PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Android.BankBot.TgToxic.33

Added to the Dr.Web virus database: 2023-09-11

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.0) c####.x####.com:443
  • TCP(TLS/1.0) www.google####.com:443
  • TCP(TLS/1.2) www.google####.com:443
  • TCP(TLS/1.2) 1####.251.1.94:443
  • TCP(TLS/1.2) 64.2####.161.94:443
  • TCP(TLS/1.2) 74.1####.205.138:443
  • UDP 1####.194.163.20:443
  • UDP www.google####.com:443
  • UDP 1####.194.163.36:443
DNS requests:
  • c####.x####.com
  • md####.google####.com
  • rr9---s####.g####.com
  • www.google####.com
File system changes:
Creates the following files:
  • /data/data/####/.com_nqiewt_eghoqndr.meta
  • /data/data/####/01ZSKX5WD9VSFNWZ8AYEI273JBFYPULJ.dex
  • /data/data/####/01ZSKX5WD9VSFNWZ8AYEI273JBFYPULJ.dex.flock (deleted)
  • /data/data/####/1694429926020_4390
  • /data/data/####/1694429928391_4543
  • /data/data/####/1694429948891_5893
  • /data/data/####/1694429951375_6047
  • /data/data/####/1694429953527_6172
  • /data/data/####/1694429955961_6297
  • /data/data/####/1694429958185_6426
  • /data/data/####/1694429960420_6546
  • /data/data/####/1694429962826_6679
  • /data/data/####/1694429968724_7032
  • /data/data/####/19
  • /data/data/####/1XPADJGQ0CQHNV7PSTXJR8QA1OFQ80VC.dex
  • /data/data/####/1XPADJGQ0CQHNV7PSTXJR8QA1OFQ80VC.dex.flock (deleted)
  • /data/data/####/1YEI0WH0M5BX3PHV7YGE5V57YRM227I.dex
  • /data/data/####/1YEI0WH0M5BX3PHV7YGE5V57YRM227I.dex.flock (deleted)
  • /data/data/####/1YEI0WH0M5BX3PHV7YGE5V57YRM227I.zip
  • /data/data/####/2023-09-11PM015820.str
  • /data/data/####/29
  • /data/data/####/2Z3NL5M53UGI4IAKORLV2C68ROV3R0B.dex
  • /data/data/####/2Z3NL5M53UGI4IAKORLV2C68ROV3R0B.dex.flock (deleted)
  • /data/data/####/2Z3NL5M53UGI4IAKORLV2C68ROV3R0B.zip
  • /data/data/####/32OX9APJL2NBIMCZP9M6QO5F2LG2C1CI.dex
  • /data/data/####/32OX9APJL2NBIMCZP9M6QO5F2LG2C1CI.dex.flock (deleted)
  • /data/data/####/3J3LLYLRI0U4EEKO3P3YSYCJKRZ3WB9.dex
  • /data/data/####/3J3LLYLRI0U4EEKO3P3YSYCJKRZ3WB9.dex.flock (deleted)
  • /data/data/####/3J3LLYLRI0U4EEKO3P3YSYCJKRZ3WB9.zip
  • /data/data/####/3K886A3Q8R5F5R79PGUKFTZDCH00SP4.dex
  • /data/data/####/3K886A3Q8R5F5R79PGUKFTZDCH00SP4.dex.flock (deleted)
  • /data/data/####/3K886A3Q8R5F5R79PGUKFTZDCH00SP4.zip
  • /data/data/####/3O8O6AFQWFP75NR9PSYSB9RXOTWG41O.dex
  • /data/data/####/3O8O6AFQWFP75NR9PSYSB9RXOTWG41O.dex.flock (deleted)
  • /data/data/####/3O8O6AFQWFP75NR9PSYSB9RXOTWG41O.zip
  • /data/data/####/3cd2de68b9f77f0b0c2a99096ccfc120ts99nb.ysme
  • /data/data/####/3cd2de68b9f77f0b0c2a99096ccfc120ts99nb.ysme (deleted)
  • /data/data/####/4PXTRZKVDOEC6G4IQ5JPSASIXQ5XTEH.dex
  • /data/data/####/4PXTRZKVDOEC6G4IQ5JPSASIXQ5XTEH.dex.flock (deleted)
  • /data/data/####/4PXTRZKVDOEC6G4IQ5JPSASIXQ5XTEH.zip
  • /data/data/####/502V78F5NGPTG461BVG40AFHK7Y0M7QW.dex
  • /data/data/####/502V78F5NGPTG461BVG40AFHK7Y0M7QW.dex.flock (deleted)
  • /data/data/####/5WM3FWBL3CHTOSYTRFKCCQRLWBM8Q3A0.dex
  • /data/data/####/5WM3FWBL3CHTOSYTRFKCCQRLWBM8Q3A0.dex.flock (deleted)
  • /data/data/####/97TK750X97NIIR51YKNG5WKS54HZUC2.dex
  • /data/data/####/97TK750X97NIIR51YKNG5WKS54HZUC2.dex.flock (deleted)
  • /data/data/####/97TK750X97NIIR51YKNG5WKS54HZUC2.zip
  • /data/data/####/9BT07LCXXV7U2N91YGR81CCCHGDF6O2.dex
  • /data/data/####/9BT07LCXXV7U2N91YGR81CCCHGDF6O2.dex.flock (deleted)
  • /data/data/####/9BT07LCXXV7U2N91YGR81CCCHGDF6O2.zip
  • /data/data/####/AGYLSAT22SW73WMQFL0DET5H2PICNDF.dex
  • /data/data/####/AGYLSAT22SW73WMQFL0DET5H2PICNDF.dex.flock (deleted)
  • /data/data/####/AGYLSAT22SW73WMQFL0DET5H2PICNDF.zip
  • /data/data/####/Archimedes_p1
  • /data/data/####/Archimedes_p2
  • /data/data/####/Archimedes_p3
  • /data/data/####/Archimedes_p4
  • /data/data/####/Archimedes_p5
  • /data/data/####/BHCJ98X1ZZE6JDDYO7GX8KCD0X3QWE5.dex
  • /data/data/####/BHCJ98X1ZZE6JDDYO7GX8KCD0X3QWE5.dex.flock (deleted)
  • /data/data/####/BHCJ98X1ZZE6JDDYO7GX8KCD0X3QWE5.zip
  • /data/data/####/CT7S81TOT570FNWVKMYAA2RB77F6HA17.dex
  • /data/data/####/CT7S81TOT570FNWVKMYAA2RB77F6HA17.dex.flock (deleted)
  • /data/data/####/CU071WKJ865IYL2FJMP0I2288PNO3MIQ.dex
  • /data/data/####/CU071WKJ865IYL2FJMP0I2288PNO3MIQ.dex.flock (deleted)
  • /data/data/####/DEQQOS90UDFLFX9J7UWEDJLNQVQY6NM.dex
  • /data/data/####/DEQQOS90UDFLFX9J7UWEDJLNQVQY6NM.dex.flock (deleted)
  • /data/data/####/DEQQOS90UDFLFX9J7UWEDJLNQVQY6NM.zip
  • /data/data/####/DIQ6O8L0I1ZDFDTJ7Q069ZXR272EIZ6.dex
  • /data/data/####/DIQ6O8L0I1ZDFDTJ7Q069ZXR272EIZ6.dex.flock (deleted)
  • /data/data/####/DIQ6O8L0I1ZDFDTJ7Q069ZXR272EIZ6.zip
  • /data/data/####/F8KCU2JQSBDN1RNXPKY0FXJHS9C80DC.dex
  • /data/data/####/F8KCU2JQSBDN1RNXPKY0FXJHS9C80DC.dex.flock (deleted)
  • /data/data/####/F8KCU2JQSBDN1RNXPKY0FXJHS9C80DC.zip
  • /data/data/####/G591ZBCVLWIGIOW6Q1Z90YSYPU9DXUL.dex
  • /data/data/####/G591ZBCVLWIGIOW6Q1Z90YSYPU9DXUL.dex.flock (deleted)
  • /data/data/####/G591ZBCVLWIGIOW6Q1Z90YSYPU9DXUL.zip
  • /data/data/####/GTPXFR0VX82K20K6697PSEC2DIH51I5.dex
  • /data/data/####/GTPXFR0VX82K20K6697PSEC2DIH51I5.dex.flock (deleted)
  • /data/data/####/GTPXFR0VX82K20K6697PSEC2DIH51I5.zip
  • /data/data/####/IECPkgStoreInfo
  • /data/data/####/J1B2P36NB9XOSH7RGIPU3M62327X8QK.dex
  • /data/data/####/J1B2P36NB9XOSH7RGIPU3M62327X8QK.dex.flock (deleted)
  • /data/data/####/J1B2P36NB9XOSH7RGIPU3M62327X8QK.zip
  • /data/data/####/Lock0
  • /data/data/####/Lock2
  • /data/data/####/Lock7
  • /data/data/####/M0A9G2X2Y4KNF0IEFXK5IHXH65Y4353.dex
  • /data/data/####/M0A9G2X2Y4KNF0IEFXK5IHXH65Y4353.dex.flock (deleted)
  • /data/data/####/M0A9G2X2Y4KNF0IEFXK5IHXH65Y4353.zip
  • /data/data/####/M7DIQVJA73P65X61AOGGCCX9XD5KJCFX.dex
  • /data/data/####/M7DIQVJA73P65X61AOGGCCX9XD5KJCFX.dex.flock (deleted)
  • /data/data/####/MKAPG292MS4FZW2EF9ODEXPLI1UKFH3.dex
  • /data/data/####/MKAPG292MS4FZW2EF9ODEXPLI1UKFH3.dex.flock (deleted)
  • /data/data/####/MKAPG292MS4FZW2EF9ODEXPLI1UKFH3.zip
  • /data/data/####/NF7OJ1I022GVX5XVEVN9XYOOVUT0UYTU.dex
  • /data/data/####/NF7OJ1I022GVX5XVEVN9XYOOVUT0UYTU.dex.flock (deleted)
  • /data/data/####/NLZU1REN319KGPF3G29UVYQMBY314UW.dex
  • /data/data/####/NLZU1REN319KGPF3G29UVYQMBY314UW.dex.flock (deleted)
  • /data/data/####/NLZU1REN319KGPF3G29UVYQMBY314UW.zip
  • /data/data/####/PA2EC4102L3P75177ASEL7L3IZAEA3A.dex
  • /data/data/####/PA2EC4102L3P75177ASEL7L3IZAEA3A.dex.flock (deleted)
  • /data/data/####/PA2EC4102L3P75177ASEL7L3IZAEA3A.zip
  • /data/data/####/PE2EC4D0Q93HRLL776W6H7D7UB6AMFA.dex
  • /data/data/####/PE2EC4D0Q93HRLL776W6H7D7UB6AMFA.dex.flock (deleted)
  • /data/data/####/PE2EC4D0Q93HRLL776W6H7D7UB6AMFA.zip
  • /data/data/####/QCMXNUQTYWR88JSTD8V6KSCE6RPEXWWS.dex
  • /data/data/####/QCMXNUQTYWR88JSTD8V6KSCE6RPEXWWS.dex.flock (deleted)
  • /data/data/####/QJ7ZX9ULVMCESAIWOB5VUO6SF4B7N4N.dex
  • /data/data/####/QJ7ZX9ULVMCESAIWOB5VUO6SF4B7N4N.dex.flock (deleted)
  • /data/data/####/QJ7ZX9ULVMCESAIWOB5VUO6SF4B7N4N.zip
  • /data/data/####/QN7FXP6LJAC6C62WO793Q4YWRGN3ZGN.dex
  • /data/data/####/QN7FXP6LJAC6C62WO793Q4YWRGN3ZGN.dex.flock (deleted)
  • /data/data/####/QN7FXP6LJAC6C62WO793Q4YWRGN3ZGN.zip
  • /data/data/####/RKW4IIZQCVHZT3VLPOASB57T81K8CXG.dex
  • /data/data/####/RKW4IIZQCVHZT3VLPOASB57T81K8CXG.dex.flock (deleted)
  • /data/data/####/RKW4IIZQCVHZT3VLPOASB57T81K8CXG.zip
  • /data/data/####/S91533SV5GQOU8CU6PNP02S25ML15YT.dex
  • /data/data/####/S91533SV5GQOU8CU6PNP02S25ML15YT.dex.flock (deleted)
  • /data/data/####/S91533SV5GQOU8CU6PNP02S25ML15YT.zip
  • /data/data/####/SD1L334VT4AGE4WU61RHW2KMHYXHHAT.dex
  • /data/data/####/SD1L334VT4AGE4WU61RHW2KMHYXHHAT.dex.flock (deleted)
  • /data/data/####/SD1L334VT4AGE4WU61RHW2KMHYXHHAT.zip
  • /data/data/####/T887KC2B2Z4RJ98Y9OYHA08IFTOGX8D2.dex
  • /data/data/####/T887KC2B2Z4RJ98Y9OYHA08IFTOGX8D2.dex.flock (deleted)
  • /data/data/####/TDCloud_Control_Cache_Param1
  • /data/data/####/TD_AES_DATA_LOCK
  • /data/data/####/TD_AES_IV_LOCK
  • /data/data/####/TD_AES_SALT_LOCK
  • /data/data/####/TD_app_pefercen_profile.xml
  • /data/data/####/UGJAOBSCIQ5DI80XV6J8JJBSZK6XNX8.dex
  • /data/data/####/UGJAOBSCIQ5DI80XV6J8JJBSZK6XNX8.dex.flock (deleted)
  • /data/data/####/UGJAOBSCIQ5DI80XV6J8JJBSZK6XNX8.zip
  • /data/data/####/VHNQXZYNJH1CKPZFGY5UBU6IVMRDC68.dex
  • /data/data/####/VHNQXZYNJH1CKPZFGY5UBU6IVMRDC68.dex.flock (deleted)
  • /data/data/####/VHNQXZYNJH1CKPZFGY5UBU6IVMRDC68.zip
  • /data/data/####/W2CBIOFS8EAP5EW4X3UJORZNGFWADV1.dex
  • /data/data/####/W2CBIOFS8EAP5EW4X3UJORZNGFWADV1.dex.flock (deleted)
  • /data/data/####/W2CBIOFS8EAP5EW4X3UJORZNGFWADV1.zip
  • /data/data/####/WES7Y0FS8EELPM4OX7QRC7BVWF0IDF5.dex
  • /data/data/####/WES7Y0FS8EELPM4OX7QRC7BVWF0IDF5.dex.flock (deleted)
  • /data/data/####/WES7Y0FS8EELPM4OX7QRC7BVWF0IDF5.zip
  • /data/data/####/WMH4YP26W8BR8A2FTG5Q5DXY920RL7A.dex
  • /data/data/####/WMH4YP26W8BR8A2FTG5Q5DXY920RL7A.dex.flock (deleted)
  • /data/data/####/WMH4YP26W8BR8A2FTG5Q5DXY920RL7A.zip
  • /data/data/####/X7HW3TWXDBZM6NTDYS3818S81O17EKU.dex
  • /data/data/####/X7HW3TWXDBZM6NTDYS3818S81O17EKU.dex.flock (deleted)
  • /data/data/####/X7HW3TWXDBZM6NTDYS3818S81O17EKU.zip
  • /data/data/####/Y663ACX3HP3I0OCE9AUGGLR3ET0VX1WL.dex
  • /data/data/####/Y663ACX3HP3I0OCE9AUGGLR3ET0VX1WL.dex.flock (deleted)
  • /data/data/####/YC2LRUMTAWVW8VS15OFQOS0M2VHEPKGS.dex
  • /data/data/####/YC2LRUMTAWVW8VS15OFQOS0M2VHEPKGS.dex.flock (deleted)
  • /data/data/####/Z5BIP3INZXHGSDRRWUT2ZMYMVEJDKMK.dex
  • /data/data/####/Z5BIP3INZXHGSDRRWUT2ZMYMVEJDKMK.dex.flock (deleted)
  • /data/data/####/Z5BIP3INZXHGSDRRWUT2ZMYMVEJDKMK.zip
  • /data/data/####/com.android.launcher3.prefs.xml
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/iv
  • /data/data/####/proc_auxv
  • /data/data/####/salt
  • /data/data/####/sealed1.obk
  • /data/data/####/sealed2.obk
  • /data/data/####/sealed3.obk
  • /data/data/####/sealeh.bdc
  • /data/data/####/spUtils.xml
  • /data/data/####/stat1
  • /data/data/####/stat2
  • /data/data/####/stat3
  • /data/data/####/tdid.xml
  • /data/data/####/working
Miscellaneous:
Executes the following shell scripts:
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/2Z3NL5M53UGI4IAKORLV2C68ROV3R0B.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/3K886A3Q8R5F5R79PGUKFTZDCH00SP4.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/4PXTRZKVDOEC6G4IQ5JPSASIXQ5XTEH.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/BHCJ98X1ZZE6JDDYO7GX8KCD0X3QWE5.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/DEQQOS90UDFLFX9J7UWEDJLNQVQY6NM.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/DIQ6O8L0I1ZDFDTJ7Q069ZXR272EIZ6.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/F8KCU2JQSBDN1RNXPKY0FXJHS9C80DC.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/G591ZBCVLWIGIOW6Q1Z90YSYPU9DXUL.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/J1B2P36NB9XOSH7RGIPU3M62327X8QK.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/MKAPG292MS4FZW2EF9ODEXPLI1UKFH3.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/QN7FXP6LJAC6C62WO793Q4YWRGN3ZGN.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/RKW4IIZQCVHZT3VLPOASB57T81K8CXG.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/WMH4YP26W8BR8A2FTG5Q5DXY920RL7A.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/2Z3NL5M53UGI4IAKORLV2C68ROV3R0B.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/2Z3NL5M53UGI4IAKORLV2C68ROV3R0B.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/3K886A3Q8R5F5R79PGUKFTZDCH00SP4.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/3K886A3Q8R5F5R79PGUKFTZDCH00SP4.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/4PXTRZKVDOEC6G4IQ5JPSASIXQ5XTEH.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/4PXTRZKVDOEC6G4IQ5JPSASIXQ5XTEH.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/BHCJ98X1ZZE6JDDYO7GX8KCD0X3QWE5.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/BHCJ98X1ZZE6JDDYO7GX8KCD0X3QWE5.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/DEQQOS90UDFLFX9J7UWEDJLNQVQY6NM.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/DEQQOS90UDFLFX9J7UWEDJLNQVQY6NM.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/DIQ6O8L0I1ZDFDTJ7Q069ZXR272EIZ6.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/DIQ6O8L0I1ZDFDTJ7Q069ZXR272EIZ6.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/F8KCU2JQSBDN1RNXPKY0FXJHS9C80DC.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/F8KCU2JQSBDN1RNXPKY0FXJHS9C80DC.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/G591ZBCVLWIGIOW6Q1Z90YSYPU9DXUL.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/G591ZBCVLWIGIOW6Q1Z90YSYPU9DXUL.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/J1B2P36NB9XOSH7RGIPU3M62327X8QK.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/J1B2P36NB9XOSH7RGIPU3M62327X8QK.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/MKAPG292MS4FZW2EF9ODEXPLI1UKFH3.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/MKAPG292MS4FZW2EF9ODEXPLI1UKFH3.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/NLZU1REN319KGPF3G29UVYQMBY314UW.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/QN7FXP6LJAC6C62WO793Q4YWRGN3ZGN.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/QN7FXP6LJAC6C62WO793Q4YWRGN3ZGN.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/RKW4IIZQCVHZT3VLPOASB57T81K8CXG.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/RKW4IIZQCVHZT3VLPOASB57T81K8CXG.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/WMH4YP26W8BR8A2FTG5Q5DXY920RL7A.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/WMH4YP26W8BR8A2FTG5Q5DXY920RL7A.vdex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/32OX9APJL2NBIMCZP9M6QO5F2LG2C1CI.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/CU071WKJ865IYL2FJMP0I2288PNO3MIQ.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/M7DIQVJA73P65X61AOGGCCX9XD5KJCFX.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/NF7OJ1I022GVX5XVEVN9XYOOVUT0UYTU.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/T887KC2B2Z4RJ98Y9OYHA08IFTOGX8D2.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/Y663ACX3HP3I0OCE9AUGGLR3ET0VX1WL.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/YC2LRUMTAWVW8VS15OFQOS0M2VHEPKGS.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/1YEI0WH0M5BX3PHV7YGE5V57YRM227I.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/2Z3NL5M53UGI4IAKORLV2C68ROV3R0B.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/3J3LLYLRI0U4EEKO3P3YSYCJKRZ3WB9.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/3K886A3Q8R5F5R79PGUKFTZDCH00SP4.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/3O8O6AFQWFP75NR9PSYSB9RXOTWG41O.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/4PXTRZKVDOEC6G4IQ5JPSASIXQ5XTEH.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/97TK750X97NIIR51YKNG5WKS54HZUC2.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/9BT07LCXXV7U2N91YGR81CCCHGDF6O2.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/AGYLSAT22SW73WMQFL0DET5H2PICNDF.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/BHCJ98X1ZZE6JDDYO7GX8KCD0X3QWE5.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/DEQQOS90UDFLFX9J7UWEDJLNQVQY6NM.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/DIQ6O8L0I1ZDFDTJ7Q069ZXR272EIZ6.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/F8KCU2JQSBDN1RNXPKY0FXJHS9C80DC.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/G591ZBCVLWIGIOW6Q1Z90YSYPU9DXUL.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/GTPXFR0VX82K20K6697PSEC2DIH51I5.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/J1B2P36NB9XOSH7RGIPU3M62327X8QK.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/M0A9G2X2Y4KNF0IEFXK5IHXH65Y4353.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/MKAPG292MS4FZW2EF9ODEXPLI1UKFH3.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/NLZU1REN319KGPF3G29UVYQMBY314UW.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/PA2EC4102L3P75177ASEL7L3IZAEA3A.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/PE2EC4D0Q93HRLL776W6H7D7UB6AMFA.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/QJ7ZX9ULVMCESAIWOB5VUO6SF4B7N4N.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/QN7FXP6LJAC6C62WO793Q4YWRGN3ZGN.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/RKW4IIZQCVHZT3VLPOASB57T81K8CXG.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/S91533SV5GQOU8CU6PNP02S25ML15YT.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/SD1L334VT4AGE4WU61RHW2KMHYXHHAT.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/UGJAOBSCIQ5DI80XV6J8JJBSZK6XNX8.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/VHNQXZYNJH1CKPZFGY5UBU6IVMRDC68.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/W2CBIOFS8EAP5EW4X3UJORZNGFWADV1.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/WES7Y0FS8EELPM4OX7QRC7BVWF0IDF5.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/WMH4YP26W8BR8A2FTG5Q5DXY920RL7A.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/X7HW3TWXDBZM6NTDYS3818S81O17EKU.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/Z5BIP3INZXHGSDRRWUT2ZMYMVEJDKMK.zip
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/01ZSKX5WD9VSFNWZ8AYEI273JBFYPULJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/01ZSKX5WD9VSFNWZ8AYEI273JBFYPULJ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1XPADJGQ0CQHNV7PSTXJR8QA1OFQ80VC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1XPADJGQ0CQHNV7PSTXJR8QA1OFQ80VC.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/32OX9APJL2NBIMCZP9M6QO5F2LG2C1CI.dex --oat-file=/data/user/0/<Package>/cache/<Package>/32OX9APJL2NBIMCZP9M6QO5F2LG2C1CI.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/502V78F5NGPTG461BVG40AFHK7Y0M7QW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/502V78F5NGPTG461BVG40AFHK7Y0M7QW.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5WM3FWBL3CHTOSYTRFKCCQRLWBM8Q3A0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5WM3FWBL3CHTOSYTRFKCCQRLWBM8Q3A0.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CT7S81TOT570FNWVKMYAA2RB77F6HA17.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CT7S81TOT570FNWVKMYAA2RB77F6HA17.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CU071WKJ865IYL2FJMP0I2288PNO3MIQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CU071WKJ865IYL2FJMP0I2288PNO3MIQ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/M7DIQVJA73P65X61AOGGCCX9XD5KJCFX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/M7DIQVJA73P65X61AOGGCCX9XD5KJCFX.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/NF7OJ1I022GVX5XVEVN9XYOOVUT0UYTU.dex --oat-file=/data/user/0/<Package>/cache/<Package>/NF7OJ1I022GVX5XVEVN9XYOOVUT0UYTU.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/QCMXNUQTYWR88JSTD8V6KSCE6RPEXWWS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/QCMXNUQTYWR88JSTD8V6KSCE6RPEXWWS.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/T887KC2B2Z4RJ98Y9OYHA08IFTOGX8D2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/T887KC2B2Z4RJ98Y9OYHA08IFTOGX8D2.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Y663ACX3HP3I0OCE9AUGGLR3ET0VX1WL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Y663ACX3HP3I0OCE9AUGGLR3ET0VX1WL.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YC2LRUMTAWVW8VS15OFQOS0M2VHEPKGS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YC2LRUMTAWVW8VS15OFQOS0M2VHEPKGS.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/01ZSKX5WD9VSFNWZ8AYEI273JBFYPULJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/01ZSKX5WD9VSFNWZ8AYEI273JBFYPULJ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1XPADJGQ0CQHNV7PSTXJR8QA1OFQ80VC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1XPADJGQ0CQHNV7PSTXJR8QA1OFQ80VC.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/32OX9APJL2NBIMCZP9M6QO5F2LG2C1CI.dex --oat-file=/data/user/0/<Package>/cache/<Package>/32OX9APJL2NBIMCZP9M6QO5F2LG2C1CI.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/502V78F5NGPTG461BVG40AFHK7Y0M7QW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/502V78F5NGPTG461BVG40AFHK7Y0M7QW.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5WM3FWBL3CHTOSYTRFKCCQRLWBM8Q3A0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5WM3FWBL3CHTOSYTRFKCCQRLWBM8Q3A0.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CT7S81TOT570FNWVKMYAA2RB77F6HA17.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CT7S81TOT570FNWVKMYAA2RB77F6HA17.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CU071WKJ865IYL2FJMP0I2288PNO3MIQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CU071WKJ865IYL2FJMP0I2288PNO3MIQ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/M7DIQVJA73P65X61AOGGCCX9XD5KJCFX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/M7DIQVJA73P65X61AOGGCCX9XD5KJCFX.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/NF7OJ1I022GVX5XVEVN9XYOOVUT0UYTU.dex --oat-file=/data/user/0/<Package>/cache/<Package>/NF7OJ1I022GVX5XVEVN9XYOOVUT0UYTU.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/QCMXNUQTYWR88JSTD8V6KSCE6RPEXWWS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/QCMXNUQTYWR88JSTD8V6KSCE6RPEXWWS.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/T887KC2B2Z4RJ98Y9OYHA08IFTOGX8D2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/T887KC2B2Z4RJ98Y9OYHA08IFTOGX8D2.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Y663ACX3HP3I0OCE9AUGGLR3ET0VX1WL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Y663ACX3HP3I0OCE9AUGGLR3ET0VX1WL.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YC2LRUMTAWVW8VS15OFQOS0M2VHEPKGS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YC2LRUMTAWVW8VS15OFQOS0M2VHEPKGS.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play