× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 032a095067442d60d0df9fadab07553152e5500a67fc95084441752eafd43f70
File name: Certificate_com.security.cert.apk
Detection ratio: 40 / 57
Analysis date: 2015-05-25 02:02:19 UTC ( 1 month, 1 week ago )
Antivirus Result Update
AVG Android/Deng.C 20150525
AVware Trojan.AndroidOS.Generic.A 20150525
Ad-Aware Android.Trojan.InfoStealer.AZ 20150525
AegisLab Pincer 20150525
AhnLab-V3 Android-Trojan/Pincer.8de8 20150524
Alibaba A.H.Pri.Pincer 20150525
Antiy-AVL Trojan[Backdoor]/AndroidOS.Pincer.a 20150524
Avast Android:SecCert-D [Trj] 20150525
Avira ANDROID/SecCert.A.3 20150524
Baidu-International Trojan.Android.SecCert.A 20150524
BitDefender Android.Trojan.InfoStealer.AZ 20150525
CAT-QuickHeal Android.Pincer.A 20150523
ClamAV Andr.Trojan.Pincer 20150523
Comodo UnclassifiedMalware 20150524
Cyren AndroidOS/GenBl.2D66D794!Olympus 20150525
DrWeb Android.Backdoor.15.origin 20150525
ESET-NOD32 Android/SecCert.A 20150524
Emsisoft Android.Trojan.InfoStealer.AZ (B) 20150525
F-Prot AndroidOS/Pincer.A 20150525
F-Secure Trojan:Android/Pincer.A 20150524
Fortinet Android/Pincer.A!tr.spy 20150525
GData Android.Trojan.InfoStealer.AZ 20150525
Ikarus AndroidOS.Pincer.A 20150525
Jiangmin Backdoor/AndroidOS.amdy 20150522
K7AntiVirus Trojan ( 0040f3971 ) 20150524
K7GW Trojan ( 0040f3971 ) 20150524
Kaspersky HEUR:Backdoor.AndroidOS.Pincer.a 20150524
Kingsoft Android.Troj.Pincer.a.(kcloud) 20150525
McAfee Artemis!2D66D7942148 20150525
MicroWorld-eScan Android.Trojan.InfoStealer.AZ 20150525
NANO-Antivirus Trojan.Android.Pincer.cwzgiz 20150525
Qihoo-360 Trojan.Generic 20150525
Rising NORMAL:Trojan.UNIX.AndroidSecCent.a!1612244 20150524
Sophos Andr/Pincer-A 20150525
Symantec Android.Malapp 20150525
Tencent a.privacy.pincer 20150525
TotalDefense AndroidOS/Tnega.KNRNVS 20150524
TrendMicro ANDROIDOS_STEALER.VTD 20150525
TrendMicro-HouseCall ANDROIDOS_STEALER.VTD 20150525
VIPRE Trojan.AndroidOS.Generic.A 20150525
ALYac 20150525
Agnitum 20150524
Bkav 20150523
ByteHero 20150525
CMC 20150520
Malwarebytes 20150525
McAfee-GW-Edition 20150524
Microsoft 20150524
Norman 20150524
Panda 20150524
SUPERAntiSpyware 20150523
TheHacker 20150521
VBA32 20150523
ViRobot 20150524
Zillya 20150524
Zoner 20150521
nProtect 20150522
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.security.cert. The internal version number of the application is 11. The displayed version string of the application is 1.1. The minimum Android API level for the application to run (MinSDKVersion) is 1. The target Android API level for the application to run (TargetSDKVersion) is 15.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_LOGS (read sensitive log data)
android.permission.CALL_PRIVILEGED (directly call any phone numbers)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.MODIFY_PHONE_STATE (modify phone status)
Permission-related API calls
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
SEND_SMS
INTERNET
READ_LOGS
Main Activity
com.security.cert.ui.MainActivity
Activities
com.security.cert.ui.MainActivity
com.security.cert.ui.UssdActivity
com.security.cert.ui.MessageDialogActivity
Services
com.security.cert.services.CheckCommandsService
com.security.cert.services.CheckQueueService
com.security.cert.services.USSDDumbExtendedNetworkService
Receivers
com.security.cert.services.ReCheckCommandReceiver
com.security.cert.services.ReSendQueueReceiver
com.security.cert.services.SmsSentReceiver
com.security.cert.services.SmsReceiver
com.security.cert.services.PhoneCallReceiver
com.security.cert.services.OnBootReceiver
Service-related intent filters
com.security.cert.services.USSDDumbExtendedNetworkService
actions: com.android.ussd.IExtendedNetworkService
categories: android.intent.category.DEFAULT
Activity-related intent filters
com.security.cert.ui.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.security.cert.services.OnBootReceiver
actions: android.intent.action.BOOT_COMPLETED
com.security.cert.services.ReCheckCommandReceiver
actions: android.intent.action.RE_CHECK_COMMAND
com.security.cert.services.PhoneCallReceiver
actions: android.intent.action.PHONE_STATE
com.security.cert.services.SmsReceiver
actions: android.provider.Telephony.SMS_RECEIVED
com.security.cert.services.SmsSentReceiver
actions: android.intent.action.SMS_SENT
com.security.cert.services.ReSendQueueReceiver
actions: android.intent.action.RE_SEND_QUEUE
Code-related observations
The application does not load any code dynamically
The application contains reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
Interesting strings
Compressed bundles
File identification
MD5 2d66d7942148de2d9f08eab403921c89
SHA1 2157fd7254210ef2e8b09493d0e1be3b70d6ce69
SHA256 032a095067442d60d0df9fadab07553152e5500a67fc95084441752eafd43f70
ssdeep
768:Po3uzMY9YvJG80T44BKi+BgblAA34e3OZ5grN4eGp/WIPnri73k5aHN+Js45:Po3uzMh4oSlxIAGqN4ZNru73icEb

File size 38.3 KB ( 39207 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk android ext-prg

VirusTotal metadata
First submission 2013-04-02 05:58:36 UTC ( 2 years, 3 months ago )
Last submission 2015-05-25 02:02:19 UTC ( 1 month, 1 week ago )
File names 2D66D7942148DE2D9F08EAB403921C89.ex
Recent38.apk
2d66d7942148de2d9f08eab403921c89.virus
J163.apk
2157fd7254210ef2e8b09493d0e1be3b70d6ce69
Recent-29-b.apk
1403172014.07.log
Recent-29-b.apk
2d66d7942148de2d9f08eab403921c89.apk
N119.apk
032A095067442D60D0DF9FADAB07553152E5500A67FC95084441752EAFD43F70.APK.log
M154.apk
Certificate.apk
Recent38.apk
2d66d7942148de2d9f08eab403921c89
Certificate_com.security.cert.apk
Recent38.apk
2D66D7942148DE2D9F08EAB403921C89.apk
vti-rescan
N119.apk
Recent-29-b.apk
APKs_cymru_2157fd7254210ef2e8b09493d0e1be3b70d6ce69.apk
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0xdb20b415

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
992

ZipCompressedSize
405

FileTypeExtension
zip

ZipFileName
res/layout/enter_user_id_dialog.xml

ZipBitFlag
0x0008

ZipModifyDate
2013:03:29 15:39:11

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.security.cert/.services.CheckCommandsService;end
#Intent;component=com.security.cert/.services.CheckQueueService;end
External programs launched
logcat -d USSDDumbExtendedNetworkService:I *:S
Accessed files
/system/app/Superuser.apk
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.