871cc144f05955d4567b2c991439ee9a06904f98200b02bb5799c9f1f605a7d9

General

Target

871cc144f05955d4567b2c991439ee9a06904f98200b02bb5799c9f1f605a7d9
Size

16.2MB
MD5

c1a18b4eb6d0e3f87975d707f3c11559
SHA1

f2c1a455a690825f16b6aa50c693b171f6511495
SHA256

871cc144f05955d4567b2c991439ee9a06904f98200b02bb5799c9f1f605a7d9
SHA512

122d6846994e6fc20c5ae4334f6efa8daad73dc2f02992f910f5d1afd8a89bf824175c49ca40c6ba859a01bdcea11e4669888140d84ca135c5003ae13ea4f0fa
SSDEEP

393216:/71M2Fo/rxxM+wzB9keRp4B6a4/jplMRdkkBdBrnaZ:BM4ATTAXnrtM8kByZ

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

871cc144f05955d4567b2c991439ee9a06904f98200b02bb5799c9f1f605a7d9
.apk android arch:arm64 arch:arm

com.zxhl.detector

com.zxhl.detector.news.SplashActivity

Activities

com.zxhl.detector.news.SplashActivity

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW

com.zxhl.detector.wxapi.WXPayEntryActivity

android.intent.action.VIEW

Permissions

android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.READ_CONTACTS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.CHANGE_NETWORK_STATE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.VIBRATE
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_EXTERNAL_STORAGE

Services
amap_resource1_0_0.png
.apk android

com.amap.api.map3d

Android Permissions

871cc144f05955d4567b2c991439ee9a06904f98200b02bb5799c9f1f605a7d9

Permissions

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.INTERNET

android.permission.READ_PHONE_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.READ_CONTACTS

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.CHANGE_NETWORK_STATE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.VIBRATE

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_EXTERNAL_STORAGE

Sharing

General

Malware Config

Signatures

Files

com.zxhl.detector

com.zxhl.detector.news.SplashActivity

Activities

com.zxhl.detector.news.SplashActivity

com.zxhl.detector.wxapi.WXPayEntryActivity

Permissions

Services

com.amap.api.map3d

Android Permissions

871cc144f05955d4567b2c991439ee9a06904f98200b02bb5799c9f1f605a7d9