Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) manhua1####.cd####.com:80
- TCP(HTTP/1.1) mang####.manhu####.com:80
- TCP(HTTP/1.1) mhfm12####.cd####.com:80
- TCP(TLS/1.0) w####.ni####.top:443
Запросы DNS:
- clu####.manhu####.com
- mang####.manhu####.com
- manhua1####.cd####.com
- manhua1####.cd####.com
- mhfm12####.cd####.com
- mhfm22####.cd####.com
- mhfm32####.cd####.com
- mhfm42####.cd####.com
- mhfm62####.cd####.com
- mhfm72####.cd####.com
- mhfm82####.cd####.com
- mhfm92####.cd####.com
- mt####.go####.com
- usreso####.cd####.com
- w####.ni####.top
Запросы HTTP GET:
- mang####.manhu####.com/notification/getMessagesTotal?gat=####&gak=####&g...
- mang####.manhu####.com/v1/manga/getDetail?mangaDetailVersion=####&mangaI...
- mang####.manhu####.com/v1/manga/getHotComment?userId=####&mangaId=####&g...
- mang####.manhu####.com/v1/manga/getOriginal?start=####&limit=####&gat=##...
- mang####.manhu####.com/v1/manga/getRead?imageQuality=####&loadreal=####&...
- mang####.manhu####.com/v1/manga/getWatcher?mangaId=####&gat=####&gak=###...
- mang####.manhu####.com/v1/manga/recommend?version=####&mangaId=####&type...
- mang####.manhu####.com/v1/public/getAds?version=####&mangaId=####&type=#...
- mang####.manhu####.com/v1/public/getAdstrategy?mangaId=####&viewName=###...
- mang####.manhu####.com/v1/public/getBaseurl?gat=####&gak=####&gsm=####&g...
- mang####.manhu####.com/v1/public/getGlobalConfig?gat=####&gak=####&gsm=#...
- mang####.manhu####.com/v1/public/getHome?version=####&isPromote=####&gat...
- mang####.manhu####.com/v1/public/getPublishConfig?gat=####&gak=####&gsm=...
- mang####.manhu####.com/v1/public/getUpgradeInfo?version=####&type=####&s...
- mang####.manhu####.com/v1/user/getMessage?version=####&gat=####&gak=####...
- manhua1####.cd####.com/40/39883/564485/10_7087.jpg?cid=####&key=####&typ...
- manhua1####.cd####.com/40/39883/564485/11_2490.jpg?cid=####&key=####&typ...
- manhua1####.cd####.com/40/39883/564485/12_1536.jpg?cid=####&key=####&typ...
- manhua1####.cd####.com/40/39883/564485/13_5763.jpg?cid=####&key=####&typ...
- manhua1####.cd####.com/40/39883/564485/9_2631.jpg?cid=####&key=####&type...
- manhua1####.cd####.com/userfile/3/avatars/2017/7/18/116869851/1/155119b7...
- manhua1####.cd####.com/userfile/6/avatars/old//69039/69038671/2016041803...
- mhfm12####.cd####.com/22/21077/20171226133810_180x240_18.jpg
- mhfm12####.cd####.com/22/21077/20171226133810_480x210_32.jpg
- mhfm12####.cd####.com/22/21761/20170810132801_180x240_20.jpg
- mhfm12####.cd####.com/34/33991/20171019173846_480x210_59.jpg
- mhfm12####.cd####.com/34/33991/20171215092202_180x240_24.jpg
- mhfm12####.cd####.com/36/35569/20170925133136_180x240_28.jpg
- mhfm12####.cd####.com/36/35570/20170719161907_180x240_27.jpg
- mhfm12####.cd####.com/36/35570/20170719163511_480x369_376.png
- mhfm12####.cd####.com/37/36385/20171117171707_180x240_25.jpg
- mhfm12####.cd####.com/37/36746/20170818151341_180x240_24.jpg
- mhfm12####.cd####.com/38/37679/20171107162524_180x240_20.jpg
- mhfm12####.cd####.com/38/37702/20170818151750_180x240_28.jpg
- mhfm12####.cd####.com/39/38042/20170817224220_180x240.jpg
- mhfm12####.cd####.com/39/38824/20171013154405_180x240_22.jpg
- mhfm12####.cd####.com/39/38940/20171019140716_180x240_22.jpg
- mhfm12####.cd####.com/40/39139/20171103083945_180x240_22.jpg
- mhfm12####.cd####.com/40/39883/20171220133416_180x240_24.jpg
- mhfm12####.cd####.com/40/39883/20171220133453_480x369_101.jpg
- mhfm12####.cd####.com/tag/manhuaren2/djsf_icon.png
- mhfm12####.cd####.com/tag/manhuaren2/djsf_more_icon1.png
Запросы HTTP POST:
- mang####.manhu####.com/v1/manga/readRecommend?gat=####&gak=####&gsm=####...
- mang####.manhu####.com/v1/public/getStartPageAds3?gat=####&gak=####&gsm=...
- mang####.manhu####.com/v1/user/createAnonyUser2?gat=####&gak=####&gsm=##...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_config/config
- <Package Folder>/cache/####/-fGecIfrOKQ2_rvTYZZL8onY-eE.615675473.tmp
- <Package Folder>/cache/####/-p2oJCqlz5wkHH1XL-nBTOrIjTY.570555564.tmp
- <Package Folder>/cache/####/39883-564485.down_xe_config
- <Package Folder>/cache/####/564485-10_7087.jpg.xe
- <Package Folder>/cache/####/564485-10_7087.jpg.xe.downloading
- <Package Folder>/cache/####/564485-11_2490.jpg.xe
- <Package Folder>/cache/####/564485-11_2490.jpg.xe.downloading
- <Package Folder>/cache/####/564485-12_1536.jpg.xe
- <Package Folder>/cache/####/564485-12_1536.jpg.xe.downloading
- <Package Folder>/cache/####/564485-9_2631.jpg.xe
- <Package Folder>/cache/####/564485-9_2631.jpg.xe.downloading
- <Package Folder>/cache/####/DvSLTeFVTQNdpZh-EajTRcgGKNc.1201894567.tmp
- <Package Folder>/cache/####/F1p6yKjx5F_RIJ0OtYsoj7BFi4c.1496879650.tmp
- <Package Folder>/cache/####/ImWQDHOTW98lsK9uL3qEni25x1g.1487290972.tmp
- <Package Folder>/cache/####/PZEHpg9Q7r6KJbmw5Ko4Bd9JUbY.-1488246452.tmp
- <Package Folder>/cache/####/Px8SClddHD-M5DnE2arKhoAqSYY.47557746.tmp
- <Package Folder>/cache/####/VeoSBG8YAS0yElVtmMGrvpAUSe4.1430151527.tmp
- <Package Folder>/cache/####/WBsncOODem2FX13sIbTWy_rKNu0.-1188666881.tmp
- <Package Folder>/cache/####/XWTtuXyVABTqbRRNGvl59RorATw.881057963.tmp
- <Package Folder>/cache/####/ZykfQy-j1h93RZpXGvnY5HkKUDk.-1028337886.tmp
- <Package Folder>/cache/####/ciSZ93n9MfQLXTivsEN64wXHq9c.2140387827.tmp
- <Package Folder>/cache/####/d3XQ8PvZYvE2_kcWgidmrg8sZtI.1826769352.tmp
- <Package Folder>/cache/####/e9nUE04shLudQYEJUEqoJPBWclk.1722174217.tmp
- <Package Folder>/cache/####/h1P-0_7nmMwMsYnV76awHsk_F8w.-1649541301.tmp
- <Package Folder>/cache/####/melYXPAbnWE7P4jkYCgP8GZ2psM.-2146852485.tmp
- <Package Folder>/cache/####/o1Fca0tTl8I-uDlO3ZiqiM3t3YI.-1045670246.tmp
- <Package Folder>/cache/####/vdKfTWOS5tugHmRZ-K4hN5wA8pA.-769623733.tmp
- <Package Folder>/cache/####/wBDKavwbc2lb87lcvWMcdumCdJU.-1087670051.tmp
- <Package Folder>/cache/####/yOK5Ex6VfgLZgXA-jE5mySNUslE.950174076.tmp
- <Package Folder>/cache/GlobalConfigBean
- <Package Folder>/cache/detailactivity_looking35570
- <Package Folder>/cache/detailactivity_looking39883
- <Package Folder>/cache/detailactivity_mangadetail35570
- <Package Folder>/cache/detailactivity_mangadetail39883
- <Package Folder>/cache/detailactivity_recommend35570
- <Package Folder>/cache/detailactivity_recommend39883
- <Package Folder>/cache/homefragment_getHome
- <Package Folder>/cache/readactivity_recommend39883
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/databases/cartoon.db
- <Package Folder>/databases/cartoon.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/x_h.db-journal
- <Package Folder>/files/109120.jar
- <Package Folder>/files/68164081
- <Package Folder>/files/GlobalConfigBean
- <Package Folder>/files/key_get_start_page_ads
- <Package Folder>/files/mhr_anony_user
- <Package Folder>/files/mobclick_agent_cached_<Package>3
- <Package Folder>/files/sync_time
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ar.xml
- <Package Folder>/shared_prefs/dsi.xml
- <Package Folder>/shared_prefs/isfirst.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/1b966gkuum0lzzmkqlh00qudt
- <SD-Card>/Android/####/1hhegawl3u39ptnm2z5r72jbz
- <SD-Card>/Android/####/205emp2our893tym6sigbupmw
- <SD-Card>/Android/####/2255t7xwmsdx7fkihpy0bb0f7
- <SD-Card>/Android/####/2vul9xqy4ncvtcmtjmglisitz
- <SD-Card>/Android/####/34viiy69wgmhyp78ctn2oyfia
- <SD-Card>/Android/####/35jfr8wso622opicczy076i1e
- <SD-Card>/Android/####/616cfhqflcol6cho96o6qklrq
- <SD-Card>/Android/####/jawxvswnh8dw3a0rjbw5hlyv
Другие:
Запускает следующие shell-скрипты:
- cat /sys/class/net/wlan0/address
Загружает динамические библиотеки:
- bitmaps
- memchunk
- static-webp
- webp
Использует следующие алгоритмы для шифрования данных:
- DES-CBC-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- DES
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
