22.10.17

Android.Packed.21985

Android.Packed.21985


Техническая информация

Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
  • Android.HiddenAds.76.origin
Сетевая активность:
Подключается к:
  • celery####.com
  • v####.####.com
  • b####.com
  • j####.####.xyz
  • t####.global
  • bik####.com
  • trackme####.com
  • a####.####.com


Запросы HTTP GET:
  • j####.####.xyz/?s3=####
  • bik####.com/d/15143458cac3ab0e1bc?source=####&sub=####
  • t####.global/view/lHTqZDHhsyHUOrZ4ihSalSksXYxTJcakGSMaWKX0Cs784MU?c=####...
  • b####.com/rms/BingCore.Bundle/cj,nj/ea12a751/faef1996.js?bu=####
  • b####.com/rms/rms%20answers%20Homepage%20Mobile$MobileHeaderSprite2x/ic/...
  • b####.com/az/hprichbg/rb/Dipper_ROW12905160494_768x1024.jpg
  • trackme####.com/r/640dfb58-3fb2-11e7-9141-114198a5f591/1/
  • celery####.com/06m03/W5tP/VZ9f/DdMJHqXB8rLFl49sNPvmB4qYnN93rrteAqjg5iEQh...
  • b####.com/rms/rms%20answers%20Shared%20BingCore$Animation/cj,nj/c9ce19fd...
  • bik####.com/gw?url=####&vId=####&ef=####&ch=####&nid=####&sub=####&sourc...
  • b####.com/rms/rms%20answers%20Identity%20Mobile$HamburgerMenuOnClick/cj,...
  • a####.####.com/fd/ls/l?IG=####&CID=####&TYPE=####&DATA=####
  • b####.com/rms/rms%20serp%20Homepage$bgLogoBingTeal/ic/23b397af/f2e8bbe3....
  • b####.com/fd/ls/GLinkPing.aspx?IG=####&CID=####&ID=####
  • b####.com/ImageResolution.aspx?w=####&h=####&hash=####&r=####
  • t####.global/hrfp?url=####
  • b####.com/rms/Framework/cj,nj/f0fe13d0/9101d3f2.js?bu=####
  • b####.com/rms/rms%20answers%20Identity%20Mobile$MobileSnrWindowsLiveConn...
  • b####.com/rms/MobileSiteBase/cc,nc/8d0342e9/e3492d89.css?bu=####
  • b####.com/?r=####
  • b####.com/fd/ls/l?IG=####&CID=####&Type=####&DATA=####&P=####&DA=####
  • trackme####.com/r/640dfb58-3fb2-11e7-9141-114198a5f591/0/
  • celery####.com/06m03/T5gKHQ/W5tP/X5ZeTvs/DdMJHqXB8rLFl49sNPvmB4qYnN93rrt...
  • b####.com/Passport.aspx?popup=####
  • b####.com/hpmob?r=####&IG=####&IID=####
  • b####.com/notifications/render?bnptrigger=####&IG=####&IID=####
  • b####.com/rms/rms%20answers%20Shared%20BingCore$fadeAnimation/cj,nj/8c49...
  • b####.com/rms/AutoSug/cj,nj/2d1a3da6/dfed0777.js?bu=####
Запросы HTTP POST:
  • b####.com/fd/ls/lsp.aspx?
  • b####.com/fd/ls/lsp.aspx
  • v####.####.com/api/u
  • v####.####.com/api/l
  • v####.####.com/api/o
Изменения в файловой системе:
Создает следующие файлы:
  • /shared_prefs/jianrT_sharepreferenceFlag.xml.bak
  • /cache/webviewCacheChromium/f_000023
  • /databases/plug.dataBase-journal
  • /shared_prefs/sp.xml
  • /cache/webviewCacheChromium/f_000018
  • /cache/webviewCacheChromium/f_000019
  • /cache/webviewCacheChromium/f_000016
  • /cache/webviewCacheChromium/f_000017
  • /cache/webviewCacheChromium/f_000014
  • /cache/webviewCacheChromium/f_000015
  • /cache/webviewCacheChromium/f_000012
  • /cache/webviewCacheChromium/f_000013
  • /cache/webviewCacheChromium/f_000010
  • /cache/webviewCacheChromium/f_000011
  • /cache/webviewCacheChromium/f_00002c
  • /cache/webviewCacheChromium/f_00002b
  • /cache/webviewCacheChromium/f_00002a
  • /databases/com.google.android.gms.ads.db/localstorage/https_www.instagram.com_0.localstorage-journal
  • /cache/webviewCacheChromium/f_00002e
  • /cache/webviewCacheChromium/f_00002d
  • /cache/webviewCacheChromium/f_00000a
  • /cache/webviewCacheChromium/f_00000c
  • /cache/webviewCacheChromium/f_00000b
  • /cache/webviewCacheChromium/f_00000e
  • /cache/webviewCacheChromium/f_00000d
  • /cache/webviewCacheChromium/f_00000f
  • /shared_prefs/jianrT_sharepreferenceFlag.xml
  • /cache/webviewCacheChromium/f_000025
  • /shared_prefs/com.google.android.gms.measurement.prefs.xml
  • /databases/google_app_measurement_local.db
  • /databases/google_app_measurement_local.db-journal
  • /databases/sklead.dataBase
  • /databases/sklead.dataBase-journal
  • /shared_prefs/sp.xml.bak
  • /shared_prefs/admob.xml
  • /shared_prefs/SSPPrefe.xml
  • /cache/webviewCacheChromium/f_000029
  • /databases/plug.dataBase
  • /cache/webviewCacheChromium/f_000009
  • /cache/webviewCacheChromium/f_000008
  • /cache/webviewCacheChromium/f_000021
  • /cache/webviewCacheChromium/f_000020
  • /cache/webviewCacheChromium/f_000027
  • /cache/webviewCacheChromium/f_000026
  • /cache/1470286953684.jar
  • /cache/webviewCacheChromium/f_000024
  • /cache/webviewCacheChromium/f_000001
  • /cache/webviewCacheChromium/f_000003
  • /cache/webviewCacheChromium/f_000002
  • /cache/webviewCacheChromium/f_000005
  • /cache/webviewCacheChromium/f_000004
  • /cache/webviewCacheChromium/f_000007
  • /cache/webviewCacheChromium/f_000006
  • /shared_prefs/com.google.android.gms.measurement.prefs.xml.bak
  • /no_backup/com.google.android.gms.appid-no-backup
  • /databases/easv.data-journal
  • /cache/webviewCacheChromium/f_00001f
  • /cache/webviewCacheChromium/f_00001d
  • /cache/webviewCacheChromium/f_00001e
  • /cache/webviewCacheChromium/f_00001b
  • /cache/webviewCacheChromium/f_00001c
  • /cache/webviewCacheChromium/f_000022
  • /cache/webviewCacheChromium/f_00001a
  • /shared_prefs/SSPPrefe.xml.bak
  • /shared_prefs/admob.xml.bak
  • /databases/webviewCookiesChromiumPrivate.db-journal
  • /cache/1470286953684.tmp
  • /databases/webview.db-journal
  • /cache/webviewCacheChromium/index
  • /databases/webviewCookiesChromium.db-journal
  • /shared_prefs/com.google.android.gms.appid.xml
  • /databases/com.google.android.gms.ads.db/localstorage/https_googleads.g.doubleclick.net_0.localstorage-journal
  • /cache/webviewCacheChromium/f_000028
  • /cache/ApplicationCache.db-journal
  • /cache/webviewCacheChromium/data_3
  • /cache/webviewCacheChromium/data_2
  • /cache/webviewCacheChromium/data_1
  • /cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
Может автоматически отправлять СМС-сообщения
.
Версия:

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)