Clicky

Saturday, October 22, 2011

Geinimi - com.feasy.jewels.Gel


File name:         
com.feasy.jewels.Bears

MD5:                543e9d86dd28005342a3313bdc588009
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - Banking Trojan www.ipay.com.cn


MD5:                    3374d6322542d6aec9d319df335215e5
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Geinimi - Armored Strike


Name:                Armored Strike
File Name:         com.requiem.armoredStrike.apk
MD5:                 5d27c7d0c5630f4c7a8b7a8f45512f09
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Geinimi - MetroXing Chinese metro maps

 
Name:              com.etagmedia.metro.apk   Beijing, Guangzhou, Shanghai, Shenzhen  - metro maps
MD5:              54fad8426e03a05279223173ec7d2fe2
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


PJApps.A - Mail/FTP app

    
MD5:                      de759e9fdb3ec577d753ff240fc91a13
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011




Geinimi - Kosenkov Protector


Name:
               com.kosenkov.protector.
MD5:                404fd6f9113870d1b6e63dcd23cfe206
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

PJApps - Fingerprint Screensaver


Name:
               Fingerprint Screensaver 
MD5:                 722da6cdfa8bac482c9c6be105b0ff2a
File Name:        com.jiubang.screenguru.apk
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011

Geinimi - Shopper 's Paradise

 
Name:               com.sgg.sp.ShoppersParadise.apk
MD5:                ea80ae4c4a17e8608e0fc7d6e34bf37e
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Root Exploit - ITFUNZ Lotoor

 
Name:               ITFUNZ 
MD5:          951c8a2efbe2acafeb351525d5bd52e2
MD5:          81614d2c1175ee32a6967d13630be8a9
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download 951c8a2efbe2acafeb351525d5bd52e2 (password infected)
Download  81614d2c1175ee32a6967d13630be8a9 (password infected)

or Download an archive with all the files donated on Oct. 21. 2011




PJApps.A - Mediaplayer - SMS-Trojan

 
Name:                Mediaplayer (goes under different names)
MD5:                c05d4ff1a80f18ba9d8a86afd88bc05d
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011  
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



some other related apps might be here

http://www.webgameboy.com/HTC-T5252/xiazai-14864.html

Related research: Cryptography for mobile malware obfuscation Axelle Apvrille


Kmin - Wallpaper Changer- Infostealer


MD5:          
   231696ffdf8d00c9d09af7fb85b4991d
MD5:                 be63349846165811da4e3444c5d15dea
MD5:                  2289293578008531755462e4e88afc17

MD5:                  8a0c4006157c766a08c313fa2143f1fe
MD5:                  3284493FB26FFCE5A1C23AF6B2383B6D
MD5:                  b5444e6c3c8376f7d2eccb974f31c7c3
MD5:                 b1c866ff733a3cb89bc101878e41523e
MD5:                  0f182524c0fe8ff999bfa3d63c9a9e97



Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011 


  1. Download  231696ffdf8d00c9d09af7fb85b4991d (password infected)
  2. Download be63349846165811da4e3444c5d15dea (password infected) 
  3. Download 2289293578008531755462e4e88afc17 (password infected) 
  4. Download 8a0c4006157c766a08c313fa2143f1fe (password infected) 
  5. Download 3284493FB26FFCE5A1C23AF6B2383B6D (password infected) 
  6. Download b5444e6c3c8376f7d2eccb974f31c7c3 (password infected)
  7. Download  b1c866ff733a3cb89bc101878e41523e (password infected)
  8. Download 0f182524c0fe8ff999bfa3d63c9a9e97 (password infected)

or Download an archive with all the files donated on Oct. 21. 2011


It appears data is going to http://su.5k3g.com/portal/m/c5/0.ashx

Friday, October 21, 2011

Geinimi-A BS2010


Name:             BS2010  
File Name:        com.gamevil.bs2010.BS2010
MD5:             0da3484a20c85c0489fea8f53316b53c
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Geinimi-B - GoldenMiner

 
Name:                 GoldMiner   
File Name:         com.handcn.GoldMiner.free.GoldMiner
MD5:                025a55c1bcbd3be2ca03aa314ce9a4c2
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011


BaseBridge-C

 
Name:                    Basebridge - C
File Name:           
  com.sec.android.bridge
MD5:                   
b6847521b548b806cf5e4f71b687ec26



Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Android Local Root Exploit - Lotoor - App2card

 
Name:                    Lotoor
File Name:         com.aps.hainguyen273.app2card  
  
MD5:                  
AFD12639E21C1884D33737ABA0BC43EE
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


PJApps.B - Girl Mahjong Android

 
Name:                    App2SD
File Name:           
  com.rainbow.FMaj
MD5:                     
8353cad68f4d2b443b33bb2f32f2412d
MD5:                      89BB300CC1BF0B27C582327588EA7377
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 

Download 8353cad68f4d2b443b33bb2f32f2412d (password infected)
Download 89BB300CC1BF0B27C582327588EA7377  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Kmin-B - App2SD for Android

 
Name:                    App2SD
File Name:           
  com.aps.hainguyen273.app2card.apk
MD5:                    
9783aa70949043bb7aaa205a31b42022
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 



Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Wednesday, October 19, 2011

Battery Doctor Android scareware/infostealer

 
Name:                    Battery Doctor scareware/infostealer
File Name:            
BatteryDoctor.apk
MD5:                    
DF4595EE727706D2CFDB7C9A1FE9E079
Sample Credits:     many thanks to Sanjay, October 18, 2011
Research:             
Sleazy Ads on Android Devices Push Bogus 'Battery Upgrade' Warnings Tom Spring, PCWorld

Download  (pass infected)

Monday, October 17, 2011

Android anserverbot malware Anserver.apk + payload b.apk


Name:                   Payload of the Android anserverbot malware - b.apk and 002f537027830303e2205dd0a6106cb1b79fa704(AnserverBot).apk
File Name:            b.apk decoded from  from http://blog.sina.com.cn/s/blog_8440ab780100t0nf.html
MD5:                    
164A147B663248558E4B6A287A429139
Sample Credits:     many thanks to Madalina Baltatu October 17, 2011
Research:             
NetQuin A Technical Analysis of the AnserverBot Trojan

Download b.apk  (pass infected)

Download Anserverbot.apk  pass infected

Thursday, October 13, 2011

Fake Netxflix - Android trojan info stealer


Name:                    Fake NetFlix
File Name:            
com.netflix.mediaclient-1w.apk
MD5:                    
83C6414C9C7964F4FB88E0D2477C20E4
Sample Credits:     many thanks to Sanjay, October 13, 2011
Research:             
Symantec blog: Will Your Next TV Manual Ask You to Run a Scan Instead of Adjusting the Antenna?

Download  (password infected)