Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.MobiDash.2.origin
Network activity:
Connecting to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) ap####.ru:80
- TCP(HTTP/1.1) ap####.apt####.com:80
- TCP(HTTP/1.1) st####.ho####.com:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) messe####.en.apt####.com:80
- TCP(HTTP/1.1) con####.face####.net:80
- TCP(HTTP/1.1) www.googlea####.com:80
- TCP(HTTP/1.1) www.apt####.com:80
- TCP(HTTP/1.1) apt####.com:80
- TCP(HTTP/1.1) en.apt####.com:80
- TCP(TLS/1.0) cdn-####.apt####.com:443
- TCP(TLS/1.0) www.googlea####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) st####.ho####.com:443
- TCP(TLS/1.0) con####.face####.net:443
- TCP(TLS/1.0) bam.nr-####.net:443
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) d3pkntw####.cloudf####.net:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) messe####.en.apt####.com:443
- TCP(TLS/1.0) js-a####.newr####.com:443
- TCP(TLS/1.0) ssl.google-####.com:443
- TCP(TLS/1.0) sc####.ho####.com:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) c####.apt####.com:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) cd####.apt####.com:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP(TLS/1.0) v####.ho####.com:443
DNS requests:
- ap####.apt####.com
- ap####.ru
- apt####.com
- bam.nr-####.net
- c####.apt####.com
- cd####.apt####.com
- cdn-####.apt####.com
- con####.face####.net
- d3pkntw####.cloudf####.net
- en.apt####.com
- f####.google####.com
- f####.gst####.com
- googl####.g.doublec####.net
- js-a####.newr####.com
- messe####.en.apt####.com
- s####.g.doublec####.net
- sc####.ho####.com
- ssl.google-####.com
- st####.ho####.com
- v####.ho####.com
- www.apt####.com
- www.face####.com
- www.go####.com
- www.go####.nl
- www.google-####.com
- www.googlea####.com
HTTP GET requests:
- ap####.apt####.com/messenger-text-and-video-chat-for-free.apk?uid=####&s...
- ap####.ru/1/HLFs5m
- apt####.com/
- con####.face####.net/en_US/fbevents.js
- con####.face####.net/signals/config/586221161553923?v=####
- st####.ho####.com/c/hotjar-518758.js?sv=####
- www.apt####.com/
- www.google-####.com/ga.js
- www.google-####.com/r/__utm.gif?utmwv=####&utms=####&utmn=####&utmhn=###...
- www.googlea####.com/pagead/conversion.js
Modified file system:
Creates the following files:
- <Package Folder>/app_app_apk/zdsphfvid.dat.jar
- <Package Folder>/app_database/####/http_en.aptoide.com_0.locals...ournal
- <Package Folder>/app_database/####/https_en.aptoide.com_0.local...ournal
- <Package Folder>/app_database/####/https_messenger.en.aptoide.c...ournal
- <Package Folder>/app_database/ApplicationCache.db-journal
- <Package Folder>/app_database/CachedGeoposition.db
- <Package Folder>/app_database/CachedGeoposition.db-journal
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/f_000011
- <Package Folder>/cache/####/f_000012
- <Package Folder>/cache/####/index
- <Package Folder>/code_cache/####/MultiDex.lock
- <Package Folder>/code_cache/####/tmp-<Package>-1.apk.classes-997333806.zip
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/fRavQggLC
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/multidex.version.xml
Miscellaneous:
Loads the following dynamic libraries:
- fRavQggLC
Uses administrator priveleges.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.
