Android.Packed.53115

Technical information

Malicious functions:

Executes code of the following detected threats:

Android.DownLoader.916.origin

Network activity:

Connects to:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) img.fz####.com.####.cn:80
TCP(HTTP/1.1) ti####.c####.l####.####.com:80
TCP(HTTP/1.1) c####.c####.cn:80
TCP(HTTP/1.1) d####.cn:80
TCP(HTTP/1.1) dup.baidust####.com:80
TCP(HTTP/1.1) www.pc####.com.####.cn:80
TCP(HTTP/1.1) tc.c####.com:80
TCP(HTTP/1.1) u####.c####.com:80
TCP(HTTP/1.1) qzones####.g####.cn.####.com:80
TCP(HTTP/1.1) pos.b####.com:80
TCP(HTTP/1.1) err.ta####.com:80
TCP(HTTP/1.1) s####.x####.com.cn:80
TCP(HTTP/1.1) d0.x####.com.cn:80
TCP(HTTP/1.1) i.c####.com.####.com:80
TCP(HTTP/1.1) 58.2####.92.50:808
TCP(HTTP/1.1) s####.al####.com:80
TCP(HTTP/1.1) a####.caiji####.com:80
TCP(HTTP/1.1) a####.d####.com:80
TCP(HTTP/1.1) f####.c####.com:80
TCP(HTTP/1.1) f####.caiji####.com:80
TCP(HTTP/1.1) dl.huih####.com.####.com:80
TCP(HTTP/1.1) pco####.ta####.com:80
TCP(HTTP/1.1) rs.c####.com:80
TCP(HTTP/1.1) c####.zhito####.com:99
TCP(HTTP/1.1) ne####.x####.com.cn:80
TCP(HTTP/1.1) cc.zbe####.org:80
TCP(HTTP/1.1) k####.caiji####.com.####.com:80
TCP(HTTP/1.1) c####.baidust####.com.####.com:80
TCP(HTTP/1.1) ivy.pcon####.com.cn:80
TCP(HTTP/1.1) gm.mm####.com:80
TCP(HTTP/1.1) w####.c####.com:80
TCP(HTTP/1.1) wi####.w####.com:80
TCP(HTTP/1.1) adcha####.bz.m####.com:80
TCP(HTTP/1.1) d.sin####.cn.####.net:80
TCP(HTTP/1.1) c####.zhito####.com:808
TCP(HTTP/1.1) z.c####.com:80
TCP(HTTP/1.1) p####.caiji####.com:80
TCP(HTTP/1.1) 1####.h####.com:80
TCP(HTTP/1.1) 58.2####.198.157:999
TCP(HTTP/1.1) s2.z####.cn:80
TCP(HTTP/1.1) d####.wos####.com:80
TCP(HTTP/1.1) c.c####.com:80
TCP(HTTP/1.1) ipp.zhito####.com:807
TCP(HTTP/1.1) w.i####.com:80
TCP(HTTP/1.1) ucst####.c####.com.####.com:80
TCP(HTTP/1.1) s####.caiji####.com:666
TCP(HTTP/1.1) i####.d####.cn:80
TCP(HTTP/1.1) c####.zhito####.com:999
TCP(HTTP/1.1) ia.z####.net:80
TCP(HTTP/1.1) ask.c####.com.####.com:80
TCP(TLS/1.0) z.c####.com:443
TCP(TLS/1.0) v2.da.m####.com:443
TCP(TLS/1.0) www.pcon####.com.cn:443
TCP(TLS/1.0) ub####.baidust####.com.####.com:443
TCP(TLS/1.0) col####.bz.m####.com:443
TCP(TLS/1.0) web.da.m####.com:443
TCP(TLS/1.0) mg####.api.max.####.com:443
TCP(TLS/1.0) c####.pc####.com.cn:443
TCP(TLS/1.0) gm.mm####.com:443
TCP(TLS/1.0) pos.b####.com:443
TCP(TLS/1.0) a####.d####.com:443
TCP(TLS/1.0) u.api.m####.com:443
TCP(TLS/1.0) 3####.h####.com.####.com:443
TCP(TLS/1.0) playhis####.bz.m####.com:443
TCP(TLS/1.0) err.ta####.com:443
TCP(TLS/1.0) log.mm####.com:443
TCP(TLS/1.0) wtc.d####.com:443
TCP(TLS/1.0) i.m####.com:443
TCP(TLS/1.0) et2.wagbr####.adverti####.####.com:443
TCP(TLS/1.0) 1####.h####.com:443
TCP(TLS/1.0) cre####.bz.m####.com:443
TCP(TLS/1.0) cap####.d####.com:8099
TCP(TLS/1.0) rs.si####.cn:443
TCP(TLS/1.0) 4####.h####.com.####.cn:443
TCP(TLS/1.0) img.pcon####.com.####.cn:443
TCP(TLS/1.0) i####.u####.cn:443
TCP(TLS/1.0) wn.pos.b####.com:443
TCP(TLS/1.0) c####.d####.v2.####.com:443
TCP(TLS/1.0) ec####.b####.com:443
TCP(TLS/1.0) g####.api.m####.com:443
TCP(TLS/1.0) www.m####.com:443
TCP(TLS/1.0) pc.bz.m####.com:443
TCP(TLS/1.0) w.i####.com:443
TCP(TLS/1.0) vi####.m####.com:443
TCP(TLS/1.0) i####.uc.cn:443
TCP(TLS/1.0) av####.h####.com.####.com:443
TCP(TLS/1.0) pcwe####.log.m####.com:443
TCP(TLS/1.0) mg####.pcon####.com.cn:443
TCP(TLS/1.0) h####.m####.com:443
TCP(TLS/1.0) vip.bz.m####.com:443
TCP(TLS/1.0) www.pc####.com.####.cn:443
TCP(TLS/1.0) ims-####.sm.cn:443
TCP(TLS/1.0) mobi####.bz.m####.com:443
TCP(TLS/1.0) st3.wagbr####.adverti####.####.com:443
TCP(TLS/1.0) wi####.w####.com:443
TCP(TLS/1.0) cou####.bz.m####.com:443
TCP(TLS/1.0) p####.pc####.com.cn:443
TCP(TLS/1.0) s3.h####.com:443
TCP(TLS/1.0) c.c####.com:443
TCP(TLS/1.0) l####.bz.m####.com:443
TCP(TLS/1.0) com####.m####.com:443
TCP(TLS/1.0) hm.b####.com:443
TCP(TLS/1.0) s####.al####.com:443
TCP(TLS/1.0) na61-####.wagbr####.ali####.####.com:443
TCP(TLS/1.0) rc-cha####.bz.m####.com:443
TCP(TLS/1.0) use####.api.max.####.com:443
TCP(TLS/1.0) s2.z####.cn:443
TCP(TLS/1.0) mipst####.s####.cn:443
TCP(TLS/1.0) dup.baidust####.com:443
TCP(TLS/1.0) js.3con####.com.####.cn:443
TCP(TLS/1.0) p####.api.m####.com:443
TCP(TLS/1.0) pc####.api.m####.com:443
TCP(TLS/1.0) i####.d####.com:443
TCP(TLS/1.0) sw4.d####.com:443
TCP(TLS/1.0) d.sin####.cn.####.net:443
TCP(TLS/1.0) g.al####.com:443

DNS requests:

0####.h####.com
1####.h####.com
2####.h####.com
3####.h####.com
4####.h####.com
a####.caiji####.com
a####.caiji####.com
a####.d####.com
a####.m.sm.cn
ad.7d####.com
adcha####.bz.m####.com
as.m####.com
ask.c####.com
ass####.xca####.com
av####.h####.com
ba####.c####.com
bbs.c####.com
c####.baidust####.com
c####.c####.cn
c####.d####.v2.####.com
c####.mm####.com
c####.pc####.com.cn
c####.zhito####.com
c.c####.com
cap####.d####.com
cc.zbe####.org
col####.bz.m####.com
com####.m####.com
cou####.bz.m####.com
cre####.bz.m####.com
css.m####.com
d####.cn
d####.wos####.com
d0.x####.com.cn
dl.huih####.com
dup.baidust####.com
e####.h####.com
ec####.b####.com
err.ta####.com
f####.c####.com
f####.c####.com
f####.caiji####.com
fo####.v.t.####.com
fou####.ta####.com
g####.api.m####.com
g####.c####.com
g.al####.com
gm.mm####.com
h####.m####.com
hm.b####.com
i####.d####.cn
i####.d####.com
i####.u####.cn
i####.uc.cn
i####.x####.com.cn
i####.xca####.com
i####.xca####.com
i.c####.com
i.m####.com
i1.h####.com
i3.h####.com
i4.h####.com
i5.h####.com
ia.z####.net
id.d####.com
img.d####.com
img.fz####.com.cn
img.m####.com
img.pcon####.com.cn
img.t.si####.cn
ims-####.sm.cn
ipp.zhito####.com
ivy.pcon####.com.cn
js.3con####.com
js.miao####.com
js.t.si####.cn
js.x####.com.cn
k####.caiji####.com
l####.bz.m####.com
l####.m.sm.cn
log.mm####.com
ma####.m.ta####.com
mg####.api.max.####.com
mg####.pcon####.com.cn
mipst####.s####.cn
mobi####.bz.m####.com
ne####.x####.com.cn
o####.q####.qq.com
o####.sin####.cn
p####.api.m####.com
p####.caiji####.com
p####.pc####.com.cn
pc####.api.m####.com
pc.bz.m####.com
pco####.c####.com
pco####.sm.cn
pcwe####.log.m####.com
playhis####.bz.m####.com
pos.b####.com
qzones####.g####.cn
rc-cha####.bz.m####.com
rc.m####.com
rs.c####.com
rs.si####.cn
s####.al####.com
s####.caiji####.com
s####.m.sm.cn
s####.x####.com.cn
s1.h####.com
s11.c####.com
s13.c####.com
s19.c####.com
s2.z####.cn
s20.c####.com
s22.c####.com
s23.c####.com
s3.h####.com
s4.c####.com
s5.c####.com
s9.c####.com
s95.c####.com
s96.c####.com
shi####.c####.com
st####.h####.com
sw4.d####.com
tb.m####.com
tc.c####.com
tjs.sjs.si####.cn
u####.c####.com
u.api.m####.com
ub####.baidust####.com
ucst####.c####.com
use####.api.max.####.com
v.t.q####.com
v1.c####.com
v2.da.m####.com
vi####.m####.com
vip.bz.m####.com
vip.log.m####.com
w####.c####.com
w####.pc####.com.cn
w####.pcon####.com.cn
w.i####.com
web.da.m####.com
wi####.w####.com
wn.pos.b####.com
wtc.d####.com
www.c####.com
www.m####.com
www.pc####.com.cn
www.pcon####.com.cn
y####.m.sm.cn
z11.c####.com
z12.c####.com
z2.c####.com
z3.c####.com
z5.c####.com
z6.c####.com
z8.c####.com
z9.c####.com
zm.s####.cn

HTTP GET requests:

1####.h####.com/mz_ad_serving.js?v=####
58.2####.92.50:808/gh.html
a####.caiji####.com/a/asdf?cnl=####&vv=####&vv2=####&aid=####&sid=####&d...
a####.d####.com/rewrite?fromid=####
adcha####.bz.m####.com/direct?cc=####
ask.c####.com.####.com/2009/abc/shiyong.js?v=####
ask.c####.com.####.com/askques/expert/getAll
ask.c####.com.####.com/askques/questions/show/787912
ask.c####.com.####.com/askques/questions/show/798593
ask.c####.com.####.com/baodian/d/album/d053849bf769fccada7b8ed5cab440d8....
ask.c####.com.####.com/baodian/data/static/9b0aa949f62c6ac17f960806ae200...
ask.c####.com.####.com/baodian/data/upload/item/201302/16/upload_0sl7v_f...
ask.c####.com.####.com/baodian/data/upload/item/201302/16/upload_HnxGN_f...
ask.c####.com.####.com/baodian/data/upload/item/201302/16/upload_TlOxE_c...
ask.c####.com.####.com/baodian/static/css/default/basic.css
ask.c####.com.####.com/baodian/static/css/default/i2012/bg.jpg
ask.c####.com.####.com/baodian/static/css/default/images/album_bg5.jpg
ask.c####.com.####.com/baodian/static/css/default/images/album_bg6.jpg
ask.c####.com.####.com/baodian/static/css/default/images/album_box.png
ask.c####.com.####.com/baodian/static/css/default/images/bar_w716.jpg
ask.c####.com.####.com/baodian/static/css/default/images/border-revision...
ask.c####.com.####.com/baodian/static/css/default/images/box_foot.jpg
ask.c####.com.####.com/baodian/static/css/default/images/box_head.jpg
ask.c####.com.####.com/baodian/static/css/default/images/btn_24b.png
ask.c####.com.####.com/baodian/static/css/default/images/categary-new.jpg
ask.c####.com.####.com/baodian/static/css/default/images/categary-new2.jpg
ask.c####.com.####.com/baodian/static/css/default/images/hd-bg.jpg
ask.c####.com.####.com/baodian/static/css/default/images/icons.png
ask.c####.com.####.com/baodian/static/css/default/images/login_btn.png
ask.c####.com.####.com/baodian/static/css/default/images/nav.gif
ask.c####.com.####.com/baodian/static/css/default/images/nav_menu3_bg.gif
ask.c####.com.####.com/baodian/static/css/default/images/nav_menu3_li.gif
ask.c####.com.####.com/baodian/static/css/default/images/nav_now.gif
ask.c####.com.####.com/baodian/static/css/default/images/nav_on.gif
ask.c####.com.####.com/baodian/static/css/default/images/navb_bg1.gif
ask.c####.com.####.com/baodian/static/css/default/images/new_hd.gif
ask.c####.com.####.com/baodian/static/css/default/images/play_btn_24b.png
ask.c####.com.####.com/baodian/static/css/default/images/reinside.png
ask.c####.com.####.com/baodian/static/css/default/images/reinsidebg.jpg
ask.c####.com.####.com/baodian/static/css/default/images/return_top.png
ask.c####.com.####.com/baodian/static/css/default/images/search.png
ask.c####.com.####.com/baodian/static/css/default/images/search_btn.png
ask.c####.com.####.com/baodian/static/css/default/images/tabspng-24.png
ask.c####.com.####.com/baodian/static/css/default/images/weixin.png
ask.c####.com.####.com/baodian/static/css/default/jquery.fancybox.css
ask.c####.com.####.com/baodian/static/css/default/style.css
ask.c####.com.####.com/baodian/static/images/ad.jpg
ask.c####.com.####.com/baodian/static/images/logo.gif
ask.c####.com.####.com/baodian/static/images/more_city.gif
ask.c####.com.####.com/baodian/static/images/yqtx.png
ask.c####.com.####.com/baodian/static/js/album_ad_0615.js
ask.c####.com.####.com/baodian/static/js/comment.js
ask.c####.com.####.com/baodian/static/js/cookielogin10.js
ask.c####.com.####.com/baodian/static/js/jquery.fancybox.js
ask.c####.com.####.com/baodian/static/js/jquery/jquery.js
ask.c####.com.####.com/baodian/static/js/jquery/plugins/jquery.jcarousel...
ask.c####.com.####.com/baodian/static/js/jquery/plugins/jquery.jqzoom.js
ask.c####.com.####.com/css/images/foot-pic-836x60.gif
ask.c####.com.####.com/css/layout1.css
ask.c####.com.####.com/d/article.php/22462
ask.c####.com.####.com/global/header_style.min.css?v=####
ask.c####.com.####.com/images/ico-25x25.gif
ask.c####.com.####.com/images/icon-cms1.gif
ask.c####.com.####.com/images/icon-cms2.gif
ask.c####.com.####.com/images/more_city.gif
ask.c####.com.####.com/images/upload/20160428095818_small.jpg
ask.c####.com.####.com/images/upload/20160509092921_small.jpg
ask.c####.com.####.com/images/upload/banner/b509.jpg
ask.c####.com.####.com/images/upload/company/26.jpg
ask.c####.com.####.com/img/new_85_1.gif
ask.c####.com.####.com/index/style/i2011/lg_bg.png
ask.c####.com.####.com/index/style/i2011/lg_bg2.png
ask.c####.com.####.com/index/style/i2011/lg_links.gif
ask.c####.com.####.com/js/baobao.js
ask.c####.com.####.com/js/cookie.js?2009101####
ask.c####.com.####.com/js/imagerollover.js
ask.c####.com.####.com/js/new_sw.js?t=####
ask.c####.com.####.com/js_revsci.html
ask.c####.com.####.com/main.html
ask.c####.com.####.com/style/ask.css?v=####
ask.c####.com.####.com/style/frame-inner.css
ask.c####.com.####.com/style/iask.css
ask.c####.com.####.com/style/images/ask-cms-but-88x25.gif
ask.c####.com.####.com/style/images/ask-cms-icon-14x14.gif
ask.c####.com.####.com/style/images/ask-cms-top-2.gif
ask.c####.com.####.com/style/images/ask2_blind4.gif
ask.c####.com.####.com/style/images/ask_bg.gif
ask.c####.com.####.com/style/images/ask_done.gif
ask.c####.com.####.com/style/images/ask_good.gif
ask.c####.com.####.com/style/images/ask_green.gif
ask.c####.com.####.com/style/images/ask_pink.gif
ask.c####.com.####.com/style/images/ask_return.jpg
ask.c####.com.####.com/style/images/ask_tiwen.jpg
ask.c####.com.####.com/style/images/tab_pink_d.gif
ask.c####.com.####.com/style/images/tab_pink_l_b.gif
ask.c####.com.####.com/style/images/tab_pink_l_t.gif
ask.c####.com.####.com/style/images/tab_pink_r_b.gif
ask.c####.com.####.com/style/images/tab_pink_r_t.gif
ask.c####.com.####.com/style/images/zj_online_bg.gif
ask.c####.com.####.com/style/images/zj_online_foot.gif
ask.c####.com.####.com/style/images/zj_online_t.gif
ask.c####.com.####.com/style/word.css
ask.c####.com.####.com/styles/cms.css
ask.c####.com.####.com/styles/head_style2.css?v=####
ask.c####.com.####.com/styles/images/bg.gif
ask.c####.com.####.com/styles/images/ci123_logo.gif
ask.c####.com.####.com/styles/images/ci123_logo_ask.gif
ask.c####.com.####.com/styles/images/icon.gif
ask.c####.com.####.com/styles/images/lg_txt.gif
ask.c####.com.####.com/styles/images/nav_bg.jpg
ask.c####.com.####.com/styles/images/nav_city_bg_160.gif
ask.c####.com.####.com/styles/images/nav_mall_left.gif
ask.c####.com.####.com/styles/images/nav_menu2_bg.gif
ask.c####.com.####.com/styles/images/nav_menu2_block.gif
ask.c####.com.####.com/styles/images/nav_menu2_block2.gif
ask.c####.com.####.com/styles/images/nav_menu2_right.gif
ask.c####.com.####.com/styles/images/nav_menu3_bg.gif
ask.c####.com.####.com/styles/images/nav_menu3_s.gif
ask.c####.com.####.com/styles/images/nav_tool.gif
ask.c####.com.####.com/styles/images/search_sub.gif
ask.c####.com.####.com/styles/images/tabnavi.gif
ask.c####.com.####.com/styles/menu_style.css?v=####
ask.c####.com.####.com/styles/menu_style_v2.css?v=####
ask.c####.com.####.com/styles/switchpic2.js
c####.baidust####.com.####.com/cpro/ui/c.js
c####.c####.cn/stat.php?site_id=####
c####.zhito####.com:808/pctja.html
c####.zhito####.com:99/funt/index.html
c####.zhito####.com:99/newcar/index.html
c####.zhito####.com:99/tat/index.html
c####.zhito####.com:999/c/index.php
c####.zhito####.com:999/tat/index.php
c.c####.com/core.php?web_id=####&t=####
c.c####.com/stat.php?id=####
c.c####.com/stat.php?id=####&web_id=####
c.c####.com/z_stat.php?id=####
c.c####.com/z_stat.php?id=####&web_id=####
cc.zbe####.org/PClick.aspx?AID=####&KEY=####
d####.cn/cdn.html
d####.cn/fenpei.html?1####
d####.cn/fenpei.html?2####
d####.cn/fenpei.html?c####
d####.cn/ydc.html
d####.cn/ydm.html
d####.wos####.com/upload/csaa.jsp?a=####&b=####&c=####&d=####&e=####&f=#...
d.sin####.cn.####.net/wikipic/icon/16x16.png
d0.x####.com.cn/adpush/push/ad.php?pid=####&pushtype=####&cid=####&style...
d0.x####.com.cn/pvlog/ad_count.php?t=####
dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...
dup.baidust####.com/js/os.js
err.ta####.com/error1.html?c=404&u=/hz.aplus.taobao.org/app.gif?&cna=TxQ...
f####.c####.com/tcjs.php?time=####
f####.caiji####.com/v1/cc/mobile?brand=####&model=####&andid=####&andv=#...
gm.mm####.com/9.gif?abc=####&rnd=####
i####.d####.cn/goldcool.php?id=####
i.c####.com.####.com/avatar/1601/1601295.png
i.c####.com.####.com/avatar/2238/2238827.png
i.c####.com.####.com/avatar/2238/2238828.png
i.c####.com.####.com/avatar/2797/2797863.png
i.c####.com.####.com/avatar/2804/2804090.png
i.c####.com.####.com/avatar/2882/2882053.png
i.c####.com.####.com/avatar/2899/2899820.png
i.c####.com.####.com/avatar/2936/2936674.png
i.c####.com.####.com/avatar/2936/2936996.png
i.c####.com.####.com/avatar/37131/37131991.png
i.c####.com.####.com/avatar/37261/37261674.png?124963####
i.c####.com.####.com/avatar/37534/37534032.png
i.c####.com.####.com/avatar/38049/38049460.png
i.c####.com.####.com/avatar/39579/39579864.png
i.c####.com.####.com/avatar/40306/40306266.png
i.c####.com.####.com/avatar/no.png
img.fz####.com.####.cn/cms/7e3b72334/20200420/15873671954575.jpeg?height...
ipp.zhito####.com:807/1102/index.html
ipp.zhito####.com:807/1102/qing.html
ivy.pcon####.com.cn/click?id=####&adid=####&watch=####
k####.caiji####.com.####.com/jm1584952315919_utils.ttf
k####.caiji####.com.####.com/searchss2.min.js
ne####.x####.com.cn/images/np_ps_bj.jpg
ne####.x####.com.cn/images/r_map.gif
ne####.x####.com.cn/images/rl_bj.gif
ne####.x####.com.cn/jsinclude/jquery.js
ne####.x####.com.cn/new_ol_167.html
ne####.x####.com.cn/new_ol_167.html?jum####
ne####.x####.com.cn/new_ol_news1.html
ne####.x####.com.cn/new_ol_photo1.html
ne####.x####.com.cn/new_ol_photo12.html?jum####
ne####.x####.com.cn/new_ol_photo5.html
ne####.x####.com.cn/xcarjump/new_jump_other.php?type=####
pco####.ta####.com/app.gif?&cna=####
pos.b####.com/bfp/snippetcacher.php?dpv=####&di=####
qzones####.g####.cn.####.com/ac/qzone_v5/app/app_share/qz_logo.png
rs.c####.com/d/items/download/2086
rs.c####.com/d/items/download/794
rs.c####.com/images/ad_new.jpg
rs.c####.com/images/logo_1.gif
rs.c####.com/images/media.jpg
rs.c####.com/images/qq.gif
rs.c####.com/images/real.jpg
rs.c####.com/images/sina.gif
rs.c####.com/images/web.gif
rs.c####.com/js/ajax.js?d=####
rs.c####.com/js/common.js?d=####
rs.c####.com/js/jquery-1.3.2.js?d=####
rs.c####.com/style/image/add.gif
rs.c####.com/style/image/cap.gif
rs.c####.com/style/image/dot.gif
rs.c####.com/style/image/ed.gif
rs.c####.com/style/image/line.gif
rs.c####.com/style/image/line2.gif
rs.c####.com/style/image/list.gif
rs.c####.com/style/image/more.gif
rs.c####.com/style/image/tt_b.gif
rs.c####.com/style/image/user2.gif
rs.c####.com/style/images/headbdon.png
rs.c####.com/style/images/headbg.png
rs.c####.com/style/images/headbg2.png
rs.c####.com/style/images/headbg2on.png
rs.c####.com/style/images/line4.gif
rs.c####.com/style/images/more_city1.png
rs.c####.com/style/images/more_new.gif
rs.c####.com/style/images/nav_new.gif
rs.c####.com/style/images/nav_now.gif
rs.c####.com/style/images/navb_bg2.gif
rs.c####.com/style/images/search1.png
rs.c####.com/style/images/search_btn.png
rs.c####.com/style/images/tt_bn.gif
rs.c####.com/style/style4.css?d=####
s####.al####.com/L1/272/6837/static/wap/img/uc-32.png
s####.al####.com/L1/272/6837/static/wap/img/uc.png
s####.x####.com.cn/flow/flow.php?m=####
s####.x####.com.cn/flow/flow.php?t=####
s2.z####.cn/ims?kt=####&at=####&key=aHR####&sign=yx####&tv=####&x####
tc.c####.com/adimage.php?filename=####&contenttype=####
tc.c####.com/adscache/caches/1.js?n=####
tc.c####.com/adscache/caches/104.js?n=####
tc.c####.com/adscache/caches/105.js?n=####
tc.c####.com/adscache/caches/106.js?n=####
tc.c####.com/adscache/caches/108.js?n=####
tc.c####.com/adscache/caches/109.js?n=####
tc.c####.com/adscache/caches/12.js?n=####
tc.c####.com/adscache/caches/160.js?n=####
tc.c####.com/adscache/caches/163.js?n=####
tc.c####.com/adscache/caches/177.js?n=####
tc.c####.com/adscache/caches/178.js?n=####
tc.c####.com/adscache/caches/183.js?n=####
tc.c####.com/adscache/caches/187.js?n=####
tc.c####.com/adscache/caches/196.js?n=####
tc.c####.com/adscache/caches/205.js?n=####
tc.c####.com/adscache/caches/212.js?n=####
tc.c####.com/adscache/caches/215.js?n=####
tc.c####.com/adscache/caches/216.js?n=####
tc.c####.com/adscache/caches/217.js?n=####
tc.c####.com/adscache/caches/227.js?n=####
tc.c####.com/adscache/caches/238.js?n=####
tc.c####.com/adscache/caches/239.js?n=####
tc.c####.com/adscache/caches/240.js?n=####
tc.c####.com/adscache/caches/242.js?n=####
tc.c####.com/adscache/caches/243.js?n=####
tc.c####.com/adscache/caches/244.js?n=####
tc.c####.com/adscache/caches/245.js?n=####
tc.c####.com/adscache/caches/246.js?n=####
tc.c####.com/adscache/caches/25.js?n=####
tc.c####.com/adscache/caches/257.js?n=####
tc.c####.com/adscache/caches/26.js?n=####
tc.c####.com/adscache/caches/268.js?n=####
tc.c####.com/adscache/caches/27.js?n=####
tc.c####.com/adscache/caches/296.js?n=####
tc.c####.com/adscache/caches/308.js?n=####
tc.c####.com/adscache/caches/324.js?n=####
tc.c####.com/adscache/caches/337.js?n=####
tc.c####.com/adscache/caches/340.js?n=####
tc.c####.com/adscache/caches/344.js?n=####
tc.c####.com/adscache/caches/386.js?n=####
tc.c####.com/adscache/caches/393.js?n=####
tc.c####.com/adscache/caches/401.js?n=####
tc.c####.com/adscache/caches/41.js?n=####
tc.c####.com/adscache/caches/436.js?n=####
tc.c####.com/adscache/caches/440.js?n=####
tc.c####.com/adscache/caches/46.js?n=####
tc.c####.com/adscache/caches/482.js?n=####
tc.c####.com/adscache/caches/492.js?n=####
tc.c####.com/adscache/caches/499.js?n=####
tc.c####.com/adscache/caches/509.js?n=####
tc.c####.com/adscache/caches/510.js?n=####
tc.c####.com/adscache/caches/56.js?n=####
tc.c####.com/adscache/caches/588.js?n=####
tc.c####.com/adscache/caches/589.js?n=####
tc.c####.com/adscache/caches/590.js?n=####
tc.c####.com/adscache/caches/591.js?n=####
tc.c####.com/adscache/caches/631.js?n=####
tc.c####.com/adscache/caches/72.js?n=####
tc.c####.com/adscache/caches/79.js?n=####
tc.c####.com/adscache/caches/97.js?n=####
tc.c####.com/adscache/caches/98.js?n=####
tc.c####.com/adscache/caches/img/354-60.jpg.jpg
tc.c####.com/adscache/caches/img/zk-bbs239x120.jpg.jpg
tc.c####.com/adx.js
tc.c####.com/iframeads/adsdispatch.php?pid=####
tc.c####.com/iframeads/mediaads/js/adsfu3.php
tc.c####.com/js/tcjs.php
tc.c####.com/js/tcjs.php?d=####
ti####.c####.l####.####.com/2011newcar/images/wb_btn1.jpg
ti####.c####.l####.####.com/2015/nav/css/channel_nav.css?v=####
ti####.c####.l####.####.com/2015/nav/images/Header_bg.gif?v=####
ti####.c####.l####.####.com/2015/nav/images/xcar_logov@2x.png?v=####
ti####.c####.l####.####.com/2016/DemioModel/css/common.css?version=####
ti####.c####.l####.####.com/2016/DemioModel/css/demion_v1.css?v=####
ti####.c####.l####.####.com/2016/DemioModel/css/demion_v1.css?version=####
ti####.c####.l####.####.com/2016/DemioModel/images/200.jpg
ti####.c####.l####.####.com/2016/DemioModel/images/DemioModel.png
ti####.c####.l####.####.com/2016/DemioModel/images/DemioModel.png?v####
ti####.c####.l####.####.com/PicLib/logo/pl1_40.jpg
ti####.c####.l####.####.com/common/1.7.2.min.js
ti####.c####.l####.####.com/min/?f=####&v=####
ti####.c####.l####.####.com/min/?f=####&version=####
ti####.c####.l####.####.com/review/js/city_arr_2008.js
ti####.c####.l####.####.com/source/search/search.r.js?v=####
ti####.c####.l####.####.com/source/search/search_emptyfns.r.js
ti####.c####.l####.####.com/source/search/search_exec.r.js?v=####
ti####.c####.l####.####.com/source/search/search_tpl_c2.r.js?v=####
ti####.c####.l####.####.com/ss/newsearch/css/search.css
ti####.c####.l####.####.com/tools/jq/1.9-nol.js
ti####.c####.l####.####.com/tools/requirejs/2.3.js?v=####
u####.c####.com/js/auth.js
u####.c####.com/js/auth.js?d=####
ucst####.c####.com.####.com/adicon-bottom.png
ucst####.c####.com.####.com/ast/js/global_j4.js
ucst####.c####.com.####.com/ast/js/jquery_132.js
ucst####.c####.com.####.com/ast/js/jquery_172.js
ucst####.c####.com.####.com/ast/loginface/cookielogin10.js?d=####
ucst####.c####.com.####.com/ast/loginface/cookielogin10.js?v=####
ucst####.c####.com.####.com/ast/loginface/cookielogin9.js
ucst####.c####.com.####.com/ast/loginface/style5.css
ucst####.c####.com.####.com/ast/loginface/style5.css?d=####
ucst####.c####.com.####.com/ast/loginface/style5.css?v=####
ucst####.c####.com.####.com/banner3.html?d=####
ucst####.c####.com.####.com/cmbbs/jquery.1.3.2.js
ucst####.c####.com.####.com/cmbbs/main.js
ucst####.c####.com.####.com/css/other.css
ucst####.c####.com.####.com/d/post/18706195.html
ucst####.c####.com.####.com/d/post/</div
ucst####.c####.com.####.com/globalMsg.js
ucst####.c####.com.####.com/images/banner2.jpg
ucst####.c####.com.####.com/images/bg_alpha.png
ucst####.c####.com.####.com/images/brand_l.gif
ucst####.c####.com.####.com/images/brand_r.gif
ucst####.c####.com.####.com/images/flow_01.gif
ucst####.c####.com.####.com/images/flow_02.gif
ucst####.c####.com.####.com/images/flow_03.gif
ucst####.c####.com.####.com/images/flow_04.gif
ucst####.c####.com.####.com/images/logo_new2014.gif
ucst####.c####.com.####.com/images/upload/20160421115404_small.jpg
ucst####.c####.com.####.com/images/upload/20160426101905_small.jpg
ucst####.c####.com.####.com/images/upload/20160428095127_small.jpg
ucst####.c####.com.####.com/images/upload/20160513165059_small.jpg
ucst####.c####.com.####.com/images/upload/20160516141612_small.jpg
ucst####.c####.com.####.com/images/upload/20160516160145_small.jpg
ucst####.c####.com.####.com/images/upload/20160516174331_small.png
ucst####.c####.com.####.com/images/upload/20160518112428_small.jpg
ucst####.c####.com.####.com/images/upload/banner/b508.jpg
ucst####.c####.com.####.com/images/upload/banner/b511.jpg
ucst####.c####.com.####.com/images/upload/banner/b512.jpg
ucst####.c####.com.####.com/images/upload/banner/b513.jpg
ucst####.c####.com.####.com/images/upload/company/17.jpg
ucst####.c####.com.####.com/images/upload/company/28.jpg
ucst####.c####.com.####.com/images/upload/company/38.jpg
ucst####.c####.com.####.com/images/upload/company/39.jpg
ucst####.c####.com.####.com/images/user_sig_split.gif
ucst####.c####.com.####.com/js/changePic.js
ucst####.c####.com.####.com/js/iwt1.0.1.js
ucst####.c####.com.####.com/jscripts/doc.js
ucst####.c####.com.####.com/linkserver.php?action=####&time=####
ucst####.c####.com.####.com/main.html
ucst####.c####.com.####.com/style/images/bg_header.jpg
ucst####.c####.com.####.com/style/images/icon.gif
ucst####.c####.com.####.com/style/images/icon_num.gif
ucst####.c####.com.####.com/style/images/search.gif
ucst####.c####.com.####.com/style/images/use_tool.gif
ucst####.c####.com.####.com/style/newPost.css?v=####
ucst####.c####.com.####.com/style/style_board.css
ucst####.c####.com.####.com/style/style_post3.css
ucst####.c####.com.####.com/styles/bbs-minstyle.css
ucst####.c####.com.####.com/styles/bbs-styles.css
ucst####.c####.com.####.com/styles/images/bbs-sprite.png
ucst####.c####.com.####.com/styles/images/bbs_bc.png
ucst####.c####.com.####.com/styles/images/bd.png
ucst####.c####.com.####.com/styles/images/bgs.gif
ucst####.c####.com.####.com/styles/images/douhao.png
ucst####.c####.com.####.com/styles/images/female_bc.png
ucst####.c####.com.####.com/styles/images/fla_b.jpg
ucst####.c####.com.####.com/styles/images/fla_t.jpg
ucst####.c####.com.####.com/styles/images/home.png
ucst####.c####.com.####.com/styles/images/login.png
ucst####.c####.com.####.com/styles/images/more.png
ucst####.c####.com.####.com/styles/images/now_title2.gif
ucst####.c####.com.####.com/styles/images/page-title.png
ucst####.c####.com.####.com/styles/images/pop_more.gif
ucst####.c####.com.####.com/styles/images/product/bd_bg.gif
ucst####.c####.com.####.com/styles/images/product/bgs.gif
ucst####.c####.com.####.com/styles/images/product/city_bg.gif
ucst####.c####.com.####.com/styles/images/product/icon.gif
ucst####.c####.com.####.com/styles/images/product/icon3.gif
ucst####.c####.com.####.com/styles/images/product/n_bgs.gif
ucst####.c####.com.####.com/styles/images/product/n_rbgs.gif
ucst####.c####.com.####.com/styles/images/product/new_hd.gif
ucst####.c####.com.####.com/styles/images/product/ntop_bg.gif
ucst####.c####.com.####.com/styles/images/talk.png
ucst####.c####.com.####.com/styles/images/tonglinquan.jpg
ucst####.c####.com.####.com/styles/images/user_bc.png
ucst####.c####.com.####.com/styles/images/yinhao.png
ucst####.c####.com.####.com/styles/styles2.css?v=####
ucst####.c####.com.####.com/ttd.png
w####.c####.com/abc/xyz/point/index.php
w####.c####.com/abc/xyz/point/single.php?bid=####
w.i####.com/iwt/a.gif?url=####&ua=####&uuid=####&sign=####&ts=####
wi####.w####.com/relationship/followbutton.php?language=####&width=####&...
www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
z.c####.com/stat.htm?id=1000244932&r=http://www2.ci123.com/abc/xyz/point...
z.c####.com/stat.htm?id=1000278162&r=http://www2.ci123.com/abc/xyz/point...
z.c####.com/stat.htm?id=1275700069&r=http://183.131.85.27:99/newcar/inde...
z.c####.com/stat.htm?id=5218738&r=http://www2.ci123.com/abc/xyz/point/si...
z.c####.com/stat.htm?id=5218764&r=http://www2.ci123.com/abc/xyz/point/si...
z.c####.com/stat.htm?id=5231363&r=http://www2.ci123.com/abc/xyz/point/si...
z.c####.com/stat.htm?id=5237564&r=http://www2.ci123.com/abc/xyz/point/si...
z.c####.com/stat.htm?id=5237636&r=http://www2.ci123.com/abc/xyz/point/si...

HTTP HEAD requests:

dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...

HTTP POST requests:

a####.caiji####.com/v2/load/mobile
d####.wos####.com/upload/event2.jsp
d####.wos####.com/upload/event9.jsp
d####.wos####.com/upload/longheartbeat.jsp
d####.wos####.com/upload/sdklongheartbeat.jsp
f####.caiji####.com/v3/task/mobile
ia.z####.net/ps/getSpecialChannel.do
p####.caiji####.com/klv2/sdkkl/mobile
s####.caiji####.com:666/v1/config

File system changes:

Creates the following files:

/data/data/####/-1863722794_app_spf_scli.xml
/data/data/####/-1863722794_rss_pl_cty.xml
/data/data/####/-1863722794_rws_sp.xml
/data/data/####/-1863722794_sp_iconfig.xml
/data/data/####/-1863722794_sp_iconfig.xml.bak
/data/data/####/15be0b8769134728bd4bdbadaac55d4b.jar
/data/data/####/54e970e7-8215-308b-baa9-99e8d20302c7.cpo
/data/data/####/54e970e7-8215-308b-baa9-99e8d20302c7.dex
/data/data/####/54e970e7-8215-308b-baa9-99e8d20302c7.inf
/data/data/####/54e970e7-8215-308b-baa9-99e8d20302c7.jar
/data/data/####/89ec39e9f676414babf0c64e0a87212f.jar
/data/data/####/8d406611-59e2-3435-8398-e8f89bfd0ba3.cpo
/data/data/####/8d406611-59e2-3435-8398-e8f89bfd0ba3.dex
/data/data/####/8d406611-59e2-3435-8398-e8f89bfd0ba3.inf
/data/data/####/8d406611-59e2-3435-8398-e8f89bfd0ba3.jar
/data/data/####/A3AEECD8.dex
/data/data/####/ApplicationCache.db-journal
/data/data/####/CachedGeoposition.db
/data/data/####/CachedGeoposition.db-journal
/data/data/####/app_launcher_icondec.png
/data/data/####/cache_-1863722794_onsp.xml
/data/data/####/cache_-1863722794_pl_sp.xml
/data/data/####/cache_update.xml
/data/data/####/classes.dex
/data/data/####/cm_cfgt_spf.xml
/data/data/####/config
/data/data/####/d7a8a13837a118786837a7031e3cfa92
/data/data/####/data_0
/data/data/####/data_1
/data/data/####/data_2
/data/data/####/data_3
/data/data/####/download_task.dat
/data/data/####/download_time.dat
/data/data/####/f19be1329018333420dd43b40e91e24a.zip
/data/data/####/f19be1329018333420dd43b40e91e24a.zip.inf
/data/data/####/f19be1329018333420dd43b40e91e24a.zip.tmp
/data/data/####/f50e448e-b9e6-38b8-a89c-15c6df7455c2.cpo
/data/data/####/f50e448e-b9e6-38b8-a89c-15c6df7455c2.dex
/data/data/####/f50e448e-b9e6-38b8-a89c-15c6df7455c2.inf
/data/data/####/f50e448e-b9e6-38b8-a89c-15c6df7455c2.jar
/data/data/####/f_000001
/data/data/####/f_000002
/data/data/####/f_000003
/data/data/####/f_000004
/data/data/####/f_000005
/data/data/####/f_000006
/data/data/####/f_000007
/data/data/####/f_000008
/data/data/####/f_000009
/data/data/####/f_00000a
/data/data/####/f_00000b
/data/data/####/f_00000c
/data/data/####/f_00000d
/data/data/####/f_00000e
/data/data/####/f_00000f
/data/data/####/f_000010
/data/data/####/f_000011
/data/data/####/f_000012
/data/data/####/f_000013
/data/data/####/f_000014
/data/data/####/f_000015
/data/data/####/f_000016
/data/data/####/f_000017
/data/data/####/f_000018
/data/data/####/f_000019
/data/data/####/f_00001a
/data/data/####/f_00001b
/data/data/####/f_00001c
/data/data/####/f_00001d
/data/data/####/f_00001e
/data/data/####/f_00001f
/data/data/####/f_000020
/data/data/####/f_000021
/data/data/####/f_000022
/data/data/####/f_000023
/data/data/####/f_000024
/data/data/####/f_000025
/data/data/####/f_000026
/data/data/####/f_000027
/data/data/####/f_000028
/data/data/####/f_000029
/data/data/####/f_00002a
/data/data/####/f_00002b
/data/data/####/f_00002c
/data/data/####/f_00002d
/data/data/####/f_00002e
/data/data/####/f_00002f
/data/data/####/f_000030
/data/data/####/f_000031
/data/data/####/f_000032
/data/data/####/f_000033
/data/data/####/f_000034
/data/data/####/f_000035
/data/data/####/f_000036
/data/data/####/f_000037
/data/data/####/f_000038
/data/data/####/f_000039
/data/data/####/f_00003a
/data/data/####/f_00003b
/data/data/####/f_00003c
/data/data/####/f_00003d
/data/data/####/f_00003e
/data/data/####/f_00003f
/data/data/####/f_000040
/data/data/####/f_000041
/data/data/####/f_000042
/data/data/####/f_000043
/data/data/####/f_000044
/data/data/####/f_000045
/data/data/####/f_000046
/data/data/####/f_000047
/data/data/####/f_000048
/data/data/####/f_000049
/data/data/####/f_00004a
/data/data/####/f_00004b
/data/data/####/f_00004c
/data/data/####/f_00004d
/data/data/####/f_00004e
/data/data/####/f_00004f
/data/data/####/f_000050
/data/data/####/f_000051
/data/data/####/f_000052
/data/data/####/f_000053
/data/data/####/f_000054
/data/data/####/f_000055
/data/data/####/f_000056
/data/data/####/f_000057
/data/data/####/f_000058
/data/data/####/f_000059
/data/data/####/f_00005a
/data/data/####/f_00005b
/data/data/####/f_00005c
/data/data/####/f_00005d
/data/data/####/f_00005e
/data/data/####/f_00005f
/data/data/####/f_000060
/data/data/####/f_000061
/data/data/####/f_000062
/data/data/####/f_000063
/data/data/####/f_000064
/data/data/####/f_000065
/data/data/####/f_000066
/data/data/####/f_000067
/data/data/####/f_000068
/data/data/####/f_000069
/data/data/####/f_00006a
/data/data/####/f_00006b
/data/data/####/f_00006c
/data/data/####/f_00006d
/data/data/####/f_00006e
/data/data/####/f_00006f
/data/data/####/f_000070
/data/data/####/f_000071
/data/data/####/f_000072
/data/data/####/f_000073
/data/data/####/f_000074
/data/data/####/f_000075
/data/data/####/f_000076
/data/data/####/f_000077
/data/data/####/f_000078
/data/data/####/f_000079
/data/data/####/f_00007a
/data/data/####/f_00007b
/data/data/####/f_00007c
/data/data/####/f_00007d
/data/data/####/f_00007e
/data/data/####/f_00007f
/data/data/####/f_000080
/data/data/####/f_000081
/data/data/####/f_000082
/data/data/####/f_000083
/data/data/####/f_000084
/data/data/####/f_000085
/data/data/####/f_000086
/data/data/####/f_000087
/data/data/####/f_000088
/data/data/####/f_000089
/data/data/####/f_00008a
/data/data/####/f_00008b
/data/data/####/f_00008c
/data/data/####/f_00008d
/data/data/####/f_00008e
/data/data/####/f_00008f
/data/data/####/f_000090
/data/data/####/f_000091
/data/data/####/f_000092
/data/data/####/f_000093
/data/data/####/f_000094
/data/data/####/f_000095
/data/data/####/f_000096
/data/data/####/f_000097
/data/data/####/f_000098
/data/data/####/f_000099
/data/data/####/f_00009a
/data/data/####/f_00009b
/data/data/####/f_00009c
/data/data/####/f_00009d
/data/data/####/f_00009e
/data/data/####/f_00009f
/data/data/####/f_0000a0
/data/data/####/f_0000a1
/data/data/####/f_0000a2
/data/data/####/f_0000a3
/data/data/####/f_0000a4
/data/data/####/f_0000a5
/data/data/####/f_0000a6
/data/data/####/f_0000a7
/data/data/####/f_0000a8
/data/data/####/f_0000a9
/data/data/####/f_0000aa
/data/data/####/f_0000ab
/data/data/####/http_58.218.92.50_808.localstorage-journal
/data/data/####/http_ask.ci123.com_0.localstorage-journal
/data/data/####/http_bbs.ci123.com_0.localstorage-journal
/data/data/####/http_ipp.zhitoudsp.com_807.localstorage-journal
/data/data/####/http_newcar.xcar.com.cn_0.localstorage-journal
/data/data/####/http_shiyong.ci123.com_0.localstorage-journal
/data/data/####/http_www.ci123.com_0.localstorage-journal
/data/data/####/https_pos.baidu.com_0.localstorage-journal
/data/data/####/https_price.pcauto.com.cn_0.localstorage-journal
/data/data/####/https_sw4.duoyi.com_0.localstorage-journal
/data/data/####/https_www.mgtv.com_0.localstorage-journal
/data/data/####/https_yz.m.sm.cn_0.localstorage-journal
/data/data/####/https_yz.m.sm.cn_0.localstorage-journal (deleted)
/data/data/####/img-cache.zip
/data/data/####/index
/data/data/####/journal.tmp
/data/data/####/libA3AEECD8_arm64-v8a.so
/data/data/####/libA3AEECD8_armeabi.so
/data/data/####/load_MTAwMF8xMjAxXzIyODAwMTAw;.xml
/data/data/####/rdata_@apkloader-unique.pkgname@.new
/data/data/####/spfn_MTAwMF8xMjAxXzIyODAwMTAw;.xml
/data/data/####/spfp_configl.xml
/data/data/####/uid.dat
/data/data/####/update_task.dat
/data/data/####/update_time.dat
/data/data/####/webview.db-journal
/data/data/####/webviewCookiesChromium.db-journal
/data/media/####/.cjlocfile.txt
/data/media/####/uid.dat

Miscellaneous:

Loads the following dynamic libraries:

libA3AEECD8_arm64-v8a
libA3AEECD8_armeabi

Uses the following algorithms to decrypt data:

DES-CBC-PKCS5Padding

Accesses the ITelephony private interface.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

Gets information about installed apps.

Displays its own windows over windows of other apps.

Technologies

Terminology

Training and education

Myths

Technical information

Curing recommendations

Free trial