a4d012bc22862bae77e117e5f3e6acc6_JaffaCakes118

General

Target

a4d012bc22862bae77e117e5f3e6acc6_JaffaCakes118
Size

2.4MB
MD5

a4d012bc22862bae77e117e5f3e6acc6
SHA1

dcb4749194096bad30ca7e8d39b3d44e4b3abfc8
SHA256

da53d73674a531da958fadc6f857ba02c5da74d5245999d54d35753d1b33c1e7
SHA512

59a071e7541276d97b91cb4ee2a0cacef952a503ffc91ffa02be29f8f89eae163d51c52b38e48e3691bcd5fb21e3c7b835003afbe44c3dec7420eaa4ec6e3d71
SSDEEP

49152:CXj5FPVI+CJxdv5tGn6hoz8mBWupFkT7dvGJp4OXkHsUHvyWqWp7KT+D0D:CXdFyJD5tY6hoz8mBWOFkTo4QWD2TG0D

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

a4d012bc22862bae77e117e5f3e6acc6_JaffaCakes118
.apk android arch:arm

com.bq016.qqmusic

com.e4a.runtime.android.StartActivity

Activities

com.e4a.runtime.android.StartActivity

android.intent.action.MAIN

com.e4a.runtime.android.mainActivity

android.intent.action.MAIN

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

com.baidu.xshield.XshieldActivity

com.baidu.action.Xshield.VIEW

Permissions

com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.GET_TASKS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_PHONE_STATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.INTERNET
android.permission.ACCESS_FINE_LOCATION
com.android.launcher.permission.READ_SETTINGS
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
android.permission.CHANGE_CONFIGURATION
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_EXTERNAL_STORAGE

Receivers

com.baidu.xshield.XshieldReceiver

com.baidu.action.Xshield.VIEW
android.intent.action.BOOT_COMPLETED

Services

com.baidu.xshield.XshieldService

com.baidu.action.Xshield.VIEW

Android Permissions

a4d012bc22862bae77e117e5f3e6acc6_JaffaCakes118

Permissions

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.GET_TASKS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_COARSE_LOCATION

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.READ_PHONE_STATE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.INTERNET

android.permission.ACCESS_FINE_LOCATION

com.android.launcher.permission.READ_SETTINGS

android.permission.ACCESS_NETWORK_STATE

android.permission.WAKE_LOCK

android.permission.CHANGE_CONFIGURATION

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.READ_EXTERNAL_STORAGE

Sharing

General

Malware Config

Signatures

Files

com.bq016.qqmusic

com.e4a.runtime.android.StartActivity

Activities

com.e4a.runtime.android.StartActivity

com.e4a.runtime.android.mainActivity

com.tencent.tauth.AuthActivity

com.baidu.xshield.XshieldActivity

Permissions

Receivers

com.baidu.xshield.XshieldReceiver

Services

com.baidu.xshield.XshieldService

Android Permissions

a4d012bc22862bae77e117e5f3e6acc6_JaffaCakes118