JavaScript support is required for our site to be fully operational in your browser.
Android.Packed.21119
Added to the Dr.Web virus database:
2017-05-02
Virus description added:
2017-05-02
Technical information
Malicious functions:
Executes code of the following detected threats:
Android.Triada.256.origin
Android.Triada.38.origin
Android.Triada.170.origin
Network activity:
Connecting to:
j####.####.COM
2y####.####.com
w####.####.com:10081
w####.####.com
j####.####.COM:12956
b####.####.com:10180
HTTP GET requests:
2y####.####.com/N9687742244553469
2y####.####.com/N6555212374124793
2y####.####.com/R4562458532240021
2y####.####.com/Z68KL1522154563421
HTTP POST requests:
w####.####.com/OsService/OsStrategy
b####.####.com:10180/device_info/store?time=####&channel=####
w####.####.com:10081/OsService/OsStrategy
j####.####.COM:12956/fsds988d1e7f2c2c/interface.php
j####.####.COM/fsds988d1e7f2c2c/interface.php
Modified file system:
Creates the following files:
/data/data/####/files/Agcr.tmp
/data/data/####/shared_prefs/MainActivity.xml
/data/data/####/databases/download.db-journal
/data/data/####/databases/cc/cc.db
/data/data/####/files/.Ag/Agcr
/data/data/####/databases/cc/cc.db-journal
/data/data/####/files/mySdk.jar
/data/data/####/files/ru
/data/data/####/files/qnhz.png
/data/data/####/shared_prefs/umeng_general_config.xml
/data/data/####/files/sss.pdb
/data/data/####/files/ru.apk
/data/data/####/roms/mario.ss0
/data/data/####/files/vbhq.jar
/data/data/####/shared_prefs/config.xml
/data/data/####/roms/mario.ss6
/data/data/####/shared_prefs/config.xml.bak
/data/data/####/shared_prefs/xapcinfo.xml
/data/data/####/roms/mario.nes
/data/data/####/files/vbhq
Miscellaneous:
Executes next shell scripts:
service call appops 5 i32 15 i32 10044 s16 #### i32 0
service call appops 9 i32 15 i32 10044 s16 #### i32 0
getprop ro.product.cpu.abi
service call appops 3 i32 15 i32 10044 s16 #### i32 0
service call appops 16 i32 15 i32 10044 s16 #### i32 0
service call appops 7 i32 15 i32 10044 s16 #### i32 0
chmod 777 /data/data/####/files/.Ag/Agcr
service call appops 18 i32 15 i32 10044 s16 #### i32 0
cat /proc/version
/system/bin/dexopt --dex 27 44 40 41264 /data/data/####/files/ru.apk 0 1939269736 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.jar /syste
service call appops 10 i32 15 i32 10044 s16 #### i32 0
service call appops 8 i32 15 i32 10044 s16 #### i32 0
chmod 777 /data/data/####/files/.Ag
conbb od2gf04pd9
service call appops 0 i32 15 i32 10044 s16 #### i32 0
service call appops 19 i32 15 i32 10044 s16 #### i32 0
service call appops 2 i32 15 i32 10044 s16 #### i32 0
service call appops 14 i32 15 i32 10044 s16 #### i32 0
cufsdosck ac554db364f
getprop ro.board.platform
service call appops 4 i32 15 i32 10044 s16 #### i32 0
cufsmgr eb47495f7bb
service call appops 6 i32 15 i32 10044 s16 #### i32 0
/system/bin/dexopt --dex 27 45 40 77808 /data/data/####/files/vbhq.jar 1233017485 -877182311 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework
service call appops 1 i32 15 i32 10044 s16 #### i32 0
service call appops 13 i32 15 i32 10044 s16 #### i32 0
/system/bin/dexopt --dex 27 58 40 208900 /data/data/####/files/mySdk.jar 1251311163 2000887099 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framewo
service call appops 11 i32 15 i32 10044 s16 #### i32 0
service call appops 12 i32 15 i32 10044 s16 #### i32 0
sh
service call appops 17 i32 15 i32 10044 s16 #### i32 0
service call appops 15 i32 15 i32 10044 s16 #### i32 0
Contains functionality to send SMS messages automatically.
Curing recommendations
Android
If the mobile device is operating normally, download and install Dr.Web for Android Light . Run a full system scan and follow recommendations to neutralize the detected threats.
If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
Switch off your device and turn it on as normal.
Find out more about Dr.Web for Android
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細
OK