Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Panda.1.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.7####.cn:80
- TCP(HTTP/1.1) hm.b####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) nm.a####.com:80
- TCP(HTTP/1.1) api.7####.cn:80
- TCP(HTTP/1.1) www.pan####.net:8080
- TCP(TLS/1.0) nm.a####.com:443
- TCP(TLS/1.0) s####.tc.qq.com:443
- TCP(TLS/1.0) www.7####.cn:443
Запросы DNS:
- api.7####.cn
- hm.b####.com
- img.7####.cn
- m####.7####.cn
- r####.wx.qq.com
- www.7####.cn
- www.pan####.net
Запросы HTTP GET:
- api.7####.cn/category/2/albums?os=####&v=####&maxAlbumId=####&version=####
- hm.b####.com/hm.js?c560f16####
- nm.a####.com/assets/imgs/common/play_btn.png
- nm.a####.com/pic/album/20150518/829ae677-c22c-46ed-bdbf-d84ef2c5ba38.png
- nm.a####.com/pic/album/20150924/417bea40-2385-4c96-a998-0e0a668967d5.png
- nm.a####.com/pic/album/20150930/2cbf3422-9f7b-42a2-8faf-efd9d29d1df3.jpg
- nm.a####.com/pic/album/20150930/3df36e43-fd7f-4985-ad5b-7fa5cabe72a9.jpg
- nm.a####.com/pic/album/20161124/b556a215-189e-44d7-a8ed-a9e7f9145760.jpg
- nm.a####.com/pic/album/20170309/3b534e7f-b3f7-4425-b17c-2d2c7dff8ec6.jpg
- nm.a####.com/pic/album/20170630/deeff27d-f288-4d16-a190-84ba6d3d03de.jpg
- nm.a####.com/pic/album/20171016/a98ce20c-aef1-4f71-803b-61067e651b83.jpg
- t####.c####.q####.####.com/user/12192/song/small/a374e7b4-3f73-478d-b73b...
- t####.c####.q####.####.com/user/12192/song/small/fb70daff-5ea1-4273-9de6...
- www.7####.cn/anchor/tianma/live/index?shownav=####&f=####
- www.7####.cn/assets/imgs/2016children/close.png
- www.7####.cn/assets/imgs/anchor/zb_6_02.png
- www.7####.cn/assets/imgs/anchor/zb_bg.gif
- www.7####.cn/assets/imgs/logo_36.png
- www.7####.cn/common/wxconfig/share/0
- www.7####.cn/story/banner/link
Запросы HTTP POST:
- www.pan####.net:8080/banner/req.action?
- www.pan####.net:8080/fview/req.action?
- www.pan####.net:8080/lscr/reqmore?
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_process_lock/126023639362.084
- <Package Folder>/app_process_lock/126023639957.416
- <Package Folder>/app_process_lock/126023640179.527
- <Package Folder>/app_process_lock/126023640403.403
- <Package Folder>/app_process_lock/126023640837.7
- <Package Folder>/app_process_lock/126023640927.35
- <Package Folder>/app_process_lock/126023641558.037
- <Package Folder>/app_process_lock/126023641793.07
- <Package Folder>/app_process_lock/204867186576.807
- <Package Folder>/app_process_lock/204867186841.309
- <Package Folder>/app_process_lock/204867186992.301
- <Package Folder>/app_process_lock/204867187007.148
- <Package Folder>/app_process_lock/204867187190.555
- <Package Folder>/app_process_lock/204867187307.702
- <Package Folder>/app_process_lock/204867187458.676
- <Package Folder>/app_process_lock/204867187503.267
- <Package Folder>/app_process_lock/424622439485.269
- <Package Folder>/app_process_lock/424622441491.173
- <Package Folder>/app_process_lock/424622442239.55
- <Package Folder>/app_process_lock/424622442993.875
- <Package Folder>/app_process_lock/424622444457.191
- <Package Folder>/app_process_lock/424622444759.256
- <Package Folder>/app_process_lock/424622446884.286
- <Package Folder>/app_process_lock/424622447676.2
- <Package Folder>/app_process_lock/47688238200.179
- <Package Folder>/app_process_lock/47688238425.4568
- <Package Folder>/app_process_lock/47688238509.5051
- <Package Folder>/app_process_lock/47688238594.2214
- <Package Folder>/app_process_lock/47688238758.5625
- <Package Folder>/app_process_lock/47688238792.4867
- <Package Folder>/app_process_lock/47688239031.1432
- <Package Folder>/app_process_lock/47688239120.0811
- <Package Folder>/app_process_lock/541393631056.034
- <Package Folder>/app_process_lock/541393631755.021
- <Package Folder>/app_process_lock/541393632154.043
- <Package Folder>/app_process_lock/541393632193.277
- <Package Folder>/app_process_lock/541393632677.959
- <Package Folder>/app_process_lock/541393632987.539
- <Package Folder>/app_process_lock/541393633386.513
- <Package Folder>/app_process_lock/541393633504.35
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/index
- <Package Folder>/databases/####/cc.db
- <Package Folder>/databases/####/cc.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/xUtils_http_cache.db
- <Package Folder>/databases/xUtils_http_cache.db-journal
- <Package Folder>/databases/xUtils_http_cookie.db
- <Package Folder>/databases/xUtils_http_cookie.db-journal
- <Package Folder>/files/mobclick_agent_cached_<Package>1
- <Package Folder>/shared_prefs/<Package>;GSID.xml
- <Package Folder>/shared_prefs/WORLD_SHARED.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/10becd609644f2952a9dd7fe709d6bfa
- <SD-Card>/Android/####/1200849d5d4fb88c9ca89dc9501abfea
- <SD-Card>/Android/####/233f5b17791aef6e1e0025faceeda8a6
- <SD-Card>/Android/####/271f40ea2cf8dca17847db98e06f56dd
- <SD-Card>/Android/####/271f40ea2cf8dca17847db98e06f56dd.tmp
- <SD-Card>/Android/####/5143ceda4ac4158da50f4c420bf5ac61
- <SD-Card>/Android/####/837e3d66ed449accaa6fae78a8e1112d
- <SD-Card>/Android/####/8ad2883a159bdbad3fd0880efc6a0081
- <SD-Card>/Android/####/8ad2883a159bdbad3fd0880efc6a0081.tmp
- <SD-Card>/Android/####/8d61d923dff73ce184c75b6214691695
- <SD-Card>/Android/####/8d61d923dff73ce184c75b6214691695.tmp
- <SD-Card>/Android/####/adaac10025a97f35dfa50a1756f8cf52
- <SD-Card>/Android/####/adaac10025a97f35dfa50a1756f8cf52.tmp
- <SD-Card>/Android/####/b197f2bf92b74bac1117c7858623821f
- <SD-Card>/Android/####/b3f68d3fd944ae5ca37da66d25fddab4
- <SD-Card>/Android/####/bc4011a027ed6f305a8e9275c7af6a4d
- <SD-Card>/Android/####/bc4011a027ed6f305a8e9275c7af6a4d.tmp
- <SD-Card>/Android/####/ce80c3212ee7b6b0778be5ae3c98678d
- <SD-Card>/Android/####/ce80c3212ee7b6b0778be5ae3c98678d.tmp
- <SD-Card>/Android/####/dae70ae8262f7a7c31cb8c0410ef90ac
- <SD-Card>/Android/####/dae70ae8262f7a7c31cb8c0410ef90ac.tmp
- <SD-Card>/Android/####/e74c5c5b1bec4f984231c18d38e5707f
- <SD-Card>/Android/####/ed4759ca98cac2799d403975f849cc1a
- <SD-Card>/Android/####/ed4759ca98cac2799d403975f849cc1a.tmp
- <SD-Card>/cache/####/186f5295cc8276ff48501e785bd0f8d2.zip
Другие:
Загружает динамические библиотеки:
- webpbackport
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- DES
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
