Clicky

Monday, July 9, 2012

Android KungFu variant


File: _pl.byq.new_19_1.2.5.apk
Size: 81995
MD5:  079455DE5891F7E1BB19017C77F1BEC0


File: _com.tebs3.cuttherope_6_1.1.5.apk
Size: 90311
MD5:  45F86E5027495DC33D168F4F4704779C

Credit: thanks to anonymous, July 9, 2012


Download (password infected)







https://www.virustotal.com/file/dc8ca477283c41ff8d4a2bb318f3a9aea426767c8c1e44bdb725ef5e63b65345/analysis/

SHA256: dc8ca477283c41ff8d4a2bb318f3a9aea426767c8c1e44bdb725ef5e63b65345
SHA1: 6564c212e42c61c7c0e622abb96d1fd0f7980014
MD5: 45f86e5027495dc33d168f4f4704779c
File size: 88.2 KB ( 90311 bytes )
File name: _com.tebs3.cuttherope_6_1.1.5.apk
File type: Android
Detection ratio: 18 / 42
Analysis date: 2012-06-13 07:17:13 UTC ( 3 weeks, 5 days ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120612
AntiVir - 20120613
Antiy-AVL Backdoor/AndroidOS.KungFu 20120613
Avast ELF:KungFu-I [Trj] 20120612
AVG - 20120612
BitDefender Android.Trojan.DroidKungFu.J 20120613
ByteHero - 20120612
CAT-QuickHeal - 20120613
ClamAV - 20120612
Commtouch - 20120613
Comodo UnclassifiedMalware 20120613
DrWeb Adware.Izp.origin 20120613
Emsisoft Backdoor.AndroidOS.KungFu!IK 20120613
eSafe - 20120612
F-Prot - 20120613
F-Secure Trojan:Android/DroidKungFu.H 20120613
Fortinet Android/DroidKungFu.KI!tr 20120613
GData Android.Trojan.DroidKungFu.J 20120613
Ikarus Backdoor.AndroidOS.KungFu 20120613
Jiangmin Backdoor/AndroidOS.ail 20120612
K7AntiVirus - 20120612
Kaspersky Backdoor.AndroidOS.KungFu.ki 20120613
McAfee - 20120613
McAfee-GW-Edition - 20120613
Microsoft - 20120607
NOD32 Android/DroidKungFu.U 20120612
Norman - 20120612
nProtect - 20120613
Panda - 20120612
PCTools - 20120613
Rising - 20120612
Sophos Andr/KongFu-M 20120613
SUPERAntiSpyware - 20120613
Symantec - 20120613
TheHacker - 20120612
TotalDefense - 20120612
TrendMicro AndroidOS_DROIDKUNGFU.CDE 20120613
TrendMicro-HouseCall AndroidOS_DROIDKUNGFU.CDE 20120612
VBA32 Backdoor.AndroidOS.KungFu.a 20120611
VIPRE Trojan.AndroidOS.DroidKungFu.e (v) 20120613
ViRobot - 20120613
VirusBuster - 20120612
Comments
Votes
Additional information
ssdeep
1536:dpnCPlys4JiS5jOauuzOuWf2hzMDLg0eQNWytVJIoL7509d+f9/2NVPe6JBtqk5Z:/p/D5jOTSoDLO8FuNXHtq4
TrID
Android Package (63.3%)
Java Archive (28.7%)
ZIP compressed archive (7.9%)
ExifTool
MIMEType.................: application/zip
ZipRequiredVersion.......: 20
ZipCRC...................: 0x8818ea23
FileType.................: ZIP
ZipCompression...........: Deflated
ZipUncompressedSize......: 803
ZipCompressedSize........: 457
ZipFileName..............: META-INF/MANIFEST.MF
ZipBitFlag...............: 0x0008
ZipModifyDate............: 2012:03:20 17:04:24
Androguard
activities...............:

MainActivity, ad.imadpush.com.poster.PosterInfoActivity

AndroidVersionCode.......: 6
receivers................: ad.imadpush.com.poster.ReceiverAlarm
Package..................: com.tebs3.cuttherope
AndroidVersionName.......: 1.1.5
riskindicator............: 35.2380952381

services.................:

com.airpuh.ad.UpdateCheck, ad.imadpush.com.poster.AlarmService

MinSdkVersion............: 4
TargetSdkVersion.........: None

permissions..............:

ACCESS_WIFI_STATE, READ_PHONE_STATE, ACCESS_NETWORK_STATE, INTERNET, ACCESS_COARSE_LOCATION

First seen by VirusTotal
2012-06-13 07:17:13 UTC ( 3 weeks, 5 days ago )
Last seen by VirusTotal
2012-06-13 07:17:13 UTC ( 3 weeks, 5 days ago )
File names (max. 25)
_com.tebs3.cuttherope_6_1.1.5.apk



https://www.virustotal.com/file/6c4aebf5043ea6129122ebf482366c9f7cb5fbe02e2bb776345d32d89b77a2e0/analysis/




SHA256: 6c4aebf5043ea6129122ebf482366c9f7cb5fbe02e2bb776345d32d89b77a2e0
SHA1: d1717ee0681d4fb01900aeefecae8844d3df1d76
MD5: 079455de5891f7e1bb19017c77f1bec0
File size: 80.1 KB ( 81995 bytes )
File name: _pl.byq.new_19_1.2.5.apk
File type: Android
Detection ratio: 18 / 42
Analysis date: 2012-07-04 05:19:31 UTC ( 5 days, 22 hours ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120703
AntiVir - 20120703
Antiy-AVL Backdoor/AndroidOS.KungFu 20120704
Avast ELF:KungFu-I [Trj] 20120703
AVG - 20120703
BitDefender Android.Trojan.DroidKungFu.J 20120704
ByteHero - 20120626
CAT-QuickHeal Exploit.DroidKungFu.D 20120704
ClamAV - 20120704
Commtouch - 20120704
Comodo UnclassifiedMalware 20120704
DrWeb Android.Gongfu.27 20120704
Emsisoft Backdoor.AndroidOS.KungFu!IK 20120704
F-Secure Trojan:Android/DroidKungFu.H 20120704
Fortinet Android/DroidKungFu.KI!tr 20120704
GData Android.Trojan.DroidKungFu.J 20120704
Ikarus Backdoor.AndroidOS.KungFu 20120704
Jiangmin Backdoor/AndroidOS.ail 20120704
K7AntiVirus - 20120703
Kaspersky Backdoor.AndroidOS.KungFu.ki 20120704
McAfee - 20120704
McAfee-GW-Edition - 20120704
Microsoft Trojan:Linux/DroidKrungFu.B 20120704
NOD32 Android/DroidKungFu.U 20120703
Sophos Andr/KongFu-M 20120704
TrendMicro AndroidOS_AIRPUSH.Y 20120704
TrendMicro-HouseCall AndroidOS_AIRPUSH.Y 20120703

Votes
Additional information
ssdeep
1536:rys4JiS5jOaNHReGUQA8ZVk5omL4ZxepMo56bjAroftc:m/D5jOR9kxcNMoIbw
TrID
Android Package (63.3%)
Java Archive (28.7%)
ZIP compressed archive (7.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool
MIMEType.................: application/zip
ZipRequiredVersion.......: 20
ZipCRC...................: 0xe44ceed4
FileType.................: ZIP
ZipCompression...........: Deflated
ZipUncompressedSize......: 759
ZipCompressedSize........: 427
ZipFileName..............: META-INF/MANIFEST.MF
ZipBitFlag...............: 0x0008
ZipModifyDate............: 2012:04:17 01:25:04
Androguard
activities...............:

pl.byq.new.AirblockerActivity, com.google.ads.AdActivity, com.millennialmedia.android.MMAdViewOverlayActivity, com.millennialmedia.android.VideoPlayer

AndroidVersionCode.......: 19
Package..................: pl.byq.new
AndroidVersionName.......: 1.2.5
riskindicator............: 51.1111111111
services.................: com.airpuh.ad.UpdateCheck
MinSdkVersion............: 6
TargetSdkVersion.........: None

permissions..............:

INTERNET, ACCESS_NETWORK_STATE, READ_PHONE_STATE

First seen by VirusTotal
2012-07-04 05:19:31 UTC ( 5 days, 22 hours ago )
Last seen by VirusTotal
2012-07-04 05:19:31 UTC ( 5 days, 22 hours ago )
File names (max. 25)
_pl.byq.new_19_1.2.5.apk

No comments:

Post a Comment