× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 71b4b06954e7d87b41e5231edeadf884c49bde3cb1a395ac830d1f569c93a448
Detection ratio: 31 / 57
Analysis date: 2015-09-09 08:23:03 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Ad-Aware Android.Hacktool.Faceniff.A 20150909
AegisLab Sandr 20150909
AhnLab-V3 Android-Trojan/Sandrorat.c542 20150908
Alibaba A.W.Rog.EvilCert.A24 20150902
Antiy-AVL Trojan[Spy:HEUR]/Android.Sandr.1 20150909
Arcabit Android.Hacktool.Faceniff.A 20150909
Avast Android:Kasandra-E [Trj] 20150909
AVG Android/Deng.DE 20150909
Avira (no cloud) ANDROID/Spy.Kasandra.A.Gen 20150909
AVware Trojan.AndroidOS.Generic.A 20150901
Baidu-International Trojan.AndroidOS.Sandr.a 20150909
BitDefender Android.Hacktool.Faceniff.A 20150909
CAT-QuickHeal Android.Sandr.A 20150908
Comodo UnclassifiedMalware 20150909
Cyren AndroidOS/FaceNiff.A 20150909
DrWeb Android.Spy.178.origin 20150909
ESET-NOD32 a variant of Android/Spy.Kasandra.C 20150909
F-Prot AndroidOS/FaceNiff.A 20150908
F-Secure Android.Hacktool.Faceniff 20150909
Fortinet Android/Sandr.C!tr 20150909
GData Android.Hacktool.Faceniff.A 20150909
Ikarus HackTool.AndroidOS.FaceNiff 20150909
K7GW Spyware ( 004c0dc11 ) 20150909
Kaspersky HEUR:Trojan-Spy.AndroidOS.Sandr.a 20150909
McAfee Artemis!8B86440F6CAB 20150909
McAfee-GW-Edition Artemis 20150908
eScan Android.Hacktool.Faceniff.A 20150909
NANO-Antivirus Trojan.Android.Zerat.dekxmy 20150908
Qihoo-360 Win32/Trojan.2eb 20150909
Sophos AV Andr/SandRat-C 20150909
VIPRE Trojan.AndroidOS.Generic.A 20150908
Yandex 20150908
ALYac 20150909
Bkav 20150908
ByteHero 20150909
ClamAV 20150909
CMC 20150908
Emsisoft 20150909
Jiangmin 20150907
K7AntiVirus 20150909
Kingsoft 20150909
Malwarebytes 20150909
Microsoft 20150909
nProtect 20150909
Panda 20150909
Rising 20150908
SUPERAntiSpyware 20150909
Symantec 20150908
Tencent 20150909
TheHacker 20150907
TotalDefense 20150909
TrendMicro 20150909
TrendMicro-HouseCall 20150909
VBA32 20150907
ViRobot 20150909
Zillya 20150909
Zoner 20150909
The file being studied is Android related! APK Android file more specifically. The application's main package name is net.ponury.faceniff. The internal version number of the application is 204. The displayed version string of the application is 2.4. The minimum Android API level for the application to run (MinSDKVersion) is 7.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file loads a shared library
The studied DEX file makes use of cryptographic functions
The APK package studied contains shared ELF libraries
The APK package studied contains ELF executable files
Permissions that allow the application to manipulate SMS
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.CAMERA (take pictures and videos)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_CALL_LOG (write (but not read) the user's contacts data.)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECORD_AUDIO (record audio)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.BROADCAST_STICKY (send sticky broadcast)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.VIBRATE (control vibrator)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_CONTACTS (read contact data)
Permission-related API calls
FACTORY_TEST
GET_TASKS
ACCESS_NETWORK_STATE
RECORD_AUDIO
READ_LOGS
SEND_SMS
VIBRATE
ACCESS_WIFI_STATE
CAMERA
INTERNET
READ_CONTACTS
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
WRITE_HISTORY_BOOKMARKS
ACCESS_FINE_LOCATION
WAKE_LOCK
Ad-related libraries
admob (admob-6.0.1) with a 85.2 probability
Main Activity
net.ponury.faceniff.faceniff
Activities
net.ponury.faceniff.faceniff
net.ponury.faceniff.FNPreferences
com.google.ads.AdActivity
net.droidjack.server.CamSnapDJ
net.droidjack.server.VideoCapDJ
Services
net.ponury.faceniff.FNService
net.droidjack.server.Controller
net.droidjack.server.GPSLocation
net.droidjack.server.Toaster
Receivers
net.droidjack.server.Connector
net.droidjack.server.CallListener
Service-related intent filters
net.ponury.faceniff.FNService
actions: net.ponury.faceniff
Activity-related intent filters
net.droidjack.server.VideoCapDJ
actions: android.intent.action.VIDEOCAPDJ
categories: android.intent.category.DEFAULT
net.ponury.faceniff.faceniff
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
net.droidjack.server.CamSnapDJ
actions: android.intent.action.CAMSNAPDJ
categories: android.intent.category.DEFAULT
Receiver-related intent filters
net.droidjack.server.Connector
actions: android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.BOOT_COMPLETED
net.droidjack.server.CallListener
actions: android.intent.action.PHONE_STATE
Application certificate information
Application bundle files
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
52
Uncompressed size
3169497
Highest datetime
2015-08-30 03:50:16
Lowest datetime
2015-08-30 03:50:14
Contained files by extension
png
27
xml
15
so
2
dex
1
MF
1
RSA
1
jpg
1
SF
1
Contained files by type
PNG
27
XML
15
unknown
5
ELF
3
DEX
1
JPG
1
File identification
MD5 8b86440f6cab2ddfb606d692e2f686a0
SHA1 be8f156b0224fe45b5c5ed44231bc231eb30b262
SHA256 71b4b06954e7d87b41e5231edeadf884c49bde3cb1a395ac830d1f569c93a448
ssdeep
12288:tZzGcwL++C2+U5OiabS+IOGRlrwCLtf79WKOqTAdgrDYw/RgfSLhmIBieCsnT15:tZzGcy+w+D6XjW20SYw/RQOT

File size 787.1 KB ( 806000 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android contains-elf

VirusTotal metadata
First submission 2015-08-30 11:24:25 UTC ( 3 years, 3 months ago )
Last submission 2015-08-30 11:24:25 UTC ( 3 years, 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!