Technical information
Malicious functions:
Executes code of the following detected threats:
- Adware.Plague.1.origin
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.chuangk####.com:80
DNS requests:
- v.zq####.com
- v1.zq####.com
- v2.zq####.com
- www.chuangk####.com
HTTP POST requests:
- www.chuangk####.com/cms/mutual.ws
- www.chuangk####.com/mcd3/checkfilesupdate.jsp
File system changes:
Creates the following files:
- /data/data/####/classes.jar
- /data/data/####/client_ini.xml
- /data/data/####/dbwvx-journal
- /data/media/####/14_1347876224720_95683.png
- /data/media/####/29_1346047743240_461522.png
- /data/media/####/29_1347956226253_409433.jpg
- /data/media/####/29_1347959940483_204831.png
- /data/media/####/29_1347959940755_326523.png
- /data/media/####/29_1347959940788_924466.png
- /data/media/####/29_1347959940837_812991.png
- /data/media/####/29_1347959940871_472114.png
- /data/media/####/29_1347959940920_484491.png
- /data/media/####/29_1347959941004_216525.png
- /data/media/####/29_1347959941037_381245.png
- /data/media/####/29_1347959941087_315258.png
- /data/media/####/29_1347959941169_454693.png
- /data/media/####/29_1347959941203_618785.png
- /data/media/####/29_1347959941253_796278.png
- /data/media/####/29_1347960082679_562911.png
- /data/media/####/29_1347960726121_600503.png
- /data/media/####/29_1347961754907_559914.png
- /data/media/####/29_1347961755287_296266.png
- /data/media/####/29_1347961755339_487754.png
- /data/media/####/29_1347961755371_103887.png
- /data/media/####/29_1347962090839_800054.png
- /data/media/####/29_1348019320587_351318.png
- /data/media/####/29_1348019320938_690100.png
- /data/media/####/29_1348019320987_653482.png
- /data/media/####/29_1348019321020_735461.png
- /data/media/####/29_1348019321069_876791.png
- /data/media/####/29_1348020665576_469426.png
- /data/media/####/29_1348020960470_332174.png
- /data/media/####/29_1348021600073_181040.png
- /data/media/####/29_1348021907039_883123.png
- /data/media/####/29_1348023386164_129997.png
- /data/media/####/29_1348024347165_328528.png
- /data/media/####/29_1348025320798_262515.png
- /data/media/####/29_1348026110441_240802.png
- /data/media/####/29_1348031615362_80978.png
- /data/media/####/29_1348031746090_467690.png
- /data/media/####/29_1348031746686_841082.png
- /data/media/####/29_1348035528682_907525.png
- /data/media/####/29_1348036071708_173048.png
- /data/media/####/29_1348036637607_906622.png
- /data/media/####/29_1348037414281_846366.png
- /data/media/####/29_1348039799481_624461.png
- /data/media/####/29_1348039799753_495121.png
- /data/media/####/29_1348039799836_246595.png
- /data/media/####/29_1348040124862_327902.png
- /data/media/####/29_1348040125270_90816.png
- /data/media/####/29_1348041006568_381801.png
- /data/media/####/29_1348041561284_89564.png
- /data/media/####/29_1348042162806_608645.png
- /data/media/####/29_1348043181201_384590.png
- /data/media/####/29_1348043609589_965808.png
- /data/media/####/29_1348044130720_732248.png
- /data/media/####/29_1348044683525_709069.png
- /data/media/####/29_1348044684670_4754.png
- /data/media/####/29_1348044684703_270718.png
- /data/media/####/29_1348044684752_927868.png
- /data/media/####/29_1348044684787_93619.png
- /data/media/####/29_1348044684837_669341.png
- /data/media/####/29_1348044684869_200481.png
- /data/media/####/29_1348044768227_554050.png
- /data/media/####/29_1348046887013_556280.png
- /data/media/####/29_1348047188187_413330.png
- /data/media/####/29_1348047188919_11320.png
- /data/media/####/29_1348047188952_238568.png
- /data/media/####/29_1348047189003_742954.png
- /data/media/####/29_1348047189038_471938.png
- /data/media/####/29_1348048756185_178101.png
- /data/media/####/29_1348048756521_631818.png
- /data/media/####/29_1348048756570_873780.png
- /data/media/####/29_1348048756604_137659.png
- /data/media/####/29_1348735667078_979034.png
- /data/media/####/29_1348735667194_132236.png
- /data/media/####/352315050255997.txt
- /data/media/####/clientBase.json
- /data/media/####/nav_4000_711d2b44-6168-43d4-88aa-2a9ee6f8df53.json
- /data/media/####/nav_4000_a915706a-9314-4dc3-b3a8-ceb71576c1e6.json
- /data/media/####/nav_5000_f48530b3-cc1d-445e-97b9-fba782a434a0.json
- /data/media/####/navitem_5000_f48530b3-cc1d-445e-97b9-fba782a434a0.json
- /data/media/####/page_1004_164527b5-388a-4859-bbba-08e011577313.json
- /data/media/####/page_1004_16e587b3-1ce8-410b-88cc-4b495f8f2f7c.json
- /data/media/####/page_1004_2830840d-a42e-46c0-ae32-61001df7e80f.json
- /data/media/####/page_1004_2df9974f-0266-45a6-b294-9513ab145b6b.json
- /data/media/####/page_1004_37a45433-b99e-4b10-aab9-a1fef6d0fa79.json
- /data/media/####/page_1004_420bb4d8-f9e6-45f7-983d-ff57ac127ad0.json
- /data/media/####/page_1004_4291d44d-b351-4f06-ae66-19863bb52cf5.json
- /data/media/####/page_1004_4ada94b8-22fe-4974-b4f0-a8b3541ac449.json
- /data/media/####/page_1004_4ed017d8-0052-433e-9c28-1c2e9d99ec88.json
- /data/media/####/page_1004_51c02df3-8bb5-4ca2-93fa-5705b4645b76.json
- /data/media/####/page_1004_5c642b94-271f-4113-af3c-78ef4938f1fe.json
- /data/media/####/page_1004_62bcb8ee-a4ac-4b36-8c76-5fda7404f135.json
- /data/media/####/page_1004_664b5119-488d-4543-be62-8a16bd605fd3.json
- /data/media/####/page_1004_836ef416-7347-446d-8aa4-d42a745516c6.json
- /data/media/####/page_1004_880eca76-88be-4351-b8e7-52d9f2e84614.json
- /data/media/####/page_1004_94ecad8c-ea82-4953-9216-62e6957c7d05.json
- /data/media/####/page_1004_9dbd9397-437b-44e1-a5a0-3573e348bc35.json
- /data/media/####/page_1004_aed7e1e0-a47e-48a9-a5b4-ac2b327f5416.json
- /data/media/####/page_1004_be0f631f-e798-409f-914e-aa0255138857.json
- /data/media/####/page_1004_c29068d8-e70b-4a77-8889-7f3138b0fca1.json
- /data/media/####/page_1004_c7744079-5c6a-4727-b8f1-d694c2dc580e.json
- /data/media/####/page_1004_d728db97-ef12-4b58-a3cc-461ede04b53c.json
- /data/media/####/page_1004_edbba8fa-484c-4cf1-8d64-d5c35c1a3077.json
- /data/media/####/page_1_6b366982-2c34-4c5a-80c1-72ea10c7669f.json
- /data/media/####/pageitem2_1004_164527b5-388a-4859-bbba-08e011577313.json
- /data/media/####/pageitem2_1004_16e587b3-1ce8-410b-88cc-4b495f8f2f7c.json
- /data/media/####/pageitem2_1004_2830840d-a42e-46c0-ae32-61001df7e80f.json
- /data/media/####/pageitem2_1004_2df9974f-0266-45a6-b294-9513ab145b6b.json
- /data/media/####/pageitem2_1004_37a45433-b99e-4b10-aab9-a1fef6d0fa79.json
- /data/media/####/pageitem2_1004_420bb4d8-f9e6-45f7-983d-ff57ac127ad0.json
- /data/media/####/pageitem2_1004_4291d44d-b351-4f06-ae66-19863bb52cf5.json
- /data/media/####/pageitem2_1004_4ada94b8-22fe-4974-b4f0-a8b3541ac449.json
- /data/media/####/pageitem2_1004_4ed017d8-0052-433e-9c28-1c2e9d99ec88.json
- /data/media/####/pageitem2_1004_51c02df3-8bb5-4ca2-93fa-5705b4645b76.json
- /data/media/####/pageitem2_1004_5c642b94-271f-4113-af3c-78ef4938f1fe.json
- /data/media/####/pageitem2_1004_62bcb8ee-a4ac-4b36-8c76-5fda7404f135.json
- /data/media/####/pageitem2_1004_664b5119-488d-4543-be62-8a16bd605fd3.json
- /data/media/####/pageitem2_1004_836ef416-7347-446d-8aa4-d42a745516c6.json
- /data/media/####/pageitem2_1004_880eca76-88be-4351-b8e7-52d9f2e84614.json
- /data/media/####/pageitem2_1004_94ecad8c-ea82-4953-9216-62e6957c7d05.json
- /data/media/####/pageitem2_1004_9dbd9397-437b-44e1-a5a0-3573e348bc35.json
- /data/media/####/pageitem2_1004_aed7e1e0-a47e-48a9-a5b4-ac2b327f5416.json
- /data/media/####/pageitem2_1004_be0f631f-e798-409f-914e-aa0255138857.json
- /data/media/####/pageitem2_1004_c29068d8-e70b-4a77-8889-7f3138b0fca1.json
- /data/media/####/pageitem2_1004_c7744079-5c6a-4727-b8f1-d694c2dc580e.json
- /data/media/####/pageitem2_1004_d728db97-ef12-4b58-a3cc-461ede04b53c.json
- /data/media/####/pageitem2_1004_edbba8fa-484c-4cf1-8d64-d5c35c1a3077.json
- /data/media/####/pageitem_1004_164527b5-388a-4859-bbba-08e011577313.json
- /data/media/####/pageitem_1004_16e587b3-1ce8-410b-88cc-4b495f8f2f7c.json
- /data/media/####/pageitem_1004_2830840d-a42e-46c0-ae32-61001df7e80f.json
- /data/media/####/pageitem_1004_2df9974f-0266-45a6-b294-9513ab145b6b.json
- /data/media/####/pageitem_1004_37a45433-b99e-4b10-aab9-a1fef6d0fa79.json
- /data/media/####/pageitem_1004_420bb4d8-f9e6-45f7-983d-ff57ac127ad0.json
- /data/media/####/pageitem_1004_4291d44d-b351-4f06-ae66-19863bb52cf5.json
- /data/media/####/pageitem_1004_4ada94b8-22fe-4974-b4f0-a8b3541ac449.json
- /data/media/####/pageitem_1004_4ed017d8-0052-433e-9c28-1c2e9d99ec88.json
- /data/media/####/pageitem_1004_51c02df3-8bb5-4ca2-93fa-5705b4645b76.json
- /data/media/####/pageitem_1004_5c642b94-271f-4113-af3c-78ef4938f1fe.json
- /data/media/####/pageitem_1004_62bcb8ee-a4ac-4b36-8c76-5fda7404f135.json
- /data/media/####/pageitem_1004_664b5119-488d-4543-be62-8a16bd605fd3.json
- /data/media/####/pageitem_1004_836ef416-7347-446d-8aa4-d42a745516c6.json
- /data/media/####/pageitem_1004_880eca76-88be-4351-b8e7-52d9f2e84614.json
- /data/media/####/pageitem_1004_94ecad8c-ea82-4953-9216-62e6957c7d05.json
- /data/media/####/pageitem_1004_9dbd9397-437b-44e1-a5a0-3573e348bc35.json
- /data/media/####/pageitem_1004_aed7e1e0-a47e-48a9-a5b4-ac2b327f5416.json
- /data/media/####/pageitem_1004_be0f631f-e798-409f-914e-aa0255138857.json
- /data/media/####/pageitem_1004_c29068d8-e70b-4a77-8889-7f3138b0fca1.json
- /data/media/####/pageitem_1004_c7744079-5c6a-4727-b8f1-d694c2dc580e.json
- /data/media/####/pageitem_1004_d728db97-ef12-4b58-a3cc-461ede04b53c.json
- /data/media/####/pageitem_1004_edbba8fa-484c-4cf1-8d64-d5c35c1a3077.json
Miscellaneous:
Uses the following algorithms to encrypt data:
- DES-ECB-PKCS5Padding
Gets information about phone status (number, IMEI, etc.).
Gets information about running apps.
Displays its own windows over windows of other apps.
