cf75790696237188496fa7230ca1626b_JaffaCakes118

General

Target

cf75790696237188496fa7230ca1626b_JaffaCakes118
Size

21.0MB
MD5

cf75790696237188496fa7230ca1626b
SHA1

d5970c3c52fbcce8a94799826c67744e72a67f0a
SHA256

bdc34efb27c1d53f92b4e438ff93213ff67ac89ee4668ac126ee3e77b35ea233
SHA512

19b7b316d97252cec8b7e71aa3e93fbb88f7cc0997267a0cce44dfb8972fd5162390bd766214b2329bd3e6ac84f7f1d069e0928441d4259d96b22f78b8a031ea
SSDEEP

393216:oXFC6LhMH8gPt33ri7LbVPN3NsNRdbx9plVRerAJ6Rivh+8zI6LvpehWg:oY6LhMcgPgfbVPR+9pkrAJVoWpDoF

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 5 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx

Requests dangerous framework permissions 15 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to record audio.	android.permission.RECORD_AUDIO

Files

cf75790696237188496fa7230ca1626b_JaffaCakes118
.apk android arch:arm

com.xhd.ubest

com.uzmap.pkg.EntranceActivity

Activities

com.uzmap.pkg.EntranceActivity

android.intent.action.MAIN

cn.jpush.android.ui.PushActivity

cn.jpush.android.ui.PushActivity

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

com.uzmap.pkg.uzmodules.uzSina.activity.WBShareActivity

com.sina.weibo.sdk.action.ACTION_SDK_REQ_ACTIVITY

Permissions

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_MOCK_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.CAMERA
android.permission.READ_PHONE_STATE
android.permission.RECORD_AUDIO
android.permission.FLASHLIGHT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_LOGS
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.RECEIVE_USER_PRESENT
android.permission.READ_PHONE_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.CAMERA
android.permission.INTERNET
android.permission.WRITE_SETTINGS
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.ACCESS_FINE_LOCATION
android.permission.VIBRATE
com.xhd.ubest.permission.JPUSH_MESSAGE
android.permission.CHANGE_NETWORK_STATE
android.permission.RECORD_AUDIO
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE

Receivers

com.uzmap.pkg.uzapp.UPExtraBridge

android.intent.action.BOOT_COMPLETED
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_ADDED
com.android.vending.INSTALL_REFERRER
android.intent.action.DOWNLOAD_COMPLETE
android.intent.action.DOWNLOAD_NOTIFICATION_CLICKED
android.intent.apicloud.notification

cn.jpush.android.service.PushReceiver

cn.jpush.android.intent.NOTIFICATION_RECEIVED_PROXY
android.intent.action.USER_PRESENT
android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED

com.open.apicloud.jpush.JPushReceiver

cn.jpush.android.intent.REGISTRATION
cn.jpush.android.intent.UNREGISTRATION
cn.jpush.android.intent.MESSAGE_RECEIVED
cn.jpush.android.intent.NOTIFICATION_RECEIVED
cn.jpush.android.intent.NOTIFICATION_OPENED
cn.jpush.android.intent.ACTION_RICHPUSH_CALLBACK
cn.jpush.android.intent.CONNECTION

Services

cn.jpush.android.service.PushService

cn.jpush.android.intent.REGISTER
cn.jpush.android.intent.REPORT
cn.jpush.android.intent.PushService
cn.jpush.android.intent.PUSH_TIME

cn.jpush.android.service.DaemonService

cn.jpush.android.intent.DaemonService

Android Permissions

cf75790696237188496fa7230ca1626b_JaffaCakes118

Permissions

android.permission.INTERNET

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_MOCK_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.WAKE_LOCK

android.permission.VIBRATE

android.permission.CAMERA

android.permission.READ_PHONE_STATE

android.permission.RECORD_AUDIO

android.permission.FLASHLIGHT

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_LOGS

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_COARSE_LOCATION

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.RECEIVE_USER_PRESENT

android.permission.READ_PHONE_STATE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.CAMERA

android.permission.INTERNET

android.permission.WRITE_SETTINGS

android.permission.CHANGE_WIFI_STATE

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.ACCESS_FINE_LOCATION

android.permission.VIBRATE

com.xhd.ubest.permission.JPUSH_MESSAGE

android.permission.CHANGE_NETWORK_STATE

android.permission.RECORD_AUDIO

android.permission.WAKE_LOCK

android.permission.ACCESS_NETWORK_STATE

Sharing

General

Malware Config

Signatures

Files

com.xhd.ubest

com.uzmap.pkg.EntranceActivity

Activities

com.uzmap.pkg.EntranceActivity

cn.jpush.android.ui.PushActivity

com.tencent.tauth.AuthActivity

com.uzmap.pkg.uzmodules.uzSina.activity.WBShareActivity

Permissions

Receivers

com.uzmap.pkg.uzapp.UPExtraBridge

cn.jpush.android.service.PushReceiver

com.open.apicloud.jpush.JPushReceiver

Services

cn.jpush.android.service.PushService

cn.jpush.android.service.DaemonService

Android Permissions

cf75790696237188496fa7230ca1626b_JaffaCakes118