ae24f817dee8f36bd9c168b6492fb7a124397a7a011ca4454db537025d97af5a[.]apk[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ae24f817dee8f36bd9c168b6492fb7a124397a7a011ca4454db537025d97af5a.apk.zip
Size

13.2MB
MD5

26e42e0a3c670aeb1cdc6bcb03ded270
SHA1

1950deca459a25210ba5d7a3d869c4f4232ccb1b
SHA256

72b469e626f3141aa3dbff4838401bbaa4187949d25a3ac93558c09c00f70b8e
SHA512

25b8bbfd482880e82764494f416a0956fd4c92fddc3c5e9a726c39df1f263502a9835880389ae5b0b17ca46c5482ab154d7e17ef3ecb3181a26d7cfc6c30a28c
SSDEEP

393216:WH0Eld/A6qeGC2Np9ECmUsIxWGm8TcQQMH6yp3jy:WH0EldI6qD0I28T0MH6ydm

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

ae24f817dee8f36bd9c168b6492fb7a124397a7a011ca4454db537025d97af5a.apk.zip
.zip

Password: infected
ae24f817dee8f36bd9c168b6492fb7a124397a7a011ca4454db537025d97af5a.apk
.apk android arch:arm

com.eyefilter.night

com.eyefilter.night.activity.WelcomeActivity

Activities

com.eyefilter.night.activity.WelcomeActivity

android.intent.action.MAIN
android.intent.action.MAIN

com.facebook.CustomTabActivity

android.intent.action.VIEW

com.cootek.business.func.debug.BBaseTestActivity

com.cootek.business.ACTION_DEBUG_BBASE

com.cootek.presentation.service.ShortcutActionHandler

intent.action.desktop.SHORTCUT_HANDLE

com.cootek.business.func.noah.presentation.PresentationWebViewActivity

android.intent.action.MAIN

com.cootek.business.func.noah.presentation.ActionConfirmActivity

android.intent.action.MAIN

com.cootek.business.func.firebase.dynamiclink.IntentUriHandler

android.intent.action.VIEW

com.google.android.gms.appinvite.PreviewActivity

com.google.android.gms.appinvite.ACTION_PREVIEW

com.cootek.tark.privacy.PrivacySettingsActivity

android.intent.action.MAIN

com.cootek.tark.privacy.PrivacyPolicyLocalActivity

android.intent.action.MAIN

com.mobutils.android.tark.sp.bridge.SPIDActivity

com.cootek.ls.action.LOCK_SCREEEN

com.mobutils.android.tark.yw.bridge.YWIDActivity

com.cootek.tpots.action.OTS_IDENTIFY

com.mobutils.android.mediation.impl.TPMDInstallReferrerIDActivity

com.mobutils.android.mediation.action.TP_MD_INSTALL_REFERRER

com.cootek.tark.priorityhelper.EmptyActivity

com.cootek.hades.intent.action.APP_PRIORITY_2

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.INTERNET
android.permission.GET_ACCOUNTS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.WRITE_SETTINGS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_LOGS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.VIBRATE
android.permission.PACKAGE_USAGE_STATS
com.eyefilter.night.permission.C2D_MESSAGE
android.permission.READ_EXTERNAL_STORAGE
com.android.vending.BILLING
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.READ_SYNC_STATS
android.permission.WRITE_SYNC_SETTINGS
android.permission.AUTHENTICATE_ACCOUNTS
com.commons.api.READ_DATABASE
com.commons.api.WRITE_DATABASE
android.permission.EXPAND_STATUS_BAR

Receivers

com.eyefilter.night.receiver.BootReceiver

android.intent.action.BOOT_COMPLETED

com.eyefilter.night.receiver.SetTimeReceiver

action_is_alive_noon

com.appsflyer.MultipleInstallBroadcastReceiver

com.android.vending.INSTALL_REFERRER

com.cootek.usage.UsageAlarmReceiver

com.cootek.usage.alarm_operation

com.cootek.usage.TimeChangeReceiver

android.intent.action.TIME_SET

com.cootek.usage.InternetReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.cootek.presentation.service.PresentationServiceReceiver

com.cootek.presentation.action.CHECK_DESKTOP_SHORTCUT_TOAST
com.cootek.presentation.action.REMOVE_DESKTOP_SHORTCUT_TOAST
com.cootek.presentation.action.CONFIG_UPDATE
android.intent.action.BOOT_COMPLETED

com.cootek.business.func.noah.presentation.PresentationReceiver

com.cootek.presentation.action.START_WORK
com.cootek.presentation.action.REFRESH_TOKEN
com.cootek.presentation.action.NEED_TOKEN
com.cootek.presentation.action.CHECK_STATUS_TOAST
com.cootek.presentation.action.CHECK_DUMMY_TOAST
com.cootek.presentation.action.MESSAGE_READY
com.cootek.presentation.action.CHECK_BALLOON_TOAST
com.cootek.tark.balloon.ACTION_REFRESH_BALLOON

com.cootek.business.func.noah.presentation.NotificationActionReceiver

com.cootek.tark.balloon.PresentationClient.ACTION_DELETE_NOTIFICATION
com.cootek.tark.balloon.PresentationClient.ACTION_CLICK_NOTIFICATION

com.cootek.business.func.referrer.BBaseReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.cootek.business.receiver.BBaseNetworkConnectChangedReceiver

android.NET.conn.CONNECTIVITY_CHANGE
android.Net.wifi.WIFI_STATE_CHANGED
android.net.wifi.STATE_CHANGE

com.cootek.business.receiver.BBaseBootReceiver

android.intent.action.BOOT_COMPLETED

com.android.utils.hades.sdk.SysWrapperUpdateReceiver

com.android.utils.hades.ACTION_START_SYS_WRAPPER
com.android.utils.hades.ACTION_UPDATE_SYS_WRAPPER

com.android.utils.hades.sdk.CommonResUpdateReceiver

com.android.utils.hades.ACTION_INIT_COMMON_RES
com.android.utils.hades.ACTION_UPDATE_COMMON_RES

com.android.utils.hades.sdk.ShortcutResultReceiver

com.eyefilter.night.ACTION_SHORTCUT_CREATED

com.android.utils.hades.sdk.ImplicitRegisterReceiver

com.android.utils.hades.ACTION_REGISTER_IMPLICIT_RECEIVERS

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.cootek.tpwebcomponent.PackageReceiver

android.intent.action.PACKAGE_REMOVED

cootek.bbase.daemon.core.WakeUpBootReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

com.snipermob.wakeup.core.StaticReceiver

android.intent.action.PACKAGE_INSTALL
android.intent.action.PACKAGE_REMOVED
android.intent.action.USER_PRESENT
android.intent.action.ACTION_POWER_CONNECTED

com.mobutils.android.tark.sp.bridge.SPMessageListenerReceiver

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.USER_PRESENT
android.intent.action.PHONE_STATE
com.cootek.telecom.voip.action.incoming
com.smartdialer.voip.action.STATE_RINGING

com.mobutils.android.tark.yw.api.feature.YWMessageListenerReceiver

android.intent.action.USER_PRESENT
com.cootek.smartinputv5.action.SP.DESTROY
android.intent.action.PHONE_STATE

com.mobutils.android.tark.yw.api.feature.ImplicitRegisterReceiver

com.mobutils.android.tark.yw.api.feature.ACTION_REGISTER_IMPLICIT_RECEIVERS

com.mobutils.android.tark.yw.bridge.YWMessageListenerReceiver

android.net.wifi.STATE_CHANGE
android.net.wifi.WIFI_STATE_CHANGED
android.net.conn.CONNECTIVITY_CHANGE

com.mobutils.android.mediation.impl.PackageBroadcastReceiver

android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED

com.mobutils.android.mediation.impl.SwitchUpdateEventReceiver

android.intent.action.USER_PRESENT
android.net.wifi.STATE_CHANGE
android.net.wifi.WIFI_STATE_CHANGED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PHONE_STATE

com.mobutils.android.mediation.utility.AppInstallReceiver

android.intent.action.PACKAGE_REMOVED

com.mobutils.android.mediation.sdk.MaterialNotificationReceiver

com.mobutils.android.mediation.MaterialNotificationReceiver.ACTION_CLICK_NOTIFICATION
com.mobutils.android.mediation.MaterialNotificationReceiver.ACTION_CANCEL_NOTIFICATION
com.mobutils.android.mediation.MaterialNotificationReceiver.ACTION_AD_EXPIRES

com.mobutils.android.mediation.sdk.switches.SwitchUpdateReceiver

com.mobutils.android.mediation.ACTION_UPDATE_SWITCH

com.talia.commercialcommon.utils.alarm.AlarmTaskReceiver

com.talia.commercial.common.alarm_action

Services

com.eyefilter.night.service.FilterService

action_keep_alive

com.cootek.business.func.firebase.push.FMessagingService

com.google.firebase.MESSAGING_EVENT

com.cootek.business.func.firebase.push.FirebaseIdService

com.google.firebase.INSTANCE_ID_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

android.basicsyncadapter.account.SyncService

android.content.SyncAdapter

android.basicsyncadapter.account.GenericAccountService

android.accounts.AccountAuthenticator

com.snipermob.sdk.mobileads.internal.NotificationService

com.snipermob.sdk.notification

com.mobutils.android.tark.sp.notification.NotificationListener

android.service.notification.NotificationListenerService
545.json
DINPro-Light.otf
.ps1
b_base_config.json
channel_config.json
consentform.html
.html .js
crashlytics-build.properties
daemon
.elf linux x86
exp_suite_100015.json
font1.ttf
icon-icomoon-gemini.renc
icon-icomoon-robin.renc
ironSource.html
.html .js
jr.json
mobutils_mediation_init_config.json
relax_end.mp3
tick.mp3
tp_config
tp_promo.xml
usage_strategy.xml

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.eyefilter.night

com.eyefilter.night.activity.WelcomeActivity

Activities

com.eyefilter.night.activity.WelcomeActivity

com.facebook.CustomTabActivity

com.cootek.business.func.debug.BBaseTestActivity

com.cootek.presentation.service.ShortcutActionHandler

com.cootek.business.func.noah.presentation.PresentationWebViewActivity

com.cootek.business.func.noah.presentation.ActionConfirmActivity

com.cootek.business.func.firebase.dynamiclink.IntentUriHandler

com.google.android.gms.appinvite.PreviewActivity

com.cootek.tark.privacy.PrivacySettingsActivity

com.cootek.tark.privacy.PrivacyPolicyLocalActivity

com.mobutils.android.tark.sp.bridge.SPIDActivity

com.mobutils.android.tark.yw.bridge.YWIDActivity

com.mobutils.android.mediation.impl.TPMDInstallReferrerIDActivity

com.cootek.tark.priorityhelper.EmptyActivity

Permissions

Receivers

com.eyefilter.night.receiver.BootReceiver

com.eyefilter.night.receiver.SetTimeReceiver

com.appsflyer.MultipleInstallBroadcastReceiver

com.cootek.usage.UsageAlarmReceiver

com.cootek.usage.TimeChangeReceiver

com.cootek.usage.InternetReceiver

com.cootek.presentation.service.PresentationServiceReceiver

com.cootek.business.func.noah.presentation.PresentationReceiver

com.cootek.business.func.noah.presentation.NotificationActionReceiver

com.cootek.business.func.referrer.BBaseReferrerReceiver

com.cootek.business.receiver.BBaseNetworkConnectChangedReceiver

com.cootek.business.receiver.BBaseBootReceiver

com.android.utils.hades.sdk.SysWrapperUpdateReceiver

com.android.utils.hades.sdk.CommonResUpdateReceiver

com.android.utils.hades.sdk.ShortcutResultReceiver

com.android.utils.hades.sdk.ImplicitRegisterReceiver

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.cootek.tpwebcomponent.PackageReceiver

cootek.bbase.daemon.core.WakeUpBootReceiver

com.snipermob.wakeup.core.StaticReceiver

com.mobutils.android.tark.sp.bridge.SPMessageListenerReceiver

com.mobutils.android.tark.yw.api.feature.YWMessageListenerReceiver

com.mobutils.android.tark.yw.api.feature.ImplicitRegisterReceiver

com.mobutils.android.tark.yw.bridge.YWMessageListenerReceiver

com.mobutils.android.mediation.impl.PackageBroadcastReceiver

com.mobutils.android.mediation.impl.SwitchUpdateEventReceiver

com.mobutils.android.mediation.utility.AppInstallReceiver

com.mobutils.android.mediation.sdk.MaterialNotificationReceiver

com.mobutils.android.mediation.sdk.switches.SwitchUpdateReceiver

com.talia.commercialcommon.utils.alarm.AlarmTaskReceiver

Services

com.eyefilter.night.service.FilterService

com.cootek.business.func.firebase.push.FMessagingService

com.cootek.business.func.firebase.push.FirebaseIdService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.iid.FirebaseInstanceIdService

android.basicsyncadapter.account.SyncService

android.basicsyncadapter.account.GenericAccountService

com.snipermob.sdk.mobileads.internal.NotificationService

com.mobutils.android.tark.sp.notification.NotificationListener