Technical information
Malicious functions:
Sends SMS messages:
- 12114: HZSY#<IMSI>
Network activity:
Connecting to:
- and####.####.com:8077
- mo####.####.com
- mzy####.####.com
- mzyb####.####.com
- p####.####.com
- prcha####.####.com
- yys####.####.com
HTTP GET requests:
- mzy####.####.com/20170512/8ffa6bf1-2aeb-4f26-bfd8-2fd3e70767f8-40a83bd0-...
- mzyb####.####.com/mzyb-cps/bannerInfo.service?cid=####&uuid=####&imei=##...
- p####.####.com/image/20150317/12/f1/40/v_100347390_m_601_m2_180_236.jpg
- yys####.####.com/yysd-cps/upList.service?uuid=####&imei=####&imsi=####&m...
HTTP POST requests:
- and####.####.com:8077/record-plat/seq/query.do
- mo####.####.com/mobile-service/getImsiMobilePhone.json
- prcha####.####.com/prc-has/getThirdPluginAccountInfo.json
Modified file system:
Creates the following files:
- <Package Folder>/app_workbench26700/apk.zip
- <Package Folder>/app_workbench32226/apk.zip
- <Package Folder>/cache/####/048ee6564de5cc26b375c7a56c4fc0ea.0.tmp
- <Package Folder>/cache/####/048ee6564de5cc26b375c7a56c4fc0ea.1.tmp
- <Package Folder>/cache/####/176be8d8a9f71698585994f27afe8d4e.0.tmp
- <Package Folder>/cache/####/176be8d8a9f71698585994f27afe8d4e.1.tmp
- <Package Folder>/cache/####/187b6dd5947b860973f5dde00d8b3e38.0.tmp
- <Package Folder>/cache/####/187b6dd5947b860973f5dde00d8b3e38.1.tmp
- <Package Folder>/cache/####/2d91d3ed618c33c6bb7fbe0350ce11ca.0.tmp
- <Package Folder>/cache/####/2d91d3ed618c33c6bb7fbe0350ce11ca.1.tmp
- <Package Folder>/cache/####/3531967dd507cf4929801cb7d6b1d30e.0.tmp
- <Package Folder>/cache/####/3531967dd507cf4929801cb7d6b1d30e.1.tmp
- <Package Folder>/cache/####/38cd842ba4e2010849f56f3e55998d88.0.tmp
- <Package Folder>/cache/####/38cd842ba4e2010849f56f3e55998d88.1.tmp
- <Package Folder>/cache/####/4660be9dbcd5f72ed775fb3e27713fb2.0.tmp
- <Package Folder>/cache/####/4660be9dbcd5f72ed775fb3e27713fb2.1.tmp
- <Package Folder>/cache/####/509ede89549b84b35bd1cbd418025170.0.tmp
- <Package Folder>/cache/####/509ede89549b84b35bd1cbd418025170.1.tmp
- <Package Folder>/cache/####/51e4454f98d2f1d136f34e98e9e68b4a.0.tmp
- <Package Folder>/cache/####/51e4454f98d2f1d136f34e98e9e68b4a.1.tmp
- <Package Folder>/cache/####/549e264630b44d7d49561614e2eec4d1.0.tmp
- <Package Folder>/cache/####/549e264630b44d7d49561614e2eec4d1.1.tmp
- <Package Folder>/cache/####/54fb3610409d171c9830893752bd6dce.0.tmp
- <Package Folder>/cache/####/54fb3610409d171c9830893752bd6dce.1.tmp
- <Package Folder>/cache/####/5ac90e8c7d8d144c2449df8a191eeb4a.0.tmp
- <Package Folder>/cache/####/5ac90e8c7d8d144c2449df8a191eeb4a.1.tmp
- <Package Folder>/cache/####/5fd869bf260daa139f14aea996f93c44.0.tmp
- <Package Folder>/cache/####/5fd869bf260daa139f14aea996f93c44.1.tmp
- <Package Folder>/cache/####/6473ba5f1a016688047ea0e226fc3826.0.tmp
- <Package Folder>/cache/####/6473ba5f1a016688047ea0e226fc3826.1.tmp
- <Package Folder>/cache/####/64f4de7c48d19c7a816edee1f9f754f7.0.tmp
- <Package Folder>/cache/####/64f4de7c48d19c7a816edee1f9f754f7.1.tmp
- <Package Folder>/cache/####/6d7cce037e0b9bee0d4a600c2be41803.0.tmp
- <Package Folder>/cache/####/6d7cce037e0b9bee0d4a600c2be41803.1.tmp
- <Package Folder>/cache/####/791c5944559d5978fc025bf877277a57.0.tmp
- <Package Folder>/cache/####/791c5944559d5978fc025bf877277a57.1.tmp
- <Package Folder>/cache/####/7bf4e97b39dea4617d39e852c17d8d10.0.tmp
- <Package Folder>/cache/####/7bf4e97b39dea4617d39e852c17d8d10.1.tmp
- <Package Folder>/cache/####/8123d33a38b8548600361a7aab61104f.0.tmp
- <Package Folder>/cache/####/8123d33a38b8548600361a7aab61104f.1.tmp
- <Package Folder>/cache/####/a7059b76d38d9941c38a76c6d16d6334.0.tmp
- <Package Folder>/cache/####/a7059b76d38d9941c38a76c6d16d6334.1.tmp
- <Package Folder>/cache/####/a8926cc7d80d27b25cef0effc7841179.0.tmp
- <Package Folder>/cache/####/a8926cc7d80d27b25cef0effc7841179.1.tmp
- <Package Folder>/cache/####/b74824c166156d296092903710267ac6.0.tmp
- <Package Folder>/cache/####/b74824c166156d296092903710267ac6.1.tmp
- <Package Folder>/cache/####/be30f6269556cf722ad2dd6e19e01c8d.0.tmp
- <Package Folder>/cache/####/be30f6269556cf722ad2dd6e19e01c8d.1.tmp
- <Package Folder>/cache/####/bf559b962f14adfacdcbcececf64daa1.0.tmp
- <Package Folder>/cache/####/bf559b962f14adfacdcbcececf64daa1.1.tmp
- <Package Folder>/cache/####/c4c9eb56a348973ec3ddb9e6eaaf6bb9.0.tmp
- <Package Folder>/cache/####/c4c9eb56a348973ec3ddb9e6eaaf6bb9.1.tmp
- <Package Folder>/cache/####/c7ca5b6fb4e327f1f48622afdb56b8dc.0.tmp
- <Package Folder>/cache/####/c7ca5b6fb4e327f1f48622afdb56b8dc.1.tmp
- <Package Folder>/cache/####/c93e31e3467eddf226a12ed98d54b88f.0.tmp
- <Package Folder>/cache/####/c93e31e3467eddf226a12ed98d54b88f.1.tmp
- <Package Folder>/cache/####/d8b8519ce1b86fe0c319a5164da3be07.0.tmp
- <Package Folder>/cache/####/d8b8519ce1b86fe0c319a5164da3be07.1.tmp
- <Package Folder>/cache/####/d8e2ad736cd258e942113536515b3704.0.tmp
- <Package Folder>/cache/####/d8e2ad736cd258e942113536515b3704.1.tmp
- <Package Folder>/cache/####/dbf34f7f00f32e832cb081a9af3c1453.0.tmp
- <Package Folder>/cache/####/dbf34f7f00f32e832cb081a9af3c1453.1.tmp
- <Package Folder>/cache/####/dcdac014770259ed150ffd523e164485.0.tmp
- <Package Folder>/cache/####/dcdac014770259ed150ffd523e164485.1.tmp
- <Package Folder>/cache/####/e2328ee3d70614626e68caf582681b38.0.tmp
- <Package Folder>/cache/####/e2328ee3d70614626e68caf582681b38.1.tmp
- <Package Folder>/cache/####/e612399dc4d85785fee44d05b379d538.0.tmp
- <Package Folder>/cache/####/e612399dc4d85785fee44d05b379d538.1.tmp
- <Package Folder>/cache/####/e897f3ed4f23fc67c4d324bc29d92ad8.0.tmp
- <Package Folder>/cache/####/e897f3ed4f23fc67c4d324bc29d92ad8.1.tmp
- <Package Folder>/cache/####/f13c068d3351585ca97770dcb34238f3.0.tmp
- <Package Folder>/cache/####/f13c068d3351585ca97770dcb34238f3.1.tmp
- <Package Folder>/cache/####/f2ec60fcc9818a2f8eb6081d8b87bb03.0.tmp
- <Package Folder>/cache/####/f2ec60fcc9818a2f8eb6081d8b87bb03.1.tmp
- <Package Folder>/cache/####/f3e84406342c0c061a246227b8f238a6.0.tmp
- <Package Folder>/cache/####/f3e84406342c0c061a246227b8f238a6.1.tmp
- <Package Folder>/cache/####/fb74c84167b4851a40deb702a99226d4.0.tmp
- <Package Folder>/cache/####/fb74c84167b4851a40deb702a99226d4.1.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/####/myJsFile.js
- <Package Folder>/cache/####/myTempJsFile.js
- <Package Folder>/databases/Data_sync.db-journal
- <Package Folder>/databases/recommend_app-journal
- <Package Folder>/databases/sy_pay_record-journal
- <Package Folder>/databases/sy_video_data_cache-journal
- <Package Folder>/databases/upgrade_app-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/libabc
- <Package Folder>/shared_prefs/p_config.xml
- <Package Folder>/shared_prefs/plugin_record_app_info.xml
- <Package Folder>/shared_prefs/pref_recomm.xml
- <Package Folder>/shared_prefs/pref_recomm.xml.bak
- <Package Folder>/shared_prefs/recommend.xml
- <Package Folder>/shared_prefs/time.xml
- <Package Folder>/shared_prefs/userName.xml
- <Package Folder>/shared_prefs/uuid.xml
- <SD-Card>/Android/####/com.skymobi.pay.plugin.main.data
- <SD-Card>/Android/####/com.skymobi.pay.plugin.recordupload.data
- <SD-Card>/SYPAYFILENAME/####/ISDELSMS
Miscellaneous:
Executes next shell scripts:
- <dexopt>
- cat /proc/version
