Apkscan

2001
NVISO ApkScan malware analysis report

June 12, 2019
General information
File name 2001.apk
Other known file

None
names
Origin Manually uploaded by anonymous user [2019-06-06 11:25:00]
MD5 hash c2d7cb824c021b4ab27aeb9f254fc804
SHA256 hash 0021a38e2a872c7c100f942d0e4ac3aaa57c346db0cad744f3babbb4259a9c8d
File size 12577.8 KB
Worker NVISO_API_KALI_01
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
No permissions requested.
Services
No services registered.
Virus Total scan results
None of the 60 scanners detected malicious behavior.
Disassembled source code
Hardcoded URL's
No hardcoded URLs identified in source code.
Dynamic malware analysis
Screenshot or animated GIF of the analysed application
Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the applica
can result in our report showing a different screen than the one you would see when starting the application.
Disk activity
Accessed files
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/StartappMetadata
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/StartappAdInfoMetadata
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/back_.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/StartappSplashMetadata
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/shared_prefs_sdk_ad_prefs
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/StartappAdsMetadata
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/forward_dark.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/forward_.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/StartappCacheMetadata
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/back_dark.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/half_star.png
Filename /dev/urandom
Filename /proc/1214/cmdline
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/x_dark.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/RunnerManager.xml
Filename /data/anr/traces.txt
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/StartappBannerMetadata
Filename /data/data/com.virtual.pro.dj.mixer.edm/cache/1521499837408.jar
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/browser_icon_dark.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/logo.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/empty_star.png
Filename pipe:[5225]
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/filled_star.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/TruenetJobKey.xml
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/com.startapp.android.publish.CookiePrefsFile.xml
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/com.startapp.android.publish.xml
Filename /proc/meminfo
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/google_ads_flags_meta.xml
Filename /data/data/com.virtual.pro.dj.mixer.edm/files/close_button.png
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/inappprefads.xml
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/_dis_play.xml
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/_dis_data.xml
Filename /data/data/com.virtual.pro.dj.mixer.edm/cache/1521499837408.tmp
Filename /dev/input/event0
Filename /data/data/com.virtual.pro.dj.mixer.edm/cache/1521499837408.dex
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/multidex.version.xml
Filename /data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filename /data/data/com.android.vending/shared_prefs/finsky.xml
Filename /data/data/com.virtual.pro.dj.mixer.edm/shared_prefs/admob.xml
Network activity
Opened network connections
Destination 93.184.219.181:443 File descriptor 32
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.

Sent SMS messages
No text messages were placed automatically.
Cryptographic activity
Used encryption keys
Algorithm AES
Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29
Encryption operations
No cryptographic activity detected.
Decryption operations
Algorithm AES/CBC/PKCS5Padding
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.l
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.m
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.c
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.t
Data (ASCII)
Data (RAW) a
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.i
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.e
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.d
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.r
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.g
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.p
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.q
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.w
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.v
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.o
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.b
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.n
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.f
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.j
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.h
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.k
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.u
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.s
Data (ASCII)
Data (RAW) com.google.android.ads.zxxz.a
Information leakage
Network information leakage
No network information leakage detected.
SMS information leakage
No SMS information leakage detected.

File information leakage
No file information leakage detected.
Miscellaneous
Started services
No services were started.
Output generated by ADB logcat
Download ADB logcat file (text format - 2420 KB)
report overview | terms & conditions | support & feedback | nviso.be
2002

June 12, 2019
General information
File name 2002.apk
Other known file

None
names
MD5 hash 057a26ff44942dfb43915fc4df9ecc94
SHA256 hash 0021aa5acef5cadfb742e31574b428b4df5b14677c240c10e65405368d5e2963

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BLUETOOTH Allows applications to connect to paired bluetooth devices
INTERNET Allows applications to open network sockets.
READ_PHONE_STATE Allows read only access to phone state.
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishe
RECEIVE_BOOT_COMPLETED
booting.
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class com.evernote.android.job.v14.PlatformAlarmServiceExact
Class com.evernote.android.job.v21.PlatformJobService
Class com.evernote.android.job.gcm.PlatformGcmService
Class com.evernote.android.job.v14.PlatformAlarmService
Class com.evernote.android.job.JobRescheduleService
Class com.ansca.corona.CoronaService
Hardcoded URL's
http://code.google.com/p/lowlatencyaudio
http://fsf.org/
http://schemas.android.com/apk/res/android
http://schemas.android.com/apk/res-auto
https://maps.googleapis.com/maps/api/js?v=3.9&sensor=false
http://www.gphysics.com

Disk activity
Accessed files
Filename /data/data/com.diamond.triple.slots/code_cache/secondary-dexes/com.diamond.triple.slots-1.apk.classes1181854842.zip
Filename /data/data/com.diamond.triple.slots/code_cache/secondary-dexes/com.diamond.triple.slots-1.apk.classes-1499304223.zip
Filename /data/data/com.diamond.triple.slots/code_cache/secondary-dexes/com.diamond.triple.slots-1.apk.classes-1120502424.zip
Filename /data/data/com.diamond.triple.slots/shared_prefs/Corona.xml
Filename /data/data/com.android.music/shared_prefs/Music.xml
Filename /data/data/com.diamond.triple.slots/shared_prefs/multidex.version.xml
Filename /data/data/com.android.launcher/shared_prefs/com.android.launcher2.prefs.xml
Network activity
No network connections were opened.
Placed phone calls
Sent SMS messages

Information leakage
Miscellaneous
Started services
Service name com.android.music.MediaPlaybackService
2003

June 12, 2019
General information
File name 2003.apk
Other known file

None
names
MD5 hash 1604dd0175da6926f4d75876b60d347c
SHA256 hash 0021eeeb86de8e160d26c01a33e5b113dd7aed4c3c219c227b0927e363669a04
Permissions
Allows an application to initiate a phone call without going through the Dialer user interface for the us
CALL_PHONE
confirm the call being placed.
CAMERA Required to be able to access the camera device.
FLASHLIGHT Allows access to the flashlight
READ_CONTACTS Allows an application to read the user's contacts data.
READ_EXTERNAL_STORAGE Allows an application to read from external storage.
READ_HISTORY_BOOKMARKS Allows an application to read (but not write) the user's browsing history and bookmarks.
BILLING Unknown permission
C2D_MESSAGE Unknown permission
RECEIVE Unknown permission
WRITE_USE_APP_FEATURE_SURVEY Unknown permission
VIBRATE Allows access to the vibrator
WRITE_CONTACTS Allows an application to write (but not read) the user's contacts data.

Services
Class com.google.firebase.iid.FirebaseInstanceIdService
Class com.google.android.gms.measurement.AppMeasurementService
Hardcoded URL's
Disk activity
Accessed files
Filename /data/data/com.fourarc.qr/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filename /data/data/com.fourarc.qr/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7cee1975-7faa-
Filename /data/data/com.fourarc.qr/shared_prefs/com.crashlytics.sdk.android.crashlytics-core:com.crashlytics.android.core.Crashl
Filename /data/data/com.fourarc.qr/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7d92c416-7051-
Filename /data/data/com.fourarc.qr/cache/1460683162801.jar
Filename /data/data/com.fourarc.qr/shared_prefs/com.google.android.gms.measurement.prefs.xml
Filename /data/data/com.fourarc.qr/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filename /data/data/com.android.browser/shared_prefs/com.android.browser_preferences.xml
Filename /data/data/com.fourarc.qr/shared_prefs/com.crashlytics.prefs.xml
Filename /data/data/com.fourarc.qr/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/5CF8E24100CF-0001-051A-7C983D280B3
Filename /data/data/com.fourarc.qr/shared_prefs/TwitterAdvertisingInfoPreferences.xml
Filename /data/data/com.fourarc.qr/shared_prefs/com.crashlytics.sdk.android:answers:settings.xml
Filename /data/data/com.fourarc.qr/cache/1460683162801.tmp
Filename /data/data/com.fourarc.qr/cache/1460683162801.dex
Filename /data/data/com.fourarc.qr/shared_prefs/com.google.android.gms.appid.xml
Network activity

Placed phone calls
Sent SMS messages
Algorithm AES
Key 4, 103, -30, 65, -64, 8, 86, -111, 39, -2, 110, -18, 84, -7, 44, 1
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (RAW) a
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Information leakage
Miscellaneous
Started services
Service name com.google.firebase.iid.FirebaseInstanceIdService
2004

June 12, 2019
General information
File name 2004.apk
Other known file

None
names
MD5 hash 3d1cfbdfddc21b37e38d2c5476fceb36
SHA256 hash 0021f3ef074c48008d6af273bf5e1ad4aec38710f64bc37b8cd55fd757f20388
Permissions
Allows an application to initiate a phone call without going through the Dialer user interface for the user to co
CALL_PHONE
the call being placed.
PROCESS_OUTGOING_CALLS Allows an application to monitor, modify, or abort outgoing calls.
Services
Babable PUP.HighConfidence
Tencent a.gray.inventor.a
Hardcoded URL's
http://ai-mediaservice.appspot.com
http://androvote.appspot.com
http://api.yandex.com/translate/
http://appinvgameserver.appspot.com
http://appinvtinywebdb.appspot.com
http://appinvtinywebdb.appspot.com/
http://cloudinary.com/
http://commons.apache.org/logging/tech.html
http://commons.apache.org/logging/troubleshooting.html
http://developer.android.com/guide/appendix/media-formats.html
http://gnu.org/kawa/cached-collections
http://kawa.gnu.org/
http://kawa.gnu.org/unit
http://kawa.gnu.org/unknown-namespace/
http://plus.google.com/
http://qexo.gnu.org/
http://radio11.plathong.net
https://api.projectoxford.ai/emotion/v1.0/recognize
https://api.projectoxford.ai/vision/v1.0/describe
https://appload.ingest
https://auth.firebase.com/
https://code.google.com/apis/console/
https://developers.google.com/fusiontables/docs/v2/getting_started
https://docs.google.com/spreadsheet/formResponse?formkey
https://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html
https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps
https://play.google.com/store/apps/developer?id=Thia+life
http://stackoverflow.com/questions/26273929/what-proguard-configuration-do-i-need-for-firebase-on-android
https://thunkable-application-firebase.firebaseio.com/
https://translate.yandex.net/api/v1.5/tr.json/translate?key
https://txn.ingest
https://web.facebook.com/92.50pattaya
https://www.cloudstitch.com/
https://www.facebook.com/thaithia
https://www.firebase.com
https://www.firebase.com/docs/android/guide/offline-capabilities.html#section-handling-transactions-offline fo...
https://www.googleapis.com/auth/appstate
https://www.googleapis.com/auth/datastoremobile
https://www.googleapis.com/auth/drive.appdata
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/fitness.activity.read
https://www.googleapis.com/auth/fitness.activity.write
https://www.googleapis.com/auth/fitness.body.read
https://www.googleapis.com/auth/fitness.body.write
https://www.googleapis.com/auth/fitness.location.read
https://www.googleapis.com/auth/fitness.location.write
https://www.googleapis.com/auth/fitness.nutrition.read
https://www.googleapis.com/auth/fitness.nutrition.write
https://www.googleapis.com/auth/fusiontables
https://www.googleapis.com/auth/games
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/fusiontables/v2/tables
https://www.googleapis.com/fusiontables/v2/tables?key
https://www.google.com/voice/b/0
https://www.google.com/voice/b/0/sms/send/
https://www.microsoft.com/cognitive-services/
http://twitter.com/oauth_clients/new
http://www.facebook.com
http://www.gnu.org/software/kawa/
http://www.google.com/fusiontables/v2/query
http://www.twitter.com
http://www.w3.org/1999/xhtml
http://www.w3.org/1999/XSL/Transform
http://www.w3.org/2000/xmlns/
http://www.w3.org/2001/XMLSchema
http://www.w3.org/2001/XMLSchema-instance
http://www.w3.org/2005/xpath-functions
http://www.w3.org/2005/xpath-functions/collation/codepoint
http://www.w3.org/2005/xqt-errors
http://www.w3.org/2005/xquery-local-functions
http://www.w3.org/XML/1998/namespace

Disk activity
Accessed files
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/code_cache/secondary-dexes/com.thunkable.android.thaithia.FM92Pat
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/files/com.crittercism/app_loads_2/1.1559815112461.000000002
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/shared_prefs/com.crittercism.usersettings.xml
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/shared_prefs/com.crittercism.settings.936d0271f7f44f3284830bcf9ff
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/files/com.crittercism/network_statistics/1.1559815112461.00000000
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/files/com.crittercism/breadcrumbs/1.1559815112461.000000010
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/files/com.crittercism/finished_txns/1.1559815112461.000000003
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/shared_prefs/com.firebase.authentication.credentials.xml
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/shared_prefs/com.crittercism.936d0271f7f44f3284830bcf9ffecb1b0055
Filename /data/data/com.thunkable.android.thaithia.FM92Pattaya/shared_prefs/multidex.version.xml
Network activity
Placed phone calls
Sent SMS messages

Information leakage
Miscellaneous
Started services
2005

June 12, 2019
General information
File name 2005.apk
Other known file

None
names
MD5 hash d8c0194c815764494963847d191b36b4
SHA256 hash 0021fa5d4214c97cbaae6c411ebeee3b21907ebb3388d58575c560a3a32daf56
Permissions
ACCESS_COARSE_LOCATION Allows an app to access approximate location derived from network location sources such as cell towers and
ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.
BADGE_COUNT_READ Unknown permission
BADGE_COUNT_WRITE Unknown permission
BROADCAST_BADGE Unknown permission
CHANGE_BADGE Unknown permission
PROVIDER_INSERT_BADGE Unknown permission
READ Unknown permission
READ_APP_BADGE Unknown permission
READ_SETTINGS Unknown permission
UPDATE_BADGE Unknown permission
UPDATE_COUNT Unknown permission
UPDATE_SHORTCUT Unknown permission
WRITE Unknown permission
WRITE_SETTINGS Allows an application to read or write the system settings.

Services
Class com.google.firebase.messaging.FirebaseMessagingService
Class com.yandex.metrica.ConfigurationService
Class com.yandex.metrica.MetricaService
Class com.adobe.phonegap.push.PushInstanceIDListenerService
Class com.adobe.phonegap.push.FCMService
Class com.google.android.gms.measurement.AppMeasurementJobService
Hardcoded URL's
http://angular-translate.github.io/docs/
http://cordova.apache.org/ns/1.0
http://creativecommons.org/licenses/by/4.0/
http://docs.angularjs.org/api/angular.element
http://docs.angularjs.org/api/ng
http://errors.angularjs.org/1.5.11/
http://fontawesome.com
http://fontawesome.com/license
http://fontawesome.io
http://fontawesome.io/license
http://fontforge.sf.net
http://ionicons.com/
http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewContentsUserReviews?pageNumber=0&sortOrdering=1&type=Pur...
http://jsperf.com/b64tests
http://maps.n
http://momentjs.com/guides/
http://opensource.org/licenses/Apache
https://api-maps.yandex.ru/2.1/
https://api.ok.ru/js/fapi5.js
https://api.vk.com/method/groups.getById
https://api.yclients.com/api/v
https://app-measurement.com/a
https://calendar.google.com/calendar/render
https://certificate.mobile.yandex.net/api/v1/pins
https://connect.facebook.net/en_US/fbevents.js
https://docs.angularjs.org/api/ngSanitize
http://server/myapp/index.html
https://fonts.gstatic.com/s/materialicons/v7/2fcrYFNaTjcS6g4U3t-Y5ZjZjT5FdEJ140U2DJYC3mY.woff
https://gist.github.com/triceam/4658021
https://github.com/angular/material
https://github.com/crypto-browserify/crypto-browserify
https://github.com/driftyco/ionicons
https://github.com/es-shims
https://github.com/google/material-design-icons
https://github.com/indutny/elliptic
https://github.com/indutny/elliptic/issues
https://github.com/puleos/object-hash/issues/26
https://github.com/zloirock/core-js/issues/86#issuecomment
https://goo.gl/NAOOOI
https://images.yclients.com
https://issues.apache.org/jira/browse/CB
https://maps.googleapis.com/maps/api/js?callback=yGoogleMapsInitCallback&key=AIzaSyDXdiemDvD0Id0YIR6EJhr-ZOgcY...
https://maps.googleapis.com/maps/api/staticmap
https://mc.yandex.ru/metrika/tag.js
https://mc.yandex.ru/watch/
https://ok.ru/appinstall/1251088128
https://packages.yclients.cloud/repository/ycl-npm/elliptic/
https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps
https://people.mozilla.org/
https://plus.google.com/
https://ssl.gstatic.com/accessibility/javascript/android/
https://startup.mobile.yandex.net/
https://static-maps.yandex.ru/1.x/
https://tech.yandex.com/appmetrica/doc/mobile-sdk-dg/concepts/mobilesdk-about-docpage/
https://tech.yandex.com/metrica-mobile-sdk/doc/mobile-sdk-dg/concepts/android-initialize-docpage/
https://twitter.com/benjsperry
https://twitter.com/ionicframework
https://vk.com/js/api/openapi.js
https://vk.com/rtrg?p
https://www.facebook.com/tr?id
https://www.google.com
https://www.google.com/chrome/
https://www.google.com/maps/search/
https://www.googletagmanager.com/gtag/js?id
https://www.microsoft.com/software-download/windows
https://www.yclients.com/
https://www.yclients.com/info/pricing
https://yandex.com/legal/appmetrica_sdk_agreement/
https://yandex.ru/legal
https://yandex.ru/maps/
https://yclients-client-apps.firebaseio.com
https://yclients.com
https://yclients.com/
https://yclients.com/cabinet/info/
http://unicode.org/reports/tr35/tr35-4.html
http://www.apache.org/licenses/LICENSE
http://www.apple.com/osx/
http://www.mozilla.org/firefox/new/
http://www.opera.com/
http://www.w3.org/1999/xlink
http://www.w3.org/2000/svg
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd
http://www.w3.org/html/wg/drafts/html/master/browsers.html#named-access-on-the-window-object
http://www.w3.org/ns/widgets
http://yclients.com
http://yclients.com/info/oferta
http://yclients.com/info/rules
No screenshot taken during dynamic analysis.
This most likely means that your application did not run correctly on our test device.
Our test devices run Android 4.1 Jelly Bean (API level 16), and currently do not support hardware OpenGL acceleration.
Since the application did not run correctly, the results in the sections below could be incomplete!
Disk activity
Accessed files
No files were accessed.
Network activity

Placed phone calls
Sent SMS messages
Information leakage
Miscellaneous
Started services
2007
June 12, 2019
General information
File name 2007.apk
Other known file

None
names
MD5 hash a24f7dc87869de3103a65f1e4691c85c
SHA256 hash 00222dd7ef73137bcd28c87a189cc4b5daa738995acfd2626f7d81fdd76254cd
Permissions
booting.
Services
Class net.hundredapps.kawaiicalc.model.logic.service.ReSetService
Class net.hundredapps.kawaiicalc.model.logic.service.GetVersionService
Class net.hundredapps.kawaiicalc.model.logic.service.jobScheduler.EasyCalcLaunchNotificationJobScheduler
Class net.hundredapps.kawaiicalc.model.logic.service.NotificationIfNotDisplayedService
Hardcoded URL's
Disk activity
Accessed files
Network activity
Placed phone calls
Sent SMS messages
Information leakage
Miscellaneous
Started services
2008

June 12, 2019
General information
File name 2008.apk
Other known file

None
names
MD5 hash ca6fc2e32eddbe471cccd583ee85e31d
SHA256 hash 0022304b0aa44edbdce7a06b3d6fc5e2faa9c1234356e9f45881d5a55708f0f6
Permissions
Services
Class com.hayangkawin.dxsimulationfor_doublew.util.MyFirebaseMessagingService
Class com.hayangkawin.dxsimulationfor_doublew.util.MyFirebaseInstanceIDService
Class com.google.android.gms.analytics.AnalyticsService
Class com.google.android.gms.analytics.AnalyticsJobService

Hardcoded URL's
Disk activity
Accessed files
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/shared_prefs/com.google.android.gms.measurement.prefs.xml
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/shared_prefs/google_ads_flags_meta.xml
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/shared_prefs/com.google.android.gms.analytics.prefs.xml
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/cache/1505450608132.jar
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/cache/1505450608132.tmp
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/files/gaClientId
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/shared_prefs/admob.xml
Filename /data/data/com.hayangkawin.dxsimulationfor_doublew/cache/1505450608132.dex
Network activity
Placed phone calls
Sent SMS messages
Algorithm AES
Key 120, -128, -66, -43, 10, 43, 37, 47, -49, 83, 16, 72, 27, -30, -80, 33
Data (ASCII)
Data (ASCII)
Data (RAW) a
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Information leakage
Miscellaneous
Started services
2013
June 12, 2019
General information
File name 2013.apk
Other known file

None
names
MD5 hash 0f05cec2918309edf81a991d3546e5ce
SHA256 hash 00232667898367699f013af19d3f69fa7fb1349a55e8dab480b84dc722f2415f
Permissions
BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimm
Services
Class com.start.aplication.template.MyFirebaseMessagingService
Class com.kpn.service.KPNFirebaseInstanceIDService
Hardcoded URL's
Disk activity
Accessed files
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/code_cache/secondary-dexes/tmp-com.VAD.Makeup.Beauty.Photo.Effects-1.ap
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/com.applovin.sdk.1.xml
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/files/UnityAdsWebApp.html
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/com.google.android.gms.measurement.prefs.xml
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/code_cache/secondary-dexes/com.VAD.Makeup.Beauty.Photo.Effects-1.apk.cla
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/files/UnityAdsStorage-private-data.json
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/com.applovin.sdk.preferences.aepd9tdSVxUyUmIcgHM19nAb4-Fo
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/files/UnityAdsTest.txt
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/admob.xml
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/FBAdPrefs.xml
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/cache/1521499837408.jar
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/files/UnityAdsStorage-public-data.json
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/com.VAD.Makeup.Beauty.Photo.Effects_preferences.xml
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/com.cms.kovacnica.xml
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/multidex.version.xml
Filename /data/data/com.android.musicfx/shared_prefs/musicfx.xml
Filename /data/tombstones/tombstone_01
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/shared_prefs/SDKIDFA.xml
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/cache/1521499837408.tmp
Filename /data/data/com.VAD.Makeup.Beauty.Photo.Effects/cache/1521499837408.dex
Network activity
Opened network
connections

Placed phone calls
Sent SMS messages
Algorithm AES
Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29
Data (ASCII)
Data (RAW) a
Data (ASCII)
Data (ASCII)

Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)

Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)

Data (ASCII)
Information leakage
Miscellaneous
Started services
Service name com.android.musicfx.Compatibility$Service
2014

June 12, 2019
General information
File name 2014.apk
Other known file

None
names
MD5 hash cc4939970402b5f30051b005321191c8
SHA256 hash 002349ae0e9df749645a37dce2ee734ffae1cc6ab459d579293647114a992a2f
Permissions
Services
Hardcoded URL's
Disk activity
Accessed files
Network activity
Placed phone calls
Sent SMS messages
Information leakage

Miscellaneous
Started services
2017

June 12, 2019
General information
File name 2017.apk
Other known file

None
names
MD5 hash 228571290f1fdfd70ed1bd3028f45161
SHA256 hash 0023bd739ada3bc08d6cfe35fbb35cc2d29c6d705ca53b3d1785b2b76adea743

Permissions
SET_WALLPAPER Allows applications to set the wallpaper
Services
Class com.appsforall.bridew.ServiceManager
Class com.pandora.PandoraService
Class com.evernote.android.job.gcm.PlatformGcmService
Class com.evernote.android.job.v21.PlatformJobService
Class com.evernote.android.job.v14.PlatformAlarmService
Class com.evernote.android.job.JobRescheduleService
Hardcoded URL's
http://schemas.android.com/aapt

Disk activity
Accessed files
Filename /data/data/com.appsforall.bridew/cache/picasso-cache/e1301acda95139bb2a4d3de8477080a2.1.tmp
Filename /data/data/com.appsforall.bridew/cache/picasso-cache/0a92998d1c2e13ff7cbc58003004ef68.1.tmp
Filename /data/data/com.appsforall.bridew/shared_prefs/com.appsforall.bridew_preferences.xml
Filename /data/data/com.appsforall.bridew/cache/picasso-cache/journal.tmp
Filename /data/data/com.appsforall.bridew/cache/picasso-cache/journal
Filename /data/data/com.appsforall.bridew/cache/picasso-cache/0a92998d1c2e13ff7cbc58003004ef68.0.tmp
Filename /data/data/com.appsforall.bridew/cache/picasso-cache/e1301acda95139bb2a4d3de8477080a2.0.tmp
Network activity
Opened network
connections
Placed phone calls
Sent SMS messages
Algorithm AES
16, 58, -35, 121, -41, -99, -64, 103, -35, 122, -9, 95, 122, 87, -99, 125, -21, 31, 108, 58, -35, 121, -41, -99, -64, 103, -61, -83, -41, -9
Key
-36
Information leakage

Miscellaneous
Started services
Service name com.appsforall.bridew.ServiceManager
2022

June 12, 2019
General information
File name 2022.apk
Other known file

None
names
MD5 hash 452f20072d62e0ca4ee4b59155c7e25c
SHA256 hash 0024f07a847a09808233beb77960e4adbb900773efee67f1352926c771bac3ce
Permissions
Services
Hardcoded URL's
http://goo.gl/8Rd3yj for instructions
http://goo.gl/naFqQk for details
http://hostname/
https://accounts.google.com
http://schema.org/ActivateAction
http://schema.org/ActiveActionStatus
http://schema.org/AddAction
http://schema.org/BookmarkAction
http://schema.org/CommunicateAction
http://schema.org/CompletedActionStatus
http://schema.org/FailedActionStatus
http://schema.org/FilmAction
http://schema.org/LikeAction
http://schema.org/ListenAction
http://schema.org/PhotographAction
http://schema.org/ReserveAction
http://schema.org/SearchAction
http://schema.org/ViewAction
http://schema.org/WantAction
http://schema.org/WatchAction
http://schemas.android.com/apk/lib/com.google.android.gms.plus
https://csi.gstatic.com/csi
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
https://login.live.com
https://login.yahoo.com
https://ssl.google-analytics.com
https://twitter.com
https://www.facebook.com
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.apps
https://www.googleapis.com/auth/games.firstparty
https://www.googleapis.com/auth/plus.moments.write
https://www.googletagmanager.com
https://www.linkedin.com
https://www.paypal.com
http://www.google-analytics.com
http://www.google.com
Disk activity
Accessed files
Network activity
Placed phone calls
Sent SMS messages
Information leakage

Miscellaneous
Started services
2023

June 12, 2019
General information
File name 2023.apk
Other known file

None
names
MD5 hash 55f5abcc115a6b8ead7514dc87a68229
SHA256 hash 00253083a5c2c93fe9bcaf6a4dfc0a5819b622f98a43faf7451d0d7d9f998d7b

Permissions
Services
Class com.sabilistudio.brunomarsnewsongs.AudioService
Class com.sabilistudio.brunomarsnewsongs.Audio245379_PlaylistManager
Class com.sabilistudio.brunomarsnewsongs.SetRingtoneService
Hardcoded URL's

Disk activity
Accessed files
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/d1aef840371ecdb969c286eda7c66d55c2602f3
Filename /data/data/com.sabilistudio.brunomarsnewsongs/shared_prefs/multidex.version.xml
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/68884a175f1c63ff3fff24a2a608400fae65706bb
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/8cdf8c8da1292296042f98b1280b15b55609c0
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/1521499837408.dex
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/journal
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/a6e4376bd62947c152431e44ca35ff3e0ad5f7c
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/aaf8f6b421d7a95008a81b31ad4c50fe971df55
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/fabdf7efe32c74a4b24bb4fcd6f8698e5e5245c3
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/1521499837408.jar
Filename /data/data/com.sabilistudio.brunomarsnewsongs/shared_prefs/Audio245379.xml
Filename /data/data/com.sabilistudio.brunomarsnewsongs/shared_prefs/admob.xml
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/1521499837408.tmp
Filename /data/data/com.sabilistudio.brunomarsnewsongs/shared_prefs/google_ads_flags_meta.xml
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/95374a526d6289e9999e5dea65909c95ac3fed
Filename /data/data/com.sabilistudio.brunomarsnewsongs/shared_prefs/com.sabilistudio.brunomarsnewsongs_preferences.xml
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/d34afcaf6fc7f2401b8d1693b0b5c47fc9c612f03
Filename /data/data/com.sabilistudio.brunomarsnewsongs/cache/image_manager_disk_cache/journal.tmp
Network activity
Placed phone calls

Sent SMS messages
Algorithm AES
Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29
Data (ASCII)
Data (RAW) a
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Information leakage

Miscellaneous
Started services
Service name com.sabilistudio.brunomarsnewsongs.AudioService
2024

June 12, 2019
General information
File name 2024.apk
Other known file

None
names
MD5 hash 598eac8dd7770d8a14f18b28405c4ea9
SHA256 hash 00256c7d4801fd2f6a942c2500dbea674631baff394ae588d863f8304cc5dcda
Permissions
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
booting.
BADGE_COUNT_READ Unknown permission
BADGE_COUNT_WRITE Unknown permission
BROADCAST_BADGE Unknown permission
CHANGE_BADGE Unknown permission
PROVIDER_INSERT_BADGE Unknown permission
READ Unknown permission
READ_APP_BADGE Unknown permission
UPDATE_BADGE Unknown permission
UPDATE_COUNT Unknown permission
UPDATE_SHORTCUT Unknown permission
WRITE Unknown permission
Services
Class com.google.android.gms.analytics.AnalyticsService
Class com.google.android.gms.analytics.CampaignTrackingService
Class com.google.android.gms.analytics.AnalyticsJobService
Class com.onesignal.GcmIntentService
Class com.onesignal.GcmIntentJobService
Class com.onesignal.RestoreJobService
Class com.onesignal.RestoreKickoffJobService
Class com.onesignal.SyncService
Class com.onesignal.SyncJobService
Class com.onesignal.NotificationRestoreService
Hardcoded URL's
http://schemas.android.com/tools

Disk activity
Accessed files
Filename /data/data/com.doogle.taiwannews/cache/1521499837408.jar
Filename /data/data/com.doogle.taiwannews/shared_prefs/OneSignal.xml
Filename /data/data/com.doogle.taiwannews/shared_prefs/com.google.android.gms.analytics.prefs.xml
Filename /data/data/com.doogle.taiwannews/files/gaClientId
Filename /data/data/com.doogle.taiwannews/shared_prefs/admob.xml
Filename /data/data/com.doogle.taiwannews/shared_prefs/google_ads_flags_meta.xml
Filename /data/data/com.doogle.taiwannews/shared_prefs/GTPlayerPurchases.xml
Filename /data/data/com.doogle.taiwannews/shared_prefs/apprate_prefs.xml
Filename /data/data/com.doogle.taiwannews/cache/1521499837408.dex
Filename /data/data/com.doogle.taiwannews/cache/1521499837408.tmp
Network activity
Placed phone calls
Sent SMS messages
Algorithm AES
Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (RAW) a
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Information leakage
Miscellaneous
Started services
2025

June 12, 2019
General information
File name 2025.apk
Other known file

None
names
MD5 hash 782da493d754be4984298e0f766d1e5e
SHA256 hash 00257149712990e6297a59555b72128de263dc30a0151573cce4a7d404990015
File size 3713.5 KB
Permissions
GET_TASKS Allows an application to get information about the currently or recently running tasks.
SYSTEM_ALERT_WINDOW Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applic
Services
Hardcoded URL's
http://goo.gl/8Rd3yj for instructions
http://goo.gl/naFqQk for details

http://hostname/
https://accounts.google.com
http://schema.org/ActivateAction
http://schema.org/ActiveActionStatus
http://schema.org/AddAction
http://schema.org/BookmarkAction
http://schema.org/CommunicateAction
http://schema.org/CompletedActionStatus
http://schema.org/FailedActionStatus
http://schema.org/FilmAction
http://schema.org/LikeAction
http://schema.org/ListenAction
http://schema.org/PhotographAction
http://schema.org/ReserveAction
http://schema.org/SearchAction
http://schema.org/ViewAction
http://schema.org/WantAction
http://schema.org/WatchAction
http://schemas.android.com/apk/lib/com.google.android.gms.plus
http://schemas.android.com/apk/res/com.infomenarikapps.lagufiveminutes
https://csi.gstatic.com/csi
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
https://login.live.com
https://login.yahoo.com
https://play.google.com/store/apps/details?id=com.infomenarikapps.lagudmasiv
https://play.google.com/store/apps/details?id=com.infomenarikapps.lagufatin
https://play.google.com/store/apps/details?id=com.infomenarikapps.lagugeisha
https://play.google.com/store/apps/details?id=com.infomenarikapps.lagujrocks
https://ssl.google-analytics.com
https://twitter.com
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.apps
https://www.googleapis.com/auth/games.firstparty
https://www.googleapis.com/auth/plus.moments.write
https://www.googletagmanager.com
https://www.linkedin.com
https://www.paypal.com
http://www.google-analytics.com
http://www.google.com
http://www.w3.org/1999/xhtml
http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd

Disk activity
Accessed files
Filename /data/data/com.infomenarikapps.lagufiveminutes/cache/ads1482185665.jar
Filename /data/data/com.infomenarikapps.lagufiveminutes/shared_prefs/admob.xml
Filename /data/data/com.infomenarikapps.lagufiveminutes/shared_prefs/com.vappsvn.chioianhyeuem.sharedpreference.xml
Network activity
Placed phone calls

Sent SMS messages
Algorithm AES
Key -120, 70, 86, 73, -27, -67, -69, -79, 99, -127, 66, -34, 104, -117, 65, 84
Data (ASCII)
Data (ASCII)
Data (RAW) a
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)

Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Data (ASCII)
Information leakage

Miscellaneous
Started services
2026

June 12, 2019
General information
File name 2026.apk
Other known file

None
names
MD5 hash 973560fcca2bcd5802a14ece1d7a1952
SHA256 hash 00259c214fc271380d2e6fa90c6cf4c81b5e012d7eebd4558c604d1ec9c7da2b

Permissions
SET_WALLPAPER Allows applications to set the wallpaper
SET_WALLPAPER_HINTS Allows applications to set the wallpaper hints
Services
Hardcoded URL's
Disk activity
Accessed files

Network activity
Placed phone calls
Sent SMS messages
Information leakage
Miscellaneous
Started services
2027

June 12, 2019
General information
File name 2027.apk
Other known file

None
names
MD5 hash 746512851eb78ada500dd4cfeceebbbd
SHA256 hash 0025a4f4c0b514ed539e6442a225d738a7ed22bdea65a43d0130d681101ff74e
Static malware analy
Android manifest (AndroidManife
Permissions
BATTERY_STATS Allows an application to collect battery statistics

BROADCAST_STICKY Allows an application to broadcast sticky intents.
CALL_PHONE Allows an application to initiate a phone call without going through the Dialer user interface for the user
CHANGE_WIFI_STATE Allows applications to change Wi-Fi connectivity state
FLASHLIGHT Allows access to the flashlight
KILL_BACKGROUND_PROCESSES Allows an application to call killBackgroundProcesses(String).
MODIFY_AUDIO_SETTINGS Allows an application to modify global audio settings
MOUNT_UNMOUNT_FILESYSTEMS Allows mounting and unmounting file systems for removable storage.
READ_LOGS Allows an application to read the low-level system log files.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system fi
INSTALL_SHORTCUT Unknown permission
RECEIVE_USER_PRESENT Unknown permission
UNINSTALL_SHORTCUT Unknown permission
Services
Class com.tencent.android.tpush.service.XGPushService
Class com.tencent.android.tpush.rpc.XGRemoteService
Class com.jingdong.jdmanew.service.JDMAService
SymantecMobileInsight AppRisk:Generisk
Disassembled source cod
Hardcoded URL's
http://wqs.jd.com/my/agreement/ebay_agree.shtml
http://wqs.jd.com/my/agreement/enter_agree.shtml
http://wqs.jd.com/my/agreement/global_agree.shtml
Dynamic malware anal
Screenshot or animated GIF of the analy
Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the ap
Disk activity
Accessed files
Filename /data/data/com.jd.wxsq.app/code_cache/secondary-dexes/com.jd.wxsq.app-1.apk.classes960624856.zip
Filename /data/data/com.jd.wxsq.app/shared_prefs/umeng_general_config.xml
Filename /data/data/com.jd.wxsq.app/files/nuwa/hack.apk
Filename /data/data/com.jd.wxsq.app/shared_prefs/share_data.xml
Filename /data/data/com.jd.wxsq.app/code_cache/secondary-dexes/com.jd.wxsq.app-1.apk.classes2.zip
Filename /data/data/com.jd.wxsq.app/shared_prefs/multidex.version.xml
Filename /data/data/com.jd.wxsq.app/shared_prefs/com.jd.wxsq.app_preferences.xml
Filename /data/data/com.jd.wxsq.app/shared_prefs/bugly_data.xml
Filename /proc/cpuinfo
Network activity
Automatically placed calls and text
Placed phone calls
Sent SMS messages
Algorithm DES
Key 42, 94, 64, 75, 35, 75, 64, 33
Algorithm DES
Key 83, 40, 64, 76, 64, 76, 64, 41
Information leakage
Destination 203.205.146.45:80
Tag TAINT_IMEI / TAINT_IMSI
Data
POST /rqd/sync HTTP/1.1 wup_version: 3.0 pver: 4.0.95 bid: com.jd.wxsq.app pid: 900002438 A37:
(ASCII)
Data
504f5354202f7271642f73796e6320485454502f312e310d0a7775705f76657273696f6e3a20332e300d0a707665723a20342e302e
(RAW)
Operation send
Destination 203.205.146.45:80
Tag TAINT_IMEI / TAINT_IMSI
Data
POST /rqd/sync HTTP/1.1 wup_version: 3.0 pver: 4.0.95 bid: com.jd.wxsq.app pid: 900002438 A37:
(ASCII)
Data
504f5354202f7271642f73796e6320485454502f312e310d0a7775705f76657273696f6e3a20332e300d0a707665723a20342e302e
(RAW)
Operation send
Path /data/data/com.jd.wxsq.app/shared_prefs/com.jd.wxsq.app_preferen
Operation write
Tag TAINT_IMEI
Data (ASCII) <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="mta.qq.com.checktime" val
Data (RAW) 3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d277965732
Operation write
Tag TAINT_IMEI
Data (ASCII) <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="__MTA_DEVICE_INFO__">xj

Operation write
Tag TAINT_IMEI
Data (ASCII) <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <int name="MTA_EVENT_INDEX" value="10
Miscellaneous
Started services
2029

June 12, 2019
General information
File name 2029.apk
Other known file

None
names
MD5 hash e2c4c4853dfb417a064950a58227f715
SHA256 hash 0025fefc32ebfeb6a4cb205bede748752b25f8b35f7fcb8bccc7b4be0fbdf206
Permissions
Services
Class com.google.android.gms.analytics.CampaignTrackingService
Class com.clevertap.android.sdk.FcmTokenListenerService
Class com.traderumors.push.TradeRumorFireBaseReceiver
Hardcoded URL's

Disk activity
Accessed files
Filename /data/data/com.google.android.backup/shared_prefs/BackupTransport.backupScheduler.xml
Filename /data/data/com.google.android.inputmethod.latin.dictionarypack/shared_prefs/metadata_download_id.xml
Filename /proc/1293/stat
Filename /proc/stat
Filename /data/data/com.traderumors/shared_prefs/branch_referral_shared_pref.xml
Filename /data/backup/pending/journal2002843486.tmp
Filename /data/data/com.android.launcher/files/launcher.preferences
Filename /data/data/com.traderumors/shared_prefs/com.google.android.gms.measurement.prefs.xml
Filename /data/data/com.traderumors/shared_prefs/com.newrelic.android.agent.v1_com.traderumors.xml
Filename /data/data/com.google.android.apps.maps/files/DATA_Preferences
Filename /data/data/com.traderumors/shared_prefs/TwitterAdvertisingInfoPreferences.xml
Filename /data/data/com.android.providers.telephony/shared_prefs/preferred-apn.xml
Filename /data/backup/pending/journal749067769.tmp
Filename /data/data/com.traderumors/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8c9da725-c6cb
Filename /data/data/com.google.android.googlequicksearchbox/shared_prefs/SearchSettings.xml
Filename /sys/module/lowmemorykiller/parameters/adj
Filename /data/data/com.google.android.backup/shared_prefs/BackupTransport.restoreScheduler.xml
Filename /data/data/com.traderumors/shared_prefs/NRAnalyticAttributeStore.xml
Filename /data/data/com.traderumors/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/5CFAAF6A00DE-0001-050D-0774579ADB
Filename /data/data/com.android.email/files/deviceName
Filename /data/data/com.google.android.apps.genie.geniewidget/files/DATA_Preferences
Filename /data/data/com.traderumors/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filename /data/data/com.traderumors/shared_prefs/com.google.android.gms.analytics.prefs.xml
Filename /proc/cmdline
Filename /data/data/com.traderumors/shared_prefs/WizRocket.xml
Filename /data/data/com.android.mms/shared_prefs/_has_set_default_values.xml
Filename /data/data/com.android.calendar/shared_prefs/_has_set_default_values.xml
Filename /data/data/com.google.android.talk/shared_prefs/deviceCapabilities.xml
Filename /data/data/com.traderumors/files/nr_installation
Filename /proc/wakelocks
Filename /proc/cpuinfo
Filename /data/data/com.google.android.onetimeinitializer/shared_prefs/oti.xml
Filename /data/data/com.traderumors/shared_prefs/com.crashlytics.prefs.xml
Filename /data/data/com.traderumors/shared_prefs/prefs.xml
Filename /data/data/com.android.providers.contacts/shared_prefs/com.android.providers.contacts_preferences.xml
Filename /data/data/com.google.android.googlequicksearchbox/shared_prefs/com.google.android.googlequicksearchbox_preferences.xml
Filename /data/data/com.traderumors/shared_prefs/com.crashlytics.sdk.android:answers:settings.xml
Filename /data/data/com.android.email/shared_prefs/AndroidMail.Main.xml
Filename /proc/version
Filename /data/data/com.android.calendar/shared_prefs/com.android.calendar_preferences.xml
Filename /data/data/com.android.mms/shared_prefs/com.android.mms_preferences.xml
Filename /data/data/com.android.phone/shared_prefs/_has_set_default_values.xml
Filename /data/data/com.android.deskclock/shared_prefs/AlarmClock.xml
Filename /sys/module/lowmemorykiller/parameters/minfree
Filename /data/data/com.traderumors/shared_prefs/BNC_Server_Request_Queue.xml
Filename /data/misc/wifi/softap.conf
Filename /data/data/com.google.android.apps.uploader/shared_prefs/com.google.android.apps.uploader_preferences.xml
Filename /data/data/com.traderumors/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filename /data/data/com.traderumors/cache/tmp1559932777635.raw
Network activity
Placed phone calls
Sent SMS messages

Algorithm AES
Key 76, 50, -39, -9, -50, 16, -11, -83, 76, 50, -39, -9, -50, 16, -11, -83, 76, 50, -39, -9, -50, 16, -11, -83, 76, 50, -39, -9, -50, 16, -11, -83
Algorithm HmacSHA1
Key -35, 19, -86, 84, 17, -108, 74, 102, -72, -4, -73, 31, -16, -36, -94, -64, -4, 87, -68, 87, 97, 3, -82, -116, -56, 64, -67, 121, -123, -109,
Algorithm AES
Key 72, -40, -121, 12, -54, -83, 76, 96, -48, -38, -48, 97, 70, 44, -118, -128, -38, 81, 124, 120, 82, -29, 67, 15, -93, 48, 86, 99, -59, 4, -62
Information leakage
Miscellaneous
Started services
Service name com.clevertap.android.sdk.FcmTokenListenerService
Service name com.android.contacts.calllog.CallLogNotificationsService
Service name com.android.calendar.alerts.AlertService
Service name com.android.providers.calendar.CalendarProviderIntentService
Service name com.android.providers.downloads.DownloadService
Service name com.google.android.onetimeinitializer.OneTimeService
Service name com.android.providers.calendar.EmptyService
Service name com.android.mms.transaction.SmsReceiverService
Service name com.android.providers.media.MediaScannerService

Service name com.google.android.talk.videochat.RefreshCameraStateProcessorService
Service name com.android.phone.TelephonyDebugService
Service name com.android.email.service.EmailBroadcastProcessorService
Service name com.google.android.picasasync.ConnectivityReceiver$AsyncService
Service name com.android.exchange.ExchangeService
Service name com.android.exchange.service.ExchangeBroadcastProcessorService
2500

June 12, 2019
General information
File name 2500.apk
Other known file

None
names
MD5 hash caf6201d5adb3bc12a5f5575f8fd8537
SHA256 hash 007c13167a2f0518f72f9253b33ea97419a79854e6546a5477c6cfff7ada4322

Permissions
READ_CALL_LOG Allows an application to read the user's call log.
booting.
Services
Class com.one.speakify.listener.NotificationListener
Class com.one.speakify.TTS
Class com.one.speakify.listener.SwitchTileService
Hardcoded URL's
Disk activity
Accessed files

Network activity
Placed phone calls
Sent SMS messages
Information leakage
Miscellaneous
Started services
2509

June 12, 2019
General information
File name 2509.apk
Other known file

None
names
MD5 hash f0e2932dfeb9ea013010c34953bcc252
SHA256 hash 007df5a417ff36d6e6e0008916dfb39133932b62832e6fecedb3ed1e993c941b
Permissions
Allows an app to access approximate location derived from network location sources such as c
ACCESS_COARSE_LOCATION
towers and Wi-Fi.
ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and W
GET_TASKS Allows an application to get information about the currently or recently running tasks.
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the s

finishes booting.
SET_ALARM Allows an application to broadcast an Intent to set an alarm for the user.
Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top o
SYSTEM_ALERT_WINDOW
other applications.
BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimm
Services
Class com.startapp.android.publish.common.metaData.PeriodicMetaDataService
Class com.startapp.android.publish.common.metaData.InfoEventService
Class com.startapp.android.publish.common.metaData.PeriodicJobService
Hardcoded URL's
https://play.google.com/store/apps/details?id=com.darshitdave.deliciousrecipesoup
https://play.google.com/store/apps/developer?id=Darshit+Dave

Disk activity
Accessed files
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/StartappSplashMetadata
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/StartappAdInfoMetadata
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/StartappAdsMetadata
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/StartappCacheMetadata
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/StartappMetadata
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/StartappBannerMetadata
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/shared_prefs_sdk_ad_prefs
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/x_dark.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/logo.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/half_star.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/filled_star.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/empty_star.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/shared_prefs/com.startapp.android.publish.CookiePrefsFile.xml
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/back_dark.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/shared_prefs/com.startapp.android.publish.xml
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/close_button.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/back_.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/forward_.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/browser_icon_dark.png
Filename /data/data/com.darshitdave.deliciousrecipesoup/shared_prefs/RunnerManager.xml
Filename /data/data/com.darshitdave.deliciousrecipesoup/shared_prefs/TruenetJobKey.xml
Filename /data/data/com.darshitdave.deliciousrecipesoup/files/forward_dark.png
Network activity

Placed phone calls
Sent SMS messages

Information leakage
Miscellaneous
Started services
2514

June 12, 2019
General information
File name 2514.apk
Other known file

None
names
MD5 hash 5b71f0a43315fde83a9e3711d0b6ffa3
SHA256 hash 007ed86db63c7e34f110bdb1935fb94673632d2bbe55ea732aab550f4c161a2e
Permissions
Services
Hardcoded URL's
http://rate.ws.trsproxy.whbhk.com
http://rate.ws.trsproxy.whbhk.com/fetchRate
http://schemas.xmlsoap.org/soap/envelope/
http://services1.aastocks.com/web/whbl/AAFN.aspx?whbllanguage=chi
http://services1.aastocks.com/web/whbl/AAFN.aspx?whbllanguage=chn
http://services1.aastocks.com/web/whbl/AAFN.aspx?whbllanguage=eng
http://services1.aastocks.com/web/whbl/indices.aspx?whbllanguage=chi
http://services1.aastocks.com/web/whbl/indices.aspx?whbllanguage=chn
http://services1.aastocks.com/web/whbl/indices.aspx?whbllanguage=eng
http://services1.aastocks.com/web/whbl/Quote.aspx?WHBLLanguage=chi
http://services1.aastocks.com/web/whbl/Quote.aspx?WHBLLanguage=chn
http://services1.aastocks.com/web/whbl/Quote.aspx?WHBLLanguage=eng
https://s3-ap-southeast-1.amazonaws.com/ocbcmobileappcontent/Submission.xml
http://www.ocbcwhmac.com/applications/cms/chi/mobile_apps/modDepositRates.html
http://www.ocbcwhmac.com/applications/cms/chi/mobile_apps/promo.html
http://www.ocbcwhmac.com/applications/cms/eng/mobile_apps/modDepositRates.html
http://www.ocbcwhmac.com/applications/cms/eng/mobile_apps/promo.html
http://www.ocbcwhmac.com/applications/cms/schi/mobile_apps/modDepositRates.html
http://www.ocbcwhmac.com/applications/cms/schi/mobile_apps/promo.html
http://www.ocbcwhmac.com/chi/personal_ibanking/security_tips.html
http://www.ocbcwhmac.com/chi/privacy_
<="" td="" style="margin: 0px;">
http://www.ocbcwhmac.com/eng/personal_ibanking/security_tips.html
http://www.ocbcwhmac.com/xml/branch.xml
http://www.ocbcwhmac.com/xml/hotline.xml
http://www.w3.org/2001/XMLSchema-instance
http://www.w3.org/TR/html4/strict.dtd
Disk activity
Accessed files
Network activity
Placed phone calls
Sent SMS messages

Information leakage
Miscellaneous
Started services
3012

June 12, 2019
General information
File name 3012.apk
Other known file None

names
MD5 hash cda9da0fa75aab586441f085dc571fe5
SHA256 hash 00d4b7e7c69ea53a3f3ee9584895c9cd767bc6c44f360d3d6cb40ee285f6598e
Permissions
ACCESS_COARSE_LOCATION Allows an app to access approximate location derived from network location sources such as cell towers and
READ_SMS Allows an application to read SMS messages.
RECEIVE_MMS Allows an application to monitor incoming MMS messages, to record or perform processing on them.
RECEIVE_SMS Allows an application to monitor incoming SMS messages, to record or perform processing on them.
RECEIVE_WAP_PUSH Allows an application to monitor incoming WAP push messages.
SEND_SMS Allows an application to send SMS messages.
MAPS_RECEIVE Unknown permission
READ_GSERVICES Unknown permission
Services
Class com.google.android.gms.cast.framework.media.MediaNotificationService
Class com.google.android.gms.auth.api.signin.RevocationBoundService
Class com.google.android.gms.cast.framework.ReconnectionService
Class com.google.android.gms.tagmanager.TagManagerService
Hardcoded URL's
Disk activity
Accessed files
Network activity
Placed phone calls
Sent SMS messages
Information leakage
Miscellaneous
Started services
2047

June 12, 2019
General information
File name 2047.apk
Other known file

None
names
MD5 hash 93012c501d48eabcb51913555838d872
SHA256 hash 00296b40346f16decb98a6363ef8ec17e62f802a303b4d37abe7c52c617deb14
Permissions
Services
Hardcoded URL's
Disk activity
Accessed files
Network activity
Placed phone calls
Sent SMS messages
Information leakage
Miscellaneous
Started services
3501

June 12, 2019
General information
File name 3501.apk
Other known file

None
names
MD5 hash 81bb10777c92adb8260a3a6156c5123d
SHA256 hash 012cc14667d29e7a4bfe2919caeebd93f0db0b2775b7dffd9d1942f8ed3cad50
File size 40.5 KB
Permissions
No permissions requested.
Services
Class fr.gjandot.LWP.equalizer.simple.EqualizerLWP
Hardcoded URL's
http://schemas.android.com/apk/res/fr.gjandot.LWP.equalizer.simple
https://play.google.com/store/apps/details?id=fr.gjandot.LWP.equalizer
Disk activity
Accessed files
Network activity
Placed phone calls
Sent SMS messages
Information leakage
Miscellaneous
Started services

Apkscan

Uploaded by

Copyright:

Available Formats

Apkscan

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Apkscan

Uploaded by

Copyright:

Available Formats

2001

NVISO ApkScan malware analysis report

File name 2001.apk

Other known file

Origin Manually uploaded by anonymous user [2019-06-06 11:25:00]

MD5 hash c2d7cb824c021b4ab27aeb9f254fc804

SHA256 hash 0021a38e2a872c7c100f942d0e4ac3aaa57c346db0cad744f3babbb4259a9c8d

File size 12577.8 KB

Static malware analysis

Android manifest (AndroidManifest.xml)

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Opened network connections

Destination 93.184.219.181:443 File descriptor 32

Destination 104.106.118.172:443 File descriptor 74

Destination 104.106.118.172:443 File descriptor 116

Destination 104.106.118.172:443 File descriptor 108

Destination 104.106.118.172:443 File descriptor 92

Destination 104.106.118.172:443 File descriptor 104

Destination 93.184.219.181:443 File descriptor 173

Destination 93.184.219.181:443 File descriptor 177

Destination 104.106.118.172:443 File descriptor 78

Destination 104.106.118.172:443 File descriptor 76

Destination 104.106.118.172:443 File descriptor 72

Destination 104.106.118.172:443 File descriptor 99

Destination 104.106.118.172:443 File descriptor 110

Destination 104.106.118.172:443 File descriptor 127

Destination 104.106.118.172:443 File descriptor 102

Destination 93.184.219.181:443 File descriptor 180

Destination 93.184.219.181:443 File descriptor 56

Destination 93.184.219.181:443 File descriptor 60

Destination 104.106.118.172:443 File descriptor 95

Destination 52.2.31.145:443 File descriptor 168

Destination 104.106.118.172:443 File descriptor 123

Destination 104.106.118.172:443 File descriptor 106

Destination 100.26.135.0:443 File descriptor 155

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

No text messages were placed automatically.

Used encryption keys

No cryptographic activity detected.

Data (RAW) com.google.android.ads.zxxz.l

Data (RAW) com.google.android.ads.zxxz.m

Data (RAW) com.google.android.ads.zxxz.c

Data (RAW) com.google.android.ads.zxxz.t

Data (RAW) com.google.android.ads.zxxz.i

Data (RAW) com.google.android.ads.zxxz.e

Data (RAW) com.google.android.ads.zxxz.d

Data (RAW) com.google.android.ads.zxxz.r

Data (RAW) com.google.android.ads.zxxz.g

Data (RAW) com.google.android.ads.zxxz.p

Data (RAW) com.google.android.ads.zxxz.q

Data (RAW) com.google.android.ads.zxxz.w

Data (RAW) com.google.android.ads.zxxz.v