Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Android.Packed.38468

Added to the Dr.Web virus database: 2018-06-15

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.657.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) l####.b####.com:80
  • TCP(HTTP/1.1) tfs.alipayo####.com:80
  • TCP(HTTP/1.1) s####.jom####.com:80
  • TCP(HTTP/1.1) l####.sope####.com:80
  • TCP(HTTP/1.1) 19.o####.com:80
  • TCP(HTTP/1.1) hm.b####.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) 39.1####.71.148:80
  • TCP(HTTP/1.1) dt.o####.com:80
  • TCP(HTTP/1.1) img.xin####.net:80
  • TCP(HTTP/1.1) yun-st####.sope####.com:80
  • TCP(HTTP/1.1) cdn.img.h####.top:80
  • TCP(HTTP/1.1) www.chin####.net:80
  • TCP(HTTP/1.1) www.j####.com:80
  • TCP(HTTP/1.1) m####.l####.com:80
  • TCP(HTTP/1.1) 1####.76.224.67:80
  • TCP(HTTP/1.1) loc.map.b####.com:80
  • TCP(HTTP/1.1) 47.92.1####.96:80
  • TCP(HTTP/1.1) m.o####.com:80
  • TCP(HTTP/1.1) d14uy7w####.cloudf####.net:80
  • TCP(HTTP/1.1) api.map.b####.com:80
  • TCP(HTTP/1.1) cm####.chin####.net.####.com:80
  • TCP(HTTP/1.1) st####.an####.org:80
  • TCP(HTTP/1.1) www.o####.com:80
  • TCP(TLS/1.0) tag.b####.com:443
  • TCP(TLS/1.0) z####.l####.top:443
  • TCP(TLS/1.0) c3####.xin####.com:443
  • TCP(TLS/1.0) img.xin####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
DNS requests:
  • 19.o####.com
  • api.map.b####.com
  • api.s####.b####.com
  • c3####.xin####.com
  • cdn.img.h####.top
  • cm####.chin####.net
  • d14uy7w####.cloudf####.net
  • dt.o####.com
  • hm.b####.com
  • i####.xin####.net
  • img.xin####.com
  • img.xin####.net
  • l####.b####.com
  • l####.sope####.com
  • loc.map.b####.com
  • m####.l####.com
  • m.o####.com
  • mt####.go####.com
  • p####.zhanz####.b####.com
  • r####.xin####.com
  • st####.an####.org
  • tag.b####.com
  • tfs.alipayo####.com
  • www.chin####.net
  • www.j####.com
  • www.o####.com
  • yun-st####.sope####.com
  • z####.l####.top
HTTP GET requests:
  • 19.o####.com/external_system_api/m_master_station_courses_tmp/?&is_free=...
  • api.map.b####.com/geocoder/v2/?ak=####&coordtype=####&output=####&locati...
  • cdn.img.h####.top/upload/201806/12/img/20180612151346798.png
  • cm####.chin####.net.####.com/statics/css/hcgw/favicon.ico?2018061####
  • cm####.chin####.net.####.com/statics/css/hcgw/reset_base.css?2018061####
  • cm####.chin####.net.####.com/statics/css/hcgw/style.css?2018061####
  • cm####.chin####.net.####.com/statics/css/hcgw/style_mobile_iPad.css
  • cm####.chin####.net.####.com/statics/images/hcgw/bg_news.png
  • cm####.chin####.net.####.com/statics/images/hcgw/eduPic01.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/eduPic02.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/eduPic03.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/eduPic05.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/flogo_hc.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/flogo_xuexi.jpg?2018061...
  • cm####.chin####.net.####.com/statics/images/hcgw/flogo_yongdao.png?20180...
  • cm####.chin####.net.####.com/statics/images/hcgw/gongfupic.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/logo.png
  • cm####.chin####.net.####.com/statics/images/hcgw/navbmline_h.jpg
  • cm####.chin####.net.####.com/statics/images/hcgw/navbmline_ng.jpg
  • cm####.chin####.net.####.com/statics/images/hcgw/navsearchnew.png
  • cm####.chin####.net.####.com/statics/images/hcgw/point.jpg
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_bhdx.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_bjjt.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_bjwgy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_by_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_bzxy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_cq_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_cslg.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_cz.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_czdx.png?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_czjd.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_czxxzyjs.png?201806...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_dbsf.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_dc_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_dzkj.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_fjgb.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_fzsf.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_hblgdx.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_hgd.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_hl_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_hn_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_hnsf.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_jd_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_jl_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_jlsf.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_jsdx.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_jskj.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_ludong.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_ly.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_lz.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_nd_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_nj.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_njgy.png?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_njxx.png?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_njykdx.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_qdny_h.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_qfsfdx.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_qingdao.jpg?2018061...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_qlgy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_rd_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_sdjm.png?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_sdkj.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_sdlg.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_sdny.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_sdyy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_sheg.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_shsf.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_tsxy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_tsysy_h.jpg?2018061...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_tzzy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_up.jpg
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_whkj.png?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_xbmz.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_xd_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_xnjt.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_xnzfdx.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_xsdx.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zc_h.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zgdz.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zghl.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zgsy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zgyy.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zjhy.png?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zn.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zzkj.png?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/sch_zzzf.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/serSystem.png
  • cm####.chin####.net.####.com/statics/images/hcgw/slidePic01.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/slidePic02.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/images/hcgw/slide_Cur.png
  • cm####.chin####.net.####.com/statics/images/hcgw/small-img1.png
  • cm####.chin####.net.####.com/statics/images/hcgw/weiboCode.jpg?2018061####
  • cm####.chin####.net.####.com/statics/images/hcgw/weixinCode.jpg?2018061#...
  • cm####.chin####.net.####.com/statics/js/hcgw/jquery-1.11.0.min.js
  • cm####.chin####.net.####.com/statics/js/hcgw/jquery.cookie.js
  • cm####.chin####.net.####.com/statics/js/hcgw/public.js?2018061####
  • cm####.chin####.net.####.com/statics/js/hcgw/slide.js
  • d14uy7w####.cloudf####.net/download/key
  • dt.o####.com/dcs4z5cx4100004v6ds8atsl2_4c9q/dcs.gif?WT.branch=####&dcssi...
  • dt.o####.com/dcs4z5cx4100004v6ds8atsl2_4c9q/dcs.gif?dcsredirect=####&WT....
  • hm.b####.com/h.js?ae0121e####
  • hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&et=####&ja=#...
  • hm.b####.com/hm.js?1c22a46####
  • img.xin####.net/Uploads/3950/Navigation/0/58bd2af42a379.png
  • img.xin####.net/Uploads/3950/Navigation/0/59194e426cc30.png
  • img.xin####.net/Uploads/3950/Navigation/0/59194e59ca035.png
  • img.xin####.net/Uploads/3950/Navigation/0/59194e709b2a5.png
  • img.xin####.net/Uploads/3950/Navigation/0/59194e86e3a4a.png
  • img.xin####.net/Uploads/3950/Navigation/149_142/58bd325106282.png
  • img.xin####.net/Uploads/3950/Navigation/149_142/58bd32674884e.png
  • img.xin####.net/Uploads/3950/Navigation/299_142/58bd2ff729f3f.png
  • img.xin####.net/Uploads/3950/Navigation/300_283/58bd2fe588e2e.png
  • img.xin####.net/Uploads/3950/Navigation/600_80/58bd2b1a74606.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2d5b8ef17.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2d69195e7.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2d7b92b2d.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2d896d3bd.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2efcca6a8.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2f300276a.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2f511cb4a.png
  • img.xin####.net/Uploads/3950/Navigation/75_75/58bd2f72eebe8.png
  • l####.b####.com/float/_l.js?siteid=####&bdclickid=####&bdcbid=####&refer...
  • l####.b####.com/float/log.gif?fType=####&name=####&t=####&uuid=####
  • l####.b####.com/lxb.js?sid=####
  • l####.sope####.com/20003383/10094063.js
  • m####.l####.com/monitor/s?c=a&i=20003383&v=55180ca19060aeef26b2a5fe0d8c5...
  • m.o####.com/
  • m.o####.com/favicon.ico
  • m.o####.com/statics/css/index2017.css?t=####
  • m.o####.com/statics/css/swiper.min.css
  • m.o####.com/statics/images/images2017/add1_0207.jpg
  • m.o####.com/statics/images/images2017/click.gif
  • m.o####.com/statics/images/images2017/close_03.png
  • m.o####.com/statics/images/images2017/foot_04.png
  • m.o####.com/statics/images/images2017/ht0207_bt_left.jpg
  • m.o####.com/statics/images/images2017/ht0207_bt_right.jpg
  • m.o####.com/statics/images/images2017/index17_ksrl.jpg
  • m.o####.com/statics/images/images2017/index17_rili.jpg
  • m.o####.com/statics/images/images2017/index17_zpcl.jpg
  • m.o####.com/statics/images/images2017/index17_zwcx.jpg
  • m.o####.com/statics/images/images2017/ksrl_ksxm.jpg
  • m.o####.com/statics/images/images2017/ksrl_span.gif
  • m.o####.com/statics/images/images2017/ksrl_time.gif
  • m.o####.com/statics/images/images2017/logo.gif
  • m.o####.com/statics/images/images2017/m_xtb_03.gif
  • m.o####.com/statics/images/images2017/m_xtb_07.gif
  • m.o####.com/statics/images/images2017/m_xtb_09.gif
  • m.o####.com/statics/images/images2017/m_xtb_11.gif
  • m.o####.com/statics/images/images2017/m_xtb_13.gif
  • m.o####.com/statics/images/images2017/m_xtb_15.gif
  • m.o####.com/statics/images/images2017/m_xtb_17.gif
  • m.o####.com/statics/images/images2017/m_xtb_19.gif
  • m.o####.com/statics/images/images2017/m_xtb_21.gif
  • m.o####.com/statics/images/images2017/new_btn1.jpg
  • m.o####.com/statics/images/images2017/new_btn10.jpg
  • m.o####.com/statics/images/images2017/new_btn2.jpg
  • m.o####.com/statics/images/images2017/new_btn3.jpg
  • m.o####.com/statics/images/images2017/new_btn4.jpg
  • m.o####.com/statics/images/images2017/new_btn5.jpg
  • m.o####.com/statics/images/images2017/new_btn6.jpg
  • m.o####.com/statics/images/images2017/new_btn7.jpg
  • m.o####.com/statics/images/images2017/new_btn8.jpg
  • m.o####.com/statics/images/images2017/new_btn9.jpg
  • m.o####.com/statics/images/images2017/off_foot.png
  • m.o####.com/statics/images/images2017/span_0207.gif
  • m.o####.com/statics/images/images2017/to-bot.png
  • m.o####.com/statics/images/images2017/to-top.png
  • m.o####.com/statics/images/images2017/zg_dayli.gif
  • m.o####.com/statics/images/images2017/zg_li.gif
  • m.o####.com/statics/js/jquery.SuperSlide.js
  • m.o####.com/statics/js/jquery.min.js
  • m.o####.com/statics/js/js2017.js?3####
  • m.o####.com/statics/js/phpdaohang.js?t=####
  • m.o####.com/statics/js/sdc_offcn_wapcode.js
  • m.o####.com/statics/js/swiper.min.js
  • m.o####.com/statics/js/zixianqq.js
  • s####.jom####.com/push.js
  • s####.jom####.com/s.gif?r=####&l=####
  • st####.an####.org/static/outer/js/aq_auth.js
  • t####.c####.q####.####.com/Uploads/3950/Links/0/58bcbe7f0d11b.jpg?imageV...
  • t####.c####.q####.####.com/Uploads/3950/Links/0/58bcbef890a17.jpg?imageV...
  • t####.c####.q####.####.com/Uploads/3950/Links/0/58bcbf437de82.jpg?imageV...
  • t####.c####.q####.####.com/Uploads/3950/Links/0/58bcbf8e22de6.jpg?imageV...
  • t####.c####.q####.####.com/Uploads/3950/Links/0/58bcbfdb967b8.jpg?imageV...
  • t####.c####.q####.####.com/Uploads/3950/Links/0/58bcc05abf977.jpg?imageV...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2af42a379.png
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2b1a74606.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2d5b8ef17.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2d69195e7.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2d7b92b2d.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2d896d3bd.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2efcca6a8.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2f300276a.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2f511cb4a.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2f72eebe8.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2fe588e2e.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd2ff729f3f.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd325106282.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/58bd32674884e.png?i...
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/59194e426cc30.png
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/59194e59ca035.png
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/59194e709b2a5.png
  • t####.c####.q####.####.com/Uploads/3950/Navigation/0/59194e86e3a4a.png
  • t####.c####.q####.####.com/Uploads/3950/Product/0/58ba73f2ef92e.jpg?imag...
  • t####.c####.q####.####.com/Uploads/3950/Product/0/58ba834de2c73.jpg?imag...
  • t####.c####.q####.####.com/Uploads/3950/Product/0/58ba843c328bd.jpg?imag...
  • t####.c####.q####.####.com/Uploads/3950/Product/0/58bcdb83c40c5.jpg?imag...
  • tfs.alipayo####.com/L1/71/1000/and/koubei/client/koubei_sh2345.apk
  • www.chin####.net/
  • www.j####.com/
  • www.j####.com/app/images/logo.png
  • www.j####.com/favicon.ico
  • www.j####.com/html/app/
  • www.j####.com/images/batb.png
  • www.j####.com/images/fxtb1.png
  • www.j####.com/images/fxtb3.png
  • www.j####.com/images/wx.jpg
  • www.j####.com/images/zxzx.png
  • www.j####.com/images_sj/2.jpg
  • www.j####.com/images_sj/Icon_03.png
  • www.j####.com/images_sj/Icon_05.png
  • www.j####.com/images_sj/Icon_07.png
  • www.j####.com/images_sj/Icon_10.png
  • www.j####.com/images_sj/dian.png
  • www.j####.com/images_sj/h_buoon.png
  • www.j####.com/images_sj/jia.png
  • www.j####.com/images_sj/log.png
  • www.j####.com/images_sj/tab.png
  • www.j####.com/images_sj/top.png
  • www.j####.com/index.php?m=####&c=####&specialid=####&pc_hash=####
  • www.j####.com/js/jquery-1.7.2.min.js
  • www.j####.com/style_sj/css/css.css
  • www.j####.com/style_sj/css/goole.css
  • www.j####.com/style_sj/js/index.js
  • www.j####.com/style_sj/js/jquery-1.7.2.min.js
  • www.j####.com/style_sj/js/jquery-finger-v0.1.0.min.js
  • www.j####.com/style_sj/js/modernizr-custom-v2.7.1.min.js
  • www.j####.com/uploadfile/2017/0302/20170302041519110.jpg
  • www.j####.com/uploadfile/2018/0330/20180330013116791.jpg
  • www.j####.com/uploadfile/2018/0330/20180330013154827.jpg
  • www.j####.com/uploadfile/2018/0404/20180404030316600.jpg
  • www.j####.com/uploadfile/2018/0413/20180413023801310.png
  • www.j####.com/uploadfile/2018/0413/20180413023923837.png
  • www.j####.com/uploadfile/2018/0509/20180509041946414.jpg
  • www.j####.com/uploadfile/2018/0511/20180511035918559.jpg
  • www.j####.com/uploadfile/2018/0615/20180615095610801.jpg
  • www.j####.com/zhuanti/2018/gaokaozhenti/css/css.css
  • www.j####.com/zhuanti/2018/gaokaozhenti/images/banner_01.jpg
  • www.j####.com/zhuanti/2018/gaokaozhenti/images/top1.png
  • www.j####.com/zhuanti/2018/gaokaozhenti/js/index.js?v=####
  • www.j####.com/zhuanti/css/animate.min.css
  • www.j####.com/zhuanti/css/goole.css
  • www.o####.com/
  • www.o####.com/caches/js/1049.js
  • www.o####.com/caches/js/1050.js
  • www.o####.com/caches/js/1051.js
  • www.o####.com/caches/js/1052.js
  • www.o####.com/caches/js/1053.js
  • www.o####.com/caches/js/1054.js
  • www.o####.com/caches/js/1055.js
  • www.o####.com/caches/js/1056.js
  • www.o####.com/caches/js/1057.js
  • www.o####.com/caches/js/1058.js
  • www.o####.com/caches/js/1139.js
  • www.o####.com/caches/js/1140.js
  • www.o####.com/caches/js/1141.js
  • www.o####.com/caches/js/1142.js
  • www.o####.com/caches/js/1143.js
  • www.o####.com/caches/js/1144.js
  • www.o####.com/caches/js/1145.js
  • www.o####.com/caches/js/1146.js
  • www.o####.com/caches/js/1147.js
  • www.o####.com/caches/js/1148.js
  • www.o####.com/caches/js/1149.js
  • www.o####.com/caches/js/1150.js
  • www.o####.com/caches/js/1151.js
  • www.o####.com/caches/js/1152.js
  • www.o####.com/caches/js/1153.js
  • www.o####.com/caches/js/1154.js
  • www.o####.com/caches/js/1155.js
  • www.o####.com/caches/js/1156.js
  • www.o####.com/caches/js/1157.js
  • www.o####.com/caches/js/1158.js
  • www.o####.com/caches/js/1159.js
  • www.o####.com/caches/js/1160.js
  • www.o####.com/caches/js/1161.js
  • www.o####.com/caches/js/1162.js
  • www.o####.com/caches/js/1163.js
  • www.o####.com/caches/js/1165.js
  • www.o####.com/caches/js/1166.js
  • www.o####.com/caches/js/1167.js
  • www.o####.com/caches/js/1168.js
  • www.o####.com/caches/js/1169.js
  • www.o####.com/caches/js/1170.js
  • www.o####.com/caches/js/1171.js
  • www.o####.com/caches/js/1172.js
  • www.o####.com/caches/js/1173.js
  • www.o####.com/caches/js/1174.js
  • www.o####.com/caches/js/1175.js
  • www.o####.com/caches/js/1176.js
  • www.o####.com/caches/js/1177.js
  • www.o####.com/caches/js/1178.js
  • www.o####.com/caches/js/1179.js
  • www.o####.com/caches/js/1181.js
  • www.o####.com/caches/js/1182.js
  • www.o####.com/caches/js/1185.js
  • www.o####.com/caches/js/1186.js
  • www.o####.com/caches/js/1187.js
  • www.o####.com/caches/js/1189.js
  • www.o####.com/caches/js/1190.js
  • www.o####.com/caches/js/1191.js
  • www.o####.com/caches/js/1192.js
  • www.o####.com/caches/js/1194.js
  • www.o####.com/caches/js/1195.js
  • www.o####.com/caches/js/1225.js
  • www.o####.com/caches/js/1226.js
  • www.o####.com/caches/js/1298.js
  • www.o####.com/caches/js/1299.js
  • www.o####.com/caches/js/745.js
  • www.o####.com/caches/js/748.js
  • www.o####.com/caches/js/916.js
  • www.o####.com/dl/2017/0824/20170824091531121.jpg
  • www.o####.com/dl/2017/0824/20170824091913169.jpg
  • www.o####.com/dl/2017/0918/20170918113545593.jpg
  • www.o####.com/dl/2017/1211/20171211023818956.jpg
  • www.o####.com/dl/2017/1225/20171225022406819.jpg
  • www.o####.com/dl/2018/0109/20180109091933740.jpg
  • www.o####.com/dl/2018/0208/20180208113054291.jpg
  • www.o####.com/dl/2018/0320/20180320041202105.jpg
  • www.o####.com/dl/2018/0329/20180329113835413.jpg
  • www.o####.com/dl/2018/0411/20180411120128695.png
  • www.o####.com/dl/2018/0427/20180427045250303.jpg
  • www.o####.com/dl/2018/0427/20180427045618556.png
  • www.o####.com/dl/2018/0427/20180427051157288.png
  • www.o####.com/dl/2018/0511/20180511073540106.jpg
  • www.o####.com/dl/2018/0529/20180529120002247.jpg
  • www.o####.com/dl/2018/0529/20180529120134364.jpg
  • www.o####.com/dl/2018/0530/20180530015327463.jpg
  • www.o####.com/dl/2018/0530/20180530115719899.jpg
  • www.o####.com/dl/2018/0604/20180604095213985.jpg
  • www.o####.com/dl/2018/0612/20180612110339261.png
  • www.o####.com/dl/2018/0613/20180613060230104.jpg
  • www.o####.com/dl/2018/0613/20180613093540208.jpg
  • www.o####.com/dl/2018/0614/20180614094210757.jpg
  • www.o####.com/statics/css/index2015.css
  • www.o####.com/statics/css/index_news.css?t=####
  • www.o####.com/statics/css/topNewStyle.css?t=####
  • www.o####.com/statics/js/19kecheng.js
  • www.o####.com/statics/js/base.js?d####
  • www.o####.com/statics/js/bdbot.js
  • www.o####.com/statics/js/bdtop.js
  • www.o####.com/statics/js/gksearch.js
  • www.o####.com/statics/js/gzbot.js
  • www.o####.com/statics/js/index2015.js?3####
  • www.o####.com/statics/js/index_cygj.js
  • www.o####.com/statics/js/index_java.js?1####
  • www.o####.com/statics/js/jquery.SuperSlide.2.1.1.js
  • www.o####.com/statics/js/jquery.jscrollpane.min.js
  • www.o####.com/statics/js/jquery.min.js
  • www.o####.com/statics/js/jquery.mousewheel.js
  • www.o####.com/statics/js/sdc_offcn_wap.js
  • www.o####.com/statics/webappservice/uaredirect.js?e####
  • yun-st####.sope####.com/131221/oms.css?17####
  • yun-st####.sope####.com/131221/oms.js?18####
HTTP POST requests:
  • loc.map.b####.com/offline_loc
  • loc.map.b####.com/sdk.php
Modified file system:
Creates the following files:
  • /data/data/####/-fLEacg6xdA1cW7pT1WDDhZKfTI.1511391269.tmp
  • /data/data/####/-uKbfd3Uih8A7Z4_91otN3hqZiw.-517424011.tmp
  • /data/data/####/.jg.ic
  • /data/data/####/0P_0U008h6H5tzM01v9DSxquSbU.2093384209.tmp
  • /data/data/####/30f28fd9-2165-4d24-b380-f443beb448e6
  • /data/data/####/4au5pOjG73_twJMXEMVyHXfb-lU.277043538.tmp
  • /data/data/####/4nNqjbMp3yvPB0SzXsHjlf7LahY.2001898024.tmp
  • /data/data/####/5.jar
  • /data/data/####/5JoY6__TiFwzR7w5mRs6n0-FE-Q.-1416908528.tmp
  • /data/data/####/5KwKOUw3GFo_aeJvX5HJkuz4uWE.-1703280000.tmp
  • /data/data/####/6.xml
  • /data/data/####/6AIZlwcu9frJxDTa-AWAFWRZcD8.1905392571.tmp
  • /data/data/####/6gJ_fnI4IK4vRbHbwQOZG3zHzEE.1242672429.tmp
  • /data/data/####/893-STDFgkznUcXAL9RkAPUOdk4.-788558139.tmp
  • /data/data/####/8f4dt0vitTXqq3MSrG9tHXuTGVI.-1894430925.tmp
  • /data/data/####/8fMaX89QzvyVBvgQUfW4QUkAZQE.704409341.tmp
  • /data/data/####/CTqWOg3CWd5KjkW5tlAFOuO_jK0.1034558768.tmp
  • /data/data/####/DBudiDK4666NijJ1hX5bd_Ji1KE.1761271304.tmp
  • /data/data/####/EGKPS0z8MGlqGypBlhL4oYi-qXA.-532486434.tmp
  • /data/data/####/GfBWNLM84a2FPj5oXcP0XS6qvPg.1584256184.tmp
  • /data/data/####/GstO-g5Opn6srtMmYMlH1YoshhI.570954966.tmp
  • /data/data/####/I4KbyOwl68IYw3fs0c6HR61v_gs.-189390636.tmp
  • /data/data/####/Jp9QlRDXED_GrRjOzQB-Nt1r668.2143742490.tmp
  • /data/data/####/L7Mh-blrGP94QNihdcpNha_XjBk.1851176448.tmp
  • /data/data/####/N7NLtFHSsQ45ZWRvOshcJBDg-lA.863693334.tmp
  • /data/data/####/NrxgvPPg5Jac88FLweiOByWrMew.-1829702397.tmp
  • /data/data/####/QhKHxyNBtIUdSRgAiXE_8FdSyjc.2050238522.tmp
  • /data/data/####/SUBOXLOG_
  • /data/data/####/T97BrZXWXqUqrTYG6y61kxeAI40.-1276359787.tmp
  • /data/data/####/TWP8S2OA9PCtYmGnd9lmD8iC6lk.582865391.tmp
  • /data/data/####/Y5Ji9s3KvcI7vyCrWb2PHjdeP6Y.1318447860.tmp
  • /data/data/####/Yz40gTfKrWV3YA7MsXpVZO76YSM.2048159495.tmp
  • /data/data/####/Z8ypMEFDzV3BusX-jtcPDZz54U0.1222225434.tmp
  • /data/data/####/ZorQRa-KnGczv88jaaq8nCFiAxE.-59321009.tmp
  • /data/data/####/_lL3WiBhRCkPviQqPbMsjWDwFSA.-1213374235.tmp
  • /data/data/####/cVr7ulLtnpvUeX6srzAQWkSvSF8.-1844726028.tmp
  • /data/data/####/com.gfdgdg.rgegrere.push_sync.xml
  • /data/data/####/com.gfdgdg.rgegrere.xml
  • /data/data/####/dfcb8d09-88cd-4b74-b146-334c3ad782b4.jar
  • /data/data/####/dso_deps
  • /data/data/####/dso_lock
  • /data/data/####/dso_manifest
  • /data/data/####/dso_state
  • /data/data/####/firll.dat
  • /data/data/####/frcL-_MlUCzu82vC4z1rQLoIed0.919053380.tmp
  • /data/data/####/g0EDkLUVrgOTE1tyG6MhNkx36TM.-201296944.tmp
  • /data/data/####/j9ut6mIufADrulC0FdL-JH8j8-M.1524906029.tmp
  • /data/data/####/k2K7lOzH_-O4GDIlBt0MRWkiUpI.1322493163.tmp
  • /data/data/####/kHJ-dPrxTfRlfXKxIlbNByncCdI.-120632984.tmp
  • /data/data/####/kr.xml
  • /data/data/####/libjiagu.so
  • /data/data/####/ofl.config
  • /data/data/####/ofl_location.db
  • /data/data/####/ofl_location.db-journal
  • /data/data/####/ofl_statistics.db
  • /data/data/####/ofl_statistics.db-journal
  • /data/data/####/plugin-deploy.jar
  • /data/data/####/plugin-deploy.key
  • /data/data/####/ppFE1NO3ufJWVQs656elR4qCcaU.711303189.tmp
  • /data/data/####/pst.xml
  • /data/data/####/t_u.db-journal
  • /data/data/####/update.xml
  • /data/data/####/vQGQ_LhrSrkGxxdy7oYvf0o_SN4.-265429722.tmp
  • /data/data/####/vbz.xml
  • /data/data/####/wSP5HH_dvky8iDa18lmTS1s9M7U.-81364365.tmp
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/data/####/zme6q5YRq5jYkmHSJ7igtzQtnz8.1892528837.tmp
  • /data/media/####/.cuid
  • /data/media/####/.nomedia
  • /data/media/####/4403f413879c3
  • /data/media/####/b.tmp
  • /data/media/####/c94a9a3f22727db2083a691f27600f20.apk
  • /data/media/####/conlts.dat
  • /data/media/####/ller.dat
  • /data/media/####/ls.db
  • /data/media/####/ls.db-journal
  • /data/media/####/test.0
  • /data/media/####/yalioaData.db
  • /data/media/####/yalioaData.db-journal
  • /data/media/####/yoh.dat
  • /data/media/####/yol.dat
  • /data/media/####/yom.dat
Miscellaneous:
Executes next shell scripts:
  • chmod 755 <Package Folder>/.jiagu/libjiagu.so
  • chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/c94a9a3f22727db2083a691f27600f20.apk
Loads the following dynamic libraries:
  • libfb
  • libimagepipeline
  • libjiagu
  • libreactnativejni
  • libreactnativejnifb
  • locSDK6a
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • RSA-ECB-PKCS1Padding
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about running applications.
Displays its own windows over windows of other applications.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android