Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Xiny.1513
- Android.Xiny.240.origin
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) b.yunj####.cn:5284
DNS requests:
- a.peiz####.cn
- b.yunj####.cn
- pa.yunj####.cn
HTTP POST requests:
- b.yunj####.cn:5284/android.frontserver/pcsvc
File system changes:
Creates the following files:
- /data/data/####/b.d
- /data/data/####/buntutu_data_s.xml
- /data/data/####/cb.d
- /data/data/####/cbn.d
- /data/data/####/cbn_d.d
- /data/data/####/cbs.d
- /data/data/####/classes.jar
- /data/data/####/d_h_d.d
- /data/data/####/game_n.xml
- /data/data/####/kb_idle.ini
- /data/data/####/lt.d
- /data/data/####/mm_nw_app.xml
- /data/data/####/native_1542209187927.so
- /data/data/####/pcn.d
- /data/data/####/pcs.d
- /data/data/####/pgb.d
- /data/data/####/teigjyoy.dat
- /data/data/####/wx.d
- /data/data/####/zfb.d
- /data/media/####/1B3A2967E5FD862EFD957606C65C8122
- /data/media/####/30592A6B8B0C769E3F7FDE6E1A033DF5
- /data/media/####/D99494BB10D048C393648C204AF8AA38
- /data/media/####/buntutu.jaru
- /data/media/####/kb_idle.ini
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /proc/cpuinfo
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- cat /sys/block/mmcblk0/device/cid
Loads the following dynamic libraries:
- mexxfnx
- native_1542209187927
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Displays its own windows over windows of other apps.