Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.MobiDash.1.origin
Network activity:
Connecting to:
- m####.####.com
HTTP GET requests:
- m####.####.com/sdk-core-v40.js
Modified file system:
Creates the following files:
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/databases/webview.db-journal
- /data/data/####/code_cache/secondary-dexes/tmp-####-1.apk.classes1358458698.zip
- /data/data/####/app_app_apk/gk.dat.jar
- /data/data/####/files/file
- /data/data/####/code_cache/secondary-dexes/MultiDex.lock
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/cache/ads-498596648.jar
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/shared_prefs/multidex.version.xml
Miscellaneous:
Executes next shell scripts:
- /system/bin/app_process /system/bin com.android.commands.am.Am start -n com.android.settings/com.android.settings.cyanogenmod.superuser.RequestActivity --es socket /dev/com.android.settings/.socket2036 --user 0
- /system/bin/dexopt --dex 27 40 40 270204 /data/data/####/app_app_apk/gk.dat.jar 1252703274 589449635 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framewor
- su
- /system/bin/app_process /system/bin com.android.commands.am.Am broadcast -n com.android.settings/com.android.settings.cyanogenmod.superuser.SuReceiver --ei binary_version 16 --es from_name u0_a44 --es desired_name --ei uid 10044 --ei desired_uid 0 --es c
- sh
- date
- /system/bin/dexopt --dex 27 41 40 2077388 /data/data/####/code_cache/secondary-dexes/####-1.apk.classes2.zip 2168832 -1850289209 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ex
- /system/bin/dexopt --dex 27 61 40 5072 /data/data/####/cache/ads-498596648.jar 1116425053 -1463010909 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framewo
Uses elevated priveleges.
Contains functionality to send SMS messages automatically.
