Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.20
Downloads the following detected threats from the Web:
- Android.Xiny.20
Network activity:
Connecting to:
- s####.####.com
- mo####.####.com
- h####.####.com
- d####.####.cn
- ub####.####.com
- c####.####.com
- mobads-####.####.com
- songci####.com
- ec####.####.com
- w####.####.com
- a####.####.com
HTTP GET requests:
- songci####.com/anquanqi/
- mo####.####.com/cpro/ui/mads.php?code2=####&b1493729076351=####
- mo####.####.com/ads/css/min/main.css
- mo####.####.com/ads/index.htm
- mo####.####.com/ads/js/ads.trunk.js
- mo####.####.com/cpro/ui/mads.php?code2=####&b1493729077095=####
- mo####.####.com/cpro/ui/mads.php?code2=####&b1493729077564=####
- w####.####.com/adx.php?c=####&ext=####
- d####.####.cn/jarFile/SDKAutoUpdate/hyjwan.jar
- mo####.####.com/ads/pa/6/__pasys_remote_banner.php?bdr=####&os=####&v=##...
- mobads-####.####.com/dz.zb?type=####&qk=####&rs_tplid=####&zone=####&chg...
- mo####.####.com/cpro/ui/mads.php?code2=####&b1493729061066=####
- c####.####.com/cpro/ui/noexpire/js/rs/template/logoIsShowEvents_1.min.js
- mo####.####.com/ads/ads.appcache
- mo####.####.com/ads/js/c.exp.js
- mo####.####.com/ads/pa/6/__xadsdk__remote__6.2.jar
- mo####.####.com/ads/js/ads.trunk.exp.js
- c####.####.com/cpro/ui/noexpire/js/rs/business/1.0.0/anticheat_mob.min.js
- ec####.####.com/time.jpg?stamp=####&s1=####&s2=####&s3=####&s4=####&s5=#...
- mo####.####.com/ads/js/c.js
- mo####.####.com/cpro/ui/mads.php?code2=####&b1493729079504=####
- h####.####.com/hm.js?f5bf2d0####
- c####.####.com/cpro/expire/time.min.js
- ub####.####.com/media/v1/0f000ndqQmCfYdc96BLIj0.jpg
- ub####.####.com/media/v1/0f000PCkLKS2_Zrh8bcCSf.jpg
HTTP POST requests:
- s####.####.com/cw/interface!u2.action?protocol=####&version=####&cid=####
- a####.####.com/app_logs
- s####.####.com/cw/cp.action?requestId=####&g=####
Modified file system:
Creates the following files:
- /data/data/####/databases/downloadswc-journal
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/shared_prefs/com.baidu.mobads.loader.xml
- /data/data/####/shared_prefs/__xadsdk_downloaded__version__.xml
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/shared_prefs/__sdk_ral.xml
- /data/data/####/shared_prefs/__x_adsdk_agent_header__.xml.bak
- /data/data/####/app_database/ApplicationCache.db-journal
- /data/data/####/shared_prefs/umeng_general_config.xml
- /sdcard/dt/restime.dat
- /data/data/####/shared_prefs/__x_adsdk_agent_header__.xml
- /data/data/####/files/.imprint
- /data/data/####/shared_prefs/a.xml
- /data/data/####/shared_prefs/W_Key.xml
- /sdcard/.xy
- /data/data/####/app_baidu_ad_sdk/__xadsdk__remote__final__18a7faa6-9cc7-43b4-a290-e100616e5e70.jar
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/shared_prefs/st.xml
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/files/umeng_it.cache
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/shared_prefs/W_Key.xml.bak
- /data/data/####/app_database/localstorage/http_mobads.baidu.com_0.localstorage-journal
- /data/data/####/databases/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
- /data/data/####/databases/downloadswc
- /sdcard/Download/fts/4.3_hyjwan.jar.tmp
- /data/data/####/cache/webviewCacheChromium/index
Miscellaneous:
Executes next shell scripts:
- /system/bin/dexopt --dex 27 54 40 88780 /data/data/####/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar 1210875598 -1661069044 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/f
- /system/bin/dexopt --dex 27 76 40 111648 /storage/emulated/0/download/fts/4.3_hyjwan.jar 1234066233 264773844 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/fra
Contains functionality to send SMS messages automatically.
