マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.RemoteCode.4872

Added to the Dr.Web virus database: 2019-05-28

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.127.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) sdk-ope####.g####.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(TLS/1.0) api.map.b####.com:443
  • TCP(TLS/1.0) loc.map.b####.com:443
  • TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) j####.d####.com:443
  • TCP(TLS/1.0) api.s####.com:443
  • TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) o####.map.b####.com:443
  • TCP(TLS/1.0) cdn####.appa####.com:443
  • TCP(TLS/1.0) sf3-ttc####.ps####.com:443
  • TCP(TLS/1.0) wap.cmpass####.com:8443
  • TCP(TLS/1.0) and####.cli####.go####.com:443
  • TCP sdk.o####.t####.####.com:5224
  • TCP c####.g####.ig####.com:5225
DNS requests:
  • 7j####.c####.z0.####.com
  • and####.b####.qq.com
  • and####.cli####.go####.com
  • api.map.b####.com
  • api.s####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • cdn####.appa####.com
  • is.sn####.com
  • j####.d####.com
  • loc.map.b####.com
  • o####.map.b####.com
  • plb####.u####.com
  • sdk-ope####.g####.com
  • sdk.c####.ig####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • sf3-ttc####.ps####.com
  • u####.u####.com
  • wap.cmpass####.com
HTTP GET requests:
  • t####.c####.q####.####.com/config/hz-hzv6.conf
  • t####.c####.q####.####.com/tdata_SBh025
  • t####.c####.q####.####.com/tdata_ZKm258
HTTP POST requests:
  • and####.b####.qq.com/rqd/async
  • c-h####.g####.com/api.php?format=####&t=####
  • sdk-ope####.g####.com/api.php?format=####&t=####
File system changes:
Creates the following files:
  • /data/data/####/-5998622401067643521
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/0.chunk.js
  • /data/data/####/000001.dbtmp
  • /data/data/####/000002.dbtmp
  • /data/data/####/1.chunk.js
  • /data/data/####/2.chunk.js
  • /data/data/####/3.chunk.js
  • /data/data/####/4.chunk.js
  • /data/data/####/5.chunk.js
  • /data/data/####/6.chunk.js
  • /data/data/####/ADHOC_SHARED_PREFERENCE.xml
  • /data/data/####/ADHOC_SHARED_PREFERENCE.xml.bak (deleted)
  • /data/data/####/BeLog_1559040165694.log
  • /data/data/####/INSTALLATION
  • /data/data/####/MANIFEST-000001
  • /data/data/####/MultiDex.lock
  • /data/data/####/abtest.xml
  • /data/data/####/account-bind-list.ab8bb51336b70a2eb128.js
  • /data/data/####/account-bind-list.c70b341d7ff4fdd065ef49a05844b786-two.css
  • /data/data/####/account-bind-list.html
  • /data/data/####/account.367781016d9c47d32ba8e9e0624b725e-two.css
  • /data/data/####/account.ab8bb51336b70a2eb128.js
  • /data/data/####/account.html
  • /data/data/####/agreement.81d341a748c733563293e95b2cd3ef51-one.css
  • /data/data/####/agreement.ab8bb51336b70a2eb128.js
  • /data/data/####/agreement.html
  • /data/data/####/apply-cash-record.ab8bb51336b70a2eb128.js
  • /data/data/####/apply-cash-record.cf144ffe211d4315cfa8da9172b3fe33-two.css
  • /data/data/####/apply-cash-record.d41d8cd98f00b204e9800998ecf8427e-one.css
  • /data/data/####/apply-cash-record.html
  • /data/data/####/apply-cash-success.59c03c2c71709c12de3cd843af85...wo.css
  • /data/data/####/apply-cash-success.ab8bb51336b70a2eb128.js
  • /data/data/####/apply-cash-success.html
  • /data/data/####/apply-cash.ab8bb51336b70a2eb128.js
  • /data/data/####/apply-cash.ac2cfc139ebbceea1ddf78d53c3b1767-two.css
  • /data/data/####/apply-cash.html
  • /data/data/####/apply-detail.37bfc8fdfaa6e244f1b521dc7ec9cba7-two.css
  • /data/data/####/apply-detail.650149f6520013ab63beaf0e2b94b061-one.css
  • /data/data/####/apply-detail.ab8bb51336b70a2eb128.js
  • /data/data/####/apply-detail.html
  • /data/data/####/apply-list.ab8bb51336b70a2eb128.js
  • /data/data/####/apply-list.d41d8cd98f00b204e9800998ecf8427e-one.css
  • /data/data/####/apply-list.de10a18a6ba7867f2eb0d474f5e0d343-two.css
  • /data/data/####/apply-list.html
  • /data/data/####/apply-success.650149f6520013ab63beaf0e2b94b061-one.css
  • /data/data/####/apply-success.786857eca9c1b87e18fca2fb90671174-two.css
  • /data/data/####/apply-success.ab8bb51336b70a2eb128.js
  • /data/data/####/apply-success.html
  • /data/data/####/authStatus_com.zhangshangjianzhi.newapp.xml
  • /data/data/####/authStatus_com.zhangshangjianzhi.newapp;pushservice.xml
  • /data/data/####/authStatus_com.zhangshangjianzhi.newapp;remote.xml
  • /data/data/####/avatar_female.png
  • /data/data/####/avatar_male.png
  • /data/data/####/bg_blacklist.png
  • /data/data/####/bg_detail_banner.png
  • /data/data/####/bg_detail_quanzhi.png
  • /data/data/####/bg_index_column.png
  • /data/data/####/bg_map.png
  • /data/data/####/bg_mingqi_info.png
  • /data/data/####/bg_popup.png
  • /data/data/####/bg_renzheng.png
  • /data/data/####/bg_resume.png
  • /data/data/####/bg_status.png
  • /data/data/####/bg_status_new.png
  • /data/data/####/bg_tab.png
  • /data/data/####/bg_toptips.png
  • /data/data/####/bind-alipay.30dafbd020a8c6204e480314e96b22f7-one.css
  • /data/data/####/bind-alipay.544684fc5ddb7d2d980e0557e9456173-two.css
  • /data/data/####/bind-alipay.ab8bb51336b70a2eb128.js
  • /data/data/####/bind-alipay.html
  • /data/data/####/bind-unionpay.30dafbd020a8c6204e480314e96b22f7-one.css
  • /data/data/####/bind-unionpay.30f6e1104df2834bba265b87669066df-two.css
  • /data/data/####/bind-unionpay.ab8bb51336b70a2eb128.js
  • /data/data/####/bind-unionpay.html
  • /data/data/####/bind-weixinwallet.30dafbd020a8c6204e480314e96b22f7-one.css
  • /data/data/####/bind-weixinwallet.a5519d0c4588a0136b979f4af3a72260-two.css
  • /data/data/####/bind-weixinwallet.ab8bb51336b70a2eb128.js
  • /data/data/####/bind-weixinwallet.html
  • /data/data/####/bugly_db_-journal
  • /data/data/####/bundle.js
  • /data/data/####/cache.manifest
  • /data/data/####/change-mobile-number.01f56cbc8eaece908457c0663b...wo.css
  • /data/data/####/change-mobile-number.ab8bb51336b70a2eb128.js
  • /data/data/####/change-mobile-number.html
  • /data/data/####/city.95e09476214ef7a72a4fdcbd8f47934c-one.css
  • /data/data/####/city.ab8bb51336b70a2eb128.js
  • /data/data/####/city.html
  • /data/data/####/company-detail.2614af98e1e05f138228b318d5ea2cf5-two.css
  • /data/data/####/company-detail.2f269f68e1faeb5e914ca3aeadfd43a7-one.css
  • /data/data/####/company-detail.ab8bb51336b70a2eb128.js
  • /data/data/####/company-detail.html
  • /data/data/####/complain-and-feedback.ab8bb51336b70a2eb128.js
  • /data/data/####/complain-and-feedback.e4549bb4c8984f56df460219a...ne.css
  • /data/data/####/complain-and-feedback.html
  • /data/data/####/complain.0c04e1e56cfc9eb999be58e79273f0f0-two.css
  • /data/data/####/complain.ab8bb51336b70a2eb128.js
  • /data/data/####/complain.html
  • /data/data/####/complaint-forms-business-lose.8b9573f2bee9e97a0...wo.css
  • /data/data/####/complaint-forms-business-lose.ab8bb51336b70a2eb128.js
  • /data/data/####/complaint-forms-business-lose.html
  • /data/data/####/complaint-forms-false-information.99e9aa78f9fda...wo.css
  • /data/data/####/complaint-forms-false-information.ab8bb51336b70a2eb128.js
  • /data/data/####/complaint-forms-false-information.html
  • /data/data/####/complaint-forms-fee-charge.99e9aa78f9fda5e85c37...wo.css
  • /data/data/####/complaint-forms-fee-charge.ab8bb51336b70a2eb128.js
  • /data/data/####/complaint-forms-fee-charge.html
  • /data/data/####/complaint-forms-salary-arrears.99e9aa78f9fda5e8...wo.css
  • /data/data/####/complaint-forms-salary-arrears.ab8bb51336b70a2eb128.js
  • /data/data/####/complaint-forms-salary-arrears.html
  • /data/data/####/complaint-success.74474dfeb90f19ad2807dfb0283b67a7-two.css
  • /data/data/####/complaint-success.ab8bb51336b70a2eb128.js
  • /data/data/####/complaint-success.html
  • /data/data/####/count-down-bg.png
  • /data/data/####/cyan_face.png
  • /data/data/####/cyan_face_gray.png
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTU5MDQwMTYwODU4;
  • /data/data/####/detail-address.29025592c87ed0f890a6c02d8191d861-two.css
  • /data/data/####/detail-address.ab8bb51336b70a2eb128.js
  • /data/data/####/detail-address.html
  • /data/data/####/detail-mix.23954f85dc05018ea2276851501fe03e-one.css
  • /data/data/####/detail-mix.4e926abebd52f6d48a654d8040c21673-two.css
  • /data/data/####/detail-mix.ab8bb51336b70a2eb128.js
  • /data/data/####/detail-mix.html
  • /data/data/####/detail.5f6def95e16f1e6bdfcd57c9e64f552b-two.css
  • /data/data/####/detail.ab8bb51336b70a2eb128.js
  • /data/data/####/detail.eb580b41ef274c7e6be8a17ac6aca331-one.css
  • /data/data/####/detail.html
  • /data/data/####/detail_basic_head.png
  • /data/data/####/detail_direct_head.png
  • /data/data/####/detail_online_head.png
  • /data/data/####/detail_player_big.png
  • /data/data/####/detail_player_small.png
  • /data/data/####/dmdid
  • /data/data/####/dmzp.png
  • /data/data/####/dmzygw.png
  • /data/data/####/domSetting
  • /data/data/####/domSettingTime
  • /data/data/####/doumi-db-journal
  • /data/data/####/downloader.db-journal
  • /data/data/####/duiba.2839f02f6b96f7eaf8852679854b77b7-one.css
  • /data/data/####/duiba.ab8bb51336b70a2eb128.js
  • /data/data/####/duiba.html
  • /data/data/####/empower.png
  • /data/data/####/entry-details.8eb05b0e52338ec6d06b7ddc47bc085d-two.css
  • /data/data/####/entry-details.ab8bb51336b70a2eb128.js
  • /data/data/####/entry-details.html
  • /data/data/####/evaluate.ab8bb51336b70a2eb128.js
  • /data/data/####/evaluate.c06520a83be22d94fe2f3ea7820c185f-one.css
  • /data/data/####/evaluate.de10a18a6ba7867f2eb0d474f5e0d343-two.css
  • /data/data/####/evaluate.html
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f1e5994e2a5f4dbe680c.worker.js
  • /data/data/####/fe5312fdbe923e425eb3.worker.js
  • /data/data/####/feedback.a8229ee74a8c1d67288fcb25594a8ff9-one.css
  • /data/data/####/feedback.ab8bb51336b70a2eb128.js
  • /data/data/####/feedback.html
  • /data/data/####/firll.dat
  • /data/data/####/gal.db
  • /data/data/####/gal.db-journal
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gx_sp.xml
  • /data/data/####/hotjob-list.906a2f71cc7187cce21b44525e1fab9f-one.css
  • /data/data/####/hotjob-list.ab8bb51336b70a2eb128.js
  • /data/data/####/hotjob-list.html
  • /data/data/####/hst.db
  • /data/data/####/hst.db-journal
  • /data/data/####/huiyan-index.ab8bb51336b70a2eb128.js
  • /data/data/####/huiyan-index.e29e9221363bdacafabed281be3c7ccd-two.css
  • /data/data/####/huiyan-index.html
  • /data/data/####/huiyan-result.771806e56a1dce61c202dbb43f643dc1-two.css
  • /data/data/####/huiyan-result.ab8bb51336b70a2eb128.js
  • /data/data/####/huiyan-result.html
  • /data/data/####/i==1.2.0&&5.6.5_1559040161094_envelope.log
  • /data/data/####/icon-safe.png
  • /data/data/####/icon-welfare-01.png
  • /data/data/####/icon-welfare-02.png
  • /data/data/####/icon-welfare-03.png
  • /data/data/####/icon-welfare-04.png
  • /data/data/####/icon-welfare-05.png
  • /data/data/####/icon-welfare-06.png
  • /data/data/####/icon-welfare-07.png
  • /data/data/####/icon-welfare-new-01.png
  • /data/data/####/icon-welfare-new-02.png
  • /data/data/####/icon-welfare-new-03.png
  • /data/data/####/icon-welfare-new-04.png
  • /data/data/####/icon-welfare-new-05.png
  • /data/data/####/icon-welfare-new-06.png
  • /data/data/####/icon-welfare-new-07.png
  • /data/data/####/icon.png
  • /data/data/####/icon_account.png
  • /data/data/####/icon_arrow.png
  • /data/data/####/icon_blacklist.png
  • /data/data/####/icon_cate_check.png
  • /data/data/####/icon_cate_other.png
  • /data/data/####/icon_cate_promotion.png
  • /data/data/####/icon_cate_reg.png
  • /data/data/####/icon_cate_share.png
  • /data/data/####/icon_cate_survey.png
  • /data/data/####/icon_deliver.png
  • /data/data/####/icon_detail.png
  • /data/data/####/icon_detail_new.png
  • /data/data/####/icon_doubt.png
  • /data/data/####/icon_form.png
  • /data/data/####/icon_index.png
  • /data/data/####/icon_online.png
  • /data/data/####/icon_order.png
  • /data/data/####/icon_personal.png
  • /data/data/####/icon_rate.png
  • /data/data/####/icon_resume.png
  • /data/data/####/icon_succeed.png
  • /data/data/####/icon_taobaoke.png
  • /data/data/####/icon_wallet.png
  • /data/data/####/increment_cache_file
  • /data/data/####/info.xml
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/integral-detail.ab8bb51336b70a2eb128.js
  • /data/data/####/integral-detail.c83a6efc7066963968c7d023024ca754-one.css
  • /data/data/####/integral-detail.html
  • /data/data/####/jianZhi.xml
  • /data/data/####/ker.db-journal
  • /data/data/####/lazyload_default.png
  • /data/data/####/libcuid.so
  • /data/data/####/libjiagu1964038844.so
  • /data/data/####/ljzp.png
  • /data/data/####/local_crash_lock
  • /data/data/####/login-captcha.5742bdc933655ecb625c7b17b9fd87fc-one.css
  • /data/data/####/login-captcha.ab8bb51336b70a2eb128.js
  • /data/data/####/login-captcha.html
  • /data/data/####/login-check-phone.ab8bb51336b70a2eb128.js
  • /data/data/####/login-check-phone.ea7aa50e46628c34780c01b949a08eee-one.css
  • /data/data/####/login-check-phone.html
  • /data/data/####/login-password.ab8bb51336b70a2eb128.js
  • /data/data/####/login-password.ea7aa50e46628c34780c01b949a08eee-one.css
  • /data/data/####/login-password.html
  • /data/data/####/main.dek
  • /data/data/####/mingqi_tag.png
  • /data/data/####/mingqi_toutu_ placeholder.png
  • /data/data/####/mingqi_toutu_default.jpg
  • /data/data/####/multidex.version.xml
  • /data/data/####/nearby-list.ab8bb51336b70a2eb128.js
  • /data/data/####/nearby-list.dc7826e2fc4b0c7cd7a989e88fa11806-one.css
  • /data/data/####/nearby-list.html
  • /data/data/####/no-idencode.7418fa430c2c4b3ef49e4852e46dcb52-one.css
  • /data/data/####/no-idencode.ab8bb51336b70a2eb128.js
  • /data/data/####/no-idencode.html
  • /data/data/####/ofl.config
  • /data/data/####/ofl_location.db
  • /data/data/####/ofl_location.db-journal
  • /data/data/####/ofl_statistics.db
  • /data/data/####/ofl_statistics.db-journal
  • /data/data/####/online-prefecture.5123a485a5b55423a26b945b4230db2d-one.css
  • /data/data/####/online-prefecture.ab8bb51336b70a2eb128.js
  • /data/data/####/online-prefecture.html
  • /data/data/####/prefecture.ab8bb51336b70a2eb128.js
  • /data/data/####/prefecture.ba608718150f704ee23d0a7aaa8f4deb-one.css
  • /data/data/####/prefecture.html
  • /data/data/####/preferences-job-type-select.a94f09daf10d5d732ea...ne.css
  • /data/data/####/preferences-job-type-select.ab8bb51336b70a2eb128.js
  • /data/data/####/preferences-job-type-select.html
  • /data/data/####/progress_left.png
  • /data/data/####/progress_right.png
  • /data/data/####/ptj_icons.png
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/rapidly-apply.564954de10d17d5f32bbbbac7d66d69d-one.css
  • /data/data/####/rapidly-apply.ab8bb51336b70a2eb128.js
  • /data/data/####/rapidly-apply.html
  • /data/data/####/recommend-list.906a2f71cc7187cce21b44525e1fab9f-one.css
  • /data/data/####/recommend-list.ab8bb51336b70a2eb128.js
  • /data/data/####/recommend-list.html
  • /data/data/####/register.ab8bb51336b70a2eb128.js
  • /data/data/####/register.b5bba3abd015f375c4e2bd6d5eacb1b7-one.css
  • /data/data/####/register.html
  • /data/data/####/reset.ab8bb51336b70a2eb128.js
  • /data/data/####/reset.d9d8604340a6ed793fbdccf399d45e8f-one.css
  • /data/data/####/reset.html
  • /data/data/####/resume-addition.ab8bb51336b70a2eb128.js
  • /data/data/####/resume-addition.d7945e877eea5a0bbd4415a13136d995-two.css
  • /data/data/####/resume-addition.html
  • /data/data/####/resume-education.7c7a3088327e9722353a33ada700a852-two.css
  • /data/data/####/resume-education.ab8bb51336b70a2eb128.js
  • /data/data/####/resume-education.html
  • /data/data/####/resume-index.1d8821ec6637d09eca1e80bf27a89e2a-two.css
  • /data/data/####/resume-index.ab8bb51336b70a2eb128.js
  • /data/data/####/resume-index.html
  • /data/data/####/resume-info.ab8bb51336b70a2eb128.js
  • /data/data/####/resume-info.fc48d4216b68c7b66dfe43bc0dd79093-two.css
  • /data/data/####/resume-info.html
  • /data/data/####/resume-preference.2714697431b3b2d75fba9cde9121a5ab-two.css
  • /data/data/####/resume-preference.ab8bb51336b70a2eb128.js
  • /data/data/####/resume-preference.html
  • /data/data/####/resume-work.00ce7ed700f061bbc36f2f29fa025b82-two.css
  • /data/data/####/resume-work.ab8bb51336b70a2eb128.js
  • /data/data/####/resume-work.html
  • /data/data/####/run.pid
  • /data/data/####/search.099a4243e789f51f498cf5fd7bfcaa7a-one.css
  • /data/data/####/search.ab8bb51336b70a2eb128.js
  • /data/data/####/search.ec78d9768d538227415bb8c91290bee6-two.css
  • /data/data/####/search.html
  • /data/data/####/security_info
  • /data/data/####/selected.0ab9b6e8aa47f4571e603f69326f57b8-two.css
  • /data/data/####/selected.ab8bb51336b70a2eb128.js
  • /data/data/####/selected.d41d8cd98f00b204e9800998ecf8427e-one.css
  • /data/data/####/selected.html
  • /data/data/####/selected_big.png
  • /data/data/####/selected_middle.png
  • /data/data/####/selected_small.png
  • /data/data/####/selectiveperfect-list.600dd311eae712f04127072f6...ne.css
  • /data/data/####/selectiveperfect-list.ab8bb51336b70a2eb128.js
  • /data/data/####/selectiveperfect-list.html
  • /data/data/####/set-resume-success.3870f8f1434d9211db9b1f682a1d...ne.css
  • /data/data/####/set-resume-success.ab8bb51336b70a2eb128.js
  • /data/data/####/set-resume-success.html
  • /data/data/####/settings.42f8ffe727c12e0284bdd45ee7a3d59e-two.css
  • /data/data/####/settings.ab8bb51336b70a2eb128.js
  • /data/data/####/settings.html
  • /data/data/####/sobot_chat_20190528_log.txt
  • /data/data/####/sobot_config.xml
  • /data/data/####/taobaoke-detail.358071e44592d180b1e79940927d4191-one.css
  • /data/data/####/taobaoke-detail.ab8bb51336b70a2eb128.js
  • /data/data/####/taobaoke-detail.html
  • /data/data/####/taobaoke-income.ab8bb51336b70a2eb128.js
  • /data/data/####/taobaoke-income.c09ceadc2e3455c79fd67f0a59f160ac-one.css
  • /data/data/####/taobaoke-income.html
  • /data/data/####/taobaoke-index.ab8bb51336b70a2eb128.js
  • /data/data/####/taobaoke-index.d5dd94be166cbb44ef39c36aa5f09614-one.css
  • /data/data/####/taobaoke-index.html
  • /data/data/####/taobaoke-order.ab8bb51336b70a2eb128.js
  • /data/data/####/taobaoke-order.d18b222592a9b845ed9722e3f4272351-one.css
  • /data/data/####/taobaoke-order.html
  • /data/data/####/taobaoke-search-hot-key.9cda77bb31da14cb8999ac4...ne.css
  • /data/data/####/taobaoke-search-hot-key.ab8bb51336b70a2eb128.js
  • /data/data/####/taobaoke-search-hot-key.html
  • /data/data/####/taobaoke-search.ab8bb51336b70a2eb128.js
  • /data/data/####/taobaoke-search.b78708aa1c7a04779a0da807626bafdb-one.css
  • /data/data/####/taobaoke-search.html
  • /data/data/####/taobaoke-share.ab8bb51336b70a2eb128.js
  • /data/data/####/taobaoke-share.ff00047a1ed770721cb9fa56d81ab6d4-one.css
  • /data/data/####/taobaoke-share.html
  • /data/data/####/tdata_SBh025
  • /data/data/####/tdata_SBh025.jar
  • /data/data/####/tdata_ZKm258
  • /data/data/####/tdata_ZKm258.jar
  • /data/data/####/tmp.zip
  • /data/data/####/tt_sdk_settings.xml
  • /data/data/####/ttopenadsdk.xml
  • /data/data/####/ttopensdk.db-journal
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/vendor.dll.js
  • /data/data/####/verified.31cea5d90dc2a813555678a967bea9cb-two.css
  • /data/data/####/verified.ab8bb51336b70a2eb128.js
  • /data/data/####/verified.html
  • /data/data/####/wallet.81e31e9d2bc6c83694c3f17939194c78-two.css
  • /data/data/####/wallet.ab8bb51336b70a2eb128.js
  • /data/data/####/wallet.html
  • /data/data/####/yellow_face.png
  • /data/data/####/yellow_face_gray.png
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.cuid
  • /data/media/####/.cuid2
  • /data/media/####/.nomedia
  • /data/media/####/.umm.dat
  • /data/media/####/1559040167939
  • /data/media/####/76c60023aa6c025bffc3f4d1fd1cc4b4.tmp
  • /data/media/####/app.db
  • /data/media/####/ba787edb1ed49a5a11ea19721c290bad.tmp
  • /data/media/####/ba787edb1ed49a5a11ea19721c290bad.tmp (deleted)
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.zhangshangjianzhi.newapp.bin
  • /data/media/####/com.zhangshangjianzhi.newapp.db
  • /data/media/####/conlts.dat
  • /data/media/####/dmdid
  • /data/media/####/domSetting
  • /data/media/####/domSettingTime
  • /data/media/####/ls.db
  • /data/media/####/ls.db-journal
  • /data/media/####/tdata_SBh025
  • /data/media/####/tdata_ZKm258
  • /data/media/####/temp_pkg_info.json
  • /data/media/####/test.log
  • /data/media/####/yoh.dat
  • /data/media/####/yol.dat
  • /data/media/####/yom.dat
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/sh -c getprop ro.aa.romver
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c getprop ro.build.fingerprint
  • /system/bin/sh -c getprop ro.build.nubia.rom.name
  • /system/bin/sh -c getprop ro.build.rom.id
  • /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  • /system/bin/sh -c getprop ro.build.version.emui
  • /system/bin/sh -c getprop ro.build.version.opporom
  • /system/bin/sh -c getprop ro.gn.gnromvernumber
  • /system/bin/sh -c getprop ro.lenovo.series
  • /system/bin/sh -c getprop ro.lewa.version
  • /system/bin/sh -c getprop ro.meizu.product.model
  • /system/bin/sh -c getprop ro.miui.ui.version.name
  • /system/bin/sh -c getprop ro.vivo.os.build.display.id
  • /system/bin/sh -c type su
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/com.doumi.jianzhi.push.GetTuiPushService 25876 300 0
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • getprop ro.aa.romver
  • getprop ro.board.platform
  • getprop ro.build.fingerprint
  • getprop ro.build.nubia.rom.name
  • getprop ro.build.rom.id
  • getprop ro.build.tyd.kbstyle_version
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.gn.gnromvernumber
  • getprop ro.lenovo.series
  • getprop ro.letv.release.version
  • getprop ro.lewa.version
  • getprop ro.meizu.product.model
  • getprop ro.miui.ui.version.name
  • getprop ro.vivo.os.build.display.id
  • logcat -d -v threadtime
  • ls /sys/class/thermal
  • sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.doumi.jianzhi.push.GetTuiPushService 25876 300 0
Loads the following dynamic libraries:
  • BaiduMapSDK_base_v5_0_0
  • dek
  • getuiext2
  • kerdb
  • libjiagu1964038844
  • locSDK7b
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android