PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Android.Siggen.8134

Added to the Dr.Web virus database: 2018-06-13

Virus description added:

Technical information

Malicious functions:
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) mo####.zhu####.s####.com:80
  • TCP(HTTP/1.1) sh####.360t####.com:80
  • TCP(HTTP/1.1) dl.zhu####.s####.####.com:80
  • TCP(HTTP/1.1) get.s####.com:80
  • TCP(HTTP/1.1) down####.zhu####.s####.####.com:80
  • TCP(HTTP/1.1) and####.b####.qq.com:80
  • TCP(HTTP/1.1) p19.q####.com:80
  • TCP(HTTP/1.1) ope####.mob####.360.cn:80
  • TCP(HTTP/1.1) amdc####.m.ta####.com:80
  • TCP(HTTP/1.1) thi####.q####.cn:80
  • TCP(HTTP/1.1) q.q####.cn:80
  • TCP(HTTP/1.1) i####.sogo####.com.####.com:80
  • TCP(HTTP/1.1) de####.ping####.zhu####.####.com:80
  • TCP(TLS/1.0) msg.umengc####.com:443
  • TCP(TLS/1.0) mo####.zhu####.s####.com:443
  • TCP 1####.11.52.16:443
  • TCP umengj####.m.ta####.com:443
DNS requests:
  • ag####.m.ta####.com
  • amdc####.m.ta####.com
  • and####.b####.qq.com
  • d####.zhu####.s####.com
  • de####.ping####.zhu####.####.com
  • dl.zhu####.s####.com
  • down####.zhu####.s####.com
  • get.s####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • i####.sogo####.com
  • img.sogo####.com
  • mo####.zhu####.s####.com
  • msg.umengc####.com
  • ope####.mob####.360.cn
  • p####.s####.com
  • p19.q####.com
  • q.q####.cn
  • sh####.360t####.com
  • thi####.q####.cn
  • thi####.q####.cn
  • umen####.m.ta####.com
  • umengj####.m.ta####.com
  • wap.s####.com
  • wx.q####.cn
HTTP GET requests:
  • de####.ping####.zhu####.####.com/?_dv=####&_di=Fi7####&_dc=CUh####
  • dl.zhu####.s####.####.com/oglxr/open/files/year_2018/day_20180608/152887...
  • down####.zhu####.s####.####.com/focusimage/3a/f2/3af22b914b0b7ca32855d40...
  • i####.sogo####.com.####.com/app/a/100540008/26630396ff3f9a06bcf5b8e333f8...
  • i####.sogo####.com.####.com/app/a/100540008/28585bed94c81dbd47144ceabdd4...
  • i####.sogo####.com.####.com/app/a/100540008/2cfa1a0f00097a19ea57f41c5601...
  • i####.sogo####.com.####.com/app/a/100540008/30cf3c96bf4bc5d6b2d9c12569b5...
  • i####.sogo####.com.####.com/app/a/100540008/34224090419eb89b8574381e2bcc...
  • i####.sogo####.com.####.com/app/a/100540008/39c141fa0caca68a18632be83a44...
  • i####.sogo####.com.####.com/app/a/100540008/469c8dbe3ee3f02b767f7ad2bad7...
  • i####.sogo####.com.####.com/app/a/100540008/4888616af8568bdff49f9619d891...
  • i####.sogo####.com.####.com/app/a/100540008/48fa962515fdb1bd0f0f90c2d044...
  • i####.sogo####.com.####.com/app/a/100540008/52f24bf3b02b8b454f95860d8e00...
  • i####.sogo####.com.####.com/app/a/100540008/5c104db52fa67016190549ac7231...
  • i####.sogo####.com.####.com/app/a/100540008/6c46caf06ff6862f20f63001a39d...
  • i####.sogo####.com.####.com/app/a/100540008/6d0bbf605a03f67673dbb4ffe3ce...
  • i####.sogo####.com.####.com/app/a/100540008/725aea4b93836bd17c24507b0b5e...
  • i####.sogo####.com.####.com/app/a/100540008/7b0c7616cc599eb705a7607a4128...
  • i####.sogo####.com.####.com/app/a/100540008/84ffb22faf2c58b23f59603e2a92...
  • i####.sogo####.com.####.com/app/a/100540008/86a232c9961dc79354fa76295492...
  • i####.sogo####.com.####.com/app/a/100540008/8856f02a5865e732c6bd35f49d68...
  • i####.sogo####.com.####.com/app/a/100540008/9e517b0ec8e327bfc5c567d25101...
  • i####.sogo####.com.####.com/app/a/100540008/a4505bdc37aa05b36d84c3f92bbe...
  • i####.sogo####.com.####.com/app/a/100540008/a616ea3e789c811a229e434376c2...
  • i####.sogo####.com.####.com/app/a/100540008/bd4eaf1ce529c60f9f83bb1007aa...
  • i####.sogo####.com.####.com/app/a/100540008/c3811325d84b37389b99ce8e4537...
  • i####.sogo####.com.####.com/app/a/100540008/de3f94fa11aff9d99d5c6e8da315...
  • i####.sogo####.com.####.com/app/a/100540008/e387e5923256e9d53cb1fa15f8df...
  • i####.sogo####.com.####.com/app/a/100540008/f2fe1ac477b6e5606c348b57c12e...
  • i####.sogo####.com.####.com/app/a/100540008/f5667f298647dce3f2dfc80836ab...
  • i####.sogo####.com.####.com/app/a/100540008/f7e990b23cbbce023fd8e5605654...
  • i####.sogo####.com.####.com/app/a/100540008/f7ece45ef1fa60bdd1824943f9d0...
  • i####.sogo####.com.####.com/app/a/100540008/ffeb069b3889043a7c6c9a916ee3...
  • i####.sogo####.com.####.com/app/a/100540014/165d1efa790337f748bdea632933...
  • i####.sogo####.com.####.com/app/a/100540014/1f5a6c3ee91678d352176d5d33b1...
  • i####.sogo####.com.####.com/app/a/100540014/214e7f291519d0625c1796f7772f...
  • i####.sogo####.com.####.com/app/a/100540014/6f8a6b8a9ca0943a43c18b56e9fb...
  • i####.sogo####.com.####.com/app/a/100540014/743bc61b0a4069ccb628e0580a87...
  • i####.sogo####.com.####.com/app/a/100540014/744a72decfda6ef7b3cb878c2f8a...
  • i####.sogo####.com.####.com/app/a/100540014/8318296967e50b1230bbfc40b897...
  • i####.sogo####.com.####.com/app/a/100540014/85dafda0677709f0492beabb9e8a...
  • i####.sogo####.com.####.com/app/a/100540014/8bbf998b88aacd5daca1e7e1970b...
  • i####.sogo####.com.####.com/app/a/100540014/9bede4fd7b92525f92ae11a0390d...
  • i####.sogo####.com.####.com/app/a/100540014/a453ba3ce231ce4463616bd4b318...
  • i####.sogo####.com.####.com/app/a/100540014/aaf6a4395581ec193fe16a9606f6...
  • i####.sogo####.com.####.com/app/a/100540014/bf2676035aa63cb23f5358182367...
  • i####.sogo####.com.####.com/app/a/100540014/c90998fc7629d1e5971117e68100...
  • i####.sogo####.com.####.com/app/a/100540020/0782d23a4b02b2a4c408e7793ead...
  • i####.sogo####.com.####.com/app/a/100540020/08947b85d7d4f0da1a713d9cb931...
  • i####.sogo####.com.####.com/app/a/100540020/0cd08ca1cbb2f9a9c2ac601bb524...
  • i####.sogo####.com.####.com/app/a/100540020/117143034727dd6b84aa06f7e889...
  • i####.sogo####.com.####.com/app/a/100540020/11e31003d23fc57c36052efc1ab1...
  • i####.sogo####.com.####.com/app/a/100540020/14d897bf9ae2a04e35c6c3a4e25d...
  • i####.sogo####.com.####.com/app/a/100540020/1990250e2665883e86d2ace5e57e...
  • i####.sogo####.com.####.com/app/a/100540020/1a19d956fda7d5861aa7b1805651...
  • i####.sogo####.com.####.com/app/a/100540020/1f972aa1156b566104f787f5fb93...
  • i####.sogo####.com.####.com/app/a/100540020/22861e4f6c8e9277bbf5cfc42356...
  • i####.sogo####.com.####.com/app/a/100540020/24c08fb8b42ad9554e5fce45108f...
  • i####.sogo####.com.####.com/app/a/100540020/24e2b39a4b5d9bf0dfdc38df055f...
  • i####.sogo####.com.####.com/app/a/100540020/252dd363c3e85ccbb0835cb474f8...
  • i####.sogo####.com.####.com/app/a/100540020/26630396ff3f9a06bcf5b8e333f8...
  • i####.sogo####.com.####.com/app/a/100540020/28585bed94c81dbd47144ceabdd4...
  • i####.sogo####.com.####.com/app/a/100540020/2bd665e9e3bf1e43213b90f1a281...
  • i####.sogo####.com.####.com/app/a/100540020/2db830a7b68dd8d084a017575c6b...
  • i####.sogo####.com.####.com/app/a/100540020/2e8f6ec054883c23b5d89f0d3ded...
  • i####.sogo####.com.####.com/app/a/100540020/2ec8e3070ca68e4ab3b52156db6c...
  • i####.sogo####.com.####.com/app/a/100540020/302352fc084c8274ea84bb3fbe2b...
  • i####.sogo####.com.####.com/app/a/100540020/31b0b043022fb8b91eae853c7143...
  • i####.sogo####.com.####.com/app/a/100540020/37044c16e39a7ccc491dbb8beaba...
  • i####.sogo####.com.####.com/app/a/100540020/38164ecf0156d4cbcd2636c68ea4...
  • i####.sogo####.com.####.com/app/a/100540020/39c141fa0caca68a18632be83a44...
  • i####.sogo####.com.####.com/app/a/100540020/3aa93a5a691140b424d3e3934538...
  • i####.sogo####.com.####.com/app/a/100540020/3d9241daa570dc088c5a2ea5f858...
  • i####.sogo####.com.####.com/app/a/100540020/4801f7696a27266f10147ae6d17f...
  • i####.sogo####.com.####.com/app/a/100540020/48fa962515fdb1bd0f0f90c2d044...
  • i####.sogo####.com.####.com/app/a/100540020/4908d1d3c144949fbb6d58f93cc6...
  • i####.sogo####.com.####.com/app/a/100540020/4966139875e55db153d535c408cb...
  • i####.sogo####.com.####.com/app/a/100540020/4bceaf52b9fbcf87711452fdc80a...
  • i####.sogo####.com.####.com/app/a/100540020/4d86bdfb784300c0cc79ec551aad...
  • i####.sogo####.com.####.com/app/a/100540020/56cd132b055a9390604b02008f26...
  • i####.sogo####.com.####.com/app/a/100540020/574bd3967a88aedbc64eb608cd16...
  • i####.sogo####.com.####.com/app/a/100540020/5ca626f0aaacaf485b239f7e92a3...
  • i####.sogo####.com.####.com/app/a/100540020/5ef207d552f8390f703422270356...
  • i####.sogo####.com.####.com/app/a/100540020/5f8c2769d4491ab2bafe7a5275f7...
  • i####.sogo####.com.####.com/app/a/100540020/627d20888738e60baeccdff7df0a...
  • i####.sogo####.com.####.com/app/a/100540020/66473fbeab6cbf4ddb024a9db0b4...
  • i####.sogo####.com.####.com/app/a/100540020/6c46caf06ff6862f20f63001a39d...
  • i####.sogo####.com.####.com/app/a/100540020/6d0bbf605a03f67673dbb4ffe3ce...
  • i####.sogo####.com.####.com/app/a/100540020/6ddf99c3ce818279f9d7993522df...
  • i####.sogo####.com.####.com/app/a/100540020/72b9e8beb37310faa5f505ba801b...
  • i####.sogo####.com.####.com/app/a/100540020/7419b4916f9397a873522d64865d...
  • i####.sogo####.com.####.com/app/a/100540020/7586bf6616cd7395603b38170567...
  • i####.sogo####.com.####.com/app/a/100540020/782fece6825600dba2093d7f7469...
  • i####.sogo####.com.####.com/app/a/100540020/791e88b6e55c51b42198ed186e88...
  • i####.sogo####.com.####.com/app/a/100540020/7a96066153e5e9cafaf427d5a80e...
  • i####.sogo####.com.####.com/app/a/100540020/7c59818ab36d40a0e912adae875d...
  • i####.sogo####.com.####.com/app/a/100540020/80da89ad040f14b53fe66fe9d34f...
  • i####.sogo####.com.####.com/app/a/100540020/83a86695db0b979069d01a07abc2...
  • i####.sogo####.com.####.com/app/a/100540020/88e2e64c2e5f39d4cafa6894cdf2...
  • i####.sogo####.com.####.com/app/a/100540020/8a6aef0243527ba3cb1479f24a62...
  • i####.sogo####.com.####.com/app/a/100540020/8fba00e988b7ccdd29d96d69640d...
  • i####.sogo####.com.####.com/app/a/100540020/973c14c51a955fa0f075e3e037e5...
  • i####.sogo####.com.####.com/app/a/100540020/a05dd6ef48d0afc7d5a492971689...
  • i####.sogo####.com.####.com/app/a/100540020/a26e5314ad05dcdecfabb3e3662d...
  • i####.sogo####.com.####.com/app/a/100540020/a535c3361e5583401dd8776d08ef...
  • i####.sogo####.com.####.com/app/a/100540020/a6086a0916132d2cb130d1aa0881...
  • i####.sogo####.com.####.com/app/a/100540020/a6454774bcff24cec9cb1333b862...
  • i####.sogo####.com.####.com/app/a/100540020/afa78f504d2669eecaafcf6b9a39...
  • i####.sogo####.com.####.com/app/a/100540020/b0158cb8178bf3fbf50cd111fa31...
  • i####.sogo####.com.####.com/app/a/100540020/b29f7a50035c2400f0923d0a9b5e...
  • i####.sogo####.com.####.com/app/a/100540020/b31c71f72cf344a91d9b6ae64262...
  • i####.sogo####.com.####.com/app/a/100540020/b55c64738f1f328edc9e5db834b0...
  • i####.sogo####.com.####.com/app/a/100540020/b99dc21dc713227a7756b28f7aa9...
  • i####.sogo####.com.####.com/app/a/100540020/bc4840f1f25a3136c21ae23393e2...
  • i####.sogo####.com.####.com/app/a/100540020/bc7834a66ea9767990f07cf42234...
  • i####.sogo####.com.####.com/app/a/100540020/bd4eaf1ce529c60f9f83bb1007aa...
  • i####.sogo####.com.####.com/app/a/100540020/be2c29c342458bd36a3108a4f935...
  • i####.sogo####.com.####.com/app/a/100540020/c3faf7299b651b0f12cee473bae9...
  • i####.sogo####.com.####.com/app/a/100540020/c5acc987ad03efed43b16e1ac015...
  • i####.sogo####.com.####.com/app/a/100540020/caa6779851c7d14002051f8b9a42...
  • i####.sogo####.com.####.com/app/a/100540020/cb483dcd6c2613f6b0d62e938a2e...
  • i####.sogo####.com.####.com/app/a/100540020/cbbdacacb18b3c1c9ab002554618...
  • i####.sogo####.com.####.com/app/a/100540020/cf0718631b8b16ca8a8c18bda178...
  • i####.sogo####.com.####.com/app/a/100540020/d7fee2977ac63b10de6e5d9fba28...
  • i####.sogo####.com.####.com/app/a/100540020/d9f9b7477412ddbe4374e375fccc...
  • i####.sogo####.com.####.com/app/a/100540020/da50f25af4b34e9c0fbdd10acb90...
  • i####.sogo####.com.####.com/app/a/100540020/de11abafc967007bb25dacf33237...
  • i####.sogo####.com.####.com/app/a/100540020/de1576a6630e89d7639603ee01f5...
  • i####.sogo####.com.####.com/app/a/100540020/ded670eebbadad4e143975654f2e...
  • i####.sogo####.com.####.com/app/a/100540020/e121ddd2552582cd63970dd3d258...
  • i####.sogo####.com.####.com/app/a/100540020/e1bbc46b460b5d0cd7ed2bc829d2...
  • i####.sogo####.com.####.com/app/a/100540020/e5e6fc4c93fb2bb7989d6e79e768...
  • i####.sogo####.com.####.com/app/a/100540020/e62907f25df420cb04cf33e9c33b...
  • i####.sogo####.com.####.com/app/a/100540020/f3fef5c0b5b588aeaa573e902db0...
  • i####.sogo####.com.####.com/app/a/100540020/f6cf01a9b8f7197a1460f775a1a2...
  • i####.sogo####.com.####.com/app/a/100540020/f7e990b23cbbce023fd8e5605654...
  • i####.sogo####.com.####.com/app/a/100540020/fa3c5f2d260f04df97cf0d5438d4...
  • i####.sogo####.com.####.com/app/a/100540020/fa85af1f9cd265aa7424e67badf2...
  • i####.sogo####.com.####.com/app/a/100540020/fdc77f33a4404fd9b99905330aaa...
  • i####.sogo####.com.####.com/app/a/100540020/ffe5fd4ff8635e6d4fa781dd1dc9...
  • i####.sogo####.com.####.com/app/a/100540020/ffeb069b3889043a7c6c9a916ee3...
  • i####.sogo####.com.####.com/app/a/11220004/0a5363a6f3e948054655b0d42297f...
  • i####.sogo####.com.####.com/app/a/11220004/0a9b038f6064ae2ec3f2c5e07973b...
  • i####.sogo####.com.####.com/app/a/11220004/0ab9f8d5691febdd62d9c49ceb24e...
  • i####.sogo####.com.####.com/app/a/11220004/20018e5b5a41d79769ac1c33e0663...
  • i####.sogo####.com.####.com/app/a/11220004/5a79e4efd20ec5b6790d07358cab9...
  • i####.sogo####.com.####.com/app/a/11220004/5f60ff3de152c4bdfe935495a1aa0...
  • i####.sogo####.com.####.com/app/a/11220004/66d56ca90c9cabebf2b90858c9040...
  • i####.sogo####.com.####.com/app/a/11220004/6b540beaecc2ed371138c3b7e58c9...
  • i####.sogo####.com.####.com/app/a/11220004/746a19b8088b265a60340ea988037...
  • i####.sogo####.com.####.com/app/a/11220004/77809956cb6d8a56e9cee93540607...
  • i####.sogo####.com.####.com/app/a/11220004/790d0c1615b0595f7eacd8f298bc8...
  • i####.sogo####.com.####.com/app/a/11220004/8a211ddc7bea1cdf624b8a519741f...
  • i####.sogo####.com.####.com/app/a/11220004/a3ae05e956e7fe6bfd019b65e74e7...
  • i####.sogo####.com.####.com/app/a/11220004/a9053c125f4045edbe08eba1109f0...
  • i####.sogo####.com.####.com/app/a/11220004/aa386e8fbaf2f7e2932e5dcf4ea0d...
  • i####.sogo####.com.####.com/app/a/11220004/b930abbd5785a34f35db9e264cbcf...
  • i####.sogo####.com.####.com/app/a/11220004/bc90208d40926fb7da1a94ad1adb2...
  • i####.sogo####.com.####.com/app/a/11220004/bee4515b249bea7c67d768f27648b...
  • i####.sogo####.com.####.com/app/a/11220004/c1a9ac5fa1a7325006a5ce37e6efd...
  • i####.sogo####.com.####.com/app/a/11220004/d28b18da44555ac2edd13192b33e5...
  • i####.sogo####.com.####.com/app/a/11220004/d2fb5fb271dfe83344029579eb96d...
  • i####.sogo####.com.####.com/app/a/11220004/e353f4bbc6d12b0e51fc9cf8072e9...
  • i####.sogo####.com.####.com/app/a/11220004/e378f6c5e9c4bfa6fd68a022fe19f...
  • i####.sogo####.com.####.com/app/a/11220004/e90fdb6292ce9c947f287ecc0ceef...
  • i####.sogo####.com.####.com/app/a/11220004/efe4f801929fa519a835a20cdf5a4...
  • i####.sogo####.com.####.com/app/a/11220004/fbc907204b63d87ad3957b38ec9fc...
  • mo####.zhu####.s####.com/android/app/getcomment.html?iv=####&appid=####&...
  • mo####.zhu####.s####.com/android/checkjarupdate.html?uid=####&vn=####&ch...
  • mo####.zhu####.s####.com/android/config/device.html?iv=####&uid=####&vn=...
  • mo####.zhu####.s####.com/android/config/device_entry.html?iv=####&rom=##...
  • mo####.zhu####.s####.com/android/downbind.html?iv=####&etoken=####&token...
  • mo####.zhu####.s####.com/android/download.html?app_id=####&sogouid=####&...
  • mo####.zhu####.s####.com/android/folder/ads/link.html?iv=####&type=####&...
  • mo####.zhu####.s####.com/android/list/relation.html?s=####&iv=####&l=###...
  • mo####.zhu####.s####.com/android/nav/config.html?iv=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/android/news/channel.html?&uid=####&vn=####&cha...
  • mo####.zhu####.s####.com/android/notify.html?uid=####&vn=####&channel=##...
  • mo####.zhu####.s####.com/android/popup.html?iv=####&gid=####&dpi=####&ui...
  • mo####.zhu####.s####.com/android/residentRec.html?iv=####&uid=####&vn=##...
  • mo####.zhu####.s####.com/android/serverconfig.html?iv=####&mf=####&on=##...
  • mo####.zhu####.s####.com/android/sosodetail.html?iv=####&sosoid=####&uid...
  • mo####.zhu####.s####.com/android/weather.html?iv=####&bts=####&type=####...
  • mo####.zhu####.s####.com/app/redir.jsp?appdown=####&u=####&docid=####&so...
  • mo####.zhu####.s####.com/m/appDetail.html?id=####&iv=####&imei=####&uid=...
  • mo####.zhu####.s####.com/m/author.html?l=####&aid=####&s=####&iv=####&q=...
  • mo####.zhu####.s####.com/m/focus.html?iv=####&tid=####&uid=####&vn=####&...
  • mo####.zhu####.s####.com/m/install.html?iv=####&is_first=####&uid=####&v...
  • mo####.zhu####.s####.com/m/likeApp.html?iv=####&tid=####&uid=####&vn=###...
  • mo####.zhu####.s####.com/m/recommend.html?s=####&token=####&iv=####&c=##...
  • mo####.zhu####.s####.com/misc/root/gets.html?key=####&ret=####&uid=####&...
  • ope####.mob####.360.cn/third/download?downloadUrl=####&softId=####&from=...
  • p19.q####.com/t01b3df7f3be562fba3.png
  • q.q####.cn/qqapp/100294784/F53E688021C46F6E71708A661FB010BA/100
  • q.q####.cn/qqapp/100863168/2C618B8D5053CE1AC5AB33192C958614/100
  • q.q####.cn/qqapp/111111/942FEA70050EEAFBD4DCE2C1FC775E56/100
  • sh####.360t####.com/171030/d1e939d7fb9418c3beb4136b4fac7cf8/com.koalarea...
  • thi####.q####.cn/mmopen/vi_32/7DL88WEw0QtymX2JEU6BeVRoyEMY7GIjMDAZicrmtG...
  • thi####.q####.cn/mmopen/vi_32/Ct8bt215turia2swwwhpWoNHevbD06a8MEVSNAiczZ...
  • thi####.q####.cn/mmopen/vi_32/DYAIOgq83eqiapAjacdYPLFYmo954jQjs3TvYk6M0x...
  • thi####.q####.cn/mmopen/vi_32/DYAIOgq83erlVIoTMeVnzuOJOKibmWYD9zdKZNLzLJ...
  • thi####.q####.cn/mmopen/vi_32/Dq9aexwXj74mibiadI8J2kiaJ7byTPicR6IbazEbAg...
  • thi####.q####.cn/mmopen/vi_32/PiajxSqBRaEIs26et3IDce2rKg0WD0GJ53cwFPEGEV...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTKkNe9F8w96ibZzh3EEek5S0qZIcqJRtf...
  • thi####.q####.cn/mmopen/vi_32/Q0j4TwGTfTL6ZcBXZW1ulF32HP4vMtV0Vb8NEnQQic...
  • thi####.q####.cn/mmopen/vi_32/VTYt97zibibax2ibjcE5O99TpGaC00OiaUuqMIPU9C...
  • thi####.q####.cn/mmopen/vi_32/Zaz37z7HyicHAiadznOaibPcR6y3beU3sl1ejUscx2...
  • thi####.q####.cn/mmopen/vi_32/cKbKTI2aTNhTH7mBbG6yB0ic4dBfld0SE6mRrpP7Yv...
  • thi####.q####.cn/mmopen/vi_32/fIZGRSYm9PwRTp7QMxG5pCNb7I1IU5hvfpibRCT6Mf...
  • thi####.q####.cn/mmopen/vi_32/iayg5kPqZqUTAazsltnvzXmXlMU6l6qGru7IOq1tcK...
  • thi####.q####.cn/mmopen/vi_32/picvSwnMrbfV7c50KsIfkzfqjKiaG8AZfJL6YoTSsi...
  • thi####.q####.cn/mmopen/vi_32/u5V4gfcRMYgn4rvVibfpAWqN5oTg1iady4H1I3Ursn...
  • thi####.q####.cn/mmopen/vi_32/y37JDvtHMcw5QzjiafXpibRQ0bIt5j1H9J2XeBQwpy...
  • thi####.q####.cn/qqapp/100294784/98D2D500F8BB7A1DF7B91401DB2673F0/100
  • thi####.q####.cn/qqapp/100863168/4748395E53011B3128C982DF94A0735D/100
  • thi####.q####.cn/qqapp/100863168/AEA40D75C751691C7A3B94435D50FF20/100
  • thi####.q####.cn/qqapp/100863168/B7F6D5BE10E86575CABC33D776F442CE/100
HTTP POST requests:
  • amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
  • and####.b####.qq.com/rqd/async
  • get.s####.com/q
  • mo####.zhu####.s####.com/android/app/usercomment.html?iv=####&pn=####&an...
  • mo####.zhu####.s####.com/android/checkapptotal.html?iv=####&sdkversion=#...
  • mo####.zhu####.s####.com/android/checkupdate.html?andid=####
  • mo####.zhu####.s####.com/android/folder/game/type.html?iv=####&gid=####&...
  • mo####.zhu####.s####.com/android/loadscreen.html?dpi=####&iv=####&uid=##...
  • mo####.zhu####.s####.com/android/updateNotify.html?iv=####&dpi=####&sdkv...
Modified file system:
Creates the following files:
  • /data/data/####/-1017771617-2024168122
  • /data/data/####/-1017771617-2024168122 (deleted)
  • /data/data/####/-10301238912027365729
  • /data/data/####/-104561694-1833637244
  • /data/data/####/-1127475766-652969628
  • /data/data/####/-1142368622-1300435506
  • /data/data/####/-1197960752-1246005715
  • /data/data/####/-1197960752-644251315
  • /data/data/####/-1197960752-737457217
  • /data/data/####/-1197960752450892387
  • /data/data/####/-1197960752617118911
  • /data/data/####/-12653458921788194759
  • /data/data/####/-1316543762004200443
  • /data/data/####/-1388772514245971080
  • /data/data/####/-1452697297-1361693672
  • /data/data/####/-1452697297-1379035111
  • /data/data/####/-1452697297-168084498
  • /data/data/####/-1452697297-436956667
  • /data/data/####/-1452697297-809623708
  • /data/data/####/-1452697297121949519
  • /data/data/####/-1452697297167138210
  • /data/data/####/-14526972971872240635
  • /data/data/####/-14526972972142440803
  • /data/data/####/-1486279704-314351897
  • /data/data/####/-1519586077-1315798517
  • /data/data/####/-1578119070-2037137941
  • /data/data/####/-1578119070-2095282106
  • /data/data/####/-1681822482-168863922
  • /data/data/####/-1685759646-1816341330
  • /data/data/####/-1687534419-1300435506
  • /data/data/####/-1707433842-1346625572
  • /data/data/####/-1707433842-2070018797
  • /data/data/####/-17074338421079468431
  • /data/data/####/-17074338422083309928
  • /data/data/####/-1707433842669957691
  • /data/data/####/-1721903326-1300435506
  • /data/data/####/-17280495221830342556
  • /data/data/####/-17492584931505663342
  • /data/data/####/-17492584951223075978
  • /data/data/####/-17911606282017743047
  • /data/data/####/-1851861148-870500347
  • /data/data/####/-1853389232-1429855303
  • /data/data/####/-1888424417-1452991548
  • /data/data/####/-1946830704-2091898920
  • /data/data/####/-1962170387-1193513953
  • /data/data/####/-1962170387-205385787
  • /data/data/####/-19621703871505568740
  • /data/data/####/-19621703871944089457
  • /data/data/####/-20392573751830342556
  • /data/data/####/-21331359591085491643
  • /data/data/####/-314818549-1097529989
  • /data/data/####/-333493943-486568803
  • /data/data/####/-4245984771830342556
  • /data/data/####/-504171186-1300435506
  • /data/data/####/-536148997-1452991548
  • /data/data/####/-566979088-1954694040
  • /data/data/####/-616505053-234709916
  • /data/data/####/-683499302975051447
  • /data/data/####/-75108998451959533
  • /data/data/####/-919448835-167231761
  • /data/data/####/-919448848212590108
  • /data/data/####/1003579290-168863922
  • /data/data/####/1067005471-1086449587
  • /data/data/####/1067005471-1175159775
  • /data/data/####/1067005471-1234378564
  • /data/data/####/1067005471-2089571649
  • /data/data/####/1067005471-22554648
  • /data/data/####/1067005471-492528033
  • /data/data/####/1067005471-687311232
  • /data/data/####/1067005471529515316
  • /data/data/####/1067005471842204228
  • /data/data/####/1067005472-1304605689
  • /data/data/####/1067005472-1582931041
  • /data/data/####/1067005472-408914787
  • /data/data/####/1067005472-517206113
  • /data/data/####/1067005472-701744760
  • /data/data/####/1067005472-747042115
  • /data/data/####/1067005472-97757862
  • /data/data/####/10670054721184826234
  • /data/data/####/10670054721209656676
  • /data/data/####/10670054721365273452
  • /data/data/####/10670054721516485236
  • /data/data/####/10670054721634584837
  • /data/data/####/10670054721870775921
  • /data/data/####/10670054721944247787
  • /data/data/####/1067005473-1050048448
  • /data/data/####/1067005473-1081322778
  • /data/data/####/1067005473-1112947327
  • /data/data/####/1067005473-1157354166
  • /data/data/####/1067005473-1162792233
  • /data/data/####/1067005473-1181230891
  • /data/data/####/1067005473-1205505404
  • /data/data/####/1067005473-1261117741
  • /data/data/####/1067005473-1392203227
  • /data/data/####/1067005473-1411908668
  • /data/data/####/1067005473-1417997747
  • /data/data/####/1067005473-1520308412
  • /data/data/####/1067005473-1575984001
  • /data/data/####/1067005473-1594145647
  • /data/data/####/1067005473-1627789636
  • /data/data/####/1067005473-1729830569
  • /data/data/####/1067005473-1791972490
  • /data/data/####/1067005473-1802349460
  • /data/data/####/1067005473-2008853155
  • /data/data/####/1067005473-2024670544
  • /data/data/####/1067005473-205294768
  • /data/data/####/1067005473-2100571301
  • /data/data/####/1067005473-217426191
  • /data/data/####/1067005473-22747262
  • /data/data/####/1067005473-266604244
  • /data/data/####/1067005473-273543014
  • /data/data/####/1067005473-280183147
  • /data/data/####/1067005473-2882336
  • /data/data/####/1067005473-309872055
  • /data/data/####/1067005473-319441846
  • /data/data/####/1067005473-346651821
  • /data/data/####/1067005473-381465625
  • /data/data/####/1067005473-404668285
  • /data/data/####/1067005473-420875616
  • /data/data/####/1067005473-429822535
  • /data/data/####/1067005473-471204686
  • /data/data/####/1067005473-493143597
  • /data/data/####/1067005473-56869285
  • /data/data/####/1067005473-587304296
  • /data/data/####/1067005473-633776689
  • /data/data/####/1067005473-684907877
  • /data/data/####/1067005473-78536816
  • /data/data/####/1067005473-792455713
  • /data/data/####/1067005473-792879084
  • /data/data/####/1067005473-800784932
  • /data/data/####/1067005473-805204141
  • /data/data/####/1067005473-839501621
  • /data/data/####/1067005473-84396795
  • /data/data/####/1067005473-864550791
  • /data/data/####/1067005473-900328244
  • /data/data/####/10670054731011854237
  • /data/data/####/10670054731016553894
  • /data/data/####/10670054731031796202
  • /data/data/####/1067005473103441648
  • /data/data/####/10670054731050799366
  • /data/data/####/10670054731062240337
  • /data/data/####/1067005473107877270
  • /data/data/####/10670054731128479449
  • /data/data/####/10670054731164964155
  • /data/data/####/10670054731172533832
  • /data/data/####/10670054731249779783
  • /data/data/####/10670054731269421513
  • /data/data/####/10670054731271660316
  • /data/data/####/10670054731278976059
  • /data/data/####/10670054731313592413
  • /data/data/####/10670054731385936591
  • /data/data/####/1067005473156728219
  • /data/data/####/10670054731587510523
  • /data/data/####/10670054731672952481
  • /data/data/####/10670054731784575985
  • /data/data/####/10670054731835565629
  • /data/data/####/106700547318455399
  • /data/data/####/10670054732009936172
  • /data/data/####/10670054732037728577
  • /data/data/####/10670054732039113528
  • /data/data/####/10670054732049738313
  • /data/data/####/1067005473348583849
  • /data/data/####/1067005473351405189
  • /data/data/####/1067005473375228522
  • /data/data/####/1067005473379696410
  • /data/data/####/1067005473466815601
  • /data/data/####/1067005473485841653
  • /data/data/####/1067005473511863100
  • /data/data/####/1067005473563169504
  • /data/data/####/1067005473654807753
  • /data/data/####/1067005473664674124
  • /data/data/####/1067005473675171438
  • /data/data/####/1067005473713156781
  • /data/data/####/1067005473894532934
  • /data/data/####/1067005473932637049
  • /data/data/####/1067005473947332342
  • /data/data/####/1067005473956223133
  • /data/data/####/1067005473974650786
  • /data/data/####/1067005473993524422
  • /data/data/####/1094667733732036744
  • /data/data/####/1110241443366601488
  • /data/data/####/11162057331830342556
  • /data/data/####/1190131415-1319773466
  • /data/data/####/11997293861830342556
  • /data/data/####/1222422240-1816341330
  • /data/data/####/14526589002115694550
  • /data/data/####/1476021748-409583462
  • /data/data/####/1493066996-1650722521
  • /data/data/####/152461788-643919443
  • /data/data/####/15677881131830342556
  • /data/data/####/1611602864-450026784
  • /data/data/####/16116028641264108770
  • /data/data/####/1656158370-1935745300
  • /data/data/####/1668762240-643919443
  • /data/data/####/17184957311913828502
  • /data/data/####/17552342091323114753
  • /data/data/####/1755234209510067521
  • /data/data/####/1897167300597417319
  • /data/data/####/1904028606-1721699018
  • /data/data/####/1950074683-1886549272
  • /data/data/####/2136943673-1954694040
  • /data/data/####/21463160251397901333
  • /data/data/####/223682326556269183
  • /data/data/####/26396014-1816341330
  • /data/data/####/368351006-1315798517
  • /data/data/####/486559274-807171471
  • /data/data/####/527234024-807171471
  • /data/data/####/536024185269129782
  • /data/data/####/604329537-626479578
  • /data/data/####/606842410-168863922
  • /data/data/####/730063641-575569501
  • /data/data/####/793620192-1187477422
  • /data/data/####/793620192-858930722
  • /data/data/####/793620192103515715
  • /data/data/####/894117450-45355741
  • /data/data/####/92661558-1452991548
  • /data/data/####/961651813-643919443
  • /data/data/####/982966748245971080
  • /data/data/####/ACCS_BINDumeng;58eee65d07fe654c91002627.xml
  • /data/data/####/ACCS_SDK.xml
  • /data/data/####/ACCS_SDK_CHANNEL.xml
  • /data/data/####/AGOO_BIND.xml
  • /data/data/####/Agoo_AppStore.xml
  • /data/data/####/Alvin2.xml
  • /data/data/####/Badge.Main.xml
  • /data/data/####/ContextData.xml
  • /data/data/####/DaemonServer
  • /data/data/####/MessageStore.db-journal
  • /data/data/####/MsgLogStore.db-journal
  • /data/data/####/NotificationCenter_Pre.xml
  • /data/data/####/PB_SP.xml
  • /data/data/####/PingBackManager_Pre.xml
  • /data/data/####/SGLocSDK.xml
  • /data/data/####/SOGOUPLUS_CONFIG.xml
  • /data/data/####/account.db-journal
  • /data/data/####/accs.db-journal
  • /data/data/####/agoo.pid
  • /data/data/####/androidtool.db-journal
  • /data/data/####/app_config.xml
  • /data/data/####/app_config.xml.bak
  • /data/data/####/app_preference.xml
  • /data/data/####/app_usage.db
  • /data/data/####/app_usage.db-journal
  • /data/data/####/bugly_db_-journal
  • /data/data/####/com.sogo.appmall.push_service_setting.xml
  • /data/data/####/credit_share_preferences.xml
  • /data/data/####/downloads_classic.db-journal
  • /data/data/####/eudemon
  • /data/data/####/home_app_n
  • /data/data/####/home_app_p
  • /data/data/####/home_game_n
  • /data/data/####/home_game_p
  • /data/data/####/home_lb_n
  • /data/data/####/home_lb_p
  • /data/data/####/home_sf_n
  • /data/data/####/home_sf_p
  • /data/data/####/localRoot.json
  • /data/data/####/local_crash_lock
  • /data/data/####/location_config.xml
  • /data/data/####/message_accs_db
  • /data/data/####/message_accs_db-journal
  • /data/data/####/nav_app_selected
  • /data/data/####/nav_app_unselected
  • /data/data/####/nav_game_selected
  • /data/data/####/nav_game_unselected
  • /data/data/####/nav_manage_selected
  • /data/data/####/nav_manage_unselected
  • /data/data/####/nav_rank_selected
  • /data/data/####/nav_rank_unselected
  • /data/data/####/nav_select_selected
  • /data/data/####/nav_select_unselected
  • /data/data/####/patchmanage.db
  • /data/data/####/patchmanage.db-journal
  • /data/data/####/pb_db
  • /data/data/####/pb_db-journal
  • /data/data/####/pback
  • /data/data/####/security_info
  • /data/data/####/soso.db
  • /data/data/####/soso.db-journal
  • /data/data/####/tab_config.json
  • /data/data/####/temp
  • /data/data/####/unupdateapp_v2.db
  • /data/data/####/unupdateapp_v2.db-journal
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/webviewCookiesChromiumPrivate.db
  • /data/data/####/webviewCookiesChromiumPrivate.db-journal
  • /data/media/####/.nomedia
  • /data/media/####/.sg_firstlauch.cfg
  • /data/media/####/2d2d8619d5184f5ea1958d6231df6b2c
  • /data/media/####/61392c880176468196f78d0768deae9f
  • /data/media/####/Alvin2.xml
  • /data/media/####/ContextData.xml
  • /data/media/####/c88f5c7efef94df9bfaf7a30031f0a61
  • /data/media/####/comkoalareadingkoalareading208.apk
  • /data/media/####/comssandroidugclive415.apk
  • /data/media/####/deviceToken
  • /data/media/####/f1068f6d7caa4de1be2127ee4f51f312
Miscellaneous:
Executes next shell scripts:
  • /system/bin/sh -c getprop ro.board.platform
  • /system/bin/sh -c type su
  • <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:58eee65d07fe654c91002627","utdid":"WyEDrPRF4qsDAGdzx1FnkMhd","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
  • cat /sys/class/net/wlan0/address
  • chmod 500 <Package Folder>/files/DaemonServer
  • chmod 777 <Package Folder>/cache
  • chmod 777 <Package Folder>/files
  • getprop ro.board.platform
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.kernel.qemu
  • getprop ro.miui.ui.version.name
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.version
  • sh
Loads the following dynamic libraries:
  • Bugly
  • diff
  • rutx
  • sogouenc
  • tnet-3.1
  • uninstall
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-ECB-PKCS5Padding
  • AES-GCM-NoPadding
  • DES-CBC-PKCS5Padding
  • RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-GCM-NoPadding
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about APN settings.
Gains access to information about active device administrators.
Gains access to information about installed applications.
Gains access to information about running applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play