NVISO ApkScan malware analysis report

April 23, 2019

 
General information
File nameMemoryBooster_1.3_apk-dl_.com_.apk
Other known file namesNone
OriginManually uploaded by anonymous user [2016-05-10 13:10:52]
MD5 hash4e563f8ce06050e2eb867eec1f8bb062
SHA256 hash2616bd66bbb67be548102f8471898bf97411e13dd8cb17065cc29ebe39163c5a
File size6240.61 KB
WorkerNVISO_API_KALI_01
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BLUETOOTH Allows applications to connect to paired bluetooth devices
CHANGE_WIFI_STATE Allows applications to change Wi-Fi connectivity state
CLEAR_APP_CACHE Allows an application to clear the caches of all installed applications on the device.
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
GET_TASKS Allows an application to get information about the currently or recently running tasks.
INTERNET Allows applications to open network sockets.
KILL_BACKGROUND_PROCESSES Allows an application to call killBackgroundProcesses(String).
READ_EXTERNAL_STORAGE Allows an application to read from external storage.
READ_PHONE_STATE Allows read only access to phone state.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
RESTART_PACKAGES This constant was deprecated in API level 8. The restartPackage(String) API is no longer supported.
RECEIVEUnknown permission
USE_CREDENTIALS Allows an application to request authtokens from the AccountManager
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class com.guruinfomedia.memory.cache.BatteryService
Class com.fa.c.SystemService
Class com.fa.c.StartService
Class com.google.android.gms.measurement.AppMeasurementService
Virus Total scan results
No scan results received from VirusTotal.

This most probably means that the sample hash is not yet known by the VirusTotal scanners.
You can always upload this sample at VirusTotal.com manually (we do not share samples automatically with third parties).
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot or animated GIF of the analysed application

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the application. This can result in our report showing a different screen than the one you would see when starting the application.

Disk activity
Accessed files
Filenamepipe:[3531]
Filenamepipe:[3533]
Filename/data/data/com.g.o.speed.memboost/shared_prefs/com.google.android.gms.measurement.prefs.xml
Filenamepipe:[3561]
Filenamepipe:[3597]
Filename/proc/meminfo
Filenamepipe:[3609]
Filename/dev/input/event0
Filenamepipe:[3549]
Filename/proc/1232/cmdline
Filenamepipe:[3532]
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filenamepipe:[3601]
Filenamepipe:[3541]
Filenamepipe:[3577]
Filename/proc/1420/cmdline
Filename/data/data/com.android.music/shared_prefs/Music.xml
Filename/proc/1395/cmdline
Filenamepipe:[3569]
Filename/proc/1258/cmdline
Filenamepipe:[3565]
Filenamepipe:[3540]
Filenamepipe:[3617]
Filenamepipe:[3546]
Filenamepipe:[3613]
Filename/proc/1301/cmdline
Filenamepipe:[3545]
Filenamepipe:[3605]
Filename/proc/1307/cmdline
Filename/proc/1444/cmdline
Filename/proc/1322/cmdline
Filename/data/data/com.g.o.speed.memboost/shared_prefs/com.g.o.speed.memboost_preferences.xml
Filenamepipe:[3557]
Filename/proc/1305/cmdline
Filenamepipe:[3581]
Filenamepipe:[3589]
Filenamepipe:[3573]
Filename/proc/1216/cmdline
Filename/dev/urandom
Filename/proc/1288/cmdline
Filename/data/data/com.android.vending/shared_prefs/finsky.xml
Filenamepipe:[3585]
Filename/proc/1244/cmdline
Filenamepipe:[3593]
Filenamepipe:[3553]
Network activity
Opened network connections
Destination188.165.230.184:8811File descriptor18
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
No text messages were placed automatically.
Cryptographic activity
Used encryption keys
No cryptographic activity detected.
Encryption operations
No cryptographic activity detected.
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
No network information leakage detected.
SMS information leakage
No SMS information leakage detected.
File information leakage
No file information leakage detected.
Miscellaneous
Started services
Service namecom.fa.c.SystemService
Service namecom.fa.c.StartService
Service namecom.android.music.MediaPlaybackService
Output generated by ADB logcat
Download ADB logcat file (text format - 495 KB)
report overview | terms & conditions | support & feedback | nviso.be