FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.DownLoader.4395

Added to the Dr.Web virus database: 2019-05-13

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.41.origin
  • Android.Xiny.20
Downloads the following detected threats from the Internet:
  • Android.Xiny.20
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) c####.baidust####.com:80
  • TCP(HTTP/1.1) img.cool####.cn:80
  • TCP(HTTP/1.1) nbc.e####.com:80
  • TCP(HTTP/1.1) hd.a####.com:80
  • TCP(HTTP/1.1) aserver####.m.ta####.com:80
  • TCP(HTTP/1.1) 1####.46.3.138:80
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) adv.jpi####.com:80
  • TCP(HTTP/1.1) l####.c####.q####.####.net:80
  • TCP(HTTP/1.1) ip.ta####.com:80
  • TCP(HTTP/1.1) en####.tui####.com:80
  • TCP(HTTP/1.1) acti####.russi####.cn:80
  • TCP(HTTP/1.1) p####.api.adoc####.com:80
  • TCP(HTTP/1.1) cm.pos.b####.com:80
  • TCP(HTTP/1.1) embe####.d####.com.cn:80
  • TCP(HTTP/1.1) fi####.d####.com:80
  • TCP(HTTP/1.1) yun.d####.com:80
  • TCP(HTTP/1.1) api.51aiz####.cn:80
  • TCP(HTTP/1.1) 1####.75.90.218:80
  • TCP(HTTP/1.1) map####.y####.com.cn:80
  • TCP(HTTP/1.1) z####.heyc####.net:80
  • TCP(HTTP/1.1) yun.t####.cn:80
  • TCP(HTTP/1.1) yun.tuis####.com:80
  • TCP(HTTP/1.1) yun.d####.com.cn:80
  • TCP(HTTP/1.1) si####.jom####.com:80
  • TCP(HTTP/1.1) oss.a####.astou####.com:80
  • TCP(HTTP/1.1) a####.b####.com:80
  • TCP(HTTP/1.1) adv.99y####.com:80
  • TCP(HTTP/1.1) e.ghe####.net:9908
  • TCP(HTTP/1.1) nba.e####.com:80
  • TCP(HTTP/1.1) d####.dd7####.com:80
  • TCP(HTTP/1.1) w.j####.cc:80
  • TCP(HTTP/1.1) wn.pos.b####.com:80
  • TCP(HTTP/1.1) yun.russi####.cn.####.com:80
  • TCP(HTTP/1.1) pos.b####.com:80
  • TCP(HTTP/1.1) ec####.b####.com:80
  • TCP(HTTP/1.1) api.adoc####.com:80
  • TCP(HTTP/1.1) s.c####.b####.com:80
  • TCP(HTTP/1.1) a####.ed####.com:80
  • TCP(HTTP/1.1) d.bjsd####.com:80
  • TCP(HTTP/1.1) 1####.75.92.94:80
  • TCP(HTTP/1.1) l.bjsd####.com:80
  • TCP(HTTP/1.1) c####.jd.com:80
  • UDP(NTP) 2.and####.p####.####.org:123
  • TCP(SSL/3.0) ip.goq####.com:443
  • TCP(TLS/1.0) hotfix####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) st####.adhu####.com:443
  • TCP(TLS/1.0) gw.alipayo####.com:443
  • TCP(TLS/1.0) ip.goq####.com:443
  • TCP(TLS/1.0) c####.baidust####.com:443
  • TCP(TLS/1.0) re####.al####.com:443
  • TCP(TLS/1.0) c.c####.com:443
  • TCP(TLS/1.0) dis####.eq####.com:443
  • TCP(TLS/1.0) rds.al####.com:443
  • TCP(TLS/1.0) m####.al####.com:443
  • TCP(TLS/1.0) yun.russi####.cn.####.com:443
  • TCP(TLS/1.0) gm.mm####.com:443
  • TCP(TLS/1.0) s####.yy.com:443
  • TCP(TLS/1.0) aliyuns####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) aliyuno####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) g.al####.com:443
  • TCP(TLS/1.0) hunter-####.d####.com:443
  • TCP(TLS/1.0) g####.a####.astou####.com:443
DNS requests:
  • 2.and####.p####.####.org
  • 7x####.dl1.z0.####.com
  • a####.b####.com
  • a####.ed####.com
  • a.alipayo####.com
  • a.bjsd####.com
  • acti####.russi####.cn
  • adv-u####.t####.u####.net
  • adv.99y####.com
  • adv.jpi####.com
  • aliyuno####.oss-cn-####.aliy####.com
  • aliyuns####.oss-cn-####.aliy####.com
  • api.51aiz####.cn
  • api.adoc####.com
  • as.alipayo####.com
  • c####.baidust####.com
  • c####.jd.com
  • c####.mm####.com
  • c.c####.com
  • cdn.boo####.com
  • cm.miao####.atm.####.com
  • cm.pos.b####.com
  • co####.ssp.adoc####.com
  • d####.dd7####.com
  • d.bjsd####.com
  • dis####.eq####.com
  • e.ghe####.net
  • ec####.b####.com
  • embe####.d####.com.cn
  • en####.tui####.com
  • f10.b####.com
  • f12.b####.com
  • fi####.d####.com
  • g####.a####.astou####.com
  • g.al####.com
  • gm.mm####.com
  • gw.alipayo####.com
  • hm.b####.com
  • hotfix####.oss-cn-####.aliy####.com
  • hunter-####.d####.com
  • i####.adhu####.com
  • i####.adhu####.com
  • i####.adhu####.com
  • img.cool####.cn
  • ip.goq####.com
  • ip.ta####.com
  • l.bjsd####.com
  • m####.al####.com
  • map####.y####.com.cn
  • n####.ed####.com
  • nba.e####.com
  • nbc.e####.com
  • oss.a####.astou####.com
  • p####.api.adoc####.com
  • pos.b####.com
  • rds.al####.com
  • re####.al####.com
  • s####.yy.com
  • s.c####.b####.com
  • s19.c####.com
  • st####.adhu####.com
  • t10.b####.com
  • t11.b####.com
  • t12.b####.com
  • w.j####.cc
  • wn.pos.b####.com
  • yun.d####.com
  • yun.d####.com.cn
  • yun.russi####.cn
  • yun.t####.cn
  • yun.tuis####.com
  • yun.tuit####.com
  • z####.heyc####.net
  • z8.c####.com
  • z9.c####.com
HTTP GET requests:
  • a####.b####.com/channl_adong.png
  • a####.b####.com/channl_adong2.png
  • a####.b####.com/channl_haoqi1.png
  • a####.ed####.com/?1####
  • a####.ed####.com/asset/css/common_7.0.css
  • a####.ed####.com/asset/css/style_7.0.css
  • a####.ed####.com/asset/images/backtohome.png
  • a####.ed####.com/asset/images/icon.png
  • a####.ed####.com/asset/images/sprite_icon.png
  • a####.ed####.com/asset/js/common.min.js
  • a####.ed####.com/asset/js/jquery-1.8.3.min.js
  • a####.ed####.com/asset/js/scrollload.min.js
  • a####.ed####.com/asset/js/swiper.min.js
  • a####.ed####.com/cn/zixun/zh-chs/2018-10/08/s5b880829c1ad461982d538d13e2...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s0567077ebaad47a0977ccef9247...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s13e671880c7842338af711bf85c...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s1c1148d0fdb84a979e5b98f98f3...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s23c115e131f34683a29fc7c5faa...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s24fffe430be84e0393e05d14fa5...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s7c1e867725cd460393346aa792d...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s8a9d705e9dbd49238a0215b58e5...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s92febd0907b340d9b75c899d5c9...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/s95790bdb6481486a93137044a7b...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/sc2cf812e7b3a4a69b23c79a6b36...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/sc9abffea458340a6a49582ea541...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/sdee8d05b74764d199d5a691caab...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/sf3d49e3939e0442c9cc0056f8fc...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/03/sfb106898bc5e4f7b969c33b4bfe...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/12/s56957277dc5d4dc1a8dc500aa62...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/16/s35c25473a6d347caa49ae13b383...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/16/s76b149ca97aa44f7a604a5ce482...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/16/sb045e55610cc448b868f64d8261...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/16/sbb91b50bc49e49789b3606d7cd1...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/23/s75ae9b92ac464970b7415928dce...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/23/sac43dedb23284af98c7de7ab509...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/25/s2669d7c62a644ad7a3e5ebc7f40...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/25/s3bb72d3a916645cfa02a0d79ecc...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/25/s4f1016e98e954f54b03fb7cb558...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/25/s61d5b37c894d4f6a8115f8c9bc2...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/25/sc35a2d90f7264edc9b9969c606e...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/25/scdf3623576d24c23ae15e13435d...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/25/sd50ccdc360c443d18ade06cab53...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/26/s233162aa6fed410685da5b57534...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/26/s4468ed888af143edae5f9d300bd...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/26/s7a50e57fd73d4099b88e6e14824...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/26/sd1f4c08e78c249f7985dce5fad8...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/26/sd967394f928d4acc85ce39533d5...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/28/s08f7570b865145d8b00455c563b...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/28/s7432749fc72648c2b622f1676d0...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/28/s9188d4925a1e4e96ae6955eca5f...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/28/se7a965a7230a4760833ec325802...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/29/s0ea233dd26bc45d98ace685b43c...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/29/s1d458ae708b34a0582eec2b4129...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/29/s268580c479764aa9a7e5379ea7b...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/29/s88f96848e889468c9c7e3169320...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/29/sa51abe47923a4f47b9563265d21...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/29/sa7ac1dfa56f148edb5b2d6c6a66...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/30/s0396c0cef17049e49a6458e5bfa...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/30/s0abee5f44ff842e4b7b35fd6acf...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/30/s143dbb647f4f46a4950a888aa09...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/30/s54664b2900f447d3bad8f3b544e...
  • a####.ed####.com/cn/zixun/zh-chs/2019-04/30/s636e11483a664e939a69bb8ceee...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/01/s9b1e32864b364aa58089dca71f8...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/02/s1b2b3260228248478913dab3b36...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/02/s30a00f189ef64f0189da434f58c...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/02/s38ff956c307440af83d7841efd2...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/02/s560522f7171a4899beb1a2177e5...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/02/sa9a5851598654365be0796ce3b1...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/02/sdc2cf37a30804268a4113ae3f74...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/03/s06e880a73a104dbfb106c8c4846...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/03/s1f61b23924024d3fa883c22d9e9...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/03/s7984c543ef0640c09b7185d72cd...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/04/s5d6f59f2a6b04ea6835d0313247...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/04/s64eef891f6ef4bddb33d0e92321...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/04/s9bc40d4b706741b990ed353e939...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/04/scc6be4bd98204740a065143d3cf...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/04/sd02f71c129af4b2a90e319395dd...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/s3f46f11782eb4dc5ae21b885d45...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/s5a5f136631864783b02e4787fbd...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/s78ac63b6cf0b431bb6016b79757...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/s7ac46814b3c245709346b78ec21...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/s7c0eb72a75304f99a496d1d8330...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/sb3f1794f2448480e9dbc082ff54...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/sc60471f012ca43f28e2a123d438...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/05/se29c2751f7c34d668d703734acc...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/s07371119ffe043bd9bd42e9eaaa...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/s1d143a130d044c06ab3895a3ebb...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/s24d6bab1b28b4030bd64e0a723b...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/s26a6951012464b58a17e50fd91f...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/s53b0f7693ed64ae39524a8ed4be...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/s747988d981b24cdabd4b445ed16...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/s8eba8eac93954ac2a539c7bba63...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/sc04084c994294c3b8b66bfe36ba...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/06/sd1788ff2f6fc482a91cc16b476d...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/07/s2170e545a6224765acdccc4f8ac...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/07/s469085bd3d604be197158807029...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/07/sd587bb1a2e924c3f99c71a6298e...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/07/se6661b0c8cee4a29866839fe2bf...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/s00240e256f4b44a282d98c798d8...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/s329e34baa9a1407a858822b7767...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/s79cfe72620d844f5b809b790b93...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/s80f2983ba7f14ee99b574dfc00b...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/s9f2b7dda36a244618a165ea7c27...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/sa8b3e2f3505c4a668bf1965eb97...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/sf1b5a0802aed44acac85360341b...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/08/sf4690c510c6e49079f8d36cfed0...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/09/s3103d014b1fc4a3698f6b0bf804...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/09/s921ff23720da41ddbf4131e272a...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/09/sfbc1fabe63a046cdbc866166265...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/s119c1eb8777e4df5a3c070a9a5c...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/s2c5bad2619e24096942a66d876f...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/s48df18ad4ada43d7b1bcdf2b49f...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/s7dac374beecd4dcf8dc48534242...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/s9c8891eb37944299b88f3594c1e...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/sc194e52ddfc4475d99851959777...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/sd9d29b0730ee4ac2a510f2f348f...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/sdbe568426aab4c1dbf6663bf65d...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/10/sfead2d49d12948b1892a6bc8193...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/11/s0e5d336ed6da46a8ace18938499...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/11/s380e775acb774ce8a1155a04b62...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/11/s553e24c8249446bab2ed0b4bfde...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/11/s646aff0ad644401aaa23ba3022a...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/11/sb676ca9eead1435c94c8e8d6252...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/12/s111fe164bd9b423eb252848abc3...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/12/s661eacc1984843aeb806dddbfe7...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/12/sc3eca17c0c79482480375e66935...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/12/sc65348d159564ba19122d94d737...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/12/sf436275152204353b540f69b62e...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/13/s120b03d7ee46463e917fe5be3e0...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/13/s16a8d5c0027247b9bffe71d2ae3...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/13/s765e4c627e814b498cf0e6d6bff...
  • a####.ed####.com/cn/zixun/zh-chs/2019-05/13/s8c18c085671248f39b40646dd5b...
  • acti####.russi####.cn/activity/getAllSkin?timestamp=####&couponSkinId=##...
  • acti####.russi####.cn/activity/getKefu?id=####&slotId=####
  • acti####.russi####.cn/activity/getReturnPage?timestamp=####&slotId=####&...
  • acti####.russi####.cn/activity/index?id=####&slotId=####&login=####&appK...
  • acti####.russi####.cn/activity/redirect?url=https://render.alipay.com/p/...
  • acti####.russi####.cn/activity/showLog?dpm=####&couponSource=####&orderI...
  • acti####.russi####.cn/activityRegion/getByActivityId?timestamp=####&acti...
  • acti####.russi####.cn/cardCollect/getUserCardsInfo?timestamp=####&activi...
  • acti####.russi####.cn/common/ip
  • acti####.russi####.cn/statistics/activityPagePerf?group_type=####&platfo...
  • acti####.russi####.cn/statistics/click?timestamp=####&dpm=####&consumerI...
  • api.adoc####.com/ssp/mgm/task?taskId=####&ip=####
  • aserver####.m.ta####.com/cm.gif?dspid=####
  • c####.baidust####.com/cpro/expire/time2.js
  • c####.baidust####.com/cpro/ui/pr.js
  • c####.baidust####.com/sync.htm?cproid=####
  • c####.jd.com/du?&baidu_user_id=####&cookie_version=####&timestamp=####&e...
  • cm.pos.b####.com/pixel?dspid=####
  • cm.pos.b####.com/youku?mzid=####
  • d####.dd7####.com//upload/plog/dfkn.jar
  • d####.dd7####.com//upload/sdk2/LHYY20190402.jar
  • d####.dd7####.com//upload/sdk2/sdk04dex20190218.jar
  • d####.dd7####.com//upload/sdk3/cjmob20190301.jar
  • d####.dd7####.com//upload/sdk3/papp20190412.jar
  • d####.dd7####.com/upload/plog/N38de20181225.jar
  • d####.dd7####.com/upload/plog/mfgz.jar
  • d####.dd7####.com/upload/sdk2/kzd20190428.jar
  • ec####.b####.com/rs.jpg?type=####&rdm=####
  • embe####.d####.com.cn/exposure/standard?dpm=####&consumerId=####&deliver...
  • embe####.d####.com.cn/exposure/standard?dpm=####&consumer_id=####&domain...
  • embe####.d####.com.cn/exposure/standard?dpm=####&couponSource=####&order...
  • en####.tui####.com/index/activity?appKey=####&adslotId=####
  • hd.a####.com/android/adv/qsz/advsdk/release/advsdk-release.enc
  • hd.a####.com/android/adv/qsz/resource/laotan-0513-01.dex
  • hd.a####.com/android/adv/qsz/resource/xjsdk_v8.dex
  • img.cool####.cn/201812/ww9.jar
  • ip.ta####.com/service/getIpInfo.php?ip=####
  • l####.c####.q####.####.net/aristotle_20190318_v57.zip
  • map####.y####.com.cn/s/mapping/?baidu_user_id=####&cookie_version=####&t...
  • nba.e####.com/cwaeayz.js
  • nba.e####.com/site/gpv7.js?jewftw=####
  • nbc.e####.com/auto_ds?ty=####&bjk=####&fiy=####&tqy=####&qhy=####&fyi=##...
  • oss.a####.astou####.com/cow/2019/05/13/226w_124h_41BF51557719260_origin....
  • oss.a####.astou####.com/cow/2019/05/13/226w_124h_9FA321557719562_origin....
  • oss.a####.astou####.com/cow/2019/05/13/226w_124h_A24BD1557719242_origin....
  • oss.a####.astou####.com/cow/2019/05/13/226w_124h_F4AF61557719266_origin....
  • oss.a####.astou####.com/cow/2019/05/13/690w_380h_9A89A1557719465_origin....
  • p####.api.adoc####.com/api/v1/laotan_domain?version=####
  • p####.api.adoc####.com/ip
  • pos.b####.com/s?hei=135&wid=686&di=u3723655&ltu=http://aitui.edushi.com/...
  • pos.b####.com/sync_pos.htm?cproid=####
  • pos.b####.com/sync_pos.htm?cproid=####&t=####
  • s.c####.b####.com/s.htm?cproid=####&t=####
  • si####.jom####.com/it/u=1037223696,1419046224&fm=76
  • si####.jom####.com/it/u=1636444785,2843743097&fm=76
  • si####.jom####.com/it/u=1723234218,3349041472&fm=76
  • si####.jom####.com/it/u=188536889,2500404502&fm=76
  • si####.jom####.com/it/u=2009007615,3618303828&fm=76
  • si####.jom####.com/it/u=2234083940,4276483020&fm=76
  • si####.jom####.com/it/u=2340358922,3360486570&fm=76
  • si####.jom####.com/it/u=2354954444,3710247693&fm=76
  • si####.jom####.com/it/u=2504931418,3730643104&fm=76
  • si####.jom####.com/it/u=3231019587,3833303317&fm=76
  • si####.jom####.com/it/u=3287092527,324546990&fm=76
  • si####.jom####.com/it/u=34059935,1451258253&fm=76
  • si####.jom####.com/it/u=35332682,3908276197&fm=76
  • si####.jom####.com/it/u=39153723,1987985075&fm=76
  • si####.jom####.com/it/u=3920303370,4047528556&fm=76
  • si####.jom####.com/it/u=3936254921,162457178&fm=76
  • si####.jom####.com/it/u=497414514,3121780143&fm=76
  • si####.jom####.com/it/u=506535569,2087225251&fm=76
  • si####.jom####.com/it/u=863345171,1069980849&fm=76
  • si####.jom####.com/it/u=889755524,4064253629&fm=76
  • si####.jom####.com/it/u=954556032,2644787655&fm=76
  • wn.pos.b####.com/adx.php?c=####
  • yun.d####.com.cn/h5-tuia/couponPrize/lucky.png?nnn=####
  • yun.d####.com/figerprint/webfiger.cache.js?x=####
  • yun.d####.com/h5-mami/objectModal/index_201801031418.css
  • yun.russi####.cn.####.com/babi/img/mdtvseef50.gif
  • yun.russi####.cn.####.com/h5-mami/h5-discern-simulator-1.0.19.min.js?t=#...
  • yun.russi####.cn.####.com/h5-mami/insurance/taobao/clipboard.min.js
  • yun.russi####.cn.####.com/h5-mami/shendun/shendun0313.js
  • yun.russi####.cn.####.com/mami-media/img/0n3l76um7b.png?x-oss-process=####
  • yun.russi####.cn.####.com/mami-media/img/5hxutzjkou.png
  • yun.russi####.cn.####.com/mami-media/img/5u33v7jgi6.png?x-oss-process=####
  • yun.russi####.cn.####.com/mami-media/img/83ije6svsm.jpg
  • yun.russi####.cn.####.com/mami-media/img/9t3t4qqvf6.png?x-oss-process=####
  • yun.russi####.cn.####.com/mami-media/img/dbl5imm8au.png?x-oss-process=####
  • yun.russi####.cn.####.com/mami-media/img/gibbzrj7ah.png
  • yun.russi####.cn.####.com/mami-media/img/hhvtfy5skt.png
  • yun.russi####.cn.####.com/mami-media/img/j2ko58z8sj.png
  • yun.russi####.cn.####.com/mami-media/img/k18eruc7su.png?x-oss-process=####
  • yun.russi####.cn.####.com/mami-media/img/mmcl6yufep.png?x-oss-process=####
  • yun.russi####.cn.####.com/mami-media/img/z3i8e9p4we.png
  • yun.russi####.cn.####.com/newactivity/assets/gyroscope.90b7461a.js
  • yun.russi####.cn.####.com/newactivity/assets/touchs.3bae3309.js
  • yun.t####.cn/tuia/skyeye/skyeye.js
  • yun.tuis####.com/babi/img/7a8ba96d-fjf4dhivl7.gif
  • yun.tuis####.com/h5-mami/QBModal/index_201801031421.css
  • yun.tuis####.com/h5-mami/QBModal/index_201801171227.js
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/button-start.png?...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-bao.png?x-oss...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-blue.png?x-os...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-dan.png?x-oss...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-gift.png?x-os...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-hong.png?x-os...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-ling.png?x-os...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-niu.png?x-oss...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-phone.png?x-o...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-purple.png?x-...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/egg-redpack.png?x...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/hand.png?x-oss-pr...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/prize.png?x-oss-p...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/progress.png?x-os...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/rule.png?x-oss-pr...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/spot.png?x-oss-pr...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v1/times.png?x-oss-p...
  • yun.tuis####.com/h5-mami/activity-magic/gashaponCar/v4/redpack.png?x-oss...
  • yun.tuis####.com/h5-mami/activity/components/incentive/gift.png
  • yun.tuis####.com/h5-mami/biiModal/index_201801242113.css
  • yun.tuis####.com/h5-mami/biiModal/index_201801242113.js
  • yun.tuis####.com/h5-mami/couponPrize/1.27/index_201804041740.js
  • yun.tuis####.com/h5-mami/couponPrize/4.5.1/bg-back.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/couponPrize/4.5.1/button.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/couponPrize/industry/225/index_201810191148.css
  • yun.tuis####.com/h5-mami/couponPrize/industry/225/index_201810191444.js
  • yun.tuis####.com/h5-mami/dist/018236a03a23d4b969e0.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/161153edfcd9bfee274b53e381161361.png
  • yun.tuis####.com/h5-mami/dist/2bb2b1801148a6c58f4ebbe2e877cbf3.png
  • yun.tuis####.com/h5-mami/dist/3a094d54b32e301f26f74b15ca05c304.png
  • yun.tuis####.com/h5-mami/dist/443fffb09d1289849e88.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/7e399c13dddc4fad7163.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/96e98e9ddf0f1294d168.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/a8137c2fcafc3ce50d16c5dd607f7f35.png
  • yun.tuis####.com/h5-mami/dist/ab804681f24ce5968bdc.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/activity-cardBag-v1-entry.b6e687a85882ea3e...
  • yun.tuis####.com/h5-mami/dist/activity-cardBag-v1-entry.f7258747d8aa3071...
  • yun.tuis####.com/h5-mami/dist/activity-common.bdf301ff9e358af3d1ff.js
  • yun.tuis####.com/h5-mami/dist/activity-common.cd1edbb2c5d832134334.js
  • yun.tuis####.com/h5-mami/dist/activity-gashaponCar-v4_3-entry.301c34b0ea...
  • yun.tuis####.com/h5-mami/dist/activity-gashaponCar-v4_3-entry.52ae93c239...
  • yun.tuis####.com/h5-mami/dist/apple.10d035bb123d45ac14b4.js
  • yun.tuis####.com/h5-mami/dist/apple.7f6a3291740a5b0f1575.js
  • yun.tuis####.com/h5-mami/dist/ba3b74c2d2a03ace8c653cf92a0c6bea.png
  • yun.tuis####.com/h5-mami/dist/bc8b3bffa8d36be75ddd.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/befd1d8488bef80ffc8b.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/c96b0d6dd43ade371148.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/d3fa6806881e193fa662fb4bcd139160.png
  • yun.tuis####.com/h5-mami/dist/d56ef78edfe419e0068c.png?x-oss-process=####
  • yun.tuis####.com/h5-mami/dist/es6-promise.auto.min.js
  • yun.tuis####.com/h5-mami/dist/fastclick.884d135bf77e46aaaafb.js
  • yun.tuis####.com/h5-mami/dist/intercept.494577ae81ec60eede66.js
  • yun.tuis####.com/h5-mami/dist/kefu.6a6fe097865fcc6c4183.js
  • yun.tuis####.com/h5-mami/dist/kefu.86948c2a3f49318246b3.js
  • yun.tuis####.com/h5-mami/dist/lotteryPublic.594b3cd6c7b628c8625a.js
  • yun.tuis####.com/h5-mami/dist/plugin-skins-giftSmash-entry.472bf49b52501...
  • yun.tuis####.com/h5-mami/dist/plugin-skins-giftSmash-entry.93db50da87e1f...
  • yun.tuis####.com/h5-mami/dist/record.da93ec66bc38409db739.js
  • yun.tuis####.com/h5-mami/dist/rule.a70872bfd86fac4c8868.js
  • yun.tuis####.com/h5-mami/dist/rule.cda0c35826bb19418a0b.js
  • yun.tuis####.com/h5-mami/dist/vendors.1e26e74a6b9af5b09eef.js
  • yun.tuis####.com/h5-mami/dist/vendors.7a549a3e6eadef7b902d.js
  • yun.tuis####.com/h5-mami/kefuModal/1/index_201712260000.css
  • yun.tuis####.com/h5-mami/kefuModal/1/index_20180425956.js
  • yun.tuis####.com/h5-mami/pluginAct/customer/icon-service.png?x-oss-proce...
  • yun.tuis####.com/newactivity/assets/1.27.4935695d.css
  • yun.tuis####.com/newactivity/assets/encourageIcon.792d512b.css
  • yun.tuis####.com/newactivity/assets/encourageIcon.a1c34420.js
  • yun.tuis####.com/newactivity/assets/encourageLayer.09421f78.css
  • yun.tuis####.com/newactivity/assets/encourageLayer.ac5e8fd2.js
  • yun.tuis####.com/newactivity/assets/showAlipayPrize.44d0e564.js
  • yun.tuis####.com/newactivity/assets/showAlipayPrize.9b0efbb9.css
  • yun.tuis####.com/newactivity/assets/showAlipayPrize.da021a98.css
  • yun.tuis####.com/newactivity/assets/showObjectPrize.0ad13886.js
  • yun.tuis####.com/newactivity/assets/showRecommend.21ed50f4.css
  • yun.tuis####.com/newactivity/assets/showRecommend.89615d8a.js
  • yun.tuis####.com/newactivity/assets/showThanks.18de8f8a.css
  • yun.tuis####.com/newactivity/assets/showThanks.baa45fac.js
  • yun.tuis####.com/newactivity/assets/showVirtualPrize.22064505.css
  • yun.tuis####.com/newactivity/assets/showVirtualPrize.5452e95e.js
  • yun.tuis####.com/tuia/hunter/2.5.2/hunter.js
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP POST requests:
  • acti####.russi####.cn/activity/doJoin
  • acti####.russi####.cn/activity/getLimitTimes
  • acti####.russi####.cn/activity/result
  • acti####.russi####.cn/pluginTools/dojoin
  • acti####.russi####.cn/pluginTools/embeddedIndex
  • acti####.russi####.cn/pluginTools/responsiveIndex
  • acti####.russi####.cn/pluginTools/result
  • acti####.russi####.cn/token/getToken
  • adv.99y####.com/adv/dayActive
  • adv.99y####.com/adv/getTask
  • adv.99y####.com/adv/pluginFeedback
  • adv.99y####.com/adv/pluginReq
  • adv.99y####.com/adv/taskFedback
  • adv.jpi####.com/adv/pluginReq
  • api.51aiz####.cn/api/cmcc/check?sdk=####&app=####
  • api.51aiz####.cn/api/cmcc/config?sdk=####&app=####
  • api.51aiz####.cn/api/cmcc/register?sdk=####&app=####
  • d.bjsd####.com/index.php?r=####
  • e.ghe####.net:9908/e/a/t
  • fi####.d####.com/fingerprint/UVCount
  • fi####.d####.com/fingerprint/userAdd
  • fi####.d####.com/fingerprint/userFind
  • l.bjsd####.com/index.php?r=####
  • w.j####.cc/rio
  • z####.heyc####.net/getlist
  • z####.heyc####.net/xlogin
HTTP OPTIONS requests:
  • fi####.d####.com/fingerprint/UVCount
  • fi####.d####.com/fingerprint/userAdd
  • fi####.d####.com/fingerprint/userFind
File system changes:
Creates the following files:
  • /data/data/####/.jg.ic
  • /data/data/####/4e373f8.dex
  • /data/data/####/61561a876896a2a77dd8fe35b4403c0b.db
  • /data/data/####/99fa89db37b9859fdb387aa6b1199ad2.db
  • /data/data/####/AEOt5Y.jar
  • /data/data/####/B7uhvj.jar
  • /data/data/####/CachedGeoposition.db
  • /data/data/####/CachedGeoposition.db-journal
  • /data/data/####/JSON.xml
  • /data/data/####/JSpYn8.jar
  • /data/data/####/MIME.MF
  • /data/data/####/W_Key.xml
  • /data/data/####/YESKdg2mt.jar
  • /data/data/####/ccc9617.dex
  • /data/data/####/cdsdfdse.xml
  • /data/data/####/cdsdfdse.xml.bak
  • /data/data/####/cmcc.xml
  • /data/data/####/com.softfun.qiang.kidsmall.funnymaze_preferences.xml
  • /data/data/####/com_softfun_qiang_kidsmall_funnymaze.txt
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/downloadswc
  • /data/data/####/downloadswc-journal
  • /data/data/####/dpi
  • /data/data/####/e7liydI.jar
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/f_000003
  • /data/data/####/f_000004
  • /data/data/####/f_000005
  • /data/data/####/f_000006
  • /data/data/####/f_000007
  • /data/data/####/f_000008
  • /data/data/####/f_000009
  • /data/data/####/f_00000a
  • /data/data/####/f_00000b
  • /data/data/####/f_00000c
  • /data/data/####/f_00000d
  • /data/data/####/f_00000e
  • /data/data/####/f_00000f
  • /data/data/####/f_000010
  • /data/data/####/f_000011
  • /data/data/####/f_000012
  • /data/data/####/f_000013
  • /data/data/####/f_000014
  • /data/data/####/f_000015
  • /data/data/####/f_000016
  • /data/data/####/f_000017
  • /data/data/####/f_000018
  • /data/data/####/f_000019
  • /data/data/####/f_00001a
  • /data/data/####/f_00001b
  • /data/data/####/f_00001c
  • /data/data/####/f_00001d
  • /data/data/####/f_00001e
  • /data/data/####/f_00001f
  • /data/data/####/f_000020
  • /data/data/####/f_000021
  • /data/data/####/f_000022
  • /data/data/####/f_000023
  • /data/data/####/f_000024
  • /data/data/####/f_000025
  • /data/data/####/f_000026
  • /data/data/####/f_000027
  • /data/data/####/f_000028
  • /data/data/####/f_000029
  • /data/data/####/f_00002a
  • /data/data/####/f_00002b
  • /data/data/####/f_00002c
  • /data/data/####/f_00002d
  • /data/data/####/f_00002e
  • /data/data/####/f_00002f
  • /data/data/####/f_000030
  • /data/data/####/f_000031
  • /data/data/####/f_000032
  • /data/data/####/f_000033
  • /data/data/####/f_000034
  • /data/data/####/f_000035
  • /data/data/####/f_000036
  • /data/data/####/f_000037
  • /data/data/####/f_000038
  • /data/data/####/f_000039
  • /data/data/####/f_00003a
  • /data/data/####/f_00003b
  • /data/data/####/f_00003c
  • /data/data/####/f_00003d
  • /data/data/####/f_00003e
  • /data/data/####/f_00003f
  • /data/data/####/f_000040
  • /data/data/####/f_000041
  • /data/data/####/f_000042
  • /data/data/####/f_000043
  • /data/data/####/f_000044
  • /data/data/####/f_000045
  • /data/data/####/f_000046
  • /data/data/####/f_000047
  • /data/data/####/f_000048
  • /data/data/####/f_000049
  • /data/data/####/f_00004a
  • /data/data/####/f_00004b
  • /data/data/####/f_00004c
  • /data/data/####/f_00004d
  • /data/data/####/f_00004e
  • /data/data/####/f_00004f
  • /data/data/####/f_000050
  • /data/data/####/f_000051
  • /data/data/####/f_000052
  • /data/data/####/f_000053
  • /data/data/####/f_000054
  • /data/data/####/f_000055
  • /data/data/####/f_000056
  • /data/data/####/f_000057
  • /data/data/####/f_000058
  • /data/data/####/f_000059
  • /data/data/####/f_00005a
  • /data/data/####/f_00005b
  • /data/data/####/f_00005c
  • /data/data/####/f_00005d
  • /data/data/####/f_00005e
  • /data/data/####/f_00005f
  • /data/data/####/f_000060
  • /data/data/####/f_000061
  • /data/data/####/f_000062
  • /data/data/####/f_000063
  • /data/data/####/f_000064
  • /data/data/####/f_000065
  • /data/data/####/f_000066
  • /data/data/####/f_000067
  • /data/data/####/f_000068
  • /data/data/####/f_000069
  • /data/data/####/f_00006a
  • /data/data/####/f_00006b
  • /data/data/####/f_00006c
  • /data/data/####/f_00006d
  • /data/data/####/f_00006e
  • /data/data/####/f_00006f
  • /data/data/####/f_000070
  • /data/data/####/f_000071
  • /data/data/####/f_000072
  • /data/data/####/hid.db
  • /data/data/####/index
  • /data/data/####/libjiagu-406971276.so
  • /data/data/####/st.xml
  • /data/data/####/temp_file
  • /data/data/####/temp_file (deleted)
  • /data/data/####/vgsvfshq.data-journal
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/x9.so
  • /data/media/####/.nid
  • /data/media/####/5.0ww9.jar.z
  • /data/media/####/LHYY20190402.jar
  • /data/media/####/N38de20181225.jar
  • /data/media/####/cjmob20190301.jar
  • /data/media/####/com_softfun_qiang_kidsmall_funnymaze.txt
  • /data/media/####/dfkn.jar
  • /data/media/####/kzd20190428.jar
  • /data/media/####/mfgz.jar
  • /data/media/####/papp20190412.jar
  • /data/media/####/restime.dat
  • /data/media/####/sdk04dex20190218.jar
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/sh
  • cat /sys/class/android_usb/android0/idProduct
  • cat /sys/class/android_usb/android0/idVendor
  • chmod 0755 <Package Folder>/app_ht_sdk/check/MIME.MF
  • chmod 0755 <Package Folder>/app_ht_sdk/check/x9.so
  • chmod 755 <Package Folder>/.jiagu/libjiagu-406971276.so
  • getprop
  • ls -l /dev
  • ls -l /dev/block
  • ls -l /dev/block/vold
  • ls -l /dev/bus
  • ls -l /dev/bus/usb
  • ls -l /dev/bus/usb/001
  • ls -l /dev/com.android.settings.daemon
  • ls -l /dev/cpuctl
  • ls -l /dev/cpuctl/apps
  • ls -l /dev/cpuctl/apps/bg_non_interactive
  • ls -l /dev/graphics
  • ls -l /dev/input
  • ls -l /dev/log
  • ls -l /dev/pts
  • ls -l /dev/snd
  • ls -l /dev/socket
  • ps
Loads the following dynamic libraries:
  • libjiagu-406971276
Uses the following algorithms to encrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • ARCFOUR
  • DES
  • DES-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play