Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) wx.q####.cn:80
- TCP(HTTP/1.1) manhua1####.cd####.com:80
- TCP(HTTP/1.1) mhfm1####.cd####.com:80
- TCP(HTTP/1.1) mang####.manhu####.com:80
- TCP(HTTP/1.1) tel.ava####.manhu####.com:80
- TCP(HTTP/1.1) cdn.app.fly####.####.com:80
- TCP(TLS/1.0) abc.fly####.top:443
- TCP(TLS/1.0) cdn.app.fly####.####.com:443
Запросы DNS:
- abc.fly####.top
- cdn.app.fly####.top
- cdn.app.zad####.cn
- cdn.img.fly####.top
- clu####.manhu####.com
- mang####.manhu####.com
- manhua1####.cd####.com
- mhfm1####.cd####.com
- mhfm2####.cd####.com
- mhfm3####.cd####.com
- mhfm4####.cd####.com
- mhfm5####.cd####.com
- mhfm6####.cd####.com
- mhfm7####.cd####.com
- mhfm8####.cd####.com
- mhfm9####.cd####.com
- tel.ava####.manhu####.com
- wx.q####.cn
Запросы HTTP GET:
- cdn.app.fly####.####.com/upload/201802/24/app/20180224104650873.apk
- cdn.app.fly####.####.com/upload/201802/24/img/20180224104641768.png
- cdn.app.fly####.####.com/upload/201803/15/app/20180315182221830.apk
- cdn.app.fly####.####.com/upload/201803/15/img/20180315182111709.png
- cdn.app.fly####.####.com/upload/201803/15/img/20180315182219548.png
- cdn.app.fly####.####.com/upload/201803/6/img/20180306153120251.png
- mang####.manhu####.com/notification/getMessagesTotal?gat=####&gak=####&g...
- mang####.manhu####.com/v1/manga/getDetail?mangaDetailVersion=####&mangaI...
- mang####.manhu####.com/v1/manga/getHotComment?userId=####&mangaId=####&g...
- mang####.manhu####.com/v1/manga/getWatcher?mangaId=####&gat=####&gak=###...
- mang####.manhu####.com/v1/manga/recommend?version=####&mangaId=####&type...
- mang####.manhu####.com/v1/public/getAds?version=####&mangaId=####&type=#...
- mang####.manhu####.com/v1/public/getAdstrategy?mangaId=####&viewName=###...
- mang####.manhu####.com/v1/public/getBaseurl?gat=####&gak=####&gsm=####&g...
- mang####.manhu####.com/v1/public/getGlobalConfig?gat=####&gak=####&gsm=#...
- mang####.manhu####.com/v1/public/getHome?version=####&isPromote=####&gat...
- mang####.manhu####.com/v1/public/getPublishConfig?gat=####&gak=####&gsm=...
- mang####.manhu####.com/v1/public/getUpgradeInfo?version=####&type=####&s...
- mang####.manhu####.com/v1/user/getMessage?version=####&gat=####&gak=####...
- manhua1####.cd####.com/userfile/5/avatars/2017/12/13/50196641/1/fbca9520...
- mhfm1####.cd####.com/1/228/228.jpg
- mhfm1####.cd####.com/22/21077/20180214104254_180x240_17.jpg
- mhfm1####.cd####.com/22/21077/20180214104320_480x369_51.jpg
- mhfm1####.cd####.com/22/21445/20170816114127_480x210.jpg
- mhfm1####.cd####.com/32/31760/20160908132619_180x240_41.jpg
- mhfm1####.cd####.com/34/33771/20170807114512_180x240_19.jpg
- mhfm1####.cd####.com/34/33991/20180301153438_180x240_25.jpg
- mhfm1####.cd####.com/34/33991/20180301153438_480x210_44.jpg
- mhfm1####.cd####.com/38/37016/20171122083414_180x240_22.jpg
- mhfm1####.cd####.com/38/37716/20180125142246_180x240.jpg
- mhfm1####.cd####.com/39/38034/20171101203204_180x240_30.jpg
- mhfm1####.cd####.com/6/5733/5733_c.jpg
- mhfm1####.cd####.com/8/7583/7583_l.jpg
- mhfm1####.cd####.com/9/8174/8174.jpg
- mhfm1####.cd####.com/tag/manhuaren2/djsf_icon.png
- mhfm1####.cd####.com/tag/manhuaren2/djsf_more_icon.png
- mhfm1####.cd####.com/tag/manhuaren2/zjgx_icon.png
- mhfm1####.cd####.com/tag/manhuaren2/zjgx_more_icon.png
- tel.ava####.manhu####.com/12/2016/12/10/3ea71ae7de824fac.jpg
- wx.q####.cn/mmopen/eeRWIDu7w8tzmBFibREFd1jqqxCH4hvLJfDET1qqcH0gaa4PlA0UD...
Запросы HTTP POST:
- mang####.manhu####.com/v1/public/getStartPageAds3?gat=####&gak=####&gsm=...
- mang####.manhu####.com/v1/user/createAnonyUser2?gat=####&gak=####&gsm=##...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_config/config
- <Package Folder>/cache/####/0AtLGVlh4brhnV0V1vU3-qrFOoA.2140387827.tmp
- <Package Folder>/cache/####/49N_tGTHLnGYZKk1djQkENAKmxQ.570555564.tmp
- <Package Folder>/cache/####/4DdWk8gK2IDO1gxHLiiZFb_qPKE.-769623733.tmp
- <Package Folder>/cache/####/4IQaEbghg_bCiwoUeHTz7BodGaU.950174076.tmp
- <Package Folder>/cache/####/DMHwxVoxugihV2wWtFNPChei8jI.1430151527.tmp
- <Package Folder>/cache/####/IVxjA1QaFBVJ-eP954C8xvJm3A8.-1028337886.tmp
- <Package Folder>/cache/####/JYjDWObphY_po1n4kCYiysVTn3w.1201894567.tmp
- <Package Folder>/cache/####/LsOAZ3JRD-Bt1By6b8i8AT4Mft4.-1045670246.tmp
- <Package Folder>/cache/####/NKg8U_6fSs_AOSJtYx_dbRuuyus.1816303920.tmp
- <Package Folder>/cache/####/NKg8U_6fSs_AOSJtYx_dbRuuyus.cnt
- <Package Folder>/cache/####/Nr_Wik6jLSKHYaJ6E3xR5fNtJBY.1826769352.tmp
- <Package Folder>/cache/####/YIswdYkBZJYnHoDdRcwFrHwt7XA.-1188666881.tmp
- <Package Folder>/cache/####/arVILk1btmXhzP1_L3TevMfBKHI.615675473.tmp
- <Package Folder>/cache/####/bfEbGVXt1YpgXRHxNIFKApeODuU.-1087670051.tmp
- <Package Folder>/cache/####/djU0y1nWy8L-wgRoST9QpB8QGiI.881057963.tmp
- <Package Folder>/cache/####/hrbHsE8_LBrC1CrxYXsZXL5Gw9M.-2146852485.tmp
- <Package Folder>/cache/####/mUaWiOODBpSO0HzpAKZDfn6BGlw.1487290972.tmp
- <Package Folder>/cache/####/mrxNJjTe5Ou-xsru_pheIuAkYFo.1722174217.tmp
- <Package Folder>/cache/####/qDqoOyVKbxJIulWq2HfpJ5jHRnI.-1488246452.tmp
- <Package Folder>/cache/####/qXWAJbme0ughN6ghegMpabXFPcU.1496879650.tmp
- <Package Folder>/cache/####/wQz4Hbqb-RbTfMRJKdx6zthK6yU.47557746.tmp
- <Package Folder>/cache/####/zW7ZP2Gi7ajr2zfu-vKcmu2pCdc.-1649541301.tmp
- <Package Folder>/cache/GlobalConfigBean
- <Package Folder>/cache/V1.1.6.txt
- <Package Folder>/cache/detailactivity_looking21077
- <Package Folder>/cache/detailactivity_mangadetail21077
- <Package Folder>/cache/detailactivity_recommend21077
- <Package Folder>/cache/homefragment_getHome
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/databases/cartoon.db
- <Package Folder>/databases/cartoon.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/68164081
- <Package Folder>/files/GlobalConfigBean
- <Package Folder>/files/fr.jar
- <Package Folder>/files/key_get_start_page_ads
- <Package Folder>/files/mhr_anony_user
- <Package Folder>/files/mobclick_agent_cached_<Package>3
- <Package Folder>/files/sync_time
- <Package Folder>/files/xe.jar
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/dsi.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/sv.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/01a5f3aab3060
- <SD-Card>/Android/####/094a00c6c8c96
- <SD-Card>/Android/####/82773f175803c
- <SD-Card>/Android/####/8e0bc5684df836216c036d9320a8db2a.apk
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/f1e0248be7316
Другие:
Запускает следующие shell-скрипты:
- cat /sys/class/net/wlan0/address
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/8e0bc5684df836216c036d9320a8db2a.apk
Загружает динамические библиотеки:
- bitmaps
- memchunk
- static-webp
- webp
Использует следующие алгоритмы для шифрования данных:
- DES-CBC-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- DES
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
