JavaScript support is required for our site to be fully operational in your browser.
Android.Packed.53757
Added to the Dr.Web virus database:
2020-07-31
Virus description added:
2020-07-31
Technical information
Malicious functions:
Executes code of the following detected threats:
Android.DownLoader.192.origin
Network activity:
Connects to:
UDP(DNS) <Google DNS>
TCP(HTTP/1.1) w####.pcon####.com.cn:80
DNS requests:
cl####.adf####.com
w####.pcon####.com.cn
HTTP POST requests:
w####.pcon####.com.cn/ip.jsp?qq-pf-to=####
File system changes:
Creates the following files:
/data/data/####/0dbb8b87-20f5-4bf2-ab65-59dbedc4c2e8
/data/data/####/149a5eb4-6cbe-463f-894c-c483a2e3c2a8
/data/data/####/176c5a5c-a4d4-450a-b0d9-5b435399ab08
/data/data/####/25eb82e4-e9a2-4172-b1b1-18be810c3558
/data/data/####/29233336-a59e-48d6-933d-f5a8c853ce90
/data/data/####/37a3f152-0995-45f0-ad43-9ac3661ebd5f
/data/data/####/3c306dd8-94af-4a72-943b-0828d39ef2db
/data/data/####/3fba9e71-fa65-4b55-9faf-b41aab3da209
/data/data/####/47cd3dc5-70ba-4edc-99a9-9e27e5c532d6
/data/data/####/58bd4f4f-068b-4570-88dd-084bd3712a1c
/data/data/####/5a5c41e3-c24c-4cbc-ba66-d0c93f9b55b8
/data/data/####/5cc3a013-b75f-473a-a58e-fa9bf60b063e
/data/data/####/604d9ab1-149c-4850-a0ae-e9ace5e60b16
/data/data/####/650af4c1-e869-4adf-a48b-0b4ec321f896
/data/data/####/6c82c1d7-4289-4d68-bf1f-2316adb70f70
/data/data/####/6d33e883-6044-46f1-8673-db77aa0ea84d
/data/data/####/6e507f4a-3e1a-4a79-9fa2-cab54732c9bc
/data/data/####/70f23f6e-944a-4922-85f9-0dfefcfaca06
/data/data/####/7ed7b699-2a07-4c27-b6cf-483957d9e66c
/data/data/####/859646cc-59ad-453a-9473-dfc8038c8e95
/data/data/####/Downloado
/data/data/####/Downloado-journal
/data/data/####/b2a5aca1-486f-4f5a-9512-2ac8a633b8eb
/data/data/####/c
/data/data/####/c.dex
/data/data/####/c.jar
/data/data/####/c7ce2a3a-fbe2-4c79-8561-e711de985dfa
/data/data/####/ca5225fa-04e5-4e2e-be35-0421d9534fd5
/data/data/####/ca53cd84-0698-4e35-b1b5-ead58074aee9
/data/data/####/configo.xml
/data/data/####/e297040e-767d-4df1-bd62-ddedcbeb4565
/data/data/####/e9477d0f-500a-41e7-8889-1b9379a22f45
/data/data/####/eacd3b6e-07fa-48a7-a368-a0b27d8a7b8f
/data/data/####/eck.xml
/data/data/####/ee8cda0a-b178-463f-8830-a1b0f6321161
/data/data/####/f5d82f52-936a-437b-8df8-27172381f64e
/data/data/####/f7e70ebd-cfe1-409b-9c80-b795d0b669ab
/data/data/####/feiwo_bai-db
/data/data/####/feiwo_bai-db-journal
/data/data/####/feiwo_bayiSharedPrferences.xml
/data/data/####/feiwo_checkerConfig.xml
/data/data/####/t
/data/media/####/com.solar.rain.jcoz.dex
/data/media/####/com.solar.rain.jcoz.dex (deleted)
/data/media/####/com.solar.rain.jcpz.dex
/data/media/####/id
/data/media/####/logo.png
Miscellaneous:
Loads the following dynamic libraries:
0dbb8b87-20f5-4bf2-ab65-59dbedc4c2e8
149a5eb4-6cbe-463f-894c-c483a2e3c2a8
176c5a5c-a4d4-450a-b0d9-5b435399ab08
25eb82e4-e9a2-4172-b1b1-18be810c3558
29233336-a59e-48d6-933d-f5a8c853ce90
37a3f152-0995-45f0-ad43-9ac3661ebd5f
3c306dd8-94af-4a72-943b-0828d39ef2db
3fba9e71-fa65-4b55-9faf-b41aab3da209
47cd3dc5-70ba-4edc-99a9-9e27e5c532d6
58bd4f4f-068b-4570-88dd-084bd3712a1c
5a5c41e3-c24c-4cbc-ba66-d0c93f9b55b8
5cc3a013-b75f-473a-a58e-fa9bf60b063e
604d9ab1-149c-4850-a0ae-e9ace5e60b16
650af4c1-e869-4adf-a48b-0b4ec321f896
6c82c1d7-4289-4d68-bf1f-2316adb70f70
6d33e883-6044-46f1-8673-db77aa0ea84d
6e507f4a-3e1a-4a79-9fa2-cab54732c9bc
70f23f6e-944a-4922-85f9-0dfefcfaca06
7ed7b699-2a07-4c27-b6cf-483957d9e66c
859646cc-59ad-453a-9473-dfc8038c8e95
MAME4droid
b2a5aca1-486f-4f5a-9512-2ac8a633b8eb
c7ce2a3a-fbe2-4c79-8561-e711de985dfa
ca5225fa-04e5-4e2e-be35-0421d9534fd5
ca53cd84-0698-4e35-b1b5-ead58074aee9
e297040e-767d-4df1-bd62-ddedcbeb4565
e9477d0f-500a-41e7-8889-1b9379a22f45
eacd3b6e-07fa-48a7-a368-a0b27d8a7b8f
ee8cda0a-b178-463f-8830-a1b0f6321161
f5d82f52-936a-437b-8df8-27172381f64e
f7e70ebd-cfe1-409b-9c80-b795d0b669ab
Uses the following algorithms to encrypt data:
Uses the following algorithms to decrypt data:
AES-CFB-NoPadding
DES
DES-CBC-PKCS5Padding
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Curing recommendations
Android
If the mobile device is operating normally, download and install Dr.Web for Android Light . Run a full system scan and follow recommendations to neutralize the detected threats.
If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
Switch off your device and turn it on as normal.
Find out more about Dr.Web for Android
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK