Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Panda.5.origin
Загружает из Интернета следующие детектируемые угрозы:
- Adware.Panda.5.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) and####.yin####.tcc####.####.com:80
- TCP(HTTP/1.1) www.md####.cn:80
- TCP(HTTP/1.1) www.1####.com:80
- TCP(HTTP/1.1) h####.pic.m####.hk:80
- TCP(HTTP/1.1) po####.1####.mobi:80
- TCP(HTTP/1.1) ka####.1####.com:80
- TCP(HTTP/1.1) t####.wedo####.com:80
- TCP(HTTP/1.1) fcm####.go####.com:80
- TCP(HTTP/1.1) cdn.zs####.cn:8080
- TCP(HTTP/1.1) 1####.mobi:80
- TCP(HTTP/1.1) mang####.1####.mobi:80
- TCP(HTTP/1.1) mess####.1####.mobi:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) pic.1####.com:80
- TCP(HTTP/1.1) m####.1####.mobi:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(SSL/3.0) be####.wal####.com:443
- TCP(SSL/3.0) www.lola####.com:443
- TCP(TLS/1.0) 1####.mobi:443
- TCP(TLS/1.0) www.lola####.com:443
- TCP(TLS/1.0) 1####.217.17.46:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) be####.wal####.com:443
- TCP(TLS/1.0) acquisi####.wix.com:443
- TCP(TLS/1.0) odr.moo####.com:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) fcm####.go####.com:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) cm.g.doublec####.net:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) 2####.58.212.142:443
- TCP(TLS/1.0) adser####.go####.com:443
Запросы DNS:
- 1####.mobi
- acquisi####.wix.com
- adser####.go####.com
- and####.yin####.tcc####.####.com
- be####.wal####.com
- cdn.zs####.cn
- cm.g.doublec####.net
- f####.google####.com
- f####.gst####.com
- fcm####.go####.com
- fcm####.you####.com
- googl####.g.doublec####.net
- h####.pic.m####.hk
- ka####.1####.com
- m####.1####.mobi
- m####.hk
- mang####.1####.mobi
- mess####.1####.mobi
- odr.moo####.com
- pag####.googles####.com
- pic.1####.com
- po####.1####.mobi
- rel####.big####.1####.com
- s####.g.doublec####.net
- t####.wedo####.com
- tpc.googles####.com
- www.1####.com
- www.google-####.com
- www.googlea####.com
- www.lola####.com
- www.md####.cn
Запросы HTTP GET:
- 1####.mobi/c/111/4760?&_in_app=####&_udid=####&_model=####&_ov=####&_bra...
- 1####.mobi/c/113/4839?&_in_app=####&_udid=####&_model=####&_ov=####&_bra...
- 1####.mobi/c/115/5051?&_in_app=####&_udid=####&_model=####&_ov=####&_bra...
- cdn.zs####.cn:8080/resource/gis/45
- fcm####.go####.com/analytics.js
- fcm####.go####.com/collect?v=1&_v=j70&a=64382806&t=pageview&_s=1&dl=http...
- h####.pic.m####.hk/images/cartoons/13743-1.jpg
- h####.pic.m####.hk/images/cartoons/15789-111.jpg
- h####.pic.m####.hk/images/cartoons/15976-6c34a758152237c0d6e600abb0e7c2b...
- h####.pic.m####.hk/images/cartoons/15983-e746282e3d00b7a2af316926bcb1011...
- h####.pic.m####.hk/images/cartoons/16408-14aa9be97d3abd7e31e536052794ce9...
- h####.pic.m####.hk/images/cartoons/18397-f7873dd8a672efd2bb1e68e8cd3845a...
- h####.pic.m####.hk/images/novel_cover/09bf725252119d3cf1e34b1eb425f42c.jpg
- h####.pic.m####.hk/images/novel_cover/5fdba830936fc47958e073e2f2e971fe.jpg
- h####.pic.m####.hk/images/novel_cover/7f9152399996bc8b7d8ff7352218e569.jpg
- h####.pic.m####.hk/images/novel_cover/878bf80a5d2f2f6f4efb85eaff884cc9.jpg
- h####.pic.m####.hk/images/novel_cover/95fbb33e41638c5f9173b4e47ca8e159.jpg
- h####.pic.m####.hk/images/novel_cover/b8a93a30b68fba14bebac61eab70c990.jpg
- h####.pic.m####.hk/images/novel_cover/bd3b3cb4c90e77233f7fb7e7685aef04.jpg
- h####.pic.m####.hk/images/novel_cover/c37667e419d0ec0c85709609655fc9e6.jpg
- h####.pic.m####.hk/images/novel_cover/e047da1d444173668891a0b13ab71a43.jpg
- h####.pic.m####.hk/images/novel_cover/e4c284689cd25520587a32087113b2b3.jpg
- h####.pic.m####.hk/images/novel_cover/e641c4668f94fdb72253b314cdb3fa79.jpg
- h####.pic.m####.hk/images/novel_cover/ec33d452e2e1e1e17f68e02dbbe5dad2.jpg
- h####.pic.m####.hk/images/novel_cover/f27ddd04a0966dc1d6657e7dabf1febb.jpg
- ka####.1####.com/video_kankan_tags/v2/api/homePageVideoCollections/176?
- ka####.1####.com/video_kankan_tags/v2/api/homePageVideoCollections/1?
- ka####.1####.com/video_kankan_tags/v2/api/homePageVideoCollections/24?
- ka####.1####.com/video_kankan_tags/v2/api/homePageVideoCollections/59?
- ka####.1####.com/video_kankan_tags/v2/api/homePageVideoCollections/8?
- ka####.1####.com/video_kankan_tags/v2/api/homePageVideoCollections/99?
- ka####.1####.com/video_kankan_tags/v2/api/homePageVideoCollections?
- ka####.1####.com/video_kankan_tags/v2/api/messages?min_id=####
- m####.1####.mobi/api/detail/getBottomLink?_brand=####&_v=####&_udid=####...
- m####.1####.mobi/images/cartoons/0bd450d714529fc5139453a73e635dd0.jpg
- m####.1####.mobi/images/cartoons/13753-fm.jpg
- m####.1####.mobi/images/cartoons/13780-st.jpg
- m####.1####.mobi/images/cartoons/15558-mhfms.jpg
- m####.1####.mobi/images/cartoons/15981-67fd42da17377c92caf66311680d45fc....
- m####.1####.mobi/images/cartoons/16096-6d5c8eef29be05003a0e40f540cadd97....
- m####.1####.mobi/images/cartoons/16126-0276823854ce716f2235c21bbd574104....
- m####.1####.mobi/images/cartoons/16695-d9f64df144e90fed7a21002ee5966d87....
- m####.1####.mobi/images/cartoons/17006/00d56234b7b1a9ae16f63aca42108b45....
- m####.1####.mobi/images/cartoons/17162/bbe86bdcde64d24ab9cf4ac53571c94f....
- m####.1####.mobi/images/cartoons/17171/59478fa52e65b22a6aea57e65e2a4a6e....
- m####.1####.mobi/images/cartoons/17173/50573e1c7e5f782a67356874d72a87b9....
- m####.1####.mobi/images/cartoons/17185/cbc1df753160f871baa37e94463d9a99....
- m####.1####.mobi/images/cartoons/17187/a5973e220facd5cc8fdc7befa31483a2....
- m####.1####.mobi/images/cartoons/17722/df712e637baa21f80ca54445251fdff4....
- m####.1####.mobi/images/cartoons/18947/ff4def9468ac133b342ed7a5f1096064....
- m####.1####.mobi/images/cartoons/3953-gd.jpg
- m####.1####.mobi/images/cartoons/bb90f334715382881d01501b06599ea6.jpg
- m####.1####.mobi/images/novel_cover/02fd826f5be2be82eafb5d1e13f4600f.jpg
- m####.1####.mobi/images/novel_cover/07b418de5f92ed63e48301f767f4e2c6.jpg
- m####.1####.mobi/images/novel_cover/1adffc902adac3deac37aa4bfc0c0eee.jpg
- m####.1####.mobi/images/novel_cover/1e605ce8ed5fe98fb88f56a5119ce12b.jpg
- m####.1####.mobi/images/novel_cover/231489902b37bd90c5510846ee79b711.jpg
- m####.1####.mobi/images/novel_cover/32c2889320ad851264785b4e87f1287b.jpg
- m####.1####.mobi/images/novel_cover/3c58c784c53e74f42d7e91a074c57050.jpg
- m####.1####.mobi/images/novel_cover/44ee6f28982e95a91648a1d958aa7470.jpg
- m####.1####.mobi/images/novel_cover/4a2359a0d1c4b4522b5fbe95972ce4fb.jpg
- m####.1####.mobi/images/novel_cover/4a3a9c10b360e83a6f2d8faa12398518.jpg
- m####.1####.mobi/images/novel_cover/5602dcc5c2b0ae0881eb5dd066863e3f.jpg
- m####.1####.mobi/images/novel_cover/63a687a02fd948347de377f1ced948c5.jpg
- m####.1####.mobi/images/novel_cover/63d64e5879bf470f934caf7ceb08e2e7.jpg
- m####.1####.mobi/images/novel_cover/676cdd840a00209ba8bfb07dc2c9f4c7.jpg
- m####.1####.mobi/images/novel_cover/734b0826bb8b0dd30b9014d4dd00e712.jpg
- m####.1####.mobi/images/novel_cover/74de9efa6439aea2f1bc01d249aa9cdb.jpg
- m####.1####.mobi/images/novel_cover/8bfd85f5e0bcd2f0d3e83eb91ab1c6f3.jpg
- m####.1####.mobi/images/novel_cover/92957824a56307799ef90606fb660776.jpg
- m####.1####.mobi/images/novel_cover/991b73178fbc239fa2c1f058602e4ba1.jpg
- m####.1####.mobi/images/novel_cover/9a1437cfa1ae4ed3a6afb698d14b3708.jpg
- m####.1####.mobi/images/novel_cover/9b3103878eb7d9724cad34ad96ad6f53.jpg
- m####.1####.mobi/images/novel_cover/aa51fb3a4bfce3f938ce87e9b8d06735.jpg
- m####.1####.mobi/images/novel_cover/ab3090233e16ab04017f4292251b43d5.jpg
- m####.1####.mobi/images/novel_cover/af908314ebf4f31393b21e9e976a74ce.jpg
- m####.1####.mobi/images/novel_cover/b2069a7f5a065fb84babed37cc2bcd31.jpg
- m####.1####.mobi/images/novel_cover/bb78164bf4bb56147d42ff911556ace2.jpg
- m####.1####.mobi/images/novel_cover/c1b592848010f8acb9e4b0db256a247e.jpg
- m####.1####.mobi/images/novel_cover/c4524ebb9b91d904cef19b41da7489fd.jpg
- m####.1####.mobi/images/novel_cover/cd506ae96e48fd515db990b10f6d5e55.jpg
- m####.1####.mobi/images/novel_cover/d85a2dece9c73c08cd66b3fc0c8b8f37.jpg
- m####.1####.mobi/images/novel_cover/e4f267f04ff23e17a7908a2de1217125.jpg
- m####.1####.mobi/images/novel_cover/f0b33cf2b65beb30be08d082d84aad81.jpg
- m####.1####.mobi/images/novel_cover/ffe94b0d36527c993dae7b1fe7ccfd9d.jpg
- mang####.1####.mobi/api/cartooncontent/alsoLikes?_brand=####&_v=####&_ud...
- mang####.1####.mobi/api/detail/getComments2?_brand=####&_v=####&_udid=##...
- mang####.1####.mobi/api/detail/getInfo?_brand=####&_v=####&_udid=####&id...
- mang####.1####.mobi/bundle.js?153622####
- mang####.1####.mobi/css/app.css?149034####
- mang####.1####.mobi/detail/18382
- mang####.1####.mobi/detail?id=####&s####&_in_app=####&_udid=####&_model=...
- mang####.1####.mobi/images/bottomdownload.jpg
- mang####.1####.mobi/images/detail_revision/action_bar_3.png
- mang####.1####.mobi/images/detail_revision/action_bar_5.png
- mang####.1####.mobi/images/detail_revision/action_bar_7.png
- mang####.1####.mobi/images/detail_revision/drop_down.png
- mang####.1####.mobi/images/detail_revision/go_homepage.png
- mang####.1####.mobi/images/detail_revision/go_payment.png
- mang####.1####.mobi/images/detail_revision/middle_order_1.png
- mang####.1####.mobi/images/detail_revision/middle_update_1.png
- mang####.1####.mobi/images/detail_revision/more_intro.png
- mang####.1####.mobi/images/detail_revision/recommend_mark.png
- mang####.1####.mobi/images/detail_revision/sent_comment.png
- mang####.1####.mobi/images/detail_revision/watch_count.png
- mang####.1####.mobi/images/loading.gif
- mang####.1####.mobi/images/mouse.png
- mang####.1####.mobi/js/application.min.js?153622####
- mang####.1####.mobi/js/dependency-all.js
- mang####.1####.mobi/js/swiper/swiper.min.css
- mang####.1####.mobi/js/vendor.bundle.js?153605####
- mess####.1####.mobi/api/messages/list?_brand=####&_v=####&_udid=####&cal...
- mess####.1####.mobi/api/messages/listForYingshi?client-uid=####&min_id=#...
- pag####.googles####.com/pagead/js/adsbygoogle.js
- pag####.googles####.com/pagead/js/r20181001/r20180604/show_ads_impl.js
- pic.1####.com/video_kankan/images/homePageVideoCollectionItems/2543-1497...
- pic.1####.com/video_kankan/images/homePageVideoCollections/1-547c7ba25bb...
- pic.1####.com/video_kankan/images/homePageVideoCollections/24-57ff191c8d...
- pic.1####.com/video_kankan/images/homePageVideoCollections/59-527b364889...
- pic.1####.com/video_kankan/images/homePageVideoCollections/8-5345129d889...
- pic.1####.com/video_kankan/images/homePageVideoCollections/99-57074f1802...
- pic.1####.com/video_kankan/images/releases/111/4760-d01e42dfc00729bb1acd...
- pic.1####.com/video_kankan/images/releases/112/4911-1e9a15a7bbe68de5d353...
- pic.1####.com/video_kankan/images/releases/113/4839-b00255f8dc4a398d7c70...
- pic.1####.com/video_kankan/images/releases/114/2084-22fe1d158709a02b189f...
- pic.1####.com/video_kankan/images/releases/115/5051-d6040129b4085fe39f97...
- pic.1####.com/video_kankan/images/releases/122/5054-4b971234c14347180798...
- pic.1####.com/video_kankan/images/releases/136/1301-bc6525801d4c01e2f6f2...
- pic.1####.com/video_kankan/images/releases/161/1559-75f419b0cbf4adb49527...
- pic.1####.com/video_kankan/images/releases/177/1556-a3fdde582ad844eb860a...
- pic.1####.com/video_kankan/images/releases/178/1562-b15d003bdefe441e6b6c...
- pic.1####.com/video_kankan/images/releases/182/3193-0f3da81455c01374ca97...
- pic.1####.com/video_kankan/images/releases/184/1842-70288992667ccad849cf...
- pic.1####.com/video_kankan/images/releases/69/2074-566c650af48c567537dd6...
- pic.1####.com/video_kankan/images/releases/71/4501-1bfc6849084c2522b5b9b...
- pic.1####.com/video_kankan/images/releases/72/1055-835859e4adfcb06e2ffec...
- pic.1####.com/video_kankan/images/releases/79/4603-cce534afb71b7f971826a...
- pic.1####.com/video_kankan/images/releases/80/2382-cbaf860484fe71b0ab7b3...
- pic.1####.com/video_kankan/images/releases/81/4644-270b9e96a0e19f6d88432...
- pic.1####.com/video_kankan/images/videos/20096-p2285391089.jpg
- pic.1####.com/video_kankan/images/videos/3284-20255500ggg5.jpg
- po####.1####.mobi/js/sdk/1kxun_min.js
- t####.wedo####.com/js/websdk.js
- www.1####.com/mediacenter/qianxun_yingshi_new_client.xml?
- www.1####.com/mediacenter/qianxun_yingshi_setting.xml?
- www.google-####.com/analytics.js
- www.google-####.com/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####...
- www.google-####.com/collect?v=1&_v=j70&a=196784344&t=pageview&_s=1&dl=ht...
- www.google-####.com/collect?v=1&_v=j70&a=196784344&t=pageview&_s=2&dl=ht...
- www.google-####.com/collect?v=1&_v=j70&a=196784344&t=pageview&_s=3&dl=ht...
- www.google-####.com/r/collect?v=1&_v=j70&a=664917713&t=pageview&_s=1&dl=...
Запросы HTTP POST:
- and####.yin####.tcc####.####.com/api/upload.php
- t####.wedo####.com/api/sites
- www.md####.cn/pservers/loadip
Запросы HTTP OPTIONS:
- t####.wedo####.com/api/sites
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/IqJOa.zip
- /data/data/####/com.qianxun.yingshi_preferences.xml
- /data/data/####/message.zip
- /data/data/####/tcclick.db
- /data/data/####/tcclick.db-journal
- /data/data/####/tcclick.preferences.xml
- /data/data/####/userdata.db-journal
- /data/data/####/videodata.db
- /data/data/####/videodata.db-journal
- /data/media/####/.tcclick.udid
- /data/media/####/0B68D0568969F3BF7DAEB33D334E3658
- /data/media/####/0E0C8C9C37E9650F29166DFDF1302882
- /data/media/####/191699445CED39AFCBFE5B50564FA5B2
- /data/media/####/1ABA88F05EBDE6943339AC1C4E11110C
- /data/media/####/2B5610F697D985C52FCE975B4C035549
- /data/media/####/398E027BDAC795013C0420523903D854
- /data/media/####/44655B0929E9F3F6DB209C0F3566F83E
- /data/media/####/4A2E38D3888889EC52AE16E3A9869795
- /data/media/####/4D8FA191BC94C68592325DD405DAC25C
- /data/media/####/5D433FF30C13162DD7C8C204D7884C32
- /data/media/####/6AD414A35ABD1361614989113D944DF5
- /data/media/####/6DB817BAF9E16A0823186E47933D399A
- /data/media/####/950D3F129C57F6370ABF432FA279EDC3
- /data/media/####/A6729F73E741386D7265B38555633FC2
- /data/media/####/AAA25C6453BCB7A6B8FF4D84B664FBBB
- /data/media/####/AB2A461F9A3414C141C1368AD86C27DB
- /data/media/####/BB1176C20A628FD282DBE2F01D69D1BB
- /data/media/####/C189CAE9A1A2B0F86E0616AE5801DCE8
- /data/media/####/CB8BB53D4D3043316C32BF666B3293C6
- /data/media/####/D3DE8AA1E4B27042B73F07DC797ED1FE
- /data/media/####/DF8735F82873ED2155DA5132D53046E9
- /data/media/####/E020A4DAEA6BF7A912FAFDAA80CF1C69
- /data/media/####/EE5D1D50851BFD31972E4C373881B8D9
- /data/media/####/EFF5F49ECC3F6EC343429BDBCCBEEDC1
- /data/media/####/F0E66DA4A4D7A78AEAF4F7B20AFFB74E
- /data/media/####/F872953348633240A7EF6C98E97EF1E9
- /data/media/####/data.properties
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
Использует следующие алгоритмы для шифрования данных:
- AES
Использует следующие алгоритмы для расшифровки данных:
- AES-CFB-NoPadding
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Отрисовывает собственные окна поверх других приложений.
