Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.20
Downloads the following detected threats from the Web:
- Android.Xiny.20
Network activity:
Connecting to:
- a####.####.cn
- c####.####.fm
- d####.####.cn
- no####.####.com
- s####.####.fm
- y####.####.cn
HTTP GET requests:
- a####.####.cn/ad/boot
- c####.####.fm/radio_cover/2014/09/09/14306868144560132_160x160.jpg
- d####.####.cn/jarFile/SDKAutoUpdate/wet4.jar
HTTP POST requests:
- no####.####.com/
- s####.####.fm/v1/uploadlog
- y####.####.cn/k2?protocol=####&version=####&cid=####
Modified file system:
Creates the following files:
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/LizhiFM.db
- <Package Folder>/files/####/LizhiFM.db-journal
- <Package Folder>/files/####/config.cfg
- <Package Folder>/files/####/op.log
- <Package Folder>/files/splase_ad.json
- <Package Folder>/files/sub_app_file
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/shared_prefs/Bugsnag.xml
- <Package Folder>/shared_prefs/Bugsnag.xml.bak
- <Package Folder>/shared_prefs/UMS_session_ID_savetime.xml
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/shared_prefs/a.xml.bak
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/ums_agent_online_setting.xml
- <SD-Card>/Android/####/mobclick_agent_cached
- <SD-Card>/Download/####/4.8_wet4.jar.tmp
- <SD-Card>/dt/restime.dat
- <SD-Card>/sub/####/-1062629842
- <SD-Card>/sub/####/-1062629842.prop
- <SD-Card>/sub/####/-1241737685
- <SD-Card>/sub/####/-1693585426
- <SD-Card>/sub/####/-1812789056
- <SD-Card>/sub/####/-1984284770
- <SD-Card>/sub/####/-2040238578
- <SD-Card>/sub/####/-634366373
- <SD-Card>/sub/####/-920086126
- <SD-Card>/sub/####/-954765025
- <SD-Card>/sub/####/1233269303
- <SD-Card>/sub/####/1238090219
- <SD-Card>/sub/####/1329191891
- <SD-Card>/sub/####/667588710
- <SD-Card>/sub/####/lz.ini
- <SD-Card>/sub/####/lz_1496213075364.bin
Miscellaneous:
Executes next shell scripts:
- <dexopt>
