d3ba982737b5e2a4cfe7037392eabbbc_JaffaCakes118

General

Target

d3ba982737b5e2a4cfe7037392eabbbc_JaffaCakes118
Size

10.4MB
MD5

d3ba982737b5e2a4cfe7037392eabbbc
SHA1

00539d662a62c6ca6c675e71a46db9d6c040e8cd
SHA256

e984e6c43cd93dbba109eb8789e53d340e7f24ee52ba01c7ee48e48a0b4274d1
SHA512

b85adf59b6368f1b947806456f841bee455987d4d0decb9169a549b7d9d7a98bc050161a1c28f7925492de5806f9d96de7f354ed661aa17d26730a76eea988ca
SSDEEP

196608:KfE92f0ItfsmJXybK/jlTRAUBfu+d6Pf1E/ycSu0qN4cVcIVB3bpoqAGHYjsazrq:z8x2mJCbK/jPAUhnd6VEa04cVcIVtbGc

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 3 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE
Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress.	android.permission.BIND_INCALL_SERVICE

Requests dangerous framework permissions 13 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows the app to answer an incoming phone call.	android.permission.ANSWER_PHONE_CALLS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS

Files

d3ba982737b5e2a4cfe7037392eabbbc_JaffaCakes118
.apk android arch:arm

com.cheetah.md

com.cmcm.show.activity.SplashActivity

Activities

com.cmcm.show.activity.SplashActivity

android.intent.action.MAIN

com.cmcm.show.call.KInCallActivity

android.intent.action.VIEW
android.intent.action.DIAL
android.intent.action.DIAL

com.sina.weibo.sdk.share.WbShareTransActivity

com.sina.weibo.sdk.action.ACTION_SDK_REQ_ACTIVITY

com.tencent.tauth.AuthActivity

android.intent.action.VIEW

Permissions

android.permission.GET_TASKS
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.WRITE_SETTINGS
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_USER_PRESENT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FLASHLIGHT
android.permission.CAMERA
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.MODIFY_PHONE_STATE
android.permission.CALL_PHONE
android.permission.READ_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.PROCESS_INCOMING_CALLS
android.permission.BROADCAST_STICKY
android.permission.ANSWER_PHONE_CALLS
android.permission.GET_ACCOUNTS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.READ_SYNC_SETTINGS
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.MANAGE_ACCOUNTS
android.permission.USE_CREDENTIALS
android.permission.CHANGE_NETWORK_STATE
com.bbk.launcher2.permission.READ_SETTINGS
com.bbk.launcher2.permission.WRITE_SETTINGS
android.permission.REORDER_TASKS

Receivers

com.yulore.basic.cache.receiver.MultipleReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.cmcm.show.receiver.WakeReceiver

com.cmcm.cmshow_cn.wakeme
action_get_and_install_plugin
ACTION_NOTIFY_MEM_CHANGE
action_v5_push_message
android.intent.action.ACTION_UNSOL_RESPONSE_OEM_HOOK_RAW
android.intent.action.ALARM_CHANGED
android.intent.action.BADGE_COUNT_UPDATE
android.intent.action.GTALK_CONNECTED
android.intent.action.GTALK_DISCONNECTED
android.intent.action.MEDIA_SCANNER_FINISHED
android.intent.action.MEDIA_SCANNER_STARTED
android.intent.action.PROVIDER_CHANGED
android.intent.action.RINGTONE_ADD
android.intent.action.ultimatesnapshot
android.net.sip.SIP_SERVICE_UP
applock_cloudcfg_changed_notification
broadcast_action_close_pop
broadcast_action_request_query
com.android.calendar.APPWIDGET_UPDATE
com.android.contacts.favorites.updated
com.android.huawei.DATASERVICE_SETTING_CHANGED
com.android.internal.telephony
com.android.launcher.action.INSTALL_SHORTCUT
com.android.launcher.action.UNINSTALL_SHORTCUT
com.baidu.android.pushservice.action.METHOD
com.baidu.ufosdk.getappkeysuccess_getnewhistoryflag
com.bytedance.frameworks.plugin.ACTION_REPORTER
com.cmcm.screensaver.screen_off
com.cmcm.screensaver.screen_on
com.google.android.checkin.CHECKIN_COMPLETE
com.google.android.talk.MCS_CONNECTION_SERVICE_STARTED
com.huawei.android.push.intent.REGISTER
com.huawei.android.push.intent.SOCKET_INFO
com.huawei.intent.action.PUSH_STATE
com.huawei.mms.RINGER_MODE_CHANGED
com.kingroot.common.ACTION_NEW_APP_STARTED
com.kingroot.common.ACTION_NOTIFY_IN_SELF_APP_MAIN
com.kingroot.common.ACTION_NOTIFY_OUT_SELF_APP_BY_MAIN
com.kingroot.common.ACTION_SWITCH_IN_DESKTOP
com.kingroot.common.ACTION_SWITCH_OUT_DESKTOP
com.kingroot.common.ACTION_TOP_ACTIVITY_CHANGED
com.kingroot.common.ACTION_TOP_APP_CHANGED
com.kingroot.kinguser.gamebox.ACTION_GAME_ADDED
com.morgoo.doirplugin.PACKAGE_ADDED
com.qihoo.action.UPDATE_NOTIFY
com.qihoo.antivirus.sync.ActivityResultChange
com.qihoo.appstore.appwatcher.removeall
com.qihoo.appstore.appwatcher.reset
com.qihoo.root.rooting
com.qihoo.root.rootover
com.qihoo360.launcher.action.APP_ICON_NOTIFICATION_COUNT
com.sina.weibo.action.push.active.groupscheme
com.sina.weibo.action.push.active.record.complete
com.sina.weibo.guardunion.NEW_DATA
com.sina.weibo.photo.action.UPDATE_VIDEO_CONFIG
com.sina.weibo.video.debug.ACTION_PLAYER_LOG_SAVED
com.sina.weibo.video.debug.ACTION_PLAYER_LOG_START
com.taobao.bootimage.show.coldstart
com.taobao.bootimage.show.finish
com.taobao.event.HomePageLoadFinished
com.taobao.tao.messagkit.receive
com.taobao.taobao.action.BUNDLES_INSTALLED
com.taobao.taobao.intent.action.INIT
com.tencent.android.qqdownloader.action.CAN_UPDATE_APP_SUM_CHANGED
com.tencent.assistant.ipc.firststart.action
com.tencent.intent.QZONE_PRE_DOWNLOAD_CANCEL
com.tencent.mm.Intent.ACTION_CLICK_FLOW_REPORT
com.tencent.mm.plugin.openapi.Intent.ACTION_HANDLE_APP_REGISTER
com.tencent.mm.ui.ACTION_ACTIVE
com.tencent.mm.ui.ACTION_DEACTIVE
com.tencent.mobileqq.activity.NotifyPushSettingActivity.ConfigPCActive
com.tencent.mobileqq.broadcast.qq
com.tencent.mobileqq.cooperation.plugin.comic_plugin.apk
com.tencent.mobileqq.cooperation.plugin.Photoplus.apk
com.tencent.mobileqq.cooperation.plugin.qlink_plugin.apk
com.tencent.mobileqq.cooperation.plugin.qqreaderplugin.apk
com.tencent.mobileqq.msf.wakeup
com.tencent.mobileqq.openapi.ACTION_LOGIN
com.tencent.mobileqq.PreLoadComicProcess
com.tencent.mobileqq.qqwifi.scanStateChange
com.tencent.mobileqq.secmsg.NetReconnect
com.tencent.plugin.state.change
com.tencent.process.exit
com.tencent.process.starting
com.tencent.process.stopping
com.tencent.process.tmdownloader.exit
com.tencent.qplus.THEME_INVALIDATE
com.tencent.qplus.THEME_UPDATE
com.tencent.qq.syncQQMessage
com.tencent.qqhead.getheadreq
com.tencent.qqmusic.ACTION_FREE_FLOW_INFO_REFRESH.QQMusicPhone
com.tencent.qqmusic.ACTION_META_CHANGED.QQMusicPhone
com.tencent.qqmusic.ACTION_SDCARD_STATE_CHANGED.QQMusicPhone
com.tencent.qqmusic.ACTION_SERVICE_REPAINT_WIDGET.QQMusicPhone
com.tencent.receiver.qfav.srvaddr
com.tencent.receiver.soso
com.tencent.redpoint.broadcast.push.av
com.tentcent.mobileqq.dpc.broadcast
com.xiaomi.push.service_started
download.app.DOWNLOAD_APP
event_checked_result
event_file_downloaded
event_update_begin
event_update_end
event_update_progress
finishNOOSN
home_search_enable
hotfix.action.update
huawei.intent.action.POWER_MODE_CHANGED_ACTION
miui.intent.action.NETWORK_BLOCKED
miui.intent.action.NETWORK_CONNECTED
mqq.intent.action.EXITcom.tencent.mobileqq
mqq.intent.action.LAUNCH_com.tencent.mobileqq
netAnaly.day.flow.collect
qqcomic.downloader.tasksfinished.broadcast
qy.player.core.type
sina.weibo.action.NOUSER
TAOBAO_DELAY_START_LOGIN
TAOBAO_DELAY_START_POWMSG
tencent.video.q2v.GroupSystemMsg
wifi.intent.action.INTERNET_ACCESS_ENABLED
android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_SHUTDOWN
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.USER_PRESENT
android.intent.action.DATE_CHANGED
android.intent.action.ACTION_NEW_PICTURE
android.intent.action.ACTION_NEW_VIDEO
android.intent.action.SCREEN_OFF
android.intent.action.SCREEN_ON
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_DATA_CLEARED
android.intent.action.MY_PACKAGE_REPLACED
android.intent.action.NEW_OUTGOING_CALL
android.intent.action.TIME_SET
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.ACTION_BATTERY_LOW
android.intent.action.ACTION_BATTERY_OKAY

com.cleanmaster.daemon.foreServiceforlive.receiver.WakeReceiver

com.wake.gray

com.cleanmaster.security.accessibilitysuper.permissioncheck.PermissionCheckBroadcastReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_SHUTDOWN

com.cmcm.show.activity.Nfv

android.intent.action.PACKAGE_ADDED

Services

com.cmcm.show.service.CMShowAccessibilityService

android.accessibilityservice.AccessibilityService

com.cmcm.show.phone.AboveAP121NotifyMonitorService

android.service.notification.NotificationListenerService

com.cmcm.show.call.KInCallService

android.telecom.InCallService

com.cleanmaster.daemon.accountManager.CMSyncService

android.content.SyncAdapter

com.cleanmaster.daemon.accountManager.CMAuthService

android.accounts.AccountAuthenticator

com.cleanmaster.security.accessibilitysuper.ipc.PermissionMessengerService

com.cleanmaster.security.accessibilitysuper.ipc.PermissionMessengerService

com.cleanmaster.base.crash.CrashReportService

com.cleanmaster.crash.report

Android Permissions

d3ba982737b5e2a4cfe7037392eabbbc_JaffaCakes118

Permissions

android.permission.GET_TASKS

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_CONTACTS

android.permission.WRITE_SETTINGS

android.permission.READ_PHONE_STATE

android.permission.RECEIVE_USER_PRESENT

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.FLASHLIGHT

android.permission.CAMERA

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.DOWNLOAD_WITHOUT_NOTIFICATION

android.permission.ACCESS_COARSE_LOCATION

android.permission.MODIFY_PHONE_STATE

android.permission.CALL_PHONE

android.permission.READ_PHONE_STATE

android.permission.PROCESS_OUTGOING_CALLS

android.permission.PROCESS_INCOMING_CALLS

android.permission.BROADCAST_STICKY

android.permission.ANSWER_PHONE_CALLS

android.permission.GET_ACCOUNTS

android.permission.AUTHENTICATE_ACCOUNTS

android.permission.READ_SYNC_SETTINGS

android.permission.WRITE_SYNC_SETTINGS

android.permission.READ_SYNC_STATS

android.permission.MANAGE_ACCOUNTS

android.permission.USE_CREDENTIALS

android.permission.CHANGE_NETWORK_STATE

com.bbk.launcher2.permission.READ_SETTINGS

com.bbk.launcher2.permission.WRITE_SETTINGS

android.permission.REORDER_TASKS

Sharing

General

Malware Config

Signatures

Files

com.cheetah.md

com.cmcm.show.activity.SplashActivity

Activities

com.cmcm.show.activity.SplashActivity

com.cmcm.show.call.KInCallActivity

com.sina.weibo.sdk.share.WbShareTransActivity

com.tencent.tauth.AuthActivity

Permissions

Receivers

com.yulore.basic.cache.receiver.MultipleReceiver

com.cmcm.show.receiver.WakeReceiver

com.cleanmaster.daemon.foreServiceforlive.receiver.WakeReceiver

com.cleanmaster.security.accessibilitysuper.permissioncheck.PermissionCheckBroadcastReceiver

com.cmcm.show.activity.Nfv

Services

com.cmcm.show.service.CMShowAccessibilityService

com.cmcm.show.phone.AboveAP121NotifyMonitorService

com.cmcm.show.call.KInCallService

com.cleanmaster.daemon.accountManager.CMSyncService

com.cleanmaster.daemon.accountManager.CMAuthService

com.cleanmaster.security.accessibilitysuper.ipc.PermissionMessengerService

com.cleanmaster.base.crash.CrashReportService

Android Permissions

d3ba982737b5e2a4cfe7037392eabbbc_JaffaCakes118