× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43944f1972359278e215575926d16ebc28b702a16aeed78251320a11c3724257
File name: 1392249645_holywars.apk
Detection ratio: 1 / 56
Analysis date: 2016-06-28 21:32:07 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
AVware Adware.AndroidOS.LeadBolt.a 20160628
Ad-Aware 20160628
AegisLab 20160628
Yandex 20160626
AhnLab-V3 20160628
Alibaba 20160628
ALYac 20160628
Antiy-AVL 20160628
Arcabit 20160628
Avast 20160628
AVG 20160628
Baidu 20160628
Baidu-International 20160614
BitDefender 20160628
Bkav 20160628
CAT-QuickHeal 20160628
ClamAV 20160628
CMC 20160627
Comodo 20160628
Cyren 20160628
DrWeb 20160628
Emsisoft 20160628
ESET-NOD32 20160628
F-Prot 20160628
F-Secure 20160628
Fortinet 20160628
GData 20160628
Ikarus 20160628
Jiangmin 20160628
K7AntiVirus 20160628
K7GW 20160628
Kaspersky 20160628
Kingsoft 20160628
Malwarebytes 20160628
McAfee 20160628
McAfee-GW-Edition 20160628
Microsoft 20160628
eScan 20160628
NANO-Antivirus 20160628
nProtect 20160628
Panda 20160628
Qihoo-360 20160628
Sophos AV 20160628
SUPERAntiSpyware 20160628
Symantec 20160628
Tencent 20160628
TheHacker 20160628
TotalDefense 20160628
TrendMicro 20160628
TrendMicro-HouseCall 20160628
VBA32 20160627
VIPRE 20160628
ViRobot 20160628
Yandex 20160626
Zillya 20160627
Zoner 20160628
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.mobage.ww.a431.holywars_android. The internal version number of the application is 41. The displayed version string of the application is 1.4.4. The minimum Android API level for the application to run (MinSDKVersion) is 5.
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.VIBRATE (control vibrator)
com.android.launcher.permission.UNINSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.INTERNET (full Internet access)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
com.mobage.ww.a431.holywars_android.permission.C2D_MESSAGE (C2DM permission.)
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS (access extra location provider commands)
com.google.android.c2dm.permission.RECEIVE (Unknown permission from android reference)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.GET_TASKS (retrieve running applications)
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
com.android.vending.BILLING (Unknown permission from android reference)
android.permission.GET_ACCOUNTS (discover known accounts)
android.permission.READ_CONTACTS (read contact data)
External libraries
com.google.android.maps
Activities
com.ngmoco.marketingapp.PackageApplication
com.ngmoco.gamejs.activity.JSActivity
com.mobclix.android.sdk.MobclixBrowserActivity
Services
com.ngmoco.gamejs.service.NgSystemBindingService
com.ngmoco.gamejs.service.NgUserUpdateService
com.ngmoco.gamejs.ngiab.BillingService
Receivers
com.ngmoco.gamejs.iab.BillingReceiver
com.ngmoco.gamejs.C2DMReceiver
com.ngmoco.gamejs.SystemEventReceiver
com.ngmoco.gamejs.DownloadCompleteReceiver
com.ngmoco.gamejs.TrackingReceiver
com.ngmoco.gamejs.TriggerStartGameJSReceiver
Activity-related intent filters
com.ngmoco.marketingapp.PackageApplication
actions: android.intent.action.MAIN, android.intent.action.VIEW, com.whazzupMahHomies.rock.on.bomb.com, com.mobage.ww.PLAY
categories: android.intent.category.LAUNCHER, android.intent.category.DEFAULT
Receiver-related intent filters
com.ngmoco.gamejs.TriggerStartGameJSReceiver
actions: com.ngmoco.gamejs.START_GAMEJS
com.ngmoco.gamejs.iab.BillingReceiver
actions: com.android.vending.billing.IN_APP_NOTIFY, com.android.vending.billing.RESPONSE_CODE, com.android.vending.billing.PURCHASE_STATE_CHANGED
com.ngmoco.gamejs.TrackingReceiver
actions: com.android.vending.INSTALL_REFERRER
com.ngmoco.gamejs.SystemEventReceiver
actions: android.media.RINGER_MODE_CHANGED, android.net.conn.CONNECTIVITY_CHANGE, com.mobage.ww.a431.holywars_android.STOP
com.ngmoco.gamejs.C2DMReceiver
actions: com.google.android.c2dm.intent.RECEIVE, com.google.android.c2dm.intent.REGISTRATION
categories: com.mobage.ww.a431.holywars_android
com.ngmoco.gamejs.DownloadCompleteReceiver
actions: android.intent.action.DOWNLOAD_COMPLETE
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
219
Uncompressed size
19706442
Highest datetime
2012-02-25 22:25:50
Lowest datetime
2012-02-25 22:25:24
Contained files by extension
png
146
ttf
15
xml
5
wav
5
ogg
5
so
4
js
3
dex
1
MF
1
RSA
1
jpg
1
mp3
1
SF
1
Contained files by type
PNG
146
unknown
50
XML
5
OGG
5
ELF
4
JSON
4
HTML
2
DEX
1
JPG
1
MP3
1
File identification
MD5 ddcd5fea4c7ddfeff779fcb909c583e5
SHA1 f41fa35284fada0d69f204d773db4503c27353c9
SHA256 43944f1972359278e215575926d16ebc28b702a16aeed78251320a11c3724257
ssdeep
196608:H5xzIWfglSlBF7rnavYzkCNAiU5E39+lGRlDJW9nQFIVUw6C52d8:HjEC3FncCNAq93s9nfH

File size 9.8 MB ( 10304833 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk checks-gps dyn-calls android contains-elf

VirusTotal metadata
First submission 2012-09-29 20:00:59 UTC ( 5 years, 7 months ago )
Last submission 2018-02-21 14:26:41 UTC ( 3 months ago )
File names ddcd5fea4c7ddfeff779fcb909c583e5.apk
com.mobage.ww.a431.holywars_android.apk
com.mobage.ww.a431.holywars_android-1.apk
1392249645_holywars.apk
187580_7197ab_holywars.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Permissions checked
android.permission.ACCESS_NETWORK_STATE:com.mobage.ww.a431.holywars_android
android.permission.INTERNET:com.mobage.ww.a431.holywars_android
Opened files
/system/fonts/AndroidClock.ttf
/system/fonts/AndroidClock_Highlight.ttf
/system/fonts/AndroidClock_Solid.ttf
/system/fonts/Clockopia.ttf
/system/fonts/DroidNaskh-Regular.ttf
/system/fonts/DroidSans-Bold.ttf
/system/fonts/DroidSans.ttf
/system/fonts/DroidSansArmenian.ttf
/system/fonts/DroidSansEthiopic-Regular.ttf
/system/fonts/DroidSansFallback.ttf
/system/fonts/DroidSansGeorgian.ttf
/system/fonts/DroidSansHebrew-Bold.ttf
/system/fonts/DroidSansHebrew-Regular.ttf
/system/fonts/DroidSansMono.ttf
/system/fonts/DroidSansThai.ttf
/system/fonts/DroidSerif-Bold.ttf
/system/fonts/DroidSerif-BoldItalic.ttf
/system/fonts/DroidSerif-Italic.ttf
/system/fonts/DroidSerif-Regular.ttf
/system/fonts/Roboto-Bold.ttf
/system/fonts/Roboto-BoldItalic.ttf
/system/fonts/Roboto-Italic.ttf
/system/fonts/Roboto-Regular.ttf
/system/fonts
APP_ASSETS/splashvideos/video_480.mp4
/data/data/com.mobage.ww.a431.holywars_android/files/.flurryagent.2cababc7
/mnt/sdcard
/data/data/com.mobage.ww.a431.holywars_android/files
/mnt/sdcard/.ngmoco/splashvideos
/mnt/sdcard/.ngmoco
Accessed files
/data/data/com.mobage.ww.a431.holywars_android/files/.flurryagent.2cababc7
/mnt/sdcard/.ngmoco/distributionName
/data/data/com.mobage.ww.a431.holywars_android/files
/sdcard/ngcore_ui_profile.txt
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that provide access to the system location services. These services allow applications to obtain periodic updates of the device's geographical location, or to fire an application-specified Intent when the device enters the proximity of a given geographical location.
Dynamically called methods
android.os.SystemProperties.get 1 argument.
u'ro.serialno'
Contacted URLs
http://ads2.greystripe.com/AdBridgeServer/track.htm/did=099520357496065&appid=100003763&action=dl
http://a.jumptap.com/a/conversion/hid=ef7860ca67425025&app=com.mobage.ww.a431.holywars_android&event=Download
http://gameviewoffers.appspot.com/rtrack_direct/udid=099520357496065&offer_id=5149
http://www.mojiva.com/appconversion.php/udid=1a575ca2aaf2eb6990d916ae8f656a9f&advertiser_id=31352&group_code=com.mobage.ww.a431.holywars_android
http://adfonic.net/is/com.mobage.ww.a431.holywars_android/ef7860ca67425025
http://cvt.mydas.mobi/handleConversion/goalId=17710&auid=099520357496065&firstlaunch=1
https://api.adsymptotic.com/api/s/trackconversion
5F75613D4D6F7A696C6C61253246352E302B2532384C696E75782533422B552533422B416E64726F69642B342E302E342533422B656E2D75732533422B676F6F676C655F73646B2B4275696C642532464D52312532392B4170706C655765624B69742532463533342E33302B2532384B48544D4C2532432B6C696B652B4765636B6F2532392B56657273696F6E253246342E302B4D6F62696C652B5361666172692532463533342E3330265F73763D31265F647069643D3163383764343830323634396265346166303537646165626464376161363834265F6169643D636F6D2E6D6F626167652E77772E613433312E686F6C79776172735F616E64726F6964...
https://www.chartboost.com/api/install.json
773D343830266170703D346564666463316535623262393437633661303030303231267363616C653D312E35266F733D416E64726F69642B342E302E34266D6F64656C3D4E657875732B532662756E646C653D312E342E342673646B3D322E30266C616E67756167653D456E676C69736826757569643D65663738363063613637343235303235267369676E61747572653D666534313034316539623038666138303134623332363236323737363538373826683D38303026636F756E7472793D5553
http://service.sponsorpay.com/installs/mac_address=&android_id=ef7860ca67425025&answer_received=0&phone_version=samsung_Nexus S&sdk_version=1.3.1&appid=26805&device_id=099520357496065&language=en_US&version=2&os_version=Android OS 4.0.4
http://data.flurry.com/aap.do
000F000000000000000000000000000300750000013A4990C9EB0014483842345231344545564D4E435741454D3534370005312E342E3400000013414E44656637383630636136373432353032350000013A4990C7D90000013A4990C7D90006000C6465766963652E6D6F64656C00074E657875732053000B6275696C642E6272616E640006676F6F676C6500086275696C642E696400064A524F303345000F76657273696F6E2E72656C656173650005342E302E34000C6275696C642E646576696365000663726573706F000D6275696C642E70726F647563740004736F6A750000
http://androidsdk.bestcoolfungames.com/pushnotification/requestAd/registerAdInstall/com.mobage.ww.a431.holywars_android&null/
https://ws.tapjoyads.com/connect?app_id=d5cc162e-d63a-4a2d-a66d-51a9f734d571&android_id=ef7860ca67425025&udid=099520357496065&device_name=Nexus%20S&device_type=android&os_version=4.0.4&country_code=US&language_code=en&app_version=1.4.4&library_version=8.1.1&platform=android&display_multiplier=1.0&carrier_name=Android&carrier_country_code=us&mobile_country_code=310260&screen_density=240&screen_layout_size=2&connection_type=mobile&timestamp=1349853951&verifier=2aedbed7022ca32c01aef4cf9f3c54a93d93cf59f45e6c4903d540095f921bed
http://www.g6pay.com/api/installconfirm?app_id=767&phone_id=099520357496065&signature=4e0ee179367c1bc5f3dca2e6e9ba430b846fd3358e8838511772ca337c28411a&platform=android
http://ad.leadboltapps.net
Accessed URIs
http://service.sponsorpay.com/installs