マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Adware.Gexin.12313

Added to the Dr.Web virus database: 2019-04-14

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.3.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) ser####.dc####.net.cn:80
  • TCP(HTTP/1.1) qin####.com.www.####.com:80
  • TCP(HTTP/1.1) sdk-ope####.g####.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(TLS/1.0) ssl.gst####.com:443
  • TCP(TLS/1.0) ser####.dc####.net.cn:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) www.gst####.com:443
  • TCP(TLS/1.0) www.go####.nl:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP c####.g####.ig####.com:5225
DNS requests:
  • aexcep####.b####.qq.com
  • and####.b####.qq.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • pub-####.qin####.com
  • sdk-ope####.g####.com
  • sdk.c####.ig####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • ser####.dc####.net.cn
  • ssl.gst####.com
  • st####.dc####.net.cn
  • www.go####.com
  • www.go####.nl
  • www.gst####.com
HTTP GET requests:
  • qin####.com.www.####.com/tdata_EDT356
  • t####.c####.q####.####.com/config/hz-hzv6.conf
HTTP POST requests:
  • aexcep####.b####.qq.com:8012/rqd/async
  • and####.b####.qq.com/rqd/async
  • c-h####.g####.com/api.php?format=####&t=####
  • sdk-ope####.g####.com/api.php?format=####&t=####
  • ser####.dc####.net.cn/device/location
File system changes:
Creates the following files:
  • /data/data/####/.imei.txt
  • /data/data/####/5ddbd1fc30ef
  • /data/data/####/H589C31F8.xml
  • /data/data/####/H589C31F8_storages.xml
  • /data/data/####/MultiDex.lock
  • /data/data/####/_adio.dcloud.feature.ad.a.a.xml
  • /data/data/####/bugly_db_legu-journal
  • /data/data/####/cc.db
  • /data/data/####/cc.db-journal
  • /data/data/####/clientid_igexin.xml
  • /data/data/####/dc_ad_type_key.xml
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/html5Geo.xml
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/libnfix.so
  • /data/data/####/libshella-2.9.1.2.so
  • /data/data/####/libufix.so
  • /data/data/####/local_crash_lock
  • /data/data/####/mix.dex
  • /data/data/####/mobclick_agent_cached_com.hooju.batzb20180
  • /data/data/####/multidex.version.xml
  • /data/data/####/native_record_lock
  • /data/data/####/pdr.xml
  • /data/data/####/push.pid
  • /data/data/####/push_db_name.xml
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/run.pid
  • /data/data/####/security_info
  • /data/data/####/start_statistics_data.xml
  • /data/data/####/stream_permission.xml
  • /data/data/####/test_app
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal (deleted)
  • /data/media/####/.imei.txt
  • /data/media/####/.nomedia
  • /data/media/####/1024x1024.png
  • /data/media/####/20190414.log
  • /data/media/####/5.png
  • /data/media/####/6.png
  • /data/media/####/AcceptFinished.html
  • /data/media/####/AccountMobileVerify.css
  • /data/media/####/AccountMobileVerify.html
  • /data/media/####/AccountMobileVerify.js
  • /data/media/####/AccountSandVerify.css
  • /data/media/####/AccountSandVerify.html
  • /data/media/####/AccountSandVerify.js
  • /data/media/####/AdEnable.dat
  • /data/media/####/AndroidApi.js
  • /data/media/####/ClientApi.js
  • /data/media/####/Employer.png
  • /data/media/####/Pay.html
  • /data/media/####/PayFinished.html
  • /data/media/####/ProjectList.js
  • /data/media/####/RobList.css
  • /data/media/####/RobList.js
  • /data/media/####/User.css
  • /data/media/####/UserVerifyd.js
  • /data/media/####/VerifySuccess.css
  • /data/media/####/VerifySuccess.html
  • /data/media/####/add-point-alert-bg.png
  • /data/media/####/add.png
  • /data/media/####/addBankSuccess.html
  • /data/media/####/add_bank.png
  • /data/media/####/add_dotted.png
  • /data/media/####/add_solid.png
  • /data/media/####/agreement.html
  • /data/media/####/agreement.js
  • /data/media/####/agressment.css
  • /data/media/####/allQuestion.html
  • /data/media/####/allQuestion.js
  • /data/media/####/alrProject.html
  • /data/media/####/anz01.png
  • /data/media/####/anz02.png
  • /data/media/####/app.db
  • /data/media/####/applyBill.css
  • /data/media/####/applyBill.html
  • /data/media/####/applyBill.js
  • /data/media/####/applyBillSuccess.html
  • /data/media/####/areaSelect.js
  • /data/media/####/baiduMapPosition.html
  • /data/media/####/baiduMapiframe.html
  • /data/media/####/bank1.png
  • /data/media/####/bankAccount.css
  • /data/media/####/bankAccount.html
  • /data/media/####/bankAccount.js
  • /data/media/####/bankCardManage.html
  • /data/media/####/bankCardManage.js
  • /data/media/####/bankData.json
  • /data/media/####/bank_uion.png
  • /data/media/####/bannerIframe.html
  • /data/media/####/bannerPosition.html
  • /data/media/####/base.css
  • /data/media/####/bg_baozhang.png
  • /data/media/####/bg_baozhang_logo.png
  • /data/media/####/bg_coupons.png
  • /data/media/####/bg_coupons_1.png
  • /data/media/####/bg_dashed.png
  • /data/media/####/bg_info.png
  • /data/media/####/bg_large_bz.jpg
  • /data/media/####/bg_photo.png
  • /data/media/####/bg_top.png
  • /data/media/####/bg_top_1.png
  • /data/media/####/big_logo_3.png
  • /data/media/####/bill.png
  • /data/media/####/billDetail.css
  • /data/media/####/billDetail.html
  • /data/media/####/billDetail.js
  • /data/media/####/billHistory.css
  • /data/media/####/billHistory.html
  • /data/media/####/billHistory.js
  • /data/media/####/billHistory.png
  • /data/media/####/billProjects.css
  • /data/media/####/billProjects.html
  • /data/media/####/billProjects.js
  • /data/media/####/bind.html
  • /data/media/####/bind.js
  • /data/media/####/bindPhone.html
  • /data/media/####/bindTip.html
  • /data/media/####/bindTip.js
  • /data/media/####/boy.png
  • /data/media/####/btn_order.png
  • /data/media/####/call.png
  • /data/media/####/callOrder.png
  • /data/media/####/camera.png
  • /data/media/####/card.css
  • /data/media/####/card.js
  • /data/media/####/changeSuccess.html
  • /data/media/####/checkIn.png
  • /data/media/####/check_circular.png
  • /data/media/####/chooseBankCard.html
  • /data/media/####/chooseBankCard.js
  • /data/media/####/city.data-3.js
  • /data/media/####/city.data-4.js
  • /data/media/####/city_location.png
  • /data/media/####/close-btn-icon.png
  • /data/media/####/close.png
  • /data/media/####/code.png
  • /data/media/####/collect.png
  • /data/media/####/collection.png
  • /data/media/####/collectioned.png
  • /data/media/####/com.hooju.batzb.bin
  • /data/media/####/com.hooju.batzb.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/comment.css
  • /data/media/####/comment.js
  • /data/media/####/commitSuccess.html
  • /data/media/####/company.png
  • /data/media/####/companyDetail.html
  • /data/media/####/companyDetail.js
  • /data/media/####/complainHistory.html
  • /data/media/####/complainHistory.js
  • /data/media/####/complainPage.html
  • /data/media/####/complainPage.js
  • /data/media/####/complete.png
  • /data/media/####/component.css
  • /data/media/####/config.js
  • /data/media/####/config1.js
  • /data/media/####/config3.js
  • /data/media/####/confirmBtn.png
  • /data/media/####/confirmPub.jpg
  • /data/media/####/confirmPub_1.png
  • /data/media/####/constructionGuarantee.html
  • /data/media/####/coupons.css
  • /data/media/####/couponsLogo.png
  • /data/media/####/csMessage.css
  • /data/media/####/csMessage.html
  • /data/media/####/csMessage.js
  • /data/media/####/cz_bank.png
  • /data/media/####/cz_line.png
  • /data/media/####/cz_tel.png
  • /data/media/####/default.css
  • /data/media/####/default_bank.png
  • /data/media/####/del.png
  • /data/media/####/demandRelease.html
  • /data/media/####/device01.png
  • /data/media/####/device02.png
  • /data/media/####/distr.png
  • /data/media/####/doc.png
  • /data/media/####/dot.png
  • /data/media/####/dynamics.min.js
  • /data/media/####/e_notRule4_4.png
  • /data/media/####/e_notRule5_5.png
  • /data/media/####/e_notRule_1.png
  • /data/media/####/e_notRule_2.png
  • /data/media/####/e_notRule_3.png
  • /data/media/####/e_notRule_4.png
  • /data/media/####/e_notRule_5.png
  • /data/media/####/e_rule4_4.png
  • /data/media/####/e_rule5_5.png
  • /data/media/####/e_rule_1.png
  • /data/media/####/e_rule_2.png
  • /data/media/####/e_rule_3.png
  • /data/media/####/e_rule_4.png
  • /data/media/####/e_rule_5.png
  • /data/media/####/edit.png
  • /data/media/####/editComment.html
  • /data/media/####/editComment.js
  • /data/media/####/editPosition.html
  • /data/media/####/editPosition.js
  • /data/media/####/editWorkerPlace.html
  • /data/media/####/editWorkerPlace.js
  • /data/media/####/education_exp.png
  • /data/media/####/eje3cnc
  • /data/media/####/employ_pro_empty.png
  • /data/media/####/employer_distr.png
  • /data/media/####/employer_pri.png
  • /data/media/####/employer_rule.png
  • /data/media/####/empty.png
  • /data/media/####/empty_bill.png
  • /data/media/####/entVerify.css
  • /data/media/####/entVerify.html
  • /data/media/####/entVerifyFail.css
  • /data/media/####/entVerifyFail.html
  • /data/media/####/entVerifyReviewing.html
  • /data/media/####/entVerifySubmitSuccess.html
  • /data/media/####/enterpriseVerify.js
  • /data/media/####/error01.png
  • /data/media/####/error02.png
  • /data/media/####/exif.js
  • /data/media/####/exp.png
  • /data/media/####/exp_active.png
  • /data/media/####/feedback.html
  • /data/media/####/feedback.js
  • /data/media/####/file__0.localstorage-journal
  • /data/media/####/fire.png
  • /data/media/####/flower_bad.png
  • /data/media/####/flower_bad_on.png
  • /data/media/####/flower_good.png
  • /data/media/####/flower_good_on.png
  • /data/media/####/flower_normal.png
  • /data/media/####/flower_normal_on.png
  • /data/media/####/footer.js
  • /data/media/####/footer_warm.png
  • /data/media/####/girl.png
  • /data/media/####/global.css
  • /data/media/####/global.js
  • /data/media/####/grade_1.png
  • /data/media/####/grade_2.png
  • /data/media/####/grade_3.png
  • /data/media/####/grade_4.png
  • /data/media/####/grade_5.png
  • /data/media/####/grat_bottom.png
  • /data/media/####/guide.css
  • /data/media/####/guide.html
  • /data/media/####/hasUsed.png
  • /data/media/####/has_sign.png
  • /data/media/####/head.js
  • /data/media/####/head.png
  • /data/media/####/help.png
  • /data/media/####/helpCenter.html
  • /data/media/####/helpCenter.js
  • /data/media/####/iOSApi.js
  • /data/media/####/icon-del.png
  • /data/media/####/icon-img-code.png
  • /data/media/####/icon_bank.png
  • /data/media/####/icon_bell.png
  • /data/media/####/icon_bz_money.png
  • /data/media/####/icon_bz_shigong.png
  • /data/media/####/icon_call.png
  • /data/media/####/icon_checkBox.png
  • /data/media/####/icon_code.png
  • /data/media/####/icon_collect.png
  • /data/media/####/icon_del.png
  • /data/media/####/icon_down.png
  • /data/media/####/icon_edit.png
  • /data/media/####/icon_file.png
  • /data/media/####/icon_finnal_budge.png
  • /data/media/####/icon_flower.png
  • /data/media/####/icon_friend.png
  • /data/media/####/icon_ident.png
  • /data/media/####/icon_logo_bg.png
  • /data/media/####/icon_look.png
  • /data/media/####/icon_mailCode.png
  • /data/media/####/icon_message.png
  • /data/media/####/icon_mobile.png
  • /data/media/####/icon_msg.png
  • /data/media/####/icon_need_worker.png
  • /data/media/####/icon_noLogin.png
  • /data/media/####/icon_opacity.png
  • /data/media/####/icon_proId.png
  • /data/media/####/icon_pro_forget.png
  • /data/media/####/icon_process.png
  • /data/media/####/icon_project.png
  • /data/media/####/icon_publish_pro.png
  • /data/media/####/icon_publish_pro_zb.png
  • /data/media/####/icon_pwd.png
  • /data/media/####/icon_qq.png
  • /data/media/####/icon_question.png
  • /data/media/####/icon_reg_check.png
  • /data/media/####/icon_reg_unckeck.png
  • /data/media/####/icon_releasPro.png
  • /data/media/####/icon_selc.png
  • /data/media/####/icon_selced.png
  • /data/media/####/icon_share.png
  • /data/media/####/icon_slide.png
  • /data/media/####/icon_star.png
  • /data/media/####/icon_time.png
  • /data/media/####/icon_tip_success.png
  • /data/media/####/icon_tx.png
  • /data/media/####/icon_uncheckBox.png
  • /data/media/####/icon_weixin.png
  • /data/media/####/icon_worker.png
  • /data/media/####/icon_wx.png
  • /data/media/####/icon_xy.png
  • /data/media/####/icon_zan_num.png
  • /data/media/####/icon_zb_label.png
  • /data/media/####/icon_zfb.png
  • /data/media/####/icon_zhibao.png
  • /data/media/####/icon_zixun.png
  • /data/media/####/iconfont.ttf
  • /data/media/####/img1.png
  • /data/media/####/img_bg.png
  • /data/media/####/img_v.png
  • /data/media/####/import.png
  • /data/media/####/index.css
  • /data/media/####/index.html
  • /data/media/####/index.js
  • /data/media/####/index.png
  • /data/media/####/index_1.png
  • /data/media/####/index_2.png
  • /data/media/####/index_loading.jpg
  • /data/media/####/index_loading.png
  • /data/media/####/index_on.png
  • /data/media/####/info.png
  • /data/media/####/infoSearch.css
  • /data/media/####/infoSearch.html
  • /data/media/####/infoSearch.js
  • /data/media/####/information.css
  • /data/media/####/information.html
  • /data/media/####/information.js
  • /data/media/####/informationDetail.html
  • /data/media/####/informationDetail.js
  • /data/media/####/intro.css
  • /data/media/####/intro.js
  • /data/media/####/invoiceAgreement.html
  • /data/media/####/job_exp.png
  • /data/media/####/jquery-3.2.0.min.js
  • /data/media/####/jquery.cookie.js
  • /data/media/####/jquery_sign.css
  • /data/media/####/jquery_sign.js
  • /data/media/####/kefu-code.png
  • /data/media/####/kefu.png
  • /data/media/####/kefuIframe.html
  • /data/media/####/kefuPosition.html
  • /data/media/####/kf.png
  • /data/media/####/kf_msg.png
  • /data/media/####/kp_mail.png
  • /data/media/####/kp_quik.png
  • /data/media/####/kp_state.png
  • /data/media/####/line.png
  • /data/media/####/location.png
  • /data/media/####/login.html
  • /data/media/####/login.js
  • /data/media/####/login_QQ.png
  • /data/media/####/login_total.html
  • /data/media/####/login_wx.png
  • /data/media/####/logo.png
  • /data/media/####/logo_yellow.png
  • /data/media/####/main.html
  • /data/media/####/main.js
  • /data/media/####/manifest.json
  • /data/media/####/md5.js
  • /data/media/####/message.css
  • /data/media/####/message.html
  • /data/media/####/message.js
  • /data/media/####/message.png
  • /data/media/####/messageDetail.css
  • /data/media/####/messageDetail.html
  • /data/media/####/messageDetail.js
  • /data/media/####/messageOut.css
  • /data/media/####/messageOut.js
  • /data/media/####/message_on.png
  • /data/media/####/modernizr-custom.js
  • /data/media/####/more.png
  • /data/media/####/msgLogin.html
  • /data/media/####/mui.dtpicker.css
  • /data/media/####/mui.dtpicker.js
  • /data/media/####/mui.min.css
  • /data/media/####/mui.min.js
  • /data/media/####/mui.picker.all.js
  • /data/media/####/mui.picker.css
  • /data/media/####/mui.picker.min.css
  • /data/media/####/mui.picker.min.js
  • /data/media/####/mui.pullToRefresh.js
  • /data/media/####/mui.pullToRefresh.material.js
  • /data/media/####/mui.ttf
  • /data/media/####/myCollect.html
  • /data/media/####/myCollect.js
  • /data/media/####/myComment.html
  • /data/media/####/myCompany.html
  • /data/media/####/myCompany.js
  • /data/media/####/myCoupons.html
  • /data/media/####/myCoupons.js
  • /data/media/####/myInfo.html
  • /data/media/####/myInfo.js
  • /data/media/####/myInfo.png
  • /data/media/####/myInfo_on.png
  • /data/media/####/myLabel.html
  • /data/media/####/myLabel.js
  • /data/media/####/myPrerogative.html
  • /data/media/####/myPrerogative.js
  • /data/media/####/myRank.html
  • /data/media/####/myRank.js
  • /data/media/####/myWallet.css
  • /data/media/####/myWallet.html
  • /data/media/####/myWallet.js
  • /data/media/####/myWalletTop.html
  • /data/media/####/myWalletTop.js
  • /data/media/####/mywallet_01.png
  • /data/media/####/mywallet_02.png
  • /data/media/####/mywallet_03.png
  • /data/media/####/mywallet_empty.png
  • /data/media/####/newAddWorkerPlace.html
  • /data/media/####/newAddWorkerPlace.js
  • /data/media/####/new_guide1.jpg
  • /data/media/####/new_guide2.jpg
  • /data/media/####/new_guide3.jpg
  • /data/media/####/news.png
  • /data/media/####/no-result.png
  • /data/media/####/noComment.png
  • /data/media/####/nocheck_circular.png
  • /data/media/####/notContent.png
  • /data/media/####/notGrade_2.png
  • /data/media/####/notGrade_3.png
  • /data/media/####/notGrade_4.png
  • /data/media/####/notGrade_5.png
  • /data/media/####/not_recruit.png
  • /data/media/####/not_sign.png
  • /data/media/####/notice-msg.png
  • /data/media/####/notice-null.png
  • /data/media/####/noticeBg.png
  • /data/media/####/noticeMsg.css
  • /data/media/####/noticeMsg.html
  • /data/media/####/noticeMsg.js
  • /data/media/####/noticeMsgDetail.css
  • /data/media/####/noticeMsgDetail.html
  • /data/media/####/noticeMsgDetail.js
  • /data/media/####/nozan-active.png
  • /data/media/####/nozan.png
  • /data/media/####/oneBtn.png
  • /data/media/####/openBill.css
  • /data/media/####/openBill.html
  • /data/media/####/openBill.js
  • /data/media/####/order_list.html
  • /data/media/####/order_list.js
  • /data/media/####/other01.png
  • /data/media/####/other02.png
  • /data/media/####/outLineTransfer.html
  • /data/media/####/outLineTransfer.js
  • /data/media/####/overdue.png
  • /data/media/####/patFail.html
  • /data/media/####/pay.js
  • /data/media/####/payAgreement.html
  • /data/media/####/payFinished.js
  • /data/media/####/payIframe.html
  • /data/media/####/payPosition.html
  • /data/media/####/paySuccess.html
  • /data/media/####/pay_fail.png
  • /data/media/####/paymentjs.js
  • /data/media/####/perMsg.png
  • /data/media/####/personalMsg.css
  • /data/media/####/personalMsg.html
  • /data/media/####/personalMsg.js
  • /data/media/####/phone_down.png
  • /data/media/####/photo_default.png
  • /data/media/####/photo_unlogin.png
  • /data/media/####/pinyin.js
  • /data/media/####/plateform_exp.png
  • /data/media/####/plus.js
  • /data/media/####/pop.css
  • /data/media/####/positionDetail.html
  • /data/media/####/positionDetail.js
  • /data/media/####/positionManage.html
  • /data/media/####/positionManage.js
  • /data/media/####/pri_1.png
  • /data/media/####/pri_2.png
  • /data/media/####/pri_3.png
  • /data/media/####/pri_3_3.png
  • /data/media/####/pri_4.png
  • /data/media/####/pri_4_4.png
  • /data/media/####/proDetail.css
  • /data/media/####/proDetail.html
  • /data/media/####/proDetail.js
  • /data/media/####/proDetail_2.png
  • /data/media/####/proMessage.css
  • /data/media/####/proMessage.html
  • /data/media/####/proMessage.js
  • /data/media/####/proPay.png
  • /data/media/####/proRecord.html
  • /data/media/####/proRecord.js
  • /data/media/####/proSearch.html
  • /data/media/####/proSearch.js
  • /data/media/####/pro_daily.png
  • /data/media/####/pro_desc.png
  • /data/media/####/pro_efficy.png
  • /data/media/####/pro_give.png
  • /data/media/####/pro_location.png
  • /data/media/####/pro_msg.png
  • /data/media/####/pro_receive.png
  • /data/media/####/pro_server.png
  • /data/media/####/pro_source.png
  • /data/media/####/pro_team.png
  • /data/media/####/pro_tel.png
  • /data/media/####/pro_waiting.png
  • /data/media/####/pro_warm.png
  • /data/media/####/process_arrvive.png
  • /data/media/####/process_bottom.png
  • /data/media/####/process_bottom_arrvive.png
  • /data/media/####/process_bottom_org.png
  • /data/media/####/process_top.png
  • /data/media/####/process_top_arrvive.png
  • /data/media/####/process_top_org.png
  • /data/media/####/project.css
  • /data/media/####/project.html
  • /data/media/####/project.js
  • /data/media/####/project.png
  • /data/media/####/projectOutMesg.js
  • /data/media/####/project_on.png
  • /data/media/####/publish.png
  • /data/media/####/publishFinished.html
  • /data/media/####/pull.css
  • /data/media/####/qiandao.png
  • /data/media/####/qual.png
  • /data/media/####/qualification.css
  • /data/media/####/questionDetail.html
  • /data/media/####/questionDetail.js
  • /data/media/####/quill.bubble.css
  • /data/media/####/quill.js
  • /data/media/####/quill.min.js
  • /data/media/####/radius_check_org.png
  • /data/media/####/radius_uncheck.png
  • /data/media/####/rankRule.html
  • /data/media/####/recharge.html
  • /data/media/####/recharge.js
  • /data/media/####/rechargeFinished.html
  • /data/media/####/rechargeFinished.js
  • /data/media/####/record.png
  • /data/media/####/recruit.css
  • /data/media/####/recruit.png
  • /data/media/####/recruit_hall.html
  • /data/media/####/recruit_hall.js
  • /data/media/####/recruit_manage.html
  • /data/media/####/recruit_manage.js
  • /data/media/####/recruit_manage.png
  • /data/media/####/red_bottom.png
  • /data/media/####/red_top.png
  • /data/media/####/referPrice.css
  • /data/media/####/referPrice.html
  • /data/media/####/refuse_efficy.png
  • /data/media/####/register.html
  • /data/media/####/register.js
  • /data/media/####/report.png
  • /data/media/####/reportPage.html
  • /data/media/####/reportPage.js
  • /data/media/####/require.png
  • /data/media/####/resetPwd.html
  • /data/media/####/resetPwd.js
  • /data/media/####/resume_detail.html
  • /data/media/####/resume_detail.js
  • /data/media/####/right.png
  • /data/media/####/rob_quik.png
  • /data/media/####/rob_tel.png
  • /data/media/####/rolo_bg.png
  • /data/media/####/rule.css
  • /data/media/####/rule_logo.png
  • /data/media/####/search-result.png
  • /data/media/####/search.css
  • /data/media/####/search.png
  • /data/media/####/search2.png
  • /data/media/####/searchNoResult.html
  • /data/media/####/searchPage.html
  • /data/media/####/searchPage.js
  • /data/media/####/selcWorkerPlace.html
  • /data/media/####/selcWorkerPlace.js
  • /data/media/####/select_check.png
  • /data/media/####/selected.png
  • /data/media/####/serviceArea.css
  • /data/media/####/serviceArea.html
  • /data/media/####/serviceArea.js
  • /data/media/####/serviceAreaData.json
  • /data/media/####/set.png
  • /data/media/####/setStatusBar.js
  • /data/media/####/setup.css
  • /data/media/####/setup.html
  • /data/media/####/setup.js
  • /data/media/####/setup_password.html
  • /data/media/####/setup_password.js
  • /data/media/####/sfInfo.css
  • /data/media/####/sfInfo.html
  • /data/media/####/sfInfo.js
  • /data/media/####/share.js
  • /data/media/####/short_bar.png
  • /data/media/####/sign_title.png
  • /data/media/####/skill.png
  • /data/media/####/skillLabel.html
  • /data/media/####/skillLabel.js
  • /data/media/####/skill_networker.png
  • /data/media/####/skill_team.png
  • /data/media/####/skip.png
  • /data/media/####/sm.png
  • /data/media/####/star_full_white.png
  • /data/media/####/star_full_yellow.png
  • /data/media/####/star_half_yellow.png
  • /data/media/####/startIndex.html
  • /data/media/####/statementList.css
  • /data/media/####/statementList.html
  • /data/media/####/statementList.js
  • /data/media/####/step_bar.png
  • /data/media/####/step_bar_2.png
  • /data/media/####/step_bar_3.png
  • /data/media/####/step_bar_4.png
  • /data/media/####/step_bar_5.png
  • /data/media/####/step_bar_6.png
  • /data/media/####/study.png
  • /data/media/####/suggest.png
  • /data/media/####/swiper.min.css
  • /data/media/####/swiper.min.js
  • /data/media/####/sysMessage.css
  • /data/media/####/sysMessage.html
  • /data/media/####/sysMessage.js
  • /data/media/####/sys_msg.png
  • /data/media/####/table.png
  • /data/media/####/team.png
  • /data/media/####/teamAgreement.html
  • /data/media/####/teamTask.css
  • /data/media/####/team_info.png
  • /data/media/####/team_menber.png
  • /data/media/####/team_task.png
  • /data/media/####/tel.png
  • /data/media/####/tenderAgree.html
  • /data/media/####/test.log
  • /data/media/####/time.png
  • /data/media/####/titlelogo.png
  • /data/media/####/toggle.png
  • /data/media/####/topSearch.png
  • /data/media/####/transfer.html
  • /data/media/####/transfer.js
  • /data/media/####/transferSuccess.html
  • /data/media/####/useCoupons.html
  • /data/media/####/useCoupons.js
  • /data/media/####/userInfo.css
  • /data/media/####/userInfo.js
  • /data/media/####/v1.png
  • /data/media/####/v2.png
  • /data/media/####/v3.png
  • /data/media/####/v4.png
  • /data/media/####/v5.png
  • /data/media/####/verifIdentity.html
  • /data/media/####/verifIdentityCode.html
  • /data/media/####/verifMethod.html
  • /data/media/####/version.html
  • /data/media/####/viewhistory.html
  • /data/media/####/voucher.html
  • /data/media/####/voucher.js
  • /data/media/####/w_bank.png
  • /data/media/####/w_bottom.png
  • /data/media/####/w_detail.png
  • /data/media/####/w_detail_2.png
  • /data/media/####/w_doing.png
  • /data/media/####/w_index.png
  • /data/media/####/w_money.png
  • /data/media/####/w_nameAuthen.png
  • /data/media/####/w_network.png
  • /data/media/####/w_notRule5_5.png
  • /data/media/####/w_notRule_1.png
  • /data/media/####/w_notRule_2.png
  • /data/media/####/w_notRule_3.png
  • /data/media/####/w_notRule_4.png
  • /data/media/####/w_notRule_5.png
  • /data/media/####/w_pro.png
  • /data/media/####/w_proDetail.png
  • /data/media/####/w_qd.png
  • /data/media/####/w_rule5_5.png
  • /data/media/####/w_rule_1.png
  • /data/media/####/w_rule_2.png
  • /data/media/####/w_rule_3.png
  • /data/media/####/w_rule_4.png
  • /data/media/####/w_rule_5.png
  • /data/media/####/w_sign.png
  • /data/media/####/w_submit.png
  • /data/media/####/w_submitLog.png
  • /data/media/####/w_top.png
  • /data/media/####/waitCheck.png
  • /data/media/####/waitConfirm.png
  • /data/media/####/wallet.png
  • /data/media/####/weixin.png
  • /data/media/####/white-zan.png
  • /data/media/####/withdrawalsSuccess.html
  • /data/media/####/worker.png
  • /data/media/####/workerCetificate.html
  • /data/media/####/workerMsg.css
  • /data/media/####/workerMsg.html
  • /data/media/####/workerMsg.js
  • /data/media/####/worker_exp.png
  • /data/media/####/worker_pri.png
  • /data/media/####/worker_pro_empty1.png
  • /data/media/####/worker_project_empty.png
  • /data/media/####/xiadan.png
  • /data/media/####/year.png
  • /data/media/####/zan-active.png
  • /data/media/####/zan.png
  • /data/media/####/zixun_active.png
  • /data/media/####/zonghe01.png
  • /data/media/####/zonghe02.png
  • /data/media/####/zs.png
  • /data/media/####/zzsc.css
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/sh -c getprop ro.aa.romver
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c getprop ro.build.fingerprint
  • /system/bin/sh -c getprop ro.build.nubia.rom.name
  • /system/bin/sh -c getprop ro.build.rom.id
  • /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  • /system/bin/sh -c getprop ro.build.version.emui
  • /system/bin/sh -c getprop ro.build.version.opporom
  • /system/bin/sh -c getprop ro.gn.gnromvernumber
  • /system/bin/sh -c getprop ro.lenovo.series
  • /system/bin/sh -c getprop ro.lewa.version
  • /system/bin/sh -c getprop ro.meizu.product.model
  • /system/bin/sh -c getprop ro.miui.ui.version.name
  • /system/bin/sh -c getprop ro.vivo.os.build.display.id
  • /system/bin/sh -c type su
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/io.dcloud.feature.apsGt.GTNormalPushService 24491 300 0
  • cat /sys/class/net/wlan0/address
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 700 <Package Folder>/tx_shell/libnfix.so
  • chmod 700 <Package Folder>/tx_shell/libshella-2.9.1.2.so
  • chmod 700 <Package Folder>/tx_shell/libufix.so
  • getprop ro.aa.romver
  • getprop ro.board.platform
  • getprop ro.build.fingerprint
  • getprop ro.build.nubia.rom.name
  • getprop ro.build.rom.id
  • getprop ro.build.tyd.kbstyle_version
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.gn.gnromvernumber
  • getprop ro.lenovo.series
  • getprop ro.lewa.version
  • getprop ro.meizu.product.model
  • getprop ro.miui.ui.version.name
  • getprop ro.vivo.os.build.display.id
  • getprop ro.yunos.version
  • logcat -d -v threadtime
  • mount
Loads the following dynamic libraries:
  • Bugly
  • getuiext3
  • libnfix
  • libshella-2.9.1.2
  • libufix
  • nfix
  • ufix
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-GCM-NoPadding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android