× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ccad414278de526be50bbd05578c88eb56ce845e44a75ad0a9d2f0b0c4f163ca
File name: M143.apk
Detection ratio: 30 / 51
Analysis date: 2014-04-18 07:33:47 UTC ( 1 day, 12 hours ago )
Antivirus Result Update
Ad-Aware Android.Trojan.InfoStealer.AZ 20140418
AntiVir Android/SecCert.A.1 20140418
Avast Android:SecCert-A [Trj] 20140418
Baidu-International Backdoor.AndroidOS.Pincer.Asj 20140417
BitDefender Android.Trojan.InfoStealer.AZ 20140418
Bkav MW.Clodb2b.Trojan.7d59 20140418
CAT-QuickHeal Android.Pincer.A 20140418
ClamAV Andr.Trojan.Pincer 20140418
Commtouch AndroidOS/GenBl.B2B7D599!Olympus 20140418
Comodo UnclassifiedMalware 20140418
DrWeb Android.Backdoor.15.origin 20140418
ESET-NOD32 a variant of Android/SecCert.A 20140418
Emsisoft Android.Trojan.InfoStealer.AZ (B) 20140418
F-Prot AndroidOS/Pincer.A 20140418
F-Secure Trojan:Android/Pincer.A 20140418
GData Android.Trojan.InfoStealer.AZ 20140418
Ikarus AndroidOS.Pincer.A 20140418
K7AntiVirus Trojan ( 0001140e1 ) 20140418
K7GW Trojan ( 0001140e1 ) 20140418
Kaspersky HEUR:Backdoor.AndroidOS.Pincer.a 20140418
Kingsoft Android.Troj.at_Pincer.a.(kcloud) 20140418
McAfee Artemis!B2B7D5999DCE 20140418
McAfee-GW-Edition Artemis!B2B7D5999DCE 20140418
MicroWorld-eScan Android.Trojan.InfoStealer.AZ 20140418
Norman Pincer.B 20140417
Qihoo-360 Trojan.Generic 20140418
Sophos Andr/Pincer-A 20140418
TrendMicro ANDROIDOS_PINCER.VTD 20140418
TrendMicro-HouseCall ANDROIDOS_PINCER.VTD 20140418
VIPRE Trojan.AndroidOS.Generic.A 20140418
AVG 20140417
AegisLab 20140418
Agnitum 20140417
AhnLab-V3 20140417
Antiy-AVL 20140418
ByteHero 20140418
CMC 20140417
Fortinet 20140417
Jiangmin 20140418
Malwarebytes 20140418
Microsoft 20140418
NANO-Antivirus 20140418
Panda 20140417
Rising 20140418
SUPERAntiSpyware 20140418
Symantec 20140418
TheHacker 20140417
TotalDefense 20140417
VBA32 20140418
ViRobot 20140418
nProtect 20140417
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.security.certificate. The internal version number of the application is 4. The displayed version string of the application is 4.6. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 15.
Risk summary
The studied DEX file makes use of API reflection
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform calls
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_LOGS (read sensitive log data)
android.permission.CALL_PRIVILEGED (directly call any phone numbers)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.MODIFY_PHONE_STATE (modify phone status)
Permission-related API calls
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
SEND_SMS
INTERNET
READ_LOGS
Main Activity
com.security.certificate.ui.MainActivity
Activities
com.security.certificate.ui.MainActivity
com.security.certificate.ui.UssdActivity
com.security.certificate.ui.MessageDialogActivity
Services
com.security.certificate.services.CheckCommandsService
com.security.certificate.services.CheckQueueService
com.security.certificate.services.USSDDumbExtendedNetworkService
Receivers
com.security.certificate.services.ReCheckCommandReceiver
com.security.certificate.services.ReSendQueueReceiver
com.security.certificate.services.SmsSentReceiver
com.security.certificate.services.SmsReceiver
com.security.certificate.services.PhoneCallReceiver
com.security.certificate.services.OnBootReceiver
Service-related intent filters
com.security.certificate.services.USSDDumbExtendedNetworkService
actions: com.android.ussd.IExtendedNetworkService
categories: android.intent.category.DEFAULT
Activity-related intent filters
com.security.certificate.ui.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.security.certificate.services.SmsSentReceiver
actions: android.intent.action.SMS_SENT
com.security.certificate.services.ReCheckCommandReceiver
actions: android.intent.action.RE_CHECK_COMMAND
com.security.certificate.services.ReSendQueueReceiver
actions: android.intent.action.RE_SEND_QUEUE
com.security.certificate.services.SmsReceiver
actions: android.provider.Telephony.SMS_RECEIVED
com.security.certificate.services.PhoneCallReceiver
actions: android.intent.action.PHONE_STATE
com.security.certificate.services.OnBootReceiver
actions: android.intent.action.BOOT_COMPLETED
Code-related observations
The application does not load any code dynamically
The application contains reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
Interesting strings
File identification
MD5 b2b7d5999dce0559d13ab06d30c2c6ec
SHA1 ec14ed31a85f37fad7c7d9c8c0d2aad3a60c8b36
SHA256 ccad414278de526be50bbd05578c88eb56ce845e44a75ad0a9d2f0b0c4f163ca
ssdeep
768:5FCa7E7lJjujSCn0nAXi7IxMdhFB+uzIigU/GmHtzneJuk6/BevfD:3CVJjOn0A8YGEOBB/zHZe8rW

File size 37.6 KB ( 38496 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk android ext-prg zip

VirusTotal metadata
First submission 2013-03-19 20:06:56 UTC ( 1 year, 1 month ago )
Last submission 2014-04-18 07:33:47 UTC ( 1 day, 12 hours ago )
File names N108.apk
b2b7d5999dce0559d13ab06d30c2c6ec.ec14ed31a85f37fad7c7d9c8c0d2aad3a60c8b36
Recent29-e.apk
M143.apk
Recent29-e.apk
N108.apk
b2b7d5999dce0559d13ab06d30c2c6ec.log
CCAD414278DE526BE50BBD05578C88EB56CE845E44A75AD0A9D2F0B0C4F163CA.APK.log
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x4cde7fc4

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
828

ZipCompressedSize
378

FileAccessDate
2014:04:18 08:37:55+01:00

ZipFileName
res/layout/enter_user_id_dialog.xml

ZipBitFlag
0x0008

FileCreateDate
2014:04:18 08:37:55+01:00

ZipModifyDate
2013:03:08 20:32:19

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=com.security.certificate/.services.CheckCommandsService;end
#Intent;component=com.security.certificate/.services.CheckQueueService;end
External programs launched
logcat -d USSDDumbExtendedNetworkService:I *:S
Accessed files
/system/app/Superuser.apk
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that manage SMS operations such as sending data, text, and pdu SMS messages.