Clicky

Pages

Tuesday, August 10, 2010

Trojan-SMS for Android

News
First SMS Trojan detected for smartphones running Android 
First Trojan for Android Phones Goes Wild

Technical write up
Donato "Ratsoul" Ferrante InReverse.net Dissecting Android Malware


Download Ru.apk   (pass infected)


SEE OTHER ANDROID MALWARE AT CONTAGIOMINIDUMP.BLOGSPOT.COM

 With many thanks to kind people from malwaredatabase.net

RU.apk
http://www.virustotal.com/file-scan/report.html?id=14ebc4e9c7c297f3742c41213938ee01fd198dd4f4a5f188bbbb6ffcf4db5f14-1281468088
Submission date:
2010-08-10 19:21:28 (UTC)
5 /41 (12.2%)
AntiVir     8.2.4.34     2010.08.10     TR/SMS.AndroidOS.A
DrWeb     5.0.2.03300     2010.08.10     Android.SmsSend.1
F-Secure     9.0.15370.0     2010.08.10     Trojan:Android/Fakeplayer.A
Kaspersky     7.0.0.125     2010.08.10     Trojan-SMS.AndroidOS.FakePlayer.a
VBA32     3.12.12.8     2010.08.10     Android.SmsSend.1
MD5   : fdb84ff8125b3790011b83cc85adce16
SHA1  : 1e993b0632d5bc6f07410ee31e41dd316435d997
SHA256: 14ebc4e9c7c297f3742c41213938ee01fd198dd4f4a5f188bbbb6ffcf4db5f14


classes.dex 
http://www.virustotal.com/file-scan/report.html?id=3ac25c787686082892d94d625e64355000aac27d4bd1ddf4ea06b4aed9e9aaaa-1281470565
6 /41 (14.6%)
AntiVir     8.2.4.34     2010.08.10     TR/SMS.AndroidOS.A
DrWeb     5.0.2.03300     2010.08.10     Android.SmsSend.1
F-Secure     9.0.15370.0     2010.08.10     Trojan:Android/Fakeplayer.A
Kaspersky     7.0.0.125     2010.08.10     Trojan-SMS.AndroidOS.FakePlayer.a
NOD32     5356     2010.08.10     Android.FakePlayer.A
VBA32     3.12.12.8     2010.08.10     Android.SmsSend.1
Additional information
Show all
MD5   : a386b4b56e3e5df95f75d3f816dd44fb


7 comments:

  1. Hello. Your protected archive is damaged. :(

    ReplyDelete
  2. You can check further analysis made by AegisLab. http://blog.lionic.com/index.php?op=ViewArticle&articleId=12&blogId=1

    ReplyDelete
  3. Anonymous, Archive is not damaged. Please try again and make sure you are using the correct password.

    Roger, thank you very much for your analysis

    ReplyDelete
  4. would it be possible for you to send me the password to arun.mrsincere@gmail.com??

    ReplyDelete
  5. would it be possible for you to send me the password to clydee@gmail.com

    ReplyDelete
  6. Hi, could you send me the password to mongo787@yahoo.com?

    Thanks

    ReplyDelete
  7. All - please email me if you need a password. Do not post this in comments. Thanks

    ReplyDelete