d688f0840c311c872efceb09afa5dc3ecd12d56432e9c79ceb079f6c009f9ee5[.]apk[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d688f0840c311c872efceb09afa5dc3ecd12d56432e9c79ceb079f6c009f9ee5.apk.zip
Size

9.7MB
MD5

01fe37f64e7acd7ff371838f242de764
SHA1

69d358d0bfd69bcd11292ecd51c38df75dd32ae5
SHA256

ee57c318e472a9385ca4c68336fa60c7aab89d495e7923b81caa1c0c0b49cf7b
SHA512

7264b80d2e2fc959241535291aff502721a2d6763a1500a4df18ceb811680aad405cfb6f633faa1d9416682a0054bc6064a3b735be7ced2ef7d9d22b8a5d9b04
SSDEEP

196608:/hRIOALNMPg0YaDk2GUFgkb74sZiYB2p80fMdCSCW7Vw9ronqYTS:75Py99ub740C1fM57VOoqYTS

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to record audio.	android.permission.RECORD_AUDIO

Files

d688f0840c311c872efceb09afa5dc3ecd12d56432e9c79ceb079f6c009f9ee5.apk.zip
.zip

Password: infected
d688f0840c311c872efceb09afa5dc3ecd12d56432e9c79ceb079f6c009f9ee5.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.uptodown

com.uptodown.activities.MainActivityScrollable

Activities

com.uptodown.activities.MainActivityScrollable

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.uptodown.tv.ui.activity.TvMainActivity

android.intent.action.MAIN

com.uptodown.activities.InstallerActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.GET_ACCOUNTS
com.google.android.c2dm.permission.RECEIVE
android.permission.WAKE_LOCK
com.uptodown.permission.C2D_MESSAGE
com.google.android.apps.photos.permission.GOOGLE_PHOTOS
android.permission.BATTERY_STATS
android.permission.CHANGE_CONFIGURATION
android.permission.CLEAR_APP_CACHE
android.permission.GET_PACKAGE_SIZE
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.USE_CREDENTIALS
android.permission.WRITE_SETTINGS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.MANAGE_ACCOUNTS
android.permission.ACCESS_WIFI_STATE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.INSTALL_PACKAGES
android.permission.DELETE_PACKAGES
android.permission.RECORD_AUDIO
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.startapp.android.publish.common.metaData.BootCompleteListener

android.intent.action.BOOT_COMPLETED

com.uptodown.receivers.GcmBroadcastReceiver

com.google.android.c2dm.intent.RECEIVE

com.uptodown.receivers.BootDeviceReceiver

android.intent.action.BOOT_COMPLETED

com.google.android.gms.analytics.AnalyticsReceiver

com.google.android.gms.analytics.ANALYTICS_DISPATCH

com.google.android.gms.analytics.CampaignTrackingReceiver

com.android.vending.INSTALL_REFERRER

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.v14.RUN_JOB
net.vrallev.android.job.v14.RUN_JOB

com.evernote.android.job.JobBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.intent.action.MY_PACKAGE_REPLACED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

Services

com.uptodown.services.AuthenticatorService

android.accounts.AccountAuthenticator

com.evernote.android.job.gcm.PlatformGcmService

com.google.android.gms.gcm.ACTION_TASK_READY
Roboto-Black.ttf
Roboto-Bold.ttf
Roboto-BoldItalic.ttf
Roboto-Light.ttf
Roboto-LightItalic.ttf
Roboto-Medium.ttf
Roboto-Regular.ttf
Roboto-Thin.ttf
closebutton.html
.html
countdown_image.png
.png
crashlytics-build.properties
mraid.js
.js
tj_close_button.png
.png

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.uptodown

com.uptodown.activities.MainActivityScrollable

Activities

com.uptodown.activities.MainActivityScrollable

com.uptodown.tv.ui.activity.TvMainActivity

com.uptodown.activities.InstallerActivity

Permissions

Receivers

com.startapp.android.publish.common.metaData.BootCompleteListener

com.uptodown.receivers.GcmBroadcastReceiver

com.uptodown.receivers.BootDeviceReceiver

com.google.android.gms.analytics.AnalyticsReceiver

com.google.android.gms.analytics.CampaignTrackingReceiver

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.JobBootReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

Services

com.uptodown.services.AuthenticatorService

com.evernote.android.job.gcm.PlatformGcmService