Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.78.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) gameana####.e####.com:80
- TCP(HTTP/1.1) i####.e####.com.####.com:80
- TCP(HTTP/1.1) m.5####.com:80
- TCP(HTTP/1.1) em.m####.cn:8040
- TCP(HTTP/1.1) api.is.yuanf####.com:80
- TCP(HTTP/1.1) hm.b####.com:80
- TCP(HTTP/1.1) res.t####.com.####.com:80
- TCP(HTTP/1.1) m.q####.com:80
- TCP(HTTP/1.1) l####.8####.com.####.com:80
- TCP(HTTP/1.1) www.go####.com:80
- TCP(HTTP/1.1) cdn-boo####.b0.a####.com:80
- TCP(TLS/1.0) m.q####.com:443
- TCP(TLS/1.0) i####.e####.com.####.com:443
Запросы DNS:
- api.egret-####.org
- api.is.yuanf####.com
- cdn.boo####.com
- em.m####.cn
- gameana####.e####.com
- hm.b####.com
- i####.e####.com
- l####.8####.com
- m.5####.com
- m.q####.com
- mt####.go####.com
- res.t####.com
- www.go####.com
- wx.q####.com
Запросы HTTP GET:
- cdn-boo####.b0.a####.com/jquery/1.11.3/jquery.min.js
- gameana####.e####.com/js/gameCenterSA.js
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&ep=####&et=#...
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&et=####&ja=#...
- hm.b####.com/hm.gif?cc=0&ck=1&cl=16-bit&ds=800x600&vl=1447&ep=6559,1945&...
- hm.b####.com/hm.gif?cc=0&ck=1&cl=16-bit&ds=800x600&vl=546&ep=13313,13313...
- hm.b####.com/hm.gif?cc=0&ck=1&cl=16-bit&ds=800x600&vl=546&ep={"netAll":0...
- hm.b####.com/hm.gif?cc=0&ck=1&cl=16-bit&ds=800x600&vl=546&et=0&ja=0&ln=e...
- hm.b####.com/hm.js?6ba12b6####
- i####.e####.com.####.com/upload/js/jquery.min.js
- l####.8####.com.####.com/oneheroh5/cocos2d-js-min.js?v=####
- l####.8####.com.####.com/oneheroh5/index.html?platInfo=####&appId=####&e...
- l####.8####.com.####.com/oneheroh5/main.js?v=####
- l####.8####.com.####.com/oneheroh5/res/import/01/01276dc83.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/01/0154a6392.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/02/027c85577.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/06/06b3654c9.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/07/077fb25c-cc86-4a88-b1ea...
- l####.8####.com.####.com/oneheroh5/res/import/09/0923e870-f321-4422-854a...
- l####.8####.com.####.com/oneheroh5/res/import/0a/0acb01567.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/0b/0bc8ec45f.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/0c/0cf7a5a4e.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/0e/0e21cf18d.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/0f/0f346bcca.json?v=####
- l####.8####.com.####.com/oneheroh5/res/import/1d/1ddfa062-73ad-49b4-ac52...
- l####.8####.com.####.com/oneheroh5/res/import/24/241505bd-94c3-4fa9-891a...
- l####.8####.com.####.com/oneheroh5/res/import/35/356ea24a-ce06-45d7-b208...
- l####.8####.com.####.com/oneheroh5/res/import/3a/3a4001ca-ab51-4ffd-8511...
- l####.8####.com.####.com/oneheroh5/res/import/5e/5e2e8ee3-4e9c-4e15-9d1c...
- l####.8####.com.####.com/oneheroh5/res/import/8e/8e8299d3-518c-4c88-973d...
- l####.8####.com.####.com/oneheroh5/res/import/9b/9bbda31e-ad49-43c9-aaf2...
- l####.8####.com.####.com/oneheroh5/res/import/a2/a23235d1-15db-4b95-8439...
- l####.8####.com.####.com/oneheroh5/res/import/b9/b9cfc73d-50e5-4cf3-a572...
- l####.8####.com.####.com/oneheroh5/res/import/c1/c112b9fa-2b7d-4e0a-91db...
- l####.8####.com.####.com/oneheroh5/res/import/cb/cb8fb9eb-d8b3-4495-9ccb...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/achieve...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/allwing...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/attr.js...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/box.jso...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/equip.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/equipLe...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/equipat...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/equipty...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/floor.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/iap.jso...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/item.js...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/login7....
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/name1.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/name2.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/name3.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/partner...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/promoti...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/sattr.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/share.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/shop.js...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/skill.j...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/task.js...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/wing.js...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/data/word.js...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/images/mainM...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/images/ui/en...
- l####.8####.com.####.com/oneheroh5/res/raw-assets/resources/images/ui/lo...
- l####.8####.com.####.com/oneheroh5/res/raw-internal/image/default_sprite...
- l####.8####.com.####.com/oneheroh5/splash.png
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/7wanwansdk.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/bear.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/h5sdk.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/h5sdk.min.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/jquery.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/jssdk.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/ldgame.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/manyusdk.mi...
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/nest.min.js
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/pop_pay_tip...
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/supersdk.mi...
- l####.8####.com.####.com/oneheroh5/src/assets/Script/channel/yzh5sdk.js
- l####.8####.com.####.com/oneheroh5/src/project.js?v=####
- l####.8####.com.####.com/oneheroh5/src/settings.js?v=####
- l####.8####.com.####.com/oneheroh5/src/update.js?v=####
- l####.8####.com.####.com/oneheroh5/style-mobile.css
- m.5####.com/Public/jssdk/js/paysdk.js?v=####
- m.q####.com/?chanId=####&target=####&appid=####&size=####&type=####
- m.q####.com/Mine.play?gameId=####&chanId=####&statPV=####
- m.q####.com/favicon.ico
- m.q####.com/gamelist/?appid=####&size=####&type=####
- m.q####.com/misc/images/bailu.png
- m.q####.com/misc/images/message/btn_bak@3x.png
- m.q####.com/misc/images/new_index/btn_revolution.svg
- m.q####.com/misc/images/new_index/icon_gift.svg
- m.q####.com/misc/images/new_index/icon_own.svg
- m.q####.com/misc/images/new_index/icon_party.svg
- m.q####.com/misc/images/pay/wxPayLogo.png
- m.q####.com/misc/images/phoneDown.png
- m.q####.com/misc/images/phonePlay.png
- m.q####.com/misc/js/iscroll.js
- m.q####.com/misc/js/jquery.lazyload.min.js
- m.q####.com/misc/scripts/common.js?v=####
- m.q####.com/misc/scripts/date.js?v=####
- m.q####.com/misc/scripts/exif.js
- m.q####.com/misc/scripts/gift.js?v=####
- m.q####.com/misc/scripts/mine.js?v=####
- m.q####.com/misc/scripts/online.js?v=####
- m.q####.com/misc/scripts/pageLoading.js?v=####
- m.q####.com/misc/scripts/play.js?v=####
- m.q####.com/misc/scripts/pullToRefresh.js?v=####
- m.q####.com/misc/scripts/tongji.js?1####
- m.q####.com/misc/scripts/top.js?v=####
- m.q####.com/misc/scripts/touch.js?v=####
- m.q####.com/misc/v1/bootstrap-3.3.5-dist/css/bootstrap.css
- m.q####.com/misc/v1/css/game-center-bbs.css?v=####
- m.q####.com/misc/v1/css/game-center.css?v=####
- m.q####.com/misc/v1/css/global.css?v=####
- m.q####.com/misc/v1/css/good/iconfont.css
- m.q####.com/misc/v1/css/play.css?v=####
- m.q####.com/misc/v1/font-awesome-4.5.0/css/font-awesome.min.css
- m.q####.com/v2/game/21254/90814?chanId=####&channelId=####&showLoginPane...
- res.t####.com.####.com/SuperSDK/JS/v1.0/supersdk-release.min.js?v=####
- www.go####.com/complete/search?hl=####&client=####&q=####
Запросы HTTP POST:
- api.is.yuanf####.com/is/info.jsp
- api.is.yuanf####.com/is/init.jsp
- em.m####.cn:8040/server.php
- gameana####.e####.com/gameCenterStat.php
- gameana####.e####.com/gcactStat.php
- gameana####.e####.com/guvStat.php
- gameana####.e####.com/onlineStat.php
- gameana####.e####.com/pageLoadingStat.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/index
- <Package Folder>/databases/fish.db
- <Package Folder>/databases/fish.db-journal
- <Package Folder>/databases/golf.db
- <Package Folder>/databases/golf.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/tcom
- <Package Folder>/files/wjiekeshisi.jar
- <Package Folder>/shared_prefs/mappcfg.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/<Package>.txt
Другие:
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
