ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.Siggen.7974

Added to the Dr.Web virus database: 2018-04-20

Virus description added:

Technical information

Malicious functions:
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) mo####.zhu####.s####.com:80
  • TCP(HTTP/1.1) bc.g####.gosu####.com:80
  • TCP(HTTP/1.1) down####.eoema####.com:80
  • TCP(HTTP/1.1) get.s####.com:80
  • TCP(HTTP/1.1) down####.zhu####.s####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) thi####.q####.cn:80
  • TCP(HTTP/1.1) i####.sogo####.com.####.com:80
  • TCP(HTTP/1.1) de####.ping####.zhu####.####.com:80
  • TCP(HTTP/1.1) dl.zhu####.s####.####.com:80
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) mo####.zhu####.s####.com:443
  • TCP ope####.m.ta####.com:443
  • TCP umengj####.m.ta####.com:443
DNS requests:
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • and####.b####.qq.com
  • d####.zhu####.s####.com
  • d2.eoema####.com
  • de####.ping####.zhu####.####.com
  • dl.zhu####.s####.com
  • down####.eoema####.com
  • down####.zhu####.s####.com
  • get.s####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • img.sogo####.com
  • mo####.zhu####.s####.com
  • msg.umengc####.com
  • p####.s####.com
  • q.q####.cn
  • thi####.q####.cn
  • thi####.q####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
HTTP GET requests:
  • bc.g####.gosu####.com/app0/181/181130/apk/1855650.apk?channel_id=####
  • de####.ping####.zhu####.####.com/?_dv=####&_di=Xga####&_dc=cKy####
  • dl.zhu####.s####.####.com/oglxr/open/files/year_2018/day_20180111/152419...
  • down####.eoema####.com/app?id=####&client_id=####&channel_id=####&dn=####
  • down####.zhu####.s####.####.com/focusimage/3a/f2/3af22b914b0b7ca32855d40...
  • i####.sogo####.com.####.com/app/a/100540008/1cd0de6819c480da8ecb551ae46d...
  • i####.sogo####.com.####.com/app/a/100540008/1ce3a53a3ca15bceeca315c35a32...
  • i####.sogo####.com.####.com/app/a/100540008/26630396ff3f9a06bcf5b8e333f8...
  • i####.sogo####.com.####.com/app/a/100540008/28585bed94c81dbd47144ceabdd4...
  • i####.sogo####.com.####.com/app/a/100540008/34224090419eb89b8574381e2bcc...
  • i####.sogo####.com.####.com/app/a/100540008/39c141fa0caca68a18632be83a44...
  • i####.sogo####.com.####.com/app/a/100540008/3f37c41a4064a7146900eba67e83...
  • i####.sogo####.com.####.com/app/a/100540008/48492bc8ce3f016d0a99fc2a58a9...
  • i####.sogo####.com.####.com/app/a/100540008/4888616af8568bdff49f9619d891...
  • i####.sogo####.com.####.com/app/a/100540008/4ca8b0aaae4ee40b7db2d8259ffa...
  • i####.sogo####.com.####.com/app/a/100540008/4d86bdfb784300c0cc79ec551aad...
  • i####.sogo####.com.####.com/app/a/100540008/5ca626f0aaacaf485b239f7e92a3...
  • i####.sogo####.com.####.com/app/a/100540008/5ef207d552f8390f703422270356...
  • i####.sogo####.com.####.com/app/a/100540008/6020a3e4d715e07b71a79b90b1f5...
  • i####.sogo####.com.####.com/app/a/100540008/76265e571b3254c7f64d5c44487a...
  • i####.sogo####.com.####.com/app/a/100540008/86a232c9961dc79354fa76295492...
  • i####.sogo####.com.####.com/app/a/100540008/903e11cb4436fc27961dd567f3a6...
  • i####.sogo####.com.####.com/app/a/100540008/904e26929739dec84b6cb93fdae4...
  • i####.sogo####.com.####.com/app/a/100540008/96af29289ad3e83237c6cfe79010...
  • i####.sogo####.com.####.com/app/a/100540008/9e517b0ec8e327bfc5c567d25101...
  • i####.sogo####.com.####.com/app/a/100540008/a616ea3e789c811a229e434376c2...
  • i####.sogo####.com.####.com/app/a/100540008/aae178500be84d3e6415eb1f3cac...
  • i####.sogo####.com.####.com/app/a/100540008/bc171cae4b2096bc26abe2d021bf...
  • i####.sogo####.com.####.com/app/a/100540008/d3b01e4c22d3e2f3086a71017e03...
  • i####.sogo####.com.####.com/app/a/100540008/de3f94fa11aff9d99d5c6e8da315...
  • i####.sogo####.com.####.com/app/a/100540008/e8adecb5e9e2ab72d8d5999dbf49...
  • i####.sogo####.com.####.com/app/a/100540008/ebe3f0c5701ef1914d26f8b6677e...
  • i####.sogo####.com.####.com/app/a/100540008/efdaba616fdccc923a5b88c7a173...
  • i####.sogo####.com.####.com/app/a/100540008/ffeb069b3889043a7c6c9a916ee3...
  • i####.sogo####.com.####.com/app/a/100540014/26a0524c41eda030f5c67cb3dfcf...
  • i####.sogo####.com.####.com/app/a/100540014/31618e28050f46521b03e71a7438...
  • i####.sogo####.com.####.com/app/a/100540014/4ccdbde99f1fd5a8c0c4c7abd2e1...
  • i####.sogo####.com.####.com/app/a/100540014/6fae552169a943fbd71a98c63969...
  • i####.sogo####.com.####.com/app/a/100540014/7e6089a5bf1637a3a7e4c094de08...
  • i####.sogo####.com.####.com/app/a/100540014/95cd98aa2681ed39bb2b9938c6c9...
  • i####.sogo####.com.####.com/app/a/100540014/a14028e88b1b035834043e8e089e...
  • i####.sogo####.com.####.com/app/a/100540014/c387d7f11a8f96b43115f2efa556...
  • i####.sogo####.com.####.com/app/a/100540014/ccba80731dc25680b97c3243f04e...
  • i####.sogo####.com.####.com/app/a/100540014/d66cfaa61e379360b34d97d50678...
  • i####.sogo####.com.####.com/app/a/100540014/d6b91111e597180384ce48876b77...
  • i####.sogo####.com.####.com/app/a/100540014/d7eef912e8cdec460b75cc09acab...
  • i####.sogo####.com.####.com/app/a/100540014/f374ec3ed0f4c933a2e35edcfc97...
  • i####.sogo####.com.####.com/app/a/100540014/f9f781ce943bb22374f99b1dcb08...
  • i####.sogo####.com.####.com/app/a/100540020/1216637778c9f08318d97d72fb0c...
  • i####.sogo####.com.####.com/app/a/100540020/15a6556fc50b60a99c0ad6856196...
  • i####.sogo####.com.####.com/app/a/100540020/2d5b0324c52c67f88d22e7f96d60...
  • i####.sogo####.com.####.com/app/a/100540020/32eb50a82f5fd30ee147d00efc5e...
  • i####.sogo####.com.####.com/app/a/100540020/34c81edd511423a11d229f076109...
  • i####.sogo####.com.####.com/app/a/100540020/3b68f13ab3757145bdc1778b2945...
  • i####.sogo####.com.####.com/app/a/100540020/3c3c2f239852961632ff170eb4ec...
  • i####.sogo####.com.####.com/app/a/100540020/4715ecfc7f26e90879d12b7215f8...
  • i####.sogo####.com.####.com/app/a/100540020/47649d5fabe64645e34e9cd73e06...
  • i####.sogo####.com.####.com/app/a/100540020/4ca8b0aaae4ee40b7db2d8259ffa...
  • i####.sogo####.com.####.com/app/a/100540020/549428ceeff00a6cc99c2b921073...
  • i####.sogo####.com.####.com/app/a/100540020/554d1514efd0df95b750df6e9f32...
  • i####.sogo####.com.####.com/app/a/100540020/56cd132b055a9390604b02008f26...
  • i####.sogo####.com.####.com/app/a/100540020/5b5258cc76aab795d4c364971f66...
  • i####.sogo####.com.####.com/app/a/100540020/5f08378c25c9814fc3b81610fa62...
  • i####.sogo####.com.####.com/app/a/100540020/6762ee7d78b421dab558684d2e0c...
  • i####.sogo####.com.####.com/app/a/100540020/6b04660ef267e3db88ff34e8ebe8...
  • i####.sogo####.com.####.com/app/a/100540020/735a0bfe9bac701e2644293dfd8f...
  • i####.sogo####.com.####.com/app/a/100540020/782fece6825600dba2093d7f7469...
  • i####.sogo####.com.####.com/app/a/100540020/7d5ad5341a42c4e70258d78a0634...
  • i####.sogo####.com.####.com/app/a/100540020/7d97c573e3f85e2580b40bdffd01...
  • i####.sogo####.com.####.com/app/a/100540020/84cb1a6c16a6da496ba59b50cb58...
  • i####.sogo####.com.####.com/app/a/100540020/8bdc188e92945615645518e1077e...
  • i####.sogo####.com.####.com/app/a/100540020/8c86c6c3ecbb49e17482cbae3531...
  • i####.sogo####.com.####.com/app/a/100540020/8fba00e988b7ccdd29d96d69640d...
  • i####.sogo####.com.####.com/app/a/100540020/93b3391ced5bc8e359d1a0b927b3...
  • i####.sogo####.com.####.com/app/a/100540020/9400f251f22c4f41848dcf3d9a7e...
  • i####.sogo####.com.####.com/app/a/100540020/979eb29aff35509199d9b1e058ab...
  • i####.sogo####.com.####.com/app/a/100540020/99aa1e207069e2bb96bd78b90f80...
  • i####.sogo####.com.####.com/app/a/100540020/9b1ef2154704e50f0477d8d21d3e...
  • i####.sogo####.com.####.com/app/a/100540020/9e517b0ec8e327bfc5c567d25101...
  • i####.sogo####.com.####.com/app/a/100540020/a1ee139191773d7902b9e7c07779...
  • i####.sogo####.com.####.com/app/a/100540020/a2ee80ed0936b4b025f37925151b...
  • i####.sogo####.com.####.com/app/a/100540020/a33230517096503a6d0c52af91d3...
  • i####.sogo####.com.####.com/app/a/100540020/a4ba1b0c8e44092dc15964e2e024...
  • i####.sogo####.com.####.com/app/a/100540020/a6454774bcff24cec9cb1333b862...
  • i####.sogo####.com.####.com/app/a/100540020/a68343b7d868473c679feceb6096...
  • i####.sogo####.com.####.com/app/a/100540020/a94085ab2927d4c0e3c1d6911a2d...
  • i####.sogo####.com.####.com/app/a/100540020/afa78f504d2669eecaafcf6b9a39...
  • i####.sogo####.com.####.com/app/a/100540020/b1eab6da7911c0cb3ec9aefb2782...
  • i####.sogo####.com.####.com/app/a/100540020/b31c71f72cf344a91d9b6ae64262...
  • i####.sogo####.com.####.com/app/a/100540020/b72b66cb0a4f23f30296b7ccc3d5...
  • i####.sogo####.com.####.com/app/a/100540020/c2989ee662a721232f12e11220cb...
  • i####.sogo####.com.####.com/app/a/100540020/c4078f47e4ddc17f9e54ac6be636...
  • i####.sogo####.com.####.com/app/a/100540020/c763ff390cd8b88bfa3d9cc12e30...
  • i####.sogo####.com.####.com/app/a/100540020/cc1acdee48e759484d81099bf2e7...
  • i####.sogo####.com.####.com/app/a/100540020/d0f2a1767c515947924e3ee24a97...
  • i####.sogo####.com.####.com/app/a/100540020/d15c946d8beb715c88fe1de5f262...
  • i####.sogo####.com.####.com/app/a/100540020/d2bac01c479bac16c1e9da49fdbf...
  • i####.sogo####.com.####.com/app/a/100540020/d44009666e23043816f5b9c348bc...
  • i####.sogo####.com.####.com/app/a/100540020/da50f25af4b34e9c0fbdd10acb90...
  • i####.sogo####.com.####.com/app/a/100540020/e1128dcea22a0eed93e97faea720...
  • i####.sogo####.com.####.com/app/a/100540020/e11fdb5431c051f60d710fe3e7bb...
  • i####.sogo####.com.####.com/app/a/100540020/e444fc01718bd271005956bb6096...
  • i####.sogo####.com.####.com/app/a/100540020/ebe3f0c5701ef1914d26f8b6677e...
  • i####.sogo####.com.####.com/app/a/100540020/f6cf01a9b8f7197a1460f775a1a2...
  • i####.sogo####.com.####.com/app/a/100540020/fe98b3320e98eafc1ffb97bb17f2...
  • i####.sogo####.com.####.com/app/a/11220004/0547fefe84be5766688f6eedc521d...
  • i####.sogo####.com.####.com/app/a/11220004/0a35aa1ec2d5af6f6a8ab73d54260...
  • i####.sogo####.com.####.com/app/a/11220004/0a9b038f6064ae2ec3f2c5e07973b...
  • i####.sogo####.com.####.com/app/a/11220004/22f240baac9f1f67a0b6a2b757895...
  • i####.sogo####.com.####.com/app/a/11220004/3b0d74d8a56e76a269b6f7783d759...
  • i####.sogo####.com.####.com/app/a/11220004/4b73fdb8effbf63ebf0333233d58a...
  • i####.sogo####.com.####.com/app/a/11220004/5a79e4efd20ec5b6790d07358cab9...
  • i####.sogo####.com.####.com/app/a/11220004/625f7ec338df5360ffb5c202299a6...
  • i####.sogo####.com.####.com/app/a/11220004/66fd2806a8769cc53ad720c0bfeb2...
  • i####.sogo####.com.####.com/app/a/11220004/6b540beaecc2ed371138c3b7e58c9...
  • i####.sogo####.com.####.com/app/a/11220004/746a19b8088b265a60340ea988037...
  • i####.sogo####.com.####.com/app/a/11220004/82143aed9a30d536e1944ab972390...
  • i####.sogo####.com.####.com/app/a/11220004/84477af4a9378279f72bad534d02b...
  • i####.sogo####.com.####.com/app/a/11220004/8d2593e38f9571956e965f1bdb059...
  • i####.sogo####.com.####.com/app/a/11220004/8d55dad8be873512aeb8aad5f4c82...
  • i####.sogo####.com.####.com/app/a/11220004/953bb612248b57c8901a3971ea579...
  • i####.sogo####.com.####.com/app/a/11220004/aa61cc53db03f4623600e897fdacd...
  • i####.sogo####.com.####.com/app/a/11220004/b5485f1ba28bd651ae9f79ca91fd8...
  • i####.sogo####.com.####.com/app/a/11220004/b68575c2c9fdc7e89dc06aa58811c...
  • i####.sogo####.com.####.com/app/a/11220004/b930abbd5785a34f35db9e264cbcf...
  • i####.sogo####.com.####.com/app/a/11220004/bee4515b249bea7c67d768f27648b...
  • i####.sogo####.com.####.com/app/a/11220004/d2fb5fb271dfe83344029579eb96d...
  • i####.sogo####.com.####.com/app/a/11220004/dd2a4f7937e997702a6df10bd66ae...
  • i####.sogo####.com.####.com/app/a/11220004/e353f4bbc6d12b0e51fc9cf8072e9...
  • i####.sogo####.com.####.com/app/a/11220004/e378f6c5e9c4bfa6fd68a022fe19f...
  • mo####.zhu####.s####.com/android/app/getcomment.html?iv=####&appid=####&...
  • mo####.zhu####.s####.com/android/checkjarupdate.html?uid=####&vn=####&ch...
  • mo####.zhu####.s####.com/android/config/device.html?iv=####&uid=####&vn=...
  • mo####.zhu####.s####.com/android/config/device_entry.html?iv=####&rom=##...
  • mo####.zhu####.s####.com/android/downbind.html?iv=####&etoken=####&token...
  • mo####.zhu####.s####.com/android/download.html?app_id=####&sogouid=####&...
  • mo####.zhu####.s####.com/android/folder/ads/link.html?iv=####&type=####&...
  • mo####.zhu####.s####.com/android/list/relation.html?s=####&iv=####&l=###...
  • mo####.zhu####.s####.com/android/nav/config.html?iv=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/android/news/channel.html?&uid=####&vn=####&cha...
  • mo####.zhu####.s####.com/android/notify.html?uid=####&vn=####&channel=##...
  • mo####.zhu####.s####.com/android/popup.html?iv=####&gid=####&dpi=####&ui...
  • mo####.zhu####.s####.com/android/residentRec.html?iv=####&uid=####&vn=##...
  • mo####.zhu####.s####.com/android/serverconfig.html?iv=####&mf=####&on=##...
  • mo####.zhu####.s####.com/android/sosodetail.html?iv=####&sosoid=####&uid...
  • mo####.zhu####.s####.com/android/weather.html?iv=####&bts=####&type=####...
  • mo####.zhu####.s####.com/m/appDetail.html?id=####&iv=####&imei=####&uid=...
  • mo####.zhu####.s####.com/m/author.html?l=####&aid=####&s=####&iv=####&q=...
  • mo####.zhu####.s####.com/m/focus.html?iv=####&tid=####&uid=####&vn=####&...
  • mo####.zhu####.s####.com/m/install.html?iv=####&is_first=####&uid=####&v...
  • mo####.zhu####.s####.com/m/likeApp.html?iv=####&tid=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/m/recommend.html?s=####&token=####&iv=####&c=##...
  • mo####.zhu####.s####.com/misc/root/gets.html?key=####&ret=####&uid=####&...
  • thi####.q####.cn/mmopen/vi_32/5aLaoAEwjxOhc3ic7jJbpcdjbWfeLwDVXwrPGaHH5v...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTJC8lQbwDLtenrn1EPlsjZVHDmBGnd88S...
  • thi####.q####.cn/mmopen/vi_32/fjfiaJOJZfq43DcVjvJwicw4Ficu8UWuF7iac61jQD...
  • thi####.q####.cn/qqapp/100294784/0CEB2F32796EDAE9BD1D763C570D4B5E/100
  • thi####.q####.cn/qqapp/100294784/52A4395C10E35CB377E1DAAF550B7F76/100
  • thi####.q####.cn/qqapp/100294784/5EB0C51413C91666E7AB022920FAA7C3/100
  • thi####.q####.cn/qqapp/100294784/83F583CA305598CBBA4895920130B085/100
  • thi####.q####.cn/qqapp/100294784/D4651C8AE4C64A86ACD8D2A1F8AB52A4/100
  • thi####.q####.cn/qqapp/100294784/F360D5415D2603BA3CD1D699B79A9F85/100
  • thi####.q####.cn/qqapp/100863168/06B50077AAEE80C0CB9BC213084C5500/100
  • thi####.q####.cn/qqapp/100863168/0EC1F84A1AE1C9DAB669F98E90501DA5/100
  • thi####.q####.cn/qqapp/100863168/12698F8A805CB260ABDA5C85B82BC25D/100
  • thi####.q####.cn/qqapp/100863168/3BEE12CBB05974EFD7B9B17FAE04D011/100
  • thi####.q####.cn/qqapp/100863168/4F5FB1FB1FAC9FA42F6FCA0BF8FB8719/100
  • thi####.q####.cn/qqapp/100863168/6D9DA7D16342C1D61B567288BA4D6012/100
  • thi####.q####.cn/qqapp/100863168/99BAE1F6FBAA30289A5F1CF2B8143520/100
  • thi####.q####.cn/qqapp/100863168/C383D09DAB0CA9B136D4CA14CA71285B/100
  • thi####.q####.cn/qqapp/100863168/ED817AA1BC76DB773EFCCCC9D8B92A8F/100
  • thi####.q####.cn/qqapp/111111/942FEA70050EEAFBD4DCE2C1FC775E56/100
HTTP POST requests:
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • and####.b####.qq.com/rqd/async
  • get.s####.com/q
  • mo####.zhu####.s####.com/android/app/usercomment.html?iv=####&pn=####&an...
  • mo####.zhu####.s####.com/android/checkapptotal.html?iv=####&sdkversion=#...
  • mo####.zhu####.s####.com/android/checkupdate.html?andid=####
  • mo####.zhu####.s####.com/android/folder/game/type.html?iv=####&gid=####&...
  • mo####.zhu####.s####.com/android/loadscreen.html?dpi=####&iv=####&uid=##...
  • mo####.zhu####.s####.com/android/updateNotify.html?iv=####&dpi=####&sdkv...
Modified file system:
Creates the following files:
  • /data/data/####/-10177716171093175518
  • /data/data/####/-1157796899-453306562
  • /data/data/####/-1197960752-737457217
  • /data/data/####/-11979607521371856410
  • /data/data/####/-11979607521765557559
  • /data/data/####/-1197960752617118911
  • /data/data/####/-1452697297-137365547
  • /data/data/####/-1452697297-1379035111
  • /data/data/####/-1452697297-168084498
  • /data/data/####/-1452697297-436956667
  • /data/data/####/-1452697297-598886194
  • /data/data/####/-14526972971872240635
  • /data/data/####/-14526972972142440803
  • /data/data/####/-1534546900950568150
  • /data/data/####/-1578119070864233628
  • /data/data/####/-1591899378950253331
  • /data/data/####/-1629299453-1972746009
  • /data/data/####/-1648318067-1972746009
  • /data/data/####/-1668237740-1697147816
  • /data/data/####/-1668593648950568150
  • /data/data/####/-1707433842-1143153521
  • /data/data/####/-17074338421165314101
  • /data/data/####/-17074338422125404447
  • /data/data/####/-1707433842669957691
  • /data/data/####/-17492584761692080900
  • /data/data/####/-1749258478773836769
  • /data/data/####/-1749258491407178406
  • /data/data/####/-1749258496-1442547509
  • /data/data/####/-17492584971664316019
  • /data/data/####/-1871490061-1697147816
  • /data/data/####/-1908608467950568150
  • /data/data/####/-1953114665124576560
  • /data/data/####/-1962170387-1328637980
  • /data/data/####/-1962170387-1551617425
  • /data/data/####/-19621703871505568740
  • /data/data/####/-1962170387876119657
  • /data/data/####/-1970197987-1279202089
  • /data/data/####/-303792728-789827245
  • /data/data/####/-403510539-476209677
  • /data/data/####/-4212645381382515249
  • /data/data/####/-543240672-1972746009
  • /data/data/####/-556790544-476209677
  • /data/data/####/-655942494325717955
  • /data/data/####/-699901274-1697147816
  • /data/data/####/-716823398950568150
  • /data/data/####/-741435750950568150
  • /data/data/####/-745582236-1972746009
  • /data/data/####/-782210392-476209677
  • /data/data/####/-83897057-1972746009
  • /data/data/####/-90534904-453306562
  • /data/data/####/-919448835-1516072984
  • /data/data/####/-919448849-631076583
  • /data/data/####/-919448852-1533936107
  • /data/data/####/-9194488521574342402
  • /data/data/####/1067005471-1083587637
  • /data/data/####/1067005471-1240467643
  • /data/data/####/1067005471-1389116703
  • /data/data/####/1067005471-1450259532
  • /data/data/####/1067005471-2089571649
  • /data/data/####/1067005471-2142130631
  • /data/data/####/1067005471-508934478
  • /data/data/####/10670054711197431792
  • /data/data/####/10670054711344973895
  • /data/data/####/10670054711842551603
  • /data/data/####/1067005471258382966
  • /data/data/####/1067005471902182357
  • /data/data/####/1067005471999701921
  • /data/data/####/1067005472-1059973876
  • /data/data/####/1067005472-1449696283
  • /data/data/####/1067005472-1480736619
  • /data/data/####/1067005472-1781111794
  • /data/data/####/1067005472-2042820128
  • /data/data/####/1067005472-251193589
  • /data/data/####/1067005472-513240987
  • /data/data/####/1067005472-573971059
  • /data/data/####/10670054721168019759
  • /data/data/####/10670054721560744050
  • /data/data/####/10670054721612035046
  • /data/data/####/1067005472353054446
  • /data/data/####/1067005472450749554
  • /data/data/####/1067005472756439051
  • /data/data/####/1067005473-1027727503
  • /data/data/####/1067005473-1205505404
  • /data/data/####/1067005473-124164686
  • /data/data/####/1067005473-1282688636
  • /data/data/####/1067005473-1452847414
  • /data/data/####/1067005473-156138585
  • /data/data/####/1067005473-1578766395
  • /data/data/####/1067005473-1650171771
  • /data/data/####/1067005473-1705057403
  • /data/data/####/1067005473-1729915820
  • /data/data/####/1067005473-1761501966
  • /data/data/####/1067005473-1865899710
  • /data/data/####/1067005473-1867470296
  • /data/data/####/1067005473-1934595374
  • /data/data/####/1067005473-1938515275
  • /data/data/####/1067005473-1958208358
  • /data/data/####/1067005473-2070430221
  • /data/data/####/1067005473-2114854631
  • /data/data/####/1067005473-2136492042
  • /data/data/####/1067005473-348655773
  • /data/data/####/1067005473-360018962
  • /data/data/####/1067005473-673558851
  • /data/data/####/1067005473-684907877
  • /data/data/####/1067005473-805204141
  • /data/data/####/1067005473-893520055
  • /data/data/####/1067005473-974018790
  • /data/data/####/10670054731030093287
  • /data/data/####/10670054731133624224
  • /data/data/####/10670054731148220234
  • /data/data/####/10670054731167443791
  • /data/data/####/10670054731169977275
  • /data/data/####/10670054731271660316
  • /data/data/####/10670054731306663473
  • /data/data/####/1067005473134952727
  • /data/data/####/10670054731552215900
  • /data/data/####/10670054731570397901
  • /data/data/####/10670054731596958445
  • /data/data/####/10670054731696872702
  • /data/data/####/10670054731741098038
  • /data/data/####/10670054731778727831
  • /data/data/####/10670054731798464621
  • /data/data/####/10670054731994068761
  • /data/data/####/10670054732105069279
  • /data/data/####/10670054732135553168
  • /data/data/####/1067005473351405189
  • /data/data/####/1067005473548670842
  • /data/data/####/1067005473563169504
  • /data/data/####/1067005473584778853
  • /data/data/####/1067005473640995127
  • /data/data/####/1067005473713156781
  • /data/data/####/1067005473715331757
  • /data/data/####/1067005473719054063
  • /data/data/####/1067005473720356262
  • /data/data/####/1067005473741893645
  • /data/data/####/106700547395496775
  • /data/data/####/1067005473956045689
  • /data/data/####/1067005473974650786
  • /data/data/####/1190131415-1319773466
  • /data/data/####/1412220360-1826350019
  • /data/data/####/1422592429640588067
  • /data/data/####/1472443632-1697147816
  • /data/data/####/1606152260-3954438
  • /data/data/####/16061522602033789067
  • /data/data/####/1611602864-519002329
  • /data/data/####/1611602864-812421132
  • /data/data/####/1611602864-832348829
  • /data/data/####/16116028641742378567
  • /data/data/####/1653981279640588067
  • /data/data/####/1740802947-453306562
  • /data/data/####/1755234209-1144423017
  • /data/data/####/1755234209510067521
  • /data/data/####/1760049605-1558164746
  • /data/data/####/1797556398-2066102157
  • /data/data/####/20857154341376090131
  • /data/data/####/21463160251397901333
  • /data/data/####/4754180171166206623
  • /data/data/####/571826182-1684122437
  • /data/data/####/762880820-488566919
  • /data/data/####/793620192-56636997
  • /data/data/####/7936201921711841462
  • /data/data/####/7936201921755170144
  • /data/data/####/793620192878169909
  • /data/data/####/826529213-1083992018
  • /data/data/####/861350065-2075991454
  • /data/data/####/ACCS_BINDumeng;58eee65d07fe654c91002627.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml.bak (deleted)
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/Badge.Main.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/NotificationCenter_Pre.xml
  • /data/data/####/PB_SP.xml
  • /data/data/####/PingBackManager_Pre.xml
  • /data/data/####/SGLocSDK.xml
  • /data/data/####/SOGOUPLUS_CONFIG.xml
  • /data/data/####/account.db-journal
  • /data/data/####/accs.db-journal
  • /data/data/####/agoo.pid
  • /data/data/####/androidtool.db-journal
  • /data/data/####/app_config.xml
  • /data/data/####/app_config.xml.bak
  • /data/data/####/app_config.xml.bak (deleted)
  • /data/data/####/app_preference.xml
  • /data/data/####/app_usage.db
  • /data/data/####/app_usage.db-journal
  • /data/data/####/bugly_db_-journal
  • /data/data/####/com.sogo.appmall.push_service_setting.xml
  • /data/data/####/credit_share_preferences.xml
  • /data/data/####/downloads_classic.db-journal
  • /data/data/####/eudemon
  • /data/data/####/home_app_n
  • /data/data/####/home_app_p
  • /data/data/####/home_game_n
  • /data/data/####/home_game_p
  • /data/data/####/home_lb_n
  • /data/data/####/home_lb_p
  • /data/data/####/home_sf_n
  • /data/data/####/home_sf_p
  • /data/data/####/localRoot.json
  • /data/data/####/local_crash_lock
  • /data/data/####/location_config.xml
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/nav_app_selected
  • /data/data/####/nav_app_unselected
  • /data/data/####/nav_game_selected
  • /data/data/####/nav_game_unselected
  • /data/data/####/nav_manage_selected
  • /data/data/####/nav_manage_unselected
  • /data/data/####/nav_rank_selected
  • /data/data/####/nav_rank_unselected
  • /data/data/####/nav_select_selected
  • /data/data/####/nav_select_unselected
  • /data/data/####/patchmanage.db
  • /data/data/####/patchmanage.db-journal
  • /data/data/####/pb_db
  • /data/data/####/pb_db-journal
  • /data/data/####/pback (deleted)
  • /data/data/####/security_info
  • /data/data/####/soso.db
  • /data/data/####/soso.db-journal
  • /data/data/####/tab_config.json
  • /data/data/####/temp
  • /data/data/####/unupdateapp_v2.db
  • /data/data/####/unupdateapp_v2.db-journal
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal (deleted)
  • /data/media/####/.nomedia
  • /data/media/####/.sg_firstlauch.cfg
  • /data/media/####/2500af6fe2e2439c95a373d76af0bdcd
  • /data/media/####/41a9236727944d49896660bab2dfedcf
  • /data/media/####/9036c29c130541e49ae94c0946492f33
  • /data/media/####/Alvin2.xml
  • /data/media/####/ContextData.xml
  • /data/media/####/comlokinfoandroidgamemarketmmshow2680.apk
  • /data/media/####/comtencentqqgameqqhlupwvga39150.apk
  • /data/media/####/deviceToken
  • /data/media/####/f88b271d8339429f99854903719b6b5a
Miscellaneous:
Executes next shell scripts:
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c type su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:58eee65d07fe654c91002627","utdid":"WtmCtF1eGUoDAGdzx1Hl4Cd7","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • cat /sys/class/net/wlan0/address
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 777 <Package Folder>/cache
  • chmod 777 <Package Folder>/files
  • getprop ro.board.platform
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.kernel.qemu
  • getprop ro.miui.ui.version.name
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.version
  • sh
Loads the following dynamic libraries:
  • Bugly
  • diff
  • rutx
  • sogouenc
  • tnet-3.1
  • uninstall
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-GCM-NoPadding
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about APN settings.
Gains access to information about active device administrators.
Gains access to information about installed applications.
Gains access to information about running applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play