Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.Packed.21500

Added to the Dr.Web virus database: 2017-05-14

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Mixi.16.origin
Network activity:
Connecting to:
  • s####.####.com
  • g####.####.com
  • i####.####.com
  • o####.####.com
  • p####.####.com
  • d####.####.com
  • api####.####.com
  • 1####.####.225
  • l####.####.com
  • m####.####.com
  • a####.####.com
  • b####.####.com
HTTP GET requests:
  • d####.####.com/get_domains/v4/?ac=####&channel=####&aid=####&app_name=##...
  • l####.####.com/list/190x124/20c4000baa7e65d03aba.webp
  • m####.####.com/monitor/appmonitor/v2/settings?iid=####&device_id=####&ac...
  • i####.####.com/promotion/app/lt/?ac=####&channel=####&aid=####&app_name=...
  • b####.####.com/app/config?os=####&key=####&sdkv=####
  • l####.####.com/site/download/app/apk/news_article/app_replaceable_images...
  • l####.####.com/list/190x124/2078000e5eed06cc2629.webp
  • l####.####.com/site/app_web_article_online_updates/android_69_475acf6483...
  • l####.####.com/2/user/info/?ac=####&channel=####&aid=####&app_name=####&...
  • s####.####.com/cr/sdk/170417/des_V17041703Aj1so32.zip
  • l####.####.com/site/promotion/misc/whitelist.json?v=####&iid=####&device...
  • l####.####.com/site/download/app/pl/news_article/112/ss_plugin_config.js...
  • l####.####.com/site/download/plugin_patch/plugin/c346702aec1b91fbbc081bf...
  • l####.####.com/site/download/app/hijack/108/black_list_20170331.json?iid...
  • m####.####.com/monitor/settings/?ac=####&channel=####&aid=####&app_name=...
  • l####.####.com/service/2/app_alert/?has_market=####&lang=####&carrier=##...
  • l####.####.com/list/190x124/2073000b34bcc8bde3dd.webp
  • i####.####.com/push/get_service_addrs/?iid=####&device_id=####&ac=####&c...
  • g####.####.com/cr/sv/getRecord?eids=####&appKey=####&flag=####
  • l####.####.com/service/2/app_notify/?allow_notify=####&leave_time=####&i...
  • s####.####.com/cr/sdk/170417/goplaysdk_statistics_all_1704171.dat
  • l####.####.com/list/190x124/216b0000f752e7c7ed79.webp
  • p####.####.com/list/640x360/1e0d00074ac672dc15ff
  • l####.####.com/feedback/2/list/?appkey=####&count=####&iid=####&device_i...
  • g####.####.com/cr/sv/getGoFile?name=####
  • l####.####.com/2/user/info/?iid=####&device_id=####&ac=####&channel=####...
HTTP POST requests:
  • api####.####.com/v3/log/init
  • l####.####.com/service/2/app_log_config/?ac=####&channel=####&aid=####&a...
  • i####.####.com/api/ad/comment/v1/?ac=####&channel=####&aid=####&app_name...
  • 1####.####.225/dreport
  • o####.####.com/v2/get_update_time
  • i####.####.com/article/category/get_subscribed/v1/?ac=####&channel=####&...
  • a####.####.com/app_logs
  • i####.####.com/api/ad/share/v1/?ac=####&channel=####&aid=####&app_name=#...
  • d####.####.com/xs.gif?k=####&iv=####&c=####&dm=####&ac=####&s=####
  • g####.####.com/cr/sv/getEPList
Modified file system:
Creates the following files:
  • /data/data/####/files/ss_hijack_res/69/v60/images/toast_keywords_refresh_gray@2x.png
  • /data/data/####/cache/load_dex.tmp
  • /data/data/####/shared_prefs/main_app_settings.xml
  • /data/data/####/files/ss_hijack_res/69/v60/images/iconfont.ttf
  • /data/data/####/files/ss_js_res/69/v60/images/gificon_textpage_night@2x.png
  • /data/data/####/files/ss_js_res/69/v60/images/spinner_night.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/spinner_night.png
  • /data/data/####/files/ss_js_res/69/v60/images/Play_night@3x.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/image_bg_loading_night.png
  • /data/data/####/shared_prefs/mipush_extra.xml
  • /data/data/####/shared_prefs/Alvin2.xml
  • /data/data/####/shared_prefs/ss_comment_ad.xml
  • /data/data/####/databases/MsgLogStore.db-journal
  • /sdcard/Android/data/####/files/.patchs/com.ss.ijkplayer.jar
  • /data/data/####/files/ss_js_res/69/v60/images/image_bg_loading.png
  • /sdcard/Android/data/####/files/.patchs/a84df58abd6520d200ec95afa3a729ce.tmp
  • /data/data/####/files/ss_hijack_res/69/v60/js/android.js
  • /data/data/####/files/mobclick_agent_cached_####599
  • /data/data/####/databases/ss_app_log.db-journal
  • /data/data/####/shared_prefs/####_preferences.xml.bak
  • /sdcard/backups/system/.timestamp
  • /data/data/####/shared_prefs/multi_process_config.xml
  • /data/data/####/files/ss_tab_config_res/208.zip
  • /data/data/####/files/ss_js_res/69/v60/js/android.js
  • /data/data/####/files/ss_tab_config_res/208/tab_mine.png
  • /data/data/####/databases/feedback.db-journal
  • /data/data/####/files/ss_hijack_res/69/v55/images/toast_keywords_refresh_gray@2x.png
  • /data/data/####/shared_prefs/ss_app_config.xml
  • /data/data/####/files/ss_js_res/69/v60/images/image_bg_loading_night.png
  • /data/data/####/databases/article.db-journal
  • /data/data/####/databases/ss_push_log.db-journal
  • /data/data/####/files/ss_js_res/69/v60/images/Play@2x.png
  • /data/data/####/files/ss_js_res/69/v55/images/musicplayer_states@3x.png
  • /data/data/####/shared_prefs/multidex.version.xml
  • /data/data/####/files/ss_hijack_res/69/v60/images/follow_guide.png
  • /data/data/####/files/ss_js_res/android.js.dat
  • /data/data/####/files/ss_tab_config_res/208/tab_background.png
  • /data/data/####/cache/image_cache/v2.ols100.1/7/LVHO4Itk9UR3LT3gUEPOl5yU7Ic.295475938.tmp
  • /data/data/####/shared_prefs/pre_control.xml
  • /sdcard/.DataStorage/ContextData.xml
  • /data/data/####/files/ss_tab_config_res/208/tab_mine_pressed.png
  • /data/data/####/files/secondary-dexes/####-1.apk.classes-437675573.zip
  • /data/data/####/files/ss_hijack_res/69/v55/images/image_bg_loading_night.png
  • /data/data/####/files/ss_tab_config_res/208/tab_video_night_pressed.png
  • /data/data/####/databases/webview.db-journal
  • /data/data/####/files/ss_hijack_res/69/v60/images/gificon_textpage@2x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_no_login.png
  • /data/data/####/databases/lib_log_queue.db-journal
  • /data/data/####/files/ss_hijack_res/69/v60/images/image_bg_loading.png
  • /data/data/####/files/ss_tab_config_res/208/tab_mine_night.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/toast_keywords_refresh_white@2x.png
  • /data/data/####/files/__local_stat_cache.json
  • /data/data/####/shared_prefs/last_know_location.xml
  • /data/data/####/files/__local_ap_info_cache.json
  • /data/data/####/files/ss_hijack_res/69/v60/images/image_bg_click.png
  • /data/data/####/files/ss_tab_config_res/208/tab_no_login_pressed.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/picture_details_night@2x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_stream_night_pressed.png
  • /data/data/####/files/ss_js_res/69/v60/images/musicplayer_states@3x.png
  • /data/data/####/files/ss_js_res/69/v60/images/iconfont.ttf
  • /data/data/####/shared_prefs/mipush.xml.bak
  • /data/data/####/files/ss_hijack_res/69/v60/images/Play@2x.png
  • /data/data/####/shared_prefs/app_setting.xml.bak
  • /data/data/####/files/ss_js_res/69/v55/images/picture_details@2x.png
  • /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
  • /data/data/####/databases/MessageStore.db-journal
  • /data/data/####/files/ss_hijack_res/69/v60/images/picture_details@2x.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/spinner.png
  • /sdcard/Android/data/####/files/MiPushLog/log1.txt
  • /data/data/####/files/ss_tab_config_res/208/feed_publish_pressed.png
  • /data/data/####/files/ss_tab_config_res/208/tab_stream.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/follow_guide.png
  • /sdcard/backups/system/.confd
  • /data/data/####/files/ss_js_res/69/v60/images/follow_guide.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/musicplayer_states_night@3x.png
  • /data/data/####/shared_prefs/mipush.xml
  • /data/data/####/files/ss_hijack_res/69/v55/images/toast_keywords_refresh_gray@3x.png
  • /data/data/####/files/hftJcw46N.jar
  • /data/data/####/files/ss_hijack_res/69/v55/images/musicplayer_states@3x.png
  • /data/data/####/files/ss_js_res/69/v60/images/Play_night@2x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao_pressed.png
  • /data/data/####/cache/ss-http-cache-v2/journal
  • /data/data/####/shared_prefs/app_log_encrypt_switch_count.xml
  • /data/data/####/files/ss_tab_config_res/208/.DS_Store
  • /data/data/####/files/ss_tab_config_res/208/tab_video.png
  • /data/data/####/shared_prefs/com.ss.spipe_setting.xml
  • /data/data/####/files/ss_hijack_res/69/v55/css/android.css
  • /data/data/####/files/ss_hijack_res/69/v55/images/iconfont.ttf
  • /data/data/####/files/ss_plugins/tempimage-437675573.tmp
  • /data/data/####/files/ss_tab_config_res/208/feed_publish.png
  • /data/data/####/files/ss_tab_config_res/208/feed_publish_night_pressed.png
  • /data/data/####/files/ss_tab_config_res/208/tab_video_night.png
  • /data/data/####/files/ss_hijack_res/detect.js.dat
  • /data/data/####/files/ss_hijack_res/69/v55/images/Play_night@2x.png
  • /data/data/####/files/ss_js_res/69/v55/images/spinner.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/toast_keywords_refresh_gray@3x.png
  • /data/data/####/shared_prefs/sp_my_concern.xml
  • /data/data/####/files/ss_tab_config_res/208/tab_topic_pressed.png
  • /sdcard/.UTSystemConfig/Global/Alvin2.xml
  • /data/data/####/files/ss_tab_config_res/208/refresh_night.png
  • /data/data/####/files/1493729464071_V17041703Aj1so32.so
  • /data/data/####/files/b2du2DB8520H4/5b2du2DB8520H46
  • /data/data/####/databases/webviewCookiesChromium.db-journal
  • /data/data/####/shared_prefs/ss_share_ad.xml
  • /data/data/####/files/ss_plugins/ss_plugin.json
  • /data/data/####/files/ss_hijack_res/69/v60/images/musicplayer_states_night@3x.png
  • /data/data/####/shared_prefs/main_app_settings.xml.bak
  • /data/data/####/files/ss_js_res/69/v55/images/image_bg_loading.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/Play_night@3x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_no_login_night.png
  • /data/data/####/files/ss_js_res/69/v55/images/iconfont.ttf
  • /data/data/####/shared_prefs/traffic_monitor_info.xml
  • /data/data/####/files/ss_js_res/69/v55/images/Play_night@2x.png
  • /data/data/####/files/secondary-dexes/####-1.apk.classes-771024512.zip
  • /data/data/####/files/ss_js_res/tempimage-1677223871.tmp
  • /sdcard/Android/data/####/cache/locationCache/journal.tmp
  • /data/data/####/files/ss_hijack_res/69/v55/js/android.js
  • /data/data/####/files/ss_js_res/69/v55/images/image_bg_loading_night.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/picture_details_night@2x.png
  • /data/data/####/files/ss_js_res/69/v55/images/follow_guide.png
  • /data/data/####/cache/image_cache/v2.ols100.1/59/gjD16MP-92wcKa7YrsCdwWdFkrk.-138814005.tmp
  • /data/data/####/databases/ss_push_log.db
  • /data/data/####/app_file_dex/MasterControl.jar
  • /data/data/####/shared_prefs/ss_refresh_ad.xml
  • /data/data/####/files/ss_js_res/69/v55/images/gificon_textpage@2x.png
  • /data/data/####/files/ss_js_res/69/v60/images/picture_details_night@2x.png
  • /data/data/####/files/ss_tab_config_res/208/feed_publish_night.png
  • /data/data/####/files/ss_hijack_res/69/v60/js/lib.js
  • /data/data/####/files/ss_js_res/69/v55/images/musicplayer_states_night@3x.png
  • /data/anr/traces.txt
  • /data/data/####/shared_prefs/hijack_info.xml
  • /data/data/####/files/ss_hijack_res/69/v60/images/Play@3x.png
  • /sdcard/Android/data/####/cache/locationCache/journal
  • /sdcard/Android/data/####/files/MiPushLog/log.lock
  • /data/data/####/files/ss_hijack_res/69/v60/images/Play_night@3x.png
  • /data/data/####/files/ss_js_res/69/v55/images/toast_keywords_refresh_gray@3x.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/gificon_textpage@2x.png
  • /sdcard/backups/.SystemConfig/.cuid2
  • /data/data/####/files/ss_hijack_res/69/v55/images/gificon_textpage_night@2x.png
  • /data/data/####/files/ss_js_res/69/v60/js/lib.js
  • /data/data/####/shared_prefs/umeng_general_config.xml
  • /data/data/####/files/ss_js_res/69/v60/images/toast_keywords_refresh_white@2x.png
  • /data/data/####/shared_prefs/ss_splash_ad.xml
  • /sdcard/Android/data/.nomedia
  • /data/data/####/shared_prefs/_andfix_.xml
  • /data/data/####/files/libcuid.so
  • /data/data/####/files/ss_js_res/69/v60/images/picture_details@2x.png
  • /data/data/####/files/ss_js_res/69/v55/js/android.js
  • /data/data/####/files/ss_hijack_res/69/v55/images/toast_keywords_refresh_white@3x.png
  • /data/data/####/files/ss_js_res/69/v60/images/image_bg_click.png
  • /data/data/####/files/ss_hijack_res/tempimage598696944.tmp
  • /data/data/####/databases/ss_app_monitor.db-journal
  • /data/data/####/shared_prefs/plugin_update_info.xml
  • /data/data/####/files/ss_tab_config_res/208/tab_stream_pressed.png
  • /data/data/####/files/ss_js_res/69/v55/images/Play_night@3x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_mine_night_pressed.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/picture_details@2x.png
  • /data/data/####/ReadyHost.txt
  • /data/data/####/files/ss_js_res/69/v55/images/toast_keywords_refresh_gray@2x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_stream_night.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/Play@3x.png
  • /data/data/####/shared_prefs/####_preferences.xml
  • /data/data/####/shared_prefs/imei.xml
  • /data/data/####/files/umeng_it.cache
  • /data/data/####/files/ss_js_res/69/v55/images/gificon_textpage_night@2x.png
  • /data/data/####/shared_prefs/misc_config.xml
  • /data/data/####/files/ss_hijack_res/69/v60/images/gificon_textpage_night@2x.png
  • /data/data/####/files/ss_js_res/69/v60/images/spinner.png
  • /data/data/####/files/ss_hijack_res/69/v60/css/android.css
  • /data/data/####/files/ss_tab_config_res/208/tab_topic_night.png
  • /data/data/####/files/ss_js_res/69/v55/images/image_bg_click_night.png
  • /data/data/####/files/ss_tab_config_res/208/tab_no_login_night_pressed.png
  • /data/data/####/databases/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/files/ss_tab_config_res/tempimage-1192716163.tmp
  • /data/data/####/files/ss_tab_config_res/208/tab_video_pressed.png
  • /data/data/####/files/ss_js_res/69/v60/images/toast_keywords_refresh_gray@2x.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/toast_keywords_refresh_white@3x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_topic_night_pressed.png
  • /data/data/####/shared_prefs/custom_channels.xml
  • /data/data/####/shared_prefs/snssdk_openudid.xml
  • /data/data/####/files/ss_hijack_res/69/v55/css/forum.css
  • /data/data/####/files/23DB8520H32/####12x862
  • /data/data/####/shared_prefs/pre_control.xml.bak
  • /data/data/####/files/ss_js_res/69/v60/css/android.css
  • /data/data/####/shared_prefs/ss_location.xml
  • /data/data/####/files/ss_hijack_res/69/v55/images/image_bg_click_night.png
  • /data/data/####/files/ss_js_res/69/v55/images/toast_keywords_refresh_white@2x.png
  • /data/data/####/files/ss_js_res/69/v55/images/picture_details_night@2x.png
  • /data/data/####/shared_prefs/push_setting.xml
  • /data/data/####/files/ss_js_res/69/v60/images/image_bg_click_night.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/image_bg_loading.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/image_bg_click_night.png
  • /data/data/####/shared_prefs/ACCS_SDK.xml
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • /data/data/####/shared_prefs/local_settings.prefs.xml
  • /data/data/####/files/ss_js_res/69/v55/images/Play@2x.png
  • /data/data/####/files/ss_hijack_res/69/v55/images/image_bg_click.png
  • /data/data/####/shared_prefs/monitor_config.xml
  • /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao_night_pressed.png
  • /data/data/####/files/ss_hijack_res/69/v55/js/lib.js
  • /data/data/####/files/ss_js_res/69/v60/images/musicplayer_states_night@3x.png
  • /data/data/####/files/ss_js_res/69/v55/js/lib.js
  • /data/data/####/files/ss_hijack_res/69/v55/images/Play@2x.png
  • /sdcard/Android/data/com.snssdk.api/cache/clientudid.dat
  • /data/data/####/files/.imprint
  • /sdcard/backups/system/.confd-journal
  • /data/data/####/files/ss_js_res/69/v55/images/spinner_night.png
  • /data/data/####/shared_prefs/ContextData.xml
  • /data/data/####/files/ss_js_res/69/v55/images/image_bg_click.png
  • /data/data/####/files/hijckBlacklist/hijack.json
  • /data/data/####/cache/image_cache/v2.ols100.1/53/p2lz2ozekwX1ZIjmK8oeAMEzaxg.-888698266.tmp
  • /data/data/####/shared_prefs/app_track.xml
  • /data/data/####/files/ss_hijack_res/69/v60/images/spinner_night.png
  • /data/data/####/files/ss_tab_config_res/208/tab_background_night.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/musicplayer_states@3x.png
  • /data/data/####/shared_prefs/applog_stats.xml
  • /data/data/####/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
  • /data/data/####/PreExcuModsInfo.txt
  • /data/data/####/files/ss_hijack_res/69/v55/images/spinner.png
  • /data/data/####/files/ss_js_res/69/v60/images/toast_keywords_refresh_white@3x.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/toast_keywords_refresh_white@2x.png
  • /data/data/####/shared_prefs/multi_process_config.xml.bak
  • /data/data/####/files/ss_js_res/69/v55/images/toast_keywords_refresh_white@3x.png
  • /data/data/####/files/ss_js_res/69/v55/css/forum.css
  • /data/data/####/cache/image_cache/v2.ols100.1/41/VXKh7JgxHNQwdD9NhTqs_-gFapU.142278293.tmp
  • /data/data/####/files/ss_js_res/69/v60/images/gificon_textpage@2x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_topic.png
  • /data/data/####/files/ss_js_res/69/v55/css/android.css
  • /data/data/####/shared_prefs/hijack_html_black_list_table.xml
  • /data/data/####/files/ss_tab_config_res/208/refresh.png
  • /data/data/####/files/ss_hijack_res/69/v60/images/Play_night@2x.png
  • /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao.png
  • /data/data/####/files/ss_js_res/69/v60/images/toast_keywords_refresh_gray@3x.png
  • /data/data/####/cache/ss_monitor_trace_logs/ss_monitor_trace-trace_file_1tt-trace.trace
  • /data/data/####/shared_prefs/app_setting.xml
  • /sdcard/backups/.SystemConfig/.cuid
  • /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao_night.png
  • /data/data/####/files/hijckBlacklist/tempimage-771024512.tmp
  • /data/data/####/files/ss_js_res/69/v60/images/Play@3x.png
  • /data/data/####/shared_prefs/auth_shared.xml
  • /data/data/####/files/Android-x86112.jar
  • /data/data/####/XmSmLockFile.txt
  • /data/data/####/files/ss_js_res/69/v55/images/Play@3x.png
Sets the 'executable' attribute to the following files:
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Miscellaneous:
Executes next shell scripts:
  • sh /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
  • sh -c rm /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • getenforce
  • /system/bin/dexopt --dex 27 201 40 66944 /data/data/####/files/Android-x86112.jar 1251052727 1662001824 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /sys
  • /system/bin/dexopt --dex 27 57 40 2412980 /data/data/####/files/secondary-dexes/####-1.apk.classes2.zip 1252940331 -1910878267 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/b
  • /data/data/####/lib/libsupervisor.so #### com.ss.android.message.NotifyService ####:push /data/data/#### 0
  • /system/bin/dexopt --dex 27 88 40 23552 /data/data/####/files/hftJcw46N.jar 1251046254 1664476667 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/fr
  • /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
  • rm /data/data/####/files/hftJcw46N.dex
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • /system/bin/dexopt --dex 27 49 40 226208 /data/data/####/app_file_dex/MasterControl.jar 1244887144 -736492987 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.ja
  • sh -c rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • sh -c rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
  • rm -f /data/data/####/files/hftJcw46N.dex
  • /system/bin/dexopt --dex 27 58 40 5586172 /data/data/####/files/secondary-dexes/####-1.apk.classes3.zip 1252940334 366149454 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bou
  • chmod 0771 /data/data/####/.syslib-
  • sh -c rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • sh -c rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • rm /data/data/####/files/hftJcw46N.jar
  • rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
  • sh /data/data/####/lib/libsupervisor.so #### com.ss.android.message.NotifyService ####:push /data/data/#### 0
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
  • sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • sh -c rm /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
  • rm -f /data/data/####/files/hftJcw46N.jar
  • getprop ro.build.version.emui
  • rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Contains functionality to send SMS messages automatically.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android