Android Oldboot Mouabad s

Android Oldboot Mouabad s



MD5 (GoogleKernel.apk) = 8e3dcff9ec301d450bbd46e44d5b1091
MD5 (_bootinfo) = 826493bca9ad7d33521001d1a74ce06f
MD5 (com.android.googledalvik.apk) = 2fcaeb78f945bee1512ca65cca2f21b4
MD5 (com.qq.assistant.apk) = e3ed5c6d2cffe6f37b809a1252bd805d
MD5 (imei_chk) = 41d8d39217ca3fe40a4722e544b33024
MD5 (libgooglekernel.so) = a0ec31f670bbdccb22f9a6ec36d5ac77

From Zihang (Claud) Xiao:
�imei_chk� is the main executable file under /sbin;
�_bootinfo� is the /sbin/.bootinfo config file which is needed for imei_chk�s running;
�GoogleKernel.apk" and �libgooglekernel.so� are two files dropped by the imei_chk;
�com.qq.assistant.apk� is the first variant, while �com.android.googledalvik.apk� is the second variant.
By manually adding imei_chk and .bootinfo to the /sbin directory in boot partition and modify init.rc, analyst could restore the whole attack.

Research: 360 Mobile: Oldboot: the first bootkit on Android by Zihang Xiao, Qing Dong, Hao Zhang and Xuxian Jiang


Also See: Mouabad.p - Pocket Dialing For Profit  (Lookout security) 


Sample Credit: Tim Strazzere (Lookout Security) and Claud Xiao (360 Mobile)


Download all the listed samples (new link)


https://www.virustotal.com/en/file/f0203c4a59f4b9e701276f0021112c65d7b70dd14b8b3f870412a6432d969097/analysis/
SHA256: f0203c4a59f4b9e701276f0021112c65d7b70dd14b8b3f870412a6432d969097
File name: 8e3dcff9ec301d450bbd46e44d5b1091.apk
Detection ratio: 2 / 48
Analysis date: 2014-01-17 19:47:46 UTC ( 8 hours, 53 minutes ago )
0 1
 Analysis
 File detail
 Additional information
 Comments 0
 Votes
Antivirus Result Update
McAfee Artemis!8E3DCFF9EC30 20140117
McAfee-GW-Edition Artemis!8E3DCFF9EC30 20140117


go to link download

Popular posts from this blog

DroidJack RAT Androrat Android Sample

Image
DroidJack RAT Androrat Android Sample Research: Symantec: DroidJack RAT: A tale of how budding entrepreneurism can turn to cybercrime Sample credit: Paul Burbage and Fran File: SandroRat.apk Size: 215839 MD5:  3BCCA99E4D99B4CF733D8EBB79D35782 Download. Email me if you need the password https://www.virustotal.com/en/file/48d25786b7512761ed561bb50de4c0bd8a19df0e5de2bc40cd9d84dddf11c16d/analysis/ SHA256: 48d25786b7512761ed561bb50de4c0bd8a19df0e5de2bc40cd9d84dddf11c16d File name: 48d25786b7512761ed561bb50de4c0bd8a19df0e5de2bc40cd9d84dddf11c16d Detection ratio: 18 / 54 Analysis date: 2014-12-19 08:17:29 UTC ( 1 day, 20 hours ago )  Behavioural information Antivirus Result Update Qihoo-360 Win32/Trojan.Spy.fb5 20141219 Baidu-International Trojan.AndroidOS.Sandr.aglz 20141218 NANO-Antivirus Trojan.Android.Zerat.dekxmy 20141219 Ikarus Spyware.AndroidOS.Kasandra 20141219 Kaspersky HEUR:Trojan-Spy.AndroidOS.Sandr.a 20141219 McAfee Artemis!3BCCA99E4D99 2014121...
Read more

Modern Combat 2 Black Pegasus apk data Free Download

Image
Modern Combat 2 Black Pegasus apk data Free Download modern combat 2 fix apk,Modern Combat 2: Black Pegasus apk download,this is the best gun shoot game for android Mobile phone and all android device for tablet. Modern Combat 2: Black Pegasus APK + DATA Android Game Download For Free Modern Combat 2: Black Pegasus apk:Download Modern Combat 2: Black Pegasus APK is a Action Game for Smartphone or Tablet, Download it for free in our website. Beside this one we have hundreds of other full versions of the best android games. the most beautiful world of James Cameron�s Avatar by using James Cameron�s Avatar HD application. Enjoy an epic journey of redemption and discover both decades to know how the first avatar came into exist . It is an awesome game with most addicting gameplay to engage you for endless hours. Feel like you are fighting with enemies in real time thanks to it�s full HD graphics. Modern Combat 2: Black Pegasus apk full game download links Modern Combat 2 Android game Fix a...
Read more

Notepad 6 6 8

Image
Notepad 6 6 8 Notepad++ is an open source text editor which has wide selection of advanced tools that are to be used not only by seasoned professionals who are demanding more oversight and control over their projects, but also for novices with small amount of technical knowledge who are seeking better alternative to the standard Notepad app that comes preinstalled with every version of Windows OS.  By managing to expand capabilities of Notepad, N++ manages to provide comprehensive professional tool that can be truly used by anyone who is in need of any sort of advanced text editing tool that is more focused not on general office productivity (there are many standalone solutions for those projects) but more oriented on coding and creation of plain text articles that don�t feature any formatting. First version of the Notepad++ was released in November of 2003, and it very quickly became popular all around the world by allowing professional software development community access to dee...
Read more