マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話

03-6550-8770

Profile

Adware.Plague.5302

Added to the Dr.Web virus database: 2026-06-30

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Plague.1.origin
Network activity:
Connects to:
  • UDP(???) pla####.google####.com:443
  • UDP(???) firebas####.google####.com:443
  • UDP(???) rr6---s####.g####.com:443
  • UDP(???) rr4---s####.g####.com:443
  • UDP(???) rr7---s####.g####.com:443
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) g####.b####.com.####.com:80
  • TCP(HTTP/1.1) se####.b####.com:80
  • TCP(HTTP/1.1) opencdn####.jom####.com:80
  • TCP(HTTP/1.1) wap.n.sh####.com:80
  • TCP(HTTP/1.1) banti-s####.cdn.bc####.####.com:80
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) dl####.b####.com.####.com:443
  • TCP(TLS/1.0) r####.tc.qq.com:443
  • TCP(TLS/1.0) firebas####.google####.com:443
  • TCP(TLS/1.0) x####.b####.com:443
  • TCP(TLS/1.0) wap####.b####.com:443
  • TCP(TLS/1.0) zy.b####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) fex.bdst####.com:443
  • TCP(TLS/1.0) banti-s####.cdn.bc####.####.com:443
  • TCP(TLS/1.0) rr7---s####.g####.com:443
  • TCP(TLS/1.0) pass####.b####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) opencdn####.jom####.com:443
  • TCP(TLS/1.0) rr5---s####.g####.com:443
  • TCP(TLS/1.0) m####.b####.com:443
  • TCP(TLS/1.0) wap.n.sh####.com:443
  • TCP(TLS/1.0) psst####.cdn.bc####.####.com:443
  • TCP(TLS/1.0) pla####.google####.com:443
  • TCP(TLS/1.0) cas.b####.com:443
  • TCP(TLS/1.0) www.a.sh####.com:443
  • TCP(TLS/1.0) sslb####.jom####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) g####.b####.com.####.com:443
  • TCP(TLS/1.2) firebas####.google####.com:443
  • TCP(TLS/1.2) 64.2####.162.100:443
  • TCP(TLS/1.2) 74.1####.205.104:443
DNS requests:
  • ae.bdst####.com.####.com
  • and####.a####.go####.com
  • and####.cli####.go####.com
  • and####.google####.com
  • android####.go####.com
  • banti-s####.cdn.bc####.####.com
  • cas.b####.com
  • connect####.gst####.com
  • devicei####.google####.com
  • dl####.b####.com.####.com
  • fex.bdst####.com
  • firebas####.google####.com
  • g####.b####.com.####.com
  • g####.b####.com.####.com
  • hm.b####.com
  • i.y####.com
  • m####.b####.com
  • n####.cdn.bc####.####.com
  • opencdn####.jom####.com
  • opencdn####.jom####.com
  • opencdn####.jom####.com
  • opencdn####.jom####.com
  • p####.google####.com
  • pass####.b####.com
  • pla####.google####.com
  • pla####.googleu####.com
  • playsto####.google####.com
  • prod-lt####.google####.com
  • psst####.cdn.bc####.####.com
  • r####.tc.qq.com
  • rr4---s####.g####.com
  • rr5---s####.g####.com
  • rr6---s####.g####.com
  • rr7---s####.g####.com
  • se####.b####.com
  • sslb####.jom####.com
  • t7.b####.com.####.com
  • t8.b####.com.####.com
  • t9.b####.com.####.com
  • wap####.b####.com
  • wap.n.sh####.com
  • www.a.sh####.com
  • www.google####.com
  • x####.b####.com
  • zi####.b####.com
  • zy.b####.com
HTTP GET requests:
  • banti-s####.cdn.bc####.####.com/nv01/static/ecom/amd/bundle-3ZniPFAW-chu...
  • banti-s####.cdn.bc####.####.com/nv01/static/ecom/amd/init-B7kemDUF-chunk...
  • banti-s####.cdn.bc####.####.com/nv01/static/ecom/amd/init.js
  • banti-s####.cdn.bc####.####.com/nv01/static/ecom/amd/speedReport-BnZ2ZW7...
  • banti-s####.cdn.bc####.####.com/nv01/static/ecom/amd/wise_exposure_inter...
  • g####.b####.com.####.com/poster/src=https://avatar.bdstatic.com/it/u=931...
  • g####.b####.com.####.com/search/src=https://pic.rmb.bdstatic.com/bjh/por...
  • opencdn####.jom####.com/se/static/@baidu/cosmic/core_50254197.js
  • opencdn####.jom####.com/se/static/ala_atom/app/vid_recommend/index_3ec37...
  • opencdn####.jom####.com/se/static/ala_atom/app/www_index/index_845e3e3.js
  • opencdn####.jom####.com/se/static/amd_modules/@baidu/baikan-sse_755e314.js
  • opencdn####.jom####.com/se/static/amd_modules/@baidu/chat-sse_7c86ea8.js
  • opencdn####.jom####.com/se/static/amd_modules/@baidu/cosmic-ui-search/in...
  • opencdn####.jom####.com/se/static/amd_modules/@baidu/marklang_59b2ee2.js
  • opencdn####.jom####.com/se/static/amd_modules/@baidu/mcp-search_0f2dc4e.js
  • opencdn####.jom####.com/se/static/amd_modules/@baidu/search-components/c...
  • opencdn####.jom####.com/se/static/amd_modules/@baidu/search-components/l...
  • opencdn####.jom####.com/se/static/atom/card-entry_c88003b.js
  • opencdn####.jom####.com/se/static/atom/pure-atom_ae1bdb6.js
  • opencdn####.jom####.com/se/static/atom/search-ui/v2/core_7262120.js
  • opencdn####.jom####.com/se/static/font/cosmic/wise/cos-icon_1baa2e8.woff2
  • opencdn####.jom####.com/se/static/font/cosmic/wise/cos-icon_21c500c.css
  • opencdn####.jom####.com/se/static/font/pmd/cicon_52c1d12.woff
  • opencdn####.jom####.com/se/static/js/bundles/ala-util_4c71637.js
  • opencdn####.jom####.com/se/static/js/bundles/audio_video_0b0fe95.js
  • opencdn####.jom####.com/se/static/js/bundles/invoke_0d5933e.js
  • opencdn####.jom####.com/se/static/js/bundles/lib_3eaeb31.js
  • opencdn####.jom####.com/se/static/js/bundles/module_42dc54c.js
  • opencdn####.jom####.com/se/static/js/bundles/services_e0e681e.js
  • opencdn####.jom####.com/se/static/js/iphone/async-search_943fa01.js
  • opencdn####.jom####.com/se/static/js/iphone/frame_7720939.js
  • opencdn####.jom####.com/se/static/js/iphone/globalB1_fc8358c.js
  • opencdn####.jom####.com/se/static/js/iphone/globalB2_2ad2a04.js
  • opencdn####.jom####.com/se/static/js/iphone/globalT_6ddca35.js
  • opencdn####.jom####.com/se/static/js/iphone/www/www_fd3e770.js
  • opencdn####.jom####.com/se/static/molecules/baikan//hydrate-BPguG_Vo.js
  • opencdn####.jom####.com/se/static/molecules/baikan//js/component-rendere...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/baikan-components/...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/block-components/f...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/block-components/m...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/component-renderer...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/append-url-...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/assistant-B...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/base-block-...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/const-DAe3M...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/event-type-...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/index-B_t5i...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/index.san-C...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/launch-web-...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/remove-mark...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/text-extrac...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/tts.san-D0q...
  • opencdn####.jom####.com/se/static/molecules/baikan/js/shared/utils-HZSA3...
  • opencdn####.jom####.com/se/static/molecules/polyfills/@baidu/web-animati...
  • opencdn####.jom####.com/se/static/nextpage/m/scripts/local-modules_3d55a...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/fusion-compo...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/login_3127e3...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/massPlayer_d...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/prefetch-app...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/se-video-ad_...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/splayer-cont...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/ubc-report-s...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/video-decode...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/video_dd20a3...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/webb_cf7308a...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/wise-invoke-...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/xbox-player_...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@baidu/xzh-sdk_62e1...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@searchfe/inject-js...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/@searchfe/underscor...
  • opencdn####.jom####.com/se/static/sf/app/amd_modules/tslib_805d2fb.js
  • opencdn####.jom####.com/se/static/sf/app/js/global/asyncMod/bundle_c232f...
  • opencdn####.jom####.com/se/static/sf/app/js/global/asyncMod/lib_bundle_c...
  • opencdn####.jom####.com/se/static/sf/app/js/modules/ala-util_75f381b.js
  • opencdn####.jom####.com/se/static/sf/app/js/webb2/instance_a8cd1ad.js
  • opencdn####.jom####.com/se/static/sf/app/vmInstance/vmInstances_9ee62dd.js
  • opencdn####.jom####.com/se/static/wise/nextpage/se-video/img/fb56aacd20c...
  • opencdn####.jom####.com/se/static/wise/nextpage/video/index.58df621.js
  • opencdn####.jom####.com/se/static/wise/nextpage/video/index.f228b747.css
  • opencdn####.jom####.com/se/static/wise/nextpage/video_page/index.4ec2657...
  • opencdn####.jom####.com/se/static/wise/nextpage/video_page/index.ca4e6ea...
  • opencdn####.jom####.com/se/static/wiseatom/banner/baiduApp_13a85c7.svg
  • opencdn####.jom####.com/static/searchbox/openjs/share.js?v=####
  • se####.b####.com/owb.gif?type=####&fm=####&data=####&qid=####&did=####&q...
  • wap.n.sh####.com/error
  • wap.n.sh####.com/from=0/bd_page_type=1/ssid=0/uid=0/pu=usm@0,sz@1320_100...
  • wap.n.sh####.com/rec?platform=####&ms=####&lsAble=####&rset=####&word=##...
  • wap.n.sh####.com/s?word=####
  • wap.n.sh####.com/se/static/atom/search-ui/Image/asset/default.svg
  • wap.n.sh####.com/se/static/img/iphone/tab_loading__bg_logo_small.png
  • wap.n.sh####.com/sf/vsearch?pd=####&word=####&tn=####&sa=####&lid=####&m...
  • wap.n.sh####.com/static/search/clear.png
  • wap.n.sh####.com/video/page?pd=####&nid=####&sign=####&word=####&oword=#...
File system changes:
Creates the following files:
  • /data/app/####/.x86_64
  • /data/app/####/com.android.vending.apk
  • /data/app/####/config.en
  • /data/app/####/config.x86_64
  • /data/app/####/libandroidx.graphics.path.so
  • /data/app/####/libapkanalysis.so
  • /data/app/####/libbrotli.so
  • /data/app/####/libcronet.150.0.7871.28.so
  • /data/app/####/libmappedcountercacheversionjni.so
  • /data/app/####/libtensorflowlite_jni.so
  • /data/app/####/libzucchini.so
  • /data/app/####/libzwrapper.so
  • /data/data/####/.jg.ic
  • /data/data/####/0164366a8bcce186_0
  • /data/data/####/01e5f16d5e56f7da_0
  • /data/data/####/01fae8e5547b8ffa_0
  • /data/data/####/041c2b01c1a07f29_0
  • /data/data/####/04ed91b448f93ba5_0
  • /data/data/####/04ed91b448f93ba5_1
  • /data/data/####/04f15bdf1180eb6a_0
  • /data/data/####/04f15bdf1180eb6a_1
  • /data/data/####/050be4054c062525_0
  • /data/data/####/055500f065c630e5_0
  • /data/data/####/08334dcd35721b78_0
  • /data/data/####/0838ed2df32f8216_0
  • /data/data/####/08f6c19037ceb023_0
  • /data/data/####/09ab92aa9da4eeab_0
  • /data/data/####/0c06311b6a8952ce_0
  • /data/data/####/0cc8f1b64e8c4a29_0
  • /data/data/####/0d7bf77ad01c9de7_0
  • /data/data/####/0e7262211ab7cc06_0
  • /data/data/####/12c8aad40af2a0f7_0
  • /data/data/####/12d2727717990f7c_0
  • /data/data/####/12f90f7b4e1b8e86_0
  • /data/data/####/12f90f7b4e1b8e86_1
  • /data/data/####/142e7298e0c11757_0
  • /data/data/####/142e7298e0c11757_1
  • /data/data/####/146f106489ec60db_0
  • /data/data/####/1493ad5407cd4df2_0
  • /data/data/####/152a8a178dbf3fe6_0
  • /data/data/####/1630ae46b5d80700_0 (deleted)
  • /data/data/####/1653881d60070ad6_0
  • /data/data/####/1876f3205eb9cf74_0
  • /data/data/####/1a16d9e8c5fc1ff8_0
  • /data/data/####/1a16d9e8c5fc1ff8_1
  • /data/data/####/1aab1905ed67aa70_0
  • /data/data/####/1af91acc50322060_0
  • /data/data/####/1d502468455f5947_0
  • /data/data/####/1feb0be9262c6c8b_0
  • /data/data/####/20c9a51ae880fde8_0
  • /data/data/####/212ec54ab0cdbf42_0
  • /data/data/####/212ec54ab0cdbf42_1
  • /data/data/####/2392c07e177daa81_0
  • /data/data/####/2392c07e177daa81_1
  • /data/data/####/23ba9b9a4857215a_0 (deleted)
  • /data/data/####/242d3e38221d533c_0
  • /data/data/####/2478092dd60060d9_0
  • /data/data/####/259965283b555ca3_0
  • /data/data/####/259965283b555ca3_1
  • /data/data/####/265c4bcbaffbba31_0 (deleted)
  • /data/data/####/290446d0195f44a6_0
  • /data/data/####/29529d5aa70beebe_0
  • /data/data/####/2b7852e45a55758a_0
  • /data/data/####/2d7dc402b694089a_0
  • /data/data/####/2d7dc402b694089a_1
  • /data/data/####/2e3d5183f86c7d82_0
  • /data/data/####/2f116c35b06901bb_0
  • /data/data/####/2f116c35b06901bb_1
  • /data/data/####/2ff755e5b5e722ab_0
  • /data/data/####/3146e732253c9ce9_0
  • /data/data/####/325fcaaa3667b9cb_0
  • /data/data/####/330544b3c8f3ed31_0
  • /data/data/####/330544b3c8f3ed31_1
  • /data/data/####/3350e8efbfe1ad91_0
  • /data/data/####/36d4af2c85185ab5_0 (deleted)
  • /data/data/####/373c2fe84dc70c01_0
  • /data/data/####/3765d81bb2ef8742_0
  • /data/data/####/3e5a9c0c99f3c2cc_0
  • /data/data/####/3e5a9c0c99f3c2cc_0 (deleted)
  • /data/data/####/3e5a9c0c99f3c2cc_1
  • /data/data/####/4154d9ceb6c4a386_0
  • /data/data/####/420260ac90a855ce_0
  • /data/data/####/42c336890fc39d53_0
  • /data/data/####/42c336890fc39d53_1
  • /data/data/####/44f8e67043615217_0
  • /data/data/####/44f8e67043615217_1
  • /data/data/####/463944e98b8266f5_0
  • /data/data/####/463944e98b8266f5_1
  • /data/data/####/49a2f893b2b01c54_0
  • /data/data/####/49a2f893b2b01c54_1
  • /data/data/####/49a6b5a2618760a1_0
  • /data/data/####/4a4fdf061c0b24b4_0
  • /data/data/####/4b119aa048404e72_0 (deleted)
  • /data/data/####/4c88a5dfa9613074_0
  • /data/data/####/4c88a5dfa9613074_1
  • /data/data/####/4c94944663d5fbd6_0
  • /data/data/####/4c94944663d5fbd6_1
  • /data/data/####/4f9cfcf9146ca28e_0
  • /data/data/####/4f9cfcf9146ca28e_1
  • /data/data/####/4fba98ce3d5104e5_0
  • /data/data/####/4fba98ce3d5104e5_1
  • /data/data/####/500fc172297193ad_0
  • /data/data/####/500fc172297193ad_1
  • /data/data/####/5039244dde179f77_0
  • /data/data/####/5039244dde179f77_1
  • /data/data/####/50890dda8cc14625_0
  • /data/data/####/51282ca5b1c94f9d_0
  • /data/data/####/5131ce19f90a4025_0
  • /data/data/####/5131ce19f90a4025_1
  • /data/data/####/5342a7e7397e69d7_0
  • /data/data/####/54375f0172ed2ec9_0
  • /data/data/####/550790109b949df7_0
  • /data/data/####/550790109b949df7_1
  • /data/data/####/556be6eac49a8e91_0
  • /data/data/####/55eb5996cf1caa97_0
  • /data/data/####/55eb5996cf1caa97_1
  • /data/data/####/5717bcf44c1cf3a2_0
  • /data/data/####/579291bfc8fad262_0
  • /data/data/####/579291bfc8fad262_1
  • /data/data/####/579f7edd9b866d96_0 (deleted)
  • /data/data/####/586d1e79e0e43c3b_0
  • /data/data/####/59ed949abfc910ca_0
  • /data/data/####/5a464ab8c0e2d3d5_0
  • /data/data/####/5b2047edcccfaaa9_0
  • /data/data/####/5c7a8b340e82db33_0
  • /data/data/####/5c7a8b340e82db33_1
  • /data/data/####/60c04bca9ef51ac4_0
  • /data/data/####/61842abc92a19f0f_0
  • /data/data/####/61bde19003f79fa2_0
  • /data/data/####/61bde19003f79fa2_1
  • /data/data/####/64823b40e6ae2c69_0
  • /data/data/####/6773040f26ed1071_0
  • /data/data/####/6773040f26ed1071_1
  • /data/data/####/679bce5d302fc580_0
  • /data/data/####/690617feb7b13e45_0
  • /data/data/####/69f95f93f240784f_0
  • /data/data/####/69f95f93f240784f_1
  • /data/data/####/6a3a7c8deb6360a4_0 (deleted)
  • /data/data/####/6a75549249751bfa_0 (deleted)
  • /data/data/####/6cf1e1757792eec2_0
  • /data/data/####/6dd1a2e247c7cf8e_0
  • /data/data/####/6e8b7a4851d813f2_0
  • /data/data/####/6e8b7a4851d813f2_1
  • /data/data/####/6f1371cb59fbaa3e_0
  • /data/data/####/6f1371cb59fbaa3e_1
  • /data/data/####/6fdfe4585ccc6d3e_0
  • /data/data/####/6fdfe4585ccc6d3e_1
  • /data/data/####/71b0535286741650_0
  • /data/data/####/75ee698bc1a33320_0
  • /data/data/####/75ee698bc1a33320_1
  • /data/data/####/775e48f74d163198_0
  • /data/data/####/775e48f74d163198_1
  • /data/data/####/78d96c65e071e770_0
  • /data/data/####/78f4956084e2a639_0 (deleted)
  • /data/data/####/79bc6e06985a748b_0
  • /data/data/####/79bc6e06985a748b_1
  • /data/data/####/7b27edf418ac1694_0
  • /data/data/####/7b55ef24cacaa958_0
  • /data/data/####/7b55ef24cacaa958_1
  • /data/data/####/7c7fa1bfc523d713_0
  • /data/data/####/7e2d892c8269eca2_0
  • /data/data/####/7e2d892c8269eca2_1
  • /data/data/####/7fd265a4bb971a9a_0
  • /data/data/####/7fd265a4bb971a9a_1
  • /data/data/####/801fd16a3f1e9098_0
  • /data/data/####/80c01398cc871a93_0
  • /data/data/####/80c01398cc871a93_1
  • /data/data/####/82a911f31682a022_0
  • /data/data/####/82d327537b2dce75_0
  • /data/data/####/82d327537b2dce75_1
  • /data/data/####/83d930363b62f823_0
  • /data/data/####/83d930363b62f823_1
  • /data/data/####/84cc3288f4a0e7fd_0
  • /data/data/####/84eab6ff08449886_0
  • /data/data/####/85aa7952dd47d2c2_0 (deleted)
  • /data/data/####/860ee7d4b46e8031_0
  • /data/data/####/860ee7d4b46e8031_1
  • /data/data/####/8718f2e9e408b255_0 (deleted)
  • /data/data/####/88fdffeaf42c782a_0
  • /data/data/####/8b61c43f3d4212d3_0
  • /data/data/####/8b61c43f3d4212d3_1
  • /data/data/####/8d747d6d8d26a8f8_0
  • /data/data/####/8d99b291c2b4d489_0
  • /data/data/####/91ac13e908d6ae52_0
  • /data/data/####/91ac13e908d6ae52_1
  • /data/data/####/92328ac92ce037e4_0
  • /data/data/####/92328ac92ce037e4_1
  • /data/data/####/979be4a0ee3b6c66_0
  • /data/data/####/980c155fbd26280d_0
  • /data/data/####/9950c6462c23d29b_0
  • /data/data/####/9950c6462c23d29b_1
  • /data/data/####/99bea276942c33fc_0
  • /data/data/####/99bea276942c33fc_1
  • /data/data/####/9a416c0f355e3ced_0
  • /data/data/####/9a4b705383deee22_0 (deleted)
  • /data/data/####/9b712dd5815577ab_0
  • /data/data/####/9bf8d3273e600673_0
  • /data/data/####/9d0c78890dce5ede_0
  • /data/data/####/9d0c78890dce5ede_1
  • /data/data/####/9e8c2a80074135f6_0
  • /data/data/####/9e9895a6e3f09a04_0
  • /data/data/####/9e9895a6e3f09a04_1
  • /data/data/####/CURRENT
  • /data/data/####/Cookies-journal
  • /data/data/####/Databases.db-journal
  • /data/data/####/MANIFEST-000001
  • /data/data/####/QuotaManager-journal
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a365bafd39e5283e_0
  • /data/data/####/a3dcbf5d44395cbe_0
  • /data/data/####/a3dcbf5d44395cbe_1
  • /data/data/####/a485ca6064588650_0
  • /data/data/####/a4923a1852a36268_0
  • /data/data/####/a7b8ac7d60c22fd0_0
  • /data/data/####/a840d96ec27929c1_0
  • /data/data/####/a840d96ec27929c1_1
  • /data/data/####/a9a3e2ff6e04da4c_0
  • /data/data/####/ac21213d6c1aa6ed_0
  • /data/data/####/ac21213d6c1aa6ed_1
  • /data/data/####/acb949822b08682c_0
  • /data/data/####/acb949822b08682c_1
  • /data/data/####/adb59db58c2e6e17_0
  • /data/data/####/ae22b6e35f33ec60_0 (deleted)
  • /data/data/####/ae594030f7593a2b_0
  • /data/data/####/af81793654ff5b7b_0
  • /data/data/####/af81793654ff5b7b_1
  • /data/data/####/af9273d0d205682c_0
  • /data/data/####/af96bcaea6e4150c_0
  • /data/data/####/af96bcaea6e4150c_1
  • /data/data/####/app_bsbgclasses.dex
  • /data/data/####/app_bsbgclasses.dex.flock (deleted)
  • /data/data/####/app_bsbgclasses.jar
  • /data/data/####/b0f1814bf4686630_0
  • /data/data/####/b2c4fd7b5abbbf6a_0
  • /data/data/####/b470bec962d44c42_0
  • /data/data/####/b5ab6461807bfb2c_0
  • /data/data/####/b6f86cf3fcd50350_0
  • /data/data/####/b96df07599841a11_0
  • /data/data/####/b96df07599841a11_1
  • /data/data/####/ba45d68c2c305c3f_0
  • /data/data/####/bcf98b61daf8c307_0
  • /data/data/####/bd06c354e096d7df_0
  • /data/data/####/bd06c354e096d7df_0 (deleted)
  • /data/data/####/bd5eceb9ec06e5ff_0
  • /data/data/####/bd63d0a52b5262f9_0
  • /data/data/####/be11582df38b3ba0_0
  • /data/data/####/be6971512e09c397_0 (deleted)
  • /data/data/####/bfeec04a525af395_0
  • /data/data/####/c1399e0bb220238c_0
  • /data/data/####/c147ab4d27c2d846_0
  • /data/data/####/c3a8d2405415ab28_0 (deleted)
  • /data/data/####/c44169ce8fa11fcd_0
  • /data/data/####/c44169ce8fa11fcd_1
  • /data/data/####/c4fce69e619bf7f1_0
  • /data/data/####/c73d9b9ab20aabd0_0
  • /data/data/####/c73d9b9ab20aabd0_1
  • /data/data/####/c7b2fc7c61bb67de_0
  • /data/data/####/ca45501b55eac87d_0
  • /data/data/####/ca6df64c13055a04_0 (deleted)
  • /data/data/####/ca968576992a7730_0
  • /data/data/####/ca968576992a7730_1
  • /data/data/####/cfbb08d5bc74deb5_0
  • /data/data/####/classes.dex
  • /data/data/####/classes.oat
  • /data/data/####/classes2.dex
  • /data/data/####/com.QHapp.game.sanzijing_preferences.xml
  • /data/data/####/d1fe1d0052ad3806_0
  • /data/data/####/d1fe1d0052ad3806_1
  • /data/data/####/d3b3f9cf7d2aaa19_0
  • /data/data/####/d3b3f9cf7d2aaa19_1
  • /data/data/####/d3fb1fcb1c890122_0
  • /data/data/####/d4a2cb89bd842340_0
  • /data/data/####/d50dc28d846032f6_0
  • /data/data/####/d50dc28d846032f6_1
  • /data/data/####/d549cfbb4f0eb52a_0
  • /data/data/####/d6d4e2e33857664f_0
  • /data/data/####/d6d4e2e33857664f_1
  • /data/data/####/d955272ebbd73fc0_0
  • /data/data/####/db40515b5faec9cc_0
  • /data/data/####/db40515b5faec9cc_1
  • /data/data/####/dbwchs-journal
  • /data/data/####/dc340b37f2337913_0
  • /data/data/####/dc6c5d9e6b12f836_0
  • /data/data/####/dca70fd8454430f3_0
  • /data/data/####/dca70fd8454430f3_1
  • /data/data/####/dd74861c6a4db09f_0
  • /data/data/####/de55cbda60e4af0f_0 (deleted)
  • /data/data/####/df3b2546fa125da7_0
  • /data/data/####/e3ddd446ddc3be4d_0
  • /data/data/####/e436625029744a70_0
  • /data/data/####/e436625029744a70_1
  • /data/data/####/e65c94b582e97f23_0
  • /data/data/####/e68c3e3c366b1ab3_0
  • /data/data/####/e68c3e3c366b1ab3_1
  • /data/data/####/e7de23149766e33c_0 (deleted)
  • /data/data/####/eaa5505eed095816_0
  • /data/data/####/eba3665fcf703a31_0
  • /data/data/####/eba3665fcf703a31_1
  • /data/data/####/ebfea468f5447d22_0
  • /data/data/####/ebfea468f5447d22_1
  • /data/data/####/ef1c8166365c5779_0
  • /data/data/####/efd99da76787437a_0
  • /data/data/####/f080e9e9c9513890_0
  • /data/data/####/f080e9e9c9513890_1
  • /data/data/####/f12b810d229df4ee_0
  • /data/data/####/f12b810d229df4ee_1
  • /data/data/####/f142cf9ff2a2ec56_0
  • /data/data/####/f142cf9ff2a2ec56_1
  • /data/data/####/f27450fe9057eac1_0
  • /data/data/####/f27450fe9057eac1_1
  • /data/data/####/f342f27779380200_0
  • /data/data/####/f4bd98f5688601d4_0
  • /data/data/####/f4fd18aec1e3999d_0
  • /data/data/####/f544004f35d3ec6b_0 (deleted)
  • /data/data/####/f610267b480e266a_0
  • /data/data/####/f6192d865d0e5d06_0
  • /data/data/####/f69a4189c10a8067_0
  • /data/data/####/f69a4189c10a8067_1
  • /data/data/####/f7fc720cf00221ff_0
  • /data/data/####/f7fc720cf00221ff_1
  • /data/data/####/f97d94c4c95e12cb_0
  • /data/data/####/f97d94c4c95e12cb_1
  • /data/data/####/f9b1f4d67162e420_0
  • /data/data/####/f9b1f4d67162e420_1
  • /data/data/####/fa4a60f50dc2e003_0
  • /data/data/####/fa4a60f50dc2e003_1
  • /data/data/####/fb8b7ffd44043054_0
  • /data/data/####/fbfb3cd326312582_0
  • /data/data/####/fc404ae186174154_0 (deleted)
  • /data/data/####/fc5404cd99880337_0
  • /data/data/####/fc5404cd99880337_1
  • /data/data/####/fc7f11b2e7ed741b_0
  • /data/data/####/fc7f11b2e7ed741b_1
  • /data/data/####/ff4bd4b606464372_0
  • /data/data/####/index
  • /data/data/####/jg_so_upgrade_setting.xml
  • /data/data/####/libjiagu.so
  • /data/data/####/metrics_guid
  • /data/data/####/proc_auxv
  • /data/data/####/the-real-index
  • /data/media/####/sanzijing.db
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • chmod 755 /data/user/0/<Package>/.jiagu/libjiagu.so
Loads the following dynamic libraries:
  • libjiagu
  • libnzr
Uses the following algorithms to encrypt data:
  • DES-ECB-PKCS5Padding
Uses the following algorithms to decrypt data:
  • DESede-CBC-PKCS7Padding
Uses special library to hide executable bytecode.
Accesses camera interface.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android