Поддержка
Круглосуточная поддержка

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

Android.SmsSend.19897

Добавлен в вирусную базу Dr.Web: 2017-06-09

Описание добавлено:

Техническая информация

Вредоносные функции:
Отправляет СМС-сообщения:
  • 10658000: XYJD
  • 1065842232: BN2[bbczcbbG3zsG3bluKlHcklUlbbFzz\HpTxx(GiVK5bAPxXDgf2gpmQbu7bKNkDlFcbcFFb?xb&0bbbP5mjBDI7GSgC=oLr27FlK%XG7/ZK=
  • 1065843601: CMO_S=ZpZruJiwF-n_ziUIMWXkSp_sZomLqh6CyFMSc9BDMgCKjFBNSPZygLjmQhNALfEN3Dcrr-27Qe1zFutCF5lfOe1nxDWSyKfBAew9DFyzGy8=@I1.2@0001
  • 1065843601: CMO_S=dq30OPq1LseiKInTy-EdvFCjX9XX0G0gx6G95Yfyub9La__N1MMKPs0yc4jMZQRqEK7Qr1hxrc29eNaxDReE6VmRuGCRhjoSWwSinkxHZQ0=@I1.2@0001
Сетевая активность:
Подключается к:
  • 1####.####.147
  • 1####.####.147:8080
  • 1####.####.91
  • 1####.####.91:8080
  • a####.####.com
  • o91vx####.####.com
  • oa5cv####.####.com
  • p####.####.com
  • p####.####.com:8080
Запросы HTTP GET:
  • 1####.####.147/xmld/HttpService!service?paramMap=####
  • 1####.####.91/mm/HttpService!service?paramMap=####
  • 1####.####.91:8080/xad/resService!service?paramMap=####
  • o91vx####.####.com/q300071_0608.apk
  • oa5cv####.####.com/ic_clsb2.png
  • p####.####.com/sdk/spaycoredex_so_1980.jar
  • p####.####.com:8080/res/novel/app/content/1.txt
Запросы HTTP POST:
  • 1####.####.147:8080/xmld/HttpService
  • a####.####.com/app_logs
Изменения в файловой системе:
Создает следующие файлы:
  • <Package Folder>/app_payload_odex/<Package>.jar
  • <Package Folder>/app_process_lock/1122153972931.2
  • <Package Folder>/app_process_lock/1122153972931.2 (deleted)
  • <Package Folder>/app_process_lock/1122153973125.9
  • <Package Folder>/app_process_lock/1122153973125.9 (deleted)
  • <Package Folder>/app_process_lock/1122153973260.06
  • <Package Folder>/app_process_lock/1122153973260.06 (deleted)
  • <Package Folder>/app_process_lock/1122153973276.21
  • <Package Folder>/app_process_lock/1122153973276.21 (deleted)
  • <Package Folder>/app_process_lock/1122153973323.02
  • <Package Folder>/app_process_lock/1122153973323.02 (deleted)
  • <Package Folder>/app_process_lock/1122153973535.6
  • <Package Folder>/app_process_lock/1122153973535.6 (deleted)
  • <Package Folder>/app_process_lock/1122153973559.18
  • <Package Folder>/app_process_lock/1122153973559.18 (deleted)
  • <Package Folder>/app_process_lock/1122153973769.78
  • <Package Folder>/app_process_lock/1122153973769.78 (deleted)
  • <Package Folder>/app_process_lock/1122153973808.83
  • <Package Folder>/app_process_lock/1122153973808.83 (deleted)
  • <Package Folder>/app_process_lock/1122153973878.48
  • <Package Folder>/app_process_lock/1122153973878.48 (deleted)
  • <Package Folder>/app_process_lock/1122153973923.75
  • <Package Folder>/app_process_lock/1122153973923.75 (deleted)
  • <Package Folder>/app_process_lock/1132.30089999093
  • <Package Folder>/app_process_lock/1132.30089999093 (deleted)
  • <Package Folder>/app_process_lock/1132.34542065845
  • <Package Folder>/app_process_lock/1132.34542065845 (deleted)
  • <Package Folder>/app_process_lock/1132.38994132597
  • <Package Folder>/app_process_lock/1132.38994132597 (deleted)
  • <Package Folder>/app_process_lock/1132.43446199348
  • <Package Folder>/app_process_lock/1132.43446199348 (deleted)
  • <Package Folder>/app_process_lock/1132.478982661
  • <Package Folder>/app_process_lock/1132.478982661 (deleted)
  • <Package Folder>/app_process_lock/1132.52350332852
  • <Package Folder>/app_process_lock/1132.52350332852 (deleted)
  • <Package Folder>/app_process_lock/1132.56802399603
  • <Package Folder>/app_process_lock/1132.56802399603 (deleted)
  • <Package Folder>/app_process_lock/161.918512514603
  • <Package Folder>/app_process_lock/161.918512514603 (deleted)
  • <Package Folder>/app_process_lock/2325856960109.62
  • <Package Folder>/app_process_lock/2325856960109.62 (deleted)
  • <Package Folder>/app_process_lock/2325856960994.59
  • <Package Folder>/app_process_lock/2325856960994.59 (deleted)
  • <Package Folder>/app_process_lock/2325856961476.09
  • <Package Folder>/app_process_lock/2325856961476.09 (deleted)
  • <Package Folder>/app_process_lock/2325856961994.71
  • <Package Folder>/app_process_lock/2325856961994.71 (deleted)
  • <Package Folder>/app_process_lock/2325856962170.86
  • <Package Folder>/app_process_lock/2325856962170.86 (deleted)
  • <Package Folder>/app_process_lock/2325856962601.08
  • <Package Folder>/app_process_lock/2325856962601.08 (deleted)
  • <Package Folder>/app_process_lock/2325856966720.78
  • <Package Folder>/app_process_lock/2325856966720.78 (deleted)
  • <Package Folder>/app_process_lock/261210926277.419
  • <Package Folder>/app_process_lock/261210926277.419 (deleted)
  • <Package Folder>/app_process_lock/261210926376.808
  • <Package Folder>/app_process_lock/261210926376.808 (deleted)
  • <Package Folder>/app_process_lock/261210926430.884
  • <Package Folder>/app_process_lock/261210926430.884 (deleted)
  • <Package Folder>/app_process_lock/261210926489.128
  • <Package Folder>/app_process_lock/261210926489.128 (deleted)
  • <Package Folder>/app_process_lock/261210926508.912
  • <Package Folder>/app_process_lock/261210926508.912 (deleted)
  • <Package Folder>/app_process_lock/261210926557.228
  • <Package Folder>/app_process_lock/261210926557.228 (deleted)
  • <Package Folder>/app_process_lock/261210927019.901
  • <Package Folder>/app_process_lock/261210927019.901 (deleted)
  • <Package Folder>/app_process_lock/2965467648373.04
  • <Package Folder>/app_process_lock/2965467648373.04 (deleted)
  • <Package Folder>/app_process_lock/2965467648887.56
  • <Package Folder>/app_process_lock/2965467648887.56 (deleted)
  • <Package Folder>/app_process_lock/2965467649242.1
  • <Package Folder>/app_process_lock/2965467649242.1 (deleted)
  • <Package Folder>/app_process_lock/2965467649284.79
  • <Package Folder>/app_process_lock/2965467649284.79 (deleted)
  • <Package Folder>/app_process_lock/2965467649408.49
  • <Package Folder>/app_process_lock/2965467649408.49 (deleted)
  • <Package Folder>/app_process_lock/2965467649970.26
  • <Package Folder>/app_process_lock/2965467649970.26 (deleted)
  • <Package Folder>/app_process_lock/2965467650032.57
  • <Package Folder>/app_process_lock/2965467650032.57 (deleted)
  • <Package Folder>/app_process_lock/2965467650589.13
  • <Package Folder>/app_process_lock/2965467650589.13 (deleted)
  • <Package Folder>/app_process_lock/2965467650692.3
  • <Package Folder>/app_process_lock/2965467650692.3 (deleted)
  • <Package Folder>/app_process_lock/2965467650876.38
  • <Package Folder>/app_process_lock/2965467650876.38 (deleted)
  • <Package Folder>/app_process_lock/2965467650996
  • <Package Folder>/app_process_lock/2965467650996 (deleted)
  • <Package Folder>/app_process_lock/524145.096669153
  • <Package Folder>/app_process_lock/524145.096669153 (deleted)
  • <Package Folder>/app_process_lock/524145.397123729
  • <Package Folder>/app_process_lock/524145.397123729 (deleted)
  • <Package Folder>/app_process_lock/668260.464978357
  • <Package Folder>/app_process_lock/668260.464978357 (deleted)
  • <Package Folder>/app_process_lock/668266.292786374
  • <Package Folder>/app_process_lock/668266.292786374 (deleted)
  • <Package Folder>/app_process_lock/690290788933.503
  • <Package Folder>/app_process_lock/690290788933.503 (deleted)
  • <Package Folder>/app_process_lock/690290789196.154
  • <Package Folder>/app_process_lock/690290789196.154 (deleted)
  • <Package Folder>/app_process_lock/690290789339.059
  • <Package Folder>/app_process_lock/690290789339.059 (deleted)
  • <Package Folder>/app_process_lock/690290789492.978
  • <Package Folder>/app_process_lock/690290789492.978 (deleted)
  • <Package Folder>/app_process_lock/690290789545.259
  • <Package Folder>/app_process_lock/690290789545.259 (deleted)
  • <Package Folder>/app_process_lock/690290789672.943
  • <Package Folder>/app_process_lock/690290789672.943 (deleted)
  • <Package Folder>/app_process_lock/690290790895.629
  • <Package Folder>/app_process_lock/690290790895.629 (deleted)
  • <Package Folder>/app_process_lock/852048.333815873
  • <Package Folder>/app_process_lock/852048.333815873 (deleted)
  • <Package Folder>/app_process_lock/889.37042982576
  • <Package Folder>/app_process_lock/889.37042982576 (deleted)
  • <Package Folder>/app_process_lock/889.414950493276
  • <Package Folder>/app_process_lock/889.414950493276 (deleted)
  • <Package Folder>/app_process_lock/889.459471160793
  • <Package Folder>/app_process_lock/889.459471160793 (deleted)
  • <Package Folder>/app_process_lock/889.503991828309
  • <Package Folder>/app_process_lock/889.503991828309 (deleted)
  • <Package Folder>/app_process_lock/889.548512495826
  • <Package Folder>/app_process_lock/889.548512495826 (deleted)
  • <Package Folder>/app_process_lock/889.593033163343
  • <Package Folder>/app_process_lock/889.593033163343 (deleted)
  • <Package Folder>/app_process_lock/889.637553830859
  • <Package Folder>/app_process_lock/889.637553830859 (deleted)
  • <Package Folder>/app_process_lock/889.682074498376
  • <Package Folder>/app_process_lock/889.682074498376 (deleted)
  • <Package Folder>/app_process_lock/889.726595165892
  • <Package Folder>/app_process_lock/889.726595165892 (deleted)
  • <Package Folder>/databases/cc.db
  • <Package Folder>/databases/cc.db-journal
  • <Package Folder>/databases/ua.db
  • <Package Folder>/databases/ua.db-journal
  • <Package Folder>/databases/webview.db-journal
  • <Package Folder>/databases/xUtils_http_cache.db
  • <Package Folder>/databases/xUtils_http_cache.db-journal
  • <Package Folder>/databases/xUtils_http_cache.db-journal (deleted)
  • <Package Folder>/databases/xUtils_http_cookie.db
  • <Package Folder>/databases/xUtils_http_cookie.db-journal
  • <Package Folder>/databases/xUtils_http_cookie.db-journal (deleted)
  • <Package Folder>/databases/xUtils_http_cookie.db-shm (deleted)
  • <Package Folder>/databases/xUtils_http_cookie.db-wal
  • <Package Folder>/files/####/exchangeIdentity.json
  • <Package Folder>/files/.imprint
  • <Package Folder>/files/exid.dat
  • <Package Folder>/files/umeng_it.cache
  • <Package Folder>/shared_prefs/umeng_general_config.xml
  • <Package Folder>/shared_prefs/umeng_general_config.xml.bak
  • <SD-Card>/Android/####/031f04ef44c86d37888b9206208ab7ff
  • <SD-Card>/Android/####/09cb0dfcc414859fb8d7e4fbde54a814
  • <SD-Card>/Android/####/110b6dcd7a403d3581b21c2d9d50f95c
  • <SD-Card>/Android/####/110d8555477ceec2b4ca5b8280a1cf30
  • <SD-Card>/Android/####/1ccae7f69af96ca3f108c5e2787786fb
  • <SD-Card>/Android/####/300f50dfb16e035d7ba2ebd4753b36b8
  • <SD-Card>/Android/####/346cd6b8e8b18302843e6393bcc82c0c
  • <SD-Card>/Android/####/3e23f8058ca4011c72a2a3bc4797db96
  • <SD-Card>/Android/####/498e0a62179c7e56dcc3f982ba2dc610
  • <SD-Card>/Android/####/614b01e4628d6b78f36743a3105948fe
  • <SD-Card>/Android/####/641396e85bf54468fe7cee3296fab1be
  • <SD-Card>/Android/####/7c5b80510537cfcba1ad134c7b5dfa95
  • <SD-Card>/Android/####/897f47697ee1e6f740a2bff65a9d1b9e
  • <SD-Card>/Android/####/8a9da2ad7cdc1ac2e3fb42e382743f9b
  • <SD-Card>/Android/####/8acf08558ad9a62966ddb70b9a7b29a0
  • <SD-Card>/Android/####/9c6ba9329acb298190a7238c1dc70736
  • <SD-Card>/Android/####/a3ab93be735b61bbfcf10035f56c181f
  • <SD-Card>/Android/####/d9af2e4a5b40e528ad2ac7c70dca8e98
  • <SD-Card>/Android/1.txt.tmp
  • <SD-Card>/Android/10.txt.tmp
  • <SD-Card>/Android/11.txt.tmp
  • <SD-Card>/Android/12.txt.tmp
  • <SD-Card>/Android/13.txt.tmp
  • <SD-Card>/Android/14.txt.tmp
  • <SD-Card>/Android/15.txt.tmp
  • <SD-Card>/Android/16.txt.tmp
  • <SD-Card>/Android/2.txt.tmp
  • <SD-Card>/Android/3.txt.tmp
  • <SD-Card>/Android/4.txt
  • <SD-Card>/Android/5.txt.tmp
  • <SD-Card>/Android/6.txt
  • <SD-Card>/Android/7.txt.tmp
  • <SD-Card>/Android/8.txt.tmp
  • <SD-Card>/Android/9.txt.tmp
  • <SD-Card>/Android/com.mmzb.app.uio.png.tmp
  • <SD-Card>/Android/com.mmzb.wrw.yol.png.tmp
  • <SD-Card>/Android/com.molove.mobile.png.tmp
  • <SD-Card>/Android/com.wwwx.onlyou.apk.tmp
  • <SD-Card>/Android/com.wwwx.onlyou.png.tmp
  • <SD-Card>/dp.jar.tmp
  • <SD-Card>/updateApkDemo/FrameCore.jar
Другие:
Запускает следующие shell-скрипты:
  • <dexopt>
  • <su-internal:request>
  • <su-internal:result>
  • app_process /system/bin com.android.commands.pm.Pm install -r /system/app/com.wwwx.onlyou.apk
  • chmod 644 /system/app/com.wwwx.onlyou.apk
  • cp /storage/emulated/0/Android/com.wwwx.onlyou.apk /system/app/
  • mount -o rw,remount /system
  • sh
  • su
Использует повышенные привилегии.

Рекомендации по лечению


Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке