Technical information
Malicious functions:
Sends SMS messages:
- 10690133603: auto##100575532##mpl_zhushou##log in with 360
Network activity:
Connecting to:
- s####.####.com
- p####.####.com
- s####.####.cn
- a####.####.cn
- p####.####.cn
- e####.####.cn
- recom####.####.cn
- pro####.####.cn
- m####.####.com
- m####.####.cn
HTTP GET requests:
- s####.####.com/static/daf6ef47eb5bc0c7/stc_26a07ea9.css
- p####.####.com/t0176476a6bf560ea5c.jpg
- s####.####.com/!3c34d77b/zepto.v11.js
- p####.####.com/t019f8ef4eda051d287.png
- recom####.####.cn/webviewjs/rule?domain=####&operator=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&pp...
- p####.####.com/t01ced0ff4fd1878202.png
- s####.####.cn/ak/3416a75f4cea9109507cacd8e2f2aefc.html?m2=####
- recom####.####.cn/iservice/appJar?v=####&jvn=####&jvc=####
- recom####.####.cn/toolsManger/list?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=####&r...
- p####.####.com/dr/160_160_/t01327f3b83f41e59c6.png
- recom####.####.cn/inew/getRecomendApps?iszip=####&logo_type=####&deflate_field=####&bannertype=####&apiversion=####&ch=####&prepage=####&curpage=####&...
- recom####.####.cn/Iservice/ServerConfig?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=#...
- p####.####.com/t013d545ebb16786046.jpg
- p####.####.com/t01587cc94edac12f66.png
- p####.####.com/dr/160_160_/t01d80db095c2c4d392.png
- p####.####.com/t01c9bc76933ae20906.png
- s####.####.cn/appstore/info.htm?jackUrl=####&jackHost=####&hijackType=####&st=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m...
- p####.####.com/t01e4ecf5a8cd7034c2.png
- p####.####.com/t01f570f167020c5813.png
- recom####.####.cn/AppPrivMap/getPrivMap?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=#...
- pro####.####.cn/raffle/check_raffle/index?webpg=####&showSearch=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&...
- recom####.####.cn/iservice/getAppDetail?s_stream_app=####&market_id=####&sort=####&pname=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####...
- p####.####.com/t01e89d596cefabd546.png
- p####.####.com/dr/160_160_/t017f7a3707598102dc.png
- p####.####.com/t01db8a1091a1bd5305.png
- pro####.####.cn/profile/setting/getsetting?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCoun...
- m####.####.cn/baohe/list?version=####&toid=####&pst=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=...
- p####.####.com/t01210309f728ccd4da.png
- p####.####.com/t01fd6315e0ed6c48f0.png
- p####.####.com/dr/60__/d/inn/83194c50/coin.png
- p####.####.com/t01656c8b102705e16b.png
- p####.####.com/t010ebbe87154eadb98.png
- p####.####.com/t01fe98b06769f9e057.jpg
- p####.####.com/t01d8fec838c8a07e6b.png
- p####.####.com/t0174e1b9dfb8d509ad.png
- p####.####.com/t012c1acd3a20f1fa3f.png
- recom####.####.cn/webviewjs/domainlist?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=##...
- p####.####.com/t01f2ede1758fa45eef.png
- p####.####.com/t0136e24dd484f13ee6.png
- p####.####.com/t017fff687f1e6f54ae.png
- p####.####.com/t01bed22d225a375da4.png
- p####.####.com/t013dc973392d5bf451.png
- m####.####.com/cfg/appkey-cf6b551afe338f43
- pro####.####.cn/Check/getCalendarList?t=####&_=####&callback=####
- p####.####.com/t0108ddf5075c87e201.png
- p####.####.com/t0178ff2af4ad379317.png
- p####.####.com/dr/160_160_/t0196a611a6e0ef22ca.png
- a####.####.cn/intf.php?method=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionname=####&appid=####&_token=####&apivers...
- p####.####.com/t0168d2584fc040d0f7.png
- p####.####.com/t0180e9262f0b036868.png
- p####.####.com/t01a3c7eb268649be0c.png
- p####.####.com/t01d4d4e43f3ae53987.png
- recom####.####.cn/iservice/pluginStatus?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=#...
- p####.####.com/t01cb3e5cc97fa58864.png
- recom####.####.cn/Iservice/FailOver?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=####&...
- recom####.####.cn/html/data/save_uninstall.json
- recom####.####.cn/HuajiaoCtl/getZsSwitch?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=...
- p####.####.com/t01174fbc06273e114a.png
- p####.####.com/t0102d47914cbfccdba.png
- s####.####.cn/360baohe/c.html?para1=####
- p####.####.com/t01b0ceb13f1b361fb3.png
- p####.####.com/t01f06bfb4f39f8c5aa.png
- recom####.####.cn/AppStore/getIsUpdate?ext=####&pname=####&sr=####&mysrc=####&toid=####&sa=####&inma=####&launcher=####&isnle=####&issys=####&vid=####...
- p####.####.com/dr/160_160_/t01becf701168e077b5.png
- p####.####.com/t01a3551aceb4a806b1.png
- p####.####.com/t01f26a63848d15ab75.jpg
- p####.####.com/t01d6e53443b95ac0f9.png
- p####.####.com/t01bb6912aca33f6f96.png
- a####.####.cn/intf.php?method=####&devtype=####&m1=####&m2=####&_t=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionnam...
- p####.####.com/dr/160_160_/t01d84ee8a63add9bee.png
HTTP POST requests:
- recom####.####.cn/mintf/getAppsByPackNames?src=####&&silent=####&plugver=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####...
- recom####.####.cn/mintf/getAppsByPackNames?src=####&&silent=####&fotime=####&plugver=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2...
- p####.####.cn/pstat/plog.php
- p####.####.cn/update/update.php
- recom####.####.cn/NecessaryInstalled/appList?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCo...
- e####.####.cn/b/pv?&st=####&m2=####&model=####&mid=####
Modified file system:
Creates the following files:
- /data/data/####/shared_prefs/LifeHelper.xml.bak
- /data/data/####/cache/image_cache/v2.ols100.1/26/-KHiAAO8bUVfPmsilfM-DeQ98xo.-17993115.tmp
- /data/data/####/shared_prefs/PermissionMap.xml
- /sdcard/Android/data/####/cache/http/1715255727-985885723
- /data/data/####/shared_prefs/crash.xml
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/cache/image_cache/v2.ols100.1/71/OUXa7kpGDud-kinv8mJ6vl26xSc.1739864604.tmp
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /sdcard/Android/data/####/cache/http/-3048513561947007375
- /data/data/####/files/uninstallRetainJson
- /data/data/####/cache/image_cache/v2.ols100.1/89/8UdUOG5EOA0LYkGInnfXM-a3oUs.838513718.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/44/GlL_dQVDjNN3Uw5XUfhmxTbSJgE.-843447745.tmp
- /data/data/####/shared_prefs/multidex.version.xml
- /data/data/####/cache/image_cache/v2.ols100.1/88/9Ef7d-1EWui7-Gc3G_I_zwkay1U.-1873317468.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_5.png
- /data/data/####/files/dir_uninstallretain_pic/pic_6.png
- /data/data/####/shared_prefs/event_config.xml
- /data/data/####/cache/image_cache/v2.ols100.1/7/0Ja9EBjT1e9UZSuoA9tuAXsiq5I.-1738280085.tmp
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/image_cache/v2.ols100.1/32/piwg-xcqDqrpegHUG8F9MV1SHY0.2099623671.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/12/baVLEnG5-KMPqoqjrNnpE_Mo4qs.1937074896.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_4.png
- /data/data/####/shared_prefs/LifeHelper.xml
- /data/data/####/files/imagepipeline.lock
- /data/data/####/shared_prefs/share_data.xml
- /sdcard/Android/data/####/cache/http/19619540931947007375
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/cache/image_cache/v2.ols100.1/76/ccvDovjDxhaDDrz-J6XQFaVKTwo.1315628697.tmp
- /data/data/####/localApkInfo.json
- /data/data/####/cache/image_cache/v2.ols100.1/29/shKlbfk6t27TIHrXIYBXc8a7948.-2095814024.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/57/MCdPqmPsBfkWQldQ07AgQ9GU-gs.2065609820.tmp
- /data/data/####/databases/new_downloads.db-journal
- /data/data/####/files/libsucore.so
- /data/data/####/files/libsuav_nopie.so
- /data/data/####/cache/image_cache/v2.ols100.1/49/5w3o97qxzgw0YPpxxmhxa6r30-s.2032073471.tmp
- /data/data/####/shared_prefs/clear_shortcut.xml
- /data/data/####/databases/new_downloads.db
- /data/data/####/databases/360appstoreInstallHistory.db
- /sdcard/360Log/downloadLog_main
- /data/data/####/shared_prefs/battery.xml
- /data/data/####/files/dir_uninstallretain_pic/pic_2.png
- /data/data/####/files/dir_uninstallretain_pic/pic_3.png
- /data/data/####/shared_prefs/game_redirect.xml
- /data/data/####/files/personal_center_setting_new
- /data/data/####/cache/image_cache/v2.ols100.1/63/f1ci0uJOtCSNUmMPw3kdxB2Sk9s.-191074605.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/image_cache/v2.ols100.1/87/py0gEMLJ3WneXmJcnDtwp9cA-4k.-520231627.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_9.png
- /data/data/####/shared_prefs/MATSharedPreferences.xml
- /data/data/####/cache/image_cache/v2.ols100.1/15/ZINrjb9zo253FxIU52b-agm2qx4.-1017169576.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/93/WWfweMuQzQOrH1b-HNepzFF183k.-542976917.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/16/HiOHmZZroUzO4I-497xiHNZnZzo.-1954482647.tmp
- /sdcard/temp.tmp~
- /data/data/####/cache/image_cache/v2.ols100.1/15/V0CJwfMNet-YHpz-Bqp4Y_wOX0E.-640748587.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/15/fUCtKkz5I8TpUOQZrIKEfgo7nYw.-131510036.tmp
- /data/data/####/shared_prefs/crash.xml.bak
- /data/data/####/cache/image_cache/v2.ols100.1/53/eNjNseY8nOiS4XPBfx1tiPwQWzE.-9693689.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/94/9zVSYJk_rIaA_59xF423BEfMSLc.1341566813.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/90/S0EtYAE_lKH1oOIxYsEsETQPvE0.1146347520.tmp
- /sdcard/Android/data/.nomedia
- /data/data/####/files/dir_uninstallretain_pic/pic_8.png
- /data/data/####/databases/filelist.db-journal
- /data/data/####/cache/image_cache/v2.ols100.1/13/87CBDmnJq8joSWQsIcKIZCAHP_o.-899373249.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_1.png
- /data/data/####/databases/update_history.db
- /data/data/####/files/imagepipeline
- /data/data/####/cache/image_cache/v2.ols100.1/14/9bAfxP5DkqsibLTvI_cHv_PU0MU.676669034.tmp
- /data/data/####/databases/account.db-journal
- /data/data/####/databases/update_history.db-journal
- /data/data/####/shared_prefs/save_myself_config.xml
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/cache/image_cache/v2.ols100.1/4/IAO6HJdF8n1oHJPyK8EsGyncMq8.55760029.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/86/_C0PCqVt8fogF_i261M7srjG0Lo.1632760116.tmp
- /data/data/####/databases/download5.db-journal
- /data/data/####/code_cache/secondary-dexes/####-1.apk.classes-209684923.zip
- /data/data/####/shared_prefs/BaoHe_only_pref.xml.bak
- /data/data/####/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl
- /data/data/####/files/rooter.jar
- /data/data/####/cache/image_cache/v2.ols100.1/99/SgxRp9mkgc-zvFnKLEDdjAPddoE.1461094803.tmp
- /data/data/####/databases/_ire-journal
- /data/data/####/shared_prefs/BaoHe_only_pref.xml
- /data/data/####/shared_prefs/PermissionMap.xml.bak
- /data/data/####/cache/image_cache/v2.ols100.1/58/kYnCoB0n2EC1ksp1Pmugwb3b19U.-1928207202.tmp
- /data/data/####/databases/account.db
- /data/data/####/files/temp.tmp~
- /data/data/####/files/dir_uninstallretain_pic/pic_7.png
- /data/data/####/shared_prefs/share_data.xml.bak
- /data/data/####/cache/image_cache/v2.ols100.1/81/vGK7oUb0-cQ12t2Ej1kqibq50vk.1689638996.tmp
- /data/data/####/files/pluginconfigcache
- /data/data/####/cache/image_cache/v2.ols100.1/59/mFLhnR6TtikCFK2Imq7mZNCLDyQ.1927695215.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/91/ju_V8QTpiQVrbOtxormfUV-AXUA.2129419948.tmp
- /data/data/####/databases/360appstoreInstallHistory.db-journal
- /data/data/####/cache/image_cache/v2.ols100.1/40/bjRjH64uC89wqRyqtxRZozfRyjs.281560229.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/84/tD6o0vU1pR8x7__NMdfbi2Zn-ZM.-1440414296.tmp
- /data/data/####/shared_prefs/MATSharedPreferences.xml.bak
- /data/data/####/cache/image_cache/v2.ols100.1/82/-yEbDMznqdcOOoU81o-Bye--ZZI.-107867610.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/39/f5x9iN4MdmG5726J1BZGjgZFVd8.-1424521592.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db-journal
Sets the 'executable' attribute to the following files:
- /data/data/####/files/libsuav_nopie.so
Miscellaneous:
Executes next shell scripts:
- su
Uses elevated priveleges.
Contains functionality to send SMS messages automatically.
