× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02a51d848315513c27cf6347aeb80f8afe51066a3e80fea95a9bb7eeeeeea431
File name: e630063e6e59f5e56f486d7c95c4e797_1.apk
Detection ratio: 38 / 57
Analysis date: 2016-04-08 19:00:18 UTC ( 11 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Android.Trojan.BgServ.A 20160408
AegisLab Backdoor.AndroidOS.SerBG.a!c 20160408
AhnLab-V3 Android-Spyware/BgService.1a60 20160408
Alibaba A.H.Pay.SerBG.A 20160408
Antiy-AVL Trojan[Backdoor:HEUR]/Android.SerBG.1 20160408
Arcabit Android.Trojan.BgServ.A 20160408
Avast Android:BGServ-G [Trj] 20160408
AVG Android/Serb 20160408
Avira (no cloud) ANDROID/Bgserv.A.Gen 20160408
AVware Trojan.AndroidOS.Generic.A 20160408
Baidu Android.Trojan.Bgserv.a 20160408
Baidu-International Trojan.Android.Bgserv.A 20160408
BitDefender Android.Trojan.BgServ.A 20160408
CAT-QuickHeal Android.BgServ.A 20160407
Comodo UnclassifiedMalware 20160408
Cyren AndroidOS/BgServ 20160408
DrWeb Android.Youlubg.3.origin 20160408
Emsisoft Android.Trojan.BgServ.A (B) 20160408
ESET-NOD32 a variant of Android/Bgserv.A 20160408
F-Prot AndroidOS/BgServ 20160408
F-Secure Trojan:Android/Bgserv.A 20160408
Fortinet Android/Fake10086.A!tr 20160404
GData Android.Trojan.BgServ.A 20160408
Ikarus Trojan.AndroidOS.Masnu 20160408
Jiangmin Backdoor/AndroidOS.owd 20160408
K7GW Trojan ( 0048d51b1 ) 20160404
Kaspersky HEUR:Backdoor.AndroidOS.SerBG.a 20160408
Kingsoft Android.Troj.at_Bgserv.a.(kcloud) 20160408
McAfee Artemis!E630063E6E59 20160408
McAfee-GW-Edition Artemis!Trojan 20160408
Microsoft TrojanSpy:AndroidOS/Lanucher.A 20160408
eScan Android.Trojan.BgServ.A 20160408
NANO-Antivirus Trojan.Android.SerBG.cwydad 20160408
Qihoo-360 Trojan.Android.Gen 20160408
Sophos Andr/BBridge-A 20160408
Symantec Android.Bgserv 20160408
Tencent a.payment.bgmms.a 20160408
VIPRE Trojan.AndroidOS.Generic.A 20160408
ALYac 20160408
Bkav 20160408
ClamAV 20160408
CMC 20160408
K7AntiVirus 20160408
Malwarebytes 20160408
nProtect 20160408
Panda 20160408
Rising 20160408
SUPERAntiSpyware 20160408
TheHacker 20160408
TotalDefense 20160408
TrendMicro 20160408
TrendMicro-HouseCall 20160408
VBA32 20160408
ViRobot 20160408
Yandex 20160406
Zillya 20160408
Zoner 20160408
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.android.vending.sectool.v1. The internal version number of the application is 6. The displayed version string of the application is 1.5. The minimum Android API level for the application to run (MinSDKVersion) is 4.
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
Activities
com.mms.bg.ui.FakeLanucherActivity
Services
com.android.vending.sectool.v1.GoogleSecurityToolActivity
com.mms.bg.ui.BgService
Receivers
com.android.vending.sectool.v1.GoogleSecurityToolReceiver
com.mms.bg.transaction.SmsReceiver
com.mms.bg.transaction.PrivilegedSmsReceiver
com.mms.bg.ui.BootReceiver
com.mms.bg.ui.AutoSMSRecevier
com.mms.bg.ui.InternetStatusReceiver
Service-related intent filters
com.mms.bg.ui.BgService
actions: com.mms.bg.FILTER_ACTION
Activity-related intent filters
com.mms.bg.ui.FakeLanucherActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER, android.intent.category.DEFAULT
Receiver-related intent filters
com.mms.bg.ui.InternetStatusReceiver
actions: android.net.conn.CONNECTIVITY_CHANGE
com.mms.bg.ui.BootReceiver
actions: android.intent.action.BOOT_COMPLETED
com.mms.bg.transaction.SmsReceiver
actions: com.android.mms.transaction.MESSAGE_SENT, android.intent.action.SEND_MESSAGE
com.android.vending.sectool.v1.GoogleSecurityToolReceiver
actions: android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_CHANGED, android.intent.action.PACKAGE_REMOVED, android.intent.action.BOOT_COMPLETED, com.android.vending.INSTALL_REFERRER, android.intent.action.GTALK_CONNECTED
com.mms.bg.transaction.PrivilegedSmsReceiver
actions: android.provider.Telephony.SMS_RECEIVED
com.mms.bg.ui.AutoSMSRecevier
actions: com.mms.bg.SMS
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
8
Uncompressed size
182208
Highest datetime
2012-12-02 21:10:48
Lowest datetime
2008-02-28 21:33:46
Contained files by extension
xml
1
dex
1
MF
1
RSA
1
SF
1
png
1
Contained files by type
unknown
4
XML
1
DEX
1
ELF
1
PNG
1
File identification
MD5 e630063e6e59f5e56f486d7c95c4e797
SHA1 797c1410baa0a109bc4a12b0d7a194b1657ea047
SHA256 02a51d848315513c27cf6347aeb80f8afe51066a3e80fea95a9bb7eeeeeea431
ssdeep
1536:ukTadHHdEVSaaAFaL50Oz4mAvwMW+8Gy+rdxwy/ETCqrNiqmyxpfD6ut:uk2JqSJLAIMT8NeTK+qBiqxTt

File size 97.7 KB ( 100017 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android dyn-calls contains-elf

VirusTotal metadata
First submission 2012-12-03 04:20:16 UTC ( 4 years, 3 months ago )
Last submission 2015-03-04 22:46:01 UTC ( 2 years ago )
File names Bgserv.apk-of1.apk
02A51D848315513C27CF6347AEB80F8AFE51066A3E80FEA95A9BB7EEEEEEA431.APK.log
e630063e6e59f5e56f486d7c95c4e797_1.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;action=action.internet.bg;component=com.android.vending.sectool.v1/com.mms.bg.ui.BgService;end
Opened files
/data/data/com.android.vending.sectool.v1/files/.hide
/data/data/com.android.vending.sectool.v1/files
Accessed files
/data/data/com.android.vending.sectool.v1/files
/data/data/com.android.vending.sectool.v1/files/.hide
/data/data/com.android.vending.sectool.v1/files/.hide/log.txt
/data/data/com.android.vending.sectool.v1/files/.hide/serverInfo.xml
Dynamically called methods
android.app.Service.startForeground 2 arguments.
u'0x1'
u'Notification(contentView=null vibrate=null,sound=null,defaults=0x0,flags=0x0)'
Accessed URIs
content://telephony/carriers/preferapn
content://telephony/carriers