Technical information
Malicious functions:
Executes code of the following detected threats:
- Adware.Gexin.2.origin
Accesses the ITelephony private interface.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(TLS/1.0) 7f5e492####.bug####.com:443
- TCP(TLS/1.0) av1.x####.com:443
DNS requests:
- 7f5e492####.bug####.com
- av1.x####.com
- i.t####.com
File system changes:
Creates the following files:
- /data/data/####/1552054179833_2311
- /data/data/####/1552054179862_2311
- /data/data/####/1552054179928_2311
- /data/data/####/1552054180736_2369
- /data/data/####/1552054181082_2369
- /data/data/####/1552054182182_2432
- /data/data/####/1552054182249_2432
- /data/data/####/1552054184020_2492
- /data/data/####/1552054184102_2492
- /data/data/####/1552054184822_2541
- /data/data/####/1552054185808_2589
- /data/data/####/1552054186613_2589
- /data/data/####/1552054189443_2662
- /data/data/####/1552054190187_2709
- /data/data/####/1552054192042_2767
- /data/data/####/1552054193018_2816
- /data/data/####/1552054193718_2865
- /data/data/####/1552054195734_2924
- /data/data/####/1552054196476_2972
- /data/data/####/1552054197205_3020
- /data/data/####/1552054201576_3099
- /data/data/####/1552054202293_3147
- /data/data/####/1552054203037_3195
- /data/data/####/1552054207098_3243
- /data/data/####/1552054207888_3301
- /data/data/####/1552054208645_3349
- /data/data/####/1552054211619_3414
- /data/data/####/1552054212500_3468
- /data/data/####/1552054213333_3517
- /data/data/####/1552054216198_3575
- /data/data/####/1552054217062_3623
- /data/data/####/1552054217842_3671
- /data/data/####/1552054220524_3729
- /data/data/####/1552054221393_3778
- /data/data/####/1552054222295_3826
- /data/data/####/1552054225860_3886
- /data/data/####/1552054226738_3934
- /data/data/####/1552054227548_3982
- /data/data/####/1552054231002_4032
- /data/data/####/1552054231857_4080
- /data/data/####/1552054232780_4128
- /data/data/####/1552054234549_4186
- /data/data/####/1552054235420_4235
- /data/data/####/1552054236261_4283
- /data/data/####/MultiDex.lock
- /data/data/####/TD_app_pefercen_profile.xml
- /data/data/####/TDpref_longtime.xml
- /data/data/####/TDpref_longtime0.xml
- /data/data/####/com.syxjapp.www_preferences.xml
- /data/data/####/journal.tmp
- /data/data/####/libjiagu-917064677.so
- /data/data/####/multidex.version.xml
- /data/data/####/tdid.xml
- /data/media/####/.nomedia
- /data/media/####/.tcookieid
Miscellaneous:
Executes the following shell scripts:
- getprop
- logcat -v time -t 500 2311
- logcat -v time -t 500 2369
- logcat -v time -t 500 2432
- logcat -v time -t 500 2492
- logcat -v time -t 500 2541
- logcat -v time -t 500 2589
- logcat -v time -t 500 2662
- logcat -v time -t 500 2709
- logcat -v time -t 500 2767
- logcat -v time -t 500 2816
- logcat -v time -t 500 2865
- logcat -v time -t 500 2924
- logcat -v time -t 500 2972
- logcat -v time -t 500 3020
- logcat -v time -t 500 3099
- logcat -v time -t 500 3147
- logcat -v time -t 500 3195
- logcat -v time -t 500 3243
- logcat -v time -t 500 3301
- logcat -v time -t 500 3349
- logcat -v time -t 500 3414
- logcat -v time -t 500 3468
- logcat -v time -t 500 3517
- logcat -v time -t 500 3575
- logcat -v time -t 500 3623
- logcat -v time -t 500 3671
- logcat -v time -t 500 3729
- logcat -v time -t 500 3778
- logcat -v time -t 500 3826
- logcat -v time -t 500 3886
- logcat -v time -t 500 3934
- logcat -v time -t 500 3982
- logcat -v time -t 500 4032
- logcat -v time -t 500 4080
- logcat -v time -t 500 4128
- logcat -v time -t 500 4186
- logcat -v time -t 500 4235
- logcat -v time -t 500 4283
Loads the following dynamic libraries:
- Bugtags
- LanSongffmpeg
- libjiagu-917064677
Uses the following algorithms to encrypt data:
- DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
- DES-CBC-PKCS5Padding
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
