マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.Xiny.1615

Added to the Dr.Web virus database: 2018-05-06

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Xiny.20
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) c####.baidust####.com:80
  • TCP(HTTP/1.1) s8.q####.com:80
  • TCP(HTTP/1.1) cm.pos.b####.com:80
  • TCP(HTTP/1.1) wn.pos.b####.com:80
  • TCP(HTTP/1.1) aserver####.m.ta####.com:80
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) mo####.b####.com:80
  • TCP(HTTP/1.1) s####.jom####.com:80
  • TCP(HTTP/1.1) wc.find####.cc.####.com:80
  • TCP(HTTP/1.1) i####.2####.com:80
  • TCP(HTTP/1.1) www.2####.com:80
  • TCP(HTTP/1.1) hm.b####.com:80
  • TCP(HTTP/1.1) s.3####.cn:80
  • TCP(HTTP/1.1) ggse####.2####.com.####.net:80
  • TCP(HTTP/1.1) pos.b####.com:80
  • TCP(HTTP/1.1) map####.y####.com.cn:80
  • TCP(HTTP/1.1) si####.jom####.com:80
  • TCP(HTTP/1.1) js.pass####.qih####.com:80
  • TCP(HTTP/1.1) m.d####.com:80
  • TCP(HTTP/1.1) s.un####.com:80
  • TCP(HTTP/1.1) a####.u####.com:80
  • TCP(HTTP/1.1) s.c####.b####.com:80
  • TCP(HTTP/1.1) gg####.2####.com.####.net:80
  • TCP(HTTP/1.1) i4.w####.com:80
  • TCP(HTTP/1.1) em.b####.com:80
  • TCP(TLS/1.0) 2####.58.212.174:443
  • TCP(TLS/1.0) mobads-####.b####.com:443
  • TCP(TLS/1.0) ss0.bdst####.com:443
  • TCP(TLS/1.0) dup.baidust####.com:443
  • TCP(TLS/1.0) mbd.n.sh####.com:443
  • TCP(TLS/1.0) c####.baidust####.com:443
  • TCP(TLS/1.0) wap.n.sh####.com:443
  • TCP(TLS/1.0) c####.b####.com:443
  • TCP(TLS/1.0) t####.jom####.com:443
  • TCP(TLS/1.0) ch####.jom####.com:443
  • TCP(TLS/1.0) www.a.sh####.com:443
  • TCP(TLS/1.0) pos.b####.com:443
  • TCP(TLS/1.0) d####.zuoyexi####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) ss2.b####.com:443
  • TCP(TLS/1.0) ss0.b####.com:443
  • TCP(TLS/1.0) g####.bdst####.com:443
  • TCP(TLS/1.0) si####.jom####.com:443
  • TCP(TLS/1.0) cambria####.cdn.bc####.####.com:443
DNS requests:
  • a####.u####.com
  • api.s####.b####.com
  • c####.b####.com
  • c####.b####.com
  • c####.baidust####.com
  • c####.baidust####.com
  • cambria####.cdn.bc####.com
  • cm.miao####.atm.####.com
  • cm.pos.b####.com
  • d####.zuoyexi####.com
  • dup.baidust####.com
  • ec####.b####.com
  • em.b####.com
  • ext.b####.com
  • f10.b####.com
  • f11.b####.com
  • f12.b####.com
  • g####.bdst####.com
  • gg####.2####.com
  • ggse####.2####.com
  • hm.b####.com
  • i####.2####.com
  • i4.w####.com
  • js.pass####.qih####.com
  • m.b####.com
  • m.d####.com
  • m.gho####.com
  • map####.y####.com.cn
  • mo####.b####.com
  • mobads-####.b####.com
  • p####.zhanz####.b####.com
  • pos.b####.com
  • s.3####.cn
  • s.bdst####.com
  • s.c####.b####.com
  • s.un####.com
  • s8.q####.com
  • sp0.b####.com
  • sp1.b####.com
  • ss0.b####.com
  • ss0.bdst####.com
  • ss1.b####.com
  • ss2.b####.com
  • ss3.b####.com
  • t.go.s####.com
  • t11.b####.com
  • t12.b####.com
  • t9.b####.com
  • ti####.b####.com
  • un####.50####.org
  • wc.find####.cc
  • wn.pos.b####.com
  • www.2####.com
  • www.gho####.com
HTTP GET requests:
  • aserver####.m.ta####.com/cm.gif?dspid=####
  • c####.baidust####.com/cpro/expire/time2.js
  • c####.baidust####.com/cpro/ui/cm.js
  • c####.baidust####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
  • c####.baidust####.com/cpro/ui/pr.js
  • c####.baidust####.com/sync.htm?cproid=####
  • cm.pos.b####.com/pixel?dspid=####
  • cm.pos.b####.com/pixel?sspid=####&local_cookie=####&ver=####&ext=####
  • cm.pos.b####.com/youku?mzid=####
  • em.b####.com/pixel?media_sign=####&media_site=####
  • gd.a.s####.com/cm.gif?ver=####&mid=####&uid=####
  • gg####.2####.com.####.net/bvzdlc.js
  • gg####.2####.com.####.net/jewnmnmfn.js
  • gg####.2####.com.####.net/jewnmnmgk.js
  • gg####.2####.com.####.net/kfxononho.js
  • gg####.2####.com.####.net/lgypopoop.js
  • gg####.2####.com.####.net/mhzqpqpid.js
  • gg####.2####.com.####.net/niarqrqhh.js
  • gg####.2####.com.####.net/ojbsrsrik.js
  • gg####.2####.com.####.net/ojbsrsrlg.js
  • ggse####.2####.com.####.net/dgbxfpf?gdh=####&vhc=####&ch=####&kst=####&z...
  • ggse####.2####.com.####.net/eranun?gdh=####&vhc=####&ch=####&kst=####&ch...
  • ggse####.2####.com.####.net/m.html?mediaid=####&cookie_version=####&time...
  • ggse####.2####.com.####.net/mlbq/bdg?c=####
  • ggse####.2####.com.####.net/mlbq/em?c=####
  • hm.b####.com/hm.gif?si=####&et=####&nv=####&st=####&lt=####&su=####&v=##...
  • hm.b####.com/hm.gif?si=####&et=####&nv=####&st=####&lt=####&v=####&rnd=#...
  • hm.b####.com/hm.gif?si=####&et=####&nv=####&st=####&su=####&v=####&rnd=#...
  • hm.b####.com/hm.gif?si=2b82abe1ac836ebe765eb9c81c8db1cf&et=0&nv=1&st=3&s...
  • hm.b####.com/hm.js?4aa2af3####
  • i####.2####.com/appsimg
  • i####.2####.com/duoteimg/css/qqzt/m/global.css
  • i####.2####.com/duoteimg/css/qqzt/m/home.css
  • i####.2####.com/duoteimg/images/m/top_ad.png
  • i####.2####.com/duoteimg/images/qqzt/m/icon90-s21b858e716.png
  • i####.2####.com/duoteimg/js/baidu_js_push.js
  • i####.2####.com/duoteimg/js/interface/googletj.js
  • i####.2####.com/duoteimg/js/qqzt/m/common.js
  • i####.2####.com/duoteimg/js/qqzt/m/zepto.js
  • i####.2####.com/duoteimg/softImg/soft/19/1477653262_65.jpg
  • i####.2####.com/duoteimg/softImg/soft/23/1474526212_96.png
  • i####.2####.com/duoteimg/softImg/soft/45/1524452713_67.png
  • i####.2####.com/duoteimg/techImg/201702/duote_14_13-13-09.jpg
  • i####.2####.com/duoteimg/techImg/201702/duote_14_13-13-53.jpg
  • i####.2####.com/duoteimg/techImg/201702/duote_14_13-14-42.jpg
  • i####.2####.com/duoteimg/techImg/201702/duote_14_13-16-33.jpg
  • i####.2####.com/duoteimg/techImg/201702/duote_14_13-17-26.jpg
  • i####.2####.com/zhushouimg/img/logo/102/68102/0853373980.png
  • i####.2####.com/zhushouimg/img/logo/209/23209/0805054970.png
  • i####.2####.com/zhushouimg/img/logo/327/49327_1447145662.png
  • i####.2####.com/zhushouimg/img/logo/386/54386/1800211380.png
  • i####.2####.com/zhushouimg/img/logo/441/45441_1487066352.png
  • i####.2####.com/zhushouimg/img/logo/441/45441_1487066352.png?148706####
  • i####.2####.com/zhushouimg/img/logo/519/102519/1712564350.png
  • i####.2####.com/zhushouimg/img/logo/533/102533/0946299460.jpg
  • i####.2####.com/zhushouimg/img/logo/533/102533_1485049647.png?148504####
  • i####.2####.com/zhushouimg/img/logo/60/78160/1111107700.png
  • i####.2####.com/zhushouimg/img/logo/645/174645_1459851070.png?145985####
  • i####.2####.com/zhushouimg/img/logo/690/30690/1105056520.png
  • i####.2####.com/zhushouimg/img/logo/736/63736_1487814185.png?148781####
  • i####.2####.com/zhushouimg/img/logo/736/63736_1519866228.png?151986####
  • i####.2####.com/zhushouimg/img/logo/795/33795/1803004600.png
  • i####.2####.com/zhushouimg/img/logo/83/78183/1816342270.png
  • i####.2####.com/zhushouimg/img/logo/990/990/0859364770.jpg
  • i####.2####.com/zhushouimg/img/logo/990/990/0921022380.jpg
  • i4.w####.com/item/1508/21/55d6af11a5296_wx.jpg
  • js.pass####.qih####.com/11.0.1.js?5e46ee7####
  • m.d####.com/assets/css/qqzt/m/fenzu.css?_vtim=####
  • m.d####.com/assets/css/qqzt/m/global.css?_vtim=####
  • m.d####.com/assets/css/qqzt/m/swiper.min.css
  • m.d####.com/assets/css/qqzt/m/touxiang.css?_vtim=####
  • m.d####.com/assets/js/clickDownAjax3.min.js
  • m.d####.com/assets/js/clickDownAjax3.min.js}}
  • m.d####.com/assets/js/m/view_inside.js
  • m.d####.com/assets/js/qqzt/m/sildeFocusPlugin.js?_vtim=####
  • m.d####.com/assets/js/qqzt/m/swiper.min.js
  • m.d####.com/qqfenzu/
  • m.d####.com/qqfenzu/61318.html
  • m.d####.com/qqfenzu/qinglu.html
  • m.d####.com/qqfenzu/shanggan.html
  • m.d####.com/qqhot/
  • m.d####.com/qqtouxiang/
  • m.d####.com/qqtouxiang/77763.html
  • m.d####.com/qqtupian/images/qqzt/logo-v.png
  • m.d####.com/qqtupian/qqTxImg/1408598471_80.jpg
  • m.d####.com/qqtupian/qqTxImg/1467281637_54.jpg
  • m.d####.com/qqtupian/qqTxImg/1488358287_91.jpg
  • m.d####.com/qqtupian/qqTxImg/1488422614_62.jpg
  • m.d####.com/qqtupian/qqTxImg/1488422734_37.jpg
  • m.d####.com/qqtupian/qqTxImg/1488422821_96.jpg
  • m.d####.com/qqtupian/qqTxImg/1488422855_93.jpg
  • m.d####.com/qqtupian/qqTxImg/2/0bfc8630b733285c505df073ef49c11d.jpg
  • m.d####.com/qqtupian/qqTxImg/2013/04/22/13667716330.jpg
  • m.d####.com/qqtupian/techImg/201704/duote_30_06-19-52.jpg
  • m.d####.com/qqtupian/techImg/201704/duote_30_06-20-44.jpg
  • m.d####.com/qqtupian/techImg/201704/duote_30_06-20-56.jpg
  • m.d####.com/qqtupian/techImg/201704/duote_30_06-22-53.jpg
  • m.d####.com/qqtupian/techImg/201704/duote_30_06-23-11.jpg
  • m.d####.com/qqtupian/techImg/201704/duote_30_06-23-21.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/06/29/1498667543322.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/06/29/1498668079366.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/06/30/1498753988850.png
  • m.d####.com/qqtupian/zixunImg/local/2017/06/30/1498754297314.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/06/30/1498754332213.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/06/30/1498754415973.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/06/30/1498754463458.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013089340.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013090308.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013091227.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013092852.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013093413.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013094291.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013095413.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013096818.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013097849.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013098738.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013099793.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013100339.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013102758.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499013103664.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/03/1499014057558.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/07/27/1501087008357.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/08/02/150160517374.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/09/14/15053571883285.png
  • m.d####.com/qqtupian/zixunImg/local/2017/09/18/15057042117037.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/09/27/15064805896477.jpg
  • m.d####.com/qqtupian/zixunImg/local/2017/12/05/15124511615268.jpg
  • m.d####.com/qqtupian/zixunImg/local/2018/01/02/15148746435392.jpg
  • map####.y####.com.cn/s/mapping/?baidu_error=####&timestamp=####
  • mo####.b####.com/ads/ads.appcache
  • mo####.b####.com/ads/css/min/main.css
  • mo####.b####.com/ads/index.htm
  • mo####.b####.com/ads/js/ads.trunk.js
  • mo####.b####.com/ads/js/c.js
  • mo####.b####.com/ads/pa/__pasys.apk
  • mo####.b####.com/ads/pa/__pasys.php
  • mo####.b####.com/ads/pa/__pasys_remote_banner.jar
  • mo####.b####.com/ads/pa/__pasys_remote_banner.php?v=####&tp=####&os=####...
  • mo####.b####.com/cpro/ui/mads.php?code2=####&b1525572573750=####
  • mo####.b####.com/cpro/ui/mads.php?code2=####&b1525572604099=####
  • pos.b####.com/fclm?di=####&dri=####&dis=####&dai=####&ps=####&enu=####&d...
  • pos.b####.com/s?hei=100&wid=414&di=u3191991&ltu=http://www.2345.com/wmlv...
  • pos.b####.com/s?hei=125&wid=414&di=u3191980&ltu=http://www.2345.com/wmlv...
  • pos.b####.com/s?hei=230&wid=414&di=u3191967&ltu=http://www.2345.com/wmlv...
  • pos.b####.com/s?hei=249&wid=414&di=u3191985&ltu=http://www.2345.com/wmlv...
  • pos.b####.com/s?hei=42&wid=414&di=u3191981&ltu=http://www.2345.com/wmlvy...
  • pos.b####.com/s?hei=63&wid=414&di=u3191966&ltu=http://www.2345.com/wmlvy...
  • pos.b####.com/s?hei=70&wid=414&di=u3191971&ltu=http://www.2345.com/wmlvy...
  • pos.b####.com/s?hei=80&wid=414&di=u3191974&ltu=http://www.2345.com/wmlvy...
  • pos.b####.com/sync_pos.htm?cproid=####
  • pos.b####.com/sync_pos.htm?cproid=####&t=####
  • s####.jom####.com/push.js
  • s####.jom####.com/s.gif?r=####&l=####
  • s.3####.cn/so/zz.gif?url=####&sid=####&token=####
  • s.c####.b####.com/s.htm?cproid=####&t=####
  • s8.q####.com/static/ab77b6ea7f3fbf79.js
  • si####.jom####.com/it/u=1009855213,1309102982&fm=76
  • si####.jom####.com/it/u=1093256568,3222516913&fm=76
  • si####.jom####.com/it/u=1128731,1946245551&fm=76
  • si####.jom####.com/it/u=1215462276,222977235&fm=76
  • si####.jom####.com/it/u=1427648914,1616939950&fm=76
  • si####.jom####.com/it/u=145486076,4125360639&fm=76
  • si####.jom####.com/it/u=1623924059,2572797564&fm=76
  • si####.jom####.com/it/u=2382476851,3907509204&fm=76
  • si####.jom####.com/it/u=270731245,4132842335&fm=76
  • si####.jom####.com/it/u=298150342,2244281372&fm=76
  • si####.jom####.com/it/u=310430596,1718297552&fm=76
  • si####.jom####.com/it/u=3178021051,3590130913&fm=76
  • si####.jom####.com/it/u=3280280684,3595811120&fm=76
  • si####.jom####.com/it/u=339992906,3121063281&fm=76
  • si####.jom####.com/it/u=3409019002,3768345488&fm=76
  • si####.jom####.com/it/u=3579939806,3905522705&fm=76
  • si####.jom####.com/it/u=3606463135,3924348194&fm=76
  • si####.jom####.com/it/u=3609535856,4134694241&fm=76
  • si####.jom####.com/it/u=361369288,3328287106&fm=76
  • si####.jom####.com/it/u=3827600797,658374964&fm=76
  • si####.jom####.com/it/u=3845021669,3837824368&fm=76
  • si####.jom####.com/it/u=3896866955,4048995204&fm=76
  • si####.jom####.com/it/u=3993547036,812737853&fm=76
  • si####.jom####.com/it/u=4033504357,3963916803&fm=76
  • si####.jom####.com/it/u=4039932086,4200631450&fm=76
  • si####.jom####.com/it/u=410054634,2181761146&fm=76
  • si####.jom####.com/it/u=4152773564,218954384&fm=76
  • si####.jom####.com/it/u=4186380538,4137924750&fm=76
  • si####.jom####.com/it/u=4227726776,4266894164&fm=76
  • si####.jom####.com/it/u=449110377,2198935438&fm=76
  • si####.jom####.com/it/u=496607051,3444542821&fm=76
  • si####.jom####.com/it/u=509827831,3061346639&fm=76
  • si####.jom####.com/it/u=516125518,956644989&fm=76
  • si####.jom####.com/it/u=615814197,4109253156&fm=76
  • si####.jom####.com/it/u=787429698,2521929105&fm=76
  • si####.jom####.com/it/u=900007534,1149963132&fm=76
  • si####.jom####.com/it/u=980188043,2499827922&fm=76
  • wc.find####.cc.####.com/2011/rio.jar
  • wn.pos.b####.com/adx.php?c=####
  • www.2####.com/wmlvy/m/baidu_u3191966.html?tid=####
  • www.2####.com/wmlvy/m/baidu_u3191967.html?tid=####
  • www.2####.com/wmlvy/m/baidu_u3191971.html?tid=####
  • www.2####.com/wmlvy/m/baidu_u3191974.html?tid=####
  • www.2####.com/wmlvy/m/baidu_u3191980.html?tid=####
  • www.2####.com/wmlvy/m/baidu_u3191981.html?tid=####
  • www.2####.com/wmlvy/m/baidu_u3191985.html?tid=####
  • www.2####.com/wmlvy/m/baidu_u3191991.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191966.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191967.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191971.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191974.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191980.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191981.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191985.html?tid=####
  • www.2####.com/wmlvy/m/page_u3191991.html?tid=####
HTTP POST requests:
  • a####.u####.com/app_logs
  • s.un####.com/cw/cp.action?requestId=####&g=####
  • s.un####.com/cw/interface!u2.action?protocol=####&version=####
Modified file system:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/ApplicationCache.db-journal
  • /data/data/####/CachedGeoposition.db
  • /data/data/####/CachedGeoposition.db-journal
  • /data/data/####/W_Key.xml
  • /data/data/####/WebViewSettings.xml
  • /data/data/####/__pasys.apk.beforesign.tm
  • /data/data/####/__pasys_remote_banner.jar.beforesign.tm
  • /data/data/####/__pasys_remote_banner.tmp.jar
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/downloadswc
  • /data/data/####/downloadswc-journal
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/f_000003
  • /data/data/####/f_000004
  • /data/data/####/f_000005
  • /data/data/####/f_000006
  • /data/data/####/f_000007
  • /data/data/####/f_000008
  • /data/data/####/f_000009
  • /data/data/####/f_00000a
  • /data/data/####/f_00000b
  • /data/data/####/f_00000c
  • /data/data/####/f_00000d
  • /data/data/####/f_00000e
  • /data/data/####/f_00000f
  • /data/data/####/f_000010
  • /data/data/####/f_000011
  • /data/data/####/f_000012
  • /data/data/####/f_000013
  • /data/data/####/f_000014
  • /data/data/####/f_000015
  • /data/data/####/f_000016
  • /data/data/####/f_000017
  • /data/data/####/f_000018
  • /data/data/####/f_000019
  • /data/data/####/f_00001a
  • /data/data/####/f_00001b
  • /data/data/####/f_00001c
  • /data/data/####/f_00001d
  • /data/data/####/f_00001e
  • /data/data/####/f_00001f
  • /data/data/####/f_000020
  • /data/data/####/f_000021
  • /data/data/####/f_000022
  • /data/data/####/f_000023
  • /data/data/####/f_000024
  • /data/data/####/f_000025
  • /data/data/####/f_000026
  • /data/data/####/f_000027
  • /data/data/####/f_000028
  • /data/data/####/f_000029
  • /data/data/####/f_00002a
  • /data/data/####/f_00002b
  • /data/data/####/f_00002c
  • /data/data/####/f_00002d
  • /data/data/####/f_00002e
  • /data/data/####/f_00002f
  • /data/data/####/f_000030
  • /data/data/####/f_000031
  • /data/data/####/f_000032
  • /data/data/####/f_000033
  • /data/data/####/f_000034
  • /data/data/####/f_000035
  • /data/data/####/f_000036
  • /data/data/####/f_000037
  • /data/data/####/f_000038
  • /data/data/####/f_000039
  • /data/data/####/f_00003a
  • /data/data/####/f_00003b
  • /data/data/####/f_00003c
  • /data/data/####/f_00003d
  • /data/data/####/f_00003e
  • /data/data/####/f_00003f
  • /data/data/####/f_000040
  • /data/data/####/f_000041
  • /data/data/####/f_000042
  • /data/data/####/f_000043
  • /data/data/####/http_m.ghost64.com_0.localstorage-journal
  • /data/data/####/http_mobads.baidu.com_0.localstorage-journal
  • /data/data/####/https_m.baidu.com_0.localstorage-journal
  • /data/data/####/index
  • /data/data/####/mobclick_agent_online_setting_com.moon.hao4.mh346.xml
  • /data/data/####/st.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/media/####/3.6_rio.jar.tmp
  • /data/media/####/assetstime.dat
Miscellaneous:
Loads the following dynamic libraries:
  • ke
Uses the following algorithms to decrypt data:
  • RSA-ECB-PKCS1Padding
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Displays its own windows over windows of other applications.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android