Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Dowgin.3.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c.t####.b####.com:80
- TCP(HTTP/1.1) log.sn####.com.####.net:80
- TCP(HTTP/1.1) p1.ps####.com.####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) ib.sn####.com:80
- TCP(HTTP/1.1) vi.pi.v####.cn:80
- TCP(HTTP/1.1) ic.sn####.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) icha####.sn####.com:80
- TCP(HTTP/1.1) p9.ps####.com.####.com:80
Запросы DNS:
- a####.u####.com
- c.t####.b####.com
- dm.tou####.com
- i####.sn####.com
- ib.sn####.com
- ic.sn####.com
- icha####.sn####.com
- log.sn####.com
- oc.u####.com
- p1.ps####.com
- p3.ps####.com
- p9.ps####.com
- vi.pi.v####.cn
Запросы HTTP GET:
- ib.sn####.com/2/image/recent/?tag=####&count=####&ac=####&channel=####&a...
- ib.sn####.com/service/3/app_components/?screen_type=####&ac=####&channel...
- ib.sn####.com/service/4/app_ad/?_unused=####&carrier=####&mcc_mnc=####&d...
- ib.sn####.com/service/settings/v2/?app=####&default=####&ac=####&channel...
- ic.sn####.com/2/image/recent/?tag=####&count=####&iid=####&device_id=###...
- ic.sn####.com/2/image/recent/?tag=####&max_behot_time=####&count=####&ii...
- ic.sn####.com/service/1/detect_apps/?device_id=####&iid=####&device_id=#...
- ic.sn####.com/service/3/app_components/?screen_type=####&iid=####&device...
- ic.sn####.com/service/4/app_ad/?_unused=####&carrier=####&mcc_mnc=####&d...
- ic.sn####.com/service/settings/v2/?app=####&default=####&iid=####&device...
- icha####.sn####.com/feedback/2/list/?appkey=####&count=####&ac=####&chan...
- icha####.sn####.com/feedback/2/list/?appkey=####&count=####&iid=####&dev...
- icha####.sn####.com/service/2/app_alert/?has_market=####&lang=####&carri...
- icha####.sn####.com/service/2/app_notify/?allow_notify=####&leave_time=#...
- icha####.sn####.com/service/2/check_version/?ac=####&channel=####&aid=##...
- icha####.sn####.com/service/2/check_version/?iid=####&device_id=####&ac=...
- log.sn####.com.####.net/2/data/v4/get_comments/?group_id=####&count=####...
- log.sn####.com.####.net/2/user/info/?ac=####&channel=####&aid=####&app_n...
- log.sn####.com.####.net/2/user/info/?iid=####&device_id=####&ac=####&cha...
- log.sn####.com.####.net/get_domains/?ac=####&channel=####&aid=####&app_n...
- log.sn####.com.####.net/get_domains/?iid=####&device_id=####&ac=####&cha...
- log.sn####.com.####.net/large/1636000358ada9f3150d
- log.sn####.com.####.net/large/1637000334a7ba068b40
- log.sn####.com.####.net/large/16370003487e3c594103
- log.sn####.com.####.net/large/163700034a1b6d124efb
- log.sn####.com.####.net/large/163900034de9ed98b013
- log.sn####.com.####.net/large/16390003610c2e636dfb
- log.sn####.com.####.net/medium/163600030799e0a2bed6
- log.sn####.com.####.net/medium/1636000358ada9f3150d
- log.sn####.com.####.net/medium/163600052a9ea325b557
- log.sn####.com.####.net/medium/1637000334a7ba068b40
- log.sn####.com.####.net/medium/16370003487e3c594103
- log.sn####.com.####.net/medium/163700034a1b6d124efb
- log.sn####.com.####.net/medium/163900034de9ed98b013
- log.sn####.com.####.net/medium/16390003610c2e636dfb
- log.sn####.com.####.net/medium/16390004effe697d46d6
- log.sn####.com.####.net/medium/1639000548e5627f8b02
- log.sn####.com.####.net/medium/163900054bd95dc0a8c5
- log.sn####.com.####.net/medium/166200012069a1057fe8
- log.sn####.com.####.net/medium/166400012a738c9a46fc
- log.sn####.com.####.net/medium/166400013e954c35880a
- p1.ps####.com.####.com/large/16360003593ea9642a25
- p1.ps####.com.####.com/large/163600035a5915e9eb83
- p1.ps####.com.####.com/large/163600035ce59fcfa85c
- p1.ps####.com.####.com/large/1637000359af925c61c3
- p1.ps####.com.####.com/large/1639000362bc0956367b
- p1.ps####.com.####.com/medium/16360003593ea9642a25
- p1.ps####.com.####.com/medium/163600035ce59fcfa85c
- p1.ps####.com.####.com/medium/1637000351c72f7b17a6
- p1.ps####.com.####.com/medium/1637000359af925c61c3
- p1.ps####.com.####.com/medium/16390002d9b2d3853a8c
- p1.ps####.com.####.com/medium/163900035c11415edce5
- p1.ps####.com.####.com/medium/1639000362bc0956367b
- p1.ps####.com.####.com/medium/16390003bac180776969
- p1.ps####.com.####.com/medium/166200012930647958d3
- p1.ps####.com.####.com/medium/1665000128e8cd4f53a9
- p1.ps####.com.####.com/medium/166500013962635e86b8
- p1.ps####.com.####.com/medium/166500013b8a9f2e36e5
- p1.ps####.com.####.com/medium/16660000049b30d0b731
- p9.ps####.com.####.com/large/16380002013ebb2add25
- p9.ps####.com.####.com/medium/1636000499bc7ed7c625
- p9.ps####.com.####.com/medium/166500013d815c20c8a1
Запросы HTTP POST:
- a####.u####.com/app_logs
- c.t####.b####.com/c/s/pv
- ic.sn####.com/service/1/update_apps/
- log.sn####.com.####.net/service/2/app_log/
- log.sn####.com.####.net/service/2/app_log_config/
- log.sn####.com.####.net/service/2/app_log_exception/
- oc.u####.com/check_config_update
- vi.pi.v####.cn/mwpatjxb/0b3c/p79
- vi.pi.v####.cn/mwpatjxb/0b3c/q79
- vi.pi.v####.cn/mwpatjxb/0b3c/s79
- vi.pi.v####.cn/mwpatjxb/0b3c/t79
- vi.pi.v####.cn/mwpatjxb/0b3c/w79
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/databases/feedback.db-journal
- <Package Folder>/databases/funnygallery.db-journal
- <Package Folder>/databases/ss_app_log.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/com.vbnmzx.louhsr.jar
- <Package Folder>/files/mobclick_agent_cached_<Package>
- <Package Folder>/shared_prefs/_cscomssandroidgallerybxjtapwm_r.xml
- <Package Folder>/shared_prefs/app_setting.xml
- <Package Folder>/shared_prefs/app_track.xml
- <Package Folder>/shared_prefs/applog_stats.xml
- <Package Folder>/shared_prefs/com.ss.spipe_setting.xml
- <Package Folder>/shared_prefs/mobclick_agent_header_<Package>.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/mobclick_agent_state_<Package>.xml
- <Package Folder>/shared_prefs/settings.xml
- <Package Folder>/shared_prefs/snssdk_openudid.xml
- <Package Folder>/shared_prefs/ss_app_config.xml
- <Package Folder>/shared_prefs/ss_splash_ad.xml
- <Package Folder>/shared_prefs/update_info.xml
- <SD-Card>/Android/####/02759cd8b8af34f7e75a633b285d57c6.dat
- <SD-Card>/Android/####/02f898baacbecb8954350e0b49eb7703.dat
- <SD-Card>/Android/####/08a2cab6fdbbc39dfe44db8bfbb40c9a.dat
- <SD-Card>/Android/####/151791ddcf309a0646608fc85ee5aeb5.dat
- <SD-Card>/Android/####/1a6cd3edbb2609ba08d092c4f4b18ed0.dat
- <SD-Card>/Android/####/223488fd43f0e04c452b3173816b8684.dat
- <SD-Card>/Android/####/2d082b9498025df4c49863ec31b1b3c5.dat
- <SD-Card>/Android/####/2d84051c16fa6213d4b7702fb02c8abc.dat
- <SD-Card>/Android/####/3de20fbd44cf5302a9d8b39bb8c20d0f.dat
- <SD-Card>/Android/####/4ca2c3d392fa66445d39182a7f886f4a.dat
- <SD-Card>/Android/####/52edb111531e1992d094bb50ca851ca2.dat
- <SD-Card>/Android/####/5cb4f0c9f2304b0ef0a6365aa3a0c12d.dat
- <SD-Card>/Android/####/67eae49d43ee810adfa5fa514c6347e0.dat
- <SD-Card>/Android/####/6834123d6c053b6d6c0f2422815c49e4.dat
- <SD-Card>/Android/####/6c6eae73cbdc5ed7d3bbc358c6d548c6.dat
- <SD-Card>/Android/####/7f3911c18f7f6e0235d64fa02c548bc0.dat
- <SD-Card>/Android/####/8036d30c3121a26bac8a65ad8a4558da.dat
- <SD-Card>/Android/####/84c1a7a3c9d9525e63d2608f7f83ef3c.dat
- <SD-Card>/Android/####/85d3010563b86acaa7fb5999f5fb8a68.dat
- <SD-Card>/Android/####/88307f8219ec3ee5f7b766a61d13ff2d.dat
- <SD-Card>/Android/####/92e33b3c8acda2df1dbce3667ab91218.dat
- <SD-Card>/Android/####/942e57c70bd4407a83a80ea757224975.dat
- <SD-Card>/Android/####/9530522f527b07b8f2cf8744aef9d6b9.dat
- <SD-Card>/Android/####/95d65a0ca1d4f8eb0fe4b98d30d4166e.dat
- <SD-Card>/Android/####/9a8ff160a9429a4fec40d778a984101b.dat
- <SD-Card>/Android/####/9f000ac2a13dc5efa85afce664012393.dat
- <SD-Card>/Android/####/a32260da4378a234e001b44e9e4bc560.dat
- <SD-Card>/Android/####/aaf604bb737fab742cee82e4c431f6d0.dat
- <SD-Card>/Android/####/af9898b64e2019696e68363210967d4b.dat
- <SD-Card>/Android/####/bf11f83314a91a99e2a9dd9470559e2f.dat
- <SD-Card>/Android/####/bf19c8f68f015728bbb41c3b43f3f6f4.dat
- <SD-Card>/Android/####/c10ab645e9addb125c5fd7a220cbc816.dat
- <SD-Card>/Android/####/c577023bf61d843261be3989451f6d1e.dat
- <SD-Card>/Android/####/cc5b327960e74943c0304645dfdc2dda.dat
- <SD-Card>/Android/####/clientudid.dat
- <SD-Card>/Android/####/d0bd3e8b32205fd67263aebcf4714fd1.dat
- <SD-Card>/Android/####/d612b4f6ef06914e4a2d9924d201e27b.dat
- <SD-Card>/Android/####/e49911a15c45e3212b4cf7e8da86a33a.dat
- <SD-Card>/Android/####/e57ef040cc9a677c8c043fc6cde9592a.dat
- <SD-Card>/Android/####/e716a1cebc4ad5041cb3636a3a43c67d.dat
- <SD-Card>/Android/####/f87895dad0ebcee0d28fc84b8c338a2b.dat
- <SD-Card>/Android/####/ff19d7e260eafc856f29704ae72269e8.dat
- <SD-Card>/Android/####/tempimage-103801852.tmp
- <SD-Card>/Android/####/tempimage-1089607218.tmp
- <SD-Card>/Android/####/tempimage-1404568213.tmp
- <SD-Card>/Android/####/tempimage-1578757202.tmp
- <SD-Card>/Android/####/tempimage-1658187941.tmp
- <SD-Card>/Android/####/tempimage-1686883662.tmp
- <SD-Card>/Android/####/tempimage-1807640640.tmp
- <SD-Card>/Android/####/tempimage-1926403275.tmp
- <SD-Card>/Android/####/tempimage-314891694.tmp
- <SD-Card>/Android/####/tempimage-335254891.tmp
- <SD-Card>/Android/####/tempimage-527012962.tmp
- <SD-Card>/Android/####/tempimage-577034500.tmp
- <SD-Card>/Android/####/tempimage-996225589.tmp
- <SD-Card>/Android/####/tempimage1044916391.tmp
- <SD-Card>/Android/####/tempimage1286432990.tmp
- <SD-Card>/Android/####/tempimage1820747664.tmp
- <SD-Card>/Android/####/tempimage187438296.tmp
- <SD-Card>/Android/####/tempimage1934656608.tmp
- <SD-Card>/Android/####/tempimage2033743319.tmp
- <SD-Card>/Android/####/tempimage296093866.tmp
- <SD-Card>/Android/####/tempimage496493595.tmp
- <SD-Card>/Android/####/tempimage909926452.tmp
- <SD-Card>/Android/####/tempimage950839588.tmp
- <SD-Card>/baidu/.cuid
- <SD-Card>/tieba/fatal_error_debug_sdk.log
Другие:
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- DES
Использует следующие алгоритмы для расшифровки данных:
- DES
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о настроках APN.
Осуществляет доступ к информации об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
