Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Adware.Gexin.2.origin
Осуществляет доступ к приватному интерфейсу ITelephony.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.h####.n####.cn:80
- TCP(HTTP/1.1) h####.opensp####.cn:80
- TCP(HTTP/1.1) vod.xinhu####.com:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) w####.h####.n####.cn:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) www.xio####.gov.cn:80
- TCP(HTTP/1.1) img.ycf####.com:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8011
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
- TCP(HTTP/1.1) a2.xinhu####.com.####.net:80
- TCP(HTTP/1.1) 2####.192.9.4:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) ds-ak####.akam####.net.####.net:80
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) n####.cn.edges####.net:80
- TCP(HTTP/1.1) o####.w####.com:80
- TCP(HTTP/1.1) api.ycf####.com:80
- TCP(HTTP/1.1) qc.wa.n####.cn:80
- TCP(HTTP/1.1) d####.opensp####.cn:80
- TCP(TLS/1.0) wild####.go-mp####.net.####.net:443
- TCP(TLS/1.0) o####.w####.com:443
- TCP(TLS/1.0) res####.a####.com:443
- TCP(TLS/1.0) s####.tc.qq.com:443
- TCP(TLS/1.0) st####.danghon####.com:443
- TCP(TLS/1.0) pl####.v.n####.####.com:443
- TCP(TLS/1.0) gdv.a.s####.com:443
- TCP sdk.o####.t####.####.com:5224
- TCP 43.2####.145.65:5225
- TCP t####.nz4.ig####.com:5224
Запросы DNS:
- 7j####.c####.z0.####.com
- a####.b####.qq.com
- a####.u####.com
- a2.xinhu####.com
- a3.xinhu####.com
- aexcep####.b####.qq.com
- and####.b####.qq.com
- api.h####.n####.cn
- api.ycf####.com
- bd.xinhu####.com
- c-h####.g####.com
- c.go-mp####.net
- d####.opensp####.cn
- ds-ak####.akam####.net
- h####.opensp####.cn
- img.ycf####.com
- l####.tbs.qq.com
- m####.vod.n####.cn
- m.n####.cn
- m.xinhu####.com
- o####.w####.com
- pl####.v.n####.cn
- pv.s####.com
- qc.wa.n####.cn
- r####.wx.qq.com
- res####.a####.com
- s.go-mp####.net
- sdk-ope####.g####.com
- sdk.c####.ig####.com
- sdk.o####.amp.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- st####.danghon####.com
- t####.nz4.g####.net
- t####.nz4.ge####.com
- t####.nz4.ig####.com
- u####.ycf####.com
- vod.xinhu####.com
- vodf####.n####.cn
- w####.h####.n####.cn
- www.new####.cn
- www.new####.cn
- www.xinhu####.com
- www.xio####.gov.cn
Запросы HTTP GET:
- a2.xinhu####.com.####.net/js/xadndelayed.js
- api.h####.n####.cn/wx/jsapi.do?callback=####&mpId=####&url=####
- api.ycf####.com/ask/list?userid=80934&client_ver=5.0.7&visit_start_time=...
- api.ycf####.com/content/getcontentlist?categoryid=3&categorytype=normal&...
- api.ycf####.com/content/getplaylist?userid=80934&client_ver=5.0.7&visit_...
- api.ycf####.com/views/focusimg?userid=&client_ver=5.0.7&visit_start_time...
- ds-ak####.akam####.net.####.net/2/629899/b?dE=####&cS=####&cE=####&rqS=#...
- ds-ak####.akam####.net.####.net/aksb.min.js
- h####.opensp####.cn/launchconfig?t=####&p=dml0e####
- img.ycf####.com/thumbs/135/100/data/ycrb//userfiles/32/images/cms/articl...
- img.ycf####.com/thumbs/160/114/data/ycrb//userfiles/32/images/cms/ask/20...
- img.ycf####.com/thumbs/480/270/data/ycrb//userfiles/32/images/cms/articl...
- n####.cn.edges####.net/big201710leaderreports/19da01.png
- n####.cn.edges####.net/big201710leaderreports/19iconchufang.png
- n####.cn.edges####.net/big201710leaderreports/19iconhyhd.png
- n####.cn.edges####.net/big201710leaderreports/19iconjhqw.png
- n####.cn.edges####.net/big201710leaderreports/19iconjjhj.png
- n####.cn.edges####.net/big201710leaderreports/19iconjl.png
- n####.cn.edges####.net/big201710leaderreports/19iconkcdy.png
- n####.cn.edges####.net/big201710leaderreports/19icontpbd.png
- n####.cn.edges####.net/big201710leaderreports/19iconxxdb.png
- n####.cn.edges####.net/big201710leaderreports/19iconzdzx.png
- n####.cn.edges####.net/big201710leaderreports/19iconzsps.png
- n####.cn.edges####.net/big201710leaderreports/19iconztbd.png
- n####.cn.edges####.net/big201710leaderreports/big1001ximobbannerbg.jpg
- n####.cn.edges####.net/big201710leaderreports/big19_1030_xbtn.png
- n####.cn.edges####.net/big201710leaderreports/css/mult_report_demo.css
- n####.cn.edges####.net/big201710leaderreports/css/mult_report_demo_minde...
- n####.cn.edges####.net/big201710leaderreports/img/mult_report_sub_bg_ban...
- n####.cn.edges####.net/big201710leaderreports/js/mult_report_demo.js
- n####.cn.edges####.net/big201710leaderreports/js/mult_report_demo_mindex...
- n####.cn.edges####.net/common/share/logo4share.jpg
- n####.cn.edges####.net/data/cdn_transfer/0D/48/0d726b8b590125b68e2be06c7...
- n####.cn.edges####.net/global/css/swiper2.min.css
- n####.cn.edges####.net/global/js/jquery.min.js
- n####.cn.edges####.net/global/js/pageCore.js
- n####.cn.edges####.net/global/js/swiper2.min.js
- n####.cn.edges####.net/global/lib/jq/jquery1.11.3/jquery1.11.3.min.js
- n####.cn.edges####.net/global/lib/jq/jquery1.12.4/jquery1.12.4.min.js
- n####.cn.edges####.net/global/lib/qrcode/qrcode.min.js
- n####.cn.edges####.net/global/lib/slimScroll/slimscroll1.3.8/jquery.slim...
- n####.cn.edges####.net/global/lib/swiper/swiper2.7.6/idangerous.swiper.css
- n####.cn.edges####.net/global/lib/swiper/swiper2.7.6/idangerous.swiper.m...
- n####.cn.edges####.net/global/lib/swiper/swiper3.4.0/swiper.jquery.js
- n####.cn.edges####.net/global/lib/swiper/swiper3.4.0/swiper.min.css
- n####.cn.edges####.net/global/public/css/common.css
- n####.cn.edges####.net/global/public/css/common_m.css
- n####.cn.edges####.net/global/public/mobileFooter.js
- n####.cn.edges####.net/global/public/pcFooter.js
- n####.cn.edges####.net/global/public/wxShare.js
- n####.cn.edges####.net/images/syicon/space.gif
- n####.cn.edges####.net/index.htm
- n####.cn.edges####.net/m/css/addon.css
- n####.cn.edges####.net/m/css/index.css
- n####.cn.edges####.net/m/css/swiper.min.css
- n####.cn.edges####.net/m/img/desktop.png
- n####.cn.edges####.net/m/img/desktop_normal.png
- n####.cn.edges####.net/m/img/ico_close.png
- n####.cn.edges####.net/m/img/ico_more.png
- n####.cn.edges####.net/m/img/ico_play.png
- n####.cn.edges####.net/m/img/ico_search.png
- n####.cn.edges####.net/m/img/ico_topc.png
- n####.cn.edges####.net/m/img/icon_search.png
- n####.cn.edges####.net/m/img/logo.png
- n####.cn.edges####.net/m/img/placeholder.png
- n####.cn.edges####.net/m/img/sinalogo_35.png
- n####.cn.edges####.net/m/img/topicbar-allmedia.png
- n####.cn.edges####.net/m/img/topicbar-bg.png
- n####.cn.edges####.net/m/img/topicbar-business.png
- n####.cn.edges####.net/m/img/weixinQRcode.png
- n####.cn.edges####.net/m/js/addon.js
- n####.cn.edges####.net/m/js/common.js
- n####.cn.edges####.net/m/js/index.js
- n####.cn.edges####.net/m/js/picLazyload.js
- n####.cn.edges####.net/m/js/swiper.min.js
- n####.cn.edges####.net/m/js/zepto.min.js
- n####.cn.edges####.net/politics/2019-02/18/c_1124131474.htm
- n####.cn.edges####.net/politics/leaders/2019-02/22/1124152640_1550841146...
- n####.cn.edges####.net/politics/leaders/2019-02/22/c_1124152558.htm
- n####.cn.edges####.net/politics/leaders/titlepic/112175/1121750894_15212...
- n####.cn.edges####.net/politics/leaders/titlepic/112185/1121855112_15090...
- n####.cn.edges####.net/politics/leaders/titlepic/112191/1121916986_15202...
- n####.cn.edges####.net/politics/leaders/titlepic/112194/1121948550_15105...
- n####.cn.edges####.net/politics/leaders/titlepic/112393/1123932358_15463...
- n####.cn.edges####.net/politics/leaders/titlepic/112393/1123939438_15464...
- n####.cn.edges####.net/politics/leaders/titlepic/112408/1124084168_15491...
- n####.cn.edges####.net/politics/leaders/titlepic/112412/1124121476_15502...
- n####.cn.edges####.net/politics/leaders/titlepic/112414/1124142377_15506...
- n####.cn.edges####.net/politics/leaders/titlepic/112414/1124142671_15506...
- n####.cn.edges####.net/politics/leaders/titlepic/112415/1124152643_15508...
- n####.cn.edges####.net/politics/leaders/xijinping/index.htm
- n####.cn.edges####.net/politics/leaders/xijinping/mob.htm
- n####.cn.edges####.net/politics/xxjxs/img/nav-logo.png
- n####.cn.edges####.net/politics/xxjxs/img/xxjxs-qr.png
- n####.cn.edges####.net/static/jq.js
- n####.cn.edges####.net/titlepic/112017/1120172231_1485568235129_title0h....
- n####.cn.edges####.net/titlepic/112046/1120468402_1487119856485_title0h....
- n####.cn.edges####.net/titlepic/112085/1120859445_1508635580561_title0h....
- n####.cn.edges####.net/titlepic/112205/1122056276_1525230692444_title0h....
- n####.cn.edges####.net/titlepic/112275/1122753697_1524814956123_title0h....
- n####.cn.edges####.net/titlepic/112284/1122843510_1526526737375_title0h....
- n####.cn.edges####.net/titlepic/112304/1123048986_1530176071912_title0h....
- n####.cn.edges####.net/titlepic/112349/1123490154_1538015801810_title0h....
- n####.cn.edges####.net/titlepic/112354/1123541026_1539172065014_title0h....
- n####.cn.edges####.net/titlepic/112413/1124138406_1550625798632_title0h....
- n####.cn.edges####.net/titlepic/112413/1124138406_1550625920959_title0h....
- n####.cn.edges####.net/titlepic/112413/1124138406_1550625929719_title0h....
- n####.cn.edges####.net/titlepic/112413/1124139660_1550631346684_title0h....
- n####.cn.edges####.net/titlepic/112414/1124141740_1550714243788_title0h....
- n####.cn.edges####.net/titlepic/112414/1124143835_1550710635659_title0h....
- n####.cn.edges####.net/titlepic/112414/1124146695_1550737906981_title0h....
- n####.cn.edges####.net/titlepic/112414/1124146958_1550739638362_title0h....
- n####.cn.edges####.net/titlepic/112414/1124147092_1550807946020_title0h....
- n####.cn.edges####.net/titlepic/112414/1124147897_1550815321078_title0h....
- n####.cn.edges####.net/titlepic/112414/1124147948_1550791365721_title0h....
- n####.cn.edges####.net/titlepic/112414/1124147976_1550791804653_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148008_1550792280935_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148017_1550792083293_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148042_1550792125626_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148053_1550792166770_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148072_1550792246638_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148162_1550793934330_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148469_1550795061886_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148540_1550795527991_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148588_1550795690106_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148612_1550795829121_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148657_1550795995600_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148750_1550796528171_title0h....
- n####.cn.edges####.net/titlepic/112414/1124148795_1550796782059_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149103_1550798149828_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149359_1550799572631_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149377_1550799701405_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149393_1550799784791_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149410_1550800398898_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149469_1550800271456_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149583_1550800834136_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149591_1550800876103_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149663_1550801216371_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149688_1550801313490_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149712_1550801459539_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149732_1550801559480_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149748_1550801698798_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149856_1550802624544_title0h....
- n####.cn.edges####.net/titlepic/112414/1124149931_1550803512493_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150146_1550815260233_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150255_1550805330605_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150296_1550805689449_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150519_1550827437197_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150541_1550821099507_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150563_1550817164191_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150870_1550819947260_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150870_1550819948964_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150870_1550819950405_title0h....
- n####.cn.edges####.net/titlepic/112415/1124150991_1550818230419_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151187_1550821222107_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151190_1550819712937_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151402_1550821205135_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151466_1550822034504_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151483_1550822155065_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151532_1550822589956_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151571_1550832227623_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151683_1550823869880_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151732_1550825599219_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151775_1550824524877_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151854_1550825256554_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151892_1550825885600_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151948_1550825879978_title0h....
- n####.cn.edges####.net/titlepic/112415/1124151988_1550826365077_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152033_1550826981440_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152033_1550826983344_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152033_1550826984733_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152075_1550827243528_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152263_1550832386831_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152272_1550829704821_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152344_1550832179560_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152352_1550832366775_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152423_1550833855257_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152506_1550836590188_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152512_1550836804329_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152515_1550836869890_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152562_1550842874262_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152672_1550842655135_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152678_1550843024849_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152694_1550843495643_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152705_1550843857897_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152910_1550878277804_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152921_1550878500674_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152929_1550878684258_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152938_1550878827321_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152945_1550879049814_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152952_1550879444065_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152962_1550879522146_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152973_1550879712047_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152988_1550879901573_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152992_1550879996395_title0h....
- n####.cn.edges####.net/titlepic/112415/1124152998_1550880070423_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065076_1550792032120_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065079_1550792004804_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065081_1550791990718_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065082_1550791977493_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065088_1550791958341_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065236_1550797369470_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065253_1550798064410_title0h....
- n####.cn.edges####.net/titlepic/121006/1210065257_1550798133915_title0h....
- n####.cn.edges####.net/video/static/videovisit.js
- n####.cn.edges####.net/video/videobg20181107.png
- n####.cn.edges####.net/world/brics2017/js/jquery.carousel.customed.min.js
- n####.cn.edges####.net/world/brics2017/js/jquery.mousewheel.js
- n####.cn.edges####.net/xjp20171103/images/mb_xjp_banner.jpg
- n####.cn.edges####.net/xl2017/css/main.css
- n####.cn.edges####.net/xl2017/images/bg2.jpg
- n####.cn.edges####.net/xl2017/images/f-ewm.png
- n####.cn.edges####.net/xl2017/images/f-logo.png
- n####.cn.edges####.net/xl2017/images/f-wb.png
- n####.cn.edges####.net/xl2017/images/f-wx.png
- n####.cn.edges####.net/xl2017/images/h-m.png
- n####.cn.edges####.net/xl2017/images/h-o.png
- n####.cn.edges####.net/xl2017/images/h-s.png
- n####.cn.edges####.net/xl2017/images/khd.png
- n####.cn.edges####.net/xl2017/images/m-close.png
- n####.cn.edges####.net/xl2017/images/n-q.png
- n####.cn.edges####.net/xl2017/images/n-wb.png
- n####.cn.edges####.net/xl2017/images/n-wx.png
- n####.cn.edges####.net/xl2017/images/net_logo.png
- n####.cn.edges####.net/xl2017/images/wx.png
- n####.cn.edges####.net/xl2017/js/main.js
- n####.cn.edges####.net/xl2017/ldr/xl20181129.js
- n####.cn.edges####.net/xl2017/lingdaren/js/click_audio_btn_201804111846.js
- n####.cn.edges####.net/xl2017/lingdaren/js/ldr_sp_v2.js
- n####.cn.edges####.net/xl20171103/lingdaren/css/xijinping_main_v2.css
- n####.cn.edges####.net/xl20171103/lingdaren/js/main.js
- o####.w####.com/wblinks.js?ak=####
- qc.wa.n####.cn/nodeart/list?nid=####&pgnum=####&cnt=####&attr=####&tp=##...
- t####.c####.q####.####.com/tdata_ZCi456
- ti####.c####.l####.####.com/config/bj-bjv6.conf
- ti####.c####.l####.####.com/config/hz-bjv6.conf
- vod.xinhu####.com/v/vod.html?vid=####
- w####.h####.n####.cn/1.gif?z=1&a=1691850e47c&b=%u65B0%u534E%u7F51_%u8BA9...
- w####.h####.n####.cn/1.gif?z=1&a=1691850ff99&b=%u4E60%u8FD1%u5E73%u4F1A%...
- w####.h####.n####.cn/1.gif?z=1&a=16918510ac0&b=%u65B0%u534E%u7F51_%u8BA9...
- w####.h####.n####.cn/1.gif?z=1&a=16918510f6d&b=%u4E60%u8FD1%u5E73%u4F1A%...
- w####.h####.n####.cn/1.gif?z=1&a=1691851182a&b=%u65B0%u534E%u7F51&B=UTF-...
- w####.h####.n####.cn/1.gif?z=1&a=1691851331c&b=%u4E60%u8FD1%u5E73%u62A5%...
- w####.h####.n####.cn/webdig.js?z=####
- www.xio####.gov.cn/strategy/images/memorabilia-icon-audio.png
- www.xio####.gov.cn/v/misc/core_min.js?v=####
- www.xio####.gov.cn/v/misc/img/error.png
- www.xio####.gov.cn/v/misc/load.js
- www.xio####.gov.cn/v/misc/mplayer_min.js?v=####
- www.xio####.gov.cn/v/misc/webapp.css
Запросы HTTP POST:
- a####.u####.com/app_logs
- aexcep####.b####.qq.com:8011/rqd/async
- aexcep####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- api.ycf####.com/comments/getdetailcomments
- api.ycf####.com/content/getdetail
- api.ycf####.com/menu/gettaglist
- api.ycf####.com/paper/prepaper
- api.ycf####.com/search/hotword
- api.ycf####.com/total/total.php
- api.ycf####.com/usercenter/sso/fakeReg?securitykey=034c4e89bac21c0ac5896...
- api.ycf####.com/userinfo/api/v2/favor/sync?userid=80934&client_ver=5.0.7...
- api.ycf####.com/userinfo/api/v2/reddot?userid=80934&client_ver=5.0.7&vis...
- api.ycf####.com/userinfo/api/v2/sub/sync?userid=80934&client_ver=5.0.7&v...
- api.ycf####.com/userinfo/api/v3/ask/concern/list
- api.ycf####.com/views/counts
- api.ycf####.com/views/coverpages
- api.ycf####.com/views/overall
- api.ycf####.com/views/version
- c-h####.g####.com/api.php?format=####&t=####
- d####.opensp####.cn/index.php/clientrequest/clientcollect/isCollect
- l####.tbs.qq.com/ajax?c=####&k=####
- n####.cn.edges####.net/s?
- sdk-ope####.g####.com/api.php?format=####&t=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/1d2b904cbeadfb72ed9546111a231c85.0
- /data/data/####/860048193331.0
- /data/data/####/Alvin2.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/ContextData.xml
- /data/data/####/bugly_db_legu-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/ccccc11a5690e3f1a8bf30f2230dfc2d.0
- /data/data/####/com.iflytek.id.xml
- /data/data/####/com.iflytek.msc.xml
- /data/data/####/config.xml
- /data/data/####/config_noclear.xml
- /data/data/####/core_info
- /data/data/####/d97863485eda9cf3294345d6dcfec36e.0
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/debug.conf
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_00006a
- /data/data/####/f_00006b
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/f_00006f
- /data/data/####/f_000070
- /data/data/####/f_000071
- /data/data/####/f_000072
- /data/data/####/f_000073
- /data/data/####/f_000074
- /data/data/####/f_000075
- /data/data/####/f_000076
- /data/data/####/f_000077
- /data/data/####/f_000078
- /data/data/####/f_000079
- /data/data/####/f_00007a
- /data/data/####/f_00007b
- /data/data/####/f_00007c
- /data/data/####/f_00007d
- /data/data/####/f_00007e
- /data/data/####/f_00007f
- /data/data/####/f_000080
- /data/data/####/f_000081
- /data/data/####/f_000082
- /data/data/####/gx_sp.xml
- /data/data/####/hmdb
- /data/data/####/hmdb-journal
- /data/data/####/http_www.xinhuanet.com_0.localstorage-journal
- /data/data/####/ifly_launch_lib.xml
- /data/data/####/iflytek_state_com.ycen.www.activity.xml
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/libnfix.so
- /data/data/####/libshella-2.9.0.2.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/logdb.db
- /data/data/####/logdb.db-journal
- /data/data/####/mix.dex
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/pref.xml
- /data/data/####/push.pid
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/statistics.db-journal
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbs_load_stat_flag.xml
- /data/data/####/tbs_report_lock.txt
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/tdata_ZCi456
- /data/data/####/tdata_ZCi456.jar
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromium.db-journal (deleted)
- /data/media/####/.nomedia
- /data/media/####/1550891128550.db
- /data/media/####/3093063993607168_cms_3093063993607168.dat
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/afff1d29965f1e18c3429738de87baff.mp4
- /data/media/####/alsn20170807.db
- /data/media/####/alsn20170807.db-journal
- /data/media/####/app.db
- /data/media/####/ask_attention.dat
- /data/media/####/ask_follow.dat
- /data/media/####/ask_praise.dat
- /data/media/####/ask_question.dat
- /data/media/####/ask_subject_praise.dat
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.ycen.www.activity.db
- /data/media/####/comment_logo.png
- /data/media/####/cover_key2.dat
- /data/media/####/gov_logo.png
- /data/media/####/ic_launcher.png
- /data/media/####/iflyworkdir_test
- /data/media/####/local_collect.dat
- /data/media/####/mediadata.dat
- /data/media/####/praise.dat
- /data/media/####/subscribe.dat
- /data/media/####/suvery_record_3093063993607168_cms_3093063993607168.dat
- /data/media/####/tagId3.dat
- /data/media/####/tagId4.dat
- /data/media/####/tagId6.dat
- /data/media/####/tdata_ZCi456
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.2.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.product.cpu.abi
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
Загружает динамические библиотеки:
- Bugly
- getuiext2
- imagepipeline
- libnfix
- libshella-2.9.0.2
- libufix
- msc
- nfix
- ufix
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
- AES-GCM-NoPadding
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Управляет Wi-Fi-подключением.
