× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2
File name: 4c8f01db58987c2c3321cdbbb1a2e67a.virus
Detection ratio: 30 / 43
Analysis date: 2011-12-08 00:09:48 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AntiVir Android/Agent.CQ 20111207
Antiy-AVL Trojan/win32.agent 20111207
Avast Android:AdSms-A [Trj] 20111207
BitDefender Android.Trojan.AdSMS.B 20111208
CAT-QuickHeal Android.SmsHider.C 20111207
Commtouch AndroidOS/GenBl.CD34DD20!Olympus 20111208
Comodo UnclassifiedMalware 20111207
DrWeb Android.Evan.7 20111208
Emsisoft Trojan-SMS!IK 20111208
F-Secure Trojan:Android/AdSMS.A 20111207
Fortinet Android/AdSms.A!tr 20111207
GData Android.Trojan.AdSMS.B 20111207
Ikarus Trojan-SMS 20111207
Jiangmin Trojan/AndroidOS.b 20111207
Kaspersky Trojan-SMS.AndroidOS.Adsms.c 20111208
McAfee Android/SMS.gen 20111208
McAfee-GW-Edition Android/SMS.gen 20111207
Microsoft Trojan:AndroidOS/VaneSms.A 20111207
NOD32 Android/Adsms.B 20111207
Norman Suspicious_Gen2.PGVQU 20111207
PCTools Android.Adsms 20111208
Panda Android/AdSMS 20111207
Sophos Andr/AdSMS-A 20111207
Symantec Android.Adsms 20111208
TrendMicro AndroidOS_ADSMS.A 20111207
TrendMicro-HouseCall AndroidOS_ADSMS.A 20111208
VBA32 Trojan-SMS.AndroidOS.Adsms.c 20111207
VIPRE Trojan-SMS.AndroidOS.Adsms.a (v) 20111208
eSafe Win32.Android.Adsms 20111206
eTrust-Vet AndroidOS/SMSTroj.D!generic 20111207
AVG 20111208
AhnLab-V3 20111207
ByteHero 20111207
ClamAV 20111207
F-Prot 20111129
K7AntiVirus 20111207
Prevx 20111208
Rising 20111207
SUPERAntiSpyware 20111208
TheHacker 20111207
ViRobot 20111207
VirusBuster 20111207
nProtect 20111207
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.andiord. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 7.
Risk summary
Permissions that allow the application to manipulate SMS
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.SEND_SMS (send SMS messages)
android.permission.WRITE_APN_SETTINGS (write Access Point Name settings)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)
android.permission.DEVICE_POWER (turn phone on or off)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.BROADCAST_PACKAGE_ADDED (Unknown permission from android reference)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.BROADCAST_PACKAGE_REMOVED (send package removed broadcast)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_SMS (read SMS or MMS)
Permission-related API calls
ACCESS_NETWORK_STATE
RESTART_PACKAGES
KILL_BACKGROUND_PROCESSES
WAKE_LOCK
SEND_SMS
ACCESS_WIFI_STATE
INTERNET
READ_PHONE_STATE
Activities
com.andiord.UpdateDialog
Services
com.andiord.BootService
Receivers
com.andiord.SystemEventReceiver
Service-related intent filters
com.andiord.BootService
actions: com.andiord.SystemEventReceiver
categories: android.intent.category.DEFAULT
Activity-related intent filters
com.andiord.UpdateDialog
actions: android.intent.action.MAIN
Receiver-related intent filters
com.andiord.SystemEventReceiver
actions: android.provider.Telephony.SMS_RECEIVED, android.intent.action.PHONE_STATE, android.intent.action.BOOT_COMPLETED, android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.WEB_SEARCH, android.server.checkin.FOTA_READY, android.server.checkin.FOTA_RESTART, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED
Code-related observations
The application does not load any code dynamically
The application does not contain reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
Interesting strings
Compressed bundles
File identification
MD5 4c8f01db58987c2c3321cdbbb1a2e67a
SHA1 c2e17a59186aa3a12021d835263153bb52604263
SHA256 dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2
ssdeep
768:0MPX/FcpW+QtnwXxFJ+S4M6Svv4XdMkta95ePCGkQcqReqsuJhAPtcY:0KdftwXxFJ+VYv4y5CdzrhAPH

File size 40.9 KB ( 41927 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (73.9%)
Java Archive (20.4%)
ZIP compressed archive (5.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
apk android

VirusTotal metadata
First submission 2011-05-26 03:52:01 UTC ( 2 years, 11 months ago )
Last submission 2014-04-19 18:21:51 UTC ( 5 days, 13 hours ago )
File names DCF44F7262682EC2274829E6A14DFDE470CA60DC1FBB2B76FF1053230AE305C2.log
28554_htc(1).apk
166.apk
htc-apk.txt
htc_ver1.4_.apk
13264993801193125836
com.andiord
file-4833501_apk
vt-upload-xi2kA
4c8f01db58987c2c3321cdbbb1a2e67a.apk
htc.apk
200.apk
dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2.apk
dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2.bin
c2e17a59186aa3a12021d835263153bb52604263
2_adsms.apk
dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2.log
sample.apk
4C8F01DB58987C2C3321CDBBB1A2E67A.apk
test.txt
4c8f01db58987c2c3321cdbbb1a2e67a.virus
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0xf247ffb0

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
1236

ZipCompressedSize
436

FileAccessDate
2014:04:20 01:58:05+01:00

ZipFileName
res/layout/main.xml

ZipBitFlag
0x0008

FileCreateDate
2014:04:20 01:58:05+01:00

ZipModifyDate
2011:05:19 21:15:10

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!