マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Adware.Gexin.10301

Added to the Dr.Web virus database: 2019-03-16

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.3.origin
Accesses the ITelephony private interface.
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) ti####.c####.l####.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) pin####.qq.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) pi####.qq.com:80
  • TCP(HTTP/1.1) st####.dc####.net.cn:80
  • TCP(TLS/1.0) ser####.dc####.net.cn:443
  • TCP(TLS/1.0) yigo####.com:443
  • TCP(TLS/1.0) res####.a####.com:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP c####.g####.ig####.com:5224
DNS requests:
  • amap####.cn-hang####.oss####.####.com
  • and####.b####.qq.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • pi####.qq.com
  • pin####.qq.com
  • res####.a####.com
  • sdk.c####.ig####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • ser####.dc####.net.cn
  • st####.dc####.net.cn
  • www.yigo####.com
  • yigo####.com
HTTP GET requests:
  • sh.wagbr####.aliyun####.com/sdkcoor/android/x86/libJni_wgs2gcj.so
  • ti####.c####.l####.####.com/config/hz-hzv3.conf
HTTP POST requests:
  • and####.b####.qq.com/rqd/async
  • c-h####.g####.com/api.php?format=####&t=####
  • pi####.qq.com/mstat/report/?index=####
  • pin####.qq.com/request
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • st####.dc####.net.cn/device/location
File system changes:
Creates the following files:
  • /data/data/####/.imei.txt
  • /data/data/####/H5F3683FF.xml
  • /data/data/####/H5F3683FF_download_dcloud.xml
  • /data/data/####/_adio.dcloud.feature.ad.a.a.xml
  • /data/data/####/bugly_db_legu-journal
  • /data/data/####/clientid_igexin.xml
  • /data/data/####/com.yigongla.xflwl2017.mid.world.ro.xml
  • /data/data/####/com.yigongla.xflwl2017_preferences.xml
  • /data/data/####/dafile.db
  • /data/data/####/dafile.db-journal
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/dc_ad_type_key.xml
  • /data/data/####/f_000001
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/hmdb
  • /data/data/####/hmdb-journal
  • /data/data/####/html5Geo.xml
  • /data/data/####/index
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/journal
  • /data/data/####/journal.tmp
  • /data/data/####/legu_tencent_analysis.db_com.yigongla.xflwl2017-journal
  • /data/data/####/libnfix.so
  • /data/data/####/libshella-2.9.0.1.so
  • /data/data/####/libufix.so
  • /data/data/####/local_crash_lock
  • /data/data/####/loctemp.so
  • /data/data/####/logdb.db
  • /data/data/####/logdb.db-journal
  • /data/data/####/mix.dex
  • /data/data/####/native_record_lock
  • /data/data/####/pdr.xml
  • /data/data/####/pref.xml
  • /data/data/####/pri_legu_tencent_analysis.db_com.yigongla.xflwl...ournal
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/run.pid
  • /data/data/####/security_info
  • /data/data/####/start_statistics_data.xml
  • /data/data/####/stream_permission.xml
  • /data/data/####/test_app
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/media/####/.buildPropertiesMD5.data
  • /data/media/####/.imei.txt
  • /data/media/####/.mid.txt
  • /data/media/####/.mid.txt1000001
  • /data/media/####/0.png
  • /data/media/####/1.png
  • /data/media/####/10.png
  • /data/media/####/11.png
  • /data/media/####/1111116.apk
  • /data/media/####/12.png
  • /data/media/####/13.png
  • /data/media/####/14.png
  • /data/media/####/15.png
  • /data/media/####/16.png
  • /data/media/####/17.png
  • /data/media/####/18.png
  • /data/media/####/19.png
  • /data/media/####/2.png
  • /data/media/####/20.png
  • /data/media/####/20180126.png
  • /data/media/####/20190316.log
  • /data/media/####/21.png
  • /data/media/####/22.png
  • /data/media/####/23.png
  • /data/media/####/24.png
  • /data/media/####/25.png
  • /data/media/####/26.png
  • /data/media/####/27.png
  • /data/media/####/28.png
  • /data/media/####/29.png
  • /data/media/####/3.png
  • /data/media/####/30.png
  • /data/media/####/301.png
  • /data/media/####/302.png
  • /data/media/####/31.png
  • /data/media/####/32.png
  • /data/media/####/4.png
  • /data/media/####/49.png
  • /data/media/####/5.png
  • /data/media/####/53.png
  • /data/media/####/54.png
  • /data/media/####/55.png
  • /data/media/####/56.png
  • /data/media/####/57.png
  • /data/media/####/58.png
  • /data/media/####/6.png
  • /data/media/####/7.png
  • /data/media/####/8.png
  • /data/media/####/9.png
  • /data/media/####/99.png
  • /data/media/####/AdEnable.dat
  • /data/media/####/Invite.png
  • /data/media/####/about-icon.png
  • /data/media/####/about.html
  • /data/media/####/about_logo.png
  • /data/media/####/active_bg_logo.png
  • /data/media/####/active_panel.png
  • /data/media/####/active_to_bg.png
  • /data/media/####/activity.js
  • /data/media/####/activity_bg.png
  • /data/media/####/add_job_life.html
  • /data/media/####/add_person_about.html
  • /data/media/####/add_person_about1.html
  • /data/media/####/add_person_about2.html
  • /data/media/####/add_person_about3.html
  • /data/media/####/add_person_about_three.html
  • /data/media/####/add_person_about_two.html
  • /data/media/####/add_skill.html
  • /data/media/####/address-icon.png
  • /data/media/####/address-subpage.css
  • /data/media/####/address-subpage.html
  • /data/media/####/address-subpage.js
  • /data/media/####/address.png
  • /data/media/####/aes.js
  • /data/media/####/ajaxLoadWork.js
  • /data/media/####/alsn.db
  • /data/media/####/alsn.db-journal
  • /data/media/####/app.db
  • /data/media/####/app_background.png
  • /data/media/####/apply.html
  • /data/media/####/apply.js
  • /data/media/####/apply_people.html
  • /data/media/####/apply_people.js
  • /data/media/####/apply_people_content.html
  • /data/media/####/apply_record.png
  • /data/media/####/appointment_work.html
  • /data/media/####/attestation_enterprise_bg.png
  • /data/media/####/auth.html
  • /data/media/####/auth_icon.png
  • /data/media/####/auth_id_card.png
  • /data/media/####/awaken.html
  • /data/media/####/back.png
  • /data/media/####/backPayment.css
  • /data/media/####/bag-icon.png
  • /data/media/####/balance-icon.png
  • /data/media/####/bg-logo.png
  • /data/media/####/bg.png
  • /data/media/####/bgInput.png
  • /data/media/####/bg_my_img.png
  • /data/media/####/bg_my_img_money.png
  • /data/media/####/billing.gif
  • /data/media/####/bindPay.html
  • /data/media/####/body_common.css
  • /data/media/####/bolang.png
  • /data/media/####/bottom.png
  • /data/media/####/btn_help.png
  • /data/media/####/cache.png
  • /data/media/####/callPhone.js
  • /data/media/####/cancel.html
  • /data/media/####/cancel.mp3
  • /data/media/####/cancel.png
  • /data/media/####/cancel_have_time.html
  • /data/media/####/cancel_icon.png
  • /data/media/####/cancel_time.html
  • /data/media/####/changePassword.html
  • /data/media/####/check_false.png
  • /data/media/####/city.data-3.js
  • /data/media/####/code.png
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.yigongla.xflwl2017.bin
  • /data/media/####/com.yigongla.xflwl2017.db
  • /data/media/####/comment_time.html
  • /data/media/####/common.css
  • /data/media/####/common.js
  • /data/media/####/company.html
  • /data/media/####/companyForgetPassword.html
  • /data/media/####/companyRegister.html
  • /data/media/####/company_auth.html
  • /data/media/####/company_desc.html
  • /data/media/####/company_index.css
  • /data/media/####/company_index.html
  • /data/media/####/company_introduction.png
  • /data/media/####/company_message.html
  • /data/media/####/company_message.png
  • /data/media/####/company_message_main.html
  • /data/media/####/company_reviewed.html
  • /data/media/####/compensate_pay.html
  • /data/media/####/cooperation-icon.png
  • /data/media/####/course.html
  • /data/media/####/course.png
  • /data/media/####/course_index.html
  • /data/media/####/current.html
  • /data/media/####/current.png
  • /data/media/####/current_btn.html
  • /data/media/####/dc-ios.png
  • /data/media/####/dc.png
  • /data/media/####/dc1.png
  • /data/media/####/dc2.png
  • /data/media/####/dcman-ios.png
  • /data/media/####/dcman.png
  • /data/media/####/default.png
  • /data/media/####/default_boy.png
  • /data/media/####/default_girl.png
  • /data/media/####/default_icon.png
  • /data/media/####/desc.html
  • /data/media/####/detail.html
  • /data/media/####/detail.js
  • /data/media/####/detailActivity.js
  • /data/media/####/down_icon.png
  • /data/media/####/down_save_img.js
  • /data/media/####/dt61552696639555.download
  • /data/media/####/dt81552696639919.download
  • /data/media/####/duanxing.png
  • /data/media/####/edit.html
  • /data/media/####/edit_appointment_work.html
  • /data/media/####/edit_icon.png
  • /data/media/####/edit_long_work.html
  • /data/media/####/eje3cnc
  • /data/media/####/ejs.js
  • /data/media/####/employer.png
  • /data/media/####/end_of_day.html
  • /data/media/####/envelopes.html
  • /data/media/####/ewm.png
  • /data/media/####/fengxiangicon.png
  • /data/media/####/find-work-tab-webview-subpage-contact.html
  • /data/media/####/find-work-tab-webview-subpage-home.html
  • /data/media/####/find-work-tab-webview-subpage-person.html
  • /data/media/####/findPerson.html
  • /data/media/####/findWorkBtn.png
  • /data/media/####/find_people.css
  • /data/media/####/find_people.html
  • /data/media/####/findlongjob.css
  • /data/media/####/finger.png
  • /data/media/####/forgetPassword.html
  • /data/media/####/fuli.html
  • /data/media/####/gallery.js
  • /data/media/####/geolocation.js
  • /data/media/####/get-money-icon.png
  • /data/media/####/get.css
  • /data/media/####/getAd.js
  • /data/media/####/getMessage.html
  • /data/media/####/getMessage.js
  • /data/media/####/getTodayMoney.js
  • /data/media/####/getTodayOrder.js
  • /data/media/####/getUserCredit.js
  • /data/media/####/get_money.html
  • /data/media/####/get_person_geolocation.js
  • /data/media/####/gift.png
  • /data/media/####/goToTop.js
  • /data/media/####/go_to_top.css
  • /data/media/####/go_to_top.png
  • /data/media/####/goodFriend.png
  • /data/media/####/goodHaveFriend.png
  • /data/media/####/gps.js
  • /data/media/####/gpsTest.js
  • /data/media/####/have_work.html
  • /data/media/####/help-tip.jpg
  • /data/media/####/help.css
  • /data/media/####/help.png
  • /data/media/####/highlightedbtn_refresh_highlighted.png
  • /data/media/####/home-address.css
  • /data/media/####/home-address.html
  • /data/media/####/homeMap.js
  • /data/media/####/home_issue.png
  • /data/media/####/homebtn_close.png
  • /data/media/####/homebtn_release_ft.png
  • /data/media/####/homebtn_release_pt.png
  • /data/media/####/homebtn_release_rtr.png
  • /data/media/####/houtui.png
  • /data/media/####/icon- problem.png
  • /data/media/####/icon-1-bg.png
  • /data/media/####/icon-1.png
  • /data/media/####/icon-2-bg.png
  • /data/media/####/icon-2.png
  • /data/media/####/icon-3-bg.png
  • /data/media/####/icon-3.png
  • /data/media/####/icon-4-bg.png
  • /data/media/####/icon-4.png
  • /data/media/####/icon-auth.png
  • /data/media/####/icon-bottom.png
  • /data/media/####/icon-close.png
  • /data/media/####/icon-company-long.png
  • /data/media/####/icon-company-new.gif
  • /data/media/####/icon-company.png
  • /data/media/####/icon-coupon.png
  • /data/media/####/icon-credit.png
  • /data/media/####/icon-cs.png
  • /data/media/####/icon-forget.png
  • /data/media/####/icon-gantan.png
  • /data/media/####/icon-index-background.png
  • /data/media/####/icon-jiedan.png
  • /data/media/####/icon-leakage.png
  • /data/media/####/icon-logo.gif
  • /data/media/####/icon-logo.png
  • /data/media/####/icon-me-content.png
  • /data/media/####/icon-no-auth.png
  • /data/media/####/icon-no-tick.png
  • /data/media/####/icon-operation.png
  • /data/media/####/icon-person-head.png
  • /data/media/####/icon-person.png
  • /data/media/####/icon-pic-close.png
  • /data/media/####/icon-qiehuan.png
  • /data/media/####/icon-real-name.png
  • /data/media/####/icon-refause.png
  • /data/media/####/icon-register.png
  • /data/media/####/icon-renzheng.png
  • /data/media/####/icon-share.png
  • /data/media/####/icon-tick.png
  • /data/media/####/icon-upgrade.png
  • /data/media/####/icon-vip.png
  • /data/media/####/icon-yes.png
  • /data/media/####/icon-yyzz.png
  • /data/media/####/icon.html
  • /data/media/####/icon_call_off.png
  • /data/media/####/icon_credit.png
  • /data/media/####/icon_jiantou.png
  • /data/media/####/icon_jiantou2.png
  • /data/media/####/icon_list_leftbg.png
  • /data/media/####/icon_list_phone.png
  • /data/media/####/icon_navigation.png
  • /data/media/####/icon_no.png
  • /data/media/####/icon_pm.png
  • /data/media/####/icon_resume_experience.png
  • /data/media/####/icon_resume_work.png
  • /data/media/####/icon_share.png
  • /data/media/####/icon_star-star.png
  • /data/media/####/icon_tn.png
  • /data/media/####/icon_tphone.png
  • /data/media/####/icon_whsm.png
  • /data/media/####/iconfont.css
  • /data/media/####/iconfont.ttf
  • /data/media/####/idCard.png
  • /data/media/####/idCardBig.png
  • /data/media/####/idCardVerify.js
  • /data/media/####/idcard.png
  • /data/media/####/index-bg-btn.png
  • /data/media/####/index.css
  • /data/media/####/index.html
  • /data/media/####/index.js
  • /data/media/####/indexActivity.js
  • /data/media/####/indexCompanyType.html
  • /data/media/####/indexLongType.html
  • /data/media/####/indexPersonType.html
  • /data/media/####/index_active_pic.jpg
  • /data/media/####/index_bg.png
  • /data/media/####/index_company.js
  • /data/media/####/index_content.html
  • /data/media/####/index_dog.png
  • /data/media/####/index_long.css
  • /data/media/####/index_long.html
  • /data/media/####/index_mao.png
  • /data/media/####/index_map.html
  • /data/media/####/index_one.html
  • /data/media/####/index_three.css
  • /data/media/####/index_three.html
  • /data/media/####/index_two.css
  • /data/media/####/index_two.html
  • /data/media/####/information.png
  • /data/media/####/intention_icon.png
  • /data/media/####/intro_btn.png
  • /data/media/####/intro_tip.png
  • /data/media/####/introduction.css
  • /data/media/####/introduction.html
  • /data/media/####/introduction.js
  • /data/media/####/introduction.png
  • /data/media/####/introduction_certificate.html
  • /data/media/####/introduction_certificate.js
  • /data/media/####/introduction_certificate_index.css
  • /data/media/####/introduction_certificate_index.html
  • /data/media/####/introduction_certificate_index.js
  • /data/media/####/introduction_css.css
  • /data/media/####/introduction_exp.html
  • /data/media/####/introduction_exp.js
  • /data/media/####/introduction_exp_index.css
  • /data/media/####/introduction_exp_index.html
  • /data/media/####/introduction_exp_index.js
  • /data/media/####/introduction_index.css
  • /data/media/####/introduction_index.html
  • /data/media/####/introduction_index.js
  • /data/media/####/introduction_js.js
  • /data/media/####/introduction_preview.html
  • /data/media/####/introduction_select.js
  • /data/media/####/introduction_skill.css
  • /data/media/####/introduction_skill.html
  • /data/media/####/introduction_skill.js
  • /data/media/####/introduction_work.html
  • /data/media/####/introduction_work.js
  • /data/media/####/invation.png
  • /data/media/####/invitation.html
  • /data/media/####/invitation.js
  • /data/media/####/jianjie_icon.png
  • /data/media/####/jiantou.png
  • /data/media/####/jiantou2.png
  • /data/media/####/jiantou3.png
  • /data/media/####/job.css
  • /data/media/####/job.html
  • /data/media/####/job.js
  • /data/media/####/jobAlert.js
  • /data/media/####/job_left_icon.png
  • /data/media/####/job_new_red.png
  • /data/media/####/job_red.png
  • /data/media/####/job_right_list.css
  • /data/media/####/job_right_list.html
  • /data/media/####/job_right_list.js
  • /data/media/####/job_type.html
  • /data/media/####/job_type_test.png
  • /data/media/####/jobdetail.css
  • /data/media/####/joblists.css
  • /data/media/####/jquery-2.1.0.js
  • /data/media/####/jquery.min.js
  • /data/media/####/kefu-icon-pic.png
  • /data/media/####/kefu-icon.png
  • /data/media/####/kefu.css
  • /data/media/####/kefu.png
  • /data/media/####/last_work.png
  • /data/media/####/left_bottom.png
  • /data/media/####/list_add_certificate.png
  • /data/media/####/list_all.png
  • /data/media/####/list_btn.png
  • /data/media/####/list_money.png
  • /data/media/####/list_no_btn.png
  • /data/media/####/list_order.png
  • /data/media/####/list_phone.png
  • /data/media/####/list_send.png
  • /data/media/####/list_start.png
  • /data/media/####/list_time.png
  • /data/media/####/listbtn_report.png
  • /data/media/####/listbtn_share.png
  • /data/media/####/login-del.html
  • /data/media/####/login.css
  • /data/media/####/login.js
  • /data/media/####/loginActivity.js
  • /data/media/####/loginIndex.css
  • /data/media/####/loginIndex.html
  • /data/media/####/login_left_bg.png
  • /data/media/####/login_right_bg.png
  • /data/media/####/logo.png
  • /data/media/####/long.html
  • /data/media/####/longType.html
  • /data/media/####/longWork.css
  • /data/media/####/longWork.html
  • /data/media/####/long_term_temporary_work.html
  • /data/media/####/long_work.html
  • /data/media/####/long_work.png
  • /data/media/####/look_for_me.html
  • /data/media/####/look_for_me.js
  • /data/media/####/look_index.html
  • /data/media/####/look_people.js
  • /data/media/####/look_people_content.html
  • /data/media/####/lq.png
  • /data/media/####/mages.png
  • /data/media/####/man.png
  • /data/media/####/manifest.json
  • /data/media/####/map-panel.css
  • /data/media/####/map.html
  • /data/media/####/map.js
  • /data/media/####/mapGps.html
  • /data/media/####/mapPanel.css
  • /data/media/####/mapPanel.html
  • /data/media/####/mapPanel.js
  • /data/media/####/mapRecord.html
  • /data/media/####/mask.html
  • /data/media/####/mask_fujin.png
  • /data/media/####/mask_index_bottom.png
  • /data/media/####/mask_index_top.png
  • /data/media/####/mask_send_job.png
  • /data/media/####/md5.js
  • /data/media/####/meIndex.png
  • /data/media/####/medal.png
  • /data/media/####/message.css
  • /data/media/####/message.html
  • /data/media/####/message.js
  • /data/media/####/message.png
  • /data/media/####/message_circle.js
  • /data/media/####/message_main.html
  • /data/media/####/message_main.js
  • /data/media/####/moblietel.png
  • /data/media/####/money-icon.png
  • /data/media/####/money.mp3
  • /data/media/####/movie_index.png
  • /data/media/####/mui-icon-font.css
  • /data/media/####/mui-icons-extra.ttf
  • /data/media/####/mui-preview-image.css
  • /data/media/####/mui-weixin.png
  • /data/media/####/mui.js
  • /data/media/####/mui.lazyload.img.js
  • /data/media/####/mui.lazyload.js
  • /data/media/####/mui.min.css
  • /data/media/####/mui.min.js
  • /data/media/####/mui.picker.all.css
  • /data/media/####/mui.picker.min.js
  • /data/media/####/mui.poppicker.js
  • /data/media/####/mui.previewimage.js
  • /data/media/####/mui.pullToRefresh.js
  • /data/media/####/mui.pullToRefresh.material.js
  • /data/media/####/mui.ttf
  • /data/media/####/mui.zoom.js
  • /data/media/####/my-order.html
  • /data/media/####/myLongWork.js
  • /data/media/####/my_have_message.png
  • /data/media/####/navigation.mp3
  • /data/media/####/newOrderContent.css
  • /data/media/####/not_verified.png
  • /data/media/####/ok_icon.png
  • /data/media/####/ok_time.html
  • /data/media/####/okicon.png
  • /data/media/####/or.png
  • /data/media/####/order-company-bg-long.png
  • /data/media/####/order-company-bg.png
  • /data/media/####/order-person-bg.png
  • /data/media/####/order.css
  • /data/media/####/orderContent.css
  • /data/media/####/orderContent.html
  • /data/media/####/order_index.js
  • /data/media/####/order_ok.mp3
  • /data/media/####/order_record.png
  • /data/media/####/orders.js
  • /data/media/####/orders.png
  • /data/media/####/other.js
  • /data/media/####/other_top_css.css
  • /data/media/####/pad-zeropadding.js
  • /data/media/####/password.png
  • /data/media/####/passwordLogin.html
  • /data/media/####/payment.html
  • /data/media/####/payment.js
  • /data/media/####/paymentSetting.css
  • /data/media/####/paymentSetting.html
  • /data/media/####/payment_profile.html
  • /data/media/####/payment_profile.js
  • /data/media/####/payment_time.html
  • /data/media/####/person-bg.png
  • /data/media/####/person.css
  • /data/media/####/person.html
  • /data/media/####/person.js
  • /data/media/####/personWork.html
  • /data/media/####/personal_ec.png
  • /data/media/####/personal_news.png
  • /data/media/####/personal_recruit.png
  • /data/media/####/personal_send.png
  • /data/media/####/personal_tm.png
  • /data/media/####/phone.png
  • /data/media/####/picture.png
  • /data/media/####/positive.png
  • /data/media/####/pressedbtn_icon_time.png
  • /data/media/####/pressedbtn_release_pressed.png
  • /data/media/####/price.png
  • /data/media/####/problem.png
  • /data/media/####/profile_people_content.html
  • /data/media/####/profit.html
  • /data/media/####/progress.css
  • /data/media/####/promise.js
  • /data/media/####/put_send.html
  • /data/media/####/qq.png
  • /data/media/####/qrcode.html
  • /data/media/####/qrcode.min.js
  • /data/media/####/qrcode.png
  • /data/media/####/question.png
  • /data/media/####/real_time.css
  • /data/media/####/real_time.html
  • /data/media/####/recharge.css
  • /data/media/####/recharge.html
  • /data/media/####/recruit-workers-tab-webview-subpage-contact.html
  • /data/media/####/recruit-workers-tab-webview-subpage-home.html
  • /data/media/####/recruit-workers-tab-webview-subpage-person.html
  • /data/media/####/recruit-workers-tab-webview-subpage-task.html
  • /data/media/####/recruitLoadAjax.js
  • /data/media/####/recruitRecord.png
  • /data/media/####/red.html
  • /data/media/####/red.png
  • /data/media/####/redEnvelopes.js
  • /data/media/####/redNewEnvelopes.js
  • /data/media/####/red_bg_background.png
  • /data/media/####/register.html
  • /data/media/####/release_location.png
  • /data/media/####/release_rtr_bg.png
  • /data/media/####/release_succeed_bg.png
  • /data/media/####/release_succeed_ic.png
  • /data/media/####/rest.mp3
  • /data/media/####/resume.png
  • /data/media/####/resume_calendar.png
  • /data/media/####/resume_sur_bg.png
  • /data/media/####/return.png
  • /data/media/####/right_bottom.png
  • /data/media/####/round.gif
  • /data/media/####/rule.html
  • /data/media/####/salaryExpectation.js
  • /data/media/####/search.css
  • /data/media/####/search.html
  • /data/media/####/search_people.css
  • /data/media/####/search_people.html
  • /data/media/####/search_work.html
  • /data/media/####/see_phone.png
  • /data/media/####/see_pic.png
  • /data/media/####/send-money-icon.png
  • /data/media/####/send-order-find-billing.css
  • /data/media/####/send-order-find-billing.html
  • /data/media/####/send-order-find-many-billing.html
  • /data/media/####/send-order-find-people-long-work.html
  • /data/media/####/send-order-find-people.css
  • /data/media/####/send-order-find-people.html
  • /data/media/####/send-order-find-success.css
  • /data/media/####/send-order-find-success.html
  • /data/media/####/send-order-find-wait.html
  • /data/media/####/send-order-icon.gif
  • /data/media/####/send-order.html
  • /data/media/####/send-task-icon.png
  • /data/media/####/send.html
  • /data/media/####/send.js
  • /data/media/####/send_cancel.html
  • /data/media/####/send_comment.html
  • /data/media/####/send_have_in.html
  • /data/media/####/send_index.js
  • /data/media/####/send_ok.html
  • /data/media/####/send_order.png
  • /data/media/####/send_payment.html
  • /data/media/####/setting-icon-money.png
  • /data/media/####/setting-icon.png
  • /data/media/####/setting.css
  • /data/media/####/setting.png
  • /data/media/####/share-icon.png
  • /data/media/####/share.html
  • /data/media/####/share.js
  • /data/media/####/shareContent.js
  • /data/media/####/shareList.html
  • /data/media/####/share_content.png
  • /data/media/####/share_friend.png
  • /data/media/####/share_qq.png
  • /data/media/####/share_wx.png
  • /data/media/####/show_map_content.html
  • /data/media/####/sincerity-other.png
  • /data/media/####/sincerity.png
  • /data/media/####/sql.js
  • /data/media/####/squre_false.png
  • /data/media/####/squre_true.png
  • /data/media/####/stars-all.png
  • /data/media/####/stars-b-all.png
  • /data/media/####/stars.css
  • /data/media/####/stars.png
  • /data/media/####/startWord.html
  • /data/media/####/startWord.jpg
  • /data/media/####/start_orders.mp3
  • /data/media/####/start_time.html
  • /data/media/####/starts-other.png
  • /data/media/####/staticClass.js
  • /data/media/####/strings.js
  • /data/media/####/success.html
  • /data/media/####/sweetalert2.min.css
  • /data/media/####/sweetalert2.min.js
  • /data/media/####/switch_off.png
  • /data/media/####/switch_on.png
  • /data/media/####/tab-webview-subpage-contact-activity.js
  • /data/media/####/tab-webview-subpage-contact.js
  • /data/media/####/tab-webview-subpage-home-activity.js
  • /data/media/####/tab-webview-subpage-home.css
  • /data/media/####/tab-webview-subpage-home.js
  • /data/media/####/tab-webview-subpage-person-activity.js
  • /data/media/####/tab-webview-subpage-person.css
  • /data/media/####/tab-webview-subpage-person.js
  • /data/media/####/tab-webview-subpage-send-order-check.css
  • /data/media/####/tab-webview-subpage-send-order.css
  • /data/media/####/task.png
  • /data/media/####/tel.png
  • /data/media/####/the_work.html
  • /data/media/####/three.html
  • /data/media/####/time-icon.png
  • /data/media/####/title.png
  • /data/media/####/today_red.png
  • /data/media/####/today_red_close.png
  • /data/media/####/today_red_ok.png
  • /data/media/####/top_common.css
  • /data/media/####/top_css.css
  • /data/media/####/total_money.html
  • /data/media/####/type_content.css
  • /data/media/####/type_content.html
  • /data/media/####/type_index.html
  • /data/media/####/up_icon.png
  • /data/media/####/upload.png
  • /data/media/####/uploadImg.js
  • /data/media/####/user.png
  • /data/media/####/user_agreement.html
  • /data/media/####/user_book.png
  • /data/media/####/user_icon.js
  • /data/media/####/username.png
  • /data/media/####/utilsTool.js
  • /data/media/####/vedio_front_pic.png
  • /data/media/####/verified-icon.png
  • /data/media/####/vip_invitation.html
  • /data/media/####/vitae_edit__normal_rbtn.png
  • /data/media/####/vitae_edit_btn.png
  • /data/media/####/vitae_gray_normal_btn.png
  • /data/media/####/vitae_orange_btn.png
  • /data/media/####/vue.js
  • /data/media/####/wait.css
  • /data/media/####/wait.html
  • /data/media/####/wait.mp3
  • /data/media/####/waitGif.gif
  • /data/media/####/wait_people.html
  • /data/media/####/wallet.css
  • /data/media/####/wallet.html
  • /data/media/####/wb.png
  • /data/media/####/websocket.js
  • /data/media/####/webviewGroup.js
  • /data/media/####/withdrawal.css
  • /data/media/####/withdrawal.html
  • /data/media/####/withdrawals.mp3
  • /data/media/####/women.png
  • /data/media/####/work.html
  • /data/media/####/work_content.html
  • /data/media/####/work_time.css
  • /data/media/####/work_time.html
  • /data/media/####/workesBtn.png
  • /data/media/####/wx.png
  • /data/media/####/yaoqing.png
  • /data/media/####/yaoqingpeople.png
  • /data/media/####/yg.png
  • /data/media/####/you_have_not_orders.mp3
  • /data/media/####/you_have_order.mp3
  • /data/media/####/yqm.png
  • /data/media/####/zfb-icon.png
  • /data/media/####/zfb.png
  • /data/media/####/zg_hujiao.png
  • /data/media/####/zg_zp.png
  • /data/media/####/zhegnshu3.png
  • /data/media/####/zhengshu2.png
  • /data/media/####/zhenshu1.png
  • /data/media/####/zq_btn.png
  • /data/media/####/zq_map.png
  • /data/media/####/zx.png
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/sh -c getprop ro.aa.romver
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c getprop ro.build.fingerprint
  • /system/bin/sh -c getprop ro.build.nubia.rom.name
  • /system/bin/sh -c getprop ro.build.rom.id
  • /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  • /system/bin/sh -c getprop ro.build.version.emui
  • /system/bin/sh -c getprop ro.build.version.opporom
  • /system/bin/sh -c getprop ro.gn.gnromvernumber
  • /system/bin/sh -c getprop ro.lenovo.series
  • /system/bin/sh -c getprop ro.lewa.version
  • /system/bin/sh -c getprop ro.meizu.product.model
  • /system/bin/sh -c getprop ro.miui.ui.version.name
  • /system/bin/sh -c getprop ro.vivo.os.build.display.id
  • /system/bin/sh -c type su
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/io.dcloud.feature.apsGt.GTNormalPushService 25028 300 0
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 700 <Package Folder>/tx_shell/libnfix.so
  • chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.1.so
  • chmod 700 <Package Folder>/tx_shell/libufix.so
  • getprop ro.aa.romver
  • getprop ro.board.platform
  • getprop ro.build.fingerprint
  • getprop ro.build.nubia.rom.name
  • getprop ro.build.rom.id
  • getprop ro.build.tyd.kbstyle_version
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.gn.gnromvernumber
  • getprop ro.lenovo.series
  • getprop ro.lewa.version
  • getprop ro.meizu.product.model
  • getprop ro.miui.ui.version.name
  • getprop ro.vivo.os.build.display.id
  • getprop ro.yunos.version
  • logcat -d -v threadtime
  • sh <Package Folder>/files/gdaemon_20161017 0 <Package>/io.dcloud.feature.apsGt.GTNormalPushService 25028 300 0
Loads the following dynamic libraries:
  • Bugly
  • MtaNativeCrash
  • getuiext2
  • libnfix
  • libshella-2.9.0.1
  • libufix
  • nfix
  • ufix
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CFB-NoPadding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
  • RSA-NONE-PKCS1PADDING
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CFB-NoPadding
  • AES-GCM-NoPadding
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
Manages Wi-Fi connectivity.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android