Adware.Mobikok.114

Technical information

Malicious functions:

Executes code of the following detected threats:

Adware.Mobikok.1.origin

Network activity:

Connects to:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) cp####.mobisma####.com:80
TCP(HTTP/1.1) trk.adg####.com:80
TCP(HTTP/1.1) t####.mo####.com:80
TCP(HTTP/1.1) p####.admobc####.com:80
TCP(HTTP/1.1) c####.cooperm####.org:80
TCP(HTTP/1.1) t####.yoyo####.com:80
TCP(HTTP/1.1) c####.gowa####.com:80
TCP(HTTP/1.1) boo####.offerst####.net:80
TCP(HTTP/1.1) atracki####.appf####.com:80
TCP(HTTP/1.1) trac####.le####.com:80
TCP(HTTP/1.1) bin####.offerst####.net:80
TCP(HTTP/1.1) t####.ray####.com:80
TCP(HTTP/1.1) ad####.offerst####.net:80
TCP(HTTP/1.1) api.ki####.com:80
TCP(HTTP/1.1) 13.2####.213.140:80
TCP(HTTP/1.1) c####.inplay####.com:80
TCP(HTTP/1.1) api.bi####.com:80
TCP(HTTP/1.1) 13.2####.120.171:80
TCP(HTTP/1.1) c####.howdo####.net:80
TCP(HTTP/1.1) trkt####.com:80
TCP(HTTP/1.1) pay.m####.com:80
TCP(HTTP/1.1) c####.trk-ind####.com:80
TCP(HTTP/1.1) wap.vide####.net:80
TCP(HTTP/1.1) clk.cpi.leap####.com:80
TCP(HTTP/1.1) s####.adin####.com:80
TCP(TLS/1.0) go1.app####.com:443
TCP(TLS/1.0) f####.gst####.com:443
TCP(TLS/1.0) trafft####.com:443
TCP(TLS/1.0) 1plu####.g2####.com:443
TCP(TLS/1.0) t.appsf####.com:443
TCP(TLS/1.0) 1####.217.168.206:443
TCP(TLS/1.0) idream####.ho####.com:443
TCP(TLS/1.0) f####.google####.com:443
TCP(TLS/1.0) a####.google####.com:443
TCP(TLS/1.0) api.appsf####.com:443
TCP(TLS/1.0) c####.gowa####.com:443

DNS requests:

1plu####.g2####.com
a####.google####.com
ad####.offerst####.net
api.appsf####.com
api.bi####.com
api.ki####.com
atracki####.appf####.com
bin####.offerst####.net
boo####.offerst####.net
c####.cooperm####.org
c####.gowa####.com
c####.howdo####.net
c####.inplay####.com
c####.trk-ind####.com
clk.cpi.leap####.com
cp####.mobisma####.com
ev####.appsf####.com
f####.google####.com
f####.gst####.com
go1.app####.com
idream####.ho####.com
p####.admobc####.com
pay.m####.com
s####.adin####.com
t####.mo####.com
t####.ray####.com
t####.yoyo####.com
t.appsf####.com
trac####.le####.com
trafft####.com
trk.adg####.com
trkt####.com
wap.vide####.net

HTTP GET requests:

ad####.offerst####.net/index.php?offer_id=####&aff_id=####&aff_sub1=####...
api.bi####.com/sdkOffer?os=####&model=####&gaid=####&imei=####&androidId...
api.ki####.com/click?tid=####
api.ki####.com/express?tid=####
api.ki####.com/sdkOffer?os=####&model=####&gaid=####&imei=####&androidId...
atracki####.appf####.com/transaction/post_click?aff_id=####&offer_id=###...
bin####.offerst####.net/index.php?offer_id=####&aff_id=####&aff_sub1=###...
boo####.offerst####.net/index.php?offer_id=####&aff_id=####&aff_sub####&...
c####.cooperm####.org/index.php?m=####&p=####&app_id=####&offer_id=####&...
c####.gowa####.com/click?offer_id=####&aff_id=####&aff_sub=####&aff_sub2...
c####.howdo####.net/aff_track?offer_id=####&affiliate_id=####&gaid=####&...
c####.inplay####.com/index.php?m=####&p=####&app_id=####&offer_id=####&a...
c####.trk-ind####.com/tracking?offerid=####&pubid=####&tid=####&deviceid...
clk.cpi.leap####.com/click?id=####&aff=####&ost=####&gaid=####&click_id=...
cp####.mobisma####.com/index.php?m=####&p=####&app_id=####&offer_id=####...
p####.admobc####.com/v1/ad/click?subsite_id=####&transaction_id=####&id=...
pay.m####.com/assets/merchant_logo-894a1e1c22b2e68e33e494c32fbd6c7b9d9ba...
pay.m####.com/assets/nl_nl-0ddb1a6f699a4d3628ee21a099acbeae7c1681417235f...
pay.m####.com/assets/nl_nl-35c53070c5fd0f2662a1831833be2b9f041c329aefbcc...
pay.m####.com/customer_journey/start/f184422b-3d50-4eb7-8818-c6a245c966e8
pay.m####.com/nl/subscriptions/new?amount=####&description=####&merchant...
t####.mo####.com/mobclick/trackv2.do?id=####&aff_id=####&offer_id=####&g...
t####.mo####.com/mobclick/trackv2.do?id=####&aff_id=####&offer_id=####&p...
t####.ray####.com/agentapi/click?cid=####&aid=####&ext1=####&ext2=####&s...
t####.yoyo####.com/ad6c984691a6bb143ba8/?s1=####
t####.yoyo####.com/redirect/?r=aHR0c####
trac####.le####.com/click?mb_campid=####&mb_pl=####&mb_nt=####&mb_gaid=#...
trk.adg####.com/api/public/click?pub_id=####&ad_id=####&campaign_id=####...
trkt####.com/go.php?p=####&sub1=####&sub2=####
wap.vide####.net/NL/stagingmel/css/animate.css
wap.vide####.net/NL/stagingmel/css/buttons.css
wap.vide####.net/NL/stagingmel/css/stile.css
wap.vide####.net/NL/stagingmel/img/button.png
wap.vide####.net/NL/stagingmel/img/footer.png
wap.vide####.net/NL/stagingmel/img/img.png
wap.vide####.net/NL/stagingmel/step1.html?traxid=####
wap.vide####.net/NL/stagingmel/step1b.html?PHPSESSID=####

HTTP POST requests:

api.bi####.com/un
s####.adin####.com/track/ds?sdk_version=####&platform=####&app_version=#...
s####.adin####.com/track/uc?sdk_version=####&platform=####&app_version=#...
s####.adin####.com/track/ui?sdk_version=####&platform=####&app_version=#...

File system changes:

Creates the following files:

/data/data/####/MobikokCache_Type_1.xml
/data/data/####/MobikokConfig_Type_1.xml
/data/data/####/SpZvShPrefs.xml
/data/data/####/cc.jar
/data/data/####/data_0
/data/data/####/data_1
/data/data/####/data_2
/data/data/####/data_3
/data/data/####/f_000001
/data/data/####/f_000002
/data/data/####/f_000003
/data/data/####/f_000004
/data/data/####/f_000005
/data/data/####/f_000006
/data/data/####/file__0.localstorage-journal
/data/data/####/index
/data/data/####/mc_cache.db-journal
/data/data/####/webview.db-journal
/data/data/####/webviewCookiesChromium.db-journal

Miscellaneous:

Executes the following shell scripts:

cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

Uses the following algorithms to encrypt data:

Uses the following algorithms to decrypt data:

Accesses the ITelephony private interface.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

Displays its own windows over windows of other apps.

Tecnologías

Términos

Formación y educación

Mitos

Technical information

Curing recommendations

Free trial