Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.570.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) 2####.151.212.88:80
- TCP(HTTP/1.1) zhg.ali####.com:80
- TCP(HTTP/1.1) 2####.151.212.169:80
- TCP(HTTP/1.1) 1####.205.160.63:80
- TCP(HTTP/1.1) a.appj####.com:80
- TCP(HTTP/1.1) 2####.107.1.1:80
- TCP(HTTP/1.1) ad####.m.ta####.com:80
- TCP(HTTP/1.1) ada####.m.ta####.com:80
- TCP(TLS/1.0) msg.umengc####.com:443
- TCP umengj####.m.ta####.com:80
- TCP y1.ey####.com:7072
- TCP y1.ey####.com:7073
- TCP y1.ey####.com:7071
- TCP 1####.205.160.76:443
Запросы DNS:
- a####.u####.com
- a.appj####.com
- ad####.m.ta####.com
- ada####.m.ta####.com
- ag####.m.ta####.com
- msg.umengc####.com
- mt####.go####.com
- umengj####.m.ta####.com
- y####.al####.com
- y1.ey####.com
- y2.ey####.com
- y3.ey####.com
Запросы HTTP GET:
- ad####.m.ta####.com/rest/gc2?ak=####&av=####&c=####&d=####&sv=####&t=###...
Запросы HTTP POST:
- a####.u####.com/app_logs
- a.appj####.com/ad-service/ad/mark
- ada####.m.ta####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=###...
- zhg.ali####.com/saveWb.json
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_SGLib/libsgmainso-5.1.81.so.tmp
- <Package Folder>/app_SGLib/lock.lock
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/databases/<IMEI>yd.db-journal
- <Package Folder>/databases/MessageStore.db-journal
- <Package Folder>/databases/MsgLogStore.db-journal
- <Package Folder>/databases/accs.db-journal
- <Package Folder>/databases/message_accs_db
- <Package Folder>/databases/message_accs_db-journal
- <Package Folder>/databases/tadu
- <Package Folder>/databases/tadu-journal
- <Package Folder>/databases/tadu-shm (deleted)
- <Package Folder>/databases/tadu-wal
- <Package Folder>/databases/tadu-wal (deleted)
- <Package Folder>/databases/ut.db
- <Package Folder>/databases/ut.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/.imprint
- <Package Folder>/files/0.jar
- <Package Folder>/files/0a231bd8575dcf72.txt
- <Package Folder>/files/1d77ea041509fe06.lock
- <Package Folder>/files/21c22f492aba3de8.lock
- <Package Folder>/files/930a31b34bd52c08.lock
- <Package Folder>/files/DaemonServer
- <Package Folder>/files/SGMANAGER_DATA2.tmp
- <Package Folder>/files/agoo.pid
- <Package Folder>/files/ap.Lock
- <Package Folder>/files/sp.lock
- <Package Folder>/files/tk
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ACCS_BIND.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml
- <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
- <Package Folder>/shared_prefs/APP_FLAG.xml
- <Package Folder>/shared_prefs/Agoo_AppStore.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/SETTING.xml
- <Package Folder>/shared_prefs/UTCommon.xml
- <Package Folder>/shared_prefs/aypa0000.xml
- <Package Folder>/shared_prefs/ayqa0000.xml
- <Package Folder>/shared_prefs/ayqb0000.xml
- <Package Folder>/shared_prefs/jg_app_update_settings_random.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/yysa.xml
- <Package Folder>/shared_prefs/yysa<IMEI>.xml
- <Package Folder>/shared_prefs/yysb<IMEI>.xml
- <Package Folder>/shared_prefs/yysc<IMEI>.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.com.taobao.dp/6c709c11d2d46a7b
- <SD-Card>/.com.taobao.dp/dd7893586a493dc3
- <SD-Card>/.com.taobao.dp/hid.dat
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/00b396ef29a44bed938bb1db39037604
- <SD-Card>/Android/####/2048339b89ab49cf9c0c55951ac4aa9f
- <SD-Card>/Android/####/f83587aae81b4308bf14b8fac9b0dbe0
- <SD-Card>/Download/####/accs_election
- <SD-Card>/tadu/####/00fb822cbe05f3c9daaa9d52229e671c
- <SD-Card>/tadu/####/043e3783cf9e21e69dfe487680d6b86b
- <SD-Card>/tadu/####/05eb5b085f642ecdd91f0937c9d4cf01
- <SD-Card>/tadu/####/0797eed672c26dce1c75afacb19a29b8
- <SD-Card>/tadu/####/088763005fb9bcdf9743fa4686620695
- <SD-Card>/tadu/####/08c6bcccfb68ea3ffd7df1c3d9bca25b
- <SD-Card>/tadu/####/09ab1298b9b510806208807ba1f506ba
- <SD-Card>/tadu/####/0a2b0a5e404ec0efe82d89b5eeca62e5
- <SD-Card>/tadu/####/10deabcff38870f0f9549a95cbe51a13
- <SD-Card>/tadu/####/1508c352f41307a0cdf0147350f2b5fb
- <SD-Card>/tadu/####/16e1bf0c9102c2df0192be3e73dde32d
- <SD-Card>/tadu/####/1daaedd2de8f23f1ca830fcdd1f8e4b0
- <SD-Card>/tadu/####/1dd848bb317e694dd3175dd3277629f7
- <SD-Card>/tadu/####/2
- <SD-Card>/tadu/####/2487fa3d0d8f5861b36957095660f47e
- <SD-Card>/tadu/####/254f40a42461f91e451001fb055f60df
- <SD-Card>/tadu/####/2569363530818ae52603a006ef8b6154
- <SD-Card>/tadu/####/2a17e792fa194318d5eb55edb7eb6981
- <SD-Card>/tadu/####/2a9ae100339d2cc0a29b73da11881d14
- <SD-Card>/tadu/####/2adfc8d996667a974975a068b03d3310
- <SD-Card>/tadu/####/3
- <SD-Card>/tadu/####/3614de514681b74251d0c1a7e8942cd6
- <SD-Card>/tadu/####/38f4e11dee9b8609b92090d7e9431dc0
- <SD-Card>/tadu/####/3aab3fe3679485483be6537bcb3fd853
- <SD-Card>/tadu/####/3adadafa76f9532c6e65cc416c7d10c1
- <SD-Card>/tadu/####/3bfc8d99721587a50b0968de8def21a6
- <SD-Card>/tadu/####/42b23f80ce21452c4a8103c66500789e
- <SD-Card>/tadu/####/46ce611b56631a36cf55d5abf95d5adf
- <SD-Card>/tadu/####/486f26010c932b74fc15bb9727e387e9
- <SD-Card>/tadu/####/54e1081bb6c6fd9afec4cd5b872d092a
- <SD-Card>/tadu/####/57458efddaef6b8645b6c7a2e564f02a
- <SD-Card>/tadu/####/5a99d586635364c4eec6031a865e5774
- <SD-Card>/tadu/####/5e964264f3874a6d1f040cd061a850e6
- <SD-Card>/tadu/####/60396fbaf918a006f282028e9b7d7fdb
- <SD-Card>/tadu/####/6164efbc255aa96a1238e5b2c830f9e0
- <SD-Card>/tadu/####/62cc8e622b2de7c00d7ab53d3028ef78
- <SD-Card>/tadu/####/7005bbe96faf2a75fbbd0c736791fcc0
- <SD-Card>/tadu/####/7484ef76f5323f1a4d3192052ff68643
- <SD-Card>/tadu/####/7a10890c7fce3a6b0729ec119e45cc37
- <SD-Card>/tadu/####/81d1dfd749d7b58a7157a5077c334944
- <SD-Card>/tadu/####/83dd533c85022c65d71cd64aac12ff09
- <SD-Card>/tadu/####/8e26aee70dc98f171a44598982f08df1
- <SD-Card>/tadu/####/8ec0977648991f52b2b1ae2e9ae2f095
- <SD-Card>/tadu/####/8fcb8bd7ff1172004cb60144289d2729
- <SD-Card>/tadu/####/9033ec76573eb87b046779fffe4a717b
- <SD-Card>/tadu/####/9be7d7cabc83cf51a4c162d7db654e7d
- <SD-Card>/tadu/####/9e859dd1ee4f6a9639dd25d90a7cfa94
- <SD-Card>/tadu/####/a2ef79aafb41adcedfb4354894f77362
- <SD-Card>/tadu/####/a98de15ac29925bdf86ac9efd91c1c5c
- <SD-Card>/tadu/####/b22da296f81eb455e6c3a31ca138bda2
- <SD-Card>/tadu/####/bd52486fe5a136841f60b0957ce20079
- <SD-Card>/tadu/####/bd7ef2ea1aa162c4fc3859c1ed1acb49
- <SD-Card>/tadu/####/bdbbf357deb7336d56c44a5dbfa69a5a
- <SD-Card>/tadu/####/be4f5c6347d276bde93b15dff925f470
- <SD-Card>/tadu/####/c1482e8746b172abdcb5206008b09195
- <SD-Card>/tadu/####/c40ac4c05b71ed477c5fe01373b5b7a7
- <SD-Card>/tadu/####/cac11360473fd66d93f93518cb01fa3a
- <SD-Card>/tadu/####/ce6ddde555dc091db609cc135bc0bbe4
- <SD-Card>/tadu/####/d80cf1e8d1a2678d0dda7780c05a37a5
- <SD-Card>/tadu/####/e10e67366bf43f1288626ffcd4df5e92
- <SD-Card>/tadu/####/e1d4e710c59cf90841321115283df3d5
- <SD-Card>/tadu/####/e2ce61d3138f064d1be72f0b4cd4af3d
- <SD-Card>/tadu/####/e321dc8289c8fed6fd343b62f16fafd8
- <SD-Card>/tadu/####/e3beac7eaded76cdf9feb8a068a069de
- <SD-Card>/tadu/####/e6a6d07b96fcef59c8c5bdabe0ac2c8b
- <SD-Card>/tadu/####/e6d994d4772e891841aa425504fe00a3
- <SD-Card>/tadu/####/ee6d653b551e6c53c2fc774b582acb15
- <SD-Card>/tadu/####/tab_0.html
- <SD-Card>/tadu/####/tab_1.html
- <SD-Card>/tadu/####/tab_2.html
- <SD-Card>/tadu/####/tab_3.html
- <SD-Card>/tadu/####/tab_4.html
- <SD-Card>/tadu/build_in_res.zip
- <SD-Card>/tadu/log
- <SD-Card>/tadu/logCache
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:5562ba1d67e58ef18a002673","utdid":"Wg2FcF5w8qkDAGdzx1HGXQd6","sdkVersion":"212"} -I agoodm.m.taobao.com -O 80 -T -Z
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- sh
Загружает динамические библиотеки:
- ag
- libjiagu
- sgmainso-5.1
- tnet-3.1
- ut_c_api
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- DES-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES-ECB-PKCS5Padding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о настроках APN.
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
