Clicky

Monday, October 17, 2011

Android anserverbot malware Anserver.apk + payload b.apk


Name:                   Payload of the Android anserverbot malware - b.apk and 002f537027830303e2205dd0a6106cb1b79fa704(AnserverBot).apk
File Name:            b.apk decoded from  from http://blog.sina.com.cn/s/blog_8440ab780100t0nf.html
MD5:                     164A147B663248558E4B6A287A429139
Sample Credits:     many thanks to Madalina Baltatu October 17, 2011
Research:              NetQuin A Technical Analysis of the AnserverBot Trojan

Download b.apk  (pass infected)

Download Anserverbot.apk  pass infected

b.apk
Submission date:2011-10-17 20:10:13 (UTC)
Current status:finished
Result:7/ 42 (16.7%)
Avast    6.0.1289.0    2011.10.17    Android:BaseBridge-I
Emsisoft    5.1.0.11    2011.10.17    Trojan.AndroidOS.Anserver!IK
F-Secure    9.0.16440.0    2011.10.17    Trojan:Android/BaseBridge.A!mfb
GData    22    2011.10.17    Android:BaseBridge-I
Ikarus    T3.1.1.107.0    2011.10.17    Trojan.AndroidOS.Anserver
Microsoft    1.7702    2011.10.17    Trojan:AndroidOS/Anserver.A
Sophos    4.70.0    2011.10.17    Andr/Ansver-A
MD5   : 164a147b663248558e4b6a287a429139

Labels: ,

3 comments:

  1. AnonymousOctober 21, 2011 at 8:04 AM

    The Answerbot.apk sample is corrupted. It is much smaller than it should be. Check its SHA1 and you'll see that it's different from what the file name suggests.

    ReplyDelete
  2. MilaOctober 21, 2011 at 8:21 AM

    I fixed it, please try again. Thank you M

    ReplyDelete
  3. AnonymousOctober 21, 2011 at 8:50 AM

    It is indeed fixed now, thanks.

    ReplyDelete

Subscribe to: Post Comments (Atom)