ユーザー向け情報

マイライブラリ
マイライブラリ

マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Android.BankBot.TgToxic.51

Added to the Dr.Web virus database: 2023-11-12

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) 1####.194.73.94:80
  • TCP(TLS/1.0) rr18---####.g####.com:443
  • TCP(TLS/1.0) gmscomp####.google####.com:443
  • TCP(TLS/1.0) pla####.google####.com:443
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) 1####.194.73.94:443
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.2) 1####.194.73.94:443
  • TCP(TLS/1.2) 1####.194.73.103:443
  • TCP(TLS/1.2) p####.google####.com:443
  • UDP p####.google####.com:443
DNS requests:
  • and####.a####.go####.com
  • and####.google####.com
  • gmscomp####.google####.com
  • m####.go####.com
  • p####.google####.com
  • pla####.google####.com
  • rr18---####.g####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
File system changes:
Creates the following files:
  • /data/com.wzfams.nmoxslvg/####/Q43ATW09P8702FOL46MSQYH4QU8RJERR.dex
  • /data/data/####/.com_wzfams_nmoxslvg.meta
  • /data/data/####/150035
  • /data/data/####/19
  • /data/data/####/2023-11-12AM093931.rt
  • /data/data/####/2023-11-12AM093931.str
  • /data/data/####/2023-11-12AM093938.so.rt
  • /data/data/####/2023-11-12AM093946.so.rt
  • /data/data/####/2023-11-12AM093953.so.rt
  • /data/data/####/2023-11-12AM094000.so.rt
  • /data/data/####/2023-11-12AM094007.so.rt
  • /data/data/####/2023-11-12AM094014.so.rt
  • /data/data/####/2023-11-12AM094021.so.rt
  • /data/data/####/2023-11-12AM094028.so.rt
  • /data/data/####/2023-11-12AM094035.so.rt
  • /data/data/####/2023-11-12AM094042.so.rt
  • /data/data/####/250035
  • /data/data/####/29
  • /data/data/####/31c15affbbae818f57de5a1ae91d4eb3ts99nb.hgnx
  • /data/data/####/31c15affbbae818f57de5a1ae91d4eb3ts99nb.hgnx (deleted)
  • /data/data/####/54CVWOIFIZ87N10EPKU9QW4QN1SK9C9U.dex
  • /data/data/####/6KE1JMED2WJGCNOT58VUSWW2U716LKWC.dex
  • /data/data/####/6KE1JMED2WJGCNOT58VUSWW2U716LKWC.dex.flock (deleted)
  • /data/data/####/74QZVC4F0OYB2I3IFLDH55AIAAQH0TG2.dex
  • /data/data/####/78CGUYZI0R57HZB11KA0FHVTKDCCO50.dex (deleted)
  • /data/data/####/78CGUYZI0R57HZB11KA0FHVTKDCCO50.dex.flock (deleted)
  • /data/data/####/78CGUYZI0R57HZB11KA0FHVTKDCCO50.zip
  • /data/data/####/80G14UBHNZ1KIYQOZ88EEZTX4R293RUR.dex
  • /data/data/####/8X1HFJSNTSEC2KCQILNXOYGIHYTPH6D.dex
  • /data/data/####/8X1HFJSNTSEC2KCQILNXOYGIHYTPH6D.dex (deleted)
  • /data/data/####/8X1HFJSNTSEC2KCQILNXOYGIHYTPH6D.dex.flock (deleted)
  • /data/data/####/8X1HFJSNTSEC2KCQILNXOYGIHYTPH6D.zip
  • /data/data/####/CBPQY7QO2FGOVV98UQZVBXY8FIH3LETB.dex
  • /data/data/####/EK2TGE5UU8WZF4AYRPGDE11XA5AO39B.dex (deleted)
  • /data/data/####/EK2TGE5UU8WZF4AYRPGDE11XA5AO39B.dex.flock (deleted)
  • /data/data/####/EK2TGE5UU8WZF4AYRPGDE11XA5AO39B.zip
  • /data/data/####/FIU5Y6CHG1U913Q0JYSVGMIS1ZQY7MN8.dex
  • /data/data/####/FIU5Y6CHG1U913Q0JYSVGMIS1ZQY7MN8.dex.flock (deleted)
  • /data/data/####/G0CP8E7HZZ58YUQWROSY2ZH50VU9VFYR.dex
  • /data/data/####/G0CP8E7HZZ58YUQWROSY2ZH50VU9VFYR.dex.flock (deleted)
  • /data/data/####/GMSRPGW7C6D661QJ72DSA664OXBSNEIY.dex
  • /data/data/####/GMSRPGW7C6D661QJ72DSA664OXBSNEIY.dex.flock (deleted)
  • /data/data/####/HNADGVNKCJAR16R4N15R9P8B95BQYHE2.dex
  • /data/data/####/HRQPSNR4WNIRT2ZC7H1JX9W7DLNIA5UY.dex
  • /data/data/####/HRQPSNR4WNIRT2ZC7H1JX9W7DLNIA5UY.dex.flock (deleted)
  • /data/data/####/HTPA5ZKE4C6LF7RP4HX33CUMDKRUGW34.dex
  • /data/data/####/HTPA5ZKE4C6LF7RP4HX33CUMDKRUGW34.dex.flock (deleted)
  • /data/data/####/HWKVKS67YB4F7H0A1WUPIW4EBXCCLSP2.dex
  • /data/data/####/HWKVKS67YB4F7H0A1WUPIW4EBXCCLSP2.dex.flock (deleted)
  • /data/data/####/IECPkgStoreInfo
  • /data/data/####/IJJ3H5AX324Y8I6GKBHBU8I4R8RBRWB.dex (deleted)
  • /data/data/####/IJJ3H5AX324Y8I6GKBHBU8I4R8RBRWB.dex.flock (deleted)
  • /data/data/####/IJJ3H5AX324Y8I6GKBHBU8I4R8RBRWB.zip
  • /data/data/####/J5G7MHXEMD49NO12LB3T7R6DRJ5S4R40.dex
  • /data/data/####/J5G7MHXEMD49NO12LB3T7R6DRJ5S4R40.dex.flock (deleted)
  • /data/data/####/JH0VUP9U2TW9BCTUHF71JNI133T083O4.dex
  • /data/data/####/JH0VUP9U2TW9BCTUHF71JNI133T083O4.dex.flock (deleted)
  • /data/data/####/JSO4IQ3IWND3T37P1CU8J5NTOTSO4XO.dex
  • /data/data/####/JSO4IQ3IWND3T37P1CU8J5NTOTSO4XO.dex.flock (deleted)
  • /data/data/####/JSO4IQ3IWND3T37P1CU8J5NTOTSO4XO.zip
  • /data/data/####/KHT53VWNPO2SE8OEID7PS28ILE9HXY1.dex
  • /data/data/####/KHT53VWNPO2SE8OEID7PS28ILE9HXY1.dex (deleted)
  • /data/data/####/KHT53VWNPO2SE8OEID7PS28ILE9HXY1.dex.flock (deleted)
  • /data/data/####/KHT53VWNPO2SE8OEID7PS28ILE9HXY1.zip
  • /data/data/####/LO2BFGJ9V0PD48EH7ZK442Z5SR2CUNQ4.dex
  • /data/data/####/MX9SLD34JCL44MLZ6LBMZ9TN82H52HI7.dex
  • /data/data/####/MX9SLD34JCL44MLZ6LBMZ9TN82H52HI7.dex.flock (deleted)
  • /data/data/####/N2CTTA5J5QRVYEG7LTMEUKPB6P0M49G6.dex
  • /data/data/####/N2CTTA5J5QRVYEG7LTMEUKPB6P0M49G6.dex.flock (deleted)
  • /data/data/####/O64VIGNK4I21LIO89FARKB3JKV8ATZ9.dex (deleted)
  • /data/data/####/O64VIGNK4I21LIO89FARKB3JKV8ATZ9.dex.flock (deleted)
  • /data/data/####/O64VIGNK4I21LIO89FARKB3JKV8ATZ9.zip
  • /data/data/####/OADSFMEZZYLIS9MVQCKIG07ECWAHPSHP.dex
  • /data/data/####/OBZY7ZXAHMVAQ0VTOJDWHJF9203JWNK1.dex
  • /data/data/####/OXNWK1P4H1B8ZJO3W2UUEIZZVBF2DIPF.dex
  • /data/data/####/OXNWK1P4H1B8ZJO3W2UUEIZZVBF2DIPF.dex.flock (deleted)
  • /data/data/####/PBP4EXP09JURF23483M1FJ75PAKLGBJJ.dex
  • /data/data/####/PTLYTJGEGCQ9FJRXWDHNRCIAPOJU807K.dex
  • /data/data/####/PTLYTJGEGCQ9FJRXWDHNRCIAPOJU807K.dex.flock (deleted)
  • /data/data/####/Q0NYH4W554Z0A3GD0AQ02UT8MEWZNQBV.dex
  • /data/data/####/Q0NYH4W554Z0A3GD0AQ02UT8MEWZNQBV.dex.flock (deleted)
  • /data/data/####/Q2QVY85B99ZYCOCMTIQGKPR7ULKFDT0D.dex
  • /data/data/####/Q43ATW09P8702FOL46MSQYH4QU8RJERR.dex
  • /data/data/####/RA2PMA09WX6HLJQWVQSB8M2G9BAQJMJG.dex
  • /data/data/####/RA2PMA09WX6HLJQWVQSB8M2G9BAQJMJG.dex.flock (deleted)
  • /data/data/####/RRB4Z5M4EMCVLD5FM3F51240JA1OYIHI.dex
  • /data/data/####/RRB4Z5M4EMCVLD5FM3F51240JA1OYIHI.dex.flock (deleted)
  • /data/data/####/TUQ6KCLS6DJ5JHLFJ24MPFPZYJQAUN6.dex (deleted)
  • /data/data/####/TUQ6KCLS6DJ5JHLFJ24MPFPZYJQAUN6.dex.flock (deleted)
  • /data/data/####/TUQ6KCLS6DJ5JHLFJ24MPFPZYJQAUN6.zip
  • /data/data/####/U3V7LXEXZYSUKM24K3HJYWAOVORN7OZ.dex (deleted)
  • /data/data/####/U3V7LXEXZYSUKM24K3HJYWAOVORN7OZ.dex.flock (deleted)
  • /data/data/####/U3V7LXEXZYSUKM24K3HJYWAOVORN7OZ.zip
  • /data/data/####/XMUECCHSAHZ5RLXRJUGM979NANEQEF2.dex (deleted)
  • /data/data/####/XMUECCHSAHZ5RLXRJUGM979NANEQEF2.dex.flock (deleted)
  • /data/data/####/XMUECCHSAHZ5RLXRJUGM979NANEQEF2.zip
  • /data/data/####/YPHS9HRCZOHC42LFIXBIR9TBGY1XEHEV.dex
  • /data/data/####/YV5QMJJ6FNDADLEPQGSG48X19PDGBSJT.dex
  • /data/data/####/YV5QMJJ6FNDADLEPQGSG48X19PDGBSJT.dex.flock (deleted)
  • /data/data/####/YY2VY0T7XP7E444YHEQGCPJBA1S31X85.dex
  • /data/data/####/ZHRILNYZNT1SW1JNS6H2F2AURQ79GQK.dex
  • /data/data/####/ZHRILNYZNT1SW1JNS6H2F2AURQ79GQK.dex.flock (deleted)
  • /data/data/####/ZHRILNYZNT1SW1JNS6H2F2AURQ79GQK.zip
  • /data/data/####/ZR7S3PI4Q2W31PPNEJZPP2S8VYTO66LY.dex
  • /data/data/####/com.android.launcher3.prefs.xml
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/proc_auxv
  • /data/data/####/sealeh.bdc
  • /data/data/####/spUtils.xml
  • /data/data/####/working
Miscellaneous:
Executes the following shell scripts:
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/78CGUYZI0R57HZB11KA0FHVTKDCCO50.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/8X1HFJSNTSEC2KCQILNXOYGIHYTPH6D.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/EK2TGE5UU8WZF4AYRPGDE11XA5AO39B.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/KHT53VWNPO2SE8OEID7PS28ILE9HXY1.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/U3V7LXEXZYSUKM24K3HJYWAOVORN7OZ.zip
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/54CVWOIFIZ87N10EPKU9QW4QN1SK9C9U.dex --oat-file=/data/user/0/<Package>/cache/<Package>/54CVWOIFIZ87N10EPKU9QW4QN1SK9C9U.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6KE1JMED2WJGCNOT58VUSWW2U716LKWC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6KE1JMED2WJGCNOT58VUSWW2U716LKWC.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/74QZVC4F0OYB2I3IFLDH55AIAAQH0TG2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/74QZVC4F0OYB2I3IFLDH55AIAAQH0TG2.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/80G14UBHNZ1KIYQOZ88EEZTX4R293RUR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/80G14UBHNZ1KIYQOZ88EEZTX4R293RUR.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CBPQY7QO2FGOVV98UQZVBXY8FIH3LETB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CBPQY7QO2FGOVV98UQZVBXY8FIH3LETB.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FIU5Y6CHG1U913Q0JYSVGMIS1ZQY7MN8.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FIU5Y6CHG1U913Q0JYSVGMIS1ZQY7MN8.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/G0CP8E7HZZ58YUQWROSY2ZH50VU9VFYR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/G0CP8E7HZZ58YUQWROSY2ZH50VU9VFYR.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GMSRPGW7C6D661QJ72DSA664OXBSNEIY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GMSRPGW7C6D661QJ72DSA664OXBSNEIY.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HNADGVNKCJAR16R4N15R9P8B95BQYHE2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HNADGVNKCJAR16R4N15R9P8B95BQYHE2.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HRQPSNR4WNIRT2ZC7H1JX9W7DLNIA5UY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HRQPSNR4WNIRT2ZC7H1JX9W7DLNIA5UY.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HTPA5ZKE4C6LF7RP4HX33CUMDKRUGW34.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HTPA5ZKE4C6LF7RP4HX33CUMDKRUGW34.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HWKVKS67YB4F7H0A1WUPIW4EBXCCLSP2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HWKVKS67YB4F7H0A1WUPIW4EBXCCLSP2.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/J5G7MHXEMD49NO12LB3T7R6DRJ5S4R40.dex --oat-file=/data/user/0/<Package>/cache/<Package>/J5G7MHXEMD49NO12LB3T7R6DRJ5S4R40.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/JH0VUP9U2TW9BCTUHF71JNI133T083O4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/JH0VUP9U2TW9BCTUHF71JNI133T083O4.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/LO2BFGJ9V0PD48EH7ZK442Z5SR2CUNQ4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/LO2BFGJ9V0PD48EH7ZK442Z5SR2CUNQ4.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MX9SLD34JCL44MLZ6LBMZ9TN82H52HI7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MX9SLD34JCL44MLZ6LBMZ9TN82H52HI7.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/N2CTTA5J5QRVYEG7LTMEUKPB6P0M49G6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/N2CTTA5J5QRVYEG7LTMEUKPB6P0M49G6.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OADSFMEZZYLIS9MVQCKIG07ECWAHPSHP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OADSFMEZZYLIS9MVQCKIG07ECWAHPSHP.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OBZY7ZXAHMVAQ0VTOJDWHJF9203JWNK1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OBZY7ZXAHMVAQ0VTOJDWHJF9203JWNK1.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OXNWK1P4H1B8ZJO3W2UUEIZZVBF2DIPF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OXNWK1P4H1B8ZJO3W2UUEIZZVBF2DIPF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PBP4EXP09JURF23483M1FJ75PAKLGBJJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PBP4EXP09JURF23483M1FJ75PAKLGBJJ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PTLYTJGEGCQ9FJRXWDHNRCIAPOJU807K.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PTLYTJGEGCQ9FJRXWDHNRCIAPOJU807K.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Q0NYH4W554Z0A3GD0AQ02UT8MEWZNQBV.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Q0NYH4W554Z0A3GD0AQ02UT8MEWZNQBV.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Q2QVY85B99ZYCOCMTIQGKPR7ULKFDT0D.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Q2QVY85B99ZYCOCMTIQGKPR7ULKFDT0D.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Q43ATW09P8702FOL46MSQYH4QU8RJERR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Q43ATW09P8702FOL46MSQYH4QU8RJERR.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RA2PMA09WX6HLJQWVQSB8M2G9BAQJMJG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RA2PMA09WX6HLJQWVQSB8M2G9BAQJMJG.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RRB4Z5M4EMCVLD5FM3F51240JA1OYIHI.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RRB4Z5M4EMCVLD5FM3F51240JA1OYIHI.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YPHS9HRCZOHC42LFIXBIR9TBGY1XEHEV.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YPHS9HRCZOHC42LFIXBIR9TBGY1XEHEV.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YV5QMJJ6FNDADLEPQGSG48X19PDGBSJT.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YV5QMJJ6FNDADLEPQGSG48X19PDGBSJT.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YY2VY0T7XP7E444YHEQGCPJBA1S31X85.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YY2VY0T7XP7E444YHEQGCPJBA1S31X85.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ZR7S3PI4Q2W31PPNEJZPP2S8VYTO66LY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ZR7S3PI4Q2W31PPNEJZPP2S8VYTO66LY.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/54CVWOIFIZ87N10EPKU9QW4QN1SK9C9U.dex --oat-file=/data/user/0/<Package>/cache/<Package>/54CVWOIFIZ87N10EPKU9QW4QN1SK9C9U.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6KE1JMED2WJGCNOT58VUSWW2U716LKWC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6KE1JMED2WJGCNOT58VUSWW2U716LKWC.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/74QZVC4F0OYB2I3IFLDH55AIAAQH0TG2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/74QZVC4F0OYB2I3IFLDH55AIAAQH0TG2.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/80G14UBHNZ1KIYQOZ88EEZTX4R293RUR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/80G14UBHNZ1KIYQOZ88EEZTX4R293RUR.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CBPQY7QO2FGOVV98UQZVBXY8FIH3LETB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CBPQY7QO2FGOVV98UQZVBXY8FIH3LETB.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FIU5Y6CHG1U913Q0JYSVGMIS1ZQY7MN8.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FIU5Y6CHG1U913Q0JYSVGMIS1ZQY7MN8.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/G0CP8E7HZZ58YUQWROSY2ZH50VU9VFYR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/G0CP8E7HZZ58YUQWROSY2ZH50VU9VFYR.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GMSRPGW7C6D661QJ72DSA664OXBSNEIY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GMSRPGW7C6D661QJ72DSA664OXBSNEIY.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HNADGVNKCJAR16R4N15R9P8B95BQYHE2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HNADGVNKCJAR16R4N15R9P8B95BQYHE2.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HRQPSNR4WNIRT2ZC7H1JX9W7DLNIA5UY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HRQPSNR4WNIRT2ZC7H1JX9W7DLNIA5UY.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HTPA5ZKE4C6LF7RP4HX33CUMDKRUGW34.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HTPA5ZKE4C6LF7RP4HX33CUMDKRUGW34.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HWKVKS67YB4F7H0A1WUPIW4EBXCCLSP2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HWKVKS67YB4F7H0A1WUPIW4EBXCCLSP2.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/J5G7MHXEMD49NO12LB3T7R6DRJ5S4R40.dex --oat-file=/data/user/0/<Package>/cache/<Package>/J5G7MHXEMD49NO12LB3T7R6DRJ5S4R40.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/JH0VUP9U2TW9BCTUHF71JNI133T083O4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/JH0VUP9U2TW9BCTUHF71JNI133T083O4.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/LO2BFGJ9V0PD48EH7ZK442Z5SR2CUNQ4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/LO2BFGJ9V0PD48EH7ZK442Z5SR2CUNQ4.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MX9SLD34JCL44MLZ6LBMZ9TN82H52HI7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MX9SLD34JCL44MLZ6LBMZ9TN82H52HI7.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/N2CTTA5J5QRVYEG7LTMEUKPB6P0M49G6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/N2CTTA5J5QRVYEG7LTMEUKPB6P0M49G6.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OADSFMEZZYLIS9MVQCKIG07ECWAHPSHP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OADSFMEZZYLIS9MVQCKIG07ECWAHPSHP.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OBZY7ZXAHMVAQ0VTOJDWHJF9203JWNK1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OBZY7ZXAHMVAQ0VTOJDWHJF9203JWNK1.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/OXNWK1P4H1B8ZJO3W2UUEIZZVBF2DIPF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/OXNWK1P4H1B8ZJO3W2UUEIZZVBF2DIPF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PBP4EXP09JURF23483M1FJ75PAKLGBJJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PBP4EXP09JURF23483M1FJ75PAKLGBJJ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PTLYTJGEGCQ9FJRXWDHNRCIAPOJU807K.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PTLYTJGEGCQ9FJRXWDHNRCIAPOJU807K.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Q0NYH4W554Z0A3GD0AQ02UT8MEWZNQBV.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Q0NYH4W554Z0A3GD0AQ02UT8MEWZNQBV.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Q2QVY85B99ZYCOCMTIQGKPR7ULKFDT0D.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Q2QVY85B99ZYCOCMTIQGKPR7ULKFDT0D.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Q43ATW09P8702FOL46MSQYH4QU8RJERR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Q43ATW09P8702FOL46MSQYH4QU8RJERR.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RA2PMA09WX6HLJQWVQSB8M2G9BAQJMJG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RA2PMA09WX6HLJQWVQSB8M2G9BAQJMJG.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RRB4Z5M4EMCVLD5FM3F51240JA1OYIHI.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RRB4Z5M4EMCVLD5FM3F51240JA1OYIHI.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YPHS9HRCZOHC42LFIXBIR9TBGY1XEHEV.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YPHS9HRCZOHC42LFIXBIR9TBGY1XEHEV.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YV5QMJJ6FNDADLEPQGSG48X19PDGBSJT.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YV5QMJJ6FNDADLEPQGSG48X19PDGBSJT.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YY2VY0T7XP7E444YHEQGCPJBA1S31X85.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YY2VY0T7XP7E444YHEQGCPJBA1S31X85.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ZR7S3PI4Q2W31PPNEJZPP2S8VYTO66LY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ZR7S3PI4Q2W31PPNEJZPP2S8VYTO66LY.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play