Technical information
Malicious functions:
Sends SMS messages:
- 1069099903306: ####
Sends data on received text messages to remote host.
Network activity:
Connecting to:
- p####.####.com
- a####.####.com
- ta####.com
- pa####.####.com
HTTP GET requests:
- ta####.com/photo/new/home/20161117CRQX16.jpg
- ta####.com/photo/new/home/20161117CRQX09.jpg
- p####.####.com/apiTvShow/itf/getallurlbyname?name=####
- ta####.com/photo/new/home/20161117CRQX38.jpg
- ta####.com/photo/ps/zf38.jpg
- ta####.com/photo/new/home/20161117CRQX43.jpg
HTTP POST requests:
- p####.####.com/api/init?imei=####&cid=####
- p####.####.com/api/home?imei=####&cid=####
- pa####.####.com/mobile-service/getOpenImsiMobilePhone.json
- pa####.####.com/pay-sms-access//uploadSmsDetailInfo.json?
- a####.####.com/app_logs
- pa####.####.com/pay-sms-access//getAccessPayChannel.json
Modified file system:
Creates the following files:
- /data/data/####/cache/sms.apk.apk
- /data/data/####/shared_prefs/sy_pay_config.xml.bak
- /sdcard/Android/data/####/cache/20id30bext5z3079vvubzij71.tmp
- /data/data/####/shared_prefs/plugins.serviceMapping.xml
- /sdcard/WYKB/play072.txt
- /data/data/####/databases/sy_pay_record-journal
- /data/data/####/app_apCoreplugn/sms.apk
- /data/data/####/cache/smp.apk.apk
- /sdcard/Android/data/####/cache/1i1iozw1r0q50ql0c916u9tcc.tmp
- /data/data/####/shared_prefs/umeng_general_config.xml
- /sdcard/Android/data/####/cache/3vetaeeok80af1sexu132n062.tmp
- /data/data/####/shared_prefs/plugins.installed.xml
- /data/data/####/files/.imprint
- /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/base-1.apk
- /data/data/####/databases/com.souying.pay.plugmain_sy_pay_record-journal
- /sdcard/Android/data/.nomedia
- /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/base-1.apk
- /data/data/####/shared_prefs/com.souying.pay.xml
- /data/data/####/app_apCoreplugn/smp.apk
- /data/data/####/app_apCoreplugn/ZIP/plugin-20170105-2.1.8.7.bin
- /data/data/####/files/umeng_it.cache
- /sdcard/Android/data/####/cache/.nomedia
- /sdcard/Android/data/####/cache/45x9bd85yiwtzobf791wlf0vi.tmp
- /data/data/####/databases/recordInfo-journal
- /sdcard/Android/data/####/cache/4pxczr8lgp1cezplvk5eu33b2.tmp
- /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/dalvik-cache/base-1.dex
- /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/dalvik-cache/base-1.dex
- /data/data/####/shared_prefs/sy_pay_config.xml
- /data/data/####/shared_prefs/com.souying.pay.plugmain_p_config.xml
Miscellaneous:
Executes next shell scripts:
- /system/bin/dexopt --dex 27 58 40 55028 /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/base-1.apk 1243976466 -8434925 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/fram
- /system/bin/dexopt --dex 27 63 40 266588 /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/base-1.apk 1243976482 -2093026819 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar
- cat /proc/version
Contains functionality to send SMS messages automatically.
