Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Spy.186.origin
Network activity:
Connecting to:
- beijin####.####.com
- 1####.####.100:9321
- o####.####.com
- b####.com
- 1####.####.100
- 1####.####.167:9321
- c####.####.com
- 1####.####.167
HTTP GET requests:
- c####.####.com/ip2city.asp
- b####.com/search/error.html
- beijin####.####.com/apks/load.bat
- o####.####.com/special/time
HTTP POST requests:
- 1####.####.167/astrolinkSDK/info/getUpUrlInfo
- 1####.####.167/astrolinkSDK/data/info/getPushTaskInfo
- 1####.####.100/astrolinkSDK/info/getUpIp
- 1####.####.100:9321/astrolinkSDK/info/getUpOffLinePayCommand
- 1####.####.167:9321/astrolinkSDK/syn/appInfo
Modified file system:
Creates the following files:
- /sdcard/Download/AST_DOWN/load.bat.download
- /data/data/####/files/sdk.jar
- /sdcard/.tcookieid
- /data/data/####/shared_prefs/3d2ea772eea05147e6c879f803784d1e0|account_file.xml
- /data/data/####/shared_prefs/td_pefercen_profile.xml
- /data/data/####/shared_prefs/STORE_MAIN.xml
- /data/data/####/databases/webview.db-journal
- /data/data/####/shared_prefs/tdid.xml
- /data/data/####/shared_prefs/pref_file.xml.bak
- /data/data/####/files/cgame_851401618.jar
- /data/data/####/shared_prefs/pref_file.xml
Sets the 'executable' attribute to the following files:
- /data/data/####/files/cgame_851401618.jar
Miscellaneous:
Executes next shell scripts:
- /system/bin/dexopt --dex 27 45 40 467588 /data/data/####/files/sdk.jar 1247957044 735654430 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.
- /system/bin/dexopt --dex 27 44 40 586956 /data/data/####/files/cgame_851401618.jar 1165596748 -1209674697 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framew
- /system/bin/ping -c 1 1####.####.100
- /system/bin/dexopt --dex 27 56 40 213440 /data/data/####/files/sdk.jar 1178833160 577084886 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.
- /system/bin/dexopt --dex 27 45 40 213440 /data/data/####/files/sdk.jar 1178833160 577084886 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.
Uses special library to hide executable bytecode.
Contains functionality to send SMS messages automatically.
