Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.Packed.19171

Added to the Dr.Web virus database: 2017-03-04

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.455.origin
  • Android.DownLoader.414.origin
Network activity:
Connecting to:
  • s####.####.com
  • d####.####.cn
  • p####.####.com
  • d####.####.com
  • 1####.####.131:8080
  • 7w####.com
  • a####.####.com
  • 1####.####.214:8080
HTTP GET requests:
  • 7w####.com/mobile/a/item/bubble/6r.9.png
  • 7w####.com/mobile/a/item/bubble/3l.9.png
  • 7w####.com/mobile/lunxun.json
  • 7w####.com/mobile/a/item/bubble/7l.9.png
  • 7w####.com/mbweb/vjv.jsp?platform=####
  • 7w####.com/m/v/version.json?isManual=####&v=####&platId=####&subCode=####&channel=####&aid=####
  • 7w####.com/mobile/a/item/bubble/3r.9.png
  • 7w####.com/mobile/a/item/bubble/5l.9.png
  • 7w####.com/mobile/a/item/player/player.json
  • 7w####.com/mobile/a/item/bubble/1l.9.png
  • 7w####.com/mobile/queryPushMsgs.json
  • 7w####.com/mobile/a/item/bubble/0r.9.png
  • 7w####.com/mobile/a/operating/config/operatingActivityTips.json
  • 1####.####.131:8080/spotService/a.jsp?k=####
  • 7w####.com/mobile/indexactconf.json
  • 1####.####.214:8080/jfservice/a.jsp?k=####
  • 7w####.com/mobile/a/item/bubble/4l.9.png
  • 7w####.com/mobile/a/item/bubble/4r.9.png
  • 7w####.com/mobile/a/item/bubble/7r.9.png
  • 7w####.com/mobile/a/item/bubble/2r.9.png
  • 7w####.com/mobile/a/item/bubble/bubble.json
  • 7w####.com/m/s/setting.json?v=####&platId=####&subCode=####&channel=####&aid=####
  • 7w####.com/mobile/a/item/bubble/5r.9.png
  • 7w####.com/mobile/canUseEcamera.json
  • 7w####.com/mobile/a/item/bubble/1r.9.png
  • 7w####.com/mobile/a/item/bubble/6l.9.png
  • 7w####.com/mobile/android/camera/config.json
  • 7w####.com/mobile/a/item/bubble/0l.9.png
  • 7w####.com/mobile/a/item/bubble/2l.9.png
HTTP POST requests:
  • 7w####.com/mobile/serviceTime.json
  • s####.####.com/pkl16.html
  • a####.####.com/jiagu/t/infos
  • p####.####.com/jiagu/msgs
  • 7w####.com/mobile/openclient.json
  • d####.####.cn/msp.do
  • a####.####.com/ad-service/ad/mark
  • d####.####.com/mobile.json
  • a####.####.com/jiagu/mark/upgrade
Modified file system:
Creates the following files:
  • /data/data/####/files/.jiagu.lock
  • /data/data/####/shared_prefs/a1356507059351895.xml
  • /sdcard/Android/data/####/cache/uil-images/378903467
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/android/cordova.js
  • /data/data/####/files/local_bt_share.json
  • /data/data/####/databases/LOCAL_CACHE
  • /data/data/####/cache/common/5gicjiirq9at2dy0z8uh13u8b
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wenbei.png
  • /data/data/####/shared_prefs/i.xml
  • /sdcard/iflyworkdir_test
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/dot.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/loading_m.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/switcher/switcher.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/arr_d.png
  • /data/data/####/shared_prefs/jg_app_update_settings_random.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/no.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_1.png
  • /data/data/####/shared_prefs/1001.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/no.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/on.png
  • /data/data/####/databases/LOCAL_CACHE-journal
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/dot.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/ios/cordova_plugins.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/qa_ios.htm
  • /data/data/####/cache/common/1leh01yhx71tljfv6sof8w4kk
  • /data/data/####/databases/D356507059351895.db-journal
  • /data/data/####/shared_prefs/5711933652ef69348ef699151bafab78.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/iq/index_ios.htm
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/util/cordovaDebug.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/off.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/tag.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.lazyload.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/util/common.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/idangerous.swiper-2.0.min.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/menu.png
  • /data/data/####/cache/common/5folwok961rfonewky6rrah9p
  • /data/data/####/files/01485415840197.jar
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/switcher/android/SwitchOption.js
  • /data/data/####/files/vjv_ios.json
  • /data/data/####/app_jgls/.log.ls
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/default_img.png
  • /data/data/####/files/.jglogs/.jg.ri
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/style/xinshou.css
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/ios/cordova.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/script/iq.js
  • /data/data/####/files/local_bt_ex.json
  • /data/data/####/cache/common/6ap5ehev7v73xvwa1dtlqxt7f
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/shop/index_android.htm
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/star.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/commonAgent/CommonAgentOption.js
  • /data/data/####/files/local_bt_data.json
  • /sdcard/Android/data/####/cache/uil-images/1188250093.tmp
  • /sdcard/Android/data/####/cache/uil-images/-1363906868
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/as.png
  • /sdcard/Android/data/####/cache/uil-images/1312367176
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/http/HttpClient.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/widget/widget.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/dot.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/script/list.js
  • /data/data/####/shared_prefs/c1356507059351895.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wd.png
  • /data/data/####/cache/common/6bzkfb9xr8vhnxk3ndg7hdfeo
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/address.css
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/style/img_s/icon.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/shop/index_ios.htm
  • /data/data/####/databases/LocalCache.sqlite3
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/list_android.htm
  • /data/data/####/shared_prefs/CookiePrefsFile.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/arrow_r.png
  • /sdcard/Android/data/####/cache/uil-images/-430443159
  • /data/data/####/files/.jglogs/.jg.ac
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/close.png
  • /data/data/####/shared_prefs/a1356507059351895.xml.bak
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/base.css
  • /sdcard/Android/data/####/cache/uil-images/158195303
  • /sdcard/Android/data/####/cache/.nomedia
  • /data/data/####/files/.jglogs/.jg.ic
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/xinshou/index_ios.htm
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/sc.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/script/qa.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.btmMenu.js
  • /data/data/####/cache/common/1hdteqv9v0w7oxfed0k5fc4ub
  • /data/data/####/shared_prefs/c1356507059351895.xml.bak
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/iq/index_android.htm
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/add.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/alert/alert.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.wapMobile.js
  • /data/data/####/files/localZip.zip
  • /data/data/####/.jiagu/libjiagu.so
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/share.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/close.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/xw.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/sec.css
  • /data/data/####/files/vjv_android.json
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/script/shop.js
  • /data/data/####/shared_prefs/UMS_SETTING.xml
  • /data/data/####/shared_prefs/6505d1017b370a9fd3701fb595a82e03.xml.bak
  • /data/data/####/files/config.json
  • /data/data/####/shared_prefs/jg_core_setting.xml.bak
  • /data/data/####/shared_prefs/update.auto.recorder.xml
  • /data/data/####/cache/common/6m0xs2vwfaxm0yp9toxrh39r2
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/zsd/list.htm
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/list_ios.htm
  • /sdcard/Android/data/####/cache/uil-images/1091659012
  • /sdcard/Android/data/####/cache/uil-images/-1460497949
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/xinshou/index_android.htm
  • /data/data/####/shared_prefs/CookiePrefsFile.xml.bak
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/gdTag.png
  • /data/data/####/databases/a1.db-journal
  • /data/data/####/shared_prefs/6505d1017b370a9fd3701fb595a82e03.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.wtBox.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_0.png
  • /data/data/####/shared_prefs/i_ALL_fionf_pre356507059351895.xml.bak
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/script/xinshou.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/ios/cordova_plugins_v0.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/script/list.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/tips_0.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/version/Version.js
  • /data/data/####/cache/common/cb8zunio1ck1cmnk1z93x7ys
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/dialog.png
  • /data/data/####/shared_prefs/playerMapping.xml.bak
  • /data/data/####/shared_prefs/b1356507059351895.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/common.css
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/shadow.png
  • /data/data/####/app_jgls/.log.lock
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/arr_d.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/shop.css
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/list.css
  • /data/data/####/cache/common/o22taq0w3x2tn4eif4xlq2tb
  • /data/data/####/shared_prefs/playerMapping.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/commonAgent/CommonAgent.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/minus.png
  • /data/data/####/shared_prefs/a1.xml
  • /sdcard/Android/data/####/cache/uil-images/2025122721.tmp
  • /data/data/####/shared_prefs/key_question_share_preferences_shoot_guide.xml
  • /data/data/####/cache/common/27hhcce1zgqgp11z8rad1atty
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/slideRefresh.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/arr_u.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/loading_b.png
  • /data/data/####/shared_prefs/i_ALL_fionf_pre356507059351895.xml
  • /data/data/####/files/local_bt_sc.json
  • /data/data/####/shared_prefs/jg_core_setting.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/arrow.png
  • /sdcard/Android/data/####/cache/uil-images/1901005638.tmp
  • /data/data/####/shared_prefs/b.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_final.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/shareIcn.png
  • /sdcard/Android/data/####/cache/uil-images/282312386
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/yes.png
  • /data/data/####/shared_prefs/UMS_SETTING.xml.bak
  • /data/data/####/cache/common/3qtkbcrhnixdcaduujm86m39m
  • /data/data/####/files/.jglogs/.log3
  • /data/data/####/shared_prefs/userredrcd.xml
  • /sdcard/Android/data/####/cache/uil-images/2121713802
  • /sdcard/Android/data/####/cache/uil-images/503020550.tmp
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/arr_l.png
  • /data/data/####/shared_prefs/12b4595813f48775b089bc59c0f97152.xml
  • /data/data/####/files/version_ios.json
  • /sdcard/Android/data/####/cache/uil-images/-651151323
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/android/cordova_plugins.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/wd.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/script/sec.js
  • /sdcard/Android/data/####/cache/uil-images/-1239789785
  • /sdcard/Android/data/####/cache/uil-images/-527034240
  • /data/data/####/shared_prefs/com.iflytek.msc.xml
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/iscroll.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/qa_android.htm
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/style/img_s/yes.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/tips_1.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/jquery-2.0.2.min.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/android/cordova_plugins_v0.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/www/page/zsd/sec.htm
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/yes.png
  • /data/data/####/files/version_android.json
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_2.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/iq.css
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/loading_s.png
  • /data/data/####/files/01485415844474.jar
  • /data/data/####/files/local_bt_pr.json
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/dataTransfer/DataTransfer.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wb.png
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/switcher/ios/SwitchOption.js
  • /data/data/####/files/local_bt_ev.json
  • /data/data/####/files/local_bt_uid.json
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/http/HttpOption.js
  • /sdcard/msc/fc48d0141a53ec68a2cb1756d2017d5a/u.data
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/list.css
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/dataTransfer/DataTransferOption.js
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/qa.css
  • /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wendou.png
Miscellaneous:
Executes next shell scripts:
  • ps
Uses special library to hide executable bytecode.
Contains functionality to send SMS messages automatically.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android