Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.DownLoader.743.origin
Network activity:
Connecting to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.0) pis.al####.com:80
- TCP(HTTP/1.1) pus.al####.com:80
- TCP(HTTP/1.1) cdn.game####.org:80
- TCP(HTTP/1.1) pss.al####.com:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) pns.al####.com:443
- TCP(TLS/1.0) 1####.217.20.110:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) l####.4####.top:443
DNS requests:
- cdn.game####.org
- g####.face####.com
- l####.4####.top
- pag####.googles####.com
- pis.al####.com
- pns.al####.com
- proxy####.aliv####.com
- pss.al####.com
- pus.al####.com
HTTP GET requests:
- cdn.game####.org/strategy/11a3004d25017230
- cdn.game####.org/strategy/15fb6224701377a1
- cdn.game####.org/strategy/1ae9b32c6e832e41
- cdn.game####.org/strategy/240b5f1e461d069c
- cdn.game####.org/strategy/351aa6386a77d89f
- cdn.game####.org/strategy/91259b7a8e5f58ee
- cdn.game####.org/strategy/base
- cdn.game####.org/strategy/fc10be62df60ba0f
- pus.al####.com/kernal/sdkcontrol/vod_android-mobile_x86_9.1.1.1220.jpg
HTTP POST requests:
- pis.al####.com/p/pcdn/i.php?v=####
- pss.al####.com/iku/log/acc
- pss.al####.com/iku/log/acc?ver=####&flag=####&t=####&mytype=####
Modified file system:
Creates the following files:
- /data/data/####/07078dca-1660-4d06-9250-0c4eda09c1d9
- /data/data/####/102ad32edbbe15be6a852c9639e232a7
- /data/data/####/16247433229d8cccb424536e6d9bc6a4
- /data/data/####/1cd75ca0-21c2-418f-a941-5b92c53df35f.jar
- /data/data/####/41547464-4d33-4450-9522-de9732fc1290
- /data/data/####/43227513780f9a53a644ee736fe98f62
- /data/data/####/5553a0bd15ea1d729be5500dd0b434bd
- /data/data/####/863fddf5-35d7-494d-ae83-a2eb840ca01e
- /data/data/####/8932fcc0-ee2f-49b4-8597-e40ff85c4848
- /data/data/####/8a38f67b-8ce7-4dca-846e-af3a2dec2975
- /data/data/####/90455067-605f-455e-888c-57fdc50613fa
- /data/data/####/9d64b717-c447-4eac-8042-a0433b61e8c7
- /data/data/####/FBAdPrefs.xml
- /data/data/####/Matrix
- /data/data/####/SDKIDFA.xml
- /data/data/####/SUBOXLOG_
- /data/data/####/a42a6dbb-a8d9-47f2-9163-535de0656c40
- /data/data/####/c555f65c72344cea54472e5d056e24b3
- /data/data/####/com.androidrocker.taskkilleremtgdugbelzy_preferences.xml
- /data/data/####/com.facebook.ads.FEATURE_CONFIG.xml
- /data/data/####/ddexe
- /data/data/####/debuggerd
- /data/data/####/device.db
- /data/data/####/e01a6afb33753a506c45f8938a4c6fa6
- /data/data/####/fbc49896-ac4d-42a3-8d38-de6fadb11374
- /data/data/####/fileWork
- /data/data/####/install-recovery.sh
- /data/data/####/libpcdn_acc.zip
- /data/data/####/libpcdn_acc_new.so
- /data/data/####/mivmi.xml
- /data/data/####/mivmi.xml.bak (deleted)
- /data/data/####/pcdnconfigs.xml
- /data/data/####/pcdnconfigs.xml.bak
- /data/data/####/pidof
- /data/data/####/root3
- /data/data/####/su
- /data/data/####/supolicy
- /data/data/####/toolbox
- /data/data/####/vmeni.db-journal
- /data/data/####/white_list_preference.xml
- /data/data/####/wsroot.sh
- /data/media/####/myself.dat
Miscellaneous:
Executes next shell scripts:
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- sh
Loads the following dynamic libraries:
- libpcdn_acc
- pcdn_acc
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about running applications.
Displays its own windows over windows of other applications.