Home > Developer > Mobile Develop

201310-Android Collection user information sample Analysis-willj[4st TeAm]

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Report Updated on: 2013-10-14

Sample Discovery Date: 2013-01-22

Sample type: Android

Sample file size/infected file change length: 1.15 MB (1,209,713 bytes)

Sample file MD5 checksum value: 001769FD059D829A568B4196F07C6DF9

Shell information: None

Systems that may be compromised: Android OS

Known detection name: win32.backdoor.ginmaster.x

Willj

Introduction

The sample is a Trojan that pretends to be an Android game to steal user information, virus promotion app.

Detailed analysis/function introduction

Permissions are as follows:

Create Shortcut Com.android.launcher.permission.INSTALL_SHORTCUT

Gets information about the current or most recently run task Android.permission.GET_TASKS

Get a rough location (via WiFi base station) Android.permission.ACCESS_COARSE_LOCATION

Read WiFi network status Android.permission.ACCESS_WIFI_STATE

Read System log Android.permission.READ_LOGS

Display the System window Android.permission.SYSTEM_ALERT_WINDOW

Read network status (2G or 3G) Android.permission.ACCESS_NETWORK_STATE

Connection Network (2G or 3G) Android.permission.INTERNET

Write external memory (for example: SD card) Android.permission.WRITE_EXTERNAL_STORAGE

Read phone status Android.permission.READ_PHONE_STATE

Allow the device to vibrate Android.permission.VIBRATE

Related Server information analysis

Entrance:

1. Get basic information about your phone

Get the apps you've installed

Get phone IMEI

Get phone IMSI

Get System Log

Get IP Address

2. Download the Promotion app

Download the Promotion app via cloud configuration

3. Push Ads

4. Uploading User Information

5. Screen off start service

App Run

For simple Android Sample analysis can use Apktool and Dex2jar to decompile, basically can see Java-like source code, if some parts do the protection or NDK compiled, load so file, it depends on ARM assembly, today this sample is relatively simple, If there is a mistake in the place also please advise.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More