It first reports its successful activation to a remote site:
https://[...].waplove.cn:[...]/Wukong/android/[...]
... then obtains a lits of premium-rate telephone numbers from another remote site:
https://domaindev.[...]widgets.com/ss/[...]
The trojan then sends SMS messages to the obtained numbers. The SMS messages sent contain text that always starts with "YHZC" or "YZHC", appended with the phone's International Mobile Equipment Identity (IMEI) number and user value. This behavior may incur significant usage charges to the unsuspecting user. The trojan includes a routine that attempts to disguise this behavior. The trojan will delete incoming SMS messages from the service provider that contain the chinese characters "bao yue" ("monthly" in English), without the user's knowledge.