7e7ddcfaa816b56c2e114d37dccfaebe[.]bin

General

Target

7e7ddcfaa816b56c2e114d37dccfaebe.bin
Size

4.7MB
MD5

7e7ddcfaa816b56c2e114d37dccfaebe
SHA1

2a884e6c36754332334049704dac6d66c83f3d00
SHA256

5680aed84e202e35137ec0907c8eda00f956ac04e148e963b6f6b86acc93952c
SHA512

f94e5f35e6266c68b16ebc557bc667195fd06bf01ade5c014ea4dea8ce185e129a20895e9432484ecf89c847926f017a0cd4db3587a457a7a6713a29b7ee5c69
SSDEEP

98304:0K3nHlM4OoX4Ei2LDALMQveKc/+r6pLtJSpoTaIoML:0mWxoX4F23AYQveaoak

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS

Files

7e7ddcfaa816b56c2e114d37dccfaebe.bin
.apk android arch:arm arch:mips arch:x86

Password: infected

com.app.pocketmoney

com.qihoo.util.StartActivity

Activities

com.app.pocketmoney.UI.Activity.LoginActivity

android.intent.action.MAIN

com.qihoo.util.StartActivity

android.intent.action.MAIN

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.REORDER_TASKS
android.permission.VIBRATE
android.permission.PACKAGE_USAGE_STATS
com.app.pocketmoney.permission.MIPUSH_RECEIVE

Receivers

com.and.qq.RRReceiver

android.intent.action.PACKAGE_ADDED

com.dtnkingmak.publisher.service.AppReceiver

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
com.dtnkingmak.publisher.service.check

cn.guomob.android.intwal.GuomobBrocastReciver

com.app.pocketmoney.guomob.action

com.xiaomi.push.service.receivers.NetworkStatusReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.xiaomi.push.service.receivers.PingReceiver

com.xiaomi.push.PING_TIMER

com.app.pocketmoney.Broadcast.XiaomiMessageReceiver

com.xiaomi.mipush.RECEIVE_MESSAGE
com.xiaomi.mipush.ERROR

com.cc.evangelion.CoreReceiver

com.cc.evangelion.ALARM_HOLD
com.cc.evangelion.ALARM_ACTIVATION
com.cc.evangelion.ALARM_PAUSE
com.cc.evangelion.activator.stepwise.StepwiseActivator.ACTION_ALARM_ACTIVATE
android.intent.action.PACKAGE_ADDED

Services

cn.guomob.android.intwal.Service01

com.guomob.server01
sdk.jar
.apk android

Password: infected

Android Permissions

7e7ddcfaa816b56c2e114d37dccfaebe.bin

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.READ_SETTINGS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_PHONE_STATE

android.permission.GET_TASKS

android.permission.REORDER_TASKS

android.permission.VIBRATE

android.permission.PACKAGE_USAGE_STATS

com.app.pocketmoney.permission.MIPUSH_RECEIVE

Sharing

General

Malware Config

Signatures

Files

Password: infected

com.app.pocketmoney

com.qihoo.util.StartActivity

Activities

com.app.pocketmoney.UI.Activity.LoginActivity

com.qihoo.util.StartActivity

com.tencent.tauth.AuthActivity

Permissions

Receivers

com.and.qq.RRReceiver

com.dtnkingmak.publisher.service.AppReceiver

cn.guomob.android.intwal.GuomobBrocastReciver

com.xiaomi.push.service.receivers.NetworkStatusReceiver

com.xiaomi.push.service.receivers.PingReceiver

com.app.pocketmoney.Broadcast.XiaomiMessageReceiver

com.cc.evangelion.CoreReceiver

Services

cn.guomob.android.intwal.Service01

Password: infected

Android Permissions

7e7ddcfaa816b56c2e114d37dccfaebe.bin