Clicky

Sunday, February 26, 2012

Android.Steek - back from the dead


File: appinventor.ai_joopdamen91.dont_thouch_lite.apk
MD5:  B9430D8CC42230938A353A4B3E4C92F3

File: appinventor.ai_rathiisarun.Ipad2App.apk
MD5:  92c76500a5126f11e392305424771fac

File: appinventor.ai_rathiisarun.XrayScanner.apk
MD5:  3e0ff9d85577e7aab8c3ab0771a87eb5

Sample Credits:     
with many thanks to Munaim Ramzan, February 24, 2012
Research:              
Appriva: Fraudulent Apps back form the dead by Haroon Malik

P.S. Some say this is not Android Steek

 Download all files - password infected



Virustotal

SHA256:     774bfd5bd3d53b38cbcfb8b70a925c62c8efd06650fab8a8a5fa0c9593c43496
SHA1:     9459aa6254b66234cef1d3210079fae08354fe42
MD5:     b9430d8cc42230938a353a4b3e4c92f3
File size:     1.6 MB ( 1723445 bytes )
File name:     appinventor.ai_joopdamen91.dont_thouch_lite-b9430d8cc42230938a353a4b3e4c92f3.apk
File type:     ZIP
Detection ratio:     1 / 43
Analysis date:     2012-02-26 17:20:58 UTC ( 0 minutes ago )

DrWeb     Android.SmsSend.247.origin     20120226


Virustotal
SHA256:     c14bcfe2ca6d6a00dfe00203f4b67f78f9d2bf9da5ce6828a13dba46cc68a580
SHA1:     4a0073cb41972a76bee99f77fbb8076a591eb7bd
MD5:     92c76500a5126f11e392305424771fac
File size:     1.3 MB ( 1353719 bytes )
File name:     appinventor.ai_rathiisarun.Ipad2App-92c76500a5126f11e392305424771fac.apk
File type:     ZIP
Detection ratio:     2 / 43
Analysis date:     2012-02-26 17:23:59 UTC ( 0 minutes ago )
DrWeb     Android.SmsSend.247.origin     20120226
VIPRE     Trojan.AndroidOS.Steek.a (v)     20120226


Virustotal
SHA256:     d0f7b83bab82b789988156ba98fd2316a41d68a7687a3c9e1122321c82f74292
SHA1:     3200f07817a3574b2e8eb0cbf5f15bae8fd2982d
MD5:     3e0ff9d85577e7aab8c3ab0771a87eb5
File size:     1.3 MB ( 1373854 bytes )
File name:     appinventor.ai_rathiisarun.XrayScanner-3e0ff9d85577e7aab8c3ab0771a87eb5.apk
File type:     ZIP
Detection ratio:     2 / 43
Analysis date:     2012-02-26 17:24:01 UTC ( 0 minutes ago )
DrWeb     Android.SmsSend.247.origin     20120226
VIPRE     Trojan.AndroidOS.Steek.a (v)     20120226



1 comment:

  1. b9430d8cc42230938a353a4b3e4c92f3 is different from the others, and is clean:
    https://market.android.com/details?id=appinventor.ai_joopdamen91.dont_thouch_lite

    ReplyDelete