Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Android.Siggen.Susp.5440

Added to the Dr.Web virus database: 2023-11-04

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Siggen.Susp.5436
  • Android.Siggen.Susp.571
Threat detection based on machine learning.
Network activity:
Connects to:
  • UDP(DNS) <Google DNS>
  • TCP(TLS/1.0) rr2---s####.g####.com:443
  • TCP(TLS/1.0) rr18---####.g####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) connect####.gst####.com:443
  • TCP(TLS/1.0) www.google####.com:443
  • TCP(TLS/1.2) 74.1####.205.138:443
  • TCP(TLS/1.2) www.google####.com:443
  • UDP and####.google####.com:443
DNS requests:
  • and####.a####.go####.com
  • and####.google####.com
  • connect####.gst####.com
  • gmscomp####.google####.com
  • p####.google####.com
  • rr18---####.g####.com
  • rr2---s####.g####.com
  • rr9---s####.g####.com
  • www.google####.com
File system changes:
Creates the following files:
  • /data/data/####/1paLCl7sF25pHYfWDvEaPIjpIuIMDM2j.dex
  • /data/data/####/1paLCl7sF25pHYfWDvEaPIjpIuIMDM2j.dex.flock (deleted)
  • /data/data/####/2Ntr0wPGr9OnmhXmys5WQpNAEiHx6yRy.dex
  • /data/data/####/2Ntr0wPGr9OnmhXmys5WQpNAEiHx6yRy.dex.flock (deleted)
  • /data/data/####/3ofSU38i3NPh5OtiouYIREJrSqF4xhXW.dex
  • /data/data/####/3wElkcWodJskn0hjl7DqmaTwewHJZ8IS.dex
  • /data/data/####/3wElkcWodJskn0hjl7DqmaTwewHJZ8IS.dex.flock (deleted)
  • /data/data/####/4H2Te38hnOA3gfKc0fqSDiDnznfa7LuI.dex
  • /data/data/####/4H2Te38hnOA3gfKc0fqSDiDnznfa7LuI.dex.flock (deleted)
  • /data/data/####/4jnuAVOF2WHJQq8wYa8LJN3fueFXnLqm.dex
  • /data/data/####/4kuOpNWk1d7ssXIv0eYvMMpNdj4GBvEq.dex
  • /data/data/####/4kuOpNWk1d7ssXIv0eYvMMpNdj4GBvEq.dex.flock (deleted)
  • /data/data/####/4vyB54CHCd4d4Epn0BDuIf8CVYRKKm8G.dex
  • /data/data/####/57bA7YgB9XaofAJupGSgfjjO5wIRqq6m.dex
  • /data/data/####/5JK4WJPVcV0YDQ5asKFWQ0gbfT9ZvPaH.dex
  • /data/data/####/5JK4WJPVcV0YDQ5asKFWQ0gbfT9ZvPaH.dex.flock (deleted)
  • /data/data/####/5hFQfUCwovk6bjscBMx06zhH9IL3nbTp.dex
  • /data/data/####/6uzRgfeA2da2tDDNNqakP9OoW0LWP49W.dex
  • /data/data/####/6uzRgfeA2da2tDDNNqakP9OoW0LWP49W.dex.flock (deleted)
  • /data/data/####/74lBCBzEKgODG1Uf5dZpkc7sfpN8qLpT.dex
  • /data/data/####/7DLxQftPd9PzR07YgZIhW7pynpRFLiLy.dex
  • /data/data/####/7DLxQftPd9PzR07YgZIhW7pynpRFLiLy.dex.flock (deleted)
  • /data/data/####/7eWprFHkYX4mdZVF20DxPyMwHpA6SYzD.dex
  • /data/data/####/7eWprFHkYX4mdZVF20DxPyMwHpA6SYzD.dex.flock (deleted)
  • /data/data/####/7kZfX6ewPKpLKJRaOKGTrBqhQxSd9TnB.dex
  • /data/data/####/7kZfX6ewPKpLKJRaOKGTrBqhQxSd9TnB.dex.flock (deleted)
  • /data/data/####/7uGpY37zDztKM4IJjoH01wRcNBphClIi.dex
  • /data/data/####/7wzIqTxU5UZXcm1YkjjApef8d1ugupVJ.dex
  • /data/data/####/7wzIqTxU5UZXcm1YkjjApef8d1ugupVJ.dex.flock (deleted)
  • /data/data/####/83wYF13pQxlDcAqA5qZyEcI0boC4r0S1.dex
  • /data/data/####/83wYF13pQxlDcAqA5qZyEcI0boC4r0S1.dex.flock (deleted)
  • /data/data/####/86eapg7Y2ms96KwbNCRBJP7PouCVhKI9.dex
  • /data/data/####/86eapg7Y2ms96KwbNCRBJP7PouCVhKI9.dex.flock (deleted)
  • /data/data/####/8oVMhoESJUCilSQaKuKrNzAUjQ57bccf.dex
  • /data/data/####/8spa6y5maapTmsjnQerjLlOlKasuCzXK.dex
  • /data/data/####/9W3iw0JzP1vEjHJqLnsIOheLF4R4ND04.dex
  • /data/data/####/9W3iw0JzP1vEjHJqLnsIOheLF4R4ND04.dex.flock (deleted)
  • /data/data/####/AYiaoHjKjSYGi2pU7JuavhmabiWHnWEd.dex
  • /data/data/####/AYiaoHjKjSYGi2pU7JuavhmabiWHnWEd.dex.flock (deleted)
  • /data/data/####/B7u7sfmOfP9ir9ebMYt2d2gujQUoHHA7.dex
  • /data/data/####/B7u7sfmOfP9ir9ebMYt2d2gujQUoHHA7.dex.flock (deleted)
  • /data/data/####/BMxSaINSEhiTyqTgtFopkKZv71I9MH4R.dex
  • /data/data/####/BtJ7TynSyymXc02f1Rm2BJhYbsfcSJuD.dex
  • /data/data/####/CNX5TF8ehygpRpaBla1aj31CwmPrG8Xs.dex
  • /data/data/####/CNX5TF8ehygpRpaBla1aj31CwmPrG8Xs.dex.flock (deleted)
  • /data/data/####/Co2rGt9MwwE4deYsdYAda6D0QJLjiwzK.dex
  • /data/data/####/Co2rGt9MwwE4deYsdYAda6D0QJLjiwzK.dex.flock (deleted)
  • /data/data/####/CpKxK5C9lizPNC5o6fpSJoR0EFk5gnoE.dex
  • /data/data/####/DS0EFnmu87eXvVM5N7XKpVyFJ8sMSuqZ.dex
  • /data/data/####/DS0EFnmu87eXvVM5N7XKpVyFJ8sMSuqZ.dex.flock (deleted)
  • /data/data/####/DUB1M9qzF5iV1CxDxA9z7oRkGW8J0pn3.dex
  • /data/data/####/DjaNNWA5VEm8kSHx6XWHmBS8NSzQqL7N.dex
  • /data/data/####/EKBJh3lBgRtEEeMpCWdQIggRsVvdjmjE.dex
  • /data/data/####/EqW7DZX38vtNsruJtU8z0nBB5qkS6Qbe.dex
  • /data/data/####/FFABhG7kbiQqer4DMsLW1UObuRdd1F6B.dex
  • /data/data/####/FZ5PzBLGKujqWjYcydx42BAFGunblYTF.dex
  • /data/data/####/FwWT9sNvzudfSQRlOq3DbPGlO4r1UD0i.dex
  • /data/data/####/FwWT9sNvzudfSQRlOq3DbPGlO4r1UD0i.dex.flock (deleted)
  • /data/data/####/HBacS3gWLm002jMQbNwTzpfJqWTC9oWB.dex
  • /data/data/####/HBacS3gWLm002jMQbNwTzpfJqWTC9oWB.dex.flock (deleted)
  • /data/data/####/HGbvMVovOg60L4iDEKtwKZJl5EUOTmJ0.dex
  • /data/data/####/Ha5Dzi3mLO5e1yuo24WKfJfpC7xvPgGC.dex
  • /data/data/####/Ha5Dzi3mLO5e1yuo24WKfJfpC7xvPgGC.dex.flock (deleted)
  • /data/data/####/HhQ8OXSsgxMLCcj0adaarnrftimlFNE7.dex
  • /data/data/####/HhQ8OXSsgxMLCcj0adaarnrftimlFNE7.dex.flock (deleted)
  • /data/data/####/HpdxCchbjEf530g9RMoiVEOTF0JGup4N.dex
  • /data/data/####/HpdxCchbjEf530g9RMoiVEOTF0JGup4N.dex.flock (deleted)
  • /data/data/####/Hvd1pluhbIX2GV1cvrf90s6L5xKDRNV1.dex
  • /data/data/####/I5IyDrE4EUp56B69aCxiEIHgf8ulRuEw.dex
  • /data/data/####/JGSxAOO2mqenrDjFaaGwmeLf3t8jCkKj.dex
  • /data/data/####/JGSxAOO2mqenrDjFaaGwmeLf3t8jCkKj.dex.flock (deleted)
  • /data/data/####/JKWHnHpyer1L0GDYLNBHlYaxipu3GnF0.dex
  • /data/data/####/JtegTY10QUC4U18QMEPpBiPT6sUfcLJQ.dex
  • /data/data/####/K1tT8g4O5IdvXpsfhIPtZLy5CDnhO3yF.dex
  • /data/data/####/K1tT8g4O5IdvXpsfhIPtZLy5CDnhO3yF.dex.flock (deleted)
  • /data/data/####/KAetDB5LwUwzfEB9omoax0pPEsnl7g94.dex
  • /data/data/####/KMYWFLQxJPFB2T4FIH18AQ3Mu3ChqyU5.dex
  • /data/data/####/KMYWFLQxJPFB2T4FIH18AQ3Mu3ChqyU5.dex.flock (deleted)
  • /data/data/####/LgCiH9lTwQJ0hp1ul40cl8d7xWFoHGaE.dex
  • /data/data/####/MBimsuchwYn4F2sEdIMIpyhAqWk3rSYD.dex
  • /data/data/####/MBimsuchwYn4F2sEdIMIpyhAqWk3rSYD.dex.flock (deleted)
  • /data/data/####/MkftbPuIqWtvtkTywx0VlGKWhLPumLju.dex
  • /data/data/####/PTzATeLuDtrxNIcojplvthQX6ASJT82n.dex
  • /data/data/####/Pw9g1VrpnLiBDBZ4HyYw2JtNojfiMGr0.dex
  • /data/data/####/Pw9g1VrpnLiBDBZ4HyYw2JtNojfiMGr0.dex.flock (deleted)
  • /data/data/####/Q7Bk1dCP9NfvYD7SMylZ2OoBOYKxJi7Q.dex
  • /data/data/####/QCFtTocHKXQqTPuueYcVIuo627sqbV3u.dex
  • /data/data/####/QCFtTocHKXQqTPuueYcVIuo627sqbV3u.dex.flock (deleted)
  • /data/data/####/QmZVPeC2ZjkxwZX0ubP5WYdEWNTHCpff.dex
  • /data/data/####/Qu73NOGMrsMCzQOVrmB9PWG7wb8LYNHw.dex
  • /data/data/####/Qu73NOGMrsMCzQOVrmB9PWG7wb8LYNHw.dex.flock (deleted)
  • /data/data/####/RQSLUqdzN8ZnJhQSaHDOSDcRqeMHL3Ra.dex
  • /data/data/####/S92d3c3X64gXS8uU713mcxJqBI7H1a0i.dex
  • /data/data/####/S92d3c3X64gXS8uU713mcxJqBI7H1a0i.dex.flock (deleted)
  • /data/data/####/SNOfeNFx0qwcIHqeJNVqOGUedqYtdIMl.dex
  • /data/data/####/SNOfeNFx0qwcIHqeJNVqOGUedqYtdIMl.dex.flock (deleted)
  • /data/data/####/T8rauYZeo1vdpZQIMPRTJJl8n8P5IsLk.dex
  • /data/data/####/T8rauYZeo1vdpZQIMPRTJJl8n8P5IsLk.dex.flock (deleted)
  • /data/data/####/UW9TbtCWkfsL5dhM70wFsQdKVqTcUarp.dex
  • /data/data/####/UW9TbtCWkfsL5dhM70wFsQdKVqTcUarp.dex.flock (deleted)
  • /data/data/####/UZrZNK8uEMeELTUQmDH6BZaaA4fQS0D1.dex
  • /data/data/####/UZrZNK8uEMeELTUQmDH6BZaaA4fQS0D1.dex.flock (deleted)
  • /data/data/####/UlgHY59YKEp5FiFwmLtTEFlrHgoiGBfH.dex
  • /data/data/####/UodWuT4EgDmueEwzn50NO28w4LnJn3x6.dex
  • /data/data/####/UpI82p6KcK8HgWhG95ZybfDjKblOzeU2.dex
  • /data/data/####/VXXtqLZg2yOjaAE68r66UWuBdiNFJIcN.dex
  • /data/data/####/VermOCdZHj6mqkurb9ZynmcnxFvokWC3.dex
  • /data/data/####/VuKvN0XRujQ1r2my5CI3NBAudVQJPmRJ.dex
  • /data/data/####/VuKvN0XRujQ1r2my5CI3NBAudVQJPmRJ.dex.flock (deleted)
  • /data/data/####/WKb1Nnk8edGAbNgmwwOclQm57EwE2hGZ.dex
  • /data/data/####/WKb1Nnk8edGAbNgmwwOclQm57EwE2hGZ.dex.flock (deleted)
  • /data/data/####/WwENKePcWjNynGjQF1MTWeyfIy9BCoi2.dex
  • /data/data/####/WwENKePcWjNynGjQF1MTWeyfIy9BCoi2.dex.flock (deleted)
  • /data/data/####/X3lCPCWP2DIl4OXzWEC8hLLEOiNrSJIt.dex
  • /data/data/####/XuAtlGnJs9Wp3dRlkXVTaacezlCftT2x.dex
  • /data/data/####/YZylyVKq6dtseb93zh2e98rFjFgzOGuM.dex
  • /data/data/####/YZylyVKq6dtseb93zh2e98rFjFgzOGuM.dex.flock (deleted)
  • /data/data/####/YqEQO4OeQ8VC7tskgUiiqnCKx7sVmxQg.dex
  • /data/data/####/YqEQO4OeQ8VC7tskgUiiqnCKx7sVmxQg.dex.flock (deleted)
  • /data/data/####/Z0zkJJB0SkcU4zUt6cJE6HY438geFuf4.dex
  • /data/data/####/Z0zkJJB0SkcU4zUt6cJE6HY438geFuf4.dex.flock (deleted)
  • /data/data/####/Z8sjdtXGbSu9qxeV6JDXzT4sX4nPMsnk.dex
  • /data/data/####/ZDm3DmbjXaXbdl5MOaFqLBxrRiEAUQ81.dex
  • /data/data/####/ZDm3DmbjXaXbdl5MOaFqLBxrRiEAUQ81.dex.flock (deleted)
  • /data/data/####/Zcvrpsv1mj9zapS5H48CG3yWdlJRQpCR.dex
  • /data/data/####/Zcvrpsv1mj9zapS5H48CG3yWdlJRQpCR.dex.flock (deleted)
  • /data/data/####/a5VDWP0VCULr71aulwSRgTxMkCHFkeYq.dex
  • /data/data/####/ab1CLlgGnpREjlPG6puG8dqnfeZpGLKs.dex
  • /data/data/####/ab1CLlgGnpREjlPG6puG8dqnfeZpGLKs.dex.flock (deleted)
  • /data/data/####/bEY16ImTyhnMfYdE7j1Pw0pvXxXbV1re.dex
  • /data/data/####/bf59nncLT1ZBicsssQhzajNfFBRqmaFk.dex
  • /data/data/####/bf59nncLT1ZBicsssQhzajNfFBRqmaFk.dex.flock (deleted)
  • /data/data/####/d3AVsc5zh5FpzlA7gykXTIrQCM6MyMMX.dex
  • /data/data/####/dT775cU8bNJUKSd7jSZjWTKGkPy6740Q.dex
  • /data/data/####/dcAmljfmGmN8FF0sTSlxCE3sHspBKaBS.dex
  • /data/data/####/dcAmljfmGmN8FF0sTSlxCE3sHspBKaBS.dex.flock (deleted)
  • /data/data/####/e7vkF5LdgQpZrMrpA1sZcfKG1bSdAbht.dex
  • /data/data/####/eHCvXL7mirCU7ZHgbpftDBePFZxUAYH2.dex
  • /data/data/####/eHCvXL7mirCU7ZHgbpftDBePFZxUAYH2.dex.flock (deleted)
  • /data/data/####/eTS4CRnHw6j4mXpfvP0QDFMNQix1Nfkf.dex
  • /data/data/####/eWMhpy76BsPFgNJoZ105JnwHsU0wWeMu.dex
  • /data/data/####/eWMhpy76BsPFgNJoZ105JnwHsU0wWeMu.dex.flock (deleted)
  • /data/data/####/ecEyoEUwxaoqwdlfoJvSYQamLK4i7BgU.dex
  • /data/data/####/ecEyoEUwxaoqwdlfoJvSYQamLK4i7BgU.dex.flock (deleted)
  • /data/data/####/elKY3TgqxrXuyJJcSSuerkieoRBaAUlH.dex
  • /data/data/####/fBXC6jrYymgRgtIVflAI90mxhweX5lXl.dex
  • /data/data/####/fU3Xis3eAGubOA52PGaVpXgJwo73UpDi.dex
  • /data/data/####/fWEpT2qDsFHSUOZqynmk5GP3wuMgfAWw.dex
  • /data/data/####/fWEpT2qDsFHSUOZqynmk5GP3wuMgfAWw.dex.flock (deleted)
  • /data/data/####/fd8xXLacsikKsdvP48BbCdoiQBkZQz0c.dex
  • /data/data/####/fd8xXLacsikKsdvP48BbCdoiQBkZQz0c.dex.flock (deleted)
  • /data/data/####/fgAmqIhue9SVIjXiCAuXz3BYl84BEKuC.dex
  • /data/data/####/fgAmqIhue9SVIjXiCAuXz3BYl84BEKuC.dex.flock (deleted)
  • /data/data/####/g19UIXHBDBvZTLnXkUpcDM3ivgq4q89x.dex
  • /data/data/####/g19UIXHBDBvZTLnXkUpcDM3ivgq4q89x.dex.flock (deleted)
  • /data/data/####/hEH4lQKv6Vaf0P1UgV2N57Yo7C8wkSMp.dex
  • /data/data/####/iDLo1B9lhrlptFvhH4GzziaXfH22b7Ag.dex
  • /data/data/####/iW5VfUd0zHs2Q7xVSYRKLpsezZOPL5ku.dex
  • /data/data/####/iys4s2EeR44yU8PngHpF4q2t53dn6x7U.dex
  • /data/data/####/iys4s2EeR44yU8PngHpF4q2t53dn6x7U.dex.flock (deleted)
  • /data/data/####/kEt5XK46bKsUPFhTB4wqp45zLly31Kia.dex
  • /data/data/####/llsD4HlpH3YGL0t0nAySQWZJsIe9GhCY.dex
  • /data/data/####/llsD4HlpH3YGL0t0nAySQWZJsIe9GhCY.dex.flock (deleted)
  • /data/data/####/mXi1TuwxBO0GtA4hosjkZOeR7OHYarCK.dex
  • /data/data/####/nP22Eh1VVPLY2n5twbUNRTNX6uhbUDtu.dex
  • /data/data/####/nTe4n9yfJclTGagD63TwDa8mWXovkQzl.dex
  • /data/data/####/obzSTUE3F5htbwXeAIRFPJku13nakQRo.dex
  • /data/data/####/obzSTUE3F5htbwXeAIRFPJku13nakQRo.dex.flock (deleted)
  • /data/data/####/p775TIwoxtohP9vKTuLaXWu4rMcESGyf.dex
  • /data/data/####/qv71tVydRMdfCFLo5Wnb0J2QkIvFKlES.dex
  • /data/data/####/qv71tVydRMdfCFLo5Wnb0J2QkIvFKlES.dex.flock (deleted)
  • /data/data/####/rYsCHdSMuh4RkLYNIFNg9QZ4dAqLuj08.dex
  • /data/data/####/rYsCHdSMuh4RkLYNIFNg9QZ4dAqLuj08.dex.flock (deleted)
  • /data/data/####/rerWO9Wz0fKpYCzcbA6Bner0skflq2QT.dex
  • /data/data/####/sJdawzb2uJ28HvmO2EWcDaTbRVzEBBUI.dex
  • /data/data/####/tw6soh2o7X7rilxWWlRxR4SN7OeJgUP7.dex
  • /data/data/####/tw6soh2o7X7rilxWWlRxR4SN7OeJgUP7.dex.flock (deleted)
  • /data/data/####/vjvdhqP515Yi95rXY02uQS5oojjsQhLn.dex
  • /data/data/####/wA2uPzAbO64ftCys7RDPQrrQIh6kvpuq.dex
  • /data/data/####/wA2uPzAbO64ftCys7RDPQrrQIh6kvpuq.dex.flock (deleted)
  • /data/data/####/xi4n4olo9USNWUsOZymnZspQG1vQAt8k.dex
  • /data/data/####/zzHQtcJ8Ohp1PqGrBY0niu4eXUiJSseD.dex
  • /data/data/####/zzHQtcJ8Ohp1PqGrBY0niu4eXUiJSseD.dex.flock (deleted)
  • /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
  • logcat
  • logcat -c
  • rm -r/data/user/0/<Package>/app_ded/1paLCl7sF25pHYfWDvEaPIjpIuIMDM2j.dex
  • rm -r/data/user/0/<Package>/app_ded/2Ntr0wPGr9OnmhXmys5WQpNAEiHx6yRy.dex
  • rm -r/data/user/0/<Package>/app_ded/3wElkcWodJskn0hjl7DqmaTwewHJZ8IS.dex
  • rm -r/data/user/0/<Package>/app_ded/4H2Te38hnOA3gfKc0fqSDiDnznfa7LuI.dex
  • rm -r/data/user/0/<Package>/app_ded/4jnuAVOF2WHJQq8wYa8LJN3fueFXnLqm.dex
  • rm -r/data/user/0/<Package>/app_ded/4kuOpNWk1d7ssXIv0eYvMMpNdj4GBvEq.dex
  • rm -r/data/user/0/<Package>/app_ded/4vyB54CHCd4d4Epn0BDuIf8CVYRKKm8G.dex
  • rm -r/data/user/0/<Package>/app_ded/5JK4WJPVcV0YDQ5asKFWQ0gbfT9ZvPaH.dex
  • rm -r/data/user/0/<Package>/app_ded/5hFQfUCwovk6bjscBMx06zhH9IL3nbTp.dex
  • rm -r/data/user/0/<Package>/app_ded/6uzRgfeA2da2tDDNNqakP9OoW0LWP49W.dex
  • rm -r/data/user/0/<Package>/app_ded/7DLxQftPd9PzR07YgZIhW7pynpRFLiLy.dex
  • rm -r/data/user/0/<Package>/app_ded/7eWprFHkYX4mdZVF20DxPyMwHpA6SYzD.dex
  • rm -r/data/user/0/<Package>/app_ded/7kZfX6ewPKpLKJRaOKGTrBqhQxSd9TnB.dex
  • rm -r/data/user/0/<Package>/app_ded/7uGpY37zDztKM4IJjoH01wRcNBphClIi.dex
  • rm -r/data/user/0/<Package>/app_ded/7wzIqTxU5UZXcm1YkjjApef8d1ugupVJ.dex
  • rm -r/data/user/0/<Package>/app_ded/83wYF13pQxlDcAqA5qZyEcI0boC4r0S1.dex
  • rm -r/data/user/0/<Package>/app_ded/86eapg7Y2ms96KwbNCRBJP7PouCVhKI9.dex
  • rm -r/data/user/0/<Package>/app_ded/8oVMhoESJUCilSQaKuKrNzAUjQ57bccf.dex
  • rm -r/data/user/0/<Package>/app_ded/8spa6y5maapTmsjnQerjLlOlKasuCzXK.dex
  • rm -r/data/user/0/<Package>/app_ded/9W3iw0JzP1vEjHJqLnsIOheLF4R4ND04.dex
  • rm -r/data/user/0/<Package>/app_ded/AYiaoHjKjSYGi2pU7JuavhmabiWHnWEd.dex
  • rm -r/data/user/0/<Package>/app_ded/B7u7sfmOfP9ir9ebMYt2d2gujQUoHHA7.dex
  • rm -r/data/user/0/<Package>/app_ded/BMxSaINSEhiTyqTgtFopkKZv71I9MH4R.dex
  • rm -r/data/user/0/<Package>/app_ded/BtJ7TynSyymXc02f1Rm2BJhYbsfcSJuD.dex
  • rm -r/data/user/0/<Package>/app_ded/CNX5TF8ehygpRpaBla1aj31CwmPrG8Xs.dex
  • rm -r/data/user/0/<Package>/app_ded/Co2rGt9MwwE4deYsdYAda6D0QJLjiwzK.dex
  • rm -r/data/user/0/<Package>/app_ded/CpKxK5C9lizPNC5o6fpSJoR0EFk5gnoE.dex
  • rm -r/data/user/0/<Package>/app_ded/DS0EFnmu87eXvVM5N7XKpVyFJ8sMSuqZ.dex
  • rm -r/data/user/0/<Package>/app_ded/DUB1M9qzF5iV1CxDxA9z7oRkGW8J0pn3.dex
  • rm -r/data/user/0/<Package>/app_ded/DjaNNWA5VEm8kSHx6XWHmBS8NSzQqL7N.dex
  • rm -r/data/user/0/<Package>/app_ded/EKBJh3lBgRtEEeMpCWdQIggRsVvdjmjE.dex
  • rm -r/data/user/0/<Package>/app_ded/EqW7DZX38vtNsruJtU8z0nBB5qkS6Qbe.dex
  • rm -r/data/user/0/<Package>/app_ded/FFABhG7kbiQqer4DMsLW1UObuRdd1F6B.dex
  • rm -r/data/user/0/<Package>/app_ded/FZ5PzBLGKujqWjYcydx42BAFGunblYTF.dex
  • rm -r/data/user/0/<Package>/app_ded/FwWT9sNvzudfSQRlOq3DbPGlO4r1UD0i.dex
  • rm -r/data/user/0/<Package>/app_ded/HBacS3gWLm002jMQbNwTzpfJqWTC9oWB.dex
  • rm -r/data/user/0/<Package>/app_ded/HGbvMVovOg60L4iDEKtwKZJl5EUOTmJ0.dex
  • rm -r/data/user/0/<Package>/app_ded/Ha5Dzi3mLO5e1yuo24WKfJfpC7xvPgGC.dex
  • rm -r/data/user/0/<Package>/app_ded/HhQ8OXSsgxMLCcj0adaarnrftimlFNE7.dex
  • rm -r/data/user/0/<Package>/app_ded/HpdxCchbjEf530g9RMoiVEOTF0JGup4N.dex
  • rm -r/data/user/0/<Package>/app_ded/Hvd1pluhbIX2GV1cvrf90s6L5xKDRNV1.dex
  • rm -r/data/user/0/<Package>/app_ded/I5IyDrE4EUp56B69aCxiEIHgf8ulRuEw.dex
  • rm -r/data/user/0/<Package>/app_ded/JGSxAOO2mqenrDjFaaGwmeLf3t8jCkKj.dex
  • rm -r/data/user/0/<Package>/app_ded/JKWHnHpyer1L0GDYLNBHlYaxipu3GnF0.dex
  • rm -r/data/user/0/<Package>/app_ded/JtegTY10QUC4U18QMEPpBiPT6sUfcLJQ.dex
  • rm -r/data/user/0/<Package>/app_ded/K1tT8g4O5IdvXpsfhIPtZLy5CDnhO3yF.dex
  • rm -r/data/user/0/<Package>/app_ded/KAetDB5LwUwzfEB9omoax0pPEsnl7g94.dex
  • rm -r/data/user/0/<Package>/app_ded/KMYWFLQxJPFB2T4FIH18AQ3Mu3ChqyU5.dex
  • rm -r/data/user/0/<Package>/app_ded/MBimsuchwYn4F2sEdIMIpyhAqWk3rSYD.dex
  • rm -r/data/user/0/<Package>/app_ded/MkftbPuIqWtvtkTywx0VlGKWhLPumLju.dex
  • rm -r/data/user/0/<Package>/app_ded/PTzATeLuDtrxNIcojplvthQX6ASJT82n.dex
  • rm -r/data/user/0/<Package>/app_ded/Pw9g1VrpnLiBDBZ4HyYw2JtNojfiMGr0.dex
  • rm -r/data/user/0/<Package>/app_ded/Q7Bk1dCP9NfvYD7SMylZ2OoBOYKxJi7Q.dex
  • rm -r/data/user/0/<Package>/app_ded/QCFtTocHKXQqTPuueYcVIuo627sqbV3u.dex
  • rm -r/data/user/0/<Package>/app_ded/QmZVPeC2ZjkxwZX0ubP5WYdEWNTHCpff.dex
  • rm -r/data/user/0/<Package>/app_ded/Qu73NOGMrsMCzQOVrmB9PWG7wb8LYNHw.dex
  • rm -r/data/user/0/<Package>/app_ded/RQSLUqdzN8ZnJhQSaHDOSDcRqeMHL3Ra.dex
  • rm -r/data/user/0/<Package>/app_ded/S92d3c3X64gXS8uU713mcxJqBI7H1a0i.dex
  • rm -r/data/user/0/<Package>/app_ded/SNOfeNFx0qwcIHqeJNVqOGUedqYtdIMl.dex
  • rm -r/data/user/0/<Package>/app_ded/T8rauYZeo1vdpZQIMPRTJJl8n8P5IsLk.dex
  • rm -r/data/user/0/<Package>/app_ded/UW9TbtCWkfsL5dhM70wFsQdKVqTcUarp.dex
  • rm -r/data/user/0/<Package>/app_ded/UZrZNK8uEMeELTUQmDH6BZaaA4fQS0D1.dex
  • rm -r/data/user/0/<Package>/app_ded/UodWuT4EgDmueEwzn50NO28w4LnJn3x6.dex
  • rm -r/data/user/0/<Package>/app_ded/UpI82p6KcK8HgWhG95ZybfDjKblOzeU2.dex
  • rm -r/data/user/0/<Package>/app_ded/VXXtqLZg2yOjaAE68r66UWuBdiNFJIcN.dex
  • rm -r/data/user/0/<Package>/app_ded/VuKvN0XRujQ1r2my5CI3NBAudVQJPmRJ.dex
  • rm -r/data/user/0/<Package>/app_ded/WKb1Nnk8edGAbNgmwwOclQm57EwE2hGZ.dex
  • rm -r/data/user/0/<Package>/app_ded/WwENKePcWjNynGjQF1MTWeyfIy9BCoi2.dex
  • rm -r/data/user/0/<Package>/app_ded/X3lCPCWP2DIl4OXzWEC8hLLEOiNrSJIt.dex
  • rm -r/data/user/0/<Package>/app_ded/XuAtlGnJs9Wp3dRlkXVTaacezlCftT2x.dex
  • rm -r/data/user/0/<Package>/app_ded/YZylyVKq6dtseb93zh2e98rFjFgzOGuM.dex
  • rm -r/data/user/0/<Package>/app_ded/YqEQO4OeQ8VC7tskgUiiqnCKx7sVmxQg.dex
  • rm -r/data/user/0/<Package>/app_ded/Z0zkJJB0SkcU4zUt6cJE6HY438geFuf4.dex
  • rm -r/data/user/0/<Package>/app_ded/ZDm3DmbjXaXbdl5MOaFqLBxrRiEAUQ81.dex
  • rm -r/data/user/0/<Package>/app_ded/Zcvrpsv1mj9zapS5H48CG3yWdlJRQpCR.dex
  • rm -r/data/user/0/<Package>/app_ded/a5VDWP0VCULr71aulwSRgTxMkCHFkeYq.dex
  • rm -r/data/user/0/<Package>/app_ded/ab1CLlgGnpREjlPG6puG8dqnfeZpGLKs.dex
  • rm -r/data/user/0/<Package>/app_ded/bEY16ImTyhnMfYdE7j1Pw0pvXxXbV1re.dex
  • rm -r/data/user/0/<Package>/app_ded/bf59nncLT1ZBicsssQhzajNfFBRqmaFk.dex
  • rm -r/data/user/0/<Package>/app_ded/d3AVsc5zh5FpzlA7gykXTIrQCM6MyMMX.dex
  • rm -r/data/user/0/<Package>/app_ded/dT775cU8bNJUKSd7jSZjWTKGkPy6740Q.dex
  • rm -r/data/user/0/<Package>/app_ded/dcAmljfmGmN8FF0sTSlxCE3sHspBKaBS.dex
  • rm -r/data/user/0/<Package>/app_ded/e7vkF5LdgQpZrMrpA1sZcfKG1bSdAbht.dex
  • rm -r/data/user/0/<Package>/app_ded/eHCvXL7mirCU7ZHgbpftDBePFZxUAYH2.dex
  • rm -r/data/user/0/<Package>/app_ded/eTS4CRnHw6j4mXpfvP0QDFMNQix1Nfkf.dex
  • rm -r/data/user/0/<Package>/app_ded/eWMhpy76BsPFgNJoZ105JnwHsU0wWeMu.dex
  • rm -r/data/user/0/<Package>/app_ded/ecEyoEUwxaoqwdlfoJvSYQamLK4i7BgU.dex
  • rm -r/data/user/0/<Package>/app_ded/elKY3TgqxrXuyJJcSSuerkieoRBaAUlH.dex
  • rm -r/data/user/0/<Package>/app_ded/fBXC6jrYymgRgtIVflAI90mxhweX5lXl.dex
  • rm -r/data/user/0/<Package>/app_ded/fU3Xis3eAGubOA52PGaVpXgJwo73UpDi.dex
  • rm -r/data/user/0/<Package>/app_ded/fWEpT2qDsFHSUOZqynmk5GP3wuMgfAWw.dex
  • rm -r/data/user/0/<Package>/app_ded/fd8xXLacsikKsdvP48BbCdoiQBkZQz0c.dex
  • rm -r/data/user/0/<Package>/app_ded/fgAmqIhue9SVIjXiCAuXz3BYl84BEKuC.dex
  • rm -r/data/user/0/<Package>/app_ded/g19UIXHBDBvZTLnXkUpcDM3ivgq4q89x.dex
  • rm -r/data/user/0/<Package>/app_ded/hEH4lQKv6Vaf0P1UgV2N57Yo7C8wkSMp.dex
  • rm -r/data/user/0/<Package>/app_ded/iDLo1B9lhrlptFvhH4GzziaXfH22b7Ag.dex
  • rm -r/data/user/0/<Package>/app_ded/iW5VfUd0zHs2Q7xVSYRKLpsezZOPL5ku.dex
  • rm -r/data/user/0/<Package>/app_ded/iys4s2EeR44yU8PngHpF4q2t53dn6x7U.dex
  • rm -r/data/user/0/<Package>/app_ded/kEt5XK46bKsUPFhTB4wqp45zLly31Kia.dex
  • rm -r/data/user/0/<Package>/app_ded/llsD4HlpH3YGL0t0nAySQWZJsIe9GhCY.dex
  • rm -r/data/user/0/<Package>/app_ded/mXi1TuwxBO0GtA4hosjkZOeR7OHYarCK.dex
  • rm -r/data/user/0/<Package>/app_ded/nP22Eh1VVPLY2n5twbUNRTNX6uhbUDtu.dex
  • rm -r/data/user/0/<Package>/app_ded/nTe4n9yfJclTGagD63TwDa8mWXovkQzl.dex
  • rm -r/data/user/0/<Package>/app_ded/obzSTUE3F5htbwXeAIRFPJku13nakQRo.dex
  • rm -r/data/user/0/<Package>/app_ded/p775TIwoxtohP9vKTuLaXWu4rMcESGyf.dex
  • rm -r/data/user/0/<Package>/app_ded/qv71tVydRMdfCFLo5Wnb0J2QkIvFKlES.dex
  • rm -r/data/user/0/<Package>/app_ded/rYsCHdSMuh4RkLYNIFNg9QZ4dAqLuj08.dex
  • rm -r/data/user/0/<Package>/app_ded/rerWO9Wz0fKpYCzcbA6Bner0skflq2QT.dex
  • rm -r/data/user/0/<Package>/app_ded/sJdawzb2uJ28HvmO2EWcDaTbRVzEBBUI.dex
  • rm -r/data/user/0/<Package>/app_ded/tw6soh2o7X7rilxWWlRxR4SN7OeJgUP7.dex
  • rm -r/data/user/0/<Package>/app_ded/vjvdhqP515Yi95rXY02uQS5oojjsQhLn.dex
  • rm -r/data/user/0/<Package>/app_ded/wA2uPzAbO64ftCys7RDPQrrQIh6kvpuq.dex
  • rm -r/data/user/0/<Package>/app_ded/xi4n4olo9USNWUsOZymnZspQG1vQAt8k.dex
  • rm -r/data/user/0/<Package>/app_ded/zzHQtcJ8Ohp1PqGrBY0niu4eXUiJSseD.dex
Uses the following algorithms to decrypt data:
  • AES
  • AES-ECB-PKCS5Padding
Displays its own windows over windows of other apps.

Curing recommendations


Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android