Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c####.im.qq.com:80
- TCP(HTTP/1.1) t.si####.net:80
- TCP(HTTP/1.1) i####.b####.3g.cn:80
- TCP(HTTP/1.1) www.book####.com:80
- TCP(HTTP/1.1) f.xingch####.com.####.com:80
- TCP(HTTP/1.1) 2####.243.193.47:80
Запросы DNS:
- b####.3g.cn
- c####.im.qq.com
- f.xingch####.com
- i####.b####.3g.cn
- t.si####.net
- www.book####.com
Запросы HTTP GET:
- c####.im.qq.com/cgi-bin/cgi_svrtime
- f.xingch####.com.####.com/201801/wet.jar
- i####.b####.3g.cn/bookimage/bookpic/02/319302/319302_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/02/473602/473602_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/02/487202/487202_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/20/480620/480620_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/24/323724/323724_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/36/478236/478236_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/46/471746/471746_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/52/491552/491552_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/54/480954/480954_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/57/161157/161157_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/58/479458/479458_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/71/270571/270571_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/86/460286/460286_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/88/480388/480388_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/90/441790/441790_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/94/470494/470494_210_280.jpg
- i####.b####.3g.cn/bookimage/bookpic/96/408796/408796_210_280.jpg
- i####.b####.3g.cn/bookimage/hadpic/201608/1470724938.jpg
- i####.b####.3g.cn/bookimage/hadpic/201801/1515984183.jpg
- i####.b####.3g.cn/bookimage/hadpic/201801/1516779224.jpg
- www.book####.com/apkinfo/About/detailBytid?versionname=####&s_ver=####&i...
- www.book####.com/apkinfo/BookCollect/collectList3_2?ggid=####&delcache=#...
- www.book####.com/apkinfo/BookInf/ImgSizeWifi?versionname=####&s_ver=####...
- www.book####.com/apkinfo/BookInf/bookDetail?versioncode=####&pid=####&bo...
- www.book####.com/apkinfo/BookInf/getRewardInfo?bookid=####&ggid=####&ver...
- www.book####.com/apkinfo/BookRecommend/boyRecommendNew3_2?versioncode=##...
- www.book####.com/apkinfo/BookRecommend/discountRecomNew3_2?versioncode=#...
- www.book####.com/apkinfo/BookRecommend/girlRecommendNew3_2?versioncode=#...
- www.book####.com/apkinfo/BookRecommend/guessYouLikeNew?bookid=####&ggid=...
- www.book####.com/apkinfo/BookRecommend/sellRecommendNew3_2?versioncode=#...
- www.book####.com/apkinfo/BookRecommend/topPictureRecomNew?versioncode=##...
- www.book####.com/apkinfo/BookStype/BookStyleListNew?stype_id=####&pn=###...
- www.book####.com/apkinfo/MenuInf/newMenuList?bookid=####&ggid=####&versi...
- www.book####.com/apkinfo/RankInf/getBookStore?sort=####&s_ver=####&imei=...
- www.book####.com/apkinfo/RankInf/getRelatedBook?bookid=####&versionname=...
- www.book####.com/apkinfo/inf/UpdateVersion.ashx?versioncode=####&pid=###...
- www.book####.com/xuan/index.php?m=####&a=####&versionname=####&s_ver=###...
Запросы HTTP POST:
- t.si####.net/t1?requestId=####&g=####
- t.si####.net/t2
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/shared_prefs/<Package>.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/bigPicSize.xml
- <Package Folder>/shared_prefs/bookrack.xml
- <Package Folder>/shared_prefs/first.xml
- <Package Folder>/shared_prefs/jg_so_upgrade_setting.xml
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/xx.xml
- <SD-Card>/3GBOOK/####/01c5520e5a81d61d7cadf5599990639d.0
- <SD-Card>/3GBOOK/####/01c5520e5a81d61d7cadf5599990639d.0.tmp
- <SD-Card>/3GBOOK/####/0d457bd38585eeefb72664955fb5861a.0
- <SD-Card>/3GBOOK/####/0d457bd38585eeefb72664955fb5861a.0.tmp
- <SD-Card>/3GBOOK/####/178cb1ee37caae08e45304aaf47d37f9.0
- <SD-Card>/3GBOOK/####/178cb1ee37caae08e45304aaf47d37f9.0.tmp
- <SD-Card>/3GBOOK/####/25b442bd418e0e412aab2ed5fed48b3f.0
- <SD-Card>/3GBOOK/####/25b442bd418e0e412aab2ed5fed48b3f.0.tmp
- <SD-Card>/3GBOOK/####/28ebf7602091c3295c4d91d723b65baf.0.tmp (deleted)
- <SD-Card>/3GBOOK/####/2fcbda6813e5b9ea9b36c9a66eb2913e.0
- <SD-Card>/3GBOOK/####/2fcbda6813e5b9ea9b36c9a66eb2913e.0.tmp
- <SD-Card>/3GBOOK/####/31de555379538a866766381d6eebe53e.0
- <SD-Card>/3GBOOK/####/31de555379538a866766381d6eebe53e.0.tmp
- <SD-Card>/3GBOOK/####/322283446d08250453dd433baa51def4.0
- <SD-Card>/3GBOOK/####/322283446d08250453dd433baa51def4.0.tmp
- <SD-Card>/3GBOOK/####/349398ce9801f4c2bbbfff6e75c9cb62.0
- <SD-Card>/3GBOOK/####/349398ce9801f4c2bbbfff6e75c9cb62.0.tmp
- <SD-Card>/3GBOOK/####/3e20a027c7574594971da4e1c050ea79.0
- <SD-Card>/3GBOOK/####/3e20a027c7574594971da4e1c050ea79.0.tmp
- <SD-Card>/3GBOOK/####/488e7907e80c3e287ee203e1de295aee.0
- <SD-Card>/3GBOOK/####/488e7907e80c3e287ee203e1de295aee.0.tmp
- <SD-Card>/3GBOOK/####/584b735228da6dd8bf75eb20599d7ea4.0
- <SD-Card>/3GBOOK/####/584b735228da6dd8bf75eb20599d7ea4.0.tmp
- <SD-Card>/3GBOOK/####/840aed62ddbc9bc11eb539bc79a2b311.0
- <SD-Card>/3GBOOK/####/840aed62ddbc9bc11eb539bc79a2b311.0.tmp
- <SD-Card>/3GBOOK/####/885d6f92927aa02cc614cf768432eb3a.0
- <SD-Card>/3GBOOK/####/885d6f92927aa02cc614cf768432eb3a.0.tmp
- <SD-Card>/3GBOOK/####/9484bf9da6417a820113d006ff99a80a.0
- <SD-Card>/3GBOOK/####/9484bf9da6417a820113d006ff99a80a.0.tmp
- <SD-Card>/3GBOOK/####/99ac799cac9081ec87fdabc1a73ba9dd.0
- <SD-Card>/3GBOOK/####/99ac799cac9081ec87fdabc1a73ba9dd.0.tmp
- <SD-Card>/3GBOOK/####/a6e12444efba78198706fc28281cce31.0
- <SD-Card>/3GBOOK/####/a6e12444efba78198706fc28281cce31.0.tmp
- <SD-Card>/3GBOOK/####/b856438da0fb34fbb520f6cc760805b9.0
- <SD-Card>/3GBOOK/####/b856438da0fb34fbb520f6cc760805b9.0.tmp
- <SD-Card>/3GBOOK/####/cache_BookInfo_487202.data
- <SD-Card>/3GBOOK/####/cache_book_related_list_487202.data
- <SD-Card>/3GBOOK/####/cache_bookmenu_487202.data
- <SD-Card>/3GBOOK/####/cache_boutique_female_3.2.data
- <SD-Card>/3GBOOK/####/cache_boutique_guess_like_3_2_tourist.data
- <SD-Card>/3GBOOK/####/cache_boutique_head_3.2.data
- <SD-Card>/3GBOOK/####/cache_boutique_label_like_3.2.data
- <SD-Card>/3GBOOK/####/cache_boutique_limited_3.2.data
- <SD-Card>/3GBOOK/####/cache_boutique_male_3.2.data
- <SD-Card>/3GBOOK/####/cache_boutique_new_rank.data
- <SD-Card>/3GBOOK/####/cache_boutique_sellwell_3.2.data
- <SD-Card>/3GBOOK/####/cache_intro_reward_info_487202.data
- <SD-Card>/3GBOOK/####/e8876174555c1cfde37fe9b0cfeb4af6.0
- <SD-Card>/3GBOOK/####/e8876174555c1cfde37fe9b0cfeb4af6.0.tmp
- <SD-Card>/3GBOOK/####/fbc0b909c09c34ccbf5fc3eba7e0bf5b.0
- <SD-Card>/3GBOOK/####/fbc0b909c09c34ccbf5fc3eba7e0bf5b.0.tmp
- <SD-Card>/3GBOOK/####/journal.tmp
- <SD-Card>/3GBOOK/####/tourist_book_collect_3_2.dat
- <SD-Card>/Download/####/5.0wet.jar.t
- <SD-Card>/dt/restime.dat
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- libjiagu
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
