Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.in####.cn:80
- TCP(HTTP/1.1) tioazrn####.soso####.y####.net:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) m.b####.cn:80
- TCP(HTTP/1.1) d.weixu####.com.####.com:80
- TCP(HTTP/1.1) up####.v.tr####.net:80
- TCP(HTTP/1.1) 2####.243.193.35:80
- TCP(HTTP/1.1) up.soso####.com:80
- TCP(HTTP/1.1) cs.bukama####.com:8000
- TCP(HTTP/1.1) i####.bukama####.com:8000
- TCP(HTTP/1.1) q.q####.cn:80
Запросы DNS:
- a####.u####.com
- c####.i####.cn
- cs.bukama####.com
- d.weixu####.com.cn
- i####.bukama####.com
- i####.i####.cn
- i####.soso####.cn
- m.b####.cn
- q.q####.cn
- t.si####.net
- up.soso####.com
- www.in####.cn
Запросы HTTP GET:
- d.weixu####.com.####.com/201801/8c28-ea9e37366bab.jar
- i####.bukama####.com:8000/user/head/20180405/13020745-100908.jpg
- m.b####.cn/article/64876?p=####
- q.q####.cn/qqapp/100314966/A00CA4D4F3CEFA3C46D2948F400579F9/100
- tioazrn####.soso####.y####.net/auto/appRecom/20160622165106_576a517a17eb...
- tioazrn####.soso####.y####.net/auto/appRecom/20160622165243_576a51db736a...
- tioazrn####.soso####.y####.net/auto/appRecom/20160622165329_576a52099efd...
- tioazrn####.soso####.y####.net/auto/appRecom/20160802172129_57a06618e2ea...
- tioazrn####.soso####.y####.net/auto/appRecom/20161114165137_58297b19bd8c...
- tioazrn####.soso####.y####.net/auto/appRecom/20161125133328_5837cd28a51e...
- tioazrn####.soso####.y####.net/auto/appRecom/20161218194517_585676cd6e0c...
- tioazrn####.soso####.y####.net/logo/group/20160825145944_57be976063e36.png
- tioazrn####.soso####.y####.net/logo/group/20160825145948_57be9764d0c6e.png
- tioazrn####.soso####.y####.net/logo/group/20161012160943_57fdefc702307.png
- tioazrn####.soso####.y####.net/logo/group/20161013164354_57ff494a432b3.png
- tioazrn####.soso####.y####.net/logo/group/20170103144735_586b49070de22.png
- tioazrn####.soso####.y####.net/logo/user/common/weiguan2.jpg
- up####.v.tr####.net/article/images/180205/eddf7628fc3ef984b66b1aa2f7afcb...
- up####.v.tr####.net/article/images/thumb/180205/eddf7628fc3ef984b66b1aa2...
- up####.v.tr####.net/article/images/thumb/180206/1f2b5894387655fc23077cd4...
- up####.v.tr####.net/article/images/thumb/180206/207db66c8c05041d869da690...
- up####.v.tr####.net/article/images/thumb/180206/2992172222216659561f83ca...
- up####.v.tr####.net/article/images/thumb/180206/30aebca8cbfab707b74ac6d2...
- up####.v.tr####.net/article/images/thumb/180206/3502ba03f49e9f8775b9260b...
- up####.v.tr####.net/article/images/thumb/180206/486d3f7e971b31014935b374...
- up####.v.tr####.net/article/images/thumb/180206/6fd2a1c130c0d6e498b0cd43...
- up####.v.tr####.net/article/images/thumb/180206/80f6361d8862c68c21634177...
- up####.v.tr####.net/article/images/thumb/180206/8ee733d0c22c1e8de15ad87c...
- up####.v.tr####.net/article/images/thumb/180405/3685669f7b596279e40314a9...
- up####.v.tr####.net/article/images/thumb/180405/50abaabd01bd629a491b1c58...
- up####.v.tr####.net/article/images/thumb/180405/54e7f1c02c9dc1731f2dacf6...
- up####.v.tr####.net/article/images/thumb/180405/55ec5d8feb6f6784eaf036ed...
- up####.v.tr####.net/article/images/thumb/180405/5c332f846a7ceba5c5dfb00d...
- up####.v.tr####.net/article/images/thumb/180405/5c7060e4a019d262d90eb99a...
- up####.v.tr####.net/article/images/thumb/180405/a291c5eae7f3076b4f571a3b...
- up####.v.tr####.net/article/images/thumb/180405/b5f66acdc47e7717a701a826...
- up####.v.tr####.net/auto/appRecom/20161223182900_585cfc6ce06f6.jpg
- up####.v.tr####.net/auto/appRecom/20161223182912_585cfc784c047.jpg
- up####.v.tr####.net/auto/appRecom/20161223182928_585cfc88de3e2.jpg
- up####.v.tr####.net/logo/group/20151013151320_561caf1078614.jpg
- up####.v.tr####.net/logo/group/20151120172131_564ee61b425c6.jpg
- up####.v.tr####.net/logo/group/20160314180045_56e68bcdc7193.jpg
- up####.v.tr####.net/logo/group/20170424145626_58fda19accdd9.jpg
- up####.v.tr####.net/logo/user/head/20161012/9341907-215249_260260.jpg
- up####.v.tr####.net/logo/user/head/20170521/8712137-032107_260260.jpg
- up####.v.tr####.net/logo/user/head/20171126/11929182-204716_260260.jpg
- up####.v.tr####.net/logo/user/head/20171229/6128147-234001_260260.jpg
- up####.v.tr####.net/logo/user/head/20180205/6379146-162048_260260.jpg
- up####.v.tr####.net/logo/user/head/20180217/9295840-201649_260260.jpg
- up####.v.tr####.net/logo/user/head/20180227/12267394-181644_260260.jpg
- up####.v.tr####.net/logo/user/head/20180304/12668114-222233_260260.jpg
- up####.v.tr####.net/logo/user/head/20180311/11423011-094259_260260.jpg
- up####.v.tr####.net/logo/user/head/20180324/12294031-132456_260260.jpg
- up####.v.tr####.net/logo/user/head/20180329/9231218-190737_260260.jpg
- up####.v.tr####.net/static/article/css/base.css?v=####
- up####.v.tr####.net/static/article/js/jquery.min.js
- up.soso####.com/android/ver.php?chn=####&model=####&manu=####&ver=####&h...
Запросы HTTP POST:
- a####.u####.com/app_logs
- cs.bukama####.com:8000/request.php?t=####&u=####
- www.in####.cn/n
- www.in####.cn/t1?requestId=####&g=####&ua=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/W_Key.xml
- /data/data/####/article.db-journal
- /data/data/####/buka.db-journal
- /data/data/####/cache_request_main_recom.tmp
- /data/data/####/cache_request_manga_categories.tmp
- /data/data/####/com.tuku.manhua.yanda_preferences.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/discovery_cache_one.tmp
- /data/data/####/discovery_cache_three.tmp
- /data/data/####/discovery_cache_two.tmp
- /data/data/####/downloadinfo.db-journal
- /data/data/####/downloadswc
- /data/data/####/downloadswc-journal
- /data/data/####/f_000001
- /data/data/####/history.db-journal
- /data/data/####/index
- /data/data/####/manga_purchase_records.txt
- /data/data/####/multidex.version.xml
- /data/data/####/st.xml
- /data/data/####/statcache.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/z.xml
- /data/media/####/-aZnG9ow8nWsmNxd2VpOxaMBrvI.319257007.tmp
- /data/media/####/.asset
- /data/media/####/.nomedia
- /data/media/####/10.08c28-ea9e37366bab.jar
- /data/media/####/5qXd8BdGdnxs1-a2DmqdnuU3uYU.1444185266.tmp
- /data/media/####/6W1fdbP6uIprYbbo4PaEkXuOQ2c.-1030390556.tmp
- /data/media/####/6f5lW1Gb9HNuUeNWssW5tbbo-2Y.575765089.tmp
- /data/media/####/8j96xcZv_b7DIuaTmnRRmrYDEz4.-1900350230.tmp
- /data/media/####/9OzeIK-B8VDiK0Vr8aJ-6Y91o24.-1545227707.tmp
- /data/media/####/AgQutOVVDNWklIltedrWJmtaAnA.-348741847.tmp
- /data/media/####/GSel0PxttEtRmhisxBeqxKS7toc.-682426608.tmp
- /data/media/####/HZBJvyQF-nQ6KLbQAPmUhUTz40c.987883557.tmp
- /data/media/####/IrS_H3lKtdQQR9ngT-q4FSyfMq8.-1589435131.tmp
- /data/media/####/KB5jKJP65z4V12tfOU6Nb3wSJwM.-1290737715.tmp
- /data/media/####/L5U05StXY2ttJstDAtiSatI_kb0.103471297.tmp
- /data/media/####/LAUILyCG7AQLnq4oJ31TdLXjf08.-2086347697.tmp
- /data/media/####/LHhXQb4mopXeTqBmJHElsTA4RN0.-800804891.tmp
- /data/media/####/LZhnUPFE8uci4KchBzcE-x_T50Y.-640529233.tmp
- /data/media/####/Li2JAeypzkZLXBZEST7dfnvTpJ0.1462004997.tmp
- /data/media/####/PEjIGhOMQ0OjW8nIq4l6CkXLXtA.570970695.tmp
- /data/media/####/PhmxyZCJAlYpuut3ssjaBITPRDk.-168423182.tmp
- /data/media/####/SEv4R083CgfA1djYxuPdSBaS6Yc.-1756219629.tmp
- /data/media/####/VCG-ulqNmlRNdazIB5lNzsBQNME.549962983.tmp
- /data/media/####/WH-XWzMoTbE-iNxYDzGunV-ntII.1106508125.tmp
- /data/media/####/XYzZEiUflezlE8RffXHMFyYjl-g.1297223891.tmp
- /data/media/####/XaEKix_ExAB9ZoESui7Yu3yTxoQ.1855737471.tmp
- /data/media/####/Y-0Ji7cLl-k0HohejL_MJn2awIs.537874930.tmp
- /data/media/####/Y_LQQ0uKlFM0gbxEy86e9u9hjd4.-1141565706.tmp
- /data/media/####/ZIbKabPMJf_NARgOSAyJ3GgScVM.-1880356418.tmp
- /data/media/####/Zc7Xld1Nt5CMGndFf0JeZsbT_QI.650797826.tmp
- /data/media/####/aMuZWwrDH2X5MsIpVNBU_q5g_iM.-317346985.tmp
- /data/media/####/d5TWjocpW-0uWLJW2NNpQAj1o3w.-814361311.tmp
- /data/media/####/ditFc-Tyw2xwXB_8XLRH1lbpMyg.-1939860475.tmp
- /data/media/####/eKc_4zGdPdiRMWhU8rWkmDpPxiM.-501872739.tmp
- /data/media/####/etpwSLTM5e1X3olrMLyfng5HSts.121449802.tmp
- /data/media/####/evwckRTOUnU5chiRRuRTKRt0a0I.-1208838560.tmp
- /data/media/####/fhPNyZc705lj6BhC-niZ3UxVkRQ.490009173.tmp
- /data/media/####/g2KlrPdo-IbuwkQZs8VxS5uLP5M.-1717072124.tmp
- /data/media/####/i4qDmYru0KD_PflFLE1xCkoB3ss.-1882532412.tmp
- /data/media/####/jFY2277sVFiTlGn2775xwNlZvxE.1704945686.tmp
- /data/media/####/jZGoLG3X4K99KwvZsXKciqyPGDw.73190978.tmp
- /data/media/####/jl-CGXdo2MhPkRXkIV_9zFKjyDE.-1390899592.tmp
- /data/media/####/k9iPDJVO3C0Qy6TLkBQUSLF2HDM.-1914913862.tmp
- /data/media/####/lM_GxImpqVpQ1P94KkfvsWf_-90.1319290256.tmp
- /data/media/####/ljbsXebYzavO5mpD2STczJmvvHU.-772814224.tmp
- /data/media/####/o4TJaUS-zlsmF9R8d-ZoqYKKzj4.-954517031.tmp
- /data/media/####/oHm1XFKPMJto-DbgUWBjgY_Q4ZE.-888576601.tmp
- /data/media/####/pN0HimjEb1ylxJ9exg8qlVsVIt8.-491208354.tmp
- /data/media/####/rNIhQh36UmkTWOwEsqeC_XSPsjk.-1718150810.tmp
- /data/media/####/restime.dat
- /data/media/####/slWNwbyK2uFmAPvpva6Zjc42Ie8.1249970371.tmp
- /data/media/####/v2m0DGFZHG-Hs28Ox4yckiXgsWY.-1840211376.tmp
- /data/media/####/vd6DPLW4Q3sKrIFF-FqOW2F-WvI.-1082076094.tmp
- /data/media/####/w1QuDmL7nZA1low5vsgvrYDVocs.31490531.tmp
- /data/media/####/w6iwQvVar9Vraobio5E9sKdnIUc.902675189.tmp
- /data/media/####/z_IyjzEQNjKIoUqYyMed-yQjT14.358304982.tmp
Другие:
Загружает динамические библиотеки:
- bitmaps
- memchunk
- pl_droidsonroids_gif
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
