マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.RemoteCode.8436

Added to the Dr.Web virus database: 2024-10-17

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.254.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) l####.tbs.qq.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) m####.im:80
  • TCP(HTTP/1.1) a####.u####.com:80
  • TCP(HTTP/1.1) res.m####.im.####.com:80
  • TCP(HTTP/1.1) i####.m####.im:80
  • TCP(HTTP/1.1) adash####.man.aliy####.com:80
  • TCP(HTTP/1.1) dn-gro####.q####.me:80
  • TCP(TLS/1.0) gmscomp####.google####.com:443
  • TCP(TLS/1.0) res.m####.im.####.com:443
  • TCP(TLS/1.0) ret####.al####.com:443
  • TCP(TLS/1.0) ada####.m.ta####.com:443
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.0) 2####.239.38.223:443
  • TCP(TLS/1.0) 2####.239.34.223:443
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) h-ad####.ut.ta####.####.com:443
  • TCP(TLS/1.0) t####.growi####.com:443
  • TCP(TLS/1.0) 2####.239.32.223:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) arms-re####.aliy####.com:443
  • TCP(TLS/1.0) sensor-####.m####.im:443
  • TCP(TLS/1.0) 1####.250.183.163:443
  • TCP(TLS/1.0) m####.im:443
  • TCP(TLS/1.0) i####.m####.im:443
  • TCP(TLS/1.0) 1####.250.199.174:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) www.google####.com:443
  • TCP(TLS/1.0) api.growi####.com.####.com:443
  • TCP(TLS/1.2) 64.2####.162.95:443
  • TCP(TLS/1.2) 1####.217.26.227:443
  • TCP(TLS/1.2) 1####.177.14.103:443
  • TCP(TLS/1.2) 1####.251.1.95:443
  • TCP(TLS/1.2) 74.1####.205.95:443
DNS requests:
  • a####.man.aliy####.com
  • a####.u####.com
  • ada####.ut.ta####.com
  • adas####.ut.ta####.com
  • and####.a####.go####.com
  • and####.b####.qq.com
  • and####.google####.com
  • api.growi####.com
  • arms-re####.aliy####.com
  • dn-gro####.q####.me
  • gmscomp####.google####.com
  • i####.m####.im
  • l####.tbs.qq.com
  • m####.im
  • res.m####.im
  • ret####.al####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
  • sensor-####.m####.im
  • t####.growi####.com
  • www.google####.com
  • www.m####.im
  • www.s####.net
HTTP GET requests:
  • dn-gro####.q####.me/vds.js
  • h-ad####.ut.ta####.####.com:443/rest/gc2?ak=####&av=####&c=####&d=####&s...
  • i####.m####.im/common/images/%E5%A4%B4%E6%9D%A1-%E5%B0%81%E9%9D%A2.jpg
  • i####.m####.im/common/images/%E9%82%80%E8%AF%B7%E5%A5%BD%E5%8F%8B-%E5%B0...
  • i####.m####.im/common/images/compress/1.jpg
  • i####.m####.im/common/images/compress/10.jpg
  • i####.m####.im/common/images/compress/11.jpg
  • i####.m####.im/common/images/compress/2.jpg
  • i####.m####.im/common/images/compress/3.jpg
  • i####.m####.im/common/images/compress/4.jpg
  • i####.m####.im/common/images/compress/5.jpg
  • i####.m####.im/common/images/compress/6.jpg
  • i####.m####.im/common/images/compress/7.jpg
  • i####.m####.im/common/images/compress/8.jpg
  • i####.m####.im/common/images/compress/9.jpg
  • i####.m####.im/favicon.ico
  • i####.m####.im:443/public/subject/201709111447392899.png
  • i####.m####.im:443/public/subject/201709111451545123.png
  • i####.m####.im:443/public/subject/201709111453013282.png
  • i####.m####.im:443/public/subject/201709111457572014.png
  • i####.m####.im:443/public/subject/201709111459484531.png
  • i####.m####.im:443/public/subject/201709111500108044.png
  • i####.m####.im:443/public/subject/201709111500516058.png
  • i####.m####.im:443/public/subject/201710271135181953.png
  • i####.m####.im:443/public/subject/201802020933041348.png
  • i####.m####.im:443/public/subject/201802020933205169.png
  • i####.m####.im:443/public/subject/201802020933285280.png
  • i####.m####.im:443/public/subject/201802020934093437.png
  • i####.m####.im:443/public/subject/201802020934371524.png
  • i####.m####.im:443/public/subject/201802020934503088.png
  • i####.m####.im:443/public/subject/201802021028395737.png
  • i####.m####.im:443/public/subject/201802021028484917.png
  • i####.m####.im:443/public/subject/201804241134066505.png
  • i####.m####.im:443/public/subject/201807231905385354.gif
  • i####.m####.im:443/public/subject/201808301623538566.png
  • i####.m####.im:443/public/subject/201812241832165475.gif
  • i####.m####.im:443/user/1433102/ca530431e2d554234c2a15b0be7247dc.png?lct...
  • i####.m####.im:443/user/4313492/c00e1f4f4bba19289ed4548fc9b61595.jpg?lct...
  • i####.m####.im:443/user/4734105/poster/T_MC7E389N/T_MC7E389N_v2.jpg?lct=...
  • i####.m####.im:443/user/5341299/05cec19e7c2267e8da090b913179ad50.jpg?lct...
  • i####.m####.im:443/user/5925606/18b675f986843a2df89559441fdae72d.jpg?lct...
  • i####.m####.im:443/user/6492960/poster/T_UNKQOKF9/T_UNKQOKF9_v4.jpg?lct=...
  • i####.m####.im:443/user/6752881/poster/T_3Q9TSVLD/T_3Q9TSVLD_v3.jpg?lct=...
  • i####.m####.im:443/user/9541098/bfa894ca28f5ab67e495e6f33830113d.png?lct...
  • m####.im/api/v1/res_configs
  • m####.im/api/v1/stores/1/banners?style=####&group_id=####
  • m####.im/api/v1/stores/1/banners?style=####&group_id=####&_ts=####
  • m####.im/api/v1/stores/1/topics?group_id=####
  • m####.im/api/v1/tab_configs?_ts=####
  • m####.im/api/v1/template_sets/238?page_number=####&per_page=####
  • m####.im/api/v1/template_sets/242?page_number=####&per_page=####
  • m####.im/appfs/tutorial
  • m####.im/appfs/tutorial?makaNavigate=####
  • m####.im/toutiao/home
  • res.m####.im.####.com/assets/sensordata/sensorsdata.min.js
  • res.m####.im.####.com/cdn/makaAppFs/release/tutorial.266bbaea3a6c126baed...
  • res.m####.im.####.com/cdn/makaAppFs/release/tutorial.8b65a390e1dc0d466cc...
  • res.m####.im.####.com/tutorial/0926/%E6%B5%B7%E6%8A%A5.jpg
  • res.m####.im.####.com/tutorial/0926/H5.jpg
  • res.m####.im.####.com:443/common/images/tab_icons/icon2/%E6%95%99%E7%A8%...
  • res.m####.im.####.com:443/common/images/tab_icons/icon3/event@3x.png
  • res.m####.im.####.com:443/common/images/tab_icons/icon3/headline-active@...
  • res.m####.im.####.com:443/common/images/tab_icons/icon3/headline@3x.png
  • res.m####.im.####.com:443/common/images/tab_icons/icon3/member@3x.png
  • res.m####.im.####.com:443/common/images/tab_icons/icon3/store@3x.png
  • t####.growi####.com:443/products/0c7e997301c76a237108050bc47ad282/androi...
HTTP POST requests:
  • a####.u####.com/app_logs
  • ada####.m.ta####.com:443/rest/sur?ak=####&av=####&c=####&v=####&s=####&d...
  • adash####.man.aliy####.com/man/api?ak=####&s=####
  • and####.b####.qq.com/rqd/async?aid=####
  • api.growi####.com.####.com:443/v2/0c7e997301c76a237108050bc47ad282/andro...
  • l####.tbs.qq.com/ajax?c=####&k=####
File system changes:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/.nomedia
  • /data/data/####/0203bcb39bead4ac340a631b5cf31869
  • /data/data/####/02821e73f4dbef6da9d109d7f0c1a4cc.0.tmp
  • /data/data/####/02821e73f4dbef6da9d109d7f0c1a4cc.1
  • /data/data/####/02821e73f4dbef6da9d109d7f0c1a4cc.1.tmp
  • /data/data/####/033f4e09c09d9a44_0
  • /data/data/####/03bb5d58ed04c29c_0
  • /data/data/####/03bb5d58ed04c29c_1
  • /data/data/####/074466ac2a4c546a00529dc63b3b9f3d
  • /data/data/####/084101afbf3dcc8f_0
  • /data/data/####/084101afbf3dcc8f_1
  • /data/data/####/0a85d73580d7d8bd1b75aa8539ad3f6c
  • /data/data/####/0bc3de3089265c31_0
  • /data/data/####/1002
  • /data/data/####/1004
  • /data/data/####/14bd555c5d6ddfec_0
  • /data/data/####/14bd555c5d6ddfec_1
  • /data/data/####/1c35d1fbb389fbad_0
  • /data/data/####/1c35d1fbb389fbad_1
  • /data/data/####/1e1d30d4b07bb450_0
  • /data/data/####/1e1d30d4b07bb450_1
  • /data/data/####/2181114b4ce468a03aa715b36d74d485
  • /data/data/####/2223379c661eaf71_0
  • /data/data/####/250bc119f1e1808cacebf941888eb0df.0.tmp
  • /data/data/####/250bc119f1e1808cacebf941888eb0df.1
  • /data/data/####/250bc119f1e1808cacebf941888eb0df.1.tmp
  • /data/data/####/2c27ec9d1f273c96_0
  • /data/data/####/30a77ac98d8f83fe_0
  • /data/data/####/30a77ac98d8f83fe_1
  • /data/data/####/33a825220ee6d4485a56a2b7a4df6f7b.0.tmp
  • /data/data/####/33a825220ee6d4485a56a2b7a4df6f7b.1
  • /data/data/####/343dad5976685d5c_0
  • /data/data/####/343dad5976685d5c_1
  • /data/data/####/365c3d93032c6edf23d72fa349067eaf
  • /data/data/####/36b7e4428c84a8fe_0
  • /data/data/####/36b7e4428c84a8fe_1
  • /data/data/####/36d4518b2428dc4284da423ef3528064.0.tmp
  • /data/data/####/36d4518b2428dc4284da423ef3528064.1
  • /data/data/####/378aa8bc71301c3d43b341041034a41a
  • /data/data/####/39b90a9da95f1523faf56190546ebde4.0.tmp
  • /data/data/####/39b90a9da95f1523faf56190546ebde4.1
  • /data/data/####/39b90a9da95f1523faf56190546ebde4.1.tmp
  • /data/data/####/3b01ccf80fd31c2f3d72a30358e132dd
  • /data/data/####/3ecf51dd6673b1e4_0
  • /data/data/####/3eefd16bd5c7bc15_0
  • /data/data/####/3fac4d6d208e7bbf735c8b9bc5a58cdc
  • /data/data/####/409d8e3e2aa5f89d_0
  • /data/data/####/409d8e3e2aa5f89d_1
  • /data/data/####/40b11f5207dccc01ce52575e654615ed
  • /data/data/####/41d1e9ad7deafd70_0
  • /data/data/####/41d1e9ad7deafd70_1
  • /data/data/####/44a5d2695261bf5e_0
  • /data/data/####/44a5d2695261bf5e_1
  • /data/data/####/4545d40092ea4ede_0
  • /data/data/####/4666139d2114e7c11f3d2238cd6be2ac.0.tmp
  • /data/data/####/4666139d2114e7c11f3d2238cd6be2ac.1.tmp
  • /data/data/####/4dc659c18d29ddd415121f28d280d727
  • /data/data/####/522e8bfd709d2499b56b94f3aa2ad972.0.tmp
  • /data/data/####/522e8bfd709d2499b56b94f3aa2ad972.1
  • /data/data/####/522e8bfd709d2499b56b94f3aa2ad972.1.tmp
  • /data/data/####/54f5b53cad1a297a40dc758935037c53.0.tmp
  • /data/data/####/54f5b53cad1a297a40dc758935037c53.1
  • /data/data/####/5538abcf13374639_0
  • /data/data/####/5538abcf13374639_1
  • /data/data/####/58690137d3388fb9_0
  • /data/data/####/59f1e1af98f993da_0
  • /data/data/####/5ce170218615b8edff39d49bc82b1044
  • /data/data/####/5d44fc5dc578e77765b2841c69cea217.0
  • /data/data/####/5d44fc5dc578e77765b2841c69cea217.0.tmp
  • /data/data/####/5d44fc5dc578e77765b2841c69cea217.1
  • /data/data/####/5dd7e3c9ab6504ebc2a1938de7939ec0
  • /data/data/####/5fb2ea699b2c776d_0
  • /data/data/####/67b14b64306f793f_0
  • /data/data/####/6848e56e470bf778_0
  • /data/data/####/6917bd6da3a28cd3b006cd40d83c8c0b.0
  • /data/data/####/6917bd6da3a28cd3b006cd40d83c8c0b.0.tmp
  • /data/data/####/6917bd6da3a28cd3b006cd40d83c8c0b.1
  • /data/data/####/6c0b5016e6e7b590_0
  • /data/data/####/6c5b1e0e994b0d773e490dbad0b72690
  • /data/data/####/72e972d0501da48d3790e5bcc23b7bce
  • /data/data/####/7490f410238d35d7_0
  • /data/data/####/7614e1a7c00f4e4d_0
  • /data/data/####/7614e1a7c00f4e4d_1
  • /data/data/####/782254a4776939f6c3889526dd59ddff
  • /data/data/####/7a08133f898cb710a504588fb5180d90.0.tmp
  • /data/data/####/7a08133f898cb710a504588fb5180d90.1.tmp
  • /data/data/####/7cdc2c470822513833e0ec92a46e881e.0.tmp
  • /data/data/####/7cdc2c470822513833e0ec92a46e881e.1
  • /data/data/####/7cdc2c470822513833e0ec92a46e881e.1.tmp
  • /data/data/####/81838b72bbb5d0c8_0
  • /data/data/####/81838b72bbb5d0c8_1
  • /data/data/####/83e79861cc451660_0 (deleted)
  • /data/data/####/84267566e5b2a7ec6cb760470e9c56bc
  • /data/data/####/886cbc6aba8230f5_0
  • /data/data/####/88780cc9bddf9126_0
  • /data/data/####/88dc26b0a29c06af_0
  • /data/data/####/8aefd935db153dbdad08943458e77c26
  • /data/data/####/8cd19f133af50b15_0
  • /data/data/####/8cd19f133af50b15_1
  • /data/data/####/8e929f32270147bf_0
  • /data/data/####/8f44ccd25fa1a1cbe358da2f242103b9
  • /data/data/####/95bef2cc1eafe0b2_0
  • /data/data/####/98996aa351bb6fc09e97707ec1a22d0c
  • /data/data/####/98e47cafcd25c2b8_0
  • /data/data/####/98e47cafcd25c2b8_1
  • /data/data/####/9d95b5c370570d9c_0
  • /data/data/####/9d95b5c370570d9c_1
  • /data/data/####/9fa78d7bb3935a68_0
  • /data/data/####/Alvin2.xml
  • /data/data/####/AppStore.xml
  • /data/data/####/BUGLY_COMMON_VALUES.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/Cookies-journal
  • /data/data/####/UTCommon.xml
  • /data/data/####/UmengLocalNotificationStore.db-journal
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a0acba0d0ff244d1_0
  • /data/data/####/a3bc73a25f2ddf8b_0
  • /data/data/####/a82c6e220733661e_0
  • /data/data/####/aac5bc850ebae1ba87f23b63ae5fc0a2
  • /data/data/####/ap.Lock
  • /data/data/####/b023856eb751e15317308e3dcbb2a91f
  • /data/data/####/b06bc92270dd388b_0 (deleted)
  • /data/data/####/b15f2ac38ebcf9a98ed1c2de0d665a9a
  • /data/data/####/b71204d67f8790e2c746039739da1195.0.tmp
  • /data/data/####/b71204d67f8790e2c746039739da1195.1
  • /data/data/####/b77c409f5c8ae9de_0
  • /data/data/####/b91baae5ecd17b53beb0c18a44a6cabb
  • /data/data/####/bc5fac1ec5768c76_0
  • /data/data/####/bc5fac1ec5768c76_1
  • /data/data/####/bfafc453eb7e6095539575f62ef25fe0
  • /data/data/####/bugly_db_-journal
  • /data/data/####/c41e1a23e9d59114245c2df8870402ea
  • /data/data/####/ca35ee0de6bf48d5933c2ec2f7c72133
  • /data/data/####/ca7fbfb6d1d48bb0_0
  • /data/data/####/cache_store1.xml
  • /data/data/####/cache_store2.xml
  • /data/data/####/cda41848ee2283f97eb5728193a9fab2
  • /data/data/####/classes.dex
  • /data/data/####/classes.oat
  • /data/data/####/classes2.dex
  • /data/data/####/classes3.dex
  • /data/data/####/com.dgmaka.abdgapp.BETA_VALUES.xml
  • /data/data/####/com.dgmaka.abdgapp.apk
  • /data/data/####/com.dgmaka.abdgapp.dex
  • /data/data/####/com.dgmaka.abdgapp.dex.flock (deleted)
  • /data/data/####/com.dgmaka.abdgapp_preferences.xml
  • /data/data/####/core_info
  • /data/data/####/crashrecord.xml
  • /data/data/####/d0e65b6be3de5ec0341de9ddfd8fd497.0.tmp
  • /data/data/####/d0e65b6be3de5ec0341de9ddfd8fd497.1
  • /data/data/####/d449f2cb7201b56c9c065887e90d50d3.0.tmp
  • /data/data/####/d449f2cb7201b56c9c065887e90d50d3.1
  • /data/data/####/d449f2cb7201b56c9c065887e90d50d3.1.tmp
  • /data/data/####/d62e49f0441f7c67fcb15d8503f68d49
  • /data/data/####/d85ed660fb2bad10_0
  • /data/data/####/d9678e2bc42b169473af714eee22e8c9
  • /data/data/####/d9b336cb052bb51264345fbcb28ec23f.0.tmp
  • /data/data/####/d9b336cb052bb51264345fbcb28ec23f.1
  • /data/data/####/d9b336cb052bb51264345fbcb28ec23f.1.tmp
  • /data/data/####/dbdcf64df1b200afd6a62bd015ce1a74.0
  • /data/data/####/dbdcf64df1b200afd6a62bd015ce1a74.0.tmp
  • /data/data/####/dbdcf64df1b200afd6a62bd015ce1a74.1
  • /data/data/####/debug.conf
  • /data/data/####/device_id.xml.xml
  • /data/data/####/e1e1480b32a77570_0 (deleted)
  • /data/data/####/e20d4c65a93d2ac39f9bc27e19e29787
  • /data/data/####/e81948fca14c6e08_0
  • /data/data/####/e81948fca14c6e08_1
  • /data/data/####/eb577956e1930a25932baa8bf539bfde
  • /data/data/####/ec65e6cf8b8057d7_0
  • /data/data/####/ec65e6cf8b8057d7_1
  • /data/data/####/ee2c8acc474d283566b053c6c988e265
  • /data/data/####/f543de85377f0ff9c70074c534301efe
  • /data/data/####/f76fbdde46b8bed7_0
  • /data/data/####/f76fbdde46b8bed7_1
  • /data/data/####/f850560e36f2e7c3c8d522ba08352df1
  • /data/data/####/f91e5b70dd3e2775_0
  • /data/data/####/f91e5b70dd3e2775_0 (deleted)
  • /data/data/####/f91e5b70dd3e2775_1
  • /data/data/####/fa6c55481492b013_0
  • /data/data/####/fb03ac0bef1670aa_0
  • /data/data/####/fc257b824a63d483_0 (deleted)
  • /data/data/####/fd03deccac810d42751987b5bbf004c1.0.tmp
  • /data/data/####/fd03deccac810d42751987b5bbf004c1.1
  • /data/data/####/fe98bd65fb9b17d7_0
  • /data/data/####/fe98bd65fb9b17d7_1
  • /data/data/####/file_res_configs.xml
  • /data/data/####/growing.db
  • /data/data/####/growing.db-journal
  • /data/data/####/growing_profile.xml
  • /data/data/####/growing_server_pref.xml
  • /data/data/####/growingio_diagnose.xml
  • /data/data/####/growingio_diagnose.xml.bak
  • /data/data/####/index
  • /data/data/####/journal
  • /data/data/####/key_library_option.xml
  • /data/data/####/libjiagu.so
  • /data/data/####/local_crash_lock
  • /data/data/####/local_crash_lock (deleted)
  • /data/data/####/maka.db-journal
  • /data/data/####/metrics_guid
  • /data/data/####/mobclick_agent_online_setting_com.dgmaka.abdgapp.xml
  • /data/data/####/native_record_lock
  • /data/data/####/proc_auxv
  • /data/data/####/security_info
  • /data/data/####/system_APP.xml
  • /data/data/####/tbs_download_config.xml
  • /data/data/####/tbs_download_config.xml.bak
  • /data/data/####/tbs_download_stat.xml
  • /data/data/####/tbscoreinstall.txt
  • /data/data/####/tbslock.txt
  • /data/data/####/temp-index
  • /data/data/####/the-real-index
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_message_state.xml
  • /data/data/####/ut.db
  • /data/data/####/ut.db-journal
  • /data/media/####/Alvin2.xml
  • /data/media/####/ContextData.xml
  • /data/media/####/app.log
  • /data/media/####/tbslog.txt
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/sh -c getprop
  • /system/bin/sh -c type su
  • cat /sys/class/net/wlan0/address
  • chmod 755 /data/user/0/<Package>/.jiagu/libjiagu.so
  • getprop
  • getprop ro.product.cpu.abi
Loads the following dynamic libraries:
  • libBugly
  • libclient
  • libjiagu
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-GCM-NoPadding
  • RC4
  • RSA-ECB-NoPadding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • AES-GCM-NoPadding
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android