FÜR NUTZER

Meine Bibliothek
Meine Bibliothek

Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Adware.Gexin.23257

Added to the Dr.Web virus database: 2023-04-07

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) l####.tbs.qq.com:80
  • TCP(HTTP/1.1) g####.gif####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(TLS/1.0) loc.map.b####.com:443
  • TCP(TLS/1.0) p####.ad####.com.####.com:443
  • TCP(TLS/1.0) g####.gif####.com:443
  • TCP(TLS/1.0) digital####.google####.com:443
  • TCP(TLS/1.0) tx.a.k####.####.com:443
  • TCP(TLS/1.0) t####.m.qq.com:443
  • TCP(TLS/1.0) tnc3-b####.ziji####.com.####.com:443
  • TCP(TLS/1.0) api-ac####.pangoli####.com.####.net:443
  • TCP(TLS/1.0) s####.e.qq.com:443
  • TCP(TLS/1.0) dc.si####.cn:443
  • TCP(TLS/1.0) 74.1####.205.95:443
  • TCP(TLS/1.0) 1####.177.14.95:443
  • TCP(TLS/1.0) qzs.gd####.com.####.com:443
  • TCP(TLS/1.0) sf3-fe####.pglstat####.com.####.com:443
  • TCP(TLS/1.0) 1####.250.150.94:443
  • TCP(TLS/1.0) o####.e.kuai####.com:443
  • TCP(TLS/1.0) u####.u####.com:443
  • TCP(TLS/1.0) st####.yx####.com.####.net:443
  • TCP(TLS/1.0) ap####.uc.cn:443
  • TCP(TLS/1.0) rr12---####.g####.com:443
  • TCP(TLS/1.0) api.map.b####.com:443
  • TCP(TLS/1.0) mi.g####.qq.com:443
  • TCP(TLS/1.0) lf6-ad-####.pglstat####.com.####.com:443
  • TCP(TLS/1.0) o####.map.b####.com:443
  • TCP(TLS/1.0) adser####.si####.cn:443
  • TCP(TLS/1.0) dm.tou####.com.####.com:443
  • TCP(TLS/1.2) 1####.250.150.94:443
  • TCP(TLS/1.2) digital####.google####.com:443
  • TCP(TLS/1.2) 1####.194.222.138:443
  • TCP(TLS/1.2) 1####.177.14.95:443
  • TCP dm.tou####.com.####.com:443
  • TCP api.wenyuan####.com.cn:443
DNS requests:
  • adser####.si####.cn
  • and####.b####.qq.com
  • ap####.uc.cn
  • api-ac####.pangoli####.com
  • api.map.b####.com
  • api.wenyuan####.com.cn
  • dc.si####.cn
  • digital####.google####.com
  • dm.tou####.com
  • g####.gif####.com
  • gro####.pangoli####.com
  • l####.tbs.qq.com
  • lf6-ad-####.pglstat####.com
  • loc.map.b####.com
  • log####.pangoli####.com
  • mi.g####.qq.com
  • o####.e.kuai####.com
  • o####.map.b####.com
  • p####.ad####.com
  • p####.adu####.com
  • p1.ad####.com
  • qzs.gd####.com
  • rr12---####.g####.com
  • s####.e.qq.com
  • sf3-fe####.pglstat####.com
  • st####.yx####.com
  • t####.m.qq.com
  • tnc3-b####.ziji####.com
  • to####.ctobsn####.com
  • tx.a.k####.com
  • u####.u####.com
  • ulog####.gif####.com
  • zt.gif####.com
HTTP GET requests:
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220302-151536-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220317-170318-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220526-181903-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220526-181909-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220615-162507-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220630-143109-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220916-102638-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20220916-102642-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20221205-110412-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20221214-172826-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230104-112230-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230301-003842-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230314-171252-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/hybrid-zip/20230327-171546-a...
  • p####.ad####.com.####.com:443/kos/nlav11213/polyfill/20230309-115814-ts-...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220215-172837-radar-...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220301-190615-log.br...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220322-113729-favico...
  • p####.ad####.com.####.com:443/kos/nlav11213/radar/20220324-105734-radar-...
  • p####.ad####.com.####.com:443/kos/nlav11213/supercard-zip/20220829-16043...
  • p####.ad####.com.####.com:443/kos/nlav11213/supercard-zip/20221010-18070...
  • st####.yx####.com.####.net:443/udata/pkg/KS-Android-KSAdSDk/offline_comp...
  • tx.a.k####.####.com:443/bs2/antispamWeaponApk/0981106345f4bacd15295b07b8...
HTTP POST requests:
  • and####.b####.qq.com/rqd/async?aid=####
  • ap####.uc.cn:443/collect?chk=####&vno=####&uuid=####&app=####&enc=####
  • api-ac####.pangoli####.com.####.net:443/api/ad/union/mediation/config/
  • dc.si####.cn:443/log?appId=####&sdkVersion=####
  • dm.tou####.com.####.com:443/service/2/abtest_config/?device_platform=####
  • dm.tou####.com.####.com:443/service/2/device_register_only/?aid=####&tt_...
  • dm.tou####.com.####.com:443/service/2/log_settings/?device_platform=####
  • g####.gif####.com/r/t/h?timestamp=####&secretkey=####&appkey=####&sign=#...
  • g####.gif####.com:443/f/a/p?timestamp=####&secretkey=####&appkey=####&si...
  • g####.gif####.com:443/rest/infra/gdfp/a/q?timestamp=####&secretkey=####&...
  • g####.gif####.com:443/x/f/g?timestamp=####&secretkey=####&appkey=####&si...
  • l####.tbs.qq.com/ajax?c=####&k=####
  • o####.e.kuai####.com:443/rest/e/v3/open/config
  • o####.e.kuai####.com:443/rest/e/v3/open/logBatch
  • o####.e.kuai####.com:443/rest/e/v3/open/sdk2
  • u####.u####.com:443/unify_logs
  • u####.u####.com:443/zcfg
File system changes:
Creates the following files:
  • /data/data/####/.fsgkea
  • /data/data/####/.imprint
  • /data/data/####/.jg.ac
  • /data/data/####/.jg.ri
  • /data/data/####/.jg.store.report_cf
  • /data/data/####/.jg.store.report_pid
  • /data/data/####/.o_a
  • /data/data/####/.old_file_converted
  • /data/data/####/.t.log
  • /data/data/####/.turing.dat
  • /data/data/####/1004
  • /data/data/####/105498_au_1
  • /data/data/####/14
  • /data/data/####/2-6.1.1.tmp
  • /data/data/####/2-6.1.1.zip
  • /data/data/####/20220215-172837-radar-test.js.zip
  • /data/data/####/20220215-172837-radar-test.js.zip.temp
  • /data/data/####/20220301-190615-log.browser-full.min.js.zip
  • /data/data/####/20220301-190615-log.browser-full.min.js.zip.temp
  • /data/data/####/20220302-151536-ad-union-video-banner.zip.temp
  • /data/data/####/20220302-151536-ad-union-video-banner.zip168081...leted)
  • /data/data/####/20220317-170318-ad-union-video-draw.zip
  • /data/data/####/20220317-170318-ad-union-video-draw.zip.temp
  • /data/data/####/20220322-113729-favicon.ico.zip.temp
  • /data/data/####/20220324-105734-radar-master.js.zip
  • /data/data/####/20220324-105734-radar-master.js.zip.temp
  • /data/data/####/20220526-181903-ad-union-feed-template.zip
  • /data/data/####/20220526-181903-ad-union-feed-template.zip.temp
  • /data/data/####/20220526-181909-ad-union-feed-template.zip.temp
  • /data/data/####/20220615-162507-ad-union-video-banner.zip.temp
  • /data/data/####/20220615-162507-ad-union-video-black-style.zip.temp
  • /data/data/####/20220630-143109-ad-union-stimulate-video-page.zip.temp
  • /data/data/####/20220829-160433-AdIcon-index.zip
  • /data/data/####/20220829-160433-AdIcon-index.zip.temp
  • /data/data/####/20220829-160433-AppIcon-index.zip
  • /data/data/####/20220829-160433-AppIcon-index.zip.temp
  • /data/data/####/20220829-160433-Button-index.zip.temp
  • /data/data/####/20220829-160433-Card-index.zip
  • /data/data/####/20220829-160433-Card-index.zip.temp
  • /data/data/####/20220829-160433-CloseButton-index.zip
  • /data/data/####/20220829-160433-CloseButton-index.zip.temp
  • /data/data/####/20220829-160433-Container-index.zip.temp
  • /data/data/####/20220829-160433-Des-index.zip
  • /data/data/####/20220829-160433-Des-index.zip.temp
  • /data/data/####/20220829-160433-DownloadCount-index.zip.temp
  • /data/data/####/20220829-160433-Hand-index.zip.temp
  • /data/data/####/20220829-160433-Image-index.zip.temp
  • /data/data/####/20220829-160433-PermissionInfo-index.zip
  • /data/data/####/20220829-160433-PermissionInfo-index.zip.temp
  • /data/data/####/20220829-160433-Shake-index.zip
  • /data/data/####/20220829-160433-Shake-index.zip.temp
  • /data/data/####/20220829-160433-Star-index.zip.temp
  • /data/data/####/20220829-160433-Tags-index.zip.temp
  • /data/data/####/20220829-160433-Title-index.zip
  • /data/data/####/20220829-160433-Title-index.zip.temp
  • /data/data/####/20220829-160433-Video-index.zip.temp
  • /data/data/####/20220916-102636-ad-union-interstitial.zip
  • /data/data/####/20220916-102636-ad-union-interstitial.zip.temp
  • /data/data/####/20220916-102638-ad-union-download-confirm.zip.temp
  • /data/data/####/20220916-102638-ad-union-download-popup.zip
  • /data/data/####/20220916-102638-ad-union-download-popup.zip.temp
  • /data/data/####/20220916-102638-ad-union-middle-page.zip.temp
  • /data/data/####/20220916-102642-ad-union-live-order-small-button.zip
  • /data/data/####/20220916-102642-ad-union-live-order-small-button.zip.temp
  • /data/data/####/20220916-102642-ad-union-live-order-top-avatar.zip
  • /data/data/####/20220916-102642-ad-union-live-order-top-avatar.zip.temp
  • /data/data/####/20221010-180701-bridge.zip
  • /data/data/####/20221010-180701-bridge.zip.temp
  • /data/data/####/20221010-180701-img.zip.temp
  • /data/data/####/20221010-180701-img.zip1680819816516 (deleted)
  • /data/data/####/20221010-180701-indexHtml.zip
  • /data/data/####/20221010-180701-indexHtml.zip.temp
  • /data/data/####/20221010-180701-pubilc.zip
  • /data/data/####/20221010-180701-pubilc.zip.temp
  • /data/data/####/20221010-180701-runtime.zip
  • /data/data/####/20221010-180701-runtime.zip.temp
  • /data/data/####/20221010-180701-vendor.zip
  • /data/data/####/20221010-180701-vendor.zip.temp
  • /data/data/####/20221205-110412-ad-union-stimulate-backflow.zip
  • /data/data/####/20221205-110412-ad-union-stimulate-backflow.zip.temp
  • /data/data/####/20221205-110412-ad-union-video-action-bar-times.zip
  • /data/data/####/20221205-110412-ad-union-video-action-bar-times.zip.temp
  • /data/data/####/20221205-110412-ad-union-video-action-bar.zip.temp
  • /data/data/####/20221205-110412-ad-union-video-action-layout-big.zip
  • /data/data/####/20221205-110412-ad-union-video-action-layout-big.zip.temp
  • /data/data/####/20221205-110412-ad-union-video-action-layout-sam.zip
  • /data/data/####/20221205-110412-ad-union-video-action-layout-sam.zip.temp
  • /data/data/####/20221205-110412-ad-union-video-banner.zip
  • /data/data/####/20221205-110412-ad-union-video-banner.zip.temp
  • /data/data/####/20221214-172826-ad-union-splash-page.zip.temp
  • /data/data/####/20230104-112230-ad-union-live-order-left-avatar.zip.temp
  • /data/data/####/20230209-161202-ad-union-splash-page-v1.zip
  • /data/data/####/20230209-161202-ad-union-splash-page-v1.zip.temp
  • /data/data/####/20230301-003842-ad-union-end-card.zip
  • /data/data/####/20230301-003842-ad-union-end-card.zip.temp
  • /data/data/####/20230309-115814-ts-polyfill.min.js.zip
  • /data/data/####/20230309-115814-ts-polyfill.min.js.zip.temp
  • /data/data/####/20230314-171252-ad-union-end-card.zip
  • /data/data/####/20230314-171252-ad-union-end-card.zip.temp
  • /data/data/####/20230327-171546-ad-union-feed-template.zip
  • /data/data/####/20230327-171546-ad-union-feed-template.zip.temp
  • /data/data/####/269d35aa34018e840d6f5183f52c9d58.tmp
  • /data/data/####/3609.yaqcookie
  • /data/data/####/4cb8e5d7cf5299dd8c52b3c53a3383b5_0
  • /data/data/####/7bf3d9f3041db08e1b89a2bd898ad37d.tmp
  • /data/data/####/83f646cdaa984917b8b8644e890d9c6d.tmp
  • /data/data/####/BuglySdkInfos.xml
  • /data/data/####/GDTSDK.db
  • /data/data/####/GDTSDK.db-journal
  • /data/data/####/LOCAL_APP_STATUS_RULES_JSON
  • /data/data/####/LaunchTime-2023.04.07.01.23.59-FileCreateTime-2...pp.log
  • /data/data/####/REHTAEW0YW0MOC.st
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a574838693ecb3ece22aa26c18e42f03.tmp
  • /data/data/####/acbd.xml
  • /data/data/####/acbd.xml.bak (deleted)
  • /data/data/####/app.mmap
  • /data/data/####/ativm
  • /data/data/####/authStatus_com.wy.weather;remote.xml
  • /data/data/####/base-1.apk
  • /data/data/####/base-1.dex
  • /data/data/####/base-1.dex.flock (deleted)
  • /data/data/####/bd_embed_m_log.db-journal
  • /data/data/####/bg_ksad_playend_dialog.png
  • /data/data/####/btHyhzirHJVI (deleted)
  • /data/data/####/bugly_db_-journal
  • /data/data/####/cdt.wa
  • /data/data/####/classes.dex
  • /data/data/####/classes.dex;classes2.dex
  • /data/data/####/classes.dex;classes3.dex
  • /data/data/####/classes.dex;classes4.dex
  • /data/data/####/classes.dex;classes5.dex
  • /data/data/####/classes.dex;classes6.dex
  • /data/data/####/classes.dex;classes7.dex
  • /data/data/####/classes.oat
  • /data/data/####/com.Sigmob.settings.identifier.xml
  • /data/data/####/com.byted.pangle.apk
  • /data/data/####/com.qq.e.sdkconfig.xml
  • /data/data/####/com.wind.Settings.xml
  • /data/data/####/com.wy.weather_preferences.xml
  • /data/data/####/com.wy.weather_preferences.xml.bak
  • /data/data/####/config
  • /data/data/####/core_info
  • /data/data/####/cr.wa
  • /data/data/####/crashrecord.xml
  • /data/data/####/dc5c03c747089533e7cb1aa38a543264-49c99a9dd9184f...08.apk
  • /data/data/####/dc5c03c747089533e7cb1aa38a543264-49c99a9dd9184f...8.conf
  • /data/data/####/dd497e4dba39ff5baf6c2274df64d2b1
  • /data/data/####/dd497e4dba39ff5baf6c2274df64d2b1_0
  • /data/data/####/devCloudSetting.cfg
  • /data/data/####/devCloudSetting.sig
  • /data/data/####/download_upload
  • /data/data/####/dt.wa
  • /data/data/####/eed82fc654e4236291541d38ba9915b4.tmp
  • /data/data/####/embed_applog_stats.xml
  • /data/data/####/embed_header_custom.xml
  • /data/data/####/eoutYidomAMX (deleted)
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/firll.dat
  • /data/data/####/freqctl_102239080.xml
  • /data/data/####/freqctl_102239081.xml
  • /data/data/####/freqctl_102239628.xml
  • /data/data/####/freqctl_102239648.xml
  • /data/data/####/gal.db
  • /data/data/####/gal.db-journal
  • /data/data/####/gdt_config.cfg
  • /data/data/####/gdt_plugin.dex
  • /data/data/####/gdt_plugin.dex.flock (deleted)
  • /data/data/####/gdt_plugin.jar
  • /data/data/####/gdt_plugin.jar.sig
  • /data/data/####/gdt_stat.db
  • /data/data/####/gdt_stat.db-journal
  • /data/data/####/gdt_suid
  • /data/data/####/hst.db
  • /data/data/####/hst.db-journal
  • /data/data/####/i==1.2.0&&1.0.5_1680819797733_dW5pZnlfbG9ncw==;.log
  • /data/data/####/ic_close.png
  • /data/data/####/ic_play.png
  • /data/data/####/ic_rotate_arrow.png
  • /data/data/####/ic_rotate_phone.png
  • /data/data/####/ic_shake.png
  • /data/data/####/ic_sound_off.png
  • /data/data/####/ic_sound_on.png
  • /data/data/####/icon_ksad_close.png
  • /data/data/####/icon_ksad_confirm_arrow.png
  • /data/data/####/icon_ksad_confirm_close.png
  • /data/data/####/icon_ksad_endcard_btn.png
  • /data/data/####/icon_ksad_endcard_close.png
  • /data/data/####/icon_ksad_endcard_giftbox.png
  • /data/data/####/icon_ksad_endcard_high_btn.png
  • /data/data/####/icon_ksad_endcard_shake.png
  • /data/data/####/icon_ksad_endcard_title.png
  • /data/data/####/icon_ksad_gift.png
  • /data/data/####/icon_ksad_gift_new.png
  • /data/data/####/icon_ksad_gift_small.png
  • /data/data/####/icon_ksad_mute.png
  • /data/data/####/icon_ksad_playend_close.png
  • /data/data/####/icon_ksad_playend_dash_line.png
  • /data/data/####/icon_ksad_secondclick_close.png
  • /data/data/####/icon_ksad_secondclick_hand.png
  • /data/data/####/icon_ksad_secondclick_present.png
  • /data/data/####/icon_ksad_skip.png
  • /data/data/####/icon_ksad_sound.png
  • /data/data/####/icon_ksad_video_interact_button.png
  • /data/data/####/icon_ksad_video_interact_button_red.png
  • /data/data/####/icon_ksad_video_interact_error.png
  • /data/data/####/icon_ksad_video_interact_hand.png
  • /data/data/####/icon_ksad_video_interact_puzzle_mask.png
  • /data/data/####/icon_ksad_video_interact_puzzle_mask_tmp.png
  • /data/data/####/icon_ksad_video_interact_redbag.png
  • /data/data/####/icon_ksad_video_interact_right.png
  • /data/data/####/icon_ksad_video_intteract_close.png
  • /data/data/####/icon_ksad_white_right_arrow.png
  • /data/data/####/index
  • /data/data/####/info.xml
  • /data/data/####/ksad-feed-back-card.110.js
  • /data/data/####/ksad-feed-back-card.110.json
  • /data/data/####/ksad-feed-back-card1680819853361 (deleted)
  • /data/data/####/ksad-fullscreen-video-card
  • /data/data/####/ksad-fullscreen-video-card.136.js
  • /data/data/####/ksad-fullscreen-video-card.136.json
  • /data/data/####/ksad-interstitial-card
  • /data/data/####/ksad-interstitial-card.246.js
  • /data/data/####/ksad-interstitial-card.246.json
  • /data/data/####/ksad-splash-end-card
  • /data/data/####/ksad-splash-end-card.113.js
  • /data/data/####/ksad-splash-end-card.113.json
  • /data/data/####/ksad-video-bottom-card-v2
  • /data/data/####/ksad-video-bottom-card-v2.128.js
  • /data/data/####/ksad-video-bottom-card-v2.128.json
  • /data/data/####/ksad-video-confirm-card.115.js
  • /data/data/####/ksad-video-confirm-card.115.json
  • /data/data/####/ksad-video-confirm-card1680819854280 (deleted)
  • /data/data/####/ksad-video-interact-card
  • /data/data/####/ksad-video-interact-card.108.js
  • /data/data/####/ksad-video-interact-card.108.json
  • /data/data/####/ksad-video-middle-card
  • /data/data/####/ksad-video-middle-card.127.js
  • /data/data/####/ksad-video-middle-card.127.json
  • /data/data/####/ksad-video-playend-dialog-card
  • /data/data/####/ksad-video-playend-dialog-card.105.js
  • /data/data/####/ksad-video-secondclick-card
  • /data/data/####/ksad-video-secondclick-card.107.js
  • /data/data/####/ksad-video-secondclick-card.107.json
  • /data/data/####/ksad-video-top-bar
  • /data/data/####/ksad-video-top-bar.214.js
  • /data/data/####/ksad-video-top-bar.214.json
  • /data/data/####/ksad_file_download.db-journal
  • /data/data/####/ksadcache.db-journal
  • /data/data/####/ksadrep.db-journal
  • /data/data/####/ksadsdk_JS_CONFIG.kva
  • /data/data/####/ksadsdk_JS_CONFIG.kvb
  • /data/data/####/ksadsdk_JS_CONFIG.xml
  • /data/data/####/ksadsdk_api_path.kva
  • /data/data/####/ksadsdk_api_path.kvb
  • /data/data/####/ksadsdk_api_path.xml
  • /data/data/####/ksadsdk_config.xml
  • /data/data/####/ksadsdk_config_request.kva
  • /data/data/####/ksadsdk_config_request.kvb
  • /data/data/####/ksadsdk_config_request.xml
  • /data/data/####/ksadsdk_data_flow_auto_start.kva
  • /data/data/####/ksadsdk_data_flow_auto_start.kvb
  • /data/data/####/ksadsdk_data_flow_auto_start.xml
  • /data/data/####/ksadsdk_device_sig.kva
  • /data/data/####/ksadsdk_device_sig.kvb
  • /data/data/####/ksadsdk_device_sig.xml
  • /data/data/####/ksadsdk_download_package_length.kva
  • /data/data/####/ksadsdk_download_package_length.kvb
  • /data/data/####/ksadsdk_download_package_length.xml
  • /data/data/####/ksadsdk_download_package_md5.kva
  • /data/data/####/ksadsdk_download_package_md5.kvb
  • /data/data/####/ksadsdk_download_package_md5.xml
  • /data/data/####/ksadsdk_egid.kva
  • /data/data/####/ksadsdk_egid.kvb
  • /data/data/####/ksadsdk_egid.xml
  • /data/data/####/ksadsdk_fullscreen_local_ad_count.kva
  • /data/data/####/ksadsdk_fullscreen_local_ad_count.kvb
  • /data/data/####/ksadsdk_fullscreen_local_ad_count.xml
  • /data/data/####/ksadsdk_gidExpireTimeMs.kva
  • /data/data/####/ksadsdk_gidExpireTimeMs.kvb
  • /data/data/####/ksadsdk_gidExpireTimeMs.xml
  • /data/data/####/ksadsdk_idc.kva
  • /data/data/####/ksadsdk_idc.kvb
  • /data/data/####/ksadsdk_idc.xml
  • /data/data/####/ksadsdk_interstitial_aggregate_daily_show_count.kva
  • /data/data/####/ksadsdk_interstitial_aggregate_daily_show_count.kvb
  • /data/data/####/ksadsdk_interstitial_aggregate_daily_show_count.xml
  • /data/data/####/ksadsdk_interstitial_daily_show_count.kva
  • /data/data/####/ksadsdk_interstitial_daily_show_count.kvb
  • /data/data/####/ksadsdk_interstitial_daily_show_count.xml
  • /data/data/####/ksadsdk_local_ad_force_active.kva
  • /data/data/####/ksadsdk_local_ad_force_active.kvb
  • /data/data/####/ksadsdk_local_ad_force_active.xml
  • /data/data/####/ksadsdk_local_ad_force_active_data.kva
  • /data/data/####/ksadsdk_local_ad_force_active_data.kvb
  • /data/data/####/ksadsdk_local_ad_force_active_data.xml
  • /data/data/####/ksadsdk_local_ad_task_info.kva
  • /data/data/####/ksadsdk_local_ad_task_info.kvb
  • /data/data/####/ksadsdk_local_ad_task_info.xml
  • /data/data/####/ksadsdk_model.kva
  • /data/data/####/ksadsdk_model.kvb
  • /data/data/####/ksadsdk_model.xml
  • /data/data/####/ksadsdk_model.xml.bak
  • /data/data/####/ksadsdk_mplogseq.kva
  • /data/data/####/ksadsdk_mplogseq.kvb
  • /data/data/####/ksadsdk_mplogseq.xml
  • /data/data/####/ksadsdk_notification_download_complete.kva
  • /data/data/####/ksadsdk_notification_download_complete.kvb
  • /data/data/####/ksadsdk_notification_download_complete.xml
  • /data/data/####/ksadsdk_perf.xml
  • /data/data/####/ksadsdk_perf.xml.bak
  • /data/data/####/ksadsdk_pref.kva
  • /data/data/####/ksadsdk_pref.kvb
  • /data/data/####/ksadsdk_pref.xml
  • /data/data/####/ksadsdk_pref.xml.bak
  • /data/data/####/ksadsdk_rep.kva
  • /data/data/####/ksadsdk_rep.kvb
  • /data/data/####/ksadsdk_rep.xml
  • /data/data/####/ksadsdk_reward_auto_call_app_card_show_count.kva
  • /data/data/####/ksadsdk_reward_auto_call_app_card_show_count.kvb
  • /data/data/####/ksadsdk_reward_auto_call_app_card_show_count.xml
  • /data/data/####/ksadsdk_reward_full_ad_jump_direct.kva
  • /data/data/####/ksadsdk_reward_full_ad_jump_direct.kvb
  • /data/data/####/ksadsdk_reward_full_ad_jump_direct.xml
  • /data/data/####/ksadsdk_reward_reflow_config.kva
  • /data/data/####/ksadsdk_reward_reflow_config.kvb
  • /data/data/####/ksadsdk_reward_reflow_config.xml
  • /data/data/####/ksadsdk_sdk_config_data
  • /data/data/####/ksadsdk_seq.kva
  • /data/data/####/ksadsdk_seq.kvb
  • /data/data/####/ksadsdk_seq.xml
  • /data/data/####/ksadsdk_so_load_times.kva
  • /data/data/####/ksadsdk_so_load_times.kvb
  • /data/data/####/ksadsdk_so_load_times.xml
  • /data/data/####/ksadsdk_solder.kva
  • /data/data/####/ksadsdk_solder.kvb
  • /data/data/####/ksadsdk_solder.xml
  • /data/data/####/ksadsdk_splash_daily_show_count.kva
  • /data/data/####/ksadsdk_splash_daily_show_count.kvb
  • /data/data/####/ksadsdk_splash_daily_show_count.xml
  • /data/data/####/ksadsdk_splash_local_rotate_active_count.kva
  • /data/data/####/ksadsdk_splash_local_rotate_active_count.kvb
  • /data/data/####/ksadsdk_splash_local_rotate_active_count.xml
  • /data/data/####/ksadsdk_splash_preload_id_list.kva
  • /data/data/####/ksadsdk_splash_preload_id_list.kvb
  • /data/data/####/ksadsdk_splash_preload_id_list.xml
  • /data/data/####/ksadsdk_wallpaper_path.kva
  • /data/data/####/ksadsdk_wallpaper_path.kvb
  • /data/data/####/ksadsdk_wallpaper_path.xml
  • /data/data/####/kscfg_outdfp.xml
  • /data/data/####/kssdk_api_pref.xml
  • /data/data/####/kssdk_kv_mode.xml
  • /data/data/####/libMMANDKSignature.868203c0.so
  • /data/data/####/libPglmetasec_ml.so
  • /data/data/####/libavmdl_lite.so
  • /data/data/####/libc++_shared.so
  • /data/data/####/libcuid_v3.so
  • /data/data/####/libjiagu.so
  • /data/data/####/libkeva.so
  • /data/data/####/libkwad-fb.so
  • /data/data/####/libkwappstatus.so
  • /data/data/####/libmaparmor.so
  • /data/data/####/libpanglarmor.so
  • /data/data/####/libquic.zip (deleted)
  • /data/data/####/libquickjs.so
  • /data/data/####/libquickjs.zip
  • /data/data/####/libquickjs.zip_0
  • /data/data/####/libtobEmbedEncrypt.so
  • /data/data/####/libtquic_jni.so
  • /data/data/####/libttmplayer_lite.so
  • /data/data/####/libturingau.868203c0.so
  • /data/data/####/libweapon611.so
  • /data/data/####/libyaqbasic.868203c0.so
  • /data/data/####/libyaqpro.868203c0.so
  • /data/data/####/local_crash_lock
  • /data/data/####/lottie_black_button.json
  • /data/data/####/lottie_ripple_btn.json
  • /data/data/####/lottie_top_arrow.json
  • /data/data/####/lottie_ver_slide.json
  • /data/data/####/lottie_wave_backgroud.json
  • /data/data/####/lottie_wave_button.json
  • /data/data/####/m_ss_app_config.xml
  • /data/data/####/map
  • /data/data/####/metrics_guid
  • /data/data/####/mpdc_105498_1
  • /data/data/####/native_record_lock
  • /data/data/####/npth.xml
  • /data/data/####/npth_m_log.db-journal
  • /data/data/####/ofl.config
  • /data/data/####/ofl_location.db
  • /data/data/####/ofl_location.db-journal
  • /data/data/####/ofl_statistics.db
  • /data/data/####/ofl_statistics.db-journal
  • /data/data/####/pacing_102239080.xml
  • /data/data/####/pacing_102239081.xml
  • /data/data/####/pacing_102239628.xml
  • /data/data/####/pacing_102239648.xml
  • /data/data/####/packageIndex.json
  • /data/data/####/pangle_com.byted.pangle_applog_net_cache.dat.xml
  • /data/data/####/pangle_com.byted.pangle_bd_embed_tea_agent.db-journal
  • /data/data/####/pangle_com.byted.pangle_downloader.db-journal
  • /data/data/####/pangle_com.byted.pangle_embed_applog_stats.xml
  • /data/data/####/pangle_com.byted.pangle_embed_header_custom.xml
  • /data/data/####/pangle_com.byted.pangle_npth.xml
  • /data/data/####/pangle_com.byted.pangle_npth_log.db-journal
  • /data/data/####/pangle_com.byted.pangle_snssdk_openudid.xml
  • /data/data/####/pangle_com.byted.pangle_ss_app_config.xml
  • /data/data/####/pangle_com.byted.pangle_tt_mediation_ppe_info.xml
  • /data/data/####/pangle_com.byted.pangle_tt_sdk_settings_other.xml
  • /data/data/####/pangle_com.byted.pangle_ttnet_tnc_config1371.xml
  • /data/data/####/pangle_com.byted.pangle_ttopensdk.db-journal
  • /data/data/####/pangle_meta_data_sp.xml
  • /data/data/####/pangle_meta_data_sp.xml.bak
  • /data/data/####/proc_auxv
  • /data/data/####/re_po_rt.xml
  • /data/data/####/re_po_rt.xml.bak
  • /data/data/####/resMappingBak
  • /data/data/####/reward_swipe_right_00001.png
  • /data/data/####/reward_swipe_right_00002.png
  • /data/data/####/reward_swipe_right_00003.png
  • /data/data/####/reward_swipe_right_00004.png
  • /data/data/####/reward_swipe_right_00005.png
  • /data/data/####/reward_swipe_right_00006.png
  • /data/data/####/reward_swipe_right_00007.png
  • /data/data/####/reward_swipe_right_00008.png
  • /data/data/####/reward_swipe_right_00009.png
  • /data/data/####/reward_swipe_right_00010.png
  • /data/data/####/reward_swipe_right_00011.png
  • /data/data/####/reward_swipe_right_00012.png
  • /data/data/####/reward_swipe_right_00013.png
  • /data/data/####/reward_swipe_right_00014.png
  • /data/data/####/reward_swipe_right_00015.png
  • /data/data/####/reward_swipe_right_00016.png
  • /data/data/####/reward_swipe_right_00017.png
  • /data/data/####/reward_swipe_right_00018.png
  • /data/data/####/reward_swipe_right_00019.png
  • /data/data/####/reward_swipe_right_00020.png
  • /data/data/####/reward_swipe_right_00021.png
  • /data/data/####/reward_swipe_right_00022.png
  • /data/data/####/reward_swipe_right_00023.png
  • /data/data/####/reward_swipe_right_00024.png
  • /data/data/####/reward_swipe_right_00025.png
  • /data/data/####/scheme_list_data.sgv
  • /data/data/####/sdkCloudSetting.cfg
  • /data/data/####/sdkCloudSetting.sig
  • /data/data/####/security_info
  • /data/data/####/sigmob_mta.db-journal
  • /data/data/####/snssdk_openudid.xml
  • /data/data/####/sp_full_screen_video_adslot.blk
  • /data/data/####/sp_multi_ttmadnet_config.xml
  • /data/data/####/sp_reward_video_adslot.blk
  • /data/data/####/tbs_download_config.xml
  • /data/data/####/tbs_download_stat.xml
  • /data/data/####/tbs_pv_config
  • /data/data/####/tbscoreinstall.txt
  • /data/data/####/tbslock.txt
  • /data/data/####/template
  • /data/data/####/the-real-index
  • /data/data/####/tt_ad_mediation_sdk_sp.xml
  • /data/data/####/tt_ad_mediation_sdk_sp.xml.bak (deleted)
  • /data/data/####/tt_device_info.xml
  • /data/data/####/tt_mediation_open_sdk.db-journal
  • /data/data/####/tt_mediation_ppe_info.xml
  • /data/data/####/tt_sdk_settings_5357944.xml
  • /data/data/####/tt_sdk_settings_other.blk
  • /data/data/####/tt_sdk_settings_slot.blk
  • /data/data/####/ttnet_tnc_config4741.xml
  • /data/data/####/turingfd_conf_105498_au.xml
  • /data/data/####/turingfd_conf_105498_au.xml.bak
  • /data/data/####/turingfd_conf_105498_au.xml.bak (deleted)
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/um_pri.xml
  • /data/data/####/um_session_id.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_location.xml
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_zcfg_flag
  • /data/data/####/umeng_zero_cache.db
  • /data/data/####/umeng_zero_cache.db-journal
  • /data/data/####/unique
  • /data/data/####/update.lock
  • /data/data/####/update_lc
  • /data/data/####/ver
  • /data/data/####/w.db-journal
  • /data/data/####/whdxjXkXVMoI (deleted)
  • /data/data/####/wind.db-journal
  • /data/data/####/xzzq_data.xml
  • /data/data/####/xzzq_data.xml.bak
  • /data/data/####/yaq.868203c0.sec
  • /data/data/####/yaq2.868203c0.sec
  • /data/data/####/yaq3_0.868203c0.sec
  • /data/data/####/yaqsdkcookie
  • /data/data/####/z==1.2.0&&1.0.5_1680819794863_emNmZw==;.log
  • /data/media/####/.android_system_config.prop
  • /data/media/####/.o_a
  • /data/media/####/.oukdtft
  • /data/media/####/.xz.txt
  • /data/media/####/104348e8e8ef31d3805786fbb547d9b5
  • /data/media/####/64d542435d5d62bb7a48999ecedee97b
  • /data/media/####/c66faeae28c768d92c3ea8a6e9ebb5e9
  • /data/media/####/clientudid.dat
  • /data/media/####/conlts.dat
  • /data/media/####/cookie
  • /data/media/####/ls.db
  • /data/media/####/ls.db-journal
  • /data/media/####/meta.dat
  • /data/media/####/tbslog.txt
  • /data/media/####/temp_pkg_info.json
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • busybox df
  • id
  • which su
  • /system/bin/cat /proc/cpuinfo
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • /system/bin/df
  • /system/bin/getprop
  • /system/bin/sh -c getprop
  • busybox
  • busybox df
  • busybox lspci
  • cat /proc/net/route
  • cat /proc/sys/kernel/random/boot_id
  • cat /proc/uptime
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • cat /sys/devices/soc0/serial_number
  • getenforce
  • getprop
  • getprop ro.build.version.emui
  • getprop ro.letv.release.version
  • getprop ro.product.cpu.abi
  • getprop ro.vivo.os.build.display.id
  • grep <Package>
  • grep frida
  • grep frida-server
  • id
  • ls -al /proc/3609/fd
  • ls -l /system/bin/su
  • ls /
  • ls /sys/class/thermal
  • lsmod
  • lsof -p 3609
  • lspci
  • lsusb
  • netstat -an
  • netstat -apn | grep scrcpy
  • netstat -nap
  • pidof adbd
  • ps
  • sh
  • sh -c ls -al /proc/3609/fd | grep frida
  • sh -c ps | grep <Package>
  • sh -c ps | grep frida-server
  • sh -c busybox 2>&1
  • sh -c toybox 2>&1
  • sh -c type su
  • su -v
  • toybox
  • which su
Loads the following dynamic libraries:
  • libMMANDKSignature.868203c0
  • libPglmetasec_ml
  • libcrashsdk
  • libindoor
  • libjiagu
  • libkeva
  • libkwappstatus
  • liblocSDK8a
  • libmaparmor
  • libnotpluginpro
  • libpanglarmor
  • libsecsdk
  • libsgcore
  • libtobEmbedEncrypt
  • libtobEmbedEncryptForM
  • libtquic_jni
  • libttmplayer_lite
  • libturingau.868203c0
  • libweapon611
  • libyaqbasic.868203c0
  • libyaqpro.868203c0
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
  • AES-GCM-NoPadding
  • RSA-ECB-NoPadding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5PADDING
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-ECB-PKCS7Padding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play