FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.Packed.20831

Added to the Dr.Web virus database: 2017-04-21

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Spy.318.origin
Network activity:
Connecting to:
  • a26af68####.####.com
  • t####.####.net
  • ip####.com
  • 3416eab####.####.com
  • nomin####.####.org
  • 704e4d2####.####.com
  • m####.####.COM
  • b8c35a6####.####.com
  • a####.####.com
HTTP GET requests:
  • nomin####.####.org/search?format=####&addressdetails=####&q=####&accept-...
  • a####.####.com/publications/54d9f4c107830f2c0a00006e
  • a####.####.com//articles/58f50466dbd2c04103fac6a7/related?limit=####
  • 3416eab####.####.com/58f91491dbd2c0410320de66_120x120.jpg
  • a####.####.com//articles/58f7ab7adbd2c0410312b28f/related?limit=####
  • ip####.com/json
  • a####.####.com/articles/58f517f7dbd2c04103fb691a
  • a####.####.com/publications/54d9f5ac07830f2c0a000093
  • a####.####.com//articles/58f50038dbd2c04103fa9027/related?limit=####
  • 3416eab####.####.com/58f82922dbd2c0410317655f_500x281.jpg
  • 3416eab####.####.com/58f905a5dbd2c04103202189_120x120.jpg
  • a####.####.com/publications/54d9f30007830f2c0a00003c
  • a####.####.com/articles?limit=####&bounds=####
  • 3416eab####.####.com/58f90c39dbd2c041032077a3_120x120.jpg
  • a####.####.com/countries/us/popular-articles?limit=####
  • a####.####.com//articles/58f7ab7adbd2c0410312b289/related?limit=####
  • a####.####.com/articles/58f50466dbd2c04103fac6a7
  • a####.####.com//articles/58f4e11cdbd2c04103f9a67e/related?limit=####
  • a####.####.com/publications/54d9f5bc07830f2c0a00009d
  • a####.####.com//articles/58f517f7dbd2c04103fb691a/related?limit=####
  • a####.####.com/publications/54d8991907830f652e000008
  • a####.####.com/countries/nl/popular-articles
  • a26af68####.####.com/58f4d74adbd2c04103f97e9c_120x120.jpg
  • 3416eab####.####.com/58f81f5ddbd2c04103173b15_120x120.jpg
  • a####.####.com/publications/51652252bbddbd1468000b79
  • b8c35a6####.####.com/58f5b75adbd2c0410300bfdd_120x120.jpg
  • a####.####.com/publications/54d9f60907830f2c0a0000a9
  • a####.####.com/articles/58f506d8dbd2c04103fad5b1
  • b8c35a6####.####.com/58f5a92ddbd2c041030038f3_120x120.jpg
  • a####.####.com/search/%22jupiler%20league%22?limit=####&bounds=####
  • b8c35a6####.####.com/58f5e14ddbd2c04103020b8d_120x120.jpg
  • a####.####.com//articles/58f506d8dbd2c04103fad5b1/related?limit=####
  • 3416eab####.####.com/58f8747fdbd2c041031a88a7_500x312.jpg
  • a####.####.com/articles/58f4e11cdbd2c04103f9a67e
  • 3416eab####.####.com/58f905a5dbd2c04103202185_120x120.jpg
  • a26af68####.####.com/58f4e770dbd2c04103f9f2be_500x281.jpg
  • a26af68####.####.com/58f5070edbd2c04103fae0e0_500x281.jpg
  • 3416eab####.####.com/58f81448dbd2c0410316bcc7_120x120.jpg
  • a####.####.com/articles/58f7ab7adbd2c0410312b289
  • b8c35a6####.####.com/58f5f9dadbd2c041030314a7_120x120.jpg
  • a####.####.com/articles/58f50038dbd2c04103fa9027
  • a####.####.com/trends?limit=####&bounds=####
  • a####.####.com/images?limit=####&q=####
  • 704e4d2####.####.com/58f6c420dbd2c041030a239d_120x120.jpg
  • a26af68####.####.com/58f506dadbd2c04103fad671_120x120.jpg
  • 3416eab####.####.com/58f81448dbd2c0410316bcc2_120x120.jpg
  • 3416eab####.####.com/58f81448dbd2c0410316bcc0_120x120.jpg
  • a####.####.com/publications/54d8990b07830f652e000000
  • 3416eab####.####.com/58f8be78dbd2c041031d762f_500x312.jpg
  • 3416eab####.####.com/58f82f52dbd2c0410317aff6_500x281.jpg
  • a####.####.com/articles/58f7ab7adbd2c0410312b28f
  • a26af68####.####.com/58f5070edbd2c04103fae0e0_120x120.jpg
HTTP POST requests:
  • m####.####.COM/pmsg/api/20
  • t####.####.net/g/d
Modified file system:
Creates the following files:
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000016.cls_temp
  • /data/data/####/cache/volley/-1945599070-720412303
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-d2557868-cf07-4664-95df-dc8c7bf2288e.temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleDetail_GetArticleDetailRequest_58f50466dbd2c04103fac6a7
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionUser.cls_temp
  • /data/data/####/shared_prefs/pref_longtime.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000014.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-8b7079ab-1bae-4a24-972a-224c373b99e8.temp.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000008.cls_temp
  • /data/data/####/cache/picasso-cache/ab6e0fa6a038822cae5088c12f27eb6c.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_2874182e-c3c9-4f48-976b-3667809d3e2a_1492762033849.tap
  • /data/data/####/shared_prefs/pref_shorttime.xml
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_54d9f30007830f2c0a00003c
  • /data/data/####/cache/picasso-cache/6b3f14b0bcf7f6bbdaaab6017a7a030a.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-98aa398a-d241-445b-9512-19a954a2b03b.temp.tmp
  • /data/data/####/databases/webviewCookiesChromium.db-journal
  • /data/data/####/files/AdjustIoActivityState
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52ASessionEvent0000000001.cls_temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleDetail_GetArticleDetailRequest_58f517f7dbd2c04103fb691a
  • /data/data/####/cache/picasso-cache/e59118fe045f2135b787cd190aace871.1.tmp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleBundle_GetTopStoriesRequest_nl
  • /data/data/####/cache/picasso-cache/9f4532fde7ab72b1e1857d25fc03e3e5.0.tmp
  • /data/data/####/shared_prefs/pref_longtime.xml.bak
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-11df2352-ce1e-425f-ba47-3bf84a834897.temp
  • /data/data/####/cache/picasso-cache/c03dd97d501dd2419c98adec2915e69c.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
  • /data/data/####/cache/picasso-cache/c68d429a668278bce7f5fc13941e90aa.0.tmp
  • /data/data/####/cache/volley/-1945599071374720413
  • /data/data/####/cache/picasso-cache/71a971a357b41b984db9a7cdd54207f2.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB1035A-0002-081F-779A6F0CE52ASessionDevice.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000015.cls_temp
  • /data/data/####/files/ZQAgenttcagent.db-journal
  • /data/data/####/cache/volley/-1945599070-1800891323
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52ASessionOS.cls_temp
  • /data/data/####/cache/picasso-cache/77a2341bf6f70a435a15d11fcfcc3d30.0.tmp
  • /data/data/####/databases/webview.db-journal
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionApp.cls_temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_TrendBundle_GetTrendsRequest_HubiiLocation{mCountryCode=nl, mCountryName=The Netherlands, mCityName=Amsterdam, mBoundingBox=4.728759,52.2781742,5.0791622,52.4310638}
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000010.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionEvent0000000003.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000000.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionOS.cls_temp
  • /data/data/####/cache/picasso-cache/744811e9add7d406020d87c2a421be80.0.tmp
  • /data/data/####/files/gaClientId
  • /data/data/####/cache/picasso-cache/journal.tmp
  • /data/data/####/cache/picasso-cache/82375b5d09b3941220a17ceb2b9d8f9d.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-7ee5d9f8-a8e1-4806-9138-7ae80db46966.temp.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/initialization_marker
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000024.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000023.cls_temp
  • /data/data/####/cache/picasso-cache/9798f7c5d422222a099033912e4f3370.1.tmp
  • /data/data/####/cache/picasso-cache/4e0865b2d63c5dc479bd55e651fb9394.1.tmp
  • /data/data/####/shared_prefs/com.crashlytics.prefs.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-837e3ead-71cf-458a-a58f-bb7f757c3c1b.temp.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionEvent0000000002.cls_temp
  • /data/data/####/cache/picasso-cache/744811e9add7d406020d87c2a421be80.1.tmp
  • /data/data/####/cache/picasso-cache/82375b5d09b3941220a17ceb2b9d8f9d.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-8156b0f3-4961-45fc-a2aa-9b0b0290bed8.temp.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-98aa398a-d241-445b-9512-19a954a2b03b.temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleDetail_GetArticleDetailRequest_58f7ab7adbd2c0410312b289
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000003.cls_temp
  • /data/data/####/cache/volley/-1945599068-63278893
  • /data/data/####/shared_prefs/data.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52ASessionEvent0000000000.cls_temp
  • /data/data/####/cache/picasso-cache/5a1316af213620edf7c56b53d8b0d87b.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52ASessionUser.cls_temp
  • /data/data/####/cache/picasso-cache/ab6e0fa6a038822cae5088c12f27eb6c.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-d0c1155e-eebd-4a8d-b2ac-357a66f1c586.temp.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ABeginSession.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000020.cls_temp
  • /data/data/####/shared_prefs/com.google.android.gms.analytics.prefs.xml.bak
  • /data/data/####/cache/picasso-cache/17f6199c8cb28d06f39aa2bf76a06829.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionEvent0000000006.cls_temp
  • /data/data/####/shared_prefs/com.google.android.gms.analytics.prefs.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000005.cls_temp
  • /data/data/####/cache/picasso-cache/a800d21108382f9207871f9116d40ab5.1.tmp
  • /data/data/####/cache/picasso-cache/5a1316af213620edf7c56b53d8b0d87b.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c16cce7f-7092-4ac1-835b-3b7d52b887a5_1492762038098.tap
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000007.cls_temp
  • /data/data/####/cache/picasso-cache/9f4532fde7ab72b1e1857d25fc03e3e5.1.tmp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleDetail_GetArticleDetailRequest_58f50038dbd2c04103fa9027
  • /data/data/####/cache/picasso-cache/54754173811ea84befb629093b832b39.0.tmp
  • /data/data/####/cache/picasso-cache/b5c465723d9e1ee0c8de82d170cb1889.0.tmp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_51652252bbddbd1468000b79
  • /data/data/####/cache/picasso-cache/71a971a357b41b984db9a7cdd54207f2.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52ABeginSession.cls_temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_54d9f60907830f2c0a0000a9
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000009.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_16330aa2-f79b-4231-9b4d-a20c8d432139_1492762029808.tap
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_54d9f4c107830f2c0a00006e
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleDetail_GetArticleDetailRequest_58f506d8dbd2c04103fad5b1
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-d2557868-cf07-4664-95df-dc8c7bf2288e.temp.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-11df2352-ce1e-425f-ba47-3bf84a834897.temp.tmp
  • /data/data/####/cache/picasso-cache/77a2341bf6f70a435a15d11fcfcc3d30.1.tmp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleDetail_GetArticleDetailRequest_58f7ab7adbd2c0410312b28f
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-f462b3b4-19d8-42af-8845-109ebebb5ba3.temp.tmp
  • /data/data/####/cache/picasso-cache/2c13bf6f25a7dc810f6944ec7dc00e51.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000006.cls_temp
  • /data/data/####/files/AdjustIoPackageQueue
  • /data/data/####/shared_prefs/TwitterAdvertisingInfoPreferences.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000001.cls_temp
  • /data/data/####/cache/picasso-cache/2c13bf6f25a7dc810f6944ec7dc00e51.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionDevice.cls_temp
  • /data/data/####/cache/picasso-cache/b5c465723d9e1ee0c8de82d170cb1889.1.tmp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Autocomplete_GetLocationSearchHistoryRequest
  • /data/data/####/.lib/libexecmain.so
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionApp.cls_temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_54d8991907830f652e000008
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB3024A-0003-081F-779A6F0CE52ASessionOS.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000019.cls_temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_54d9f5ac07830f2c0a000093
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB1035A-0002-081F-779A6F0CE52A.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionEvent0000000004.cls_temp
  • /data/data/####/files/ZQAgenttcagent.db
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB1035A-0002-081F-779A6F0CE52ASessionOS.cls_temp
  • /data/data/####/cache/picasso-cache/a800d21108382f9207871f9116d40ab5.0.tmp
  • /data/data/####/cache/volley/3132528122132263894
  • /data/data/####/cache/picasso-cache/8c3e55436ca063d0d8cb4005fce25e60.0.tmp
  • /sdcard/.tcookieid
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52A.cls_temp
  • /data/data/####/cache/picasso-cache/376225b29ecedbe30143b50e66e01272.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000012.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB1035A-0002-081F-779A6F0CE52ASessionCrash.cls_temp
  • /data/data/####/cache/picasso-cache/a8b9933ad98b3c690bf5e24d5959058a.1.tmp
  • /data/data/####/shared_prefs/####.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000011.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-f462b3b4-19d8-42af-8845-109ebebb5ba3.temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleDetail_GetArticleDetailRequest_58f4e11cdbd2c04103f9a67e
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_54d9f5bc07830f2c0a00009d
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB3024A-0003-081F-779A6F0CE52ASessionUser.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-d0c1155e-eebd-4a8d-b2ac-357a66f1c586.temp
  • /data/data/####/cache/picasso-cache/8c3e55436ca063d0d8cb4005fce25e60.1.tmp
  • /data/data/####/cache/picasso-cache/54754173811ea84befb629093b832b39.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-7ee5d9f8-a8e1-4806-9138-7ae80db46966.temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB1035A-0002-081F-779A6F0CE52ASessionUser.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB1035A-0002-081F-779A6F0CE52ABeginSession.cls_temp
  • /data/data/####/cache/picasso-cache/6b3f14b0bcf7f6bbdaaab6017a7a030a.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52ASessionDevice.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000021.cls_temp
  • /data/data/####/.lib/libexec.so
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB3024A-0003-081F-779A6F0CE52ASessionDevice.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionEvent0000000005.cls_temp
  • /data/data/####/cache/volley/-1945599070-1873883825
  • /data/data/####/cache/picasso-cache/148e97f63554a61389a5baa008779a5e.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ABeginSession.cls_temp
  • /data/data/####/shared_prefs/####_preferences.xml
  • /data/data/####/files/.Fabric/io.fabric.sdk.android:fabric/com.crashlytics.settings.json
  • /data/data/####/app_kdwel9/protect.apk
  • /data/data/####/cache/picasso-cache/a8b9933ad98b3c690bf5e24d5959058a.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB3024A-0003-081F-779A6F0CE52ASessionApp.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-8156b0f3-4961-45fc-a2aa-9b0b0290bed8.temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_Publication_GetPublicationRequest_54d8990b07830f652e000000
  • /data/data/####/cache/picasso-cache/4e0865b2d63c5dc479bd55e651fb9394.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000013.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000004.cls_temp
  • /data/data/####/files/td.lock
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000002.cls_temp
  • /data/data/####/cache/picasso-cache/17f6199c8cb28d06f39aa2bf76a06829.0.tmp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_HubiiLocation_ResolveLocationRequest_Near me
  • /data/data/####/databases/google_analytics_v4.db-journal
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000018.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52ASessionOS.cls_temp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB1035A-0002-081F-779A6F0CE52ASessionApp.cls_temp
  • /data/data/####/shared_prefs/io.fabric.sdk.android:fabric:io.fabric.sdk.android.Onboarding.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-837e3ead-71cf-458a-a58f-bb7f757c3c1b.temp
  • /data/data/####/cache/volley/-1945599068-832673114
  • /data/data/####/cache/picasso-cache/c03dd97d501dd2419c98adec2915e69c.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crash_marker
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000022.cls_temp
  • /data/data/####/cache/picasso-cache/148e97f63554a61389a5baa008779a5e.1.tmp
  • /data/data/####/cache/picasso-cache/9798f7c5d422222a099033912e4f3370.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/crashlytics-userlog-8b7079ab-1bae-4a24-972a-224c373b99e8.temp
  • /data/data/####/cache/picasso-cache/e59118fe045f2135b787cd190aace871.0.tmp
  • /data/data/####/cache/picasso-cache/c68d429a668278bce7f5fc13941e90aa.1.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionEvent0000000017.cls_temp
  • /data/data/####/cache/picasso-cache/376225b29ecedbe30143b50e66e01272.0.tmp
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDAD0331-0001-087C-779A6F0CE52A.cls_temp
  • /data/data/####/shared_prefs/tdid.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB6005B-0001-0928-779A6F0CE52ASessionDevice.cls_temp
  • /data/data/####/cache/robospice-cache/GsonRetrofitObjectPersisterFactory_RetrofitObjectPersister_ArticleBundle_GetArticlesRequest_HubiiLocation{mCountryCode=nl, mCountryName=The Netherlands, mCityName=Amsterdam, mBoundingBox=4.728759,52.2781742,5.0791622,52.4310638}
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDA90080-0001-081F-779A6F0CE52ASessionApp.cls_temp
  • /data/data/####/shared_prefs/com.crashlytics.sdk.android:answers:com.crashlytics.android.answers.Answers.xml
  • /data/data/####/files/.Fabric/com.crashlytics.sdk.android:crashlytics/58F9BDB3024A-0003-081F-779A6F0CE52ABeginSession.cls_temp
Miscellaneous:
Executes next shell scripts:
  • getprop
  • getprop ro.product.cpu.abi
  • /system/bin/sh
Uses special library to hide executable bytecode.
Contains functionality to send SMS messages automatically.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play