Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Loki.10.origin
- Android.Loki.32.origin
Downloads the following detected threats from the Web:
- Android.Loki.10.origin
- Android.Loki.32.origin
Network activity:
Connecting to:
- 1####.####.45
- 2####.####.111
- b####.com
- face####.com
- fkdown####.####.cn
- fkse####.####.com:8080
- flying####.com
- go####.cn
- i####.####.com
- j####.####.com:8888
- lovely####.club
- por####.com
- red####.com
- twi####.com
- u####.####.com
- x####.com
- xvi####.com
- you####.com
HTTP GET requests:
- 1####.####.45/2/n/m/z/i/nmzixwcivghcvdstzpdrfwwwrotrhy/hc.yinyuetai.com/...
- 2####.####.111/7/o/u/t/j/outjkzxulfptdvuesfedbvszukrnpx/hc.yinyuetai.com...
- b####.com/
- b####.com/favicon.ico
- face####.com/favicon.ico
- fkdown####.####.cn/ad10000_0605_385_new_test_1.00.01.apk
- flying####.com/favicon.ico
- go####.cn/favicon.ico
- i####.####.com/video/mv/170609/0/b9e511fd1e2d793140db2f94479c7144_240x13...
- j####.####.com:8888/rule?p=####
- lovely####.club/favicon.ico
- por####.com/favicon.ico
- red####.com/favicon.ico
- twi####.com/favicon.ico
- u####.####.com/vd.php?prd=####&lang=####
- x####.com/favicon.ico
- xvi####.com/favicon.ico
- you####.com/favicon.ico
HTTP POST requests:
- fkse####.####.com:8080/api/updateCheck.do
Modified file system:
Creates the following files:
- <Package Folder>/cache/####/06469449dfec41531458283cf34b981ea79ffdf3dbedad1ee8148b3a06439fc9.0.tmp
- <Package Folder>/cache/####/0d1342925ed695f30a96b84ee024634fcf68f0828acf93b10dea0271499cfcc7.0.tmp
- <Package Folder>/cache/####/1032e1056cc66745ea5cd96e052e58b4c60de585ae4c65cfbc6933aa2cc300b5.0.tmp
- <Package Folder>/cache/####/121fdc1892df6b09d6287de72bbe91534caa27c11afd57276454ee9fe1ae729f.0.tmp
- <Package Folder>/cache/####/124114fe22f37386a7d15494b12f2d93b4a6409cb175979380225a58af414736.0.tmp
- <Package Folder>/cache/####/13b1b6d2f58e008cae12a767b367d7fc77972583f5d1d3348f8cfd4fa69099aa.0.tmp
- <Package Folder>/cache/####/1988b2ff8f5721a90b6254bfa11c2a6b31b3d0c1568f495f95ab7013dbe9f3da.0.tmp
- <Package Folder>/cache/####/272bf463a21e342d5f8329989933c682ca753cc7391b6eb0911893cd1c769821.0.tmp
- <Package Folder>/cache/####/27d84356998235d895fbacac7208b3bd6ff2dd7af7943c319c5e8390ef670140.0.tmp
- <Package Folder>/cache/####/3003c5594653b8d0771589fdf70381495a45955cbf8818c655c8d28d47920b76.0.tmp
- <Package Folder>/cache/####/3400d8f18e01b67cb90c0f93757c086991e05dcbc5fef9185238621ebb158667.0.tmp
- <Package Folder>/cache/####/3caf3bfca9cf2890412578f98b31f05b3913d61eeb08741701a96fdaf2595d86.0.tmp
- <Package Folder>/cache/####/478a5488f1d2693fed93ee07a346e5ba1d0d116b2e65bdf68e212c0156b4247e.0.tmp
- <Package Folder>/cache/####/669ebae8ca33bbf1b2907e6f9ba5125717d4a0df5147eed2a91dfbeeed725ece.0.tmp
- <Package Folder>/cache/####/6fdb435e8d77fe86bc49a5100d0bc16ff541bd03daeed5348220f083286f10c8.0.tmp
- <Package Folder>/cache/####/70d45fdd92cfd7059380336b67508e75f17dde2ecb617d1e8d40ee6cc8158f06.0.tmp
- <Package Folder>/cache/####/71866551c4a0bc423498d523804ee26121ea554320548ab209df922c4b5871de.0.tmp
- <Package Folder>/cache/####/792065ac7f7121415057c9190a9ad37171921ac78acdcb6db74d7ca51a056467.0.tmp
- <Package Folder>/cache/####/79ab483eb06b710b017184642242244a93bb2df01d8dca0dd56c9910732e1657.0.tmp
- <Package Folder>/cache/####/7f98ac0cad9622e6ff18e8db23323625a741e1471ad8af6835ce708048ecce6d.0.tmp
- <Package Folder>/cache/####/80ef8f39fa3a5867ad6ed8ec70d80ae4348e844cbd9b5201d5d2af9913b40580.0.tmp
- <Package Folder>/cache/####/870f1a5e4482f28fdf4645a228a8d4dd2443a1733fe0cde020392507cf1af0a4.0.tmp
- <Package Folder>/cache/####/8cb6f3ca0468c3dd004a0d6ffa0c7ae1b5f4e3790c060c79be00116a6ebe22a8.0.tmp
- <Package Folder>/cache/####/96b66daf4d6432951ea7a843937ba4824fad5315934cb8ff340d74cd136778ab.0.tmp
- <Package Folder>/cache/####/a0f3634d5f9d0321eb595f42b31e821f6fbf8856274fb4b7b008268af81615cb.0.tmp
- <Package Folder>/cache/####/ace5d961b21f9217ec0aa5bebdea98b93032d67dbca1b448122f3c726934ed91.0.tmp
- <Package Folder>/cache/####/b3908576adb48987ee0cffc61e0ce724de8bfb541a9fd7670118878f06668415.0.tmp
- <Package Folder>/cache/####/b74f936114e1720b6e2cfa16c701dd9dded01ae1444bf956ccdab100a8da28b0.0.tmp
- <Package Folder>/cache/####/b9886195523ac3c31622ff1b8735c3127d0c6f2d8feb63a35b25cb6f003f2cb6.0.tmp
- <Package Folder>/cache/####/bde263088dca67ce892ee6fed024953941ad85f435d8c13e71d38f77ba1b2e61.0.tmp
- <Package Folder>/cache/####/bf7478ad1179c8a70974195c075022beb7c8c890c6d5f6e988fe72cc5cbdede2.0.tmp
- <Package Folder>/cache/####/c32c490e3082eb3df137dec30c89a90307723fa771cae4457b3a1c9b5bdf6c83.0.tmp
- <Package Folder>/cache/####/caf978b5d4e1f58f89a3fa83013dd320fdd31cf7d7525d52e24d4743f5db196d.0.tmp
- <Package Folder>/cache/####/d76677e973b679fc7b033b642a8450d18abb71556d41b660d82e5868c69a236f.0.tmp
- <Package Folder>/cache/####/d910c423e8631c9f58bc3c67410e51ff61ece945fd52ae6daa37df3b1f1be234.0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/dbcb1da1f9b206a1515a0db1c749f622870063e3b4035e0a74852601d9bb2d32.0.tmp
- <Package Folder>/cache/####/df906287f5c220e13bb4a0eb1cec6c04deaf008bb89feccdf71a92e83a3afcd2.0.tmp
- <Package Folder>/cache/####/e32c1ad74fa01ca4d419e0f32d942ed422f4dace56cac3d287f952e8a72da80b.0.tmp
- <Package Folder>/cache/####/e7af50ffb8016cd228869bf978c6f017ee52d2d379506be8728f463f4d8803e0.0.tmp
- <Package Folder>/cache/####/eea35c06e9ddd5956bea542f4cff6a3691af2285499bc61f8c33664dc84daee2.0.tmp
- <Package Folder>/cache/####/ef15e1b6db7e84e3129c1cf5a32af684de0bec6a1b5d66f7f3b6de5d8a601c8e.0.tmp
- <Package Folder>/cache/####/f8b788f58c1f34c84e0d3268ca2f554d4331e6b90c1a28bc99cd1f8c4f505960.0.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/fankingbox/####/ad10000.apk
- <Package Folder>/fankingbox/####/ad10000.tmp
- <Package Folder>/fankingbox/####/fsdk80000.apk
- <Package Folder>/files/libbatterysaver.so
- <Package Folder>/shared_prefs/ak.salvia.sdk.xml
- <Package Folder>/shared_prefs/ak.salvia.sdk.xml.bak
- <Package Folder>/shared_prefs/alias.xml
- <Package Folder>/shared_prefs/dayupdate.xml
- <Package Folder>/shared_prefs/fanking.sdk.xml
- <Package Folder>/shared_prefs/fanking.sdk.xml.bak
- <Package Folder>/shared_prefs/fanking.strategy.sdk.xml
- <Package Folder>/shared_prefs/fksdk_pid_config.xml
- <Package Folder>/shared_prefs/preference.db.xml
- <Package Folder>/shared_prefs/preference_videos.xml
- <Package Folder>/shared_prefs/sdk_scl_pid_config.xml
- <Package Folder>/shared_prefs/static_date.xml
- <SD-Card>/.fankv7/.fankcoas
- <SD-Card>/.google_ax/<Package>
- <SD-Card>/.google_ax/arrkii.asa.sdk.db
- <SD-Card>/.google_ax/arrkii.asa.sdk.db-journal
- <SD-Card>/.google_ax/dbversion
- <SD-Card>/.googlev7/.libx2coas
Miscellaneous:
Executes next shell scripts:
- <dexopt>
