FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Android.BankBot.TgToxic.65

Added to the Dr.Web virus database: 2024-03-27

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • UDP(DNS) <Google DNS>
  • TCP(TLS/1.0) gmscomp####.google####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) sqs.ap-nort####.amazo####.com:443
  • TCP(TLS/1.2) gmscomp####.google####.com:443
  • TCP(TLS/1.2) 74.1####.131.138:443
  • UDP 1####.194.163.20:443
  • UDP gmscomp####.google####.com:443
DNS requests:
  • and####.a####.go####.com
  • and####.google####.com
  • connect####.gst####.com
  • gmscomp####.google####.com
  • rr9---s####.g####.com
  • sqs.ap-nort####.amazo####.com
  • www.google####.com
File system changes:
Creates the following files:
  • /data/anr/traces.txt
  • /data/com.pnwtgv.qkdongfu/####/9GWN042VANWR75KMX8IPY0CUFLGS5OL6.dex
  • /data/data/####/.com_pnwtgv_qkdongfu.meta
  • /data/data/####/0WW9WMJ93JTGUQQOVKKA6FDL8N6LBJUN.dex
  • /data/data/####/150035
  • /data/data/####/19
  • /data/data/####/1BHOIDXCP3AJZIRKOJETRZRHH6O9SRRN.dex
  • /data/data/####/1BHOIDXCP3AJZIRKOJETRZRHH6O9SRRN.dex.flock (deleted)
  • /data/data/####/1MO11YIPYE49CSDKX7JRRZCOC48BE3EO.dex
  • /data/data/####/1MO11YIPYE49CSDKX7JRRZCOC48BE3EO.dex.flock (deleted)
  • /data/data/####/2024-03-27PM051421.rt
  • /data/data/####/2024-03-27PM051421.str
  • /data/data/####/2024-03-27PM051426.so.rt
  • /data/data/####/2024-03-27PM051434.so.rt
  • /data/data/####/2024-03-27PM051444.so.rt
  • /data/data/####/2024-03-27PM051452.so.rt
  • /data/data/####/2024-03-27PM051503.so.rt
  • /data/data/####/2024-03-27PM051516.so.rt
  • /data/data/####/2024-03-27PM051522.so.rt
  • /data/data/####/20240327T171441.dmp.asi
  • /data/data/####/20240327T171524.dmp.asi
  • /data/data/####/250035
  • /data/data/####/29
  • /data/data/####/3OQR38SN44U7EUNMFPLTH9UQ2Y6X8X8Y.dex
  • /data/data/####/3OQR38SN44U7EUNMFPLTH9UQ2Y6X8X8Y.dex.flock (deleted)
  • /data/data/####/4IOBA4ZWSY2XXA04DFUJ8VJNG38Q1Z5.dex (deleted)
  • /data/data/####/4IOBA4ZWSY2XXA04DFUJ8VJNG38Q1Z5.dex.flock (deleted)
  • /data/data/####/4IOBA4ZWSY2XXA04DFUJ8VJNG38Q1Z5.zip
  • /data/data/####/4ZTUMNYKUV4GVR9OQ677FX2WV2XV1IXZ.dex
  • /data/data/####/4ZTUMNYKUV4GVR9OQ677FX2WV2XV1IXZ.dex.flock (deleted)
  • /data/data/####/5R14M1XSD3QZVUZO0NQ5JZ31TQKD4Z7J.dex
  • /data/data/####/5R14M1XSD3QZVUZO0NQ5JZ31TQKD4Z7J.dex.flock (deleted)
  • /data/data/####/60U5JMAPIGBSC7GHDGVAKCGI6F1EPGWW.dex
  • /data/data/####/60U5JMAPIGBSC7GHDGVAKCGI6F1EPGWW.dex.flock (deleted)
  • /data/data/####/6HTGL9ZWFC5KCMPZQLJA7XPN8ATLI9MR.dex
  • /data/data/####/6HTGL9ZWFC5KCMPZQLJA7XPN8ATLI9MR.dex.flock (deleted)
  • /data/data/####/7TJM8BZMBD0H9CH6AL4JX9PFBC2ZEP95.dex
  • /data/data/####/7TJM8BZMBD0H9CH6AL4JX9PFBC2ZEP95.dex.flock (deleted)
  • /data/data/####/8HJOO5PSHPF4VRSJ4U2IQ2NJJRZI9I9N.dex
  • /data/data/####/8HJOO5PSHPF4VRSJ4U2IQ2NJJRZI9I9N.dex.flock (deleted)
  • /data/data/####/97M172R31LS01NRCMXUVA6YFIRLS64Z.dex (deleted)
  • /data/data/####/97M172R31LS01NRCMXUVA6YFIRLS64Z.dex.flock (deleted)
  • /data/data/####/97M172R31LS01NRCMXUVA6YFIRLS64Z.zip
  • /data/data/####/9GWN042VANWR75KMX8IPY0CUFLGS5OL6.dex
  • /data/data/####/BS4S2EJU0JDJDBN95K2K7HZ9OH4OSLO.dex (deleted)
  • /data/data/####/BS4S2EJU0JDJDBN95K2K7HZ9OH4OSLO.dex.flock (deleted)
  • /data/data/####/BS4S2EJU0JDJDBN95K2K7HZ9OH4OSLO.zip
  • /data/data/####/D7XSQLTSP3UNBQZWS3AP7ZR9PUCDW3BZ.dex
  • /data/data/####/D7XSQLTSP3UNBQZWS3AP7ZR9PUCDW3BZ.dex.flock (deleted)
  • /data/data/####/DGEFR0BHJ49P8KQTVNK48A35CJI8QBI4.dex
  • /data/data/####/DGEFR0BHJ49P8KQTVNK48A35CJI8QBI4.dex.flock (deleted)
  • /data/data/####/DPTMP7K6WWA5V77PGD5BJS2EP8VMOCFK.dex
  • /data/data/####/DPTMP7K6WWA5V77PGD5BJS2EP8VMOCFK.dex.flock (deleted)
  • /data/data/####/E0ADN66PUGVGS3GP5WFU8C4Q2JTEHK0C.dex
  • /data/data/####/E0ADN66PUGVGS3GP5WFU8C4Q2JTEHK0C.dex.flock (deleted)
  • /data/data/####/FPVYXVYR75XCOXB3CUDMR6YEB2B9CUG.dex (deleted)
  • /data/data/####/FPVYXVYR75XCOXB3CUDMR6YEB2B9CUG.dex.flock (deleted)
  • /data/data/####/FPVYXVYR75XCOXB3CUDMR6YEB2B9CUG.zip
  • /data/data/####/FWYRBCGFKGQFYAN2R1199PEYQUQPKD4M.dex
  • /data/data/####/FWYRBCGFKGQFYAN2R1199PEYQUQPKD4M.dex.flock (deleted)
  • /data/data/####/GC8L46B9RZ1CAYA4FWOEYFP1GFQ5VB23.dex
  • /data/data/####/GC8L46B9RZ1CAYA4FWOEYFP1GFQ5VB23.dex.flock (deleted)
  • /data/data/####/HN50J5KHDRFQUN91UW3GP04C5STFIG6.dex (deleted)
  • /data/data/####/HN50J5KHDRFQUN91UW3GP04C5STFIG6.dex.flock (deleted)
  • /data/data/####/HN50J5KHDRFQUN91UW3GP04C5STFIG6.zip
  • /data/data/####/IECPkgStoreInfo
  • /data/data/####/J7V0V5MGY60JL1XV2FV1PIGSJYPWAAX2.dex
  • /data/data/####/K9ROC9XKX1RCFR8ZG6IEI2N773JALY5V.dex
  • /data/data/####/K9ROC9XKX1RCFR8ZG6IEI2N773JALY5V.dex.flock (deleted)
  • /data/data/####/MFRRLXUPJUW6S2A84VL3A4ICBC7BVW3.dex (deleted)
  • /data/data/####/MFRRLXUPJUW6S2A84VL3A4ICBC7BVW3.dex.flock (deleted)
  • /data/data/####/MFRRLXUPJUW6S2A84VL3A4ICBC7BVW3.zip
  • /data/data/####/MPBO0HWICLQYPLNUOG91DVGQLWRP3WZ1.dex
  • /data/data/####/MPBO0HWICLQYPLNUOG91DVGQLWRP3WZ1.dex.flock (deleted)
  • /data/data/####/MTR0S9KMWPYY1XV2SC5T1Z42PS3HFKFX.dex
  • /data/data/####/MTR0S9KMWPYY1XV2SC5T1Z42PS3HFKFX.dex.flock (deleted)
  • /data/data/####/N82BNWW388YN22NMJ11T5P2UQQYH85OM.dex
  • /data/data/####/N82BNWW388YN22NMJ11T5P2UQQYH85OM.dex.flock (deleted)
  • /data/data/####/O5LXRRSFD4UGU0KMMPJHGI421UXPDA9.dex (deleted)
  • /data/data/####/O5LXRRSFD4UGU0KMMPJHGI421UXPDA9.dex.flock (deleted)
  • /data/data/####/O5LXRRSFD4UGU0KMMPJHGI421UXPDA9.zip
  • /data/data/####/PUG1TUAHI2S1CCDOLVJVZZC04SO32NY0.dex
  • /data/data/####/PUG1TUAHI2S1CCDOLVJVZZC04SO32NY0.dex.flock (deleted)
  • /data/data/####/RDGFQD5E2LWL30XIXVZ5NJMXRJ90KV4W.dex
  • /data/data/####/RDGFQD5E2LWL30XIXVZ5NJMXRJ90KV4W.dex.flock (deleted)
  • /data/data/####/SYCNMCVWW2UHL64GDNAR4RBNCNSEL7H.dex (deleted)
  • /data/data/####/SYCNMCVWW2UHL64GDNAR4RBNCNSEL7H.dex.flock (deleted)
  • /data/data/####/SYCNMCVWW2UHL64GDNAR4RBNCNSEL7H.zip
  • /data/data/####/T7HO7XOH9N366B5PUONOTOWC989RY8U.dex (deleted)
  • /data/data/####/T7HO7XOH9N366B5PUONOTOWC989RY8U.dex.flock (deleted)
  • /data/data/####/T7HO7XOH9N366B5PUONOTOWC989RY8U.zip
  • /data/data/####/V2AX6209KHQ5XFA4ZM07SQ2GT76EZ6VK.dex
  • /data/data/####/V2AX6209KHQ5XFA4ZM07SQ2GT76EZ6VK.dex.flock (deleted)
  • /data/data/####/VTFACVVMND45PO1E2HO3L9D3NGUZ6TT5.dex
  • /data/data/####/VTFACVVMND45PO1E2HO3L9D3NGUZ6TT5.dex.flock (deleted)
  • /data/data/####/VXBUDRMRJH1G8PF3CI52J2I2FAJLG20.dex (deleted)
  • /data/data/####/VXBUDRMRJH1G8PF3CI52J2I2FAJLG20.dex.flock (deleted)
  • /data/data/####/VXBUDRMRJH1G8PF3CI52J2I2FAJLG20.zip
  • /data/data/####/ZWS4UIRUSBPFL3VLL4MKZ9ZTWDK8OP0.dex (deleted)
  • /data/data/####/ZWS4UIRUSBPFL3VLL4MKZ9ZTWDK8OP0.dex.flock (deleted)
  • /data/data/####/ZWS4UIRUSBPFL3VLL4MKZ9ZTWDK8OP0.zip
  • /data/data/####/cfb9fded403f6b0272b89932942b126ets99nb.oiny
  • /data/data/####/cfb9fded403f6b0272b89932942b126ets99nb.oiny (deleted)
  • /data/data/####/com.android.launcher3.prefs.xml
  • /data/data/####/com.pnwtgv.qkdongfu.uiconfig.json
  • /data/data/####/easyagent.apk
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/proc_auxv
  • /data/data/####/sealed1.obk
  • /data/data/####/sealeh.bdc
  • /data/data/####/spUtils.xml
  • /data/data/####/stat1
  • /data/data/####/working
  • /data/media/####/x800A0000-Octopus
Miscellaneous:
Executes the following shell scripts:
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/4IOBA4ZWSY2XXA04DFUJ8VJNG38Q1Z5.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/4IOBA4ZWSY2XXA04DFUJ8VJNG38Q1Z5.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/4IOBA4ZWSY2XXA04DFUJ8VJNG38Q1Z5.vdex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/60U5JMAPIGBSC7GHDGVAKCGI6F1EPGWW.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/DGEFR0BHJ49P8KQTVNK48A35CJI8QBI4.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/K9ROC9XKX1RCFR8ZG6IEI2N773JALY5V.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/4IOBA4ZWSY2XXA04DFUJ8VJNG38Q1Z5.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/97M172R31LS01NRCMXUVA6YFIRLS64Z.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/BS4S2EJU0JDJDBN95K2K7HZ9OH4OSLO.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/FPVYXVYR75XCOXB3CUDMR6YEB2B9CUG.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/HN50J5KHDRFQUN91UW3GP04C5STFIG6.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/O5LXRRSFD4UGU0KMMPJHGI421UXPDA9.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/SYCNMCVWW2UHL64GDNAR4RBNCNSEL7H.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/T7HO7XOH9N366B5PUONOTOWC989RY8U.zip
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib//1BHOIDXCP3AJZIRKOJETRZRHH6O9SRRN.dex --oat-file=/data/user/0/<Package>/cache//1BHOIDXCP3AJZIRKOJETRZRHH6O9SRRN.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib//4ZTUMNYKUV4GVR9OQ677FX2WV2XV1IXZ.dex --oat-file=/data/user/0/<Package>/cache//4ZTUMNYKUV4GVR9OQ677FX2WV2XV1IXZ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib//N82BNWW388YN22NMJ11T5P2UQQYH85OM.dex --oat-file=/data/user/0/<Package>/cache//N82BNWW388YN22NMJ11T5P2UQQYH85OM.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/0WW9WMJ93JTGUQQOVKKA6FDL8N6LBJUN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/0WW9WMJ93JTGUQQOVKKA6FDL8N6LBJUN.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1MO11YIPYE49CSDKX7JRRZCOC48BE3EO.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1MO11YIPYE49CSDKX7JRRZCOC48BE3EO.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3OQR38SN44U7EUNMFPLTH9UQ2Y6X8X8Y.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3OQR38SN44U7EUNMFPLTH9UQ2Y6X8X8Y.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5R14M1XSD3QZVUZO0NQ5JZ31TQKD4Z7J.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5R14M1XSD3QZVUZO0NQ5JZ31TQKD4Z7J.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/60U5JMAPIGBSC7GHDGVAKCGI6F1EPGWW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/60U5JMAPIGBSC7GHDGVAKCGI6F1EPGWW.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6HTGL9ZWFC5KCMPZQLJA7XPN8ATLI9MR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6HTGL9ZWFC5KCMPZQLJA7XPN8ATLI9MR.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/7TJM8BZMBD0H9CH6AL4JX9PFBC2ZEP95.dex --oat-file=/data/user/0/<Package>/cache/<Package>/7TJM8BZMBD0H9CH6AL4JX9PFBC2ZEP95.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8HJOO5PSHPF4VRSJ4U2IQ2NJJRZI9I9N.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8HJOO5PSHPF4VRSJ4U2IQ2NJJRZI9I9N.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9GWN042VANWR75KMX8IPY0CUFLGS5OL6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9GWN042VANWR75KMX8IPY0CUFLGS5OL6.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D7XSQLTSP3UNBQZWS3AP7ZR9PUCDW3BZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D7XSQLTSP3UNBQZWS3AP7ZR9PUCDW3BZ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DGEFR0BHJ49P8KQTVNK48A35CJI8QBI4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DGEFR0BHJ49P8KQTVNK48A35CJI8QBI4.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DPTMP7K6WWA5V77PGD5BJS2EP8VMOCFK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DPTMP7K6WWA5V77PGD5BJS2EP8VMOCFK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/E0ADN66PUGVGS3GP5WFU8C4Q2JTEHK0C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/E0ADN66PUGVGS3GP5WFU8C4Q2JTEHK0C.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FWYRBCGFKGQFYAN2R1199PEYQUQPKD4M.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FWYRBCGFKGQFYAN2R1199PEYQUQPKD4M.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GC8L46B9RZ1CAYA4FWOEYFP1GFQ5VB23.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GC8L46B9RZ1CAYA4FWOEYFP1GFQ5VB23.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/J7V0V5MGY60JL1XV2FV1PIGSJYPWAAX2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/J7V0V5MGY60JL1XV2FV1PIGSJYPWAAX2.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/K9ROC9XKX1RCFR8ZG6IEI2N773JALY5V.dex --oat-file=/data/user/0/<Package>/cache/<Package>/K9ROC9XKX1RCFR8ZG6IEI2N773JALY5V.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MPBO0HWICLQYPLNUOG91DVGQLWRP3WZ1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MPBO0HWICLQYPLNUOG91DVGQLWRP3WZ1.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MTR0S9KMWPYY1XV2SC5T1Z42PS3HFKFX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MTR0S9KMWPYY1XV2SC5T1Z42PS3HFKFX.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PUG1TUAHI2S1CCDOLVJVZZC04SO32NY0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PUG1TUAHI2S1CCDOLVJVZZC04SO32NY0.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RDGFQD5E2LWL30XIXVZ5NJMXRJ90KV4W.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RDGFQD5E2LWL30XIXVZ5NJMXRJ90KV4W.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/V2AX6209KHQ5XFA4ZM07SQ2GT76EZ6VK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/V2AX6209KHQ5XFA4ZM07SQ2GT76EZ6VK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VTFACVVMND45PO1E2HO3L9D3NGUZ6TT5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VTFACVVMND45PO1E2HO3L9D3NGUZ6TT5.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib//1BHOIDXCP3AJZIRKOJETRZRHH6O9SRRN.dex --oat-file=/data/user/0/<Package>/cache//1BHOIDXCP3AJZIRKOJETRZRHH6O9SRRN.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib//4ZTUMNYKUV4GVR9OQ677FX2WV2XV1IXZ.dex --oat-file=/data/user/0/<Package>/cache//4ZTUMNYKUV4GVR9OQ677FX2WV2XV1IXZ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib//N82BNWW388YN22NMJ11T5P2UQQYH85OM.dex --oat-file=/data/user/0/<Package>/cache//N82BNWW388YN22NMJ11T5P2UQQYH85OM.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/0WW9WMJ93JTGUQQOVKKA6FDL8N6LBJUN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/0WW9WMJ93JTGUQQOVKKA6FDL8N6LBJUN.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1MO11YIPYE49CSDKX7JRRZCOC48BE3EO.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1MO11YIPYE49CSDKX7JRRZCOC48BE3EO.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3OQR38SN44U7EUNMFPLTH9UQ2Y6X8X8Y.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3OQR38SN44U7EUNMFPLTH9UQ2Y6X8X8Y.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5R14M1XSD3QZVUZO0NQ5JZ31TQKD4Z7J.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5R14M1XSD3QZVUZO0NQ5JZ31TQKD4Z7J.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/60U5JMAPIGBSC7GHDGVAKCGI6F1EPGWW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/60U5JMAPIGBSC7GHDGVAKCGI6F1EPGWW.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6HTGL9ZWFC5KCMPZQLJA7XPN8ATLI9MR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6HTGL9ZWFC5KCMPZQLJA7XPN8ATLI9MR.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/7TJM8BZMBD0H9CH6AL4JX9PFBC2ZEP95.dex --oat-file=/data/user/0/<Package>/cache/<Package>/7TJM8BZMBD0H9CH6AL4JX9PFBC2ZEP95.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8HJOO5PSHPF4VRSJ4U2IQ2NJJRZI9I9N.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8HJOO5PSHPF4VRSJ4U2IQ2NJJRZI9I9N.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9GWN042VANWR75KMX8IPY0CUFLGS5OL6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9GWN042VANWR75KMX8IPY0CUFLGS5OL6.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D7XSQLTSP3UNBQZWS3AP7ZR9PUCDW3BZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D7XSQLTSP3UNBQZWS3AP7ZR9PUCDW3BZ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DGEFR0BHJ49P8KQTVNK48A35CJI8QBI4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DGEFR0BHJ49P8KQTVNK48A35CJI8QBI4.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DPTMP7K6WWA5V77PGD5BJS2EP8VMOCFK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DPTMP7K6WWA5V77PGD5BJS2EP8VMOCFK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/E0ADN66PUGVGS3GP5WFU8C4Q2JTEHK0C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/E0ADN66PUGVGS3GP5WFU8C4Q2JTEHK0C.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FWYRBCGFKGQFYAN2R1199PEYQUQPKD4M.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FWYRBCGFKGQFYAN2R1199PEYQUQPKD4M.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GC8L46B9RZ1CAYA4FWOEYFP1GFQ5VB23.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GC8L46B9RZ1CAYA4FWOEYFP1GFQ5VB23.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/J7V0V5MGY60JL1XV2FV1PIGSJYPWAAX2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/J7V0V5MGY60JL1XV2FV1PIGSJYPWAAX2.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/K9ROC9XKX1RCFR8ZG6IEI2N773JALY5V.dex --oat-file=/data/user/0/<Package>/cache/<Package>/K9ROC9XKX1RCFR8ZG6IEI2N773JALY5V.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MPBO0HWICLQYPLNUOG91DVGQLWRP3WZ1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MPBO0HWICLQYPLNUOG91DVGQLWRP3WZ1.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MTR0S9KMWPYY1XV2SC5T1Z42PS3HFKFX.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MTR0S9KMWPYY1XV2SC5T1Z42PS3HFKFX.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PUG1TUAHI2S1CCDOLVJVZZC04SO32NY0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PUG1TUAHI2S1CCDOLVJVZZC04SO32NY0.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RDGFQD5E2LWL30XIXVZ5NJMXRJ90KV4W.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RDGFQD5E2LWL30XIXVZ5NJMXRJ90KV4W.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/V2AX6209KHQ5XFA4ZM07SQ2GT76EZ6VK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/V2AX6209KHQ5XFA4ZM07SQ2GT76EZ6VK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VTFACVVMND45PO1E2HO3L9D3NGUZ6TT5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VTFACVVMND45PO1E2HO3L9D3NGUZ6TT5.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses the following algorithms to decrypt data:
  • DES
  • RSA-ECB-PKCS1Padding
  • desede-CBC-PKCS5Padding
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play