Thursday, October 30, 2014

Android icon vulnerability - malware sample


Research: Cheetah Mobile: Android icon vulnerability can cause serious system-level crashes
The malware uses a very large icon which overloads the system’s capabilities and causes some important processes to crash, such as the Settings and Launcher.



Sample credit: Weuzhu Liu

File: d.apk
Size: 12245344
MD5:  DD23039E2C18F2CD1CA2604478E8CD00


Download. Email me if you need the password







SHA256: dc99785268312135079fae8a720ec442fd02d247e2222356654dbdae396bc20b
File name: d.apk
Detection ratio: 38 / 52
Analysis date: 2014-10-30 13:40:02 UTC ( 14 hours, 51 minutes ago ) 

 Behavioural information
Antivirus Result Update
AVG VBS/Dropper 20141030
AVware Virus.VBS.Ramnit.a (v) 20141030
Ad-Aware Trojan.HTML.Ramnit.A 20141030
Agnitum VBS.Ramnit.T 20141028
Avast VBS:Dropper-DF [Trj] 20141030
Avira VBS/Ramnit.483893 20141030
BitDefender Trojan.HTML.Ramnit.A 20141030
CAT-QuickHeal VBS/Ramnit.BG 20141030
ClamAV Heuristic.HTML.Dropper 20141030
Comodo Virus.VBS.Ramnit.c 20141030
Cyren VBS/DropDownld.B 20141030
DrWeb VBS.Rmnet.2 20141030
ESET-NOD32 Win32/Ramnit.A 20141030
Emsisoft Trojan.HTML.Ramnit.A (B) 20141030
F-Prot VBS/DropDownld.B 20141030
F-Secure Trojan.HTML.Ramnit.A 20141030
Fortinet VBS/Dropper.DL!tr 20141030
GData Trojan.HTML.Ramnit.A 20141030
Ikarus Virus.VBS.Ramnit 20141030
Jiangmin Trojan/Script.Gen 20141029
K7AntiVirus Trojan ( 001bb56b1 ) 20141030
K7GW Trojan ( 001bb56b1 ) 20141030
Kaspersky Trojan-Dropper.VBS.Agent.bp 20141030
McAfee Artemis!DD23039E2C18 20141030
McAfee-GW-Edition W32/Ramnit.a!htm 20141030
MicroWorld-eScan Trojan.HTML.Ramnit.A 20141029
Microsoft Virus:VBS/Ramnit.gen!C 20141030
NANO-Antivirus Trojan.Script.Agent.bfcghy 20141030
Norman Ramnit.CQSW 20141030
Qihoo-360 Script/Virus.2cc 20141030
Sophos VBS/Inor-AA 20141030
Symantec W32.Ramnit!html 20141030
Tencent Html.Win32.Script.1500711 20141030
TheHacker Trojan/Ramnit.gen 20141028
TotalDefense HTML/Ramnit!generic 20141029
TrendMicro HTML_RAMNIT.ALE 20141030
Zillya Dropper.Inor.VBS.1 20141029
nProtect Trojan.HTML.Ramnit.A 20141030

No comments:

Post a Comment