マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.MobiDash.1110

Added to the Dr.Web virus database: 2018-07-29

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.MobiDash.16.origin
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) cou####.y####.ru:80
  • TCP(HTTP/1.1) c####.4####.to:80
  • TCP(HTTP/1.1) ogr####.xyz:80
  • TCP(HTTP/1.1) s.4####.to:80
  • TCP(HTTP/1.1) freem####.ru:80
  • TCP(HTTP/1.1) mc.ya####.ru:80
  • TCP(HTTP/1.1) www.google-####.com:80
  • TCP(HTTP/1.1) 4####.ru:80
  • TCP(SSL/3.0) rtd.tubem####.com:443
  • TCP(SSL/3.0) g.geo####.com:443
  • TCP(TLS/1.0) locati####.api.socia####.com:443
  • TCP(TLS/1.0) ai####.solu####.webo####.fr:443
  • TCP(TLS/1.0) www.svya####.ru:443
  • TCP(TLS/1.0) mobilep####.pass####.ya####.net:443
  • TCP(TLS/1.0) rp.gwa####.com:443
  • TCP(TLS/1.0) www.googlea####.com:443
  • TCP(TLS/1.0) dis.eu.cr####.com:443
  • TCP(TLS/1.0) g.geo####.com:443
  • TCP(TLS/1.0) dx.bi####.webo####.com:443
  • TCP(TLS/1.0) con####.face####.net:443
  • TCP(TLS/1.0) wam-go####.solu####.webo####.fr:443
  • TCP(TLS/1.0) tag.ruta####.ru:443
  • TCP(TLS/1.0) sta####.mo####.ya####.net:443
  • TCP(TLS/1.0) st####.cr####.net:443
  • TCP(TLS/1.0) sslwi####.cr####.com:443
  • TCP(TLS/1.0) googl####.g.doublec####.net:443
  • TCP(TLS/1.0) st####.dm####.1####.io:443
  • TCP(TLS/1.0) and####.cli####.go####.com:443
  • TCP(TLS/1.0) kr####.ram####.ru:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) api.flock####.com:443
  • TCP(TLS/1.0) tm####.cdn.ng####.net:443
  • TCP(TLS/1.0) creativ####.com:443
  • TCP(TLS/1.0) con####.adr####.ru:443
  • TCP(TLS/1.0) bn.adble####.ru:443
  • TCP(TLS/1.0) ad.m####.ru:443
  • TCP(TLS/1.0) re####.appmet####.ya####.net:443
  • TCP(TLS/1.0) st####.svya####.ru:443
  • TCP(TLS/1.0) cdn.ruta####.ru:443
  • TCP(TLS/1.0) s####.g.doublec####.net:443
  • TCP(TLS/1.0) cdn.retailr####.ru:443
  • TCP(TLS/1.0) id####.r####.com:443
  • TCP(TLS/1.0) ssp.ram####.ru:443
  • TCP(TLS/1.0) ad.adr####.ru:443
  • TCP(TLS/1.0) top-####.m####.ru:443
  • TCP(TLS/1.0) cms.analy####.y####.com:443
  • TCP(TLS/1.0) autocon####.b####.ru:443
  • TCP(TLS/1.0) px.ad####.net:443
  • TCP(TLS/1.0) v####.com:443
  • TCP(TLS/1.0) www.face####.com:443
  • TCP(TLS/1.0) hit.api.useins####.com:443
  • TCP(TLS/1.0) trac####.retailr####.net:443
  • TCP(TLS/1.0) svya####.api.socia####.com:443
  • TCP(TLS/1.0) st.to####.ru:443
  • TCP(TLS/1.0) cm.g.doublec####.net:443
  • TCP(TLS/1.0) 4####.ru:443
  • TCP(TLS/1.0) wam-vid####.solu####.webo####.fr:443
  • TCP(TLS/1.0) rtd.tubem####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) wam-y####.solu####.webo####.fr:443
  • TCP(TLS/1.0) geo####.solu####.webo####.fr:443
  • TCP(TLS/1.0) p####.mat####.com.####.net:443
  • TCP(TLS/1.0) wpc.1####.edgecas####.net:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) m####.ad####.org:443
  • TCP(TLS/1.0) mc.ya####.ru:443
  • TCP(TLS/1.0) www.go####.nl:443
  • TCP(TLS/1.0) wamfac####.solu####.webo####.fr:443
  • TCP(TLS/1.0) st####.ru:443
  • TCP(TLS/1.0) s####.tid####.com:443
DNS requests:
  • 4####.ru
  • ad.adr####.ru
  • ad.m####.ru
  • ai####.solu####.webo####.fr
  • ams.creativ####.com
  • an.ya####.ru
  • and####.cli####.go####.com
  • api.flock####.com
  • api.socia####.com
  • autocon####.b####.ru
  • bn.adble####.ru
  • c####.4####.to
  • cdn.retailr####.ru
  • cdn.ruta####.ru
  • certifi####.mo####.ya####.net
  • cm.creativ####.com
  • cm.g.doublec####.net
  • cms.analy####.y####.com
  • con####.adr####.ru
  • con####.face####.net
  • cou####.y####.ru
  • creativ####.com
  • cst####.webo####.fr
  • dis.eu.cr####.com
  • dsp.retailr####.net
  • dx.bi####.webo####.com
  • freem####.ru
  • g####.gl
  • geo####.solu####.webo####.fr
  • googl####.g.doublec####.net
  • hit.api.useins####.com
  • id####.r####.com
  • kr####.ram####.ru
  • locati####.api.socia####.com
  • m####.ad####.org
  • mc.ya####.ru
  • ogr####.xyz
  • p####.mat####.com
  • px.ad####.net
  • re####.appmet####.ya####.net
  • rp.gwa####.com
  • rt####.everest####.net
  • s####.g.doublec####.net
  • s####.tid####.com
  • s.4####.ru
  • s.4####.to
  • se####.a####.com
  • segm####.api.socia####.com
  • sslwi####.cr####.com
  • ssp.ram####.ru
  • st####.cr####.net
  • st####.dm####.1####.io
  • st####.ru
  • st####.svya####.ru
  • st.to####.ru
  • sta####.mo####.ya####.net
  • svya####.api.socia####.com
  • tag.ruta####.ru
  • tm####.cdn.ng####.net
  • top-####.m####.ru
  • trac####.retailr####.net
  • tu####.4####.ru
  • v####.com
  • wam-go####.solu####.webo####.fr
  • wam-vid####.solu####.webo####.fr
  • wam-y####.solu####.webo####.fr
  • wamfac####.solu####.webo####.fr
  • www.face####.com
  • www.go####.com
  • www.go####.nl
  • www.google-####.com
  • www.googlea####.com
  • www.googlet####.com
  • www.svya####.ru
HTTP GET requests:
  • 4####.ru/
  • 4####.ru/2018/07/28/6567355/?_=####
  • 4####.ru/ad/www/delivery/ck.php?ct=####&zoneid=####&bid=####
  • 4####.ru/favicon.ico
  • 4####.ru/forum/favicon.ico
  • 4####.ru/forum/index.php?act=####&code=####&tid=####
  • 4####.ru/forum/index.php?act=####&do=####&f=####&t=####
  • 4####.ru/forum/index.php?showtopic=####
  • 4####.ru/pages/go/?u=http://4pda.ru/2018/07/28/6567355/?_=####
  • c####.4####.to/10051029.png
  • c####.4####.to/10675020.png
  • c####.4####.to/10675022.png
  • c####.4####.to/12665276.png
  • c####.4####.to/13299494.png
  • c####.4####.to/5886923.png
  • c####.4####.to/5886925.png
  • c####.4####.to/5886927.png
  • c####.4####.to/5886928.png
  • c####.4####.to/5886929.png
  • c####.4####.to/5886930.png
  • c####.4####.to/7566818.png
  • c####.4####.to/9758918.png
  • c####.4####.to/9758919.png
  • cou####.y####.ru/hit?q;t14.11;r;s600*800*16;uhttp://4pda.ru/forum/index....
  • cou####.y####.ru/hit?q;t26.11;rhttp://4pda.ru/forum/index.php?act=####&d...
  • cou####.y####.ru/hit?t14.11;r;s600*800*16;uhttp://4pda.ru/forum/index.ph...
  • cou####.y####.ru/hit?t26.11;rhttp://4pda.ru/forum/index.php?act=####&do=...
  • mc.ya####.ru/metrika/watch.js
  • s.4####.to/font/fontello.ttf?4448####
  • s.4####.to/yP9IJruRpvOnmSgq9F7w4j1lvk3wIn7PKt0qVx.png
  • s.4####.to/yP9IY7BACjOjF02f22hVa1p7sz2Pf9v5TUh2G.jpg
  • s.4####.to/yP9IYBZLSjz0jx8xSfSsGl2j6Sp.gif
  • s.4####.to/yP9IYFB2r5K3OclK9RoMYdyYTuK.jpg
  • s.4####.to/yP9IYJ3F3U3kTpZ0OyxSnz0vOBaP.gif
  • s.4####.to/yP9IYJZEcixx8CSQy1jmCb9knJNIZOMJbXJR.jpg
  • s.4####.to/yP9IYNRwqXcEvN6ZJffwTEBhua3msvbjcdSZ.jpg
  • s.4####.to/yP9IYVxo0JxRO48uf0EchvV9jb0M9PrbIrnk.jpg
  • s.4####.to/yP9IYgLER7z2H1MtFHhyGvE2PqleODespND.css
  • s.4####.to/yP9IYgLER7z2H1MtFHhyGvE2PqleODespND.js
  • s.4####.to/yP9IZGb1z1GT48CygaTxNmZ6sDreIZOsZz0Tr4.jpg
  • s.4####.to/yP9IZKDMz1MWvIIUYukt2aBpc6Ecd7CsUULFMn81YZumwKbs1BR2nGmO9.jpg
  • s.4####.to/yP9IZKjLS5S7E3aM2YR7uNqhu4JOopq64oTW.jpg
  • s.4####.to/yP9IZSz0z0OlTaO4e8nSO1Nz2GHH3z2M9PLLA9Nn.jpg
  • s.4####.to/yP9IZTA7TSBZTW76jmQLW1tWG51vwpAAfZMx7V6B4iLftcz2z1gKM9TunD2t4...
  • s.4####.to/yP9IZbhvDOZz1LuCz20baiCslSRDQk28DdeUp8bKz01Xz2.gif
  • s.4####.to/yP9Ie3PlKPz2HIKp8AAnSnH3jz1c.gif
  • s.4####.to/yP9Ie673CpZ0z2Iz03YExVh6lKV3L2DWmA4miW.gif
  • s.4####.to/yP9Ie71Rdlz0qGmwbSHb4z1uyVAP6vXz0lyD592.jpg
  • s.4####.to/yP9IeBPd1Gz0K0uk79G6IPaguMlHz0ByCAwHht.jpg
  • s.4####.to/yP9IeM7IfKsBxU7u1S2iC3qdK7nFHs4z2Nz132jW8.gif
  • s.4####.to/yP9IeRyftagJHLIiYVjuDSFeDXqkieFrCavdbuHz1z2cNlIPeIbGmibXpB.jpg
  • s.4####.to/yP9Iez2ayCRtP.js?_=####
  • s.4####.to/yP9If47Kz2JRBGmQL4DpZ2z1p7sz2vvXz0FCLvlT.jpg
  • s.4####.to/yP9If4ofnvNXOPo7xfVRUH62kM7U6LLl.js?_=####
  • s.4####.to/yP9If8VePiRh0uEtHCGrbYbWg9kz0ByiwYjDe.jpg
  • s.4####.to/yP9IfCNyxvQe6tMBtpmbjMNz0VuLtQNkVR2bC.jpg
  • s.4####.to/yP9IfDW6d5BbUXd0Z6uY0Zz1tBaPaqHKblcnFP241hox.js
  • s.4####.to/yP9IfDW7byQwz1WuaBKPAwiZiPSEGCyBVR7Cixmi0.js?_=####
  • s.4####.to/yP9IfGlGLIuTNy4cwErCgQ9knJt2BSS2kpz1M.jpg
  • s.4####.to/yP9IfHulWO7aSZmjF8aaVlBv74H3XEPgZ6xXa1quksLTz1JuuHnRxeLLsz2Dr...
  • s.4####.to/yP9IfL0SYECa5z1pgyycz1X2ni6Yz0DQaODlXEFP241BYJ.gif
  • s.4####.to/yP9IfLWSRbPtcOt2lbaiHvz2cRXphPxAjGRf42uiSZiQt.gif
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/area_m...
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/area_p...
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/b.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/bb_hel...
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/center...
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/clear....
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/code.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/hide.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/i.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/left.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/list.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/numlis...
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/offtop...
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/quote....
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/right....
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/s.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/spoil....
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/spoile...
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/sub.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/sup.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/u.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/folder_editor_buttons/url.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/img-resized.png
  • s.4####.to/yP9IfLnz01uCBf36JJz0sqQ4AZZiQt/1/menu_item.gif
  • s.4####.to/yP9Ig3BACjOjF02f22hVa1p7sz2Pf9v5TUh2G.jpg
  • s.4####.to/yP9IgBRY87PEP7EtnyePBfNz0VurdoJaEGG81.jpg
  • s.4####.to/yP9IgFJsgIODV8MBN3893TbWg9EjZuchfz2Wb.jpg
  • s.4####.to/yP9IgIykvKYqIeP9rP7u1KbkYO5JwJEDiZ9JiY.gif
  • s.4####.to/yP9IgYjsVz0uwMr15jstX8mOWjz1GBQawRlIv1.gif
  • s.4####.to/yP9IgxQGenA7BqEiP9q.gif
  • s.4####.to/yP9Ih0D5KHz1IF0YPQUz0uO7yVAPcf9vbj6NaF.jpg
  • s.4####.to/yP9Ih8TjGxz2nP7k7fWz1z1tlObZUAdoJ4z18ikU.jpg
  • s.4####.to/yP9Ih8fL8OKMSkq6ody7EA5URNi68fb866IPz1z12EJUr.gif
  • s.4####.to/yP9IhCLvokz1oV8sxFVUkz2RguMlnjZu6Rn36w.jpg
  • s.4####.to/yP9IhCruNS6cVH0PVLDwDQMT.gif
  • s.4####.to/yP9IhK0Utdh8yhVcW2rtGJEkmy6JpDEOqFuz1MT1j.gif
  • s.4####.to/yP9IhKb1z1GT48CygaTxNmZ6sDreIZOsZz0Tr4.jpg
  • s.4####.to/yP9IhOuZCE0e44Wap3Lq5JEVOn3.png
  • s.4####.to/yP9Ii3D5KHz1IFWIXsmMQjMtDdKRiWz1fpLvFj.jpg
  • s.4####.to/yP9Ii75Hs4z2H9lATGFsAbY5GIbWcnLhMiMd9.jpg
  • s.4####.to/yP9IiEJYUz1z1rE9dwjsNHGiE7HuVJc25RlIPn.gif
  • s.4####.to/yP9IiUpr6q2Uw9vLEiwSz1M7eiZE.png
  • s.4####.to/yP9Ij0BACjOjFWoHki0z0HGuLRoaiWz193D5fo.jpg
  • s.4####.to/yP9Ij8RY87PEPdz1FTI3xz1uSlor8YRKeG3z1ZZ.jpg
  • s.4####.to/yP9IjCJsgIODVecpxjZhsCko74peAz2grwHB7.jpg
  • s.4####.to/yP9IjGRxq84ZFrAd26IxjBkynDU.gif
  • s.4####.to/yP9IjOxo0JxROau05kb4UeKR0ez0JWUvx1RQC.jpg
  • s.4####.to/yP9Ijr5tmNEuchtGWXLAJxz0Xwn8Ni6qcMwwSXfduaNS.png
  • s.4####.to/yP9Ik2uwPz1QlVsySbSCYSVx2K4HUOv2VdVelCSxdNPz2IuMJ0.js?_=####
  • s.4####.to/yP9Ik77Kz2JRBGGgjeZO1tluLRo4y8w3I6N4z2.jpg
  • s.4####.to/yP9IkA9GI9t8vKnF5JkgZdepMgfFz2z0dDFHs3d12Epkj.gif
  • s.4####.to/yP9IkEW5z2AjkjQECHz0YosRIH0z0aH3RQaz0F07MBsRVlA5Wz0llCT9Zt9MC...
  • s.4####.to/yP9IkFNyxvQe6NcpRTR7O7SloreopGY18iEk.jpg
  • s.4####.to/yP9IkMHz0ixTz2cOYXknxh0HVdKlWOxtMs50z0nQaRnpkj.gif
  • s.4####.to/yP9IkVtipjuz07KWy3Xz0uuNKR0eT38QpgA9t1.jpg
  • s.4####.to/yP9Ikk1bLYAPlg9OswKqjV06hPVb21Zgyr2ct9t6wpAz2.gif
  • s.4####.to/yP9IkkWcq6VBRQtk4z0nkZ3cRomW.png
  • s.4####.to/yP9IkoPBJz2WKASk/beee.gif
  • s.4####.to/yP9IkoPBJz2WKASk/biggrin.gif
  • s.4####.to/yP9IkoPBJz2WKASk/blink.gif
  • s.4####.to/yP9IkoPBJz2WKASk/blush.gif
  • s.4####.to/yP9IkoPBJz2WKASk/devil.gif
  • s.4####.to/yP9IkoPBJz2WKASk/girl_cray.gif
  • s.4####.to/yP9IkoPBJz2WKASk/happy.gif
  • s.4####.to/yP9IkoPBJz2WKASk/laugh.gif
  • s.4####.to/yP9IkoPBJz2WKASk/rofl.gif
  • s.4####.to/yP9IkoPBJz2WKASk/rolleyes.gif
  • s.4####.to/yP9IkoPBJz2WKASk/shok.gif
  • s.4####.to/yP9IkoPBJz2WKASk/smile_good.gif
  • s.4####.to/yP9IkoPBJz2WKASk/sveta.gif
  • s.4####.to/yP9IkoPBJz2WKASk/thank_you.gif
  • s.4####.to/yP9IkoPBJz2WKASk/tongue.gif
  • s.4####.to/yP9IkoPBJz2WKASk/wink.gif
  • s.4####.to/yP9IkoPBJz2WKASk/yes.gif
  • s.4####.to/yP9Il41Rdlz0qGGATmz2EcBftDdKxy8wZYUhYW.jpg
  • s.4####.to/yP9IlSnZhHU27K0CRz0hV4HR3yEY38QJQIrHU.jpg
  • s.4####.to/yP9IlrNIbCvDgYz0HKqn0kexjx4akACz2Bwvf.js?_=####
  • s.4####.to/yP9Inz0P8J0xTUtflz1ACQjM7jj891XxIPoAMmnsE1tERiz2jIf55.gif
  • s.4####.to/yP9Iq6xmB37ZU30rIz0HNFrCexOie0RwSjfd0TcCz0jmuU6r57.gif
  • s.4####.to/yP9IqURk162fCQbiUg5Tq3nJdvYO.js?_=####
  • s.4####.to/yP9IqURk162k9Qo12ek39gWRIz0pMVkBJZS.js?_=####
  • s.4####.to/yP9IqURk16IEPcF4lF6hgKsZ9b9HFZs2UNa6Iz1GhACz1nE1tw.css?_=####
  • s.4####.to/yP9IqURk16pBc4z1P7KiLFFFGXsQq.js?_=####
  • s.4####.to/yP9IqURk1AgoGUJFrx.js?_=####
  • s.4####.to/yP9IqURk1Ecz1TF8elaIcwRQOekd.css?_=####
  • s.4####.to/yP9IqURk1UJKifQjoNve.css?_=####
  • s.4####.to/yP9IqURk1UJKifQjop0.js?_=####
  • s.4####.to/yP9IqURk1cJfDbhDLvSLfF3IIdXK.css?_=####
  • s.4####.to/yP9IqURk1gBLbcyyW311K1BcWUj.js?_=####
  • s.4####.to/yP9IqURk1wB51Yg53wTPrqFRz1D.css?_=####
  • s.4####.to/yP9IqURk1wRcKgQz0CZ5yHHBJZS.js?_=####
  • s.4####.to/yP9IqcArnAcoMBABMD5Xa7A7ale59oWcTTjPog6OLitEF2bF9wM3aM.gif
  • s.4####.to/yP9Ir9b5evCIcFkVlz1WyDjh.css
  • s.4####.to/yP9Ir9b5evCIcFkVlz1WyDjh.ttf?4448####
  • s.4####.to/yP9IrbDvdf0LmrEz22Lcf6YUPl83GNsdwDcz2LQz0bb4vSLfQPDeUdI.png
  • s.4####.to/yP9IsAX9uxjUQ5PBfx7NgMNAy1FRYfgCbXC8riCwhoz0awipe67KsQES1gC7M...
  • s.4####.to/yP9IsEvz04wUeAYJxHhmEHk6LsKw2Xnsw2OSalo9P.js?_=####
  • s.4####.to/yP9IswXyCcTp4IZj3nRxvgQiOMRv2JEjyBDvj1.js?_=####
  • s.4####.to/yP9It1Kf1qqcYFuDV1t3Esz28JpyNsUElfw8VOie.gif
  • s.4####.to/yP9ItPdGDESHWyz1THOeu7XEjIz2mz1ddSZDvlqFB1WuHB0LRk5.gif
  • s.4####.to/yP9Iuogm56XvJbGKH6KtYIYaWGbWf2AHTlEI6AFlUuWEuiIvdLPhfVGz0.jpg
  • s.4####.to/yP9Iuoz18sA3pfHPkYCyITGo.html
  • s.4####.to/yP9Iyohc4A2cNirvYDEFb36EPEFFmrvdxN6UXwqcUEw2jz03.gif
  • s.4####.to/yP9Iz0HD8KBArvwvKBoJKDgr42mOOKF0.gif
  • s.4####.to/yP9Iz0j5YMUNIc7z1tB49iWJHiu2hMcYqv7Sm.js?_=####
  • s.4####.to/yP9Iz1wv8z2CMQp2bbGXuaKlWz2Afbz2wHb2BbvkOvqdghz10jRwz2nMuecJ....
  • s.4####.to/yP9Iz2LdOMpUdDSz1WuvxUz18.gif
  • s.4####.to/yP9Iz2TNrZVDrtDjPW2LdutKNz24AjGxPSUkhGTFiW.css?_=####
  • s.4####.to/yP9Iz2XEz2e1z2KMOehJhe2fSqcqAnE.png
  • s.4####.to/yP9Iz2nz2Bqjz2iljsGl2z0POExBoO1LZz1xz1EifG1ko7OcVckc048O.gif
  • s.4####.to/yP9Iz2z0cqgT8tmgXIF9Z1Bz2eCEXdcHGwVgPWcz1z1XN6z2WnRVjx8SkVz0o...
  • s.4####.to/yP9Iz2z0sJVHoL4oTWBEcyY7Cz20b4SKgvRt3X4ZxJqc5fHQqjfbL.gif
  • www.google-####.com/analytics.js
  • www.google-####.com/r/collect?v=####&_v=####&a=####&t=####&_s=####&dl=##...
HTTP POST requests:
  • freem####.ru/app4pda.v3/getAppInfo.php?settings_dt_upd=####&email=####&h...
  • freem####.ru/app4pda.v3/getFileInfo.php?email_hash=####&topic_id=####&ha...
  • freem####.ru/app4pda.v3/setAppInfo.php?action=####&email_hash=####&hash=...
  • freem####.ru/app4pda.v3/setAppInfo.php?icon_url=####&app_url=####&email_...
  • ogr####.xyz/
Modified file system:
Creates the following files:
  • /data/data/####/MRtpFpKXr
  • /data/data/####/app4pda.dat.jar
  • /data/data/####/app4pda.db-journal
  • /data/data/####/busybox
  • /data/data/####/com.google.android.gcm.xml
  • /data/data/####/com.yandex.metrica.configuration.xml
  • /data/data/####/credentials.dat
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/db_metrica_ru.freeman42.app4pda_13-journal
  • /data/data/####/db_metrica_ru.freeman42.app4pda_20799a27-fa80-4...ournal
  • /data/data/####/db_metrica_ru.freeman42.app4pda_b6c2cc5c-91f8-4...ournal
  • /data/data/####/device_id.xml
  • /data/data/####/f_000001
  • /data/data/####/index
  • /data/data/####/metrica_client_data.db
  • /data/data/####/metrica_client_data.db-journal
  • /data/data/####/metrica_client_data.db.lock
  • /data/data/####/metrica_data.db-journal
  • /data/data/####/multidex.version.xml
  • /data/data/####/ru.freeman42.app4pda-1.apk.classes1629419418.zip
  • /data/data/####/ru.freeman42.app4pda_boundentrypreferences.xml
  • /data/data/####/ru.freeman42.app4pda_migrationpreferences.xml
  • /data/data/####/ru.freeman42.app4pda_preferences.xml
  • /data/data/####/ru.freeman42.app4pda_servertimeoffset.xml
  • /data/data/####/ru.freeman42.app4pda_startupserviceinfopreferences.xml
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/media/####/.nomedia
  • /data/media/####/5b9582e981fa33e78b8d9bc8ce4dd147.0
  • /data/media/####/5b9582e981fa33e78b8d9bc8ce4dd147.0.tmp
  • /data/media/####/9cd69e10cd35c64aefc6b98f66f61713.0
  • /data/media/####/9cd69e10cd35c64aefc6b98f66f61713.0.tmp
  • /data/media/####/9f96c8772e842ba16c8cef20e7ee7510.0
  • /data/media/####/9f96c8772e842ba16c8cef20e7ee7510.0.tmp
  • /data/media/####/dfbb7258b64c8963732a734f4648dc0c.0
  • /data/media/####/dfbb7258b64c8963732a734f4648dc0c.0.tmp
  • /data/media/####/f6a2f704e4d1d9734d746e0bedf645e1.0
  • /data/media/####/f6a2f704e4d1d9734d746e0bedf645e1.0.tmp
  • /data/media/####/f8ca7c1359e5e06348a80445da7b6f0b.0
  • /data/media/####/f8ca7c1359e5e06348a80445da7b6f0b.0.tmp
  • /data/media/####/journal.tmp
Miscellaneous:
Loads the following dynamic libraries:
  • MRtpFpKXr
Uses administrator priveleges.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about active device administrators.
Gains access to information about accounts (Google, Facebook, etc.) registered on the device.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android