Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.MobiDash.2.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) cdn.adsafep####.com:80
- TCP(HTTP/1.1) p####.adsafep####.com:80
- TCP(HTTP/1.1) im####.google####.com:80
- TCP(HTTP/1.1) b.scoreca####.com.####.net:80
- TCP(HTTP/1.1) plat####.twi####.com:80
- TCP(HTTP/1.1) r####.quantc####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) www.funnyo####.com:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) www.googlet####.com:80
- TCP(TLS/1.0) mobilep####.pass####.ya####.net:443
- TCP(TLS/1.0) wild####.outb####.com.####.net:443
- TCP(TLS/1.0) s0.2####.net:443
- TCP(TLS/1.0) a####.t####.com:443
- TCP(TLS/1.0) syndica####.twi####.com:443
- TCP(TLS/1.0) www.flipa####.com:443
- TCP(TLS/1.0) con####.face####.net:443
- TCP(TLS/1.0) sta####.mo####.ya####.net:443
- TCP(TLS/1.0) c####.cloudf####.com:443
- TCP(TLS/1.0) a####.t####.pk:443
- TCP(TLS/1.0) ma.t####.com:443
- TCP(TLS/1.0) scon####.cdninst####.com:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) re####.appmet####.ya####.net:443
- TCP(TLS/1.0) js-a####.newr####.com:443
- TCP(TLS/1.0) t####.pk:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) plat####.twi####.com:443
- TCP(TLS/1.0) adser####.go####.nl:443
- TCP(TLS/1.0) r####.quantc####.com:443
- TCP(TLS/1.0) tu####.di####.com:443
- TCP(TLS/1.0) akamai-####.quants####.com.####.net:443
- TCP(TLS/1.0) vhost####.t####.com:443
- TCP(TLS/1.0) pl####.t####.pk:443
- TCP(TLS/1.0) img.l####.io:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) h####.twi####.com:443
- TCP(TLS/1.0) sup####.twi####.com:443
- TCP(TLS/1.0) wild####.moa####.com.####.net:443
- TCP(TLS/1.0) 1####.217.17.110:443
- TCP(TLS/1.0) cdn.tab####.com:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) api.twi####.com:443
- TCP(TLS/1.0) 2-01-2c####.cdx.ced####.net:443
- TCP(TLS/1.0) thu####.tunef####.com:443
- TCP(TLS/1.0) mo####.twi####.com:443
- TCP(TLS/1.0) adser####.go####.com:443
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) im####.google####.com:443
Запросы DNS:
- a####.go####.com
- a####.t####.com
- a####.t####.pk
- adser####.go####.com
- adser####.go####.nl
- api.twi####.com
- b.scoreca####.com
- c####.cloudf####.com
- cdn.adsafep####.com
- cdn.jsde####.net
- cdn.tab####.com
- certifi####.mo####.ya####.net
- con####.face####.net
- cse.go####.com
- h####.twi####.com
- hls.f####.com
- im####.google####.com
- img.l####.io
- js-a####.newr####.com
- ma.t####.com
- mo####.twi####.com
- odb.outb####.com
- p####.adsafep####.com
- p####.quants####.com
- pag####.googles####.com
- pl####.t####.pk
- plat####.twi####.com
- pu####.g.doublec####.net
- r####.quantc####.com
- r.f####.com
- re####.appmet####.ya####.net
- s####.g.doublec####.net
- s0.2####.net
- scon####.cdninst####.com
- se####.quants####.com
- securep####.g.doublec####.net
- src.l####.io
- sta####.mo####.ya####.net
- sta####.t####.pk
- sup####.twi####.com
- syndica####.twi####.com
- t####.pk
- t.f####.com
- tape####.t####.com
- thu####.tunef####.com
- tu####.di####.com
- w.f####.com
- wid####.outb####.com
- www.flipa####.com
- www.funnyo####.com
- www.google-####.com
- www.googlet####.com
- z.moa####.com
Запросы HTTP GET:
- b.scoreca####.com.####.net/b2?c1=####&c2=####&c4=####&ns__t=####&ns_c=##...
- b.scoreca####.com.####.net/b?c1=####&c2=####&c4=####&ns__t=####&ns_c=###...
- b.scoreca####.com.####.net/beacon.js?_=####
- b.scoreca####.com.####.net/p?c1=####&c2=####&ns_type=####&ns_st_sv=####&...
- cdn.adsafep####.com/iasPET.1.js
- im####.google####.com/js/core/bridge3.189.0_en.html
- im####.google####.com/js/sdkloader/ima3.js
- p####.adsafep####.com/services/pub?anId=####&slot=####&slot=####&wr=####...
- pag####.googles####.com/pagead/gen_204?error=####&vis=####&lid=####&sdkv...
- pag####.googles####.com/pagead/gen_204?request_type=####&lid=####&sdkv=#...
- pag####.googles####.com/pagead/gen_204?rt=####&ec=####&lid=####&sdkv=###...
- pag####.googles####.com/pagead/gen_204?rt=####&lid=####&sdkv=####&e=####...
- plat####.twi####.com/widgets.js
- r####.quantc####.com/videojs/2/videojs-mux.js
- www.funnyo####.com/
- www.funnyo####.com/assets/application-22b208844f42c4c46efafbfecb17361915...
- www.funnyo####.com/assets/application-9403d2015dff22c48bf8c61fbe1d1e247a...
- www.funnyo####.com/assets/feed/bg_feed_curtains-061479a1fae22231f5a754a1...
- www.funnyo####.com/assets/fod_ad_utils-53432731ec5d6e545b7d310f2c9dd17c0...
- www.funnyo####.com/assets/fodblank-548f2d6f4d0d820c6c5ffbeffcbd7f0e73193...
- www.funnyo####.com/assets/logo_stacked-bb83094848870119373e8c19e6b70f783...
- www.funnyo####.com/assets/moat_header-a4c9c2010398c9b8a45f5358dff04cbfec...
- www.funnyo####.com/assets/sections/best_of_day_background-33a3af06ffaa7f...
- www.funnyo####.com/assets/support/match_media_fixes-9d8e33d48d0535ce73f2...
- www.funnyo####.com/assets/support/modernizr-c37ced6c98e0c9abe9176873fe20...
- www.funnyo####.com/assets/support/opera_mini_fixes-6fff38f86662f98481f6c...
- www.funnyo####.com/c=AR2x3/s=w50p/o=30(80)//p.fod4.com/p/pinboard/NEoaiO...
- www.funnyo####.com/c=AR2x3/s=w50p/o=30(80)//p.fod4.com/p/pinboard/V3b86u...
- www.funnyo####.com/c=AR2x3/s=w50p/o=30(80)//p.fod4.com/p/pinboard/YAURA2...
- www.funnyo####.com/c=AR2x3/s=w50p/o=30(80)//p.fod4.com/p/pinboard/YYRtIe...
- www.funnyo####.com/c=AR2x3/s=w50p/o=30(80)//p.fod4.com/p/pinboard/hGXnIl...
- www.funnyo####.com/c=AR2x3/s=w50p/o=30(80)//p.fod4.com/p/pinboard/uGFgdz...
- www.funnyo####.com/c=ar16x9/s=w100,pd0.8/o=80//p.fod4.com/p/media/c77b75...
- www.funnyo####.com/c=ar16x9/s=w100,pd0.8/o=80//p.fod4.com/p/media/d4c9b0...
- www.funnyo####.com/c=ar16x9/s=w100,pd0.8/o=80//p.fod4.com/p/media/f04d32...
- www.funnyo####.com/c=ar16x9/s=w100,pd0.8/o=80//p.fod4.com/p/media/f529ef...
- www.funnyo####.com/c=ar16x9/s=w100,pd0.8/o=80//p.fod4.com/p/media/fe8d35...
- www.funnyo####.com/c=ar16x9/s=w100,pd0.8/o=80//t.fod4.com/t/a32f518058/c...
- www.funnyo####.com/c=ar16x9/s=w100,pd0.8/o=80//t.fod4.com/t/c4ba78f8c9/c...
- www.funnyo####.com/c=ar16x9/s=w250,pd0.8/o=80//p.fod4.com/p/media/92d83e...
- www.funnyo####.com/c=ar16x9/s=w250,pd0.8/o=80//p.fod4.com/p/media/ab35db...
- www.funnyo####.com/c=ar16x9/s=w250,pd0.8/o=80//p.fod4.com/p/media/e07096...
- www.funnyo####.com/c=ar16x9/s=w250,pd0.8/o=80//t.fod4.com/t/213e38090d/c...
- www.funnyo####.com/c=ar16x9/s=w250,pd0.8/o=80//t.fod4.com/t/3920a81711/c...
- www.funnyo####.com/c=ar16x9/s=w250,pd0.8/o=80//t.fod4.com/t/b945b679fc/c...
- www.funnyo####.com/c=ar16x9/s=w350,pd0.8/o=80//t.fod4.com/t/1d8d73fcca/c...
- www.funnyo####.com/c=ar16x9/s=w350,pd0.8/o=80//t.fod4.com/t/b22030c0d5/c...
- www.funnyo####.com/c=ar16x9/s=w450,pd0.8/o=80//p.fod4.com/p/media/0b3269...
- www.funnyo####.com/c=ar16x9/s=w450,pd0.8/o=80//p.fod4.com/p/media/c77b75...
- www.funnyo####.com/c=ar16x9/s=w450,pd0.8/o=80//p.fod4.com/p/media/d0bdac...
- www.funnyo####.com/c=ar16x9/s=w450,pd0.8/o=80//t.fod4.com/t/a32f518058/c...
- www.funnyo####.com/c=ar16x9/s=w450,pd0.8/o=80//t.fod4.com/t/c4ba78f8c9/c...
- www.funnyo####.com/c=ar16x9/s=w600//p.fod4.com/p/media/9c525467a2/nK60xk...
- www.funnyo####.com/c=ar16x9/s=w600//p.fod4.com/p/media/c77b754740/ZxrKNi...
- www.funnyo####.com/c=ar16x9/s=w650,pd0.8/o=80//p.fod4.com/p/media/174463...
- www.funnyo####.com/c=ar16x9/s=w650,pd0.8/o=80//p.fod4.com/p/media/ed57b9...
- www.funnyo####.com/c=ar16x9/s=w650,pd0.8/o=80//t.fod4.com/t/976a23d525/c...
- www.funnyo####.com/c=ar16x9/s=w650,pd0.8/o=80//t.fod4.com/t/9ab75510dd/c...
- www.funnyo####.com/c=sq/s=h750,pd0.8/o=80//p.fod4.com/p/channels/emcjz/p...
- www.funnyo####.com/c=sq/s=h750,pd0.8/o=80//p.fod4.com/p/channels/gtfdr/p...
- www.funnyo####.com/c=sq/s=h750,pd0.8/o=80//p.fod4.com/p/channels/legacy/...
- www.funnyo####.com/c=sq/s=h750,pd0.8/o=80//p.fod4.com/p/channels/myzxt/p...
- www.funnyo####.com/c=sq/s=h750,pd0.8/o=80//p.fod4.com/p/channels/rbwfq/p...
- www.funnyo####.com/c=sq/s=h750,pd0.8/o=80//p.fod4.com/p/channels/zospb/p...
- www.funnyo####.com/c=sq/s=h800,pd0.8/o=80//p.fod4.com/p/channels/legacy/...
- www.funnyo####.com/c=sq/s=h800,pd0.8/o=80//p.fod4.com/p/channels/myzxt/p...
- www.funnyo####.com/c=sq/s=h800,pd0.8/o=80//p.fod4.com/p/channels/rbwfq/p...
- www.funnyo####.com/c=sq/s=h800,pd0.8/o=80//p.fod4.com/p/channels/zospb/p...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/beost/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/default/...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/dhoyj/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/gtfdr/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/hpmsk/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/legacy/p...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/myzxt/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/mzhvd/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/rdidb/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/tmacm/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/vmetg/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/wlmlr/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/wmfig/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/zospb/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=80//p.fod4.com/p/channels/zvuoj/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=85//p.fod4.com/p/channels/ejueb/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=85//p.fod4.com/p/channels/epqvt/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=85//p.fod4.com/p/channels/kdtnb/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=85//p.fod4.com/p/channels/nkurm/pr...
- www.funnyo####.com/c=sq/s=w50,pd0.8/o=85//p.fod4.com/p/channels/zqfvq/pr...
- www.funnyo####.com/master/v/c77b754740/v110,v200,v400,v600,v1200,v1800,v...
- www.funnyo####.com/player/9c525467a2/webvtt
- www.funnyo####.com/player/c77b754740/webvtt
- www.funnyo####.com/s=w50p/o=30(80)//p.fod4.com/p/jumbotron/CpMnsWwVRXOLa...
- www.funnyo####.com/s=w50p/o=30(80)//p.fod4.com/p/jumbotron/hKdZt6RwRVLaW...
- www.funnyo####.com/s=w50p/o=30(80)//p.fod4.com/p/jumbotron/o6RCRoe7TpOIg...
- www.funnyo####.com/s=w750,pd0.8/o=80//p.fod4.com/p/jumbotron/CpMnsWwVRXO...
- www.funnyo####.com/s=w750,pd0.8/o=80//p.fod4.com/p/jumbotron/hKdZt6RwRVL...
- www.funnyo####.com/s=w750,pd0.8/o=80//p.fod4.com/p/jumbotron/o6RCRoe7TpO...
- www.funnyo####.com/s=w750,pd0.8/o=85//p.fod4.com/p/playlists/28bXyiHSTiC...
- www.funnyo####.com/subscriptions.json
- www.funnyo####.com/t/c77b754740/c80x44_0.jpg
- www.funnyo####.com/v/c77b754740/v2500-2.ts
- www.funnyo####.com/v/c77b754740/v2500.m3u8
- www.funnyo####.com/v/c77b754740/v600-1.ts
- www.funnyo####.com/v/c77b754740/v600.m3u8
- www.funnyo####.com/videos/9c525467a2/long-haired-businessmen-with-j-k-si...
- www.funnyo####.com/videos/c77b754740/long-haired-businessmen-troubleshoo...
- www.google-####.com/analytics.js
- www.google-####.com/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####...
- www.google-####.com/r/collect?v=####&_v=####&a=####&t=####&_s=####&dl=##...
- www.googlet####.com/tag/js/gpt.js
Запросы HTTP POST:
- www.funnyo####.com/player/c77b754740/touch/55141785
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_app_apk/AllVideoDownloader.dat.jar
- <Package Folder>/cache/####/13a77c93775a30793ce744cda857c9b13ea....0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/ee9136821ab05ff9cdc8be271b1d3a28d03....0.tmp
- <Package Folder>/cache/####/f0a3626e39d5a2e9ecae9f6d1c6e4e546cf....0.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/f_000011
- <Package Folder>/cache/####/f_000012
- <Package Folder>/cache/####/f_000013
- <Package Folder>/cache/####/f_000014
- <Package Folder>/cache/####/f_000015
- <Package Folder>/cache/####/f_000016
- <Package Folder>/cache/####/f_000017
- <Package Folder>/cache/####/f_000018
- <Package Folder>/cache/####/f_000019
- <Package Folder>/cache/####/f_00001a
- <Package Folder>/cache/####/f_00001b
- <Package Folder>/cache/####/f_00001c
- <Package Folder>/cache/####/f_00001d
- <Package Folder>/cache/####/f_00001e
- <Package Folder>/cache/####/f_00001f
- <Package Folder>/cache/####/f_000020
- <Package Folder>/cache/####/f_000021
- <Package Folder>/cache/####/f_000022
- <Package Folder>/cache/####/f_000023
- <Package Folder>/cache/####/f_000024
- <Package Folder>/cache/####/f_000025
- <Package Folder>/cache/####/f_000026
- <Package Folder>/cache/####/f_000027
- <Package Folder>/cache/####/f_000028
- <Package Folder>/cache/####/f_000029
- <Package Folder>/cache/####/f_00002a
- <Package Folder>/cache/####/f_00002b
- <Package Folder>/cache/####/f_00002c
- <Package Folder>/cache/####/f_00002d
- <Package Folder>/cache/####/f_00002e
- <Package Folder>/cache/####/f_00002f
- <Package Folder>/cache/####/f_000030
- <Package Folder>/cache/####/f_000031
- <Package Folder>/cache/####/f_000032
- <Package Folder>/cache/####/f_000033
- <Package Folder>/cache/####/f_000034
- <Package Folder>/cache/####/f_000035
- <Package Folder>/cache/####/f_000036
- <Package Folder>/cache/####/f_000037
- <Package Folder>/cache/####/f_000038
- <Package Folder>/cache/####/f_000039
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/DB_NAME-journal
- <Package Folder>/databases/db_metrica_<Package>_13-journal
- <Package Folder>/databases/db_metrica_<Package>_20799a27-fa80-4...ournal
- <Package Folder>/databases/db_metrica_<Package>_9b374a11-96bb-4...ournal
- <Package Folder>/databases/google_app_measurement_local.db
- <Package Folder>/databases/google_app_measurement_local.db-journal
- <Package Folder>/databases/metrica_client_data.db
- <Package Folder>/databases/metrica_client_data.db-journal
- <Package Folder>/databases/metrica_data.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/####/<Package>-1.apk.classes-314891694.zip
- <Package Folder>/files/####/<Package>-1.apk.classes-527012962.zip
- <Package Folder>/files/WDEqsfuHA
- <Package Folder>/files/credentials.dat
- <Package Folder>/files/metrica_client_data.db.lock
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/<Package>_boundentrypreferences.xml
- <Package Folder>/shared_prefs/<Package>_migrationpreferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_servertimeoffset.xml
- <Package Folder>/shared_prefs/<Package>_startupserviceinfopreferences.xml
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
- <Package Folder>/shared_prefs/com.yandex.metrica.configuration.xml
- <Package Folder>/shared_prefs/multidex.version.xml
Другие:
Загружает динамические библиотеки:
- WDEqsfuHA
Использует права администратора.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
