Analysis Date2018-02-13 14:46:38
MD52209f974cb94e9363a85a8b6a30d565f
SHA1229f9d443d1d8a7202aa5d997df5cd4f0991a881

Static Details:

File typeDalvik dex file version 035
PEhash
AVArcabit (arcavir)No Virus
AVAuthentiumAndroidOS/SmsSpy.AB
AVGrisoft (avg)No Virus
AVAvira (antivir)Android/SmsForward.CH.Gen
AVAlwil (avast)SMForw-BR [Trj]
AVAd-AwareNo Virus
AVBitDefenderError Scanning File
AVBullGuardNo Virus
AVClamAVNo Virus
AVDr. WebAndroid.SmsSpy.706.origin - infected, incurable
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)No Virus
AVFortinetAndroid/SmForw.K!tr
AVFrisk (f-prot)No Virus
AVF-SecureTrojan:Android/SmsSend.XR
AVIkarusError Scanning File
AVK7No Virus
AVKasperskyTrojan-Spy.AndroidOS.SmForw.ct
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Android.SmsSpy.cxnjta
AVNANOTrojan.Android.SmsSpy.dqzmgp
AVEset (nod32)Android/SMForw.K
AVPadvishError Scanning File
AVCAT (quickheal)Android.SmForw.AT
AVRisingNo Virus
AV360 SafeTrojan.Android.Gen
AVSUPERAntiSpywareError Scanning File
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!Trojan.SmForw.Android.148

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\cmd.exe

Network Details:


Raw Pcap

Strings