Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.20
Downloads the following detected threats from the Web:
- Android.Xiny.20
Network activity:
Connecting to:
- a####.####.com
- d####.####.cn
- mo####.####.com
- s####.####.com
HTTP GET requests:
- d####.####.cn/jarFile/SDKAutoUpdate/newmon.jar
- mo####.####.com/ads/pa/8/__pasys_remote_banner.php?bdr=####&os=####&v=##...
HTTP POST requests:
- a####.####.com/app_logs
- s####.####.com/cw/interface!u2.action?protocol=####&version=####
Modified file system:
Creates the following files:
- /data/system/####/wallpaper
- <Package Folder>/app_baidu_ad_sdk/__xadsdk__remote__final__0fbb12fd-a6f2-4fb5-8bb4-3e42144d45e8.jar
- <Package Folder>/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar
- <Package Folder>/app_baidu_ad_sdk/__xadsdk__remote__final__ca790775-a421-4a0f-956e-6eb7482ec4d9.jar
- <Package Folder>/app_database/####/http_mobads.baidu.com_0.localstorage-journal
- <Package Folder>/app_database/####/http_mobads.baidu.com_0.localstorage-journal (deleted)
- <Package Folder>/app_database/ApplicationCache.db-journal (deleted)
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/index
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal (deleted)
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/.imprint
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/W_Key.xml.bak
- <Package Folder>/shared_prefs/__x_adsdk_agent_header__.xml
- <Package Folder>/shared_prefs/__xadsdk_downloaded__version__.xml
- <Package Folder>/shared_prefs/cdata.xml
- <Package Folder>/shared_prefs/com.baidu.mobads.loader.xml
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/wallpaper_prefs.xml
- <SD-Card>/Download/####/3.7_newmon.jar.tmp
- <SD-Card>/cw/assetstime.dat
Miscellaneous:
Executes next shell scripts:
- <dexopt>
