DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Android.Joker.1918

Added to the Dr.Web virus database: 2022-11-27

Virus description added:

Technical information

Malicious functions:
Executes code of the following detected threats:
  • Android.Joker.422.origin
Network activity:
Connects to:
  • UDP(DNS) 8####.8.4.4:53
  • TCP(HTTP/1.1) 1####.92.226.36:80
  • TCP(HTTP/1.1) api.elf####.com:80
  • UDP(NTP) 2.and####.p####.####.org:123
  • TCP(TLS/1.0) ap####.period-####.com:443
  • TCP(TLS/1.0) app-mea####.com:443
  • TCP(TLS/1.0) and####.a####.go####.com:443
  • TCP(TLS/1.0) ad.l####.app:443
  • TCP(TLS/1.0) and####.google####.com:443
  • TCP(TLS/1.0) googl####.g.doublec####.net:443
  • TCP(TLS/1.0) reso####.l####.app:443
  • TCP(TLS/1.0) g####.face####.com:443
  • TCP(TLS/1.0) firebas####.crashly####.com:443
  • TCP(TLS/1.2) 64.2####.165.94:443
  • UDP and####.google####.com:443
DNS requests:
  • 2.and####.p####.####.org
  • ad.l####.app
  • and####.a####.go####.com
  • and####.google####.com
  • ap####.period-####.com
  • api.elf####.com
  • app-mea####.com
  • firebas####.crashly####.com
  • firebas####.google####.com
  • g####.face####.com
  • googl####.g.doublec####.net
  • m####.go####.com
  • reso####.l####.app
  • www.google####.com
HTTP GET requests:
  • ad.l####.app:443/images/WomenFitness/cover/en/mdpi/cover.png
  • ad.l####.app:443/images/WomenFitness/mdpi/icon.png
  • ad.l####.app:443/images/lose_belly_fat/cover/en/mdpi/cover.png
  • ad.l####.app:443/images/lose_belly_fat/mdpi/icon.png
  • firebas####.crashly####.com:443/spi/v2/platforms/android/gmp/1:274155938...
  • reso####.l####.app:443/tts/app/<Package>/man/en/e6d1a638da464501a6eabcb2...
  • reso####.l####.app:443/tts/app/<Package>/woman/en/base_data_v5_3.zip
  • reso####.l####.app:443/tts/app/<Package>/woman/en/e6d1a638da464501a6eabc...
  • reso####.l####.app:443/tts/woman/en/00560f483c5faf1db6e93e9d9db2d7d4
  • reso####.l####.app:443/tts/woman/en/02944c425e971daa0591a1d043891fe0
  • reso####.l####.app:443/tts/woman/en/05aa8fe27eb0c6bb025ceb0e9825bb38
  • reso####.l####.app:443/tts/woman/en/074e3d74ee4bd355de7ef95fcaf7a65a
  • reso####.l####.app:443/tts/woman/en/0e18aacc533daf38a1c560fb38d62300
  • reso####.l####.app:443/tts/woman/en/0ef85482dbf72abdcd49d8734b68c2c4
  • reso####.l####.app:443/tts/woman/en/10a91690a0523e7b9e42249f0046eb50
  • reso####.l####.app:443/tts/woman/en/114950e46e0e47d939572c6f5e6a6c38
  • reso####.l####.app:443/tts/woman/en/13a710c5cfe69cd45dc443a89edd5fe5
  • reso####.l####.app:443/tts/woman/en/1cd8f1e2f607b29f80d98521fe814225
  • reso####.l####.app:443/tts/woman/en/202e422d6a6eb04120505bbd0a4a0284
  • reso####.l####.app:443/tts/woman/en/20bf1cdf7560e08dd9e96a5de71a3e72
  • reso####.l####.app:443/tts/woman/en/24a70fc8ec6c3ea2e0a94c90c1b4eb93
  • reso####.l####.app:443/tts/woman/en/2a8f1b32e38a82ee4f7470df139757f8
  • reso####.l####.app:443/tts/woman/en/2cc32d10bac6882161984877fd4147ac
  • reso####.l####.app:443/tts/woman/en/30a21994fde76c097cab713081616bf2
  • reso####.l####.app:443/tts/woman/en/30b26ec702bdb98692a9d98015663f41
  • reso####.l####.app:443/tts/woman/en/352956a0c334b023aabf6b76d39762ff
  • reso####.l####.app:443/tts/woman/en/36c57cb9ae474a1f2a30ee147734a1a4
  • reso####.l####.app:443/tts/woman/en/3bbc9350607fe10c4933bc0146a3e8ef
  • reso####.l####.app:443/tts/woman/en/3cb25099e0e0a973d9387f54723bb053
  • reso####.l####.app:443/tts/woman/en/405d97086ca58c3e4d550732ac933ebf
  • reso####.l####.app:443/tts/woman/en/42445634f017a75ba140d3dc6cbdc182
  • reso####.l####.app:443/tts/woman/en/430ceaf12c32aa1916f20ee3c15df786
  • reso####.l####.app:443/tts/woman/en/431cb0071d3ed286d882826034e12a4e
  • reso####.l####.app:443/tts/woman/en/47f3022818f33447d5a40bd1706465a4
  • reso####.l####.app:443/tts/woman/en/50267453c4079bea45744287cb439478
  • reso####.l####.app:443/tts/woman/en/50344223f53c5cdb7c20254ea1d6e6cf
  • reso####.l####.app:443/tts/woman/en/518f210b8369fb0c49d867011082cc99
  • reso####.l####.app:443/tts/woman/en/53aeed9376f2003ec7bd4750762aa3a8
  • reso####.l####.app:443/tts/woman/en/58237b63efebf578d897d31877734390
  • reso####.l####.app:443/tts/woman/en/593ea07929e5ea60aa9255dee3f2f9cc
  • reso####.l####.app:443/tts/woman/en/5c541124816238095a4f084b57ce85df
  • reso####.l####.app:443/tts/woman/en/5eb3825a47b5e28903b282e3fbc133a9
  • reso####.l####.app:443/tts/woman/en/5f89cb88a7217592124275c170df70db
  • reso####.l####.app:443/tts/woman/en/635ad14dba5864ce781a4cc515cde79f
  • reso####.l####.app:443/tts/woman/en/67ee39d8892d12db1a84fbaa03303ad8
  • reso####.l####.app:443/tts/woman/en/6de902c640f96cd6e15d898817de0651
  • reso####.l####.app:443/tts/woman/en/730ec37222b48c9b9c0f9dd77c2ead8b
  • reso####.l####.app:443/tts/woman/en/73746519b596f624b283cff93d27e3fa
  • reso####.l####.app:443/tts/woman/en/761d333a0da7a92d651f7f031fb1b067
  • reso####.l####.app:443/tts/woman/en/7b49f41c9a30174f783bd3eb8d2d43d6
  • reso####.l####.app:443/tts/woman/en/7b8c64cc8d852bae74aefc1f337ae517
  • reso####.l####.app:443/tts/woman/en/7d0d1b450893407dd0dd3b30cea48089
  • reso####.l####.app:443/tts/woman/en/7d77d0e9dfb424c05bce0886aa669d0c
  • reso####.l####.app:443/tts/woman/en/7deb0fdb9fa9123818b074d10fbd956c
  • reso####.l####.app:443/tts/woman/en/81b61d67042e3e4e7212dec0ed2e82cb
  • reso####.l####.app:443/tts/woman/en/867c73571c0e593adc9bcc1c8a041549
  • reso####.l####.app:443/tts/woman/en/885f35c29ace0697040a8fd454dc30cd
  • reso####.l####.app:443/tts/woman/en/886f25f88946bdca06c44bc54d956733
  • reso####.l####.app:443/tts/woman/en/8a2ff429d4bc79c26164f790e60bfa98
  • reso####.l####.app:443/tts/woman/en/8dbf5efce1f28234e74f85bdbca8e87d
  • reso####.l####.app:443/tts/woman/en/95ecc0b74f54097159e7f25cf7bfb039
  • reso####.l####.app:443/tts/woman/en/96247d1e7fc5e706f0725da53cfb953e
  • reso####.l####.app:443/tts/woman/en/9d3d60dd27f15281546052c35fb28703
  • reso####.l####.app:443/tts/woman/en/9de50195906a4b24f1b120309d35d17d
  • reso####.l####.app:443/tts/woman/en/9e76d2ef22b7e3965e9f6cc13ea5eb55
  • reso####.l####.app:443/tts/woman/en/a01bf0f7fb8e2dcaa0b8c83b1ce07fb2
  • reso####.l####.app:443/tts/woman/en/a239a47e7549713e33b4c6949a72ab82
  • reso####.l####.app:443/tts/woman/en/a6b8192a613d84aeb80d85ced4e5d2b1
  • reso####.l####.app:443/tts/woman/en/a75a1789547188e39e2e344c286d2b62
  • reso####.l####.app:443/tts/woman/en/ad54ca2bce1dfbef53b6fd5930feb05d
  • reso####.l####.app:443/tts/woman/en/ae0cf1c84cc9f57114daca99346331e4
  • reso####.l####.app:443/tts/woman/en/ae8a166cc8c42750775f0cfaf482dff6
  • reso####.l####.app:443/tts/woman/en/b3049e46afffcbbf2061f2a74634a287
  • reso####.l####.app:443/tts/woman/en/b9f11032295e205e943cfe8fc9961c83
  • reso####.l####.app:443/tts/woman/en/c2f0615bba49a59d4c8d845a9c85f238
  • reso####.l####.app:443/tts/woman/en/c3237e04b2fd4e6d70e0d279c0b61973
  • reso####.l####.app:443/tts/woman/en/c85adb3763b969f50dab3a24177be8e1
  • reso####.l####.app:443/tts/woman/en/ca9c660e68faf42cbd7309acbadf7f55
  • reso####.l####.app:443/tts/woman/en/cf7ad21eb854d678a22a32d6757fb13d
  • reso####.l####.app:443/tts/woman/en/d01fa72c722ea16ee5382b138e6f97d2
  • reso####.l####.app:443/tts/woman/en/d0e069474d60cf83b4a2f7554caeafc6
  • reso####.l####.app:443/tts/woman/en/d27cb620fef8045547f48dd5008a9c17
  • reso####.l####.app:443/tts/woman/en/d7821abb97c66facc24e725efbafe0c6
  • reso####.l####.app:443/tts/woman/en/d8f2a165a1c978b93d81cce36b5db8ae
  • reso####.l####.app:443/tts/woman/en/db2e800259f556a00974823a6a7c33ab
  • reso####.l####.app:443/tts/woman/en/df8feee09d5ccc9478bd360099d52665
  • reso####.l####.app:443/tts/woman/en/dfd04892454c04a0755d77f634e1310d
  • reso####.l####.app:443/tts/woman/en/e860ee3dca47f474fcdae3a9a459513b
  • reso####.l####.app:443/tts/woman/en/f666041a600f3498b2dddbf1aff9a829
  • reso####.l####.app:443/tts/woman/en/f8d5441227bdd093492cd26e73c23416
  • reso####.l####.app:443/tts/woman/en/f8fd01949fc96310c87752f833f4fdaa
  • reso####.l####.app:443/tts/woman/en/fd70cca521fda241b90e16ad5eb15149
  • reso####.l####.app:443/tts/woman/en/fe4a600b50b0c22cf3705713f0da223d
  • reso####.l####.app:443/tts/woman/en/ff24b89b97980833dec6989788524178
HTTP HEAD requests:
  • reso####.l####.app:443/tts/app/<Package>/man/en/e6d1a638da464501a6eabcb2...
  • reso####.l####.app:443/tts/app/<Package>/woman/en/base_data_v5_3.zip
  • reso####.l####.app:443/tts/app/<Package>/woman/en/e6d1a638da464501a6eabc...
HTTP POST requests:
  • ad.l####.app:443/plankb
  • and####.google####.com:443/v1/projects/plank-workout-2/installations
  • ap####.period-####.com:443/api/workout/remoteconfig?pkg=####&filetype=####
  • api.elf####.com/collect/v1
File system changes:
Creates the following files:
  • /data/data/####/00560f483c5faf1db6e93e9d9db2d7d4
  • /data/data/####/02944c425e971daa0591a1d043891fe0
  • /data/data/####/05aa8fe27eb0c6bb025ceb0e9825bb38
  • /data/data/####/074e3d74ee4bd355de7ef95fcaf7a65a
  • /data/data/####/0e18aacc533daf38a1c560fb38d62300
  • /data/data/####/0ef85482dbf72abdcd49d8734b68c2c4
  • /data/data/####/10a91690a0523e7b9e42249f0046eb50
  • /data/data/####/114950e46e0e47d939572c6f5e6a6c38
  • /data/data/####/13a710c5cfe69cd45dc443a89edd5fe5
  • /data/data/####/1633031840514.dex
  • /data/data/####/1633031840514.dex.flock (deleted)
  • /data/data/####/1633031840514.jar
  • /data/data/####/1633031840514.tmp
  • /data/data/####/1cd8f1e2f607b29f80d98521fe814225
  • /data/data/####/202e422d6a6eb04120505bbd0a4a0284
  • /data/data/####/20bf1cdf7560e08dd9e96a5de71a3e72
  • /data/data/####/24a70fc8ec6c3ea2e0a94c90c1b4eb93
  • /data/data/####/27abaefa199b7ffdb7d0be4eea8392ff
  • /data/data/####/2a8f1b32e38a82ee4f7470df139757f8
  • /data/data/####/2cc32d10bac6882161984877fd4147ac
  • /data/data/####/30a21994fde76c097cab713081616bf2
  • /data/data/####/30b26ec702bdb98692a9d98015663f41
  • /data/data/####/30b52a9db0dd76a7fb07ee7656ec8af1
  • /data/data/####/352956a0c334b023aabf6b76d39762ff
  • /data/data/####/36c57cb9ae474a1f2a30ee147734a1a4
  • /data/data/####/3bbc9350607fe10c4933bc0146a3e8ef
  • /data/data/####/3cb25099e0e0a973d9387f54723bb053
  • /data/data/####/405d97086ca58c3e4d550732ac933ebf
  • /data/data/####/42445634f017a75ba140d3dc6cbdc182
  • /data/data/####/430ceaf12c32aa1916f20ee3c15df786
  • /data/data/####/431cb0071d3ed286d882826034e12a4e
  • /data/data/####/47f3022818f33447d5a40bd1706465a4
  • /data/data/####/50267453c4079bea45744287cb439478
  • /data/data/####/50344223f53c5cdb7c20254ea1d6e6cf
  • /data/data/####/518f210b8369fb0c49d867011082cc99
  • /data/data/####/53aeed9376f2003ec7bd4750762aa3a8
  • /data/data/####/58237b63efebf578d897d31877734390
  • /data/data/####/593ea07929e5ea60aa9255dee3f2f9cc
  • /data/data/####/5c541124816238095a4f084b57ce85df
  • /data/data/####/5eb3825a47b5e28903b282e3fbc133a9
  • /data/data/####/5f89cb88a7217592124275c170df70db
  • /data/data/####/60bf980c95ecb87338b171bfaf52e087
  • /data/data/####/635ad14dba5864ce781a4cc515cde79f
  • /data/data/####/63838F1A006500010D68668990513B8Euser.meta
  • /data/data/####/63838F1E026E00010E1E668990513B8Euser.meta
  • /data/data/####/67ee39d8892d12db1a84fbaa03303ad8
  • /data/data/####/69c84d0c71244fcc4d0a3da5a36bb2c7
  • /data/data/####/6de902c640f96cd6e15d898817de0651
  • /data/data/####/730ec37222b48c9b9c0f9dd77c2ead8b
  • /data/data/####/73746519b596f624b283cff93d27e3fa
  • /data/data/####/73746519b596f624b283cff93d27e3fa (deleted)
  • /data/data/####/761d333a0da7a92d651f7f031fb1b067
  • /data/data/####/77d33616f0cfce4223641be0679791b2
  • /data/data/####/7b49f41c9a30174f783bd3eb8d2d43d6
  • /data/data/####/7b8c64cc8d852bae74aefc1f337ae517
  • /data/data/####/7d0d1b450893407dd0dd3b30cea48089
  • /data/data/####/7d77d0e9dfb424c05bce0886aa669d0c
  • /data/data/####/7deb0fdb9fa9123818b074d10fbd956c
  • /data/data/####/807502cb61b306c5278646f5f9cb54fc
  • /data/data/####/81b61d67042e3e4e7212dec0ed2e82cb
  • /data/data/####/867c73571c0e593adc9bcc1c8a041549
  • /data/data/####/885f35c29ace0697040a8fd454dc30cd
  • /data/data/####/886f25f88946bdca06c44bc54d956733
  • /data/data/####/89b7692bab4e2c808c7954db0cdf8973
  • /data/data/####/8a2ff429d4bc79c26164f790e60bfa98
  • /data/data/####/8dbf5efce1f28234e74f85bdbca8e87d
  • /data/data/####/95ecc0b74f54097159e7f25cf7bfb039
  • /data/data/####/96247d1e7fc5e706f0725da53cfb953e
  • /data/data/####/9d3d60dd27f15281546052c35fb28703
  • /data/data/####/9de50195906a4b24f1b120309d35d17d
  • /data/data/####/9e76d2ef22b7e3965e9f6cc13ea5eb55
  • /data/data/####/AppEventsLogger.persistedevents
  • /data/data/####/Cookies-journal
  • /data/data/####/FirebaseAppHeartBeat.xml
  • /data/data/####/FirebaseAppHeartBeat.xml.bak
  • /data/data/####/PersistedInstallation.W0RFRkFVTFRd+MToyNzQxNTU5...h.json
  • /data/data/####/PersistedInstallation573211839tmp
  • /data/data/####/PersistedInstallation766564575tmp
  • /data/data/####/ServerConfig.xml
  • /data/data/####/ServerConfig.xml.bak
  • /data/data/####/UpdateTimeSP.xml
  • /data/data/####/WebViewChromiumPrefs.xml
  • /data/data/####/a01bf0f7fb8e2dcaa0b8c83b1ce07fb2
  • /data/data/####/a239a47e7549713e33b4c6949a72ab82
  • /data/data/####/a6b8192a613d84aeb80d85ced4e5d2b1
  • /data/data/####/a75a1789547188e39e2e344c286d2b62
  • /data/data/####/ad0bbcac66d82213c63413f7bf0c6d04
  • /data/data/####/ad54ca2bce1dfbef53b6fd5930feb05d
  • /data/data/####/admob.xml
  • /data/data/####/ae0cf1c84cc9f57114daca99346331e4
  • /data/data/####/ae8a166cc8c42750775f0cfaf482dff6
  • /data/data/####/androidx.work.workdb-journal (deleted)
  • /data/data/####/app_version_pref.xml
  • /data/data/####/b3049e46afffcbbf2061f2a74634a287
  • /data/data/####/b9f11032295e205e943cfe8fc9961c83
  • /data/data/####/back_call.txt
  • /data/data/####/base_data_v5_3.zip
  • /data/data/####/bd652b4a97788c51d0efbf70c16ff9c8
  • /data/data/####/c2f0615bba49a59d4c8d845a9c85f238
  • /data/data/####/c3237e04b2fd4e6d70e0d279c0b61973
  • /data/data/####/c85adb3763b969f50dab3a24177be8e1
  • /data/data/####/ca9c660e68faf42cbd7309acbadf7f55
  • /data/data/####/ce2296b56aa88add62203929c13c46d0
  • /data/data/####/cf7ad21eb854d678a22a32d6757fb13d
  • /data/data/####/com.crashlytics.settings.json
  • /data/data/####/com.facebook.sdk.appEventPreferences.xml
  • /data/data/####/com.facebook.sdk.attributionTracking.xml
  • /data/data/####/com.google.android.datatransport.events-journal
  • /data/data/####/com.google.android.gms.measurement.prefs.xml
  • /data/data/####/com.google.firebase.crashlytics.xml
  • /data/data/####/com.google.firebase.crashlytics.xml.bak
  • /data/data/####/crash.log
  • /data/data/####/crashlytics-userlog-63838F1A006500010D68668990513B8E.temp
  • /data/data/####/crashlytics-userlog-63838F1E026E00010E1E668990513B8E.temp
  • /data/data/####/d01fa72c722ea16ee5382b138e6f97d2
  • /data/data/####/d0e069474d60cf83b4a2f7554caeafc6
  • /data/data/####/d27cb620fef8045547f48dd5008a9c17
  • /data/data/####/d7821abb97c66facc24e725efbafe0c6
  • /data/data/####/d8f2a165a1c978b93d81cce36b5db8ae
  • /data/data/####/db2e800259f556a00974823a6a7c33ab
  • /data/data/####/df8feee09d5ccc9478bd360099d52665
  • /data/data/####/dfd04892454c04a0755d77f634e1310d
  • /data/data/####/e6d1a638da464501a6eabcb2775327d0
  • /data/data/####/e860ee3dca47f474fcdae3a9a459513b
  • /data/data/####/event0000000000
  • /data/data/####/event0000000001
  • /data/data/####/event0000000002
  • /data/data/####/f1bf34bc5eed51c674267d67fe1e122a
  • /data/data/####/f666041a600f3498b2dddbf1aff9a829
  • /data/data/####/f8d5441227bdd093492cd26e73c23416
  • /data/data/####/f8fd01949fc96310c87752f833f4fdaa
  • /data/data/####/fd70cca521fda241b90e16ad5eb15149
  • /data/data/####/fe4a600b50b0c22cf3705713f0da223d
  • /data/data/####/ff24b89b97980833dec6989788524178
  • /data/data/####/frc_1;274155938159;android;b9b4b066127e7d4174c8...gs.xml
  • /data/data/####/generatefid.lock
  • /data/data/####/google_app_measurement_local.db
  • /data/data/####/google_app_measurement_local.db-journal
  • /data/data/####/initialization_marker
  • /data/data/####/metrics_guid
  • /data/data/####/okdownload-breakpoint.db-journal
  • /data/data/####/plank.fitness.workout_preferences.xml
  • /data/data/####/proc_auxv
  • /data/data/####/reminder_sp.xml
  • /data/data/####/reminder_sp.xml.bak
  • /data/data/####/report
  • /data/data/####/tempfb_00560f483c5faf1db6e93e9d9db2d7d4
  • /data/data/####/tempfb_02944c425e971daa0591a1d043891fe0
  • /data/data/####/tempfb_05aa8fe27eb0c6bb025ceb0e9825bb38
  • /data/data/####/tempfb_074e3d74ee4bd355de7ef95fcaf7a65a
  • /data/data/####/tempfb_0e18aacc533daf38a1c560fb38d62300
  • /data/data/####/tempfb_0ef85482dbf72abdcd49d8734b68c2c4
  • /data/data/####/tempfb_10a91690a0523e7b9e42249f0046eb50
  • /data/data/####/tempfb_114950e46e0e47d939572c6f5e6a6c38
  • /data/data/####/tempfb_13a710c5cfe69cd45dc443a89edd5fe5
  • /data/data/####/tempfb_1cd8f1e2f607b29f80d98521fe814225
  • /data/data/####/tempfb_202e422d6a6eb04120505bbd0a4a0284
  • /data/data/####/tempfb_20bf1cdf7560e08dd9e96a5de71a3e72
  • /data/data/####/tempfb_24a70fc8ec6c3ea2e0a94c90c1b4eb93
  • /data/data/####/tempfb_2a8f1b32e38a82ee4f7470df139757f8
  • /data/data/####/tempfb_2cc32d10bac6882161984877fd4147ac
  • /data/data/####/tempfb_30a21994fde76c097cab713081616bf2
  • /data/data/####/tempfb_30b26ec702bdb98692a9d98015663f41
  • /data/data/####/tempfb_352956a0c334b023aabf6b76d39762ff
  • /data/data/####/tempfb_36c57cb9ae474a1f2a30ee147734a1a4
  • /data/data/####/tempfb_3bbc9350607fe10c4933bc0146a3e8ef
  • /data/data/####/tempfb_3cb25099e0e0a973d9387f54723bb053
  • /data/data/####/tempfb_405d97086ca58c3e4d550732ac933ebf
  • /data/data/####/tempfb_42445634f017a75ba140d3dc6cbdc182
  • /data/data/####/tempfb_430ceaf12c32aa1916f20ee3c15df786
  • /data/data/####/tempfb_431cb0071d3ed286d882826034e12a4e
  • /data/data/####/tempfb_47f3022818f33447d5a40bd1706465a4
  • /data/data/####/tempfb_50267453c4079bea45744287cb439478
  • /data/data/####/tempfb_50344223f53c5cdb7c20254ea1d6e6cf
  • /data/data/####/tempfb_518f210b8369fb0c49d867011082cc99
  • /data/data/####/tempfb_53aeed9376f2003ec7bd4750762aa3a8
  • /data/data/####/tempfb_58237b63efebf578d897d31877734390
  • /data/data/####/tempfb_593ea07929e5ea60aa9255dee3f2f9cc
  • /data/data/####/tempfb_5c541124816238095a4f084b57ce85df
  • /data/data/####/tempfb_5eb3825a47b5e28903b282e3fbc133a9
  • /data/data/####/tempfb_5f89cb88a7217592124275c170df70db
  • /data/data/####/tempfb_635ad14dba5864ce781a4cc515cde79f
  • /data/data/####/tempfb_67ee39d8892d12db1a84fbaa03303ad8
  • /data/data/####/tempfb_6de902c640f96cd6e15d898817de0651
  • /data/data/####/tempfb_730ec37222b48c9b9c0f9dd77c2ead8b
  • /data/data/####/tempfb_73746519b596f624b283cff93d27e3fa
  • /data/data/####/tempfb_761d333a0da7a92d651f7f031fb1b067
  • /data/data/####/tempfb_7b49f41c9a30174f783bd3eb8d2d43d6
  • /data/data/####/tempfb_7b8c64cc8d852bae74aefc1f337ae517
  • /data/data/####/tempfb_7d0d1b450893407dd0dd3b30cea48089
  • /data/data/####/tempfb_7d77d0e9dfb424c05bce0886aa669d0c
  • /data/data/####/tempfb_7deb0fdb9fa9123818b074d10fbd956c
  • /data/data/####/tempfb_81b61d67042e3e4e7212dec0ed2e82cb
  • /data/data/####/tempfb_867c73571c0e593adc9bcc1c8a041549
  • /data/data/####/tempfb_885f35c29ace0697040a8fd454dc30cd
  • /data/data/####/tempfb_886f25f88946bdca06c44bc54d956733
  • /data/data/####/tempfb_8a2ff429d4bc79c26164f790e60bfa98
  • /data/data/####/tempfb_8dbf5efce1f28234e74f85bdbca8e87d
  • /data/data/####/tempfb_95ecc0b74f54097159e7f25cf7bfb039
  • /data/data/####/tempfb_96247d1e7fc5e706f0725da53cfb953e
  • /data/data/####/tempfb_9d3d60dd27f15281546052c35fb28703
  • /data/data/####/tempfb_9de50195906a4b24f1b120309d35d17d
  • /data/data/####/tempfb_9e76d2ef22b7e3965e9f6cc13ea5eb55
  • /data/data/####/tempfb_a01bf0f7fb8e2dcaa0b8c83b1ce07fb2
  • /data/data/####/tempfb_a239a47e7549713e33b4c6949a72ab82
  • /data/data/####/tempfb_a6b8192a613d84aeb80d85ced4e5d2b1
  • /data/data/####/tempfb_a75a1789547188e39e2e344c286d2b62
  • /data/data/####/tempfb_ad54ca2bce1dfbef53b6fd5930feb05d
  • /data/data/####/tempfb_ae0cf1c84cc9f57114daca99346331e4
  • /data/data/####/tempfb_ae8a166cc8c42750775f0cfaf482dff6
  • /data/data/####/tempfb_b3049e46afffcbbf2061f2a74634a287
  • /data/data/####/tempfb_b9f11032295e205e943cfe8fc9961c83
  • /data/data/####/tempfb_c2f0615bba49a59d4c8d845a9c85f238
  • /data/data/####/tempfb_c3237e04b2fd4e6d70e0d279c0b61973
  • /data/data/####/tempfb_c85adb3763b969f50dab3a24177be8e1
  • /data/data/####/tempfb_ca9c660e68faf42cbd7309acbadf7f55
  • /data/data/####/tempfb_cf7ad21eb854d678a22a32d6757fb13d
  • /data/data/####/tempfb_d01fa72c722ea16ee5382b138e6f97d2
  • /data/data/####/tempfb_d0e069474d60cf83b4a2f7554caeafc6
  • /data/data/####/tempfb_d27cb620fef8045547f48dd5008a9c17
  • /data/data/####/tempfb_d7821abb97c66facc24e725efbafe0c6
  • /data/data/####/tempfb_d8f2a165a1c978b93d81cce36b5db8ae
  • /data/data/####/tempfb_db2e800259f556a00974823a6a7c33ab
  • /data/data/####/tempfb_df8feee09d5ccc9478bd360099d52665
  • /data/data/####/tempfb_dfd04892454c04a0755d77f634e1310d
  • /data/data/####/tempfb_e860ee3dca47f474fcdae3a9a459513b
  • /data/data/####/tempfb_f666041a600f3498b2dddbf1aff9a829
  • /data/data/####/tempfb_f8d5441227bdd093492cd26e73c23416
  • /data/data/####/tempfb_f8fd01949fc96310c87752f833f4fdaa
  • /data/data/####/tempfb_fd70cca521fda241b90e16ad5eb15149
  • /data/data/####/tempfb_fe4a600b50b0c22cf3705713f0da223d
  • /data/data/####/tempfb_ff24b89b97980833dec6989788524178
  • /data/data/####/thirtyDayFit.xml
  • /data/data/####/tts_sp.xml
  • /data/data/####/user
  • /data/data/####/vm.dex
  • /data/data/####/vm.odex
  • /data/data/####/vm.odex.flock (deleted)
  • /data/misc/####/primary.prof
Miscellaneous:
Loads the following dynamic libraries:
  • libnative
  • libzoecore
Uses the following algorithms to encrypt data:
  • AES-CBC-PKCS5Padding
Uses the following algorithms to decrypt data:
  • AES-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Intercepts notifications.

Curing recommendations

Android

  1. If the mobile device is operating normally, download and install Dr.Web for Android Light. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web для Android Light onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play