Technical information
Malicious functions:
Sends SMS messages:
- +919222208888: ACTA QTxm0bjLKwD301DjIgV8gg%3D%3D
Modified file system:
Creates the following files:
- <Package Folder>/app___WL_EVENTS/####/.filelock
- <Package Folder>/app___WL_EVENTS/####/.filelock (deleted)
- <Package Folder>/app_database/####/0000000000000001.db-journal (deleted)
- <Package Folder>/app_database/####/file__0.localstorage-journal (deleted)
- <Package Folder>/app_database/ApplicationCache.db-journal
- <Package Folder>/app_database/ApplicationCache.db-journal (deleted)
- <Package Folder>/app_database/CachedGeoposition.db
- <Package Folder>/app_database/CachedGeoposition.db-journal (deleted)
- <Package Folder>/app_database/Databases.db-journal
- <Package Folder>/app_database/Databases.db-journal (deleted)
- <Package Folder>/app_database/GeolocationPermissions.db-journal (deleted)
- <Package Folder>/databases/contactsManager
- <Package Folder>/databases/contactsManager-journal
- <Package Folder>/databases/data-journal
- <Package Folder>/databases/google_analytics_v2.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
- <Package Folder>/files/####/592EB0D801CF-0001-084B-247DA77D4382BeginSession.cls_temp
- <Package Folder>/files/####/592EB0D801CF-0001-084B-247DA77D4382SessionApp.cls_temp
- <Package Folder>/files/####/592EB0D801CF-0001-084B-247DA77D4382SessionDevice.cls_temp
- <Package Folder>/files/####/592EB0D801CF-0001-084B-247DA77D4382SessionOS.cls_temp
- <Package Folder>/files/####/com.crashlytics.settings.json
- <Package Folder>/files/####/initialization_marker
- <Package Folder>/files/####/sa_6adc55f0-18f5-4c08-978d-32a34d367b47_1496232152601.tap
- <Package Folder>/files/####/sa_a4fa5220-3266-408e-8ffb-972ff2f06b97_1496232153852.tap
- <Package Folder>/files/####/session_analytics.tap
- <Package Folder>/files/####/session_analytics.tap.tmp
- <Package Folder>/files/.keystore
- <Package Folder>/files/analytics.log.0
- <Package Folder>/files/analytics.log.0.lck (deleted)
- <Package Folder>/files/gaClientId
- <Package Folder>/files/runningAlarmList
- <Package Folder>/files/wl.log.0
- <Package Folder>/files/wl.log.0.lck (deleted)
- <Package Folder>/shared_prefs/CookiePrefsFile.xml
- <Package Folder>/shared_prefs/CookiePrefsFile.xml.bak
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/shared_prefs/WLPrefs.xml
- <Package Folder>/shared_prefs/XTIFY_SDK_DATA.xml
- <Package Folder>/shared_prefs/XTIFY_SDK_DATA.xml.bak
- <Package Folder>/shared_prefs/appPrefs.xml
- <Package Folder>/shared_prefs/appsflyer-data.xml
- <Package Folder>/shared_prefs/appsflyer-data.xml.bak
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android.crashlytics-core;com.crashlytics.android.core.CrashlyticsCore.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answers;settings.xml
- <Package Folder>/shared_prefs/com.example.app.xml
- <Package Folder>/shared_prefs/com.google.android.gcm.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml
- <Package Folder>/shared_prefs/com.google.android.gms.measurement.prefs.xml.bak
- <Package Folder>/shared_prefs/com.worklight.common.Logger.xml
- <Package Folder>/shared_prefs/com.worklight.common.Logger.xml.bak
- <Package Folder>/shared_prefs/com.xtify.WakefulIntentService.xml
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;a.a.a.a.q.xml
- <Package Folder>/shared_prefs/register_prefrence.xml
