Library
My library

+ Add to library

Profile

Android.MulDrop.1009

Added to the Dr.Web virus database: 2017-02-04

Virus description added:

Technical information

Malicious functions:
Prompts to install third-party applications.
Network activity:
Connecting to:
  • s####.####.com
  • trac####.####.com
  • u####.####.com
  • ad####.####.com
  • i####.####.com
  • go####.com
  • busi####.####.com
  • im####.####.com
  • goup####.####.cn
  • c####.####.com
  • d####.####.com
  • go####.####.io
  • gl####.####.com
  • s####.####.net
  • ver####.####.com
  • a####.####.com
  • pag####.####.com
HTTP GET requests:
  • pag####.####.com/pagead/js/r20170130/r20170110/show_ads_impl.js
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/car/red.png
  • im####.####.com/js/core/bridge3.157.2_en.html
  • go####.com/complete/search?q=app.ht5game.com/game/mm/mnkcpz/index.html?source=####&output=####&hl=####
  • d####.####.com/Uploads/image/2016-12-29/148299907816013.jpg
  • a####.####.com/Common/images/ht5game.png
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/collided.ogg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/background/office.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/sprites/btn_more_games.png
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/powerup.ogg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/small-map.png
  • gl####.####.com/trace?offer_id=####&app_id=####&type=####&aff_sub####&aff_sub2=####&aff_sub7=####&google_adv_id=####&aff_sub6=####&aff_sub8=####&sub_a...
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/background/livingroom.jpg
  • trac####.####.com/click?mb_campid=####&mb_nt=####&mb_pl=####&clickid=####&mb_subid=####&mb_gaid=####
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/background/toyroom.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/leftright-intro.png
  • s####.####.net/instream/video/client.js
  • d####.####.com/Uploads/image/2016-07-19/1468899446231920.jpg
  • a####.####.com/game/mm/mnkcpz/play.html?source=####&v=####
  • go####.com/r/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####&ul=####&de=####&dt=####&sd=####&sr=####&vp=####&je=####&_u=####&jid=####&cid=####&ti...
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/intro-item.png
  • i####.####.com/public/uploads/store_3/e/d/4/ed40f764cd3286a177c64e287a0c5d67.jpeg
  • d####.####.com/Uploads/image/2016-07-19/14689002764969066.jpg
  • go####.com/complete/search?q=####&output=####&hl=####
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/lowcollide.ogg
  • d####.####.com/Uploads/image/2016-12-29/14829797144683760.jpg
  • d####.####.com/Uploads/image/2016-07-19/14689117581226587.jpg
  • d####.####.com/Uploads/image/2016-07-19/14688996068271312.jpg
  • a####.####.com/favicon.ico
  • u####.####.com/index.php/OfferList/getOfferListNew?start=####&limit=####&picsize=####&minsdk=####&uuid=####&aaid=####&adid=####&product=####&sub_produ...
  • c####.####.com/api/v2/configurations?product_id=####&config_names=####&client=####
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/background/kitchen.jpg
  • d####.####.com/Uploads/image/2016-12-29/14829992163981330.jpg
  • d####.####.com/Uploads/image/2016-07-19/14689091225918342.jpg
  • a####.####.com/game/mm/mnkcpz/game.js
  • pag####.####.com/pagead/gen_204?pid=####&cz=####&sz=####&ct=####&vm=####&lid=####&sdkv=####&e=####&id=####&c=####&domain=####
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/orientate/orientation.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/car/grey.png
  • a####.####.com/game/mm/mnkcpz/game.css
  • d####.####.com/Uploads/image/2016-12-26/14827386077631406.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/car/orange.png
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/background/completed-background.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/end.ogg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/opening/kitty.png
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/player.png
  • pag####.####.com/pagead/gen_204?request_type=####&lid=####&sdkv=####&e=####&id=####&c=####&domain=####
  • d####.####.com/Uploads/image/2016-07-19/14688984153822817.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/white-background.png
  • i####.####.com/public/uploads/store_1/f/8/f/f8f799cc6d74971ffc2fe219575d6687.png
  • a####.####.com/Common/images/mnkcpz_icon.jpg
  • a####.####.com/Common/images/mnkcpz.jpg
  • im####.####.com/js/sdkloader/outstream.js
  • d####.####.com/Uploads/image/2016-12-29/14829800734296581.jpg
  • d####.####.com/Uploads/image/2016-07-19/14688995017865552.jpg
  • a####.####.com/Common/css/ht5game.css
  • i####.####.com/api/v1/1094/200/75/packages
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/loading/ajax-loader.gif
  • a####.####.com/game/mm/mnkcpz/index.html
  • d####.####.com/Uploads/image/2016-07-19/14688985770458649.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/countdown.ogg
  • d####.####.com/Uploads/image/2016-07-19/14689120806971361.jpg
  • s####.####.com/public/uploads/store_6/e/9/f/e9f30a5e0e2d4608fa4b82840dec63b8.apk
  • a####.####.com/game/mm/mnkcpz/media/game/audio/bgm.ogg
  • a####.####.com/game/mm/mnkcpz/media/branding/graphics/splash1.png
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/ministar.png
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/splash/desktop/cover.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/drift.ogg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/car/black.png
  • d####.####.com/Uploads/image/2016-07-19/14689119818203584.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/car/green.png
  • d####.####.com/Uploads/image/2016-12-29/14829991310221635.jpg
  • d####.####.com/Uploads/image/2016-07-19/14689113738936374.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/explode.ogg
  • d####.####.com/Uploads/image/2016-07-19/14688972969191930.jpg
  • d####.####.com/Uploads/image/2016-07-19/14688982224251432.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/opening/opening.ogg
  • pag####.####.com/pagead/js/adsbygoogle.js
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/background/toilet.jpg
  • d####.####.com/Uploads/image/2016-12-26/14827380014301580.jpg
  • c####.####.com/aff_c?tt_ls=####&offer_id=####&tt_appid=####&aff_id=####&tt_bannerid=####&tt_aff_clickid=####&tt_sub_aff=####&tt_advertising_ID=####&tt...
  • ad####.####.com/abtestcenter/ab?sid=####&gzip=####&utm_source=####&isupgrade=####&aid=####&local=####&cversion=####&cid=####&cdays=####&entrance=####&...
  • d####.####.com/Uploads/image/2016-07-19/14688995609614721.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/bling.ogg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/opening/kittytitle.png
  • u####.####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&prod=####&svn=####
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/splash/mobile/cover-start.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/powerup.png
  • pag####.####.com/pagead/gen_204?rt=####&lid=####&sdkv=####&e=####&id=####&c=####&domain=####
  • u####.####.com/postback/getOfferjurl?info=####&retry=####
  • ver####.####.com/api/v1/product/versions?product_id=####&version_number=####&country=####&lang=####
  • d####.####.com/Uploads/image/2016-07-19/14688984635708122.jpg
  • pag####.####.com/pagead/gen_204?error=####&lid=####&sdkv=####&e=####&id=####&c=####&domain=####
  • a####.####.com/game/mm/mnkcpz/index.html?source=####
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/sprites.png
  • a####.####.com/game/mm/mnkcpz/media/game/font/cartwheel.ttf
  • a####.####.com/game/mm/mnkcpz/media/game/audio/opening/kittyopening.ogg
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/loading-bar.png
  • d####.####.com/Uploads/image/2016-12-29/14829992569321273.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/game/click.ogg
  • d####.####.com/Uploads/image/2016-07-19/14688986378074425.jpg
  • go####.com/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####&ul=####&de=####&dt=####&sd=####&sr=####&vp=####&je=####&_u=####&jid=####&cid=####&tid=...
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/map.png
  • go####.com/analytics.js
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/car/shield.png
  • a####.####.com/Common/js/mmgamesdk.js
  • a####.####.com/strategy/api/v1/rule/get?p=####&hp=####&l=####&c=####&prod=####&svn=####&sv=####&nv=####
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/car/blue.png
  • a####.####.com/game/mm/mnkcpz/media/game/graphics/game/enemy.png
  • d####.####.com/Uploads/image/2016-07-19/1468911473896948.jpg
  • d####.####.com/Uploads/image/2016-07-19/14688993692724270.jpg
  • a####.####.com/game/mm/mnkcpz/media/game/audio/play/static.ogg
HTTP POST requests:
  • busi####.####.com/business/tcppInstall
  • goup####.####.cn/GOClientData/DC
  • go####.####.io/goload/common?funid=####&rd=####
  • busi####.####.com/business/active
  • a####.####.com/api/getConfigDataUpdateFlag
  • busi####.####.com/business/download
  • ad####.####.com/adv_iap/userTag
  • busi####.####.com/business/install
  • s####.####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
  • a####.####.com/api/getOnlineConfigParams
  • a####.####.com/api/installedStat
  • a####.####.com/app_logs
  • busi####.####.com/business/click
  • busi####.####.com/business/impression
  • a####.####.com/api/requestInfo
  • a####.####.com/lgame/getAllLgameCardDataList
Modified file system:
Creates the following files:
  • /sdcard/Android/data/####/cache/2idjrgu1089opvw32m3m1wch.tmp
  • /data/data/####/shared_prefs/apsad.xml.bak
  • /sdcard/Android/data/####/cache/1tdu8flrk1lj45fsq8lx3av5
  • /data/data/####/shared_prefs/pconfig_preferences.xml
  • /sdcard/.androidsystem/.files/gads.db
  • /data/data/####/cache/webviewCacheChromium/data_2
  • /sdcard/Android/data/####/cache/5v7wu8znnjsv4d1suvpqh0chl.tmp
  • /data/data/####/cache/webviewCacheChromium/data_0
  • /data/data/####/databases/webviewCookiesChromium.db-journal
  • /sdcard/Android/framework/clrunpath/-1503151543/meal.jar
  • /data/data/####/cache/webviewCacheChromium/data_1
  • /data/data/####/shared_prefs/AdsBusiness-data.xml
  • /data/data/####/shared_prefs/umeng_general_config.xml
  • /sdcard/.androidsystem/f88f9b8f39839b4913511156e912aaa1.jpg
  • /data/data/####/cache/volley/-432708002-534743362
  • /data/data/####/shared_prefs/pconfig_preferences.xml.bak
  • /data/data/####/databases/webview.db-journal
  • /sdcard/.adslib/com.jb.security@75.apk
  • /data/data/####/shared_prefs/aps.xml.bak
  • /sdcard/Android/data/####/cache/2ueqpc2zgrudmv32c1yq3z7hv.tmp
  • /sdcard/Android/data/####/cache/241lqwn99em5nkix9ltll7pvl
  • /sdcard/Android/data/####/cache/1rc1zxxwez5nshp6qeq6kvjvd.tmp
  • /sdcard/Android/data/com.jiubang.commerce.notification/evasion
  • /sdcard/.goproduct/goid
  • /data/data/####/databases/adblib.db-journal
  • /data/data/####/cache/webviewCacheChromium/index
  • /sdcard/Android/data/####/cache/4hheblx77ofjkwvdbe6qyg85l.tmp
  • /data/data/####/cache/webviewCacheChromium/f_00000a
  • /data/data/####/cache/webviewCacheChromium/f_00000c
  • /data/data/####/cache/webviewCacheChromium/f_00000b
  • /data/data/####/cache/webviewCacheChromium/f_00000e
  • /sdcard/Android/data/####/cache/30lzzfkzfo65m6zzppocsv8m8.tmp
  • /data/data/####/cache/webviewCacheChromium/f_00000f
  • /data/data/####/cache/webviewCacheChromium/data_3
  • /sdcard/Android/data/####/cache/1gvl2e1u78k0dnz522dfjo3h.tmp
  • /sdcard/.sys/.db/android.db
  • /data/data/####/files/google.db
  • /sdcard/air/as/statistics/deviceId.txt
  • /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
  • /data/data/####/shared_prefs/apscomm.xml
  • /data/data/####/cache/volley/-529046126-1584866444
  • /sdcard/Android/data/####/cache/2bpq87flqr3zhl37szd1ogs3i.tmp
  • /sdcard/Android/data/####/cache/2rrnkwm2pd4huux9c536vkd5q
  • /data/data/####/cache/volley/779439326396579548
  • /data/data/####/cache/webviewCacheChromium/f_000009
  • /data/data/####/cache/webviewCacheChromium/f_000008
  • /sdcard/Android/data/####/cache/2cjsw5aygsde781v85vqtpl4b
  • /data/data/####/cache/webviewCacheChromium/f_000001
  • /data/data/####/cache/webviewCacheChromium/f_000003
  • /data/data/####/cache/webviewCacheChromium/f_000002
  • /data/data/####/cache/webviewCacheChromium/f_000005
  • /data/data/####/cache/webviewCacheChromium/f_000004
  • /data/data/####/cache/webviewCacheChromium/f_000007
  • /data/data/####/cache/webviewCacheChromium/f_000006
  • /data/data/####/files/umeng_it.cache
  • /sdcard/Android/data/####/cache/.nomedia
  • /data/data/####/cache/webviewCacheChromium/f_00001a
  • /sdcard/Android/data/####/cache/49qig280fjyny99x7yustnvkj
  • /sdcard/baidu/AndroidStore/http_cache/journal.tmp
  • /data/data/####/shared_prefs/apsad.xml
  • /sdcard/Android/data/####/cache/1tase96pu7npnafx70baoi1rl.tmp
  • /data/data/####/shared_prefs/settings.xml
  • /data/data/####/cache/webviewCacheChromium/f_000018
  • /data/data/####/cache/webviewCacheChromium/f_000019
  • /data/data/####/cache/webviewCacheChromium/f_000016
  • /data/data/####/cache/webviewCacheChromium/f_000017
  • /data/data/####/cache/webviewCacheChromium/f_000014
  • /data/data/####/cache/webviewCacheChromium/f_000015
  • /data/data/####/cache/webviewCacheChromium/f_000012
  • /data/data/####/cache/webviewCacheChromium/f_000013
  • /data/data/####/cache/webviewCacheChromium/f_000010
  • /data/data/####/cache/webviewCacheChromium/f_000011
  • /sdcard/Android/data/.nomedia
  • /data/data/####/shared_prefs/AdsBusiness-data.xml.bak
  • /sdcard/Android/data/####/cache/6zk4chjqt39y0a3yabplyeuyd.tmp
  • /sdcard/Android/data/####/cache/553uealb9fmiuvyo7p67gxne5.tmp
  • /sdcard/Android/data/####/cache/33jgswdwfmdi67jlynoypzoo5.tmp
  • /sdcard/Android/data/####/cache/3gutndk5nm4ta73g0ikfhgyxv.tmp
  • /data/data/####/shared_prefs/common_preferences.xml
  • /data/data/####/databases/historyManager-journal
  • /data/data/####/cache/databases/localstorage/http_app.ht5game.com_0.localstorage-journal
  • /sdcard/.system/.data/.config/.gamecenter_en/config.db
  • /data/data/####/cache/webviewCacheChromium/f_00001b
  • /data/data/####/cache/webviewCacheChromium/f_00001c
  • /data/data/####/cache/webviewCacheChromium/f_00000d
  • /sdcard/Android/data/####/cache/5il2tw6ndih4cfj4leorelz8f.tmp
  • /data/data/####/files/bookmarks.dat
  • /sdcard/Android/data/####/cache/2chhwl37xm898ns7soacix9t1
  • /sdcard/Android/data/####/cache/208q62asplqb731mj91fwv7ky.tmp
  • /sdcard/Android/data/####/cache/1w0q24cscnc85qck8gj27mgqj
  • /sdcard/Android/data/####/cache/5qbbc1q0sxd44g8u8z586n517
  • /sdcard/.androidsystem/.files/files.db
  • /sdcard/Android/data/####/cache/jo1mux28hk7dnnibkkwi7mca.tmp
  • /sdcard/.androidsystem/31626add7c96646ef140e6a520a86d42.jpg
  • /data/data/####/files/.imprint
  • /data/data/####/shared_prefs/common_preferences.xml.bak
  • /data/data/####/app_mbj/dex/classes.zip
  • /data/data/####/databases/historyManager
  • /data/data/####/app_icons/WebpageIcons.db-journal
  • /data/data/####/shared_prefs/apspri.xml
  • /sdcard/baidu/.cuid
  • /data/data/####/shared_prefs/aps.xml
  • /data/data/####/shared_prefs/umeng_general_config.xml.bak
  • /data/data/####/databases/gamebox.db-journal
  • /sdcard/Android/data/####/cache/6bzhwtsweimdcvto8o5hwaf47.tmp
  • /sdcard/Android/data/####/cache/7z2snyar7djm6ts6s92kde0l.tmp
  • /data/data/####/cache/ApplicationCache.db-journal
Miscellaneous:
Executes next shell scripts:
  • chmod 755 /data/data/com.jb.security/app_daemon/godaemon
  • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  • sh
  • /data/data/com.jb.security/app_daemon/godaemon -p com.jb.security -s com.jb.security.service.GuardService -t 60 -f /data/data/com.jb.security/app_indicators/indicator_p
Contains functionality to send SMS messages automatically.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android