× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b5444f1c1d0c08954a53c495fe39d4ba00670faeeb2d6d9ebad98620f2bb876
File name: 1428719404_com.nenoff.followthelinefree.apk
Detection ratio: 7 / 56
Analysis date: 2016-06-23 03:40:12 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AegisLab Adwareare.Andr.Leadbolt.G!c 20160623
AVware Trojan.AndroidOS.Generic.A 20160623
Cyren AndroidOS/GenPua.6DC0FE53!Olympus 20160623
DrWeb Adware.Leadbolt.12.origin 20160623
ESET-NOD32 a variant of Android/Anydown.J potentially unsafe 20160622
Fortinet Adware/Anydown!Android 20160623
NANO-Antivirus Riskware.Android.Leadbolt.dkzuxh 20160623
Ad-Aware 20160623
AhnLab-V3 20160622
Alibaba 20160623
ALYac 20160623
Antiy-AVL 20160623
Arcabit 20160623
Avast 20160623
AVG 20160623
Avira (no cloud) 20160623
Baidu 20160622
Baidu-International 20160614
BitDefender 20160623
Bkav 20160622
CAT-QuickHeal 20160622
ClamAV 20160623
CMC 20160620
Comodo 20160623
Emsisoft 20160623
F-Prot 20160623
F-Secure 20160623
GData 20160623
Ikarus 20160622
Jiangmin 20160623
K7AntiVirus 20160622
K7GW 20160622
Kaspersky 20160623
Kingsoft 20160623
Malwarebytes 20160622
McAfee 20160623
McAfee-GW-Edition 20160623
Microsoft 20160622
eScan 20160623
nProtect 20160622
Panda 20160622
Qihoo-360 20160623
Sophos AV 20160623
SUPERAntiSpyware 20160622
Symantec 20160623
Tencent 20160623
TheHacker 20160621
TotalDefense 20160623
TrendMicro 20160623
TrendMicro-HouseCall 20160623
VBA32 20160621
VIPRE 20160623
ViRobot 20160623
Yandex 20160621
Zillya 20160623
Zoner 20160623
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.nenoff.followthelinefree. The internal version number of the application is 22. The displayed version string of the application is 3.5. The minimum Android API level for the application to run (MinSDKVersion) is 10. The target Android API level for the application to run (TargetSDKVersion) is 22.
Required permissions
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
Activities
com.unity3d.player.UnityPlayerNativeActivity
com.facebook.unity.FBUnityLoginActivity
com.facebook.LoginActivity
com.facebook.unity.FBUnityDeepLinkingActivity
com.unity3d.player.VideoPlayer
com.startapp.android.publish.list3d.List3DActivity
com.startapp.android.publish.AppWallActivity
com.tapjoy.TJCOffersWebView
com.tapjoy.TapjoyVideoView
com.tapjoy.TJAdUnitView
com.tapjoy.mraid.view.ActionHandler
com.tapjoy.mraid.view.Browser
com.heyzap.sdk.ads.MediationTestActivity
com.heyzap.sdk.ads.HeyzapInterstitialActivity
com.heyzap.sdk.ads.HeyzapVideoActivity
com.google.example.games.pluginsupport.SignInHelperActivity
com.google.example.games.pluginsupport.SelectOpponentsHelperActivity
com.google.example.games.pluginsupport.InvitationInboxHelperActivity
Services
com.ckkcaddzqvpwvljum.ReEngagementService
com.ckkcaddzqvpwvljum.AdBootReceiverService
com.google.analytics.tracking.android.CampaignTrackingService
com.ironsource.mobilcore.MobileCoreReport
Receivers
com.ckkcaddzqvpwvljum.ReEngagement
com.nenoff.LeadboltBootReceiver
com.google.analytics.tracking.android.CampaignTrackingReceiver
com.ironsource.mobilcore.InstallationTracker
com.heyzap.sdk.ads.PackageAddedReceiver
Activity-related intent filters
com.unity3d.player.UnityPlayerNativeActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.google.analytics.tracking.android.CampaignTrackingReceiver
actions: com.android.vending.INSTALL_REFERRER
com.nenoff.LeadboltBootReceiver
actions: android.intent.action.BOOT_COMPLETED
com.heyzap.sdk.ads.PackageAddedReceiver
actions: android.intent.action.PACKAGE_ADDED
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The studied file contains at least one Portable Executable.
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
296
Uncompressed size
80705018
Highest datetime
2015-04-04 12:27:22
Lowest datetime
2015-03-27 10:57:08
Contained files by extension
png
187
xml
35
dll
11
zip
8
so
6
js
2
dex
1
MF
1
RSA
1
SF
1
Contained files by type
PNG
187
unknown
47
XML
35
Portable Executable
11
ZIP
8
ELF
6
DEX
1
HTML
1
File identification
MD5 6dc0fe53371ae1a5b01e14596bebd710
SHA1 fc9b174a33f66a9011c98166e461f7180ea2ea98
SHA256 9b5444f1c1d0c08954a53c495fe39d4ba00670faeeb2d6d9ebad98620f2bb876
ssdeep
393216:9MCem+CsMhUZWwE0LIymN353dtLqHJlonGE9osacb6cmCAFeh3t0+S:9ipM9wcZNhiHJloD4A3t0r

File size 21.8 MB ( 22857806 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (72.9%)
Java Archive (20.1%)
ZIP compressed archive (5.5%)
PrintFox/Pagefox bitmap (var. P) (1.3%)
Tags
apk contains-pe android contains-elf

VirusTotal metadata
First submission 2015-04-04 19:00:10 UTC ( 3 years, 8 months ago )
Last submission 2016-06-23 03:40:12 UTC ( 2 years, 5 months ago )
File names 1428719404_com.nenoff.followthelinefree.apk
com.nenoff.followthelinefree.apk
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0216.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!