Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.714.origin
- Android.DownLoader.916.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) d####.cn:80
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) www.pc####.com.####.cn:80
- TCP(HTTP/1.1) dsp.xuan####.com:80
- TCP(HTTP/1.1) tc.c####.com:80
- TCP(HTTP/1.1) qzones####.g####.cn.####.com:80
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) err.ta####.com:80
- TCP(HTTP/1.1) u####.dspliul####.com:99
- TCP(HTTP/1.1) i.c####.com.####.com:80
- TCP(HTTP/1.1) 58.2####.92.50:808
- TCP(HTTP/1.1) s####.al####.com:80
- TCP(HTTP/1.1) a####.caiji####.com:80
- TCP(HTTP/1.1) f####.c####.com:80
- TCP(HTTP/1.1) f####.caiji####.com:80
- TCP(HTTP/1.1) 61.1####.252.113:80
- TCP(HTTP/1.1) ipp.zhito####.com:99
- TCP(HTTP/1.1) c####.zhito####.com:8881
- TCP(HTTP/1.1) c####.zhito####.com:99
- TCP(HTTP/1.1) cc.zbe####.org:80
- TCP(HTTP/1.1) k####.caiji####.com.####.com:80
- TCP(HTTP/1.1) ext.xuan####.com:80
- TCP(HTTP/1.1) ivy.pcon####.com.cn:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) ei.c####.com:80
- TCP(HTTP/1.1) www.yq####.com:80
- TCP(HTTP/1.1) adcha####.bz.m####.com:80
- TCP(HTTP/1.1) d.sin####.cn.####.net:80
- TCP(HTTP/1.1) c####.zhito####.com:808
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) ip.remo####.com:807
- TCP(HTTP/1.1) p####.caiji####.com:80
- TCP(HTTP/1.1) 58.2####.198.157:999
- TCP(HTTP/1.1) t.hy####.com.cn:80
- TCP(HTTP/1.1) s2.z####.cn:80
- TCP(HTTP/1.1) www.a.sh####.com:80
- TCP(HTTP/1.1) ia.xuan####.com:80
- TCP(HTTP/1.1) d####.wos####.com:80
- TCP(HTTP/1.1) ar.3con####.com:80
- TCP(HTTP/1.1) c.c####.com:80
- TCP(HTTP/1.1) ipp.zhito####.com:807
- TCP(HTTP/1.1) w.i####.com:80
- TCP(HTTP/1.1) ic.o####.net:80
- TCP(HTTP/1.1) bbs.c####.com.####.com:80
- TCP(HTTP/1.1) ucst####.c####.com.####.com:80
- TCP(HTTP/1.1) w####.c####.com:80
- TCP(HTTP/1.1) dl.huih####.com.####.com:80
- TCP(HTTP/1.1) h####.m####.com:80
- TCP(HTTP/1.1) s####.caiji####.com:666
- TCP(HTTP/1.1) i####.d####.cn:80
- TCP(HTTP/1.1) c####.zhito####.com:999
- TCP(HTTP/1.1) ia.z####.net:80
- TCP(HTTP/1.1) ask.c####.com.####.com:80
- TCP(TLS/1.0) i####.pcon####.com.####.cn:443
- TCP(TLS/1.0) cap####.d####.com:8099
- TCP(TLS/1.0) www.pcon####.com.cn:443
- TCP(TLS/1.0) m.pc####.com.cn:443
- TCP(TLS/1.0) web.da.m####.com:443
- TCP(TLS/1.0) c####.pc####.com.cn:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) a####.d####.com:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) u.j####.com:443
- TCP(TLS/1.0) err.ta####.com:443
- TCP(TLS/1.0) log.mm####.com:443
- TCP(TLS/1.0) wtc.d####.com:443
- TCP(TLS/1.0) et2.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) img.pcon####.com.####.cn:443
- TCP(TLS/1.0) wl.jd.com.####.com:443
- TCP(TLS/1.0) i####.u####.cn:443
- TCP(TLS/1.0) m####.pc####.com.cn:443
- TCP(TLS/1.0) v.adma####.com.cn:443
- TCP(TLS/1.0) dl.pcon####.com.cn:443
- TCP(TLS/1.0) ec####.b####.com:443
- TCP(TLS/1.0) g####.api.m####.com:443
- TCP(TLS/1.0) www.m####.com:443
- TCP(TLS/1.0) p####.m.jd.com:443
- TCP(TLS/1.0) i####.d####.com:443
- TCP(TLS/1.0) sw4.d####.com:443
- TCP(TLS/1.0) w.i####.com:443
- TCP(TLS/1.0) cr.3con####.com:443
- TCP(TLS/1.0) img.pc####.com.cn:443
- TCP(TLS/1.0) pcwe####.log.m####.com:443
- TCP(TLS/1.0) mg####.pcon####.com.cn:443
- TCP(TLS/1.0) po####.pc####.com.cn:443
- TCP(TLS/1.0) h####.m####.com:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) www.pc####.com.####.cn:443
- TCP(TLS/1.0) ims-####.sm.cn:443
- TCP(TLS/1.0) na61-####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) st3.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) mp.we####.qq.com:443
- TCP(TLS/1.0) p####.pc####.com.cn:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) ivy.pcon####.com.cn:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) s####.al####.com:443
- TCP(TLS/1.0) i.gridsum####.com:443
- TCP(TLS/1.0) ei.c####.com:443
- TCP(TLS/1.0) s2.z####.cn:443
- TCP(TLS/1.0) mipst####.s####.cn:443
- TCP(TLS/1.0) g.cn.miao####.com:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) js.3con####.com.####.cn:443
- TCP(TLS/1.0) p####.api.m####.com:443
- TCP(TLS/1.0) cdn.boo####.com.####.com:443
- TCP(TLS/1.0) mr####.pc####.com.cn:443
- TCP(TLS/1.0) counter####.pc####.com.cn:443
- TCP(TLS/1.0) g.al####.com:443
Запросы DNS:
- 133.86.31.####.arpa
- 164.121.59.####.arpa
- 165.121.59.####.arpa
- 168.121.59.####.arpa
- 171.86.31.####.arpa
- 189.86.31.####.arpa
- 491####.t.hy####.####.cn
- a####.caiji####.com
- a####.caiji####.com
- a####.d####.com
- a####.m.sm.cn
- ad.7d####.com
- adcha####.bz.m####.com
- ar.3con####.com
- ask.c####.com
- at.umt####.com
- ba####.c####.com
- bbs.c####.com
- c####.mm####.com
- c####.pc####.com.cn
- c####.zhito####.com
- c.c####.com
- cap####.d####.com
- cc.zbe####.org
- cdn.boo####.com
- counter####.pc####.com.cn
- cr.3con####.com
- d####.cn
- d####.wos####.com
- dl.huih####.com
- dl.pcon####.com.cn
- dsp.xuan####.com
- dup.baidust####.com
- ec####.b####.com
- ei.c####.com
- err.ta####.com
- ext.xuan####.com
- f####.c####.com
- f####.c####.com
- f####.caiji####.com
- fou####.ta####.com
- g####.api.m####.com
- g####.c####.com
- g.al####.com
- g.cn.miao####.com
- gm.mm####.com
- gw.al####.com
- h####.b####.com
- h####.m####.com
- hm.b####.com
- i####.360bu####.com
- i####.d####.cn
- i####.d####.com
- i####.pc####.com.cn
- i####.pcon####.com.cn
- i####.u####.cn
- i####.uc.cn
- i.c####.com
- i.gridsum####.com
- ia.xuan####.com
- ia.z####.net
- ic.huihui####.net
- ic.o####.net
- id.d####.com
- im####.pc####.com.cn
- im####.pcon####.com.cn
- img.d####.com
- img.pc####.com.cn
- img.pcon####.com.cn
- ims-####.sm.cn
- ip.remo####.com
- ipp.zhito####.com
- ivy.pc####.com.cn
- ivy.pcon####.com.cn
- js.3con####.com
- jwz.3con####.com
- k####.caiji####.com
- l####.m.sm.cn
- log.mm####.com
- m####.pc####.com.cn
- m.360bu####.com
- m.m####.cn
- m.pc####.com.cn
- ma####.m.ta####.com
- mg####.pcon####.com.cn
- mipst####.s####.cn
- mp.we####.qq.com
- mr####.pc####.com.cn
- mt####.go####.com
- n####
- o####.sin####.cn
- p####.api.m####.com
- p####.caiji####.com
- p####.m.jd.com
- p####.pc####.com.cn
- pco####.c####.com
- pco####.sm.cn
- pcwe####.log.m####.com
- po####.pc####.com.cn
- pos.b####.com
- pv.s####.com
- qzones####.g####.cn
- s####.al####.com
- s####.caiji####.com
- s####.m.sm.cn
- s11.c####.com
- s19.c####.com
- s2.z####.cn
- s20.c####.com
- s22.c####.com
- s4.c####.com
- s5.c####.com
- s9.c####.com
- s95.c####.com
- sdk.xuan####.com
- sto####.360bu####.com
- sw4.d####.com
- tc.c####.com
- u####.dspliul####.com
- u.j####.com
- ucst####.c####.com
- v.adma####.com.cn
- v.t.q####.com
- v1.c####.com
- w####.c####.com
- w####.jd.com
- w####.pc####.com.cn
- w####.pcon####.com.cn
- w####.pcon####.com.cn
- w.i####.com
- web.da.m####.com
- wtc.d####.com
- www.b####.com
- www.c####.com
- www.m####.com
- www.pc####.com.cn
- www.pcon####.com.cn
- www.yq####.com
- y####.m.sm.cn
- z1.c####.com
- z11.c####.com
- z12.c####.com
- z2.c####.com
- z3.c####.com
- z6.c####.com
- z8.c####.com
- z9.c####.com
Запросы HTTP GET:
- 58.2####.92.50:808/gh.html
- a####.caiji####.com/a/asdf?cnl=####&vv=####&vv2=####&aid=####&sid=####&d...
- adcha####.bz.m####.com/direct?cc=####
- ar.3con####.com/u/a39fb76a/768cfd3a/c07ca239/4b7d168b.html?ipl-53####
- ar.3con####.com/u/a39fb76a/768cfd3a/c07ca239/4b7d168b.html?ipl-535####
- ask.c####.com.####.com/askques/questions/show/677014
- ask.c####.com.####.com/css/layout1.css
- ask.c####.com.####.com/d/article.php/23759
- ask.c####.com.####.com/images/icon-cms2.gif
- ask.c####.com.####.com/img/new_85_1.gif
- ask.c####.com.####.com/js/baobao.js
- ask.c####.com.####.com/js/imagerollover.js
- ask.c####.com.####.com/js_revsci.html
- ask.c####.com.####.com/style/iask.css
- ask.c####.com.####.com/style/images/ask-cms-top-2.gif
- ask.c####.com.####.com/style/images/ask_done.gif
- ask.c####.com.####.com/style/images/ask_tiwen.jpg
- ask.c####.com.####.com/styles/cms.css
- ask.c####.com.####.com/styles/images/bg.gif
- ask.c####.com.####.com/styles/images/ci123_logo.gif
- ask.c####.com.####.com/styles/images/nav_bg.jpg
- ask.c####.com.####.com/styles/images/nav_mall_left.gif
- ask.c####.com.####.com/styles/images/nav_menu2_bg.gif
- ask.c####.com.####.com/styles/images/nav_menu2_block.gif
- ask.c####.com.####.com/styles/images/nav_menu2_block2.gif
- ask.c####.com.####.com/styles/images/nav_menu2_right.gif
- ask.c####.com.####.com/styles/images/nav_menu3_bg.gif
- ask.c####.com.####.com/styles/images/nav_menu3_s.gif
- ask.c####.com.####.com/styles/images/nav_tool.gif
- ask.c####.com.####.com/styles/images/search_sub.gif
- ask.c####.com.####.com/styles/menu_style_v2.css?v=####
- bbs.c####.com.####.com/d/post/18580723.html
- c####.zhito####.com:808/pctja.html
- c####.zhito####.com:8881/wap/index.html
- c####.zhito####.com:99/funt/index.html
- c####.zhito####.com:999/tat/index.php
- c.c####.com/core.php?web_id=####&t=####
- c.c####.com/stat.php?id=####
- c.c####.com/stat.php?id=####&web_id=####
- c.c####.com/z_stat.php?id=####
- c.c####.com/z_stat.php?id=####&web_id=####
- cc.zbe####.org/PClick.aspx?AID=####&KEY=####
- d####.cn/cdn.html
- d####.cn/fenpei.html?2####
- d####.cn/fenpei.html?c####
- d####.cn/ydc.html
- d####.cn/ydm.html
- d####.wos####.com/upload/csaa.jsp?a=####&b=####&c=####&d=####&e=####&f=#...
- d.sin####.cn.####.net/wikipic/icon/16x16.png
- dl.huih####.com.####.com/iad/1818/SK1818/0000/1/V.1.20032000(FCD)/c6e22f...
- dl.huih####.com.####.com/iad/dspClick/202004/14865800274a4566b926142f29c...
- dl.huih####.com.####.com/iad/dspTemplate/2018/12/18ec0eaf900d41f5b0ca49b...
- dl.huih####.com.####.com/iad/dspTemplate/2018/9/0955891b78ac4f259c9c185b...
- dl.huih####.com.####.com/iad/dspTemplate/2019/10/538e1b08a2da4338bd3bc93...
- dl.huih####.com.####.com/iad/dspTemplate/2019/10/b3f281692fed4f989a30a92...
- dl.huih####.com.####.com/iad/dspTemplate/2019/12/b91b093d4c67458a814fac1...
- dl.huih####.com.####.com/iad/dspTemplate/2019/5/25dcb904a4234f8aa7a8a69a...
- dl.huih####.com.####.com/iad/dspTemplate/2019/5/c3b3a57aea2d40f89b6ba407...
- dl.huih####.com.####.com/iad/dspTemplate/2019/5/eaae73d628624ebcb0787a0f...
- dl.huih####.com.####.com/iad/dspTemplate/2019/7/80522e8dde4041389c95e5e9...
- dl.huih####.com.####.com/iad/dspTemplate/2019/7/d282fd53456d47adb86b03f2...
- dl.huih####.com.####.com/iad/dspTemplate/2019/8/3c6fb2cea09d4fe5b8e8ad10...
- dl.huih####.com.####.com/iad/dspTemplate/2019/8/ef8391a49164404bb98b6b8a...
- dl.huih####.com.####.com/iad/dspTemplate/2019/9/d35d7556f48e4858a37e46f4...
- dl.huih####.com.####.com/iad/dspTemplate/2020/1/18646b1c95d240519ecd66da...
- dl.huih####.com.####.com/iad/dspTemplate/2020/2/247e9da745b4442cb0b67006...
- dl.huih####.com.####.com/iad/dspTemplate/2020/3/03c40a98a9004fe1aee53ef3...
- dl.huih####.com.####.com/iad/dspTemplate/2020/3/82d9bbbe56564f28aea77d59...
- dl.huih####.com.####.com/iad/dspTemplate/2020/3/f6d609e9c43248358ebe2451...
- dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...
- dup.baidust####.com/js/os.js
- ei.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sh...
- err.ta####.com/error1.html?c=404&u=/hz.aplus.taobao.org/app.gif?&cna=93w...
- f####.c####.com/tcjs.php?time=####
- f####.caiji####.com/v1/cc/mobile?brand=####&model=####&andid=####&andv=#...
- gd.a.s####.com/cityjson?ie=####
- gm.mm####.com/9.gif?abc=####&rnd=####
- h####.m####.com/favicon.ico
- i####.d####.cn/goldcool.php?id=####
- i.c####.com.####.com/style/images/ask_bg.gif
- i.c####.com.####.com/style/images/tab_pink_r_b.gif
- i.c####.com.####.com/styles/images/nav_bg.jpg
- i.c####.com.####.com/styles/images/nav_menu2_block.gif
- ip.remo####.com:807/528/qing.html
- ipp.zhito####.com:807/1102/0.html
- ipp.zhito####.com:807/1102/index.html
- ipp.zhito####.com:807/1102/qing.html
- ipp.zhito####.com:807/1102/yrc_001mobile.js
- ipp.zhito####.com:99/wap/index.php
- ivy.pcon####.com.cn/click?id=####&adid=####&watch=####
- k####.caiji####.com.####.com/jm1584952315919_utils.ttf
- k####.caiji####.com.####.com/searchss2.min.js
- pos.b####.com/bfp/snippetcacher.php?dpv=####&di=####
- qzones####.g####.cn.####.com/ac/qzone_v5/app/app_share/qz_logo.png
- s####.al####.com/L1/272/3019/shenma-client/logo/57.png
- s####.al####.com/L1/272/6837/static/wap/img/sc/news_top_list/news_rank_t...
- s####.al####.com/L1/272/6837/static/wap/img/uc-32.png
- s####.al####.com/L1/272/6837/static/wap/img/uc.png
- s2.z####.cn/ims?kt=####&at=####&key=aHR####&sign=yx####&tv=####&x####
- t.hy####.com.cn/hat?_t=####&type=####&hat_iesid=####&_inst=####&hat_id=#...
- tc.c####.com/adscache/caches/109.js?n=####
- tc.c####.com/adscache/caches/160.js?n=####
- tc.c####.com/adscache/caches/163.js?n=####
- tc.c####.com/adscache/caches/177.js?n=####
- tc.c####.com/adscache/caches/178.js?n=####
- tc.c####.com/adscache/caches/183.js?n=####
- tc.c####.com/adscache/caches/187.js?n=####
- tc.c####.com/adscache/caches/217.js?n=####
- tc.c####.com/adscache/caches/227.js?n=####
- tc.c####.com/adscache/caches/238.js?n=####
- tc.c####.com/adscache/caches/240.js?n=####
- tc.c####.com/adscache/caches/242.js?n=####
- tc.c####.com/adscache/caches/243.js?n=####
- tc.c####.com/adscache/caches/245.js?n=####
- tc.c####.com/adscache/caches/246.js?n=####
- tc.c####.com/adscache/caches/25.js?n=####
- tc.c####.com/adscache/caches/26.js?n=####
- tc.c####.com/adscache/caches/296.js?n=####
- tc.c####.com/adscache/caches/308.js?n=####
- tc.c####.com/adscache/caches/324.js?n=####
- tc.c####.com/adscache/caches/340.js?n=####
- tc.c####.com/adscache/caches/393.js?n=####
- tc.c####.com/adscache/caches/401.js?n=####
- tc.c####.com/adscache/caches/41.js?n=####
- tc.c####.com/adscache/caches/46.js?n=####
- tc.c####.com/adscache/caches/499.js?n=####
- tc.c####.com/adscache/caches/56.js?n=####
- tc.c####.com/adscache/caches/72.js?n=####
- tc.c####.com/adx.js
- tc.c####.com/iframeads/adsdispatch.php?pid=####
- tc.c####.com/js/tcjs.php
- u####.dspliul####.com:99/IP/Index/geturls
- u####.dspliul####.com:99/Public/Access/js/modules/common.js
- u####.dspliul####.com:99/Public/Access/js/modules/creifr.js
- u####.dspliul####.com:99/ip/index.html
- ucst####.c####.com.####.com/askques/expert/getAll
- ucst####.c####.com.####.com/avatar/150/150267.png
- ucst####.c####.com.####.com/avatar/2097/2097195.png
- ucst####.c####.com.####.com/avatar/2122/2122098.png
- ucst####.c####.com.####.com/avatar/2165/2165288.png
- ucst####.c####.com.####.com/avatar/37261/37261674.png?124963####
- ucst####.c####.com.####.com/avatar/700/700118.png
- ucst####.c####.com.####.com/css/images/foot-pic-836x60.gif
- ucst####.c####.com.####.com/globalMsg.js
- ucst####.c####.com.####.com/images/ico-25x25.gif
- ucst####.c####.com.####.com/images/icon-cms1.gif
- ucst####.c####.com.####.com/js/cookie.js?2009101####
- ucst####.c####.com.####.com/js/iwt1.0.1.js
- ucst####.c####.com.####.com/js/new_sw.js?t=####
- ucst####.c####.com.####.com/linkserver.php?action=####&time=####
- ucst####.c####.com.####.com/style/ask.css?v=####
- ucst####.c####.com.####.com/style/frame-inner.css
- ucst####.c####.com.####.com/style/images/ask-cms-but-88x25.gif
- ucst####.c####.com.####.com/style/images/ask-cms-icon-14x14.gif
- ucst####.c####.com.####.com/style/images/ask2_blind4.gif
- ucst####.c####.com.####.com/style/images/ask_good.gif
- ucst####.c####.com.####.com/style/images/ask_green.gif
- ucst####.c####.com.####.com/style/images/ask_pink.gif
- ucst####.c####.com.####.com/style/images/ask_return.jpg
- ucst####.c####.com.####.com/style/images/tab_pink_d.gif
- ucst####.c####.com.####.com/style/images/tab_pink_l_b.gif
- ucst####.c####.com.####.com/style/images/tab_pink_l_t.gif
- ucst####.c####.com.####.com/style/images/tab_pink_r_t.gif
- ucst####.c####.com.####.com/style/images/zj_online_bg.gif
- ucst####.c####.com.####.com/style/images/zj_online_foot.gif
- ucst####.c####.com.####.com/style/images/zj_online_t.gif
- ucst####.c####.com.####.com/style/word.css
- ucst####.c####.com.####.com/styles/images/bg.gif
- ucst####.c####.com.####.com/styles/images/ci123_logo_ask.gif
- ucst####.c####.com.####.com/styles/images/icon.gif
- ucst####.c####.com.####.com/styles/images/nav_city_bg_160.gif
- ucst####.c####.com.####.com/styles/images/nav_mall_left.gif
- ucst####.c####.com.####.com/styles/images/nav_menu2_bg.gif
- ucst####.c####.com.####.com/styles/images/nav_menu2_right.gif
- ucst####.c####.com.####.com/styles/images/nav_menu3_bg.gif
- ucst####.c####.com.####.com/styles/images/nav_menu3_s.gif
- ucst####.c####.com.####.com/styles/images/search_sub.gif
- ucst####.c####.com.####.com/styles/images/tabnavi.gif
- ucst####.c####.com.####.com/styles/menu_style.css?v=####
- w####.c####.com/abc/xyz/point/index.php
- w.i####.com/iwt/a.gif?url=####&ua=####&uuid=####&sign=####&ts=####
- www.a.sh####.com/
- www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
- www.yq####.com/article/100008987412w.html
- www.yq####.com/article/script.js
- z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
Запросы HTTP HEAD:
- dl.huih####.com.####.com/iad/1818/SK1818/0000/1/V.1.20032000(FCD)/c6e22f...
- dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...
Запросы HTTP POST:
- a####.caiji####.com/v2/load/mobile
- d####.wos####.com/upload/event2.jsp
- d####.wos####.com/upload/event9.jsp
- d####.wos####.com/upload/longheartbeat.jsp
- d####.wos####.com/upload/sdklongheartbeat.jsp
- dsp.xuan####.com/ps/getDspConfig.do
- ext.xuan####.com/ps/getCommandConfig.do
- ext.xuan####.com/ps/getWakeConfig.do
- f####.caiji####.com/v3/task/mobile
- ia.xuan####.com/ps/active.do
- ia.xuan####.com/ps/getAppType.do
- ia.xuan####.com/ps/getConfig.do
- ia.xuan####.com/ps/getNAD.do
- ia.xuan####.com/ps/newUserApp.do
- ia.xuan####.com/ps/platformStat.do
- ia.xuan####.com/ps/updatesdk.do
- ia.xuan####.com/ps/userAppInfo.do
- ia.z####.net/ps/actionLog.do
- ia.z####.net/ps/appShare.do
- ia.z####.net/ps/dataPullShile.do
- ia.z####.net/ps/getSpecialChannel.do
- ia.z####.net/ps/userMobileInfo.do
- ia.z####.net/ps/userSdkInfo.do
- ic.o####.net/domain/domainConfig.do
- p####.caiji####.com/klv2/sdkkl/mobile
- s####.caiji####.com:666/v1/config
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1863722794_app_spf_scli.xml
- /data/data/####/-1863722794_rss_pl_cty.xml
- /data/data/####/-1863722794_rws_sp.xml
- /data/data/####/-1863722794_sp_iconfig.xml
- /data/data/####/-1863722794_sp_iconfig.xml.bak
- /data/data/####/.52b8d52a53ced18ca52b26724a4b72c4
- /data/data/####/.a643ea08051f5dcdbd3bbb02719740a0
- /data/data/####/.confd
- /data/data/####/.confd-journal
- /data/data/####/.mtj_timestamp
- /data/data/####/10c58a04-3088-38b0-aa3a-2716886c451a.cpo
- /data/data/####/10c58a04-3088-38b0-aa3a-2716886c451a.dex
- /data/data/####/10c58a04-3088-38b0-aa3a-2716886c451a.inf
- /data/data/####/10c58a04-3088-38b0-aa3a-2716886c451a.jar
- /data/data/####/14
- /data/data/####/15
- /data/data/####/1585745714878
- /data/data/####/1585745714879
- /data/data/####/1585745714881
- /data/data/####/1585745714882
- /data/data/####/16821
- /data/data/####/20200401
- /data/data/####/21
- /data/data/####/22
- /data/data/####/25
- /data/data/####/28
- /data/data/####/34
- /data/data/####/4
- /data/data/####/5
- /data/data/####/52b8d52a53ced18ca52b26724a4b72c4.jar.tmp
- /data/data/####/5f7c86c9-70ba-3071-bb04-82fdcce94008.cpo
- /data/data/####/5f7c86c9-70ba-3071-bb04-82fdcce94008.dex
- /data/data/####/5f7c86c9-70ba-3071-bb04-82fdcce94008.inf
- /data/data/####/5f7c86c9-70ba-3071-bb04-82fdcce94008.jar
- /data/data/####/7
- /data/data/####/86b83536a71fde51a6ddf357354b49c1.jar
- /data/data/####/9382bf13e1dc4fc4b58402b14e1967e0.jar
- /data/data/####/9e104c5240272fda937509947bebda16.tmp
- /data/data/####/A3AEECD8.dex
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/CachedGeoposition.db
- /data/data/####/CachedGeoposition.db-journal
- /data/data/####/Framework.db
- /data/data/####/Framework.db-journal
- /data/data/####/PlatformCore.db
- /data/data/####/PlatformCore.db-journal
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml.bak (deleted)
- /data/data/####/__local_ap_info_cache.json
- /data/data/####/__send_data_1585745644878
- /data/data/####/a643ea08051f5dcdbd3bbb02719740a0.tmp
- /data/data/####/action_stats.dat
- /data/data/####/active_init.dat
- /data/data/####/appType.db
- /data/data/####/app_bid
- /data/data/####/app_caller
- /data/data/####/app_history.dat
- /data/data/####/app_init.dat
- /data/data/####/app_launcher_icondec.png
- /data/data/####/app_mid
- /data/data/####/app_type_info.dat
- /data/data/####/app_type_task.dat
- /data/data/####/b56271ea-f47f-36af-968d-2995b2aa9ef6.cpo
- /data/data/####/b56271ea-f47f-36af-968d-2995b2aa9ef6.dex
- /data/data/####/b56271ea-f47f-36af-968d-2995b2aa9ef6.inf
- /data/data/####/b56271ea-f47f-36af-968d-2995b2aa9ef6.jar
- /data/data/####/b__local_last_session.json
- /data/data/####/b__local_stat_cache.json
- /data/data/####/baidu_mtj_sdk_record.xml
- /data/data/####/cache_-1863722794_onsp.xml
- /data/data/####/cache_-1863722794_pl_sp.xml
- /data/data/####/cache_update.xml
- /data/data/####/classes.dex
- /data/data/####/cm_cfgt_spf.xml
- /data/data/####/com.young.whiter
- /data/data/####/common
- /data/data/####/config
- /data/data/####/config_active.dat
- /data/data/####/config_ad.dat
- /data/data/####/config_auto_close.dat
- /data/data/####/config_black.dat
- /data/data/####/config_channel.dat
- /data/data/####/config_dsp.dat
- /data/data/####/config_js.dat
- /data/data/####/config_notify.dat
- /data/data/####/config_ultBlack.dat
- /data/data/####/d7a8a13837a118786837a7031e3cfa92
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/device_ip.dat
- /data/data/####/down-time
- /data/data/####/download_cache.dat
- /data/data/####/download_task.dat
- /data/data/####/download_time.dat
- /data/data/####/downloadapk.db-journal
- /data/data/####/dsp_sdk.db-journal
- /data/data/####/eb92d6dddc644ea68ae8ba14907607cd.jar
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip.inf
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_00006a
- /data/data/####/f_00006b
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/f_00006f
- /data/data/####/f_000070
- /data/data/####/f_000071
- /data/data/####/f_000072
- /data/data/####/f_000073
- /data/data/####/f_000074
- /data/data/####/f_000075
- /data/data/####/f_000076
- /data/data/####/f_000077
- /data/data/####/fcd5fe03-7a9c-3d6e-a661-ccba6c17133b.cpo
- /data/data/####/fcd5fe03-7a9c-3d6e-a661-ccba6c17133b.dex
- /data/data/####/fcd5fe03-7a9c-3d6e-a661-ccba6c17133b.inf
- /data/data/####/fcd5fe03-7a9c-3d6e-a661-ccba6c17133b.jar
- /data/data/####/frame_version.dat
- /data/data/####/http_58.218.92.50_808.localstorage-journal
- /data/data/####/http_ask.ci123.com_0.localstorage-journal
- /data/data/####/http_ipp.zhitoudsp.com_807.localstorage-journal
- /data/data/####/http_www.ci123.com_0.localstorage-journal
- /data/data/####/http_www.yqhapp.com_0.localstorage-journal
- /data/data/####/https_pos.baidu.com_0.localstorage-journal
- /data/data/####/https_pos.baidu.com_0.localstorage-journal (deleted)
- /data/data/####/https_price.pcauto.com.cn_0.localstorage-journal
- /data/data/####/https_pro.m.jd.com_0.localstorage-journal
- /data/data/####/https_sw4.duoyi.com_0.localstorage-journal
- /data/data/####/https_www.mgtv.com_0.localstorage-journal
- /data/data/####/https_yz.m.sm.cn_0.localstorage-journal
- /data/data/####/img-cache.zip
- /data/data/####/index
- /data/data/####/journal.tmp
- /data/data/####/libA3AEECD8_arm64-v8a.so
- /data/data/####/libA3AEECD8_armeabi.so
- /data/data/####/libcuid.so
- /data/data/####/load_MTAwMF8xMjAxXzIyODAwMTAw;.xml
- /data/data/####/load_task.dat
- /data/data/####/mobile_init.dat
- /data/data/####/mutex.dat
- /data/data/####/rdata_@apkloader-unique.pkgname@.new
- /data/data/####/sdk_init.dat
- /data/data/####/sdk_task.dat
- /data/data/####/sdk_version.dat
- /data/data/####/service_info.dat
- /data/data/####/shield_init.dat
- /data/data/####/spfn_MTAwMF8xMjAxXzIyODAwMTAw;.xml
- /data/data/####/spfp_configl.xml
- /data/data/####/uid.dat
- /data/data/####/update_script.dat
- /data/data/####/update_task.dat
- /data/data/####/update_time.dat
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/zz_dsp.xml
- /data/data/####/zz_time.xml
- /data/media/####/-107261515
- /data/media/####/-132083878
- /data/media/####/-134224670
- /data/media/####/-1436801469
- /data/media/####/-1807886270
- /data/media/####/-492317260
- /data/media/####/-506370104
- /data/media/####/-852945256
- /data/media/####/-884454673
- /data/media/####/.cjlocfile.txt
- /data/media/####/.cuid2
- /data/media/####/10c58a043088f8b02a3a2716886c451a
- /data/media/####/1168041854
- /data/media/####/1175402206
- /data/media/####/1240095714
- /data/media/####/1390364072
- /data/media/####/1673708434
- /data/media/####/1892333037
- /data/media/####/1894647538
- /data/media/####/1_0.6
- /data/media/####/1_0.7
- /data/media/####/2_1.3
- /data/media/####/2_1.4
- /data/media/####/2_1.5
- /data/media/####/2_1.8
- /data/media/####/2_1.9
- /data/media/####/2_2.0
- /data/media/####/2_3.0
- /data/media/####/371047804
- /data/media/####/3_0.6
- /data/media/####/3_0.7
- /data/media/####/3_1.8
- /data/media/####/3_1.9
- /data/media/####/3_3.0
- /data/media/####/4_0.6
- /data/media/####/4_0.7
- /data/media/####/4_1.8
- /data/media/####/754783207
- /data/media/####/829599069
- /data/media/####/app_mutex.lock
- /data/media/####/config.dat
- /data/media/####/setting.dat
- /data/media/####/system.dat
- /data/media/####/system_meta.config
- /data/media/####/uid.dat
Другие:
Запускает следующие shell-скрипты:
- cat /proc/meminfo
- cat /sys/class/net/wlan0/address
- cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- getprop ro.build.display.id
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.miui.ui.version.name
- getprop ro.smartisan.version
- getprop ro.vivo.os.version
- getprop ro.yunos.version
- ls /sys/devices/system/cpu
- ping -c 2 113.31.86.13
- ping -c 2 dsp.xuanwu88.com
- ping -c 2 ext.xuanwu88.com
- ping -c 2 ia.xuanwu88.com
- ping -c 2 ic.huihuitech.net
- ping -c 2 null
- ping -c 2 sdk.xuanwu88.com
Загружает динамические библиотеки:
- libA3AEECD8_arm64-v8a
- libA3AEECD8_armeabi
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- DES-CBC-PKCS5Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
Управляет Wi-Fi-подключением.
