× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae
File name: M151.apk
Detection ratio: 40 / 55
Analysis date: 2015-04-19 19:09:29 UTC ( 1 week, 1 day ago )
Antivirus Result Update
AVG Android/Generic.AW 20150419
AVware Trojan.AndroidOS.Generic.A 20150419
Ad-Aware Android.Trojan.FakeApp.K 20150419
AegisLab FakeToken 20150419
AhnLab-V3 Android-Trojan/FakeInst.91af 20150419
Alibaba A.H.Pay.Erop.YG 20150419
Antiy-AVL Trojan[Banker]/AndroidOS.Faketoken.b 20150419
Avast Android:TrojanSMS-PG [Trj] 20150419
Baidu-International Trojan.Win32.Agent.AaA 20150419
BitDefender Android.Trojan.FakeApp.K 20150419
CAT-QuickHeal Android.FakeInst.AC 20150418
ClamAV Andr.Trojan.Stels 20150419
Comodo UnclassifiedMalware 20150419
Cyren AndroidOS/FakeToken.B 20150419
DrWeb Android.SmsSend.471.origin 20150419
ESET-NOD32 a variant of Android/TrojanSMS.Agent.KR 20150419
Emsisoft Android.Trojan.FakeApp.K (B) 20150419
F-Prot AndroidOS/FakeToken.B 20150419
F-Secure Trojan:Android/SmsSpy.K 20150419
Fortinet Android/Stels.A!tr 20150419
GData Android.Trojan.FakeApp.K 20150419
Ikarus Trojan-SMS.AndroidOS.Agent 20150419
Jiangmin Trojan/Banker.AndroidOS.vy 20150417
K7AntiVirus Trojan ( 0040f4111 ) 20150419
K7GW Trojan ( 0040f4111 ) 20150419
Kaspersky HEUR:Trojan-Banker.AndroidOS.Faketoken.b 20150419
Kingsoft Android.Troj.Faketoken.a.(kcloud) 20150419
McAfee Artemis!B226A66A2796 20150419
MicroWorld-eScan Android.Trojan.FakeApp.K 20150419
Microsoft Trojan:AndroidOS/SeltSMSer.A 20150419
NANO-Antivirus Trojan.Android.Agent.cujubj 20150419
Qihoo-360 Trojan.Generic 20150419
Rising DEX:Privacy.Agent!1.9DA0 20150419
Sophos Andr/FakeIns-AB 20150419
Symantec Trojan.Gen.2 20150419
Tencent Trojan.Android.Agent.67FE1C40 20150419
TotalDefense AndroidOS/Tnega.RLRWHbB 20150419
TrendMicro ANDROIDOS_AGENT.A 20150419
TrendMicro-HouseCall ANDROIDOS_AGENT.A 20150419
VIPRE Trojan.AndroidOS.Generic.A 20150419
Agnitum 20150419
Bkav 20150417
ByteHero 20150419
CMC 20150418
Malwarebytes 20150419
McAfee-GW-Edition 20150419
Norman 20150419
Panda 20150417
SUPERAntiSpyware 20150419
TheHacker 20150416
VBA32 20150418
ViRobot 20150419
Zillya 20150419
Zoner 20150417
nProtect 20150417
The file being studied is Android related! APK Android file more specifically. The application's main package name is android.systempack.ins. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 4. The target Android API level for the application to run (TargetSDKVersion) is 15.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.INSTALL_PACKAGES (directly install applications)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.CALL_PRIVILEGED (directly call any phone numbers)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
Permission-related API calls
ACCESS_NETWORK_STATE
SEND_SMS
VIBRATE
INTERNET
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
Main Activity
app.opera.MainActivity
Activities
app.opera.MainActivity
Services
ru.stels2.MainService
Receivers
ru.stels2.MainReceiver
Activity-related intent filters
app.opera.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
ru.stels2.MainReceiver
actions: android.provider.Telephony.SMS_RECEIVED, custom.alarm, custom.alarm.info, android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, android.intent.action.PHONE_STATE
Code-related observations
The application does not load any code dynamically
The application contains reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
Interesting strings
Compressed bundles
File identification
MD5 b226a66a2796e922302b96ae81540d5c
SHA1 670503ed863397d64bfe24ca0940be9c23682ae4
SHA256 03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae
ssdeep
3072:5D0di20jVxxjGjEnQpI3uGNwV84nYChANXWfN6gV72O/PS4oTcr:aUVVQ23VwV8Wmm6gpdPBecr

File size 160.4 KB ( 164210 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Java Archive (78.3%)
ZIP compressed archive (21.6%)
Tags
apk android

VirusTotal metadata
First submission 2013-03-12 15:24:01 UTC ( 2 years, 1 month ago )
Last submission 2015-04-19 19:09:29 UTC ( 1 week, 1 day ago )
File names Recent31.apk
1403111101.57.log
b226a66a2796e922302b96ae815
flashplayer.android.update.apk
Recent37-a.apk
stels.apk
vti-rescan
Recent37-a.apk
b226a66a2796e922302b96ae81540d5c.log
b226a66a2796e922302b96ae81540d5c_10.apk
b226a66a2796e922302b96ae81540d5c.apk
03C1B44C94C86C3137862C20F9F745E0F89CE2CDB778DC6466A06A65B7A591AE.APK.log
N116.apk
Recent31.apk
FLASHPLAYER.UPDATE.apk
N116.apk
b226a66a2796e922302b96ae81540d5c
M151.apk
J160.apk
App_1.apk
flashplayer.apk
b226a66a2796e922302b96ae81540d5c.apk
flshlyerndroidudte.apk
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x35817a89

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
249

ZipCompressedSize
190

ZipFileName
assets/html/index.html

ZipBitFlag
0x0808

ZipModifyDate
2013:03:01 06:50:18

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.