FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.RemoteCode.6386

Added to the Dr.Web virus database: 2019-12-03

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.127.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) l####.tbs.qq.com:80
  • TCP(HTTP/1.1) 1####.29.29.29:80
  • TCP(HTTP/1.1) oss.thebeas####.com:80
  • TCP(HTTP/1.1) img.thebeas####.com:80
  • TCP(HTTP/1.1) a####.a####.m.####.com:80
  • TCP(TLS/1.0) api.s####.com:443
  • TCP(TLS/1.0) img.thebeas####.com:443
  • TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) t.growi####.com:443
  • TCP(TLS/1.0) rep####.crashly####.com:443
  • TCP(TLS/1.0) 1####.217.168.206:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) cras####.growi####.com:443
  • TCP(TLS/1.0) t####.growi####.com:443
  • TCP(TLS/1.0) e.crashly####.com:443
  • TCP(TLS/1.0) api.growi####.com:443
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) sett####.crashly####.com:443
  • TCP(TLS/1.0) x####.com:443
  • TCP(TLS/1.0) api.thebeas####.com:443
  • TCP(TLS/1.2) 1####.217.20.74:443
  • TCP 1####.205.160.76:443
  • TCP zb-cent####.m.ta####.com:80
DNS requests:
  • a####.m.ta####.com
  • and####.google####.com
  • api.growi####.com
  • api.s####.com
  • api.thebeas####.com
  • cras####.growi####.com
  • e.crashly####.com
  • i####.cn
  • id1.cn.8.####.8
  • img.thebeas####.com
  • instant####.google####.com
  • l####.tbs.qq.com
  • log.u####.com
  • msg.umengc####.com
  • oss.thebeas####.com
  • rep####.crashly####.com
  • s####.u####.com
  • s####.u####.com.####.8
  • sett####.crashly####.com
  • t####.growi####.com
  • t.growi####.com
  • umengj####.m.ta####.com
  • x####.com
HTTP GET requests:
  • img.thebeas####.com/apppictures/2018-11-15/e9f6422175f123af35751d9e770ec...
  • img.thebeas####.com/apppictures/2018-12-20/e4122a602a7ab04f22fdc65839035...
  • img.thebeas####.com/apppictures/2019-01-11/18e61d625f4ee412254b1a019fbfa...
  • img.thebeas####.com/apppictures/2019-01-16/2944ba8381dc91101d146c258f781...
  • img.thebeas####.com/apppictures/2019-01-22/3af363da021ae97316d35c8e19ccb...
  • img.thebeas####.com/apppictures/2019-01-22/7cee066fbd88b5d670a2a1a04993e...
  • img.thebeas####.com/apppictures/2019-01-23/6c029be2866d64e9f1edfb2bab231...
  • img.thebeas####.com/apppictures/2019-01-23/71a7220486057f86272c33d87cd76...
  • img.thebeas####.com/apppictures/2019-01-23/9eb4a5826595cc236545a350cfe62...
  • img.thebeas####.com/apppictures/2019-01-23/b52d38d611688842a051b71d9a33b...
  • img.thebeas####.com/apppictures/2019-02-02/b1a0f2e431185e28f448a63d5c700...
  • img.thebeas####.com/apppictures/2019-02-05/8940ab154aa16ef8546ce73ed357e...
  • img.thebeas####.com/apppictures/2019-02-10/112773b0439fff76e3089edf7751c...
  • img.thebeas####.com/apppictures/2019-02-10/1371c03b069ef876496abc95c1952...
  • img.thebeas####.com/apppictures/2019-02-10/79ae045c343c6cf074db4952fe038...
  • img.thebeas####.com/apppictures/2019-02-10/a6e69a2a763f5a84404c97c61d539...
  • img.thebeas####.com/apppictures/2019-02-10/d51012100a83d8576d79c5e803ff7...
  • img.thebeas####.com/apppictures/2019-02-13/c65859b1626dd4950a4c354aed4ae...
  • img.thebeas####.com/apppictures/2019-02-13/f42ecbd92a68002e05b378140f0fe...
  • img.thebeas####.com/file/app_image/43dcbbfe9e0b4d34aebe20cf58e673ea.jpg
  • img.thebeas####.com/file/app_image/509e50c6ddaa0bcada203b1dd5d819b6.png@...
  • img.thebeas####.com/file/app_image/7043ad07e479de85c760c5dc87a5854f.png@...
  • img.thebeas####.com/file/app_image/a3b19d6d00e54874969ab712766cb044.jpg
  • oss.thebeas####.com/iconfont/iconfont.ttf
HTTP POST requests:
  • a####.a####.m.####.com/amdc/mobileDispatch?platform=####&v=####&deviceId...
  • l####.tbs.qq.com/ajax?c=####&k=####
File system changes:
Creates the following files:
  • /data/data/####/.jg.ic
  • /data/data/####/.jgck
  • /data/data/####/1575067818124.log
  • /data/data/####/159978b5f5b70368c29e5d6c72fc1b6f47fc0b42e6b9caf....0.tmp
  • /data/data/####/242274723904757296
  • /data/data/####/2E4x5jJMVQBLQuLR8a4Uc7HdHQ0.cnt
  • /data/data/####/3b25c4c0c82d4a964258342cebcde7d8e6957cb99e6c1c2....0.tmp
  • /data/data/####/48Hu-yZFgBs3VhI6tBt_e1h2yfc.cnt
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12SessionApp.cls
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12SessionOS.cls
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0A00260-0001-0C7F-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0A5024D-0001-0D3F-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0A70260-0001-0D4F-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0AA039A-0002-0D3F-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12BeginSession.cls
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0AC0379-0001-0E5D-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0B1034A-0002-0E5D-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0B403A1-0001-0F21-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0B90288-0002-0F21-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12BeginSession.cls
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0BD015A-0001-0FE9-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0C201A0-0002-0FE9-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12BeginSession.cls
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0C60119-0001-10A0-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0CA03DF-0002-10A0-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0CE022F-0001-1155-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0D30086-0002-1155-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0D502A1-0001-120E-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0DA0320-0002-120E-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12.cls_temp
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionCrash.cls_temp
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionOS.json
  • /data/data/####/5DE1A0DE0151-0001-12C5-6E8CAAF95A12SessionUser.cls_temp
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12BeginSession.cls_temp
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12BeginSession.json
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12SessionApp.cls_temp
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12SessionApp.json
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12SessionDevice.cls_temp
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12SessionDevice.json
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12SessionOS.cls_temp
  • /data/data/####/5DE1A0E5013C-0002-12C5-6E8CAAF95A12SessionOS.json
  • /data/data/####/5kE1xtSbrTig1dfovx5WrQJTvMw.cnt
  • /data/data/####/7fvLFd0BaM4DrwoKU64-EMRP-zM.cnt
  • /data/data/####/8797182d2ff5ae471f91e3cc8f7d0c8a855461a88dd78d3....0.tmp
  • /data/data/####/ACCS_BIND.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/Cookies-journal
  • /data/data/####/CyW9jw2zPzPVOQJDX_6In5A-JpQ.cnt
  • /data/data/####/GyrTzOr3g2AlwMZGXNi9KF7f5EI.cnt
  • /data/data/####/JuY4TwTmpnCE6B63sZyKpBDdYLQ.713970555.tmp
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/Mm2O-Utxg-PNkyrk0zdmGWMDWlU.cnt
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/O6cjdpJp64-Y6lmB4OrS9DRN9Rc.cnt
  • /data/data/####/PE6jG6Tpo4cZAken2kwd4JWreKQ.361907035.tmp
  • /data/data/####/RLSo5bmT3-T2SaQIOiQQOty7ttY.cnt
  • /data/data/####/TwitterAdvertisingInfoPreferences.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/XdcHTONSNFkCkapDmf-teQ8Mvgo.375483927.tmp
  • /data/data/####/aL_SNHxBjzb_clBk_kKvSEtMeM8.cnt
  • /data/data/####/accs.db-journal
  • /data/data/####/agoo.pid
  • /data/data/####/ca9e2b41374f677cc45897e6c9f84fd391afd16ca8cc074....0.tmp
  • /data/data/####/classes.dex
  • /data/data/####/classes.oat
  • /data/data/####/classes2.dex
  • /data/data/####/classes3.dex
  • /data/data/####/com.crashlytics.prefs.xml
  • /data/data/####/com.crashlytics.sdk.android.crashlytics-core;co...re.xml
  • /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
  • /data/data/####/com.crashlytics.settings.json
  • /data/data/####/com.thebeastshop.thebeast;channel.growing.db
  • /data/data/####/com.thebeastshop.thebeast;channel.growing.db-journal
  • /data/data/####/com.thebeastshop.thebeast_preferences.xml
  • /data/data/####/com.thebeastshop.thebeast_preferences.xml.bak
  • /data/data/####/core_info
  • /data/data/####/crash_marker
  • /data/data/####/debug.conf
  • /data/data/####/growing.db
  • /data/data/####/growing.db-journal
  • /data/data/####/growing_persist_data.xml
  • /data/data/####/growing_profile.xml
  • /data/data/####/growing_server_pref.xml
  • /data/data/####/growingio_diagnose.xml
  • /data/data/####/growingio_diagnose.xml.bak
  • /data/data/####/initialization_marker
  • /data/data/####/io.fabric.sdk.android;fabric;io.fabric.sdk.andr...ng.xml
  • /data/data/####/journal.tmp
  • /data/data/####/kC3W71txwbJUIfuNTmMgB9JxxA8.556462871.tmp
  • /data/data/####/libjiagu.so
  • /data/data/####/libtnet-3.1.7bk1.so
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/metrics_guid
  • /data/data/####/mpE8bLrPKcQQR4MPKTeL5EfkjJU.cnt
  • /data/data/####/nquAZXDsqrA6bpAEM6amcT9kjbs.1440798774.tmp
  • /data/data/####/proc_auxv
  • /data/data/####/sa_01fd684e-0b7a-40e8-b69e-17d9a868ce7e_1575067819341.tap
  • /data/data/####/sa_236409bc-002b-4342-91ce-a2845cb160d6_1575067838471.tap
  • /data/data/####/sa_4265c8de-bad4-498a-98c2-c1516b6eec46_1575067816444.tap
  • /data/data/####/sa_4bd2b5d4-178d-4483-9990-9c95f0f8a97f_1575067822036.tap
  • /data/data/####/sa_5f22b06f-48ae-433f-a8d3-fbe461ae4c16_1575067855568.tap
  • /data/data/####/sa_7d92a578-be03-40c7-ba3b-70a157eafcdf_1575067871436.tap
  • /data/data/####/sa_9a35ad5d-8f0d-4acc-940a-1ec54e03874a_1575067862258.tap
  • /data/data/####/sa_cc09a896-0569-4062-9f0b-58feba5ff2d4_1575067810989.tap
  • /data/data/####/sa_e91f885d-3d04-4ea0-a205-eb12973a21ab_1575067847593.tap
  • /data/data/####/sa_f781433b-0ff1-441e-b9dd-c7353827f7a1_1575067830363.tap
  • /data/data/####/session_analytics.tap
  • /data/data/####/session_analytics.tap (deleted)
  • /data/data/####/session_analytics.tap.tmp
  • /data/data/####/sobot_chat_20191130_log.txt
  • /data/data/####/sobot_config.xml
  • /data/data/####/sobot_config.xml.bak
  • /data/data/####/talkingdata_file_prefence.xml
  • /data/data/####/tbs_download_config.xml
  • /data/data/####/tbs_download_stat.xml
  • /data/data/####/tbscoreinstall.txt
  • /data/data/####/tbslock.txt
  • /data/data/####/tdid.xml
  • /data/data/####/umeng_socialize.xml
  • /data/data/####/umeng_socialize.xml.bak
  • /data/data/####/ux2G-fcTaijAZRi6G0RD1IZzQWs.cnt
  • /data/data/####/v2N5XU5BF1OwZFZL32Jaa3zx4vs.cnt
  • /data/data/####/zOaR8ESrMJ1xhMml-HEB_6OIM-0.1895421349.tmp
  • /data/data/####/zxhsETTUiqihygTmg-nE6GqQpDA.cnt
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --instruction-set=x86 --dex-file=<Package Folder>/.jiagu/classes.dex --dex-file=<Package Folder>/.jiagu/classes2.dex --dex-file=<Package Folder>/.jiagu/classes3.dex --oat-file=<Package Folder>/.jiagu/classes.oat --inline-depth-limit=0 --compiler-filter=speed
  • cat /sys/class/net/wlan0/address
  • chmod 755 <Package Folder>/.jiagu/libjiagu.so
  • getprop ro.product.cpu.abi
Uses the following algorithms to encrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-NoPadding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • DES-CBC-PKCS5Padding
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play