Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Gexin.1
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) api.6####.com.####.cn:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) a.appj####.com:80
- TCP(HTTP/1.1) cdn-sdk####.g####.com.####.com:80
- TCP(HTTP/1.1) idu####.qini####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(TLS/1.0) idu####.qini####.com:443
- TCP sdk.o####.t####.####.com:5224
- TCP cm-1####.ig####.com:5227
Запросы DNS:
- 7j####.c####.z0.####.com
- a####.u####.com
- a.appj####.com
- and####.b####.qq.com
- api.6####.com
- c-h####.g####.com
- c.sz.gt.####.com
- cdn-sdk####.g####.com
- cm-1####.ig####.com
- feed####.u####.com
- img.img.9####.com
- sdk.c####.ig####.com
- sdk.o####.i####.####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- st####.6####.com
Запросы HTTP GET:
- api.6####.com.####.cn/common/appVersion?os=####&channel=####
- api.6####.com.####.cn/common/resourceversion
- api.6####.com.####.cn/game/dropegg/eggImage
- api.6####.com.####.cn/index.php/common/getgiftlist?type=####
- cdn-sdk####.g####.com.####.com/tdata_wyu452
- idu####.qini####.com/config/hz-hzv6.conf
- idu####.qini####.com/resource/mobile/image/chat/mgift100002.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100004.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100005.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100012.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100013.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100021.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100022.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100023.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100024.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100029.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100030.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100031.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100032.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100034.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100035.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100036.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100037.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100039.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100040.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100042.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100044.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100045.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100051.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100056.png
- idu####.qini####.com/resource/mobile/image/chat/mgift100057.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000085.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000086.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000088.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000089.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000122.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000134.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000150.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000163.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000213.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000214.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000217.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000218.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000220.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000224.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000229.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000255.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000256.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000257.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000270.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000277.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000297.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000299.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000308.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000312.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000332.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000361.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000367.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000371.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000374.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000375.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000377.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000385.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000396.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000411.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000421.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000427.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000431.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000432.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000433.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000434.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000435.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000441.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000442.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000443.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000444.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000445.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000446.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000447.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000449.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000450.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000451.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000454.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000455.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000456.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000457.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000458.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000459.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000460.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000461.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000463.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000464.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000465.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000466.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000467.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000468.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000469.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000470.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000475.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000476.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000492.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000493.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000494.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000495.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000496.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000497.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000498.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000499.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000502.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000504.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000505.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000506.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000507.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000508.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000509.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000511.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000513.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000516.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000517.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000518.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000519.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000520.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000521.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000522.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000523.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000524.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000526.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000527.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000528.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000529.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000530.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000531.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000533.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000534.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000535.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000536.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000537.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000538.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000539.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000540.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000541.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000542.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000543.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000544.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000545.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000546.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000547.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000548.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000549.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000550.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000551.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000552.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000553.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000554.png
- idu####.qini####.com/resource/mobile/image/chat/mgift2000562.png
- idu####.qini####.com/tdata_VrM483
- sdk.o####.p####.####.com/api/addr.htm
Запросы HTTP POST:
- a####.u####.com/app_logs
- a.appj####.com/ad-service/ad/mark
- api.6####.com.####.cn/channel/mobileartist/openappad
- c-h####.g####.com/api.php?format=####&t=####
- sdk.o####.p####.####.com/api.php?format=####&t=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/advertiseMentInfo.xml
- /data/data/####/bugly_db_-journal
- /data/data/####/config.xml
- /data/data/####/exchangeIdentity.json
- /data/data/####/firll.dat
- /data/data/####/increment.db-journal
- /data/data/####/info.xml
- /data/data/####/init.pid
- /data/data/####/init_c.pid
- /data/data/####/jg_app_update_settings_random.xml
- /data/data/####/libjiagu.so
- /data/data/####/local_crash_lock
- /data/data/####/nineshow.db-journal
- /data/data/####/push.pid
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/tdata_wyu452
- /data/data/####/tdata_wyu452.jar
- /data/data/####/umeng_feedback_conversations.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/version.xml
- /data/media/####/.cuid
- /data/media/####/.nomedia
- /data/media/####/app.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.ninexiu.sixninexiu.db
- /data/media/####/egg5-0
- /data/media/####/egg5-1
- /data/media/####/egg5-2
- /data/media/####/info.xml
- /data/media/####/ls.db
- /data/media/####/ls.db-journal
- /data/media/####/mgift100002
- /data/media/####/mgift100004
- /data/media/####/mgift100005
- /data/media/####/mgift100012
- /data/media/####/mgift100013
- /data/media/####/mgift100021
- /data/media/####/mgift100022
- /data/media/####/mgift100023
- /data/media/####/mgift100024
- /data/media/####/mgift100029
- /data/media/####/mgift100030
- /data/media/####/mgift100031
- /data/media/####/mgift100032
- /data/media/####/mgift100034
- /data/media/####/mgift100035
- /data/media/####/mgift100036
- /data/media/####/mgift100037
- /data/media/####/mgift100039
- /data/media/####/mgift100040
- /data/media/####/mgift100042
- /data/media/####/mgift100044
- /data/media/####/mgift100045
- /data/media/####/mgift100051
- /data/media/####/mgift100056
- /data/media/####/mgift100057
- /data/media/####/mgift2000085
- /data/media/####/mgift2000086
- /data/media/####/mgift2000088
- /data/media/####/mgift2000122
- /data/media/####/mgift2000134
- /data/media/####/mgift2000150
- /data/media/####/mgift2000163
- /data/media/####/mgift2000213
- /data/media/####/mgift2000214
- /data/media/####/mgift2000217
- /data/media/####/mgift2000218
- /data/media/####/mgift2000220
- /data/media/####/mgift2000224
- /data/media/####/mgift2000255
- /data/media/####/mgift2000256
- /data/media/####/mgift2000257
- /data/media/####/mgift2000270
- /data/media/####/mgift2000277
- /data/media/####/mgift2000297
- /data/media/####/mgift2000308
- /data/media/####/mgift2000312
- /data/media/####/mgift2000332
- /data/media/####/mgift2000367
- /data/media/####/mgift2000411
- /data/media/####/mgift2000421
- /data/media/####/mgift2000427
- /data/media/####/mgift2000431
- /data/media/####/mgift2000432
- /data/media/####/mgift2000433
- /data/media/####/mgift2000434
- /data/media/####/mgift2000435
- /data/media/####/mgift2000441
- /data/media/####/mgift2000442
- /data/media/####/mgift2000443
- /data/media/####/mgift2000444
- /data/media/####/mgift2000445
- /data/media/####/mgift2000446
- /data/media/####/mgift2000447
- /data/media/####/mgift2000449
- /data/media/####/mgift2000450
- /data/media/####/mgift2000451
- /data/media/####/mgift2000454
- /data/media/####/mgift2000455
- /data/media/####/mgift2000456
- /data/media/####/mgift2000457
- /data/media/####/mgift2000458
- /data/media/####/mgift2000459
- /data/media/####/mgift2000460
- /data/media/####/mgift2000461
- /data/media/####/mgift2000463
- /data/media/####/mgift2000464
- /data/media/####/mgift2000465
- /data/media/####/mgift2000466
- /data/media/####/mgift2000467
- /data/media/####/mgift2000468
- /data/media/####/mgift2000469
- /data/media/####/mgift2000470
- /data/media/####/mgift2000475
- /data/media/####/mgift2000476
- /data/media/####/mgift2000492
- /data/media/####/mgift2000493
- /data/media/####/mgift2000494
- /data/media/####/mgift2000495
- /data/media/####/mgift2000496
- /data/media/####/mgift2000497
- /data/media/####/mgift2000498
- /data/media/####/mgift2000499
- /data/media/####/mgift2000502
- /data/media/####/mgift2000504
- /data/media/####/mgift2000505
- /data/media/####/mgift2000506
- /data/media/####/mgift2000507
- /data/media/####/mgift2000508
- /data/media/####/mgift2000509
- /data/media/####/mgift2000511
- /data/media/####/mgift2000513
- /data/media/####/mgift2000516
- /data/media/####/mgift2000517
- /data/media/####/mgift2000518
- /data/media/####/mgift2000519
- /data/media/####/mgift2000520
- /data/media/####/mgift2000521
- /data/media/####/mgift2000522
- /data/media/####/mgift2000523
- /data/media/####/mgift2000524
- /data/media/####/mgift2000526
- /data/media/####/mgift2000527
- /data/media/####/mgift2000528
- /data/media/####/mgift2000529
- /data/media/####/mgift2000530
- /data/media/####/mgift2000531
- /data/media/####/mgift2000533
- /data/media/####/mgift2000534
- /data/media/####/mgift2000535
- /data/media/####/mgift2000536
- /data/media/####/mgift2000537
- /data/media/####/mgift2000538
- /data/media/####/mgift2000539
- /data/media/####/mgift2000540
- /data/media/####/mgift2000541
- /data/media/####/mgift2000542
- /data/media/####/mgift2000543
- /data/media/####/mgift2000544
- /data/media/####/mgift2000545
- /data/media/####/mgift2000546
- /data/media/####/mgift2000547
- /data/media/####/mgift2000548
- /data/media/####/mgift2000549
- /data/media/####/mgift2000550
- /data/media/####/mgift2000551
- /data/media/####/mgift2000552
- /data/media/####/mgift2000553
- /data/media/####/mgift2000554
- /data/media/####/mgift2000562
- /data/media/####/tdata_wyu452
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c type su
- chmod 755 <Package Folder>/files/libjiagu.so
- getprop ro.board.platform
Загружает динамические библиотеки:
- Bugly
- libjiagu
- locSDK4d
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CFB-NoPadding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CFB-NoPadding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
