21177bd22e2c79bef4ac3429d57536744931a16219595c2ea364b699e193cd8e

Sharing

Copy URL

Twitter E-mail

General

Target

21177bd22e2c79bef4ac3429d57536744931a16219595c2ea364b699e193cd8e
Size

17.5MB
MD5

f8b9f6bbe0fd1ecb297c44972e9fb461
SHA1

d2e1a385be66161905c75afc50bb955859789604
SHA256

21177bd22e2c79bef4ac3429d57536744931a16219595c2ea364b699e193cd8e
SHA512

670c740bef60e6177bb52b0390849a8194c7ef05549cb91f69254c281b548b98c05939d80e682902f85066a9c4ee53a599f8dce702e40acf39c63cb0209bf1f0
SSDEEP

393216:72dmbZydJJa7AD4iRFthFXvu1MJMUSzXAi4Gp0xS5Y:72o1ydJJ3/t4Djt4GpWH

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 2 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards).	android.permission.BIND_INPUT_METHOD
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 12 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS

Files

21177bd22e2c79bef4ac3429d57536744931a16219595c2ea364b699e193cd8e
.apk android arch:arm

com.ziipin.softkeyboard

com.ziipin.setting.WelcomeActivity

Activities

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

com.ziipin.setting.GuideActivity

com.ziipin.softkeyboard.GuideActivity

com.ziipin.setting.WelcomeActivity

com.ziipin.softkeyboard.WelcomeActivity
android.intent.action.MAIN

ziipinmobile.activity.ZiipinmobileAActivity

android.intent.action.CREATE_SHORTCUT

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.WAKE_LOCK
android.permission.GET_TASKS
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_COARSE_LOCATION
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_LOGS
android.permission.GET_TASKS
android.permission.SYSTEM_ALERT_WINDOW
com.android.launcher.permission.INSTALL_SHORTCUT
com.mozillaonline.permission.ACCESS_DOWNLOAD_MANAGER
com.mozillaonline.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED
com.mozillaonline.permission.SEND_DOWNLOAD_COMPLETED_INTENTS
com.mozillaonline.permission.DOWNLOAD_WITHOUT_NOTIFICATION
com.mozillaonline.permission.ACCESS_ALL_DOWNLOADS
android.permission.GET_PACKAGE_SIZE
android.permission.WAKE_LOCK
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.VIBRATE
android.permission.WRITE_SETTINGS
android.permission.REORDER_TASKS
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
android.permission.READ_CONTACTS

Receivers

com.umeng.message.RegistrationReceiver

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED

com.umeng.message.UmengBroadcastReceiver

org.agoo.android.intent.action.RECEIVE
com.ziipin.softkeyboard.intent.action.COMMAND
org.agoo.android.intent.action.RE_ELECTION_V2

com.ziipin.common.util.AlarmReceiver4SaveFrequency

Savingfrequency

com.ziipin.common.util.AlarmReceiver4SendUserHabits

SendUserHabits

com.ziipin.common.util.AlarmReceiver4GetLexiconInformation

GetLexiconInformation

com.umeng.message.RegistrationReceiver

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED
android.intent.action.BOOT_COMPLETED

ziipinmobile.receiver.ZiipinmobileAReceiver

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.net.conn.CONNECTIVITY_CHANGE

net.youmi.android.AdReceiver

android.intent.action.PACKAGE_ADDED

Services

com.umeng.message.UmengService

com.ziipin.softkeyboard.intent.action.START
com.ziipin.softkeyboard.intent.action.COCKROACH
org.agoo.android.intent.action.PING

org.android.agoo.service.ElectionService

org.agoo.android.intent.action.ELECTION_V2

com.ziipin.ime.pinyin.PinyinDecoderService

com.ziipin.ime.pinyin.Decoder_Service

com.ziipin.softkeyboard.SoftKeyboard

android.view.InputMethod

org.android.agoo.service.ElectionService

org.agoo.android.intent.action.ELECTION_V2

com.ziipin.content.MyAccessibilityService

android.accessibilityservice.AccessibilityService
market.mp3
.apk android arch:arm

com.badam.softcenter

com.badam.softcenter.common.ui.SplashActivity

Activities

com.badam.softcenter.common.ui.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.READ_LOGS
com.mozillaonline.permission.ACCESS_DOWNLOAD_MANAGER
com.mozillaonline.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED
com.mozillaonline.permission.SEND_DOWNLOAD_COMPLETED_INTENTS
com.mozillaonline.permission.DOWNLOAD_WITHOUT_NOTIFICATION
com.mozillaonline.permission.ACCESS_ALL_DOWNLOADS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
android.permission.GET_PACKAGE_SIZE
android.permission.GET_TASKS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.WRITE_SETTINGS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.INTERNET
android.permission.READ_PHONE_STATE

Receivers

com.umeng.message.RegistrationReceiver

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED
android.intent.action.BOOT_COMPLETED

com.umeng.message.UmengBroadcastReceiver

org.agoo.android.intent.action.RECEIVE
com.badam.softcenter.intent.action.COMMAND
org.agoo.android.intent.action.RE_ELECTION_V2

Services

com.umeng.message.UmengService

com.badam.softcenter.intent.action.START
com.badam.softcenter.intent.action.COCKROACH
org.agoo.android.intent.action.PING

org.android.agoo.service.ElectionService

org.agoo.android.intent.action.ELECTION_V2
ukijtut.mp3
.apk android

com.monotype.android.font.wuhuaguo_b03f3e648a91e77eb968df2480cc3bd9
ukijtuz.mp3
.apk android

com.monotype.android.font.wuhuaguo_bd5f649a9c58cacbfd012df769384d68
ziipinmobile_c
.apk android

Android Permissions

21177bd22e2c79bef4ac3429d57536744931a16219595c2ea364b699e193cd8e

Permissions

android.permission.WRITE_EXTERNAL_STORAGE

com.android.launcher.permission.READ_SETTINGS

com.android.launcher.permission.WRITE_SETTINGS

android.permission.READ_PHONE_STATE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.WAKE_LOCK

android.permission.GET_TASKS

android.permission.INTERNET

android.permission.READ_PHONE_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_COARSE_LOCATION

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.READ_SETTINGS

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_LOGS

android.permission.GET_TASKS

android.permission.SYSTEM_ALERT_WINDOW

com.android.launcher.permission.INSTALL_SHORTCUT

com.mozillaonline.permission.ACCESS_DOWNLOAD_MANAGER

com.mozillaonline.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED

com.mozillaonline.permission.SEND_DOWNLOAD_COMPLETED_INTENTS

com.mozillaonline.permission.DOWNLOAD_WITHOUT_NOTIFICATION

com.mozillaonline.permission.ACCESS_ALL_DOWNLOADS

android.permission.GET_PACKAGE_SIZE

android.permission.WAKE_LOCK

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.INTERNET

android.permission.READ_PHONE_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.VIBRATE

android.permission.WRITE_SETTINGS

android.permission.REORDER_TASKS

com.android.launcher.permission.UNINSTALL_SHORTCUT

com.android.launcher.permission.READ_SETTINGS

android.permission.READ_CONTACTS

Sharing

General

Malware Config

Signatures

Files

com.ziipin.softkeyboard

com.ziipin.setting.WelcomeActivity

Activities

com.tencent.tauth.AuthActivity

com.ziipin.setting.GuideActivity

com.ziipin.setting.WelcomeActivity

ziipinmobile.activity.ZiipinmobileAActivity

Permissions

Receivers

com.umeng.message.RegistrationReceiver

com.umeng.message.UmengBroadcastReceiver

com.ziipin.common.util.AlarmReceiver4SaveFrequency

com.ziipin.common.util.AlarmReceiver4SendUserHabits

com.ziipin.common.util.AlarmReceiver4GetLexiconInformation

com.umeng.message.RegistrationReceiver

ziipinmobile.receiver.ZiipinmobileAReceiver

net.youmi.android.AdReceiver

Services

com.umeng.message.UmengService

org.android.agoo.service.ElectionService

com.ziipin.ime.pinyin.PinyinDecoderService

com.ziipin.softkeyboard.SoftKeyboard

org.android.agoo.service.ElectionService

com.ziipin.content.MyAccessibilityService

com.badam.softcenter

com.badam.softcenter.common.ui.SplashActivity

Activities

com.badam.softcenter.common.ui.SplashActivity

Permissions

Receivers

com.umeng.message.RegistrationReceiver

com.umeng.message.UmengBroadcastReceiver

Services

com.umeng.message.UmengService

org.android.agoo.service.ElectionService

com.monotype.android.font.wuhuaguo_b03f3e648a91e77eb968df2480cc3bd9

com.monotype.android.font.wuhuaguo_bd5f649a9c58cacbfd012df769384d68

Android Permissions

21177bd22e2c79bef4ac3429d57536744931a16219595c2ea364b699e193cd8e