× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9505ada544a14971dd07537dfd5d3f97b34eac395cdc12f5f8983c6bf3d2c01a
File name: 1429000205_com.freedommodestdifference.recordmachine.birth.apk
Detection ratio: 1 / 56
Analysis date: 2016-06-26 14:56:08 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Bkav Android.Adware.Dowgin.FE78 20160625
Ad-Aware 20160626
AegisLab 20160624
AhnLab-V3 20160626
Alibaba 20160624
ALYac 20160626
Antiy-AVL 20160626
Arcabit 20160626
Avast 20160626
AVG 20160626
Avira (no cloud) 20160626
AVware 20160626
Baidu 20160624
Baidu-International 20160614
BitDefender 20160626
CAT-QuickHeal 20160625
ClamAV 20160626
CMC 20160620
Comodo 20160626
Cyren 20160626
DrWeb 20160626
Emsisoft 20160626
ESET-NOD32 20160626
F-Prot 20160626
F-Secure 20160626
Fortinet 20160626
GData 20160626
Ikarus 20160626
Jiangmin 20160626
K7AntiVirus 20160626
K7GW 20160626
Kaspersky 20160626
Kingsoft 20160626
Malwarebytes 20160626
McAfee 20160626
McAfee-GW-Edition 20160626
Microsoft 20160626
eScan 20160626
NANO-Antivirus 20160626
nProtect 20160624
Panda 20160626
Qihoo-360 20160626
Sophos AV 20160626
SUPERAntiSpyware 20160626
Symantec 20160626
Tencent 20160626
TheHacker 20160625
TotalDefense 20160626
TrendMicro 20160626
TrendMicro-HouseCall 20160626
VBA32 20160625
VIPRE 20160626
ViRobot 20160626
Yandex 20160625
Zillya 20160625
Zoner 20160626
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.freedommodestdifference.recordmachine.birth. The internal version number of the application is 3. The displayed version string of the application is 3.0. The minimum Android API level for the application to run (MinSDKVersion) is 9.
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.VIBRATE (control vibrator)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.REORDER_TASKS (reorder applications running)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.GET_TASKS (retrieve running applications)
android.permission.WRITE_SETTINGS (modify global system settings)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.INTERNET (full Internet access)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS (mount and unmount file systems)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
Activities
hjphzcmbvbwrtgs.dcauitcfvq
com.google.android.gms.ads.AdActivity
com.chartboost.sdk.CBImpressionActivity
com.jirbo.adcolony.AdColonyOverlay
com.jirbo.adcolony.AdColonyFullscreen
com.jirbo.adcolony.AdColonyBrowser
Services
hjphzcmbvbwrtgs.cqnueygwar
Receivers
hjphzcmbvbwrtgs.pjoulflzgh
Service-related intent filters
hjphzcmbvbwrtgs.cqnueygwar
actions: android.service.wallpaper.WallpaperService
Activity-related intent filters
hjphzcmbvbwrtgs.dcauitcfvq
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
hjphzcmbvbwrtgs.pjoulflzgh
actions: android.appwidget.action.APPWIDGET_UPDATE
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
168
Uncompressed size
14039028
Highest datetime
2015-04-07 20:20:52
Lowest datetime
2015-04-07 20:19:40
Contained files by extension
png
131
xml
12
dex
1
MF
1
RSA
1
lua
1
so
1
mp3
1
SF
1
Contained files by type
PNG
131
unknown
23
XML
12
DEX
1
ELF
1
File identification
MD5 ea19eb9cb390aa08a32aa1b1cb9f10e5
SHA1 d1d9d175049827697e140e5558251d2a380e4665
SHA256 9505ada544a14971dd07537dfd5d3f97b34eac395cdc12f5f8983c6bf3d2c01a
ssdeep
98304:62vHJPAwMCSd3nAAz/uBE94RBdjPxZCDqrzpzLKvZFTWf9vm7dudZ5vF8YbHrBbw:jHawMJxxzz94b5PA4lLKvZFy50udZ5KR

File size 4.2 MB ( 4411942 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk software-collection dyn-class android contains-elf

VirusTotal metadata
First submission 2015-04-09 18:14:05 UTC ( 2 years, 7 months ago )
Last submission 2016-11-02 07:06:46 UTC ( 1 year ago )
File names com.freedommodestdifference.recordmachine.birth-1.apk
cockroach-smash.apk
a746ed883bf79831649ec901b88a39a737c243ca2adf14028c00675ed85459793572f9432b31765a2f9245fba6be58d449f7f72bfa4b91658022a0ab64c949c3
1429000205_com.freedommodestdifference.recordmachine.birth.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Permissions checked
android.permission.ACCESS_WIFI_STATE:com.freedommodestdifference.recordmachine.birth
android.permission.WRITE_EXTERNAL_STORAGE:com.freedommodestdifference.recordmachine.birth
android.permission.READ_PHONE_STATE:com.freedommodestdifference.recordmachine.birth
android.permission.INTERNET:com.freedommodestdifference.recordmachine.birth
android.permission.ACCESS_NETWORK_STATE:com.freedommodestdifference.recordmachine.birth
Started receivers
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BATTERY_CHANGED
android.intent.action.USER_PRESENT
android.intent.action.SCREEN_OFF
Opened files
/data/data/com.freedommodestdifference.recordmachine.birth/cache/volley
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBTrackingDirectory
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBVideoCompletion
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBRequestManager
/mnt/sdcard/Android/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBVideoDirectory
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBSessionDirectory
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBSessionDirectory/cb_previous_session_info
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBRequestManager/440090507191
/data/data/com.freedommodestdifference.recordmachine.birth/cache/ads-1323201319.jar
/data/data/com.freedommodestdifference.recordmachine.birth/files
/data/data/com.freedommodestdifference.recordmachine.birth/cache
/data/data/com.freedommodestdifference.recordmachine.birth/cache/com.google.android.gms.ads.appcache
/data/data/com.freedommodestdifference.recordmachine.birth/databases/com.google.android.gms.ads.db
/mnt/sdcard
/data
Accessed files
/data/data/com.freedommodestdifference.recordmachine.birth/files
/data/data/com.freedommodestdifference.recordmachine.birth/files/umeng_it.cache
/data/data/com.freedommodestdifference.recordmachine.birth/files/.imprint
/data/data/com.freedommodestdifference.recordmachine.birth/files/mobclick_agent_sealed_com.freedommodestdifference.recordmachine.birth
/mnt/sdcard/.UTSystemConfig/Global/Alvin2.xml
/data/data/com.freedommodestdifference.recordmachine.birth/cache/volley
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBRequestManager
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBTrackingDirectory
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBSessionDirectory
/mnt/sdcard/Android/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBVideoDirectory
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBVideoCompletion
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBSessionDirectory/cb_previous_session_info
/data/data/com.freedommodestdifference.recordmachine.birth/cache/__chartboost/CBRequestManager/440090507191
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically loaded classes
com.google.android.ads.zxxz.a
com.google.android.ads.zxxz.d
com.google.android.ads.zxxz.c
com.google.android.ads.zxxz.f
com.google.android.ads.zxxz.b
com.google.android.ads.zxxz.e
Contacted URLs
http://auuad.auuempire.com/appfloor/selfpush/gameframe/www/wwwroot/gateway.php?act=103&data=[{"packname":"com.freedommodestdifference.recordmachine.birth","info":{"levelType":"","level":"0","isFirstLevelState":true,"versionCode":3,"levelState":"start","intervalAppLaunchTime":1,"uuid":"","language":"en","levelRunTime":0}}]&test=1
http://auuad.auuempire.com/sdkaccount/wwwsdk/getaccount.php?packName=com.freedommodestdifference.recordmachine.birth&uuid=&isFirst=1
http://auuad.auuempire.com/sdkaccount/wwwsdk/getadpos.php?appPackname=com.freedommodestdifference.recordmachine.birth&packname=online_bug&version=0
http://auuad.auuempire.com/sdkaccount/wwwsdk/getFloorZip.php?packname=com.freedommodestdifference.recordmachine.birth&md5=
https://graph.facebook.com/network_ads
https://live.chartboost.com/api/config
https://live.chartboost.com/api/video-prefetch
https://live.chartboost.com/api/install
Accessed URIs
content://com.facebook.katana.provider.AttributionIdProvider
https://live.chartboost.com/api/config
geo:0,0?q=donuts
http://www.google.com
market://details?id=com.google.android.gms.ads
https://live.chartboost.com/api/video-prefetch
https://live.chartboost.com/api/install