Report #3566 cancel

Binary
ABI
ELFOSABI_SYSV
Size
21.04KB
Type
ET_DYN
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
8327090dd418401aab0388e43865b424
sha1
eee95976d6dde85b5507c08fa6d9d97bf0a5abb1
crc32
0x5eee3ea9
sha224
a274ff8ed77da4fcab1388f48ace4ca5c8471f7dc966a19ea08a4a8f
sha256
3a5c7856b5d81c4dc3c9f1ebfcf321b48c9637aa551c40a1769c1c9b3c3a0a7c
sha384
a99ebfa858cb60599606992f88a58f50cb0fdf3c8c3d9589acc22075d4da70de8fcf847c9ed332ce4db5459840730297
sha512
4316ed41516a0cd8d130c39fbb445a1e4542fb8de97dfb01fd3566753a10c81ea974562c805574a1bf69ba2d62eaef0a6441f171e3db51fbca1c8a8354fd5b9d
ssdeep
384:LS0Oe/pggtlaMj5CA9+AmAS+S3NJ4l3dyz0:LfrBfvaQ559+AmZ+P3dyz
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc

Password

Suspicious
False cancel
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs
libandroid.so, libetzyrWRae.so
Mails

Suspicious
True check_circle
Strings
List
.note.gnu.gold-version
libc.so
liblog.so
libm.so
libdl.so
libandroid.so
libetzyrWRae.so
.got.plt
.rel.plt
.dat.jar
.rel.dyn
AAssetManager_open
getClassLoader
signatures
getPackageManager
_Z10installV23P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArrayS4_
_Z10installV19P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArrayS4_
_Z10installV14P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArrayS4_
_Z9installV4P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArray
SDK_INT
()Ljava/lang/ClassLoader;
fwrite
fopen
fread
hashCode
.hash
[Landroid/content/pm/Signature;
()Landroid/content/res/AssetManager;
()Landroid/content/pm/PackageManager;
AAssetManager_fromJava
.comment
_Z9make_namePKcS0_
AAsset_read
AAsset_close
java/util/Arrays
java/util/ArrayList
java/lang/String
.dynamic
AAsset_getLength
gold 1.11
java/io/File
java/util/zip/ZipFile
Ljava/lang/String;
.shstrtab
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
__cxa_finalize
[Ljava/io/File;
makeDexElements
__cxa_atexit
dexElements
.rodata
__stack_chk_fail
getPackageName
getPackageInfo
Bad content.
makePathElements
__bss_start
libstdc++.so
Null params.
Array is null.
getAbsolutePath
Context is null.
getAssets
<init>
toString
pathList
loadDex
_edata
.dynsym
.dynstr
getDir
mFiles
asList
append
outdex
exists
mPaths
mDexs
.got
_end
.dat
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
_ZN7_JNIEnv17CallBooleanMethodEP8_jobjectP10_jmethodIDz
_ZN7_JNIEnv16CallObjectMethodEP8_jobjectP10_jmethodIDz
_ZN7_JNIEnv13CallIntMethodEP8_jobjectP10_jmethodIDz
_Z23get_extra_path_entitiesP7_JNIEnvP8_jobjectPKc
_Z23create_empty_array_listP7_JNIEnv
_Z18expand_field_arrayP7_JNIEnvP8_jobjectPKcS4_S4_P13_jobjectArray
_Z22utils_copy_from_assetsP7_JNIEnvP8_jobjectPKcS4_
_Z17create_array_listP7_JNIEnvP13_jobjectArray

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .dynsym, .dynstr, .hash, .rel.dyn, .rel.plt, .plt, .text, .rodata, .eh_frame, .eh_frame_hdr, .fini_array, .init_array, .dynamic, .got, .got.plt, .data, .bss, .comment, .note.gnu.gold-version, .shstrtab
Number
21
Suspicious
False cancel
Segments
Number
7
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.8
Identified
1
Suspicious
False cancel
Functions
List
, , __cxa_finalize, , __cxa_atexit, , __stack_chk_fail, , _ZN7_JNIEnv16CallObjectMethodEP8_jobjectP10_jmethodIDz, , _ZN7_JNIEnv13CallIntMethodEP8_jobjectP10_jmethodIDz, , _Z15unpacker_unpackPvPj, , _Znaj, , memcpy, , _Z13unpacker_initP7_JNIEnvP7_jclassP8_jobject, , _Z22utils_get_package_nameP7_JNIEnvP8_jobject, , _Z19utils_throw_by_nameP7_JNIEnvPKcS2_, , Java_com_digitalborder_webappessentials_etzyrWRae_snfYHzTRd, , _Z14utils_load_rawPKcPj, , fopen, , fseek, , ftell, , fread, , fclose, , _Z14utils_save_rawPKcPvj, , fwrite, , _Z22utils_copy_from_assetsP7_JNIEnvP8_jobjectPKcS4_, , AAssetManager_fromJava, , AAssetManager_open, , AAsset_getLength, , AAsset_read, , _ZdaPv, , AAsset_close, , _Z29utils_java_string_to_c_stringP7_JNIEnvP8_jstring, , strlen, , strcpy, , _Z21utils_get_sdk_versionP7_JNIEnv, , _Z21utils_context_get_dirP7_JNIEnvP8_jobjectPKci, , _Z9make_namePKcS0_, , _ZN7_JNIEnv9NewObjectEP7_jclassP10_jmethodIDz, , _ZN7_JNIEnv17CallBooleanMethodEP8_jobjectP10_jmethodIDz, , _ZN7_JNIEnv22CallStaticObjectMethodEP7_jclassP10_jmethodIDz, , _Z28string_builder_append_stringP7_JNIEnvP8_jobjectS2_, , _Z26string_builder_append_charP7_JNIEnvP8_jobjectc, , _Z24string_builder_to_stringP7_JNIEnvP8_jobject, , _Z21create_string_builderP7_JNIEnvP8_jobject, , _Z15create_zip_fileP7_JNIEnvP8_jobject, , _Z11create_fileP7_JNIEnvP8_jobjectS2_, , _Z8load_dexP7_JNIEnvP8_jobjectS2_i, , _Z9findFieldP7_JNIEnvP7_jclassPKcS4_, , _Z19findFieldByInstanceP7_JNIEnvP8_jobjectPKcS4_, , _Z18expand_field_arrayP7_JNIEnvP8_jobjectPKcS4_S4_P13_jobjectArray, , _Z17create_array_listP7_JNIEnvP13_jobjectArray, , _Z23create_empty_array_listP7_JNIEnv, , _Z10installV23P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArrayS4_, , _Z10installV19P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArrayS4_, , _Z10installV14P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArrayS4_, , _Z9installV4P7_JNIEnvP7_jclassP8_jobjectP13_jobjectArray, , _Z23get_extra_path_entitiesP7_JNIEnvP8_jobjectPKc, , _Z14prepare_entityP7_JNIEnvP8_jobjectS2_, , Java_com_digitalborder_webappessentials_etzyrWRae_szvmWkOCK, , _edata, , __bss_start, , _end,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x0
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
7
Offset
52
Section Header
Size
40
Number
21
Offset
20708
AVclass
mobidash
1
VirusTotal
md5
8327090dd418401aab0388e43865b424
sha1
eee95976d6dde85b5507c08fa6d9d97bf0a5abb1
SCANS (DETECTION RATE = 20.69%)
AVG
update: 20170807
version: 8.0.1489.320
detected: False cancel

CMC
update: 20170805
version: 1.1.0.977
detected: False cancel

MAX
update: 20170807
version: 2017.6.26.1
detected: False cancel

Bkav
update: 20170807
version: 1.3.0.9282
detected: False cancel

K7GW
update: 20170807
version: 10.20.24212
detected: False cancel

ALYac
update: 20170807
version: 1.1.1.2
detected: False cancel

Avast
update: 20170807
version: 8.0.1489.320
detected: False cancel

Avira
update: 20170807
version: 8.3.3.4
detected: False cancel

Baidu
update: 20170807
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170807
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20170807
version: 7.0.28.2020
detected: False cancel

GData
update: 20170807
version: A:25.13734B:25.10170
detected: False cancel

Panda
update: 20170807
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170803
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170807
version: 60118
detected: False cancel

Zoner
update: 20170807
version: 1.0
detected: False cancel

AVware
update: 20170807
version: 1.5.0.42
detected: False cancel

ClamAV
update: 20170807
version: 0.99.2.0
detected: False cancel

Comodo
update: 20170807
version: 27567
detected: False cancel

F-Prot
update: 20170807
version: 4.7.1.166
detected: False cancel

Ikarus
result: PUA.AndroidOS.Mobidash
update: 20170807
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Ransom
update: 20170807
version: 6.0.6.653
detected: True check_circle

Rising
update: 20170807
version: 25.0.0.1
detected: False cancel

Sophos
result: Generic PUA OO (PUA)
update: 20170807
version: 4.98.0
detected: True check_circle

Yandex
update: 20170801
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170806
version: 2.0.0.3355
detected: False cancel

Arcabit
update: 20170807
version: 1.0.0.817
detected: False cancel

Tencent
update: 20170807
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20170807
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170807
version: 1.0.0.207
detected: False cancel

Ad-Aware
update: 20170807
version: 3.0.3.1010
detected: False cancel

AegisLab
update: 20170807
version: 4.2
detected: False cancel

Emsisoft
update: 20170807
version: 4.0.1.883
detected: False cancel

F-Secure
update: 20170807
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20170807
version: 5.4.247.0
detected: False cancel

Jiangmin
update: 20170807
version: 16.0.100
detected: False cancel

Kingsoft
update: 20170807
version: 2013.8.14.323
detected: False cancel

Symantec
update: 20170807
version: 1.4.0.0
detected: False cancel

nProtect
update: 20170807
version: 2017-08-07.02
detected: False cancel

AhnLab-V3
update: 20170807
version: 3.9.2.18278
detected: False cancel

Antiy-AVL
result: Trojan[Dropper]/Android.Agent.dm
update: 20170807
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: not-a-virus:HEUR:AdWare.AndroidOS.Mobidash.o
update: 20170807
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Ransom:AndroidOS/LockScreen!rfn
update: 20170807
version: 1.1.14003.0
detected: True check_circle

Qihoo-360
result: Win32/Virus.Adware.779
update: 20170807
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170806
version: 6.8.0.5.1813
detected: False cancel

ZoneAlarm
result: not-a-virus:HEUR:AdWare.AndroidOS.Mobidash.o
update: 20170807
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Android/AdDisplay.MobiDash.X potentially unwanted
update: 20170807
version: 15873
detected: True check_circle

WhiteArmor
update: 20170731
detected: False cancel

BitDefender
update: 20170807
version: 7.2
detected: False cancel

K7AntiVirus
update: 20170807
version: 10.20.24214
detected: False cancel

Malwarebytes
update: 20170807
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170807
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170807
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.AdDisplay.epfkiz
update: 20170807
version: 1.0.94.18103
detected: True check_circle

MicroWorld-eScan
update: 20170807
version: 12.0.250.0
detected: False cancel

SUPERAntiSpyware
update: 20170807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Ransom
update: 20170807
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: Ransom_LockScreen.R03KC0DH317
update: 20170807
version: 9.950.0.1006
detected: True check_circle

total
58
sha256
3a5c7856b5d81c4dc3c9f1ebfcf321b48c9637aa551c40a1769c1c9b3c3a0a7c
scan_id
3a5c7856b5d81c4dc3c9f1ebfcf321b48c9637aa551c40a1769c1c9b3c3a0a7c-1502107746
resource
8327090dd418401aab0388e43865b424
positives
12
scan_date
2017-08-07 12:09:06
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 60.66%
suspicious: True check_circle
MLP
confidence: 62.56%
suspicious: True check_circle
SVM
confidence: 75.01%
suspicious: True check_circle