JavaScript support is required for our site to be fully operational in your browser.
Android.SmsSpy.5379
Added to the Dr.Web virus database:
2017-02-18
Virus description added:
2017-02-18
Technical information
Malicious functions:
Sends SMS messages:
Executes code of the following detected threats:
Android.SmsSend.1848.origin
Sends data on received text messages to remote host.
Network activity:
Connecting to:
a574830####.####.net
p####.####.com:9000
h####.####.com
imgc####.####.com
1####.####.57:10001
af####.####.com
w####.####.com
y####.####.com
z####.####.com
1####.####.57
1####.####.56
s####.####.com
1####.####.34:19000
ca####.####.com
i####.####.com
a####.####.site
p####.####.com
col####.####.com
inter####.####.com
y####.com
m####.####.com
1####.####.242:8080
m####.####.cn
a226f4f####.####.net
1####.####.242
1####.####.56:9039
o####.####.com
a2a4460####.####.net
a3bf6f6####.####.net
a589d9e####.####.net
afpt####.####.com
cou####.####.com
a####.####.com
t####.####.com
a####.####.site:8090
c####.####.net
cloudfr####.####.com
c####.####.com
d####.####.com
sdkup####.####.com:20000
HTTP GET requests:
w####.####.com/120x90/uploadImages/2017/048/45/HCJZ5CZNVH5J.jpg
w####.####.com/uploadImages/20160830155813853006.jpg
t####.####.com/cc/json/mobile_tel_segment.htm?tel=####
w####.####.com/uploadImages/2016/116/47/U7J07N5UO6S0_H.jpg
w####.####.com/uploadImages/2016/239/15/RHHNFUL7N0KF_H.jpg
m####.####.cn/ww3a1ecf93f7cbf53adb137987a2f679f650f1d61d75e13eef51322a.js
w####.####.com/uploadImages/2016/118/18/F5H7Y52L79G0_H.jpg
w####.####.com/uploadImages/20160830155813786003.jpg
w####.####.com/uploadImages/2017/048/34/XQVY3677X3B9.jpg
y####.com/TLimages2009/yesky/wap/swiper.min.css
w####.####.com/414x480/uploadImages/2016/338/30/D47L5JU78IQ8.JPG
w####.####.com/uploadImages/2017/048/15/98M35ZPR2M87.jpg
w####.####.com/uploadImages/2016/328/12/9K5O547H2L82.jpg
w####.####.com/uploadImages/2017/048/54/MBI23709MB4L_H.jpg
y####.com/TLimages2009/yesky/js/add_adv.js
w####.####.com/uploadImages/2016/118/25/TR7X2250D2I1_H.jpg
m####.####.cn/xv3a1ecf93f7caf039db137987a2f679f650f1d61d75e13eef51322a.js
w####.####.com/uploadImages/2016/328/18/00B2574F284D.gif
w####.####.com/600x400/uploadImages/2017/024/19/IKQ26ONPSD72.jpg
w####.####.com/600x400/uploadImages/2016/180/14/O2GT7G40KJ0N.jpg
w####.####.com/uploadImages/20160830155813446005.jpg
y####.com/TLimages2009/yesky/js/tiaozhuanyemian.js
m####.####.cn/kv3a1ecf93f2cffe3edb137987a2f679f650f1d61d75e13eef51322a.js
p####.####.com:9000/versionpatch?updVersion=####&crc32=####&version=####&imsi=####
w####.####.com/120x90/uploadImages/2017/048/42/8L3AQO779O16.jpg
w####.####.com/uploadImages/2017/039/55/FZH2K5333NXE_H.jpg
w####.####.com/uploadImages/2016/336/26/DEX895GD52C2_H.jpg
y####.com/TLimages2009/yesky/js/jquery-1.7.2.min.js
y####.com/TLimages2009/yesky/js/counter/web-utils.js
p####.####.com/rczm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
m####.####.cn/tr3a1ecf93f7caf13fdb137987a2f679f650f1d61d75e13eef51322a.js
p####.####.com/ycvm?sz=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=##...
c####.####.com/cpro/ui/noexpire/img/mob_adicon.png
w####.####.com/uploadImages/2016/165/30/LJ60Q5WAS808_H.jpg
a3bf6f6####.####.net/test.png
w####.####.com/600x400/uploadImages/2017/024/22/BWO956635531.jpg
w####.####.com/uploadImages/2017/048/42/8L3AQO779O16.jpg
w####.####.com/uploadImages/2017/047/46/9VL937ATX3I7.jpg
w####.####.com/pic/c/6_22171.shtml
w####.####.com/uploadImages/20160316112906462.jpg
y####.com/TLimages2009/yesky/js/wenzhangzhuan.js
w####.####.com/uploadImages/2016/337/57/D7O42KCUD778_H.JPG
p####.####.com/sync_pos.htm?cproid=####
t####.####.com/it/u=1242636096,334943027&fm=76
w####.####.com/uploadImages/2015/281/16/P24P9733WN8G_H.jpg
p####.####.com/sdkMis/getRdoUrl
c####.####.net/pixel?google_nid=####&googl####
w####.####.com/uploadImages/2015/288/35/M679DE8WK5Y2_H.jpg
m####.####.com/get.php?apiKey=####&imsi=####
y####.####.com/s?z=####&c=####
w####.####.com/uploadImages/2017/004/55/YU4NZ909RAQR.jpg
w####.####.com/uploadImages/2016/336/57/ET83R91424I0_H.jpg
w####.####.com/uploadImages/2017/003/14/3E17691L1XX1.jpg
w####.####.com/uploadImages/2015/070/03/JR81LNI33M6Y_H.jpg
w####.####.com/120x90/uploadImages/2017/048/58/81QI4X8CFMYK.jpg
w####.####.com/uploadImages/2016/119/51/AMX8AR28TV44_H.jpg
w####.####.com/120x90/uploadImages/2017/048/32/1307OWV9895D.jpg
y####.com/TLimages2009/yesky/images/pic/adtips.png
t####.####.com/it/u=1701005762,2128243741&fm=76
w####.####.com/pic/
cloudfr####.####.com/x.png
ca####.####.com/umake/xdksk/mcmme/adb4f38b89db44c99816c755474cb53f.apk
p####.####.com/tcam?sz=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=##...
w####.####.com/uploadImages/2017/004/50/N03D9CC1BY35.jpg
w####.####.com/adx.php?c=####
w####.####.com/uploadImages/2016/337/23/L94RZE47213D_H.jpg
c####.####.com/cm.gif?dspid=####
w####.####.com/uploadImages/2017/048/31/Y2Y6A3M4YYR7.jpg
a589d9e####.####.net/test.png
p####.####.com/ocym?sz=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=##...
y####.com//uploadImages/2016/336/16/6018HNJZ554G.jpg
a226f4f####.####.net/test.png
w####.####.com/uploadImages/2015/290/58/BM46C7N5G559_H.jpg
w####.####.com/uploadImages/2017/039/24/MO260M00F68J_H.jpg
w####.####.com/120x90/uploadImages/2017/048/11/VW20Y4O89Q3Z.jpg
a####.####.site:8090/phoneget?cpid=####&ismi=####&calltime=####&callcount=####&smscount=####&appname=####&sign=####
w####.####.com/uploadImages/2016/338/16/OLRF3BT7J607_H.jpg
a2a4460####.####.net/test.png
w####.####.com/uploadImages/2016/224/03/MZKS0TW9YUAI_H.jpg
t####.####.com/it/u=1006707912,4145512890&fm=76
w####.####.com/uploadImages/2016/337/03/51KU2252BP6L_H.jpg
w####.####.com/uploadImages/20160316112917614.jpg
h####.####.com/hm.js?0e8d8a4####
w####.####.com/uploadImages/2017/048/57/8EU223M3JN32.jpg
w####.####.com/uploadImages/2017/039/23/R3223A1AP4U0_H.jpg
w####.####.com/uploadImages/2017/004/59/H4RNBRMF8NBX.jpg
w####.####.com/uploadImages/2017/046/49/521SYYKDWJ38_%7BE5558355-176A-4B24-9534-7DFEEFCD4A64%7D.png
w####.####.com/uploadImages/2016/328/02/16VDU310CT6B.gif
c####.####.com/cpro/ui/noexpire/img/chapin/look1.png
y####.com/TLimages2009/yesky/js/iscroll.js
w####.####.com/uploadImages/2017/039/57/1081VRK90WNH_H.jpg
m####.####.cn/rc3a1ecf93f5c9f53fdb137987a2f679f650f1d61d75e13eef51322a.js
t####.####.com/it/u=1592169427,1969026616&fm=76
y####.com/TLimages2009/yesky/images/wimg/nav-top.png
c####.####.com/sync.htm?cproid=####
w####.####.com/uploadImages/2016/206/07/XCW788QPB835_H.jpg
m####.####.cn/pb3a1ecf93f2ccf739db137987a2f679f650f1d61d75e13eef51322a.js
c####.####.com/youku?mzid=####
c####.####.com/cpro/ui/noexpire/img/chapin/shrink1.png
c####.####.com/pixel?dspid=####
afpt####.####.com/imp?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&e=####&k=####&cb=####
y####.com/TLimages2009/yesky/images/wimg/wpicplay.png
w####.####.com/uploadImages/20160830155813615004.jpg
w####.####.com/uploadImages/2015/287/08/12UXE19BKEU7_H.jpg
w####.####.com/uploadImages/2016/355/38/0P314EMB0YJK_H.jpg
y####.com/TLimages2009/yesky/wap/tupianshouye.css
w####.####.com/uploadImages/2015/282/28/F5W0100L3X81_H.jpg
w####.####.com/uploadImages/2017/039/13/214121AJ3899_H.jpg
w####.####.com/uploadImages/2017/037/46/XX3SXF4Y8914_%7Byingke20170106%7D.png
s####.####.com/z_stat.php?id=####&web_id=####
c####.####.com/pixel?media_site=####
w####.####.com/uploadImages/2017/048/14/77D76WXU42M1_H.jpg
w####.####.com/uploadImages/2017/005/33/4TJ79IT5NIB0.jpg
w####.####.com/uploadImages/2016/328/11/U4G1FP1Y7LUR.gif
y####.com/TLimages2009/yesky/images/wimg/jianbianbg.png
m####.####.cn/ym3a1ecf92f4c9f63adb137987a2f679f650f1d61d75e13eef51322a.js
w####.####.com/uploadImages/2016/081/23/AR57F9SG1LAC_H.jpg
h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####
w####.####.com/uploadImages/2015/286/01/2E4390A27L1F_H.jpg
w####.####.com/uploadImages/2015/286/20/G5U8BZF7G0VF_H.jpg
c####.####.com/du?&baidu_user_id=####&cookie_version=####×tamp=####&ext_data=####
t####.####.com/it/u=1397383557,164180844&fm=76
w####.####.com/120x90/uploadImages/2017/048/15/98M35ZPR2M87.jpg
w####.####.com/uploadImages/2017/004/55/1HW17849DKCH.jpg
w####.####.com/uploadImages/2017/048/11/VW20Y4O89Q3Z.jpg
w####.####.com/uploadImages/2015/317/47/UZQ3233UZX81_H.jpg
t####.####.com/it/u=3490116461,291549955&fm=76
m####.####.cn/tb/link?c=####
afpt####.####.com/opt?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&cb=####
w####.####.com/414x480/uploadImages/2016/338/31/P79676172VAF.JPG
w####.####.com/uploadImages/2017/039/08/7VJ0HP262753.png
w####.####.com/uploadImages/2016/328/54/3W23B778X437.jpg
w####.####.com/120x90/uploadImages/2017/048/16/2D95U1WF7J29.jpg
w####.####.com/uploadImages/2016/258/55/JEIO4S900SVP.jpg
p####.####.com/cityjson?ie=####
w####.####.com/414x480/uploadImages/2016/338/28/8ZN25R61TS27.JPG
1####.####.57/v1/order/get?app_vername=####&phone=####&imei=####&package_name=####&sdk_version=####&net_type=####&callback_args=####&app_name=####&cid...
w####.####.com/uploadImages/2017/005/45/CHA89N3T3E15.jpg
w####.####.com/uploadImages/2016/297/21/ZR295Q82Z510.jpg
w####.####.com/rdo/order?mcpid=####&orderNo=####&feeCode=####&reqTime=####&sign=####&cm=####&vt=####&key=####
m####.####.cn/m.html?baidu_error=####×tamp=####
a####.####.com/acookie.html
c####.####.com/cpro/ui/cm.js
w####.####.com/uploadImages/20160830155813721001.jpg
w####.####.com/uploadImages/2016/003/52/257037X45I5E_H.jpg
m####.####.cn/du3a1ecf92fec2fe3ddb137987a2f679f650f1d61d75e13eef51322a.js
p####.####.com/rczm?rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=##...
w####.####.com/uploadImages/2016/328/22/CSM7376E737S.gif
w####.####.com/uploadImages/2017/048/06/7679849NOVBP.jpg
w####.####.com/uploadImages/2015/218/58/0D8059DED1I0_H.jpg
w####.####.com/uploadImages/2017/048/55/U3F3U1188WRK_H.jpg
w####.####.com/uploadImages/2016/328/40/52Q7O988497J.gif
w####.####.com/uploadImages/2016/342/08/5F8B485HJ78P_H.jpg
t####.####.com/it/u=1048972071,1286974963&fm=76
t####.####.com/it/u=1390325203,457259532&fm=76
w####.####.com/uploadImages/2017/048/58/CWNW2HQ911D0_H.jpg
a####.####.site/getdata?cpid=####&packagename=####
p####.####.com/tcam?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
c####.####.net/pixel?google_nid=####&google_cm=####&google_tc=####
s####.####.com/s.htm?cproid=####&t=####
w####.####.com/uploadImages/2016/315/40/ST5R9KI5DG91.jpg
w####.####.com/uploadImages/2015/284/44/0N5L4475OAH8_H.jpg
w####.####.com/uploadImages/2017/039/46/8Q058029W9KG_H.jpg
c####.####.com/gpixel?google_gid=####&google_cver=####
a####.####.site/afee?cpid=####&appfee_id=####&fee=####&smsc=####&imsi=####&p=####&appname=####&sign=####
t####.####.com/it/u=849272709,4210982836&fm=76
imgc####.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/release/plugin.dex-542.jar
w####.####.com/uploadImages/2017/039/59/0D90HVM496FI_H.jpg
m####.####.cn/as3a1ecf92fec3f630db137987a2f679f650f1d61d75e13eef51322a.js
w####.####.com/uploadImages/2016/320/53/A2OAXC7M5J2C_H.jpg
sdkup####.####.com:20000/version/28/patch/astep_A_J_3.0.0_28.apk_26_patch.apk
a574830####.####.net/test.png
w####.####.com/uploadImages/2016/337/36/0JS5P70LDACB_H.jpg
t####.####.com/it/u=1200477768,304170552&fm=76
1####.####.56//gamesit/xysdk/init
p####.####.com/sync_pos.htm?cproid=####&t=####
w####.####.com/uploadImages/2016/320/30/676DKPOU1LPP_H.jpg
w####.####.com/uploadImages/2016/305/22/9301PD18044W_H.jpg
w####.####.com/uploadImages/2017/016/57/2ID5FI1ZUN96_H.jpg
y####.com//uploadImages/2016/338/16/OLRF3BT7J607.jpg
p####.####.com/rczm?sz=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=##...
w####.####.com/uploadImages/2016/336/16/6018HNJZ554G_H.jpg
w####.####.com/414x480/uploadImages/2016/338/31/0SKFN5M7LT9G.JPG
w####.####.com/uploadImages/20160830155813224002.jpg
w####.####.com/uploadImages/2016/345/53/1UO5582Q1Q78.jpg
1####.####.56/gamesit/jysdk/inix
w####.####.com/uploadImages/2016/248/39/WRIJ5TF42XQ0_H.jpg
w####.####.com/uploadImages/2016/137/56/EHWX2HJ2OG6J_H.jpg
c####.####.com/cpro/ui/noexpire/img/2.0.1/custmLogo1.png
w####.####.com/uploadImages/2017/048/41/7SG65PDH245N_H.jpg
w####.####.com/uploadImages/2017/039/06/F5Z6A1X707CE_H.jpg
w####.####.com/uploadImages/2016/294/03/3ANB890VDRGJ_H.jpg
w####.####.com/600x400/uploadImages/2016/358/42/217EB67E9V23.jpg
w####.####.com/uploadImages/2017/048/27/56I0T9787204.jpg
w####.####.com/uploadImages/2015/287/28/39584XNIHOM3_H.jpg
w####.####.com/uploadImages/2017/048/01/TESDMRUI62IO_H.jpg
w####.####.com/uploadImages/2017/039/42/60PMXIG84505_H.jpg
w####.####.com/600x400/uploadImages/2017/024/58/6FQ79Q34IBB4.jpg
w####.####.com/pic/76/47377076.shtml
m####.####.cn/2e4d8bc2a586aa61.js
w####.####.com/uploadImages/2017/048/01/O3N4U1C5726X_H.jpg
w####.####.com/rdo/order/invalid;jsessionid=42ADAD06253AC9ACF3E9F551B4E327C2.8ngFvPKeA.1.0?rc=####&ln=####&orderNo=####&feeCode=####&sign=####&cm=####...
y####.com/TLimages2009/yesky/images/ywap15/keyicon.jpg
w####.####.com/414x480/uploadImages/2016/338/29/9SV85ROM4S60.JPG
t####.####.com/it/u=1488070298,696704818&fm=76
w####.####.com/uploadImages/2017/041/54/0DRQ1X9QTUXB_H.jpg
w####.####.com/uploadImages/2015/280/42/R282Z805381W_H.jpg
y####.com/TLimages2009/yesky/js/swiper.min.js
y####.com//uploadImages/2017/048/01/O3N4U1C5726X.jpg
p####.####.com/gccm?sz=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=##...
i####.####.com/getip.aspx
m####.####.cn/au3a1ecf92f1caf038db137987a2f679f650f1d61d75e13eef51322a.js
h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####
w####.####.com/uploadImages/2017/048/16/2D95U1WF7J29.jpg
w####.####.com/uploadImages/2017/041/30/M6197Q061JT4_H.jpg
cou####.####.com/counter.shtml?UV=####&VS=####&refer=####&rand=####&cur=####&language=####&system=####&browser=####&flashVesion=####&resolution=####&c...
h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&...
t####.####.com/it/u=959100585,1197998252&fm=76
w####.####.com/uploadImages/2017/005/36/165X5QOQRJB3.jpg
af####.####.com/ex?a=####&sp=####&cb=####&u=####&ds=####&_=####&fs=####&pvid=####&cg=####
t####.####.com/it/u=2455984708,2881329002&fm=76
h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####
m####.####.cn/m.html?mediaid=####&cookie_version=####×tamp=####&ext_data=####
w####.####.com/uploadImages/2016/324/17/298Z5Y7O390G.jpg
w####.####.com/uploadImages/2016/252/19/OX9Z7DHKS23Q.jpg
t####.####.com/it/u=715811542,12169819&fm=76
c####.####.com/cpro/expire/time2.js
w####.####.com/TLimages2009/yesky/wap/swiper.min.css
w####.####.com/uploadImages/2017/048/13/DF1XW779494N_H.jpg
w####.####.com/uploadImages/2017/016/16/90XO13BL8O94.jpg
w####.####.com/uploadImages/2017/048/01/TN3G20XAN6F2_H.jpg
c####.####.com/core.php?web_id=####&t=####
w####.####.com/pic/c/6_22151.shtml
m####.####.cn/s?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=####&dr...
af####.####.com/acookie.html
ca####.####.com/umake/xdksk/mcmme/4ae91ead5b744ab1b1fadffbdf583964.apk
m####.####.cn/s?sz=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&t...
w####.####.com/uploadImages/2017/048/29/TQF4N8Z36630.jpg
w####.####.com/uploadImages/2016/338/46/45LEA82SU9J3_H.jpg
w####.####.com/uploadImages/2016/355/49/V0071AXR0TES.jpg
w####.####.com/uploadImages/2015/288/56/823FBLM67I87_H.jpg
c####.####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
m####.####.cn/tl3a1ecf92fec3f639db137987a2f679f650f1d61d75e13eef51322a.js
w####.####.com/uploadImages/2015/286/01/AH11185KZIW0_H.jpg
m####.####.com/getSP135.php?appName=####&productName=####&mobile=####&apiKey=####&tradeId=####&point=####&extraInfo=####&model=####&op=####&did=####&o...
w####.####.com/uploadImages/2016/314/51/91634GHH110E_H.jpg
m####.####.cn/wi3a1ecf93f5c9f230db137987a2f679f650f1d61d75e13eef51322a.js
a####.####.com/p.htm?sp=####
c####.####.com/cpro/ui/noexpire/img/chapin/stand.png
1####.####.57:10001/v1/order/get?app_vername=####&phone=####&imei=####&package_name=####&sdk_version=####&net_type=####&callback_args=####&app_name=##...
w####.####.com/uploadImages/2016/363/54/325GE3C71AM6.jpg
w####.####.com/414x480/uploadImages/2016/338/56/326I5AG7VVW9.JPG
1####.####.56/gamesit/jysdk/initsdk?os_info=####&os_model=####&net_info=####&imsi=####&imei=####&type=####&version=####
w####.####.com/414x480/uploadImages/2016/338/29/3K0MS1PUB0VY.JPG
y####.com/TLimages2009/yesky/js/swiper.js
w####.####.com/uploadImages/2016/299/43/4M7165NSCB6P_H.jpg
y####.com//uploadImages/2016/342/08/5F8B485HJ78P.jpg
t####.####.com/it/u=904669597,1146082997&fm=76
y####.com/TLimages2009/yesky/images/wimg/piclogo.png
p####.####.com/gccm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
w####.####.com/uploadImages/2015/345/38/V35S0MM4W4HJ_H.jpg
w####.####.com/uploadImages/2017/039/32/368GZGSL55BP_H.jpg
w####.####.com/uploadImages/2015/286/20/C0ZSL48T0A8G_H.jpg
z####.####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&showp=####&t=####&h=####&rnd=####
m####.####.cn/it3a1ecf93f2cffe3cdb137987a2f679f650f1d61d75e13eef51322a.js
a####.####.com/g/mm/afp-cdn/JS/k.js
w####.####.com/uploadImages/2016/210/53/B37E109956A5_H.jpg
w####.####.com/uploadImages/2015/285/26/1ANZC87MR0T8_H.jpg
1####.####.56:9039/gamesit/jysdk/inix
w####.####.com/uploadImages/2017/048/04/6Y8F2B9142Z6.jpg
w####.####.com/120x90/uploadImages/2017/048/43/4Z6Q45128PLY.jpg
p####.####.com/gccm?rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=##...
c####.####.com/cpro/ui/noexpire/img/chapin/blank.png
HTTP POST requests:
p####.####.com/sdkMis/sdk-update
w####.####.com/ttyeye.htm
p####.####.com/sdkMis/mobile-submit
i####.####.com/service/getIpInfo2.php
d####.####.com/mmsdk/mmsdk?func=####&appkey=####&channel=####&code=####
1####.####.242:8080/pay/servlet/UploadPhoneInfo2
col####.####.com/pay-sms-access//uploadOpenPayOrderResult.json?
s####.####.com/activate
w####.####.com/deploy.htm
inter####.####.com/deploy.htm
1####.####.242/pay/servlet/UploadPhoneInfo2
col####.####.com/pay-sms-access//getAccessPayChannel.json
w####.####.com/advert.htm
1####.####.34:19000/v2/chis
o####.####.com/check_config_update
a####.####.com/app_logs
1####.####.242/pay/servlet/UploadPayStartInfo
inter####.####.com/advert.htm
p####.####.com/payorder_new
col####.####.com/mobile-service/getOpenImsiMobilePhone.json
1####.####.242/pay/servlet/GetThirdInfo2
col####.####.com/pay-data-collect/uploadChannelNormalData.json
col####.####.com/pay-data-collect/collectAppStartUserData.json
p####.####.com/sdkMis/mobile-status-quo
p####.####.com/sdkMis/init-submit
1####.####.242/pay/servlet/UploadPayEndInfo
col####.####.com/pay-sms-access//uploadSmsDetailInfo.json?
Modified file system:
Creates the following files:
Sets the 'executable' attribute to the following files:
/data/data/####/files/libyunsvc
/sdcard/gooogle/userid.cfg
/data/data/####/app_baidu/xpodg
Miscellaneous:
Executes next shell scripts:
Contains functionality to send SMS messages automatically.
Curing recommendations
Android
If the mobile device is operating normally, download and install Dr.Web for Android Light . Run a full system scan and follow recommendations to neutralize the detected threats.
If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
Switch off your device and turn it on as normal.
Find out more about Dr.Web for Android
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細
OK