Android.SmsSend.16941

Technical information

Malicious functions:

Sends SMS messages:

54999818: YMN SDK503ED 6Y

Network activity:

Connecting to:

n####.####.cn
2####.####.155
xt####.####.com
d####.####.cn
s####.####.cn
and####.####.com
1####.net
trackme####.com
s####.####.com
inte####.center
woo####.com:7079
i####.####.com
bads####.com
woo####.com
gl####.####.com
lan####.net
gl####.####.com:6566
i####.####.cn
be####.####.cn
t####.####.com
d####.####.com
a####.####.cn

HTTP GET requests:

n####.####.cn/games/70dd2c41/20170315/16.gif
d####.####.cn/home/2014/1030/jb5.jpg
s####.####.cn/css/79/index2016/v0510/index.css
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/analytics.html
n####.####.cn/sports/transform/20170315/gssd-fychtth0531692.jpg
n####.####.cn/tech/20170315/IVZR-fychtth0086748.gif
n####.####.cn/news/transform/20170315/R5LD-fychtth0405905.png
d####.####.cn/home/2014/1030/hxjzg103.jpg
s####.####.cn/imp/imp/deal/1b/1c/0/c3860408163313c99a8a75bebac_p24_mk24.jpg
d####.####.cn/litong/zhitou/sinaads/demo/jiliang/chezhan201611/monbox_chezhan.js
n####.####.cn/news/transform/20170315/Mx42-fychtth0314778.png
a####.####.cn/js/ssologin.js
d####.####.cn/dy/deco/2014/0923/guoqing2014/sina_101_2014_html_bg.jpg
d####.####.cn/home/2017/0315/U21P30DT20170315214916.jpg
d####.####.cn/dy/deco/2013/0329/logo/LOGO_1x.png
d####.####.cn/litong/zhitou/sinaads/release/sinaads.js
s####.####.com/imp/imp/deal/ae/16/3/3bfeb5c6a67222bc60433d3018e_p24_mk24.jpg
d####.####.cn/d1images/sinaads_entry/sinaads_entry_index.js
s####.####.cn/js/79/2013/0717/fix.js
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/css.css
d####.####.cn/home/main/index2013/0403/icon.png
n####.####.cn/auto/transform/20170227/H4GG-fyavvsk3669984.jpg
lan####.net/demo.php
n####.####.cn/sports/transform/20170315/_Prs-fychtth0378398.jpg
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/select.js
n####.####.cn/auto/transform/20170306/Tw3n-fycaahm6346924.jpg
n####.####.cn/auto/transform/20170310/gYx3-fychttf8931442.jpg
d####.####.cn/home/main/blk/d.gif
n####.####.cn/public_column/20170316/1_IV-fychtth0796233.jpg
n####.####.cn/eladies/20170316/nAMN-fychtth0777861.jpg
n####.####.cn/auto/transform/20170310/G3sU-fychhus0414522.jpg
bads####.com/28c88/9aRC/4acA/5aoR6fk/t-9Gs6VqQqhPDf90kuSEkwfUilazdHh9y49YpYOEnDUQzG0Ixog/s_oXs_R2Rv5PDqpwxe6ck3gb-rxcdjtWLrv2f3Fh3jmdNg?jch=####
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/current-month.js
xt####.####.com/%7B%22pd%22%3A%22-.-TOMMAIL-.-%22%2C%22su%22%3A%22http%3A%2F%2Fxtrack.tomonline-inc.com%2F%22%2C%22cn%22%3A%22at_oviwm%22%2C%22categor...
n####.####.cn/news/643213b9/20170228/sina_01201642_2017_bg.js?2017030####
s####.####.cn/
n####.####.cn/default/transform/20170314/o_Pr-fychttf9761918.jpg
d####.####.cn/home/main/index2013/0719/bg2.png
i####.####.com/imp/56b452177f800212b3d8ce007fc418f9_os29f8d1.jpg
n####.####.cn/default/1e20c22f/20170314/WangShangYouHaiXinXiJuBaoZhuanQu.jpg
d####.####.cn/home/2017/0314/U996P30DT20170314095851.jpg
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/timer.js
1####.net/webmail-static/js/lib/track/track.js
d####.####.cn/litong/zhitou/sinaads/demo/wanglt/sinaIndexAD/sinaAD_slide01.js
d####.####.cn/dy/deco/2013/0305/d.gif
a####.####.cn/js/user_panel_homepage.js
inte####.center/nl/2?s1=####&s2=####&voluumdata=####&sub1=####&sub2=####&sub3=####&utm_campaign=####&source_id=####
i####.####.cn/newchart/small/t/sh000001.gif
d####.####.cn/home/2017/0313/U996P30DT20170313100310.jpg
d####.####.com/d/33164576433fd4daa1?sub=####
n####.####.cn/sports/20170315/VIcK-fychtth0163420.jpg
1####.net/webmail-static/js/vip.com/jquery.js
n####.####.cn/news/20161214/WCVU-fxypunk6627147.jpg
1####.net/
n####.####.cn/auto/transform/20170315/rP4P-fychtth0531742.jpg
n####.####.cn/news/643213b9/20170228/2017_02_28.jpg
be####.####.cn/data.html?1485418####
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/steps.js
n####.####.cn/public_column/20170316/MCxs-fychtth0792983.jpg
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/css.dms
d####.####.cn/dy/deco/2013/0321/bg1px.png
i####.####.cn/iplookup/iplookup.php?format=####
t####.####.com/c5e2f4d6-5051-45ed-b9f3-f706accd3959?sub1=####&sub2=####&sub3=####&utm_campaign=####&source_id=####
d####.####.cn/home/2017/0315/U8327P30DT20170315095829.jpg
d####.####.cn/unipro/pub/suda_m_v629.js
n####.####.cn/video/20170316/8Lqn-fychtth0751402.jpg
2####.####.155/cm-tracker/cmreqrec.do?pid=####&sysuid=####&cid=####&publish_id=####
n####.####.cn/news/643213b9/20170228/phbut_11.png
lan####.net/apk.php
n####.####.cn/ent/js/lib/jquery-3.1.1.min.js
be####.####.cn/h.js
n####.####.cn/ent/20170316/d5mu-fychtth0763970.jpg
n####.####.cn/games/70dd2c41/20170315/19.jpg
d####.####.cn/home/2017/0313/U996P30DT20170313101249.jpg
trackme####.com/r/534174ae-09ec-11e7-9dc6-11414129a512/0/
n####.####.cn/auto/transform/20170227/Fjsj-fyavvsk3668102.jpg
inte####.center/nl/2/?s1=####&s2=####&voluumdata=####&sub1=####&sub2=####&sub3=####&utm_campaign=####&source_id=####
be####.####.cn/a.gif?V=####&CI=####&PI=####&UI=####&MT=####&EX=####&gUid_14####
n####.####.cn/news/20170310/5zJI-fychttf8914187.jpg
d####.####.cn/cha/images/c.gif
gl####.####.com:6566/AdRedirect.aspx?offerid=####&cid=####&affid=####&aff_sub=####&aff_sub2=####&aff_sub3=####&aff_sub4=####
n####.####.cn/default/1e20c22f/20161223/titlejbicon.png
d####.####.cn/home/2017/0314/U2284P30DT20170314100904.jpg
1####.net/webmail-static/css/vip.com/tom_vip_login.css
n####.####.cn/ent/transform/20170316/p_cU-fychtth0738785.jpg
a####.####.cn/sinaauto/2016/sinahome/chooseCars.js
n####.####.cn/tech/transform/20170315/Ztgo-fychtth0054254.png
n####.####.cn/news/20170316/YMRC-fychtth0789905.jpg
d####.####.cn/litong/zhitou/sinaads/demo/wanglt/sinaIndexAD/edu_ad_change.js
a####.####.cn/get_ad_list/PG_514AC419D66F33?callback=####
n####.####.cn/auto/transform/20170313/ZIIb-fychhuq4207375.jpg
trackme####.com/r/534174ae-09ec-11e7-9dc6-11414129a512/1/
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/jquery.js
be####.####.cn/ckctl.html
n####.####.cn/auto/transform/20170310/EqPQ-fychhuq3643040.jpg
d####.####.cn/home/main/index2013/0509/bkjb.png
n####.####.cn/news/20170302/TarY-fycapec0070461.jpg
n####.####.cn/sports/transform/20170314/Y0lR-fychttf9637874.jpg
d####.####.com/gw?url=####&vId=####&ef=####&ch=####&nid=####&sub=####
bads####.com/28c88/4acA/76MQ/t-9Gs6VqQqhPDf90kuSEkwfUilazdHh9y49YpYOEnDUQzG0Ixog?5a4=####&clickid=####&ext1=####&ext2=####&_uu=####
n####.####.cn/ent/20170316/7HOS-fychtth0841428.jpg
inte####.center/nl/2/U%20krijgt%20naakt%20foto%27s%20te%20zien%20van%20iemand%20die%20u%20kent.%20Wees%20discreet%21_files/index-ph.css
n####.####.cn/www/index/12377app.png
a####.####.cn/js/jq172.js
1####.net/webmail/login/index.action
d####.####.cn/litong/zhitou/sinaads/release/ad_logo_update_IAB.gif
a####.####.cn/js/outlogin_layer.js
gl####.####.com/AdRedirect.aspx?offerid=####&cid=####&affid=####&aff_sub=####&aff_sub2=####&aff_sub3=####&aff_sub4=####
n####.####.cn/auto/transform/20170306/hv_A-fycaafp2064175.jpg

HTTP POST requests:

and####.####.com/rqd/async
woo####.com/jsdk/ss.action?b=####
woo####.com:7079/jsdk/ss.action?b=####

Modified file system:

Creates the following files:

/data/data/####/shared_prefs/com.hyjt.app.spf_wap_413.xml
/data/data/####/databases/bugly_db_-journal
/data/data/####/cache/webviewCacheChromium/f_00000a
/data/data/####/cache/webviewCacheChromium/f_00000c
/data/data/####/cache/webviewCacheChromium/f_00000b
/data/data/####/cache/webviewCacheChromium/f_00000e
/data/data/####/cache/webviewCacheChromium/f_00000d
/data/data/####/cache/webviewCacheChromium/f_00000f
/data/data/####/cache/webviewCacheChromium/data_3
/data/data/####/cache/webviewCacheChromium/data_2
/data/data/####/cache/webviewCacheChromium/data_1
/data/data/####/cache/webviewCacheChromium/data_0
/data/data/####/cache/webviewCacheChromium/f_000012
/data/data/####/cache/webviewCacheChromium/f_000013
/data/data/####/cache/webviewCacheChromium/f_000010
/data/data/####/cache/webviewCacheChromium/f_000011
/data/data/####/databases/webviewCookiesChromium.db-journal
/data/data/####/cache/webviewCacheChromium/f_000015
/sdcard/SexVideo/20170126.txt
/data/data/####/shared_prefs/com.hyjt.app.android.india.preferrence.xml
/data/data/####/shared_prefs/com.hyjt.app.android.india.preferrence.xml.bak
/data/data/####/databases/webview.db-journal
/data/data/####/cache/webviewCacheChromium/f_000008
/data/data/####/cache/webviewCacheChromium/f_000001
/data/data/####/cache/webviewCacheChromium/f_000003
/data/data/####/cache/webviewCacheChromium/f_000002
/data/data/####/cache/webviewCacheChromium/f_000005
/data/data/####/cache/webviewCacheChromium/f_000004
/data/data/####/cache/webviewCacheChromium/f_000007
/data/data/####/cache/webviewCacheChromium/f_000006
/data/data/####/cache/webviewCacheChromium/f_000009
/data/data/####/files/security_info
/data/data/####/cache/webviewCacheChromium/f_000014
/data/data/####/files/local_crash_lock
/data/data/####/cache/webviewCacheChromium/index

Miscellaneous:

Contains functionality to send SMS messages automatically.

Технологии

Термины

Обучение и просвещение

Мифы

Technical information

Рекомендации по лечению

Демо бесплатно на 14 дней