Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Triada.170
- Android.Triada.247.origin
- Android.Triada.248.origin
Downloads the following detected threats from the Web:
- Android.Triada.170
- Android.Triada.247.origin
- Android.Triada.248.origin
Network activity:
Connecting to:
- 6####.####.140
- a####.####.com
- adse####.####.com
- g####.####.com
- h####.####.com
- i####.####.com
- mo####.####.com
HTTP GET requests:
- 6####.####.140/ando/i/mon?k=####&d=####
- adse####.####.com/resource/image/appx_logo.9.png
- g####.####.com/img/1/640_100/233836730947c1f92c01028ca2168001.jpg
- h####.####.com/wisegame/pic/item/9f039245d688d43f10fe740b7b1ed21b0ff43bf...
- i####.####.com/ando-res/ads/0/9/837ec120-ccf8-4ad0-b6fd-1303ff645eca/773...
- mo####.####.com/item?docid=####
HTTP POST requests:
- a####.####.com/ad-service/ad/mark
- a####.####.com/api.ashx
- a####.####.com/app_logs
- a####.####.com/log4
Modified file system:
Creates the following files:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/index
- <Package Folder>/code-630197/####/BXfDoTp0H9s=.jar
- <Package Folder>/code-630197/FJr2yvpsdqVLQaVJ
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_JBY570hPAdilWvWRzgARYn_NoOc=
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_JBY570hPAdilWvWRzgARYn_NoOc=-journal
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_eBWcELImoZxzDgwF
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_eBWcELImoZxzDgwF-journal
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_na8te4NrbGbSo8ukOUJYEg==
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_na8te4NrbGbSo8ukOUJYEg==-journal
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_xZshcDJ0MiJU2YUoxvo3AQ==
- <Package Folder>/databases/i6SbZP2nznXh6rWVEXXMEX7zcw_nKqnm_xZshcDJ0MiJU2YUoxvo3AQ==-journal
- <Package Folder>/databases/sharesdk.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/013a9b45-eb91-4435-98bd-6fd05246a975.res
- <Package Folder>/files/####/0f7613b2-6ed2-49a5-8acd-ff0c502bbf11.res.temp
- <Package Folder>/files/####/39711cbd-5826-4593-a6c4-1a9a8a197fad.res.temp
- <Package Folder>/files/####/3Zrcw3DzJM1e_RGZVgzxUvEHWMJP_i5s.new
- <Package Folder>/files/####/4a6b01d3-49b0-44e0-a529-1852b11fde7d.res.temp
- <Package Folder>/files/####/5R30lJnEbDog9AknQyg75WVPhYkpjZ2h0jHeZQ==.new
- <Package Folder>/files/####/6grs_ULjSbciCx52iMTrRL6bJ9EXla6_.new
- <Package Folder>/files/####/8ff8e89a-e892-4ba6-a784-3bc4d694ef46.res.temp
- <Package Folder>/files/####/95691c47-4796-4bd1-8e42-ee1ea2fd65de.res.temp
- <Package Folder>/files/####/Lb-DH78s6tUU4wLcILllodoTEs4=
- <Package Folder>/files/####/Lb-DH78s6tUU4wLcILllodoTEs4=.new
- <Package Folder>/files/####/Q9KrDGrhC6lx71SuleWcTKGLYZHeNz9PeSLCDQ==.new
- <Package Folder>/files/####/S2liZNO_c1gryyCmZsUBEA==
- <Package Folder>/files/####/SD5oyfo6AncqN_YtKUt_dyfbS5M=.new
- <Package Folder>/files/####/STbv122KxELjdjBqhfdrbNZDoMXsezlM.new
- <Package Folder>/files/####/ViLLqp5zrV1J_Mvf2xQ5xA==
- <Package Folder>/files/####/ViLLqp5zrV1J_Mvf2xQ5xA==.new
- <Package Folder>/files/####/ViLLqp5zrV1J_Mvf2xQ5xA==.old (deleted)
- <Package Folder>/files/####/X-v5V-oJ79HMoJCHL9DhxRaVCeA=
- <Package Folder>/files/####/X-v5V-oJ79HMoJCHL9DhxRaVCeA=.new
- <Package Folder>/files/####/X-v5V-oJ79HMoJCHL9DhxRaVCeA=.old (deleted)
- <Package Folder>/files/####/a1O4KgmYkVqRRMzJVlkkCtTRedykU2B9nFHEOQ==.new
- <Package Folder>/files/####/a680e527-5dc3-4d81-9f99-5ca91889e4bd.res.temp
- <Package Folder>/files/####/b9877195-562b-488e-9c51-f242bafb5366.res.temp
- <Package Folder>/files/####/bbgYCf2fC__q-9kZ6306xA==.new
- <Package Folder>/files/####/c10117e5-d687-423d-b037-7f51f5277942.res.temp
- <Package Folder>/files/####/cfTyeE4sbYJqb_LULxPw0gOXM_mLsWpqEg9TIrUmg2g=.new
- <Package Folder>/files/####/d31a6bed-d6bd-4bda-a362-f0a26f765261.res.temp
- <Package Folder>/files/####/data.dat.tmp
- <Package Folder>/files/####/db943587-4d67-4b35-ae03-da8ac3e80671.res.temp
- <Package Folder>/files/####/e32ea370-948c-4ebc-9511-5d405e4bc8b9.res.temp
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/f7335f86-ddb3-4f89-a10b-bf168d68b052.res.temp
- <Package Folder>/files/####/f8635d63-4415-4b47-8300-e5c801895c3a.res
- <Package Folder>/files/####/hKdUkhUCpXgzMhe14m80_STQupQ=.temp
- <Package Folder>/files/####/hu8OlRD-NvReGGQPr5XJ7s5CGeyzQy49.new
- <Package Folder>/files/####/jy5xFzfe2S3eW6ceBOmYIcKPuaQ=
- <Package Folder>/files/####/jy5xFzfe2S3eW6ceBOmYIcKPuaQ=.new
- <Package Folder>/files/####/kBffSP6D-gg8Qzoh36riXg==
- <Package Folder>/files/####/kBffSP6D-gg8Qzoh36riXg==.new
- <Package Folder>/files/####/kiRPraWeyI_rTikUlGszoSngtuN0cYjz.new
- <Package Folder>/files/####/lI7Ox_ICKGXFhCj9-vXaWNJtD8xSVvy5
- <Package Folder>/files/####/lI7Ox_ICKGXFhCj9-vXaWNJtD8xSVvy5.new
- <Package Folder>/files/####/runner_info.prop
- <Package Folder>/files/####/runner_info.prop.new
- <Package Folder>/files/####/suLS0w712Alz_jfFMETDjQ==
- <Package Folder>/files/####/suLS0w712Alz_jfFMETDjQ==.new
- <Package Folder>/files/####/suLS0w712Alz_jfFMETDjQ==.old (deleted)
- <Package Folder>/files/####/t2eqX3z8gvXZNId7Uo2umAHkvjPtX-v-eXJntg==.new
- <Package Folder>/files/####/tkzdvq_f.zip
- <Package Folder>/files/####/u6X0jGoauf1uG8rr.zip
- <Package Folder>/files/####/v57eMlEzC197OUZY
- <Package Folder>/files/####/w3A_I3sgpo4bOtUrvS4gCgwfuSw=.temp
- <Package Folder>/files/####/wCd4f7-HJcvluqWbahmQwGHuZzI=
- <Package Folder>/files/####/yPMQNR7gZINBjzObhnOLrg7Kchw=
- <Package Folder>/files/####/yTeD0bwrudcqqpZDytAsQ4UTCqi56UyWwdo6G-q_7OQ=.new
- <Package Folder>/files/####/yoGyvJqVMBZxAyW5.new
- <Package Folder>/files/####/z3SkrIAwhrSfr5fS2Uyf5vJwvtOUC4BEOpW05ZhaWvw=.new
- <Package Folder>/files/####/zsYxRPwhXoErMitUL4i1q9__F2Ih2NqP.new
- <Package Folder>/files/.imprint
- <Package Folder>/files/exid.dat
- <Package Folder>/files/rdata_comcdbapp.new
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/bmob_sp.xml
- <Package Folder>/shared_prefs/jg_app_update_settings_random.xml
- <Package Folder>/shared_prefs/share_sdk_0.xml
- <Package Folder>/shared_prefs/share_sdk_0.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.armsd/####/51084241-1561-4459-80b8-a08271a518f7.res
- <SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- <SD-Card>/.armsd/####/5bc3a441-8add-48b3-badb-9ab35eaef35b.res
- <SD-Card>/.armsd/####/637f4c74-2635-447a-95d2-a07d7e2313ca.res
- <SD-Card>/.armsd/####/6765732b-a514-4696-a505-ca97dc8973d9.res
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- <SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
- <SD-Card>/.armsd/####/a259d1e8-7b79-40cd-8c40-a51025b901ae.res
- <SD-Card>/.armsd/####/c3096469-fb19-4f8d-9b2d-b9d4a158f3fd.res
- <SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
- <SD-Card>/.env/.uunique.new
- <SD-Card>/Android/####/0640ab5325d864959dd9c8e64d31adc9.png
- <SD-Card>/Android/####/16311cc1dbf95f8e2ef24f42cd97d34d.png
- <SD-Card>/Android/####/67cbf5ce6295d082f8238107885c072a.png
- <SD-Card>/Android/####/Appwallf4deb095f44865d7d201e9fb2aafd316.jpg
- <SD-Card>/Android/####/Banner9704ad2ea3075d1e842c9b5d88af6211.jpg
- <SD-Card>/ImageCache/CloseIcon.png
- <SD-Card>/ImageCache/CornerIcon.png
- <SD-Card>/ImageCache/DownloadIcon.png
- <SD-Card>/ImageCache/ResourceVersion
- <SD-Card>/ShareSDK/.ba
- <SD-Card>/ShareSDK/.dk
- <SD-Card>/baidu/.cuid
Miscellaneous:
Executes next shell scripts:
- /data/data/com.cdjssq.app/code-630197/FJr2yvpsdqVLQaVJ -p com.cdjssq.app -c com.cdb.app.vvncva.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <dexopt>
- chmod 755 /data/data/com.cdjssq.app/.jiagu/libjiagu.so
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- sh <Package Folder>/code-630197/FJr2yvpsdqVLQaVJ -p <Package> -c com.cdb.app.vvncva.a.a.d.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
Uses special library to hide executable bytecode.
