× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e275b06aa61cc9be5a5805200c33f357a7b6952fe379055305d73315a8f94e7c
File name: Document.apk
Detection ratio: 1 / 46
Analysis date: 2013-03-26 12:58:41 UTC ( 1 year ago ) View latest
Antivirus Result Update
Kaspersky HEUR:Backdoor.AndroidOS.Chuli.a 20130326
AVG 20130326
Agnitum 20130326
AhnLab-V3 20130326
AntiVir 20130326
Antiy-AVL 20130326
Avast 20130326
BitDefender 20130326
ByteHero 20130322
CAT-QuickHeal 20130326
ClamAV 20130326
Commtouch 20130326
Comodo 20130326
DrWeb 20130326
ESET-NOD32 20130326
Emsisoft 20130326
F-Prot 20130326
F-Secure 20130326
Fortinet 20130326
GData 20130326
Ikarus 20130326
Jiangmin 20130326
K7AntiVirus 20130325
Kingsoft 20130325
Malwarebytes 20130326
McAfee 20130326
McAfee-GW-Edition 20130326
MicroWorld-eScan 20130326
Microsoft 20130326
NANO-Antivirus 20130326
Norman 20130326
PCTools 20130326
Panda 20130326
Rising 20130322
SUPERAntiSpyware 20130326
Sophos 20130326
Symantec 20130326
TheHacker 20130324
TotalDefense 20130325
TrendMicro 20130326
TrendMicro-HouseCall 20130326
VBA32 20130326
VIPRE 20130326
ViRobot 20130326
eSafe 20130324
nProtect 20130326
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.google.services. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 15.
Risk summary
Permissions that allow the application to manipulate SMS
Permissions that allow the application to manipulate your location
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS (mount and unmount file systems)
READ_PHONE_STATE (read phone state and identity)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.READ_CONTACTS (read contact data)
android.permission.READ_SMS (read SMS or MMS)
Permission-related API calls
ACCESS_FINE_LOCATION
ACCESS_NETWORK_STATE
INTERNET
READ_CONTACTS
Main Activity
com.google.services.turntest
Activities
com.google.services.turntest
Services
com.google.services.PhoneService
com.google.services.AlarmService
Receivers
com.google.services.ScreenReceiver
Activity-related intent filters
com.google.services.turntest
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
com.google.services.ScreenReceiver
actions: android.intent.action.USER_PRESENT, android.intent.action.BATTERY_CHANGED, android.intent.action.DATA_STATE, android.intent.action.TIME_TICK, android.intent.action.WALLPAPER_CHANGED, android.intent.action.PACKAGE_ADDED, android.intent.action.SCREEN_ON, android.intent.action.SIG_STR, android.intent.action.DATA_ACTIVITY
Code-related observations
The application does not load any code dynamically
The application does not contain reflection code
The application does not contain native code
The application does not contain cryptographic code
Application certificate information
Application bundle files
Interesting strings
Compressed bundles
File identification
MD5 c4c4077e9449147d754afd972e247efc
SHA1 6a2e025b35b9d35fd5ce67c66fca69141d96f74e
SHA256 e275b06aa61cc9be5a5805200c33f357a7b6952fe379055305d73315a8f94e7c
ssdeep
6144:E0ce5gBbyHPhuiwxm28KYdjMIIMshfteSIv8Imyv2TpKCV3FqRsG26oN0:E0uBeHPhYAhHBMeeeSAJv2TpKCVOsye0

File size 325.8 KB ( 333583 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
apk android zip

VirusTotal metadata
First submission 2013-03-26 12:57:31 UTC ( 1 year ago )
Last submission 2014-04-18 04:41:50 UTC ( 50 minutes ago )
File names klg.apk
N121.apk
Document.ap_
c4c4077e9449147d754afd972e247efc.virus
Recent39-b.apk
c4c4077e9449147d754afd972e247efc.zip
Chuli2.apk
c4c4077e9449147d754afd972e247efc.log
Recent39-b.apk
Document.apk
test.apk
c4c4077e9449147d754afd972e247efc_infected.apk
M156.apk
N121.apk
md5_submission.apk
Document.apk
Recent39-b.apk
BackdoorAndroidOSChuli.A-2.apk
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x6e65a3fb

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
481

ZipCompressedSize
307

FileAccessDate
2014:04:18 05:44:43+01:00

ZipFileName
META-INF/MANIFEST.MF

ZipBitFlag
0x0008

FileCreateDate
2014:04:18 05:44:43+01:00

ZipModifyDate
2013:03:13 13:54:27

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Opened files
APP_ASSETS/m.txt
Accessed files
/data/data/com.google.services/files