368f915529596d5c581916ad86ec26a6046becef5fe34c91ce5119362f8ead71

General

Target

368f915529596d5c581916ad86ec26a6046becef5fe34c91ce5119362f8ead71
Size

15.2MB
MD5

269e2c7ee2401cf7309dcb7df8e8fec2
SHA1

e76d0c90535325cddb505ee06c13219e2f6f4810
SHA256

368f915529596d5c581916ad86ec26a6046becef5fe34c91ce5119362f8ead71
SHA512

3c65275c28202e722fdbcde528e3d6d2e8a5829c4c0370d1048d24857cda7e93553b55d8c87fba634a0d54f522dcb1d03f42e21229916c96d8affb43a3d964d0
SSDEEP

393216:stRKDX5RMoF+kH0bR519wFdipbgq+Ts+P6O5b8gvk+GA:m8pioMkSzQipoTHi6b8kkJA

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 5 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx

Requests dangerous framework permissions 19 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to add voicemails into the system.	com.android.voicemail.permission.ADD_VOICEMAIL
Required to be able to access the camera device.	android.permission.CAMERA
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to access data from sensors that the user uses to measure what is happening inside their body, such as heart rate.	android.permission.BODY_SENSORS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to use SIP service.	android.permission.USE_SIP
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS

Files

368f915529596d5c581916ad86ec26a6046becef5fe34c91ce5119362f8ead71
.apk android arch:arm

com.zczm.weix

io.virtualapp.splash.SplashActivity

Activities

io.virtualapp.splash.SplashActivity

android.intent.action.MAIN

com.lody.virtual.client.stub.ShortcutHandleActivity

com.zczm.weix.virtual.action.shortcut

Permissions

android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
com.samsung.svoice.sync.READ_DATABASE
com.samsung.svoice.sync.ACCESS_SERVICE
com.samsung.svoice.sync.WRITE_DATABASE
com.sec.android.app.voicenote.Controller
com.sec.android.permission.VOIP_INTERFACE
com.sec.android.permission.LAUNCH_PERSONAL_PAGE_SERVICE
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
com.samsung.android.providers.context.permission.READ_RECORD_AUDIO
com.samsung.android.providers.context.permission.WRITE_RECORD_AUDIO
com.sec.android.settings.permission.SOFT_RESET
sec.android.permission.READ_MSG_PREF
com.samsung.android.scloud.backup.lib.read
com.samsung.android.scloud.backup.lib.write
com.android.alarm.permission.SET_ALARM
com.android.voicemail.permission.ADD_VOICEMAIL
com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL
com.huawei.authentication.HW_ACCESS_AUTH_SERVICE
com.android.vending.BILLING
com.android.vending.CHECK_LICENSE
com.google.android.providers.talk.permission.READ_ONLY
com.google.android.providers.talk.permission.WRITE_ONLY
com.google.android.c2dm.permission.RECEIVE
com.google.android.gms.permission.ACTIVITY_RECOGNITION
com.google.android.gms.permission.AD_ID_NOTIFICATION
com.google.android.providers.gsf.permission.READ_GSERVICES
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.READ_APP_BADGE
com.google.android.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE
com.android.launcher.permission.READ_SETTINGS
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher2.permission.READ_SETTINGS
com.teslacoilsw.launcher.permission.READ_SETTINGS
com.actionlauncher.playstore.permission.READ_SETTINGS
com.mx.launcher.permission.READ_SETTINGS
com.anddoes.launcher.permission.READ_SETTINGS
com.apusapps.launcher.permission.READ_SETTINGS
com.tsf.shell.permission.READ_SETTINGS
com.htc.launcher.permission.READ_SETTINGS
com.lenovo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.READ_SETTINGS
com.bbk.launcher2.permission.READ_SETTINGS
com.s.launcher.permission.READ_SETTINGS
cn.nubia.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.CHANGE_BADGE
android.permission.CAMERA
android.permission.FLASHLIGHT
android.permission.CAMERA
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.BATTERY_STATS
android.permission.BODY_SENSORS
android.permission.BROADCAST_STICKY
android.permission.DISABLE_KEYGUARD
android.permission.EXPAND_STATUS_BAR
android.permission.GET_ACCOUNTS
android.permission.MANAGE_ACCOUNTS
android.permission.READ_PHONE_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.WRITE_SETTINGS
android.permission.GET_TASKS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.REORDER_TASKS
android.permission.PERSISTENT_ACTIVITY
android.permission.RECORD_AUDIO
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.NFC
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.VIBRATE
android.permission.USE_FINGERPRINT
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.CLEAR_APP_CACHE
android.permission.GET_PACKAGE_SIZE
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.SUBSCRIBED_FEEDS_READ
android.permission.SUBSCRIBED_FEEDS_WRITE
android.permission.WRITE_CALENDAR
android.permission.READ_CALENDAR
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.READ_LOGS
android.permission.RESTART_PACKAGES
android.permission.SET_TIME
android.permission.SET_TIME_ZONE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.TRANSMIT_IR
android.permission.USE_SIP
android.permission.WAKE_LOCK
android.permission.INSTALL_PACKAGES
android.permission.DELETE_PACKAGES
android.permission.CLEAR_APP_USER_DATA
android.permission.WRITE_MEDIA_STORAGE
android.permission.ACCESS_CACHE_FILESYSTEM
android.permission.DEVICE_POWER
android.permission.WRITE_APN_SETTINGS
android.permission.BIND_APPWIDGET
android.permission.ACCOUNT_MANAGER
android.permission.PACKAGE_USAGE_STATS
android.permission.READ_INSTALL_SESSIONS
android.permission.READ_OWNER_DATA
android.permission.READ_PROFILE
android.permission.READ_SOCIAL_STREAM
android.permission.READ_USER_DICTIONARY
android.permission.READ_CELL_BROADCASTS
android.permission.WRITE_CLIPS
android.permission.READ_CLIPS
android.permission.WRITE_PROFILE
android.permission.WRITE_SOCIAL_STREAM
android.permission.GET_CLIPS
android.permission.WRITE_USER_DICTIONARY
android.permission.WRITE_OWNER_DATA
android.permission.BIND_DIRECTORY_SEARCH
android.permission.UPDATE_APP_OPS_STATS
android.permission.USE_CREDENTIALS
android.permission.ACCESS_GPS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.ACCESS_WIMAX_STATE
android.permission.ACCESS_DOWNLOAD_MANAGER
android.permission.GET_INTENT_SENDER_INTENT
android.permission.CHANGE_WIMAX_STATE
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION

Receivers

Services

io.virtualapp.floatwindow.service.FloatWindowService

com.autel.floatwindow.service.FloatWindowService

io.virtualapp.service.CopyManagerService

com.example.user.firstapp.FIRST_SERVICE

Android Permissions

368f915529596d5c581916ad86ec26a6046becef5fe34c91ce5119362f8ead71

Permissions

android.permission.INTERNET

android.permission.SYSTEM_ALERT_WINDOW

android.permission.RECEIVE_BOOT_COMPLETED

com.samsung.svoice.sync.READ_DATABASE

com.samsung.svoice.sync.ACCESS_SERVICE

com.samsung.svoice.sync.WRITE_DATABASE

com.sec.android.app.voicenote.Controller

com.sec.android.permission.VOIP_INTERFACE

com.sec.android.permission.LAUNCH_PERSONAL_PAGE_SERVICE

com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY

com.samsung.android.providers.context.permission.READ_RECORD_AUDIO

com.samsung.android.providers.context.permission.WRITE_RECORD_AUDIO

com.sec.android.settings.permission.SOFT_RESET

sec.android.permission.READ_MSG_PREF

com.samsung.android.scloud.backup.lib.read

com.samsung.android.scloud.backup.lib.write

com.android.alarm.permission.SET_ALARM

com.android.voicemail.permission.ADD_VOICEMAIL

com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL

com.huawei.authentication.HW_ACCESS_AUTH_SERVICE

com.android.vending.BILLING

com.android.vending.CHECK_LICENSE

com.google.android.providers.talk.permission.READ_ONLY

com.google.android.providers.talk.permission.WRITE_ONLY

com.google.android.c2dm.permission.RECEIVE

com.google.android.gms.permission.ACTIVITY_RECOGNITION

com.google.android.gms.permission.AD_ID_NOTIFICATION

com.google.android.providers.gsf.permission.READ_GSERVICES

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.UNINSTALL_SHORTCUT

android.permission.READ_APP_BADGE

com.google.android.launcher.permission.READ_SETTINGS

com.oppo.launcher.permission.READ_SETTINGS

com.oppo.launcher.permission.WRITE_SETTINGS

me.everything.badger.permission.BADGE_COUNT_READ

me.everything.badger.permission.BADGE_COUNT_WRITE

com.android.launcher.permission.READ_SETTINGS

com.sec.android.provider.badge.permission.READ

com.sec.android.provider.badge.permission.WRITE

com.htc.launcher.permission.READ_SETTINGS

com.htc.launcher.permission.UPDATE_SHORTCUT

com.sonyericsson.home.permission.BROADCAST_BADGE

com.sonymobile.home.permission.PROVIDER_INSERT_BADGE

com.anddoes.launcher.permission.UPDATE_COUNT

com.majeur.launcher.permission.UPDATE_BADGE

com.huawei.android.launcher.permission.CHANGE_BADGE

com.huawei.android.launcher.permission.READ_SETTINGS

com.huawei.android.launcher.permission.WRITE_SETTINGS

com.android.launcher.permission.READ_SETTINGS

com.android.launcher.permission.WRITE_SETTINGS

Sharing

General

Malware Config

Signatures

Files

com.zczm.weix

io.virtualapp.splash.SplashActivity

Activities

io.virtualapp.splash.SplashActivity

com.lody.virtual.client.stub.ShortcutHandleActivity

Permissions

Receivers

Services

io.virtualapp.floatwindow.service.FloatWindowService

io.virtualapp.service.CopyManagerService

Android Permissions

368f915529596d5c581916ad86ec26a6046becef5fe34c91ce5119362f8ead71