FÜR NUTZER

Meine Bibliothek
Meine Bibliothek

Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Android.BankBot.TgToxic.56

Added to the Dr.Web virus database: 2023-11-30

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) connect####.gst####.com:80
  • TCP(TLS/1.0) 74.1####.205.139:443
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) rr18---####.g####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.2) 64.2####.162.105:443
  • UDP p####.google####.com:443
DNS requests:
  • and####.a####.go####.com
  • and####.google####.com
  • connect####.gst####.com
  • gmscomp####.google####.com
  • m####.go####.com
  • p####.google####.com
  • rr18---####.g####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
File system changes:
Creates the following files:
  • /data/com.uplksb.xhzeivob/####/6HZ4C5G601EQ5LJI4C1T9NW2TG7LRONX.dex
  • /data/data/####/06DGB22BRYLMK9INAGGYCWNY0SUXDK15.dex
  • /data/data/####/13HOB5S5L3VIQV9P60BSX48GTCPZMCY.dex (deleted)
  • /data/data/####/13HOB5S5L3VIQV9P60BSX48GTCPZMCY.dex.flock (deleted)
  • /data/data/####/13HOB5S5L3VIQV9P60BSX48GTCPZMCY.zip
  • /data/data/####/150035
  • /data/data/####/17DSUD9OD7YRJ6VK4BU137JL128P4FZ7.dex
  • /data/data/####/19
  • /data/data/####/2023-11-30PM094420.rt
  • /data/data/####/2023-11-30PM094420.str
  • /data/data/####/2023-11-30PM094423.so.rt
  • /data/data/####/2023-11-30PM094430.so.rt
  • /data/data/####/2023-11-30PM094437.so.rt
  • /data/data/####/2023-11-30PM094444.so.rt
  • /data/data/####/2023-11-30PM094452.so.rt
  • /data/data/####/2023-11-30PM094459.so.rt
  • /data/data/####/2023-11-30PM094506.so.rt
  • /data/data/####/2023-11-30PM094516.so.rt
  • /data/data/####/2023-11-30PM094522.so.rt
  • /data/data/####/2023-11-30PM094530.so.rt
  • /data/data/####/250035
  • /data/data/####/29
  • /data/data/####/2QMG8H8QTRXFXLVZECY1ZH7UV6YQ76O.dex (deleted)
  • /data/data/####/2QMG8H8QTRXFXLVZECY1ZH7UV6YQ76O.dex.flock (deleted)
  • /data/data/####/2QMG8H8QTRXFXLVZECY1ZH7UV6YQ76O.zip
  • /data/data/####/35BY132F3LP881Z38616V2AIV6R10YK.dex (deleted)
  • /data/data/####/35BY132F3LP881Z38616V2AIV6R10YK.dex.flock (deleted)
  • /data/data/####/35BY132F3LP881Z38616V2AIV6R10YK.zip
  • /data/data/####/439MYVAWARSSVZXSAYZJZP6CFIPBX2XB.dex
  • /data/data/####/4PRK899K15Z0RVOFWMMQAYF7FF3A1EPR.dex
  • /data/data/####/5CGJKW2FI3WZFD0A54M5MC0E75GSX8T6.dex
  • /data/data/####/6EYZIW5V1X3UCKCQ1EA8KDVNYXONX5WD.dex
  • /data/data/####/6HZ4C5G601EQ5LJI4C1T9NW2TG7LRONX.dex
  • /data/data/####/6KUHZEULU4B8KRSDX8V2SKK6MJ5QP4GK.dex
  • /data/data/####/6RJZD16DNIC64EQWGN5NM8UCN07ZNGB.dex (deleted)
  • /data/data/####/6RJZD16DNIC64EQWGN5NM8UCN07ZNGB.dex.flock (deleted)
  • /data/data/####/6RJZD16DNIC64EQWGN5NM8UCN07ZNGB.zip
  • /data/data/####/7P0JYH5ME9ODZ056TBZXV3Y5Z3HWS7OW.dex
  • /data/data/####/7TJYO3JINHKXHWD2UD4B5HT3RG6BUDTD.dex
  • /data/data/####/9JQ1CBBW4JAVTM7W7P175LOBD1F6MTYY.dex
  • /data/data/####/9Q264GX8ADZ5BX1JFI0Y131BANI6IVU.zip
  • /data/data/####/B4MNVGG7KGQVAE3Y395H9L62MIUHWT4Q.dex
  • /data/data/####/BCY3V4WZSW6N6I3QZD5PXL2I2EQPWXCM.dex
  • /data/data/####/CRVM739ILU7UIWV9CR5WLZRTES7ZS3O5.dex
  • /data/data/####/D42JBW7L7G51W8U9R3GKGYV5W7MCIFAK.dex
  • /data/data/####/D7H4QDDO17E33AVSCVAHF7VX5YGPCBF7.dex
  • /data/data/####/DL1F3O3XSI8US46YDZ1SIWIXQ55X6TZ.dex (deleted)
  • /data/data/####/DL1F3O3XSI8US46YDZ1SIWIXQ55X6TZ.dex.flock (deleted)
  • /data/data/####/DL1F3O3XSI8US46YDZ1SIWIXQ55X6TZ.zip
  • /data/data/####/F778J1YSYA8BTTD763ZX9AGC7QX8AQ5Q.dex
  • /data/data/####/G2X4ZQER7UDM8DAFQKK6OSZ2CCI51WL9.dex
  • /data/data/####/GGC58QNPR7X0QEEGJ8S6MN59SNETFZIJ.dex
  • /data/data/####/IWNMDKKHHKZ42JC5KEMGEQP8QA0FBIVB.dex
  • /data/data/####/KBDYERIS63WSR7HCMM7ZNHU4NMLRPA1J.dex
  • /data/data/####/L2EYCWD8UX3H39P7ZMSQXB9NQFQ6AFY.dex (deleted)
  • /data/data/####/L2EYCWD8UX3H39P7ZMSQXB9NQFQ6AFY.dex.flock (deleted)
  • /data/data/####/L2EYCWD8UX3H39P7ZMSQXB9NQFQ6AFY.zip
  • /data/data/####/LI4XXYA9IICXOWTKXN33ZBK40GSBU3Y4.dex
  • /data/data/####/MPDW9L3KJG9WWELV653IV9PVS65DQXIJ.dex
  • /data/data/####/NK6NJ847O82VQY3MVP55PLM6QAAH8DSU.dex
  • /data/data/####/OJ3MV7HA1QJ2ICV5O3LSDZBHM4R7434D.dex
  • /data/data/####/P5T2D7GI80U5FZRH491Z706AD0N2SW34.dex
  • /data/data/####/RLZADRYF7P1SWD3F8EHERYIIRQBPK6W.dex (deleted)
  • /data/data/####/RLZADRYF7P1SWD3F8EHERYIIRQBPK6W.dex.flock (deleted)
  • /data/data/####/RLZADRYF7P1SWD3F8EHERYIIRQBPK6W.zip
  • /data/data/####/RPZAD7AFVDLKGTNFOQL6NEA23275C2W.dex (deleted)
  • /data/data/####/RPZAD7AFVDLKGTNFOQL6NEA23275C2W.dex.flock (deleted)
  • /data/data/####/RPZAD7AFVDLKGTNFOQL6NEA23275C2W.zip
  • /data/data/####/SE4BEC30OYU91EOOPRY3CBVR0NOYP39.dex (deleted)
  • /data/data/####/SE4BEC30OYU91EOOPRY3CBVR0NOYP39.dex.flock (deleted)
  • /data/data/####/SE4BEC30OYU91EOOPRY3CBVR0NOYP39.zip
  • /data/data/####/VGWWAUVYK7XFDVBHXWYCRHN1G5S00P0.dex (deleted)
  • /data/data/####/VGWWAUVYK7XFDVBHXWYCRHN1G5S00P0.dex.flock (deleted)
  • /data/data/####/VGWWAUVYK7XFDVBHXWYCRHN1G5S00P0.zip
  • /data/data/####/VYYPIEODKHUX1VQOBQ4JWMMCTRIEZYZS.dex
  • /data/data/####/XR58Y9LODRQ7N2RCSJ6DN7JHXQW5CJ7R.dex
  • /data/data/####/YE2BEC9FPXZ6W8SI9YQOWD7ZMTWN5HCX.dex
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/proc_auxv
Miscellaneous:
Executes the following shell scripts:
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/06DGB22BRYLMK9INAGGYCWNY0SUXDK15.dex --oat-file=/data/user/0/<Package>/cache/<Package>/06DGB22BRYLMK9INAGGYCWNY0SUXDK15.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/17DSUD9OD7YRJ6VK4BU137JL128P4FZ7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/17DSUD9OD7YRJ6VK4BU137JL128P4FZ7.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/439MYVAWARSSVZXSAYZJZP6CFIPBX2XB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/439MYVAWARSSVZXSAYZJZP6CFIPBX2XB.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/4PRK899K15Z0RVOFWMMQAYF7FF3A1EPR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/4PRK899K15Z0RVOFWMMQAYF7FF3A1EPR.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5CGJKW2FI3WZFD0A54M5MC0E75GSX8T6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5CGJKW2FI3WZFD0A54M5MC0E75GSX8T6.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6EYZIW5V1X3UCKCQ1EA8KDVNYXONX5WD.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6EYZIW5V1X3UCKCQ1EA8KDVNYXONX5WD.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6HZ4C5G601EQ5LJI4C1T9NW2TG7LRONX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6HZ4C5G601EQ5LJI4C1T9NW2TG7LRONX.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6KUHZEULU4B8KRSDX8V2SKK6MJ5QP4GK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6KUHZEULU4B8KRSDX8V2SKK6MJ5QP4GK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/7P0JYH5ME9ODZ056TBZXV3Y5Z3HWS7OW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/7P0JYH5ME9ODZ056TBZXV3Y5Z3HWS7OW.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/7TJYO3JINHKXHWD2UD4B5HT3RG6BUDTD.dex --oat-file=/data/user/0/<Package>/cache/<Package>/7TJYO3JINHKXHWD2UD4B5HT3RG6BUDTD.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9JQ1CBBW4JAVTM7W7P175LOBD1F6MTYY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9JQ1CBBW4JAVTM7W7P175LOBD1F6MTYY.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/B4MNVGG7KGQVAE3Y395H9L62MIUHWT4Q.dex --oat-file=/data/user/0/<Package>/cache/<Package>/B4MNVGG7KGQVAE3Y395H9L62MIUHWT4Q.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BCY3V4WZSW6N6I3QZD5PXL2I2EQPWXCM.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BCY3V4WZSW6N6I3QZD5PXL2I2EQPWXCM.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CRVM739ILU7UIWV9CR5WLZRTES7ZS3O5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CRVM739ILU7UIWV9CR5WLZRTES7ZS3O5.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D42JBW7L7G51W8U9R3GKGYV5W7MCIFAK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D42JBW7L7G51W8U9R3GKGYV5W7MCIFAK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D7H4QDDO17E33AVSCVAHF7VX5YGPCBF7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D7H4QDDO17E33AVSCVAHF7VX5YGPCBF7.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/F778J1YSYA8BTTD763ZX9AGC7QX8AQ5Q.dex --oat-file=/data/user/0/<Package>/cache/<Package>/F778J1YSYA8BTTD763ZX9AGC7QX8AQ5Q.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/G2X4ZQER7UDM8DAFQKK6OSZ2CCI51WL9.dex --oat-file=/data/user/0/<Package>/cache/<Package>/G2X4ZQER7UDM8DAFQKK6OSZ2CCI51WL9.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GGC58QNPR7X0QEEGJ8S6MN59SNETFZIJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GGC58QNPR7X0QEEGJ8S6MN59SNETFZIJ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/IWNMDKKHHKZ42JC5KEMGEQP8QA0FBIVB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/IWNMDKKHHKZ42JC5KEMGEQP8QA0FBIVB.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/KBDYERIS63WSR7HCMM7ZNHU4NMLRPA1J.dex --oat-file=/data/user/0/<Package>/cache/<Package>/KBDYERIS63WSR7HCMM7ZNHU4NMLRPA1J.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/LI4XXYA9IICXOWTKXN33ZBK40GSBU3Y4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/LI4XXYA9IICXOWTKXN33ZBK40GSBU3Y4.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MPDW9L3KJG9WWELV653IV9PVS65DQXIJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MPDW9L3KJG9WWELV653IV9PVS65DQXIJ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/NK6NJ847O82VQY3MVP55PLM6QAAH8DSU.dex --oat-file=/data/user/0/<Package>/cache/<Package>/NK6NJ847O82VQY3MVP55PLM6QAAH8DSU.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OJ3MV7HA1QJ2ICV5O3LSDZBHM4R7434D.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OJ3MV7HA1QJ2ICV5O3LSDZBHM4R7434D.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/P5T2D7GI80U5FZRH491Z706AD0N2SW34.dex --oat-file=/data/user/0/<Package>/cache/<Package>/P5T2D7GI80U5FZRH491Z706AD0N2SW34.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VYYPIEODKHUX1VQOBQ4JWMMCTRIEZYZS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VYYPIEODKHUX1VQOBQ4JWMMCTRIEZYZS.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XR58Y9LODRQ7N2RCSJ6DN7JHXQW5CJ7R.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XR58Y9LODRQ7N2RCSJ6DN7JHXQW5CJ7R.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YE2BEC9FPXZ6W8SI9YQOWD7ZMTWN5HCX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YE2BEC9FPXZ6W8SI9YQOWD7ZMTWN5HCX.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/06DGB22BRYLMK9INAGGYCWNY0SUXDK15.dex --oat-file=/data/user/0/<Package>/cache/<Package>/06DGB22BRYLMK9INAGGYCWNY0SUXDK15.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/17DSUD9OD7YRJ6VK4BU137JL128P4FZ7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/17DSUD9OD7YRJ6VK4BU137JL128P4FZ7.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/439MYVAWARSSVZXSAYZJZP6CFIPBX2XB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/439MYVAWARSSVZXSAYZJZP6CFIPBX2XB.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/4PRK899K15Z0RVOFWMMQAYF7FF3A1EPR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/4PRK899K15Z0RVOFWMMQAYF7FF3A1EPR.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5CGJKW2FI3WZFD0A54M5MC0E75GSX8T6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5CGJKW2FI3WZFD0A54M5MC0E75GSX8T6.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6EYZIW5V1X3UCKCQ1EA8KDVNYXONX5WD.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6EYZIW5V1X3UCKCQ1EA8KDVNYXONX5WD.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6HZ4C5G601EQ5LJI4C1T9NW2TG7LRONX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6HZ4C5G601EQ5LJI4C1T9NW2TG7LRONX.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6KUHZEULU4B8KRSDX8V2SKK6MJ5QP4GK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6KUHZEULU4B8KRSDX8V2SKK6MJ5QP4GK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/7P0JYH5ME9ODZ056TBZXV3Y5Z3HWS7OW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/7P0JYH5ME9ODZ056TBZXV3Y5Z3HWS7OW.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/7TJYO3JINHKXHWD2UD4B5HT3RG6BUDTD.dex --oat-file=/data/user/0/<Package>/cache/<Package>/7TJYO3JINHKXHWD2UD4B5HT3RG6BUDTD.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9JQ1CBBW4JAVTM7W7P175LOBD1F6MTYY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9JQ1CBBW4JAVTM7W7P175LOBD1F6MTYY.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/B4MNVGG7KGQVAE3Y395H9L62MIUHWT4Q.dex --oat-file=/data/user/0/<Package>/cache/<Package>/B4MNVGG7KGQVAE3Y395H9L62MIUHWT4Q.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BCY3V4WZSW6N6I3QZD5PXL2I2EQPWXCM.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BCY3V4WZSW6N6I3QZD5PXL2I2EQPWXCM.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CRVM739ILU7UIWV9CR5WLZRTES7ZS3O5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CRVM739ILU7UIWV9CR5WLZRTES7ZS3O5.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D42JBW7L7G51W8U9R3GKGYV5W7MCIFAK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D42JBW7L7G51W8U9R3GKGYV5W7MCIFAK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D7H4QDDO17E33AVSCVAHF7VX5YGPCBF7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D7H4QDDO17E33AVSCVAHF7VX5YGPCBF7.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/F778J1YSYA8BTTD763ZX9AGC7QX8AQ5Q.dex --oat-file=/data/user/0/<Package>/cache/<Package>/F778J1YSYA8BTTD763ZX9AGC7QX8AQ5Q.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/G2X4ZQER7UDM8DAFQKK6OSZ2CCI51WL9.dex --oat-file=/data/user/0/<Package>/cache/<Package>/G2X4ZQER7UDM8DAFQKK6OSZ2CCI51WL9.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GGC58QNPR7X0QEEGJ8S6MN59SNETFZIJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GGC58QNPR7X0QEEGJ8S6MN59SNETFZIJ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/IWNMDKKHHKZ42JC5KEMGEQP8QA0FBIVB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/IWNMDKKHHKZ42JC5KEMGEQP8QA0FBIVB.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/KBDYERIS63WSR7HCMM7ZNHU4NMLRPA1J.dex --oat-file=/data/user/0/<Package>/cache/<Package>/KBDYERIS63WSR7HCMM7ZNHU4NMLRPA1J.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/LI4XXYA9IICXOWTKXN33ZBK40GSBU3Y4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/LI4XXYA9IICXOWTKXN33ZBK40GSBU3Y4.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MPDW9L3KJG9WWELV653IV9PVS65DQXIJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MPDW9L3KJG9WWELV653IV9PVS65DQXIJ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/NK6NJ847O82VQY3MVP55PLM6QAAH8DSU.dex --oat-file=/data/user/0/<Package>/cache/<Package>/NK6NJ847O82VQY3MVP55PLM6QAAH8DSU.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OJ3MV7HA1QJ2ICV5O3LSDZBHM4R7434D.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OJ3MV7HA1QJ2ICV5O3LSDZBHM4R7434D.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/P5T2D7GI80U5FZRH491Z706AD0N2SW34.dex --oat-file=/data/user/0/<Package>/cache/<Package>/P5T2D7GI80U5FZRH491Z706AD0N2SW34.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VYYPIEODKHUX1VQOBQ4JWMMCTRIEZYZS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VYYPIEODKHUX1VQOBQ4JWMMCTRIEZYZS.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XR58Y9LODRQ7N2RCSJ6DN7JHXQW5CJ7R.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XR58Y9LODRQ7N2RCSJ6DN7JHXQW5CJ7R.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YE2BEC9FPXZ6W8SI9YQOWD7ZMTWN5HCX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YE2BEC9FPXZ6W8SI9YQOWD7ZMTWN5HCX.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play