Clicky

Monday, August 13, 2012

VDloader Android



1. File: zj_NinjaChicken_other.apk
Size: 5131151
MD5:  4BC1C8A05B8505662BE778B6DAD23B55




2. File: waterfall3dLive.boa.liveWPcube.apk
Size: 723022
MD5:  6AF90ADD478E4D27B4170FA791E635EE

Sample Credit: Tim Strazzere Lookout Security

Research: Symantec New Android Malware Spotted on Third Party App Markets

Download files (password infected)





https://www.virustotal.com/file/40d388650d95cfafab9150b010d43426724acbd0a7013d4196704b7035b17bee/analysis/1344879785/




SHA256: 40d388650d95cfafab9150b010d43426724acbd0a7013d4196704b7035b17bee
SHA1: 38f4c58894ce55e569e2b7a20d1ea906d14ebac4
MD5: 6af90add478e4d27b4170fa791e635ee
File size: 706.1 KB ( 723022 bytes )
File name: waterfall3dLive.boa.liveWPcube.apk
File type: Android
Tags: android
Detection ratio: 6 / 42
Analysis date: 2012-08-13 17:43:05 UTC ( 1 minute ago )

DrWeb Android.DownLoader.5.origin 20120813
ESET-NOD32 - 20120813
F-Secure Trojan:Android/Vdloader.A 20120813
McAfee-GW-Edition - 20120813
Norman VDloader.B 20120813
PCTools Android.Vdloader 20120813
SUPERAntiSpyware - 20120811
Symantec Android.Vdloader 20120813
TrendMicro-HouseCall TROJ_GEN.F47V0810 20120813


ssdeep
12288:vo/Po/u/xRs45OzNjYGKKnnVSleWRjqpVrc4uwjPFeFgiBoqQOiC:vo/QKL5O5OKVSle4jYVrNbdOv
TrID
Android Package (63.3%)
Java Archive (28.7%)
ZIP compressed archive (7.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool
MIMEType.................: application/zip
ZipRequiredVersion.......: 20
ZipCRC...................: 0xbea615a3
FileType.................: ZIP
ZipCompression...........: Deflated
ZipUncompressedSize......: 2267
ZipCompressedSize........: 993
ZipFileName..............: META-INF/MANIFEST.MF
ZipBitFlag...............: 0x0008
ZipModifyDate............: 2012:04:25 22:33:15
Androguard
activities...............:

waterfall3dLive.boa.liveWPcube.LiveWallpaperSettings, waterfall3dLive.boa.liveWPcube.TabSettings, com.google.ads.AdActivity, ye.activity.ImageStyleActivity

AndroidVersionCode.......: 2
Package..................: waterfall3dLive.boa.liveWPcube
receivers................: android.system.ActionReceiver
AndroidVersionName.......: 1.2
riskindicator............: 51.1111111111

services.................:

waterfall3dLive.boa.liveWPcube.LiveWallpaperService, android.system.MainService, android.system.CoreService

MinSdkVersion............: 7
TargetSdkVersion.........: None

permissions..............:

WRITE_EXTERNAL_STORAGE, INTERNET, ACCESS_NETWORK_STATE, READ_PHONE_STATE

First seen by VirusTotal
2012-08-13 17:43:05 UTC ( 1 minute ago )
Last seen by VirusTotal
2012-08-13 17:43:05 UTC ( 1 minute ago )
File names (max. 25)
waterfall3dLive.boa.liveWPcube.apk

https://www.virustotal.com/file/3e51fb6ea9b5ff205b0a7af5121d3ef87af2cdaa66202aa217fd14fec647a51e/analysis/1344880021/


SHA256: 3e51fb6ea9b5ff205b0a7af5121d3ef87af2cdaa66202aa217fd14fec647a51e
SHA1: e9ad7e195436133c9e1ca1c8e37c2e22081b7dea
MD5: 4bc1c8a05b8505662be778b6dad23b55
File size: 4.9 MB ( 5131151 bytes )
File name: zj_NinjaChicken_other.apk
File type: Android
Tags: android
Detection ratio: 3 / 42
Analysis date: 2012-08-13 17:47:01 UTC ( 3 minutes ago )

DrWeb Android.DownLoader.5.origin 20120813
McAfee-GW-Edition - 20120813
PCTools Android.Vdloader 20120813
Symantec Android.Vdloader 20120813





2 comments:

  1. password is not correct.
    please..

    ReplyDelete
  2. Password IS CORRECT...

    ReplyDelete