× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f691fa19d786aea7fac9619cbaa7d51eacdbac97c9afe1dc070debeff6dbe9d1
File name: f691fa19d786aea7fac9619cbaa7d51eacdbac97c9afe1dc070debeff6dbe9d1.log
Detection ratio: 27 / 57
Analysis date: 2015-06-02 11:54:00 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Ad-Aware Android.Trojan.AndroRAT.E 20150602
AegisLab Sandr 20150602
AhnLab-V3 Android-Trojan/Sandrorat.c542 20150602
Alibaba A.W.Rog.EvilCert.A24 20150602
Arcabit Android.Trojan.AndroRAT.E 20150602
Avast Android:Kasandra-E [Trj] 20150602
AVG Android/Deng.FCT 20150602
Avira (no cloud) ANDROID/Kasandra.B.Gen 20150602
Baidu-International Trojan.Android.Kasandra.A 20150602
BitDefender Android.Trojan.AndroRAT.E 20150602
CAT-QuickHeal Android.Sandr.A 20150602
Cyren AndroidOS/Sandr.A.gen!Eldorado 20150602
DrWeb Android.Spy.184.origin 20150602
Emsisoft Android.Trojan.AndroRAT.E (B) 20150602
ESET-NOD32 a variant of Android/Spy.Kasandra.A 20150602
F-Secure Trojan:Android/AndroRat.H 20150602
GData Android.Trojan.AndroRAT.E 20150602
Ikarus Spyware.AndroidOS.Kasandra 20150602
K7GW Spyware ( 004c0e3d1 ) 20150602
Kaspersky HEUR:Trojan-Spy.AndroidOS.Sandr.a 20150602
McAfee Artemis!3C641E198FF2 20150602
McAfee-GW-Edition Artemis 20150602
eScan Android.Trojan.AndroRAT.E 20150602
NANO-Antivirus Trojan.Android.Zerat.dekxmy 20150602
Sophos AV Andr/SandRat-B 20150602
TrendMicro-HouseCall Suspicious_GEN.F47V0508 20150602
Zoner Trojan.AndroidOS.Kasandra.E 20150602
Yandex 20150601
ALYac 20150602
Antiy-AVL 20150602
AVware 20150602
Bkav 20150602
ByteHero 20150602
ClamAV 20150602
CMC 20150602
Comodo 20150602
F-Prot 20150602
Fortinet 20150602
Jiangmin 20150601
K7AntiVirus 20150602
Kingsoft 20150602
Malwarebytes 20150602
Microsoft 20150602
nProtect 20150602
Panda 20150602
Qihoo-360 20150602
Rising 20150531
SUPERAntiSpyware 20150602
Symantec 20150602
Tencent 20150602
TheHacker 20150602
TotalDefense 20150602
TrendMicro 20150602
VBA32 20150602
VIPRE 20150602
ViRobot 20150602
Zillya 20150602
The file being studied is Android related! APK Android file more specifically. The application's main package name is net.droidjack.sandrorat. The internal version number of the application is 1. The displayed version string of the application is 1.0. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 17.
Risk summary
The studied DEX file makes use of API reflection
The studied DEX file makes use of cryptographic functions
Permissions that allow the application to manipulate SMS
Permissions that allow the application to manipulate your location
Permissions that allow the application to perform payments
Permissions that allow the application to access Internet
Permissions that allow the application to access private information
Other permissions that could be considered as dangerous in certain scenarios
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity)
android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
android.permission.SEND_SMS (send SMS messages)
android.permission.WRITE_SMS (edit SMS or MMS)
android.permission.ACCESS_NETWORK_STATE (view network status)
android.permission.WRITE_CALL_LOG (write (but not read) the user's contacts data.)
android.permission.GET_TASKS (retrieve running applications)
android.permission.READ_CALL_LOG (read the user's call log.)
com.android.browser.permission.READ_HISTORY_BOOKMARKS (read Browser's history and bookmarks)
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.RECEIVE_SMS (receive SMS)
android.permission.WRITE_CONTACTS (write contact data)
android.permission.READ_EXTERNAL_STORAGE (read from external storage)
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)
android.permission.CALL_PHONE (directly call phone numbers)
android.permission.READ_PHONE_STATE (read phone state and identity)
android.permission.READ_SMS (read SMS or MMS)
android.permission.CAMERA (take pictures and videos)
android.permission.WAKE_LOCK (prevent phone from sleeping)
android.permission.RECORD_AUDIO (record audio)
android.permission.READ_CONTACTS (read contact data)
android.permission.GET_ACCOUNTS (discover known accounts)
Permission-related API calls
FACTORY_TEST
GET_TASKS
ACCESS_NETWORK_STATE
RECORD_AUDIO
GET_ACCOUNTS
SEND_SMS
READ_LOGS
ACCESS_WIFI_STATE
CAMERA
INTERNET
READ_CONTACTS
CHANGE_COMPONENT_ENABLED_STATE
READ_PHONE_STATE
WRITE_HISTORY_BOOKMARKS
WAKE_LOCK
ACCESS_FINE_LOCATION
Main Activity
net.droidjack.sandrorat.MainActivity
Activities
net.droidjack.sandrorat.MainActivity
net.droidjack.sandrorat.CamSnap
net.droidjack.sandrorat.VideoCap
Services
net.droidjack.sandrorat.Controller
net.droidjack.sandrorat.GPSLocation
net.droidjack.sandrorat.Toaster
Receivers
net.droidjack.sandrorat.Connector
Activity-related intent filters
net.droidjack.sandrorat.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER
net.droidjack.sandrorat.CamSnap
actions: android.intent.action.CAMSNAP
categories: android.intent.category.DEFAULT
net.droidjack.sandrorat.VideoCap
actions: android.intent.action.VIDEOCAP
categories: android.intent.category.DEFAULT
Receiver-related intent filters
net.droidjack.sandrorat.Connector
actions: android.net.conn.CONNECTIVITY_CHANGE, android.intent.action.BOOT_COMPLETED
Application certificate information
Application bundle files
The file being studied is a compressed stream! Details about the compressed contents follow.
Contained files
Compression metadata
Contained files
12
Uncompressed size
478347
Highest datetime
2015-04-18 15:08:16
Lowest datetime
2015-04-18 15:08:16
Contained files by extension
xml
4
png
3
dex
1
MF
1
RSA
1
SF
1
Contained files by type
XML
4
unknown
4
PNG
3
DEX
1
File identification
MD5 3c641e198ff26234c67c1c91307081c9
SHA1 dab48a8e5178cc86be65159fbd399bcc59b797d3
SHA256 f691fa19d786aea7fac9619cbaa7d51eacdbac97c9afe1dc070debeff6dbe9d1
ssdeep
6144:t4tCyK9urhIRvHZYcPbnJmkmG8IKS0UcNWjBOzEx:6dK9urhIRvZnm9IKRUkWjkzEx

File size 210.7 KB ( 215729 bytes )
File type Android
Magic literal
Zip archive data, at least v2.0 to extract

TrID Android Package (92.9%)
ZIP compressed archive (7.0%)
Tags
apk android

VirusTotal metadata
First submission 2015-05-08 14:06:54 UTC ( 2 years, 3 months ago )
Last submission 2015-06-02 11:54:00 UTC ( 2 years, 2 months ago )
File names asddw.apk
f691fa19d786aea7fac9619cbaa7d51eacdbac97c9afe1dc070debeff6dbe9d1.log
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Started services
#Intent;component=net.droidjack.sandrorat/.Controller;end