マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.RemoteCode.8381

Added to the Dr.Web virus database: 2024-06-13

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.337.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) 1####.251.222.246:9002
  • TCP(HTTP/1.1) 1####.251.222.247:9002
  • TCP(HTTP/1.1) 1####.251.222.241:9002
  • TCP(HTTP/1.1) 1####.251.222.187:9002
  • TCP(HTTP/1.1) 1####.251.222.210:9002
  • TCP(HTTP/1.1) cloud-i####.oss-cn-####.aliy####.com:80
  • TCP(HTTP/1.1) 1####.251.222.212:9002
  • TCP(HTTP/1.1) 1####.251.222.231:9002
  • TCP(HTTP/1.1) 1####.251.222.186:9002
  • TCP(HTTP/1.1) 1####.251.222.218:9002
  • TCP(HTTP/1.1) 1####.251.222.26:9002
  • TCP(HTTP/1.1) gf####.com:80
  • TCP(HTTP/1.1) 1####.251.222.248:9002
  • TCP(HTTP/1.1) 1####.251.222.239:9002
  • TCP(HTTP/1.1) 1####.251.222.25:9002
  • TCP(HTTP/1.1) 1####.251.222.240:9002
  • TCP(TLS/1.0) firebas####.google####.com:443
  • TCP(TLS/1.0) cloudin####.s3.ap-nort####.####.com:443
  • TCP(TLS/1.0) howtoco####.com:443
  • TCP(TLS/1.0) p####.wp.com:443
  • TCP(TLS/1.0) segment####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) xl####.oss-ap-####.aliy####.com:443
  • TCP(TLS/1.0) s09.catu####.xyz:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) pag####.googles####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) files-####.u####.app:443
  • TCP(TLS/1.0) f####.gst####.com:443
  • TCP(TLS/1.0) 360m####.com:443
  • TCP(TLS/1.0) past####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) se####.grav####.com:443
  • TCP(TLS/1.0) ullu2-f####.u####.app:443
  • TCP(TLS/1.0) g####.face####.com:443
  • TCP(TLS/1.0) nt####.oss-ap-####.aliy####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) securep####.g.doublec####.net:443
  • TCP(TLS/1.0) tava####.u####.app:443
  • TCP(TLS/1.0) link4####.in:443
  • TCP(TLS/1.0) s3.ap-sou####.amazo####.com:443
  • TCP(TLS/1.0) cloud-i####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) u####.app:443
  • TCP(TLS/1.0) bb####.net:443
  • TCP(TLS/1.0) gf####.com:443
  • TCP(TLS/1.0) cf.chec####.cc:443
  • TCP(TLS/1.0) pe####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.2) p####.google####.com:443
  • TCP(TLS/1.2) f####.gst####.com:443
  • TCP(TLS/1.2) and####.a####.go####.com:443
  • TCP(TLS/1.2) firebas####.google####.com:443
  • UDP 74.1####.131.100:443
  • TCP firebas####.crashly####.com:443
  • UDP p####.google####.com:443
  • UDP rr2---s####.g####.com:443
  • TCP Arm.apkt####.com:10009
DNS requests:
  • 360m####.com
  • Arm.apkt####.com
  • and####.a####.go####.com
  • bb####.net
  • cf.chec####.cc
  • chec####.cc
  • cloud-i####.oss-cn-####.aliy####.com
  • cloudin####.s3.ap-nort####.####.com
  • f####.google####.com
  • f####.gst####.com
  • files-####.u####.app
  • firebas####.crashly####.com
  • firebas####.google####.com
  • firebas####.google####.com
  • g####.face####.com
  • gf####.com
  • gf202####.com
  • googl####.g.doublec####.net
  • howtoco####.com
  • link4####.in
  • log-re####.com
  • nt####.oss-ap-####.aliy####.com
  • p####.google####.com
  • p####.wp.com
  • pag####.googles####.com
  • past####.com
  • pe####.oss-cn-####.aliy####.com
  • rr2---s####.g####.com
  • s####.wp.com
  • s09.catu####.xyz
  • s3.ap-sou####.amazo####.com
  • se####.grav####.com
  • securep####.g.doublec####.net
  • segment####.oss-cn-####.aliy####.com
  • sta####.seriou####.com
  • tava####.u####.app
  • u####.app
  • ullu2-f####.u####.app
  • www.go####.com
  • www.google####.com
  • www.google-####.com
  • www.googlet####.com
  • xl####.oss-ap-####.aliy####.com
HTTP GET requests:
  • 360m####.com:443/feature/config?api_version=####&app_id=####&app_version...
  • bb####.net:443/static/ij-cloud/cs/google_analytics_223_11.aar
  • cloud-i####.oss-cn-####.aliy####.com:443/ci/checksum.cap
  • files-####.u####.app:443/null
  • gf####.com:443/static/checksum.cap
  • past####.com:443/raw/hfk2Z1tN
  • pe####.oss-cn-####.aliy####.com:443/vk/checksum.cap
  • s3.ap-sou####.amazo####.com:443/ullu-system-status/prod/app-version-ncs....
  • u####.app:443/ulluCore/api/ullu2/media/fetchAllMediaSlider/cdiOpn?family...
  • u####.app:443/ulluCore/api/ullu2/user/v2/myDetails?platform=####
  • u####.app:443/ulluCore/api/ullu2/watchHistory/getContinueWatchingNew/cdi...
  • u####.app:443/ulluCore/api/v1/consumer/getMyIp/cdiOpn
  • ullu2-f####.u####.app:443/media-metadata/64ccb7a86f37c20bec96a1df
  • ullu2-f####.u####.app:443/media-metadata/64ccba041ae8350be31bea7b
  • ullu2-f####.u####.app:443/media-metadata/64ccc1268949090bcb40dcab
  • ullu2-f####.u####.app:443/media-metadata/64ccc80c1ae8350be31c3e55
  • ullu2-f####.u####.app:443/media-metadata/64ce3de1b5e5460bbb955349
  • ullu2-f####.u####.app:443/media-metadata/64f06c0a7f675b0bd09d9a77
  • ullu2-f####.u####.app:443/media-metadata/64f2e040ba59f40bef96c968
  • ullu2-f####.u####.app:443/media-metadata/650802e6f81c7b0c8daad269
  • ullu2-f####.u####.app:443/media-metadata/6517f0891a51780c7465af35
  • ullu2-f####.u####.app:443/media-metadata/6526b21faaf2400c6d85280b
  • ullu2-f####.u####.app:443/media-metadata/653f86a8e6f63a0c7c4def48
  • ullu2-f####.u####.app:443/media-metadata/658ac1868d44750c71f4e6b6
  • ullu2-f####.u####.app:443/media-metadata/659024b94f4b690c736feaae
  • ullu2-f####.u####.app:443/media-metadata/659bd3838f54ce0c9256c1fb
  • ullu2-f####.u####.app:443/media-metadata/659bdb91f19f110c85ad5610
  • ullu2-f####.u####.app:443/media-metadata/65e60645727c350cd95647a2
  • ullu2-f####.u####.app:443/media-metadata/65ec88bc0696690ccc4992c0
  • ullu2-f####.u####.app:443/media-metadata/662a4e45e0ac080cda33147b
  • ullu2-f####.u####.app:443/media-metadata/663cdc7980d62b0cba2c4d25
  • ullu2-f####.u####.app:443/media-metadata/6645fc780a8f360d52a3a6fa
  • ullu2-f####.u####.app:443/media-metadata/665491d1ac4b040cd9110542
  • ullu2-f####.u####.app:443/media-metadata/6661f3d8bdaa9a0cc523e301
  • ullu2-f####.u####.app:443/media-metadata/666738741338e90d1a41ebc8
  • ullu2-f####.u####.app:443/media-metadata/66681d78fea9830ccc098ff3
  • ullu2-f####.u####.app:443/media-metadata/6669a4727e71670cdc786511
HTTP POST requests:
  • bb####.net:443/report
  • p####.google####.com:443/v1/projects/214926846727/namespaces/firebase:fe...
  • p####.google####.com:443/v1/projects/firestix-7c9bd/installations/f9rUGR...
  • tava####.u####.app:443/decide/?v=####
  • u####.app:443/ulluCore/api/ullu2/home/getHomeScreen3New/cdiOpn
  • u####.app:443/ulluCore/api/v1/consumer/updateFCM/secure
File system changes:
Creates the following files:
  • /data/data/####/-19036275851650264549
  • /data/data/####/.bundledAppData
  • /data/data/####/.font5135-5135-0
  • /data/data/####/.font5135-5135-0 (deleted)
  • /data/data/####/.fsgkea
  • /data/data/####/.jg.ac
  • /data/data/####/.jg.ri
  • /data/data/####/.jg.store.report_cf
  • /data/data/####/.jg.store.report_pid
  • /data/data/####/.set_app_data.zip
  • /data/data/####/000003.log
  • /data/data/####/000012.log
  • /data/data/####/000015.log
  • /data/data/####/000016.ldb
  • /data/data/####/00ceba1af6b465754199ab230b92e4a9d24a56c0fbff9a5...2ea0.0
  • /data/data/####/00dfaae3e04e92f63ce6774db1042b92bffa77d4efd8911....0.tmp
  • /data/data/####/02746a8092180dc9_0
  • /data/data/####/03d34d9f4985206708d9b669c6540743234ac05ccf7d9ae...6907.0
  • /data/data/####/0e2817092a632441_0
  • /data/data/####/1011f0d4faaba1dd_0
  • /data/data/####/11087affdfc8164c5c4f5a116b80b453c92f7084622614d...8a78.0
  • /data/data/####/1633031840514.dex
  • /data/data/####/1633031840514.dex.flock (deleted)
  • /data/data/####/1633031840514.jar
  • /data/data/####/1633031840514.tmp
  • /data/data/####/16548d7fe09df30d_0
  • /data/data/####/168bf4cc98f057f6_0
  • /data/data/####/168c1f7a824bbe91_0
  • /data/data/####/17d4bc1b6ce1457b_0
  • /data/data/####/18a7eee10aef8912_0
  • /data/data/####/19783420a99f2787_0
  • /data/data/####/19783420a99f2787_1
  • /data/data/####/1b32174872c6f58a_0
  • /data/data/####/1f61b817538f9340_0
  • /data/data/####/1f61b817538f9340_1
  • /data/data/####/23028f6ba877fa72_0
  • /data/data/####/2479595cc0e61e9c_0
  • /data/data/####/24a43bea4922969d4d7a14bc0cfced9dbdab530ae569fba...bb4d.0
  • /data/data/####/260841c3f4a52f13_0
  • /data/data/####/28484a062d5119215ccc06ed684658ef40362ca289d209a...4d31.0
  • /data/data/####/2940195bd9870d6e_0
  • /data/data/####/2940195bd9870d6e_1
  • /data/data/####/2cb7ffedc0287067_0
  • /data/data/####/3203ebc51abd706e_0
  • /data/data/####/341b27fd5663bfbf_0
  • /data/data/####/3755ca954edfb7b1bcbeeeebfa56b20a027770782ec3491...5171.0
  • /data/data/####/43718dd7efc8d779_0
  • /data/data/####/43d2b9bd8612764aff10a3f99fcdd1c55aabcea5695a71b...e569.0
  • /data/data/####/4539b5736318641f_0 (deleted)
  • /data/data/####/489267d5079a85fb_0
  • /data/data/####/4907cb2cca1ed433f41846881f353dba6cd7d534c1c710d...3e1c.0
  • /data/data/####/4a133c4b0e92ce96_0
  • /data/data/####/4a133c4b0e92ce96_1
  • /data/data/####/4ce369980b2d61626587fe93eff42dcd6d04243ad1b5641...ca97.0
  • /data/data/####/4d9986af17bcd45b_0
  • /data/data/####/4ec64da577c6f3a3_0
  • /data/data/####/4ec64da577c6f3a3_1
  • /data/data/####/4f6f3fc86e6a1742_0 (deleted)
  • /data/data/####/4f928bb891fb2cc45898fad1428e786d8afe7ec8ff5431a....0.tmp
  • /data/data/####/4fd5b63172117423_0
  • /data/data/####/50b828c6359b9d85_0
  • /data/data/####/50e6117b4a93415c_0
  • /data/data/####/51a04bac0b429541_0
  • /data/data/####/52488730b7b8487b_0
  • /data/data/####/53c67b6d70de0914_0
  • /data/data/####/5736a41faa1a4cf7_0 (deleted)
  • /data/data/####/5c2e39e9bdea87c0b8c47fa9c68b5369f74d4cc895f4a5f...dc89.0
  • /data/data/####/5c9911e9e2b29dd9_0 (deleted)
  • /data/data/####/62ccf24232990904_0
  • /data/data/####/62ccf24232990904_1
  • /data/data/####/634e9b01d8d2a784_0
  • /data/data/####/661BB42B0236-0001-34B8-39C956351C60BeginSession.cls
  • /data/data/####/661BB42B0236-0001-34B8-39C956351C60SessionApp.cls
  • /data/data/####/661BB42B0236-0001-34B8-39C956351C60SessionDevice.cls
  • /data/data/####/661BB42B0236-0001-34B8-39C956351C60SessionOS.cls
  • /data/data/####/661BB42B0236-0001-34B8-39C956351C60SessionUser.cls
  • /data/data/####/666AAEEE00E2-0001-1397-39C956351C60BeginSession.cls_temp
  • /data/data/####/666AAEEE00E2-0001-1397-39C956351C60SessionApp.cls
  • /data/data/####/666AAEF10268-0001-140F-39C956351C60BeginSession.cls
  • /data/data/####/666AAEF10268-0001-140F-39C956351C60SessionApp.cls
  • /data/data/####/666AAEF10268-0001-140F-39C956351C60SessionDevice.cls
  • /data/data/####/666AAEF10268-0001-140F-39C956351C60SessionOS.cls_temp
  • /data/data/####/66b5fa2b3b5cce2a_0
  • /data/data/####/697beedaf73cd660_0
  • /data/data/####/69fcd033bd5b9131_0
  • /data/data/####/6ada7d1e710e788a_0
  • /data/data/####/6ada7d1e710e788a_0 (deleted)
  • /data/data/####/6c9a4ebc1e73e62196e22f3af24fb735905dd8e18d4cd42...a29e.0
  • /data/data/####/6da9242c83fa33d7_0 (deleted)
  • /data/data/####/6f849d13eb4c97f0_0
  • /data/data/####/72d3ad4ea05bad6c24c2f774196a04fd0d12ba43b936101...73a3.0
  • /data/data/####/75cc1a6c0bb283ec_0
  • /data/data/####/75cc1a6c0bb283ec_1
  • /data/data/####/79498fee63952d8a8c89f40db34820d80997ed2a727eac7...a65a.0
  • /data/data/####/7eeaaa3fa9156224_0
  • /data/data/####/80342a15ab89732b_0
  • /data/data/####/8473091f2fa9e7f3_0
  • /data/data/####/8473091f2fa9e7f3_1
  • /data/data/####/852067c3a64d4ed9_0 (deleted)
  • /data/data/####/86531cf63504b8562283b1d79aef13956ee89b46544eee3...3f00.0
  • /data/data/####/865dd3edb49cbf17_0 (deleted)
  • /data/data/####/877a13a28c276f7f_0 (deleted)
  • /data/data/####/8789ab40c2e59541_0
  • /data/data/####/8789ab40c2e59541_1
  • /data/data/####/887cd20842b3f2e5_0
  • /data/data/####/887cd20842b3f2e5_1
  • /data/data/####/89fcd2e03d7234be_0
  • /data/data/####/8adcb475a617d3e5_0
  • /data/data/####/8aeab595309953ab922b3f415d47b6831629063713347e0....0.tmp
  • /data/data/####/8baa05d0f7860bd5330ae15a6a554f2d3645f7fb2b82429...9920.0
  • /data/data/####/8cfb7642b371811e_0
  • /data/data/####/8f93bd6a1bf3c4e6074ddfffdadcaf0ef6bbdee21281618...eec7.0
  • /data/data/####/90af3b507aa01791_0 (deleted)
  • /data/data/####/96ec5132d6cf6e3f_0 (deleted)
  • /data/data/####/9a99dc97fef7db94_0 (deleted)
  • /data/data/####/9bb31652252f183a_0 (deleted)
  • /data/data/####/9c817151b84b8a2fdbbd8fc19a102e53bd8fa97270671b3....0.tmp
  • /data/data/####/9ce775997a1a6902_0
  • /data/data/####/9d181d8e0f12e461_0
  • /data/data/####/9d181d8e0f12e461_1
  • /data/data/####/9db1327629260f33_0
  • /data/data/####/9f17d6ab034eecac_0
  • /data/data/####/9f17d6ab034eecac_1
  • /data/data/####/9f96933419345063fb59e7b2928786769df4a7e68bec039...55dd.0
  • /data/data/####/AppEventsLogger.persistedevents
  • /data/data/####/AwOriginVisitLoggerPrefs.xml
  • /data/data/####/BrowserMetrics-661BB42C-34B8.pma
  • /data/data/####/BrowserMetrics-spare.pma
  • /data/data/####/CBGr2.xml
  • /data/data/####/CURRENT
  • /data/data/####/Cookies
  • /data/data/####/Cookies-journal
  • /data/data/####/FirebaseAppHeartBeat.xml
  • /data/data/####/LOCK
  • /data/data/####/LOG
  • /data/data/####/LOG.old
  • /data/data/####/MANIFEST-000002
  • /data/data/####/MANIFEST-000010
  • /data/data/####/MANIFEST-000013
  • /data/data/####/PAYU_CRASHLYTICS_APP_PREF.xml
  • /data/data/####/PersistedInstallation.W0RFRkFVTFRd+MToyMTQ5MjY4...2.json
  • /data/data/####/PersistedInstallation1692875038tmp
  • /data/data/####/VjDnaBadg4.xml
  • /data/data/####/Web Data
  • /data/data/####/Web Data-journal
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a3221c74eb94153a3ccf96f7118578a034c85a0103d814d...474f.0
  • /data/data/####/a48e15767c052c62_0
  • /data/data/####/a80a3e792270ebb6_0 (deleted)
  • /data/data/####/a80f35b68a92d1ea_0
  • /data/data/####/ac1b189cf06134f0_0
  • /data/data/####/admob.xml
  • /data/data/####/aefbbf2c4323dc5e40278da1704add4b6387e3f9356a470...567f.0
  • /data/data/####/af44b4c784dc6cb8_0 (deleted)
  • /data/data/####/androidx.work.workdb
  • /data/data/####/androidx.work.workdb-shm
  • /data/data/####/androidx.work.workdb-wal
  • /data/data/####/androidx.work.workdb.lck
  • /data/data/####/b011b32c702ce355bfc16995d1556e63b65861921e6d204...5454.0
  • /data/data/####/b0a8561c082592d1805e252786e6924d579e5cf20a016be...654e.0
  • /data/data/####/b0ad5772a3f85c71_0
  • /data/data/####/b26bef5e63cafe25_0 (deleted)
  • /data/data/####/b3593694db20be2fe27b12fcf6f3f5d129e75149b581087...d7d0.0
  • /data/data/####/b410d338a1b057cc_0
  • /data/data/####/b410d338a1b057cc_1
  • /data/data/####/b51a68654a723fa8_0
  • /data/data/####/bf8ed4bcae077c32cfcbc164725cb30069e5bd19ab448a1...c6b7.0
  • /data/data/####/c19858eb2da1914bb62fdcd1e34e3e4de4822dd2da49208...0afe.0
  • /data/data/####/c42bf3e08a72635c_0
  • /data/data/####/c459fbf1550c1ca8_0
  • /data/data/####/c48999a8dc22ae5f_0 (deleted)
  • /data/data/####/c4e2ceb061471130_0
  • /data/data/####/c630e4aa7e4b71800d6848d977f33d6ea7547d27615b139...9d88.0
  • /data/data/####/c6cc198055219b62_0
  • /data/data/####/c6cfe7a3d9821b12_0 (deleted)
  • /data/data/####/c78b7f6be8b0e693_0
  • /data/data/####/cdi.videostreaming.apq.nui2.downloadService.Dow...db-shm
  • /data/data/####/cdi.videostreaming.apq.nui2.downloadService.Dow...db-wal
  • /data/data/####/cdi.videostreaming.apq.nui2.downloadService.Dow...db.lck
  • /data/data/####/cdi.videostreaming.apq.nui2.downloadService.Dow...ice.db
  • /data/data/####/cdi.videostreaming.apq_preferences.xml
  • /data/data/####/classes.dex
  • /data/data/####/classes.dex;classes2.dex
  • /data/data/####/classes.dex;classes3.dex
  • /data/data/####/classes.dex;classes4.dex
  • /data/data/####/classes.dex;classes5.dex
  • /data/data/####/cloneSettings.json
  • /data/data/####/com.applisto.appcloner.classes.xml
  • /data/data/####/com.crashlytics.settings.json
  • /data/data/####/com.facebook.internal.MODEL_STORE.xml
  • /data/data/####/com.facebook.internal.preferences.APP_GATEKEEPERS.xml
  • /data/data/####/com.facebook.internal.preferences.APP_SETTINGS.xml
  • /data/data/####/com.facebook.sdk.USER_SETTINGS.xml
  • /data/data/####/com.facebook.sdk.appEventPreferences.xml
  • /data/data/####/com.facebook.sdk.attributionTracking.xml
  • /data/data/####/com.google.android.datatransport.events
  • /data/data/####/com.google.android.datatransport.events-journal
  • /data/data/####/com.google.android.gms.appid-no-backup
  • /data/data/####/com.google.android.gms.appid.xml
  • /data/data/####/com.google.android.gms.measurement.prefs.xml
  • /data/data/####/com.google.firebase.crashlytics.prefs.xml
  • /data/data/####/com.google.firebase.crashlytics.xml
  • /data/data/####/com.google.firebase.remoteconfig_legacy_settings.xml
  • /data/data/####/d1905c1b0a4a3766_0
  • /data/data/####/d1e2da172349df4d_0
  • /data/data/####/d25c9b882ee59b7c_0
  • /data/data/####/d5c08abfe4c1457b_0
  • /data/data/####/d68140096f5147a1_0
  • /data/data/####/d68140096f5147a1_1
  • /data/data/####/da175ea7d62f8be0_0
  • /data/data/####/data.mdb
  • /data/data/####/data.xml
  • /data/data/####/db
  • /data/data/####/db-journal
  • /data/data/####/dcd3519e4962a396_0
  • /data/data/####/e04f369be72e5c4c_0
  • /data/data/####/e04f369be72e5c4c_1
  • /data/data/####/e3c3a046a5979ab2_0 (deleted)
  • /data/data/####/e3eb93e37356f6ad_0
  • /data/data/####/e4293e5b743e2d6890fc4117dd8c73dc808ccf8a84cec09...09c0.0
  • /data/data/####/e5781c1b95c86a56_0
  • /data/data/####/e6915b5517fa1a8728a620fe872b404bfd89aa769d7fdec...7c6f.0
  • /data/data/####/e80f910bc9654cc7_0
  • /data/data/####/e80f910bc9654cc7_1
  • /data/data/####/e8cb4a2951f37832_0
  • /data/data/####/e8cb4a2951f37832_1
  • /data/data/####/e966ba79d5fcf151_0
  • /data/data/####/e96705cd50307847_0 (deleted)
  • /data/data/####/ea7566f5c54e118a_0
  • /data/data/####/eaa1651fed4b2878_0
  • /data/data/####/eaff83499b5dd4d9_0
  • /data/data/####/eb87f5ca053607fa_0
  • /data/data/####/ecd0a02ae15ad32c_0
  • /data/data/####/ed81ff22991f422779e7d864e04d689be62b74bf71ed946...leted)
  • /data/data/####/ed81ff22991f422779e7d864e04d689be62b74bf71ed946...xz.apk
  • /data/data/####/ed81ff22991f422779e7d864e04d689be62b74bf71ed946...xz.dex
  • /data/data/####/ef0071dbf063f22d_0 (deleted)
  • /data/data/####/ef278423d7a69b53_0
  • /data/data/####/ef37d4b3278d9f59_0 (deleted)
  • /data/data/####/ef6d45b0d6e346c0_0
  • /data/data/####/ef6d45b0d6e346c0_1
  • /data/data/####/eysFvaLOxnPc9vLZ.xml
  • /data/data/####/eysFvaLOxnPc9vLZ.xml.bak
  • /data/data/####/f038e94cb33282ab_0 (deleted)
  • /data/data/####/f0ceef0b2ad8c79eacbdfe187b4731909e82d22e5b81c46...8bcb.0
  • /data/data/####/f2ee33c6ec49c0fc_0
  • /data/data/####/f32c8478fa28e9f2_0
  • /data/data/####/f3bf98821aa943fe_0
  • /data/data/####/f3bf98821aa943fe_1
  • /data/data/####/f4934bdc9a0a2b2e_0 (deleted)
  • /data/data/####/f97096162bb9bbd0_0
  • /data/data/####/fa481f541cd09ff62d035e4b2b8a0f1bf1eb21c98506478...36ca.0
  • /data/data/####/fb9b63e232c2707e5d79e8060b038a984651b13257bc50d...bec6.0
  • /data/data/####/fc2adb812b72fd04_0
  • /data/data/####/fdae20400a911a866b319bf3c709bd6e795cbff88269b0b...96e0.0
  • /data/data/####/fdb9b32a862c8cda_0 (deleted)
  • /data/data/####/fdbadf998848db84_0
  • /data/data/####/fdbadf998848db84_1
  • /data/data/####/fdbb3433b02e3ce3_0
  • /data/data/####/ff20ab17667800ae_0
  • /data/data/####/ff53a444905cc030_0
  • /data/data/####/ff53a444905cc030_1
  • /data/data/####/ffd58d23c80d4fbc207768d8bbe87f96e2bdb5cb404c9e2...82a0.0
  • /data/data/####/frc_1;214926846727;android;14c751cc01592256_fir...e.json
  • /data/data/####/frc_1;214926846727;android;14c751cc01592256_fir...gs.xml
  • /data/data/####/frc_1;214926846727;android;14c751cc01592256_fir...h.json
  • /data/data/####/frc_1;214926846727;android;14c751cc01592256_fir...ml.bak
  • /data/data/####/frc_1;214926846727;android;14c751cc01592256_fir...s.json
  • /data/data/####/generatefid.lock
  • /data/data/####/google_analytics.jar
  • /data/data/####/google_analytics.jar.dex
  • /data/data/####/google_analytics.jar.dex.flock (deleted)
  • /data/data/####/index
  • /data/data/####/initialization_marker
  • /data/data/####/jgobfppppp (deleted)
  • /data/data/####/journal.tmp
  • /data/data/####/last-exit-info
  • /data/data/####/libjiagu.so
  • /data/data/####/lock.mdb
  • /data/data/####/metrics_guid
  • /data/data/####/natives_sec_blob1356576692.dex
  • /data/data/####/natives_sec_blob1356576692.dex.flock (deleted)
  • /data/data/####/natives_sec_blob403264777.dex
  • /data/data/####/natives_sec_blob403264777.dex.flock (deleted)
  • /data/data/####/paid_storage_sp.xml
  • /data/data/####/pcam.jar
  • /data/data/####/pcam.jar.cur.prof
  • /data/data/####/pcbc
  • /data/data/####/pcvmspf.xml
  • /data/data/####/phc_vh4xlse2R4VybrpkIrOQG08LZBuFSh8B0FDhioBtTWq
  • /data/data/####/posthog-android-phc_vh4xlse2R4VybrpkIrOQG08LZBu...Wq.xml
  • /data/data/####/pref_store
  • /data/data/####/proc_auxv
  • /data/data/####/report
  • /data/data/####/tavas-android-.xml
  • /data/data/####/the-real-index
  • /data/data/####/variations_seed
  • /data/data/####/variations_stamp
  • /data/data/####/webview_data.lock
  • /data/media/####/crash.txt
  • /data/media/####/test_fileProvider
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • chmod -R 777 <Package Folder>
  • chmod 600
Loads the following dynamic libraries:
  • libjiagu
  • libmtx4
  • libobjectbox-jni
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android