Техническая информация
Вредоносные функции:
Скрывает свою иконку с экрана.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) secure-####.imrworl####.com:80
- TCP(HTTP/1.1) cd####.imrworl####.com:80
- TCP(HTTP/1.1) m####.ad####.org:80
- TCP(HTTP/1.1) pixe####.rubicon####.com:80
- TCP(HTTP/1.1) on####.mgr.cons####.org:80
- TCP(HTTP/1.1) 2-01-27####.cdx.ced####.net:80
- TCP(HTTP/1.1) d2lcoyv####.cloudf####.net:80
- TCP(HTTP/1.1) adadv####.net:80
- TCP(HTTP/1.1) pbtngx-####.nu####.net:80
- TCP(HTTP/1.1) im####.google####.com:80
- TCP(HTTP/1.1) aa.a####.com:80
- TCP(HTTP/1.1) de5zarw####.cloudf####.net:80
- TCP(HTTP/1.1) p####.mat####.com.####.net:80
- TCP(HTTP/1.1) cm.g.doublec####.net:80
- TCP(HTTP/1.1) stickya####.com.edg####.net:80
- TCP(HTTP/1.1) optimiz####.4wnet####.com:80
- TCP(HTTP/1.1) js.a####.com:80
- TCP(HTTP/1.1) pubm####.edg####.net:80
- TCP(HTTP/1.1) s####.search####.spotxch####.####.net:80
- TCP(HTTP/1.1) cdn.elast####.net:80
- TCP(HTTP/1.1) www.a####.it:80
- TCP(HTTP/1.1) s####.mat####.com:80
- TCP(HTTP/1.1) x.bidsw####.net:80
- TCP(HTTP/1.1) www.game####.xyz:80
- TCP(HTTP/1.1) a.rf####.com.####.net:80
- TCP(HTTP/1.1) d####.a####.com:80
- TCP(HTTP/1.1) tpc.googles####.com:80
- TCP(HTTP/1.1) onetag####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) s0.2####.net:443
- TCP(TLS/1.0) t####.adfor####.ak####.net:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) on####.mgr.cons####.org:443
- TCP(TLS/1.0) adser####.go####.nl:443
- TCP(TLS/1.0) secure-####.imrworl####.com:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) winniex####.nu####.net:443
- TCP(TLS/1.0) onetag####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP(TLS/1.0) adser####.go####.com:443
Запросы DNS:
- 4####.nu####.net
- aa.a####.com
- adadv####.net
- ads.pubm####.com
- ads.stickya####.com
- adser####.go####.com
- adser####.go####.nl
- cd####.imrworl####.com
- cdn.elast####.net
- cm.g.doublec####.net
- d.a####.com
- d2lcoyv####.cloudf####.net
- de5zarw####.cloudf####.net
- dmp.ad####.net
- im####.google####.com
- js.a####.com
- m####.ad####.org
- on####.mgr.cons####.org
- onetag####.com
- onetag####.com
- onetag-####.nu####.net
- optimiz####.4wnet####.com
- p####.mat####.com
- p.rf####.com
- pag####.googles####.com
- pixe####.rubicon####.com
- rtb-c####.smartad####.com
- s####.g.doublec####.net
- s####.mat####.com
- s####.se####.spotxch####.com
- s0.2####.net
- secur####.imrworl####.com
- securep####.g.doublec####.net
- tpc.googles####.com
- www.a####.it
- www.face####.com
- www.game####.xyz
- www.go####.com
- www.go####.nl
- www.google-####.com
- www.googlet####.com
- x.bidsw####.net
Запросы HTTP GET:
- 2-01-27####.cdx.ced####.net/redir/?partnerid=####&partneruserid=####&red...
- a.rf####.com.####.net/cm?in=####&pub=####&ssp=####
- aa.a####.com/adscores/g.pixel?sid=####
- aa.a####.com/adscores/g.pixel?sid=####&gdpr=####&gdpr_consent=####
- aa.a####.com/adscores/g.pixel?sid=####&mt=####
- aa.a####.com/adscores/g.pixel?sid=####&tdid=####&&bounced=####
- adadv####.net/adscores/g.pixel?sid=####&tdid=####
- cd####.imrworl####.com/ci/ansa-it.json
- cd####.imrworl####.com/conf/config250.js
- cd####.imrworl####.com/novms/html/ls.html
- cd####.imrworl####.com/novms/js/2/nlsSDK600.bundle.min.js
- cdn.elast####.net/native/serve/js/nativeEmbed.gz.js
- cdn.elast####.net/native/serve/js/quantx/nativeEmbed.gz.js
- cdn.elast####.net/native/serve/js/quantx/prebid.gz.js?v=####
- cm.g.doublec####.net/pixel?google_nid=####&googl####&no_r=####
- cm.g.doublec####.net/pixel?google_nid=####&google_cm=####&no_r=####&goog...
- d####.a####.com/iframe/8613/?che=390193991&url=http://www.ansa.it/?refre...
- d####.a####.com/iframe/8613/?che=495423318&url=http://www.ansa.it/?refre...
- d####.a####.com/pixel/2610/?sk=####&pd=####&puid=####&ex=####&exc=####&a...
- d2lcoyv####.cloudf####.net/native/placements/ansa.it/pconfig?r=####
- de5zarw####.cloudf####.net/native/placements/ansa.it/pconfig?r=####
- im####.google####.com/js/core/bridge3.257.0_en.html
- im####.google####.com/js/sdkloader/ima3.js
- js.a####.com/prod/v0/tag.js
- m####.ad####.org/track/cmb/generic?ttd_pid=####&ttd_tpi=####&gdpr=####&g...
- m####.ad####.org/track/cmf/generic?ttd_pid=####&ttd_tpi=####&gdpr=####&g...
- m####.ad####.org/track/cmf/generic?ttd_pid=####&ttd_tpi=####&gpdr=####&g...
- on####.mgr.cons####.org/new_local/?1542622####
- on####.mgr.cons####.org/sync/i,1/6f195bf3-1954-4900-ad57-a72f630d9fbc
- on####.mgr.cons####.org/sync/i,13/4177224525443031830
- on####.mgr.cons####.org/sync/i,19/?no_r=####&google_error=####
- on####.mgr.cons####.org/sync/i,29/?tdid=####&ttl=####
- on####.mgr.cons####.org/sync/i,30/2529b708-fcc6-423a-bfb9-c140f2c37a15
- onetag####.com/main.js
- onetag####.com/res/new_onetag.js?1542622####
- onetag####.com/sync/i,1/6f195bf3-1954-4900-ad57-a72f630d9fbc
- onetag####.com/sync/i,3/?UID=####&dp-1313=####&sessionId=####
- optimiz####.4wnet####.com/asset/css/vidIMA.min.css
- optimiz####.4wnet####.com/asset/js/allscriptIMA.min.js
- optimiz####.4wnet####.com/hit.php?sid=####&pid=####&did=####
- optimiz####.4wnet####.com/impression.php?code=####&otd=####&oti=####&GDP...
- optimiz####.4wnet####.com/impression_async.php?async=####&code=####&newt...
- optimiz####.4wnet####.com/js/as_loader_video.js
- optimiz####.4wnet####.com/js/neustar.js
- optimiz####.4wnet####.com/js/nmc.js
- optimiz####.4wnet####.com/js/nuggad.js
- optimiz####.4wnet####.com/js/sdk.min.js
- optimiz####.4wnet####.com/js/video_impression.js?v=####
- optimiz####.4wnet####.com/js/video_loader_new.min.js
- optimiz####.4wnet####.com/nug.php?data=####&d10=####&d11=####&d12=####&d...
- optimiz####.4wnet####.com/ot.php?code=####
- optimiz####.4wnet####.com/simply_loader.js?4wvideo=####
- p####.mat####.com.####.net/sync/img/?mt_exid=####&mt_exuid=####
- p####.mat####.com.####.net/sync/img?redir=/aa.agkn.com/adscores/g.pixel?...
- pag####.googles####.com/pagead/gen_204?request_type=####&admob=####&lid=...
- pag####.googles####.com/pagead/gen_204?rt=####&lid=####&sdkv=####&id=###...
- pbtngx-####.nu####.net/rc?nuggn=1617934467&nuggsid=1525092622&nuggrid=ht...
- pixe####.rubicon####.com/exchange/sync.php?p=####
- pubm####.edg####.net/AdServer/js/user_sync.html?p=####&predirect=####
- s####.mat####.com/sync/img?mt_exid=####&redir=####
- s####.search####.spotxch####.####.net/partner?redir=####
- s####.search####.spotxch####.####.net/partner?redir=####&__user_check__=...
- secure-####.imrworl####.com/cgi-bin/m?rnd=1542670023818&ci=ansa-it&js=1&...
- secure-####.imrworl####.com/storageframe.html
- secure-####.imrworl####.com/v60.js
- stickya####.com.edg####.net/cookie-forwarding?id=####
- stickya####.com.edg####.net/data-registering?dataProviderId=####&d1=####...
- stickya####.com.edg####.net/vast/vpaid-adapter/6375361
- tpc.googles####.com/safeframe/1-0-31/html/container.html
- www.a####.it/
- www.a####.it/?refres####
- www.a####.it/ads.js
- www.a####.it/meteo/img/icone_meteo/small_png/coperto_neve_forte.png
- www.a####.it/meteo/img/icone_meteo/small_png/molto_nuvoloso.png
- www.a####.it/meteo/img/icone_meteo/small_png/neve_debole.png
- www.a####.it/meteo/img/icone_meteo/small_png/nuvoloso_70.png
- www.a####.it/meteo/img/icone_meteo/small_png/parzialmente_nuvoloso.png
- www.a####.it/meteo/img/icone_meteo/small_png/pioggia_30.png
- www.a####.it/meteo/img/icone_meteo/small_png/pioggia_neve.png
- www.a####.it/meteo/img/icone_meteo/small_png/pioviggine_30.png
- www.a####.it/meteo/img/icone_meteo/small_png/temporale.png
- www.a####.it/meteo/img/icone_meteo/small_png/var_rovesci_30.png
- www.a####.it/meteo/img/icone_meteo/small_png/var_temporale_lieve.png
- www.a####.it/sito/css/1010144354_css-head.css
- www.a####.it/sito/img/bk_bot_menu.png
- www.a####.it/sito/img/bk_header.png
- www.a####.it/sito/img/bk_label_special.png
- www.a####.it/sito/img/black_gradient.png
- www.a####.it/sito/img/bt_header_ultimaora.png
- www.a####.it/sito/img/dot_1x4_gray.png
- www.a####.it/sito/img/dot_4x1_gray.png
- www.a####.it/sito/img/dot_5x1_gray.png
- www.a####.it/sito/img/ico/ansa-57-precomposed.png
- www.a####.it/sito/img/ico/favicon.ico
- www.a####.it/sito/img/ico_services_footer.png
- www.a####.it/sito/img/ico_spread_up.png
- www.a####.it/sito/img/ico_stock_dwn.png
- www.a####.it/sito/img/ico_stock_up.png
- www.a####.it/sito/img/icone_top_mobile.png
- www.a####.it/sito/img/lazy.png
- www.a####.it/sito/img/sep_green.png
- www.a####.it/sito/img/sep_mm_content.png
- www.a####.it/sito/img/sprite.png?2016####
- www.a####.it/sito/img/sprite_mobile.png?2015####
- www.a####.it/sito/img/sprite_mobile.png?2016####
- www.a####.it/sito/js/1010144354_js-head-pack.js
- www.a####.it/sito/js/adv_pathDecode.js?0####
- www.a####.it/sito/js/jquery-1.10.2.min.js
- www.a####.it/webimages/img_135x76/2018/11/19/023947ff12d81a3b9c7f2081bee...
- www.a####.it/webimages/img_135x76/2018/11/19/30ad8e3857039ceab483a0aa324...
- www.a####.it/webimages/img_135x76/2018/11/19/94f8d6bf27e0072ba700603b2d0...
- www.a####.it/webimages/img_135x76/2018/11/19/a6bc75de3f7b407993f1ee6ad63...
- www.a####.it/webimages/img_135x76/2018/11/19/c69692576d55910be70f0145276...
- www.a####.it/webimages/img_135x76/2018/11/19/dcf27cb5166b5e73e8e8d61a195...
- www.a####.it/webimages/img_141x127/2018/11/17/6cf7e02b4d722cdfee9cb278f7...
- www.a####.it/webimages/img_141x127/2018/11/19/658073515f725680a0624721a0...
- www.a####.it/webimages/img_141x127/2018/11/19/9f386514d8daa13240abb45982...
- www.a####.it/webimages/img_141x127/2018/11/19/e22c69d99fa4ef41eddf5e7672...
- www.a####.it/webimages/img_300x200/2018/11/14/359d2fdf9d269b354f3360a241...
- www.a####.it/webimages/img_300x200/2018/11/14/d620eba5bcfc7b552960e6d693...
- www.a####.it/webimages/img_300x200/2018/11/15/5b91e1c9875fb6e8b2f8d0373d...
- www.a####.it/webimages/img_300x200/2018/11/17/942343909675031ab2920df846...
- www.a####.it/webimages/img_300x200/2018/11/18/374d59af5cb7b2bf7e60be9a42...
- www.a####.it/webimages/img_300x200/2018/11/18/b2c0e9ad437c790c6d80e3c403...
- www.a####.it/webimages/img_300x200/2018/11/19/2828bf6f2fc4a73d8aee4bd056...
- www.a####.it/webimages/img_300x200/2018/11/19/f3791ec6ef112f02d9dcf58352...
- www.a####.it/webimages/img_300x200/2018/9/23/4242fc6797d44dd84b0cf00f6a7...
- www.a####.it/webimages/img_300x200/2018/9/25/91dfc61610d74e55a161b33db6a...
- www.a####.it/webimages/img_300x200/2018/9/25/ae243c278341ba7307991f3335d...
- www.a####.it/webimages/img_395x275/2010/1/2/2cc0a65348b0eea7200b29ebf111...
- www.a####.it/webimages/img_395x275/2013/12/18/5ff3e8b5b7fb584226f0b61845...
- www.a####.it/webimages/img_395x275/2017/11/22/f0ce302541ec65bba39a57d403...
- www.a####.it/webimages/img_395x275/2018/11/15/4f075cc61cf34ac421325487de...
- www.a####.it/webimages/img_395x275/2018/11/15/b4562705d2c3825bcfd517a909...
- www.a####.it/webimages/img_395x275/2018/11/16/9971884631e12015e5a2388fac...
- www.a####.it/webimages/img_395x275/2018/11/18/0ec22db7df38092a11d39c987d...
- www.a####.it/webimages/img_395x275/2018/11/18/7bb1853d9f5d0ecddd70b5374b...
- www.a####.it/webimages/img_395x275/2018/11/19/8307ba5b654c11d64c83dea76f...
- www.a####.it/webimages/img_395x275/2018/11/19/edc4652c88c993ba518ea44154...
- www.a####.it/webimages/img_395x275/2018/8/27/86a7649afdd29366d60a13bb610...
- www.a####.it/webimages/img_395x275/2018/9/9/7e1da8239f4dbf56e9f1df96a360...
- www.a####.it/webimages/img_457x260/2018/11/19/78ef000df841dcc790cfbb31c0...
- www.a####.it/webimages/img_457x260/2018/11/19/cfaa78f32f9e5be1f3897a0013...
- www.a####.it/webimages/img_620x438/2018/11/19/abf8c1e4ae4d1b7392394f8845...
- www.game####.xyz/wp-content/uploads/2018/08/red-dead-redemption-2-560x39...
- x.bidsw####.net/sync?dsp_id=####&user_id=####&expires=####&ssp=####
- x.bidsw####.net/sync?ssp=####
- x.bidsw####.net/ul_cb/sync?ssp=####
Запросы HTTP POST:
- on####.mgr.cons####.org/pong/
Запросы HTTP OPTIONS:
- onetag####.com/pong/
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/COM_V4_V4_DB
- /data/data/####/COM_V4_V4_DB-journal
- /data/data/####/SQLiteSimpleDatabaseApplication.xml
- /data/data/####/SQLiteSimpleDatabaseHelper.xml
Другие:
Использует следующие алгоритмы для расшифровки данных:
- DES
Содержит функциональность для автоматической отправки SMS.
