Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Siggen.6036
Network activity:
Connecting to:
- 1####.####.226:9000
- wina####.com:8006
- 1####.####.226
- wina####.com
- 1####.####.228:8006
HTTP GET requests:
- 1####.####.226:9000/like/36/2c28b1983459418e81e16308158818b5.png
- 1####.####.226/like/36/0038dc3d1ca844339d9d42f25ecad5d9.png
HTTP POST requests:
- wina####.com/service/com.ads.sales.model.Mobile
- 1####.####.228:8006/service/com.ads.basic.model.ServerAddress?type=####
- wina####.com:8006/service/com.ads.basic.model.ServerAddress?type=####
- wina####.com/service/com.like.system.model.ChipBind
- wina####.com/service/com.ads.track.model.Offer
- wina####.com/service/com.ads.basic.model.ServerAddress?type=####
Modified file system:
Creates the following files:
- /data/data/####/files/libs_data
- /data/data/####/files/1493729359323.apk
- /data/data/####/apps_/com.nethd34.player/apk/base-1.apk
- /data/data/####/cache/.android/acwzy1.png
- /data/data/####/files/dvxvmd.so
- /data/data/####/shared_prefs/share_cache.pref.xml
- /data/data/####/apps_/com.android.browser/apk/base-1.apk
- /data/data/####/apps_/com.nethd34.player/Signature/Signature_0.key
- /data/data/####/apps_/com.plugin.main/Signature/Signature_0.key
- /data/data/####/apps_/com.android.browser/Signature/Signature_0.key
- /data/data/####/apps_/com.plugin.main/dalvik-cache/base-1.dex
- /data/data/####/files/cwxlza.apk
- /data/data/####/databases/su.sqlite
- /data/data/####/files/core_service
- /data/data/####/databases/su.sqlite-journal
- /data/data/####/apps_/com.plugin.main/apk/base-1.apk
- /data/data/####/shared_prefs/org.kman.WifiControl.Prefs.xml
- /sdcard/Android/.zuid
- /data/data/####/apps_/com.nethd34.player/dalvik-cache/base-1.dex
- /data/data/####/apps_/com.android.browser/dalvik-cache/base-1.dex
Miscellaneous:
Executes next shell scripts:
- /system/bin/dexopt --dex 27 41 40 319792 /data/data/####/files/1493729364576.apk 1252154083 1684829273 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fram
- /system/bin/dexopt --dex 27 40 40 14036 /data/data/####/files/cwxlza.apk 1252154077 -404726546 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/fr
- /system/bin/dexopt --dex 27 41 40 319792 /data/data/####/files/1493729373636.apk 1252154083 1684829273 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fram
- /system/bin/dexopt --dex 27 61 40 1541888 /data/data/####/apps_/com.nethd34.player/apk/base-1.apk 1243843593 -1972731885 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ex
- /system/bin/dexopt --dex 27 41 40 319792 /data/data/####/files/1493729359323.apk 1252154083 1684829273 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fram
- /system/bin/dexopt --dex 27 61 40 179000 /data/data/####/apps_/com.plugin.main/apk/base-1.apk 1252154083 -25815708 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar
- /system/bin/dexopt --dex 27 61 40 253848 /data/data/####/apps_/com.android.browser/apk/base-1.apk 1252291928 747594924 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.
- /system/bin/dexopt --dex 27 41 40 319792 /data/data/####/files/1493729372205.apk 1252154083 1684829273 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fram
Contains functionality to send SMS messages automatically.
