FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Adware.Gexin.9491

Added to the Dr.Web virus database: 2019-03-03

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Accesses the ITelephony private interface.
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) ti####.c####.l####.####.com:80
  • TCP(HTTP/1.1) i.t####.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) qin####.com.www.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) a####.b####.qq.com:8011
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) rp-na####.ron####.com:80
  • TCP(TLS/1.0) api.map.b####.com:443
  • TCP(TLS/1.0) av1.x####.com:443
  • TCP(TLS/1.0) c####.x####.com:443
  • TCP(TLS/1.0) loc.map.b####.com:443
  • TCP(TLS/1.0) j####.d####.com:443
  • TCP(TLS/1.0) s####.cn.ron####.com:443
  • TCP c####.g####.ig####.com:5227
  • TCP sdk.o####.t####.####.com:5224
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.b####.qq.com
  • and####.b####.qq.com
  • api.map.b####.com
  • av1.x####.com
  • c####.g####.ig####.com
  • c####.g####.ig####.com
  • c####.x####.com
  • c####.x####.com
  • c-h####.g####.com
  • i.t####.com
  • j####.d####.com
  • loc.map.b####.com
  • nav.cn.ron####.com
  • pub-####.qin####.com
  • s####.cn.ron####.com
  • sdk.c####.ig####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
HTTP GET requests:
  • i.t####.com/a/3ca5b3f929ca31eb5c328941e31aec8b6
  • qin####.com.www.####.com/tdata_EDT369
  • t####.c####.q####.####.com/tdata_Rnl693
  • t####.c####.q####.####.com/tdata_Soq141
  • t####.c####.q####.####.com/tdata_fEV688
  • t####.c####.q####.####.com/tdata_siA393
  • ti####.c####.l####.####.com/config/hz-hzv3.conf
HTTP POST requests:
  • a####.b####.qq.com:8011/rqd/async
  • and####.b####.qq.com/rqd/async
  • c-h####.g####.com/api.php?format=####&t=####
  • rp-na####.ron####.com/navipush.json
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####&d=####&k=####
File system changes:
Creates the following files:
  • /data/data/####/-1706829246
  • /data/data/####/.jg.ic
  • /data/data/####/000001.dbtmp
  • /data/data/####/000002.dbtmp
  • /data/data/####/1551586049014_2293
  • /data/data/####/1551586050200_2293
  • /data/data/####/1551586052021_2293
  • /data/data/####/1551586052795_2374
  • /data/data/####/1551586053360_2293
  • /data/data/####/1551586054346_2293
  • /data/data/####/1551586054744_2374
  • /data/data/####/1551586056574_2374
  • /data/data/####/1551586058011_2593
  • /data/data/####/1551586058015_2374
  • /data/data/####/1551586058340_2571
  • /data/data/####/1551586058576_2593
  • /data/data/####/1551586058594_2395
  • /data/data/####/1551586059089_2293
  • /data/data/####/1551586060256_2593
  • /data/data/####/1551586060400_2571
  • /data/data/####/1551586060692_2395
  • /data/data/####/1551586061876_2293
  • /data/data/####/1551586062441_2293
  • /data/data/####/1551586062614_2395
  • /data/data/####/1551586063487_2293
  • /data/data/####/1551586064187_2293
  • /data/data/####/1551586065400_2571
  • /data/data/####/1551586114239_2293
  • /data/data/####/1667485511
  • /data/data/####/Archimedes_p4
  • /data/data/####/Archimedes_p5
  • /data/data/####/COUNTLY_STORE.xml
  • /data/data/####/INSTALLATION
  • /data/data/####/MANIFEST-000001
  • /data/data/####/Pythagoras_phase.xml
  • /data/data/####/RongPush.xml
  • /data/data/####/Statistics.xml
  • /data/data/####/TDCloudSettingsConfig228C0E7A18E496B9E84D5A2DF4028134.xml
  • /data/data/####/TD_app_pefercen_profile.xml
  • /data/data/####/TDpref_cloudcontrol1.xml
  • /data/data/####/TDpref_longtime.xml
  • /data/data/####/TDpref_longtime0.xml
  • /data/data/####/TDpref_shorttime.xml
  • /data/data/####/TDpref_shorttime0.xml
  • /data/data/####/TalingDataConfig228C0E7A18E496B9E84D5A2DF4028134.xml
  • /data/data/####/a45224c5337f
  • /data/data/####/account.4fc45b40c26628e30021.js
  • /data/data/####/account.f6de249479e3b06a0a799b9d60986ab1.css
  • /data/data/####/account.html
  • /data/data/####/agreement.4fc45b40c26628e30021.js
  • /data/data/####/agreement.58e63239102e51e38e8237ca19111a1f.css
  • /data/data/####/agreement.html
  • /data/data/####/appSetting.xml
  • /data/data/####/apply-cash.4fc45b40c26628e30021.js
  • /data/data/####/apply-cash.beb8fc1f70c4a34493c1f23a7c18ef2d.css
  • /data/data/####/apply-cash.html
  • /data/data/####/apply-detail.4fc45b40c26628e30021.js
  • /data/data/####/apply-detail.a070bba011c40e115ed8497a3c85cdd0.css
  • /data/data/####/apply-detail.html
  • /data/data/####/apply-list.22bdb36508547df83223b2c62482c1e1.css
  • /data/data/####/apply-list.4fc45b40c26628e30021.js
  • /data/data/####/apply-list.html
  • /data/data/####/apply-success.4fc45b40c26628e30021.js
  • /data/data/####/apply-success.883d552597b4e75136fae6e36e4a73eb.css
  • /data/data/####/apply-success.html
  • /data/data/####/authStatus_com.doumi.jianzhi.xml
  • /data/data/####/authStatus_com.doumi.jianzhi;ipc.xml
  • /data/data/####/authStatus_com.doumi.jianzhi;pushservice.xml
  • /data/data/####/authStatus_com.doumi.jianzhi;remote.xml
  • /data/data/####/authStatus_io.rong.push.xml
  • /data/data/####/avatar_female.png
  • /data/data/####/avatar_male.png
  • /data/data/####/banner_integral.jpg
  • /data/data/####/banner_share.png
  • /data/data/####/banner_submit.png
  • /data/data/####/bg_blacklist.png
  • /data/data/####/bg_personal.png
  • /data/data/####/bg_popup.png
  • /data/data/####/bg_renzheng.png
  • /data/data/####/bg_resume.png
  • /data/data/####/bg_rise.png
  • /data/data/####/bg_status.png
  • /data/data/####/bg_tab.png
  • /data/data/####/bg_toptips.png
  • /data/data/####/bind-alipay.4fc45b40c26628e30021.js
  • /data/data/####/bind-alipay.af7354a8ccf771137ad40e15fec08ba6.css
  • /data/data/####/bind-alipay.html
  • /data/data/####/bind-unionpay.4fc45b40c26628e30021.js
  • /data/data/####/bind-unionpay.af7354a8ccf771137ad40e15fec08ba6.css
  • /data/data/####/bind-unionpay.html
  • /data/data/####/bind-weixinwallet.4fc45b40c26628e30021.js
  • /data/data/####/bind-weixinwallet.af7354a8ccf771137ad40e15fec08ba6.css
  • /data/data/####/bind-weixinwallet.html
  • /data/data/####/bugly_db_-journal
  • /data/data/####/bundle.js
  • /data/data/####/cache.manifest
  • /data/data/####/china.zip
  • /data/data/####/city.171b44607f7f811e2de07e338d325df2.css
  • /data/data/####/city.4fc45b40c26628e30021.js
  • /data/data/####/city.html
  • /data/data/####/city_1.json
  • /data/data/####/city_10.json
  • /data/data/####/city_100.json
  • /data/data/####/city_101.json
  • /data/data/####/city_102.json
  • /data/data/####/city_103.json
  • /data/data/####/city_104.json
  • /data/data/####/city_105.json
  • /data/data/####/city_106.json
  • /data/data/####/city_107.json
  • /data/data/####/city_108.json
  • /data/data/####/city_109.json
  • /data/data/####/city_11.json
  • /data/data/####/city_110.json
  • /data/data/####/city_111.json
  • /data/data/####/city_112.json
  • /data/data/####/city_113.json
  • /data/data/####/city_114.json
  • /data/data/####/city_115.json
  • /data/data/####/city_116.json
  • /data/data/####/city_117.json
  • /data/data/####/city_118.json
  • /data/data/####/city_119.json
  • /data/data/####/city_12.json
  • /data/data/####/city_120.json
  • /data/data/####/city_121.json
  • /data/data/####/city_122.json
  • /data/data/####/city_123.json
  • /data/data/####/city_124.json
  • /data/data/####/city_125.json
  • /data/data/####/city_126.json
  • /data/data/####/city_127.json
  • /data/data/####/city_128.json
  • /data/data/####/city_129.json
  • /data/data/####/city_13.json
  • /data/data/####/city_130.json
  • /data/data/####/city_131.json
  • /data/data/####/city_132.json
  • /data/data/####/city_133.json
  • /data/data/####/city_134.json
  • /data/data/####/city_135.json
  • /data/data/####/city_136.json
  • /data/data/####/city_137.json
  • /data/data/####/city_138.json
  • /data/data/####/city_139.json
  • /data/data/####/city_14.json
  • /data/data/####/city_140.json
  • /data/data/####/city_141.json
  • /data/data/####/city_142.json
  • /data/data/####/city_143.json
  • /data/data/####/city_144.json
  • /data/data/####/city_145.json
  • /data/data/####/city_146.json
  • /data/data/####/city_147.json
  • /data/data/####/city_148.json
  • /data/data/####/city_149.json
  • /data/data/####/city_15.json
  • /data/data/####/city_150.json
  • /data/data/####/city_151.json
  • /data/data/####/city_152.json
  • /data/data/####/city_153.json
  • /data/data/####/city_154.json
  • /data/data/####/city_155.json
  • /data/data/####/city_156.json
  • /data/data/####/city_157.json
  • /data/data/####/city_158.json
  • /data/data/####/city_159.json
  • /data/data/####/city_16.json
  • /data/data/####/city_160.json
  • /data/data/####/city_161.json
  • /data/data/####/city_162.json
  • /data/data/####/city_163.json
  • /data/data/####/city_164.json
  • /data/data/####/city_165.json
  • /data/data/####/city_166.json
  • /data/data/####/city_167.json
  • /data/data/####/city_168.json
  • /data/data/####/city_169.json
  • /data/data/####/city_17.json
  • /data/data/####/city_170.json
  • /data/data/####/city_171.json
  • /data/data/####/city_172.json
  • /data/data/####/city_173.json
  • /data/data/####/city_174.json
  • /data/data/####/city_175.json
  • /data/data/####/city_176.json
  • /data/data/####/city_177.json
  • /data/data/####/city_178.json
  • /data/data/####/city_179.json
  • /data/data/####/city_18.json
  • /data/data/####/city_180.json
  • /data/data/####/city_181.json
  • /data/data/####/city_182.json
  • /data/data/####/city_183.json
  • /data/data/####/city_184.json
  • /data/data/####/city_185.json
  • /data/data/####/city_186.json
  • /data/data/####/city_187.json
  • /data/data/####/city_188.json
  • /data/data/####/city_189.json
  • /data/data/####/city_19.json
  • /data/data/####/city_190.json
  • /data/data/####/city_191.json
  • /data/data/####/city_192.json
  • /data/data/####/city_193.json
  • /data/data/####/city_194.json
  • /data/data/####/city_195.json
  • /data/data/####/city_196.json
  • /data/data/####/city_197.json
  • /data/data/####/city_198.json
  • /data/data/####/city_199.json
  • /data/data/####/city_2.json
  • /data/data/####/city_20.json
  • /data/data/####/city_200.json
  • /data/data/####/city_201.json
  • /data/data/####/city_202.json
  • /data/data/####/city_203.json
  • /data/data/####/city_204.json
  • /data/data/####/city_205.json
  • /data/data/####/city_206.json
  • /data/data/####/city_207.json
  • /data/data/####/city_208.json
  • /data/data/####/city_209.json
  • /data/data/####/city_21.json
  • /data/data/####/city_210.json
  • /data/data/####/city_211.json
  • /data/data/####/city_212.json
  • /data/data/####/city_213.json
  • /data/data/####/city_214.json
  • /data/data/####/city_215.json
  • /data/data/####/city_216.json
  • /data/data/####/city_217.json
  • /data/data/####/city_218.json
  • /data/data/####/city_219.json
  • /data/data/####/city_22.json
  • /data/data/####/city_220.json
  • /data/data/####/city_221.json
  • /data/data/####/city_222.json
  • /data/data/####/city_223.json
  • /data/data/####/city_224.json
  • /data/data/####/city_225.json
  • /data/data/####/city_226.json
  • /data/data/####/city_227.json
  • /data/data/####/city_228.json
  • /data/data/####/city_229.json
  • /data/data/####/city_23.json
  • /data/data/####/city_230.json
  • /data/data/####/city_231.json
  • /data/data/####/city_232.json
  • /data/data/####/city_233.json
  • /data/data/####/city_234.json
  • /data/data/####/city_235.json
  • /data/data/####/city_236.json
  • /data/data/####/city_237.json
  • /data/data/####/city_238.json
  • /data/data/####/city_239.json
  • /data/data/####/city_24.json
  • /data/data/####/city_240.json
  • /data/data/####/city_241.json
  • /data/data/####/city_242.json
  • /data/data/####/city_243.json
  • /data/data/####/city_244.json
  • /data/data/####/city_245.json
  • /data/data/####/city_246.json
  • /data/data/####/city_247.json
  • /data/data/####/city_248.json
  • /data/data/####/city_249.json
  • /data/data/####/city_25.json
  • /data/data/####/city_250.json
  • /data/data/####/city_251.json
  • /data/data/####/city_252.json
  • /data/data/####/city_253.json
  • /data/data/####/city_254.json
  • /data/data/####/city_255.json
  • /data/data/####/city_256.json
  • /data/data/####/city_257.json
  • /data/data/####/city_258.json
  • /data/data/####/city_259.json
  • /data/data/####/city_26.json
  • /data/data/####/city_260.json
  • /data/data/####/city_261.json
  • /data/data/####/city_262.json
  • /data/data/####/city_263.json
  • /data/data/####/city_264.json
  • /data/data/####/city_265.json
  • /data/data/####/city_266.json
  • /data/data/####/city_267.json
  • /data/data/####/city_268.json
  • /data/data/####/city_269.json
  • /data/data/####/city_27.json
  • /data/data/####/city_270.json
  • /data/data/####/city_271.json
  • /data/data/####/city_272.json
  • /data/data/####/city_273.json
  • /data/data/####/city_274.json
  • /data/data/####/city_275.json
  • /data/data/####/city_276.json
  • /data/data/####/city_277.json
  • /data/data/####/city_278.json
  • /data/data/####/city_279.json
  • /data/data/####/city_28.json
  • /data/data/####/city_280.json
  • /data/data/####/city_281.json
  • /data/data/####/city_282.json
  • /data/data/####/city_283.json
  • /data/data/####/city_284.json
  • /data/data/####/city_285.json
  • /data/data/####/city_286.json
  • /data/data/####/city_287.json
  • /data/data/####/city_288.json
  • /data/data/####/city_289.json
  • /data/data/####/city_29.json
  • /data/data/####/city_290.json
  • /data/data/####/city_291.json
  • /data/data/####/city_292.json
  • /data/data/####/city_293.json
  • /data/data/####/city_294.json
  • /data/data/####/city_295.json
  • /data/data/####/city_296.json
  • /data/data/####/city_297.json
  • /data/data/####/city_298.json
  • /data/data/####/city_299.json
  • /data/data/####/city_3.json
  • /data/data/####/city_30.json
  • /data/data/####/city_300.json
  • /data/data/####/city_301.json
  • /data/data/####/city_302.json
  • /data/data/####/city_303.json
  • /data/data/####/city_304.json
  • /data/data/####/city_305.json
  • /data/data/####/city_306.json
  • /data/data/####/city_307.json
  • /data/data/####/city_308.json
  • /data/data/####/city_309.json
  • /data/data/####/city_31.json
  • /data/data/####/city_310.json
  • /data/data/####/city_311.json
  • /data/data/####/city_312.json
  • /data/data/####/city_313.json
  • /data/data/####/city_314.json
  • /data/data/####/city_315.json
  • /data/data/####/city_316.json
  • /data/data/####/city_317.json
  • /data/data/####/city_318.json
  • /data/data/####/city_319.json
  • /data/data/####/city_32.json
  • /data/data/####/city_320.json
  • /data/data/####/city_321.json
  • /data/data/####/city_322.json
  • /data/data/####/city_323.json
  • /data/data/####/city_324.json
  • /data/data/####/city_325.json
  • /data/data/####/city_326.json
  • /data/data/####/city_327.json
  • /data/data/####/city_328.json
  • /data/data/####/city_329.json
  • /data/data/####/city_33.json
  • /data/data/####/city_330.json
  • /data/data/####/city_331.json
  • /data/data/####/city_332.json
  • /data/data/####/city_333.json
  • /data/data/####/city_334.json
  • /data/data/####/city_335.json
  • /data/data/####/city_336.json
  • /data/data/####/city_337.json
  • /data/data/####/city_338.json
  • /data/data/####/city_339.json
  • /data/data/####/city_34.json
  • /data/data/####/city_340.json
  • /data/data/####/city_341.json
  • /data/data/####/city_342.json
  • /data/data/####/city_343.json
  • /data/data/####/city_344.json
  • /data/data/####/city_345.json
  • /data/data/####/city_35.json
  • /data/data/####/city_353.json
  • /data/data/####/city_36.json
  • /data/data/####/city_37.json
  • /data/data/####/city_373.json
  • /data/data/####/city_374.json
  • /data/data/####/city_375.json
  • /data/data/####/city_376.json
  • /data/data/####/city_377.json
  • /data/data/####/city_378.json
  • /data/data/####/city_379.json
  • /data/data/####/city_38.json
  • /data/data/####/city_380.json
  • /data/data/####/city_381.json
  • /data/data/####/city_382.json
  • /data/data/####/city_383.json
  • /data/data/####/city_384.json
  • /data/data/####/city_385.json
  • /data/data/####/city_386.json
  • /data/data/####/city_39.json
  • /data/data/####/city_4.json
  • /data/data/####/city_40.json
  • /data/data/####/city_41.json
  • /data/data/####/city_42.json
  • /data/data/####/city_43.json
  • /data/data/####/city_44.json
  • /data/data/####/city_45.json
  • /data/data/####/city_46.json
  • /data/data/####/city_47.json
  • /data/data/####/city_48.json
  • /data/data/####/city_49.json
  • /data/data/####/city_5.json
  • /data/data/####/city_50.json
  • /data/data/####/city_51.json
  • /data/data/####/city_52.json
  • /data/data/####/city_53.json
  • /data/data/####/city_54.json
  • /data/data/####/city_55.json
  • /data/data/####/city_56.json
  • /data/data/####/city_57.json
  • /data/data/####/city_58.json
  • /data/data/####/city_59.json
  • /data/data/####/city_6.json
  • /data/data/####/city_60.json
  • /data/data/####/city_61.json
  • /data/data/####/city_62.json
  • /data/data/####/city_63.json
  • /data/data/####/city_64.json
  • /data/data/####/city_65.json
  • /data/data/####/city_66.json
  • /data/data/####/city_67.json
  • /data/data/####/city_68.json
  • /data/data/####/city_69.json
  • /data/data/####/city_7.json
  • /data/data/####/city_70.json
  • /data/data/####/city_71.json
  • /data/data/####/city_72.json
  • /data/data/####/city_73.json
  • /data/data/####/city_74.json
  • /data/data/####/city_75.json
  • /data/data/####/city_76.json
  • /data/data/####/city_77.json
  • /data/data/####/city_78.json
  • /data/data/####/city_79.json
  • /data/data/####/city_8.json
  • /data/data/####/city_80.json
  • /data/data/####/city_81.json
  • /data/data/####/city_82.json
  • /data/data/####/city_83.json
  • /data/data/####/city_84.json
  • /data/data/####/city_85.json
  • /data/data/####/city_86.json
  • /data/data/####/city_87.json
  • /data/data/####/city_88.json
  • /data/data/####/city_89.json
  • /data/data/####/city_9.json
  • /data/data/####/city_90.json
  • /data/data/####/city_91.json
  • /data/data/####/city_92.json
  • /data/data/####/city_93.json
  • /data/data/####/city_94.json
  • /data/data/####/city_95.json
  • /data/data/####/city_96.json
  • /data/data/####/city_97.json
  • /data/data/####/city_98.json
  • /data/data/####/city_99.json
  • /data/data/####/com.doumi.jianzhi_preferences.xml
  • /data/data/####/complain-and-feedback.4fc45b40c26628e30021.js
  • /data/data/####/complain-and-feedback.f48cf997f9e5034b05fe5f4841dd2f99.css
  • /data/data/####/complain-and-feedback.html
  • /data/data/####/complain.2138df523459e2904880bd942b7b27f6.css
  • /data/data/####/complain.4fc45b40c26628e30021.js
  • /data/data/####/complain.html
  • /data/data/####/daemon
  • /data/data/####/detail-address.2999292f3457f57eb2b1eee0b4a6436e.css
  • /data/data/####/detail-address.4fc45b40c26628e30021.js
  • /data/data/####/detail-address.html
  • /data/data/####/detail.0e856aa1900f1b74a3106e75ad31e98a.css
  • /data/data/####/detail.4fc45b40c26628e30021.js
  • /data/data/####/detail.html
  • /data/data/####/dmdid
  • /data/data/####/domSetting
  • /data/data/####/doumi-db-journal
  • /data/data/####/duiba.2839f02f6b96f7eaf8852679854b77b7.css
  • /data/data/####/duiba.4fc45b40c26628e30021.js
  • /data/data/####/duiba.html
  • /data/data/####/earn-score.0a6c1ee9b66d699543c1d1c2c2756455.css
  • /data/data/####/earn-score.4fc45b40c26628e30021.js
  • /data/data/####/earn-score.html
  • /data/data/####/evaluate.22bdb36508547df83223b2c62482c1e1.css
  • /data/data/####/evaluate.4fc45b40c26628e30021.js
  • /data/data/####/evaluate.html
  • /data/data/####/f1e5994e2a5f4dbe680c.worker.js
  • /data/data/####/favorite.05d3357462248c6983176f3b530b33be.css
  • /data/data/####/favorite.4fc45b40c26628e30021.js
  • /data/data/####/favorite.html
  • /data/data/####/fe5312fdbe923e425eb3.worker.js
  • /data/data/####/feedback.3f3b545f21d25fe93551eaf7c9b9b514.css
  • /data/data/####/feedback.4fc45b40c26628e30021.js
  • /data/data/####/feedback.html
  • /data/data/####/file__0.localstorage-journal
  • /data/data/####/firll.dat
  • /data/data/####/gdaemon_20161017
  • /data/data/####/getui_sp.xml
  • /data/data/####/gkt-journal
  • /data/data/####/gx_sp.xml
  • /data/data/####/hotjob-list.4fc45b40c26628e30021.js
  • /data/data/####/hotjob-list.cad23a26edc0982ea6994c99c814132c.css
  • /data/data/####/hotjob-list.html
  • /data/data/####/hst.db
  • /data/data/####/hst.db-journal
  • /data/data/####/huiyan-index.4fc45b40c26628e30021.js
  • /data/data/####/huiyan-index.7576c9dc2651cace1cfe178e89a62f04.css
  • /data/data/####/huiyan-index.html
  • /data/data/####/huiyan-result.4fc45b40c26628e30021.js
  • /data/data/####/huiyan-result.7ba7697ad69c0452cbbbffead584ec3f.css
  • /data/data/####/huiyan-result.html
  • /data/data/####/icon.png
  • /data/data/####/icon_account.png
  • /data/data/####/icon_arrow.png
  • /data/data/####/icon_blacklist.png
  • /data/data/####/icon_cate_check.png
  • /data/data/####/icon_cate_other.png
  • /data/data/####/icon_cate_promotion.png
  • /data/data/####/icon_cate_reg.png
  • /data/data/####/icon_cate_share.png
  • /data/data/####/icon_cate_survey.png
  • /data/data/####/icon_deliver.png
  • /data/data/####/icon_detail.png
  • /data/data/####/icon_form.png
  • /data/data/####/icon_index.png
  • /data/data/####/icon_online.png
  • /data/data/####/icon_order.png
  • /data/data/####/icon_personal.png
  • /data/data/####/icon_rate.png
  • /data/data/####/icon_resume.png
  • /data/data/####/icon_taobaoke.png
  • /data/data/####/icon_toplist.png
  • /data/data/####/imkit.db-journal
  • /data/data/####/index.4fc45b40c26628e30021.js
  • /data/data/####/index.a3a5fa82e25ab4aa85e789364d0d067d.css
  • /data/data/####/index.html
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/integral-detail.4fc45b40c26628e30021.js
  • /data/data/####/integral-detail.63eb557b3b1f840b6cd13942c664d718.css
  • /data/data/####/integral-detail.html
  • /data/data/####/jg_so_upgrade_setting.xml
  • /data/data/####/jg_so_upgrade_setting.xml.bak
  • /data/data/####/jianZhi.xml
  • /data/data/####/ker.db-journal
  • /data/data/####/libcuid.so
  • /data/data/####/libjiagu.so
  • /data/data/####/local_crash_lock
  • /data/data/####/login-captcha.4fc45b40c26628e30021.js
  • /data/data/####/login-captcha.dc621542fffbd4172bf798020400cd58.css
  • /data/data/####/login-captcha.html
  • /data/data/####/login-check-phone.4fc45b40c26628e30021.js
  • /data/data/####/login-check-phone.dc621542fffbd4172bf798020400cd58.css
  • /data/data/####/login-check-phone.html
  • /data/data/####/login-password.4fc45b40c26628e30021.js
  • /data/data/####/login-password.dc621542fffbd4172bf798020400cd58.css
  • /data/data/####/login-password.html
  • /data/data/####/mPBE.xml
  • /data/data/####/main.dek
  • /data/data/####/msg-invite-list.4fc45b40c26628e30021.js
  • /data/data/####/msg-invite-list.94e023470083284b6945f03ab7bd3dc8.css
  • /data/data/####/msg-invite-list.html
  • /data/data/####/msg-news-list.4fc45b40c26628e30021.js
  • /data/data/####/msg-news-list.b94ee0a9f741ae441cbd97db16f18d65.css
  • /data/data/####/msg-news-list.html
  • /data/data/####/msg-online-list.4fc45b40c26628e30021.js
  • /data/data/####/msg-online-list.56c69eda14de9a3ab55bf0f0be0eb817.css
  • /data/data/####/msg-online-list.html
  • /data/data/####/multidex.version.xml
  • /data/data/####/nearby-list.4fc45b40c26628e30021.js
  • /data/data/####/nearby-list.f56ecc10e867b13ca55efbadb3902c11.css
  • /data/data/####/nearby-list.html
  • /data/data/####/no-idencode.485a7bcca9473e05abbb8f5baefc5d57.css
  • /data/data/####/no-idencode.4fc45b40c26628e30021.js
  • /data/data/####/no-idencode.html
  • /data/data/####/offline-invite-bonus.4084ef1b596abbcc99e60a7a24ce3894.css
  • /data/data/####/offline-invite-bonus.4fc45b40c26628e30021.js
  • /data/data/####/offline-invite-bonus.html
  • /data/data/####/offline-invite-list.4084ef1b596abbcc99e60a7a24ce3894.css
  • /data/data/####/offline-invite-list.4fc45b40c26628e30021.js
  • /data/data/####/offline-invite-list.html
  • /data/data/####/offline-share.4084ef1b596abbcc99e60a7a24ce3894.css
  • /data/data/####/offline-share.4fc45b40c26628e30021.js
  • /data/data/####/offline-share.html
  • /data/data/####/online-complain-select.4fc45b40c26628e30021.js
  • /data/data/####/online-complain-select.7f5183fcc98afcb7b9e6dc17...4f.css
  • /data/data/####/online-complain-select.html
  • /data/data/####/online-complain.2138df523459e2904880bd942b7b27f6.css
  • /data/data/####/online-complain.4fc45b40c26628e30021.js
  • /data/data/####/online-complain.html
  • /data/data/####/online-detail.4fc45b40c26628e30021.js
  • /data/data/####/online-detail.d576768313b88cb851cec58c6d705f57.css
  • /data/data/####/online-detail.html
  • /data/data/####/online-income.314f31ebc339701e2d30e9058afffead.css
  • /data/data/####/online-income.4fc45b40c26628e30021.js
  • /data/data/####/online-income.html
  • /data/data/####/online-index.4fc45b40c26628e30021.js
  • /data/data/####/online-index.82880e01cf557741379aa20bc13fa814.css
  • /data/data/####/online-index.html
  • /data/data/####/online-personal.4fc45b40c26628e30021.js
  • /data/data/####/online-personal.7f5183fcc98afcb7b9e6dc170ebd0a4f.css
  • /data/data/####/online-personal.html
  • /data/data/####/online-prefecture.4fc45b40c26628e30021.js
  • /data/data/####/online-prefecture.5123a485a5b55423a26b945b4230db2d.css
  • /data/data/####/online-prefecture.html
  • /data/data/####/online-retrial.1ce122f36e5a0e9597f2df8547bf4948.css
  • /data/data/####/online-retrial.4fc45b40c26628e30021.js
  • /data/data/####/online-retrial.html
  • /data/data/####/online-submit-detail.207e0748f23787834f369e54e03ae443.css
  • /data/data/####/online-submit-detail.4fc45b40c26628e30021.js
  • /data/data/####/online-submit-detail.html
  • /data/data/####/online-submit-success.1ce122f36e5a0e9597f2df8547bf4948.css
  • /data/data/####/online-submit-success.4fc45b40c26628e30021.js
  • /data/data/####/online-submit-success.html
  • /data/data/####/online-submit.4fc45b40c26628e30021.js
  • /data/data/####/online-submit.719dc04783c6cc3f82e0f94e471a5f7d.css
  • /data/data/####/online-submit.html
  • /data/data/####/pay.png
  • /data/data/####/prefecture.4fc45b40c26628e30021.js
  • /data/data/####/prefecture.ed15718398e69c49eb1cb9b2600a0360.css
  • /data/data/####/prefecture.html
  • /data/data/####/preferences-job-type-select.4fc45b40c26628e30021.js
  • /data/data/####/preferences-job-type-select.5fbfe0a6e8986b7a17d...3c.css
  • /data/data/####/preferences-job-type-select.html
  • /data/data/####/provinces.json
  • /data/data/####/ptj_icons.png
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushk.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/rapidly-apply.3c2668845a2e8dc5ebb147d1d0d60c1c.css
  • /data/data/####/rapidly-apply.4fc45b40c26628e30021.js
  • /data/data/####/rapidly-apply.html
  • /data/data/####/recommend-list.4fc45b40c26628e30021.js
  • /data/data/####/recommend-list.cad23a26edc0982ea6994c99c814132c.css
  • /data/data/####/recommend-list.html
  • /data/data/####/register.4fc45b40c26628e30021.js
  • /data/data/####/register.dc621542fffbd4172bf798020400cd58.css
  • /data/data/####/register.html
  • /data/data/####/reset.4fc45b40c26628e30021.js
  • /data/data/####/reset.ea8f51b9c3ee5436eba0dd1f1f43696c.css
  • /data/data/####/reset.html
  • /data/data/####/resume-addition.4cf013a6224eb2a288a8ff4f1666474e.css
  • /data/data/####/resume-addition.4fc45b40c26628e30021.js
  • /data/data/####/resume-addition.html
  • /data/data/####/resume-education.0c1638d0cd29548beb21271ce3733399.css
  • /data/data/####/resume-education.4fc45b40c26628e30021.js
  • /data/data/####/resume-education.html
  • /data/data/####/resume-index.4fc45b40c26628e30021.js
  • /data/data/####/resume-index.f79320ff0b5bade8b471f3073d372a05.css
  • /data/data/####/resume-index.html
  • /data/data/####/resume-info.4fc45b40c26628e30021.js
  • /data/data/####/resume-info.70580ad389a2df89258b4cae4dbcb0ad.css
  • /data/data/####/resume-info.html
  • /data/data/####/resume-preference.4fc45b40c26628e30021.js
  • /data/data/####/resume-preference.963e368e9730ddae0dba7a735797002d.css
  • /data/data/####/resume-preference.html
  • /data/data/####/run.pid
  • /data/data/####/search.4f93379a841e0e3dda74c59eb63c7863.css
  • /data/data/####/search.4fc45b40c26628e30021.js
  • /data/data/####/search.html
  • /data/data/####/security_info
  • /data/data/####/selectiveperfect-list.1ee397d8f809647e7a14952d820915ad.css
  • /data/data/####/selectiveperfect-list.4fc45b40c26628e30021.js
  • /data/data/####/selectiveperfect-list.html
  • /data/data/####/set-resume-success.4fc45b40c26628e30021.js
  • /data/data/####/set-resume-success.e027f340981db4a22e74916c5b61991d.css
  • /data/data/####/set-resume-success.html
  • /data/data/####/settings.2f767c93d5f4f4732cb663bfe5ce571a.css
  • /data/data/####/settings.4fc45b40c26628e30021.js
  • /data/data/####/settings.html
  • /data/data/####/sign-in.4fc45b40c26628e30021.js
  • /data/data/####/sign-in.7914b05060ab56bf3c3fb0dd15fd45cb.css
  • /data/data/####/sign-in.html
  • /data/data/####/ssoconfigs.xml
  • /data/data/####/taobaoke-detail.4ba7da7ad8737ba7d437995a4ecb1c82.css
  • /data/data/####/taobaoke-detail.4fc45b40c26628e30021.js
  • /data/data/####/taobaoke-detail.html
  • /data/data/####/taobaoke-income.4fc45b40c26628e30021.js
  • /data/data/####/taobaoke-income.c09ceadc2e3455c79fd67f0a59f160ac.css
  • /data/data/####/taobaoke-income.html
  • /data/data/####/taobaoke-index.4fc45b40c26628e30021.js
  • /data/data/####/taobaoke-index.e6d39223f3d30c4049f256b426be78ba.css
  • /data/data/####/taobaoke-index.html
  • /data/data/####/taobaoke-order.3a8acc9c2333fe74dde1e52bd97aa943.css
  • /data/data/####/taobaoke-order.4fc45b40c26628e30021.js
  • /data/data/####/taobaoke-order.html
  • /data/data/####/taobaoke-search-hot-key.4fc45b40c26628e30021.js
  • /data/data/####/taobaoke-search-hot-key.9cda77bb31da14cb8999ac4...26.css
  • /data/data/####/taobaoke-search-hot-key.html
  • /data/data/####/taobaoke-search.4fc45b40c26628e30021.js
  • /data/data/####/taobaoke-search.bee8087cc42b37465871cb03263a7f31.css
  • /data/data/####/taobaoke-search.html
  • /data/data/####/taobaoke-share.4fc45b40c26628e30021.js
  • /data/data/####/taobaoke-share.c35493c45cc9e9377db7a811a0cdd554.css
  • /data/data/####/taobaoke-share.html
  • /data/data/####/tdata_Rnl693
  • /data/data/####/tdata_Rnl693.jar
  • /data/data/####/tdata_Soq141
  • /data/data/####/tdata_Soq141.jar
  • /data/data/####/tdata_fEV688
  • /data/data/####/tdata_fEV688.jar
  • /data/data/####/tdata_siA393
  • /data/data/####/tdata_siA393.jar
  • /data/data/####/tdid.xml
  • /data/data/####/tmp.zip
  • /data/data/####/vendor.dll.js
  • /data/data/####/wallet.35103e076b0bbf3708a61ff708e78f97.css
  • /data/data/####/wallet.4fc45b40c26628e30021.js
  • /data/data/####/wallet.html
  • /data/data/####/webview.db-journal
  • /data/media/####/.cuid
  • /data/media/####/.cuid2
  • /data/media/####/.nomedia
  • /data/media/####/.tcookieid
  • /data/media/####/1551586062146
  • /data/media/####/BeLog_1551586053640.log
  • /data/media/####/BeLog_1551586053845.log
  • /data/media/####/app.db
  • /data/media/####/com.doumi.jianzhi.bin
  • /data/media/####/com.doumi.jianzhi.db
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/dmdid
  • /data/media/####/domSetting
  • /data/media/####/gkt-journal
  • /data/media/####/gktper
  • /data/media/####/journal.tmp
  • /data/media/####/tdata_Rnl693
  • /data/media/####/tdata_Soq141
  • /data/media/####/tdata_fEV688
  • /data/media/####/tdata_siA393
  • /data/media/####/test.log
  • /data/media/####/yoh.dat
  • /data/media/####/yol.dat
  • /data/media/####/yom.dat
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c type su
  • <Package Folder>/app_bin/daemon -p <Package> -s <Package>.daemon.DaemonService -t 120
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.GetTuiPushService 24702 300 0
  • cat /sys/class/net/wlan0/address
  • chmod 0755 <Package Folder>/app_bin/daemon
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu.so
  • getprop
  • getprop ro.board.platform
  • mount
  • sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.GetTuiPushService 24702 300 0
Loads the following dynamic libraries:
  • BaiduMapSDK_base_v4_5_2
  • RongIMLib
  • dek
  • getuiext2
  • kerdb
  • kerkee_util
  • libjiagu
  • locSDK7a
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CFB-NoPadding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play