Technical information
Malicious functions:
Sends SMS messages:
- 738150: 900
- 737459: 1052378166
- 738150: 615565941
Network activity:
Connecting to:
- a####.####.ir
- v####.####.ir
- 1b28323####.####.ir
HTTP GET requests:
- v####.####.ir/bc7316929fe1545bf0b98d114ee3ecb8
- 1b28323####.####.ir/static/fonts/clients/IRANSans-Light-web.ttf
- 1b28323####.####.ir/static/upload/ads1705/75082396-7deb-43eb-bb05-693a6b...
- v####.####.ir/0f3d014eead934bbdbacb62a01dc4831
- a####.####.ir/v3/get_banner.php?k=####&t=####
- 1b28323####.####.ir/static/upload/ads1705/6a63d714-4d84-48fc-8a8b-a66b6b...
- 1b28323####.####.ir/static/CACHE/js/fdec465a1931.js
- 1b28323####.####.ir/adview/?car=####&adadversion=####&model=####&android...
- v####.####.ir/490640b43519c77281cb2f8471e61a71
- v####.####.ir/83f2550373f2f19492aa30fbd5b57512
- 1b28323####.####.ir/static/fonts/clients/adad-ad-icons.ttf?-wg####
- v####.####.ir/appwall/download.png
HTTP POST requests:
- a####.####.ir/v3/video_receive.php
- v####.####.ir/reload.png
- v####.####.ir/close.png
- v####.####.ir/sound.png
- v####.####.ir/pr4FaeJ7slide
- v####.####.ir/design/d.txt
- a####.####.ir/v3/click.php
- a####.####.ir/v3/audio_receive.php
- a####.####.ir/v3/appwall_receive.php
- v####.####.ir/pr4FaeJ7
- v####.####.ir/fullClose.png
- v####.####.ir/mute.png
Modified file system:
Creates the following files:
- <Package Folder>/cache/F807ABA8796F3A6767FC18CAB114F88703EC9087.
- <Package Folder>/cache/ion/a4bb5d8118685ebaf91d5b23565218f7
- <Package Folder>/cache/ion/4e34bfe85963569700daa9db2fae1923.1
- <Package Folder>/cache/ion/2f9d8a6a6c901c8843cfb62e0b1df74f
- <Package Folder>/cache/ion/8149b27a0a7a0a76774e700f013885b
- <Package Folder>/cache/ion/51b46fb7c7cc20c025a4d5ed16650d86
- <Package Folder>/shared_prefs/Dgad.xml
- <Package Folder>/cache/ion/48846c5cf0ab69fe41a1e59e582de957
- <Package Folder>/cache/.img/fuclbn
- <Package Folder>/cache/ion/f1a8eff595bc1091749123692230391f
- <Package Folder>/cache/ion/e2b664e5464c1b92c715e6b550152ba5
- <Package Folder>/cache/.img/rlbn
- <Package Folder>/cache/ion/3ad8dd765a084f27b8bbf351a576ab71.1
- <Package Folder>/cache/.v/d4e128e4c4ffb4308ce8cc2f6a3bd1c1
- <Package Folder>/cache/webviewCacheChromium/data_0
- <Package Folder>/cache/ion/4a8f617fb2f1f98234b5d5e1d3b5f415
- <Package Folder>/cache/ion/3fe5bbf28c7854770e2f378958bf3ed6
- <Package Folder>/files/database.db
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/cache/.img/.ad0b43519c77281cb
- <Package Folder>/cache/ion/75d56df47d3274724834a09458e51201
- <Package Folder>/cache/.img/mubn
- <Package Folder>/cache/ion/9cb8dfb6c66eb6db5e99a965f7dfec21
- <Package Folder>/shared_prefs/ADAD_PREF.xml
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/cache/.img/subn
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/ion/96b9315e5dd143f7be712eaabbf1b689
- <Package Folder>/shared_prefs/Dgad.xml.bak
- <Package Folder>/cache/.img/f2bdc889be00e860c88a23b6692d0fd9
- <Package Folder>/cache/ion/d54ad90e4229b27234aa8d2d679cd593
- <Package Folder>/cache/ion/171f676c4470c8833838e938adff53b1
- <Package Folder>/cache/ion/703d92a05d56879632d40663969ab8c3
- <Package Folder>/cache/ion/8a67e586e445f87390576d62f13aedb
- <Package Folder>/cache/.img/.ad50373f2f19492aa
- <Package Folder>/cache/ion/aaf71e1472b9073584ad064eb4b7f633.1
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/cache/1
- <Package Folder>/cache/2
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/cache/.img/.ad6929fe1545bf0b9
- <Package Folder>/cache/ion/aaf71e1472b9073584ad064eb4b7f633.0
- <Package Folder>/cache/ion/9494a83070cdc6da82623dead51704b
- <Package Folder>/cache/ion/3d42b5f7cd62f25cf20fb1ce4ee558fa
- <Package Folder>/cache/ion/39104573edc7c5639ca8a02deaa8b095
- <Package Folder>/cache/.img/clbn
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/.img/.ad14eead934bbdbac
Miscellaneous:
Contains functionality to send SMS messages automatically.
