× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72a522d0d3dcd0dc026b02ab9535e87a9f5664bc5587fd33bb4a48094bce0537
File name: N142.apk
Detection ratio: 33 / 51
Analysis date: 2014-04-02 03:10:02 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
AVG Android_dc.OWU 20140401
Ad-Aware Android.Monitor.FinSpy.B 20140402
AegisLab FinFisher 20140402
AntiVir Android/FinFisherA.A.1 20140402
Avast Android:FinFisher-A [Trj] 20140402
Baidu-International HackTool.AndroidOS.Monitor.ak 20140401
BitDefender Android.Monitor.FinSpy.B 20140402
Bkav MW.Clod8bf.Trojan.f0b4 20140401
Commtouch AndroidOS/GenBl.08CFFA8F!Olympus 20140402
Comodo UnclassifiedMalware 20140402
DrWeb Android.Finspy.origin 20140402
ESET-NOD32 Android/RiskWare.FinSpy.A 20140401
Emsisoft Android.Monitor.FinSpy.B (B) 20140402
F-Prot AndroidOS/FinSpy.A 20140402
F-Secure Android.Monitor.FinSpy.B 20140402
Fortinet Android/FinSpy.A!tr.spy 20140401
GData Android.Monitor.FinSpy.B 20140402
Ikarus Trojan.AndroidOS.FinFisher 20140402
K7AntiVirus Trojan ( 0001140e1 ) 20140401
K7GW Trojan ( 0001140e1 ) 20140401
Kaspersky not-a-virus:HEUR:Monitor.AndroidOS.FinSpy.a 20140402
Kingsoft Android.Troj.FinFisher.a.(kcloud) 20140402
McAfee Artemis!08CFFA8F55BE 20140402
McAfee-GW-Edition Artemis!08CFFA8F55BE 20140401
MicroWorld-eScan Android.Monitor.FinSpy.B 20140402
NANO-Antivirus Trojan.Dex.Finspy.bdoxek 20140402
Norman FinSpy.C 20140401
Qihoo-360 Trojan.Generic 20140402
Sophos Andr/FinSpy-A 20140402
Symantec Android.Finfish 20140402
TrendMicro AndroidOS_FINSPY.A 20140402
TrendMicro-HouseCall AndroidOS_FINSPY.A 20140402
VIPRE Trojan.AndroidOS.FinSpy.c 20140402
Agnitum 20140401
AhnLab-V3 20140401
Antiy-AVL 20140401
ByteHero 20140402
CAT-QuickHeal 20140401
CMC 20140331
ClamAV 20140402
Jiangmin 20140401
Malwarebytes 20140402
Microsoft 20140402
Panda 20140401
Rising 20140401
SUPERAntiSpyware 20140402
TheHacker 20140401
TotalDefense 20140401
VBA32 20140401
ViRobot 20140401
nProtect 20140401
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.android.services. The internal version number of the application is 351. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 7.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file makes use of cryptographic functions
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.MODIFY_PHONE_STATE (modify phone status)
android.permission.RECEIVE_WAP_PUSH (receive WAP)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.PROCESS_OUTGOING_CALLS (intercept outgoing calls)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.BLUETOOTH (create Bluetooth connections)
android.permission.INTERNET (full Internet access)
android.permission.RECEIVE_MMS (receive MMS)
android.permission.READ_CONTACTS (read contact data)
android.permission.READ_SMS (read SMS or MMS)
Permission-related API calls
ACCESS_NETWORK_STATE
WAKE_LOCK
SEND_SMS
ACCESS_WIFI_STATE
ACCESS_COARSE_LOCATION
INTERNET
READ_CONTACTS
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
ACCESS_FINE_LOCATION
Activities
com.android.services.HiddenActivity
Services
com.android.services.Services
com.android.services.EventBasedService
com.android.services.sms.SmsHandlerIntentServices
com.android.time.based.RemovalAtServices
com.android.tracking.TrackingService
Receivers
com.android.services.sms.SMSReceiver
com.android.services.ReceiverStartApp
com.android.services.ReceiverStartBoot
com.android.events.based.ReceiverLowBattery
com.android.events.based.ReceiverLowSpace
com.android.events.based.ReceiverFlightMode
com.android.events.based.ReceiverCalls
com.android.events.based.ReceiverWifi
com.android.events.based.ReceiverLocationChanged
com.android.tracking.TReceiverLocationChanged
com.android.events.based.DataLinkReceiver
com.android.events.based.NetworkChangedReceiver
com.android.services.ReceiverPackageReplaced
Receiver-related intent filters
com.android.services.ReceiverStartApp
actions: android.net.conn.CONNECTIVITY_CHANGE, android.net.wifi.STATE_CHANGE, android.bluetooth.adapter.action.STATE_CHANGED, android.intent.action.PHONE_STATE, android.intent.action.NEW_OUTGOING_CALL, android.provider.Telephony.SMS_RECEIVED
com.android.events.based.ReceiverLowBattery
actions: android.intent.action.BATTERY_LOW, android.intent.action.BATTERY_OKAY
com.android.events.based.ReceiverWifi
actions: android.net.wifi.STATE_CHANGE
com.android.events.based.NetworkChangedReceiver
actions: android.net.conn.CONNECTIVITY_CHANGE
com.android.events.based.ReceiverFlightMode
actions: android.intent.action.AIRPLANE_MODE
com.android.events.based.ReceiverLowSpace
actions: android.intent.action.DEVICE_STORAGE_LOW, android.intent.action.DEVICE_STORAGE_OK
com.android.services.ReceiverPackageReplaced
actions: android.intent.action.PACKAGE_REPLACED
com.android.events.based.DataLinkReceiver
actions: android.net.conn.CONNECTIVITY_CHANGE
com.android.services.ReceiverStartBoot
actions: android.intent.action.BOOT_COMPLETED
com.android.events.based.ReceiverCalls
actions: android.intent.action.PHONE_STATE, android.intent.action.NEW_OUTGOING_CALL
com.android.services.sms.SMSReceiver
actions: android.provider.Telephony.SMS_RECEIVED
Code-related observations
The application does not load any code dynamically
The application contains reflection code
The application does not contain native code
The application contains cryptographic code
Application certificate information
Application bundle files
File identification
MD5 08cffa8f55be4bbed2704395876b618f
SHA1 80596efa05837f6de70bdfd153af96cec098f93a
SHA256 72a522d0d3dcd0dc026b02ab9535e87a9f5664bc5587fd33bb4a48094bce0537
ssdeep
3072:/v2+MMiyjBhcEzeeXqXAm/C6bLoHSvMcDGW88Lr7niUNXH+aAMN8+HXNsWeCY86D:/vxRZjIEv6RbLoyvMZj

File size 139.5 KB ( 142822 bytes )
File type Android
Magic literal
Zip archive data, at least v1.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
apk android zip

VirusTotal metadata
First submission 2012-09-05 10:29:07 UTC ( 1 year, 7 months ago )
Last submission 2014-04-02 03:10:02 UTC ( 2 weeks, 2 days ago )
File names 80596efa05837f6de70bdfd153af96cec098f93a
72a522d0d3dcd0dc026b02ab9535e87a9f5664bc5587fd33bb4a48094bce0537
18_67075_157985FF7FCF1CA30F5B026D1B897F1F.apk
08CFFA8F55BE4BBED2704395876B618F.txt
08CFFA8F55BE4BBED2704395876B618F
08CFFA8F55BE4BBED2704395876B618F.VIR
08CFFA8F55BE4BBED2704395876B618vq F
N142.apk
08cffa8f55be4bbed2704395876b618f.zip
08CFFA8F55BE4BBED2704395876B618F.apk
test.txt
Recent50-a.apk
08CFFA8F55BE4BBED2704395876B618F
vti-rescan
Andriod.apk
08cffa8f55be4bbed2704395876b618f.virus
Recent50-a.apk
72A522D0D3DCD0DC026B02AB9535E87A9F5664BC5587FD33BB4A48094BCE0537.APK.log
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileAccessDate
2014:04:02 04:09:51+01:00

ZipFileName
assets/Configurations/dumms0.dat

ZipBitFlag
0

FileCreateDate
2014:04:02 04:09:51+01:00

ZipModifyDate
2011:12:14 10:01:14

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.android.services/.Services;S.CheckSim=boot;end
Opened files
/data/data/com.android.services/files
Accessed files
/data/data/com.android.services/files
/data/data/com.android.services/files/rFile
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.