× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80e402bcc0b6cf5a1c54a252b9825cf1ed3230124b65d134c4d7f7828d310e0f
File name: ead1a96f2a240987027e7935d3dfaef6_1.apk
Detection ratio: 33 / 56
Analysis date: 2015-02-04 13:18:16 UTC ( 2 months, 4 weeks ago )
Antivirus Result Update
AVG Developer 20150204
AVware Trojan.AndroidOS.Generic.A 20150204
Ad-Aware Android.Trojan.SmsSpy.E 20150204
AegisLab FakeInst 20150204
AhnLab-V3 Android-Malicious/FakeInst 20150204
Alibaba A.W.Rog.EvilCert.A0 20150203
Avast Android:SMSAgent-AEV [Trj] 20150204
Avira Android/TrojanSMS.Agent.ANZ.Gen 20150204
Baidu-International Trojan.AndroidOS.FakeInst.ASV 20150204
BitDefender Android.Trojan.SmsSpy.E 20150204
CAT-QuickHeal Android.SendSms.B 20150204
Comodo UnclassifiedMalware 20150204
Cyren AndroidOS/SmsSpy.A 20150204
DrWeb Android.SmsSend.385.origin 20150204
ESET-NOD32 Android/TrojanSMS.Agent.BO 20150204
Emsisoft Android.Trojan.SmsSpy.E (B) 20150204
F-Prot AndroidOS/SmsSpy.A 20150204
F-Secure Trojan:Android/JiFake.gen!65232C 20150204
Fortinet Android/FakeInst.B!tr 20150204
GData Android.Trojan.SmsSpy.E 20150204
Ikarus Trojan.AndroidOS.FakeToken 20150204
K7GW Trojan ( 0048d8471 ) 20150204
Kaspersky HEUR:Trojan-SMS.AndroidOS.FakeInst.eg 20150204
Kingsoft Android.Troj.Jifake.a.(kcloud) 20150204
McAfee Artemis!EAD1A96F2A24 20150204
MicroWorld-eScan Android.Trojan.SmsSpy.E 20150204
NANO-Antivirus Trojan.Android.Agent.cujubj 20150204
Qihoo-360 Win32/Trojan.SMS.f7d 20150204
Rising DEX:Privacy.Agent!1.9DA0 20150203
Sophos Andr/FakeIns-B 20150204
Symantec Trojan.Gen.2 20150204
VIPRE Trojan.AndroidOS.Generic.A 20150204
Zoner Trojan.AndroidOS.FakeInst.A 20150202
ALYac 20150204
Agnitum 20150202
Antiy-AVL 20150204
Bkav 20150203
ByteHero 20150204
CMC 20150202
ClamAV 20150204
K7AntiVirus 20150204
Malwarebytes 20150204
McAfee-GW-Edition 20150204
Microsoft 20150204
Norman 20150204
Panda 20150204
SUPERAntiSpyware 20150204
Tencent 20150204
TheHacker 20150203
TotalDefense 20150204
TrendMicro 20150204
TrendMicro-HouseCall 20150204
VBA32 20150204
ViRobot 20150204
Zillya 20150204
nProtect 20150204
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.load.wap. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 4.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.INSTALL_PACKAGES (directly install applications)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
Permission-related API calls
ACCESS_NETWORK_STATE
SEND_SMS
READ_PHONE_STATE
VIBRATE
INTERNET
Main Activity
com.load.wap.MainActivity
Activities
com.load.wap.MainActivity
Services
com.load.wap.MainService
Receivers
com.load.wap.AlarmReceiver
com.load.wap.AutorunReceiver
com.load.wap.SmsReciver
Activity-related intent filters
com.load.wap.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.load.wap.AutorunReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, android.intent.action.PHONE_STATE
com.load.wap.SmsReciver
actions: android.provider.Telephony.SMS_RECEIVED
Code-related observations
The application does not load any code dynamically
The application contains reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
File identification
MD5 ead1a96f2a240987027e7935d3dfaef6
SHA1 d5843181714d7109672f15cce8068270e8a619c9
SHA256 80e402bcc0b6cf5a1c54a252b9825cf1ed3230124b65d134c4d7f7828d310e0f
ssdeep
768:am4mdOXsx+IGYG16w5hQCh/4I1Rlnpv4kbfhQE0b6Wc4GWR4uLBiMPeWn:am43Xm+IGYQt5hQ24wlpvhbP0beStdVj

File size 45.3 KB ( 46404 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
apk android sends-sms

VirusTotal metadata
First submission 2013-04-03 12:50:29 UTC ( 2 years, 1 month ago )
Last submission 2015-02-04 13:18:16 UTC ( 2 months, 4 weeks ago )
File names ead1a96f2a240987027e7935d3dfaef6_1.apk
output.8543649.txt
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x718978cc

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
928

ZipCompressedSize
480

FileAccessDate
2015:02:04 14:18:20+01:00

ZipFileName
META-INF/MANIFEST.MF

ZipBitFlag
0x0008

FileCreateDate
2015:02:04 14:18:20+01:00

ZipModifyDate
2013:04:01 03:39:29

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.load.wap/.MainService;S.key=alarm;i.android.intent.extra.ALARM_COUNT=1;end
Opened files
/data/data/com.load.wap/files/settings
/res/raw/start.xml
/res/raw/main.xml
/res/raw/license.xml
/res/raw/sms.xml
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.
SMS sent
Destination number: 82300
neo6 DEF4538 2013-04-01 03:39:58 JN
Contacted URLs
http://mob-in-portal.mobi/indexb.php