× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f18f75eb0129faedf9e490e3f8221960158f01f44dec8261764c0b68c36ecd8
File name: MASS_EFFECT_INFILTRATOR_1_0_30 (1).apk
Detection ratio: 6 / 45
Analysis date: 2013-02-18 20:55:10 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
DrWeb Android.SmsSend.354.origin 20130218
ESET-NOD32 Android/TrojanSMS.Agent.JS 20130218
Kaspersky HEUR:Trojan-SMS.AndroidOS.Opfake.bo 20130218
Kingsoft Android.Troj.Opfake.a.(kcloud) 20130204
Sophos Andr/Opfake-C 20130218
TrendMicro-HouseCall TROJ_GEN.FCBHZIK 20130218
Yandex 20130218
AhnLab-V3 20130218
AntiVir 20130218
Antiy-AVL 20130218
Avast 20130218
AVG 20130218
BitDefender 20130218
ByteHero 20130218
CAT-QuickHeal 20130218
ClamAV 20130218
Commtouch 20130218
Comodo 20130218
Emsisoft 20130218
eSafe 20130211
F-Prot 20130218
F-Secure 20130218
Fortinet 20130218
GData 20130218
Ikarus 20130218
Jiangmin 20130218
K7AntiVirus 20130218
Malwarebytes 20130218
McAfee 20130218
McAfee-GW-Edition 20130218
Microsoft 20130218
eScan 20130218
NANO-Antivirus 20130218
Norman 20130218
nProtect 20130218
Panda 20130218
Rising 20130205
SUPERAntiSpyware 20130218
Symantec 20130218
TheHacker 20130217
TotalDefense 20130218
TrendMicro 20130218
VBA32 20130218
VIPRE 20130218
ViRobot 20130218
The file being studied is Android related! APK Android file more specifically. The application's main package name is ktlhjs.kjgrisuama. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 7. The target Android API level for the application to run (TargetSDKVersion) is 9.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
com.android.launcher.permission.UNINSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.UPDATE_DEVICE_STATS (modify battery statistics)
android.permission.INTERNET (full Internet access)
android.permission.SEND_SMS (send SMS messages)
android.permission.PERSISTENT_ACTIVITY (make application always run)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.WRITE_SECURE_SETTINGS (modify secure system settings)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.GET_PACKAGE_SIZE (measure application storage space)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.INSTALL_PACKAGES (directly install applications)
com.android.alarm.permission.SET_ALARM (set alarm in alarm clock)
android.permission.WRITE_SETTINGS (modify global system settings)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.MANAGE_APP_TOKENS (manage application tokens)
android.permission.READ_SMS (read SMS or MMS)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_CONTACTS (read contact data)
android.permission.GET_ACCOUNTS (discover known accounts)
Main Activity
ktlhjs.kjgrisuama.vllmaog
Activities
ktlhjs.kjgrisuama.vllmaog
Services
gahxrbmvl.flosjwex.utlftxwix
Receivers
ktlhjs.kjgrisuama.excbqb
gahxrbmvl.flosjwex.wgjtasurprn
ktlhjs.kjgrisuama.ntxpvxy
ktlhjs.kjgrisuama.nwhxbi
Service-related intent filters
gahxrbmvl.flosjwex.utlftxwix
actions: gahxrbmvl.flosjwex.utlftxwixStart76, android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Activity-related intent filters
ktlhjs.kjgrisuama.vllmaog
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
ktlhjs.kjgrisuama.ntxpvxy
actions: android.intent.action.BOOT_COMPLETED
categories: android.intent.category.HOME
gahxrbmvl.flosjwex.wgjtasurprn
actions: android.provider.Telephony.SMS_RECEIVED
ktlhjs.kjgrisuama.nwhxbi
actions: ktlhjs.kjgrisuama.action.delayed.sms
ktlhjs.kjgrisuama.excbqb
actions: android.intent.action.AIRPLANE_MODE
Application certificate information
Application bundle files
Compressed bundles
File identification
MD5 697488f0377f9709370ea89a411b7c1f
SHA1 660a5a5c48c0e897bec14d97f9cda42e4f226e8a
SHA256 1f18f75eb0129faedf9e490e3f8221960158f01f44dec8261764c0b68c36ecd8
ssdeep
12288:5BQMZlKhTecUJ38BcMW2hGebDs8evj8+rEwR9:5BQAd38BzJDs8evj8+rEwR9

File size 607.2 KB ( 621779 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
apk android dyn-calls

VirusTotal metadata
First submission 2013-02-18 20:55:10 UTC ( 4 years, 2 months ago )
Last submission 2015-03-05 02:07:25 UTC ( 2 years, 1 month ago )
File names MASS_EFFECT_INFILTRATOR_1_0_30 (1).apk
697488f0377f9709370ea89a411b7c1f.apk
1F18F75EB0129FAEDF9E490E3F8221960158F01F44DEC8261764C0B68C36ECD8.APK.log
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x0d5f0436

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
11066

ZipCompressedSize
2603

ZipFileName
META-INF/MANIFEST.MF

ZipBitFlag
0x0008

ZipModifyDate
2013:02:18 23:45:02

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically called methods
java.lang.reflect.Field.get 1 argument.
u'null'
android.app.Activity.setContentView 1 argument.
u'0x7f030001'
android.content.ContextWrapper.registerReceiver 2 arguments.
u'ktlhjs.kjgrisuama.ptkqaq@b4a09138'
u'android.content.IntentFilter@b4a6acf8'
android.content.Context.getSystemService 1 argument.
u'phone'
android.telephony.TelephonyManager.getSubscriberId
android.telephony.TelephonyManager.getDeviceId