× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03f57d9e150239c84c46ef444c2ce007ade96a17167cb59f0c5bf8a24466b0b2
File name: LioKsqTHozui1JhzrTMS20161102-2359-uksydm
Detection ratio: 30 / 55
Analysis date: 2016-11-02 16:05:25 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Android.Trojan.FakeInst.PK 20161102
AegisLab Troj.Sms.Androidos!c 20161102
AhnLab-V3 Android-Trojan/FakeInst.8d36 20161102
Alibaba A.H.Rog.Pletor.G 20161102
Antiy-AVL Trojan[SMS]/AndroidOS.Opfake.a 20161102
Arcabit Android.Trojan.FakeInst.PK 20161102
Avast Android:Banker-FS [Trj] 20161102
AVG Android/G2M.BX.77BFA8BE0982 20161102
Avira (no cloud) ANDROID/SmsAgent.NG.Gen 20161102
Baidu Android.Trojan.FakeInst.ct 20161101
BitDefender Android.Trojan.FakeInst.PK 20161102
Bkav Android.Trojan.SMS.FakeInst.93C1 20161102
CAT-QuickHeal Android.Opfake.AN 20161102
Comodo UnclassifiedMalware 20161102
Cyren AndroidOS/GenBl.0B565355!Olympus 20161102
DrWeb Android.SmsBot.288.origin 20161102
Emsisoft Android.Trojan.FakeInst.PK (B) 20161102
ESET-NOD32 a variant of Android/TrojanSMS.Agent.BAZ 20161102
F-Secure Android.Trojan.FakeInst.PK 20161102
Fortinet Android/SMSSend.HG!tr 20161102
GData Android.Trojan.FakeInst.PK 20161102
Ikarus Trojan.AndroidOS.Tujtrcom 20161102
K7GW Trojan ( 0001140e1 ) 20161102
Kaspersky HEUR:Trojan-SMS.AndroidOS.Opfake.cf 20161102
McAfee Artemis!0B56535507B1 20161102
NANO-Antivirus Trojan.Android.Opfake.donppl 20161102
Qihoo-360 Trojan.Android.Gen 20161102
Sophos AV Andr/SMSSend-HG 20161102
Tencent SH.!Android.GenA.1a72 20161102
Zoner Trojan.AndroidOS.Opfake.A 20161102
ALYac 20161102
AVware 20161102
ClamAV 20161102
CMC 20161102
CrowdStrike Falcon (ML) 20161024
F-Prot 20161102
Sophos ML 20161018
Jiangmin 20161102
K7AntiVirus 20161102
Kingsoft 20161102
Malwarebytes 20161102
McAfee-GW-Edition 20161102
Microsoft 20161102
eScan 20161102
nProtect 20161101
Panda 20161102
Rising 20161102
SUPERAntiSpyware 20161102
Symantec 20161102
TheHacker 20161101
TotalDefense 20161028
TrendMicro-HouseCall 20161102
VBA32 20161102
VIPRE 20161102
ViRobot 20161102
Yandex 20161101
Zillya 20161102
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.tujtr.rtbrr. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 21.
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
com.google.android.c2dm.permission.RECEIVE (Unknown permission from android reference)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.BROADCAST_PACKAGE_REMOVED (send package removed broadcast)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
com.android.system.permission.C2D_MESSAGE (C2DM permission.)
android.permission.READ_SMS (read SMS or MMS)
Activities
com.tujtr.rtbrr.MainActivity
com.tujtr.rtbrr.InstallerActivity
com.tujtr.rtbrr.CardView
com.tujtr.rtbrr.CardTimer
Services
com.tujtr.rtbrr.TheSure
Receivers
com.google.android.gcm.GCMBroadcastReceiver
com.tujtr.rtbrr.SReceiver
com.tujtr.rtbrr.OnBootReceiver
com.tujtr.rtbrr.ICREC
com.tujtr.rtbrr.TheBack
Activity-related intent filters
com.tujtr.rtbrr.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.tujtr.rtbrr.OnBootReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.QUICKBOOT_POWERON
com.google.android.gcm.GCMBroadcastReceiver
actions: com.google.android.c2dm.intent.RECEIVE, com.google.android.c2dm.intent.REGISTRATION
categories: com.tujtr.rtbrr
com.tujtr.rtbrr.SReceiver
actions: android.provider.Telephony.SMS_RECEIVED
com.tujtr.rtbrr.ICREC
actions: android.intent.action.PHONE_STATE
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
273
Uncompressed size
956198
Highest datetime
2015-03-03 17:55:12
Lowest datetime
2014-12-27 14:34:12
Contained files by extension
png
208
xml
60
dex
1
MF
1
RSA
1
SF
1
Contained files by type
PNG
208
XML
60
unknown
4
DEX
1
File identification
MD5 0b56535507b1210e3718b0692f28fc4a
SHA1 49ff7a1c3ed44bad40e759e65d71b147cfdbf4e8
SHA256 03f57d9e150239c84c46ef444c2ce007ade96a17167cb59f0c5bf8a24466b0b2
ssdeep
12288:H9uxipW4coe4fs2xpaod8Kj1wjlH0gye88WNIe0TEhF3z3f5ulk5xp5+HKfu5DrG:8ipGoe4JIQ8Kj1ZnL+HKfuNKeA

File size 624.2 KB ( 639159 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk android

VirusTotal metadata
First submission 2015-03-03 16:16:45 UTC ( 3 years, 6 months ago )
Last submission 2016-11-02 16:05:25 UTC ( 1 year, 10 months ago )
File names 1.apk
LioKsqTHozui1JhzrTMS20161102-2359-uksydm
cdb480d054ea83fdf47ab2843153c369be17ece4
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started activities
#Intent;launchFlags=0x10000000;component=com.tujtr.rtbrr/.CardTimer;end
Started services
#Intent;launchFlags=0x10000000;component=com.tujtr.rtbrr/.TheSure;end
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.
Contacted URLs
http://evattown.net/bn/gettask.php/balance=0&imei=242633840352379
http://evattown.net/bn/reg.php/country=us&phone=15555215554&op=Android&balance=0&imei=242633840352379