Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.DownLoader.4412

Added to the Dr.Web virus database: 2019-05-20

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.611.origin
  • Android.Triada.470.origin
Downloads the following detected threats from the Internet:
  • Android.DownLoader.611.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) v2.g####.qq.com:80
  • TCP(HTTP/1.1) nb.i36####.com:9000
  • TCP(HTTP/1.1) sj.i36####.com:9000
  • TCP(HTTP/1.1) 1####.1.170.12:8082
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) a.xinxian####.com:80
  • TCP(HTTP/1.1) dn.tc####.com:80
  • TCP(HTTP/1.1) s####.tc.qq.com:80
  • TCP(HTTP/1.1) l####.tbs.qq.com:80
  • TCP(HTTP/1.1) d####.wos####.com:80
  • TCP(HTTP/1.1) np.bul####.cn:6087
  • TCP(HTTP/1.1) c.c####.com:80
  • TCP(HTTP/1.1) 2####.98.33.230:8888
  • TCP(HTTP/1.1) s####.e.qq.com:80
  • TCP(HTTP/1.1) 1####.26.106.206:8088
  • TCP(HTTP/1.1) qzones####.g####.cn.####.com:80
  • TCP(HTTP/1.1) ping####.qq.com:80
  • TCP(HTTP/1.1) weiboi####.g####.sina####.com:80
  • TCP(HTTP/1.1) k####.kyli####.com.####.com:80
  • TCP(HTTP/1.1) z####.heyc####.net:80
  • TCP(HTTP/1.1) j.i36####.com:9000
  • TCP(HTTP/1.1) a####.b####.com:80
  • TCP(HTTP/1.1) ad.q####.cn:80
  • TCP(HTTP/1.1) m.benb####.com:80
  • TCP(HTTP/1.1) w####.pcon####.com.cn:80
  • TCP(HTTP/1.1) mi.g####.qq.com:80
  • TCP(HTTP/1.1) ny.bul####.cn:666
  • TCP(HTTP/1.1) dn.bule####.com:80
  • TCP(HTTP/1.1) weib####.g####.sina####.com:80
  • TCP(HTTP/1.1) v3.bule####.cn:7001
  • TCP(HTTP/1.1) s####.caiji####.com:666
  • TCP(HTTP/1.1) at.al####.com:80
  • TCP(HTTP/1.1) tvaxw####.g####.sina####.com:80
  • TCP(HTTP/1.1) gs.a.s####.com:80
  • TCP(HTTP/1.1) st####.guantou####.com:80
  • TCP(HTTP/1.1) a####.caiji####.com:80
  • TCP(TLS/1.0) a####.d####.com:443
  • TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) analy####.map.qq.com:443
  • TCP(TLS/1.0) z.c####.com:443
  • TCP(TLS/1.0) weib####.g####.sina####.com:443
  • TCP(TLS/1.0) k####.kyli####.com.####.com:443
  • TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) analy####.ray####.com:443
  • TCP(TLS/1.0) gm.mm####.com:443
  • TCP(TLS/1.0) s####.d####.com:443
  • TCP(TLS/1.0) a####.b####.com:443
  • TCP(TLS/1.0) s####.tc.qq.com:443
  • TCP(TLS/1.0) i####.d####.com:443
  • TCP(TLS/1.0) fk-old-####.ray####.com:443
  • TCP(TLS/1.0) aliyuno####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) c.c####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) pin####.qq.com:443
  • TCP(TLS/1.0) gd.a.s####.com:443
DNS requests:
  • a####.b####.com
  • a####.caiji####.com
  • a####.d####.com
  • a.xinxian####.com
  • ad.q####.cn
  • aliyuno####.oss-cn-####.aliy####.com
  • analy####.map.qq.com
  • analy####.ray####.com
  • api.r####.com
  • at.al####.com
  • c####.mm####.com
  • c.c####.com
  • cdn.static####.org
  • chan####.itc.cn
  • chan####.s####.com
  • d####.wos####.com
  • dn.bule####.com
  • dn.tc####.com
  • hm.b####.com
  • i####.d####.com
  • imgc####.qq.com
  • j.i36####.com
  • k####.kyli####.com
  • l####.tbs.qq.com
  • log.u####.com
  • m.benb####.com
  • mi.g####.qq.com
  • nb.i36####.com
  • np.bul####.cn
  • ny.bul####.cn
  • pi####.qq.com
  • pin####.qq.com
  • ping####.qq.com
  • plb####.u####.com
  • pv.s####.com
  • qzones####.g####.cn
  • s####.caiji####.com
  • s####.d####.com
  • s####.e.qq.com
  • s23.c####.com
  • s96.c####.com
  • set####.ray####.com
  • sj.i36####.com
  • st####.guantou####.com
  • t####.sin####.cn
  • tj.da####.com
  • u####.u####.com
  • v2.g####.qq.com
  • v3.bule####.cn
  • w####.pcon####.com.cn
  • ws3.sin####.cn
  • ww2.sin####.cn
  • www.google-####.com
  • wx1.sin####.cn
  • wx3.sin####.cn
  • wx4.sin####.cn
  • z####.heyc####.net
  • z5.c####.com
HTTP GET requests:
  • a####.b####.com/libs/jquery/2.1.4/jquery.min.js
  • at.al####.com/t/font_1448978046_1349916.ttf
  • c.c####.com/core.php?web_id=####&show=####&t=####
  • c.c####.com/z_stat.php?id=####&show=####
  • dn.bule####.com/dnfile/cmm/SWrapComm0517.jar
  • dn.bule####.com/dnfile/video/VideoKernalApiTT_110.jar
  • dn.bule####.com/dnfile/wmp/WG20190306154903_319L1519_0326.jar
  • dn.tc####.com/dnfile/Video/2018071017075700wr0f.mp4
  • dn.tc####.com/dnfile/image/nwny/1280-720-1.jpg
  • dn.tc####.com/dnfile/image/nwny/720-1280-1.jpg
  • gd.a.s####.com/api/2/config/get/cytc3pbB2?callback=####
  • gd.a.s####.com/api/3/topic/liteload?callback=####&client_id=####&topic_u...
  • gd.a.s####.com/debug/cookie?callback=####
  • gd.a.s####.com/debug/cookie?setCook####&callback=####&Mon May####
  • gd.a.s####.com/upload/version-v3.js?1558342####
  • gs.a.s####.com//mdevp/extensions/longloop/002/longloop.js?_=####
  • gs.a.s####.com/mdevp/extensions/mobile-icp-tips/018/mobile-icp-tips.js
  • gs.a.s####.com/v3/v20190515994/src/adapter.min.js
  • gs.a.s####.com/v3/v20190515994/src/start.min.js
  • j.i36####.com:9000/jsonServer/LanMei003
  • j.i36####.com:9000/jsonServer/LanMei01
  • j.i36####.com:9000/jsonServer/MGChannel003
  • k####.kyli####.com.####.com/1557820324778_utils.ttf
  • m.benb####.com/
  • m.benb####.com/dsj/index_1_____addtime__1.html
  • m.benb####.com/dy/index_1_____addtime__1.html
  • m.benb####.com/js/20-4.js
  • m.benb####.com/js/20X4.js
  • m.benb####.com/js/dibu.js
  • m.benb####.com/js/tongji.js
  • m.benb####.com/js/uaredirectformobile.js
  • m.benb####.com/static/css/index.css
  • m.benb####.com/static/css/index_v3.css
  • m.benb####.com/static/js/common.min.js
  • m.benb####.com/static/js/global_v3.js?0####
  • m.benb####.com/static/js/home.js
  • m.benb####.com/static/js/iscroll.js
  • m.benb####.com/static/js/jquery-1.7.2.min.js
  • m.benb####.com/static/js/jquery-lazyload.js
  • m.benb####.com/static/js/jquery.base.js
  • m.benb####.com/static/js/km-package.js?0####
  • m.benb####.com/static/js/swiper-4.2.0.min.js
  • m.benb####.com/static/js/tj.js
  • m.benb####.com/zzp/zhongguolankui/
  • m.benb####.com/zzp/zhongguolankui/player-1-0.html
  • mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
  • ping####.qq.com/pingd?dm=####&pvi=####&si=####&url=####&arg=####&ty=####...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.a...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.h...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/a...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/b...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/c...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/d...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/g...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/i...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/s...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/t...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/js-relea...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/js/lib/r...
  • qzones####.g####.cn.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/p...
  • s####.tc.qq.com/h5/stats.js?v2####
  • st####.guantou####.com/stat13.html
  • tvaxw####.g####.sina####.com/large/005BYqpgly1g14wayv4lrj30b40ftdki.jpg
  • tvaxw####.g####.sina####.com/large/005BYqpgly1g1kspwvp3ej30b40fk7ah.jpg
  • tvaxw####.g####.sina####.com/mw690/0060lm7Tly1fvpnsuusj4j30b40fqwh5.jpg
  • tvaxw####.g####.sina####.com/mw690/006LS6P5gy1fxj1ykt5cxj30ci0hiqbe.jpg
  • tvaxw####.g####.sina####.com/mw690/006NJnzmgy1ffvpdyepezj30br0gomz5.jpg
  • tvaxw####.g####.sina####.com/orj360/005BYqpgly1g1dq1cwwc2j30b40fkjuq.jpg
  • tvaxw####.g####.sina####.com/orj360/005BYqpgly1g1ofatlyx1j30b40fkwfq.jpg
  • tvaxw####.g####.sina####.com/orj360/0072Lfvtly1fzx4erlxrfj30b40fk779.jpg
  • v2.g####.qq.com/gdt_stats.fcg?viewid=####&i=####&os=####&xp=####
  • weib####.g####.sina####.com/large/005BYqpggy1g36wfyf35gj30a00eg0v9.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g34br34r3cj30a00egq6b.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g35p3xu7tjj30a00egtbp.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g35p5mym3uj30a00eg766.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g35p8z78tjj30a00egq5k.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g35pg6mywpj30a00egjtu.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g36iig487uj30a00egjsm.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g37lylvizmj30a00egwg7.jpg
  • weib####.g####.sina####.com/orj360/005BYqpggy1g37mj28vy5j30a00eg407.jpg
  • weib####.g####.sina####.com/orj360/005zWjpngy1fvcpy98r94j30b40fw77g.jpg
  • weib####.g####.sina####.com/orj360/005zWjpngy1fvod7jih0sj30b40fa0xw.jpg
  • weib####.g####.sina####.com/orj360/0060lm7Tly1g2t3mx1v68j30a00dcgoe.jpg
  • weib####.g####.sina####.com/orj360/0060lm7Tly1g2yibxiydnj30a00dcgnm.jpg
  • weiboi####.g####.sina####.com/large/005BYqpggy1g1njivjh4rj30go06oq5o.jpg
  • weiboi####.g####.sina####.com/large/005BYqpggy1g1njk729wfj30go06o0wx.jpg
  • weiboi####.g####.sina####.com/large/005BYqpggy1g1whfgyiwbj30go06o40x.jpg
  • weiboi####.g####.sina####.com/large/005BYqpgly1g1qk0j8bvuj30j608041s.jpg
  • weiboi####.g####.sina####.com/large/005BYqpgly1g1w986gn2nj30j6080whk.jpg
  • weiboi####.g####.sina####.com/orj360/0060lm7Tly1g2l0luale8j30b40fkdjj.jpg
  • weiboi####.g####.sina####.com/orj360/0060lm7Tly1g2s1kz3be6j30a00dc76e.jpg
  • weiboi####.g####.sina####.com/orj360/0060lm7Tly1g2zvrc4k6sj30a00dcdih.jpg
HTTP POST requests:
  • a####.caiji####.com/v2/load/mobile
  • a.xinxian####.com/encrypt/json/taokl
  • ad.q####.cn/interfaces.do
  • d####.wos####.com/upload/longheartbeat.jsp
  • gd.a.s####.com/cityjson
  • j.i36####.com:9000/api/jadReport.do
  • l####.tbs.qq.com/ajax?c=####&k=####
  • nb.i36####.com:9000/api/getAdInfoByDevice.do
  • nb.i36####.com:9000/api/getAdInfoById.do
  • nb.i36####.com:9000/api/vsp/getVspCore.do
  • np.bul####.cn:6087/Sdk/reportTask
  • np.bul####.cn:6087/Sdk/task
  • ny.bul####.cn:666/api_yi.aspx
  • ny.bul####.cn:666/slsdk/api_report.aspx
  • ny.bul####.cn:666/slsdk/cmm_settings.aspx
  • ny.bul####.cn:666/slsdk/getdata.aspx
  • s####.caiji####.com:666/v1/config
  • s####.e.qq.com/activate
  • s####.e.qq.com/msg
  • sj.i36####.com:9000/api/getAdInfoById.do
  • v3.bule####.cn:7001/v3/api_request.aspx
  • v3.bule####.cn:7001/v3/api_settings.aspx
  • w####.pcon####.com.cn/ip.jsp
  • z####.heyc####.net/getlist
  • z####.heyc####.net/xlogin
File system changes:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/1848fe9e872e3b7ccc7f675158d8a362.0.tmp
  • /data/data/####/1848fe9e872e3b7ccc7f675158d8a362.1.tmp
  • /data/data/####/1896bc1b13b30fde115ad67df4e1577c.0.tmp
  • /data/data/####/1896bc1b13b30fde115ad67df4e1577c.1.tmp
  • /data/data/####/1d56977868a553bbbc31816f94987019.0.tmp
  • /data/data/####/1d56977868a553bbbc31816f94987019.1.tmp
  • /data/data/####/1e3382ac45683c99ed1dfa42a445dfef.0.tmp
  • /data/data/####/1e3382ac45683c99ed1dfa42a445dfef.1.tmp
  • /data/data/####/1f94e81e4037ad85ce76dca55ffb0556.0.tmp
  • /data/data/####/1f94e81e4037ad85ce76dca55ffb0556.1.tmp
  • /data/data/####/2716.yaqcookie
  • /data/data/####/2fa444125c2715c0335dd22c8a697e29.0.tmp
  • /data/data/####/2fa444125c2715c0335dd22c8a697e29.1.tmp
  • /data/data/####/3f51694ce0f45c9ff9ff3d7586c530d0.0.tmp
  • /data/data/####/3f51694ce0f45c9ff9ff3d7586c530d0.1.tmp
  • /data/data/####/44f9c233082844683da870595b5ad550.0.tmp
  • /data/data/####/44f9c233082844683da870595b5ad550.1.tmp
  • /data/data/####/4bb0cfa5d853f8091f771391ba5e697c.0.tmp
  • /data/data/####/4bb0cfa5d853f8091f771391ba5e697c.1.tmp
  • /data/data/####/4c0094bc30adddfe9aa48c95f4fd8961.0.tmp
  • /data/data/####/4c0094bc30adddfe9aa48c95f4fd8961.1.tmp
  • /data/data/####/51e6dce005e37df191b87c119ee0ac65.0.tmp
  • /data/data/####/51e6dce005e37df191b87c119ee0ac65.1.tmp
  • /data/data/####/5797742fbd8848c80e8a9dbacfbae74f.0.tmp
  • /data/data/####/5797742fbd8848c80e8a9dbacfbae74f.1.tmp
  • /data/data/####/6323fcb5ad3ab62dbf4109be18ee0486.0.tmp
  • /data/data/####/6323fcb5ad3ab62dbf4109be18ee0486.1.tmp
  • /data/data/####/74eb2ce5139ed8b4e6b6b2e1a41fd93d.0.tmp
  • /data/data/####/74eb2ce5139ed8b4e6b6b2e1a41fd93d.1.tmp
  • /data/data/####/83d076b771bd1a2d3cd0791f90d96d5e.0.tmp
  • /data/data/####/83d076b771bd1a2d3cd0791f90d96d5e.1.tmp
  • /data/data/####/99b945ae00c6cd2a2c2d4cced8ea3468.0.tmp
  • /data/data/####/99b945ae00c6cd2a2c2d4cced8ea3468.1.tmp
  • /data/data/####/Alvin2.xml
  • /data/data/####/ApplicationCache.db-journal
  • /data/data/####/BuglySdkInfos.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/GDTSDK.db
  • /data/data/####/GDTSDK.db-journal
  • /data/data/####/MovieRadar.db-journal
  • /data/data/####/MultiDex.lock
  • /data/data/####/SearchHistory_db
  • /data/data/####/SearchHistory_db-journal
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/VideoRes.apk
  • /data/data/####/a9770c2006887482272be6d567aa5a13.0.tmp
  • /data/data/####/a9770c2006887482272be6d567aa5a13.1.tmp
  • /data/data/####/ad673423ac51eeea2fec4d3235094371.0.tmp
  • /data/data/####/ad673423ac51eeea2fec4d3235094371.1.tmp
  • /data/data/####/apps.qylog
  • /data/data/####/b685c4405c9fef6e96a86e3835c4f6be.0.tmp
  • /data/data/####/b685c4405c9fef6e96a86e3835c4f6be.1.tmp
  • /data/data/####/c79675e0387ff5f94002118d074dd4af.0.tmp
  • /data/data/####/c79675e0387ff5f94002118d074dd4af.1.tmp
  • /data/data/####/cmcc.xml
  • /data/data/####/com.liuchao.sanji.movieheaven_preferences.xml
  • /data/data/####/config.conf
  • /data/data/####/config.xml
  • /data/data/####/config.xml.bak
  • /data/data/####/core_info
  • /data/data/####/d7ff6d924052c755d8a64510b527dbcc.0.tmp
  • /data/data/####/d7ff6d924052c755d8a64510b527dbcc.1.tmp
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTU4MzQyNzE1MjI0;
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTU4MzQyNzM4MTUy;
  • /data/data/####/dW1weF9zaGFyZV8xNTU4MzQyNzE3ODE2;
  • /data/data/####/dW1weF9zaGFyZV8xNTU4MzQyNzE4MDA5;
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/data_3 (deleted)
  • /data/data/####/debug.conf
  • /data/data/####/devCloudSetting.cfg
  • /data/data/####/devCloudSetting.sig
  • /data/data/####/dexMethod.11475203.dat
  • /data/data/####/download_upload
  • /data/data/####/dpi
  • /data/data/####/e345e47f7dcf39d547ab2c86ab4161dc.0.tmp
  • /data/data/####/e345e47f7dcf39d547ab2c86ab4161dc.1.tmp
  • /data/data/####/e4b4a9c00093a9b3ea613d5dc0412b3a.0.tmp
  • /data/data/####/e4b4a9c00093a9b3ea613d5dc0412b3a.1.tmp
  • /data/data/####/eba33f9550b19a88ec652e746d8e7550.0.tmp
  • /data/data/####/eba33f9550b19a88ec652e746d8e7550.1.tmp
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f6057e4d13b3497c7145a16b6236b282.0.tmp
  • /data/data/####/f6057e4d13b3497c7145a16b6236b282.1.tmp
  • /data/data/####/f74734c92e5fcc8db90a9939dd2a48a6.0.tmp
  • /data/data/####/f74734c92e5fcc8db90a9939dd2a48a6.1.tmp
  • /data/data/####/f_000001
  • /data/data/####/f_000002
  • /data/data/####/f_000003
  • /data/data/####/f_000004
  • /data/data/####/f_000005
  • /data/data/####/f_000006
  • /data/data/####/f_000007
  • /data/data/####/f_000008
  • /data/data/####/f_000009
  • /data/data/####/f_00000a
  • /data/data/####/f_00000b
  • /data/data/####/f_00000c
  • /data/data/####/f_00000d
  • /data/data/####/f_00000e
  • /data/data/####/f_00000f
  • /data/data/####/f_000010
  • /data/data/####/f_000011
  • /data/data/####/f_000012
  • /data/data/####/gdt_config.cfg
  • /data/data/####/gdt_plugin.jar
  • /data/data/####/gdt_plugin.jar.sig
  • /data/data/####/gdt_plugin.tmp
  • /data/data/####/gdt_plugin.tmp.sig
  • /data/data/####/gdt_plugin.zip
  • /data/data/####/gdt_suid
  • /data/data/####/hid.db
  • /data/data/####/i==1.2.0&&5.0.3_1558342715488_envelope.log
  • /data/data/####/i==1.2.0&&5.0.3_1558342738209_envelope.log
  • /data/data/####/id277f6528-320f-4d77-a9d0-2f7e4df3dfb0.tmp
  • /data/data/####/index
  • /data/data/####/info.xml
  • /data/data/####/journal
  • /data/data/####/journal.tmp
  • /data/data/####/kobox.0.sp.xml
  • /data/data/####/libjiagu1276065012.so
  • /data/data/####/libyaqbasic.11475203.so
  • /data/data/####/libyaqpro.11475203.so
  • /data/data/####/load_MTAwMF8xMjAxXzE0OTAwODAw;.xml
  • /data/data/####/mintegral.msdk.db-journal
  • /data/data/####/mintegral.xml
  • /data/data/####/mintegral.xml.bak
  • /data/data/####/multidex.version.xml
  • /data/data/####/prdopt.xml
  • /data/data/####/qy_config.xml
  • /data/data/####/qy_rx.jar
  • /data/data/####/rd_rx.jar
  • /data/data/####/sdkCloudSetting.cfg
  • /data/data/####/sdkCloudSetting.sig
  • /data/data/####/share.db-journal
  • /data/data/####/share_date.xml
  • /data/data/####/spfn_MTAwMF8xMjAxXzE0OTAwODAw;.xml
  • /data/data/####/t==8.0.0&&5.0.3_1558342715957_envelope.log
  • /data/data/####/tbs_download_config.xml
  • /data/data/####/tbs_download_stat.xml
  • /data/data/####/tbs_pv_config
  • /data/data/####/tbscoreinstall.txt
  • /data/data/####/tbslock.txt
  • /data/data/####/tdargs.xml
  • /data/data/####/tmp7.xml
  • /data/data/####/tools8977.xml
  • /data/data/####/tools8977New.xml
  • /data/data/####/u877.jar
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_location.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_socialize.xml
  • /data/data/####/update_lc
  • /data/data/####/videokernel.apk
  • /data/data/####/videokernel.dex (deleted)
  • /data/data/####/videonewyd_db-journal
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/yaqsdkcookie
  • /data/media/####/-2077649869
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.cdeviceID
  • /data/media/####/.nid
  • /data/media/####/.nomedia
  • /data/media/####/.umm.dat
  • /data/media/####/2018071017075700wr0f.mp4
  • /data/media/####/2018071017075700wr0f.mp4.tmp
  • /data/media/####/775401827
  • /data/media/####/Alvin2.xml
  • /data/media/####/ContextData.xml
  • /data/media/####/Videoshell.log
  • /data/media/####/engc.jar
  • /data/media/####/kernel.dat
  • /data/media/####/sysid.dat
  • /data/media/####/tag2.datb8a12c3a-dd00-43bf-8345-77554e8162f2.tmp
  • /data/media/####/tbslog.txt
  • /data/media/####/tmpbl.jar
  • /data/media/####/u877.jar.tmp
  • /data/media/####/webengine.jar
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/sh
  • cat /sys/class/android_usb/android0/idProduct
  • cat /sys/class/android_usb/android0/idVendor
  • cat /sys/class/net/wlan0/address
  • getprop
  • getprop ro.product.cpu.abi
  • ls -l /dev
  • ls -l /dev/block
  • ls -l /dev/block/vold
  • ls -l /dev/bus
  • ls -l /dev/bus/usb
  • ls -l /dev/bus/usb/001
  • ls -l /dev/com.android.settings.daemon
  • ls -l /dev/cpuctl
  • ls -l /dev/cpuctl/apps
  • ls -l /dev/cpuctl/apps/bg_non_interactive
  • ls -l /dev/graphics
  • ls -l /dev/input
  • ls -l /dev/log
  • ls -l /dev/pts
  • ls -l /dev/snd
  • ls -l /dev/socket
  • ls /
  • ls /sys/class/thermal
  • ps
Loads the following dynamic libraries:
  • libjiagu1276065012
  • libyaqbasic.11475203
  • libyaqpro.11475203
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-CFB-NOPADDING
  • AES-ECB-PKCS7Padding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-NoPadding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-CFB-NOPADDING
  • AES-ECB-PKCS7Padding
  • DES
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android