ユーザー向け情報

マイライブラリ
マイライブラリ

マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.BankBot.TgToxic.36

Added to the Dr.Web virus database: 2023-09-20

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) 64.2####.165.94:80
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) 64.2####.165.94:443
  • TCP(TLS/1.0) rr18---####.g####.com:443
  • TCP(TLS/1.0) c####.x####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) sqs.ap-nort####.amazo####.com:443
  • TCP(TLS/1.2) p####.google####.com:443
  • TCP(TLS/1.2) 64.2####.165.139:443
  • TCP(TLS/1.2) 64.2####.164.104:443
  • TCP(TLS/1.2) 64.2####.165.113:443
  • TCP(TLS/1.2) 64.2####.165.94:443
  • UDP p####.google####.com:443
DNS requests:
  • c####.x####.com
  • m####.go####.com
  • md####.google####.com
  • p####.google####.com
  • rr18---####.g####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
  • sqs.ap-nort####.amazo####.com
  • www.go####.com
  • www.google####.com
HTTP POST requests:
  • sqs.ap-nort####.amazo####.com:443/664144478517/report_queue_svc
File system changes:
Creates the following files:
  • /data/com.zdhevt.rlscfvqd/####/IO72P4KX5G78AV0TWY20II1GYIGRRQRZ.dex
  • /data/data/####/.com_zdhevt_rlscfvqd.meta
  • /data/data/####/0D11RNCJ5KEOE0OQQP7L8AGQTIX1LEH.dex
  • /data/data/####/0D11RNCJ5KEOE0OQQP7L8AGQTIX1LEH.dex.flock (deleted)
  • /data/data/####/0D11RNCJ5KEOE0OQQP7L8AGQTIX1LEH.zip
  • /data/data/####/0H1H7NOJT8Y0YW8QQLBD4A8A5UTXXQ1.dex
  • /data/data/####/0H1H7NOJT8Y0YW8QQLBD4A8A5UTXXQ1.dex.flock (deleted)
  • /data/data/####/0H1H7NOJT8Y0YW8QQLBD4A8A5UTXXQ1.zip
  • /data/data/####/1695168303342_5723
  • /data/data/####/19
  • /data/data/####/2023-09-20AM030415.str
  • /data/data/####/262SS5OYLNDZ55F7QK2H71FQ3YUYFUO.dex
  • /data/data/####/262SS5OYLNDZ55F7QK2H71FQ3YUYFUO.dex.flock (deleted)
  • /data/data/####/262SS5OYLNDZ55F7QK2H71FQ3YUYFUO.zip
  • /data/data/####/27VNDHMTNICA0U248FTRAOU0BCJRZKN.dex
  • /data/data/####/27VNDHMTNICA0U248FTRAOU0BCJRZKN.dex.flock (deleted)
  • /data/data/####/27VNDHMTNICA0U248FTRAOU0BCJRZKN.zip
  • /data/data/####/29
  • /data/data/####/2BV3DXYTB6W2KQM48BXZ6OM4NOF7RG7.dex
  • /data/data/####/2BV3DXYTB6W2KQM48BXZ6OM4NOF7RG7.dex.flock (deleted)
  • /data/data/####/2BV3DXYTB6W2KQM48BXZ6OM4NOF7RG7.zip
  • /data/data/####/3PNYWZRMN189DCDAEH8BHT5ZZ4AFU5HH.dex
  • /data/data/####/3PNYWZRMN189DCDAEH8BHT5ZZ4AFU5HH.dex.flock (deleted)
  • /data/data/####/3W0OY2FYG3LZLZJTPG6OJ5FP8HK4SL0.dex
  • /data/data/####/3W0OY2FYG3LZLZJTPG6OJ5FP8HK4SL0.dex.flock (deleted)
  • /data/data/####/3W0OY2FYG3LZLZJTPG6OJ5FP8HK4SL0.zip
  • /data/data/####/6110LHZCBW9O069B2TJ2VD1RKYXX25QB.dex
  • /data/data/####/64MT8YLQU4W3BG6YZPO9UDTPYHQWZDF.dex
  • /data/data/####/64MT8YLQU4W3BG6YZPO9UDTPYHQWZDF.dex.flock (deleted)
  • /data/data/####/64MT8YLQU4W3BG6YZPO9UDTPYHQWZDF.zip
  • /data/data/####/68298EXQISGVVCAYFLS1QTL9ATMCBPZ.dex
  • /data/data/####/68298EXQISGVVCAYFLS1QTL9ATMCBPZ.dex.flock (deleted)
  • /data/data/####/68298EXQISGVVCAYFLS1QTL9ATMCBPZ.zip
  • /data/data/####/6PJ0O9GM8X2EXH76GCHDTF8AH4NXNC3L.dex
  • /data/data/####/6PJ0O9GM8X2EXH76GCHDTF8AH4NXNC3L.dex.flock (deleted)
  • /data/data/####/7PRETN2VZ150C53NGEDY7UMA3QVT0IS.dex
  • /data/data/####/7PRETN2VZ150C53NGEDY7UMA3QVT0IS.dex.flock (deleted)
  • /data/data/####/7PRETN2VZ150C53NGEDY7UMA3QVT0IS.zip
  • /data/data/####/7TRUT3EVNP5SW17NGQ1Q3AEEVMR9CES.dex
  • /data/data/####/7TRUT3EVNP5SW17NGQ1Q3AEEVMR9CES.dex.flock (deleted)
  • /data/data/####/7TRUT3EVNP5SW17NGQ1Q3AEEVMR9CES.zip
  • /data/data/####/8UGZESJ04YUDDE0CH3MN0BFFOJ0Q17L.dex
  • /data/data/####/8UGZESJ04YUDDE0CH3MN0BFFOJ0Q17L.dex.flock (deleted)
  • /data/data/####/8UGZESJ04YUDDE0CH3MN0BFFOJ0Q17L.zip
  • /data/data/####/8YWFE8VGSMUPXAKWXFQFWR7Z0VW6DJ5.dex
  • /data/data/####/8YWFE8VGSMUPXAKWXFQFWR7Z0VW6DJ5.dex.flock (deleted)
  • /data/data/####/8YWFE8VGSMUPXAKWXFQFWR7Z0VW6DJ5.zip
  • /data/data/####/8a54fb2049d75fc91e84540316cf8f1ets99nb.zrto
  • /data/data/####/93L0ZXCLHZ32YZHLY4ZK9804L413U8Y.dex
  • /data/data/####/93L0ZXCLHZ32YZHLY4ZK9804L413U8Y.dex.flock (deleted)
  • /data/data/####/93L0ZXCLHZ32YZHLY4ZK9804L413U8Y.zip
  • /data/data/####/9NLGZD4L5N3UIFLLYG3C5OSOXGDZ6KI.dex
  • /data/data/####/9NLGZD4L5N3UIFLLYG3C5OSOXGDZ6KI.dex.flock (deleted)
  • /data/data/####/9NLGZD4L5N3UIFLLYG3C5OSOXGDZ6KI.zip
  • /data/data/####/9ZLKZH0LTBJAY3XLY8VCD88K9S572WY.dex
  • /data/data/####/9ZLKZH0LTBJAY3XLY8VCD88K9S572WY.dex.flock (deleted)
  • /data/data/####/9ZLKZH0LTBJAY3XLY8VCD88K9S572WY.zip
  • /data/data/####/A4BQGF0826H1QOOHBMFWNNFK3KYLFXK.dex
  • /data/data/####/A4BQGF0826H1QOOHBMFWNNFK3KYLFXK.dex.flock (deleted)
  • /data/data/####/A4BQGF0826H1QOOHBMFWNNFK3KYLFXK.zip
  • /data/data/####/Archimedes_p1
  • /data/data/####/Archimedes_p2
  • /data/data/####/Archimedes_p3
  • /data/data/####/Archimedes_p4
  • /data/data/####/Archimedes_p5
  • /data/data/####/BPJMKJNMZ1SXT8DI6XSV5TT7B82FM91H.dex
  • /data/data/####/BPJMKJNMZ1SXT8DI6XSV5TT7B82FM91H.dex.flock (deleted)
  • /data/data/####/CCGP0MBDR7LC2EEO3CC6EZH50VIXFRMN.dex
  • /data/data/####/CHD5VFSJPKMWAK4EQDVL8E0U9A99DIP.dex
  • /data/data/####/CHD5VFSJPKMWAK4EQDVL8E0U9A99DIP.dex.flock (deleted)
  • /data/data/####/CHD5VFSJPKMWAK4EQDVL8E0U9A99DIP.zip
  • /data/data/####/CLTLVV4JD868UGOE6PZD4ESE1ML5PUP.dex
  • /data/data/####/CLTLVV4JD868UGOE6PZD4ESE1ML5PUP.dex.flock (deleted)
  • /data/data/####/CLTLVV4JD868UGOE6PZD4ESE1ML5PUP.zip
  • /data/data/####/DI2QGOXO6TR1BDX37602PF1VI7IQ2BI.dex
  • /data/data/####/DI2QGOXO6TR1BDX37602PF1VI7IQ2BI.dex.flock (deleted)
  • /data/data/####/DI2QGOXO6TR1BDX37602PF1VI7IQ2BI.zip
  • /data/data/####/DM41LAI9EMGHS8H4HZJ77FCCKCK7UVQ8.dex
  • /data/data/####/DM41LAI9EMGHS8H4HZJ77FCCKCK7UVQ8.dex.flock (deleted)
  • /data/data/####/DMIQG49OUHBTB913724ALVTFUJE6E7I.dex
  • /data/data/####/DMIQG49OUHBTB913724ALVTFUJE6E7I.dex.flock (deleted)
  • /data/data/####/DMIQG49OUHBTB913724ALVTFUJE6E7I.zip
  • /data/data/####/EBNR192T72KIWEIS83H7UCE4R4VZ78V.dex
  • /data/data/####/EBNR192T72KIWEIS83H7UCE4R4VZ78V.dex.flock (deleted)
  • /data/data/####/EBNR192T72KIWEIS83H7UCE4R4VZ78V.zip
  • /data/data/####/EUUZEO531XZMSGOQ9Q6KW97Z29G7LHSL.dex
  • /data/data/####/EUUZEO531XZMSGOQ9Q6KW97Z29G7LHSL.dex.flock (deleted)
  • /data/data/####/FKCSMUVE0NT7HJZHP4UOJ9ZTO9WCK98.dex
  • /data/data/####/FKCSMUVE0NT7HJZHP4UOJ9ZTO9WCK98.dex.flock (deleted)
  • /data/data/####/FKCSMUVE0NT7HJZHP4UOJ9ZTO9WCK98.zip
  • /data/data/####/GF7QJBPY5U7UQ0JHSB18X379AONBK741.dex
  • /data/data/####/GF7QJBPY5U7UQ0JHSB18X379AONBK741.dex.flock (deleted)
  • /data/data/####/I4YXWAPQQ04JNK2MZHO1Y1LP2XQ8F53.dex
  • /data/data/####/I4YXWAPQQ04JNK2MZHO1Y1LP2XQ8F53.dex.flock (deleted)
  • /data/data/####/I4YXWAPQQ04JNK2MZHO1Y1LP2XQ8F53.zip
  • /data/data/####/I8EXWQHQEO4B7GMMFDC9UHDTE924RHN.dex
  • /data/data/####/I8EXWQHQEO4B7GMMFDC9UHDTE924RHN.dex.flock (deleted)
  • /data/data/####/I8EXWQHQEO4B7GMMFDC9UHDTE924RHN.zip
  • /data/data/####/IECPkgStoreInfo
  • /data/data/####/IO72P4KX5G78AV0TWY20II1GYIGRRQRZ.dex
  • /data/data/####/JD3IHVYVJLD88PJBGI1Y7Y6EZ271S6G.dex
  • /data/data/####/JD3IHVYVJLD88PJBGI1Y7Y6EZ271S6G.dex.flock (deleted)
  • /data/data/####/JD3IHVYVJLD88PJBGI1Y7Y6EZ271S6G.zip
  • /data/data/####/KASNMOB0C6Y1PMS0HZ2NSZFVGN465N9.dex
  • /data/data/####/KASNMOB0C6Y1PMS0HZ2NSZFVGN465N9.dex.flock (deleted)
  • /data/data/####/KASNMOB0C6Y1PMS0HZ2NSZFVGN465N9.zip
  • /data/data/####/L7X4NP8L1JBAUJX9Y8NK9CK8HWDBMC6.dex
  • /data/data/####/L7X4NP8L1JBAUJX9Y8NK9CK8HWDBMC6.dex.flock (deleted)
  • /data/data/####/L7X4NP8L1JBAUJX9Y8NK9CK8HWDBMC6.zip
  • /data/data/####/Lock0
  • /data/data/####/Lock2
  • /data/data/####/Lock7
  • /data/data/####/NC08YM3YSF1N13ZTP42WN5N5G5O8G90.dex
  • /data/data/####/NC08YM3YSF1N13ZTP42WN5N5G5O8G90.dex.flock (deleted)
  • /data/data/####/NC08YM3YSF1N13ZTP42WN5N5G5O8G90.zip
  • /data/data/####/PAUU4WPOE1J17TXR76SALJDJAB6E6BQ.dex
  • /data/data/####/PAUU4WPOE1J17TXR76SALJDJAB6E6BQ.dex.flock (deleted)
  • /data/data/####/PAUU4WPOE1J17TXR76SALJDJAB6E6BQ.zip
  • /data/data/####/PL9U5FK6WK69VZ3TK5D7VWUUL8NMOKVC.dex
  • /data/data/####/PL9U5FK6WK69VZ3TK5D7VWUUL8NMOKVC.dex.flock (deleted)
  • /data/data/####/PUC19E6HAYSPCOH0TBJNZFWKS8KF6BMW.dex
  • /data/data/####/PUC19E6HAYSPCOH0TBJNZFWKS8KF6BMW.dex.flock (deleted)
  • /data/data/####/RWOKAABYK7XJ9B75POMWFH7P414CCTC.dex
  • /data/data/####/RWOKAABYK7XJ9B75POMWFH7P414CCTC.dex.flock (deleted)
  • /data/data/####/RWOKAABYK7XJ9B75POMWFH7P414CCTC.zip
  • /data/data/####/TDCloud_Control_Cache_Param1
  • /data/data/####/TD_AES_DATA_LOCK
  • /data/data/####/TD_AES_IV_LOCK
  • /data/data/####/TD_AES_SALT_LOCK
  • /data/data/####/TD_app_pefercen_profile.xml
  • /data/data/####/TD_app_pefercen_profile.xml.bak
  • /data/data/####/UKA5KMHQY88NZSUAZX41QP15U1A4J1R.dex
  • /data/data/####/UKA5KMHQY88NZSUAZX41QP15U1A4J1R.dex.flock (deleted)
  • /data/data/####/UKA5KMHQY88NZSUAZX41QP15U1A4J1R.zip
  • /data/data/####/WE4RQGRGWQ69LM8OHNQNS3FZWFGUXRX.dex
  • /data/data/####/WE4RQGRGWQ69LM8OHNQNS3FZWFGUXRX.dex.flock (deleted)
  • /data/data/####/WE4RQGRGWQ69LM8OHNQNS3FZWFGUXRX.zip
  • /data/data/####/XJ9CBL8LL3VMMV5XYCZC5K84HOLREGA.dex
  • /data/data/####/XJ9CBL8LL3VMMV5XYCZC5K84HOLREGA.dex.flock (deleted)
  • /data/data/####/XJ9CBL8LL3VMMV5XYCZC5K84HOLREGA.zip
  • /data/data/####/XN9SB10L9RFY6RPXYO3K10KOT0X7QSA.dex
  • /data/data/####/XN9SB10L9RFY6RPXYO3K10KOT0X7QSA.dex.flock (deleted)
  • /data/data/####/XN9SB10L9RFY6RPXYO3K10KOT0X7QSA.zip
  • /data/data/####/Z8WG6IVY0NPBDBRH9KYGVTNL8PS44PO.dex
  • /data/data/####/Z8WG6IVY0NPBDBRH9KYGVTNL8PS44PO.dex.flock (deleted)
  • /data/data/####/Z8WG6IVY0NPBDBRH9KYGVTNL8PS44PO.zip
  • /data/data/####/com.android.launcher3.prefs.xml
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/iv
  • /data/data/####/proc_auxv
  • /data/data/####/salt
  • /data/data/####/sealed1.obk
  • /data/data/####/sealed2.obk
  • /data/data/####/sealed3.obk
  • /data/data/####/sealeh.bdc
  • /data/data/####/spUtils.xml
  • /data/data/####/stat1
  • /data/data/####/stat2
  • /data/data/####/stat3
  • /data/data/####/tdid.xml
  • /data/data/####/working
Miscellaneous:
Executes the following shell scripts:
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/27VNDHMTNICA0U248FTRAOU0BCJRZKN.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/9NLGZD4L5N3UIFLLYG3C5OSOXGDZ6KI.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/CLTLVV4JD868UGOE6PZD4ESE1ML5PUP.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/L7X4NP8L1JBAUJX9Y8NK9CK8HWDBMC6.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/XJ9CBL8LL3VMMV5XYCZC5K84HOLREGA.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/27VNDHMTNICA0U248FTRAOU0BCJRZKN.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/27VNDHMTNICA0U248FTRAOU0BCJRZKN.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/9NLGZD4L5N3UIFLLYG3C5OSOXGDZ6KI.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/9NLGZD4L5N3UIFLLYG3C5OSOXGDZ6KI.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/CLTLVV4JD868UGOE6PZD4ESE1ML5PUP.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/CLTLVV4JD868UGOE6PZD4ESE1ML5PUP.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/L7X4NP8L1JBAUJX9Y8NK9CK8HWDBMC6.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/L7X4NP8L1JBAUJX9Y8NK9CK8HWDBMC6.vdex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/XJ9CBL8LL3VMMV5XYCZC5K84HOLREGA.odex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/oat/arm/XJ9CBL8LL3VMMV5XYCZC5K84HOLREGA.vdex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/3PNYWZRMN189DCDAEH8BHT5ZZ4AFU5HH.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/6PJ0O9GM8X2EXH76GCHDTF8AH4NXNC3L.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/BPJMKJNMZ1SXT8DI6XSV5TT7B82FM91H.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/DM41LAI9EMGHS8H4HZJ77FCCKCK7UVQ8.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/EUUZEO531XZMSGOQ9Q6KW97Z29G7LHSL.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/PL9U5FK6WK69VZ3TK5D7VWUUL8NMOKVC.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/PUC19E6HAYSPCOH0TBJNZFWKS8KF6BMW.dex
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/0H1H7NOJT8Y0YW8QQLBD4A8A5UTXXQ1.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/262SS5OYLNDZ55F7QK2H71FQ3YUYFUO.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/27VNDHMTNICA0U248FTRAOU0BCJRZKN.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/2BV3DXYTB6W2KQM48BXZ6OM4NOF7RG7.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/3W0OY2FYG3LZLZJTPG6OJ5FP8HK4SL0.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/64MT8YLQU4W3BG6YZPO9UDTPYHQWZDF.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/68298EXQISGVVCAYFLS1QTL9ATMCBPZ.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/7PRETN2VZ150C53NGEDY7UMA3QVT0IS.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/7TRUT3EVNP5SW17NGQ1Q3AEEVMR9CES.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/8UGZESJ04YUDDE0CH3MN0BFFOJ0Q17L.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/8YWFE8VGSMUPXAKWXFQFWR7Z0VW6DJ5.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/93L0ZXCLHZ32YZHLY4ZK9804L413U8Y.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/9NLGZD4L5N3UIFLLYG3C5OSOXGDZ6KI.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/9ZLKZH0LTBJAY3XLY8VCD88K9S572WY.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/A4BQGF0826H1QOOHBMFWNNFK3KYLFXK.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/CHD5VFSJPKMWAK4EQDVL8E0U9A99DIP.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/DI2QGOXO6TR1BDX37602PF1VI7IQ2BI.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/DMIQG49OUHBTB913724ALVTFUJE6E7I.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/EBNR192T72KIWEIS83H7UCE4R4VZ78V.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/I4YXWAPQQ04JNK2MZHO1Y1LP2XQ8F53.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/I8EXWQHQEO4B7GMMFDC9UHDTE924RHN.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/JD3IHVYVJLD88PJBGI1Y7Y6EZ271S6G.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/KASNMOB0C6Y1PMS0HZ2NSZFVGN465N9.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/L7X4NP8L1JBAUJX9Y8NK9CK8HWDBMC6.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/NC08YM3YSF1N13ZTP42WN5N5G5O8G90.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/PAUU4WPOE1J17TXR76SALJDJAB6E6BQ.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/RWOKAABYK7XJ9B75POMWFH7P414CCTC.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/UKA5KMHQY88NZSUAZX41QP15U1A4J1R.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/WE4RQGRGWQ69LM8OHNQNS3FZWFGUXRX.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/XJ9CBL8LL3VMMV5XYCZC5K84HOLREGA.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/XN9SB10L9RFY6RPXYO3K10KOT0X7QSA.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/Z8WG6IVY0NPBDBRH9KYGVTNL8PS44PO.zip
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3PNYWZRMN189DCDAEH8BHT5ZZ4AFU5HH.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3PNYWZRMN189DCDAEH8BHT5ZZ4AFU5HH.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6110LHZCBW9O069B2TJ2VD1RKYXX25QB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6110LHZCBW9O069B2TJ2VD1RKYXX25QB.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6PJ0O9GM8X2EXH76GCHDTF8AH4NXNC3L.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6PJ0O9GM8X2EXH76GCHDTF8AH4NXNC3L.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BPJMKJNMZ1SXT8DI6XSV5TT7B82FM91H.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BPJMKJNMZ1SXT8DI6XSV5TT7B82FM91H.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CCGP0MBDR7LC2EEO3CC6EZH50VIXFRMN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CCGP0MBDR7LC2EEO3CC6EZH50VIXFRMN.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DM41LAI9EMGHS8H4HZJ77FCCKCK7UVQ8.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DM41LAI9EMGHS8H4HZJ77FCCKCK7UVQ8.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/EUUZEO531XZMSGOQ9Q6KW97Z29G7LHSL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/EUUZEO531XZMSGOQ9Q6KW97Z29G7LHSL.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GF7QJBPY5U7UQ0JHSB18X379AONBK741.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GF7QJBPY5U7UQ0JHSB18X379AONBK741.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/IO72P4KX5G78AV0TWY20II1GYIGRRQRZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/IO72P4KX5G78AV0TWY20II1GYIGRRQRZ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PL9U5FK6WK69VZ3TK5D7VWUUL8NMOKVC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PL9U5FK6WK69VZ3TK5D7VWUUL8NMOKVC.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PUC19E6HAYSPCOH0TBJNZFWKS8KF6BMW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PUC19E6HAYSPCOH0TBJNZFWKS8KF6BMW.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3PNYWZRMN189DCDAEH8BHT5ZZ4AFU5HH.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3PNYWZRMN189DCDAEH8BHT5ZZ4AFU5HH.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6110LHZCBW9O069B2TJ2VD1RKYXX25QB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6110LHZCBW9O069B2TJ2VD1RKYXX25QB.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6PJ0O9GM8X2EXH76GCHDTF8AH4NXNC3L.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6PJ0O9GM8X2EXH76GCHDTF8AH4NXNC3L.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BPJMKJNMZ1SXT8DI6XSV5TT7B82FM91H.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BPJMKJNMZ1SXT8DI6XSV5TT7B82FM91H.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CCGP0MBDR7LC2EEO3CC6EZH50VIXFRMN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CCGP0MBDR7LC2EEO3CC6EZH50VIXFRMN.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DM41LAI9EMGHS8H4HZJ77FCCKCK7UVQ8.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DM41LAI9EMGHS8H4HZJ77FCCKCK7UVQ8.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/EUUZEO531XZMSGOQ9Q6KW97Z29G7LHSL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/EUUZEO531XZMSGOQ9Q6KW97Z29G7LHSL.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GF7QJBPY5U7UQ0JHSB18X379AONBK741.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GF7QJBPY5U7UQ0JHSB18X379AONBK741.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/IO72P4KX5G78AV0TWY20II1GYIGRRQRZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/IO72P4KX5G78AV0TWY20II1GYIGRRQRZ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PL9U5FK6WK69VZ3TK5D7VWUUL8NMOKVC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PL9U5FK6WK69VZ3TK5D7VWUUL8NMOKVC.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PUC19E6HAYSPCOH0TBJNZFWKS8KF6BMW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PUC19E6HAYSPCOH0TBJNZFWKS8KF6BMW.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play