B4A Library PhoneSensors2 - sensor events with timestamp

Attachments

  • PhoneSensors2-1.11.zip
    3.6 KB · Views: 267
G

GCOINC

Guest
I am wondering why I am getting reports of 'virus' on virustotal ? results on my compile with the same sensors project below.

Also, on compile I see no permissions whatsoever however the report details MMS Send and a few other shifty information... any clue? API level perhaps.


B4X:
The file being studied is Android related! APK Android file more specifically. The application's main package name is anywheresoftware.b4a.samples.sensors. The internal version number of the application is 1. The minimum Android API level for the application to run (MinSDKVersion) is 4.
Risk summary
The studied DEX file makes use of API reflection
Permission-related API calls
WRITE_SETTINGS
Landroid/media/RingtoneManager;->setActualDefaultRingtoneUri(Landroid/content/Context; I Landroid/net/Uri;)V called from Lanywheresoftware/b4a/phone/RingtoneManagerWrapper;->SetDefault(I Ljava/lang/String;)V
INTERNET
Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V called from Lanywheresoftware/b4a/objects/WebViewWrapper;->innerInitialize(Lanywheresoftware/b4a/BA; Ljava/lang/String; Z)V
SEND_SMS
Landroid/telephony/SmsManager;->getDefault()Landroid/telephony/SmsManager; called from Lanywheresoftware/b4a/phone/Phone$PhoneSms;->Send2(Ljava/lang/String; Ljava/lang/String; Z Z)V
Landroid/telephony/SmsManager;->sendTextMessage(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V called from Lanywheresoftware/b4a/phone/Phone$PhoneSms;->Send2(Ljava/lang/String; Ljava/lang/String; Z Z)V
VIBRATE
READ_LOGS
Ljava/lang/Runtime;->exec([Ljava/lang/String;)Ljava/lang/Process; called from Lanywheresoftware/b4a/phone/Phone$LogCat$1;->run()V
Ljava/lang/Runtime;->exec(Ljava/lang/String;)Ljava/lang/Process; called from Lanywheresoftware/b4a/phone/Phone;->Shell(Ljava/lang/String; [Ljava/lang/String; Ljava/lang/StringBuilder; Ljava/lang/StringBuilder;)I
Ljava/lang/Runtime;->exec([Ljava/lang/String;)Ljava/lang/Process; called from Lanywheresoftware/b4a/phone/Phone;->Shell(Ljava/lang/String; [Ljava/lang/String; Ljava/lang/StringBuilder; Ljava/lang/StringBuilder;)I
READ_CONTACTS
READ_PHONE_STATE
Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String; called from Lanywheresoftware/b4a/phone/Phone$PhoneId;->GetDeviceId()Ljava/lang/String;
Landroid/telephony/TelephonyManager;->getLine1Number()Ljava/lang/String; called from Lanywheresoftware/b4a/phone/Phone$PhoneId;->GetLine1Number()Ljava/lang/String;
Landroid/telephony/TelephonyManager;->getSimSerialNumber()Ljava/lang/String; called from Lanywheresoftware/b4a/phone/Phone$PhoneId;->GetSimSerialNumber()Ljava/lang/String;
WAKE_LOCK
Landroid/media/MediaPlayer;->start()V called from Lanywheresoftware/b4a/objects/MediaPlayerWrapper;->Play()V
Landroid/os/PowerManager;->newWakeLock(I Ljava/lang/String;)Landroid/os/PowerManager$WakeLock; called from Lanywheresoftware/b4a/phone/Phone$PhoneWakeState;->KeepAlive(Lanywheresoftware/b4a/BA; Z)V
Landroid/os/PowerManager;->newWakeLock(I Ljava/lang/String;)Landroid/os/PowerManager$WakeLock; called from Lanywheresoftware/b4a/phone/Phone$PhoneWakeState;->PartialLock(Lanywheresoftware/b4a/BA;)V
Landroid/os/PowerManager$WakeLock;->acquire()V called from Lanywheresoftware/b4a/phone/Phone$PhoneWakeState;->KeepAlive(Lanywheresoftware/b4a/BA; Z)V
Landroid/os/PowerManager$WakeLock;->acquire()V called from Lanywheresoftware/b4a/phone/Phone$PhoneWakeState;->PartialLock(Lanywheresoftware/b4a/BA;)V
Landroid/os/PowerManager$WakeLock;->release()V called from Lanywheresoftware/b4a/phone/Phone$PhoneWakeState;->ReleaseKeepAlive()V
Landroid/os/PowerManager$WakeLock;->release()V called from Lanywheresoftware/b4a/phone/Phone$PhoneWakeState;->ReleasePartialLock()V

AntivirusResultUpdate
ClamAVAndr.Trojan.Locker20150124
NANO-AntivirusTrojan.Android.Leadbolt.dkpmda20150124

////////////////////////


Andrubis - Analysis Report
http://anubis.iseclab.org/?action=result&task_id=1dafe97b4acfaa68491ffcc58dfd94be6&format=html

B4X:
- General information about this Android application   
Filename:    Sensors.apk
MD5:    e7363c80344a83af53456f2a9e95ad25
SHA-1:    233c15aa1bda453bb2b8c5c09e497b8fe748e358
File Size:    131365 Bytes
API Level:    4
Maliciousness Rating:    1.10692 (0: likely benign, 10: likely malicious)

Static Analysis Report

     - Activities   
anywheresoftware.b4a.samples.sensors.main
intent-filter action:    android.intent.action.MAIN
intent-filter category:    android.intent.category.LAUNCHER

     - Used Features   
android.hardware.touchscreen
android.hardware.screen.portrait

Dynamic Analysis Report

     - File operations   
Timestamp    Operation    Path
12.331    read    /data/data/com.android.music/shared_prefs/Music.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="queue"></string> <int name="curpos" value="-1" /> <int name="cardid" value="-1" /> <int name="shufflemode" value="0" /> <int name="repeatmode" value="0" /> </map>
46.330    write    /dev/input/event0|
............
51.332    write    /dev/input/event0|
.....9...
57.330    write    /dev/input/event0|
............
66.332    write    /dev/input/event0|
.....9...
70.329    write    /dev/input/event0|
............
75.330    read    /data/data/com.android.mms/shared_prefs/_has_set_default_values.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="_has_set_default_values" value="true" /> </map>
75.330    read    /data/data/com.android.mms/shared_prefs/com.android.mms_preferences.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="pref_key_ringtone">content://settings/system/notification_sound</string> <boolean name="pref_key_auto_delete" value="true" /> <boolean name="checked_message_limits" value="true" /> <boolean name="pref_key_mms_auto_retrieval" value="true" /> <string name="pref_key_vibrateWhen">never</string> <boolean name="pref_key_enable_notifications" value="true" /> </map>

     - Started Services   
Timestamp    Service Name
.333    com.android.vending.util.WorkService
1.331    com.android.vending.util.WorkService
12.331    com.android.music.MediaPlaybackService
12.331    com.android.music.MediaPlaybackService
13.332    com.android.music.MediaPlaybackService
13.332    com.android.music.MediaPlaybackService
13.332    com.android.music.MediaPlaybackService
14.330    com.android.music.MediaPlaybackService
16.331    com.android.music.MediaPlaybackService
17.332    com.android.music.MediaPlaybackService
37.329    com.android.music.MediaPlaybackService
37.329    com.android.music.MediaPlaybackService
75.330    com.android.mms.transaction.SmsReceiverService
76.330    com.android.mms.transaction.SmsReceiverService
 

Attachments

  • Sensors.zip
    406.7 KB · Views: 144
Last edited by a moderator:
Top