Adware.Waps.1922

Technical information

Malicious functions:

Executes code of the following detected threats:

Adware.Waps.1917

Network activity:

Connects to:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) scs.opensp####.cn:80
TCP(HTTP/1.1) c####.yun####.net:80
TCP(HTTP/1.1) def####.duals####.cn.####.com:80
TCP(HTTP/1.1) 2####.107.1.33:80
TCP(HTTP/1.1) g3.l####.cn:80
TCP(HTTP/1.1) adash####.man.aliy####.com:80
TCP(HTTP/1.1) 1####.226.103.12:80
TCP(HTTP/1.1) c####.cn.edg####.net:80
TCP(HTTP/1.1) 74.1####.131.94:80
TCP(HTTP/1.1) api.l####.nag####.net:80
TCP(HTTP/1.1) l####.cc:80
TCP(HTTP/1.1) a####.u####.com:80
TCP(HTTP/1.1) a.g####.qq.com:80
TCP(HTTP/1.1) 1####.29.29.29:80
TCP(HTTP/1.1) flex####.z####.im:80
TCP(TLS/1.0) access-####.z####.im:443
TCP(TLS/1.0) p####.google####.com:443
TCP(TLS/1.0) nim-lbs####.nt####.net####.com:443
TCP(TLS/1.0) 2####.107.1.97:443
TCP(TLS/1.0) rr2---s####.g####.com:443
TCP(TLS/1.0) al####.u####.com:443
TCP(TLS/1.0) plb####.u####.com:443
TCP(TLS/1.0) msg.umengc####.com:443
TCP(TLS/1.0) rr18---####.g####.com:443
TCP(TLS/1.0) rr9---s####.g####.com:443
TCP(TLS/1.0) wa####.127.net:443
TCP(TLS/1.0) 74.1####.131.94:443
TCP(TLS/1.2) 64.2####.163.101:443
TCP(TLS/1.2) 1####.194.73.147:443
TCP(TLS/1.2) 74.1####.131.94:443
TCP(TLS/1.2) p####.google####.com:443
UDP 39.1####.243.141:22000
UDP 39.1####.243.141:22002
TCP ms####.m.u####.com:443
UDP 39.1####.124.173:3478
UDP p####.google####.com:443
UDP 39.1####.124.173:3479
UDP 39.1####.118.206:3478
UDP p2p-####.starsc####.com:20005

DNS requests:

a####.man.aliy####.com
a####.u####.com
a.g####.qq.com
ad.yun####.net
amdc####.m.ta####.com
and####.b####.qq.com
api.l####.nag####.net
barrag####.yun####.net
c####.c####.cn
c####.yun####.net
d####.opensp####.cn
flex####.z####.im
g3.l####.cn
hd####.xi####.live
hl####.xi####.live
l####.cc
lbs.net####.im
live333####.z####.im
liveroo####.z####.im
log.u####.com
msg.umengc####.com
n####.yun####.net
oc.u####.com
oth.str.mdt.####.com
p####.google####.com
p####.l####.nag####.net
p####.yun####.net
p2p-####.starsc####.com
pl####.c####.d####.com
play-al####.xi####.live
plb####.u####.com
publish####.xi####.live
rr18---####.g####.com
rr2---s####.g####.com
rr9---s####.g####.com
rtm####.xi####.live
s####.u####.com
scs.opensp####.cn
tvnow####.yun####.net
u####.u####.com
u####.yun####.net
udpdisp####.z####.im
umen####.m.ta####.com
wa####.127.net
ws.tv####.com
www.b####.com

HTTP GET requests:

c####.cn.edg####.net/json2015/other/mobileconfig/index.json
c####.yun####.net/activate?uid=####&isp=####&imei=####&from=####&source=...
c####.yun####.net/ad/query?nwtime=####&sign=####&key=####&location=####&...
c####.yun####.net/app_conf?app=####&version=####&keys=####&nwtime=####&s...
c####.yun####.net/app_conf?nwtime=####&sign=####&app=####&version=####
c####.yun####.net/get_conf?keys=####&sign=####&versionName=####&nwtime=#...
c####.yun####.net/get_subscriptions?needDetail=####&isp=####&icon=####&s...
c####.yun####.net/init_account?sign=####&imei=####&source=####&androidId...
c####.yun####.net/json/campaign_yuntu_android_a.json
c####.yun####.net/json/public_notice_yuntu_android.json
c####.yun####.net/json/rnd_user1.json
c####.yun####.net/list_android_js_meta_v2.php?version=####
c####.yun####.net/list_plugin_meta.php?app_name_version=####&version=###...
c####.yun####.net/navigation.php?count=####&market=####&version=####&pla...
c####.yun####.net/tv/tvnow_andriod_init.php?version=####&platform=####&a...
c####.yun####.net/tv/tvnow_andriod_lab_df_v4.php?version=####&source=###...
c####.yun####.net/v3/conf/get_init_config?nwtime=####&sign=####&app=####...
c####.yun####.net/v3/list_recommend_page_moudles_v3.php?version=####&pla...
c####.yun####.net/websocket
def####.duals####.cn.####.com/bar/get/5218671c56240beed9029b0f/?ud_get=#...
flex####.z####.im/online/live/3332756846/init.html?zegotoken=####
flex####.z####.im/online/live/3332756846/route.html?zegotoken=####
flex####.z####.im/root/cert.2017?zegotoken=####
g3.l####.cn/recommend?format=####
wa####.127.net:443/lbs?version=####

HTTP POST requests:

a####.u####.com/app_logs
a.g####.qq.com/sdk
adash####.man.aliy####.com/man/api?ak=####&s=####
al####.u####.com:443/unify_logs
api.l####.nag####.net/cgi-bin/get_global_conf
c####.yun####.net/conf/check_update.json?app_key=####&version_code=####&...
l####.cc/i/sdk/close
l####.cc/i/sdk/install
msg.umengc####.com:443/tag/add
plb####.u####.com:443/umpx_internal
plb####.u####.com:443/umpx_push_launch
plb####.u####.com:443/umpx_push_register
scs.opensp####.cn/index.php/clientrequest/clientcollect/isCollect
scs.opensp####.cn/scs?cmd=####&logver=####&size=####

File system changes:

Creates the following files:

/data/anr/traces.txt
/data/data/####/.imprint
/data/data/####/.jg.ic
/data/data/####/0a231bd8575dcf72.txt
/data/data/####/1002
/data/data/####/1004
/data/data/####/1705425579416.log
/data/data/####/ACCS_BINDumeng;5218671c56240beed9029b0f.xml
/data/data/####/ACCS_SDK.xml
/data/data/####/ACCS_SDK_CHANNEL.xml
/data/data/####/AGOO_BIND.xml
/data/data/####/Agoo_AppStore.xml
/data/data/####/Alvin2.xml
/data/data/####/ContextData.xml
/data/data/####/DENGTA_META.xml
/data/data/####/Fungolive.db-journal
/data/data/####/LKME_Server_Request_Queue.xml
/data/data/####/MessageStore.db-journal
/data/data/####/MsgLogStore.db-journal
/data/data/####/NIMSDK_Config_19f3acb5310b20f64c648553d8ecc337.xml
/data/data/####/NIMSDK_Config_19f3acb5310b20f64c648553d8ecc337.xml.bak
/data/data/####/QALConfigStore.dat
/data/data/####/SPConfigUtil.xml
/data/data/####/SP_AROUTER_CACHE.xml
/data/data/####/TLS_DEVICE_INFO.xml
/data/data/####/UM_PROBE_DATA.xml
/data/data/####/WLOGIN_DEVICE_INFO.xml
/data/data/####/WebViewChromiumPrefs.xml
/data/data/####/accs.db-journal
/data/data/####/agoo.pid
/data/data/####/beacon_db-journal
/data/data/####/bugly_db_-journal
/data/data/####/cc.db
/data/data/####/cc.db-journal
/data/data/####/classes.dex
/data/data/####/classes.dex;classes2.dex
/data/data/####/classes.dex;classes3.dex
/data/data/####/classes.dex;classes4.dex
/data/data/####/classes.dex;classes5.dex
/data/data/####/classes.dex;classes6.dex
/data/data/####/classes.dex;classes7.dex
/data/data/####/classes.dex;classes8.dex
/data/data/####/com.iflytek.id.xml
/data/data/####/com.iflytek.msc.xml
/data/data/####/com.qq.gdt.action.SessionTimePref.xml
/data/data/####/crashrecord.xml
/data/data/####/dW1weF9pbnRlcm5hbF8xNzA1NDI1NTg3NDIw;
/data/data/####/dW1weF9wdXNoX2xhdW5jaF8xNzA1NDI1NjE0MDQ2;
/data/data/####/dW1weF9wdXNoX3JlZ2lzdGVyXzE3MDU0MjU1OTk0MTY=;
/data/data/####/exchangeIdentity.json
/data/data/####/exid.dat
/data/data/####/httpdns_config_cache.xml
/data/data/####/i==1.2.0&&4.5.2_1705425587424_envelope.log
/data/data/####/iflytek_state_org.fungo.fungolive.xml
/data/data/####/iflytek_state_org.fungo.fungolive.xml.bak
/data/data/####/info.xml
/data/data/####/libjiagu.so
/data/data/####/libsgmain_312757200000.dex
/data/data/####/libsgmain_312757200000.dex.flock (deleted)
/data/data/####/libsgmainso-5.1.81.so
/data/data/####/libsgmainso-5.1.81.so.tmp
/data/data/####/linkedme_referral_shared_pref.xml
/data/data/####/linkedme_referral_shared_pref.xml.bak
/data/data/####/live_msg.db-journal
/data/data/####/local_crash_lock
/data/data/####/lock.lock
/data/data/####/metrics_guid
/data/data/####/native_record_lock
/data/data/####/onlineconfig_agent_online_setting_org.fungo.fungolive.xml
/data/data/####/org.fungo.fungolive.BETA_VALUES.xml
/data/data/####/org.fungo.fungolive.xml
/data/data/####/org.fungo.fungolive.xml.bak
/data/data/####/org.fungo.fungolive_preferences.xml
/data/data/####/org.fungo.jsparser.xml
/data/data/####/org.fungo.jsparser.xml.bak
/data/data/####/proc_auxv
/data/data/####/qalimid_v2
/data/data/####/register.xml
/data/data/####/report_v5.msgstore-journal (deleted)
/data/data/####/security_info
/data/data/####/sp.lock
/data/data/####/tls_device.dat
/data/data/####/ua.db
/data/data/####/ua.db-journal
/data/data/####/um_pri.xml
/data/data/####/umeng_common_config.xml
/data/data/####/umeng_general_config.xml
/data/data/####/umeng_it.cache
/data/data/####/umeng_message_state.xml
/data/data/####/umeng_socialize.xml
/data/data/####/urlendcode.txt
/data/data/####/wlogin_device.dat
/data/media/####/.2F6E2C5B63F0F83B
/data/media/####/.nomedia
/data/media/####/000001.dbtmp
/data/media/####/000002.dbtmp
/data/media/####/000003.log
/data/media/####/3332756846_0_0_init.db
/data/media/####/3332756846_0_0_route.db
/data/media/####/Alvin2.xml
/data/media/####/CURRENT
/data/media/####/ContextData.xml
/data/media/####/LOCK
/data/media/####/LOG
/data/media/####/MANIFEST-000001
/data/media/####/MANIFEST-000002
/data/media/####/app.24.01.16.20.log
/data/media/####/appid.txt
/data/media/####/deviceToken
/data/media/####/iflyworkdir_test (deleted)
/data/media/####/imsdk_20240116.log
/data/media/####/lm_device_id
/data/media/####/nim_sdk.log
/data/media/####/root_cert
/data/media/####/sdk.24.01.16.20.log
/data/media/####/zego_did_config.db
/data/media/####/zegoavlog1.txt
/data/misc/####/primary.prof

Miscellaneous:

Executes the following shell scripts:

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
/system/bin/sh -c getprop
/system/bin/sh -c type su
cat /sys/class/net/eth0/address
cat /sys/class/net/wlan0/address
getprop
getprop ro.product.cpu.abi
ls /
ls /sys/class/thermal

Loads the following dynamic libraries:

libBugly
libijkffmpeg
libijkplayer
libijksdl
libjiagu
libmsc
libp2p
libqalcodecwrapper
libsgmainso-5.1.81
libtnet-3.1.11

Uses the following algorithms to encrypt data:

AES
AES-CBC-NoPadding
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
AES-GCM-NoPadding
DES-CBC-PKCS5Padding
DES-ECB-PKCS5Padding
RSA-ECB-PKCS1Padding

Uses the following algorithms to decrypt data:

AES-CBC-PKCS7Padding
AES-GCM-NoPadding
DES-ECB-PKCS5Padding

Accesses the ITelephony private interface.

Uses special library to hide executable bytecode.

Accesses camera interface.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

Gets information about installed apps.

Adds tasks to the system scheduler.

Displays its own windows over windows of other apps.

Requests the system alert window permission.

Технологии

Термины

Обучение и просвещение

Мифы

Technical information

Рекомендации по лечению

Демо бесплатно на 14 дней