536b6073cf74fd239a1f78a964488c187e0e136ea67f20849dc03237f62da743 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

536b6073cf74fd239a1f78a964488c187e0e136ea67f20849dc03237f62da743
Size

8.6MB
MD5

ae1f0e86e4aa84b701ce50ef45480582
SHA1

910caa93fb5013b2d78a658dd6934f4848a980c6
SHA256

536b6073cf74fd239a1f78a964488c187e0e136ea67f20849dc03237f62da743
SHA512

52a5ca7a63a2a090e3c8715151f41e499a9592514c07aeab87e8944720c76eb6e9c485c2c085a12ec1cc09cf97bf1fbfaa750c4403ccaf5b2f8ce325c7439f95
SSDEEP

196608:YWP3LyUDkxKH/Z8uXknbThqD5/P3F/da/wl1Mhg5rPMbK+tQhl/H:lPqxKH/Z8uXkXhqNHV/dA+Ma+eEuH

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE
Required by quick settings tile services to bind with the system. Allows apps to add custom tiles to the quick settings menu.	android.permission.BIND_QUICK_SETTINGS_TILE

Files

536b6073cf74fd239a1f78a964488c187e0e136ea67f20849dc03237f62da743
.apk android arch:x86 arch:arm64 arch:arm

com.github.shadowsocks

com.github.shadowsocks.MainActivity

Activities

com.github.shadowsocks.MainActivity

android.intent.action.MAIN
android.service.quicksettings.action.QS_TILE_PREFERENCES
android.intent.action.VIEW
android.nfc.action.NDEF_DISCOVERED

com.github.shadowsocks.TaskerActivity

com.twofortyfouram.locale.intent.action.EDIT_SETTING

com.github.shadowsocks.QuickToggleShortcut

android.intent.action.CREATE_SHORTCUT

Permissions

android.permission.INTERNET
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.NFC
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
com.google.android.c2dm.permission.RECEIVE

Receivers

com.github.shadowsocks.BootReceiver

android.intent.action.BOOT_COMPLETED

com.github.shadowsocks.TaskerReceiver

com.twofortyfouram.locale.intent.action.FIRE_SETTING

com.evernote.android.job.v14.PlatformAlarmReceiver

com.evernote.android.job.v14.RUN_JOB
net.vrallev.android.job.v14.RUN_JOB

com.evernote.android.job.JobBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.MY_PACKAGE_REPLACED

Services

com.github.shadowsocks.ShadowsocksVpnService

android.net.VpnService

com.github.shadowsocks.ShadowsocksTileService

android.service.quicksettings.action.QS_TILE

com.evernote.android.job.gcm.PlatformGcmService

com.google.android.gms.gcm.ACTION_TASK_READY

Android Permissions

536b6073cf74fd239a1f78a964488c187e0e136ea67f20849dc03237f62da743

Permissions

android.permission.INTERNET

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.NFC

android.permission.WAKE_LOCK

android.permission.ACCESS_NETWORK_STATE

com.google.android.c2dm.permission.RECEIVE