Техническая информация
Вредоносные функции:
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c####.baidust####.com:80
- TCP(HTTP/1.1) s####.al####.com:80
- TCP(HTTP/1.1) u####.jd.com:80
- TCP(HTTP/1.1) ub####.baidust####.com:80
- TCP(HTTP/1.1) gt####.al####.com:80
- TCP(HTTP/1.1) log.mm####.com:80
- TCP(HTTP/1.1) p####.3.cn:80
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) i####.j####.com:80
- TCP(HTTP/1.1) at####.al####.com:80
- TCP(HTTP/1.1) u.x.j####.com:80
- TCP(HTTP/1.1) x.j####.com:80
- TCP(HTTP/1.1) ad-sh-s####.wagbr####.t####.####.com:80
- TCP(HTTP/1.1) st####.ora####.com:80
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) offline####.o####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) wn.pos.b####.com:80
- TCP(HTTP/1.1) w####.com:80
- TCP(HTTP/1.1) www.gst####.com:80
- TCP(HTTP/1.1) s.c####.b####.com:80
- TCP(HTTP/1.1) l####.g####.net:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) pco####.t####.com:80
- TCP(HTTP/1.1) ope.t####.com:80
- TCP(TLS/1.0) w####.com.edg####.net:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) ec####.b####.com:443
- TCP(TLS/1.0) gma.al####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) a####.wagbr####.ta####.####.com:443
- TCP(TLS/1.0) s####.al####.com:443
- TCP(TLS/1.0) wild####.al####.com.####.net:443
Запросы DNS:
- a####.al####.com
- at####.al####.com
- bd.tst.3####.net
- c####.baidust####.com
- cdn.t####.com
- df.t####.com
- dup.baidust####.com
- ec####.b####.com
- gma.al####.com
- gt####.al####.com
- gt####.al####.com
- gt####.al####.com
- gt####.al####.com
- i####.360bu####.com
- img.al####.com
- l####.g####.net
- log.mm####.com
- m.s####.ta####.com
- offline####.o####.com
- ope.t####.com
- p####.3.cn
- p####.3.cn
- p.t####.com
- pag####.googles####.com
- pco####.t####.com
- pos.b####.com
- s####.al####.com
- s####.re.ta####.com
- s.c####.b####.com
- sh####.fir####.163.com
- st####.ora####.com
- static-####.360bu####.com
- u####.jd.com
- u####.jd.com
- u.x.j####.com
- ub####.baidust####.com
- w####.com
- wn.pos.b####.com
- www.google-####.com
- www.gst####.com
- www.w####.com
- x.j####.com
Запросы HTTP GET:
- ad-sh-s####.wagbr####.t####.####.com/ex?i=####
- ad-sh-s####.wagbr####.t####.####.com/spf3?e=####&k=####&i=####
- at####.al####.com/g/mm/tanx-cdn2/t/tanxssp.js?_v=####
- at####.al####.com/t/acookie/acbeacon2.html
- at####.al####.com/t/tanxssp.js?_v=####
- c####.baidust####.com/cpro/ui/c.js
- c####.baidust####.com/cpro/ui/noexpire/img/mob_adicon.png
- dup.baidust####.com/tpl/ctm3.js
- gt####.al####.com/tps/i1/TB1NxnAKXXXXXcNXVXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i1/TB1cQjQKXXXXXaeXVXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i1/TB1y8vTKXXXXXcxXFXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i2/TB19SzMKXXXXXbZXVXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i2/TB1BKMdKXXXXXXCXXXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i3/TB18Lr0KXXXXXXJXFXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i3/TB1PAvRKXXXXXXQXVXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i3/TB1cZn6KXXXXXatXpXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i3/TB1e8D9KXXXXXXoXpXXRBft6FXX-230-230.jpg_210x210...
- gt####.al####.com/tps/i3/TB1e8D9KXXXXXXoXpXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i3/TB1kcn7KXXXXXX4XpXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i3/TB1rVYNKXXXXXaKXVXXvBLt6FXX-230-230.png60x60.jpg
- gt####.al####.com/tps/i3/TB1rVYNKXXXXXaKXVXXvBLt6FXX-230-230.png_210x210...
- gt####.al####.com/tps/i3/TB1rVYNKXXXXXaKXVXXvBLt6FXX-230-230.png_30x30.jpg
- gt####.al####.com/tps/i4/TB1KBP3KXXXXXbPXpXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i4/TB1Spv6KXXXXXaBXpXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i4/TB1aLnNKXXXXXbzXVXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i4/TB1txz1KXXXXXc1XpXXRBft6FXX-230-230.jpg_30x30.jpg
- gt####.al####.com/tps/i4/TB1wzT6KXXXXXawXpXXRBft6FXX-230-230.jpg_30x30.jpg
- i####.j####.com/ad/temp/cookieAds20140829130924.min.js
- i####.j####.com/da/jfs/t181/152/1710372957/137/fc862484/53ba3868Nea2f6c4...
- i####.j####.com/da/jfs/t2176/38/116455295/2717/c576a8d2/55efcd1aN19509f1...
- i####.j####.com/da/jfs/t265/312/423396392/49/96a9210a/53eb1eabN9a8b38ae....
- i####.j####.com/n1/jfs/t11860/16/2626221165/260289/bbc31f65/5a9e03ebN74e...
- i####.j####.com/n1/jfs/t16903/98/2052214391/493617/dfbc963c/5ae18a8dNa3d...
- i####.j####.com/n1/jfs/t20437/106/2537779950/164749/955b3b06/5b5a776bN4b...
- i####.j####.com/n1/jfs/t21004/3/1620924698/227524/d326791e/5b2eff82N81db...
- i####.j####.com/n1/jfs/t23368/217/673054748/296425/cde55ab8/5b3da77bNfec...
- i####.j####.com/n1/jfs/t9310/185/1206356762/330847/4c5ca557/59b64799Nbba...
- i####.j####.com/n4/jfs/t11860/16/2626221165/260289/bbc31f65/5a9e03ebN74e...
- i####.j####.com/n4/jfs/t16903/98/2052214391/493617/dfbc963c/5ae18a8dNa3d...
- i####.j####.com/n4/jfs/t18073/300/2100144139/166499/22754a99/5ae291d9Ne7...
- i####.j####.com/n4/jfs/t19576/102/1511786609/425892/c232f5a7/5acc29acN79...
- i####.j####.com/n4/jfs/t20437/106/2537779950/164749/955b3b06/5b5a776bN4b...
- i####.j####.com/n4/jfs/t21004/3/1620924698/227524/d326791e/5b2eff82N81db...
- i####.j####.com/n4/jfs/t21211/293/1023703928/220090/f9afa8b9/5b1dcadeNe7...
- i####.j####.com/n4/jfs/t23368/217/673054748/296425/cde55ab8/5b3da77bNfec...
- i####.j####.com/n4/jfs/t9310/185/1206356762/330847/4c5ca557/59b64799Nbba...
- l####.g####.net/img/style.css
- l####.g####.net/more.aspx?pid=####&cid=####
- log.mm####.com/t.gif
- offline####.o####.com/?host=####
- offline####.o####.com/adv.html
- offline####.o####.com/caches/pic_0.jpg
- offline####.o####.com/caches/pic_1.jpg
- offline####.o####.com/caches/pic_10.jpg
- offline####.o####.com/caches/pic_11.jpg
- offline####.o####.com/caches/pic_12.jpg
- offline####.o####.com/caches/pic_13.jpg
- offline####.o####.com/caches/pic_14.jpg
- offline####.o####.com/caches/pic_15.jpg
- offline####.o####.com/caches/pic_16.jpg
- offline####.o####.com/caches/pic_17.jpg
- offline####.o####.com/caches/pic_18.jpg
- offline####.o####.com/caches/pic_19.gif
- offline####.o####.com/caches/pic_2.jpg
- offline####.o####.com/caches/pic_20.jpg
- offline####.o####.com/caches/pic_21.jpg
- offline####.o####.com/caches/pic_22.jpg
- offline####.o####.com/caches/pic_23.jpg
- offline####.o####.com/caches/pic_24.jpg
- offline####.o####.com/caches/pic_25.jpg
- offline####.o####.com/caches/pic_26.jpg
- offline####.o####.com/caches/pic_27.jpg
- offline####.o####.com/caches/pic_28.jpg
- offline####.o####.com/caches/pic_29.jpg
- offline####.o####.com/caches/pic_3.jpg
- offline####.o####.com/caches/pic_30.jpg
- offline####.o####.com/caches/pic_31.jpg
- offline####.o####.com/caches/pic_32.jpg
- offline####.o####.com/caches/pic_33.jpg
- offline####.o####.com/caches/pic_34.jpg
- offline####.o####.com/caches/pic_35.jpg
- offline####.o####.com/caches/pic_36.jpg
- offline####.o####.com/caches/pic_37.jpg
- offline####.o####.com/caches/pic_38.jpg
- offline####.o####.com/caches/pic_39.jpg
- offline####.o####.com/caches/pic_4.jpg
- offline####.o####.com/caches/pic_40.jpg
- offline####.o####.com/caches/pic_41.jpg
- offline####.o####.com/caches/pic_42.jpg
- offline####.o####.com/caches/pic_43.jpg
- offline####.o####.com/caches/pic_44.jpg
- offline####.o####.com/caches/pic_5.jpg
- offline####.o####.com/caches/pic_6.jpg
- offline####.o####.com/caches/pic_7.jpg
- offline####.o####.com/caches/pic_8.jpg
- offline####.o####.com/caches/pic_9.jpg
- offline####.o####.com/img/domain.png
- offline####.o####.com/img/pic_13.png
- offline####.o####.com/img/pic_hsk_20170726.png
- offline####.o####.com/img/pic_pgy-03.jpg
- offline####.o####.com/img/pic_sl-05.png
- offline####.o####.com/img/style-1.0.0.css
- offline####.o####.com/img/style-2.2.0.css
- offline####.o####.com/js/jquery-1.7.2.js
- ope.t####.com/ex?i=mm_112367610_11190504_40248480&cb=jsonp_callback_8459...
- ope.t####.com/ex?i=mm_112367610_11190504_46588064&cb=jsonp_callback_9570...
- ope.t####.com/ex?i=mm_112367610_11190504_48872297&cb=jsonp_callback_7233...
- p####.3.cn/flags/mgets?skuids=####&callback=####&r=####
- p####.3.cn/prices/mgets?skuids=####&type=####&callback=####&r=####
- pag####.googles####.com/apps/domainpark/show_afd_ads.js
- pco####.t####.com/app.gif?&cna=####
- pos.b####.com/cclm?conwid=960&conhei=90&rdid=2385617&dc=3&di=u2385617&dr...
- pos.b####.com/cclm?di=u2385617&dri=0&dis=3&dai=1&ps=15x10&enu=encoding&d...
- pos.b####.com/jcfm?conwid=240&conhei=300&rdid=2468371&dc=3&di=u2468371&d...
- pos.b####.com/jcfm?di=u2468371&dri=0&dis=0&dai=1&ps=0x0&enu=encoding&dcb...
- pos.b####.com/jcfm?di=u2468371&dri=1&dis=0&dai=2&ps=506x740&enu=encoding...
- s####.al####.com/t/img/TB1DmcoJXXXXXavXpXXXXXXXXXX-26-26.png
- s####.al####.com/t/img/TB1Lt7aJXXXXXcjXVXXXXXXXXXX-117-26.png
- s####.al####.com/t/img/TB1tWvVJFXXXXc_aXXXXXXXXXXX-40-26.png
- s####.al####.com/t/img/TB1upAiJXXXXXa5aXXXXXXXXXXX-116-30.png
- s.c####.b####.com/s.htm?cproid=####&t=####
- st####.ora####.com/peanuthull/img/logo_141128.png
- u####.jd.com/auto?spread_type=####&ad_type=####&ad_ids=####&union_id=###...
- u####.jd.com/auto?spread_type=2&ad_type=7&ad_ids=520:6&union_id=10000094...
- u####.jd.com/dsp/np?log=####&v=####
- u####.jd.com/dsp/np?log=6S5####&v=####
- u####.jd.com/dsp/np?log=ZBd####&v=####
- u####.jd.com/dsp/np?log=dRf####&v=####
- u.x.j####.com/static/js/auto.js
- ub####.baidust####.com/media/v1/0f000j1FY_bkyl3FJ2tGa6.jpg
- w####.com/aj/static/sync.html?t=####
- wn.pos.b####.com/adx.php?c=####
- www.google-####.com/analytics.js
- www.google-####.com/r/collect?v=1&_v=j68&a=1819450683&t=pageview&_s=1&dl...
- www.gst####.com/afma/sdk-core-v40.js
- x.j####.com/file/images/logo.jpg
- x.j####.com/file/images/logoSsmall.jpg
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dom.xml
- /data/data/####/f_000001
- /data/data/####/index
- /data/data/####/lud.xml
- /data/data/####/ms.xml
- /data/data/####/rt.xml
- /data/data/####/rtt.xml
- /data/data/####/tph.xml
- /data/data/####/tti.xml
- /data/data/####/uwf.xml
- /data/data/####/wc.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/ws.xml
- /data/data/####/zjsms.txt
Другие:
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
Парсит информацию из смс сообщений.
