Adware.Gexin.13070

Adware.Gexin.13070

Added to the Dr.Web virus database: 2019-05-01

Virus description added: 2019-05-01

Technical information

Malicious functions:

Executes code of the following detected threats:

Adware.Gexin.2.origin

Network activity:

Connects to:

UDP(DNS) <Google DNS>
TCP(TLS/1.0) av1.x####.com:443
TCP(TLS/1.0) 1####.217.168.206:443

DNS requests:

7f5e492####.bug####.cn
av1.x####.com
i.t####.com

File system changes:

Creates the following files:

/data/data/####/1556692530130_2302
/data/data/####/1556692530209_2302
/data/data/####/1556692530968_2360
/data/data/####/1556692531094_2360
/data/data/####/1556692531922_2414
/data/data/####/1556692532006_2414
/data/data/####/1556692533704_2473
/data/data/####/1556692533800_2473
/data/data/####/1556692534580_2522
/data/data/####/1556692534679_2522
/data/data/####/1556692535454_2571
/data/data/####/1556692539377_2634
/data/data/####/1556692540268_2682
/data/data/####/1556692541119_2730
/data/data/####/1556692545171_2788
/data/data/####/1556692546000_2836
/data/data/####/1556692546890_2884
/data/data/####/1556692548613_2943
/data/data/####/1556692549485_2991
/data/data/####/1556692550393_3039
/data/data/####/1556692552208_3097
/data/data/####/1556692553103_3145
/data/data/####/1556692554061_3193
/data/data/####/1556692555762_3252
/data/data/####/1556692556691_3300
/data/data/####/1556692557608_3348
/data/data/####/1556692561518_3408
/data/data/####/1556692562429_3455
/data/data/####/1556692563329_3502
/data/data/####/1556692565204_3561
/data/data/####/1556692566118_3609
/data/data/####/1556692567163_3657
/data/data/####/1556692569937_3716
/data/data/####/1556692570957_3763
/data/data/####/1556692571870_3809
/data/data/####/1556692574280_3866
/data/data/####/1556692575240_3916
/data/data/####/1556692576196_3964
/data/data/####/1556692579178_4020
/data/data/####/1556692580108_4066
/data/data/####/1556692581002_4112
/data/data/####/1556692582995_4169
/data/data/####/1556692583865_4215
/data/data/####/1556692584711_4261
/data/data/####/1556692587945_4317
/data/data/####/1556692588895_4364
/data/data/####/1556692589803_4410
/data/data/####/MultiDex.lock
/data/data/####/TD_app_pefercen_profile.xml
/data/data/####/TDpref_longtime.xml
/data/data/####/TDpref_longtime0.xml
/data/data/####/journal.tmp
/data/data/####/libjiagu-917064677.so
/data/data/####/multidex.version.xml
/data/data/####/tdid.xml
/data/media/####/.nomedia
/data/media/####/.tcookieid

Miscellaneous:

Executes the following shell scripts:

getprop
logcat -v time -t 500 2302
logcat -v time -t 500 2360
logcat -v time -t 500 2414
logcat -v time -t 500 2473
logcat -v time -t 500 2522
logcat -v time -t 500 2571
logcat -v time -t 500 2634
logcat -v time -t 500 2682
logcat -v time -t 500 2730
logcat -v time -t 500 2788
logcat -v time -t 500 2836
logcat -v time -t 500 2884
logcat -v time -t 500 2943
logcat -v time -t 500 2991
logcat -v time -t 500 3039
logcat -v time -t 500 3097
logcat -v time -t 500 3145
logcat -v time -t 500 3193
logcat -v time -t 500 3252
logcat -v time -t 500 3300
logcat -v time -t 500 3348
logcat -v time -t 500 3408
logcat -v time -t 500 3455
logcat -v time -t 500 3502
logcat -v time -t 500 3561
logcat -v time -t 500 3609
logcat -v time -t 500 3657
logcat -v time -t 500 3716
logcat -v time -t 500 3763
logcat -v time -t 500 3809
logcat -v time -t 500 3866
logcat -v time -t 500 3916
logcat -v time -t 500 3964
logcat -v time -t 500 4020
logcat -v time -t 500 4066
logcat -v time -t 500 4112
logcat -v time -t 500 4169
logcat -v time -t 500 4215
logcat -v time -t 500 4261
logcat -v time -t 500 4317
logcat -v time -t 500 4364
logcat -v time -t 500 4410

Loads the following dynamic libraries:

Bugtags
LanSongffmpeg
libjiagu-917064677

Uses the following algorithms to encrypt data:

DES-CBC-PKCS5Padding

Uses the following algorithms to decrypt data:

DES-CBC-PKCS5Padding

Accesses the ITelephony private interface.

Uses special library to hide executable bytecode.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical information

Recommandations pour le traitement

Free trial