Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) a####.you####.com:80
- TCP(HTTP/1.1) w####.q####.dn.####.com:80
- TCP(HTTP/1.1) d2.ireader####.com:80
- TCP(HTTP/1.1) cdn.app.q####.####.com:80
- TCP(HTTP/1.1) d1.ireader####.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) h####.ali####.com:80
- TCP(TLS/1.0) www.ireader####.com:443
- TCP(TLS/1.0) p####.q####.top:443
Запросы DNS:
- a####.u####.com
- a####.you####.com
- cdn.app.q####.top
- d1.ireader####.com
- d2.ireader####.com
- feed####.u####.com
- h####.ali####.com
- oc.u####.com
- p####.q####.top
- t####.qin####.com
- www.ireader####.com
Запросы HTTP GET:
- a####.you####.com/sx/GetConfigInfo.aspx?ver=####&passID=####&ver=####&cl...
- cdn.app.q####.####.com/sfile/b1382
- cdn.app.q####.####.com/sfile/spy138
- d1.ireader####.com/GoodBooks/Books/cover/2014-12-29/54fa2093-5794-4c06-a...
- d1.ireader####.com/GoodBooks/Books/cover/2015-03-10/aa167414-fd3a-41da-9...
- d1.ireader####.com/GoodBooks/Books/cover/2015-03-23/06db3619-40c7-4b15-9...
- d1.ireader####.com/GoodBooks/Books/cover/2015-07-10/a3de01bb-585b-453a-8...
- d1.ireader####.com/GoodBooks/Books/cover/2015-09-16/6e78427a-49df-48cf-8...
- d1.ireader####.com/GoodBooks/Books/cover/2016-07-21/c4332001-1980-4928-b...
- d1.ireader####.com/GoodBooks/Books/cover/2016-12-07/37b0e728-1a37-486b-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-12-07/b3d3c51d-d039-48a7-a...
- d1.ireader####.com/GoodBooks/Books/cover/2018-01-15/5aefad49-52f1-4d19-a...
- d1.ireader####.com/GoodBooks/Books/cover/2018-01-15/72ed5c26-00b7-43ea-8...
- d1.ireader####.com/GoodBooks/Books/cover/2018-01-18/da712176-a320-4a62-9...
- d1.ireader####.com/GoodBooks/images/RankImg/23bd1bc9-0e01-4c92-8a45-628a...
- d1.ireader####.com/GoodBooks/images/RankImg/5dc91728-903c-4ebf-85cd-ee78...
- d1.ireader####.com/GoodBooks/images/RankImg/60328959-bd55-45ae-82a2-3320...
- d1.ireader####.com/GoodBooks/images/c100/f103.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f104.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f105.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f106.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f107.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f110.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f111.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f112.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f113.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f114.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f115.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f117.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f119.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f121.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f124.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f127.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f142.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f143.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f144.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f145.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f147.png?id=####
- d1.ireader####.com/GoodBooks/images/c100/f152.png?id=####
- d2.ireader####.com/GoodBooks/Books/cover/2011-12-06/37e9eb1b-b880-4704-9...
- d2.ireader####.com/GoodBooks/Books/cover/2014-12-29/54fa2093-5794-4c06-a...
- d2.ireader####.com/GoodBooks/Books/cover/2015-03-23/06db3619-40c7-4b15-9...
- d2.ireader####.com/GoodBooks/Books/cover/2015-03-23/a8a086fe-ecba-4e21-8...
- d2.ireader####.com/GoodBooks/Books/cover/2015-03-23/e0033973-7f73-4eab-8...
- d2.ireader####.com/GoodBooks/Books/cover/2015-12-17/abad8d12-9ad3-45ae-a...
- d2.ireader####.com/GoodBooks/Books/cover/2017-04-18/2f752e88-4711-448e-b...
- d2.ireader####.com/GoodBooks/Books/cover/2017-11-28/8af8d9be-1f57-48de-a...
- d2.ireader####.com/GoodBooks/Books/cover/2017-12-05/22843388-74f1-4228-b...
- d2.ireader####.com/GoodBooks/Books/cover/2017-12-18/35aff4f8-bbe1-44d2-b...
- d2.ireader####.com/GoodBooks/Books/cover/2018-01-03/f4484402-64fb-41e8-9...
- d2.ireader####.com/GoodBooks/images/RankImg/2bcb71bc-1763-47a0-a518-4a18...
- d2.ireader####.com/GoodBooks/images/c100/f101.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f108.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f109.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f118.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f120.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f122.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f123.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f125.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f126.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f128.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f129.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f146.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f148.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f149.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f150.png?id=####
- d2.ireader####.com/GoodBooks/images/c100/f151.png?id=####
- w####.q####.dn.####.com/sxsplash20160727_579817d469bca.jpg
- w####.q####.dn.####.com/sxsplash20160727_579817da499fb.jpg
- w####.q####.dn.####.com/sxsplash20160727_579817de0f457.jpg
- w####.q####.dn.####.com/sxsplash20160727_579817e1da72a.jpg
- w####.q####.dn.####.com/sxsplash20160727_57981808344f4.jpg
Запросы HTTP POST:
- a####.u####.com/app_logs
- h####.ali####.com/mobile_wap_adv/get_aid/?auth[token]=####&type=####&id=...
- oc.u####.com/check_config_update
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_sslcache/www.ireadercity.com.443
- <Package Folder>/databases/aireader_v2-journal
- <Package Folder>/databases/ireader.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/x_huo.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/wv_web_info.dat
- <Package Folder>/files/.imprint
- <Package Folder>/files/mobclick_agent_cached_<Package>2018020817
- <Package Folder>/files/spy138.jar
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/AppStore.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/OfJbkLdFbPOMbGyP.xml
- <Package Folder>/shared_prefs/ar.xml
- <Package Folder>/shared_prefs/btvr.xml
- <Package Folder>/shared_prefs/com_ireader_city_you_qi.xml
- <Package Folder>/shared_prefs/d.xml
- <Package Folder>/shared_prefs/isfirst.xml
- <Package Folder>/shared_prefs/jg_so_upgrade_setting.xml
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/spy138.xml
- <Package Folder>/shared_prefs/umeng_feedback_conversations.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_message_state.xml
- <Package Folder>/shared_prefs/umeng_socialize_qq.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/AIReader/####/00ce088c07274a0dbbdcc9371f501e4cjpgx.tmp
- <SD-Card>/AIReader/####/02a335a204e6497f95ba0cd774af5684jpgx_bak
- <SD-Card>/AIReader/####/0646fdcd3bd942bca8e2020dc559ece5jpgx.tmp
- <SD-Card>/AIReader/####/0a1226dd73d54084b6dd36236321ed83jpgx.tmp
- <SD-Card>/AIReader/####/0fa6194342794240a07a7831d8628b88jpgx.tmp
- <SD-Card>/AIReader/####/25d6568ff63d49e38baa703e21d8175djpgx.tmp
- <SD-Card>/AIReader/####/38ce8914cc424dc6a7c010422d5a4ffejpgx.tmp
- <SD-Card>/AIReader/####/3d19bc2b663c4c24a7c7533432f486cbjpgx_bak
- <SD-Card>/AIReader/####/3ea73fe49b0a4ce0999190ca410c7f5djpgx.tmp
- <SD-Card>/AIReader/####/5d74cdfc02ca40199ee21e3ade686eebjpgx.tmp
- <SD-Card>/AIReader/####/6ea821fda57f44d68c3a3f3307e9512djpgx.tmp
- <SD-Card>/AIReader/####/DEVICE.txt
- <SD-Card>/AIReader/####/adv_self_config.dat
- <SD-Card>/AIReader/####/be888d105c31492d8743a496727b2abejpgx.tmp
- <SD-Card>/AIReader/####/book_list_C121_free_1.dat
- <SD-Card>/AIReader/####/book_list_C121_new_1.dat
- <SD-Card>/AIReader/####/buy_flag_auto.dat
- <SD-Card>/AIReader/####/c055f8b30e4947b09a030194b68be977jpgx.tmp
- <SD-Card>/AIReader/####/c33b7659d144403baf67cacdad8a1fd7jpgx.tmp
- <SD-Card>/AIReader/####/category_101.jpgx.tmp
- <SD-Card>/AIReader/####/category_103.jpgx.tmp
- <SD-Card>/AIReader/####/category_104.jpgx.tmp
- <SD-Card>/AIReader/####/category_105.jpgx.tmp
- <SD-Card>/AIReader/####/category_106.jpgx.tmp
- <SD-Card>/AIReader/####/category_107.jpgx.tmp
- <SD-Card>/AIReader/####/category_108.jpgx.tmp
- <SD-Card>/AIReader/####/category_109.jpgx.tmp
- <SD-Card>/AIReader/####/category_110.jpgx.tmp
- <SD-Card>/AIReader/####/category_111.jpgx.tmp
- <SD-Card>/AIReader/####/category_112.jpgx.tmp
- <SD-Card>/AIReader/####/category_113.jpgx.tmp
- <SD-Card>/AIReader/####/category_114.jpgx.tmp
- <SD-Card>/AIReader/####/category_115.jpgx.tmp
- <SD-Card>/AIReader/####/category_117.jpgx.tmp
- <SD-Card>/AIReader/####/category_118.jpgx.tmp
- <SD-Card>/AIReader/####/category_119.jpgx.tmp
- <SD-Card>/AIReader/####/category_120.jpgx.tmp
- <SD-Card>/AIReader/####/category_121.jpgx.tmp
- <SD-Card>/AIReader/####/category_122.jpgx.tmp
- <SD-Card>/AIReader/####/category_123.jpgx.tmp
- <SD-Card>/AIReader/####/category_124.jpgx.tmp
- <SD-Card>/AIReader/####/category_125.jpgx.tmp
- <SD-Card>/AIReader/####/category_126.jpgx.tmp
- <SD-Card>/AIReader/####/category_127.jpgx.tmp
- <SD-Card>/AIReader/####/category_128.jpgx.tmp
- <SD-Card>/AIReader/####/category_129.jpgx.tmp
- <SD-Card>/AIReader/####/cc786942079b4ee2b202f67b7a5541c4jpgx_bak
- <SD-Card>/AIReader/####/cfg_rank.data
- <SD-Card>/AIReader/####/config.data
- <SD-Card>/AIReader/####/eac2fa1ca05047d181934f0bc0e8d8bfjpgx.tmp
- <SD-Card>/AIReader/####/f200cc4ef7d54d809e7a68669165b9b5jpgx.tmp
- <SD-Card>/AIReader/####/f5566ebce38740c0a08ee72ae7d43fe8jpgx.tmp
- <SD-Card>/AIReader/####/f9c404a4a2834d3d87854d394c8dc107jpgx_bak
- <SD-Card>/AIReader/####/fc31558d854548a98d07a387a36d4efdjpgx.tmp
- <SD-Card>/AIReader/####/free.jpgx.tmp
- <SD-Card>/AIReader/####/home_infos_3.dat
- <SD-Card>/AIReader/####/import.dat
- <SD-Card>/AIReader/####/new.jpgx.tmp
- <SD-Card>/AIReader/####/realfree.jpgx.tmp
- <SD-Card>/AIReader/####/recommended.jpgx.tmp
- <SD-Card>/AIReader/####/releated_list_02a335a204e6497f95ba0cd774af5684.dat
- <SD-Card>/AIReader/####/sxsplash20160727_579817d469bca.jpgx
- <SD-Card>/AIReader/####/sxsplash20160727_579817da499fb.jpgx
- <SD-Card>/AIReader/####/sxsplash20160727_579817de0f457.jpgx
- <SD-Card>/AIReader/####/sxsplash20160727_579817e1da72a.jpgx
- <SD-Card>/AIReader/####/sxsplash20160727_57981808344f4.jpgx
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- libjiagu
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Отрисовывает собственные окна поверх других приложений.
