Android Triada modular trojan
Archived: 2026-04-05 20:45:03 UTC
AVG  Android/Deng.DSS  20160310
AVware  Trojan.AndroidOS.Generic.A  20160310
Ad-Aware  Android.Trojan.Triada.A  20160310
AegisLab  Troj.SMS.AndroidOS.Agent.rm!c  20160310
AhnLab-V3  Android-PUP/SmsReg.ff6c  20160309
Alibaba  A.L.Pay.Popr  20160310
Antiy-AVL  Trojan[Backdoor:HEUR]/Android.Triada.2  20160310
Arcabit  Android.Trojan.Triada.R  20160310
Avast  Android:Triada-C [Trj]  20160310
Avira (no cloud)  ANDROID/Triada.A.55  20160310
Baidu-International  Trojan.Android.Agent.BKT  20160309
BitDefender  Android.Trojan.Triada.A  20160310
CAT-QuickHeal  Android.Triada.B1e19 (PUP)  20160310
Comodo  UnclassifiedMalware  20160310
Cyren  AndroidOS/GenBl.BCA0D997!Olympus  20160310
DrWeb  Android.Rootkit.20  20160310
ESET-NOD32  a variant of Android/Spy.SmsSpy.AU  20160310
Emsisoft  Android.Trojan.Triada.A (B)  20160310
F-Secure  Android.Trojan.Triada.A  20160310
Fortinet  Android/Agent.ANZ!tr  20160310
GData  Android.Trojan.Triada.A  20160310
Ikarus  HackTool.AndroidOS.RGenius  20160310
Jiangmin  Backdoor.AndroidOS.cjj  20160310
K7GW  Trojan ( 004d2c811 )  20160310
Kaspersky  HEUR:Backdoor.AndroidOS.Triada.b  20160310
McAfee  Artemis!592FA585B644  20160310
eScan  Android.Trojan.Triada.A  20160310
NANO-Antivirus  Trojan.Android.Agent.dywqdy  20160310
Qihoo-360  Trojan.Android.Gen  20160310
Sophos  Andr/Triada-A  20160310
Tencent  Android.Trojan.Agentb.Auto  20160310
VIPRE  Trojan.AndroidOS.Generic.A  20160310
Zoner  Trojan.AndroidOS.SmsSpy.A  20160310
Required permissions
android.permission.CHANGE_NETWORK_STATE (change network connectivity) 
http://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html
Page 1 of 4

android.permission.READ_LOGS (read sensitive log data) 
android.permission.INTERNET (full Internet access) 
android.permission.SEND_SMS (send SMS messages) 
android.permission.WRITE_SMS (edit SMS or MMS) 
android.permission.ACCESS_NETWORK_STATE (view network status) 
android.permission.GET_TASKS (retrieve running applications) 
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents) 
android.permission.GET_PACKAGE_SIZE (measure application storage space) 
android.permission.READ_EXTERNAL_STORAGE (read from external storage) 
android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot) 
android.permission.ACCESS_MTK_MMHW (Unknown permission from android reference) 
com.android.alarm.permission.SET_ALARM (set alarm in alarm clock) 
android.permission.BROADCAST_STICKY (send sticky broadcast) 
android.permission.WRITE_SETTINGS (modify global system settings) 
android.permission.READ_PHONE_STATE (read phone state and identity) 
android.permission.READ_SMS (read SMS or MMS) 
android.permission.SYSTEM_ALERT_WINDOW (display system-level alerts) 
android.permission.KILL_BACKGROUND_PROCESSES (kill background processes) 
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status) 
android.permission.WAKE_LOCK (prevent phone from sleeping) 
android.permission.CHANGE_WIFI_STATE (change Wi-Fi status) 
android.permission.RECEIVE_SMS (receive SMS) 
android.permission.CLEAR_APP_CACHE (delete all application cache data) 
android.permission.MOUNT_UNMOUNT_FILESYSTEMS (mount and unmount file systems) 
android.permission.RESTART_PACKAGES (kill background processes) 
Activities
http://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html
Page 2 of 4

com.good.sunsine.FlashScreen 
com.good.sunsine.MainActivity 
Services
com.android.system.UpdateService 
Receivers
com.android.system.PopReceiver 
Service-related intent filters
com.android.system.UpdateService
actions: com.android.system.UpdateService
Activity-related intent filters
com.good.sunsine.FlashScreen
actions: android.intent.action.MAIN
categories: android.intent.category.LAUNCHER 
Receiver-related intent filters
com.android.system.PopReceiver
actions: android.intent.action.BOOT_COMPLETED, android.provider.Telephony.SMS_RECEIVED,
android.intent.action.PHONE_STATE, android.intent.action.NEW_OUTGOING_CALL
categories: android.intent.category.LAUNCHER 
validfrom: 06:55 AM 05/25/2015
serialnumber: 6B36CE51
Issuer
    DN: OU=98yudodaqe, CN=98eyu1982ey98eu
    CN: 98eyu1982ey98eu
    OU: 98yudodaqe
Subject
    DN: OU=98yudodaqe, CN=98eyu1982ey98eu
    CN: 98eyu1982ey98eu
    OU: 98yudodaqe
http://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html
Page 3 of 4

thumbprint: 41775876A2CD11B4D1B85C9D73D49B187EFFA1D2
Source: http://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html
http://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html
Page 4 of 4