× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fff8632b8a6aa9ddea06002fcc7ae5b54be33576e06a5b3150bd2151cba1d3d
File name: dropped.apk
Detection ratio: 20 / 55
Analysis date: 2015-11-25 06:48:22 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Android.Trojan.SLocker.FB 20151125
Alibaba A.H.Rog.Pletor.A 20151125
Arcabit Android.Trojan.SLocker.FB 20151125
Avast Android:Banker-GA [Trj] 20151125
AVG Android/Deng.FVT 20151125
Avira (no cloud) ANDROID/Spy.Banker.AO.Gen 20151125
BitDefender Android.Trojan.SLocker.FB 20151125
CAT-QuickHeal Android.SmForw.BY 20151125
Cyren AndroidOS/Torec.C.gen!Eldorado 20151125
DrWeb Android.Banker.51.origin 20151125
Emsisoft Android.Trojan.SLocker.FB (B) 20151125
ESET-NOD32 a variant of Android/Torec.C 20151125
F-Secure Android.Trojan.SLocker.FB 20151125
Fortinet Android/Torec.H!tr 20151125
GData Android.Trojan.SLocker.FB 20151125
Ikarus Trojan.AndroidOS.Slempo 20151125
Kaspersky HEUR:Trojan-Banker.AndroidOS.Acecard.b 20151125
eScan Android.Trojan.SLocker.FB 20151125
NANO-Antivirus Trojan.Android.Banker.dxaiup 20151125
Sophos Andr/Torec-A 20151125
AegisLab 20151125
Yandex 20151124
AhnLab-V3 20151124
ALYac 20151125
Antiy-AVL 20151125
AVware 20151124
Baidu-International 20151124
Bkav 20151124
ByteHero 20151125
ClamAV 20151125
CMC 20151124
Comodo 20151125
F-Prot 20151125
Jiangmin 20151124
K7AntiVirus 20151124
K7GW 20151125
Malwarebytes 20151125
McAfee 20151125
McAfee-GW-Edition 20151125
Microsoft 20151125
nProtect 20151125
Panda 20151124
Qihoo-360 20151125
Rising 20151124
SUPERAntiSpyware 20151125
Symantec 20151124
Tencent 20151125
TheHacker 20151125
TrendMicro 20151125
TrendMicro-HouseCall 20151125
VBA32 20151124
VIPRE 20151125
ViRobot 20151125
Zillya 20151123
Zoner 20151125
The file being studied is Android related! APK Android file more specifically. The application's main package name is org.slempo.service. The internal version number of the application is 2. The displayed version string of the application is 11.1.115.81. The minimum Android API level for the application to run (MinSDKVersion) is 9. The target Android API level for the application to run (TargetSDKVersion) is 22.
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.INTERNET (full Internet access)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.GET_TASKS (retrieve running applications)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
Activities
org.slempo.service.Main
org.slempo.service.DeviceAdminChecker
org.slempo.service.activities.Cards
org.slempo.service.activities.CvcPopup
org.slempo.service.activities.ChangeNumber
org.slempo.service.activities.Commbank
org.slempo.service.activities.Nab
org.slempo.service.activities.Westpack
org.slempo.service.activities.PayPal
org.slempo.service.activities.StGeorge
org.slempo.service.activities.GM
org.slempo.service.activities.Code
org.slempo.service.activities.HTMLDialogs
org.slempo.service.activities.CommonHTML
Services
org.slempo.service.MainService
Receivers
org.slempo.service.ServiceStarter
org.slempo.service.SDCardServiceStarter
org.slempo.service.MyDeviceAdminReceiver
org.slempo.service.MessageReceiver
org.slempo.service.DialogsStarter
org.slempo.service.PulseReceiver
Activity-related intent filters
org.slempo.service.Main
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
org.slempo.service.MessageReceiver
actions: android.provider.Telephony.SMS_RECEIVED
org.slempo.service.ServiceStarter
actions: android.intent.action.BOOT_COMPLETED
org.slempo.service.MyDeviceAdminReceiver
actions: android.app.action.DEVICE_ADMIN_ENABLED
org.slempo.service.PulseReceiver
actions: org.slempo.service.TASK_ALARM_SERVICE_PULSE
org.slempo.service.DialogsStarter
actions: com.slempo.service.activities.HTMLStart
org.slempo.service.SDCardServiceStarter
actions: android.intent.action.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
1002
Uncompressed size
2059807
Highest datetime
2015-11-06 22:22:08
Lowest datetime
2015-11-06 22:21:18
Contained files by extension
png
309
xml
162
dex
1
MF
1
Contained files by type
unknown
528
PNG
309
XML
162
DEX
1
File identification
MD5 41c9add2be9f4b04047ab232eb08058f
SHA1 4b2911f0e43806b7b233c1f59600ec41decb0900
SHA256 9fff8632b8a6aa9ddea06002fcc7ae5b54be33576e06a5b3150bd2151cba1d3d
ssdeep
24576:3E43ND+d0r+rMjQzdrPkTw0gom+oMeyOI/Q5TEigwteq:3dTrOoTBgomHMQI/ocwteq

File size 1.4 MB ( 1519497 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk android

VirusTotal metadata
First submission 2015-11-25 06:48:22 UTC ( 1 year, 6 months ago )
Last submission 2015-12-13 13:06:45 UTC ( 1 year, 5 months ago )
File names dropped.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Interesting calls
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.
Contacted URLs
http://146.0.72.190/
Accessed URIs
content://sms/inbox
content://sms