用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Android.BankBot.TgToxic.54

Added to the Dr.Web virus database: 2023-11-21

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) connect####.gst####.com:80
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) redire####.g####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) rr18---####.g####.com:443
  • TCP(TLS/1.0) rr9---s####.g####.com:443
  • TCP(TLS/1.2) 74.1####.131.139:443
  • TCP(TLS/1.2) 64.2####.165.106:443
  • TCP(TLS/1.2) p####.google####.com:443
  • TCP(TLS/1.2) connect####.gst####.com:443
  • UDP p####.google####.com:443
DNS requests:
  • connect####.gst####.com
  • p####.google####.com
  • redire####.g####.com
  • rr18---####.g####.com
  • rr2---s####.g####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
File system changes:
Creates the following files:
  • /data/data/####/.com_rnkxvl_fdmipkes.meta
  • /data/data/####/150035
  • /data/data/####/19
  • /data/data/####/2023-11-21PM125804.rt
  • /data/data/####/2023-11-21PM125804.str
  • /data/data/####/2023-11-21PM125811.so.rt
  • /data/data/####/2023-11-21PM125818.so.rt
  • /data/data/####/2023-11-21PM125826.so.rt
  • /data/data/####/2023-11-21PM125833.so.rt
  • /data/data/####/2023-11-21PM125839.so.rt
  • /data/data/####/2023-11-21PM125847.so.rt
  • /data/data/####/2023-11-21PM125853.so.rt
  • /data/data/####/2023-11-21PM125900.so.rt
  • /data/data/####/2023-11-21PM125907.so.rt
  • /data/data/####/2023-11-21PM125914.so.rt
  • /data/data/####/2023-11-21PM125921.so.rt
  • /data/data/####/2275e25402adeebaa1b697c2bf455489ts99nb.ojnp
  • /data/data/####/2275e25402adeebaa1b697c2bf455489ts99nb.ojnp (deleted)
  • /data/data/####/250035
  • /data/data/####/29
  • /data/data/####/31SV2TTQMT4XZG16X3FHRNQ9VJHG8V0C.dex
  • /data/data/####/5BLWQTXSLBMBJIJO4FEDZV7T9E4D8NR7.dex
  • /data/data/####/5NMPSJNW8VEFPU30N557PDO7H5R6UPEM.dex
  • /data/data/####/5NMPSJNW8VEFPU30N557PDO7H5R6UPEM.dex.flock (deleted)
  • /data/data/####/60MLRAU5QOZSS7C1X032G8K6Y31MTW8C.dex
  • /data/data/####/8LJW4PLG5TBGBRSFKMAM663RZVZITUXF.dex
  • /data/data/####/8PPLB70BPOY8Q4OQMHJ58QSUTIPL16T.dex (deleted)
  • /data/data/####/8PPLB70BPOY8Q4OQMHJ58QSUTIPL16T.dex.flock (deleted)
  • /data/data/####/8PPLB70BPOY8Q4OQMHJ58QSUTIPL16T.zip
  • /data/data/####/98YNR4JLBS91SWAD7J4KKAV10RYCQB68.dex
  • /data/data/####/AJZ7HHA1NMWACY2OKN5RA46OBCBVVCZ.dex (deleted)
  • /data/data/####/AJZ7HHA1NMWACY2OKN5RA46OBCBVVCZ.dex.flock (deleted)
  • /data/data/####/AJZ7HHA1NMWACY2OKN5RA46OBCBVVCZ.zip
  • /data/data/####/AZ9MQBF6NJLMHP29MKCG8W9D9TLWN0ZP.dex
  • /data/data/####/BY8TT61RHYNJUQKVHHA2M4HVQ94UOT0U.dex
  • /data/data/####/CA94RAERFA56GHYRQWKYW8NUKC6XLGH9.dex
  • /data/data/####/CA94RAERFA56GHYRQWKYW8NUKC6XLGH9.dex.flock (deleted)
  • /data/data/####/CTZSWXTCLTVSN3C34IUQQ6VZ3RNQ16LJ.dex
  • /data/data/####/D08R80MNMRSRBL4ED0U524GQVH0SX05Y.dex
  • /data/data/####/D08R80MNMRSRBL4ED0U524GQVH0SX05Y.dex.flock (deleted)
  • /data/data/####/E0JATSWHLW3OYRS90UQGI2P4UECF3YRF.dex
  • /data/data/####/E0JATSWHLW3OYRS90UQGI2P4UECF3YRF.dex.flock (deleted)
  • /data/data/####/EYE3AGHZPHZYS0K2TQI8G1JJALCFT9GD.dex
  • /data/data/####/FNZSBDECUUCVHPDVMB7HDEWCZUTOEIXY.dex
  • /data/data/####/FNZSBDECUUCVHPDVMB7HDEWCZUTOEIXY.dex.flock (deleted)
  • /data/data/####/G6KJIC78O2EXPY0WTBIN07R3OJSUXZX.dex (deleted)
  • /data/data/####/G6KJIC78O2EXPY0WTBIN07R3OJSUXZX.dex.flock (deleted)
  • /data/data/####/G6KJIC78O2EXPY0WTBIN07R3OJSUXZX.zip
  • /data/data/####/GQTWVUY7R2H6G1MRASWEKWRYKWYX1WLL.dex
  • /data/data/####/IECPkgStoreInfo
  • /data/data/####/ILV8SDS64DYA1TFMKSPTTZWYD0JLZK31.dex
  • /data/data/####/ILV8SDS64DYA1TFMKSPTTZWYD0JLZK31.dex.flock (deleted)
  • /data/data/####/J9JQ9RA3ZLLOWXVJS2XQBIQ23IFX4QG.dex (deleted)
  • /data/data/####/J9JQ9RA3ZLLOWXVJS2XQBIQ23IFX4QG.dex.flock (deleted)
  • /data/data/####/J9JQ9RA3ZLLOWXVJS2XQBIQ23IFX4QG.zip
  • /data/data/####/KB5EUFAWUZWS3394UQVRFTISNIP3X2D7.dex
  • /data/data/####/LE6UKOLGQXV13XX33EC2PBDZI7AUINA.dex
  • /data/data/####/LE6UKOLGQXV13XX33EC2PBDZI7AUINA.dex (deleted)
  • /data/data/####/LE6UKOLGQXV13XX33EC2PBDZI7AUINA.dex.flock (deleted)
  • /data/data/####/LE6UKOLGQXV13XX33EC2PBDZI7AUINA.zip
  • /data/data/####/MKQTVI2PEOB0G3KX107MC8WQUB5YXW40.dex
  • /data/data/####/N9RIWZJIZ1OHPSDQU5WBTL9JJ027Y5L5.dex
  • /data/data/####/N9RIWZJIZ1OHPSDQU5WBTL9JJ027Y5L5.dex.flock (deleted)
  • /data/data/####/O2WFL48FSEX6MDYZ7A54MYIG4X3S3EEY.dex
  • /data/data/####/OX5HBNOB1G2CAWSQ25BL06CIX6XXPUD.dex (deleted)
  • /data/data/####/OX5HBNOB1G2CAWSQ25BL06CIX6XXPUD.dex.flock (deleted)
  • /data/data/####/OX5HBNOB1G2CAWSQ25BL06CIX6XXPUD.zip
  • /data/data/####/PL9ADZ42GKAT7N7PK55VJOUUXWZYSCNW.dex
  • /data/data/####/R26HIQ4LKDE5HZE4RQCVWUM0DB6E3MN0.dex
  • /data/data/####/RS6ZF00B4GYJEQ7U3LT9XTEAUUAX0P82.dex
  • /data/data/####/SYC3MKZ8WQ6X5E0KTBAFWB3RWNGY1Z5.dex (deleted)
  • /data/data/####/SYC3MKZ8WQ6X5E0KTBAFWB3RWNGY1Z5.dex.flock (deleted)
  • /data/data/####/SYC3MKZ8WQ6X5E0KTBAFWB3RWNGY1Z5.zip
  • /data/data/####/SZVYRNT65UVIM8Z5C3T8T7J16KNZWZSH.dex
  • /data/data/####/TMWPLMEHM68PK4HOLJV3ZJKWOSCBUBAW.dex
  • /data/data/####/TMWPLMEHM68PK4HOLJV3ZJKWOSCBUBAW.dex.flock (deleted)
  • /data/data/####/UKQTCYLI2W0FNGQIBT41Q9XXATEWRHR.dex (deleted)
  • /data/data/####/UKQTCYLI2W0FNGQIBT41Q9XXATEWRHR.dex.flock (deleted)
  • /data/data/####/UKQTCYLI2W0FNGQIBT41Q9XXATEWRHR.zip
  • /data/data/####/UTLODPNCN45OS69ZE1BIBH5NGIPTQ5EB.dex
  • /data/data/####/UTLODPNCN45OS69ZE1BIBH5NGIPTQ5EB.dex.flock (deleted)
  • /data/data/####/VDGF5WDL7Z6YF5XUKBCL0K8HOTVU82D.dex (deleted)
  • /data/data/####/VDGF5WDL7Z6YF5XUKBCL0K8HOTVU82D.dex.flock (deleted)
  • /data/data/####/VDGF5WDL7Z6YF5XUKBCL0K8HOTVU82D.zip
  • /data/data/####/WNBEJB1I5EFUEKJ9WZDCDRR9AGB7KBG5.dex
  • /data/data/####/WNBEJB1I5EFUEKJ9WZDCDRR9AGB7KBG5.dex.flock (deleted)
  • /data/data/####/WPDXNVWBTSASEGS2M5JD420UP2PTLEL.dex (deleted)
  • /data/data/####/WPDXNVWBTSASEGS2M5JD420UP2PTLEL.dex.flock (deleted)
  • /data/data/####/WPDXNVWBTSASEGS2M5JD420UP2PTLEL.zip
  • /data/data/####/WW49G23PN71KYUY4JG0QQRL94RU9JRQR.dex
  • /data/data/####/WW49G23PN71KYUY4JG0QQRL94RU9JRQR.dex.flock (deleted)
  • /data/data/####/XL5YHJK2SKE1NJRXCLPZ7OI2T0RYK07W.dex
  • /data/data/####/XMYEOGDGY53LJDXBJE4ALFP7ABYY23I.dex (deleted)
  • /data/data/####/XMYEOGDGY53LJDXBJE4ALFP7ABYY23I.dex.flock (deleted)
  • /data/data/####/XMYEOGDGY53LJDXBJE4ALFP7ABYY23I.zip
  • /data/data/####/XP965RSMW4A9VFZTGL9Z3OUMPOBUO03K.dex
  • /data/data/####/YEAV6OPF1X36K4CM9QY8K17FEXS399K5.dex
  • /data/data/####/YEAV6OPF1X36K4CM9QY8K17FEXS399K5.dex.flock (deleted)
  • /data/data/####/Z8C4EUZ6KBHJLF7PLWYGFDJT41CWSLO.dex (deleted)
  • /data/data/####/Z8C4EUZ6KBHJLF7PLWYGFDJT41CWSLO.dex.flock (deleted)
  • /data/data/####/Z8C4EUZ6KBHJLF7PLWYGFDJT41CWSLO.zip
  • /data/data/####/com.android.launcher3.prefs.xml
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/proc_auxv
  • /data/data/####/sealeh.bdc
  • /data/data/####/spUtils.xml
  • /data/data/####/working
Miscellaneous:
Executes the following shell scripts:
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/AJZ7HHA1NMWACY2OKN5RA46OBCBVVCZ.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/LE6UKOLGQXV13XX33EC2PBDZI7AUINA.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/VDGF5WDL7Z6YF5XUKBCL0K8HOTVU82D.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/Z8C4EUZ6KBHJLF7PLWYGFDJT41CWSLO.zip
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/31SV2TTQMT4XZG16X3FHRNQ9VJHG8V0C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/31SV2TTQMT4XZG16X3FHRNQ9VJHG8V0C.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5BLWQTXSLBMBJIJO4FEDZV7T9E4D8NR7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5BLWQTXSLBMBJIJO4FEDZV7T9E4D8NR7.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5NMPSJNW8VEFPU30N557PDO7H5R6UPEM.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5NMPSJNW8VEFPU30N557PDO7H5R6UPEM.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/60MLRAU5QOZSS7C1X032G8K6Y31MTW8C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/60MLRAU5QOZSS7C1X032G8K6Y31MTW8C.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8LJW4PLG5TBGBRSFKMAM663RZVZITUXF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8LJW4PLG5TBGBRSFKMAM663RZVZITUXF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/98YNR4JLBS91SWAD7J4KKAV10RYCQB68.dex --oat-file=/data/user/0/<Package>/cache/<Package>/98YNR4JLBS91SWAD7J4KKAV10RYCQB68.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/AZ9MQBF6NJLMHP29MKCG8W9D9TLWN0ZP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/AZ9MQBF6NJLMHP29MKCG8W9D9TLWN0ZP.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BY8TT61RHYNJUQKVHHA2M4HVQ94UOT0U.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BY8TT61RHYNJUQKVHHA2M4HVQ94UOT0U.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CA94RAERFA56GHYRQWKYW8NUKC6XLGH9.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CA94RAERFA56GHYRQWKYW8NUKC6XLGH9.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CTZSWXTCLTVSN3C34IUQQ6VZ3RNQ16LJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CTZSWXTCLTVSN3C34IUQQ6VZ3RNQ16LJ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D08R80MNMRSRBL4ED0U524GQVH0SX05Y.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D08R80MNMRSRBL4ED0U524GQVH0SX05Y.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/E0JATSWHLW3OYRS90UQGI2P4UECF3YRF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/E0JATSWHLW3OYRS90UQGI2P4UECF3YRF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/EYE3AGHZPHZYS0K2TQI8G1JJALCFT9GD.dex --oat-file=/data/user/0/<Package>/cache/<Package>/EYE3AGHZPHZYS0K2TQI8G1JJALCFT9GD.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FNZSBDECUUCVHPDVMB7HDEWCZUTOEIXY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FNZSBDECUUCVHPDVMB7HDEWCZUTOEIXY.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GQTWVUY7R2H6G1MRASWEKWRYKWYX1WLL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GQTWVUY7R2H6G1MRASWEKWRYKWYX1WLL.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ILV8SDS64DYA1TFMKSPTTZWYD0JLZK31.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ILV8SDS64DYA1TFMKSPTTZWYD0JLZK31.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/KB5EUFAWUZWS3394UQVRFTISNIP3X2D7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/KB5EUFAWUZWS3394UQVRFTISNIP3X2D7.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MKQTVI2PEOB0G3KX107MC8WQUB5YXW40.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MKQTVI2PEOB0G3KX107MC8WQUB5YXW40.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/N9RIWZJIZ1OHPSDQU5WBTL9JJ027Y5L5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/N9RIWZJIZ1OHPSDQU5WBTL9JJ027Y5L5.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/O2WFL48FSEX6MDYZ7A54MYIG4X3S3EEY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/O2WFL48FSEX6MDYZ7A54MYIG4X3S3EEY.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PL9ADZ42GKAT7N7PK55VJOUUXWZYSCNW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PL9ADZ42GKAT7N7PK55VJOUUXWZYSCNW.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/R26HIQ4LKDE5HZE4RQCVWUM0DB6E3MN0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/R26HIQ4LKDE5HZE4RQCVWUM0DB6E3MN0.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RS6ZF00B4GYJEQ7U3LT9XTEAUUAX0P82.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RS6ZF00B4GYJEQ7U3LT9XTEAUUAX0P82.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/SZVYRNT65UVIM8Z5C3T8T7J16KNZWZSH.dex --oat-file=/data/user/0/<Package>/cache/<Package>/SZVYRNT65UVIM8Z5C3T8T7J16KNZWZSH.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/TMWPLMEHM68PK4HOLJV3ZJKWOSCBUBAW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/TMWPLMEHM68PK4HOLJV3ZJKWOSCBUBAW.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/UTLODPNCN45OS69ZE1BIBH5NGIPTQ5EB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/UTLODPNCN45OS69ZE1BIBH5NGIPTQ5EB.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WNBEJB1I5EFUEKJ9WZDCDRR9AGB7KBG5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WNBEJB1I5EFUEKJ9WZDCDRR9AGB7KBG5.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WW49G23PN71KYUY4JG0QQRL94RU9JRQR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WW49G23PN71KYUY4JG0QQRL94RU9JRQR.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XL5YHJK2SKE1NJRXCLPZ7OI2T0RYK07W.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XL5YHJK2SKE1NJRXCLPZ7OI2T0RYK07W.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XP965RSMW4A9VFZTGL9Z3OUMPOBUO03K.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XP965RSMW4A9VFZTGL9Z3OUMPOBUO03K.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YEAV6OPF1X36K4CM9QY8K17FEXS399K5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YEAV6OPF1X36K4CM9QY8K17FEXS399K5.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/31SV2TTQMT4XZG16X3FHRNQ9VJHG8V0C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/31SV2TTQMT4XZG16X3FHRNQ9VJHG8V0C.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5BLWQTXSLBMBJIJO4FEDZV7T9E4D8NR7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5BLWQTXSLBMBJIJO4FEDZV7T9E4D8NR7.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5NMPSJNW8VEFPU30N557PDO7H5R6UPEM.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5NMPSJNW8VEFPU30N557PDO7H5R6UPEM.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/60MLRAU5QOZSS7C1X032G8K6Y31MTW8C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/60MLRAU5QOZSS7C1X032G8K6Y31MTW8C.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8LJW4PLG5TBGBRSFKMAM663RZVZITUXF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8LJW4PLG5TBGBRSFKMAM663RZVZITUXF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/98YNR4JLBS91SWAD7J4KKAV10RYCQB68.dex --oat-file=/data/user/0/<Package>/cache/<Package>/98YNR4JLBS91SWAD7J4KKAV10RYCQB68.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/AZ9MQBF6NJLMHP29MKCG8W9D9TLWN0ZP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/AZ9MQBF6NJLMHP29MKCG8W9D9TLWN0ZP.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BY8TT61RHYNJUQKVHHA2M4HVQ94UOT0U.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BY8TT61RHYNJUQKVHHA2M4HVQ94UOT0U.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CA94RAERFA56GHYRQWKYW8NUKC6XLGH9.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CA94RAERFA56GHYRQWKYW8NUKC6XLGH9.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/CTZSWXTCLTVSN3C34IUQQ6VZ3RNQ16LJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/CTZSWXTCLTVSN3C34IUQQ6VZ3RNQ16LJ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D08R80MNMRSRBL4ED0U524GQVH0SX05Y.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D08R80MNMRSRBL4ED0U524GQVH0SX05Y.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/E0JATSWHLW3OYRS90UQGI2P4UECF3YRF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/E0JATSWHLW3OYRS90UQGI2P4UECF3YRF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/EYE3AGHZPHZYS0K2TQI8G1JJALCFT9GD.dex --oat-file=/data/user/0/<Package>/cache/<Package>/EYE3AGHZPHZYS0K2TQI8G1JJALCFT9GD.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FNZSBDECUUCVHPDVMB7HDEWCZUTOEIXY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FNZSBDECUUCVHPDVMB7HDEWCZUTOEIXY.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/GQTWVUY7R2H6G1MRASWEKWRYKWYX1WLL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/GQTWVUY7R2H6G1MRASWEKWRYKWYX1WLL.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ILV8SDS64DYA1TFMKSPTTZWYD0JLZK31.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ILV8SDS64DYA1TFMKSPTTZWYD0JLZK31.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/KB5EUFAWUZWS3394UQVRFTISNIP3X2D7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/KB5EUFAWUZWS3394UQVRFTISNIP3X2D7.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/MKQTVI2PEOB0G3KX107MC8WQUB5YXW40.dex --oat-file=/data/user/0/<Package>/cache/<Package>/MKQTVI2PEOB0G3KX107MC8WQUB5YXW40.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/N9RIWZJIZ1OHPSDQU5WBTL9JJ027Y5L5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/N9RIWZJIZ1OHPSDQU5WBTL9JJ027Y5L5.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/O2WFL48FSEX6MDYZ7A54MYIG4X3S3EEY.dex --oat-file=/data/user/0/<Package>/cache/<Package>/O2WFL48FSEX6MDYZ7A54MYIG4X3S3EEY.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/PL9ADZ42GKAT7N7PK55VJOUUXWZYSCNW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/PL9ADZ42GKAT7N7PK55VJOUUXWZYSCNW.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/R26HIQ4LKDE5HZE4RQCVWUM0DB6E3MN0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/R26HIQ4LKDE5HZE4RQCVWUM0DB6E3MN0.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RS6ZF00B4GYJEQ7U3LT9XTEAUUAX0P82.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RS6ZF00B4GYJEQ7U3LT9XTEAUUAX0P82.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/SZVYRNT65UVIM8Z5C3T8T7J16KNZWZSH.dex --oat-file=/data/user/0/<Package>/cache/<Package>/SZVYRNT65UVIM8Z5C3T8T7J16KNZWZSH.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/TMWPLMEHM68PK4HOLJV3ZJKWOSCBUBAW.dex --oat-file=/data/user/0/<Package>/cache/<Package>/TMWPLMEHM68PK4HOLJV3ZJKWOSCBUBAW.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/UTLODPNCN45OS69ZE1BIBH5NGIPTQ5EB.dex --oat-file=/data/user/0/<Package>/cache/<Package>/UTLODPNCN45OS69ZE1BIBH5NGIPTQ5EB.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WNBEJB1I5EFUEKJ9WZDCDRR9AGB7KBG5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WNBEJB1I5EFUEKJ9WZDCDRR9AGB7KBG5.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WW49G23PN71KYUY4JG0QQRL94RU9JRQR.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WW49G23PN71KYUY4JG0QQRL94RU9JRQR.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XL5YHJK2SKE1NJRXCLPZ7OI2T0RYK07W.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XL5YHJK2SKE1NJRXCLPZ7OI2T0RYK07W.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XP965RSMW4A9VFZTGL9Z3OUMPOBUO03K.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XP965RSMW4A9VFZTGL9Z3OUMPOBUO03K.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YEAV6OPF1X36K4CM9QY8K17FEXS399K5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YEAV6OPF1X36K4CM9QY8K17FEXS399K5.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat