ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.Click.1584

Added to the Dr.Web virus database: 2022-03-05

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Click.345.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) 1####.200.90.194:80
  • TCP(HTTP/1.1) 10####.admast####.com:99
  • TCP(HTTP/1.1) p####.pc####.com.cn:80
  • TCP(HTTP/1.1) js.let####.com.####.com:80
  • TCP(HTTP/1.1) ad.l####.com:80
  • TCP(HTTP/1.1) t####.a####.top:80
  • TCP(HTTP/1.1) 10####.admast####.com:808
  • TCP(HTTP/1.1) c####.jumen####.com:80
  • TCP(HTTP/1.1) fa####.sg.shu####.com:80
  • TCP(HTTP/1.1) app.a####.top:80
  • TCP(HTTP/1.1) f####.l####.com:80
  • TCP(HTTP/1.1) co####.ssp.adoc####.com:80
  • TCP(HTTP/1.1) mht####.yuel####.com.####.com:80
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) u####.gol####.s####.com:80
  • TCP(HTTP/1.1) my-imai####.b0.a####.com:80
  • TCP(HTTP/1.1) newap####.math####.cn:80
  • TCP(HTTP/1.1) mh####.b0.a####.com:80
  • TCP(HTTP/1.1) m####.t####.sogo####.####.com:80
  • TCP(HTTP/1.1) api.a####.ads####.cn:80
  • TCP(HTTP/1.1) tpy.dspliul####.com:99
  • TCP(HTTP/1.1) j####.qq.com:80
  • TCP(HTTP/1.1) filt####.a####.top:80
  • TCP(HTTP/1.1) res####.a####.top:80
  • TCP(HTTP/1.1) p####.api.adoc####.com:80
  • TCP(HTTP/1.1) www-new####.b0.a####.com:80
  • TCP(HTTP/1.1) 47.1####.211.73:80
  • TCP(HTTP/1.1) b####.bugse####.com:80
  • TCP(TLS/1.0) ip.ws.1####.net:443
  • TCP(TLS/1.0) c####.hh####.com:443
  • TCP(TLS/1.0) prd-le####.cdp.inte####.####.com:443
  • TCP(TLS/1.0) j####.qq.com:443
  • TCP(TLS/1.0) c####.x####.com.####.com:443
  • TCP(TLS/1.0) lhyysdk####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) co####.uca.c####.####.com:443
  • TCP(TLS/1.0) c.c####.com:443
  • TCP(TLS/1.0) api.bamenzh####.com:443
  • TCP(TLS/1.0) 1####.250.179.174:443
  • TCP(TLS/1.0) p####.pc####.com.cn:443
  • TCP(TLS/1.0) www.ju####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) www.face####.com:443
  • TCP(TLS/1.0) www.mm####.com:443
  • TCP(TLS/1.0) 1####.250.179.138:443
  • TCP(TLS/1.0) z.c####.com:443
  • TCP(TLS/1.0) ser####.e####.s####.com:443
  • TCP(TLS/1.0) 1142864####.cn-hang####.fc.####.com:443
  • TCP(TLS/1.0) l####.b####.com:443
  • TCP(TLS/1.0) gm.mm####.com:443
  • TCP(TLS/1.0) we####.m.qq.####.com:443
  • TCP(TLS/1.0) googl####.g.doublec####.net:443
  • TCP(TLS/1.0) www.t####.com:443
  • TCP(TLS/1.0) t####.sogo####.com.####.com:443
  • TCP(TLS/1.2) 1####.251.39.106:443
  • TCP(TLS/1.2) 1####.250.179.174:443
  • TCP(TLS/1.2) 1####.217.168.195:443
DNS requests:
  • 1####.zhit####.com
  • 10####.admast####.com
  • 603.a####.top
  • 603.a####.top.####.8
  • ad.l####.com
  • adp.ca####.com
  • api.a####.ads####.cn
  • api.bamenzh####.com
  • app.a####.top
  • apple####.le.com
  • b####.bugse####.com
  • b####.bugse####.com
  • b####.t####.s####.com
  • b####.t####.sogo####.com
  • ba####.le.com
  • c####.hh####.com
  • c####.jumen####.com
  • c####.mm####.com
  • c####.x####.com.cn
  • c####.zhit####.com
  • c.c####.com
  • cdp.c####.uni####.com
  • co####.ssp.adoc####.com
  • co####.uca.c####.####.com
  • css.let####.com
  • eff.lu.s####.com
  • f####.l####.com
  • fa####.sg.shu####.com
  • fc.b####.com
  • filt####.a####.top
  • gif.lu.sogo####.com
  • googl####.g.doublec####.net
  • h5.ima####.com
  • hm.b####.com
  • i.iqt####.com
  • i.iqt####.com.####.8
  • i0.let####.com
  • i1.let####.com
  • i2.let####.com
  • i3.let####.com
  • ip.ws.1####.net
  • ius.mer####.s####.com
  • j####.qq.com
  • jpg.i####.sogo####.com
  • js.let####.com
  • jst####.let####.com
  • l####.b####.com
  • lhyysdk####.oss-cn-####.aliy####.com
  • m####.fa####.info
  • m####.le.com
  • m####.t####.sogo####.com
  • mht####.yuel####.com
  • newap####.math####.cn
  • omg.i####.sogo####.com
  • on####.c####.com
  • osc.ur####.s####.com
  • p####.api.adoc####.com
  • p####.bugse####.com
  • p####.gol####.s####.com
  • p####.gou.s####.com
  • p####.pc####.com.cn
  • p####.puqi####.cn
  • pv.s####.com
  • qhl.be####.s####.com
  • qxm.p####.s####.com
  • r####.mer####.s####.com
  • res####.a####.top
  • s13.c####.com
  • s4.c####.com
  • s5.c####.com
  • s9.c####.com
  • s96.c####.com
  • ser####.e####.s####.com
  • st####.let####.com
  • t####.a####.top
  • t####.fa####.info
  • t####.sogo####.com
  • tpy.dspliul####.com
  • u####.a####.top
  • u####.dspliul####.com
  • u####.gol####.s####.com
  • v1.c####.com
  • w####.pcon####.com.cn
  • we####.m.qq.com
  • wu####.e####.s####.com
  • www.face####.com
  • www.ju####.com
  • www.mm####.com
  • www.new####.com
  • www.t####.com
  • x####.ur####.s####.com
  • y####.mer####.s####.com
  • y####.p####.s####.com
  • z12.c####.com
  • z2.c####.com
  • z3.c####.com
  • z6.c####.com
  • z9.c####.com
HTTP GET requests:
  • 10####.admast####.com:808/1020p/index.html
  • 10####.admast####.com:99/1020yy/index.html
  • 10####.admast####.com:99/bu1/1770.html
  • 10####.admast####.com:99/newcar/index.html
  • 10####.admast####.com:99/pctja.html
  • 10####.admast####.com:99/wap/index.html
  • 10####.admast####.com:99/wts/index.html
  • 1142864####.cn-hang####.fc.####.com:443/qs/?pa=####
  • ad.l####.com/sdk_ad
  • api.bamenzh####.com:443/api/platform/v1/cloud-injection/info?terminal=##...
  • app.a####.top/anshuaControl.json
  • app.a####.top/api.json
  • app.a####.top/pingpaiAD.json
  • b####.bugse####.com/sdk_ad
  • c####.jumen####.com/flow_control.php
  • c####.jumen####.com/init.php
  • co####.ssp.adoc####.com/api/v2/SDKActiveConfig?version=####&channelCode=...
  • co####.ssp.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=...
  • co####.ssp.adoc####.com/api/v3/mgmConfig?channelCode=####&version=####&a...
  • f####.l####.com/?site=####
  • f####.l####.com/ds?pv=####&code=####&_=####
  • fa####.sg.shu####.com/
  • fa####.sg.shu####.com/static/js/tx-click.js
  • fa####.sg.shu####.com/uc.html?ipv4=####&ipv6=####&ua=####&screen_w=####&...
  • filt####.a####.top/filter_control_603.json
  • gd.a.s####.com/cityjson?ie=####
  • j####.qq.com/get?api=####
  • js.let####.com.####.com/lc02_lemf/202007/03/03/56/1576_400_225.jpg
  • js.let####.com.####.com/lc02_lemf/202007/17/18/32/31172019446514_400_225...
  • js.let####.com.####.com/lc02_p/201709/05/11/18/hv2.png
  • js.let####.com.####.com/lc03_css/202201/13/17/12/mcss/m_new_index.css
  • js.let####.com.####.com/lc03_js/202112/23/15/40/lem/homeChannel-hot_tgdk...
  • js.let####.com.####.com/lc03_lemf/202007/03/23/38/31214_400_225.jpg
  • js.let####.com.####.com/lc04_img/201803/06/10/38/logo.png
  • js.let####.com.####.com/lc04_js/202007/21/15/42/clipboard.min.js
  • js.let####.com.####.com/lc04_lemf/202007/05/18/59/87644_400_225.jpg
  • js.let####.com.####.com/lc06_img/201602/29/16/21/ghs.png
  • js.let####.com.####.com/lc06_img/201803/01/15/21/220_122.png
  • js.let####.com.####.com/lc06_lemf/202007/17/01/13/31172024842826_400_225...
  • js.let####.com.####.com/lc07_lemf/202007/03/01/27/97305_400_225.jpg
  • js.let####.com.####.com/lc07_lemf/202007/03/05/09/13541_400_225.jpg
  • js.let####.com.####.com/lc07_lemf/202007/18/05/07/31172027353773_400_225...
  • js.let####.com.####.com/lc07_phone/201708/09/16/14/1600/icomoon.ttf
  • js.let####.com.####.com/lc12_yunzhuanma/202007/09/16/16/1e9f13d3a7fba002...
  • js.let####.com.####.com/sdk/passport.js
  • lhyysdk####.oss-cn-####.aliy####.com:443/controlup603.json
  • lhyysdk####.oss-cn-####.aliy####.com:443/new_channl_603.json
  • m####.t####.sogo####.####.com/wap/js/aw.js
  • mh####.b0.a####.com/sdk/cj025_cj025.html
  • mht####.yuel####.com.####.com/mh0716110.html
  • mht####.yuel####.com.####.com/mh0716201.html
  • mht####.yuel####.com.####.com/mh6541013501.html
  • my-imai####.b0.a####.com/
  • my-imai####.b0.a####.com/8ewnur.js?key=####
  • my-imai####.b0.a####.com/8juendue.js?key=####
  • my-imai####.b0.a####.com/col12.js?key=####
  • newap####.math####.cn/ssp/mgm/task?taskId=####&ip=####&send_ts=####
  • p####.api.adoc####.com/ip
  • res####.a####.top/LHYY.png
  • res####.a####.top/sdk13_2.png
  • res####.a####.top/sdk2.png
  • res####.a####.top/sdk24.png
  • res####.a####.top/sdk25.png
  • res####.a####.top/sdk5.png
  • t####.a####.top/anshua.json
  • t####.a####.top/req.json
  • tpy.dspliul####.com:99/ip/index.html
  • tpy.dspliul####.com:99/tpy/index.htm
  • u####.gol####.s####.com/ask?id=####&ssi0=####&cb=####&af=####&sohuurl=##...
  • u####.gol####.s####.com/ask?id=1176782&ssi0=1794&cb=SOGOU_STAR_SETJSONAD...
  • u####.gol####.s####.com/wap_ask_service?callback=####&url=####
  • u####.gol####.s####.com/wap_ask_service?callback=SOGOU_STAR_URL_CALLBACK...
  • u####.gol####.s####.com/wapxml?_v=####&id=####&w=####&h=####&fv=####&mi=...
  • www-new####.b0.a####.com/index1.html
HTTP POST requests:
  • api.a####.ads####.cn/thirdparty/sapi/chn
  • co####.uca.c####.####.com:443/
  • newap####.math####.cn/titan/monitor/device_info
  • p####.pc####.com.cn/ip.jsp
  • prd-le####.cdp.inte####.####.com:443/v1/events
File system changes:
Creates the following files:
  • /data/data/####/.hptc.cache_com.mobirix.mdk
  • /data/data/####/.hptc_kache_com.mobirix.mdk
  • /data/data/####/00ba7134a40d5a65_0
  • /data/data/####/023e1130660e2748_0 (deleted)
  • /data/data/####/039f1b4eab2cea3e_0
  • /data/data/####/0538cbafab7db87d_0
  • /data/data/####/0538cbafab7db87d_1
  • /data/data/####/067fe18c4d311cfe_0
  • /data/data/####/09af06b9790ead59_0
  • /data/data/####/0b146f60326a1d6e_0
  • /data/data/####/0b7b705d809ee77c_0
  • /data/data/####/0c833a01c02adf56_0
  • /data/data/####/0d3da6c12ae79939_0
  • /data/data/####/0d8f251c673e3914_0
  • /data/data/####/0dcf9374e8d0aa20e66245049c41b0d5.db
  • /data/data/####/0ec1e512cf99319d_0 (deleted)
  • /data/data/####/0fe1c4ecbab465ed_0
  • /data/data/####/0ff64be740675a50_0
  • /data/data/####/11603ee96dcb54b7_0
  • /data/data/####/11603ee96dcb54b7_1
  • /data/data/####/11705a964e6a4fef_0 (deleted)
  • /data/data/####/13_2.dex
  • /data/data/####/13_2.dex.flock (deleted)
  • /data/data/####/13_2.jar
  • /data/data/####/1557357152169.dex
  • /data/data/####/1557357152169.dex.flock (deleted)
  • /data/data/####/1557357152169.jar
  • /data/data/####/1557357152169.tmp
  • /data/data/####/161e70e879107a4f_0 (deleted)
  • /data/data/####/1714af51f380b9f7_0
  • /data/data/####/18d580cca51ed4b1_0
  • /data/data/####/1910134316
  • /data/data/####/192448ea1846cd6e_0
  • /data/data/####/192448ea1846cd6e_1
  • /data/data/####/19ed84ebe10bd060_0
  • /data/data/####/1a1e626eda63b77e_0
  • /data/data/####/1aa96c11ffb59105_0
  • /data/data/####/1d7fa182578aae81_0
  • /data/data/####/1f5356dd94c031bc_0
  • /data/data/####/2.dex
  • /data/data/####/2.dex.flock (deleted)
  • /data/data/####/2.jar
  • /data/data/####/20c59d247f95160f_0
  • /data/data/####/21889ce22a7e388f_0 (deleted)
  • /data/data/####/24.dex
  • /data/data/####/24.dex.flock (deleted)
  • /data/data/####/24.jar
  • /data/data/####/25.dex
  • /data/data/####/25.dex.flock (deleted)
  • /data/data/####/25.jar
  • /data/data/####/257fddfe63e73dd1_0
  • /data/data/####/257fddfe63e73dd1_1
  • /data/data/####/258ccf91a127b13e_0
  • /data/data/####/265a7b4bf9d14e97_0
  • /data/data/####/287d6300f1f7b90a_0
  • /data/data/####/2d1a08bba839bf27_0
  • /data/data/####/2d1a08bba839bf27_1
  • /data/data/####/2d462646000131fc_0
  • /data/data/####/2e5391a6ce31f667_0
  • /data/data/####/2e5391a6ce31f667_1
  • /data/data/####/2fb1ef815257323e_0
  • /data/data/####/2fc33fe21cdd6ca5_0
  • /data/data/####/3078b5e9ad131b6c_0 (deleted)
  • /data/data/####/3098ceaa079f2cbf_0 (deleted)
  • /data/data/####/31f7e32e8e8e8faa_0
  • /data/data/####/31f7e32e8e8e8faa_1
  • /data/data/####/3327275
  • /data/data/####/33d313b8aad4f69e_0
  • /data/data/####/33e039986099a747_0 (deleted)
  • /data/data/####/34e69f2d8633a0fc_0 (deleted)
  • /data/data/####/34f1ba89c43d93a3_0
  • /data/data/####/34f1ba89c43d93a3_1
  • /data/data/####/358d4916b28446a6_0
  • /data/data/####/3686a97187b73c52_0
  • /data/data/####/3716fbaa7a11da06_0
  • /data/data/####/3ab893797e55b339_0
  • /data/data/####/3d100e50f130a720_0
  • /data/data/####/3e37e4e92be0c9fe_0 (deleted)
  • /data/data/####/3ea02529807ba40d_0
  • /data/data/####/3ec68a4cd9f52984_0
  • /data/data/####/3f3b25e5049cfb92_0
  • /data/data/####/3fabb997fb3ef2ae_0 (deleted)
  • /data/data/####/3fd928a933ce0865_0
  • /data/data/####/4022cb391721268b_0 (deleted)
  • /data/data/####/424961eba0ff4faf_0
  • /data/data/####/42acf331743fec7b_0
  • /data/data/####/42ba9dfa2492e81e_0
  • /data/data/####/42e472787e3368c1_0
  • /data/data/####/43aaf72ab0f555fd_0
  • /data/data/####/441681f9d08bfcf0_0
  • /data/data/####/441681f9d08bfcf0_1
  • /data/data/####/4552b8b28fd7c5f1_0 (deleted)
  • /data/data/####/465c7ad24985a8b3_0
  • /data/data/####/465c7ad24985a8b3_1
  • /data/data/####/4736b17281cdab79_0
  • /data/data/####/48e0e478918c47f2_0 (deleted)
  • /data/data/####/48f43b1c8456e8e7_0
  • /data/data/####/4aa200d86c7e98d2_0
  • /data/data/####/4b9d13619896682a_0
  • /data/data/####/4d6120cc84405e65_0
  • /data/data/####/4dc5c63cc8ea8439_0 (deleted)
  • /data/data/####/4ddb61631bdd8db0_0
  • /data/data/####/4f4b7d4121de5e3f_0
  • /data/data/####/4fe7bd89a01cf83a_0
  • /data/data/####/5.dex
  • /data/data/####/5.dex.flock (deleted)
  • /data/data/####/5.jar
  • /data/data/####/5228bac5657be912_0
  • /data/data/####/5228bac5657be912_1
  • /data/data/####/53da9b3e14d4e228_0
  • /data/data/####/53da9b3e14d4e228_1
  • /data/data/####/543402702d19f7f8_0
  • /data/data/####/54d97946811c6d06_0
  • /data/data/####/5815eae3aa02f659_0
  • /data/data/####/5957b3b05c27e363_0
  • /data/data/####/5957b3b05c27e363_1
  • /data/data/####/5a251d8bb2d0f144_0 (deleted)
  • /data/data/####/5bdc79785c518683_0
  • /data/data/####/5e2924653cf56419_0 (deleted)
  • /data/data/####/5e9f7821d7dd7849_0
  • /data/data/####/60f6a91d7792caa6_0
  • /data/data/####/63398a5548b0821d_0 (deleted)
  • /data/data/####/67eb1ae63b0163a9_0
  • /data/data/####/688bdb2e84b6a043_0
  • /data/data/####/69d01a096f79b1b4_0 (deleted)
  • /data/data/####/6a420ef483236dd1_0
  • /data/data/####/6ada9843cca693042c76cd0f856f8457.db
  • /data/data/####/6b178f70f5d5b1aa_0
  • /data/data/####/6b1b7859e20c2ee1_0
  • /data/data/####/6bbc5af5ad542fbf_0
  • /data/data/####/6deff8892c63e466_0
  • /data/data/####/6faf4d4d45e0f142_0
  • /data/data/####/70651a9cce609b86_0
  • /data/data/####/7290489c4cad17a6_0
  • /data/data/####/74a20616b579f6c0_0
  • /data/data/####/74a20616b579f6c0_1
  • /data/data/####/74a2e7bbcf90778c_0
  • /data/data/####/74cc40abe940518b_0
  • /data/data/####/7577dc3d71e51e06_0
  • /data/data/####/758995a33be289037d39e226f6a077b8.db
  • /data/data/####/76a16fffd99027ec_0
  • /data/data/####/76ca32cbd151ffea_0 (deleted)
  • /data/data/####/775989658c27b7a4_0
  • /data/data/####/7768ff14647278d0_0
  • /data/data/####/7768ff14647278d0_1
  • /data/data/####/77c3269910ed0dfb_0
  • /data/data/####/77f8447aa6713453_0
  • /data/data/####/782792624ddaade5_0
  • /data/data/####/7848781868e07891_0 (deleted)
  • /data/data/####/78b47849a38433ef_0
  • /data/data/####/79c3420b7c5af435_0
  • /data/data/####/7a5a74bfee19fc9b_0
  • /data/data/####/7ab8af3b0780b0fc_0
  • /data/data/####/7b4862cd54e253cf_0 (deleted)
  • /data/data/####/7c6f62cb0f238c2a_0
  • /data/data/####/7c6f62cb0f238c2a_1
  • /data/data/####/7c99b6955eb2950a_0
  • /data/data/####/7ce635153cfa707b_0
  • /data/data/####/7ddbcc84a552a4b3_0
  • /data/data/####/7e4d2a4937a371e9_0
  • /data/data/####/7f73ea0ddda7902a_0 (deleted)
  • /data/data/####/82d7d625a269c0ec_0
  • /data/data/####/82d7d625a269c0ec_1
  • /data/data/####/834ff84c6f4ffe16_0
  • /data/data/####/8437972409d291b7_0 (deleted)
  • /data/data/####/851b8ca8c4cdb47e_0
  • /data/data/####/85d67f99e81b7178_0
  • /data/data/####/87f859368cd280b0_0
  • /data/data/####/87f859368cd280b0_1
  • /data/data/####/89493665e5e004b6_0
  • /data/data/####/89b22e246efee63c_0 (deleted)
  • /data/data/####/89d88a9245b622bd_0
  • /data/data/####/8b1949d31b969f53_0
  • /data/data/####/8b1f725f9aed5604_0
  • /data/data/####/8be546bf03ddce82_0
  • /data/data/####/8d1311679cbf6386_0
  • /data/data/####/8dec4419c95b8e12_0
  • /data/data/####/8e3b096d76fb544b_0
  • /data/data/####/8fac859f3cdc9ef9_0 (deleted)
  • /data/data/####/905c184afabb4bc5_0
  • /data/data/####/905c184afabb4bc5_1
  • /data/data/####/91c0612f7cba5c37_0
  • /data/data/####/92f12593618a46f1_0
  • /data/data/####/92f449280445a5dc_0
  • /data/data/####/935a5cd821ad59fe_0 (deleted)
  • /data/data/####/94121d50840a69eb_0
  • /data/data/####/94255274155f80ad_0
  • /data/data/####/984dad8539d598dc_0
  • /data/data/####/984dad8539d598dc_1
  • /data/data/####/985958d976619751_0
  • /data/data/####/985958d976619751_1
  • /data/data/####/9b0858da111e9bd1_0
  • /data/data/####/9c4581b3dd8b8f7e_0
  • /data/data/####/9c9556511696accf_0
  • /data/data/####/9ef98f07e8de0ef4_0
  • /data/data/####/9ef98f07e8de0ef4_1
  • /data/data/####/9efadab5412d5a31_0
  • /data/data/####/BmCloudPlugin.apk
  • /data/data/####/BmCloudPlugin.dex
  • /data/data/####/BmCloudPlugin.dex.flock (deleted)
  • /data/data/####/Cookies-journal
  • /data/data/####/FBAdPrefs_adnw.xml
  • /data/data/####/SDKIDFA_adnw.xml
  • /data/data/####/Web Data
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/XkdjsIx132mMcomm.xml
  • /data/data/####/XkdjsIx132mMskey1.xml
  • /data/data/####/a0c9dd1f16cfb5ae_0
  • /data/data/####/a25738362fab654a_0
  • /data/data/####/a4eed51770e3fc5e_0
  • /data/data/####/a5a75ff94e45e803_0
  • /data/data/####/a5fcf051cd4f0889_0
  • /data/data/####/a6a8406c16cd0951_0 (deleted)
  • /data/data/####/a86cdb0c6854dae8_0
  • /data/data/####/a8bbe86505de3533_0
  • /data/data/####/aa3117bb135afda1_0
  • /data/data/####/aa6f29f1f96962eb_0 (deleted)
  • /data/data/####/aaa07bee4aa3d3ce_0
  • /data/data/####/acc4afdde1567999_0
  • /data/data/####/af5fc73c7ab0251c_0
  • /data/data/####/af5fc73c7ab0251c_1
  • /data/data/####/afc432ee41dd7f5a_0
  • /data/data/####/afc432ee41dd7f5a_1
  • /data/data/####/audience_network.dex
  • /data/data/####/audience_network.dex.flock (deleted)
  • /data/data/####/b2d11058180eab9f_0
  • /data/data/####/b366c17e8bc49930_0 (deleted)
  • /data/data/####/b3c9cebe1c246edc_0
  • /data/data/####/b6c5f70070184d6d_0
  • /data/data/####/b75058728ee5d442_0
  • /data/data/####/b75058728ee5d442_1
  • /data/data/####/b7c4490dcbffa7c5_0
  • /data/data/####/b8bcf3b15bc2948a_0
  • /data/data/####/b98404bc758bccf6_0
  • /data/data/####/ba0d0e4152af717d_0
  • /data/data/####/ba6fcac68058b03b_0
  • /data/data/####/ba6fcac68058b03b_1
  • /data/data/####/bae9ca02f7f06c0c_0
  • /data/data/####/baebdfca5f8ed91a_0
  • /data/data/####/bb49870f4bc8174e_0
  • /data/data/####/bc1e60581d0f0a2c_0
  • /data/data/####/bc84b2a17c777192_0 (deleted)
  • /data/data/####/be34ff59610e630b_0
  • /data/data/####/bm_sp_file.xml
  • /data/data/####/c0c4b241dd9b28c2_0
  • /data/data/####/c10e56b7e04c5782_0
  • /data/data/####/c1827525582d6811688ee13bd2d45c90.db
  • /data/data/####/c220e40489b94ff6_0 (deleted)
  • /data/data/####/c2c2d2cdafb8ecbc_0
  • /data/data/####/c438af969fafb228_0
  • /data/data/####/c5992584c8dccc36_0
  • /data/data/####/c599d1cb646d800c_0 (deleted)
  • /data/data/####/c7ce1868366f1643_0
  • /data/data/####/c824371754a9f191_0
  • /data/data/####/c840e3ecd86d7c5a_0
  • /data/data/####/c97e555555007f56_0
  • /data/data/####/c980bd2e862696df_0 (deleted)
  • /data/data/####/ca783c4e7e05dba6_0
  • /data/data/####/cc0c8423bbd2c482_0
  • /data/data/####/cc89affa212af841_0 (deleted)
  • /data/data/####/cc92a92e34eb8183_0
  • /data/data/####/cdb3fa8ef8c8d2ad_0
  • /data/data/####/cf95967739e36b84_0
  • /data/data/####/com.google.InstanceId.properties
  • /data/data/####/com.google.android.gms.appid-no-backup
  • /data/data/####/com.google.android.gms.appid.xml
  • /data/data/####/com.google.android.gms.measurement.prefs.xml
  • /data/data/####/com.google.android.gms.measurement.prefs.xml.bak
  • /data/data/####/com.google.android.gms.measurement.prefs.xml.bak (deleted)
  • /data/data/####/com.mobirix.mdk.v2.playerprefs.xml
  • /data/data/####/com.mobirix.mdk_preferences.xml
  • /data/data/####/countIp.xml
  • /data/data/####/d1c4424d5ae58a8d_0
  • /data/data/####/d1f30cdff69c58fa_0
  • /data/data/####/d3fee1e2b8e90707_0
  • /data/data/####/da675786b861ac81_0
  • /data/data/####/da80ce48f03a41e0_0 (deleted)
  • /data/data/####/dbf81e76c8d5a703_0
  • /data/data/####/dbfc7d75edb19693_0 (deleted)
  • /data/data/####/dc810336c010d000_0
  • /data/data/####/dc810336c010d000_1
  • /data/data/####/dd84c4667684cf8d_0
  • /data/data/####/de10b98badbd398faa6687e41582b7a8.db
  • /data/data/####/dee433e54d522996_0
  • /data/data/####/e3e446679cd0a316_0
  • /data/data/####/e5f9f10d65511856_0
  • /data/data/####/e676c342dd6ba384_0
  • /data/data/####/e6d10da8b7e56e6c_0 (deleted)
  • /data/data/####/e7459fe580428a79_0
  • /data/data/####/e7c0ce5b60749538_0
  • /data/data/####/e9a34c37a4e70f66_0
  • /data/data/####/ec134489b826ed56_0 (deleted)
  • /data/data/####/ec7f2f35ff221895_0
  • /data/data/####/ee497c9f4f3d9af8_0
  • /data/data/####/ee497c9f4f3d9af8_1
  • /data/data/####/f038e94cb33282ab_0
  • /data/data/####/f31dc164e7a0364e_0
  • /data/data/####/f4359fdc49a03121_0 (deleted)
  • /data/data/####/f4aa2cff748274c6_0
  • /data/data/####/f5ca59830eb5aaf5_0
  • /data/data/####/f5cdddd1ff63c818_0
  • /data/data/####/f6082e9eedc51d17_0
  • /data/data/####/f6082e9eedc51d17_1
  • /data/data/####/f61ed84c2f524408_0
  • /data/data/####/f61ed84c2f524408_1
  • /data/data/####/f76655f95b6a6df5_0 (deleted)
  • /data/data/####/f7d73499727f7a56_0 (deleted)
  • /data/data/####/fa37c1120b6b0b15_0
  • /data/data/####/fcc502c7ebe0186a_0
  • /data/data/####/fd12bd85779fe892_0
  • /data/data/####/ff97c0062cbf59a4_0
  • /data/data/####/ff97c0062cbf59a4_1
  • /data/data/####/google_app_measurement_local.db
  • /data/data/####/google_app_measurement_local.db-journal
  • /data/data/####/http_1020p.zhitouip.com_808.localstorage-journal
  • /data/data/####/http_1020yy.admasterto.com_99.localstorage-journal
  • /data/data/####/index
  • /data/data/####/jokeFile.xml
  • /data/data/####/metrics_guid
  • /data/data/####/proc_auxv
  • /data/data/####/tempAssets.apk
  • /data/data/####/the-real-index
  • /data/data/####/umengDB.db
  • /data/data/####/umengDB.dex
  • /data/data/####/umengDB.dex.flock (deleted)
  • /data/data/####/umengDB.jar
  • /data/data/####/webview_data.lock
  • /data/media/####/.jokeID
  • /data/media/####/.nomedia
  • /data/media/####/Compat.browser
  • /data/media/####/DefaultWsdlHelpGenerator.aspx
  • /data/media/####/Firebase.Platform.dll-resources.dat
  • /data/media/####/browscap.ini
  • /data/media/####/c
  • /data/media/####/c76a668d3ded18a5493145003e527907_tmp (deleted)
  • /data/media/####/config
  • /data/media/####/config.xml
  • /data/media/####/d
  • /data/media/####/d_tmp (deleted)
  • /data/media/####/e
  • /data/media/####/g
  • /data/media/####/global-metadata.dat
  • /data/media/####/last-btime
  • /data/media/####/machine.config
  • /data/media/####/mscorlib.dll-resources.dat
  • /data/media/####/s
  • /data/media/####/settings.map
  • /data/media/####/values
  • /data/media/####/web.config
  • /data/misc/####/primary.prof
Miscellaneous:
Loads the following dynamic libraries:
  • libmain
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • DES
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play