Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.20
Downloads the following detected threats from the Web:
- Android.Xiny.20
Network activity:
Connecting to:
- s####.####.com
- q####.####.cn
- d####.####.cn
- p####.####.com
- s####.####.cn
- b####.####.cn
- ope####.####.cn
- a####.####.com
- m####.####.cn
HTTP GET requests:
- p####.####.com/t01ab9226205f7a0d17.png
- p####.####.com/static/90f6d7778ee671eb.js
- s####.####.com/!58e0ca9e/126.css
- q####.####.cn/1/message/cfg?nonce=####&clienttype=####&v=####&ch=####&sk...
- b####.####.cn/static/js/monitor/m_tongji.js
- p####.####.com/t0152bced9f7d840239.jpg
- p####.####.com/t016f9c6ab2c08e00be.jpg
- s####.####.com/lib/qwrap/1141.js
- b####.####.cn/static/js/touch/quc.js?f####
- p####.####.com/monitor/;monitor/445ca40a.js
- s####.####.cn/qdas/s.htm?p=####&u=####&guid=####&gid=####&sid=####&title...
- p####.####.com/t01c2eacb93486e8130.jpg
- p####.####.com/t01a7a141cf355173fb.png
- p####.####.com/t0193bf302c8bb48c54.png
- q####.####.cn/1/gift/hall?jdata=####&nonce=####&clienttype=####&v=####&c...
- p####.####.com/bdm/200_200_/t01923a1bb5199bb3be.png
- p####.####.com/t010b41973091352782.jpg
- b####.####.cn/zhuanti.php?tid=####&t=####&fid=####
- ope####.####.cn/AppStore/getIsUpdate?&clienttype=####&v=####&ch=####&sk=...
- p####.####.com/t01222dd06dea21edcc.png
- p####.####.com/t01327bceff77cb0e79.png
- s####.####.com/!3ee88177/reset.css
- p####.####.com/t017145f950024c3547.jpg
- p####.####.com/t01abcb18a7dee72482.png
- s####.####.com/lib/jquery/190.js
- q####.####.cn/1/common/recommendlogin?m1=####&m2=####&v=####&ch=####&ual...
- p####.####.com/bdm/200_200_/t015e6ae38f6df82684.png
- p####.####.com/t01dc9839b4cf680691.png
- p####.####.com/t01e93a8f3fc00ba7de.png
- p####.####.com/t01739004c22706e5ca.gif
- s####.####.cn/w360/s.htm?p=####&u=####&id=####&guid=####&b=####&c=####&r...
- q####.####.cn/1/gift/info?v_id=####&pname=####&nonce=####&clienttype=###...
- p####.####.com/t01b921805dd3a77c6e.png
- p####.####.com/t01728e791681bdfee6.jpg
- q####.####.cn/1/hd/gj?testvd=####&jdata=####&nonce=####&clienttype=####&...
- p####.####.com/t0154084682b34dd8e9.png
- p####.####.com/t014d70a3e12b9d5dae.png
- q####.####.cn/1/xgamebox/dashboard?nonce=####&clienttype=####&v=####&ch=...
- b####.####.cn/static/js/touch/common.js?f####
- p####.####.com/t0154d94b4b294bb50f.jpg
- s####.####.com/i360/;js;/utils,login,reg,setname/20160505.js
- s####.####.com/static/f5407c785655e6a1/monitor_analytic.js
- p####.####.com/static/4819ad2e9a416c08.js
- b####.####.cn/BBSCommentBox/js/commentBox.js
- b####.####.cn/static/js/mousemove.js
- p####.####.com/t015ee39b7b80808d7d.png
- p####.####.com/t01e658832356782b32.png
- s####.####.com/static/d3026e71c5b6ae95/mgamer.js
- p####.####.com/bdm/200_200_/t01571d1148fea517b9.png
- p####.####.com/t014fdf8e0005a79874.png
- b####.####.cn/zhuanti.php?callback=####&postlist=####&tid=####&page=####...
- p####.####.com/t010e59643cd63afc0d.jpg
- p####.####.com/t01882c62dc92176229.png
- p####.####.com/t012b3e03738a3dcc68.png
- s####.####.com/lib/qwrap/113.js
- p####.####.com/t016a700576d0bc6f7a.jpg
- p####.####.com/t01ed04840c39f42147.jpg
- q####.####.cn/1/benefit/index?jdata=####&nonce=####&clienttype=####&v=##...
- d####.####.cn/jarFile/SDKAutoUpdate/hyjwan.jar
- p####.####.com/t01a4feb863659d8786.png
- p####.####.com/t01810852ed3d5a8bde.png
- p####.####.com/bdm/200_200_/t0184e452e9e83ccb12.png
- q####.####.cn/1/common/r?m1=####&bf=####&m2=####&sk=####&v=####&ch=####&...
- p####.####.com/static/ef07ed774ba21b6a.js
- p####.####.com/t0158a804983de6ce14.png
- p####.####.com/bdm/200_200_/t015997e33d7deaf13c.png
- q####.####.cn/1/common/r?m1=####&bf=####&m2=####&sk=####&v=####&jdata=##...
- s####.####.com/lib/jquery/191.js
- p####.####.com/t0182b294b773c81575.png
- p####.####.com/t0193b650735064e449.jpg
- q####.####.cn/1/common/recommendlogin?v=####&m1=####&m2=####&jdata=####&...
- p####.####.com/t0126d2365401c3267e.jpg
- q####.####.cn/1/benefit/activity?count=####&start=####&jdata=####&nonce=...
- p####.####.com/t01994629c9a45ce549.jpg
- p####.####.com/t0108f543d3c949c7dd.png
- p####.####.com/t011ec091c397122fe0.jpg
- p####.####.com/t01c80400b899c2227e.png
- p####.####.com/t01dddfbfa38998c49f.jpg
- b####.####.cn/static/js/touch/login_register.js?f####
- b####.####.cn/static/js/monitor/pc.js?f####
- p####.####.com/t0118a4fb012e355364.png
- s####.####.cn/huati/42.html?from=####
HTTP POST requests:
- m####.####.cn/?product=####&version=####&user=####
- s####.####.com/cw/cp.action?requestId=####&g=####
- s####.####.com/cw/interface!u2.action?protocol=####&version=####&cid=####
- a####.####.com/app_logs
- ope####.####.cn/mintf/getAppsByPackNames?src=####&m=####&m2=####&ver=###...
- q####.####.cn/1/xgamebox/filter?n####
Modified file system:
Creates the following files:
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/shared_prefs/com.qiku.gamecenter.activity.base.fragment.BaseTabFragment.pagelaststate.xml.bak
- <Package Folder>/files/helpershowblacklist.dat
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/files/libpatch.so
- <Package Folder>/files/.imprint
- <Package Folder>/shared_prefs/game_union_preference.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/shared_prefs/W_Key.xml.bak
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/cache/webviewCacheChromium/f_000009
- <Package Folder>/cache/webviewCacheChromium/f_000008
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/webviewCacheChromium/f_000005
- <Package Folder>/cache/webviewCacheChromium/f_000004
- <Package Folder>/cache/webviewCacheChromium/f_000007
- <Package Folder>/cache/webviewCacheChromium/f_000006
- <Package Folder>/files/xtopn2000.dat
- <Package Folder>/databases/downloadswc
- <Package Folder>/shared_prefs/gameunion_share_preference.xml
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/com.qiku.gamecenter.activity.base.fragment.BaseTabFragment.pagelaststate.xml
- <Package Folder>/shared_prefs/game_union_preference.xml.bak
- <Package Folder>/shared_prefs/game_union_share_preference.xml
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/gameunion.db-journal
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Miscellaneous:
Executes next shell scripts:
- chmod 777 /storage/emulated/0/gamecenter/.cache/imgeloader
- chmod 777 /storage/emulated/0/gamecenter/.cache/apk
- chmod 777 /storage/emulated/0/gamecenter/.cache/advertise
- chmod 777 /storage/emulated/0/gamecenter/.cache/image
- <dexopt>
- chmod 777 /storage/emulated/0/gamecenter/.cache/icon
- chmod 777 /storage/emulated/0/gamecenter/.cache/qstore
Contains functionality to send SMS messages automatically.
