Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.122.origin
Network activity:
Connecting to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.peiz####.cn.####.com:5285
- TCP(HTTP/1.1) b.yunj####.cn:5284
DNS requests:
- a####.peiz####.cn
- b.yunj####.cn
HTTP GET requests:
- a####.peiz####.cn.####.com:5285/AppDownLoad/apk/downloadAPK?appId=####
HTTP POST requests:
- b.yunj####.cn:5284/android.frontserver/pcsvc
Modified file system:
Creates the following files:
- <Package Folder>/app_buntutu/kb_idle.ini
- <Package Folder>/files/####/b.d
- <Package Folder>/files/####/cb.d
- <Package Folder>/files/####/cbn.d
- <Package Folder>/files/####/cbn_d.d
- <Package Folder>/files/####/cbs.d
- <Package Folder>/files/####/d_h_d.d
- <Package Folder>/files/####/lt.d
- <Package Folder>/files/####/pcn.d
- <Package Folder>/files/####/pcs.d
- <Package Folder>/files/####/pgb.d
- <Package Folder>/files/####/wx.d
- <Package Folder>/files/####/zfb.d
- <Package Folder>/shared_prefs/mm_nw_app.xml
- <SD-Card>/buntutu/####/AEE69129416B4F5D.jar.i
- <SD-Card>/buntutu/####/AEE69129416B4F5Dwh.jar
- <SD-Card>/buntutu/1B3A2967E5FD862EFD957606C65C8122
- <SD-Card>/buntutu/30592A6B8B0C769E3F7FDE6E1A033DF5
- <SD-Card>/buntutu/D99494BB10D048C393648C204AF8AA38
- <SD-Card>/buntutu/buntutu.jaru
- <SD-Card>/buntutu/kb_idle.ini
- <SD-Card>/buntutu/kb_sn.ini
Miscellaneous:
Executes next shell scripts:
- /system/bin/cat /proc/cpuinfo
- cat /sys/block/mmcblk0/device/cid
Loads the following dynamic libraries:
- 23EDB
- BF5B0
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Displays its own windows over windows of other applications.
