FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.Packed.44276

Added to the Dr.Web virus database: 2019-04-19

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.860.origin
  • Android.DownLoader.861.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) src.r####.com.####.com:80
  • TCP(HTTP/1.1) p####.tc.qq.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) api.zhuishu####.com:80
  • TCP(HTTP/1.1) sdk.c####.com:80
  • TCP(HTTP/1.1) s####.e.qq.com:80
  • TCP(HTTP/1.1) gl####.w.kunl####.####.com:80
  • TCP(HTTP/1.1) www.h####.com:80
  • TCP(HTTP/1.1) mi.g####.qq.com:80
  • TCP(TLS/1.0) an####.l####.com:443
  • TCP(TLS/1.0) liub####.com:443
  • TCP(TLS/1.0) h####.b####.com:443
DNS requests:
  • an####.l####.com
  • and####.b####.qq.com
  • api.zhuishu####.com
  • h####.b####.com
  • imgc####.qq.com
  • liub####.com
  • mi.g####.qq.com
  • s####.e.qq.com
  • sdk.c####.com
  • src.r####.com
  • sta####.zhuishu####.com
  • www.h####.com
HTTP GET requests:
  • api.zhuishu####.com/book/5091fbcf8d834c0f190000cd
  • api.zhuishu####.com/book/50bff3ec209793513100001c
  • api.zhuishu####.com/book/51d11e782de6405c45000068
  • api.zhuishu####.com/book/52af135f32d8e27d6906ff09
  • api.zhuishu####.com/book/52af135f32d8e27d6906ff09/recommend
  • api.zhuishu####.com/book/53e56ee335f79bb626a496c9
  • api.zhuishu####.com/book/562ded6ed4d8f8ae1d0936d8
  • api.zhuishu####.com/book/562ded6ed4d8f8ae1d0936d8/recommend
  • api.zhuishu####.com/book/565eb60d4e47b55a5ded7127
  • api.zhuishu####.com/book/565eb60d4e47b55a5ded7127/recommend
  • api.zhuishu####.com/book/568f7150e6223f9e5060facb
  • api.zhuishu####.com/book/568f7150e6223f9e5060facb/recommend
  • api.zhuishu####.com/book/56b1c5b818ee9a7b1b374c13
  • api.zhuishu####.com/book/56b1c5b818ee9a7b1b374c13/recommend
  • api.zhuishu####.com/book/571a00397e740345774a4910
  • api.zhuishu####.com/book/571a00397e740345774a4910/recommend
  • api.zhuishu####.com/book/573545e60154abce63991d8a
  • api.zhuishu####.com/book/57bb060803650d4213a3bb69
  • api.zhuishu####.com/book/57bb060803650d4213a3bb69/recommend
  • api.zhuishu####.com/book/586484722b428dae03f8c8b1
  • api.zhuishu####.com/book/586484722b428dae03f8c8b1/recommend
  • api.zhuishu####.com/book/58743a1da8a253094e6610e4
  • api.zhuishu####.com/book/58743a1da8a253094e6610e4/recommend
  • api.zhuishu####.com/book/59ba0dbb017336e411085a4e
  • api.zhuishu####.com/book/accurate-search?author=####
  • api.zhuishu####.com/cats/lv2/statistics
  • api.zhuishu####.com/ranking/54d42d92321052167dfb75e3
  • api.zhuishu####.com/ranking/54d43437d47d13ff21cad58b
  • api.zhuishu####.com/ranking/5a6844aafc84c2b8efaa6b6e
  • api.zhuishu####.com/ranking/5a6844f8fc84c2b8efaa8bc5
  • api.zhuishu####.com/ranking/5a684515fc84c2b8efaa9875
  • api.zhuishu####.com/ranking/5a684551fc84c2b8efaab179
  • api.zhuishu####.com/ranking/gender
  • gl####.w.kunl####.####.com/agent//static.jjwxc.net/backend/novelimage.ph...
  • gl####.w.kunl####.####.com/agent//static.jjwxc.net/images/default_cover....
  • gl####.w.kunl####.####.com/agent/http://img.1391.com/api/v1/bookcenter/c...
  • mi.g####.qq.com/gdt_mview.fcg?datatype=####&posid=####&count=####&r=####...
  • mi.g####.qq.com/gdt_mview.fcg?posw=####&spsa=####&posh=####&count=####&r...
  • p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
  • src.r####.com.####.com/kubo/dex/hh_9.0_145.dex
HTTP POST requests:
  • and####.b####.qq.com/rqd/async?aid=####
  • s####.e.qq.com/activate
  • s####.e.qq.com/msg
  • sdk.c####.com/versiontapi.php?v=####&type=####
  • www.h####.com/sdk/api_active.php
File system changes:
Creates the following files:
  • /data/data/####/.jg.ic
  • /data/data/####/00a5667ea21012eb8078901ea3703e43122caaa17287306....0.tmp
  • /data/data/####/00e744172f526e087f21e655208057b0cf737520b7cdc87....0.tmp
  • /data/data/####/025b0e0ee166e743d42612ae8f342feee06433e683f8a82....0.tmp
  • /data/data/####/029961d893e9fb0ba51d8592fdad2cc1babeab3f1653dd2....0.tmp
  • /data/data/####/02ef49bc0a4aa42c156af1438bd36f4de1527113e37bff7....0.tmp
  • /data/data/####/032f789388cc2b9c073d6e6f8d6f8995d4808c71499ddfb....0.tmp
  • /data/data/####/048914d2fd2dd5d849e3a4da87cf490ddd45b8f504dd012....0.tmp
  • /data/data/####/0d95ec55910c989f6c7ca56cf63ca559af732c20ee204a0....0.tmp
  • /data/data/####/0e9f35fe3896bbd95c000312aa28a0f3dee12108ae00218....0.tmp
  • /data/data/####/0f384bab77843a0757d611d5da2903460283089c46e15ff....0.tmp
  • /data/data/####/1002
  • /data/data/####/1004
  • /data/data/####/1013aae7e201bdd6754a1a7b19c2167db4448e753363704....0.tmp
  • /data/data/####/10c50367febea3d1193cb9fb82b3a7ef1b08995ab4e8276....0.tmp
  • /data/data/####/10f175c0b1746148e75d42b6e5f1ee00e5b46324c0659e5....0.tmp
  • /data/data/####/112d286f2d6f47f13a30e3b492b703cec817541916726ba....0.tmp
  • /data/data/####/123f6d6b69f7a6855eca70524605b95f473176e70f1de57....0.tmp
  • /data/data/####/13c365ca5e85d4c6f7e2b47e5a0d65d77fade2998133421....0.tmp
  • /data/data/####/13e9d5fc27c246bf55100b06df10c9d10cafecd2ef4d7d2....0.tmp
  • /data/data/####/1507a982efd6a53f36d4eaaa20e2aeeef086d74e1ae0317....0.tmp
  • /data/data/####/1554f8c2b0f956401592caff11d2ab065a4d5e7084de8a5....0.tmp
  • /data/data/####/17a1b9d01b80c5920e7df574d834adc6935548bec7ced3c....0.tmp
  • /data/data/####/17cf3c6f9a26b9719bace6f95b3f27697dc2724b6a3ab64....0.tmp
  • /data/data/####/18e781ed5dcad3573c451408daa2b0a6a0149398fc4c189....0.tmp
  • /data/data/####/18f1e42c644704275194f8c998486082d94163e58d1d22b....0.tmp
  • /data/data/####/1c22e4bf0151de0d94fbaed5a68580513a32e8c40e060d7....0.tmp
  • /data/data/####/1c72192f2dbc87300cc04258979f800e1b71c792f326efd....0.tmp
  • /data/data/####/1fcc025d742d38e0d7602af73e87a77832cc9839baa11f3....0.tmp
  • /data/data/####/2053896c3c38e2d52423a2c42bb0e544ff9c26d551a138c....0.tmp
  • /data/data/####/212218259148571870aa67f589297d35db8fcef2d30b8fa....0.tmp
  • /data/data/####/2298.yaqcookie
  • /data/data/####/2373486e127f6587efc5625325c14492cc4f9b8334ec901....0.tmp
  • /data/data/####/250d3ca08854e2d71954c17c3a5cacff7532af25dff52b1....0.tmp
  • /data/data/####/267e7883a28af8beccd7cd50d43ce4aa94f4ec3c5d184a8....0.tmp
  • /data/data/####/26a62abab260b7997f86677e2b4911418587e3f3b3b1091....0.tmp
  • /data/data/####/279f7fd546609638cdd2975d66c3cc768c320455a52547a....0.tmp
  • /data/data/####/281c1e7b6cd7b2dcea9b7f5305d2ee63576ebb6d782dbb8....0.tmp
  • /data/data/####/286b0e65e67a298d42343b100cb3011b49126987e8af9e5....0.tmp
  • /data/data/####/2ab6c7145f2e90ba2147e08b6ad21337406299f6ab92656....0.tmp
  • /data/data/####/2c53acf9b7cac98078d18af0755c7d88f930817dc523da4....0.tmp
  • /data/data/####/2d7d6e8d77f9b3fbbf1098e80d1ff3fac67d709afa9ce38....0.tmp
  • /data/data/####/2fb7043ac00e59a5800f6dc77f1076e36e831ace2a5e646....0.tmp
  • /data/data/####/2fb73095d9ac2f07925b6c73cef6f1565e507f122822a94....0.tmp
  • /data/data/####/300824659a0aaf00df13f6a3ead967eeaffecdd6083dd44....0.tmp
  • /data/data/####/3113fa34b276756a83fab6712f45c64cf25df9e512b1483....0.tmp
  • /data/data/####/319a2ce9a60edb9b490495079ae9c602651f87572df9e94....0.tmp
  • /data/data/####/31ef2d3d694d79c06dc5edff3f0306085fb87054908ee6a....0.tmp
  • /data/data/####/3204f39cdb6975f531a9fda6d9ac5f2bfa1ee861a42a7c5....0.tmp
  • /data/data/####/322891950a53735058c04654b7c3e2cfc865a46c61eec6c....0.tmp
  • /data/data/####/33d166e94a30f45b4674a838fcec79c29e59c90dc2b310a....0.tmp
  • /data/data/####/35752f7688ca83e7546196a43f812fc87f8a72ff9aaaed1....0.tmp
  • /data/data/####/3627cdffc0fffa0460ec3798b136b90ff59b0b2f9986738....0.tmp
  • /data/data/####/385ca371661e2e248e34abb2ed0cfce8f234c602af64c99....0.tmp
  • /data/data/####/39bfba5b1da188200da9875df42ea1e51820a5c0679cbc6....0.tmp
  • /data/data/####/3afc108da84ab7f5dc6c4c90e5c9c104960644d5a5cb3be....0.tmp
  • /data/data/####/3bae3c0c8bbf1208eb11c6abb9a6a669366a0528cfafa0a....0.tmp
  • /data/data/####/3c964c06aba7b00bac1b797d36209a3fe5bcc60ed09742b....0.tmp
  • /data/data/####/3caa2d13fd0a996a03d627a7cba7084539906173649ce2a....0.tmp
  • /data/data/####/3d6b789455a50f4bcc12e297d8c2c4c0a2e8042dd736e92....0.tmp
  • /data/data/####/3dcff73124a91bc20608b49226a47b7fc495400e3c9dc37....0.tmp
  • /data/data/####/416576e1630bb88b2c2436a77a4f9bde97cbfb23add10ea....0.tmp
  • /data/data/####/4398164f95758285b99b3025fb2319e4c92f0a0c741a222....0.tmp
  • /data/data/####/43b7a04eb600b528dac00fae665bdc37658bdb5d5a14295....0.tmp
  • /data/data/####/44702d044dfe356c1f56eeec9063f23eb11a13c9c2ea318....0.tmp
  • /data/data/####/448fa5c8a6eb25717419347981518148968e94aadf4644c....0.tmp
  • /data/data/####/45b1d16f0582041afd6ad7da9dc0afdf3861aeda72f84a3....0.tmp
  • /data/data/####/4645260368518d5f248d54dad3bcea54808d22588b49f78....0.tmp
  • /data/data/####/474a2e90ef0fc8acdfa082e4fa6e8803510735b270881e9....0.tmp
  • /data/data/####/47b69cade38c2095e8b7f64000313fa902049478c3bc3a4....0.tmp
  • /data/data/####/48a8816ef60f8b301c35f8e753f5bbec3743a9b805c82a4....0.tmp
  • /data/data/####/4a90590238df2bc08519e500b314c23cc0534b1975eedba....0.tmp
  • /data/data/####/4d7205cdc7e2e63cabb136acf0c1912830a7a4919729bc8....0.tmp
  • /data/data/####/4e9cc43f060b7749bbd8089d710e1a60a082f040d6ad645....0.tmp
  • /data/data/####/4ecac901c8a7d7b688469ca8ba6c3d0ce5e42a51ee3c1ae....0.tmp
  • /data/data/####/5069010eff351d62d98efe8d5d9f7e41b86f3a5cc00acf0....0.tmp
  • /data/data/####/522269e4602f6c96dcbbbe37dfd3799c3f5cb3e8bc2389f....0.tmp
  • /data/data/####/5305b20148e39c9ff2b96f4d70c085f280ebda94c61d03d....0.tmp
  • /data/data/####/5593772c39d9f13688c932118efcf2b4c238832bf0b7d46....0.tmp
  • /data/data/####/571b7d10cf3ae7d9eed6342a8b75de0f2b684879c43ce67....0.tmp
  • /data/data/####/573841e0e7bc5980827684b3179edc4ea4e502ae5b905c6....0.tmp
  • /data/data/####/573afd09d492db317c79436c99da4473622e5e0ffb87a5f....0.tmp
  • /data/data/####/58435a14882eb3cb0770ae1667f73bc4bcc5d57eec4a146....0.tmp
  • /data/data/####/5b999dc45ba54ed2286e1f3e29a2fb500763e154f7b43b5....0.tmp
  • /data/data/####/5f52186727669f6f048d37bb76895466368b59b580247f1....0.tmp
  • /data/data/####/600815398204682b8e8513ef11c368d1893b034649ffa9f....0.tmp
  • /data/data/####/6087f3a1d9d60fe71984c343050f1faaf66f85a5c37923f....0.tmp
  • /data/data/####/60ed8040c217bc50d10f5d74ade986552e620d84563c16e....0.tmp
  • /data/data/####/634229e8187f919184b4dce035175da0cf00bcee00efb39....0.tmp
  • /data/data/####/63f85fe5d68a315b27162992cf7c0853371a725cdf90ed0....0.tmp
  • /data/data/####/648977ef99567dd25b48c7ccafcfccbcff714693c9a578f....0.tmp
  • /data/data/####/64ba554d90d85a6d2f5778f9526cf3e4de10c06cf37ecdf....0.tmp
  • /data/data/####/651bd944bc0100f668bbb0a39e2a68a2a3f09b2339ac83e....0.tmp
  • /data/data/####/66ac522db46ebd7f0b56a624b3d84193b2e6e511ff056d4....0.tmp
  • /data/data/####/66d68c8d294097c3706703ed817ee18e317d3de11c46b42....0.tmp
  • /data/data/####/68552eedaf9f3cd194ad45d183b4ef0d2d23565966f5a4b....0.tmp
  • /data/data/####/697915bb1716dd554a0060629a51fc665771d348b5ff938....0.tmp
  • /data/data/####/6ac2af020337fec564e47b50887cb5243b7a66d397b1874....0.tmp
  • /data/data/####/6b0bd493f8d93f12e4cbc958acdbf62e1e451757d2e4258....0.tmp
  • /data/data/####/6b0d6bc2690f6e0fd97bbbf2f88c7eb7d383d9537fbf748....0.tmp
  • /data/data/####/6d8ab055cd35d54af0dee950fea6091e906d31e10de77a9....0.tmp
  • /data/data/####/6e1ccb9b153a889234c5deb7d50791c7e889799eb82eeac....0.tmp
  • /data/data/####/6e94312418d2af38d778df44f787b6f45939dc5a77f33f4....0.tmp
  • /data/data/####/6ed0b5e596e61e34a80182c68cbe0a23609acda196cc255....0.tmp
  • /data/data/####/6fe4e3272237c52395f29a5fbe7d101eae798c03069e0d7....0.tmp
  • /data/data/####/706847f6d7ddee7ce1bb37875c2943819f10454e47ff09a....0.tmp
  • /data/data/####/706c0e878fefc0bea1de3f5b8842fadad3f96b0fdfde008....0.tmp
  • /data/data/####/72e8ed1791869713ebddae3422ab0029cbefd676aeda9ae....0.tmp
  • /data/data/####/7341f915e43404028e70e08ba3f9409931e5a8775e55a48....0.tmp
  • /data/data/####/7341f915e43404028e70e08ba3f9409931e5a8775e55a48...1fa9.0
  • /data/data/####/73839b749e3b04fb35dbfda33a929b4868cd032b9314ddc....0.tmp
  • /data/data/####/777cc4d2598d2e17d03b548e811f321434236440c3fed02....0.tmp
  • /data/data/####/7b82625d0f41cbfa7b0cfd77b1ba002a528e7657862e0ef....0.tmp
  • /data/data/####/7d11246d78a1c359af2f39dbe16ba88359f2ca737faf635....0.tmp
  • /data/data/####/7dd0c751765a412973517950dc920062b070d8841eefdd0....0.tmp
  • /data/data/####/7e43c3e4d943f97f36880cff249160db35423d7a064854d....0.tmp
  • /data/data/####/7e4e83472847cb3789cd217405b1f0b701faa35eb94063b....0.tmp
  • /data/data/####/7f442741675f233b93653f39338c5cf6d7bbb24f59eeeea....0.tmp
  • /data/data/####/80502d8fbf4aa14da06519538a2b8359cfad8840bcf89f2....0.tmp
  • /data/data/####/806a7ce1ba24f1e3f3a9a96c3d878923ab7f3041ab5ae2e....0.tmp
  • /data/data/####/81d92309fe75f9a39b4a6cee1b5ea0b53b2d100bfc7d45a....0.tmp
  • /data/data/####/82ed5dc756fbd0a466300743430757d0bc8f82cb4a7e771....0.tmp
  • /data/data/####/83b10e603efa391e915936b3f54f1ce3a99ea5e8dc31d13....0.tmp
  • /data/data/####/83d48b3a386b0d8c7a5623fda480b084c9a0f4dfa9a6b46....0.tmp
  • /data/data/####/83e0af35cbf27993de929eb5c58da20ebac433bd7bf8c73....0.tmp
  • /data/data/####/85f4c72282182b87383e914c069c86b35d0b9e7002aadca....0.tmp
  • /data/data/####/86038433ab6383a7c3b914f1249bd22b5b43cf4aa5790ec....0.tmp
  • /data/data/####/86e68af86964ee5e01501dd9d5c60fc6588d4594071ccf5....0.tmp
  • /data/data/####/86eba38f99fff1d300cb8317cbd6b580d73ca7e97471289....0.tmp
  • /data/data/####/8732a25f035dd04125aae3848223964e426518a4431a25c....0.tmp
  • /data/data/####/8ae07aa7b60d196c8833c631bfe33211e5f7394563935c8....0.tmp
  • /data/data/####/8ce5b570d9e893ad367fa3802690a3e9407db5ca359efaa....0.tmp
  • /data/data/####/8d98ba84b77261dca0917544821fb1cf5fe48a053ccbc28....0.tmp
  • /data/data/####/8f45ce1888a2c67a4c4a3e2eb2f1e399043033e9eb63d97....0.tmp
  • /data/data/####/928da95b41771096a0b863640798ba3173bb89536b0fd42....0.tmp
  • /data/data/####/93415efd12770bff1195cbf3375bb7c9de1b149b02ca415....0.tmp
  • /data/data/####/943bc0d369e6b0553848570949e69b38233872132104f82....0.tmp
  • /data/data/####/94d0c72eff5dd2acd90c4a6688f1c9ee33a4d48b6a95808....0.tmp
  • /data/data/####/96bef584bd8afce06e817b6c75ff717c19d1e4b2cb27dee....0.tmp
  • /data/data/####/9770bcf281a0a6de4810600993bc96a3a5426152b6abc49....0.tmp
  • /data/data/####/9838e9fed86fc39a87956c2600c559e63c5fffed8f10b16....0.tmp
  • /data/data/####/9a879fefeee39f743e5f64c34ea7380b5cad327d1d3de6c....0.tmp
  • /data/data/####/9d22955dc7037a004acb532f583ba478ee6d22c1ed0b6fa....0.tmp
  • /data/data/####/9d45d2c4b2ab235f294da7ce96ea7485c7fa30dcb2aae74....0.tmp
  • /data/data/####/9e23feec79bf20994e62374f38ac773d7bdbcebed5e9cf9....0.tmp
  • /data/data/####/9e98ee7f8502d97186f776f52561cd4518402df2a7a469b....0.tmp
  • /data/data/####/9ef7b82d4a7144f8287faa5e437e19204770803cc140b0e....0.tmp
  • /data/data/####/9ffb916ea1ab3cc323f289140d27c043a3e4b7c6c1f2e7e....0.tmp
  • /data/data/####/BUGLY_COMMON_VALUES.xml
  • /data/data/####/BuglySdkInfos.xml
  • /data/data/####/GDTSDK.db
  • /data/data/####/GDTSDK.db-journal
  • /data/data/####/MultiDex.lock
  • /data/data/####/__Baidu_Stat_SDK_SendRem.xml
  • /data/data/####/__local_ap_info_cache.json
  • /data/data/####/__local_last_session.json
  • /data/data/####/__local_stat_cache.json
  • /data/data/####/__send_data_1555633991935
  • /data/data/####/a2e348c90c1f230b1c82389f77a176cc595e6c807d21f60....0.tmp
  • /data/data/####/a358f98920aa148af45b8877b6d09d5c99f9a01ee740ed0....0.tmp
  • /data/data/####/a3fc69cdd476c4a1a9f7a83c30f282d4b616db78d5a0d2a....0.tmp
  • /data/data/####/a45ff42454efcee0d1ac3e0c0b419a95bae4dde78dc7fad....0.tmp
  • /data/data/####/a4a7f2e7b597e058c6e35e9c6c46b8b6895cc9d9fb3313e....0.tmp
  • /data/data/####/a518ff89d9b63834e8f2931182c1474437dd4ff8b2ea1f6....0.tmp
  • /data/data/####/a5739235596b154969624de1bdeda35cb7135698377b187....0.tmp
  • /data/data/####/a5849399bdecd307cb6556ffe536afbc83c29475c0152ee....0.tmp
  • /data/data/####/a58a82fe025404a297ffc58ad204f09d21154c338a6ecc1....0.tmp
  • /data/data/####/a591b88dd72acb9b9dc7cc161a80a0eda28d59282f8290d....0.tmp
  • /data/data/####/a681bbcdeca25e87a526d2e19895c9084f3112a04ed420c....0.tmp
  • /data/data/####/a798112602ff6cbc7677463f218320e3f241f056970b06b....0.tmp
  • /data/data/####/a97bddd8fdecb9565133e6b585c26a13d45385005bc7f08....0.tmp
  • /data/data/####/abeff97a3b960d18237a758eb4a5cfb4e30064347e3d60a....0.tmp
  • /data/data/####/ac2ae1d7af4d0beb157c5f5863003416bb297319c155987....0.tmp
  • /data/data/####/ad4a5469952e1a332d39292e6e7bca329d3ab475587f304....0.tmp
  • /data/data/####/ada7270fb5a14890f8b92b79c11fb6fd97be74db40d14d2....0.tmp
  • /data/data/####/adc561fdeb841b48078f7488fb94d9f71a000e19d7a6a00....0.tmp
  • /data/data/####/ax_c.xml
  • /data/data/####/b04ca308698fa2a6492aeee1074f6b55504a5e6fdb0c935....0.tmp
  • /data/data/####/b11942a340034b8943b018140255f7b7779295e752a1d3a....0.tmp
  • /data/data/####/b133ff77d3171f9d2b1722604cae68773edc822e6a81fb3....0.tmp
  • /data/data/####/b1964fbb57c9eeefd9325361e8a5e6fee37165b2d7c297e....0.tmp
  • /data/data/####/b1cd6fdc24a7f0c5c667d352f88aa5b545823b4d7fa6715....0.tmp
  • /data/data/####/b276a16f2ddcbfa81e6b48cc01967486bdd36b67f629644....0.tmp
  • /data/data/####/b2c56430dd7ca76b1c31a154b7772a5dd229884d1aec0da....0.tmp
  • /data/data/####/b2f2a63b722c40d62207aa926985e9403fe3d12ceaf3891....0.tmp
  • /data/data/####/b3820860ff628779df0fb0d49d7602d30bc63d3f917b88a....0.tmp
  • /data/data/####/b3ea4d94627589012dd5c4ae728f990aa75ed457bc47ede....0.tmp
  • /data/data/####/b513118302518e2b31f44b9c6d19e6417d14aaba776a0ea....0.tmp
  • /data/data/####/b5810a80e895fca02aae7ac2a5c129606c99f0511def51b....0.tmp
  • /data/data/####/b77d7da0500ccaa00afc708a52c9c5310f229ee4708fcae....0.tmp
  • /data/data/####/b9e9ff54b0f91536369a9c45c1c61782a7afaddb3973e9d....0.tmp
  • /data/data/####/bb520a6830f4b21371a12ee3674dbab7db89688f93196c6....0.tmp
  • /data/data/####/bc253cd9bbbbfd098ba37726868c47e959faec7f3891bd7....0.tmp
  • /data/data/####/bd69c8655de8592eeb50aca7d4a24f1a81d34199cf84a61....0.tmp
  • /data/data/####/book.db-journal
  • /data/data/####/bugly_db_-journal
  • /data/data/####/c059f0ae08fdffd21064c46b3981847d5ea66dbb7c5f3ac....0.tmp
  • /data/data/####/c0d7531342ea1e477dfe78a0891bdc9209d062fcf1e5268....0.tmp
  • /data/data/####/c20b48edd421b75196e28725059671f40823421ea2f41d2....0.tmp
  • /data/data/####/c2ee7395c2eba5701565c32d8be55d453dd211eceb058fa....0.tmp
  • /data/data/####/c3ed7abb5153f69d7b3deb9436ce4fb5bf09f64cf7b6540....0.tmp
  • /data/data/####/c64a295932b7444b3a12580dbd150047f7cecbb2953f963....0.tmp
  • /data/data/####/c6d29b685618f24ab6d4fddea1b1faeaba46a182de234a5....0.tmp
  • /data/data/####/c72998e484cc4ed167f9482496f57edecdb8ef2b02608e4....0.tmp
  • /data/data/####/c7ec19865c6d35197958b9a36b3b7965db0dc4b8a756de1....0.tmp
  • /data/data/####/c8664425f6d0ffedb1d5f61123419ae12fc814c4e48d7ed....0.tmp
  • /data/data/####/c98b97f394c37ec780064692f5d9fcf9900f66a1385f501....0.tmp
  • /data/data/####/cache.xml
  • /data/data/####/cb23bcdbbccbcebe07935558352fe199d93e0aaa2776e05....0.tmp
  • /data/data/####/cb45ea65685bfe2f64f57a1bb70bb5e9b63ea1ea452512a....0.tmp
  • /data/data/####/cdc19023d1ffdfadd0f1ef22035714d2153c598f201888c....0.tmp
  • /data/data/####/cdd75314a14e17f8762e3f62caa493643ed547f7405d488....0.tmp
  • /data/data/####/ce9706e3432111b5f5c03ca9ea75e4970facaab44e9c6d7....0.tmp
  • /data/data/####/cf72c68fc132e4261531b7b33acde42a5e3c924e92c8e62....0.tmp
  • /data/data/####/cfa410c689ce1677784a5d3732bccee234b60fe4ea2cbe9....0.tmp
  • /data/data/####/com.blue.ibool.BETA_VALUES.xml
  • /data/data/####/crashrecord.xml
  • /data/data/####/d06061a1a712eaa6eb5081e750d1405829ba95c531336aa....0.tmp
  • /data/data/####/d2c8edb7fe1601650f93879bdf59bc7128bef4a7a09ce0a....0.tmp
  • /data/data/####/d5a5b5503c958f16cc70cc62461091608cb6950a9ed8ccd....0.tmp
  • /data/data/####/d61d3bc0b8fc802c1cafb20753023083603ea21054047d3....0.tmp
  • /data/data/####/d73df23de98640e3746a76ca238d2a658d52e3680807e69....0.tmp
  • /data/data/####/d7f901074e14cb72a98d540dc60b39534e23a99b569e3b3....0.tmp
  • /data/data/####/d928740cfae7a57345bcba7b4164b46290e8835daf49b7d....0.tmp
  • /data/data/####/da4ed7acfd799565cf906116d81ef94f4f72ad35488ef45....0.tmp
  • /data/data/####/db6a014037ac9104575066f31be80abafdb3430beba9d0b....0.tmp
  • /data/data/####/dc0aa5e64958786d5466bf1924cf88d2ad4d4f130452808....0.tmp
  • /data/data/####/dd610b2be19f4b5f240e840d8d29723d1b961bf7798a93e....0.tmp
  • /data/data/####/ddb4e6d3ea238dc67d79e52269b8c2da02d0ecf2915eddd....0.tmp
  • /data/data/####/ddc6631744ac14979f7282a0a1c67871d3df19cfe94b149....0.tmp
  • /data/data/####/de4f716e7a08d05b403f58a823ddeb4ab6e1e6ea2f708fb....0.tmp
  • /data/data/####/devCloudSetting.cfg
  • /data/data/####/devCloudSetting.sig
  • /data/data/####/dexMethod.82560842.dat
  • /data/data/####/e047028b1849cb7b02de2eb15d32fdb9be90fe0617f2f5b....0.tmp
  • /data/data/####/e1adc63db7b8ea7951cafa4f0fb0975a3e5db99c37867e4....0.tmp
  • /data/data/####/e3528090a0ed78482532793b327584878e23bfc52705fb7....0.tmp
  • /data/data/####/e49eef01f650e40dca560a8ff2f23575a2952cd9e975dcf....0.tmp
  • /data/data/####/e51abbb1fc6df3764f8327df94a6ad191ef206200bc8f21....0.tmp
  • /data/data/####/e58e82cbbb9fb64ad7bd95062c37890ae3c7da31bd5881c....0.tmp
  • /data/data/####/e6182898a966edd4e78d6bb4c647786da58309c93b52000....0.tmp
  • /data/data/####/e6f068fad9521128df448799a455cc2ef320ed462c45cf1....0.tmp
  • /data/data/####/e9d36d6edad434e120214685d2316c2515f83116bde60ee....0.tmp
  • /data/data/####/ea1108e5be78ad22ce002ae009c4ea10a1e42cd3052f994....0.tmp
  • /data/data/####/eaced1999e9d230c57d80100605a5c408f496167855e33d....0.tmp
  • /data/data/####/eb1145d155a05346b93b0b8bc43b1899f9707fab0482050....0.tmp
  • /data/data/####/ec139fc9bbfc3c141bb7aad9b9f2b38a99e6a0b229137b5....0.tmp
  • /data/data/####/ed180897fa97e026f2b1c6c3a914df6b6123f5d8b5f8cf1....0.tmp
  • /data/data/####/ed8941b3faed1115803afb9483e0e9c8f77300013f71247....0.tmp
  • /data/data/####/edc7bcafb551ddf667c5a5ad7329a0be46dac34287f9e42....0.tmp
  • /data/data/####/ee5f2bfe8045f2f4c4122332dd5fbdfbf1958fba9f28da8....0.tmp
  • /data/data/####/ee8ccbd42eab730a388034e560ff6cdd5e84e3211f2aeba....0.tmp
  • /data/data/####/ef98d027a6586265714a5001cb9ad2e22b263b9174c5ace....0.tmp
  • /data/data/####/f01a9c2273540fd253704356a15900b3927cf663c743f9a....0.tmp
  • /data/data/####/f0ac5670d52f28fb4033ff5955faccce2b2136dd93ac4bc....0.tmp
  • /data/data/####/f43986cec9b8e54d6f04dd3452b6368b1963add761b6fec....0.tmp
  • /data/data/####/f785212906eede2ed9202cf635e0a719a2ec616d23c69d9....0.tmp
  • /data/data/####/f7a479f7cf247b395de634c0a47e102b01ce7b0adfc6f23....0.tmp
  • /data/data/####/faea63b540e6b941885947c058a3e88a0453ba91419c2e5....0.tmp
  • /data/data/####/fb30196f5371d1ef2e18475cbf731a3189b917d48855596....0.tmp
  • /data/data/####/fd3294fa14aaaecbbee7bc618c90013a2f0eb8b0f208e5a....0.tmp
  • /data/data/####/ff139aa4fbe7201c6ecfd56da47985485ef36690d8dcd1d....0.tmp
  • /data/data/####/gdt_config.cfg
  • /data/data/####/gdt_plugin.jar
  • /data/data/####/gdt_plugin.jar.sig
  • /data/data/####/gdt_plugin.tmp
  • /data/data/####/gdt_plugin.tmp.sig
  • /data/data/####/gdt_suid
  • /data/data/####/gg.dex
  • /data/data/####/journal.tmp
  • /data/data/####/libcuid.so
  • /data/data/####/libjiagu980367222.so
  • /data/data/####/libyaqbasic.82560842.so
  • /data/data/####/libyaqpro.82560842.so
  • /data/data/####/local_crash_lock
  • /data/data/####/mc145.dex
  • /data/data/####/mc_cache.xml
  • /data/data/####/multidex.version.xml
  • /data/data/####/native_record_lock
  • /data/data/####/sdkCloudSetting.cfg
  • /data/data/####/sdkCloudSetting.sig
  • /data/data/####/security_info
  • /data/data/####/share_data.xml
  • /data/data/####/share_date.xml
  • /data/data/####/update_lc
  • /data/data/####/yaqsdkcookie
  • /data/media/####/.confd
  • /data/media/####/.confd-journal
  • /data/media/####/.cuid
  • /data/media/####/.cuid2
  • /data/media/####/.nomedia
  • /data/media/####/.timestamp
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/sh -c getprop
  • getprop
Loads the following dynamic libraries:
  • Bugly
  • crash_analysis
  • libjiagu980367222
  • libyaqbasic.82560842
  • libyaqpro.82560842
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-ECB-PKCS7Padding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play