Техническая информация
Вредоносные функции:
Осуществляет доступ к приватному интерфейсу ITelephony.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) l####.b####.com:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) dy.dd####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) c.c####.com:80
- TCP(HTTP/1.1) pco####.ta####.com:80
- TCP(HTTP/1.1) ping####.qq.com:80
- TCP(HTTP/1.1) dz.dd####.cn:80
- TCP(HTTP/1.1) p1.q####.com:80
- TCP(HTTP/1.1) tu####.tupi####.com:80
- TCP(HTTP/1.1) g####.al####.com:80
- TCP(HTTP/1.1) i####.c####.com:80
- TCP(HTTP/1.1) wild####.al####.com.####.net:80
- TCP(HTTP/1.1) tj.ff####.com:80
- TCP(HTTP/1.1) s####.dat####.com:80
- TCP(HTTP/1.1) at.al####.com:80
- TCP(HTTP/1.1) cmsst####.dat####.com:80
- TCP(HTTP/1.1) fh.dd####.com:80
- TCP(SSL/3.0) p.ssl.q####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) p.ssl.q####.com:443
- TCP(TLS/1.0) tj.ff####.com:443
- TCP(TLS/1.0) ma####.bootstr####.com:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) cdn.boo####.com.####.com:443
- TCP(TLS/1.0) wild####.al####.com.####.net:443
Запросы DNS:
- at.al####.com
- c####.mm####.com
- c.c####.com
- cdn.boo####.com
- cmsst####.dat####.com
- dd####.cn
- dy.dd####.com
- dz.dd####.cn
- ewm.dd####.com
- f####.google####.com
- f####.gst####.com
- f####.set####.cn
- fh.dd####.com
- fk.dd####.com
- g####.al####.com
- g####.al####.com
- g####.al####.com
- hm.b####.com
- i####.c####.com
- img.al####.com
- l####.b####.com
- ma####.bootstr####.com
- p.ssl.q####.com
- p0.q####.com
- p1.q####.com
- p2.q####.com
- p3.q####.com
- p4.q####.com
- p5.q####.com
- p6.q####.com
- p7.q####.com
- p8.q####.com
- p9.q####.com
- pco####.c####.com
- pi####.qq.com
- ping####.qq.com
- s####.dat####.com
- s22.c####.com
- tj.ff####.com
- tj.qua####.com
- tu####.tupi####.com
- www.dd####.com
- www.xiaom####.com
- xb.dd####.cn
- xiaom####.com
- z1.c####.com
Запросы HTTP GET:
- at.al####.com/t/font_486278_cz1h5tt67nt.js
- c.c####.com/core.php?web_id=####&show=####&t=####
- c.c####.com/z_stat.php?id=####&show=####
- cmsst####.dat####.com//wap_new/common/common.css?v=####
- cmsst####.dat####.com//wap_new/common/common.js?v=####
- cmsst####.dat####.com//wap_new/common/iconfont/iconfont.ttf?t=####
- cmsst####.dat####.com//wap_new/common/models/models-jsencrypt.js?v=####
- cmsst####.dat####.com//wap_new/lib/JSBridge.js?v=####
- cmsst####.dat####.com//wap_new/lib/jquery.js?v=####
- cmsst####.dat####.com//wap_new/lib/lazyload.js?v=####
- cmsst####.dat####.com//wap_new/lib/md5.js?v=####
- cmsst####.dat####.com//wap_new/lib/wui/js/modules/layer.js?v=####
- cmsst####.dat####.com//wap_new/lib/wui/js/modules/swiper.js?v=####
- cmsst####.dat####.com//wap_new/lib/wui/plugin/layer/layer.js?v=####
- cmsst####.dat####.com//wap_new/lib/wui/plugin/layer/skin/default/layer.c...
- cmsst####.dat####.com//wap_new/lib/wui/plugin/swiper/js/swiper.js?v=####
- cmsst####.dat####.com//wap_new/lib/wui/plugin/swiper/swiper.css?v=####
- cmsst####.dat####.com//wap_new/lib/wui/wui.js?v=####
- cmsst####.dat####.com//wap_new/main/main.css?v=####
- cmsst####.dat####.com//web/images/rolling.gif
- cmsst####.dat####.com//web/js/cms_ggw_wap.js?v=####
- cmsst####.dat####.com/wap_new/common/models/models-goods-classify.js?v=#...
- cmsst####.dat####.com/wap_new/common/models/models-up-app.js?v=####
- cmsst####.dat####.com/wap_new/home/js/models-home.js?v=####
- cmsst####.dat####.com/wap_new/lib/JSEncrypt.js
- dy.dd####.com/
- dy.dd####.com/js/history.js
- dy.dd####.com/js/jquery.min.js
- dy.dd####.com/style/css/blackcolor.css
- dy.dd####.com/style/css/bootstrap.min.css
- dy.dd####.com/style/css/style.min.css
- dy.dd####.com/style/css/swiper.min.css
- dy.dd####.com/style/font/iconfont.css
- dy.dd####.com/style/font/iconfont.ttf?t=####
- dy.dd####.com/style/js/swiper.min.js
- dy.dd####.com/style/play.png
- dz.dd####.cn/forum.php?mod=####&tid=####
- fh.dd####.com/
- fh.dd####.com/?&rand=####
- fh.dd####.com/assets/51fh/css/bootstrap.min.css
- fh.dd####.com/assets/51fh/css/demo.css
- fh.dd####.com/assets/51fh/css/material-kit.css
- fh.dd####.com/assets/51fh/img/bj.png
- fh.dd####.com/assets/51fh/js/bootstrap-datepicker.js
- fh.dd####.com/assets/51fh/js/bootstrap.min.js
- fh.dd####.com/assets/51fh/js/jquery.min.js
- fh.dd####.com/assets/51fh/js/material-kit.js
- fh.dd####.com/assets/51fh/js/material.min.js
- fh.dd####.com/assets/51fh/js/nouislider.min.js
- fh.dd####.com/index.php?r=####
- fh.dd####.com/index.php?r=####&callback=####&_=####
- fh.dd####.com/index.php?r=####&page=####
- fh.dd####.com/static/AmazeUI/css/amazeui.css
- fh.dd####.com/static/AmazeUI/fonts/fontawesome-webfont.ttf?v=####
- fh.dd####.com/static/AmazeUI/js/amazeui.min.js
- fh.dd####.com/static/css/style.css
- fh.dd####.com/static/images/1545880791.jpg
- fh.dd####.com/static/images/1545880855.jpg
- fh.dd####.com/static/images/1550318301.jpg
- fh.dd####.com/static/images/1550318343.jpg
- fh.dd####.com/static/layui/css/modules/layer/default/layer.css?v=####
- fh.dd####.com/static/layui/lay/modules/form.js
- fh.dd####.com/static/layui/lay/modules/layer.js
- fh.dd####.com/static/layui/layui.js
- g####.al####.com/tps/i1/O1CN01NkErRb27gM5cNj6hc_!!0-juitemmedia.jpg_480x...
- g####.al####.com/tps/i2/O1CN011gSAB0SRy53LY3F_!!0-juitemmedia.jpg_480x48...
- g####.al####.com/tps/i2/O1CN014xWiya1y1I2jUKm0U_!!0-juitemmedia.jpg_480x...
- g####.al####.com/tps/i2/TB2jzs6XxtnkeRjSZSgXXXAuXXa_!!0-juitemmedia.jpg_...
- gm.mm####.com/9.gif?abc=####&rnd=####
- i####.c####.com/img/pic.gif
- l####.b####.com/jquery/1.8.3/jquery.js
- p1.q####.com/d/dy_03e10a714b2db49e3dcb7bb312efc804.jpg
- p1.q####.com/d/dy_0a16a92158c2bb8b00a9d7e8cfd11b39.
- p1.q####.com/d/dy_0f6a53ab7490bf4aa130a2ee3c875b52.
- p1.q####.com/d/dy_15cff45ae863612bdf3f91cd07e79d92.jpg
- p1.q####.com/d/dy_1cf688c4fd8403a25dc03e6b8ddad9b5.jpg
- p1.q####.com/d/dy_3ac910dff3a735623276919a86a85236.jpg
- p1.q####.com/d/dy_40e85b7a5788acda07bd0684eb8c2f9e.jpg
- p1.q####.com/d/dy_4818b6d40cbe7e9312c35678aeebbb46.jpg
- p1.q####.com/d/dy_4f992f8084983174b499fe23697b0919.
- p1.q####.com/d/dy_56245fe18b99d1c0db1db9962718dc17.
- p1.q####.com/d/dy_62519be502ea1fc7ffed518102172e7c.
- p1.q####.com/d/dy_627ddfd0d568e74bc715b80d0f02e2f7.jpg
- p1.q####.com/d/dy_62db29b0897bf0540112bd23c0520730.jpg
- p1.q####.com/d/dy_635c0115d3db9b24f8b8a5b0bc02925c.jpg
- p1.q####.com/d/dy_63c3ec75fd85a74514d7c12b3cda1029.
- p1.q####.com/d/dy_6469ef2d0900e2245fed041badec8b6e.jpg
- p1.q####.com/d/dy_64d1930b001ddc7cee6b1c0e2a46bbed.jpg
- p1.q####.com/d/dy_677df3e534914856c70777330046330e.
- p1.q####.com/d/dy_67debafd94249941a867ec31cc050714.
- p1.q####.com/d/dy_695e41b4208ee7f19ee1c741bb703d3d.
- p1.q####.com/d/dy_6e8c3cd763feea38f4f84bd8cbf24905.jpg
- p1.q####.com/d/dy_708131dac49fb3456854e526ac9c1c66.
- p1.q####.com/d/dy_7b74facdd57c8511b4d06365b3ca4972.jpg
- p1.q####.com/d/dy_87608660f966d815c0bb6e598e07148c.jpg
- p1.q####.com/d/dy_9038b68a0f47db4fe2a1bb9c362434d6.jpg
- p1.q####.com/d/dy_931be8a070fea71a1433220483ca22f3.jpg
- p1.q####.com/d/dy_99e5d837196bd59f53f336b44b88ddc0.jpg
- p1.q####.com/d/dy_a765c849fc5c3e5cff66a85bf868c0d0.
- p1.q####.com/d/dy_aa340d192b7ff2c6ae9bb6811663913e.jpg
- p1.q####.com/d/dy_ae9d3e600c4d2bc5c4df38697b0717c2.
- p1.q####.com/d/dy_b9f24d0d9478922fcd8eeebcc4e4d2d6.jpg
- p1.q####.com/d/dy_c3a4b5893aad5cf2589eb48d18f3e273.
- p1.q####.com/d/dy_c6ce5f6e97040668d25b39168606519b.jpg
- p1.q####.com/d/dy_c7121dbc6a7b13eb576bcbc93e9b6cd2.
- p1.q####.com/d/dy_c8d311d63662fa262ddad35c087c09c5.jpg
- p1.q####.com/d/dy_cced938b674c06108fa560e0f5137ebe.
- p1.q####.com/d/dy_cd8690c95c8bd93aac6ff85060439cd0.jpg
- p1.q####.com/d/dy_d01de6124bce624456a4709dd41cc26d.
- p1.q####.com/d/dy_d06f281be8c8eb980133c4c7687ce0fd.
- p1.q####.com/d/dy_d62e8572d2f865f22a900033ed7b2304.jpg
- p1.q####.com/d/dy_d743085ff14fa26a9b50aebf491971f3.
- p1.q####.com/d/dy_e231f4920bb0858364d3ab1c7ecf3545.jpg
- p1.q####.com/d/dy_e6ff108a71d79db283f813374789b126.
- p1.q####.com/d/dy_f1cd082f7483f300764453e86d1e4861.jpg
- p1.q####.com/d/dy_f280a4dc967f7237b3314f9cd502775b.
- p1.q####.com/t016ac3d4c9b6a0be35.jpg
- p1.q####.com/t0171e200d2546740aa.jpg
- p1.q####.com/t01b52c9385b9fe9d8c.jpg
- pco####.ta####.com/app.gif?&cna=####
- ping####.qq.com/pingd?dm=####&pvi=####&si=####&url=####&arg=r=i####&ty=#...
- ping####.qq.com/pingd?dm=ddm123.cn&pvi=879151551194883153&si=s2147155119...
- ping####.qq.com/pingd?dm=ddm123.cn&pvi=879151551194883153&si=s6712915511...
- s####.dat####.com/dest/js/dtksatc.js?v=####
- s####.dat####.com/sendBAMessage?t=1551194884456&domain=ddm123.cn&url=htt...
- s####.tc.qq.com/h5/stats.js?v2####
- t####.c####.q####.####.com/sdfakalogo.png
- tj.ff####.com/_utm.gif?z=1551194884467&tid=xc-dtk-cms-652008&at=pageview...
- tj.ff####.com/_utm.gif?z=1551194922570&tid=xc-dtk-cms-652008&at=pageview...
- tj.ff####.com/_utm.gif?z=1551194923554&tid=xc-dtk-cms-652008&at=pageview...
- tu####.tupi####.com/pic/upload/vod/2018-10-05/201810051538723635.jpg
- wild####.al####.com.####.net/imgextra/i1/3493023771/O1CN015L4emj1djA2UeF...
- z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
Запросы HTTP POST:
- fh.dd####.com/index.php?r=####
- fh.dd####.com/index.php?r=####&type=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_00006a
- /data/data/####/f_00006b
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/f_00006f
- /data/data/####/http_ddm123.cn_0.localstorage-journal
- /data/data/####/http_dy.ddzzxd.com_0.localstorage-journal
- /data/data/####/http_fk.ddzzxd.com_0.localstorage-journal
- /data/data/####/index
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
Другие:
Загружает динамические библиотеки:
- luajava
- ygsiyu
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
Получает информацию об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
