× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae
File name: b226a66a2796e922302b96ae81540d5c.apk
Detection ratio: 39 / 54
Analysis date: 2015-12-12 11:11:20 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
AVG Android/G2P.DN.D80A90551233 20151212
AVware Trojan.AndroidOS.Generic.A 20151212
Ad-Aware Android.Trojan.FakeApp.K 20151212
AegisLab FakeToken 20151212
AhnLab-V3 Android-Trojan/FakeInst.eb0d 20151211
Alibaba A.H.Pay.Erop.YG 20151208
Antiy-AVL Trojan[Banker]/AndroidOS.Faketoken.b 20151212
Arcabit Android.Trojan.FakeApp.K 20151212
Avast Android:TrojanSMS-PG [Trj] 20151212
Avira ANDROID/TrojanSMS.Agent.ANZ.Gen 20151212
Baidu-International Trojan.Win32.Agent.AaA 20151212
BitDefender Android.Trojan.FakeApp.K 20151212
CAT-QuickHeal Android.FakeInst.AC 20151212
ClamAV Andr.Trojan.Stels 20151212
Comodo UnclassifiedMalware 20151209
Cyren AndroidOS/FakeToken.B 20151212
DrWeb Android.SmsSend.471.origin 20151212
ESET-NOD32 a variant of Android/TrojanSMS.Agent.KR 20151212
Emsisoft Android.Trojan.FakeApp.K (B) 20151212
F-Prot AndroidOS/FakeToken.B 20151212
F-Secure Trojan:Android/FakeToken.C 20151211
Fortinet Android/Agent.BE!tr 20151212
GData Android.Trojan.FakeApp.K 20151212
Ikarus Trojan-SMS.AndroidOS.Agent 20151212
Jiangmin Trojan/Banker.AndroidOS.vy 20151211
K7AntiVirus Trojan ( 0040f4111 ) 20151212
K7GW Trojan ( 0040f4111 ) 20151212
Kaspersky HEUR:Trojan-SMS.AndroidOS.FakeInst.eg 20151212
McAfee Artemis!B226A66A2796 20151212
MicroWorld-eScan Android.Trojan.FakeApp.K 20151212
Microsoft Trojan:AndroidOS/SeltSMSer.A 20151212
NANO-Antivirus Trojan.Android.Agent.cujubj 20151212
Rising DEX:Privacy.Agent!1.9DA0 [F] 20151211
Symantec Trojan.Gen.2 20151211
Tencent Trojan.Android.Agent.67FE1C40 20151212
TotalDefense AndroidOS/Tnega.RLRWHbB 20151212
TrendMicro ANDROIDOS_FAKETOKEN.HRX 20151212
TrendMicro-HouseCall ANDROIDOS_FAKETOKEN.HRX 20151212
VIPRE Trojan.AndroidOS.Generic.A 20151212
Agnitum 20151211
Bkav 20151212
ByteHero 20151212
CMC 20151211
Malwarebytes 20151212
McAfee-GW-Edition 20151212
Panda 20151211
Qihoo-360 20151212
SUPERAntiSpyware 20151212
TheHacker 20151211
VBA32 20151211
ViRobot 20151212
Zillya 20151211
Zoner 20151212
nProtect 20151211
The file being studied is Android related! APK Android file more specifically. The application's main package name is android.systempack.ins. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 4. The target Android API level for the application to run (TargetSDKVersion) is 15.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.INTERNET (full Internet access)
android.permission.INSTALL_PACKAGES (directly install applications)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.CALL_PRIVILEGED (directly call any phone numbers)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
Permission-related API calls
ACCESS_NETWORK_STATE
SEND_SMS
VIBRATE
INTERNET
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
Main Activity
app.opera.MainActivity
Activities
app.opera.MainActivity
Services
ru.stels2.MainService
Receivers
ru.stels2.MainReceiver
Activity-related intent filters
app.opera.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
ru.stels2.MainReceiver
actions: android.provider.Telephony.SMS_RECEIVED, custom.alarm, custom.alarm.info, android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, android.intent.action.PHONE_STATE
Application certificate information
Application bundle files
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
8
Uncompressed size
629320
Highest datetime
2013-03-01 06:50:38
Lowest datetime
2013-03-01 06:35:42
Contained files by extension
xml
1
dex
1
MF
1
RSA
1
SF
1
png
1
Contained files by type
unknown
5
XML
1
DEX
1
PNG
1
Compressed bundles
File identification
MD5 b226a66a2796e922302b96ae81540d5c
SHA1 670503ed863397d64bfe24ca0940be9c23682ae4
SHA256 03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae
ssdeep
3072:5D0di20jVxxjGjEnQpI3uGNwV84nYChANXWfN6gV72O/PS4oTcr:aUVVQ23VwV8Wmm6gpdPBecr

File size 160.4 KB ( 164210 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Java Archive (78.3%)
ZIP compressed archive (21.6%)
Tags
apk android

VirusTotal metadata
First submission 2013-03-12 15:24:01 UTC ( 2 years, 11 months ago )
Last submission 2015-12-12 11:11:20 UTC ( 1 month, 3 weeks ago )
File names Recent31.apk
1403111101.57.log
b226a66a2796e922302b96ae815
flashplayer.android.update.apk
Recent37-a.apk
b226a66a2796e922302b96ae81540d5c
0024.apk
Recent37-a.apk
b226a66a2796e922302b96ae81540d5c.log
b226a66a2796e922302b96ae81540d5c_10.apk
b226a66a2796e922302b96ae81540d5c.apk
03C1B44C94C86C3137862C20F9F745E0F89CE2CDB778DC6466A06A65B7A591AE.APK.log
N116.apk
Recent31.apk
FLASHPLAYER.UPDATE.apk
N116.apk
B226A66A2796E922302B96AE81540D5C.apk
stels.apk
M151.apk
J160.apk
App_1.apk
vti-rescan
flashplayer.apk
b226a66a2796e922302b96ae81540d5c.apk
flshlyerndroidudte.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.