1edc2b65ae6a038a55627be231ae5184_JaffaCakes118

General

Target

1edc2b65ae6a038a55627be231ae5184_JaffaCakes118
Size

2.7MB
MD5

1edc2b65ae6a038a55627be231ae5184
SHA1

f37d6c911ecae2939ffaacf72d6fee063c5e24fc
SHA256

8cd3895092a9ad30567176d6a187eb0ec785d821568b037657b1942bb7c7dc4d
SHA512

45b820e8d5821c5e490973bc68a3e2c866a8ede8c38c89307291d938e1b682fe51d19ea6b910eae03fbff38750eeec7c83dadfbf86557cb73cdc87ad4f04cc7c
SSDEEP

49152:K98sY6bXFU/W82R9SpdKmRZVGICgsgfL4ydyl67fNQYZaoD3NvHhnQ1LCIIHUjeF:G86zuW8M0KmbVGjgsE54M7f2Y3D3RH6g

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Files

1edc2b65ae6a038a55627be231ae5184_JaffaCakes118
.apk android arch:arm arch:x86

com.lyqshell.app.jzd

com.qihoo.util.StartActivity

Activities

com.lhq8.app.activity.SplashActivity

android.intent.action.MAIN

com.qihoo.util.StartActivity

android.intent.action.MAIN

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION

Receivers

com.umeng.message.SystemReceiver

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED

com.umeng.message.MessageReceiver

org.agoo.android.intent.action.RECEIVE

com.umeng.message.ElectionReceiver

org.agoo.android.intent.action.ELECTION_RESULT_V4

com.umeng.message.RegistrationReceiver

com.miaozi.qiqizq.intent.action.COMMAND

com.umeng.message.UmengMessageBootReceiver

android.intent.action.BOOT_COMPLETED

com.lhq8.app.receiver.DownLoadBroadcastReceiver

android.intent.action.DOWNLOAD_COMPLETE

Services

com.umeng.message.UmengService

com.miaozi.qiqizq.intent.action.START
com.miaozi.qiqizq.intent.action.COCKROACH
org.agoo.android.intent.action.PING_V4

com.umeng.message.UmengMessageIntentReceiverService

org.android.agoo.client.MessageReceiverService
org.android.agoo.client.ElectionReceiverService

com.umeng.message.UmengMessageCallbackHandlerService

com.umeng.messge.registercallback.action
com.umeng.message.unregistercallback.action
com.umeng.message.message.handler.action
com.umeng.message.autoupdate.handler.action
libjiagu.so
.elf linux arm

Android Permissions

1edc2b65ae6a038a55627be231ae5184_JaffaCakes118

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.INTERNET

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_PHONE_STATE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.DOWNLOAD_WITHOUT_NOTIFICATION

Sharing

General

Malware Config

Signatures

Files

com.lyqshell.app.jzd

com.qihoo.util.StartActivity

Activities

com.lhq8.app.activity.SplashActivity

com.qihoo.util.StartActivity

Permissions

Receivers

com.umeng.message.SystemReceiver

com.umeng.message.MessageReceiver

com.umeng.message.ElectionReceiver

com.umeng.message.RegistrationReceiver

com.umeng.message.UmengMessageBootReceiver

com.lhq8.app.receiver.DownLoadBroadcastReceiver

Services

com.umeng.message.UmengService

com.umeng.message.UmengMessageIntentReceiverService

com.umeng.message.UmengMessageCallbackHandlerService

Android Permissions

1edc2b65ae6a038a55627be231ae5184_JaffaCakes118