Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Spy.127.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) pub.funs####.com:80
- TCP(HTTP/1.1) po.funs####.com:80
- TCP(HTTP/1.1) a####.funs####.com.####.com:80
- TCP(HTTP/1.1) s####.funs####.net:80
- TCP(HTTP/1.1) i####.funs####.com.####.com:80
- TCP(HTTP/1.1) m.i####.com:80
- TCP(HTTP/1.1) req.stara####.cn:2610
- TCP(HTTP/1.1) up####.v.qin####.com:80
- TCP(HTTP/1.1) agc.funs####.com:80
Запросы DNS:
- a####.funs####.com
- aa0.pub.funs####.com
- aa1.pub.funs####.com
- agc.funs####.com
- c####.funs####.com
- i####.funs####.com
- i####.funs####.com
- i####.funs####.com
- img.funs####.com
- m.i####.com
- po.funs####.com
- pub.funs####.com
- pv.funs####.com
- req.stara####.cn
- s####.funs####.net
- up####.funs####.com
Запросы HTTP GET:
- a####.funs####.com.####.com/mat/20180226102118-1486776.png
- agc.funs####.com/api/hotapp/?cl=####&ve=####&mac=####&uc=####
- agc.funs####.com/v5/video/filters?channel=####&cl=####&ve=####&mac=####&...
- agc.funs####.com/v5/video/play?id=####&cl=####&ve=####&mac=####&uc=####
- agc.funs####.com/v5/video/profile?id=####&cl=####&ve=####&mac=####&uc=####
- agc.funs####.com/v5/video/recommend?channel=####&fudid=####&cl=####&ve=#...
- agc.funs####.com/v5/video/relate?id=####&cl=####&ve=####&mac=####&uc=####
- agc.funs####.com/v5/video/retrieval?channel=####&pg=####&order=####&cate...
- agc.funs####.com/v5/video/subtitle?channel=####&cl=####&ve=####&mac=####...
- i####.funs####.com.####.com/sdw?oid=####&w=####&h=####
- m.i####.com/cfg/appkey-684f15fa71301257
- po.funs####.com/fpupdate/INI/config_update_funplayer.txt
- po.funs####.com/interface/?object_id=####&v=####&id=####&uid=####&os_ver...
- po.funs####.com/v5/config/cache?cl=####&ve=####
- po.funs####.com/v5/config/general?cl=####&ve=####
- po.funs####.com/v5/config/init?cl=####&ve=####&mac=####&uc=####
- po.funs####.com/v5/config/log?cl=####&ve=####&mac=####&uc=####
- po.funs####.com/v7/config/channel?cl=####&ve=####&mac=####&uc=####
- po.funs####.com/v7/config/homepage?cl=####&ve=####&mac=####&uc=####
- pub.funs####.com/interface/config?client=####&file=####&fmt=####&ver=####
- pub.funs####.com/interface/deliver?ap=####&deliver_ver=####&uid=####&mac...
- pub.funs####.com/interface/materials?ap=####&client=####&uid=####&mac=##...
- pub.funs####.com/interface/materials?ap=####&uid=####&mac=####&client=##...
- pub.funs####.com/interface/monitor?uid=####&mac=####&fck=####&mick=####&...
- s####.funs####.net/ecom_mobile/bootstrap?dev=####&ver=####&fudid=####&si...
- s####.funs####.net/ecom_mobile/fbuffer?dev=####&ver=####&fudid=####&sid=...
- s####.funs####.net/ecom_mobile/play?dev=####&ver=####&fudid=####&sid=###...
- s####.funs####.net/ecom_mobile/servicehb?dev=####&ver=####&fudid=####&si...
- up####.v.qin####.com/sdw?oid=####&w=####&h=####
Запросы HTTP POST:
- m.i####.com/rec/se?_iwt_t=####&sv=####
- req.stara####.cn:2610/pservers/loadgis
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.jg.ic
- /data/data/####/MATSharedPreferences.xml
- /data/data/####/_ire-journal
- /data/data/####/cn.com.mma.mobile.tracking.other.xml
- /data/data/####/fudid.xml
- /data/data/####/funshion.db-journal
- /data/data/####/funshion.xml
- /data/data/####/libjiagu880198070.so
- /data/data/####/peerid_config.xml
- /data/media/####/.fudid
- /data/media/####/053636d5a906bed46b29aa81a0096ab632cb5e6a.cache
- /data/media/####/072ef69977527f0868712839ef21b4bc7b786149.cache
- /data/media/####/14eb6542225e84b9cf093ae8f55d09dd5522ecc9.cache
- /data/media/####/17wx5kbjxzsbjngu4h2cthvc.0.tmp
- /data/media/####/19q15kjxhpu4bbogjnq83lyz8.0.tmp
- /data/media/####/1ckfw5yuqekiv3r4ffx0t1cm8.0.tmp
- /data/media/####/1gjzzl2lg4cuxp1iw62plboz5.0.tmp
- /data/media/####/1kjb1npp5x803m9h17b92jqv6.0.tmp
- /data/media/####/1uj6rk1vtncqskwjtnzsc1zm6.0.tmp
- /data/media/####/1ww066ksy1wcnwxjlkpvzvplv.0.tmp
- /data/media/####/1x6x8ozjzd2iwh5fhicre1las.0.tmp
- /data/media/####/1xzm1b204517mb40fgywtbho3.0.tmp
- /data/media/####/20sddlkhs4hj8dmsqyky9g96.0.tmp
- /data/media/####/24pe9zokc0gvr4qgh6r8ls4kc.0.tmp
- /data/media/####/25chlrg9tgph2zxdqsd9avlcb.0.tmp
- /data/media/####/26bghfdetrxwo82bskx81aiq.0.tmp
- /data/media/####/26fu75suw3mxfqbcybzjk8hi6.0.tmp
- /data/media/####/2eweat694hu10qmrccgmvbn7k.0.tmp
- /data/media/####/2l92p81v2jc12y31rj075wrbv.0.tmp
- /data/media/####/2ohuk6idsyejtxh5fu64d0n5d.0.tmp
- /data/media/####/2w1a20dgvjvmtmpn3qgxjdq62.0.tmp
- /data/media/####/311n9w5sb19hqb5fkcn1qamiu.0.tmp
- /data/media/####/37ok6qceo5aor7rr8obfk3rx.0.tmp
- /data/media/####/38xqtn9i7i7k3sggen58tfwcg.0.tmp
- /data/media/####/39tmwld451r24kj15s8lknr9u.0.tmp
- /data/media/####/3a0he5cnrxuatuhtl8367v1z5.0.tmp
- /data/media/####/3bojq7xebloasgot4nfep2zhk.0.tmp
- /data/media/####/3cl9yiyvaefg984qrg7b6oizt.0.tmp
- /data/media/####/3r5kgd5mb8xywgvqri58npf90.0.tmp
- /data/media/####/3rmei06yk2nmh8ze4u3x6nu3a.0.tmp
- /data/media/####/3u1vq8xrgq7jw3jibts1gkmmx.0.tmp
- /data/media/####/3wkkad3697ev61udmlfdrmgt0.0.tmp
- /data/media/####/3ykqng2f6thlwd0t9fxua1db7.0.tmp
- /data/media/####/3yyvcjasn483og3bknn7fl7gx.0.tmp
- /data/media/####/42rdkiej2voi4mcgaqe26etwo.0.tmp
- /data/media/####/47q8zq6k64ri2fob7frozlra6.0.tmp
- /data/media/####/48s65knva5r033rnur41gljoe.0.tmp
- /data/media/####/49p33ymiz1w4qkzc72gm8y6k9.0.tmp
- /data/media/####/4asl8m0gt8rfu8k4441fktqeu.0.tmp
- /data/media/####/4e0tfyxloctxcbhw7qe9wzupy.0.tmp
- /data/media/####/4grl1xzqb2pv4dxaa7wq4h0bc.0.tmp
- /data/media/####/4u4pdw6dsjmoi3m64t0f4a1s2.0.tmp
- /data/media/####/4vw83u6govntxumknaanaqo76.0.tmp
- /data/media/####/4z7o49og0vjewnke722wcsi0x.0.tmp
- /data/media/####/4zmekx9t4x8r13ywflwn1haag.0.tmp
- /data/media/####/56cfk2x8rgx9ujclp0ne43zi6.0.tmp
- /data/media/####/57raro5my8g02hc4uizota8iu.0.tmp
- /data/media/####/5a5xmrstjh5gf0s508gohn9og.0.tmp
- /data/media/####/5aho0gr3y6rcplqrf391o3dvs.0.tmp
- /data/media/####/5c1573594631bc11f69618aea5169b6093b8010c.cache
- /data/media/####/5h8oetszh1ovxbij3prroq63a.0.tmp
- /data/media/####/5qxzw9acjc0jjsvb1c64s4njw.0.tmp
- /data/media/####/5y2vxp5nkrefuraf2bgsime5c.0.tmp
- /data/media/####/6133hvc7y9tjd9mlx0x46vs8t.0.tmp
- /data/media/####/69rtowbwgefv43558dudqqy73.0.tmp
- /data/media/####/69vc8eof18kw6lnlx8gm9wihh.0.tmp
- /data/media/####/6af3bd41b90cf6fd96b2db521526740e28d9db51
- /data/media/####/6m4fefs4jijq3pf597p4evgbt.0.tmp
- /data/media/####/6mousqpvk0y9dhpgrv6z9kq7t.0.tmp
- /data/media/####/6occ6rzwicz6gear8yubir30r.0.tmp
- /data/media/####/6wky0hq1o25ahvvm56xm2e313.0.tmp
- /data/media/####/6xbkuy1yudqwxyk93jyfw2pg1.0.tmp
- /data/media/####/6y0ijdikmxd2oooc6ls7ylgcw.0.tmp
- /data/media/####/6yx9r3nx86yrpd9fgwzjkobh0.0.tmp
- /data/media/####/7622f805460df19838d8a3025521d278c3e501b2.cache
- /data/media/####/7j3ureyfwfyg92h3gw44ye2jz.0.tmp
- /data/media/####/ba9cdea99c77e71cd6a489b657c0a4ac5f5d7317.cache
- /data/media/####/bd13d96c280601a05a979119a6e980ceb6ea5c2b.cache
- /data/media/####/be86f586bf4415e3a19ca7e18bcc485854edf5e7.cache
- /data/media/####/cache.rules.tmp
- /data/media/####/cfd10906e517b9f69be01d451ff0004430603b9b.cache
- /data/media/####/config.ini.tmp
- /data/media/####/efb267d6efe975dca2eddd663ca550e6f6509c31.cache
- /data/media/####/f5pdwupp5yvyf7jw2ou3hr65.0.tmp
- /data/media/####/fbeldygip5dop87l802s3kc5.0.tmp
- /data/media/####/funshion.ini
- /data/media/####/funshion_aphone_8.1.3_afaf328d96d5_20181123.log
- /data/media/####/journal.tmp
- /data/media/####/lktiqdqd386iol920ynllmzd.0.tmp
- /data/media/####/obotwrovghiiiwd65hm1adac.0.tmp
- /data/media/####/ors246c4mk1xah3rsirfvigd.0.tmp
- /data/media/####/p2p_config.ini
- /data/media/####/vqt29fw512fh2et42tbmmx11.0.tmp
- /data/media/####/ysqpi2gbb6fuvt6fh2agyelp.0.tmp
Другие:
Загружает динамические библиотеки:
- fsp2p
- fsplayer_arm
- libjiagu880198070
- loginclient
- lsv
- mresearch
Использует следующие алгоритмы для шифрования данных:
- AES
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- DES-CBC-PKCS5Padding
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
