0% found this document useful (0 votes)

592 views124 pages

Malware Analysis: 2001.apk Report

The document summarizes the analysis of an Android application file called 2001.apk. The summary includes: 1) Static analysis found no requested permissions or registered services. Dynamic analysis found the app accessed files and made network connections related to advertising. 2) No phone calls or texts were placed automatically. Cryptographic analysis detected decryption of data using AES encryption related to advertising libraries. 3) In summary, the app appears to be focused on advertising with no detected malicious behavior.

Uploaded by

Gabru Gang

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

592 views124 pages

Malware Analysis: 2001.apk Report

Uploaded by

Gabru Gang

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

2001

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash c2d7cb824c021b4ab27aeb9f254fc804

SHA256 hash 0021a38e2a872c7c100f942d0e4ac3aaa57c346db0cad744f3babbb4259a9c8d

File size 12577.8 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
No permissions requested.

Services
No services registered.

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's
No hardcoded URLs identified in source code.

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the applica
can result in our report showing a different screen than the one you would see when starting the application.

Disk activity

Accessed files

Filename /data/data/[Link]/files/StartappMetadata

Filename /data/data/[Link]/files/StartappAdInfoMetadata

Filename /data/data/[Link]/files/back_.png

Filename /data/data/[Link]/files/StartappSplashMetadata

Filename /data/data/[Link]/files/shared_prefs_sdk_ad_prefs

Filename /data/data/[Link]/files/StartappAdsMetadata

Filename /data/data/[Link]/files/forward_dark.png

Filename /data/data/[Link]/files/forward_.png

Filename /data/data/[Link]/files/StartappCacheMetadata

Filename /data/data/[Link]/files/back_dark.png

Filename /data/data/[Link]/files/half_star.png

Filename /dev/urandom

Filename /proc/1214/cmdline
Filename /data/data/[Link]/files/x_dark.png

Filename /proc/692/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/anr/[Link]

Filename /data/data/[Link]/files/StartappBannerMetadata

Filename /data/data/[Link]/cache/[Link]

Filename /proc/462/cmdline

Filename /data/data/[Link]/files/browser_icon_dark.png

Filename /data/data/[Link]/files/[Link]

Filename /data/data/[Link]/files/empty_star.png

Filename /proc/630/cmdline

Filename pipe:[5225]

Filename /proc/511/cmdline

Filename /proc/1133/cmdline

Filename /proc/1301/cmdline

Filename pipe:[5074]

Filename /data/data/[Link]/files/filled_star.png

Filename /proc/3/cmdline

Filename /proc/7/cmdline

Filename /proc/781/cmdline

Filename /proc/1080/cmdline

Filename pipe:[5238]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/45/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/29/cmdline

Filename /proc/271/cmdline

Filename /proc/490/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/11/cmdline

Filename /proc/35/cmdline

Filename /proc/meminfo

Filename /data/data/[Link]/shared_prefs/google_ads_flags_meta.xml

Filename /proc/8/cmdline

Filename /data/data/[Link]/files/close_button.png

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/4/cmdline

Filename /proc/14/cmdline

Filename /proc/12/cmdline

Filename /proc/24/cmdline

Filename /proc/350/cmdline
Filename /proc/1062/cmdline

Filename /proc/5/cmdline

Filename /proc/30/cmdline

Filename /proc/270/cmdline

Filename /proc/9/cmdline

Filename /data/data/[Link]/shared_prefs/_dis_play.xml

Filename /proc/37/cmdline

Filename /proc/1400/cmdline

Filename /proc/1176/cmdline

Filename /proc/1256/cmdline

Filename /proc/1230/cmdline

Filename /data/data/[Link]/shared_prefs/_dis_data.xml

Filename /proc/26/cmdline

Filename /proc/39/cmdline

Filename /proc/33/cmdline

Filename /proc/575/cmdline

Filename /proc/41/cmdline

Filename /proc/672/cmdline

Filename /data/data/[Link]/cache/[Link]

Filename /proc/6/cmdline

Filename /proc/13/cmdline

Filename /proc/1297/cmdline

Filename /proc/40/cmdline

Filename /proc/1284/cmdline

Filename /proc/477/cmdline

Filename /proc/34/cmdline

Filename /proc/1242/cmdline

Filename /proc/1120/cmdline

Filename /proc/2/cmdline

Filename /proc/1299/cmdline

Filename /proc/25/cmdline

Filename /dev/input/event0

Filename /data/data/[Link]/cache/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /proc/272/cmdline

Filename /proc/28/cmdline

Filename /proc/802/cmdline

Filename /proc/46/cmdline

Filename /proc/824/cmdline
Filename /proc/42/cmdline

Filename /proc/658/cmdline

Filename /proc/596/cmdline

Filename /proc/734/cmdline

Filename /proc/10/cmdline

Filename /proc/27/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Network activity

Opened network connections

Destination [Link]:443 File descriptor 32

Destination [Link]:443 File descriptor 74

Destination [Link]:443 File descriptor 116

Destination [Link]:443 File descriptor 108

Destination [Link]:443 File descriptor 92

Destination [Link]:443 File descriptor 104

Destination [Link]:443 File descriptor 173

Destination [Link]:443 File descriptor 177

Destination [Link]:443 File descriptor 78

Destination [Link]:443 File descriptor 76

Destination [Link]:443 File descriptor 72

Destination [Link]:443 File descriptor 99

Destination [Link]:443 File descriptor 110

Destination [Link]:443 File descriptor 127

Destination [Link]:443 File descriptor 102

Destination [Link]:443 File descriptor 180

Destination [Link]:443 File descriptor 56

Destination [Link]:443 File descriptor 60

Destination [Link]:443 File descriptor 95

Destination [Link]:443 File descriptor 168

Destination [Link]:443 File descriptor 123

Destination [Link]:443 File descriptor 106

Destination [Link]:443 File descriptor 155

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29

Encryption operations

No cryptographic activity detected.

Decryption operations

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].l

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].m

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].c

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].t

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].i

Algorithm AES/CBC/PKCS5Padding
Data (ASCII)

Data (RAW) [Link].e

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].d

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].r

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].g

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].p

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].q

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].w

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].v

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].o

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].b

Algorithm AES/CBC/PKCS5Padding
Data (ASCII)

Data (RAW) [Link].n

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].f

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].j

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].h

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].k

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].u

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].s

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].a

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 2420 KB)

report overview | terms & conditions | support & feedback | [Link]

2002

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 057a26ff44942dfb43915fc4df9ecc94

SHA256 hash 0021aa5acef5cadfb742e31574b428b4df5b14677c240c10e65405368d5e2963

File size 20426.9 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

BLUETOOTH Allows applications to connect to paired bluetooth devices

INTERNET Allows applications to open network sockets.

READ_PHONE_STATE Allows read only access to phone state.

Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishe
RECEIVE_BOOT_COMPLETED
booting.

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

Services
Class [Link]

Class [Link]

Virus Total scan results

None of the 62 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename /proc/45/cmdline

Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename pipe:[4979]

Filename /proc/1235/cmdline

Filename /proc/1144/cmdline

Filename /proc/3/cmdline

Filename /proc/30/cmdline

Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename /proc/28/cmdline

Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename /proc/1323/cmdline

Filename /proc/40/cmdline

Filename /proc/1306/cmdline

Filename /data/anr/[Link]

Filename /proc/273/cmdline
Filename /proc/272/cmdline

Filename /proc/1131/cmdline

Filename /proc/1308/cmdline

Filename /proc/793/cmdline

Filename /proc/12/cmdline

Filename /proc/33/cmdline

Filename /proc/635/cmdline

Filename /proc/1/cmdline

Filename /proc/13/cmdline

Filename /proc/1262/cmdline

Filename /proc/10/cmdline

Filename /proc/8/cmdline

Filename /proc/1248/cmdline

Filename /proc/37/cmdline

Filename pipe:[4720]

Filename /proc/1219/cmdline

Filename /proc/738/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/26/cmdline

Filename /proc/576/cmdline

Filename /proc/1290/cmdline

Filename /proc/478/cmdline

Filename /proc/598/cmdline

Filename /proc/5/cmdline

Filename /proc/9/cmdline

Filename /proc/351/cmdline

Filename /proc/832/cmdline

Filename /proc/35/cmdline

Filename /proc/926/cmdline

Filename /proc/1303/cmdline

Filename /proc/34/cmdline

Filename /proc/47/cmdline

Filename /proc/6/cmdline

Filename /proc/514/cmdline

Filename /proc/24/cmdline

Filename /proc/29/cmdline

Filename /proc/1090/cmdline

Filename /proc/11/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename pipe:[4984]

Filename /data/data/[Link]/shared_prefs/[Link]
Filename /proc/41/cmdline

Filename /proc/42/cmdline

Filename /proc/809/cmdline

Filename /proc/14/cmdline

Filename /proc/39/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /proc/1040/cmdline

Filename /proc/27/cmdline

Filename /proc/271/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/2/cmdline

Filename /proc/497/cmdline

Filename /proc/655/cmdline

Filename /proc/463/cmdline

Filename /proc/7/cmdline

Filename /dev/input/event0

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/25/cmdline

Filename /proc/4/cmdline

Filename /proc/1358/cmdline

Filename /proc/695/cmdline

Filename /proc/1175/cmdline

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 1652 KB)

report overview | terms & conditions | support & feedback | [Link]

2003

NVISO ApkScan malware analysis report

June 12, 2019
General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 1604dd0175da6926f4d75876b60d347c

SHA256 hash 0021eeeb86de8e160d26c01a33e5b113dd7aed4c3c219c227b0927e363669a04

File size 5133.17 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

Allows an application to initiate a phone call without going through the Dialer user interface for the us
CALL_PHONE
confirm the call being placed.

CAMERA Required to be able to access the camera device.

FLASHLIGHT Allows access to the flashlight

INTERNET Allows applications to open network sockets.

READ_CONTACTS Allows an application to read the user's contacts data.

READ_EXTERNAL_STORAGE Allows an application to read from external storage.

READ_HISTORY_BOOKMARKS Allows an application to read (but not write) the user's browsing history and bookmarks.

READ_PHONE_STATE Allows read only access to phone state.

BILLING Unknown permission

C2D_MESSAGE Unknown permission

RECEIVE Unknown permission

WRITE_USE_APP_FEATURE_SURVEY Unknown permission

VIBRATE Allows access to the vibrator

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

WRITE_CONTACTS Allows an application to write (but not read) the user's contacts data.

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

Services
Class [Link]

Class [Link]

Virus Total scan results

None of the 62 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files
Filename /data/data/[Link]/files/.Fabric/[Link]:answers/session_analytics.tap

Filename /dev/urandom

Filename /data/data/[Link]/files/.Fabric/[Link]:answers/session_analytics_to_send/sa_7cee1975-7faa-

Filename /data/data/[Link]/shared_prefs/[Link]-core:[Link]

Filename /data/data/[Link]/files/.Fabric/[Link]:answers/session_analytics_to_send/sa_7d92c416-7051-

Filename /data/data/[Link]/cache/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/meminfo

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1323/cmdline

Filename /proc/1306/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /data/data/[Link]/files/.Fabric/[Link]:answers/session_analytics.[Link]

Filename /data/data/[Link]/shared_prefs/[Link].browser_preferences.xml

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/files/.Fabric/[Link]-core/5CF8E24100CF-0001-051A-7C983D280B3

Filename /proc/1278/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1427/cmdline

Filename /proc/1263/cmdline

Filename /proc/1425/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]:answers:[Link]

Filename /proc/1325/cmdline

Filename /proc/1251/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1404/cmdline

Filename /data/data/[Link]/cache/[Link]

Filename /proc/1317/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /dev/input/event0

Network activity

Opened network connections

Destination [Link]:443 File descriptor 46

Destination [Link]:443 File descriptor 71

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key 4, 103, -30, 65, -64, 8, 86, -111, 39, -2, 110, -18, 84, -7, 44, 1

Encryption operations

No cryptographic activity detected.

Decryption operations

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].b

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].j

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].l

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].f

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].o

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)
Data (RAW) [Link].m

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].e

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].c

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].h

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].k

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].d

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].n

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].i

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)
Data (RAW) [Link].g

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 716 KB)

report overview | terms & conditions | support & feedback | [Link]

2004

NVISO ApkScan malware analysis report

June 12, 2019

General information
File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 3d1cfbdfddc21b37e38d2c5476fceb36

SHA256 hash 0021f3ef074c48008d6af273bf5e1ad4aec38710f64bc37b8cd55fd757f20388

File size 4161.49 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

Allows an application to initiate a phone call without going through the Dialer user interface for the user to co
CALL_PHONE
the call being placed.

INTERNET Allows applications to open network sockets.

PROCESS_OUTGOING_CALLS Allows an application to monitor, modify, or abort outgoing calls.

READ_PHONE_STATE Allows read only access to phone state.

VIBRATE Allows access to the vibrator

Services
No services registered.

Virus Total scan results

Babable [Link]

Tencent [Link].a

Disassembled source code

Hardcoded URL's

[Link]

[Link]
[Link]

[Link]

[Link]
[Link]

[Link]

[Link] fo...

[Link]

[Link]
[Link]

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link].FM92Pattaya/code_cache/secondary-dexes/[Link].FM92Pat

Filename /proc/1270/cmdline

Filename /data/data/[Link].FM92Pattaya/files/[Link]/app_loads_2/1.1559815112461.000000002

Filename /proc/1328/cmdline

Filename /proc/1316/cmdline

Filename /data/data/[Link].FM92Pattaya/shared_prefs/[Link]

Filename /data/data/[Link].FM92Pattaya/shared_prefs/[Link].936d0271f7f44f3284830bcf9ff

Filename /data/data/[Link].FM92Pattaya/files/[Link]/network_statistics/1.1559815112461.00000000

Filename /proc/1309/cmdline

Filename /dev/input/event0

Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000010

Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000005

Filename /proc/1314/cmdline

Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000012

Filename /proc/meminfo

Filename /dev/urandom

Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000006

Filename /proc/1227/cmdline

Filename /proc/1254/cmdline

Filename /proc/1380/cmdline
Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000001

Filename /data/data/[Link].FM92Pattaya/files/[Link]/finished_txns/1.1559815112461.000000003

Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000009

Filename /data/data/[Link].FM92Pattaya/shared_prefs/[Link]

Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000011

Filename /data/data/[Link].FM92Pattaya/files/[Link]/breadcrumbs/1.1559815112461.000000004

Filename /data/data/[Link].FM92Pattaya/shared_prefs/[Link].936d0271f7f44f3284830bcf9ffecb1b0055

Filename /proc/1242/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /data/data/[Link].FM92Pattaya/shared_prefs/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1298/cmdline

Network activity

Opened network connections

Destination [Link]:443 File descriptor 37

Destination [Link]:443 File descriptor 43

Destination [Link]:443 File descriptor 46

Destination [Link]:443 File descriptor 71

Destination [Link]:443 File descriptor 57

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 513 KB)

report overview | terms & conditions | support & feedback | [Link]

2005

NVISO ApkScan malware analysis report

June 12, 2019

General information
File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash d8c0194c815764494963847d191b36b4

SHA256 hash 0021fa5d4214c97cbaae6c411ebeee3b21907ebb3388d58575c560a3a32daf56

File size 13003.9 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_COARSE_LOCATION Allows an app to access approximate location derived from network location sources such as cell towers and

ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.

ACCESS_NETWORK_STATE Allows applications to access information about networks

INTERNET Allows applications to open network sockets.

BADGE_COUNT_READ Unknown permission

BADGE_COUNT_WRITE Unknown permission

BROADCAST_BADGE Unknown permission

C2D_MESSAGE Unknown permission

CHANGE_BADGE Unknown permission

PROVIDER_INSERT_BADGE Unknown permission

READ Unknown permission

READ_APP_BADGE Unknown permission

READ_SETTINGS Unknown permission

RECEIVE Unknown permission

UPDATE_BADGE Unknown permission

UPDATE_COUNT Unknown permission

UPDATE_SHORTCUT Unknown permission

WRITE Unknown permission

VIBRATE Allows access to the vibrator

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

WRITE_SETTINGS Allows an application to read or write the system settings.

Services
Class [Link]

Class [Link]

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

[Link]
[Link]

[Link]

[Link]
[Link]

[Link]

[Link]
[Link]

[Link]

[Link]
[Link]

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 732 KB)

report overview | terms & conditions | support & feedback | [Link]

2007
NVISO ApkScan malware analysis report
June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash a24f7dc87869de3103a65f1e4691c85c

SHA256 hash 00222dd7ef73137bcd28c87a189cc4b5daa738995acfd2626f7d81fdd76254cd

File size 3756.56 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

INTERNET Allows applications to open network sockets.

Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishe
RECEIVE_BOOT_COMPLETED
booting.

VIBRATE Allows access to the vibrator

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

Services
Class [Link]

Class [Link]

Class [Link]
Virus Total scan results

None of the 62 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity
Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 367 KB)

report overview | terms & conditions | support & feedback | [Link]

2008

NVISO ApkScan malware analysis report

June 12, 2019
General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash ca6fc2e32eddbe471cccd583ee85e31d

SHA256 hash 0022304b0aa44edbdce7a06b3d6fc5e2faa9c1234356e9f45881d5a55708f0f6

File size 11034.6 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

INTERNET Allows applications to open network sockets.

C2D_MESSAGE Unknown permission

RECEIVE Unknown permission

Services
Class [Link].dxsimulationfor_doublew.[Link]

Class [Link].dxsimulationfor_doublew.[Link]

Class [Link]

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /data/data/[Link].dxsimulationfor_doublew/shared_prefs/[Link]

Filename /proc/meminfo

Filename /dev/urandom

Filename /data/data/[Link].dxsimulationfor_doublew/shared_prefs/google_ads_flags_meta.xml

Filename /data/data/[Link].dxsimulationfor_doublew/shared_prefs/[Link]
Filename /data/data/[Link].dxsimulationfor_doublew/cache/[Link]

Filename /proc/1395/cmdline

Filename /proc/1256/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link].dxsimulationfor_doublew/cache/[Link]

Filename /proc/1242/cmdline

Filename /proc/1284/cmdline

Filename /data/data/[Link].dxsimulationfor_doublew/files/gaClientId

Filename /dev/input/event0

Filename /proc/1299/cmdline

Filename /proc/1297/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link].dxsimulationfor_doublew/shared_prefs/[Link]

Filename /data/data/[Link].dxsimulationfor_doublew/cache/[Link]

Filename /proc/1301/cmdline

Network activity

Opened network connections

Destination [Link]:443 File descriptor 69

Destination [Link]:443 File descriptor 97

Destination [Link]:443 File descriptor 78

Destination [Link]:443 File descriptor 71

Destination [Link]:443 File descriptor 55

Destination [Link]:443 File descriptor 73

Destination [Link]:443 File descriptor 100

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key 120, -128, -66, -43, 10, 43, 37, 47, -49, 83, 16, 72, 27, -30, -80, 33
Encryption operations

No cryptographic activity detected.

Decryption operations

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].n

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].v

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].m

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].k

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].h

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].u

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].r

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)
Data (RAW) [Link].f

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].i

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].d

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].g

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].c

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].t

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].j

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].s

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].l

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].e

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)
Data (RAW) [Link].p

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].b

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].q

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].o

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].a

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 874 KB)

report overview | terms & conditions | support & feedback | [Link]

2013
NVISO ApkScan malware analysis report
June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 0f05cec2918309edf81a991d3546e5ce

SHA256 hash 00232667898367699f013af19d3f69fa7fb1349a55e8dab480b84dc722f2415f

File size 9355.29 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

INTERNET Allows applications to open network sockets.

READ_EXTERNAL_STORAGE Allows an application to read from external storage.

BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission

C2D_MESSAGE Unknown permission

RECEIVE Unknown permission

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimm

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

Services
Class [Link]

Class [Link]
Class [Link]

Class [Link]

Virus Total scan results

None of the 61 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files
Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/files/[Link]

Filename /proc/14/cmdline

Filename /proc/46/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1287/cmdline

Filename /proc/1097/cmdline

Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename /proc/10/cmdline

Filename pipe:[5370]

Filename /proc/45/cmdline

Filename /proc/1228/cmdline

Filename /data/data/[Link]/files/[Link]

Filename /data/data/[Link]/shared_prefs/[Link].aepd9tdSVxUyUmIcgHM19nAb4-Fo

Filename /proc/1289/cmdline

Filename /proc/34/cmdline

Filename /proc/3/cmdline

Filename /data/data/[Link]/files/[Link]

Filename /proc/273/cmdline

Filename /proc/28/cmdline

Filename /proc/35/cmdline

Filename /proc/352/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1271/cmdline

Filename /dev/urandom

Filename /proc/832/cmdline

Filename /proc/41/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename pipe:[5177]

Filename /proc/579/cmdline

Filename pipe:[5406]

Filename /data/data/[Link]/cache/[Link]

Filename /data/data/[Link]/files/[Link]

Filename /proc/272/cmdline

Filename /proc/1406/cmdline

Filename /proc/939/cmdline

Filename /proc/26/cmdline

Filename /proc/1028/cmdline

Filename /proc/42/cmdline

Filename /proc/1082/cmdline
Filename /proc/6/cmdline

Filename /proc/1146/cmdline

Filename /proc/463/cmdline

Filename /proc/1282/cmdline

Filename /data/data/[Link]/shared_prefs/[Link].Effects_preferences.xml

Filename /proc/5/cmdline

Filename /proc/4/cmdline

Filename /proc/29/cmdline

Filename /proc/663/cmdline

Filename /proc/12/cmdline

Filename /proc/11/cmdline

Filename /proc/635/cmdline

Filename /proc/735/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/39/cmdline

Filename /proc/24/cmdline

Filename /proc/2/cmdline

Filename /data/anr/[Link]

Filename /proc/7/cmdline

Filename /proc/490/cmdline

Filename pipe:[5815]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename pipe:[5806]

Filename /proc/783/cmdline

Filename /proc/9/cmdline

Filename /proc/8/cmdline

Filename /proc/1351/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1243/cmdline

Filename /dev/input/event0

Filename /proc/586/cmdline

Filename /proc/33/cmdline

Filename /proc/478/cmdline

Filename /proc/40/cmdline

Filename /proc/1296/cmdline

Filename /proc/25/cmdline

Filename /proc/1/cmdline

Filename /proc/513/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1313/cmdline
Filename /proc/27/cmdline

Filename /data/tombstones/tombstone_01

Filename /proc/1014/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/meminfo

Filename /proc/13/cmdline

Filename /proc/37/cmdline

Filename /proc/30/cmdline

Filename /proc/1430/cmdline

Filename /proc/274/cmdline

Filename /proc/1133/cmdline

Filename /data/data/[Link]/cache/[Link]

Filename /proc/1187/cmdline

Filename /data/tombstones/tombstone_02

Network activity

Opened network

connections

Destination [Link]:443 File descriptor 130

Destination [Link]:443 File descriptor 168

Destination [Link]:443 File descriptor 163

Destination [Link]:443 File descriptor 166

Destination [Link]:443 File descriptor 194

Destination [Link]:443 File descriptor 132

Destination [Link]:443 File descriptor 93

Destination [Link]:443 File descriptor 65

Destination [Link]:443 File descriptor 184

Destination [Link]:443 File descriptor 196

Destination [Link]:443 File descriptor 170

Destination [Link]:443 File descriptor 152

Destination [Link]:443 File descriptor 187

Destination [Link]:443 File descriptor 109

Destination [Link]:443 File descriptor 106

Destination [Link]:443 File descriptor 149

Destination [Link]:49840 File descriptor 46

Destination [Link]:443 File descriptor 66

Destination [Link]:443 File descriptor 123

Destination [Link]:443 File descriptor 68

Destination [Link]:44866 File descriptor 89

Destination [Link]:443 File descriptor 139

Destination [Link]:443 File descriptor 97

Destination [Link]:443 File descriptor 117

Destination [Link]:443 File descriptor 64

Destination [Link]:443 File descriptor 141

Destination [Link]:443 File descriptor 175

Destination [Link]:443 File descriptor 116

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29

Encryption operations

No cryptographic activity detected.

Decryption operations

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].i

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].r

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].m

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].g

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].v

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].n

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].t

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].j

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].d

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].c

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].e

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].o

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].w

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].s

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].b

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].p

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].l

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].q

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].u

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].h

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].k

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].f

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]$Service

Output generated by ADB logcat

Download ADB logcat file (text format - 1510 KB)

report overview | terms & conditions | support & feedback | [Link]

2014

NVISO ApkScan malware analysis report

June 12, 2019
General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash cc4939970402b5f30051b005321191c8

SHA256 hash 002349ae0e9df749645a37dce2ee734ffae1cc6ab459d579293647114a992a2f

File size 3480.51 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

INTERNET Allows applications to open network sockets.

Services
No services registered.

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 15 KB)

report overview | terms & conditions | support & feedback | [Link]

2017

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 228571290f1fdfd70ed1bd3028f45161

SHA256 hash 0023bd739ada3bc08d6cfe35fbb35cc2d29c6d705ca53b3d1785b2b76adea743

File size 3772.55 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

INTERNET Allows applications to open network sockets.

SET_WALLPAPER Allows applications to set the wallpaper

C2D_MESSAGE Unknown permission

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

WRITE_SETTINGS Allows an application to read or write the system settings.

Services
Class [Link]

Class [Link]

Virus Total scan results

None of the 57 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link]/cache/picasso-cache/[Link]

Filename /data/data/[Link]/shared_prefs/[Link].bridew_preferences.xml

Filename /data/data/[Link]/cache/picasso-cache/[Link]

Filename /proc/meminfo

Filename /data/data/[Link]/cache/picasso-cache/journal

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /data/data/[Link]/cache/picasso-cache/[Link]

Filename /proc/1314/cmdline

Filename /proc/1309/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1316/cmdline

Filename /proc/1298/cmdline

Filename /data/data/[Link]/cache/picasso-cache/[Link]

Filename /dev/input/event0

Filename /proc/1368/cmdline

Network activity
Opened network

connections

Destination [Link]:80 File descriptor 19

Destination [Link]:80 File descriptor 23

Destination [Link]:80 File descriptor 47

Destination [Link]:80 File descriptor 57

Destination [Link]:80 File descriptor 75

Destination [Link]:80 File descriptor 45

Destination [Link]:80 File descriptor 61

Destination [Link]:80 File descriptor 52

Destination [Link]:80 File descriptor 63

Destination [Link]:80 File descriptor 70

Destination [Link]:80 File descriptor 78

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

16, 58, -35, 121, -41, -99, -64, 103, -35, 122, -9, 95, 122, 87, -99, 125, -21, 31, 108, 58, -35, 121, -41, -99, -64, 103, -61, -83, -41, -9
Key
-36

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 1897 KB)

report overview | terms & conditions | support & feedback | [Link]

2022

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 452f20072d62e0ca4ee4b59155c7e25c

SHA256 hash 0024f07a847a09808233beb77960e4adbb900773efee67f1352926c771bac3ce

File size 3036.52 KB

Worker NVISO_API_KALI_01
Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

INTERNET Allows applications to open network sockets.

Services
No services registered.

Virus Total scan results

None of the 62 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link] for instructions

[Link] for details

[Link]

[Link]
[Link]

[Link]

[Link]
[Link]

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

This most likely means that your application did not run correctly on our test device.
Our test devices run Android 4.1 Jelly Bean (API level 16), and currently do not support hardware OpenGL acceleration.
Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 375 KB)

report overview | terms & conditions | support & feedback | [Link]

2023

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 55f5abcc115a6b8ead7514dc87a68229

SHA256 hash 00253083a5c2c93fe9bcaf6a4dfc0a5819b622f98a43faf7451d0d7d9f998d7b

File size 3802.71 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

INTERNET Allows applications to open network sockets.

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

WRITE_SETTINGS Allows an application to read or write the system settings.

Services
Class [Link]

Class [Link].Audio245379_PlaylistManager

Class [Link]

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link]/cache/image_manager_disk_cache/d1aef840371ecdb969c286eda7c66d55c2602f3

Filename /proc/1299/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/meminfo

Filename /data/data/[Link]/cache/image_manager_disk_cache/68884a175f1c63ff3fff24a2a608400fae65706bb

Filename /data/data/[Link]/cache/image_manager_disk_cache/8cdf8c8da1292296042f98b1280b15b55609c0

Filename /data/data/[Link]/cache/[Link]

Filename /data/data/[Link]/cache/image_manager_disk_cache/journal

Filename /dev/input/event0

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /data/data/[Link]/cache/image_manager_disk_cache/a6e4376bd62947c152431e44ca35ff3e0ad5f7c

Filename /data/data/[Link]/cache/image_manager_disk_cache/aaf8f6b421d7a95008a81b31ad4c50fe971df55

Filename /data/data/[Link]/cache/image_manager_disk_cache/fabdf7efe32c74a4b24bb4fcd6f8698e5e5245c3

Filename /data/data/[Link]/cache/[Link]

Filename /dev/urandom

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1474/cmdline

Filename /proc/1316/cmdline

Filename /data/data/[Link]/cache/[Link]
Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/shared_prefs/google_ads_flags_meta.xml

Filename /proc/1407/cmdline

Filename /data/data/[Link]/cache/image_manager_disk_cache/95374a526d6289e9999e5dea65909c95ac3fed

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/shared_prefs/[Link].brunomarsnewsongs_preferences.xml

Filename /data/data/[Link]/cache/image_manager_disk_cache/d34afcaf6fc7f2401b8d1693b0b5c47fc9c612f03

Filename /proc/1243/cmdline

Filename /data/data/[Link]/cache/image_manager_disk_cache/[Link]

Filename /proc/1270/cmdline

Filename /proc/1313/cmdline

Filename /proc/1310/cmdline

Filename /proc/1256/cmdline

Network activity

Opened network connections

Destination [Link]:443 File descriptor 44

Destination [Link]:443 File descriptor 47

Destination [Link]:443 File descriptor 73

Destination [Link]:443 File descriptor 75

Destination [Link]:443 File descriptor 50

Destination [Link]:443 File descriptor 42

Destination [Link]:443 File descriptor 55

Destination [Link]:443 File descriptor 56

Destination [Link]:443 File descriptor 68

Destination [Link]:443 File descriptor 70

Destination [Link]:443 File descriptor 67

Destination [Link]:443 File descriptor 46

Destination [Link]:443 File descriptor 63

Destination [Link]:443 File descriptor 91

Destination [Link]:443 File descriptor 76

Destination [Link]:443 File descriptor 49

Destination [Link]:443 File descriptor 40

Destination [Link]:443 File descriptor 81

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29

Encryption operations

No cryptographic activity detected.

Decryption operations

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].s

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].f

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].o

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].n

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].p

Algorithm AES/CBC/PKCS5Padding
Data (ASCII)

Data (RAW) [Link].m

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].h

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].t

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].b

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].q

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].j

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].i

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].c

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].l

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].a

Algorithm AES/CBC/PKCS5Padding
Data (ASCII)

Data (RAW) [Link].e

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].d

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].u

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].w

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].r

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].k

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].v

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].g

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 887 KB)

report overview | terms & conditions | support & feedback | [Link]

2024

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 598eac8dd7770d8a14f18b28405c4ea9

SHA256 hash 00256c7d4801fd2f6a942c2500dbea674631baff394ae588d863f8304cc5dcda

File size 3237.43 KB

Worker NVISO_API_KALI_01
Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.

ACCESS_NETWORK_STATE Allows applications to access information about networks

GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service

INTERNET Allows applications to open network sockets.

Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishe
RECEIVE_BOOT_COMPLETED
booting.

BADGE_COUNT_READ Unknown permission

BADGE_COUNT_WRITE Unknown permission

BROADCAST_BADGE Unknown permission

C2D_MESSAGE Unknown permission

CHANGE_BADGE Unknown permission

PROVIDER_INSERT_BADGE Unknown permission

READ Unknown permission

READ_APP_BADGE Unknown permission

READ_SETTINGS Unknown permission

RECEIVE Unknown permission

UPDATE_BADGE Unknown permission

UPDATE_COUNT Unknown permission

UPDATE_SHORTCUT Unknown permission

WRITE Unknown permission

VIBRATE Allows access to the vibrator

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

WRITE_SETTINGS Allows an application to read or write the system settings.

Services
Class [Link]

Class [Link]

Class [Link]
Class [Link]

Class [Link]

Virus Total scan results

None of the 59 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link]/cache/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/meminfo

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1313/cmdline

Filename /proc/1285/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1326/cmdline

Filename /data/data/[Link]/files/gaClientId

Filename /proc/1370/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /dev/urandom

Filename /proc/1331/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /dev/input/event0

Filename /data/data/[Link]/shared_prefs/google_ads_flags_meta.xml

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/shared_prefs/apprate_prefs.xml

Filename /proc/1329/cmdline
Filename /proc/1415/cmdline

Filename /data/data/[Link]/cache/[Link]

Network activity

Opened network connections

Destination [Link]:443 File descriptor 18

Destination [Link]:443 File descriptor 56

Destination [Link]:443 File descriptor 61

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key -128, -99, -29, 97, 20, 39, 71, 116, -45, -12, 6, 57, -23, 91, 47, -29

Encryption operations

No cryptographic activity detected.

Decryption operations

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].q

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].v

Algorithm AES/CBC/PKCS5Padding
Data (ASCII)

Data (RAW) a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].w

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].i

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].b

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].o

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].k

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].u

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].p

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].h

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].a

Algorithm AES/CBC/PKCS5Padding
Data (ASCII)

Data (RAW) [Link].d

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].s

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].r

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].f

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].g

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].t

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].l

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].c

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].j

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].m

Algorithm AES/CBC/PKCS5Padding
Data (ASCII)

Data (RAW) [Link].n

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].e

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 502 KB)

report overview | terms & conditions | support & feedback | [Link]

2025

NVISO ApkScan malware analysis report

June 12, 2019
General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 782da493d754be4984298e0f766d1e5e

SHA256 hash 00257149712990e6297a59555b72128de263dc30a0151573cce4a7d404990015

File size 3713.5 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

GET_TASKS Allows an application to get information about the currently or recently running tasks.

INTERNET Allows applications to open network sockets.

SYSTEM_ALERT_WINDOW Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applic

Services
No services registered.

Virus Total scan results

None of the 61 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link] for instructions

[Link] for details

[Link]

[Link]
[Link]

[Link]

[Link]
[Link]

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /proc/meminfo

Filename /proc/1296/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /dev/urandom

Filename /data/data/[Link]/cache/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /dev/input/event0

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1298/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1253/cmdline

Filename /proc/1239/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1226/cmdline

Filename /proc/1356/cmdline

Filename /proc/1294/cmdline

Filename /proc/1281/cmdline

Network activity

Opened network connections

Destination [Link]:443 File descriptor 35

Destination [Link]:443 File descriptor 38

Destination [Link]:443 File descriptor 48

Destination [Link]:443 File descriptor 77

Destination [Link]:443 File descriptor 42

Destination [Link]:443 File descriptor 32

Destination [Link]:443 File descriptor 64

Destination [Link]:443 File descriptor 52

Destination [Link]:443 File descriptor 62

Destination [Link]:443 File descriptor 84

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key -120, 70, 86, 73, -27, -67, -69, -79, 99, -127, 66, -34, 104, -117, 65, 84

Encryption operations

No cryptographic activity detected.

Decryption operations

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) a

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].e

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].c

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].k

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].h

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].j

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].d

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].m

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].f

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].b

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].l

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].g

Algorithm AES/CBC/PKCS5Padding

Data (ASCII)

Data (RAW) [Link].i

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 357 KB)

report overview | terms & conditions | support & feedback | [Link]

2026

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 973560fcca2bcd5802a14ece1d7a1952

SHA256 hash 00259c214fc271380d2e6fa90c6cf4c81b5e012d7eebd4558c604d1ec9c7da2b

File size 13635.8 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

CAMERA Required to be able to access the camera device.

INTERNET Allows applications to open network sockets.

READ_EXTERNAL_STORAGE Allows an application to read from external storage.

READ_PHONE_STATE Allows read only access to phone state.

SET_WALLPAPER Allows applications to set the wallpaper

SET_WALLPAPER_HINTS Allows applications to set the wallpaper hints

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

Services
No services registered.

Virus Total scan results

None of the 62 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services
No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 914 KB)

report overview | terms & conditions | support & feedback | [Link]

2027

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-06 [Link]

MD5 hash 746512851eb78ada500dd4cfeceebbbd

SHA256 hash 0025a4f4c0b514ed539e6442a225d738a7ed22bdea65a43d0130d681101ff74e

File size 14741.3 KB

Worker NVISO_API_KALI_01

Static malware analy

Android manifest (AndroidManife

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

BATTERY_STATS Allows an application to collect battery statistics

BROADCAST_STICKY Allows an application to broadcast sticky intents.

CALL_PHONE Allows an application to initiate a phone call without going through the Dialer user interface for the user

CAMERA Required to be able to access the camera device.

CHANGE_WIFI_STATE Allows applications to change Wi-Fi connectivity state

FLASHLIGHT Allows access to the flashlight

INTERNET Allows applications to open network sockets.

KILL_BACKGROUND_PROCESSES Allows an application to call killBackgroundProcesses(String).

MODIFY_AUDIO_SETTINGS Allows an application to modify global audio settings

MOUNT_UNMOUNT_FILESYSTEMS Allows mounting and unmounting file systems for removable storage.

READ_LOGS Allows an application to read the low-level system log files.

READ_PHONE_STATE Allows read only access to phone state.

RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system fi

INSTALL_SHORTCUT Unknown permission

READ_SETTINGS Unknown permission

RECEIVE_USER_PRESENT Unknown permission

UNINSTALL_SHORTCUT Unknown permission

VIBRATE Allows access to the vibrator

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

WRITE_SETTINGS Allows an application to read or write the system settings.

Services
Class [Link]

Class [Link]

Virus Total scan results

SymantecMobileInsight AppRisk:Generisk

Disassembled source cod

Hardcoded URL's

[Link]

[Link]
Dynamic malware anal

Screenshot or animated GIF of the analy

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the ap

Disk activity

Accessed files

Filename pipe:[3724]

Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename /proc/1344/cmdline

Filename /data/data/[Link]/shared_prefs/umeng_general_config.xml

Filename /proc/1295/cmdline

Filename /data/data/[Link]/files/nuwa/[Link]

Filename /data/data/[Link]/shared_prefs/share_data.xml

Filename /data/data/[Link]/code_cache/secondary-dexes/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/meminfo

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1410/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1342/cmdline

Filename pipe:[3719]
Filename /data/data/[Link]/shared_prefs/[Link]

Filename pipe:[3670]

Filename /data/data/[Link]/shared_prefs/[Link].app_preferences.xml

Filename /data/data/[Link]/shared_prefs/bugly_data.xml

Filename /proc/1337/cmdline

Filename /proc/1281/cmdline

Filename /proc/cpuinfo

Filename /proc/1324/cmdline

Filename /dev/input/event0

Filename /proc/1269/cmdline

Filename pipe:[3671]

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /dev/urandom

Network activity

Opened network connections

Destination [Link]:80 File descriptor 50

Destination [Link]:80 File descriptor 71

Destination [Link]:80 File descriptor 81

Automatically placed calls and text

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm DES

Key 42, 94, 64, 75, 35, 75, 64, 33

Algorithm DES

Key 83, 40, 64, 76, 64, 76, 64, 41

Encryption operations
No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

Destination [Link]:80

Tag TAINT_IMEI / TAINT_IMSI

Data
POST /rqd/sync HTTP/1.1 wup_version: 3.0 pver: 4.0.95 bid: [Link] pid: 900002438 A37:
(ASCII)

Data
504f5354202f7271642f73796e6320485454502f312e310d0a7775705f76657273696f6e3a20332e300d0a707665723a20342e302e
(RAW)

Operation send

Destination [Link]:80

Tag TAINT_IMEI / TAINT_IMSI

Data
POST /rqd/sync HTTP/1.1 wup_version: 3.0 pver: 4.0.95 bid: [Link] pid: 900002438 A37:
(ASCII)

Data
504f5354202f7271642f73796e6320485454502f312e310d0a7775705f76657273696f6e3a20332e300d0a707665723a20342e302e
(RAW)

Operation send

SMS information leakage

No SMS information leakage detected.

File information leakage

Path /data/data/[Link]/shared_prefs/[Link].app_preferen

Operation write

Tag TAINT_IMEI

Data (ASCII) <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="[Link]" val

Data (RAW) 3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d277965732

Path /data/data/[Link]/shared_prefs/[Link].app_preferen

Operation write

Tag TAINT_IMEI

Data (ASCII) <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="__MTA_DEVICE_INFO__">xj

Data (RAW) 3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d277965732

Path /data/data/[Link]/shared_prefs/[Link].app_preferen

Operation write

Tag TAINT_IMEI

Data (ASCII) <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <int name="MTA_EVENT_INDEX" value="10

Data (RAW) 3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d277965732

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 962 KB)

report overview | terms & conditions | support & feedback | [Link]

2029

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-07 [Link]

MD5 hash e2c4c4853dfb417a064950a58227f715

SHA256 hash 0025fefc32ebfeb6a4cb205bede748752b25f8b35f7fcb8bccc7b4be0fbdf206

File size 5661.93 KB

Worker NVISO_API_KALI_01
Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks

INTERNET Allows applications to open network sockets.

READ_EXTERNAL_STORAGE Allows an application to read from external storage.

C2D_MESSAGE Unknown permission

RECEIVE Unknown permission

VIBRATE Allows access to the vibrator

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

Services
Class [Link]

Class [Link]

Virus Total scan results

None of the 58 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/shared_prefs/metadata_download_id.xml

Filename /proc/1293/stat

Filename /proc/stat

Filename /data/data/[Link]/shared_prefs/branch_referral_shared_pref.xml

Filename /proc/45/cmdline

Filename /proc/1554/cmdline

Filename /data/backup/pending/[Link]

Filename /proc/25/cmdline

Filename /data/data/[Link]/files/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1708/cmdline

Filename /proc/1967/cmdline

Filename /proc/8/cmdline

Filename /data/data/[Link]/shared_prefs/[Link].v1_com.[Link]

Filename /data/data/[Link]/files/DATA_Preferences

Filename /proc/meminfo

Filename /proc/26/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/shared_prefs/[Link]
Filename /proc/1250/cmdline

Filename /proc/1/cmdline

Filename /data/backup/pending/[Link]

Filename /dev/input/event0

Filename /data/data/[Link]/files/.Fabric/[Link]:answers/session_analytics_to_send/sa_8c9da725-c6cb

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/tombstones/tombstone_00

Filename /proc/1304/cmdline

Filename /proc/1923/cmdline

Filename /proc/1568/cmdline

Filename /sys/module/lowmemorykiller/parameters/adj

Filename /proc/41/cmdline

Filename /dev/urandom

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1774/cmdline

Filename /proc/1380/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/42/cmdline

Filename /proc/1609/cmdline

Filename /proc/1309/cmdline

Filename /data/data/[Link]/files/.Fabric/[Link]-core/5CFAAF6A00DE-0001-050D-0774579ADB

Filename /proc/29/cmdline

Filename /data/data/[Link]/files/deviceName

Filename /proc/46/cmdline

Filename /data/data/[Link]/files/DATA_Preferences

Filename /data/data/[Link]/files/.Fabric/[Link]:answers/session_analytics.tap

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/cmdline

Filename /proc/5/cmdline

Filename /proc/1630/cmdline

Filename /proc/33/cmdline

Filename /proc/9/cmdline

Filename /proc/1311/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/28/cmdline

Filename /proc/1184/cmdline

Filename /data/data/[Link]/shared_prefs/_has_set_default_values.xml

Filename /proc/7/cmdline

Filename /proc/1237/cmdline

Filename /data/data/[Link]/shared_prefs/_has_set_default_values.xml
Filename /proc/1848/cmdline

Filename /proc/1953/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/35/cmdline

Filename /data/data/[Link]/files/nr_installation

Filename /proc/wakelocks

Filename /proc/1536/cmdline

Filename /proc/1523/cmdline

Filename /proc/1906/cmdline

Filename /proc/1379/cmdline

Filename /proc/1670/cmdline

Filename /proc/2004/cmdline

Filename /proc/cpuinfo

Filename /proc/10/cmdline

Filename /proc/14/cmdline

Filename /proc/30/cmdline

Filename /proc/2018/cmdline

Filename /proc/6/cmdline

Filename /proc/1643/cmdline

Filename /proc/27/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/40/cmdline

Filename /proc/1293/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/shared_prefs/[Link].contacts_preferences.xml

Filename /data/data/[Link]/shared_prefs/[Link].googlequicksearchbox_preferences.xml

Filename /proc/12/cmdline

Filename /proc/39/cmdline

Filename /proc/1892/cmdline

Filename /proc/2/cmdline

Filename /proc/1654/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]:answers:[Link]

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/34/cmdline

Filename /proc/1831/cmdline

Filename /proc/version

Filename /data/data/[Link]/shared_prefs/[Link].calendar_preferences.xml

Filename /data/data/[Link]/shared_prefs/[Link].mms_preferences.xml

Filename /proc/24/cmdline

Filename /data/data/[Link]/shared_prefs/_has_set_default_values.xml
Filename /proc/1936/cmdline

Filename /proc/4/cmdline

Filename /proc/13/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /sys/module/lowmemorykiller/parameters/minfree

Filename /proc/37/cmdline

Filename /proc/1222/cmdline

Filename /data/data/[Link]/shared_prefs/BNC_Server_Request_Queue.xml

Filename /proc/1264/cmdline

Filename /proc/1563/cmdline

Filename /data/misc/wifi/[Link]

Filename /proc/11/cmdline

Filename /data/data/[Link]/shared_prefs/[Link].uploader_preferences.xml

Filename /proc/1741/cmdline

Filename /proc/1797/cmdline

Filename /proc/1691/cmdline

Filename /data/data/[Link]/files/.Fabric/[Link]:answers/session_analytics.[Link]

Filename /proc/1381/cmdline

Filename /proc/3/cmdline

Filename /proc/1460/cmdline

Filename /data/data/[Link]/cache/[Link]

Filename /proc/1880/cmdline

Network activity

Opened network connections

Destination [Link]:7 File descriptor 41

Destination [Link]:443 File descriptor 66

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

Algorithm AES

Key 76, 50, -39, -9, -50, 16, -11, -83, 76, 50, -39, -9, -50, 16, -11, -83, 76, 50, -39, -9, -50, 16, -11, -83, 76, 50, -39, -9, -50, 16, -11, -83

Algorithm HmacSHA1

Key -35, 19, -86, 84, 17, -108, 74, 102, -72, -4, -73, 31, -16, -36, -94, -64, -4, 87, -68, 87, 97, 3, -82, -116, -56, 64, -67, 121, -123, -109,

Algorithm AES

Key 72, -40, -121, 12, -54, -83, 76, 96, -48, -38, -48, 97, 70, 44, -118, -128, -38, 81, 124, 120, 82, -29, 67, 15, -93, 48, 86, 99, -59, 4, -62

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Service name [Link]$AsyncService

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 816 KB)

report overview | terms & conditions | support & feedback | [Link]

2500

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-07 [Link]

MD5 hash caf6201d5adb3bc12a5f5575f8fd8537

SHA256 hash 007c13167a2f0518f72f9253b33ea97419a79854e6546a5477c6cfff7ada4322

File size 1544.39 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
BLUETOOTH Allows applications to connect to paired bluetooth devices

READ_CALL_LOG Allows an application to read the user's call log.

READ_CONTACTS Allows an application to read the user's contacts data.

READ_PHONE_STATE Allows read only access to phone state.

Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishe
RECEIVE_BOOT_COMPLETED
booting.

Services
Class [Link]

Class [Link]

Virus Total scan results

None of the 58 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services
No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 154 KB)

report overview | terms & conditions | support & feedback | [Link]

2509

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-08 [Link]

MD5 hash f0e2932dfeb9ea013010c34953bcc252

SHA256 hash 007df5a417ff36d6e6e0008916dfb39133932b62832e6fecedb3ed1e993c941b

File size 3059.73 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
Allows an app to access approximate location derived from network location sources such as c
ACCESS_COARSE_LOCATION
towers and Wi-Fi.

ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and W
ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

BLUETOOTH Allows applications to connect to paired bluetooth devices

GET_TASKS Allows an application to get information about the currently or recently running tasks.

INTERNET Allows applications to open network sockets.

Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the s

RECEIVE_BOOT_COMPLETED
finishes booting.

SET_ALARM Allows an application to broadcast an Intent to set an alarm for the user.

Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top o
SYSTEM_ALERT_WINDOW
other applications.

BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission

VIBRATE Allows access to the vibrator

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimm

Services
Class [Link]

Class [Link]

Virus Total scan results

None of the 62 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /data/data/[Link]/files/StartappSplashMetadata

Filename /data/data/[Link]/files/StartappAdInfoMetadata

Filename /data/data/[Link]/files/StartappAdsMetadata

Filename /data/data/[Link]/files/StartappCacheMetadata

Filename /data/data/[Link]/files/StartappMetadata

Filename /data/data/[Link]/files/StartappBannerMetadata

Filename /proc/1188/cmdline

Filename /data/data/[Link]/files/shared_prefs_sdk_ad_prefs

Filename /data/data/[Link]/files/x_dark.png

Filename /data/data/[Link]/files/[Link]

Filename /data/data/[Link]/files/half_star.png

Filename /proc/270/cmdline

Filename /dev/input/event0

Filename /data/data/[Link]/files/filled_star.png

Filename /proc/meminfo

Filename /proc/37/cmdline

Filename pipe:[5155]

Filename /data/data/[Link]/files/empty_star.png

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/anr/[Link]
Filename /data/data/[Link]/files/back_dark.png

Filename /proc/40/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1/cmdline

Filename /data/data/[Link]/files/close_button.png

Filename /proc/350/cmdline

Filename /proc/691/cmdline

Filename /data/data/[Link]/files/back_.png

Filename /data/data/[Link]/files/forward_.png

Filename /proc/1309/cmdline

Filename /proc/14/cmdline

Filename /data/data/[Link]/files/browser_icon_dark.png

Filename /proc/271/cmdline

Filename pipe:[5164]

Filename /proc/34/cmdline

Filename /proc/10/cmdline

Filename /proc/272/cmdline

Filename /proc/11/cmdline

Filename /proc/1269/cmdline

Filename /proc/30/cmdline

Filename /proc/463/cmdline

Filename pipe:[4990]

Filename /proc/1314/cmdline

Filename /proc/5/cmdline

Filename /proc/39/cmdline

Filename /proc/1242/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/576/cmdline

Filename /proc/783/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /data/data/[Link]/files/forward_dark.png

Filename /proc/13/cmdline

Filename /proc/1226/cmdline

Filename /proc/1403/cmdline

Filename /proc/491/cmdline

Filename /proc/733/cmdline

Filename /proc/1312/cmdline

Filename /proc/598/cmdline

Filename /proc/9/cmdline

Filename /proc/27/cmdline

Filename /proc/1255/cmdline
Filename /proc/627/cmdline

Filename /proc/25/cmdline

Filename /proc/660/cmdline

Filename /dev/urandom

Filename /proc/1298/cmdline

Filename /proc/2/cmdline

Filename /proc/24/cmdline

Filename /proc/3/cmdline

Filename /proc/6/cmdline

Filename /proc/28/cmdline

Filename /proc/8/cmdline

Filename /proc/1097/cmdline

Filename /proc/478/cmdline

Filename /proc/45/cmdline

Filename /proc/33/cmdline

Filename /proc/12/cmdline

Filename /proc/1081/cmdline

Filename /proc/4/cmdline

Filename /proc/42/cmdline

Filename /proc/46/cmdline

Filename /proc/29/cmdline

Filename /proc/26/cmdline

Filename /proc/41/cmdline

Filename /proc/674/cmdline

Filename /proc/7/cmdline

Filename /proc/825/cmdline

Filename /proc/516/cmdline

Filename /proc/1022/cmdline

Filename /proc/1134/cmdline

Filename /proc/35/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /proc/1147/cmdline

Network activity

Opened network connections

Destination [Link]:443 File descriptor 103

Destination [Link]:443 File descriptor 47

Destination [Link]:443 File descriptor 133

Destination [Link]:443 File descriptor 201

Destination [Link]:443 File descriptor 108

Destination [Link]:443 File descriptor 208

Destination [Link]:443 File descriptor 128

Destination [Link]:443 File descriptor 175

Destination [Link]:443 File descriptor 41

Destination [Link]:443 File descriptor 89

Destination [Link]:443 File descriptor 91

Destination [Link]:443 File descriptor 189

Destination [Link]:443 File descriptor 116

Destination [Link]:443 File descriptor 169

Destination [Link]:443 File descriptor 111

Destination [Link]:443 File descriptor 198

Destination [Link]:443 File descriptor 177

Destination [Link]:443 File descriptor 75

Destination [Link]:443 File descriptor 30

Destination [Link]:443 File descriptor 55

Destination [Link]:443 File descriptor 148

Destination [Link]:443 File descriptor 94

Destination [Link]:443 File descriptor 73

Destination [Link]:443 File descriptor 61

Destination [Link]:443 File descriptor 77

Destination [Link]:443 File descriptor 71

Destination [Link]:443 File descriptor 171

Destination [Link]:443 File descriptor 98

Destination [Link]:443 File descriptor 203

Destination [Link]:443 File descriptor 101

Destination [Link]:443 File descriptor 44

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 2554 KB)

report overview | terms & conditions | support & feedback | [Link]

2514

NVISO ApkScan malware analysis report

June 12, 2019
General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-08 [Link]

MD5 hash 5b71f0a43315fde83a9e3711d0b6ffa3

SHA256 hash 007ed86db63c7e34f110bdb1935fb94673632d2bbe55ea732aab550f4c161a2e

File size 1036.13 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.

INTERNET Allows applications to open network sockets.

Services
No services registered.

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

[Link]
[Link]

[Link]

[Link]
<="" td="" style="margin: 0px;">

[Link]

[Link]
Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 120 KB)

report overview | terms & conditions | support & feedback | [Link]

3012

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file None

names

Origin Manually uploaded by anonymous user [2019-06-07 [Link]

MD5 hash cda9da0fa75aab586441f085dc571fe5

SHA256 hash 00d4b7e7c69ea53a3f3ee9584895c9cd767bc6c44f360d3d6cb40ee285f6598e

File size 7590.04 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
ACCESS_COARSE_LOCATION Allows an app to access approximate location derived from network location sources such as cell towers and

ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.

ACCESS_NETWORK_STATE Allows applications to access information about networks

ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks

INTERNET Allows applications to open network sockets.

READ_CONTACTS Allows an application to read the user's contacts data.

READ_SMS Allows an application to read SMS messages.

RECEIVE_MMS Allows an application to monitor incoming MMS messages, to record or perform processing on them.

RECEIVE_SMS Allows an application to monitor incoming SMS messages, to record or perform processing on them.

RECEIVE_WAP_PUSH Allows an application to monitor incoming WAP push messages.

SEND_SMS Allows an application to send SMS messages.

C2D_MESSAGE Unknown permission

MAPS_RECEIVE Unknown permission

READ_GSERVICES Unknown permission

RECEIVE Unknown permission

WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

Services
Class [Link]

Class [Link]

Class [Link]
Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

No screenshot taken during dynamic analysis.

Since the application did not run correctly, the results in the sections below could be incomplete!

Disk activity

Accessed files

No files were accessed.

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity
Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

No services were started.

Output generated by ADB logcat

Download ADB logcat file (text format - 45 KB)

report overview | terms & conditions | support & feedback | [Link]

2047

NVISO ApkScan malware analysis report

June 12, 2019
General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-08 [Link]

MD5 hash 93012c501d48eabcb51913555838d872

SHA256 hash 00296b40346f16decb98a6363ef8ec17e62f802a303b4d37abe7c52c617deb14

File size 2203.78 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
INTERNET Allows applications to open network sockets.

WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.

Services
No services registered.

Virus Total scan results

None of the 60 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

[Link]
Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity

Accessed files

Filename /proc/1251/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1237/cmdline

Filename /proc/1334/cmdline

Filename /proc/1295/cmdline

Filename /dev/input/event0

Filename /proc/meminfo

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1224/cmdline

Filename /proc/1297/cmdline

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /proc/1293/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]
Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations

No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services
Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 350 KB)

report overview | terms & conditions | support & feedback | [Link]

3501

NVISO ApkScan malware analysis report

June 12, 2019

General information

File name [Link]

Other known file

None
names

Origin Manually uploaded by anonymous user [2019-06-08 [Link]

MD5 hash 81bb10777c92adb8260a3a6156c5123d

SHA256 hash 012cc14667d29e7a4bfe2919caeebd93f0db0b2775b7dffd9d1942f8ed3cad50

File size 40.5 KB

Worker NVISO_API_KALI_01

Static malware analysis

Android manifest ([Link])

Permissions
No permissions requested.
Services
Class [Link]

Virus Total scan results

None of the 62 scanners detected malicious behavior.

Disassembled source code

Hardcoded URL's

[Link]

Dynamic malware analysis

Screenshot or animated GIF of the analysed application

Disk activity
Accessed files

Filename /proc/1266/cmdline

Filename /proc/meminfo

Filename /proc/1240/cmdline

Filename /proc/1312/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1313/cmdline

Filename /proc/1307/cmdline

Filename /dev/input/event0

Filename /data/data/[Link].gallery3d/shared_prefs/[Link].gallery3d_preferences.xml

Filename /proc/1294/cmdline

Filename /proc/1252/cmdline

Filename /data/data/[Link]/shared_prefs/[Link]

Filename /proc/1336/cmdline

Filename /proc/1310/cmdline

Filename /proc/1225/cmdline

Network activity

Opened network connections

No network connections were opened.

Automatically placed calls and text messages

Placed phone calls

No phone calls were placed automatically.

Sent SMS messages

No text messages were placed automatically.

Cryptographic activity

Used encryption keys

No cryptographic activity detected.

Encryption operations

No cryptographic activity detected.

Decryption operations
No cryptographic activity detected.

Information leakage

Network information leakage

No network information leakage detected.

SMS information leakage

No SMS information leakage detected.

File information leakage

No file information leakage detected.

Miscellaneous

Started services

Service name [Link]

Output generated by ADB logcat

Download ADB logcat file (text format - 113 KB)

report overview | terms & conditions | support & feedback | [Link]

Android Cache and Temp File Cleanup
100% (2)
Android Cache and Temp File Cleanup
8 pages
Android System App File Sizes
100% (1)
Android System App File Sizes
38 pages
CDB
No ratings yet
CDB
40 pages
Script
No ratings yet
Script
66 pages
Apk
No ratings yet
Apk
802 pages
Samsung A10s Installed Apps Overview
No ratings yet
Samsung A10s Installed Apps Overview
10 pages
Revanced YouTube Window Manager State
No ratings yet
Revanced YouTube Window Manager State
2,289 pages
Android App Package Inventory
No ratings yet
Android App Package Inventory
8 pages
Aimbot Activation Script for HD-Player
No ratings yet
Aimbot Activation Script for HD-Player
1 page
Log
No ratings yet
Log
21 pages
Dump
No ratings yet
Dump
10 pages
Getta
No ratings yet
Getta
9 pages
UUID or GUID As Primary Keys Be Careful
100% (1)
UUID or GUID As Primary Keys Be Careful
33 pages
Disassembly of Crackme3.exe File
No ratings yet
Disassembly of Crackme3.exe File
2,506 pages
Narrowone Hack Script
0% (1)
Narrowone Hack Script
16 pages
Linux TCG Stack Design Guide
No ratings yet
Linux TCG Stack Design Guide
64 pages
Game Data and Animation Files Overview
No ratings yet
Game Data and Animation Files Overview
72 pages
16
No ratings yet
16
13 pages
Kwai Bulldog App Data Overview
No ratings yet
Kwai Bulldog App Data Overview
10 pages
Emoji Unicode Reference Guide
0% (1)
Emoji Unicode Reference Guide
23 pages
ShopeeID Media SDK Backup Files
No ratings yet
ShopeeID Media SDK Backup Files
26 pages
Clean Log
No ratings yet
Clean Log
2 pages
Folder Structure for Audio Files
No ratings yet
Folder Structure for Audio Files
1,494 pages
Android Pending Intents Analysis
No ratings yet
Android Pending Intents Analysis
442 pages
Master Server Log
No ratings yet
Master Server Log
47 pages
Dropbox
No ratings yet
Dropbox
4 pages
BypassByAlex Lua
No ratings yet
BypassByAlex Lua
2 pages
Android System Log Analysis
No ratings yet
Android System Log Analysis
26 pages
Scanning Files in 1VRecorder Directory
No ratings yet
Scanning Files in 1VRecorder Directory
37 pages
Hosts
No ratings yet
Hosts
277 pages
Android Module Metadata Logs Analysis
No ratings yet
Android Module Metadata Logs Analysis
35 pages
NaviTel Activation Key
No ratings yet
NaviTel Activation Key
80 pages
Traces
No ratings yet
Traces
11 pages
Logcat
No ratings yet
Logcat
2,528 pages
Themida - Winlicense Ultra Unpacker 1.4
100% (1)
Themida - Winlicense Ultra Unpacker 1.4
274 pages
Log
No ratings yet
Log
24 pages
Dropbox System Server Crash Analysis
No ratings yet
Dropbox System Server Crash Analysis
86 pages
FFHX
No ratings yet
FFHX
45 pages
RootId Usage and Indications List
No ratings yet
RootId Usage and Indications List
2,456 pages
Drop Box
No ratings yet
Drop Box
652 pages
Ebay Gift Code 4262 Generated
No ratings yet
Ebay Gift Code 4262 Generated
73 pages
GDC Widget Provider Configuration Logs
No ratings yet
GDC Widget Provider Configuration Logs
345 pages
Sniper Scope
No ratings yet
Sniper Scope
5 pages
UserCustom Pubg
No ratings yet
UserCustom Pubg
4 pages
Aimbot No Ban
No ratings yet
Aimbot No Ban
1 page
Cache File Sizes for Android Apps
No ratings yet
Cache File Sizes for Android Apps
97 pages
Unity Hack Tools and SDK Initialization
No ratings yet
Unity Hack Tools and SDK Initialization
20 pages
55394b75ba748d792c39dd995e189041
No ratings yet
55394b75ba748d792c39dd995e189041
574 pages
Malware Analysis Tools and Techniques
No ratings yet
Malware Analysis Tools and Techniques
20 pages
List Bloatware X Compact
No ratings yet
List Bloatware X Compact
4 pages
Updated/missing Apps: Application Name Package Name
No ratings yet
Updated/missing Apps: Application Name Package Name
18 pages
Using Command
No ratings yet
Using Command
6 pages
Keys
No ratings yet
Keys
1,360 pages
Android Package Install and Delete Logs
No ratings yet
Android Package Install and Delete Logs
213 pages
FiveM Resource List for GTA V
No ratings yet
FiveM Resource List for GTA V
6 pages
Android App Uninstallation Guide
No ratings yet
Android App Uninstallation Guide
5 pages
F
No ratings yet
F
37 pages
Android File Downloads and Cache Data
No ratings yet
Android File Downloads and Cache Data
28 pages
DrWeb Crash
No ratings yet
DrWeb Crash
6 pages
DrWeb Crash
No ratings yet
DrWeb Crash
6 pages
Cryptography Basics and Techniques
No ratings yet
Cryptography Basics and Techniques
30 pages
Cryptography and Network Security
No ratings yet
Cryptography and Network Security
24 pages
User Guide - PowerChute™ Network Shutdown
No ratings yet
User Guide - PowerChute™ Network Shutdown
71 pages
Cyber Security and Cryptography MCQs
No ratings yet
Cyber Security and Cryptography MCQs
6 pages
Open Source Forensic Tools Guide
No ratings yet
Open Source Forensic Tools Guide
131 pages
DES Vs AES Detailed Notes
No ratings yet
DES Vs AES Detailed Notes
2 pages
Shannon's Information Theory Overview
No ratings yet
Shannon's Information Theory Overview
59 pages
Chapter 2aes Handwritten
No ratings yet
Chapter 2aes Handwritten
23 pages
Lecture#3
No ratings yet
Lecture#3
61 pages
140 SP 3969
No ratings yet
140 SP 3969
27 pages
SDP Final
No ratings yet
SDP Final
11 pages
NSA Suite B Cryptography Vulnerabilities
No ratings yet
NSA Suite B Cryptography Vulnerabilities
30 pages
Data Encryption Standard Questions and Answers - Sanfoundry
No ratings yet
Data Encryption Standard Questions and Answers - Sanfoundry
6 pages
Twofish Crypto
No ratings yet
Twofish Crypto
48 pages
Hybrid AES-RSA Text Encryption
No ratings yet
Hybrid AES-RSA Text Encryption
7 pages
Question Bank-21PCM505 With Answers
No ratings yet
Question Bank-21PCM505 With Answers
13 pages
FPGA Acceleration of AES Algorithm For High-Perfor
No ratings yet
FPGA Acceleration of AES Algorithm For High-Perfor
11 pages
CNS MCQ Question Bank All
70% (10)
CNS MCQ Question Bank All
64 pages
InfyTQ Coding Questions Set 1 PDF
67% (3)
InfyTQ Coding Questions Set 1 PDF
39 pages
Example Encrypting and Decrypting: Apex Classes Reference
No ratings yet
Example Encrypting and Decrypting: Apex Classes Reference
5 pages
1 Crypto
No ratings yet
1 Crypto
324 pages
Hybrid Cryptography Algorithms For Cloud Data Security
No ratings yet
Hybrid Cryptography Algorithms For Cloud Data Security
5 pages
Modern Block Ciphers and DES Overview
No ratings yet
Modern Block Ciphers and DES Overview
62 pages
WhatsApp Database Decryption Study
No ratings yet
WhatsApp Database Decryption Study
27 pages
Symmetric-Key Ciphers Overview
No ratings yet
Symmetric-Key Ciphers Overview
73 pages
Design and Implementation of A Secure File Storage On Cloud Using Hybrid Cryptography
No ratings yet
Design and Implementation of A Secure File Storage On Cloud Using Hybrid Cryptography
17 pages
Security Laboratory Manual for CSE
No ratings yet
Security Laboratory Manual for CSE
49 pages
Ransomware Overview List
No ratings yet
Ransomware Overview List
28 pages
Cryptography in Modern World
No ratings yet
Cryptography in Modern World
7 pages
An Enhanced Advanced Encryption Standard (Eaes) Algorithm For Secure Fiber Optic Communication
No ratings yet
An Enhanced Advanced Encryption Standard (Eaes) Algorithm For Secure Fiber Optic Communication
1 page