Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.BankBot.6317

Added to the Dr.Web virus database: 2021-01-13

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.612.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) sqs.ap-nort####.amazo####.com:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.2) 1####.217.17.142:443
  • TCP(TLS/1.2) p####.google####.com:443
  • TCP(TLS/1.2) 1####.217.20.106:443
  • TCP(TLS/1.2) 1####.217.19.195:443
DNS requests:
  • and####.google####.com
  • android####.go####.com
  • instant####.google####.com
  • md####.google####.com
  • p####.google####.com
  • sqs.ap-nort####.amazo####.com
File system changes:
Creates the following files:
  • /data/data/####/.com_ubadwwoydpnzyvf_kdszntbimhl.meta
  • /data/data/####/.dex
  • /data/data/####/.dex.flock (deleted)
  • /data/data/####/150021
  • /data/data/####/19
  • /data/data/####/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.dex
  • /data/data/####/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.dex.flock (deleted)
  • /data/data/####/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.zip
  • /data/data/####/2021-01-13PM010110.str
  • /data/data/####/2021-01-13PM010113.vm
  • /data/data/####/2021-01-13PM010116.str
  • /data/data/####/2021-01-13PM010119.vm
  • /data/data/####/2021-01-13PM010122.str
  • /data/data/####/2021-01-13PM010124.vm
  • /data/data/####/2021-01-13PM010126.str
  • /data/data/####/2021-01-13PM010132.str
  • /data/data/####/2021-01-13PM010134.vm
  • /data/data/####/2021-01-13PM010137.str
  • /data/data/####/2021-01-13PM010140.vm
  • /data/data/####/2021-01-13PM010142.str
  • /data/data/####/2021-01-13PM010147.str
  • /data/data/####/2021-01-13PM010151.vm
  • /data/data/####/2021-01-13PM010153.str
  • /data/data/####/2021-01-13PM010156.vm
  • /data/data/####/2021-01-13PM010158.str
  • /data/data/####/2021-01-13PM010201.vm
  • /data/data/####/2021-01-13PM010204.str
  • /data/data/####/2021-01-13PM010207.vm
  • /data/data/####/2021-01-13PM010210.str
  • /data/data/####/2021-01-13PM010212.vm
  • /data/data/####/2021-01-13PM010216.str
  • /data/data/####/2021-01-13PM010222.vm
  • /data/data/####/2021-01-13PM010228.str
  • /data/data/####/2021-01-13PM010235.vm
  • /data/data/####/2021-01-13PM010238.str
  • /data/data/####/2021-01-13PM010241.vm
  • /data/data/####/2021-01-13PM010244.str
  • /data/data/####/2021-01-13PM010246.vm
  • /data/data/####/2021-01-13PM010248.str
  • /data/data/####/2021-01-13PM010250.vm
  • /data/data/####/2021-01-13PM010253.str
  • /data/data/####/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.dex
  • /data/data/####/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.dex.flock (deleted)
  • /data/data/####/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.zip
  • /data/data/####/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.dex
  • /data/data/####/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.dex.flock (deleted)
  • /data/data/####/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.zip
  • /data/data/####/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex
  • /data/data/####/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex.flock (deleted)
  • /data/data/####/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.dex
  • /data/data/####/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.dex.flock (deleted)
  • /data/data/####/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.zip
  • /data/data/####/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.dex
  • /data/data/####/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.dex.flock (deleted)
  • /data/data/####/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.zip
  • /data/data/####/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.dex
  • /data/data/####/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.dex.flock (deleted)
  • /data/data/####/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.zip
  • /data/data/####/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.dex
  • /data/data/####/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.dex.flock (deleted)
  • /data/data/####/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.zip
  • /data/data/####/E2Y8SLO21BPZP9776SQHV5BI36627MS.dex
  • /data/data/####/E2Y8SLO21BPZP9776SQHV5BI36627MS.dex.flock (deleted)
  • /data/data/####/E2Y8SLO21BPZP9776SQHV5BI36627MS.zip
  • /data/data/####/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.dex
  • /data/data/####/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.dex.flock (deleted)
  • /data/data/####/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.zip
  • /data/data/####/GSWM2ZYWFTBTZB9P42CJHFXODO0W5WU.dex
  • /data/data/####/GSWM2ZYWFTBTZB9P42CJHFXODO0W5WU.dex.flock (deleted)
  • /data/data/####/GSWM2ZYWFTBTZB9P42CJHFXODO0W5WU.zip
  • /data/data/####/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.dex
  • /data/data/####/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.dex.flock (deleted)
  • /data/data/####/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.zip
  • /data/data/####/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.dex
  • /data/data/####/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.dex.flock (deleted)
  • /data/data/####/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.zip
  • /data/data/####/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.dex
  • /data/data/####/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.dex.flock (deleted)
  • /data/data/####/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.zip
  • /data/data/####/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.dex
  • /data/data/####/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.dex.flock (deleted)
  • /data/data/####/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.zip
  • /data/data/####/Sealing_reports_time
  • /data/data/####/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.dex
  • /data/data/####/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.dex.flock (deleted)
  • /data/data/####/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.zip
  • /data/data/####/UWZEGZ08EET9QW4HFY3WJNN0ZOEPF9C.zip
  • /data/data/####/V5SRLOL5J3YMF9PY8N05OC09OTN282D.dex
  • /data/data/####/V5SRLOL5J3YMF9PY8N05OC09OTN282D.dex.flock (deleted)
  • /data/data/####/V5SRLOL5J3YMF9PY8N05OC09OTN282D.zip
  • /data/data/####/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.dex
  • /data/data/####/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.dex.flock (deleted)
  • /data/data/####/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.zip
  • /data/data/####/aws_classes.dex
  • /data/data/####/aws_classes.dex.flock (deleted)
  • /data/data/####/proc_auxv
  • /data/data/####/sealed1.obk
  • /data/data/####/sealeh.bdc
  • /data/data/####/settings.xml
  • /data/data/####/settings.xml.bak
  • /data/data/####/settings.xml.bak (deleted)
  • /data/data/####/stat1
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex --compiler-filter=verify-none --instruction-set=x86_64
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/E2Y8SLO21BPZP9776SQHV5BI36627MS.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/E2Y8SLO21BPZP9776SQHV5BI36627MS.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/GSWM2ZYWFTBTZB9P42CJHFXODO0W5WU.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/GSWM2ZYWFTBTZB9P42CJHFXODO0W5WU.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/UWZEGZ08EET9QW4HFY3WJNN0ZOEPF9C.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/UWZEGZ08EET9QW4HFY3WJNN0ZOEPF9C.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/V5SRLOL5J3YMF9PY8N05OC09OTN282D.zip --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/V5SRLOL5J3YMF9PY8N05OC09OTN282D.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.zip --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_dex/aws_classes.dex --oat-fd=34 --oat-location=/data/user/0/<Package>/app_outdex/aws_classes.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/.dex --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/.dex --oat-fd=38 --oat-location=/data/user/0/<Package>/cache/<Package>/.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex --oat-fd=37 --oat-location=/data/user/0/<Package>/cache/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex --compiler-filter=speed
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>/.dex
  • chmod 777 /data/user/0/<Package>/app_payload_lib/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex
  • chmod 777 /data/user/0/<Package>/oat/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/E2Y8SLO21BPZP9776SQHV5BI36627MS.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/GSWM2ZYWFTBTZB9P42CJHFXODO0W5WU.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/V5SRLOL5J3YMF9PY8N05OC09OTN282D.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.zip.cur.prof
  • chmod 777 /data/user/0/<Package>/oat/arm/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/E2Y8SLO21BPZP9776SQHV5BI36627MS.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/E2Y8SLO21BPZP9776SQHV5BI36627MS.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/V5SRLOL5J3YMF9PY8N05OC09OTN282D.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/V5SRLOL5J3YMF9PY8N05OC09OTN282D.vdex
  • chmod 777 /data/user/0/<Package>/oat/arm/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.odex
  • chmod 777 /data/user/0/<Package>/oat/arm/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.vdex
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/1BMLBEVNLLC0LVRGI1E3AYQRANDOICZ.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/2CFECN0KQYXTIKOHNQ3OF7R4NW6TNTG.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/2MMSGLOIL7TVH17RMWYTZ932J2YMNI4.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/42T821QEKGJ7S2QZL0P6L1DAHE0NLNI.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/7DONT8LLJVQQVT1Y4Z05KSGTWHFA4UH.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/9LPZB0JHSYC2C0UQPZ90QK6TELHLQLB.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/ACBU8BGW22HXUOOXBYJGVBFSV4IHVDK.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/E2Y8SLO21BPZP9776SQHV5BI36627MS.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/FTK39CLXBFAA7H1YSR0X0CKHKP7YSEL.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/GSWM2ZYWFTBTZB9P42CJHFXODO0W5WU.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/L9LVJK3X8Q46SK6QLB90M0MD299DMXV.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/PXX7NSJP020EKSIQ5F98Y0MLY5DP693.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/RHGFHGLDR72EN1DYO30DWCG1SDJ6O6P.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/RNB1X6T3UKM8UAK83PFAKU8RSN7J4J5.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/T91BF8J9KA8A4866939S2KQ1AHLHAHZ.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/V5SRLOL5J3YMF9PY8N05OC09OTN282D.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/YCZEWB0W2ELTMGOHR2BSZF7SB0AHBTW.zip
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/.dex
  • cp /data/user/0/<Package>/app_payload_lib/aws_classes.dex /data/user/0/<Package>/app_payload_lib/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex
  • rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dbk
  • rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dex
  • rm /data/user/0/<Package>/app_payload_lib/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex
  • sh -c /system/bin/dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex --compiler-filter=verify-none --instruction-set=x86_64
  • sh -c rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dbk
  • sh -c rm /data/user/0/<Package>/app_payload_lib/<Package>/*.dex
  • touch -t 19700101.030000 /data/user/0/<Package>/cache/<Package>/.dex
  • touch -t 20160801.002000 /data/user/0/<Package>/app_payload_lib/<Package>/.dex
  • touch -t 20160801.002000 /data/user/0/<Package>/app_payload_lib/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex
  • touch -t 20210113.130111 /data/user/0/<Package>/cache/<Package>/3DNIOZB6NP81TC9UIXGVTTTRZWUFIPLP.dex
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about active device administrators.
Gets information about installed apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
Gets information about sent/received SMS.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android