× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17
File name: 165493072f52fcc1bf009b2a2a5e08432f030add
Detection ratio: 30 / 54
Analysis date: 2016-01-19 07:49:56 UTC ( 2 years, 10 months ago )
Antivirus Result Update
AegisLab Gepew 20160119
AhnLab-V3 Android-Trojan/Bankun.6771 20160119
Antiy-AVL Trojan[Banker:HEUR]/Android.Gepew.2 20160119
Arcabit Android.Trojan.Gepew.A 20160119
Avast Android:SpyBanker-L [Trj] 20160119
AVG Android/Deng.QSA 20160119
Avira (no cloud) ANDROID/Spy.Gepew.A.Gen 20160119
Baidu-International Trojan.Win32.Agent.AaA 20160118
BitDefender Android.Trojan.Gepew.A 20160119
CAT-QuickHeal Android.Wroba.A 20160119
Cyren AndroidOS/FakeBanker.G.gen!Eldorado 20160119
DrWeb Android.BankBot.38.origin 20160119
Emsisoft Android.Trojan.Gepew.A (B) 20160119
ESET-NOD32 a variant of Android/Spy.Banker.S 20160119
F-Secure Trojan:Android/WroBa.S 20160119
Fortinet Android/Banker.BF!tr 20160119
GData Android.Trojan.Gepew.A 20160119
Ikarus Trojan-Spy.AndroidOS.MultiBanker 20160119
K7GW Spyware ( 004a9a5d1 ) 20160119
Kaspersky HEUR:Trojan-Banker.AndroidOS.Gepew.b 20160119
McAfee Artemis!5162D4596428 20160119
McAfee-GW-Edition Artemis!Trojan 20160119
eScan Android.Trojan.Gepew.A 20160119
NANO-Antivirus Trojan.Android.Agent.dqosgd 20160119
Qihoo-360 Trojan.Android.Gen 20160119
Rising APK:Trojan.Banker.o/Android!7.1699 [F] 20160119
Sophos AV Andr/FakeKRB-G 20160119
Tencent Android.Trojan.Deviceadmin.Auto 20160119
VIPRE Trojan.AndroidOS.Generic.A 20160119
Zoner Trojan.AndroidOS.Gepew.A 20160119
Yandex 20160118
ALYac 20160119
Bkav 20160118
ByteHero 20160119
ClamAV 20160118
CMC 20160111
Comodo 20160119
F-Prot 20160119
Jiangmin 20160119
K7AntiVirus 20160119
Kingsoft 20160119
Malwarebytes 20160119
Microsoft 20160119
nProtect 20160119
Panda 20160118
SUPERAntiSpyware 20160119
Symantec 20160118
TheHacker 20160119
TotalDefense 20160119
TrendMicro 20160119
TrendMicro-HouseCall 20160119
VBA32 20160117
ViRobot 20160119
Zillya 20160118
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.cn7ej3fd.dk49f74d. The internal version number of the application is 2. The displayed version string of the application is 1.1. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 14.
Required permissions
com.android.launcher.permission.UNINSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.READ_LOGS (read sensitive log data)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.SEND_SMS (send SMS messages)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.GET_TASKS (retrieve running applications)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_CONTACTS (read contact data)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.VIBRATE (control vibrator)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.MODIFY_PHONE_STATE (modify phone status)
android.permission.MODIFY_AUDIO_SETTINGS (change your audio settings)
android.permission.RESTART_PACKAGES (kill background processes)
Activities
com.cn7ej3fd.dk49f74d.MainActivity
com.cn7ej3fd.dk49f74d.WebViewActivity
Services
com.cn7ej3fd.dk49f74d.CoreService
Receivers
com.cn7ej3fd.dk49f74d.SMSReceiver
com.cn7ej3fd.dk49f74d.PhoneListener
com.cn7ej3fd.dk49f74d.BootBroadcastReceiver
com.cn7ej3fd.dk49f74d.LockReceiver
com.cn7ej3fd.dk49f74d.ConnectionChangeReceiver
Activity-related intent filters
com.cn7ej3fd.dk49f74d.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.cn7ej3fd.dk49f74d.PhoneListener
actions: android.intent.action.PHONE_STATE
categories: android.intent.category.DEFAULT
com.cn7ej3fd.dk49f74d.LockReceiver
actions: android.app.action.DEVICE_ADMIN_ENABLED
com.cn7ej3fd.dk49f74d.ConnectionChangeReceiver
actions: android.net.conn.CONNECTIVITY_CHANGE
com.cn7ej3fd.dk49f74d.SMSReceiver
actions: android.provider.Telephony.SMS_RECEIVED
categories: android.intent.category.DEFAULT
com.cn7ej3fd.dk49f74d.BootBroadcastReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED, cn.gx3.notify, android.intent.action.USER_PRESENT
categories: android.intent.category.HOME
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
21
Uncompressed size
164606
Highest datetime
2015-02-11 21:28:52
Lowest datetime
2015-02-11 21:28:50
Contained files by extension
png
10
xml
5
dex
1
MF
1
RSA
1
ini
1
SF
1
Contained files by type
PNG
10
unknown
5
XML
5
DEX
1
File identification
MD5 5162d4596428d9aca3c791ad108f25e7
SHA1 3e88774f5377a0b65f7b139306ad54459a711422
SHA256 87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17
ssdeep
3072:jcQ5bPIcQ5bPH+TOikk4HQ2Ur07acQ5bPUYX0cQ5bPXs:jB5bPIB5bPeaik7pU1B5bPU3B5bPXs

File size 113.7 KB ( 116473 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android

VirusTotal metadata
First submission 2015-02-22 14:29:21 UTC ( 3 years, 9 months ago )
Last submission 2015-02-24 23:21:42 UTC ( 3 years, 9 months ago )
File names 165493072f52fcc1bf009b2a2a5e08432f030add
sex19.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.cn7ej3fd.dk49f74d/.CoreService;end
Opened files
/mnt
/mnt/sdcard
/mnt/sdcard/LOST.DIR
/mnt/sdcard/.android_secure
/mnt/sdcard/Music
/mnt/sdcard/Podcasts
/mnt/sdcard/Ringtones
/mnt/sdcard/Alarms
/mnt/sdcard/Notifications
/mnt/sdcard/Pictures
/mnt/sdcard/Movies
/mnt/sdcard/Download
/mnt/sdcard/DCIM
/mnt/obb
/mnt/asec
/mnt/secure
/data/data/com.cn7ej3fd.dk49f74d/app_config
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.
Contacted URLs
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349802995867
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349802997878
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=1&number=15555215554&imsi=069098821551800&issms=1&iscall=0&capp=&sapp=&t=1349802998895
http://bb.fbb0oy.net/kbs.php?m=Api&a=Contact&status=1&imsi=069098821551800&number=15555215554&content=
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349802999887
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349803001897
http://bb.fbb0oy.net/kbs.php?m=Api&a=SMSReceiver&imsi=358362708182819&number=15555215554&from=20390&content=e+immense+stream+of+commerce+flowing+in+a+double+tide+inward+and+outward%2C+while+the+footpaths+were+black+with+the+hurrying+swarm+of+pedestrians.+It+was+di
http://bb.fbb0oy.net/kbs.php?m=Api&a=SMSReceiver&imsi=358362708182819&number=15555215554&from=20390&content=fficult+to+realise+as+we+looked+at+the+line+of+fine+shops+and+stately+business+premises+that+they+really+abutted+on+the+other+side+upon+the+faded+and+stag
http://bb.fbb0oy.net/kbs.php?m=Api&a=SMSReceiver&imsi=358362708182819&number=15555215554&from=20390&content=nant+square+which+we+had+just+quitted.
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803006218
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803008228
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803009300
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803010239
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803012248
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803014258
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803014374
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803016269
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803018278
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803019424
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803020288
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803022298
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803024310
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803024481