× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b707d23bfc22908ae8ee2f6e2d0bc9c74135af18c5eea2b3bcca7471d08985c2
File name: Scan-For-Viruses-Now.apk
Detection ratio: 32 / 60
Analysis date: 2017-04-13 23:06:30 UTC ( 1 week, 5 days ago )
Antivirus Result Update
AegisLab SUSPICIOUS 20170413
AhnLab-V3 Android-Trojan/FakeDoc.1af6 20170413
Alibaba A.L.Rog.Armour 20170413
Antiy-AVL Trojan/Android.TSGeneric 20170413
Avast Android:Agent-CAC [PUP] 20170413
AVG Android/G2P.F.069E3CCF2D10 20170413
Avira (no cloud) ANDROID/Armour.A.Gen 20170413
AVware Trojan.AndroidOS.Generic.A 20170410
CAT-QuickHeal Android.Armour.A (PUP) 20170413
ClamAV Andr.Malware.Agent-5859181-0 20170413
Comodo UnclassifiedMalware 20170413
Cyren AndroidOS/FakeDoc.H 20170413
DrWeb Android.Fakealert.3.origin 20170413
ESET-NOD32 a variant of Android/AndroidArmour.A potentially unwanted 20170413
F-Prot AndroidOS/FakeDoc.H 20170413
Fortinet Android/Armour.A!tr 20170413
Ikarus PUA.AndroidOS.AndroidArmour 20170413
K7GW Trojan ( 0001140e1 ) 20170413
Kaspersky not-a-virus:HEUR:RiskTool.AndroidOS.AndroidArmour.a 20170413
Kingsoft Android.RISKWARE.Armour.a.(kcloud) 20170414
McAfee Artemis!084A7B576F5D 20170412
McAfee-GW-Edition Artemis!Trojan 20170413
NANO-Antivirus Trojan.Android.Fakealert.cwzggc 20170413
Qihoo-360 Trojan.Android.Gen 20170414
Sophos Android Armour (PUA) 20170413
Symantec Trojan.Gen.2 20170413
Symantec Mobile Insight AppRisk:Generisk 20170413
Tencent SH.!Android.GenA.1158 20170414
Trustlook Android.Malware.Trojan 20170414
WhiteArmor Android-Malware.SN-Sure.303707454415413642.[Trojan] 20170409
ZoneAlarm by Check Point not-a-virus:HEUR:RiskTool.AndroidOS.AndroidArmour.a 20170413
Zoner Trojan.AndroidOS.Generic.A 20170413
Ad-Aware 20170413
ALYac 20170413
Arcabit 20170413
Baidu 20170411
BitDefender 20170413
Bkav 20170413
CMC 20170413
CrowdStrike Falcon (ML) 20170130
Emsisoft 20170413
Endgame 20170413
F-Secure 20170413
GData 20170413
Invincea 20170413
Jiangmin 20170413
K7AntiVirus 20170413
Malwarebytes 20170413
Microsoft 20170413
eScan 20170413
nProtect 20170413
Palo Alto Networks (Known Signatures) 20170414
Panda 20170413
Rising None
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170413
TheHacker 20170412
TrendMicro 20170413
TrendMicro-HouseCall 20170413
VBA32 20170413
VIPRE 20170413
ViRobot 20170413
Webroot 20170414
Yandex 20170413
Zillya 20170413
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.armorforandroid.security. The internal version number of the application is 234. The displayed version string of the application is 1.6.64. The minimum Android API level for the application to run (MinSDKVersion) is 5. The target Android API level for the application to run (TargetSDKVersion) is 10.
Required permissions
android.permission.READ_LOGS (read sensitive log data)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.INTERNET (full Internet access)
android.permission.WRITE_CONTACTS (write contact data)
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS (write Browser's history and bookmarks)
com.google.android.c2dm.permission.RECEIVE (Unknown permission from android reference)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.GET_TASKS (retrieve running applications)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.GET_PACKAGE_SIZE (measure application storage space)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
com.armorforandroid.security.permission.C2D_MESSAGE (C2DM permission.)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.VIBRATE (control vibrator)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.READ_CONTACTS (read contact data)
android.permission.CLEAR_APP_CACHE (delete all application cache data)
android.permission.RESTART_PACKAGES (kill background processes)
android.permission.GET_ACCOUNTS (discover known accounts)
Activities
com.armorforandroid.security.TabHandler_
com.armorforandroid.security.HomeActivity_
com.armorforandroid.security.SecurityActivity_
com.armorforandroid.security.SecurityDialogActivity_
com.armorforandroid.security.PrivacyActivity_
com.armorforandroid.security.ThreatsActivity_
com.armorforandroid.security.TrustListActivity_
com.armorforandroid.security.ThreatDetailDialog_
com.armorforandroid.security.VerifiedDialog_
com.armorforandroid.security.SettingsActivity_
com.armorforandroid.security.SingleScanListActivity_
com.armorforandroid.security.SingleScanActivity_
com.armorforandroid.security.MyAccountActivity_
com.armorforandroid.security.MyCancelActivity_
com.armorforandroid.security.MyContactActivity_
com.armorforandroid.security.MyPrivacyActivity_
com.armorforandroid.security.MyTermsActivity_
com.armorforandroid.security.MyAboutUsActivity_
com.armorforandroid.security.MyRatingActivity_
com.armorforandroid.security.MenuActivity_
com.armorforandroid.security.UninstallActivity_
com.armorforandroid.security.TaskKillerActivity_
com.armorforandroid.security.CacheCleanerActivity_
com.armorforandroid.security.SDInstallerActivity_
com.armorforandroid.security.MyUserManualActivity_
com.armorforandroid.security.ThreatAlertDialog_
com.armorforandroid.security.MicroNetActivity_
com.armorforandroid.security.ThreatDefDialog_
com.armorforandroid.security.SignalBoostDefDialog_
com.armorforandroid.security.AdvancedDialog_
com.armorforandroid.security.AccountDialog_
com.armorforandroid.security.AccountAddressDialog_
com.armorforandroid.security.AccountSuccessDialog_
com.armorforandroid.security.PreInstallScanActivity
com.armorforandroid.security.SDScanActivity_
com.armorforandroid.security.LockActivity_
com.itframework.installer.util.InstallNonMarketFromUrlActivity
com.itframework.installer.util.NonMarketDialogActivity
Services
com.armorforandroid.security.service.ApplicationScanService
com.armorforandroid.security.service.ApplicationSubmitService
com.itframework.installer.util.InstallWorker
com.itframework.notification.NotificationService
com.armorforandroid.security.service.GCMIntentService
Receivers
com.armorforandroid.security.receivers.ReferralReceiver
com.armorforandroid.security.receivers.BootReceiver
com.armorforandroid.security.receivers.InstallReceiver
com.armorforandroid.security.receivers.UninstallReceiver
com.armorforandroid.security.receivers.AlarmReceiver
com.armorforandroid.security.receivers.NotificationReceiver
com.itframework.notification.NotificationReceiver
com.armorforandroid.security.receivers.GCMBroadcastReceiver
Activity-related intent filters
com.itframework.installer.util.InstallNonMarketFromUrlActivity
actions: android.intent.action.VIEW
categories: android.intent.category.DEFAULT, android.intent.category.BROWSABLE
com.armorforandroid.security.TabHandler_
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
com.armorforandroid.security.PreInstallScanActivity
actions: android.intent.action.VIEW, android.intent.action.INSTALL_PACKAGE
categories: android.intent.category.DEFAULT
Receiver-related intent filters
com.armorforandroid.security.receivers.InstallReceiver
actions: android.intent.action.PACKAGE_ADDED
com.armorforandroid.security.receivers.UninstallReceiver
actions: android.intent.action.PACKAGE_REMOVED
com.itframework.notification.NotificationReceiver
actions: com.armorforandroid.security.notification.action.ALARM, com.armorforandroid.security.notification.action.CANCEL, com.armorforandroid.security.notification.action.CLICKED
com.armorforandroid.security.receivers.ReferralReceiver
actions: com.android.vending.INSTALL_REFERRER
com.armorforandroid.security.receivers.NotificationReceiver
actions: com.armorforandroid.notification.NOTIFICATION_CLICKED, com.armorforandroid.notification.NOTIFICATION_CLEARED, com.armorforandroid.security.intent.http.SHOW
com.armorforandroid.security.receivers.BootReceiver
actions: android.intent.action.BOOT_COMPLETED
com.armorforandroid.security.receivers.GCMBroadcastReceiver
actions: com.google.android.c2dm.intent.RECEIVE, com.google.android.c2dm.intent.REGISTRATION
categories: com.armorforandroid.security
com.armorforandroid.security.receivers.AlarmReceiver
actions: com.armorforandroid.security.SCAN, com.armorforandroid.security.THREAT_NOTIFICATION
Application certificate information
Interesting strings
The file being studied is a compressed stream! Details about the compressed contents follow.
Interesting properties
The file under inspection contains at least one ELF file.
Contained files
Compression metadata
Contained files
263
Uncompressed size
2157909
Highest datetime
2013-01-18 10:00:02
Lowest datetime
2013-01-17 17:25:22
Contained files by extension
png
152
xml
86
jpg
16
dex
1
MF
1
RSA
1
so
1
SF
1
Contained files by type
PNG
152
XML
86
JPG
16
unknown
6
DEX
1
ELF
1
JSON
1
File identification
MD5 084a7b576f5df438abba3131a90af493
SHA1 f0518b949a5617669ffb05de8e37e5556a2c2334
SHA256 b707d23bfc22908ae8ee2f6e2d0bc9c74135af18c5eea2b3bcca7471d08985c2
ssdeep
24576:VtW9pWnjYGjY2z4vKXAnXLsmcm2yUroJhfPftVnkmkxBOlSqkR5nt3vO+F4:7OpWUF2qK8zUEJhfPfnn7kpqGrvHF4

File size 1.4 MB ( 1427490 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Universe Sandbox simulation (50.0%)
Mozilla Firefox browser extension (33.3%)
ZIP compressed archive (16.6%)
Tags
apk android dyn-calls ext-prg contains-elf

VirusTotal metadata
First submission 2013-01-20 21:39:23 UTC ( 4 years, 3 months ago )
Last submission 2017-04-13 23:06:30 UTC ( 1 week, 5 days ago )
File names Scan-For-Viruses-Now.apk
ArmorForAndroid.apk
Scan-For-Viruses-Now(Trojan.FakeAlert).apk
b707d23bfc22908ae8ee2f6e2d0bc9c74135af18c5eea2b3bcca7471d08985c2
com.armorforandroid.security_1.6.64.apk
084a7b576f5df438abba3131a90af493_10.apk
0222.apk
ArmorForAndroid.apk
ArmorForAndroid.txt
Scan_For_Viruses_Now.apk
084a7b576f5df438abba3131a90af493.log
ArmorForAndroid.apk
Scan-For-Viruses-Now.apk
084a7b576f5df438abba3131a90af493.virus
Recent47.apk
084a7b576f5df438abba3131a90af493.apk
084a7b576f5df438abba3131a90af493.apk
Recent47.apk
Scan-For-Viruses-Now.apk
084a7b576f5df438abba3131a90af493.apk.log
084A7B576F5DF438ABBA3131A90AF493.apk
N135.apk
test.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Permissions checked
android.permission.ACCESS_WIFI_STATE:com.armorforandroid.security
Started services
#Intent;component=com.armorforandroid.security/.service.ApplicationScanService;B.quickscan=true;end
Started receivers
android.intent.action.BATTERY_CHANGED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.SCREEN_ON
External programs launched
/system/xbin/which su
Opened files
APP_ASSETS/parameters.json
APP_ASSETS/version.json
APP_ASSETS/upgrade.json
/data/data/com.armorforandroid.security/files
Accessed files
/data/data/com.armorforandroid.security/files
/data/data/com.armorforandroid.security/files/parameters.json
/mnt/sdcard/Android/data/com.armorforandroid.security/files/parameters.json
/data/data/com.armorforandroid.security/files/version.json
/mnt/sdcard/Android/data/com.armorforandroid.security/files/version.json
/data/data/com.armorforandroid.security/files/upgrade.json
/mnt/sdcard/Android/data/com.armorforandroid.security/files/upgrade.json
/system/app/Superuser.apk
/sbin/su
/system/bin/su
/system/xbin/su
/data/data/com.armorforandroid.security/files/localytics/device_id
/data/data/com.armorforandroid.security/files/localytics
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically called methods
android.app.ApplicationPackageManager.hasSystemFeature 1 argument.
u'android.hardware.nfc'
android.app.ApplicationPackageManager.hasSystemFeature 1 argument.
u'android.hardware.telephony'
android.net.wifi.WifiManager.isWifiApEnabled
Contacted URLs
http://api.mixpanel.com/engage
646174613D573373694A484E6C6443493665794A4D59584E305158427752573530636E6B694F694A4F54303546496E3073496952306232746C62694936496A4178597A41354F54526B4E5455315A5745784F5755785A5759335A54426C4E5749324F574D355A474669496977694A47527063335270626D4E3058326C6B496A6F69633263314D33457A6232467464534973496952306157316C496A6F784D7A51354F4451344E4441794F545533665630253344
http://link.androidantivirusfree.org/link/gatekeeper
7569643D7367353371336F616D75266D6F64656C3D4E657875732B53266170705F76657273696F6E5F636F64653D323334266F735F6275696C643D342E302E34266C6F63616C653D5553267061636B6167653D636F6D2E61726D6F72666F72616E64726F69642E7365637572697479266E6574776F726B5F6D6E633D323630266E6574776F726B5F6E616D653D416E64726F69642673696D5F69736F3D7573266F735F76657273696F6E3D31352676657273696F6E3D736967626F6F2D646565702D636C65616E26636F756E7472793D7573266E6574776F726B5F6D63633D3331302670726F647563743D616E74692D7669727573266E6574776F726B5F6973...
http://scan.armorforandroid.com/quick
69643D7367353371336F616D75266A736F6E3D253542253232314233433945434541323531354538394438354441334634393445373742423738413332393043392532322532432532323542383035363333373734373138383339323542374246463244314335423244413846444435353925323225324325323246384338423031313846344239453544313943324241414342444534323433324131364139314338253232253243253232314334413436393046353035443543444344344339344532343343383945443141413831363033372532322532432532323538334143354236373542334632383438423939354338463130453130304531363231...
http://innilytics.cloudapp.net/innilytics/upload/01c0994d555ea19e1ef7e0e5b69c9dab