ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.Packed.21366

Added to the Dr.Web virus database: 2017-05-10

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Mixi.16.origin
Network activity:
Connecting to:
  • s####.####.com
  • 2####.####.69:806
  • g####.####.com
  • lydownl####.####.com
  • 4####.####.83:8091
  • 2####.####.69
  • 1####.####.225
  • i####.####.cn
HTTP GET requests:
  • lydownl####.####.com/video/image2/ca2dda1fa683cae0d8c1b327a7a25786.jpg
  • lydownl####.####.com/video/api/pinglun_text.dat
  • lydownl####.####.com/video/image2/67e0979b47223bcfef6e947393b5f462.jpg
  • lydownl####.####.com/video/image2/3b9c1f4d217c0f14829cb36d07f1d9d4.jpg
  • lydownl####.####.com/video/image2/2bd8d052b6a6ad8a882927b7e1c659e4.jpg
  • lydownl####.####.com/video/image2/ad96fb61ceabe428314d7503fe39d8cc.jpg
  • lydownl####.####.com/video/image2/d78db6297ed48ee4da14765432cfec7e.jpg
  • lydownl####.####.com/video/image2/8e3484837a9a75d02b989f79913de259.jpg
  • s####.####.com/cr/sdk/170417/des_V17041703Aj1so32.zip
  • lydownl####.####.com/video/image2/ab80dac3f9905d86b4a33c91ed519175.jpg
  • lydownl####.####.com/video/image2/f74344c4a62ff43ce5351916d005d98a.jpg
  • lydownl####.####.com/video/image2/17d98aec62f53183aa46afa549a3cd1c.png
  • lydownl####.####.com/video/image2/c012609036318cbc879805a0a16bccaf.jpg
  • lydownl####.####.com/video/image2/4188795f09f75e07b777cad4901a0b96.jpg
  • lydownl####.####.com/video/image2/d6f072d676cdf6efb0820632ebc76ada.jpg
  • lydownl####.####.com/video/image2/1e6337ccb84cbebc59dc9256747ce5f4.jpg
  • lydownl####.####.com/video/image2/ea29485a0fab373ce9adc4fa88be174b.jpg
  • lydownl####.####.com/video/image2/710b5927190576d532e95dfffe4bd3ef.jpg
  • lydownl####.####.com/video/image2/0305ee4bf43d94be5110486fb925e920.png
  • lydownl####.####.com/video/image2/843adb483347c3f0f45b5ddf7073cbcb.png
  • lydownl####.####.com/video/image2/0269eaca34aa6661df0745635854bd50.jpg
  • lydownl####.####.com/video/image2/e7c6c6b1f4028e135b2ff8ee3b7ca726.jpg
  • lydownl####.####.com/video/image2/7e4b9c70af2921efd85d70512c886c71.jpg
  • lydownl####.####.com/video/image2/001cb6491687dfc6703b104fe3e42072.jpg
  • lydownl####.####.com/video/image2/960cfaf74e91145da0c229ebacac4e8d.jpg
  • lydownl####.####.com/video/image2/8d88a8f9b6f24bef7d3c122c4a45e9dc.jpg
  • lydownl####.####.com/video/image2/d631ff6fbbf278699e37a11c60888455.jpg
  • g####.####.com/cr/sv/getGoFile?name=####
  • lydownl####.####.com/video/image2/20014945ba31af8a09affb61c9ebb03b.jpg
  • lydownl####.####.com/video/image2/c11102aa27947b17e1acc50bec9ccd96.jpg
  • lydownl####.####.com/video/image2/a327b7843465fc181583a717a8b04985.jpg
  • lydownl####.####.com/video/image2/100caf4c81e924a86d9de93320cf1da5.jpg
  • lydownl####.####.com/video/image2/ac7e8df6f8bc010f5dfd7a44e8e4594a.jpg
  • lydownl####.####.com/video/image2/6f6d7d2b9df54d1302c7fd5f73c8a61f.jpg
  • lydownl####.####.com/video/image2/4077f13ab7648e4b478557ccab3ace77.jpg
  • lydownl####.####.com/video/image2/a2ba0a1b81fabbf8dff825c3e7311419.jpg
  • lydownl####.####.com/video/UI2/kaiping2.jpg
  • lydownl####.####.com/video/image2/84fbe1961ef52455f944c28131f91766.jpg
  • lydownl####.####.com/video/image2/75283295265733fae567b9c45bb953ce.jpg
  • lydownl####.####.com/video/image2/cb218380e77ebcda9b0e74e4ab684783.png
  • lydownl####.####.com/video/image2/b26f9ee16d750762f106dff900c132a4.jpg
  • lydownl####.####.com/video/image2/e49b760fb48e1f35089b2afd68c72226.jpg
  • lydownl####.####.com/video/image2/c2ff39269a91e4e5a3e2fa34ce490d0e.jpg
  • lydownl####.####.com/video/image2/b7918356b8a8063c85f36a67de63284c.jpg
  • lydownl####.####.com/video/image2/12756d25f3b40fe8dcbfb3e1d3a51e2c.jpg
  • lydownl####.####.com/video/image2/cb44a8420e22730586c1079d237bfd26.jpg
  • lydownl####.####.com/video/image2/9c40164b256b5fd7069abe46aac712c9.jpg
  • lydownl####.####.com/video/image2/41b4d73fc0b521eb6d369c141a86b57b.jpg
  • lydownl####.####.com/video/image2/99264f1e617e2989781bbcce8d3ff8f5.jpg
  • lydownl####.####.com/video/video/b1fb72c63a24ce3cb4eea10be2fe8fae.mp4
  • lydownl####.####.com/video/image2/d34c5a41999d372ff626b581529d340b.jpg
  • lydownl####.####.com/video/image2/f2f52333cd08fdac3a04e38bde0f1971.jpg
  • lydownl####.####.com/video/image2/d5bd516158439b3f803e40194cc00296.jpg
  • lydownl####.####.com/video/image2/d0a1fe1cda9085ce408485ba10c11faa.jpg
  • lydownl####.####.com/video/image2/fa8242276a9a6e077c4e8fe2aec40188.jpg
  • lydownl####.####.com/video/image2/01a45484837cb747a16448ba61682298.jpg
  • lydownl####.####.com/video/image2/ded52696adcb608f1f14ec4db6e6dd0e.jpg
  • lydownl####.####.com/video/image2/22c7dec1ad5c5291e4e78ef57e7b0e12.jpg
  • lydownl####.####.com/video/image2/49193275756e0fac61a52a1004566b65.jpg
  • lydownl####.####.com/video/image2/cff9ef52ec8529120a4ae6517499347b.jpg
  • lydownl####.####.com/video/image2/87083ada34eef56cc2c7f1e5c964619c.jpg
  • lydownl####.####.com/video/image2/05574274d31c0b8c8d3b07b29fd64339.png
  • lydownl####.####.com/video/image2/f887dfeabbc2b1250300bec0574ccbfa.jpg
  • lydownl####.####.com/video/image2/8cd654bfb655969e6468da744a65a56a.jpg
  • lydownl####.####.com/video/image2/38654830c334bb7babda42d27f7a4fe2.jpg
  • lydownl####.####.com/video/image2/4d24df3f7aa3932ef2e931f42513a141.jpg
  • lydownl####.####.com/video/image2/1d152211e7522fa07f290af137b11e92.png
  • lydownl####.####.com/video/image2/fbef6192ab2482af494dd406192c5851.jpg
  • lydownl####.####.com/video/image2/3269b06974dd7943ebc2bfdef0ba5d43.jpg
  • lydownl####.####.com/video/image2/873dd3150c11b4498c7b7bcdc024463d.jpg
  • i####.####.cn/iplookup/iplookup.php?format=####
  • lydownl####.####.com/video/image2/3b494c3ec1fd89741b8e712dbb62f222.png
  • lydownl####.####.com/video/image2/7940ce970281e864a1bc828df084c961.png
  • lydownl####.####.com/video/image2/dde6c752112f00937aa6e590cd1fa5e1.jpg
  • lydownl####.####.com/video/image2/002c8e2d34d82467b73e7fa693eb00ed.jpg
  • lydownl####.####.com/video/image2/f2ecf2f20ffd00ae64e63419e9c6cc7e.png
  • lydownl####.####.com/video/image2/971086926f10213e264e4a1287d48354.jpg
  • lydownl####.####.com/video/image2/c5925a7f55114671ac2d98fc1c5587e5.jpg
  • lydownl####.####.com/video/image2/dc6125618186044528c73acf57c91c1c.jpg
  • lydownl####.####.com/video/image2/69e0d7f0b2a71001eb32dc3708f71bad.png
  • lydownl####.####.com/video/image2/9c10f35221c7f36bb286a5f6db9c4796.jpg
  • lydownl####.####.com/video/image2/65ff561baa39d1fc010c89fef04d5fc2.jpg
  • lydownl####.####.com/video/image2/0886bb83709e68a084445fa9f301ab8b.png
  • lydownl####.####.com/video/image2/a8e8dadd771e628ee7bf6851be5a8b6d.jpg
  • lydownl####.####.com/video/image2/2062740fe82903e830d306591cee59f1.jpg
  • lydownl####.####.com/video/image2/98f1d4b20ec6d445ec4f4c3ceceb9364.jpg
  • lydownl####.####.com/video/image2/240efe6e7d89efbd62e0bfb097a9d460.jpg
  • lydownl####.####.com/video/image2/2fc3f6d58456efb9b9cb22ab40fb2df8.jpg
  • lydownl####.####.com/video/video/4f3561b29ce9b375cef4a2b43d276d1a.mp4
  • lydownl####.####.com/video/image2/4a9314ce38c82629f8f5821ff9379f04.jpg
  • s####.####.com/cr/sdk/170417/goplaysdk_statistics_all_1704171.dat
  • lydownl####.####.com/video/image2/ac6941313dde9b160e123db9e593b8a0.jpg
  • lydownl####.####.com/video/image2/9cb5349ef12e1107907682445b8fbe4e.jpg
  • lydownl####.####.com/video/image2/784ca04fa008e54b6726773cc64b00cb.jpg
  • lydownl####.####.com/video/image2/14925c939660bde733bc3956f0e94d27.jpg
  • 2####.####.69:806/GetAdvAuthentication?imei=####&iccid=####&province=###...
  • lydownl####.####.com/video/image2/6fc5a7baa8286b2f99cbe274e1098948.jpg
  • lydownl####.####.com/video/image2/82d1c044e2fe6a2629f95f493aa17605.jpg
  • lydownl####.####.com/video/image2/c4ef206b114e6d4f998411019886431d.jpg
  • lydownl####.####.com/video/image2/aae26a83530105d411204725960af7c1.jpg
  • lydownl####.####.com/video/image2/97ef291bdce0ed30ebb547f8ee222023.jpg
  • lydownl####.####.com/video/image2/8bed2cd586e00119d05d36f61b41ad54.jpg
  • lydownl####.####.com/video/image2/96029eb3cf4c941480433daa7d9241cf.jpg
  • 2####.####.69/GetAdvAuthentication?imei=####&iccid=####&province=####&pk...
  • lydownl####.####.com/video/image2/226f826730d2b19894ed282150bb19fb.jpg
  • lydownl####.####.com/video/image2/76842440e5a0834f2c902a460c77afdc.jpg
  • lydownl####.####.com/video/image2/8dc163f4aab643c8992b035410c62b2d.jpg
  • lydownl####.####.com/video/image2/ec174a554a4ab32d151838ffa93a9da9.jpg
  • lydownl####.####.com/video/image2/a328c3887fd14eb7807769d3872f7999.jpg
  • lydownl####.####.com/video/image2/75d76357ecf6b9d3d49a7001d99da60e.jpg
  • lydownl####.####.com/video/image2/3e073a5dc5583c5df8bda660d1999bb2.jpg
  • lydownl####.####.com/video/image2/299b7a40813364a7837389e2c9bada30.jpg
  • lydownl####.####.com/video/image2/db39343b40a7d757f3087e39b33d6921.jpg
  • lydownl####.####.com/video/api/pinglun_head.dat
  • lydownl####.####.com/video/api/AivMainA.dat
  • lydownl####.####.com/video/image2/602261b99e2e3fd8ffba9ab5ed77afd3.jpg
  • lydownl####.####.com/video/image2/96c61a820a55431ccb980596dd570ca1.png
  • lydownl####.####.com/video/image2/dad3daafd6b8db3c3e8be60f32ead6a5.jpg
  • lydownl####.####.com/video/image2/00c7c2aa40fe77ce1df3af5b3db2d259.jpg
  • lydownl####.####.com/video/image2/cd297b75c3d76a63c04dd15dc16c692a.jpg
  • lydownl####.####.com/video/image2/82fed1e9a2966b3cefc21f1687eb09dc.png
  • lydownl####.####.com/video/image2/37b114c26d371be8af2327752963b3f8.jpg
  • lydownl####.####.com/video/image2/b11fdb37cce930b3868e5d53c70a8e18.jpg
  • lydownl####.####.com/video/image2/0351906caf31c7c0fd0887a828d64d1a.jpg
  • lydownl####.####.com/video/image2/ef4943ef4099a6ae6ae9246b27484144.jpg
  • lydownl####.####.com/video/image2/f92e088a7bc86c703fa64851fc2d32aa.jpg
  • lydownl####.####.com/video/image2/17dfaaedc61c915bc7274952df833bfc.png
  • lydownl####.####.com/video/image2/23677183b7482c5d6c354a524ecba0d2.jpg
  • lydownl####.####.com/video/api/pinglun_name.dat
  • lydownl####.####.com/video/image2/d4ae147c8022f7f300b7dd74d9496c06.png
  • lydownl####.####.com/video/image2/1bf10f8dbceed426b047d0ddfeb286c3.jpg
  • lydownl####.####.com/video/config.dat
  • g####.####.com/cr/sv/getRecord?eids=####&appKey=####&flag=####
HTTP POST requests:
  • g####.####.com/cr/sv/getEPList
  • 4####.####.83:8091/mm/online/commitdata
  • 1####.####.225/dreport
Modified file system:
Creates the following files:
  • /sdcard/NndAppAiv_Video/####/picture/3d68a6ac14c4bf31916d244768178f21
  • /sdcard/NndAppAiv_Video/####/picture/5000a1b4c17b9aed9255f1fb2b2588b3
  • /sdcard/NndAppAiv_Video/####/picture/8aeebbcb6e74d429e8efafca1595d20e
  • /sdcard/NndAppAiv_Video/####/picture/509c2ca19afef556d827b89c9727d487
  • /sdcard/NndAppAiv_Video/####/picture/4598b690af39a936a82614cea3601e79
  • /sdcard/NndAppAiv_Video/####/picture/ed03effc66e3fd277a8a29e8407ae2ad
  • /sdcard/NndAppAiv_Video/####/picture/d21207fcab8607cea673bb982f700854
  • /sdcard/NndAppAiv_Video/####/picture/29608f48f1bfade8c867847d437cc287
  • /sdcard/NndAppAiv_Video/####/picture/6a19ef9488e00bb691ce1a121786b64b
  • /data/data/####/shared_prefs/####__save_data__.xml
  • /sdcard/NndAppAiv_Video/####/picture/506b6e49b0c52ebd255cce6a5dc5ff09
  • /sdcard/NndAppAiv_Video/####/picture/d5528f299253b7058eae8b7abeb849a1
  • /sdcard/NndAppAiv_Video/####/picture/bbbf1b8aa1f9f873326b6e7afeebd7b4
  • /data/data/####/shared_prefs/umeng_general_config.xml
  • /sdcard/NndAppAiv_Video/####/file/31816183a86da5bf627f7eed2caa0861.dat
  • /sdcard/NndAppAiv_Video/####/picture/081a1416854389cd512efa2339eae08b
  • /sdcard/NndAppAiv_Video/####/picture/16e5a1cee4a0725cda4cf5c3ba6a2e85
  • /sdcard/NndAppAiv_Video/####/picture/289c354cf9bd5efda9757b95ab6de1b8
  • /sdcard/NndAppAiv_Video/####/picture/6c8486e2797d17de6fb7bff65413e295
  • /sdcard/NndAppAiv_Video/####/picture/ce17fcda3956fc6af3c2909421b87b4c
  • /sdcard/NndAppAiv_Video/####/picture/3ab2fffc66a1dc09ed6236b945b53e32
  • /sdcard/NndAppAiv_Video/####/picture/225fb933e1385b802ceb49a0cae07fbb
  • /sdcard/NndAppAiv_Video/####/file/19199f9e3d339f95e9c6929244b04786
  • /data/data/####/files/mobclick_agent_cached_####145756
  • /data/data/####/shared_prefs/####_preferences.xml.bak
  • /sdcard/NndAppAiv_Video/####/picture/ac32b79c1fd3553404f81f6dca0ee464
  • /sdcard/NndAppAiv_Video/####/picture/7e822e02fca3e3939b5f5d5a34e128b5
  • /sdcard/NndAppAiv_Video/####/picture/bb8f96319562d62797ee9002febfcf07
  • /sdcard/NndAppAiv_Video/####/picture/ceaaaf1dbfc5c5487bb1517f83361c6d
  • /sdcard/NndAppAiv_Video/####/picture/394b2d4d2b4fe142ae0d6605e57b819f
  • /sdcard/NndAppAiv_Video/####/file/19199f9e3d339f95e9c6929244b04786.dat.tmp
  • /sdcard/NndAppAiv_Video/####/picture/44b7a4d4f65063456dde2d7b56000d22
  • /sdcard/NndAppAiv_Video/####/picture/e18bee431688cd6994a3ba57cac8fca1
  • /sdcard/NndAppAiv_Video/####/picture/64771874d4987a9f0be2baeebc729a96
  • /sdcard/NndAppAiv_Video/####/picture/71f39d7213893865ddeb803107cdef62
  • /sdcard/NndAppAiv_Video/####/picture/0254151c7576336e89e813f00665e2fa
  • /sdcard/NndAppAiv_Video/####/picture/24b72b119b512555a9a2e650c942e06e
  • /sdcard/NndAppAiv_Video/####/picture/b43ebf710cc7498148afed821c8a154d
  • /sdcard/NndAppAiv_Video/####/picture/33d617f2e02208782d7ddd34e081f6b2
  • /sdcard/NndAppAiv_Video/####/picture/0b6defbdd48b55a546f2c0b002474f84
  • /sdcard/NndAppAiv_Video/####/picture/637f2a2c6977a374a003c36149b96b9a
  • /sdcard/NndAppAiv_Video/####/picture/0a57a66be99b9dce073340aaaab8240d
  • /data/data/####/files/1493731173223_V17041703Aj1so32.so
  • /sdcard/NndAppAiv_Video/####/picture/344f02d657b4e92435f8771779bfee53
  • /data/data/####/files/hftJcw46N.jar
  • /sdcard/NndAppAiv_Video/####/picture/3b34eab575c00909baece6005ec570f3
  • /sdcard/NndAppAiv_Video/####/picture/b81e002c6cc85f1f837fc2ec3e9dbadd
  • /sdcard/NndAppAiv_Video/####/picture/c6f1b579842da44bd840dcdb45ddeff2
  • /sdcard/NndAppAiv_Video/####/picture/9c0be4605d731572c7a08ddc6710fc18
  • /sdcard/NndAppAiv_Video/####/picture/732ead1a68772e040524709c605bcb34
  • /sdcard/NndAppAiv_Video/####/file/31f4804a17c14991a50429cd49a8db0f.dat.tmp
  • /sdcard/NndAppAiv_Video/####/picture/cf7aca6dd076b8c14b08269d79ecd0c4
  • /sdcard/NndAppAiv_Video/####/file/8be5ebce885d8c3b781f1b74c7f856c1
  • /sdcard/NndAppAiv_Video/####/picture/e988e90d4f740897e73f940ad8429471
  • /sdcard/NndAppAiv_Video/####/picture/e41c9d06e9866452226cbb7d470444f6
  • /sdcard/NndAppAiv_Video/####/picture/75c681dba81814c3cfaedfee3d8c308e
  • /sdcard/NndAppAiv_Video/####/file/19199f9e3d339f95e9c6929244b04786.dat
  • /sdcard/NndAppAiv_Video/####/picture/0690405f61bff898ae0784a9eee59119
  • /sdcard/NndAppAiv_Video/####/picture/fe149acdf1e3e913504243475f5a56b5
  • /sdcard/NndAppAiv_Video/####/picture/e107e7a9aba00b6c15e892b1e16dc298
  • /sdcard/NndAppAiv_Video/####/picture/ccc7bf97ac162360800a5ffb1845e0dd
  • /sdcard/NndAppAiv_Video/####/picture/b03f13c35a8bb51810856ced18a5a045
  • /sdcard/NndAppAiv_Video/####/picture/184491f7d383344cc9a8427fc58199f6
  • /sdcard/NndAppAiv_Video/####/file/31816183a86da5bf627f7eed2caa0861.dat.tmp
  • /sdcard/NndAppAiv_Video/####/picture/057af5bd36af8ae67369e8233111fefb
  • /sdcard/NndAppAiv_Video/####/picture/4c961c5fa3d76380cf51419785398959
  • /sdcard/NndAppAiv_Video/####/picture/ac9ae5e8f59b1e9174d62acadcc70bce
  • /sdcard/NndAppAiv_Video/####/picture/f8228dfc2f4a47f5fae8b7dae990c580
  • /sdcard/NndAppAiv_Video/####/picture/62b9d8806c98f4bc8c4d382b9190ee13
  • /sdcard/NndAppAiv_Video/####/picture/c52a54944d114dd07f1b77431da32fa2
  • /sdcard/NndAppAiv_Video/####/picture/1d9f24becbd5c50b2beb212b5a383791
  • /data/data/####/app_file_dex/MasterControl.jar
  • /sdcard/NndAppAiv_Video/####/picture/4b0bdfdfc75889951dca38bc277c082d
  • /sdcard/NndAppAiv_Video/####/picture/66bd471fb8da4bbed05dde707e3ba88e
  • /sdcard/NndAppAiv_Video/####/picture/7603c9afcb58f839eb0a18ff90191a01
  • /sdcard/NndAppAiv_Video/####/picture/d1a35a37af099437038fc3e356427a8e
  • /data/anr/traces.txt
  • /sdcard/NndAppAiv_Video/####/picture/f15466e9c06a902b162f0ec10329b27b
  • /data/data/####/databases/cc/cc.db-journal
  • /sdcard/NndAppAiv_Video/####/picture/383ca030ba777672a0d7d1c43c3ea739
  • /sdcard/NndAppAiv_Video/####/picture/3ad7240c89bba85b3f64f13f780efb39
  • /data/data/####/files/ubv2DB8520H4/5ubv2DB8520H46
  • /sdcard/NndAppAiv_Video/####/picture/dd11ad2e8287d3d1a75f4e601a259dbe
  • /sdcard/NndAppAiv_Video/####/picture/cb581979c8a3d5971f406a5cdec598c0
  • /sdcard/NndAppAiv_Video/####/picture/4bbaa3a85d179d06fda67e6dc7944b19
  • /sdcard/NndAppAiv_Video/####/picture/41275665f84a47ca6ee22774fa4dfc71
  • /sdcard/NndAppAiv_Video/####/protocol/03d7cf0c81a14849a57ca653d75a4b06
  • /sdcard/NndAppAiv_Video/####/picture/41f00cc590144c67b40c55f9ed4b7a2d
  • /sdcard/NndAppAiv_Video/####/picture/51e0aa4476e0411e1dd82704c67e0832
  • /sdcard/NndAppAiv_Video/####/picture/ffa7c1b3f7847e4515720b73148026cc
  • /sdcard/NndAppAiv_Video/####/file/31f4804a17c14991a50429cd49a8db0f.dat
  • /sdcard/NndAppAiv_Video/####/picture/ab0bf84611af4c259ac1b32256be0875
  • /sdcard/NndAppAiv_Video/####/picture/cf6e3a505ea029e8de30ad8d81fa295f
  • /sdcard/NndAppAiv_Video/####/file/7a497b93b8467f6f27d2ff5fbfbf3355
  • /sdcard/NndAppAiv_Video/####/picture/f5de544c32f0aa6daa07e18fef23205e
  • /sdcard/NndAppAiv_Video/####/picture/a1095e46fe3492a74ca3eb0c9e90217e
  • /data/data/####/ReadyHost.txt
  • /sdcard/NndAppAiv_Video/####/picture/6b12e17746a70522dec633f198911849
  • /sdcard/NndAppAiv_Video/####/picture/8e46d53d20684a182e64c53c255ac969
  • /sdcard/NndAppAiv_Video/####/picture/dec342b0e405513ff15f9555c24444de
  • /sdcard/NndAppAiv_Video/####/picture/7e74e6094a24edabb35044d9f7807e5a
  • /sdcard/NndAppAiv_Video/####/picture/4f379f5866ca550fb8c97c88180d788e
  • /sdcard/NndAppAiv_Video/####/picture/c326fa8288a604f64230cb929a47a415
  • /sdcard/NndAppAiv_Video/####/file/7a497b93b8467f6f27d2ff5fbfbf3355.dat
  • /sdcard/NndAppAiv_Video/####/picture/9dda687c6b528797692a642dd8afc824
  • /sdcard/NndAppAiv_Video/####/picture/603f3f2bae0d53dc8501f62c4bf63c89
  • /sdcard/NndAppAiv_Video/####/file/8be5ebce885d8c3b781f1b74c7f856c1.dat.tmp
  • /sdcard/NndAppAiv_Video/####/picture/a6128beabe045508947d43735f59c595
  • /sdcard/NndAppAiv_Video/####/file/31816183a86da5bf627f7eed2caa0861
  • /sdcard/NndAppAiv_Video/####/picture/a3b3c47cab60cf3a7a03cdd2363b5bc2
  • /data/data/####/files/23DB8520H32/####12x862
  • /sdcard/NndAppAiv_Video/####/picture/c5ef437381b15e9f9d20322e1efb0730
  • /sdcard/NndAppAiv_Video/####/picture/15b58e7eb9df6e3ede62a36429bc212b
  • /sdcard/NndAppAiv_Video/####/picture/9db3e58f33c92b278021f45d680e9f74
  • /sdcard/NndAppAiv_Video/####/picture/c2d085bc4438cd206b558003390d8c9d
  • /data/data/####/shared_prefs/####_preferences.xml
  • /sdcard/NndAppAiv_Video/####/picture/c8d63900af6a768a48adcbcb5b72521c
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • /sdcard/NndAppAiv_Video/####/picture/d41bd39f3e44a9c7664440e6a5e0a233
  • /sdcard/NndAppAiv_Video/####/picture/4ad4852590a3daefd685d873d1c34f82
  • /data/data/####/databases/cc/cc.db
  • /sdcard/NndAppAiv_Video/####/picture/adced6d6a5dd7b6c85bfda38932bc0d2
  • /sdcard/NndAppAiv_Video/####/picture/bf7cba76603002b343264cf2a6b80f58
  • /sdcard/NndAppAiv_Video/####/picture/84f1df53601480bd925a437f2acb3538
  • /sdcard/NndAppAiv_Video/####/picture/8141d22d752d7a050c1f1348d73f79f7
  • /sdcard/NndAppAiv_Video/####/picture/e72be78f4449bb2600358fb7e597fef2
  • /sdcard/NndAppAiv_Video/####/picture/e065ad1fb10f76d9e9a22b42c97998ef
  • /sdcard/NndAppAiv_Video/####/picture/2c37b8111937e5e53d03db4c021f6d62
  • /sdcard/NndAppAiv_Video/####/picture/3368ff07c4bd0a139768020167e0d197
  • /sdcard/NndAppAiv_Video/####/file/7a497b93b8467f6f27d2ff5fbfbf3355.dat.tmp
  • /sdcard/NndAppAiv_Video/####/picture/763798d4b87e783a91653492a4bfb6be
  • /sdcard/NndAppAiv_Video/####/file/8be5ebce885d8c3b781f1b74c7f856c1.dat
  • /sdcard/NndAppAiv_Video/####/picture/b9bdfe1a57bfbb453538ebcd48858ae9
  • /sdcard/NndAppAiv_Video/####/picture/bf0a283b3d73335b65077ed6acfd9629
  • /sdcard/NndAppAiv_Video/####/picture/348ff4ea06c39e17bddbb63b4d732df6
  • /data/data/####/files/1493731230709_V17041703Aj1so32.so
  • /sdcard/NndAppAiv_Video/####/picture/3e95d09c94f299ab0b0257562335d76e
  • /sdcard/NndAppAiv_Video/####/picture/fa4bfb90b2cbd052e4264d3d68f9b4bd
  • /sdcard/NndAppAiv_Video/####/picture/80f5b00df6376866b0211c0c971cf903
  • /sdcard/NndAppAiv_Video/####/picture/42ab3ab2ebb9f95c42fccdf40d508d56
  • /data/data/####/PreExcuModsInfo.txt
  • /sdcard/NndAppAiv_Video/####/picture/bbd4afe66d7ad8afd01cd74d0b2a791b
  • /sdcard/NndAppAiv_Video/####/picture/f516afc3a087bd92134194b2dd51b253
  • /sdcard/NndAppAiv_Video/####/picture/a6f2aee21237549119d1d8e34736faa8
  • /data/data/####/shared_prefs/umeng_general_config.xml.bak
  • /sdcard/NndAppAiv_Video/####/picture/8dbf08a7d8c9a54dd71e501342ad5209
  • /sdcard/NndAppAiv_Video/####/picture/1b84fd2bd36e7b6a6cc291af631e70ca
  • /sdcard/NndAppAiv_Video/####/picture/3a76f99cbb3070edbff9a8a32890c957
  • /data/data/####/files/Android-x86112.jar
  • /sdcard/NndAppAiv_Video/####/picture/8b0df89eaa261e6329f03b76770c12e9
  • /sdcard/NndAppAiv_Video/####/file/31f4804a17c14991a50429cd49a8db0f
  • /sdcard/NndAppAiv_Video/####/picture/f24a6ff42dd4ffbe744082d38a3a0229
  • /sdcard/NndAppAiv_Video/####/picture/a3ac7b78fd1da5c69b02ffc574b8c747
  • /data/data/####/XmSmLockFile.txt
  • /sdcard/NndAppAiv_Video/####/picture/04daac1fb6449e83257b295253d6f456
Sets the 'executable' attribute to the following files:
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Miscellaneous:
Executes next shell scripts:
  • sh /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
  • sh -c rm /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • getenforce
  • /system/bin/dexopt --dex 27 43 40 226208 /data/data/####/app_file_dex/MasterControl.jar 1244887144 -736492987 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fram
  • /system/bin/dexopt --dex 27 69 40 66944 /data/data/####/files/Android-x86112.jar 1251052727 1662001824 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/f
  • sh -c rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
  • rm /data/data/####/files/hftJcw46N.dex
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • sh -c rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • rm -f /data/data/####/files/hftJcw46N.dex
  • chmod 0771 /data/data/####/.syslib-
  • sh -c rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • sh -c rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • rm /data/data/####/files/hftJcw46N.jar
  • getprop apps.customerservice.device
  • rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • /system/bin/dexopt --dex 27 56 40 23552 /data/data/####/files/hftJcw46N.jar 1251046254 1664476667 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framew
  • /system/bin/dexopt --dex 27 67 40 23552 /data/data/####/files/hftJcw46N.jar 1251046254 1664476667 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framew
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • sh -c rm /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • rm -f /data/data/####/files/hftJcw46N.jar
  • rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Contains functionality to send SMS messages automatically.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play