Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.DownLoader.414.origin
- Android.DownLoader.396.origin
- Android.DownLoader.348.origin
- Android.DownLoader.455.origin
Network activity:
Connecting to:
- s####.####.com
- t####.####.com
- h####.####.com
- i####.####.com
- d####.####.com
- o####.####.cn
- b####.com
- bmob-cd####.####.com
- 1####.####.com
- c####.####.com
- 2####.####.197
- a####.####.cn
- a####.####.today
- f####.####.com
- 1####.####.131:8080
- ha####.####.com
- m####.####.com
- st####.####.com
- 1####.####.214:8080
HTTP GET requests:
- s####.####.com/img/1L/Aw/2F/mk/ch/o/blank.gif
- s####.####.com/static/html5-index/widget/falls/gxhWords/gxhWords_593c278...
- s####.####.com/static/html5-index/js/zepto_14ab7a5.js
- s####.####.com/static/html5-index/falls/css/siteIcon_e4fa7bc.css
- m####.####.com/ifeed/more?tj_page=####&from=####&tn=####&page=####&id=##...
- s####.####.com/static/html5-index/widget/falls/gxhWords/gxhWords_bf8eb51...
- m####.####.com/static/img/zhilian20170101.png
- bmob-cd####.####.com/2017/03/03/8f4f2872409cb88380b6763959873fae.dex
- m####.####.com/static/img/58tongcheng40.png
- bmob-cd####.####.com/2017/05/05/92c18abe40dda53780d38edda9a43891.dex
- s####.####.com/static/img/newzx/qgtp20170518p-1.jpg
- s####.####.com/static/common/js/djlib_4547868.js
- m####.####.com/static/html5-index/js/fingerPrint_161b85b.js
- s####.####.com/static/html5-index/js/iscroll-lite4_a51bdc3.js
- 1####.####.214:8080/jfservice/a.jsp?k=####
- f####.####.com/hunter/alog/monkey.mobile.min.js
- b####.com/nocache/pdns/az.gif?_=####
- m####.####.com/static/img/shuangseqiuicon.png
- m####.####.com/hao123_api/next/widget?wid=####&tj_page=####&from=####&tn...
- s####.####.com/dmas?cmd=####&data=####&_=####&callback=####
- d####.####.com/x.gif?he=####&dm=####&v=####&li=####&rnd=####
- m####.####.com/static/img/qunaericon.png
- s####.####.com/static/img/newzx/l518-3.jpg
- s####.####.com/static/html5-index/img/guide_3ef30c4.png
- st####.####.com/tb/pms/img/st.gif?ts=####&t=####&sid=####&dv=####&page=#...
- st####.####.com/tb/pms/img/st.gif?ts=####&t=####&sid=####&ver=####&pid=#...
- m####.####.com/hao123_api/d
- m####.####.com/static/p.gif?_=####
- f####.####.com/hunter/alog/dp.csp.min.js?v=####
- 1####.####.com/a?gpa=####&qgz=####&pqb=####&qnv=####&ppr=####&ygh=####&p...
- s####.####.com/static/html5-index/widget/card/card_fcad_second/card_fcad...
- s####.####.com/static/html5-index/widget/card/card_fcad_once/card_fcad_o...
- s####.####.com/static/img/newzx/nxtp20170518-1.jpg
- m####.####.com/static/img/logo/logo150623.png
- m####.####.com/static/img/tengxun_40.png
- 1####.####.com/ug3a1ecf95f2cdf23edb4c3e83a0f166bd06acde0b36.js
- c####.####.com/sync.htm?cproid=####
- s####.####.com/static/html5-index/widget_faf3c77.js
- f####.####.com/hunter/alog/feature.min.js?v=####
- f####.####.com/hunter/alog/speed.min.js?v=####
- f####.####.com/f/3wtk.png
- s####.####.com/static/html5-index/card/js/swiper_4bb3bcc.js
- m####.####.com/static/img/souhuxin-4040.png
- 1####.####.com/givhiqk/link?c=####
- t####.####.com/cm.gif?ver=####&mid=####&uid=####
- f####.####.com/hunter/alog/element.min.js?v=####
- s####.####.com/static/img/newzx/l518-7.jpg
- m####.####.com/static/html5-index/css/base/icon_0601378.css
- m####.####.com/static/html5-index/js/detect-all_6cfe828.js
- m####.####.com/static/tj.gif?page=####&pos=####&level=####&k=####&core=#...
- s####.####.com/static/html5-index/img/guanggao1_374ef54.png
- st####.####.com/tb/pms/img/st.gif?ts=####&sid=####&ht=####&fs=####&drt=#...
- m####.####.com/static/p.gif
- 2####.####.197/action/connect/active?app_id=####&udid=####&imsi=####&net...
- m####.####.com/static/img/bowuguan2017517_f.jpg
- s####.####.com/static/html5-index/widget_f8bfc7b.css
- m####.####.com/static/img/icon/wangyi20160301.png
- s####.####.com/static/html5-index/img/group_b2e485a.png
- s####.####.com/static/common/lib/mod_75d1f98.js
- 1####.####.com/ur7e50c7dcf6cefe3d974928.js
- m####.####.com/
- f####.####.com/f/wf0215.dat
- m####.####.com/?union=####&from=####&tn=####
- s####.####.com/static/img/newzx/518lyaa.jpg
- ha####.####.com/api/searchrecom?c=####&type=####&dataType=####&pageid=##...
- f####.####.com/hunter/alog/dp.mobile.min.js?v=####
- s####.####.com/static/img/newzx/518ljaa.jpg
- f####.####.com/f/3wtp.jpg
- 1####.####.131:8080/spotService/a.jsp?k=####
- a####.####.cn/action/account/getinfo?app_id=####&udid=####&imsi=####&net...
- ha####.####.com/static/mapping/bd.php?type=####
- c####.####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
- a####.####.cn/action/connect/active?app_id=####&udid=####&imsi=####&net=...
- f####.####.com/hunter/alog/alog.min.js?v=####
- s####.####.com/static/img/newzx/jktp20170518p-1.jpg
- m####.####.com/static/tj.gif?level=####&page=####&pos=####&fp_result=###...
- h####.####.com/dianj/?u=####&ie=####&tm=####&cm=####&md=####&at=####&v=#...
- 2####.####.197/action/account/getinfo?app_id=####&udid=####&imsi=####&ne...
- m####.####.com/hao123_api/x/sync_bduss?_=####&callback=####
- m####.####.com/r/image/2017-02-21/e3d62e9d54ac945fecb4d2d22438aac9.png
- s####.####.com/static/html5-index/common/fc_ad_second_3a5b587.css
HTTP POST requests:
- a####.####.cn/action/report/error?app_id=####&udid=####&imsi=####&net=##...
- o####.####.cn/8/init
- i####.####.com/service/getIpInfo2.php
- o####.####.cn/8/find
- o####.####.cn/8/secret
- a####.####.today/v1/statistics
- a####.####.today/2/statistics/proxy
- a####.####.cn/action/user_info
Modified file system:
Creates the following files:
- <Package Folder>/shared_prefs/i_fionf_pre<IMEI>.xml.bak
- <Package Folder>/shared_prefs/c1<IMEI>.xml
- <Package Folder>/app_hola_q/s/2029223031.zf
- <Package Folder>/app_statitics/77dbb5ea41d53ada8be06a4a730b0efe
- <Package Folder>/files/CacheTime.dat
- <Package Folder>/app_hola_q/d/2029223031.dex
- <Package Folder>/app_statitics/3fb15018f0c03a72615873dfadbd789a
- <Package Folder>/shared_prefs/bmob_sp.xml
- <Package Folder>/app_statitics/c68416d228e8850396b56d7db7bf803b
- <Package Folder>/files/41495005844518.jar
- <Package Folder>/files/1495005882736o.jar
- <Package Folder>/files/41495005843566.jar
- <Package Folder>/shared_prefs/xappInfo_pre.xml.bak
- <Package Folder>/shared_prefs/i_finfo_pre<IMEI>.xml
- <Package Folder>/files/1495005942450o.jar
- <Package Folder>/app_img_dat/main.db
- <Package Folder>/databases/E_ID<IMEI>.db-journal
- <Package Folder>/app_statitics/905c5e679a512902ea9dd8aecca12f6c
- <Package Folder>/shared_prefs/a1<IMEI>.xml.bak
- <Package Folder>/databases/d.db-journal
- <Package Folder>/files/01495005882860.jar
- <Package Folder>/files/41495005881780.jar
- <Package Folder>/shared_prefs/w_base_info.xml
- <Package Folder>/files/01495005921965.jar
- <Package Folder>/shared_prefs/i_fac_pre<IMEI>.xml
- <Package Folder>/shared_prefs/a1<IMEI>.xml
- <Package Folder>/shared_prefs/xconf_pre.xml.bak
- <Package Folder>/app_statitics/fb4012b748d4b2b32e9855d726f36d21
- <Package Folder>/shared_prefs/w_report_apps.xml
- <Package Folder>/shared_prefs/i.xml
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/shared_prefs/xtrategy_pre.xml
- <Package Folder>/files/41495005942548.jar
- <Package Folder>/files/41495005921759.jar
- <Package Folder>/shared_prefs/ShowAdFlag.xml
- <Package Folder>/databases/jwall_download.db
- <Package Folder>/files/01495005942648.jar
- <Package Folder>/databases/qcut_download.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/shared_prefs/1000.xml
- <Package Folder>/files/01495005882588.jar
- <Package Folder>/shared_prefs/fcut_trategy_pre.xml
- <Package Folder>/app_b_sta/s/cache
- <Package Folder>/databases/a1.db-journal
- <Package Folder>/shared_prefs/a1.xml
- <Package Folder>/app_statitics/3eb5cde075b82b85a1aa2b72c1bd24e3
- <Package Folder>/files/01495005921878.jar
- <Package Folder>/bmob_stat_p/ij.dex
- <Package Folder>/shared_prefs/b1<IMEI>.xml.bak
- <Package Folder>/shared_prefs/bmob_sp.xml.bak
- <Package Folder>/shared_prefs/fcut_appInfo_pre.xml
- <Package Folder>/app_statitics/f10b0f2d8691e53ec0812de375a45841
- <Package Folder>/shared_prefs/d1<IMEI>.xml
- <Package Folder>/shared_prefs/c1<IMEI>.xml.bak
- <Package Folder>/shared_prefs/fcut_trategy_pre.xml.bak
- <Package Folder>/shared_prefs/xappInfo_pre.xml
- <Package Folder>/files/01495005845799.jar
- <Package Folder>/files/01495005846099.jar
- <Package Folder>/files/1495005845380o.jar
- <Package Folder>/cache/webviewCacheChromium/f_000008
- <Package Folder>/shared_prefs/fcut_info_pre.xml
- <Package Folder>/files/1495005921634o.jar
- <Package Folder>/shared_prefs/b1<IMEI>.xml
- <Package Folder>/cache/webviewCacheChromium/f_00000a
- <Package Folder>/cache/webviewCacheChromium/f_00000c
- <Package Folder>/cache/webviewCacheChromium/f_00000b
- <Package Folder>/cache/webviewCacheChromium/f_00000e
- <Package Folder>/cache/webviewCacheChromium/f_00000d
- <Package Folder>/shared_prefs/fcut_conf_pre.xml.bak
- <Package Folder>/shared_prefs/i_fionf_pre<IMEI>.xml
- <Package Folder>/shared_prefs/w_base_info.xml.bak
- <Package Folder>/files/01495005942733.jar
- <Package Folder>/databases/E_ID<IMEI>.db
- <Package Folder>/shared_prefs/xconf_pre.xml
- <Package Folder>/app_b_sta/d/-1377133417.dex
- <Package Folder>/shared_prefs/AppSettings.xml
- <Package Folder>/shared_prefs/fcut_appInfo_pre.xml.bak
- <Package Folder>/app_b_sta/s/-1377133417.zf
- <Package Folder>/app_hola_q/s/cache
- <Package Folder>/cache/webviewCacheChromium/f_000009
- <Package Folder>/files/errorLog_<Package>.txt
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/webviewCacheChromium/f_000005
- <Package Folder>/cache/webviewCacheChromium/f_000004
- <Package Folder>/cache/webviewCacheChromium/f_000007
- <Package Folder>/cache/webviewCacheChromium/f_000006
- <Package Folder>/app_statitics/0db3209e1adc6d67be435a81baf9a66e
- <Package Folder>/databases/jwall_download.db-journal
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/shared_prefs/fcut_conf_pre.xml
- <Package Folder>/shared_prefs/b.xml
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Miscellaneous:
Executes next shell scripts:
- <dexopt>
Contains functionality to send SMS messages automatically.
