ThreatExpert Report: Trojan-Spy.AndroidOS.GlodEagl.a, Andr/GoldenE-A, Andr/GoldenE-A..

Submission Summary:

Submission details:

Submission received: 6 October 2012, 14:55:53
Processing time: 9 min 30 sec
Submitted sample:

File MD5: 0xDED31F723E456A49345D42EE3D5CB32A
File SHA-1: 0xE51A42EE0E2FC4B1577C63553495284B62E1233A
Filesize: 291,219 bytes
Alias:

Trojan-Spy.AndroidOS.GlodEagl.a [Kaspersky Lab]
Andr/GoldenE-A, Andr/GoldenE-A [Sophos]
Trojan-Spy.AndroidOS.GlodEagl [Ikarus]

Summary of the findings:

What's been found

Severity Level

Capability to send out email message(s) with the built-in SMTP client engine.

Technical Details:

File System Modifications

The following files were created in the system:

Filename(s)

File Size

File Hash

Alias

%Temp%\AndroidManifest.xml

6,176 bytes

MD5: 0x63A56DCFF12A5EAAA45CDE11620E9680
SHA-1: 0xF7842708BEACFF4CCD73C6470772F12F6B952B75

(not available)

%Temp%\classes.dex

577,772 bytes

MD5: 0x2692D5DE77EFF4767237959383827D8E
SHA-1: 0x1899A3AE03892A789C09BDBA204272F9911BC173

Android.Goldeneagle [Symantec]
Trojan-Spy.AndroidOS.GlodEagl.a [Kaspersky Lab]
Andr/GoldenE-A [Sophos]
Trojan-Spy.AndroidOS.GlodEagl [Ikarus]

%Temp%\com\sun\mail\dsn\mailcap

308 bytes

MD5: 0x82F797D7DCC9ACDD80525716F465BE29
SHA-1: 0xA352830FD25212D79445F62D2C36AF028A79498B

(not available)

%Temp%\dsn.mf

357 bytes

MD5: 0x9D61230F3455256D22351DBC6C342DC1
SHA-1: 0x65C9D44E94D80B84FB8370D0F0599E0B5D1A9A42

(not available)

%Temp%\javamail.charset.map

1,296 bytes

MD5: 0xAB2E19EC7EBD8B50E4715E5BFE0C7410
SHA-1: 0xE019D4D4740806426F88EE37B32D2E1A110CF15F

(not available)

%Temp%\javamail.default.address.map
%Temp%\javamail.smtp.address.map

12 bytes

MD5: 0xFBE316C00A93E82D16A04FA30EF2E108
SHA-1: 0x38301F4B7E2E46E4C1758CD828F069FB57AA1199

(not available)

%Temp%\javamail.default.providers

721 bytes

MD5: 0xC569BCCC1908A349F400339AC12549B4
SHA-1: 0x6E4923DEDF37E8E6490453BFFEEB114424E36785

(not available)

%Temp%\javamail.imap.provider

235 bytes

MD5: 0xDB2EF6CF54F2498BA3B38E9A26314F03
SHA-1: 0xCF91F9FE1A9D9D9AB353D42ECEA6E9442371A7BC

(not available)

%Temp%\javamail.pop3.provider

236 bytes

MD5: 0x9A8770ED87879A5E34301A37B0CAD16D
SHA-1: 0x5B315106AADFA457514D87F50C992A25BD8CEC1B

(not available)

%Temp%\javamail.smtp.provider

251 bytes

MD5: 0x7D1DBD60899090C7361AFE80D964F81A
SHA-1: 0xBFB7C0FD8BD7A41121FA1E6098CBEBE687A0FABF

(not available)

%Temp%\mailcap

720 bytes

MD5: 0x258341C7303CB61D00D690C38E07F8FE
SHA-1: 0xDC645F9F418C9C6959F761125027A8C2D9BAE9AD

(not available)

%Temp%\mailcap.default

292 bytes

MD5: 0x6B097CD00752FC9FE349D8A002A4129A
SHA-1: 0xBF5D8403C45171CA2E0EC328704E06CE0D31EAD1

(not available)

%Temp%\META-INF\CERT.RSA

776 bytes

MD5: 0x4A02D93F54E48AF92E76F9AD2AA925BF
SHA-1: 0xA2A76871D44C9C212A5AD6EA0394747D3C0594F2

(not available)

%Temp%\META-INF\CERT.SF

1,595 bytes

MD5: 0xC0ED11C52127838E868A15566E0D048A
SHA-1: 0xE58301AF84EC0830E44F506FFFFC710678977817

(not available)

%Temp%\META-INF\MANIFEST.MF

1,542 bytes

MD5: 0x6342FDE9CAD9D5349C3FD5A147064F5F
SHA-1: 0x1C743E617A82CFF8FD09427CA8CEDA7F87CC1B17

(not available)

%Temp%\mimetypes.default

581 bytes

MD5: 0x331DB016D0DDA7B270725D6831E53826
SHA-1: 0x15C469760142F4425B18AB81218707F6CCDF027D

(not available)

%Temp%\org\apache\harmony\awt\internal\nls\messages.properties

23,115 bytes

MD5: 0xA05C97A3FDD7B937FE66995A67039B7D
SHA-1: 0xBF05F32AB17A2F22B248F6E22750F587D3147785

(not available)

%Temp%\res\drawable-hdpi\icon.png

3,966 bytes

MD5: 0x9B617AA968B4D3A3ED988A9F186EAA81
SHA-1: 0x563FEA87193C89CF05134FE44FA137BE0449E261

(not available)

%Temp%\res\drawable-ldpi\icon.png

1,537 bytes

MD5: 0x5A66CA46C1273594F2A9F40B9E14A38B
SHA-1: 0x8BBBF16A8B28892FBD1F3281ED9808B1731844B6

(not available)

%Temp%\res\drawable-mdpi\icon.png

2,200 bytes

MD5: 0x7E65108CD720CFA64B88B7B9BF952619
SHA-1: 0xEC5B7F462AEDFA5FC9457D8A8C344449C75B0999

(not available)

%Temp%\res\layout\main.xml

640 bytes

MD5: 0x91C7957E6C407FA3BF934B2DF1219029
SHA-1: 0x42FB66E3D0DDD9A9C92B89E54953521771A986C4

(not available)

%Temp%\resources.arsc

1,288 bytes

MD5: 0x764539303A66C3916CDE9068E10850AF
SHA-1: 0xDADFB1161512B0AB2E0854F409EF771B46D0257C

(not available)

[file and pathname of the sample #1]

291,219 bytes

MD5: 0xDED31F723E456A49345D42EE3D5CB32A
SHA-1: 0xE51A42EE0E2FC4B1577C63553495284B62E1233A

Trojan-Spy.AndroidOS.GlodEagl.a [Kaspersky Lab]
Andr/GoldenE-A, Andr/GoldenE-A [Sophos]
Trojan-Spy.AndroidOS.GlodEagl [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\com
%Temp%\com\sun
%Temp%\com\sun\mail
%Temp%\com\sun\mail\dsn
%Temp%\META-INF
%Temp%\org
%Temp%\org\apache
%Temp%\org\apache\harmony
%Temp%\org\apache\harmony\awt
%Temp%\org\apache\harmony\awt\internal
%Temp%\org\apache\harmony\awt\internal\nls
%Temp%\res
%Temp%\res\drawable-hdpi
%Temp%\res\drawable-ldpi
%Temp%\res\drawable-mdpi
%Temp%\res\layout

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.