Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.859.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) m.kkk####.com:80
- TCP(HTTP/1.1) sdk.c####.com:80
- TCP(HTTP/1.1) qp.yunanfu####.com:80
- TCP(HTTP/1.1) mfs.y####.com:80
- TCP(HTTP/1.1) tvaxw####.g####.sina####.com:80
- TCP(TLS/1.0) ssls####.jom####.com:443
Запросы DNS:
- a####.u####.com
- g####.bdst####.com
- g####.bdst####.com
- g####.bdst####.com
- g####.bdst####.com
- l####.tbs.qq.com
- m.kkk####.com
- qp.yunanfu####.com
- r1.y####.com
- sdk.c####.com
- t####.sin####.cn
Запросы HTTP GET:
- m.kkk####.com/
- m.kkk####.com//Animation/index_1_____addtime__1.html
- m.kkk####.com//Arts/index_1_____addtime__1.html
- m.kkk####.com//microfilm/huoxianxingdong/
- m.kkk####.com//microfilm/index_1_____addtime__1.html
- m.kkk####.com//movie/index_1_____addtime__1.html
- m.kkk####.com//tv/index_1_____addtime__1.html
- mfs.y####.com/051000005CCACB4F8B9429232F06F894
- qp.yunanfu####.com/kubo/dex/luomi10.72.dex
- tvaxw####.g####.sina####.com/mw690/00692UBWly1g6xxifqldzj305006kgm7.jpg
- tvaxw####.g####.sina####.com/mw690/006NJnzmgy1fjzkb1odh3j309q0dwdi5.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1g71apvr2sfj307i0a0wes.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1g9hmc5mivzj3050073ju8.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1g9hmfzsd9zj306408kaar.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1g9jazusg4rj305k08c0t1.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gahzvtuldqj305007iad5.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gan46l6bdbj305k08c0sw.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gaq2r1cck0j305k08cjrn.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gaq34zxk6sj305k08cdg4.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gaq3azcj8yj305k08cq35.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gatijg54nrj307i0600su.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gavbb7ghvrj307i0aiglo.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gax02milkdj305k08cjrt.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gb4erbe6u3j307i0b9q3j.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gb6ulbwrsrj307i0ao74u.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gb7zxe1v6wj307i0andg5.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gb8094evoqj307i0b9dg6.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gba3zvb0qsj307p067jrn.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbex2lesq7j307i0a074e.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw0fjw5dcj305s08lwep.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw0hmlc8fj305f07a3yn.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw0kf1757j307i0b9aag.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw1bsb7gaj307i0ah3yp.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw1mzzgjvj305f0783z5.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw2b3ic5pj307i0b9gm8.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw2od9q8lj307i0b3t98.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw2vvac84j307i0ai3yl.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw3grfiufj307i0anwf6.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw3xgrk83j307i0abt96.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbw4062ba6j307i0aqaah.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gby58emzbaj307e0ai3yo.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gby5bwnctgj307i0b9mxq.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gby5ek4n82j305o08f3ym.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gbzs7zt7frj307i0b8t9d.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2qpz1hjvj307v0ajn2o.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2qt3qrynj307i0b4t8y.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2qvunvvbj307i0b2q39.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2r6og8vnj307i0a6t91.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2rl5mi2mj307f0b1mxj.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2rp1vkdxj308l0a7t8r.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2rthyl2mj307i0amjrr.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2rwf2juzj307i0a0wek.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2rzvbktkj307i0aodfy.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZgy1gc2tueujbdj307i0a83yo.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g7ksciuo2ij307i0acaan.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g7ksiqyrymj305k08cq34.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g7sw1zhrbsj305k08c3yw.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g87wdm1r84j305k08cgls.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g8ik3a4ibuj307i0b30t6.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g8puffvnsjj307i0b93z8.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g8twmxomwtj307h0b50t5.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g8txq3i4irj305007nq5s.jpg
- tvaxw####.g####.sina####.com/mw690/007uqsSZly1g8v1rh1be5j305k08c74k.jpg
- tvaxw####.g####.sina####.com/mw690/c78ab0b6gy1g2fewncmsuj206408kt99.jpg
- tvaxw####.g####.sina####.com/mw690/c78ab0b6gy1g2fewnsghpj206408kmxy.jpg
Запросы HTTP POST:
- a####.u####.com/app_logs
- sdk.c####.com/versiontapi.php?v=####&type=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/08c4fbda95912f0d7d1b8b746ae7ff63f6c791310f16219....0.tmp
- /data/data/####/0bbed6cf0d8a6c8b4771d6d87086f2c4027cedc70656789....0.tmp
- /data/data/####/0e61d311745e7566f683150bd33e5b4a4b25008699dd13b....0.tmp
- /data/data/####/112dc4c8a09b39decfd16d28c92ff1c689bf45ba4c0c22c....0.tmp
- /data/data/####/1278b850b37872d36378e99daabdca9cf6563ed80ad77ae....0.tmp
- /data/data/####/13b6ce4be15c504c4995f87495e292551b9d8c387bb2508....0.tmp
- /data/data/####/1b1c48e5f74f70283e9a6956f4568e5317a1f5ac044f352....0.tmp
- /data/data/####/1ef3d65252fe40842c50d2d139c1e8b9792217a64310a06....0.tmp
- /data/data/####/22bf87774c46370e8971e24242930bcde261cb039d2ec5d....0.tmp
- /data/data/####/23a4035486b72e6a257019258cfcdf0fe1ea275222ad70f....0.tmp
- /data/data/####/2660f9f7be956733dcea248025d4244e722e9ae951b94c7....0.tmp
- /data/data/####/276d049ba5e12c0edda99b5741c21c6072a83c31ab8a395....0.tmp
- /data/data/####/32fa5bf4b8cd73fd4b5b672be5fec8b291e07bd23c77cf3....0.tmp
- /data/data/####/35cd07e1ba3e6ce93661cd36b63d6aa113ec8238e542697....0.tmp
- /data/data/####/38f9f1ea23912a13a70a0605be04565319ef65dfea14755....0.tmp
- /data/data/####/3bc4184ef1e35661fcb4719c848bacc0e02a1bb6246329b....0.tmp
- /data/data/####/432c796c04773e99938a3a32879f6ee3b3b6200ebc8afab....0.tmp
- /data/data/####/4332c5af3f889aef09771b17e7d7549f4e56e3b95ed4966....0.tmp
- /data/data/####/4a7a23415d86af7b30a5c8ffd9365bd28f9f1035408ebc1....0.tmp
- /data/data/####/4a99844a71a5d306f46a959f0ee25ad490fb723c18149dc....0.tmp
- /data/data/####/4c4f760f54aca39d5078ec53eef5370481f89dd08b8a645....0.tmp
- /data/data/####/504ee58ab676158ae21b1e694fe9b73acea01c2e42dd3da....0.tmp
- /data/data/####/57a3b993658a3575a34a13318c2015665758c7282dd1f42....0.tmp
- /data/data/####/57ad2dc8638100b8e2e67758a808a3415255a0523eeff25....0.tmp
- /data/data/####/59acf9a4e7dd9317ce94edd0421470a677ff25f14e11c5f....0.tmp
- /data/data/####/5b02d58b09d2ed995af59aea57f224cb8225c0c13822c04....0.tmp
- /data/data/####/5f328bdf398fc22662f94fdfaa5dd5a0a4101ee44aae639....0.tmp
- /data/data/####/601c60d43065112743ce90c8b46f196c0129a7fa9638d9e....0.tmp
- /data/data/####/6219a21c2211b6939d90a2650cc3d110ed2ce11b51253b0....0.tmp
- /data/data/####/6227d9457e6cc97240199aa16cc9163f718d30eb90dfac8....0.tmp
- /data/data/####/62678a235b8efeef8b60f8316e651d9da0cef6285fc9217....0.tmp
- /data/data/####/62ccbaded8bf400ac9be7abdbd94d3c5b622ffa4bb72868....0.tmp
- /data/data/####/6d8fde82c81d6d47a0855e753f8287f1cbde9d48a004ce2....0.tmp
- /data/data/####/6e6f6eed7271468ce69c25dd4704bda84fd18a14dc92eb2....0.tmp
- /data/data/####/73e6bb0f21b95cdd8adb8ccacd15f95a4e6ae21a29bc72d....0.tmp
- /data/data/####/74f28b7a50fa9596dfcd9870cbc902e946f8536f7dc9058....0.tmp
- /data/data/####/74fc5325f3da718a5aa3991e6cb59cd597ea761a086cdc3....0.tmp
- /data/data/####/78483ce3264ad58c8db0f50e7799abc2b96f66db4b2d846....0.tmp
- /data/data/####/79d5d1dc10c1190d08804423d5dbd9a8db37314f4eb98cb....0.tmp
- /data/data/####/7a81e52c68d0e19c4265e9ac570d1e6381af24834ee1a50....0.tmp
- /data/data/####/7b3badd13864f5e8d22bbf2437cc974d182a2019a9e4e33....0.tmp
- /data/data/####/7edd70f84b26723c8408e888233896dcee8ce57806447b8....0.tmp
- /data/data/####/81ed5619c26b2080e89f6b26b687fbf48239f5ed2a606f4....0.tmp
- /data/data/####/835d35edb11ef2e25dd80d6f550a68e7ec52a154f813abd....0.tmp
- /data/data/####/84dc935a8e58493ed1aef6b74f55b17ab3ae1f2a1b5fab6....0.tmp
- /data/data/####/85cb6b0b49e0f76cf89fd8fefe049dcf5d09513393351c3....0.tmp
- /data/data/####/88641dbd21767f07658f1eab4dbbd174df6e381bc7ae67a....0.tmp
- /data/data/####/889c57e8458458196e62881b597e702d2d493246174ffc5....0.tmp
- /data/data/####/89cb40333ace8fd2d2e69cb62271f1caea020daf30ebb55....0.tmp
- /data/data/####/8e411193bba1186f28fd9fb9f042f28f1689c25ae667408....0.tmp
- /data/data/####/8f6425d9abdf6608e201f0c8a1716e8e98e83751b1704f6....0.tmp
- /data/data/####/93aac4afea849a51083e50f6c5b413b349454b5daaf85f2....0.tmp
- /data/data/####/95da840e93e66868e4853b9d4eb562440f719df340dc9f4....0.tmp
- /data/data/####/9b6b73b5d59d1d5d732c4c7cb1c04a75ba2ba3fda2853bf....0.tmp
- /data/data/####/9c62202cd209ff93cc969df816259200d276bf5dc0fb942....0.tmp
- /data/data/####/9fc4a2505795f585ce1d16d1fa153accaa3284c26a7cd1d....0.tmp
- /data/data/####/DownloadTaskStore.db-journal
- /data/data/####/a27304b09a36ad6049fdf2f489816c00b06e3be0bcb35e7....0.tmp
- /data/data/####/a2b1eb926dd4530d2ca3cc07efceaa6b5861a74fe9041b3....0.tmp
- /data/data/####/a3cedb40641cdb8ebfc77ce52bdd5fcd9404898e59b26e8....0.tmp
- /data/data/####/b30e4c0e99c037d8c8454b9fea9a1c57a333b34d37b3bf7....0.tmp
- /data/data/####/b8202df0d6b5154d330ca91be14ffebed43dad4ad234544....0.tmp
- /data/data/####/bdbbcb6036233808fecb21976d46c06791ac7357f6724fe....0.tmp
- /data/data/####/be3832b4ff00dc0bf3eac6f6cab1990b54fcbb22828b79e....0.tmp
- /data/data/####/c5a08792612b81b552a1fced3f39f093d6d9f3bccd2919a....0.tmp
- /data/data/####/c5c736874e744452e07864fc6dacb6536ce06ff837b2bfa....0.tmp
- /data/data/####/c74043f1ec06d6ce2c4e624cda4209ab56f5dc3e60fb1da....0.tmp
- /data/data/####/c8b531c357c0db0a59b899bc73f1a954408c178964cbd15....0.tmp
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/ce0ecc414a62bdf756467f33788bad6d352a161ef0bb3af....0.tmp
- /data/data/####/cf309476e51b0e120121154d64c387fc8c4aac9debe12a9....0.tmp
- /data/data/####/cf58537ffad55265a790811163e31c0bc4212453b957f1c....0.tmp
- /data/data/####/core_info
- /data/data/####/d1caac411745e602f4550062430312867ec8bfadbecf2ea....0.tmp
- /data/data/####/d2da2c03c050977a5b6106a4f12d51c0efd83ec07004927....0.tmp
- /data/data/####/d310de3b2118aacc27d6983fbfbc879fbeb39effa7e38c1....0.tmp
- /data/data/####/d3ae2a8e5daaf04d9f22258765ad0a00b376877e6e12b18....0.tmp
- /data/data/####/d5cb79d3f637202ae726646b6a5c691fe2ec7adfa98d74b....0.tmp
- /data/data/####/ddbab12d9d9b9284aeb399a76b8b30880bc271fcd2bc716....0.tmp
- /data/data/####/df1f6317cf0c06c7fd40bc7fcb8b83c7787d4d8b4b547d4....0.tmp
- /data/data/####/df3f7a53a387bfc1e1fd9d8091943da579fa2548d9f4102....0.tmp
- /data/data/####/dianrui_cache.xml
- /data/data/####/dianshilove.db
- /data/data/####/dianshilove.db-journal
- /data/data/####/e21341345f63854ca239d2535299013d7badbe1f4a3214b....0.tmp
- /data/data/####/e3cb93433a2381be4f79cf06f2cc34f301fd4f934fdd211....0.tmp
- /data/data/####/e840e4c334cdc3d10b7d96f5762da9b694cc22ad3540907....0.tmp
- /data/data/####/ef824f3d5cdfe531422379f4b74effadc9141fbf0633255....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f02581be52d808d030cc9bd939ad483df5a04f82fa6db1a....0.tmp
- /data/data/####/f712d2933b0ff5754a6e16537eef9a4f43b42156ac5a99b....0.tmp
- /data/data/####/f8a9c592af7f5bee48d2fcdbb39d51dd690df0110a56fc5....0.tmp
- /data/data/####/faba2249bcb9a3baeecac0207f18179528f114ec934a495....0.tmp
- /data/data/####/fb878cfc311538a666c15db7ff485c6951fc3726c9a9b27....0.tmp
- /data/data/####/fb8c76664a86e685cc5497ffe0bef1c76c616ef4312b321....0.tmp
- /data/data/####/hirtory.db
- /data/data/####/hirtory.db-journal
- /data/data/####/jg_so_upgrade_setting.xml
- /data/data/####/journal.tmp
- /data/data/####/libjiagu.so
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbslock.txt
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/media/####/tbslog.txt
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- getprop ro.product.cpu.abi
Загружает динамические библиотеки:
- libjiagu
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS7Padding
- RSA-ECB-NoPadding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Отрисовывает собственные окна поверх других приложений.
