Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.RemoteCode.7936

Added to the Dr.Web virus database: 2023-01-21

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.RemoteCode.337.origin
Threat detection based on machine learning.
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • UDP(NTP) 2.and####.p####.####.org:123
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) new-####.u####.com:443
  • TCP(TLS/1.0) def####.duals####.cn.####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) al####.u####.com:443
  • TCP(TLS/1.0) er####.u####.com.####.com:443
  • TCP(TLS/1.0) j####.j####.com.####.com:443
  • TCP(TLS/1.2) j####.j####.com.####.com:443
  • TCP(TLS/1.2) 1####.250.27.94:443
  • TCP arm.5####.cn:10016
  • TCP api.35####.com:443
  • UDP and####.google####.com:443
  • TCP arm.5####.cn:10000
  • TCP gtm-sg-####.gtm-####.com:443
DNS requests:
  • 2.and####.p####.####.org
  • a####.u####.com
  • and####.a####.go####.com
  • and####.google####.com
  • api.21####.com
  • api.26####.com
  • api.28####.com
  • api.35####.com
  • api.4f####.com
  • arm.5####.cn
  • er####.u####.com
  • j####.j####.com
  • log.u####.com
  • m####.go####.com
  • u####.u####.com
HTTP GET requests:
  • def####.duals####.cn.####.com:443/bar/get/5dca6b7f570df3be89000cb2/andro...
  • j####.j####.com.####.com:443/storage/app/11/63ca5d495341b.gif
  • j####.j####.com.####.com:443/storage/app/21/62d7b21dc8738.jpg
  • j####.j####.com.####.com:443/storage/app/22/62d7b30a92d0f.jpg
  • j####.j####.com.####.com:443/storage/app/26/639189ffe2bfc.gif
  • j####.j####.com.####.com:443/storage/app/30/637b250071e69.gif
  • j####.j####.com.####.com:443/storage/app/31/637b25269647a.gif
  • j####.j####.com.####.com:443/storage/app/35/63c8e801db2de.gif
  • j####.j####.com.####.com:443/storage/app/36/63c8ead9b7b0f.gif
  • j####.j####.com.####.com:443/storage/app/4/639bff40d5baa.gif
  • j####.j####.com.####.com:443/storage/app/43/63a94d86bc64f.gif
  • j####.j####.com.####.com:443/storage/app/6/6311aa519d038.jpg
  • j####.j####.com.####.com:443/storage/app/9/63a00b3514f05.gif
  • j####.j####.com.####.com:443/storage/commercial/13/637c867cb9643.jpg
  • j####.j####.com.####.com:443/storage/commercial/44/63abba41a373c.png
  • j####.j####.com.####.com:443/storage/config/5e0ddf601a227.jpeg
  • j####.j####.com.####.com:443/storage/series/169/61cdbfa15bf57.jpg
  • j####.j####.com.####.com:443/storage/series/226/6336e641b0c98.jpg
  • j####.j####.com.####.com:443/storage/series/237/635cd1b1e1100.jpg
  • j####.j####.com.####.com:443/storage/series/238/6364e5ac69df2.jpg
  • j####.j####.com.####.com:443/storage/series/245/6377e9d14b155.jpg
  • j####.j####.com.####.com:443/storage/series/254/638de11f065b7.jpg
  • j####.j####.com.####.com:443/storage/series/267/63b3f41a6f0a1.jpg
  • j####.j####.com.####.com:443/storage/thumb/8769/63b01867442d9.jpg
  • j####.j####.com.####.com:443/storage/thumb/8946/63c196771dfb9.gif
  • j####.j####.com.####.com:443/storage/thumb/8961/63c28f29d888c.jpg
  • j####.j####.com.####.com:443/storage/thumb/8962/63c2917b0eef1.jpeg
  • j####.j####.com.####.com:443/storage/thumb/8967/63c3d72414498.jpeg
  • j####.j####.com.####.com:443/storage/thumb/8969/63c2d183d5947.jpg
  • j####.j####.com.####.com:443/storage/thumb/8970/63c2cb5846ed9.jpg
  • j####.j####.com.####.com:443/storage/thumb/8981/63c40eb30e850.jpg
  • j####.j####.com.####.com:443/storage/thumb/8986/63c519b97a4d1.jpeg
  • j####.j####.com.####.com:443/storage/thumb/8990/63c67de656631.jpeg
  • j####.j####.com.####.com:443/storage/thumb/8992/63c5473c642d7.jpg
  • j####.j####.com.####.com:443/storage/thumb/8993/63c547d5ac3e7.gif
  • j####.j####.com.####.com:443/storage/thumb/9008/63c6774da2706.jpg
  • j####.j####.com.####.com:443/storage/thumb/9010/63c67a4e6b4f9.jpg
  • j####.j####.com.####.com:443/storage/thumb/9011/63c69836d56b9.jpg
  • j####.j####.com.####.com:443/storage/thumb/9012/63c6985a8b4c2.jpg
  • j####.j####.com.####.com:443/storage/thumb/9013/63c6ade6672b9.jpg
  • j####.j####.com.####.com:443/storage/thumb/9014/63c6b0e3c247e.jpg
  • j####.j####.com.####.com:443/storage/thumb/9018/63c7de5a795da.jpeg
  • j####.j####.com.####.com:443/storage/thumb/9021/63c7c98b644f1.jpg
  • j####.j####.com.####.com:443/storage/thumb/9022/63c7de7c8523d.jpg
  • j####.j####.com.####.com:443/storage/thumb/9025/63c7f10945b09.jpeg
  • j####.j####.com.####.com:443/storage/thumb/9026/63c7f17e272bc.jpg
  • j####.j####.com.####.com:443/storage/thumb/9027/63c7f37936913.jpg
  • j####.j####.com.####.com:443/storage/thumb/9028/63c91947eef4f.jpeg
  • j####.j####.com.####.com:443/storage/thumb/9029/63ca8200872ca.jpeg
  • j####.j####.com.####.com:443/storage/thumb/9032/63c9037f199ef.jpg
  • j####.j####.com.####.com:443/storage/thumb/9033/63c9007931a8c.jpg
  • j####.j####.com.####.com:443/storage/thumb/9034/63c902484aeec.jpg
  • j####.j####.com.####.com:443/storage/thumb/9039/63c910a884372.jpeg
  • j####.j####.com.####.com:443/storage/thumb/9042/63c911e7babcb.jpg
  • j####.j####.com.####.com:443/storage/thumb/9043/63c94a9dd04f0.jpg
  • j####.j####.com.####.com:443/storage/thumb/9047/63c95b761da47.jpg
  • j####.j####.com.####.com:443/storage/thumb/9048/63ca7dd3ed848.jpg
  • j####.j####.com.####.com:443/storage/thumb/9055/63ca74c259bbc.png
  • j####.j####.com.####.com:443/storage/thumb/9056/63ca84591de6b.jpg
  • j####.j####.com.####.com:443/storage/thumb/9057/63ca91638cbaf.jpg
  • j####.j####.com.####.com:443/storage/thumb/9058/63ca9e306170f.jpg
  • j####.j####.com.####.com:443/storage/thumb/9068/63cbaa2f16085.jpg
HTTP POST requests:
  • al####.u####.com:443/umpx_share
  • al####.u####.com:443/unify_logs
  • al####.u####.com:443/zcfg
  • er####.u####.com.####.com:443/api/crashsdk/logcollect?chk=####&vno=####&...
  • er####.u####.com.####.com:443/apm_cc
File system changes:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/045d4ab57601f1aa428302160c10bc1120528c99c041211...db72.0
  • /data/data/####/08b7229b11d82e87876af134302f934922ac49a34f742b7...3d31.0
  • /data/data/####/0ac83c087ffd9d71ebe23b5d6676b1430c6fd57ef99d8fb....0.tmp
  • /data/data/####/0ac83c087ffd9d71ebe23b5d6676b1430c6fd57ef99d8fb...6400.0
  • /data/data/####/0ccaf415006346392351f871b4c864085ef40ae0994d302...a54a.0
  • /data/data/####/0f4250a1d55fcecec42970e36831e2b65ec43730d359247...3a03.0
  • /data/data/####/0f4ddfcc5cf1ce6c4a7223d0798fb1376973387d4a08405....0.tmp
  • /data/data/####/1469502d57da6be3280f742e77a59611aa1b90068124bed....0.tmp
  • /data/data/####/1469502d57da6be3280f742e77a59611aa1b90068124bed...a70c.0
  • /data/data/####/16cdaff74f824a1b3495ed2f299da82d8b657bae93d8449...4d07.0
  • /data/data/####/19d24e5f52060d4073deac85ac3c90e8013fb6bfd1f947a....0.tmp
  • /data/data/####/19d24e5f52060d4073deac85ac3c90e8013fb6bfd1f947a...956a.0
  • /data/data/####/20f5b9c7a09a0826c2f61135be1ef3926e5bfb08768e440...bf11.0
  • /data/data/####/22b5c9d2b2fafa637c3ca66bda5cbf0d72cb2e49156910b....0.tmp
  • /data/data/####/22b5c9d2b2fafa637c3ca66bda5cbf0d72cb2e49156910b...e974.0
  • /data/data/####/24c99ffe25e9cf8403ac32431595a6b5f26327f2baa23e1...8d10.0
  • /data/data/####/2a8e7a042b507a93e46c1300bc5294e9e7ba296daeef68d....0.tmp
  • /data/data/####/2a8e7a042b507a93e46c1300bc5294e9e7ba296daeef68d...58ce.0
  • /data/data/####/2e38fd66aba374f131ebed871a062ce15aa492aaadb1262....0.tmp
  • /data/data/####/2ff8d9df6756042e233c7bec54dcc903a0854cc79fb1698....0.tmp
  • /data/data/####/3348607693.apk
  • /data/data/####/3574750bd7e1c75ee66d0d145ed92f1afd5343a4472ae59....0.tmp
  • /data/data/####/3574750bd7e1c75ee66d0d145ed92f1afd5343a4472ae59...d4f4.0
  • /data/data/####/35978a110b274df6b5b7d59c591d1493e8490b87ae9b2d2....0.tmp
  • /data/data/####/35978a110b274df6b5b7d59c591d1493e8490b87ae9b2d2...aa3f.0
  • /data/data/####/35adb7f25d71680b940142dc862f830681156a458d9c2b6...37aa.0
  • /data/data/####/3753ac71d2d9cd9efa7591be0439e511095afadaf9431fc....0.tmp
  • /data/data/####/3753ac71d2d9cd9efa7591be0439e511095afadaf9431fc...5b9d.0
  • /data/data/####/384b43dd8dc800f334050e00bf0a30dc5b34f1e466019fa....0.tmp
  • /data/data/####/39ae5fb6320a074d0560113bcbef1848f22f58823f8e84a....0.tmp
  • /data/data/####/39ae5fb6320a074d0560113bcbef1848f22f58823f8e84a...cbec.0
  • /data/data/####/3cfbc2d2bf4fb2b82bb451ddc2f1ea9d909108b4e74678e...7a9c.0
  • /data/data/####/3e134f2ffd85768d447d57385077b8f9e7de6078f637f42....0.tmp
  • /data/data/####/3e134f2ffd85768d447d57385077b8f9e7de6078f637f42...dbcf.0
  • /data/data/####/40a1c63cdee0c749cccd76673b2874a830ed598884b4967...84bc.0
  • /data/data/####/417d6c2048e1d970c76624aecf40d28dea56d81fd0ab8de...bc9e.0
  • /data/data/####/4657b8e06eb0e075f8b3e95bda1d236f46d47dfeb99a4a8....0.tmp
  • /data/data/####/4657b8e06eb0e075f8b3e95bda1d236f46d47dfeb99a4a8...e54a.0
  • /data/data/####/47796017bfc82a83420fa7b22bab9e8b23ac51c63479b30...a338.0
  • /data/data/####/477f5df7895f0b49d7ef50a116e1d9dfc21f1214bd134fe...a4a3.0
  • /data/data/####/4c78e2f4ff4c22d8a9c3668592a7112e571e3af11c478dd....0.tmp
  • /data/data/####/4dca5d2317a8b509284888199cfdc8d844ec5cc9dbcc242...694f.0
  • /data/data/####/4dee6ab59cfe26ea3c92d3a29dd505df83e614716d17811....0.tmp
  • /data/data/####/4dee6ab59cfe26ea3c92d3a29dd505df83e614716d17811...9ee4.0
  • /data/data/####/4e0783dc0e9bf4078d0cdae274e05af364a7be3361fcaf4....0.tmp
  • /data/data/####/504003d783422fb78611da91732f029e82f7f42b80dc6b3....0.tmp
  • /data/data/####/504003d783422fb78611da91732f029e82f7f42b80dc6b3...6b3c.0
  • /data/data/####/54TR0ENO0NAHNAHIH0MOC.st
  • /data/data/####/5651e5f0c10ae85920547c31a563002383be206f6f93850...6063.0
  • /data/data/####/56c2655cc10bdce86ee3eb0c28aa0edb9ccea4efb351f4d...53ff.0
  • /data/data/####/5772254a7e3a64676b023596b60ba47e3b6157db1b19c1e....0.tmp
  • /data/data/####/5772254a7e3a64676b023596b60ba47e3b6157db1b19c1e...5119.0
  • /data/data/####/5ab78481e7555ae4aba757e893ec77b746f5f0e4aabe308...9d41.0
  • /data/data/####/5b4527ff1fc80a0717e292fe98a9fa3f.0
  • /data/data/####/5b4527ff1fc80a0717e292fe98a9fa3f.1
  • /data/data/####/5c84c0114ef866c369f2013be56467ae.0
  • /data/data/####/5c84c0114ef866c369f2013be56467ae.1
  • /data/data/####/606f45f55e780e5b0418201ab50df4b6260fecb0a1c3fe8...2fc7.0
  • /data/data/####/60d5432272f73fde655bf997c14dd9ad61707995e8e0165...a210.0
  • /data/data/####/61002c7867d11c6263f6ad266bb0db164c651566a0a9a2d...6910.0
  • /data/data/####/61ceabf80a03565afe6c9fc282b3f1207c50403fc094024....0.tmp
  • /data/data/####/61ceabf80a03565afe6c9fc282b3f1207c50403fc094024...d412.0
  • /data/data/####/63609ef7425b6ad824c994a8117fc724decb8e487147764...9925.0
  • /data/data/####/63bc078b9f998eab12cdf4bb812ce7e6f7ce8d7dc021853....0.tmp
  • /data/data/####/655d5f94d9da09e303f1b7cc207357c2c940eff6f93c8b0...bd70.0
  • /data/data/####/667f97a44004c131eb5d5b012ece2ab454d79d70205d7be....0.tmp
  • /data/data/####/667f97a44004c131eb5d5b012ece2ab454d79d70205d7be...66d0.0
  • /data/data/####/683d2fcd5276010981c69205e517ffbb98bf3412075dc84...d7b4.0
  • /data/data/####/685214c8043063e4fc61ee5019b51586a3c783e21a02175...c714.0
  • /data/data/####/69b7cf337d69daea17b807481084e4446205eea7aed9b2a....0.tmp
  • /data/data/####/69b7cf337d69daea17b807481084e4446205eea7aed9b2a...b40a.0
  • /data/data/####/69ce1ff4d6d9932239094dba4d4fb7d446401516d6a8b1c....0.tmp
  • /data/data/####/6a624a509d0637e0d5640e34e301db7243ac0b996e9df4b...784f.0
  • /data/data/####/6e711845d6ee25256e435bf9775814e3ed146ece896acba...433f.0
  • /data/data/####/70995696a8bebb5f49117b93ff560232626fe319556d596...7667.0
  • /data/data/####/7184d3dc741f532aa7f32f546b34de2c31b97bcfe63a6cb...17f6.0
  • /data/data/####/72c155e51369c04db1fc2e9ef5c9f797c862066702d9c7d....0.tmp
  • /data/data/####/72c155e51369c04db1fc2e9ef5c9f797c862066702d9c7d...58cd.0
  • /data/data/####/72d23dd392848eaeebab3d9d060d6dfd9faf95db1370b38...3090.0
  • /data/data/####/77505bd7e19c6be84dc2d9feb48746cf97ba81f947bfe13...55e2.0
  • /data/data/####/7a4f62985064fbe1ad63fad24814a4dbe0ff14203ebf3d0....0.tmp
  • /data/data/####/7bbf7ddc957ab401271c1c5a77808c95859117a3f399df3...580d.0
  • /data/data/####/82c1846e0fae04706da74ae129a6c92917ec07107b5eed3....0.tmp
  • /data/data/####/82c1846e0fae04706da74ae129a6c92917ec07107b5eed3...4c5f.0
  • /data/data/####/842a6a815377e12f4880362cea94c894dbfd5699f681c34...8837.0
  • /data/data/####/862265beb454a5b5d59ecf39760987c3c4ee51d0ac0edf9...8203.0
  • /data/data/####/867b5feb1ca385d841dfa7cfcbd9591cd1c969fad27feea...27b5.0
  • /data/data/####/88d0647931707c5c1e40d3bc359f48705fc0243a15951a4...8fa0.0
  • /data/data/####/89bb836f31462b30c7cfcc652b4900b22d9abc9ccf63c5d....0.tmp
  • /data/data/####/8bc27ad7d4f7b95c2de8bed8865a81958269ea6e64ffdb9....0.tmp
  • /data/data/####/8bc27ad7d4f7b95c2de8bed8865a81958269ea6e64ffdb9...77c2.0
  • /data/data/####/9017bc8b4ad62f5f7652774812e779e019b220da66d788f....0.tmp
  • /data/data/####/91943ed27b6195d478df5445a2e5f3886712c7562e85490....0.tmp
  • /data/data/####/91b6070b30d518df7569768128cb92ada1331f39d101137....0.tmp
  • /data/data/####/91cbfb8e2d7262557cd02405ddb5624ef7a71943364d1c3...1f68.0
  • /data/data/####/955883e75017b155f00be80715e14968517c0e181dd98a1...ab8f.0
  • /data/data/####/96f077b2dd814010f4a80789e0a5ee8c3084659d06670a4....0.tmp
  • /data/data/####/985f441d39b2488cbec6d4ea923e5216d57fbeb1f93e32e....0.tmp
  • /data/data/####/9b032fde468c8b13e228f4e9c122b883da81903e12b2e0a...a32e.0
  • /data/data/####/9c665f5995b0e303d69375037ad3cf8737ad245f9ef4d6c....0.tmp
  • /data/data/####/9e5190b11fe067497669350e5fbcdc09ec5ae867a4ba3fc....0.tmp
  • /data/data/####/9e5190b11fe067497669350e5fbcdc09ec5ae867a4ba3fc...7062.0
  • /data/data/####/9ed0f528dae05d5f813792ea427324282ef47edafb950a3....0.tmp
  • /data/data/####/9ed0f528dae05d5f813792ea427324282ef47edafb950a3...a021.0
  • /data/data/####/ONE_DB.db-journal (deleted)
  • /data/data/####/UM_PROBE_DATA.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/Y29uZmlnXzVkY2E2YjdmNTcwZGYzYmU4OTAwMGNiMg.sp
  • /data/data/####/Y29uZmlnXzVkY2E2YjdmNTcwZGYzYmU4OTAwMGNiMg.sp.bak
  • /data/data/####/a1e9b35e01d2b91ea54402cd9d287ac66d0d7e9cbb38589...eb2f.0
  • /data/data/####/a43193497c3b620c2157eeb1ba521273.0
  • /data/data/####/a43193497c3b620c2157eeb1ba521273.1
  • /data/data/####/a50841908677520f35b797d37dcc65b104a10281c260932...9fa5.0
  • /data/data/####/a68db08a5efa060c95bb219c4ff961a5a10005e8ae3661b...ff8c.0
  • /data/data/####/aa2661f0eaf4b91bc2a0392e4269da97bfda1c4bef31892...7f90.0
  • /data/data/####/ab1b1abd2ed8408c433b2d2de904125f949ef3331f2aafb....0.tmp
  • /data/data/####/ab1b1abd2ed8408c433b2d2de904125f949ef3331f2aafb...8944.0
  • /data/data/####/ab8628398ea5ba9fe57dc694107b48faa6b71f9a521d168...7a86.0
  • /data/data/####/aebf68c32bc9904631dd4bfe75513c922091b0aec16ebfb....0.tmp
  • /data/data/####/b2194610bab7e253e574d8e681a4b9696df6189d28c6df4...4b1f.0
  • /data/data/####/b23ce5ae609193419d3c4018492c9fe16ec038784a804db...bca0.0
  • /data/data/####/b2eddf028b82635776ca655c9f8bb8514fed5f425128f6c....0.tmp
  • /data/data/####/b3f8086ce13823b6d83a311f6dc932a4.0
  • /data/data/####/b3f8086ce13823b6d83a311f6dc932a4.1
  • /data/data/####/b74f9870a698f13b94ffba268184807b93c5923ebf321de...be86.0
  • /data/data/####/ba8b015b17d5aaf578b8707765b061eae4d94ecff1b8149...bacd.0
  • /data/data/####/c3c294cb7600b7c7e422a7939ac8c7af09c229f8636ed1e...272a.0
  • /data/data/####/c3d742a72366365a2e326334e79eb1ef9a12ac2d00b4815....0.tmp
  • /data/data/####/c698300dced092738a1bab14ba1e6541424b7950b0eb202....0.tmp
  • /data/data/####/c6c6705912ff5bb0599e00e4d42e5a049a5140e38f242a0...644f.0
  • /data/data/####/cache_manager_storage.xml
  • /data/data/####/cd1990a799faa3d98c2bc663c14378038b0c3e2e8ae7217....0.tmp
  • /data/data/####/cd1990a799faa3d98c2bc663c14378038b0c3e2e8ae7217...f584.0
  • /data/data/####/cdt.wa
  • /data/data/####/ce5f2088ddec5fd3df9dfe5b31082301465e53f34177b10...dbae.0
  • /data/data/####/classes.dex
  • /data/data/####/classes.dex.flock (deleted)
  • /data/data/####/classes10.dex
  • /data/data/####/classes10.dex.flock (deleted)
  • /data/data/####/classes11.dex
  • /data/data/####/classes11.dex.flock (deleted)
  • /data/data/####/classes12.dex
  • /data/data/####/classes12.dex.flock (deleted)
  • /data/data/####/classes2.dex
  • /data/data/####/classes2.dex.flock (deleted)
  • /data/data/####/classes3.dex
  • /data/data/####/classes3.dex.flock (deleted)
  • /data/data/####/classes4.dex
  • /data/data/####/classes4.dex.flock (deleted)
  • /data/data/####/classes5.dex
  • /data/data/####/classes5.dex.flock (deleted)
  • /data/data/####/classes6.dex
  • /data/data/####/classes6.dex.flock (deleted)
  • /data/data/####/classes7.dex
  • /data/data/####/classes7.dex.flock (deleted)
  • /data/data/####/classes8.dex
  • /data/data/####/classes8.dex.flock (deleted)
  • /data/data/####/classes9.dex
  • /data/data/####/classes9.dex.flock (deleted)
  • /data/data/####/com.hihanhan.one.rt45_preferences.xml
  • /data/data/####/config.xml
  • /data/data/####/config.xml.bak
  • /data/data/####/cr.wa
  • /data/data/####/d12ae603836ca618b748a8e2bca0c9676a722c28570454d...0863.0
  • /data/data/####/d31af876c1407720441252c3f8fd9084.0
  • /data/data/####/d31af876c1407720441252c3f8fd9084.1
  • /data/data/####/d32c413886df4e703be0af28801269874a19bbe3a6f1825...3736.0
  • /data/data/####/d4cc8406533b26de9dbeb1a62ac8d6b22c3249238baa265....0.tmp
  • /data/data/####/d4cc8406533b26de9dbeb1a62ac8d6b22c3249238baa265...c838.0
  • /data/data/####/d8b5194de63b8b8cb638cc0668cf2eb0f1b00f0fa304557....0.tmp
  • /data/data/####/d8b5194de63b8b8cb638cc0668cf2eb0f1b00f0fa304557...d3b5.0
  • /data/data/####/d9662d0c9a6a2ab4eef06be4078e330adb8fb1d344bacae...5627.0
  • /data/data/####/d9662d65a4b71ad3eb01ae5e62088445c3f3da4f60fe177....0.tmp
  • /data/data/####/db1456a321c5e134af18066013095cb751da6d636cb060f...a6f6.0
  • /data/data/####/de79d15663d171e7f2615699cf61363ce9cb4c7a6a129aa...b5bd.0
  • /data/data/####/dt.wa
  • /data/data/####/e0ff4d1700269a6d972047a8d58b0e0731091fca7875323...82f7.0
  • /data/data/####/e5e441a38b4d9d7c600cee6c551fe2a35cb41f5228b93f2...a52e.0
  • /data/data/####/e698f943a08f1e672fe1bfcbde64246c6832b244c91c7c4...e83e.0
  • /data/data/####/e726fb7cbba55e87b0476886f1fda852682b530a8cd6679....0.tmp
  • /data/data/####/eae89898eaa730e54d92fcae23de1aa62b6bcb9795c273b...0b23.0
  • /data/data/####/ec1d1f4a1063b5adca69efa5e77c2d618243070ccda3549...e8a0.0
  • /data/data/####/ec3649c0cd228e3894e20b52224c52de2c4398001c77067...d73f.0
  • /data/data/####/ec7425854d2ea8e70d26740f3d8c950b1c003612a270a78...80a6.0
  • /data/data/####/ee00e60a0a30c7f61a2aa7f215a8d4c8f6dfede8ef9b681....0.tmp
  • /data/data/####/ee00e60a0a30c7f61a2aa7f215a8d4c8f6dfede8ef9b681...5225.0
  • /data/data/####/ef4159bde1145ce8331b747a13146cfc52a2bd96aac53ef...e715.0
  • /data/data/####/efac50e14fafc954aa85c3833259d829aae9875afde673d...f2fd.0
  • /data/data/####/efsid
  • /data/data/####/efsid3490
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/exid.dat
  • /data/data/####/f047c0b81fef3cbfa955d744fa9d65fe507f4ddd9c414bc....0.tmp
  • /data/data/####/f132d214f2448a883374385be063669adc31b446bc58efb...4bcb.0
  • /data/data/####/f1825d30d2edc1a9ad84f70a30650b2ef52e8d39f8956ae...cdf8.0
  • /data/data/####/f29f2c87f489840c2c65c2f4294dadbecb33bea40c599ba...68d0.0
  • /data/data/####/f2cc25b48a7ceb1190302bffaef0feae02885d5efdaa9b9....0.tmp
  • /data/data/####/f84cb98a38562a874da43987ee43dd5700ea704951befbd....0.tmp
  • /data/data/####/f84cb98a38562a874da43987ee43dd5700ea704951befbd...9da6.0
  • /data/data/####/f9a05ef697645f9cc427e326690346e81b32ce1a85b4fe5...26a1.0
  • /data/data/####/fbf30cc0a8b91fe7d4afd5d986a4f8572a69aad2d3d5df4....0.tmp
  • /data/data/####/fdb7475723a0fa5a44ca450b684ce1bf986b9d6f16b6a61....0.tmp
  • /data/data/####/fed7d6d93eb0ad1e1bde55086d99e82e34745109335f005....0.tmp
  • /data/data/####/i==1.2.0&&9.9.9.9.9_1674303893794_dW5pZnlfbG9ncw==;.log
  • /data/data/####/index
  • /data/data/####/info.xml
  • /data/data/####/journal
  • /data/data/####/metrics_guid
  • /data/data/####/notice.xml
  • /data/data/####/paconfig.sp
  • /data/data/####/paconfig.sp.bak
  • /data/data/####/proc_auxv
  • /data/data/####/s==7.1.5&&9.9.9.9.9_1674303894174_dW1weF9zaGFyZQ==;.log
  • /data/data/####/sendlock
  • /data/data/####/share.db-journal
  • /data/data/####/sp_replace_flag.sp
  • /data/data/####/sp_replace_flag.sp.bak
  • /data/data/####/t==9.4.0&&9.9.9.9.9_1674303893988_dW5pZnlfbG9ncw==;.log
  • /data/data/####/the-real-index
  • /data/data/####/ua.db
  • /data/data/####/ua.db-journal
  • /data/data/####/um_pri.xml
  • /data/data/####/um_session_id.xml
  • /data/data/####/umeng_common_config.xml
  • /data/data/####/umeng_common_config.xml.bak
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/umeng_socialize.xml
  • /data/data/####/umeng_zcfg_flag
  • /data/data/####/umeng_zero_cache.db
  • /data/data/####/umeng_zero_cache.db-journal
  • /data/data/####/umzid_general_config.xml
  • /data/data/####/unique
  • /data/data/####/ver
  • /data/data/####/z==1.2.0&&9.9.9.9.9_1674303891189_emNmZw==;.log
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  • ls -l /system/bin/su
  • ls /
  • ls /sys/class/thermal
  • sh -c type su
Loads the following dynamic libraries:
  • libarm_protect
  • libcrashsdk
  • libmthook
  • libumeng-spy
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS7Padding
  • RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android