81ff9fbc773f75c9e93248b8985cc168_JaffaCakes118

General

Target

81ff9fbc773f75c9e93248b8985cc168_JaffaCakes118
Size

10.8MB
MD5

81ff9fbc773f75c9e93248b8985cc168
SHA1

2f0c75b5e8094ef868428c44573930b0f5590b87
SHA256

bdfb0578ed1f14c09b98272106bb2c88c7b10c125efe1c5dfeb439d02e8692d7
SHA512

546d43ae5079477856eeb67d72abeb38acde231e6bd4c3c19a54dede972458592f3f00c8a0c25b41df925ab894f11a7966f198a15472fe113bbd0a91e60494b3
SSDEEP

196608:ypRN4grw71vq4ByXOBQMBvJtwAN6PUTmsauDkk/BteEm3MD:YJ41vq4BcEvJCA0PqYwkk/Bjm3Y

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Files

81ff9fbc773f75c9e93248b8985cc168_JaffaCakes118
.apk android arch:arm

com.yicai.game.witchsodemm

com.vicky.gameplugin.LewanPluginActivity

Activities

com.vicky.gameplugin.LewanPluginActivity

android.intent.action.MAIN

mm.purchasesdk.iapservice.BillingLayoutActivity

com.yicai.game.witchsodemm.com.mmiap.activity

safiap.framework.ui.UpdateHintActivity

safiap.framework.ACTION_TO_INSTALL
safiap.framework.ACTION_TO_INSTALL_IAP
safiap.framework.ACTION_NETWORK_ERROR_IAP
safiap.framework.ACTION_NETWORK_ERROR_FRAMEWORK

neo.proxy.ToolActivity

com.secneo.proxy.action.CUSTOM

Permissions

android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.SYSTEM_ALERT_WINDOW
android.permission.GET_TASKS
android.permission.WRITE_SETTINGS

Receivers

safiap.framework.CheckUpdateReceiver

safiap.framework.ACTION_CANCEL_NOTIFICATION
safiap.GET_SHARED_DATA
safiap.framework.ACTION_SET_TIMER

neo.proxy.DistributeReceiver

android.intent.action.ACTION_POWER_CONNECTED
com.secneo.plugin.action.HOURLY
com.secneo.plugin.action.DAILY
com.secneo.plugin.action.APP_STARTED
android.net.conn.CONNECTIVITY_CHANGE
com.secneo.proxy.action.CUSTOM

Services

mm.purchasesdk.iapservice.PurchaseService

com.aspire.purchaseservice.BIND
com.aspire.demo.purchaseservice.BIND
android.intent.action.MAIN

safiap.framework.SafFrameworkManager

safiap.framework.sdk.ISAFFramework
safiap.framework.ACTION_START_DOWNLOAD
safiap.framework.ACTION_CHECK_UPDATE
7723box_pjz.apk
.apk android arch:arm

com.upgadata.up7723

com.upgadata.up7723.home.MainActivity

Activities

com.upgadata.up7723.home.MainActivity

android.intent.action.MAIN

Permissions

android.permission.GET_PACKAGE_SIZE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.INTERNET
android.permission.READ_LOGS
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.WRITE_SETTINGS

Receivers

com.upgadata.up7723.apps.BootReceiver

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

com.umeng.message.RegistrationReceiver

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED

com.umeng.message.UmengBroadcastReceiver

org.agoo.android.intent.action.RECEIVE
com.upgadata.up7723.intent.action.COMMAND
org.agoo.android.intent.action.RE_ELECTION_V2

Services

com.upgadata.up7723.http.download.DownloadService

download.service.action

com.umeng.message.UmengService

com.upgadata.up7723.intent.action.START
com.upgadata.up7723.intent.action.COCKROACH
org.agoo.android.intent.action.PING

org.android.agoo.service.ElectionService

org.agoo.android.intent.action.ELECTION_V2
container.apk
.apk android

Android Permissions

81ff9fbc773f75c9e93248b8985cc168_JaffaCakes118

Permissions

android.permission.ACCESS_NETWORK_STATE

android.permission.READ_PHONE_STATE

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.SYSTEM_ALERT_WINDOW

android.permission.GET_TASKS

android.permission.WRITE_SETTINGS

Sharing

General

Malware Config

Signatures

Files

com.yicai.game.witchsodemm

com.vicky.gameplugin.LewanPluginActivity

Activities

com.vicky.gameplugin.LewanPluginActivity

mm.purchasesdk.iapservice.BillingLayoutActivity

safiap.framework.ui.UpdateHintActivity

neo.proxy.ToolActivity

Permissions

Receivers

safiap.framework.CheckUpdateReceiver

neo.proxy.DistributeReceiver

Services

mm.purchasesdk.iapservice.PurchaseService

safiap.framework.SafFrameworkManager

com.upgadata.up7723

com.upgadata.up7723.home.MainActivity

Activities

com.upgadata.up7723.home.MainActivity

Permissions

Receivers

com.upgadata.up7723.apps.BootReceiver

com.umeng.message.RegistrationReceiver

com.umeng.message.UmengBroadcastReceiver

Services

com.upgadata.up7723.http.download.DownloadService

com.umeng.message.UmengService

org.android.agoo.service.ElectionService

Android Permissions

81ff9fbc773f75c9e93248b8985cc168_JaffaCakes118