× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5dbc926bde665e15bba7c76c733770d7c9b59549a53aca34b6397b4a536178be
File name: 5dbc926bde665e15bba7c76c733770d7c9b59549a53aca34b6397b4a536178be.log
Detection ratio: 28 / 56
Analysis date: 2015-07-12 03:24:15 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Android.Trojan.SmsSpy.AC 20150712
AegisLab Androrat_1 20150711
AhnLab-V3 Android-Spyware/Androrat.2f84 20150711
Alibaba A.L.Rog.Androrat 20150710
Antiy-AVL Trojan/Win32.TSGeneric 20150711
Arcabit Android.Trojan.SmsSpy.AC 20150712
Avast Android:Androrat-I [Trj] 20150712
AVG Android/AndroRAT 20150712
BitDefender Android.Trojan.SmsSpy.AC 20150712
CAT-QuickHeal Android.Climap.A 20150711
ClamAV Andr.Trojan.Androrat 20150712
Cyren AndroidOS/AndroRAT.A 20150712
DrWeb Android.SmsSend.3369 20150712
Emsisoft Android.Trojan.SmsSpy.AC (B) 20150712
ESET-NOD32 a variant of Android/Spy.AndroRAT.D 20150711
F-Prot AndroidOS/AndroRAT.A 20150712
F-Secure Trojan-Spy:Android/AndroRat.A 20150711
Fortinet PossibleThreat.P0 20150712
GData Android.Trojan.SmsSpy.AC 20150712
Ikarus Trojan-Spy.AndroidOS.Androrat 20150711
K7GW Spyware ( 004c0e381 ) 20150711
Kaspersky HEUR:Backdoor.AndroidOS.Climap.a 20150712
McAfee Artemis!035164D6EB22 20150712
McAfee-GW-Edition Artemis!035164D6EB22 20150711
eScan Android.Trojan.SmsSpy.AC 20150712
NANO-Antivirus Trojan.Android.Androrat.cvkmzo 20150711
Sophos AV Andr/AndroRat-C 20150712
Zoner Spyware.AndroidOS.SmsSpy.C 20150712
Yandex 20150711
ALYac 20150712
Avira (no cloud) 20150711
AVware 20150712
Baidu-International 20150711
Bkav 20150708
ByteHero 20150712
Comodo 20150712
Jiangmin 20150710
K7AntiVirus 20150712
Kingsoft 20150712
Malwarebytes 20150711
Microsoft 20150712
nProtect 20150710
Panda 20150711
Qihoo-360 20150712
Rising 20150709
SUPERAntiSpyware 20150711
Symantec 20150712
Tencent 20150712
TheHacker 20150709
TotalDefense 20150711
TrendMicro 20150712
TrendMicro-HouseCall 20150712
VBA32 20150711
VIPRE 20150712
ViRobot 20150712
Zillya 20150711
The file being studied is Android related! APK Android file more specifically. The application's main package name is ru.qip. The internal version number of the application is 28. The displayed version string of the application is 0.9.1.5. The minimum Android API level for the application to run (MinSDKVersion) is 7. The target Android API level for the application to run (TargetSDKVersion) is 17.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file loads a shared library
The APK package studied contains shared ELF libraries
The APK package studied contains zip files
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.VIBRATE (control vibrator)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_CONTACTS (read contact data)
android.permission.SEND_SMS (send SMS messages)
android.permission.PROCESS_OUTGOING_CALLS (intercept outgoing calls)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.CAMERA (take pictures and videos)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.RECORD_AUDIO (record audio)
android.permission.INTERNET (full Internet access)
android.permission.READ_SMS (read SMS or MMS)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECEIVE_SMS (receive SMS)
Permission-related API calls
ACCESS_NETWORK_STATE
RECORD_AUDIO
WAKE_LOCK
SEND_SMS
VIBRATE
CAMERA
INTERNET
READ_CONTACTS
READ_PHONE_STATE
ACCESS_FINE_LOCATION
Main Activity
ru.qip.reborn.ui.activities.StartScreen
Activities
ru.qip.reborn.ui.activities.StartScreen
ru.qip.reborn.ui.activities.MainScreen
ru.qip.reborn.ui.activities.ChatScreen
ru.qip.reborn.ui.activities.UserInfoScreen
ru.qip.reborn.ui.activities.PreHoneycombPreferenceScreen
ru.qip.reborn.ui.activities.HoneycombPreferenceScreen
ru.qip.reborn.ui.activities.AboutScreen
ru.qip.reborn.ui.activities.MetacontactScreen
ru.qip.reborn.ui.activities.ProfileLoginScreen
ru.qip.reborn.ui.activities.FriendsSearchScreen
ru.qip.reborn.ui.activities.PassToolsScreen
ru.qip.reborn.ui.activities.PhoneLoginScreen
ru.qip.reborn.ui.activities.RegistrationScreen
ru.qip.reborn.ui.activities.SmsCatcherScreen
ru.qip.reborn.ui.activities.PhoneBinderScreen
ru.qip.reborn.ui.activities.SearchScreen
ru.qip.reborn.ui.activities.SearchResultsScreen
ru.qip.reborn.ui.activities.CLSearchResultActivity
my.app.alt.PhotoActivity
Services
ru.qip.reborn.QipRebornService
my.app.client.Client
Receivers
ru.qip.QipEventsReceiver
my.app.client.BootReceiver
my.app.client.AlarmListener
Providers
ru.qip.reborn.HistoryProvider
ru.qip.reborn.QIPSearchProvider
Service-related intent filters
my.app.client.Client
actions: .Client
Activity-related intent filters
ru.qip.reborn.ui.activities.StartScreen
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
ru.qip.reborn.ui.activities.ChatScreen
actions: android.intent.action.VIEW
categories: android.intent.category.DEFAULT
ru.qip.reborn.ui.activities.UserInfoScreen
actions: android.intent.action.EDIT
categories: android.intent.category.DEFAULT
ru.qip.reborn.ui.activities.MetacontactScreen
actions: ru.qip.reborn.activities.MetacontactScreen.ACTION_EDIT_METACONTACT
categories: android.intent.category.DEFAULT
ru.qip.reborn.ui.activities.MainScreen
actions: android.intent.action.SEARCH, QipSearchProvider.ACTION_OPEN_CHAT, QipSearchProvider.ACTION_FIND_MESSAGE
Receiver-related intent filters
my.app.client.BootReceiver
actions: android.intent.action.BOOT_COMPLETED
categories: android.intent.category.HOME
ru.qip.QipEventsReceiver
actions: ru.qip.QipEventsReceiver.ACTION_MESSAGE_ICON_SELECTED
Application certificate information
Application bundle files
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
890
Uncompressed size
9367789
Highest datetime
2015-06-12 17:21:10
Lowest datetime
2015-06-12 16:21:10
Contained files by extension
png
724
xml
151
wav
5
so
3
dex
1
MF
1
zip
1
RSA
1
SF
1
Contained files by type
PNG
724
XML
151
unknown
10
ELF
3
DEX
1
ZIP
1
File identification
MD5 035164d6eb22572042d165f6fad21412
SHA1 a23b0ebbf15bf00e0fdd49deb13f465312a2e0d1
SHA256 5dbc926bde665e15bba7c76c733770d7c9b59549a53aca34b6397b4a536178be
ssdeep
98304:SyN44Us4uoWCPlaKA+0T0gVR7fI4MUmOq8CnDZyKXCy7oHqTnhTGPLS0dZSBaQAx:N2k5CNaKIT06Lmq8yu7oqTnkPTdZAaQs

File size 5.6 MB ( 5910843 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android dyn-calls contains-elf

VirusTotal metadata
First submission 2015-06-12 12:25:49 UTC ( 3 years, 5 months ago )
Last submission 2015-07-12 03:24:15 UTC ( 3 years, 4 months ago )
File names QipHistori.apk
5dbc926bde665e15bba7c76c733770d7c9b59549a53aca34b6397b4a536178be.log
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;action=BootReceiver;component=ru.qip/my.app.client.Client;end
Started receivers
android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.STATE_CHANGE
Opened files
/mnt/sdcard/Android/data/ru.qip/files/scache
/data/data/ru.qip/cache/rbsmileys/aa.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ab.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ac.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ad.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ae.gif.tmp
/data/data/ru.qip/cache/rbsmileys/af.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ag.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ah.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ai.gif.tmp
/data/data/ru.qip/cache/rbsmileys/aj.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ak.gif.tmp
/data/data/ru.qip/cache/rbsmileys/al.gif.tmp
/data/data/ru.qip/cache/rbsmileys/am.gif.tmp
/data/data/ru.qip/cache/rbsmileys/an.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ao.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ap.gif.tmp
/data/data/ru.qip/cache/rbsmileys/aq.gif.tmp
/data/data/ru.qip/cache/rbsmileys/ar.gif.tmp
/data/data/ru.qip/cache/rbsmileys/as.gif.tmp
/data/data/ru.qip/files/Avatars
APP_ASSETS/smileys.zip
/mnt/sdcard
/data/data/ru.qip/files
/data/data/ru.qip/cache
/data/data/ru.qip/cache/rbsmileys/aa.gif
/data/data/ru.qip/cache/rbsmileys/ab.gif
/data/data/ru.qip/cache/rbsmileys/ac.gif
/data/data/ru.qip/cache/rbsmileys/ad.gif
/data/data/ru.qip/cache/rbsmileys/ae.gif
/data/data/ru.qip/cache/rbsmileys/af.gif
/data/data/ru.qip/cache/rbsmileys/ag.gif
/data/data/ru.qip/cache/rbsmileys/ah.gif
/data/data/ru.qip/cache/rbsmileys/ai.gif
/data/data/ru.qip/cache/rbsmileys/aj.gif
/data/data/ru.qip/cache/rbsmileys/ak.gif
/data/data/ru.qip/cache/rbsmileys/al.gif
/data/data/ru.qip/cache/rbsmileys/am.gif
/data/data/ru.qip/cache/rbsmileys/an.gif
/data/data/ru.qip/cache/rbsmileys/ao.gif
/data/data/ru.qip/cache/rbsmileys/ap.gif
/data/data/ru.qip/cache/rbsmileys/aq.gif
/data/data/ru.qip/cache/rbsmileys/ar.gif
/data/data/ru.qip/cache/rbsmileys
Accessed files
/data/data/ru.qip/files
/mnt/sdcard/Android/data/ru.qip/files/history
/data/data/ru.qip/cache/rbsmileys/aa.gif
/data/data/ru.qip/cache/rbsmileys
/data/data/ru.qip/cache/rbsmileys/ab.gif
/data/data/ru.qip/cache/rbsmileys/ac.gif
/data/data/ru.qip/cache/rbsmileys/ad.gif
/data/data/ru.qip/cache/rbsmileys/ae.gif
/data/data/ru.qip/cache/rbsmileys/af.gif
/data/data/ru.qip/cache/rbsmileys/ag.gif
/data/data/ru.qip/cache/rbsmileys/ah.gif
/data/data/ru.qip/cache/rbsmileys/ai.gif
/data/data/ru.qip/cache/rbsmileys/aj.gif
/data/data/ru.qip/cache/rbsmileys/ak.gif
/data/data/ru.qip/cache/rbsmileys/al.gif
/data/data/ru.qip/cache/rbsmileys/am.gif
/data/data/ru.qip/cache/rbsmileys/an.gif
/data/data/ru.qip/cache/rbsmileys/ao.gif
/data/data/ru.qip/cache/rbsmileys/ap.gif
/data/data/ru.qip/cache/rbsmileys/aq.gif
/data/data/ru.qip/cache/rbsmileys/ar.gif
Dynamically called methods
android.app.Service.startForeground 2 arguments.
u'0x7f0a0031'
u'Notification(contentView=ru.qip/0x1090098 vibrate=null,sound=null,defaults=0x0,flags=0x0)'
android.app.Service.stopForeground 1 argument.
u'true'
Accessed URIs
content://ru.qip.reborn.messages/messages