FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.SmsSpy.5285

Added to the Dr.Web virus database: 2017-02-08

Virus description added:

Technical information

Malicious functions:
Sends SMS messages:
  • 1069099903306: ####
Executes code of the following detected threats:
  • Android.SmsSend.1848.origin
Sends data on received text messages to remote host.
Network activity:
Connecting to:
  • p####.####.com:9000
  • 1####.####.57:10001
  • af####.####.com
  • w####.####.com
  • y####.####.com
  • 1####.####.57
  • 1####.####.56
  • down####.####.com
  • s####.####.com
  • 1####.####.34:19000
  • i####.####.com
  • a####.####.site
  • p####.####.com
  • col####.####.com
  • l####.####.com
  • m####.####.com
  • 1####.####.242:8080
  • m####.####.cn
  • 1####.####.242
  • o####.####.com
  • a####.####.site:8090
  • y####.com
  • a####.####.com
  • t####.####.com
  • c####.####.net
  • c####.####.com
  • d####.####.com
  • sdkup####.####.com:20000
  • pco####.####.com
HTTP GET requests:
  • w####.####.com/414x480/uploadImages/2017/038/29/H5QGQSJ6BR8N.jpg
  • w####.####.com/uploadImages/2016/120/05/5E34E6455ES0_H.jpg
  • t####.####.com/cc/json/mobile_tel_segment.htm?tel=####
  • w####.####.com/uploadImages/2016/118/34/H299LL23NUDP_H.jpg
  • w####.####.com/uploadImages/2017/039/45/408XL1830991.jpg
  • w####.####.com/uploadImages/2016/328/12/9K5O547H2L82.jpg
  • m####.####.cn/xv3a1ecf93f7caf039db137987a2f679f650f1d61d75e13eef51322a.js
  • pco####.####.com/app.gif?&cna=####
  • w####.####.com/uploadImages/2017/038/25/1NW66IPFI0PQ.jpg
  • y####.com/TLimages2009/yesky/js/tiaozhuanyemian.js
  • m####.####.cn/kv3a1ecf93f2cffe3edb137987a2f679f650f1d61d75e13eef51322a.js
  • y####.com/TLimages2009/yesky/wap/swiper.min.css
  • m####.####.cn/tr3a1ecf93f7caf13fdb137987a2f679f650f1d61d75e13eef51322a.js
  • m####.####.cn/s?sz=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&t...
  • w####.####.com/414x480/uploadImages/2017/038/25/LH05B873L943.jpg
  • w####.####.com/pic/c/6_22171.shtml
  • w####.####.com/uploadImages/2016/120/45/8P1XL41649JJ_H.jpg
  • af####.####.com/imp?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&e=####&k=####&cb=####
  • w####.####.com/uploadImages/20160316112906462.jpg
  • y####.com/TLimages2009/yesky/js/wenzhangzhuan.js
  • w####.####.com/uploadImages/2016/120/12/DIWQ5Y6FF0M0_H.jpg
  • p####.####.com/sdkMis/getRdoUrl
  • m####.####.com/get.php?apiKey=####&imsi=####
  • y####.####.com/s?z=####&c=####
  • w####.####.com/uploadImages/2016/118/53/99H80FPG88P5_H.jpg
  • w####.####.com/uploadImages/2017/039/25/1JD2M7DQR1C9.jpg
  • y####.com/TLimages2009/yesky/js/swiper.min.js
  • w####.####.com/uploadImages/2016/314/22/463PAL47OWOL_H.jpg
  • m####.####.com/getSP135.php?appName=####&productName=####&mobile=####&apiKey=####&tradeId=####&point=####&extraInfo=####&model=####&op=####&did=####&o...
  • sdkup####.####.com:20000/version/28/patch/astep_A_J_3.0.0_28.apk_26_patch.apk
  • w####.####.com/uploadImages/2017/004/50/N03D9CC1BY35.jpg
  • w####.####.com/uploadImages/2017/038/43/Q353779HE1RF.jpg
  • w####.####.com/uploadImages/2017/038/51/CTPRHZ71ERZ4.jpg
  • w####.####.com/414x480/uploadImages/2017/038/28/LZR0F05AN96U.jpg
  • a####.####.site:8090/phoneget?cpid=####&ismi=####&calltime=####&callcount=####&smscount=####&appname=####&sign=####
  • m####.####.cn/ww3a1ecf93f7cbf53adb137987a2f679f650f1d61d75e13eef51322a.js
  • w####.####.com/pic/c/6_61105.shtml
  • w####.####.com/uploadImages/2017/038/43/Q353779HE1RF_H.jpg
  • w####.####.com/uploadImages/2017/038/59/T5J2F5OGB0E1.jpg
  • w####.####.com/414x480/uploadImages/2017/038/23/94T0DTGL739A.jpg
  • y####.com/TLimages2009/yesky/js/iscroll.js
  • y####.com/TLimages2009/yesky/images/wimg/nav-top.png
  • w####.####.com/uploadImages/2017/039/38/E5T26K8KTDR5.jpg
  • c####.####.com/sync.htm?cproid=####
  • w####.####.com/uploadImages/2016/118/16/OR65S934JP73_H.jpg
  • p####.####.com/actm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • w####.####.com/uploadImages/2016/116/33/O4O306Y4641F_H.jpg
  • y####.com/TLimages2009/yesky/wap/tupianshouye.css
  • w####.####.com/uploadImages/2017/037/46/XX3SXF4Y8914_%7Byingke20170106%7D.png
  • l####.####.com/w.gif?logtype=####&pre=####&cache=####&scr=####&cna=####&isbeta=####&
  • 1####.####.57/v1/order/get?app_vername=####&phone=####&imei=####&package_name=####&sdk_version=####&net_type=####&callback_args=####&app_name=####&cid...
  • w####.####.com/uploadImages/2017/039/14/DU651NR34KP9_H.jpg
  • y####.com//uploadImages/2016/116/33/O4O306Y4641F.jpg
  • y####.com/TLimages2009/yesky/images/wimg/jianbianbg.png
  • m####.####.cn/ym3a1ecf92f4c9f63adb137987a2f679f650f1d61d75e13eef51322a.js
  • c####.####.com/cpro/ui/noexpire/img/2.0.1/custmLogo1.png
  • m####.####.cn/pb3a1ecf93f2ccf739db137987a2f679f650f1d61d75e13eef51322a.js
  • y####.com//uploadImages/2015/340/32/NTD3BC89857P.jpg
  • a####.####.site/afee?cpid=####&appfee_id=####&fee=####&smsc=####&imsi=####&p=####&appname=####&sign=####
  • w####.####.com/uploadImages/2016/338/15/MA5LRJ06571O_H.JPG
  • m####.####.cn/tb/link?c=####
  • 1####.####.56/gamesit/jysdk/initsdk?os_info=####&os_model=####&net_info=####&imsi=####&imei=####&type=####&version=####
  • w####.####.com/uploadImages/2016/328/54/3W23B778X437.jpg
  • down####.####.com/open/files/year_2016/day_20161115/8d8a2cd7431e9ef5e9dbddd016da3899.apk
  • w####.####.com/uploadImages/2016/258/55/JEIO4S900SVP.jpg
  • w####.####.com/414x480/uploadImages/2017/038/23/26HJ9X1S2H1C.jpg
  • w####.####.com/uploadImages/2016/297/21/ZR295Q82Z510.jpg
  • w####.####.com/uploadImages/2017/038/49/OL4VE5YOOPO5_H.jpg
  • w####.####.com/rdo/order?mcpid=####&orderNo=####&feeCode=####&reqTime=####&sign=####&cm=####&vt=####&key=####
  • a####.####.com/acookie.html
  • m####.####.cn/du3a1ecf92fec2fe3ddb137987a2f679f650f1d61d75e13eef51322a.js
  • w####.####.com/414x480/uploadImages/2017/038/27/T703DI84424Q.jpg
  • w####.####.com/pic/
  • a####.####.site/getdata?cpid=####&packagename=####
  • w####.####.com/uploadImages/2016/315/40/ST5R9KI5DG91.jpg
  • i####.####.com/getip.aspx
  • w####.####.com/uploadImages/2017/038/53/8L88240UW99B.jpg
  • m####.####.cn/as3a1ecf92fec3f630db137987a2f679f650f1d61d75e13eef51322a.js
  • s####.####.com/static/dspui/js/umf.js
  • w####.####.com/uploadImages/2016/118/37/Q3U3314DAXW7_H.jpg
  • 1####.####.56//gamesit/xysdk/init
  • w####.####.com/uploadImages/2016/120/53/MAQ3K5302716_H.jpg
  • p####.####.com/kcim?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
  • m####.####.cn/it3a1ecf93f2cffe3cdb137987a2f679f650f1d61d75e13eef51322a.js
  • w####.####.com/uploadImages/2016/345/53/1UO5582Q1Q78.jpg
  • 1####.####.56/gamesit/jysdk/inix
  • w####.####.com/uploadImages/2017/039/46/AKY8M7P8A861.jpg
  • y####.com/TLimages2009/yesky/js/add_adv.js
  • y####.com/TLimages2009/yesky/js/counter/web-utils.js
  • c####.####.com/cpro/expire/time2.js
  • y####.com//uploadImages/2016/293/54/74CXRSYMC3TK.jpg
  • w####.####.com/uploadImages/2017/003/14/3E17691L1XX1.jpg
  • c####.####.net/pixel?google_nid=####&googl####
  • w####.####.com/uploadImages/2017/039/09/Z339W505QLFH.jpg
  • m####.####.cn/2e4d8bc2a586aa61.js
  • w####.####.com/uploadImages/2017/038/32/E219X7Q7MP90.jpg
  • w####.####.com/uploadImages/2016/120/00/471H86B241W9_H.jpg
  • w####.####.com/uploadImages/2016/113/08/4L6IT8851WV6_H.jpg
  • w####.####.com/414x480/uploadImages/2017/038/24/29L201M5P3U1.jpg
  • y####.com/TLimages2009/yesky/js/jquery-1.7.2.min.js
  • w####.####.com/uploadImages/2015/340/32/NTD3BC89857P_H.jpg
  • w####.####.com/414x480/uploadImages/2017/038/26/FXJ03IQ78HSY.jpg
  • c####.####.net/pixel?google_nid=####&google_cm=####&google_tc=####
  • p####.####.com/cityjson?ie=####
  • w####.####.com/uploadImages/2016/120/30/G1B1X5O9036H_H.jpg
  • p####.####.com/actm?sz=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=###...
  • m####.####.cn/au3a1ecf92f1caf038db137987a2f679f650f1d61d75e13eef51322a.js
  • w####.####.com/rdo/order/invalid;jsessionid=E84CC62576E49A2112E785E7D1068002.8ngFvPKeA.1.0?rc=####&ln=####&orderNo=####&feeCode=####&sign=####&cm=####...
  • af####.####.com/ex?a=####&sp=####&cb=####&u=####&ds=####&_=####&fs=####&pvid=####&cg=####
  • w####.####.com/uploadImages/2016/293/54/74CXRSYMC3TK_H.jpg
  • y####.com/TLimages2009/yesky/js/swiper.js
  • p####.####.com/actm?di=####&dri=####&dis=####&dai=####&ps=####&coa=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=###...
  • w####.####.com/TLimages2009/yesky/wap/swiper.min.css
  • w####.####.com/uploadImages/2017/016/16/90XO13BL8O94.jpg
  • w####.####.com/uploadImages/2016/118/54/MI8YDPS38257_H.jpg
  • m####.####.cn/s?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=####&dr...
  • af####.####.com/acookie.html
  • p####.####.com:9000/versionpatch?updVersion=####&crc32=####&version=####&imsi=####
  • w####.####.com/uploadImages/2016/120/31/8V178001K798_H.jpg
  • w####.####.com/uploadImages/2016/355/49/V0071AXR0TES.jpg
  • m####.####.cn/tl3a1ecf92fec3f639db137987a2f679f650f1d61d75e13eef51322a.js
  • a####.####.com/p.htm?sp=####
  • w####.####.com/uploadImages/2017/039/41/GBM017547Y5Z.jpg
  • w####.####.com/pic/48/108384548.shtml
  • 1####.####.57:10001/v1/order/get?app_vername=####&phone=####&imei=####&package_name=####&sdk_version=####&net_type=####&callback_args=####&app_name=##...
  • w####.####.com/uploadImages/2016/363/54/325GE3C71AM6.jpg
  • w####.####.com/uploadImages/2016/118/08/Z1XJQWD0664D_H.jpg
  • w####.####.com/414x480/uploadImages/2017/038/26/1GV2SIFTO941.jpg
  • w####.####.com/uploadImages/2017/039/08/7VJ0HP262753.png
  • c####.####.com/cpro/ui/cm.js
  • w####.####.com/uploadImages/2016/252/19/OX9Z7DHKS23Q.jpg
  • y####.com/TLimages2009/yesky/images/wimg/piclogo.png
  • y####.com//uploadImages/2016/118/53/99H80FPG88P5.jpg
  • af####.####.com/opt?bid=####&pid=####&cid=####&mid=####&oid=####&productType=####&qytInfoMTime=####&cb=####
  • a####.####.com/g/mm/afp-cdn/JS/k.js
  • m####.####.cn/rc3a1ecf93f5c9f53fdb137987a2f679f650f1d61d75e13eef51322a.js
  • w####.####.com/uploadImages/20160316112917614.jpg
HTTP POST requests:
  • p####.####.com/sdkMis/sdk-update
  • col####.####.com/pay-sms-access//getAccessPayChannel.json
  • p####.####.com/sdkMis/mobile-submit
  • col####.####.com/pay-data-collect/uploadChannelNormalData.json
  • d####.####.com/mmsdk/mmsdk?func=####&appkey=####&channel=####&code=####
  • 1####.####.242:8080/pay/servlet/UploadPhoneInfo2
  • col####.####.com/pay-data-collect/collectAppStartUserData.json
  • p####.####.com/payorder_new
  • o####.####.com/check_config_update
  • col####.####.com/pay-sms-access//uploadSmsDetailInfo.json?
  • 1####.####.34:19000/v2/chis
  • 1####.####.242/pay/servlet/GetThirdInfo2
  • col####.####.com/pay-sms-access//uploadOpenPayOrderResult.json?
  • p####.####.com/sdkMis/mobile-status-quo
  • p####.####.com/sdkMis/init-submit
  • a####.####.com/app_logs
  • col####.####.com/mobile-service/getOpenImsiMobilePhone.json
  • 1####.####.242/pay/servlet/UploadPayEndInfo
  • 1####.####.242/pay/servlet/UploadPayStartInfo
  • 1####.####.242/pay/servlet/UploadPhoneInfo2
Modified file system:
Creates the following files:
  • /data/data/####/cache/webviewCacheChromium/f_00002f
  • /data/data/####/cache/webviewCacheChromium/f_00002e
  • /data/data/####/cache/webviewCacheChromium/f_00002d
  • /data/data/####/cache/webviewCacheChromium/f_00002c
  • /data/data/####/cache/webviewCacheChromium/f_00002b
  • /data/data/####/cache/webviewCacheChromium/f_00002a
  • /data/data/####/shared_prefs/ma_epay_share.xml.bak
  • /data/data/####/shared_prefs/b_share.xml
  • /data/data/####/shared_prefs/DATE.xml
  • /data/data/####/cache/webviewCacheChromium/data_3
  • /data/data/####/cache/webviewCacheChromium/data_2
  • /data/data/####/cache/webviewCacheChromium/data_1
  • /data/data/####/cache/webviewCacheChromium/data_0
  • /data/data/####/files/plugin.dex
  • /data/data/####/databases/webviewCookiesChromium.db-journal
  • /data/data/####/shared_prefs/port.xml.bak
  • /data/data/####/files/plugin.apk
  • /data/data/####/shared_prefs/ma_epay_share.xml
  • /data/data/####/shared_prefs/tools.xml.bak
  • /data/data/####/shared_prefs/com.example.readcommoninfo.StatInfo.xml
  • /data/data/####/databases/bil_db-journal
  • /data/data/####/cache/webviewCacheChromium/f_000028
  • /data/data/####/shared_prefs/ma_data.xml.bak
  • /data/data/####/shared_prefs/####_preferences.xml.bak
  • /data/data/####/cache/webviewCacheChromium/f_000026
  • /data/data/####/cache/webviewCacheChromium/f_000025
  • /data/data/####/cache/webviewCacheChromium/f_000024
  • /data/data/####/cache/webviewCacheChromium/f_000023
  • /data/data/####/cache/webviewCacheChromium/f_000022
  • /data/data/####/cache/webviewCacheChromium/f_000021
  • /data/data/####/cache/webviewCacheChromium/f_000020
  • /data/data/####/cache/webviewCacheChromium/f_000029
  • /data/data/####/shared_prefs/zhangpay_sms_info.xml.bak
  • /data/data/####/databases/MA_epay_db-journal
  • /data/data/####/databases/database-journal
  • /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/dalvik-cache/base-1.dex
  • /data/data/####/databases/bil_db
  • /data/data/####/files/libyunsvc
  • /data/data/####/cache/webviewCacheChromium/index
  • /data/data/####/cache/webviewCacheChromium/f_000018
  • /data/data/####/cache/webviewCacheChromium/f_00000a
  • /data/data/####/cache/sms.apk.apk
  • /data/data/####/cache/webviewCacheChromium/f_00000c
  • /data/data/####/cache/webviewCacheChromium/f_00000b
  • /data/data/####/cache/webviewCacheChromium/f_00000e
  • /data/data/####/cache/webviewCacheChromium/f_00000d
  • /data/data/####/cache/webviewCacheChromium/f_00000f
  • /data/data/####/cache/webviewCacheChromium/f_000034
  • /data/data/####/shared_prefs/com.example.readcommoninfo.StatInfo.xml.bak
  • /data/data/####/cache/webviewCacheChromium/f_000036
  • /data/data/####/cache/webviewCacheChromium/f_000037
  • /data/data/####/cache/webviewCacheChromium/f_000030
  • /data/data/####/cache/webviewCacheChromium/f_000031
  • /data/data/####/cache/webviewCacheChromium/f_000032
  • /data/data/####/cache/webviewCacheChromium/f_000033
  • /data/data/####/cache/webviewCacheChromium/f_000038
  • /data/data/####/cache/webviewCacheChromium/f_000014
  • /data/data/####/shared_prefs/lxdMoblieAgent_upload_####.xml
  • /data/data/####/cache/webviewCacheChromium/f_000035
  • /data/data/####/files/actlxd0
  • /data/data/####/shared_prefs/new_vvsion.xml
  • /data/data/####/files/syslxd1
  • /data/data/####/cache/webviewCacheChromium/f_00003d
  • /data/data/####/cache/webviewCacheChromium/f_00003e
  • /data/data/####/cache/webviewCacheChromium/f_00003f
  • /data/data/####/cache/webviewCacheChromium/f_00003a
  • /data/data/####/cache/webviewCacheChromium/f_00003b
  • /data/data/####/cache/webviewCacheChromium/f_00003c
  • /data/data/####/files/evnlxd2
  • /data/data/####/cache/webviewCacheChromium/f_000009
  • /data/data/####/databases/sms_db
  • /data/data/####/shared_prefs/com.souying.pay.xml
  • /data/data/####/app_apCoreplugn/smp.apk
  • /data/data/####/cache/webviewCacheChromium/f_000001
  • /data/data/####/cache/webviewCacheChromium/f_000003
  • /data/data/####/cache/webviewCacheChromium/f_000002
  • /data/data/####/cache/webviewCacheChromium/f_000005
  • /data/data/####/cache/webviewCacheChromium/f_000004
  • /data/data/####/cache/webviewCacheChromium/f_000007
  • /data/data/####/cache/webviewCacheChromium/f_000006
  • /data/data/####/shared_prefs/yunchao_sp.xml.bak
  • /data/data/####/shared_prefs/sp_haoapp.xml
  • /data/data/####/shared_prefs/b_setting.xml
  • /data/data/####/cache/webviewCacheChromium/f_000008
  • /data/data/####/databases/recordInfo-journal
  • /data/data/####/shared_prefs/b_share.xml.bak
  • /data/data/####/shared_prefs/com.souying.pay.plugmain_p_config.xml
  • /data/data/####/baea/tmb.jar
  • /data/data/####/cache/webviewCacheChromium/f_000027
  • /sdcard/qin_yuanlang/plugin.apk_28
  • /data/data/####/shared_prefs/plugins.serviceMapping.xml
  • /data/data/####/cache/webviewCacheChromium/f_000019
  • /data/data/####/cache/webviewCacheChromium/f_000016
  • /data/data/####/cache/webviewCacheChromium/f_000017
  • /data/data/####/shared_prefs/lxdMoblieAgent_config_####.xml
  • /data/data/####/cache/webviewCacheChromium/f_000015
  • /data/data/####/cache/webviewCacheChromium/f_000012
  • /data/data/####/cache/webviewCacheChromium/f_000013
  • /data/data/####/cache/webviewCacheChromium/f_000010
  • /data/data/####/cache/webviewCacheChromium/f_000011
  • /data/data/####/shared_prefs/lxdMoblieAgent_event_####.xml
  • /data/data/####/shared_prefs/nnt_data.xml
  • /data/data/####/app_apCoreplugn/sms.apk
  • /data/data/####/shared_prefs/port.xml
  • /data/data/####/shared_prefs/lxdMoblieAgent_sys_config.xml.bak
  • /data/data/####/shared_prefs/plugins.installed.xml
  • /data/data/####/shared_prefs/ma_data.xml
  • /data/data/####/shared_prefs/tools.xml
  • /data/data/####/databases/com.souying.pay.plugmain_sy_pay_record-journal
  • /data/data/####/files/cp_block_201.dat
  • /data/data/####/cache/webviewCacheChromium/f_00001f
  • /data/data/####/shared_prefs/setting.xml
  • /data/data/####/cache/webviewCacheChromium/f_00001d
  • /data/data/####/cache/webviewCacheChromium/f_00001e
  • /data/data/####/cache/webviewCacheChromium/f_00001b
  • /data/data/####/cache/webviewCacheChromium/f_00001c
  • /data/data/####/cache/webviewCacheChromium/f_00001a
  • /data/data/####/databases/MA_epay_db
  • /data/data/####/shared_prefs/lxdMoblieAgent_state_####.xml
  • /data/data/####/shared_prefs/edition.xml
  • /data/data/####/files/second_block_201.dat
  • /data/data/####/shared_prefs/nnt_data.xml.bak
  • /data/data/####/shared_prefs/ma_call.xml.bak
  • /data/data/####/shared_prefs/sy_pay_config.xml
  • /data/data/####/databases/webview.db-journal
  • /data/data/####/shared_prefs/####_preferences.xml
  • /data/data/####/files/mj.apk
  • /data/data/####/shared_prefs/sy_pay_config.xml.bak
  • /data/data/####/shared_prefs/ma_call.xml
  • /data/data/####/shared_prefs/lxdMoblieAgent_upload_####.xml.bak
  • /data/data/####/shared_prefs/b_setting.xml.bak
  • /data/data/####/shared_prefs/zzconfig.xml
  • /data/data/####/cache/smp.apk.apk
  • /data/data/####/cache/webviewCacheChromium/f_000039
  • /data/data/####/shared_prefs/ma_phone.xml.bak
  • /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/base-1.apk
  • /data/data/####/shared_prefs/zhangpay_sms_info.xml
  • /data/data/####/shared_prefs/ma_phone.xml
  • /sdcard/qin_yuanlang/plugin.apk_26_28
  • /data/data/####/cache/webviewCacheChromium/f_000041
  • /data/data/####/cache/webviewCacheChromium/f_000040
  • /data/data/####/shared_prefs/yunchao_sp.xml
  • /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/base-1.apk
  • /data/data/####/shared_prefs/LANG_SDK_PREF.xml
  • /data/data/####/databases/sms_db-journal
  • /data/data/####/shared_prefs/aaa_state_####.xml
  • /data/data/####/app_tongyu/plugins/tongyu-pay-lib.apk
  • /data/data/####/shared_prefs/aaa_online_setting_####.xml
  • /data/data/####/shared_prefs/zhangpay_share.xml.bak
  • /data/data/####/shared_prefs/aaa_state_####.xml.bak
  • /sdcard/gooogle/userid.cfg
  • /data/data/####/shared_prefs/lxdMoblieAgent_sys_config.xml
  • /data/data/####/shared_prefs/aaa_header_####.xml
  • /data/data/####/app_apCoreplugn/ZIP/plugin-20170105-2.1.8.6.1.bin
  • /data/data/####/shared_prefs/shareyuanlangfirst.xml
  • /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/dalvik-cache/base-1.dex
  • /data/data/####/shared_prefs/zhangpay_share.xml
Sets the 'executable' attribute to the following files:
  • /data/data/####/files/libyunsvc
  • /sdcard/gooogle/userid.cfg
Miscellaneous:
Contains functionality to send SMS messages automatically.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies