Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Triada.89.origin
- Android.Triada.192.origin
Network activity:
Connecting to:
- a####.####.com:7901
- 1####.####.28
- 1####.####.28:8080
- d####.####.net
- b####.####.com:9230
- l####.####.com:9820
- d####.####.net:8200
- l####.####.com
HTTP GET requests:
- 1####.####.28/billing/config.txt
HTTP POST requests:
- a####.####.com:7901/
- 1####.####.28:8080/makejoyjson/JsonRead
- d####.####.net/
- b####.####.com:9230/
- 1####.####.28/sdk_selector/sdkSelect/sdk-get.do
- l####.####.com/chnlt/ltpay/paystart.do
- l####.####.com:9820/chnlt/ltpay/paystart.do
- d####.####.net:8200/
Modified file system:
Creates the following files:
- /data/data/####/.lib/libexec.so
- /data/data/####/shared_prefs/pref_longtime.xml
- /data/data/####/cache/job2121.temp
- /sdcard/.system/lotuseed.devid
- /data/data/####/shared_prefs/pref_shorttime.xml
- /data/data/####/.lib/libexecmain.so
- /data/data/####/shared_prefs/PluginConfig####.xml
- /data/data/####/files/td.lock
- /data/data/####/files/lotuseed_jr.s
- /data/data/####/shared_prefs/lotuseed_global_jr.xml
- /data/data/####/shared_prefs/shared_file.xml
- /data/data/####/shared_prefs/data.xml
- /data/data/####/cache/job2382.temp
- /data/data/####/shared_prefs/pref_longtime.xml.bak
- /data/data/####/shared_prefs/uuid.xml
- /data/data/####/files/ZQAgenttcagent.db
- /data/data/####/cache/job2283.temp
- /data/data/####/databases/DATA_DB-journal
- /sdcard/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk
- /data/data/####/shared_prefs/PluginList.xml
- /data/data/####/cache/job2066.temp
- /sdcard/.tcookieid
- /data/data/####/cache/job2482.temp
- /data/data/####/files/ZQAgenttcagent.db-journal
- /data/data/####/shared_prefs/global.xml
- /data/data/####/shared_prefs/JoyConfig.xml
- /data/data/####/databases/webview.db-journal
- /data/data/####/shared_prefs/appStatus.xml
- /data/data/####/cache/job1013_929748987.jar
- /data/data/####/files/0f170003101406031b1e.jar
- /sdcard/com/android/system/uid.sys
- /data/data/####/shared_prefs/global_timeouttimeoutlist.xml
- /data/data/####/files/silencedownLoad_1011.cache
- /data/data/####/shared_prefs/tdid.xml
- /data/data/####/shared_prefs/global_timeout.xml
- /data/data/####/files/TDtcagent.db-journal
- /data/data/####/cache/job1013_1440526587.jar
- /data/data/####/cache/job2586.temp
- /data/data/####/files/TDtcagent.db
- /data/data/####/cache/634351962####.apk
- /sdcard/.76761b91/65f4d34/d4e677bdb96f3e0b37b3beb2967d170f_1013.d4
- /data/data/####/shared_prefs/pref_shorttime.xml.bak
Miscellaneous:
Executes next shell scripts:
- ps
- /system/bin/dexopt --dex 27 41 40 281772 /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk 1182437091 1893239813 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/fr
- /system/bin/dexopt --dex 27 42 40 281772 /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk 1182437091 1893239813 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/fr
- /system/bin/dexopt --dex 27 58 40 447816 /data/data/####/files/0f170003101406031b1e.jar 1185767115 125112115 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fram
- getprop ro.product.cpu.abi
- /system/bin/dexopt --dex 27 60 40 226084 /data/data/####/cache/job1013_2104667971.jar 1183797252 1115875177 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/frame
- /system/bin/dexopt --dex 27 60 40 226084 /data/data/####/cache/job1013_1440526587.jar 1183797252 1115875177 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/frame
- /system/bin/dexopt --dex 27 61 40 226084 /data/data/####/cache/job1013_929748987.jar 1183797252 1115875177 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framew
- /system/bin/dexopt --dex 27 42 40 4104 /data/app/####-1.apk 1186368259 -1647723805 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.jar /syste
Uses special library to hide executable bytecode.
Contains functionality to send SMS messages automatically.
