Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.1.origin
Network activity:
Connecting to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.s####.1####.com:8088
- TCP(TLS/1.0) co####.a####.a####.####.com:443
DNS requests:
- co####.in####.com
- en.sno####.1####.com
HTTP POST requests:
- api.s####.1####.com:8088/ping
Modified file system:
Creates the following files:
- /data/data/####/com.adflash.pcleaner_preferences.xml
- /data/data/####/com.im.keyValueStore.aes_key_store.xml
- /data/data/####/com.im.keyValueStore.config_store.xml
- /data/data/####/com.im.keyValueStore.sdk_version_store.xml
- /data/data/####/com.im_7.1.0.db
- /data/data/####/com.im_7.1.0.db-journal
- /data/data/####/db_snowfox.db
- /data/data/####/db_snowfox.db-journal
- /data/data/####/lib.dat
- /data/data/####/middlaaaaaselayer.jar
- /data/data/####/snowfox_safe_qkV3.jar
- /data/data/####/snowfoxad_msg.db
- /data/data/####/snowfoxad_msg.db-journal
- /data/data/####/snowfoxprf.xml
- /data/data/####/webview.db-journal
- /data/media/####/imei.txt
- /data/media/####/ua.dat
Miscellaneous:
Executes next shell scripts:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- RSA-ECB-nopadding
Uses the following algorithms to decrypt data:
- AES
- AES-CBC-PKCS7Padding
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
