Update: February 6, 2012
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5: 56033DAEF6A020D8E64729ACB103F818
Sample Credit: S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko
Download - Password infected
Download extracted files
==========================================================================
Name: SuiConFo.apk
MD5: 1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits: many thanks to Ian French, December 8, 2011
Research: Kaspersky: SMS Trojans: all around the world
Download - password infected
SHA256: 213e042b3d5b489467c5a461ffdd2e38edaa0c74957f0b1a0708027e66080890
SHA1: 60483948b65c7a87fddd1342999d816dc559b5e5
MD5: 56033daef6a020d8e64729acb103f818
File size: 5.2 MB ( 5457274 bytes )
File name: 56033daef6a020d8e64729acb103f818
File type: ZIP
Detection ratio: 18 / 43
Analysis date: 2012-02-03 00:25:01 UTC ( 3 days, 12 hours ago )
Antiy-AVL Trojan/AndroidOS.Foncy 20120202
Avast Android:Foncy-B [Trj] 20120202
BitDefender Android.Trojan.Foncy.A 20120203
Emsisoft Trojan.AndroidOS.FoncySms!IK 20120203
eTrust-Vet Linux/IrcBot.A 20120202
F-Secure Trojan:Android/SMSFoncy.A!mfb 20120202
Fortinet Android/Foncy.B!tr 20120202
GData Android.Trojan.Foncy.A 20120202
Ikarus Trojan.AndroidOS.FoncySms 20120202
Kaspersky HEUR:Trojan-SMS.AndroidOS.Foncy.a 20120203
Microsoft Trojan:AndroidOS/FoncySms.A 20120202
NOD32 Android/TrojanSMS.Agent.AJ 20120203
PCTools Android.FoncySMS 20120201
Symantec Trojan.Gen.2 20120202
TrendMicro AndroidOS_FONCYSMS.A 20120202
TrendMicro-HouseCall AndroidOS_FONCYSMS.A 20120203
VBA32 - 20120202
VIPRE Trojan.AndroidOS.FoncySms.a (v) 20120202
VirusBuster Trojan.AndroidOS.Foncy.B
SuiConFo.apk
Submission date: 2011-12-09 03:01:39 (UTC)
Result:
6 /43 (14.0%)
Antiy-AVL 2.0.3.7 2011.12.09 Trojan/AndroidOS.Foncy
Avast 6.0.1289.0 2011.12.08 Android:Foncy-A [Trj]
Comodo 10889 2011.12.09 UnclassifiedMalware
GData 22 2011.12.09 Android:Foncy-A
Kaspersky 9.0.0.837 2011.12.08 HEUR:Trojan-SMS.AndroidOS.Foncy.a
NOD32 6691 2011.12.07 Android/TrojanSMS.Agent.Q
TrendMicro-HouseCall 9.500.0.1008 2011.12.09 -
MD5 : 1a3fb120e5a4bd51cb999a43e2d06d88
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5: 56033DAEF6A020D8E64729ACB103F818
Sample Credit: S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko
Download - Password infected
Download extracted files
- /data/data/com.android.bot/
files/header01.png (ELF executable). - /data/data/com.android.bot/
files/footer01.png (ELF executable). - /data/data/com.android.bot/
files/border01.png (Android app - an APK File).
==========================================================================
Name: SuiConFo.apk
MD5: 1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits: many thanks to Ian French, December 8, 2011
Research: Kaspersky: SMS Trojans: all around the world
Download - password infected
SHA256: 213e042b3d5b489467c5a461ffdd2e38edaa0c74957f0b1a0708027e66080890
SHA1: 60483948b65c7a87fddd1342999d816dc559b5e5
MD5: 56033daef6a020d8e64729acb103f818
File size: 5.2 MB ( 5457274 bytes )
File name: 56033daef6a020d8e64729acb103f818
File type: ZIP
Detection ratio: 18 / 43
Analysis date: 2012-02-03 00:25:01 UTC ( 3 days, 12 hours ago )
Antiy-AVL Trojan/AndroidOS.Foncy 20120202
Avast Android:Foncy-B [Trj] 20120202
BitDefender Android.Trojan.Foncy.A 20120203
Emsisoft Trojan.AndroidOS.FoncySms!IK 20120203
eTrust-Vet Linux/IrcBot.A 20120202
F-Secure Trojan:Android/SMSFoncy.A!mfb 20120202
Fortinet Android/Foncy.B!tr 20120202
GData Android.Trojan.Foncy.A 20120202
Ikarus Trojan.AndroidOS.FoncySms 20120202
Kaspersky HEUR:Trojan-SMS.AndroidOS.Foncy.a 20120203
Microsoft Trojan:AndroidOS/FoncySms.A 20120202
NOD32 Android/TrojanSMS.Agent.AJ 20120203
PCTools Android.FoncySMS 20120201
Symantec Trojan.Gen.2 20120202
TrendMicro AndroidOS_FONCYSMS.A 20120202
TrendMicro-HouseCall AndroidOS_FONCYSMS.A 20120203
VBA32 - 20120202
VIPRE Trojan.AndroidOS.FoncySms.a (v) 20120202
VirusBuster Trojan.AndroidOS.Foncy.B
SuiConFo.apk
Submission date: 2011-12-09 03:01:39 (UTC)
Result:
6 /43 (14.0%)
Antiy-AVL 2.0.3.7 2011.12.09 Trojan/AndroidOS.Foncy
Avast 6.0.1289.0 2011.12.08 Android:Foncy-A [Trj]
Comodo 10889 2011.12.09 UnclassifiedMalware
GData 22 2011.12.09 Android:Foncy-A
Kaspersky 9.0.0.837 2011.12.08 HEUR:Trojan-SMS.AndroidOS.Foncy.a
NOD32 6691 2011.12.07 Android/TrojanSMS.Agent.Q
TrendMicro-HouseCall 9.500.0.1008 2011.12.09 -
MD5 : 1a3fb120e5a4bd51cb999a43e2d06d88
Hey I tried to contact you to get password for CVE-2010-2883 but failed to deliver e-mail lol. I'd appreciated if you can tell me your e-mail addresses. Thanks !
ReplyDeleteIt is on blog profile - top right, click on Mila - contact info there.
ReplyDeleteFrench computer crime investigators from OCLCTIC have charged two men in connection with money-making malware that targets Android smartphone users. They are suspected of infecting more than 2000 Android devices with the Foncy Trojan horse.
ReplyDelete