Research: TGSoft 13/01/2014 18.49.39 - How safe is really Google Play Store?
Research: Android FakeMarket analysis by AndroTotal
Still available on Google Play
https://play.google.com/store/apps/details?id=com.bktballelite.com
Sample credit: Paolo Rovelli
Download. Email me if you need the password
Mobile Sandbox report
| Sample SHA256: | 4bde46accfeb2c85fe75c6dd57bba898fbb3316f7c4be788bc18676451b54561 |
|---|---|
| Sample MD5: | 5124795a3537f2f06abb021d14a74402 |
| Sample ssdeep: | 24576:ZBPPLQSltmJScer9kSF1m+0eFySOqjh94OEhjjzsryuTr0t+Ze:jLQSltmJSck9fFfOqdOjvsxr0t+Ze |
| Start of Analysis: | Jan. 19, 2014, 7:16 p.m. |
| End of Analysis: | Jan. 19, 2014, 7:16 p.m. |
| Used Features: | android.hardware.touchscreen |
| Requested Permissions from Android Manifest: | android.permission.INTERNET android.permission.WAKE_LOCK android.permission.WRITE_EXTERNAL_STORAGE android.permission.ACCESS_NETWORK_STATE android.permission.RECEIVE_BOOT_COMPLETED |
| Used Permissions: | android.permission.READ_CONTACTS android.permission.ACCESS_NETWORK_STATE android.permission.INTERNET android.permission.WAKE_LOCK |
| Responsible API calls for used Permissions: | android/content/Context;->startActivity android/content/ContentResolver;->openInputStream android/net/ConnectivityManager;->getActiveNetworkInfo android/webkit/WebView android/os/PowerManager$WakeLock;->acquire |
| Used Intents: | android.intent.action.BOOT_COMPLETED android.intent.action.MAIN android.intent.category.LAUNCHER |
| Used Activities: | .girisislemleri com.bktballelite.com.girisislemleri |
| Potentially dangerous Calls: | getSystemService Read/Write External Storage HttpPost printStackTrace getPackageInfo Obfuscation(Base64) |
| Used Services and Receiver: | ZamanServisi com.bktballelite.com.BootCompleted |
| Used Providers: | |
| Used Networks: | |
| Found URLs: | http://www.fethullahhocam.com/advertising.php http://www.mobilefilmizle.com/ipzaman.php http://www.google.it/intl/it http://www.google.com/bot.html) http://www.google.it/?hl=it http://unknown/ http://www.w3.org/2005/Atom http://www.google-analytics.com/collect https://ssl.google-analytics.com/collect |
Virustotal
https://www.virustotal.com/en-gb/file/4bde46accfeb2c85fe75c6dd57bba898fbb3316f7c4be788bc18676451b54561/analysis/1390155532/
SHA256: 4bde46accfeb2c85fe75c6dd57bba898fbb3316f7c4be788bc18676451b54561
File name: vti-rescan
Detection ratio: 5 / 42
Analysis date: 2014-01-19 18:18:52 UTC ( 1 minute ago )
Antivirus Result Update
Ikarus Trojan.AndroidOS.FakeGooglePlay 20140119
McAfee Artemis!5124795A3537 20140119
McAfee-GW-Edition Artemis!5124795A3537 20140119
Sophos Andr/Axent-V 20140119
TrendMicro-HouseCall TROJ_GEN.F47V0115
No comments:
Post a Comment