Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.DownLoader.5051

Added to the Dr.Web virus database: 2021-05-12

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Backdoor.719.origin
  • Android.Click.311.origin
  • Android.DownLoader.906.origin
  • Android.Mobifun.29.origin
  • Android.Mobifun.30.origin
  • Android.Mobifun.32.origin
  • Android.RemoteCode.306.origin
  • Android.RemoteCode.6122
  • Android.SmsBot.727.origin
  • Android.SmsBot.752.origin
  • Android.Triada.4567
  • Android.Triada.4937
  • Android.Triada.510.origin
  • Android.Triada.537.origin
  • Android.Triada.553.origin
  • Android.Triada.566.origin
  • Android.Xiny.293.origin
  • Android.Xiny.5386
  • Android.Xiny.5549
Downloads the following detected threats from the Internet:
  • Android.Backdoor.719.origin
  • Android.Mobifun.32.origin
  • Android.RemoteCode.306.origin
  • Android.RemoteCode.6122
  • Android.SmsBot.752.origin
  • Android.Triada.510.origin
  • Android.Triada.553.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) 1####.216.18.240:80
  • TCP(HTTP/1.1) api.applove####.com:80
  • TCP(HTTP/1.1) x####.g####.com:8808
  • TCP(HTTP/1.1) z.c####.com:80
  • TCP(HTTP/1.1) d.moce####.com:80
  • TCP(HTTP/1.1) d####.dd7####.com:80
  • TCP(HTTP/1.1) 3####.i####.com:12310
  • TCP(HTTP/1.1) c####.howdo####.net:80
  • TCP(HTTP/1.1) 13.2####.16.115:8081
  • TCP(HTTP/1.1) sty.zk####.com:80
  • TCP(HTTP/1.1) api.bi####.com:80
  • TCP(HTTP/1.1) w####.xiaoshu####.net:80
  • TCP(HTTP/1.1) api.pla####.com:80
  • TCP(HTTP/1.1) 1####.200.16.77:80
  • TCP(HTTP/1.1) 45.79.2####.161:80
  • TCP(HTTP/1.1) log.koapk####.com:80
  • TCP(HTTP/1.1) hw9####.new####.com:80
  • TCP(HTTP/1.1) lo####.suibyu####.com:80
  • TCP(HTTP/1.1) d.moce####.com:9091
  • TCP(HTTP/1.1) v####.6####.com:12310
  • TCP(HTTP/1.1) jz####.mc####.com:12029
  • TCP(HTTP/1.1) momo####.oss-ap-####.aliy####.com:80
  • TCP(TLS/1.0) trac####.yoh####.com:443
  • TCP(TLS/1.0) tpc.googles####.com:443
  • TCP(TLS/1.0) md####.google####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) g####.yeah####.top:443
  • TCP(TLS/1.0) f####.gst####.com:443
  • TCP(TLS/1.0) app.ad####.com:443
  • TCP(TLS/1.0) fo####.site:443
  • TCP(TLS/1.0) googl####.g.doublec####.net:443
  • TCP(TLS/1.0) wcf.seven####.com:443
  • TCP(TLS/1.0) android####.go####.com:443
  • TCP(TLS/1.0) adser####.go####.nl:443
  • TCP(TLS/1.0) lp.xl####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) 2####.58.214.10:443
  • TCP(TLS/1.0) instant####.google####.com:443
  • TCP(TLS/1.0) trac####.globale####.net:443
  • TCP(TLS/1.0) pag####.googles####.com:443
  • TCP(TLS/1.0) securep####.g.doublec####.net:443
  • TCP(TLS/1.0) adser####.go####.com:443
  • TCP(TLS/1.0) f####.google####.com:443
  • TCP(TLS/1.0) gd.a.s####.com:443
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) cdn.amppro####.org:443
  • TCP(TLS/1.0) 51750ca####.safef####.googles####.com:443
  • TCP(TLS/1.0) z.c####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.2) 2####.58.214.10:443
  • TCP(TLS/1.2) 64.2####.165.94:443
  • TCP(TLS/1.2) 64.2####.165.113:443
DNS requests:
  • 3####.i####.com
  • 51750ca####.safef####.googles####.com
  • adser####.go####.com
  • adser####.go####.nl
  • ai.adta####.tech
  • and####.google####.com
  • android####.go####.com
  • api.applove####.com
  • api.bi####.com
  • api.dc.tkcre####.com
  • api.pla####.com
  • api.s####.com
  • app.ad####.com
  • c####.howdo####.net
  • cdn.amppro####.org
  • d####.dd7####.com
  • d.moce####.com
  • f####.google####.com
  • f####.gst####.com
  • fo####.site
  • g####.yeah####.top
  • googl####.g.doublec####.net
  • hw9####.new####.com
  • instant####.google####.com
  • jz####.mc####.com
  • lo####.applove####.com
  • lo####.suibyu####.com
  • log.koapk####.com
  • lp.xl####.com
  • md####.google####.com
  • momo####.oss-ap-####.aliy####.com
  • ne####.s####.com
  • p####.google####.com
  • pag####.googles####.com
  • pv.s####.com
  • securep####.g.doublec####.net
  • sty.zk####.com
  • tpc.googles####.com
  • trac####.globale####.net
  • trac####.yoh####.com
  • v####.6####.com
  • w####.xiaoshu####.net
  • wcf.seven####.com
  • www.go####.com
  • www.google-####.com
  • www.googlet####.com
  • x####.g####.com
  • x####.g####.com
  • z12.c####.com
  • z2.c####.com
  • z3.c####.com
  • z5.c####.com
  • z9.c####.com
HTTP GET requests:
  • api.applove####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=##...
  • api.applove####.com/api/v3/template/get?slot_id=####&update_time=####&us...
  • api.pla####.com/api/v3/cache/get?osv=####&srnc=####&token=####&ds=####&a...
  • api.pla####.com/api/v3/template/get?slot_id=####&update_time=####&user_i...
  • c####.howdo####.net/aff_c?offer_id=####&affiliate_id=####&aff_sub2=####&...
  • d####.dd7####.com/upload/hw/D10049dex20190529.jar
  • d####.dd7####.com/upload/hw/batdex20191010.jar
  • d####.dd7####.com/upload/hw/c1005dex20190527.jar
  • d####.dd7####.com/upload/hw/kklz02dex20200414.jar
  • d####.dd7####.com/upload/hw/lsdk20200506.jar
  • d####.dd7####.com/upload/plog/game1212.jar
  • d####.dd7####.com/upload/plog/jar20190515.jar
  • d####.dd7####.com/upload/plog/kk20201106.jar
  • d####.dd7####.com/upload/plog/sdk0406.jar
  • d####.dd7####.com/upload/plog/skk20210416.jar
  • d####.dd7####.com/upload/plog/yeah0510.jar
  • lo####.suibyu####.com/android/v1/impression?slot=####&doimp=####&pkg=###...
  • momo####.oss-ap-####.aliy####.com/210425113816/1.0.txt
  • w####.xiaoshu####.net/dtbx/xingchuang/app.zip
  • w####.xiaoshu####.net/dtbx/yeahmobi/app-release-0317.zip
  • w####.xiaoshu####.net/plugins/dp2.zip
  • w####.xiaoshu####.net/plugins/yz058Uc2.zip
  • x####.g####.com:8808/a/e?a=####
  • z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP POST requests:
  • 3####.i####.com:12310/el206fx/
  • api.bi####.com/un
  • d.moce####.com/wap/gateway
  • d.moce####.com:9091/wap/gateway
  • hw9####.new####.com/api/activite
  • hw9####.new####.com/api/tbdynamic
  • jz####.mc####.com:12029/hfdlls/
  • jz####.mc####.com:12029/i3v8nb/
  • jz####.mc####.com:12029/lfkdnr/
  • lo####.suibyu####.com/android/v2/click_redirect
  • log.koapk####.com/pgm/sr/gm/gy
  • sty.zk####.com/cc/v1/api?sid=####
  • v####.6####.com:12310/l7bpbnl/
  • v####.6####.com:12310/meq3r3z/
  • x####.g####.com:8808/a/f
File system changes:
Creates the following files:
  • /data/data/####/1.dex
  • /data/data/####/1.dex.flock (deleted)
  • /data/data/####/1.jar
  • /data/data/####/1D2ECA4D2366CF6371FF735881567A01
  • /data/data/####/1D95872AE5BCFEEFF85B388290627801.dex
  • /data/data/####/1D95872AE5BCFEEFF85B388290627801.dex.flock (deleted)
  • /data/data/####/20210508103554.1
  • /data/data/####/20210508103554.dex
  • /data/data/####/20210508103554.dex.flock (deleted)
  • /data/data/####/6342d0610af80df61be9346badebbf04.d
  • /data/data/####/7DE4241D35CEF7E9538EE9A915D72F90.dex
  • /data/data/####/7DE4241D35CEF7E9538EE9A915D72F90.dex.flock (deleted)
  • /data/data/####/7DE4241D35CEF7E9538EE9A915D72F90.jar
  • /data/data/####/7cfba443c7065e4f87058f05b248403d.d
  • /data/data/####/8868e3b0215cba35ff1c9f4ff5c9df77
  • /data/data/####/A690152C11F2E473CA1264F4658AC6C0
  • /data/data/####/Cookies
  • /data/data/####/Cookies-journal
  • /data/data/####/D10049dex20190529.dex
  • /data/data/####/D10049dex20190529.dex.flock (deleted)
  • /data/data/####/D65878406D1F1FEEDCF1DD90B285B627.dex
  • /data/data/####/D65878406D1F1FEEDCF1DD90B285B627.dex.flock (deleted)
  • /data/data/####/D8BD5B5F8F0AD67AAE2181E3339D1C2F.dex
  • /data/data/####/D8BD5B5F8F0AD67AAE2181E3339D1C2F.dex.flock (deleted)
  • /data/data/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.dex
  • /data/data/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.dex.flock (deleted)
  • /data/data/####/MobikokCommonConfig.xml
  • /data/data/####/MobikokDeviceConfig.xml
  • /data/data/####/RDEwMjM5_iuy_data.xml
  • /data/data/####/RDEwMjM5_uuid_data.xml
  • /data/data/####/RDEwMjMz_iuy_data.xml
  • /data/data/####/RDEwMjMz_uuid_data.xml
  • /data/data/####/Web Data
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/as_aa.xml
  • /data/data/####/as_aa.xml.bak (deleted)
  • /data/data/####/base.apk
  • /data/data/####/base.dex
  • /data/data/####/base.dex.flock (deleted)
  • /data/data/####/batdex20191010.dex
  • /data/data/####/batdex20191010.dex.flock (deleted)
  • /data/data/####/by_dis_sadfsadfads.xml
  • /data/data/####/by_rewfrenfio2pj.ertwe
  • /data/data/####/by_werjklgewjrfer.xml
  • /data/data/####/by_werjklgewjrfer.xml.bak
  • /data/data/####/c1005dex20190527.dex
  • /data/data/####/c1005dex20190527.dex.flock (deleted)
  • /data/data/####/c34a4c3h54e6_TYUYRTTYT
  • /data/data/####/c34a4c3h54e6_ntyjbsdr
  • /data/data/####/c34a4c3h54e6_z5h768e5n89g768x0u87e0j7i8a56756o....7c567e
  • /data/data/####/c778d6c1fcb9438e9790f0d4927c26ee
  • /data/data/####/com.cc.fea.fewe.try.の.s3u4b34f3f4_YUIYTRYUT
  • /data/data/####/com.cc.iuo.fefew.try.の.s3u4b34f3f4_btybgfbjgf
  • /data/data/####/com.samantha.ferdinand;mass_ct_default.xml
  • /data/data/####/com.samantha.ferdinand_ct_default.xml
  • /data/data/####/com.samantha.ferdinand_preferences.xml
  • /data/data/####/commainclcv3v.
  • /data/data/####/commainclcv3v.dex
  • /data/data/####/commainclcv3v.dex (deleted)
  • /data/data/####/commainclcv3v.dex.flock (deleted)
  • /data/data/####/commaincvmvvv.
  • /data/data/####/commaincvmvvv.dex
  • /data/data/####/commaincvmvvv.dex.flock (deleted)
  • /data/data/####/commainxvw2c3w5m2i2an2.2
  • /data/data/####/commainxvw2c3w5m2i2an2.dex
  • /data/data/####/commainxvw2c3w5m2i2an2.dex.flock (deleted)
  • /data/data/####/data.dex
  • /data/data/####/data.dex.flock (deleted)
  • /data/data/####/data.jar
  • /data/data/####/dws3esr.xml
  • /data/data/####/dws3esr.xml.bak
  • /data/data/####/e3grd43rd.data
  • /data/data/####/e3grd43rd.data-journal
  • /data/data/####/e3t6rsd.data-journal
  • /data/data/####/game1212.dex
  • /data/data/####/game1212.dex.flock (deleted)
  • /data/data/####/gameid
  • /data/data/####/gameid.zip
  • /data/data/####/gt5eer.xml
  • /data/data/####/gt5eer.xml.bak
  • /data/data/####/gt5eer.xml.bak (deleted)
  • /data/data/####/i.i.xml
  • /data/data/####/iavi.txt.xml
  • /data/data/####/iavi.txt.xml.bak
  • /data/data/####/jar20190515.dex
  • /data/data/####/jar20190515.dex.flock (deleted)
  • /data/data/####/kk20201106.dex
  • /data/data/####/kk20201106.dex.flock (deleted)
  • /data/data/####/kklz02dex20200414.dex
  • /data/data/####/kklz02dex20200414.dex.flock (deleted)
  • /data/data/####/libbltz.so
  • /data/data/####/libbltz.so-32 (deleted)
  • /data/data/####/libbltz.so-64 (deleted)
  • /data/data/####/libnav-6mdw2z.so
  • /data/data/####/lob.xml
  • /data/data/####/lob.xml.bak
  • /data/data/####/lsdk20200506.dex
  • /data/data/####/lsdk20200506.dex.flock (deleted)
  • /data/data/####/m2019083117.apk
  • /data/data/####/m2019083117.dex
  • /data/data/####/m2019083117.dex.flock (deleted)
  • /data/data/####/m2020081910.apk
  • /data/data/####/m2020081910.dex
  • /data/data/####/m2020081910.dex.flock (deleted)
  • /data/data/####/metrics_guid
  • /data/data/####/npzn.xml
  • /data/data/####/oniow
  • /data/data/####/pl_config.xml
  • /data/data/####/s1s1k1_c2o3n23f2i3g2.xml
  • /data/data/####/s2019083117.apk
  • /data/data/####/s2019083117.dex
  • /data/data/####/s2019083117.dex.flock (deleted)
  • /data/data/####/s2020081910.apk
  • /data/data/####/s2020081910.dex
  • /data/data/####/s2020081910.dex.flock (deleted)
  • /data/data/####/s3p43_4z5he6n4g6x45u7e890jp-i00-ao-0.xml
  • /data/data/####/s3p43_4z5he6n4g6x45u7e890jp-i00-ao-0.xml.bak
  • /data/data/####/s3p43_OIUTIUYT.xml
  • /data/data/####/s3p43_OIUTIUYT.xml.bak
  • /data/data/####/s3p43_tyjhtyhyrtyrty.xml
  • /data/data/####/s3p43_tyjhtyhyrtyrty.xml.bak
  • /data/data/####/sbtyu76j7ui78pi7_6i7c8i78i78oin78fi76i8ig78i7.xml
  • /data/data/####/sdk0406.dex
  • /data/data/####/sdk0406.dex.flock (deleted)
  • /data/data/####/skk20210416.dex
  • /data/data/####/skk20210416.dex.flock (deleted)
  • /data/data/####/sp.xml
  • /data/data/####/sp_dojz.xml
  • /data/data/####/sp_fqrubp.xml
  • /data/data/####/temp.zip (deleted)
  • /data/data/####/thb.xml
  • /data/data/####/uuid_data.xml
  • /data/data/####/ver.ini.xml
  • /data/data/####/ver.ini.xml.bak
  • /data/data/####/wcas.png
  • /data/data/####/wdc_data.xml
  • /data/data/####/webview_data.lock
  • /data/data/####/wpd.db
  • /data/data/####/wpd.db-journal
  • /data/data/####/wugan-1.0-2021-05-11-09-43-34.dex
  • /data/data/####/wugan-1.0-2021-05-11-09-43-34.dex.flock (deleted)
  • /data/data/####/yeah0510.dex
  • /data/data/####/yeah0510.dex.flock (deleted)
  • /data/media/####/.vck
  • /data/media/####/.zo
  • /data/media/####/1D95872AE5BCFEEFF85B388290627801.temp
  • /data/media/####/1D95872AE5BCFEEFF85B388290627801.zip
  • /data/media/####/2A99AD9F043F5CDA89D03756C000F2B9
  • /data/media/####/47AB7209AD7ACF4EB1EA636A3039D803
  • /data/media/####/C8E46E6710F24F9AA6039B838AC7B723
  • /data/media/####/Config.txt
  • /data/media/####/D10049dex20190529.jar
  • /data/media/####/D65878406D1F1FEEDCF1DD90B285B627.temp
  • /data/media/####/D65878406D1F1FEEDCF1DD90B285B627.zip
  • /data/media/####/D8BD5B5F8F0AD67AAE2181E3339D1C2F
  • /data/media/####/D8BD5B5F8F0AD67AAE2181E3339D1C2F.jar
  • /data/media/####/D8BD5B5F8F0AD67AAE2181E3339D1C2F.temp
  • /data/media/####/E6F69FEF5EAFB75D8FC23DDBEB91E784
  • /data/media/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.jar
  • /data/media/####/E6F69FEF5EAFB75D8FC23DDBEB91E784.temp
  • /data/media/####/E7D0B1FA88CEFAE007FE3649A6BEDE44
  • /data/media/####/batdex20191010.jar
  • /data/media/####/c1005dex20190527.jar
  • /data/media/####/djyh
  • /data/media/####/game1212.jar
  • /data/media/####/jar20190515.jar
  • /data/media/####/kk20201106.jar
  • /data/media/####/kklz02dex20200414.jar
  • /data/media/####/lsdk20200506.jar
  • /data/media/####/sdk0406.jar
  • /data/media/####/skk20210416.jar
  • /data/media/####/ybl
  • /data/media/####/yeah0510.jar
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/1557903273-1946341169640221261/1.jar --oat-fd=97 --oat-location=/data/user/0/<Package>/cache/1557903273-1946341169640221261/1.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/20210508103554.1 --oat-fd=78 --oat-location=/data/user/0/<Package>/cache/<Package>/20210508103554.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/20210508103554.1 --oat-fd=81 --oat-location=/data/user/0/<Package>/cache/<Package>/20210508103554.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/7DE4241D35CEF7E9538EE9A915D72F90.jar --oat-fd=93 --oat-location=/data/user/0/<Package>/files/7DE4241D35CEF7E9538EE9A915D72F90.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainclcv3v. --oat-fd=33 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620804843898/commainclcv3v.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainclcv3v. --oat-fd=34 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620804843921/commainclcv3v.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainclcv3v. --oat-fd=34 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620804845351/commainclcv3v.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commaincvmvvv. --oat-fd=94 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620804902449/commaincvmvvv.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/<Package>_c/commainxvw2c3w5m2i2an2.2 --oat-fd=97 --oat-location=/data/user/0/<Package>/files/<Package>_c/<Package>/1620804937389/commainxvw2c3w5m2i2an2.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=83 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=95 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/data.jar --oat-fd=97 --oat-location=/data/user/0/<Package>/files/data.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2019083117.apk --oat-fd=57 --oat-location=/data/user/0/<Package>/app_dex/m2019083117.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/m2020081910.apk --oat-fd=92 --oat-location=/data/user/0/<Package>/app_dex/m2020081910.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2019083117.apk --oat-fd=75 --oat-location=/data/user/0/<Package>/app_dex/s2019083117.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/s2020081910.apk --oat-fd=92 --oat-location=/data/user/0/<Package>/app_dex/s2020081910.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/wugan-1.0-2021-05-11-09-43-34.apk --oat-fd=85 --oat-location=/data/user/0/<Package>/cache/<Package>/wugan-1.0-2021-05-11-09-43-34.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/wugan-1.0-2021-05-11-09-43-34.apk --oat-fd=97 --oat-location=/data/user/0/<Package>/cache/<Package>/wugan-1.0-2021-05-11-09-43-34.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/data/user/0/<Package>/oat/x86/3367/base.apk --oat-fd=96 --oat-location=/data/user/0/<Package>/oat/x86/3367/base.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/D10049dex20190529.jar --oat-fd=100 --oat-location=/data/user/0/<Package>/D10049dex20190529.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/batdex20191010.jar --oat-fd=89 --oat-location=/data/user/0/<Package>/batdex20191010.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/c1005dex20190527.jar --oat-fd=76 --oat-location=/data/user/0/<Package>/c1005dex20190527.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/game1212.jar --oat-fd=95 --oat-location=/data/user/0/<Package>/game1212.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/jar20190515.jar --oat-fd=99 --oat-location=/data/user/0/<Package>/jar20190515.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/kk20201106.jar --oat-fd=103 --oat-location=/data/user/0/<Package>/kk20201106.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/kklz02dex20200414.jar --oat-fd=104 --oat-location=/data/user/0/<Package>/kklz02dex20200414.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/lsdk20200506.jar --oat-fd=106 --oat-location=/data/user/0/<Package>/lsdk20200506.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/sdk0406.jar --oat-fd=87 --oat-location=/data/user/0/<Package>/sdk0406.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/skk20210416.jar --oat-fd=82 --oat-location=/data/user/0/<Package>/skk20210416.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/Tencent/ys/Loader/yeah0510.jar --oat-fd=83 --oat-location=/data/user/0/<Package>/yeah0510.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/1D95872AE5BCFEEFF85B388290627801.zip --oat-fd=56 --oat-location=/data/user/0/<Package>/files/1D95872AE5BCFEEFF85B388290627801.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/qfxtr/<Package>/jsau/D65878406D1F1FEEDCF1DD90B285B627.zip --oat-fd=84 --oat-location=/data/user/0/<Package>/files/D65878406D1F1FEEDCF1DD90B285B627.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/yeu/<Package>/ddu/D8BD5B5F8F0AD67AAE2181E3339D1C2F.jar --oat-fd=84 --oat-location=/data/user/0/<Package>/files/D8BD5B5F8F0AD67AAE2181E3339D1C2F.dex --compiler-filter=speed
  • /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86_64 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86_64 --instruction-set-features=default --dex-file=/storage/emulated/0/yeu/<Package>/ddu/E6F69FEF5EAFB75D8FC23DDBEB91E784.jar --oat-fd=83 --oat-location=/data/user/0/<Package>/files/E6F69FEF5EAFB75D8FC23DDBEB91E784.dex --compiler-filter=speed
  • cat /proc/version
  • cat /sys/class/net/wlan0/address
  • getprop ro.bootimage.build.date.utc
  • getprop ro.build.description
  • getprop ro.build.fingerprint
  • getprop ro.build.product
  • getprop ro.build.version.all_codenames
  • getprop ro.sf.lcd_density
  • getprop ro.yunos.build.version
  • sh
Loads the following dynamic libraries:
  • oniow
Uses the following algorithms to encrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • RSA-None-PKCS1Padding
Uses the following algorithms to decrypt data:
  • AES
  • AES-CBC-PKCS5Padding
  • DES-CBC-PKCS5Padding
  • RSA-None-PKCS1Padding
  • desede-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Adds tasks to the system scheduler.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124