Report #1687 cancel

Binary
ABI
ELFOSABI_SYSV
Size
5.08KB
Type
ET_DYN
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
567a0e3abf562d76249600d85bc03d1d
sha1
a244d259dc6199dfcae1ae4e71a7ad872e867f9d
crc32
0x4992fb07
sha224
e6c4701594bc09c8c5b7e8a14f7e94b4f426c0c0a82069a4b0cd76c8
sha256
11e69c0b2e5d8ed179120c106325478c827b17e98698927748b2a61211acd6a4
sha384
a3f53eb1886135bad1233413480209cfd0a94d52f95537725c941dd7f624e71868410dde6fc1f6d0ce6083f017fbad98
sha512
891326ba8c623230632a032d6e1278f5829432e3858d24f056f3217f562b47e200960768a9cce6703f17f74b63cbd977785364ab30a2cc665b335aa57d38e465
ssdeep
48:SWc2bR4tWulwM517/hxsfqLlbfX6kINjsYT0At49xWZb:SWc2bR4tWaws17JxXbfXy5fd4HWZb
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
url, domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc

Password

Suspicious
False cancel
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs
libhello-jni.so, http://nfgergds.vicp.co/appHome/
Mails
fgjhnrtghb06@126.com
Suspicious
True check_circle
Strings
List
http://nfgergds.vicp.co/appHome/
fgjhnrtghb06@126.com
.note.gnu.gold-version
libm.so
libc.so
libdl.so
libhello-jni.so
.got.plt
.rel.plt
.rel.dyn
.hash
Java_com_gi_MainActivity_stringPassword
.comment
54rger454reg45
.dynamic
gold 1.10
.shstrtab
.eh_frame_hdr
.eh_frame
.fini_array
.init_array
__cxa_finalize
__cxa_atexit
.rodata
__stack_chk_fail
__bss_start
libstdc++.so
_edata
.dynstr
.dynsym
_end
.got
GCC: (GNU) 4.6 20120106 (prerelease)
Java_com_gi_MainActivity_stringIPBank
Java_com_gi_MainActivity_stringUser
Java_com_gi_MainActivity_stringIPNOBank
.data
.text
Q049Zm9haXNkamZpb2FzaixPVT1qaW9zZGZpYQ==
.bss

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .dynsym, .dynstr, .hash, .rel.dyn, .rel.plt, .plt, .text, .rodata, .eh_frame, .eh_frame_hdr, .fini_array, .init_array, .dynamic, .got, .got.plt, .data, .bss, .comment, .note.gnu.gold-version, .shstrtab
Number
21
Suspicious
False cancel
Segments
Number
7
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.6 20120106 (prerelease)
Identified
1
Suspicious
False cancel
Functions
List
, , __cxa_finalize, , __cxa_atexit, , __stack_chk_fail, , Java_com_gi_MainActivity_stringUser, , Java_com_gi_MainActivity_stringPassword, , Java_com_gi_MainActivity_stringIPBank, , Java_com_gi_MainActivity_stringIPNOBank, , _edata, , __bss_start, , _end,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x0
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
7
Offset
52
Section Header
Size
40
Number
21
Offset
4360
AVclass
wroba
1
VirusTotal
md5
567a0e3abf562d76249600d85bc03d1d
sha1
a244d259dc6199dfcae1ae4e71a7ad872e867f9d
SCANS (DETECTION RATE = 45.61%)
AVG
result: ELF:Wroba-C [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

CMC
update: 20170805
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20170807
version: 2017.6.26.1
detected: True check_circle

Bkav
update: 20170807
version: 1.3.0.9282
detected: False cancel

K7GW
update: 20170807
version: 10.20.24212
detected: False cancel

Avast
result: ELF:Wroba-C [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

Avira
result: ANDROID/Spy.Wroba.ownoo
update: 20170807
version: 8.3.3.4
detected: True check_circle

Baidu
update: 20170807
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170807
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20170807
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Variant.Trojan.Linux.Fakebank.1
update: 20170807
version: A:25.13734B:25.10170
detected: True check_circle

Panda
update: 20170807
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170803
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170807
version: 60118
detected: False cancel

Zoner
update: 20170807
version: 1.0
detected: False cancel

AVware
update: 20170807
version: 1.5.0.42
detected: False cancel

ClamAV
update: 20170807
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20170807
version: 27567
detected: True check_circle

F-Prot
update: 20170807
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Spy.AndroidOS.FakeBanker
update: 20170807
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/PWS-Banker
update: 20170807
version: 6.0.6.653
detected: True check_circle

Rising
update: 20170807
version: 25.0.0.1
detected: False cancel

Sophos
result: Andr/BankSpy-W
update: 20170807
version: 4.98.0
detected: True check_circle

Yandex
update: 20170801
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170806
version: 2.0.0.3355
detected: False cancel

Arcabit
result: Trojan.Trojan.Linux.Fakebank.1
update: 20170807
version: 1.0.0.817
detected: True check_circle

ViRobot
update: 20170807
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170807
version: 1.0.0.207
detected: False cancel

Ad-Aware
result: Gen:Variant.Trojan.Linux.Fakebank.1
update: 20170807
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Banker.Androidos!c
update: 20170807
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Trojan.Linux.Fakebank.1 (B)
update: 20170807
version: 4.0.1.883
detected: True check_circle

F-Secure
result: Gen:Variant.Trojan.Linux.Fakebank.1
update: 20170807
version: 11.0.19100.45
detected: True check_circle

Fortinet
update: 20170807
version: 5.4.247.0
detected: False cancel

Jiangmin
update: 20170807
version: 16.0.100
detected: False cancel

Kingsoft
update: 20170807
version: 2013.8.14.323
detected: False cancel

Symantec
result: Trojan.Gen.NPE.2
update: 20170807
version: 1.4.0.0
detected: True check_circle

nProtect
update: 20170807
version: 2017-08-07.02
detected: False cancel

AhnLab-V3
update: 20170807
version: 3.9.2.18278
detected: False cancel

Antiy-AVL
result: Trojan[Banker]/Android.Wroba.a
update: 20170807
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-Banker.AndroidOS.Wroba.a
update: 20170807
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Skeeyah.A!rfn
update: 20170807
version: 1.1.14003.0
detected: True check_circle

Qihoo-360
result: Win32/Trojan.77d
update: 20170807
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170806
version: 6.8.0.5.1813
detected: False cancel

ZoneAlarm
result: HEUR:Trojan-Banker.AndroidOS.Wroba.a
update: 20170807
version: 1.0
detected: True check_circle

ESET-NOD32
update: 20170807
version: 15873
detected: False cancel

TrendMicro
result: TROJ_GEN.R03KC0DH317
update: 20170807
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20170731
detected: False cancel

BitDefender
result: Gen:Variant.Trojan.Linux.Fakebank.1
update: 20170807
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20170807
version: 10.20.24214
detected: False cancel

Malwarebytes
update: 20170807
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170807
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170807
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.Mlw.eojjgo
update: 20170807
version: 1.0.94.18103
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Trojan.Linux.Fakebank.1
update: 20170807
version: 12.0.250.0
detected: True check_circle

SUPERAntiSpyware
update: 20170807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/PWS-Banker
update: 20170807
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R03KC0DH317
update: 20170807
version: 9.950.0.1006
detected: True check_circle

total
57
sha256
11e69c0b2e5d8ed179120c106325478c827b17e98698927748b2a61211acd6a4
scan_id
11e69c0b2e5d8ed179120c106325478c827b17e98698927748b2a61211acd6a4-1502107587
resource
567a0e3abf562d76249600d85bc03d1d
positives
26
scan_date
2017-08-07 12:06:27
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 87.05%
suspicious: False cancel
MLP
confidence: 86.52%
suspicious: False cancel
SVM
confidence: 81.39%
suspicious: False cancel