ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.Siggen.8140

Added to the Dr.Web virus database: 2018-06-20

Virus description added:

Technical information

Malicious functions:
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) mo####.zhu####.s####.com:80
  • TCP(HTTP/1.1) d####.zhu####.s####.com:80
  • TCP(HTTP/1.1) wap.n.sh####.com:80
  • TCP(HTTP/1.1) get.s####.com:80
  • TCP(HTTP/1.1) down####.zhu####.s####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) www.appc####.com:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) de####.ping####.zhu####.####.com:80
  • TCP(HTTP/1.1) a####.b####.qq.com:8011
  • TCP(HTTP/1.1) thi####.q####.cn:80
  • TCP(HTTP/1.1) hotg####.jom####.com:80
  • TCP(HTTP/1.1) i####.sogo####.com.####.com:80
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) mo####.zhu####.s####.com:443
  • TCP ope####.m.ta####.com:443
  • TCP umengj####.m.ta####.com:80
DNS requests:
  • a####.b####.qq.com
  • a.g####.b####.com
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • and####.b####.qq.com
  • d####.zhu####.s####.com
  • de####.ping####.zhu####.####.com
  • down####.zhu####.s####.com
  • get.s####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • img.sogo####.com
  • m.b####.com
  • mo####.zhu####.s####.com
  • msg.umengc####.com
  • p####.s####.com
  • q.q####.cn
  • thi####.q####.cn
  • thi####.q####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • www.appc####.com
  • www.d.appc####.com
  • wx.q####.cn
HTTP GET requests:
  • d####.zhu####.s####.com/misc/root/gets.html?key=####&ret=####&uid=####&v...
  • de####.ping####.zhu####.####.com/?_dv=####&_di=kUr####&_dc=8jO####
  • down####.zhu####.s####.####.com/focusimage/14/d9/14d99d9850ea187ef59822e...
  • down####.zhu####.s####.####.com/focusimage/3a/f2/3af22b914b0b7ca32855d40...
  • hotg####.jom####.com/data/wisegame/f860378f87c2fa7c/jijiaqi_210.apk?from...
  • i####.sogo####.com.####.com/app/a/100540008/0068ca66dcac22291a96cc6b9e9e...
  • i####.sogo####.com.####.com/app/a/100540008/03b684a781a880b6e6f24595842d...
  • i####.sogo####.com.####.com/app/a/100540008/14d897bf9ae2a04e35c6c3a4e25d...
  • i####.sogo####.com.####.com/app/a/100540008/26630396ff3f9a06bcf5b8e333f8...
  • i####.sogo####.com.####.com/app/a/100540008/28585bed94c81dbd47144ceabdd4...
  • i####.sogo####.com.####.com/app/a/100540008/34224090419eb89b8574381e2bcc...
  • i####.sogo####.com.####.com/app/a/100540008/39c141fa0caca68a18632be83a44...
  • i####.sogo####.com.####.com/app/a/100540008/48492bc8ce3f016d0a99fc2a58a9...
  • i####.sogo####.com.####.com/app/a/100540008/4888616af8568bdff49f9619d891...
  • i####.sogo####.com.####.com/app/a/100540008/4dd32e961858604c5ec533f2a6df...
  • i####.sogo####.com.####.com/app/a/100540008/52f24bf3b02b8b454f95860d8e00...
  • i####.sogo####.com.####.com/app/a/100540008/5c104db52fa67016190549ac7231...
  • i####.sogo####.com.####.com/app/a/100540008/5ca626f0aaacaf485b239f7e92a3...
  • i####.sogo####.com.####.com/app/a/100540008/6c46caf06ff6862f20f63001a39d...
  • i####.sogo####.com.####.com/app/a/100540008/6d0bbf605a03f67673dbb4ffe3ce...
  • i####.sogo####.com.####.com/app/a/100540008/725aea4b93836bd17c24507b0b5e...
  • i####.sogo####.com.####.com/app/a/100540008/74edfc2b29924ebd9c951b4f9479...
  • i####.sogo####.com.####.com/app/a/100540008/7b0c7616cc599eb705a7607a4128...
  • i####.sogo####.com.####.com/app/a/100540008/84ffb22faf2c58b23f59603e2a92...
  • i####.sogo####.com.####.com/app/a/100540008/86a232c9961dc79354fa76295492...
  • i####.sogo####.com.####.com/app/a/100540008/903e11cb4436fc27961dd567f3a6...
  • i####.sogo####.com.####.com/app/a/100540008/904e26929739dec84b6cb93fdae4...
  • i####.sogo####.com.####.com/app/a/100540008/97c5218385560e23b1baba495724...
  • i####.sogo####.com.####.com/app/a/100540008/9df288662d1b913c40f7285fbca9...
  • i####.sogo####.com.####.com/app/a/100540008/9e517b0ec8e327bfc5c567d25101...
  • i####.sogo####.com.####.com/app/a/100540008/9e8ab83713074c205b2b93e21781...
  • i####.sogo####.com.####.com/app/a/100540008/a05dd6ef48d0afc7d5a492971689...
  • i####.sogo####.com.####.com/app/a/100540008/a4505bdc37aa05b36d84c3f92bbe...
  • i####.sogo####.com.####.com/app/a/100540008/a616ea3e789c811a229e434376c2...
  • i####.sogo####.com.####.com/app/a/100540008/b72b0f5358904175d69d939dc95f...
  • i####.sogo####.com.####.com/app/a/100540008/b7de7d257ee6479cfa0f66b6d87e...
  • i####.sogo####.com.####.com/app/a/100540008/c142d481cf31d14d868eb1032395...
  • i####.sogo####.com.####.com/app/a/100540008/dd6534ff237e666447e5485997aa...
  • i####.sogo####.com.####.com/app/a/100540008/e387e5923256e9d53cb1fa15f8df...
  • i####.sogo####.com.####.com/app/a/100540008/eb7ccd14d7a414526c8dfbab14e2...
  • i####.sogo####.com.####.com/app/a/100540008/f5667f298647dce3f2dfc80836ab...
  • i####.sogo####.com.####.com/app/a/100540008/ffeb069b3889043a7c6c9a916ee3...
  • i####.sogo####.com.####.com/app/a/100540014/15d58e67d13b23deb0fc05fab208...
  • i####.sogo####.com.####.com/app/a/100540014/4c677b7e9625ebce11384592a7b5...
  • i####.sogo####.com.####.com/app/a/100540014/4f2cfd380f00101d8a7e330af261...
  • i####.sogo####.com.####.com/app/a/100540014/60262970e2d894c6902d940beb8a...
  • i####.sogo####.com.####.com/app/a/100540014/6943adc814c196cdce6b5f3ec04f...
  • i####.sogo####.com.####.com/app/a/100540014/6b6fc046b3a44f3bf95247cea059...
  • i####.sogo####.com.####.com/app/a/100540014/6dc7088e37da0a695427b3459979...
  • i####.sogo####.com.####.com/app/a/100540014/7276a3ea4c3bdd5816bc9fe428ee...
  • i####.sogo####.com.####.com/app/a/100540014/7a0112ff75ce3ade3f276466bb3d...
  • i####.sogo####.com.####.com/app/a/100540014/82f874e676d3542cf2451fccc4eb...
  • i####.sogo####.com.####.com/app/a/100540014/866872a5da4678a92ae37f138199...
  • i####.sogo####.com.####.com/app/a/100540014/8f477ddf80ca65a81ccdcd06f378...
  • i####.sogo####.com.####.com/app/a/100540014/93d2b7a4c03e5ddc91c52d9d29fd...
  • i####.sogo####.com.####.com/app/a/100540014/a1bc3a9802644b2782388e7c3d57...
  • i####.sogo####.com.####.com/app/a/100540014/a5b30ed0472c02b80d38a6388d7b...
  • i####.sogo####.com.####.com/app/a/100540014/c5740b160ac01a8edd1b30981152...
  • i####.sogo####.com.####.com/app/a/100540014/e2f96bdcb0712e31be380398d580...
  • i####.sogo####.com.####.com/app/a/100540014/ff86d308fa89c48300778cbee54a...
  • i####.sogo####.com.####.com/app/a/100540020/060de5a5a949f4dc10c9ed6ae5cf...
  • i####.sogo####.com.####.com/app/a/100540020/14c0e2358dea346075bdd1e8c5de...
  • i####.sogo####.com.####.com/app/a/100540020/14d897bf9ae2a04e35c6c3a4e25d...
  • i####.sogo####.com.####.com/app/a/100540020/176776ec11b54e2f8e4567a753dd...
  • i####.sogo####.com.####.com/app/a/100540020/1820a1002894cb1f0605ba58ec11...
  • i####.sogo####.com.####.com/app/a/100540020/1990250e2665883e86d2ace5e57e...
  • i####.sogo####.com.####.com/app/a/100540020/1fcd9002051819ae5a8af815a96d...
  • i####.sogo####.com.####.com/app/a/100540020/2db830a7b68dd8d084a017575c6b...
  • i####.sogo####.com.####.com/app/a/100540020/2ec8e3070ca68e4ab3b52156db6c...
  • i####.sogo####.com.####.com/app/a/100540020/315d54a83e17b6ae71b66916587b...
  • i####.sogo####.com.####.com/app/a/100540020/31da285c6dd88c3da4f9d55a3053...
  • i####.sogo####.com.####.com/app/a/100540020/32eb50a82f5fd30ee147d00efc5e...
  • i####.sogo####.com.####.com/app/a/100540020/3448ab2e934a77f0eaeb4544101e...
  • i####.sogo####.com.####.com/app/a/100540020/3456b4e287f1af7e3c031045bcf4...
  • i####.sogo####.com.####.com/app/a/100540020/353b96050970c398fa75b681067e...
  • i####.sogo####.com.####.com/app/a/100540020/37044c16e39a7ccc491dbb8beaba...
  • i####.sogo####.com.####.com/app/a/100540020/3b1b55c202cb21e898180b1c9b8a...
  • i####.sogo####.com.####.com/app/a/100540020/46f6a455f35c448657028c5cc134...
  • i####.sogo####.com.####.com/app/a/100540020/4888616af8568bdff49f9619d891...
  • i####.sogo####.com.####.com/app/a/100540020/48d2d10a26200a5fa2ee295e6fe5...
  • i####.sogo####.com.####.com/app/a/100540020/574bd3967a88aedbc64eb608cd16...
  • i####.sogo####.com.####.com/app/a/100540020/5ef207d552f8390f703422270356...
  • i####.sogo####.com.####.com/app/a/100540020/811a686011e10ebbdd8006fdf553...
  • i####.sogo####.com.####.com/app/a/100540020/84ffb22faf2c58b23f59603e2a92...
  • i####.sogo####.com.####.com/app/a/100540020/8fba00e988b7ccdd29d96d69640d...
  • i####.sogo####.com.####.com/app/a/100540020/9761c4464867446562249b1582d2...
  • i####.sogo####.com.####.com/app/a/100540020/a7c7eddb046d9ff6359e7c2608e2...
  • i####.sogo####.com.####.com/app/a/100540020/aa3790278fa3d795eb344b72fe61...
  • i####.sogo####.com.####.com/app/a/100540020/b29f7a50035c2400f0923d0a9b5e...
  • i####.sogo####.com.####.com/app/a/100540020/b5ac76942287a815d5323d46d3de...
  • i####.sogo####.com.####.com/app/a/100540020/b5d7bc2bdb20e968497b0aec9e56...
  • i####.sogo####.com.####.com/app/a/100540020/b6ba71e7d8e52a4218cf8ee4caa8...
  • i####.sogo####.com.####.com/app/a/100540020/be76fd24a72df0cc9d3b79e83c48...
  • i####.sogo####.com.####.com/app/a/100540020/bf0a1e8ec77dff2b80212860e4ea...
  • i####.sogo####.com.####.com/app/a/100540020/cbbdacacb18b3c1c9ab002554618...
  • i####.sogo####.com.####.com/app/a/100540020/d7fee2977ac63b10de6e5d9fba28...
  • i####.sogo####.com.####.com/app/a/100540020/da50f25af4b34e9c0fbdd10acb90...
  • i####.sogo####.com.####.com/app/a/100540020/dc8386bf591cbd6b2d019eae55fa...
  • i####.sogo####.com.####.com/app/a/100540020/e0f31f91c756da7674c96e65117c...
  • i####.sogo####.com.####.com/app/a/100540020/e30c2f8ea491bff794a819ea63e0...
  • i####.sogo####.com.####.com/app/a/100540020/e387e5923256e9d53cb1fa15f8df...
  • i####.sogo####.com.####.com/app/a/100540020/e44d222390a7c40fad400a4d6697...
  • i####.sogo####.com.####.com/app/a/100540020/f5667f298647dce3f2dfc80836ab...
  • i####.sogo####.com.####.com/app/a/100540020/f6cf01a9b8f7197a1460f775a1a2...
  • i####.sogo####.com.####.com/app/a/100540020/f8b70d26484efac8bc1466dc739c...
  • i####.sogo####.com.####.com/app/a/11220004/0a9b038f6064ae2ec3f2c5e07973b...
  • i####.sogo####.com.####.com/app/a/11220004/0ec879811bb1842310a5f83932199...
  • i####.sogo####.com.####.com/app/a/11220004/109767dac36e0e7aba8a888dbe934...
  • i####.sogo####.com.####.com/app/a/11220004/19df7e2df0d398bf1c3f93a0f403d...
  • i####.sogo####.com.####.com/app/a/11220004/24f52cadc3153f1be29bae730f863...
  • i####.sogo####.com.####.com/app/a/11220004/2602ac30502e3b045fdef1841dd6c...
  • i####.sogo####.com.####.com/app/a/11220004/335fc1f924f82ce63a50eed2be117...
  • i####.sogo####.com.####.com/app/a/11220004/3df2f9478bac0ad8751ad0925e278...
  • i####.sogo####.com.####.com/app/a/11220004/447449bd8e21f4fea9c587f7a2bed...
  • i####.sogo####.com.####.com/app/a/11220004/47489a2b61f6939a292dfd6920b6f...
  • i####.sogo####.com.####.com/app/a/11220004/5a79e4efd20ec5b6790d07358cab9...
  • i####.sogo####.com.####.com/app/a/11220004/6b540beaecc2ed371138c3b7e58c9...
  • i####.sogo####.com.####.com/app/a/11220004/6fc67260d7772da2a84a02f593039...
  • i####.sogo####.com.####.com/app/a/11220004/71d0904f8f9aa79d2cddc6ce25bd8...
  • i####.sogo####.com.####.com/app/a/11220004/72ebb27a943285be1a73ae092a034...
  • i####.sogo####.com.####.com/app/a/11220004/73dd64e040fb2a27bc40e261bf523...
  • i####.sogo####.com.####.com/app/a/11220004/746a19b8088b265a60340ea988037...
  • i####.sogo####.com.####.com/app/a/11220004/9eda3fb37f24e255b9ae9e01d08b9...
  • i####.sogo####.com.####.com/app/a/11220004/a710a17557ccc0845567c9a68c819...
  • i####.sogo####.com.####.com/app/a/11220004/b930abbd5785a34f35db9e264cbcf...
  • i####.sogo####.com.####.com/app/a/11220004/bee4515b249bea7c67d768f27648b...
  • i####.sogo####.com.####.com/app/a/11220004/c331668e5e55d39018590f13c7a3f...
  • i####.sogo####.com.####.com/app/a/11220004/d2fb5fb271dfe83344029579eb96d...
  • i####.sogo####.com.####.com/app/a/11220004/d3ab12f0c19790b7382490c626eb7...
  • i####.sogo####.com.####.com/app/a/11220004/e353f4bbc6d12b0e51fc9cf8072e9...
  • i####.sogo####.com.####.com/app/a/11220004/e378f6c5e9c4bfa6fd68a022fe19f...
  • i####.sogo####.com.####.com/app/a/11220004/e5ce8cee0a868c33e5de07cad8f80...
  • mo####.zhu####.s####.com/android/app/getcomment.html?iv=####&appid=####&...
  • mo####.zhu####.s####.com/android/checkjarupdate.html?uid=####&vn=####&ch...
  • mo####.zhu####.s####.com/android/config/device.html?iv=####&uid=####&vn=...
  • mo####.zhu####.s####.com/android/config/device_entry.html?iv=####&rom=##...
  • mo####.zhu####.s####.com/android/downbind.html?iv=####&etoken=####&token...
  • mo####.zhu####.s####.com/android/download.html?app_id=####&sogouid=####&...
  • mo####.zhu####.s####.com/android/folder/ads/link.html?iv=####&type=####&...
  • mo####.zhu####.s####.com/android/list/relation.html?s=####&iv=####&l=###...
  • mo####.zhu####.s####.com/android/nav/config.html?iv=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/android/news/channel.html?&uid=####&vn=####&cha...
  • mo####.zhu####.s####.com/android/notify.html?uid=####&vn=####&channel=##...
  • mo####.zhu####.s####.com/android/popup.html?iv=####&gid=####&dpi=####&ui...
  • mo####.zhu####.s####.com/android/residentRec.html?iv=####&uid=####&vn=##...
  • mo####.zhu####.s####.com/android/serverconfig.html?iv=####&mf=####&on=##...
  • mo####.zhu####.s####.com/android/sosodetail.html?iv=####&sosoid=####&uid...
  • mo####.zhu####.s####.com/android/temp_consult.html?id=####&web_sign=####...
  • mo####.zhu####.s####.com/android/weather.html?iv=####&bts=####&type=####...
  • mo####.zhu####.s####.com/m/appDetail.html?id=####&iv=####&imei=####&uid=...
  • mo####.zhu####.s####.com/m/author.html?l=####&aid=####&s=####&iv=####&q=...
  • mo####.zhu####.s####.com/m/focus.html?iv=####&tid=####&uid=####&vn=####&...
  • mo####.zhu####.s####.com/m/install.html?iv=####&is_first=####&uid=####&v...
  • mo####.zhu####.s####.com/m/likeApp.html?iv=####&tid=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/m/recommend.html?s=####&token=####&iv=####&c=##...
  • mo####.zhu####.s####.com/views/css/common/common.css
  • mo####.zhu####.s####.com/views/css/common/reset.css
  • mo####.zhu####.s####.com/views/css/info/app.css
  • mo####.zhu####.s####.com/views/css/info/applist.css
  • mo####.zhu####.s####.com/views/css/info/main.css
  • mo####.zhu####.s####.com/views/css/info/top.css
  • mo####.zhu####.s####.com/views/js/components/button.js
  • mo####.zhu####.s####.com/views/js/components/smt.js
  • mo####.zhu####.s####.com/views/js/lib/kernel.js
  • mo####.zhu####.s####.com/views/js/lib/tool.js
  • mo####.zhu####.s####.com/views/js/main/info.js
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTI51cu6AvvQV8WHfj1AFXkBE9OhqNLdFf...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTIh35CvxVmuqUHcibTkdNcCXqgMke3jFB...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTJ1r236tm5y7Xhnvl6IFUiaMARLDjZwF4...
  • thi####.q####.cn/mmopen/vi_32/kke4KdF38tlokfTIl5HltBfQjq9jlTjfXeQDaUmfkw...
  • thi####.q####.cn/mmopen/vi_32/lNMEwZn9NVbn7QvUBPlIAGtG3TX5bOPbuibB0bmNns...
  • thi####.q####.cn/qqapp/100294784/9BE125E2A89D6ABF62FDB9E4D7D7D8A0/100
  • thi####.q####.cn/qqapp/100863168/577286F71D5ADDCD9CB0439E3B1A8B90/100
  • thi####.q####.cn/qqapp/100863168/89D8819CC09C717BE356B3FA9DCA18C9/100
  • thi####.q####.cn/qqapp/1106571904/CF6066304D94324413FF3630F348AE3A/100
  • wap.n.sh####.com/api?action=####&token=####&from=####&type=####&dltype=#...
  • www.appc####.com/McDonald/d/169849/cop.sougouzhushou.app_0/cn.com.taxime...
  • www.appc####.com/market/d/169849/cop.sougouzhushou.app_0/cn.com.taximete...
HTTP POST requests:
  • a####.b####.qq.com:8011/rqd/async
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • and####.b####.qq.com/rqd/async
  • get.s####.com/q
  • mo####.zhu####.s####.com/android/app/usercomment.html?iv=####&pn=####&an...
  • mo####.zhu####.s####.com/android/checkapptotal.html?iv=####&sdkversion=#...
  • mo####.zhu####.s####.com/android/checkupdate.html?andid=####
  • mo####.zhu####.s####.com/android/folder/game/type.html?iv=####&gid=####&...
  • mo####.zhu####.s####.com/android/loadscreen.html?dpi=####&iv=####&uid=##...
  • mo####.zhu####.s####.com/android/updateNotify.html?iv=####&dpi=####&sdkv...
Modified file system:
Creates the following files:
  • /data/data/####/-10306510441280852857
  • /data/data/####/-1190768890492341772
  • /data/data/####/-1197960752-644251315
  • /data/data/####/-1197960752450892387
  • /data/data/####/-1197960752617118911
  • /data/data/####/-1251145257-229208963
  • /data/data/####/-13198054051064523944
  • /data/data/####/-1378114929-229208963
  • /data/data/####/-1452697297-1236369671
  • /data/data/####/-1452697297-1361693672
  • /data/data/####/-1452697297-1379035111
  • /data/data/####/-1452697297-168084498
  • /data/data/####/-1452697297-436956667
  • /data/data/####/-1452697297-809623708
  • /data/data/####/-1452697297121949519
  • /data/data/####/-14526972971872240635
  • /data/data/####/-1530247445528233795
  • /data/data/####/-1578119070293357250
  • /data/data/####/-1590648336-359672192
  • /data/data/####/-1707433842-1346625572
  • /data/data/####/-1707433842-1767827933
  • /data/data/####/-17074338421079468431
  • /data/data/####/-17074338421165314101
  • /data/data/####/-17074338422083309928
  • /data/data/####/-1707433842669957691
  • /data/data/####/-1797733737-1575121738
  • /data/data/####/-1837679802492341772
  • /data/data/####/-18807099402142134689
  • /data/data/####/-1930141899-86873812
  • /data/data/####/-1962170387-1193513953
  • /data/data/####/-1962170387-205385787
  • /data/data/####/-19621703871505568740
  • /data/data/####/-1970197987517366812
  • /data/data/####/-20838339061203925972
  • /data/data/####/-2220572531064523944
  • /data/data/####/-303790805-1874656509
  • /data/data/####/-374938117-32449928
  • /data/data/####/-380173209-1921216489
  • /data/data/####/-41213387-229208963
  • /data/data/####/-508813057517366812
  • /data/data/####/-590472071-637542480
  • /data/data/####/-616505053-1545649557
  • /data/data/####/-6629457911064523944
  • /data/data/####/-716823398920767485
  • /data/data/####/-745582236492341772
  • /data/data/####/-7466876861679824962
  • /data/data/####/-772577585-229208963
  • /data/data/####/-919448848-1453250886
  • /data/data/####/-937525111280852857
  • /data/data/####/-9831457221901839562
  • /data/data/####/1067005471-1033204927
  • /data/data/####/1067005471-1083587637
  • /data/data/####/1067005471-1240467643
  • /data/data/####/1067005471-1389116703
  • /data/data/####/1067005471-1534107023
  • /data/data/####/1067005471-1790514171
  • /data/data/####/1067005471-1844977015
  • /data/data/####/1067005471-2089571649
  • /data/data/####/1067005471-456246585
  • /data/data/####/1067005471-719579862
  • /data/data/####/1067005471-872518344
  • /data/data/####/1067005471102769353
  • /data/data/####/10670054711133753237
  • /data/data/####/10670054711171054526
  • /data/data/####/10670054711243305188
  • /data/data/####/10670054711563466695
  • /data/data/####/10670054711765430144
  • /data/data/####/10670054711790031411
  • /data/data/####/10670054711842551603
  • /data/data/####/10670054711915990768
  • /data/data/####/10670054711936399975
  • /data/data/####/10670054711956257935
  • /data/data/####/1067005471529515316
  • /data/data/####/1067005471694887709
  • /data/data/####/106700547185011840
  • /data/data/####/1067005471902182357
  • /data/data/####/1067005471954697964
  • /data/data/####/1067005472-1036888241
  • /data/data/####/1067005472-1415349340
  • /data/data/####/1067005472-141588792
  • /data/data/####/1067005472-1778658601
  • /data/data/####/1067005472-1782717776
  • /data/data/####/1067005472-2034922943
  • /data/data/####/1067005472-2062802784
  • /data/data/####/1067005472-587439247
  • /data/data/####/1067005472-6866028
  • /data/data/####/1067005472-899873462
  • /data/data/####/1067005472-962026096
  • /data/data/####/10670054721318935708
  • /data/data/####/10670054721367765362
  • /data/data/####/10670054721627523885
  • /data/data/####/10670054721851759853
  • /data/data/####/10670054722025005944
  • /data/data/####/1067005472588496796
  • /data/data/####/1067005472680098826
  • /data/data/####/1067005473-1089387353
  • /data/data/####/1067005473-1110460763
  • /data/data/####/1067005473-1157354166
  • /data/data/####/1067005473-145725345
  • /data/data/####/1067005473-1486894892
  • /data/data/####/1067005473-1499063095
  • /data/data/####/1067005473-1578633896
  • /data/data/####/1067005473-161057428
  • /data/data/####/1067005473-1691817944
  • /data/data/####/1067005473-185016652
  • /data/data/####/1067005473-1900388280
  • /data/data/####/1067005473-1963597698
  • /data/data/####/1067005473-200084752
  • /data/data/####/1067005473-2008853155
  • /data/data/####/1067005473-273543014
  • /data/data/####/1067005473-418506060
  • /data/data/####/1067005473-429822535
  • /data/data/####/1067005473-542577999
  • /data/data/####/1067005473-748749139
  • /data/data/####/1067005473-792613927
  • /data/data/####/1067005473-817051133
  • /data/data/####/1067005473-826111623
  • /data/data/####/10670054731332569662
  • /data/data/####/10670054731385936591
  • /data/data/####/10670054731549527753
  • /data/data/####/10670054731696872702
  • /data/data/####/10670054731708697420
  • /data/data/####/10670054731831566611
  • /data/data/####/1067005473191976471
  • /data/data/####/10670054732049738313
  • /data/data/####/1067005473315506061
  • /data/data/####/1067005473351985212
  • /data/data/####/1067005473371684383
  • /data/data/####/1067005473372179227
  • /data/data/####/1067005473894532934
  • /data/data/####/1067005473967984342
  • /data/data/####/1190131415-1319773466
  • /data/data/####/1230485779-1143963177
  • /data/data/####/12607982351064523944
  • /data/data/####/16116028641153337294
  • /data/data/####/1645685414-359672192
  • /data/data/####/1755234209-16827094
  • /data/data/####/1755234209510067521
  • /data/data/####/1755234209953211263
  • /data/data/####/185092502979179989
  • /data/data/####/2034980719-850192871
  • /data/data/####/2043016958492341772
  • /data/data/####/21034647351064523944
  • /data/data/####/228825056492341772
  • /data/data/####/475418017-984374444
  • /data/data/####/5405595021880197359
  • /data/data/####/56249582733937722
  • /data/data/####/65365972076684736
  • /data/data/####/76701623-1547153876
  • /data/data/####/7719483521880197359
  • /data/data/####/793620192-2134821428
  • /data/data/####/7936201921609496395
  • /data/data/####/793620192683614571
  • /data/data/####/ACCS_BINDumeng;58eee65d07fe654c91002627.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/Badge.Main.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/NotificationCenter_Pre.xml
  • /data/data/####/PB_SP.xml
  • /data/data/####/PingBackManager_Pre.xml
  • /data/data/####/SGLocSDK.xml
  • /data/data/####/SOGOUPLUS_CONFIG.xml
  • /data/data/####/account.db-journal
  • /data/data/####/accs.db-journal
  • /data/data/####/agoo.pid
  • /data/data/####/androidtool.db-journal
  • /data/data/####/app_config.xml
  • /data/data/####/app_config.xml (deleted)
  • /data/data/####/app_config.xml.bak
  • /data/data/####/app_usage.db
  • /data/data/####/app_usage.db-journal
  • /data/data/####/bugly_db_-journal
  • /data/data/####/com.sogou.androidtool.push_service_setting.xml
  • /data/data/####/credit_share_preferences.xml
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/downloads_classic.db-journal
  • /data/data/####/downloads_classic.db-journal (deleted)
  • /data/data/####/eudemon
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/file_log.txt
  • /data/data/####/home_app_n
  • /data/data/####/home_app_p
  • /data/data/####/home_game_n
  • /data/data/####/home_game_p
  • /data/data/####/home_lb_n
  • /data/data/####/home_lb_p
  • /data/data/####/home_sf_n
  • /data/data/####/home_sf_p
  • /data/data/####/index
  • /data/data/####/localRoot.json
  • /data/data/####/local_crash_lock
  • /data/data/####/location_config.xml
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/nav_app_selected
  • /data/data/####/nav_app_unselected
  • /data/data/####/nav_game_selected
  • /data/data/####/nav_game_unselected
  • /data/data/####/nav_manage_selected
  • /data/data/####/nav_manage_unselected
  • /data/data/####/nav_rank_selected
  • /data/data/####/nav_rank_unselected
  • /data/data/####/nav_select_selected
  • /data/data/####/nav_select_unselected
  • /data/data/####/patchmanage.db
  • /data/data/####/patchmanage.db-journal
  • /data/data/####/pb_db
  • /data/data/####/pb_db-journal
  • /data/data/####/pback
  • /data/data/####/push_config.xml
  • /data/data/####/sce_1526453963081.dat
  • /data/data/####/security_info
  • /data/data/####/soso.db
  • /data/data/####/soso.db-journal
  • /data/data/####/tab_config.json
  • /data/data/####/temp
  • /data/data/####/unupdateapp_v2.db
  • /data/data/####/unupdateapp_v2.db-journal
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal (deleted)
  • /data/media/####/.nomedia
  • /data/media/####/.sg_firstlauch.cfg
  • /data/media/####/8224f5b8edb5496a999f2199eda33fbd
  • /data/media/####/Alvin2.xml
  • /data/media/####/ContextData.xml
  • /data/media/####/b47f875f0abd4284a116be83afae1639
  • /data/media/####/cncomtaximeter210.apk
  • /data/media/####/d6d6ebdfba884bf0b8518ecd0d028eb7
  • /data/media/####/deviceToken
  • /data/media/####/f677732edabd4a7a97f47d50b27e4116
Miscellaneous:
Executes next shell scripts:
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c type su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:58eee65d07fe654c91002627","utdid":"WvvWyQD7UAYDAGdzx1F6/aDX","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • cat /sys/class/net/wlan0/address
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 777 <Package Folder>/cache
  • chmod 777 <Package Folder>/files
  • getprop ro.board.platform
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.kernel.qemu
  • getprop ro.miui.ui.version.name
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.version
  • sh
Loads the following dynamic libraries:
  • Bugly
  • diff
  • rutx
  • sogouenc
  • tnet-3.1
  • uninstall
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-GCM-NoPadding
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about APN settings.
Gains access to information about active device administrators.
Gains access to information about installed applications.
Gains access to information about running applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play