Dishonest.biz: Forum

Main => International Scams => Topic started by: greentara on December 31, 2017, 09:50:41 PM

Title: Android app: Blackmart Alpha [Certified Malware]
Post by: greentara on December 31, 2017, 09:50:41 PM
(http://dishonest.biz/forum/images/Certified%20MalwareVirusWormSpyware.png)


Source: http://www.blackmart.us/comment-page-24/#comment-75778
(http://dishonest.biz/forum/images/Blackmart%20Alpha%20Malware.png)

"Blackmart Alpha

Blackmart Alpha is a market alternative to the Google Play Store for tablets and smartphones with Android operating system, from Blackmart you can download many applications, without the need to have an account and Google without the need for any kind of registration.
Blackmart Alpha: Functions

This market is very simple to use and offers many features to be able to download many applications.

On this market all applications are available for free download on the market Blackmart there is no application “trial” or “test”, there are only complete applications and free.

The Google Play Store is a very comprehensive market offers a number of applications, but unfortunately on Google Play Store, there are many paid apps and some are not often available for download on select smartphones or tablets even though they might be compatible.

On Blackmart this problem is not there, just download the application and try it, there are no limitations.

Its market is very intuitive and has functions for the custom search application.

Blackmart Alpha: technical prescriptions

Blackmart Alpha is an excellent substitute for the Google Play Store, being in possession of a multi-language selection is suitable for any user of any country.

Blackmart Alpha also has the following features that concernano operation:


Blackmart Alpha contains numerous applications, and you can choose them browsing by category or by searching by a specific department.

Blackmart Alpha is always updated with the latest App published on the web in order to provide all users of the world an experience compatibilitò 360 ° on your Android device.
 
Blackmart Alpha: Installation

To install this alternative Android Market on Android smartphones and tablets, in most cases need to go to the settings menu, select “unknown sources” and check the box.

In this way the market as an alternative to Google Play Store (Blackmart) can be installed.

This problem in the Android arises when you try to install an application that is not from the original market (Google), so by default the box for “Unknown Sources” is not checked, then it is advisable to dull not to have more problems with the installation of applications from unknown sources such as Blackmart Alpha.
 
Blackmart Alpha: Information

Blackmart Alpha has many applications, but unlike the Google Play Store fail to appear only the applications that are compatible with your system and model of your smartphone or tablet.

In some cases, applications downloaded from this market alternative to the Google Play Store may not be compatible with your system, therefore you can not run them and use them.

Fortunately, the market Blackmart some applications are available in multiple versions, so if an application is not compatible, it is recommended scaricarne another version and then if you need to upgrade from within the app."
Title: Re: Android app: Blackmart Alpha [Certified Malware]
Post by: greentara on December 31, 2017, 09:58:20 PM
Source: https://www.virustotal.com/en/file/56e5e9b1ad9756a442ed037f3d85e204832595bd02a1f5c8fc5ce6a442fb2001/analysis/

(https://virustotalcloud.appspot.com/static/img/logo-small.png)  (https://www.virustotal.com/en/)
SHA256: 56e5e9b1ad9756a442ed037f3d85e204832595bd02a1f5c8fc5ce6a442fb2001
File name:blackmart_apk.apk
Detection ratio: 16 / 62
Analysis date: 2017-12-30 10:10:34 UTC ( 1 day, 3 hours ago )

 
 (https://chart.googleapis.com/chart?chs=120x60&cht=gom&chco=d60c1A,379f32&chds=-100,100&chd=t:-43)


 
 
 
 

[th] Antivirus [/th]
 
[th] Result [/th]
 
[th] Update [/th]
 
AegisLab Adwareare.Andr.Airpush.O!c 20171230
Antiy-AVL Trojan/Android.TSGeneric 20171230
Avira (no cloud) ADWARE/ANDR.Airpush.O.Gen 20171229
CAT-QuickHeal Android.Airpush.J (AdWare) 20171230
ClamAV Andr.Malware.Agent-1462989 20171230
Cyren ZIP/Trojan.DNXL-8 20171230
DrWeb Adware.Airpush.31.origin 20171230
ESET-NOD32 a variant of Android/AdDisplay.AirPush.P potentially unwanted 20171230
Fortinet Android/Generic.Z.4732E2!tr 20171230
Ikarus PUA.AndroidOS.AirPush 20171230
McAfee Artemis!82A215E6FE0A 20171230
NANO-Antivirus Trojan.Android.Airpush.eenoit 20171230
Symantec Trojan.Gen.2 20171229
Tencent a.gray.mfpad 20171230
TrendMicro-HouseCall Suspicious_GEN.F47V0912 20171230
WhiteArmor PUP.HighConfidence 20171226
Ad-Aware 20171225
AhnLab-V3 20171230
Alibaba 20171229
ALYac 20171230
Arcabit 20171230
Avast 20171230
Avast-Mobile 20171229
AVG 20171230
AVware 20171230
Baidu 20171227
BitDefender 20171230
Bkav 20171229
CMC 20171229
Comodo 20171230
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171230
eGambit 20171230
Emsisoft 20171230
Endgame 20171130
F-Prot 20171230
F-Secure 20171230
GData 20171230
Sophos ML 20170914
Jiangmin 20171230
K7AntiVirus 20171230
K7GW 20171230
Kaspersky 20171230
Kingsoft 20171230
Malwarebytes 20171230
MAX 20171230
McAfee-GW-Edition 20171230
Microsoft 20171230
eScan 20171230
nProtect 20171230
Palo Alto Networks (Known Signatures) 20171230
Panda 20171230
Qihoo-360 20171230
Rising 20171230
SentinelOne (Static ML) 20171224
Sophos AV 20171230
SUPERAntiSpyware 20171230
Symantec Mobile Insight 20171230
TheHacker 20171229
TrendMicro 20171230
Trustlook 20171230
VBA32 20171229
VIPRE 20171230
ViRobot 20171230
Webroot 20171230
Yandex 20171229
Zillya 20171229
ZoneAlarm by Check Point 20171230
Zoner 20171230

 
 



 The file being studied is Android related! APK Android file more specifically. The application's main package name is org.blackmart.market. The internal version number of the application is 992083. The displayed version string of the application is 0.99.2.83B. The minimum Android API level for the application to run (MinSDKVersion) is 9. The target Android API level for the application to run (TargetSDKVersion) is 22.

 Required permissions
 
 android.permission.ACCESS_FINE_LOCATION (fine (GPS) location)
 
 android.permission.VIBRATE (control vibrator)
 
 android.permission.READ_LOGS (read sensitive log data)
 
 com.google.android.c2dm.permission.RECEIVE (Unknown permission from android reference)
 
 android.permission.ACCESS_NETWORK_STATE (view network status)
 
 android.permission.ACCESS_COARSE_LOCATION (coarse (network-based) location)
 
 android.permission.WAKE_LOCK (prevent phone from sleeping)
 
 android.permission.GET_TASKS (retrieve running applications)
 
 android.permission.INTERNET (full Internet access)
 
 org.blackmart.market.permission.C2D_MESSAGE (C2DM permission.)
 
 android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
 
 android.permission.GET_ACCOUNTS (discover known accounts)

 
Activities
 
org.blackmart.market.ui.HomeActivity
 
org.blackmart.market.ui.ApkInfoActivity
 
org.blackmart.market.ui.ApkListActivity
 
org.blackmart.market.ui.ScreenShotActivity
 
org.blackmart.market.ui.ApkSearchActivity
 
org.blackmart.market.ui.SortModeActivity
 
org.blackmart.market.ui.SettingsActivity
 
org.blackmart.market.ui.DeviceActivity
 
org.blackmart.market.ui.AboutActivity
 
com.pzdpnt.ykpgmp230391.AdActivity
 
com.pzdpnt.ykpgmp230391.BrowserActivity
 
tiny.lib.log.ui.CrashReportActivity
 
com.google.android.gms.ads.AdActivity
 
com.google.android.gms.ads.purchase.InAppPurchaseActivity

 
Services
 
org.blackmart.market.util.components.BlackmartService
 
com.parse.PushService

 
Receivers
 
org.blackmart.market.util.components.ActionsReceiver
 
com.parse.ParseBroadcastReceiver
 
com.parse.GcmBroadcastReceiver
 
com.parse.ParsePushBroadcastReceiver

 
Providers
 
org.blackmart.market.util.components.ApkSearchRecentSuggestionsProvider

 
Activity-related intent filters
 org.blackmart.market.ui.ApkSearchActivity
 actions: android.intent.action.SEARCH
 
 org.blackmart.market.ui.HomeActivity
 actions: android.intent.action.MAIN
 categories: android.intent.category.LAUNCHER
 Receiver-related intent filters
 com.parse.GcmBroadcastReceiver
 actions: com.google.android.c2dm.intent.RECEIVE, com.google.android.c2dm.intent.REGISTRATION
 categories: org.blackmart.market
 com.parse.ParseBroadcastReceiver
 actions: android.intent.action.BOOT_COMPLETED, android.intent.action.USER_PRESENT
 
 org.blackmart.market.util.components.ActionsReceiver
 actions: android.intent.action.PACKAGE_ADDED, android.intent.action.PACKAGE_REMOVED, android.intent.action.PACKAGE_CHANGED, android.intent.action.PACKAGE_REPLACED
 
 com.parse.ParsePushBroadcastReceiver
 actions: com.parse.push.intent.RECEIVE, com.parse.push.intent.DELETE, com.parse.push.intent.OPEN
 
 Application certificate information
Subject DN: C:RU, OU:blackmart, L:Moscow, O:blackmart, CN:blackmart C: RU CN: blackmart L: Moscow O: blackmart OU: blackmart validto: 11:17 PM 03/02/2036 serialnumber: 4d780a74 thumbprint: 12b34fb432092d9b8187aae7ab93b812af18ac10 validfrom: 11:17 PM 03/09/2011 Issuer DN: C:RU, OU:blackmart, L:Moscow, O:blackmart, CN:blackmart C: RU CN: blackmart L: Moscow O: blackmart OU: blackmart
 Interesting strings
http:// http://hostname/? http://market.android.com http://market.b3er.org/blackmart/upload2 http://play.google.com/store/ http://plus.google.com/ http://schema.org/ActivateAction http://schema.org/ActiveActionStatus http://schema.org/AddAction http://schema.org/BookmarkAction http://schema.org/CommunicateAction http://schema.org/CompletedActionStatus http://schema.org/FailedActionStatus http://schema.org/FilmAction http://schema.org/LikeAction http://schema.org/ListenAction http://schema.org/PhotographAction http://schema.org/ReserveAction http://schema.org/SearchAction http://schema.org/ViewAction http://schema.org/WantAction http://schema.org/WatchAction http://schemas.android.com/apk/res/android http://www.google-analytics.com http://www.google.com https://accounts.google.com https://api.parse.com/1/ https://csi.gstatic.com/csi https://e.crashlytics.com/spi/v2/events https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html https://login.live.com https://login.yahoo.com https://market.android.com https://market.android.com/details?id= https://play.google.com/store/ https://settings.crashlytics.com/spi/v2/platforms/android/apps/%s/settings https://ssl.google-analytics.com https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.googleapis.com/auth/appstate https://www.googleapis.com/auth/datastoremobile https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/fitness.activity.read https://www.googleapis.com/auth/fitness.activity.write https://www.googleapis.com/auth/fitness.body.read https://www.googleapis.com/auth/fitness.body.write https://www.googleapis.com/auth/fitness.location.read https://www.googleapis.com/auth/fitness.location.write https://www.googleapis.com/auth/fitness.nutrition.read https://www.googleapis.com/auth/fitness.nutrition.write https://www.googleapis.com/auth/games https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/plus.moments.write https://www.googletagmanager.com https://www.linkedin.com https://www.paypal.com
 The file being studied is a compressed stream! Details about the compressed contents follow.
 Contained files
 This file is a compressed stream containing 912 files.
  (https://www.virustotal.com/en/file/56e5e9b1ad9756a442ed037f3d85e204832595bd02a1f5c8fc5ce6a442fb2001/analysis/)