Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.122.origin
- Android.DownLoader.638
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) s####.ssl.qih####.com:80
- TCP(HTTP/1.1) sh####.360.cn:80
- TCP(HTTP/1.1) zhu####.360.cn:80
- TCP(HTTP/1.1) m####.360.com:80
- TCP(HTTP/1.1) mvp.me####.com:80
- TCP(HTTP/1.1) w.q####.com:80
- TCP(HTTP/1.1) p1.q####.com:80
- TCP(HTTP/1.1) m.3####.cn:80
- TCP(HTTP/1.1) mate####.me####.com:80
- TCP(HTTP/1.1) p1.ssl.q####.com:80
- TCP(HTTP/1.1) s####.m.me####.com:80
- TCP(HTTP/1.1) hao####.q####.com:80
- TCP(HTTP/1.1) s0.q####.com:80
- TCP(SSL/3.0) p3.ssl.q####.com:443
- TCP(SSL/3.0) p5.ssl.q####.com:443
- TCP(TLS/1.0) ssl.gst####.com:443
- TCP(TLS/1.0) p1.ssl.q####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) p5.ssl.q####.com:443
- TCP(TLS/1.0) 1####.217.17.78:443
- TCP(TLS/1.0) p3.ssl.q####.com:443
Запросы DNS:
- a.alli####.com
- a1.alli####.com
- a2.alli####.com
- hao####.q####.com
- m####.360.com
- m.3####.cn
- m.i360####.com
- mate####.me####.com
- mvp.me####.com
- p0.q####.com
- p0.ssl.q####.com
- p1.q####.com
- p1.ssl.q####.com
- p15.q####.com
- p16.q####.com
- p17.q####.com
- p18.q####.com
- p19.q####.com
- p2.q####.com
- p2.q####.com
- p2.ssl.q####.com
- p3.q####.com
- p3.q####.com
- p3.ssl.q####.com
- p4.q####.com
- p4.q####.com
- p4.ssl.q####.com
- p5.q####.com
- p5.q####.com
- p5.ssl.q####.com
- p6.q####.com
- p6.q####.com
- p7.q####.com
- p8.q####.com
- p9.q####.com
- p9.q####.com
- s####.m.me####.com
- s####.ssl.qih####.com
- s0.q####.com
- s1.q####.com
- s3.q####.com
- s8.q####.com
- sh####.360.cn
- ssl.gst####.com
- w.q####.com
- www.go####.com
- www.gst####.com
- zhu####.360.cn
Запросы HTTP GET:
- hao####.q####.com/haopv.gif?b=####&a=####&u=####&id=####&c=####&r=####&t...
- hao####.q####.com/haouv.gif?b=####&a=####&u=####&id=####&c=####&r=####&t...
- m####.360.com/xia/?utm_source=####&utm_medium=####
- m.3####.cn/?pd=####
- m.3####.cn/classify.html
- mate####.me####.com/bjjs/sdk/v171/ads_0.1.7.1.jar
- p1.q####.com/d/_mobilesafe/padsafe/2.png
- p1.q####.com/d/_mobilesafe/padsafe/4.png
- p1.q####.com/d/_mobilesafe/padsafe/5.png
- p1.q####.com/d/_mobilesafe/padsafe/6.png
- p1.q####.com/d/_mobilesafe/padsafe/7.png
- p1.q####.com/d/_mobilesafe/padsafe/8.png
- p1.q####.com/d/_mobilesafe/padsafe/banner.jpg
- p1.q####.com/d/_mobilesafe/padsafe/bannerbg.jpg
- p1.q####.com/d/_mobilesafe/padsafe/cur.gif
- p1.q####.com/d/_mobilesafe/padsafe/divline.gif
- p1.q####.com/d/_mobilesafe/padsafe/footerbg.jpg
- p1.q####.com/d/_mobilesafe/padsafe/h3num.gif
- p1.q####.com/d/_mobilesafe/padsafe/headerbg.gif
- p1.q####.com/d/_mobilesafe/padsafe/logo.gif
- p1.q####.com/d/_mobilesafe/padsafe/logo2.gif
- p1.q####.com/d/inn/2edf2228/aqrj/Box_60.png
- p1.q####.com/d/inn/2edf2228/aqrj/MobileSafe_60.png
- p1.q####.com/d/inn/2edf2228/aqrj/weishi_60.png
- p1.q####.com/t0105139de64586cf40.png
- p1.q####.com/t010fa93a99715aad32.png
- p1.q####.com/t0113fd57fbb3e42128.png
- p1.q####.com/t0119fe44032e56eeaa.jpg
- p1.q####.com/t012320e7677a2a8613.jpg
- p1.q####.com/t013811c7342a47c68c.png
- p1.q####.com/t0139160967cf4ebbca.png
- p1.q####.com/t0139a3cf9218887d3d.png
- p1.q####.com/t0148544067be7fcaa3.png
- p1.q####.com/t01499f9646e1e491ae.png
- p1.q####.com/t015c4a525a2379d9f6.png
- p1.q####.com/t0167c1a687a2327e07.png
- p1.q####.com/t0173d714f288c25f40.png
- p1.q####.com/t0174d25cfee31c5646.png
- p1.q####.com/t0176919631a43c2947.png
- p1.q####.com/t017796b49e636afdd7.png
- p1.q####.com/t017d865e2942ac649e.png
- p1.q####.com/t0189741dcf6c159d34.png
- p1.q####.com/t018da0363a6accda6f.png
- p1.q####.com/t01926a306f89be23f3.jpg
- p1.q####.com/t0192c6a682125e6cc9.png
- p1.q####.com/t01946e38139012bf1a.png
- p1.q####.com/t019a6abf63f83db386.png
- p1.q####.com/t019de0dc44461f7014.png
- p1.q####.com/t01a03df1ddec4c9046.png
- p1.q####.com/t01a1539e3423346062.png
- p1.q####.com/t01aba831f3e831c0e7.jpg
- p1.q####.com/t01abe6ce0386485d19.png
- p1.q####.com/t01ac094f0e7138f4c1.png
- p1.q####.com/t01afcf01811882a85c.jpg
- p1.q####.com/t01b3e0c9175d6001ec.png
- p1.q####.com/t01b792441769dbca78.png
- p1.q####.com/t01b8a8b3826fb339af.png
- p1.q####.com/t01bab71ba2109b4cb4.png
- p1.q####.com/t01bb0702972df1db2b.png
- p1.q####.com/t01bccedbc0d45dd194.png
- p1.q####.com/t01bf316526ce779270.jpg
- p1.q####.com/t01c0561be4b31c1466.png
- p1.q####.com/t01c19a74efd704fac7.png
- p1.q####.com/t01c5bfd5968d038a63.png
- p1.q####.com/t01c66a355347d72ec4.png
- p1.q####.com/t01ca52fce5c3fdc29f.png
- p1.q####.com/t01cbde8755c0c23978.jpg
- p1.q####.com/t01d0899e64eb0c2fcc.png
- p1.q####.com/t01d7427e1f6239b1b1.png
- p1.q####.com/t01da6c6e408cf349fa.png
- p1.q####.com/t01dc430e8c4fbc2aee.png
- p1.q####.com/t01dd057241efdad2ad.png
- p1.q####.com/t01dfc013c7b3c21ac3.png
- p1.q####.com/t01e2a809acc329ae82.png
- p1.q####.com/t01e4c126e44c6e0e47.png
- p1.q####.com/t01e78a12d6bbaa1a53.png
- p1.q####.com/t01ecc3b6b24e7bdbd8.png
- p1.q####.com/t01f025a32b676961bb.jpg
- p1.q####.com/t01f222be1309c2fd7f.png
- p1.q####.com/t01f8ae6ea3d7f727ff.png
- p1.q####.com/t01f9b7903b471806d0.png
- p1.q####.com/t01fb225170c5a262ee.jpg
- p1.ssl.q####.com/t01d587807f29bd1219.jpg
- s####.m.me####.com/s?adspaceid=####&os=####&imei=####&imei_md5=####&imsi...
- s####.m.me####.com/s?switch=1?os=####&imei=####&imsi=####&mac=####&model...
- s####.m.me####.com/update?sdkv=####
- s####.ssl.qih####.com/mobilesafe/shouji360/360safesis/360PadSafe_3.2.2.apk
- s0.q####.com/!a04eed30/monitor131227.js
- s0.q####.com/static/24fee17ef5eeefee/zepto_touch_fx.112.js
- s0.q####.com/static/92642666da227923/carousel.1.0.4.js
- s0.q####.com/static/c8b7de8c67377042/widget.1.0.2.js
- sh####.360.cn/pop/360padsafe/index.html
- w.q####.com/images/v2/360ms/shouji.360.cn/images/battery/weibo.png
- w.q####.com/images/v2/site/mse/images/qs1.jpg
- zhu####.360.cn/script/360mobilemgrdownload.js
Запросы HTTP POST:
- mvp.me####.com/t?type=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.lostjiagu
- /data/data/####/Skateboard.ini
- /data/data/####/classes.jar
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dbDDDD-journal
- /data/data/####/dynamic.jar
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/index
- /data/data/####/libjiagu.so
- /data/data/####/mv_crash.log
- /data/data/####/mv_swich.cfg
- /data/data/####/n.jar
- /data/data/####/ver_info.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
Другие:
Загружает динамические библиотеки:
- gbd
- libjiagu
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
