Technical information
Malicious functions:
Sends SMS messages:
- 1069013360002: easyRegister_1c54973702225fde5284a0776d05d9cd
Executes code of the following detected threats:
- Android.Xiny.20
Downloads the following detected threats from the Web:
- Android.Xiny.20
Network activity:
Connecting to:
- s####.####.com
- i####.####.net
- bai####.com
- m####.####.com
- d####.####.cn
- a####.####.com
HTTP GET requests:
- i####.####.net/67fbd6feb06a79973f8b3a453a496fc0.jpg_sq
- i####.####.net/24d3c920473a6aa8ce589aaf8894daa0.jpg_180x180
- i####.####.net/1887bc06081165ed7d8906b21137d224.jpg_180x180
- i####.####.net/c72dda5dec584a63f4e9bdfc7ec97f66.jpg_180x180
- bai####.com/api/mobile/Category.all/
- i####.####.net/a09cce0de7f8264b6a415977ca7f227b.jpg_sq
- i####.####.net/12ad913b360e79ed5bc934a029050b8f.jpg_sq
- i####.####.net/f56e09b69e0ebba332e8310feefd483a.jpg_180x180
- i####.####.net/669f88771903b28e72da6a051a64f72c.jpg_180x180
- i####.####.net/ca9f6b1e8ef942ede657084ec0fc10db.jpg_180x180
- d####.####.cn/jarFile/SDKAutoUpdate/hyjwan.jar
- i####.####.net/739e0c182a0eed717c22f61ba68c1897.jpg_sq
- i####.####.net/423ba3aa04a41a6e448c3e03033551dd.jpg_sq
- i####.####.net/669f88771903b28e72da6a051a64f72c.jpg_bi
- bai####.com/api/mobile/Mobile.adRecommend/?city=####&from=####&lat=####&...
- bai####.com/api/mobile/Resume.recommendPositions/?Ad-fields%5B0%5D=####&...
- i####.####.net/d5b9b877ef1696965961fe46aebeb6aa.jpg_bi
- i####.####.net/81b053be3d47ab30393fd8b155c93f49.jpg_180x180
- bai####.com/api/mobile/mobile.hotCategoryAds/?city=####&cityEnglishName=...
- i####.####.net/59c4f9ec2f17cbad1caa6badd4b45218.jpg_sq
- i####.####.net/0076b43629f30393790bdb6e72cbdb53.jpg_sq
- i####.####.net/d5b7552645fee10d209efc0ccbc32c5d.jpg_sq
- i####.####.net/1887bc06081165ed7d8906b21137d224.jpg_bi
- bai####.com/api/mobile/City.all/
- i####.####.net/22e96ddb493bc882ebaeb682d2160d1d.jpg_180x180
- i####.####.net/813bf80c3a6eed05d2460f78c3d8dcba.jpg_180x180
- i####.####.net/a6ca9d09c3826375a1aae045fe14f6a2.jpg_180x180
- m####.####.com/maps/api/geocode/json?address=####&sensor=####&language=#...
- i####.####.net/d5b9b877ef1696965961fe46aebeb6aa.jpg_180x180
- bai####.com/api/mobile/Mobile.config/?type=####
- bai####.com/api/mobile/mobile.hotAdsToday/?cityEnglishName=####&from=####
- bai####.com/api/mobile/Mobile.featureConfig/?key=####
- i####.####.net/5e68ba85bb274cb96a65f2e5eba147df.jpg_180x180
- i####.####.net/22e96ddb493bc882ebaeb682d2160d1d.jpg_sq
- i####.####.net/77047bb47306e0bf1dcc3c737571f024.jpg_180x180
- i####.####.net/980d1456cf2f40fcb31702c599a44453_sq
HTTP POST requests:
- s####.####.com/cw/interface!u2.action?protocol=####&version=####&cid=####
- bai####.com/api/mobile/mobile.trackdata/
- bai####.com/api/mobile/Promo.getEvent/
- s####.####.com/cw/cp.action?requestId=####&g=####
- a####.####.com/app_logs
Modified file system:
Creates the following files:
- <Package Folder>/files/sender_dir/tracker1496215314132.log
- <Package Folder>/files/_firstInVad
- <Package Folder>/shared_prefs/mobclick_agent_header_<Package>.xml
- <Package Folder>/files/udc/udclog
- <Package Folder>/shared_prefs/hasShownGuide.xml
- <Package Folder>/files/mobile_config
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/files/_city.3.6.0
- <Package Folder>/shared_prefs/W_Key.xml.bak
- <Package Folder>/shared_prefs/mobclick_agent_state_<Package>.xml
- <Package Folder>/files/umeng_update_check_flg
- <Package Folder>/files/Satllite.ca
- <Package Folder>/files/_hotlisthistory
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/files/SatData.Index
- <Package Folder>/files/_joblisthistory
- <Package Folder>/shared_prefs/com.baixing.pref.reddot.xml
- <Package Folder>/databases/network.db
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/shared_prefs/mobclick_agent_state_<Package>.xml.bak
- <Package Folder>/files/saveFirstStepCate
- <Package Folder>/databases/network.db-journal
- <Package Folder>/files/sender_dir/tracker1496215269118.log
- <Package Folder>/shared_prefs/bx_share_deviceID.xml
- <Package Folder>/databases/downloadswc
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/files/sender_dir/tracker1496215312271.log
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/files/_todayhotlisting
- <Package Folder>/files/cityjson
- <Package Folder>/files/Data.Index
- <Package Folder>/shared_prefs/mipush.xml
- <Package Folder>/files/cityName
- <Package Folder>/shared_prefs/mipush.xml.bak
- <Package Folder>/shared_prefs/todayhotTitle.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/files/_category.3.6.0
- <Package Folder>/shared_prefs/umeng_feedback_conversations.xml
- <Package Folder>/files/Grid.ca
Miscellaneous:
Executes next shell scripts:
- <dexopt>
Contains functionality to send SMS messages automatically.
