NVISO ApkScan malware analysis report

February 23, 2019

 
General information
File nameMobile_Version.apk
Other known file namesNone
OriginManually uploaded by anonymous user [2014-10-13 17:27:23]
MD5 hash55ead2f303048df96d0d48167cbcbc0d
SHA256 hash4a17a97cc9d5c0737162c3828a700dea718346b1e92a6f861bfe5005a39523aa
File size55.54 KB
WorkerUnknown
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks
CALL_PHONE Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
CALL_PRIVILEGED Allows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed.
DELETE_PACKAGES Allows an application to delete packages.
INSTALL_PACKAGES Allows an application to install packages.
INTERNET Allows applications to open network sockets.
READ_CONTACTS Allows an application to read the user's contacts data.
READ_PHONE_STATE Allows read only access to phone state.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
RECEIVE_SMS Allows an application to monitor incoming SMS messages, to record or perform processing on them.
SEND_SMS Allows an application to send SMS messages.
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class ru.stels2.MainService
Virus Total scan results
Ad-AwareAndroid.Trojan.FakeApp.K
AegisLabFaketoken
AhnLab-V3Android-Malicious/FakeInst
AvastAndroid:TrojanSMS-PG [Trj]
AVGAndroid/SMSAgent.E
AviraAndroid/SmsAgent.AZ.Gen
AVwareTrojan.AndroidOS.Generic.A
Baidu-InternationalTrojan.Win32.Banker.aIo
BitDefenderAndroid.Trojan.FakeApp.K
CAT-QuickHealAndroid.FakeInst.AM
ComodoUnclassifiedMalware
CyrenAndroidOS/FakeToken.B
DrWebAndroid.SmsSend.471.origin
EmsisoftAndroid.Trojan.FakeApp.K (B)
ESET-NOD32a variant of Android/TrojanSMS.Agent.ANZ
F-ProtAndroidOS/FakeToken.B
F-SecureTrojan:Android/FakeApp.S
FortinetAndroid/FkToken.B
GDataAndroid.Trojan.FakeApp.K
IkarusTrojan-SMS.AndroidOS.Agent
K7GWTrojan ( 0048d9231 )
KasperskyHEUR:Trojan-Banker.AndroidOS.Faketoken.b
KingsoftAndroid.Troj.generic.a.(kcloud)
McAfeeArtemis!55EAD2F30304
MicroWorld-eScanAndroid.Trojan.FakeApp.K
NANO-AntivirusTrojan.Android.Agent.cujubj
Qihoo-360Trojan.Generic
SophosAndr/FakeIns-AB
Tencenta.remote.stels
TotalDefenseAndroidOS/Tnega.fISBaKB
VIPRETrojan.AndroidOS.Generic.A
ZonerTrojan.AndroidOS.Agent.A
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

This most likely means that your application did not run correctly on our test device.
Our test devices run Android 4.1 Jelly Bean (API level 16), and currently do not support hardware OpenGL acceleration.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity
Accessed files
Filename/proc/meminfo
Filename/proc/934/cmdline
Filename/data/data/android.systempack.ins/shared_prefs/stelsSettings.xml
Filename/proc/976/cmdline
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filename/data/data/com.google.android.gsf/shared_prefs/EventLogService.xml
Filename/proc/906/cmdline
Filename/proc/922/cmdline
Filename/proc/868/cmdline
Filename/proc/965/cmdline
Filename/proc/870/cmdline
Filename/proc/950/cmdline
Filename/proc/855/cmdline
Filename/proc/961/cmdline
Filename/proc/893/cmdline
Filename/proc/907/cmdline
Filename/proc/919/cmdline
Network activity
Opened network connections
Destination124.217.251.231:80File descriptor19
Destination124.217.251.231:80File descriptor25
Destination124.217.251.231:80File descriptor32
Destination124.217.251.231:80File descriptor18
Destination124.217.251.231:80File descriptor25
Destination124.217.251.231:80File descriptor32
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
Number900MessageBALANS
Cryptographic activity
Used encryption keys
No cryptographic activity detected.
Encryption operations
No cryptographic activity detected.
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
Destination124.217.251.231:80
TagTAINT_PHONE_NUMBER / TAINT_IMEI / TAINT_IMSI
Data (ASCII)
Data (RAW)504f5354202f6d6f62696c65322f6a73742e70687020485454502f312e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d4161423033780d0a557365722d4167656e743a2044616c76
Operationsend
  
Destination124.217.251.231:80
TagTAINT_PHONE_NUMBER / TAINT_IMEI / TAINT_IMSI
Data (ASCII)
Data (RAW)504f5354202f666f6f742f6d61696e2f6a73742e70687020485454502f312e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d4161423033780d0a557365722d4167656e743a204461
Operationsend
  
Destination124.217.251.231:80
TagTAINT_PHONE_NUMBER / TAINT_IMEI / TAINT_IMSI
Data (ASCII)
Data (RAW)504f5354202f666f6f742f6d61696e2f6a73742e70687020485454502f312e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d4161423033780d0a557365722d4167656e743a204461
Operationsend
  
Destination124.217.251.231:80
TagTAINT_PHONE_NUMBER / TAINT_IMEI / TAINT_IMSI
Data (ASCII)
Data (RAW)504f5354202f6d6f62696c65322f6a73742e70687020485454502f312e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d4161423033780d0a557365722d4167656e743a2044616c76
Operationsend
  
Destination124.217.251.231:80
TagTAINT_PHONE_NUMBER / TAINT_IMEI / TAINT_IMSI
Data (ASCII)
Data (RAW)504f5354202f666f6f742f6d61696e2f6a73742e70687020485454502f312e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d4161423033780d0a557365722d4167656e743a204461
Operationsend
  
Destination124.217.251.231:80
TagTAINT_PHONE_NUMBER / TAINT_IMEI / TAINT_IMSI
Data (ASCII)
Data (RAW)504f5354202f666f6f742f6d61696e2f6a73742e70687020485454502f312e310d0a436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d4161423033780d0a557365722d4167656e743a204461
Operationsend
  
SMS information leakage
No SMS information leakage detected.
File information leakage
No file information leakage detected.
Miscellaneous
Started services
Service nameru.stels2.MainService
Service namecom.google.android.gsf.checkin.EventLogService
Output generated by ADB logcat
Download ADB logcat file (text format - 104 KB)
report overview | terms & conditions | support & feedback | nviso.be