Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.743.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.0) pis.al####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) wac.1####.m####.net:80
- TCP(HTTP/1.1) da####.c####.qini####.com:80
- TCP(HTTP/1.1) pus.al####.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(HTTP/1.1) pss.al####.com:80
- TCP(TLS/1.0) www.chartb####.com:443
- TCP(TLS/1.0) 1####.217.17.110:443
- TCP(TLS/1.0) pns.al####.com:443
- TCP(TLS/1.0) l####.4####.top:443
- UDP 1####.168.120.254:4466
Запросы DNS:
- a####.u####.com
- cdn.img.p####.top
- d####.appf####.com
- l####.4####.top
- oc.u####.com
- p####.co
- pis.al####.com
- pns.al####.com
- pss.al####.com
- pus.al####.com
- www.chartb####.com
Запросы HTTP GET:
- da####.c####.qini####.com/upload/201809/4/img/20180904180436433.png
- pus.al####.com/kernal/sdkcontrol/vod_android-mobile_x86_9.1.1.1220.jpg
- wac.1####.m####.net/a/en/npuzzle750.zip
- wac.1####.m####.net/a/img/AppLock.1.jpg
- wac.1####.m####.net/a/img/BCandyStar.ic.png
- wac.1####.m####.net/a/img/Badminton.ic.png
- wac.1####.m####.net/a/img/BadmintonStar2.ic.png
- wac.1####.m####.net/a/img/BilliardsMaster.1.jpg
- wac.1####.m####.net/a/img/BilliardsMaster.ic.png
- wac.1####.m####.net/a/img/BilliardsMaster2.1.jpg
- wac.1####.m####.net/a/img/BirdRevenge.ic.png
- wac.1####.m####.net/a/img/BmxExtreme.ic.png
- wac.1####.m####.net/a/img/BubbleBomb2.1.jpg
- wac.1####.m####.net/a/img/BubbleBomb2.2.jpg
- wac.1####.m####.net/a/img/BubbleCombos.ic.png
- wac.1####.m####.net/a/img/BubbleOcean5.1.jpg
- wac.1####.m####.net/a/img/BubbleOcean5.ic.png
- wac.1####.m####.net/a/img/BubbleOcean6.1.jpg
- wac.1####.m####.net/a/img/BubblePop.1.jpg
- wac.1####.m####.net/a/img/BubbleShooteFeb.1.jpg
- wac.1####.m####.net/a/img/BubbleShooter0622.1.jpg
- wac.1####.m####.net/a/img/BubbleShooter12.2.jpg
- wac.1####.m####.net/a/img/BubbleShooterBlitz.ic.png
- wac.1####.m####.net/a/img/BubbleShooterBomb.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterDeluxe.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterElf.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterFour.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterJay.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterLegend.2.jpg
- wac.1####.m####.net/a/img/BubbleShooterLegend2.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterNor.2.jpg
- wac.1####.m####.net/a/img/BubbleShooterOcean.2.jpg
- wac.1####.m####.net/a/img/BubbleShooterOcean2.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterOcean2.ic.1.png
- wac.1####.m####.net/a/img/BubbleShooterOcean3.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterR.2.jpg
- wac.1####.m####.net/a/img/BubbleShooterS.ic.png
- wac.1####.m####.net/a/img/BubbleShooterSky.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterSky2.1.jpg
- wac.1####.m####.net/a/img/BubbleShooterThre.1.jpg
- wac.1####.m####.net/a/img/BubbleSky3.1.jpg
- wac.1####.m####.net/a/img/BubbleSky4.1.jpg
- wac.1####.m####.net/a/img/BubbleSky6.1.jpg
- wac.1####.m####.net/a/img/BubbleSky8.1.jpg
- wac.1####.m####.net/a/img/BubbleSky8.ic.png
- wac.1####.m####.net/a/img/BubbleSky9.1.jpg
- wac.1####.m####.net/a/img/BurgerTycoon2.5.jpg
- wac.1####.m####.net/a/img/BurgerTycoon2.ic.png
- wac.1####.m####.net/a/img/BurgerWorlds.ic.png
- wac.1####.m####.net/a/img/CandyBlast.ic.png
- wac.1####.m####.net/a/img/CandyCruise.1.jpg
- wac.1####.m####.net/a/img/CandyFrenzy.1.png
- wac.1####.m####.net/a/img/CandyFrenzy.ic.png
- wac.1####.m####.net/a/img/CandyFrenzy2.10.jpg
- wac.1####.m####.net/a/img/CandyFrenzy2.ic.png
- wac.1####.m####.net/a/img/CandyJourney.3.jpg
- wac.1####.m####.net/a/img/CandyParadise.ic.png
- wac.1####.m####.net/a/img/CandyStar3.1.jpg
- wac.1####.m####.net/a/img/CandyStar3.ic.png
- wac.1####.m####.net/a/img/CandyYum.1.jpg
- wac.1####.m####.net/a/img/CandyYum.ic.png
- wac.1####.m####.net/a/img/ChessFreeC.1.jpg
- wac.1####.m####.net/a/img/ChessOnline.1.png
- wac.1####.m####.net/a/img/CityRacing3D.1.png
- wac.1####.m####.net/a/img/CityRacing3D.ic.png
- wac.1####.m####.net/a/img/CityRacingLite.2.jpg
- wac.1####.m####.net/a/img/CityRacingLite.ic.png
- wac.1####.m####.net/a/img/ColorFidgetSpinner.1.jpg
- wac.1####.m####.net/a/img/CookieBlastFrenzy.ic.png
- wac.1####.m####.net/a/img/CookieCrush.3.jpg
- wac.1####.m####.net/a/img/CookieParadiseM.1.jpg
- wac.1####.m####.net/a/img/CookieYum.1.jpg
- wac.1####.m####.net/a/img/CrazyCookingChef.2.jpg
- wac.1####.m####.net/a/img/CrazyForSpeed.1.png
- wac.1####.m####.net/a/img/DartsMaster.2.jpg
- wac.1####.m####.net/a/img/FootballPro2.ic.png
- wac.1####.m####.net/a/img/FruitGarden.1.jpg
- wac.1####.m####.net/a/img/FruitGardenBlast.1.jpg
- wac.1####.m####.net/a/img/FruitParadise.2.jpg
- wac.1####.m####.net/a/img/FruitRevels.ic.png
- wac.1####.m####.net/a/img/FruitRivals.ic.png
- wac.1####.m####.net/a/img/FruitTrip.ic.png
- wac.1####.m####.net/a/img/FruitsBreak.5.jpg
- wac.1####.m####.net/a/img/FruitsBreak.ic.png
- wac.1####.m####.net/a/img/FruitsGarden.ic.png
- wac.1####.m####.net/a/img/FruitsLegend.4.jpg
- wac.1####.m####.net/a/img/FruitsLegend.ic.png
- wac.1####.m####.net/a/img/FruitsLegend2.4.jpg
- wac.1####.m####.net/a/img/FruitsShooter.ic.png
- wac.1####.m####.net/a/img/GoldMiner.ic.png
- wac.1####.m####.net/a/img/JewelsLink.3.jpg
- wac.1####.m####.net/a/img/JewelsLink.ic.png
- wac.1####.m####.net/a/img/JungleLegend.ic.png
- wac.1####.m####.net/a/img/MagicCharms.1.jpg
- wac.1####.m####.net/a/img/MarbleAge.3.jpg
- wac.1####.m####.net/a/img/MarbleAge.ic.png
- wac.1####.m####.net/a/img/MarbleKingdom.ic.png
- wac.1####.m####.net/a/img/MarbleLegend.2.jpg
- wac.1####.m####.net/a/img/MarbleLegend.ic.png
- wac.1####.m####.net/a/img/MarbleLegend2.2.jpg
- wac.1####.m####.net/a/img/MarbleLegend2.ic.png
- wac.1####.m####.net/a/img/MiniGolfCenter.ic.png
- wac.1####.m####.net/a/img/MotoExtreme.4.png
- wac.1####.m####.net/a/img/MusicPlayer.1.jpg
- wac.1####.m####.net/a/img/PandaLegend.ic.png
- wac.1####.m####.net/a/img/PinballGo.2.jpg
- wac.1####.m####.net/a/img/PoolBallMaster.4.jpg
- wac.1####.m####.net/a/img/RageRacing3D.ic.png
- wac.1####.m####.net/a/img/SharkFever.ic.png
- wac.1####.m####.net/a/img/SlotMania.9.jpg
- wac.1####.m####.net/a/img/SlotsKingdom.9.jpg
- wac.1####.m####.net/a/img/SlotsKingdom.ic2.png
- wac.1####.m####.net/a/img/SolitaireM1.1.png
- wac.1####.m####.net/a/img/SolitaireM1.ic.png
- wac.1####.m####.net/a/img/SuperAdventuresofJabber.1.jpg
- wac.1####.m####.net/a/img/SuperAdventuresofJabber.ic.png
- wac.1####.m####.net/a/img/SuperJabberJump.2.jpg
- wac.1####.m####.net/a/img/SuperJabberJump3.1.jpg
- wac.1####.m####.net/a/img/SuperJabberJump3.ic.png
- wac.1####.m####.net/a/img/TowerWithFriends.1.png
- wac.1####.m####.net/a/img/WordBake.1.jpg
- wac.1####.m####.net/a/img/ZombieDefense.1.png
- wac.1####.m####.net/kids/img/PrincessFashionSalon3.1.jpg
- wac.1####.m####.net/metafun/img/Solitaire.6.png
- wac.1####.m####.net/metafun/img/TowerWithFriends.ic.png
Запросы HTTP POST:
- a####.u####.com/app_logs
- oc.u####.com/check_config_update
- pis.al####.com/p/pcdn/i.php?v=####
- pss.al####.com/iku/log/acc
- pss.al####.com/iku/log/acc?ver=####&flag=####&t=####&mytype=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/00c966ab-a0e2-455f-8575-d6cbb0070832.jar
- /data/data/####/0777cf6b-c8f5-4f6e-977e-c19e779e9771
- /data/data/####/Applock.splash
- /data/data/####/BilliardsMaster.splash
- /data/data/####/BilliardsMaster2.splash
- /data/data/####/BubbleBomb1.splash
- /data/data/####/BubbleBomb2.splash
- /data/data/####/BubbleOcean6.splash
- /data/data/####/BubblePop.splash
- /data/data/####/BubbleShooteFeb.splash
- /data/data/####/BubbleShooter.splash
- /data/data/####/BubbleShooter0622.splash
- /data/data/####/BubbleShooter12.splash
- /data/data/####/BubbleShooterBomb.splash
- /data/data/####/BubbleShooterDeluxe.splash
- /data/data/####/BubbleShooterElf.splash
- /data/data/####/BubbleShooterFour.splash
- /data/data/####/BubbleShooterJay.splash
- /data/data/####/BubbleShooterLegend.splash
- /data/data/####/BubbleShooterLegend2.splash
- /data/data/####/BubbleShooterNor.splash
- /data/data/####/BubbleShooterOcean.splash
- /data/data/####/BubbleShooterOcean2.splash
- /data/data/####/BubbleShooterOcean3.splash
- /data/data/####/BubbleShooterOcean5.splash
- /data/data/####/BubbleShooterSky.splash
- /data/data/####/BubbleShooterSky2.splash
- /data/data/####/BubbleShooterThre.splash
- /data/data/####/BubbleSky3.splash
- /data/data/####/BubbleSky4.splash
- /data/data/####/BubbleSky6.splash
- /data/data/####/BubbleSky8.splash
- /data/data/####/BubbleSky9.splash
- /data/data/####/BurgerTycoon2.splash
- /data/data/####/CandyCruise.splash
- /data/data/####/CandyFrenzy.splash
- /data/data/####/CandyFrenzy2.splash
- /data/data/####/CandyJourney.splash
- /data/data/####/CandyStar3.splash
- /data/data/####/CandyYum.splash
- /data/data/####/ChessFreeC.splash
- /data/data/####/ChessOnline.splash
- /data/data/####/CityRacing3D.splash
- /data/data/####/CityRacingLite.splash
- /data/data/####/ColorFidgetSpinner.splash
- /data/data/####/CookieCrush.splash
- /data/data/####/CookieParadiseM.splash
- /data/data/####/CookieYum.splash
- /data/data/####/CrazyCookingChef.splash
- /data/data/####/CrazyForSpeed.splash
- /data/data/####/DartsMaster.splash
- /data/data/####/FruitBreak.splash
- /data/data/####/FruitGarden.splash
- /data/data/####/FruitGardenBlast.splash
- /data/data/####/FruitParadise.splash
- /data/data/####/FruitsLegend.splash
- /data/data/####/FruitsLegend2.splash
- /data/data/####/JewelsLink.splash
- /data/data/####/MagicCharms.splash
- /data/data/####/MarbleAge.splash
- /data/data/####/MarbleLegend.splash
- /data/data/####/MarbleLegend2.splash
- /data/data/####/MotoExtreme.splash
- /data/data/####/MusicPlayer.splash
- /data/data/####/PinballGo.splash
- /data/data/####/PoolBallMaster.splash
- /data/data/####/PrincessFashionSalon3.splash
- /data/data/####/SUBOXLOG_
- /data/data/####/SlotMania.splash
- /data/data/####/SlotsKingdom.splash
- /data/data/####/Solitaire.splash
- /data/data/####/SolitaireM1.splash
- /data/data/####/SuperAdventuresofJabber.splash
- /data/data/####/SuperJabberJump.splash
- /data/data/####/SuperJabberJump3.splash
- /data/data/####/ToweWithFriends.splash
- /data/data/####/WordBake.splash
- /data/data/####/ZombieDefense.splash
- /data/data/####/app.more
- /data/data/####/cbPrefs.xml
- /data/data/####/com.vinpearl.pandabubbleohxr_preferences.xml
- /data/data/####/config.json
- /data/data/####/h.jar
- /data/data/####/h.xml
- /data/data/####/libpcdn_acc.zip
- /data/data/####/libpcdn_acc_new.so
- /data/data/####/mivmi.xml
- /data/data/####/mobclick_agent_header_com.vinpearl.pandabubbleohxr.xml
- /data/data/####/mobclick_agent_online_setting_com.vinpearl.pand...xr.xml
- /data/data/####/mobclick_agent_state_com.vinpearl.pandabubbleohxr.xml
- /data/data/####/pcdnconfigs.xml
- /data/data/####/pcdnconfigs.xml.bak
- /data/data/####/vmeni.db-journal
- /data/data/####/www.chartboost.com.443
- /data/data/####/zipdata.zip
- /data/media/####/7c8818e0b54505648c31ec132d64a3a7
- /data/media/####/__af_tmp
- /data/media/####/cl.tmp
- /data/media/####/img--1019467262_tmp
- /data/media/####/img--1070810371_tmp
- /data/media/####/img--1073477083_tmp
- /data/media/####/img--1074503969_tmp
- /data/media/####/img--1160809865_tmp
- /data/media/####/img--1243851113_tmp
- /data/media/####/img--1279376115_tmp
- /data/media/####/img--1286298969_tmp
- /data/media/####/img--1296576929_tmp
- /data/media/####/img--1337022488_tmp
- /data/media/####/img--1362357284_tmp
- /data/media/####/img--1399561349_tmp
- /data/media/####/img--1417006094_tmp
- /data/media/####/img--1438955288_tmp
- /data/media/####/img--1456089503_tmp
- /data/media/####/img--1492136869_tmp
- /data/media/####/img--1502927633_tmp
- /data/media/####/img--1544460828
- /data/media/####/img--1609911641_tmp
- /data/media/####/img--1631553423_tmp
- /data/media/####/img--163568782_tmp
- /data/media/####/img--166298531_tmp
- /data/media/####/img--1723083837_tmp
- /data/media/####/img--1760930022_tmp
- /data/media/####/img--180250436_tmp
- /data/media/####/img--1838275137_tmp
- /data/media/####/img--1924336470_tmp
- /data/media/####/img--1927978211_tmp
- /data/media/####/img--1956174329_tmp
- /data/media/####/img--1976067524_tmp
- /data/media/####/img--1979532700_tmp
- /data/media/####/img--1980948464_tmp
- /data/media/####/img--1990691734_tmp
- /data/media/####/img--1993111899_tmp
- /data/media/####/img--1994479240
- /data/media/####/img--2017912039_tmp
- /data/media/####/img--2049124267_tmp
- /data/media/####/img--346579021_tmp
- /data/media/####/img--381790099_tmp
- /data/media/####/img--49099191_tmp
- /data/media/####/img--506546030_tmp
- /data/media/####/img--624398703
- /data/media/####/img--629533416_tmp
- /data/media/####/img--650211290_tmp
- /data/media/####/img--663639244_tmp
- /data/media/####/img--737619548_tmp
- /data/media/####/img--7725863_tmp
- /data/media/####/img--780511676_tmp
- /data/media/####/img--784322144_tmp
- /data/media/####/img--83792363_tmp
- /data/media/####/img--92422249_tmp
- /data/media/####/img--925941968_tmp
- /data/media/####/img--949331019_tmp
- /data/media/####/img--956250896_tmp
- /data/media/####/img--987976165_tmp
- /data/media/####/img-1024013270_tmp
- /data/media/####/img-1039561907_tmp
- /data/media/####/img-1111529961_tmp
- /data/media/####/img-1125946042_tmp
- /data/media/####/img-1126869563_tmp
- /data/media/####/img-1182753785_tmp
- /data/media/####/img-1198698882_tmp
- /data/media/####/img-1209391746_tmp
- /data/media/####/img-1333581380_tmp
- /data/media/####/img-1355190780_tmp
- /data/media/####/img-1359150069_tmp
- /data/media/####/img-1420099547
- /data/media/####/img-1499012786_tmp
- /data/media/####/img-1501701178_tmp
- /data/media/####/img-1509859073_tmp
- /data/media/####/img-1544697469_tmp
- /data/media/####/img-1553669290_tmp
- /data/media/####/img-1578616441_tmp
- /data/media/####/img-1581537582_tmp
- /data/media/####/img-1613050566_tmp
- /data/media/####/img-1679241293_tmp
- /data/media/####/img-1701929763_tmp
- /data/media/####/img-1713215450
- /data/media/####/img-1725061375_tmp
- /data/media/####/img-1750967991_tmp
- /data/media/####/img-1787426032_tmp
- /data/media/####/img-1876188384_tmp
- /data/media/####/img-1910127766_tmp
- /data/media/####/img-1910537863_tmp
- /data/media/####/img-1953260670
- /data/media/####/img-2043165143_tmp
- /data/media/####/img-2043301404_tmp
- /data/media/####/img-2048654082_tmp
- /data/media/####/img-2098602095_tmp
- /data/media/####/img-28773653_tmp
- /data/media/####/img-400675995_tmp
- /data/media/####/img-422925753_tmp
- /data/media/####/img-43165706
- /data/media/####/img-440928423_tmp
- /data/media/####/img-470421709_tmp
- /data/media/####/img-471557960_tmp
- /data/media/####/img-471646388_tmp
- /data/media/####/img-486830391_tmp
- /data/media/####/img-504841046_tmp
- /data/media/####/img-523588638_tmp
- /data/media/####/img-563825098_tmp
- /data/media/####/img-580670509_tmp
- /data/media/####/img-581021177_tmp
- /data/media/####/img-589954808_tmp
- /data/media/####/img-614197497_tmp
- /data/media/####/img-642922916_tmp
- /data/media/####/img-697346527_tmp
- /data/media/####/img-708678872_tmp
- /data/media/####/img-720293095_tmp
- /data/media/####/img-740209092_tmp
- /data/media/####/img-797395145
- /data/media/####/img-804334263_tmp
- /data/media/####/img-82583643_tmp
- /data/media/####/img-864660242_tmp
- /data/media/####/img-864703610_tmp
- /data/media/####/img-930669387_tmp
- /data/media/####/img-98093305_tmp
- /data/media/####/myself.dat
Другие:
Загружает динамические библиотеки:
- libpcdn_acc
- pcdn_acc
Использует следующие алгоритмы для шифрования данных:
- PBEWithMD5AndDES
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
