Техническая информация
Вредоносные функции:
Осуществляет доступ к приватному интерфейсу ITelephony.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.behm####.com:80
- TCP(HTTP/1.1) behm####.com:80
- TCP(TLS/1.0) app-mea####.com:443
- TCP(TLS/1.0) 1####.217.168.206:443
Запросы DNS:
- api.behm####.com
- app-mea####.com
- behm####.com
- ca.p####.ir
Запросы HTTP GET:
- behm####.com/wp-content/uploads/2018/04/Behnam-Bani-Sad-Sal-150x150.jpg
- behm####.com/wp-content/uploads/2018/04/photo_2018-04-13_08-57-10-150x15...
- behm####.com/wp-content/uploads/2018/04/photo_2018-04-15_21-00-11-150x15...
- behm####.com/wp-content/uploads/2018/05/Mohsen-Ebrahimzadeh-To-Yare-Mani...
- behm####.com/wp-content/uploads/2018/06/Puzzle-Band-Maghrooro-Ashegh-150...
- behm####.com/wp-content/uploads/2018/06/photo_2018-06-07_23-06-49-150x15...
- behm####.com/wp-content/uploads/2018/06/photo_2018-06-09_19-04-51-150x15...
- behm####.com/wp-content/uploads/2018/07/Aref-Called-Be-To-Hedyeh-Mikonam...
- behm####.com/wp-content/uploads/2018/10/Meysam-Ebrahimi-Zood-Gozasht-150...
- behm####.com/wp-content/uploads/2018/11/Meysam-Ebrahimi-Tavahom-150x150....
- behm####.com/wp-content/uploads/2018/12/Meysam-Ebrahimi-Aroosak-150x150....
- behm####.com/wp-content/uploads/2019/02/Meysam-Ebrahimi-Jan-Jan-150x150....
- behm####.com/wp-content/uploads/2019/02/Pouya-Bayati-Asir-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/1552406205-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/78460317bd6ff77-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Ali-Zand-Vakili-Jadeh-Shab-150x1...
- behm####.com/wp-content/uploads/2019/03/AliLohrasbi-Daroongera3-9-150x15...
- behm####.com/wp-content/uploads/2019/03/Alireza-Roozegar-Full-Nice-150x1...
- behm####.com/wp-content/uploads/2019/03/Amin-Hayaei-Divoone-Misazi-150x1...
- behm####.com/wp-content/uploads/2019/03/Aref-Bahare-Delkash-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Aref-Bahare-Delkash-496x496.jpg
- behm####.com/wp-content/uploads/2019/03/Behnam-Alamshahi-Yamar-Yamar-150...
- behm####.com/wp-content/uploads/2019/03/Black-Cats-Jonoon-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Emad-Eshghe-Man-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Emad-Talebzadeh-Maghrour-150x150...
- behm####.com/wp-content/uploads/2019/03/Golpa-Geryeh-Ham-Hali-Mikhad-150...
- behm####.com/wp-content/uploads/2019/03/Hamed-Baradaran-Faghat-Bash-150x...
- behm####.com/wp-content/uploads/2019/03/Hamid-Hiraad-Codeine-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Hojat-Ashrafzadeh-Atasham-Bash-1...
- behm####.com/wp-content/uploads/2019/03/Hoorosh-Band-Ahay-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/MD-Band-Donyam-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Macan-Band-Ki-Boodi-To-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Majid-Yahyaei-Tamoome-Eshghe-To-...
- behm####.com/wp-content/uploads/2019/03/Mehdi-Moghadam-Babamo-Nadidi-150...
- behm####.com/wp-content/uploads/2019/03/Meysam-Ebrahimi-Eshghe-Jazab-150...
- behm####.com/wp-content/uploads/2019/03/Meysam-Ebrahimi-Eshghe-Jazab-496...
- behm####.com/wp-content/uploads/2019/03/Meysam-Ebrahimi-Happy-98-150x150...
- behm####.com/wp-content/uploads/2019/03/Mohammad-Alizadeh-Yaram-Bash-150...
- behm####.com/wp-content/uploads/2019/03/Mohsen-Chavoshi-Halalam-Kon-150x...
- behm####.com/wp-content/uploads/2019/03/Mohsen-Chavoshi-Naavak-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Mohsen-Ebrahimzadeh-Yeki-Yedone-...
- behm####.com/wp-content/uploads/2019/03/Mohsen-Yeganeh-Dire-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Raha-Etemadi-Avalin-Bahar-150x15...
- behm####.com/wp-content/uploads/2019/03/ShaadCast-01-Cover-f_0-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/Siavash-Ghamsari-To-Ba-Mani-150x...
- behm####.com/wp-content/uploads/2019/03/Sina_Shabankhani-Majaraye-Eshgh-...
- behm####.com/wp-content/uploads/2019/03/Sohrab-Pakzad-Mard-Naboodi-150x1...
- behm####.com/wp-content/uploads/2019/03/alireza-talischi-final01-150x150...
- behm####.com/wp-content/uploads/2019/03/farzad-farzin-jazzab-150x150.jpg
- behm####.com/wp-content/uploads/2019/03/newrooz-pooster-1-150x150.jpg
Запросы HTTP POST:
- api.behm####.com/App/get_post.php
- api.behm####.com/App/new-music.php
- api.behm####.com/App/singer.php
- api.behm####.com/App/top-singer.php
- api.behm####.com/App/top10like30day.php
- api.behm####.com/App/top10like365day.php
- api.behm####.com/App/top10like7day.php
- api.behm####.com/App/version.php
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/034fb8ef2f7fbf67e4c66dfa0d1df009.0.tmp
- /data/data/####/034fb8ef2f7fbf67e4c66dfa0d1df009.1.tmp
- /data/data/####/05112aa7545b67c66d68b765bbaca6fd.0.tmp
- /data/data/####/05112aa7545b67c66d68b765bbaca6fd.1.tmp
- /data/data/####/051399e1b0d6444c5d01b6dbba460dd3.0.tmp
- /data/data/####/051399e1b0d6444c5d01b6dbba460dd3.1.tmp
- /data/data/####/08112b2799108dca18360b1976fcc7ae.0.tmp
- /data/data/####/08112b2799108dca18360b1976fcc7ae.1.tmp
- /data/data/####/17063a541ab5aa76f83bbacdfef8047f.0.tmp
- /data/data/####/17063a541ab5aa76f83bbacdfef8047f.1.tmp
- /data/data/####/188fc42a8b2c1b5c171aaf71fa9e98f1.0.tmp
- /data/data/####/188fc42a8b2c1b5c171aaf71fa9e98f1.1.tmp
- /data/data/####/1aa28bdd06561274b4226f70cb1b9425.0.tmp
- /data/data/####/1aa28bdd06561274b4226f70cb1b9425.1.tmp
- /data/data/####/1ea9c8b0c5dac5b13f9c7afaadf5ea13.0.tmp
- /data/data/####/1ea9c8b0c5dac5b13f9c7afaadf5ea13.1.tmp
- /data/data/####/25a47a63218cf463a790c4f83b1b3709.0.tmp
- /data/data/####/25a47a63218cf463a790c4f83b1b3709.1.tmp
- /data/data/####/338d861461133c24335f7dd6abbe82b9.0.tmp
- /data/data/####/338d861461133c24335f7dd6abbe82b9.1.tmp
- /data/data/####/45b506dc8e68402587fe9333267237b4.0.tmp
- /data/data/####/45b506dc8e68402587fe9333267237b4.1.tmp
- /data/data/####/461d939a90819ce68b990736a6a2b680.0.tmp
- /data/data/####/461d939a90819ce68b990736a6a2b680.1.tmp
- /data/data/####/469322913d7f2ee1d421a898e9122e3a.0.tmp
- /data/data/####/469322913d7f2ee1d421a898e9122e3a.1.tmp
- /data/data/####/4992977106268fa960674c08ac9e5bec.0.tmp
- /data/data/####/4992977106268fa960674c08ac9e5bec.1.tmp
- /data/data/####/54377acb7f4afb4c660cc86c8dc56817.0.tmp
- /data/data/####/54377acb7f4afb4c660cc86c8dc56817.1.tmp
- /data/data/####/568c99b5fce683420ba2325d7d2d6949.0.tmp
- /data/data/####/568c99b5fce683420ba2325d7d2d6949.1.tmp
- /data/data/####/5b8eeb3f29c0b73c09a59305235bc60f.0.tmp
- /data/data/####/5b8eeb3f29c0b73c09a59305235bc60f.1.tmp
- /data/data/####/5df389262ad3b21e95d6b07918ab623f.0.tmp
- /data/data/####/5df389262ad3b21e95d6b07918ab623f.1.tmp
- /data/data/####/5ea994b043e0311815815845eb49d28c.0.tmp
- /data/data/####/5ea994b043e0311815815845eb49d28c.1.tmp
- /data/data/####/621bde7a12a3957b2b4c9b5eefe460bf.0.tmp
- /data/data/####/621bde7a12a3957b2b4c9b5eefe460bf.1.tmp
- /data/data/####/752f884f197f52a06fd6b8ce6992534c.0.tmp
- /data/data/####/752f884f197f52a06fd6b8ce6992534c.1.tmp
- /data/data/####/83cfe9be2f78226b1ead383380840704.0.tmp
- /data/data/####/83cfe9be2f78226b1ead383380840704.1.tmp
- /data/data/####/8945ead8cf408dde12766434025967ec.0.tmp
- /data/data/####/8945ead8cf408dde12766434025967ec.1.tmp
- /data/data/####/9049ed815e938b1e95239955bcff9406.0.tmp
- /data/data/####/9049ed815e938b1e95239955bcff9406.1.tmp
- /data/data/####/90c6515d3889a19d9cf640109de09f2c.0.tmp
- /data/data/####/90c6515d3889a19d9cf640109de09f2c.1.tmp
- /data/data/####/9202530cd486d8850ce32d059ad23df6.0.tmp
- /data/data/####/9202530cd486d8850ce32d059ad23df6.1.tmp
- /data/data/####/9988d3bc14764e8ab236762b257459cd.0.tmp
- /data/data/####/9988d3bc14764e8ab236762b257459cd.1.tmp
- /data/data/####/9c2506d01e5b0ad4887c86398ab1d2ab.0.tmp
- /data/data/####/9c2506d01e5b0ad4887c86398ab1d2ab.1.tmp
- /data/data/####/MultiDex.lock
- /data/data/####/Prefs.xml
- /data/data/####/__pushe_base_lib_db-journal
- /data/data/####/a5134c8ef52fa858231fd6f17c33b8cd.0.tmp
- /data/data/####/a5134c8ef52fa858231fd6f17c33b8cd.1.tmp
- /data/data/####/ad07bbf6a90a83d865c5de504f1599f9.0.tmp
- /data/data/####/ad07bbf6a90a83d865c5de504f1599f9.1.tmp
- /data/data/####/afe0d819eeaef97b33412dc7c77ad31a.0.tmp
- /data/data/####/afe0d819eeaef97b33412dc7c77ad31a.1.tmp
- /data/data/####/b22c44507d0af289db8494504b75ca35.0.tmp
- /data/data/####/b22c44507d0af289db8494504b75ca35.1.tmp
- /data/data/####/b712aa16600c7885a9f3ec16cab13e21.0.tmp
- /data/data/####/b712aa16600c7885a9f3ec16cab13e21.1.tmp
- /data/data/####/b7fee09a5b09fb1cc93267958e46c311.0.tmp
- /data/data/####/b7fee09a5b09fb1cc93267958e46c311.1.tmp
- /data/data/####/beb1d5f42ad3a91414485c6382969e43.0.tmp
- /data/data/####/beb1d5f42ad3a91414485c6382969e43.1.tmp
- /data/data/####/c77a2b2a6340a9a27fc27b050b5672f8.0.tmp
- /data/data/####/c77a2b2a6340a9a27fc27b050b5672f8.1.tmp
- /data/data/####/c833ce2cd571fcb9e433b18717905912.0.tmp
- /data/data/####/c833ce2cd571fcb9e433b18717905912.1.tmp
- /data/data/####/cbeee81b0e4dd12aa8e65d7b00c05909.0.tmp
- /data/data/####/cbeee81b0e4dd12aa8e65d7b00c05909.1.tmp
- /data/data/####/cc9185202fa0476227208d5210206cc9.0.tmp
- /data/data/####/cc9185202fa0476227208d5210206cc9.1.tmp
- /data/data/####/ce0b2747673df913275638e8898ba325.0.tmp
- /data/data/####/ce0b2747673df913275638e8898ba325.1.tmp
- /data/data/####/co.ronash.pushe.keystore.xml
- /data/data/####/com.google.InstanceId.properties
- /data/data/####/com.google.android.gms.appid-no-backup
- /data/data/####/com.google.android.gms.appid.xml
- /data/data/####/com.google.android.gms.measurement.prefs.xml
- /data/data/####/d4cf31a9e9434678f4cf2f0ac95d1be8.0.tmp
- /data/data/####/d4cf31a9e9434678f4cf2f0ac95d1be8.1.tmp
- /data/data/####/d55b62b2148b7cfe534ca1f51d0d1937.0.tmp
- /data/data/####/d55b62b2148b7cfe534ca1f51d0d1937.1.tmp
- /data/data/####/d9dd7e8098df88cb8c757a12fca2e9ee.0.tmp
- /data/data/####/d9dd7e8098df88cb8c757a12fca2e9ee.1.tmp
- /data/data/####/de8503364e3f85c8503957d99d049520.0.tmp
- /data/data/####/de8503364e3f85c8503957d99d049520.1.tmp
- /data/data/####/deb5a76ee18769560269d7a20b3ab371.0.tmp
- /data/data/####/deb5a76ee18769560269d7a20b3ab371.1.tmp
- /data/data/####/device_id.xml.xml
- /data/data/####/e8b60e50dc818618b27490c69671f06c.0.tmp
- /data/data/####/e8b60e50dc818618b27490c69671f06c.1.tmp
- /data/data/####/ecceb8b83fe3ab93922a6980d6f17a4b.0.tmp
- /data/data/####/ecceb8b83fe3ab93922a6980d6f17a4b.1.tmp
- /data/data/####/evernote_jobs.db
- /data/data/####/evernote_jobs.db-journal
- /data/data/####/evernote_jobs.xml
- /data/data/####/f1bf83d874f479aa62bca546535774dc.0.tmp
- /data/data/####/f1bf83d874f479aa62bca546535774dc.1.tmp
- /data/data/####/f5edcd0ed7819ddbbaf24883f14ac5af.0.tmp
- /data/data/####/f5edcd0ed7819ddbbaf24883f14ac5af.1.tmp
- /data/data/####/fbff3be2cb6c1e2d4431366e26127a61.0.tmp
- /data/data/####/fbff3be2cb6c1e2d4431366e26127a61.1.tmp
- /data/data/####/google_app_measurement.db-journal
- /data/data/####/google_app_measurement_local.db
- /data/data/####/google_app_measurement_local.db-journal
- /data/data/####/journal.tmp
- /data/data/####/multidex.version.xml
- /data/data/####/music
- /data/data/####/music-journal
- /data/data/####/music.sqlite
- /data/data/####/unsent_requests
Другие:
Получает информацию о местоположении.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
