Technical information
Malicious functions:
Sends SMS messages:
- 13631451772: ####
Network activity:
Connecting to:
- se####.####.cn
- l####.####.cn
- s####.####.cn
- 1####.cn
- w####.####.cn
HTTP GET requests:
- l####.####.cn/ln_tail/images/gov.gif
- l####.####.cn/images/leftad1.jpg
- l####.####.cn/10086/job/js/My97DatePicker/skin/whyGreen/datepicker.css
- 1####.cn/ln_tail/images/knetSealLogo.png
- 1####.cn/cmpop/images/index/ad1/201702/201702281747056795QM.jpg
- 1####.cn/images/index/jb04.gif
- 1####.cn/js10086/homepage_h5libs.js
- 1####.cn/images/index/icons2014.gif
- 1####.cn/ln_head/images/logo.png
- l####.####.cn/images/none.gif
- l####.####.cn/ln_head/ln_head.js
- 1####.cn/ln_head/css/head.css
- l####.####.cn/10086/job/js/show.js
- 1####.cn/images/index/jb01.gif
- 1####.cn/
- w####.####.cn/service/homepageprice/homepageprice.jsp?mcmsPrice=####&callback=####&_=####
- 1####.cn/ln_head/images/search.png
- 1####.cn/images/index/kf.gif
- 1####.cn/ln_tail/images/gov.gif
- l####.####.cn/ln_head/images/t1-1.png
- 1####.cn/images/index/shopclass02.gif
- 1####.cn/cmpop/images/index/ad1/201701/2017011316163311954L.jpg
- s####.####.cn/dcs8ibknb10000w0yfuqi8apd_2l4g/dcs.gif?WT.branch=####&dcssip=####&WT.host=####&dcsuri=####&WT.es=####&dcsref=####&WT.referrer=####&WT.sr...
- l####.####.cn/ln_head/css/head1000.css
- l####.####.cn/ln_tail/images/knetSealLogo.png
- 1####.cn/cmpop/images/index/ad/201605/20160517132707556e41.jpg
- l####.####.cn/favicon.ico
- l####.####.cn/10086/job/js/My97DatePicker/config.js
- l####.####.cn/js/login.js
- l####.####.cn/10086/job/js/My97DatePicker/WdatePicker.js
- 1####.cn/images/index/zxzx.gif
- 1####.cn/bj_tail/bj_tail.js
- l####.####.cn/10086/statics/ad_common.jsp?_=####
- 1####.cn/images/index/220130.gif
- l####.####.cn/images/w740_bg2.gif
- 1####.cn/ln_head/ln_head_h5.js
- 1####.cn/images/index/logo.png
- l####.####.cn/js/jquery/jquery-1.8.3.min.js
- l####.####.cn/ln_head/images/ewm.jpg
- l####.####.cn/10086/job/js/My97DatePicker/skin/WdatePicker.css
- 1####.cn/cmpop/images/index/ad1/201702/20170228175126800Lqx.jpg
- 1####.cn/images/index/wjdc.png
- l####.####.cn/10086/job/js/My97DatePicker/skin/default/datepicker.css
- 1####.cn/ln_head/images/phonedivcity.png
- 1####.cn/favicon.ico
- l####.####.cn/js/submit.js
- 1####.cn/images/index/jb02.gif
- l####.####.cn/ln_tail/ln_tail.css
- l####.####.cn/images/norepeat_s.gif
- 1####.cn/ln_tail/ln_tail_h5.js
- 1####.cn/images/index/220265.gif
- 1####.cn/cmpop/images/index/ad1/201603/20160323161129527sVd.gif
- w####.####.cn/service/selectcity/selectcity.jsp?cityid=####&callback=####&_=####
- 1####.cn/cmpop/images/index/ad1/201603/20160323161008732O2n.gif
- 1####.cn/bj_tail/images/knetSealLogo.png
- l####.####.cn/js/jquery/external/jquery.bgiframe-2.1.1.js
- l####.####.cn/10086/job/js/My97DatePicker/skin/default/img.gif
- l####.####.cn/ln_head/images/search.png
- se####.####.cn/share/richinfo_search.js
- 1####.cn/js10086/jquery-1.9.1.min.js
- 1####.cn/ln_head/images/t1-1.png
- 1####.cn/images/js/portal/sdc_home.js
- l####.####.cn/support/hotspot/joboffer1.xhtml
- 1####.cn/tail/general_tail_v5.js
- 1####.cn/ln_head/images/ewm.jpg
- l####.####.cn/SSOLogin?artifact=####&backUrl=####
- 1####.cn/cmpop/images/index/ad1/201603/20160323161119374xjY.gif
- l####.####.cn/js/index_select.js
- 1####.cn/bj_tail/images/gov.gif
- l####.####.cn/html/window/loginMini.html?channelID=####&backUrl=####
- 1####.cn/images/index/lbnextpre.png
- 1####.cn/images/index/lbnextpre.gif
- l####.####.cn/js/dialog.js
- l####.####.cn/js/alltabli.js
- l####.####.cn/images/norepeat_l.gif
- l####.####.cn/10086/statics/left_support.jsp?_=####
- 1####.cn/images/index/300380.gif
- 1####.cn/css/bootstrap.index.css__index2015.css
- l####.####.cn/ln_tail/ln_tail.js
- 1####.cn/images/areaselect/tips.png
- 1####.cn/images/index/shopclass05.gif
- l####.####.cn/js/sdc.js
- l####.####.cn/ln_head/images/t3-1.png
- 1####.cn/cmpop/images/index/ad/201701/20170111154934943zci.jpg
- l####.####.cn/ln_head/images/logo.png
- l####.####.cn/webtrends/dcs.gif?WT.branch=####&dcssip=####&WT.host=####&dcsuri=####&WT.es=####&WT.sr=####&WT.ti=####&WT.co_f=####&dcsdat=####
- 1####.cn/images/index/grzx.jpg
- 1####.cn/cmpop/images/index/ad/201701/20170125135413111A63.png
- l####.####.cn/js/map.js
- 1####.cn/images/index/shopclass03.gif
- l####.####.cn/js/jquery/jquery.blockUI.js
- 1####.cn/images/index/cjwt.gif
- 1####.cn/ln_head/images/x.gif
- 1####.cn/ln_head/images/phonenav.png
- 1####.cn/ln/depositprompt240.json
- 1####.cn/ln_head/images/t3-1.png
- 1####.cn/cmpop/images/index/ad/201507/20150730095739558Y1k.jpg
- 1####.cn/images/new.gif
- 1####.cn/bj_tail/bj_tail.css
- l####.####.cn/images/repeat_x.gif
- l####.####.cn/js/jquery/jquery.cookie.js
- 1####.cn/cmpop/images/index/ad/201509/20150908084544828Du8.jpg
- 1####.cn/css/areaselect.css
- l####.####.cn/ln_head/images/x.gif
- l####.####.cn/js/jquery/ui/jquery-ui-1.8.2.custom.min.js
- 1####.cn/js10086/homepage_sttlibsv2.js
- l####.####.cn/10086/job/js/My97DatePicker/My97DatePicker.htm
- 1####.cn/cmpop/images/index/ad/201510/20151023090946872N2s.jpg
- 1####.cn/cmpop/images/index/ad1/201609/20160927112035566Pxd.png
- l####.####.cn/10086/statics/support_job.jsp?_=####
- 1####.cn/images/index/tsjy.gif
- 1####.cn/images/areaselect/confrim.gif
- l####.####.cn/10086/statics/left_top10.jsp?_=####
- l####.####.cn/10086/job/js/job.js?_=####
- l####.####.cn/images/w740_bg3.gif
- l####.####.cn/10086/job/js/offerOper.js
- l####.####.cn/css/css.css
- 1####.cn/ln/index_240_429.html
- l####.####.cn/images/leftad2.jpg
- 1####.cn/head/general_head_h5.js
- 1####.cn/ln_tail/foot.css
- 1####.cn/images/index/indexgg.gif
- 1####.cn/cmpop/images/index/ad1/201603/20160323161051270xTE.gif
- l####.####.cn/images/leftad3.jpg
- l####.####.cn/js/cookie.js
- 1####.cn/service/ip/ipajax.jsp
- l####.####.cn/images/servicenav_bg.gif
- 1####.cn/index_5074.htm
- 1####.cn/cmpop/images/index/ad1/201612/20161207092418825dsP.jpg
- l####.####.cn/js/allpopup.js
- 1####.cn/cmpop/images/index/ad1/201611/20161118154057046C5x.gif
- 1####.cn/cmpop/images/index/ad1/201702/20170228174855663nqm.jpg
- 1####.cn/images/index/shopclass01.gif
- l####.####.cn/10086/job/js/My97DatePicker/calendar.js
- 1####.cn/cmpop/images/index/ad/201701/20170112103901492Y1w.jpg
- 1####.cn/images/index/jb03.gif
- l####.####.cn/10086/job/js/My97DatePicker/lang/en.js
- 1####.cn/cmpop/images/index/ad/201604/20160425151051215c2p.jpg
HTTP POST requests:
- l####.####.cn/nowdate.jsp
Modified file system:
Creates the following files:
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/cache/icons/WebpageIcons.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/databases/webview.db-journal
- /data/data/####/app_cache/ApplicationCache.db-journal
- /data/data/####/cache/webviewCacheChromium/index
Miscellaneous:
Contains functionality to send SMS messages automatically.
