マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Adware.Gexin.2210

Added to the Dr.Web virus database: 2018-09-06

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) chat####.nanxin####.com:7272
  • TCP(HTTP/1.1) ti####.c####.l####.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) img.nanxin####.com:80
  • TCP(HTTP/1.1) a####.exc.mob.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) api.map.b####.com:80
  • TCP(HTTP/1.1) i####.nanxin####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) 1####.27.146.67:8006
  • TCP(HTTP/1.1) l####.tbs.qq.com:80
  • TCP(TLS/1.0) api.growi####.com:443
  • TCP(TLS/1.0) h####.b####.com:443
  • TCP(TLS/1.0) apigate####.nanxin####.com:443
  • TCP(TLS/1.0) t####.growi####.com:443
  • TCP(TLS/1.0) t.growi####.com:443
  • TCP c####.g####.ig####.com:5227
  • TCP sdk.o####.t####.####.com:5224
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.exc.mob.com
  • and####.b####.qq.com
  • api.growi####.com
  • api.map.b####.com
  • apigate####.nanxin####.com
  • c####.g####.ig####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • chat####.nanxin####.com
  • h####.b####.com
  • i####.nanxin####.com
  • img.nanxin####.com
  • l####.tbs.qq.com
  • sdk.c####.ig####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • t####.growi####.com
  • t.growi####.com
HTTP GET requests:
  • api.map.b####.com/location/ip?ak=####&sn=####
  • chat####.nanxin####.com:7272/?timestamp=####&u_ca=####&u_city_id=####&u_...
  • i####.nanxin####.com/Public/attachment/brand/120.png@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/173.png@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/203.png@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/231.png@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/27.png@1e_80w_80h_1c_0i_1o_...
  • i####.nanxin####.com/Public/attachment/brand/271.png@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/272.jpg@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/301.jpg@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/333.jpg@1e_80w_80h_1c_0i_1o...
  • i####.nanxin####.com/Public/attachment/brand/34.png@1e_80w_80h_1c_0i_1o_...
  • i####.nanxin####.com/Public/attachment/brand/95.png@1e_80w_80h_1c_0i_1o_...
  • img.nanxin####.com/Public/attachment/brand/1.png@1e_80w_80h_1c_0i_1o_60Q...
  • img.nanxin####.com/Public/attachment/brand/13.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/14.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/140.png@1e_80w_80h_1c_0i_1o_6...
  • img.nanxin####.com/Public/attachment/brand/143.png@1e_80w_80h_1c_0i_1o_6...
  • img.nanxin####.com/Public/attachment/brand/15.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/154.png@1e_80w_80h_1c_0i_1o_6...
  • img.nanxin####.com/Public/attachment/brand/221.png@1e_80w_80h_1c_0i_1o_6...
  • img.nanxin####.com/Public/attachment/brand/3.png@1e_80w_80h_1c_0i_1o_60Q...
  • img.nanxin####.com/Public/attachment/brand/33.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/35.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/36.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/37.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/38.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/39.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/40.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/52.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/58.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/Public/attachment/brand/75.png@1e_80w_80h_1c_0i_1o_60...
  • img.nanxin####.com/bsm/series/146.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/18.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/19.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2264.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2730.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2734.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2736.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2738.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2739.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2841.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/2951.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/3170.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/3304.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/370.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/412.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/4526.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/471.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/472.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/4851.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/509.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/538.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/593.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/650.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/692.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/740.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • img.nanxin####.com/bsm/series/812.jpg@1e_80w_80h_1c_0i_1o_90Q_1x
  • t####.c####.q####.####.com/tdata_Soq141
  • t####.c####.q####.####.com/tdata_vxj811
  • ti####.c####.l####.####.com/config/hz-hzv3.conf
HTTP POST requests:
  • a####.exc.mob.com/errconf
  • and####.b####.qq.com/rqd/async?aid=####
  • c-h####.g####.com/api.php?format=####&t=####
  • l####.tbs.qq.com/ajax?c=####&k=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
Modified file system:
Creates the following files:
  • /data/data/####/-1294679210
  • /data/data/####/.duid
  • /data/data/####/.jg.ic
  • /data/data/####/.lock
  • /data/data/####/.vpl_lock
  • /data/data/####/054a8382311ed872cfb12af8b5947fc01de62af368d76f3....0.tmp
  • /data/data/####/0626ed616c8f56d23edf42f7a82242912806ebbda3ba1a4....0.tmp
  • /data/data/####/065efd70d7ecc5976be15457b5cd146e06a3ebed6d61241....0.tmp
  • /data/data/####/074ea9c340873fdb825ec007376b0bd4.png
  • /data/data/####/08c9c3027cf7ca5fafa3c5d070fdc8e769abb2b9d57671a....0.tmp
  • /data/data/####/0b0a9414eb3ade43615c9142595a212d.png
  • /data/data/####/0e26fc3328709e9fc1793c218627136a737bcbdd8522f29....0.tmp
  • /data/data/####/1-s.png
  • /data/data/####/1-w.png
  • /data/data/####/1.1_c67f61b3fcfb2650320f.js
  • /data/data/####/10-s.png
  • /data/data/####/10-w.png
  • /data/data/####/10.10_c67f61b3fcfb2650320f.js
  • /data/data/####/100-s.png
  • /data/data/####/100-w.png
  • /data/data/####/1004
  • /data/data/####/101-s.png
  • /data/data/####/102-s.png
  • /data/data/####/102-w.png
  • /data/data/####/103-s.png
  • /data/data/####/103-w.png
  • /data/data/####/104-s.png
  • /data/data/####/104-w.png
  • /data/data/####/105-s.png
  • /data/data/####/105-w.png
  • /data/data/####/106-s.png
  • /data/data/####/106-w.png
  • /data/data/####/108-s.png
  • /data/data/####/108-w.png
  • /data/data/####/109-s.png
  • /data/data/####/11-s.png
  • /data/data/####/11-w.png
  • /data/data/####/11.11_c67f61b3fcfb2650320f.js
  • /data/data/####/110-s.png
  • /data/data/####/110-w.png
  • /data/data/####/111-s.png
  • /data/data/####/111-w.png
  • /data/data/####/1110b1d70d3b9e478ce688f1670a66640914c0d53bf11a6....0.tmp
  • /data/data/####/112-s.png
  • /data/data/####/112-w.png
  • /data/data/####/113-s.png
  • /data/data/####/113-w.png
  • /data/data/####/114-s.png
  • /data/data/####/114-w.png
  • /data/data/####/116-s.png
  • /data/data/####/118-s.png
  • /data/data/####/118-w.png
  • /data/data/####/119-s.png
  • /data/data/####/119-w.png
  • /data/data/####/12-s.png
  • /data/data/####/12-w.png
  • /data/data/####/12.12_c67f61b3fcfb2650320f.js
  • /data/data/####/120-s.png
  • /data/data/####/120-w.png
  • /data/data/####/122-s.png
  • /data/data/####/124-s.png
  • /data/data/####/124-w.png
  • /data/data/####/129-s.png
  • /data/data/####/13-s.png
  • /data/data/####/13-w.png
  • /data/data/####/13.13_c67f61b3fcfb2650320f.js
  • /data/data/####/130-s.png
  • /data/data/####/130-w.png
  • /data/data/####/133-s.png
  • /data/data/####/14-s.png
  • /data/data/####/14-w.png
  • /data/data/####/14.14_c67f61b3fcfb2650320f.js
  • /data/data/####/140-s.png
  • /data/data/####/141-s.png
  • /data/data/####/141-w.png
  • /data/data/####/142-s.png
  • /data/data/####/143-s.png
  • /data/data/####/144-s.png .png
  • /data/data/####/145-s.png
  • /data/data/####/146-s.png
  • /data/data/####/149-s.png
  • /data/data/####/14c1c4856741082dac21c96c967385dc495d35cbd67a229....0.tmp
  • /data/data/####/15-s.png
  • /data/data/####/15-w.png
  • /data/data/####/15.15_c67f61b3fcfb2650320f.js
  • /data/data/####/150-s.png
  • /data/data/####/151-s.png
  • /data/data/####/152-s.png
  • /data/data/####/154-s.png
  • /data/data/####/154-w.png
  • /data/data/####/155-s.png
  • /data/data/####/156-s.png
  • /data/data/####/156-w.png
  • /data/data/####/16.16_c67f61b3fcfb2650320f.js
  • /data/data/####/161-s.png
  • /data/data/####/162-s.png
  • /data/data/####/163-s.png
  • /data/data/####/164-s.png
  • /data/data/####/165-s.png
  • /data/data/####/168-s.png
  • /data/data/####/169-s.png
  • /data/data/####/17.17_c67f61b3fcfb2650320f.js
  • /data/data/####/173-s.png
  • /data/data/####/174-s.png
  • /data/data/####/175-s.png
  • /data/data/####/176-s.png
  • /data/data/####/18.18_c67f61b3fcfb2650320f.js
  • /data/data/####/181-s.png
  • /data/data/####/185-s.png
  • /data/data/####/187-s.png
  • /data/data/####/19-s.png
  • /data/data/####/19-w.png
  • /data/data/####/19.19_c67f61b3fcfb2650320f.js
  • /data/data/####/192-s.png
  • /data/data/####/196-s.png
  • /data/data/####/197-s.png
  • /data/data/####/199-s.png
  • /data/data/####/1b43ec8cb0699f0cf280e2d3f89149a6098b75830df0202....0.tmp
  • /data/data/####/2.2_c67f61b3fcfb2650320f.js
  • /data/data/####/20-s.png
  • /data/data/####/20-w.png
  • /data/data/####/20.20_c67f61b3fcfb2650320f.js
  • /data/data/####/202-s.png
  • /data/data/####/203-s.png
  • /data/data/####/204-s.png
  • /data/data/####/205-s.png
  • /data/data/####/206-s.png
  • /data/data/####/208-s.png
  • /data/data/####/21.21_c67f61b3fcfb2650320f.js
  • /data/data/####/210-s.png
  • /data/data/####/213-s.png
  • /data/data/####/214-s.png
  • /data/data/####/215-s.png
  • /data/data/####/219-s.png
  • /data/data/####/21c42cf5876a1d75363336d8d10c31e372f70f643fff414....0.tmp
  • /data/data/####/22-s.png
  • /data/data/####/22-w.png
  • /data/data/####/22.22_c67f61b3fcfb2650320f.js
  • /data/data/####/220-s.png
  • /data/data/####/221-s.png
  • /data/data/####/224-s.png
  • /data/data/####/23.23_c67f61b3fcfb2650320f.js
  • /data/data/####/235-s.png
  • /data/data/####/237-s.png
  • /data/data/####/238-s.png
  • /data/data/####/24-s.png
  • /data/data/####/24-w.png
  • /data/data/####/24.24_c67f61b3fcfb2650320f.js
  • /data/data/####/241-s.png
  • /data/data/####/245-s.png
  • /data/data/####/25-s.png
  • /data/data/####/25.25_c67f61b3fcfb2650320f.js
  • /data/data/####/2508ac5983e2f7b1e4d9dd8b1152addf2b88193b0ec048c....0.tmp
  • /data/data/####/26-s.png
  • /data/data/####/26-w.png
  • /data/data/####/26.26_c67f61b3fcfb2650320f.js
  • /data/data/####/260-s.png
  • /data/data/####/27-s.png
  • /data/data/####/27.27_c67f61b3fcfb2650320f.js
  • /data/data/####/271-s.png
  • /data/data/####/28.28_c67f61b3fcfb2650320f.js
  • /data/data/####/283-s.png
  • /data/data/####/284-s.png
  • /data/data/####/29.29_c67f61b3fcfb2650320f.js
  • /data/data/####/294-s.png
  • /data/data/####/296-s.png
  • /data/data/####/298-s.png
  • /data/data/####/2a5448c671299f7224c2fa18871dd1ab996f0b99142cc17....0.tmp
  • /data/data/####/2aeb82db6a70a09cf28370a89b3b55e015f5dc9c4cbfaf3....0.tmp
  • /data/data/####/2ed858be8df0131040921673421eff4d.png
  • /data/data/####/2f9f65692d79ee51d1924b84e08c449b6c60b1fd8698f6e....0.tmp
  • /data/data/####/3-s.png
  • /data/data/####/3-w.png
  • /data/data/####/3.3_c67f61b3fcfb2650320f.js
  • /data/data/####/30.30_c67f61b3fcfb2650320f.js
  • /data/data/####/30d1894134a1119c93716e4fd264099408b148d1514ca04....0.tmp
  • /data/data/####/31.31_c67f61b3fcfb2650320f.js
  • /data/data/####/311f54c1dbbf278f09a0f144b18cef0d92b735a9070f751....0.tmp
  • /data/data/####/32-s.png
  • /data/data/####/32-w.png
  • /data/data/####/32.32_c67f61b3fcfb2650320f.js
  • /data/data/####/32bc832f39ccdba49de772d50bf1e80c.png
  • /data/data/####/33-s.png
  • /data/data/####/33-w.png
  • /data/data/####/33.33_c67f61b3fcfb2650320f.js
  • /data/data/####/34.34_c67f61b3fcfb2650320f.js
  • /data/data/####/35-s.png
  • /data/data/####/35-w.png
  • /data/data/####/35.35_c67f61b3fcfb2650320f.js
  • /data/data/####/36-s.png
  • /data/data/####/36-w.png
  • /data/data/####/36.36_c67f61b3fcfb2650320f.js
  • /data/data/####/36def50ee6318475535d6237accca9fec1c95e923f38031....0.tmp
  • /data/data/####/37-s.png
  • /data/data/####/37-w.png
  • /data/data/####/37.37_c67f61b3fcfb2650320f.js
  • /data/data/####/38-s.png
  • /data/data/####/38-w.png
  • /data/data/####/38.38_c67f61b3fcfb2650320f.js
  • /data/data/####/39-s.png
  • /data/data/####/39-w.png
  • /data/data/####/39.39_c67f61b3fcfb2650320f.js
  • /data/data/####/3bfa504fd2d267f5c152ca16c2128dd03c2921a2e032052....0.tmp
  • /data/data/####/3cbb51af0fe5ab1e93859ad8fcc9f843.png
  • /data/data/####/4.4_c67f61b3fcfb2650320f.js
  • /data/data/####/40-s.png
  • /data/data/####/40-w.png
  • /data/data/####/40.40_c67f61b3fcfb2650320f.js
  • /data/data/####/409ba9828e29834152a99a5b10dc5ae7.jpg
  • /data/data/####/41-s.png
  • /data/data/####/41-w.png
  • /data/data/####/41.41_c67f61b3fcfb2650320f.js
  • /data/data/####/42-s.png
  • /data/data/####/42-w.png
  • /data/data/####/42.42_c67f61b3fcfb2650320f.js
  • /data/data/####/43-s.png
  • /data/data/####/43-w.png
  • /data/data/####/43.43_c67f61b3fcfb2650320f.js
  • /data/data/####/44-s.png
  • /data/data/####/44-w.png
  • /data/data/####/44.44_c67f61b3fcfb2650320f.js
  • /data/data/####/44979ae1db3355973ec00c777bfdb416a33864c31f4085d....0.tmp
  • /data/data/####/45-s.png
  • /data/data/####/45-w.png
  • /data/data/####/45.45_c67f61b3fcfb2650320f.js
  • /data/data/####/46-s.png
  • /data/data/####/46-w.png
  • /data/data/####/46.46_c67f61b3fcfb2650320f.js
  • /data/data/####/47-s.png
  • /data/data/####/47-w.png
  • /data/data/####/47.47_c67f61b3fcfb2650320f.js
  • /data/data/####/48-s.png
  • /data/data/####/48-w.png
  • /data/data/####/48.48_c67f61b3fcfb2650320f.js
  • /data/data/####/49-s.png
  • /data/data/####/49-w.png
  • /data/data/####/49.49_c67f61b3fcfb2650320f.js
  • /data/data/####/5.5_c67f61b3fcfb2650320f.js
  • /data/data/####/50-s.png
  • /data/data/####/50-w.png
  • /data/data/####/50.50_c67f61b3fcfb2650320f.js
  • /data/data/####/51-s.png
  • /data/data/####/51-w.png
  • /data/data/####/51.51_c67f61b3fcfb2650320f.js
  • /data/data/####/510409c33c6bb8d3124f8b00c977c47b989c8c2ea3ff7c6....0.tmp
  • /data/data/####/52-s.png
  • /data/data/####/52-w.png
  • /data/data/####/52.52_c67f61b3fcfb2650320f.js
  • /data/data/####/53-s.png
  • /data/data/####/53-w.png
  • /data/data/####/53.53_c67f61b3fcfb2650320f.js
  • /data/data/####/53fc6d8548e84671b8f56faa9e649e1d3a1ca15cab15363....0.tmp
  • /data/data/####/54-s.png
  • /data/data/####/54-w.png
  • /data/data/####/54.54_c67f61b3fcfb2650320f.js
  • /data/data/####/55-s.png
  • /data/data/####/55-w.png
  • /data/data/####/55.55_c67f61b3fcfb2650320f.js
  • /data/data/####/56-s.png
  • /data/data/####/56-w.png
  • /data/data/####/56.56_c67f61b3fcfb2650320f.js
  • /data/data/####/57-s.png
  • /data/data/####/57-w.png
  • /data/data/####/57.57_c67f61b3fcfb2650320f.js
  • /data/data/####/58-s.png
  • /data/data/####/58-w.png
  • /data/data/####/58.58_c67f61b3fcfb2650320f.js
  • /data/data/####/59-s.png
  • /data/data/####/59-w.png
  • /data/data/####/59.59_c67f61b3fcfb2650320f.js
  • /data/data/####/5d2947a29c52319a41f24e942a29f4a89bce5a25cc9f789....0.tmp
  • /data/data/####/5dbd9e4ccfb9c337338f0900ba7be022ed6b8b25faf1bee....0.tmp
  • /data/data/####/6.6_c67f61b3fcfb2650320f.js
  • /data/data/####/60-s.png
  • /data/data/####/60-w.png
  • /data/data/####/60.60_c67f61b3fcfb2650320f.js
  • /data/data/####/61-s.png
  • /data/data/####/61.61_c67f61b3fcfb2650320f.js
  • /data/data/####/61694f57ccaa5ac22c9f9df9f792f01f388aff56d1244b7....0.tmp
  • /data/data/####/61f3688fb63165b585d041868370e9f3.png
  • /data/data/####/62-s.png
  • /data/data/####/62-w.png
  • /data/data/####/62.62_c67f61b3fcfb2650320f.js
  • /data/data/####/63-s.png
  • /data/data/####/63-w.png
  • /data/data/####/63.63_c67f61b3fcfb2650320f.js
  • /data/data/####/64-s.png
  • /data/data/####/64.64_c67f61b3fcfb2650320f.js
  • /data/data/####/65-s.png
  • /data/data/####/65-w.png
  • /data/data/####/65.65_c67f61b3fcfb2650320f.js
  • /data/data/####/653d35a15500b849b7d359a98cb7c401f4b8470d1ec6d15....0.tmp
  • /data/data/####/66-s.png
  • /data/data/####/66-w.png
  • /data/data/####/66.66_c67f61b3fcfb2650320f.js
  • /data/data/####/67-s.png
  • /data/data/####/67-w.png
  • /data/data/####/67.67_c67f61b3fcfb2650320f.js
  • /data/data/####/68-s.png
  • /data/data/####/68-w.png
  • /data/data/####/68.68_c67f61b3fcfb2650320f.js
  • /data/data/####/69-s.png
  • /data/data/####/69-w.png
  • /data/data/####/69.69_c67f61b3fcfb2650320f.js
  • /data/data/####/6ac2c91c3ef9a41473c316a7ca29524626e0d130caaef64....0.tmp
  • /data/data/####/6bbb0ea3da77d72597d4c0f840cc44377fed58718b75a7b....0.tmp
  • /data/data/####/6fa433c49c8ee6db4af6d71e5ee78133c3c4b1efe900b84....0.tmp
  • /data/data/####/7-s.png
  • /data/data/####/7-w.png
  • /data/data/####/7.7_c67f61b3fcfb2650320f.js
  • /data/data/####/70-s.png
  • /data/data/####/70-w.png
  • /data/data/####/71-s.png
  • /data/data/####/71-w.png
  • /data/data/####/72-s.png
  • /data/data/####/72-w.png
  • /data/data/####/722315a24c75faa4b907267f8cb3960cf5f8c4a461b52fd....0.tmp
  • /data/data/####/73-s.png
  • /data/data/####/73-w.png
  • /data/data/####/74-s.png
  • /data/data/####/74-w.png
  • /data/data/####/75-s.png
  • /data/data/####/75-w.png
  • /data/data/####/76-s.png
  • /data/data/####/76-w.png
  • /data/data/####/77-s.png
  • /data/data/####/77-w.png
  • /data/data/####/78-s.png
  • /data/data/####/78-w.png
  • /data/data/####/79-s.png
  • /data/data/####/79-w.png
  • /data/data/####/7f4a765b13b398fe9923c22a3022dc560ec19c9f7964d2c....0.tmp
  • /data/data/####/8-s.png
  • /data/data/####/8-w.png
  • /data/data/####/8.8_c67f61b3fcfb2650320f.js
  • /data/data/####/80-s.png
  • /data/data/####/80-w.png
  • /data/data/####/808a53c05bbaf60de091c45779079447.png
  • /data/data/####/81-s.png
  • /data/data/####/81-w.png
  • /data/data/####/82-s.png
  • /data/data/####/82-w.png
  • /data/data/####/826acde27fde071226d2c40e40185d90dd1a459699f53f3....0.tmp
  • /data/data/####/829953867e507eb32e3def56081b8bb3db965a16f5f0d89....0.tmp
  • /data/data/####/83-s.png
  • /data/data/####/83-w.png
  • /data/data/####/84-s.png
  • /data/data/####/84-w.png
  • /data/data/####/85-s.png
  • /data/data/####/86-s.png
  • /data/data/####/86-w.png
  • /data/data/####/87-s.png
  • /data/data/####/87-w.png
  • /data/data/####/88-s.png
  • /data/data/####/88-w.png
  • /data/data/####/89-s.png
  • /data/data/####/89-w.png
  • /data/data/####/8d7d7d5678ca8ebf7522a87a21c1fbd6dc55e64c8b80a37....0.tmp
  • /data/data/####/9-s.png
  • /data/data/####/9-w.png
  • /data/data/####/9.9_c67f61b3fcfb2650320f.js
  • /data/data/####/90-s.png
  • /data/data/####/90-w.png
  • /data/data/####/91-s.png
  • /data/data/####/93-s.png
  • /data/data/####/93-w.png
  • /data/data/####/94-s.png
  • /data/data/####/94-w.png
  • /data/data/####/94b0813ee747c6c94acb4dd2ffe494aef40696a6b83b362....0.tmp
  • /data/data/####/95-s.png
  • /data/data/####/95-w.png
  • /data/data/####/96-s.png
  • /data/data/####/96-w.png
  • /data/data/####/96bd2a6fd5f586cad95b6895e141da4ff0dfa0c31b30e62....0.tmp
  • /data/data/####/97-s.png
  • /data/data/####/97-w.png
  • /data/data/####/98-s.png
  • /data/data/####/99-s.png
  • /data/data/####/99-w.png
  • /data/data/####/99a1580420e7a609a8af71c1ba3afa257d607218d3831f4....0.tmp
  • /data/data/####/9ca9ffae7b1e72ecafe9b69568d8178c7852f50d392fc68....0.tmp
  • /data/data/####/9fa1c1f7e6132da3986f6d381b7765bdf516927319ff9f4....0.tmp
  • /data/data/####/Parts.csv
  • /data/data/####/ThrowalbeLog.db-journal
  • /data/data/####/__Baidu_Stat_SDK_SendRem.xml
  • /data/data/####/__local_ap_info_cache.json
  • /data/data/####/__local_last_session.json
  • /data/data/####/__local_stat_cache.json
  • /data/data/####/__send_data_1536212051151
  • /data/data/####/a1a4187cb49fd83e3fbe12e85b72575e336bcb351f42ea9....0.tmp
  • /data/data/####/a540e63666a3b61c065308d09c6caa73d43e2e4932c5bd1....0.tmp
  • /data/data/####/a9e18b5977930cc7c463a5e2950067b306cb99af274c8b7....0.tmp
  • /data/data/####/aae5d9d16742f0cca5bdd0388dd186ddd0c93056cff16fe....0.tmp
  • /data/data/####/ac06af4bb17fcc62f567b922cc2a32922b70ef4902495f2....0.tmp
  • /data/data/####/accessories.json
  • /data/data/####/appConfig.json
  • /data/data/####/b31952810b446c6797890d7c08eeb1c64a342f8fab5aec5....0.tmp
  • /data/data/####/ba417e42aefd8dec1e0b41d1b9a64f491ec719bb26b2048....0.tmp
  • /data/data/####/bd3126f29af1f474a1a005c57713686018f1631bffb8629....0.tmp
  • /data/data/####/bd9a7c272eef170474aea169d3e0ef90.png
  • /data/data/####/bugly_db_-journal
  • /data/data/####/bundle_c67f61b3fcfb2650320f.js
  • /data/data/####/c2a9de91874b843acacddd354c630911ff1a665baa1e752....0.tmp
  • /data/data/####/c34418039d73b0d05637891fac141a580718e243101d5eb....0.tmp
  • /data/data/####/c57505147a0608907dacab32664bb666ed23423c1584df3....0.tmp
  • /data/data/####/c944f20878de4f25834aea1cb9940a50.jpg
  • /data/data/####/ca4e07cd966ddae73e02cbbcb96517baa90621a8cd8348b....0.tmp
  • /data/data/####/com.qp333.car-journal
  • /data/data/####/com.qp333.car_preferences.xml
  • /data/data/####/com.sensorsdata.analytics.android.sdk.SensorsDataAPI.xml
  • /data/data/####/core_info
  • /data/data/####/crashrecord.xml
  • /data/data/####/e14866a2ea634f5254172f931b15dd70effabe4db62412a....0.tmp
  • /data/data/####/e5d2a8c367b6aaa73de90eaa26e871cb5adeac6749f0ba0....0.tmp
  • /data/data/####/ea9b1dd762472503797fd121c6e2a537e6a7d12d6dc2e48....0.tmp
  • /data/data/####/ed22701d44a58ea770cdbd79d927415ab6536895bde77bd....0.tmp
  • /data/data/####/ef0bb20e384a4bba1569c1dcbb3cbb68ff679df20be7cfb....0.tmp
  • /data/data/####/ef54ddc61bdd58f09c59969c10834b23da95f9922e8efe4....0.tmp
  • /data/data/####/f6ee2a73573fb2be37676491dfbc694970ce6aa57c7b7a1....0.tmp
  • /data/data/####/fa1091951f456dd149d6ef0baf6abda8ef32880d2e8bcde....0.tmp
  • /data/data/####/fa1c7ee61225e15920bf9ef236daa7d258c55b1ede06c4c....0.tmp
  • /data/data/####/fa2b7f97a7ff889aa1e9c188543a2b2fe01280101da3cb5....0.tmp
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/growing.db-journal
  • /data/data/####/growing_ecsid.xml
  • /data/data/####/growing_persist_data.xml
  • /data/data/####/growing_profile.xml
  • /data/data/####/growing_server_pref.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/iconfont.eot
  • /data/data/####/iconfont.svg
  • /data/data/####/iconfont.ttf
  • /data/data/####/iconfont.woff
  • /data/data/####/index.html
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/journal.tmp
  • /data/data/####/key_cache_announcement
  • /data/data/####/key_cache_brand
  • /data/data/####/key_cache_car_series_33_0
  • /data/data/####/key_cache_picker_city
  • /data/data/####/key_cache_picker_province
  • /data/data/####/key_cache_picker_zone
  • /data/data/####/key_hot_brand
  • /data/data/####/libcuid.so
  • /data/data/####/libjiagu-2011187885.so
  • /data/data/####/local_crash_lock
  • /data/data/####/mob_commons_1
  • /data/data/####/mob_sdk_exception_1
  • /data/data/####/multidex.version.xml
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/qixiubao
  • /data/data/####/qixiubao-journal
  • /data/data/####/run.pid
  • /data/data/####/security_info
  • /data/data/####/sensorsdata.xml
  • /data/data/####/tbs_download_config.xml
  • /data/data/####/tbs_download_stat.xml
  • /data/data/####/tbscoreinstall.txt
  • /data/data/####/tbslock.txt
  • /data/data/####/tdata_Soq141
  • /data/data/####/tdata_Soq141.jar
  • /data/data/####/tdata_vxj811
  • /data/data/####/tdata_vxj811.jar
  • /data/data/####/vue_c67f61b3fcfb2650320f.js
  • /data/media/####/.artc_lock
  • /data/media/####/.confd
  • /data/media/####/.confd-journal
  • /data/media/####/.cuid
  • /data/media/####/.cuid2
  • /data/media/####/.di
  • /data/media/####/.dic_lock
  • /data/media/####/.duid
  • /data/media/####/.globalLock
  • /data/media/####/.im_lock
  • /data/media/####/.lesd_lock
  • /data/media/####/.mn_-1464060969
  • /data/media/####/.nomedia
  • /data/media/####/.pkg_lock
  • /data/media/####/.pkgs_lock
  • /data/media/####/.rc_lock
  • /data/media/####/.slw
  • /data/media/####/.ss_lock
  • /data/media/####/.timestamp
  • /data/media/####/app.db
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.qp333.car.bin
  • /data/media/####/com.qp333.car.db
  • /data/media/####/tdata_Soq141
  • /data/media/####/tdata_vxj811
  • /data/media/####/test.log
Miscellaneous:
Executes next shell scripts:
  • /system/bin/sh -c getprop
  • /system/bin/sh -c type su
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.common.service.PushService 24099 300 0
  • cat /sys/class/net/wlan0/address
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu-2011187885.so
  • getprop
  • getprop ro.product.cpu.abi
Loads the following dynamic libraries:
  • Bugly
  • Secret
  • crash_analysis
  • getuiext2
  • libjiagu-2011187885
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
  • AES-GCM-NoPadding
  • RSA-ECB-NoPadding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-ECB-NoPadding
  • AES-GCM-NoPadding
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Gains access to information about running applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android