マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.Packed.38666

Added to the Dr.Web virus database: 2018-06-29

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.611.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) t####.dmp.y####.net:80
  • TCP(HTTP/1.1) l####.c####.q####.####.net:80
  • TCP(HTTP/1.1) int.d####.s####.####.cn:80
  • TCP(HTTP/1.1) s####.tc.qq.com:80
  • TCP(HTTP/1.1) s.a.longy####.com:80
  • TCP(HTTP/1.1) sia.taol####.cn:80
  • TCP(HTTP/1.1) w####.pcon####.com.cn:80
  • TCP(HTTP/1.1) api.tui####.b####.com:80
  • TCP(HTTP/1.1) p####.tc.qq.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) s####.e.qq.com:80
  • TCP(HTTP/1.1) im####.st####.juhu####.cn:80
  • TCP(HTTP/1.1) v.g####.qq.com:80
  • TCP(HTTP/1.1) weiboi####.g####.sina####.com:80
  • TCP(HTTP/1.1) a####.u####.com:80
  • TCP(HTTP/1.1) dn.gogo####.top:80
  • TCP(HTTP/1.1) s####.taol####.cn:80
  • TCP(HTTP/1.1) sf1-ttc####.ps####.com:80
  • TCP(HTTP/1.1) pre.bule####.cn:6501
  • TCP(HTTP/1.1) 1####.25.201.164:8000
  • TCP(HTTP/1.1) reso####.msg.xi####.net:80
  • TCP(HTTP/1.1) v3.bule####.cn:7001
  • TCP(HTTP/1.1) k.36####.com:80
  • TCP(HTTP/1.1) p4.q####.com:80
  • TCP(HTTP/1.1) mi.g####.qq.com:80
  • TCP(HTTP/1.1) s.y####.net:80
  • TCP(HTTP/1.1) api.itaoxia####.com:80
  • TCP(TLS/1.0) wapif####.dftou####.com:443
  • TCP(TLS/1.0) i####.sogo####.com.####.com:443
  • TCP(TLS/1.0) e####.b####.com:443
  • TCP(TLS/1.0) repor####.dftou####.com:443
  • TCP(TLS/1.0) ci####.s####.com:443
  • TCP(TLS/1.0) m.tt.vip-dns####.com:443
  • TCP(TLS/1.0) dup.baidust####.com:443
  • TCP(TLS/1.0) fp.ton####.net:443
  • TCP(TLS/1.0) weiboi####.g####.sina####.com:443
  • TCP(TLS/1.0) sf1-ttc####.ps####.com:443
  • TCP(TLS/1.0) wn.pos.b####.com:443
  • TCP(TLS/1.0) en####.tui####.com:443
  • TCP(TLS/1.0) s####.tc.qq.com:443
  • TCP(TLS/1.0) softwor####.dftou####.com:443
  • TCP(TLS/1.0) t####.sogo####.com.####.com:443
  • TCP(TLS/1.0) yun.d####.com.cn:443
  • TCP(TLS/1.0) fp.fraudme####.cn:443
  • TCP(TLS/1.0) acti####.tui####.com:443
  • TCP(TLS/1.0) dfttde####.dftou####.com:443
  • TCP(TLS/1.0) cfg.a####.com:443
  • TCP(TLS/1.0) www.a.sh####.com:443
  • TCP(TLS/1.0) yun.tuis####.com:443
  • TCP(TLS/1.0) image####.b####.com:443
  • TCP(TLS/1.0) yun.tui####.com.####.com:443
  • TCP(TLS/1.0) d####.eas####.com:443
  • TCP(TLS/1.0) regi####.xm####.xi####.com:443
  • TCP(TLS/1.0) wapac####.dftou####.com:443
  • TCP(TLS/1.0) fp-st####.b0.a####.com:443
  • TCP(TLS/1.0) api.tui####.b####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) c####.baidust####.com:443
  • TCP(TLS/1.0) pos.b####.com:443
  • TCP(TLS/1.0) lf.sn####.com:443
  • TCP(TLS/1.0) ser####.e####.s####.com:443
  • TCP(TLS/1.0) si####.jom####.com:443
  • TCP(TLS/1.0) statson####.pu####.b####.com:443
  • TCP(TLS/1.0) posi####.dftou####.com:443
  • TCP 4####.62.94.2:443
  • TCP sa1.tui####.b####.com:5287
  • TCP 47.74.1####.156:5222
DNS requests:
  • 0####.s####.com
  • 00.img####.eas####.com
  • 02.img####.eas####.com
  • 03.img####.eas####.com
  • 04.img####.eas####.com
  • 05.img####.eas####.com
  • 06.img####.eas####.com
  • 07.img####.eas####.com
  • 09.img####.eas####.com
  • 6####.nd####.y####.com
  • 6####.nd####.y####.com
  • 923.nd####.y####.com
  • LB-IM-1####.ap-sout####.elb.####.com
  • a####.tui####.b####.com
  • a####.u####.com
  • acti####.tui####.com
  • and####.b####.qq.com
  • api.itaoxia####.com
  • api.tui####.b####.com
  • c####.baidust####.com
  • cfg.a####.com
  • ci####.s####.com
  • d####.eas####.com
  • dfttde####.dftou####.com
  • dn.gogo####.top
  • dup.baidust####.com
  • e####.b####.com
  • en####.tui####.com
  • f10.b####.com
  • f11.b####.com
  • f12.b####.com
  • fp.fraudme####.cn
  • fp.ton####.net
  • hm.b####.com
  • i####.sogo####.com
  • im####.st####.juhu####.cn
  • image####.b####.com
  • imgc####.qq.com
  • imgsre####.dftou####.com
  • int.d####.s####.####.cn
  • k.36####.com
  • lf.sn####.com
  • m####.eas####.com
  • m.t####.cn
  • mi.g####.qq.com
  • p####.g####.cn
  • p0.q####.com
  • p4.q####.com
  • p8.q####.com
  • pos.b####.com
  • posi####.dftou####.com
  • pre.bule####.cn
  • qzones####.g####.cn
  • r####.wx.qq.com
  • regi####.xm####.xi####.com
  • repor####.dftou####.com
  • reso####.msg.xi####.net
  • rp####.itaoxia####.com
  • rp####.itaoxia####.com
  • s####.e.qq.com
  • s####.gw.y####.net
  • s####.taol####.cn
  • s####.taol####.cn
  • s.a.longy####.com
  • s.y####.net
  • sa1.tui####.b####.com
  • sdk.st####.y####.com
  • ser####.e####.s####.com
  • sf1-ttc####.ps####.com
  • sia.taol####.cn
  • softwor####.dftou####.com
  • sp0.b####.com
  • st####.fraudme####.cn
  • statson####.pu####.b####.com
  • t####.dmp.y####.net
  • t####.sogo####.com
  • t10.b####.com
  • t11.b####.com
  • t12.b####.com
  • v.g####.qq.com
  • v3.bule####.cn
  • w####.pcon####.com.cn
  • wapac####.dftou####.com
  • wapif####.dftou####.com
  • wn.pos.b####.com
  • wu####.e####.s####.com
  • wx3.sin####.cn
  • yun.d####.com.cn
  • yun.tui####.com
  • yun.tuis####.com
HTTP GET requests:
  • 1####.25.201.164:8000/configs/hbnews_options.txt
  • api.itaoxia####.com/authopt/get_withdraw_mission_money.do?android_id=###...
  • api.itaoxia####.com/get_channels.do?android_id=####&appid=####&brand=###...
  • api.itaoxia####.com/get_news_item.do?android_id=####&appid=####&brand=##...
  • api.itaoxia####.com/get_news_items.do?android_id=####&appid=####&brand=#...
  • api.itaoxia####.com/get_video_channels.do?android_id=####&appid=####&bra...
  • api.itaoxia####.com/get_withdraw_orders.do?android_id=####&appid=####&br...
  • api.itaoxia####.com/public/v2/get_activity_list.do?android_id=####&appid...
  • api.itaoxia####.com/redpaper/dv/get_splash_ads.do?PACKAGE_NAME=####&VERS...
  • api.itaoxia####.com/redpaper/dv/get_tuia_share_ads.do?PACKAGE_NAME=####&...
  • dn.gogo####.top/dnfile/Video/2018051018534094txb7.mp4
  • dn.gogo####.top/dnfile/shengjibao/VideoKApiNewYi84.jar
  • im####.st####.juhu####.cn/ad/jb_up copy.png
  • k.36####.com/pc/list?channel_id=####
  • k.36####.com/pc/list?n=####&p=####&f=####&ajax=####&channel_id=####
  • l####.c####.q####.####.net/core/aos-dex/1806/8204/de603c61
  • l####.c####.q####.####.net/core/aos-so/1611/7000/ad389c56.so
  • mi.g####.qq.com/gdt_mview.fcg?actual_width=####&count=####&r=####&templa...
  • mi.g####.qq.com/gdt_mview.fcg?posw=####&spsa=####&posh=####&count=####&r...
  • p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android03/js-release/1.1.0/nati...
  • p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
  • p4.q####.com/dr/_100_70/t0123365626c960a29e.jpg
  • p4.q####.com/dr/_100_70/t015dfafd1c12f4da48.jpg
  • p4.q####.com/dr/_100_70/t0165fe41cfb8905db4.jpg
  • p4.q####.com/dr/_100_70/t016aad889fdae0cb57.jpg
  • p4.q####.com/dr/_100_70/t016c6cc3ab8c9a0277.jpg
  • p4.q####.com/dr/_100_70/t019bf3573a80183bf8.jpg
  • p4.q####.com/dr/_100_70/t01be15635435509add.jpg
  • p4.q####.com/dr/_100_70/t01f17174a7340f32d3.jpg
  • p4.q####.com/video/568_320_70/t01045fade7aef14724.jpg
  • p4.q####.com/video/568_320_70/t0149096ccbb04288fb.jpg
  • p4.q####.com/video/568_320_70/t017837c7feae18e3b6.jpg
  • p4.q####.com/video/568_320_70/t01942829434dc2ea2d.jpg
  • p4.q####.com/video/568_320_70/t0196062830d3afc973.jpg
  • p4.q####.com/video/568_320_70/t019aeb9801e61ab653.jpg
  • p4.q####.com/video/568_320_70/t01b90a758b45279ac5.jpg
  • p4.q####.com/video/568_320_70/t01c133286eaa3d2829.jpg
  • reso####.msg.xi####.net/gslb/?ver=####&type=####&conpt=d####&uuid=####&l...
  • s####.taol####.cn/?idfv=####&ra_net=####&userid=####&cm_o=####&ct_ca=###...
  • s####.tc.qq.com/gdt/0/DAAHU5BAKAAPAABhBaU0iDA-5UD-LG.jpg/0?ck=####
  • s####.tc.qq.com/gdt/0/DAARNTlAUAALQAAXBa8UVLCXKt6OH8.jpg/0?ck=####
  • s####.tc.qq.com/gdt/0/DAAZKssAUAALQABjBbF1RkCbVMOaze.jpg/0?ck=####
  • s.y####.net/aos/v3/initf?s=####
  • s.y####.net/stat/aos/v3/pkc?s=####
  • s.y####.net/stat/aos/v3/pku?s=####
  • s.y####.net/stat/v3/udt2?appid=####&s=####
  • sf1-ttc####.ps####.com/404.html
  • sf1-ttc####.ps####.com/img/ad.union.api/1746717128829dee83fc3271c5d11b31...
  • sf1-ttc####.ps####.com/mobile/180629130953658.html?qid=####
  • sf1-ttc####.ps####.com/mobile/20180628/20180628100356_dceb94170005bbb50a...
  • sf1-ttc####.ps####.com/mobile/20180628/20180628112124_f6a2470f74c98cdc03...
  • sf1-ttc####.ps####.com/mobile/20180628/20180628124230_f1b74ffcb391bef8dc...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629130953_b34d70134b24173251...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_032c69906700188fa68fe67c...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_26c331a74b3598d5de457fd7...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_2db69e6382cecb1b84e27d1c...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_50021b9ad6777c48ba199d67...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_83b868cb530b28d8c4e65c6a...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_8c3d87675c84bf6f0c6e389f...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_bb213b6e0cea5e1fed7017fe...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_c2cc76b6d4c7979e375aaa0d...
  • sf1-ttc####.ps####.com/mobile/20180629/20180629_e19f8f81479c287c60460f56...
  • sia.taol####.cn/?idfv=####&ra_net=####&userid=####&cm_o=####&ct_ca=####&...
  • sia.taol####.cn/?idfv=####&ra_net=####&userid=####&type=####&cm_o=####&c...
  • weiboi####.g####.sina####.com/mw690/6954537bly1fiu3ty2kidj20u009ojtz.jpg
HTTP POST requests:
  • a####.u####.com/app_logs
  • and####.b####.qq.com/rqd/async?aid=####
  • api.tui####.b####.com/rest/2.0/channel/4505845304785627131
  • api.tui####.b####.com/rest/2.0/channel/channel
  • int.d####.s####.####.cn/iplookup/iplookup.php?format=####
  • pre.bule####.cn:6501/pre/api_settings.aspx
  • s####.e.qq.com/activate
  • s####.e.qq.com/msg
  • s.a.longy####.com/
  • t####.dmp.y####.net/v1/android/packages?rt=####&sign=####
  • t####.dmp.y####.net/v2/android/pkgtime?rt=####&sign=####
  • v.g####.qq.com/gdt_stats.fcg
  • v3.bule####.cn:7001/v3/api_request.aspx
  • v3.bule####.cn:7001/v3/api_settings.aspx
  • w####.pcon####.com.cn/ip.jsp
Modified file system:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/1002
  • /data/data/####/1004
  • /data/data/####/840eb4fcb230839a47c790ac73119013
  • /data/data/####/840eb4fcb230839a47c790ac73119013-journal
  • /data/data/####/97157f95d9de8e964f9a27900e0db783
  • /data/data/####/97157f95d9de8e964f9a27900e0db783-journal
  • /data/data/####/Alvin2.xml
  • /data/data/####/ApplicationCache.db-journal
  • /data/data/####/BuglySdkInfos.xml
  • /data/data/####/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml
  • /data/data/####/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml (deleted)
  • /data/data/####/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml.bak
  • /data/data/####/CE94557724F842149D690D0E8CBB1CBD.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/GDTSDK.db
  • /data/data/####/GDTSDK.db-journal
  • /data/data/####/P15pKIjsm64m
  • /data/data/####/P15pKIjsm64m-journal
  • /data/data/####/T1oX0rhhuXWt
  • /data/data/####/T1oX0rhhuXWt-journal
  • /data/data/####/VideoRes.apk
  • /data/data/####/VideoRes.apk (deleted)
  • /data/data/####/XKwVoK0huy3R
  • /data/data/####/XKwVoK0huy3R-journal
  • /data/data/####/XMPushServiceConfig.xml
  • /data/data/####/__gather_impl.jar
  • /data/data/####/__gather_impl142874975050274544175.jar
  • /data/data/####/b598b7030dc2601baf59f50dc1ffc9f7.temp
  • /data/data/####/bdpush_modeconfig.json
  • /data/data/####/bindcache.xml
  • /data/data/####/bugly_db_-journal
  • /data/data/####/cache-184235048950274417006
  • /data/data/####/cache171279422650274236420
  • /data/data/####/cc.db
  • /data/data/####/cc.db-journal
  • /data/data/####/com.martian.hotnews-1.apk.classes-590400186.zip
  • /data/data/####/com.martian.hotnews-1.apk.classes1265205383.zip
  • /data/data/####/com.martian.hotnews.BETA_VALUES.xml
  • /data/data/####/com.martian.hotnews.push_sync.xml
  • /data/data/####/com.martian.hotnews.self_push_sync.xml
  • /data/data/####/com.martian.hotnews;pushservice
  • /data/data/####/com.martian.hotnews_preferences.xml
  • /data/data/####/config.xml
  • /data/data/####/config_pre7.xml
  • /data/data/####/crashrecord.xml
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/dc5ce7ed5b08c03cd81ca295f6075880-journal
  • /data/data/####/devCloudSetting.cfg
  • /data/data/####/devCloudSetting.sig
  • /data/data/####/dk_search.db
  • /data/data/####/dk_search.db-journal
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/f_000003
  • /data/data/####/f_000004
  • /data/data/####/f_000005
  • /data/data/####/f_000006
  • /data/data/####/f_000007
  • /data/data/####/f_000008
  • /data/data/####/f_000009
  • /data/data/####/f_00000a
  • /data/data/####/f_00000b
  • /data/data/####/f_00000c
  • /data/data/####/f_00000d
  • /data/data/####/f_00000e
  • /data/data/####/f_00000f
  • /data/data/####/f_000010
  • /data/data/####/f_000011
  • /data/data/####/f_000012
  • /data/data/####/f_000013
  • /data/data/####/f_000014
  • /data/data/####/f_000015
  • /data/data/####/f_000016
  • /data/data/####/f_000017
  • /data/data/####/f_000018
  • /data/data/####/f_000019
  • /data/data/####/f_00001a
  • /data/data/####/f_00001b
  • /data/data/####/f_00001c
  • /data/data/####/f_00001d
  • /data/data/####/f_00001e
  • /data/data/####/f_00001f
  • /data/data/####/f_000020
  • /data/data/####/f_000021
  • /data/data/####/f_000022
  • /data/data/####/f_000023
  • /data/data/####/f_000024
  • /data/data/####/f_000025
  • /data/data/####/f_000026
  • /data/data/####/f_000027
  • /data/data/####/f_000028
  • /data/data/####/f_000029
  • /data/data/####/f_00002a
  • /data/data/####/f_00002b
  • /data/data/####/f_00002c
  • /data/data/####/f_00002d
  • /data/data/####/f_00002e
  • /data/data/####/f_00002f
  • /data/data/####/f_000030
  • /data/data/####/f_000031
  • /data/data/####/f_000032
  • /data/data/####/f_000033
  • /data/data/####/f_000034
  • /data/data/####/f_000035
  • /data/data/####/f_000036
  • /data/data/####/f_000037
  • /data/data/####/f_000038
  • /data/data/####/f_000039
  • /data/data/####/f_00003a
  • /data/data/####/f_00003b
  • /data/data/####/f_00003c
  • /data/data/####/f_00003d
  • /data/data/####/f_00003e
  • /data/data/####/f_00003f
  • /data/data/####/f_000040
  • /data/data/####/f_000041
  • /data/data/####/f_000042
  • /data/data/####/f_000043
  • /data/data/####/f_000044
  • /data/data/####/f_000045
  • /data/data/####/f_000046
  • /data/data/####/f_000047
  • /data/data/####/f_000048
  • /data/data/####/f_000049
  • /data/data/####/f_00004a
  • /data/data/####/f_00004b
  • /data/data/####/f_00004c
  • /data/data/####/f_00004d
  • /data/data/####/gdt_plugin.jar
  • /data/data/####/gdt_plugin.jar.sig
  • /data/data/####/gdt_plugin.tmp
  • /data/data/####/gdt_plugin.tmp.sig
  • /data/data/####/gdt_suid
  • /data/data/####/idfca5ce0f-0d62-4408-98ce-6230a2c3ad09.tmp
  • /data/data/####/index
  • /data/data/####/jqIqJYOT3JpT
  • /data/data/####/jqIqJYOT3JpT-journal
  • /data/data/####/libabcdefgh.so.new
  • /data/data/####/libcuid.so
  • /data/data/####/libgather.xml
  • /data/data/####/lmvideonewad_db-journal
  • /data/data/####/local_crash_lock
  • /data/data/####/longyun_sdk.xml
  • /data/data/####/martian_cache_cookie.json
  • /data/data/####/mipush.xml
  • /data/data/####/mipush_account.xml
  • /data/data/####/mipush_extra.xml
  • /data/data/####/multidex.version.xml
  • /data/data/####/pst.xml
  • /data/data/####/pushclient.xml
  • /data/data/####/pushinfo.db
  • /data/data/####/pushinfo.db-journal
  • /data/data/####/pushstat_5.1.0.db
  • /data/data/####/pushstat_5.1.0.db-journal
  • /data/data/####/sdkCloudSetting.cfg
  • /data/data/####/sdkCloudSetting.sig
  • /data/data/####/search_sdk.xml
  • /data/data/####/security_info
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/update_lc
  • /data/data/####/videokernel.apk
  • /data/data/####/wIU6pTyUBYWX
  • /data/data/####/wIU6pTyUBYWX-journal
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/wsUL1uCdKvjD
  • /data/data/####/wsUL1uCdKvjD-journal
  • /data/data/####/wxoptions_json_file
  • /data/data/####/ymdex.jar
  • /data/data/####/ymdex.jar.new
  • /data/media/####/-1061078493.tmp
  • /data/media/####/-1135500474.tmp
  • /data/media/####/-1188769238.tmp
  • /data/media/####/-1239228668.tmp
  • /data/media/####/-126784900.tmp
  • /data/media/####/-1420399350.tmp
  • /data/media/####/-1476528877.tmp
  • /data/media/####/-1954656612.tmp
  • /data/media/####/-2083700539.tmp
  • /data/media/####/-2143316051.tmp
  • /data/media/####/-558257745.tmp
  • /data/media/####/-571836739.tmp
  • /data/media/####/-573844323.tmp
  • /data/media/####/-654440790.tmp
  • /data/media/####/-68265174.tmp
  • /data/media/####/-718096012.tmp
  • /data/media/####/-887703999.tmp
  • /data/media/####/-958436096.tmp
  • /data/media/####/.cuid
  • /data/media/####/.cuid2
  • /data/media/####/.nomedia
  • /data/media/####/1007115956.tmp
  • /data/media/####/1021734615.tmp
  • /data/media/####/1070585761.tmp
  • /data/media/####/1272743546.tmp
  • /data/media/####/1281072223.tmp
  • /data/media/####/1455586409.tmp
  • /data/media/####/14785960.tmp
  • /data/media/####/1790827857.tmp
  • /data/media/####/1815319601.tmp
  • /data/media/####/1915057632.tmp
  • /data/media/####/2018051018534094txb7.mp4
  • /data/media/####/2034186815.tmp
  • /data/media/####/2045724253.tmp
  • /data/media/####/2063792820.tmp
  • /data/media/####/2081778672.tmp
  • /data/media/####/226113890.tmp
  • /data/media/####/322233952.tmp
  • /data/media/####/347939603.tmp
  • /data/media/####/504030254.tmp
  • /data/media/####/53767918.tmp
  • /data/media/####/553309680.tmp
  • /data/media/####/649325398.tmp
  • /data/media/####/860782054.tmp
  • /data/media/####/877385819.tmp
  • /data/media/####/928324748.tmp
  • /data/media/####/Alvin2.xml
  • /data/media/####/ContextData.xml
  • /data/media/####/DXTX902KJZX9JASLDJF
  • /data/media/####/DXTX902KJZX9JASLDJF.ymtf
  • /data/media/####/SOX90123JSOALK2098SD
  • /data/media/####/SOX90123JSOALK2098SD.ymtf
  • /data/media/####/Videoshell.log
  • /data/media/####/fcef8968a08b4bd9673e7489cb2b033f
  • /data/media/####/i42d45df023jnkdd93la483f9xGFKXI
  • /data/media/####/kernel.dat.tmp
  • /data/media/####/log.lock
  • /data/media/####/log1.txt
  • /data/media/####/s92TjjdfoP2n3o9dfji2l9s1olkjf0p
Miscellaneous:
Executes next shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/kernel_max
  • /system/bin/sh -c getprop
  • /system/bin/sh -c type su
  • cat /sys/class/net/wlan0/address
Loads the following dynamic libraries:
  • Bugly
  • abcdefgh
  • bdpush_V2_7
  • tongdun_db
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS7Padding
  • AES-GCM-NoPadding
  • DES-CBC-PKCS5Padding
  • PBEWITHMD5andDES
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS7Padding
  • AES-GCM-NoPadding
  • PBEWITHMD5andDES
  • RSA-ECB-PKCS1Padding
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android