Technical information
Malicious functions:
Sends SMS messages:
- 12114: dyl#<IMEI>,<IMEI>,6000098-1-10-tcyhb_00497-0
- 12114516412: systemcGx1dG8yNTAwMjY2OTkxODc3NDM=
- 106575206321505460: dyl#<IMEI>,<IMEI>,6000098-1-10-tcyhb_00497-0
Sends data on received text messages to remote host.
Network activity:
Connecting to:
- s####.####.com
- huangda####.com
- mo####.####.com
- d####.####.cn
- r####.####.com
- col####.####.com
- p####.####.cn
- i####.####.cn
- 1####.####.160
HTTP GET requests:
- i####.####.cn/iplookup/iplookup.php?format=####
- huangda####.com/resource!resource?resTypes=####&appid=####&channel=####&...
- huangda####.com/active!activeLog.action?provider=####&clickId=####&manu=...
- r####.####.com/easemob/server.json?sdk_version=####&app_key=####&file_ve...
HTTP POST requests:
- s####.####.com/pay-sms-access//uploadSmsDetailInfo.json?
- d####.####.cn/date-app//log.service
- p####.####.cn/index.php/API
- d####.####.cn/date-app//app.service
- col####.####.com/pay-data-collect/uploadChannelNormalData.json
- col####.####.com/pay-data-collect/collectAppStartUserData.json
- s####.####.com/pay-sms-access//getAccessPayChannel.json
- mo####.####.com/mobile-service/getOpenImsiMobilePhone.json
- huangda####.com/shop/shop_upload_log
- 1####.####.160/mengxia/socalapp/devices
- d####.####.cn/date-app//crash.service
Modified file system:
Creates the following files:
- <Package Folder>/app_apCoreplugn/swqb.apk
- <Package Folder>/app_plugin_dir/com.yfbb.wqb/1.0_1/base-1.apk
- <Package Folder>/cache/swqb.apk.apk
- <Package Folder>/cache/smap.apk.apk
- <Package Folder>/databases/xUtils_http_cookie.db
- <Package Folder>/app_plugin_dir/com.yfbb.inner/1.0_1/base-1.apk
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/app_apCoreplugn/sinner.apk
- <Package Folder>/app_apCoreplugn/smap.apk
- <Package Folder>/databases/mp.db-journal
- <Package Folder>/app_plugin_dir/com.core.main.pay.plugmain/1.0_100/base-1.apk
- <Package Folder>/cache/sweb.apk.apk
- <Package Folder>/shared_prefs/sy_pay_config.xml
- <Package Folder>/app_plugin_dir/com.yfbb.wqb/1.0_1/dalvik-cache/base-1.dex
- <Package Folder>/shared_prefs/plugins.installed.xml
- <Package Folder>/databases/sy_pay_record-journal
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/com.souying.pay.xml
- <Package Folder>/app_plugin_dir/com.yfbb.web/1.0_1/dalvik-cache/base-1.dex
- <Package Folder>/databases/xUtils_http_cookie.db-wal
- <Package Folder>/app_plugin_dir/com.yfbb.inner/1.0_1/dalvik-cache/base-1.dex
- <Package Folder>/cache/sinner.apk.apk
- <Package Folder>/databases/com.core.main.pay.plugmain_sy_pay_record-journal
- <Package Folder>/files/noend.ini
- <Package Folder>/shared_prefs/pretw.xml
- <Package Folder>/shared_prefs/dispatch_log.xml
- <Package Folder>/app_apCoreplugn/ZIP/23uiusfjc.bin
- <Package Folder>/app_plugin_dir/com.core.main.pay.plugmain/1.0_100/dalvik-cache/base-1.dex
- <Package Folder>/app_plugin_dir/com.core.sms/1.0_1/dalvik-cache/base-1.dex
- <Package Folder>/app_plugin_dir/com.core.sms/1.0_1/base-1.apk
- <Package Folder>/databases/FriendMemberDB-journal
- <Package Folder>/databases/cc/cc.db-journal
- <Package Folder>/shared_prefs/device_id.xml.xml
- <Package Folder>/cache/sms.apk.apk
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/app_apCoreplugn/sweb.apk
- <Package Folder>/app_plugin_dir/com.yfbb.web/1.0_1/base-1.apk
- <Package Folder>/shared_prefs/plugins.serviceMapping.xml
- <Package Folder>/shared_prefs/TestinAgent.xml
- <Package Folder>/files/server.json
- <Package Folder>/databases/mp.db
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/app_apCoreplugn/sms.apk
- <Package Folder>/databases/cc/cc.db
- <Package Folder>/databases/xUtils_http_cookie.db-journal
- <Package Folder>/shared_prefs/com.core.main.pay.plugmain_p_config.xml
- <Package Folder>/files/config.json
- <Package Folder>/shared_prefs/twc.xml
- <Package Folder>/files/mobclick_agent_cached_<Package>10
- <Package Folder>/databases/xUtils_http_cookie.db-shm
- <Package Folder>/databases/recordInfo-journal
- <Package Folder>/shared_prefs/cpMsg.xml
Miscellaneous:
Executes next shell scripts:
- cat /sys/block/mmcblk0/device/cid
- <dexopt>
- cat /proc/version
Contains functionality to send SMS messages automatically.
