マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.Triada.4928

Added to the Dr.Web virus database: 2021-04-14

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.1007.origin
  • Android.Triada.510.origin
  • Android.Triada.534.origin
  • Android.Triada.559.origin
  • Android.Triada.560.origin
  • Android.Triada.561.origin
  • Android.Triada.567.origin
Threat detection based on machine learning.
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) ycb####.slj####.com:17001
  • TCP(HTTP/1.1) www-new####.b0.a####.com:80
  • TCP(HTTP/1.1) mh####.b0.a####.com:80
  • TCP(HTTP/1.1) 47.95.1####.130:80
  • TCP(HTTP/1.1) c####.zhit####.com:99
  • TCP(HTTP/1.1) 58.2####.92.50:808
  • TCP(HTTP/1.1) imgsnew####.b0.a####.com:80
  • TCP(HTTP/1.1) amo####.aog####.com:19001
  • TCP(HTTP/1.1) 1####.77.67.185:28018
  • TCP(HTTP/1.1) 1713464####.cn-qin####.fc.####.com:80
  • TCP(HTTP/1.1) 2####.73.129.195:28018
  • TCP(HTTP/1.1) 1####.76.103.4:28018
  • TCP(HTTP/1.1) adcha####.bz.m####.com:80
  • TCP(HTTP/1.1) api.40088####.com:8181
  • TCP(HTTP/1.1) c####.jumen####.com:80
  • TCP(HTTP/1.1) api.yunco####.com:80
  • TCP(HTTP/1.1) zha####.zhit####.com:808
  • TCP(HTTP/1.1) www.pc####.com.####.cn:80
  • TCP(HTTP/1.1) ha-qiuc####.b0.a####.com:80
  • TCP(HTTP/1.1) 1####.201.175.19:80
  • TCP(HTTP/1.1) 1####.74.90.25:38018
  • TCP(HTTP/1.1) 1####.114.206.198:28018
  • TCP(HTTP/1.1) kyy####.wwe####.com:17001
  • TCP(HTTP/1.1) 2####.186.173.17:8888
  • TCP(HTTP/1.1) ycb####.slj####.com:17002
  • TCP(HTTP/1.1) p####.hfc####.com:80
  • TCP(HTTP/1.1) m.yue####.com:80
  • TCP(HTTP/1.1) 2####.16.188.238:31828
  • TCP(HTTP/1.1) m.nn####.com:80
  • TCP(HTTP/1.1) lkd####.hvf####.com:10207
  • TCP(HTTP/1.1) mg.meit####.com:8071
  • TCP(TLS/1.0) yun.b####.com:443
  • TCP(TLS/1.0) 2####.85.233.95:443
  • TCP(TLS/1.0) api.fou####.com:443
  • TCP(TLS/1.0) hm.b####.com:443
  • TCP(TLS/1.0) api.g####.vip:443
  • TCP(TLS/1.0) s####.x####.com.cn:443
  • TCP(TLS/1.0) plat####.api.m####.com:443
  • TCP(TLS/1.0) s.51zishe####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) st####.h####.com:443
  • TCP(TLS/1.0) ad####.a####.com:443
  • TCP(TLS/1.0) 1142864####.cn-hang####.fc.####.com:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) g.cn.miao####.com:443
  • TCP(TLS/1.0) 74.1####.205.113:443
  • TCP(TLS/1.0) safebro####.google####.com:443
  • TCP(TLS/1.0) 1####.194.222.95:443
  • TCP(TLS/1.0) 1####.74.90.25:31828
  • TCP(TLS/1.0) ne####.x####.com.cn:443
  • TCP(TLS/1.0) i.gridsum####.com:443
  • TCP(TLS/1.0) www.m####.com:443
  • TCP(TLS/1.0) s3.h####.com:443
  • TCP(TLS/1.0) c####.x####.com.####.com:443
  • TCP(TLS/1.0) w.m####.com:443
  • TCP(TLS/1.2) 64.2####.164.94:443
  • TCP(TLS/1.2) 74.1####.205.113:443
  • TCP(TLS/1.2) 2####.85.233.95:443
DNS requests:
  • ad####.a####.com
  • adcha####.bz.m####.com
  • amo####.aog####.com
  • api.40088####.com
  • api.fou####.com
  • api.g####.vip
  • api.yunco####.com
  • bbt####.wwe####.com
  • c####.jumen####.com
  • c####.x####.com.cn
  • c####.x####.com.cn
  • c####.zhit####.com
  • cn.f####.top
  • css.m####.com
  • dup.baidust####.com
  • fc.b####.com
  • g.cn.miao####.com
  • geb####.slj####.com
  • h####.m####.com
  • ha.qi####.cn
  • hm.b####.com
  • i####.new####.com
  • i.gridsum####.com
  • img.new####.com
  • instant####.google####.com
  • jxs####.slj####.com
  • kyy####.wwe####.com
  • lg.ca####.com
  • lg.ca####.com.####.8
  • lkd####.hvf####.com
  • lla####.slj####.com
  • m.nn####.com
  • m.yue####.com
  • md####.google####.com
  • mg.meit####.com
  • ne####.x####.com.cn
  • p####.bugse####.com
  • p####.google####.com
  • p####.hfc####.com
  • plat####.api.m####.com
  • pq.vs####.net
  • s####.x####.com.cn
  • s.51zishe####.com
  • s1.h####.com
  • s3.h####.com
  • s4.c####.com
  • s5.c####.com
  • s95.c####.com
  • s96.c####.com
  • safebro####.google####.com
  • sm.ca####.com
  • st####.h####.com
  • tys####.wwe####.com
  • v1.c####.com
  • w.i####.com
  • w.m####.com
  • www.m####.com
  • www.new####.com
  • www.pc####.com.cn
  • ycb####.slj####.com
  • yun.b####.com
  • zha####.zhit####.com
HTTP GET requests:
  • adcha####.bz.m####.com/direct?cc=####
  • c####.jumen####.com/init.php
  • c####.zhit####.com:99/newcar/index.html
  • c####.zhit####.com:99/pctja.html
  • c####.zhit####.com:99/wts/index.html?zha####
  • ha-qiuc####.b0.a####.com/
  • ha-qiuc####.b0.a####.com/wo.js?key=####
  • imgsnew####.b0.a####.com/auto/text/css/index.css
  • imgsnew####.b0.a####.com/js/iwt/iwt1.0.1.js
  • m.nn####.com/Urban/2431/play-1-1.html
  • m.nn####.com/js/common.js
  • m.nn####.com/js/function.js
  • m.nn####.com/js/seajump.js
  • m.nn####.com/static/css/stui_color-gray.css
  • m.nn####.com/static/css/stui_default.css
  • m.nn####.com/static/font/iconfont.css
  • m.nn####.com/static/js/bootstrap.min.js
  • m.nn####.com/static/js/jquery.cookie.min.js
  • m.nn####.com/static/js/jquery.js
  • m.nn####.com/static/js/stui_default.js
  • m.yue####.com/mcls_9_2/
  • mh####.b0.a####.com/sdk/cj013_cj013.html
  • p####.hfc####.com/c/12Y7TDHJSTY.zip
  • p####.hfc####.com/c/TeruKyer20210319.zip
  • p####.hfc####.com/c/TuxsTrzt.zip
  • p####.hfc####.com/c/asidahduah.zip
  • p####.hfc####.com/c/jz/elqsydt.zip
  • p####.hfc####.com/c/jz/jyjwbel.zip
  • p####.hfc####.com/c/khbbgytad.zip
  • p####.hfc####.com/c/l/3Y23klvgdyedjsgdjwn.zip
  • p####.hfc####.com/c/ouasdasd.zip
  • p####.hfc####.com/c/puzanhvynvgh.zip
  • p####.hfc####.com/two/bhbasdd
  • www-new####.b0.a####.com/ina_product/logo/30/
  • www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
  • zha####.zhit####.com:808/zhangpc/index.html
  • zha####.zhit####.com:808/zhangpc/yrc_001pc.js
HTTP POST requests:
  • 1713464####.cn-qin####.fc.####.com/gwd/up
  • amo####.aog####.com:19001/vgqcuctsmu/
  • api.40088####.com:8181/v3/entry/list
  • api.yunco####.com/service/rest
  • kyy####.wwe####.com:17001/cbcvu9/
  • lkd####.hvf####.com:10207/jyfcuxnrzk/
  • mg.meit####.com:8071/api/v101
  • ycb####.slj####.com:17001/an2y3z/
  • ycb####.slj####.com:17001/karawc/
  • ycb####.slj####.com:17002/5rhxg/
  • ycb####.slj####.com:17002/6a4it/
  • ycb####.slj####.com:17002/jw1pw/
File system changes:
Creates the following files:
  • /data/data/####/.2403297477.apk
  • /data/data/####/.2403297477.dex
  • /data/data/####/.2403297477.dex.flock (deleted)
  • /data/data/####/.2969407120.apk
  • /data/data/####/.2969407120.dex
  • /data/data/####/.2969407120.dex.flock (deleted)
  • /data/data/####/.3050965755.apk
  • /data/data/####/.3050965755.dex
  • /data/data/####/.3050965755.dex.flock (deleted)
  • /data/data/####/.dli_en3
  • /data/data/####/052da7393728e70c_0
  • /data/data/####/052da7393728e70c_1
  • /data/data/####/0904dd88a702fb1c_0
  • /data/data/####/0904dd88a702fb1c_1
  • /data/data/####/0aced28af8a31c5c_0 (deleted)
  • /data/data/####/1193735283
  • /data/data/####/1502509754
  • /data/data/####/1FCCE49462604F902DDAF017EE4B00E8.dex
  • /data/data/####/1FCCE49462604F902DDAF017EE4B00E8.dex.flock (deleted)
  • /data/data/####/1efe5dcf42ac5511_0
  • /data/data/####/1efe5dcf42ac5511_1
  • /data/data/####/289c742cb05b91e9_0
  • /data/data/####/289c742cb05b91e9_1
  • /data/data/####/2b4ff8d5552fa07d_0
  • /data/data/####/2bb51011981679ff_0
  • /data/data/####/2c8aee03a308f1dc_0
  • /data/data/####/2c8aee03a308f1dc_1
  • /data/data/####/30ca67afa67fdd9e_0
  • /data/data/####/30ca67afa67fdd9e_1
  • /data/data/####/3236707ab33bbec7_0
  • /data/data/####/327f561eab5eb4b2_0
  • /data/data/####/327f561eab5eb4b2_1
  • /data/data/####/3327275
  • /data/data/####/33FC58C31FB491BC01333548F6507866.dex
  • /data/data/####/33FC58C31FB491BC01333548F6507866.dex.flock (deleted)
  • /data/data/####/368329eed6ed9768_0
  • /data/data/####/3e00b748f92e87ec_0
  • /data/data/####/3e00b748f92e87ec_1
  • /data/data/####/424961eba0ff4faf_0
  • /data/data/####/43188e4c7f5bbfa5_0
  • /data/data/####/43188e4c7f5bbfa5_1
  • /data/data/####/47EDB4E7D8953EADC1D68DE1FD348769.dex
  • /data/data/####/47EDB4E7D8953EADC1D68DE1FD348769.dex.flock (deleted)
  • /data/data/####/48d3e985c3df4851_0
  • /data/data/####/491fc489ca5c09e2_0
  • /data/data/####/491fc489ca5c09e2_1
  • /data/data/####/4a3b172293ac5efc_0 (deleted)
  • /data/data/####/4a96897df3ff906b_0
  • /data/data/####/4a96897df3ff906b_1
  • /data/data/####/4b2ec3e245f58a21_0
  • /data/data/####/4b2ec3e245f58a21_1
  • /data/data/####/50e8def63ad9bed1_0
  • /data/data/####/50e8def63ad9bed1_1
  • /data/data/####/54AE2A187DE0596E8A7C359047AE12D5.dex
  • /data/data/####/54AE2A187DE0596E8A7C359047AE12D5.dex.flock (deleted)
  • /data/data/####/5555b7d89bbdb864_0
  • /data/data/####/5555b7d89bbdb864_1
  • /data/data/####/58837f87a0bc315b_0
  • /data/data/####/5A596F7433DA4A9994F78A3553069154.dex
  • /data/data/####/5A596F7433DA4A9994F78A3553069154.dex.flock (deleted)
  • /data/data/####/5ee34b61bf04d841_0
  • /data/data/####/61ab53582e5e1f8a_0
  • /data/data/####/67120a94972228ea_0 (deleted)
  • /data/data/####/68525aca86d6d82f_0
  • /data/data/####/68DEC76182C6E7F775B58FEB5EDC33E0.dex
  • /data/data/####/68DEC76182C6E7F775B58FEB5EDC33E0.dex.flock (deleted)
  • /data/data/####/69b1e2163f0107ad_0
  • /data/data/####/6d4b8488f8f3c4fb_0
  • /data/data/####/6ec054a5ead80582_0
  • /data/data/####/7123828dace3445b_0
  • /data/data/####/7123828dace3445b_1
  • /data/data/####/71b5806edcd51aa9_0
  • /data/data/####/74d334e92f1698cc_0
  • /data/data/####/7a046ea4be95c224_0
  • /data/data/####/7c27969807ed557c_0
  • /data/data/####/7c27969807ed557c_1
  • /data/data/####/7c8c7749d6af0d51_0
  • /data/data/####/7c99b6955eb2950a_0
  • /data/data/####/85205083
  • /data/data/####/860be21b9b16cad9_0
  • /data/data/####/865DDFDE477A3DC51518CBC284893178.dex
  • /data/data/####/865DDFDE477A3DC51518CBC284893178.dex.flock (deleted)
  • /data/data/####/88780759c1951a53_0 (deleted)
  • /data/data/####/8E9A20EC5272B8CE23E7EA5D5F8ABBFE.dex
  • /data/data/####/8E9A20EC5272B8CE23E7EA5D5F8ABBFE.dex.flock (deleted)
  • /data/data/####/8be546bf03ddce82_0
  • /data/data/####/9207d62d18a4ad73_0
  • /data/data/####/9207d62d18a4ad73_1
  • /data/data/####/923d32ae6c25f2b7_0
  • /data/data/####/923d32ae6c25f2b7_1
  • /data/data/####/93678d69142594b9_0
  • /data/data/####/96395d084dd2f43b_0
  • /data/data/####/96395d084dd2f43b_1
  • /data/data/####/985958d976619751_0
  • /data/data/####/985958d976619751_1
  • /data/data/####/9e0abb2a257ab166_0
  • /data/data/####/B8686471FE77E06114217857863A8F31.dex
  • /data/data/####/B8686471FE77E06114217857863A8F31.dex.flock (deleted)
  • /data/data/####/B8686471FE77E06114217857863A8F31.jar
  • /data/data/####/Cookies-journal
  • /data/data/####/D75E99C9A338D24A1F840F280B0877ED.dex
  • /data/data/####/D75E99C9A338D24A1F840F280B0877ED.dex.flock (deleted)
  • /data/data/####/F0736D63ACA7F31E7D1990D953ED1922.dex
  • /data/data/####/F0736D63ACA7F31E7D1990D953ED1922.dex.flock (deleted)
  • /data/data/####/F306422A50185CD1D1975B917A5A5962.dex
  • /data/data/####/F306422A50185CD1D1975B917A5A5962.dex.flock (deleted)
  • /data/data/####/Ix132mMskey1.xml
  • /data/data/####/Ix132mMtasks.xml
  • /data/data/####/Ix132mMtasks.xml.bak
  • /data/data/####/MDEUIUUEIEYY.xml
  • /data/data/####/STORE_MAIN.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/__cid__v1__.dat
  • /data/data/####/__rbpr_up18__
  • /data/data/####/a1fd7c3272b09c56_0
  • /data/data/####/a2b1bf2e2f0b1d2f_0
  • /data/data/####/a2b1bf2e2f0b1d2f_1
  • /data/data/####/a32ce5ffc7fc0e10_0
  • /data/data/####/a32ce5ffc7fc0e10_1
  • /data/data/####/a5dcd5e747e88e99_0
  • /data/data/####/abs.xml
  • /data/data/####/ahq_spu_ti.xml
  • /data/data/####/b6a626a30fc20e76_0 (deleted)
  • /data/data/####/b716dea34989f43b_0
  • /data/data/####/bb8687c283946f75_0
  • /data/data/####/bc29b7b70babcc85_0
  • /data/data/####/bc29b7b70babcc85_1
  • /data/data/####/bc6cba40d46eae4e_0
  • /data/data/####/bc6cba40d46eae4e_1
  • /data/data/####/be554f35dee4bf29_0
  • /data/data/####/be554f35dee4bf29_1
  • /data/data/####/c05507fe881eed5f_0
  • /data/data/####/c05507fe881eed5f_1
  • /data/data/####/c5c3b27db18763fa_0
  • /data/data/####/c5c3b27db18763fa_1
  • /data/data/####/c82b3d7888ca20ee_0
  • /data/data/####/c82b3d7888ca20ee_1
  • /data/data/####/cd05f8f3403d9b81_0 (deleted)
  • /data/data/####/cd6f4a72c3a838a0_0
  • /data/data/####/cd6f4a72c3a838a0_1
  • /data/data/####/cf0ce22c2b3949de_0
  • /data/data/####/cf0ce22c2b3949de_1
  • /data/data/####/com.innw.tspk_preferences.xml
  • /data/data/####/dce3e65cb2a3ba0e_0
  • /data/data/####/dce3e65cb2a3ba0e_1
  • /data/data/####/de367c4e03bc60f3_0
  • /data/data/####/df219ae7e3677b9c_0
  • /data/data/####/df219ae7e3677b9c_1
  • /data/data/####/dkm30
  • /data/data/####/e27f5cb830028b82_0
  • /data/data/####/e27f5cb830028b82_1
  • /data/data/####/e8806c393c212628_0
  • /data/data/####/eHhkX3Nw.xml
  • /data/data/####/ebdce518493d6d0b_0
  • /data/data/####/ef8577d81c3b55fe_0
  • /data/data/####/ef8577d81c3b55fe_1
  • /data/data/####/f3b10db176b0debe_0
  • /data/data/####/f6e2a5639e707016_0
  • /data/data/####/f993b6df975434c9_0
  • /data/data/####/fas.xml
  • /data/data/####/fas.xml.bak
  • /data/data/####/fd6599a46b69da4d_0
  • /data/data/####/fde228ea8ea47c0f_0 (deleted)
  • /data/data/####/http_www.news18a.com_0.localstorage-journal
  • /data/data/####/http_zhangpc.zhitouip.com_808.localstorage-journal
  • /data/data/####/https_w.mgtv.com_0.localstorage-journal
  • /data/data/####/index
  • /data/data/####/km01
  • /data/data/####/km13
  • /data/data/####/km18
  • /data/data/####/km19
  • /data/data/####/km6ow034
  • /data/data/####/libkm05.so
  • /data/data/####/libkm05_64.so
  • /data/data/####/libkm17.so
  • /data/data/####/libkm20.so
  • /data/data/####/libtools.so
  • /data/data/####/libtools64.so
  • /data/data/####/metrics_guid
  • /data/data/####/myconfig.xml
  • /data/data/####/myconfig.xml.bak
  • /data/data/####/pref_bl
  • /data/data/####/ri.xml
  • /data/data/####/sp_name.xml
  • /data/data/####/sp_pnio.xml
  • /data/data/####/spu_gz.xml
  • /data/data/####/szsh.xml
  • /data/data/####/the-real-index
  • /data/data/####/umengc.db
  • /data/data/####/uo.xml
  • /data/data/####/upz_5
  • /data/data/####/v590176.apk
  • /data/data/####/v590176_o
  • /data/data/####/v590176_o.flock (deleted)
  • /data/data/####/w5271832.apk
  • /data/data/####/w5271832.dex
  • /data/data/####/w5271832.dex.flock (deleted)
  • /data/data/####/w5271832_tmp (deleted)
  • /data/media/####/.did
  • /data/media/####/.sxpc
  • /data/media/####/1FCCE49462604F902DDAF017EE4B00E8.temp
  • /data/media/####/1FCCE49462604F902DDAF017EE4B00E8.zip
  • /data/media/####/33FC58C31FB491BC01333548F6507866
  • /data/media/####/33FC58C31FB491BC01333548F6507866.jar
  • /data/media/####/33FC58C31FB491BC01333548F6507866.temp
  • /data/media/####/4150B67B7A25EC827B10016C015401DC
  • /data/media/####/47EDB4E7D8953EADC1D68DE1FD348769
  • /data/media/####/47EDB4E7D8953EADC1D68DE1FD348769.temp
  • /data/media/####/47EDB4E7D8953EADC1D68DE1FD348769.zip
  • /data/media/####/54AE2A187DE0596E8A7C359047AE12D5
  • /data/media/####/54AE2A187DE0596E8A7C359047AE12D5.temp
  • /data/media/####/54AE2A187DE0596E8A7C359047AE12D5.zip
  • /data/media/####/5A596F7433DA4A9994F78A3553069154
  • /data/media/####/5A596F7433DA4A9994F78A3553069154.temp
  • /data/media/####/5A596F7433DA4A9994F78A3553069154.zip
  • /data/media/####/68DEC76182C6E7F775B58FEB5EDC33E0
  • /data/media/####/68DEC76182C6E7F775B58FEB5EDC33E0.temp
  • /data/media/####/68DEC76182C6E7F775B58FEB5EDC33E0.zip
  • /data/media/####/865DDFDE477A3DC51518CBC284893178
  • /data/media/####/865DDFDE477A3DC51518CBC284893178.temp
  • /data/media/####/865DDFDE477A3DC51518CBC284893178.zip
  • /data/media/####/8E9A20EC5272B8CE23E7EA5D5F8ABBFE
  • /data/media/####/8E9A20EC5272B8CE23E7EA5D5F8ABBFE.temp
  • /data/media/####/8E9A20EC5272B8CE23E7EA5D5F8ABBFE.zip
  • /data/media/####/933222D38468A7355428245A267B14FA
  • /data/media/####/B1982BB12AA1D70AE6F0A6179639C8AF
  • /data/media/####/B6CBB835E17D59920451CB35C289C049
  • /data/media/####/BBD54D910D295D7E3D5B6076141D6C61
  • /data/media/####/C428E4BC6FBA4CC143BD8F028EF43452
  • /data/media/####/D1F52F53DF8E090E2243D0705DB02652
  • /data/media/####/D75E99C9A338D24A1F840F280B0877ED
  • /data/media/####/D75E99C9A338D24A1F840F280B0877ED.temp
  • /data/media/####/D75E99C9A338D24A1F840F280B0877ED.zip
  • /data/media/####/F0736D63ACA7F31E7D1990D953ED1922
  • /data/media/####/F0736D63ACA7F31E7D1990D953ED1922.temp
  • /data/media/####/F0736D63ACA7F31E7D1990D953ED1922.zip
  • /data/media/####/F306422A50185CD1D1975B917A5A5962
  • /data/media/####/F306422A50185CD1D1975B917A5A5962.temp
  • /data/media/####/F306422A50185CD1D1975B917A5A5962.zip
  • /data/media/####/F34BADC0FF33B12C163ADCCA1236BF14
  • /data/media/####/F67204BA08EAFA75211D5FE1EB25E5F1
  • /data/media/####/gd
  • /data/media/####/ov
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.2403297477.apk --oat-fd=53 --oat-location=/data/user/0/<Package>/code_cache/.2403297477.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.2969407120.apk --oat-fd=91 --oat-location=/data/user/0/<Package>/code_cache/.2969407120.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/.3050965755.apk --oat-fd=122 --oat-location=/data/user/0/<Package>/code_cache/.3050965755.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/B8686471FE77E06114217857863A8F31.jar --oat-fd=33 --oat-location=/data/user/0/<Package>/files/B8686471FE77E06114217857863A8F31.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/B8686471FE77E06114217857863A8F31.jar --oat-fd=41 --oat-location=/data/user/0/<Package>/files/B8686471FE77E06114217857863A8F31.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/v590176.apk --oat-fd=88 --oat-location=/data/user/0/<Package>/files/v590176_o --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/w5271832.apk --oat-fd=77 --oat-location=/data/user/0/<Package>/files/w5271832.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/ayjk/<Package>/nktu/33FC58C31FB491BC01333548F6507866.jar --oat-fd=44 --oat-location=/data/user/0/<Package>/files/33FC58C31FB491BC01333548F6507866.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/1FCCE49462604F902DDAF017EE4B00E8.zip --oat-fd=118 --oat-location=/data/user/0/<Package>/files/1FCCE49462604F902DDAF017EE4B00E8.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/47EDB4E7D8953EADC1D68DE1FD348769.zip --oat-fd=159 --oat-location=/data/user/0/<Package>/files/47EDB4E7D8953EADC1D68DE1FD348769.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/54AE2A187DE0596E8A7C359047AE12D5.zip --oat-fd=78 --oat-location=/data/user/0/<Package>/files/54AE2A187DE0596E8A7C359047AE12D5.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/5A596F7433DA4A9994F78A3553069154.zip --oat-fd=123 --oat-location=/data/user/0/<Package>/files/5A596F7433DA4A9994F78A3553069154.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/68DEC76182C6E7F775B58FEB5EDC33E0.zip --oat-fd=128 --oat-location=/data/user/0/<Package>/files/68DEC76182C6E7F775B58FEB5EDC33E0.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/865DDFDE477A3DC51518CBC284893178.zip --oat-fd=118 --oat-location=/data/user/0/<Package>/files/865DDFDE477A3DC51518CBC284893178.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/8E9A20EC5272B8CE23E7EA5D5F8ABBFE.zip --oat-fd=95 --oat-location=/data/user/0/<Package>/files/8E9A20EC5272B8CE23E7EA5D5F8ABBFE.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/D75E99C9A338D24A1F840F280B0877ED.zip --oat-fd=56 --oat-location=/data/user/0/<Package>/files/D75E99C9A338D24A1F840F280B0877ED.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/F0736D63ACA7F31E7D1990D953ED1922.zip --oat-fd=53 --oat-location=/data/user/0/<Package>/files/F0736D63ACA7F31E7D1990D953ED1922.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/data/<Package>/files/F306422A50185CD1D1975B917A5A5962.zip --oat-fd=50 --oat-location=/data/user/0/<Package>/files/F306422A50185CD1D1975B917A5A5962.dex --compiler-filter=speed
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • getprop
  • getprop ro.build.version.emui
  • getprop ro.build.version.opporom
  • getprop ro.miui.ui.version.name
  • getprop ro.smartisan.version
  • getprop ro.vivo.os.version
  • getprop ro.yunos.build.version
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • RSA-ECB-PKCS1Padding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-NoPadding
  • AES-CBC-PKCS5Padding
  • AES-CBC-PKCS7Padding
  • RSA-ECB-PKCS1Padding
  • RSA-None-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
Requests the system alert window permission.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android