マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Adware.Gexin.13044

Added to the Dr.Web virus database: 2019-05-01

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) a####.u####.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) cdnpu####.c####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) upg####.c####.com:80
  • TCP(TLS/1.0) api.map.b####.com:443
  • TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) loc.map.b####.com:443
  • TCP(TLS/1.0) www.c####.com:443
  • TCP(TLS/1.0) upg####.c####.com:443
  • TCP(TLS/1.0) 1####.217.168.206:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP c####.g####.ig####.com:5225
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.u####.com
  • api.map.b####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • cdnpu####.c####.com
  • loc.map.b####.com
  • log.u####.com
  • mt####.go####.com
  • s####.u####.com
  • sdk.c####.ig####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • t####.c####.com
  • upg####.c####.com
  • www.c####.com
HTTP GET requests:
  • cdnpu####.c####.com/PUBLIC/BRAND/140/1.png
  • cdnpu####.c####.com/PUBLIC/BRAND/140/14.png
  • cdnpu####.c####.com/PUBLIC/BRAND/140/3.png
  • cdnpu####.c####.com/PUBLIC/BRAND/140/33.png
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/00c4bca4-ac62-497c-a201-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/06622ad2-f6a5-4f6a-9a53-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/1d8b3991-7c1a-4002-9d40-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/3f3c2a64-e84e-4b12-9a8c-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/5bd4f8a9-7c7d-4ea3-b8da-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/707af5cf-b939-4fab-80d3-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/9718809b-1f00-4740-8bd8-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/ae98131b-afd2-4a59-a3d7-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/b91ee299-c944-4eae-86aa-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/c5716b29-3573-46b9-abef-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/f7f0125c-3b06-4c30-b8e6-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-28/fd3d5105-df81-4717-a911-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-29/02e55818-d02a-4798-b4f6-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-29/0b28af35-3322-4b27-ada2-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-29/0f4944d3-d674-4b2a-a219-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-29/1cab5e62-9c12-4fe5-8623-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-29/35944a51-bd39-4131-8cd9-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-29/62191bc4-7fe7-49d1-9afc-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-30/2c34a62e-9b4e-4956-a022-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-30/583988f4-166b-461a-be7b-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-30/5c234f28-73f2-4f58-9bc5-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-30/76156f8c-299e-4c50-8ca0-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-30/a1d417c0-8a63-4ff1-a852-...
  • cdnpu####.c####.com/PUBLIC/CAR_IMAGE/2019-04-30/f180495d-6675-46f3-b495-...
  • cdnpu####.c####.com/PUBLIC/reserve_public3/2017-11-02/2f1f3412-090d-4551...
  • cdnpu####.c####.com/PUBLIC/reserve_public3/2017-11-02/79bfc488-de6a-4ccd...
  • cdnpu####.c####.com/PUBLIC/reserve_public3/2017-11-02/d0771bd6-4076-4872...
  • cdnpu####.c####.com/PUBLIC/reserve_public3/2017-11-02/d3335449-88a7-482b...
  • cdnpu####.c####.com/PUBLIC/reserve_public3/2017-11-02/e0cce1a3-3feb-491b...
  • cdnpu####.c####.com/PUBLIC/reserve_public3/2017-11-02/fd100ca2-567f-437e...
  • cdnpu####.c####.com/PUBLIC/reserve_public3/2017-11-16/14247d47-ac1a-4d69...
  • t####.c####.q####.####.com/config/hz-hzv6.conf
  • t####.c####.q####.####.com/tdata_Gfv491
  • t####.c####.q####.####.com/tdata_MkX219
  • t####.c####.q####.####.com/tdata_ZvO248
  • t####.c####.q####.####.com/tdata_zzW503
  • upg####.c####.com/download-files/html5/patch/3/3/2.0.0.4/1.8.0.21-2.0.0....
HTTP POST requests:
  • a####.u####.com/app_logs
  • c-h####.g####.com/api.php?format=####&t=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
File system changes:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/0.137bd2.js
  • /data/data/####/129b2fba127465c17f9f8d5d2a3b5686fbf57dca9c19b7b....0.tmp
  • /data/data/####/1556672921652.log
  • /data/data/####/1556672921652.log.bak
  • /data/data/####/1556672921652.log.bak (deleted)
  • /data/data/####/1667200f2eba0d6ae4332641fed682a3e79c6f864e8e2c8....0.tmp
  • /data/data/####/17.0927a7.js
  • /data/data/####/20.544965.js
  • /data/data/####/21.593805.js
  • /data/data/####/28ed37d03aca6e6b439588c58af7ef08c29a033262cad74....0.tmp
  • /data/data/####/404.html
  • /data/data/####/45c00c241e4d44e8437abd58d23630500b2b284ffac96b2....0.tmp
  • /data/data/####/4S-photo.8f6b5e.png
  • /data/data/####/4S-photo@3x.aa3c75.png
  • /data/data/####/6a90bb6ad25ea7a9adfeac4194cf466546ed083d0b2176c....0.tmp
  • /data/data/####/6fdbc26f911ca4b05745d0a4ff777f7c8fabf8ce2e17255....0.tmp
  • /data/data/####/7395959a16b54bd76906f0d5441d75d5962899d7ddda13c....0.tmp
  • /data/data/####/8bd4607466c28403c17f13b6ca15dce41151f30b5efd8ed....0.tmp
  • /data/data/####/Label@2x.8ae499.png
  • /data/data/####/Label@2x.png
  • /data/data/####/Label@3x.f4945c.png
  • /data/data/####/Label@3x.png
  • /data/data/####/Login-check@2x.223403.png
  • /data/data/####/Login-check@2x.png
  • /data/data/####/Login-check@3x.89f993.png
  • /data/data/####/Login-check@3x.png
  • /data/data/####/Login-unchecked@2x.0bbac4.png
  • /data/data/####/Login-unchecked@2x.png
  • /data/data/####/Login-unchecked@3x.e37657.png
  • /data/data/####/Login-unchecked@3x.png
  • /data/data/####/MultiDex.lock
  • /data/data/####/The_slider.2bbb7a.png
  • /data/data/####/The_slider.png
  • /data/data/####/The_slider@3x.605bb8.png
  • /data/data/####/The_slider@3x.png
  • /data/data/####/WEB_ZIP_FILE.zip
  • /data/data/####/abnormal.773be1.png
  • /data/data/####/abnormal.png
  • /data/data/####/abnormal@3x.9ab949.png
  • /data/data/####/abnormal@3x.png
  • /data/data/####/about.html
  • /data/data/####/about.js
  • /data/data/####/abouts.7beedf.js
  • /data/data/####/aboutsService.js
  • /data/data/####/activity-Submit@2x.a4bd93.png
  • /data/data/####/activity-Submit@2x.png
  • /data/data/####/activity-Submit@3x.0b4bdc.png
  • /data/data/####/activity-Submit@3x.png
  • /data/data/####/activity-cash@2x.cdd5a6.png
  • /data/data/####/activity-cash@2x.png
  • /data/data/####/activity-cash@3x.7be74e.png
  • /data/data/####/activity-cash@3x.png
  • /data/data/####/activity.9a80c9.js
  • /data/data/####/addr.html
  • /data/data/####/addr.js
  • /data/data/####/address@2x.png
  • /data/data/####/address@3x.9c22bb.png
  • /data/data/####/address@3x.png
  • /data/data/####/alert-icon-faild.png
  • /data/data/####/alert-icon-success.png
  • /data/data/####/andriodPhone@2x.97eda2.png
  • /data/data/####/andriodPhone@2x.png
  • /data/data/####/andriodPhone@3x.7889ad.png
  • /data/data/####/andriodPhone@3x.png
  • /data/data/####/angular-animate.min.js
  • /data/data/####/angular-ui-router.min.js
  • /data/data/####/angular.min.js
  • /data/data/####/animate-arrow@2x.b89122.gif
  • /data/data/####/animate-arrow@2x.gif
  • /data/data/####/animate-arrow@3x.da9aad.gif
  • /data/data/####/animate-arrow@3x.gif
  • /data/data/####/app.css
  • /data/data/####/app.d4ae2d.js
  • /data/data/####/app.js
  • /data/data/####/apply.html
  • /data/data/####/apply.js
  • /data/data/####/authStatus_com.btjf.app.cheok.xml
  • /data/data/####/authStatus_com.btjf.app.cheok;pushservice.xml
  • /data/data/####/authStatus_com.btjf.app.cheok;remote.xml
  • /data/data/####/authentication.html
  • /data/data/####/authentication.js
  • /data/data/####/b2b546cdb9ebd5b1326e285a24767b6cd863da8950cf6b1....0.tmp
  • /data/data/####/b643542fb43a591c24f2f9f0afa93161b885a1a5e756f37....0.tmp
  • /data/data/####/bank_branch_support.html
  • /data/data/####/bank_branch_support.js
  • /data/data/####/bank_support.html
  • /data/data/####/bank_support.js
  • /data/data/####/bankcard.html
  • /data/data/####/bankcard.js
  • /data/data/####/banner-default.fdfb2b.png
  • /data/data/####/banner-default.png
  • /data/data/####/banner-defaultD.454157.png
  • /data/data/####/banner-defaultD.png
  • /data/data/####/bannerService.js
  • /data/data/####/base.min.css
  • /data/data/####/base.min.js
  • /data/data/####/bbcService.js
  • /data/data/####/beibeiche.min.css
  • /data/data/####/billService.js
  • /data/data/####/bind_bankcard.html
  • /data/data/####/bind_bankcard.js
  • /data/data/####/bind_success.html
  • /data/data/####/bind_success.js
  • /data/data/####/bindbk.html
  • /data/data/####/bindbk.js
  • /data/data/####/bindcard.html
  • /data/data/####/bindcard.js
  • /data/data/####/brandIcon.c651b3.png
  • /data/data/####/brandIcon.png
  • /data/data/####/brandService.js
  • /data/data/####/bt-lazyload.js
  • /data/data/####/btBaseModule.js
  • /data/data/####/buriedService.js
  • /data/data/####/buy-cars-All-brand.f3cccf.png
  • /data/data/####/buy-cars-All-brand.png
  • /data/data/####/buy-cars-All-brand@3x.29b966.png
  • /data/data/####/buy-cars-All-brand@3x.png
  • /data/data/####/buy-cars-choose.d8a741.png
  • /data/data/####/buy-cars-choose@3x.691a49.png
  • /data/data/####/buy-cars-colorALL.e02120.png
  • /data/data/####/buy-cars-colorALL@3x.dfb8a7.png
  • /data/data/####/buy-cars-newCAR.17cb1b.png
  • /data/data/####/buy-cars-newCAR@3x.6b5a33.png
  • /data/data/####/buy-cars-oncar.png
  • /data/data/####/captchaService.js
  • /data/data/####/car-default.f15ddb.png
  • /data/data/####/car-default.png
  • /data/data/####/car-quotes1@2x.bda363.png
  • /data/data/####/car-quotes1@2x.png
  • /data/data/####/car-quotes1@3x.bf02e6.png
  • /data/data/####/car-quotes1@3x.png
  • /data/data/####/car-quotes2@2x.png
  • /data/data/####/car-quotes2@3x.png
  • /data/data/####/car-type.5c73b2.png
  • /data/data/####/car-wallet@2x.b6c529.png
  • /data/data/####/car-wallet@2x.png
  • /data/data/####/car-wallet@3x.2ca71e.png
  • /data/data/####/car-wallet@3x.png
  • /data/data/####/car.3997a5.js
  • /data/data/####/car.min.css
  • /data/data/####/carAppraisal.828171.js
  • /data/data/####/carLoan-nobill@2x.7a1725.png
  • /data/data/####/carLoan-nobill@2x.png
  • /data/data/####/carLoan-nobill@3x.png
  • /data/data/####/carLoan-paidoff@2x.5ae14d.png
  • /data/data/####/carLoan-paidoff@2x.png
  • /data/data/####/carLoan-paidoff@3x.png
  • /data/data/####/carLoan-repayment@2x.d56201.png
  • /data/data/####/carLoan-repayment@2x.png
  • /data/data/####/carLoan-repayment@3x.png
  • /data/data/####/carService.js
  • /data/data/####/car_loan.html
  • /data/data/####/car_loan.js
  • /data/data/####/cardetail_seller@2x.fb6d38.png
  • /data/data/####/cardetail_seller@2x.png
  • /data/data/####/cardetail_seller@3x.png
  • /data/data/####/carture.png
  • /data/data/####/cc.db
  • /data/data/####/cc.db-journal
  • /data/data/####/cheok_main.db-journal
  • /data/data/####/cheok_static.db
  • /data/data/####/cheok_static.db-journal
  • /data/data/####/choseBrand.html
  • /data/data/####/choseBrand.js
  • /data/data/####/choseStyle.html
  • /data/data/####/choseStyle.js
  • /data/data/####/close.png
  • /data/data/####/com.btjf.app.commonlib.APP_PREF.xml
  • /data/data/####/common.722cef.js
  • /data/data/####/config.html
  • /data/data/####/config.js
  • /data/data/####/config.min.js
  • /data/data/####/confirm.min.js
  • /data/data/####/confirm_bill.html
  • /data/data/####/confirm_bill.js
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/de4ad750151d5d3e988b7a6ad4e5c552112f52f39ca2c69....0.tmp
  • /data/data/####/debug.js
  • /data/data/####/deduct_agreement.html
  • /data/data/####/deduct_agreement.js
  • /data/data/####/default-upgrade@2x.44a0b1.png
  • /data/data/####/default-upgrade@2x.png
  • /data/data/####/default-upgrade@3x.0822fd.png
  • /data/data/####/default-upgrade@3x.png
  • /data/data/####/del-btn.6b87ae.png
  • /data/data/####/del-btn@3x.516f07.png
  • /data/data/####/demo.619c9a.js
  • /data/data/####/detail.html
  • /data/data/####/detail.js
  • /data/data/####/detail_1.0.0.html
  • /data/data/####/detail_1.0.0.js
  • /data/data/####/detail_1.3.0.html
  • /data/data/####/detail_1.3.0.js
  • /data/data/####/detail_arrow@2x.937e82.png
  • /data/data/####/detail_arrow@2x.png
  • /data/data/####/detail_arrow@3x.d8766a.png
  • /data/data/####/detail_arrow@3x.png
  • /data/data/####/detail_bg@2x.17c243.png
  • /data/data/####/detail_bg@2x.png
  • /data/data/####/detail_bg@3x.png
  • /data/data/####/details@2x.3c8d43.png
  • /data/data/####/details@2x.png
  • /data/data/####/details@3x.3a61d9.png
  • /data/data/####/details@3x.png
  • /data/data/####/dialog.min.js
  • /data/data/####/directiveModule.js
  • /data/data/####/drivingLicense@2x.31e22e.png
  • /data/data/####/drivingLicense@2x.png
  • /data/data/####/drivingLicense@3x.fd5da2.png
  • /data/data/####/drivingLicense@3x.png
  • /data/data/####/easyLoanService.js
  • /data/data/####/evaluate.min.css
  • /data/data/####/evaluateService.js
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/f_000003
  • /data/data/####/f_000004
  • /data/data/####/f_000005
  • /data/data/####/f_000006
  • /data/data/####/f_000007
  • /data/data/####/f_000008
  • /data/data/####/f_000009
  • /data/data/####/f_00000a
  • /data/data/####/f_00000b
  • /data/data/####/f_00000c
  • /data/data/####/f_00000d
  • /data/data/####/f_00000e
  • /data/data/####/f_00000f
  • /data/data/####/f_000010
  • /data/data/####/f_000011
  • /data/data/####/f_000012
  • /data/data/####/f_000013
  • /data/data/####/f_000014
  • /data/data/####/f_000015
  • /data/data/####/f_000016
  • /data/data/####/failT.450819.png
  • /data/data/####/failT.png
  • /data/data/####/failT@3x.beb487.png
  • /data/data/####/failT@3x.png
  • /data/data/####/firll.dat
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gkt-journal
  • /data/data/####/global.min.css
  • /data/data/####/global.min.js
  • /data/data/####/globalBase.js
  • /data/data/####/guide.html
  • /data/data/####/guide.js
  • /data/data/####/gx_sp.xml
  • /data/data/####/hammer.min.js
  • /data/data/####/hideModuleService.js
  • /data/data/####/history.html
  • /data/data/####/history.js
  • /data/data/####/home-InBuy@2x.png
  • /data/data/####/home-InBuy@3x.png
  • /data/data/####/home-bmw@3x.png
  • /data/data/####/home-buycar@2x.8e4aa7.png
  • /data/data/####/home-buycar@2x.png
  • /data/data/####/home-buycar@3x.3797fa.png
  • /data/data/####/home-buycar@3x.png
  • /data/data/####/home-checkIllegal@2x.b6639e.png
  • /data/data/####/home-checkIllegal@2x.png
  • /data/data/####/home-checkIllegal@3x.e7e0f8.png
  • /data/data/####/home-checkIllegal@3x.png
  • /data/data/####/home-evaluation@2x.b9edaa.png
  • /data/data/####/home-evaluation@2x.png
  • /data/data/####/home-evaluation@3x.116e59.png
  • /data/data/####/home-evaluation@3x.png
  • /data/data/####/home-hot@2x.png
  • /data/data/####/home-hot@3x.png
  • /data/data/####/home-hoverA@2x.png
  • /data/data/####/home-hoverA@3x.png
  • /data/data/####/home-kmr@2x.png
  • /data/data/####/home-kmr@3x.png
  • /data/data/####/home-stagescar@2x.e4de8d.png
  • /data/data/####/home-stagescar@2x.png
  • /data/data/####/home-stagescar@3x.05e401.png
  • /data/data/####/home-stagescar@3x.png
  • /data/data/####/home.min.css
  • /data/data/####/home_a6L@2x.png
  • /data/data/####/home_a6L@3x.png
  • /data/data/####/home_glk@2x.236b2d.png
  • /data/data/####/home_glk@2x.png
  • /data/data/####/home_glk@3x.a52002.png
  • /data/data/####/home_glk@3x.png
  • /data/data/####/home_new@2x.7a73f8.png
  • /data/data/####/home_new@2x.png
  • /data/data/####/home_new@3x.e02042.png
  • /data/data/####/home_new@3x.png
  • /data/data/####/home_priceoff@2x.358a75.png
  • /data/data/####/home_priceoff@2x.png
  • /data/data/####/home_priceoff@3x.40832d.png
  • /data/data/####/home_priceoff@3x.png
  • /data/data/####/home_yfnd@3x.png
  • /data/data/####/home_zero@2x.png
  • /data/data/####/home_zero@3x.png
  • /data/data/####/hst.db
  • /data/data/####/hst.db-journal
  • /data/data/####/iconfont.6f67fc.ttf
  • /data/data/####/iconfont.ad326a.woff
  • /data/data/####/iconfont.css
  • /data/data/####/iconfont.df4ea2.svg
  • /data/data/####/iconfont.e53dc8.eot
  • /data/data/####/iconfont.eot
  • /data/data/####/iconfont.svg
  • /data/data/####/iconfont.ttf
  • /data/data/####/iconfont.woff
  • /data/data/####/imgLazyload.596318.js
  • /data/data/####/imgScroll.32817f.js
  • /data/data/####/imgScroll.js
  • /data/data/####/index
  • /data/data/####/index.d1ea07.js
  • /data/data/####/index.html
  • /data/data/####/index.min.css
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/installmentService.js
  • /data/data/####/intention.html
  • /data/data/####/intention.js
  • /data/data/####/intentionService.js
  • /data/data/####/isbindService.js
  • /data/data/####/iscroll-probe.js
  • /data/data/####/iscroll.b352ec.js
  • /data/data/####/iscroll.js
  • /data/data/####/iscroll5.01900f.js
  • /data/data/####/jg_so_upgrade_setting.xml
  • /data/data/####/journal.tmp
  • /data/data/####/jquery.min.js
  • /data/data/####/labelling@2x.cea0a7.png
  • /data/data/####/labelling@2x.png
  • /data/data/####/labelling@3x.324a2b.png
  • /data/data/####/labelling@3x.png
  • /data/data/####/libcuid.so
  • /data/data/####/libjiagu.so
  • /data/data/####/list-noData.html
  • /data/data/####/list.html
  • /data/data/####/list.js
  • /data/data/####/loading-icon.gif
  • /data/data/####/loading.4b2af9.png
  • /data/data/####/loading.623c99.gif
  • /data/data/####/loading.7929ca.png
  • /data/data/####/loading.gif
  • /data/data/####/loading.min.js
  • /data/data/####/loading.png
  • /data/data/####/loading1.d027a7.png
  • /data/data/####/loading1.png
  • /data/data/####/loanService.js
  • /data/data/####/loan_contract.html
  • /data/data/####/loan_contract.js
  • /data/data/####/locationService.js
  • /data/data/####/login.650bd3.js
  • /data/data/####/login.html
  • /data/data/####/login.js
  • /data/data/####/logo@2x.8fac8a.png
  • /data/data/####/logo@2x.png
  • /data/data/####/logo@3x.18aad9.png
  • /data/data/####/logo@3x.png
  • /data/data/####/main.html
  • /data/data/####/main.js
  • /data/data/####/makeInfo.html
  • /data/data/####/makeInfo.js
  • /data/data/####/manifest.92367e.js
  • /data/data/####/map-arrow.755d8d.png
  • /data/data/####/mine.cd93cb.js
  • /data/data/####/mobiscroll.09b73c.js
  • /data/data/####/modelModule.js
  • /data/data/####/moren@2x.41d438.png
  • /data/data/####/moren@2x.png
  • /data/data/####/moren@3x.2e2645.png
  • /data/data/####/moren@3x.png
  • /data/data/####/multidex.version.xml
  • /data/data/####/news@2x.7f2978.png
  • /data/data/####/news@2x.png
  • /data/data/####/news@3x.745486.png
  • /data/data/####/news@3x.png
  • /data/data/####/noData-appriaisal.4d0d47.png
  • /data/data/####/noData-appriaisal.png
  • /data/data/####/noData-appriaisal@3x.a32f95.png
  • /data/data/####/noData-appriaisal@3x.png
  • /data/data/####/noData-coupon.161e53.png
  • /data/data/####/noData-coupon@3x.0a872b.png
  • /data/data/####/noData.html
  • /data/data/####/noDate-peccancy.604d3d.png
  • /data/data/####/noDate-peccancy.png
  • /data/data/####/noDate-peccancy@3x.8d0064.png
  • /data/data/####/noDate-peccancy@3x.png
  • /data/data/####/noRecord.0bb31b.png
  • /data/data/####/noRecord.png
  • /data/data/####/noRecord@3x.e246f9.png
  • /data/data/####/noRecord@3x.png
  • /data/data/####/noRepaidData.html
  • /data/data/####/noRepayData.html
  • /data/data/####/no_login.html
  • /data/data/####/nocontent.310c3d.png
  • /data/data/####/nocontent.png
  • /data/data/####/nocontent@3x.06273a.png
  • /data/data/####/nocontent@3x.png
  • /data/data/####/nonData.html
  • /data/data/####/normal.d4c00b.png
  • /data/data/####/normal.png
  • /data/data/####/normal@3x.15da59.png
  • /data/data/####/normal@3x.png
  • /data/data/####/notice.eecdc0.js
  • /data/data/####/notice.min.css
  • /data/data/####/notice@2x.9db580.png
  • /data/data/####/notice@2x.png
  • /data/data/####/notice@3x.598b76.png
  • /data/data/####/notice@3x.png
  • /data/data/####/noticeService.js
  • /data/data/####/openApp.js
  • /data/data/####/overlay.html
  • /data/data/####/overlay.min.css
  • /data/data/####/payment_history.html
  • /data/data/####/payment_history.js
  • /data/data/####/peccancyService.js
  • /data/data/####/pf_contract.html
  • /data/data/####/pf_contract.js
  • /data/data/####/photoSwipe.min.css
  • /data/data/####/photoSwipe.min.js
  • /data/data/####/pickAreaDirective.js
  • /data/data/####/pinyin.js
  • /data/data/####/point.01ea2f.png
  • /data/data/####/polyfill.js
  • /data/data/####/pop_bargain.html
  • /data/data/####/pop_bargain.js
  • /data/data/####/pop_callup400.html
  • /data/data/####/pop_callup400.js
  • /data/data/####/pop_depreciate.html
  • /data/data/####/pop_depreciate.js
  • /data/data/####/pop_received.html
  • /data/data/####/pop_received.js
  • /data/data/####/pop_saleCar.html
  • /data/data/####/pop_saleCar.js
  • /data/data/####/preview_float.html
  • /data/data/####/preview_float.js
  • /data/data/####/propagation.224974.js
  • /data/data/####/protocol.html
  • /data/data/####/protocol.js
  • /data/data/####/protocol.min.css
  • /data/data/####/province-data.min.js
  • /data/data/####/pull-down.14258c.gif
  • /data/data/####/pull-down.gif
  • /data/data/####/pull-icon@2x.a94e46.png
  • /data/data/####/pull-icon@2x.png
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushk.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/record.b4477e.png
  • /data/data/####/record.png
  • /data/data/####/record@2x.4d0d47.png
  • /data/data/####/record@2x.png
  • /data/data/####/record@3x.193fd9.png
  • /data/data/####/record@3x.a32f95.png
  • /data/data/####/record@3x.png
  • /data/data/####/recordred.e4343e.png
  • /data/data/####/recordred.png
  • /data/data/####/recordred@3x.043358.png
  • /data/data/####/recordred@3x.png
  • /data/data/####/refresh@2x.png
  • /data/data/####/refresh@3x.c016a8.png
  • /data/data/####/refresh@3x.png
  • /data/data/####/refreshArrow.png
  • /data/data/####/refreshArrow@3x.png
  • /data/data/####/repayment.html
  • /data/data/####/repayment.js
  • /data/data/####/require.min.js
  • /data/data/####/result.html
  • /data/data/####/result.js
  • /data/data/####/round.670f26.png
  • /data/data/####/round.png
  • /data/data/####/route.js
  • /data/data/####/run.pid
  • /data/data/####/say.min.js
  • /data/data/####/scrollbar.css
  • /data/data/####/scrollbar.png
  • /data/data/####/searchCity.html
  • /data/data/####/searchCity.js
  • /data/data/####/service.a1b4c8.js
  • /data/data/####/serviceModule.js
  • /data/data/####/share@2x.png
  • /data/data/####/share@3x.47b687.png
  • /data/data/####/share@3x.png
  • /data/data/####/skip.html
  • /data/data/####/skip.js
  • /data/data/####/spread.7c2cf5.png
  • /data/data/####/spread@3x.b05b33.png
  • /data/data/####/submit_fail@2x.5a6000.png
  • /data/data/####/submit_fail@2x.png
  • /data/data/####/submit_fail@3x.904e6e.png
  • /data/data/####/submit_fail@3x.png
  • /data/data/####/submit_result.html
  • /data/data/####/submit_result.js
  • /data/data/####/submit_sucess@2x.ea355f.png
  • /data/data/####/submit_sucess@2x.png
  • /data/data/####/submit_sucess@3x.d14e9b.png
  • /data/data/####/submit_sucess@3x.png
  • /data/data/####/success.html
  • /data/data/####/success.js
  • /data/data/####/sucsessT.fcc6fe.png
  • /data/data/####/sucsessT.png
  • /data/data/####/sucsessT@3x.bbb3bd.png
  • /data/data/####/sucsessT@3x.png
  • /data/data/####/superspecial.22d2ba.js
  • /data/data/####/superspecial.html
  • /data/data/####/superspecial.js
  • /data/data/####/supportBank@2x.1a7c09.png
  • /data/data/####/supportBank@2x.png
  • /data/data/####/supportBank@3x.a686d8.png
  • /data/data/####/supportBank@3x.png
  • /data/data/####/tankuang.9954d1.png
  • /data/data/####/tankuang.png
  • /data/data/####/tankuang@3x.e9924b.png
  • /data/data/####/tankuang@3x.png
  • /data/data/####/tdata_Gfv491
  • /data/data/####/tdata_Gfv491.jar
  • /data/data/####/tdata_MkX219
  • /data/data/####/tdata_MkX219.jar
  • /data/data/####/tdata_ZvO248
  • /data/data/####/tdata_ZvO248.jar
  • /data/data/####/tdata_zzW503
  • /data/data/####/tdata_zzW503.jar
  • /data/data/####/text.min.js
  • /data/data/####/theme-cut.1d2326.png
  • /data/data/####/theme-cut.png
  • /data/data/####/tip.html
  • /data/data/####/tip.js
  • /data/data/####/tip.min.js
  • /data/data/####/tween.min.js
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_socialize.xml
  • /data/data/####/umeng_socialize.xml.bak
  • /data/data/####/userService.js
  • /data/data/####/util.js
  • /data/data/####/validate.html
  • /data/data/####/validate.js
  • /data/data/####/vendor.d3e18f.js
  • /data/data/####/version.txt
  • /data/data/####/webViewBridge.js
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/xcarloan_Banner@2x.5b8fca.png
  • /data/data/####/xcarloan_Banner@2x.png
  • /data/data/####/xcarloan_Banner@3x.png
  • /data/data/####/xcarloan_arrow@2x.6b9568.png
  • /data/data/####/xcarloan_arrow@2x.png
  • /data/data/####/xcarloan_arrow@3x.48b0cb.png
  • /data/data/####/xcarloan_arrow@3x.png
  • /data/data/####/xcarloan_devide@2x.bfcaeb.png
  • /data/data/####/xcarloan_devide@2x.png
  • /data/data/####/xcarloan_devide@3x.1ef56d.png
  • /data/data/####/xcarloan_devide@3x.png
  • /data/data/####/xcarloan_function1@2x.0d935d.png
  • /data/data/####/xcarloan_function1@2x.png
  • /data/data/####/xcarloan_function1@3x.png
  • /data/data/####/xcarloan_function2@2x.b5f687.png
  • /data/data/####/xcarloan_function2@2x.png
  • /data/data/####/xcarloan_function2@3x.png
  • /data/data/####/xcarloan_function3@2x.04fa4a.png
  • /data/data/####/xcarloan_function3@2x.png
  • /data/data/####/xcarloan_function3@3x.png
  • /data/data/####/xcarloan_tips1@2x.ee2136.png
  • /data/data/####/xcarloan_tips1@2x.png
  • /data/data/####/xcarloan_tips1@3x.png
  • /data/data/####/xcarloan_tips2@2x.639ce9.png
  • /data/data/####/xcarloan_tips2@2x.png
  • /data/data/####/xcarloan_tips2@3x.png
  • /data/data/####/xcarloan_tips3@2x.0e01da.png
  • /data/data/####/xcarloan_tips3@2x.png
  • /data/data/####/xcarloan_tips3@3x.png
  • /data/data/####/zepto.min.js
  • /data/data/####/zhijian1@2x.png
  • /data/data/####/zhijian1@3x.png
  • /data/data/####/zhijian2@2x.png
  • /data/data/####/zhijian2@3x.png
  • /data/media/####/.cuid2
  • /data/media/####/.nomedia
  • /data/media/####/043c7d3e1ae70b1c35a5b01006b1f9d1.0.tmp
  • /data/media/####/043c7d3e1ae70b1c35a5b01006b1f9d1.1.tmp
  • /data/media/####/209e5477d052011dff1d038c66e4d8ca.0.tmp
  • /data/media/####/209e5477d052011dff1d038c66e4d8ca.1.tmp
  • /data/media/####/48c516fe588a1c1efb358ef44a29e1fe.0.tmp
  • /data/media/####/48c516fe588a1c1efb358ef44a29e1fe.1.tmp
  • /data/media/####/50453268308c61976e56ba34aba668e3.0.tmp
  • /data/media/####/50453268308c61976e56ba34aba668e3.1.tmp
  • /data/media/####/511ab6a3703e0db71d6ee3eb4fd24bb6.0.tmp
  • /data/media/####/511ab6a3703e0db71d6ee3eb4fd24bb6.1.tmp
  • /data/media/####/5e0a5bc6d75ca63fb45b50b09eafc931.0.tmp
  • /data/media/####/5e0a5bc6d75ca63fb45b50b09eafc931.1.tmp
  • /data/media/####/7fffd8223bd421fc7dd349c05bb55274.0.tmp
  • /data/media/####/7fffd8223bd421fc7dd349c05bb55274.1.tmp
  • /data/media/####/82610fad03d4c480204889064414dd45.0.tmp
  • /data/media/####/82610fad03d4c480204889064414dd45.1.tmp
  • /data/media/####/88ab13b40c0e5fe9b241b25e3b0fd475.0.tmp
  • /data/media/####/88ab13b40c0e5fe9b241b25e3b0fd475.1.tmp
  • /data/media/####/95930d84f9a06c60f427912855133f02.0.tmp
  • /data/media/####/95930d84f9a06c60f427912855133f02.1.tmp
  • /data/media/####/96e023b58734d13b990828e741ad2e13.0.tmp
  • /data/media/####/96e023b58734d13b990828e741ad2e13.1.tmp
  • /data/media/####/a470cf5caa61fdce8eae8e89a675516e.0.tmp
  • /data/media/####/a470cf5caa61fdce8eae8e89a675516e.1.tmp
  • /data/media/####/app.db
  • /data/media/####/c17650122be4b27ff9343659dc307762.0.tmp
  • /data/media/####/c17650122be4b27ff9343659dc307762.1.tmp
  • /data/media/####/c9be17ac460938d56bb9776379891cd9.0.tmp
  • /data/media/####/c9be17ac460938d56bb9776379891cd9.1.tmp
  • /data/media/####/com.btjf.app.cheok.bin
  • /data/media/####/com.btjf.app.cheok.db
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/dae788f2f269ffada9f54893d3456cf7.0.tmp
  • /data/media/####/dae788f2f269ffada9f54893d3456cf7.1.tmp
  • /data/media/####/e77f57c65d07500af5657ce1e09e333a.0.tmp
  • /data/media/####/e77f57c65d07500af5657ce1e09e333a.1.tmp
  • /data/media/####/e7825834b4f1a9e3a9030247488dfc69.0.tmp
  • /data/media/####/e7825834b4f1a9e3a9030247488dfc69.1.tmp
  • /data/media/####/e941d09b1be438d4231ab8baaa58a9a4.0.tmp
  • /data/media/####/e941d09b1be438d4231ab8baaa58a9a4.1.tmp
  • /data/media/####/f1d4521d6d74e24110f55afde23fc09a.0.tmp
  • /data/media/####/f1d4521d6d74e24110f55afde23fc09a.1.tmp
  • /data/media/####/gkt-journal
  • /data/media/####/gktper
  • /data/media/####/journal.tmp
  • /data/media/####/tdata_Gfv491
  • /data/media/####/tdata_MkX219
  • /data/media/####/tdata_ZvO248
  • /data/media/####/tdata_zzW503
  • /data/media/####/test.log
  • /data/media/####/yoh.dat
  • /data/media/####/yol.dat
  • /data/media/####/yom.dat
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/cpuinfo
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.service.receiver.GTCustomService 24722 300 0
  • cat /sys/class/net/wlan0/address
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu.so
  • mount
  • sh
Loads the following dynamic libraries:
  • BaiduMapSDK_base_v4_5_0
  • getuiext2
  • libjiagu
  • locSDK7a
Uses the following algorithms to encrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-CFB-NoPadding
  • AES-ECB-PKCS5Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android