Поддержка
Круглосуточная поддержка

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

Android.Packed.21601

Добавлен в вирусную базу Dr.Web: 2017-05-17

Описание добавлено:

Техническая информация

Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
  • Android.DownLoader.414.origin
  • Android.DownLoader.396.origin
  • Android.DownLoader.348.origin
  • Android.DownLoader.455.origin
Сетевая активность:
Подключается к:
  • h####.####.com
  • analy####.####.com
  • w####.####.com
  • bmob-cd####.####.com
  • googlet####.com
  • 1####.####.214:8080
  • s####.####.com
  • i####.####.com
  • o####.####.cn
  • b####.com
  • p####.####.com
  • f####.####.com
  • a####.####.today
  • m####.####.com
  • st####.####.com
  • o####.####.com
  • 1####.####.com
  • 1####.####.131:8080
  • c####.####.net
  • c####.####.com
  • d####.####.com
  • ha####.####.com
Запросы HTTP GET:
  • m####.####.com/ifeed/more?tj_page=####&from=####&tn=####&page=####&id=##...
  • s####.####.com/static/html5-index/js/zepto_14ab7a5.js
  • m####.####.com/static/webapp/widget/modular/_title/_title_9d91a07.css
  • s####.####.com/static/html5-index/widget/falls/gxhWords/gxhWords_bf8eb51...
  • m####.####.com/static/webapp/widget/modular/cpm_a/cpm_a_d41d8cd.css
  • o####.####.com/i6419155354084442626/ad/?csrfmiddlewaretoken=####
  • m####.####.com/static/html5-index/js/fingerPrint_161b85b.js
  • s####.####.com/static/html5-index/js/iscroll-lite4_a51bdc3.js
  • f####.####.com/hunter/alog/monkey.mobile.min.js
  • m####.####.com/static/webapp/widget/modular/_img_left_text_right/_img_le...
  • s####.####.com/log/sentry/v2/api/66/store/?sentry_version=####&sentry_cl...
  • m####.####.com/static/img/qunaericon.png
  • f####.####.com/hunter/alog/dp.csp.min.js?v=####
  • s####.####.com/mercury/resource/mercury/stream/common/verification/verif...
  • f####.####.com/wisegame/pic/item/e30a19d8bc3eb13564d8711fa41ea8d3fd1f447...
  • m####.####.com/static/img/hunlian/android_20130313_02.png
  • s####.####.com/static/common/lib/jifenTask/task_1b9084b.css
  • s####.####.com/static/html5-index/widget_faf3c77.js
  • s####.####.com/static/html5-index/widget/falls/gxhWords/gxhWords_593c278...
  • s####.####.com/mercury/resource/mercury/stream/static/image/wap_logo@3x_...
  • analy####.####.com/collect?t=####&tid=####&cid=####&gid=####&v=####&cav=...
  • p####.####.com/s?chi=####&tcn=####&dtm=####&ltu=####&dai=####&tpr=####&t...
  • s####.####.com/log/sentry/v2/api/open_mobile_detail/perf/?screen=####&dp...
  • m####.####.com/static/webapp/widget/modular/_table_text_split/_table_tex...
  • m####.####.com/static/tj.gif?page=####&pos=####&level=####&k=####&core=#...
  • s####.####.com/mercury/resource/mercury/stream/static/js/lib/raven_87b7f...
  • s####.####.com/static/html5-index/img/guanggao1_374ef54.png
  • s####.####.com/static/img/newzx/fy0517_06.jpg
  • s####.####.com/static/html5-index/widget_f8bfc7b.css
  • c####.####.com/cpro/ui/pr.js
  • o####.####.com/list/?tag=####&ac=####&item_type=####&count=####&format=#...
  • m####.####.com/m/hunlian?z=####&tn=####&z=####&from=####&page=####&level...
  • f####.####.com/dmas/pic/item/f145d688d43f8794d3b392bbda1b0ef41ad53ad3.jpg
  • 1####.####.com/ug3a1ecf95f2cdf23edb4c3e83a0f166bd06acde0b36.js
  • f####.####.com/dmas/pic/item/342c11dfa9ec8a13cf9b7676ff03918fa1ecc0a7.jpg
  • ha####.####.com/api/searchrecom?c=####&type=####&dataType=####&pageid=##...
  • s####.####.com/static/img/newzx/l517-2.jpg
  • o####.####.com/a6419197205420540162/
  • s####.####.com/static/html5-index/card/js/swiper_4bb3bcc.js
  • s####.####.com/mercury/resource/mercury/stream/static/pkg/pagelet/list/p...
  • m####.####.com/hao123_api/x/sync_bduss?_=####&callback=####
  • 1####.####.com/a?cf=####&pcy=####&psi=####&ppq=####&gce=####&qef=####&ne...
  • f####.####.com/hunter/alog/feature.min.js?v=####
  • m####.####.com/static/img/yy/appdown/momo72.jpg
  • m####.####.com/static/webapp/widget/middlepage/footer/footer_26cbf50.css
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/js/monitor/...
  • s####.####.com/mercury/resource/mercury/mobile_detail/common/widgets/swi...
  • o####.####.com/i6419155354084442626/
  • s####.####.com/mercury/resource/mercury/stream/static/js/monitor/perform...
  • m####.####.com/static/webapp/widget/modular/_table_text/_table_text_841e...
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/pkg/common_...
  • s####.####.com/static/html5-index/widget/card/card_fcad_once/card_fcad_o...
  • m####.####.com/static/webapp/widget/modular/_table_app/_table_app_1935d8...
  • s####.####.com/dmas?cmd=####&data=####&_=####&callback=####
  • o####.####.com/a6420866863044133121/?utm_campaign=####&utm_medium=####&u...
  • s####.####.com/static/html5-index/img/guide_3ef30c4.png
  • m####.####.com/static/webapp/widget/modular/_img_full_width/_img_full_wi...
  • s####.####.com/mercury/resource/mercury/stream/static/style/common/commo...
  • m####.####.com/static/img/58tongcheng40.png
  • s####.####.com/static/html5-index/widget/card/card_fcad_second/card_fcad...
  • s####.####.com/static/webapp/widget/middlepage/nav/arrowright_02f880d.png
  • s####.####.com/mercury/resource/mercury/stream/static/image/toutiaoicon_...
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/pkg/base_5a...
  • m####.####.com/
  • f####.####.com/f/3wtp.jpg
  • s####.####.com/adstatic/resource/ad_wap/dist/1.0.17/static/style/ed.css
  • f####.####.com/hunter/alog/speed.min.js?v=####
  • 1####.####.214:8080/jfservice/a.jsp?k=####
  • bmob-cd####.####.com/2017/03/03/8f4f2872409cb88380b6763959873fae.dex
  • s####.####.com/user_log/?c=####&sid=####&type=####&t=####&source=####
  • s####.####.com/mercury/webroot/resource/mercury/mobile_detail/static/js/...
  • s####.####.com/static/webapp/widget/middlepage/nav/logo_cbebae3.png
  • s####.####.com/static/html5-index/common/fc_ad_second_16afeaa.js
  • st####.####.com/tb/pms/img/st.gif?ts=####&sid=####&ht=####&fs=####&drt=#...
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/style/commo...
  • s####.####.com/mercury/resource/mercury/stream/static/pkg/asyncmap_c0173...
  • s####.####.com/static/webapp/widget/middlepage/searchBox/search_255c9de....
  • s####.####.com/adstatic/resource/ad_wap/dist/1.0.17/static/js/ed.js
  • f####.####.com/f/wf0215.dat
  • s####.####.com/mercury/resource/mercury/stream/static/js/lib/gtm_0bff37d...
  • m####.####.com/static/img/banner/xiaoshuo1218.jpg
  • o####.####.com/i6420736576459899393/?utm_campaign=####&utm_medium=####&u...
  • b####.com/nocache/pdns/az.gif?_=####
  • s####.####.com/mercury/resource/mercury/stream/static/pkg/lib_8bffa6c.js
  • m####.####.com/static/fe/html5/bottomjs/bottom.js?t=####
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/image/shado...
  • m####.####.com/static/tj.gif?level=####&page=####&pos=####&fp_result=###...
  • s####.####.com/static/html5-index/falls/css/siteIcon_e4fa7bc.css
  • 1####.####.com/ur7e50c7dcf6cefe3c9e4c20ddf0a867bf05.js
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/image/body_...
  • s####.####.com/static/common/js/djlib_4547868.js
  • s####.####.com/static/webapp/widget/middlepage/nav/nav_f576ca5.js
  • s####.####.com/mercury/resource/mercury/stream/static/pkg/common_a78889b...
  • s####.####.com/mercury/resource/mercury/mobile_detail/pagelet/async/v4/g...
  • o####.####.com/group/article/6419197205420540162/6419155354084442626/rel...
  • m####.####.com/static/img/shuangseqiuicon.png
  • d####.####.com/x.gif?he=####&dm=####&v=####&li=####&rnd=####
  • s####.####.com/static/common/lib/jifenTask/task_10d3288.js
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/pkg/asyncma...
  • s####.####.com/mercury/resource/mercury/stream/static/pkg/base_5a3e5f6.js
  • m####.####.com/hao123_api/d
  • m####.####.com/static/p.gif?_=####
  • s####.####.com/mercury/resource/mercury/stream/static/js/lib/responsive_...
  • m####.####.com/static/img/logo/logo150623.png
  • m####.####.com/static/img/tengxun_40.png
  • s####.####.com/mercury/resource/mercury/stream/pagelet/async/widgets/con...
  • p####.####.com/s?cce=####&dtm=####&ctxant=####&dri=####&cec=####&tcn=###...
  • m####.####.com/static/img/souhuxin-4040.png
  • s####.####.com/static/html5-index/js/https_2ff159d.js
  • o####.####.com/?utm_source=####&utm_medium=####&utm_campaign=####
  • f####.####.com/dmas/pic/item/df3eb13533fa828b0e2c3676f51f4134970a5a1c.jpg
  • f####.####.com/dmas/pic/item/2836acaf2edda3cc21493cb509e93901203f92f2.jpg
  • m####.####.com/static/html5-index/css/base/icon_0601378.css
  • s####.####.com/static/webapp/widget/middlepage/menu/menu_9ed1640.css
  • m####.####.com/static/p.gif
  • s####.####.com/static/img/newzx/qgtp20170517p-1.jpg
  • s####.####.com/static/webapp/widget/middlepage/searchBox/search_8970670.js
  • m####.####.com/static/img/yy/appdown/weixin72.jpg
  • googlet####.com/gtm.js?id=####
  • o####.####.com/i6419155354084442626/info/?csrfmiddlewaretoken=####
  • s####.####.com/static/common/widget/lib/gmu/zepto/zepto_ecfcb5e.js
  • f####.####.com/hunter/alog/dp.mobile.min.js?v=####
  • c####.####.net/pixel?google_nid=####&googl####
  • o####.####.com/group/6420866863044133121/?utm_campaign=####&utm_medium=#...
  • c####.####.com/sync.htm?cproid=####
  • m####.####.com/hao123_api/next/widget?wid=####&tj_page=####&from=####&tn...
  • s####.####.com/mercury/resource/mercury/mobile_detail/common/renderers/r...
  • 1####.####.com/givhiqk/link?c=####
  • m####.####.com/r/image/2017-02-21/e3d62e9d54ac945fecb4d2d22438aac9.png
  • s####.####.com/static/webapp/widget/middlepage/zepto.min_db0562f.js
  • m####.####.com/static/img/tushuguan2017517_b.png
  • s####.####.com/static/img/newzx/jktp20170517p-1.jpg
  • s####.####.com/static/img/newzx/fy0517_01.jpg
  • s####.####.com/static/webapp/widget/middlepage/nav/nav_50d2085.css
  • o####.####.com/i6420736576459899393/ad/?utm_campaign=####&utm_medium=###...
  • 1####.####.131:8080/spotService/a.jsp?k=####
  • f####.####.com/dmas/pic/item/7c30e924b899a901c88241a015950a7b0308f5f5.jpg
  • s####.####.com/static/img/newzx/l517-7.jpg
  • f####.####.com/dmas/pic/item/3f6034a85edf8db19ec196f10123dd54574e74bc.jpg
  • o####.####.com/group/article/6420866863044133121/6420736576459899393/rel...
  • s####.####.com/static/webapp/widget/middlepage/nav/navBtn_2ddce93.png
  • p####.####.com/sync_pos.htm?cproid=####
  • d####.####.com/x.gif?he=####&dm=####&ac=####&v=####&li=####&rnd=####
  • s####.####.com/mercury/resource/mercury/stream/static/style/common/ad_6f...
  • st####.####.com/tb/pms/img/st.gif?ts=####&t=####&sid=####&dv=####&page=#...
  • st####.####.com/tb/pms/img/st.gif?ts=####&t=####&sid=####&ver=####&pid=#...
  • o####.####.com/i6420736576459899393/info/?csrfmiddlewaretoken=####
  • m####.####.com/hao123_api/api/index/searchbox_recommend_word
  • s####.####.com/img/1L/Aw/2F/mk/ch/o/blank.gif
  • o####.####.com/group/6419197205420540162/
  • m####.####.com/static/img/icon/wangyi20160301.png
  • c####.####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/pkg/pagelet...
  • w####.####.com/adx.php?c=####
  • m####.####.com/static/webapp/modular/modular_eea606f.css
  • h####.####.com/dianj/?u=####&ie=####&tm=####&cm=####&md=####&at=####&v=#...
  • f####.####.com/hunter/alog/element.min.js?v=####
  • bmob-cd####.####.com/2017/05/05/92c18abe40dda53780d38edda9a43891.dex
  • m####.####.com/static/img/zhilian20170101.png
  • m####.####.com/static/webapp/widget/modular/cpm_b/cpm_b_d41d8cd.css
  • m####.####.com/static/html5-index/js/detect-all_6cfe828.js
  • s####.####.com/static/html5-index/img/group_b2e485a.png
  • s####.####.com/static/common/lib/mod_75d1f98.js
  • m####.####.com/?union=####&from=####&tn=####
  • s####.####.com/static/img/newzx/nxtp20170517-1.jpg
  • f####.####.com/hunter/alog/alog.min.js?v=####
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/image/touti...
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/pkg/lib_efa...
  • ha####.####.com/static/mapping/bd.php?type=####
  • s####.####.com/__utm.gif?screen=####&dpr=####&net_type=####&iframes=####...
  • s####.####.com/mercury/resource/mercury/mobile_detail/static/js/lib/resp...
  • m####.####.com/static/img/banner/zixun1218.jpg
  • s####.####.com/static/html5-index/common/fc_ad_second_3a5b587.css
Запросы HTTP POST:
  • o####.####.cn/8/init
  • i####.####.com/service/getIpInfo2.php
  • o####.####.cn/8/find
  • o####.####.cn/8/secret
  • a####.####.today/v1/statistics
  • a####.####.today/2/statistics/proxy
Изменения в файловой системе:
Создает следующие файлы:
  • <Package Folder>/shared_prefs/i_fionf_pre<IMEI>.xml.bak
  • <Package Folder>/shared_prefs/c1<IMEI>.xml
  • <Package Folder>/files/01495017069807.jar
  • <Package Folder>/app_hola_q/s/2029223031.zf
  • <Package Folder>/app_statitics/77dbb5ea41d53ada8be06a4a730b0efe
  • <Package Folder>/app_hola_q/d/2029223031.dex
  • <Package Folder>/app_statitics/3fb15018f0c03a72615873dfadbd789a
  • <Package Folder>/shared_prefs/bmob_sp.xml
  • <Package Folder>/app_statitics/c68416d228e8850396b56d7db7bf803b
  • <Package Folder>/shared_prefs/xappInfo_pre.xml.bak
  • <Package Folder>/files/41495017067365.jar
  • <Package Folder>/app_img_dat/main.db
  • <Package Folder>/databases/E_ID<IMEI>.db-journal
  • <Package Folder>/app_statitics/905c5e679a512902ea9dd8aecca12f6c
  • <Package Folder>/shared_prefs/a1<IMEI>.xml.bak
  • <Package Folder>/databases/d.db-journal
  • <Package Folder>/cache/webviewCacheChromium/f_000008
  • <Package Folder>/shared_prefs/w_base_info.xml
  • <Package Folder>/shared_prefs/a1<IMEI>.xml
  • <Package Folder>/shared_prefs/xconf_pre.xml.bak
  • <Package Folder>/app_statitics/fb4012b748d4b2b32e9855d726f36d21
  • <Package Folder>/shared_prefs/w_report_apps.xml
  • <Package Folder>/files/1495017069031o.jar
  • <Package Folder>/shared_prefs/i.xml
  • <Package Folder>/cache/webviewCacheChromium/index
  • <Package Folder>/shared_prefs/xtrategy_pre.xml
  • <Package Folder>/databases/jwall_download.db
  • <Package Folder>/databases/qcut_download.db-journal
  • <Package Folder>/databases/webview.db-journal
  • <Package Folder>/databases/webviewCookiesChromium.db-journal
  • <Package Folder>/shared_prefs/f1<IMEI>.xml
  • <Package Folder>/shared_prefs/1000.xml
  • <Package Folder>/shared_prefs/fcut_trategy_pre.xml
  • <Package Folder>/app_b_sta/s/cache
  • <Package Folder>/databases/a1.db-journal
  • <Package Folder>/shared_prefs/a1.xml
  • <Package Folder>/app_statitics/3eb5cde075b82b85a1aa2b72c1bd24e3
  • <Package Folder>/bmob_stat_p/ij.dex
  • <Package Folder>/shared_prefs/b1<IMEI>.xml.bak
  • <Package Folder>/cache/webviewCacheChromium/f_00001c
  • <Package Folder>/shared_prefs/fcut_info_pre.xml
  • <Package Folder>/app_statitics/0db3209e1adc6d67be435a81baf9a66e
  • <Package Folder>/app_statitics/f10b0f2d8691e53ec0812de375a45841
  • <Package Folder>/shared_prefs/d1<IMEI>.xml
  • <Package Folder>/shared_prefs/c1<IMEI>.xml.bak
  • <Package Folder>/shared_prefs/fcut_trategy_pre.xml.bak
  • <Package Folder>/shared_prefs/fcut_appInfo_pre.xml
  • <Package Folder>/shared_prefs/xappInfo_pre.xml
  • <Package Folder>/cache/webviewCacheChromium/f_000018
  • <Package Folder>/cache/webviewCacheChromium/f_000019
  • <Package Folder>/cache/webviewCacheChromium/f_000016
  • <Package Folder>/cache/webviewCacheChromium/f_000017
  • <Package Folder>/cache/webviewCacheChromium/f_000014
  • <Package Folder>/cache/webviewCacheChromium/f_000015
  • <Package Folder>/cache/webviewCacheChromium/f_000012
  • <Package Folder>/cache/webviewCacheChromium/f_000013
  • <Package Folder>/cache/webviewCacheChromium/f_000010
  • <Package Folder>/cache/webviewCacheChromium/f_000011
  • <Package Folder>/shared_prefs/b1<IMEI>.xml
  • <Package Folder>/cache/webviewCacheChromium/f_00000a
  • <Package Folder>/cache/webviewCacheChromium/f_00000c
  • <Package Folder>/cache/webviewCacheChromium/f_00000b
  • <Package Folder>/cache/webviewCacheChromium/f_00000e
  • <Package Folder>/cache/webviewCacheChromium/f_00000d
  • <Package Folder>/cache/webviewCacheChromium/f_00000f
  • <Package Folder>/shared_prefs/i_fionf_pre<IMEI>.xml
  • <Package Folder>/shared_prefs/w_base_info.xml.bak
  • <Package Folder>/databases/jwall_download.db-journal
  • <Package Folder>/shared_prefs/xconf_pre.xml
  • <Package Folder>/app_b_sta/d/-1377133417.dex
  • <Package Folder>/shared_prefs/fcut_appInfo_pre.xml.bak
  • <Package Folder>/app_b_sta/s/-1377133417.zf
  • <Package Folder>/app_hola_q/s/cache
  • <Package Folder>/cache/webviewCacheChromium/f_000009
  • <Package Folder>/files/41495017068359.jar
  • <Package Folder>/cache/webviewCacheChromium/f_000001
  • <Package Folder>/cache/webviewCacheChromium/f_000003
  • <Package Folder>/cache/webviewCacheChromium/f_000002
  • <Package Folder>/cache/webviewCacheChromium/f_000005
  • <Package Folder>/cache/webviewCacheChromium/f_000004
  • <Package Folder>/cache/webviewCacheChromium/f_000007
  • <Package Folder>/cache/webviewCacheChromium/f_000006
  • <Package Folder>/cache/webviewCacheChromium/f_00001b
  • <Package Folder>/files/01495017069569.jar
  • <Package Folder>/cache/webviewCacheChromium/f_00001a
  • <Package Folder>/cache/webviewCacheChromium/data_3
  • <Package Folder>/shared_prefs/fcut_conf_pre.xml
  • <Package Folder>/shared_prefs/fcut_conf_pre.xml.bak
  • <Package Folder>/shared_prefs/b.xml
  • <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
  • <Package Folder>/cache/webviewCacheChromium/data_2
  • <Package Folder>/cache/webviewCacheChromium/data_1
  • <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
  • <dexopt>
Может автоматически отправлять СМС-сообщения.

Рекомендации по лечению


Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке