Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Adware.Gexin.2401

Added to the Dr.Web virus database: 2018-09-11

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) a####.u####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) oc.u####.com:80
  • TCP(HTTP/1.1) m.mam####.com:80
  • TCP(HTTP/1.1) loc.map.b####.com:80
  • TCP(HTTP/1.1) www-####.b0.a####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(TLS/1.0) mama100####.b0.upa####.com:443
  • TCP(TLS/1.0) s####.map.b####.com:443
  • TCP(TLS/1.0) www-####.b0.a####.com:443
  • TCP(TLS/1.0) k####.eas####.com:443
  • TCP c####.g####.ig####.com:5225
  • TCP sdk.o####.t####.####.com:5224
DNS requests:
  • a####.u####.com
  • and####.b####.qq.com
  • c####.g####.ig####.com
  • c.sz.gt.####.com
  • i####.mam####.com
  • k####.eas####.com
  • loc.map.b####.com
  • m.mam####.com
  • mama100####.b0.upa####.com
  • oc.u####.com
  • s####.map.b####.com
  • sdk.c####.ig####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
HTTP GET requests:
  • m.mam####.com/o2o-web/home/getH5UpgradeZip?czipVer=####
  • m.mam####.com/o2o-web/home/queryCrmRegion?os=####&verNo=####
  • m.mam####.com/o2o-web/point/findOpSkuByZoneId?displayable=####&pageNo=##...
  • www-####.b0.a####.com/adBigPic/201808/2c91808265552b54016571a8d1350020.png
  • www-####.b0.a####.com/adBigPic/201809/2c918082657f5f1d0165a7d02496005e.jpg
  • www-####.b0.a####.com/course/expert/201612/201612301512407092.jpg
  • www-####.b0.a####.com/course/expert/201704/201704051500425962.png
  • www-####.b0.a####.com/mobile/201808/201808261005389475.png
  • www-####.b0.a####.com/site/mobile/product/bs/20180726/201807261603334985...
  • www-####.b0.a####.com/site/mobile/product/bs/20180831/201808311523165876...
  • www-####.b0.a####.com/site/mobile/product/bs/20180831/201808311526585167...
  • www-####.b0.a####.com/site/mobile/product/bs/20180905/201809051028591453...
HTTP POST requests:
  • a####.u####.com/app_logs
  • and####.b####.qq.com/rqd/async
  • and####.b####.qq.com/rqd/async?aid=####
  • loc.map.b####.com/sdk.php
  • m.mam####.com/e-online/theme/listByState
  • m.mam####.com/e-online/theme/tagRecommend
  • m.mam####.com/know/questionEssenceListInIndex.do
  • m.mam####.com/o2o-web/home/getAdvert
  • m.mam####.com/o2o-web/home/getPopWindowInfo
  • m.mam####.com/o2o-web/home/headFixations
  • m.mam####.com/o2o-web/home/queryVirualTSPUListRecommend
  • m.mam####.com/o2o/mall/getflashSaleList.do
  • m.mam####.com/sns/course/thousandFaceCourseList.do
  • m.mam####.com/sns/diary/pregnancy/getNextCheckupInfo.do
  • m.mam####.com/sns/diary/vaccineDetails/getByPersonal.do
  • m.mam####.com/sns/diary/vaccineDetails/getVaccineDetails.do
  • m.mam####.com/sns/magazine/getArticleToIndex.do
  • m.mam####.com/sns/recommendKnowledge.do
  • m.mam####.com/sns/specialist/normal/rtrvFirstDirectQuestion.do
  • m.mam####.com/sys/checkAppVerV260.action
  • m.mam####.com/sys/getAds.do
  • m.mam####.com/sys/getSysConf.do
  • m.mam####.com/sys/pinyou/install.do
  • oc.u####.com/v2/get_update_time
  • sdk.o####.p####.####.com/api.php?format=####&t=####
Modified file system:
Creates the following files:
  • /data/anr/traces.txt
  • /data/data/####/.imprint
  • /data/data/####/1002
  • /data/data/####/1004
  • /data/data/####/BUGLY_COMMON_VALUES.xml
  • /data/data/####/CMRequire.dat
  • /data/data/####/DVDirectory.cfg
  • /data/data/####/DVHotMap.cfg
  • /data/data/####/DVHotcity.cfg
  • /data/data/####/DVVersion.cfg
  • /data/data/####/DialogIDCache.xml
  • /data/data/####/HTML5.xml
  • /data/data/####/MotherShopHomeActivityNew.xml
  • /data/data/####/ResPack.rs
  • /data/data/####/VerDatset.dat
  • /data/data/####/__Baidu_Stat_SDK_SendRem.xml
  • /data/data/####/__local_ap_info_cache.json
  • /data/data/####/__local_last_session.json
  • /data/data/####/__local_stat_cache.json
  • /data/data/####/authStatus_com.mama100.android.member.xml
  • /data/data/####/authStatus_com.mama100.android.member;pushservice.xml
  • /data/data/####/authStatus_com.mama100.android.member;remote.xml
  • /data/data/####/bids.xml
  • /data/data/####/bugly_db_-journal
  • /data/data/####/bugly_db_legu-journal
  • /data/data/####/cities.xml
  • /data/data/####/com.mama100.android.member.BETA_VALUES.xml
  • /data/data/####/com.mama100.android.member.BETA_VALUES.xml.bak
  • /data/data/####/common.xml
  • /data/data/####/common.xml.bak
  • /data/data/####/crashrecord.xml
  • /data/data/####/crashrecord.xml.bak
  • /data/data/####/device_app_unchangable.xml
  • /data/data/####/device_id.xml.xml
  • /data/data/####/httpclient-req--1823303439.cache
  • /data/data/####/httpclient-req--1823303439.cache (deleted)
  • /data/data/####/hyt
  • /data/data/####/hyt-journal
  • /data/data/####/init.pid
  • /data/data/####/init_c.pid
  • /data/data/####/kefuinfo.xml
  • /data/data/####/libnfix.so
  • /data/data/####/libshella-2.9.0.2.so
  • /data/data/####/libufix.so
  • /data/data/####/local_crash_lock
  • /data/data/####/mama100-journal
  • /data/data/####/mapstyle.sty
  • /data/data/####/mix.dex
  • /data/data/####/mobclick_agent_cached_com.mama100.android.member693
  • /data/data/####/mobclick_agent_online_setting_com.mama100.andro...er.xml
  • /data/data/####/multidex.version.xml
  • /data/data/####/native_record_lock
  • /data/data/####/push.pid
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/response.xml
  • /data/data/####/run.pid
  • /data/data/####/satellitestyle.sty
  • /data/data/####/security_info
  • /data/data/####/statistics.xml
  • /data/data/####/sysconfig.xml
  • /data/data/####/trafficstyle.sty
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/vaccine.xml
  • /data/data/####/ver.dat
  • /data/media/####/-1059019489.0.tmp
  • /data/media/####/-1257300235.0.tmp
  • /data/media/####/-1547102158.0.tmp
  • /data/media/####/-1599441337.0.tmp
  • /data/media/####/-1742692142.0.tmp
  • /data/media/####/-1859552376.0.tmp
  • /data/media/####/-936699967.0.tmp
  • /data/media/####/.cuid
  • /data/media/####/.nomedia
  • /data/media/####/1425802582.0.tmp
  • /data/media/####/1513612520.0.tmp
  • /data/media/####/159075365.0.tmp
  • /data/media/####/1778194668.0.tmp
  • /data/media/####/1883887466.0.tmp
  • /data/media/####/1911194489.0.tmp
  • /data/media/####/201808261005389475.png
  • /data/media/####/20180901_newClient.zip
  • /data/media/####/240591515.0.tmp
  • /data/media/####/394219081.0.tmp
  • /data/media/####/52169728.0.tmp
  • /data/media/####/5_arrow2.png
  • /data/media/####/5_search.png
  • /data/media/####/612996678.0.tmp
  • /data/media/####/721163760.0.tmp
  • /data/media/####/78-EUC-H.bcmap
  • /data/media/####/78-EUC-V.bcmap
  • /data/media/####/78-H.bcmap
  • /data/media/####/78-RKSJ-H.bcmap
  • /data/media/####/78-RKSJ-V.bcmap
  • /data/media/####/78-V.bcmap
  • /data/media/####/78ms-RKSJ-H.bcmap
  • /data/media/####/78ms-RKSJ-V.bcmap
  • /data/media/####/83pv-RKSJ-H.bcmap
  • /data/media/####/90ms-RKSJ-H.bcmap
  • /data/media/####/90ms-RKSJ-V.bcmap
  • /data/media/####/90msp-RKSJ-H.bcmap
  • /data/media/####/90msp-RKSJ-V.bcmap
  • /data/media/####/90pv-RKSJ-H.bcmap
  • /data/media/####/90pv-RKSJ-V.bcmap
  • /data/media/####/918529762.0.tmp
  • /data/media/####/921573406.0.tmp
  • /data/media/####/Add-H.bcmap
  • /data/media/####/Add-RKSJ-H.bcmap
  • /data/media/####/Add-RKSJ-V.bcmap
  • /data/media/####/Add-V.bcmap
  • /data/media/####/Adobe-CNS1-0.bcmap
  • /data/media/####/Adobe-CNS1-1.bcmap
  • /data/media/####/Adobe-CNS1-2.bcmap
  • /data/media/####/Adobe-CNS1-3.bcmap
  • /data/media/####/Adobe-CNS1-4.bcmap
  • /data/media/####/Adobe-CNS1-5.bcmap
  • /data/media/####/Adobe-CNS1-6.bcmap
  • /data/media/####/Adobe-CNS1-UCS2.bcmap
  • /data/media/####/Adobe-GB1-0.bcmap
  • /data/media/####/Adobe-GB1-1.bcmap
  • /data/media/####/Adobe-GB1-2.bcmap
  • /data/media/####/Adobe-GB1-3.bcmap
  • /data/media/####/Adobe-GB1-4.bcmap
  • /data/media/####/Adobe-GB1-5.bcmap
  • /data/media/####/Adobe-GB1-UCS2.bcmap
  • /data/media/####/Adobe-Japan1-0.bcmap
  • /data/media/####/Adobe-Japan1-1.bcmap
  • /data/media/####/Adobe-Japan1-2.bcmap
  • /data/media/####/Adobe-Japan1-3.bcmap
  • /data/media/####/Adobe-Japan1-4.bcmap
  • /data/media/####/Adobe-Japan1-5.bcmap
  • /data/media/####/Adobe-Japan1-6.bcmap
  • /data/media/####/Adobe-Japan1-UCS2.bcmap
  • /data/media/####/Adobe-Korea1-0.bcmap
  • /data/media/####/Adobe-Korea1-1.bcmap
  • /data/media/####/Adobe-Korea1-2.bcmap
  • /data/media/####/Adobe-Korea1-UCS2.bcmap
  • /data/media/####/B5-H.bcmap
  • /data/media/####/B5-V.bcmap
  • /data/media/####/B5pc-H.bcmap
  • /data/media/####/B5pc-V.bcmap
  • /data/media/####/CNS-EUC-H.bcmap
  • /data/media/####/CNS-EUC-V.bcmap
  • /data/media/####/CNS1-H.bcmap
  • /data/media/####/CNS1-V.bcmap
  • /data/media/####/CNS2-H.bcmap
  • /data/media/####/CNS2-V.bcmap
  • /data/media/####/ETHK-B5-H.bcmap
  • /data/media/####/ETHK-B5-V.bcmap
  • /data/media/####/ETen-B5-H.bcmap
  • /data/media/####/ETen-B5-V.bcmap
  • /data/media/####/ETenms-B5-H.bcmap
  • /data/media/####/ETenms-B5-V.bcmap
  • /data/media/####/EUC-H.bcmap
  • /data/media/####/EUC-V.bcmap
  • /data/media/####/Ext-H.bcmap
  • /data/media/####/Ext-RKSJ-H.bcmap
  • /data/media/####/Ext-RKSJ-V.bcmap
  • /data/media/####/Ext-V.bcmap
  • /data/media/####/GB-EUC-H.bcmap
  • /data/media/####/GB-EUC-V.bcmap
  • /data/media/####/GB-H.bcmap
  • /data/media/####/GB-V.bcmap
  • /data/media/####/GBK-EUC-H.bcmap
  • /data/media/####/GBK-EUC-V.bcmap
  • /data/media/####/GBK2K-H.bcmap
  • /data/media/####/GBK2K-V.bcmap
  • /data/media/####/GBKp-EUC-H.bcmap
  • /data/media/####/GBKp-EUC-V.bcmap
  • /data/media/####/GBT-EUC-H.bcmap
  • /data/media/####/GBT-EUC-V.bcmap
  • /data/media/####/GBT-H.bcmap
  • /data/media/####/GBT-V.bcmap
  • /data/media/####/GBTpc-EUC-H.bcmap
  • /data/media/####/GBTpc-EUC-V.bcmap
  • /data/media/####/GBpc-EUC-H.bcmap
  • /data/media/####/GBpc-EUC-V.bcmap
  • /data/media/####/H.bcmap
  • /data/media/####/HKdla-B5-H.bcmap
  • /data/media/####/HKdla-B5-V.bcmap
  • /data/media/####/HKdlb-B5-H.bcmap
  • /data/media/####/HKdlb-B5-V.bcmap
  • /data/media/####/HKgccs-B5-H.bcmap
  • /data/media/####/HKgccs-B5-V.bcmap
  • /data/media/####/HKm314-B5-H.bcmap
  • /data/media/####/HKm314-B5-V.bcmap
  • /data/media/####/HKm471-B5-H.bcmap
  • /data/media/####/HKm471-B5-V.bcmap
  • /data/media/####/HKscs-B5-H.bcmap
  • /data/media/####/HKscs-B5-V.bcmap
  • /data/media/####/Hankaku.bcmap
  • /data/media/####/Hiragana.bcmap
  • /data/media/####/KSC-EUC-H.bcmap
  • /data/media/####/KSC-EUC-V.bcmap
  • /data/media/####/KSC-H.bcmap
  • /data/media/####/KSC-Johab-H.bcmap
  • /data/media/####/KSC-Johab-V.bcmap
  • /data/media/####/KSC-V.bcmap
  • /data/media/####/KSCms-UHC-H.bcmap
  • /data/media/####/KSCms-UHC-HW-H.bcmap
  • /data/media/####/KSCms-UHC-HW-V.bcmap
  • /data/media/####/KSCms-UHC-V.bcmap
  • /data/media/####/KSCpc-EUC-H.bcmap
  • /data/media/####/KSCpc-EUC-V.bcmap
  • /data/media/####/Katakana.bcmap
  • /data/media/####/LICENSE
  • /data/media/####/NWP-H.bcmap
  • /data/media/####/NWP-V.bcmap
  • /data/media/####/RKSJ-H.bcmap
  • /data/media/####/RKSJ-V.bcmap
  • /data/media/####/Roman.bcmap
  • /data/media/####/UniCNS-UCS2-H.bcmap
  • /data/media/####/UniCNS-UCS2-V.bcmap
  • /data/media/####/UniCNS-UTF16-H.bcmap
  • /data/media/####/UniCNS-UTF16-V.bcmap
  • /data/media/####/UniCNS-UTF32-H.bcmap
  • /data/media/####/UniCNS-UTF32-V.bcmap
  • /data/media/####/UniCNS-UTF8-H.bcmap
  • /data/media/####/UniCNS-UTF8-V.bcmap
  • /data/media/####/UniGB-UCS2-H.bcmap
  • /data/media/####/UniGB-UCS2-V.bcmap
  • /data/media/####/UniGB-UTF16-H.bcmap
  • /data/media/####/UniGB-UTF16-V.bcmap
  • /data/media/####/UniGB-UTF32-H.bcmap
  • /data/media/####/UniGB-UTF32-V.bcmap
  • /data/media/####/UniGB-UTF8-H.bcmap
  • /data/media/####/UniGB-UTF8-V.bcmap
  • /data/media/####/UniJIS-UCS2-H.bcmap
  • /data/media/####/UniJIS-UCS2-HW-H.bcmap
  • /data/media/####/UniJIS-UCS2-HW-V.bcmap
  • /data/media/####/UniJIS-UCS2-V.bcmap
  • /data/media/####/UniJIS-UTF16-H.bcmap
  • /data/media/####/UniJIS-UTF16-V.bcmap
  • /data/media/####/UniJIS-UTF32-H.bcmap
  • /data/media/####/UniJIS-UTF32-V.bcmap
  • /data/media/####/UniJIS-UTF8-H.bcmap
  • /data/media/####/UniJIS-UTF8-V.bcmap
  • /data/media/####/UniJIS2004-UTF16-H.bcmap
  • /data/media/####/UniJIS2004-UTF16-V.bcmap
  • /data/media/####/UniJIS2004-UTF32-H.bcmap
  • /data/media/####/UniJIS2004-UTF32-V.bcmap
  • /data/media/####/UniJIS2004-UTF8-H.bcmap
  • /data/media/####/UniJIS2004-UTF8-V.bcmap
  • /data/media/####/UniJISPro-UCS2-HW-V.bcmap
  • /data/media/####/UniJISPro-UCS2-V.bcmap
  • /data/media/####/UniJISPro-UTF8-V.bcmap
  • /data/media/####/UniJISX0213-UTF32-H.bcmap
  • /data/media/####/UniJISX0213-UTF32-V.bcmap
  • /data/media/####/UniJISX02132004-UTF32-H.bcmap
  • /data/media/####/UniJISX02132004-UTF32-V.bcmap
  • /data/media/####/UniKS-UCS2-H.bcmap
  • /data/media/####/UniKS-UCS2-V.bcmap
  • /data/media/####/UniKS-UTF16-H.bcmap
  • /data/media/####/UniKS-UTF16-V.bcmap
  • /data/media/####/UniKS-UTF32-H.bcmap
  • /data/media/####/UniKS-UTF32-V.bcmap
  • /data/media/####/UniKS-UTF8-H.bcmap
  • /data/media/####/UniKS-UTF8-V.bcmap
  • /data/media/####/V.bcmap
  • /data/media/####/WP-Symbol.bcmap
  • /data/media/####/add.png
  • /data/media/####/addBg.jpg
  • /data/media/####/addClick.png
  • /data/media/####/address.html
  • /data/media/####/address.png
  • /data/media/####/address_01.png
  • /data/media/####/angular-animate.js
  • /data/media/####/angular-animate.min.js
  • /data/media/####/angular-animate.min.js.map
  • /data/media/####/angular-aria.js
  • /data/media/####/angular-aria.min.js
  • /data/media/####/angular-aria.min.js.map
  • /data/media/####/angular-carousel.css
  • /data/media/####/angular-carousel.css.map
  • /data/media/####/angular-carousel.js
  • /data/media/####/angular-carousel.min-v0.2.3.css
  • /data/media/####/angular-carousel.min.css
  • /data/media/####/angular-carousel.min.js
  • /data/media/####/angular-cookies.js
  • /data/media/####/angular-cookies.min.js
  • /data/media/####/angular-cookies.min.js.map
  • /data/media/####/angular-csp.css
  • /data/media/####/angular-loader.js
  • /data/media/####/angular-loader.min.js
  • /data/media/####/angular-loader.min.js.map
  • /data/media/####/angular-masonry.js
  • /data/media/####/angular-masonry.min.js
  • /data/media/####/angular-messages.js
  • /data/media/####/angular-messages.min.js
  • /data/media/####/angular-messages.min.js.map
  • /data/media/####/angular-mocks.js
  • /data/media/####/angular-resource.js
  • /data/media/####/angular-resource.min.js
  • /data/media/####/angular-resource.min.js.map
  • /data/media/####/angular-route.js
  • /data/media/####/angular-route.min.js
  • /data/media/####/angular-route.min.js.map
  • /data/media/####/angular-sanitize.js
  • /data/media/####/angular-sanitize.min.js
  • /data/media/####/angular-sanitize.min.js.map
  • /data/media/####/angular-scenario.js
  • /data/media/####/angular-touch.js
  • /data/media/####/angular-touch.min.js
  • /data/media/####/angular-touch.min.js.map
  • /data/media/####/angular.js
  • /data/media/####/angular.min.js
  • /data/media/####/angular.min.js.map
  • /data/media/####/annotation-check.svg
  • /data/media/####/annotation-comment.svg
  • /data/media/####/annotation-help.svg
  • /data/media/####/annotation-insert.svg
  • /data/media/####/annotation-key.svg
  • /data/media/####/annotation-newparagraph.svg
  • /data/media/####/annotation-noicon.svg
  • /data/media/####/annotation-note.svg
  • /data/media/####/annotation-paragraph.svg
  • /data/media/####/app.db
  • /data/media/####/arrow.png
  • /data/media/####/arrowBig.png
  • /data/media/####/arrowGray.png
  • /data/media/####/arrowOrange.png
  • /data/media/####/arrowSmall.png
  • /data/media/####/arrowsmall.png
  • /data/media/####/audio.js
  • /data/media/####/audio.min.js
  • /data/media/####/back.png
  • /data/media/####/backtotop.png
  • /data/media/####/banner.png
  • /data/media/####/bannerDufault.png
  • /data/media/####/banner_bg.jpg
  • /data/media/####/bg1.png
  • /data/media/####/bg1new.png
  • /data/media/####/bg2.png
  • /data/media/####/bg2new.png
  • /data/media/####/biostime.common.js
  • /data/media/####/biostime.common.min.js
  • /data/media/####/brand.png
  • /data/media/####/brand01.png
  • /data/media/####/brand02.png
  • /data/media/####/brand03.png
  • /data/media/####/brand04.png
  • /data/media/####/brandBg.png
  • /data/media/####/brand_banner.png
  • /data/media/####/btn0.png
  • /data/media/####/btn1.png
  • /data/media/####/btn2.png
  • /data/media/####/btn3.png
  • /data/media/####/btn_01.png
  • /data/media/####/btn_08.png
  • /data/media/####/buildData.js
  • /data/media/####/by.png
  • /data/media/####/category.html
  • /data/media/####/category.png
  • /data/media/####/categoryDown.png
  • /data/media/####/categoryImg01.png
  • /data/media/####/categoryImg02.png
  • /data/media/####/categoryImg03.png
  • /data/media/####/categoryImg04.png
  • /data/media/####/categoryImg05.png
  • /data/media/####/categoryUp.png
  • /data/media/####/category_controller-06ef401e9d.js
  • /data/media/####/check.png
  • /data/media/####/checkOld.png
  • /data/media/####/choice.png
  • /data/media/####/choiceIcon.png
  • /data/media/####/classify.png
  • /data/media/####/clipboard.min.js
  • /data/media/####/clock.png
  • /data/media/####/close.png
  • /data/media/####/close1.png
  • /data/media/####/closeBtn.png
  • /data/media/####/closebtn.png
  • /data/media/####/coles.png
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.mama100.android.member.db
  • /data/media/####/coment.png
  • /data/media/####/common.css
  • /data/media/####/common.js
  • /data/media/####/common.min.js
  • /data/media/####/common1.css
  • /data/media/####/common4.1.css
  • /data/media/####/compatibility.js
  • /data/media/####/compressed.tracemonkey-pldi-09.pdf
  • /data/media/####/con.dat
  • /data/media/####/config.js
  • /data/media/####/config.min.js
  • /data/media/####/cordova.js
  • /data/media/####/cordova.min.js
  • /data/media/####/cordova_plugins.js
  • /data/media/####/coupon_list.html
  • /data/media/####/coupons.png
  • /data/media/####/cross_border_des.css
  • /data/media/####/cross_border_des.html
  • /data/media/####/cross_list.css
  • /data/media/####/cross_list.html
  • /data/media/####/cross_list_controller.js
  • /data/media/####/crossbugbanner.jpg
  • /data/media/####/cuppon_01.png
  • /data/media/####/cuppon_02.png
  • /data/media/####/customerServices.png
  • /data/media/####/dangmian.png
  • /data/media/####/debugger.js
  • /data/media/####/default.png
  • /data/media/####/defaultIMG.png
  • /data/media/####/defaultUser.png
  • /data/media/####/default_120.png
  • /data/media/####/default_150.png
  • /data/media/####/default_280.png
  • /data/media/####/default_284.png
  • /data/media/####/default_290.png
  • /data/media/####/default_600.png
  • /data/media/####/default_640.jpg
  • /data/media/####/default_product_pic.png
  • /data/media/####/delect.png
  • /data/media/####/delete.png
  • /data/media/####/desc.jpg
  • /data/media/####/detail.html
  • /data/media/####/detail_controller.js
  • /data/media/####/details.css
  • /data/media/####/details.html
  • /data/media/####/devid_data.txt
  • /data/media/####/dot.png
  • /data/media/####/down.png
  • /data/media/####/downSelected.png
  • /data/media/####/echarts.common.min.js
  • /data/media/####/edit.png
  • /data/media/####/encoderSwitch.png
  • /data/media/####/endTime.png
  • /data/media/####/enterMaternalShop.png
  • /data/media/####/errors.json
  • /data/media/####/es5-shim.min.js
  • /data/media/####/exchange_banner.png
  • /data/media/####/expert_default.png
  • /data/media/####/filterDown.png
  • /data/media/####/filterItemsSelected.png
  • /data/media/####/filterUp.png
  • /data/media/####/findbarButton-next-rtl.png
  • /data/media/####/findbarButton-next-rtl@2x.png
  • /data/media/####/findbarButton-next.png
  • /data/media/####/findbarButton-next@2x.png
  • /data/media/####/findbarButton-previous-rtl.png
  • /data/media/####/findbarButton-previous-rtl@2x.png
  • /data/media/####/findbarButton-previous.png
  • /data/media/####/findbarButton-previous@2x.png
  • /data/media/####/globalMessage.js
  • /data/media/####/gou.png
  • /data/media/####/grab.cur
  • /data/media/####/grabbing.cur
  • /data/media/####/guajinggouIcon.png
  • /data/media/####/guajinggouIcon01.png
  • /data/media/####/html_res.zip
  • /data/media/####/httpInterceptor.js
  • /data/media/####/iconLoading.gif
  • /data/media/####/icon_back_black.png
  • /data/media/####/icon_cart.png
  • /data/media/####/icon_contact.png
  • /data/media/####/icon_share-1.png
  • /data/media/####/icon_shopcar.png
  • /data/media/####/icon_shopcar_v5.5.png
  • /data/media/####/icon_tip_red.png
  • /data/media/####/imagesloaded.js
  • /data/media/####/imagesloaded.pkgd.js
  • /data/media/####/imagesloaded.pkgd.min.js
  • /data/media/####/img.png
  • /data/media/####/imgIcon.png
  • /data/media/####/index.css
  • /data/media/####/index.html
  • /data/media/####/index_controller-79d5dda627.js
  • /data/media/####/index_controller.js
  • /data/media/####/iscroll-infinite.js
  • /data/media/####/iscroll-lite.js
  • /data/media/####/iscroll-probe.js
  • /data/media/####/iscroll-zoom.js
  • /data/media/####/iscroll.js
  • /data/media/####/iscroll.min.js
  • /data/media/####/itemSelected.png
  • /data/media/####/journal
  • /data/media/####/journal.tmp
  • /data/media/####/jquery-2.1.4.js
  • /data/media/####/jquery-2.1.4.min.js
  • /data/media/####/kefu.png
  • /data/media/####/kefu1.png
  • /data/media/####/kjg.png
  • /data/media/####/kuaLabel.png
  • /data/media/####/kuajinggoubanner.jpg
  • /data/media/####/kuajinggoubanner.png
  • /data/media/####/kuajinggoubanner02.png
  • /data/media/####/kuajinggoubanner1.jpg
  • /data/media/####/kuajinggoutubiao_01.png
  • /data/media/####/kuajinggoutubiao_02.png
  • /data/media/####/kuajinggoutubiao_03.png
  • /data/media/####/kuajinggoutubiao_04.png
  • /data/media/####/l10n.js
  • /data/media/####/label.png
  • /data/media/####/law_header.jpg
  • /data/media/####/lazyload.js
  • /data/media/####/lazyload.min.js
  • /data/media/####/less-1.7.4.min.js
  • /data/media/####/less.png
  • /data/media/####/lessClick.png
  • /data/media/####/line.jpg
  • /data/media/####/line.png
  • /data/media/####/ljq.png
  • /data/media/####/ljqGray.png
  • /data/media/####/loading-icon.gif
  • /data/media/####/loading-small.png
  • /data/media/####/loading-small@2x.png
  • /data/media/####/loadingMore.gif
  • /data/media/####/location.jpg
  • /data/media/####/logo.jpg
  • /data/media/####/ls.db
  • /data/media/####/ls.db-journal
  • /data/media/####/mama100imageloader.js
  • /data/media/####/mama100imageloader.min.js
  • /data/media/####/mama100jsbridge.js
  • /data/media/####/mama100jsbridge.min.js
  • /data/media/####/masonry.pkgd.js
  • /data/media/####/masonry.pkgd.min.js
  • /data/media/####/maternalShopGrade_v1.png
  • /data/media/####/maternalShopGrade_v2.png
  • /data/media/####/maternalShopGrade_v3.png
  • /data/media/####/maternalShopGrade_v4.png
  • /data/media/####/maternalShopGrade_v5.png
  • /data/media/####/mine.png
  • /data/media/####/mobiscroll.custom-2.6.2.min.css
  • /data/media/####/mobiscroll.custom-2.6.2.min.js
  • /data/media/####/moneyTreeIcon.png
  • /data/media/####/more.png
  • /data/media/####/more2.png
  • /data/media/####/moreReply.jpg
  • /data/media/####/msq.png
  • /data/media/####/msqGray.png
  • /data/media/####/mzq.png
  • /data/media/####/mzqGray.png
  • /data/media/####/netWorkStatus.js
  • /data/media/####/noContent.png
  • /data/media/####/noPic_100.png
  • /data/media/####/noPic_400.png
  • /data/media/####/noProduct_100.png
  • /data/media/####/noProduct_230.png
  • /data/media/####/noProduct_350.png
  • /data/media/####/noProduct_400.png
  • /data/media/####/no_start.png
  • /data/media/####/nochoice.png
  • /data/media/####/normalize.css
  • /data/media/####/order.css
  • /data/media/####/order.js
  • /data/media/####/order4.1.css
  • /data/media/####/order_controller.js
  • /data/media/####/order_controller_v6.4.js
  • /data/media/####/order_success_controller.js
  • /data/media/####/page.css
  • /data/media/####/page2.css
  • /data/media/####/pan.png
  • /data/media/####/pay.js
  • /data/media/####/pay_type_alipay_normal.png
  • /data/media/####/pay_type_weixin_normal.png
  • /data/media/####/pdf.js
  • /data/media/####/pdf.worker.js
  • /data/media/####/pic.jpg
  • /data/media/####/pinkage.png
  • /data/media/####/pinpai.png
  • /data/media/####/playBtn.png
  • /data/media/####/pointStat_service.js
  • /data/media/####/product.jpg
  • /data/media/####/product4.1.css
  • /data/media/####/product_default.png
  • /data/media/####/product_list_style.css
  • /data/media/####/product_min_default.png
  • /data/media/####/products_category_v4.1.html
  • /data/media/####/products_category_v4.1.js
  • /data/media/####/products_category_v4.1.manifest
  • /data/media/####/products_detail_controller_v4.1.js
  • /data/media/####/products_detail_controller_v6.4.js
  • /data/media/####/products_detail_v4.1.html
  • /data/media/####/products_detail_v4.1.manifest
  • /data/media/####/products_detail_v4.1_old.html
  • /data/media/####/products_law.html
  • /data/media/####/products_law.js
  • /data/media/####/products_list_controller_v4.1.js
  • /data/media/####/products_list_v4.1.html
  • /data/media/####/products_list_v4.1.manifest
  • /data/media/####/products_tips01.png
  • /data/media/####/protupian.png
  • /data/media/####/province_city.js
  • /data/media/####/qi.png
  • /data/media/####/report.png
  • /data/media/####/reset.css
  • /data/media/####/return.png
  • /data/media/####/right.png
  • /data/media/####/salableProduct.png
  • /data/media/####/saleXJ.png
  • /data/media/####/sale_end.png
  • /data/media/####/sale_out.png
  • /data/media/####/search.png
  • /data/media/####/search_auto_match.html
  • /data/media/####/search_auto_match.js
  • /data/media/####/search_module.css
  • /data/media/####/search_module.html
  • /data/media/####/search_module_controller.js
  • /data/media/####/search_module_result.css
  • /data/media/####/search_module_result.html
  • /data/media/####/search_module_result.js
  • /data/media/####/search_result.css
  • /data/media/####/search_result.html
  • /data/media/####/search_result_controller.js
  • /data/media/####/secondaryToolbarButton-documentProperties.png
  • /data/media/####/secondaryToolbarButton-documentProperties@2x.png
  • /data/media/####/secondaryToolbarButton-firstPage.png
  • /data/media/####/secondaryToolbarButton-firstPage@2x.png
  • /data/media/####/secondaryToolbarButton-handTool.png
  • /data/media/####/secondaryToolbarButton-handTool@2x.png
  • /data/media/####/secondaryToolbarButton-lastPage.png
  • /data/media/####/secondaryToolbarButton-lastPage@2x.png
  • /data/media/####/secondaryToolbarButton-rotateCcw.png
  • /data/media/####/secondaryToolbarButton-rotateCcw@2x.png
  • /data/media/####/secondaryToolbarButton-rotateCw.png
  • /data/media/####/secondaryToolbarButton-rotateCw@2x.png
  • /data/media/####/selectDeliveryWay.html
  • /data/media/####/selectMerchants.html
  • /data/media/####/select_coupon_controller.js
  • /data/media/####/select_pay_controller.js
  • /data/media/####/select_temn_controller.js
  • /data/media/####/sh.png
  • /data/media/####/shadow.png
  • /data/media/####/share-1.png
  • /data/media/####/share.png
  • /data/media/####/shareBtn.png
  • /data/media/####/shareIcon.png
  • /data/media/####/shoppingCart.png
  • /data/media/####/shopping_cart.html
  • /data/media/####/shopping_cart.js
  • /data/media/####/shopping_cart.manifest
  • /data/media/####/shopping_cart.png
  • /data/media/####/shopping_cart_4.0.js
  • /data/media/####/shopping_cart_controller.js
  • /data/media/####/shopping_cart_controller_v6.4.js
  • /data/media/####/shopping_cart_v6.4.html
  • /data/media/####/show_delivery_controller.js
  • /data/media/####/sign.png
  • /data/media/####/sjq.png
  • /data/media/####/sjqGray.png
  • /data/media/####/special_sales.css
  • /data/media/####/special_sales.png
  • /data/media/####/star_0.jpg
  • /data/media/####/star_0.png
  • /data/media/####/star_1.jpg
  • /data/media/####/star_1.png
  • /data/media/####/star_10.jpg
  • /data/media/####/star_10.png
  • /data/media/####/star_2.jpg
  • /data/media/####/star_2.png
  • /data/media/####/star_3.jpg
  • /data/media/####/star_3.png
  • /data/media/####/star_4.jpg
  • /data/media/####/star_4.png
  • /data/media/####/star_5.jpg
  • /data/media/####/star_5.png
  • /data/media/####/star_6.jpg
  • /data/media/####/star_6.png
  • /data/media/####/star_7.jpg
  • /data/media/####/star_7.png
  • /data/media/####/star_8.jpg
  • /data/media/####/star_8.png
  • /data/media/####/star_9.jpg
  • /data/media/####/star_9.png
  • /data/media/####/store.png
  • /data/media/####/storeClassify.png
  • /data/media/####/style-042be12dfa.css
  • /data/media/####/style.css
  • /data/media/####/submit.html
  • /data/media/####/submit.manifest
  • /data/media/####/submit_fail.html
  • /data/media/####/submit_success.html
  • /data/media/####/successfully.png
  • /data/media/####/swiper.css
  • /data/media/####/swiper.js
  • /data/media/####/swiper.min.css
  • /data/media/####/swiper.min.js
  • /data/media/####/t1.png
  • /data/media/####/t2.png
  • /data/media/####/t3.png
  • /data/media/####/t4.png
  • /data/media/####/tanchuan.png
  • /data/media/####/tel.png
  • /data/media/####/test.jpg
  • /data/media/####/test_banner.jpg
  • /data/media/####/texture.png
  • /data/media/####/thq.png
  • /data/media/####/thqGray.png
  • /data/media/####/time.png
  • /data/media/####/timeCount.js
  • /data/media/####/timeCount.min.js
  • /data/media/####/tips.png
  • /data/media/####/tips1.png
  • /data/media/####/toolbarButton-bookmark.png
  • /data/media/####/toolbarButton-bookmark@2x.png
  • /data/media/####/toolbarButton-download.png
  • /data/media/####/toolbarButton-download@2x.png
  • /data/media/####/toolbarButton-menuArrows.png
  • /data/media/####/toolbarButton-menuArrows@2x.png
  • /data/media/####/toolbarButton-openFile.png
  • /data/media/####/toolbarButton-openFile@2x.png
  • /data/media/####/toolbarButton-pageDown-rtl.png
  • /data/media/####/toolbarButton-pageDown-rtl@2x.png
  • /data/media/####/toolbarButton-pageDown.png
  • /data/media/####/toolbarButton-pageDown@2x.png
  • /data/media/####/toolbarButton-pageUp-rtl.png
  • /data/media/####/toolbarButton-pageUp-rtl@2x.png
  • /data/media/####/toolbarButton-pageUp.png
  • /data/media/####/toolbarButton-pageUp@2x.png
  • /data/media/####/toolbarButton-presentationMode.png
  • /data/media/####/toolbarButton-presentationMode@2x.png
  • /data/media/####/toolbarButton-print.png
  • /data/media/####/toolbarButton-print@2x.png
  • /data/media/####/toolbarButton-search.png
  • /data/media/####/toolbarButton-search@2x.png
  • /data/media/####/toolbarButton-secondaryToolbarToggle-rtl.png
  • /data/media/####/toolbarButton-secondaryToolbarToggle-rtl@2x.png
  • /data/media/####/toolbarButton-secondaryToolbarToggle.png
  • /data/media/####/toolbarButton-secondaryToolbarToggle@2x.png
  • /data/media/####/toolbarButton-sidebarToggle-rtl.png
  • /data/media/####/toolbarButton-sidebarToggle-rtl@2x.png
  • /data/media/####/toolbarButton-sidebarToggle.png
  • /data/media/####/toolbarButton-sidebarToggle@2x.png
  • /data/media/####/toolbarButton-viewAttachments.png
  • /data/media/####/toolbarButton-viewAttachments@2x.png
  • /data/media/####/toolbarButton-viewOutline-rtl.png
  • /data/media/####/toolbarButton-viewOutline-rtl@2x.png
  • /data/media/####/toolbarButton-viewOutline.png
  • /data/media/####/toolbarButton-viewOutline@2x.png
  • /data/media/####/toolbarButton-viewThumbnail.png
  • /data/media/####/toolbarButton-viewThumbnail@2x.png
  • /data/media/####/toolbarButton-zoomIn.png
  • /data/media/####/toolbarButton-zoomIn@2x.png
  • /data/media/####/toolbarButton-zoomOut.png
  • /data/media/####/toolbarButton-zoomOut@2x.png
  • /data/media/####/top_message.png
  • /data/media/####/top_message_v5.0.1.png
  • /data/media/####/top_message_v5.5.png
  • /data/media/####/tqq.png
  • /data/media/####/tqqGray.png
  • /data/media/####/treeitem-collapsed-rtl.png
  • /data/media/####/treeitem-collapsed-rtl@2x.png
  • /data/media/####/treeitem-collapsed.png
  • /data/media/####/treeitem-collapsed@2x.png
  • /data/media/####/treeitem-expanded.png
  • /data/media/####/treeitem-expanded@2x.png
  • /data/media/####/trial.png
  • /data/media/####/un_check.png
  • /data/media/####/union_pay.png
  • /data/media/####/universal.js
  • /data/media/####/up.png
  • /data/media/####/upSelected.png
  • /data/media/####/uparro.png
  • /data/media/####/uselessCicleBottom.png
  • /data/media/####/uselessCicleTop.png
  • /data/media/####/userGrade_v1.png
  • /data/media/####/userGrade_v2.png
  • /data/media/####/userGrade_v3.png
  • /data/media/####/userGrade_v4.png
  • /data/media/####/userGrade_v5.png
  • /data/media/####/user_default.png
  • /data/media/####/version.json
  • /data/media/####/version.txt
  • /data/media/####/view.png
  • /data/media/####/viewer.css
  • /data/media/####/viewer.html
  • /data/media/####/viewer.js
  • /data/media/####/voice.png
  • /data/media/####/voiceArrowBlue.png
  • /data/media/####/waring.png
  • /data/media/####/weixin.png
  • /data/media/####/weixin1.png
  • /data/media/####/what_point_01.jpg
  • /data/media/####/what_point_02.jpg
  • /data/media/####/what_point_03.jpg
  • /data/media/####/whitearrow.png
  • /data/media/####/yh.png
  • /data/media/####/yhq.png
  • /data/media/####/yhqGray.png
  • /data/media/####/yinlian.png
  • /data/media/####/yoh.dat
  • /data/media/####/yol.dat
  • /data/media/####/yom.dat
  • /data/media/####/zhifubao.png
  • /data/media/####/zhufubao.png
  • /data/media/####/zkq.png
  • /data/media/####/zkqGray.png
  • /data/media/####/zp.png
Miscellaneous:
Executes next shell scripts:
  • /system/bin/sh -c getprop
  • /system/bin/sh -c getprop ro.aa.romver
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c getprop ro.build.fingerprint
  • /system/bin/sh -c getprop ro.build.nubia.rom.name
  • /system/bin/sh -c getprop ro.build.rom.id
  • /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  • /system/bin/sh -c getprop ro.build.version.emui
  • /system/bin/sh -c getprop ro.build.version.opporom
  • /system/bin/sh -c getprop ro.gn.gnromvernumber
  • /system/bin/sh -c getprop ro.lenovo.series
  • /system/bin/sh -c getprop ro.lewa.version
  • /system/bin/sh -c getprop ro.meizu.product.model
  • /system/bin/sh -c getprop ro.miui.ui.version.name
  • /system/bin/sh -c getprop ro.vivo.os.build.display.id
  • /system/bin/sh -c type su
  • chmod 700 <Package Folder>/tx_shell/libnfix.so
  • chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.2.so
  • chmod 700 <Package Folder>/tx_shell/libufix.so
  • getprop
  • getprop ro.aa.romver
  • getprop ro.board.platform
  • getprop ro.build.fingerprint
  • getprop ro.build.nubia.rom.name
  • getprop ro.build.rom.id
  • getprop ro.build.tyd.kbstyle_version
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.gn.gnromvernumber
  • getprop ro.lenovo.series
  • getprop ro.lewa.version
  • getprop ro.meizu.product.model
  • getprop ro.miui.ui.version.name
  • getprop ro.vivo.os.build.display.id
  • getprop ro.yunos.version
  • logcat -d -v threadtime
Loads the following dynamic libraries:
  • BaiduMapSDK_v3_4_0_1
  • Bugly
  • audioeffect_jni
  • getuiext2
  • hyphenate
  • hyphenate_av
  • hyphenate_av_recorder
  • libnfix
  • libshella-2.9.0.2
  • libufix
  • locSDK3
  • nfix
  • sqlite
  • ufix
  • xsignal_client
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • DES-ECB-PKCS5Padding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-GCM-NoPadding
  • DES-ECB-PKCS5Padding
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about APN settings.
Gains access to information about installed applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android