Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.570.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) m####.qy.net:80
- TCP(HTTP/1.1) api####.i####.com:80
- TCP(HTTP/1.1) c####.v####.i####.com:80
- TCP(HTTP/1.1) beijin####.get.vip:80
- TCP(HTTP/1.1) t7z.c####.i####.com:80
- TCP(HTTP/1.1) pa####.i####.com:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) hm.b####.com:80
- TCP(HTTP/1.1) i####.i####.com:80
- TCP(HTTP/1.1) msg.vip.i####.com:80
- TCP(HTTP/1.1) secu####.i####.com:80
- TCP(HTTP/1.1) iqiy####.com.edg####.net:80
- TCP(HTTP/1.1) subscri####.i####.com:80
- TCP(HTTP/1.1) b.scoreca####.com.####.net:80
- TCP(HTTP/1.1) contr####.i####.com:80
- TCP(HTTP/1.1) d####.v####.i####.com:80
- TCP(HTTP/1.1) d####.b####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) api-y####.i####.com:80
- TCP(HTTP/1.1) a####.i####.com:80
- TCP(HTTP/1.1) c####.m.i####.com:80
- TCP(HTTP/1.1) i####.com.edg####.net:80
- TCP(TLS/1.0) m####.qy.net:443
- TCP(TLS/1.0) c####.i####.com:443
- TCP(TLS/1.0) secu####.i####.com:443
- TCP(TLS/1.0) iqiy####.com.edg####.net:443
- TCP y1.ey####.com:7071
- TCP y1.ey####.com:7073
- TCP y1.ey####.com:7072
Запросы DNS:
- a####.i####.com
- a####.u####.com
- api####.i####.com
- api-y####.i####.com
- b.scoreca####.com
- beijin####.get.vip
- c####.i####.com
- c####.m.i####.com
- c####.v####.i####.com
- contr####.i####.com
- d####.b####.com
- d####.v####.i####.com
- hm.b####.com
- i####.i####.com
- l####.tbs.qq.com
- m####.71.am
- m####.qy.net
- m.i####.com
- m.iqiy####.com
- msg.i####.com
- msg.vip.i####.com
- mt####.go####.com
- p####.iqiy####.com
- p####.iqiy####.com
- p####.iqiy####.com
- p####.iqiy####.com
- p####.iqiy####.com
- pa####.i####.com
- pub.m.i####.com
- secu####.i####.com
- st####.i####.com
- subscri####.i####.com
- t7z.c####.i####.com
- u1.iqiy####.com
- u2.iqiy####.com
- u5.iqiy####.com
- www.iqiy####.com
- y1.ey####.com
- y2.ey####.com
- y3.ey####.com
Запросы HTTP GET:
- a####.i####.com/feed/outline?hasRecomFeed=####&feedTypes=####&circleid=#...
- api####.i####.com/index/top?utype=####&cid=####&dim=####&len=####&area=#...
- api-y####.i####.com/book/ipRelated/info?appVer=####&bookId=####&srcPlatf...
- b.scoreca####.com.####.net/beacon.js
- beijin####.get.vip/ceshijiek/jiekou.txt
- c####.m.i####.com/jp/tmts/1177939300/37d2fd43de745e284ad807e7550ca7d8/?u...
- c####.v####.i####.com/jp/pc/206556801,216439401,215039601/?qyid=####&_=#...
- contr####.i####.com/control/content_config?business=####&is_iqiyi=####&i...
- d####.b####.com/x.gif?he=[mag####&prot_ver=####&app_id=####&rnd=####&log...
- d####.b####.com/x.js?si=####&dm=####
- d####.v####.i####.com/v.mp4?_=####&callback=####
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&ep=####&et=#...
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&et=####&ja=#...
- hm.b####.com/hm.js?5df871a####
- i####.com.edg####.net/
- i####.com.edg####.net/css/2018062517/h5-aura.css
- i####.com.edg####.net/css/20180710/h5-paopao-play-aura.css
- i####.com.edg####.net/css/2018080717/h5-play-aura.css
- i####.com.edg####.net/ext/common/auraIcon/iconfont.ttf
- i####.com.edg####.net/ext/common/auraIcon20180622/iconfont.ttf
- i####.com.edg####.net/favicon.ico
- i####.com.edg####.net/js/common/7d183edd03bc4414b315e8964fb41826.js
- i####.com.edg####.net/js/common/ares4-h5.min.js
- i####.com.edg####.net/js/html5/js/lib/clipboard.min.js
- i####.com.edg####.net/js/html5/js/lib/lib.2.0.8.min.js?sea1.2.####
- i####.com.edg####.net/js/html5/js/lib/qoe.3.0.3.min.js?v=####
- i####.com.edg####.net/js/html5/js/page/home/dc04afdced!app.js
- i####.com.edg####.net/js/html5/js/page/playLong/f6f165b794!app.js
- i####.com.edg####.net/v_19rr2aesjs.html
- i####.i####.com/irt?_iwt_t=####&_iwt_id=####&_iwt_UA=####&r=####
- iqiy####.com.edg####.net/common/20171106/ac/1b/vip_100000_v_601_0_60.png
- iqiy####.com.edg####.net/common/20180322/b78ffa490af04be394dc908de16f1e3...
- iqiy####.com.edg####.net/common/20180509/70ea099b771d43189d4cf0d7ffd7a16...
- iqiy####.com.edg####.net/common/20180509/9c64fce5ad2940d289c84c5586085b0...
- iqiy####.com.edg####.net/common/20180510/d9bd60258fac424a8aa71068559efeb...
- iqiy####.com.edg####.net/common/20180528/ac/1b/vip_100004_v_601_0_60.png
- iqiy####.com.edg####.net/common/20180627/reliao_1530091658440.png
- iqiy####.com.edg####.net/common/fix/h5-aura/channel-icon-20180119.png
- iqiy####.com.edg####.net/common/fix/h5-aura/foot.png
- iqiy####.com.edg####.net/common/fix/h5-aura/icon-handMore.png
- iqiy####.com.edg####.net/common/fix/h5-aura/imgLogo-b.png
- iqiy####.com.edg####.net/common/fix/h5-aura/imgLogo-s.png
- iqiy####.com.edg####.net/common/fix/h5-aura/iqiyi-logo.png
- iqiy####.com.edg####.net/common/fix/h5-aura/menu-more-icon.png
- iqiy####.com.edg####.net/common/fix/h5-aura/nav-linebg.png
- iqiy####.com.edg####.net/common/fix/h5-aura/picicon-bg-20180509.png
- iqiy####.com.edg####.net/common/fix/h5-aura/picicon-s-bg-20171214.png
- iqiy####.com.edg####.net/common/fix/h5-aura/playPage-icon-20180228.png
- iqiy####.com.edg####.net/common/fix/h5-aura/player-bg.png
- iqiy####.com.edg####.net/common/fix/h5-aura/player-default-logo.png
- iqiy####.com.edg####.net/common/fix/h5-aura/video-pp.png
- iqiy####.com.edg####.net/common/fix/h5-v3/guide-new.png
- iqiy####.com.edg####.net/common/fix/h5-v3/guide-qiyitop.png
- iqiy####.com.edg####.net/common/fix/h5-v3/horizontal-img-220-124.jpg
- iqiy####.com.edg####.net/common/fix/h5-v3/player-tip-bg.jpg
- iqiy####.com.edg####.net/common/lego/20170915/35d844f8af07412e9980d56cb7...
- iqiy####.com.edg####.net/common/lego/20170915/3e2d8d029f104eea9261ef9dca...
- iqiy####.com.edg####.net/common/lego/20170915/5909cbd78fd44f6fa3d9b78dc9...
- iqiy####.com.edg####.net/common/lego/20170915/7df91c03d5db4113848f7ca1b9...
- iqiy####.com.edg####.net/common/lego/20170915/bc4532a1bfd64f3c929b6f9200...
- iqiy####.com.edg####.net/common/lego/20170921/3ba9004a0a1e43939cf4631a5f...
- iqiy####.com.edg####.net/common/lego/20180201/34b505af4dad4528a87cb15e2e...
- iqiy####.com.edg####.net/common/lego/20180713/c8b8cad6fc964071b09ea6a33f...
- iqiy####.com.edg####.net/common/lego/20180719/2f7f7934d11b427b9e86da8b92...
- iqiy####.com.edg####.net/common/lego/20180809/3c8b5ad72b1c49f9bcf3e4cd0d...
- iqiy####.com.edg####.net/common/lego/20180810/60f8366adc944733bf7c95e2e1...
- iqiy####.com.edg####.net/common/lego/20180813/17d60e20e40e48e68f2e0e2dca...
- iqiy####.com.edg####.net/common/lego/20180813/6f36f4645cf94d26a9845666a1...
- iqiy####.com.edg####.net/common/lego/20180813/77ae7d7df79a432487ecf75203...
- iqiy####.com.edg####.net/common/lego/20180814/1997b30b2864495b80a476a540...
- iqiy####.com.edg####.net/common/lego/20180814/39c726e1803047a7b064108285...
- iqiy####.com.edg####.net/common/lego/20180814/4e8e65bfdb0343d5b44ea16fb7...
- iqiy####.com.edg####.net/common/lego/20180814/c4c3beb386494aa785b1f24fd1...
- iqiy####.com.edg####.net/common/lego/20180815/3485c83e5aa14ff687e8d49ac8...
- iqiy####.com.edg####.net/common/lego/20180815/4da97f47929a4411869b587785...
- iqiy####.com.edg####.net/common/lego/20180815/535dade2135b4f1285f6b97237...
- iqiy####.com.edg####.net/common/lego/20180815/6a4289a5e8ac49e691ae069199...
- iqiy####.com.edg####.net/common/lego/20180815/a5b7ce983ed14136aaaf2dc881...
- iqiy####.com.edg####.net/common/lego/20180815/b39dfb8bc87942f3b862206dd3...
- iqiy####.com.edg####.net/common/lego/20180815/e8e8dc539e2049ad92992d9f5c...
- iqiy####.com.edg####.net/common/lego/20180815/ea6baabc8fd7483fa16fe36e0b...
- iqiy####.com.edg####.net/common/lego/20180816/159eccae2ccc46f5aa90905d38...
- iqiy####.com.edg####.net/common/lego/20180816/2e995f19b7784fc087712840c4...
- iqiy####.com.edg####.net/common/lego/20180816/4bb977b6635a43deb8bcf01ad0...
- iqiy####.com.edg####.net/common/lego/20180816/78994e2cb2a44f3685cf40c8a8...
- iqiy####.com.edg####.net/common/lego/20180816/85817bff5229412eaa0ac734f7...
- iqiy####.com.edg####.net/common/lego/20180816/b92d9a9a683841718ccaf7bc98...
- iqiy####.com.edg####.net/image/20180220/16/42/v_112875567_m_601_m7_195_2...
- iqiy####.com.edg####.net/image/20180220/5d/97/v_113659968_m_601_m2_195_2...
- iqiy####.com.edg####.net/image/20180220/ec/15/v_114709119_m_601_m3_195_2...
- iqiy####.com.edg####.net/image/20180403/74/0a/a_100091879_m_601_m3_195_2...
- iqiy####.com.edg####.net/image/20180630/23/24/a_100047333_m_601_m19_195_...
- iqiy####.com.edg####.net/image/20180701/a3/8b/a_100099292_m_601_m16_195_...
- iqiy####.com.edg####.net/image/20180708/9e/08/a_100156847_m_601_m4_195_2...
- iqiy####.com.edg####.net/image/20180709/fa/57/a_100156702_m_601_m7_195_2...
- iqiy####.com.edg####.net/image/20180716/ea/3e/v_117383855_m_601_480_270....
- iqiy####.com.edg####.net/image/20180720/72/18/v_115029559_m_601_m8_195_2...
- iqiy####.com.edg####.net/image/20180724/a7/4f/a_100147838_m_601_m2_195_2...
- iqiy####.com.edg####.net/image/20180727/3b/32/bk_100135101_r_601_m8_160_...
- iqiy####.com.edg####.net/image/20180730/0c/e3/v_114411145_m_601_m9_195_2...
- iqiy####.com.edg####.net/image/20180730/73/2a/v_113710372_m_601_m9_195_2...
- iqiy####.com.edg####.net/image/20180801/92/fd/v_117785769_m_601_m3_284_1...
- iqiy####.com.edg####.net/image/20180807/60/ab/a_100056295_m_601_m19_195_...
- iqiy####.com.edg####.net/image/20180809/3e/f4/v_115991660_m_601_m4_195_2...
- iqiy####.com.edg####.net/image/20180809/61/4f/v_117681141_m_601_m7_195_2...
- iqiy####.com.edg####.net/image/20180810/3e/aa/a_100098466_m_601_m9_195_2...
- iqiy####.com.edg####.net/image/20180810/dc/bc/a_100092298_m_601_m13_195_...
- iqiy####.com.edg####.net/image/20180813/0e/f0/a_100161325_m_601_m10_195_...
- iqiy####.com.edg####.net/image/20180813/9f/92/v_117942514_m_601_m2_195_2...
- iqiy####.com.edg####.net/image/20180813/ab/88/a_100161062_m_601_m7_195_2...
- iqiy####.com.edg####.net/image/20180814/04/79/a_100101550_m_601_m17_195_...
- iqiy####.com.edg####.net/image/20180814/9e/0e/v_116690890_m_601_m6_195_2...
- iqiy####.com.edg####.net/image/20180815/0b/a9/v_117609571_m_601_m5_195_2...
- iqiy####.com.edg####.net/image/20180815/11/36/v_118142857_m_601_m2_195_2...
- iqiy####.com.edg####.net/image/20180815/64/4e/a_100033091_m_601_m18_195_...
- iqiy####.com.edg####.net/image/20180815/76/e0/v_118138738_m_601_284_160....
- iqiy####.com.edg####.net/image/20180816/01/94/v_117293952_m_601_m4_284_1...
- iqiy####.com.edg####.net/image/20180816/37/94/v_118128289_m_601_m1_284_1...
- iqiy####.com.edg####.net/image/20180816/5f/fd/v_118137902_m_601_m1_284_1...
- iqiy####.com.edg####.net/image/20180816/a6/5a/v_118140870_m_601_m1_284_1...
- iqiy####.com.edg####.net/image/20180816/a9/57/v_118152924_m_601_284_160....
- iqiy####.com.edg####.net/image/20180816/c0/b8/v_118147868_m_601_m1_284_1...
- iqiy####.com.edg####.net/image/20180816/f0/ca/v_118144591_m_601_m1_284_1...
- m####.qy.net/b?t=####&bstp=####&pf=####&p=####&p1=####&u=####&pu=####&bl...
- m####.qy.net/cp2.gif?p=####&rd=####&rc=####&t=####&e=####&y=####&u=####&...
- m####.qy.net/cp2.gif?p=####&t=####&lc=####&e=####&y=####&u=####&av=####&...
- m####.qy.net/cp2.gif?p=####&t=####&rc=####&rd=####&ai=####&e=####&y=####...
- m####.qy.net/jpb.gif?rdm=####&qtcurl=####&rfr=####&flshuid=####&lrfr=###...
- m####.qy.net/tmpstats.gif?type=####&des=####&mse=####&p2p=####&p=####
- m####.qy.net/vodpb.gif?rec=####&mse=####&url=####&fetch=####&rtc=####&ws...
- msg.vip.i####.com/qya.gif?qy_n=####&qy_cid=####&qy_fcode=####&qy_platfor...
- pa####.i####.com/apis/e/paopao/list.action?authcookie=####&m_device_id=#...
- pa####.i####.com/apis/e/starwall/basic_wall.action?wallId=####&qypid=###...
- secu####.i####.com/api/getNewAdInfo?pageName=####&appNum=####&key=####&v...
- secu####.i####.com/jp/h5/albums/207834001?callback=####
- secu####.i####.com/jp/h5/count/play/207834001?_=####&callback=####
- secu####.i####.com/jp/h5/index/2/?_=####&callback=####
- subscri####.i####.com/dingyue/api/isSubscribed.action?agent_type=####&su...
- t7z.c####.i####.com/show2?e=####&h=####&a=####&u=####&p=####&s=####&_=##...
- t7z.c####.i####.com/track2?w=####&dts=####&nr=####&c=####&f=####&g=####&...
Запросы HTTP POST:
- a####.u####.com/app_logs
- l####.tbs.qq.com/ajax?c=####&k=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/001.jar
- /data/data/####/356507059351895yd.db-journal
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/WebpageIcons.db
- /data/data/####/WebpageIcons.db-journal
- /data/data/####/aypa0000.xml
- /data/data/####/ayqa0000.xml
- /data/data/####/ayqb0000.xml
- /data/data/####/core_info
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/debug.conf
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/http_m.iqiyi.com_0.localstorage-journal
- /data/data/####/index
- /data/data/####/libexec.so
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/yysa.xml
- /data/data/####/yysa356507059351895.xml
- /data/data/####/yysb356507059351895.xml
- /data/data/####/yysc356507059351895.xml
- /data/media/####/.nomedia
- /data/media/####/Database.db
- /data/media/####/Database.db-journal
- /data/media/####/tbslog.txt
Другие:
Запускает следующие shell-скрипты:
- getprop ro.product.cpu.abi
Загружает динамические библиотеки:
- NativeUtils
- libexec
Использует следующие алгоритмы для шифрования данных:
- RSA-ECB-NoPadding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
