Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.73.origin
- Android.Xiny.90.origin
Network activity:
Connecting to:
- h####.####.com
- face####.com
- technol####.net
- m####.####.net
- we####.com
- b####.####.com
- t####.com
- bnzmzkc####.####.net
- google-####.com
- 4####.####.75
- t0p0f####.com
- woo####.com
- l####.####.com
- st####.####.com
- pag####.####.com
- woo####.com:8082
- go####.com
- a####.####.net
- f####.####.com
- we####.com:8081
- j####.####.com
- c####.####.net
- cdn1d-s####.####.com
- serv####.####.com
- c####.####.com
- imgg####.####.com
- n####.####.com
HTTP GET requests:
- c####.####.com/images/mgid_logo_mini_43x20.png
- technol####.net/wp-content/themes/yeahthemes-sparkle/framework/css/bootstrap.min.css?ver=####
- c####.####.com/mobile/fonts/overpass_regular.ttf
- f####.####.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJTdGNerWpg2Hn6A-BxWgZ_I.ttf
- t####.com/background-settings?app_id=####&eventName=####&ssite=####&sconfig=####&_sscreen=####&_sbrowser=####&_sbrowserVersion=####&_bmobile=####&_sos...
- technol####.net/wp-content/uploads/2016/10/shutterstock_312485678.jpg
- serv####.####.com/105160/1?w=####&h=####&cols=####&pv=####&cbuster=####&ref=####&lu=####
- cdn1d-s####.####.com/iframe-mobile-2.0.0.html
- c####.####.com/201605/10/29931061/originals/7(m=eqw4mgaaaa).jpg
- google-####.com/analytics.js
- c####.####.com/assets/mobile/css/common.css?cache=####
- m####.####.net/uploaded_content/creative/101/314/316/1/1013143161.gif
- technol####.net/wp-content/themes/yeahthemes-sparkle/fonts/fontawesome-webfont.ttf?v=####
- j####.####.com/t/e/technologycraze.net.105160.js?t=####
- technol####.net/uncategorized/wireless-charging-new-rumoured-feature-iphone-8/?subid=####
- n####.####.com/?utm_medium=####&utm_campaign=####&1=####
- imgg####.####.com/2106/2106810_492x328.jpg
- technol####.net/wp-content/uploads/2017/02/423.png
- technol####.net/wp-content/plugins/wp-share-buttons/style/front.end.css?ver=####
- c####.####.net/autocomplete.js/0/autocomplete.min.js?_=####
- n####.####.com/?utm_term=####&clickverify=####&utm_content=####
- l####.####.com/load/?p=####&g=####&j=####&BUID=####
- go####.com/recaptcha/api/js/recaptcha_ajax.js
- c####.####.com/i.js
- c####.####.com/201606/19/30634091/originals/14(m=eqw4mgaaaa).jpg
- c####.####.net/algoliasearch/3/algoliasearch.min.js?cache=####
- technol####.net/wp-content/themes/yeahthemes-sparkle/css/flexslider.css?ver=####
- google-####.com/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####&ul=####&de=####&dt=####&sd=####&sr=####&vp=####&je=####&_u=####&jid=####&cid=####...
- technol####.net/wp-content/themes/yeahthemes-sparkle/framework/js/bootstrap.min.js?ver=####
- technol####.net/wp-content/uploads/2016/03/android-logo-wallpaper-4-300x188.jpg
- imgg####.####.com/1837/1837737_492x328.jpg
- b####.####.com/beacon.js
- a####.####.net/ads?zone_id=####&cache=####&clientType=####&redirect=####
- f####.####.com/css?family=####&ver=####
- technol####.net/wp-includes/js/wp-embed.min.js?ver=####
- technol####.net/wp-includes/js/jquery/jquery.js?ver=####
- m####.####.net/tmp/abp/px.gif?ch=####&rn=####
- c####.####.com/setmuidn/?muidn=####
- pag####.####.com/pagead/js/r20170308/r20170110/show_ads_impl.js
- technol####.net/wp-content/themes/yeahthemes-sparkle/style.css
- b####.####.com/b2?c1=####&c2=####&c3=####&c4=####&ns__t=####&ns_c=####&cv=####&c8=####&c7=####&c9=####
- c####.####.com/201605/07/29879751/originals/10(m=eqw4mgaaaa).jpg
- c####.####.com/mobile/images/t8logo.png?cache=####
- f####.####.com/s/lato/v13/MZ1aViPqjfvZwVD_tzjjkwLUuEpTyoUstqEm5AMlJo4.ttf
- technol####.net/wp-content/themes/yeahthemes-sparkle/css/font-awesome.css?ver=####
- technol####.net/wp-content/uploads/2016/11/shutterstock_489604468-300x200.jpg
- technol####.net/wp-content/themes/yeahthemes-sparkle/js/jquery.sharrre.min.js?ver=####
- technol####.net/wp-content/uploads/2017/01/shutterstock_497764432.jpg
- a####.####.net/ads_batch?clientType=####&data=####&channel[site]=####&_148541####
- b####.####.com/b?c1=####&c2=####&c3=####&c4=####&ns__t=####&ns_c=####&cv=####&c8=####&c7=####&c9=####
- technol####.net/wp-content/themes/yeahthemes-sparkle/js/yt.custom.min.js?ver=####
- pag####.####.com/pagead/js/adsbygoogle.js
- technol####.net/wp-content/uploads/2016/04/video-games-1136041_1920.jpg
- technol####.net/wp-content/plugins/wp-share-buttons/Front_end/js/custom_script.js?ver=####
- technol####.net/wp-content/uploads/2016/03/lgv1-300x169.jpg
- technol####.net/wp-content/themes/sparkle-childtheme/style.css?ver=####
- technol####.net/wp-content/uploads/2017/02/shutterstock_240261430.jpg
- c####.####.com/mobile/images/global-sprite.png?cache=####
- technol####.net/mobile/wireless-charging-new-rumoured-feature-iphone-8/?subid=####
- imgg####.####.com/1614/1614450_492x328.jpg
- l####.####.com/pixel.gif
- c####.####.com/assets/mobile/css/categorylist.css?cache=####
- m####.####.net/uploaded_content/creative/101/276/268/1/1012762681.gif
- technol####.net/wp-includes/js/wp-emoji-release.min.js?ver=####
- c####.####.com/font_icons/complete/tube8v2.ttf?cache=####
- technol####.net/wp-content/uploads/2016/06/rollercoaster.jpeg
- c####.####.com/delivery/mobile_video/adtool_mobile_video_player_min.js
- c####.####.com/201603/24/29151981/originals/13(m=eqw4mgaaaa).jpg
- technol####.net/wp-content/themes/yeahthemes-sparkle/css/animate.css?ver=####
- technol####.net/wp-content/themes/yeahthemes-sparkle/js/jquery.flexslider.min.js?ver=####
- t####.com/cat/hardcore/1/
- n####.####.com/proc.php?1ba2018####
- c####.####.com/assets/mobile/js/categorylist.js?cache=####
- 4####.####.75/admin201506/uploadApkFile/20161104/077111150.png
- technol####.net/wp-content/uploads/2017/01/shutterstock_277854590-300x200.jpg
- face####.com/plugins/likebox.php?href=####&w####&height=####&colorscheme=####&show_faces=####&header=####&stream=####&show_border=####
- technol####.net/wp-content/uploads/2017/03/shutterstock_557235079-1.jpg
- technol####.net/wp-content/plugins/wp-share-buttons/images/buttons.20.png
- c####.####.com/201603/12/28971731/originals/9(m=eqw4mgaaaa).jpg
- c####.####.com/201701/30/34951961/originals/9(m=eqw4mgaaaa).jpg
- technol####.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=####
- t0p0f####.com/?id=####
- technol####.net/wp-content/themes/yeahthemes-sparkle/js/yt.script.min.js?ver=####
- c####.####.com/assets/mobile/js/common.js?cache=####
- technol####.net/wp-includes/images/rss.png
- st####.####.com/6a97888ec52c042c679a36e919843cca/banners/41682/1732145726726900_1_xacd.gif
- h####.####.com/js/ht.js?site_id=####
HTTP POST requests:
- we####.com:8081/sm/sr/rt/ry
- woo####.com:8082/sdk/ttc.action
- we####.com/sm/sr/rt/ry
- woo####.com/sdk/nsd.action?b=####
- a####.####.net/ads_batch
- bnzmzkc####.####.net/1/indexes/popular_queries_straight_nl/query?x-algolia-agent=####&x-algolia-application-id=####&x-algolia-api-key=####
Modified file system:
Creates the following files:
- /data/data/####/cache/webviewCacheChromium/f_00002f
- /data/data/####/cache/webviewCacheChromium/f_00002e
- /data/data/####/cache/webviewCacheChromium/f_00002d
- /data/data/####/cache/webviewCacheChromium/f_00002c
- /data/data/####/cache/webviewCacheChromium/f_00002b
- /data/data/####/cache/webviewCacheChromium/f_00002a
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/shared_prefs/au.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/cache/webviewCacheChromium/f_000001
- /sdcard/test
- /data/data/####/cache/webviewCacheChromium/f_000030
- /data/data/####/cache/webviewCacheChromium/f_000031
- /data/data/####/shared_prefs/20160121.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_000019
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/f_000017
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000015
- /sdcard/APPMarket/AdvSDK/ICON/admin201506/uploadApkFile/20161104/077111150.png.tmp
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/shared_prefs/20160218.xml
- /data/data/####/cache/webviewCacheChromium/f_000016
- /data/data/####/shared_prefs/Q2hhbm5lbElES2V5MjAxNjEyMjcxODU3.xml
- /data/data/####/cache/webviewCacheChromium/f_000029
- /data/data/####/cache/webviewCacheChromium/f_000028
- /data/data/####/databases/swith1014.db-journal
- /data/data/####/databases/bdownloaders.db-journal
- /data/data/####/shared_prefs/20160121.xml
- /data/data/####/shared_prefs/20160218.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/files/200/1001/110011Copy.data
- /data/data/####/cache/webviewCacheChromium/f_00001f
- /data/data/####/cache/webviewCacheChromium/f_00001d
- /data/data/####/cache/webviewCacheChromium/f_00001e
- /data/data/####/cache/webviewCacheChromium/f_00001b
- /data/data/####/cache/webviewCacheChromium/f_00001c
- /data/data/####/cache/webviewCacheChromium/f_00001a
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000026
- /data/data/####/cache/webviewCacheChromium/f_000025
- /data/data/####/cache/webviewCacheChromium/f_000024
- /data/data/####/cache/webviewCacheChromium/f_000023
- /data/data/####/cache/webviewCacheChromium/f_000022
- /data/data/####/cache/webviewCacheChromium/f_000021
- /data/data/####/cache/webviewCacheChromium/f_000020
- /data/data/####/shared_prefs/duspf6030945.xml
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/cache/webviewCacheChromium/f_000027
- /data/data/####/files/100/1001/1485415908505.apk
- /data/data/####/files/native_service
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/shared_prefs/au.xml
- /data/data/####/files/200/1001/170126073137185.apk
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/cache/webviewCacheChromium/f_000018
- /data/data/####/files/SDKcpy201612241629.apk
- /data/data/####/cache/webviewCacheChromium/index
Sets the 'executable' attribute to the following files:
- /data/data/####/files/native_service
- /data/data/####/files/SDKcpy201612241629.apk
Miscellaneous:
Executes next shell scripts:
- logcat -d -v time
- .hulu -c id
- sh
- .hulu
Contains functionality to send SMS messages automatically.
