× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48a558f9afa1d78206f084df5355b6041b6d3f8d80998701ee9613f0eb5ecf8f
File name: tomb_run_7230_10.apk
Detection ratio: 31 / 55
Analysis date: 2016-08-07 04:33:44 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Android.Adware.Qdplugin.C 20160807
AegisLab Ganlet 20160807
AhnLab-V3 Android-PUP/Gletan.39a6 20160806
Alibaba A.H.Pay.Letang.A 20160805
Antiy-AVL GrayWare[AdWare]/AndroidOS.Ganlet.a 20160807
Arcabit Android.Adware.Qdplugin.C 20160807
AVG Android/G2P.C.644803CDDC03 20160807
Avira (no cloud) ADWARE/ANDR.Ganlet.A.Gen 20160806
AVware Trojan.AndroidOS.Generic.A 20160807
BitDefender Android.Adware.Qdplugin.C 20160807
Bkav Android.Adware.RevMob.2F55 20160806
CAT-QuickHeal Android.Cnappbox.B (AdWare) 20160806
Comodo ApplicUnwnt 20160806
Cyren AndroidOS/GenPua.62D82059!Olympus 20160807
DrWeb Adware.Leadbolt.7.origin 20160807
Emsisoft Android.Adware.Qdplugin.C (B) 20160807
ESET-NOD32 a variant of Android/AdDisplay.Ganlet.A potentially unwanted 20160806
F-Prot AndroidOS/Floodad.A 20160807
F-Secure Android.Adware.Qdplugin 20160807
Fortinet Adware/Fam.NB 20160807
GData Android.Adware.Qdplugin.C 20160807
Ikarus PUA.AndroidOS.Domob 20160806
Jiangmin AdWare/AndroidOS.bxw 20160807
Kaspersky not-a-virus:HEUR:AdWare.AndroidOS.Ganlet.a 20160807
McAfee Artemis!21B0424D6966 20160807
McAfee-GW-Edition Artemis!21B0424D6966 20160807
eScan Android.Adware.Qdplugin.C 20160807
NANO-Antivirus Trojan.Android.Domob.dgteea 20160807
Sophos AV Android Letang (PUA) 20160807
Tencent Adware.Android.Letang.a 20160807
Zillya Adware.Ganlet.Android.5 20160806
ALYac 20160807
Avast 20160807
Baidu 20160806
ClamAV 20160807
CMC 20160804
K7AntiVirus 20160807
K7GW 20160807
Kingsoft 20160807
Malwarebytes 20160806
Microsoft 20160807
nProtect 20160805
Panda 20160806
Qihoo-360 20160807
SUPERAntiSpyware 20160807
Symantec 20160807
TheHacker 20160806
TotalDefense 20160805
TrendMicro 20160807
TrendMicro-HouseCall 20160807
VBA32 20160805
VIPRE 20160807
ViRobot 20160806
Yandex 20160806
Zoner 20160807
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.freegame.temple.good. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 7. The target Android API level for the application to run (TargetSDKVersion) is 15.
Required permissions
android.permission.VIBRATE (control vibrator)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.GET_TASKS (retrieve running applications)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.INTERNET (full Internet access)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS (mount and unmount file systems)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.GET_ACCOUNTS (discover known accounts)
Activities
com.letang.adunion.ads.JoyAdJoymeng
com.unity3d.player.UnityPlayerProxyActivity
com.unity3d.player.UnityPlayerActivity
com.unity3d.player.UnityPlayerNativeActivity
com.unity3d.player.VideoPlayer
com.google.ads.AdActivity
com.millennialmedia.android.MMActivity
com.millennialmedia.android.VideoPlayer
com.playhaven.src.publishersdk.content.PHContentView
com.chartboost.sdk.CBImpressionActivity
com.flurry.android.FlurryFullscreenTakeoverActivity
com.greystripe.sdk.GSFullscreenActivity
com.joymeng.sprinkle.ui.SprinkleRealAppwallActivity
com.joymeng.sprinkle.ui.SprinkleWebActivity
com.mobclix.android.sdk.MobclixBrowserActivity
com.inmobi.androidsdk.IMBrowserActivity
com.jirbo.adcolony.AdColonyOverlay
com.jirbo.adcolony.AdColonyFullscreen
com.jirbo.adcolony.AdColonyBrowser
com.tapjoy.TapjoyFullScreenAdWebView
com.flip.good.baidustasact
com.flip.good.baidurecoact
com.flip.good.baidurecooact
com.flip.good.baidunewact
Services
com.joymeng.sprinkle.service.SprinkleControlerService
com.flip.good.baidudem
com.flip.good.baidugame
Receivers
com.joymeng.sprinkle.service.SprinkleControllerReceiver
com.flip.good.baidurecv
Service-related intent filters
com.joymeng.sprinkle.service.SprinkleControlerService
actions: com.sprinkle.service.joyalive.com.freegame.temple.good.notify.game, com.sprinkle.service.joyalive.com.freegame.temple.good.check.fullscreen.ad.update.show, com.sprinkle.service.joyalive.com.freegame.temple.good.check.fullscreen.ad.update, com.sprinkle.service.joyalive.com.freegame.temple.good.show.fullscreen.ad, com.sprinkle.service.joyalive.com.freegame.temple.good.install.finish.pack, com.sprinkle.service.joyalive.com.freegame.temple.good.download.file, com.sprinkle.service.joyalive.com.freegame.temple.good.record.failed.file, com.sprinkle.service.joyalive.com.freegame.temple.good.resume.failed.downloads, com.sprinkle.service.joyalive.com.freegame.temple.good.show.slider.view, com.sprinkle.service.joyalive.com.freegame.temple.good.check.update.show.slider.view, com.sprinkle.service.joyalive.com.freegame.temple.good.usr.remove.pacakge
Activity-related intent filters
com.unity3d.player.UnityPlayerActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.flip.good.baidurecv
actions: android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.UMS_CONNECTED, android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, com.android.game.service.NOTIFY
categories: android.intent.category.HOME
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The studied file contains at least one Portable Executable.
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
149
Uncompressed size
33153961
Highest datetime
2013-07-12 14:08:42
Lowest datetime
2012-06-29 15:13:32
Contained files by extension
png
16
dll
9
xml
7
so
6
pro
2
vp
2
dex
1
MF
1
chg
1
RSA
1
SF
1
Contained files by type
unknown
111
PNG
16
Portable Executable
9
XML
6
ELF
4
ZIP
2
DEX
1
File identification
MD5 21b0424d69665a6e400d7dd900c89763
SHA1 fc7fa5835b7fe690c25021a4c3f307581196fc4d
SHA256 48a558f9afa1d78206f084df5355b6041b6d3f8d80998701ee9613f0eb5ecf8f
ssdeep
393216:Pm9wopPLN2Im4NQivYQOCZ0rNSpM7ANC1RhzEj1O:PQwopPLQItNQ8YkZ0rApMcA1RdsO

File size 13.3 MB ( 13995612 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
contains-elf apk dyn-calls dyn-class contains-pe android

VirusTotal metadata
First submission 2013-12-05 07:01:28 UTC ( 5 years, 3 months ago )
Last submission 2014-12-08 13:33:07 UTC ( 4 years, 3 months ago )
File names 1384593147_tomb-run.apk
tomb_run_7230_10.apk
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1022.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.freegame.temple.good/com.flip.good.baidudem;end
Opened files
/data/data/com.freegame.temple.good/files/com.apk
/data/data/com.freegame.temple.good/files/cha.apk
/mnt/sdcard/Joy/Cache
/data/data/com.freegame.temple.good/files
APP_ASSETS/bin/Data/settings.xml
APP_ASSETS/cha.pro
APP_ASSETS/client
APP_ASSETS/com.so
APP_ASSETS/cha.so
/mnt/sdcard
/data
Accessed files
/mnt/sdcard/Joy/Cache
/mnt/sdcard/Joy/Ad/ad.conf
/data/data/com.freegame.temple.good/files
/data/data/com.freegame.temple.good/files/com.apk
/data/data/com.freegame.temple.good/files/cha.apk
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically loaded classes
com.letang.apkservice.ClientService
Dynamically called methods
android.content.pm.PackageParser.parsePackage 4 arguments.
u'/data/data/com.freegame.temple.good/files/com.apk'
u'/data/data/com.freegame.temple.good/files/com.apk'
u'DisplayMetrics{density=1.5, width=0, height=0, scaledDensity=1.5, xdpi=240.0, ydpi=240.0}'
u'0x0'
android.content.res.AssetManager.addAssetPath 1 argument.
u'/data/data/com.freegame.temple.good/files/com.apk'