FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Android.DownLoader.5050

Added to the Dr.Web virus database: 2021-05-11

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Backdoor.719.origin
  • Android.DownLoader.906.origin
  • Android.Mobifun.29.origin
  • Android.Mobifun.30.origin
  • Android.Mobifun.32.origin
  • Android.RemoteCode.306.origin
  • Android.RemoteCode.6122
  • Android.SmsBot.752.origin
  • Android.Triada.510.origin
  • Android.Triada.537.origin
  • Android.Triada.553.origin
  • Android.Triada.566.origin
  • Android.Xiny.293.origin
  • Android.Xiny.5386
  • Android.Xiny.5549
Downloads the following detected threats from the Internet:
  • Android.Backdoor.719.origin
  • Android.Mobifun.32.origin
  • Android.RemoteCode.306.origin
  • Android.RemoteCode.6122
  • Android.SmsBot.752.origin
  • Android.Triada.510.origin
  • Android.Triada.553.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) api.bi####.com:80
  • TCP(HTTP/1.1) log.koapk####.com:80
  • TCP(HTTP/1.1) 4####.56.90.98:80
  • TCP(HTTP/1.1) d####.dd7####.com:80
  • TCP(HTTP/1.1) sty.zk####.com:80
  • TCP(HTTP/1.1) 1####.237.159.24:80
  • TCP(HTTP/1.1) x####.g####.com:8808
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) lo####.suibyu####.com:80
  • TCP(HTTP/1.1) hw9####.new####.com:80
  • TCP(HTTP/1.1) api.applove####.com:80
  • TCP(HTTP/1.1) 13.2####.16.115:8081
  • TCP(HTTP/1.1) api.pla####.com:80
  • TCP(TLS/1.0) food####.space:443
  • TCP(TLS/1.0) securep####.g.doublec####.net:443
  • TCP(TLS/1.0) fo####.site:443
  • TCP(TLS/1.0) wcf.seven####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) gd.a.s####.com:443
  • TCP(TLS/1.0) trac####.yoh####.com:443
  • TCP(TLS/1.0) 1####.250.179.138:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) lp.xl####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) 1####.217.20.74:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) tr####.search####.co:443
  • TCP(TLS/1.0) g####.yeah####.top:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) z.c####.com:443
  • TCP(TLS/1.2) 1####.217.20.74:443
  • TCP(TLS/1.2) 64.2####.165.102:443
  • TCP(TLS/1.2) 64.2####.165.94:443
DNS requests:
  • android####.go####.com
  • api.applove####.com
  • api.bi####.com
  • api.pla####.com
  • api.s####.com
  • d####.dd7####.com
  • fo####.site
  • food####.space
  • g####.yeah####.top
  • hw9####.new####.com
  • instant####.google####.com
  • lo####.suibyu####.com
  • log.koapk####.com
  • lp.xl####.com
  • md####.google####.com
  • ne####.s####.com
  • p####.google####.com
  • pv.s####.com
  • securep####.g.doublec####.net
  • sty.zk####.com
  • tr####.search####.co
  • trac####.yoh####.com
  • wcf.seven####.com
  • www.google-####.com
  • www.googlet####.com
  • x####.g####.com
  • x####.g####.com
  • z12.c####.com
  • z2.c####.com
  • z3.c####.com
  • z5.c####.com
  • z9.c####.com
HTTP GET requests:
  • api.applove####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=##...
  • api.applove####.com/api/v3/template/get?slot_id=####&update_time=####&us...
  • api.pla####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=####&a...
  • api.pla####.com/api/v3/template/get?slot_id=####&update_time=####&user_i...
  • d####.dd7####.com/upload/hw/D10049dex20190529.jar
  • d####.dd7####.com/upload/hw/batdex20191010.jar
  • d####.dd7####.com/upload/hw/c1005dex20190527.jar
  • d####.dd7####.com/upload/hw/kklz02dex20200414.jar
  • d####.dd7####.com/upload/hw/lsdk20200506.jar
  • d####.dd7####.com/upload/plog/game1212.jar
  • d####.dd7####.com/upload/plog/jar20190515.jar
  • d####.dd7####.com/upload/plog/kk20201106.jar
  • d####.dd7####.com/upload/plog/sdk0406.jar
  • d####.dd7####.com/upload/plog/skk20210416.jar
  • d####.dd7####.com/upload/plog/yeah0510.jar
  • lo####.suibyu####.com/android/v1/impression?slot=####&doimp=####&pkg=###...
  • x####.g####.com:8808/a/e?a=####
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP POST requests:
  • api.bi####.com/un
  • hw9####.new####.com/api/activite
  • hw9####.new####.com/api/tbdynamic
  • log.koapk####.com/pgm/sr/gm/gy
  • sty.zk####.com/cc/v1/api?sid=####
  • x####.g####.com:8808/a/f
File system changes:
Creates the following files:
  • /data/data/####/1.dex
  • /data/data/####/1.dex.flock (deleted)
  • /data/data/####/1.jar
  • /data/data/####/1D2ECA4D2366CF6371FF735881567A01
  • /data/data/####/20210508103554.1
  • /data/data/####/20210508103554.dex
  • /data/data/####/20210508103554.dex.flock (deleted)
  • /data/data/####/2467dff4191f29cf_0
  • /data/data/####/28791ff3168a4a3590c3f460f2cb2c39
  • /data/data/####/35a304c2c9f42251_0
  • /data/data/####/5d5b68560355e39f_0
  • /data/data/####/5d5b68560355e39f_1
  • /data/data/####/6342d0610af80df61be9346badebbf04.d
  • /data/data/####/7DE4241D35CEF7E9538EE9A915D72F90.jar
  • /data/data/####/7cfba443c7065e4f87058f05b248403d.d
  • /data/data/####/804cdaaf0e57d09e_0
  • /data/data/####/8868e3b0215cba35ff1c9f4ff5c9df77
  • /data/data/####/Cookies-journal
  • /data/data/####/D10049dex20190529.dex
  • /data/data/####/D10049dex20190529.dex.flock (deleted)
  • /data/data/####/MobikokCommonConfig.xml
  • /data/data/####/MobikokDeviceConfig.xml
  • /data/data/####/RDEwMjM5_iuy_data.xml
  • /data/data/####/RDEwMjM5_uuid_data.xml
  • /data/data/####/Web Data
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/ab0e3ef89a1a7401_0
  • /data/data/####/as_aa.xml
  • /data/data/####/as_aa.xml.bak
  • /data/data/####/base.apk
  • /data/data/####/base.dex
  • /data/data/####/base.dex.flock (deleted)
  • /data/data/####/batdex20191010.dex
  • /data/data/####/batdex20191010.dex.flock (deleted)
  • /data/data/####/by_dis_sadfsadfads.xml
  • /data/data/####/by_dis_sadfsadfads.xml.bak
  • /data/data/####/by_rewfrenfio2pj.ertwe
  • /data/data/####/by_werjklgewjrfer.xml
  • /data/data/####/by_werjklgewjrfer.xml.bak
  • /data/data/####/c1005dex20190527.dex
  • /data/data/####/c1005dex20190527.dex.flock (deleted)
  • /data/data/####/c34a4c3h54e6_TYUYRTTYT
  • /data/data/####/c34a4c3h54e6_ntyjbsdr
  • /data/data/####/com.cc.fea.fewe.try.の.s3u4b34f3f4_YUIYTRYUT
  • /data/data/####/com.cc.iuo.fefew.try.の.s3u4b34f3f4_btybgfbjgf
  • /data/data/####/com.samantha.ferdinand;mass_ct_default.xml
  • /data/data/####/com.samantha.ferdinand_preferences.xml
  • /data/data/####/commainclcv3v.
  • /data/data/####/commainclcv3v.dex
  • /data/data/####/commainclcv3v.dex (deleted)
  • /data/data/####/commainclcv3v.dex.flock (deleted)
  • /data/data/####/commaincvmvvv.
  • /data/data/####/commaincvmvvv.dex
  • /data/data/####/commaincvmvvv.dex.flock (deleted)
  • /data/data/####/data.dex
  • /data/data/####/data.dex (deleted)
  • /data/data/####/data.dex.flock (deleted)
  • /data/data/####/data.jar
  • /data/data/####/data.jar (deleted)
  • /data/data/####/dws3esr.xml
  • /data/data/####/dws3esr.xml.bak
  • /data/data/####/e3grd43rd.data-journal
  • /data/data/####/e3t6rsd.data-journal
  • /data/data/####/game1212.dex
  • /data/data/####/game1212.dex.flock (deleted)
  • /data/data/####/gt5eer.xml
  • /data/data/####/gt5eer.xml.bak
  • /data/data/####/gt5eer.xml.bak (deleted)
  • /data/data/####/i.i.xml
  • /data/data/####/index
  • /data/data/####/jar20190515.dex
  • /data/data/####/jar20190515.dex.flock (deleted)
  • /data/data/####/kk20201106.dex
  • /data/data/####/kk20201106.dex.flock (deleted)
  • /data/data/####/kklz02dex20200414.dex
  • /data/data/####/kklz02dex20200414.dex.flock (deleted)
  • /data/data/####/libnav-6mdw2z.so
  • /data/data/####/lob.xml
  • /data/data/####/lob.xml.bak
  • /data/data/####/lob.xml.bak (deleted)
  • /data/data/####/lsdk20200506.dex
  • /data/data/####/lsdk20200506.dex.flock (deleted)
  • /data/data/####/m2019083117.apk
  • /data/data/####/m2019083117.dex
  • /data/data/####/m2019083117.dex.flock (deleted)
  • /data/data/####/m2020081910.apk
  • /data/data/####/m2020081910.dex
  • /data/data/####/m2020081910.dex.flock (deleted)
  • /data/data/####/metrics_guid
  • /data/data/####/oniow
  • /data/data/####/pl_config.xml
  • /data/data/####/s1s1k1_c2o3n23f2i3g2.xml
  • /data/data/####/s2019083117.apk
  • /data/data/####/s2019083117.dex
  • /data/data/####/s2019083117.dex.flock (deleted)
  • /data/data/####/s2020081910.apk
  • /data/data/####/s2020081910.dex
  • /data/data/####/s2020081910.dex.flock (deleted)
  • /data/data/####/s3p43_OIUTIUYT.xml
  • /data/data/####/s3p43_OIUTIUYT.xml.bak
  • /data/data/####/s3p43_tyjhtyhyrtyrty.xml
  • /data/data/####/s3p43_tyjhtyhyrtyrty.xml.bak
  • /data/data/####/sdk0406.dex
  • /data/data/####/sdk0406.dex.flock (deleted)
  • /data/data/####/skk20210416.dex
  • /data/data/####/skk20210416.dex.flock (deleted)
  • /data/data/####/temp.zip (deleted)
  • /data/data/####/the-real-index
  • /data/data/####/uuid_data.xml
  • /data/data/####/ver.ini.xml
  • /data/data/####/ver.ini.xml.bak
  • /data/data/####/wdc_data.xml
  • /data/data/####/webview_data.lock
  • /data/data/####/wpd.db
  • /data/data/####/wpd.db-journal
  • /data/data/####/wugan-1.0-2021-05-11-09-43-34.dex
  • /data/data/####/wugan-1.0-2021-05-11-09-43-34.dex.flock (deleted)
  • /data/data/####/yeah0510.dex
  • /data/data/####/yeah0510.dex.flock (deleted)
  • /data/media/####/Config.txt
  • /data/media/####/D10049dex20190529.jar
  • /data/media/####/batdex20191010.jar
  • /data/media/####/c1005dex20190527.jar
  • /data/media/####/game1212.jar
  • /data/media/####/jar20190515.jar
  • /data/media/####/kk20201106.jar
  • /data/media/####/kklz02dex20200414.jar
  • /data/media/####/lsdk20200506.jar
  • /data/media/####/sdk0406.jar
  • /data/media/####/skk20210416.jar
  • /data/media/####/yeah0510.jar
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/1557903273-1946341169640221261/1.jar --oat-fd=131 --oat-location=/data/user/0/<Package>/cache/1557903273-1946341169640221261/1.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/20210508103554.1 --oat-fd=81 --oat-location=/data/user/0/<Package>/cache/<Package>/20210508103554.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/7DE4241D35CEF7E9538EE9A915D72F90.jar --oat-fd=125 --oat-location=/data/user/0/<Package>/files/7DE4241D35CEF7E9538EE9A915D72F90.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainclcv3v. --oat-fd=33 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620739076062/commainclcv3v.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainclcv3v. --oat-fd=34 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620739076011/commainclcv3v.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainclcv3v. --oat-fd=34 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620739077614/commainclcv3v.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commaincvmvvv. --oat-fd=125 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620739138111/commaincvmvvv.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=127 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=138 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=95 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2019083117.apk --oat-fd=75 --oat-location=/data/user/0/<Package>/app_dex/m2019083117.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2020081910.apk --oat-fd=126 --oat-location=/data/user/0/<Package>/app_dex/m2020081910.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2019083117.apk --oat-fd=121 --oat-location=/data/user/0/<Package>/app_dex/s2019083117.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2020081910.apk --oat-fd=126 --oat-location=/data/user/0/<Package>/app_dex/s2020081910.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/wugan-1.0-2021-05-11-09-43-34.apk --oat-fd=128 --oat-location=/data/user/0/<Package>/cache/<Package>/wugan-1.0-2021-05-11-09-43-34.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/oat/x86/3421/base.apk --oat-fd=129 --oat-location=/data/user/0/<Package>/oat/x86/3421/base.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/D10049dex20190529.jar --oat-fd=130 --oat-location=/data/user/0/<Package>/D10049dex20190529.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/batdex20191010.jar --oat-fd=121 --oat-location=/data/user/0/<Package>/batdex20191010.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/c1005dex20190527.jar --oat-fd=111 --oat-location=/data/user/0/<Package>/c1005dex20190527.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/game1212.jar --oat-fd=137 --oat-location=/data/user/0/<Package>/game1212.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/jar20190515.jar --oat-fd=135 --oat-location=/data/user/0/<Package>/jar20190515.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/kk20201106.jar --oat-fd=132 --oat-location=/data/user/0/<Package>/kk20201106.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/kklz02dex20200414.jar --oat-fd=78 --oat-location=/data/user/0/<Package>/kklz02dex20200414.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/lsdk20200506.jar --oat-fd=126 --oat-location=/data/user/0/<Package>/lsdk20200506.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/sdk0406.jar --oat-fd=76 --oat-location=/data/user/0/<Package>/sdk0406.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/skk20210416.jar --oat-fd=83 --oat-location=/data/user/0/<Package>/skk20210416.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/yeah0510.jar --oat-fd=133 --oat-location=/data/user/0/<Package>/yeah0510.dex --compiler-filter=speed
Loads the following dynamic libraries:
  • oniow
Uses the following algorithms to encrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • desede-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play