Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.451.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) l####.c####.q####.####.com:80
- TCP(HTTP/1.1) do####.aishe####.com:80
- TCP(HTTP/1.1) openmo####.qq.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) c.isds####.qq.com:80
- TCP(HTTP/1.1) fo####.ap####.cn:80
- TCP(HTTP/1.1) sup####.qq.com:80
- TCP(HTTP/1.1) cgi.con####.qq.com:80
- TCP(HTTP/1.1) pi####.qq.com:80
- TCP(TLS/1.0) x####.tc.qq.com:443
- TCP(TLS/1.0) t####.qq.com:443
- TCP(TLS/1.0) isds####.qq.com:443
- TCP(TLS/1.0) p####.tc.qq.com:443
- TCP(TLS/1.0) sup####.qq.com:443
Запросы DNS:
- a####.qq.com
- c.isds####.qq.com
- cdn.multi####.cn
- cgi.con####.qq.com
- do####.aishe####.com
- fo####.ap####.cn
- imgc####.qq.com
- isds####.qq.com
- j####.aq.qq.com
- openmo####.qq.com
- pi####.qq.com
- q####.qq.com
- qzones####.g####.cn
- sup####.qq.com
- t####.qq.com
Запросы HTTP GET:
- c.isds####.qq.com/code.cgi?uin=####&domain=####&rate=####&time=####&code...
- cgi.con####.qq.com/qqconnectopen/openapi/policy_conf?sdkv=####&appid=###...
- do####.aishe####.com/getdomain.php?chid=####&subchid=####
- fo####.ap####.cn/checkmode.php?chid=####&subchid=####
- fo####.ap####.cn/chksdkupdate.php?sdkver=####&compver=####&mainver=####&...
- fo####.ap####.cn/genuser.php?chid=####&subchid=####&vercode=####&type=##...
- l####.c####.q####.####.com/vmupdate/pack/10022/common/19703/vm.zip
- openmo####.qq.com/oauth2.0/m_jump_by_version?sdkv=####&status_machine=##...
- p####.tc.qq.com/open/mobile/sdk_common/down_qq.htm?sdkv=####&status_mach...
- p####.tc.qq.com/open/portal/common/copyright.js
- p####.tc.qq.com/open_proj/qqconnect/h5login/css/jump2.css?t=####
- p####.tc.qq.com/open_proj/qqconnect/h5login/css/sprite/jump2.png?max_age...
- sup####.qq.com/include/js/all.js
- sup####.qq.com/include/js/qmtool.js
- sup####.qq.com/include/qqmaileditor/editor.js
- sup####.qq.com/include/style/comm2010.css
- sup####.qq.com/js/isd_speed.js
- sup####.qq.com/write.shtml?fid=####&ADPUBNO=####
- sup####.qq.com/write4pad.shtml?fid=####
Запросы HTTP POST:
- fo####.ap####.cn/statistics.php?action=####&data=ey####
- pi####.qq.com/mstat/report
- pi####.qq.com/mstat/report/?index=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.platformcache/####/kxqpplatform.jar
- <Package Folder>/.platformcache/####/tmp.bS2077
- <Package Folder>/.platformcache/####/tmp.fK2077
- <Package Folder>/.platformcache/kxqpplatform.jar
- <Package Folder>/.platformcache/main.jar
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/index
- <Package Folder>/databases/kxqp.db-journal
- <Package Folder>/databases/pri_wxop_tencent_analysis.db-journal
- <Package Folder>/databases/tencent_analysis.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/wxop_tencent_analysis.db-journal
- <Package Folder>/files/com.tencent.open.config.json.1104777665
- <Package Folder>/shared_prefs/.mta-wxop.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/adsp.xml
- <Package Folder>/shared_prefs/domain.xml
- <Package Folder>/shared_prefs/extractInfo.xml
- <Package Folder>/shared_prefs/kxqp.xml
- <Package Folder>/shared_prefs/kxqpChannal.xml
- <Package Folder>/shared_prefs/kxqpVersion.xml
- <Package Folder>/shared_prefs/platform.xml
- <Package Folder>/shared_prefs/querysuccess.xml
- <Package Folder>/shared_prefs/shortcut.xml
- <Package Folder>/shared_prefs/soUpdate.xml
- <Package Folder>/shared_prefs/timeInfo.xml
- <Package Folder>/shared_prefs/userInfo.xml
- <SD-Card>/.<Package>/####/compVersion
- <SD-Card>/.<Package>/####/verinfo.cfg
- <SD-Card>/.<Package>/####/vm.zip.dload
- <SD-Card>/Tencent/####/.mid.txt
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- chmod 755 <Package Folder>/.platformcache/kxqpplatform.jar
- chmod 755 <Package Folder>/.platformcache/main.jar
- chmod 755 <Package Folder>/.platformcache/tmp/vm/kxqpplatform.jar
- chmod 777 /storage/emulated/0/.<Package>/apk
- chmod 777 /storage/emulated/0/.<Package>/apk/vm.zip.dload
Загружает динамические библиотеки:
- MtaNativeCrash
- applypatch
- kxqptest
Использует следующие алгоритмы для шифрования данных:
- AES-ECB-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
