NVISO ApkScan malware analysis report

September 21, 2014

 
General information
File name1MobileMarket_com.android_.chrome_304_.apk
Other known file namesNone
OriginManually uploaded by anonymous user [2014-01-15 01:18:55]
MD5 hash2975378ac805e47c04d44035e0dc7c76
SHA256 hashed6c507b937a14bb96ad7872c296eb0d220408c1c80425b7b12f189ef931ef9e
File size1959.2 KB
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
GET_TASKS Allows an application to get information about the currently or recently running tasks.
INTERNET Allows applications to open network sockets.
READ_CONTACTS Allows an application to read the user's contacts data.
READ_PHONE_STATE Allows read only access to phone state.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
SYSTEM_ALERT_WINDOW Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.
INSTALL_SHORTCUTUnknown permission
VIBRATE Allows access to the vibrator
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class .service.SyncService
Class .push.PushService
Class me.onemobile.server.ServerService
Class me.onemobile.android.download.DownloadService
Class .AnalyticsService
Virus Total scan results
No scan results received from VirusTotal.

This most probably means that the sample hash is not yet known by the VirusTotal scanners.
You can always upload this sample at VirusTotal.com manually (we do not share samples automatically with third parties).
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot of the analysed application

Disk activity
Accessed files
Filename/mnt/sdcard/Android/data/me.onemobile.android/cache/images/i_-1525114550
Filename/mnt/sdcard/onemobile_download/com.android.chrome_1650059.apk
Filename/proc/meminfo
Filename/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Filename/proc/793/cmdline
Filename/data/data/me.onemobile.android/files/gaClientId
Filename/data/data/me.onemobile.android/shared_prefs/PAGER_TABS.xml
Filename/data/data/com.android.launcher/shared_prefs/com.android.launcher2.prefs.xml
Filename/dev/urandom
Filename/data/data/me.onemobile.android/shared_prefs/78.xml
Filename/mnt/sdcard/Android/data/me.onemobile.android/cache/data/journal
Filename/mnt/sdcard/Android/data/me.onemobile.android/cache/data/868889194-87-US.0.tmp
Filename/proc/856/cmdline
Filename/proc/782/cmdline
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filename/data/data/me.onemobile.android/shared_prefs/inmobisdkaid.xml
Filename/data/data/me.onemobile.android/shared_prefs/CONFIG_DETAILS.xml
Filename/mnt/sdcard/Android/data/me.onemobile.android/cache/data/834831652-87-US.0.tmp
Filename/mnt/sdcard/Android/data/me.onemobile.android/cache/data/-1164250152-87-US.0.tmp
Network activity
Opened network connections
Destination184.172.2.116:80File descriptor21
Destination184.172.2.106:80File descriptor47
Destination173.194.34.121:80File descriptor116
Destination184.172.2.106:80File descriptor135
Destination173.194.34.121:80File descriptor77
Destination173.194.34.121:80File descriptor79
Destination173.194.34.121:80File descriptor146
Destination184.172.2.106:80File descriptor42
Destination184.172.2.106:80File descriptor120
Destination173.194.34.121:80File descriptor163
Destination108.168.129.114:80File descriptor181
Destination173.245.116.33:80File descriptor158
Destination2.16.216.139:80File descriptor144
Destination184.172.2.106:80File descriptor113
Destination173.194.34.121:80File descriptor128
Destination173.245.116.33:80File descriptor88
Destination173.194.41.126:443File descriptor62
Destination184.172.2.116:80File descriptor19
Destination173.245.116.33:80File descriptor149
Destination173.245.116.33:80File descriptor90
Destination184.172.2.106:80File descriptor22
Destination173.194.34.121:80File descriptor153
Destination184.172.2.99:80File descriptor174
Destination173.194.34.121:80File descriptor122
Destination173.194.34.121:80File descriptor168
Destination184.172.2.106:80File descriptor37
Destination184.172.2.106:80File descriptor65
Destination184.172.2.106:80File descriptor70
Destination173.245.116.33:80File descriptor94
Destination184.172.2.106:30000File descriptor55
Destination184.172.2.106:80File descriptor126
Destination184.172.2.116:80File descriptor23
Destination184.172.2.106:80File descriptor138
Destination173.194.34.121:80File descriptor81
Captured traffic (Experimental feature added July 1, 2014)
No network traffic captured.
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
No text messages were placed automatically.
Cryptographic activity
Used encryption keys
No cryptographic activity detected.
Encryption operations
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'VVwCBAYGWwZQUglfUwEBVQlQVwEHCgIAVwAPUAAEAwpUVQoCXAMEBg=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'SVQECgwCVANWVwtLVAcKWgNSVQIEABkHVA4OVwUDBgFRTggEXA8EBg=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'VV0CCwIFVgFSXAleUw4FVgRXVQ8HCwIPUwMCVwIKAwtUWg4BUQQGCA=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'SVcFAwQCWwdbXApLVwYDUgNdUQ8PARkEVQcGVwoHCwpQTgsFVQcECQ=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'SVQNBQcEUQJaVghLVA4FUQVXVA4FAxkHXQEFUQACCgBSTggNUwQCAw=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'VVUGCgAHUwtVVwlWVw8HVAFdUgQHAwYOUQEHXQUBAwNQWwwDVA4BAw=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'VVAHCgMFVgpUXQlTVg8EVgRcUw4HBgcOUgMCXAQLAwZRWw8BUQ8ACQ=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'SVQAAAEFUgBTVgFLVAMAVwRUVgcFChkHUAQDUAMAAwBbTggAVgIDAA=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'SVQFCgwIUQZRXApLVAYKWglXUAUPARkHVQ4OXQAGAQpQTggFXA8OAw=='}
  
AlgorithmRSA/ECB/nopadding
Data (ASCII){O1:'SVQHAQABVgNTUgFLVAQBVgBQVQcBChkHVwUCVAcDAwRbTggHVwMHBA=='}
  
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)474554202f636f6e6669672f7461625f6c69737420485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)7b22756964223a2230303030303030302d376437652d663431322d666666662d666666663939643630336139222c22494d4549223a22333537323432303433323337353131222c226f70657261746f724e616d65223a22416e64726f6964222c22616e64
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)504f5354202f617070732f636f756e7420485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f6b656e3a
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)474554202f617070732f7265636f6d6d656e643f69643d3020485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a6970
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)474554202f617070732f63617465676f72795f6e616d655f6c6973743f747970653d3020485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e63
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)504f5354202f757365722f696e7374616c6c20485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f6b65
Operationsend
  
Destination184.172.2.106:30000
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)474554202f636f6e6669672f696e697420485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f6b656e3a
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)504f5354202f6d796170707320485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f6b656e3a2065794a
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)474554202f636f6e6669672f696e697420485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f6b656e3a
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)504f5354202f757365722f6f6e6c696e6520485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f6b656e
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)474554202f617070732f64657461696c733f69643d636f6d2e616e64726f69642e6368726f6d6520485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a416363657074
Operationsend
  
Destination184.172.2.106:80
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)474554202f636f6e6669672f617265615f75726c20485454502f312e310d0a436f6e74656e742d547970653a20746578742f6a736f6e0d0a4163636570743a20746578742f6a736f6e0d0a4163636570742d456e636f64696e673a20677a69700d0a746f
Operationsend
  
SMS information leakage
No SMS information leakage detected.
File information leakage
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d226973496e697465645f3730222076616c75653d227472
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c737472696e67206e616d653d224e45575f56455253494f4e5f494e5354414c4c5f504154
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d226973496e697465645f3730222076616c75653d227472
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d226973496e697465645f3730222076616c75653d227472
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d226973496e697465645f3730222076616c75653d227472
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d22444f574e4c4f41445f4150505f42595f5745425f4c49
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d226973496e697465645f3730222076616c75653d227472
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d2269735f7365745f616c61726d222076616c75653d2274
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c626f6f6c65616e206e616d653d226973496e697465645f3730222076616c75653d227472
  
Path/data/data/me.onemobile.android/shared_prefs/ONEMOBILE.xml
Operationwrite
TagTAINT_ICCID / TAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6c6f6e67206e616d653d224d595f415050535f55504c4f41445f4c41535454494d452220
  
Miscellaneous
Started services
Service nameme.onemobile.android.service.SyncService
Service nameme.onemobile.server.ServerService
Service nameme.onemobile.android.download.DownloadService
Output generated by ADB logcat
No logfile stored (feature added July 1, 2014).
report overview | terms & conditions | support & feedback | nviso.be