× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eab57e669f511c837a15978e746b8325a2731ea44c46108d66acec85403b10f9
File name: BIB.apk
Detection ratio: 29 / 57
Analysis date: 2015-08-17 12:02:27 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Ad-Aware Android.Trojan.AndroRAT.E 20150817
AegisLab SUSPICIOUS 20150817
AhnLab-V3 Android-Trojan/Sandrorat.c542 20150817
Alibaba A.W.Rog.EvilCert.A24 20150817
Antiy-AVL Trojan[Spy:HEUR]/AndroidOS.Sandr.1 20150817
Arcabit Android.Trojan.AndroRAT.E 20150817
Avast Android:Kasandra-E [Trj] 20150817
AVG Android/Deng.FCT 20150817
Avira (no cloud) ANDROID/Kasandra.B.Gen 20150817
Baidu-International Trojan.AndroidOS.Sandr.a 20150817
BitDefender Android.Trojan.AndroRAT.E 20150817
CAT-QuickHeal Android.Sandr.A 20150817
Comodo UnclassifiedMalware 20150817
Cyren AndroidOS/Sandr.A.gen!Eldorado 20150817
DrWeb Android.Spy.184.origin 20150817
Emsisoft Android.Trojan.AndroRAT.E (B) 20150817
ESET-NOD32 a variant of Android/Spy.Kasandra.A 20150817
F-Secure Trojan:Android/AndroRat.H 20150817
Fortinet Android/Sandr.C!tr 20150813
GData Android.Trojan.AndroRAT.E 20150817
Ikarus Trojan-Spy.AndroidOS.Kasandra 20150817
K7GW Spyware ( 004c0e3d1 ) 20150817
Kaspersky HEUR:Trojan-Spy.AndroidOS.Sandr.a 20150817
McAfee Artemis!3813F9F5CBF8 20150817
McAfee-GW-Edition Artemis 20150817
eScan Android.Trojan.AndroRAT.E 20150817
NANO-Antivirus Trojan.Android.Zerat.dekxmy 20150817
Sophos AV Andr/SandRat-B 20150817
Zillya Trojan.Kasandra..186 20150817
Yandex 20150816
ALYac 20150817
AVware 20150817
Bkav 20150817
ByteHero 20150817
ClamAV 20150817
CMC 20150814
F-Prot 20150817
Jiangmin 20150815
K7AntiVirus 20150817
Kingsoft 20150817
Malwarebytes 20150817
Microsoft 20150817
nProtect 20150813
Panda 20150817
Qihoo-360 20150817
Rising 20150817
SUPERAntiSpyware 20150817
Symantec 20150816
Tencent 20150817
TheHacker 20150814
TotalDefense 20150817
TrendMicro 20150817
TrendMicro-HouseCall 20150817
VBA32 20150815
VIPRE 20150817
ViRobot 20150817
Zoner 20150817
The file being studied is Android related! APK Android file more specifically. The application's main package name is net.droidjack.sandrorat. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 17.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file makes use of cryptographic functions
Permissions that allow the application to manipulate SMS
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_CALL_LOG (write (but not read) the user's contacts data.)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.CAMERA (take pictures and videos)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.RECORD_AUDIO (record audio)
android.permission.READ_CONTACTS (read contact data)
android.permission.GET_ACCOUNTS (discover known accounts)
Permission-related API calls
FACTORY_TEST
GET_TASKS
ACCESS_NETWORK_STATE
RECORD_AUDIO
GET_ACCOUNTS
SEND_SMS
READ_LOGS
ACCESS_WIFI_STATE
CAMERA
INTERNET
READ_CONTACTS
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
WRITE_HISTORY_BOOKMARKS
WAKE_LOCK
ACCESS_FINE_LOCATION
Main Activity
net.droidjack.sandrorat.MainActivity
Activities
net.droidjack.sandrorat.MainActivity
net.droidjack.sandrorat.CamSnap
net.droidjack.sandrorat.VideoCap
Services
net.droidjack.sandrorat.Controller
net.droidjack.sandrorat.GPSLocation
net.droidjack.sandrorat.Toaster
Receivers
net.droidjack.sandrorat.Connector
Activity-related intent filters
net.droidjack.sandrorat.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
net.droidjack.sandrorat.CamSnap
actions: android.intent.action.CAMSNAP
categories: android.intent.category.DEFAULT
net.droidjack.sandrorat.VideoCap
actions: android.intent.action.VIDEOCAP
categories: android.intent.category.DEFAULT
Receiver-related intent filters
net.droidjack.sandrorat.Connector
actions: android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.BOOT_COMPLETED
Application certificate information
Application bundle files
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
12
Uncompressed size
478359
Highest datetime
2015-07-25 22:45:48
Lowest datetime
2015-07-25 22:45:44
Contained files by extension
xml
4
png
3
dex
1
MF
1
RSA
1
SF
1
Contained files by type
XML
4
unknown
4
PNG
3
DEX
1
Compressed bundles
File identification
MD5 3813f9f5cbf8f57fd8102e12c0c018f9
SHA1 b84d9b78371bd63452548aee5c2c8c70c15d4eac
SHA256 eab57e669f511c837a15978e746b8325a2731ea44c46108d66acec85403b10f9
ssdeep
3072:yMX6Kx2y97+zkg4AH8GeXpnJFRJJNnPZUlJoTgaD7O8/OiX217rSPBVOc:y46ny9lrh53RJnPZUYTgaD7x/OCeHSd

File size 210.7 KB ( 215739 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android

VirusTotal metadata
First submission 2015-07-25 08:08:00 UTC ( 3 years, 3 months ago )
Last submission 2015-07-25 08:08:00 UTC ( 3 years, 3 months ago )
File names BIB.apk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=net.droidjack.sandrorat/.Controller;end