DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.Gexin.23

Added to the Dr.Web virus database: 2020-04-10

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Gexin.1
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) q####.c####.l####.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) a####.u####.com:80
  • TCP(HTTP/1.1) a.appj####.com:80
  • TCP(HTTP/1.1) cdn-sdk####.g####.com.####.com:80
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP sdk.o####.t####.####.com:5224
  • TCP cm-1####.ig####.com:5225
DNS requests:
  • 7j####.c####.z0.####.com
  • a####.u####.com
  • a.appj####.com
  • c-h####.g####.com
  • cdn-sdk####.g####.com
  • cm-1####.ig####.com
  • m.innoc####.com
  • sdk-ope####.g####.com
  • sdk.c####.ig####.com
  • sdk.o####.i####.####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
HTTP GET requests:
  • cdn-sdk####.g####.com.####.com/tdata_EDB102
  • cdn-sdk####.g####.com.####.com/tdata_EvJ733
  • q####.c####.l####.####.com/config/hz-hzv6.conf
  • q####.c####.l####.####.com/tdata_eoG063
  • sdk.o####.p####.####.com/api/addr.htm
HTTP POST requests:
  • a####.u####.com/app_logs
  • a.appj####.com/ad-service/ad/mark
  • c-h####.g####.com/api.php?format=####&t=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####&d=####&k=####
File system changes:
Creates the following files:
  • /data/data/####/.imprint
  • /data/data/####/.jg.ic
  • /data/data/####/clientid_igexin.xml
  • /data/data/####/d62b341ed8b0
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/exchangeIdentity.json
  • /data/data/####/increment.db-journal
  • /data/data/####/index
  • /data/data/####/init.pid
  • /data/data/####/innochina.xml
  • /data/data/####/innochina_storages.xml
  • /data/data/####/jg_app_update_settings_random.xml
  • /data/data/####/libjiagu.so
  • /data/data/####/push.pid
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/run.pid
  • /data/data/####/tdata_EvJ733.jar
  • /data/data/####/tdata_EvJ733.tmp
  • /data/data/####/umeng_general_config.xml
  • /data/data/####/umeng_it.cache
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/media/####/0000000000000001.db-journal
  • /data/media/####/01-3-2-support-detail.css
  • /data/media/####/01-3-2-support-details.html
  • /data/media/####/01-3-2.html
  • /data/media/####/01-3-home-page.css
  • /data/media/####/01-3-home-page.html
  • /data/media/####/01-3-support.css
  • /data/media/####/01-3-support.html
  • /data/media/####/01-4-pay-money-free.html
  • /data/media/####/01-4-pay-money.css
  • /data/media/####/01-4-pay-money.html
  • /data/media/####/Databases.db-journal
  • /data/media/####/activity-bottom-bg-2.png
  • /data/media/####/activity-bottom-bg.png
  • /data/media/####/activity-progress.png
  • /data/media/####/activity-rule.png
  • /data/media/####/activity-time.png
  • /data/media/####/activity-top-bg.jpg
  • /data/media/####/activity-top-bg.png
  • /data/media/####/activity.css
  • /data/media/####/activity.html
  • /data/media/####/activity.js
  • /data/media/####/add-address.css
  • /data/media/####/add-address.html
  • /data/media/####/address.css
  • /data/media/####/address.html
  • /data/media/####/ajax-utils.js
  • /data/media/####/app-ajax.js
  • /data/media/####/app-banner.js
  • /data/media/####/app-datalist-sync.js
  • /data/media/####/app-datalist.js
  • /data/media/####/app-keyboard.js
  • /data/media/####/app-lazyload.js
  • /data/media/####/app-lightsocial-operate.js
  • /data/media/####/app-lightsocial.js
  • /data/media/####/app-listener.js
  • /data/media/####/app-main.js
  • /data/media/####/app-map.js
  • /data/media/####/app-page.js
  • /data/media/####/app-payment.js
  • /data/media/####/app-project.js
  • /data/media/####/app-push.js
  • /data/media/####/app-redirect.js
  • /data/media/####/app-session.js
  • /data/media/####/app-share.js
  • /data/media/####/app-social.js
  • /data/media/####/app-update.js
  • /data/media/####/app-user.js
  • /data/media/####/app.db
  • /data/media/####/appeal-intro.html
  • /data/media/####/at-list-sub.html
  • /data/media/####/at-list-sub.js
  • /data/media/####/at-list.html
  • /data/media/####/auth-plugin.js
  • /data/media/####/back-btn.png
  • /data/media/####/baidu-map-utils.js
  • /data/media/####/bank-logo.png
  • /data/media/####/banner-dao.js
  • /data/media/####/banner-default.png
  • /data/media/####/base-dao.js
  • /data/media/####/bottom-bg.png
  • /data/media/####/car.png
  • /data/media/####/cardid-used.html
  • /data/media/####/category-project-form-dao.js
  • /data/media/####/ch-logo-new.png
  • /data/media/####/ch-logo.png
  • /data/media/####/city.data-3.js
  • /data/media/####/class-debug.js
  • /data/media/####/class.js
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/com.innochina.qzc.db
  • /data/media/####/comment.css
  • /data/media/####/comment.html
  • /data/media/####/comment.js
  • /data/media/####/common-selector.js
  • /data/media/####/common-utils.js
  • /data/media/####/constants.js
  • /data/media/####/cropper.css
  • /data/media/####/cropper.js
  • /data/media/####/datalist-operation.js
  • /data/media/####/default-bg.jpg
  • /data/media/####/default-bg1.png
  • /data/media/####/default-repay.png
  • /data/media/####/detailed-comment-sub.html
  • /data/media/####/detailed-comment-sub.js
  • /data/media/####/detailed-comment.html
  • /data/media/####/detailed-comment.js
  • /data/media/####/detailed-sub.html
  • /data/media/####/detailed-sub.js
  • /data/media/####/detailed.css
  • /data/media/####/detailed.html
  • /data/media/####/detailed.js
  • /data/media/####/device-utils.js
  • /data/media/####/discover-sub.html
  • /data/media/####/discover-sub.js
  • /data/media/####/discover.css
  • /data/media/####/discover.html
  • /data/media/####/discover.js
  • /data/media/####/discovery-detailed-sub.html
  • /data/media/####/discovery-detailed-sub.js
  • /data/media/####/discovery-detailed.html
  • /data/media/####/discovery-detailed.js
  • /data/media/####/dot.png
  • /data/media/####/downloader.js
  • /data/media/####/draft-sub.html
  • /data/media/####/draft-sub.js
  • /data/media/####/draft.html
  • /data/media/####/drafts.html
  • /data/media/####/drafts.js
  • /data/media/####/dynamic-header-bg.png
  • /data/media/####/dynamic-new.css
  • /data/media/####/dynamic-sub.html
  • /data/media/####/dynamic-sub.js
  • /data/media/####/dynamic.css
  • /data/media/####/dynamic.html
  • /data/media/####/dynamic.js
  • /data/media/####/empty-tip.css
  • /data/media/####/error.html
  • /data/media/####/file.css
  • /data/media/####/file.html
  • /data/media/####/file.js
  • /data/media/####/file__0.localstorage-journal
  • /data/media/####/find-friend.css
  • /data/media/####/find-friend.html
  • /data/media/####/find-friend.js
  • /data/media/####/fis-conf.js
  • /data/media/####/follow-main.html
  • /data/media/####/follow-sub.html
  • /data/media/####/follow-sub.js
  • /data/media/####/full-screen-tip-home.css
  • /data/media/####/full-screen-tip-my.css
  • /data/media/####/full-screen-tip-project.css
  • /data/media/####/full-screen-tip.css
  • /data/media/####/full-tip-home-1.png
  • /data/media/####/full-tip-home-2.png
  • /data/media/####/full-tip-home-3.png
  • /data/media/####/full-tip-home-button-tip.png
  • /data/media/####/full-tip-home-button.png
  • /data/media/####/full-tip-home-screen3-tip.png
  • /data/media/####/full-tip-home-screen4-button.png
  • /data/media/####/full-tip-home-screen4-tip.png
  • /data/media/####/full-tip-home-taxi.png
  • /data/media/####/full-tip-project-1.png
  • /data/media/####/full-tip-project-2.png
  • /data/media/####/gallery-plugin.js
  • /data/media/####/gas.png
  • /data/media/####/give-reward-box.css
  • /data/media/####/grid-9.css
  • /data/media/####/guide-detail.html
  • /data/media/####/guide-home.html
  • /data/media/####/guide-index-add-button.png
  • /data/media/####/guide-index-boy-girl-text.png
  • /data/media/####/guide-index-boy-text.png
  • /data/media/####/guide-index-boy.png
  • /data/media/####/guide-index-girl-text.png
  • /data/media/####/guide-index-girl.png
  • /data/media/####/guide-my-text-repay.png
  • /data/media/####/guide-my-text-wallet.png
  • /data/media/####/guide-myself.html
  • /data/media/####/guide-new.css
  • /data/media/####/guide-pages-01.png
  • /data/media/####/guide-pages-02.png
  • /data/media/####/guide-pages-03.png
  • /data/media/####/guide-support-coin.png
  • /data/media/####/guide-support-pig.png
  • /data/media/####/guide-support-text.png
  • /data/media/####/guide.css
  • /data/media/####/guide.html
  • /data/media/####/home-head.css
  • /data/media/####/html-utils.js
  • /data/media/####/i-know-button.png
  • /data/media/####/icon-mself-head.jpg
  • /data/media/####/icon-plus.png
  • /data/media/####/icon.png
  • /data/media/####/image-browser.html
  • /data/media/####/image-browser.js
  • /data/media/####/img-square.png
  • /data/media/####/income-expend-details.css
  • /data/media/####/index.css
  • /data/media/####/index.html
  • /data/media/####/inno-icon.fcp
  • /data/media/####/inno-icon.ttf
  • /data/media/####/inno.app.css
  • /data/media/####/inno.core.css
  • /data/media/####/inno.discovery.css
  • /data/media/####/inno.icon-font.css
  • /data/media/####/inno.icon.css
  • /data/media/####/inno.image.css
  • /data/media/####/inno.list.css
  • /data/media/####/inno.login.css
  • /data/media/####/inno.media.css
  • /data/media/####/inno.msg.css
  • /data/media/####/inno.msg.item.css
  • /data/media/####/inno.msg.item.discovery.css
  • /data/media/####/inno.mui.css
  • /data/media/####/inno.myself.css
  • /data/media/####/inno.popover.css
  • /data/media/####/inno.publish.css
  • /data/media/####/inno.qzc.publish.css
  • /data/media/####/inno.reg.css
  • /data/media/####/inno.set.css
  • /data/media/####/inno.start.css
  • /data/media/####/inno.util.css
  • /data/media/####/invite-record-bg.png
  • /data/media/####/invite-record-sub.html
  • /data/media/####/invite-record-sub.js
  • /data/media/####/invite-record.html
  • /data/media/####/invite-rule.html
  • /data/media/####/invite.css
  • /data/media/####/jquery-2.1.3.js
  • /data/media/####/line.png
  • /data/media/####/line2.png
  • /data/media/####/line_par.png
  • /data/media/####/link.html
  • /data/media/####/link.js
  • /data/media/####/list-style.css
  • /data/media/####/loading-utils.js
  • /data/media/####/local-cache-utils.js
  • /data/media/####/local-file-utils.js
  • /data/media/####/login.css
  • /data/media/####/login.html
  • /data/media/####/login.js
  • /data/media/####/login04-01.html
  • /data/media/####/logistical.css
  • /data/media/####/logistical.html
  • /data/media/####/logistics-pic.jpg
  • /data/media/####/logistics-style.css
  • /data/media/####/logo.png
  • /data/media/####/mag-comment-list.html
  • /data/media/####/main.css
  • /data/media/####/main.html
  • /data/media/####/main.js
  • /data/media/####/manifest.json
  • /data/media/####/md5.js
  • /data/media/####/mediarecorder-plugin.js
  • /data/media/####/mon-admin-border.jpg
  • /data/media/####/money-admin-02-1.html
  • /data/media/####/money-admin.css
  • /data/media/####/money-admin.html
  • /data/media/####/money-admin.js
  • /data/media/####/more.png
  • /data/media/####/msg-box.css
  • /data/media/####/msg-comment-sub.html
  • /data/media/####/msg-comment-sub.js
  • /data/media/####/msg-comment.html
  • /data/media/####/msg-input-reply.html
  • /data/media/####/msg-input-reply.js
  • /data/media/####/msg-me-sub.html
  • /data/media/####/msg-me-sub.js
  • /data/media/####/msg-me.html
  • /data/media/####/msg-praise-sub.html
  • /data/media/####/msg-praise-sub.js
  • /data/media/####/msg-praise.html
  • /data/media/####/msg-sys-detail.html
  • /data/media/####/msg-sys-info.html
  • /data/media/####/msg-sys-info.js
  • /data/media/####/msg-sys-list.html
  • /data/media/####/msg-sys-main.html
  • /data/media/####/msg-sys-sub.html
  • /data/media/####/msg-sys-sub.js
  • /data/media/####/msg-trade-info.html
  • /data/media/####/msg-trade-info.js
  • /data/media/####/msg-trade-main.html
  • /data/media/####/msg-trade-sub.html
  • /data/media/####/msg-trade-sub.js
  • /data/media/####/msg.css
  • /data/media/####/msg.html
  • /data/media/####/msg.js
  • /data/media/####/mui-input.css
  • /data/media/####/mui.css
  • /data/media/####/mui.js
  • /data/media/####/mui.lazyload.img.js
  • /data/media/####/mui.lazyload.js
  • /data/media/####/mui.picker.all.css
  • /data/media/####/mui.picker.all.js
  • /data/media/####/mui.previewimage.js
  • /data/media/####/mui.ttf
  • /data/media/####/mui.zoom.js
  • /data/media/####/my-admin.css
  • /data/media/####/my-bg.jpg
  • /data/media/####/my-draft.html
  • /data/media/####/my-friend-03-1.html
  • /data/media/####/my-repay-appeal.html
  • /data/media/####/my-repay-appeal.js
  • /data/media/####/my-repay-logistics.html
  • /data/media/####/my-repay-logistics.js
  • /data/media/####/my-repay-main.html
  • /data/media/####/my-repay-nosend.html
  • /data/media/####/my-repay-nosend.js
  • /data/media/####/my-repay-receive.html
  • /data/media/####/my-repay-receive.js
  • /data/media/####/my-repay-repayed.html
  • /data/media/####/my-repay-repayed.js
  • /data/media/####/my-repay-sub.html
  • /data/media/####/my-repay-sub.js
  • /data/media/####/my-repay.html
  • /data/media/####/my-step1.png
  • /data/media/####/my-step2.png
  • /data/media/####/my-step3.png
  • /data/media/####/my.css
  • /data/media/####/myself-main.css
  • /data/media/####/myself-main.html
  • /data/media/####/myself-sub.html
  • /data/media/####/myself-sub.js
  • /data/media/####/myself.css
  • /data/media/####/myself.html
  • /data/media/####/myself.js
  • /data/media/####/name-validate-back.jpg
  • /data/media/####/name-validate-fail.html
  • /data/media/####/name-validate-front.jpg
  • /data/media/####/name-validate-success.html
  • /data/media/####/name-validate.html
  • /data/media/####/native-func.js
  • /data/media/####/nav-boder.png
  • /data/media/####/new-home-sub.css
  • /data/media/####/new-home-sub.html
  • /data/media/####/new-home-sub.js
  • /data/media/####/new-home.html
  • /data/media/####/new-home.js
  • /data/media/####/notice-box.png
  • /data/media/####/notice-close.png
  • /data/media/####/null-head.png
  • /data/media/####/page-utils.js
  • /data/media/####/pages-config.js
  • /data/media/####/pay-addr.css
  • /data/media/####/pay-addr.html
  • /data/media/####/pay-addr.js
  • /data/media/####/pay-fail.html
  • /data/media/####/pay-fail.js
  • /data/media/####/pay-free.html
  • /data/media/####/pay-free.js
  • /data/media/####/pay-money.css
  • /data/media/####/pay-reward.html
  • /data/media/####/pay-reward.js
  • /data/media/####/pay-success-share.css
  • /data/media/####/pay-success.html
  • /data/media/####/pay-success.js
  • /data/media/####/pay.css
  • /data/media/####/payment-detail-list.css
  • /data/media/####/payment-detail-list.html
  • /data/media/####/payment-detail-list.js
  • /data/media/####/payment-detail.css
  • /data/media/####/payment-detail.html
  • /data/media/####/percent-bg.jpg
  • /data/media/####/personal-data.css
  • /data/media/####/personal-data.html
  • /data/media/####/phone-bind.html
  • /data/media/####/photo-utils.js
  • /data/media/####/pic-01.jpg
  • /data/media/####/project-detail-sub.css
  • /data/media/####/project-detail-sub.html
  • /data/media/####/project-detail-sub.js
  • /data/media/####/project-detail.css
  • /data/media/####/project-form-dao.js
  • /data/media/####/psw-found.html
  • /data/media/####/psw-setting.css
  • /data/media/####/psw-setting.html
  • /data/media/####/publish-footer.png
  • /data/media/####/publish-main.html
  • /data/media/####/publish-step-2-2.css
  • /data/media/####/publish-step.css
  • /data/media/####/publish-step1.html
  • /data/media/####/publish-step1.js
  • /data/media/####/publish-step2-2-1.css
  • /data/media/####/publish-step2-2-1.html
  • /data/media/####/publish-step2-2-1.js
  • /data/media/####/publish-step2-2-2.html
  • /data/media/####/publish-step2-2-2.js
  • /data/media/####/publish-step2-2.html
  • /data/media/####/publish-step2-2.js
  • /data/media/####/publish-step2.html
  • /data/media/####/publish-step2.js
  • /data/media/####/publish-step3.html
  • /data/media/####/publish-step3.js
  • /data/media/####/publish-step4.html
  • /data/media/####/publish-step4.js
  • /data/media/####/publish-sub.html
  • /data/media/####/publish-sub.js
  • /data/media/####/publish-success.html
  • /data/media/####/publish-talk.css
  • /data/media/####/publish-talk.html
  • /data/media/####/publish-talk.js
  • /data/media/####/publish-tit.png
  • /data/media/####/publish.css
  • /data/media/####/publish.html
  • /data/media/####/publish.js
  • /data/media/####/published-project.css
  • /data/media/####/published-project.html
  • /data/media/####/push-utils.js
  • /data/media/####/qq.png
  • /data/media/####/question.html
  • /data/media/####/qzc-share-logo.png
  • /data/media/####/realname-certificate-result.html
  • /data/media/####/realname-certificate-result.js
  • /data/media/####/realname-certificate.html
  • /data/media/####/realname-certificate.js
  • /data/media/####/realname-other.html
  • /data/media/####/realname-other.js
  • /data/media/####/realname-success.html
  • /data/media/####/realname-success.js
  • /data/media/####/realname.css
  • /data/media/####/realname.html
  • /data/media/####/realname.js
  • /data/media/####/recharge-ensure.css
  • /data/media/####/recharge-ensure.html
  • /data/media/####/recharge-ensure.js
  • /data/media/####/recharge-success.css
  • /data/media/####/recharge-success.html
  • /data/media/####/recharge-success.js
  • /data/media/####/recharge.css
  • /data/media/####/recharge.html
  • /data/media/####/recharge.js
  • /data/media/####/record-support-06-2.html
  • /data/media/####/reg-forget.html
  • /data/media/####/reg-forget.js
  • /data/media/####/reg-pwd.html
  • /data/media/####/reg-pwd.js
  • /data/media/####/reg.html
  • /data/media/####/reg.js
  • /data/media/####/register.css
  • /data/media/####/register.html
  • /data/media/####/repay-detail-received.html
  • /data/media/####/repay.css
  • /data/media/####/report-notice.html
  • /data/media/####/report-seccess.css
  • /data/media/####/report-seccess.html
  • /data/media/####/report.css
  • /data/media/####/report.html
  • /data/media/####/report.js
  • /data/media/####/report01-7.html
  • /data/media/####/reward-bg.png
  • /data/media/####/reward-item.html
  • /data/media/####/reward-item.js
  • /data/media/####/reward-left.png
  • /data/media/####/reward-main.html
  • /data/media/####/reward-receiving.html
  • /data/media/####/reward-receiving.js
  • /data/media/####/reward-right.png
  • /data/media/####/reward-sub.html
  • /data/media/####/reward-sub.js
  • /data/media/####/reward.css
  • /data/media/####/ring.svg
  • /data/media/####/sea-config.js
  • /data/media/####/sea.js
  • /data/media/####/search-project.html
  • /data/media/####/search-sub.html
  • /data/media/####/search-sub.js
  • /data/media/####/search.css
  • /data/media/####/search.html
  • /data/media/####/search.js
  • /data/media/####/selector.css
  • /data/media/####/selector.html
  • /data/media/####/selector.js
  • /data/media/####/services-config.js
  • /data/media/####/services-constants.js
  • /data/media/####/set-about-appropriation.html
  • /data/media/####/set-about-fundraising.html
  • /data/media/####/set-about-privacy.html
  • /data/media/####/set-about-service.html
  • /data/media/####/set-about-support.html
  • /data/media/####/set-about.html
  • /data/media/####/set-about.js
  • /data/media/####/set-addr-save.html
  • /data/media/####/set-addr-save.js
  • /data/media/####/set-addr.html
  • /data/media/####/set-addr.js
  • /data/media/####/set-bind-phone.html
  • /data/media/####/set-bind-phone.js
  • /data/media/####/set-feedback.html
  • /data/media/####/set-feedback.js
  • /data/media/####/set-modify-phone.html
  • /data/media/####/set-modify-phone.js
  • /data/media/####/set-modify-pwd.html
  • /data/media/####/set-modify-pwd.js
  • /data/media/####/set-msg-info.html
  • /data/media/####/set-msg-info.js
  • /data/media/####/set-nickname.html
  • /data/media/####/set-nickname.js
  • /data/media/####/set-pay-modify.html
  • /data/media/####/set-pay-modify.js
  • /data/media/####/set-pay-newpwd.html
  • /data/media/####/set-pay-newpwd.js
  • /data/media/####/set-pay-oldpwd.html
  • /data/media/####/set-pay-oldpwd.js
  • /data/media/####/set-pay-reset.html
  • /data/media/####/set-pay-reset.js
  • /data/media/####/set-pay-retrieve.html
  • /data/media/####/set-pay-retrieve.js
  • /data/media/####/set-pay.html
  • /data/media/####/set-pay.js
  • /data/media/####/set-personal.css
  • /data/media/####/set-personal.html
  • /data/media/####/set-personal.js
  • /data/media/####/set-phone-code.html
  • /data/media/####/set-phone-code.js
  • /data/media/####/set-phone-verify.html
  • /data/media/####/set-phone-verify.js
  • /data/media/####/set-region.css
  • /data/media/####/set-region.html
  • /data/media/####/set-region.js
  • /data/media/####/set-safety.html
  • /data/media/####/set-safety.js
  • /data/media/####/set-summary.css
  • /data/media/####/set-summary.html
  • /data/media/####/set-summary.js
  • /data/media/####/set.css
  • /data/media/####/set.html
  • /data/media/####/set.js
  • /data/media/####/share-plugin.js
  • /data/media/####/share.jpg
  • /data/media/####/sina-weibo-edit.html
  • /data/media/####/sina-weibo-edit.js
  • /data/media/####/sinaweibo.png
  • /data/media/####/small-banner-bg.png
  • /data/media/####/social-utils.js
  • /data/media/####/statistic-utils.js
  • /data/media/####/storage-assist.js
  • /data/media/####/store.js
  • /data/media/####/support-detail-ready-to-send.html
  • /data/media/####/support-detail-sent.html
  • /data/media/####/support-detail.css
  • /data/media/####/support-detail.html
  • /data/media/####/support-item.html
  • /data/media/####/support-item.js
  • /data/media/####/support-list-main.html
  • /data/media/####/support-list-sub.html
  • /data/media/####/support-list-sub.js
  • /data/media/####/support-list.css
  • /data/media/####/support-main.html
  • /data/media/####/support-sub.html
  • /data/media/####/support-sub.js
  • /data/media/####/support.css
  • /data/media/####/support.html
  • /data/media/####/support.js
  • /data/media/####/tape-left.gif
  • /data/media/####/tape-right.gif
  • /data/media/####/tdata_EvJ733
  • /data/media/####/template.js
  • /data/media/####/thank-report.html
  • /data/media/####/thank-report.js
  • /data/media/####/tik-tok.js
  • /data/media/####/tip.html
  • /data/media/####/tip.js
  • /data/media/####/topic-dao.js
  • /data/media/####/topic-draft-dao.js
  • /data/media/####/topic-list.template
  • /data/media/####/tua.png
  • /data/media/####/update-address.css
  • /data/media/####/update-address.html
  • /data/media/####/update-plugin.js
  • /data/media/####/update-utils.js
  • /data/media/####/update.html
  • /data/media/####/update.js
  • /data/media/####/uploader-utils.js
  • /data/media/####/user-default.png
  • /data/media/####/user-pic.png
  • /data/media/####/validate-utils.js
  • /data/media/####/validate.css
  • /data/media/####/voice-ico.gif
  • /data/media/####/voice-ico.png
  • /data/media/####/waiting-icon-pink.png
  • /data/media/####/waiting-icon.png
  • /data/media/####/wallet-log-sub.html
  • /data/media/####/wallet-log-sub.js
  • /data/media/####/wallet-log.html
  • /data/media/####/wallet.css
  • /data/media/####/wallet.html
  • /data/media/####/wallet.js
  • /data/media/####/weixin.png
  • /data/media/####/withdraw-bank-card-bind-validate.html
  • /data/media/####/withdraw-bank-card-bind-validate.js
  • /data/media/####/withdraw-bank-card-bind.html
  • /data/media/####/withdraw-bank-card-bind.js
  • /data/media/####/withdraw-bank-card-info.html
  • /data/media/####/withdraw-bank-card-info.js
  • /data/media/####/withdraw-bank-card-pay-password.html
  • /data/media/####/withdraw-bank-card-pay-password.js
  • /data/media/####/withdraw-bank-card-unbind.html
  • /data/media/####/withdraw-bank-card-unbind.js
  • /data/media/####/withdraw-bank-card.html
  • /data/media/####/withdraw-bank-card.js
  • /data/media/####/withdraw-details.html
  • /data/media/####/withdraw-details.js
  • /data/media/####/withdraw-pay-password.html
  • /data/media/####/withdraw-pay-password.js
  • /data/media/####/withdraw-rule.html
  • /data/media/####/withdraw-success.html
  • /data/media/####/withdraw-success.js
  • /data/media/####/withdraw.css
  • /data/media/####/withdraw.html
  • /data/media/####/withdraw.js
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/cpuinfo
  • cat /sys/class/net/wlan0/address
  • chmod 755 <Package Folder>/files/libjiagu.so
  • mount
  • sh
Loads the following dynamic libraries:
  • libjiagu
Uses the following algorithms to encrypt data:
  • AES-CFB-NoPadding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-CFB-NoPadding
  • AES-ECB-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play