Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Android.Locker.17233

Added to the Dr.Web virus database: 2023-07-27

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Locker.14669
Threat detection based on machine learning.
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(TLS/1.0) dy####.com:443
  • TCP(TLS/1.0) cdn1-sm####.ph####.com:443
  • TCP(TLS/1.0) pla####.google####.com:443
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) ei.ph####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) hw-####.a####.com:443
  • TCP(TLS/1.0) www.go####.ru:443
  • TCP(TLS/1.0) s####.g.doublec####.net:443
  • TCP(TLS/1.0) www.por####.com:443
  • TCP(TLS/1.0) ads.traffic####.net:443
  • TCP(TLS/1.0) di.ph####.com:443
  • TCP(TLS/1.0) h####.por####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) i.cam####.com:443
  • TCP(TLS/1.0) m####.traffic####.net:443
  • TCP(TLS/1.0) i.dy####.com:443
  • TCP(TLS/1.0) st####.traffic####.com:443
  • TCP(TLS/1.0) sto####.google####.com:443
DNS requests:
  • ads.traffic####.net
  • and####.a####.go####.com
  • and####.google####.com
  • cdn1-sm####.ph####.com
  • connect####.gst####.com
  • di.ph####.com
  • dy####.com
  • ei.ph####.com
  • gmscomp####.google####.com
  • h####.por####.com
  • ht-####.a####.com
  • hw-####.a####.com
  • i.cam####.com
  • i.dy####.com
  • m####.traffic####.net
  • p####.google####.com
  • pla####.google####.com
  • rr9---s####.g####.com
  • rr9---s####.g####.com.####.8
  • s####.g.doublec####.net
  • st####.traffic####.com
  • sto####.google####.com
  • v.dy####.com
  • www.go####.com
  • www.go####.ru
  • www.google####.com
  • www.google####.com.####.8
  • www.google-####.com
  • www.googlet####.com
  • www.por####.com
File system changes:
Creates the following files:
  • /data/data/####/000001.dbtmp
  • /data/data/####/0015d056bdd18816_0
  • /data/data/####/011296c6de43a971_0
  • /data/data/####/0157a83a22199784_0
  • /data/data/####/01e6288c623150cf_0
  • /data/data/####/01e6288c623150cf_1
  • /data/data/####/029febc560828f64_0
  • /data/data/####/029febc560828f64_1
  • /data/data/####/04e44d98a656d9fd_0
  • /data/data/####/0529647894fcdb1b_0
  • /data/data/####/05b5f9a52765cee8_0
  • /data/data/####/0a364fb28e1eff70_0
  • /data/data/####/0a364fb28e1eff70_1
  • /data/data/####/0ab4e31af72b8e3a_0
  • /data/data/####/0b8ab4a0903d122d_0
  • /data/data/####/0dc9c16e60477efc_0
  • /data/data/####/0fdf9ccada36f886_0 (deleted)
  • /data/data/####/10e5f51bbc6c8cec_0
  • /data/data/####/11635f02c5c7ae62_0
  • /data/data/####/1222b23074473324_0
  • /data/data/####/1222b23074473324_1
  • /data/data/####/12a6ab2820351259_0
  • /data/data/####/12faf5bbc2a4d69e_0
  • /data/data/####/12faf5bbc2a4d69e_1
  • /data/data/####/12fb9b08ec3652ad_0
  • /data/data/####/13080fe8757a32e0_0
  • /data/data/####/13d2472b524bec67_0
  • /data/data/####/13e77088e80af0e8_0
  • /data/data/####/13e77088e80af0e8_1
  • /data/data/####/14ea6979bee6e5c7_0
  • /data/data/####/1522bcb71bb5bb19_0
  • /data/data/####/1684b520f7484cb4_0
  • /data/data/####/184e71c0a7239ee5_0
  • /data/data/####/19b41c20310f10a7_0
  • /data/data/####/1c1eebe57f72c976_0
  • /data/data/####/1c1eebe57f72c976_1
  • /data/data/####/1c2a42d1a3d758ca_0 (deleted)
  • /data/data/####/1f7043782fc8d119_0
  • /data/data/####/1f89a4680fe98ce0_0
  • /data/data/####/20033642f3506163_0
  • /data/data/####/21615b315858a61c_0
  • /data/data/####/21615b315858a61c_1
  • /data/data/####/21986f86f2b2cca7_0
  • /data/data/####/24b20b0e69d901ee_0
  • /data/data/####/2507661abdcd1208_0
  • /data/data/####/253db71cfe15d4bd_0
  • /data/data/####/25412f4cb6c2205f_0
  • /data/data/####/258944fabac846a8_0
  • /data/data/####/258944fabac846a8_1
  • /data/data/####/25ce9a7e8b7d49f0_0
  • /data/data/####/26118bcee5abf509_0
  • /data/data/####/26d9b7098cc506fd_0 (deleted)
  • /data/data/####/286d7252e52bc459_0 (deleted)
  • /data/data/####/2940195bd9870d6e_0
  • /data/data/####/2940195bd9870d6e_1
  • /data/data/####/2a817e0859adc727_0
  • /data/data/####/2ad3f1606b0b34b7_0
  • /data/data/####/2c3381c13215366e_0
  • /data/data/####/2cc80dabc69f58b6_0
  • /data/data/####/2e96fcba0c305340_0
  • /data/data/####/2e96fcba0c305340_1
  • /data/data/####/2e9f8681781b7335_0
  • /data/data/####/30307017f43d2bf6_0
  • /data/data/####/30307017f43d2bf6_s
  • /data/data/####/317d751cbd10d234_0
  • /data/data/####/33474d826c1f993c_0
  • /data/data/####/33ca8f6ce74fc09c_0
  • /data/data/####/33cab104fd3f33cd_0
  • /data/data/####/342f98b4056aaa03_0
  • /data/data/####/345285701b3c74aa_0
  • /data/data/####/353b27e0a17a260e_0
  • /data/data/####/3634d9a262910eef_0 (deleted)
  • /data/data/####/374ff0e23c7b651b_0
  • /data/data/####/378a2afc2732d74f_0
  • /data/data/####/37c4c8df92d952a6_0
  • /data/data/####/3851bd39fb5aa132_0 (deleted)
  • /data/data/####/387bc38bc2f6db91_0
  • /data/data/####/3a04ffe6a73196e4_0
  • /data/data/####/3a596415387aca00_0
  • /data/data/####/3aeaa0a50e40fbd6_0
  • /data/data/####/3aeaa0a50e40fbd6_1
  • /data/data/####/3d7d3c634506d55d_0
  • /data/data/####/3dd7155d93a1fed9_0
  • /data/data/####/3ea4d78ea985ea67_0
  • /data/data/####/434d868d87874c9d_0
  • /data/data/####/439e4b15dd3b77e9_0
  • /data/data/####/44817c1c10771430_0
  • /data/data/####/448a1373a92e3548_0
  • /data/data/####/45a219bd2c09aca6_0
  • /data/data/####/45b62b25b4fa7e54_0
  • /data/data/####/45baa66ac011f5a5_0
  • /data/data/####/46419dfa9dc2dba6_0
  • /data/data/####/468e01c1fcb8bd71_0
  • /data/data/####/4955c5df5edd6212_0
  • /data/data/####/49aaca07663c0b0f_0
  • /data/data/####/4a80db05f5edba87_0
  • /data/data/####/4a89fdaf34446b94_0
  • /data/data/####/4afd97f81e073633_0
  • /data/data/####/4bd83a3f64da8aaf_0 (deleted)
  • /data/data/####/4cb013792b196a35_0
  • /data/data/####/4cb013792b196a35_1
  • /data/data/####/4d2b30d41d101827_0
  • /data/data/####/4ecf467cdb6fd081_0
  • /data/data/####/4ed92342b9895a0f_0
  • /data/data/####/4ed92342b9895a0f_1
  • /data/data/####/50ad892b1ffd0e75_0
  • /data/data/####/50f182e1c3d7352b_0
  • /data/data/####/52847b1dd1f67213_0
  • /data/data/####/530083c80e4d0b1c_0
  • /data/data/####/532dee2f8b71ce95_0
  • /data/data/####/53fed62e3a766062_0
  • /data/data/####/54d4f165f2590591_0 (deleted)
  • /data/data/####/5505ba76bfec8424_0
  • /data/data/####/5a44e2418a965539_0
  • /data/data/####/5b364c0f8bf88212_0
  • /data/data/####/5c76e5e9dd7b1d7b_0
  • /data/data/####/5ce577687323a903_0
  • /data/data/####/5cee73b9175ff7eb_0
  • /data/data/####/5dd78ea8f97a09c7_0
  • /data/data/####/5ef6cb363c3bbe2d_0
  • /data/data/####/5fa7e46bcb3dbc50_0
  • /data/data/####/60026b12aa093f77_0
  • /data/data/####/6086f05f872a4072_0
  • /data/data/####/61a1b58fbe187bbf_0
  • /data/data/####/6266ba324b18a926_0
  • /data/data/####/62c7a4b13f61aac3_0
  • /data/data/####/63b6e6eebb109cc3_0
  • /data/data/####/63e649c4a844e976_0
  • /data/data/####/64508fa1cd46b0ab_0
  • /data/data/####/64508fa1cd46b0ab_1
  • /data/data/####/6453d2b6ddaf56ed_0
  • /data/data/####/64bd479c901d40a0_0
  • /data/data/####/65774747bf914434_0
  • /data/data/####/65774747bf914434_1
  • /data/data/####/659ff6352dc01de6_0
  • /data/data/####/659ff6352dc01de6_1
  • /data/data/####/664e2183cdf6a7c8_0
  • /data/data/####/66e7834481663201_0
  • /data/data/####/66e7834481663201_1
  • /data/data/####/68281b0c5158a226_0
  • /data/data/####/69ab952715a76203_0
  • /data/data/####/6a4315a22d55ef0a_0
  • /data/data/####/6cf40482e8e69783_0
  • /data/data/####/6d6ae115068b0c8c_0
  • /data/data/####/6da095ef561413f1_0 (deleted)
  • /data/data/####/6edc0726e108ad96_0
  • /data/data/####/6f1d6d73aa4178e3_0
  • /data/data/####/6fccdbd2b3b10adb_0
  • /data/data/####/6fd1cc4e719ee8bc_0
  • /data/data/####/710f4cd27a2a3cff_0
  • /data/data/####/7253de8a8cd319ae_0
  • /data/data/####/730f2df581f147ce_0
  • /data/data/####/75f462102affdde1_0
  • /data/data/####/78344fb9e03a259a_0
  • /data/data/####/78c02932661efb84_0 (deleted)
  • /data/data/####/78c0e1c69df87ffe_0
  • /data/data/####/78c0e1c69df87ffe_s
  • /data/data/####/79b075f4bb0bfc53_0
  • /data/data/####/7bd66c27e8ca5f88_0
  • /data/data/####/7c0c3670ce8c6ef4_0
  • /data/data/####/7c0c3670ce8c6ef4_s
  • /data/data/####/7c36fcfeed892bef_0
  • /data/data/####/7c36fcfeed892bef_1
  • /data/data/####/7c5ddeea4b309c2c_0
  • /data/data/####/7cf7f895ef00b94b_0
  • /data/data/####/7d20f1828d7b1cbe_0
  • /data/data/####/8069312cc1f48e18_0
  • /data/data/####/8069312cc1f48e18_1
  • /data/data/####/81297a439c774582_0
  • /data/data/####/81f6da642a5b95a0_0 (deleted)
  • /data/data/####/82472813e0fe1da9_0
  • /data/data/####/8270bd3a1e4c095d_0
  • /data/data/####/82b084d7f8fa10fc_0
  • /data/data/####/82d205c8f83ecf8e_0
  • /data/data/####/84ec62bc5d24c609_0
  • /data/data/####/868cc0432d0fbd62_0
  • /data/data/####/873431e67fba70de_0
  • /data/data/####/8753fa2389d0efa0_0
  • /data/data/####/88465ccda0bf2454_0
  • /data/data/####/8888bac454c36fa6_0
  • /data/data/####/8888bac454c36fa6_1
  • /data/data/####/88fa35acfc6ca020_0
  • /data/data/####/8951faf4b504aec4_0
  • /data/data/####/8bbe8c0c6117803b_0
  • /data/data/####/8ee0299cd38aa3e3_0
  • /data/data/####/8efb8341a0170a3c_0
  • /data/data/####/8fd2f70bbfccfc6a_0
  • /data/data/####/906a795a0e990be0_0
  • /data/data/####/906a795a0e990be0_1
  • /data/data/####/929518011de848af_0
  • /data/data/####/92f1d0d4497165c0_0
  • /data/data/####/93d166fee456b991_0
  • /data/data/####/93d166fee456b991_1
  • /data/data/####/9402ef73a016ffbb_0
  • /data/data/####/95cae56d052c205b_0
  • /data/data/####/970699dfcfb59ff1_0
  • /data/data/####/9900ebb5a452e8f3_0
  • /data/data/####/9ae1ed240112f4c8_0
  • /data/data/####/9b71edf832d0ae4c_0
  • /data/data/####/9d0b2f1d5439c241_0
  • /data/data/####/9d4a31d287721b71_0
  • /data/data/####/9ed4d8cff0cad434_0
  • /data/data/####/9f33480f50a9a71d_0
  • /data/data/####/9ff2ad5ec204eb8a_0
  • /data/data/####/9ff2ad5ec204eb8a_1
  • /data/data/####/Cookies-journal
  • /data/data/####/Databases.db-journal
  • /data/data/####/Fiqsrt.dex
  • /data/data/####/Fiqsrt.dex.flock (deleted)
  • /data/data/####/IbQDZtREu.dex
  • /data/data/####/IbQDZtREu.dex.flock (deleted)
  • /data/data/####/Jmwic.dex
  • /data/data/####/KuXwJ.dex
  • /data/data/####/KuXwJ.dex.flock (deleted)
  • /data/data/####/MANIFEST-000001
  • /data/data/####/QuotaManager-journal
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a0d85f3c51ddd3ec_0
  • /data/data/####/a1764250d7879f4a_0
  • /data/data/####/a1a0eb390b604316_0
  • /data/data/####/a1a0eb390b604316_1
  • /data/data/####/a2b023ae7cf91c8f_0
  • /data/data/####/a3b6164780c34943_0 (deleted)
  • /data/data/####/a4a86499d9012f9b_0
  • /data/data/####/a4cf00cf65ede0f8_0
  • /data/data/####/a6111854f281b9e5_0
  • /data/data/####/a8bcab969384f86e_0 (deleted)
  • /data/data/####/a9d56e07f351f496_0
  • /data/data/####/aac292c52cc39baf_0
  • /data/data/####/aac292c52cc39baf_1
  • /data/data/####/ab5a3d6b89def132_0
  • /data/data/####/acac0bc7443eeb43_0
  • /data/data/####/acfeca1d52a7cca4_0
  • /data/data/####/ad0ab0a3846e9ea6_0
  • /data/data/####/ad25dc9792420a04_0
  • /data/data/####/ad25dc9792420a04_s
  • /data/data/####/ada50a2f6b89a4a7_0
  • /data/data/####/adb0161b1a8010b0_0
  • /data/data/####/aec5b5f07b0f77ad_0
  • /data/data/####/b003b3d4d04019d6_0
  • /data/data/####/b12f47b824c35b76_0
  • /data/data/####/b25516ddfef9c250_0
  • /data/data/####/b2575f6ecf380ef9_0
  • /data/data/####/b6873d5e91db1a82_0
  • /data/data/####/b71d1b2157203466_0
  • /data/data/####/b92af5ed532df50d_0
  • /data/data/####/b988de412d9a8d88_0
  • /data/data/####/bd49ffa69488246a_0
  • /data/data/####/bde553e0542fa621_0
  • /data/data/####/c0f6e869848eda19_0
  • /data/data/####/c21ccefc339be531_0
  • /data/data/####/c25818358fe3f008_0
  • /data/data/####/c36f7718439e4bba_0
  • /data/data/####/c3e65e8bc3cb75ad_0
  • /data/data/####/c4c95a4a3476bfa9_0
  • /data/data/####/c50ff804420ba6a5_0
  • /data/data/####/c6a1ff306393fa5d_0
  • /data/data/####/c76a5c1b3cc7aa9c_0
  • /data/data/####/c7e3d5e4c9762cd8_0
  • /data/data/####/c9e2ea5bf1c3c60f_0
  • /data/data/####/cb21163042d8660e_0
  • /data/data/####/cb21163042d8660e_s
  • /data/data/####/cc3923e2bf1d04be_0 (deleted)
  • /data/data/####/ce24b48a4c43124d_0
  • /data/data/####/ce6e23fc0cab4a91_0
  • /data/data/####/ce6e23fc0cab4a91_1
  • /data/data/####/cefe8b30135e530d_0
  • /data/data/####/cf3222c6d411b7ec_0
  • /data/data/####/cf6065bce46db94f_0
  • /data/data/####/com.reqgxx_preferences.xml
  • /data/data/####/d01ebfbd31f4fcad_0
  • /data/data/####/d0a74471951bdf1d_0
  • /data/data/####/d10b3e818e533bbd_0
  • /data/data/####/d11ab2a640112800_0
  • /data/data/####/d17618f9fe81d769_0
  • /data/data/####/d1b24b1e189dd435_0
  • /data/data/####/d33d5fd8de91fa7f_0
  • /data/data/####/d33d5fd8de91fa7f_s
  • /data/data/####/d3ff9433f2faf701_0
  • /data/data/####/d4243381eadad9bd_0
  • /data/data/####/d5691f82a4dc4db7_0
  • /data/data/####/d77d655ec40a4bfd_0
  • /data/data/####/d80feaa54722b061_0
  • /data/data/####/d97687764f00595a_0
  • /data/data/####/d9c72ce9ab1c7fd3_0
  • /data/data/####/d9dc7474aaacde5a_0
  • /data/data/####/da1a2d40a30f4e47_0
  • /data/data/####/dabe60a5c84018ee_0
  • /data/data/####/dcd37a536dff139b_0
  • /data/data/####/dcf9723c0a0c1215_0
  • /data/data/####/e09d44f20deddb8f_0
  • /data/data/####/e1465e68ddf4cbfd_0 (deleted)
  • /data/data/####/e33ba4ce1d7537a6_0
  • /data/data/####/e369e1303da1bc13_0
  • /data/data/####/e444e263cf97e259_0
  • /data/data/####/e5b9038f7f1f2bd8_0
  • /data/data/####/e65aedfb7e40afa9_0
  • /data/data/####/e67c41288b6a5845_0
  • /data/data/####/e8a6d8cab0e5f467_0
  • /data/data/####/e8d7ddbcdb9f991d_0 (deleted)
  • /data/data/####/e9bbd7f0c4428445_0
  • /data/data/####/e9ebf6b85169e5c6_0 (deleted)
  • /data/data/####/ea69e58fb9e17352_0
  • /data/data/####/ec3008cc1cd1334e_0
  • /data/data/####/ec798aaea6e2106a_0 (deleted)
  • /data/data/####/eceea16f60580f09_0 (deleted)
  • /data/data/####/ee3bc77719a3eae8_0
  • /data/data/####/efeb4e1ba212fcd4_0
  • /data/data/####/effd37cf07a9b470_0 (deleted)
  • /data/data/####/f4892fae34825ddd_0 (deleted)
  • /data/data/####/f514bf273a48f444_0
  • /data/data/####/f514bf273a48f444_s
  • /data/data/####/f5315b9aee5e8c6b_0
  • /data/data/####/f63444fcb16daf79_0
  • /data/data/####/f677f433f90f8759_0
  • /data/data/####/f68cf50d57589b09_0
  • /data/data/####/f6a3d6b718353577_0
  • /data/data/####/f7c9f819cbb323b3_0
  • /data/data/####/f8dc574918582933_0
  • /data/data/####/faba60cf51b2ccfc_0
  • /data/data/####/fb1e98c2eb55e266_0
  • /data/data/####/fb49133e7febba27_0
  • /data/data/####/fc31a9fdbbddc1f6_0
  • /data/data/####/fc522bcdae9385ac_0
  • /data/data/####/fc79d7e61b559820_0
  • /data/data/####/fd2ed5dc79a11bd7_0
  • /data/data/####/fddbcea3300fb530_0
  • /data/data/####/fee6ef73fdd6723e_0
  • /data/data/####/ff03f34d351f9813_0
  • /data/data/####/index
  • /data/data/####/metrics_guid
  • /data/data/####/the-real-index
  • /data/misc/####/primary.prof
Miscellaneous:
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android