マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Android.Locker.18006

Added to the Dr.Web virus database: 2024-04-06

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Locker.1476.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(TLS/1.0) analy####.go####.com:443
  • TCP(TLS/1.0) u####.com:443
  • TCP(TLS/1.0) cdn1-sm####.ph####.com:443
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) 1####.250.150.138:443
  • TCP(TLS/1.0) o####.vk.com:443
  • TCP(TLS/1.0) s####.g.doublec####.net:443
  • TCP(TLS/1.0) cdn1d-s####.ph####.com:443
  • TCP(TLS/1.0) sto####.google####.com:443
  • TCP(TLS/1.0) sun####.use####.com:443
  • TCP(TLS/1.0) a####.vk.com:443
  • TCP(TLS/1.0) www.go####.ru:443
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) i####.vk.com:443
  • TCP(TLS/1.0) www.por####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) gmscomp####.google####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.2) gmscomp####.google####.com:443
  • UDP gmscomp####.google####.com:443
DNS requests:
  • a####.vk.com
  • analy####.go####.com
  • and####.a####.go####.com
  • and####.google####.com
  • cdn1-sm####.ph####.com
  • cdn1d-s####.ph####.com
  • connect####.gst####.com
  • ei.ph####.com
  • gmscomp####.google####.com
  • i####.vk.com
  • l####.vk.com
  • m####.traffic####.net
  • o####.vk.com
  • p####.google####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
  • s####.g.doublec####.net
  • ss.ph####.com
  • st####.vk.com
  • sto####.google####.com
  • sun####.use####.com
  • u####.com
  • www.go####.com
  • www.go####.ru
  • www.google####.com
  • www.google-####.com
  • www.googlet####.com
  • www.por####.com
File system changes:
Creates the following files:
  • /data/data/####/05a12c28ca27f870_0
  • /data/data/####/05a12c28ca27f870_1
  • /data/data/####/0717f0e7d9b6bbb6_0
  • /data/data/####/0717f0e7d9b6bbb6_1
  • /data/data/####/07487728143176b3_0
  • /data/data/####/0807c47a30652e7b_0
  • /data/data/####/090fad0c873b981c_0
  • /data/data/####/09ab1d1501ce7520_0
  • /data/data/####/09bfa46601a5244a_0
  • /data/data/####/0a515a94d6e6f6d0_0
  • /data/data/####/0b1c53134bc5f68e_0
  • /data/data/####/0e879012727a2d8e_0
  • /data/data/####/0ed87c86ec3e562d_0
  • /data/data/####/0f21be89940b28bc_0
  • /data/data/####/0f589023c51f4689_0
  • /data/data/####/0f8a23345729b293_0
  • /data/data/####/0f981f081ba8adac_0
  • /data/data/####/0fa0763c093cdc76_0
  • /data/data/####/0fecc5dfd83d3311_0
  • /data/data/####/11b1c916de05d58b_0
  • /data/data/####/11d75f4536d7ed49_0
  • /data/data/####/11e6d0c100ef6553_0
  • /data/data/####/11e6d0c100ef6553_1
  • /data/data/####/138ab0d5bd1d7bc4_0
  • /data/data/####/138ab0d5bd1d7bc4_1
  • /data/data/####/15fa4a6d4e196654_0
  • /data/data/####/192d4c1361b64c5a_0 (deleted)
  • /data/data/####/1be00088b87be474_0
  • /data/data/####/1c0e80c123207a10_0
  • /data/data/####/1c0e80c123207a10_1
  • /data/data/####/1c3cfd32e1942f7f_0
  • /data/data/####/1cee7b83026de50d_0
  • /data/data/####/1eecdf9f734db3fb_0
  • /data/data/####/1fda99d0c2eaf8cb_0
  • /data/data/####/1fda99d0c2eaf8cb_1
  • /data/data/####/2027d0247cc58d64_0
  • /data/data/####/24f845920b29c0dc_0
  • /data/data/####/24f845920b29c0dc_1
  • /data/data/####/26b86d013b30fc34_0
  • /data/data/####/272577471147083e_0
  • /data/data/####/28375c46d04fe2a7_0
  • /data/data/####/2940195bd9870d6e_0
  • /data/data/####/2940195bd9870d6e_1
  • /data/data/####/29f3003d38343837_0
  • /data/data/####/2a1ac2855cb07f3c_0
  • /data/data/####/2a65bf56368918c5_0
  • /data/data/####/2adc396b0b99405e_0
  • /data/data/####/2cc80dabc69f58b6_0
  • /data/data/####/2ccc4ed6eb6c5ca1_0 (deleted)
  • /data/data/####/2e761f694438a3a6_0
  • /data/data/####/2e9383ec27f895e8_0
  • /data/data/####/2e9383ec27f895e8_1
  • /data/data/####/2eff89cf426868c0_0
  • /data/data/####/3137766a723475b2_0 (deleted)
  • /data/data/####/321830c3cff71426_0
  • /data/data/####/32df37481f87cf70_0
  • /data/data/####/32f92f4cd6afaaec_0
  • /data/data/####/32f92f4cd6afaaec_1
  • /data/data/####/331f90a99c54505f_0
  • /data/data/####/342c8c02867dff65_0
  • /data/data/####/35ae26535c26a12c_0 (deleted)
  • /data/data/####/364a73326704d328_0
  • /data/data/####/368660fa523fd9c6_0
  • /data/data/####/368660fa523fd9c6_1
  • /data/data/####/3696f68521dc36bb_0
  • /data/data/####/384b56f0db6d4f55_0
  • /data/data/####/38c79b5de3fe7fb0_0
  • /data/data/####/3d9c4e31590805d7_0
  • /data/data/####/3ea4d78ea985ea67_0
  • /data/data/####/3ef26ff0418f5c91_0
  • /data/data/####/4087e7e9307a774a_0
  • /data/data/####/43a55f941e9f02fe_0
  • /data/data/####/4422724f8d12abb1_0 (deleted)
  • /data/data/####/461b605a9f07e4d2_0
  • /data/data/####/4992188ac9bc1f7e_0
  • /data/data/####/49d61508b2a6ff53_0
  • /data/data/####/4b3e174444a28cce_0
  • /data/data/####/4baac7b2158954a0_0
  • /data/data/####/4bbf41206aed89a5_0
  • /data/data/####/4cb013792b196a35_0
  • /data/data/####/4cb013792b196a35_1
  • /data/data/####/4d1853467bd3c613_0
  • /data/data/####/4d78141f39d6fcb2_0
  • /data/data/####/4ed0070704a56e97_0
  • /data/data/####/4f057a4ca64f3d30_0
  • /data/data/####/522d1b537156c004_0
  • /data/data/####/52bcd7719c4ecf5c_0
  • /data/data/####/53fdb9ef91ee52c9_0
  • /data/data/####/5450b611ddaa4814_0 (deleted)
  • /data/data/####/5675426d887a623d_0
  • /data/data/####/58246537f2bb0f4e_0
  • /data/data/####/58b30bc08e758eae_0
  • /data/data/####/590eec8ba18ccc54_0
  • /data/data/####/5acc3b423631e4ee_0
  • /data/data/####/5acc3b423631e4ee_1
  • /data/data/####/5cdf79a1bbfdca83_0
  • /data/data/####/5e7cf102bdf4bbbf_0
  • /data/data/####/5f5d8e139c6a1229_0
  • /data/data/####/5f9d9f0c65e6e628_0
  • /data/data/####/5faa4851139c32bc_0
  • /data/data/####/5ffed66a0195986f_0
  • /data/data/####/61a537e0025801b5_0
  • /data/data/####/61b5783d0e7357ce_0
  • /data/data/####/61b5783d0e7357ce_1
  • /data/data/####/62c7a4b13f61aac3_0
  • /data/data/####/63390d53f3084ba2_0
  • /data/data/####/63a7e1cb8b464d2d_0
  • /data/data/####/63f0cb676feb4152_0
  • /data/data/####/63f0cb676feb4152_1
  • /data/data/####/64cf3de1ccdc8cc7_0
  • /data/data/####/6666f0cae66ba4f2_0
  • /data/data/####/6683c06f38654fea_0
  • /data/data/####/66f53875ef135f74_0
  • /data/data/####/69947602d438398d_0
  • /data/data/####/69947602d438398d_1
  • /data/data/####/6b2828515ab6d691_0
  • /data/data/####/6b7c759402006f4b_0
  • /data/data/####/6c038cec37df7b5c_0
  • /data/data/####/6c0befc4c4fff08b_0
  • /data/data/####/6cb4fe3945b72f92_0
  • /data/data/####/6cb4fe3945b72f92_1
  • /data/data/####/6d2b1920660b91a3_0
  • /data/data/####/6d7830f0dc2e2b48_0
  • /data/data/####/6da0ab2b7b0d1b14_0
  • /data/data/####/6db33104af43e3f3_0
  • /data/data/####/6efd25b3e406ab8d_0
  • /data/data/####/704d2daec472ab78_0
  • /data/data/####/70844bf27b990cbc_0
  • /data/data/####/70a1db9cdfab417b_0 (deleted)
  • /data/data/####/70fc6d057ae6906b_0
  • /data/data/####/73e115625c5b2dad_0
  • /data/data/####/7575bef93b7f9f55_0
  • /data/data/####/75b9c5a161f3dfe5_0
  • /data/data/####/7688ad4166151327_0
  • /data/data/####/778881fd52152cad_0
  • /data/data/####/7a8bcadd4a4f807d_0
  • /data/data/####/7aae0742c0b030e3_0
  • /data/data/####/7ae874373ead469f_0
  • /data/data/####/7b13364cfbb87544_0
  • /data/data/####/7b69e576d4662f5a_0
  • /data/data/####/7c9c6c8b364893aa_0
  • /data/data/####/7ef6f6525932c01f_0
  • /data/data/####/7f257c5f1dca9fdd_0
  • /data/data/####/7fc243daff61d4bd_0
  • /data/data/####/80e07b933937a366_0
  • /data/data/####/82ab38f3fdc03709_0
  • /data/data/####/84814c1da95929a9_0
  • /data/data/####/8555d33f05907af2_0
  • /data/data/####/86942d3d88d8f251_0
  • /data/data/####/87cc6a50ffab8461_0 (deleted)
  • /data/data/####/8888bac454c36fa6_0
  • /data/data/####/8888bac454c36fa6_1
  • /data/data/####/8e6622e91ba9e657_0
  • /data/data/####/8e81b8ce9036d9cd_0
  • /data/data/####/8ee3afeba688a847_0
  • /data/data/####/8ee3afeba688a847_1
  • /data/data/####/8f2c132af19eb8d6_0
  • /data/data/####/919546e83a1e7883_0
  • /data/data/####/93b192dd5d17f87d_0
  • /data/data/####/9402ef73a016ffbb_0
  • /data/data/####/953d66bede82a1b9_0
  • /data/data/####/95cae56d052c205b_0
  • /data/data/####/96145e55af38c07c_0
  • /data/data/####/97d8928f5a8e8521_0
  • /data/data/####/9899962207adae2c_0
  • /data/data/####/9a9aca5501cdda17_0
  • /data/data/####/9b623059d6242c40_0
  • /data/data/####/9b8efb37772490b9_0
  • /data/data/####/9c69027e25fc542c_0
  • /data/data/####/9caf89cc190e65ea_0
  • /data/data/####/9cb0fdb300c0f48b_0
  • /data/data/####/9dbd60f51b0e3f52_0
  • /data/data/####/9debadc9b7b69ebf_0
  • /data/data/####/9ed80db94e551edc_0
  • /data/data/####/9ee08d0163cd1c48_0
  • /data/data/####/9f0973716afeb605_0
  • /data/data/####/9f2595f8f7b6b3c5_0
  • /data/data/####/9f373fdc63d9084a_0
  • /data/data/####/9f51836c2876d2d6_0
  • /data/data/####/9fee0448286141e3_0
  • /data/data/####/CURRENT
  • /data/data/####/Cookies-journal
  • /data/data/####/Databases.db-journal
  • /data/data/####/MANIFEST-000001
  • /data/data/####/MmWpHCp.dex
  • /data/data/####/MmWpHCp.dex.flock (deleted)
  • /data/data/####/QuotaManager-journal
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a1a0eb390b604316_0
  • /data/data/####/a1a0eb390b604316_1
  • /data/data/####/a3170afe6b9949b1_0
  • /data/data/####/a5360b77411f87ea_0
  • /data/data/####/a55313f7781ba2d3_0
  • /data/data/####/a55313f7781ba2d3_1
  • /data/data/####/a599221681d6ffcb_0
  • /data/data/####/a6c18a6a6339e7e7_0
  • /data/data/####/a6c18a6a6339e7e7_1
  • /data/data/####/a728794b4e7e433e_0
  • /data/data/####/a7a723c9614953a2_0
  • /data/data/####/a97da596e5214df1_0
  • /data/data/####/a9c3fdb0dbe80f7a_0
  • /data/data/####/a9caaab9c38a2f0d_0
  • /data/data/####/a9ee978327dbad58_0
  • /data/data/####/a9fb05ac05a9f2cb_0
  • /data/data/####/aaa7fedf892884bb_0
  • /data/data/####/ab4174fa50572de9_0
  • /data/data/####/abf2679fc0e34815_0
  • /data/data/####/aca2dd426caf1d36_0
  • /data/data/####/ace59b3e04c55acb_0
  • /data/data/####/acf7e21b5a01a8eb_0
  • /data/data/####/adc163792d97aadd_0
  • /data/data/####/aeafe34adc808330_0
  • /data/data/####/aeafe34adc808330_1
  • /data/data/####/af919629b21e1413_0
  • /data/data/####/af919629b21e1413_1
  • /data/data/####/b55b4aaf126a3aec_0
  • /data/data/####/b5f0ec675a665b30_0
  • /data/data/####/b6005ed34a8f2253_0
  • /data/data/####/b6f84a08ca3fd6b7_0
  • /data/data/####/b74749fc79f3699a_0
  • /data/data/####/b7bda711931af62b_0
  • /data/data/####/b9a8ba0d04b904de_0
  • /data/data/####/bcf4930b830e15d7_0
  • /data/data/####/be97427b03d8575a_0
  • /data/data/####/bf4343bf9c2135ec_0
  • /data/data/####/bfac1c83d1900353_0
  • /data/data/####/bfac949b9fa02083_0
  • /data/data/####/c021d04f36487967_0
  • /data/data/####/c12a494fb7b97a12_0
  • /data/data/####/c1342ddef36eb86f_0
  • /data/data/####/c1e9d7cd162720f5_0
  • /data/data/####/c1ed36f37b1e87de_0 (deleted)
  • /data/data/####/c297939c8061922f_0
  • /data/data/####/c2d5f34c7bdeaf79_0
  • /data/data/####/c37aa5ce3cf69bb6_0
  • /data/data/####/c3acf246d8aa291f_0
  • /data/data/####/c8efeb5863309bea_0
  • /data/data/####/ca7d520125763a9a_0
  • /data/data/####/cc1385f78a89e78e_0
  • /data/data/####/ccb6ae163afebfc0_0
  • /data/data/####/com.sliaaj_preferences.xml
  • /data/data/####/d0df4a293c0cbea7_0
  • /data/data/####/d0df4a293c0cbea7_1
  • /data/data/####/d12729d6a4feb1ce_0
  • /data/data/####/d646c4e5a2117ec8_0
  • /data/data/####/d65e684a6fd0120c_0
  • /data/data/####/d938c04929f9e8b3_0
  • /data/data/####/d9d90e535fde4ac5_0
  • /data/data/####/d9f83d41686936da_0
  • /data/data/####/da024cf13acbae02_0
  • /data/data/####/da59b8428ebac663_0
  • /data/data/####/db11914c6e4f649d_0
  • /data/data/####/db67a5a6287a79af_0
  • /data/data/####/dc8c9ed54dac0ed2_0
  • /data/data/####/dc8c9ed54dac0ed2_1
  • /data/data/####/dd1fc87047563d48_0
  • /data/data/####/ded7949f27c0ec55_0
  • /data/data/####/df1813c1ffb088d8_0
  • /data/data/####/df9708662811a76c_0
  • /data/data/####/e04ecf0bca57320a_0
  • /data/data/####/e09cdf71b19b55e8_0
  • /data/data/####/e0b30f9007cdcd9a_0
  • /data/data/####/e0bc0485b8baee67_0
  • /data/data/####/e2539e532f7a7028_0
  • /data/data/####/e26ee91a65ad2c45_0
  • /data/data/####/e2db5509977d09bb_0
  • /data/data/####/e2db5509977d09bb_1
  • /data/data/####/e40b4fefcc7a5fad_0
  • /data/data/####/e40b4fefcc7a5fad_1
  • /data/data/####/e833af0d5d78ae38_0
  • /data/data/####/e96956d50ad6242b_0
  • /data/data/####/e9b43defd8e12e95_0
  • /data/data/####/ea48f7b815c9859f_0
  • /data/data/####/ea48f7b815c9859f_1
  • /data/data/####/ea645ba6f63bdd1a_0
  • /data/data/####/ebec6b805743409c_0
  • /data/data/####/ed9740e982709b5f_0
  • /data/data/####/ee0d37dc33022ba4_0
  • /data/data/####/ef81fcef21ec6c33_0
  • /data/data/####/effd37cf07a9b470_0 (deleted)
  • /data/data/####/f1a0696347a2a23c_0
  • /data/data/####/f441bd1565be33de_0
  • /data/data/####/f580ce48f526c6fe_0
  • /data/data/####/f5fa9c6556e1c73b_0
  • /data/data/####/f5fa9c6556e1c73b_1
  • /data/data/####/f66190232104951a_0
  • /data/data/####/f66190232104951a_1
  • /data/data/####/f72ee62339c72e8a_0
  • /data/data/####/f9d0e6498978d551_0
  • /data/data/####/fa6024b41efb01bf_0
  • /data/data/####/fb1007ebe040e753_0
  • /data/data/####/fbd3ba0341e0b989_0
  • /data/data/####/fd3e54572323586b_0
  • /data/data/####/index
  • /data/data/####/metrics_guid
  • /data/data/####/oLxxPigyoWZQeu.dex
  • /data/data/####/oLxxPigyoWZQeu.dex.flock (deleted)
  • /data/data/####/temp-index
  • /data/data/####/the-real-index
  • /data/data/####/zvBLKhNfSCzKxD.dex
  • /data/data/####/zvBLKhNfSCzKxD.dex.flock (deleted)
  • /data/misc/####/primary.prof
Miscellaneous:
Gets information about network.
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android