マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.Click.1010

Added to the Dr.Web virus database: 2020-09-24

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Click.363.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) log-re####.com:80
  • TCP(HTTP/1.1) bbq.aa####.cn:80
  • TCP(HTTP/1.1) st####.tin####.com:80
  • TCP(HTTP/1.1) c.c####.com:80
  • TCP(HTTP/1.1) 121f####.cdn.uc####.####.cn:80
  • TCP(HTTP/1.1) m.zhaoji####.cn:80
  • TCP(HTTP/1.1) t####.zhaoji####.cn:80
  • TCP(HTTP/1.1) chec####.cc:80
  • TCP(TLS/1.0) 2####.58.208.106:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) safebro####.google####.com:443
  • TCP(TLS/1.0) 1####.217.19.206:443
  • TCP(TLS/1.0) cdn.jsde####.net:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.2) 1####.217.168.206:443
  • TCP(TLS/1.2) 2####.58.208.106:443
  • TCP bbq.aa####.cn:6666
DNS requests:
  • 360####.org
  • bbq.aa####.cn
  • c.c####.com
  • cdn.jsde####.net
  • cdn.u1.hul####.com
  • chec####.cc
  • connect####.gst####.com
  • i####.c####.com
  • instant####.google####.com
  • log-re####.com
  • m.zhaoji####.cn
  • md####.google####.com
  • p####.google####.com
  • safebro####.google####.com
  • st####.tin####.com
  • t####.zhaoji####.cn
  • v1.c####.com
  • z6.c####.com
HTTP GET requests:
  • 121f####.cdn.uc####.####.cn/g4/M01/51/61/rBAAdl9nSvGAR8DDAAOOI_j4St0757....
  • 121f####.cdn.uc####.####.cn/g4/M01/51/61/rBAAdl9nSvKABCrcAASEangsyI4102....
  • 121f####.cdn.uc####.####.cn/g4/M01/51/61/rBAAdl9nSvKAEpbmAAQG_Yxz7GM417....
  • 121f####.cdn.uc####.####.cn/g4/M01/51/61/rBAAdl9nSvOAJBJjAAMPRkM3rFE966....
  • 121f####.cdn.uc####.####.cn/g4/M01/51/61/rBAAdl9nSvOAWHpFAAM66bQQR-s375....
  • 121f####.cdn.uc####.####.cn/g4/M01/51/61/rBAAdl9nSvSAGv4KAAMGNwp85UM792....
  • 121f####.cdn.uc####.####.cn/g4/M01/51/61/rBAAdl9nSvSAOwuWAANcnMDJko4830....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzy-AAqbOAAE488oQ2V8169....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzy-ADxKqAAEGWxKNVuk435....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzy2AJYIhAAGlmyK2peQ727....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzy6AGsDoAAETrk0w1LI333....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzyqAXCDSAAGtZs8Lb2Y763....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzyuAY-s9AAHHnAT9pgw020....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzyyACIUkAAGmtMe26OU618....
  • 121f####.cdn.uc####.####.cn/g4/M01/55/DD/rBAAdl9qzzGAHXRuAAGQOoYhc3Q411....
  • 121f####.cdn.uc####.####.cn/g4/M01/56/65/rBAAdl9rKSGActPiAAKQvAJdn1U903....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHj-APyeSAAEaOHeUsvo659....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHk2ARr7PAAJD2hirb0o206....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHkCAXtTlAAGs9fG3l4Q088....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHkGAdnVSAACRzGjPBS4291....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHkKAOi6lAACTj4UBuCI240....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHkKAY1l8AACCZpRsu2w930....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHkaAMsdRAAC57uSJTUA526....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHkqAECSMAAClrwazP8M835....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/8D/rBAAdl9sHkuAXxXDAACdoWXbBCE963....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIC-AN_ZFAAG_gewbxI4709....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIC-AeQ9MAAEMOS380jo989....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIC2AFK1FAAGGezsk5is581....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIC6AOvCXAAH_M7W45ig914....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIDCAX5kXAAFX95Wxc-Y149....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIDGAcHh8AAIMO4KAMB4905....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIDGAeiAVAAJogWaIUZs293....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIDKATG9AAAF0MVAGH80867....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/90/rBAAdl9sIDOAK7ejAAFI0aNDgQk606....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/D8/rBAAdl9sXA-ASV5kAAKd9sxPM8c434....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/D8/rBAAdl9sXA-AcKuGAAHDyj5LzKU235....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/D8/rBAAdl9sXA6AapPuAAI_CdN27XU884....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/D8/rBAAdl9sXBCATYfUAAIATq3zfHg492....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/D8/rBAAdl9sXBGASEI8AAJe_jdZu9w375....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scEGAPTQvAAJQViJNjNQ829....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scEKANybwAAI0xlusvHM267....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scEOANgmDAAGp4_ksvnI477....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scESABqliAAHhQTkjlco237....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scESAVaL1AAHTpeYQaPk504....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scEWAHqkjAAGTI7haYWw368....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scEaAVL3nAAE2R_qm3G0825....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scEeAac31AAFiHZQ8tH4900....
  • 121f####.cdn.uc####.####.cn/g4/M01/57/F6/rBAAdl9scEeAe0ZqAAFUU1vr-z8488....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se3-ANre6AAHaTvLrs00777....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se32AS_GgAAGA493umF0579....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se36AVSOSAAICjSBxyKU291....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se3yAdhfGAARqOTpqxvI333....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se4CAPZmaAACrnYWEuiw659....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se4GAWLADAAEQBp63aBk437....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se7-ADzVXAAEnHZiOOks841....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se7-AMRzSAACOUFNZejY592....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se72ANaREAAHBPd2CquY780....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se76Ad6-uAACpfP8VbbA251....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se8CADSUuAAHioF0dXro820....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/05/rBAAdl9se8KAVCcfAAStoxcbobo757....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9se_-AWopzAABkovwJNb4461....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9se_6AYCr8AAEfde24kVg143....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfACARUV-AAIskCd8Ibg613....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfAGAIv3HAAKO0YH42gM546....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfAGAciCQAAE4p57DCp0624....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfAKAEb5pAADf8nMZT7U870....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfECARDfyAAO3zN77qrU991....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfEGAT6IwAAFtl7qfw-c799....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfEKAAkbMAADUPDj_iH0549....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfEKARWT9AACyOpENvuY967....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfEOAHwbsAAFwK5dLR4s273....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfESABBAMAACPUzpkIIU185....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfIGAIZvWAAGlRtG1oSE744....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfIKAVB5SAAJ1JmndSx8518....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfIOAcvtvAAB-nW7YvVU105....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfISAFmkeAAIoPwC8Pmg244....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfISAK5kgAAC90hLPuKI277....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/06/rBAAdl9sfIWANkv1AAC_hxynNJA915....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYWAGljSAADrpYMqN98274....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYWALW6GAAPNq7AI1nE117....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYaAdAkIAADzCS5wcE0827....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYeALGxwAAEIFb9JCdk762....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYeAfB6FAAEXiFFxNV4204....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYiATUARAAIt1MxcnSg199....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYmAQwORAAKKi22AMP8514....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYmASDoRAAECFQ9ntZQ960....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfYqAM324AAFFht8RxJo454....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfdCAQ3_AAAD9FVr-nrY837....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfdCAdcfiAADqTmXIcGE688....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfdGAH_AFAADglxKd84Y039....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfdGAd-2FAAElbmJVnvI504....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/07/rBAAdl9sfdOALCsLAACJL9fedvY201....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/08/rBAAdl9sfd2AWB6pAAMJEAdAWX4575....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/08/rBAAdl9sfdOAMSH5AAFaAiw-aVM066....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/08/rBAAdl9sfmOAfZDBAALsATuUUlc211....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/08/rBAAdl9sfoSAOzfEAANSwcCpVf418.j...
  • 121f####.cdn.uc####.####.cn/g4/M01/58/08/rBAAdl9sfoaABDvjAAMwKq-aKUg35.j...
  • 121f####.cdn.uc####.####.cn/g4/M01/58/08/rBAAdl9sfoeABz1gAANR6nHWItk06.j...
  • 121f####.cdn.uc####.####.cn/g4/M01/58/09/rBAAdl9sfxCAPer0AAIlQIkv584440....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/09/rBAAdl9sfyCAReS0AAFzA8lbHLU656....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/09/rBAAdl9sfyGAFkpUAAJBdpUk2HY935....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/09/rBAAdl9sfyKAS4NLAAHlh-w6FCI281....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/09/rBAAdl9sfyOAd9KkAAMfAYLjTXk269....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/09/rBAAdl9sfySADzx1AAM2XqzdvQM033....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/09/rBAAdl9sfySAJefUAAK-1R93KSA210....
  • 121f####.cdn.uc####.####.cn/g4/M01/58/0A/rBAAdl9sf2iAY_mnAACSvLO31KU942....
  • 121f####.cdn.uc####.####.cn/g4/M02/CC/D4/rBAAdl8bl5WAJMzjAANOrp7grR4309....
  • c.c####.com/core.php?web_id=####&show=####&t=####
  • c.c####.com/img/pic.gif
  • c.c####.com/z_stat.php?id=####&show=####
  • chec####.cc/feature/config?api_version=####&app_id=####&app_version=####...
  • chec####.cc/jd?a=####&av=####&d=####&p=####&v=####&vc=####
  • m.zhaoji####.cn/MTImg/index3.html
  • m.zhaoji####.cn/MTImg/src/scripts/apphf.js
  • m.zhaoji####.cn/MTImg/src/scripts/gallery-columns.js
  • m.zhaoji####.cn/MTImg/src/scripts/modal.js
  • m.zhaoji####.cn/MTImg/src/scripts/promise.js
  • m.zhaoji####.cn/MTImg/src/scripts/utils.js
  • m.zhaoji####.cn/MTImg/src/styles/gallery-columns.css
  • m.zhaoji####.cn/MTImg/src/styles/modal.css
  • m.zhaoji####.cn/MTImg/src/styles/spinner.css
  • m.zhaoji####.cn/favicon.ico
  • m.zhaoji####.cn/js/jquery-1.11.0.js
  • m.zhaoji####.cn/plugins/layer.mobile-v2.0/layer_mobile/layer.js
  • m.zhaoji####.cn/plugins/layer.mobile-v2.0/layer_mobile/need/layer.css
  • m.zhaoji####.cn/plugins/layer.mobile-v2.0/layer_mobile/need/layer.css?2#...
  • m.zhaoji####.cn/plugins/layui/layui.js
  • st####.tin####.com/static/ij-cloud/cs/google_analytics_6.aar
  • z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
HTTP POST requests:
  • bbq.aa####.cn/classes2.dat
  • log-re####.com/report
  • t####.zhaoji####.cn/images/imagelist?sort_by=####&start=####
File system changes:
Creates the following files:
  • /data/data/####/0034409157c3bb46_0
  • /data/data/####/005664ac6186478f_0
  • /data/data/####/007ff1c4831fd372_0
  • /data/data/####/09a038fbe3901d32_0
  • /data/data/####/0bdc09415a07eb4c_0
  • /data/data/####/0cb65d18d17ea93b_0
  • /data/data/####/0cd0feac451b59b2_0
  • /data/data/####/102eaf29ac5d9072_0
  • /data/data/####/167be6d0df8257a3_0
  • /data/data/####/1680c5a192c5a5fb_0
  • /data/data/####/179c3383d5497973_0
  • /data/data/####/17e60f15a90b1396_0
  • /data/data/####/191514227fd78695_0
  • /data/data/####/19d31a558831ffa5_0
  • /data/data/####/1ef9bc1e0b3fcd40_0
  • /data/data/####/223377664f955e5d_0
  • /data/data/####/223377664f955e5d_1
  • /data/data/####/231ddae3f5473301_0
  • /data/data/####/23d45186742e7e70_0
  • /data/data/####/26b0b1286a304331_0
  • /data/data/####/2842bc38a1a75a24_0
  • /data/data/####/2e61756df95dce3e_0
  • /data/data/####/2e6729c7d017510c_0
  • /data/data/####/31ea3ca59921086b_0
  • /data/data/####/32a33c1d7ec6e909_0
  • /data/data/####/35032a02174f7852_0
  • /data/data/####/39c34cf7ad97ee20_0
  • /data/data/####/3a4467ab1b0e0773_0
  • /data/data/####/3ad62386b114bb03_0
  • /data/data/####/3c9740cd18834d71_0
  • /data/data/####/3de059ad0e40da1f_0
  • /data/data/####/407986a8761c9bdc_0
  • /data/data/####/41a2747bebb86f8d_0
  • /data/data/####/444f011ffd464aef_0
  • /data/data/####/464443b7b314bb02_0
  • /data/data/####/4895c631de29f52b_0
  • /data/data/####/4b4f033ae28e7106_0
  • /data/data/####/4d91627cca269bd4_0
  • /data/data/####/4e2f91a89947fddb_0
  • /data/data/####/51e67b6ca9398768_0
  • /data/data/####/53aeda0e5e606820_0
  • /data/data/####/550880345bf7e88e_0
  • /data/data/####/56b4b6dea9af0903_0
  • /data/data/####/5855a24351753e32_0
  • /data/data/####/58ce374c364735c4_0
  • /data/data/####/5a4b31bb7edab1c3_0
  • /data/data/####/5a5bf224c9c13b51_0
  • /data/data/####/5c79987012471a70_0
  • /data/data/####/5c9b03e4e168039a_0
  • /data/data/####/5d12cda07bd6f92a_0
  • /data/data/####/5eea009fb0ef0fb8_0
  • /data/data/####/668b72bf7b1341af_0
  • /data/data/####/66cf4ffddd6df872_0
  • /data/data/####/69e9d1e54830bcb6_0
  • /data/data/####/6a34d8eaa061779a_0
  • /data/data/####/6ab6a3c5a156eb42_0
  • /data/data/####/6b1a04e5f01564f5_0
  • /data/data/####/6eb7f4c9ac01aaa3db784d0b435a2c12
  • /data/data/####/7450cb54134ea9bd_0
  • /data/data/####/7540dab1a066d6d6_0
  • /data/data/####/7540dab1a066d6d6_1
  • /data/data/####/7741f45571a825b9_0
  • /data/data/####/7a8eb7fa36d58fc5_0
  • /data/data/####/7aa50740f0562d7e_0
  • /data/data/####/7aa50740f0562d7e_1
  • /data/data/####/7b3e29cea21687b3_0
  • /data/data/####/7b867428e29b76ee_0
  • /data/data/####/7eac5a0421361ade_0
  • /data/data/####/801a4a9c14b2ac17_0
  • /data/data/####/86b48251bd13dbbe_0
  • /data/data/####/885f32d7245a8c3b_0
  • /data/data/####/8acc94a54786fd42_0
  • /data/data/####/8acc94a54786fd42_1
  • /data/data/####/8ca0d3b0bd397b8d_0
  • /data/data/####/8cdfdc47f4fb68a1_0
  • /data/data/####/9152f097dbd79926_0
  • /data/data/####/92728a0707103f63_0
  • /data/data/####/94a5663f6ca384f6_0
  • /data/data/####/987da6ccaa20347d_0
  • /data/data/####/9ab625c5bde17efc_0
  • /data/data/####/9b8e47d2e8fd0935_0
  • /data/data/####/9f3c7bc6647584dc_0
  • /data/data/####/AdBlocker.lua
  • /data/data/####/BaseFunlib.lua
  • /data/data/####/CBGr2.xml
  • /data/data/####/Cookies-journal
  • /data/data/####/FirstRun
  • /data/data/####/Util.lua
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/__ic_close.png
  • /data/data/####/__ic_delete.png
  • /data/data/####/__ic_fltbtn.png
  • /data/data/####/__ic_menu.png
  • /data/data/####/__ic_more.png
  • /data/data/####/__ic_search.png
  • /data/data/####/a0bb8b636ae10d29_0
  • /data/data/####/a0d35a7c8d0f330a_0
  • /data/data/####/a0f8e3ca230fe049_0
  • /data/data/####/a1bce672c65c750c_0
  • /data/data/####/a1e965e589caeb99_0
  • /data/data/####/a2a1ee2f83703ace_0
  • /data/data/####/a7deb603da24a296_0
  • /data/data/####/a937e31bc35688b6_0
  • /data/data/####/a9425b35d5b44316_0
  • /data/data/####/aad0dd38545c8545_0
  • /data/data/####/addb2aef72113448_0
  • /data/data/####/af3c1282dbf9f2a2_0
  • /data/data/####/appInfo.xml
  • /data/data/####/appInfo.xml.bak
  • /data/data/####/assets_token.txt
  • /data/data/####/b1094f260edcec1c_0
  • /data/data/####/b15251828bc73753_0
  • /data/data/####/b371f4f596a8e218_0
  • /data/data/####/b670437d5dabd5ff_0
  • /data/data/####/b78599b90782459f_0
  • /data/data/####/bf7e4f8f3d96e4c8_0
  • /data/data/####/bfbc71c67175a655_0
  • /data/data/####/c0a0b52e4374ea00_0
  • /data/data/####/c0a0b52e4374ea00_1
  • /data/data/####/c481597fefe9edc6_0
  • /data/data/####/c992bf37c7bff41f_0
  • /data/data/####/classes2.dat
  • /data/data/####/classes2.dex (deleted)
  • /data/data/####/classes2.dex.flock (deleted)
  • /data/data/####/cloudinject
  • /data/data/####/cloudinject.apk
  • /data/data/####/cloudinject.dex
  • /data/data/####/cloudinject.dex.flock (deleted)
  • /data/data/####/com.MyFusApp.meitui_preferences.xml
  • /data/data/####/conf.xml
  • /data/data/####/config.lua
  • /data/data/####/d0bdc654b47d36cd_0
  • /data/data/####/d2a2dcd7221bcaaa_0
  • /data/data/####/d30003283daa8d1e_0
  • /data/data/####/d48d98b7f749ffd9_0
  • /data/data/####/d4e64674bc50b99f_0
  • /data/data/####/d67878ad0a638c0e_0
  • /data/data/####/d695fc9d7e7ca0e0_0
  • /data/data/####/d775614f60a57deb_0
  • /data/data/####/d775614f60a57deb_1
  • /data/data/####/d8c99c794ad7bbc2_0
  • /data/data/####/d8f219c090b90efa_0
  • /data/data/####/e0ecfb76dd4954f1_0
  • /data/data/####/e4ae16132e834b26_0
  • /data/data/####/e5dab3a766cb90bd_0
  • /data/data/####/e7cd47debb6b0027_0
  • /data/data/####/e8d5ebd90ce4a16f_0
  • /data/data/####/e9596e42d78a5c8a_0
  • /data/data/####/e9a70e33cf0b4961_0
  • /data/data/####/e9c12f156d4a5290_0
  • /data/data/####/ea2732e773ec70d8_0
  • /data/data/####/ea60c6ed5276b4ae_0
  • /data/data/####/eb427b4f0d0e5509_0
  • /data/data/####/eda24304ae5fe851_0
  • /data/data/####/eda24304ae5fe851_1
  • /data/data/####/ef2669e9ad7e4c84_0
  • /data/data/####/f11bc703f2a078f1_0
  • /data/data/####/f31b7724879aa053_0
  • /data/data/####/f6c0e1afb25c53dd_0
  • /data/data/####/f746fc787885d547_0
  • /data/data/####/farmer_inject
  • /data/data/####/ffe53233796211ed_0
  • /data/data/####/fly.key
  • /data/data/####/funlib.lua
  • /data/data/####/import.lua
  • /data/data/####/index
  • /data/data/####/init.lua
  • /data/data/####/launch.txt
  • /data/data/####/listitem_sidelvw.lua
  • /data/data/####/loadBar.lua
  • /data/data/####/loadbitmap.lua
  • /data/data/####/loadlayout.lua
  • /data/data/####/loadmenu.lua
  • /data/data/####/main.lua
  • /data/data/####/metrics_guid
  • /data/data/####/popMenuFunc.lua
  • /data/data/####/proc_auxv
  • /data/data/####/searchbar.lua
  • /data/data/####/sidebar.lua
  • /data/data/####/sss.xml
  • /data/data/####/the-real-index
  • /data/data/####/tool_bar.lua
  • /data/data/####/utils.lua
  • /data/data/####/welcome.png
  • /data/media/####/crash.txt
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/cloudinject.apk --oat-fd=34 --oat-location=/data/user/0/<Package>/files/cloudinject.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/classes2.dat --oat-fd=52 --oat-location=/data/user/0/<Package>/cache/dynamic/classes2.dex --compiler-filter=speed
Uses the following algorithms to encrypt data:
  • AES-ECB-PKCS5Padding
  • DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES-ECB-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
Gets information about network.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android