DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Adware.Gexin.21644

Added to the Dr.Web virus database: 2021-10-03

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Adware.Gexin.2.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) sdk.o####.p####.####.com:80
  • TCP(HTTP/1.1) c-h####.g####.com:80
  • TCP(HTTP/1.1) nav.cn.ron####.com:80
  • TCP(HTTP/1.1) a####.b####.qq.com:8011
  • TCP(HTTP/1.1) www.cmpass####.com:80
  • TCP(HTTP/1.1) d####.c####.l####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) cdn-sdk####.g####.com.####.com:80
  • UDP(NTP) 1.cn.p####.####.org:123
  • TCP(TLS/1.0) 1####.250.153.95:443
  • TCP(TLS/1.0) j####.d####.com.####.cn:443
  • TCP(TLS/1.0) c####.x####.com:443
  • TCP(TLS/1.0) av1.x####.com:443
  • TCP(TLS/1.0) 74.1####.143.113:443
  • TCP(TLS/1.0) 1####.194.79.95:443
  • TCP(TLS/1.0) 1####.217.218.94:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) s####.cn.ron####.com:443
  • TCP(TLS/1.2) 1####.194.69.95:443
  • TCP(TLS/1.2) 1####.194.79.95:443
  • TCP(TLS/1.2) 1####.217.218.94:443
  • TCP(TLS/1.2) 74.1####.143.113:443
  • TCP sdk.o####.t####.####.net:5224
  • TCP cm-1####.g####.com:5224
  • UDP 1####.250.153.95:443
DNS requests:
  • 1.cn.p####.####.org
  • a####.b####.qq.com
  • and####.b####.qq.com
  • av1.x####.com
  • c####.x####.com
  • c-h####.g####.com
  • cdn-sdk####.g####.com
  • cm-1####.g####.com
  • i####.cn
  • id1.cn.8.####.8
  • j####.d####.com
  • md####.google####.com
  • nav.cn.ron####.com
  • s####.cn.ron####.com
  • sdk-ope####.g####.com
  • sdk.c####.g####.com
  • sdk.o####.p####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.com
  • sdk.o####.t####.####.net
  • www.cmpass####.com
HTTP GET requests:
  • c####.x####.com:443/sdk/conf?id=####&p=####&v=####&sv=####&cv=####
  • cdn-sdk####.g####.com.####.com/tdata_CoH340
  • cdn-sdk####.g####.com.####.com/tdata_EDB102
  • cdn-sdk####.g####.com.####.com/tdata_GKM601
  • cdn-sdk####.g####.com.####.com/tdata_jFf739
  • cdn-sdk####.g####.com.####.com/tdata_pKX830
  • d####.c####.l####.####.com/config/hzv9.conf
  • j####.d####.com.####.cn:443/api/v2/client/loading?city=####&size=####&pl...
  • sdk.o####.p####.####.com/api/addr.htm
HTTP POST requests:
  • a####.b####.qq.com:8011/rqd/async
  • and####.b####.qq.com/rqd/async
  • av1.x####.com:443/g/d?crc=####
  • c-h####.g####.com/api.php?format=####&t=####
  • j####.d####.com.####.cn:443/api/v2/client/device/activate?platform=####&...
  • j####.d####.com.####.cn:443/api/v2/client/devicetoken
  • j####.d####.com.####.cn:443/api/v2/client/stats
  • nav.cn.ron####.com/navipush.json
  • s####.cn.ron####.com:443/active.json
  • sdk.o####.p####.####.com/api.php?format=####&t=####
  • sdk.o####.p####.####.com/api.php?format=####&t=####&d=####&k=####
  • www.cmpass####.com/openapi/queryloginconfig?ver=####&sourceid=####&appid...
File system changes:
Creates the following files:
  • /data/data/####/.jg.ic
  • /data/data/####/503716a8a9091e8c834f.worker.js
  • /data/data/####/COUNTLY_STORE.xml
  • /data/data/####/CURRENT
  • /data/data/####/INSTALLATION
  • /data/data/####/MANIFEST-000001
  • /data/data/####/RongPush.xml
  • /data/data/####/RongPush.xml.bak
  • /data/data/####/Statistics.xml
  • /data/data/####/TDCloudSettingsConfig228C0E7A18E496B9E84D5A2DF4...ml.bak
  • /data/data/####/TDCloudSettingsConfig228C0E7A18E496B9E84D5A2DF4028134.xml
  • /data/data/####/TD_app_pefercen_profile.xml
  • /data/data/####/TD_app_pefercen_profile.xml.bak
  • /data/data/####/TDpref_longtime.xml
  • /data/data/####/TDpref_longtime.xml (deleted)
  • /data/data/####/TDpref_longtime.xml.bak
  • /data/data/####/TDpref_shorttime.xml
  • /data/data/####/TDtcagent.db
  • /data/data/####/TDtcagent.db-journal
  • /data/data/####/TalingDataConfig228C0E7A18E496B9E84D5A2DF4028134.xml
  • /data/data/####/UMC_SDK_ACCOUNT.xml
  • /data/data/####/UMC_SDK_ACCOUNT.xml.bak
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a45224c5337f
  • /data/data/####/account.17c69e2a2f4d670db53ebd755877c9b4.css
  • /data/data/####/account.6ea0b133eb89a0cc44c4.js
  • /data/data/####/account.html
  • /data/data/####/agreement.0728856d645798796d87389819dd6ccf.css
  • /data/data/####/agreement.6ea0b133eb89a0cc44c4.js
  • /data/data/####/agreement.html
  • /data/data/####/apply-cash.6ea0b133eb89a0cc44c4.js
  • /data/data/####/apply-cash.e697154288ac99a58588d199982acbb4.css
  • /data/data/####/apply-cash.html
  • /data/data/####/apply-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/apply-list.c22b512125d591dd2904ae8c0a5f9d20.css
  • /data/data/####/apply-list.html
  • /data/data/####/apply-success.315d80cd7aedbdf67134ccdbba947f56.css
  • /data/data/####/apply-success.6ea0b133eb89a0cc44c4.js
  • /data/data/####/apply-success.html
  • /data/data/####/banner_integral.jpg
  • /data/data/####/banner_share.png
  • /data/data/####/banner_submit.png
  • /data/data/####/bg_online.png
  • /data/data/####/bg_personal.png
  • /data/data/####/bg_popup.png
  • /data/data/####/bg_push.png
  • /data/data/####/bg_rise.png
  • /data/data/####/bg_status.png
  • /data/data/####/bind-alipay.6ea0b133eb89a0cc44c4.js
  • /data/data/####/bind-alipay.a1e2567b512492f3a93d2186d48c88ae.css
  • /data/data/####/bind-alipay.html
  • /data/data/####/bind-unionpay.6ea0b133eb89a0cc44c4.js
  • /data/data/####/bind-unionpay.a1e2567b512492f3a93d2186d48c88ae.css
  • /data/data/####/bind-unionpay.html
  • /data/data/####/bind-weixinwallet.6ea0b133eb89a0cc44c4.js
  • /data/data/####/bind-weixinwallet.a1e2567b512492f3a93d2186d48c88ae.css
  • /data/data/####/bind-weixinwallet.html
  • /data/data/####/bugly_db_-journal
  • /data/data/####/cache.manifest
  • /data/data/####/china.zip
  • /data/data/####/city.51f4cf02b22399636b9f602f68a7738c.css
  • /data/data/####/city.6ea0b133eb89a0cc44c4.js
  • /data/data/####/city.html
  • /data/data/####/city_1.json
  • /data/data/####/city_10.json
  • /data/data/####/city_100.json
  • /data/data/####/city_101.json
  • /data/data/####/city_102.json
  • /data/data/####/city_103.json
  • /data/data/####/city_104.json
  • /data/data/####/city_105.json
  • /data/data/####/city_106.json
  • /data/data/####/city_107.json
  • /data/data/####/city_108.json
  • /data/data/####/city_109.json
  • /data/data/####/city_11.json
  • /data/data/####/city_110.json
  • /data/data/####/city_111.json
  • /data/data/####/city_112.json
  • /data/data/####/city_113.json
  • /data/data/####/city_114.json
  • /data/data/####/city_115.json
  • /data/data/####/city_116.json
  • /data/data/####/city_117.json
  • /data/data/####/city_118.json
  • /data/data/####/city_119.json
  • /data/data/####/city_12.json
  • /data/data/####/city_120.json
  • /data/data/####/city_121.json
  • /data/data/####/city_122.json
  • /data/data/####/city_123.json
  • /data/data/####/city_124.json
  • /data/data/####/city_125.json
  • /data/data/####/city_126.json
  • /data/data/####/city_127.json
  • /data/data/####/city_128.json
  • /data/data/####/city_129.json
  • /data/data/####/city_13.json
  • /data/data/####/city_130.json
  • /data/data/####/city_131.json
  • /data/data/####/city_132.json
  • /data/data/####/city_133.json
  • /data/data/####/city_134.json
  • /data/data/####/city_135.json
  • /data/data/####/city_136.json
  • /data/data/####/city_137.json
  • /data/data/####/city_138.json
  • /data/data/####/city_139.json
  • /data/data/####/city_14.json
  • /data/data/####/city_140.json
  • /data/data/####/city_141.json
  • /data/data/####/city_142.json
  • /data/data/####/city_143.json
  • /data/data/####/city_144.json
  • /data/data/####/city_145.json
  • /data/data/####/city_146.json
  • /data/data/####/city_147.json
  • /data/data/####/city_148.json
  • /data/data/####/city_149.json
  • /data/data/####/city_15.json
  • /data/data/####/city_150.json
  • /data/data/####/city_151.json
  • /data/data/####/city_152.json
  • /data/data/####/city_153.json
  • /data/data/####/city_154.json
  • /data/data/####/city_155.json
  • /data/data/####/city_156.json
  • /data/data/####/city_157.json
  • /data/data/####/city_158.json
  • /data/data/####/city_159.json
  • /data/data/####/city_16.json
  • /data/data/####/city_160.json
  • /data/data/####/city_161.json
  • /data/data/####/city_162.json
  • /data/data/####/city_163.json
  • /data/data/####/city_164.json
  • /data/data/####/city_165.json
  • /data/data/####/city_166.json
  • /data/data/####/city_167.json
  • /data/data/####/city_168.json
  • /data/data/####/city_169.json
  • /data/data/####/city_17.json
  • /data/data/####/city_170.json
  • /data/data/####/city_171.json
  • /data/data/####/city_172.json
  • /data/data/####/city_173.json
  • /data/data/####/city_174.json
  • /data/data/####/city_175.json
  • /data/data/####/city_176.json
  • /data/data/####/city_177.json
  • /data/data/####/city_178.json
  • /data/data/####/city_179.json
  • /data/data/####/city_18.json
  • /data/data/####/city_180.json
  • /data/data/####/city_181.json
  • /data/data/####/city_182.json
  • /data/data/####/city_183.json
  • /data/data/####/city_184.json
  • /data/data/####/city_185.json
  • /data/data/####/city_186.json
  • /data/data/####/city_187.json
  • /data/data/####/city_188.json
  • /data/data/####/city_189.json
  • /data/data/####/city_19.json
  • /data/data/####/city_190.json
  • /data/data/####/city_191.json
  • /data/data/####/city_192.json
  • /data/data/####/city_193.json
  • /data/data/####/city_194.json
  • /data/data/####/city_195.json
  • /data/data/####/city_196.json
  • /data/data/####/city_197.json
  • /data/data/####/city_198.json
  • /data/data/####/city_199.json
  • /data/data/####/city_2.json
  • /data/data/####/city_20.json
  • /data/data/####/city_200.json
  • /data/data/####/city_201.json
  • /data/data/####/city_202.json
  • /data/data/####/city_203.json
  • /data/data/####/city_204.json
  • /data/data/####/city_205.json
  • /data/data/####/city_206.json
  • /data/data/####/city_207.json
  • /data/data/####/city_208.json
  • /data/data/####/city_209.json
  • /data/data/####/city_21.json
  • /data/data/####/city_210.json
  • /data/data/####/city_211.json
  • /data/data/####/city_212.json
  • /data/data/####/city_213.json
  • /data/data/####/city_214.json
  • /data/data/####/city_215.json
  • /data/data/####/city_216.json
  • /data/data/####/city_217.json
  • /data/data/####/city_218.json
  • /data/data/####/city_219.json
  • /data/data/####/city_22.json
  • /data/data/####/city_220.json
  • /data/data/####/city_221.json
  • /data/data/####/city_222.json
  • /data/data/####/city_223.json
  • /data/data/####/city_224.json
  • /data/data/####/city_225.json
  • /data/data/####/city_226.json
  • /data/data/####/city_227.json
  • /data/data/####/city_228.json
  • /data/data/####/city_229.json
  • /data/data/####/city_23.json
  • /data/data/####/city_230.json
  • /data/data/####/city_231.json
  • /data/data/####/city_232.json
  • /data/data/####/city_233.json
  • /data/data/####/city_234.json
  • /data/data/####/city_235.json
  • /data/data/####/city_236.json
  • /data/data/####/city_237.json
  • /data/data/####/city_238.json
  • /data/data/####/city_239.json
  • /data/data/####/city_24.json
  • /data/data/####/city_240.json
  • /data/data/####/city_241.json
  • /data/data/####/city_242.json
  • /data/data/####/city_243.json
  • /data/data/####/city_244.json
  • /data/data/####/city_245.json
  • /data/data/####/city_246.json
  • /data/data/####/city_247.json
  • /data/data/####/city_248.json
  • /data/data/####/city_249.json
  • /data/data/####/city_25.json
  • /data/data/####/city_250.json
  • /data/data/####/city_251.json
  • /data/data/####/city_252.json
  • /data/data/####/city_253.json
  • /data/data/####/city_254.json
  • /data/data/####/city_255.json
  • /data/data/####/city_256.json
  • /data/data/####/city_257.json
  • /data/data/####/city_258.json
  • /data/data/####/city_259.json
  • /data/data/####/city_26.json
  • /data/data/####/city_260.json
  • /data/data/####/city_261.json
  • /data/data/####/city_262.json
  • /data/data/####/city_263.json
  • /data/data/####/city_264.json
  • /data/data/####/city_265.json
  • /data/data/####/city_266.json
  • /data/data/####/city_267.json
  • /data/data/####/city_268.json
  • /data/data/####/city_269.json
  • /data/data/####/city_27.json
  • /data/data/####/city_270.json
  • /data/data/####/city_271.json
  • /data/data/####/city_272.json
  • /data/data/####/city_273.json
  • /data/data/####/city_274.json
  • /data/data/####/city_275.json
  • /data/data/####/city_276.json
  • /data/data/####/city_277.json
  • /data/data/####/city_278.json
  • /data/data/####/city_279.json
  • /data/data/####/city_28.json
  • /data/data/####/city_280.json
  • /data/data/####/city_281.json
  • /data/data/####/city_282.json
  • /data/data/####/city_283.json
  • /data/data/####/city_284.json
  • /data/data/####/city_285.json
  • /data/data/####/city_286.json
  • /data/data/####/city_287.json
  • /data/data/####/city_288.json
  • /data/data/####/city_289.json
  • /data/data/####/city_29.json
  • /data/data/####/city_290.json
  • /data/data/####/city_291.json
  • /data/data/####/city_292.json
  • /data/data/####/city_293.json
  • /data/data/####/city_294.json
  • /data/data/####/city_295.json
  • /data/data/####/city_296.json
  • /data/data/####/city_297.json
  • /data/data/####/city_298.json
  • /data/data/####/city_299.json
  • /data/data/####/city_3.json
  • /data/data/####/city_30.json
  • /data/data/####/city_300.json
  • /data/data/####/city_301.json
  • /data/data/####/city_302.json
  • /data/data/####/city_303.json
  • /data/data/####/city_304.json
  • /data/data/####/city_305.json
  • /data/data/####/city_306.json
  • /data/data/####/city_307.json
  • /data/data/####/city_308.json
  • /data/data/####/city_309.json
  • /data/data/####/city_31.json
  • /data/data/####/city_310.json
  • /data/data/####/city_311.json
  • /data/data/####/city_312.json
  • /data/data/####/city_313.json
  • /data/data/####/city_314.json
  • /data/data/####/city_315.json
  • /data/data/####/city_316.json
  • /data/data/####/city_317.json
  • /data/data/####/city_318.json
  • /data/data/####/city_319.json
  • /data/data/####/city_32.json
  • /data/data/####/city_320.json
  • /data/data/####/city_321.json
  • /data/data/####/city_322.json
  • /data/data/####/city_323.json
  • /data/data/####/city_324.json
  • /data/data/####/city_325.json
  • /data/data/####/city_326.json
  • /data/data/####/city_327.json
  • /data/data/####/city_328.json
  • /data/data/####/city_329.json
  • /data/data/####/city_33.json
  • /data/data/####/city_330.json
  • /data/data/####/city_331.json
  • /data/data/####/city_332.json
  • /data/data/####/city_333.json
  • /data/data/####/city_334.json
  • /data/data/####/city_335.json
  • /data/data/####/city_336.json
  • /data/data/####/city_337.json
  • /data/data/####/city_338.json
  • /data/data/####/city_339.json
  • /data/data/####/city_34.json
  • /data/data/####/city_340.json
  • /data/data/####/city_341.json
  • /data/data/####/city_342.json
  • /data/data/####/city_343.json
  • /data/data/####/city_344.json
  • /data/data/####/city_345.json
  • /data/data/####/city_35.json
  • /data/data/####/city_353.json
  • /data/data/####/city_36.json
  • /data/data/####/city_37.json
  • /data/data/####/city_373.json
  • /data/data/####/city_374.json
  • /data/data/####/city_375.json
  • /data/data/####/city_376.json
  • /data/data/####/city_377.json
  • /data/data/####/city_378.json
  • /data/data/####/city_379.json
  • /data/data/####/city_38.json
  • /data/data/####/city_380.json
  • /data/data/####/city_381.json
  • /data/data/####/city_382.json
  • /data/data/####/city_383.json
  • /data/data/####/city_384.json
  • /data/data/####/city_385.json
  • /data/data/####/city_386.json
  • /data/data/####/city_39.json
  • /data/data/####/city_4.json
  • /data/data/####/city_40.json
  • /data/data/####/city_41.json
  • /data/data/####/city_42.json
  • /data/data/####/city_43.json
  • /data/data/####/city_44.json
  • /data/data/####/city_45.json
  • /data/data/####/city_46.json
  • /data/data/####/city_47.json
  • /data/data/####/city_48.json
  • /data/data/####/city_49.json
  • /data/data/####/city_5.json
  • /data/data/####/city_50.json
  • /data/data/####/city_51.json
  • /data/data/####/city_52.json
  • /data/data/####/city_53.json
  • /data/data/####/city_54.json
  • /data/data/####/city_55.json
  • /data/data/####/city_56.json
  • /data/data/####/city_57.json
  • /data/data/####/city_58.json
  • /data/data/####/city_59.json
  • /data/data/####/city_6.json
  • /data/data/####/city_60.json
  • /data/data/####/city_61.json
  • /data/data/####/city_62.json
  • /data/data/####/city_63.json
  • /data/data/####/city_64.json
  • /data/data/####/city_65.json
  • /data/data/####/city_66.json
  • /data/data/####/city_67.json
  • /data/data/####/city_68.json
  • /data/data/####/city_69.json
  • /data/data/####/city_7.json
  • /data/data/####/city_70.json
  • /data/data/####/city_71.json
  • /data/data/####/city_72.json
  • /data/data/####/city_73.json
  • /data/data/####/city_74.json
  • /data/data/####/city_75.json
  • /data/data/####/city_76.json
  • /data/data/####/city_77.json
  • /data/data/####/city_78.json
  • /data/data/####/city_79.json
  • /data/data/####/city_8.json
  • /data/data/####/city_80.json
  • /data/data/####/city_81.json
  • /data/data/####/city_82.json
  • /data/data/####/city_83.json
  • /data/data/####/city_84.json
  • /data/data/####/city_85.json
  • /data/data/####/city_86.json
  • /data/data/####/city_87.json
  • /data/data/####/city_88.json
  • /data/data/####/city_89.json
  • /data/data/####/city_9.json
  • /data/data/####/city_90.json
  • /data/data/####/city_91.json
  • /data/data/####/city_92.json
  • /data/data/####/city_93.json
  • /data/data/####/city_94.json
  • /data/data/####/city_95.json
  • /data/data/####/city_96.json
  • /data/data/####/city_97.json
  • /data/data/####/city_98.json
  • /data/data/####/city_99.json
  • /data/data/####/classes.dex
  • /data/data/####/classes.oat
  • /data/data/####/classes2.dex
  • /data/data/####/com.doumi.jianzhi_preferences.xml
  • /data/data/####/complain-and-feedback.4bdfda9e4f383b2af1862c33355534d9.css
  • /data/data/####/complain-and-feedback.6ea0b133eb89a0cc44c4.js
  • /data/data/####/complain-and-feedback.html
  • /data/data/####/complain.6ea0b133eb89a0cc44c4.js
  • /data/data/####/complain.7980c6c7aea2143c96ce56e80109a2fe.css
  • /data/data/####/complain.html
  • /data/data/####/d360afb92b3baa7dfccc.worker.js
  • /data/data/####/default.png
  • /data/data/####/detail-address.59503821ef1f41e98126f813537afd33.css
  • /data/data/####/detail-address.6ea0b133eb89a0cc44c4.js
  • /data/data/####/detail-address.html
  • /data/data/####/detail.6ea0b133eb89a0cc44c4.js
  • /data/data/####/detail.ebf75fcdc9f582cd3c5e3721c9d02d6b.css
  • /data/data/####/detail.html
  • /data/data/####/dmdid
  • /data/data/####/domSetting
  • /data/data/####/duiba.6ea0b133eb89a0cc44c4.js
  • /data/data/####/duiba.a7a60e033645d0dca190f3e31023a712.css
  • /data/data/####/duiba.html
  • /data/data/####/earn-score.61c0fbcd843d117949557661693fc2af.css
  • /data/data/####/earn-score.6ea0b133eb89a0cc44c4.js
  • /data/data/####/earn-score.html
  • /data/data/####/favorite.6ea0b133eb89a0cc44c4.js
  • /data/data/####/favorite.c68f2dcfa5e9a789edabef148e945f71.css
  • /data/data/####/favorite.html
  • /data/data/####/feedback.6ea0b133eb89a0cc44c4.js
  • /data/data/####/feedback.de3a658eb74db4d95a24616187891964.css
  • /data/data/####/feedback.html
  • /data/data/####/getui_sp.xml
  • /data/data/####/gkt-journal
  • /data/data/####/gx_sp.xml
  • /data/data/####/icon.png
  • /data/data/####/icon_cate_check.png
  • /data/data/####/icon_cate_other.png
  • /data/data/####/icon_cate_promotion.png
  • /data/data/####/icon_cate_reg.png
  • /data/data/####/icon_cate_share.png
  • /data/data/####/icon_cate_survey.png
  • /data/data/####/icon_deliver.png
  • /data/data/####/icon_detail.png
  • /data/data/####/icon_form.png
  • /data/data/####/icon_index.png
  • /data/data/####/icon_online.png
  • /data/data/####/icon_toplist.png
  • /data/data/####/imkit.db-journal
  • /data/data/####/index.1e1629249f0e75d90aac5bd2f3fbb7a4.css
  • /data/data/####/index.6ea0b133eb89a0cc44c4.js
  • /data/data/####/index.html
  • /data/data/####/init.pid
  • /data/data/####/init_c1.pid
  • /data/data/####/integral-detail.64996027e40b814b33352dc8c7faa173.css
  • /data/data/####/integral-detail.6ea0b133eb89a0cc44c4.js
  • /data/data/####/integral-detail.html
  • /data/data/####/jianZhi.xml
  • /data/data/####/ker.db-journal
  • /data/data/####/libjiagu.so
  • /data/data/####/local_crash_lock
  • /data/data/####/local_crash_lock (deleted)
  • /data/data/####/login-captcha.6ea0b133eb89a0cc44c4.js
  • /data/data/####/login-captcha.cc0b3845d2bc01f6cbe3cd250c141e33.css
  • /data/data/####/login-captcha.html
  • /data/data/####/login-password.6ea0b133eb89a0cc44c4.js
  • /data/data/####/login-password.cc0b3845d2bc01f6cbe3cd250c141e33.css
  • /data/data/####/login-password.html
  • /data/data/####/main.dek
  • /data/data/####/msg-nearby-list.602bf68ed334bc441df97dd71d8509b4.css
  • /data/data/####/msg-nearby-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/msg-nearby-list.html
  • /data/data/####/msg-operations-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/msg-operations-list.b095fc005901ee4d33826d5e6f7a8a47.css
  • /data/data/####/msg-operations-list.html
  • /data/data/####/msg-preference-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/msg-preference-list.f877583be1566e89ee3aa0e5f817be86.css
  • /data/data/####/msg-preference-list.html
  • /data/data/####/msg-sys-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/msg-sys-list.8a3ff5688d8aec1bc823b8625a69f812.css
  • /data/data/####/msg-sys-list.html
  • /data/data/####/nearby-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/nearby-list.f6f68731312f92c5f9050535eabb6b9f.css
  • /data/data/####/nearby-list.html
  • /data/data/####/no-idencode.6ea0b133eb89a0cc44c4.js
  • /data/data/####/no-idencode.f729027e2c6702d23ee98c53d6b32a7e.css
  • /data/data/####/no-idencode.html
  • /data/data/####/offline-invite-bonus.3deabdad4a2df2e4f76304bd86208e57.css
  • /data/data/####/offline-invite-bonus.6ea0b133eb89a0cc44c4.js
  • /data/data/####/offline-invite-bonus.html
  • /data/data/####/offline-invite-list.3deabdad4a2df2e4f76304bd86208e57.css
  • /data/data/####/offline-invite-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/offline-invite-list.html
  • /data/data/####/offline-share.3deabdad4a2df2e4f76304bd86208e57.css
  • /data/data/####/offline-share.6ea0b133eb89a0cc44c4.js
  • /data/data/####/offline-share.html
  • /data/data/####/online-complain-select.21dd22f824dd4df19ec2081e...42.css
  • /data/data/####/online-complain-select.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-complain-select.html
  • /data/data/####/online-complain.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-complain.7980c6c7aea2143c96ce56e80109a2fe.css
  • /data/data/####/online-complain.html
  • /data/data/####/online-detail.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-detail.c43fa0493203c3f72beb78dab4ad2ce5.css
  • /data/data/####/online-detail.html
  • /data/data/####/online-income.30f2fa86a81bdaf2f1412f0fbbc1a5b2.css
  • /data/data/####/online-income.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-income.html
  • /data/data/####/online-index.2dfb7fcd597aec0877981ccefae0a6af.css
  • /data/data/####/online-index.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-index.html
  • /data/data/####/online-personal.21dd22f824dd4df19ec2081e90734942.css
  • /data/data/####/online-personal.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-personal.html
  • /data/data/####/online-prefecture.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-prefecture.d42df0929a7be24655b20ad34c6e9276.css
  • /data/data/####/online-prefecture.html
  • /data/data/####/online-retrial.67b44016e242a4ae19fb24f012e68554.css
  • /data/data/####/online-retrial.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-retrial.html
  • /data/data/####/online-submit-detail.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-submit-detail.c9984cac2f79c19805957621b495a571.css
  • /data/data/####/online-submit-detail.html
  • /data/data/####/online-submit-success.67b44016e242a4ae19fb24f012e68554.css
  • /data/data/####/online-submit-success.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-submit-success.html
  • /data/data/####/online-submit.6ea0b133eb89a0cc44c4.js
  • /data/data/####/online-submit.b44b73961e4ef97ea8c61b9b5cadc29f.css
  • /data/data/####/online-submit.html
  • /data/data/####/pay.png
  • /data/data/####/perfect-resume.6ea0b133eb89a0cc44c4.js
  • /data/data/####/perfect-resume.eb38023a51fde677f3d96d8ae9547362.css
  • /data/data/####/perfect-resume.html
  • /data/data/####/prefecture.6ea0b133eb89a0cc44c4.js
  • /data/data/####/prefecture.c211f464aeb0f8540a728c002684ec67.css
  • /data/data/####/prefecture.html
  • /data/data/####/preferences-job-type-select.468d4ef5c2f6b3ccebe...c7.css
  • /data/data/####/preferences-job-type-select.6ea0b133eb89a0cc44c4.js
  • /data/data/####/preferences-job-type-select.html
  • /data/data/####/preferences.6ea0b133eb89a0cc44c4.js
  • /data/data/####/preferences.a2ad6db3974247b4360fbf8963270593.css
  • /data/data/####/preferences.html
  • /data/data/####/proc_auxv
  • /data/data/####/provinces.json
  • /data/data/####/ptj_icons.png
  • /data/data/####/push.pid
  • /data/data/####/pushext.db-journal
  • /data/data/####/pushg.db-journal
  • /data/data/####/pushk.db-journal
  • /data/data/####/pushsdk.db-journal
  • /data/data/####/rapidly-apply.6ea0b133eb89a0cc44c4.js
  • /data/data/####/rapidly-apply.8be0e3ddf8af4be1d305c615376e63ee.css
  • /data/data/####/rapidly-apply.html
  • /data/data/####/recommend-list.4055f935219dcdfb7f59c262a9b002a0.css
  • /data/data/####/recommend-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/recommend-list.html
  • /data/data/####/register.6ea0b133eb89a0cc44c4.js
  • /data/data/####/register.cc0b3845d2bc01f6cbe3cd250c141e33.css
  • /data/data/####/register.html
  • /data/data/####/reset.6ea0b133eb89a0cc44c4.js
  • /data/data/####/reset.d9278c020698ec68ad818796bc3e6760.css
  • /data/data/####/reset.html
  • /data/data/####/resume.42c07b56b1d0f47a54e6ec4bfb17b631.css
  • /data/data/####/resume.6ea0b133eb89a0cc44c4.js
  • /data/data/####/resume.html
  • /data/data/####/run.pid
  • /data/data/####/search.6ea0b133eb89a0cc44c4.js
  • /data/data/####/search.dec717983937e0f00dd0de7affe32674.css
  • /data/data/####/search.html
  • /data/data/####/security_info
  • /data/data/####/selectiveperfect-list.616450fb679fff5cb5ed05b0a280ba82.css
  • /data/data/####/selectiveperfect-list.6ea0b133eb89a0cc44c4.js
  • /data/data/####/selectiveperfect-list.html
  • /data/data/####/set-resume-success.6ea0b133eb89a0cc44c4.js
  • /data/data/####/set-resume-success.7ef6c2ed0528ea78794352c599fa7cb7.css
  • /data/data/####/set-resume-success.html
  • /data/data/####/settings.6ea0b133eb89a0cc44c4.js
  • /data/data/####/settings.708c17f45329c59c1e0addcee5ed3e3b.css
  • /data/data/####/settings.html
  • /data/data/####/sign-in.5daed9fa7b1b4235352fab318ab7f831.css
  • /data/data/####/sign-in.6ea0b133eb89a0cc44c4.js
  • /data/data/####/sign-in.html
  • /data/data/####/td.lock
  • /data/data/####/tdata_CoH340
  • /data/data/####/tdata_CoH340.dex
  • /data/data/####/tdata_CoH340.dex.flock (deleted)
  • /data/data/####/tdata_CoH340.jar
  • /data/data/####/tdata_GKM601
  • /data/data/####/tdata_GKM601.dex
  • /data/data/####/tdata_GKM601.dex.flock (deleted)
  • /data/data/####/tdata_GKM601.jar
  • /data/data/####/tdata_jFf739
  • /data/data/####/tdata_jFf739.dex
  • /data/data/####/tdata_jFf739.dex.flock (deleted)
  • /data/data/####/tdata_jFf739.jar
  • /data/data/####/tdata_pKX830
  • /data/data/####/tdata_pKX830.dex
  • /data/data/####/tdata_pKX830.dex.flock (deleted)
  • /data/data/####/tdata_pKX830.jar
  • /data/data/####/tdid.xml
  • /data/data/####/tdlock.txt
  • /data/data/####/tmp.zip
  • /data/data/####/tydMoblieAgent_sys_config.xml
  • /data/data/####/tydMoblieAgent_sys_config.xml.bak
  • /data/data/####/vendors.js
  • /data/data/####/wallet.6ea0b133eb89a0cc44c4.js
  • /data/data/####/wallet.b1c8ce53fde7e49017670c0a8d61925a.css
  • /data/data/####/wallet.html
  • /data/media/####/.cuid
  • /data/media/####/.nomedia
  • /data/media/####/.tcookieid
  • /data/media/####/BeLog_1633240434534.log
  • /data/media/####/app.db
  • /data/media/####/com.doumi.jianzhi.bin
  • /data/media/####/com.doumi.jianzhi.db
  • /data/media/####/com.getui.sdk.deviceId.db
  • /data/media/####/com.igexin.sdk.deviceId.db
  • /data/media/####/dmdid
  • /data/media/####/domSetting
  • /data/media/####/gkt
  • /data/media/####/gkt-journal
  • /data/media/####/gktper
  • /data/media/####/journal
  • /data/media/####/rcprotocol.log
  • /data/media/####/tdata_CoH340
  • /data/media/####/tdata_GKM601
  • /data/media/####/tdata_jFf739
  • /data/media/####/tdata_pKX830
  • /data/media/####/test.log
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/cat /proc/cpuinfo
  • /system/bin/sh -c type su
  • cat /proc/uid_stat/10065/tcp_rcv
  • cat /proc/uid_stat/10065/tcp_snd
  • chmod 755 /data/user/0/<Package>/.jiagu/libjiagu.so
  • getprop ro.board.platform
  • mount
  • sh
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • AES-CFB-NoPadding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • RSA-ECB-PKCS1Padding
  • RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS7Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play