FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.Packed.43055

Added to the Dr.Web virus database: 2019-02-28

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.743.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(TLS/1.0) sett####.crashly####.com:443
  • TCP(TLS/1.0) d####.fl####.com:443
  • TCP(TLS/1.0) api.face####.com:443
  • TCP(TLS/1.0) 1####.217.20.110:443
DNS requests:
  • d####.fl####.com
  • g####.face####.com
  • sett####.crashly####.com
File system changes:
Creates the following files:
  • /data/data/####/.YFlurrySenderIndex.info.AnalyticsData_5V7TM7WD...55_216
  • /data/data/####/.YFlurrySenderIndex.info.AnalyticsMain
  • /data/data/####/.jg.ic
  • /data/data/####/.yflurrydatasenderblock.2340324f-24c2-4f23-9bcb...d35973
  • /data/data/####/.yflurrydatasenderblock.35a17258-9df0-47d2-9c8c...4e3769
  • /data/data/####/.yflurrydatasenderblock.37c64014-90b0-4fb8-a758...74e410
  • /data/data/####/.yflurrydatasenderblock.43af014e-6ad8-4519-a081...f75097
  • /data/data/####/.yflurrydatasenderblock.5abd0882-7f18-4ea7-ae77...a71f8d
  • /data/data/####/.yflurrydatasenderblock.87cd141b-89ae-4d0e-a50d...7f5b0a
  • /data/data/####/.yflurrydatasenderblock.96083f90-0e11-4878-bd99...176207
  • /data/data/####/.yflurrydatasenderblock.a8d80761-3a82-479f-a0d1...a9ec09
  • /data/data/####/.yflurrydatasenderblock.c055aa23-3fa0-4109-9e13...18f739
  • /data/data/####/.yflurrydatasenderblock.d31cf00f-582f-4605-83ac...21a20b
  • /data/data/####/.yflurrydatasenderblock.d68ebb26-7c0e-4582-b3dd...e3db7e
  • /data/data/####/.yflurrydatasenderblock.dac26e93-c7c5-406e-be54...9cff6d
  • /data/data/####/.yflurrydatasenderblock.db48c034-2108-4213-8d79...1a0b3d
  • /data/data/####/.yflurrydatasenderblock.ed6a112e-756c-4aa1-9b19...0dc3e5
  • /data/data/####/.yflurryreport.-1582e2cec6722b8c
  • /data/data/####/5C7813D80201-0001-08E8-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813D80201-0001-08E8-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813D80201-0001-08E8-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813D80201-0001-08E8-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813D80201-0001-08E8-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813D80201-0001-08E8-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813DA0295-0002-08E8-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813DA0295-0002-08E8-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813DA0295-0002-08E8-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813DA0295-0002-08E8-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813DB033E-0001-0941-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813DB033E-0001-0941-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813DB033E-0001-0941-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813DB033E-0001-0941-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813DB033E-0001-0941-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813DB033E-0001-0941-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813DE00FC-0002-0941-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813DE00FC-0002-0941-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813DE00FC-0002-0941-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813DE00FC-0002-0941-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813DE039D-0001-0976-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813DE039D-0001-0976-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813DE039D-0001-0976-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813DE039D-0001-0976-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813DE039D-0001-0976-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813DE039D-0001-0976-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813E00005-0002-0976-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813E00005-0002-0976-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813E00005-0002-0976-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813E00005-0002-0976-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813E30194-0001-09B2-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813E30194-0001-09B2-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813E30194-0001-09B2-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813E30194-0001-09B2-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813E30194-0001-09B2-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813E30194-0001-09B2-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813E500F2-0002-09B2-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813E500F2-0002-09B2-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813E500F2-0002-09B2-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813E500F2-0002-09B2-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813E600BA-0001-09F2-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813E600BA-0001-09F2-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813E600BA-0001-09F2-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813E600BA-0001-09F2-2C130A6DAFF7SessionDevice.cls
  • /data/data/####/5C7813E600BA-0001-09F2-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813E600BA-0001-09F2-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813E700FC-0002-09F2-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813E700FC-0002-09F2-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813E700FC-0002-09F2-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813E700FC-0002-09F2-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813E703B0-0001-0A1F-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813E703B0-0001-0A1F-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813E703B0-0001-0A1F-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813E703B0-0001-0A1F-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813E703B0-0001-0A1F-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813E703B0-0001-0A1F-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813E803D9-0002-0A1F-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813E803D9-0002-0A1F-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813E803D9-0002-0A1F-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813E803D9-0002-0A1F-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813EB0277-0001-0A58-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813EB0277-0001-0A58-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813EB0277-0001-0A58-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813EB0277-0001-0A58-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813EB0277-0001-0A58-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813EB0277-0001-0A58-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813ED0209-0002-0A58-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813ED0209-0002-0A58-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813ED0209-0002-0A58-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813ED0209-0002-0A58-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813EE01D1-0001-0A8D-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813EE01D1-0001-0A8D-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813EE01D1-0001-0A8D-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813EE01D1-0001-0A8D-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813EE01D1-0001-0A8D-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813EE01D1-0001-0A8D-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813EF018D-0002-0A8D-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813EF018D-0002-0A8D-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813EF018D-0002-0A8D-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813EF018D-0002-0A8D-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813EF03A2-0001-0ABC-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813EF03A2-0001-0ABC-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813EF03A2-0001-0ABC-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813EF03A2-0001-0ABC-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813EF03A2-0001-0ABC-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813EF03A2-0001-0ABC-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813F100A0-0002-0ABC-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813F100A0-0002-0ABC-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813F100A0-0002-0ABC-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813F100A0-0002-0ABC-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813F202BC-0001-0AF4-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813F202BC-0001-0AF4-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813F202BC-0001-0AF4-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813F202BC-0001-0AF4-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813F202BC-0001-0AF4-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813F202BC-0001-0AF4-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813F40228-0002-0AF4-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813F40228-0002-0AF4-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813F40228-0002-0AF4-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813F40228-0002-0AF4-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813F50243-0001-0B28-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813F50243-0001-0B28-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813F50243-0001-0B28-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813F50243-0001-0B28-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813F50243-0001-0B28-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813F50243-0001-0B28-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813F6022C-0002-0B28-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813F6022C-0002-0B28-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813F6022C-0002-0B28-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813F6022C-0002-0B28-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813F70091-0001-0B57-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813F70091-0001-0B57-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813F70091-0001-0B57-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813F70091-0001-0B57-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813F70091-0001-0B57-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813F70091-0001-0B57-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813F80154-0002-0B57-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813F80154-0002-0B57-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813F80154-0002-0B57-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813F80154-0002-0B57-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813FA02A0-0001-0B8F-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813FA02A0-0001-0B8F-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813FA02A0-0001-0B8F-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813FA02A0-0001-0B8F-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813FA02A0-0001-0B8F-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813FA02A0-0001-0B8F-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813FC0289-0002-0B8F-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813FC0289-0002-0B8F-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813FC0289-0002-0B8F-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813FC0289-0002-0B8F-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813FD026B-0001-0BCF-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813FD026B-0001-0BCF-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813FD026B-0001-0BCF-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813FD026B-0001-0BCF-2C130A6DAFF7SessionDevice.cls
  • /data/data/####/5C7813FD026B-0001-0BCF-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813FD026B-0001-0BCF-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7813FE027A-0002-0BCF-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813FE027A-0002-0BCF-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813FE027A-0002-0BCF-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813FE027A-0002-0BCF-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813FF010C-0001-0BFE-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7813FF010C-0001-0BFE-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7813FF010C-0001-0BFE-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7813FF010C-0001-0BFE-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7813FF010C-0001-0BFE-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7813FF010C-0001-0BFE-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7814000155-0002-0BFE-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814000155-0002-0BFE-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814000155-0002-0BFE-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814000155-0002-0BFE-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814020123-0001-0C2C-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814020123-0001-0C2C-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814020123-0001-0C2C-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7814020123-0001-0C2C-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814020123-0001-0C2C-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814020123-0001-0C2C-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C78140400A5-0002-0C2C-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78140400A5-0002-0C2C-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C78140400A5-0002-0C2C-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78140400A5-0002-0C2C-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814050062-0001-0C6A-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814050062-0001-0C6A-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814050062-0001-0C6A-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7814050062-0001-0C6A-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814050062-0001-0C6A-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814050062-0001-0C6A-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7814060015-0002-0C6A-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814060015-0002-0C6A-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814060015-0002-0C6A-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814060015-0002-0C6A-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C781406021C-0001-0C99-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C781406021C-0001-0C99-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C781406021C-0001-0C99-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C781406021C-0001-0C99-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C781406021C-0001-0C99-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C781406021C-0001-0C99-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7814070240-0002-0C99-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814070240-0002-0C99-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814070240-0002-0C99-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814070240-0002-0C99-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814090245-0001-0CD1-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814090245-0001-0CD1-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814090245-0001-0CD1-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7814090245-0001-0CD1-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814090245-0001-0CD1-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814090245-0001-0CD1-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C78140B01A8-0002-0CD1-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78140B01A8-0002-0CD1-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C78140B01A8-0002-0CD1-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78140B01A8-0002-0CD1-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C78140C01D2-0001-0D0F-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78140C01D2-0001-0D0F-2C130A6DAFF7SessionApp.cls
  • /data/data/####/5C78140C01D2-0001-0D0F-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C78140C01D2-0001-0D0F-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78140C01D2-0001-0D0F-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C78140C01D2-0001-0D0F-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C78140D01E4-0002-0D0F-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78140D01E4-0002-0D0F-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C78140D01E4-0002-0D0F-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78140D01E4-0002-0D0F-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C78140E0027-0001-0D3E-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78140E0027-0001-0D3E-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C78140E0027-0001-0D3E-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C78140E0027-0001-0D3E-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78140E0027-0001-0D3E-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C78140E0027-0001-0D3E-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C78140F005B-0002-0D3E-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78140F005B-0002-0D3E-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C78140F005B-0002-0D3E-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78140F005B-0002-0D3E-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C78141100E6-0001-0D76-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78141100E6-0001-0D76-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C78141100E6-0001-0D76-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C78141100E6-0001-0D76-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78141100E6-0001-0D76-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C78141100E6-0001-0D76-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7814130387-0002-0D76-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814130387-0002-0D76-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814130387-0002-0D76-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814130387-0002-0D76-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814150053-0001-0DAA-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814150053-0001-0DAA-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814150053-0001-0DAA-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7814150053-0001-0DAA-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814150053-0001-0DAA-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814150053-0001-0DAA-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C7814160101-0002-0DAA-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814160101-0002-0DAA-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814160101-0002-0DAA-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814160101-0002-0DAA-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814160343-0001-0DDD-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C7814160343-0001-0DDD-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C7814160343-0001-0DDD-2C130A6DAFF7SessionCrash.cls_temp
  • /data/data/####/5C7814160343-0001-0DDD-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C7814160343-0001-0DDD-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/5C7814160343-0001-0DDD-2C130A6DAFF7SessionUser.cls_temp
  • /data/data/####/5C78141703C9-0002-0DDD-2C130A6DAFF7BeginSession.cls_temp
  • /data/data/####/5C78141703C9-0002-0DDD-2C130A6DAFF7SessionApp.cls_temp
  • /data/data/####/5C78141703C9-0002-0DDD-2C130A6DAFF7SessionDevice.cls_temp
  • /data/data/####/5C78141703C9-0002-0DDD-2C130A6DAFF7SessionOS.cls_temp
  • /data/data/####/DeviceTestSharedPreferences.xml
  • /data/data/####/FLURRY_SHARED_PREFERENCES.xml
  • /data/data/####/TwitterAdvertisingInfoPreferences.xml
  • /data/data/####/com.crashlytics.prefs.xml
  • /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
  • /data/data/####/com.facebook.sdk.appEventPreferences.xml
  • /data/data/####/com.facebook.sdk.attributionTracking.xml
  • /data/data/####/com.google.android.gms.analytics.prefs.xml
  • /data/data/####/com.rfweff.cxvd_preferences.xml
  • /data/data/####/crash_marker
  • /data/data/####/initialization_marker
  • /data/data/####/libjiagu-10476834.so
  • /data/data/####/multidex.version.xml
  • /data/data/####/qihoo_jiagu_crash_report.xml
  • /data/data/####/sa_4a9c40cd-78e3-4404-afb7-d3881495e2a6_1551373293276.tap
  • /data/data/####/sa_85c27b61-4426-4e20-a84d-fb857cbc1322_1551373314576.tap
  • /data/data/####/sa_adcdd988-14b9-414e-a87e-6f0ca8f67f46_1551373333407.tap
  • /data/data/####/sa_cce904eb-9534-4537-8cce-fdf2645d2c50_1551373272798.tap
  • /data/data/####/session_analytics.tap
  • /data/data/####/session_analytics.tap.tmp
  • /data/data/####/signOfIcon.xml
  • /data/data/####/sysconfig.xml
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/cpuinfo
  • chmod 755 <Package Folder>/.jiagu/libjiagu-10476834.so
Loads the following dynamic libraries:
  • libjiagu-10476834
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play