Техническая информация
Вредоносные функции:
Скрывает свою иконку с экрана устройства.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) beacon-####.rubicon####.com:80
- TCP(HTTP/1.1) me####.effecti####.net:80
- TCP(HTTP/1.1) log.outb####.org:80
- TCP(HTTP/1.1) ib.3####.com:80
- TCP(HTTP/1.1) digice####.rubicon####.com.####.net:80
- TCP(HTTP/1.1) wild####.outb####.com.####.net:80
- TCP(HTTP/1.1) www.go####.com:80
- TCP(HTTP/1.1) tpc.googles####.com:80
- TCP(HTTP/1.1) odb.outb####.com:80
- TCP(HTTP/1.1) ssc.l####.3925c5b####.####.uk:80
- TCP(HTTP/1.1) aa.a####.com:80
- TCP(HTTP/1.1) www.googlet####.com:80
- TCP(HTTP/1.1) d####.a####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) td2.crwdc####.net:80
- TCP(HTTP/1.1) t####.crwdc####.net:80
- TCP(HTTP/1.1) optimiz####.rubicon####.net.####.net:80
- TCP(HTTP/1.1) st####.bbc.co.####.net:80
- TCP(HTTP/1.1) b.scoreca####.com.####.net:80
- TCP(HTTP/1.1) w####.bbc.co.uk:80
- TCP(HTTP/1.1) fundso####.com:80
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) sa.b####.co.uk:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) js####.dynat####.com:443
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) cs8.pi####.ru:443
- TCP(TLS/1.0) s####.bbc.co.uk:443
- TCP(TLS/1.0) w####.bbc.co.uk:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) st####.bbc.co.####.net:443
- TCP(TLS/1.0) adser####.go####.com:443
- TCP(TLS/1.0) f####.bbc.co.uk:443
Запросы DNS:
- aa.a####.com
- ad.crwdc####.net
- ads.rubicon####.com
- adser####.go####.com
- adser####.go####.nl
- b.scoreca####.com
- beacon-####.rubicon####.com
- cs8.pi####.ru
- d.a####.com
- emp.b####.co.uk
- f####.bbc.co.uk
- fundso####.com
- googl####.g.doublec####.net
- home####.f####.b####.####.uk
- i####.b####.co.uk
- ib.3####.com
- ich####.b####.co.uk
- im####.outb####.com
- js####.dynat####.com
- log.outb####.com
- m####.f####.b####.####.uk
- me####.effecti####.net
- mt####.go####.com
- nav.f####.b####.####.uk
- odb.outb####.com
- optimiz####.rubicon####.com
- pag####.googles####.com
- pol####.bbc.co.uk
- s####.api.bbc.com
- s####.bbc.co.uk
- s.effecti####.net
- sa.b####.co.uk
- securep####.g.doublec####.net
- st####.b####.co.uk
- st####.bbc.co.uk
- t####.crwdc####.net
- tpc.googles####.com
- w####.bbc.co.uk
- w####.bbc.com
- wid####.outb####.com
- www.go####.com
- www.googlet####.com
Запросы HTTP GET:
- aa.a####.com/adscores/g.pixel?sid=####&puid=####
- b.scoreca####.com.####.net/b?c1=####&c2=####&c3=####&ns__t=####&ns_c=###...
- b.scoreca####.com.####.net/b?c1=####&c2=####&ns__t=####&ns_c=####&cv=###...
- b.scoreca####.com.####.net/beacon.js
- b.scoreca####.com.####.net/p2?ns_alias=####&c1=####&c2=####&b_imp_src=##...
- b.scoreca####.com.####.net/p?ns_alias=####&c1=####&c2=####&b_imp_src=###...
- beacon-####.rubicon####.com/beacon/d/1daf589a-e3d1-48c1-89eb-854b8e450c6...
- beacon-####.rubicon####.com/beacon/d/a35500e1-c42a-4a3b-8de5-31c22a0d115...
- beacon-####.rubicon####.com/beacon/d/feb7c962-7fe3-4c90-87b0-0dc84549233...
- d####.a####.com/pixel/9302/?che=####&sk=####&puid=####
- digice####.rubicon####.com.####.net/ad/12198.js
- ib.3####.com/rev/1ba208ef02abbdbeb7dd91c38e1f2432938a6602/dist/bundle.js
- ib.3####.com/ttj?inv_code=####
- log.outb####.org/loggerServices/widgetGlobalEvent?eT=####&tm=####&pid=##...
- me####.effecti####.net/d/6/p?pu=####&ru=####&tz=####&fc=####&ii=####&ua=...
- me####.effecti####.net/em.js
- me####.effecti####.net/html/frame_2.3.7.html
- odb.outb####.com/utils/get?url=####&settings=####&recs=####&widgetJSId=#...
- optimiz####.rubicon####.net.####.net/a/12198/52926/243902-15.js?&cb=####...
- optimiz####.rubicon####.net.####.net/a/12198/52926/243902-2.js?&cb=####&...
- optimiz####.rubicon####.net.####.net/a/12198/52926/243904-15.js?&cb=####...
- pag####.googles####.com/pagead/js/adsbygoogle.js
- pag####.googles####.com/pagead/js/r20180411/r20170110/show_ads_impl.js
- pag####.googles####.com/pagead/osd.js
- ssc.l####.3925c5b####.####.uk/?c1=####&c2=####&b_imp_src=####&b_vs_un=##...
- ssc.l####.3925c5b####.####.uk/?ns_alias=####&c1=####&c2=####&b_imp_src=#...
- st####.bbc.co.####.net/bbcdotcom/1.76.0/script/dist/bbcdotcom.js
- st####.bbc.co.####.net/bbcdotcom/1.76.0/script/vendor/edr/edr.min.js
- st####.bbc.co.####.net/bbcdotcom/1.76.0/style/dist/bbcdotcom-async.css
- st####.bbc.co.####.net/emp/bump-3/bump-3.js
- st####.bbc.co.####.net/frameworks/barlesque/3.22.43/orb/4/img/bbc-blocks...
- st####.bbc.co.####.net/frameworks/barlesque/3.22.43/orb/4/img/bbccookies...
- st####.bbc.co.####.net/frameworks/barlesque/3.22.43/orb/4/img/orb-sprite...
- st####.bbc.co.####.net/frameworks/barlesque/3.22.43/orb/4/script/orb.min...
- st####.bbc.co.####.net/frameworks/barlesque/3.22.43/orb/4/script/orb/api...
- st####.bbc.co.####.net/frameworks/barlesque/3.22.43/orb/4/script/orb/fon...
- st####.bbc.co.####.net/frameworks/barlesque/3.22.43/orb/4/style/orb.min....
- st####.bbc.co.####.net/frameworks/requirejs/lib.js
- st####.bbc.co.####.net/id/0.37.24/modules/idcta/dist/idcta-1.min.js
- st####.bbc.co.####.net/id/0.37.24/modules/idcta/statusbar.js
- st####.bbc.co.####.net/id/0.37.24/style/id-cta-v5.css
- st####.bbc.co.####.net/id/0.37.24/style/id-cta.css
- st####.bbc.co.####.net/id/0.37.24/svg/icon-sprite.svg
- st####.bbc.co.####.net/nav-analytics/0.1.0-95/js/istats-1.js
- st####.bbc.co.####.net/news/1.237.02510/apple-touch-icon.png
- st####.bbc.co.####.net/news/1.237.02510/fonts/gel-news-icons-v3/gelnewsi...
- st####.bbc.co.####.net/news/1.237.02510/icons/generated/icons.data.svg.css
- st####.bbc.co.####.net/news/1.237.02510/img/brand/generated/news-light.svg
- st####.bbc.co.####.net/news/1.237.02510/img/elections/sprite-2.png
- st####.bbc.co.####.net/news/1.237.02510/img/faux-block-link-transparent-...
- st####.bbc.co.####.net/news/1.237.02510/img/news--icons-sprite.png
- st####.bbc.co.####.net/news/1.237.02510/img/share_tools_44px.png
- st####.bbc.co.####.net/news/1.237.02510/img/sprite-sharetools.png
- st####.bbc.co.####.net/news/1.237.02510/js/compiled/all.js
- st####.bbc.co.####.net/news/1.237.02510/js/module/translations/en-GB.js
- st####.bbc.co.####.net/news/1.237.02510/js/module/userScroll.js
- st####.bbc.co.####.net/news/1.237.02510/js/module/userScrollAdapter.js
- st####.bbc.co.####.net/news/1.237.02510/js/vendor/jquery-1/jquery.js
- st####.bbc.co.####.net/news/1.237.02510/js/vendor/jquery-2/jquery.min.js
- st####.bbc.co.####.net/news/1.237.02510/stylesheets/services/news/core.css
- st####.bbc.co.####.net/news/1.237.02510/stylesheets/services/news/tablet...
- st####.bbc.co.####.net/notification-ui/3.8.4/css/main.min.css
- st####.bbc.co.####.net/notification-ui/3.8.4/js/NotificationsMain.js
- st####.bbc.co.####.net/searchbox/1.0.0-137/css/main.css
- st####.bbc.co.####.net/searchbox/1.0.0-137/img/gel-icon-search-dark.svg
- t####.crwdc####.net/c/10816/cc.js?ns=####
- td2.crwdc####.net/5/c=10815/pe=y/var=ccauds
- tpc.googles####.com/safeframe/1-0-23/html/container.html
- tpc.googles####.com/safeframe/1-0-23/html/container.html?n=####
- w####.bbc.co.uk/
- w####.bbc.co.uk/idcta/config?call####&locale=####&ptrt=####
- w####.bbc.co.uk/idcta/translations?call####&locale=####
- w####.bbc.co.uk/news/components?alternativeJsLoading=####&batch[from-oth...
- w####.bbc.co.uk/news/components?alternativeJsLoading=####&batch[most-pop...
- w####.bbc.co.uk/news/pattern-library-components?options[assetId]=####&op...
- w####.bbc.co.uk/news/world-asia-43792658
- w####.bbc.co.uk/news/world-us-canada-43805365
- w####.bbc.co.uk/wwscripts/flag
- wild####.outb####.com.####.net/images/widgetIcons/play_100x100.png
- wild####.outb####.com.####.net/nanoWidget/01002602/module/swipeLayout.js
- wild####.outb####.com.####.net/nanoWidget/externals/obFrame/obFrame.htm
- wild####.outb####.com.####.net/outbrain.js
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjAxYjFiMDBkZDBlNGI3...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjM0ZWExNjVhNjVlMmRl...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjM0ZjJmMWJlZDYxOGY4...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjMyNjhhN2YwZThjODU3...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjQyYmRjYjE1YWVmMDg3...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjY4OGI1ZDI2MGE1MDY0...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjkwOWIzZGQ4N2E5M2Mw...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjkxOWEyODA0Y2Q1OGVi...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjliY2ZiMzA5ZDUxOWM1...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6IjllNWFkZDk1Mjc4OTE5...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImExOTI3ODYzYTc0ODRh...
- wild####.outb####.com.####.net/transform/v3/eyJpdSI6ImJmNTdiMzM5ODRjYWYw...
- www.go####.com/complete/search?hl=####&client=####&q####
- www.go####.com/complete/search?hl=####&client=####&q=####
- www.googlet####.com/tag/js/gpt.js
Запросы HTTP POST:
- fundso####.com/usurullp3b467t/index.php
Другие:
Загружает динамические библиотеки:
- pjiayvb
Изменяет настройки громкости и вибрации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Осуществляет доступ к информации об отправленых/принятых смс.
