用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Android.BankBot.TgToxic.47

Added to the Dr.Web virus database: 2023-11-04

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) connect####.gst####.com:80
  • TCP(TLS/1.0) rr13---####.g####.com:443
  • TCP(TLS/1.0) 2####.85.233.95:443
  • TCP(TLS/1.0) 1####.194.221.95:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) www.google####.com:443
  • TCP(TLS/1.2) 74.1####.205.139:443
  • TCP(TLS/1.2) 64.2####.162.103:443
  • TCP(TLS/1.2) 64.2####.163.95:443
DNS requests:
  • connect####.gst####.com
  • m####.go####.com
  • rr13---####.g####.com
  • www.google####.com
File system changes:
Creates the following files:
  • /data/data/####/.com_iwhejn_juytpoac.meta
  • /data/data/####/0258E5QQO83ZS26F54HA511MDYC3HRA.dex (deleted)
  • /data/data/####/0258E5QQO83ZS26F54HA511MDYC3HRA.dex.flock (deleted)
  • /data/data/####/0258E5QQO83ZS26F54HA511MDYC3HRA.zip
  • /data/data/####/0YC7U4RGWA6HL2KKX7UV8Z7FG3GI9JH.dex (deleted)
  • /data/data/####/0YC7U4RGWA6HL2KKX7UV8Z7FG3GI9JH.dex.flock (deleted)
  • /data/data/####/0YC7U4RGWA6HL2KKX7UV8Z7FG3GI9JH.zip
  • /data/data/####/150035
  • /data/data/####/19
  • /data/data/####/1RUP07BG4VYJ127C311FLLKRPHF6U9E6.dex
  • /data/data/####/1ZHSQ15W1BYNF27C4F6L333T1MWLGRBZ.dex
  • /data/data/####/2023-11-04PM024127.rt
  • /data/data/####/2023-11-04PM024127.str
  • /data/data/####/2023-11-04PM024135.so.rt
  • /data/data/####/2023-11-04PM024142.so.rt
  • /data/data/####/2023-11-04PM024149.so.rt
  • /data/data/####/2023-11-04PM024156.so.rt
  • /data/data/####/2023-11-04PM024203.so.rt
  • /data/data/####/2023-11-04PM024210.so.rt
  • /data/data/####/2023-11-04PM024220.so.rt
  • /data/data/####/2023-11-04PM024226.so.rt
  • /data/data/####/2023-11-04PM024233.so.rt
  • /data/data/####/2023-11-04PM024241.so.rt
  • /data/data/####/250035
  • /data/data/####/29
  • /data/data/####/2F9QMR323V1291ALUCGC885H9H9O3KF1.dex
  • /data/data/####/304SQMJESJ93HZ7D5CU4N5ZPGLKK4P8.dex (deleted)
  • /data/data/####/304SQMJESJ93HZ7D5CU4N5ZPGLKK4P8.dex.flock (deleted)
  • /data/data/####/304SQMJESJ93HZ7D5CU4N5ZPGLKK4P8.zip
  • /data/data/####/31FACBRQFLO5TKPUETKZHTP7Z8E7QHT5.dex
  • /data/data/####/3A0TTQXBXIJN2MKR9PIAIWDZQPCQ450A.dex
  • /data/data/####/3MYPYUWXK9Y1X32W3UGRK6AO1RM6ZEJ0.dex
  • /data/data/####/3MYPYUWXK9Y1X32W3UGRK6AO1RM6ZEJ0.dex.flock (deleted)
  • /data/data/####/5MYIG05OYPNLJ1HR7U8QX3TVARYIA7U.dex (deleted)
  • /data/data/####/5MYIG05OYPNLJ1HR7U8QX3TVARYIA7U.dex.flock (deleted)
  • /data/data/####/5MYIG05OYPNLJ1HR7U8QX3TVARYIA7U.zip
  • /data/data/####/5S6NZC757CD5O4EP7Z0CGYR1S3MSAVQ8.dex
  • /data/data/####/6LLWDPZWZK98SMXZA1V6B9XV82TDMTIF.dex
  • /data/data/####/8EH4ZY2VBU9AS523QCGQSWJUCOUX50HT.dex
  • /data/data/####/8EH4ZY2VBU9AS523QCGQSWJUCOUX50HT.dex.flock (deleted)
  • /data/data/####/8LZKCD5CHTZCNJ03KIEEQY37VBRAXUPN.dex
  • /data/data/####/8ZBMZBD2HUJEY0NTSZDGDJJH20FRGZKP.dex
  • /data/data/####/8ZBMZBD2HUJEY0NTSZDGDJJH20FRGZKP.dex.flock (deleted)
  • /data/data/####/9THYXJCQ04AXNRRX0H5BZW2IPO72GWBS.dex
  • /data/data/####/9THYXJCQ04AXNRRX0H5BZW2IPO72GWBS.dex.flock (deleted)
  • /data/data/####/A4RA1GK1HGNSAFW50AMOEQLOMQ0F3IBZ.dex
  • /data/data/####/AMUJA4935HBQ448QDAAG09FZ2D43LD0L.dex
  • /data/data/####/AMUJA4935HBQ448QDAAG09FZ2D43LD0L.dex.flock (deleted)
  • /data/data/####/BFZGZTY0YUKF1PTFQVJPDM4W7A5OQMTE.dex
  • /data/data/####/BTJUHB2VZ558W1FJWY16NQEANEFHWAS.dex (deleted)
  • /data/data/####/BTJUHB2VZ558W1FJWY16NQEANEFHWAS.dex.flock (deleted)
  • /data/data/####/BTJUHB2VZ558W1FJWY16NQEANEFHWAS.zip
  • /data/data/####/CNDEUZ6WAJ8WBZ9KME3JBLEW3YXZTEX3.dex
  • /data/data/####/CNDEUZ6WAJ8WBZ9KME3JBLEW3YXZTEX3.dex.flock (deleted)
  • /data/data/####/DRTW3LOLLRN2IBDXE0R0LKKOH4XN2WI.dex (deleted)
  • /data/data/####/DRTW3LOLLRN2IBDXE0R0LKKOH4XN2WI.dex.flock (deleted)
  • /data/data/####/DRTW3LOLLRN2IBDXE0R0LKKOH4XN2WI.zip
  • /data/data/####/DYCHDA2HUU09O0L09NVJJBW0CK0VEFQC.dex
  • /data/data/####/E5J80LGQKX2EX1JIKOL1PNCY5C71Z43L.dex
  • /data/data/####/G6O7TW8ZWEXUYP63R61G26QCOHF0VAMM.dex
  • /data/data/####/H5LJ70J102CAKCQ6LF1CU0QHMXHXY5F.dex
  • /data/data/####/H5LJ70J102CAKCQ6LF1CU0QHMXHXY5F.dex.flock (deleted)
  • /data/data/####/H5LJ70J102CAKCQ6LF1CU0QHMXHXY5F.zip
  • /data/data/####/HZTOILXWPBMZVURCORAPF3FP9EGL0JZF.dex
  • /data/data/####/HZTOILXWPBMZVURCORAPF3FP9EGL0JZF.dex.flock (deleted)
  • /data/data/####/I8MPFQUTAONCC78L1KFUGGSQMJX650OS.dex
  • /data/data/####/I8MPFQUTAONCC78L1KFUGGSQMJX650OS.dex.flock (deleted)
  • /data/data/####/IECPkgStoreInfo
  • /data/data/####/J1R6KFJ63LW19STUYPO39T1370YRA9HL.dex
  • /data/data/####/J1R6KFJ63LW19STUYPO39T1370YRA9HL.dex.flock (deleted)
  • /data/data/####/JS6NBGORK8EZ6MV6VDXPXLUEUIYPW9OE.dex
  • /data/data/####/JS6NBGORK8EZ6MV6VDXPXLUEUIYPW9OE.dex.flock (deleted)
  • /data/data/####/NPVI57UV7D9CO977WEH6VEUQFIZD0QW.dex (deleted)
  • /data/data/####/NPVI57UV7D9CO977WEH6VEUQFIZD0QW.dex.flock (deleted)
  • /data/data/####/NPVI57UV7D9CO977WEH6VEUQFIZD0QW.zip
  • /data/data/####/PNP4RXGLTZRQUJPLEG70DSK498HJ6SM.dex (deleted)
  • /data/data/####/PNP4RXGLTZRQUJPLEG70DSK498HJ6SM.dex.flock (deleted)
  • /data/data/####/PNP4RXGLTZRQUJPLEG70DSK498HJ6SM.zip
  • /data/data/####/PS8ZO0Y7Y7WBV1SET0ETMW8YN14ST4T2.dex
  • /data/data/####/PYWX12Q1Y6C944LO1JV7ZBS4GSGVQZEG.dex
  • /data/data/####/PYWX12Q1Y6C944LO1JV7ZBS4GSGVQZEG.dex.flock (deleted)
  • /data/data/####/RMEPAMSDGH6H1Z28BYW34MUKXZQ6NAVW.dex
  • /data/data/####/RMEPAMSDGH6H1Z28BYW34MUKXZQ6NAVW.dex.flock (deleted)
  • /data/data/####/RSMNNOK7GG2FQIVIJHX1HLYQAA2PK5GA.dex
  • /data/data/####/SDHT7JSJ98Q0MS4E6HB1KIG6TQHD1ET.dex (deleted)
  • /data/data/####/SDHT7JSJ98Q0MS4E6HB1KIG6TQHD1ET.dex.flock (deleted)
  • /data/data/####/SDHT7JSJ98Q0MS4E6HB1KIG6TQHD1ET.zip
  • /data/data/####/SO4D4I3X7R94YUUON0CIQZD9S769VV67.dex
  • /data/data/####/TD525ZKQC4ML7JNHG517NWQMHGNIW4NS.dex
  • /data/data/####/TD525ZKQC4ML7JNHG517NWQMHGNIW4NS.dex.flock (deleted)
  • /data/data/####/UBRVTTUTVE8U8IMCO31F2W6KNWZJ7GJ.dex (deleted)
  • /data/data/####/UBRVTTUTVE8U8IMCO31F2W6KNWZJ7GJ.dex.flock (deleted)
  • /data/data/####/UBRVTTUTVE8U8IMCO31F2W6KNWZJ7GJ.zip
  • /data/data/####/WF92YJY0UR4WVRPGAQF3NTQ4FULJ16TF.dex
  • /data/data/####/Z1KJYPTQY9K1JSDUT3VHZ7IXZFTOWRK0.dex
  • /data/data/####/Z1KJYPTQY9K1JSDUT3VHZ7IXZFTOWRK0.dex.flock (deleted)
  • /data/data/####/Z9OVUL1MU1O1FKXE5B3XNZ65735KOZOO.dex
  • /data/data/####/com.android.launcher3.prefs.xml
  • /data/data/####/e08261cf388e6095bf2fa63ba9830b3bts99nb.tlvx
  • /data/data/####/e08261cf388e6095bf2fa63ba9830b3bts99nb.tlvx (deleted)
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/proc_auxv
  • /data/data/####/sealeh.bdc
  • /data/data/####/spUtils.xml
  • /data/data/####/working
Miscellaneous:
Executes the following shell scripts:
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/5MYIG05OYPNLJ1HR7U8QX3TVARYIA7U.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/H5LJ70J102CAKCQ6LF1CU0QHMXHXY5F.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/NPVI57UV7D9CO977WEH6VEUQFIZD0QW.zip
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1RUP07BG4VYJ127C311FLLKRPHF6U9E6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1RUP07BG4VYJ127C311FLLKRPHF6U9E6.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1ZHSQ15W1BYNF27C4F6L333T1MWLGRBZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1ZHSQ15W1BYNF27C4F6L333T1MWLGRBZ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/2F9QMR323V1291ALUCGC885H9H9O3KF1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/2F9QMR323V1291ALUCGC885H9H9O3KF1.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/31FACBRQFLO5TKPUETKZHTP7Z8E7QHT5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/31FACBRQFLO5TKPUETKZHTP7Z8E7QHT5.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3A0TTQXBXIJN2MKR9PIAIWDZQPCQ450A.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3A0TTQXBXIJN2MKR9PIAIWDZQPCQ450A.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3MYPYUWXK9Y1X32W3UGRK6AO1RM6ZEJ0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3MYPYUWXK9Y1X32W3UGRK6AO1RM6ZEJ0.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5S6NZC757CD5O4EP7Z0CGYR1S3MSAVQ8.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5S6NZC757CD5O4EP7Z0CGYR1S3MSAVQ8.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6LLWDPZWZK98SMXZA1V6B9XV82TDMTIF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6LLWDPZWZK98SMXZA1V6B9XV82TDMTIF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8EH4ZY2VBU9AS523QCGQSWJUCOUX50HT.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8EH4ZY2VBU9AS523QCGQSWJUCOUX50HT.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8LZKCD5CHTZCNJ03KIEEQY37VBRAXUPN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8LZKCD5CHTZCNJ03KIEEQY37VBRAXUPN.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8ZBMZBD2HUJEY0NTSZDGDJJH20FRGZKP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8ZBMZBD2HUJEY0NTSZDGDJJH20FRGZKP.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9THYXJCQ04AXNRRX0H5BZW2IPO72GWBS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9THYXJCQ04AXNRRX0H5BZW2IPO72GWBS.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/A4RA1GK1HGNSAFW50AMOEQLOMQ0F3IBZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/A4RA1GK1HGNSAFW50AMOEQLOMQ0F3IBZ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/AMUJA4935HBQ448QDAAG09FZ2D43LD0L.dex --oat-file=/data/user/0/<Package>/cache/<Package>/AMUJA4935HBQ448QDAAG09FZ2D43LD0L.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BFZGZTY0YUKF1PTFQVJPDM4W7A5OQMTE.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BFZGZTY0YUKF1PTFQVJPDM4W7A5OQMTE.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CNDEUZ6WAJ8WBZ9KME3JBLEW3YXZTEX3.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CNDEUZ6WAJ8WBZ9KME3JBLEW3YXZTEX3.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DYCHDA2HUU09O0L09NVJJBW0CK0VEFQC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DYCHDA2HUU09O0L09NVJJBW0CK0VEFQC.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/E5J80LGQKX2EX1JIKOL1PNCY5C71Z43L.dex --oat-file=/data/user/0/<Package>/cache/<Package>/E5J80LGQKX2EX1JIKOL1PNCY5C71Z43L.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/G6O7TW8ZWEXUYP63R61G26QCOHF0VAMM.dex --oat-file=/data/user/0/<Package>/cache/<Package>/G6O7TW8ZWEXUYP63R61G26QCOHF0VAMM.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HZTOILXWPBMZVURCORAPF3FP9EGL0JZF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HZTOILXWPBMZVURCORAPF3FP9EGL0JZF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/I8MPFQUTAONCC78L1KFUGGSQMJX650OS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/I8MPFQUTAONCC78L1KFUGGSQMJX650OS.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/J1R6KFJ63LW19STUYPO39T1370YRA9HL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/J1R6KFJ63LW19STUYPO39T1370YRA9HL.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/JS6NBGORK8EZ6MV6VDXPXLUEUIYPW9OE.dex --oat-file=/data/user/0/<Package>/cache/<Package>/JS6NBGORK8EZ6MV6VDXPXLUEUIYPW9OE.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PS8ZO0Y7Y7WBV1SET0ETMW8YN14ST4T2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PS8ZO0Y7Y7WBV1SET0ETMW8YN14ST4T2.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PYWX12Q1Y6C944LO1JV7ZBS4GSGVQZEG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PYWX12Q1Y6C944LO1JV7ZBS4GSGVQZEG.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RMEPAMSDGH6H1Z28BYW34MUKXZQ6NAVW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RMEPAMSDGH6H1Z28BYW34MUKXZQ6NAVW.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RSMNNOK7GG2FQIVIJHX1HLYQAA2PK5GA.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RSMNNOK7GG2FQIVIJHX1HLYQAA2PK5GA.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/SO4D4I3X7R94YUUON0CIQZD9S769VV67.dex --oat-file=/data/user/0/<Package>/cache/<Package>/SO4D4I3X7R94YUUON0CIQZD9S769VV67.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/TD525ZKQC4ML7JNHG517NWQMHGNIW4NS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/TD525ZKQC4ML7JNHG517NWQMHGNIW4NS.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WF92YJY0UR4WVRPGAQF3NTQ4FULJ16TF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WF92YJY0UR4WVRPGAQF3NTQ4FULJ16TF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Z1KJYPTQY9K1JSDUT3VHZ7IXZFTOWRK0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Z1KJYPTQY9K1JSDUT3VHZ7IXZFTOWRK0.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Z9OVUL1MU1O1FKXE5B3XNZ65735KOZOO.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Z9OVUL1MU1O1FKXE5B3XNZ65735KOZOO.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1RUP07BG4VYJ127C311FLLKRPHF6U9E6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1RUP07BG4VYJ127C311FLLKRPHF6U9E6.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1ZHSQ15W1BYNF27C4F6L333T1MWLGRBZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1ZHSQ15W1BYNF27C4F6L333T1MWLGRBZ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/2F9QMR323V1291ALUCGC885H9H9O3KF1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/2F9QMR323V1291ALUCGC885H9H9O3KF1.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/31FACBRQFLO5TKPUETKZHTP7Z8E7QHT5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/31FACBRQFLO5TKPUETKZHTP7Z8E7QHT5.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3A0TTQXBXIJN2MKR9PIAIWDZQPCQ450A.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3A0TTQXBXIJN2MKR9PIAIWDZQPCQ450A.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3MYPYUWXK9Y1X32W3UGRK6AO1RM6ZEJ0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3MYPYUWXK9Y1X32W3UGRK6AO1RM6ZEJ0.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5S6NZC757CD5O4EP7Z0CGYR1S3MSAVQ8.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5S6NZC757CD5O4EP7Z0CGYR1S3MSAVQ8.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6LLWDPZWZK98SMXZA1V6B9XV82TDMTIF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6LLWDPZWZK98SMXZA1V6B9XV82TDMTIF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8EH4ZY2VBU9AS523QCGQSWJUCOUX50HT.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8EH4ZY2VBU9AS523QCGQSWJUCOUX50HT.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8LZKCD5CHTZCNJ03KIEEQY37VBRAXUPN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8LZKCD5CHTZCNJ03KIEEQY37VBRAXUPN.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8ZBMZBD2HUJEY0NTSZDGDJJH20FRGZKP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8ZBMZBD2HUJEY0NTSZDGDJJH20FRGZKP.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9THYXJCQ04AXNRRX0H5BZW2IPO72GWBS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9THYXJCQ04AXNRRX0H5BZW2IPO72GWBS.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/A4RA1GK1HGNSAFW50AMOEQLOMQ0F3IBZ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/A4RA1GK1HGNSAFW50AMOEQLOMQ0F3IBZ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/AMUJA4935HBQ448QDAAG09FZ2D43LD0L.dex --oat-file=/data/user/0/<Package>/cache/<Package>/AMUJA4935HBQ448QDAAG09FZ2D43LD0L.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BFZGZTY0YUKF1PTFQVJPDM4W7A5OQMTE.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BFZGZTY0YUKF1PTFQVJPDM4W7A5OQMTE.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CNDEUZ6WAJ8WBZ9KME3JBLEW3YXZTEX3.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CNDEUZ6WAJ8WBZ9KME3JBLEW3YXZTEX3.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DYCHDA2HUU09O0L09NVJJBW0CK0VEFQC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DYCHDA2HUU09O0L09NVJJBW0CK0VEFQC.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/E5J80LGQKX2EX1JIKOL1PNCY5C71Z43L.dex --oat-file=/data/user/0/<Package>/cache/<Package>/E5J80LGQKX2EX1JIKOL1PNCY5C71Z43L.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/G6O7TW8ZWEXUYP63R61G26QCOHF0VAMM.dex --oat-file=/data/user/0/<Package>/cache/<Package>/G6O7TW8ZWEXUYP63R61G26QCOHF0VAMM.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HZTOILXWPBMZVURCORAPF3FP9EGL0JZF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HZTOILXWPBMZVURCORAPF3FP9EGL0JZF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/I8MPFQUTAONCC78L1KFUGGSQMJX650OS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/I8MPFQUTAONCC78L1KFUGGSQMJX650OS.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/J1R6KFJ63LW19STUYPO39T1370YRA9HL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/J1R6KFJ63LW19STUYPO39T1370YRA9HL.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/JS6NBGORK8EZ6MV6VDXPXLUEUIYPW9OE.dex --oat-file=/data/user/0/<Package>/cache/<Package>/JS6NBGORK8EZ6MV6VDXPXLUEUIYPW9OE.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PS8ZO0Y7Y7WBV1SET0ETMW8YN14ST4T2.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PS8ZO0Y7Y7WBV1SET0ETMW8YN14ST4T2.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PYWX12Q1Y6C944LO1JV7ZBS4GSGVQZEG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PYWX12Q1Y6C944LO1JV7ZBS4GSGVQZEG.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RMEPAMSDGH6H1Z28BYW34MUKXZQ6NAVW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RMEPAMSDGH6H1Z28BYW34MUKXZQ6NAVW.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RSMNNOK7GG2FQIVIJHX1HLYQAA2PK5GA.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RSMNNOK7GG2FQIVIJHX1HLYQAA2PK5GA.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/SO4D4I3X7R94YUUON0CIQZD9S769VV67.dex --oat-file=/data/user/0/<Package>/cache/<Package>/SO4D4I3X7R94YUUON0CIQZD9S769VV67.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/TD525ZKQC4ML7JNHG517NWQMHGNIW4NS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/TD525ZKQC4ML7JNHG517NWQMHGNIW4NS.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WF92YJY0UR4WVRPGAQF3NTQ4FULJ16TF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WF92YJY0UR4WVRPGAQF3NTQ4FULJ16TF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Z1KJYPTQY9K1JSDUT3VHZ7IXZFTOWRK0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Z1KJYPTQY9K1JSDUT3VHZ7IXZFTOWRK0.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/Z9OVUL1MU1O1FKXE5B3XNZ65735KOZOO.dex --oat-file=/data/user/0/<Package>/cache/<Package>/Z9OVUL1MU1O1FKXE5B3XNZ65735KOZOO.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat