tmp
- <SD-Card>/Simeji/####/d36c1ada3821656a8b2964d2bb5ca573.1.tmp
- <SD-Card>/Simeji/####/d3a447a5e6ab00a4e43e098095bae734.0.tmp
- <SD-Card>/Simeji/####/d3a447a5e6ab00a4e43e098095bae734.1.tmp
- <SD-Card>/Simeji/####/da03e521cb54e08a3b1ddd123ec2315f.0.tmp
- <SD-Card>/Simeji/####/da03e521cb54e08a3b1ddd123ec2315f.1.tmp
- <SD-Card>/Simeji/####/eb848028d45a360073d5b2168bdacbd8.0.tmp
- <SD-Card>/Simeji/####/eb848028d45a360073d5b2168bdacbd8.1.tmp
- <SD-Card>/Simeji/####/ed816c85e361b49414717eceed3bb1e0.0.tmp
- <SD-Card>/Simeji/####/ed816c85e361b49414717eceed3bb1e0.1.tmp
- <SD-Card>/Simeji/####/efa806b5961d59521c5123b1933f04d6.0.tmp
- <SD-Card>/Simeji/####/efa806b5961d59521c5123b1933f04d6.1.tmp
- <SD-Card>/Simeji/####/f3dce220571b50924bad9bd6937ae856.0.tmp
- <SD-Card>/Simeji/####/f3dce220571b50924bad9bd6937ae856.1.tmp
- <SD-Card>/Simeji/####/fbe7512871e577c3cdbd7e93f2e46a25.0.tmp
- <SD-Card>/Simeji/####/fbe7512871e577c3cdbd7e93f2e46a25.1.tmp
- <SD-Card>/Simeji/####/journal.tmp
- <SD-Card>/Simeji/.nomedia
- <SD-Card>/Simeji/.simeji
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- ecd
- libjiagu
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
