× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4db25e5196374a9ac0cf013abb5e82639316cc75ed991ef055c7bb7567b72fc
File name: angrycowboyv12.apk
Detection ratio: 20 / 57
Analysis date: 2015-03-02 17:04:02 UTC ( 4 years ago )
Antivirus Result Update
AegisLab Ganlet 20150302
AhnLab-V3 Android-Spyware/Airpush 20150302
Alibaba A.H.Pay.Letang.B 20150302
AVG Android/AirPush 20150302
Avira (no cloud) Adware/ANDR.Ganlet.A.Gen 20150302
AVware Trojan.AndroidOS.Generic.A 20150228
Comodo ApplicUnwnt 20150302
Cyren AndroidOS/GenPua.3681FD3C!Olympus 20150302
DrWeb Adware.Airpush.7.origin 20150302
ESET-NOD32 a variant of Android/AdDisplay.Ganlet.C potentially unwanted 20150302
F-Prot AndroidOS/Gletan.A 20150302
Fortinet Adware/AirPush!Android 20150302
Kaspersky not-a-virus:HEUR:AdWare.AndroidOS.Ganlet.a 20150302
Kingsoft Android.Troj.Letang.yj.(kcloud) 20150302
McAfee Artemis!3681FD3C1631 20150302
NANO-Antivirus Trojan.Android.Airpush.djtmgh 20150302
Sophos AV Android Letang 20150302
Tencent Trojan.Android.Expense.a 20150302
TrendMicro-HouseCall Suspicious_GEN.F47V0213 20150302
VIPRE Trojan.AndroidOS.Generic.A 20150302
Ad-Aware 20150302
Yandex 20150228
ALYac 20150302
Antiy-AVL 20150302
Avast 20150302
Baidu-International 20150302
BitDefender 20150302
Bkav 20150302
ByteHero 20150302
CAT-QuickHeal 20150302
ClamAV 20150302
CMC 20150301
Emsisoft 20150302
F-Secure 20150302
GData 20150302
Ikarus 20150302
Jiangmin 20150301
K7AntiVirus 20150302
K7GW 20150302
Malwarebytes 20150302
McAfee-GW-Edition 20150302
Microsoft 20150302
eScan 20150302
Norman 20150302
nProtect 20150302
Panda 20150302
Qihoo-360 20150302
Rising 20150302
SUPERAntiSpyware 20150301
Symantec 20150302
TheHacker 20150302
TotalDefense 20150302
TrendMicro 20150302
VBA32 20150302
ViRobot 20150302
Zillya 20150302
Zoner 20150302
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.clmobi.Cowboy.en. The internal version number of the application is 3. The displayed version string of the application is 1.2. The minimum Android API level for the application to run (MinSDKVersion) is 7. The target Android API level for the application to run (TargetSDKVersion) is 14.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file dynamically loads another DEX file
The studied DEX file makes use of cryptographic functions
The APK package studied contains other APK packages
Permissions that allow the application to manipulate SMS
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.INSTALL_PACKAGES (directly install applications)
com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.GET_TASKS (retrieve running applications)
com.your.domain.PAYMENT_BROADCAST_PERMISSION (Unknown permission from android reference)
android.permission.VIBRATE (control vibrator)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.INTERNET (full Internet access)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS (mount and unmount file systems)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.GET_ACCOUNTS (discover known accounts)
android.permission.RECEIVE_SMS (receive SMS)
Permission-related API calls
FACTORY_TEST
ACCESS_NETWORK_STATE
READ_PHONE_STATE
READ_LOGS
VIBRATE
ACCESS_WIFI_STATE
CAMERA
GET_ACCOUNTS
READ_CONTACTS
INTERNET
WAKE_LOCK
ACCESS_FINE_LOCATION
Ad-related libraries
mobclix (mobclix-4.0.2) with a 98.4 probability
tapjoy () with a probability
flurry (flurry-3.0.0) with a 80.7 probability
izp (izp-1.0.3) with a 35.5 probability
admob (admob-6.0.1) with a 85.2 probability
airpush () with a probability
chartboost (chartboost-3.0.1) with a 99.1 probability
adcolony (adcolony-199) with a 100 probability
millennialmedia (millennialmedia-4.5.1) with a 30.4 probability
Main Activity
com.clmobi.Cowboy.en.EngineActivity
Activities
com.clmobi.Cowboy.en.EngineActivity
com.letang.adunion.ads.JoyAdJoymeng
com.google.ads.AdActivity
com.tapjoy.TJCOffersWebView
com.tapjoy.TapjoyFeaturedAppWebView
com.tapjoy.TapjoyVideoView
com.millennialmedia.android.MMActivity
com.millennialmedia.android.VideoPlayer
com.playhaven.src.publishersdk.content.PHContentView
com.flurry.android.FlurryFullscreenTakeoverActivity
com.airpush.android.OptinActivity
com.airpush.android.SmartWallActivity
com.chartboost.sdk.CBDialogActivity
com.mobclix.android.sdk.MobclixBrowserActivity
com.jirbo.adcolony.AdColonyOverlay
com.jirbo.adcolony.AdColonyFullscreen
com.jirbo.adcolony.AdColonyBrowser
com.mobi.core.ui.FullActivity
com.letang.launchui.AdActivity
com.letang.launchui.RecoActivity
com.letang.launchui.RecoOtherActivity
com.letang.launchui.InGameAdActivity
Services
com.airpush.android.PushService
com.mobi.core.angel.Angel
com.letang.service.DaemonService
Receivers
com.airpush.android.BootReceiver
com.mobi.core.angel.Test0
com.mobi.core.angel.Test1
com.letang.service.StartupReceiver
Service-related intent filters
com.mobi.core.angel.Angel
actions: com.mobi.core.angel.Angel
com.letang.service.DaemonService
actions: com.letang.DaemonService
Activity-related intent filters
com.clmobi.Cowboy.en.EngineActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
com.mobi.core.ui.FullActivity
actions: com.mobi.core.ui.FullActivity
categories: android.intent.category.LAUNCHER
com.letang.launchui.AdActivity
actions: com.letang.AdActivity
categories: android.intent.category.DEFAULT
Receiver-related intent filters
com.letang.service.StartupReceiver
actions: android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.UMS_CONNECTED, android.intent.action.BOOT_COMPLETED
categories: android.intent.category.HOME
com.airpush.android.BootReceiver
actions: android.intent.action.BOOT_COMPLETED
categories: android.intent.category.HOME
com.mobi.core.angel.Test1
actions: android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED, android.intent.action.PACKAGE_REPLACED
com.mobi.core.angel.Test0
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT, android.net.conn.CONNECTIVITY_CHANGE
Application certificate information
Application bundle files
Interesting strings
File identification
MD5 5aa2c9306588539428727024a9e004e1
SHA1 451e3d3ef27173c0eb8cc2dbfdd106b16a619846
SHA256 d4db25e5196374a9ac0cf013abb5e82639316cc75ed991ef055c7bb7567b72fc
ssdeep
393216:1rH+BLxwW3Nt9K0J1oxPCADTrwuVJsBxz/ZSbojtwbac:lXW3NtE+8PCeHfVJsBh7w5

File size 18.3 MB ( 19138147 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Tags
apk checks-gps dyn-calls android dyn-class

VirusTotal metadata
First submission 2012-11-20 19:54:24 UTC ( 6 years, 4 months ago )
Last submission 2015-03-02 17:04:02 UTC ( 4 years ago )
File names 5aa2c9306588539428727024a9e004e1.apk
angry_cowboy.v.1.2.apk
angrycowboyv12.apk
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x10baf4a2

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
57408

ZipCompressedSize
21125

ZipFileName
META-INF/MANIFEST.MF

ZipBitFlag
0x0808

ZipModifyDate
2008:02:29 05:33:23

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Permissions checked
android.permission.INTERNET:com.clmobi.Cowboy.en
android.permission.ACCESS_NETWORK_STATE:com.clmobi.Cowboy.en
android.permission.ACCESS_COARSE_LOCATION:com.clmobi.Cowboy.en
android.permission.ACCESS_FINE_LOCATION:com.clmobi.Cowboy.en
Started activities
#Intent;launchFlags=0x14000000;component=com.clmobi.Cowboy.en/com.airpush.android.OptinActivity;end
Started services
#Intent;component=com.clmobi.Cowboy.en/com.mobi.core.angel.Angel;end
#Intent;component=com.clmobi.Cowboy.en/com.letang.service.DaemonService;end
Started receivers
android.intent.action.USER_PRESENT
android.intent.action.SCREEN_OFF
Opened files
bin/uimusic.ogg
bin/town.ogg
bin/hole1.ogg
bin/hole2.ogg
bin/tribe.ogg
bin/nightcity.ogg
bin/boss.ogg
bin/windy.ogg
bin/stream.ogg
bin/handgun1.ogg
bin/handgun2.ogg
bin/handgun3.ogg
bin/handgun4.ogg
bin/scattergun1.ogg
bin/scattergun2.ogg
bin/rifle.ogg
bin/crossbow.ogg
bin/spraygun1.ogg
bin/spraygun2.ogg
bin/lasergun.ogg
bin/propattack.ogg
bin/addmoney.ogg
bin/addmoney1.ogg
bin/girl1.ogg
bin/girl2.ogg
bin/bottle.ogg
bin/roar.ogg
bin/herohurt.ogg
bin/herohorst.ogg
bin/skill1.ogg
bin/skill2.ogg
bin/herodie.ogg
bin/diedown.ogg
bin/npc.ogg
bin/additem.ogg
bin/bombdrop.ogg
bin/bomb.ogg
bin/hurta.ogg
bin/hurto.ogg
bin/diea.ogg
bin/ashdie.ogg
bin/headdie.ogg
bin/enmeyattack.ogg
bin/indianattack1.ogg
bin/indianattack2.ogg
bin/indianattack3.ogg
bin/indianattack4.ogg
bin/cardappear.ogg
bin/indianhurt1.ogg
bin/indianhurt2.ogg
bin/indiandie.ogg
bin/thiefapp.ogg
bin/thiefrun.ogg
bin/machohurt.ogg
bin/machodie.ogg
bin/uilevel.ogg
bin/uilittle.ogg
bin/uiequip.ogg
bin/uiequip1.ogg
bin/machoattack.ogg
bin/poison.ogg
bin/chuchang.ogg
bin/swimhurt.ogg
default.properties
close.png
/data/app/GestureBuilder.apk
/data/app/ApiDemos.apk
/data/app/com.clmobi.Cowboy.en-1.apk
/data/data/com.clmobi.Cowboy.en/files/com.clmobi.Cowboy.en
/data/data/com.clmobi.Cowboy.en/files/ia.cfg
/data/data/com.clmobi.Cowboy.en/files/j.cfg
/data/data/com.clmobi.Cowboy.en/files/r.cfg
/data/data/com.clmobi.Cowboy.en/files/reg.cfg
/data/data/com.clmobi.Cowboy.en/files/anzhuomohe_14806_wansheng_10150113.apk
/mnt/sdcard/Android/data/com.chartboost.sdk/files/ChartBoost.cb
/mnt/sdcard/JoyAdUnion
/mnt/sdcard/angel
/mnt/sdcard/Joy/Cache
/mnt/sdcard/angel/temp/r
/mnt/sdcard/angel/temp/t
APP_ASSETS/joy_payment.chg
APP_ASSETS/bin/hp.png
APP_ASSETS/bin/mp.png
APP_ASSETS/bin/config.bin
APP_ASSETS/bin/flyer.bin
APP_ASSETS/bin/animation.bin
APP_ASSETS/bin/2098.png
APP_ASSETS/bin/2099.png
APP_ASSETS/bin/questvar.bin
APP_ASSETS/bin/choice.bin
APP_ASSETS/bin/css.bin
APP_ASSETS/bin/gameData.bin
APP_ASSETS/bin/MapString.bin
APP_ASSETS/cid.angel
APP_ASSETS/cha.pro
APP_ASSETS/com.so
APP_ASSETS/cha.so
APP_ASSETS/cha.vp
/data/data/com.clmobi.Cowboy.en/files
/data
/data/data/com.clmobi.Cowboy.en/cache/admob
/data/data/com.clmobi.Cowboy.en/databases/admob
/mnt/sdcard
http:/media.admob.com/sdk-core-v40.js
content:/com.google.android.gms.ads.adinfo/any.gif?zx=j5s2o5day4gr
/data/data/com.clmobi.Cowboy.en/files/com.apk
/data/data/com.clmobi.Cowboy.en/files/cha.apk
Accessed files
/data/data/com.clmobi.Cowboy.en/files
/mnt/sdcard/EVIL_HUNTER2_GAME
/mnt/sdcard/Android/data/com.chartboost.sdk/files/ChartBoost.cb
/mnt/sdcard/JoyAdUnion
/mnt/sdcard/JoyAdUnion/adrecord.rcd
/sbin/su
/system/bin/su
/system/xbin/su
/mnt/sdcard/angel
/mnt/sdcard/angel/com.clmobi.Cowboy.en
/mnt/sdcard/angel/ia.cfg
/mnt/sdcard/angel/j.cfg
/mnt/sdcard/angel/r.cfg
/mnt/sdcard/Joy/Cache
/mnt/sdcard/Joy/Ad/ad.conf
/data/data/com.clmobi.Cowboy.en/files/com.apk
/data/data/com.clmobi.Cowboy.en/files/cha.apk
/mnt/sdcard/angel/reg.cfg
/mnt/sdcard/angel/anzhuomohe_14806_wansheng_10150113.apk
/mnt/sdcard/angel/temp/r
/mnt/sdcard/angel/temp/t
/mnt/sdcard/angel/temp/t/anzhuomohe_14806_wansheng_10150113.apk
/mnt/sdcard/angel/temp/r/anzhuomohe_14806_wansheng_10150113.apk.rec
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Calls APIs that provide access to the system location services. These services allow applications to obtain periodic updates of the device's geographical location, or to fire an application-specified Intent when the device enters the proximity of a given geographical location.
Dynamically loaded classes
com.letang.apkservice.ClientService
Dynamically called methods
android.content.pm.PackageParser.parsePackage 4 arguments.
u'/data/data/com.clmobi.Cowboy.en/files/com.apk'
u'/data/data/com.clmobi.Cowboy.en/files/com.apk'
u'DisplayMetrics{density=1.5, width=0, height=0, scaledDensity=1.5, xdpi=240.0, ydpi=240.0}'
u'0x0'
android.content.res.AssetManager.addAssetPath 1 argument.
u'/data/data/com.clmobi.Cowboy.en/files/com.apk'
Contacted URLs
https://www.chartboost.com/api/install.json
6170703D353038306430333631366261343762303639303030303030267363616C653D312E35266F733D416E64726F69642B342E302E34266D6F64656C3D4E657875732B5326617569643D616E64726F69642D613133396363653866653464343462363863623838336162646266343036613526696D65693D32313635333334393134393730373726683D34383026636F756E7472793D555326773D3830302662756E646C653D312E322673646B3D322E302E31266C616E67756167653D456E676C69736826757569643D34643963656562343539383035346636267369676E61747572653D6337613838343934626630663039383764316137656637633132...
https://www.chartboost.com/api/get.json
6170703D353038306430333631366261343762303639303030303030267363616C653D312E35266F733D416E64726F69642B342E302E34266D6F64656C3D4E657875732B5326617569643D616E64726F69642D6131333963636538666534643434623638636238383361626462663430366135266C6F636174696F6E3D44656661756C7426696D65693D32313635333334393134393730373726683D34383026636F756E7472793D555326773D3830302662756E646C653D312E322673646B3D322E302E31266C616E67756167653D456E676C69736826757569643D34643963656562343539383035346636267369676E61747572653D333334313831313763...
http://adconfig.mobappbox.com/adupdate
636F756E7472793D5553266C616E67756167653D656E26696D65693D32313635333334393134393730373726696D73693D333739373834333538303532313437266F733D616E64726F6964267061636B6E616D653D636F6D2E636C6D6F62692E436F77626F792E656E26616E64726F69645F69643D346439636565623435393830353466362673637265656E5F73697A653D3830302A343830266F735F76657273696F6E3D313526636172726965723D416E64726F6964
http://www.newmobilife.info//server.php
303D656E26313D555326323D342E302E3426333D4E657875732B5326343D3830307834383026353D312E3526363D32313635333334393134393730373726373D33373937383433353830353231343726383D26393D346439636565623435393830353466362631303D3331303236302631313D312631323D636F6D2E636C6D6F62692E436F77626F792E656E2631333D332631343D312E322631353D302631363D312631373D303030303030303030312631383D302631393D2632303D2632313D2632323D2632333D2632343D2632353D2632363D2632373D2632383D2632393D322633303D636F6D2E636C6D6F62692E436F77626F792E656E2D436F77626F...
http://www.newmobilife.info//server.php
303D656E26313D555326323D342E302E3426333D4E657875732B5326343D3830307834383026353D312E3526363D32313635333334393134393730373726373D33373937383433353830353231343726383D26393D346439636565623435393830353466362631303D3331303236302631313D312631323D636F6D2E636C6D6F62692E436F77626F792E656E2631333D332631343D312E322631353D302631363D312631373D303030303030303030312631383D312631393D39312E3132312E37382E302632303D39312E3132312E38362E3235352632313D2545362542332539352545352539422542442632323D2632333D2632343D2632353D2632363D26...
https://ws.tapjoyads.com/connect?app_id=9805facc-1e7e-4b58-a491-e2c82845d1a2&android_id=4d9ceeb4598054f6&udid=216533491497077&device_name=Nexus%20S&device_manufacturer=samsung&device_type=android&os_version=4.0.4&country_code=US&language_code=en&app_version=1.2&library_version=8.1.7&platform=android&display_multiplier=1.0&carrier_name=Android&carrier_country_code=us&mobile_country_code=310260&screen_density=240&screen_layout_size=2&connection_type=mobile&timestamp=1350889392&verifier=46503730434899dee77c8a81d81134822250f35d05eedabf5e7fab4904655ab9
http://int.dpool.sina.com.cn/iplookup/iplookup.php?format=js
http://199.87.232.147/ad/anzhuomohe_14806_wansheng_10150113.apk
Accessed URIs
market://details?id=com.google.ads
geo:0,0?q=donuts
market://search?q=pname:com.google
tel://6509313940
gmsg://mobileads.google.com/loadSdkConstants?min_hwa_banner=18&active_view_sampling_intervals=%5B0.4%2C0.4%5D&refresh_intervals=%7B%22active_view_sampling_interval%22%3A%220.4%22%2C%22swipe_to_view_sampling_interval%22%3A%220.4%22%7D&discardable_storekitcontroller_cache_size=3&mraid_banner_path=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fstatic%2Fmad%2Fsdk%2Fnative%2Fmraid%2Fv1%2Fmraid_app_banner.js&mraid_interstitial_path=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fstatic%2Fmad%2Fsdk%2Fnative%2Fmraid%2Fv1%2Fmraid_app_interstitial.js&mraid_expanded_banner_path=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fstatic%2Fmad%2Fsdk%2Fnative%2Fmraid%2Fv1%2Fmraid_app_expanded_banner.js&mraid_disable_redirect=0&google.afma.Notify_dt=1350889394695
gmsg://mobileads.google.com/loadAdURL?drt_include=1&request_scenario=online_request&type=admob&url=http%3A%2F%2Fgoogleads.g.doubleclick.net%3A80%2Fmads%2Fgma%3Fpreqs%3D0%26session_id%3D13085665623407161832%26u_sd%3D1.5%26seq_num%3D1%26u_w%3D533%26msid%3Dcom.clmobi.Cowboy.en%26cap%3Dm%252Ca%26js%3Dafma-sdk-a-v6.2.1%26cipa%3D0%26bas_off%3D0%26format%3D0x0_mb%26oar%3D0%26net%3Ded%26app_name%3D3.android.com.clmobi.Cowboy.en%26hl%3Den%26gnt%3D3%26u_h%3D320%26carrier%3D310260%26bas_on%3D0%26ptime%3D0%26u_audio%3D1%26aims%3Df%26aimr%3Dnogms%26aimt%3D44%26an%3D3.android.com.clmobi.Cowboy.en%26u_so%3Dl%26output%3Dhtml%26region%3Dmobile_app%26u_tz%3D120%26client_sdk%3D1%26ex%3D1%26slotname%3Da15080fba798679%26gsb%3D3g%26caps%3DinlineVideo_interactiveVideo_mraid1_th_autoplay_mediation_sdkAdmobApiForAds_di%26_efs%3Dfalse%26blockAutoClicks%3D0%26isul%3D32%26blob%3DABPQqLG9x0vXs1lqd5hM6EXdy7jiI1HOUHHcUDhKKC9s8oP5RWpia-LTR6V-Q3xD61wI5-pyQYoKdjE3IC6UFqoAjgmIx6tuXEnDXLm1SeuAYRJPJK-IS1NMiZGlhWSseSYP9F4v2N5tLipqwUeoahz5X7pyTAf73ct7tlX-w32lYfECZgDmLtkfBw98xr_zwmpz4aYHBURJkovipuhM_mjkoBFzYWgF_1B5YPeBUqspjngvdkXBo5S7Z9YMZjIax3jdLzLjzZUwAHS_SSmjT3IA-ktG3f4im_lZLzAa%26et%3D10%26jsv%3D138%26urll%3D909&base_uri=http%3A%2F%2Fgoogleads.g.doubleclick.net%3A80%2Fmads%2Fgma&use_webview_loadurl=0&enable_auto_click_protection=0&google.afma.Notify_dt=1350889394837