Post Reply

Suspicious Apk

OP Romansko

25th August 2014, 12:48 PM   |  #1  
Romansko's Avatar
OP Member
Behind you
Thanks Meter: 6
 
47 posts
Join Date:Joined: Nov 2013
More
Hello,

I hope this is the right forum to ask this question, if not please forgive me.

So I've downloaded this GPS Running pro APK in a magical way not from google play and I've scanned it. The risk rating was suspicious activity detected.

The results are long and a lot of blah blah blah. If you want, you can view it here:
http://apkscan.nviso.be/report/show/e16acb0537fa2a946d6eb3dfa334df32


I'll just copy the highlighted fields:
Code:
Virus Total scan results
VIPRE	Adware.AndroidOS.AirPush.a (v)
and
Code:
Information leakage
Network information leakage
Destination	178.250.2.115:80
Tag	TAINT_IMEI
Data (ASCII)	GET /API/androidevent.php?oursecret=runtastic89635jo&udid=357242043237511&androidID=3ffe1b97467e2dec
Data (RAW)	474554202f4150492f616e64726f69646576656e742e7068703f6f75727365637265743d72756e74617374696338393633356a6f26756469643d33353732343230343332333735313126616e64726f696449443d33666665316239373436376532646563
Operation	send
 	 
Destination	178.250.2.115:80
Tag	TAINT_IMEI
Data (ASCII)	GET /atrk/andrdapp?udid=357242043237511&androidID=3ffe1b97467e2dec&macAddress=&type=&storeAppID=&dev
Data (RAW)	474554202f6174726b2f616e6472646170703f756469643d33353732343230343332333735313126616e64726f696449443d33666665316239373436376532646563266d6163416464726573733d26747970653d2673746f726541707049443d26646576
Operation	send
 	 
SMS information leakage
No SMS information leakage detected.
File information leakage
Path	/data/data/com.runtastic.android.pro2/files/.flurrydatasenderblo
Operation	write
Tag	TAINT_IMEI
Data (ASCII)	�H�OOJZV9GLEJ12ZPKRTCWI2K5.1.2AND3ffe1b97467e2dec�W�T7������
Data (RAW)	001b000000000000000000000000000300efbfbd000001480cefbfbd4f4f00144a5a5639474c454a31325a504b5254435749324b0005352e312e32000200000013414e4433666665316239373436376532646563000500147fefbfbd5705efbfbd5437efbfbdefbfbd07efbfbdefbfbdefbfbd1719efbfbd
For the Adware thing, I guess the app push me ads but what the latest thing means? which Information gets leaked?

Is there a way going back If I've installed it?

Thank you guys,
appreciate it.
27th August 2014, 07:53 AM   |  #2  
Romansko's Avatar
OP Member
Behind you
Thanks Meter: 6
 
47 posts
Join Date:Joined: Nov 2013
More
No reply. *UP*
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools
Display Modes