FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Android.Click.1297

Added to the Dr.Web virus database: 2021-07-13

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Click.345.origin
Contains typical banking trojan/virus code.
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) co####.ssp.adoc####.com:80
  • TCP(HTTP/1.1) c####.zhit####.com:99
  • TCP(HTTP/1.1) api####.quta####.com:80
  • TCP(HTTP/1.1) pco####.ta####.com:80
  • TCP(HTTP/1.1) gd.a.s####.com:80
  • TCP(HTTP/1.1) 1####.zhit####.com:808
  • TCP(HTTP/1.1) 47.1####.211.73:80
  • TCP(HTTP/1.1) p####.api.adoc####.com:80
  • TCP(HTTP/1.1) app.a####.top:80
  • TCP(HTTP/1.1) d####.i####.com:80
  • TCP(HTTP/1.1) u####.a####.top:80
  • TCP(HTTP/1.1) 58.2####.92.50:808
  • TCP(HTTP/1.1) imgsnew####.b0.a####.com:80
  • TCP(HTTP/1.1) img-####.pcon####.com.####.com:80
  • TCP(HTTP/1.1) up-ali-####.b0.a####.com:80
  • TCP(HTTP/1.1) ap####.math####.cn:80
  • TCP(HTTP/1.1) tpy.dspliul####.com:99
  • TCP(HTTP/1.1) filt####.a####.top:80
  • TCP(HTTP/1.1) api.a####.ads####.cn:80
  • TCP(HTTP/1.1) api.yunco####.com:80
  • TCP(HTTP/1.1) t####.a####.top:80
  • TCP(HTTP/1.1) adcha####.bz.m####.com:80
  • TCP(HTTP/1.1) gm.mm####.com:80
  • TCP(HTTP/1.1) w####.pcon####.com.cn:80
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) 1####.zhit####.com:99
  • TCP(HTTP/1.1) c.c####.com:80
  • TCP(HTTP/1.1) 47.1####.185.46:80
  • TCP(HTTP/1.1) newap####.math####.cn:80
  • TCP(HTTP/1.1) www-new####.b0.a####.com:80
  • TCP(HTTP/1.1) c####.jumen####.com:80
  • TCP(HTTP/1.1) res####.a####.top:80
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) id.d####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) 1####.194.220.95:443
  • TCP(TLS/1.0) s.fou####.com:443
  • TCP(TLS/1.0) ne####.x####.com.cn:443
  • TCP(TLS/1.0) js.3con####.com.####.cn:443
  • TCP(TLS/1.0) i####.pcon####.fas####.com:443
  • TCP(TLS/1.0) lhyysdk####.oss-cn-####.aliy####.com:443
  • TCP(TLS/1.0) mg####.pcon####.com.cn:443
  • TCP(TLS/1.0) st####.h####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) p####.pc####.com.cn:443
  • TCP(TLS/1.0) c####.x####.com.####.com:443
  • TCP(TLS/1.0) plat####.api.m####.com:443
  • TCP(TLS/1.0) w.m####.com:443
  • TCP(TLS/1.0) gcc.haowa####.com:443
  • TCP(TLS/1.0) u####.v.bs####.cn:443
  • TCP(TLS/1.0) api.bamenzh####.com:443
  • TCP(TLS/1.0) d####.i####.com:443
  • TCP(TLS/1.0) api.m####.com:443
  • TCP(TLS/1.0) it####.a####.com.####.net:443
  • TCP(TLS/1.0) i####.d####.com:443
  • TCP(TLS/1.0) www.m####.com:443
  • TCP(TLS/1.0) www.pc####.com.####.cn:443
  • TCP(TLS/1.0) c####.pc####.com.cn:443
  • TCP(TLS/1.0) jr.pc####.com.####.cn:443
  • TCP(TLS/1.0) sw4.d####.com:443
  • TCP(TLS/1.0) gm.mm####.com:443
  • TCP(TLS/1.0) api.g####.vip:443
  • TCP(TLS/1.0) s3.h####.com:443
  • TCP(TLS/1.0) a####.d####.com:443
  • TCP(TLS/1.0) ass####.xca####.com.####.com:443
  • TCP(TLS/1.0) c.c####.com:443
  • TCP(TLS/1.0) z.c####.com:443
  • TCP(TLS/1.0) api.fou####.com:443
  • TCP(TLS/1.2) 64.2####.165.94:443
DNS requests:
  • 1####.zhit####.com
  • 10####.admast####.com
  • 603.a####.top
  • 603.a####.top.####.8
  • a####.a####.com
  • a####.d####.com
  • a####.new####.com
  • adcha####.bz.m####.com
  • ap####.math####.cn
  • api####.quta####.com
  • api.a####.ads####.cn
  • api.bamenzh####.com
  • api.fou####.com
  • api.g####.vip
  • api.m####.com
  • api.yunco####.com
  • app.a####.top
  • ass####.xca####.com
  • c####.jumen####.com
  • c####.mm####.com
  • c####.pc####.com.cn
  • c####.x####.com.cn
  • c####.zhit####.com
  • c.c####.com
  • co####.ssp.adoc####.com
  • css.m####.com
  • dup.baidust####.com
  • filt####.a####.top
  • gcc.haowa####.com
  • h####.m####.com
  • hm.b####.com
  • i####.d####.com
  • i####.new####.com
  • i####.pc####.com.cn
  • i####.wt####.com
  • i####.x####.com.cn
  • i.iqt####.com
  • i.iqt####.com.####.8
  • id.d####.com
  • img-####.pcon####.com.cn
  • img.d####.com
  • img.new####.com
  • img.pc####.com.cn
  • ivy.pcon####.com.cn
  • jr.pc####.com.cn
  • js.3con####.com
  • lhyysdk####.oss-cn-####.aliy####.com
  • md####.google####.com
  • mg####.pcon####.com.cn
  • ne####.x####.com.cn
  • newap####.math####.cn
  • p####.api.adoc####.com
  • p####.pc####.com.cn
  • pco####.c####.com
  • plat####.api.m####.com
  • pv.s####.com
  • qdl.d####.com
  • res####.a####.top
  • s####.x####.com.cn
  • s.fou####.com
  • s1.h####.com
  • s23.c####.com
  • s3.h####.com
  • s4.c####.com
  • s5.c####.com
  • s95.c####.com
  • s96.c####.com
  • st####.h####.com
  • sw4.d####.com
  • t####.a####.top
  • tpy.dspliul####.com
  • u####.a####.top
  • v1.c####.com
  • w####.pc####.com.cn
  • w####.pcon####.com.cn
  • w.i####.com
  • w.m####.com
  • wtc.d####.com
  • www.googlet####.com
  • www.m####.com
  • www.new####.com
  • www.pc####.com.cn
  • www.pcon####.com.cn
  • xin.dspliul####.com
  • z2.c####.com
  • z3.c####.com
  • z4.c####.com
  • z6.c####.com
  • z9.c####.com
HTTP GET requests:
  • 1####.zhit####.com:808/1020p/index.html
  • 1####.zhit####.com:808/1020p/yrc_001pc.js
  • 1####.zhit####.com:808/ip
  • 1####.zhit####.com:99/1020yy/index.html
  • 1####.zhit####.com:99/wap/index.html
  • adcha####.bz.m####.com/direct?cc=####
  • ap####.math####.cn/ssp/mgm/task?taskId=####&ip=####
  • api.a####.ads####.cn/thirdparty/sapi/callback?cid=####&adspaceid=####&mc...
  • app.a####.top/anshuaControl.json
  • app.a####.top/api.json
  • app.a####.top/pingpaiAD.json
  • c####.jumen####.com/flow_control.php
  • c####.jumen####.com/init.php
  • c####.zhit####.com:99/newcar/index.html
  • c####.zhit####.com:99/pctja.html
  • c####.zhit####.com:99/wts/index.html?1####
  • c.c####.com/core.php?web_id=####&t=####
  • c.c####.com/stat.php?id=####
  • co####.ssp.adoc####.com/api/v2/SDKActiveConfig?version=####&channelCode=...
  • co####.ssp.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=...
  • co####.ssp.adoc####.com/api/v2/mgmConfig?channelCode=####&version=####
  • co####.ssp.adoc####.com/api/v2/mgmWebviewRatioConfig?channelCode=####&ve...
  • d####.i####.com/iwt/a.gif?url=####&ua=####&uuid=####&sign=####&ts=####
  • filt####.a####.top/filter_control_603.json
  • gd.a.s####.com/cityjson?ie=####
  • gm.mm####.com/9.gif?abc=####&rnd=####
  • img-####.pcon####.com.####.com/images/upload/upc/tx/auto5/1811/20/c87/12...
  • imgsnew####.b0.a####.com/auto/text/css/index.css
  • imgsnew####.b0.a####.com/js/iwt/iwt1.0.1.js
  • p####.api.adoc####.com/ip
  • pco####.ta####.com/app.gif?&cna=####
  • res####.a####.top/LHYY.png
  • res####.a####.top/sdk13_2.png
  • res####.a####.top/sdk16.png
  • res####.a####.top/sdk18.png
  • res####.a####.top/sdk2.png
  • res####.a####.top/sdk24.png
  • t####.a####.top/anshua.json
  • t####.a####.top/req.json
  • tpy.dspliul####.com:99/tpy/index.html
  • u####.a####.top/603.html
  • up-ali-####.b0.a####.com/image/auto/160630/lazyload50.jpg
  • www-new####.b0.a####.com/ina_product/logo/35/
  • www-new####.b0.a####.com/index1.html
  • z.c####.com/stat.htm?id=1260193419&r=http://58.218.67.136:99/wts/index.h...
HTTP POST requests:
  • api####.quta####.com/ads
  • api.a####.ads####.cn/thirdparty/sapi/chn
  • api.yunco####.com/service/rest
  • newap####.math####.cn/titan/monitor/device_info
  • w####.pcon####.com.cn/ip.jsp
File system changes:
Creates the following files:
  • /data/data/####/000f92329a545504_0
  • /data/data/####/004063ba941718da_0
  • /data/data/####/005bb92749461c36_0
  • /data/data/####/01638696e3d717ca_0
  • /data/data/####/019da52529a95048_0
  • /data/data/####/0207dcb911258698_0
  • /data/data/####/02d21e0d1dc3a31e_0
  • /data/data/####/0474860e71667cf0_0
  • /data/data/####/052da7393728e70c_0
  • /data/data/####/052da7393728e70c_1
  • /data/data/####/05386d0addb350f1_0 (deleted)
  • /data/data/####/085299f8d6626f8d_0
  • /data/data/####/086dda190dfc34f0_0
  • /data/data/####/0904dd88a702fb1c_0
  • /data/data/####/0904dd88a702fb1c_1
  • /data/data/####/0b216ff092d76f60_0
  • /data/data/####/0b860f126084d29c_0
  • /data/data/####/0c73a6741abdb558_0
  • /data/data/####/1030bcb99af89902_0
  • /data/data/####/103ca2385f5dfef4_0
  • /data/data/####/10a1d1deb4cdf7f0_0
  • /data/data/####/10a1d1deb4cdf7f0_1
  • /data/data/####/1138e29525139ccb_0
  • /data/data/####/11737bd09be86945_0
  • /data/data/####/1188b4bf8b6129ff_0
  • /data/data/####/118dead3e139c249_0
  • /data/data/####/118dead3e139c249_1
  • /data/data/####/118dead3e139c249_1 (deleted)
  • /data/data/####/13_2.dex
  • /data/data/####/13_2.dex.flock (deleted)
  • /data/data/####/13_2.jar
  • /data/data/####/13e3527bcabb9b9a_0
  • /data/data/####/1463224b7ca13478fb230a1e7d3e9faa.db
  • /data/data/####/14ac0c11e17cb726_0
  • /data/data/####/14fc72dac5d5b53f_0
  • /data/data/####/1528fd31498fa7c1_0
  • /data/data/####/1534297d07aa4150_0 (deleted)
  • /data/data/####/15ef17f67e18c504_0
  • /data/data/####/16.dex
  • /data/data/####/16.dex.flock (deleted)
  • /data/data/####/16.jar
  • /data/data/####/1714af51f380b9f7_0
  • /data/data/####/18.dex
  • /data/data/####/18.dex.flock (deleted)
  • /data/data/####/18.jar
  • /data/data/####/1a27355b2aeffab4_0
  • /data/data/####/1a71676a443b9e28_0
  • /data/data/####/1ca7e8ec37955cda_0
  • /data/data/####/1efe5dcf42ac5511_0
  • /data/data/####/1efe5dcf42ac5511_1
  • /data/data/####/2.dex
  • /data/data/####/2.dex.flock (deleted)
  • /data/data/####/2.jar
  • /data/data/####/22fe78fb0a6f6ae4_0
  • /data/data/####/231165c9e5242113_0
  • /data/data/####/23d2e1417887a804_0
  • /data/data/####/24.dex
  • /data/data/####/24.dex.flock (deleted)
  • /data/data/####/24.jar
  • /data/data/####/248225e83776c180_0
  • /data/data/####/2565dd014d877cb3_0
  • /data/data/####/2704aaeef4eeb65c_0
  • /data/data/####/27d7b79acba9d88c_0
  • /data/data/####/27dac8705e581c47_0 (deleted)
  • /data/data/####/27f95546493dd03b_0
  • /data/data/####/289c742cb05b91e9_0
  • /data/data/####/289c742cb05b91e9_1
  • /data/data/####/2acd9e7703ca2a0c_0
  • /data/data/####/2b2af5d1bc8d24ae_0
  • /data/data/####/2b4ff8d5552fa07d_0
  • /data/data/####/2b957224eda82762_0
  • /data/data/####/2c009e98f573c81e_0
  • /data/data/####/2c009e98f573c81e_1
  • /data/data/####/2c2ec79e71877e90_0
  • /data/data/####/2c8aee03a308f1dc_0
  • /data/data/####/2d7f4ca6cb5ae834_0
  • /data/data/####/2de8e63f024d319e_0
  • /data/data/####/2df26fd8296078c4_0
  • /data/data/####/2fc33fe21cdd6ca5_0
  • /data/data/####/30a06e7987f02341_0
  • /data/data/####/30ca67afa67fdd9e_0
  • /data/data/####/30ca67afa67fdd9e_1
  • /data/data/####/32363b24414e7d62_0
  • /data/data/####/3236707ab33bbec7_0
  • /data/data/####/32399f2428f3dc4c_0
  • /data/data/####/32ce07365dba1fa2_0
  • /data/data/####/3460eba35b19d564_0
  • /data/data/####/34b837715d4aa526_0
  • /data/data/####/3659bfd70664500d_0
  • /data/data/####/368329eed6ed9768_0
  • /data/data/####/37afbb7ac428e4b4_0
  • /data/data/####/38a3f4dfa9cd6126_0
  • /data/data/####/38a3f4dfa9cd6126_1
  • /data/data/####/390be207301ba836_0
  • /data/data/####/390be207301ba836_1
  • /data/data/####/3958cf0c4b195f4c_0
  • /data/data/####/3a4c42767e29c6b6_0
  • /data/data/####/3c5b9524dfdec8cb_0
  • /data/data/####/3c5b9524dfdec8cb_1
  • /data/data/####/3c661c65b5e844a2_0
  • /data/data/####/3d4e8f179ad96e9f_0
  • /data/data/####/3e00b748f92e87ec_0
  • /data/data/####/3e00b748f92e87ec_1
  • /data/data/####/3e062b30cd11457e_0 (deleted)
  • /data/data/####/3ecc060b4f8f2e1d_0
  • /data/data/####/3f89e20e711071d3_0
  • /data/data/####/40e126d0be410ae4_0
  • /data/data/####/40e126d0be410ae4_1
  • /data/data/####/424961eba0ff4faf_0
  • /data/data/####/43188e4c7f5bbfa5_0
  • /data/data/####/43188e4c7f5bbfa5_1
  • /data/data/####/431f3523138508c9_0
  • /data/data/####/43aa360455e1dc27_0
  • /data/data/####/43c135500a0372f5_0
  • /data/data/####/441681f9d08bfcf0_0
  • /data/data/####/441681f9d08bfcf0_1
  • /data/data/####/48007238f1d60d61_0
  • /data/data/####/48b2e18dc15bbded_0
  • /data/data/####/491fc489ca5c09e2_0
  • /data/data/####/491fc489ca5c09e2_1
  • /data/data/####/49878556b0be133d_0
  • /data/data/####/4aa200d86c7e98d2_0
  • /data/data/####/4b2ec3e245f58a21_0
  • /data/data/####/4b2ec3e245f58a21_1
  • /data/data/####/4ba0a4eb5b1710e6_0
  • /data/data/####/4cb33609d6404c58_0
  • /data/data/####/4cbf5ae1f47a8c8b_0
  • /data/data/####/4e8f1d61de167729_0 (deleted)
  • /data/data/####/500a1541447b6b6456a0cc20194821af.db
  • /data/data/####/50e8def63ad9bed1_0
  • /data/data/####/50e8def63ad9bed1_1
  • /data/data/####/5127fc73890942ea_0
  • /data/data/####/51830ac17fff9ecc_0
  • /data/data/####/51830ac17fff9ecc_1
  • /data/data/####/530d76d895cc5844_0
  • /data/data/####/53a581cdaf97f7c0_0 (deleted)
  • /data/data/####/5555b7d89bbdb864_0
  • /data/data/####/55ef63ca80bf8008_0
  • /data/data/####/570ad6b43a1a3e8f_0
  • /data/data/####/570ad6b43a1a3e8f_1
  • /data/data/####/571820e6b1dc3aa9_0
  • /data/data/####/57aa596351312a69_0
  • /data/data/####/58837f87a0bc315b_0
  • /data/data/####/58837f87a0bc315b_1
  • /data/data/####/5896f9015cdeebcf_0
  • /data/data/####/59d103a390634512_0
  • /data/data/####/59d103a390634512_1
  • /data/data/####/59d5a47e598e177f528cf129f0d8998d.db
  • /data/data/####/5bdc79785c518683_0
  • /data/data/####/5be75bf740e81a8c_0
  • /data/data/####/5be75bf740e81a8c_1
  • /data/data/####/5c2a23ff7e29734d_0
  • /data/data/####/5c60b876249062e7_0
  • /data/data/####/5e2924653cf56419_0
  • /data/data/####/5ee34b61bf04d841_0
  • /data/data/####/5f9072093ac19ce6_0
  • /data/data/####/6073b22cec95ccc7_0
  • /data/data/####/61a75c3c08de96d8_0
  • /data/data/####/61c490d6d27b31f6_0
  • /data/data/####/61c490d6d27b31f6_1
  • /data/data/####/63ab8653c0421470_0 (deleted)
  • /data/data/####/640a2962e32fd15b_0
  • /data/data/####/65674a7edd86f6d0_0
  • /data/data/####/662952d0be7e63d7_0 (deleted)
  • /data/data/####/68525aca86d6d82f_0
  • /data/data/####/6b1b7859e20c2ee1_0
  • /data/data/####/6c21fb7e93d42b1a_0
  • /data/data/####/6df6c637b6dade71_0
  • /data/data/####/6eb7180358616cc4_0
  • /data/data/####/6f16481a93582380_0
  • /data/data/####/703827f10f565f0a_0
  • /data/data/####/7123828dace3445b_0
  • /data/data/####/7123828dace3445b_1
  • /data/data/####/72022d3d0dc39944_0
  • /data/data/####/724103452ee0114d_0
  • /data/data/####/74a2e7bbcf90778c_0
  • /data/data/####/74eef704d01149f7_0
  • /data/data/####/75e4899936bc416b_0
  • /data/data/####/76e2218b30ad1d7a_0
  • /data/data/####/77d2cef917da2d05_0
  • /data/data/####/78dce85cfbe8a8fb_0
  • /data/data/####/7a945505ca15b938_0
  • /data/data/####/7b2cd72332043296_0 (deleted)
  • /data/data/####/7b6892e660426cfd_0
  • /data/data/####/7b6892e660426cfd_1
  • /data/data/####/7c99b6955eb2950a_0
  • /data/data/####/7e4d2a4937a371e9_0
  • /data/data/####/7f6af636b9e2c447_0
  • /data/data/####/80555375ad7a8cee_0
  • /data/data/####/80555375ad7a8cee_1
  • /data/data/####/805c50dfaeba6e18_0
  • /data/data/####/80f690d169f3edc2_0
  • /data/data/####/8383b2bc97a35e4f_0
  • /data/data/####/85755035a8603666_0
  • /data/data/####/87d8eb2aebca5638_0
  • /data/data/####/884bac09dbe14a98_0
  • /data/data/####/8a715f802941746e43b3e0f32694c5ae.db
  • /data/data/####/8be546bf03ddce82_0
  • /data/data/####/8d292da60ccfddeb_0
  • /data/data/####/8d2d43ffd8d27830_0 (deleted)
  • /data/data/####/8d3c6f1c7a4d3dc9_0
  • /data/data/####/9207d62d18a4ad73_0
  • /data/data/####/923d32ae6c25f2b7_0
  • /data/data/####/923d32ae6c25f2b7_1
  • /data/data/####/93ccabe1d4aa0c2e_0
  • /data/data/####/9499c51f9646de03_0
  • /data/data/####/956e1a5661646e65_0
  • /data/data/####/96395d084dd2f43b_0
  • /data/data/####/96395d084dd2f43b_1
  • /data/data/####/96f65ed5af8b99cb_0
  • /data/data/####/984c804183a2cf79_0
  • /data/data/####/985958d976619751_0
  • /data/data/####/985958d976619751_1
  • /data/data/####/9a06bf0d708ed529_0
  • /data/data/####/9a51ae6b891c1205_0
  • /data/data/####/9aece802aff71572_0
  • /data/data/####/9cdf8e397c1dc061_0
  • /data/data/####/9cdf8e397c1dc061_1
  • /data/data/####/9dcc5fcb6db12714_0
  • /data/data/####/9ef98f07e8de0ef4_0
  • /data/data/####/9ef98f07e8de0ef4_1
  • /data/data/####/9fad711986569c86_0
  • /data/data/####/BmCloudPlugin.apk
  • /data/data/####/BmCloudPlugin.dex
  • /data/data/####/BmCloudPlugin.dex.flock (deleted)
  • /data/data/####/Cookies-journal
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/XkdjsIx132mMcomm.xml
  • /data/data/####/XkdjsIx132mMskey1.xml
  • /data/data/####/XkdjsIx132mMtasks.xml
  • /data/data/####/a11ec3ac7a92029c_0
  • /data/data/####/a1fd7c3272b09c56_0
  • /data/data/####/a2b1bf2e2f0b1d2f_0
  • /data/data/####/a2b1bf2e2f0b1d2f_1
  • /data/data/####/a32ce5ffc7fc0e10_0
  • /data/data/####/a32ce5ffc7fc0e10_1
  • /data/data/####/a3b5947d808f1622_0
  • /data/data/####/a4413f2aa572ae67_0
  • /data/data/####/a4413f2aa572ae67_1
  • /data/data/####/a4e24c45beb2f915_0
  • /data/data/####/a59b3d89700d03d3_0
  • /data/data/####/a5dcd5e747e88e99_0
  • /data/data/####/a7680e75c1e6f018_0
  • /data/data/####/a8fda075f57a20ae_0
  • /data/data/####/a9127089a69efa47_0
  • /data/data/####/a94a6f0715bee864_0
  • /data/data/####/aa42fae6e714f296_0
  • /data/data/####/aabd5a60157972d1_0
  • /data/data/####/abe0364c43456db2_0
  • /data/data/####/ad46526e47a1e850_0
  • /data/data/####/ad46526e47a1e850_1
  • /data/data/####/ad4c6a629b7ac099_0
  • /data/data/####/ad6ffd6294e6d642_0 (deleted)
  • /data/data/####/ae45a635e6975cf7_0
  • /data/data/####/af459dbfc7f332ba_0
  • /data/data/####/ahq_spu_ti.xml
  • /data/data/####/b1500ea2356ec553_0
  • /data/data/####/b1500ea2356ec553_1
  • /data/data/####/b2460a46af4e6b6b_0
  • /data/data/####/b57134053d2b8fe0_0
  • /data/data/####/b5a490ef70c2ecf8_0
  • /data/data/####/b5ac80334e6e0b1e_0
  • /data/data/####/b704bc6006131134_0
  • /data/data/####/b716dea34989f43b_0
  • /data/data/####/b75058728ee5d442_0
  • /data/data/####/b75058728ee5d442_1
  • /data/data/####/b8356b7aea7615b3_0
  • /data/data/####/bab743a2ed4b1924_0
  • /data/data/####/baf01dbfc1d590b6_0
  • /data/data/####/baf01dbfc1d590b6_1
  • /data/data/####/bb49952bc7cc1081_0
  • /data/data/####/bbe4ee5f2ab83dcd_0
  • /data/data/####/bbe4ee5f2ab83dcd_1
  • /data/data/####/bc1e60581d0f0a2c_0
  • /data/data/####/bce3070284f2c280_0
  • /data/data/####/bd47aeb01457128d_0
  • /data/data/####/bd47aeb01457128d_1
  • /data/data/####/be34ff59610e630b_0
  • /data/data/####/bfb4bc636091c364_0
  • /data/data/####/bm_sp_file.xml
  • /data/data/####/c05507fe881eed5f_0
  • /data/data/####/c05507fe881eed5f_1
  • /data/data/####/c1cd883325f451e8_0
  • /data/data/####/c2c7d029b37a9446_0
  • /data/data/####/c4488da5e31b08d2_0
  • /data/data/####/c58499f2c088385e_0
  • /data/data/####/c5c3b27db18763fa_0
  • /data/data/####/c5c3b27db18763fa_1
  • /data/data/####/c65c9f315f2d5904_0
  • /data/data/####/c68805fae1acfb93_0
  • /data/data/####/c6be26af0d95cf76_0
  • /data/data/####/c76137d46d4ee434_0
  • /data/data/####/c7ce1868366f1643_0
  • /data/data/####/c82b3d7888ca20ee_0
  • /data/data/####/c82b3d7888ca20ee_1
  • /data/data/####/c92c9ccc17b14098_0
  • /data/data/####/cb4fe77d7f247e2c_0
  • /data/data/####/cc34bd00e13b9c34_0
  • /data/data/####/cc34bd00e13b9c34_1
  • /data/data/####/cc5ecd22d7fb3157_0
  • /data/data/####/cd6f4a72c3a838a0_0
  • /data/data/####/cd6f4a72c3a838a0_1
  • /data/data/####/com.joycity.warshipbattle.qihoo_preferences.xml
  • /data/data/####/countIp.xml
  • /data/data/####/d07444cce2869831_0
  • /data/data/####/d119490a6becf284_0
  • /data/data/####/d119490a6becf284_1
  • /data/data/####/d28833403bca6b75_0
  • /data/data/####/d37e7b46a8d18416_0
  • /data/data/####/d37e7b46a8d18416_1
  • /data/data/####/d4158f5934faeaca_0
  • /data/data/####/d4219fff9a178666_0
  • /data/data/####/d54ce578422db6d7_0
  • /data/data/####/d66fd7d9b7285406_0
  • /data/data/####/d6abf5061d55d220_0
  • /data/data/####/d952ff91f27e44a2_0 (deleted)
  • /data/data/####/d9c6332479d09b64_0
  • /data/data/####/da16f7c07344520b_0
  • /data/data/####/da16f7c07344520b_1
  • /data/data/####/dbf59e42573b233e_0
  • /data/data/####/dbf59e42573b233e_1
  • /data/data/####/dc789e21da569e11_0
  • /data/data/####/dc789e21da569e11_1
  • /data/data/####/dce3e65cb2a3ba0e_0
  • /data/data/####/dce3e65cb2a3ba0e_1
  • /data/data/####/de1038af3d850c48_0
  • /data/data/####/de1038af3d850c48_1
  • /data/data/####/dfd19d431009d9da_0
  • /data/data/####/e08e86d84c7daea2_0
  • /data/data/####/e1d1b3ce343e43c8ac97700d4a9f3042.db
  • /data/data/####/e25825b644abd298_0
  • /data/data/####/e27f5cb830028b82_0
  • /data/data/####/e27f5cb830028b82_1
  • /data/data/####/e3e05ba914da625d_0
  • /data/data/####/e452af701067985b_0
  • /data/data/####/e49cb469403343d9_0
  • /data/data/####/e5a597941d348366_0
  • /data/data/####/e6a8401dc1604b64_0
  • /data/data/####/e7aeec34673c3ecb_0
  • /data/data/####/e7c7876741a4d753_0
  • /data/data/####/e8806c393c212628_0
  • /data/data/####/e93be22e39205ca4_0
  • /data/data/####/ea2c0d4cd980c6e0_0
  • /data/data/####/ea94021f2ffc9186_0
  • /data/data/####/eb4181b5622e9931_0 (deleted)
  • /data/data/####/ebbfff48e9efa795_0
  • /data/data/####/eda8abb60a8d2d18_0
  • /data/data/####/ee497c9f4f3d9af8_0
  • /data/data/####/ee497c9f4f3d9af8_1
  • /data/data/####/eec18f1b0c5aad5a_0
  • /data/data/####/ef3c178b16b5d90c_0
  • /data/data/####/ef3c178b16b5d90c_1
  • /data/data/####/ef65312d917c2c1b_0
  • /data/data/####/ef8577d81c3b55fe_0
  • /data/data/####/efe0232fcaa5e56d_0
  • /data/data/####/efe0232fcaa5e56d_1
  • /data/data/####/efff4a2e5cf1ffa4_0
  • /data/data/####/f0f77e7b96cc8c01_0
  • /data/data/####/f23aecb60a112dd5_0
  • /data/data/####/f2447ec426b36518_0
  • /data/data/####/f26005bf558319ec_0
  • /data/data/####/f3b10db176b0debe_0
  • /data/data/####/f45b4dbeed82eb07_0
  • /data/data/####/f65795d41f59b6c5_0
  • /data/data/####/fa5a705d86c7262b_0
  • /data/data/####/fb824fae5c0b3267_0
  • /data/data/####/fb824fae5c0b3267_1
  • /data/data/####/fbd9c261bbbd9d93_0
  • /data/data/####/ffa3015b13d53234_0
  • /data/data/####/http_1020p.zhitouip.com_808.localstorage-journal
  • /data/data/####/http_1020yy.admasterto.com_99.localstorage-journal
  • /data/data/####/http_www.news18a.com_0.localstorage-journal
  • /data/data/####/https_cheku.xcar.com.cn_0.localstorage-journal
  • /data/data/####/https_sw4.duoyi.com_0.localstorage-journal
  • /data/data/####/https_w.mgtv.com_0.localstorage-journal
  • /data/data/####/index
  • /data/data/####/jokeFile.xml
  • /data/data/####/metrics_guid
  • /data/data/####/proc_auxv
  • /data/data/####/spu_gz.xml
  • /data/data/####/tempAssets.apk
  • /data/data/####/the-real-index
  • /data/data/####/tmp.img
  • /data/data/####/umengDB.db
  • /data/data/####/umengDB.dex
  • /data/data/####/umengDB.dex.flock (deleted)
  • /data/data/####/umengDB.jar
  • /data/media/####/.jokeID
  • /data/media/####/ad.png
  • /data/media/####/s.bin
  • /data/misc/####/primary.prof
Miscellaneous:
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • DES
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play