Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.122.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) m####.a####.com:80
- TCP(HTTP/1.1) m.ezjoy####.com:80
Запросы DNS:
- m####.a####.com
- m.ezjoy####.com
- mt####.go####.com
- p####.h####.com
Запросы HTTP GET:
- m####.a####.com/sdk-core-v40.js
- m.ezjoy####.com/birdblast_desc.png
- m.ezjoy####.com/birdblast_icon.png
- m.ezjoy####.com/bubblebirdrescue_desc.png
- m.ezjoy####.com/bubblekingdom_desc.png
- m.ezjoy####.com/bubblekingdom_icon.png
- m.ezjoy####.com/bubblepopplus_desc.png
- m.ezjoy####.com/bubblepopplus_icon.png
- m.ezjoy####.com/gardenmania_desc.png
- m.ezjoy####.com/jewelsmaze2_desc.png
- m.ezjoy####.com/jewelsmaze2_icon.png
- m.ezjoy####.com/jewelsmaze_desc.png
- m.ezjoy####.com/jewelsmaze_icon.png
- m.ezjoy####.com/jewelsminer_desc.png
- m.ezjoy####.com/jewelsminer_icon.png
- m.ezjoy####.com/marbleblast2_desc.png
- m.ezjoy####.com/marbleblast2_icon.png
- m.ezjoy####.com/marbleblast3_desc.png
- m.ezjoy####.com/marbleblast3_icon.png
- m.ezjoy####.com/marbleblast_icon.png
- m.ezjoy####.com/ninjadashing_desc.png
- m.ezjoy####.com/ninjadashing_icon.png
- m.ezjoy####.com/res/bubblebirdrescue_icon.png
- m.ezjoy####.com/res/cookiemania_icon.png
- m.ezjoy####.com/res/gardenmania_icon.png
- m.ezjoy####.com/res/savemybird_icon.png
- m.ezjoy####.com/res/toymania_icon.png
- m.ezjoy####.com/savemybird_desc.png
- m.ezjoy####.com/update.json?appid=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_LJBz/classes.jar
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/index
- <Package Folder>/cache/ads-314891694.jar
- <Package Folder>/cache/birdblast_desc.png
- <Package Folder>/cache/birdblast_icon.png
- <Package Folder>/cache/bubblebirdrescue_desc.png
- <Package Folder>/cache/bubblebirdrescue_icon.png
- <Package Folder>/cache/bubblekingdom_desc.png
- <Package Folder>/cache/bubblekingdom_icon.png
- <Package Folder>/cache/bubblepopplus_desc.png
- <Package Folder>/cache/bubblepopplus_icon.png
- <Package Folder>/cache/cookiemania_icon.png
- <Package Folder>/cache/gardenmania_desc.png
- <Package Folder>/cache/gardenmania_icon.png
- <Package Folder>/cache/jewelsmaze2_desc.png
- <Package Folder>/cache/jewelsmaze2_icon.png
- <Package Folder>/cache/jewelsmaze_desc.png
- <Package Folder>/cache/jewelsmaze_icon.png
- <Package Folder>/cache/jewelsminer_desc.png
- <Package Folder>/cache/jewelsminer_icon.png
- <Package Folder>/cache/marbleblast2_desc.png
- <Package Folder>/cache/marbleblast2_icon.png
- <Package Folder>/cache/marbleblast3_desc.png
- <Package Folder>/cache/marbleblast3_icon.png
- <Package Folder>/cache/marbleblast_icon.png
- <Package Folder>/cache/music_battle.mp3
- <Package Folder>/cache/music_game_lose.mp3
- <Package Folder>/cache/music_game_win.mp3
- <Package Folder>/cache/music_menu.mp3
- <Package Folder>/cache/ninjadashing_desc.png
- <Package Folder>/cache/ninjadashing_icon.png
- <Package Folder>/cache/savemybird_desc.png
- <Package Folder>/cache/savemybird_icon.png
- <Package Folder>/cache/sounds_arrow_hit.ogg
- <Package Folder>/cache/sounds_arrow_shot.ogg
- <Package Folder>/cache/sounds_attack_axe.ogg
- <Package Folder>/cache/sounds_attack_boss_1.ogg
- <Package Folder>/cache/sounds_attack_boss_2.ogg
- <Package Folder>/cache/sounds_attack_cut.ogg
- <Package Folder>/cache/sounds_attack_knight_1.ogg
- <Package Folder>/cache/sounds_attack_knight_2.ogg
- <Package Folder>/cache/sounds_attack_orc_tower.ogg
- <Package Folder>/cache/sounds_attack_orc_tower_hit.ogg
- <Package Folder>/cache/sounds_attack_poke.ogg
- <Package Folder>/cache/sounds_attack_sword.ogg
- <Package Folder>/cache/sounds_bn_pressed.ogg
- <Package Folder>/cache/sounds_building_done.ogg
- <Package Folder>/cache/sounds_death_aw.ogg
- <Package Folder>/cache/sounds_death_building_1.ogg
- <Package Folder>/cache/sounds_death_building_2.ogg
- <Package Folder>/cache/sounds_death_building_wall.ogg
- <Package Folder>/cache/sounds_death_ea.ogg
- <Package Folder>/cache/sounds_death_empire_1.ogg
- <Package Folder>/cache/sounds_death_empire_10.ogg
- <Package Folder>/cache/sounds_death_empire_2.ogg
- <Package Folder>/cache/sounds_death_empire_3.ogg
- <Package Folder>/cache/sounds_death_empire_4.ogg
- <Package Folder>/cache/sounds_death_empire_5.ogg
- <Package Folder>/cache/sounds_death_empire_6.ogg
- <Package Folder>/cache/sounds_death_empire_7.ogg
- <Package Folder>/cache/sounds_death_empire_8.ogg
- <Package Folder>/cache/sounds_death_empire_9.ogg
- <Package Folder>/cache/sounds_death_empire_knight.ogg
- <Package Folder>/cache/sounds_death_fm3.ogg
- <Package Folder>/cache/sounds_death_orc_skeleton.ogg
- <Package Folder>/cache/sounds_death_orcs_1.ogg
- <Package Folder>/cache/sounds_death_orcs_2.ogg
- <Package Folder>/cache/sounds_death_orcs_3.ogg
- <Package Folder>/cache/sounds_death_orcs_4.ogg
- <Package Folder>/cache/sounds_death_orcs_5.ogg
- <Package Folder>/cache/sounds_death_orcs_6.ogg
- <Package Folder>/cache/sounds_death_orcs_7.ogg
- <Package Folder>/cache/sounds_death_orcs_8.ogg
- <Package Folder>/cache/sounds_death_orcs_boss_1.ogg
- <Package Folder>/cache/sounds_death_orcs_boss_2.ogg
- <Package Folder>/cache/sounds_fire_ball_explode.ogg
- <Package Folder>/cache/sounds_full_life_badge.ogg
- <Package Folder>/cache/sounds_ice.ogg
- <Package Folder>/cache/sounds_magic_heal.ogg
- <Package Folder>/cache/sounds_magic_heal_all.ogg
- <Package Folder>/cache/sounds_magic_mad.ogg
- <Package Folder>/cache/sounds_magic_ready.ogg
- <Package Folder>/cache/sounds_magic_shield.ogg
- <Package Folder>/cache/sounds_soldier_1.ogg
- <Package Folder>/cache/sounds_soldier_2.ogg
- <Package Folder>/cache/sounds_soldier_3.ogg
- <Package Folder>/cache/sounds_soldier_4.ogg
- <Package Folder>/cache/sounds_soldier_5.ogg
- <Package Folder>/cache/sounds_soldier_6.ogg
- <Package Folder>/cache/sounds_soldier_7.ogg
- <Package Folder>/cache/sounds_soldier_8.ogg
- <Package Folder>/cache/sounds_soldier_ea.ogg
- <Package Folder>/cache/sounds_soldier_horse_1.ogg
- <Package Folder>/cache/sounds_soldier_horse_2.ogg
- <Package Folder>/cache/sounds_soldier_icon_selected.ogg
- <Package Folder>/cache/sounds_soldier_ready.ogg
- <Package Folder>/cache/sounds_star_award.ogg
- <Package Folder>/cache/sounds_ui_fall_down.ogg
- <Package Folder>/cache/sounds_user_slot_selected.ogg
- <Package Folder>/cache/toymania_icon.png
- <Package Folder>/databases/####/http_media.admob.com_0.localsto...ournal
- <Package Folder>/databases/dbwcNh-journal
- <Package Folder>/databases/purchase.db
- <Package Folder>/databases/purchase.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/mobclick_agent_cached_<Package>
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/mobclick_agent_header_<Package>.xml
- <Package Folder>/shared_prefs/mobclick_agent_state_<Package>.xml
Другие:
Загружает динамические библиотеки:
- EmpireVsOrcs
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
