マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.RemoteCode.6339

Added to the Dr.Web virus database: 2019-11-25

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.41.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) v.adma####.com.cn:80
  • TCP(HTTP/1.1) s####.x####.com.cn:80
  • TCP(HTTP/1.1) yb.bugse####.com:80
  • TCP(HTTP/1.1) a.bjsd####.com:80
  • TCP(HTTP/1.1) a####.w####.com:80
  • TCP(HTTP/1.1) s.clients####.cn:80
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) ad.l####.com:3001
  • TCP(HTTP/1.1) www.x####.cn:80
  • TCP(HTTP/1.1) res####.a####.top:80
  • TCP(HTTP/1.1) 47.1####.185.46:80
  • TCP(HTTP/1.1) j####.g####.vip:80
  • TCP(HTTP/1.1) ti####.c####.l####.####.com:80
  • TCP(HTTP/1.1) f.qia####.com:80
  • TCP(HTTP/1.1) d1.x####.com.####.com:80
  • TCP(HTTP/1.1) api.g####.vip:80
  • TCP(HTTP/1.1) api.lubang####.com:80
  • TCP(HTTP/1.1) js.pass####.qih####.####.com:80
  • TCP(HTTP/1.1) kou####.a####.top:80
  • TCP(HTTP/1.1) api.s####.xin:80
  • TCP(HTTP/1.1) php.sho####.com:80
  • TCP(HTTP/1.1) 47.1####.211.73:80
  • TCP(HTTP/1.1) b####.bugse####.com:3002
  • TCP(HTTP/1.1) 1####.75.92.94:80
  • TCP(HTTP/1.1) s.3####.cn:80
  • TCP(HTTP/1.1) yb.bugse####.com:3002
  • TCP(HTTP/1.1) qiniust####.jom####.com:80
  • TCP(HTTP/1.1) 61.1####.215.224:80
  • TCP(HTTP/1.1) s####.jom####.com:80
  • TCP(HTTP/1.1) a####.qia####.com:80
  • TCP(HTTP/1.1) b####.bugse####.com:3000
  • TCP(HTTP/1.1) bag.sdk.a####.####.com:80
  • TCP(HTTP/1.1) s####.dmp.g####.cn:80
  • TCP(HTTP/1.1) log.sho####.com:80
  • TCP(HTTP/1.1) 1####.75.90.218:80
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) etc.jiguang####.com.####.com:80
  • TCP(HTTP/1.1) pc.b####.com:80
  • TCP(HTTP/1.1) 614.a####.top:80
  • TCP(HTTP/1.1) ad.l####.com:3000
  • TCP(HTTP/1.1) api####.tiantia####.com:80
  • TCP(HTTP/1.1) ssph####.cn-hang####.log.####.com:80
  • TCP(HTTP/1.1) s6.q####.com:80
  • TCP(HTTP/1.1) t####.a####.top:80
  • TCP(HTTP/1.1) down####.baiyuns####.com:80
  • TCP(HTTP/1.1) d0.x####.com.cn:80
  • TCP(HTTP/1.1) ne####.x####.com.cn:80
  • TCP(HTTP/1.1) m.8####.com:80
  • TCP(HTTP/1.1) luozias####.b0.a####.com:80
  • TCP(HTTP/1.1) t####.x####.com.cn:80
  • TCP(HTTP/1.1) c.c####.com:80
  • TCP(HTTP/1.1) c####.x####.com.cn:80
  • TCP(HTTP/1.1) b####.bugse####.com:80
  • TCP(HTTP/1.1) h.w####.com:80
  • TCP(HTTP/1.1) 47.1####.59.53:900
  • TCP(HTTP/1.1) i####.doub####.com:80
  • TCP(HTTP/1.1) api.yunco####.com:80
  • TCP(HTTP/1.1) ad.w####.com:80
  • TCP(HTTP/1.1) i.gridsum####.com:80
  • TCP(HTTP/1.1) api.free####.xin:80
  • TCP(HTTP/1.1) b####.bugse####.com:3001
  • TCP(HTTP/1.1) ad.l####.com:80
  • TCP(HTTP/1.1) ad.l####.com:3002
  • UDP(NTP) 2.and####.p####.####.org:123
  • TCP(TLS/1.0) sdk.a####.uu####.com:443
  • TCP(TLS/1.0) ti####.c####.l####.####.com:443
  • TCP(TLS/1.0) t.hy####.com.cn:443
  • TCP(TLS/1.0) etc.jiguang####.com.####.com:443
  • TCP(TLS/1.0) i####.51.la:443
  • TCP(TLS/1.0) img.a####.com:443
  • TCP(TLS/1.0) gm.mm####.com:443
  • TCP(TLS/1.0) i####.d####.com:443
  • TCP(TLS/1.0) p####.jias####.cn:443
  • TCP(TLS/1.0) a####.d####.com:443
  • TCP(TLS/1.0) g.cn.miao####.com:443
  • TCP(TLS/1.0) z.c####.com:443
  • TCP(TLS/1.0) c.c####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) s####.d####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) api.g####.vip:443
  • TCP(TLS/1.0) i.gridsum####.com:443
  • TCP(TLS/1.0) gd.a.s####.com:443
DNS requests:
  • 2.and####.p####.####.org
  • 614.a####.top
  • a####.d####.com
  • a####.qia####.com
  • a####.w####.com
  • a.bjsd####.com
  • ad.l####.com
  • ad.w####.com
  • api####.tiantia####.com
  • api.free####.xin
  • api.g####.vip
  • api.lubang####.com
  • api.s####.b####.com
  • api.s####.xin
  • api.yunco####.com
  • ass####.xca####.com
  • b####.bugse####.com
  • bag.sdk.a####.####.com
  • c####.mm####.com
  • c####.x####.com.cn
  • c.c####.com
  • d0.x####.com.cn
  • d1.x####.com.cn
  • down####.baiyuns####.com
  • etc.jiguang####.com
  • f.qia####.com
  • g.cn.miao####.com
  • h.w####.com
  • hm.b####.com
  • i####.51.la
  • i####.d####.com
  • i####.doub####.com
  • i####.x####.com.cn
  • i####.xca####.com
  • i####.xca####.com
  • i.gridsum####.com
  • img.a####.com
  • j####.g####.vip
  • js.pass####.qih####.com
  • js.x####.com.cn
  • kou####.a####.top
  • log.sho####.com
  • m.8####.com
  • ne####.x####.com.cn
  • p####.b####.com
  • p####.jias####.cn
  • p####.zhanz####.b####.com
  • pc.b####.com
  • php.sho####.com
  • pic.xca####.com
  • pv.s####.com
  • res####.a####.top
  • s####.d####.com
  • s####.dmp.g####.cn
  • s####.x####.com.cn
  • s.3####.cn
  • s.clients####.cn
  • s13.c####.com
  • s23.c####.com
  • s6.q####.com
  • s9.c####.com
  • s96.c####.com
  • sdk.a####.uu####.com
  • ssph####.cn-hang####.log.####.com
  • st####.duo####.com
  • t####.a####.top
  • t####.x####.com.cn
  • t-####.hy####.com.cn
  • u####.a####.top
  • v.adma####.com.cn
  • v1.c####.com
  • vn.x####.com.cn
  • www.google-####.com
  • www.x####.cn
  • yb.bugse####.com
  • z12.c####.com
  • z2.c####.com
  • z3.c####.com
  • z5.c####.com
  • z6.c####.com
  • z7.c####.com
  • z9.c####.com
HTTP GET requests:
  • 61.1####.215.224/filter_control_614.json
  • 614.a####.top/controlup614.json
  • ad.l####.com/ad
  • ad.l####.com:3000/api?rdtime=####&id=####&osv=####&imei=####&adid=####&m...
  • ad.l####.com:3001/api?rdtime=####&id=####&osv=####&imei=####&adid=####&m...
  • ad.l####.com:3002/api?rdtime=####&id=####&osv=####&imei=####&adid=####&m...
  • api.g####.vip/cy.js
  • b####.bugse####.com/ad
  • b####.bugse####.com:3000/api?rdtime=####&id=####&osv=####&imei=####&adid...
  • b####.bugse####.com:3001/api?rdtime=####&id=####&osv=####&imei=####&adid...
  • b####.bugse####.com:3002/api?rdtime=####&id=####&osv=####&imei=####&adid...
  • c####.x####.com.cn/push/adv.php?pid=####&id=####&oid=####&m=####&pv=####...
  • c####.x####.com.cn/push/adv.php?pid=133&id=16072&oid=81804&m=1&pv=620000...
  • c####.x####.com.cn/push/adv.php?pid=1470&id=16173&oid=80789&m=1&pv=24000...
  • c####.x####.com.cn/push/adv.php?pid=1643&id=16143&oid=81667&m=1&pv=12000...
  • c####.x####.com.cn/push/adv.php?pid=180&id=16074&oid=81804&m=1&pv=160000...
  • c####.x####.com.cn/push/adv.php?pid=181&id=16262&oid=81879&m=1&pv=360000...
  • c####.x####.com.cn/push/adv.php?pid=188&id=16091&oid=81574&m=1&pv=120000...
  • c####.x####.com.cn/push/adv.php?pid=902&id=16092&oid=81574&m=1&pv=140000...
  • c####.x####.com.cn/push/adv.php?pid=903&id=16266&oid=81686&m=1&pv=140000...
  • c####.x####.com.cn/push/adv.php?pid=974&id=16093&oid=81574&m=1&pv=500000...
  • c####.x####.com.cn/push/adv.php?r_id=5ddb8105471e0918&dsp=andc&pid=1934&...
  • c####.x####.com.cn/push/adv.php?r_id=5ddb8107c9e30320&dsp=andc&pid=881&m...
  • c####.x####.com.cn/push/adv.php?r_id=5ddb8107cc18a877&dsp=andc&pid=1934&...
  • c####.x####.com.cn/push/adv.php?r_id=5ddb8108b5fe3397&dsp=andc&pid=2037&...
  • c####.x####.com.cn/push/adv.php?r_id=5ddb8108d19f6812&dsp=andc&pid=1934&...
  • c####.x####.com.cn/ssp/dsp.php?dsp=####&apid=####
  • c.c####.com/core.php?web_id=####&t=####
  • c.c####.com/z_stat.php?id=####
  • d0.x####.com.cn/adpush/push/ad.php?pid=####&pushtype=####&cid=####&style...
  • d0.x####.com.cn/adpush/push/adv.php?pid=####&oid=####&m=####&url=####
  • d0.x####.com.cn/pvlog/ad_count.php?t=####
  • d1.x####.com.####.com/attached/image/20190405/20190405090755_18340.jpg
  • down####.baiyuns####.com/80syc/80sycphone.css
  • down####.baiyuns####.com/80syc/arrow.png
  • down####.baiyuns####.com/80syc/btn.png
  • down####.baiyuns####.com/80syc/jquery.min.js
  • down####.baiyuns####.com/80syc/js/common.js
  • down####.baiyuns####.com/80syc/js/css.css
  • down####.baiyuns####.com/80syc/js/function.js
  • down####.baiyuns####.com/80syc/js/play.js
  • down####.baiyuns####.com/80syc/js/player.js
  • down####.baiyuns####.com/80syc/logo.gif
  • down####.baiyuns####.com/80syc/pic/play.png
  • down####.baiyuns####.com/80syc/pic/vloading.gif
  • down####.baiyuns####.com/80syc/search.png
  • down####.baiyuns####.com/80syc/top.png
  • down####.baiyuns####.com/jquery.min.js
  • etc.jiguang####.com.####.com/chijian_qd001.html
  • etc.jiguang####.com.####.com/chijian_qd001.js
  • f.qia####.com/e/20191108171457b_600017_v61.enc
  • gd.a.s####.com/cityjson?ie=####
  • i####.doub####.com/view/photo/s_ratio_poster/public/p2206597790.jpg
  • i.gridsum####.com/v/?gscmd=impress&gid=gad_393_ol2tsvj5&ck=282&adk=14935...
  • j####.g####.vip/syc3.js
  • js.pass####.qih####.####.com/11.0.1.js?90057d8####
  • kou####.a####.top/kouling.json
  • luozias####.b0.a####.com/ip/lw/qd001.html
  • luozias####.b0.a####.com/ip/lw/qd001.js
  • m.8####.com/cron/index.asp?t=####
  • m.8####.com/js/ads/lmgg.js
  • m.8####.com/js/ads/qzty.js
  • m.8####.com/js/ads/syd950.js
  • m.8####.com/js/loading.html
  • m.8####.com/js/player.html
  • m.8####.com/js/playload.html
  • m.8####.com/play/9132-0-0.html
  • m.8####.com/playdata/172/9132.js?6436####
  • m.8####.com/view/12244.html
  • ne####.x####.com.cn/auto/index.php?r=####&c=####&p=####&m=####
  • ne####.x####.com.cn/auto/index.php?r=####&pserid=####&city_id=####&provi...
  • ne####.x####.com.cn/images/np_ps_bj.jpg
  • ne####.x####.com.cn/images/r_map.gif
  • ne####.x####.com.cn/images/rl_bj.gif
  • ne####.x####.com.cn/js/Jump.js?v=####
  • ne####.x####.com.cn/jsinclude/jquery.js
  • ne####.x####.com.cn/new_ol_163.html
  • ne####.x####.com.cn/new_ol_2348.html
  • ne####.x####.com.cn/new_ol_news27.html
  • ne####.x####.com.cn/new_ol_news35.html
  • ne####.x####.com.cn/new_ol_photo2.html
  • ne####.x####.com.cn/xcarjump/new_jump_other.php
  • pc.b####.com/v
  • qiniust####.jom####.com/cms/iwt/iwt-min.js
  • qiniust####.jom####.com/common/1.7.2.min.js
  • qiniust####.jom####.com/source/search/search.r.js?v=####
  • qiniust####.jom####.com/source/search/search_emptyfns.r.js
  • qiniust####.jom####.com/source/search/search_exec.r.js?v=####
  • qiniust####.jom####.com/source/search/search_tpl_c1.r.js?v=####
  • qiniust####.jom####.com/source/search/search_tpl_c2.r.js?v=####
  • qiniust####.jom####.com/tools/jq/1.9-nol.js
  • qiniust####.jom####.com/tools/requirejs/2.3.js?v=####
  • qiniust####.jom####.com/xtv/qiniu/image/thumb/2017/09/22/o_7026847375632...
  • qiniust####.jom####.com/xtv/qiniu/image/thumb/2017/09/25/o_765db1f61f1c4...
  • res####.a####.top/sdk12.png
  • res####.a####.top/sdk13_4.png
  • res####.a####.top/sdk15.png
  • res####.a####.top/sdk17.png
  • res####.a####.top/sdk18.png
  • res####.a####.top/sdk23_1.png
  • res####.a####.top/sdk5_2.png
  • res####.a####.top/sdk7.png
  • res####.a####.top/sdk9.png
  • s####.dmp.g####.cn/imp.gif?e=####&u=####
  • s####.jom####.com/push.js
  • s####.jom####.com/s.gif?r=####&l=####
  • s####.x####.com.cn/flow/flow.php?m=####
  • s####.x####.com.cn/flow/flow.php?q=####
  • s####.x####.com.cn/flow/flow.php?t=####
  • s.3####.cn/so/zz.gif?url=####&sid=####&token=####
  • s.clients####.cn/dspo.htm?sp=####&ext=####&f=####
  • s.clients####.cn/dspo.htm?sp=####&ext=MCw####&f=####
  • s6.q####.com/static/ab77b6ea7f3fbf79.js
  • ssph####.cn-hang####.log.####.com/logstores/system/track_ua.gif?APIVersi...
  • t####.a####.top/req.json
  • t####.x####.com.cn/ip2city/ip2getcity.php?_t=####&s=####
  • ti####.c####.l####.####.com/2011newcar/images/wb_btn1.jpg
  • ti####.c####.l####.####.com/2015/nav/css/channel_nav.css?v=####
  • ti####.c####.l####.####.com/2015/nav/images/Header_bg.gif?v=####
  • ti####.c####.l####.####.com/2015/nav/images/xcar_logov@2x.png?v=####
  • ti####.c####.l####.####.com/2016/DemioModel/css/common.css?version=####
  • ti####.c####.l####.####.com/2016/DemioModel/css/demion_v1.css?v=####
  • ti####.c####.l####.####.com/2016/DemioModel/css/demion_v1.css?version=####
  • ti####.c####.l####.####.com/2016/DemioModel/images/200.jpg
  • ti####.c####.l####.####.com/2016/DemioModel/images/DemioModel.png
  • ti####.c####.l####.####.com/2016/DemioModel/images/DemioModel.png?v####
  • ti####.c####.l####.####.com/PicLib/logo/bl17_40.jpg
  • ti####.c####.l####.####.com/PicLib/logo/bl8_40.jpg
  • ti####.c####.l####.####.com/PicLib/logo/pl3_40.jpg
  • ti####.c####.l####.####.com/PicLib/s/s10468_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s10482_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s10873_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s10937_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s11100_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s11320_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s11336_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s11955_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s6542_120.jpg
  • ti####.c####.l####.####.com/PicLib/s/s8504_120.jpg
  • ti####.c####.l####.####.com/PicLib/s/s9296_420.jpg
  • ti####.c####.l####.####.com/PicLib/s/s9583_420.jpg
  • ti####.c####.l####.####.com/b17/s10867/20181105114920247968184075339.jpg...
  • ti####.c####.l####.####.com/b17/s10867/20181105115030343870462271805.jpg...
  • ti####.c####.l####.####.com/b59/s7483/m_20181128162738902619810492453.jpg
  • ti####.c####.l####.####.com/b59/s7483/s_20181128162651741831041291607.jpg
  • ti####.c####.l####.####.com/b59/s7483/s_20181128162737298084094477952.jpg
  • ti####.c####.l####.####.com/b59/s7483/s_20181128162738902619810492453.jpg
  • ti####.c####.l####.####.com/b59/s7483/s_20181128162752452995332878980.jpg
  • ti####.c####.l####.####.com/b8/s9710/20171219111833996459646877421.jpg-2...
  • ti####.c####.l####.####.com/b8/s9710/20171219112336027732268060833.jpg-1...
  • ti####.c####.l####.####.com/min/?f=####&v=####
  • ti####.c####.l####.####.com/min/?f=####&version=####
  • ti####.c####.l####.####.com/resource/newcar/ps/nav.js?v=####
  • ti####.c####.l####.####.com/review/js/city_arr_2008.js
  • ti####.c####.l####.####.com/ss/newsearch/css/search.css
  • v.adma####.com.cn/i/a125276,b3306852,c150,i0,m202,8a2,8b3,h
  • v.adma####.com.cn/i/a125276,b3306871,c150,i0,m202,8a1,8b3,h
  • v.adma####.com.cn/i/a125276,b3306876,c150,i0,m202,8a1,8b3,h
  • v.adma####.com.cn/i/a125276,b3306879,c150,i0,m202,8a1,8b3,h
  • v.adma####.com.cn/i/a125276,b3306883,c150,i0,m202,8a1,8b3,h
  • v.adma####.com.cn/i/a135776,b3817904,c150,i0,m202,8a1,8b2,h,uhttps://t-b...
  • v.adma####.com.cn/i/a135776,b3817905,c150,i0,m202,8a1,8b2,h,uhttps://t-b...
  • v.adma####.com.cn/i/a135776,b3817906,c150,i0,m202,8a1,8b2,h,uhttps://t-b...
  • v.adma####.com.cn/i/a135805,b3792534,c150,i0,m202,8a1,8b3,h,uhttps://t-b...
  • v.adma####.com.cn/i/a135805,b3792538,c150,i0,m202,8a1,8b3,h,uhttps://t-b...
  • v.adma####.com.cn/i/a136248,b3814058,c150,i0,m202,8a1,8b3,h,uhttps://t-b...
  • v.adma####.com.cn/i/a136344,b3819751,c150,i0,m202,8a1,8b3,h,uhttps://t-b...
  • www.x####.cn/sycdd.js
  • yb.bugse####.com/ad
  • yb.bugse####.com:3002/api?rdtime=####&id=####&osv=####&imei=####&adid=##...
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
  • z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
HTTP POST requests:
  • a####.qia####.com//api/2io82K
  • a####.qia####.com//api/8VbeIo
  • a####.qia####.com//api/Ddgv3VE
  • a####.qia####.com//api/Mny1OOW3
  • a####.qia####.com//api/QTnLukEdO1
  • a####.qia####.com//api/SEEzevU1
  • a####.qia####.com//api/SJoGF44Q
  • a####.qia####.com//api/SVFUp6
  • a####.qia####.com//api/voEYG7
  • a####.w####.com/rest/pt
  • a.bjsd####.com/index.php?r=####
  • ad.w####.com/api.htm?pid=####
  • api####.tiantia####.com/ads
  • api.free####.xin/log/if0
  • api.free####.xin/log/p02
  • api.lubang####.com/domain.php
  • api.lubang####.com/srp.php
  • api.s####.xin/log/if0
  • api.yunco####.com/service/rest
  • bag.sdk.a####.####.com/v1/bag/monitor
  • h.w####.com/api/Gu5wT0Z
  • log.sho####.com/index.php?r=####
  • php.sho####.com/index.php?r=####
File system changes:
Creates the following files:
  • /data/data/####/.3WN9
  • /data/data/####/.5TE4.xml
  • /data/data/####/.J1_v.xml
  • /data/data/####/.__mob_ad_data.xml
  • /data/data/####/.fKSra
  • /data/data/####/.fKSra.zip
  • /data/data/####/1s.jar
  • /data/data/####/ApplicationCache.db-journal
  • /data/data/####/XkdjsIx132mMskey1.xml
  • /data/data/####/XkdjsIx132mMtasks.xml
  • /data/data/####/ahq_spu_ti.xml
  • /data/data/####/al_lcom.qlz.ulg.xml
  • /data/data/####/com.v.junior.xml
  • /data/data/####/com_v_junior.txt
  • /data/data/####/countIp.xml
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/ddfsfwo.data-journal
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/f_000003
  • /data/data/####/f_000004
  • /data/data/####/f_000005
  • /data/data/####/f_000006
  • /data/data/####/f_000007
  • /data/data/####/f_000008
  • /data/data/####/f_000009
  • /data/data/####/f_00000a
  • /data/data/####/f_00000b
  • /data/data/####/f_00000c
  • /data/data/####/f_00000d
  • /data/data/####/f_00000e
  • /data/data/####/f_00000f
  • /data/data/####/f_000010
  • /data/data/####/f_000011
  • /data/data/####/f_000012
  • /data/data/####/f_000013
  • /data/data/####/f_000014
  • /data/data/####/f_000015
  • /data/data/####/f_000016
  • /data/data/####/f_000017
  • /data/data/####/f_000018
  • /data/data/####/f_000019
  • /data/data/####/f_00001a
  • /data/data/####/f_00001b
  • /data/data/####/f_00001c
  • /data/data/####/f_00001d
  • /data/data/####/f_00001e
  • /data/data/####/f_00001f
  • /data/data/####/f_000020
  • /data/data/####/f_000021
  • /data/data/####/f_000022
  • /data/data/####/f_000023
  • /data/data/####/fwaqsdf.xml
  • /data/data/####/fwaqsdf.xml.bak
  • /data/data/####/fwsaefrf.data-journal
  • /data/data/####/globalParamFile.xml
  • /data/data/####/hhq_spu_ti.xml
  • /data/data/####/hxdata.xml
  • /data/data/####/index
  • /data/data/####/sesvwta.xml
  • /data/data/####/sfwwWQsewq.data-journal
  • /data/data/####/swWsewdQe.xml
  • /data/data/####/umengDown5_2.jar
  • /data/data/####/umeng_down12.jar
  • /data/data/####/umeng_down13_4.jar
  • /data/data/####/umeng_down15.jar
  • /data/data/####/umeng_down17.jar
  • /data/data/####/umeng_down18.jar
  • /data/data/####/umeng_down23_1.jar
  • /data/data/####/umeng_down7.jar
  • /data/data/####/umeng_down9.jar
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/media/####/.YiAds.log
  • /data/media/####/com_v_junior.txt
Miscellaneous:
Executes the following shell scripts:
  • cat /proc/cpuinfo
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5PADDING
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5PADDING
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android