× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80e402bcc0b6cf5a1c54a252b9825cf1ed3230124b65d134c4d7f7828d310e0f
File name: output.8543649.txt
Detection ratio: 24 / 46
Analysis date: 2013-04-08 17:56:17 UTC ( 1 year ago )
Antivirus Result Update
AVG Android_dc.NYX 20130408
AntiVir Android/SmsAgent.A 20130408
Antiy-AVL Trojan/AndroidOS.FakeInst 20130408
Avast Android:FakeInst-BH [Trj] 20130408
BitDefender Android.Trojan.SmsSpy.E 20130408
CAT-QuickHeal Android.Fakeinst.BH8ed 20130408
Commtouch AndroidOS/SmsSpy.A 20130408
Comodo UnclassifiedMalware 20130408
DrWeb Android.SmsSend.385.origin 20130408
ESET-NOD32 Android/TrojanSMS.Agent.BO 20130408
Emsisoft Android.Trojan.SmsSpy.E (B) 20130408
F-Prot AndroidOS/SmsSpy.A 20130408
F-Secure Trojan:Android/Fakeinst.T 20130408
Fortinet Android/FkToken.A 20130408
GData Android.Trojan.SmsSpy.E 20130408
Ikarus Virus.Android_dc 20130408
Kaspersky HEUR:Trojan-SMS.AndroidOS.FakeInst.eg 20130408
Kingsoft Android.Troj.Jifake.a.(kcloud) 20130408
NANO-Antivirus Trojan.FakeInst.xhkrn 20130408
PCTools Trojan.Gen 20130408
Sophos Andr/FkToken-A 20130408
Symantec Trojan.Gen.2 20130408
TrendMicro-HouseCall TROJ_GEN.RCBH1IO 20130408
VIPRE Trojan.AndroidOS.Generic.A 20130408
Agnitum 20130408
AhnLab-V3 20130408
ByteHero 20130322
ClamAV 20130408
Jiangmin 20130408
K7AntiVirus 20130408
Malwarebytes 20130408
McAfee 20130408
McAfee-GW-Edition 20130408
MicroWorld-eScan 20130408
Microsoft 20130408
Norman 20130408
Panda 20130408
Rising 20130408
SUPERAntiSpyware 20130408
TheHacker 20130408
TotalDefense 20130408
TrendMicro 20130408
VBA32 20130408
ViRobot 20130408
eSafe 20130407
nProtect 20130408
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.load.wap. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 4.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.INSTALL_PACKAGES (directly install applications)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
Permission-related API calls
ACCESS_NETWORK_STATE
SEND_SMS
READ_PHONE_STATE
VIBRATE
INTERNET
Main Activity
com.load.wap.MainActivity
Activities
com.load.wap.MainActivity
Services
com.load.wap.MainService
Receivers
com.load.wap.AlarmReceiver
com.load.wap.AutorunReceiver
com.load.wap.SmsReciver
Activity-related intent filters
com.load.wap.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.load.wap.AutorunReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, android.intent.action.PHONE_STATE
com.load.wap.SmsReciver
actions: android.provider.Telephony.SMS_RECEIVED
Code-related observations
The application does not load any code dynamically
The application contains reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
File identification
MD5 ead1a96f2a240987027e7935d3dfaef6
SHA1 d5843181714d7109672f15cce8068270e8a619c9
SHA256 80e402bcc0b6cf5a1c54a252b9825cf1ed3230124b65d134c4d7f7828d310e0f
ssdeep
768:am4mdOXsx+IGYG16w5hQCh/4I1Rlnpv4kbfhQE0b6Wc4GWR4uLBiMPeWn:am43Xm+IGYQt5hQ24wlpvhbP0beStdVj

File size 45.3 KB ( 46404 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
apk android sends-sms

VirusTotal metadata
First submission 2013-04-03 12:50:29 UTC ( 1 year ago )
Last submission 2013-04-08 17:56:17 UTC ( 1 year ago )
File names output.8543649.txt
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x718978cc

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
928

ZipCompressedSize
480

ZipFileName
META-INF/MANIFEST.MF

ZipBitFlag
0x0008

ZipModifyDate
2013:04:01 03:39:29

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.load.wap/.MainService;S.key=alarm;i.android.intent.extra.ALARM_COUNT=1;end
Opened files
/data/data/com.load.wap/files/settings
/res/raw/start.xml
/res/raw/main.xml
/res/raw/license.xml
/res/raw/sms.xml
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.
SMS sent
Destination number: 82300
neo6 DEF4538 2013-04-01 03:39:58 JN
Contacted URLs
http://mob-in-portal.mobi/indexb.php