Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Adware.Gexin.9048

Added to the Dr.Web virus database: 2019-02-24

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) t####.c####.q####.####.com:80
  • TCP(HTTP/1.1) a.appj####.com:80
  • TCP(HTTP/1.1) d####.365p####.cn:80
  • TCP(HTTP/1.1) ti####.c####.l####.####.com:80
  • TCP sdk.o####.t####.####.com:5224
  • TCP c####.g####.ig####.com:5225
DNS requests:
  • 7j####.c####.z0.####.com
  • a.appj####.com
  • c####.g####.ig####.com
  • c-h####.g####.com
  • d####.365p####.cn
  • sdk.c####.ig####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
HTTP GET requests:
  • d####.365p####.cn/appversion/getNewVersion?system=####
  • d####.365p####.cn/common/getAesKey
  • d####.365p####.cn/dict/list/SOFT_BIG_TYPE
  • d####.365p####.cn/softwareBase/getHomeSoftwares?userId=####&pageSize=###...
  • d####.365p####.cn/tsystemconfig/getFileInfo
  • t####.c####.q####.####.com/tdata_IKl114
  • t####.c####.q####.####.com/tdata_RbW195
  • t####.c####.q####.####.com/tdata_qHR433
  • ti####.c####.l####.####.com/config/hz-hzv3.conf
HTTP POST requests:
  • a.appj####.com/ad-service/ad/mark
  • c-h####.g####.com/api.php?format=####&t=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
File system changes:
Creates the following files:
  • /data/data/####/.jg.ic
  • /data/data/####/.log.lock
  • /data/data/####/.log.ls
  • /data/data/####/AbstractCheckable.qml
  • /data/data/####/AndroidStyle.qml
  • /data/data/####/AnimationDrawable.qml
  • /data/data/####/ApplicationWindow.qml
  • /data/data/####/ApplicationWindowStyle.qml
  • /data/data/####/BasicButton.qml
  • /data/data/####/BasicTableView.qml
  • /data/data/####/BasicTableViewStyle.qml
  • /data/data/####/Blend.qml
  • /data/data/####/BrightnessContrast.qml
  • /data/data/####/BusyIndicator.qml
  • /data/data/####/BusyIndicatorStyle.qml
  • /data/data/####/Button.qml
  • /data/data/####/ButtonStyle.qml
  • /data/data/####/Calendar.qml
  • /data/data/####/CalendarHeaderModel.qml
  • /data/data/####/CalendarStyle.qml
  • /data/data/####/CalendarUtils.js
  • /data/data/####/CheckBox.qml
  • /data/data/####/CheckBoxStyle.qml
  • /data/data/####/CircularButton.qml
  • /data/data/####/CircularButtonStyle.qml
  • /data/data/####/CircularButtonStyleHelper.qml
  • /data/data/####/CircularGaugeSpecifics.qml
  • /data/data/####/CircularGaugeStyle.qml
  • /data/data/####/CircularTickmarkLabel.qml
  • /data/data/####/CircularTickmarkLabelStyle.qml
  • /data/data/####/ClipDrawable.qml
  • /data/data/####/ColorDrawable.qml
  • /data/data/####/ColorOverlay.qml
  • /data/data/####/Colorize.qml
  • /data/data/####/ColumnMenuContent.qml
  • /data/data/####/ComboBox.qml
  • /data/data/####/ComboBoxStyle.qml
  • /data/data/####/CommonStyleHelper.qml
  • /data/data/####/ConicalGradient.qml
  • /data/data/####/ContentItem.qml
  • /data/data/####/Control.qml
  • /data/data/####/CursorHandleStyle.qml
  • /data/data/####/DelayButtonSpecifics.qml
  • /data/data/####/DelayButtonStyle.qml
  • /data/data/####/Desaturate.qml
  • /data/data/####/DialSpecifics.qml
  • /data/data/####/DialStyle.qml
  • /data/data/####/DirectionalBlur.qml
  • /data/data/####/Displace.qml
  • /data/data/####/Drawable.qml
  • /data/data/####/DrawableLoader.qml
  • /data/data/####/DropShadow.qml
  • /data/data/####/DropShadowBase.qml
  • /data/data/####/EditMenu.qml
  • /data/data/####/EditMenu_base.qml
  • /data/data/####/FastBlur.qml
  • /data/data/####/FastGlow.qml
  • /data/data/####/FastInnerShadow.qml
  • /data/data/####/FastMaskedBlur.qml
  • /data/data/####/FocusFrame.qml
  • /data/data/####/FocusFrameStyle.qml
  • /data/data/####/GammaAdjust.qml
  • /data/data/####/GaugeSpecifics.qml
  • /data/data/####/GaugeStyle.qml
  • /data/data/####/GaussianBlur.qml
  • /data/data/####/GaussianDirectionalBlur.qml
  • /data/data/####/GaussianGlow.qml
  • /data/data/####/GaussianInnerShadow.qml
  • /data/data/####/GaussianMaskedBlur.qml
  • /data/data/####/Glow.qml
  • /data/data/####/GradientDrawable.qml
  • /data/data/####/GroupBox.qml
  • /data/data/####/GroupBoxStyle.qml
  • /data/data/####/Handle.qml
  • /data/data/####/HandleStyle.qml
  • /data/data/####/HandleStyleHelper.qml
  • /data/data/####/HoverButton.qml
  • /data/data/####/HueSaturation.qml
  • /data/data/####/ImageDrawable.qml
  • /data/data/####/InnerShadow.qml
  • /data/data/####/Label.qml
  • /data/data/####/LabelStyle.qml
  • /data/data/####/LayerDrawable.qml
  • /data/data/####/LevelAdjust.qml
  • /data/data/####/LinearGradient.qml
  • /data/data/####/MaskedBlur.qml
  • /data/data/####/Menu.qml
  • /data/data/####/MenuBar.qml
  • /data/data/####/MenuBarStyle.qml
  • /data/data/####/MenuContentItem.qml
  • /data/data/####/MenuContentScroller.qml
  • /data/data/####/MenuItemSubControls.qml
  • /data/data/####/MenuStyle.qml
  • /data/data/####/ModalPopupBehavior.qml
  • /data/data/####/NinePatchDrawable.qml
  • /data/data/####/OpacityMask.qml
  • /data/data/####/PictureSpecifics.qml
  • /data/data/####/PieMenuIcon.qml
  • /data/data/####/PieMenuSpecifics.qml
  • /data/data/####/PieMenuStyle.qml
  • /data/data/####/ProgressBar.qml
  • /data/data/####/ProgressBarStyle.qml
  • /data/data/####/RadialBlur.qml
  • /data/data/####/RadialGradient.qml
  • /data/data/####/RadioButton.qml
  • /data/data/####/RadioButtonStyle.qml
  • /data/data/####/RectangularGlow.qml
  • /data/data/####/RecursiveBlur.qml
  • /data/data/####/RotateDrawable.qml
  • /data/data/####/ScrollBar.qml
  • /data/data/####/ScrollView.qml
  • /data/data/####/ScrollViewHelper.qml
  • /data/data/####/ScrollViewStyle.qml
  • /data/data/####/Slider.qml
  • /data/data/####/SliderStyle.qml
  • /data/data/####/SourceProxy.qml
  • /data/data/####/SpinBox.qml
  • /data/data/####/SpinBoxStyle.qml
  • /data/data/####/SplitView.qml
  • /data/data/####/StackView.js
  • /data/data/####/StackView.qml
  • /data/data/####/StackViewDelegate.qml
  • /data/data/####/StackViewSlideDelegate.qml
  • /data/data/####/StackViewTransition.qml
  • /data/data/####/StateDrawable.qml
  • /data/data/####/StatusBar.qml
  • /data/data/####/StatusBarStyle.qml
  • /data/data/####/StatusIndicatorSpecifics.qml
  • /data/data/####/StatusIndicatorStyle.qml
  • /data/data/####/Style.qml
  • /data/data/####/Switch.qml
  • /data/data/####/SwitchStyle.qml
  • /data/data/####/SystemPaletteSingleton.qml
  • /data/data/####/Tab.qml
  • /data/data/####/TabBar.qml
  • /data/data/####/TabView.qml
  • /data/data/####/TabViewStyle.qml
  • /data/data/####/TableView.qml
  • /data/data/####/TableViewColumn.qml
  • /data/data/####/TableViewItemDelegateLoader.qml
  • /data/data/####/TableViewSelection.qml
  • /data/data/####/TableViewStyle.qml
  • /data/data/####/TextArea.qml
  • /data/data/####/TextAreaStyle.qml
  • /data/data/####/TextField.qml
  • /data/data/####/TextFieldStyle.qml
  • /data/data/####/TextHandle.qml
  • /data/data/####/TextInputWithHandles.qml
  • /data/data/####/TextSingleton.qml
  • /data/data/####/ThresholdMask.qml
  • /data/data/####/ToggleButtonSpecifics.qml
  • /data/data/####/ToggleButtonStyle.qml
  • /data/data/####/ToolBar.qml
  • /data/data/####/ToolBarStyle.qml
  • /data/data/####/ToolButton.qml
  • /data/data/####/ToolButtonStyle.qml
  • /data/data/####/ToolMenuButton.qml
  • /data/data/####/TreeView.qml
  • /data/data/####/TreeViewItemDelegateLoader.qml
  • /data/data/####/TreeViewStyle.qml
  • /data/data/####/TumblerStyle.qml
  • /data/data/####/Video.qml
  • /data/data/####/ZoomBlur.qml
  • /data/data/####/actionBarStyle_ActionBar_background.png
  • /data/data/####/actionBarStyle_ActionBar_backgroundSplit.png
  • /data/data/####/actionBarStyle_ActionBar_backgroundStacked.png
  • /data/data/####/actionBarStyle_ActionBar_divider.png
  • /data/data/####/actionBarStyle_TextView_textCursorDrawable.png
  • /data/data/####/actionBarStyle_View_background.png
  • /data/data/####/actionBarStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/actionBarStyle_View_scrollbarThumbVertical.png
  • /data/data/####/actionBarTabBarStyle_LinearLayout_divider.png
  • /data/data/####/actionBarTabBarStyle_TextView_textCursorDrawable.png
  • /data/data/####/actionBarTabBarStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/actionBarTabBarStyle_View_scrollbarThumbVertical.png
  • /data/data/####/actionBarTabStyle_TextView_textCursorDrawable.png
  • /data/data/####/actionBarTabStyle_View_background__focused__sel...ed.png
  • /data/data/####/actionBarTabStyle_View_background__focused__uns...ed.png
  • /data/data/####/actionBarTabStyle_View_background__not_focused_...ed.png
  • /data/data/####/actionBarTabStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/actionBarTabStyle_View_scrollbarThumbVertical.png
  • /data/data/####/actionBarTabTextStyle_TextView_textCursorDrawable.png
  • /data/data/####/actionBarTabTextStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/actionBarTabTextStyle_View_scrollbarThumbVertical.png
  • /data/data/####/actionButtonStyle_TextView_textCursorDrawable.png
  • /data/data/####/actionButtonStyle_View_background__focused.png
  • /data/data/####/actionButtonStyle_View_background__focused__dis...ed.png
  • /data/data/####/actionButtonStyle_View_background__focused__disabled.png
  • /data/data/####/actionButtonStyle_View_background__focused__pressed__0.png
  • /data/data/####/actionButtonStyle_View_background__focused__pressed__1.png
  • /data/data/####/actionButtonStyle_View_background__not_focused_..._0.png
  • /data/data/####/actionButtonStyle_View_background__not_focused_..._1.png
  • /data/data/####/actionButtonStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/actionButtonStyle_View_scrollbarThumbVertical.png
  • /data/data/####/actionOverflowButtonStyle_ImageView_src__empty.png
  • /data/data/####/actionOverflowButtonStyle_View_background__focu..._0.png
  • /data/data/####/actionOverflowButtonStyle_View_background__focu..._1.png
  • /data/data/####/actionOverflowButtonStyle_View_background__focu...ed.png
  • /data/data/####/actionOverflowButtonStyle_View_background__focused.png
  • /data/data/####/actionOverflowButtonStyle_View_background__not_..._0.png
  • /data/data/####/actionOverflowButtonStyle_View_background__not_..._1.png
  • /data/data/####/actionOverflowButtonStyle_View_scrollbarThumbHo...al.png
  • /data/data/####/actionOverflowButtonStyle_View_scrollbarThumbVertical.png
  • /data/data/####/arrow-down.png
  • /data/data/####/arrow-down@2x.png
  • /data/data/####/arrow-left.png
  • /data/data/####/arrow-left@2x.png
  • /data/data/####/arrow-right.png
  • /data/data/####/arrow-right@2x.png
  • /data/data/####/arrow-up.png
  • /data/data/####/arrow-up@2x.png
  • /data/data/####/button.png
  • /data/data/####/buttonStyleToggle_TextView_textCursorDrawable.png
  • /data/data/####/buttonStyleToggle_View_background__checked.png
  • /data/data/####/buttonStyleToggle_View_background__checked__pressed.png
  • /data/data/####/buttonStyleToggle_View_background__empty.png
  • /data/data/####/buttonStyleToggle_View_background__enabled.png
  • /data/data/####/buttonStyleToggle_View_background__enabled__checked.png
  • /data/data/####/buttonStyleToggle_View_background__focused.png
  • /data/data/####/buttonStyleToggle_View_background__focused__checked.png
  • /data/data/####/buttonStyleToggle_View_background__focused__ena...ed.png
  • /data/data/####/buttonStyleToggle_View_background__focused__enabled.png
  • /data/data/####/buttonStyleToggle_View_background__pressed.png
  • /data/data/####/buttonStyleToggle_View_background__window_not_f...ed.png
  • /data/data/####/buttonStyleToggle_View_scrollbarThumbHorizontal.png
  • /data/data/####/buttonStyleToggle_View_scrollbarThumbVertical.png
  • /data/data/####/buttonStyle_TextView_textCursorDrawable.png
  • /data/data/####/buttonStyle_View_background__empty.png
  • /data/data/####/buttonStyle_View_background__enabled.png
  • /data/data/####/buttonStyle_View_background__focused.png
  • /data/data/####/buttonStyle_View_background__focused__enabled.png
  • /data/data/####/buttonStyle_View_background__pressed.png
  • /data/data/####/buttonStyle_View_background__window_not_focused...ed.png
  • /data/data/####/buttonStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/buttonStyle_View_scrollbarThumbVertical.png
  • /data/data/####/button_down.png
  • /data/data/####/cache.version
  • /data/data/####/calendarViewStyle_CalendarView_selectedDateVerticalBar.png
  • /data/data/####/calendarViewStyle_TextView_textCursorDrawable.png
  • /data/data/####/calendarViewStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/calendarViewStyle_View_scrollbarThumbVertical.png
  • /data/data/####/check.png
  • /data/data/####/check@2x.png
  • /data/data/####/checkboxStyle_CompoundButton_button__checked.png
  • /data/data/####/checkboxStyle_CompoundButton_button__enabled__c...ed.png
  • /data/data/####/checkboxStyle_CompoundButton_button__enabled__checked.png
  • /data/data/####/checkboxStyle_CompoundButton_button__enabled__u...ed.png
  • /data/data/####/checkboxStyle_CompoundButton_button__focused__checked.png
  • /data/data/####/checkboxStyle_CompoundButton_button__focused__e...ed.png
  • /data/data/####/checkboxStyle_CompoundButton_button__focused__u...ed.png
  • /data/data/####/checkboxStyle_CompoundButton_button__unchecked.png
  • /data/data/####/checkboxStyle_CompoundButton_button__window_not...ed.png
  • /data/data/####/checkboxStyle_TextView_textCursorDrawable.png
  • /data/data/####/checkboxStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/checkboxStyle_View_scrollbarThumbVertical.png
  • /data/data/####/circulargauge-icon.png
  • /data/data/####/circulargauge-icon16.png
  • /data/data/####/delaybutton-icon.png
  • /data/data/####/delaybutton-icon16.png
  • /data/data/####/dial-icon.png
  • /data/data/####/dial-icon16.png
  • /data/data/####/editTextStyle_TextView_textCursorDrawable.png
  • /data/data/####/editTextStyle_View_background__empty.png
  • /data/data/####/editTextStyle_View_background__enabled.png
  • /data/data/####/editTextStyle_View_background__enabled__activat...ne.png
  • /data/data/####/editTextStyle_View_background__enabled__multiline.png
  • /data/data/####/editTextStyle_View_background__focused.png
  • /data/data/####/editTextStyle_View_background__focused__enabled...ne.png
  • /data/data/####/editTextStyle_View_background__focused__enabled.png
  • /data/data/####/editTextStyle_View_background__focused__multiline.png
  • /data/data/####/editTextStyle_View_background__multiline.png
  • /data/data/####/editTextStyle_View_background__window_not_focus...ed.png
  • /data/data/####/editTextStyle_View_background__window_not_focus...ne.png
  • /data/data/####/editTextStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/editTextStyle_View_scrollbarThumbVertical.png
  • /data/data/####/editbox.png
  • /data/data/####/focusframe.png
  • /data/data/####/gauge-icon.png
  • /data/data/####/gauge-icon16.png
  • /data/data/####/gdaemon_20161017
  • /data/data/####/gkt-journal
  • /data/data/####/groupbox.png
  • /data/data/####/gx_sp.xml
  • /data/data/####/header.png
  • /data/data/####/init.pid
  • /data/data/####/init_c.pid
  • /data/data/####/jg_app_update_settings_random.xml
  • /data/data/####/knob.png
  • /data/data/####/leftanglearrow.png
  • /data/data/####/libdeclarative_multimedia.so
  • /data/data/####/libdeclarative_positioning.so
  • /data/data/####/libdeclarative_webview.so
  • /data/data/####/libjiagu.so
  • /data/data/####/libmodelsplugin.so
  • /data/data/####/libqandroidbearer.so
  • /data/data/####/libqdds.so
  • /data/data/####/libqgif.so
  • /data/data/####/libqicns.so
  • /data/data/####/libqico.so
  • /data/data/####/libqjpeg.so
  • /data/data/####/libqmldbg_debugger.so
  • /data/data/####/libqmldbg_inspector.so
  • /data/data/####/libqmldbg_local.so
  • /data/data/####/libqmldbg_native.so
  • /data/data/####/libqmldbg_profiler.so
  • /data/data/####/libqmldbg_quickprofiler.so
  • /data/data/####/libqmldbg_server.so
  • /data/data/####/libqmldbg_tcp.so
  • /data/data/####/libqquicklayoutsplugin.so
  • /data/data/####/libqsqlite.so
  • /data/data/####/libqsvg.so
  • /data/data/####/libqsvgicon.so
  • /data/data/####/libqtaudio_opensles.so
  • /data/data/####/libqtforandroid.so
  • /data/data/####/libqtga.so
  • /data/data/####/libqtgraphicaleffectsplugin.so
  • /data/data/####/libqtgraphicaleffectsprivate.so
  • /data/data/####/libqtiff.so
  • /data/data/####/libqtmedia_android.so
  • /data/data/####/libqtmultimedia_m3u.so
  • /data/data/####/libqtposition_android.so
  • /data/data/####/libqtposition_positionpoll.so
  • /data/data/####/libqtqmlstatemachine.so
  • /data/data/####/libqtquick2plugin.so
  • /data/data/####/libqtquickcontrolsandroidstyleplugin.so
  • /data/data/####/libqtquickcontrolsplugin.so
  • /data/data/####/libqtquickextrasflatplugin.so
  • /data/data/####/libqtquickextrasplugin.so
  • /data/data/####/libqtsgvideonode_android.so
  • /data/data/####/libqwbmp.so
  • /data/data/####/libqwebp.so
  • /data/data/####/libwindowplugin.so
  • /data/data/####/listSeparatorTextViewStyle_TextView_textCursorDrawable.png
  • /data/data/####/listSeparatorTextViewStyle_View_background.png
  • /data/data/####/listSeparatorTextViewStyle_View_scrollbarThumbH...al.png
  • /data/data/####/listSeparatorTextViewStyle_View_scrollbarThumbVertical.png
  • /data/data/####/listViewStyle_ListView_divider.png
  • /data/data/####/listViewStyle_TextView_textCursorDrawable.png
  • /data/data/####/listViewStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/listViewStyle_View_scrollbarThumbVertical.png
  • /data/data/####/needle.png
  • /data/data/####/picture-icon.png
  • /data/data/####/picture-icon16.png
  • /data/data/####/piemenu-icon.png
  • /data/data/####/piemenu-icon16.png
  • /data/data/####/plugins.qmltypes
  • /data/data/####/progress-indeterminate.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._0.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._1.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._2.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._3.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._4.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._5.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._6.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_indeterm..._7.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_progress...01.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_progress...03.png
  • /data/data/####/progressBarStyleHorizontal_ProgressBar_progress...88.png
  • /data/data/####/progressBarStyleHorizontal_TextView_textCursorDrawable.png
  • /data/data/####/progressBarStyleHorizontal_View_scrollbarThumbH...al.png
  • /data/data/####/progressBarStyleHorizontal_View_scrollbarThumbVertical.png
  • /data/data/####/progressBarStyleLarge_ProgressBar_indeterminate..._0.png
  • /data/data/####/progressBarStyleLarge_ProgressBar_indeterminate..._1.png
  • /data/data/####/progressBarStyleLarge_TextView_textCursorDrawable.png
  • /data/data/####/progressBarStyleLarge_View_scrollbarThumbHorizontal.png
  • /data/data/####/progressBarStyleLarge_View_scrollbarThumbVertical.png
  • /data/data/####/progressBarStyleSmall_ProgressBar_indeterminate..._0.png
  • /data/data/####/progressBarStyleSmall_ProgressBar_indeterminate..._1.png
  • /data/data/####/progressBarStyleSmall_TextView_textCursorDrawable.png
  • /data/data/####/progressBarStyleSmall_View_scrollbarThumbHorizontal.png
  • /data/data/####/progressBarStyleSmall_View_scrollbarThumbVertical.png
  • /data/data/####/progressBarStyle_ProgressBar_indeterminateDrawable__0.png
  • /data/data/####/progressBarStyle_ProgressBar_indeterminateDrawable__1.png
  • /data/data/####/progressBarStyle_TextView_textCursorDrawable.png
  • /data/data/####/progressBarStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/progressBarStyle_View_scrollbarThumbVertical.png
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/qmldir
  • /data/data/####/qtquickextras.metainfo
  • /data/data/####/radioButtonStyle_CompoundButton_button__checked.png
  • /data/data/####/radioButtonStyle_CompoundButton_button__enabled...ed.png
  • /data/data/####/radioButtonStyle_CompoundButton_button__focused...ed.png
  • /data/data/####/radioButtonStyle_CompoundButton_button__unchecked.png
  • /data/data/####/radioButtonStyle_CompoundButton_button__window_...ed.png
  • /data/data/####/radioButtonStyle_TextView_textCursorDrawable.png
  • /data/data/####/radioButtonStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/radioButtonStyle_View_scrollbarThumbVertical.png
  • /data/data/####/rightanglearrow.png
  • /data/data/####/run.pid
  • /data/data/####/scrollViewStyle_TextView_textCursorDrawable.png
  • /data/data/####/scrollViewStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/scrollViewStyle_View_scrollbarThumbVertical.png
  • /data/data/####/scrollbar-handle-horizontal.png
  • /data/data/####/scrollbar-handle-transient.png
  • /data/data/####/scrollbar-handle-vertical.png
  • /data/data/####/seekBarStyle_ProgressBar_indeterminateDrawable_...01.png
  • /data/data/####/seekBarStyle_ProgressBar_indeterminateDrawable_...03.png
  • /data/data/####/seekBarStyle_ProgressBar_indeterminateDrawable_...88.png
  • /data/data/####/seekBarStyle_ProgressBar_progressDrawable__16908288.png
  • /data/data/####/seekBarStyle_ProgressBar_progressDrawable__16908301.png
  • /data/data/####/seekBarStyle_ProgressBar_progressDrawable__16908303.png
  • /data/data/####/seekBarStyle_SeekBar_thumb__disabled.png
  • /data/data/####/seekBarStyle_SeekBar_thumb__empty.png
  • /data/data/####/seekBarStyle_SeekBar_thumb__pressed.png
  • /data/data/####/seekBarStyle_SeekBar_thumb__selected.png
  • /data/data/####/seekBarStyle_TextView_textCursorDrawable.png
  • /data/data/####/seekBarStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/seekBarStyle_View_scrollbarThumbVertical.png
  • /data/data/####/simple_list_item_checked_CheckedTextView_checkM...ed.png
  • /data/data/####/simple_list_item_checked_CheckedTextView_checkM...ty.png
  • /data/data/####/simple_list_item_multiple_choice_CheckedTextVie...ed.png
  • /data/data/####/simple_list_item_single_choice_CheckedTextView_...ed.png
  • /data/data/####/slider-groove.png
  • /data/data/####/slider-handle.png
  • /data/data/####/spinnerStyle_TextView_textCursorDrawable.png
  • /data/data/####/spinnerStyle_View_background__disabled.png
  • /data/data/####/spinnerStyle_View_background__empty.png
  • /data/data/####/spinnerStyle_View_background__focused__no_pressed.png
  • /data/data/####/spinnerStyle_View_background__pressed.png
  • /data/data/####/spinnerStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/spinnerStyle_View_scrollbarThumbVertical.png
  • /data/data/####/spinner_large.png
  • /data/data/####/spinner_medium.png
  • /data/data/####/spinner_small.png
  • /data/data/####/statusindicator-icon.png
  • /data/data/####/statusindicator-icon16.png
  • /data/data/####/style.js
  • /data/data/####/style.json
  • /data/data/####/switchStyle_Switch_thumb__checked.png
  • /data/data/####/switchStyle_Switch_thumb__disabled.png
  • /data/data/####/switchStyle_Switch_thumb__empty.png
  • /data/data/####/switchStyle_Switch_thumb__pressed.png
  • /data/data/####/switchStyle_Switch_track__empty.png
  • /data/data/####/switchStyle_Switch_track__focused.png
  • /data/data/####/sys.db-journal
  • /data/data/####/tab.png
  • /data/data/####/tab_selected.png
  • /data/data/####/tdata_IKl114
  • /data/data/####/tdata_IKl114.jar
  • /data/data/####/tdata_RbW195
  • /data/data/####/tdata_RbW195.jar
  • /data/data/####/tdata_qHR433
  • /data/data/####/tdata_qHR433.jar
  • /data/data/####/textViewStyle_TextView_textCursorDrawable.png
  • /data/data/####/textViewStyle_TextView_textSelectHandle.png
  • /data/data/####/textViewStyle_TextView_textSelectHandleLeft.png
  • /data/data/####/textViewStyle_TextView_textSelectHandleRight.png
  • /data/data/####/textViewStyle_View_background__focused.png
  • /data/data/####/textViewStyle_View_background__focused__disable...ed.png
  • /data/data/####/textViewStyle_View_background__focused__disabled.png
  • /data/data/####/textViewStyle_View_background__focused__pressed__0.png
  • /data/data/####/textViewStyle_View_background__focused__pressed__1.png
  • /data/data/####/textViewStyle_View_background__not_focused__pressed__0.png
  • /data/data/####/textViewStyle_View_background__not_focused__pressed__1.png
  • /data/data/####/textViewStyle_View_scrollbarThumbHorizontal.png
  • /data/data/####/textViewStyle_View_scrollbarThumbVertical.png
  • /data/data/####/togglebutton-icon.png
  • /data/data/####/togglebutton-icon16.png
  • /data/data/####/tumbler-icon.png
  • /data/data/####/tumbler-icon16.png
  • /data/media/####/app.db
  • /data/media/####/com.daoheng.daohengyunservice.db
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/gkt-journal
  • /data/media/####/gktper
  • /data/media/####/tdata_IKl114
  • /data/media/####/tdata_RbW195
  • /data/media/####/tdata_qHR433
  • /data/media/####/test.log
Miscellaneous:
Executes the following shell scripts:
  • <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 25964 300 0
  • chmod 700 <Package Folder>/files/gdaemon_20161017
  • chmod 755 <Package Folder>/.jiagu/libjiagu.so
Loads the following dynamic libraries:
  • getuiext2
  • libQt5AndroidExtras
  • libQt5Concurrent
  • libQt5Core
  • libQt5Gui
  • libQt5Multimedia
  • libQt5MultimediaQuick_p
  • libQt5Network
  • libQt5Positioning
  • libQt5Qml
  • libQt5Quick
  • libQt5QuickParticles
  • libQt5Sql
  • libQt5Svg
  • libQt5WebView
  • libQt5Widgets
  • libgnustl_shared
  • libjiagu
  • libqandroidbearer
  • libqtforandroid
  • libqtmedia_android
  • libqtposition_android
  • libqtquickcontrolsandroidstyleplugin
  • yfw
Uses the following algorithms to encrypt data:
  • AES-ECB-PKCS5Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-ECB-PKCS5Padding
Uses special library to hide executable bytecode.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android