0d1f6770ca9b0a27c99f30867faddef9_JaffaCakes118

General

Target

0d1f6770ca9b0a27c99f30867faddef9_JaffaCakes118
Size

28.1MB
MD5

0d1f6770ca9b0a27c99f30867faddef9
SHA1

c720f906c670f5346989be8b1f69a2a0a3b52352
SHA256

b74f0f40e7352c62f1fd3ea79f157736971a8f62aeb7e0d68909d0310ec52451
SHA512

62d8b1541591589309732a3f4fa0bb0d6c524d09d1271a6e5cb2e68ee22fa9f69bc5c19d97acb2701a840094fb5c1e5de60bb769d4b221e2dea85d8fd6d96012
SSDEEP

786432:pggKe3Q1hDWxU0EBRkJcsvDuaNM+/MIzMhQF6:pTKeATIU3qRvD9u+/g6w

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 10 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx

Requests dangerous framework permissions 17 IoCs

description	ioc
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Files

0d1f6770ca9b0a27c99f30867faddef9_JaffaCakes118
.apk android arch:arm arch:x86

com.car.stop

com.car.stop.ui.activity.SplishActivity

Activities

com.car.stop.ui.activity.SplishActivity

android.intent.action.MAIN

com.car.stop.wxapi.WXEntryActivity

android.intent.action.VIEW

com.car.stop.ui.activity.CouponActivity

com.coupon.action

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

Permissions

android.permission.READ_LOGS
android.permission.CALL_PHONE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CALL_PHONE
android.permission.CHANGE_WIFI_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.WRITE_SETTINGS
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.VIBRATE
android.permission.CAMERA
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SETTINGS
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.READ_PHONE_STATE
android.permission.RESTART_PACKAGES
android.permission.GET_TASKS
android.permission.GET_ACCOUNTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.REORDER_TASKS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
com.car.stop.permission.MIPUSH_RECEIVE
com.google.android.c2dm.permission.RECEIVE
com.car.stop.permission.C2D_MESSAGE

Receivers

com.taobao.accs.EventReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED
android.intent.action.USER_PRESENT

com.taobao.accs.ServiceReceiver

com.taobao.accs.intent.action.COMMAND
com.taobao.accs.intent.action.START_FROM_AGOO

com.taobao.agoo.AgooCommondReceiver

com.car.stop.intent.action.COMMAND
android.intent.action.PACKAGE_REMOVED

com.alibaba.sdk.android.push.SystemEventReceiver

android.intent.action.MEDIA_MOUNTED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

com.car.stop.push.MyMessageReceiver

com.alibaba.push2.action.NOTIFICATION_OPENED
com.alibaba.push2.action.NOTIFICATION_REMOVED
com.alibaba.sdk.android.push.RECEIVE

com.car.stop.net.NetWorkStateReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.alibaba.sdk.android.push.MiPushBroadcastReceiver

com.xiaomi.mipush.RECEIVE_MESSAGE
com.xiaomi.mipush.MESSAGE_ARRIVED
com.xiaomi.mipush.ERROR

com.xiaomi.push.service.receivers.NetworkStatusReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.alibaba.sdk.android.push.HuaWeiReceiver

com.huawei.android.push.intent.REGISTRATION
com.huawei.android.push.intent.RECEIVE
com.huawei.intent.action.PUSH
com.huawei.intent.action.PUSH_STATE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION

Services

com.alibaba.sdk.android.push.MsgService

com.alibaba.sdk.android.push.NOTIFY_ACTION

com.alibaba.sdk.android.push.channel.CheckService

com.alibaba.sdk.android.push.CHECK_SERVICE

com.taobao.accs.ChannelService

com.taobao.accs.intent.action.SERVICE

com.taobao.accs.data.MsgDistributeService

com.taobao.accs.intent.action.RECEIVE

org.android.agoo.accs.AgooService

com.taobao.accs.intent.action.RECEIVE

com.alibaba.sdk.android.push.AliyunPushIntentService

org.agoo.android.intent.action.RECEIVE

com.alibaba.sdk.android.push.channel.TaobaoRecvService

org.android.agoo.client.MessageReceiverService

com.alibaba.sdk.android.push.AgooFirebaseInstanceIDService

com.google.firebase.INSTANCE_ID_EVENT

com.alibaba.sdk.android.push.AgooFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT
autonavi_Resource1_1_0.png
.apk android

com.example.navigationsdk

.GPSNaviActivity

Activities

.GPSNaviActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_SETTINGS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_CONFIGURATION
android.permission.WAKE_LOCK
android.permission.READ_EXTERNAL_STORAGE

Services

Android Permissions

0d1f6770ca9b0a27c99f30867faddef9_JaffaCakes118

Permissions

android.permission.READ_LOGS

android.permission.CALL_PHONE

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CALL_PHONE

android.permission.CHANGE_WIFI_STATE

android.permission.CHANGE_CONFIGURATION

android.permission.INTERNET

android.permission.WAKE_LOCK

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_PHONE_STATE

android.permission.WRITE_SETTINGS

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH

android.permission.VIBRATE

android.permission.CAMERA

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WRITE_SETTINGS

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WAKE_LOCK

android.permission.READ_PHONE_STATE

android.permission.RESTART_PACKAGES

android.permission.GET_TASKS

android.permission.GET_ACCOUNTS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.VIBRATE

android.permission.REORDER_TASKS

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

com.car.stop.permission.MIPUSH_RECEIVE

com.google.android.c2dm.permission.RECEIVE

com.car.stop.permission.C2D_MESSAGE

Sharing

General

Malware Config

Signatures

Files

com.car.stop

com.car.stop.ui.activity.SplishActivity

Activities

com.car.stop.ui.activity.SplishActivity

com.car.stop.wxapi.WXEntryActivity

com.car.stop.ui.activity.CouponActivity

com.tencent.tauth.AuthActivity

Permissions

Receivers

com.taobao.accs.EventReceiver

com.taobao.accs.ServiceReceiver

com.taobao.agoo.AgooCommondReceiver

com.alibaba.sdk.android.push.SystemEventReceiver

com.car.stop.push.MyMessageReceiver

com.car.stop.net.NetWorkStateReceiver

com.alibaba.sdk.android.push.MiPushBroadcastReceiver

com.xiaomi.push.service.receivers.NetworkStatusReceiver

com.alibaba.sdk.android.push.HuaWeiReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

Services

com.alibaba.sdk.android.push.MsgService

com.alibaba.sdk.android.push.channel.CheckService

com.taobao.accs.ChannelService

com.taobao.accs.data.MsgDistributeService

org.android.agoo.accs.AgooService

com.alibaba.sdk.android.push.AliyunPushIntentService

com.alibaba.sdk.android.push.channel.TaobaoRecvService

com.alibaba.sdk.android.push.AgooFirebaseInstanceIDService

com.alibaba.sdk.android.push.AgooFirebaseMessagingService

com.example.navigationsdk

.GPSNaviActivity

Activities

.GPSNaviActivity

Permissions

Services

Android Permissions

0d1f6770ca9b0a27c99f30867faddef9_JaffaCakes118