× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bdb0f518b738f40fd1b0a0447736382cc46650aaf133e8b9c4564ebe3f864e7e
File name: Browser_installer.apk
Detection ratio: 12 / 46
Analysis date: 2013-05-05 08:11:10 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
BitDefender Android.Trojan.FakeInst.EF 20130505
Comodo UnclassifiedMalware 20130505
DrWeb Android.SmsSend.500.origin 20130505
Emsisoft Android.Trojan.FakeInst.EF (B) 20130505
ESET-NOD32 a variant of Android/TrojanSMS.Agent.MZ 20130505
F-Secure Trojan:Android/Fakeinst.BK 20130505
GData Android.Trojan.FakeInst.EF 20130505
Kaspersky HEUR:Trojan-SMS.AndroidOS.Opfake.bo 20130505
eScan Android.Trojan.FakeInst.EF 20130505
Sophos AV Andr/Opfake-C 20130505
TrendMicro-HouseCall TROJ_GEN.FCBHZIK 20130505
VIPRE Trojan.AndroidOS.Generic.A 20130505
Yandex 20130504
AhnLab-V3 20130504
AntiVir 20130505
Antiy-AVL 20130503
Avast 20130505
AVG 20130505
ByteHero 20130425
CAT-QuickHeal 20130503
ClamAV 20130505
Commtouch 20130505
eSafe 20130501
F-Prot 20130505
Fortinet 20130505
Ikarus 20130505
Jiangmin 20130505
K7AntiVirus 20130503
K7GW 20130503
Kingsoft 20130502
Malwarebytes 20130505
McAfee 20130505
McAfee-GW-Edition 20130504
Microsoft 20130505
NANO-Antivirus 20130505
Norman 20130505
nProtect 20130504
Panda 20130504
PCTools 20130505
SUPERAntiSpyware 20130505
Symantec 20130505
TheHacker 20130504
TotalDefense 20130503
TrendMicro 20130505
VBA32 20130503
ViRobot 20130504
The file being studied is Android related! APK Android file more specifically. The application's main package name is lumbgthwrcu.llrtxx. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 7. The target Android API level for the application to run (TargetSDKVersion) is 9.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
com.android.launcher.permission.UNINSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.UPDATE_DEVICE_STATS (modify battery statistics)
android.permission.INTERNET (full Internet access)
android.permission.SEND_SMS (send SMS messages)
android.permission.PERSISTENT_ACTIVITY (make application always run)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.DELETE_PACKAGES (delete applications)
android.permission.WRITE_SECURE_SETTINGS (modify secure system settings)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.GET_PACKAGE_SIZE (measure application storage space)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.INSTALL_PACKAGES (directly install applications)
com.android.alarm.permission.SET_ALARM (set alarm in alarm clock)
android.permission.WRITE_SETTINGS (modify global system settings)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.MANAGE_APP_TOKENS (manage application tokens)
android.permission.READ_SMS (read SMS or MMS)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_CONTACTS (read contact data)
android.permission.GET_ACCOUNTS (discover known accounts)
Main Activity
lumbgthwrcu.llrtxx.lslpli
Activities
lumbgthwrcu.llrtxx.lslpli
Services
lqdsvi.ttjpyi.sppronxaj
Receivers
lumbgthwrcu.llrtxx.saitudyo
lqdsvi.ttjpyi.hffjrhuoyph
lqdsvi.ttjpyi.xylifg
lumbgthwrcu.llrtxx.igrgxmxeme
lumbgthwrcu.llrtxx.hgdpumuxepx
Service-related intent filters
lqdsvi.ttjpyi.sppronxaj
actions: lqdsvi.ttjpyi.sppronxajStart76, android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Activity-related intent filters
lumbgthwrcu.llrtxx.lslpli
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
lqdsvi.ttjpyi.xylifg
actions: lqdsvi.ttjpyi.RSNotification
lumbgthwrcu.llrtxx.igrgxmxeme
actions: android.intent.action.BOOT_COMPLETED
categories: android.intent.category.HOME
lumbgthwrcu.llrtxx.hgdpumuxepx
actions: lumbgthwrcu.llrtxx.action.delayed.sms
lumbgthwrcu.llrtxx.saitudyo
actions: android.intent.action.AIRPLANE_MODE
lqdsvi.ttjpyi.hffjrhuoyph
actions: android.provider.Telephony.SMS_RECEIVED
Application certificate information
Application bundle files
File identification
MD5 3df53443ffb09dd1059c7b2a03264ba7
SHA1 f88cad8af3b9680e0ec6a91dbb3259f144cee51c
SHA256 bdb0f518b738f40fd1b0a0447736382cc46650aaf133e8b9c4564ebe3f864e7e
ssdeep
12288:wpiKdYZlKhTecUJ38EMW2huebbs8RAyImlm5mgmOmI:ki1d38rhbs8Mmlm5mgmOmI

File size 529.0 KB ( 541687 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
apk android dyn-calls

VirusTotal metadata
First submission 2013-05-05 08:11:10 UTC ( 4 years, 6 months ago )
Last submission 2015-01-21 23:40:28 UTC ( 2 years, 10 months ago )
File names Browser_installer.apk
bdb0f518b738f40fd1b0a0447736382cc46650aaf133e8b9c4564ebe3f864e7e
3df53443ffb09dd1059c7b2a03264ba7_1.apk
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0xeba0c849

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
11066

ZipCompressedSize
2579

FileAccessDate
2015:01:22 00:41:36+01:00

ZipFileName
META-INF/MANIFEST.MF

ZipBitFlag
0x0008

FileCreateDate
2015:01:22 00:41:36+01:00

ZipModifyDate
2013:05:05 11:52:29

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically called methods
java.lang.reflect.Field.get 1 argument.
u'null'
android.app.Activity.setContentView 1 argument.
u'0x7f030001'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a1d478'
android.content.ContextWrapper.registerReceiver 2 arguments.
u'lumbgthwrcu.llrtxx.cfjgb@b4a08728'
u'android.content.IntentFilter@b49d5950'
android.content.Context.getSystemService 1 argument.
u'phone'
android.telephony.TelephonyManager.getSubscriberId
android.telephony.TelephonyManager.getDeviceId
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b49f4d40'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a3d3a8'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b49e35c8'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a3cf20'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b49cee20'
javax.crypto.Cipher.getInstance 1 argument.
u'AES'
javax.crypto.Cipher.init 2 arguments.
u'0x2'
u'javax.crypto.spec.SecretKeySpec@5b2'
javax.crypto.Cipher.doFinal 1 argument.
u''
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a18238'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a7d560'
javax.crypto.Cipher.init 2 arguments.
u'0x1'
u'javax.crypto.spec.SecretKeySpec@5b2'
javax.crypto.Cipher.doFinal 1 argument.
u'0A72656365697665534D534E756D6265723D0A'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a575f0'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a64128'
javax.crypto.Cipher.doFinal 1 argument.
u'377C528C4E1BD43736CF56B5EC702D614B120107250AE1E77CFEFF7F1445916C'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a65f00'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b49c3b70'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a3fae0'
javax.crypto.Cipher.doFinal 1 argument.
u'0A72656365697665534D534E756D6265723D0A72656365697665534D53546578743D373035320A'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a783c0'
java.lang.reflect.Constructor.newInstance 1 argument.
u'[Ljava.lang.Object;@b4a288e0'