FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.HiddenAds.748

Added to the Dr.Web virus database: 2018-10-24

Virus description added:

Technical information

Malicious functions:
Prompts to install third-party applications.
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) mo####.zhu####.s####.com:80
  • TCP(HTTP/1.1) get.s####.com:80
  • TCP(HTTP/1.1) down####.zhu####.s####.####.com:80
  • TCP(HTTP/1.1) a####.b####.qq.com:8011
  • TCP(HTTP/1.1) wx.q####.cn:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) q.q####.cn:80
  • TCP(HTTP/1.1) www.appc####.com:80
  • TCP(HTTP/1.1) de####.ping####.zhu####.####.com:80
  • TCP(HTTP/1.1) d####.zhu####.s####.com:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) hotg####.jom####.com:80
  • TCP(HTTP/1.1) wap.n.sh####.com:80
  • TCP(HTTP/1.1) dl.zhu####.s####.####.com:80
  • TCP(HTTP/1.1) thi####.q####.cn:80
  • TCP(HTTP/1.1) i####.sogo####.com.####.com:80
  • TCP(TLS/1.0) 1####.217.17.110:443
  • TCP(TLS/1.0) p####.s####.com:443
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP openj####.m.ta####.com:80
  • TCP 2####.119.217.112:443
DNS requests:
  • a####.b####.qq.com
  • a.g####.b####.com
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • and####.b####.qq.com
  • d####.zhu####.s####.com
  • de####.ping####.zhu####.####.com
  • dl.zhu####.s####.com
  • down####.zhu####.s####.com
  • get.s####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • img.sogo####.com
  • m.b####.com
  • mo####.zhu####.s####.com
  • msg.umengc####.com
  • p####.s####.com
  • q.q####.cn
  • thi####.q####.cn
  • thi####.q####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • www.appc####.com
  • www.d.appc####.com
  • wx.q####.cn
HTTP GET requests:
  • d####.zhu####.s####.com/misc/root/gets.html?key=####&ret=####&uid=####&v...
  • de####.ping####.zhu####.####.com/?_dv=####&_di=Ual####&_dc=U9g####
  • dl.zhu####.s####.####.com/oglxr/open/files/year_2018/day_20180709/154036...
  • down####.zhu####.s####.####.com/focusimage/3a/f2/3af22b914b0b7ca32855d40...
  • hotg####.jom####.com/data/wisegame/2f69d7c3bd11160e/QRCode_50.apk?from=#...
  • i####.sogo####.com.####.com/app/a/100540008/0317c3d4d52b65fba8e9a9197aec...
  • i####.sogo####.com.####.com/app/a/100540008/0c4bcc36edd20b7064316dbd7bc7...
  • i####.sogo####.com.####.com/app/a/100540008/10e9f2cd9783573b03404c341b02...
  • i####.sogo####.com.####.com/app/a/100540008/26630396ff3f9a06bcf5b8e333f8...
  • i####.sogo####.com.####.com/app/a/100540008/26b98703fe036101011e056a525f...
  • i####.sogo####.com.####.com/app/a/100540008/271d81fbaadee85348b324d96d44...
  • i####.sogo####.com.####.com/app/a/100540008/30cf3c96bf4bc5d6b2d9c12569b5...
  • i####.sogo####.com.####.com/app/a/100540008/315bab69457cf1591ac806cc1bcf...
  • i####.sogo####.com.####.com/app/a/100540008/34224090419eb89b8574381e2bcc...
  • i####.sogo####.com.####.com/app/a/100540008/385083ae2be35f1fea2c9ca574a1...
  • i####.sogo####.com.####.com/app/a/100540008/3c23cc2287cb265b945871c84f40...
  • i####.sogo####.com.####.com/app/a/100540008/3ca479d85b730e180876d11adddc...
  • i####.sogo####.com.####.com/app/a/100540008/40cd25508c223af381ccaf19293d...
  • i####.sogo####.com.####.com/app/a/100540008/43c2dc756b6ae92ff15950912259...
  • i####.sogo####.com.####.com/app/a/100540008/475db7180b29d06427b2d96332e0...
  • i####.sogo####.com.####.com/app/a/100540008/4e410a114a43e89a54cc71fdc409...
  • i####.sogo####.com.####.com/app/a/100540008/4ecdd9708644ce19979a2a006980...
  • i####.sogo####.com.####.com/app/a/100540008/5445c8fc448cb8c631b736aa5224...
  • i####.sogo####.com.####.com/app/a/100540008/5520cb1d9f5a61cdb09c4c57acc6...
  • i####.sogo####.com.####.com/app/a/100540008/5db9d0a5b66260807f5eb3587255...
  • i####.sogo####.com.####.com/app/a/100540008/6020a3e4d715e07b71a79b90b1f5...
  • i####.sogo####.com.####.com/app/a/100540008/647d0c016eaae1447ecd6037837a...
  • i####.sogo####.com.####.com/app/a/100540008/69613514f3494f309ffc2138175d...
  • i####.sogo####.com.####.com/app/a/100540008/6a09f1d73016b39a17d788363554...
  • i####.sogo####.com.####.com/app/a/100540008/774bd8c18a3fb0ebeb147b2877b7...
  • i####.sogo####.com.####.com/app/a/100540008/8be76be0f7be6c3a95a396c3b402...
  • i####.sogo####.com.####.com/app/a/100540008/904e26929739dec84b6cb93fdae4...
  • i####.sogo####.com.####.com/app/a/100540008/9c1b510d547cf962a3b0feee009e...
  • i####.sogo####.com.####.com/app/a/100540008/9e8ab83713074c205b2b93e21781...
  • i####.sogo####.com.####.com/app/a/100540008/b4487b2e2d5cb5816e4436049b29...
  • i####.sogo####.com.####.com/app/a/100540008/b78f6c9c43c5b9e8cc2a8c8e41d6...
  • i####.sogo####.com.####.com/app/a/100540008/c50a6bafd3fe66f7cec749704b6c...
  • i####.sogo####.com.####.com/app/a/100540008/e035f58d054f45b85917a9085573...
  • i####.sogo####.com.####.com/app/a/100540008/e121ddd2552582cd63970dd3d258...
  • i####.sogo####.com.####.com/app/a/100540008/ea2f59d7181c88fa107bcf9f5a99...
  • i####.sogo####.com.####.com/app/a/100540008/ed45dbd6cd4b605b19b75b73333e...
  • i####.sogo####.com.####.com/app/a/100540008/edfaa26a54e5dd49309b4e25eb7f...
  • i####.sogo####.com.####.com/app/a/100540008/ee1e9afd2568b91c4005557169b4...
  • i####.sogo####.com.####.com/app/a/100540008/f0e3b9cd91529933ee54523c3a1a...
  • i####.sogo####.com.####.com/app/a/100540014/28335ffba86a1ce15891deb77e42...
  • i####.sogo####.com.####.com/app/a/100540014/2b06dab12f6509f11dda99a67b18...
  • i####.sogo####.com.####.com/app/a/100540014/30e87b63367ce338a2361ea0e8e0...
  • i####.sogo####.com.####.com/app/a/100540014/39b74b36c27c5317e4c5d770bc31...
  • i####.sogo####.com.####.com/app/a/100540014/40776fc1e6f042b6ae40226a5dd6...
  • i####.sogo####.com.####.com/app/a/100540014/46a1c41e099903103654bf5f2f9e...
  • i####.sogo####.com.####.com/app/a/100540014/8905df82061c01e0d2490b46fdb0...
  • i####.sogo####.com.####.com/app/a/100540014/8a20ee9c4cae2c17254ea6ca81a4...
  • i####.sogo####.com.####.com/app/a/100540014/9cc41106ac8bb274c00769340c05...
  • i####.sogo####.com.####.com/app/a/100540014/bc8e7c6f09440a23f2258bda88fb...
  • i####.sogo####.com.####.com/app/a/100540014/c1e907c1acbac64e2660083cc9d9...
  • i####.sogo####.com.####.com/app/a/100540014/c44406a57c11372f3e77bef1f581...
  • i####.sogo####.com.####.com/app/a/100540014/d3184f879422058724dbe8448da2...
  • i####.sogo####.com.####.com/app/a/100540014/e0b6929fecad8571e5ca2f0513d4...
  • i####.sogo####.com.####.com/app/a/100540014/facde91ad3848f964ec86abd7786...
  • i####.sogo####.com.####.com/app/a/100540020/02657941932deaaeff289583f250...
  • i####.sogo####.com.####.com/app/a/100540020/0379bf2e7cecb2beb751dd98bf6f...
  • i####.sogo####.com.####.com/app/a/100540020/0ad050791dfe7ccca728ac3ac5a1...
  • i####.sogo####.com.####.com/app/a/100540020/0b6cc14e7c5f61b0e08c6ec344f1...
  • i####.sogo####.com.####.com/app/a/100540020/19051df3ef8c884a199da9bef166...
  • i####.sogo####.com.####.com/app/a/100540020/21a17ab37538cbd2862de7b3940d...
  • i####.sogo####.com.####.com/app/a/100540020/271d81fbaadee85348b324d96d44...
  • i####.sogo####.com.####.com/app/a/100540020/315bab69457cf1591ac806cc1bcf...
  • i####.sogo####.com.####.com/app/a/100540020/349dbad25f0970af116643a96e53...
  • i####.sogo####.com.####.com/app/a/100540020/3b4744faf9cf265fa07ff8503edc...
  • i####.sogo####.com.####.com/app/a/100540020/43c2dc756b6ae92ff15950912259...
  • i####.sogo####.com.####.com/app/a/100540020/469ea5772ae338fee8bcaa7889eb...
  • i####.sogo####.com.####.com/app/a/100540020/4def5753df25d25fbe1826bab872...
  • i####.sogo####.com.####.com/app/a/100540020/5627d3626e835d664b54dc762270...
  • i####.sogo####.com.####.com/app/a/100540020/6020a3e4d715e07b71a79b90b1f5...
  • i####.sogo####.com.####.com/app/a/100540020/6476fefc389f2cbbab9bb17589c4...
  • i####.sogo####.com.####.com/app/a/100540020/6d969312d4457f8f7baf841f3155...
  • i####.sogo####.com.####.com/app/a/100540020/82441b439303fd863c1a2511baf8...
  • i####.sogo####.com.####.com/app/a/100540020/84397f945a737b6bb21db03575fd...
  • i####.sogo####.com.####.com/app/a/100540020/87dcc51065453159dedb9974320a...
  • i####.sogo####.com.####.com/app/a/100540020/93974b2365c505c115eb9994f95e...
  • i####.sogo####.com.####.com/app/a/100540020/948cd3a75d22b2c4dad74daa5165...
  • i####.sogo####.com.####.com/app/a/100540020/affb467412f588e2e825378e1be6...
  • i####.sogo####.com.####.com/app/a/100540020/b86543d28ab113291838a6a2cebb...
  • i####.sogo####.com.####.com/app/a/100540020/bd0a2aee81453dd9391582a63260...
  • i####.sogo####.com.####.com/app/a/100540020/c3811325d84b37389b99ce8e4537...
  • i####.sogo####.com.####.com/app/a/100540020/c55edf502e0dccba80592a8a53ef...
  • i####.sogo####.com.####.com/app/a/100540020/c7283600321f664f7794ae21e509...
  • i####.sogo####.com.####.com/app/a/100540020/ceb36d3b3f2525ea167ae68fed8d...
  • i####.sogo####.com.####.com/app/a/100540020/d4e95ee39b5cdfd72bb0e313acc7...
  • i####.sogo####.com.####.com/app/a/100540020/da680828921bbbe1d6368ceb8bee...
  • i####.sogo####.com.####.com/app/a/100540020/e75b4a7c3111bff0946b5eb977f5...
  • i####.sogo####.com.####.com/app/a/100540020/ee1e9afd2568b91c4005557169b4...
  • i####.sogo####.com.####.com/app/a/11220004/0a35aa1ec2d5af6f6a8ab73d54260...
  • i####.sogo####.com.####.com/app/a/11220004/0a9b038f6064ae2ec3f2c5e07973b...
  • i####.sogo####.com.####.com/app/a/11220004/3b0d74d8a56e76a269b6f7783d759...
  • i####.sogo####.com.####.com/app/a/11220004/4b73fdb8effbf63ebf0333233d58a...
  • i####.sogo####.com.####.com/app/a/11220004/521a489a5ed265794ab117ee86378...
  • i####.sogo####.com.####.com/app/a/11220004/5a79e4efd20ec5b6790d07358cab9...
  • i####.sogo####.com.####.com/app/a/11220004/66fd2806a8769cc53ad720c0bfeb2...
  • i####.sogo####.com.####.com/app/a/11220004/6b540beaecc2ed371138c3b7e58c9...
  • i####.sogo####.com.####.com/app/a/11220004/6dc2bdb70d3b9dd30cbafe1fedd86...
  • i####.sogo####.com.####.com/app/a/11220004/746a19b8088b265a60340ea988037...
  • i####.sogo####.com.####.com/app/a/11220004/82143aed9a30d536e1944ab972390...
  • i####.sogo####.com.####.com/app/a/11220004/8d55dad8be873512aeb8aad5f4c82...
  • i####.sogo####.com.####.com/app/a/11220004/91dcae1298593e03f054638f7bc31...
  • i####.sogo####.com.####.com/app/a/11220004/953bb612248b57c8901a3971ea579...
  • i####.sogo####.com.####.com/app/a/11220004/b5485f1ba28bd651ae9f79ca91fd8...
  • i####.sogo####.com.####.com/app/a/11220004/b68575c2c9fdc7e89dc06aa58811c...
  • i####.sogo####.com.####.com/app/a/11220004/b930abbd5785a34f35db9e264cbcf...
  • i####.sogo####.com.####.com/app/a/11220004/bee4515b249bea7c67d768f27648b...
  • i####.sogo####.com.####.com/app/a/11220004/d2fb5fb271dfe83344029579eb96d...
  • i####.sogo####.com.####.com/app/a/11220004/dd2a4f7937e997702a6df10bd66ae...
  • i####.sogo####.com.####.com/app/a/11220004/dfa174b86210711c626d2d634d5b7...
  • i####.sogo####.com.####.com/app/a/11220004/e1b4c7db58af6cf7f657484760ba2...
  • i####.sogo####.com.####.com/app/a/11220004/e378f6c5e9c4bfa6fd68a022fe19f...
  • i####.sogo####.com.####.com/app/a/11220004/e72bf3c09be997ccf9d566a94195a...
  • i####.sogo####.com.####.com/app/a/11220004/f17827778cd906aac98778bb90e8d...
  • mo####.zhu####.s####.com/android/app/getcomment.html?iv=####&appid=####&...
  • mo####.zhu####.s####.com/android/checkjarupdate.html?uid=####&vn=####&ch...
  • mo####.zhu####.s####.com/android/config/device.html?iv=####&uid=####&vn=...
  • mo####.zhu####.s####.com/android/config/device_entry.html?iv=####&rom=##...
  • mo####.zhu####.s####.com/android/downbind.html?iv=####&etoken=####&token...
  • mo####.zhu####.s####.com/android/download.html?app_id=####&sogouid=####&...
  • mo####.zhu####.s####.com/android/folder/ads/link.html?iv=####&type=####&...
  • mo####.zhu####.s####.com/android/list/alsodown.html?pkg=####&iv=####&aid...
  • mo####.zhu####.s####.com/android/list/relation.html?s=####&iv=####&l=###...
  • mo####.zhu####.s####.com/android/nav/config.html?iv=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/android/news/channel.html?&uid=####&vn=####&cha...
  • mo####.zhu####.s####.com/android/notify.html?uid=####&vn=####&channel=##...
  • mo####.zhu####.s####.com/android/popup.html?iv=####&gid=####&dpi=####&ui...
  • mo####.zhu####.s####.com/android/residentRec.html?iv=####&uid=####&vn=##...
  • mo####.zhu####.s####.com/android/serverconfig.html?iv=####&mf=####&on=##...
  • mo####.zhu####.s####.com/android/sosodetail.html?iv=####&sosoid=####&uid...
  • mo####.zhu####.s####.com/android/weather.html?iv=####&bts=####&type=####...
  • mo####.zhu####.s####.com/m/appDetail.html?id=####&iv=####&imei=####&uid=...
  • mo####.zhu####.s####.com/m/author.html?l=####&aid=####&s=####&iv=####&q=...
  • mo####.zhu####.s####.com/m/focus.html?iv=####&tid=####&uid=####&vn=####&...
  • mo####.zhu####.s####.com/m/install.html?iv=####&is_first=####&uid=####&v...
  • mo####.zhu####.s####.com/m/likeApp.html?iv=####&tid=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/m/recommend.html?s=####&token=####&iv=####&c=##...
  • q.q####.cn/qqapp/100294784/989079B0960D4EA77C1966E8DE73F026/100
  • q.q####.cn/qqapp/100294784/9FDB07940D44CFEDD215C928AC513CBD/100
  • q.q####.cn/qqapp/100863168/4266F205B51066438F83810F4890F6AB/100
  • thi####.q####.cn/mmopen/vi_32/3CG1Xd5HontKI90s0LpSRjtYTYlia5MmiaTrLqIlQg...
  • thi####.q####.cn/mmopen/vi_32/DYAIOgq83erG5QBT05AGBGkw2vVWOK0hiaDrfVeMpO...
  • thi####.q####.cn/mmopen/vi_32/EbKZnzlF3P1uWBayXVOqSlAgeia4JXfRovWC8F1m7J...
  • thi####.q####.cn/mmopen/vi_32/L5u46mDl9dVUK7E0pmWaUEjWvjwJXbkVdPAfuWYqaU...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTIBShwT5bjuzPaBccC0oSqYYEibg4k5sF...
  • thi####.q####.cn/mmopen/vi_32/ice4jhCOTjLrNoXQEBcq54YxSP8t5BGQia28SQxL2b...
  • thi####.q####.cn/mmopen/vi_32/v7XamvrSVaRkJsMhbKsZR3HfnlkdFZibCzYf0EibUD...
  • thi####.q####.cn/qqapp/100863168/4B4F9C18E4C5753FBF7408C93F1B83AB/100
  • thi####.q####.cn/qqapp/100863168/B6B820ACDAF11C5B06960C9310F85132/100
  • wap.n.sh####.com/api?action=####&token=####&from=####&type=####&dltype=#...
  • www.appc####.com/McDonald/d/2994941/cop.sougouzhushou.app_0/mobi.thinkch...
  • www.appc####.com/market/d/2994941/cop.sougouzhushou.app_0/mobi.thinkchan...
  • wx.q####.cn/mmopen/vi_32/E59LGbFbxumHUj6zoIhpKRaVQGxiagl4nhfff1xOp9cFusD...
  • wx.q####.cn/mmopen/vi_32/Q0j4TwGTfTIXoOxDmLmNbiaR6xPdTCAf0o4Q2DuHdpJAJcg...
  • wx.q####.cn/mmopen/vi_32/Q0j4TwGTfTJU3ne8IMOBde5b8Cw1zgAlggZJO6OTFqggOBk...
HTTP POST requests:
  • a####.b####.qq.com:8011/rqd/async
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • and####.b####.qq.com/rqd/async
  • get.s####.com/q
  • mo####.zhu####.s####.com/android/app/usercomment.html?iv=####&pn=####&an...
  • mo####.zhu####.s####.com/android/checkapptotal.html?iv=####&sdkversion=#...
  • mo####.zhu####.s####.com/android/checkupdate.html?andid=####
  • mo####.zhu####.s####.com/android/folder/game/type.html?iv=####&gid=####&...
  • mo####.zhu####.s####.com/android/loadscreen.html?dpi=####&iv=####&uid=##...
  • mo####.zhu####.s####.com/android/updateNotify.html?iv=####&dpi=####&sdkv...
Modified file system:
Creates the following files:
  • /data/data/####/-1005864984-1641978195
  • /data/data/####/-1197960752-1285632402
  • /data/data/####/-1197960752-1903695041
  • /data/data/####/-1197960752-288262758
  • /data/data/####/-1197960752108212601
  • /data/data/####/-11979607521699733854
  • /data/data/####/-11979607522089474695
  • /data/data/####/-1197960752529682046
  • /data/data/####/-12037498741105756323
  • /data/data/####/-1286391772-321021504
  • /data/data/####/-1452697297-1566277205
  • /data/data/####/-1452697297-237371428
  • /data/data/####/-1452697297-980022210
  • /data/data/####/-14526972971103405823
  • /data/data/####/-1452697297167138210
  • /data/data/####/-14526972971735908479
  • /data/data/####/-14526972971872240635
  • /data/data/####/-1492552333-1003615979
  • /data/data/####/-1530247445123262621
  • /data/data/####/-15570777191105769024
  • /data/data/####/-1578119070-1753544706
  • /data/data/####/-1578119070-815590610
  • /data/data/####/-1707433842-1048023706
  • /data/data/####/-1707433842-1462165783
  • /data/data/####/-1707433842-428094796
  • /data/data/####/-1707433842-459352042
  • /data/data/####/-17074338421221624450
  • /data/data/####/-17074338421801060040
  • /data/data/####/-17074338421984345267
  • /data/data/####/-170743384270198528
  • /data/data/####/-1707433842926995947
  • /data/data/####/-1749258493-1358958566
  • /data/data/####/-1759168299-1817557836
  • /data/data/####/-1864753015-1817557836
  • /data/data/####/-1962170387-1253000783
  • /data/data/####/-1962170387-1328637980
  • /data/data/####/-1962170387-1505267352
  • /data/data/####/-1962170387-778948208
  • /data/data/####/-19621703871932122942
  • /data/data/####/-19621703872046907779
  • /data/data/####/-1962170387644954251
  • /data/data/####/-1970197987-1124013916
  • /data/data/####/-20838339061391985132
  • /data/data/####/-303790805-1616817955
  • /data/data/####/-33246811-1280297272
  • /data/data/####/-616505053-1281506809
  • /data/data/####/-6165050531973445401
  • /data/data/####/-616505053940927647
  • /data/data/####/-7168233981105756323
  • /data/data/####/-745582236-1817557836
  • /data/data/####/-746083343-296135732
  • /data/data/####/-746737472-1910982728
  • /data/data/####/-9194488481649380235
  • /data/data/####/-919448848194293244
  • /data/data/####/-923571924-593907677
  • /data/data/####/1067005471-1102655916
  • /data/data/####/1067005471-1389116703
  • /data/data/####/1067005471-1947446086
  • /data/data/####/1067005471-2089571649
  • /data/data/####/1067005471-2139591304
  • /data/data/####/1067005471-719579862
  • /data/data/####/1067005471-866353577
  • /data/data/####/10670054711506277234
  • /data/data/####/1067005471164910480
  • /data/data/####/10670054712114489846
  • /data/data/####/1067005471291115318
  • /data/data/####/1067005471616226180
  • /data/data/####/1067005471879786982
  • /data/data/####/1067005472-1096758625
  • /data/data/####/1067005472-1178671194
  • /data/data/####/1067005472-1582262166
  • /data/data/####/1067005472-158645440
  • /data/data/####/1067005472-1635559608
  • /data/data/####/1067005472-167493522
  • /data/data/####/1067005472-1755335090
  • /data/data/####/1067005472-1859588748
  • /data/data/####/1067005472-1969158779
  • /data/data/####/1067005472-2039344636
  • /data/data/####/1067005472-322076301
  • /data/data/####/1067005472-57187735
  • /data/data/####/1067005472-920910019
  • /data/data/####/1067005472215859512
  • /data/data/####/1067005472673568683
  • /data/data/####/1067005473-105617495
  • /data/data/####/1067005473-1189268919
  • /data/data/####/1067005473-12619624
  • /data/data/####/1067005473-1301834077
  • /data/data/####/1067005473-1314789925
  • /data/data/####/1067005473-1367330778
  • /data/data/####/1067005473-1550854406
  • /data/data/####/1067005473-1605374549
  • /data/data/####/1067005473-167029060
  • /data/data/####/1067005473-1802893483
  • /data/data/####/1067005473-1911733926
  • /data/data/####/1067005473-2028191859
  • /data/data/####/1067005473-2076599845
  • /data/data/####/1067005473-2112544273
  • /data/data/####/1067005473-343658432
  • /data/data/####/1067005473-370915221
  • /data/data/####/1067005473-460214757
  • /data/data/####/1067005473-897228602
  • /data/data/####/10670054731022913458
  • /data/data/####/10670054731401783565
  • /data/data/####/10670054731479421807
  • /data/data/####/10670054731522730983
  • /data/data/####/10670054731633992911
  • /data/data/####/10670054731741653836
  • /data/data/####/1067005473193381058
  • /data/data/####/10670054732131489310
  • /data/data/####/10670054732144704355
  • /data/data/####/10670054732147361658
  • /data/data/####/1067005473333288045
  • /data/data/####/1067005473708466697
  • /data/data/####/1067005473733514124
  • /data/data/####/1067005473760044342
  • /data/data/####/1067005473803170812
  • /data/data/####/1175173981-858516005
  • /data/data/####/1190131415-1319773466
  • /data/data/####/1305459034-127983996
  • /data/data/####/1334561555369814966
  • /data/data/####/1349325521-634412561
  • /data/data/####/13760259462008169662
  • /data/data/####/1460521977-593907677
  • /data/data/####/1557233448-753326965
  • /data/data/####/1611602864-1541726469
  • /data/data/####/16116028641067495174
  • /data/data/####/16584436061032009608
  • /data/data/####/1711254200-1280297272
  • /data/data/####/17552342091130716888
  • /data/data/####/1798091040-1280297272
  • /data/data/####/1845155199-308324410
  • /data/data/####/1923102161804144727
  • /data/data/####/2034980719-1406286695
  • /data/data/####/395746085-1572429152
  • /data/data/####/402211791105756323
  • /data/data/####/4754180171321394796
  • /data/data/####/506813650-321021504
  • /data/data/####/540557898-186402643
  • /data/data/####/6536597201909811840
  • /data/data/####/771946748-186402643
  • /data/data/####/793620192-487924182
  • /data/data/####/941393632-593907677
  • /data/data/####/957344668-1817557836
  • /data/data/####/ACCS_BINDumeng;58eee65d07fe654c91002627.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/Badge.Main.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/NotificationCenter_Pre.xml
  • /data/data/####/PB_SP.xml
  • /data/data/####/PingBackManager_Pre.xml
  • /data/data/####/SGLocSDK.xml
  • /data/data/####/SOGOUPLUS_CONFIG.xml
  • /data/data/####/account.db-journal
  • /data/data/####/accs.db-journal
  • /data/data/####/agoo.pid
  • /data/data/####/androidtool.db-journal
  • /data/data/####/app_config.xml
  • /data/data/####/app_config.xml (deleted)
  • /data/data/####/app_usage.db
  • /data/data/####/app_usage.db-journal
  • /data/data/####/bugly_db_-journal
  • /data/data/####/com.sogou.androidtool.push_service_setting.xml
  • /data/data/####/credit_share_preferences.xml
  • /data/data/####/downloads_classic.db-journal
  • /data/data/####/eudemon
  • /data/data/####/file_log.txt
  • /data/data/####/home_app_n
  • /data/data/####/home_app_p
  • /data/data/####/home_game_n
  • /data/data/####/home_game_p
  • /data/data/####/home_lb_n
  • /data/data/####/home_lb_p
  • /data/data/####/home_sf_n
  • /data/data/####/home_sf_p
  • /data/data/####/localRoot.json
  • /data/data/####/local_crash_lock
  • /data/data/####/location_config.xml
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/nav_app_selected
  • /data/data/####/nav_app_unselected
  • /data/data/####/nav_game_selected
  • /data/data/####/nav_game_unselected
  • /data/data/####/nav_manage_selected
  • /data/data/####/nav_manage_unselected
  • /data/data/####/nav_rank_selected
  • /data/data/####/nav_rank_unselected
  • /data/data/####/nav_select_selected
  • /data/data/####/nav_select_unselected
  • /data/data/####/patchmanage.db
  • /data/data/####/patchmanage.db-journal
  • /data/data/####/pb_db
  • /data/data/####/pb_db-journal
  • /data/data/####/pback
  • /data/data/####/push_config.xml
  • /data/data/####/security_info
  • /data/data/####/soso.db
  • /data/data/####/soso.db-journal
  • /data/data/####/tab_config.json
  • /data/data/####/temp
  • /data/data/####/unupdateapp_v2.db
  • /data/data/####/unupdateapp_v2.db-journal
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/media/####/.nomedia
  • /data/media/####/.sg_firstlauch.cfg
  • /data/media/####/52fe388296314396ad3bae8648878d53
  • /data/media/####/9ca79c6ae9a4401cb9b9b776d4c30904
  • /data/media/####/Alvin2.xml
  • /data/media/####/ContextData.xml
  • /data/media/####/b679a9f508404a7bac5abee982f738c7
  • /data/media/####/comwuba80701.apk
  • /data/media/####/d384b0987b944743966fc6e84e5ff0a7
  • /data/media/####/deviceToken
  • /data/media/####/mobithinkchangeandroidqrcode50.apk
Miscellaneous:
Executes next shell scripts:
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c type su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:58eee65d07fe654c91002627","utdid":"W9BUJ7hOxHIDAGdzx1FgzC4F","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • cat /sys/class/net/wlan0/address
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 777 <Package Folder>/cache
  • chmod 777 <Package Folder>/files
  • getprop ro.board.platform
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.kernel.qemu
  • getprop ro.miui.ui.version.name
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.version
  • sh
  • su
Loads the following dynamic libraries:
  • Bugly
  • diff
  • rutx
  • sogouenc
  • tnet-3.1
  • uninstall
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-GCM-NoPadding
Uses elevated priveleges.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about APN settings.
Gains access to information about active device administrators.
Gains access to information about installed applications.
Gains access to information about running applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play