apk 바이러스; 결혼합니다 많이 축복해주세요

Search: 카테고리 없음 카테고리 없음 2014. 8. 30. 16:43

결혼 한다고 219.102.175,69로 접속해란다.

p:사이트명

virus-결혼합니다-D48301600.apk

% Information related to '219.96.0.0 - 219.127.255.255'

inetnum:        219.96.0.0 - 219.127.255.255
netname:        JPNIC-NET-JP
descr:          Japan Network Information Center
country:        JP
admin-c:        JNIC1-AP
tech-c:         JNIC1-AP
mnt-by:         APNIC-HM
mnt-lower:      MAINT-JPNIC
changed:        hostmaster@apnic.net 20020307
status:         ALLOCATED PORTABLE
source:         APNIC

role:           Japan Network Information Center
address:        Urbannet-Kanda Bldg 4F
address:        3-6-2 Uchi-Kanda
address:        Chiyoda-ku, Tokyo 101-0047,Japan
country:        JP
phone:          +81-3-5297-2311
fax-no:         +81-3-5297-2312
e-mail:         hostmaster@nic.ad.jp
admin-c:        JI13-AP
tech-c:         JE53-AP
nic-hdl:        JNIC1-AP
mnt-by:         MAINT-JPNIC
changed:        hm-changed@apnic.net 20041222
changed:        hm-changed@apnic.net 20050324
changed:        ip-apnic@nic.ad.jp 20051027
changed:        ip-apnic@nic.ad.jp 20120828
source:         APNIC

% Information related to '219.102.175.0 - 219.102.175.255'

inetnum:        219.102.175.0 - 219.102.175.255
netname:        INFOSPHERE
descr:          InfoSphere (NTTPC Communications, Inc.)
country:        JP
admin-c:        JP00027819
tech-c:         JP00027819
tech-c:         JP00050961
remarks:        This information has been partially mirrored by APNIC from
remarks:        JPNIC. To obtain more specific information, please use the
remarks:        JPNIC WHOIS Gateway at
remarks:        http://www.nic.ad.jp/en/db/whois/en-gateway.html or
remarks:        whois.nic.ad.jp for WHOIS client. (The WHOIS client
remarks:        defaults to Japanese output, use the /e switch for English
remarks:        output)
changed:        apnic-ftp@nic.ad.jp 20050111
changed:        apnic-ftp@nic.ad.jp 20120703
source:         JPNIC

AVG	Android/Deng.SB	20140830
AhnLab-V3	Android-Malicious/Bankun	20140829
AntiVir	Android/Spy.Gepew.A.Gen	20140829
Avast	Android:FakeKRB-E [Trj]	20140830
CAT-QuickHeal	Android.Gepew.A (Suspicious)	20140830
Cyren	AndroidOS/FakeBanker.G.gen!Eldorado	20140829
DrWeb	Android.Spy.40.origin	20140830
ESET-NOD32	a variant of Android/Spy.Banker.S	20140830
F-Secure	Trojan:Android/Gepew.B	20140830
Ikarus	Trojan.AndroidOS.Banker	20140830
Kaspersky	HEUR:Trojan-Banker.AndroidOS.Gepew.b	20140830
NANO-Antivirus	Trojan.Android.SmsSpy.dapbnu	20140830
Sophos	Andr/FakeKRB-G	20140830

The file being studied is Android related! APK Android file more specifically. The application's main package name is com.phonedog.activity. The internal version number of the application is 7. The displayed version string of the application is 3.0.0. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 14.

Risk summary

The studied DEX file makes use of API reflection

Permissions that allow the application to manipulate SMS

Permissions that allow the application to perform payments

Permissions that allow the application to access Internet

Permissions that allow the application to access private information

Other permissions that could be considered as dangerous in certain scenarios

Required permissions

com.android.launcher.permission.UNINSTALL_SHORTCUT (Unknown permission from android reference)

android.permission.READ_LOGS (read sensitive log data)

android.permission.INTERNET (full Internet access)

android.permission.WRITE_CONTACTS (write contact data)

android.permission.SEND_SMS (send SMS messages)

com.android.launcher.permission.INSTALL_SHORTCUT (Unknown permission from android reference)

android.permission.ACCESS_NETWORK_STATE (view network status)

android.permission.GET_TASKS (retrieve running applications)

android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)

android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot)

android.permission.MODIFY_PHONE_STATE (modify phone status)

android.permission.CALL_PHONE (directly call phone numbers)

android.permission.READ_PHONE_STATE (read phone state and identity)

android.permission.VIBRATE (control vibrator)

android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts)

android.permission.KILL_BACKGROUND_PROCESSES (kill background processes)

android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)

android.permission.WAKE_LOCK (prevent phone from sleeping)

android.permission.CHANGE_WIFI_STATE (change Wi-Fi status)

android.permission.RECEIVE_SMS (receive SMS)

android.permission.READ_CONTACTS (read contact data)

android.permission.MODIFY_AUDIO_SETTINGS (change your audio settings)

android.permission.RESTART_PACKAGES (kill background processes)

Permission-related API calls

FACTORY_TEST

ACCESS_NETWORK_STATE

Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo; called from Lcom/mix/kr/Config;->getAPNType(Landroid/content/Context;)I

Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo; called from Lcom/mix/kr/Config;->isNetworkConnected(Landroid/content/Context;)Z

Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo; called from Lcom/mix/kr/ConnectionChangeReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V

SEND_SMS

Landroid/telephony/SmsManager;->getDefault()Landroid/telephony/SmsManager; called from Lcom/mix/kr/SMS;->sendData(Ljava/lang/String;)V

Landroid/telephony/SmsManager;->sendTextMessage(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V called from Lcom/mix/kr/SMS;->sendData(Ljava/lang/String;)V

VIBRATE

INTERNET

Ljava/net/URL;->openConnection()Ljava/net/URLConnection; called from Lcom/mix/kr/Connect;->getHttpConnection(Ljava/lang/String;)Ljava/lang/String;

Ljava/net/URL;->openConnection()Ljava/net/URLConnection; called from Lcom/mix/kr/CoreService;->uploadFile(Ljava/lang/String;)V

Ljava/net/URL;->openConnection()Ljava/net/URLConnection; called from Lcom/mix/kr/DownLoad;->downLoadFile(Ljava/lang/String;)Ljava/io/File;

READ_CONTACTS

CHANGE_COMPONENT_ENABLED_STATE

Landroid/content/pm/PackageManager;->setComponentEnabledSetting(Landroid/content/ComponentName; I I)V called from Lcom/mix/kr/MainActivity$MyClick;->onClick(Landroid/content/DialogInterface; I)V

READ_PHONE_STATE

Landroid/telephony/TelephonyManager;->getSubscriberId()Ljava/lang/String; called from Lcom/mix/kr/Config;->getIMSI(Landroid/content/Context;)Ljava/lang/String;

Landroid/telephony/TelephonyManager;->getLine1Number()Ljava/lang/String; called from Lcom/mix/kr/Config;->getPhoneNumber(Landroid/content/Context;)Ljava/lang/String;

Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String; called from Lcom/mix/kr/CoreService;->uploadzipone(Ljava/lang/String;)V

Main Activity

com.mix.kr.MainActivity

Activities

com.mix.kr.MainActivity

com.mix.kr.WebViewActivity

Services

com.mix.kr.CoreService

Receivers

com.mix.kr.SMSReceiver

com.mix.kr.PhoneListener

com.mix.kr.BootBroadcastReceiver

com.mix.kr.LockReceiver

com.mix.kr.ConnectionChangeReceiver

Activity-related intent filters

com.mix.kr.MainActivity
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER

Receiver-related intent filters

com.mix.kr.SMSReceiver
actions: android.provider.Telephony.SMS_RECEIVED
categories: android.intent.category.DEFAULT

com.mix.kr.BootBroadcastReceiver
actions: android.intent.action.BOOT_COMPLETED, android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED, cn.gx3.notify, android.intent.action.USER_PRESENT
categories: android.intent.category.HOME

com.mix.kr.ConnectionChangeReceiver
actions: android.net.conn.CONNECTIVITY_CHANGE

com.mix.kr.LockReceiver
actions: android.app.action.DEVICE_ADMIN_ENABLED

com.mix.kr.PhoneListener
actions: android.intent.action.PHONE_STATE
categories: android.intent.category.DEFAULT

Code-related observations

The application does not load any code dynamically

The application contains reflection code

The application does not contain native code

The application does not contain cryptographic code

Application certificate information

Application bundle files

AndroidManifest.xml
Android's binary XML

META-INF/APKIDE.RSA
data

META-INF/APKIDE.SF
ASCII text, with CRLF line terminators

META-INF/MANIFEST.MF
ASCII text, with CRLF line terminators

assets/ShareSDKDevInfor.xml
XML document text

Interesting strings

저작자표시 비영리 변경금지 (새창열림)

ABOUT ME

infos infos