Clicky

Friday, July 13, 2012

MMMarketPay - Android Application buying trojan

 File: com.mediawoz.gotq.apk

Size: 4839186
MD5:  CD6F0C2FB0A5A9B2793F0BD9AED8E922

Research MMarketPay.A, New Android Malware Found in the Wild By TrustGo Security Labs On July 6, 2012 In Malware, Security
Sample credit:  Tim Strazzerre - Lookout security

 Download (password infected)



SHA256: 19b89f2bbe9a73af6976d4a8acfe653ca93fb49269433ec92a9ca6da7311a8b3
SHA1: 9a6a6e0a2c47550bb44c0322f82d4f677d8cbb89
MD5: cd6f0c2fb0a5a9b2793f0bd9aed8e922
File size: 4.6 MB ( 4839186 bytes )
File name: com.mediawoz.gotq.apk
File type: Android
Detection ratio: 4 / 40
Analysis date: 2012-07-14 01:58:31 UTC ( 1 minute ago ) 
Kaspersky HEUR:Trojan.AndroidOS.MMarketPay.a 20120714
NOD32 Android/MMarketPay.A 20120713
PCTools Android.Kranxpay 20120714
Symantec Android.Kranxpay 20120714

Votes
Additional information
ssdeep
98304:oGiG81AsndstUji/tlt6HCff1B/o5/U7u/OEF/cXKxvb18RH66A4ZxQOPY:581rnmtgwtlt6if9B/om7EOEF/Dxvb1Z
TrID
Android Package (63.3%)
Java Archive (28.7%)
ZIP compressed archive (7.9%)
ExifTool
MIMEType.................: application/zip
ZipRequiredVersion.......: 10
ZipCRC...................: 0x48ed3199
FileType.................: ZIP
ZipCompression...........: None
ZipUncompressedSize......: 831
ZipCompressedSize........: 831
ZipFileName..............: assets/195x228.png
ZipBitFlag...............: 0
ZipModifyDate............: 2012:05:02 19:33:08
Androguard
activities...............:

com.mediawoz.goweather.WeatherApp, com.mediawoz.goweather.AddCityActivity, com.mediawoz.goweather.PopularcityActivity, com.mediawoz.goweather.BrowseCityActivity, com.mediawoz.goweather.AddChinaCityActivity, com.mediawoz.goweather.EditCityActivity, com.mediawoz.goweather.SettingActivity, com.mediawoz.goweather.SettingThemeTabActivity, com.mediawoz.goweather.ThemeSettingActivity, com.mediawoz.goweather.AboutActivity, com.mediawoz.goweather.FeedbackActivity, com.mediawoz.goweather.SelectBugActivity, com.mediawoz.goweather.tutorial.WeatherL, com.mediawoz.goweather.tutorial.WeatherLNew, com.mediawoz.goweather.NewsActivity, com.mediawoz.goweather.wallpaper.WallpaperSetting, com.mediawoz.goweather.widget.WeatherWidgetConfigure

AndroidVersionCode.......: 55
Package..................: com.mediawoz.gotq

receivers................:

com.mediawoz.goweather.widget.WeatherWidgetProvider, com.mediawoz.goweather.widget.WeatherMWidgetProvider, com.mediawoz.goweather.widget.WeatherSWidgetProvider, com.mediawoz.gotq.ServiceBroadcastReceiver, com.anksoft.Alarmreceiver, com.anksoft.Ankbootr, com.anksoft.AnkSMSr, com.anksoft.AnkUncr

AndroidVersionName.......: 1.9.18
riskindicator............: 53.0

services.................:

com.mediawoz.goweather.wallpaper.GoWallpaperService, com.mediawoz.goweather.StatusBarService, com.anksoft.Ankboots, com.anksoft.Anknets, com.anksoft.Ankexcutes, com.anksoft.Ankrexts, com.exchange.Public.DownloadingService

MinSdkVersion............: 7
TargetSdkVersion.........: None

permissions..............:

CHANGE_NETWORK_STATE, VIBRATE, WRITE_APN_SETTINGS, ACCESS_FINE_LOCATION, ACCESS_WIFI_STATE, ACCESS_MOCK_LOCATION, SEND_SMS, RECEIVE_SMS, READ_LOGS, WRITE_SMS, CAMERA, ACCESS_COARSE_LOCATION, GET_TASKS, RECEIVE_BOOT_COMPLETED, ACCESS_NETWORK_STATE, READ_PHONE_STATE, MOUNT_UNMOUNT_FILESYSTEMS, INTERNET, WRITE_EXTERNAL_STORAGE, READ_SMS

First seen by VirusTotal
2012-07-14 01:58:31 UTC ( 1 minute ago )
Last seen by VirusTotal
2012-07-14 01:58:31 UTC ( 1 minute ago )
File names (max. 25)
com.mediawoz.gotq.apk

No comments:

Post a Comment