Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.916.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) c####.c####.cn:80
- TCP(HTTP/1.1) d####.cn:80
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) www.pc####.com.####.cn:80
- TCP(HTTP/1.1) tc.c####.com:80
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) err.ta####.com:80
- TCP(HTTP/1.1) c####.zhito####.com:807
- TCP(HTTP/1.1) u####.dspliul####.com:99
- TCP(HTTP/1.1) i.c####.com.####.com:80
- TCP(HTTP/1.1) 58.2####.92.50:808
- TCP(HTTP/1.1) s####.al####.com:80
- TCP(HTTP/1.1) a####.caiji####.com:80
- TCP(HTTP/1.1) a####.d####.com:80
- TCP(HTTP/1.1) f####.caiji####.com:80
- TCP(HTTP/1.1) i####.d####.cn:80
- TCP(HTTP/1.1) ipp.zhito####.com:99
- TCP(HTTP/1.1) pco####.ta####.com:80
- TCP(HTTP/1.1) c####.zhito####.com:8881
- TCP(HTTP/1.1) c####.zhito####.com:99
- TCP(HTTP/1.1) cc.zbe####.org:80
- TCP(HTTP/1.1) k####.caiji####.com.####.com:80
- TCP(HTTP/1.1) c####.baidust####.com.####.com:80
- TCP(HTTP/1.1) ivy.pcon####.com.cn:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) adcha####.bz.m####.com:80
- TCP(HTTP/1.1) shi####.c####.com.####.com:80
- TCP(HTTP/1.1) c####.zhito####.com:808
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) p####.caiji####.com:80
- TCP(HTTP/1.1) 58.2####.198.157:999
- TCP(HTTP/1.1) www.on####.com:80
- TCP(HTTP/1.1) s2.z####.cn:80
- TCP(HTTP/1.1) d####.wos####.com:80
- TCP(HTTP/1.1) c.c####.com:80
- TCP(HTTP/1.1) y####.q####.cn:80
- TCP(HTTP/1.1) ipp.zhito####.com:807
- TCP(HTTP/1.1) w.i####.com:80
- TCP(HTTP/1.1) ucst####.c####.com.####.com:80
- TCP(HTTP/1.1) img-####.pcon####.com.cn:80
- TCP(HTTP/1.1) f####.c####.com.####.com:80
- TCP(HTTP/1.1) w####.c####.com:80
- TCP(HTTP/1.1) dl.huih####.com.####.com:80
- TCP(HTTP/1.1) s####.caiji####.com:666
- TCP(HTTP/1.1) c####.zhito####.com:999
- TCP(HTTP/1.1) ia.z####.net:80
- TCP(HTTP/1.1) ask.c####.com.####.com:80
- TCP(SSL/3.0) www.on####.com:443
- TCP(TLS/1.0) i####.pcon####.com.####.cn:443
- TCP(TLS/1.0) www.pcon####.com.cn:443
- TCP(TLS/1.0) ub####.baidust####.com.####.com:443
- TCP(TLS/1.0) web.da.m####.com:443
- TCP(TLS/1.0) c####.pc####.com.cn:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) a####.d####.com:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) u.j####.com:443
- TCP(TLS/1.0) err.ta####.com:443
- TCP(TLS/1.0) log.mm####.com:443
- TCP(TLS/1.0) wtc.d####.com:443
- TCP(TLS/1.0) et2.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) img.pcon####.com.####.cn:443
- TCP(TLS/1.0) wl.jd.com.####.com:443
- TCP(TLS/1.0) wn.pos.b####.com:443
- TCP(TLS/1.0) ec####.b####.com:443
- TCP(TLS/1.0) g####.api.m####.com:443
- TCP(TLS/1.0) www.m####.com:443
- TCP(TLS/1.0) p####.m.jd.com:443
- TCP(TLS/1.0) w.i####.com:443
- TCP(TLS/1.0) cr.3con####.com:443
- TCP(TLS/1.0) img.pc####.com.cn:443
- TCP(TLS/1.0) pcwe####.log.m####.com:443
- TCP(TLS/1.0) mg####.pcon####.com.cn:443
- TCP(TLS/1.0) h####.m####.com:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) www.pc####.com.####.cn:443
- TCP(TLS/1.0) na61-####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) st3.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) p####.pc####.com.cn:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) ivy.pcon####.com.cn:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) s####.al####.com:443
- TCP(TLS/1.0) s2.z####.cn:443
- TCP(TLS/1.0) mipst####.s####.cn:443
- TCP(TLS/1.0) g.cn.miao####.com:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) js.3con####.com.####.cn:443
- TCP(TLS/1.0) p####.api.m####.com:443
- TCP(TLS/1.0) i####.d####.com:443
- TCP(TLS/1.0) sw4.d####.com:443
- TCP(TLS/1.0) www.on####.com:443
- TCP(TLS/1.0) g.al####.com:443
Запросы DNS:
- a####.caiji####.com
- a####.caiji####.com
- a####.d####.com
- a####.m.sm.cn
- ad.7d####.com
- adcha####.bz.m####.com
- ask.c####.com
- at.umt####.com
- bbs.c####.com
- c####.baidust####.com
- c####.c####.cn
- c####.mm####.com
- c####.pc####.com.cn
- c####.zhito####.com
- c.c####.com
- cap####.d####.com
- cc.zbe####.org
- cr.3con####.com
- d####.cn
- d####.wos####.com
- dl.huih####.com
- dup.baidust####.com
- ec####.b####.com
- err.ta####.com
- f####.c####.com
- f####.caiji####.com
- fou####.ta####.com
- g####.api.m####.com
- g####.c####.com
- g.al####.com
- g.cn.miao####.com
- gm.mm####.com
- h####.m####.com
- hm.b####.com
- i####.d####.cn
- i####.d####.com
- i####.pcon####.com.cn
- i####.uc.cn
- i.c####.com
- ia.z####.net
- id.d####.com
- img-####.pcon####.com.cn
- img.d####.com
- img.pc####.com.cn
- img.pcon####.com.cn
- ip.remo####.com
- ipp.zhito####.com
- ivy.pc####.com.cn
- ivy.pcon####.com.cn
- js.3con####.com
- k####.caiji####.com
- l####.m.sm.cn
- log.mm####.com
- m.360bu####.com
- ma####.m.ta####.com
- mg####.pcon####.com.cn
- mipst####.s####.cn
- mt####.go####.com
- mx.d####.com
- on####.com
- p####.api.m####.com
- p####.caiji####.com
- p####.m.jd.com
- p####.pc####.com.cn
- pco####.c####.com
- pco####.sm.cn
- pcwe####.log.m####.com
- pos.b####.com
- pv.s####.com
- s####.al####.com
- s####.caiji####.com
- s####.m.sm.cn
- s11.c####.com
- s2.z####.cn
- s20.c####.com
- s23.c####.com
- s4.c####.com
- s5.c####.com
- s9.c####.com
- s95.c####.com
- shi####.c####.com
- sto####.360bu####.com
- sw4.d####.com
- tc.c####.com
- u####.dspliul####.com
- u.j####.com
- ub####.baidust####.com
- ucst####.c####.com
- v1.c####.com
- w####.c####.com
- w####.jd.com
- w####.pc####.com.cn
- w####.pcon####.com.cn
- w####.pcon####.com.cn
- w.i####.com
- web.da.m####.com
- wn.pos.b####.com
- wtc.d####.com
- www.c####.com
- www.google-####.com
- www.m####.com
- www.on####.com
- www.pc####.com.cn
- www.pcon####.com.cn
- y####.m.sm.cn
- y####.q####.cn
- z11.c####.com
- z12.c####.com
- z13.c####.com
- z3.c####.com
- z4.c####.com
- z5.c####.com
- z6.c####.com
- z9.c####.com
Запросы HTTP GET:
- 58.2####.92.50:808/gh.html
- a####.caiji####.com/a/asdf?cnl=####&vv=####&vv2=####&aid=####&sid=####&d...
- a####.d####.com/rewrite?fromid=####
- adcha####.bz.m####.com/direct?cc=####
- ask.c####.com.####.com/2009/abc/shiyong.js?v=####
- ask.c####.com.####.com/banner3.html?d=####
- ask.c####.com.####.com/d/post/18083340.html
- ask.c####.com.####.com/d/post/19007689.html
- ask.c####.com.####.com/d/post/19252828.html
- ask.c####.com.####.com/images/user_sig_split.gif
- ask.c####.com.####.com/img/new_85_1.gif
- ask.c####.com.####.com/index/style/i2011/lg_bg.png
- ask.c####.com.####.com/index/style/i2011/lg_bg2.png
- ask.c####.com.####.com/js_revsci.html
- ask.c####.com.####.com/jscripts/doc.js
- ask.c####.com.####.com/style/images/icon.gif
- ask.c####.com.####.com/style/images/icon_num.gif
- ask.c####.com.####.com/style/images/search.gif
- ask.c####.com.####.com/style/images/use_tool.gif
- ask.c####.com.####.com/style/newPost.css?v=####
- c####.baidust####.com.####.com/cpro/ui/c.js
- c####.c####.cn/stat.php?site_id=####
- c####.zhito####.com:807/528/qing.html
- c####.zhito####.com:808/pctja.html
- c####.zhito####.com:8881/wap/index.html
- c####.zhito####.com:99/funt/index.html
- c####.zhito####.com:99/tat/index.html
- c####.zhito####.com:999/c/index.php
- c####.zhito####.com:999/tat/index.php
- c.c####.com/core.php?web_id=####&t=####
- c.c####.com/stat.php?id=####
- c.c####.com/stat.php?id=####&web_id=####
- c.c####.com/z_stat.php?id=####&web_id=####
- cc.zbe####.org/PClick.aspx?AID=####&KEY=####
- d####.cn/cdn.html
- d####.cn/fenpei.html?1####
- d####.cn/fenpei.html?2####
- d####.cn/fenpei.html?c####
- d####.cn/ydc.html
- d####.cn/ydm.html
- d####.wos####.com/upload/csaa.jsp?a=####&b=####&c=####&d=####&e=####&f=#...
- dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...
- dup.baidust####.com/js/os.js
- err.ta####.com/error1.html?c=404&u=/hz.aplus.taobao.org/app.gif?&cna=G8Q...
- f####.c####.com.####.com/askques/expert/getAll
- f####.c####.com.####.com/askques/questions/show/650570
- f####.c####.com.####.com/ast/js/global_j4.js
- f####.c####.com.####.com/ast/js/jquery_132.js
- f####.c####.com.####.com/ast/loginface/cookielogin9.js
- f####.c####.com.####.com/ast/loginface/style5.css
- f####.c####.com.####.com/css/images/foot-pic-836x60.gif
- f####.c####.com.####.com/css/layout1.css
- f####.c####.com.####.com/images/ico-25x25.gif
- f####.c####.com.####.com/js/cookie.js?2009101####
- f####.c####.com.####.com/js/iwt1.0.1.js
- f####.c####.com.####.com/js/new_sw.js?t=####
- f####.c####.com.####.com/style/ask.css?v=####
- f####.c####.com.####.com/style/frame-inner.css
- f####.c####.com.####.com/style/iask.css
- f####.c####.com.####.com/style/images/ask-cms-but-88x25.gif
- f####.c####.com.####.com/style/images/ask-cms-icon-14x14.gif
- f####.c####.com.####.com/style/images/ask-cms-top-2.gif
- f####.c####.com.####.com/style/images/ask2_blind4.gif
- f####.c####.com.####.com/style/images/ask_bg.gif
- f####.c####.com.####.com/style/images/ask_done.gif
- f####.c####.com.####.com/style/images/ask_good.gif
- f####.c####.com.####.com/style/images/ask_green.gif
- f####.c####.com.####.com/style/images/ask_pink.gif
- f####.c####.com.####.com/style/images/ask_return.jpg
- f####.c####.com.####.com/style/images/ask_tiwen.jpg
- f####.c####.com.####.com/style/images/tab_pink_d.gif
- f####.c####.com.####.com/style/images/tab_pink_l_b.gif
- f####.c####.com.####.com/style/images/tab_pink_l_t.gif
- f####.c####.com.####.com/style/images/tab_pink_r_b.gif
- f####.c####.com.####.com/style/images/tab_pink_r_t.gif
- f####.c####.com.####.com/style/images/zj_online_bg.gif
- f####.c####.com.####.com/style/images/zj_online_foot.gif
- f####.c####.com.####.com/style/images/zj_online_t.gif
- f####.c####.com.####.com/style/word.css
- f####.c####.com.####.com/styles/images/bg.gif
- f####.c####.com.####.com/styles/images/ci123_logo_ask.gif
- f####.c####.com.####.com/styles/images/icon.gif
- f####.c####.com.####.com/styles/images/nav_bg.jpg
- f####.c####.com.####.com/styles/images/nav_city_bg_160.gif
- f####.c####.com.####.com/styles/images/nav_mall_left.gif
- f####.c####.com.####.com/styles/images/nav_menu2_bg.gif
- f####.c####.com.####.com/styles/images/nav_menu2_block.gif
- f####.c####.com.####.com/styles/images/nav_menu2_block2.gif
- f####.c####.com.####.com/styles/images/nav_menu2_right.gif
- f####.c####.com.####.com/styles/images/nav_menu3_bg.gif
- f####.c####.com.####.com/styles/images/nav_menu3_s.gif
- f####.c####.com.####.com/styles/images/nav_tool.gif
- f####.c####.com.####.com/styles/images/search_sub.gif
- f####.c####.com.####.com/styles/images/tabnavi.gif
- f####.c####.com.####.com/styles/menu_style.css?v=####
- f####.caiji####.com/v1/cc/mobile?brand=####&model=####&andid=####&andv=#...
- gd.a.s####.com/cityjson?ie=####
- gm.mm####.com/9.gif?abc=####&rnd=####
- i####.d####.cn/goldcool.php?id=####
- i.c####.com.####.com/avatar/1644/1644150.png
- i.c####.com.####.com/avatar/1686/1686123.png
- i.c####.com.####.com/avatar/2046/2046601.png
- i.c####.com.####.com/avatar/2058/2058055.png
- i.c####.com.####.com/avatar/2064/2064074.png
- i.c####.com.####.com/avatar/2804/2804090.png
- i.c####.com.####.com/avatar/37131/37131991.png
- i.c####.com.####.com/avatar/37261/37261674.png?124963####
- i.c####.com.####.com/avatar/37534/37534032.png
- i.c####.com.####.com/avatar/38049/38049460.png
- i.c####.com.####.com/avatar/39579/39579864.png
- i.c####.com.####.com/avatar/40306/40306266.png
- i.c####.com.####.com/index/style/i2011/lg_links.gif
- i.c####.com.####.com/js_revsci.html
- img-####.pcon####.com.cn/images/upload/upc/tx/auto5/1611/14/c37/29928970...
- ipp.zhito####.com:807/1102/0.html
- ipp.zhito####.com:807/1102/index.html
- ipp.zhito####.com:807/1102/qing.html
- ipp.zhito####.com:807/1102/yrc_001mobile.js
- ipp.zhito####.com:99/wap/index.php
- ivy.pcon####.com.cn/click?id=####&adid=####&watch=####
- k####.caiji####.com.####.com/jm1584952315919_utils.ttf
- k####.caiji####.com.####.com/searchss2.min.js
- pco####.ta####.com/app.gif?&cna=####
- pos.b####.com/bfp/snippetcacher.php?dpv=####&di=####
- s####.al####.com/L1/272/6837/static/wap/img/uc-32.png
- s####.al####.com/L1/272/6837/static/wap/img/uc.png
- s2.z####.cn/ims?kt=####&at=####&key=aHR####&sign=yx####&tv=####&x####
- shi####.c####.com.####.com/images/banner2.jpg
- shi####.c####.com.####.com/images/brand_l.gif
- shi####.c####.com.####.com/images/brand_r.gif
- shi####.c####.com.####.com/images/flow_01.gif
- shi####.c####.com.####.com/images/flow_02.gif
- shi####.c####.com.####.com/images/flow_03.gif
- shi####.c####.com.####.com/images/flow_04.gif
- shi####.c####.com.####.com/images/logo_new2014.gif
- shi####.c####.com.####.com/images/more_city.gif
- shi####.c####.com.####.com/images/upload/20160421115404_small.jpg
- shi####.c####.com.####.com/images/upload/20160426101905_small.jpg
- shi####.c####.com.####.com/images/upload/20160428095127_small.jpg
- shi####.c####.com.####.com/images/upload/20160428095818_small.jpg
- shi####.c####.com.####.com/images/upload/20160509092921_small.jpg
- shi####.c####.com.####.com/images/upload/20160513165059_small.jpg
- shi####.c####.com.####.com/images/upload/20160516141612_small.jpg
- shi####.c####.com.####.com/images/upload/20160516160145_small.jpg
- shi####.c####.com.####.com/images/upload/20160516174331_small.png
- shi####.c####.com.####.com/images/upload/20160518112428_small.jpg
- shi####.c####.com.####.com/images/upload/banner/b508.jpg
- shi####.c####.com.####.com/images/upload/banner/b509.jpg
- shi####.c####.com.####.com/images/upload/banner/b511.jpg
- shi####.c####.com.####.com/images/upload/banner/b512.jpg
- shi####.c####.com.####.com/images/upload/banner/b513.jpg
- shi####.c####.com.####.com/images/upload/company/17.jpg
- shi####.c####.com.####.com/images/upload/company/26.jpg
- shi####.c####.com.####.com/images/upload/company/28.jpg
- shi####.c####.com.####.com/images/upload/company/38.jpg
- shi####.c####.com.####.com/images/upload/company/39.jpg
- shi####.c####.com.####.com/main.html
- shi####.c####.com.####.com/styles/head_style2.css?v=####
- shi####.c####.com.####.com/styles/images/bgs.gif
- shi####.c####.com.####.com/styles/images/fla_b.jpg
- shi####.c####.com.####.com/styles/images/fla_t.jpg
- shi####.c####.com.####.com/styles/images/lg_txt.gif
- shi####.c####.com.####.com/styles/images/now_title2.gif
- shi####.c####.com.####.com/styles/images/pop_more.gif
- shi####.c####.com.####.com/styles/images/product/bd_bg.gif
- shi####.c####.com.####.com/styles/images/product/bgs.gif
- shi####.c####.com.####.com/styles/images/product/city_bg.gif
- shi####.c####.com.####.com/styles/images/product/icon.gif
- shi####.c####.com.####.com/styles/images/product/icon3.gif
- shi####.c####.com.####.com/styles/images/product/n_bgs.gif
- shi####.c####.com.####.com/styles/images/product/n_rbgs.gif
- shi####.c####.com.####.com/styles/images/product/new_hd.gif
- shi####.c####.com.####.com/styles/images/product/ntop_bg.gif
- shi####.c####.com.####.com/styles/styles2.css?v=####
- shi####.c####.com.####.com/styles/switchpic2.js
- tc.c####.com/adscache/caches/104.js?n=####
- tc.c####.com/adscache/caches/105.js?n=####
- tc.c####.com/adscache/caches/106.js?n=####
- tc.c####.com/adscache/caches/108.js?n=####
- tc.c####.com/adscache/caches/109.js?n=####
- tc.c####.com/adscache/caches/160.js?n=####
- tc.c####.com/adscache/caches/163.js?n=####
- tc.c####.com/adscache/caches/183.js?n=####
- tc.c####.com/adscache/caches/187.js?n=####
- tc.c####.com/adscache/caches/196.js?n=####
- tc.c####.com/adscache/caches/205.js?n=####
- tc.c####.com/adscache/caches/215.js?n=####
- tc.c####.com/adscache/caches/216.js?n=####
- tc.c####.com/adscache/caches/227.js?n=####
- tc.c####.com/adscache/caches/238.js?n=####
- tc.c####.com/adscache/caches/239.js?n=####
- tc.c####.com/adscache/caches/240.js?n=####
- tc.c####.com/adscache/caches/245.js?n=####
- tc.c####.com/adscache/caches/246.js?n=####
- tc.c####.com/adscache/caches/25.js?n=####
- tc.c####.com/adscache/caches/27.js?n=####
- tc.c####.com/adscache/caches/296.js?n=####
- tc.c####.com/adscache/caches/308.js?n=####
- tc.c####.com/adscache/caches/344.js?n=####
- tc.c####.com/adscache/caches/436.js?n=####
- tc.c####.com/adscache/caches/492.js?n=####
- tc.c####.com/adscache/caches/510.js?n=####
- tc.c####.com/adscache/caches/631.js?n=####
- tc.c####.com/adscache/caches/72.js?n=####
- tc.c####.com/adscache/caches/79.js?n=####
- tc.c####.com/adx.js
- tc.c####.com/iframeads/adsdispatch.php?pid=####
- tc.c####.com/js/tcjs.php
- u####.dspliul####.com:99/ip/index.html
- ucst####.c####.com.####.com/banner3.html?d=####
- ucst####.c####.com.####.com/cmbbs/jquery.1.3.2.js
- ucst####.c####.com.####.com/cmbbs/main.js
- ucst####.c####.com.####.com/css/other.css
- ucst####.c####.com.####.com/d/post/18083340.html
- ucst####.c####.com.####.com/d/post/19007689.html
- ucst####.c####.com.####.com/d/post/19252828.html
- ucst####.c####.com.####.com/globalMsg.js
- ucst####.c####.com.####.com/images/bg_alpha.png
- ucst####.c####.com.####.com/images/user_sig_split.gif
- ucst####.c####.com.####.com/style/images/bg_header.jpg
- ucst####.c####.com.####.com/style/style_board.css
- ucst####.c####.com.####.com/style/style_post3.css
- w####.c####.com/abc/xyz/point/index.php
- w####.c####.com/abc/xyz/point/single.php?bid=####
- w.i####.com/iwt/a.gif?url=####&ua=####&uuid=####&sign=####&ts=####
- www.on####.com/
- www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
- y####.q####.cn/Home/AdLink?key=9Gb####
- z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
- z.c####.com/stat.htm?id=1000278162&r=http://www2.ci123.com/abc/xyz/point...
- z.c####.com/stat.htm?id=1256135178&r=http://dspcc.cn/fenpei.html?1####&l...
- z.c####.com/stat.htm?id=1256135178&r=http://dspcc.cn/fenpei.html?c####&l...
- z.c####.com/stat.htm?id=1256135229&r=http://dspcc.cn/fenpei.html?1####&l...
- z.c####.com/stat.htm?id=1256135229&r=http://dspcc.cn/fenpei.html?c####&l...
- z.c####.com/stat.htm?id=1258256413&r=http://www2.ci123.com/abc/xyz/point...
- z.c####.com/stat.htm?id=5218764&r=http://www2.ci123.com/abc/xyz/point/si...
Запросы HTTP HEAD:
- dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...
Запросы HTTP POST:
- a####.caiji####.com/v2/load/mobile
- d####.wos####.com/upload/event2.jsp
- d####.wos####.com/upload/event9.jsp
- d####.wos####.com/upload/longheartbeat.jsp
- d####.wos####.com/upload/sdklongheartbeat.jsp
- f####.caiji####.com/v3/task/mobile
- ia.z####.net/ps/getSpecialChannel.do
- p####.caiji####.com/klv2/sdkkl/mobile
- s####.caiji####.com:666/v1/config
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1863722794_app_spf_scli.xml
- /data/data/####/-1863722794_rss_pl_cty.xml
- /data/data/####/-1863722794_rws_sp.xml
- /data/data/####/-1863722794_sp_iconfig.xml
- /data/data/####/-1863722794_sp_iconfig.xml.bak
- /data/data/####/2eb24f4e-15b4-3c25-951b-4a305144f4c4.cpo
- /data/data/####/2eb24f4e-15b4-3c25-951b-4a305144f4c4.dex
- /data/data/####/2eb24f4e-15b4-3c25-951b-4a305144f4c4.inf
- /data/data/####/2eb24f4e-15b4-3c25-951b-4a305144f4c4.jar
- /data/data/####/5ae790c9-bd51-34f5-960d-4eba481885a4.cpo
- /data/data/####/5ae790c9-bd51-34f5-960d-4eba481885a4.dex
- /data/data/####/5ae790c9-bd51-34f5-960d-4eba481885a4.inf
- /data/data/####/5ae790c9-bd51-34f5-960d-4eba481885a4.jar
- /data/data/####/724edd14-92bf-3a96-ac98-603eee310d93.cpo
- /data/data/####/724edd14-92bf-3a96-ac98-603eee310d93.dex
- /data/data/####/724edd14-92bf-3a96-ac98-603eee310d93.inf
- /data/data/####/724edd14-92bf-3a96-ac98-603eee310d93.jar
- /data/data/####/A3AEECD8.dex
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/CachedGeoposition.db
- /data/data/####/CachedGeoposition.db-journal
- /data/data/####/aceade14577d449cb91350a533b9eaf5.jar
- /data/data/####/app_launcher_icondec.png
- /data/data/####/cache_-1863722794_onsp.xml
- /data/data/####/cache_-1863722794_pl_sp.xml
- /data/data/####/cache_update.xml
- /data/data/####/classes.dex
- /data/data/####/cm_cfgt_spf.xml
- /data/data/####/config
- /data/data/####/d41f1d0cd28f4ce28d4f8f2f5f1d89bf.jar
- /data/data/####/d7a8a13837a118786837a7031e3cfa92
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/download_task.dat
- /data/data/####/download_time.dat
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip.inf
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_00006a
- /data/data/####/f_00006b
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/f_00006f
- /data/data/####/f_000070
- /data/data/####/f_000071
- /data/data/####/f_000072
- /data/data/####/f_000073
- /data/data/####/f_000074
- /data/data/####/f_000075
- /data/data/####/f_000076
- /data/data/####/f_000077
- /data/data/####/f_000078
- /data/data/####/f_000079
- /data/data/####/f_00007a
- /data/data/####/f_00007b
- /data/data/####/f_00007c
- /data/data/####/http_58.218.92.50_808.localstorage-journal
- /data/data/####/http_ask.ci123.com_0.localstorage-journal
- /data/data/####/http_bbs.ci123.com_0.localstorage-journal
- /data/data/####/http_ipp.zhitoudsp.com_807.localstorage-journal
- /data/data/####/http_shiyong.ci123.com_0.localstorage-journal
- /data/data/####/https_mx.duoyi.com_0.localstorage-journal
- /data/data/####/https_pos.baidu.com_0.localstorage-journal
- /data/data/####/https_price.pcauto.com.cn_0.localstorage-journal
- /data/data/####/https_pro.m.jd.com_0.localstorage-journal
- /data/data/####/https_sw4.duoyi.com_0.localstorage-journal
- /data/data/####/https_www.mgtv.com_0.localstorage-journal
- /data/data/####/https_yz.m.sm.cn_0.localstorage-journal
- /data/data/####/img-cache.zip
- /data/data/####/index
- /data/data/####/journal.tmp
- /data/data/####/libA3AEECD8_arm64-v8a.so
- /data/data/####/libA3AEECD8_armeabi.so
- /data/data/####/load_MTAwMF8xMjAxXzIyODAwMTAw;.xml
- /data/data/####/rdata_@apkloader-unique.pkgname@.new
- /data/data/####/spfn_MTAwMF8xMjAxXzIyODAwMTAw;.xml
- /data/data/####/spfp_configl.xml
- /data/data/####/uid.dat
- /data/data/####/update_task.dat
- /data/data/####/update_time.dat
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/.cjlocfile.txt
- /data/media/####/uid.dat
Другие:
Загружает динамические библиотеки:
- libA3AEECD8_arm64-v8a
- libA3AEECD8_armeabi
Использует следующие алгоритмы для расшифровки данных:
- DES-CBC-PKCS5Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
