Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.Triada.4355

Added to the Dr.Web virus database: 2019-11-18

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Triada.477.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) ip.s####.org:80
  • TCP(HTTP/1.1) www.h####.com:80
  • TCP(HTTP/1.1) ip.ta####.com:80
  • TCP(HTTP/1.1) fw.j####.com:80
  • TCP(HTTP/1.1) ti####.c####.l####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) t####.3g.qq.com:80
  • TCP(HTTP/1.1) ip.adi####.net:80
  • TCP(HTTP/1.1) api.alli####.com:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) d####.c####.l####.####.com:80
  • TCP(HTTP/1.1) m####.iboo####.com:80
  • TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
  • TCP(HTTP/1.1) hcc.u####.com:80
  • TCP(HTTP/1.1) w####.laot####.cn:80
  • TCP(HTTP/1.1) www.ipad####.com:80
  • TCP(TLS/1.0) f####.gst####.com:443
  • TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) and####.cli####.go####.com:443
  • TCP(TLS/1.0) ip.adi####.net:443
  • TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) safebro####.google####.com:443
  • TCP(TLS/1.0) sf3-ttc####.ps####.com:443
  • TCP(TLS/1.0) 2####.107.1.97:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) gm.mm####.com:443
  • TCP(TLS/1.0) c.c####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) 1####.217.19.202:443
  • TCP(TLS/1.0) ad1.azh####.com:9190
  • TCP(TLS/1.0) azh####.com:9061
  • TCP mazu####.3g.qq.com:443
  • TCP zb-cent####.m.ta####.com:80
  • TCP zb-cent####.m.ta####.com:443
  • TCP 1####.217.19.202:443
DNS requests:
  • a####.man.aliy####.com
  • ad1.azh####.com
  • ad3.azh####.com
  • amdc####.m.ta####.com
  • and####.b####.qq.com
  • and####.cli####.go####.com
  • and####.google####.com
  • api.alli####.com
  • api.ipad####.com
  • azh####.com
  • c####.mm####.com
  • c####.wee####.cn
  • c####.wee####.cn
  • c####.wee####.cn
  • c.c####.com
  • cdn.ipad####.com
  • cdn.wee####.cn
  • f####.gst####.com
  • fw.j####.com
  • hcc.u####.com
  • instant####.google####.com
  • ip.adi####.net
  • ip.s####.org
  • ip.ta####.com
  • is.sn####.com
  • log.u####.com
  • m####.go####.com
  • m####.iboo####.com
  • mazu####.3g.qq.com
  • p####.google####.com
  • plb####.u####.com
  • s####.adi####.net
  • s9.c####.com
  • safebro####.google####.com
  • sdk.ipad####.com
  • sf3-ttc####.ps####.com
  • t####.3g.qq.com
  • u####.u####.com
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • w####.laot####.cn
  • www.h####.com
  • www.ipad####.com
  • z12.c####.com
HTTP GET requests:
  • api.alli####.com/product_h5_setup/config?pid=####&isClient=####&isFilter...
  • api.alli####.com/user/get_imei_user
  • d####.c####.l####.####.com/214c9ebb-e279-4bb2-b93b-ed60eb8a1bb5
  • d####.c####.l####.####.com/FivP1AY1hz80NF3L1apxBs0xppR6
  • d####.c####.l####.####.com/FnxgmzBXFV2TNMPiDm0BOciouzTb
  • d####.c####.l####.####.com/Fsrm9fZ5SBLQvgeaqbvJUKFwXRii
  • d####.c####.l####.####.com/banner_157309530611512
  • d####.c####.l####.####.com/banner_157309532281692
  • d####.c####.l####.####.com/banner_157309533427661
  • d####.c####.l####.####.com/banner_157309534588634
  • d####.c####.l####.####.com/cover_727916_180x240
  • hcc.u####.com/73942h.dex
  • ip.adi####.net/api/ad/ad/sendDeviceInfo
  • ip.adi####.net/extra/information/list?acc=####
  • ip.adi####.net/ip/h5/ver/control/get?type=####
  • ip.s####.org/geoip
  • ip.ta####.com/service/getIpInfo2.php?ip=####
  • m####.iboo####.com/?channel=####&t=####&tk=####&timer=####
  • m####.iboo####.com/favicon.ico
  • m####.iboo####.com/h5_api/books/get_bootstrap_recommend?userid=####&type...
  • m####.iboo####.com/h5_api/books/store?offset=####&count=####
  • m####.iboo####.com/h5_api/personal/html_read_progress?pkg=####
  • m####.iboo####.com/h5_api/product_h5_setup/config?city=####&domain=####&...
  • m####.iboo####.com/h5_api/user/info
  • t####.3g.qq.com/cw.html
  • ti####.c####.l####.####.com/bs/images/wandering_cubes_1.png?ver=####
  • ti####.c####.l####.####.com/bs/images/wandering_cubes_2.png?ver=####
  • ti####.c####.l####.####.com/bs/static/css/app.0b167f45.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-27e89726.9eede9fe.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-2cd24d46.dbe41140.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-2ce55d9b.e3f93300.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-3a9e36d0.b23ace53.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-45b6e9d4.c5db3e2d.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-493f8bd8.4df63762.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-4d22b4ca.d51cd858.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-4f8d2a24.0bedbbee.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-5c0a86cb.81560803.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-5d9c3d4d.60a684eb.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-6ab4e262.307baf48.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-74d8d23e.df861e11.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-7c81dd9e.96e192d8.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-8cb25fec.88820afe.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-a71b30c4.bcc05bda.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-c87a11a8.cc975fcb.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-e6ade8bc.6d1c3679.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-eb98a71a.085de04b.css
  • ti####.c####.l####.####.com/bs/static/css/chunk-vendors.371e10e8.css
  • ti####.c####.l####.####.com/bs/static/css/comments.a606d51e.css
  • ti####.c####.l####.####.com/bs/static/css/components.38f40172.css
  • ti####.c####.l####.####.com/bs/static/css/local-book.c5a5583e.css
  • ti####.c####.l####.####.com/bs/static/css/readers.c11da349.css
  • ti####.c####.l####.####.com/bs/static/css/task.f1faf623.css
  • ti####.c####.l####.####.com/bs/static/fonts/icomoon.c4782031.ttf
  • ti####.c####.l####.####.com/bs/static/img/book.c11600b2.png
  • ti####.c####.l####.####.com/bs/static/img/def_thumb.f95ee701.png
  • ti####.c####.l####.####.com/bs/static/img/gl.7c93ebf6.png
  • ti####.c####.l####.####.com/bs/static/img/jbtx_icon.4d926693.png
  • ti####.c####.l####.####.com/bs/static/img/reward_end_tip_banner.c74a8626...
  • ti####.c####.l####.####.com/bs/static/img/small_coin.d3c83cdb.png
  • ti####.c####.l####.####.com/bs/static/img/sx.4e7be487.png
  • ti####.c####.l####.####.com/bs/static/img/syq.e22688a6.png
  • ti####.c####.l####.####.com/bs/static/img/task_chain_banner.497fee80.png
  • ti####.c####.l####.####.com/bs/static/img/task_chain_finish_title.f5d55c...
  • ti####.c####.l####.####.com/bs/static/img/task_chain_title.ae7e6525.png
  • ti####.c####.l####.####.com/bs/static/img/tx.127028bf.png
  • ti####.c####.l####.####.com/bs/static/img/user.33b20dfe.png
  • ti####.c####.l####.####.com/bs/static/js/app.d1ba5065.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-27e89726.d913e491.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2cd24d46.e4a9edd9.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2ce55d9b.407d5719.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0aab96.ac93d57e.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0ac448.4295f32a.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0b27b5.a434a92b.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0b6359.86842b31.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0b6aec.62de134c.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0df288.79ef942d.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0e5da1.3ce68656.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0e5fac.b35d69af.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0e95df.714749d8.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d0f026d.9d24b350.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d21f251.f0dd1213.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d225814.cf702461.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d225b9a.af8d43a0.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-2d22d014.89aa6233.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-3a9e36d0.2e1dc816.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-45b6e9d4.8f452409.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-493f8bd8.a60ac72d.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-4d22b4ca.630060a2.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-4f8d2a24.c06d2ce1.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-5c0a86cb.45bc9556.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-5d9c3d4d.411dfc57.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-6ab4e262.784ff7ad.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-74d8d23e.1b1c1917.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-7c81dd9e.3ce82b00.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-8cb25fec.9eebebd9.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-a71b30c4.bd91bd9a.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-c87a11a8.2dfe416f.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-e6ade8bc.df2aab94.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-eb98a71a.a5604d46.js
  • ti####.c####.l####.####.com/bs/static/js/chunk-vendors.bb3c64b6.js
  • ti####.c####.l####.####.com/bs/static/js/comments.5d8edfeb.js
  • ti####.c####.l####.####.com/bs/static/js/components.eb4660fd.js
  • ti####.c####.l####.####.com/bs/static/js/local-book.4e70794d.js
  • ti####.c####.l####.####.com/bs/static/js/readers.7be8f9f1.js
  • ti####.c####.l####.####.com/bs/static/js/task.9b45d4ac.js
  • www.ipad####.com/rpads/score_task/isComplete?userId=####&productId=####
HTTP POST requests:
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • and####.b####.qq.com/rqd/async?aid=####
  • fw.j####.com/api/AdvControl/ListAdvs
  • fw.j####.com/api/ScreenCAP/IsVipDataV2
  • sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
  • w####.laot####.cn/api/AgreementByChannel/ProductAgreement
  • www.h####.com/sdk/api_active.php
  • www.h####.com/sdk2/index.php
File system changes:
Creates the following files:
  • /data/data/####/-5998622401067643521
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/.jgck
  • /data/data/####/0160ef1ba9b15d64_0
  • /data/data/####/0160ef1ba9b15d64_1
  • /data/data/####/0245ce0710cf410ea294b808268479ea
  • /data/data/####/02b5dbf213f1da9f_0
  • /data/data/####/072654e6f94acc37_0
  • /data/data/####/0c1e1d33d8ae3fb5_0
  • /data/data/####/0c1e1d33d8ae3fb5_1
  • /data/data/####/0dc7e8801e106fb5_0
  • /data/data/####/1004
  • /data/data/####/105435dc3aa587ac_0
  • /data/data/####/10d2c541d5a8535a_0
  • /data/data/####/10d2c541d5a8535a_1
  • /data/data/####/1439a3d0d707ab9ffa7f2f390e9ea76b.xml
  • /data/data/####/1439a3d0d707ab9ffa7f2f390e9ea76b.xml.bak
  • /data/data/####/185d8cdb55a3b942_0
  • /data/data/####/185d8cdb55a3b942_1
  • /data/data/####/18ccaf618bdbaec0_0
  • /data/data/####/18ccaf618bdbaec0_1
  • /data/data/####/1b58cd56628ebe71_0
  • /data/data/####/213f535600707683_0
  • /data/data/####/213f535600707683_1
  • /data/data/####/2add5037e1466784_0
  • /data/data/####/2b830872b09c07e9_0
  • /data/data/####/2b830872b09c07e9_1
  • /data/data/####/2bedde3265590c49a5e6433bd59787d0003b0516287184f....0.tmp
  • /data/data/####/2d4a5c7a30257c2b_0
  • /data/data/####/2d9d96759e3d001d_0
  • /data/data/####/2d9d96759e3d001d_1
  • /data/data/####/2ea3e2b0e417148e_0
  • /data/data/####/2ea3e2b0e417148e_1
  • /data/data/####/3062234.dex
  • /data/data/####/3062234.dex.flock (deleted)
  • /data/data/####/3062234.jar
  • /data/data/####/3062454.dex
  • /data/data/####/3062454.dex.flock (deleted)
  • /data/data/####/3062454.jar
  • /data/data/####/3062832.dex
  • /data/data/####/3062832.dex.flock (deleted)
  • /data/data/####/3062832.jar
  • /data/data/####/35fa4bb9287770e3_0
  • /data/data/####/378fd4f9ed3d5639_0
  • /data/data/####/40805.dat
  • /data/data/####/420bc391df7d3816_0
  • /data/data/####/4295ff6d2060fa8e_0
  • /data/data/####/484a5713057414b2_0
  • /data/data/####/48beb3ba7f9e867d_0
  • /data/data/####/4c7de61193396da5_0
  • /data/data/####/4edc2ecf7ce81ee7_0
  • /data/data/####/4f09613c611732f4_0
  • /data/data/####/5133c757fba126ae_0
  • /data/data/####/52f77e4c7620d060_0
  • /data/data/####/5338bdb390efcaa0_0
  • /data/data/####/53a36aea96990743_0
  • /data/data/####/55d55748075468a2_0
  • /data/data/####/55e3fc363890b74a_0
  • /data/data/####/5e8abc003f30740f_0
  • /data/data/####/5eaec12641455d4c_0
  • /data/data/####/5ec4bb7dd1a477057c805b79be13811f.xml
  • /data/data/####/5ec4bb7dd1a477057c805b79be13811f.xml.bak
  • /data/data/####/6181fcb299fab471_0
  • /data/data/####/6181fcb299fab471_1
  • /data/data/####/61d447b866cad03d_0
  • /data/data/####/61d447b866cad03d_1
  • /data/data/####/65dcbe8a35500d7d_0
  • /data/data/####/67a31c8fe77b4b30_0
  • /data/data/####/67a31c8fe77b4b30_1
  • /data/data/####/6963b6e9b984bf5c_0
  • /data/data/####/6963b6e9b984bf5c_1
  • /data/data/####/6b0136c78ef539f0_0
  • /data/data/####/70d90142530d1edd_0
  • /data/data/####/7129f1d53a2710b3_0
  • /data/data/####/74bc77f4551f4640_0
  • /data/data/####/76056123bcfe1266_0
  • /data/data/####/7c8b105166498bec_0
  • /data/data/####/7f7043b4917fe5c4_0
  • /data/data/####/81e4df4cdf17c92c_0
  • /data/data/####/83bcccf00f407e70_0
  • /data/data/####/84c66fbaa5d1f495_0
  • /data/data/####/86172c379708eb77_0
  • /data/data/####/88aad9f5c926b99a_0
  • /data/data/####/89a4e960f39898fb_0
  • /data/data/####/8d0bd2138a874034_0
  • /data/data/####/8d0bd2138a874034_1
  • /data/data/####/91928a46dc8f9e1f_0
  • /data/data/####/91d08823d64964d5_0
  • /data/data/####/924f31ed82d231f5_0
  • /data/data/####/924f31ed82d231f5_1
  • /data/data/####/951f02b7696b761d_0
  • /data/data/####/9659d518d5263d10_0
  • /data/data/####/96e8fbc2be4ee302_0
  • /data/data/####/97fe990ab31163de_0
  • /data/data/####/97fe990ab31163de_1
  • /data/data/####/98365cfb2f4706af_0
  • /data/data/####/9925c10d48820c44_0
  • /data/data/####/9e0e2e02594e5802_0
  • /data/data/####/ACCS_BINDumeng;590be9b5734be43b6900064c.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml.bak
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/BillingSpNameV2.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/Cookies-journal
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a087f8f7b4f4d636_0
  • /data/data/####/a1aad1ebdf8bdb6a_0
  • /data/data/####/a1aad1ebdf8bdb6a_1
  • /data/data/####/a3ea868fc2fb4d2f90d9007b5086c6c8
  • /data/data/####/a4c2978062740979_0
  • /data/data/####/a501df61b2718e64_0
  • /data/data/####/a501df61b2718e64_1
  • /data/data/####/a5d993e705866e7e_0
  • /data/data/####/a==7.5.0&&1.6.8_1573820499813_envelope.log
  • /data/data/####/access_control.control.mx
  • /data/data/####/access_control.write.mx
  • /data/data/####/accs.db-journal
  • /data/data/####/adc45b6a30992d9e_0
  • /data/data/####/agoo.pid
  • /data/data/####/b7911fa5fd5d2b9b_0
  • /data/data/####/b828bbb8e56a17c7_0
  • /data/data/####/b828bbb8e56a17c7_1
  • /data/data/####/be86e367e9780513_0
  • /data/data/####/bf981c130853f39e_0
  • /data/data/####/birddownloader.db-journal
  • /data/data/####/birdopensdk.db-journal
  • /data/data/####/bugly_db_-journal
  • /data/data/####/c1bb3b4ef8336ac6_0
  • /data/data/####/c27035f82ceb8314_0
  • /data/data/####/c27035f82ceb8314_1
  • /data/data/####/c3b04ef2e22bc24e_0
  • /data/data/####/c4f62810d4438211_0
  • /data/data/####/c576829e0e5318bd_0
  • /data/data/####/c5e4d497d3e983aa_0
  • /data/data/####/c5e4d497d3e983aa_1
  • /data/data/####/cdd78b358660b2ec_0
  • /data/data/####/cdd78b358660b2ec_1
  • /data/data/####/classes.dex
  • /data/data/####/classes.dex;classes2.dex
  • /data/data/####/classes.dex;classes3.dex
  • /data/data/####/classes.dex;classes4.dex
  • /data/data/####/classes.oat
  • /data/data/####/com.jy.recorder_preferences.xml
  • /data/data/####/com.jy.recorder_sdk_opt.xml
  • /data/data/####/crashrecord.xml
  • /data/data/####/d11a09dee5b33c60_0
  • /data/data/####/d77ba077efd767c1_0
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTczODIwNDg5MjA3;
  • /data/data/####/dW1weF9pbnRlcm5hbF8xNTczODIwNDk2NzU3;
  • /data/data/####/dW1weF9zaGFyZV8xNTczODIwNTAwOTYw;
  • /data/data/####/dW1weF9zaGFyZV8xNTczODIwNTAyMzEw;
  • /data/data/####/dba4c1c20d952204_0
  • /data/data/####/dcb1ec233a4dcb14_0
  • /data/data/####/dcb1ec233a4dcb14_1
  • /data/data/####/dcfbde4b03145c1c_0
  • /data/data/####/ddedf02b1ca19aa3_0
  • /data/data/####/downloader.db-journal
  • /data/data/####/e01885189c27cb02_0
  • /data/data/####/e0f8f97889a1b542_0
  • /data/data/####/e0f8f97889a1b542_1
  • /data/data/####/e1251223511590cc_0
  • /data/data/####/e45bf0f1837fd8fd_0
  • /data/data/####/e557434a5ad3927b_0
  • /data/data/####/e60eaf04c0275141_0
  • /data/data/####/e643427cda7469ce_0
  • /data/data/####/e9136ad4e3440460_0
  • /data/data/####/e9136ad4e3440460_1
  • /data/data/####/ea3aa09078587909_0
  • /data/data/####/ef15709c9e856b78_0
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f0b1e8b95c8a8a71_0
  • /data/data/####/f1f39ec84f04a3a2_0
  • /data/data/####/f54189bff2e57b7c_0
  • /data/data/####/f54189bff2e57b7c_1
  • /data/data/####/f668b801ca7e9707_0
  • /data/data/####/fa2e2fd8d7dfeef6_0
  • /data/data/####/fda585d2cc6ea331_0
  • /data/data/####/fda585d2cc6ea331_1
  • /data/data/####/ff4c465c16e9f302_0 (deleted)
  • /data/data/####/http_mvqkm.ibooksss.com_0.localstorage-journal
  • /data/data/####/httpdns_config_cache.xml
  • /data/data/####/i==1.2.0&&1.6.8_1573820489278_envelope.log
  • /data/data/####/ibkad_config.xml
  • /data/data/####/ibkad_config.xml.bak
  • /data/data/####/index
  • /data/data/####/info.xml
  • /data/data/####/journal.tmp
  • /data/data/####/libjiagu.so
  • /data/data/####/local_crash_lock
  • /data/data/####/local_crash_lock (deleted)
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/metrics_guid
  • /data/data/####/native_record_lock
  • /data/data/####/native_record_lock (deleted)
  • /data/data/####/proc_auxv
  • /data/data/####/record.realm
  • /data/data/####/record.realm.lock
  • /data/data/####/record.xml
  • /data/data/####/security_info
  • /data/data/####/share.db-journal
  • /data/data/####/share_data.xml
  • /data/data/####/sk.xml
  • /data/data/####/the-real-index
  • /data/data/####/tms_base.xml
  • /data/data/####/tt_sdk_settings.xml
  • /data/data/####/ttopenadsdk.xml
  • /data/data/####/ttopensdk.db-journal
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/udesk_sdk.xml
  • /data/data/####/um_pri.xml
  • /data/data/####/umdat.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_location.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_message_state.xml
  • /data/data/####/umeng_socialize.xml
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/cpuinfo
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/dex2oat --instruction-set=x86 --dex-file=<Package Folder>/.jiagu/classes.dex --dex-file=<Package Folder>/.jiagu/classes.dex:classes2.dex --dex-file=<Package Folder>/.jiagu/classes.dex:classes3.dex --dex-file=<Package Folder>/.jiagu/classes.dex:classes4.dex --oat-file=<Package Folder>/.jiagu/classes.oat --inline-depth-limit=0 --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/556338146/3062832.jar --oat-fd=41 --oat-location=/data/user/0/<Package>/files/556338146/3062832.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/556341926/3062454.jar --oat-fd=43 --oat-location=/data/user/0/<Package>/files/556341926/3062454.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/556343910/3062234.jar --oat-fd=45 --oat-location=/data/user/0/<Package>/files/556343910/3062234.dex --compiler-filter=speed
  • busybox ifconfig
  • cat /sys/class/net/wlan0/address
  • getprop
  • getprop ro.build.display.id
  • getprop ro.build.version.emui
  • getprop ro.letv.release.version
  • getprop ro.miui.ui.version.name
  • getprop ro.vivo.os.build.display.id
  • ls /
  • ls /sys/class/thermal
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • Des-ECB-NoPadding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • Des-ECB-NoPadding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android