Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.RemoteCode.251.origin
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) n####.oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) 1####.178.29.44:80
- TCP(HTTP/1.1) n####.cdn.bc####.####.com:80
- TCP(HTTP/1.1) 1####.77.154.35:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) n####.b0.a####.com:80
- TCP(HTTP/1.1) 2####.119.128.55:80
- TCP(HTTP/1.1) nwv####.b0.upa####.com:80
- TCP(HTTP/1.1) 1####.190.181.236:80
- TCP(TLS/1.0) 1####.77.154.35:443
- TCP(TLS/1.0) n####.cdn.bc####.####.com:443
DNS requests:
- a####.u####.com
- d####.cdn.bc####.com
- img.yo####.cn
- mt####.go####.com
- n####.cdn.bc####.com
- n####.oss-cn-####.aliy####.com
- n####.yo####.cn
- nwv####.b0.upa####.com
- oc.u####.com
HTTP GET requests:
- 1####.178.29.44/api.txt?167834####
- 1####.178.29.44/api.txt?172411####
- 1####.77.154.35/shua_item/5cee51efb36ad.png
- 1####.77.154.35/shua_item/dianjuan.jpg
- 1####.77.154.35/shua_item/wzry_juyoujing.jpg
- 1####.77.154.35/shua_item/wzry_tmll.jpg
- n####.b0.a####.com/56650c656db86.png!jpg
- n####.b0.a####.com/576772f7144e9.png!jpg
- n####.b0.a####.com/576b81cc0c6f4.png
- n####.b0.a####.com/5a4ee84bda9cd.png
- n####.b0.a####.com/5cee4a8c99d5d.png
- n####.b0.a####.com/update/plugin_hpjy1038
- n####.cdn.bc####.####.com/downfile166/317/hpjy/12773/和平精英-点券插件.zip
- n####.cdn.bc####.####.com/shua_item/diyuhuo2.jpg
- n####.cdn.bc####.####.com/shua_item/maoninag3.jpg
- n####.cdn.bc####.####.com/shua_item/wzry_bfzs.jpg
- n####.cdn.bc####.####.com/shua_item/wzry_bzhw.jpg
- n####.cdn.bc####.####.com/shua_item/wzry_dwxz2.jpg
- n####.cdn.bc####.####.com/shua_item/wzry_libaifeng.jpg
- n####.cdn.bc####.####.com/shua_item/wzry_mrjj2.jpg
- n####.cdn.bc####.####.com/shua_item/wzry_tezm.jpg
- n####.cdn.bc####.####.com/shua_item/wzry_zhuanshi8.jpg
- n####.oss-cn-####.aliy####.com/api.txt?-183773####
- n####.oss-cn-####.aliy####.com/api.txt?188664####
- nwv####.b0.upa####.com/wzry.mp4
HTTP POST requests:
- 2####.119.128.55/check_config_update
- a####.u####.com/app_logs
- oc.u####.com/check_config_update
File system changes:
Creates the following files:
- /data/data/####/.imprint
- /data/data/####/1171397085598696573
- /data/data/####/AndroidVideoCache.db-journal
- /data/data/####/com.kbchpcr76.f50u3btkm.xml
- /data/data/####/com.kbchpcr76.f50u3btkm.xml.bak
- /data/data/####/e.jar
- /data/data/####/mobclick_agent_online_setting_com.kbchpcr76.f50u3btkm.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/win.apk
- /data/data/####/win.apk (deleted)
- /data/media/####/.nomedia
- /data/media/####/0b273141b899eac4fb4d03a2976e18b9.mp4.download
- /data/media/####/1cry9ainzngob6gx606ooj5vw.0.tmp
- /data/media/####/1hhnxss37g3eyo3b7z9nsh0uf.0.tmp
- /data/media/####/1njgqwvefkyfqvd3vwbc6080.0.tmp
- /data/media/####/2ds8qdxvmy49f95woln4nq9dz.0.tmp
- /data/media/####/2f82xgo6q6sfmy2v92j4ranx1.0.tmp
- /data/media/####/2k9bgz9a2xim3f6tvt56uzjl9.0.tmp
- /data/media/####/37f6oc5h40l3d1ecix1vfz1a.0.tmp
- /data/media/####/3c8wh6hi0l08eonezjr34e5sf.0.tmp
- /data/media/####/3eh81xgl4fh5lt44p585pbp4p.0.tmp
- /data/media/####/45ma4diq8f0m3uvwk6nrnj8xr.0.tmp
- /data/media/####/4xlf0axa9ykcfa277mngelzrx.0.tmp
- /data/media/####/5b960wg8fcltulc7c7322jfov.0.tmp
- /data/media/####/5dkkhk3xz0za37q2gerwc4vk6.0.tmp
- /data/media/####/5wbonuofqrr0lqrssjdxo9e3s.0.tmp
- /data/media/####/6ahula18mv2dyf1rbn2bfup39.0.tmp
- /data/media/####/6eubc3u8h58twa5xtja9sfz0r.0.tmp
- /data/media/####/6l1l145o22kng2ml1tg0b6s4h.0.tmp
- /data/media/####/6lq87bnwuy2vs06ksiev6curk.0.tmp
- /data/media/####/7n90i12n3395o5u6pel2qdhm.0.tmp
- /data/media/####/et4ii7j0hi6gj1zvlrp7r2oc.0.tmp
- /data/media/####/f91z5aaogrdgmzaspu9zmiql.0.tmp
- /data/media/####/johapn9usur8a23cw2xlyujl.0.tmp
- /data/media/####/journal
- /data/media/####/journal.tmp
- /data/media/####/plugin_hpjy1038
- /data/media/####/和平精英-点券插件.zip
Miscellaneous:
Loads the following dynamic libraries:
- ak
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS7Padding
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
