Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.BackDoor.3092

Added to the Dr.Web virus database: 2022-07-13

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Backdoor.564.origin
Threat detection based on machine learning.
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) 1####.199.251.172:80
  • TCP(HTTP/1.1) sdk.cm####.com.####.com:80
  • TCP(HTTP/1.1) 1####.159.18.80:8001
  • TCP(HTTP/1.1) 2####.111.8.140:8080
  • TCP(HTTP/1.1) sd####.cm####.com:80
  • TCP(HTTP/1.1) app####.m####.cn:8080
  • TCP(HTTP/1.1) drm.cm####.com:80
  • TCP(HTTP/1.1) 1####.159.18.80:8000
  • TCP(HTTP/1.1) s####.m####.cn.####.com:80
  • TCP(TLS/1.0) 1####.194.222.95:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.2) 64.2####.161.138:443
  • TCP(TLS/1.2) 1####.194.222.95:443
  • UDP and####.google####.com:443
  • UDP rr2---s####.g####.com:443
  • UDP rr1---s####.g####.com:443
  • UDP 1####.194.222.95:443
DNS requests:
  • and####.a####.go####.com
  • and####.google####.com
  • app####.m####.cn
  • drm.cm####.com
  • ga####.lotu####.com
  • gmscomp####.google####.com
  • m####.go####.com
  • on####.lotu####.com
  • rr1---s####.g####.com
  • rr2---s####.g####.com
  • s####.m####.cn
  • sd####.cm####.com
  • sdk.cm####.com
  • sw####.j####.com.cn
  • wap.cm####.com
  • wap.cm####.com.####.8
HTTP GET requests:
  • drm.cm####.com/egsb/game/getclientProvince?tel=####&iccid=####&imsi=####
  • drm.cm####.com/egsb/startup/queryConfiguration?channelId=####&contentId=...
  • drm.cm####.com/egsb/verification/checkSDKModuleUpdate?sdkVersion=####&co...
  • s####.m####.cn.####.com/MiguPay.SO30.Lib_082226_9BC201CE716D9B354C407FFB...
  • s####.m####.cn.####.com/MiguPay.Sdk30.Lib_12003084_3BFFC37E286588E18DF87...
  • sdk.cm####.com.####.com/download//moduleVersion/marketing_1132_201808011...
HTTP POST requests:
  • app####.m####.cn:8080/migusdk/tl/tcttl
  • app####.m####.cn:8080/migusdk/verification/checkSdkUpdate
  • drm.cm####.com/egsb/access/loginNewClient
  • drm.cm####.com/egsb/dataPlan/privateSwith
  • drm.cm####.com/egsb/desktopShortcut/queryAll
  • drm.cm####.com/egsb/discount/getPreQueryResult
  • drm.cm####.com/egsb/game/getPaymentCapability
  • drm.cm####.com/egsb/gshare/switches
  • drm.cm####.com/egsb/message/queryPushMessages
  • drm.cm####.com/egsb/otherPay/querySMSInterceptorConf
  • drm.cm####.com/egsb/recommendGame/getAdvertisementList
  • drm.cm####.com/egsb/thirdPay/queryThirdPayInfo
  • drm.cm####.com/egsb/verification/getUpdateUrl
  • sd####.cm####.com/behaviorLogging/eventLogging/accept?
File system changes:
Creates the following files:
  • /data/data/####/.DS_Store
  • /data/data/####/.appInfo
  • /data/data/####/1.bin
  • /data/data/####/3425.dex
  • /data/data/####/3425.dex.flock (deleted)
  • /data/data/####/8vzY
  • /data/data/####/8vzY.dex
  • /data/data/####/8vzY.dex.flock (deleted)
  • /data/data/####/8vzY.jar
  • /data/data/####/ED.ini
  • /data/data/####/EndlessMode1.dat
  • /data/data/####/EndlessMode2.dat
  • /data/data/####/EndlessMode3.dat
  • /data/data/####/EndlessMode4.dat
  • /data/data/####/Golizi.p
  • /data/data/####/MiguPay.Sdk30.Lib_12003049_2b7f4055276371c21c62...02.cod
  • /data/data/####/MiguPay.Sdk30.Lib_12003049_2b7f4055276371c21c62...02.dat
  • /data/data/####/MiguPay.Sdk30.Lib_12003084_16bd67d3fcbf0e19ffbc...02.cod
  • /data/data/####/MiguPay.Sdk30.Lib_12003084_16bd67d3fcbf0e19ffbc...02.dat
  • /data/data/####/MiguPay.Sdk30.Res_00026014_3C3B3538E3D2C3DFD6BD...02.zip
  • /data/data/####/SL_Fever_01.p
  • /data/data/####/SL_Fever_02.p
  • /data/data/####/SL_Fever_03.p
  • /data/data/####/SL_Fever_04.p
  • /data/data/####/UI_ksyx_buttonA.px
  • /data/data/####/UI_shengji_jiantou.px
  • /data/data/####/UI_teach_finger.px
  • /data/data/####/UI_tzms_buttonA.px
  • /data/data/####/abc.jar
  • /data/data/####/abc.jar.temp
  • /data/data/####/abc.jpg
  • /data/data/####/abc.jpg.temp
  • /data/data/####/abc.jpg.temp (deleted)
  • /data/data/####/action.lst
  • /data/data/####/aixinbaozha.p
  • /data/data/####/akuangbao.atlas
  • /data/data/####/akuangbao.png
  • /data/data/####/anniu.atlas
  • /data/data/####/anniu.png
  • /data/data/####/aoteman_bg.jpg
  • /data/data/####/bangzhujiemian.jpg
  • /data/data/####/bao001.p
  • /data/data/####/bao002.p
  • /data/data/####/baoji.p
  • /data/data/####/baoyueb15.png
  • /data/data/####/baoyueb15b.png
  • /data/data/####/baoyueb8.png
  • /data/data/####/baoyueb8b.png
  • /data/data/####/baoyuelingquchenggong.png
  • /data/data/####/baozha.p
  • /data/data/####/baozha2gai.p
  • /data/data/####/baozhabuff01.p
  • /data/data/####/baozhabufff2.p
  • /data/data/####/baozhabufff3.p
  • /data/data/####/baozhabufff4.p
  • /data/data/####/baozhaxing.mp3
  • /data/data/####/baozoujuneng.p
  • /data/data/####/baozoujuneng1.p
  • /data/data/####/begin0.p
  • /data/data/####/beijing.jpg
  • /data/data/####/beijing.mp3
  • /data/data/####/bingdong.p
  • /data/data/####/bingfengbuff01.p
  • /data/data/####/boom_bg.jpg
  • /data/data/####/boss.atlas
  • /data/data/####/boss.png
  • /data/data/####/boss3.atlas
  • /data/data/####/boss3.json
  • /data/data/####/boss3.png
  • /data/data/####/bossa01.bin
  • /data/data/####/bossa02.bin
  • /data/data/####/bossa03.bin
  • /data/data/####/bossa11.bin
  • /data/data/####/bossa12.bin
  • /data/data/####/bossa13.bin
  • /data/data/####/bossa21.bin
  • /data/data/####/bossa22.bin
  • /data/data/####/bossa23.bin
  • /data/data/####/bossa31.bin
  • /data/data/####/bossa32.bin
  • /data/data/####/bossa33.bin
  • /data/data/####/bossdianji.mp3
  • /data/data/####/botbox.p
  • /data/data/####/boxshanguang.p
  • /data/data/####/boxwnhao.p
  • /data/data/####/buff.atlas
  • /data/data/####/buff.png
  • /data/data/####/bufuhuoshibai.mp3
  • /data/data/####/buqiangxing.mp3
  • /data/data/####/cfraodanbaozha0.p
  • /data/data/####/cfrchuanjiadan0.p
  • /data/data/####/chaozhi_bg.jpg
  • /data/data/####/chooserank.atlas
  • /data/data/####/chooserank.png
  • /data/data/####/choujiang.png
  • /data/data/####/choujiang004.jpg
  • /data/data/####/choujiang005.png
  • /data/data/####/click.mp3
  • /data/data/####/combo.p
  • /data/data/####/dajiaxue.p
  • /data/data/####/daojusmall.jpg
  • /data/data/####/dead1.mp3
  • /data/data/####/defen.mp3
  • /data/data/####/defend_bg.jpg
  • /data/data/####/dianji0.p
  • /data/data/####/dianjixiaoguo0.p
  • /data/data/####/dianwang.p
  • /data/data/####/dieceng.png
  • /data/data/####/duihuakuang006.png
  • /data/data/####/effect.atlas
  • /data/data/####/effect.png
  • /data/data/####/enemy.dat
  • /data/data/####/enemy0_1.atlas
  • /data/data/####/enemy0_1.json
  • /data/data/####/enemy0_1.png
  • /data/data/####/enemy10_1.atlas
  • /data/data/####/enemy10_1.json
  • /data/data/####/enemy10_1.png
  • /data/data/####/enemy11_1.atlas
  • /data/data/####/enemy11_1.json
  • /data/data/####/enemy11_1.png
  • /data/data/####/enemy12_1.atlas
  • /data/data/####/enemy12_1.json
  • /data/data/####/enemy12_1.png
  • /data/data/####/enemy13_1.atlas
  • /data/data/####/enemy13_1.json
  • /data/data/####/enemy13_1.png
  • /data/data/####/enemy1_1.atlas
  • /data/data/####/enemy1_1.json
  • /data/data/####/enemy1_1.png
  • /data/data/####/enemy2_1.atlas
  • /data/data/####/enemy2_1.json
  • /data/data/####/enemy2_1.png
  • /data/data/####/enemy3_1.atlas
  • /data/data/####/enemy3_1.json
  • /data/data/####/enemy3_1.png
  • /data/data/####/enemy4_1.atlas
  • /data/data/####/enemy4_1.json
  • /data/data/####/enemy4_1.png
  • /data/data/####/enemy5_1.atlas
  • /data/data/####/enemy5_1.json
  • /data/data/####/enemy5_1.png
  • /data/data/####/enemy6_1.atlas
  • /data/data/####/enemy6_1.json
  • /data/data/####/enemy6_1.png
  • /data/data/####/enemy7_1.atlas
  • /data/data/####/enemy7_1.json
  • /data/data/####/enemy7_1.png
  • /data/data/####/enemy8_1.atlas
  • /data/data/####/enemy8_1.json
  • /data/data/####/enemy8_1.png
  • /data/data/####/enemy9_1.atlas
  • /data/data/####/enemy9_1.json
  • /data/data/####/enemy9_1.png
  • /data/data/####/exit.atlas
  • /data/data/####/exit.png
  • /data/data/####/f_ffh.png
  • /data/data/####/f_ffh01.png
  • /data/data/####/f_fg.png
  • /data/data/####/f_fh2.jpg
  • /data/data/####/f_fx.png
  • /data/data/####/feitinghoudeguang0.p
  • /data/data/####/fuhuo1_bg.jpg
  • /data/data/####/fuhuo2_bg.jpg
  • /data/data/####/fxx_duwu1.p
  • /data/data/####/fxx_fire2.p
  • /data/data/####/fxx_iceice.p
  • /data/data/####/fxx_sandiangongji.p
  • /data/data/####/game_arrow_big.png
  • /data/data/####/game_arrow_little.png
  • /data/data/####/game_arrow_text.png
  • /data/data/####/game_businesscard.png
  • /data/data/####/game_check_success.png
  • /data/data/####/game_checkbox_mark.png
  • /data/data/####/game_contacts.png
  • /data/data/####/game_failure.png
  • /data/data/####/game_grey_logo.png
  • /data/data/####/game_loading.png
  • /data/data/####/game_logo.png
  • /data/data/####/game_network.png
  • /data/data/####/game_people.png
  • /data/data/####/game_piccode_refresh_touched.png
  • /data/data/####/game_save.png
  • /data/data/####/game_show_pwd.png
  • /data/data/####/game_start_logo.png
  • /data/data/####/game_success.png
  • /data/data/####/gao_bg.jpg
  • /data/data/####/gaofushuai.p
  • /data/data/####/gaofushuailibaolizi.p
  • /data/data/####/goldfly.p
  • /data/data/####/gongxihuode.png
  • /data/data/####/gongxitongguantexiao.p
  • /data/data/####/goumaichenggong.mp3
  • /data/data/####/goumaichenggong.p
  • /data/data/####/gray.png
  • /data/data/####/guanqie01.bin
  • /data/data/####/guanqie02.bin
  • /data/data/####/guanqie03.bin
  • /data/data/####/guanqie04.bin
  • /data/data/####/guanqie05.bin
  • /data/data/####/guanqie06.bin
  • /data/data/####/guanqie07.bin
  • /data/data/####/guanqie08.bin
  • /data/data/####/guanqie09.bin
  • /data/data/####/guanqie10.bin
  • /data/data/####/guanqie11.bin
  • /data/data/####/guanqie12.bin
  • /data/data/####/guanqie13.bin
  • /data/data/####/guanqie14.bin
  • /data/data/####/guanqie15.bin
  • /data/data/####/guanqie16.bin
  • /data/data/####/guanqie17.bin
  • /data/data/####/guanqie18.bin
  • /data/data/####/guanqie19.bin
  • /data/data/####/guanqie20.bin
  • /data/data/####/guanqie21.bin
  • /data/data/####/guanqie22.bin
  • /data/data/####/guanqie23.bin
  • /data/data/####/guanqie24.bin
  • /data/data/####/guizu_bg.jpg
  • /data/data/####/guizu_libao.png
  • /data/data/####/hanbingzhen.mp3
  • /data/data/####/haopu.p
  • /data/data/####/heart.mp3
  • /data/data/####/hedan.mp3
  • /data/data/####/hp_bg.jpg
  • /data/data/####/huangjin.jpg
  • /data/data/####/huangjinlingqu.png
  • /data/data/####/huangjintubiao.png
  • /data/data/####/huichen.p
  • /data/data/####/ice_bg.jpg
  • /data/data/####/icon_about.png
  • /data/data/####/icon_annoucement_close.png
  • /data/data/####/icon_back.png
  • /data/data/####/icon_bind_email.png
  • /data/data/####/icon_bind_tel.png
  • /data/data/####/icon_businesscard.png
  • /data/data/####/icon_center_about.png
  • /data/data/####/icon_center_arrow.png
  • /data/data/####/icon_center_look.png
  • /data/data/####/icon_center_save.png
  • /data/data/####/icon_check_failure.png
  • /data/data/####/icon_checkbox.png
  • /data/data/####/icon_close.png
  • /data/data/####/icon_common_problem.png
  • /data/data/####/icon_compact_close.png
  • /data/data/####/icon_discount_icon.png
  • /data/data/####/icon_edit_del.png
  • /data/data/####/icon_email_icon.png
  • /data/data/####/icon_extend.png
  • /data/data/####/icon_firends_circle.png
  • /data/data/####/icon_full_arrow_down.png
  • /data/data/####/icon_full_arrow_up.png
  • /data/data/####/icon_grey_contacts.png
  • /data/data/####/icon_head.png
  • /data/data/####/icon_hide_pwd.png
  • /data/data/####/icon_magnet_draghide.png
  • /data/data/####/icon_magnet_gameshare.png
  • /data/data/####/icon_magnet_help.png
  • /data/data/####/icon_magnet_onlineservice.png
  • /data/data/####/icon_magnet_startlogin.png
  • /data/data/####/icon_magnet_welfare.png
  • /data/data/####/icon_notification.png
  • /data/data/####/icon_online_service.png
  • /data/data/####/icon_people.png
  • /data/data/####/icon_personal_bg.png
  • /data/data/####/icon_personal_bg_l.png
  • /data/data/####/icon_piccode.png
  • /data/data/####/icon_piccode_refresh.png
  • /data/data/####/icon_qq.png
  • /data/data/####/icon_recommend_flow_one.png
  • /data/data/####/icon_recommend_flow_third.png
  • /data/data/####/icon_recommend_flow_two.png
  • /data/data/####/icon_recommend_hall.png
  • /data/data/####/icon_rightextend.png
  • /data/data/####/icon_security_setting.png
  • /data/data/####/icon_service_tel.png
  • /data/data/####/icon_share_game.png
  • /data/data/####/icon_shrink.png
  • /data/data/####/icon_sina.png
  • /data/data/####/icon_sms.png
  • /data/data/####/icon_tel.png
  • /data/data/####/icon_transaction_detail.png
  • /data/data/####/icon_upgrade_pass.png
  • /data/data/####/icon_wechat.png
  • /data/data/####/icon_window.png
  • /data/data/####/imagePartical_jpg.atlas
  • /data/data/####/imagePartical_jpg.png
  • /data/data/####/jiahao001.p
  • /data/data/####/jiahao002.p
  • /data/data/####/jiangshi2yuan.txt
  • /data/data/####/jiangshi4yuan.txt
  • /data/data/####/jiansubuff0.p
  • /data/data/####/jiansubuff2.p
  • /data/data/####/jiansubuff5.p
  • /data/data/####/jihuo.p
  • /data/data/####/jinbi.atlas
  • /data/data/####/jinbi.bin
  • /data/data/####/jinbi.json
  • /data/data/####/jinbi.png
  • /data/data/####/jinbi_bg.jpg
  • /data/data/####/jinbi_bg1.jpg
  • /data/data/####/jingying.jpg
  • /data/data/####/jingyinggift.png
  • /data/data/####/jinhualizixiaoguo.p
  • /data/data/####/jinriyilingqu.png
  • /data/data/####/jujixing.mp3
  • /data/data/####/jxprice001.png
  • /data/data/####/jxprice01.png
  • /data/data/####/jxprice10.png
  • /data/data/####/jxprice14.png
  • /data/data/####/jxprice15.png
  • /data/data/####/jxprice2.png
  • /data/data/####/jxprice20.png
  • /data/data/####/jxprice21.png
  • /data/data/####/jxprice28.png
  • /data/data/####/jxprice29.png
  • /data/data/####/jxprice3.png
  • /data/data/####/jxprice4.png
  • /data/data/####/jxprice5.png
  • /data/data/####/jxprice6.png
  • /data/data/####/jxprice8.png
  • /data/data/####/key.png
  • /data/data/####/kuangbaolizi0.p
  • /data/data/####/kuangbaoshijian01.png
  • /data/data/####/kuangbaoxiaoban.p
  • /data/data/####/lastware.p
  • /data/data/####/lianji.png
  • /data/data/####/libaosmall.jpg
  • /data/data/####/libmgRun_05.22.09_01.so
  • /data/data/####/libmgRun_08.22.26_01.so
  • /data/data/####/libmiguED.so
  • /data/data/####/load.atlas
  • /data/data/####/load.jpg
  • /data/data/####/load.png
  • /data/data/####/loading.p
  • /data/data/####/lotuseed.apps
  • /data/data/####/lotuseed.lock
  • /data/data/####/lotuseed.s
  • /data/data/####/lotuseed.task
  • /data/data/####/lotuseed_global.xml
  • /data/data/####/lotuseed_main.xml
  • /data/data/####/manji_bg.jpg
  • /data/data/####/map100.jpg
  • /data/data/####/mapsmall.jpg
  • /data/data/####/market.atlas
  • /data/data/####/market.png
  • /data/data/####/marketing_1132.dex
  • /data/data/####/marketing_1132.dex.flock (deleted)
  • /data/data/####/mask.png
  • /data/data/####/mffh.png
  • /data/data/####/mgAS.dat
  • /data/data/####/mgSS.dat
  • /data/data/####/mgid.dat
  • /data/data/####/midMenu.atlas
  • /data/data/####/midMenu.png
  • /data/data/####/miguGameBillingRequestMonitor.xml
  • /data/data/####/migu_slider_target.png
  • /data/data/####/migu_slider_thumb_nor.png
  • /data/data/####/migu_slider_thumb_prs.png
  • /data/data/####/migu_slider_thumb_suc.png
  • /data/data/####/money.atlas
  • /data/data/####/money.png
  • /data/data/####/musicclose.png
  • /data/data/####/my.zip
  • /data/data/####/newParticalImage_ui_bdj.atlas
  • /data/data/####/newParticalImage_ui_bdj.png
  • /data/data/####/new_cancel.png
  • /data/data/####/new_lingqu.png
  • /data/data/####/new_tips.png
  • /data/data/####/newmap.atlas
  • /data/data/####/newmap.png
  • /data/data/####/num.atlas
  • /data/data/####/num.png
  • /data/data/####/open00.jpg
  • /data/data/####/open11.png
  • /data/data/####/paotai.dat
  • /data/data/####/pay_icon_0.png
  • /data/data/####/pay_icon_1.png
  • /data/data/####/pay_icon_2.png
  • /data/data/####/pay_icon_3.png
  • /data/data/####/pay_icon_4.png
  • /data/data/####/pay_icon_5.png
  • /data/data/####/pay_icon_payment.png
  • /data/data/####/pay_icon_phonenumber.png
  • /data/data/####/pay_icon_telpoint.png
  • /data/data/####/playUi.atlas
  • /data/data/####/playUi.png
  • /data/data/####/plus_businesscard.png
  • /data/data/####/plus_check_success.png
  • /data/data/####/plus_checkbox_mark.png
  • /data/data/####/plus_contacts.png
  • /data/data/####/plus_failure.png
  • /data/data/####/plus_grey_logo.png
  • /data/data/####/plus_loading.png
  • /data/data/####/plus_logo.png
  • /data/data/####/plus_network.png
  • /data/data/####/plus_people.png
  • /data/data/####/plus_piccode_refesh_touched.png
  • /data/data/####/plus_save.png
  • /data/data/####/plus_show_pwd.png
  • /data/data/####/plus_start_logo.png
  • /data/data/####/plus_success.png
  • /data/data/####/powermax.p
  • /data/data/####/price_a14.png
  • /data/data/####/price_a21.png
  • /data/data/####/price_a28.png
  • /data/data/####/price_b14.png
  • /data/data/####/price_b14b.png
  • /data/data/####/price_b15bzz.png
  • /data/data/####/price_b15zz.png
  • /data/data/####/price_b21.png
  • /data/data/####/price_b21b.png
  • /data/data/####/price_b28.png
  • /data/data/####/price_b28b.png
  • /data/data/####/proc_auxv
  • /data/data/####/public.atlas
  • /data/data/####/public.png
  • /data/data/####/qiting.atlas
  • /data/data/####/qiting.json
  • /data/data/####/qiting.png
  • /data/data/####/rankEnemy1.dat
  • /data/data/####/rankEnemy2.dat
  • /data/data/####/rankEnemy3.dat
  • /data/data/####/rankEnemy4.dat
  • /data/data/####/ranshaohuoqiang0.p
  • /data/data/####/rumen.jpg
  • /data/data/####/rumengift.png
  • /data/data/####/sandanxing.mp3
  • /data/data/####/sdk_prefs
  • /data/data/####/service.atlas
  • /data/data/####/service.png
  • /data/data/####/sg.dex
  • /data/data/####/sg.dex.flock (deleted)
  • /data/data/####/sg_game.dex
  • /data/data/####/sg_game.dex.flock (deleted)
  • /data/data/####/sgver_
  • /data/data/####/shangchenganniuliziZ.p
  • /data/data/####/shangchenglizi.p
  • /data/data/####/shangchenglizi2.p
  • /data/data/####/shengji.atlas
  • /data/data/####/shengji.mp3
  • /data/data/####/shengji.p
  • /data/data/####/shengji.png
  • /data/data/####/shengjismall.jpg
  • /data/data/####/shenglibeijingguangxiao.p
  • /data/data/####/shibai.mp3
  • /data/data/####/shop.atlas
  • /data/data/####/shop.png
  • /data/data/####/shopsmall.jpg
  • /data/data/####/shortcut_desktop_icon.png
  • /data/data/####/shoushajiangli3.p
  • /data/data/####/skill.atlas
  • /data/data/####/skill.png
  • /data/data/####/snow.px
  • /data/data/####/su001.p
  • /data/data/####/su002.p
  • /data/data/####/sunshine.atlas
  • /data/data/####/sunshine.png
  • /data/data/####/teach.atlas
  • /data/data/####/teach.png
  • /data/data/####/tiaozhan.atlas
  • /data/data/####/tiaozhan.png
  • /data/data/####/tiaozhan01.bin
  • /data/data/####/tiaozhan02.bin
  • /data/data/####/tiaozhan03.bin
  • /data/data/####/tiaozhan04.bin
  • /data/data/####/tiaozhan05.bin
  • /data/data/####/tiaozhan11.bin
  • /data/data/####/tiaozhan12.bin
  • /data/data/####/tiaozhan13.bin
  • /data/data/####/tiaozhan14.bin
  • /data/data/####/tiaozhan15.bin
  • /data/data/####/tiaozhan21.bin
  • /data/data/####/tiaozhan22.bin
  • /data/data/####/tiaozhan23.bin
  • /data/data/####/tiaozhan24.bin
  • /data/data/####/tiaozhan25.bin
  • /data/data/####/tiaozhan31.bin
  • /data/data/####/tiaozhan32.bin
  • /data/data/####/tiaozhan33.bin
  • /data/data/####/tiaozhan34.bin
  • /data/data/####/tiaozhan35.bin
  • /data/data/####/tiaozhan_bg.jpg
  • /data/data/####/tiaozhanquanposui.p
  • /data/data/####/tiaozhansmall.jpg
  • /data/data/####/tishi.p
  • /data/data/####/tishi2.p
  • /data/data/####/tubiao.png
  • /data/data/####/ui_rank_scan.p
  • /data/data/####/vegetable.atlas
  • /data/data/####/vegetable.png
  • /data/data/####/winorlose.atlas
  • /data/data/####/winorlose.png
  • /data/data/####/wudidun.mp3
  • /data/data/####/wudidun.p
  • /data/data/####/wudidunlizi.p
  • /data/data/####/xbase.atlas
  • /data/data/####/xbase.png
  • /data/data/####/xinshou.bin
  • /data/data/####/xinshou_bg.jpg
  • /data/data/####/xinshou_bg2.jpg
  • /data/data/####/xinshoumap.bin
  • /data/data/####/xuanzhongxiaoguo.p
  • /data/data/####/xuetiaoshanguang0.p
  • /data/data/####/xxl_about.png
  • /data/data/####/xxl_arraw_left.png
  • /data/data/####/xxl_billing_failure.png
  • /data/data/####/xxl_billing_success.png
  • /data/data/####/xxl_close.png
  • /data/data/####/xxl_logo.png
  • /data/data/####/xxl_pic_refresh.png
  • /data/data/####/xxl_right_arraw.png
  • /data/data/####/xxl_sale.png
  • /data/data/####/yidabojiangshi.p
  • /data/data/####/yizhifu14.png
  • /data/data/####/yizhifu15.png
  • /data/data/####/yizhifu21.png
  • /data/data/####/yizhifu28.png
  • /data/data/####/yizhifu8.png
  • /data/data/####/yun001.p
  • /data/data/####/yun002.p
  • /data/data/####/zhanshen.jpg
  • /data/data/####/zhanshengift.png
  • /data/data/####/zhengxing011.bin
  • /data/data/####/zhengxing021.bin
  • /data/data/####/zhengxing022.bin
  • /data/data/####/zhengxing031.bin
  • /data/data/####/zhengxing032.bin
  • /data/data/####/zhengxing033.bin
  • /data/data/####/zhengxing041.bin
  • /data/data/####/zhengxing042.bin
  • /data/data/####/zhengxing043.bin
  • /data/data/####/zhengxing051.bin
  • /data/data/####/zhengxing052.bin
  • /data/data/####/zhengxing053.bin
  • /data/data/####/zhengxing061.bin
  • /data/data/####/zhengxing062.bin
  • /data/data/####/zhengxing063.bin
  • /data/data/####/zhengxing071.bin
  • /data/data/####/zhengxing072.bin
  • /data/data/####/zhengxing073.bin
  • /data/data/####/zhengxing074.bin
  • /data/data/####/zhengxing081.bin
  • /data/data/####/zhengxing082.bin
  • /data/data/####/zhengxing083.bin
  • /data/data/####/zhengxing084.bin
  • /data/data/####/zhengxing091.bin
  • /data/data/####/zhengxing092.bin
  • /data/data/####/zhengxing093.bin
  • /data/data/####/zhengxing101.bin
  • /data/data/####/zhengxing102.bin
  • /data/data/####/zhengxing103.bin
  • /data/data/####/zhengxing104.bin
  • /data/data/####/zhengxing111.bin
  • /data/data/####/zhengxing112.bin
  • /data/data/####/zhengxing113.bin
  • /data/data/####/zhengxing114.bin
  • /data/data/####/zhengxing115.bin
  • /data/data/####/zhengxing116.bin
  • /data/data/####/zhengxing121.bin
  • /data/data/####/zhengxing122.bin
  • /data/data/####/zhengxing123.bin
  • /data/data/####/zhengxing131.bin
  • /data/data/####/zhengxing132.bin
  • /data/data/####/zhengxing133.bin
  • /data/data/####/zhengxing141.bin
  • /data/data/####/zhengxing142.bin
  • /data/data/####/zhengxing151.bin
  • /data/data/####/zhengxing152.bin
  • /data/data/####/zhengxing153.bin
  • /data/data/####/zhengxing161.bin
  • /data/data/####/zhengxing162.bin
  • /data/data/####/zhengxing181.bin
  • /data/data/####/zhengxing182.bin
  • /data/data/####/zhengxing191.bin
  • /data/data/####/zhengxing192.bin
  • /data/data/####/zhengxing201.bin
  • /data/data/####/zhengxing221.bin
  • /data/data/####/zhengxing241.bin
  • /data/data/####/zhizun.jpg
  • /data/data/####/zhonggao.jpg
  • /data/data/####/zhuanPan.atlas
  • /data/data/####/zhuanPan.png
  • /data/data/####/zhuanguangss.png
  • /data/data/####/zuanshi.jpg
  • /data/data/####/zuanshilingqu.png
  • /data/data/####/zuanshitubiao.png
  • /data/data/####/zuihyibo.mp3
  • /data/media/####/633916063648userInfo.txt
  • /data/media/####/MiguPay.SO30.Lib_082226_9BC201CE716D9B354C407F...02.zip
  • /data/media/####/MiguPay.Sdk30.Lib_12003084_16bd67d3fcbf0e19ffb...02.cod
  • /data/media/####/MiguPay.Sdk30.Lib_12003084_16bd67d3fcbf0e19ffb...02.dat
  • /data/media/####/MiguPay.Sdk30.Lib_12003084_3BFFC37E286588E18DF...02.zip
  • /data/media/####/MiguPay.Sdk30.Res_00026014_3C3B3538E3D2C3DFD6B...02.zip
  • /data/media/####/ShareData.txt
  • /data/media/####/app_info.txt
  • /data/media/####/deviceId
  • /data/media/####/libmgRun_08.22.26_01.so
  • /data/media/####/lotuseed.devid
  • /data/media/####/marketing_1132.jar
  • /data/media/####/pushDB.txt
  • /data/media/####/pushTime.txt
  • /data/media/####/pushTotal.txt
  • /data/media/####/sdk_prefs.txt
  • /data/media/####/test.txt
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • chmod 777 /data/user/0/<Package>/files/abc.jar
  • ps
Loads the following dynamic libraries:
  • libgdx
  • libmegjb
  • libmiguED
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • DES-ECB-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • DES-ECB-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android