0f5af4510172343f1799018f2206f835[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

0f5af4510172343f1799018f2206f835.bin
Size

52.9MB
MD5

0f5af4510172343f1799018f2206f835
SHA1

21c25730031bb4131da3e85ad0e84c58e708a8bd
SHA256

f9add9d838720c0064e70cc2a4ee92b732b7a55211c7efec5fa5c929dd39eac2
SHA512

982648b1248df2d2a933c33d867795a2f0225afcd75fb690a45dfdf61129f1363c0684753ba75917d7e6b9dffba42f06c04a859bc19866ae12ab7f695664c133
SSDEEP

786432:V7MQd0GuWHXWAgyJoOI/56k2kF3OGlg0Fwo3/xYRFie+y9Cd8jZQBvkgiRn4Enp5:KVoGAgt5x4EQ0nY6e/od1kWlm

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 10 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

0f5af4510172343f1799018f2206f835.bin
.apk android arch:x86 arch:arm arch:x64 arch:arm64

Password: infected

com.estrongs.android.pop

com.estrongs.android.pop.app.openscreenad.NewSplashActivity

Activities

com.estrongs.android.pop.view.FileExplorerActivity

android.intent.action.VIEW
com.estrongs.android.pop.action.ACTION_VIEW_FOLDER
org.openintents.action.VIEW_DIRECTORY
com.estrongs.android.SHOW_DISK_USAGE

com.estrongs.android.pop.app.OpenRecommActivityAlias

com.estrongs.android.pop.action.OPEN_CHOOSER

com.estrongs.android.pop.app.compress.CompressionActivity

android.intent.action.VIEW

com.estrongs.android.pop.app.ESFileSharingActivity

android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

com.estrongs.android.pop.app.SaveToESActivity

android.intent.action.VIEW
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

com.estrongs.android.pop.app.LocalFileSharingActivity

android.intent.action.VIEW

com.estrongs.android.pop.app.PopVideoPlayer

android.intent.action.VIEW
android.intent.action.VIEW

com.estrongs.android.pop.app.AudioPlayerProxyActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.estrongs.android.pop.app.editor.PopNoteEditor

android.intent.action.VIEW
android.intent.action.EDIT
android.intent.action.SEND
android.intent.action.SEARCH
com.googlecode.android_scripting.action.EDIT_SCRIPT

com.estrongs.android.pop.app.FileChooserActivity

com.estrongs.action.PICK_FILE
com.estrongs.action.PLUGIN_PICK_FILE
com.estrongs.action.PICK_FILE
com.estrongs.action.PLUGIN_PICK_FILE
com.estrongs.action.PICK_DIRECTORY
com.estrongs.action.PLUGIN_PICK_DIRECTORY
com.estrongs.action.PICK_DIRECTORY
com.estrongs.action.PLUGIN_PICK_DIRECTORY
android.intent.action.CREATE_SHORTCUT

com.estrongs.android.pop.app.ESContentChooserActivity

android.intent.action.GET_CONTENT

com.estrongs.android.pop.app.ESRingtoneChooserActivity

android.intent.action.RINGTONE_PICKER

com.estrongs.android.pop.app.ESWallPaperChooserActivity

android.intent.action.SET_WALLPAPER

com.estrongs.android.pop.app.BrowserDownloaderActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.estrongs.android.pop.app.PopRemoteImageBrowser

android.intent.action.VIEW

com.estrongs.android.pop.app.AdbControllerActivity

com.estrongs.android.pop.app.AdbControllerActivity

com.estrongs.android.pop.app.UsbMonitorActivity

android.hardware.usb.action.USB_DEVICE_ATTACHED
android.hardware.usb.action.USB_DEVICE_DETACHED

com.estrongs.android.pop.app.TransitActivity

com.estrongs.android.SHOW_DISK_USAGE
com.estrongs.android.SHOW_APP_MGR
com.estrongs.android.SHOW_SDCARD
com.estrongs.android.SHOW_MUSIC_PLAYER

com.estrongs.android.pop.app.filetransfer.FileTransferSendActivity

android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

com.estrongs.android.pop.app.openscreenad.NewSplashActivity

android.intent.action.MAIN

com.estrongs.android.pop.app.FileSaveToActivity

com.estrongs.action.SAVE_TO_FILE

com.kwad.sdk.api.proxy.app.BaseFragmentActivity$RequestInstallPermissionActivity

intent.action.requestInstallPermission

com.estrongs.android.pop.app.videoeditor.VideoEditProxyActivity

android.intent.action.VIEW

com.estrongs.android.pop.app.premium.newui.ChinaMemberActivity

com.estrongs.action.EDITOR_GO_VIP_PAGE

com.estrongs.android.pop.app.transferstation.FileTransferStationActivity

android.intent.action.VIEW

com.huawei.openalliance.ad.activity.PPSLauncherActivity

android.intent.action.VIEW

Permissions

android.permission.KILL_BACKGROUND_PROCESSES
android.permission.WRITE_SETTINGS
android.permission.CHANGE_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.INTERNET
android.permission.SET_WALLPAPER
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK
android.permission.ACCESS_SUPERUSER
android.permission.VIBRATE
.PERMISSION
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.GET_TASKS
android.permission.GET_TASKS
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
com.estrongs.android.pop.permission.C2D_MESSAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.GET_PACKAGE_SIZE
android.permission.CLEAR_APP_CACHE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.CAMERA
android.permission.MANAGE_DOCUMENTS
android.permission.GET_ACCOUNTS
android.permission.READ_EXTERNAL_STORAGE
android.permission.REORDER_TASKS
qiku.permission.HIDE_NOTIFICATION
android.permission.QUERY_ALL_PACKAGES
com.estrongs.android.pop.reaper.permission.READ_DATA
com.estrongs.android.pop.reaper.permission.WRITE_DATA
com.estrongs.android.pop.permission.QDAS_MESSAGE
com.estrongs.android.pop.permission.LDSDK_MESSAGE
com.estrongs.android.pop.openadsdk.permission.TT_PANGOLIN
com.asus.msa.SupplementaryDID.ACCESS
freemme.permission.msa
android.permission.READ_PRIVILEGED_PHONE_STATE
com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA
android.permission.BROADCAST_STICKY
com.hihonor.permission.MANAGE_FOLD_SCREEN
com.hihonor.permission.MANAGE_FOLD_SCREEN_PRIVILEGED

Receivers

com.estrongs.android.pop.app.AudioPlayerService$MediaButtonReceiver

android.intent.action.MEDIA_BUTTON

com.estrongs.android.pop.app.CampaignReceiver

com.android.vending.INSTALL_REFERRER

com.estrongs.android.pop.EnableOEMConfig

android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_UNMOUNTED
android.intent.action.MEDIA_BAD_REMOVAL

com.estrongs.android.pop.app.InstallMonitorReceiver

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

com.estrongs.android.pop.app.StartServiceReceiver

android.intent.action.USER_PRESENT
com.estrongs.action.PERFNOTIFY
android.intent.action.MEDIA_MOUNTED

com.estrongs.android.pop.app.analysis.AnalysisNotificationDeletedReceiver

com.estrongs.analysis.action.NOTIFICATION_REMOVED

Services

com.estrongs.android.pop.bt.OBEXFtpServerService

android.intent.action.START_OBEX_FTP_SERVER

com.estrongs.fs.impl.local.AutoAuthService

android.accessibilityservice.AccessibilityService

com.ss.android.socialbase.downloader.downloader.IndependentProcessDownloadService

com.ss.android.socialbase.downloader.remote
1763780556
.apk android arch:arm64 arch:arm

Password: infected

com.byted.pangle

com.bytedance.sdk.openadsdk.core.activity.base.TTNativePageActivity

Activities

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
com.asus.msa.SupplementaryDID.ACCESS

Receivers

Services
bdxadsdk.jar
.apk android

Password: infected
gdtadv2.jar
.apk android arch:arm64 arch:arm

Password: infected

Android Permissions

0f5af4510172343f1799018f2206f835.bin

Permissions

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.WRITE_SETTINGS

android.permission.CHANGE_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.INTERNET

android.permission.SET_WALLPAPER

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.UNINSTALL_SHORTCUT

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WRITE_MEDIA_STORAGE

android.permission.WAKE_LOCK

android.permission.ACCESS_SUPERUSER

android.permission.VIBRATE

.PERMISSION

android.permission.CHANGE_WIFI_MULTICAST_STATE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.GET_TASKS

android.permission.WAKE_LOCK

com.google.android.c2dm.permission.RECEIVE

com.estrongs.android.pop.permission.C2D_MESSAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.GET_PACKAGE_SIZE

android.permission.CLEAR_APP_CACHE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_PHONE_STATE

android.permission.CAMERA

android.permission.MANAGE_DOCUMENTS

android.permission.GET_ACCOUNTS

android.permission.READ_EXTERNAL_STORAGE

android.permission.REORDER_TASKS

qiku.permission.HIDE_NOTIFICATION

android.permission.QUERY_ALL_PACKAGES

com.estrongs.android.pop.reaper.permission.READ_DATA

com.estrongs.android.pop.reaper.permission.WRITE_DATA

com.estrongs.android.pop.permission.QDAS_MESSAGE

com.estrongs.android.pop.permission.LDSDK_MESSAGE

com.estrongs.android.pop.openadsdk.permission.TT_PANGOLIN

com.asus.msa.SupplementaryDID.ACCESS

freemme.permission.msa

android.permission.READ_PRIVILEGED_PHONE_STATE

com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA

android.permission.BROADCAST_STICKY

com.hihonor.permission.MANAGE_FOLD_SCREEN

com.hihonor.permission.MANAGE_FOLD_SCREEN_PRIVILEGED

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.estrongs.android.pop

com.estrongs.android.pop.app.openscreenad.NewSplashActivity

Activities

com.estrongs.android.pop.view.FileExplorerActivity

com.estrongs.android.pop.app.OpenRecommActivityAlias

com.estrongs.android.pop.app.compress.CompressionActivity

com.estrongs.android.pop.app.ESFileSharingActivity

com.estrongs.android.pop.app.SaveToESActivity

com.estrongs.android.pop.app.LocalFileSharingActivity

com.estrongs.android.pop.app.PopVideoPlayer

com.estrongs.android.pop.app.AudioPlayerProxyActivity

com.estrongs.android.pop.app.editor.PopNoteEditor

com.estrongs.android.pop.app.FileChooserActivity

com.estrongs.android.pop.app.ESContentChooserActivity

com.estrongs.android.pop.app.ESRingtoneChooserActivity

com.estrongs.android.pop.app.ESWallPaperChooserActivity

com.estrongs.android.pop.app.BrowserDownloaderActivity

com.estrongs.android.pop.app.PopRemoteImageBrowser

com.estrongs.android.pop.app.AdbControllerActivity

com.estrongs.android.pop.app.UsbMonitorActivity

com.estrongs.android.pop.app.TransitActivity

com.estrongs.android.pop.app.filetransfer.FileTransferSendActivity

com.estrongs.android.pop.app.openscreenad.NewSplashActivity

com.estrongs.android.pop.app.FileSaveToActivity

com.kwad.sdk.api.proxy.app.BaseFragmentActivity$RequestInstallPermissionActivity

com.estrongs.android.pop.app.videoeditor.VideoEditProxyActivity

com.estrongs.android.pop.app.premium.newui.ChinaMemberActivity

com.estrongs.android.pop.app.transferstation.FileTransferStationActivity

com.huawei.openalliance.ad.activity.PPSLauncherActivity

Permissions

Receivers

com.estrongs.android.pop.app.AudioPlayerService$MediaButtonReceiver

com.estrongs.android.pop.app.CampaignReceiver

com.estrongs.android.pop.EnableOEMConfig

com.estrongs.android.pop.app.InstallMonitorReceiver

com.estrongs.android.pop.app.StartServiceReceiver

com.estrongs.android.pop.app.analysis.AnalysisNotificationDeletedReceiver

Services

com.estrongs.android.pop.bt.OBEXFtpServerService

com.estrongs.fs.impl.local.AutoAuthService

com.ss.android.socialbase.downloader.downloader.IndependentProcessDownloadService

Password: infected

com.byted.pangle

com.bytedance.sdk.openadsdk.core.activity.base.TTNativePageActivity

Activities

Permissions

Receivers

Services

Password: infected

Password: infected

Android Permissions

0f5af4510172343f1799018f2206f835.bin