× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0a0a1b3359da0e216d505b994e5add71ec2af8c0887ece893e701d87246e750
File name: sadsaw.apk
Detection ratio: 24 / 54
Analysis date: 2016-01-19 08:54:18 UTC ( 1 year, 7 months ago )
Antivirus Result Update
AhnLab-V3 Android-Trojan/Sandrorat.c542 20160119
Alibaba A.W.Rog.EvilCert.A24 20160119
Arcabit Android.Adware.Plankton.A 20160119
Avast Android:DroidJack-A [Trj] 20160119
AVG Android/Deng.RBI 20160119
Avira (no cloud) ANDROID/Spy.Kasandra.B.Gen 20160119
BitDefender Android.Adware.Plankton.A 20160119
CAT-QuickHeal Android.Sandr.A 20160119
Cyren AndroidOS/Sandr.A.gen!Eldorado 20160119
DrWeb Android.Spy.178.origin 20160119
Emsisoft Android.Adware.Plankton.A (B) 20160119
ESET-NOD32 a variant of Android/Spy.Kasandra.B 20160119
F-Secure Trojan:Android/AndroRat.K 20160119
Fortinet Android/Sandr.C!tr 20160119
GData Android.Adware.Plankton.A 20160119
Ikarus Trojan-Spy.AndroidOS.Kasandra 20160119
K7GW Spyware ( 004b5b5d1 ) 20160119
Kaspersky HEUR:Trojan-Spy.AndroidOS.Sandr.a 20160119
McAfee Artemis!A71FF8625919 20160119
McAfee-GW-Edition Artemis!A71FF8625919 20160119
eScan Android.Adware.Plankton.A 20160119
NANO-Antivirus Trojan.Android.Zerat.dekxmy 20160119
Qihoo-360 Trojan.Android.Gen 20160119
Sophos AV Andr/SandRat-C 20160119
AegisLab 20160119
Yandex 20160118
ALYac 20160119
Antiy-AVL 20160119
AVware 20160111
Baidu-International 20160119
Bkav 20160118
ByteHero 20160119
ClamAV 20160119
CMC 20160111
Comodo 20160119
F-Prot 20160119
Jiangmin 20160119
K7AntiVirus 20160119
Malwarebytes 20160119
Microsoft 20160119
nProtect 20160119
Panda 20160118
Rising 20160119
SUPERAntiSpyware 20160119
Symantec 20160118
TheHacker 20160119
TotalDefense 20160119
TrendMicro 20160119
TrendMicro-HouseCall 20160119
VBA32 20160117
VIPRE 20160119
ViRobot 20160119
Zillya 20160118
Zoner 20160119
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.appling.ios7glass. The internal version number of the application is 20. The displayed version string of the application is 1.1.9. The minimum Android API level for the application to run (MinSDKVersion) is 10. The target Android API level for the application to run (TargetSDKVersion) is 17.
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_CALL_LOG (write (but not read) the user's contacts data.)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECORD_AUDIO (record audio)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.CAMERA (take pictures and videos)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_CONTACTS (read contact data)
Activities
com.appling.ios7glass.Settings
com.google.android.gms.ads.AdActivity
com.appling.ios7glass.AppRedirection
com.startapp.android.publish.list3d.List3DActivity
com.startapp.android.publish.AppWallActivity
net.droidjack.server.CamSnapDJ
net.droidjack.server.VideoCapDJ
Services
com.appling.ios7glass.LiveWallpaper
com.apperhand.device.android.AndroidSDKProvider
net.droidjack.server.Controller
net.droidjack.server.GPSLocation
net.droidjack.server.Toaster
Receivers
net.droidjack.server.Connector
net.droidjack.server.CallListener
Service-related intent filters
com.appling.ios7glass.LiveWallpaper
actions: android.service.wallpaper.WallpaperService
Activity-related intent filters
net.droidjack.server.VideoCapDJ
actions: android.intent.action.VIDEOCAPDJ
categories: android.intent.category.DEFAULT
net.droidjack.server.CamSnapDJ
actions: android.intent.action.CAMSNAPDJ
categories: android.intent.category.DEFAULT
com.appling.ios7glass.AppRedirection
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
net.droidjack.server.Connector
actions: android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.BOOT_COMPLETED
net.droidjack.server.CallListener
actions: android.intent.action.PHONE_STATE
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
180
Uncompressed size
5851143
Highest datetime
2015-05-17 02:17:34
Lowest datetime
2015-05-17 02:16:56
Contained files by extension
png
126
xml
32
zip
7
so
4
dex
1
MF
1
RSA
1
jpg
1
fnt
1
ogg
1
txt
1
SF
1
Contained files by type
PNG
125
XML
32
unknown
9
ZIP
7
ELF
4
DEX
1
JPG
1
OGG
1
File identification
MD5 a71ff862591910ffc3a8f8b6ecf858c7
SHA1 a18dd2e4e7412dba9a2f8233be513926a4b9378c
SHA256 b0a0a1b3359da0e216d505b994e5add71ec2af8c0887ece893e701d87246e750
ssdeep
98304:57EHBSEBNkBMI8ynAPFnPAmSj0UzvTngxJkcWhrJ3T58HARPO:5IHVbbMRbTEkVrJ3TiHABO

File size 3.2 MB ( 3407786 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android contains-elf dyn-class

VirusTotal metadata
First submission 2015-05-16 18:20:33 UTC ( 2 years, 3 months ago )
Last submission 2015-05-16 18:20:33 UTC ( 2 years, 3 months ago )
File names sadsaw.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Permissions checked
android.permission.INTERNET:com.appling.ios7glass
android.permission.ACCESS_NETWORK_STATE:com.appling.ios7glass
Started services
#Intent;component=com.appling.ios7glass/net.droidjack.server.Controller;end
Started receivers
android.intent.action.USER_PRESENT
android.intent.action.SCREEN_OFF
Opened files
/data/data/com.appling.ios7glass/cache/ads-13156105.jar
http:/googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
http:/googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.appcache
http:/googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.js
/data/data/com.appling.ios7glass/cache
/data/data/com.appling.ios7glass/databases/com.google.android.gms.ads.db
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically loaded classes
com.google.android.ads.zxxz.a
com.google.android.ads.zxxz.d
com.google.android.ads.zxxz.c
com.google.android.ads.zxxz.f
com.google.android.ads.zxxz.b
com.google.android.ads.zxxz.e
Contacted URLs
https://googleads.g.doubleclick.net/mads/gma?session_id=7426971651857521661&seq_num=1&rm=2&js=afma-sdk-a-v4452000.4452000.0&hl=en&smart_w=full&gnt=3&ma=0&carrier=310260&u_sd=1.5&sp=0&cnt=0&muv=11&riv=5&ms=bKSDJ2b-2OkIO8yUiWkCe63tQ8SyGk7gG2GGuUmuN4A9Qm_160gmx4_d-KDVFoDfgS1BRV7RucqgvqHqDJptof81LSRUzypzvjNXkDz0vSVD5gcHJnht9UBDyWZ5Rdllmzs-MMJmwqd1B4W2FeZKA-9RNx4bE243y5Im-ZEdJOjxRs0DRVfD6Slw8NK36d2ZWgQ-V4wuwVdEQ5U3qXOsCOGWApUv6Xhtqtzyvaw8tMJiTbk1t7blIl_HlJYPmezFbW94hY1TlpeFSg2p7WTkANIEc_pzOUocX2b4RWfCdrvmGVdjqB8oWPXrpO82pWx1OryvIdKqBwFpPTYmLpJhXw&format=320x50_as&smart_h=auto&coh=1&gl=US&am=0&cap=m&u_w=320&u_h=533&msid=com.appling.ios7glass&app_name=20.android.com.appling.ios7glass&an=20.android.com.appling.ios7glass&net=ed&u_audio=1&u_so=p&preqs=0&pimp=0&basets=511559&pclick=0&currts=511559&output=html&region=mobile_app&u_tz=120&client_sdk=1&ex=1&client=ca-app-pub-8109704817565327&slotname=4003917492&gsb=3g&caps=inlineVideo_interactiveVideo_mraid1_th_autoplay_mediation_av_sdkAdmobApiForAds_di&_efs=false&forceHttps=true&blockAutoClicks=0&eid=46621099&jsv=162&urll=1069
Accessed URIs
geo:0,0?q=donuts
http://www.google.com
market://details?id=com.google.android.gms.ads
http://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
http://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.appcache
http://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.js
gmsg://mobileads.google.com/jsLoaded?google.afma.Notify_dt=1350547479474
gmsg://mobileads.google.com/loadAdURL?drt_include=0&request_scenario=online_request&type=admob&url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fgma%3Fsession_id%3D7426971651857521661%26seq_num%3D1%26rm%3D2%26js%3Dafma-sdk-a-v4452000.4452000.0%26hl%3Den%26smart_w%3Dfull%26gnt%3D3%26ma%3D0%26carrier%3D310260%26u_sd%3D1.5%26sp%3D0%26cnt%3D0%26muv%3D11%26riv%3D5%26ms%3DbKSDJ2b-2OkIO8yUiWkCe63tQ8SyGk7gG2GGuUmuN4A9Qm_160gmx4_d-KDVFoDfgS1BRV7RucqgvqHqDJptof81LSRUzypzvjNXkDz0vSVD5gcHJnht9UBDyWZ5Rdllmzs-MMJmwqd1B4W2FeZKA-9RNx4bE243y5Im-ZEdJOjxRs0DRVfD6Slw8NK36d2ZWgQ-V4wuwVdEQ5U3qXOsCOGWApUv6Xhtqtzyvaw8tMJiTbk1t7blIl_HlJYPmezFbW94hY1TlpeFSg2p7WTkANIEc_pzOUocX2b4RWfCdrvmGVdjqB8oWPXrpO82pWx1OryvIdKqBwFpPTYmLpJhXw%26format%3D320x50_as%26smart_h%3Dauto%26coh%3D1%26gl%3DUS%26am%3D0%26cap%3Dm%26u_w%3D320%26u_h%3D533%26msid%3Dcom.appling.ios7glass%26app_name%3D20.android.com.appling.ios7glass%26an%3D20.android.com.appling.ios7glass%26net%3Ded%26u_audio%3D1%26u_so%3Dp%26preqs%3D0%26pimp%3D0%26basets%3D511559%26pclick%3D0%26currts%3D511559%26output%3Dhtml%26region%3Dmobile_app%26u_tz%3D120%26client_sdk%3D1%26ex%3D1%26client%3Dca-app-pub-8109704817565327%26slotname%3D4003917492%26gsb%3D3g%26caps%3DinlineVideo_interactiveVideo_mraid1_th_autoplay_mediation_av_sdkAdmobApiForAds_di%26_efs%3Dfalse%26forceHttps%3Dtrue%26blockAutoClicks%3D0%26eid%3D46621099%26jsv%3D162%26urll%3D1069&base_uri=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fgma&use_webview_loadurl=0&enable_auto_click_protection=0&google.afma.Notify_dt=1350547489583