JavaScript support is required for our site to be fully operational in your browser.
Android.DownLoader.3630
Added to the Dr.Web virus database:
2018-06-27
Virus description added:
2018-06-27
Technical information
Malicious functions:
Executes code of the following detected threats:
Downloads the following detected threats from the Web:
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
UDP(DNS) <Google DNS>
TCP(HTTP/1.1) c.t####.b####.com:80
TCP(HTTP/1.1) log.sn####.com.####.net:80
TCP(HTTP/1.1) img.cool####.cn:80
TCP(HTTP/1.1) a####.u####.com:80
TCP(HTTP/1.1) ib.sn####.com:80
TCP(HTTP/1.1) cd.kw####.com:80
TCP(HTTP/1.1) ic.sn####.com:80
TCP(HTTP/1.1) dm.tou####.com:80
TCP(HTTP/1.1) icha####.sn####.com:80
TCP(HTTP/1.1) p1.ps####.com:80
TCP(HTTP/1.1) oc.u####.com:80
TCP(HTTP/1.1) p9.ps####.com.####.com:80
TCP(TLS/1.0) b####.be####.top:443
TCP(TLS/1.0) aliyuno####.oss-cn-####.aliy####.com:443
DNS requests:
a####.u####.com
aliyuno####.oss-cn-####.aliy####.com
b####.be####.top
c.t####.b####.com
cd.kw####.com
dm.tou####.com
i####.sn####.com
ib.sn####.com
ic.sn####.com
icha####.sn####.com
img.cool####.cn
log.sn####.com
oc.u####.com
p1.ps####.com
p3.ps####.com
p9.ps####.com
HTTP GET requests:
dm.tou####.com/2/data/v4/get_comments/?group_id=####&count=####&offset=#...
dm.tou####.com/2/user/info/?ac=####&channel=####&aid=####&app_name=####&...
dm.tou####.com/get_domains/?ac=####&channel=####&aid=####&app_name=####&...
dm.tou####.com/large/1636000358ada9f3150d
dm.tou####.com/large/16370002e0c6101a10c6
dm.tou####.com/large/163700034a1b6d124efb
dm.tou####.com/large/163900034de9ed98b013
dm.tou####.com/large/166300000091c2238818
dm.tou####.com/medium/15c500047b050c23c6fc
dm.tou####.com/medium/16360003533f7d6338b8
dm.tou####.com/medium/16360003553bc6f3c14a
dm.tou####.com/medium/1636000358ada9f3150d
dm.tou####.com/medium/16370002dea5bdfa08da
dm.tou####.com/medium/16370002e0c6101a10c6
dm.tou####.com/medium/1637000334a7ba068b40
dm.tou####.com/medium/16370003487e3c594103
dm.tou####.com/medium/163700034a1b6d124efb
dm.tou####.com/medium/163700035467d3fb855a
dm.tou####.com/medium/16380001e0d8347588a5
dm.tou####.com/medium/16380001e5962db62270
dm.tou####.com/medium/163900034de9ed98b013
dm.tou####.com/medium/16390003532be1531358
dm.tou####.com/medium/163900035abfcaa54480
dm.tou####.com/medium/16390003610c2e636dfb
dm.tou####.com/medium/166300000091c2238818
ib.sn####.com/2/image/recent/?tag=####&count=####&ac=####&channel=####&a...
ib.sn####.com/service/3/app_components/?screen_type=####&ac=####&channel...
ib.sn####.com/service/4/app_ad/?_unused=####&carrier=####&mcc_mnc=####&d...
ib.sn####.com/service/settings/v2/?app=####&default=####&ac=####&channel...
ic.sn####.com/2/image/recent/?tag=####&max_behot_time=####&count=####&ii...
ic.sn####.com/service/1/detect_apps/?device_id=####&iid=####&device_id=#...
icha####.sn####.com/feedback/2/list/?appkey=####&count=####&ac=####&chan...
icha####.sn####.com/service/2/app_alert/?has_market=####&lang=####&carri...
icha####.sn####.com/service/2/app_notify/?allow_notify=####&leave_time=#...
icha####.sn####.com/service/2/check_version/?ac=####&channel=####&aid=##...
img.cool####.cn/201806/fdq.jar
p1.ps####.com/large/16360003593ea9642a25
p1.ps####.com/large/163600035a5915e9eb83
p1.ps####.com/large/163600035ad80e9b1d79
p1.ps####.com/large/163600035ce59fcfa85c
p1.ps####.com/large/1637000351c72f7b17a6
p1.ps####.com/large/1637000359af925c61c3
p1.ps####.com/large/163900035c11415edce5
p1.ps####.com/medium/16360003593ea9642a25
p1.ps####.com/medium/163600035a5915e9eb83
p1.ps####.com/medium/163600035ad80e9b1d79
p1.ps####.com/medium/163600035ce59fcfa85c
p1.ps####.com/medium/163700034c4deb8fe6c0
p1.ps####.com/medium/163700034c9d949ff513
p1.ps####.com/medium/1637000351c72f7b17a6
p1.ps####.com/medium/1637000359af925c61c3
p1.ps####.com/medium/163900035c11415edce5
p1.ps####.com/medium/1639000362bc0956367b
p9.ps####.com.####.com/medium/163600033387a1f984c4
p9.ps####.com.####.com/medium/163600035489705aae87
p9.ps####.com.####.com/medium/163700034b4d3757bd61
p9.ps####.com.####.com/medium/163700034b783493082f
p9.ps####.com.####.com/medium/16380002013ebb2add25
HTTP POST requests:
a####.u####.com/app_logs
c.t####.b####.com/c/s/pv
cd.kw####.com/c
cd.kw####.com/d?requestId=####&g=####
dm.tou####.com/2/data/item_action/
ic.sn####.com/cdn/?iid=####&device_id=####&ac=####&channel=####&aid=####...
ic.sn####.com/service/1/update_apps/
log.sn####.com.####.net/service/2/app_log_config/
oc.u####.com/check_config_update
Modified file system:
Creates the following files:
Miscellaneous:
Uses the following algorithms to encrypt data:
Uses the following algorithms to decrypt data:
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about APN settings.
Gains access to information about installed applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.
Curing recommendations
Android
If the mobile device is operating normally, download and install Dr.Web for Android Light . Run a full system scan and follow recommendations to neutralize the detected threats.
If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
Switch off your device and turn it on as normal.
Find out more about Dr.Web for Android
欢迎下载 Dr.Web for Android
免费3个月
可使用所有保护组件
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息
OK