Technical information
Malicious functions:
Executes code of the following detected threats:
- Adware.Gexin.2.origin
Accesses the ITelephony private interface.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(TLS/1.0) av1.x####.com:443
DNS requests:
- 7f5e492####.bug####.com
- av1.x####.com
- i.t####.com
File system changes:
Creates the following files:
- /data/data/####/1547196927104_2281
- /data/data/####/1547196927141_2281
- /data/data/####/1547196927245_2281
- /data/data/####/1547196928015_2331
- /data/data/####/1547196928067_2331
- /data/data/####/1547196928867_2381
- /data/data/####/1547196928913_2381
- /data/data/####/1547196931511_2441
- /data/data/####/1547196931548_2441
- /data/data/####/1547196932380_2491
- /data/data/####/1547196933303_2541
- /data/data/####/1547196934988_2600
- /data/data/####/1547196935846_2649
- /data/data/####/1547196936747_2698
- /data/data/####/1547196940780_2757
- /data/data/####/1547196941662_2806
- /data/data/####/1547196942507_2855
- /data/data/####/1547196946359_2915
- /data/data/####/1547196947330_2964
- /data/data/####/1547196948317_3014
- /data/data/####/1547196950458_3074
- /data/data/####/1547196951424_3123
- /data/data/####/1547196952399_3172
- /data/data/####/1547196954967_3232
- /data/data/####/1547196955896_3281
- /data/data/####/1547196956827_3330
- /data/data/####/1547196960554_3389
- /data/data/####/1547196961438_3436
- /data/data/####/1547196962382_3485
- /data/data/####/1547196964521_3544
- /data/data/####/1547196965452_3594
- /data/data/####/1547196966406_3643
- /data/data/####/1547196968619_3700
- /data/data/####/1547196969566_3747
- /data/data/####/1547196970542_3796
- /data/data/####/1547196974656_3854
- /data/data/####/1547196975714_3902
- /data/data/####/1547196976811_3949
- /data/data/####/1547196980181_4026
- /data/data/####/1547196981369_4073
- /data/data/####/1547196982476_4122
- /data/data/####/1547196986385_4180
- /data/data/####/1547196987453_4228
- /data/data/####/1547196988578_4276
- /data/data/####/MultiDex.lock
- /data/data/####/TD_app_pefercen_profile.xml
- /data/data/####/TDpref_longtime.xml
- /data/data/####/TDpref_longtime0.xml
- /data/data/####/journal.tmp
- /data/data/####/libjiagu-917064677.so
- /data/data/####/multidex.version.xml
- /data/data/####/tdid.xml
- /data/media/####/.nomedia
- /data/media/####/.tcookieid
Miscellaneous:
Executes the following shell scripts:
- getprop
- logcat -v time -t 500 2281
- logcat -v time -t 500 2331
- logcat -v time -t 500 2381
- logcat -v time -t 500 2441
- logcat -v time -t 500 2491
- logcat -v time -t 500 2541
- logcat -v time -t 500 2600
- logcat -v time -t 500 2649
- logcat -v time -t 500 2698
- logcat -v time -t 500 2757
- logcat -v time -t 500 2806
- logcat -v time -t 500 2855
- logcat -v time -t 500 2915
- logcat -v time -t 500 2964
- logcat -v time -t 500 3014
- logcat -v time -t 500 3074
- logcat -v time -t 500 3123
- logcat -v time -t 500 3172
- logcat -v time -t 500 3232
- logcat -v time -t 500 3281
- logcat -v time -t 500 3330
- logcat -v time -t 500 3389
- logcat -v time -t 500 3436
- logcat -v time -t 500 3485
- logcat -v time -t 500 3544
- logcat -v time -t 500 3594
- logcat -v time -t 500 3643
- logcat -v time -t 500 3700
- logcat -v time -t 500 3747
- logcat -v time -t 500 3796
- logcat -v time -t 500 3854
- logcat -v time -t 500 3902
- logcat -v time -t 500 3949
- logcat -v time -t 500 4026
- logcat -v time -t 500 4073
- logcat -v time -t 500 4122
- logcat -v time -t 500 4180
- logcat -v time -t 500 4228
- logcat -v time -t 500 4276
Loads the following dynamic libraries:
- Bugtags
- LanSongffmpeg
- libjiagu-917064677
Uses the following algorithms to encrypt data:
- DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
- DES-CBC-PKCS5Padding
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
