Technical information
Malicious functions:
Sends SMS messages:
- 1069099903306: ####
Downloads the following detected threats from the Web:
- Android.Packed.19209
Sends data on received text messages to remote host.
Network activity:
Connecting to:
- sdku####.####.com
- d####.####.net:8080
- mo####.####.com
- d####.####.net:6677
- collec####.####.com
- v####.####.cn
- col####.####.com
- yys####.####.com
- 1####.####.com
- c####.####.com
- a####.####.com:8700
- d####.####.net
- b####.####.cn
- mmy####.####.com
- i####.####.cn
- b####.####.net:5050
- vide####.####.cn
- a####.####.com
- priceru####.####.com
HTTP GET requests:
- b####.####.cn/ad/impress?impressId=####&traceId=####&inAId=####&wPltId=####&wPltAdId=####&wPr=####
- vide####.####.cn/maolijianpdsmtj14.jpg
- 1####.####.com/ic.asp
- mmy####.####.com/mmys-cps/bannerInfo.service?showStyle=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&a...
- mmy####.####.com/mmys-cps/adVideo.service?uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&appId=####&dcVersio...
- a####.####.com/9674dd7a8c3b4443bd8297bbea7f7063.png
- c####.####.com/delivery/lg.php?cppv=####&cpp=####&z=####
- i####.####.cn/iplookup/iplookup.php?format=####
- v####.####.cn/20170104/553b1983-5f68-41ca-a897-fd18511950f0-HMPD10014_clip.mp4
- vide####.####.cn/20170309/9e1b2291-c37e-455f-a4ac-35f846adc72a-aqsh00002jp-4.jpg
- mmy####.####.com/mmys-cps/styleTopChlVideo.service?pageNo=####&pageSize=####&showStyle=####&rv=####&uuid=####&imei=####&imsi=####&manufacturer=####&mo...
- a####.####.com/dae1bd5b6a074a0b8c3004b38a5cfaff.jpg
- d####.####.net:8080/appstore/pri/5403ddd6ecda4977b0ac92526095b12a.apk
- a####.####.com/f915386dd45f40e7b02ead81d2fcae05.png
- a####.####.com/fe039a53d6694e2c8ca6b3d240eefcf8.jpg
- a####.####.com/7f3926110391408b84f4958e37d92507.jpg
- a####.####.com/1b9e0364faf6490b83e90dd4a1d6c733.jpg
- vide####.####.cn/20170309/d498add5-9b9f-4ec2-b2df-69460d670333-blk00305jp-5.jpg
- d####.####.net/edt_r
- a####.####.com/b0f17a73e0b24f61a29890207440b8f6
- vide####.####.cn/FmqvYTmmNyg3G5c8XR17J0fsiUNy.jpg
- mmy####.####.com/mmys-cps/runInfo.service?uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&appId=####&dcVersio...
- a####.####.com/c21dcb669d6149c79bf319a14eda5bb4.jpg
- priceru####.####.com/price-rule-cmp/rule/matchRule?version=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=##...
- yys####.####.com/yysd-cps/plugSwitch.service?&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&appId=####&dcVe...
- d####.####.net/106001?enc=####
- yys####.####.com/yysd-cps/upList.service?uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&appId=####&dcVersion...
- vide####.####.cn/20170208/a0763c67-908d-4e3f-b0ed-34a1eb38559b-1hbad00349jp-7.jpg
- a####.####.com/b3b00a4e0ecf4b23ada3e55616be2238
- a####.####.com/af28746dd8ce4525b929e0d167f6da30
- vide####.####.cn/maolijianpdsmtj30.jpg
- a####.####.com/125f0a7e78ab4a57b6ef0075fcd56bac.apk
- vide####.####.cn/maolijianpdsmtj24.jpg
- vide####.####.cn/20170208/f597f12e-63ad-409c-81a1-27b828b0023c-juy00079jp-3.jpg
HTTP POST requests:
- a####.####.com/
- yys####.####.com/yysd-cps//wapRecommend.service?
- col####.####.com/stats.service
- b####.####.net:5050/
- mmy####.####.com/mmys-cps/userVisit.service?uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&appId=####&dcVers...
- d####.####.net/
- mo####.####.com/mobile-service/getImsiMobilePhone.json
- mmy####.####.com/mmys-cps/lookVideoStat.service?videoId=####&isRmd=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&di...
- d####.####.net:6677/
- collec####.####.com/pay-data-collect/collectAppBehavioralData.json
- mmy####.####.com/mmys-cps/userActivation.service?uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&appId=####&d...
- sdku####.####.com/dynamicpay//getSyFormalChannels.json?
- a####.####.com:8700/
- sdku####.####.com/sdk-update/sdkUpdateCdnUpload.json
Modified file system:
Creates the following files:
- /sdcard/.4d02db8e14eeb9f/1485418119233/abc/1485418119233_r1.app
- /data/data/####/cache/picasso-cache/03d6d5cd1533124ed984fabd6abab94b.0.tmp
- /data/data/####/cache/picasso-cache/03d6d5cd1533124ed984fabd6abab94b.1.tmp
- /data/data/####/files/dlook
- /sdcard/.5a4708d2c00324b9f216117c70233831
- /data/data/####/cache/picasso-cache/8ad60c81a23d5773a663e3c94e761777.1.tmp
- /data/data/####/databases/p_db
- /data/data/####/cache/picasso-cache/d00006e4891ff6726b36456cff5b158c.1.tmp
- /data/data/####/shared_prefs/global_count.xml.bak
- /data/data/####/shared_prefs/initdata_stats.xml.bak
- /sdcard/SAdAssetsAX/game.properties
- /sdcard/.s_d_p/.im
- /data/data/####/files/5db41373305ab24f/0a601811-8c21-4c21-b0ec-a62ac2b99815.zip
- /data/data/####/cache/picasso-cache/f7d5d0ca02a055fa53135d18c7d1ed7e.0.tmp
- /data/data/####/cache/picasso-cache/ea096016ad044929e85be5af4d84a496.1.tmp
- /data/data/####/shared_prefs/recommend.xml
- /data/data/####/shared_prefs/time.xml
- /data/data/####/files/arte
- /data/data/####/shared_prefs/ds_configer.xml
- /data/data/####/shared_prefs/trigger_recorder.xml.bak
- /data/data/####/files/f6.c
- /data/data/####/cache/picasso-cache/7ae335b120437bb57eb9669759237283.1.tmp
- /data/data/####/cache/picasso-cache/3aa20c9a586b11a1219d471577340c24.0.tmp
- /data/data/####/cache/picasso-cache/54a2270ff8fd9f8a95a38247316e5e06.0.tmp
- /data/data/####/cache/picasso-cache/11223d7e78db6d7671fa19d382e8ed1d.0.tmp
- /data/data/####/shared_prefs/ADS_UNI_MAN_FN.xml
- /data/data/####/databases/sy_pay_record-journal
- /data/data/####/shared_prefs/pt.xml
- /data/data/####/cache/picasso-cache/e6428c4456b35d919e635e743e2fee4c.0.tmp
- /data/data/####/cache/picasso-cache/7ae335b120437bb57eb9669759237283.0.tmp
- /data/data/####/shared_prefs/uuid.xml
- /data/data/####/files/attd/loo/liblive.so
- /data/data/####/files/1485418126658/1485418126658.zip
- /data/data/####/cache/picasso-cache/d327daeccb37a9fcc5ea29d4fbcf083a.0.tmp
- /data/data/####/cache/picasso-cache/a77fd25cb5e366f6de339be8a1c8875d.1.tmp
- /data/data/####/databases/webview.db-journal
- /data/data/####/shared_prefs/global_count.xml
- /data/data/####/shared_prefs/ADS_UNI_FN.xml.bak
- /data/data/####/cache/picasso-cache/5a50a58a4c8e3d3591299675a5a9b1f0.1.tmp
- /data/data/####/databases/p_db-journal
- /data/data/####/cache/picasso-cache/9a4583b0a5afb62b583671e7c86ccded.0.tmp
- /sdcard/SAdAssetsAX/game20150817.apk
- /data/data/####/cache/picasso-cache/54a2270ff8fd9f8a95a38247316e5e06.1.tmp
- /data/data/####/cache/picasso-cache/e356f9a5fe61436ba5de85a92787d6b9.0.tmp
- /data/data/####/databases/com_ex_ads.db-journal
- /data/data/####/shared_prefs/initdata_stats.xml
- /data/data/####/cache/picasso-cache/9a4583b0a5afb62b583671e7c86ccded.1.tmp
- /data/data/####/cache/picasso-cache/571c0e50e3d4182a89a92208aa7d3486.1.tmp
- /data/data/####/cache/picasso-cache/e6428c4456b35d919e635e743e2fee4c.1.tmp
- /data/data/####/databases/statistics_db-journal
- /data/data/####/cache/picasso-cache/d00006e4891ff6726b36456cff5b158c.0.tmp
- /sdcard/SYPAYFILENAME/CACHE/SMSCACHE/ISDELSMS
- /data/data/####/files/attd/loo/arte
- /data/data/####/databases/sy_video_data_cache-journal
- /data/data/####/shared_prefs/p_config.xml
- /data/data/####/cache/picasso-cache/e356f9a5fe61436ba5de85a92787d6b9.1.tmp
- /data/data/####/shared_prefs/config_ad.xml.bak
- /data/data/####/shared_prefs/ADS_UNI_MAN_FN.xml.bak
- /data/data/####/shared_prefs/trigger_recorder.xml
- /data/data/####/shared_prefs/REPORT_URL.xml
- /data/data/####/cache/picasso-cache/8cde47b81ff3592d609a91a6fcb1dc5a.0.tmp
- /data/data/####/files/gaClientId
- /sdcard/.4d02db8e14eeb9f/1485418119233/abc/1485418119233_r1.tmp
- /data/data/####/databases/recommend_app-journal
- /data/data/####/cache/picasso-cache/5a50a58a4c8e3d3591299675a5a9b1f0.0.tmp
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/cache/picasso-cache/ea096016ad044929e85be5af4d84a496.0.tmp
- /sdcard/.4d02db8e14eeb9f/com.kert.porn/abc/com.kert.porn_r1.tmp
- /data/data/####/shared_prefs/config_ad.xml
- /data/data/####/databases/DATA_MF_CFG-journal
- /data/data/####/databases/google_analytics_v2.db-journal
- /data/data/####/cache/picasso-cache/f7d5d0ca02a055fa53135d18c7d1ed7e.1.tmp
- /data/data/####/cache/picasso-cache/8cde47b81ff3592d609a91a6fcb1dc5a.1.tmp
- /data/data/####/cache/picasso-cache/11223d7e78db6d7671fa19d382e8ed1d.1.tmp
- /data/data/####/databases/statistics_db
- /data/data/####/shared_prefs/ADS_UNI_FN.xml
- /data/data/####/cache/picasso-cache/d327daeccb37a9fcc5ea29d4fbcf083a.1.tmp
- /data/data/####/shared_prefs/config_switch.xml
- /data/data/####/cache/picasso-cache/ac51ed24de6be964c301b29059da5144.0.tmp
- /data/data/####/cache/picasso-cache/ac51ed24de6be964c301b29059da5144.1.tmp
- /data/data/####/cache/picasso-cache/8ad60c81a23d5773a663e3c94e761777.0.tmp
- /data/data/####/cache/picasso-cache/571c0e50e3d4182a89a92208aa7d3486.0.tmp
- /data/data/####/shared_prefs/ad_config.xml
- /data/data/####/cache/picasso-cache/a77fd25cb5e366f6de339be8a1c8875d.0.tmp
- /data/data/####/files/dio.d
Sets the 'executable' attribute to the following files:
- /data/data/####/files/arte
- /data/data/####/files/dio.d
- /data/data/####/files/f6.c
Miscellaneous:
Executes next shell scripts:
- sh
Contains functionality to send SMS messages automatically.
