Поддержка
Круглосуточная поддержка

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

Android.Packed.33652

Добавлен в вирусную базу Dr.Web: 2017-11-08

Описание добавлено:

Техническая информация

Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
  • Android.Xiny.73.origin
Сетевая активность:
Подключается к:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) www.apxadtr####.net:80
  • TCP(HTTP/1.1) ads.dofun####.com:80
  • TCP(HTTP/1.1) sp.adpusho####.com:7088
  • TCP(HTTP/1.1) t####.bruce####.com:80
  • TCP(HTTP/1.1) c####.tn####.com:80
  • TCP(HTTP/1.1) ald####.com:80
  • TCP(HTTP/1.1) www.4g####.net:80
  • TCP(HTTP/1.1) 1####.241.242.234:80
  • TCP(HTTP/1.1) duc####.b####.com:80
  • TCP(HTTP/1.1) www.okyes####.com:8081
  • TCP(HTTP/1.1) t####.iches####.net:80
  • TCP(HTTP/1.1) aws.smarter####.net:80
  • TCP(HTTP/1.1) trk.gl####.com:80
  • TCP(HTTP/1.1) ad.lead####.net:80
  • TCP(HTTP/1.1) k####.v####.m.####.me:80
  • TCP(HTTP/1.1) 2-01-33####.cdx.h####.com:80
  • TCP(HTTP/1.1) 1####.179.103.247:80
  • TCP(HTTP/1.1) 5####.77.99.53:80
  • TCP(HTTP/1.1) mtrac####.com:80
  • TCP(HTTP/1.1) c.s####.co:80
  • TCP(HTTP/1.1) wa####.go2c####.org:80
  • TCP(HTTP/1.1) api.c.avazuna####.com:80
  • TCP(HTTP/1.1) c####.what####.com:80
  • TCP(HTTP/1.1) 1####.243.80.140:80
  • TCP(HTTP/1.1) trac####.shootme####.com:80
  • TCP(HTTP/1.1) got.pubna####.net:80
  • TCP(HTTP/1.1) t####.ray####.com:80
  • TCP(HTTP/1.1) boo####.offerst####.net:80
  • TCP(HTTP/1.1) md.apptr####.com:80
  • TCP(HTTP/1.1) clk.ocea####.com:80
  • TCP(HTTP/1.1) advc####.weclou####.com:80
  • TCP(HTTP/1.1) trac####.suma####.com:80
  • TCP(HTTP/1.1) s####.mob####.com:80
  • TCP(HTTP/1.1) 45.33.1####.75:80
  • TCP(HTTP/1.1) img.h5####.hz####.cn:80
  • TCP(HTTP/1.1) h5####.hz####.cn:80
  • TCP(HTTP/1.1) a.n####.ren:80
  • TCP(HTTP/1.1) clk.apxadtr####.net:80
  • TCP(HTTP/1.1) www.ret####.com:80
  • TCP(HTTP/1.1) adn.vision-####.com:80
  • TCP(HTTP/1.1) trac####.pubt####.com:80
  • TCP(HTTP/1.1) sdk-112####.us-we####.elb.####.com:80
  • TCP(HTTP/1.1) www.google-####.com:80
  • TCP(HTTP/1.1) c####.gowa####.com:80
  • TCP(HTTP/1.1) api.reac####.com:80
  • TCP(HTTP/1.1) t####.m####.net:80
  • TCP(HTTP/1.1) aqueous####.herok####.com:80
  • TCP(HTTP/1.1) api.ap####.com:80
  • TCP(HTTP/1.1) c.tra####.com:80
  • TCP(HTTP/1.1) m####.com:80
  • TCP(HTTP/1.1) ad.api.y####.net:80
  • TCP(HTTP/1.1) api.migh####.com:80
  • TCP(HTTP/1.1) apptr####.com:80
  • TCP(HTTP/1.1) newrota####.com:80
  • TCP(HTTP/1.1) www.tradead####.com:80
  • TCP(HTTP/1.1) wdsto####.com:80
  • TCP(HTTP/1.1) cl####.min####.com:80
  • TCP(HTTP/1.1) www.koapk####.com:8081
  • TCP(HTTP/1.1) www.bigt####.com:80
  • TCP(HTTP/1.1) gl####.ymtrac####.com:80
  • TCP(HTTP/1.1) c####.howdo####.net:80
  • TCP(HTTP/1.1) t####.g####.com:89
  • TCP(HTTP/1.1) www.mobilec####.mobi:80
  • TCP(HTTP/1.1) c####.sz####.com:80
  • TCP(HTTP/1.1) hy####.com:80
  • TCP(HTTP/1.1) ads.a####.com:80
  • TCP(HTTP/1.1) ssp.nan####.com:80
  • TCP(HTTP/1.1) clickco####.com:80
  • TCP(HTTP/1.1) c####.mobfl####.com:80
  • TCP(HTTP/1.1) w####.go2c####.org:80
  • TCP(HTTP/1.1) t####.admob####.com:80
  • TCP(HTTP/1.1) d.billyaf####.com:80
  • TCP(HTTP/1.1) api.fa####.com:80
  • TCP(HTTP/1.1) uswild####.al####.com.####.net:80
  • TCP(HTTP/1.1) v####.google####.com:80
  • TCP(HTTP/1.1) clinkad####.com:80
  • TCP(HTTP/1.1) shinedi####.offerst####.net:80
  • TCP(HTTP/1.1) dqhmu04####.cloudf####.net:80
  • TCP(HTTP/1.1) c####.shar####.com:80
  • TCP(HTTP/1.1) atracki####.appf####.com:80
  • TCP(HTTP/1.1) c####.tracks####.net:80
  • TCP(HTTP/1.1) api.lead####.net:80
  • TCP(HTTP/1.1) www.bestmob####.mobi:80
  • TCP(HTTP/1.1) t.api.y####.net:80
  • TCP(HTTP/1.1) www.googlet####.com:80
  • TCP(HTTP/1.1) rd.gl####.com:80
  • TCP(HTTP/1.1) down####.prizes####.online:80
  • TCP(HTTP/1.1) t####.hxc####.com:80
  • TCP(HTTP/1.1) c####.u####.u####.com:80
  • TCP(HTTP/1.1) t.m####.n####.mobi:80
  • TCP(HTTP/1.1) p####.fa####.com:80
  • TCP(HTTP/1.1) cpgnrot####.com:80
  • TCP(TLS/1.0) 2-01-33####.cdx.h####.com:443
  • TCP(TLS/1.0) normale####.com:443
  • TCP(TLS/1.0) mobftr####.com:443
  • TCP(TLS/1.0) t####.cpa.iqop####.com:443
  • TCP(TLS/1.0) t####.co####.mobi:443
  • TCP(TLS/1.0) c.n####.com:443
  • TCP(TLS/1.0) p####.go####.com:443
  • TCP(TLS/1.0) ve####.go2af####.com:443
  • TCP(TLS/1.0) c####.apprev####.com:443
  • TCP(TLS/1.0) t####.tapge####.net:443
  • TCP(TLS/1.0) app.ad####.com:443
  • TCP(TLS/1.0) im####.google####.com:443
  • TCP(TLS/1.0) despite####.com:443
  • TCP(TLS/1.0) f####.google####.com:443
  • TCP(TLS/1.0) billmsc####.com:443
  • TCP(TLS/1.0) app.appsf####.com:443
  • TCP(TLS/1.0) freeg####.net:443
  • TCP(TLS/1.0) ad.lead####.net:443
  • TCP(TLS/1.0) b.query####.com:443
  • TCP(TLS/1.0) mpire####.com:443
  • TCP(TLS/1.0) a####.app####.com:443
  • TCP(TLS/1.0) mob####.com:443
  • TCP(TLS/1.0) f####.gst####.com:443
  • TCP(TLS/1.0) msavtrf####.com:443
  • TCP(TLS/1.0) cooperm####.go2af####.com:443
  • TCP(TLS/1.0) www.gst####.com:443
  • TCP(TLS/1.0) freecal####.com:443
  • TCP(TLS/1.0) t####.56####.com:443
Запросы DNS:
  • a####.app####.com
  • a####.u####.com
  • a####.umengc####.com
  • a.n####.ren
  • activeo####.appromo####.com
  • ad.api.y####.net
  • ad.lead####.net
  • adn.vision-####.com
  • ads.a####.com
  • ads.dofun####.com
  • advc####.weclou####.com
  • ald####.com
  • api.ap####.com
  • api.c.avazuna####.com
  • api.fa####.com
  • api.lead####.net
  • api.migh####.com
  • api.reac####.com
  • app.ad####.com
  • app.appsf####.com
  • apptr####.com
  • atracki####.appf####.com
  • aws.smarter####.net
  • b.query####.com
  • billmsc####.com
  • boo####.offerst####.net
  • c####.apprev####.com
  • c####.gowa####.com
  • c####.howdo####.net
  • c####.mobfl####.com
  • c####.shar####.com
  • c####.sz####.com
  • c####.tn####.com
  • c####.tracks####.net
  • c####.u####.u####.com
  • c####.what####.com
  • c.n####.com
  • c.s####.co
  • c.tra####.com
  • cl####.min####.com
  • clickco####.com
  • clinkad####.com
  • clk.apxadtr####.net
  • clk.ocea####.com
  • cooperm####.go2af####.com
  • cpgnrot####.com
  • d.billyaf####.com
  • despite####.com
  • down####.prizes####.online
  • dqhmu04####.cloudf####.net
  • duc####.b####.com
  • f####.google####.com
  • f####.gst####.com
  • freecal####.com
  • freeg####.net
  • g####.cdn.fa####.com
  • gl####.ymtrac####.com
  • got.pubna####.net
  • h5####.hz####.cn
  • hy####.com
  • im####.google####.com
  • img.cdn.fa####.com
  • img.h5####.hz####.cn
  • k####.v####.m.####.me
  • m####.com
  • md.apptr####.com
  • mob####.com
  • mobftr####.com
  • mpire####.com
  • msavtrf####.com
  • mtrac####.com
  • newrota####.com
  • normale####.com
  • p####.fa####.com
  • p####.go####.com
  • rd.gl####.com
  • s####.mob####.com
  • s.c####.aliexp####.com
  • sdk-112####.us-we####.elb.####.com
  • shinedi####.offerst####.net
  • sp.adpusho####.com
  • ssp.nan####.com
  • t####.56####.com
  • t####.admob####.com
  • t####.bruce####.com
  • t####.co####.mobi
  • t####.cpa.iqop####.com
  • t####.g####.com
  • t####.hxc####.com
  • t####.iches####.net
  • t####.m####.net
  • t####.ray####.com
  • t####.tapge####.net
  • t.api.y####.net
  • t.m####.n####.mobi
  • trac####.pubt####.com
  • trac####.shootme####.com
  • trac####.suma####.com
  • trk.gl####.com
  • v####.google####.com
  • ve####.go2af####.com
  • w####.go2c####.org
  • wa####.go2c####.org
  • wdsto####.com
  • www.4g####.net
  • www.app####.com
  • www.apxadtr####.net
  • www.bestmob####.mobi
  • www.bigt####.com
  • www.google-####.com
  • www.googlet####.com
  • www.gst####.com
  • www.koapk####.com
  • www.mobilec####.mobi
  • www.okyes####.com
  • www.ret####.com
  • www.tradead####.com
Запросы HTTP GET:
  • 2-01-33####.cdx.h####.com/flags/flag_de.png
  • 2-01-33####.cdx.h####.com/flags/flag_en.png
  • 2-01-33####.cdx.h####.com/flags/flag_es.png
  • 2-01-33####.cdx.h####.com/flags/flag_fr.png
  • 2-01-33####.cdx.h####.com/flags/flag_it.png
  • 2-01-33####.cdx.h####.com/flags/flag_nl.png
  • 2-01-33####.cdx.h####.com/flags/flag_pl.png
  • 2-01-33####.cdx.h####.com/flags/flag_pt.png
  • 2-01-33####.cdx.h####.com/flags/flag_ru.png
  • 2-01-33####.cdx.h####.com/flags/flag_tr.png
  • 2-01-33####.cdx.h####.com/html5games/gameapi/v1.js?e=http://games.cdn.fa...
  • 2-01-33####.cdx.h####.com/html5games/t/text-twist-2/v110/?fg_domain=####...
  • 2-01-33####.cdx.h####.com/portal/4638e320-4444-4514-81c4-d80a8c662371/56...
  • adn.vision-####.com/API/Click.ashx?M=MTAwM####&sid=####&subid=####&gaid=...
  • ads.dofun####.com/acs.php?sid=####&adid=####&gaid=####&udid=####&pb=####...
  • ads.dofun####.com/acs.php?sid=####&adid=####&pb=####&gaid=####&subid=###...
  • advc####.weclou####.com/advclick?advposid=####&mapid=####&aid=####&adid=...
  • api.fa####.com/assets/0.2-77836862/js/gameapi.js
  • api.fa####.com/gameapi/script/40935b5f-cfef-4ac2-9179-549869282f4b/4638e...
  • api.migh####.com/error.html&gpid=null&androidid=a3fa7e67986f603e&aff_sub...
  • api.migh####.com/server/v1/track?c=####&sub=####&gaid=####&gpid=####&and...
  • api.reac####.com/api/s2s/goto?id=####&t=####&channel=####&appid=####&dev...
  • api.reac####.com/api/s2s/goto?id=####&t=####&channel=####&appid=####&sub...
  • c####.gowa####.com/click?transaction_id=wadogo_WAdvChinaMobisummerAPI_21...
  • c####.gowa####.com/click?transaction_id=wadogo_WAdvChinaMobisummerAPI_22...
  • c####.gowa####.com/click?transaction_id=wadogo_WAdvZoomyAPI_194152_1024b...
  • c####.gowa####.com/click?transaction_id=wadogo_WAdvZoomyAPI_194504_10205...
  • c####.gowa####.com/click?transaction_id=wadogo_emeabrand_97943_102a9454a...
  • c####.mobfl####.com/mobflower/link.do/396995m9lo5fvimh?aff_id=####&offer...
  • c####.u####.u####.com/index.php?service=####&pub=####&offer_id=####&subp...
  • c####.u####.u####.com/index.php?service=####&pub=####&offer_id=####&uc_t...
  • cl####.min####.com/tracking/click?clickid####&trafficsource=####&pub_sub...
  • cl####.min####.com/tracking/click?clickid=####&trafficsource=####&offeri...
  • cl####.min####.com/tracking/click?clickid=####&trafficsource=####&pub_su...
  • down####.prizes####.online/?utm_medium=####&utm_campaign=####&1=####&2=#...
  • duc####.b####.com/click/affClick?aff_id=####&offer_id=####&aff_sub=####&...
  • duc####.b####.com/click/affClick?aff_id=####&offer_id=####&google_aid=##...
  • hy####.com/28c88/4acA/76MQ/t-9Gs6VqRfgVCfcgxeCEkAI6SfAXQk8arOD0goKhos-Ud...
  • img.h5####.hz####.cn/Arcade/Bananamania/icon.png
  • img.h5####.hz####.cn/Arcade/Extreme-Kitten/icon.png
  • img.h5####.hz####.cn/Arcade/My-Little-Dragon/icon.png
  • img.h5####.hz####.cn/Arcade/Piano-Steps/icon.png
  • img.h5####.hz####.cn/Arcade/Pilot-Heroes/icon.png
  • img.h5####.hz####.cn/Arcade/Pirates-Of-Islets/icon.png
  • img.h5####.hz####.cn/Arcade/Protect-The-Planet/icon.png
  • img.h5####.hz####.cn/Arcade/Rain-Forest-Hunter/icon.png
  • img.h5####.hz####.cn/Arcade/Shards/icon.png
  • img.h5####.hz####.cn/Arcade/Spring-Panda/icon.png
  • img.h5####.hz####.cn/Arcade/Zombies-Eat-My-Stocking/icon.png
  • img.h5####.hz####.cn/Bubble-Shooter/Orange-Ranch/icon.png
  • img.h5####.hz####.cn/Girls/Amazing-Me/icon.png
  • img.h5####.hz####.cn/Girls/Beauty-Cat-Salon/icon.png
  • img.h5####.hz####.cn/Girls/Casual-Dress-Fashion/icon.png
  • img.h5####.hz####.cn/Girls/Peanut-Butter-Cookies/icon.png
  • img.h5####.hz####.cn/Girls/Potato-Salad-Cooking-with-Emma/icon.png
  • img.h5####.hz####.cn/Girls/Slacking-Library/icon.png
  • img.h5####.hz####.cn/Girls/Sushi-Rolls-Cooking-With-Emma/icon.png
  • img.h5####.hz####.cn/ImgSlide/1.jpg
  • img.h5####.hz####.cn/ImgSlide/2.jpg
  • img.h5####.hz####.cn/ImgSlide/3.jpg
  • img.h5####.hz####.cn/Jump-Run/Kiba-Kumba-Shadow-Run/icon.png
  • img.h5####.hz####.cn/Jump-Run/Outcome/icon.png
  • img.h5####.hz####.cn/Match-3/Back-To-Candyland-Episode-2/icon.png
  • img.h5####.hz####.cn/Match-3/Back-To-Candyland-Episode-4/icon.png
  • img.h5####.hz####.cn/Match-3/Clockwork-Beetles/icon.png
  • img.h5####.hz####.cn/Match-3/Fancy-Diver/icon.png
  • img.h5####.hz####.cn/Match-3/Gold-Rush/icon.png
  • img.h5####.hz####.cn/Match-3/Multisquare/icon.png
  • img.h5####.hz####.cn/Match-3/Tabby-Island/icon.png
  • img.h5####.hz####.cn/Puzzle/4x-Puzzle/icon.png
  • img.h5####.hz####.cn/Puzzle/Chip-Family/icon.png
  • img.h5####.hz####.cn/Puzzle/Get-10/icon.png
  • img.h5####.hz####.cn/Puzzle/Jewels-Mania/icon.png
  • img.h5####.hz####.cn/Puzzle/Mahjong-Master-2/icon.png
  • img.h5####.hz####.cn/Puzzle/Playful-Kitty/icon.png
  • img.h5####.hz####.cn/Puzzle/Puzzletag/icon.png
  • img.h5####.hz####.cn/Puzzle/Sudoku-Classic/icon.png
  • img.h5####.hz####.cn/Puzzle/Sushi-Backgammon/icon.png
  • img.h5####.hz####.cn/Puzzle/Text-Twist-2/icon.png
  • img.h5####.hz####.cn/Quiz/Alien-Quest/icon.png
  • img.h5####.hz####.cn/Quiz/Animal-Quiz/icon.png
  • img.h5####.hz####.cn/Quiz/Flag-Quiz/icon.png
  • img.h5####.hz####.cn/Quiz/Geo-Quiz-Europe/icon.png
  • img.h5####.hz####.cn/Quiz/Logo-Quiz/icon.png
  • img.h5####.hz####.cn/Quiz/What-Famous-Cat-Are-You/icon.png
  • img.h5####.hz####.cn/Racing/Endless-Truck/icon.png
  • img.h5####.hz####.cn/Racing/Speed-Club-Nitro/icon.png
  • img.h5####.hz####.cn/Racing/Speed-Maniac/icon.png
  • img.h5####.hz####.cn/Sport/3D-Penalty/icon.png
  • img.h5####.hz####.cn/Sport/American-Football-Kicks/icon.png
  • img.h5####.hz####.cn/Sport/Arcade-Golf-NEON/icon.png
  • img.h5####.hz####.cn/Sport/Euro-2016-Goal-Rush/icon.png
  • img.h5####.hz####.cn/Sport/Penalty-2014/icon.png
  • img.h5####.hz####.cn/Sport/World-Cup-Penalty/icon.png
  • img.h5####.hz####.cn/imgs/icon/Candyland3.jpg
  • img.h5####.hz####.cn/imgs/icon/DiamondHunt.jpg
  • img.h5####.hz####.cn/imgs/icon/DragonPhysics.jpg
  • img.h5####.hz####.cn/imgs/icon/baoshi_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/bwzj_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/cjlhj_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/dbfl_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/fwhq_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/grf.jpg
  • img.h5####.hz####.cn/imgs/icon/jixian_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/jslpd_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/ncdwxxk_icon.jpg
  • img.h5####.hz####.cn/imgs/icon/zldxts_icon.jpg
  • rd.gl####.com/?r=####&l=####&p=####&c=####&gpid=####&androidid=####&aff_...
  • ssp.nan####.com/aff/ssp/click?channel=####&uuid=####&id=####&aoid=####&c...
  • t####.admob####.com/adTrack/track/click?oid=####&affid=####&aff_click_id...
  • t####.bruce####.com/ck_jump?id=cz0z####&__if=####&__type=####&__ref=####
  • t####.g####.com:89/redirect?af_channel=####&aid=####&clickid=####&af_sub...
  • trac####.pubt####.com/click?offer_id=####&sub_id=####&click_id=####&sub_...
  • uswild####.al####.com.####.net/app/subpay?sk=####&channel=####&sp=####&c...
  • uswild####.al####.com.####.net/app/umeng?pid=####&dp=####&af=####&sk=###...
  • wdsto####.com/aff_c?offer_id=####&aff_id=####&aff_sub=####&aff_sub1=####...
  • www.4g####.net/ad/adu?gffw=####&frrw=####&zfbd=####&dlkvv=####&wdazz=###...
  • www.google-####.com/analytics.js
  • www.google-####.com/plugins/ua/linkid.js
  • www.googlet####.com/gtm.js?id=####&l=####
  • www.tradead####.com/script/preurl.php?r=####&sub1=####&pkg=####&gpid=###...
Запросы HTTP POST:
  • img.h5####.hz####.cn/appstart.aspx
  • sp.adpusho####.com:7088/sdk_p/a
  • sp.adpusho####.com:7088/sdk_p/b
  • v####.google####.com/api/ls
  • v####.google####.com/api/o
  • v####.google####.com/api/va
  • www.4g####.net/ad/adc?gffw=####&frrw=####&zfbd=####&dlkvv=####&wdazz=###...
  • www.bigt####.com/ad/adc?gffw=####&frrw=####&zfbd=####&dlkvv=####&wdazz=#...
  • www.koapk####.com:8081/sm/sr/rt/ry
  • www.okyes####.com:8081/sdk/nsd.action?b=####
Изменения в файловой системе:
Создает следующие файлы:
  • <Package Folder>/app_bGlicmVz/nlim.bin
  • <Package Folder>/cache/####/data_0
  • <Package Folder>/cache/####/data_1
  • <Package Folder>/cache/####/data_2
  • <Package Folder>/cache/####/data_3
  • <Package Folder>/cache/####/f_000001
  • <Package Folder>/cache/####/f_000002
  • <Package Folder>/cache/####/f_000003
  • <Package Folder>/cache/####/f_000004
  • <Package Folder>/cache/####/f_000005
  • <Package Folder>/cache/####/f_000006
  • <Package Folder>/cache/####/f_000007
  • <Package Folder>/cache/####/f_000008
  • <Package Folder>/cache/####/f_000009
  • <Package Folder>/cache/####/f_00000a
  • <Package Folder>/cache/####/index
  • <Package Folder>/cache/ApplicationCache.db-journal
  • <Package Folder>/databases/bdownloaders.db-journal
  • <Package Folder>/databases/cc.db
  • <Package Folder>/databases/cc.db-journal
  • <Package Folder>/databases/databases.db-journal
  • <Package Folder>/databases/easv.data-journal
  • <Package Folder>/databases/swith1014.db-journal
  • <Package Folder>/databases/ua.db
  • <Package Folder>/databases/ua.db-journal
  • <Package Folder>/databases/webview.db-journal
  • <Package Folder>/databases/webviewCookiesChromium.db-journal
  • <Package Folder>/files/####/exchangeIdentity.json
  • <Package Folder>/files/####/um_cache_1510146583171.env
  • <Package Folder>/files/201711081550.apk
  • <Package Folder>/files/DEAB89CE10FEAA11
  • <Package Folder>/files/c201711081550.apk
  • <Package Folder>/files/exid.dat
  • <Package Folder>/files/ncore.jar
  • <Package Folder>/files/umeng_it.cache
  • <Package Folder>/shared_prefs/20160121.xml
  • <Package Folder>/shared_prefs/20160121.xml.bak
  • <Package Folder>/shared_prefs/Alvin2.xml
  • <Package Folder>/shared_prefs/ContextData.xml
  • <Package Folder>/shared_prefs/Q2hhbm5lbElES2V5MjAxNjEyMjcxODU3.xml
  • <Package Folder>/shared_prefs/U.xml
  • <Package Folder>/shared_prefs/_c_month.xml
  • <Package Folder>/shared_prefs/af.xml
  • <Package Folder>/shared_prefs/all_info_data.xml
  • <Package Folder>/shared_prefs/apprater.xml
  • <Package Folder>/shared_prefs/duspf6030945.xml
  • <Package Folder>/shared_prefs/local_storage0.xml
  • <Package Folder>/shared_prefs/local_storage1.xml
  • <Package Folder>/shared_prefs/local_storage33.xml
  • <Package Folder>/shared_prefs/local_storage33.xml.bak
  • <Package Folder>/shared_prefs/local_storage999.xml
  • <Package Folder>/shared_prefs/resource_status_xml.xml
  • <Package Folder>/shared_prefs/sp.xml
  • <Package Folder>/shared_prefs/sp.xml.bak
  • <Package Folder>/shared_prefs/sub_preference_name.xml
  • <Package Folder>/shared_prefs/umeng_general_config.xml
  • <SD-Card>/.DataStorage/ContextData.xml
  • <SD-Card>/.UTSystemConfig/####/Alvin2.xml
  • <SD-Card>/APPMarket/####/122190031.png.tmp
  • <SD-Card>/Android/####/-100308878.tmp
  • <SD-Card>/Android/####/-102001575.tmp
  • <SD-Card>/Android/####/-1048554894.tmp
  • <SD-Card>/Android/####/-1086572413.tmp
  • <SD-Card>/Android/####/-1120353834.tmp
  • <SD-Card>/Android/####/-1213714872.tmp
  • <SD-Card>/Android/####/-1238106391.tmp
  • <SD-Card>/Android/####/-1247158329.tmp
  • <SD-Card>/Android/####/-1274669519.tmp
  • <SD-Card>/Android/####/-1342692541.tmp
  • <SD-Card>/Android/####/-1355425586.tmp
  • <SD-Card>/Android/####/-135989397.tmp
  • <SD-Card>/Android/####/-1401921281.tmp
  • <SD-Card>/Android/####/-1534485910.tmp
  • <SD-Card>/Android/####/-1571381151.tmp
  • <SD-Card>/Android/####/-2030517892.tmp
  • <SD-Card>/Android/####/-2039541067.tmp
  • <SD-Card>/Android/####/-2065468143.tmp
  • <SD-Card>/Android/####/-2066391664.tmp
  • <SD-Card>/Android/####/-2067315185.tmp
  • <SD-Card>/Android/####/-2067685141.tmp
  • <SD-Card>/Android/####/-2079413176.tmp
  • <SD-Card>/Android/####/-2093960329.tmp
  • <SD-Card>/Android/####/-2094039685.tmp
  • <SD-Card>/Android/####/-2122195101.tmp
  • <SD-Card>/Android/####/-2145141769.tmp
  • <SD-Card>/Android/####/-325945571.tmp
  • <SD-Card>/Android/####/-332282183.tmp
  • <SD-Card>/Android/####/-37244956.tmp
  • <SD-Card>/Android/####/-381392190.tmp
  • <SD-Card>/Android/####/-433510311.tmp
  • <SD-Card>/Android/####/-455894818.tmp
  • <SD-Card>/Android/####/-463879687.tmp
  • <SD-Card>/Android/####/-655074423.tmp
  • <SD-Card>/Android/####/-916857949.tmp
  • <SD-Card>/Android/####/-921470485.tmp
  • <SD-Card>/Android/####/-964900356.tmp
  • <SD-Card>/Android/####/.nomedia
  • <SD-Card>/Android/####/102237767.tmp
  • <SD-Card>/Android/####/1027561993.tmp
  • <SD-Card>/Android/####/1097113572.tmp
  • <SD-Card>/Android/####/1163899921.tmp
  • <SD-Card>/Android/####/1183032219.tmp
  • <SD-Card>/Android/####/1318767179.tmp
  • <SD-Card>/Android/####/1370466337.tmp
  • <SD-Card>/Android/####/1395415682.tmp
  • <SD-Card>/Android/####/1528869463.tmp
  • <SD-Card>/Android/####/1588274254.tmp
  • <SD-Card>/Android/####/1651968152.tmp
  • <SD-Card>/Android/####/1710253195.tmp
  • <SD-Card>/Android/####/1791149203.tmp
  • <SD-Card>/Android/####/1824013939.tmp
  • <SD-Card>/Android/####/1871422394.tmp
  • <SD-Card>/Android/####/1898360908.tmp
  • <SD-Card>/Android/####/1982230579.tmp
  • <SD-Card>/Android/####/2026764793.tmp
  • <SD-Card>/Android/####/2034675617.tmp
  • <SD-Card>/Android/####/2053192240.tmp
  • <SD-Card>/Android/####/273379607.tmp
  • <SD-Card>/Android/####/310162667.tmp
  • <SD-Card>/Android/####/376104094.tmp
  • <SD-Card>/Android/####/577815492.tmp
  • <SD-Card>/Android/####/5985565.tmp
  • <SD-Card>/Android/####/665997638.tmp
  • <SD-Card>/Android/####/685697402.tmp
  • <SD-Card>/Android/####/728284239.tmp
  • <SD-Card>/Android/####/876988631.tmp
  • <SD-Card>/Android/####/900879327.tmp
  • <SD-Card>/Android/####/92991080.tmp
  • <SD-Card>/Android/####/969812617.tmp
  • <SD-Card>/test1510146523523
Другие:
Запускает следующие shell-скрипты:
  • .kugua
  • .kugua -c id
  • c201711081550.apk -p <Package> -c <Package>:fff
  • cat /sys/class/net/wlan0/address
  • chmod 6777 <Package Folder>/files/c201711081550.apk
  • logcat -d -v time
  • ps
  • sh
Загружает динамические библиотеки:
  • com.swart
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.

Рекомендации по лечению


Android

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке