FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.HiddenAds.3160

Added to the Dr.Web virus database: 2022-05-11

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.HiddenAds.3057
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) s####.e.qq.com:80
  • TCP(HTTP/1.1) hw2.a.kw####.####.com:80
  • TCP(TLS/1.0) q####.tc.qq.com:443
  • TCP(TLS/1.0) basefil####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) qzs.gd####.com.####.com:443
  • TCP(TLS/1.0) t####.m.qq.com:443
  • TCP(TLS/1.0) st####.yx####.com.####.net:443
  • TCP(TLS/1.0) p####.ad####.com.####.com:443
  • TCP(TLS/1.0) s####.e.qq.com:443
  • TCP(TLS/1.0) o####.e.kuai####.com:443
  • TCP(TLS/1.0) al####.st####.yx####.com:443
  • TCP(TLS/1.0) 1####.250.179.170:443
  • TCP(TLS/1.2) 1####.250.179.202:443
  • TCP(TLS/1.2) 1####.251.36.46:443
  • TCP zt.gif####.com:443
  • TCP pang####.sn####.com.####.net:443
  • TCP al####.st####.yx####.com:443
DNS requests:
  • al####.st####.yx####.com
  • api-ac####.pangoli####.com
  • basefil####.oss-cn-####.aliy####.com
  • hw2.a.kw####.com
  • lf3-####.pglstat####.com
  • m####.go####.com
  • o####.e.kuai####.com
  • p####.ad####.com
  • pang####.sn####.com
  • q####.qq.com
  • qzs.gd####.com
  • s####.e.qq.com
  • sf3-fe####.pglstat####.com
  • sf3-ttc####.ps####.com
  • st####.yx####.com
  • t####.m.qq.com
  • tnc3-b####.sn####.com
  • to####.ctobsn####.com
  • zt.gif####.com
HTTP GET requests:
  • al####.st####.yx####.com:443/service/2/app_alert_check/?aid=####&tt_info...
  • basefil####.oss-cn-####.aliy####.com:443/Video/ad_exchange_bd.json
  • basefil####.oss-cn-####.aliy####.com:443/Video/version_dm2_00012_221.json
  • hw2.a.kw####.####.com/upic/2022/01/20/16/BMjAyMjAxMjAxNjE3NDlfMTQ4Njc5Nj...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220302-151536-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220309-173808-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220317-170318-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220323-144446-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220327-121659-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220328-192139-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220329-213150-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220401-163106-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220424-115557-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220424-115558-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220215-172837-radar-...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220301-190615-log.br...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220311-180358-ts-pol...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220322-113729-favico...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220324-105734-radar-...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220324-210414-radar-...
  • p####.ad####.com.####.com:443/kos/nlav11213/supercard-zip/20220413-16192...
  • qzs.gd####.com.####.com:443/union/res/union_temp_v2/page/ANTempMob/tempM...
  • qzs.gd####.com.####.com:443/union/res/union_temp_v2/page/ANTempMob/video...
  • st####.yx####.com.####.net:443/s1/htmls/ad-union-splash-page/ad-union-sp...
  • st####.yx####.com.####.net:443/udata/pkg/KS-Android-KSAdSDk/ks_so-appSta...
  • st####.yx####.com.####.net:443/udata/pkg/commercial_res_test/ks_so-Tachi...
HTTP POST requests:
  • al####.st####.yx####.com:443/service/2/app_log/?device_platform=####&ver...
  • al####.st####.yx####.com:443/service/2/device_register/?aid=####&tt_info...
  • al####.st####.yx####.com:443/service/2/device_register_only/?aid=####&tt...
  • al####.st####.yx####.com:443/service/2/log_settings/?device_platform=####
  • o####.e.kuai####.com:443/rest/e/v3/open/appCheck
  • o####.e.kuai####.com:443/rest/e/v3/open/config
  • o####.e.kuai####.com:443/rest/e/v3/open/feed
  • o####.e.kuai####.com:443/rest/e/v3/open/sdk/js2
  • o####.e.kuai####.com:443/rest/e/v3/open/sdk2
  • o####.e.kuai####.com:443/rest/e/v3/open/univ
  • q####.tc.qq.com:443/union/res/union_temp_v2/page/ANTempMob/tempMob.packa...
  • s####.e.qq.com/activate
  • s####.e.qq.com:443/event
  • s####.e.qq.com:443/perf
  • t####.m.qq.com:443/?mc=####
File system changes:
Creates the following files:
  • /data/data/####/.cl
  • /data/data/####/.fsgkea
  • /data/data/####/.jg.ac
  • /data/data/####/.jg.ri
  • /data/data/####/.jg.store.report_cf
  • /data/data/####/.jg.store.report_pid
  • /data/data/####/.old_file_converted
  • /data/data/####/.turing.dat
  • /data/data/####/105498_auMini_1
  • /data/data/####/20211021-103118-start.zip.temp
  • /data/data/####/20220112-113600-ad-union-video-black-style.zip.temp
  • /data/data/####/20220124-103524-ad-union-middle-page.zip
  • /data/data/####/20220124-103524-ad-union-middle-page.zip.temp
  • /data/data/####/20220215-172837-radar-test.js.zip.temp
  • /data/data/####/20220301-190615-log.browser-full.min.js.zip.temp
  • /data/data/####/20220302-151536-ad-union-video-banner.zip (deleted)
  • /data/data/####/20220302-151536-ad-union-video-banner.zip.temp
  • /data/data/####/20220309-173808-ad-union-stimulate-video-page.zip
  • /data/data/####/20220309-173808-ad-union-stimulate-video-page.zip.temp
  • /data/data/####/20220311-180358-ts-polyfill.min.js.zip.temp
  • /data/data/####/20220317-170318-ad-union-video-draw.zip
  • /data/data/####/20220317-170318-ad-union-video-draw.zip.temp
  • /data/data/####/20220322-113729-favicon.ico.zip.temp
  • /data/data/####/20220323-144446-ad-union-download-confirm.zip.temp
  • /data/data/####/20220323-144446-ad-union-download-popup.zip.temp
  • /data/data/####/20220324-105734-radar-master.js.zip.temp
  • /data/data/####/20220324-210414-radar-gray.js.zip.temp
  • /data/data/####/20220327-121659-ad-union-end-card.zip
  • /data/data/####/20220327-121659-ad-union-end-card.zip.temp
  • /data/data/####/20220328-192139-ad-union-video-banner.zip.temp
  • /data/data/####/20220329-213150-ad-union-video-banner.zip
  • /data/data/####/20220329-213150-ad-union-video-banner.zip.temp
  • /data/data/####/20220401-163106-ad-union-stimulate-backflow.zip.temp
  • /data/data/####/20220413-161927-AdIcon-index.zip.temp
  • /data/data/####/20220413-161927-AppIcon-index.zip.temp
  • /data/data/####/20220413-161927-Button-index.zip
  • /data/data/####/20220413-161927-Button-index.zip.temp
  • /data/data/####/20220413-161927-Card-index.zip.temp
  • /data/data/####/20220413-161927-Container-index.zip.temp
  • /data/data/####/20220413-161927-Des-index.zip
  • /data/data/####/20220413-161927-Des-index.zip.temp
  • /data/data/####/20220413-161927-DownloadCount-index.zip (deleted)
  • /data/data/####/20220413-161927-DownloadCount-index.zip.temp
  • /data/data/####/20220413-161928-Star-index.zip
  • /data/data/####/20220413-161928-Star-index.zip.temp
  • /data/data/####/20220413-161928-Tags-index.zip (deleted)
  • /data/data/####/20220413-161928-Tags-index.zip.temp
  • /data/data/####/20220413-161928-Title-index.zip.temp
  • /data/data/####/20220413-161928-bridge.zip (deleted)
  • /data/data/####/20220413-161928-indexHtml.zip.temp
  • /data/data/####/20220413-161928-runtime.zip.temp
  • /data/data/####/20220413-161928-vendor.zip
  • /data/data/####/20220413-161928-vendor.zip.temp
  • /data/data/####/20220424-115557-ad-union-video-banner.zip.temp
  • /data/data/####/20220424-115558-ad-union-feed-template.zip.temp
  • /data/data/####/20220424-115558-ad-union-interstitial.zip.temp
  • /data/data/####/3902.yaqcookie
  • /data/data/####/72e53dd90fd205d8b5dbbb4adc15dfff_0
  • /data/data/####/7d92d75c7aa0784b9baecd3e48879a4e-4019-4019.apk
  • /data/data/####/8c150cf0db47ea9f585cea041ab86c34_0
  • /data/data/####/AdIcon-index.chunk.1f24b5f36b530abcf6b2.js
  • /data/data/####/AdIcon-index.chunk.1f24b5f36b530abcf6b2.js.map
  • /data/data/####/AppIcon-index.chunk.f8d3d7bcde7fe4dc6018.js
  • /data/data/####/AppIcon-index.chunk.f8d3d7bcde7fe4dc6018.js.map
  • /data/data/####/BuglySdkInfos.xml
  • /data/data/####/Button-index.chunk.52ec2fc75d16bd4c267f.js
  • /data/data/####/Button-index.chunk.52ec2fc75d16bd4c267f.js.map
  • /data/data/####/Card-index.chunk.273ecc488cbee86590f7.js
  • /data/data/####/Card-index.chunk.273ecc488cbee86590f7.js.map
  • /data/data/####/Container-index.chunk.517297c68b4575eb79d3.js
  • /data/data/####/Container-index.chunk.517297c68b4575eb79d3.js.map
  • /data/data/####/Des-index.chunk.53a79d03418ef2a314ad.js
  • /data/data/####/Des-index.chunk.53a79d03418ef2a314ad.js.map
  • /data/data/####/DownloadCount-index.chunk.af0c6aec8348df5e2564.js
  • /data/data/####/DownloadCount-index.chunk.af0c6aec8348df5e2564.js.map
  • /data/data/####/LOCAL_APP_STATUS_RULES_JSON
  • /data/data/####/PowerAssistService_native_clean
  • /data/data/####/PowerAssistService_native_other
  • /data/data/####/PowerAssistService_service_clean
  • /data/data/####/PowerAssistService_service_other
  • /data/data/####/PowerCleanService_native_assist
  • /data/data/####/PowerCleanService_native_other
  • /data/data/####/PowerCleanService_service_assist
  • /data/data/####/PowerCleanService_service_other
  • /data/data/####/PowerOtherService_native_assist
  • /data/data/####/PowerOtherService_native_clean
  • /data/data/####/PowerOtherService_service_assist
  • /data/data/####/PowerOtherService_service_clean
  • /data/data/####/Star-index.chunk.4aba3b1b9e477de0f66b.js
  • /data/data/####/Star-index.chunk.4aba3b1b9e477de0f66b.js.map
  • /data/data/####/Tags-index.chunk.17a47374caf726b5fae5.js
  • /data/data/####/Tags-index.chunk.17a47374caf726b5fae5.js.map
  • /data/data/####/Title-index.chunk.f86f0c5f4e095e87c777.js
  • /data/data/####/Title-index.chunk.f86f0c5f4e095e87c777.js.map
  • /data/data/####/Web Data
  • /data/data/####/Web Data-journal
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/_manifest_.json
  • /data/data/####/ab92714ed7f9433f0d3d3ecaf1361f975f6f7cdc9583d31....0.tmp
  • /data/data/####/ad-union-download-confirm-80f255dc73.html
  • /data/data/####/ad-union-download-confirm.4f1ceb08c047d5af5d5b.js
  • /data/data/####/ad-union-download-popup-b6c7f1742f.html
  • /data/data/####/ad-union-download-popup.a647e46d42535d84c9dc.js
  • /data/data/####/ad-union-end-card-0d05ecc958.html
  • /data/data/####/ad-union-end-card.aef22572017134bfb7bd.js
  • /data/data/####/ad-union-feed-template-02eb417042.html
  • /data/data/####/ad-union-feed-template-d2ca3f29e6.html
  • /data/data/####/ad-union-feed-template.6e143589a7ab79322aea.js
  • /data/data/####/ad-union-feed-template.fa4da9bdfef7f08ad7c6.js
  • /data/data/####/ad-union-interstitial-790a050801.html
  • /data/data/####/ad-union-interstitial-d3e6632af3.html
  • /data/data/####/ad-union-interstitial.de041feacc4b88476b56.js
  • /data/data/####/ad-union-interstitial.fe8b3875e68d6160c47e.js
  • /data/data/####/ad-union-middle-page-4688fcd6a1.html
  • /data/data/####/ad-union-middle-page.6e5a2b63ef411e19ac94.js
  • /data/data/####/ad-union-middle-page.6e5a2b63ef411e19ac94.js.map
  • /data/data/####/ad-union-stimulate-backflow-968ff8d2c6.html
  • /data/data/####/ad-union-stimulate-backflow.9dc4db50450dc0be72af.js
  • /data/data/####/ad-union-stimulate-video-page-7f1f3fc9ca.html
  • /data/data/####/ad-union-stimulate-video-page-fa9b4ec14a.html
  • /data/data/####/ad-union-stimulate-video-page.c2e28d844eabd870ea72.js
  • /data/data/####/ad-union-stimulate-video-page.d0f8656d6dc6b33a9bc2.js
  • /data/data/####/ad-union-stimulate-video-page.d0f8656d6dc6b33a9bc2.js.map
  • /data/data/####/ad-union-video-banner-3b74e70b30.html
  • /data/data/####/ad-union-video-banner-4366120768.html
  • /data/data/####/ad-union-video-banner-665a8cc71f.html
  • /data/data/####/ad-union-video-banner-7ad726ee61.html
  • /data/data/####/ad-union-video-banner-998915e7ba.html
  • /data/data/####/ad-union-video-banner.0ecdeb0279acd52709c8.js
  • /data/data/####/ad-union-video-banner.3a9f2c3008daf38dc807.js
  • /data/data/####/ad-union-video-banner.52207dd4b51b732fe49d.js
  • /data/data/####/ad-union-video-banner.a1f44a958e34037df21a.js
  • /data/data/####/ad-union-video-banner.d692d25f4ddee1e2d5a9.js
  • /data/data/####/ad-union-video-black-style-7b802ee351.html
  • /data/data/####/ad-union-video-black-style-ee372c5c69.html
  • /data/data/####/ad-union-video-black-style.6753b49518eaf0c44ec2.js
  • /data/data/####/ad-union-video-black-style.6753b49518eaf0c44ec2.js.map
  • /data/data/####/ad-union-video-black-style.a767faf39c9e6589d375.js
  • /data/data/####/ad-union-video-draw-19ead5d0a5.html
  • /data/data/####/ad-union-video-draw-5d1f259b35.html
  • /data/data/####/ad-union-video-draw.230ae1783ff461ee5472.js
  • /data/data/####/ad-union-video-draw.230ae1783ff461ee5472.js.map
  • /data/data/####/ad-union-video-draw.ddf59076aa0e201a6be6.js
  • /data/data/####/applog_stats.xml
  • /data/data/####/base-1.apk
  • /data/data/####/base-1.dex
  • /data/data/####/base-1.dex.flock (deleted)
  • /data/data/####/bd_tea_agent.db
  • /data/data/####/bd_tea_agent.db-journal
  • /data/data/####/bdtracker_dr_migrate_detector.xml
  • /data/data/####/bg.0545116.png
  • /data/data/####/bg.2ff5c63.png
  • /data/data/####/bg.5063005.png
  • /data/data/####/bg.ab0c34c.png
  • /data/data/####/bg.f0cbf69.png
  • /data/data/####/bridge.b28cc294c8f76f80cf6c.js
  • /data/data/####/bridge.b28cc294c8f76f80cf6c.js.map
  • /data/data/####/classes.dex
  • /data/data/####/classes.dex;classes2.dex
  • /data/data/####/classes.dex;classes3.dex
  • /data/data/####/classes.dex;classes4.dex
  • /data/data/####/classes.oat
  • /data/data/####/com.hai.video.bd_preferences.xml
  • /data/data/####/com.qq.e.sdkconfig.xml
  • /data/data/####/com.qq.e.sdkconfig.xml.bak
  • /data/data/####/d04f142d686de394746c6a9ecd9a5e94-49c99a9dd9184f...1.conf
  • /data/data/####/d04f142d686de394746c6a9ecd9a5e94-49c99a9dd9184f...2-4321
  • /data/data/####/default_bg.webp
  • /data/data/####/devCloudSetting.cfg
  • /data/data/####/devCloudSetting.sig
  • /data/data/####/favicon.ico
  • /data/data/####/feed_splash.html
  • /data/data/####/finger.ccff811.png
  • /data/data/####/gdt_config.cfg
  • /data/data/####/gdt_plugin.dex
  • /data/data/####/gdt_plugin.dex.flock (deleted)
  • /data/data/####/gdt_plugin.jar
  • /data/data/####/gdt_plugin.jar.sig
  • /data/data/####/gdt_stat.db
  • /data/data/####/gdt_stat.db-journal
  • /data/data/####/gdt_suid
  • /data/data/####/header_custom.xml
  • /data/data/####/header_custom.xml.bak
  • /data/data/####/indicator2_d
  • /data/data/####/indicator2_d-c
  • /data/data/####/indicator2_p
  • /data/data/####/indicator2_p-c
  • /data/data/####/indicator_d
  • /data/data/####/indicator_d-c
  • /data/data/####/indicator_p
  • /data/data/####/indicator_p-c
  • /data/data/####/journal.tmp
  • /data/data/####/ksad_file_download.db
  • /data/data/####/ksad_file_download.db-journal
  • /data/data/####/ksadrep.db
  • /data/data/####/ksadrep.db-journal
  • /data/data/####/ksadsdk_JS_CONFIG.xml
  • /data/data/####/ksadsdk_config.xml
  • /data/data/####/ksadsdk_device_sig.xml
  • /data/data/####/ksadsdk_egid.xml
  • /data/data/####/ksadsdk_model.xml
  • /data/data/####/ksadsdk_pref.xml
  • /data/data/####/ksadsdk_rep.xml
  • /data/data/####/ksadsdk_seq.xml
  • /data/data/####/ksadsdk_splash_template_config.xml
  • /data/data/####/kscfg_outdfp.xml
  • /data/data/####/kssdk_api_pref.xml
  • /data/data/####/kssdk_api_pref.xml.bak
  • /data/data/####/kssdk_api_pref.xml.bak (deleted)
  • /data/data/####/kwappstatus-v7a1652227677558730919366.tmp
  • /data/data/####/last_sp_session.xml
  • /data/data/####/libMMANDKSignature.2c663a5c.so
  • /data/data/####/libPglmetasec_ml.so
  • /data/data/####/libavmdl_lite.so
  • /data/data/####/libkwad-fb.so
  • /data/data/####/libkwad-j2v8.so
  • /data/data/####/libkwad-yoga.so
  • /data/data/####/libkwappstatus.so
  • /data/data/####/libtobEmbedEncrypt.so
  • /data/data/####/libttmplayer_lite.so
  • /data/data/####/libturingau.2c663a5c.so
  • /data/data/####/libyaqbasic.2c663a5c.so
  • /data/data/####/libyaqpro.2c663a5c.so
  • /data/data/####/log.browser-full.min.js
  • /data/data/####/metrics_guid
  • /data/data/####/mpdc_105498_1
  • /data/data/####/packageIndex.json
  • /data/data/####/pangle_com.byted.pangle_bd_embed_tea_agent.db
  • /data/data/####/pangle_com.byted.pangle_bd_embed_tea_agent.db-journal
  • /data/data/####/pangle_com.byted.pangle_downloader.db
  • /data/data/####/pangle_com.byted.pangle_downloader.db-journal
  • /data/data/####/pangle_com.byted.pangle_embed_applog_stats.xml
  • /data/data/####/pangle_com.byted.pangle_embed_header_custom.xml
  • /data/data/####/pangle_com.byted.pangle_npth.xml
  • /data/data/####/pangle_com.byted.pangle_npth_log.db
  • /data/data/####/pangle_com.byted.pangle_npth_log.db-journal
  • /data/data/####/pangle_com.byted.pangle_snssdk_openudid.xml
  • /data/data/####/pangle_com.byted.pangle_sp_multi_ttadnet_config.xml
  • /data/data/####/pangle_com.byted.pangle_ss_app_config.xml
  • /data/data/####/pangle_com.byted.pangle_tt_ad_sdk_sp.xml
  • /data/data/####/pangle_com.byted.pangle_tt_ad_sdk_sp.xml.bak
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_settings.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_settings.xml.bak
  • /data/data/####/pangle_com.byted.pangle_tt_sp_app_env.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sp_app_list.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sp_app_list.xml.bak
  • /data/data/####/pangle_com.byted.pangle_ttnet_tnc_config1371.xml
  • /data/data/####/pangle_com.byted.pangle_ttopenadsdk.xml
  • /data/data/####/pangle_com.byted.pangle_ttopenadsdk.xml.bak
  • /data/data/####/pangle_com.byted.pangle_ttopensdk.db
  • /data/data/####/pangle_com.byted.pangle_ttopensdk.db-journal
  • /data/data/####/pangle_meta_data_sp.xml
  • /data/data/####/pangle_meta_data_sp.xml.bak
  • /data/data/####/pangle_meta_data_sp.xml.bak (deleted)
  • /data/data/####/proc_auxv
  • /data/data/####/radar-gray.js
  • /data/data/####/radar-master.js
  • /data/data/####/radar-test.js
  • /data/data/####/runtime.361e1c795932f964f8db.js
  • /data/data/####/runtime.361e1c795932f964f8db.js.map
  • /data/data/####/sdkCloudSetting.cfg
  • /data/data/####/sdkCloudSetting.sig
  • /data/data/####/snssdk_openudid.xml
  • /data/data/####/snssdk_openudid.xml.bak
  • /data/data/####/snssdk_openudid.xml.bak (deleted)
  • /data/data/####/sotk-v7a1652227630839728900038.tmp
  • /data/data/####/sotk-v7a16522276360161316426932.tmp
  • /data/data/####/sotk-v7a16522276360161316426932.tmp (deleted)
  • /data/data/####/style.04b357347e8daa077a49.css
  • /data/data/####/style.04b357347e8daa077a49.css.map
  • /data/data/####/style.09e34d4ee565029797db.css
  • /data/data/####/style.213361aa9afa9c8a9323.css
  • /data/data/####/style.30300cc4b8c375a12036.css
  • /data/data/####/style.34748890b4384cb6fd4f.css
  • /data/data/####/style.4c2beea561431e1fa114.css
  • /data/data/####/style.4c2beea561431e1fa114.css.map
  • /data/data/####/style.5e4ed3367652424bbcb5.css
  • /data/data/####/style.6ca3aae7595971121565.css
  • /data/data/####/style.76f56a094cbd4c0f38dd.css
  • /data/data/####/style.bb603ed2161cbae9b949.css
  • /data/data/####/style.c0ba3b84cf5b8504cb6e.css
  • /data/data/####/style.c78495f1bbe60638427d.css
  • /data/data/####/style.c78495f1bbe60638427d.css.map
  • /data/data/####/style.cfb5c8ead1647f96833c.css
  • /data/data/####/style.e2e16524e0b0db1b262b.css
  • /data/data/####/style.ede57f68ad1803314e61.css
  • /data/data/####/style.f32c707aed0f14dedb15.css
  • /data/data/####/style.f32c707aed0f14dedb15.css.map
  • /data/data/####/style.faf0e4f59587e06da419.css
  • /data/data/####/svga.e68b8be342a2ad97a315.js
  • /data/data/####/texture-btn-red.dc51548.png
  • /data/data/####/ts-polyfill.min.js
  • /data/data/####/turingfd_conf_105498_auMini.xml
  • /data/data/####/turingfd_conf_105498_auMini.xml.bak
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/ug_install_settings_pref.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_config.xml.bak
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/update.lock
  • /data/data/####/update_lc
  • /data/data/####/vendor.02f2abd6f2323770cbaf.js
  • /data/data/####/vendor.17dbe6524afef8449b5e.js
  • /data/data/####/vendor.17dbe6524afef8449b5e.js.map
  • /data/data/####/vendor.32a6956073d8bbd292b7.js
  • /data/data/####/vendor.32a6956073d8bbd292b7.js.map
  • /data/data/####/vendor.3c883e55b5312583b233.js
  • /data/data/####/vendor.c794f528773d4661f245.js
  • /data/data/####/vendor.c8cf2655fdeb44d9120b.js
  • /data/data/####/vendor.c8cf2655fdeb44d9120b.js.map
  • /data/data/####/video_data.xml
  • /data/data/####/xx_sp.xml
  • /data/data/####/yaq.2c663a5c.sec
  • /data/data/####/yaq2.2c663a5c.sec
  • /data/data/####/yaq3_0.2c663a5c.sec
  • /data/data/####/yaqsdkcookie
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/df
  • /system/bin/getprop
  • /system/bin/sh
  • app_process32 / c.j.a.f.h AgAAAEcAAAAvAGQAYQB0AGEALwB1AHMAZQByAC8AMAAvAGMAbwBtAC4AaABhAGkALgB2AGkAZABlAG8ALgBiAGQALwBhAHAAcABfAFQAbQBwAEQAaQByAC8AUABvAHcAZQByAEMAbABlAGEAbgBTAGUAcgB2AGkAYwBlAF8AbgBhAHQAaQB2AGUAXwBvAHQAaABlAHIAAABIAAAALwBkAGEAdABhAC8AdQBzAGUAcgAvADAALwBjAG8AbQAuAGgAYQBpAC4AdgBpAGQAZQBvAC4AYgBkAC8AYQBwAHAAXwBUAG0AcABEAGkAcgAvAFAAbwB3AGUAcgBBAHMAcwBpAHMAdABTAGUAcgB2AGkAYwBlAF8AbgBhAHQAaQB2AGUAXwBvAHQAaABlAHIAAAAAAAUAAABvAHQAaABlAHIAAAABAAAA/////wAAAAD/////AAAAAP////8QAAAAYwBvAG0ALgBoAGEAaQAuAHYAaQBkAGUAbwAuAGIAZAAAAAAAKgAAAGMAbwBtAC4AZABvAHQAYwAuAGsAZQBlAHAAbABpAHYAZQAuAHAAbwB3AGUAcgAuAFAAbwB3AGUAcgBFAHgAcABvAHIAdABTAGUAcgB2AGkAYwBlAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAAABAAAAIQAAAGEAbgBkAHIAbwBpAGQAeAAuAGMAbwByAGUALgBhAHAAcAAuAFUAUABEAEEAVABFAF8AUgBFAEMARQBJAFYARQBSAAAAAAAAAP////8AAAAAEAAAAGMAbwBtAC4AaABhAGkALgB2AGkAZABlAG8ALgBiAGQAAAAAAP////8AAAAAAAAAAAAAAAAAAAAA/v///wAAAAABAAAA/////wAAAAD/////AAAAAP////8QAAAAYwBvAG0ALgBoAGEAaQAuAHYAaQBkAGUAbwAuAGIAZAAAAAAALAAAAGMAbwBtAC4AZABvAHQAYwAuAGsAZQBlAHAAbABpAHYAZQAuAHAAbwB3AGUAcgAuAFAAbwB3AGUAcgBJAG4AcwB0AHIAdQBtAGUAbgB0AGEAdABpAG8AbgAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA --application --nice-name=other --daemon
  • app_process32 / c.j.a.f.h AgAAAEgAAAAvAGQAYQB0AGEALwB1AHMAZQByAC8AMAAvAGMAbwBtAC4AaABhAGkALgB2AGkAZABlAG8ALgBiAGQALwBhAHAAcABfAFQAbQBwAEQAaQByAC8AUABvAHcAZQByAEEAcwBzAGkAcwB0AFMAZQByAHYAaQBjAGUAXwBuAGEAdABpAHYAZQBfAGMAbABlAGEAbgAAAAAARwAAAC8AZABhAHQAYQAvAHUAcwBlAHIALwAwAC8AYwBvAG0ALgBoAGEAaQAuAHYAaQBkAGUAbwAuAGIAZAAvAGEAcABwAF8AVABtAHAARABpAHIALwBQAG8AdwBlAHIATwB0AGgAZQByAFMAZQByAHYAaQBjAGUAXwBuAGEAdABpAHYAZQBfAGMAbABlAGEAbgAAAAUAAABjAGwAZQBhAG4AAAABAAAA/////wAAAAD/////AAAAAP////8QAAAAYwBvAG0ALgBoAGEAaQAuAHYAaQBkAGUAbwAuAGIAZAAAAAAAKgAAAGMAbwBtAC4AZABvAHQAYwAuAGsAZQBlAHAAbABpAHYAZQAuAHAAbwB3AGUAcgAuAFAAbwB3AGUAcgBFAHgAcABvAHIAdABTAGUAcgB2AGkAYwBlAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAAABAAAAIQAAAGEAbgBkAHIAbwBpAGQAeAAuAGMAbwByAGUALgBhAHAAcAAuAFUAUABEAEEAVABFAF8AUgBFAEMARQBJAFYARQBSAAAAAAAAAP////8AAAAAEAAAAGMAbwBtAC4AaABhAGkALgB2AGkAZABlAG8ALgBiAGQAAAAAAP////8AAAAAAAAAAAAAAAAAAAAA/v///wAAAAABAAAA/////wAAAAD/////AAAAAP////8QAAAAYwBvAG0ALgBoAGEAaQAuAHYAaQBkAGUAbwAuAGIAZAAAAAAALAAAAGMAbwBtAC4AZABvAHQAYwAuAGsAZQBlAHAAbABpAHYAZQAuAHAAbwB3AGUAcgAuAFAAbwB3AGUAcgBJAG4AcwB0AHIAdQBtAGUAbgB0AGEAdABpAG8AbgAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAA --application --nice-name=clean --daemon
  • app_process32 / c.j.a.f.h AgAAAEgAAAAvAGQAYQB0AGEALwB1AHMAZQByAC8AMAAvAGMAbwBtAC4AaABhAGkALgB2AGkAZABlAG8ALgBiAGQALwBhAHAAcABfAFQAbQBwAEQAaQByAC8AUABvAHcAZQByAEMAbABlAGEAbgBTAGUAcgB2AGkAYwBlAF8AbgBhAHQAaQB2AGUAXwBhAHMAcwBpAHMAdAAAAAAASAAAAC8AZABhAHQAYQAvAHUAcwBlAHIALwAwAC8AYwBvAG0ALgBoAGEAaQAuAHYAaQBkAGUAbwAuAGIAZAAvAGEAcABwAF8AVABtAHAARABpAHIALwBQAG8AdwBlAHIATwB0AGgAZQByAFMAZQByAHYAaQBjAGUAXwBuAGEAdABpAHYAZQBfAGEAcwBzAGkAcwB0AAAAAAAGAAAAYQBzAHMAaQBzAHQAAAAAAAEAAAD/////AAAAAP////8AAAAA/////xAAAABjAG8AbQAuAGgAYQBpAC4AdgBpAGQAZQBvAC4AYgBkAAAAAAAqAAAAYwBvAG0ALgBkAG8AdABjAC4AawBlAGUAcABsAGkAdgBlAC4AcABvAHcAZQByAC4AUABvAHcAZQByAEUAeABwAG8AcgB0AFMAZQByAHYAaQBjAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAD+////AAAAAAEAAAAhAAAAYQBuAGQAcgBvAGkAZAB4AC4AYwBvAHIAZQAuAGEAcABwAC4AVQBQAEQAQQBUAEUAXwBSAEUAQwBFAEkAVgBFAFIAAAAAAAAA/////wAAAAAQAAAAYwBvAG0ALgBoAGEAaQAuAHYAaQBkAGUAbwAuAGIAZAAAAAAA/////wAAAAAAAAAAAAAAAAAAAAD+////AAAAAAEAAAD/////AAAAAP////8AAAAA/////xAAAABjAG8AbQAuAGgAYQBpAC4AdgBpAGQAZQBvAC4AYgBkAAAAAAAsAAAAYwBvAG0ALgBkAG8AdABjAC4AawBlAGUAcABsAGkAdgBlAC4AcABvAHcAZQByAC4AUABvAHcAZQByAEkAbgBzAHQAcgB1AG0AZQBuAHQAYQB0AGkAbwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAAA= --application --nice-name=assist --daemon
  • cat /sys/class/net/wlan0/address
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.letv.release.version
  • getprop ro.miui.ui.version.name
  • getprop ro.product.system.manufacturer
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.build.display.id
  • getprop ro.vivo.os.version
  • sh
Loads the following dynamic libraries:
  • libEncryptorP
  • libMMANDKSignature.2c663a5c
  • libPglmetasec_ml
  • libavmdl_lite
  • libc++_shared
  • libjiagu
  • libkwad-fb
  • libkwad-j2v8
  • libkwad-yoga
  • libkwappstatus
  • libleoric
  • libnets
  • libsgcore
  • libtobEmbedEncrypt
  • libturingau.2c663a5c
  • libyaqbasic.2c663a5c
  • libyaqpro.2c663a5c
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7PADDING
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play