| SHA256: | 87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17 |
| File name: | 165493072f52fcc1bf009b2a2a5e08432f030add |
| Detection ratio: | 30 / 54 |
| Analysis date: | 2016-01-19 07:49:56 UTC ( 3 years, 1 month ago ) |
| Antivirus | Result | Update |
|---|---|---|
| AegisLab | Gepew | 20160119 |
| AhnLab-V3 | Android-Trojan/Bankun.6771 | 20160119 |
| Antiy-AVL | Trojan[Banker:HEUR]/Android.Gepew.2 | 20160119 |
| Arcabit | Android.Trojan.Gepew.A | 20160119 |
| Avast | Android:SpyBanker-L [Trj] | 20160119 |
| AVG | Android/Deng.QSA | 20160119 |
| Avira (no cloud) | ANDROID/Spy.Gepew.A.Gen | 20160119 |
| Baidu-International | Trojan.Win32.Agent.AaA | 20160118 |
| BitDefender | Android.Trojan.Gepew.A | 20160119 |
| CAT-QuickHeal | Android.Wroba.A | 20160119 |
| Cyren | AndroidOS/FakeBanker.G.gen!Eldorado | 20160119 |
| DrWeb | Android.BankBot.38.origin | 20160119 |
| Emsisoft | Android.Trojan.Gepew.A (B) | 20160119 |
| ESET-NOD32 | a variant of Android/Spy.Banker.S | 20160119 |
| F-Secure | Trojan:Android/WroBa.S | 20160119 |
| Fortinet | Android/Banker.BF!tr | 20160119 |
| GData | Android.Trojan.Gepew.A | 20160119 |
| Ikarus | Trojan-Spy.AndroidOS.MultiBanker | 20160119 |
| K7GW | Spyware ( 004a9a5d1 ) | 20160119 |
| Kaspersky | HEUR:Trojan-Banker.AndroidOS.Gepew.b | 20160119 |
| McAfee | Artemis!5162D4596428 | 20160119 |
| McAfee-GW-Edition | Artemis!Trojan | 20160119 |
| eScan | Android.Trojan.Gepew.A | 20160119 |
| NANO-Antivirus | Trojan.Android.Agent.dqosgd | 20160119 |
| Qihoo-360 | Trojan.Android.Gen | 20160119 |
| Rising | APK:Trojan.Banker.o/Android!7.1699 [F] | 20160119 |
| Sophos AV | Andr/FakeKRB-G | 20160119 |
| Tencent | Android.Trojan.Deviceadmin.Auto | 20160119 |
| VIPRE | Trojan.AndroidOS.Generic.A | 20160119 |
| Zoner | Trojan.AndroidOS.Gepew.A | 20160119 |
| Yandex | 20160118 | |
| ALYac | 20160119 | |
| Bkav | 20160118 | |
| ByteHero | 20160119 | |
| ClamAV | 20160118 | |
| CMC | 20160111 | |
| Comodo | 20160119 | |
| F-Prot | 20160119 | |
| Jiangmin | 20160119 | |
| K7AntiVirus | 20160119 | |
| Kingsoft | 20160119 | |
| Malwarebytes | 20160119 | |
| Microsoft | 20160119 | |
| nProtect | 20160119 | |
| Panda | 20160118 | |
| SUPERAntiSpyware | 20160119 | |
| Symantec | 20160118 | |
| TheHacker | 20160119 | |
| TotalDefense | 20160119 | |
| TrendMicro | 20160119 | |
| TrendMicro-HouseCall | 20160119 | |
| VBA32 | 20160117 | |
| ViRobot | 20160119 | |
| Zillya | 20160118 |
The file being studied is Android related!
APK Android file more specifically.
The application's main package name is
com.cn7ej3fd.dk49f74d.
The internal version number of the application is
2.
The displayed version string of the application is
1.1.
The minimum Android API level for the application to run (MinSDKVersion) is
8.
The target Android API level for the application to run (TargetSDKVersion) is
14.
Required permissions
com.android.launcher.permission.UNINSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.READ_LOGS (read sensitive log data)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.SEND_SMS (send SMS messages)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.GET_TASKS (retrieve running applications)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_CONTACTS (read contact data)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.VIBRATE (control vibrator)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.MODIFY_PHONE_STATE (modify phone status)
android.permission.MODIFY_AUDIO_SETTINGS (change your audio settings)
android.permission.RESTART_PACKAGES (kill background processes)
Activities
com.cn7ej3fd.dk49f74d.MainActivity
com.cn7ej3fd.dk49f74d.WebViewActivity
Services
com.cn7ej3fd.dk49f74d.CoreService
Receivers
com.cn7ej3fd.dk49f74d.SMSReceiver
com.cn7ej3fd.dk49f74d.PhoneListener
com.cn7ej3fd.dk49f74d.BootBroadcastReceiver
com.cn7ej3fd.dk49f74d.LockReceiver
com.cn7ej3fd.dk49f74d.ConnectionChangeReceiver
Activity-related intent filters
com.cn7ej3fd.dk49f74d.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.cn7ej3fd.dk49f74d.PhoneListener
actions: android.intent.action.PHONE_STATE
categories: android.intent.category.DEFAULT
actions: android.intent.action.PHONE_STATE
categories: android.intent.category.DEFAULT
com.cn7ej3fd.dk49f74d.LockReceiver
actions: android.app.action.DEVICE_ADMIN_ENABLED
actions: android.app.action.DEVICE_ADMIN_ENABLED
com.cn7ej3fd.dk49f74d.ConnectionChangeReceiver
actions: android.net.conn.CONNECTIVITY_CHANGE
actions: android.net.conn.CONNECTIVITY_CHANGE
com.cn7ej3fd.dk49f74d.SMSReceiver
actions: android.provider.Telephony.SMS_RECEIVED
categories: android.intent.category.DEFAULT
actions: android.provider.Telephony.SMS_RECEIVED
categories: android.intent.category.DEFAULT
com.cn7ej3fd.dk49f74d.BootBroadcastReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED, cn.gx3.notify, android.intent.action.USER_PRESENT
categories: android.intent.category.HOME
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED, cn.gx3.notify, android.intent.action.USER_PRESENT
categories: android.intent.category.HOME
Application certificate information
Interesting strings
The file being studied is a compressed stream!
Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
21
Uncompressed size
164606
Highest datetime
2015-02-11 21:28:52
Lowest datetime
2015-02-11 21:28:50
Contained files by extension
png
10
xml
5
dex
1
MF
1
RSA
1
ini
1
SF
1
Contained files by type
PNG
10
unknown
5
XML
5
DEX
1
File identification
MD5 5162d4596428d9aca3c791ad108f25e7
SHA1 3e88774f5377a0b65f7b139306ad54459a711422
SHA256 87c9d15e7bb4ca798947adecee7ec162206e5975680375c4f4d5f044926a5e17
ssdeep
3072:jcQ5bPIcQ5bPH+TOikk4HQ2Ur07acQ5bPUYX0cQ5bPXs:jB5bPIB5bPeaik7pU1B5bPU3B5bPXs
File size
113.7 KB ( 116473 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract
| TrID |
Android Package (92.9%) ZIP compressed archive (7.0%) |
Tags
apk
android
VirusTotal metadata
First submission
2015-02-22 14:29:21 UTC ( 3 years, 12 months ago )
Last submission
2015-02-24 23:21:42 UTC ( 3 years, 11 months ago )
| File names |
165493072f52fcc1bf009b2a2a5e08432f030add sex19.apk |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.cn7ej3fd.dk49f74d/.CoreService;end
Opened files
/mnt
/mnt/sdcard
/mnt/sdcard/LOST.DIR
/mnt/sdcard/.android_secure
/mnt/sdcard/Music
/mnt/sdcard/Podcasts
/mnt/sdcard/Ringtones
/mnt/sdcard/Alarms
/mnt/sdcard/Notifications
/mnt/sdcard/Pictures
/mnt/sdcard/Movies
/mnt/sdcard/Download
/mnt/sdcard/DCIM
/mnt/obb
/mnt/asec
/mnt/secure
/data/data/com.cn7ej3fd.dk49f74d/app_config
Interesting calls
Calls APIs that provide access to information about the
telephony services on the device. Applications can use such methods to
determine telephony services and states, as well as to access some types of
subscriber information.
Calls APIs that manage SMS operations such as sending data,
text, and pdu SMS messages.
Contacted URLs
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349802995867
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349802997878
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=1&number=15555215554&imsi=069098821551800&issms=1&iscall=0&capp=&sapp=&t=1349802998895
http://bb.fbb0oy.net/kbs.php?m=Api&a=Contact&status=1&imsi=069098821551800&number=15555215554&content=
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349802999887
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=069098821551800&t=1349803001897
http://bb.fbb0oy.net/kbs.php?m=Api&a=SMSReceiver&imsi=358362708182819&number=15555215554&from=20390&content=e+immense+stream+of+commerce+flowing+in+a+double+tide+inward+and+outward%2C+while+the+footpaths+were+black+with+the+hurrying+swarm+of+pedestrians.+It+was+di
http://bb.fbb0oy.net/kbs.php?m=Api&a=SMSReceiver&imsi=358362708182819&number=15555215554&from=20390&content=fficult+to+realise+as+we+looked+at+the+line+of+fine+shops+and+stately+business+premises+that+they+really+abutted+on+the+other+side+upon+the+faded+and+stag
http://bb.fbb0oy.net/kbs.php?m=Api&a=SMSReceiver&imsi=358362708182819&number=15555215554&from=20390&content=nant+square+which+we+had+just+quitted.
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803006218
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803008228
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803009300
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803010239
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803012248
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803014258
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803014374
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803016269
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803018278
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803019424
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803020288
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803022298
http://bb.fbb0oy.net/kbs.php?m=Api&a=Commend&number=15555215554&imsi=358362708182819&t=1349803024310
http://bb.fbb0oy.net/kbs.php?m=Api&a=Heartbeat&nettype=wap&mob=Nexus+S&version=15&newclient=0&number=15555215554&imsi=358362708182819&issms=1&iscall=0&capp=&sapp=&t=1349803024481