Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Dowgin.3.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) hm.b####.com:80
- TCP(HTTP/1.1) www.l####.com:80
- TCP(HTTP/1.1) a.leleke####.com:80
- TCP(HTTP/1.1) thi####.q####.cn:80
- TCP(HTTP/1.1) r.leleke####.com.####.com:80
Запросы DNS:
- a####.u####.com
- a.leleke####.com
- api.is.d####.####.cn
- fb.u####.com
- hm.b####.com
- q.q####.cn
- r.leleke####.com
- thi####.q####.cn
- www.l####.com
- www.leleke####.com
Запросы HTTP GET:
- a.leleke####.com/comments/c.php?app=####&id=####&mode=####
- a.leleke####.com/comments/em/angrya_thumb.gif
- a.leleke####.com/comments/em/bs2_thumb.gif
- a.leleke####.com/comments/em/clock_thumb.gif
- a.leleke####.com/comments/em/cool_thumb.gif
- a.leleke####.com/comments/em/geili_thumb.gif
- a.leleke####.com/comments/em/good_thumb.gif
- a.leleke####.com/comments/em/gza_thumb.gif
- a.leleke####.com/comments/em/h_thumb.gif
- a.leleke####.com/comments/em/horse2_thumb.gif
- a.leleke####.com/comments/em/hufen_thumb.gif
- a.leleke####.com/comments/em/j_thumb.gif
- a.leleke####.com/comments/em/kbsa_thumb.gif
- a.leleke####.com/comments/em/kl_thumb.gif
- a.leleke####.com/comments/em/laugh.gif
- a.leleke####.com/comments/em/lazu_thumb.gif
- a.leleke####.com/comments/em/liwu_thumb.gif
- a.leleke####.com/comments/em/nm_thumb.gif
- a.leleke####.com/comments/em/no_thumb.gif
- a.leleke####.com/comments/em/ok_thumb.gif
- a.leleke####.com/comments/em/otm_thumb.gif
- a.leleke####.com/comments/em/pig.gif
- a.leleke####.com/comments/em/sad_thumb.gif
- a.leleke####.com/comments/em/sada_thumb.gif
- a.leleke####.com/comments/em/sb_thumb.gif
- a.leleke####.com/comments/em/t_thumb.gif
- a.leleke####.com/comments/em/tootha_thumb.gif
- a.leleke####.com/comments/em/unheart.gif
- a.leleke####.com/comments/em/yhh_thumb.gif
- a.leleke####.com/comments/em/yx_thumb.gif
- a.leleke####.com/comments/em/zhh_thumb.gif
- a.leleke####.com/comments/image/aspire.png
- a.leleke####.com/comments/image/avatar.png
- a.leleke####.com/comments/image/lele.png
- a.leleke####.com/comments/image/login_qq_m.png
- a.leleke####.com/comments/image/login_weibo_m.png
- a.leleke####.com/comments/image/m.png
- a.leleke####.com/comments/image/m_c.png
- a.leleke####.com/comments/image/qzone.png
- a.leleke####.com/comments/js/m.min.js
- a.leleke####.com/dat/space/avatar/015/83/67/67_middle.png?t=####
- a.leleke####.com/dat/space/avatar/020/05/13/29_middle.png?t=####
- a.leleke####.com/dat/space/avatar/020/38/85/54_middle.jpg
- a.leleke####.com/dat/space/avatar/020/65/84/32_middle.jpg
- a.leleke####.com/login/image/anony2.png
- a.leleke####.com/min/11FZjQ.js?t=####
- a.leleke####.com/min/11SV4k-guFIe-pO3zO.css?t=####
- a.leleke####.com/min/B09od.js?t=####
- a.leleke####.com/min/CAOT8.js?t=####
- a.leleke####.com/min/MiRpQ-bevOj-Tjf9O-oEc5R-J6gFN-16Oyrm-guFIe-pO3zO.cs...
- a.leleke####.com/min/RAU91-SIg2D-9GZFD-11SV4k-oDORT-guFIe-pO3zO.css?t=####
- a.leleke####.com/min/iry05.css?t=####
- a.leleke####.com/min/m4H1W-dlEyR-14G2Ek-fKuEZ.js?t=####
- a.leleke####.com/min/m4H1W-dlEyR-14G2Ek-yc6Ph-fKuEZ.js?t=####
- a.leleke####.com/min/ml9JF-9GZFD-11SV4k-oDORT-guFIe-pO3zO.css?t=####
- a.leleke####.com/min/t1pz7-tIPuo-oEc5R-KHTj1-18nvLO-8GTde-guFIe-lqqVP-pO...
- a.leleke####.com/min/t1pz7-tIPuo-oEc5R-KHTj1-18nvLO-8GTde-guFIe-pO3zO.cs...
- a.leleke####.com/uc/image/watermark.png?t=####
- a.leleke####.com/zuowen/16761.shtml
- a.leleke####.com/zuowen/17842.shtml
- a.leleke####.com/zuowen/330238.shtml
- a.leleke####.com/zuowen/50231.shtml
- a.leleke####.com/zuowen/7587.shtml
- a.leleke####.com/zuowen/clist3-0-0-1-1.shtml
- a.leleke####.com/zuowen/clist3-30896-0-1-1.shtml
- a.leleke####.com/zuowen/clist3-479441-0-1-1.shtml
- a.leleke####.com/zuowen/image/zuowen.png?t=####
- a.leleke####.com/zuowen/index.php?track_id=####
- a.leleke####.com/zuowen/list12-0-0-1-1.shtml
- a.leleke####.com/zuowen/s17842-0.shtml
- a.leleke####.com/zuowen/s50231-0.shtml
- a.leleke####.com/zuowen/service/get_my_profile.php
- a.leleke####.com/zuowen/uc/image/21.png?t=####
- a.leleke####.com/zuowen/uc/image/22.png?t=####
- a.leleke####.com/zuowen/uc/image/23.png?t=####
- a.leleke####.com/zuowen/uc/image/41.png?t=####
- a.leleke####.com/zuowen/uc/image/high.png?t=####
- a.leleke####.com/zuowen/uc/image/hot.png?t=####
- a.leleke####.com/zuowen/uc/image/middle.png?t=####
- a.leleke####.com/zuowen/uc/image/primary.png?t=####
- a.leleke####.com/zuowen/uc/image/wave.png?t=####
- a.leleke####.com/zuowen/uc/image/xiyou2.png
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&ep=####&et=#...
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&et=####&ja=#...
- hm.b####.com/hm.js?8296a32####
- r.leleke####.com.####.com/dat/zuowen/category/m/1.png
- r.leleke####.com.####.com/dat/zuowen/category/m/10.png
- r.leleke####.com.####.com/dat/zuowen/category/m/11.png
- r.leleke####.com.####.com/dat/zuowen/category/m/12.png
- r.leleke####.com.####.com/dat/zuowen/category/m/13.png
- r.leleke####.com.####.com/dat/zuowen/category/m/14.png
- r.leleke####.com.####.com/dat/zuowen/category/m/15.png
- r.leleke####.com.####.com/dat/zuowen/category/m/16.png
- r.leleke####.com.####.com/dat/zuowen/category/m/2.png
- r.leleke####.com.####.com/dat/zuowen/category/m/3.png
- r.leleke####.com.####.com/dat/zuowen/category/m/4.png
- r.leleke####.com.####.com/dat/zuowen/category/m/5.png
- r.leleke####.com.####.com/dat/zuowen/category/m/6.png
- r.leleke####.com.####.com/dat/zuowen/category/m/7.png
- r.leleke####.com.####.com/dat/zuowen/category/m/8.png
- r.leleke####.com.####.com/dat/zuowen/category/m/9.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/chongyangjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/chunjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/chuxi.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/duanwujie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/ertongjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/funvjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/fuqinjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/guoqingjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/jianjunjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/jiaoshijie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/laba.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/laodongjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/muqinjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/qingmingjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/qingnianjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/qixi.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/shengdanjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/wanshengjie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/yuandan.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/yuanxiaojie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/zhishujie.png
- r.leleke####.com.####.com/dat/zuowen/festival/m/zhongqiujie.png
- thi####.q####.cn/qqapp/101036803/013A0EDD7A52BFBD5C1ECEF0C7798C0E/100
- thi####.q####.cn/qqapp/101036803/07DB0B2D3656D58194FCD9ED1C62EF19/100
- thi####.q####.cn/qqapp/101036803/0A397C3BB3D91CCEFD05C55AE076DF63/100
- thi####.q####.cn/qqapp/101036803/0E9238ECA03C75B725AA7FAEFE76EDA7/100
- thi####.q####.cn/qqapp/101036803/169499F6601880FB3938F6CE9CA7F792/100
- thi####.q####.cn/qqapp/101036803/17B7F985D006937514AB0ABA9A470CCD/100
- thi####.q####.cn/qqapp/101036803/17C7B3B6CCFB321872062C70BA8B4025/100
- thi####.q####.cn/qqapp/101036803/17CC1A055F48912B70EA5FB3FA887746/100
- thi####.q####.cn/qqapp/101036803/1CA65537BCF9D5AD21F33D0B9D05FE2F/100
- thi####.q####.cn/qqapp/101036803/247485594923A248367079367A1E36EE/100
- thi####.q####.cn/qqapp/101036803/24DAEE4658E4976C9C23162947E85E30/100
- thi####.q####.cn/qqapp/101036803/2BC0992D5DF3BE8A24E42B7FC6610C89/100
- thi####.q####.cn/qqapp/101036803/34FDEF67197082F1F0E38E715BDF1B35/100
- thi####.q####.cn/qqapp/101036803/3A8DBA003D752C7A73DB1B8E7AC55077/100
- thi####.q####.cn/qqapp/101036803/3C9DF7885289137AC6B7838AB543A71C/100
- thi####.q####.cn/qqapp/101036803/42967CA04844F221B324F93110717067/100
- thi####.q####.cn/qqapp/101036803/4358634430E62074388FD5B8472F8093/100
- thi####.q####.cn/qqapp/101036803/4C1AC23EE5DCF3A8F5E6714A6F1A449B/100
- thi####.q####.cn/qqapp/101036803/51D05CFD1BA3DD3C9D5C4A54C55F4385/100
- thi####.q####.cn/qqapp/101036803/55DC1C7CC4F4741C8BAE05D0688DDE5B/100
- thi####.q####.cn/qqapp/101036803/5B54D3B3A0CE1A8300780EFDB3F802E4/100
- thi####.q####.cn/qqapp/101036803/6331D67BD62A9AF8611B6BC1C0591836/100
- thi####.q####.cn/qqapp/101036803/6466D6A08F154597062E5FC6F32247E9/100
- thi####.q####.cn/qqapp/101036803/6CB2BF968358304CF6BC8713E8050C55/100
- thi####.q####.cn/qqapp/101036803/7117441BD083D33B36E1806895740127/100
- thi####.q####.cn/qqapp/101036803/716F830498B0AD31DC4F8573C304AA72/100
- thi####.q####.cn/qqapp/101036803/71CBB0BDEC04475F0EE1B312446E7205/100
- thi####.q####.cn/qqapp/101036803/787102C348FDFFFA8A41A96AF31AD0A3/100
- thi####.q####.cn/qqapp/101036803/83197E59D7B2F9787EA73BC25DD88701/100
- thi####.q####.cn/qqapp/101036803/86791FA809DB1447933AB276A187D610/100
- thi####.q####.cn/qqapp/101036803/898567CAA3F95EF06B7794A47FA4A4F8/100
- thi####.q####.cn/qqapp/101036803/8EE72FDA55550813039AD5DB7AEF9D2F/100
- thi####.q####.cn/qqapp/101036803/8F72CD9B29A2E54ACF6499DB0D8F416D/100
- thi####.q####.cn/qqapp/101036803/92DDFF7612FE3A0B035DFD53097D4E7E/100
- thi####.q####.cn/qqapp/101036803/97A8D2CF47D2585DB3261E7FEEF9987F/100
- thi####.q####.cn/qqapp/101036803/97FD4FBD938E1B8339CFCDC47EC3428A/100
- thi####.q####.cn/qqapp/101036803/9894190BDE48961ACCC7E925CD2A6728/100
- thi####.q####.cn/qqapp/101036803/A264AF4CD95195C9E0D3C77E4046D090/100
- thi####.q####.cn/qqapp/101036803/A4CB0968292302EE018739E2439CA3A6/100
- thi####.q####.cn/qqapp/101036803/A59A3411DF764AF2D2E53BC365E2B7E5/100
- thi####.q####.cn/qqapp/101036803/A684D3DDCF9A034E92422F5AFEA851E6/100
- thi####.q####.cn/qqapp/101036803/AA5B496470482EB034C4CF1CFAAA6329/100
- thi####.q####.cn/qqapp/101036803/AD108FCD2BA9E15039148F92E0191687/100
- thi####.q####.cn/qqapp/101036803/BB8384C3B3E96A83B74C46E8F587E62C/100
- thi####.q####.cn/qqapp/101036803/C6CA493CD22E6A8AAA5A0FFDD201D737/100
- thi####.q####.cn/qqapp/101036803/C6F928DFF713745BD1E349953A6ACD5E/100
- thi####.q####.cn/qqapp/101036803/C7F16127D453AFE514697D50F544DCAE/100
- thi####.q####.cn/qqapp/101036803/CD13F214CD70523FA401E73A5C6B9B0A/100
- thi####.q####.cn/qqapp/101036803/CE5A3DF8059BF607CF8F3F6660EF27F9/100
- thi####.q####.cn/qqapp/101036803/D320D236A6EBEF6A7CC3E1CD2CEABF06/100
- thi####.q####.cn/qqapp/101036803/D38506809CD03866EE364EDB93C4D841/100
- thi####.q####.cn/qqapp/101036803/D518A7799C3158D89DFB74D6A983EC9D/100
- thi####.q####.cn/qqapp/101036803/D5D97EE46A449690715F3A4ACBD112FD/100
- thi####.q####.cn/qqapp/101036803/D8B646DB400F4E6B42DBC9E7FF275862/100
- thi####.q####.cn/qqapp/101036803/E04B1984C927249C88324134778D570B/100
- thi####.q####.cn/qqapp/101036803/E7F55B4B3CCBBB27D16DD8B6323E8971/100
- thi####.q####.cn/qqapp/101036803/E834A8CF215A712CD447971EBC64993B/100
- thi####.q####.cn/qqapp/101036803/E981D82FF629997DA663E7D45D35A03A/100
- thi####.q####.cn/qqapp/101036803/EB0DDBBEB9520240433CA07515034D02/100
- thi####.q####.cn/qqapp/101036803/F0E2AA3DF33DEE981D9118CA51DEE922/100
- thi####.q####.cn/qqapp/101036803/F1727C87CF87F13D2A23FADABB952616/100
- thi####.q####.cn/qqapp/101036803/F65F7B24D87390A2961093901BA77DFB/100
- thi####.q####.cn/qqapp/101036803/FD1C7273FC92768EF1226EB3575F0CC6/100
- thi####.q####.cn/qqapp/101036803/FF13DE9A67E05C1F9944AE44A50039EF/100
- thi####.q####.cn/qqapp/101036803/FF1CDBB31F008268423FD1906E459B7A/100
- thi####.q####.cn/qqapp/111111/942FEA70050EEAFBD4DCE2C1FC775E56/100
- www.l####.com/face/small/111653633/0/0
- www.l####.com/face/small/121073257/0/0
Запросы HTTP POST:
- a####.u####.com/app_logs
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/_bx_share.xml
- /data/data/####/_cfgam.xml
- /data/data/####/_ddsdf.xml
- /data/data/####/_i_shares.xml
- /data/data/####/cache.db
- /data/data/####/cache.db-journal
- /data/data/####/cozuowenfwq.jar
- /data/data/####/czuowenfwqco.jar
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/index
- /data/data/####/mobclick_agent_online_setting_com.leleketang.zuowenfwq.xml
- /data/data/####/umeng_feedback_conversations.xml
- /data/data/####/umeng_feedback_user_info.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/zuowenfwqoc.jar
Другие:
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
