SHA1:
- 4c4ea5c2ae605bd714771868011b5b9e57e907b7
A module for Android incorporated into various software and intended to display advertisements. It is associated with Android.WalkFree.2.origin that is stored in the resource directory of the application containing Adware.WalkFree.1.origin.
At the first launch of the infected application, the key_sp_push_sdk.xml file is created in SharedPref. The file records time of the last displayed ad in order to avoid too frequent advertising.
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<long name="key_push_msg_last_pull" value="1461146422720" />
<boolean name="is_first_request" value="false" />
<int name="last_ver_int" value="10" />
<string name="fail_packname"></string>
<string name="key_time_duration">2016-04-20_14_18</string>
<boolean name="is_first_dex_installed" value="true" />
<boolean name="key_self_update_enable" value="true" />
<boolean name="key_is_downloading_file" value="true" />
<boolean name="key_push_msg_net_reconnect" value="false" />
</map>When the infected application is closed, Adware.WalkFree.1.origin continues to work as the InternalPushService system service, which is then launched automatically every time the system is booted. Thus, advertisements can be delivered even if the source application is not running.
After some time, Adware.WalkFree.1.origin prompts the user to install some program. The module is currently known to advertise applications published on Google Play.
In addition, Adware.WalkFree.1.origin can advertise software being able to open the relevant sections by itself.
