Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.78.origin
Network activity:
Connecting to:
- a####.####.cn
- a####.####.com
HTTP GET requests:
- a####.####.com/ad/20170516/201705161425794.png
- a####.####.com/ad/20170511/20170511110923.png
- a####.####.cn/is/init.jsp?appid=####
- a####.####.com/ad/20170516/201705161425316.apk
- a####.####.com/ad/20170511/201705111719207.png
- a####.####.com/ad/20170511/201705111110776.apk
- a####.####.cn/push/init.jsp?appid=####
HTTP POST requests:
- a####.####.cn/is/info.jsp
- a####.####.cn/is/click.jsp
- a####.####.cn/is/init.jsp
- a####.####.cn/app/down.jsp
- a####.####.cn/is/show.jsp
Modified file system:
Creates the following files:
- <Package Folder>/files/ycom
- <Package Folder>/databases/vscom.db
- <Package Folder>/shared_prefs/_dtnum.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/files/wchaogaoqingmeinvdongtaibizhi.jar
- <Package Folder>/shared_prefs/_duazh.xml.bak
- <Package Folder>/shared_prefs/_spturn.xml
- <Package Folder>/shared_prefs/_duazh.xml
- <Package Folder>/databases/vscom.db-journal
Miscellaneous:
Executes next shell scripts:
- chmod 777 /storage/emulated/0/download/ofile//201705161425316.apk.tmp
- chmod 777 /storage/emulated/0/download/ofile//201705111110776.apk.tmp
- <dexopt>
Contains functionality to send SMS messages automatically.
