Clicky

Friday, February 28, 2014

Droidpak - Android targeting Windows malware

Research: Kaspersky -


df4045aa9cb62699bd2ae12f860f2ed1.exe_
577a8c571e2dd610247ecfa0fb3c6cb3_install.exe_
04e8ff68ead683e52b53e174d08eddf4_Voip.dll_
SHA256: 1950c1e350573c9a593e89e551c9b1c7fd3ed8ccce21ed85d755f3d4f5de1d30
File name: install
MD5 577a8c571e2dd610247ecfa0fb3c6cb3
imphash  9861424b584094e223f746a72358be9e
File size 19.5 KB ( 19968 bytes )
File type Win32 EXE
Detection ratio: 37 / 50
Analysis date: 2014-02-18 01:31:26 UTC ( 1 week, 3 days ago )
Antivirus Result Update
AVG Downloader.Agent2.BSOY.dropper 20140218
Ad-Aware Gen:Variant.Graftor.38558 20140218
Agnitum Trojan.DR.Agent!P9aPiH374xc 20140217
AhnLab-V3 Dropper/Win32.ApkLoader 20140217
AntiVir TR/Symmi.29393.1 20140218
Antiy-AVL Trojan[Backdoor:HEUR]/Win32.AGeneric 20140217
Avast Win32:Driodpak-B [Trj] 20140218
Baidu-International Trojan.Win32.Dropper.QMB 20140217
BitDefender Gen:Variant.Graftor.38558 20140218
CAT-QuickHeal Trojan.Droidpak 20140217
Commtouch W32/Trojan.JQGJ-0681 20140218
Comodo Worm.Win32.Tenavt.A 20140218
DrWeb Trojan.Apkloader.1 20140218
ESET-NOD32 a variant of Win32/TrojanDropper.Agent.QMB 20140218
Emsisoft Gen:Variant.Graftor.38558 (B) 20140218
F-Secure Gen:Variant.Graftor.38558 20140216
Fortinet W32/Agent.QMB!tr 20140217
GData Gen:Variant.Graftor.38558 20140218
Ikarus Trojan-Downloader.Agent 20140218
K7AntiVirus Trojan ( 00494f281 ) 20140217
K7GW Trojan ( 00494f281 ) 20140217
Kaspersky HEUR:Backdoor.Win32.Generic 20140218
Kingsoft Win32.Hack.Undef.(kcloud) 20140218
McAfee RDN/Generic Dropper!tn 20140218
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20140218
MicroWorld-eScan Gen:Variant.Graftor.38558 20140218
Microsoft Trojan:Win32/Droidpak.A 20140218
NANO-Antivirus Trojan.Win32.Hangame.csmumx 20140216
Norman Suspicious_Gen5.ALAPN 20140217
Panda Trj/CI.A 20140217
Qihoo-360 HEUR/Malware.QVM06.Gen 20140218
Sophos Troj/DwnlAPK-A 20140218
Symantec WS.Reputation.1 20140217
TrendMicro TROJ_DROIDPAK.C 20140218
TrendMicro-HouseCall TROJ_DROIDPAK.C 20140218
VIPRE Trojan.Win32.Droidpak.a (fs) 20140218
ViRobot Dropper.Agent.19968.G 2014021

https://www.virustotal.com/en-gb/file/af1dee6f525b79c0aea29b0b7a5910c08aec8f8b355fa7f935d7ba6b86b87bc7/analysis/
SHA256: af1dee6f525b79c0aea29b0b7a5910c08aec8f8b355fa7f935d7ba6b86b87bc7
File name: df4045aa9cb62699bd2ae12f860f2ed1
Detection ratio: 45 / 48
Analysis date: 2014-02-26 01:12:28 UTC ( 2 days, 13 hours ago )
MD5 df4045aa9cb62699bd2ae12f860f2ed1
File size 113.0 KB ( 115724 bytes )
File type Win32 EXE Behavioural information
Antivirus Result Update
AVG Dropper.Generic.BVRA 20140225
Ad-Aware Trojan.Generic.4297801 20140226
Agnitum Trojan.DR.Small!EwnYg1O5HSU 20140225
AntiVir TR/Graftor.Elzob.19615.9 20140226
Antiy-AVL Trojan[Dropper]/Win32.Small 20140226
Avast Win32:Malware-gen 20140226
Baidu-International Trojan.Win32.Dropper.aV 20140225
BitDefender Trojan.Generic.4297801 20140226
Bkav W32.HfsOval.2857 20140225
CAT-QuickHeal TrojanDropper.Agent.jfhy 20140225
CMC Trojan-Dropper.Win32.Small!O 20140220
Commtouch W32/VBTrojan.Downloader.1D!Maxi 20140226
Comodo TrojWare.Win32.AntiAV.~G 20140226
DrWeb Trojan.MulDrop.14344 20140226
ESET-NOD32 a variant of Win32/TrojanDropper.Agent.QIB 20140226
Emsisoft Trojan.Generic.4297801 (B) 20140226
F-Prot W32/VBTrojan.Downloader.1D!Maxi 20140226
F-Secure Trojan.Generic.4297801 20140226
Fortinet W32/Small.AXX!tr 20140226
GData Trojan.Generic.4297801 20140226
Ikarus Trojan-Dropper.Win32.Small.axx 20140226
Jiangmin TrojanDropper.Small.cnv 20140226
K7AntiVirus Riskware ( 0040eff71 ) 20140225
K7GW Riskware ( 0040eff71 ) 20140225
Kaspersky Trojan-Dropper.Win32.Small.axx 20140225
Kingsoft Win32.Troj.Small.(kcloud) 20140226
Malwarebytes Trojan.GamesThief.NR 20140226
McAfee RDN/Generic Dropper!sz 20140226
McAfee-GW-Edition RDN/Generic Dropper!sz 20140226
MicroWorld-eScan Trojan.Generic.4297801 20140226
Microsoft Trojan:Win32/Droidpak.A 20140226
NANO-Antivirus Trojan.Win32.Small.crvcii 20140226
Norman Troj_Generic.RWLBP 20140224
Panda Trj/Genetic.gen 20140225
Qihoo-360 Win32/Trojan.Dropper.b07 20140226
Rising PE:Malware.Obscure!1.9C59 20140226
Sophos Troj/DwnlAPK-A 20140226
Symantec Trojan.Sequendrop 20140226
TheHacker Trojan/Dropper.Small.axx 20140226
TrendMicro TROJ_GEN.R047C0DA714 20140226
TrendMicro-HouseCall TROJ_DROIDPAK.B 20140226
VBA32 TrojanDropper.Small 20140225
VIPRE Trojan.Win32.Droidpak.a (fs) 20140226
ViRobot Dropper.Agent.299016 20140226
nProtect Trojan.Generic.4297801 20140225


https://www.virustotal.com/en-gb/file/0c3fde71c00d5fb4b1983ec990c4ab70c9c05f6675a21d2aef7a65638d8268f3/analysis/
MD5 04e8ff68ead683e52b53e174d08eddf4
File size 11.5 KB ( 11776 bytes )
File type Win32 DLL
SHA256: 0c3fde71c00d5fb4b1983ec990c4ab70c9c05f6675a21d2aef7a65638d8268f3
File name: flashmx32.xtl
Detection ratio: 32 / 51
Antivirus Result Update
AVG Downloader.Agent2.BSOY 20140204
Ad-Aware Gen:Variant.Symmi.29393 20140204
AegisLab Troj.W32.Gen 20140204
AhnLab-V3 Trojan/Win32.agent 20140203
AntiVir TR/Symmi.29393.1 20140204
Avast Win32:Driodpak-B [Trj] 20140204
Baidu-International Trojan.Win32.Downloader.AGK 20140203
BitDefender Gen:Variant.Symmi.29393 20140204
Comodo UnclassifiedMalware 20140203
DrWeb Trojan.Apkloader.1 20140204
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.AGK 20140204
Emsisoft Gen:Variant.Symmi.29393 (B) 20140204
F-Secure Gen:Variant.Symmi.29393 20140204
Fortinet W32/Agent.AGK!tr.dldr 20140204
GData Gen:Variant.Symmi.29393 20140204
Ikarus Win32.SuspectCrc 20140204
K7AntiVirus Trojan-Downloader ( 00493b121 ) 20140203
K7GW Trojan-Downloader ( 00493b121 ) 20140203
McAfee RDN/Downloader.a!op 20140204
McAfee-GW-Edition RDN/Downloader.a!op 20140204
MicroWorld-eScan Gen:Variant.Symmi.29393 20140204
Microsoft Trojan:Win32/Droidpak.A 20140204
NANO-Antivirus Trojan.Win32.Agent.cssrmc 20140204
Norman Suspicious_Gen5.ALAPN 20140203
Panda Suspicious file 20140203
Qihoo-360 Win32/Trojan.Downloader.f0f 20140204
Sophos Troj/DwnlAPK-A 20140204
Symantec WS.Reputation.1 20140204
TrendMicro TROJ_GEN.R01TC0DAV14 20140204
TrendMicro-HouseCall TROJ_GEN.R01TC0DAV14 20140204
VIPRE Trojan.Win32.Generic!BT 20140204
ViRobot Trojan.Win32.Downloader.11776.ML 20140204

No comments:

Post a Comment