× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a4b624e2a8c292e21b14070a6528c7c5da4640a05c27db6fee3a9babf7519f8
File name: hack.apk
Detection ratio: 32 / 56
Analysis date: 2016-01-11 15:24:12 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Android.Trojan.Dendroid.A 20160111
AegisLab Dingwe 20160111
AhnLab-V3 Android-Trojan/Dendroid.d475 20160111
Alibaba A.H.Pri.Dendroid 20160111
Antiy-AVL Trojan[Backdoor:HEUR]/AndroidOS.Dingwe.1 20160111
Avast Android:Dendroid-E [Trj] 20160111
AVG Android/Deng.RLD 20160111
AVware Trojan.AndroidOS.Generic.A 20160111
Baidu-International Trojan.Android.Dingwe.D 20160111
BitDefender Android.Trojan.Dendroid.A 20160111
CAT-QuickHeal Android.Dingwe.A 20160111
Comodo UnclassifiedMalware 20160111
Cyren AndroidOS/Dendroid.A.gen!Eldorado 20160111
Emsisoft Android.Trojan.Dendroid.A (B) 20160111
ESET-NOD32 a variant of Android/Dingwe.A 20160111
F-Secure Backdoor:Android/Dendroid.B 20160111
Fortinet Android/Dendroid.A!tr 20160111
GData Android.Trojan.Dendroid.A 20160111
Ikarus Backdoor.AndroidOS.Dendroid 20160111
Jiangmin Backdoor/AndroidOS.bjr 20160111
K7GW Trojan ( 00497f2f1 ) 20160111
Kaspersky HEUR:Backdoor.AndroidOS.Dingwe.a 20160111
McAfee Artemis!8BB0E4B5EDBA 20160111
eScan Android.Trojan.Dendroid.A 20160111
NANO-Antivirus Trojan.Android.Banker.dxshbq 20160111
Qihoo-360 Trojan.Android.Gen 20160111
Rising APK:Trojan.Generic(AndrCity)!7.1762 [F] 20160111
Tencent Dos.Backdoor.Dingwe.Edxo 20160111
TrendMicro ANDROIDOS_DENDROID.XA 20160111
TrendMicro-HouseCall ANDROIDOS_DENDROID.XA 20160111
VIPRE Trojan.AndroidOS.Generic.A 20160111
Zoner Trojan.AndroidOS.Dendroid.A 20160111
Yandex 20160108
ALYac 20160204
Arcabit 20160111
Avira (no cloud) 20160111
Bkav 20160111
ByteHero 20160111
ClamAV 20160110
CMC 20160111
DrWeb 20160111
F-Prot 20160111
K7AntiVirus 20160111
Malwarebytes 20160111
McAfee-GW-Edition 20160111
Microsoft 20160111
nProtect 20160111
Panda 20160111
Sophos AV 20160204
SUPERAntiSpyware 20160111
Symantec 20160110
TheHacker 20160107
TotalDefense 20160111
VBA32 20160111
ViRobot 20160111
Zillya 20160111
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.hidden.droidian. The internal version number of the application is 2. The displayed version string of the application is 2.0. The minimum Android API level for the application to run (MinSDKVersion) is 10. The target Android API level for the application to run (TargetSDKVersion) is 18.
Risk summary
The APK package studied contains zip files
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_CONTACTS (read contact data)
android.permission.QUICKBOOT_POWERON (Unknown permission from android reference)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.PROCESS_OUTGOING_CALLS (intercept outgoing calls)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.GET_TASKS (retrieve running applications)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.WRITE_SETTINGS (modify global system settings)
android.permission.CAMERA (take pictures and videos)
android.permission.READ_PHONE_STATE (read phone state and identity)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECORD_AUDIO (record audio)
android.permission.GET_ACCOUNTS (discover known accounts)
android.permission.READ_SMS (read SMS or MMS)
Permission-related API calls
FACTORY_TEST
ACCESS_NETWORK_STATE
RECORD_AUDIO
INTERNET
SEND_SMS
VIBRATE
CAMERA
GET_ACCOUNTS
READ_CONTACTS
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
WRITE_HISTORY_BOOKMARKS
WAKE_LOCK
ACCESS_FINE_LOCATION
Main Activity
com.connect.Droidian
Activities
com.connect.Droidian
com.connect.Dialog
com.connect.CaptureCameraImage
com.connect.CameraView
com.connect.VideoView
Services
com.connect.DroidianService
com.connect.RecordService
Receivers
com.connect.ServiceReceiver
Activity-related intent filters
com.connect.Droidian
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.connect.ServiceReceiver
actions: android.intent.action.BOOT_COMPLETED, android.provider.Telephony.SMS_RECEIVED, android.intent.action.PHONE_STATE, android.intent.action.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE, android.intent.action.QUICKBOOT_POWERON
Application certificate information
Application bundle files
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
16
Uncompressed size
1507917
Highest datetime
2015-03-21 06:00:20
Lowest datetime
2015-03-21 05:56:38
Contained files by extension
xml
5
png
4
dex
1
MF
1
jar
1
RSA
1
SF
1
Contained files by type
XML
5
unknown
5
PNG
4
DEX
1
ZIP
1
File identification
MD5 8bb0e4b5edba06b0979112689c2ea912
SHA1 5e8498445d7e3d63f0764b4adfa21cea73eef050
SHA256 4a4b624e2a8c292e21b14070a6528c7c5da4640a05c27db6fee3a9babf7519f8
ssdeep
24576:jJJwwjBVOiEgOeuboJRXawi3wi6wiewiz8eSUbk8X:jJVNM7gLuKNeHg8X

File size 1006.1 KB ( 1030215 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk checks-gps android via-tor

VirusTotal metadata
First submission 2015-03-28 05:59:20 UTC ( 3 years, 4 months ago )
Last submission 2015-05-16 19:48:43 UTC ( 3 years, 3 months ago )
File names hack.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.hidden.droidian/com.connect.DroidianService;end
Opened files
/mnt/sdcard
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that provide access to the system location services. These services allow applications to obtain periodic updates of the device's geographical location, or to fire an application-specified Intent when the device enters the proximity of a given geographical location.
Contacted URLs
http://z0.tkurd.net/z0/get.php/UID=a58f550ad754904d&Provider=Android&Phone_Number=15555215554&Coordinates=null,null&Device=NexusS&Sdk=15&Version=1&Random=538&Password=keylimepie
http://z0.tkurd.net/z0/get.php/UID=a58f550ad754904d&Provider=Android&Phone_Number=15555215554&Coordinates=null,null&Device=NexusS&Sdk=15&Version=1&Random=710&Password=keylimepie
http://z0.tkurd.net/z0/get.php/UID=a58f550ad754904d&Provider=Android&Phone_Number=15555215554&Coordinates=null,null&Device=NexusS&Sdk=15&Version=1&Random=225&Password=keylimepie
http://z0.tkurd.net/z0/get-functions.php?UID=a58f550ad754904d&Password=keylimepie