× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af518ec81e4ddb7b08048b7924c7f63e55c654a702f5c62ebf3e83d39c51bab2
File name: Scan-For-Viruses-Now.apk
Detection ratio: 19 / 55
Analysis date: 2015-05-04 02:10:47 UTC ( 2 years, 7 months ago )
Antivirus Result Update
AegisLab SUSPICIOUS 20150503
AhnLab-V3 Android-Trojan/FakeDoc.1af6 20150503
Alibaba A.W.Rog.EvilCert.A0 20150503
Antiy-AVL Trojan/Win32.TSGeneric 20150503
Avast Android:Armour-F [PUP] 20150503
AVG Android/Deng.GMD 20150503
AVware Trojan.AndroidOS.Generic.A 20150503
Comodo UnclassifiedMalware 20150503
Cyren AndroidOS/FakeApp.C 20150503
DrWeb Android.Fakealert.9.origin 20150503
ESET-NOD32 a variant of Android/AndroidArmour.E potentially unwanted 20150503
F-Prot AndroidOS/FakeApp.C 20150503
Fortinet Adware/BatteryDoctor!Android 20150503
Ikarus PUA.AndroidOS.BatteryDoctor 20150503
Kingsoft Android.RISKWARE.Fakepay.a.(kcloud) 20150504
McAfee Artemis!FCEF52D4A8DB 20150503
NANO-Antivirus Trojan.Android.Fakealert.cwzggc 20150503
Sophos AV Android Armour 20150503
VIPRE Trojan.AndroidOS.Generic.A 20150503
Ad-Aware 20150503
Yandex 20150502
ALYac 20150503
Baidu-International 20150503
BitDefender 20150503
Bkav 20150425
ByteHero 20150504
CAT-QuickHeal 20150502
ClamAV 20150503
CMC 20150501
Emsisoft 20150503
F-Secure 20150503
GData 20150503
Jiangmin 20150430
K7AntiVirus 20150503
K7GW 20150503
Kaspersky 20150503
McAfee-GW-Edition 20150503
Microsoft 20150503
eScan 20150503
Norman 20150503
nProtect 20150430
Panda 20150503
Qihoo-360 20150504
Rising 20150503
SUPERAntiSpyware 20150502
Symantec 20150503
Tencent 20150504
TheHacker 20150502
TotalDefense 20150430
TrendMicro 20150503
TrendMicro-HouseCall 20150503
VBA32 20150501
ViRobot 20150503
Zillya 20150503
Zoner 20150430
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.armorforandroid.security. The internal version number of the application is 349. The displayed version string of the application is 2.1.69.0. The minimum Android API level for the application to run (MinSDKVersion) is 10. The target Android API level for the application to run (TargetSDKVersion) is 17.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file loads a shared library
The studied DEX file dynamically loads another DEX file
The studied DEX file makes use of cryptographic functions
The APK package studied contains shared ELF libraries
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.READ_LOGS (read sensitive log data)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_CONTACTS (write contact data)
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS (write Browser's history and bookmarks)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_CALL_LOG (write (but not read) the user's contacts data.)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.GET_PACKAGE_SIZE (measure application storage space)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.VIBRATE (control vibrator)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.READ_CONTACTS (read contact data)
android.permission.CLEAR_APP_CACHE (delete all application cache data)
android.permission.RESTART_PACKAGES (kill background processes)
android.permission.GET_ACCOUNTS (discover known accounts)
Permission-related API calls
FACTORY_TEST
GET_TASKS
ACCESS_NETWORK_STATE
RESTART_PACKAGES
KILL_BACKGROUND_PROCESSES
USE_CREDENTIALS
READ_LOGS
VIBRATE
BLUETOOTH
ACCESS_WIFI_STATE
READ_CONTACTS
GET_ACCOUNTS
READ_PHONE_STATE
READ_HISTORY_BOOKMARKS
INTERNET
WRITE_HISTORY_BOOKMARKS
ACCESS_FINE_LOCATION
WAKE_LOCK
Ad-related libraries
admob () with a probability
Main Activity
com.armorforandroid.security.HomeActivity_
Activities
com.armorforandroid.security.HomeActivity_
com.armorforandroid.security.SecurityActivity_
com.armorforandroid.security.SecurityDialogActivity_
com.armorforandroid.security.PrivacyActivity_
com.armorforandroid.security.ThreatsActivity_
com.armorforandroid.security.ThreatDetailDialog_
com.armorforandroid.security.VerifiedDialog_
com.armorforandroid.security.CertifiedDialog_
com.armorforandroid.security.SettingsActivity_
com.armorforandroid.security.MyAccountActivity_
com.armorforandroid.security.MyContactActivity_
com.armorforandroid.security.MyPrivacyActivity_
com.armorforandroid.security.MyTermsActivity_
com.armorforandroid.security.MyUserManualActivity_
com.armorforandroid.security.MyAboutUsActivity_
com.armorforandroid.security.MyRatingActivity_
com.armorforandroid.security.MyUpdateActivity_
com.armorforandroid.security.MenuActivity_
com.armorforandroid.security.MicroNetActivity_
com.armorforandroid.security.ThreatDefDialog_
com.armorforandroid.security.ProtectDefDialog_
com.armorforandroid.security.SignalBoostDefDialog_
com.armorforandroid.security.AdvancedDialog_
com.armorforandroid.security.AccountDialog_
com.armorforandroid.security.AccountAddressDialog_
com.armorforandroid.security.AccountSuccessDialog_
com.armorforandroid.security.LockActivity_
com.armorforandroid.security.MockActivity_
com.armorforandroid.security.EmailDialog_
com.armorforandroid.security.FtueActivity_
com.itframework.installer.util.InstallNonMarketFromUrlActivity
com.itframework.installer.util.NonMarketDialogActivity
Services
com.armorforandroid.security.service.ApplicationScanService
com.armorforandroid.security.service.BrowserService
com.armorforandroid.security.service.SearchService
com.itframework.installer.util.InstallWorker
com.itframework.notification.NotificationService
Receivers
com.armorforandroid.security.receivers.BootReceiver
com.armorforandroid.security.receivers.MyAlarmReceiver
com.armorforandroid.security.receivers.InstallReceiver
com.armorforandroid.security.receivers.UninstallReceiver
com.armorforandroid.security.receivers.AlarmReceiver
com.armorforandroid.security.receivers.NotificationReceiver
com.itframework.notification.NotificationReceiver
com.armorforandroid.security.receivers.BatteryReceiver
Activity-related intent filters
com.itframework.installer.util.InstallNonMarketFromUrlActivity
actions: android.intent.action.VIEW
categories: android.intent.category.DEFAULT, android.intent.category.BROWSABLE
com.armorforandroid.security.HomeActivity_
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.armorforandroid.security.receivers.InstallReceiver
actions: android.intent.action.PACKAGE_ADDED
com.armorforandroid.security.receivers.UninstallReceiver
actions: android.intent.action.PACKAGE_REMOVED
com.armorforandroid.security.receivers.BatteryReceiver
actions: android.intent.action.BATTERY_LOW
com.armorforandroid.security.receivers.NotificationReceiver
actions: com.armorforandroid.notification.NOTIFICATION_CLICKED, com.armorforandroid.notification.NOTIFICATION_CLEARED, com.armorforandroid.security.intent.http.SHOW
com.armorforandroid.security.receivers.BootReceiver
actions: android.intent.action.BOOT_COMPLETED
com.itframework.notification.NotificationReceiver
actions: com.armorforandroid.security.notification.action.ALARM, com.armorforandroid.security.notification.action.CANCEL, com.armorforandroid.security.notification.action.CLICKED
com.armorforandroid.security.receivers.AlarmReceiver
actions: com.armorforandroid.security.SCAN, com.armorforandroid.security.THREAT_NOTIFICATION
Application certificate information
Application bundle files
Interesting strings
File identification
MD5 6ba49bb5b224bb362a4b32dafd569801
SHA1 1e0bbf5197b670353a8aac7856eb1d5b946e16fb
SHA256 af518ec81e4ddb7b08048b7924c7f63e55c654a702f5c62ebf3e83d39c51bab2
ssdeep
49152:+4IofTM8uF+QqWZqL8x+oJrhvntLwEr+XT1rFYEijOrY9mSNA1NR7tTmw:vTq/FJrVtLww+XT15YCrzS45tT1

File size 3.2 MB ( 3360083 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Universe Sandbox simulation (50.0%)
Mozilla Firefox browser extension (33.3%)
ZIP compressed archive (16.6%)
Tags
apk android ext-prg dyn-calls

VirusTotal metadata
First submission 2015-05-04 02:10:47 UTC ( 2 years, 7 months ago )
Last submission 2015-05-04 02:10:47 UTC ( 2 years, 7 months ago )
File names Scan-For-Viruses-Now.apk
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0xd3e12d68

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
172

ZipCompressedSize
124

FileTypeExtension
zip

ZipFileName
assets/parameters.json

ZipBitFlag
0

ZipModifyDate
2015:05:04 01:27:10

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Permissions checked
android.permission.ACCESS_FINE_LOCATION:com.armorforandroid.security
android.permission.ACCESS_NETWORK_STATE:com.armorforandroid.security
android.permission.ACCESS_WIFI_STATE:com.armorforandroid.security
Started services
#Intent;action=com.armorforandroid.security.action.SEARCH;component=com.armorforandroid.security/.service.SearchService;end
Started receivers
android.intent.action.BATTERY_CHANGED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.SCREEN_ON
External programs launched
/system/xbin/which su
Opened files
/data/data/com.armorforandroid.security/cache/volley
APP_ASSETS/parameters.json
APP_ASSETS/version.json
APP_ASSETS/upgrade.json
/data/data/com.armorforandroid.security/files
/data/data/com.armorforandroid.security/files/Mint.json
Accessed files
/data/data/com.armorforandroid.security/files
/data/data/com.armorforandroid.security/files/parameters.json
/mnt/sdcard/Android/data/com.armorforandroid.security/files/parameters.json
/mnt/sdcard/.security
/data/data/com.armorforandroid.security/files/.security
/sbin/su
/system/bin/su
/system/xbin/su
/data/data/com.armorforandroid.security/files/version.json
/mnt/sdcard/Android/data/com.armorforandroid.security/files/version.json
/data/data/com.armorforandroid.security/cache/volley
/data/data/com.armorforandroid.security/files/upgrade.json
/mnt/sdcard/Android/data/com.armorforandroid.security/files/upgrade.json
/system/app/Superuser.apk
/data/data/com.armorforandroid.security/files/.setForceSendPingOnNextStart
/data/data/com.armorforandroid.security/files/localytics/device_id
/data/data/com.armorforandroid.security/files/Mint.json
/data/data/com.armorforandroid.security/files/localytics
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically called methods
android.app.ApplicationPackageManager.hasSystemFeature 1 argument.
u'android.hardware.nfc'
android.app.ApplicationPackageManager.hasSystemFeature 1 argument.
u'android.hardware.telephony'
android.net.wifi.WifiManager.isWifiApEnabled
Contacted URLs
https://f75779a2.api.splkmobile.com/1.0/f75779a2/c635ef002777647d5fd84f385947b2c7/0/1/hash=none
http://term.armorforandroid.com/terms/ihn7fpgsdy
Accessed URIs
http://term.armorforandroid.com/terms/ihn7fpgsdy
content://com.android.chrome.browser/bookmarks
content://org.mozilla.firefox.db.browser/bookmarks
content://com.sec.android.app.sbrowser.browser/history