ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.Packed.21136

Added to the Dr.Web virus database: 2017-05-02

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Mixi.16.origin
  • Android.Mixi.13.origin
Network activity:
Connecting to:
  • t####.####.com
  • g####.####.com
  • i####.####.com
  • c####.####.com
  • l####.####.com
  • start####.####.com
  • a####.####.com
HTTP GET requests:
  • c####.####.com/3/i/com.smile.gifmaker/38656/1413840.gif?ast=####
  • i####.####.com/mms/icon/v1/9/b9/eaef45b539575c99f1aed3e39bffab99_256_256...
  • t####.####.com/upload/test/ic_out_48.png
  • c####.####.com/3/i/so.ofo.labofo/46572/1830616.gif?ast=####
  • i####.####.com/mms/icon/v1/a/a5/6a5f5bb8e98dd246c7806b4f01f76a5a_256_256...
  • c####.####.com/3/i/com.sports.baofeng/42912/1687178.gif?ast=####
  • i####.####.com/mms/icon/v1/7/c0/49f6e2e7bf7b5f6590d1686effb28c07_256_256...
  • i####.####.com/mms/icon/v1/b/44/509b2c6b84e72601a1369de5714ac44b_256_256...
  • i####.####.com/mms/icon/v1/1/cf/66c9eb499b24cd5ef364cb5aee7aecf1_256_256...
  • g####.####.com/cr/sdk/goplaysdk_statistics_method.dat
  • c####.####.com/3/i/com.qidian.QDReader/46384/1827112.gif?ast=####
  • start####.####.com/five/v1/nux/essentials/onboard_shop?max=####&checkedC...
  • i####.####.com/mms/icon/v1/0/cd/ad83cad807210f78abbd3e2a648facd0_256_256...
  • i####.####.com/mms/icon/v1/1/2b/3f934ac3797a08fd63fae805f78ed2b1_256_256...
  • i####.####.com/mms/icon/v1/f/1d/4048df75bd2682b41ac9ebc7f35b71df_256_256...
  • i####.####.com/mms/icon/v1/2/df/be4182552c39c93ee595b13321516df2_256_256...
  • c####.####.com/3/i/com.sankuai.meituan/20/56239.gif?ast=####
  • c####.####.com/3/i/com.uzai.app/46422/1827746.gif?ast=####
  • i####.####.com/mms/icon/v1/4/db/5277110e838c02ee2c01b63f75b47db4_256_256...
  • i####.####.com/mms/icon/v1/5/f8/97633e0f431bc60e520082dec7227f85_256_256...
  • c####.####.com/3/i/com.shuqi.controller/29939/1627922.gif?ast=####
  • a####.####.com/five/v2/al/speedup/whitelist?udid=####&id=####&launchedAg...
  • start####.####.com/five/v1/nux/essentials/onboard_relax?max=####&checked...
  • i####.####.com/mms/icon/v1/6/9d/a1eff25827662f4738813b5a3ec0c9d6_256_256...
  • i####.####.com/mms/icon/v1/c/63/2234483df8051c9a253d308db304063c_256_256...
  • c####.####.com/3/i/com.ss.android.article.news/1032/187977.gif?ast=####
  • i####.####.com/mms/icon/v1/0/96/5f3ea401a9ac4cda53e0252f0430c960_256_256...
  • i####.####.com/mms/icon/v1/7/ac/81ebcb35639ac5286a15f3fe8486bac7_256_256...
  • i####.####.com/mms/icon/v1/9/d8/8b0cbeb3f23c56c5e712b7b65482cd89_256_256...
  • c####.####.com/3/i/fm.qingting.qtradio/38974/1426766.gif?ast=####
  • c####.####.com/3/i/com.tencent.news/46110/1816876.gif?ast=####
  • i####.####.com/mms/icon/v1/e/c9/416399feb42201e0574bb6706801ec9e_256_256...
  • i####.####.com/mms/icon/v1/f/3a/45d2cc33255563ff88b159d35b6f63af_256_256...
  • i####.####.com/mms/icon/v1/7/5b/0aa9cd982e216675dc6188088dd825b7_256_256...
  • c####.####.com/3/i/com.netease.newsreader.activity/46268/1824472.gif?ast...
  • i####.####.com/mms/icon/v1/e/d0/03a49009c73496fb8ba6f779fec99d0e_256_256...
  • c####.####.com/3/i/com.achievo.vipshop/44890/1781614.gif?ast=####
  • i####.####.com/mms/icon/v1/9/53/afda4130b9a6e753aa506a9ee57cb539_256_256...
  • c####.####.com/3/i/com.kugou.android/36862/1332078.gif?ast=####
  • a####.####.com/v3/autoInstall?deviceModel=####&opt_fields=####&udid=####...
  • i####.####.com/mms/icon/v1/3/89/9f5f869c0b6a14d5132550176c761893_256_256...
  • i####.####.com/mms/icon/v1/9/9a/16346cae8f55efb39d87ae6b1ba859a9_256_256...
  • i####.####.com/mms/icon/v1/e/b9/0f4a6b8d491f68d4cb82a5acbc5dcb9e_256_256...
  • i####.####.com/mms/icon/v1/6/91/a68fff4fbedd920b1883a51e67479916_256_256...
  • t####.####.com/upload/test/ic_games_48.png
  • i####.####.com/mms/icon/v1/1/67/a8c66bf31682c2b9b7b768947a9c2671_256_256...
  • i####.####.com/mms/icon/v1/3/2e/447508ef74bf05f219d96584a8e7a2e3_256_256...
  • i####.####.com/mms/icon/v1/c/d7/33e5b60660b555fcdb7566211e291d7c_256_256...
  • i####.####.com/mms/icon/v1/f/ff/73ac16eb8b7ae36d48fecf3555fabfff_256_256...
  • i####.####.com/mms/icon/v1/f/1a/731f111cffe98b5a62297ea789a931af_256_256...
  • c####.####.com/3/i/com.tuniu.app.ui/32154/1119446.gif?ast=####
  • start####.####.com/five/v1/nux/essentials/onboard_games?max=####&checked...
  • i####.####.com/mms/icon/v1/0/ee/3274931261b34b304ffa227d9deedee0_256_256...
  • i####.####.com/mms/icon/v1/1/d2/455196bfcfa3f65ef133646b0fa5bd21_256_256...
  • i####.####.com/mms/icon/v1/d/6d/01b745f366f6f51d978a9322623286dd_256_256...
  • i####.####.com/mms/icon/v1/d/f3/97951ba793cf52f9122b14ade8839f3d_256_256...
  • c####.####.com/3/i/com.meelive.ingkee/35862/1293932.gif?ast=####
  • start####.####.com/five/v1/nux/essentials/onboard_read?max=####&checkedC...
  • c####.####.com/3/i/com.wuba.zhuanzhuan/41500/1626480.gif?ast=####
  • i####.####.com/mms/icon/v1/3/cd/716d06023a56c9530a9a08cf3aeaccd3_256_256...
  • i####.####.com/mms/icon/v1/2/6c/7f0626ce49524797be65edaccd5d36c2_256_256...
  • i####.####.com/mms/icon/v1/1/62/3848afed6c763f46f03b5311408a3621_256_256...
  • start####.####.com/config/index.php?f=####&v=####&u=####&vc=####&ch=####...
  • c####.####.com/3/i/com.sohu.sohuvideo/11345/79771.gif?ast=####
  • i####.####.com/mms/icon/v1/3/1d/84e229a37c1f31c05f699313fd1811d3_256_256...
  • a####.####.com/five/v1/index?format=####&apiVersion=####&netStatus=####&...
  • c####.####.com/3/i/com.Qunar/46018/1813872.gif?ast=####
  • c####.####.com/3/i/com.china3s.android/36672/1325766.gif?ast=####
  • i####.####.com/mms/icon/v1/5/0b/88b5337e488eabb2076e965de69fa0b5_256_256...
  • start####.####.com/five/v3/channel?launchedAge=####&id=####&v=####&utdid...
  • i####.####.com/mms/icon/v1/c/31/09a383eddd20489504d1f2226579331c_256_256...
  • i####.####.com/mms/icon/v1/f/28/2db4d9d5a8d3c8f3dfa0cb74fb40f28f_256_256...
  • i####.####.com/mms/icon/v1/4/17/0e1554f2cea053842a392b0f16b36174_256_256...
  • i####.####.com/mms/icon/v1/c/c8/f6b0e6e947cb2bcbf8f4f220ca6dec8c_256_256...
  • i####.####.com/mms/icon/v1/7/e5/ea56bcaad7c26d34259718b013564e57_256_256...
  • i####.####.com/mms/icon/v1/e/9a/b3603f0c173802ddd5f2e56174c3e9ae_256_256...
  • i####.####.com/mms/icon/v1/c/32/92b063a1204c6c453754fa00461fe32c_256_256...
  • i####.####.com/mms/icon/v1/c/1a/f8aa7c38df4d6511fa36d13dfc5cd1ac_256_256...
  • t####.####.com/upload/test/ic_like_48.png
  • c####.####.com/3/i/com.sogou.toptennews/36588/1318248.gif?ast=####
  • i####.####.com/mms/icon/v1/0/bb/8acfc51b7eec3ccf076d3565194ccbb0_256_256...
  • c####.####.com/3/i/com.qq.reader/44138/1748920.gif?ast=####
  • i####.####.com/mms/icon/v1/0/4c/68109f26ea995535fe42477cad5614c0_256_256...
  • i####.####.com/mms/icon/v1/d/6e/fb7cf1338f284c2439fbe5b3a0df56ed_256_256...
  • i####.####.com/mms/icon/v1/9/93/e664d185cb3970ecbc081ac92e079939_256_256...
  • start####.####.com/five/v1/nux/essentials/onboard_out?max=####&checkedCo...
  • i####.####.com/mms/icon/v1/2/dd/ac48c8c6878ee0711e0838d640924dd2_256_256...
  • a####.####.com/five/v2/al/config
  • i####.####.com/mms/icon/v1/2/15/68107f058efa7de85690b91dd65ac152_256_256...
  • i####.####.com/mms/icon/v1/d/15/c982982da1ffd7e45eb0b1d57d6f515d_256_256...
  • i####.####.com/mms/icon/v1/1/e6/3cffd521121d84b875eb1ce2b0b25e61_256_256...
  • i####.####.com/mms/icon/v1/1/64/41bd0778267f6fd23f3d4216e604a641_256_256...
  • i####.####.com/mms/icon/v1/0/30/3d0e1fe468b53fd1f7bcf03c76376300_256_256...
  • i####.####.com/mms/icon/v1/c/41/76574e3cd9f2195d61049aa64348c41c_256_256...
  • i####.####.com/mms/icon/v1/5/d4/99e9115e5d5041b56efbc74aba6f8d45_256_256...
  • i####.####.com/mms/icon/v1/a/2a/a2ef73e2ca9b0324496d22e4077d82aa_256_256...
  • i####.####.com/mms/icon/v1/4/c6/e3ff9923c44e59344e8b9aa75e948c64_256_256...
  • t####.####.com/upload/test/ic_relax_48.png
  • t####.####.com/upload/test/ic_shop_48.png
  • c####.####.com/3/i/com.tencent.qqpimsecure/2330/72887.gif?ast=####
  • i####.####.com/mms/icon/v1/c/f0/5898c35b2a3cc7acb373650823bc4f0c_256_256...
  • i####.####.com/mms/icon/v1/2/b7/0e3d80eb67b241ae55771cedf9122b72_256_256...
  • i####.####.com/mms/icon/v1/1/88/58f0fe7cd0697f4c2189e22152e24881_256_256...
  • t####.####.com/upload/test/ic_read_48.png
  • i####.####.com/mms/icon/v1/f/e6/176fe1b7d098fe467ae0dde4aac9ee6f_256_256...
  • c####.####.com/3/i/com.qihoo360.mobilesafe/46748/1835586.gif?ast=####
  • i####.####.com/mms/icon/v1/6/de/cb778efedec00d5e5792427375c9bde6_256_256...
  • c####.####.com/3/i/com.youku.phone/45156/1788268.gif?ast=####
  • i####.####.com/mms/icon/v1/e/dd/e9700fbb23f4ca926ffd028ffb6acdde_256_256...
  • i####.####.com/mms/icon/v1/e/e9/a39c1c63a427e8319c4176877b9dae9e_256_256...
  • i####.####.com/mms/icon/v1/6/4e/01602a98d5813728b8cc200e994de4e6_256_256...
  • i####.####.com/mms/icon/v1/e/00/f6769c7b8ffa3dd62dc7147cd5fc900e_256_256...
  • c####.####.com/3/i/com.baomu51.android/30265/996625.gif?ast=####
  • c####.####.com/3/i/com.ifeng.news2/12395/96705.gif?ast=####
  • a####.####.com/five/v1/search/hint?format=####&pattern=####&udid=####&ti...
  • i####.####.com/mms/icon/v1/4/97/4b8356b706e0048b4ca9677c426c3974_256_256...
  • i####.####.com/mms/icon/v1/7/ed/15891412e00a12fdec0bbe290b42ced7_256_256...
  • c####.####.com/3/i/com.bokecc.dance/45552/1799814.gif?ast=####
  • i####.####.com/mms/icon/v1/6/b9/8fd069146bde06a5c0a614752b572b96_256_256...
  • c####.####.com/3/i/ctrip.android.view/65/88123.gif?ast=####
  • c####.####.com/3/i/com.tencent.mtt/8627/72899.gif?ast=####
  • start####.####.com/five/v1/nux/index?udid=####&id=####&launchedAge=####&...
  • i####.####.com/mms/icon/v1/4/2e/9c4b7e2dc4e7a69f4cb9059986f932e4_256_256...
  • c####.####.com/3/i/com.job.android/15409/148683.gif?ast=####
  • i####.####.com/mms/icon/v1/d/df/860eea4f20fe5f8c27d644185848ddfd_256_256...
  • c####.####.com/3/i/com.secoo/42268/1661062.gif?ast=####
  • start####.####.com/five/v1/nux/essentials/onboard_apps?max=####&checkedC...
  • i####.####.com/mms/icon/v1/a/75/77bd2868b4197a1491725e128c4a475a_256_256...
  • c####.####.com/3/i/com.ophone.reader.ui/18939/1065210.gif?ast=####
  • i####.####.com/mms/icon/v1/3/3f/a47632184fc7a372e7090a7e4afea3f3_256_256...
  • start####.####.com/five/v3/tabs/welcome?udid=####&id=####&launchedAge=##...
  • i####.####.com/mms/icon/v1/0/3c/930657142e508b8a79f68efb9bce63c0_256_256...
  • start####.####.com/five/v3/tabs/explore?pos=####&forcePageName=####&udid...
  • i####.####.com/mms/icon/v1/5/17/47249c7acacfc876bc8d82db48b4c175_256_256...
  • i####.####.com/mms/icon/v1/a/de/328c819bdd56fa7a0e69c920ba6d1dea_256_256...
  • i####.####.com/mms/icon/v1/2/26/7e5bea451dfac4e68461d2cd756af262_256_256...
  • c####.####.com/3/i/com.qq.ac.android/30949/1028221.gif?ast=####
  • i####.####.com/mms/icon/v1/6/f8/61e3cb7e042b7b3c004ecae8ee153f86_256_256...
  • i####.####.com/mms/icon/v1/4/89/fe7330e6ca2f2312425c8c57e7dc8894_256_256...
  • i####.####.com/mms/icon/v1/0/d3/5135ae2f12997bef816be6bca4fd2d30_256_256...
  • start####.####.com/five/v3/tabs/explore?start=####&max=####&sessionId=##...
  • i####.####.com/mms/icon/v1/9/c6/32a87b77092b452a07248b249e164c69_256_256...
HTTP POST requests:
  • a####.####.com/v2/update
  • g####.####.com/cr/sv/getEPList
  • a####.####.com/amdc/mobileDispatch?appkey=####&platform=####&v=####&devi...
  • l####.####.com/muce/data/proxy?profile=####&vc=####&vn=####&gzip=####&en...
Modified file system:
Creates the following files:
  • /data/data/####/cache/ImageCache/volley/-44306006-279375699
  • /data/data/####/shared_prefs/ACCS_SDK_CHANNEL.xml
  • /data/data/####/cache/ImageCache/volley/1982928714262461985
  • /data/data/####/shared_prefs/wan-user-prefs.xml
  • /data/data/####/shared_prefs/Alvin2.xml
  • /sdcard/wandoujia/.config/.udid
  • /data/data/####/cache/ImageCache/volley/1777087184-1529782736
  • /data/data/####/databases/message_accs_db-journal
  • /data/data/####/databases/webviewCookiesChromium.db-journal
  • /data/data/####/shared_prefs/pref_id_pref_app_launcher.xml
  • /data/data/####/cache/ImageCache/volley/-436485528-2021775163
  • /data/data/####/cache/ImageCache/volley/1983466367-865040213
  • /data/data/####/shared_prefs/Wandoujia-PaySdk-100000225.xml
  • /data/data/####/cache/ImageCache/volley/1340817341-1466772810
  • /data/data/####/cache/ImageCache/volley/847489022-1313082093
  • /data/data/####/databases/accs.db-journal
  • /data/data/####/shared_prefs/multidex.version.xml
  • /data/data/####/shared_prefs/5.24.1.xml
  • /data/data/####/cache/ImageCache/volley/351008761743897561
  • /data/data/####/shared_prefs/ffc1d42b1ca5e3db2657d00b91997f6a.xml
  • /data/data/####/databases/webview.db-journal
  • /data/data/####/databases/downloads.db-journal
  • /data/data/####/cache/ImageCache/volley/-246238639-150410206
  • /data/data/####/shared_prefs/log_modulev3.xml.bak
  • /data/data/####/cache/ImageCache/volley/11909956321882902246
  • /sdcard/wandoujia/cache/volley-api/5098846311618340798
  • /data/data/####/cache/ImageCache/volley/-535510432221802153
  • /data/data/####/files/gaClientId
  • /data/data/####/cache/ImageCache/volley/3100164601093026368
  • /data/data/####/shared_prefs/####.config.xml
  • /sdcard/wandoujia/cache/volley-api/-1944442682757968101
  • /data/data/####/shared_prefs/app_md5s.xml
  • /data/data/####/shared_prefs/Wandoujia-PaySdk-100000225.xml.bak
  • /data/data/####/cache/ImageCache/volley/17278726101218589586
  • /data/data/####/cache/ImageCache/volley/-1466896332103552429
  • /data/data/####/cache/ImageCache/volley/-246238639-591460381
  • /data/data/####/files/1493299009687_cgr.so
  • /data/data/####/cache/ImageCache/volley/10952931587231276
  • /data/data/####/cache/ImageCache/volley/1337123181-345857859
  • /data/data/####/cache/ImageCache/volley/841441315303628422
  • /data/data/####/cache/ImageCache/volley/2127475950442222264
  • /data/data/####/databases/64bd8c52887efcb311f1ea477634d92b_aysnc_downloader.db-journal
  • /data/data/####/files/hftJcw46N.jar
  • /data/data/####/cache/ImageCache/volley/1380676348-1352188208
  • /data/data/####/cache/ImageCache/volley/-1283651942-1969933442
  • /data/data/####/cache/ImageCache/volley/847457508-1113558670
  • /data/data/####/cache/ImageCache/volley/-5840711711775061577
  • /data/data/####/cache/ImageCache/volley/-1677507201774132290
  • /data/data/####/cache/ImageCache/volley/1342186115-715735533
  • /data/data/####/cache/ImageCache/volley/11983839211748242965
  • /data/data/####/files/wastat/wa/sv/1/11qspevdu_1493299010553002062.wa
  • /data/data/####/cache/ImageCache/volley/3048327451675678233
  • /data/data/####/cache/ImageCache/volley/1985341724488914211
  • /data/data/####/shared_prefs/com.google.android.gms.analytics.prefs.xml.bak
  • /data/data/####/shared_prefs/ACCS_LOAD_SO.xml
  • /data/data/####/cache/ImageCache/volley/1193289816-1440660736
  • /data/data/####/cache/ImageCache/volley/-41505869-753489582
  • /sdcard/.UTSystemConfig/Global/Alvin2.xml
  • /sdcard/wandoujia/cache/volley-api/-482052067-925924754
  • /data/data/####/cache/ImageCache/volley/1774315153-719071426
  • /data/data/####/shared_prefs/LogMonitor_####.xml
  • /data/data/####/shared_prefs/com.google.android.gms.analytics.prefs.xml
  • /data/data/####/cache/ImageCache/volley/-2462386391764247795
  • /data/data/####/cache/ImageCache/volley/177744480669459167
  • /data/data/####/cache/ImageCache/volley/1939106279-1343484161
  • /data/data/####/cache/ImageCache/volley/-16281136171582969534
  • /data/data/####/cache/ImageCache/volley/2031471938945798
  • /data/data/####/cache/ImageCache/volley/-395820613-918902842
  • /sdcard/wandoujia/cache/volley-api/1229253415-1814840862
  • /data/data/####/cache/ImageCache/volley/1379693042-1325761146
  • /data/data/####/cache/ImageCache/volley/-393495472448908066
  • /data/data/####/cache/ImageCache/volley/-13202340721020725103
  • /data/data/####/cache/ImageCache/volley/-583117783149097844
  • /data/data/####/cache/ImageCache/volley/1943306737139767168
  • /data/data/####/cache/ImageCache/volley/19375868011847034173
  • /data/data/####/shared_prefs/log_modulev3.xml
  • /data/data/####/cache/ImageCache/volley/-13248234051783616760
  • /data/data/####/cache/ImageCache/volley/-16772091851747859095
  • /sdcard/wandoujia/cache/volley-api/-350342250-1055925377
  • /data/data/####/cache/ImageCache/volley/-392096951-1172619550
  • /sdcard/wandoujia/cache/volley-api/1285647769-141193216
  • /data/data/####/shared_prefs/update_config.xml
  • /data/data/####/cache/ImageCache/volley/-14245647191999165205
  • /data/data/####/cache/ImageCache/volley/-1423522019156789276
  • /data/data/####/cache/ImageCache/volley/305785933-1395565220
  • /data/data/####/cache/ImageCache/volley/-1465020863-1764864456
  • /data/data/####/cache/ImageCache/volley/11975215352001692838
  • /data/data/####/files/sp.lock
  • /data/data/####/databases/WaValue.db-journal
  • /data/data/####/cache/ImageCache/volley/1378860491-1702948860
  • /data/data/####/cache/ImageCache/volley/-2462386391890702659
  • /sdcard/wandoujia/cache/volley-api/-599548294-425350605
  • /data/data/####/cache/ImageCache/volley/-1321753408-1916911100
  • /sdcard/Android/data/.nomedia
  • /sdcard/Android/data/####/cache/64bd61d1a92d46f4a50d62c2fc221690
  • /data/data/####/cache/ImageCache/volley/1940029712419213169
  • /data/data/####/cache/ImageCache/volley/-1630467288-181981686
  • /data/data/####/cache/ImageCache/volley/-1469310783-367573353
  • /sdcard/wandoujia/.config/shared_settings
  • /data/data/####/shared_prefs/Agoo_AppStore.xml
  • /data/data/####/cache/ImageCache/volley/-434123341596654176
  • /data/data/####/databases/download_manager.db-journal
  • /sdcard/wandoujia/cache/volley-api/-1287539050-1347782181
  • /data/data/####/cache/ImageCache/volley/-1815529968-702583905
  • /data/data/####/shared_prefs/####.accessibility.xml
  • /data/data/####/databases/jupiter-log.db-journal
  • /data/data/####/cache/ImageCache/volley/-5387592011667974059
  • /data/data/####/shared_prefs/####.xml
  • /data/data/####/cache/ImageCache/volley/-1772541684244767230
  • /data/data/####/cache/ImageCache/volley/-5355700471988731238
  • /data/data/####/cache/ImageCache/volley/-14239390452135267072
  • /data/data/####/cache/ImageCache/volley/8903270422141893398
  • /data/data/####/cache/ImageCache/volley/12371434841046191000
  • /data/data/####/cache/ImageCache/volley/8899993091224691778
  • /data/data/####/databases/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/cache/ImageCache/volley/-395493028-231595192
  • /data/data/####/cache/ImageCache/volley/1775894025687940779
  • /data/data/####/code_cache/secondary-dexes/####-1.apk.classes432996233.zip
  • /data/data/####/cache/ImageCache/volley/3067406401782423392
  • /data/data/####/files/DaemonServer
  • /data/data/####/shared_prefs/####.xml.bak
  • /data/data/####/cache/ImageCache/volley/-447514701873892795
  • /data/data/####/cache/ImageCache/volley/12393763201566154440
  • /data/data/####/cache/ImageCache/volley/-9308267101557788528
  • /data/data/####/cache/ImageCache/volley/27338651949286127
  • /data/data/####/shared_prefs/####_preferences.xml
  • /data/data/####/shared_prefs/ACCS_SDK.xml
  • /data/data/####/cache/ImageCache/volley/-14670467131588670250
  • /data/data/####/databases/gamelauncher.db-journal
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • /data/data/####/databases/localapps.db-journal
  • /data/data/####/cache/ImageCache/volley/-578083103-1870198569
  • /data/data/####/files/splash_ad_cache
  • /data/data/####/cache/ImageCache/volley/-14669871071945837772
  • /data/data/####/databases/google_analytics_v4.db-journal
  • /data/data/####/cache/ImageCache/volley/-1818835472700361545
  • /sdcard/.DataStorage/ContextData.xml
  • /data/data/####/cache/ImageCache/volley/20788570082077758376
  • /data/data/####/cache/ImageCache/volley/2078499391-1198541867
  • /data/data/####/cache/ImageCache/volley/21255097461848166825
  • /data/data/####/cache/ImageCache/volley/-17767420751307219674
  • /data/data/####/cache/ImageCache/volley/-16771199081508158694
  • /data/data/####/cache/ImageCache/volley/1982481990-1036217534
  • /data/data/####/shared_prefs/ContextData.xml
  • /data/data/####/files/.storage/shared_settings
  • /data/data/####/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db-journal
  • /data/data/####/cache/ImageCache/volley/-1279987764-1821000092
  • /data/data/####/cache/ImageCache/volley/407698811-638257375
  • /data/data/####/shared_prefs/pref_id_pref_start_page.xml.bak
  • /data/data/####/cache/ImageCache/volley/-1280492767-983872323
  • /data/data/####/cache/ImageCache/volley/-1675362234-848147982
  • /data/data/####/shared_prefs/pref_id_pref_start_page.xml
  • /data/data/####/files/agoo.pid
  • /data/data/####/cache/ImageCache/volley/-246238639-18305118
  • /data/data/####/shared_prefs/####_preferences.xml.bak
  • /data/data/####/shared_prefs/tab_visit_pref.xml
  • /data/data/####/databases/message_accs_db
  • /data/data/####/shared_prefs/wan-user-prefs.xml.bak
  • /data/data/####/shared_prefs/ACCS_SDK_CHANNEL.xml.bak
  • /data/data/####/cache/ImageCache/volley/1775238745-1873170841
  • /data/data/####/files/1493299017643.jar
  • /data/data/####/cache/ImageCache/volley/1737643931-1302990115
  • /data/data/####/cache/ImageCache/volley/-443360692041825085
Sets the 'executable' attribute to the following files:
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • /data/data/####/files/DaemonServer
Miscellaneous:
Executes next shell scripts:
  • sh -c rm /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • getenforce
  • /system/bin/dexopt --dex 27 43 40 4442236 /data/data/####/code_cache/secondary-dexes/####-1.apk.classes2.zip 1233680475 2066813897 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncyc
  • chmod 500 /data/data/####/files/DaemonServer
  • sh /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h 29ce0603b5dd4e3b8a699e8d20fdbdb5 /data/data/####/.syslib-
  • app_process /system/bin com.android.commands.pm.Pm list packages
  • chmod 777 /data/local/tmp
  • rm /data/data/####/files/hftJcw46N.dex
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • chmod 666 /data/local/tmp/.wdj_config/shared_settings
  • sh -c rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • sh -c rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • rm -f /data/data/####/files/hftJcw46N.dex
  • chmod 0771 /data/data/####/.syslib-
  • /system/bin/dexopt --dex 27 105 40 12256 /data/data/####/files/hftJcw46N.jar 1232566089 1144324189 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framew
  • sh -c rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h 29ce0603b5dd4e3b8a699e8d20fdbdb5 /data/data/####/.syslib-
  • sh -c rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • rm /data/data/####/files/hftJcw46N.jar
  • rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • /data/data/####/files/DaemonServer -s /data/data/####/lib/ -n runServer -p startservice -n ####/com.taobao.accs.ChannelService --user 0 -f /data/data/#### -t 600 -c agoo.pid -P /data/
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • sh
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • /system/bin/dexopt --dex 27 130 40 66944 /data/data/####/files/1493299017643.jar 1251052727 1662001824 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fr
  • sh -c rm /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • rm -f /data/data/####/files/hftJcw46N.jar
  • rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • chmod 777 /data/local/tmp/.wdj_config/
Contains functionality to send SMS messages automatically.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play