Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.405.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) v.adma####.com.cn:80
- TCP(HTTP/1.1) api.iappl####.com.####.com:80
- TCP(HTTP/1.1) re####.i####.com:80
- TCP(HTTP/1.1) res.a####.i####.####.com:80
- TCP(HTTP/1.1) 1####.76.41.188:80
- TCP(HTTP/1.1) ad####.oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) ax.i####.com:80
- TCP(HTTP/1.1) c1.ifen####.com.####.com:80
- TCP(HTTP/1.1) ifen####.com.edg####.net:80
- TCP(HTTP/1.1) a####.m.sm.cn:80
- TCP(HTTP/1.1) s2.m####.i####.####.com:80
- TCP(HTTP/1.1) i.i####.com:80
- TCP(HTTP/1.1) m.i####.com:80
- TCP(HTTP/1.1) img.iappl####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) st####.i####.com:80
- TCP(HTTP/1.1) m.fm.i####.com:80
- TCP(HTTP/1.1) c0.ifen####.com.####.com:80
- TCP(HTTP/1.1) g.rad####.com.cn:80
- TCP(HTTP/1.1) hq.fin####.i####.com:80
- TCP(HTTP/1.1) a####.i####.com:80
- TCP(HTTP/1.1) y####.f####.com.####.com:80
- TCP(TLS/1.0) at.al####.com:443
- TCP(TLS/1.0) ifen####.com.edg####.net:443
- TCP(TLS/1.0) 8.i####.com.####.com:443
Запросы DNS:
- 8.i####.com
- a####.i####.com
- a####.m.sm.cn
- a####.u####.com
- ad####.oss-cn-####.aliy####.com
- api.iappl####.com
- api.icl####.i####.com
- at.al####.com
- ax.i####.com
- c0.ifen####.com
- c1.ifen####.com
- d.ifen####.com
- g.rad####.com.cn
- hq.fin####.i####.com
- i.i####.com
- img.iappl####.com
- m.fm.i####.com
- m.i####.com
- p0.ifen####.com
- p1.ifen####.com
- p2.ifen####.com
- p3.ifen####.com
- r####.wx.qq.com
- re####.i####.com
- res.a####.i####.com
- s0.m####.i####.com
- s1.m####.i####.com
- s2.m####.i####.com
- s3.m####.i####.com
- s4.m####.i####.com
- st####.i####.com
- u1.f####.com
- v.adma####.com.cn
- y####.f####.com
- y2.ifen####.com
- y3.ifen####.com
- zx.f####.com
Запросы HTTP GET:
- a####.i####.com/favicon.ico
- a####.i####.com/wap/?ch=####&ch=####
- a####.i####.com/wap/products.php?aid=####
- a####.m.sm.cn/rest?method=####&size=####&from=####&callback=####&_=####
- ad####.oss-cn-####.aliy####.com/dev/xxx.png
- api.iappl####.com.####.com/hotwords/index.html?code=####
- api.iappl####.com.####.com/website/fulldata?mid=####&cliendid=####&v=####
- ax.i####.com/GZHGXDs?it0xnw2####
- ax.i####.com/GZHGXDs?xi5catt####
- ax.i####.com/J2Bc?4gplag645p0evcxr=####
- ax.i####.com/J2Bc?516vfv0####
- ax.i####.com/J2Bc?l94mrsk####
- ax.i####.com/J2Bc?x16bc49####
- ax.i####.com/Pxlv2L?2ri0ewy####
- ax.i####.com/Pxlv2L?v8ef9h8####
- ax.i####.com/Pxlv2L?wblnt32####
- ax.i####.com/i?p=####&_r=####
- ax.i####.com/jWtgT?exvjzev9et1n61or=####
- ax.i####.com/jWtgT?hxdnp0x####
- ax.i####.com/jWtgT?qanguxm####
- c0.ifen####.com.####.com/ch_sd_wjo-6536qs.js
- c0.ifen####.com.####.com/p/ax_2_1.js
- c0.ifen####.com.####.com/pdt/cfg/ad/js/20160812/mobile_inice_v1.js
- c0.ifen####.com.####.com/pdt/cfg/ad/js/201707104/ifeng_template_v1.js
- c1.ifen####.com.####.com/iamsImg/2018/04/28/8fdd5f69c29a8bb61093eb838a36...
- g.rad####.com.cn/spark?taskId=####&ps=####&type=####&channelType=####&ba...
- hq.fin####.i####.com/q.php?l=####&f=####&from=####
- i.i####.com/?ch=####
- i.i####.com/huaping.js?vt=####
- i.i####.com/showjs?new=####&apids=####&tagids=####&qs=####
- ifen####.com.edg####.net/29b92e35b2b20708/2017/16/logo_0418.png
- ifen####.com.edg####.net/29b92e35b2b20708/2017/16/search02_0418.png
- ifen####.com.edg####.net/29b92e35b2b20708/2017/16/search_0418.png
- ifen####.com.edg####.net/29b92e35b2b20708/2017/21/ifengapp_download_fast...
- ifen####.com.edg####.net/29b92e35b2b20708/2017/28/ifeng_index_touch_main...
- ifen####.com.edg####.net/29b92e35b2b20708/2018/15/ifenglogo_0411.png
- ifen####.com.edg####.net/29b92e35b2b20708/2018/6/callNewsApp.min.js
- ifen####.com.edg####.net/a/2015/0716/jquery-2.1.4.min.js
- ifen####.com.edg####.net/a/2015/0716/jquery.lazyload.min.js
- ifen####.com.edg####.net/a/2016_52/361d4b54d01e021_size6_w80_h80.png
- ifen####.com.edg####.net/a/2017/0301/6536a6cc8eded54.js
- ifen####.com.edg####.net/a/2017/0427/ifengWeather_v6.js
- ifen####.com.edg####.net/a/2017/0510/wemediaExposureTJ_v5.js
- ifen####.com.edg####.net/a/2018/0508/touch0508.js
- ifen####.com.edg####.net/a/2018/h5util/snifer-v1.1.css?1518333####
- ifen####.com.edg####.net/a/2018/h5util/snifer-v1.1.js?1518333####
- ifen####.com.edg####.net/a80c2beeeff78280/2017/39/close_commonshare.png
- ifen####.com.edg####.net/a80c2beeeff78280/2017/44/count_index_v2.js
- ifen####.com.edg####.net/ae2b95e1d35710ab/2017/21/idownloadwap01.jpg
- ifen####.com.edg####.net/auto/image/2016/0907/car_market.png
- ifen####.com.edg####.net/auto/image/2016/0907/genuine_photograph_03.png
- ifen####.com.edg####.net/auto/image/2016/0907/grounp_03.png
- ifen####.com.edg####.net/auto/image/2016/0907/sel_car.png
- ifen####.com.edg####.net/d9671dcfb805f8ee/2017/18/1ershouche.png
- ifen####.com.edg####.net/d9671dcfb805f8ee/2017/18/2ershoufang.png
- ifen####.com.edg####.net/d9671dcfb805f8ee/2017/18/3souzufang.png
- ifen####.com.edg####.net/d9671dcfb805f8ee/2017/18/4taoershou.png
- ifen####.com.edg####.net/d9671dcfb805f8ee/2017/18/5taoshouji.png
- ifen####.com.edg####.net/d9671dcfb805f8ee/2017/18/6xiudiannao.png
- ifen####.com.edg####.net/d9671dcfb805f8ee/2017/18/7zhaobanjia.png
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/i_sprite_17b08239....
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/i_sprite_2b0970e1....
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/ifengapp_download_...
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/loading_eb0d4350.gif
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/safari_pop_bg_c68e...
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/safari_pop_close_e...
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/safari_pop_icon_17...
- ifen####.com.edg####.net/fe/iifeng_index_touch/images/video_download_022...
- ifen####.com.edg####.net/ifengimcp/sta/20140312/jquery_1.11.js
- ifen####.com.edg####.net/w750_h350/p0.ifengimg.com/a/2018_20/dace1963c39...
- ifen####.com.edg####.net/w750_h350/p1.ifengimg.com/cmpp/2018/05/16/17c28...
- ifen####.com.edg####.net/w750_h350/p2.ifengimg.com/cmpp/2018/05/16/404ae...
- ifen####.com.edg####.net/w750_h350/p3.ifengimg.com/cmpp/2018/05/16/258a2...
- ifen####.com.edg####.net/w750_h350/p3.ifengimg.com/cmpp/2018/05/16/47c79...
- ifen####.com.edg####.net/w750_h350/p3.ifengimg.com/cmpp/2018/05/16/7aa2c...
- ifen####.com.edg####.net/w750_h350/p3.ifengimg.com/cmpp/2018/05/16/dfbc8...
- img.iappl####.com/haowangzhi/WebSiteLogo/1168/145985091832314.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1169/145985096143224.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1170/152352656002216.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1171/149793000922972.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1172/145985101143192.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1173/149812006043162.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1176/152320291797001.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1177/150587814523480.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1178/15145589807843.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1179/145985107669712.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1180/152465572770182.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1181/149259020549351.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1182/145985186053586.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1183/145985187873887.png
- img.iappl####.com/haowangzhi/WebSiteLogo/1215/146372124651225.png
- img.iappl####.com/livesite/19/145940352769772.png
- img.iappl####.com/livesite/20/145940342312027.png
- img.iappl####.com/livesite/21/145940350297913.png
- img.iappl####.com/livesite/22/149999982364443.png
- img.iappl####.com/livesite/23/145940329405859.png
- img.iappl####.com/livesite/24/150001717315206.png
- img.iappl####.com/livesite/25/149749630741480.png
- img.iappl####.com/livesite/26/145940340826099.png
- img.iappl####.com/livesite/27/20180110160032593.png
- m.fm.i####.com/h5/js/ifengad/fm-ad.js
- m.i####.com/burroughsnews?type=all&from=wap_hot&n=16&uid=&callback=callb...
- m.i####.com/newH5Weather?key=####&value=####&callback=####&_=####
- re####.i####.com/get?format=####&callback=####
- res.a####.i####.####.com/css/app_touch.css
- res.a####.i####.####.com/iconSmall/9e3bbd155b82f66ab8954356ec541da4.png
- res.a####.i####.####.com/iconSmall/android/IfengBooks-android-1.7.1.png
- res.a####.i####.####.com/iconSmall/android/IfengNewWeekly-android-2.3.5....
- res.a####.i####.####.com/iconSmall/android/IfengNews-android-4.3.5.png
- res.a####.i####.####.com/iconSmall/android/IfengVideo-android-6.10.0.png
- res.a####.i####.####.com/iconSmall/android/fenghuangFM-android-5.2.png
- res.a####.i####.####.com/iconSmall/iphone/astro-iphone-1.0.1.png
- res.a####.i####.####.com/images/logo_touch_android.png
- res.a####.i####.####.com/js/ajax.js
- res.a####.i####.####.com/screenshot/29285e024de2c7261df1539b5f860a0a.png
- res.a####.i####.####.com/screenshot/5212ba099611cf80cc7eba6baa0a5a05.png
- s2.m####.i####.####.com/upload/day_120912/201209121530258736.png
- s2.m####.i####.####.com/upload/day_120912/201209121532242084.jpg
- s2.m####.i####.####.com/upload/day_120912/201209121532252374.png
- s2.m####.i####.####.com/upload/day_120912/201209121626483459.png
- s2.m####.i####.####.com/upload/day_120912/201209121747002752.png
- s2.m####.i####.####.com/upload/day_120912/201209121747007500.png
- s2.m####.i####.####.com/upload/day_120912/201209121801125723.png
- s2.m####.i####.####.com/upload/day_120913/201209130956568616.png
- s2.m####.i####.####.com/upload/day_120913/201209130956569945.png
- s2.m####.i####.####.com/upload/day_120913/201209131027492874.png
- s2.m####.i####.####.com/upload/day_120913/201209131027494251.png
- s2.m####.i####.####.com/upload/day_120913/201209131027498519.png
- s2.m####.i####.####.com/upload/day_120913/201209131035438524.png
- s2.m####.i####.####.com/upload/day_120913/201209131035438612.png
- st####.i####.com/apwsta.js?datatype=wapap&url=http://i.ifeng.com/?ch=###...
- st####.i####.com/wap.js?ua=####&ip=####
- v.adma####.com.cn/i/a106266,b2460158,c2722,i0,m202,8a1,8b2,h
- y####.f####.com.####.com/static/images/ifeng/i_cp_1_0848308.jpg
- y####.f####.com.####.com/upload/images/ifeng/20180516114855.jpg
- y####.f####.com.####.com/upload/images/ifeng/20180516143236.jpg
Запросы HTTP POST:
- a####.u####.com/app_logs
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/StartActivity.xml
- /data/data/####/WebpageIcons.db-journal
- /data/data/####/ZIRCO
- /data/data/####/ZIRCO-journal
- /data/data/####/bookmarks.db-journal
- /data/data/####/classes.jar
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/download.db-journal
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/goBackPreference.xml
- /data/data/####/index
- /data/data/####/mac_key.xml
- /data/data/####/mobclick_agent_header_com.shansulqa.xml
- /data/data/####/mobclick_agent_state_com.shansulqa.xml
- /data/data/####/preference_file.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/weave.db-journal
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/myurljsonData.ujd
Другие:
Использует следующие алгоритмы для шифрования данных:
- DES
Использует следующие алгоритмы для расшифровки данных:
- DES
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
