FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.BankBot.TgToxic.43

Added to the Dr.Web virus database: 2023-10-27

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.BankBot.TgToxic.1
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) 64.2####.162.94:80
  • TCP(TLS/1.0) p####.google####.com:443
  • TCP(TLS/1.0) 64.2####.162.94:443
  • TCP(TLS/1.0) rr18---####.g####.com:443
  • TCP(TLS/1.0) 74.1####.205.113:443
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) 64.2####.162.95:443
  • TCP(TLS/1.2) 1####.177.14.103:443
  • TCP(TLS/1.2) 64.2####.162.94:443
  • TCP(TLS/1.2) p####.google####.com:443
  • TCP(TLS/1.2) 64.2####.162.95:443
  • UDP p####.google####.com:443
DNS requests:
  • m####.go####.com
  • p####.google####.com
  • rr18---####.g####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
  • sqs.ap-nort####.amazo####.com
  • www.go####.com
File system changes:
Creates the following files:
  • /data/data/####/.com_fmzinx_jlbeqixc.meta
  • /data/data/####/0XP9VNGJL0ICU8GMMXZL82CAH2DD1U5.dex
  • /data/data/####/0XP9VNGJL0ICU8GMMXZL82CAH2DD1U5.dex.flock (deleted)
  • /data/data/####/0XP9VNGJL0ICU8GMMXZL82CAH2DD1U5.zip
  • /data/data/####/19
  • /data/data/####/1F9GYX5CT323FEVKGVA9Z331P6SLOFNN.dex
  • /data/data/####/1F9GYX5CT323FEVKGVA9Z331P6SLOFNN.dex.flock (deleted)
  • /data/data/####/2023-10-27PM070837.str
  • /data/data/####/20RMDW0T58Z0EJKPKIQWUMLWEIKNNIFJ.dex
  • /data/data/####/20RMDW0T58Z0EJKPKIQWUMLWEIKNNIFJ.dex.flock (deleted)
  • /data/data/####/29
  • /data/data/####/3Q2XAE4DSH2DXN6S7Y8R42E4PZII7QFG.dex
  • /data/data/####/3Q2XAE4DSH2DXN6S7Y8R42E4PZII7QFG.dex.flock (deleted)
  • /data/data/####/4KC5KMF9JJXOUUQ830S22JTP8FQXNV27.dex
  • /data/data/####/4KC5KMF9JJXOUUQ830S22JTP8FQXNV27.dex.flock (deleted)
  • /data/data/####/5TP6HRC6OWYHB7RHGTX73WQ6147YSCRK.dex
  • /data/data/####/5TP6HRC6OWYHB7RHGTX73WQ6147YSCRK.dex.flock (deleted)
  • /data/data/####/60A5WIHQYSGN7CUEVPO9IP5LIXYGRLJ.dex
  • /data/data/####/60A5WIHQYSGN7CUEVPO9IP5LIXYGRLJ.dex.flock (deleted)
  • /data/data/####/60A5WIHQYSGN7CUEVPO9IP5LIXYGRLJ.zip
  • /data/data/####/68Q5NYQ9A0FKGZSDTSBAOG42U3P2P4O0.dex
  • /data/data/####/68Q5NYQ9A0FKGZSDTSBAOG42U3P2P4O0.dex.flock (deleted)
  • /data/data/####/6L3KC1WIOPUM1572OWP9PZCQH4BTJOR5.dex
  • /data/data/####/6L3KC1WIOPUM1572OWP9PZCQH4BTJOR5.dex.flock (deleted)
  • /data/data/####/8V52M7YG2RK47VHGQIZVF92KRE9FX6TF.dex
  • /data/data/####/8V52M7YG2RK47VHGQIZVF92KRE9FX6TF.dex.flock (deleted)
  • /data/data/####/9DDU9NKQ0WA5VZN1GXT3RWEATWNE8KJ4.dex
  • /data/data/####/9DDU9NKQ0WA5VZN1GXT3RWEATWNE8KJ4.dex.flock (deleted)
  • /data/data/####/9FTCNH8LLNNMUV5HUKJKXKC05K93M0I.dex
  • /data/data/####/9FTCNH8LLNNMUV5HUKJKXKC05K93M0I.dex.flock (deleted)
  • /data/data/####/9FTCNH8LLNNMUV5HUKJKXKC05K93M0I.zip
  • /data/data/####/AOA1R6QPYGVGCVG15G3M0GGM67L6LS4W.dex
  • /data/data/####/AOA1R6QPYGVGCVG15G3M0GGM67L6LS4W.dex.flock (deleted)
  • /data/data/####/B5KBI91I21K9RO5E5JNPZZYL3NTGKJ8O.dex
  • /data/data/####/B5KBI91I21K9RO5E5JNPZZYL3NTGKJ8O.dex.flock (deleted)
  • /data/data/####/BOWGYUFY0NXRLBRL5S2O7TR1WLGGS9W.dex
  • /data/data/####/BOWGYUFY0NXRLBRL5S2O7TR1WLGGS9W.dex.flock (deleted)
  • /data/data/####/BOWGYUFY0NXRLBRL5S2O7TR1WLGGS9W.zip
  • /data/data/####/BT0NA1P2M5S9JKXMPZJHN3MX7J58GNOK.dex
  • /data/data/####/BT0NA1P2M5S9JKXMPZJHN3MX7J58GNOK.dex.flock (deleted)
  • /data/data/####/C6OBP8KZOQ9Q2XA3BUXGYQ6W85JG7IQU.dex
  • /data/data/####/C6OBP8KZOQ9Q2XA3BUXGYQ6W85JG7IQU.dex.flock (deleted)
  • /data/data/####/D4KRCWYFQJ4FBPWE1C6DUSS63XGW5K9A.dex
  • /data/data/####/DJATC37SSR671U74ZXPZPX8RHLRQE5YQ.dex
  • /data/data/####/EBVJP9ATZUOUS6Q8KF5FE4I4NWZFBCZ.dex
  • /data/data/####/EBVJP9ATZUOUS6Q8KF5FE4I4NWZFBCZ.dex.flock (deleted)
  • /data/data/####/EBVJP9ATZUOUS6Q8KF5FE4I4NWZFBCZ.zip
  • /data/data/####/EJXYMJF2FVDE59E5QW8084P1HHL0N0ZL.dex
  • /data/data/####/EJXYMJF2FVDE59E5QW8084P1HHL0N0ZL.dex.flock (deleted)
  • /data/data/####/FV3W7LU0E6S7P1TRINF55MGSVUH4AQT6.dex
  • /data/data/####/FY05DA531Q3VAICB15AIYODNUXC2SD4I.dex
  • /data/data/####/FY05DA531Q3VAICB15AIYODNUXC2SD4I.dex.flock (deleted)
  • /data/data/####/FYAXIIS58TELX368JA87W2ECDV2AJQB4.dex
  • /data/data/####/FYAXIIS58TELX368JA87W2ECDV2AJQB4.dex.flock (deleted)
  • /data/data/####/H1XJF0JHWQS6CSAMPJTCQ4AL2T5HMTR.dex
  • /data/data/####/H1XJF0JHWQS6CSAMPJTCQ4AL2T5HMTR.dex.flock (deleted)
  • /data/data/####/H1XJF0JHWQS6CSAMPJTCQ4AL2T5HMTR.zip
  • /data/data/####/HBH8ZPSL13FEYBPTUGVKXWCWP8XFECU.dex
  • /data/data/####/HBH8ZPSL13FEYBPTUGVKXWCWP8XFECU.dex.flock (deleted)
  • /data/data/####/HBH8ZPSL13FEYBPTUGVKXWCWP8XFECU.zip
  • /data/data/####/HKMBBO3HV81DOWEH3BOCKUFL07YWARAC.dex
  • /data/data/####/HKMBBO3HV81DOWEH3BOCKUFL07YWARAC.dex.flock (deleted)
  • /data/data/####/HZ50U95W5NM7JING4RYX73RHD2GHS77R.dex
  • /data/data/####/HZ50U95W5NM7JING4RYX73RHD2GHS77R.dex.flock (deleted)
  • /data/data/####/IECPkgStoreInfo
  • /data/data/####/J5BE5Z2VZ1DGK53RC6H6ZAQQ7M35820.dex
  • /data/data/####/J5BE5Z2VZ1DGK53RC6H6ZAQQ7M35820.dex.flock (deleted)
  • /data/data/####/J5BE5Z2VZ1DGK53RC6H6ZAQQ7M35820.zip
  • /data/data/####/JK2BN4CJ0CE32UZUVL9X51UAEMQT49SQ.dex
  • /data/data/####/JK2BN4CJ0CE32UZUVL9X51UAEMQT49SQ.dex.flock (deleted)
  • /data/data/####/KYGVQK7G0AMXP6OGTJYV473JGJGEDZX.dex
  • /data/data/####/KYGVQK7G0AMXP6OGTJYV473JGJGEDZX.dex.flock (deleted)
  • /data/data/####/KYGVQK7G0AMXP6OGTJYV473JGJGEDZX.zip
  • /data/data/####/O5R84PPG1DFSZF4J0UQEMEJ3BBVM5YLF.dex
  • /data/data/####/O5R84PPG1DFSZF4J0UQEMEJ3BBVM5YLF.dex.flock (deleted)
  • /data/data/####/ONXEMRQ4U7K4RJ9CUYZZ39QO3QLZPILF.dex
  • /data/data/####/ONXEMRQ4U7K4RJ9CUYZZ39QO3QLZPILF.dex.flock (deleted)
  • /data/data/####/OXD57BCJP4UWIKKYM5FTKE4QXMX1L2X.dex
  • /data/data/####/OXD57BCJP4UWIKKYM5FTKE4QXMX1L2X.dex.flock (deleted)
  • /data/data/####/OXD57BCJP4UWIKKYM5FTKE4QXMX1L2X.zip
  • /data/data/####/QLVWKPGQWLMMPLNYGKTXDFGQ1W3XFOJ9.dex
  • /data/data/####/QLVWKPGQWLMMPLNYGKTXDFGQ1W3XFOJ9.dex.flock (deleted)
  • /data/data/####/RQIX6M0DOPQTH364V2O3O2Y0L7MIV67C.dex
  • /data/data/####/RQIX6M0DOPQTH364V2O3O2Y0L7MIV67C.dex.flock (deleted)
  • /data/data/####/RW6VJOS7O46RQMZE3LPH1H26EIYLS1CQ.dex
  • /data/data/####/RW6VJOS7O46RQMZE3LPH1H26EIYLS1CQ.dex.flock (deleted)
  • /data/data/####/TFMH3MVFH94SDV3C25YN2IURUV5GIWN.dex
  • /data/data/####/TFMH3MVFH94SDV3C25YN2IURUV5GIWN.dex.flock (deleted)
  • /data/data/####/TFMH3MVFH94SDV3C25YN2IURUV5GIWN.zip
  • /data/data/####/TQWL5AMDMEGXC0985JRB3ROCOGKFMNEK.dex
  • /data/data/####/TQWL5AMDMEGXC0985JRB3ROCOGKFMNEK.dex.flock (deleted)
  • /data/data/####/VDJE0JV2VDK15SPEEPO75DHJN8IV29D1.dex
  • /data/data/####/VDJE0JV2VDK15SPEEPO75DHJN8IV29D1.dex.flock (deleted)
  • /data/data/####/VXGZMDTM69G9BW5UTVF9B7ATVZHKSB40.dex
  • /data/data/####/VXGZMDTM69G9BW5UTVF9B7ATVZHKSB40.dex.flock (deleted)
  • /data/data/####/WAS3EGN0KUQTHIC4DNQNGFBVGBOEPJ1.dex
  • /data/data/####/WAS3EGN0KUQTHIC4DNQNGFBVGBOEPJ1.dex.flock (deleted)
  • /data/data/####/WAS3EGN0KUQTHIC4DNQNGFBVGBOEPJ1.zip
  • /data/data/####/WXVS095495NG37438U6YIU7ZRN3E9Q5V.dex
  • /data/data/####/WXVS095495NG37438U6YIU7ZRN3E9Q5V.dex.flock (deleted)
  • /data/data/####/X601XUEXEY0H889KPVRNZR04WGWFAVAS.dex
  • /data/data/####/X601XUEXEY0H889KPVRNZR04WGWFAVAS.dex.flock (deleted)
  • /data/data/####/XD9ID7GQCWETBB79ODDNFW2IP0FY08NK.dex
  • /data/data/####/XD9ID7GQCWETBB79ODDNFW2IP0FY08NK.dex.flock (deleted)
  • /data/data/####/XWENB8VP3OLD8KQXNR4G8U3PSJUG232C.dex
  • /data/data/####/XWENB8VP3OLD8KQXNR4G8U3PSJUG232C.dex.flock (deleted)
  • /data/data/####/YD909HNSFWHGGQ1VYDRMBP5VOQ9XQ5U7.dex
  • /data/data/####/YD909HNSFWHGGQ1VYDRMBP5VOQ9XQ5U7.dex.flock (deleted)
  • /data/data/####/ZXV60VRMJDOTPC1YUHGFHDT7N8EBIP15.dex
  • /data/data/####/ZXV60VRMJDOTPC1YUHGFHDT7N8EBIP15.dex.flock (deleted)
  • /data/data/####/com.android.launcher3.prefs.xml
  • /data/data/####/e542c196888e28a5060dae2daffcda4dts99nb.lyrk
  • /data/data/####/e542c196888e28a5060dae2daffcda4dts99nb.lyrk (deleted)
  • /data/data/####/empty_classes.dex
  • /data/data/####/empty_classes.zip
  • /data/data/####/proc_auxv
  • /data/data/####/sealeh.bdc
  • /data/data/####/spUtils.xml
  • /data/data/####/working
Miscellaneous:
Executes the following shell scripts:
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/0XP9VNGJL0ICU8GMMXZL82CAH2DD1U5.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/60A5WIHQYSGN7CUEVPO9IP5LIXYGRLJ.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/9FTCNH8LLNNMUV5HUKJKXKC05K93M0I.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/BOWGYUFY0NXRLBRL5S2O7TR1WLGGS9W.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/H1XJF0JHWQS6CSAMPJTCQ4AL2T5HMTR.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/HBH8ZPSL13FEYBPTUGVKXWCWP8XFECU.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/J5BE5Z2VZ1DGK53RC6H6ZAQQ7M35820.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/KYGVQK7G0AMXP6OGTJYV473JGJGEDZX.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/OXD57BCJP4UWIKKYM5FTKE4QXMX1L2X.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/TFMH3MVFH94SDV3C25YN2IURUV5GIWN.zip
  • cp /data/user/0/<Package>/app_payload_lib/empty_classes.zip /data/user/0/<Package>/app_payload_lib/<Package>_empty_classes/WAS3EGN0KUQTHIC4DNQNGFBVGBOEPJ1.zip
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1F9GYX5CT323FEVKGVA9Z331P6SLOFNN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1F9GYX5CT323FEVKGVA9Z331P6SLOFNN.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/20RMDW0T58Z0EJKPKIQWUMLWEIKNNIFJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/20RMDW0T58Z0EJKPKIQWUMLWEIKNNIFJ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3Q2XAE4DSH2DXN6S7Y8R42E4PZII7QFG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3Q2XAE4DSH2DXN6S7Y8R42E4PZII7QFG.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/4KC5KMF9JJXOUUQ830S22JTP8FQXNV27.dex --oat-file=/data/user/0/<Package>/cache/<Package>/4KC5KMF9JJXOUUQ830S22JTP8FQXNV27.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5TP6HRC6OWYHB7RHGTX73WQ6147YSCRK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5TP6HRC6OWYHB7RHGTX73WQ6147YSCRK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/68Q5NYQ9A0FKGZSDTSBAOG42U3P2P4O0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/68Q5NYQ9A0FKGZSDTSBAOG42U3P2P4O0.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6L3KC1WIOPUM1572OWP9PZCQH4BTJOR5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6L3KC1WIOPUM1572OWP9PZCQH4BTJOR5.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8V52M7YG2RK47VHGQIZVF92KRE9FX6TF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8V52M7YG2RK47VHGQIZVF92KRE9FX6TF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9DDU9NKQ0WA5VZN1GXT3RWEATWNE8KJ4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9DDU9NKQ0WA5VZN1GXT3RWEATWNE8KJ4.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/AOA1R6QPYGVGCVG15G3M0GGM67L6LS4W.dex --oat-file=/data/user/0/<Package>/cache/<Package>/AOA1R6QPYGVGCVG15G3M0GGM67L6LS4W.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/B5KBI91I21K9RO5E5JNPZZYL3NTGKJ8O.dex --oat-file=/data/user/0/<Package>/cache/<Package>/B5KBI91I21K9RO5E5JNPZZYL3NTGKJ8O.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BT0NA1P2M5S9JKXMPZJHN3MX7J58GNOK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BT0NA1P2M5S9JKXMPZJHN3MX7J58GNOK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/C6OBP8KZOQ9Q2XA3BUXGYQ6W85JG7IQU.dex --oat-file=/data/user/0/<Package>/cache/<Package>/C6OBP8KZOQ9Q2XA3BUXGYQ6W85JG7IQU.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D4KRCWYFQJ4FBPWE1C6DUSS63XGW5K9A.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D4KRCWYFQJ4FBPWE1C6DUSS63XGW5K9A.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DJATC37SSR671U74ZXPZPX8RHLRQE5YQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DJATC37SSR671U74ZXPZPX8RHLRQE5YQ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/EJXYMJF2FVDE59E5QW8084P1HHL0N0ZL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/EJXYMJF2FVDE59E5QW8084P1HHL0N0ZL.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FV3W7LU0E6S7P1TRINF55MGSVUH4AQT6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FV3W7LU0E6S7P1TRINF55MGSVUH4AQT6.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FY05DA531Q3VAICB15AIYODNUXC2SD4I.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FY05DA531Q3VAICB15AIYODNUXC2SD4I.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FYAXIIS58TELX368JA87W2ECDV2AJQB4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FYAXIIS58TELX368JA87W2ECDV2AJQB4.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HKMBBO3HV81DOWEH3BOCKUFL07YWARAC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HKMBBO3HV81DOWEH3BOCKUFL07YWARAC.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HZ50U95W5NM7JING4RYX73RHD2GHS77R.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HZ50U95W5NM7JING4RYX73RHD2GHS77R.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/JK2BN4CJ0CE32UZUVL9X51UAEMQT49SQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/JK2BN4CJ0CE32UZUVL9X51UAEMQT49SQ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/O5R84PPG1DFSZF4J0UQEMEJ3BBVM5YLF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/O5R84PPG1DFSZF4J0UQEMEJ3BBVM5YLF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ONXEMRQ4U7K4RJ9CUYZZ39QO3QLZPILF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ONXEMRQ4U7K4RJ9CUYZZ39QO3QLZPILF.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/QLVWKPGQWLMMPLNYGKTXDFGQ1W3XFOJ9.dex --oat-file=/data/user/0/<Package>/cache/<Package>/QLVWKPGQWLMMPLNYGKTXDFGQ1W3XFOJ9.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RQIX6M0DOPQTH364V2O3O2Y0L7MIV67C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RQIX6M0DOPQTH364V2O3O2Y0L7MIV67C.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RW6VJOS7O46RQMZE3LPH1H26EIYLS1CQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RW6VJOS7O46RQMZE3LPH1H26EIYLS1CQ.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/TQWL5AMDMEGXC0985JRB3ROCOGKFMNEK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/TQWL5AMDMEGXC0985JRB3ROCOGKFMNEK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VDJE0JV2VDK15SPEEPO75DHJN8IV29D1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VDJE0JV2VDK15SPEEPO75DHJN8IV29D1.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VXGZMDTM69G9BW5UTVF9B7ATVZHKSB40.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VXGZMDTM69G9BW5UTVF9B7ATVZHKSB40.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WXVS095495NG37438U6YIU7ZRN3E9Q5V.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WXVS095495NG37438U6YIU7ZRN3E9Q5V.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/X601XUEXEY0H889KPVRNZR04WGWFAVAS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/X601XUEXEY0H889KPVRNZR04WGWFAVAS.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XD9ID7GQCWETBB79ODDNFW2IP0FY08NK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XD9ID7GQCWETBB79ODDNFW2IP0FY08NK.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XWENB8VP3OLD8KQXNR4G8U3PSJUG232C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XWENB8VP3OLD8KQXNR4G8U3PSJUG232C.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YD909HNSFWHGGQ1VYDRMBP5VOQ9XQ5U7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YD909HNSFWHGGQ1VYDRMBP5VOQ9XQ5U7.dex --compiler-filter=verify-none --instruction-set=x86
  • dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ZXV60VRMJDOTPC1YUHGFHDT7N8EBIP15.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ZXV60VRMJDOTPC1YUHGFHDT7N8EBIP15.dex --compiler-filter=verify-none --instruction-set=x86
  • getprop ro.dalvik.vm.isa.arm
  • getprop ro.dalvik.vm.isa.arm64
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/1F9GYX5CT323FEVKGVA9Z331P6SLOFNN.dex --oat-file=/data/user/0/<Package>/cache/<Package>/1F9GYX5CT323FEVKGVA9Z331P6SLOFNN.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/20RMDW0T58Z0EJKPKIQWUMLWEIKNNIFJ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/20RMDW0T58Z0EJKPKIQWUMLWEIKNNIFJ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/3Q2XAE4DSH2DXN6S7Y8R42E4PZII7QFG.dex --oat-file=/data/user/0/<Package>/cache/<Package>/3Q2XAE4DSH2DXN6S7Y8R42E4PZII7QFG.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/4KC5KMF9JJXOUUQ830S22JTP8FQXNV27.dex --oat-file=/data/user/0/<Package>/cache/<Package>/4KC5KMF9JJXOUUQ830S22JTP8FQXNV27.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/5TP6HRC6OWYHB7RHGTX73WQ6147YSCRK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/5TP6HRC6OWYHB7RHGTX73WQ6147YSCRK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/68Q5NYQ9A0FKGZSDTSBAOG42U3P2P4O0.dex --oat-file=/data/user/0/<Package>/cache/<Package>/68Q5NYQ9A0FKGZSDTSBAOG42U3P2P4O0.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/6L3KC1WIOPUM1572OWP9PZCQH4BTJOR5.dex --oat-file=/data/user/0/<Package>/cache/<Package>/6L3KC1WIOPUM1572OWP9PZCQH4BTJOR5.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/8V52M7YG2RK47VHGQIZVF92KRE9FX6TF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/8V52M7YG2RK47VHGQIZVF92KRE9FX6TF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/9DDU9NKQ0WA5VZN1GXT3RWEATWNE8KJ4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/9DDU9NKQ0WA5VZN1GXT3RWEATWNE8KJ4.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/AOA1R6QPYGVGCVG15G3M0GGM67L6LS4W.dex --oat-file=/data/user/0/<Package>/cache/<Package>/AOA1R6QPYGVGCVG15G3M0GGM67L6LS4W.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/B5KBI91I21K9RO5E5JNPZZYL3NTGKJ8O.dex --oat-file=/data/user/0/<Package>/cache/<Package>/B5KBI91I21K9RO5E5JNPZZYL3NTGKJ8O.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/BT0NA1P2M5S9JKXMPZJHN3MX7J58GNOK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/BT0NA1P2M5S9JKXMPZJHN3MX7J58GNOK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/C6OBP8KZOQ9Q2XA3BUXGYQ6W85JG7IQU.dex --oat-file=/data/user/0/<Package>/cache/<Package>/C6OBP8KZOQ9Q2XA3BUXGYQ6W85JG7IQU.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/D4KRCWYFQJ4FBPWE1C6DUSS63XGW5K9A.dex --oat-file=/data/user/0/<Package>/cache/<Package>/D4KRCWYFQJ4FBPWE1C6DUSS63XGW5K9A.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/DJATC37SSR671U74ZXPZPX8RHLRQE5YQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/DJATC37SSR671U74ZXPZPX8RHLRQE5YQ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/EJXYMJF2FVDE59E5QW8084P1HHL0N0ZL.dex --oat-file=/data/user/0/<Package>/cache/<Package>/EJXYMJF2FVDE59E5QW8084P1HHL0N0ZL.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FV3W7LU0E6S7P1TRINF55MGSVUH4AQT6.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FV3W7LU0E6S7P1TRINF55MGSVUH4AQT6.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FY05DA531Q3VAICB15AIYODNUXC2SD4I.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FY05DA531Q3VAICB15AIYODNUXC2SD4I.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/FYAXIIS58TELX368JA87W2ECDV2AJQB4.dex --oat-file=/data/user/0/<Package>/cache/<Package>/FYAXIIS58TELX368JA87W2ECDV2AJQB4.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HKMBBO3HV81DOWEH3BOCKUFL07YWARAC.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HKMBBO3HV81DOWEH3BOCKUFL07YWARAC.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/HZ50U95W5NM7JING4RYX73RHD2GHS77R.dex --oat-file=/data/user/0/<Package>/cache/<Package>/HZ50U95W5NM7JING4RYX73RHD2GHS77R.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/JK2BN4CJ0CE32UZUVL9X51UAEMQT49SQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/JK2BN4CJ0CE32UZUVL9X51UAEMQT49SQ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/O5R84PPG1DFSZF4J0UQEMEJ3BBVM5YLF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/O5R84PPG1DFSZF4J0UQEMEJ3BBVM5YLF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ONXEMRQ4U7K4RJ9CUYZZ39QO3QLZPILF.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ONXEMRQ4U7K4RJ9CUYZZ39QO3QLZPILF.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/QLVWKPGQWLMMPLNYGKTXDFGQ1W3XFOJ9.dex --oat-file=/data/user/0/<Package>/cache/<Package>/QLVWKPGQWLMMPLNYGKTXDFGQ1W3XFOJ9.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RQIX6M0DOPQTH364V2O3O2Y0L7MIV67C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RQIX6M0DOPQTH364V2O3O2Y0L7MIV67C.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/RW6VJOS7O46RQMZE3LPH1H26EIYLS1CQ.dex --oat-file=/data/user/0/<Package>/cache/<Package>/RW6VJOS7O46RQMZE3LPH1H26EIYLS1CQ.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/TQWL5AMDMEGXC0985JRB3ROCOGKFMNEK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/TQWL5AMDMEGXC0985JRB3ROCOGKFMNEK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VDJE0JV2VDK15SPEEPO75DHJN8IV29D1.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VDJE0JV2VDK15SPEEPO75DHJN8IV29D1.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/VXGZMDTM69G9BW5UTVF9B7ATVZHKSB40.dex --oat-file=/data/user/0/<Package>/cache/<Package>/VXGZMDTM69G9BW5UTVF9B7ATVZHKSB40.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/WXVS095495NG37438U6YIU7ZRN3E9Q5V.dex --oat-file=/data/user/0/<Package>/cache/<Package>/WXVS095495NG37438U6YIU7ZRN3E9Q5V.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/X601XUEXEY0H889KPVRNZR04WGWFAVAS.dex --oat-file=/data/user/0/<Package>/cache/<Package>/X601XUEXEY0H889KPVRNZR04WGWFAVAS.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XD9ID7GQCWETBB79ODDNFW2IP0FY08NK.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XD9ID7GQCWETBB79ODDNFW2IP0FY08NK.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/XWENB8VP3OLD8KQXNR4G8U3PSJUG232C.dex --oat-file=/data/user/0/<Package>/cache/<Package>/XWENB8VP3OLD8KQXNR4G8U3PSJUG232C.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/YD909HNSFWHGGQ1VYDRMBP5VOQ9XQ5U7.dex --oat-file=/data/user/0/<Package>/cache/<Package>/YD909HNSFWHGGQ1VYDRMBP5VOQ9XQ5U7.dex --compiler-filter=verify-none --instruction-set=x86
  • sh -c dex2oat --dex-file=/data/user/0/<Package>/app_payload_lib/<Package>/ZXV60VRMJDOTPC1YUHGFHDT7N8EBIP15.dex --oat-file=/data/user/0/<Package>/cache/<Package>/ZXV60VRMJDOTPC1YUHGFHDT7N8EBIP15.dex --compiler-filter=verify-none --instruction-set=x86
Loads the following dynamic libraries:
  • libcovault-appsec
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about installed apps.
Intercepts notifications.
Requests the system alert window permission.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play