FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.Packed.46740

Added to the Dr.Web virus database: 2019-08-27

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.DownLoader.543.origin
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(HTTP/1.1) s####.puzz####.s3.####.com:80
  • TCP(HTTP/1.1) pu####.net:80
  • TCP(HTTP/1.1) p####.chengdu####.cn:80
  • TCP(TLS/1.0) api.face####.com:443
  • TCP(TLS/1.0) www.googlea####.com:443
  • TCP(TLS/1.0) sett####.crashly####.com:443
  • TCP(TLS/1.0) 1####.217.168.206:443
DNS requests:
  • g####.face####.com
  • p####.chengdu####.cn
  • pu####.net
  • s####.puzz####.s3.####.com
  • sett####.crashly####.com
  • www.googlea####.com
HTTP GET requests:
  • pu####.net/system/add_blip?app=####&platform=####&locales=####&act_uptim...
  • pu####.net/system/app_config
  • s####.puzz####.s3.####.com/bundles/bundles.africa-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.animals-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.artscrafts-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.asia-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.australiaoceania-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.boys-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.cultures-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.europe-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.fineart-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.food-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.girls-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.humanachievements-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.humans-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.kids-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.latinamerica-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.nature-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.northamerica-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.objects-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.premiumblend-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.sportactivities-thumb.jpg
  • s####.puzz####.s3.####.com/bundles/bundles.travel-thumb.jpg
  • s####.puzz####.s3.####.com/episodes.africansafari/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.amsterdam/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.ancientegypt/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.animalsmiles/image-0-169.jpg
  • s####.puzz####.s3.####.com/episodes.australia/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.austria/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.ballet/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.barcelona/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.baroque/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.berlin/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.burundi/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.camera/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.capetown/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.carpetsandrugs/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.carvings/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.classicism/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.concert/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.croatia/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.drawing/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.ethiopia/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.famoussculptures/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.fiji/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.finland/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-1-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-2-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-3-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-4-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-5-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-6-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-7-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-8-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/image-9-169.jpg
  • s####.puzz####.s3.####.com/episodes.free/thumb512-0.jpg
  • s####.puzz####.s3.####.com/episodes.free/thumb512-1.jpg
  • s####.puzz####.s3.####.com/episodes.free/thumb512-2.jpg
  • s####.puzz####.s3.####.com/episodes.frescoes/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.gbr/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.greece/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.hawaii/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.highrenaissance/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.instruments/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.italy/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.jazz/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.kenya/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.london/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.madagascar/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.mali/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.maoricarvings/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.marrakesh/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.metalsmith/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.mosaic/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.namibia/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.newzealand/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.norway/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.opera/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.paintings/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.papuanewguinea/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.pencils/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.petra/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.plist
  • s####.puzz####.s3.####.com/episodes.portugal/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.postimpressionism/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.potterymaking/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.prague/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.rome/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.russianchurches/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.rwanda/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.solomonislands/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.stonetown/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-0.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-1.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-2.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-3.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-4.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-5.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-6.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-7.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-8.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512-9.jpg
  • s####.puzz####.s3.####.com/episodes.swaziland/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.sweden/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.switzerland/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.sydney/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.tasmania/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.tripoli/thumb512.jpg
  • s####.puzz####.s3.####.com/episodes.zulu/thumb512.jpg
HTTP POST requests:
  • p####.chengdu####.cn/jzbdt/isio/w/xn
  • p####.chengdu####.cn/jzbdt/lbvq/mgwo
  • p####.chengdu####.cn/jzbdt/ng/ulk
  • pu####.net/auth/authorize_with_device_id
File system changes:
Creates the following files:
  • /data/data/####/0474854b62b288e9b330b19c00925e9c.0.tmp
  • /data/data/####/0474854b62b288e9b330b19c00925e9c.1.tmp
  • /data/data/####/05d8ef59a04f2da7617dbf539f8b34f9.0.tmp
  • /data/data/####/05d8ef59a04f2da7617dbf539f8b34f9.1.tmp
  • /data/data/####/07b025a34e469f78aeae729fae1ff6b0.0.tmp
  • /data/data/####/07b025a34e469f78aeae729fae1ff6b0.1.tmp
  • /data/data/####/083cb9a9956bf1ebef75f4dbdee19940.0.tmp
  • /data/data/####/083cb9a9956bf1ebef75f4dbdee19940.1.tmp
  • /data/data/####/0b11013e3656301f46a69eeba945116a.0.tmp
  • /data/data/####/0b11013e3656301f46a69eeba945116a.1.tmp
  • /data/data/####/0dfc782ef2c8ee9eccb2b29b9689bf3f.0.tmp
  • /data/data/####/0dfc782ef2c8ee9eccb2b29b9689bf3f.1.tmp
  • /data/data/####/0fc9cfacc390a2b5eeed5e0887701252.0.tmp
  • /data/data/####/0fc9cfacc390a2b5eeed5e0887701252.1.tmp
  • /data/data/####/132b33927edccd233ff9757c78052da1.0.tmp
  • /data/data/####/132b33927edccd233ff9757c78052da1.1.tmp
  • /data/data/####/15270afc35ece3756dede610955dccd7.0.tmp
  • /data/data/####/15270afc35ece3756dede610955dccd7.1.tmp
  • /data/data/####/17731b8f9fde34d99092a8c4e4c2ec08.0.tmp
  • /data/data/####/17731b8f9fde34d99092a8c4e4c2ec08.1.tmp
  • /data/data/####/18815fb36a24055445f126d8c320dc7f.0.tmp
  • /data/data/####/18815fb36a24055445f126d8c320dc7f.1.tmp
  • /data/data/####/1913d2d9837436409b1b16d1b5ae0104.0.tmp
  • /data/data/####/1913d2d9837436409b1b16d1b5ae0104.1.tmp
  • /data/data/####/196cb005c384a552b70e7226fce90660.0.tmp
  • /data/data/####/196cb005c384a552b70e7226fce90660.1.tmp
  • /data/data/####/19a233523450c57fdbc348ea7f925a6b.0.tmp
  • /data/data/####/19a233523450c57fdbc348ea7f925a6b.1.tmp
  • /data/data/####/1e2909ad41265cc97e6c7d6db5c2add9.0.tmp
  • /data/data/####/1e2909ad41265cc97e6c7d6db5c2add9.1.tmp
  • /data/data/####/2514a8666de5a8e8b7c669d567bb0217.0.tmp
  • /data/data/####/2514a8666de5a8e8b7c669d567bb0217.1.tmp
  • /data/data/####/29090791edcd9f74dee42fef00953eef.0.tmp
  • /data/data/####/29090791edcd9f74dee42fef00953eef.1.tmp
  • /data/data/####/29fb0b4f9021ef50a723138d0bbe678c.0.tmp
  • /data/data/####/29fb0b4f9021ef50a723138d0bbe678c.1.tmp
  • /data/data/####/2a3f6b0e91206067c38660d55056435e.0.tmp
  • /data/data/####/2a3f6b0e91206067c38660d55056435e.1.tmp
  • /data/data/####/2c5bc3360867994e8c9d6eebba5d0f1d.0.tmp
  • /data/data/####/2c5bc3360867994e8c9d6eebba5d0f1d.1.tmp
  • /data/data/####/30f2e7bdc0c544d89448eca77d7cd863.0.tmp
  • /data/data/####/30f2e7bdc0c544d89448eca77d7cd863.1.tmp
  • /data/data/####/318f11980f33946a8da95fdc0a2b350e.0.tmp
  • /data/data/####/318f11980f33946a8da95fdc0a2b350e.1.tmp
  • /data/data/####/32ef05d011599e9cd1c22d55e61f1c2d.0.tmp
  • /data/data/####/32ef05d011599e9cd1c22d55e61f1c2d.1.tmp
  • /data/data/####/33840b2d7be3d34f075b25be78f65eff.0.tmp
  • /data/data/####/33840b2d7be3d34f075b25be78f65eff.1.tmp
  • /data/data/####/3b2905f270c316c6a34283045ceece34.0.tmp
  • /data/data/####/3b2905f270c316c6a34283045ceece34.1.tmp
  • /data/data/####/3b37286946d103f89db404727045c0ce.0.tmp
  • /data/data/####/3b37286946d103f89db404727045c0ce.1.tmp
  • /data/data/####/3d3ddef34d9b66a27060f02839c168ee.0.tmp
  • /data/data/####/3d3ddef34d9b66a27060f02839c168ee.1.tmp
  • /data/data/####/4425e58e98c6b20ca1265ab4a5e29eb8.0.tmp
  • /data/data/####/4425e58e98c6b20ca1265ab4a5e29eb8.1.tmp
  • /data/data/####/4695761231220374875
  • /data/data/####/47b337e332d08af1ab8ff8a6b7d6d986.0.tmp
  • /data/data/####/47b337e332d08af1ab8ff8a6b7d6d986.1.tmp
  • /data/data/####/492973540654e1fa98ba20ea86118895.0.tmp
  • /data/data/####/492973540654e1fa98ba20ea86118895.1.tmp
  • /data/data/####/498480aedc7be77eea83fe0c00108068.0.tmp
  • /data/data/####/498480aedc7be77eea83fe0c00108068.1.tmp
  • /data/data/####/499f6cfd85a1369f052d71fefce952dd.0.tmp
  • /data/data/####/499f6cfd85a1369f052d71fefce952dd.1.tmp
  • /data/data/####/4a56dabf6da8e774f7f29645afbcb56b.0.tmp
  • /data/data/####/4a56dabf6da8e774f7f29645afbcb56b.1.tmp
  • /data/data/####/4b7e07e2a0bb8fedeab77d938096d22a.0.tmp
  • /data/data/####/4b7e07e2a0bb8fedeab77d938096d22a.1.tmp
  • /data/data/####/4bc18553a49c46e6e5d1e374745ccc25.0.tmp
  • /data/data/####/4bc18553a49c46e6e5d1e374745ccc25.1.tmp
  • /data/data/####/4c2170c2e1cf1fbc1cbbf02cf0aaf5db.0.tmp
  • /data/data/####/4c2170c2e1cf1fbc1cbbf02cf0aaf5db.1
  • /data/data/####/4d18f82d0d511d038863f7c36987ebb7.0.tmp
  • /data/data/####/4d18f82d0d511d038863f7c36987ebb7.1.tmp
  • /data/data/####/4fe9e84db788bdee43698e79cbf62207.0.tmp
  • /data/data/####/4fe9e84db788bdee43698e79cbf62207.1.tmp
  • /data/data/####/50975c95fcf00e3f1fcac7df3ab4a328.0.tmp
  • /data/data/####/50975c95fcf00e3f1fcac7df3ab4a328.1.tmp
  • /data/data/####/534036092aa5e3b27394eb9356ab6949.0.tmp
  • /data/data/####/534036092aa5e3b27394eb9356ab6949.1.tmp
  • /data/data/####/549161f8fcb46777b0af944f7c74c599.0.tmp
  • /data/data/####/549161f8fcb46777b0af944f7c74c599.1.tmp
  • /data/data/####/59600dbb782c6ceeff2ee25b6e084a8e.0.tmp
  • /data/data/####/59600dbb782c6ceeff2ee25b6e084a8e.1.tmp
  • /data/data/####/59c5c97f002847fedeb1d5d343effae0.0.tmp
  • /data/data/####/59c5c97f002847fedeb1d5d343effae0.1.tmp
  • /data/data/####/59f831ac03c787d99a305d9b5b50f078.0.tmp
  • /data/data/####/59f831ac03c787d99a305d9b5b50f078.1.tmp
  • /data/data/####/5D64B72E006D-0001-0878-D5E882A11E7ABeginSession.cls_temp
  • /data/data/####/5D64B72E006D-0001-0878-D5E882A11E7ASessionApp.cls_temp
  • /data/data/####/5D64B72E006D-0001-0878-D5E882A11E7ASessionDevice.cls_temp
  • /data/data/####/5D64B72E006D-0001-0878-D5E882A11E7ASessionOS.cls_temp
  • /data/data/####/5D64B72E0277-0001-08A0-D5E882A11E7ABeginSession.cls_temp
  • /data/data/####/5D64B72E0277-0001-08A0-D5E882A11E7ASessionApp.cls_temp
  • /data/data/####/5D64B72E0277-0001-08A0-D5E882A11E7ASessionDevice.cls_temp
  • /data/data/####/5D64B72E0277-0001-08A0-D5E882A11E7ASessionOS.cls
  • /data/data/####/5b08f737f98c8312435f43f9ae3d0051.0.tmp
  • /data/data/####/5b08f737f98c8312435f43f9ae3d0051.1.tmp
  • /data/data/####/5bb199fa7e3daf1a0428130e05bb1b80.0.tmp
  • /data/data/####/5bb199fa7e3daf1a0428130e05bb1b80.1
  • /data/data/####/5c18be7ed58eb5609b631be5bb9d6c99.0.tmp
  • /data/data/####/5c18be7ed58eb5609b631be5bb9d6c99.1.tmp
  • /data/data/####/5c67ba28baf66a5600e24e11c7da3e43.0.tmp
  • /data/data/####/5c67ba28baf66a5600e24e11c7da3e43.1.tmp
  • /data/data/####/5e9f0521a44f48f8a30a12365977a848.0.tmp
  • /data/data/####/5e9f0521a44f48f8a30a12365977a848.1.tmp
  • /data/data/####/644baa51b1050fcfc25df95ba0c413ef.0.tmp
  • /data/data/####/644baa51b1050fcfc25df95ba0c413ef.1.tmp
  • /data/data/####/6816ea0ad955a48972bacf7afbf3730c.0.tmp
  • /data/data/####/6816ea0ad955a48972bacf7afbf3730c.1.tmp
  • /data/data/####/6939a2935c9cb4644b0964be12ba8f3c.0.tmp
  • /data/data/####/6939a2935c9cb4644b0964be12ba8f3c.1
  • /data/data/####/6d809a24a93260f96cd181d0ef2dc060.0.tmp
  • /data/data/####/6d809a24a93260f96cd181d0ef2dc060.1.tmp
  • /data/data/####/6ed2b2783f7057d09d6438bd535932c5.0.tmp
  • /data/data/####/6ed2b2783f7057d09d6438bd535932c5.1.tmp
  • /data/data/####/7205a9687f546d05448247afc763c0b5.0.tmp
  • /data/data/####/7205a9687f546d05448247afc763c0b5.1.tmp
  • /data/data/####/73b3e70ce5b7138064109a63247b7522.0.tmp
  • /data/data/####/73b3e70ce5b7138064109a63247b7522.1.tmp
  • /data/data/####/778e717c26f353a5400623e03b4bd990.0.tmp
  • /data/data/####/778e717c26f353a5400623e03b4bd990.1.tmp
  • /data/data/####/77e6b56af06895c5082fbca41aeca470.0.tmp
  • /data/data/####/77e6b56af06895c5082fbca41aeca470.1.tmp
  • /data/data/####/7976a698cee25e34e7ff01cbdb081f87.0.tmp
  • /data/data/####/7976a698cee25e34e7ff01cbdb081f87.1.tmp
  • /data/data/####/7aed32f4b6670dd5f4b71b56c3fcbb30.0.tmp
  • /data/data/####/7aed32f4b6670dd5f4b71b56c3fcbb30.1.tmp
  • /data/data/####/7d229a4b46a8a5c89fb43846343db9ab.0.tmp
  • /data/data/####/7d229a4b46a8a5c89fb43846343db9ab.1.tmp
  • /data/data/####/817b42c57a8b3424568ae12717cbbffa.0.tmp
  • /data/data/####/817b42c57a8b3424568ae12717cbbffa.1.tmp
  • /data/data/####/894d8601435eacb593d47e8140fb127a.0.tmp
  • /data/data/####/894d8601435eacb593d47e8140fb127a.1.tmp
  • /data/data/####/8aee255549edfefc2428dd6a10d32bdf.0.tmp
  • /data/data/####/8aee255549edfefc2428dd6a10d32bdf.1.tmp
  • /data/data/####/8c890061488243b754e80e9f3d3eea54.0.tmp
  • /data/data/####/8c890061488243b754e80e9f3d3eea54.1.tmp
  • /data/data/####/8f93f6b4733071fc5f5499e941614d2f.0.tmp
  • /data/data/####/8f93f6b4733071fc5f5499e941614d2f.1.tmp
  • /data/data/####/91342eb8dd186dc52ae6203aadf246b4.0.tmp
  • /data/data/####/91342eb8dd186dc52ae6203aadf246b4.1.tmp
  • /data/data/####/922a617af87dbbf7e84b6923ffa20082.0.tmp
  • /data/data/####/922a617af87dbbf7e84b6923ffa20082.1.tmp
  • /data/data/####/980fc330be13f02c5678cd6e64beae95.0.tmp
  • /data/data/####/980fc330be13f02c5678cd6e64beae95.1.tmp
  • /data/data/####/98d1cadb955e0bec5d7b42f3e9bb3913.0.tmp
  • /data/data/####/98d1cadb955e0bec5d7b42f3e9bb3913.1.tmp
  • /data/data/####/AppEventsLogger.persistedsessioninfo
  • /data/data/####/ApplicationCache.db-journal
  • /data/data/####/TwitterAdvertisingInfoPreferences.xml
  • /data/data/####/a38dff087eecd552ced4bab2e2d2ce59.0.tmp
  • /data/data/####/a38dff087eecd552ced4bab2e2d2ce59.1.tmp
  • /data/data/####/a7141b0f3376daff4c3d9b63e2f30aac.0.tmp
  • /data/data/####/a7141b0f3376daff4c3d9b63e2f30aac.1.tmp
  • /data/data/####/a82b7e4f356dbbe44717d5023b6e796c.0.tmp
  • /data/data/####/a82b7e4f356dbbe44717d5023b6e796c.1.tmp
  • /data/data/####/ac40485d9538eacc4df0893a75c3a9ea.0.tmp
  • /data/data/####/ac40485d9538eacc4df0893a75c3a9ea.1.tmp
  • /data/data/####/ads-513440857.jar
  • /data/data/####/b4610473132cd5ad0a4043c75fe01959.0.tmp
  • /data/data/####/b4610473132cd5ad0a4043c75fe01959.1.tmp
  • /data/data/####/b5e0cb12b5073f482b9d57a02965cc64.0.tmp
  • /data/data/####/b5e0cb12b5073f482b9d57a02965cc64.1.tmp
  • /data/data/####/b5fe832f018b5488744dad153cdca8a4.0.tmp
  • /data/data/####/b5fe832f018b5488744dad153cdca8a4.1.tmp
  • /data/data/####/b7a0615fc14d703ad36c1ed7742a9106.0.tmp
  • /data/data/####/b7a0615fc14d703ad36c1ed7742a9106.1.tmp
  • /data/data/####/b8270fc93f6a6bdb37064ef08dfedaf1.0.tmp
  • /data/data/####/b8270fc93f6a6bdb37064ef08dfedaf1.1.tmp
  • /data/data/####/bd793782680e04c8d1dd96e478a02b77.0.tmp
  • /data/data/####/bd793782680e04c8d1dd96e478a02b77.1.tmp
  • /data/data/####/bfb907b7b0ca575643a1e8995c9c77d1.0.tmp
  • /data/data/####/bfb907b7b0ca575643a1e8995c9c77d1.1.tmp
  • /data/data/####/buffer1
  • /data/data/####/c0b2badeeb6d295dbbc7496a3206759d.0.tmp
  • /data/data/####/c0b2badeeb6d295dbbc7496a3206759d.1.tmp
  • /data/data/####/c1e5f3bbb36a05be465e231ea518c147.0.tmp
  • /data/data/####/c1e5f3bbb36a05be465e231ea518c147.1.tmp
  • /data/data/####/c3c5bea3b6dfa9b5b7d2430399e0a099.0.tmp
  • /data/data/####/c3c5bea3b6dfa9b5b7d2430399e0a099.1.tmp
  • /data/data/####/c45c8293c282cc7bf1eb022543fce613.0.tmp
  • /data/data/####/c45c8293c282cc7bf1eb022543fce613.1.tmp
  • /data/data/####/c6c8d49f23eda5d057e894d0fefc73c2.0.tmp
  • /data/data/####/c6c8d49f23eda5d057e894d0fefc73c2.1.tmp
  • /data/data/####/c7558449236d9fba14045555fc9ab466.0.tmp
  • /data/data/####/c7558449236d9fba14045555fc9ab466.1.tmp
  • /data/data/####/c8accc5e0b880ae578170cef087257be.0.tmp
  • /data/data/####/c8accc5e0b880ae578170cef087257be.1.tmp
  • /data/data/####/cb7ed7077e96605ab9dba6f9ce748527.0.tmp
  • /data/data/####/cb7ed7077e96605ab9dba6f9ce748527.1.tmp
  • /data/data/####/cfbeb0b871f6a75c21034d2d16cd293d.0.tmp
  • /data/data/####/cfbeb0b871f6a75c21034d2d16cd293d.1.tmp
  • /data/data/####/com.crashlytics.prefs.xml
  • /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
  • /data/data/####/com.crashlytics.settings.json
  • /data/data/####/com.facebook.internal.preferences.APP_SETTINGS.xml
  • /data/data/####/com.facebook.sdk.appEventPreferences.xml
  • /data/data/####/com.facebook.sdk.attributionTracking.xml
  • /data/data/####/d2c9ddb60befc3b69ee55e8165935020.0.tmp
  • /data/data/####/d2c9ddb60befc3b69ee55e8165935020.1.tmp
  • /data/data/####/d414844333919feb5321a13dba2e40f3.0.tmp
  • /data/data/####/d414844333919feb5321a13dba2e40f3.1.tmp
  • /data/data/####/da0e60f49d84d8df529a16274f75d94a.0.tmp
  • /data/data/####/da0e60f49d84d8df529a16274f75d94a.1.tmp
  • /data/data/####/data_0
  • /data/data/####/data_1
  • /data/data/####/data_2
  • /data/data/####/data_3
  • /data/data/####/deeaa4e56288c669e0217df5b5478c9f.0.tmp
  • /data/data/####/deeaa4e56288c669e0217df5b5478c9f.1.tmp
  • /data/data/####/dsi.xml
  • /data/data/####/e1dc3b521d11aa4d43c39ad55632bde3.0.tmp
  • /data/data/####/e1dc3b521d11aa4d43c39ad55632bde3.1.tmp
  • /data/data/####/e36f69f47ee780d469fef6fa51faf25f.0.tmp
  • /data/data/####/e36f69f47ee780d469fef6fa51faf25f.1.tmp
  • /data/data/####/e53340d96573f9a6857e4f83829bc817.0.tmp
  • /data/data/####/e53340d96573f9a6857e4f83829bc817.1.tmp
  • /data/data/####/e5e83046ea9bd960374da2924b7731a0.0.tmp
  • /data/data/####/e5e83046ea9bd960374da2924b7731a0.1.tmp
  • /data/data/####/f00a33e22534144528d08cc12fc22940.0.tmp
  • /data/data/####/f00a33e22534144528d08cc12fc22940.1.tmp
  • /data/data/####/f01fe877ddb99e22c67ff772cc3209d0.0.tmp
  • /data/data/####/f01fe877ddb99e22c67ff772cc3209d0.1.tmp
  • /data/data/####/f053052c1141a93163b6e7d21a311965.0.tmp
  • /data/data/####/f053052c1141a93163b6e7d21a311965.1.tmp
  • /data/data/####/f0f92caea17ac9287f92b92a6869e7fb.0.tmp
  • /data/data/####/f0f92caea17ac9287f92b92a6869e7fb.1.tmp
  • /data/data/####/f429f682f6b4038ae63dae681d71f326.0.tmp
  • /data/data/####/f429f682f6b4038ae63dae681d71f326.1.tmp
  • /data/data/####/f81f48dee6b941b0781786c5574678b4.0.tmp
  • /data/data/####/f81f48dee6b941b0781786c5574678b4.1.tmp
  • /data/data/####/f96431f6afcded8f1f812b3e4e799ceb.0.tmp
  • /data/data/####/f96431f6afcded8f1f812b3e4e799ceb.1.tmp
  • /data/data/####/fcf2e2d224bcca9d9c18fa2b22095d7b.0.tmp
  • /data/data/####/fcf2e2d224bcca9d9c18fa2b22095d7b.1.tmp
  • /data/data/####/google_conversion_tracking.db-journal
  • /data/data/####/google_nonrepeatable_conversion.xml
  • /data/data/####/help_balance
  • /data/data/####/index
  • /data/data/####/initialization_marker
  • /data/data/####/io.fabric.sdk.android;fabric;io.fabric.sdk.andr...leted)
  • /data/data/####/io.fabric.sdk.android;fabric;io.fabric.sdk.andr...ng.xml
  • /data/data/####/journal.tmp
  • /data/data/####/kr.xml
  • /data/data/####/main_prefs.xml
  • /data/data/####/puzzli_prefs.xml
  • /data/data/####/session_analytics.tap
  • /data/data/####/session_analytics.tap (deleted)
  • /data/data/####/session_analytics.tap.tmp
  • /data/data/####/t_u.db-journal
  • /data/data/####/ti.jar
  • /data/data/####/uz.jar
  • /data/data/####/vl.xml
  • /data/data/####/webview.db-journal
  • /data/data/####/webviewCookiesChromium.db-journal
  • /data/data/####/www.googleadservices.com.443
  • /data/media/####/episodes.plist
  • /data/media/####/image-episodes.animalsmiles-0-v0.jpg
  • /data/media/####/image-episodes.free-1-v4.jpg
  • /data/media/####/image-episodes.free-2-v2.jpg
  • /data/media/####/image-episodes.free-3-v1.jpg
  • /data/media/####/image-episodes.free-4-v1.jpg
  • /data/media/####/image-episodes.free-5-v1.jpg
  • /data/media/####/image-episodes.free-6-v1.jpg
  • /data/media/####/image-episodes.free-7-v5.jpg
  • /data/media/####/image-episodes.free-8-v2.jpg
  • /data/media/####/image-episodes.free-9-v1.jpg
Miscellaneous:
Loads the following dynamic libraries:
  • _g347
Uses the following algorithms to encrypt data:
  • AES-ECB-PKCS7Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Displays its own windows over windows of other apps.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play