Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.HiddenAds.1200
Downloads the following detected threats from the Internet:
- Android.HiddenAds.1200
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) v2.g####.qq.com:80
- TCP(HTTP/1.1) ei.c####.com:80
- TCP(HTTP/1.1) ser####.ad.a####.com:80
- TCP(HTTP/1.1) dn.tc####.com:80
- TCP(HTTP/1.1) pi####.qq.com:80
- TCP(HTTP/1.1) daliu####.c####.qini####.com:80
- TCP(HTTP/1.1) 01img####.eas####.com.####.com:80
- TCP(HTTP/1.1) g####.mc####.com:9013
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) d####.wos####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) api.ia####.com:651
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) ser####.vid####.a####.com:80
- TCP(HTTP/1.1) a.bjsd####.com:80
- TCP(HTTP/1.1) z####.heyc####.net:80
- TCP(HTTP/1.1) p.zcul####.net:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) ser####.kv.dandanj####.tv:80
- TCP(HTTP/1.1) w####.pcon####.com.cn:80
- TCP(HTTP/1.1) d####.dd7####.com:80
- TCP(HTTP/1.1) i####.a####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(HTTP/1.1) s.androi####.com:80
- TCP(HTTP/1.1) d.bjsd####.com:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) anal####.a####.com:80
- TCP(HTTP/1.1) s####.caiji####.com:666
- TCP(HTTP/1.1) php.sho####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) a####.caiji####.com:80
- TCP(SSL/3.0) ada####.m.ta####.com:443
- TCP(TLS/1.0) 1####.217.17.46:443
- TCP(TLS/1.0) st####.adhu####.com:443
- TCP(TLS/1.0) ser####.vid####.a####.com:443
- TCP(TLS/1.0) e.crashly####.com:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) ada####.m.ta####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) dis####.eq####.com:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) sh.wagbr####.ta####.com:443
- TCP(TLS/1.0) api.w####.com:443
- TCP(TLS/1.0) s####.yy.com:443
- TCP(TLS/1.0) aliyuno####.oss-cn-####.aliy####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) feedbac####.aliy####.com:443
- TCP(TLS/1.0) clien####.i####.net:443
- TCP(TLS/1.0) ei.c####.com:443
- TCP(TLS/1.0) cdn.boo####.com.####.com:443
- TCP(WHOIS) w####.a####.net:43
- TCP(WHOIS) w####.afr####.net:43
DNS requests:
- 01img####.eas####.com
- 1####.i####.com
- a####.caiji####.com
- a####.man.aliy####.com
- a####.u####.com
- a.bjsd####.com
- ada####.ut.ta####.com
- adas####.ut.ta####.com
- aliyuno####.oss-cn-####.aliy####.com
- aliyuno####.oss-cn-####.aliy####.com
- anal####.a####.com
- and####.cli####.go####.com
- api.16####.com
- api.ia####.com
- api.map.b####.com
- api.w####.com
- c####.mm####.com
- c.c####.com
- cdn.boo####.com
- cdn.v####.aib####.####.tv
- clien####.i####.net
- d####.dd7####.com
- d####.wos####.com
- d.bjsd####.com
- dis####.eq####.com
- dn.tc####.com
- e.crashly####.com
- ei.c####.com
- feedbac####.aliy####.com
- g####.mc####.com
- i####.a####.com
- i####.adhu####.com
- i####.adhu####.com
- i####.adhu####.com
- i####.aib####.a####.com
- img.aib####.a####.com
- imgc####.qq.com
- k####.kyli####.com
- loc.map.b####.com
- mi.g####.qq.com
- mt####.go####.com
- nfsjar####.funu####.com
- p####.ugd####.com
- p.zcul####.net
- php.sho####.com
- pi####.qq.com
- qzones####.g####.cn
- s####.caiji####.com
- s####.e.qq.com
- s####.yy.com
- s.androi####.com
- s19.c####.com
- ser####.ad.a####.com
- ser####.aib####.a####.com
- ser####.kv.dandanj####.tv
- ser####.ne####.a####.com
- ser####.vid####.a####.com
- sett####.crashly####.com
- st####.adhu####.com
- v2.g####.qq.com
- w####.a####.net
- w####.afr####.net
- w####.pcon####.com.cn
- z####.heyc####.net
- z2.c####.com
- z5.c####.com
- z8.c####.com
- z9.c####.com
HTTP GET requests:
- 01img####.eas####.com.####.com/mobile/20190417/20190417214845_fe1d46ebf4...
- anal####.a####.com/v1/client/skin?adult=####
- anal####.a####.com/v1/user/title?adult=####
- anal####.a####.com/v1/wallpaper/album/4e4d697e05697911c9000004/wallpaper...
- anal####.a####.com/v1/wallpaper/category
- anal####.a####.com/v1/wallpaper/tab?channel=####&version=####
- anal####.a####.com/v3/homepage?order=####&adult=####&first=####&did=####...
- d####.dd7####.com//upload/plog/dfkn.jar
- d####.dd7####.com//upload/sdk2/SDK31dex20190220.jar
- d####.dd7####.com//upload/sdk2/sdk04dex20190218.jar
- d####.dd7####.com//upload/sdk3/cjmob20190301.jar
- d####.dd7####.com//upload/sdk3/papp20190412.jar
- d####.dd7####.com/upload/plog/N38de20181225.jar
- d####.dd7####.com/upload/plog/mfgz.jar
- d####.dd7####.com/upload/sdk3/SSDK_28.jar
- daliu####.c####.qini####.com/uploadToEnCode/1555503565544179.jar
- dn.tc####.com/dnfile/image/bxm/wg_0104_v11_011_1f.jar
- ei.c####.com/stat.htm?id=####&cnzz_eid=####
- i####.a####.com/5cadb3cde7bce7210c064b64?imageMo####&adult=####
- i####.a####.com/5cadb3cde7bce7210c064b64?imageVi####
- i####.a####.com/5cb46800e7bce720a3e55420?imageVi####
- i####.a####.com/download/53bcf873174cf12dc1add149
- mi.g####.qq.com/gdt_mview.fcg?actual_width=####&count=####&r=####&templa...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.appcache
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.html
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/banner_close_b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg03.jpg
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg07.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close03.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon....
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon_...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/gdt_logo_black...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/icon-ad.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/sdk_bg.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tc-gdt-sdk-ope...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js-release/20170821/b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js/lib/require.js
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- s####.tc.qq.com/gdt/0/EAAGTJ3ABIABIAAAAopBcIfrXCQDtTRqL.jpg/0?ck=####
- s.androi####.com/5cac2488042208701dc2f1ca.jpg?imageMo####&sign=####&t=####
- s.androi####.com/android_res/fanxing.jpg
- s.androi####.com/download/56acc35594e5cc4e57208111
- s.androi####.com/download/56acc35594e5cc4e57208139
- s.androi####.com/download/59d21e58e7bce729bf148a8a
- s.androi####.com/download/59e4557de7bce729760f486c
- s.androi####.com/download/5a6b127de7bce724f43e8b22
- s.androi####.com/download/5ae1d209e7bce7253c78d55c
- s.androi####.com/download/5c0be69d31f613480958804f
- s.androi####.com/download/5ca62a9f04220878da584c6a
- s.androi####.com/videowp/1212.png
- ser####.ad.a####.com/v3/ad/appdetail?app=####&iso=####&osVer=####&mcc=##...
- ser####.ad.a####.com/v3/ad/bundle?position=####&app=####&iso=####&osVer=...
- ser####.ad.a####.com/v3/ad/config?os=####&model=####&apiver=####&osversi...
- ser####.ad.a####.com/v3/ad/list?app=####&iso=####&osVer=####&mcc=####&o=...
- ser####.ad.a####.com/v3/ad/splash?app=####&iso=####&osVer=####&mcc=####&...
- ser####.ad.a####.com/v3/ad?limit=####&os=####&model=####&apiver=####&osv...
- ser####.kv.dandanj####.tv/online/params?os=####¤ttime=####&sys=###...
- ser####.kv.dandanj####.tv/online/params?package_name=####&adult=####
- ser####.vid####.a####.com/v1/news?adult=####&skip=####
- ser####.vid####.a####.com/v3/ad?limit=####&os=####&model=####&apiver=###...
- v2.g####.qq.com/gdt_stats.fcg?viewid=####&i=####&os=####&xp=####
HTTP POST requests:
- a####.caiji####.com/v2/load/mobile
- a####.u####.com/app_logs
- a.bjsd####.com/index.php?r=####
- anal####.a####.com/v2/picasso/app
- anal####.a####.com/v2/picasso/event
- anal####.a####.com/v2/picasso/page
- anal####.a####.com/v2/picasso/user
- anal####.a####.com/v2/picasso/visit
- anal####.a####.com/v2/wallpaper/wallpaper/5cadb3cde7bce7210c064b64/comment
- anal####.a####.com/v2/wallpaper/wallpaper/5cb46800e7bce720a3e55420/comment
- api.ia####.com:651/api_yi.aspx
- api.ia####.com:651/slsdk/getdata.aspx
- api.ia####.com:651/slsdk/settings.aspx
- d####.wos####.com/upload/longheartbeat.jsp
- d.bjsd####.com/index.php?r=####
- g####.mc####.com:9013/nfs/nf_s/g_s
- g####.mc####.com:9013/nfs/nf_s/u_j
- loc.map.b####.com/sdk.php
- p.zcul####.net/m/a/t
- php.sho####.com/index.php?r=####
- pi####.qq.com/mstat/report/?index=####
- s####.caiji####.com:666/v1/config
- s####.e.qq.com/activate
- sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
- w####.pcon####.com.cn/ip.jsp
- z####.heyc####.net/getlist
- z####.heyc####.net/xlogin
File system changes:
Creates the following files:
- /data/data/####/-14865063182108287675
- /data/data/####/-1638584026-1972633337
- /data/data/####/-37512920-1972633337
- /data/data/####/-429377843-867035321
- /data/data/####/-961972195-24208479
- /data/data/####/.imprint
- /data/data/####/.mta-wxop.xml
- /data/data/####/0f8bd3b6c1cd045fe11029d94a11325e5ac3a3cfe49388d....0.tmp
- /data/data/####/1278178008-185176266
- /data/data/####/15555227031555503565544179_.jar
- /data/data/####/1743893553-1300369221
- /data/data/####/2314.yaqcookie
- /data/data/####/335459319bf031d52e9ebf2164de5a2ac1c1987be0c1e02....0.tmp
- /data/data/####/34611b35351acac5d13d55abaf808381e3dbd32aa09f643....0.tmp
- /data/data/####/379697900544384938
- /data/data/####/399239022544384938
- /data/data/####/4709d5985d6392c7ddba94dafe4894313a45341e0c4338b....0.tmp
- /data/data/####/54635211575426602
- /data/data/####/5CB76440000C-0001-090A-476B7B7FD1F4BeginSession.cls_temp
- /data/data/####/5CB76440000C-0001-090A-476B7B7FD1F4SessionApp.cls_temp
- /data/data/####/5CB76440000C-0001-090A-476B7B7FD1F4SessionDevice.cls_temp
- /data/data/####/5CB76440000C-0001-090A-476B7B7FD1F4SessionOS.cls_temp
- /data/data/####/68e584e5fb117b44646b046ab8cfe0edab6d7e75fba7726....0.tmp
- /data/data/####/6e1ddd88205da605c1d25dd70af5217f6d7073649646155....0.tmp
- /data/data/####/76fc9bad06a6ad8e68a5328df5943d68e825e77eb018f7f....0.tmp
- /data/data/####/7f0abff3c0dd74937358a9b02f8bb5be5e1a5bb054c42fd....0.tmp
- /data/data/####/8361171551575426602
- /data/data/####/87ba4b6b6fb4ae594232a430d9ed7006d3e68ce4294450d....0.tmp
- /data/data/####/8e08c0a6d642ca22568209f060374048a76578350ba571c....0.tmp
- /data/data/####/8e169f50540bd9582c254913ffad86dfaa3eed6c572e3cf....0.tmp
- /data/data/####/8e169f50540bd9582c254913ffad86dfaa3eed6c572e3cf...leted)
- /data/data/####/941c323e4320448966af4972e65413585d3d83c013599cd....0.tmp
- /data/data/####/AdvSDK.xml
- /data/data/####/Alvin2.xml
- /data/data/####/AppStore.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/ContextData.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/TwitterAdvertisingInfoPreferences.xml
- /data/data/####/UTCommon.xml
- /data/data/####/UmengLocalNotificationStore.db-journal
- /data/data/####/a32f958cc7f0bfaed57a1272a29d2503a76f0a760b69b01....0.tmp
- /data/data/####/ac75ec9b08fad39b5a1ceacd4bf01a154b7fca84bcee542....0.tmp
- /data/data/####/adesk_online_config
- /data/data/####/adkBody_pref.xml
- /data/data/####/adk_pref.xml
- /data/data/####/ap.Lock
- /data/data/####/authStatus_com.lovebizhi.wallpaper;remote.xml
- /data/data/####/b3bde470f3c59c11314591bcedec9140512b3f54eb88b38....0.tmp
- /data/data/####/c561f03434176c326aa7e3856a3352de89dd14f656a39e5....0.tmp
- /data/data/####/cate_wp_animation
- /data/data/####/cate_wp_girl
- /data/data/####/cb0635f872bf383b4b562e48be8a8ac4353f3a14ddaaa72....0.tmp
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cef3618af3689af6ec0bd6c4bc9fd0cda81fb4b331030d6....0.tmp
- /data/data/####/cfwszwaf.xml
- /data/data/####/com.crashlytics.prefs.xml
- /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
- /data/data/####/com.crashlytics.settings.json
- /data/data/####/com.lovebizhi.wallpaper-1.apk.classes-622907793.zip
- /data/data/####/com.lovebizhi.wallpaper_preferences.xml
- /data/data/####/common_config.xml
- /data/data/####/config.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/dexMethod.82894129.dat
- /data/data/####/dialog_config.xml
- /data/data/####/dpi
- /data/data/####/dwsaer.data-journal
- /data/data/####/e421a5d8dd7152ea507e977314c9019d850e9e7fb71827e....0.tmp
- /data/data/####/e7702c18b133d6cd25aceda3732d5ef3304e906c173ebbc....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/fgzde.data-journal
- /data/data/####/file_cate_album_animation
- /data/data/####/file_cate_album_girl
- /data/data/####/firll.dat
- /data/data/####/gdt_config.cfg
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_suid
- /data/data/####/hid.db
- /data/data/####/index
- /data/data/####/initialization_marker
- /data/data/####/io.fabric.sdk.android;fabric;io.fabric.sdk.andr...ng.xml
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libyaqbasic.82894129.so
- /data/data/####/libyaqpro.82894129.so
- /data/data/####/load_MTAwMF8xMjAxXzE4NDAwMTAw;.xml
- /data/data/####/lzzhe.xml
- /data/data/####/lzzhe.xml.bak
- /data/data/####/multidex.version.xml
- /data/data/####/mykernel.apk
- /data/data/####/nhgbbpxz.xml
- /data/data/####/ombjhvs.data-journal
- /data/data/####/online_params_pre.xml
- /data/data/####/picasso_video_res.db-journal
- /data/data/####/pos_config_path
- /data/data/####/pri_wxop_tencent_analysis.db-journal
- /data/data/####/sa_541448cf-0fb5-4dbc-8364-d8dc4cfce3ef_1555522624858.tap
- /data/data/####/sa_b7f25dd0-a534-4f6c-964a-a502bdb830f3_1555522625786.tap
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/session_analytics.tap
- /data/data/####/session_analytics.tap.tmp
- /data/data/####/skin_serializable
- /data/data/####/spfn_MTAwMF8xMjAxXzE4NDAwMTAw;.xml
- /data/data/####/splash_ads_path
- /data/data/####/splash_config_path
- /data/data/####/temp.file
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/ugmarsad.db
- /data/data/####/ugmarsad.db-journal
- /data/data/####/ugmarssp.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_message_state.xml
- /data/data/####/update_lc
- /data/data/####/ut.db
- /data/data/####/ut.db-journal
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/weibo_sdk_aid1
- /data/data/####/wp_cates
- /data/data/####/wxop_tencent_analysis.db-journal
- /data/data/####/yaqsdkcookie
- /data/media/####/.5cadb3cde7bce7210c064b64.jpg
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.mid.txt
- /data/media/####/.nid
- /data/media/####/15555227031555503565544179.jar
- /data/media/####/15555227051555503565544179.jar
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/N38de20181225.jar
- /data/media/####/SDK31dex20190220.jar
- /data/media/####/SSDK_28.jar
- /data/media/####/cjmob20190301.jar
- /data/media/####/dfkn.jar
- /data/media/####/mfgz.jar
- /data/media/####/mykernel.apk
- /data/media/####/papp20190412.jar
- /data/media/####/picasso.db-journal
- /data/media/####/sdk04dex20190218.jar
- /data/media/####/test.0
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh
- cat /sys/class/android_usb/android0/idProduct
- cat /sys/class/android_usb/android0/idVendor
- getprop
- getprop net.dns1
- ls -l /dev
- ls -l /dev/block
- ls -l /dev/block/vold
- ls -l /dev/bus
- ls -l /dev/bus/usb
- ls -l /dev/bus/usb/001
- ls -l /dev/com.android.settings.daemon
- ls -l /dev/cpuctl
- ls -l /dev/cpuctl/apps
- ls -l /dev/cpuctl/apps/bg_non_interactive
- ls -l /dev/graphics
- ls -l /dev/input
- ls -l /dev/log
- ls -l /dev/pts
- ls -l /dev/snd
- ls -l /dev/socket
- ps
Loads the following dynamic libraries:
- box2d
- ezaction
- ezbase
- ezinterpolator
- ezlwp
- ezparticle
- ezpathiterator
- ezphysics
- ezrt
- eztransition
- libyaqbasic.82894129
- libyaqpro.82894129
- locSDK7
- picasso
- ut_c_api
- weibosdkcore
- wiengine
- wiskia
- wisound
Uses the following algorithms to encrypt data:
- AES
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- DES
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about APN settings.
Gets information about installed apps.
Gets information about running apps.
Displays its own windows over windows of other apps.