Android.Packed.21520

Added to the Dr.Web virus database: 2017-05-15

Virus description added: 2017-05-15

Technical information

Malicious functions:

Executes code of the following detected threats:

Android.Mixi.16.origin
Android.Mixi.13.origin

Removes its shortcut from the home screen.

Network activity:

Connecting to:

g####.####.com

HTTP GET requests:

g####.####.com/cr/sdk/goplaysdk_statistics_method.dat

HTTP POST requests:

g####.####.com/cr/sv/getEPList

Modified file system:

Creates the following files:

/data/data/####/shared_prefs/####_preferences.xml
/data/data/####/files/1494813413881.jar
/data/data/####/files/hftJcw46N.jar
/data/data/####/files/1494813398179_cgr.so
/data/data/####/shared_prefs/config.xml
/data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s

Sets the 'executable' attribute to the following files:

/data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s

Miscellaneous:

Executes next shell scripts:

sh -c rm /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
getenforce
sh -c rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
/system/bin/dexopt --dex 27 43 40 12256 /data/data/####/files/hftJcw46N.jar 1232566089 1144324189 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/
rm /data/data/####/files/hftJcw46N.dex
sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
sh -c rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
rm -f /data/data/####/files/hftJcw46N.dex
/data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h f4443bdce53f4830ae18acccd520137f /data/data/####/.syslib-
chmod 0771 /data/data/####/.syslib-
sh -c rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
sh -c rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
/system/bin/dexopt --dex 27 44 40 66944 /data/data/####/files/1494813413881.jar 1251052727 1662001824 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framew
rm /data/data/####/files/hftJcw46N.jar
rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
sh /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h f4443bdce53f4830ae18acccd520137f /data/data/####/.syslib-
sh -c /system/usr/toolbox rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
sh -c rm /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
rm -f /data/data/####/files/hftJcw46N.jar
rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s

Contains functionality to send SMS messages automatically.

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical information

Curing recommendations

Free trial