× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 065e67591f0970b5c43debe052a0b5ce1aac4e95167853704f3b42c48d1163dd
File name: isheriff_cc567f5fcc651223205054851fde1ce4.bin
Detection ratio: 34 / 59
Analysis date: 2016-12-24 10:18:59 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Android.Riskware.AndroRat.A 20161224
AegisLab Androrat_1 20161224
AhnLab-V3 Android-Spyware/Androrat.2f84 20161224
Alibaba A.H.Rem.Climap.A 20161223
Antiy-AVL Trojan[Backdoor:HEUR]/AndroidOS.Climap.1 20161224
Arcabit Android.Riskware.AndroRat.A 20161224
Avast Android:Androrat-I [Trj] 20161224
AVG Android/SpyAgent 20161224
Avira (no cloud) ANDROID/AndroRAT.A.Gen 20161224
AVware Trojan.AndroidOS.Generic.A 20161224
Baidu Android.Trojan.AndroRAT.k 20161207
BitDefender Android.Riskware.AndroRat.A 20161224
CAT-QuickHeal Android.Climap.GEN212 20161224
ClamAV Andr.Trojan.Androrat-1 20161224
Cyren AndroidOS/AndroRat.A.gen!Eldorado 20161224
DrWeb Program.Androrat.1.origin 20161224
ESET-NOD32 a variant of Android/Spy.AndroRAT.A 20161224
F-Secure Monitoring-Tool:Android/AndroRat.B 20161224
Fortinet Android/AndroRat.A!tr 20161224
GData Android.Riskware.AndroRat.A 20161224
Ikarus Trojan-Spy.AndroidOS.Androrat 20161224
K7GW Trojan ( 0048d4dc1 ) 20161224
Kaspersky HEUR:Backdoor.AndroidOS.Climap.a 20161224
McAfee Artemis!CC567F5FCC65 20161224
McAfee-GW-Edition Artemis!PUP 20161224
Microsoft MonitoringTool:AndroidOS/AndroRat 20161224
eScan Android.Riskware.AndroRat.A 20161224
NANO-Antivirus Trojan.Android.Siggen.dzzhxe 20161224
Qihoo-360 Trojan.Android.Gen 20161224
Rising Backdoor.Android.Climap.a (classic) 20161224
Sophos AV Andr/AndroRat-C 20161224
Tencent a.remote.googleservice.a 20161224
Trustlook Android.Trojan.Androrat 20161224
WhiteArmor Android-Malware.SN-Sure.44154155095535513444.[Spyware] 20161221
Bkav 20161224
CMC 20161224
Comodo 20161224
CrowdStrike Falcon (ML) 20161024
Emsisoft 20161224
F-Prot 20161224
Sophos ML 20161216
Jiangmin 20161224
K7AntiVirus 20161224
Kingsoft 20161224
Malwarebytes 20161224
nProtect 20161224
Panda 20161224
SUPERAntiSpyware 20161223
Symantec 20161224
TheHacker 20161222
TotalDefense 20161224
TrendMicro 20161224
TrendMicro-HouseCall 20161224
VBA32 20161223
VIPRE 20161224
ViRobot 20161224
Yandex 20161223
Zillya 20161223
Zoner 20161224
The file being studied is Android related! APK Android file more specifically. The application's main package name is my.app.client. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 8.
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.VIBRATE (control vibrator)
android.permission.PROCESS_OUTGOING_CALLS (intercept outgoing calls)
android.permission.CAMERA (take pictures and videos)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.READ_SMS (read SMS or MMS)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
android.permission.RECORD_AUDIO (record audio)
Activities
my.app.client.LauncherActivity
my.app.alt.PhotoActivity
Services
my.app.client.Client
Receivers
my.app.client.BootReceiver
my.app.client.AlarmListener
Service-related intent filters
my.app.client.Client
actions: .Client
Activity-related intent filters
my.app.client.LauncherActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
my.app.client.BootReceiver
actions: android.intent.action.BOOT_COMPLETED
categories: android.intent.category.HOME
Application certificate information
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
12
Uncompressed size
118700
Highest datetime
2015-06-21 05:30:48
Lowest datetime
2015-06-21 05:30:46
Contained files by extension
png
4
xml
3
dex
1
MF
1
RSA
1
SF
1
Contained files by type
unknown
4
PNG
4
XML
3
DEX
1
File identification
MD5 cc567f5fcc651223205054851fde1ce4
SHA1 d505c18259dd97bfbf9bde180c55b81042178fa0
SHA256 065e67591f0970b5c43debe052a0b5ce1aac4e95167853704f3b42c48d1163dd
ssdeep
768:s/DyJ3HtV8jAUMmGDgjfqNlsKEce3Z2lFZUtH6Ul0nHIwjdQwWkD3bS664G1S6rO:sS3H2MYjfKWKIpq0HunHIWdQwTD302fZ

File size 67.0 KB ( 68654 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android

VirusTotal metadata
First submission 2015-06-21 12:31:32 UTC ( 3 years, 5 months ago )
Last submission 2016-06-13 20:17:32 UTC ( 2 years, 5 months ago )
File names isheriff_cc567f5fcc651223205054851fde1ce4.bin
Hexona.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;action=BootReceiver;component=my.app.client/.Client;end
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.