Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.20
Removes app icon from the screen.
Network activity:
Connects to:
- UDP(DNS) 8####.8.4.4:53
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(TLS/1.0) www.google####.com:443
- TCP(TLS/1.0) connect####.gst####.com:443
- TCP(TLS/1.0) rr6---s####.g####.com:443
- TCP(TLS/1.0) rr9---s####.g####.com:443
- TCP(TLS/1.2) www.google####.com:443
- TCP(TLS/1.2) 1####.177.14.100:443
- UDP rr2---s####.g####.com:443
- UDP www.google####.com:443
DNS requests:
- a####.u####.com
- connect####.gst####.com
- m####.91.com
- m####.go####.com
- mobiled####.91.com
- oc.u####.co
- oc.u####.com
- rr2---s####.g####.com
- rr6---s####.g####.com
- rr9---s####.g####.com
- www.google####.com
HTTP POST requests:
- a####.u####.com/app_logs
File system changes:
Creates the following files:
- /data/data/####/.imprint
- /data/data/####/DianJinStatistics.db
- /data/data/####/DianJinStatistics.db-journal
- /data/data/####/com.add.u.xml
- /data/data/####/com_nd_dianjin_sdk_config.xml
- /data/data/####/dian.jin.statistics.pref.xml
- /data/data/####/kp.dex
- /data/data/####/kp.dex.flock (deleted)
- /data/data/####/kp.jar
- /data/data/####/provider_center.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_it.cache
- /data/data/####/wallpaper.xml
- /data/media/####/.DianJinStatisticsTid
- /data/media/####/a664ad0aca73389ffa7165c3040f9.properties
- /data/media/####/history
Miscellaneous:
Uses the following algorithms to encrypt data:
- RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about APN settings.
Gets information about installed apps.
Gets information about running apps.
Displays its own windows over windows of other apps.
Manages Wi-Fi connectivity.
Requests the system alert window permission.