Android.Packed.36122

Техническая информация

Вредоносные функции:

Загружает на исполнение код следующих детектируемых угроз:

Android.DownLoader.570.origin

Сетевая активность:

Подключается к:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) ti####.c####.l####.####.com:80
TCP(HTTP/1.1) d.zxl####.com.####.com:80
TCP(HTTP/1.1) t####.c####.q####.####.com:80
TCP(HTTP/1.1) a1.eas####.com:80
TCP(HTTP/1.1) p####.comi####.cn:80
TCP(HTTP/1.1) rs.eas####.com:80
TCP(HTTP/1.1) 4####.95.95.131:80
TCP(HTTP/1.1) as.e####.com:80
TCP(TLS/1.0) tinyq####.ove####.b0.####.com:443
TCP(TLS/1.0) regi####.xm####.xi####.com:443
TCP v.m####.com:7701
TCP v.m####.com:7702
TCP 1####.201.170.84:443
TCP v.m####.com:7703

Запросы DNS:

a1.eas####.com
as.e####.com
c####.comi####.cn
cdn.ico####.com
ct.cdn.ico####.com
d.zxl####.com
p####.comi####.cn
regi####.xm####.xi####.com
rs.eas####.com
v####.comi####.cn
v.m####.com

Запросы HTTP GET:

as.e####.com/as?m=####&v=####&k=####&pkg=####&json=####
d.zxl####.com.####.com/d/42d2.jpg
d.zxl####.com.####.com/d/42k7.apk
d.zxl####.com.####.com/d/42kb.png
rs.eas####.com/easemob/server.xml?sdk_version=####&app_key=####
t####.c####.q####.####.com/mokashaonvying_banner_misheng_20170406.jpg
ti####.c####.l####.####.com/11641_ccover_hp_6f4869908ee816c5.jpg?imageVi...
ti####.c####.l####.####.com/11643_89_10_h07ca69e588532b37.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_11_h2a6acecd32a0f23c.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_12_h4f1fd2459c2e4835.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_13_hdc424af08cfe7790.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_14_hcc0714a34ceb5023.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_15_h314f1423ca2e7f8c.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_16_h59e84aafd51aa849.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_17_he04b3891b4df3634.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_18_hc78046e7ce9fb61d.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_19_hb6ebddfb9536c7ff.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_1_h76317837431de2ba.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_20_hdb9dc81f839d90ca.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_21_h9a600af764891675.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_22_h82cc0425c6af81e3.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_23_h52d811254edcbef0.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_24_h48dc5437d74adb05.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_25_h5e73fb555510fbc1.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_26_h6553f52bdc1b79fe.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_27_hf9d6559131eade2d.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_28_he232860ab4614639.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_29_h31b6ac178dd8d897.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_2_hccc8999f04ef4f23.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_30_h2fc070d342fbcf3b.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_31_he688a39a9c951121.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_32_hfec72448ecd8ae38.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_33_hf5381d809cf1da70.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_34_h0b631213e63d33c7.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_35_hcb63ef3c6b2274a7.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_36_h7227ce4532aa872a.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_37_hda6559058e7ddcec.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_38_hc57d1c3e49c872e4.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_39_h6307c1ee6d1f309a.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_3_h7b4b4de88bb717cf.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_40_h0a980dbd80ebad11.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_41_h7ad2b5c494f1b68d.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_42_h27b6aa830a13efe9.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_43_h130ef3372faf5a18.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_44_had8ec39d28d1b0ff.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_45_h93eaa58f4906798d.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_46_h558d1237ef7729eb.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_47_h7fe1332f0ec5e177.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_48_h7dd8f1363a86ff6d.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_49_hb5367eac1dbfaea4.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_4_h5c37f53bf95ff5b4.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_50_h968880e90af57089.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_51_h0c5934d4f4950e18.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_52_he0296c1c871d2633.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_53_hb689370308ef8498.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_54_h492a1f975a271670.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_55_h032eebf65c284a4f.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_56_he5c7f59cc7ef0b84.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_57_h9b7c2772ce6ea92f.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_58_h456f4dbee59154e0.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_59_h837786bb7b6639e7.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_5_h88faa7a9ff2dcc65.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_60_h116c05c5cc6dbd10.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_61_h36c6dcce6f63aa69.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_62_h0cb7908e7f6ae049.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_63_h60d16b8df7977f35.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_64_h65fd523172b28dc4.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_65_h1d569fee5459d7d1.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_66_h04ce50f17b178676.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_67_h605978d2f6b2cdc1.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_68_hdb28eb527f39fcea.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_6_hbd5fbbd637be0f30.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_7_hb1f2d66555d5289e.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_8_h8ba04f722e7ed597.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_9_hb60327923771571e.jpg?imageVi####
ti####.c####.l####.####.com/11643_89_acover_l_06989a348f4f8682.jpg?image...
ti####.c####.l####.####.com/11643_ccover_971737c944cdf57b.jpg?imageVi####
ti####.c####.l####.####.com/11999_ccover_026c5ed45f4eaa6e.jpg?imageVi####
ti####.c####.l####.####.com/12145_ccover_43d941b9165e85db.jpg?imageVi####
ti####.c####.l####.####.com/12155_ccover_hp_d8f95bd40a86d44a.jpg?imageVi...
ti####.c####.l####.####.com/12224_ccover_18c0ee8d5b168680.jpg?imageVi####
ti####.c####.l####.####.com/12486_35_acover_l_74a950089bfb267c.jpg?image...
ti####.c####.l####.####.com/12811_21_acover_l_6243b4d390d6a3b3.jpg?image...
ti####.c####.l####.####.com/12936_4_acover_l_b703cd53442b5126.jpg?imageV...
ti####.c####.l####.####.com/77_ccover_hp_edc170029c970e3e.jpg?imageVi####

Запросы HTTP POST:

a1.eas####.com/comicool/comicool/devices
p####.comi####.cn/allcomic
p####.comi####.cn/comicdetail
p####.comi####.cn/duty_list
p####.comi####.cn/epinfo
p####.comi####.cn/getcomments2
p####.comi####.cn/handshake
p####.comi####.cn/homepage
p####.comi####.cn/level_config
p####.comi####.cn/new_recommend
p####.comi####.cn/reader_reward
p####.comi####.cn/splashinfo
p####.comi####.cn/userlabel_guide

Изменения в файловой системе:

Создает следующие файлы:

<Package Folder>/.jiagu/libjiagu.so
<Package Folder>/cache/####/-k-2gR3-k8OF-g1cuDUWYb-bFVo.-1427753640.tmp
<Package Folder>/cache/####/1XViCPPlrdATMpE3gJGorOtVjtA.-1461926570.tmp
<Package Folder>/cache/####/1eawdso4KJBAv9Ba_iR9JPb6aVE.1554646263.tmp
<Package Folder>/cache/####/2N13tdU3ln9A1bbNwu49J4EPafw.-862250778.tmp
<Package Folder>/cache/####/2bY8Dw_Z69aA7N57bCHUgenTerc.1648636656.tmp
<Package Folder>/cache/####/3y5LdU1zdEJETBmzkbjSVlUjkr8.-1440906050.tmp
<Package Folder>/cache/####/57VaIpU9nqPRpcDBXI65PSNXWfg.-1236041828.tmp
<Package Folder>/cache/####/5j1QXurzTx7AHNpJqWvjbRFCB7A.724440077.tmp
<Package Folder>/cache/####/6d6LfQrfY2Md0Rl_1T6-33x54gA.-725714742.tmp
<Package Folder>/cache/####/7KhDzK_-5MArZq57qmvTmMfyyxM.-970396492.tmp
<Package Folder>/cache/####/7j-_23s5CacqRTN0PWKqGITZfOk.-448817726.tmp
<Package Folder>/cache/####/C1BBDHLi-YbmjzqFdC51f2KQWnQ.609195473.tmp
<Package Folder>/cache/####/CPqDdT61pao53IRAb7zdCutswEU.1666204438.tmp
<Package Folder>/cache/####/GUmoEhrmSbfEJCS5dNK0lcl-qwA.2018412.tmp
<Package Folder>/cache/####/HPBIhbGDhnC3c-nRVqdGgeeIUE4.1848685980.tmp
<Package Folder>/cache/####/HqF51JL7YmVSun9UhVrB-1kH8nM.-906514365.tmp
<Package Folder>/cache/####/ILJDrBb4L0S4WdXEAuO6F4AOQpA.-592570132.tmp
<Package Folder>/cache/####/I_xW4wlGykFC8tt49cYtPfIPHSI.-1569950512.tmp
<Package Folder>/cache/####/Isu6OMhFD6X5VYMDyi_cjUrSTzU.-706022084.tmp
<Package Folder>/cache/####/Ixawds6lv0qyt_3NKLlugc3294Q.8786506.tmp
<Package Folder>/cache/####/K1jNQoTIXueS8QYvJPh8pc1jly0.1547199716.tmp
<Package Folder>/cache/####/K32MsA2EVO9BskrfO6z70KIpkvg.992071722.tmp
<Package Folder>/cache/####/KUiLv4GuQXkqSggGLa8v5QvGCK4.1825298927.tmp
<Package Folder>/cache/####/Km0OmRgJ-MZsdGYGRFp6OE8ZVbk.-738018928.tmp
<Package Folder>/cache/####/L8WMam7j5Xry4-wSROTj_vEQzWo.-146070289.tmp
<Package Folder>/cache/####/MAm0yXF3nLCUMb_DipQgQOM6AH0.1213132018.tmp
<Package Folder>/cache/####/OCaQZ9ms0V5OO2KMnLq35z2tl-0.593843514.tmp
<Package Folder>/cache/####/OShEs4SkVFj5aHCVBoQ7daJnxpI.-1504460488.tmp
<Package Folder>/cache/####/Oo0xeLZzelbHNm6xkWWo_2QDtUA.-504187246.tmp
<Package Folder>/cache/####/OvvxjTb1VN36_loOvo5q4E6pnqo.-1512606695.tmp
<Package Folder>/cache/####/Q1ipLZiWeT_ccJ9ye2Y3GY-bNDM.1459854645.tmp
<Package Folder>/cache/####/QF9RkaJ_P7j8-rNmS4zGXF683hU.-1471759158.tmp
<Package Folder>/cache/####/QP4yAUr5Rwj5LEJ1dPZLSPDNfHU.-559064966.tmp
<Package Folder>/cache/####/QbSCustFxZDC2h9-ca5JQRBBnfc.-1286446397.tmp
<Package Folder>/cache/####/QbvBcUW0R43pRjJmlgAsisKLO0o.-2109924440.tmp
<Package Folder>/cache/####/Qj-YEcvzRcUMzZLbz4z-Xtzu8xc.823435381.tmp
<Package Folder>/cache/####/RCaMxa4hRCeti2pY9e-HV4OXB8A.-1692981895.tmp
<Package Folder>/cache/####/SLl8HZWwmsd5UWTSpxrnOcyT8_A.-1988003844.tmp
<Package Folder>/cache/####/S_nBgRnq2BIkb6a2UjujbOJUyS8.-1349762312.tmp
<Package Folder>/cache/####/T3eawleWavzQIJ5OQ7qtvWvt8N0.-81318522.tmp
<Package Folder>/cache/####/TiExa_wrX5R-zjnsdMxUEUA61vg.604211746.tmp
<Package Folder>/cache/####/UwaH6IRReomR4n3q36Ua45VVPo0.517452139.tmp
<Package Folder>/cache/####/X9wupR5I2bmhODrlUsK49iHet60.-1019359777.tmp
<Package Folder>/cache/####/XPwuQRq4soYnu_SefryU4niuIO4.-1980130870.tmp
<Package Folder>/cache/####/Y8LD74H2K1jwpIIXWNNK31LQj-s.-330627286.tmp
<Package Folder>/cache/####/YN-DUQzpLo5iRO7q_FCtHbVBb-s.1636979130.tmp
<Package Folder>/cache/####/_23j2Q1p10tZWypK72SWrCur8xA.479205889.tmp
<Package Folder>/cache/####/bKlv6V5zUcH3uiC10NnaRpme8RI.-1566096791.tmp
<Package Folder>/cache/####/cZapHNwkV9Rs90FoUtWhvOKvYcU.72911847.tmp
<Package Folder>/cache/####/dDe7d2vGmW517Z3zV_fUmeBkcqI.394466982.tmp
<Package Folder>/cache/####/dtxxhtcv0v0XOveTmqN5cuUDcs8.2059901402.tmp
<Package Folder>/cache/####/esiSOm4DdQ4UTohI877YXtKMj0M.1181366328.tmp
<Package Folder>/cache/####/fshlfKPHP7YgttCIvUJchC5T1Wk.8957078.tmp
<Package Folder>/cache/####/fw2-CSYfPbuULVuoW9ALqgGrs2E.-75435428.tmp
<Package Folder>/cache/####/g53aSsBSWK59l3_fqDAR1F2yoT0.-735701622.tmp
<Package Folder>/cache/####/iQSMY9mYzmreAqOd9ylzzDJ78O0.-151231556.tmp
<Package Folder>/cache/####/iVvyj2kaLueUg4P0xjNQdMp81k0.60219346.tmp
<Package Folder>/cache/####/jpQttQHCzEYekfgPf_XRWC580hw.-538860781.tmp
<Package Folder>/cache/####/kBMDyHb1mz4ycIkpA5XdW0VAn40.-1451296828.tmp
<Package Folder>/cache/####/lh5NvVX6aTiCTWjHay5PUyw_Nj8.-1128503229.tmp
<Package Folder>/cache/####/m5Lc-MN0iibce02GYU2Kl4DbPCU.-2071609072.tmp
<Package Folder>/cache/####/mEQspAXfWEkEZOivAI2t4r53ryo.1064701886.tmp
<Package Folder>/cache/####/mt4g8A27PdPyMiN5spWzg9guaK0.-783438443.tmp
<Package Folder>/cache/####/nkv9J3ZojEaEHR2SboPxNNS31As.-1675439825.tmp
<Package Folder>/cache/####/oMTS3RbW8UavHd2-7tOjmFiAs54.1367756793.tmp
<Package Folder>/cache/####/pg9iOHaRW70hdnuQn1yb64Zb090.23415669.tmp
<Package Folder>/cache/####/q3Hlg53tvHEPi2LS7BkWsdYDP4g.277467714.tmp
<Package Folder>/cache/####/rlXEg2rPDvVR9Mwb1Dz-THMxf3w.-292025394.tmp
<Package Folder>/cache/####/tvzLsFq4ShVOalV9wsLeWdZNSHQ.-1967945478.tmp
<Package Folder>/cache/####/uTlgv2TRTHlxF-DGh4mz0k5BQgw.-1148974473.tmp
<Package Folder>/cache/####/uhMj9Tz96K-LXnb1c5MLPQVM5Vg.1216991460.tmp
<Package Folder>/cache/####/vVpv0F3rUEz4aZu4xEF0eNG0_Bw.-1244007443.tmp
<Package Folder>/cache/####/wbg5R4f5TaJ6zCPTL3NWDeRTqI0.310259921.tmp
<Package Folder>/cache/####/wqHctqYzqWnbFvE0o2cmQxUObxw.178025979.tmp
<Package Folder>/cache/####/xCd6bMK02qMHTYPRcNr1T_D5CgU.1192767078.tmp
<Package Folder>/cache/####/xTUt2eN8EJU7LBTYxCYE4bSubO4.-286412262.tmp
<Package Folder>/cache/####/x_M7UtUC_u9usf5tDUw-rkeKoO8.-496287602.tmp
<Package Folder>/cache/####/yohbCiFwV3_mGQimZKxE1jIgJg4.-2085022575.tmp
<Package Folder>/databases/####/cc.db
<Package Folder>/databases/####/cc.db-journal
<Package Folder>/databases/014a7ce361c9100aeb5301d6d9534670_emm...ournal
<Package Folder>/databases/360.db
<Package Folder>/databases/360.db-journal
<Package Folder>/databases/icomico_db-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/files/####/.jg.ic
<Package Folder>/files/645367.jar
<Package Folder>/files/da.jar
<Package Folder>/files/mobclick_agent_cached_<Package>9996676
<Package Folder>/shared_prefs/23.xml
<Package Folder>/shared_prefs/23<IMEI>.xml
<Package Folder>/shared_prefs/24<IMEI>.xml
<Package Folder>/shared_prefs/25<IMEI>.xml
<Package Folder>/shared_prefs/26<IMEI>.xml
<Package Folder>/shared_prefs/28<IMEI>.xml
<Package Folder>/shared_prefs/<Package>_preferences.xml
<Package Folder>/shared_prefs/ICOMICO_PREFERENCE.xml
<Package Folder>/shared_prefs/device_id.xml.xml
<Package Folder>/shared_prefs/disk_entries_list_image_cache_1793952001.xml
<Package Folder>/shared_prefs/easemob.sdk.pref.xml
<Package Folder>/shared_prefs/easemob.sdk.pref.xml.bak (deleted)
<Package Folder>/shared_prefs/mipush.xml
<Package Folder>/shared_prefs/mipush_extra.xml
<Package Folder>/shared_prefs/multidex.version.xml
<Package Folder>/shared_prefs/umeng_general_config.xml
<SD-Card>/Android/####/.nomedia
<SD-Card>/Android/####/019e8b3b3e7c51d08937f9a5ac76a425.downtmp
<SD-Card>/Android/####/27283aba4d11f2535a059fc0777586c6.downtmp
<SD-Card>/Android/####/2b7754c166c43869bd578999e3f302cc.downtmp
<SD-Card>/Android/####/324421962141458916dd985209ac1f88.downtmp
<SD-Card>/Android/####/35f90d35e83b347de420259ce1b92c98.downtmp
<SD-Card>/Android/####/66b21327676d8cc87a81cd72bcd94139.downtmp
<SD-Card>/Android/####/log.lock
<SD-Card>/Android/####/log1.txt
<SD-Card>/Android/####/pptvsdk.log
<SD-Card>/Download/####/42d2.jpg.data
<SD-Card>/Download/####/42kb.png.data
<SD-Card>/Download/####/baidu_42k7.apk.c
<SD-Card>/emlibs/####/monitor.db
<SD-Card>/emlibs/####/monitor.db-journal

Другие:

Запускает следующие shell-скрипты:

chmod 755 <Package Folder>/.jiagu/libjiagu.so
df

Загружает динамические библиотеки:

easemob_jni
easemobservice
imagepipeline
libjiagu
libppbox_jni-android-x86-gcc44-mt-1.1.1
libstreamingsdk_jni-android-x86-gcc44-mt-1.1.1
okjbvcde345789oijhgfdr6
ppbox_jni-android-x86-gcc44-mt-1.1
static-webp
streamingsdk_jni-android-x86-gcc44-mt-1.1

Использует следующие алгоритмы для шифрования данных:

AES-CBC-PKCS5Padding
AES-ECB-PKCS5Padding

Использует следующие алгоритмы для расшифровки данных:

AES-CBC-PKCS5Padding
AES-ECB-PKCS5Padding

Использует специальную библиотеку для скрытия исполняемого байткода.

Осуществляет доступ к информации о геолокации.

Осуществляет доступ к информации о сети.

Осуществляет доступ к информации о телефоне (номер, imei и тд.).

Осуществляет доступ к информации о настроках APN.

Осуществляет доступ к информации об установленных приложениях.

Добавляет задания в системный планировщик.

Отрисовывает собственные окна поверх других приложений.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней