× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0840925753fbc8c68938090e5954ed289f6525cd29d8cf371a92d0839dcb8133
File name: 4021A1E00B3ABEE730994F1EE17219B4.apk
Detection ratio: 35 / 54
Analysis date: 2015-12-13 04:46:37 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
AVG Android/Deng.CZR 20151213
AVware Trojan.AndroidOS.Generic.A 20151213
Ad-Aware Android.Trojan.Gepew.A 20151213
AegisLab Gepew 20151212
AhnLab-V3 Android-Downloader/Bankun.4dad 20151212
Alibaba A.H.Int.Fakeappstore 20151208
Antiy-AVL Trojan[Banker]/AndroidOS.Gepew.b 20151213
Arcabit Android.Trojan.Gepew.A 20151213
Avast Android:FakeKRB-E [Trj] 20151213
Avira ANDROID/Spy.Banker.AZ.Gen 20151212
Baidu-International Trojan.Win32.Agent.AaA 20151212
BitDefender Android.Trojan.Gepew.A 20151213
CAT-QuickHeal Android.Wroba.A 20151212
Comodo UnclassifiedMalware 20151213
Cyren AndroidOS/GenBl.4021A1E0!Olympus 20151213
DrWeb Android.BankBot.38.origin 20151213
ESET-NOD32 a variant of Android/Spy.Agent.AA 20151212
Emsisoft Android.Trojan.Gepew.A (B) 20151213
F-Prot AndroidOS/FakeBank.B 20151213
F-Secure Trojan-Spy:Android/Smforw.H 20151211
Fortinet Android/Banker.BF!tr 20151213
GData Android.Trojan.Gepew.A 20151213
Ikarus Trojan-Spy.AndroidOS.KrBanker 20151212
K7AntiVirus Trojan ( 0001140e1 ) 20151213
K7GW Trojan ( 0001140e1 ) 20151213
Kaspersky HEUR:Trojan-Banker.AndroidOS.Gepew.b 20151213
McAfee Artemis!4021A1E00B3A 20151213
McAfee-GW-Edition Artemis!Trojan 20151213
MicroWorld-eScan Android.Trojan.Gepew.A 20151213
NANO-Antivirus Trojan.Android.Agent.cufbfn 20151213
Symantec Android.Fakebank.B 20151212
Tencent SH.!Android.ISExtra.Gen.45 20151213
TotalDefense AndroidOS/Tnega.IUFKTGC 20151213
TrendMicro AndroidOS_BANKUN.HBT 20151213
VIPRE Trojan.AndroidOS.Generic.A 20151213
Agnitum 20151212
Bkav 20151212
ByteHero 20151213
CMC 20151211
ClamAV 20151213
Jiangmin 20151212
Malwarebytes 20151213
Microsoft 20151213
Panda 20151212
Qihoo-360 20151213
Rising 20151212
SUPERAntiSpyware 20151213
TheHacker 20151211
TrendMicro-HouseCall 20151213
VBA32 20151211
ViRobot 20151213
Zillya 20151211
Zoner 20151213
nProtect 20151211
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.example.adt. The internal version number of the application is 2. The displayed version string of the application is 1.1. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 14.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
com.android.launcher.permission.UNINSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.READ_LOGS (read sensitive log data)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.SEND_SMS (send SMS messages)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.GET_TASKS (retrieve running applications)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_CONTACTS (read contact data)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.VIBRATE (control vibrator)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.MODIFY_PHONE_STATE (modify phone status)
android.permission.MODIFY_AUDIO_SETTINGS (change your audio settings)
android.permission.RESTART_PACKAGES (kill background processes)
Permission-related API calls
FACTORY_TEST
ACCESS_NETWORK_STATE
SEND_SMS
VIBRATE
INTERNET
READ_CONTACTS
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
Main Activity
com.example.adt.MainActivity
Activities
com.example.adt.MainActivity
Services
com.example.adt.CoreService
Receivers
com.example.adt.SMSReceiver
com.example.adt.PhoneListener
com.example.adt.BootBroadcastReceiver
com.example.adt.LockReceiver
Activity-related intent filters
com.example.adt.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.example.adt.SMSReceiver
actions: android.provider.Telephony.SMS_RECEIVED
categories: android.intent.category.DEFAULT
com.example.adt.PhoneListener
actions: android.intent.action.PHONE_STATE
categories: android.intent.category.DEFAULT
com.example.adt.LockReceiver
actions: android.app.action.DEVICE_ADMIN_ENABLED
com.example.adt.BootBroadcastReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED, cn.gx3.notify, android.intent.action.USER_PRESENT
categories: android.intent.category.HOME
Application certificate information
Application bundle files
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
18
Uncompressed size
464558
Highest datetime
2013-12-09 23:28:28
Lowest datetime
2013-12-09 23:28:28
Contained files by extension
png
8
xml
4
dex
1
MF
1
RSA
1
ini
1
SF
1
Contained files by type
PNG
8
unknown
5
XML
4
DEX
1
File identification
MD5 4021a1e00b3abee730994f1ee17219b4
SHA1 0da6cae1357c6dbc3f795ca7733234fd96ff401c
SHA256 0840925753fbc8c68938090e5954ed289f6525cd29d8cf371a92d0839dcb8133
ssdeep
3072:wcwO1HKgvuysqBbQ7EFIIP1OM9QANSVGk9bSUWBtVUJmGddmQc07zTFKN:vhvuysgRaINN94vDEtVimGOQdhKN

File size 225.4 KB ( 230785 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android

VirusTotal metadata
First submission 2013-12-10 08:54:50 UTC ( 2 years, 1 month ago )
Last submission 2015-12-13 04:46:37 UTC ( 1 month, 3 weeks ago )
File names 4021a1e00b3abee730994f1ee17219b4.apk
4021a1e00b3abee730994f1ee17219b4.apk
J60.apk
N19.apk
3104000
0013.apk
0da6cae1357c6dbc3f795ca7733234fd96ff401c.apk
vti-rescan
N19.apk
M50.apk
4021A1E00B3ABEE730994F1EE17219B4.apk
0840925753fbc8c68938090e5954ed289f6525cd29d8cf371a92d0839dcb8133.log
4021A1E00B3ABEE730994F1EE17219B4.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.example.adt/.CoreService;end
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Contacted URLs
http://www.slmoney.co.kr/index.php?m=Api&a=Contact&status=1&imsi=506793634093771&number=15555215554&content=
http://www.slmoney.co.kr/index.php?m=Api&a=Commend&number=15555215554&imsi=506793634093771&t=1350889548008
http://www.slmoney.co.kr/index.php?m=Api&a=Contact&status=1&imsi=023607532178715&number=15555215554&content=
http://www.slmoney.co.kr/index.php?m=Api&a=Commend&number=15555215554&imsi=023607532178715&t=1350889555109