Поддержка
Круглосуточная поддержка

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

Android.Packed.27954

Добавлен в вирусную базу Dr.Web: 2017-08-29

Описание добавлено:

Техническая информация

Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
  • Android.Click.171.origin
  • Android.DownLoader.478.origin
  • Android.RemoteCode.93.origin
Сетевая активность:
Подключается к:
  • UDP(DNS) <Google DNS>
  • TCP(GCM) <Google Host>
  • TCP(HTTP/1.1) serv####.m####.com:80
  • TCP(HTTP/1.1) log.t####.in:80
  • TCP(HTTP/1.1) c11.la4.down####.####.com:7080
  • TCP(HTTP/1.1) f####.google####.com:80
  • TCP(HTTP/1.1) c10.la2.down####.####.com:7080
  • TCP(HTTP/1.1) fb.vi####.com:80
  • TCP(HTTP/1.1) dpl.b####.com:80
  • TCP(HTTP/1.1) f####.gst####.com:80
  • TCP(HTTP/1.1) www.technol####.co.uk:80
  • TCP(HTTP/1.1) g####.u####.com:80
  • TCP(HTTP/1.1) c4.la4.down####.####.com:7080
  • TCP(HTTP/1.1) www.face####.com:80
  • TCP(HTTP/1.1) c12.la4.down####.####.com:7080
  • TCP(HTTP/1.1) f####.cdn.1####.com:80
  • TCP(HTTP/1.1) c7.la4.down####.####.com:7080
  • TCP(HTTP/1.1) c9.la2.down####.####.com:7080
  • TCP(HTTP/1.1) o####.d####.9####.com:80
  • TCP(HTTP/1.1) c2.la4.down####.####.com:7080
  • TCP(HTTP/1.1) s####.mob####.b####.com:80
  • TCP(HTTP/1.1) c5.la4.down####.####.com:7080
  • TCP(HTTP/1.1) api.mob####.b####.com:80
  • TCP(HTTP/1.1) 8.37.2####.19:80
  • TCP(HTTP/1.1) www.mmmmmm####.com:80
  • TCP(HTTP/1.1) 1####.179.9.106:80
  • TCP(HTTP/1.1) rp.freeind####.com:80
  • TCP(HTTP/1.1) img.p####.b####.####.net:80
  • TCP(HTTP/1.1) l.a####.com:80
  • TCP(HTTP/1.1) pag####.googles####.com:80
  • TCP(HTTP/1.1) real####.icec####.org:80
  • TCP(HTTP/1.1) www.admobim####.com:80
  • TCP(HTTP/1.1) u####.b####.com:80
  • TCP(HTTP/1.1) na####.sno####.1####.com:8111
  • TCP(HTTP/1.1) 1####.254.223.129:80
  • TCP(HTTP/1.1) c7.la2.down####.####.com:7080
  • TCP(HTTP/1.1) mo.freeind####.com:80
  • TCP(HTTP/1.1) 2####.177.13.68:8288
  • TCP(HTTP/1.1) c6.la4.down####.####.com:7080
  • TCP(HTTP/1.1) pl####.mob####.b####.com:80
  • TCP(HTTP/1.1) c10.la4.down####.####.com:7080
  • TCP(HTTP/1.1) p####.a####.com:80
  • TCP(HTTP/1.1) c3.la4.down####.####.com:7080
  • TCP(HTTP/1.1) p####.u####.com:80
  • TCP(HTTP/1.1) c1.la4.down####.####.com:7080
  • TCP(HTTP/1.1) ak.icec####.org:80
  • TCP(TLS/1.0) f####.gst####.com:443
  • TCP(TLS/1.0) googl####.g.doublec####.net:443
  • TCP(TLS/1.0) tpc.googles####.com:443
  • TCP(TLS/1.0) and####.cli####.go####.com:443
  • TCP(TLS/1.0) 1####.179.9.96:44353
  • TCP(TLS/1.0) pag####.googles####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) 1####.168.73.254:39661
  • TCP(TLS/1.0) y####.ali####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) f####.google####.com:443
  • TCP(TLS/1.0) st####.xx.f####.net:443
  • TCP(TLS/1.0) www.face####.com:443
  • TCP(TLS/1.0) 1####.254.223.129:443
  • TCP(TLS/1.0) 1####.168.73.254:40317
Запросы DNS:
  • ak.icec####.org
  • and####.cli####.go####.com
  • api.mob####.b####.com
  • c1.la4.down####.####.com
  • c10.la2.down####.####.com
  • c10.la4.down####.####.com
  • c11.la4.down####.####.com
  • c12.la4.down####.####.com
  • c2.la4.down####.####.com
  • c3.la4.down####.####.com
  • c4.la4.down####.####.com
  • c5.la4.down####.####.com
  • c6.la4.down####.####.com
  • c7.la2.down####.####.com
  • c7.la4.down####.####.com
  • c9.la2.down####.####.com
  • dpl.b####.com
  • f####.cdn.1####.com
  • f####.google####.com
  • f####.gst####.com
  • fb.vi####.com
  • g####.u####.com
  • googl####.g.doublec####.net
  • img.p####.b####.com
  • l.a####.com
  • log.t####.in
  • mo.freeind####.com
  • na####.sno####.1####.com
  • o####.d####.9####.com
  • p####.a####.com
  • p####.u####.com
  • pag####.googles####.com
  • pl####.mob####.b####.com
  • real####.icec####.org
  • rp.freeind####.com
  • s####.mob####.b####.com
  • serv####.m####.com
  • st####.xx.f####.net
  • tpc.googles####.com
  • u####.b####.com
  • us.y####.al####.com
  • www.admobim####.com
  • www.face####.com
  • www.go####.com
  • www.google-####.com
  • www.mmmmmm####.com
  • www.technol####.co.uk
Запросы HTTP GET:
  • api.mob####.b####.com/index.php?r=####&al=####&l=####&p=####&hp=####&lc=...
  • api.mob####.b####.com/strategy/api/v1/rule/get?p=####&hp=####&l=####&c=#...
  • c1.la4.down####.####.com:7080/group2/M00/B1/8D/QQ0DAFl2tECADI5jAAAKTseVL...
  • c1.la4.down####.####.com:7080/group2/M00/CE/50/QQ0DAFmRbJmATSjuAAAKQx9Jp...
  • c1.la4.down####.####.com:7080/group2/M02/D9/05/QQ0DAFmd5h6AUXtwAAAIBn5By...
  • c10.la2.down####.####.com:7080/group2/M00/CE/50/RQ0DAFmRbTyAG-sAAAAPFMOr...
  • c10.la4.down####.####.com:7080/group2/M00/A4/E7/RA0DAFlshyWAOF1vAAAHVTZT...
  • c11.la4.down####.####.com:7080/group2/M00/CE/50/RA0DAFmRbRCASJQ9AAAKE_ki...
  • c11.la4.down####.####.com:7080/group2/M00/D3/83/QQ0DAFmWjS-AUQisAAANmeQp...
  • c12.la4.down####.####.com:7080/group2/M01/B9/2F/QQ0DAFl9dg6AH9onAAAi3woS...
  • c2.la4.down####.####.com:7080/group2/M00/25/8F/RA0DAFkbur-AcdbOAAAI51t9I...
  • c2.la4.down####.####.com:7080/group2/M00/CE/50/RA0DAFmRbQ2AHSGqAAAOfsr6v...
  • c3.la4.down####.####.com:7080/group2/M00/5F/29/RQ0DAFk7O0aAUCDHAAAXfqE3H...
  • c3.la4.down####.####.com:7080/group2/M00/BC/40/RA0DAFmAOKKAd9zhAAATLZPSk...
  • c3.la4.down####.####.com:7080/group2/M00/CE/50/QQ0DAFmRbJaAPjjeAAAKUcowh...
  • c3.la4.down####.####.com:7080/group2/M00/CE/50/Qg0DAFmRbNSAQPOAAAAL-cklY...
  • c3.la4.down####.####.com:7080/group2/M01/C8/D4/RA0DAFmMDwaAP3XfAAAPMOIsr...
  • c3.la4.down####.####.com:7080/group2/M01/CB/21/RA0DAFmOIieABkHAAAAIYmr-y...
  • c3.la4.down####.####.com:7080/group2/M01/DB/A1/RA0DAFmhUDmALDi0AAAKYCtyu...
  • c3.la4.down####.####.com:7080/group2/M02/CA/8C/Qg0DAFmNhGyAHkgbAAAP8pi5J...
  • c4.la4.down####.####.com:7080/group1/M00/3C/F4/p4YBAFfWC0eAFrvGAAAKdmCuB...
  • c4.la4.down####.####.com:7080/group2/M00/60/AA/RQ0DAFk8fbWANrr5AAAfZGh0v...
  • c4.la4.down####.####.com:7080/group2/M00/C3/FC/Qg0DAFmHemSAf-eoAAAME1U6E...
  • c4.la4.down####.####.com:7080/group2/M00/CE/50/Qg0DAFmRbNeAd0O6AAAM3t9m2...
  • c4.la4.down####.####.com:7080/group2/M02/CE/50/QQ0DAFmRbE-Ad1ECAAAIs4WY4...
  • c4.la4.down####.####.com:7080/group2/M02/CE/50/RA0DAFmRbFyAUD_cAAAIyA8jd...
  • c5.la4.down####.####.com:7080/group1/M00/7C/6C/qIYBAFkH_DWATu_FAAASB8Cwn...
  • c5.la4.down####.####.com:7080/group1/M02/0A/C7/q4YBAFhmW9uAPRECAAAQyfKX2...
  • c5.la4.down####.####.com:7080/group2/M00/B3/8D/QQ0DAFl4kDeAW8QQAAAPR1A3c...
  • c5.la4.down####.####.com:7080/group2/M00/C4/4B/RQ0DAFmH1S6ADQjaAAAYEuj10...
  • c6.la4.down####.####.com:7080/group2/M00/81/03/RA0DAFlTXpSAO3SZAAAhM5XoL...
  • c6.la4.down####.####.com:7080/group2/M00/CE/50/RQ0DAFmRbT6AcaG5AAAJwgaWt...
  • c6.la4.down####.####.com:7080/group2/M01/D6/70/Qg0DAFmamj2AblL1AAAMdyX3C...
  • c6.la4.down####.####.com:7080/group2/M02/BF/2C/QQ0DAFmCopWAYXBxAAAdyDJv5...
  • c6.la4.down####.####.com:7080/group2/M02/CE/56/Qg0DAFmRdKeAYCFMAAAF5XVdh...
  • c7.la2.down####.####.com:7080/group2/M00/C8/7E/RA0DAFmLzSKABf6_AAAJA-yL-...
  • c7.la4.down####.####.com:7080/group2/M00/AB/9D/QQ0DAFlxxyeAP4znAAASM3m85...
  • c7.la4.down####.####.com:7080/group2/M01/B1/8A/QQ0DAFl2sL6AX3FdAAASP4Our...
  • c7.la4.down####.####.com:7080/group2/M01/C7/02/QQ0DAFmKo_OAHF3uAABdQmGiO...
  • c9.la2.down####.####.com:7080/group1/M01/D2/D8/poYBAFeqZxiACY5lAAAO2SSCg...
  • c9.la2.down####.####.com:7080/group2/M01/DE/12/QQ0DAFmkx7mAeZkUAAAdUA2QA...
  • c9.la2.down####.####.com:7080/group2/M02/D6/3F/RQ0DAFmaUEGAClOZAAAOw13LM...
  • dpl.b####.com/M01/01/AD/CvJJDVmj_4CAOZroAArECPaKkRM544.zip
  • f####.google####.com/css?family=####&ver=####
  • f####.gst####.com/s/lato/v13/MZ1aViPqjfvZwVD_tzjjkwLUuEpTyoUstqEm5AMlJo4...
  • f####.gst####.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJTdGNerWpg2Hn6A-Bx...
  • fb.vi####.com/?utm_medium=####&utm_campaign=####&cid=####
  • fb.vi####.com/?utm_term=####&clickverify=####&utm_content=####
  • fb.vi####.com/proc.php?48dd394####
  • o####.d####.9####.com/upload/common/2017/8/11/22/176e286b-3b56-466e-9938...
  • o####.d####.9####.com/upload/common/2017/8/11/22/f13454ed-b089-4555-832a...
  • p####.a####.com/img/bd4058r1.png
  • p####.u####.com/u1/zz259z3145z6417775z132zz45783z48996z2878715zzzzz1zz11...
  • pag####.googles####.com/pagead/js/adsbygoogle.js
  • pag####.googles####.com/pagead/js/r20170823/r20170110/reactive_library.js
  • pag####.googles####.com/pagead/js/r20170823/r20170110/show_ads_impl.js?2...
  • serv####.m####.com/119987?t=0.9880166440270841&ref=&lu=http://www.techno...
  • u####.b####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&pro...
  • www.face####.com/plugins/likebox.php?href=####&w####&height=####&colorsc...
Запросы HTTP POST:
  • log.t####.in/i.php
  • log.t####.in/sal.php
  • mo.freeind####.com/detail/getOfferListNew?enc=####
  • na####.sno####.1####.com:8111/native/api/v1/update
  • na####.sno####.1####.com:8111/native/sdk/api/ad/client_action
  • na####.sno####.1####.com:8111/native/sdk/api/regclient
  • pl####.mob####.b####.com/ad_dex.php
  • rp.freeind####.com/business/impression
  • s####.mob####.b####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
  • www.mmmmmm####.com/osp/oaen_get.action?tasktype=####&imei=####&imsi=####...
  • www.mmmmmm####.com/osp/oaen_reg.action
Изменения в файловой системе:
Создает следующие файлы:
  • <Package Folder>/.mbj/####/classes.zip
  • <Package Folder>/HasStarted
  • <Package Folder>/app_SGLib/####/libsgmainso-5.3.7011.so.tmp
  • <Package Folder>/app_SGLib/####/lock.lock
  • <Package Folder>/app_jniLibs/libcrash_1.5.0.0.so
  • <Package Folder>/app_libs/.atmp9.jar
  • <Package Folder>/app_libs/.atmp_8.log
  • <Package Folder>/app_osdk/adflash_shell.jar
  • <Package Folder>/app_osdk/t.zip
  • <Package Folder>/app_stat_log3/1501850207625
  • <Package Folder>/app_stat_log3/1501850217641
  • <Package Folder>/app_stat_log3/1501850228007
  • <Package Folder>/app_stat_log3/1501850258280
  • <Package Folder>/app_wa/####/12hqtegf_1501850212164002113.wa
  • <Package Folder>/app_wa/####/13irufhg_1501850215051002113.wa
  • <Package Folder>/app_wa/####/15ktwhji_1501850224011002113.wa
  • <Package Folder>/app_wa/####/41tztufn_1501850212163002113.wa
  • <Package Folder>/app_wa/####/44w2wxiq_1501850224010002113.wa
  • <Package Folder>/cache/####/027c5ec9875620a15fb8c78526c39439.0
  • <Package Folder>/cache/####/027c5ec9875620a15fb8c78526c39439.1
  • <Package Folder>/cache/####/0668fe2947e3a3e51b5494df94b77448.0
  • <Package Folder>/cache/####/0668fe2947e3a3e51b5494df94b77448.1
  • <Package Folder>/cache/####/1c078c17f0e19c0132acb6a3371fdc15.0
  • <Package Folder>/cache/####/1c078c17f0e19c0132acb6a3371fdc15.1
  • <Package Folder>/cache/####/2942fc64632abe69e503af564c7af33f.0
  • <Package Folder>/cache/####/2942fc64632abe69e503af564c7af33f.1
  • <Package Folder>/cache/####/2f074f3679567e55d543ef74b095d50b.0.tmp
  • <Package Folder>/cache/####/2f074f3679567e55d543ef74b095d50b.1
  • <Package Folder>/cache/####/30fc35911a0a03ad33ba4743d10401f3.0
  • <Package Folder>/cache/####/30fc35911a0a03ad33ba4743d10401f3.1
  • <Package Folder>/cache/####/3b60c90a1471f3023af3fbd722042bba.0
  • <Package Folder>/cache/####/3b60c90a1471f3023af3fbd722042bba.1
  • <Package Folder>/cache/####/45cfbb44ce468f8e387def10b6af886d.0.tmp
  • <Package Folder>/cache/####/45cfbb44ce468f8e387def10b6af886d.1
  • <Package Folder>/cache/####/5095790c80d62fdc007b37565819c7e1.0
  • <Package Folder>/cache/####/5095790c80d62fdc007b37565819c7e1.1
  • <Package Folder>/cache/####/55910d9dca170a639547046944689445.0.tmp
  • <Package Folder>/cache/####/55910d9dca170a639547046944689445.1
  • <Package Folder>/cache/####/5b2dd45f27cd1b6e558fc78890149c36.0
  • <Package Folder>/cache/####/5b2dd45f27cd1b6e558fc78890149c36.1
  • <Package Folder>/cache/####/7c00ac116ec191a066e4892b8072cf16.0.tmp
  • <Package Folder>/cache/####/7c00ac116ec191a066e4892b8072cf16.1
  • <Package Folder>/cache/####/7e12fdfd93dd03c7d29b2132e0d94bb7.0
  • <Package Folder>/cache/####/7e12fdfd93dd03c7d29b2132e0d94bb7.1
  • <Package Folder>/cache/####/85b46262dca0997aa130f320df41ef39.0
  • <Package Folder>/cache/####/85b46262dca0997aa130f320df41ef39.1
  • <Package Folder>/cache/####/96b68644967d831a9482d607440e6490.0
  • <Package Folder>/cache/####/96b68644967d831a9482d607440e6490.1
  • <Package Folder>/cache/####/97254fd38c149b2108163b0176a4992a.0
  • <Package Folder>/cache/####/97254fd38c149b2108163b0176a4992a.1
  • <Package Folder>/cache/####/b5143e8598d2f0f123799e6094b374a1.0
  • <Package Folder>/cache/####/b5143e8598d2f0f123799e6094b374a1.1
  • <Package Folder>/cache/####/data_0
  • <Package Folder>/cache/####/data_1
  • <Package Folder>/cache/####/data_2
  • <Package Folder>/cache/####/data_3
  • <Package Folder>/cache/####/dc6a28939ee51e85913593694eda61d3.0
  • <Package Folder>/cache/####/dc6a28939ee51e85913593694eda61d3.1
  • <Package Folder>/cache/####/e12e42f736539a176d35b29c32a04fca.0
  • <Package Folder>/cache/####/e12e42f736539a176d35b29c32a04fca.1
  • <Package Folder>/cache/####/e735472f370c4ab049ac65e60c12e001.0
  • <Package Folder>/cache/####/e735472f370c4ab049ac65e60c12e001.1
  • <Package Folder>/cache/####/eb0915b2e2e354b28e4d5c1494df34f9.0
  • <Package Folder>/cache/####/eb0915b2e2e354b28e4d5c1494df34f9.1
  • <Package Folder>/cache/####/ecd876e86b177a7c64f7379a305dd425.0
  • <Package Folder>/cache/####/ecd876e86b177a7c64f7379a305dd425.1
  • <Package Folder>/cache/####/f7e3111e8be7e08308a82f4c3379d8a3.0
  • <Package Folder>/cache/####/f7e3111e8be7e08308a82f4c3379d8a3.1
  • <Package Folder>/cache/####/f_000001
  • <Package Folder>/cache/####/f_000002
  • <Package Folder>/cache/####/f_000003
  • <Package Folder>/cache/####/f_000004
  • <Package Folder>/cache/####/f_000005
  • <Package Folder>/cache/####/f_000006
  • <Package Folder>/cache/####/f_000007
  • <Package Folder>/cache/####/f_000008
  • <Package Folder>/cache/####/f_000009
  • <Package Folder>/cache/####/f_00000a
  • <Package Folder>/cache/####/f_00000b
  • <Package Folder>/cache/####/f_00000c
  • <Package Folder>/cache/####/f_00000d
  • <Package Folder>/cache/####/f_00000e
  • <Package Folder>/cache/####/f_00000f
  • <Package Folder>/cache/####/f_000010
  • <Package Folder>/cache/####/index
  • <Package Folder>/cache/####/journal
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.bb
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ff
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.meminfo
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.pid
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ps
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.start
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.time
  • <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.uptime
  • <Package Folder>/crashsdk/####/REKROW1PPAIDNI0ELIBOM0MOC.bb
  • <Package Folder>/crashsdk/####/unique
  • <Package Folder>/databases/9apps.db-journal
  • <Package Folder>/databases/WaValue.db-journal
  • <Package Folder>/databases/adblib.db-journal
  • <Package Folder>/databases/arrkii.native.sdk.db-journal
  • <Package Folder>/databases/downloader-journal
  • <Package Folder>/databases/message-journal
  • <Package Folder>/databases/my.db-journal
  • <Package Folder>/databases/webview.db-journal
  • <Package Folder>/databases/webviewCookiesChromium.db-journal
  • <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
  • <Package Folder>/files/0a231bd8575dcf72.txt
  • <Package Folder>/files/SGMANAGER_DATA2
  • <Package Folder>/files/SGMANAGER_DATA2.tmp
  • <Package Folder>/files/adflashcore.jar
  • <Package Folder>/files/daemon
  • <Package Folder>/files/dc5d6d69f358084b98
  • <Package Folder>/files/google.db
  • <Package Folder>/files/sp.lock
  • <Package Folder>/files/t.jar
  • <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
  • <Package Folder>/shared_prefs/3710d74b68e6af8cade5ec187cc0f996dabc7e3c.xml
  • <Package Folder>/shared_prefs/9apps.xml
  • <Package Folder>/shared_prefs/9apps.xml (deleted)
  • <Package Folder>/shared_prefs/9apps.xml.bak
  • <Package Folder>/shared_prefs/<Package>_preferences.xml
  • <Package Folder>/shared_prefs/ActivatePreUtil.xml
  • <Package Folder>/shared_prefs/AdsBusiness-data.xml
  • <Package Folder>/shared_prefs/AdsBusiness-data.xml.bak
  • <Package Folder>/shared_prefs/Alvin2.xml
  • <Package Folder>/shared_prefs/BusinessPreUtil.xml
  • <Package Folder>/shared_prefs/BusinessPreUtil.xml.bak
  • <Package Folder>/shared_prefs/ContextData.xml
  • <Package Folder>/shared_prefs/LoginPreUtil.xml
  • <Package Folder>/shared_prefs/LoginPreUtil.xml.bak
  • <Package Folder>/shared_prefs/OfferPreUtil.xml
  • <Package Folder>/shared_prefs/SYSTEM_CACHE.xml
  • <Package Folder>/shared_prefs/adflash.xml
  • <Package Folder>/shared_prefs/adflash.xml.bak
  • <Package Folder>/shared_prefs/ak.native.sdk.xml
  • <Package Folder>/shared_prefs/ak.native.sdk.xml.bak
  • <Package Folder>/shared_prefs/aps.xml
  • <Package Folder>/shared_prefs/aps.xml.bak
  • <Package Folder>/shared_prefs/apsad.xml
  • <Package Folder>/shared_prefs/apscomm.xml
  • <Package Folder>/shared_prefs/arrkiiad.xml
  • <Package Folder>/shared_prefs/arrkiiad.xml.bak
  • <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
  • <Package Folder>/shared_prefs/device_info.xml
  • <Package Folder>/shared_prefs/dns_cache.xml
  • <Package Folder>/shared_prefs/dns_cache.xml.bak
  • <Package Folder>/shared_prefs/f4acd030da61bd739ac44e37218b4567f7dd880f.xml
  • <Package Folder>/shared_prefs/ffc1d42b1ca5e3db2657d00b91997f6a.xml
  • <Package Folder>/shared_prefs/hunter_config.xml
  • <Package Folder>/shared_prefs/other_config.xml
  • <Package Folder>/shared_prefs/service_config.xml
  • <Package Folder>/shared_prefs/service_config.xml.bak
  • <Package Folder>/shared_prefs/settingsLog.xml
  • <Package Folder>/shared_prefs/settingsLog.xml.bak
  • <Package Folder>/shared_prefs/sp_config.xml
  • <Package Folder>/shared_prefs/t_ini.xml
  • <Package Folder>/shared_prefs/t_ini.xml.bak
  • <Package Folder>/shared_prefs/v71.xml
  • <Package Folder>/shared_prefs/v71.xml.bak
  • <Package Folder>/shared_prefs/worker_preferences.xml
  • <Package Folder>/shared_prefs/worker_preferences.xml.bak
  • <Package Folder>/tiny_wa/1501850214954.wa
  • <SD-Card>/.DataStorage/ContextData.xml
  • <SD-Card>/.UTSystemConfig/####/Alvin2.xml
  • <SD-Card>/.androidsystem/####/49.x-4.3.5-vs.apk
  • <SD-Card>/.androidsystem/####/PlugShareData
  • <SD-Card>/.androidsystem/####/files.db
  • <SD-Card>/.androidsystem/####/plugxml.xml
  • <SD-Card>/.androidsystem/507a255039f8e5c6e8747b515fb488f5.jpg
  • <SD-Card>/.androidsystem/7a1ab4ff2a0a803265e986e131d41e47.jpg
  • <SD-Card>/.androidsystem/99952f438058e97b39a2f790573a1a13.jpg
  • <SD-Card>/.androidsystem/Plugin.zip
  • <SD-Card>/.androidsystem/b0904b881bd1a68404ce0c25fa5be11f.jpg
  • <SD-Card>/.com.taobao.dp/dd7893586a493dc3
  • <SD-Card>/.com.taobao.dp/hid.dat
  • <SD-Card>/9appsPro/####/libcrash_1.5.0.0.so.tmp
  • <SD-Card>/Android/####/.nomedia
  • <SD-Card>/Android/####/01654265b3a169f129c64365002cddcb36add196....0.tmp
  • <SD-Card>/Android/####/02dbdef847ed03aa58f4c9c37a83885cc35ee325....0.tmp
  • <SD-Card>/Android/####/09a878dfe460c737cd62357cf98c674c4c36bbd9....0.tmp
  • <SD-Card>/Android/####/191a02b5cdc7680d7a5d16da119a88603032b478....0.tmp
  • <SD-Card>/Android/####/1aeec429645577ce8f8b63d373388f2f2676aab8....0.tmp
  • <SD-Card>/Android/####/22c7aeea8b18a06dfec434b49b5622f0e0242179....0.tmp
  • <SD-Card>/Android/####/237af98a15dbd61e2551a55d9639ca12cd858219....0.tmp
  • <SD-Card>/Android/####/239a6bb408c45944b95055c4fa0d6367d2d9ca26....0.tmp
  • <SD-Card>/Android/####/2d232f3e556379724d57be1de3bfbeb41b00f015....0.tmp
  • <SD-Card>/Android/####/394f819bb6c9ebb4cb2f05d02e39ccc6dddf654e....0.png
  • <SD-Card>/Android/####/394f819bb6c9ebb4cb2f05d02e39ccc6dddf654e....0.tmp
  • <SD-Card>/Android/####/39f70ab2e2acff4ece717196259b097520d17044....0.tmp
  • <SD-Card>/Android/####/5037aa7a8a74d6c0b952a2c983bc651ada42a618....0.tmp
  • <SD-Card>/Android/####/606a5e4a60c451dd5f9833233ce5be76e0f493c4....0.tmp
  • <SD-Card>/Android/####/62af85c78d05359b7e0cff79c24dc2b485671936....0.tmp
  • <SD-Card>/Android/####/69ae44459c9d91c5d185b25b6487a01a32a63f04....0.tmp
  • <SD-Card>/Android/####/6d86c5d893fb3411a16c8dce895b1117322a589c....0.tmp
  • <SD-Card>/Android/####/6f74ae322643838a450a7a26f85f5ba2e816c12f....0.tmp
  • <SD-Card>/Android/####/7053cd514707db4d9708374cdf9fed42c18de9ea....0.tmp
  • <SD-Card>/Android/####/7913c9b4f26c7bd00398558684685fa2f238be8c....0.tmp
  • <SD-Card>/Android/####/7c7b2080e45fda4963452dbc2de806676e6886a6....0.tmp
  • <SD-Card>/Android/####/8bed71e72b400159e36c7c705480dd61478a30cf....0.tmp
  • <SD-Card>/Android/####/8ecae722d39096cf5d6579795b1eab41d2d14dc2....0.tmp
  • <SD-Card>/Android/####/99cdb87ab451ab422549e01f96692760194a3a9a....0.tmp
  • <SD-Card>/Android/####/99f1540019cd3e68dffb81ef3069424e45df986d....0.tmp
  • <SD-Card>/Android/####/9c0d8b3e4234c67a8c4e84f1436617cf9f874edd....0.tmp
  • <SD-Card>/Android/####/9c2893e4ed2335bce057b5d38ca76e5359f80958....0.tmp
  • <SD-Card>/Android/####/9d12b76aa7fc44f1fbcbaf5c7620c4ae23f3ff40....0.tmp
  • <SD-Card>/Android/####/9e2172b6dd3d0130704833d7fc551f0d4828b6da....0.tmp
  • <SD-Card>/Android/####/a01287c277711a050b7f79c8e5f75acb3bd9b8f2....0.tmp
  • <SD-Card>/Android/####/a04c420f99a68769cbdbe0e552ad3974b5ae473e....0.tmp
  • <SD-Card>/Android/####/a89b73b4a0ccd388c2ffb9861176efe175c266c9....0.tmp
  • <SD-Card>/Android/####/ac25228a4bcd6f602860b1d0bfefd725133ddfa9....0.tmp
  • <SD-Card>/Android/####/c64884f47a6b57404ad093a9783cd1af45350be0....0.tmp
  • <SD-Card>/Android/####/c72ada65df49f17932094803032d023952035634....0.png
  • <SD-Card>/Android/####/c72ada65df49f17932094803032d023952035634...7e5a.0
  • <SD-Card>/Android/####/c9f85dad2297ddafc4d720cc2e50f7aa70a851da....0.tmp
  • <SD-Card>/Android/####/d488d6fbe576c4f33219d72b94c4d23efb2f9556....0.tmp
  • <SD-Card>/Android/####/d53e038c21ac4a01762a9c111b2a01c6ad8a43d3....0.tmp
  • <SD-Card>/Android/####/dea379cce5ae862735dc31969de9416b7f86937e....0.tmp
  • <SD-Card>/Android/####/e34ced667cf367c7e42ca308a0316227000e78d9....0.tmp
  • <SD-Card>/Android/####/e4bd42d44b16200c9c7a2e4ef54a31de6685e0e9....0.tmp
  • <SD-Card>/Android/####/e95c967c46c6f273c8fd77855ab83ca142477431....0.tmp
  • <SD-Card>/Android/####/f69d8a7f69054231a7607f2a2204c1e6b758ccdc....0.tmp
  • <SD-Card>/Android/####/journal.tmp
  • <SD-Card>/LogN/####/sp
  • <SD-Card>/baidu/####/journal.tmp
  • <SD-Card>/baidu/.cuid
Другие:
Запускает следующие shell-скрипты:
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • <Package Folder>/files/dc5d6d69f358084b98
  • chmod 777 <Package Folder>/files/daemon
  • ps
  • sh
Загружает динамические библиотеки:
  • IncrementalUpdate
  • libcrash_1.5.0.0
  • ppapkpatchso
  • sgmainso-5.3
  • uninstall
Использует следующие алгоритмы для шифрования данных:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-ECB-NoPadding
  • AES-ECB-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • desede-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
  • AES
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • DES
  • DES-CBC-PKCS5Padding
  • desede-ECB-PKCS5Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.

Рекомендации по лечению


Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке