FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.Triada.4281

Added to the Dr.Web virus database: 2019-10-24

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Triada.477.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) api.b####.lie####.cn:80
  • TCP(HTTP/1.1) api.sdk.f####.cn:80
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) ly-xiao####.oss-cn-####.aliy####.com:80
  • TCP(HTTP/1.1) me####.t####.com.####.cn:80
  • TCP(HTTP/1.1) api.v2.sdk.####.cn:80
  • TCP(HTTP/1.1) oss-cn-####.aliy####.com:80
  • TCP(HTTP/1.1) con####.dop.360.cn:80
  • TCP(HTTP/1.1) 2####.205.239.188:80
  • TCP(TLS/1.0) api.map.b####.com:443
  • TCP(TLS/1.0) av1.x####.com:443
  • TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) h####.b####.com:443
  • TCP(TLS/1.0) c####.x####.com:443
  • TCP(TLS/1.0) loc.map.b####.com:443
  • TCP(TLS/1.0) p####.ou####.com:4433
  • TCP(TLS/1.0) i####.j####.com:443
  • TCP(TLS/1.0) abc.abcdse####.com:8888
DNS requests:
  • abc.abcdse####.com
  • api.b####.lie####.cn
  • api.map.b####.com
  • api.sdk.f####.cn
  • api.v2.sdk.####.cn
  • av1.x####.com
  • c####.x####.com
  • c####.x####.com
  • con####.dop.360.cn
  • h####.b####.com
  • i####.j####.com
  • j####.lie####.cn
  • loc.map.b####.com
  • log.u####.com
  • ly-xiao####.oss-cn-####.aliy####.com
  • m.b####.lie####.cn
  • me####.t####.com
  • oss-cn-####.aliy####.com
  • p####.ou####.com
  • plb####.u####.com
  • pv.s####.com
  • u####.u####.com
HTTP GET requests:
  • api.b####.lie####.cn/Api/start_pic/startpiclist
  • api.b####.lie####.cn/Book/homeBookNew?gender=####
  • api.b####.lie####.cn/Book/homeFindNew
  • api.b####.lie####.cn/Home/Book/getFindNewBookCircle?limit=####&page=####
  • api.b####.lie####.cn/Service/getAppVersion?channelId=####&packageName=##...
  • api.b####.lie####.cn/Service/reportDevice?factor=####&imei=####&imsi=###...
  • api.b####.lie####.cn/User/getAdFreeConfig?token=####
  • api.b####.lie####.cn/User/getInfo?token=####
  • api.b####.lie####.cn/service/getAdConfig?channelId=####&device_type=####...
  • api.b####.lie####.cn/user/syncUserBooksByAdmin?gender=####&token=####
  • api.b####.lie####.cn/user_agreement.html
  • api.sdk.f####.cn/v2/initUrl?appId=####
  • gd.a.s####.com/cityjson?ie=####
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/15082.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/15134.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/153712.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/16988.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17720.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17742.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17805.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17812.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/20527.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23685.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23742.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23752.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23862.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/25135.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/25150.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/152983.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153317.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153352.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153688.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/changdu/117344.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112138.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112281.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112282.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112389.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112390.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/113449.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114017.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114206.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114222.jpg
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-07-15/c8...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-07-29/2f...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-08-23/1c...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/27...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/4d...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/66...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/82...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/8b...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/cd...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/eb...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-23/df...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_avatar/2019_07_27/5d3...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_avatar/2019_08_19/5d5...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_avatar/2019_09_02/5d6...
  • ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/f85e5443122e...
  • me####.t####.com.####.cn/2/e/4/4/2e442def9c29f03dfbf9ef7afe803cde.jpg
  • me####.t####.com.####.cn/2014/07/07/b/0/3/3/b0334d488a4844ab94bf329b4c76...
  • me####.t####.com.####.cn/2014/12/31/4/0/5/e/405eb22214fc4feda18e9194836b...
  • me####.t####.com.####.cn/2015/11/24/5/c/c/a/5cca3221f606410bae1ec32ba7b4...
  • me####.t####.com.####.cn/2016/01/06/4/7/6/1/4761e84d80be404787ad94297d72...
  • me####.t####.com.####.cn/2016/01/19/6/e/2/b/6e2b3c51909b4b16aff541175cf5...
  • me####.t####.com.####.cn/2016/11/10/c/e/8/d/ce8d4e14b702490db1deb6f4dcd9...
  • me####.t####.com.####.cn/2017/05/02/b/6/5/d/b65ddedbf5ce41d98e43d1557f69...
  • me####.t####.com.####.cn/2017/09/22/b/b/9/8/bb9872f15d434d90827434fccf5d...
  • me####.t####.com.####.cn/2018/06/14/0/2/0/9/0209c5d66428479a93fe89b0c03e...
  • me####.t####.com.####.cn/2019/03/29/12/22/f7bc863ba7794b81baecc76d84587a...
  • me####.t####.com.####.cn/3/b/5/5/3b558167588a61914c0071b31cf4421b.jpg
  • me####.t####.com.####.cn/7/7/2/6/7726e3ed586131df6e06ffc1ff6b016b.jpg
  • me####.t####.com.####.cn/7/b/0/d/7b0d4fe572f5eff8b32ee26fe14037e9.jpg
  • me####.t####.com.####.cn/e/b/a/0/eba03e7edba8fcc61383edff40547151.jpg
  • me####.t####.com.####.cn/f/3/1/2/f312e6e63fc64633b2ffa9452ea0b246.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c876060c.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c98d25d3.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14ca254c4b.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14de068502.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14df6a02d9.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14e1990357.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1523901ccd.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15252e7fce.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1526a11e7f.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1552937362.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1553251a46.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1553e7308c.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15574d6bcf.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e11d8e55.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e229f177.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f677d226.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f7a544c8.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-15/5d2c3935b51d3.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d33ef61ed6.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d34375560f.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d353b01914.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-30/5d4047ef5cd27.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-30/5d404d1f35f30.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c0fd3a13.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c3a36bfb.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c7a81e8f.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c98f112b.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-12/5d50df4380901.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-13/5d5269d2891f2.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3c7cf3952.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3c8da6c76.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-26/5d6350b18b8a8.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-06/5d7220b467b34.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7630fa2c67b.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7631085aaa4.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d76311722db1.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d763125b14ff.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-16/5d7efe1f8203c.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-20/5d843e7e17175.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-15/5da5297e20207.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-15/5da529d0e9442.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-15/5da52a107abe8.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5dafefdad7623.jpg
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5daff2ce5afcd.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db007fc40c10.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db00885e02e6.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db00b71f3a05.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db00bc202738.png
  • oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db02b0110052.png
HTTP POST requests:
  • api.b####.lie####.cn/ReportStaticts/startUp
  • api.v2.sdk.####.cn/v2/aiList
  • con####.dop.360.cn/uploadConvert
File system changes:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.updateIV.dat
  • /data/data/####/00O000ll111l_0.dex
  • /data/data/####/00O000ll111l_1.dex
  • /data/data/####/020f5e394f13b48c7aa7f667310d3da12e8e9c82f45b165....0.tmp
  • /data/data/####/0OO00l111l1l
  • /data/data/####/0OO00l111l1l.lock
  • /data/data/####/0b9f746fa54c195d222880938cfed10e4b3737c97d3d048....0.tmp
  • /data/data/####/1004
  • /data/data/####/110703.jar
  • /data/data/####/110882.jar
  • /data/data/####/115cbae01d40fcf36f4d54dfcacfdfbf426482734ce1d92....0.tmp
  • /data/data/####/1571888055485_2227
  • /data/data/####/1571888055595_2227
  • /data/data/####/1571888055740_2227
  • /data/data/####/1571888055894_2227
  • /data/data/####/1571888056174_2227
  • /data/data/####/1571888056531_2227
  • /data/data/####/1571888058878_2227
  • /data/data/####/1571888059104_2227
  • /data/data/####/1571888059374_2227
  • /data/data/####/1571888059569_2227
  • /data/data/####/1571888060094_2227
  • /data/data/####/1571888060195_2227
  • /data/data/####/1571888060271_2227
  • /data/data/####/1571888060378_2227
  • /data/data/####/1571888064098_2406
  • /data/data/####/1571888064918_2406
  • /data/data/####/1571888066245_2406
  • /data/data/####/1571888077626_2227
  • /data/data/####/1571888077782_2227
  • /data/data/####/1571888077948_2227
  • /data/data/####/1571888078418_2227
  • /data/data/####/1571888078665_2227
  • /data/data/####/1571888078735_2227
  • /data/data/####/1571888078758_2227
  • /data/data/####/1571888078900_2227
  • /data/data/####/1571888109711_2227
  • /data/data/####/1571888109832_2227
  • /data/data/####/1571888109905_2227
  • /data/data/####/1571888109975_2227
  • /data/data/####/1571888110085_2227
  • /data/data/####/1571888110180_2227
  • /data/data/####/1571888110347_2227
  • /data/data/####/1571888110450_2227
  • /data/data/####/1571888111079_2227
  • /data/data/####/1571888111191_2227
  • /data/data/####/1571888111227_2227
  • /data/data/####/1571888111272_2227
  • /data/data/####/1571888111319_2227
  • /data/data/####/1571888111411_2227
  • /data/data/####/1571888111448_2227
  • /data/data/####/1571888111489_2227
  • /data/data/####/1571888111626_2227
  • /data/data/####/1571888111828_2227
  • /data/data/####/1571888111887_2227
  • /data/data/####/1571888111961_2227
  • /data/data/####/1571888112027_2227
  • /data/data/####/1571888112165_2227
  • /data/data/####/1571888112224_2227
  • /data/data/####/1571888112266_2227
  • /data/data/####/1571888120217_2227
  • /data/data/####/179b1e46920359283634234526d259035a04e60fa0d3a1d....0.tmp
  • /data/data/####/17ca34a96c9382fe8b6b04fca8927473b0f8a8b85e1abda....0.tmp
  • /data/data/####/1d8c6d63f28990dabdc1b5f8d24e3d4c771ea1f1fcfce13....0.tmp
  • /data/data/####/22c4d56706005b2071a4da49c3c8a194a872306a9245545....0.tmp
  • /data/data/####/22c6a5654ec0b6d780514a16ecc39396af7ed359cb72a1b....0.tmp
  • /data/data/####/27d22f2138b2ca0272830794a3b1e6189057fd287cc1c1e....0.tmp
  • /data/data/####/28d8d859c648f61f65a6447e79f53e33ebfd4d68aaf68e0....0.tmp
  • /data/data/####/29e4fb94932189909efc8163d7001619d3ab233f2679201....0.tmp
  • /data/data/####/2dcaa711587b15ef5f1421767138ea7a12dcb695ffb08f3....0.tmp
  • /data/data/####/2f0dae7555d9298929967842615822c1747a8add4185c17....0.tmp
  • /data/data/####/2f6b12156e0cbd1219191d1e82e97e7faecef7b01b28e68....0.tmp
  • /data/data/####/2f6b12156e0cbd1219191d1e82e97e7faecef7b01b28e68...leted)
  • /data/data/####/302c926ea71f9abb1e8dad69a7acc70a7ff447e482db78d....0.tmp
  • /data/data/####/3093843cad7e9b99e757b0e9d67d921749f7766001419c1....0.tmp
  • /data/data/####/34c6ee411feaeb9a291df9351feda62ae2b91400ff3e4c8....0.tmp
  • /data/data/####/401e498822d1d2b68c37e489662b86790eb891f1fbdda35....0.tmp
  • /data/data/####/42263c31592a78b550310758c5e8fa384ad6f8b10a90c5f....0.tmp
  • /data/data/####/433c03790ebffbdb90a63fba466a07413bde9badbb973fb....0.tmp
  • /data/data/####/45ade48d321f024c6ade6cff23958bced533040e002b30d....0.tmp
  • /data/data/####/4611afd046dde43b1d16108384d4e2e511839d9a6723a13....0.tmp
  • /data/data/####/4611afd046dde43b1d16108384d4e2e511839d9a6723a13...9555.0
  • /data/data/####/4ed4ccae9605fbd9a8ccd6a98c8770031a3d5d093512607....0.tmp
  • /data/data/####/506347788653b0e54ddf479b2f41a73393c72a47ee20591....0.tmp
  • /data/data/####/52e13671d4d7c01a1a9e117160864fb8d38b471c7912c4b....0.tmp
  • /data/data/####/5716c5f2304488cb3cd1064c991de6aacb266d7a2e204c8....0.tmp
  • /data/data/####/59dbce7a32f95789c0df93b14c13e418abc9e1e7fb53a24....0.tmp
  • /data/data/####/5f6e1855de6e20230cb52a49d210423102bf23e9e7edf32....0.tmp
  • /data/data/####/63655da962f028aea865919689dc9ac4d5c66ac47ff30f8....0.tmp
  • /data/data/####/63ef14702dc53f2be0d9767bd23ce03cd462ac6c2326fad....0.tmp
  • /data/data/####/6a1406bd7f88dc7c18c9556a0524dbba7d283abec697816....0.tmp
  • /data/data/####/724910d593c80f813e2ba169ea713e0ceb899a024853a9d....0.tmp
  • /data/data/####/73f634dc42b14e758daf210323cd8deb35e6bdfab8b07ed....0.tmp
  • /data/data/####/74e61abb2f903a0671e31eb6e101f0b96dc805c513e1239....0.tmp
  • /data/data/####/7756f075bccf9af2755f7eee46e0308ccce7f0bbc852fe8....0.tmp
  • /data/data/####/7820bccc3713b88f74212e15daaf0a49e4e844557f42aa7....0.tmp
  • /data/data/####/7aca373b4f993e765ea14d6efc7b623ad4bc14800a76b5f....0.tmp
  • /data/data/####/7dc8f7c6fd0337e91215ecb3905e68c45f7c37aa6690f1a....0.tmp
  • /data/data/####/7f24a5fdf5083775e1aae18fcb483a71dc3a4f6c4f172fe....0.tmp
  • /data/data/####/7fc78691da6760b9161dd7a7927d39b35a2f6d95f5d553a....0.tmp
  • /data/data/####/7fd6d5b68a9e8b855f52904769a31876214910b66ef55c5....0.tmp
  • /data/data/####/80339d7269d54aa9569c72742ab0017df5b2992e530c395....0.tmp
  • /data/data/####/80f4ef7746975e88cb755cc4041f10e657820b7d02331e4....0.tmp
  • /data/data/####/82a48ca495af91eb3be1963f0a240a9c3d23fb00934c881....0.tmp
  • /data/data/####/83241712b516160f3530ff064bca353716559877b6627dc....0.tmp
  • /data/data/####/85eef175644a880c97c93b218a0cdcad811ac42876a8682....0.tmp
  • /data/data/####/87992c3acd196c8c9e016b00c5c4e07408d8536f623198a....0.tmp
  • /data/data/####/87f003832ba66814267db7acb187b127d42d2b7dd83f7a0....0.tmp
  • /data/data/####/88b208f8e9dab6a1d924a772de3491f5c721121e08bdcb1....0.tmp
  • /data/data/####/8a1058ac62bc7dea60da53a54e93321a6f668dd90d21cae....0.tmp
  • /data/data/####/8c8a2e2bb43d80ac05772a996c102f9bcdd45111f838575....0.tmp
  • /data/data/####/8d20163bdc9166d287b2873ef94d66799d4d5457150365e....0.tmp
  • /data/data/####/92d9085f96103a60f077ccd74051a083728597a64ba2ccd....0.tmp
  • /data/data/####/93959543abe5f89683980c2567419b890a796c4883df437....0.tmp
  • /data/data/####/93a080925aad1d5eb49605b7e2910e984e7b2934dfe0365....0.tmp
  • /data/data/####/9617e3b293ec5be432f4d73fa89555f32aab2c6878bb331....0.tmp
  • /data/data/####/992682cfcf001dab4eeefd63d9a4df2672aaf0577472143....0.tmp
  • /data/data/####/9bbc2c79b00f32dd6ad483ef57b7ca52b09633848445499....0.tmp
  • /data/data/####/9c1b411495ebcaf25fb5f99b8bfd56b25c31f76fa507402....0.tmp
  • /data/data/####/9ca401fd0e56dc65b6d7ec85728995357635da514eda2a0....0.tmp
  • /data/data/####/9ea32dcd033d424087e012f8e2cbb840e4e6d72cc0e4327....0.tmp
  • /data/data/####/Archimedes_p1
  • /data/data/####/Archimedes_p2
  • /data/data/####/Archimedes_p3
  • /data/data/####/Archimedes_p4
  • /data/data/####/Archimedes_p5
  • /data/data/####/LY_AD_KEY.xml
  • /data/data/####/PreferanceUtil.xml
  • /data/data/####/TDCloudSettingsConfig8B95F6FFB5124FA2A9AA840736F3E611.xml
  • /data/data/####/TD_app_pefercen_profile.xml
  • /data/data/####/TDpref_cloudcontrol1.xml
  • /data/data/####/TDpref_longtime.xml
  • /data/data/####/TDpref_longtime0.xml
  • /data/data/####/TDpref_longtime0.xml.bak
  • /data/data/####/TDpref_shorttime.xml
  • /data/data/####/TDpref_shorttime0.xml
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/__Baidu_Stat_SDK_SendRem.xml
  • /data/data/####/__local_ap_info_cache.json
  • /data/data/####/__local_last_session.json
  • /data/data/####/__local_stat_cache.json
  • /data/data/####/__send_data_1571888056081
  • /data/data/####/__send_data_1571888066048
  • /data/data/####/a0b561931bf19bcc7b61b16b9c5c4e9459971ee449d05ee....0.tmp
  • /data/data/####/a1bde279f1d5975ea846abe9bb0ef7845eadb36aaaeccce....0.tmp
  • /data/data/####/a47b2a05b28b108254113629b5f3feb2c5b0bc0ba1f1f5b....0.tmp
  • /data/data/####/a4c61bab6bfee7974359784798e95bde2889152488e5663....0.tmp
  • /data/data/####/a51d55d6ff4ba587f816d3624b5b8f45a3bec0349a73220....0.tmp
  • /data/data/####/a7ee31705c6987e27da08e448ec9584b1074dd267e61bba....0.tmp
  • /data/data/####/ab8660f21f8f077f3659e61e42210ff894c88b2b8961269....0.tmp
  • /data/data/####/acd29d94d7d2978797f812b77d1caf8a033678515f5ee02....0.tmp
  • /data/data/####/ae10fbd14e3cd227070a2578b7d3cdafc5fa3d2d53b4c31....0.tmp
  • /data/data/####/af5455188d1e91855a89fa158082cfacaaff34607aff0a7....0.tmp
  • /data/data/####/authStatus_com.qiyu.wang.readbook;remote.xml
  • /data/data/####/b4a17bf12c5bc6238c440f4c1b487c4d908a7539ee48463....0.tmp
  • /data/data/####/baidu_mtj_sdk_record.xml
  • /data/data/####/baidu_mtj_sdk_record.xml.bak
  • /data/data/####/bb2c192d136eab3fe55d80178f26cf4eaec51c83eaf5bcb....0.tmp
  • /data/data/####/bugly_db_yaq-journal
  • /data/data/####/c0923f0e69bca2afd9c9fa70ee95a321277c43445c9f1f5....0.tmp
  • /data/data/####/c22f00343745d23a5d9b7a04cf0c9820813f20bb52a3a7b....0.tmp
  • /data/data/####/c39e65eb0bd0121c75bdbf9e15e3411c0fae6752bc58e86....0.tmp
  • /data/data/####/c739c52db622c2bf629844ef6fece26efa19435686b197c....0.tmp
  • /data/data/####/c8b268943eaf544ae23b9258ce43b2964d00ed0cfcb948b....0.tmp
  • /data/data/####/cce9308e9ba98e553d8f9443ba621dc1b830ffb18b84864....0.tmp
  • /data/data/####/com.aikesi.app.DEFAULT_PREF.xml
  • /data/data/####/com.qiyu.wang.readbook-1.apk.classes-1774903784.zip
  • /data/data/####/com.qiyu.wang.readbook_preference.xml
  • /data/data/####/crashrecord.xml
  • /data/data/####/d2534214aaf31f039f331befdccefa2e649f422d6eb4e17....0.tmp
  • /data/data/####/d320662ff712169c0a2a2ee497b069af1ebf55894b2a709....0.tmp
  • /data/data/####/d4af328eccf177cf44adbe4760861629662bbefde0c83fe....0.tmp
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTcxODg4MDU0NjMx;
  • /data/data/####/dW1weF9zaGFyZV8xNTcxODg4MDU1OTg3;
  • /data/data/####/dW1weF9zaGFyZV8xNTcxODg4MDU2MDYw;
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/db3c024e9720ba04ceaa73a0387bc277e6226c5ac2fa1d5....0.tmp
  • /data/data/####/db8b9d7afec3f2fbefb2e562916a9914a6ffe3b2a4d256c....0.tmp
  • /data/data/####/dc81eac63ea8e0d1f549cf6fe46d1f909a702699721f39a....0.tmp
  • /data/data/####/e53fd7b1e7d3031687832c9cc0670d66273e9902a198e99....0.tmp
  • /data/data/####/ea4e851f3785cb16ef310368114467fc5a1c60151791584....0.tmp
  • /data/data/####/eac3da21ff36e3396e3cf51a955397102c72e2dbcaae45b....0.tmp
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f7b83acdde9f4bacf7593cc7289b0f902174403a188fcc4....0.tmp
  • /data/data/####/f928ff1903b4e30d31e2f96c1c3216c1de490eb74731885....0.tmp
  • /data/data/####/ff022ed54d76e09fd303e7ace7c13f8b0ac2595a9345e9e....0.tmp
  • /data/data/####/firll.dat
  • /data/data/####/hst.db
  • /data/data/####/hst.db-journal
  • /data/data/####/i==1.2.0&&1.2.1_1571888054669_envelope.log
  • /data/data/####/index
  • /data/data/####/info.xml
  • /data/data/####/init_urls.xml
  • /data/data/####/iv
  • /data/data/####/journal.tmp
  • /data/data/####/libcuid.so
  • /data/data/####/libcuid_v3.so
  • /data/data/####/libshellx-super.2019.so
  • /data/data/####/local_crash_lock
  • /data/data/####/multidex.version.xml
  • /data/data/####/native_record_lock
  • /data/data/####/o0oooOO0ooOo.dat
  • /data/data/####/remote__local_last_session.json
  • /data/data/####/remote__local_stat_cache.json
  • /data/data/####/remote_umeng_common_config.xml
  • /data/data/####/salt
  • /data/data/####/security_info
  • /data/data/####/share.db-journal
  • /data/data/####/tdid.xml
  • /data/data/####/tosversion
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_location.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_socialize.xml
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/xiaoshuo.db-journal
  • /data/media/####/.a.dat
  • /data/media/####/.adfwe.dat
  • /data/media/####/.cca.dat
  • /data/media/####/.confd
  • /data/media/####/.confd-journal
  • /data/media/####/.cuid
  • /data/media/####/.cuid2
  • /data/media/####/.nomedia
  • /data/media/####/.timestamp
  • /data/media/####/.umm.dat
  • /data/media/####/7061814e9dbc292d08c13f1ba4793732.xml
  • /data/media/####/9cbf377cce9beb4e2573602286191266.xml
  • /data/media/####/channel-ly.txt
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/cpuinfo
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/sh -c getprop
  • getprop
  • getprop ro.build.display.id
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.miui.ui.version.name
  • getprop ro.product.cpu.abi
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.version
  • ls /
  • ls /sys/class/thermal
Loads the following dynamic libraries:
  • Bugly-yaq
  • crash_analysis
  • libshellx-super.2019
  • locSDK7d
Uses the following algorithms to encrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • Des-ECB-NoPadding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-PKCS5PADDING
  • AES-CBC-PKCS5Padding
  • AES-GCM-NoPadding
  • Des-ECB-NoPadding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play