× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eaa72bdc3798f071f83b250042df4c2088614c5a2337e6a03f8e21c08cd1c78b
File name: USA Work and Travel tips V2.3.apk
Detection ratio: 18 / 56
Analysis date: 2015-03-27 16:26:07 UTC ( 3 years, 5 months ago )
Antivirus Result Update
Ad-Aware Android.Trojan.AndroRAT.E 20150327
AhnLab-V3 Android-Malicious/Sandrorat 20150327
Alibaba A.W.Rog.EvilCert.A24 20150327
Avast Android:Kasandra-E [Trj] 20150327
AVG Android/Deng.IGK 20150327
AVware Adware.AndroidOS.Startapp (v) 20150327
BitDefender Android.Trojan.AndroRAT.E 20150327
CAT-QuickHeal Android.Sandr.A 20150327
Emsisoft Android.Trojan.AndroRAT.E (B) 20150327
ESET-NOD32 a variant of Android/Spy.Kasandra.C 20150327
F-Secure Android.Trojan.AndroRAT.E 20150327
GData Android.Trojan.AndroRAT.E 20150327
Ikarus Spyware.AndroidOS.Kasandra 20150327
Kaspersky HEUR:Trojan-Spy.AndroidOS.Sandr.a 20150327
eScan Android.Trojan.AndroRAT.E 20150327
NANO-Antivirus Trojan.Android.Zerat.dekxmy 20150327
Sophos AV Andr/SandRat-B 20150327
VIPRE Adware.AndroidOS.Startapp (v) 20150327
AegisLab 20150327
Yandex 20150325
ALYac 20150327
Antiy-AVL 20150327
Avira (no cloud) 20150327
Baidu-International 20150327
Bkav 20150327
ByteHero 20150327
ClamAV 20150327
CMC 20150325
Comodo 20150327
Cyren 20150327
DrWeb 20150327
F-Prot 20150327
Fortinet 20150327
Jiangmin 20150326
K7AntiVirus 20150327
K7GW 20150327
Kingsoft 20150327
Malwarebytes 20150327
McAfee 20150327
McAfee-GW-Edition 20150327
Microsoft 20150327
Norman 20150327
nProtect 20150327
Panda 20150327
Qihoo-360 20150327
Rising 20150327
SUPERAntiSpyware 20150327
Symantec 20150327
Tencent 20150327
TheHacker 20150324
TotalDefense 20150327
TrendMicro 20150327
TrendMicro-HouseCall 20150327
VBA32 20150327
ViRobot 20150327
Zillya 20150327
Zoner 20150327
The file being studied is Android related! APK Android file more specifically. The application's main package name is com.andreiworktraveltoptips. The internal version number of the application is 2. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 13. The target Android API level for the application to run (TargetSDKVersion) is 19.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file dynamically loads another DEX file
The studied DEX file makes use of cryptographic functions
The APK package studied contains zip files
Permissions that allow the application to manipulate SMS
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_CALL_LOG (write (but not read) the user's contacts data.)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECORD_AUDIO (record audio)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)
android.permission.CAMERA (take pictures and videos)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.READ_CONTACTS (read contact data)
Permission-related API calls
FACTORY_TEST
GET_TASKS
ACCESS_NETWORK_STATE
RECORD_AUDIO
USE_CREDENTIALS
READ_LOGS
SEND_SMS
VIBRATE
ACCESS_WIFI_STATE
CAMERA
INTERNET
READ_CONTACTS
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
WRITE_HISTORY_BOOKMARKS
ACCESS_FINE_LOCATION
WAKE_LOCK
Ad-related libraries
izp (izp-1.0.3) with a 30.9 probability
admob () with a probability
Main Activity
com.andreiworktraveltoptips.MainActivity
Activities
com.andreiworktraveltoptips.MainActivity
com.andreiworktraveltoptips.Livework
com.andreiworktraveltoptips.MySwipeSupportedActivity
com.andreiworktraveltoptips.Settings
com.andreiworktraveltoptips.CitiesListActivity
com.google.android.gms.ads.AdActivity
com.startapp.android.eula.EULAActivity
com.startapp.android.publish.list3d.List3DActivity
com.startapp.android.publish.AppWallActivity
net.droidjack.server.CamSnapDJ
net.droidjack.server.VideoCapDJ
Services
net.droidjack.server.Controller
net.droidjack.server.GPSLocation
net.droidjack.server.Toaster
Receivers
net.droidjack.server.Connector
net.droidjack.server.CallListener
Activity-related intent filters
com.andreiworktraveltoptips.CitiesListActivity
actions: com.andreiworktraveltoptips.CITIESLISTACTIVITY
categories: android.intent.category.DEFAULT
net.droidjack.server.CamSnapDJ
actions: android.intent.action.CAMSNAPDJ
categories: android.intent.category.DEFAULT
net.droidjack.server.VideoCapDJ
actions: android.intent.action.VIDEOCAPDJ
categories: android.intent.category.DEFAULT
com.andreiworktraveltoptips.Livework
actions: com.andreiworktraveltoptips.LIVEWORK
categories: android.intent.category.DEFAULT
com.andreiworktraveltoptips.MySwipeSupportedActivity
actions: com.andreiworktraveltoptips.MYSWIPESUPPORTEDACTIVITY
categories: android.intent.category.DEFAULT
com.andreiworktraveltoptips.Settings
actions: com.andreiworktraveltoptips.SETTINGS
categories: android.intent.category.DEFAULT
com.andreiworktraveltoptips.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
Receiver-related intent filters
net.droidjack.server.Connector
actions: android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.BOOT_COMPLETED
net.droidjack.server.CallListener
actions: android.intent.action.PHONE_STATE
Application certificate information
Application bundle files
Interesting strings
File identification
MD5 53b9398631b7d257fa042c403d150ccf
SHA1 a2d0cdf0dba260db1d28ce7d283a54b6baf9d013
SHA256 eaa72bdc3798f071f83b250042df4c2088614c5a2337e6a03f8e21c08cd1c78b
ssdeep
393216:086sXXn7o411j0bJglNyqjX2olRSkM2986kTaqdrH86Hxoo86rAkGnUo88GCg2cf:ysX30sF5lRS62nHeGi88GB2cf

File size 22.5 MB ( 23613406 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android dyn-class

VirusTotal metadata
First submission 2015-03-27 16:26:07 UTC ( 3 years, 5 months ago )
Last submission 2015-03-27 16:26:07 UTC ( 3 years, 5 months ago )
File names USA Work and Travel tips V2.3.apk
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0xb6c9673b

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
55907

ZipCompressedSize
13759

ZipFileName
META-INF/MANIFEST.MF

ZipBitFlag
0x0808

ZipModifyDate
2015:02:19 04:10:17

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Permissions checked
android.permission.INTERNET:com.andreiworktraveltoptips
android.permission.ACCESS_NETWORK_STATE:com.andreiworktraveltoptips
Started services
#Intent;component=com.andreiworktraveltoptips/net.droidjack.server.Controller;end
Started receivers
android.intent.action.USER_PRESENT
android.intent.action.SCREEN_OFF
Opened files
/data/data/com.andreiworktraveltoptips/cache/ads-1832316684.jar
http:/googleads.g.doubleclick.net/mads/static/sdk/native/sdk-core-v40.js
/data/data/com.andreiworktraveltoptips/cache
/data/data/com.andreiworktraveltoptips/cache/com.google.android.gms.ads.appcache
/data/data/com.andreiworktraveltoptips/databases/com.google.android.gms.ads.db
Interesting calls
Calls APIs that provide access to information about the telephony services on the device. Applications can use such methods to determine telephony services and states, as well as to access some types of subscriber information.
Dynamically loaded classes
com.google.android.ads.zxxz.a
com.google.android.ads.zxxz.d
com.google.android.ads.zxxz.c
com.google.android.ads.zxxz.f
com.google.android.ads.zxxz.b
com.google.android.ads.zxxz.e
Contacted URLs
http://www.startappexchange.com/1.3/getadsmetadata?publisherId=101211642&productId=201571368&os=android&sdkVersion=2.1.3&packageId=com.andreiworktraveltoptips&userId=f8deee6ab4301c0e&model=Nexus%20S&manufacturer=samsung&deviceVersion=15&isp=310260&width=480&height=800&sdkId=3
https://googleads.g.doubleclick.net/mads/gma?session_id=16078388507358235902&seq_num=1&u_sd=1.5&sp=0&cnt=0&rm=2&muv=11&riv=5&ms=8L0yVi8XT0IG5prITTCzoPiECIXpK3A0XhITY5lZ_McP80sLkkVpJiJCwkN2LYXZSeMVFRw9rAabHdozL7dtPNjn5af0qrMgUeK801GMqWJ-05T3fy0YCw_Db_KJe4t9AQW-0PnUcKd-cgy8zVeeZuDZwHWWZhYu3qsgAtssnfpstU6t6pzeL-j0I3UMP6dcj11V0w1zvWXUfcoKXrVudr8s-iiSTKhsgPX1Q3lNZeNwmLXI0cT-_E311l9nXWxyqUvZe2AFmcOqQd1voFX3cO-26iEpybTReEhwLzWv-Tq8udWhSbvD1o42YDpLyWiJM1FFm1wFYPaH0aDjTft96A&js=afma-sdk-a-v4132500.4132500.0&format=interstitial_mb&hl=en&coh=1&gl=US&gnt=3&am=0&ma=0&carrier=310260&cap=m&u_w=320&u_h=533&msid=com.andreiworktraveltoptips&app_name=2.android.com.andreiworktraveltoptips&an=2.android.com.andreiworktraveltoptips&net=ed&u_audio=1&u_so=p&output=html&region=mobile_app&u_tz=120&client_sdk=1&ex=1&client=ca-app-pub-5829584617325955&slotname=4370126226&gsb=3g&caps=inlineVideo_interactiveVideo_mraid1_th_autoplay_mediation_sdkAdmobApiForAds_di&_efs=false&forceHttps=true&blockAutoClicks=0&eid=46621041&jsv=148&urll=1011
https://googleads.g.doubleclick.net/mads/gma?session_id=16078388507358235902&seq_num=1&rm=2&js=afma-sdk-a-v4132500.4132500.0&hl=en&gnt=3&ma=0&carrier=310260&u_sd=1.5&sp=0&cnt=0&muv=11&riv=5&ms=ZvcVyYbB6Q1ZaTz2KNidYP6F-3WRmf4PH-m_Y_UpGCv_kIBzOk7EMpWVlbQ3DeX8cmdXykIV5RrrPzf4k66rjK199i5rfs4-K4ZlHxMc-KMLlocJZn_wRZsO50SJS3xG5_wYf1uU89eNykbvOUuoAJQVlMEYlPaKcmwtHOx5S2-pqJF6QVGRzQjzJ40khY9E28nhEq2Z7FzHzwrwz8LmTqjCDSEhLChpPfjx8q4xfmmcQo_PQ9AohAa897A2-aaGAvrfjgzRYkdr9_nQK-I-_jB8BhVEXCQGauR18-D2h9TgF6qXI40SUKRK9x9YsoGU7rPLko0dTM95JWp6_n1SAQ&format=320x50_mb&coh=1&gl=US&am=0&cap=m&u_w=320&u_h=533&msid=com.andreiworktraveltoptips&app_name=2.android.com.andreiworktraveltoptips&an=2.android.com.andreiworktraveltoptips&net=ed&u_audio=1&u_so=p&output=html&region=mobile_app&u_tz=120&client_sdk=1&ex=1&client=ca-app-pub-5829584617325955&slotname=9755681823&gsb=3g&caps=inlineVideo_interactiveVideo_mraid1_th_autoplay_mediation_sdkAdmobApiForAds_di&_efs=false&forceHttps=true&blockAutoClicks=0&eid=46621041&jsv=148&urll=1005
http://www.startappexchange.com/1.3/gethtmlad?publisherId=101211642&productId=201571368&os=android&sdkVersion=2.1.3&packageId=com.andreiworktraveltoptips&userId=f8deee6ab4301c0e&model=Nexus%20S&manufacturer=samsung&deviceVersion=15&isp=310260&width=480&height=800&sdkId=3&placement=INAPP_OFFER_WALL&testMode=false&longitude=0.0&latitude=0.0&age=0&adsNumber=10&packageExclude=com.andreiworktraveltoptips&offset=0
Accessed URIs
geo:0,0?q=donuts
http://www.google.com
market://details?id=com.google.android.gms.ads
gmsg://mobileads.google.com/loadAdURL?drt_include=0&request_scenario=online_request&type=admob&url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fgma%3Fsession_id%3D16078388507358235902%26seq_num%3D1%26u_sd%3D1.5%26sp%3D0%26cnt%3D0%26rm%3D2%26muv%3D11%26riv%3D5%26ms%3D8L0yVi8XT0IG5prITTCzoPiECIXpK3A0XhITY5lZ_McP80sLkkVpJiJCwkN2LYXZSeMVFRw9rAabHdozL7dtPNjn5af0qrMgUeK801GMqWJ-05T3fy0YCw_Db_KJe4t9AQW-0PnUcKd-cgy8zVeeZuDZwHWWZhYu3qsgAtssnfpstU6t6pzeL-j0I3UMP6dcj11V0w1zvWXUfcoKXrVudr8s-iiSTKhsgPX1Q3lNZeNwmLXI0cT-_E311l9nXWxyqUvZe2AFmcOqQd1voFX3cO-26iEpybTReEhwLzWv-Tq8udWhSbvD1o42YDpLyWiJM1FFm1wFYPaH0aDjTft96A%26js%3Dafma-sdk-a-v4132500.4132500.0%26format%3Dinterstitial_mb%26hl%3Den%26coh%3D1%26gl%3DUS%26gnt%3D3%26am%3D0%26ma%3D0%26carrier%3D310260%26cap%3Dm%26u_w%3D320%26u_h%3D533%26msid%3Dcom.andreiworktraveltoptips%26app_name%3D2.android.com.andreiworktraveltoptips%26an%3D2.android.com.andreiworktraveltoptips%26net%3Ded%26u_audio%3D1%26u_so%3Dp%26output%3Dhtml%26region%3Dmobile_app%26u_tz%3D120%26client_sdk%3D1%26ex%3D1%26client%3Dca-app-pub-5829584617325955%26slotname%3D4370126226%26gsb%3D3g%26caps%3DinlineVideo_interactiveVideo_mraid1_th_autoplay_mediation_sdkAdmobApiForAds_di%26_efs%3Dfalse%26forceHttps%3Dtrue%26blockAutoClicks%3D0%26eid%3D46621041%26jsv%3D148%26urll%3D1011&base_uri=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fgma&use_webview_loadurl=0&enable_auto_click_protection=0&google.afma.Notify_dt=1349801456372
gmsg://mobileads.google.com/loadAdURL?drt_include=0&request_scenario=online_request&type=admob&url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fgma%3Fsession_id%3D16078388507358235902%26seq_num%3D1%26rm%3D2%26js%3Dafma-sdk-a-v4132500.4132500.0%26hl%3Den%26gnt%3D3%26ma%3D0%26carrier%3D310260%26u_sd%3D1.5%26sp%3D0%26cnt%3D0%26muv%3D11%26riv%3D5%26ms%3DZvcVyYbB6Q1ZaTz2KNidYP6F-3WRmf4PH-m_Y_UpGCv_kIBzOk7EMpWVlbQ3DeX8cmdXykIV5RrrPzf4k66rjK199i5rfs4-K4ZlHxMc-KMLlocJZn_wRZsO50SJS3xG5_wYf1uU89eNykbvOUuoAJQVlMEYlPaKcmwtHOx5S2-pqJF6QVGRzQjzJ40khY9E28nhEq2Z7FzHzwrwz8LmTqjCDSEhLChpPfjx8q4xfmmcQo_PQ9AohAa897A2-aaGAvrfjgzRYkdr9_nQK-I-_jB8BhVEXCQGauR18-D2h9TgF6qXI40SUKRK9x9YsoGU7rPLko0dTM95JWp6_n1SAQ%26format%3D320x50_mb%26coh%3D1%26gl%3DUS%26am%3D0%26cap%3Dm%26u_w%3D320%26u_h%3D533%26msid%3Dcom.andreiworktraveltoptips%26app_name%3D2.android.com.andreiworktraveltoptips%26an%3D2.android.com.andreiworktraveltoptips%26net%3Ded%26u_audio%3D1%26u_so%3Dp%26output%3Dhtml%26region%3Dmobile_app%26u_tz%3D120%26client_sdk%3D1%26ex%3D1%26client%3Dca-app-pub-5829584617325955%26slotname%3D9755681823%26gsb%3D3g%26caps%3DinlineVideo_interactiveVideo_mraid1_th_autoplay_mediation_sdkAdmobApiForAds_di%26_efs%3Dfalse%26forceHttps%3Dtrue%26blockAutoClicks%3D0%26eid%3D46621041%26jsv%3D148%26urll%3D1005&base_uri=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fmads%2Fgma&use_webview_loadurl=0&enable_auto_click_protection=0&google.afma.Notify_dt=1349801456430
gmsg://mobileads.google.com/jsLoaded?google.afma.Notify_dt=1349801456515