Technical information
Malicious functions:
Executes code of the following detected threats:
- Adware.Gexin.2.origin
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(TLS/1.0) av1.x####.com:443
- TCP(TLS/1.0) 1####.217.168.206:443
DNS requests:
- 7f5e492####.bug####.cn
- av1.x####.com
- i.t####.com
File system changes:
Creates the following files:
- /data/data/####/1557525228180_2331
- /data/data/####/1557525228228_2331
- /data/data/####/1557525228320_2331
- /data/data/####/1557525229279_2384
- /data/data/####/1557525229379_2384
- /data/data/####/1557525230381_2434
- /data/data/####/1557525230498_2434
- /data/data/####/1557525232840_2496
- /data/data/####/1557525232927_2496
- /data/data/####/1557525233840_2546
- /data/data/####/1557525234858_2594
- /data/data/####/1557525237630_2653
- /data/data/####/1557525238679_2702
- /data/data/####/1557525239678_2750
- /data/data/####/1557525242675_2811
- /data/data/####/1557525243790_2860
- /data/data/####/1557525244746_2909
- /data/data/####/1557525247644_2968
- /data/data/####/1557525248763_3017
- /data/data/####/1557525249892_3066
- /data/data/####/1557525254264_3126
- /data/data/####/1557525255255_3175
- /data/data/####/1557525256263_3224
- /data/data/####/1557525258487_3285
- /data/data/####/1557525259590_3334
- /data/data/####/1557525260612_3382
- /data/data/####/1557525264905_3442
- /data/data/####/1557525266043_3490
- /data/data/####/1557525267166_3539
- /data/data/####/1557525271429_3602
- /data/data/####/1557525272537_3652
- /data/data/####/1557525273643_3701
- /data/data/####/1557525277753_3759
- /data/data/####/1557525278869_3808
- /data/data/####/1557525280034_3856
- /data/data/####/1557525282582_3914
- /data/data/####/1557525283742_3961
- /data/data/####/1557525285060_4008
- /data/data/####/MultiDex.lock
- /data/data/####/TD_app_pefercen_profile.xml
- /data/data/####/TDpref_longtime.xml
- /data/data/####/TDpref_longtime0.xml
- /data/data/####/journal.tmp
- /data/data/####/libjiagu-917064677.so
- /data/data/####/multidex.version.xml
- /data/data/####/tdid.xml
- /data/media/####/.nomedia
- /data/media/####/.tcookieid
Miscellaneous:
Executes the following shell scripts:
- getprop
- logcat -v time -t 500 2331
- logcat -v time -t 500 2384
- logcat -v time -t 500 2434
- logcat -v time -t 500 2496
- logcat -v time -t 500 2546
- logcat -v time -t 500 2594
- logcat -v time -t 500 2653
- logcat -v time -t 500 2702
- logcat -v time -t 500 2750
- logcat -v time -t 500 2811
- logcat -v time -t 500 2860
- logcat -v time -t 500 2909
- logcat -v time -t 500 2968
- logcat -v time -t 500 3017
- logcat -v time -t 500 3066
- logcat -v time -t 500 3126
- logcat -v time -t 500 3175
- logcat -v time -t 500 3224
- logcat -v time -t 500 3285
- logcat -v time -t 500 3334
- logcat -v time -t 500 3382
- logcat -v time -t 500 3442
- logcat -v time -t 500 3490
- logcat -v time -t 500 3539
- logcat -v time -t 500 3602
- logcat -v time -t 500 3652
- logcat -v time -t 500 3701
- logcat -v time -t 500 3759
- logcat -v time -t 500 3808
- logcat -v time -t 500 3856
- logcat -v time -t 500 3914
- logcat -v time -t 500 3961
- logcat -v time -t 500 4008
Loads the following dynamic libraries:
- Bugtags
- LanSongffmpeg
- libjiagu-917064677
Uses the following algorithms to encrypt data:
- DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
- DES-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
