× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f073e57b619c9f66a497ca8a1516ad7ad21159692da16cf6ee60cb788c0fb5c
File name: VirusShare_04b68692596e29e4cd6de463363d74f9
Detection ratio: 37 / 62
Analysis date: 2017-07-22 12:32:22 UTC ( 1 minute ago )
Antivirus Result Update
AegisLab Troj.Banker.AndroidOS.Wroba.t!c 20170722
AhnLab-V3 Android-Trojan/Bankun.c553 20170722
Alibaba A.H.Pri.Bankun.H 20170721
Antiy-AVL Trojan/Android.TSGeneric 20170722
Arcabit Android.Trojan.FakeBank.AL 20170722
Avast Android:Agent-IQQ [Trj] 20170722
AVG Android:Agent-IQQ [Trj] 20170722
Avira (no cloud) ANDROID/FakeBank.A.2 20170722
AVware Trojan.AndroidOS.Generic.A 20170721
Baidu Android.Trojan.Banker.dr 20170721
BitDefender Android.Trojan.FakeBank.AL 20170722
CAT-QuickHeal Android.Wroba.A 20170722
Comodo UnclassifiedMalware 20170722
Cyren AndroidOS/GenBl.A26CE7A6!Olympus 20170722
DrWeb Android.Banker.61.origin 20170722
Emsisoft Android.Trojan.FakeBank.AL (B) 20170722
ESET-NOD32 a variant of Android/Spy.Banker.AC 20170722
F-Secure Trojan:Android/FakeBank.AD 20170722
Fortinet Android/Banker.BF!tr 20170722
GData Android.Trojan.FakeBank.AL 20170722
Ikarus Trojan-Spy.AndroidOS.FakeBanker 20170722
K7GW Trojan ( 0001140e1 ) 20170722
Kaspersky HEUR:Trojan-Banker.AndroidOS.Wroba.t 20170722
MAX malware (ai score=83) 20170722
McAfee Artemis!04B68692596E 20170722
eScan Android.Trojan.FakeBank.AL 20170722
NANO-Antivirus Trojan.Android.Banker.dgrxun 20170722
Qihoo-360 Trojan.Android.Gen 20170722
Rising Spyware.Banker/Android!8.45C (cloud:HrEsPwOkXoL) 20170722
Sophos AV Andr/Xgen-Y 20170722
Symantec Android.Fakebank.B 20170721
Symantec Mobile Insight Trojan:Fakebank 20170720
Tencent a.payment.lnsideman.[????] 20170722
Trustlook Android.Trojan.Maskapp 20170722
WhiteArmor Malware.HighConfidence 20170721
ZoneAlarm by Check Point HEUR:Trojan-Banker.AndroidOS.Wroba.t 20170722
Zoner Trojan.AndroidOS.Banker.A 20170722
Ad-Aware 20170722
ALYac 20170722
Bkav 20170722
ClamAV 20170722
CMC 20170721
CrowdStrike Falcon (ML) 20170710
Cylance 20170722
Endgame 20170721
F-Prot 20170722
Sophos ML 20170607
Jiangmin 20170722
K7AntiVirus 20170722
Kingsoft 20170722
Malwarebytes 20170722
McAfee-GW-Edition 20170722
Microsoft 20170722
nProtect 20170722
Palo Alto Networks (Known Signatures) 20170722
Panda 20170722
SentinelOne (Static ML) 20170718
SUPERAntiSpyware 20170722
TheHacker 20170719
TotalDefense 20170722
TrendMicro 20170722
TrendMicro-HouseCall 20170722
VBA32 20170721
VIPRE 20170722
ViRobot 20170722
Webroot 20170722
Yandex 20170721
Zillya 20170721
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.a. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 8.
Required permissions
android.permission.INTERNET (full Internet access)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.SEND_SMS (send SMS messages)
android.permission.UPDATE_APP_OPS_STATS (Unknown permission from android reference)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_CALL_LOG (write (but not read) the user's contacts data.)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.WRITE_SETTINGS (modify global system settings)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.VIBRATE (control vibrator)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_CONTACTS (read contact data)
Activities
com.qwe.MainActivity
com.qwe.Middle
com.qwe.Accou
com.qwe.SB_L
com.qwe.SB_C_PS
com.qwe.SecurityC
com.qwe.FinalA
Services
com.qwe.service.AutBankInt
com.qwe.service.SMSSEND
com.qwe.service.InterCall
com.qwe.service.InsHo
com.qwe.service.HeartBeats
Receivers
com.a.MyAdminReceiver
com.a.BootRec
com.a.A
Service-related intent filters
com.qwe.service.AutBankInt
actions: android.intent.action.BOOT_COMPLETED
com.qwe.service.InsHo
actions: android.intent.action.BOOT_COMPLETED
com.qwe.service.HeartBeats
actions: android.intent.action.BOOT_COMPLETED
com.qwe.service.InterCall
actions: android.intent.action.BOOT_COMPLETED
com.qwe.service.SMSSEND
actions: android.intent.action.BOOT_COMPLETED
Activity-related intent filters
com.qwe.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
com.qwe.Middle
actions: android.intent.action.MAIN
Receiver-related intent filters
com.a.A
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.PHONE_STATE, android.intent.action.NEW_OUTGOING_CALL, android.intent.action.ACTION_POWER_CONNECTED, android.intent.action.ACTION_POWER_DISCONNECTED, android.intent.action.TIMEZONE_CHANGED, android.intent.action.TIME_SET, android.intent.action.TIME_TICK, android.intent.action.UID_REMOVED, android.intent.action.UMS_CONNECTED, android.intent.action.UMS_DISCONNECTED, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_CHANGED, android.intent.action.PACKAGE_DATA_CLEARED, android.intent.action.PACKAGE_FIRST_LAUNCH, android.intent.action.PACKAGE_FULLY_REMOVED, android.intent.action.PACKAGE_INSTALL, android.intent.action.PACKAGE_NEEDS_VERIFICATION, android.intent.action.PACKAGE_REPLACED, android.intent.action.PACKAGE_REMOVED, android.intent.action.PACKAGE_RESTARTED, android.intent.action.MY_PACKAGE_REPLACED, android.intent.action.MEDIA_UNMOUNTED, android.intent.action.MEDIA_UNMOUNTABLE, android.intent.action.MANAGE_PACKAGE_STORAGE, android.intent.action.MEDIA_BAD_REMOVAL, android.intent.action.MEDIA_BUTTON, android.intent.action.MEDIA_CHECKING, android.intent.action.MEDIA_EJECT, android.intent.action.MEDIA_MOUNTED, android.intent.action.MEDIA_NOFS, android.intent.action.MEDIA_REMOVED, android.intent.action.MEDIA_SCANNER_FINISHED, android.intent.action.MEDIA_SCANNER_SCAN_FILE, android.intent.action.MEDIA_SCANNER_STARTED, android.intent.action.MEDIA_SHARED, android.intent.action.LOCALE_CHANGED, android.intent.action.INPUT_METHOD_CHANGED, android.intent.action.HEADSET_PLUG, android.intent.action.GTALK_DISCONNECTED, android.intent.action.GTALK_CONNECTED, android.intent.action.EXTERNAL_APPLICATIONS_UNAVAILABLE, android.intent.action.EXTERNAL_APPLICATIONS_AVAILABLE, android.intent.action.DOCK_EVENT, android.intent.action.DEVICE_STORAGE_OK, android.intent.action.DEVICE_STORAGE_LOW, android.intent.action.DATE_CHANGED, android.intent.action.CLOSE_SYSTEM_DIALOGS, android.intent.action.CAMERA_BUTTON, android.intent.action.BATTERY_OKAY, android.intent.action.BATTERY_LOW, android.intent.action.BATTERY_CHANGED, android.intent.action.AIRPLANE_MODE, android.intent.action.PROVIDER_CHANGED, android.intent.action.ACTION_SHUTDOWN, android.intent.action.USER_PRESENT, android.intent.action.WALLPAPER_CHANGED, android.net.wifi.WIFI_STATE_CHANGED, com.noshufou.android.su.REQUEST, android.net.conn.CONNECTIVITY_CHANGE, android.provider.Telephony.SMS_RECEIVED
categories: android.intent.category.HOME
com.a.BootRec
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.ACTION_SHUTDOWN, android.intent.action.USER_PRESENT
com.a.MyAdminReceiver
actions: android.app.action.DEVICE_ADMIN_ENABLED
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
95
Uncompressed size
2415755
Highest datetime
2015-01-29 20:48:00
Lowest datetime
2015-01-12 14:38:08
Contained files by extension
xml
28
png
21
jpg
12
gif
8
so
7
map
3
dex
1
mf
1
apk
1
RSA
1
MF
1
SF
1
Contained files by type
XML
28
PNG
21
unknown
17
JPG
12
GIF
8
ELF
7
DEX
1
ZIP
1
File identification
MD5 04b68692596e29e4cd6de463363d74f9
SHA1 772a22138362691f75a5e93a074207f1f9b381ee
SHA256 8f073e57b619c9f66a497ca8a1516ad7ad21159692da16cf6ee60cb788c0fb5c
ssdeep
24576:UbkoqfvVdB41pXSD/o5KGahxD/Is5/7kuqaktzK6wj4E0:UgoqqjSjjjhxeNKPD0

File size 1.1 MB ( 1168359 bytes )
File type Android
Magic literal
Zip archive data, at least v1.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk android contains-elf

VirusTotal metadata
First submission 2015-01-29 14:11:17 UTC ( 2 years, 5 months ago )
Last submission 2017-07-22 12:32:22 UTC ( 1 minute ago )
File names %EC%B2%AD%EC%B2%A9%EC%9E%A5.apk
71a4b3fd8801ffb04da9851909a635202d42646b
VirusShare_04b68692596e29e4cd6de463363d74f9
vti-rescan
8f073e57b619c9f66a497ca8a1516ad7ad21159692da16cf6ee60cb788c0fb5c.apk
8f073e57b619c9f66a497ca8a1516ad7ad21159692da16cf6ee60cb788c0fb5c.log
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.a/com.qwe.service.InterCall;end
#Intent;component=com.a/com.qwe.service.AutBankInt;end
#Intent;component=com.a/com.qwe.service.SMSSEND;end
#Intent;component=com.a/com.qwe.service.HeartBeats;end
Opened files
/mnt/sdcard
Accessed files
/mnt/sdcard/NPKI
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.
Contacted URLs
http://qfgherthds.vicp.co/appHome//servlet/UploadMac
http://qfgherthds.vicp.co/appHome//servlet/GetMessage
http://qfgherthds.vicp.co/appHome//servlet/OnLine