Technical information
Malicious functions:
Sends SMS messages:
- 12114: HZSY#####
Sends data on received text messages to remote host.
Network activity:
Connecting to:
- sdku####.####.com
- mo####.####.com
- dynami####.####.com
- c####.####.com
- mmy####.####.com
- vide####.####.cn
- priceru####.####.com
HTTP GET requests:
- priceru####.####.com/price-rule-cmp/rule/matchRule?version=####&deviceId=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=#...
- vide####.####.cn/20170318/e4888508-a8c7-47ae-8d9b-beabdfd47fa7-banner.jpg
- vide####.####.cn/20170317/bf739e2a-c8dc-42ca-b101-b019fd57f9fe-%E4%B8%80%E8%BC%AA%E8%BB%8A%E3%80%81%E5%A9%A6%E8%AD%A6%E3%81%95%E3%82%93.jpg
- mmy####.####.com/mmys-cps/styleTopChlVideo.service?pageNo=####&pageSize=####&showStyle=####&rv=####&deviceId=####&uuid=####&imei=####&imsi=####&manufa...
- vide####.####.cn/20170322/58d4c0b8-2aa5-4430-873f-d7ab0f9cff8c-h_479gne00164jp-13.jpg
- vide####.####.cn/20170317/71e2b21e-c2ee-4afc-ac44-b84552f14d0d-%E5%83%95%E3%81%A0%E3%81%91%E3%81%AE%E5%A5%B3%E6%95%99%E5%B8%AB.jpg
- c####.####.com/ip2city.asp
- mmy####.####.com/mmys-cps/runConfig.service?deviceId=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&appId=####&dc...
- vide####.####.cn/20170318/06c74910-1128-4575-9672-3ab8ea9bf53f-oba00312jp-9.jpg
- vide####.####.cn/20170321/8002f9c9-97f7-45f6-b218-4bf70cc8c23f-h_838apol00033.jpg
- mmy####.####.com/mmys-cps/rdContent.service?deviceId=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&app...
- mmy####.####.com/mmys-cps/bannerInfo.service?showStyle=####&deviceId=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&...
HTTP POST requests:
- dynami####.####.com/dynamicpay//getSyFormalChannels.json?
- mmy####.####.com/mmys-cps/userVisit.service?deviceId=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=####&app...
- mmy####.####.com/mmys-cps/userActivation.service?deviceId=####&uuid=####&imei=####&imsi=####&manufacturer=####&model=####&versionCode=####&ditchNo=###...
- sdku####.####.com/sdk-update/sdkUpdateCdnUpload.json
- mo####.####.com/mobile-service/getImsiMobilePhone.json
Modified file system:
Creates the following files:
- /data/data/####/shared_prefs/global_count.xml.bak
- /data/data/####/cache/picasso-cache/c8f6800f50b1513f4b2385de2b451af0.1.tmp
- /data/data/####/cache/picasso-cache/935b2ac7769b387ff3c5d33cbf49f15b.1.tmp
- /data/data/####/shared_prefs/ds_configer.xml
- /data/data/####/shared_prefs/trigger_recorder.xml.bak
- /data/data/####/shared_prefs/time.xml
- /data/data/####/databases/sy_pay_record-journal
- /data/data/####/shared_prefs/uuid.xml
- /data/data/####/cache/picasso-cache/04031b061d59dd6b595c32d90205f136.0.tmp
- /data/data/####/cache/picasso-cache/94b5fbb499b468825a79f69794f44f62.0.tmp
- /data/data/####/cache/picasso-cache/e7dc7ab0358d8b31da10abed8f763452.0.tmp
- /data/data/####/shared_prefs/global_count.xml
- /data/data/####/cache/picasso-cache/c8f6800f50b1513f4b2385de2b451af0.0.tmp
- /data/data/####/databases/webview.db-journal
- /data/data/####/databases/statistics_db-journal
- /sdcard/SYPAYFILENAME/CACHE/SMSCACHE/ISDELSMS
- /data/data/####/databases/sy_video_data_cache-journal
- /data/data/####/shared_prefs/p_config.xml
- /data/data/####/shared_prefs/trigger_recorder.xml
- /data/data/####/databases/upgrade_app-journal
- /data/data/####/files/gaClientId
- /data/data/####/cache/picasso-cache/2933912231905691ba9ff5a9fd0a8bec.0.tmp
- /data/data/####/databases/recommend_app-journal
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/cache/picasso-cache/e7dc7ab0358d8b31da10abed8f763452.1.tmp
- /data/data/####/databases/google_analytics_v2.db-journal
- /data/data/####/databases/statistics_db
- /data/data/####/cache/picasso-cache/94b5fbb499b468825a79f69794f44f62.1.tmp
- /data/data/####/cache/picasso-cache/04031b061d59dd6b595c32d90205f136.1.tmp
- /data/data/####/cache/picasso-cache/935b2ac7769b387ff3c5d33cbf49f15b.0.tmp
- /data/data/####/cache/picasso-cache/2933912231905691ba9ff5a9fd0a8bec.1.tmp
Miscellaneous:
Contains functionality to send SMS messages automatically.
