Technical information
Malicious functions:
Executes code of the following detected threats:
- Adware.Dowgin.3.origin
- Android.DownLoader.675.origin
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) an.ca.15####.cn:80
- TCP s1.u####.com:7702
- TCP s1.u####.com:7701
DNS requests:
- a####.bj.bc####.com
- an.ca.15####.cn
- s1.u####.com
- s2.u####.com
HTTP POST requests:
- an.ca.15####.cn//182371730a/zia
File system changes:
Creates the following files:
- /data/data/####/1553298209129si.jar
- /data/data/####/1553298209231si.jar
- /data/data/####/1553298210842si.jar
- /data/data/####/1553298211611si.jar
- /data/data/####/1553298211623si.jar
- /data/data/####/1553298214363si.jar
- /data/data/####/1553298214445si.jar
- /data/data/####/1553298216171si.jar
- /data/data/####/1553298216189si.jar
- /data/data/####/1553298216765si.jar
- /data/data/####/1553298219121si.jar
- /data/data/####/1553298219233si.jar
- /data/data/####/1553298219941si.jar
- /data/data/####/1553298220962si.jar
- /data/data/####/1553298220981si.jar
- /data/data/####/1553298221868si.jar
- /data/data/####/1553298223523si.jar
- /data/data/####/1553298223552si.jar
- /data/data/####/1553298224553si.jar
- /data/data/####/1553298224565si.jar
- /data/data/####/1553298228215si.jar
- /data/data/####/1553298228311si.jar
- /data/data/####/1553298229561si.jar
- /data/data/####/1553298230115si.jar
- /data/data/####/1553298230127si.jar
- /data/data/####/1553298233000si.jar
- /data/data/####/1553298233141si.jar
- /data/data/####/1553298233928si.jar
- /data/data/####/1553298234607si.jar
- /data/data/####/1553298234620si.jar
- /data/data/####/1553298237932si.jar
- /data/data/####/1553298238041si.jar
- /data/data/####/1553298239016si.jar
- /data/data/####/1553298239692si.jar
- /data/data/####/1553298239705si.jar
- /data/data/####/1553298241234si.jar
- /data/data/####/1553298242614si.jar
- /data/data/####/1553298242641si.jar
- /data/data/####/1553298243260si.jar
- /data/data/####/1553298244485si.jar
- /data/data/####/1553298244529si.jar
- /data/data/####/1553298245384si.jar
- /data/data/####/1553298246354si.jar
- /data/data/####/1553298246368si.jar
- /data/data/####/1553298247248si.jar
- /data/data/####/1553298248661si.jar
- /data/data/####/1553298248710si.jar
- /data/data/####/1553298249993si.jar
- /data/data/####/1553298250009si.jar
- /data/data/####/1553298251021si.jar
- /data/data/####/1553298251040si.jar
- /data/data/####/1553298252850si.jar
- /data/data/####/1553298253778si.jar
- /data/data/####/1553298253787si.jar
- /data/data/####/1553298254753si.jar
- /data/data/####/1553298254768si.jar
- /data/data/####/1553298258611si.jar
- /data/data/####/1553298258763si.jar
- /data/data/####/1553298259620si.jar
- /data/data/####/1553298260313si.jar
- /data/data/####/1553298260334si.jar
- /data/data/####/1553298261272si.jar
- /data/data/####/1553298263226si.jar
- /data/data/####/1553298263235si.jar
- /data/data/####/1553298264251si.jar
- /data/data/####/1553298264277si.jar
- /data/data/####/1553298265206si.jar
- /data/data/####/1553298268370si.jar
- /data/data/####/1553298268568si.jar
- /data/data/####/1553298269762si.jar
- /data/data/####/1553298270346si.jar
- /data/data/####/1553298270365si.jar
- /data/data/####/1553298273361si.jar
- /data/data/####/1553298273441si.jar
- /data/data/####/1553298279509si.jar
- /data/data/####/1553298279773si.jar
- /data/data/####/AmDataConfig.xml
- /data/data/####/AmDataConfig.xml.bak
- /data/data/####/_acoassetmobileaccz.xml
- /data/data/####/amregion.db
- /data/data/####/db.enc
- /data/data/####/fassetmobileacc.dex (deleted)
- /data/data/####/fassetmobileacc.jar
- /data/data/####/gongxinweishi.db
- /data/data/####/numberdb.db
- /data/data/####/smssdk.db-journal
- /data/data/####/yoappInfo_pre.xml
- /data/data/####/yoappInfo_pre.xml.bak
- /data/data/####/yoconf_pre.xml
- /data/data/####/yoconf_pre.xml (deleted)
- /data/media/####/.nomedia
Miscellaneous:
Executes the following shell scripts:
- getprop ro.product.cpu.abi
Uses the following algorithms to encrypt data:
- DES
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Gets information about sent/received SMS.
