× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a3e255ccb734021ff8c89b4f14196d065fa1905ab5df398431df4909b1ed1d7
File name: VirusShare_ac69514f9632539f9e8ad7b944556ed8
Detection ratio: 37 / 58
Analysis date: 2016-12-22 07:52:17 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Android.Trojan.SmsSpy.E 20161222
AegisLab Agent 20161222
AhnLab-V3 Android-Trojan/SMSAgent.502d 20161222
Alibaba A.H.Pay.Htmlapp.B 20161222
Antiy-AVL Trojan[SMS]/AndroidOS.Stealer.a 20161222
Arcabit Android.Trojan.SmsSpy.E 20161222
Avast Android:SMSThief-IQ [Trj] 20161222
AVG Android/SMSStealer 20161222
Avira (no cloud) ANDROID/SmsAgent.BL.Gen 20161222
AVware Trojan.AndroidOS.Generic.A 20161222
Baidu Android.Trojan.Agent.aby 20161207
BitDefender Android.Trojan.SmsSpy.E 20161222
Bkav Android.Malware.SDi.4ED8 20161221
CAT-QuickHeal Android.Stealer.B 20161222
Comodo UnclassifiedMalware 20161222
Cyren AndroidOS/SmsSpy.C 20161222
DrWeb Android.SmsSend.545 20161222
Emsisoft Android.Trojan.SmsSpy.E (B) 20161222
ESET-NOD32 a variant of Android/TrojanSMS.Agent.JQ 20161222
F-Prot AndroidOS/SmsSpy.C 20161222
F-Secure Trojan:Android/SmsSpy.AC 20161222
Fortinet Android/SmsSpy.O!tr 20161222
GData Android.Trojan.SmsSpy.E 20161222
Ikarus Trojan.AndroidOS.SendSMS 20161221
Jiangmin Trojan/AndroidOS.kh 20161222
K7GW Trojan ( 0048d9231 ) 20161222
Kaspersky HEUR:Trojan-SMS.AndroidOS.Stealer.a 20161222
McAfee Artemis!AC69514F9632 20161222
McAfee-GW-Edition Artemis!Trojan 20161222
eScan Android.Trojan.SmsSpy.E 20161222
NANO-Antivirus Trojan.Android.Agent.cujubj 20161222
Qihoo-360 Trojan.Android.Gen 20161222
Rising Stealer.Agent/Android!8.623-OcmvPS4dqJR (cloud) 20161222
Sophos Andr/FakeIns-D 20161222
Tencent a.expense.htmlapp.b 20161222
Trustlook Android.Trojan.Htmlapp 20161222
WhiteArmor Android-Malware.SN-Sure.2633034104135149324258.[Trojan] 20161221
ALYac 20161222
ClamAV 20161222
CMC 20161222
CrowdStrike Falcon (ML) 20161024
Invincea 20161216
K7AntiVirus 20161222
Kingsoft 20161222
Malwarebytes 20161222
Microsoft 20161222
nProtect 20161222
Panda 20161221
SUPERAntiSpyware 20161222
Symantec 20161222
TheHacker 20161219
TotalDefense 20161222
TrendMicro 20161222
TrendMicro-HouseCall 20161222
VBA32 20161221
VIPRE 20161222
ViRobot 20161222
Yandex 20161221
Zillya 20161220
Zoner 20161222
The file being studied is Android related! APK Android file more specifically. The application's main package name is mumiyainstalator.html.app. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 4. The target Android API level for the application to run (TargetSDKVersion) is 15.
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.INSTALL_PACKAGES (directly install applications)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.GET_TASKS (retrieve running applications)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
Activities
html.app.MainActivity
Services
system.service.MainService
system.service.HideService
Receivers
html.app.AlarmReceiver
html.app.SmsReciver
system.service.AlarmReceiver
system.service.AutorunReceiver
system.service.SmsReciver
Activity-related intent filters
html.app.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
system.service.SmsReciver
actions: android.provider.Telephony.SMS_RECEIVED
html.app.SmsReciver
actions: android.provider.Telephony.SMS_RECEIVED
system.service.AutorunReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, android.intent.action.PHONE_STATE
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
39
Uncompressed size
1322654
Highest datetime
2013-09-24 13:03:24
Lowest datetime
2013-09-24 13:03:22
Contained files by extension
png
9
js
4
xml
3
gif
2
dex
1
MF
1
RSA
1
enc
1
SF
1
Contained files by type
HTML
14
unknown
10
PNG
9
XML
3
GIF
2
DEX
1
File identification
MD5 ac69514f9632539f9e8ad7b944556ed8
SHA1 a13dfaef96c4d4e3f0db7eed9aad3975f62ca8eb
SHA256 1a3e255ccb734021ff8c89b4f14196d065fa1905ab5df398431df4909b1ed1d7
ssdeep
12288:vhnt3fmNkGuSt9T+n6YSBmjom7w7u+t6098:vuWoqnnSsoWwA

File size 447.4 KB ( 458142 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk checks-gps android

VirusTotal metadata
First submission 2013-09-24 09:03:08 UTC ( 3 years, 6 months ago )
Last submission 2016-11-24 21:17:49 UTC ( 4 months ago )
File names VirusShare_a13dfaef96c4d4e3f0db7eed9aad3975f62ca8eb.apk
1a3e255ccb734021ff8c89b4f14196d065fa1905ab5df398431df4909b1ed1d7.log
output.15381638.txt
15381638
VirusShare_ac69514f9632539f9e8ad7b944556ed8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=mumiyainstalator.html.app/system.service.MainService;S.key=restore;end
#Intent;component=mumiyainstalator.html.app/system.service.MainService;S.key=alarm;i.android.intent.extra.ALARM_COUNT=1;end
Opened files
/data/data/mumiyainstalator.html.app/files/settings
/res/raw/settings
APP_ASSETS/html/api.js.enc
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.
Calls APIs that provide access to the system location services. These services allow applications to obtain periodic updates of the device's geographical location, or to fire an application-specified Intent when the device enters the proximity of a given geographical location.
Contacted URLs
http://jmobi.net/api/ads2/d=3z9hg&imei=64dc0gm0rm&imsi=7su7dwuiqh&lat=0.0&lng=0.0
https://mobile-collector.newrelic.com/mobile/v1/connect
5B5B22D09CD183D0BCD0B8D18F20D093D180D0BED0B1D0BDD0B8D186D0B020D098D0BCD0BFD0B5D180D0B0D182D0BED180D0B020D094D180D0B0D0BAD0BED0BDD0BED0B2222C22312E30222C226D756D697961696E7374616C61746F722E68746D6C2E617070225D2C5B22416E64726F6964222C22342E302E34222C2273616D73756E67204E657875732053222C22416E64726F69644167656E74222C22322E333635222C2261353866353530616437353439303464222C6E756C6C2C6E756C6C2C2273616D73756E67222C7B2273697A65223A226E6F726D616C227D5D5D
http://jmobi.net/api/ads6/d=3z9hg
http://jmobi.net/api/ads5/d=3z9hg&t=9g8t_iIg_lijM9_ceyxxHSlS0ubO6hAQPV61nKipJOCa0uBDlCNKdkkMTWxCvmJrqYQ4XkvvupAc-SmspOHSUrDPiL5pNjOley9twLjf8ExRaeti_cU5genamRqxJRHtH-CzV8TNgVrF1Z0T&n=qLQve_e_shRPkcRlDeOi4LHATNBromER2K0xM5HhLybLYAk=&imsi=JbqIcXTLNiBNXdZ1WTMZm8p5e_-AG47gwQQ_S-1yhBdQz3RDKMgt3HN_hMny&time=09-10-2012+18:55:17++0200&aos_enabled=false&filter_ex=false&filter_simple=false