× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae
File name: 110000160700801501.apk
Detection ratio: 37 / 57
Analysis date: 2015-08-18 02:44:12 UTC ( 1 week, 4 days ago )
Antivirus Result Update
AVG Android/Generic.AW 20150818
AVware Trojan.AndroidOS.Generic.A 20150818
Ad-Aware Android.Trojan.FakeApp.K 20150818
AegisLab FakeToken 20150817
AhnLab-V3 Android-Trojan/FakeInst.eb0d 20150817
Alibaba A.H.Pay.Erop.YG 20150817
Antiy-AVL Trojan[Banker]/AndroidOS.Faketoken.b 20150818
Arcabit Android.Trojan.FakeApp.K 20150818
Avira ANDROID/TrojanSMS.Agent.ANZ.Gen 20150817
Baidu-International Trojan.Win32.Agent.AaA 20150817
BitDefender Android.Trojan.FakeApp.K 20150818
CAT-QuickHeal Android.FakeInst.AC 20150817
ClamAV Andr.Trojan.Stels 20150818
Comodo UnclassifiedMalware 20150818
Cyren AndroidOS/FakeToken.B 20150818
ESET-NOD32 a variant of Android/TrojanSMS.Agent.KR 20150817
Emsisoft Android.Trojan.FakeApp.K (B) 20150818
F-Prot AndroidOS/FakeToken.B 20150818
F-Secure Trojan:Android/SmsSpy.K 20150817
Fortinet Android/Stels.A!tr 20150818
GData Android.Trojan.FakeApp.K 20150818
Ikarus Trojan-SMS.AndroidOS.Agent 20150818
Jiangmin Trojan/Banker.AndroidOS.vy 20150815
K7AntiVirus Trojan ( 0040f4111 ) 20150817
K7GW Trojan ( 0040f4111 ) 20150817
Kaspersky HEUR:Trojan-Banker.AndroidOS.Faketoken.b 20150818
Kingsoft Android.Troj.Faketoken.a.(kcloud) 20150818
McAfee Artemis!B226A66A2796 20150818
MicroWorld-eScan Android.Trojan.FakeApp.K 20150818
NANO-Antivirus Trojan.Android.Agent.cujubj 20150818
Qihoo-360 Trojan.Generic 20150818
Sophos Andr/FakeIns-AB 20150818
Symantec Trojan.Gen.2 20150817
TotalDefense AndroidOS/Tnega.RLRWHbB 20150817
TrendMicro ANDROIDOS_AGENT.A 20150818
TrendMicro-HouseCall ANDROIDOS_AGENT.A 20150818
VIPRE Trojan.AndroidOS.Generic.A 20150818
ALYac 20150818
Agnitum 20150817
Avast 20150824
Bkav 20150817
ByteHero 20150818
CMC 20150814
DrWeb 20150824
Malwarebytes 20150817
McAfee-GW-Edition 20150818
Microsoft 20150824
Panda 20150817
Rising 20150823
SUPERAntiSpyware 20150817
Tencent 20150818
TheHacker 20150817
VBA32 20150817
ViRobot 20150817
Zillya 20150817
Zoner 20150818
nProtect 20150817
The file being studied is Android related! APK Android file more specifically. The application's main package name is android.systempack.ins. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 4. The target Android API level for the application to run (TargetSDKVersion) is 15.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.INSTALL_PACKAGES (directly install applications)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.CALL_PRIVILEGED (directly call any phone numbers)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
Permission-related API calls
ACCESS_NETWORK_STATE
SEND_SMS
VIBRATE
INTERNET
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
Main Activity
app.opera.MainActivity
Activities
app.opera.MainActivity
Services
ru.stels2.MainService
Receivers
ru.stels2.MainReceiver
Activity-related intent filters
app.opera.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
ru.stels2.MainReceiver
actions: android.provider.Telephony.SMS_RECEIVED, custom.alarm, custom.alarm.info, android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, android.intent.action.PHONE_STATE
Code-related observations
The application does not load any code dynamically
The application contains reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
8
Uncompressed size
629320
Highest datetime
2013-03-01 06:50:38
Lowest datetime
2013-03-01 06:35:42
Contained files by extension
xml
1
dex
1
MF
1
RSA
1
SF
1
png
1
Contained files by type
unknown
5
XML
1
DEX
1
PNG
1
Compressed bundles
File identification
MD5 b226a66a2796e922302b96ae81540d5c
SHA1 670503ed863397d64bfe24ca0940be9c23682ae4
SHA256 03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae
ssdeep
3072:5D0di20jVxxjGjEnQpI3uGNwV84nYChANXWfN6gV72O/PS4oTcr:aUVVQ23VwV8Wmm6gpdPBecr

File size 160.4 KB ( 164210 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Java Archive (78.3%)
ZIP compressed archive (21.6%)
Tags
apk android

VirusTotal metadata
First submission 2013-03-12 15:24:01 UTC ( 2 years, 5 months ago )
Last submission 2015-08-18 02:44:12 UTC ( 1 week, 4 days ago )
File names Recent31.apk
1403111101.57.log
b226a66a2796e922302b96ae815
flashplayer.android.update.apk
Recent37-a.apk
b226a66a2796e922302b96ae81540d5c
vti-rescan
Recent37-a.apk
b226a66a2796e922302b96ae81540d5c.log
b226a66a2796e922302b96ae81540d5c_10.apk
b226a66a2796e922302b96ae81540d5c.apk
03C1B44C94C86C3137862C20F9F745E0F89CE2CDB778DC6466A06A65B7A591AE.APK.log
N116.apk
Recent31.apk
FLASHPLAYER.UPDATE.apk
N116.apk
B226A66A2796E922302B96AE81540D5C.apk
stels.apk
M151.apk
J160.apk
App_1.apk
flashplayer.apk
b226a66a2796e922302b96ae81540d5c.apk
flshlyerndroidudte.apk
110000160700801501.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.