Closed NikitinWork closed 1 year ago
So, this is an malware targeting reverse engineers?
Sorry - I'm not in this industry and last time I was told to download a hash - I realized I did not pay for the service that I could obtain it from. So I am just going to close this. I have no method to dig into this.
Sorry!
I will attach a link to a zip archive whose password is infected.
MALWARE (https://dropmefiles.com/V4ubJ)
Please do not run it on your device, only a virtual machine. It's also a bit protected from exploration, you'll have to hook the isDebuggerConnected()Z function with FRIDA if you want to debug it.
If you still have to download the hash sometime, then it's better to register on virustotal and get the file without paying money.
Information
apktool -version
) - last apktool_2.6.1Stacktrace/Logcat
Steps to Reproduce
java -jar apktool_2.6.1.jar d malware.apk
Frameworks
If this APK is from an OEM ROM (Samsung, HTC, LG). Please attach framework files (
.apks
that live in/system/framework
or/system/priv-app
)APK
This is a malware, please if you accidentally got into this problem do not download it. I will only fix the hash
606fb2fd5f3fcfa7abead87c92ae6df30b7be0cac1a1f7e511ca41f71e9ccc70
Questions to ask before submission
apktool d
,apktool b
without changing anything? - YepShort description
Problems I have encountered
How to fix the manifest
Fix the magic number
Fix the stylesOffset
Fix the stringCount
Result
Input
output