Library
My library

Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.Locker.16783

Added to the Dr.Web virus database: 2023-06-03

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Locker.14669
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(TLS/1.0) hw-####.a####.com:443
  • TCP(TLS/1.0) gmscomp####.google####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) pt-sta####.js####.com:443
  • TCP(TLS/1.0) galle####.vcmd####.com:443
  • TCP(TLS/1.0) di.ph####.com:443
  • TCP(TLS/1.0) sto####.google####.com:443
  • TCP(TLS/1.0) c####.liveja####.com:443
  • TCP(TLS/1.0) pla####.google####.com:443
  • TCP(TLS/1.0) i.dy####.com:443
  • TCP(TLS/1.0) rr6---s####.g####.com:443
  • TCP(TLS/1.0) st####.traffic####.com:443
  • TCP(TLS/1.0) m####.traffic####.net:443
  • TCP(TLS/1.0) cdn1-sm####.ph####.com:443
  • TCP(TLS/1.0) ads.traffic####.net:443
  • TCP(TLS/1.0) ht-####.a####.com:443
  • TCP(TLS/1.0) h####.por####.com:443
  • TCP(TLS/1.0) www.go####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) www.googlet####.com:443
  • TCP(TLS/1.0) www.google-####.com:443
  • TCP(TLS/1.0) s####.g.doublec####.net:443
  • TCP(TLS/1.0) www.por####.com:443
  • TCP(TLS/1.0) dy####.com:443
  • TCP(TLS/1.0) i.bimbo####.com:443
  • TCP(TLS/1.0) www.go####.ru:443
  • TCP(TLS/1.2) gmscomp####.google####.com:443
  • TCP(TLS/1.2) connect####.gst####.com:443
DNS requests:
  • ads.traffic####.net
  • and####.a####.go####.com
  • and####.google####.com
  • c####.liveja####.com
  • cdn1-sm####.ph####.com
  • connect####.gst####.com
  • di.ph####.com
  • dy####.com
  • ei.ph####.com
  • galle####.vcmd####.com
  • galle####.vcmd####.com
  • galle####.vcmd####.com
  • galle####.vcmd####.com
  • gmscomp####.google####.com
  • h####.por####.com
  • ht-####.a####.com
  • hw-####.a####.com
  • i.bimbo####.com
  • i.dy####.com
  • m####.traffic####.net
  • p####.google####.com
  • pla####.google####.com
  • pt-sta####.js####.com
  • pt-sta####.js####.com
  • pt-sta####.js####.com
  • rr6---s####.g####.com
  • s####.g.doublec####.net
  • st####.traffic####.com
  • sto####.google####.com
  • v.dy####.com
  • www.go####.com
  • www.go####.ru
  • www.google-####.com
  • www.googlet####.com
  • www.por####.com
File system changes:
Creates the following files:
  • /data/data/####/000001.dbtmp
  • /data/data/####/0032e67aa1b7506c_0
  • /data/data/####/022370b79afdf7d3_0 (deleted)
  • /data/data/####/03bcfd0b25950bdc_0
  • /data/data/####/04c2d9f8066a61fb_0
  • /data/data/####/06af01a03ed279b9_0
  • /data/data/####/06dac55a90e06670_0
  • /data/data/####/0a28c5109aa80ca6_0
  • /data/data/####/0a364fb28e1eff70_0
  • /data/data/####/0a364fb28e1eff70_1
  • /data/data/####/0b6c3bd569c0aff2_0
  • /data/data/####/0cadd3042cc4304d_0
  • /data/data/####/0ce05511738fcd6d_0
  • /data/data/####/0d6705065d781779_0
  • /data/data/####/11ec1bcba9e047c0_0
  • /data/data/####/11ec1bcba9e047c0_1
  • /data/data/####/1251c9deb44f08a1_0
  • /data/data/####/1251c9deb44f08a1_s
  • /data/data/####/12a6ab2820351259_0
  • /data/data/####/134f002730cf0df5_0
  • /data/data/####/1362daa46659d530_0
  • /data/data/####/13889e3991191ba9_0
  • /data/data/####/13d2472b524bec67_0
  • /data/data/####/13e77088e80af0e8_0
  • /data/data/####/13e77088e80af0e8_1
  • /data/data/####/171d60a0b76c591c_0 (deleted)
  • /data/data/####/17206decc3773665_0
  • /data/data/####/184e71c0a7239ee5_0
  • /data/data/####/18614fc77a7424a7_0
  • /data/data/####/18a4dd666c50c3a0_0
  • /data/data/####/19e6aa802b9ec468_0
  • /data/data/####/1ac5b96ee8e5db35_0
  • /data/data/####/1b388a11c1351dac_0
  • /data/data/####/1b93153e9d0eb6aa_0
  • /data/data/####/1c9d0791f1810a50_0
  • /data/data/####/1d52242b8845dced_0
  • /data/data/####/1edc1597da113910_0
  • /data/data/####/204c3f36264a62bb_0
  • /data/data/####/22af8adcc75a367a_0
  • /data/data/####/2316776b4dbdc1d0_0
  • /data/data/####/241656fb551eb12b_0
  • /data/data/####/245ea5868a066dd9_0
  • /data/data/####/2617aacb07703504_0
  • /data/data/####/268feda672e2f8b0_0
  • /data/data/####/26ce2d9dcbeb8cd4_0
  • /data/data/####/281f711bdacd22c1_0 (deleted)
  • /data/data/####/28825fc2b6484b4f_0
  • /data/data/####/2940195bd9870d6e_0
  • /data/data/####/2940195bd9870d6e_1
  • /data/data/####/29a7c599521f84a6_0
  • /data/data/####/29aca9a723f2bd75_0
  • /data/data/####/29bf5707f6f5e718_0
  • /data/data/####/2cc80dabc69f58b6_0
  • /data/data/####/2ce2426d5d8b51ed_0
  • /data/data/####/2e007ad129df78c5_0
  • /data/data/####/2e7a21eb1e41c1ab_0
  • /data/data/####/2fb4885fff7bd002_0
  • /data/data/####/30851b74706c131a_0 (deleted)
  • /data/data/####/30c216f87d10532b_0
  • /data/data/####/30c216f87d10532b_1
  • /data/data/####/31095393fa1573c9_0
  • /data/data/####/32a08c77db4bee96_0
  • /data/data/####/33474d826c1f993c_0
  • /data/data/####/3442ce6f47ae9ce4_0
  • /data/data/####/3642e3f4d2180d95_0
  • /data/data/####/36a25274800e0de8_0
  • /data/data/####/36ac7e2d67dec583_0
  • /data/data/####/36b8afe2afcc886d_0
  • /data/data/####/3741e92b7d19e420_0
  • /data/data/####/3830bbff681443c8_0
  • /data/data/####/3907ebcf8f6ccbb4_0
  • /data/data/####/3968ac6a286a875a_0
  • /data/data/####/3968ac6a286a875a_s
  • /data/data/####/39d214b87771bd6e_0
  • /data/data/####/3b6d79609a754296_0
  • /data/data/####/3c1e23f613a8c52d_0
  • /data/data/####/3d5c5304c3c807f9_0
  • /data/data/####/3ea4d78ea985ea67_0
  • /data/data/####/4044554929ab5ce5_0 (deleted)
  • /data/data/####/40cdbf12d63ff390_0
  • /data/data/####/40db1f31f8b737f8_0
  • /data/data/####/416a8844ca9bc5b1_0
  • /data/data/####/416a8844ca9bc5b1_s
  • /data/data/####/45155a81710ef30b_0
  • /data/data/####/4587a5479beed3ef_0
  • /data/data/####/4587a5479beed3ef_1
  • /data/data/####/45d527aae71c7da3_0
  • /data/data/####/4bcaefcf4dd1a396_0
  • /data/data/####/4c38fc62a01dc555_0 (deleted)
  • /data/data/####/4cb013792b196a35_0
  • /data/data/####/4cb013792b196a35_1
  • /data/data/####/4ed92342b9895a0f_0
  • /data/data/####/4ed92342b9895a0f_1
  • /data/data/####/4f526d8760d9fa91_0
  • /data/data/####/4fabca391a165007_0
  • /data/data/####/5005224befa4799d_0
  • /data/data/####/508ef845dc7a5eea_0
  • /data/data/####/515fa18f5edf7a71_0
  • /data/data/####/51b8bac3feb6504e_0
  • /data/data/####/530c2e32668e2617_0
  • /data/data/####/530e1859aa657b7c_0
  • /data/data/####/53331bc92943177f_0
  • /data/data/####/556149b306658f0a_0
  • /data/data/####/5699f6077dd8bc9d_0 (deleted)
  • /data/data/####/5712881a0c09f37b_0
  • /data/data/####/58905ce9556a286c_0
  • /data/data/####/59f8385b031ae421_0
  • /data/data/####/5b1951448d94ddbd_0
  • /data/data/####/5b1951448d94ddbd_1
  • /data/data/####/5cbf4d8e9745577c_0
  • /data/data/####/5d58a4e4fb14f689_0 (deleted)
  • /data/data/####/5dd7d0ec1bb9fe34_0
  • /data/data/####/5e199bbbcc25a2cb_0
  • /data/data/####/5e441fe9cf032e48_0
  • /data/data/####/5f263415fbaa5791_0
  • /data/data/####/60d6d183fcf59584_0
  • /data/data/####/6104a546c621a524_0
  • /data/data/####/62c7a4b13f61aac3_0
  • /data/data/####/64508fa1cd46b0ab_0
  • /data/data/####/64508fa1cd46b0ab_1
  • /data/data/####/6453d2b6ddaf56ed_0
  • /data/data/####/64a1ea02d5608bf3_0
  • /data/data/####/64fb3843019ea5a6_0 (deleted)
  • /data/data/####/66e7834481663201_0
  • /data/data/####/66e7834481663201_1
  • /data/data/####/66fd4ae78358a5d0_0
  • /data/data/####/68d7e2986731e026_0
  • /data/data/####/698b501a8e0b7847_0
  • /data/data/####/6b322b4bf2fb1cfe_0
  • /data/data/####/6b322b4bf2fb1cfe_1
  • /data/data/####/6ca0ec9628348372_0 (deleted)
  • /data/data/####/6ddb492a6706c7c2_0
  • /data/data/####/6e24105fb9bfa545_0
  • /data/data/####/71a7d545b72e6617_0
  • /data/data/####/721b22ac912614be_0
  • /data/data/####/721b22ac912614be_1
  • /data/data/####/72da49ff0cab8d8a_0
  • /data/data/####/731aaa9fb63f4a96_0
  • /data/data/####/734151022703a189_0
  • /data/data/####/73ae0831ec4ed5d2_0 (deleted)
  • /data/data/####/74b37c637783d7e0_0
  • /data/data/####/76a7b561c8794a10_0
  • /data/data/####/77cc6df46de2563c_0
  • /data/data/####/7807840a1bfc7d1b_0
  • /data/data/####/78892e08c5b0ab03_0
  • /data/data/####/78b94341bbd8890b_0 (deleted)
  • /data/data/####/7c1e2fdc464436f9_0 (deleted)
  • /data/data/####/7c36fcfeed892bef_0
  • /data/data/####/7c36fcfeed892bef_1
  • /data/data/####/7c37d9ade48c2b69_0
  • /data/data/####/7d59656b674ff3b5_0
  • /data/data/####/7dfbf3a6ba442fc7_0
  • /data/data/####/7dfbf3a6ba442fc7_s
  • /data/data/####/7e8a0eb2e558c38b_0
  • /data/data/####/7f014ab246714dba_0
  • /data/data/####/7f1a33068db42e68_0
  • /data/data/####/803fa371d5ffb9ea_0
  • /data/data/####/80462c757f06b9a3_0
  • /data/data/####/80462c757f06b9a3_1
  • /data/data/####/81eab523811d01cf_0
  • /data/data/####/826ade3b4cf6d6e1_0
  • /data/data/####/82c5fbd25fe3b7ba_0
  • /data/data/####/83102dabdfbb25be_0
  • /data/data/####/846457eadd435afe_0
  • /data/data/####/8601321b112a5201_0
  • /data/data/####/86de11722216820b_0
  • /data/data/####/8725f141b0e49907_0
  • /data/data/####/879c42fbf8188409_0
  • /data/data/####/879c42fbf8188409_s
  • /data/data/####/87a22d38eb6386bc_0
  • /data/data/####/8888bac454c36fa6_0
  • /data/data/####/8888bac454c36fa6_1
  • /data/data/####/89055078492ffe58_0
  • /data/data/####/8a75bda095f161f6_0 (deleted)
  • /data/data/####/8bc6d174244f28d5_0
  • /data/data/####/8c3ecb0d54a3abe8_0
  • /data/data/####/8c3ecb0d54a3abe8_1
  • /data/data/####/8cb9b137f544f30f_0
  • /data/data/####/8d07b109365e3170_0
  • /data/data/####/8d07b109365e3170_1
  • /data/data/####/8d862b4da5ac8cc0_0
  • /data/data/####/8d862b4da5ac8cc0_s
  • /data/data/####/8da4e0b575d40819_0
  • /data/data/####/8e52af0b01d1c2e8_0
  • /data/data/####/8eb7017bf457482f_0
  • /data/data/####/8fe0897d2f20ac35_0
  • /data/data/####/910a25edf06cdbcf_0
  • /data/data/####/927c81f49c686279_0
  • /data/data/####/92b12eb17805c4f2_0
  • /data/data/####/935bf11063fe2273_0
  • /data/data/####/9402ef73a016ffbb_0
  • /data/data/####/94ecbe0ec87afbdb_0
  • /data/data/####/9576800d782ac577_0
  • /data/data/####/95cae56d052c205b_0
  • /data/data/####/95f4444544839324_0
  • /data/data/####/96364f97c69d45e2_0
  • /data/data/####/975fef34c85c11cb_0
  • /data/data/####/98552d5838f0ab4b_0 (deleted)
  • /data/data/####/989c7b04b6af4d44_0
  • /data/data/####/9933d49c412ed0d8_0
  • /data/data/####/9933d49c412ed0d8_1
  • /data/data/####/9a6dc6d131eb44d5_0
  • /data/data/####/9dd5fea54dcaaaa4_0
  • /data/data/####/9ea4b735086718a2_0
  • /data/data/####/9f1b934e52f642b4_0
  • /data/data/####/Cookies-journal
  • /data/data/####/Databases.db-journal
  • /data/data/####/EzAnkUFxW.dex
  • /data/data/####/MANIFEST-000001
  • /data/data/####/MucnSNU.dex
  • /data/data/####/MucnSNU.dex.flock (deleted)
  • /data/data/####/QuotaManager-journal
  • /data/data/####/TcNLeR.dex
  • /data/data/####/TcNLeR.dex.flock (deleted)
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a1684195e16a1b92_0
  • /data/data/####/a1a0eb390b604316_0
  • /data/data/####/a1a0eb390b604316_1
  • /data/data/####/a260aa5a3de9319c_0
  • /data/data/####/a260aa5a3de9319c_1
  • /data/data/####/a3238c2596542399_0
  • /data/data/####/a4f5d9a44b6e8bf7_0 (deleted)
  • /data/data/####/a57d2342b5b03ced_0
  • /data/data/####/a5aad13febc6a967_0
  • /data/data/####/a8eeb742a87fa9a3_0
  • /data/data/####/a9577e1c87260bd3_0
  • /data/data/####/a993836912146585_0
  • /data/data/####/a9d56e07f351f496_0
  • /data/data/####/ab132e9542da0fb1_0
  • /data/data/####/ab35021fd5772624_0 (deleted)
  • /data/data/####/ab8deb47c2bb747a_0
  • /data/data/####/ab9052bd563ac05b_0
  • /data/data/####/acfbe4f0630e6619_0 (deleted)
  • /data/data/####/af6d06138b91b7eb_0
  • /data/data/####/af6d06138b91b7eb_s
  • /data/data/####/b00033d4bd2273cf_0
  • /data/data/####/b005f0e09bcda986_0
  • /data/data/####/b1d2631874390a1d_0
  • /data/data/####/b2575f6ecf380ef9_0
  • /data/data/####/b2faefda4f4a389a_0
  • /data/data/####/b55d81e0bdafef04_0
  • /data/data/####/b6bcbd00103a1206_0
  • /data/data/####/b6bcbd00103a1206_1
  • /data/data/####/b801f86c18cd56b6_0
  • /data/data/####/ba418e421a3a53cf_0
  • /data/data/####/baaa60f86e615b33_0
  • /data/data/####/bbfbebb6c4ad4a14_0
  • /data/data/####/bc3297e3cba784a7_0
  • /data/data/####/bd49ffa69488246a_0
  • /data/data/####/bda50f6ccac90d3f_0
  • /data/data/####/bea9aeb6f63d7aae_0 (deleted)
  • /data/data/####/bf0ec84bb385fb6d_0
  • /data/data/####/bf0ec84bb385fb6d_1
  • /data/data/####/bf0fe2bbd4f3fb0a_0
  • /data/data/####/bfb9525f6f6b2499_0 (deleted)
  • /data/data/####/bfe773b73ce169b1_0
  • /data/data/####/c091920b602e4be8_0 (deleted)
  • /data/data/####/c19b418c9153f1a1_0
  • /data/data/####/c1efa954362f7ddb_0
  • /data/data/####/c1efa954362f7ddb_s
  • /data/data/####/c24dd5b7bc5d4bb8_0
  • /data/data/####/c3d1de2db7b0f0ce_0
  • /data/data/####/c3effc0bebc1fad8_0
  • /data/data/####/c4420e5520ee7d4b_0
  • /data/data/####/c451cf81c01502b7_0
  • /data/data/####/c597bf8b680f956a_0
  • /data/data/####/c85dbb7a410289d1_0
  • /data/data/####/c9297863ce69348c_0
  • /data/data/####/ca8c3ff3a19a5f9c_0
  • /data/data/####/ca8c3ff3a19a5f9c_s
  • /data/data/####/cae19676a27e8991_0
  • /data/data/####/cb1dc80942a6730d_0
  • /data/data/####/cb67277b23292d95_0
  • /data/data/####/cb8bae4e1af518db_0
  • /data/data/####/cb8bae4e1af518db_1
  • /data/data/####/cbeae3bca9e2bfba_0
  • /data/data/####/cbf7ab693f4af639_0
  • /data/data/####/com.kvxx_preferences.xml
  • /data/data/####/d16393af3df9310c_0
  • /data/data/####/d16393af3df9310c_1
  • /data/data/####/d1b548e6fb728d48_0
  • /data/data/####/d26e7ea5458a253b_0
  • /data/data/####/d3f9c68e0b18830c_0
  • /data/data/####/d3f9c68e0b18830c_1
  • /data/data/####/d40d3835f51e3044_0
  • /data/data/####/d49281a647c57da6_0
  • /data/data/####/d702e98125e02751_0
  • /data/data/####/d77d655ec40a4bfd_0
  • /data/data/####/d909141d360f45b1_0
  • /data/data/####/d9b53d4edb26f239_0
  • /data/data/####/d9b53d4edb26f239_1
  • /data/data/####/d9d408bc58b2d5f5_0
  • /data/data/####/db7aed9237363e91_0
  • /data/data/####/ddc5cc6bdbca1483_0
  • /data/data/####/de4359e6e9d13050_0
  • /data/data/####/de6e3505b7eaaf98_0
  • /data/data/####/de86dc449664b82d_0 (deleted)
  • /data/data/####/e0eb316692d9eb35_0
  • /data/data/####/e21f1ccd1496d732_0
  • /data/data/####/e21f1ccd1496d732_1
  • /data/data/####/e35e8f8e21e5a632_0
  • /data/data/####/e62a6c9088177e88_0
  • /data/data/####/e6f04026d5e81c4f_0
  • /data/data/####/e89317c67ac328e8_0
  • /data/data/####/e89a866587ac4710_0
  • /data/data/####/e93734f433b5b4e0_0
  • /data/data/####/e991fbfedba2aab9_0
  • /data/data/####/e9a75768e8147eea_0
  • /data/data/####/ea420e2d7e655b78_0
  • /data/data/####/ea961972f07385bb_0
  • /data/data/####/eb17e8742b5d3605_0
  • /data/data/####/eb266bfe363dad9f_0
  • /data/data/####/ebbe31d25dd0e95f_0
  • /data/data/####/ec4793261905ea32_0
  • /data/data/####/ecb5044344aae9c6_0
  • /data/data/####/ee54696b81d48de1_0
  • /data/data/####/ee54696b81d48de1_1
  • /data/data/####/effd37cf07a9b470_0 (deleted)
  • /data/data/####/f19ccf15d42c6363_0
  • /data/data/####/f1f35cebda9b8533_0
  • /data/data/####/f23c946c9aed1a2c_0
  • /data/data/####/f240ad85a9dbeaaa_0
  • /data/data/####/f3a5483d6f6ba037_0
  • /data/data/####/f3cfd5996e059197_0
  • /data/data/####/f43038022ccd5671_0
  • /data/data/####/f5c728d00e508f59_0
  • /data/data/####/f710b690f950e0f0_0
  • /data/data/####/f75b3f6afb775623_0
  • /data/data/####/f920ebe2e6688be2_0
  • /data/data/####/fa619a65cae30c3a_0
  • /data/data/####/fa619a65cae30c3a_1
  • /data/data/####/fac06663cd166a86_0
  • /data/data/####/fb23cbe9d10d2b44_0
  • /data/data/####/fc6d314c49c2f708_0
  • /data/data/####/fee6ef73fdd6723e_0
  • /data/data/####/index
  • /data/data/####/metrics_guid
  • /data/data/####/the-real-index
  • /data/data/####/xHePZp.dex
  • /data/data/####/xHePZp.dex.flock (deleted)
  • /data/misc/####/primary.prof
Miscellaneous:
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android