Android.Packed.24644

Technical information

Malicious functions:

Executes code of the following detected threats:

Android.SmsSpy.3832

Downloads the following detected threats from the Web:

Android.SmsSpy.3832

Network activity:

Connecting to:

1####.####.238
1####.####.238:8977
1####.####.56
1####.####.56:9039
d####.####.cn
d####.####.com
d####.####.com:8083
i####.####.com

HTTP GET requests:

1####.####.238/dex/ldsource.bin
1####.####.238:8977/dex/version.txt
1####.####.56/gamesit/jysdk/inix
1####.####.56:9039/gamesit/jysdk/initsdk?os_info=####&os_model=####&net_...
i####.####.com/service/getIpInfo2.php?ip=####

HTTP POST requests:

d####.####.cn/wmwkupdate/WMADUpdate
d####.####.com/
d####.####.com/mmsdk/mmsdk?func=####&appkey=####&channel=####&code=####
d####.####.com/wimipay/getPhoneUrl
d####.####.com:8083/

Modified file system:

Creates the following files:

<Package Folder>/EOZTzhVG.jar
<Package Folder>/app_dex/classes.jar
<Package Folder>/cache/####/data_0
<Package Folder>/cache/####/data_1
<Package Folder>/cache/####/data_2
<Package Folder>/cache/####/data_3
<Package Folder>/cache/####/index
<Package Folder>/databases/database-journal
<Package Folder>/databases/lepeng.db-journal
<Package Folder>/databases/milipay_sms_one.db
<Package Folder>/databases/milipay_sms_one.db-journal
<Package Folder>/databases/paycard
<Package Folder>/databases/paycard-journal
<Package Folder>/databases/utopay.db
<Package Folder>/databases/utopay.db-journal
<Package Folder>/databases/webview.db-journal
<Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
<Package Folder>/files/####/libcrypt_sign.so
<Package Folder>/files/####/libcryptooperad.so
<Package Folder>/files/####/libdsms.so
<Package Folder>/files/####/libhunt.so
<Package Folder>/files/####/libkjOnlinePay.so
<Package Folder>/files/####/libn0base.so
<Package Folder>/files/####/libus.so
<Package Folder>/files/28419B5C4AA334C3655D5AF1901AB735.jar
<Package Folder>/files/actlxd0
<Package Folder>/files/actlxd3
<Package Folder>/files/actlxd4
<Package Folder>/files/evnlxd1
<Package Folder>/files/syslxd2
<Package Folder>/hunt.conf
<Package Folder>/libus.lock
<Package Folder>/shared_prefs/<Package>_preferences.xml
<Package Folder>/shared_prefs/<Package>_preferences.xml.bak
<Package Folder>/shared_prefs/<Package>_preferences.xml.bak (deleted)
<Package Folder>/shared_prefs/WebViewSettings.xml
<Package Folder>/shared_prefs/Wimipay_System.xml
<Package Folder>/shared_prefs/iapppay_config.xml
<Package Folder>/shared_prefs/jmsdk.dat.xml
<Package Folder>/shared_prefs/jmsdk.dat.xml.bak
<Package Folder>/shared_prefs/lxdMoblieAgent_config_<Package>.xml
<Package Folder>/shared_prefs/lxdMoblieAgent_event_<Package>.xml
<Package Folder>/shared_prefs/lxdMoblieAgent_state_<Package>.xml
<Package Folder>/shared_prefs/lxdMoblieAgent_sys_config.xml
<Package Folder>/shared_prefs/lxdMoblieAgent_sys_config.xml.bak
<Package Folder>/shared_prefs/lxdMoblieAgent_upload_<Package>.xml
<Package Folder>/shared_prefs/lxdMoblieAgent_upload_<Package>.xml.bak
<Package Folder>/shared_prefs/phoneInfo.xml
<Package Folder>/shared_prefs/statistics_soft_list_time.xml
<Package Folder>/shared_prefs/util_preference.xml
<Package Folder>/shared_prefs/version.dat.xml
<Package Folder>/shared_prefs/zhangpay_share.xml
<Package Folder>/shared_prefs/zhangpay_share.xml.bak
<Package Folder>/shared_prefs/zhangpay_sms_info.xml
<SD-Card>/Android/####/.nomedia
<SD-Card>/iapppay/####/statistics.log (deleted)

Miscellaneous:

Executes next shell scripts:

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
<dexopt>

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта

Скачать с Google Play

Завантажте
Dr.Web для Android

Безкоштовно на 3 місяці
Всі компоненти захисту
Подовження демо в
AppGallery/Google Pay

Технології

Терміни

Навчання

Міфи

Technical information

Рекомендации по лечению

Демо бесплатно на 14 дней