NVISO ApkScan malware analysis report

October 23, 2017

 
General information
File nameXXshenqi.apk
Other known file namesNone
OriginManually uploaded by anonymous user [2015-07-13 12:37:29]
MD5 hashdb3007f01056b70aac3920b628a86f76
SHA256 hash681fe92e1aba20a7b544fd783a9f20f226a421ce6559105c0f692ec2fd0e63d2
File size2408.09 KB
WorkerNVISO_API_KALI_01
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks
READ_CONTACTS Allows an application to read the user's contacts data.
SEND_SMS Allows an application to send SMS messages.
WRITE_CONTACTS Allows an application to write (but not read) the user's contacts data.
Services
No services registered.
Virus Total scan results
Ad-AwareAndroid.Trojan.InfoStealer.DU
AegisLabTrogle
AhnLab-V3Android-Trojan/Trogle.7109
AlibabaA.H.Fra.XXShenqi.A
Antiy-AVLTrojan[Backdoor]/AndroidOS.Trogle.a
ArcabitAndroid.Trojan.InfoStealer.DU
AvastAndroid:XXshenqi-A [Trj]
AVGAndroid/Deng.DMY
Baidu-InternationalTrojan.Android.Trogle.A
BitDefenderAndroid.Trojan.InfoStealer.DU
CAT-QuickHealAndroid.Trogle.A
ComodoUnclassifiedMalware
CyrenAndroidOS/GenBl.9FD8F210!Olympus
DrWebAndroid.SmsBot.147.origin
EmsisoftAndroid.Trojan.InfoStealer.DU (B)
ESET-NOD32Android/Trogle.A
F-SecureTrojan:Android/Trogoogle.A
FortinetAndroid/PossibleThreat
GDataAndroid.Trojan.InfoStealer.DU
IkarusTrojan.AndroidOS.XXshenqi
K7GWTrojan ( 0049fd671 )
KasperskyHEUR:Backdoor.AndroidOS.Trogle.a
KingsoftAndroid.Troj.Xxshenqi.a.(kcloud)
McAfeeArtemis!DB3007F01056
McAfee-GW-EditionArtemis!DB3007F01056
MicroWorld-eScanAndroid.Trojan.InfoStealer.DU
NANO-AntivirusTrojan.Android.SmsSend.dinjgo
Qihoo-360Trojan.Generic
RisingDEX:Worm.Android.Locust!1.9FDC
SophosAndr/SmsSend-FA
SymantecAndroid.Trogle
TencentWorm.Android.Trogle.a
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot or animated GIF of the analysed application

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the application. This can result in our report showing a different screen than the one you would see when starting the application.

Disk activity
Accessed files
Filename/data/data/com.example.xxshenqi/files/com.android.Trogoogle.apk
Filenamepipe:[5038]
Filename/dev/input/event0
Filename/proc/14/cmdline
Filename/proc/272/cmdline
Filename/proc/626/cmdline
Filename/proc/585/cmdline
Filename/proc/1341/cmdline
Filenamepipe:[5046]
Filename/proc/41/cmdline
Filename/proc/807/cmdline
Filenamepipe:[4820]
Filename/proc/730/cmdline
Filename/proc/1346/cmdline
Filename/proc/590/cmdline
Filename/proc/28/cmdline
Filename/proc/274/cmdline
Filename/proc/29/cmdline
Filename/proc/25/cmdline
Filename/proc/10/cmdline
Filename/proc/4/cmdline
Filename/proc/1286/cmdline
Filename/proc/1/cmdline
Filename/data/data/com.android.vending/shared_prefs/finsky.xml
Filename/proc/35/cmdline
Filename/proc/1330/cmdline
Filename/proc/842/cmdline
Filename/proc/12/cmdline
Filename/proc/352/cmdline
Filename/proc/1128/cmdline
Filename/proc/464/cmdline
Filename/proc/11/cmdline
Filename/proc/9/cmdline
Filename/proc/46/cmdline
Filename/proc/6/cmdline
Filename/proc/7/cmdline
Filename/proc/1344/cmdline
Filename/proc/273/cmdline
Filename/proc/1059/cmdline
Filename/proc/479/cmdline
Filename/proc/27/cmdline
Filename/proc/746/cmdline
Filename/proc/1145/cmdline
Filename/proc/30/cmdline
Filename/proc/786/cmdline
Filename/proc/42/cmdline
Filename/proc/40/cmdline
Filename/proc/8/cmdline
Filename/proc/1367/cmdline
Filename/proc/1233/cmdline
Filename/proc/45/cmdline
Filename/data/data/com.android.music/shared_prefs/Music.xml
Filename/proc/26/cmdline
Filename/proc/495/cmdline
Filename/proc/1095/cmdline
Filename/proc/1300/cmdline
Filename/proc/2/cmdline
Filename/proc/34/cmdline
Filename/data/anr/traces.txt
Filename/proc/37/cmdline
Filename/proc/1194/cmdline
Filename/proc/3/cmdline
Filename/proc/33/cmdline
Filename/proc/5/cmdline
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filename/proc/39/cmdline
Filename/proc/657/cmdline
Filename/proc/24/cmdline
Filename/proc/13/cmdline
Filename/proc/1271/cmdline
Network activity
Opened network connections
No network connections were opened.
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
Number18670259904MessageXXshenqi 群发链接OK
Number18670259904MessageXXshenqi 群发链接OK
Number18670259904MessageXXshenqi 群发链接OK
Cryptographic activity
Used encryption keys
No cryptographic activity detected.
Encryption operations
No cryptographic activity detected.
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
No network information leakage detected.
SMS information leakage
No SMS information leakage detected.
File information leakage
No file information leakage detected.
Miscellaneous
Started services
Service namecom.android.music.MediaPlaybackService
Output generated by ADB logcat
Download ADB logcat file (text format - 1520 KB)
report overview | terms & conditions | support & feedback | nviso.be