b0f9adec11bd62bbf883ef83c0004641d2daf474c9346f8a957d5d3e55a9cfe4

Sharing

Copy URL Twitter E-mail

General

Target

b0f9adec11bd62bbf883ef83c0004641d2daf474c9346f8a957d5d3e55a9cfe4
Size

11.2MB
MD5

eb86c6cd368c5eaf69748d017c9f258c
SHA1

38fe3b7c4abd10321c75d4f2782a75a8bb0abfd6
SHA256

b0f9adec11bd62bbf883ef83c0004641d2daf474c9346f8a957d5d3e55a9cfe4
SHA512

952e2aef8e14b7990dd97f1b3586f4821ca0b3bc139799f5de17cfa10d85e73529f7fe1c69514e6aca9278975f8a26f0d25165636658923b4f4777a6f5426bf3
SSDEEP

196608:B9WwrG1D00icNUJiEs8SJMi6Ocr8vwvzioLx/O3dIdCAxiBpXi+ZuJoGKMSKZFJb:/5y1NiUqiJni1oIrioV/rdPOpXia+oaR

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b0f9adec11bd62bbf883ef83c0004641d2daf474c9346f8a957d5d3e55a9cfe4
.zip
秒看电视 7.8.3去广告版.apk
.apk android arch:arm

com.qy.kktv

com.qy.kktv.PlayerMainActivity

Activities

com.qy.kktv.PlayerMainActivity

android.intent.action.MAIN

com.qy.kktv.KyActivity

com.qy.kktv.action.CALL_CHANNEL_PRE
com.qy.kktv.action.CALL_CHANNEL_NEXT
com.qy.kktv.action.CALL_CHANNEL_BY_ID
com.qy.kktv.action.CALL_CHANNEL_BY_NUM
com.qy.kktv.action.CALL_CHANNEL_BY_NAME

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.INTERNET
android.permission.READ_LOGS
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.WRITE_SETTINGS
android.permission.GET_TASKS
android.permission.RESTART_PACKAGES
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.READ_EXTERNAL_STORAGE

Receivers

com.qy.kktv.home.receiver.BootReceiver

android.net.wifi.WIFI_STATE_CHANGED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.TIME_SET
android.intent.action.ACTION_TIMEZONE_CHANGED
android.intent.action.DATE_CHANGED
android.intent.action.BOOT_COMPLETED

Services

com.qy.kktv.home.VoiceChannelService

com.qy.kktv.action.CALL_CHANNEL_PRE
com.qy.kktv.action.CALL_CHANNEL_NEXT
com.qy.kktv.action.CALL_CHANNEL_BY_ID
com.qy.kktv.action.CALL_CHANNEL_BY_NUM
com.qy.kktv.action.CALL_CHANNEL_BY_NAME

com.qy.kktv.LiveService

com.iflytek.xiri2.app.NOTIFY

com.qy.kktv.home.deskservice.PlayerRemoteService

com.miaokan.player.aidl
channel.html
.html .js
cmey
config.json
global.xiri
info.json
lua.droid
wifi.html
.html .js

Sharing

General

Malware Config

Signatures

Files

com.qy.kktv

com.qy.kktv.PlayerMainActivity

Activities

com.qy.kktv.PlayerMainActivity

com.qy.kktv.KyActivity

Permissions

Receivers

com.qy.kktv.home.receiver.BootReceiver

Services

com.qy.kktv.home.VoiceChannelService

com.qy.kktv.LiveService

com.qy.kktv.home.deskservice.PlayerRemoteService