PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Android.DownLoader.5044

Added to the Dr.Web virus database: 2021-04-27

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Click.311.origin
  • Android.Mobifun.30.origin
  • Android.RemoteCode.231.origin
  • Android.Triada.4567
  • Android.Triada.4937
  • Android.Triada.510.origin
  • Android.Triada.537.origin
  • Android.Triada.541.origin
  • Android.Triada.566.origin
  • Android.Xiny.293.origin
  • Android.Xiny.5386
Downloads the following detected threats from the Internet:
  • Android.Backdoor.719.origin
  • Android.Click.334.origin
  • Android.Mobifun.32.origin
  • Android.RemoteCode.306.origin
  • Android.RemoteCode.319.origin
  • Android.RemoteCode.6122
  • Android.SmsBot.752.origin
  • Android.Triada.510.origin
  • Android.Triada.553.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) api.applove####.com:80
  • TCP(HTTP/1.1) 13.2####.16.115:8081
  • TCP(HTTP/1.1) n####.um####.top:80
  • TCP(HTTP/1.1) freeg####.pica####.com:80
  • TCP(HTTP/1.1) p####.pay####.com:80
  • TCP(HTTP/1.1) d.moce####.com:9091
  • TCP(HTTP/1.1) hw9####.new####.com:80
  • TCP(HTTP/1.1) nu####.js####.com:12029
  • TCP(HTTP/1.1) gc4####.9####.com:80
  • TCP(HTTP/1.1) 5.z####.top:80
  • TCP(HTTP/1.1) lo####.suibyu####.com:80
  • TCP(HTTP/1.1) 3####.i####.com:12310
  • TCP(HTTP/1.1) d.moce####.com:80
  • TCP(HTTP/1.1) v####.6####.com:12310
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) d####.dd7####.com:80
  • TCP(HTTP/1.1) api.bi####.com:80
  • TCP(HTTP/1.1) jz####.mc####.com:12029
  • TCP(HTTP/1.1) log.koapk####.com:80
  • TCP(HTTP/1.1) pa.qingtia####.online:80
  • TCP(HTTP/1.1) w####.xiaoshu####.net:80
  • TCP(HTTP/1.1) 45.79.2####.161:80
  • TCP(TLS/1.0) 64.2####.165.95:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) wcf.seven####.com:443
  • TCP(TLS/1.0) 11b68af####.safef####.googles####.com:443
  • TCP(TLS/1.0) adser####.go####.com:443
  • TCP(TLS/1.0) a####.cloudf####.com:443
  • TCP(TLS/1.0) bigcl####.zhuifen####.top:443
  • TCP(TLS/1.0) 64.2####.161.100:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) datasta####.zhuifen####.top:443
  • TCP(TLS/1.0) gd.a.s####.com:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) adser####.go####.nl:443
  • TCP(TLS/1.0) safebro####.google####.com:443
  • TCP(TLS/1.0) 7.z####.top:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) 1####.217.19.202:443
  • TCP(TLS/1.0) f####.google####.com:443
  • TCP(TLS/1.0) c####.pay####.com:443
  • TCP(TLS/1.0) trac####.yoh####.com:443
  • TCP(TLS/1.0) tpc.googles####.com:443
  • TCP(TLS/1.0) pag####.googles####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) securep####.g.doublec####.net:443
  • TCP(TLS/1.2) 64.2####.161.100:443
  • TCP(TLS/1.2) 64.2####.164.94:443
  • TCP(TLS/1.2) 1####.217.19.202:443
DNS requests:
  • 11b68af####.safef####.googles####.com
  • 3####.i####.com
  • 4.z####.top
  • 5.z####.top
  • 7.z####.top
  • a####.cloudf####.com
  • adser####.go####.com
  • adser####.go####.nl
  • api.applove####.com
  • api.bi####.com
  • api.dc.tkcre####.com
  • api.mobitec####.xyz
  • api.s####.com
  • bigcl####.zhuifen####.top
  • c####.pay####.com
  • d####.dd7####.com
  • d.moce####.com
  • datasta####.zhuifen####.top
  • f####.google####.com
  • freeg####.pica####.com
  • gc4####.9####.com
  • gl####.ymtrac####.com
  • googl####.g.doublec####.net
  • hw9####.new####.com
  • instant####.google####.com
  • jz####.mc####.com
  • lo####.suibyu####.com
  • log.koapk####.com
  • md####.google####.com
  • n####.um####.top
  • ne####.s####.com
  • nu####.js####.com
  • p####.google####.com
  • p####.pay####.com
  • pa.qingtia####.online
  • pag####.googles####.com
  • pv.s####.com
  • safebro####.google####.com
  • securep####.g.doublec####.net
  • tpc.googles####.com
  • trac####.yoh####.com
  • v####.6####.com
  • w####.xiaoshu####.net
  • wcf.seven####.com
  • www.go####.com
  • www.googlet####.com
  • z5.c####.com
  • z9.c####.com
HTTP GET requests:
  • 5.z####.top/thirdsdk/flowcashpack/11/m06151734.jar
  • 5.z####.top/thirdsdk/flowcashpack/52/um08041214.jar
  • 5.z####.top/thirdsdk/flowcashpack/70/mgidnews-132-202103311623d.jar
  • 5.z####.top/thirdsdk/flowcashpack/81/net-121-202104161714d.jar
  • api.applove####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=##...
  • api.applove####.com/api/v3/template/get?slot_id=####&update_time=####&us...
  • d####.dd7####.com/upload/hw/D10049dex20190529.jar
  • d####.dd7####.com/upload/hw/batdex20191010.jar
  • d####.dd7####.com/upload/hw/c1005dex20190527.jar
  • d####.dd7####.com/upload/hw/h5rq20191022.jar
  • d####.dd7####.com/upload/hw/kklz02dex20200414.jar
  • d####.dd7####.com/upload/hw/lsdk20200506.jar
  • d####.dd7####.com/upload/hw/mf20200508.jar
  • d####.dd7####.com/upload/plog/game1212.jar
  • d####.dd7####.com/upload/plog/kk20201106.jar
  • d####.dd7####.com/upload/plog/ps20210219.jar
  • d####.dd7####.com/upload/plog/sdk0406.jar
  • d####.dd7####.com/upload/plog/yeah0316.jar
  • freeg####.pica####.com/favicon.ico
  • freeg####.pica####.com/mct04pic05/css/head.css
  • freeg####.pica####.com/mct04pic05/css/responsive.css
  • freeg####.pica####.com/mct04pic05/css/style.css
  • freeg####.pica####.com/mct04pic05/game/greedy-rat-eating-peas/
  • freeg####.pica####.com/mct04pic05/images/bg/greedy-rat-eating-peas-bg.jpg
  • freeg####.pica####.com/mct04pic05/images/logo.png
  • freeg####.pica####.com/mct04pic05/images/logo/basketball-hole-logo.jpg
  • freeg####.pica####.com/mct04pic05/images/logo/freeway-rider-invincible-v...
  • freeg####.pica####.com/mct04pic05/images/logo/greedy-rat-eating-peas-log...
  • freeg####.pica####.com/mct04pic05/images/logo/junior-titan-skateboard-sh...
  • freeg####.pica####.com/mct04pic05/images/logo/mountain-golf-logo.jpg
  • freeg####.pica####.com/mct04pic05/images/logo/neon-dunk-logo.jpg
  • freeg####.pica####.com/mct04pic05/images/logo/stickman-motorcycle-hand-l...
  • freeg####.pica####.com/mct04pic05/images/logo/truck-on-drawing-board-log...
  • gc4####.9####.com/zsyunsxda
  • gc4####.9####.com/zsyunsxda/
  • lo####.suibyu####.com/android/v1/impression?slot=####&doimp=####&pkg=###...
  • n####.um####.top/
  • n####.um####.top/favicon.ico
  • n####.um####.top/zepto.min.js
  • p####.pay####.com/s-r/332/60063a81055a8
  • pa.qingtia####.online/pa?p=####&v=####&uuid=####
  • w####.xiaoshu####.net/dtbx/aiyouxin/it10.zip
  • w####.xiaoshu####.net/dtbx/liangzong/lz04.zip
  • w####.xiaoshu####.net/dtbx/xiaoan/app5328903-1.zip
  • w####.xiaoshu####.net/dtbx/xingchuang/app.zip
  • w####.xiaoshu####.net/dtbx/yeahmobi/app-release-0317.zip
  • w####.xiaoshu####.net/dtbx/yunshi/awli-release.zip
  • w####.xiaoshu####.net/plugins/app8780.zip
  • w####.xiaoshu####.net/plugins/dp2.zip
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP POST requests:
  • 3####.i####.com:12310/el206fx/
  • api.bi####.com/un
  • d.moce####.com/wap/gateway
  • d.moce####.com:9091/wap/gateway
  • hw9####.new####.com/api/activite
  • hw9####.new####.com/api/offer
  • hw9####.new####.com/api/tbdynamic
  • hw9####.new####.com/apidata/showeb
  • jz####.mc####.com:12029/lfkdnr/
  • log.koapk####.com/pgm/sr/gm/gy
  • nu####.js####.com:12029/hfdlls/
  • nu####.js####.com:12029/i3v8nb/
  • v####.6####.com:12310/l7bpbnl/
  • v####.6####.com:12310/meq3r3z/
File system changes:
Creates the following files:
  • /data/data/####/.mf
  • /data/data/####/.t
  • /data/data/####/1.dex (deleted)
  • /data/data/####/1.dex.flock (deleted)
  • /data/data/####/1.jar
  • /data/data/####/1D95872AE5BCFEEFF85B388290627801.dex
  • /data/data/####/1D95872AE5BCFEEFF85B388290627801.dex.flock (deleted)
  • /data/data/####/25A62D076B28087FB73FC999122FEBB0.dex
  • /data/data/####/25A62D076B28087FB73FC999122FEBB0.dex.flock (deleted)
  • /data/data/####/2E0BF01FFB0E039140451DDBF54C4C6F.dex
  • /data/data/####/2E0BF01FFB0E039140451DDBF54C4C6F.dex.flock (deleted)
  • /data/data/####/2E0BF01FFB0E039140451DDBF54C4C6F.jar
  • /data/data/####/3e03e06f53e7e1f057a69009197892ae.xml
  • /data/data/####/3e03e06f53e7e1f057a69009197892ae.xml.bak
  • /data/data/####/3uy5r.xml
  • /data/data/####/3uy5r.xml.bak
  • /data/data/####/3uy5r.xml.bak (deleted)
  • /data/data/####/4cfdd9d73f82fa12df3c9a76704cb8de.xml
  • /data/data/####/4cfdd9d73f82fa12df3c9a76704cb8de.xml.bak
  • /data/data/####/53AB353A2803BA68D712B13E670366DC.dex
  • /data/data/####/53AB353A2803BA68D712B13E670366DC.dex.flock (deleted)
  • /data/data/####/53a6586a659c646c_0
  • /data/data/####/53a6586a659c646c_0 (deleted)
  • /data/data/####/579c5d3d085c46ef999189c0494acdf0
  • /data/data/####/5b1fe178f18e67e6_0
  • /data/data/####/5b1fe178f18e67e6_1
  • /data/data/####/6616f972f9884e301cd740268cfdf343
  • /data/data/####/75c4161650b81ec9cc60c23a9af31c6e.xml
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760007535f55f86034...43.dex
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760007535f55f86034...43.jar
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760007535f55f86034...leted)
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760007535f55f86034...rcache
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760368a5bca290ca8a...1d.dex
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760368a5bca290ca8a...1d.jar
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760368a5bca290ca8a...leted)
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760368a5bca290ca8a...rcache
  • /data/data/####/967aad3ac0c511ea9799506b4b12c7606f89e3c082b9cae...5f.dex
  • /data/data/####/967aad3ac0c511ea9799506b4b12c7606f89e3c082b9cae...leted)
  • /data/data/####/967aad3ac0c511ea9799506b4b12c7606f89e3c082b9cae...rcache
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760b90b04be5561ceb...48.dex
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760b90b04be5561ceb...48.jar
  • /data/data/####/967aad3ac0c511ea9799506b4b12c760b90b04be5561ceb...leted)
  • /data/data/####/99812.dex
  • /data/data/####/99812.dex (deleted)
  • /data/data/####/99812.dex.flock (deleted)
  • /data/data/####/99812.jar
  • /data/data/####/9e31ab134df45432_0
  • /data/data/####/9e31ab134df45432_0 (deleted)
  • /data/data/####/A15C5182BC457E72214950D19D2AC2D7.dex
  • /data/data/####/A15C5182BC457E72214950D19D2AC2D7.dex.flock (deleted)
  • /data/data/####/C5C7FACF9D55EBD3A49E048CF918DB6A.dex
  • /data/data/####/C5C7FACF9D55EBD3A49E048CF918DB6A.dex.flock (deleted)
  • /data/data/####/Cookies-journal
  • /data/data/####/D65878406D1F1FEEDCF1DD90B285B627.dex
  • /data/data/####/D65878406D1F1FEEDCF1DD90B285B627.dex.flock (deleted)
  • /data/data/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.dex
  • /data/data/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.dex.flock (deleted)
  • /data/data/####/MobikokCommonConfig.xml
  • /data/data/####/MobikokDeviceConfig.xml
  • /data/data/####/RDEwMjMz_iuy_data.xml
  • /data/data/####/RDEwMjMz_uuid_data.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/ZyM2cqJMkLw.xml
  • /data/data/####/base.apk
  • /data/data/####/base.dex (deleted)
  • /data/data/####/base.dex.flock (deleted)
  • /data/data/####/com.streng.thenea.investme_ct_default.xml
  • /data/data/####/com.streng.thenea.investme_preferences.xml
  • /data/data/####/commainxvw2c3w5m2i2an2.2
  • /data/data/####/commainxvw2c3w5m2i2an2.dex
  • /data/data/####/commainxvw2c3w5m2i2an2.dex.flock (deleted)
  • /data/data/####/data.dex
  • /data/data/####/data.dex.flock (deleted)
  • /data/data/####/data.jar
  • /data/data/####/df4essr.xml
  • /data/data/####/df4essr.xml.bak
  • /data/data/####/e3f4r3ed.data-journal
  • /data/data/####/e3h75rd.data-journal
  • /data/data/####/index
  • /data/data/####/libnav-6mdw2z.so
  • /data/data/####/lob.xml
  • /data/data/####/lob.xml.bak
  • /data/data/####/m2019083117.apk
  • /data/data/####/m2019083117.dex
  • /data/data/####/m2019083117.dex.flock (deleted)
  • /data/data/####/metrics_guid
  • /data/data/####/nm.xml
  • /data/data/####/s2019083117.apk
  • /data/data/####/s2019083117.dex
  • /data/data/####/s2019083117.dex.flock (deleted)
  • /data/data/####/s3p43_4z5he6n4g6x45u7e890jp-i00-ao-0.xml
  • /data/data/####/sp_dojz.xml
  • /data/data/####/sp_wisx.xml
  • /data/data/####/temp.zip (deleted)
  • /data/data/####/thao.xml
  • /data/data/####/the-real-index
  • /data/data/####/userData.xml
  • /data/data/####/ver.ini.xml
  • /data/data/####/ver.ini.xml.bak
  • /data/data/####/xfksgku
  • /data/media/####/.us
  • /data/media/####/.vck
  • /data/media/####/1D95872AE5BCFEEFF85B388290627801
  • /data/media/####/1D95872AE5BCFEEFF85B388290627801.temp
  • /data/media/####/1D95872AE5BCFEEFF85B388290627801.zip
  • /data/media/####/25A62D076B28087FB73FC999122FEBB0
  • /data/media/####/25A62D076B28087FB73FC999122FEBB0.temp
  • /data/media/####/25A62D076B28087FB73FC999122FEBB0.zip
  • /data/media/####/2A99AD9F043F5CDA89D03756C000F2B9
  • /data/media/####/3CE2041E31DEB406E5193435E133D257
  • /data/media/####/47AB7209AD7ACF4EB1EA636A3039D803
  • /data/media/####/53AB353A2803BA68D712B13E670366DC
  • /data/media/####/53AB353A2803BA68D712B13E670366DC.temp
  • /data/media/####/53AB353A2803BA68D712B13E670366DC.zip
  • /data/media/####/5481EC370B6A702A2E9F48C3B9E037D0
  • /data/media/####/714A13E04D0E7ED0740CF0D3111EC80F
  • /data/media/####/A15C5182BC457E72214950D19D2AC2D7
  • /data/media/####/A15C5182BC457E72214950D19D2AC2D7.jar
  • /data/media/####/A15C5182BC457E72214950D19D2AC2D7.temp
  • /data/media/####/C5C7FACF9D55EBD3A49E048CF918DB6A
  • /data/media/####/C5C7FACF9D55EBD3A49E048CF918DB6A.temp
  • /data/media/####/C5C7FACF9D55EBD3A49E048CF918DB6A.zip
  • /data/media/####/C8E46E6710F24F9AA6039B838AC7B723
  • /data/media/####/CDC1C26E8666A04906BBCC2B74CE8B32
  • /data/media/####/Config.txt
  • /data/media/####/D10049dex20190529.jar
  • /data/media/####/D65878406D1F1FEEDCF1DD90B285B627
  • /data/media/####/D65878406D1F1FEEDCF1DD90B285B627.temp
  • /data/media/####/D65878406D1F1FEEDCF1DD90B285B627.zip
  • /data/media/####/D7A439CE8D75DD3A8FB29A3458DA0346
  • /data/media/####/D7A439CE8D75DD3A8FB29A3458DA0346.temp
  • /data/media/####/D7A439CE8D75DD3A8FB29A3458DA0346.zip
  • /data/media/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.jar
  • /data/media/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.temp
  • /data/media/####/batdex20191010.jar
  • /data/media/####/c1005dex20190527.jar
  • /data/media/####/fghv
  • /data/media/####/game1212.jar
  • /data/media/####/gwrw
  • /data/media/####/h5rq20191022.jar
  • /data/media/####/kk20201106.jar
  • /data/media/####/kklz02dex20200414.jar
  • /data/media/####/lsdk20200506.jar
  • /data/media/####/mf20200508.jar
  • /data/media/####/ps20210219.jar
  • /data/media/####/sdk0406.jar
  • /data/media/####/yeah0316.jar
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/159220316063477711-2083888306/1.jar --oat-fd=86 --oat-location=/data/user/0/<Package>/cache/159220316063477711-2083888306/1.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/2E0BF01FFB0E039140451DDBF54C4C6F.jar --oat-fd=35 --oat-location=/data/user/0/<Package>/files/2E0BF01FFB0E039140451DDBF54C4C6F.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/54394169/99812.jar --oat-fd=61 --oat-location=/data/user/0/<Package>/files/54394169/99812.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/54394169/99812.jar --oat-fd=81 --oat-location=/data/user/0/<Package>/files/54394169/99812.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/967aad3ac0c511ea9799506b4b12c760007535f55f8603485492f1a738fbb143.jar --oat-fd=61 --oat-location=/data/user/0/<Package>/app_shell/967aad3ac0c511ea9799506b4b12c760007535f55f8603485492f1a738fbb143.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/967aad3ac0c511ea9799506b4b12c760368a5bca290ca8ab169ed613ae1ee21d.jar --oat-fd=100 --oat-location=/data/user/0/<Package>/app_shell/967aad3ac0c511ea9799506b4b12c760368a5bca290ca8ab169ed613ae1ee21d.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/967aad3ac0c511ea9799506b4b12c7606f89e3c082b9cae1b4eb58cf955b2d5f.jar --oat-fd=100 --oat-location=/data/user/0/<Package>/app_shell/967aad3ac0c511ea9799506b4b12c7606f89e3c082b9cae1b4eb58cf955b2d5f.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/967aad3ac0c511ea9799506b4b12c760b90b04be5561cebe4056f9d38caa3948.jar --oat-fd=101 --oat-location=/data/user/0/<Package>/app_shell/967aad3ac0c511ea9799506b4b12c760b90b04be5561cebe4056f9d38caa3948.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainxvw2c3w5m2i2an2.2 --oat-fd=62 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1619490163821/commainxvw2c3w5m2i2an2.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=87 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2019083117.apk --oat-fd=106 --oat-location=/data/user/0/<Package>/app_dex/m2019083117.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2019083117.apk --oat-fd=103 --oat-location=/data/user/0/<Package>/app_dex/s2019083117.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/oat/x86/3491/base.apk --oat-fd=111 --oat-location=/data/user/0/<Package>/oat/x86/3491/base.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/nzwv/<Package>/qskvm/A15C5182BC457E72214950D19D2AC2D7.jar --oat-fd=39 --oat-location=/data/user/0/<Package>/files/A15C5182BC457E72214950D19D2AC2D7.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/nzwv/<Package>/qskvm/E6F69FEF5EAFB75D8FC23DDBEB91E784.jar --oat-fd=38 --oat-location=/data/user/0/<Package>/files/E6F69FEF5EAFB75D8FC23DDBEB91E784.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/1D95872AE5BCFEEFF85B388290627801.zip --oat-fd=36 --oat-location=/data/user/0/<Package>/files/1D95872AE5BCFEEFF85B388290627801.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/25A62D076B28087FB73FC999122FEBB0.zip --oat-fd=80 --oat-location=/data/user/0/<Package>/files/25A62D076B28087FB73FC999122FEBB0.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/53AB353A2803BA68D712B13E670366DC.zip --oat-fd=80 --oat-location=/data/user/0/<Package>/files/53AB353A2803BA68D712B13E670366DC.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/C5C7FACF9D55EBD3A49E048CF918DB6A.zip --oat-fd=74 --oat-location=/data/user/0/<Package>/files/C5C7FACF9D55EBD3A49E048CF918DB6A.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/D65878406D1F1FEEDCF1DD90B285B627.zip --oat-fd=82 --oat-location=/data/user/0/<Package>/files/D65878406D1F1FEEDCF1DD90B285B627.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/D7A439CE8D75DD3A8FB29A3458DA0346.zip --oat-fd=100 --oat-location=/data/user/0/<Package>/files/D7A439CE8D75DD3A8FB29A3458DA0346.dex --compiler-filter=speed
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • getprop ro.bootimage.build.date.utc
  • getprop ro.build.description
  • getprop ro.build.fingerprint
  • getprop ro.build.product
  • getprop ro.build.version.all_codenames
  • getprop ro.sf.lcd_density
  • getprop ro.yunos.build.version
  • sh
Loads the following dynamic libraries:
  • xfksgku
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • RSA-None-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play