Loading ...

Analysis Report ndYLLP35Z2

Overview

General Information

Joe Sandbox Version:24.0.0 Fire Opal
Analysis ID:736791
Start date:08.12.2018
Start time:21:28:11
Joe Sandbox Product:Cloud
Overall analysis duration:0h 9m 23s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:ndYLLP35Z2
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android x86 6.0 EEE PC
Detection:MAL
Classification:mal60.spyw.evad.and@0/257@11/0
Warnings:
Show All
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all resource files were parsed
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.
  • Report size exceeded maximum capacity and may have missing network information.

Detection

StrategyScoreRangeReportingDetection
Threshold600 - 100Report FP / FNmalicious

Classification

Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: ndYLLP35Z2virustotal: Detection: 20%Perma Link

Location Tracing:

barindex
Queries the phones location (GPS)Show sources
Source: co.octopus.mpblib.mpb.common.AdUrlGenerator;->setLocation:140API Call: android.location.Location.getLatitude
Source: co.octopus.mpblib.mpb.common.AdUrlGenerator;->setLocation:144API Call: android.location.Location.getLongitude
Source: co.octopus.mpblib.mpb.common.LocationService;->getLocationFromProvider:26API Call: android.location.LocationManager.getLastKnownLocation
Source: co.octopus.mpblib.mpb.common.LocationService;->truncateLocationLatLon:60API Call: android.location.Location.getLatitude
Source: co.octopus.mpblib.mpb.common.LocationService;->truncateLocationLatLon:65API Call: android.location.Location.getLongitude
Source: com.yandex.metrica.impl.ab;->a:16API Call: android.location.Location.getLongitude
Source: com.yandex.metrica.impl.ab;->a:19API Call: android.location.Location.getLatitude
Source: com.yandex.metrica.impl.k;->a:119API Call: android.location.Location.getLatitude
Source: com.yandex.metrica.impl.k;->a:122API Call: android.location.Location.getLongitude
Source: com.yandex.metrica.impl.y;->d:117API Call: android.location.LocationManager.getLastKnownLocation
Source: com.google.android.gms.internal.zzgn;->zza:323API Call: android.location.Location.getLatitude
Source: com.google.android.gms.internal.zzgn;->zza:325API Call: android.location.Location.getLongitude
Source: co.octopus.mpblib.mpb.network.AdRequest;->parseNetworkResponse:382API Call: android.location.Location.getLatitude
Source: co.octopus.mpblib.mpb.network.AdRequest;->parseNetworkResponse:384API Call: android.location.Location.getLongitude
Source: com.yandex.metrica.impl.ob.eb;->l:89API Call: android.telephony.TelephonyManager.getCellLocation
Source: com.yandex.metrica.impl.ob.eb;->m:95API Call: android.telephony.TelephonyManager.getCellLocation

Privilege Escalation:

barindex
Requests root accessShow sources
Source: Lcom/crashlytics/android/core/CrashlyticsController;->writeSessionOS(Ljava/lang/String;)VMethod string: "/system/xbin/su"
Source: Lcom/yandex/metrica/impl/interact/DeviceInfo$1;-><init>()VMethod string: "/system/bin/su"
Source: Lio/fabric/sdk/android/services/common/CommonUtils;->isRooted(Landroid/content/Context;)ZMethod string: "/system/xbin/su"
Source: Lio/fabric/sdk/android/services/common/CommonUtils;->getDeviceState(Landroid/content/Context;)IMethod string: "/system/xbin/su"
Source: Lcom/yandex/metrica/impl/am$a;->c()IMethod string: "/system/bin/su"

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.yandex.metrica.impl.am;->b:22API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.android.gms.internal.zzbq;->zzcZ:5API Call: android.os.Environment.getExternalStorageState
Source: com.google.android.gms.internal.zzca;-><init>:11API Call: android.os.Environment.getExternalStorageDirectory
Source: co.octopus.mpblib.mpb.mraid.MraidNativeCommandHandler$DownloadImageAsyncTask;->getPictureStoragePath:28API Call: android.os.Environment.getExternalStorageDirectory
Source: co.octopus.mpblib.mpb.mraid.MraidNativeCommandHandler;->isStorePictureSupported:34API Call: android.os.Environment.getExternalStorageState
Source: io.fabric.sdk.android.services.persistence.FileStoreImpl;->getExternalCacheDir:20API Call: android.os.Environment.getExternalStorageDirectory
Source: io.fabric.sdk.android.services.persistence.FileStoreImpl;->getExternalFilesDir:34API Call: android.os.Environment.getExternalStorageDirectory
Source: io.fabric.sdk.android.services.persistence.FileStoreImpl;->isExternalStorageAvailable:48API Call: android.os.Environment.getExternalStorageState

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.yandex.metrica.impl.k;->a:103API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.crashlytics.android.core.CrashlyticsCore;->onPreExecute:302API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.octopus.managersdk.Manager;->fetchModule:30API Call: android.net.NetworkInfo.isConnected
Source: co.octopus.mpblib.DeviceUtils;->getConnectionType:11API Call: android.net.ConnectivityManager.getNetworkInfo
Source: co.octopus.mpblib.DeviceUtils;->getConnectionType:12API Call: android.net.NetworkInfo.isConnected
Source: com.octopus.managersdk.Utils;->hasInternetConnection:10API Call: android.net.NetworkInfo.isConnected
Source: com.octopus.rtbv.DeviceUtils;->getConnectionType:11API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.octopus.rtbv.DeviceUtils;->getConnectionType:12API Call: android.net.NetworkInfo.isConnected
Source: io.fabric.sdk.android.services.common.CommonUtils;->canTryConnection:15API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: io.fabric.sdk.android.services.common.CommonUtils;->canTryConnection:16API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: co.octopus.mpblib.mpb.common.ClientMetadata;->getActiveNetworkType:58API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.yandex.metrica.impl.bm;->c:37API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.yandex.metrica.impl.bm;->d:63API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.google.android.gms.internal.zzgr$zza;->zza:50API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzgr$zza;->zza:77API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzgr$zza;->zza:78API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzgr$zza;->zza:79API Call: android.net.NetworkInfo.getDetailedState
Source: com.google.android.gms.internal.zzqy;->zzBY:23API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzqy;->zzBY:24API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.analytics.internal.zzag;->zzku:73API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.analytics.internal.zzag;->zzku:74API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.analytics.internal.zzah;->zzku:347API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.analytics.internal.zzah;->zzku:348API Call: android.net.NetworkInfo.isConnected
Source: com.octopus.managersdk.Utils;->hasInternetConnection:9API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: co.octopus.mpblib.mpb.mobileads.AdViewController;->isNetworkAvailable:95API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: co.octopus.mpblib.mpb.mobileads.AdViewController;->isNetworkAvailable:96API Call: android.net.NetworkInfo.isConnected
Source: co.octopus.mpblib.DeviceUtils;->getConnectionType:13API Call: android.net.ConnectivityManager.getNetworkInfo
Source: co.octopus.mpblib.DeviceUtils;->getConnectionType:14API Call: android.net.NetworkInfo.isConnected
Source: com.octopus.rtbv.DeviceUtils;->getConnectionType:13API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.octopus.rtbv.DeviceUtils;->getConnectionType:14API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.tagmanager.zzcl;->zzAy:13API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.tagmanager.zzcl;->zzAy:14API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.tagmanager.zzcx;->zzzX:129API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.tagmanager.zzcx;->zzzX:130API Call: android.net.NetworkInfo.isConnected
Source: co.octopus.mpblib.mpb.common.util.DeviceUtils;->isNetworkAvailable:47API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: co.octopus.mpblib.mpb.common.util.DeviceUtils;->isNetworkAvailable:48API Call: android.net.NetworkInfo.isConnected
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.3
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.198.35
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.3
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.198.35
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.3
Source: unknownTCP traffic detected without corresponding DNS query: 173.194.69.188
HTTP GET or POST without a user agentShow sources
Source: global trafficHTTP traffic detected: GET /auth/sdk/login HTTP/1.1secret: eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzZXR0aW5ncyI6eyJwYWNrYWdlIjoiY29tLnNwYXJrbGUuZmxhc2hsaWdodCIsImF1dGgiOiJodHRwOi8vc2RrLm1vYmJ0LmNvbS9hdXRoL3Nkay9sb2dpbiIsImV4cCI6NjAwLCJ0ZG9tYWluIjoiaHR0cDovL3Nkay5tb2JidC5jb20vdHJrLyIsImZycSI6MzAwLCJzeW5jIjozMDAsInNka3MiOlsicnRiIiwibXBiIl0sInNka19kYXRhIjpbeyJydGIiOnsibGlicGF0aCI6Imh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9vY3RvcHVzLXNkay9ydGJ2MTIuamFyIiwibWV0aG9kIjoiZXhlY3V0ZU1ldGhvZEMiLCJjbGFzcyI6ImNvbS5vY3RvcHVzLnJ0Yi5DQ2xhc3MiLCJwYXJhbWV0ZXJzIjp7ImZldGNoIjoiaHR0cDovL2FjdC5tb2JidC5jb20vYWN0aW9ucy9ydGIvZ2V0IiwidG8iOjEwMDAwfSwic3RvcCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kRCIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyJ9LCJzdGFydCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kQyIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyIsInBhcmFtZXRlcnMiOnsiZmV0Y2giOiJodHRwOi8vYWN0Lm1vYmJ0LmNvbS9hY3Rpb25zL3J0Yi9nZXQifX19fSx7Im1wYiI6eyJsaWJwYXRoIjoiaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL29jdC1tZWRpYS1maWxlcy9tcGJ2Mzgub21lZGlhIiwibWV0aG9kIjoic3RhcnRKb2IiLCJjbGFzcyI6Im
Source: global trafficHTTP traffic detected: GET /auth/sdk/login HTTP/1.1secret: eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzZXR0aW5ncyI6eyJwYWNrYWdlIjoiY29tLnNwYXJrbGUuZmxhc2hsaWdodCIsImF1dGgiOiJodHRwOi8vc2RrLm1vYmJ0LmNvbS9hdXRoL3Nkay9sb2dpbiIsImV4cCI6NjAwLCJ0ZG9tYWluIjoiaHR0cDovL3Nkay5tb2JidC5jb20vdHJrLyIsImZycSI6MzAwLCJzeW5jIjozMDAsInNka3MiOlsicnRiIiwibXBiIl0sInNka19kYXRhIjpbeyJydGIiOnsibGlicGF0aCI6Imh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9vY3RvcHVzLXNkay9ydGJ2MTIuamFyIiwibWV0aG9kIjoiZXhlY3V0ZU1ldGhvZEMiLCJjbGFzcyI6ImNvbS5vY3RvcHVzLnJ0Yi5DQ2xhc3MiLCJwYXJhbWV0ZXJzIjp7ImZldGNoIjoiaHR0cDovL2FjdC5tb2JidC5jb20vYWN0aW9ucy9ydGIvZ2V0IiwidG8iOjEwMDAwfSwic3RvcCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kRCIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyJ9LCJzdGFydCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kQyIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyIsInBhcmFtZXRlcnMiOnsiZmV0Y2giOiJodHRwOi8vYWN0Lm1vYmJ0LmNvbS9hY3Rpb25zL3J0Yi9nZXQifX19fSx7Im1wYiI6eyJsaWJwYXRoIjoiaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL29jdC1tZWRpYS1maWxlcy9tcGJ2Mzgub21lZGlhIiwibWV0aG9kIjoic3RhcnRKb2IiLCJjbGFzcyI6Im
Loads a webpage with cache disabledShow sources
Source: co.octopus.mpblib.mpb.mraid.MraidWebView;->enableSettings:19API Call: android.webkit.WebSettings.setCacheMode
Source: com.octopus.rtbv.RTBVWebView;->init:80API Call: android.webkit.WebSettings.setCacheMode
Opens an internet connectionShow sources
Source: io.fabric.sdk.android.services.network.HttpRequest$ConnectionFactory$1;->create:2API Call: java.net.URL.openConnection("https://settings.crashlytics.com/spi/v2/platforms/android/apps/com.sparkle.flashlight/settings?icon_hash=6cf3eb09011aac63a604f7d8f351ad9635332d57&display_version=1.31&source=4&instance=5a94a9b8a8ff6750ca569c62c0c830a49bd38cbe&build_version=31")
Source: com.yandex.metrica.impl.ob.cq;->a:4API Call: java.net.URL.openConnection("https://startup.mobile.yandex.net/analytics/startup?deviceid=&app_platform=android&protocol_version=2&analytics_sdk_version=273&analytics_sdk_version_name=2.73&model=Galaxy%20Nexus&manufacturer=samsung&os_version=4.2.1&screen_width=1024&screen_height=768&screen_dpi=160&scalefactor=1.0&locale=en_US&device_type=tablet&query_hosts=2&features=easy_collecting%2Cpackage_info%2Csocket%2Cpermissions_collecting%2Cfeatures_collecting&browsers=1&socket=1&app_id=com.sparkle.flashlight&app_debuggable=0")
Source: com.yandex.metrica.impl.ob.cq;->a:4API Call: java.net.URL.openConnection("https://report.appmetrica.yandex.net/report?deviceid=4533000b0ff1fe2450a92d6c34a1d121&uuid=b29fd78be25f2673f46c55c7cbf1ef89&analytics_sdk_version=273&client_analytics_sdk_version=273&app_version_name=1.31&app_build_number=31&os_version=4.2.1&os_api_level=23&analytics_sdk_build_number=7854&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&api_key_128=560b155f-00e5-4cd0-b8b3-e0b27887b8de&app_id=com.sparkle.flashlight&app_platform=android&protocol_version=2&model=Galaxy%20Nexus&manufacturer=samsung&screen_width=1024&screen_height=768&screen_dpi=160&scalefactor=1.0&device_type=tablet&android_id=dee2cdd8a7942efa&adv_id=6f15c563-fc1d-4649-b78d-d287051049c6")
Source: com.yandex.metrica.impl.ob.fn;->a:22API Call: java.net.URL.openConnection("https://certificate.mobile.yandex.net/api/v1/pins?app_id=com.sparkle.flashlight&app_version=1.31&manufacturer=samsung&app_platform=android_4.2.1&uuid=b29fd78be25f2673f46c55c7cbf1ef89&model=Galaxy%20Nexus")
Source: io.fabric.sdk.android.services.network.HttpRequest$ConnectionFactory$1;->create:2API Call: java.net.URL.openConnection("https://e.crashlytics.com/spi/v2/events")
Source: com.yandex.metrica.impl.ob.cq;->a:4API Call: java.net.URL.openConnection("https://report.appmetrica.yandex.net/report?deviceid=4533000b0ff1fe2450a92d6c34a1d121&uuid=b29fd78be25f2673f46c55c7cbf1ef89&analytics_sdk_version=273&client_analytics_sdk_version=273&app_version_name=1.31&app_build_number=31&os_version=4.2.1&os_api_level=23&analytics_sdk_build_number=7854&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.sparkle.flashlight&app_platform=android&protocol_version=2&model=Galaxy%20Nexus&manufacturer=samsung&screen_width=1024&screen_height=768&screen_dpi=160&scalefactor=1.0&device_type=tablet&android_id=dee2cdd8a7942efa&adv_id=6f15c563-fc1d-4649-b78d-d287051049c6")
Source: com.octopus.managersdk.Manager$GetAuthAsyncTask;->doInBackground:6API Call: java.net.URL.openConnection("http://sdk.mobbt.com/auth/sdk/login")
Source: com.octopus.managersdk.Manager$DownloadFileAsyncTask;->doInBackground:16API Call: java.net.URL.openConnection("https://oct-files.ams3.cdn.digitaloceanspaces.com/mpbv61.emedia")
Source: co.octopus.mpblib.MPB$DownloadVideoAsyncTask;->doInBackground:5API Call: java.net.URL.openConnection("https://oct-files-am.nyc3.cdn.digitaloceanspaces.com/video2.mp4")
Source: co.octopus.mpblib.MPB$GetActionsAsyncTask;->doInBackground:5API Call: java.net.URL.openConnection("http://act.mobbt.com/actions/mb/view")
Source: com.octopus.managersdk.Manager$DownloadFileAsyncTask;->doInBackground:16API Call: java.net.URL.openConnection("https://oct-files.ams3.cdn.digitaloceanspaces.com/rtbvv6b.emedia")
Source: com.octopus.managersdk.ManagerService$GetCPAAsyncTask;->doInBackground:13API Call: java.net.URL.openConnection("http://sdk.mobbt.com/trk/install/A_3c60ba70-0d06-42f7-afc9-fcd53a817a29")
Source: com.octopus.rtbv.RTBVEngine$GetActionsAsyncTask;->doInBackground:5API Call: java.net.URL.openConnection("http://act.mobbt.com/actions/rtb/get")
Source: com.octopus.rtbv.async.DownloadVastAsyncTask;->doInBackground:4API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.async.GetActionsAsyncTask;->doInBackground:5API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.async.GetBidAsyncTask;->doInBackground:5API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.async.PostAuctionAsyncTask;->doInBackground:6API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.async.PostFailureDataAsyncTask;->doInBackground:16API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.async.TrackRequestAsync;->doInBackground:18API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.common.MoPubHttpUrlConnection;->getHttpUrlConnection:27API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.common.UrlResolutionTask;->getRedirectLocation:3API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.jsoup.helper.HttpConnection$Response;->createConnection:11API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.jsoup.helper.HttpConnection$Response;->createConnection:44API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzdh;->zza:43API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzdn$zza;->zzdG:17API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzdu;->zzZ:86API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzgm;->zza:125API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzia;->zzdG:12API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzqu;->zzft:18API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzz;->zza:60API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.analytics.internal.zzah;->zzc:294API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mobileads.HtmlWebViewClient;->shouldInterceptRequest:109API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mobileads.HtmlWebViewClient;->shouldInterceptRequest:170API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mobileads.MoPubActivity$HtmlInterstitialWebViewClient;->shouldInterceptRequest:76API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mobileads.MoPubActivity$HtmlInterstitialWebViewClient;->shouldInterceptRequest:132API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mobileads.VastWebView$VastWebViewClient;->shouldInterceptRequest:82API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mobileads.VastWebView$VastWebViewClient;->shouldInterceptRequest:132API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mobileads.VideoDownloader$VideoDownloaderTask;->doInBackground:10API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.GetVastWrapper;->doInBackground:5API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.MPB$GetEventAsyncTask;->doInBackground:4API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.MPB$GetEventImpAsyncTask;->doInBackground:3API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.MPB$PostFailureDataAsyncTask;->doInBackground:42API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.MPB$PrepareMPBAsyncTask;->doInBackground:3API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.WarmUpEngine$PostDataAsyncTask;->doInBackground:17API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mraid.MraidBannerWebViewClient;->shouldInterceptRequest:60API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mraid.MraidBannerWebViewClient;->shouldInterceptRequest:101API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mraid.MraidWebView$MraidWebViewClient;->shouldInterceptRequest:106API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.mraid.MraidWebView$MraidWebViewClient;->shouldInterceptRequest:177API Call: java.net.URL.openConnection (not executed)
Source: io.fabric.sdk.android.services.network.HttpRequest$ConnectionFactory$1;->create:3API Call: java.net.URL.openConnection (not executed)
Source: okhttp3.internal.platform.AndroidPlatform;->connectSocket:37API Call: java.net.Socket.connect (not executed)
Source: okhttp3.internal.platform.Platform;->connectSocket:42API Call: java.net.Socket.connect (not executed)
Source: com.octopus.rtbv.RTBVWebView$CustomWebViewClient;->followRedirects:9API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.RTBVWebView$CustomWebViewClient;->shouldInterceptRequest:45API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.RTBVWebView$CustomWebViewClient;->shouldInterceptRequest:68API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.RTBVWebView$CustomWebViewClient;->shouldInterceptRequest:99API Call: java.net.URL.openConnection (not executed)
Source: com.octopus.rtbv.RTBVWebView$CustomWebViewClient;->shouldInterceptRequest:116API Call: java.net.URL.openConnection (not executed)
Source: com.android.volley.toolbox.HurlStack;->createConnection:64API Call: java.net.URL.openConnection (not executed)
Source: co.octopus.mpblib.mpb.volley.toolbox.HurlStack;->createConnection:68API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: co.octopus.mpblib.mpb.network.InetAddressUtils;->getInetAddressByName:2API Call: java.net.InetAddress.getByName (not executed)
Source: okhttp3.Dns$1;->lookup:4API Call: java.net.InetAddress.getAllByName (not executed)
Source: com.fasterxml.jackson.databind.deser.std.FromStringDeserializer$Std;->_deserialize:22API Call: java.net.InetAddress.getByName (not executed)
Scans for WIFI networksShow sources
Source: com.yandex.metrica.impl.bm;->c:34API Call: android.net.wifi.WifiManager.getScanResults
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /auth/sdk/login HTTP/1.1secret: eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzZXR0aW5ncyI6eyJwYWNrYWdlIjoiY29tLnNwYXJrbGUuZmxhc2hsaWdodCIsImF1dGgiOiJodHRwOi8vc2RrLm1vYmJ0LmNvbS9hdXRoL3Nkay9sb2dpbiIsImV4cCI6NjAwLCJ0ZG9tYWluIjoiaHR0cDovL3Nkay5tb2JidC5jb20vdHJrLyIsImZycSI6MzAwLCJzeW5jIjozMDAsInNka3MiOlsicnRiIiwibXBiIl0sInNka19kYXRhIjpbeyJydGIiOnsibGlicGF0aCI6Imh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9vY3RvcHVzLXNkay9ydGJ2MTIuamFyIiwibWV0aG9kIjoiZXhlY3V0ZU1ldGhvZEMiLCJjbGFzcyI6ImNvbS5vY3RvcHVzLnJ0Yi5DQ2xhc3MiLCJwYXJhbWV0ZXJzIjp7ImZldGNoIjoiaHR0cDovL2FjdC5tb2JidC5jb20vYWN0aW9ucy9ydGIvZ2V0IiwidG8iOjEwMDAwfSwic3RvcCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kRCIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyJ9LCJzdGFydCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kQyIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyIsInBhcmFtZXRlcnMiOnsiZmV0Y2giOiJodHRwOi8vYWN0Lm1vYmJ0LmNvbS9hY3Rpb25zL3J0Yi9nZXQifX19fSx7Im1wYiI6eyJsaWJwYXRoIjoiaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL29jdC1tZWRpYS1maWxlcy9tcGJ2Mzgub21lZGlhIiwibWV0aG9kIjoic3RhcnRKb2IiLCJjbGFzcyI6Im
Source: global trafficHTTP traffic detected: GET /auth/sdk/login HTTP/1.1secret: eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzZXR0aW5ncyI6eyJwYWNrYWdlIjoiY29tLnNwYXJrbGUuZmxhc2hsaWdodCIsImF1dGgiOiJodHRwOi8vc2RrLm1vYmJ0LmNvbS9hdXRoL3Nkay9sb2dpbiIsImV4cCI6NjAwLCJ0ZG9tYWluIjoiaHR0cDovL3Nkay5tb2JidC5jb20vdHJrLyIsImZycSI6MzAwLCJzeW5jIjozMDAsInNka3MiOlsicnRiIiwibXBiIl0sInNka19kYXRhIjpbeyJydGIiOnsibGlicGF0aCI6Imh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9vY3RvcHVzLXNkay9ydGJ2MTIuamFyIiwibWV0aG9kIjoiZXhlY3V0ZU1ldGhvZEMiLCJjbGFzcyI6ImNvbS5vY3RvcHVzLnJ0Yi5DQ2xhc3MiLCJwYXJhbWV0ZXJzIjp7ImZldGNoIjoiaHR0cDovL2FjdC5tb2JidC5jb20vYWN0aW9ucy9ydGIvZ2V0IiwidG8iOjEwMDAwfSwic3RvcCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kRCIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyJ9LCJzdGFydCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kQyIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyIsInBhcmFtZXRlcnMiOnsiZmV0Y2giOiJodHRwOi8vYWN0Lm1vYmJ0LmNvbS9hY3Rpb25zL3J0Yi9nZXQifX19fSx7Im1wYiI6eyJsaWJwYXRoIjoiaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL29jdC1tZWRpYS1maWxlcy9tcGJ2Mzgub21lZGlhIiwibWV0aG9kIjoic3RhcnRKb2IiLCJjbGFzcyI6Im
Source: global trafficHTTP traffic detected: GET /actions/mb/view HTTP/1.1pkg: com.sparkle.flashlightps: 1wid: b0127364-7224-4c1b-9db0-c0a7221b8d36ct: 1ds: 1cr: Verizon Wirelesssw: 768sh: 976md: VirtualBoxmk: innotek GmbHpd: android_x86sdk: 61it: 1544340580ut: 1544340580User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; VirtualBox Build/MOB31E)Host: act.mobbt.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /trk/install/A_3c60ba70-0d06-42f7-afc9-fcd53a817a29 HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; VirtualBox Build/MOB31E)Android-Id: dee2cdd8a7942efapkg: com.sparkle.flashlightHost: sdk.mobbt.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /actions/rtb/get HTTP/1.1pkg: com.sparkle.flashlightps: 1wid: c5f6ee21-90d0-40b6-88e8-58a8c4036f04ct: 1ds: 1cr: Verizon Wirelesssdk: 6User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; VirtualBox Build/MOB31E)Host: act.mobbt.comConnection: Keep-AliveAccept-Encoding: gzip
Found strings which match to known social media urlsShow sources
Source: io.fabric.sdk.android.fabric.propertiesString found in binary or memory: # Copyright (C) 2015 Twitter, Inc. equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: /system/app/YouTube/YouTube.apk equals www.youtube.com (Youtube)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.auth.login equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.react.ReactRootView equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://twitter.com/%s/status/%s equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Monitors network connection stateShow sources
Source: com.google.android.gms.tagmanager.zzbl;->zzaP:29API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.youtube.com
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://act.mobbt.com/actions/mb/clog
Source: androidString found in binary or memory: http://act.mobbt.com/actions/mb/view
Source: androidString found in binary or memory: http://act.mobbt.com/actions/rtb/get
Source: androidString found in binary or memory: http://ads.mopub.com
Source: androidString found in binary or memory: http://ads.mopub.com/
Source: androidString found in binary or memory: http://ads.mopub.com/m/gdpr_consent_dialog
Source: androidString found in binary or memory: http://ads.mopub.com/m/gdpr_sync
Source: androidString found in binary or memory: http://ads.mopub.com/m/imp?
Source: androidString found in binary or memory: http://ads.mopub.com/m/open
Source: androidString found in binary or memory: http://dsp-node.minimob.com/c.js?
Source: androidString found in binary or memory: http://goo.gl/8Rd3yj
Source: androidString found in binary or memory: http://goo.gl/naFqQk
Source: androidString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: androidString found in binary or memory: http://octopus-rtb.alemagu.com/actions/mb/clk
Source: androidString found in binary or memory: http://octopus-rtb.alemagu.com/actions/mb/dbg
Source: androidString found in binary or memory: http://octopus-rtb.alemagu.com/actions/mb/imp
Source: androidString found in binary or memory: http://pinnatta.nativeone.co
Source: androidString found in binary or memory: http://plus.google.com/
Source: avd_show_password.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: abc_tint_seek_thumb.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto((android.support.v7.widget.ActionMenuView
Source: abc_screen_toolbar.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto00android.support.v7.widget.ActionBarOverlayLayout
Source: abc_screen_simple.xml, common_signin_btn_text_dark.xml, abc_tint_seek_thumb.xml, design_snackbar_in.xml, notification_template_icon_group.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: abc_dialog_title_material.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout
Source: abc_screen_simple.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout((androi
Source: design_text_input_password_icon.xmlString found in binary or memory: http://schemas.android.com/apk/res/android22android.support.design.widget.CheckableImageButton
Source: design_navigation_item.xmlString found in binary or memory: http://schemas.android.com/apk/res/android66android.support.design.internal.NavigationMenuItemView
Source: androidString found in binary or memory: http://sdk.mobbt.com/auth/sdk/login
Source: androidString found in binary or memory: http://sdk.mobbt.com/trk/
Source: androidString found in binary or memory: http://sdk.mobbt.com/trk/install/A_3c60ba70-0d06-42f7-afc9-fcd53a817a29
Source: io.fabric.sdk.android.fabric.propertiesString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: androidString found in binary or memory: http://www.google-analytics.com
Source: androidString found in binary or memory: http://www.google.com
Source: vid.drString found in binary or memory: http://www.videolan.org/x264.html
Source: androidString found in binary or memory: http://xml.apache.org/xslt
Source: androidString found in binary or memory: https://accounts.google.com
Source: androidString found in binary or memory: https://ads.mopub.com
Source: androidString found in binary or memory: https://analytics.mobile.yandex.net
Source: androidString found in binary or memory: https://api.crashlytics.com/spi/v1/platforms/android/apps/com.sparkle.flashlight
Source: androidString found in binary or memory: https://certificate.mobile.yandex.net
Source: androidString found in binary or memory: https://certificate.mobile.yandex.net/api/v1/pins
Source: androidString found in binary or memory: https://certificate.mobile.yandex.net/api/v1/pins?app_id=com.sparkle.flashlight&app_version=1.31&man
Source: androidString found in binary or memory: https://csi.gstatic.com/csi
Source: androidString found in binary or memory: https://e.crashlytics.com/spi/v2/events
Source: androidString found in binary or memory: https://fabric.io/sign_up
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: androidString found in binary or memory: https://mobile.yandexadexchange.net
Source: androidString found in binary or memory: https://oct-files-am.nyc3.cdn.digitaloceanspaces.com/video2.mp4
Source: androidString found in binary or memory: https://oct-files.ams3.cdn.digitaloceanspaces.com/mpbv61.emedia
Source: androidString found in binary or memory: https://oct-files.ams3.cdn.digitaloceanspaces.com/mpbv61.omedia
Source: androidString found in binary or memory: https://oct-files.ams3.cdn.digitaloceanspaces.com/rtbvv6b.emedia
Source: androidString found in binary or memory: https://oct-files.ams3.cdn.digitaloceanspaces.com/rtbvv6b.omedia
Source: androidString found in binary or memory: https://redirect.appmetrica.yandex.com
Source: androidString found in binary or memory: https://report.appmetrica.webvisor.com
Source: androidString found in binary or memory: https://report.appmetrica.yandex.net
Source: androidString found in binary or memory: https://report.appmetrica.yandex.net/report?deviceid=4533000b0ff1fe2450a92d6c34a1d121&uuid=b29fd78be
Source: androidString found in binary or memory: https://reports.crashlytics.com/sdk-api/v1/platforms/android/apps/com.sparkle.flashlight/minidumps
Source: androidString found in binary or memory: https://reports.crashlytics.com/spi/v1/platforms/android/apps/com.sparkle.flashlight/reports
Source: androidString found in binary or memory: https://rosenberg.appmetrica.yandex.net
Source: androidString found in binary or memory: https://settings.crashlytics.com/spi/v2/platforms/android/apps/%s/settings
Source: androidString found in binary or memory: https://settings.crashlytics.com/spi/v2/platforms/android/apps/com.sparkle.flashlight/settings
Source: androidString found in binary or memory: https://settings.crashlytics.com/spi/v2/platforms/android/apps/com.sparkle.flashlight/settings?icon_
Source: androidString found in binary or memory: https://ssl.google-analytics.com
Source: androidString found in binary or memory: https://startup.mobile.webvisor.com
Source: androidString found in binary or memory: https://startup.mobile.yandex.net
Source: androidString found in binary or memory: https://startup.mobile.yandex.net/
Source: androidString found in binary or memory: https://startup.mobile.yandex.net/analytics/startup?deviceid=&app_platform=android&protocol_version=
Source: androidString found in binary or memory: https://storage.googleapis.com/native-one/1.png
Source: androidString found in binary or memory: https://storage.googleapis.com/oct-media-files/mpbv38.omedia
Source: androidString found in binary or memory: https://storage.googleapis.com/octopus-sdk/rtbv12.jar
Source: androidString found in binary or memory: https://tech.yandex.com/metrica-mobile-sdk/doc/mobile-sdk-dg/concepts/android-initialize-docpage/
Source: androidString found in binary or memory: https://twitter.com/%s/status/%s
Source: androidString found in binary or memory: https://u.startup.mobile.webvisor.com
Source: androidString found in binary or memory: https://www.google-analytics.com
Source: androidString found in binary or memory: https://www.googletagmanager.com
Source: androidString found in binary or memory: https://www.mopub.com/optout
Uses HTTP for connecting to the internetShow sources
Source: com.octopus.managersdk.Manager$DownloadFileAsyncTask;->doInBackground:17API Call: com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect
Source: co.octopus.mpblib.MPB$DownloadVideoAsyncTask;->doInBackground:8API Call: com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect
Source: com.octopus.rtbv.async.DownloadVastAsyncTask;->doInBackground:11API Call: java.net.HttpURLConnection.connect
Source: com.octopus.rtbv.jsoup.helper.HttpConnection$Response;->execute:83API Call: java.net.HttpURLConnection.connect
Source: com.google.android.gms.internal.zzqt;->zzfs:27API Call: org.apache.http.client.HttpClient.execute
Source: com.google.android.gms.internal.zzw;->zza:60API Call: org.apache.http.client.HttpClient.execute
Source: com.google.android.gms.analytics.internal.zzah;->zza:26API Call: java.net.HttpURLConnection.connect
Source: com.google.android.gms.analytics.internal.zzah;->zzb:65API Call: java.net.HttpURLConnection.connect
Source: com.google.android.gms.analytics.internal.zzah;->zzb:104API Call: java.net.HttpURLConnection.connect
Source: com.yandex.metrica.impl.ob.fl;->a:59API Call: org.apache.http.client.HttpClient.execute
Source: com.google.android.gms.tagmanager.zzcx;->zzr:93API Call: org.apache.http.client.HttpClient.execute
Source: com.android.volley.toolbox.HttpClientStack;->performRequest:71API Call: org.apache.http.client.HttpClient.execute
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 37550 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36031
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59506
Source: unknownNetwork traffic detected: HTTP traffic on port 59150 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 48127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 35461 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35461
Source: unknownNetwork traffic detected: HTTP traffic on port 38100 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59150
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48127
Source: unknownNetwork traffic detected: HTTP traffic on port 46040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58628 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58605 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58605
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37550
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46040
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58628
Source: unknownNetwork traffic detected: HTTP traffic on port 59506 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56006
Source: unknownNetwork traffic detected: HTTP traffic on port 36031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60646 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60646

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: com.sparkle.flashlight.service.FloatingWidgetService;->showHud:32API Call: WindowManager.addView
Source: co.octopus.mpblib.MPB;->createWindowManager:316API Call: WindowManager.addView
Source: com.octopus.rtbv.WebManager;->addWebView:28API Call: WindowManager.addView
Loads a webpage with cache disabledShow sources
Source: co.octopus.mpblib.mpb.mraid.MraidWebView;->enableSettings:19API Call: android.webkit.WebSettings.setCacheMode
Source: com.octopus.rtbv.RTBVWebView;->init:80API Call: android.webkit.WebSettings.setCacheMode

Spam, unwanted Advertisements and Ransom Demands:

barindex
May dial phone numberShow sources
Source: com.google.android.gms.internal.zzbq;->zzcV:16API Call: android.net.Uri.parse("tel:")
Source: co.octopus.mpblib.mpb.mraid.MraidNativeCommandHandler;->isTelAvailable:272API Call: android.net.Uri.parse("tel:")
Loads advertisementShow sources
Source: androidString found in binary or memory: .doubleclick.net
Source: androidString found in binary or memory: //googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: ad.doubleclick.net
Source: androidString found in binary or memory: ads.mopub.com
Source: androidString found in binary or memory: googleads.g.doubleclick.net
Source: androidString found in binary or memory: http://ads.mopub.com
Source: androidString found in binary or memory: http://ads.mopub.com/
Source: androidString found in binary or memory: http://ads.mopub.com/m/gdpr_consent_dialog
Source: androidString found in binary or memory: http://ads.mopub.com/m/gdpr_sync
Source: androidString found in binary or memory: http://ads.mopub.com/m/imp?
Source: androidString found in binary or memory: http://ads.mopub.com/m/open
Source: androidString found in binary or memory: https://ads.mopub.com
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: androidString found in binary or memory: https://www.mopub.com/optout
Source: androidString found in binary or memory: mailto:creative-review@mopub.com

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: co.octopus.mpblib.mpb.common.DiskLruCacheUtil;->deleteContents:16API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.zzdu;->zzdI:232API Calls in same method context: File.listFiles,File.delete
Source: okhttp3.internal.io.FileSystem$1;->deleteContents:23API Calls in same method context: File.listFiles,File.delete
Source: com.crashlytics.android.core.CrashlyticsController;->recursiveDelete:339API Calls in same method context: File.listFiles,File.delete
Source: co.octopus.mpblib.mpb.volley.toolbox.DiskBasedCache;->clear:116API Calls in same method context: File.listFiles,File.delete
Source: co.octopus.mpblib.mpb.volley.toolbox.DiskBasedCache;->initialize:159API Calls in same method context: File.listFiles,File.delete
Source: com.android.volley.toolbox.DiskBasedCache;->clear:117API Calls in same method context: File.listFiles,File.delete
Source: com.crashlytics.android.core.Utils;->capFileCount:7API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.zzv;->zza:155API Calls in same method context: File.listFiles,File.delete
Source: com.crashlytics.android.core.LogFileManager;->discardOldLogFiles:29API Calls in same method context: File.listFiles,File.delete
Source: com.android.volley.toolbox.DiskBasedCache;->initialize:161API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: keyguard
Acquires a wake lockShow sources
Source: com.google.android.gms.internal.zzqd;->acquire:117API Call: android.os.PowerManager$WakeLock.acquire

System Summary:

barindex
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WRITE_SYNC_SETTINGS
Classification labelShow sources
Source: classification engineClassification label: mal60.spyw.evad.and@0/257@11/0
Creates SQLiteDatabase tableShow sources
Source: com.yandex.metrica.impl.ob.bm$m;->a:135API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.google.android.gms.analytics.internal.zzj$zza;->onOpen:104API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$r;->a:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$s;->a:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$g;->a:4API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$e;->a:7API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$c;->a:7API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$i;->a:6API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$k;->a:4API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.yandex.metrica.impl.ob.bm$a;->a:4API Call: android.database.sqlite.SQLiteDatabase.execSQL
Loads native librariesShow sources
Source: com.yandex.metrica.impl.NativeCrashesHelper;->a:35API Call: java.lang.System.loadLibrary ("YandexMetricaNativeModule")
Reads shares settingsShow sources
Source: io.fabric.sdk.android.services.common.AdvertisingInfoProvider;->getInfoFromPreferences:59API Call: "advertising_id":
Source: com.octopus.managersdk.ManagerPreferences;->getStubContentAuthority:137API Call: "com.octopus.managersdk_STUB_CONTENT_AUTHORITY": sparkleStubAuthority
Source: com.octopus.managersdk.ManagerPreferences;->getExternalPackageName:118API Call: "com.octopus.managersdk_EXTERNAL_PACKAGE_NAME":
Source: io.fabric.sdk.android.services.common.IdManager;->getAppInstallIdentifier:114API Call: "crashlytics.installation.id": null
Source: io.fabric.sdk.android.services.common.IdManager;->createInstallationUUID:44API Call: "crashlytics.installation.id": null
Source: io.fabric.sdk.android.services.common.IdManager;->getAppInstallIdentifier:114API Call: "crashlytics.installation.id": 164f9b50b3104407b307b813beff75d4
Source: com.yandex.metrica.impl.ob.di;->a:45API Call: "PREF_KEY_DEVICE_ID_": null
Source: com.yandex.metrica.impl.bd$b;->a:9API Call: "APP_ENVIRONMENT": null
Source: com.yandex.metrica.impl.ob.df;->b:98API Call: "REFERRER_com.sparkle.flashlight": null
Source: com.yandex.metrica.impl.ob.da;->b:91API Call: "PREF_KEY_DEVICE_ID_": null
Source: com.yandex.metrica.impl.ob.da;->b:113API Call: "PREF_KEY_PINNING_UPDATE_URL": null
Source: com.octopus.managersdk.ManagerPreferences;->getwId:151API Call: "com.octopus.managersdk_W_ID":
Source: com.octopus.managersdk.ManagerPreferences;->getwId:151API Call: "com.octopus.managersdk_W_ID": 3fdaa4a0-0635-4a49-affa-fd414f1d5f62
Source: com.octopus.managersdk.ManagerPreferences;->getSecretData:133API Call: "com.octopus.managersdk_SECRET_DATA": eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzZXR0aW5ncyI6eyJwYWNrYWdlIjoiY29tLnNwYXJrbGUuZmxhc2hsaWdodCIsImF1dGgiOiJodHRwOi8vc2RrLm1vYmJ0LmNvbS9hdXRoL3Nkay9sb2dpbiIsImV4cCI6NjAwLCJ0ZG9tYWluIjoiaHR0cDovL3Nkay5tb2JidC5jb20vdHJrLyIsImZycSI6MzAwLCJzeW5jIjozMDAsInNka3MiOlsicnRiIiwibXBiIl0sInNka19kYXRhIjpbeyJydGIiOnsibGlicGF0aCI6Imh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9vY3RvcHVzLXNkay9ydGJ2MTIuamFyIiwibWV0aG9kIjoiZXhlY3V0ZU1ldGhvZEMiLCJjbGFzcyI6ImNvbS5vY3RvcHVzLnJ0Yi5DQ2xhc3MiLCJwYXJhbWV0ZXJzIjp7ImZldGNoIjoiaHR0cDovL2FjdC5tb2JidC5jb20vYWN0aW9ucy9ydGIvZ2V0IiwidG8iOjEwMDAwfSwic3RvcCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kRCIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyJ9LCJzdGFydCI6eyJtZXRob2QiOiJleGVjdXRlTWV0aG9kQyIsImNsYXNzIjoiY29tLm9jdG9wdXMucnRiLkNDbGFzcyIsInBhcmFtZXRlcnMiOnsiZmV0Y2giOiJodHRwOi8vYWN0Lm1vYmJ0LmNvbS9hY3Rpb25zL3J0Yi9nZXQifX19fSx7Im1wYiI6eyJsaWJwYXRoIjoiaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL29jdC1tZWRpYS1maWxlcy9tcGJ2Mzgub21lZGlhIiwibWV0aG9kIjoic3RhcnRKb2IiLCJjbGFzcyI6I
Source: io.fabric.sdk.android.services.settings.DefaultSettingsController;->getStoredBuildInstanceIdentifier:56API Call: "existing_instance_identifier":
Source: com.yandex.metrica.impl.ob.di;->b:49API Call: "java.lang.String@d4b1681": null
Source: com.yandex.metrica.impl.ob.di;->a:41API Call: "crashlytics.installation.id": null
Source: com.yandex.metrica.impl.ob.di;->d:94API Call: "java.lang.String@e9ecd14": null
Source: com.yandex.metrica.impl.ob.di;->f:103API Call: "PREF_KEY_GET_AD_URLcom.sparkle.flashlight": null
Source: com.yandex.metrica.impl.ob.di;->g:107API Call: "PREF_KEY_REPORT_AD_URLcom.sparkle.flashlight": null
Source: com.yandex.metrica.impl.ob.di;->c:90API Call: "PREF_KEY_HOST_URL_com.sparkle.flashlight": null
Source: com.yandex.metrica.impl.ob.di;->e:98API Call: "PREF_KEY_REPORT_URL_com.sparkle.flashlight": null
Source: com.yandex.metrica.impl.ob.dc;->a:27API Call: "init_event_pref_key": null
Source: com.yandex.metrica.impl.ob.dc;->c:42API Call: "first_event_pref_key560b155f-00e5-4cd0-b8b3-e0b27887b8de": null
Source: com.yandex.metrica.impl.ob.dc;->b:36API Call: "init_event_pref_key560b155f-00e5-4cd0-b8b3-e0b27887b8de": null
Source: com.yandex.metrica.impl.ob.dc;->c:42API Call: "first_event_pref_key20799a27-fa80-4b36-b2db-0f8141f24180": null
Source: com.yandex.metrica.impl.ob.dc;->b:36API Call: "init_event_pref_key20799a27-fa80-4b36-b2db-0f8141f24180": null
Source: io.fabric.sdk.android.services.settings.DefaultSettingsController;->getStoredBuildInstanceIdentifier:56API Call: "existing_instance_identifier": 5a94a9b8a8ff6750ca569c62c0c830a49bd38cbe
Source: com.octopus.managersdk.ManagerPreferences;->getExternalPackageName:118API Call: "com.octopus.managersdk_EXTERNAL_PACKAGE_NAME": com.sparkle.flashlight
Source: com.octopus.managersdk.ManagerPreferences;->getAuthAddress:104API Call: "com.octopus.managersdk_AUTH_ADDRESS": http://sdk.mobbt.com/auth/sdk/login
Source: co.octopus.mpblib.MPBPreferences;->getVideoInternalPath:218API Call: "co.octopus.mpblib_VIDEO_INTERNAL_PATH":
Source: co.octopus.mpblib.MPBPreferences;->getwId:222API Call: "co.octopus.mpblib_W_ID":
Source: co.octopus.mpblib.MPBPreferences;->getSW:208API Call: "co.octopus.mpblib_SW":
Source: com.octopus.managersdk.ManagerPreferences;->getCpaReferrer:111API Call: "com.octopus.managersdk_CPA_REFERRER":
Source: co.octopus.mpblib.MPBPreferences;->getMK:192API Call: "co.octopus.mpblib_MK":
Source: co.octopus.mpblib.MPBPreferences;->getwId:222API Call: "co.octopus.mpblib_W_ID": b0127364-7224-4c1b-9db0-c0a7221b8d36
Source: co.octopus.mpblib.MPBPreferences;->getSW:208API Call: "co.octopus.mpblib_SW": 768
Source: co.octopus.mpblib.MPBPreferences;->getSH:204API Call: "co.octopus.mpblib_SH": 976
Source: co.octopus.mpblib.MPBPreferences;->getMD:188API Call: "co.octopus.mpblib_MD": VirtualBox
Source: co.octopus.mpblib.MPBPreferences;->getMK:192API Call: "co.octopus.mpblib_MK": innotek GmbH
Source: co.octopus.mpblib.MPBPreferences;->getPD:200API Call: "co.octopus.mpblib_PD": android_x86
Source: co.octopus.mpblib.MPBPreferences;->getOctCpaRf:196API Call: "co.octopus.mpblib_OCT_CPA_REFERRER":
Source: com.octopus.managersdk.ManagerPreferences;->getTrackingUrl:147API Call: "com.octopus.managersdk_T_URL": http://sdk.mobbt.com/trk/
Source: com.octopus.rtbv.RTBVPreferences;->getwId:20API Call: "com.octopus.rtbv_W_ID":
Source: com.octopus.rtbv.RTBVPreferences;->getwId:20API Call: "com.octopus.rtbv_W_ID": c5f6ee21-90d0-40b6-88e8-58a8c4036f04
Source: com.sparkle.flashlight.application.PreferencesManager;->areLockedSubmitRequests:9API Call: android.content.SharedPreferences.getBoolean
Source: com.sparkle.flashlight.application.PreferencesManager;->getCampaignReceiverListArray:14API Call: android.content.SharedPreferences.getString
Source: com.sparkle.flashlight.application.PreferencesManager;->getCpaReferrer:26API Call: android.content.SharedPreferences.getString
Source: com.sparkle.flashlight.application.PreferencesManager;->getCpaSent:29API Call: android.content.SharedPreferences.getBoolean
Source: com.sparkle.flashlight.application.PreferencesManager;->getInstallReferrer:33API Call: android.content.SharedPreferences.getString
Source: com.sparkle.flashlight.application.PreferencesManager;->getMorseModeMessage:37API Call: android.content.SharedPreferences.getString
Source: com.sparkle.flashlight.application.PreferencesManager;->getPublisherId:41API Call: android.content.SharedPreferences.getString
Source: com.sparkle.flashlight.application.PreferencesManager;->getSelectedFlashMode:45API Call: android.content.SharedPreferences.getString
Source: com.sparkle.flashlight.application.PreferencesManager;->isCameraHardwareAvailable:51API Call: android.content.SharedPreferences.getBoolean
Source: com.sparkle.flashlight.application.PreferencesManager;->isFirstTime:54API Call: android.content.SharedPreferences.getBoolean
Source: com.sparkle.flashlight.application.PreferencesManager;->isFirstWidgetCall:57API Call: android.content.SharedPreferences.getBoolean
Source: com.sparkle.flashlight.application.PreferencesManager;->isFloatingWidgetEnabled:60API Call: android.content.SharedPreferences.getBoolean
Source: com.sparkle.flashlight.application.PreferencesManager;->isLedCameraSelected:63API Call: android.content.SharedPreferences.getBoolean
Source: com.sparkle.flashlight.application.PreferencesManager;->isPowerOn:66API Call: android.content.SharedPreferences.getBoolean
Source: com.crashlytics.android.answers.AnswersPreferenceManager;->hasAnalyticsLaunched:8API Call: android.content.SharedPreferences.getBoolean
Source: io.fabric.sdk.android.services.common.AdvertisingInfoProvider;->getInfoFromPreferences:63API Call: android.content.SharedPreferences.getBoolean
Source: io.fabric.sdk.android.services.common.IdManager;->flushInstallationIdIfNecessary:64API Call: android.content.SharedPreferences.getString
Source: com.crashlytics.android.core.PreferenceManager;->create:4API Call: android.content.SharedPreferences.getBoolean
Source: com.crashlytics.android.core.PreferenceManager;->create:14API Call: android.content.SharedPreferences.getBoolean
Source: com.crashlytics.android.core.PreferenceManager;->shouldAlwaysSendReports:33API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzbu$1;->zzb:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzbu$4;->zze:5API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzhs$2;->zzdG:7API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.analytics.internal.zzai$zza;->zzkG:69API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.analytics.internal.zzai;->zzkC:40API Call: android.content.SharedPreferences.getString
Source: com.octopus.managersdk.ManagerPreferences;->getCpaSent:114API Call: android.content.SharedPreferences.getBoolean
Source: com.octopus.managersdk.ManagerPreferences;->getInstallReferrer:122API Call: android.content.SharedPreferences.getString
Source: com.octopus.managersdk.ManagerPreferences;->getPublisherId:129API Call: android.content.SharedPreferences.getString
Source: com.octopus.managersdk.ManagerPreferences;->getSyncSetupComleted:143API Call: android.content.SharedPreferences.getBoolean
Source: com.octopus.managersdk.ManagerPreferences;->isFirstTime:154API Call: android.content.SharedPreferences.getBoolean
Source: co.octopus.mpblib.MPBPreferences;->getAppVersion:134API Call: android.content.SharedPreferences.getString
Source: co.octopus.mpblib.MPBPreferences;->getCachedDevice:140API Call: android.content.SharedPreferences.getString
Source: co.octopus.mpblib.MPBPreferences;->getCachedDevice:146API Call: android.content.SharedPreferences.getString
Source: co.octopus.mpblib.MPBPreferences;->getExternalPackage:152API Call: android.content.SharedPreferences.getString
Source: co.octopus.mpblib.MPBPreferences;->getIFA:159API Call: android.content.SharedPreferences.getString
Source: co.octopus.mpblib.MPBPreferences;->getIFA:164API Call: android.content.SharedPreferences.getString
Source: co.octopus.mpblib.MPBPreferences;->getLastActionFetched:175API Call: android.content.SharedPreferences.getString
Source: co.octopus.mpblib.MPBPreferences;->hasGdprConsentReqSent:225API Call: android.content.SharedPreferences.getBoolean
Source: com.yandex.metrica.impl.ob.da;->a:46API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.da;->a:71API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.da;->b:107API Call: android.content.SharedPreferences.getBoolean
Source: com.yandex.metrica.impl.ob.dc;->e:53API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.de;->a:35API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.de;->a:36API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.de;->a:40API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.de;->b:49API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.de;->c:53API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.de;->d:59API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.de;->e:63API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.df;->a:59API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.df;->a:76API Call: android.content.SharedPreferences.getBoolean
Source: com.yandex.metrica.impl.ob.df;->a:81API Call: android.content.SharedPreferences.getString
Source: com.yandex.metrica.impl.ob.df;->d:120API Call: android.content.SharedPreferences.getBoolean
Source: com.yandex.metrica.impl.ob.dj;->a:6API Call: android.content.SharedPreferences.getBoolean
Source: io.fabric.sdk.android.services.persistence.PreferenceStoreStrategy;->restore:11API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.tagmanager.zzax;->zzg:16API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.tagmanager.zzax;->zzk:27API Call: android.content.SharedPreferences.getString

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lco/octopus/mpblib/mpb/common/util/Drawables;-><clinit>()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAEsAAAA8CAYAAAAuaUeTAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAADU1JREFUeNrUW2+kXdkVP/vkCI8QQikllFfv3cu0Q8bwmA8VwpB+CUNG52M/lTChOkKjdExN9VupGUbzqcKEahgThpG0MSFf8jSduvdliFbLMAyPMDzC27tr77vXOr+1zj5/7ptW0/vct8/ZZ/9b66z1W3/2vu7 Length: 4668
Source: Lco/octopus/mpblib/mpb/common/util/Drawables;-><clinit>()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAJAAAACQCAYAAADnRuK4AAAAAXNSR0IArs4c6QAAGatJREFUeAHtXQlwFcXWTtgXjWwBQgAT2QTZQSDsq2yKLEHDAwQUAS3AgldPVNS/QC38QVzK5cmOCCKIuLCLgCyieQIaZbNCSAggUcO+KYHkfd/9M/ef3HVmuufemXtvV53M3J7u092nv5zTe0dHhZkrKCi4HUWuD2pQSIl4xoDo70rl4XcddMkLZcL/cCG Length: 8856
Source: Lcom/google/android/gms/common/zzc$zzbn$2;->zzmV()[BMethod string: 0\u0082\u0004L0\u0082\u00034\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u00dev\u0095\u0004\u001dvP\u00c00\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0005\u0005\u00000w1\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\u0006\u0003U\u0004\u0 Length: 4142
Source: Lcom/google/android/gms/common/zzc$zzbu$2;->zzmV()[BMethod string: 0\u0082\u0004\u00a80\u0082\u0003\u0090\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u00d5\u0085\u00b8l}\u00d3N\u00f50\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0004\u0005\u00000\u0081\u00941\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\ Length: 4395
Source: Lcom/google/android/gms/common/zzc$zzbv$2;->zzmV()[BMethod string: 0\u0082\u0004\u00a80\u0082\u0003\u0090\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u0084~O\u00f2\u00d6\u00b5\u00de\u008e0\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0005\u0005\u00000\u0081\u00941\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u Length: 4299
Source: Lcom/google/android/gms/common/zzc$zzu$1;->zzmV()[BMethod string: 0\u0082\u0005a0\u0082\u0003K\u0002\u0006\u0001D\u009e\u0091\u0096\u00d30\u000b\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u00050v1\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\u0006\u0003U\u0004\u0008\u0013\nCalifornia1\u00160\u0014\u0006\ Length: 5371
Source: Lcom/google/android/gms/internal/zzat;->zzad()Ljava/lang/String;Method string: jegjZcq8WQ24D4PBZlA+nOvRaTb1/Lp1iVzikO0tB7y8cWpIhplXieXgSN0t7fQ5B+PMldFHK1ZhSxbQdxypEMwSFrZmsJgXRogiN+f7oNe4NkScqksOjIHMbnhb+GMLSjoUdSjdJPvX87xLCu0P+noJFHw9x8pZZwLvSSHlR7WucM22QXUsHhZsnrnk2WtL0yO2QbNAtppz44xQ7OT1euonbkWr2dhfAgT4u14hOpIaBzp8urC1iSuqGM9tmMQ Length: 6424
Obfuscates method namesShow sources
Source: ndYLLP35Z2Total valid method names: 62%
Uses reflectionShow sources
Source: com.yandex.metrica.impl.GoogleAdvertisingIdGetter;->d:45API Call: Real call: null
Source: com.yandex.metrica.impl.GoogleAdvertisingIdGetter;->d:45API Call: Real call: public static int com.google.android.gms.common.GooglePlayServicesUtil.isGooglePlayServicesAvailable(android.content.Context)
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.content.res.Resources@a32700
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@d53301e
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@d53301e
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->getAdvertisingInfo:35API Call: Real call: public static int com.google.android.gms.common.GooglePlayServicesUtil.isGooglePlayServicesAvailable(android.content.Context)
Source: unknownAPI Call: Real call: public void android.view.ViewGroup.makeOptionalFitsSystemWindows()
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@6e6f4a9
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@6e6f4a9
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@9113265
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@9113265
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@46d4594
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isGooglePlayServiceAvailable:43API Call: Real call: android.app.ApplicationPackageManager@46d4594
Source: co.octopus.mpblib.MPB;->getCpaReferrerFromOctopus:424API Call: Real call: class com.octopus.managersdk.ManagerPreferences
Source: co.octopus.mpblib.MPB;->getCpaReferrerFromOctopus:424API Call: Real call: public static synchronized com.octopus.managersdk.ManagerPreferences com.octopus.managersdk.ManagerPreferences.getInstance(android.content.Context)
Source: co.octopus.mpblib.MPB;->getCpaReferrerFromOctopus:428API Call: Real call: com.octopus.managersdk.ManagerPreferences@8c314b9
Source: co.octopus.mpblib.MPB;->getCpaReferrerFromOctopus:428API Call: Real call: public java.lang.String com.octopus.managersdk.ManagerPreferences.getCpaReferrer()
Source: com.octopus.managersdk.ModuleAction;->invokeMethod:30API Call: Real call: co.octopus.mpblib.MPBClass@c7184dd
Source: com.octopus.managersdk.ModuleAction;->invokeMethod:30API Call: Real call: public void co.octopus.mpblib.MPBClass.startJob(android.content.Context,java.lang.String)
Source: com.octopus.managersdk.ModuleAction;->invokeMethod:30API Call: Real call: com.octopus.rtbv.CClass@6b0c5dc
Source: com.octopus.managersdk.ModuleAction;->invokeMethod:30API Call: Real call: public void com.octopus.rtbv.CClass.executeMethodC(android.content.Context,java.lang.String)
Source: com.crashlytics.android.answers.AppMeasurementEventLogger;->getInstance:11API Call: java.lang.reflect.Method.invoke
Source: com.crashlytics.android.answers.AppMeasurementEventLogger;->logEvent:18API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.builder.CompareToBuilder;->reflectionAppend:22API Call: java.lang.reflect.Field.get
Source: org.apache.commons.lang3.builder.CompareToBuilder;->reflectionAppend:23API Call: java.lang.reflect.Field.get
Source: org.apache.commons.lang3.builder.EqualsBuilder;->reflectionAppend:41API Call: java.lang.reflect.Field.get
Source: org.apache.commons.lang3.builder.EqualsBuilder;->reflectionAppend:42API Call: java.lang.reflect.Field.get
Source: org.apache.commons.lang3.builder.HashCodeBuilder;->reflectionAppend:36API Call: java.lang.reflect.Field.get
Source: org.apache.commons.lang3.builder.ReflectionToStringBuilder;->getValue:66API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.ads.internal.util.client.zza;->zzT:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.util.client.zza;->zzT:41API Call: java.lang.reflect.Method.invoke
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->getAdvertisingId:8API Call: java.lang.reflect.Method.invoke
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->getInfo:18API Call: java.lang.reflect.Method.invoke
Source: io.fabric.sdk.android.services.common.AdvertisingInfoReflectionStrategy;->isLimitAdTrackingEnabled:28API Call: java.lang.reflect.Method.invoke
Source: co.octopus.mpblib.mpb.common.MoPub;->updateActivity:127API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.connection.RouteException;->addSuppressedIfPossible:6API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer;->finishBuild:304API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.dynamic.zze;->zzp:8API Call: java.lang.reflect.Field.get
Source: org.apache.commons.lang3.event.EventListenerSupport$ProxyInvocationHandler;->invoke:7API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.exception.ExceptionUtils;->getCauseUsingMethodName:22API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.GoogleAdvertisingIdGetter;->a:11API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.GoogleAdvertisingIdGetter;->a:16API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.GoogleAdvertisingIdGetter;->a:19API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.am;->a:13API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.am;->a:15API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.bm;->b:82API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.bm;->c:101API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.impl.BeanAsArrayBuilderDeserializer;->finishBuild:106API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.impl.MethodProperty;->deserializeAndSet:13API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.impl.MethodProperty;->deserializeSetAndReturn:17API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.impl.MethodProperty;->set:31API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.impl.MethodProperty;->setAndReturn:34API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.impl.SetterlessProperty;->deserializeAndSet:16API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.internal.DowngradeableSafeParcel;->zza:6API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzal;->zzV:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzW:14API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzX:20API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zza:28API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zza:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzb:50API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zze:66API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzf:73API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzg:79API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzh:85API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzi:93API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzj:99API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzk:106API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzma;->zza:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzma;->zza:16API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzma;->zza:24API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzma;->zza:31API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzry;->zza:18API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzry;->zza:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzry;->zza:45API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.introspect.AnnotatedField;->getValue:36API Call: java.lang.reflect.Field.get
Source: com.fasterxml.jackson.databind.introspect.AnnotatedMethod;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.introspect.AnnotatedMethod;->call:8API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.introspect.AnnotatedMethod;->call1:10API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.introspect.AnnotatedMethod;->callOn:12API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.introspect.AnnotatedMethod;->callOnWith:14API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.introspect.AnnotatedMethod;->getValue:68API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.introspect.AnnotatedMethod;->setValue:119API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.AnnotationUtils;->equals:67API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.AnnotationUtils;->equals:68API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.AnnotationUtils;->hashCode:73API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.AnnotationUtils;->toString:107API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.ObjectUtils;->clone:33API Call: java.lang.reflect.Method.invoke
Source: com.octopus.managersdk.MirrorManager;->invokeMethod:16API Call: java.lang.reflect.Method.invoke
Source: com.octopus.managersdk.MirrorManager;->invokeMethod:35API Call: java.lang.reflect.Method.invoke
Source: co.octopus.mpblib.MPB;->decrInParentMod:340API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.ob.e;->a:42API Call: java.lang.reflect.Field.get
Source: com.yandex.metrica.impl.ob.e;->a:61API Call: java.lang.reflect.Method.invoke
Source: com.yandex.metrica.impl.ob.e;->a:68API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform$AndroidCertificateChainCleaner;->clean:7API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->isCleartextTrafficPermitted:54API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.AndroidPlatform;->isCleartextTrafficPermitted:57API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk9Platform;->configureTlsExtensions:12API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Jdk9Platform;->getSelectedProtocol:16API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.JdkWithJettyBootPlatform$JettyNegoProvider;->invoke:31API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.JdkWithJettyBootPlatform;->afterHandshake:30API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.JdkWithJettyBootPlatform;->configureTlsExtensions:39API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.JdkWithJettyBootPlatform;->getSelectedProtocol:42API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.OptionalMethod;->invoke:24API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.OptionalMethod;->invokeOptional:34API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.platform.Platform;->readFieldOrNull:30API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzM:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zza:22API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzb:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzi:50API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzj:65API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzd;->zzfh:130API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.reflect.FieldUtils;->readField:79API Call: java.lang.reflect.Field.get
Source: org.apache.commons.lang3.reflect.MethodUtils;->invokeExactMethod:122API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.reflect.MethodUtils;->invokeExactStaticMethod:139API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.reflect.MethodUtils;->invokeMethod:172API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.reflect.MethodUtils;->invokeStaticMethod:194API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.server.response.FastJsonResponse;->zzb:94API Call: java.lang.reflect.Method.invoke
Source: com.google.devtools.build.android.desugar.runtime.ThrowableExtension;->readApiLevelFromBuildVersion:36API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.security.ProviderInstaller;->installIfNeeded:15API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.ser.BeanPropertyWriter;->get:95API Call: java.lang.reflect.Field.get
Source: com.fasterxml.jackson.databind.ser.BeanPropertyWriter;->get:97API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.ser.BeanPropertyWriter;->serializeAsElement:160API Call: java.lang.reflect.Field.get
Source: com.fasterxml.jackson.databind.ser.BeanPropertyWriter;->serializeAsElement:162API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.ser.BeanPropertyWriter;->serializeAsField:187API Call: java.lang.reflect.Field.get
Source: com.fasterxml.jackson.databind.ser.BeanPropertyWriter;->serializeAsField:189API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.deser.std.StdKeyDeserializer$StringFactoryKeyDeserializer;->_parse:4API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.time.CalendarReflection;->getWeekYear:9API Call: java.lang.reflect.Method.invoke
Source: org.apache.commons.lang3.time.CalendarReflection;->isWeekDateSupported:20API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.tls.TrustRootIndex$AndroidTrustRootIndex;->findByIssuerAndSignature:4API Call: java.lang.reflect.Method.invoke
Source: com.fasterxml.jackson.databind.util.ClassUtil$EnumTypeLocator;->get:7API Call: java.lang.reflect.Field.get
Source: com.fasterxml.jackson.databind.util.EnumResolver;->constructUsingMethod:24API Call: java.lang.reflect.Method.invoke
Source: co.octopus.mpblib.mpb.common.util.Reflection$MethodBuilder;->execute:27API Call: java.lang.reflect.Method.invoke
Source: co.octopus.mpblib.mpb.common.util.Reflection$MethodBuilder;->execute:29API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Creates filesShow sources
Source: io.fabric.sdk.android.services.settings.DefaultSettingsController;->loadSettingsData:69API Call: java.io.FileWriter.<init>
Source: io.fabric.sdk.android.services.settings.DefaultSettingsController;->loadSettingsData:69API Call: java.io.FileWriter.<init>
Source: io.fabric.sdk.android.services.settings.DefaultSettingsController;->loadSettingsData:69API Call: java.io.FileWriter.<init>
Source: io.fabric.sdk.android.services.settings.DefaultCachedSettingsIo;->writeCachedSettings:39API Call: java.io.FileWriter.<init>

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.google.android.gms.internal.zzqd;-><init>:8API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Queries list of running processes/tasksShow sources
Source: io.fabric.sdk.android.services.common.CommonUtils;->getAppProcessInfo:98API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzbk;->zzcu:106API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzdn$zzb;->zzb:54API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzhu;->zzN:102API Call: android.app.ActivityManager.getRunningTasks
Source: com.google.android.gms.internal.zzhu;->zzO:112API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzlw;->zzj:18API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.tagmanager.zzdb$zza;->zzcu:51API Call: android.app.ActivityManager.getRunningAppProcesses
Queries package code path (often used for patching other applications)Show sources
Source: io.fabric.sdk.android.Fabric;->getKitsFinderFuture:89API Call: android.content.Context.getPackageCodePath
Uses Crypto APIsShow sources
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:181API Call: java.security.MessageDigest.getInstance
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:193API Call: java.security.MessageDigest.getInstance
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: com.yandex.metrica.impl.utils.b;->a:21API Call: javax.crypto.Cipher.getInstance
Source: com.yandex.metrica.impl.utils.b;->a:14API Call: javax.crypto.Cipher.doFinal
Source: com.yandex.metrica.impl.utils.a;->a:6API Call: javax.crypto.Cipher.getInstance
Source: com.yandex.metrica.impl.utils.b;->a:28API Call: javax.crypto.Cipher.doFinal
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: com.yandex.metrica.impl.ob.fg;->a:37API Call: java.security.MessageDigest.getInstance
Source: com.yandex.metrica.impl.ob.fg;->a:40API Call: java.security.MessageDigest.digest
Source: com.yandex.metrica.impl.ob.fg;->a:40API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:183API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->sha1:299API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:194API Call: java.security.MessageDigest.update
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:192API Call: java.security.MessageDigest.digest
Source: com.octopus.managersdk.ModuleAction;->encrypt:129API Call: javax.crypto.Cipher.getInstance
Source: com.octopus.managersdk.ModuleAction;->encrypt:129API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaB:56API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaB:58API Call: java.security.MessageDigest.update
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaB:61API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:184API Call: java.security.MessageDigest.digest
Source: io.fabric.sdk.android.services.common.CommonUtils;->hash:195API Call: java.security.MessageDigest.digest
Source: com.yandex.metrica.impl.c;->b:38API Call: java.security.MessageDigest.getInstance
Source: com.yandex.metrica.impl.c;->b:44API Call: java.security.MessageDigest.update
Source: com.yandex.metrica.impl.c;->b:45API Call: java.security.MessageDigest.digest
Source: okhttp3.internal.Util;->md5Hex:74API Call: java.security.MessageDigest.getInstance
Source: okhttp3.internal.Util;->md5Hex:77API Call: java.security.MessageDigest.digest
Source: okhttp3.internal.Util;->sha1:82API Call: java.security.MessageDigest.getInstance
Source: okhttp3.internal.Util;->sha1:84API Call: java.security.MessageDigest.digest
Source: okhttp3.internal.Util;->sha256:88API Call: java.security.MessageDigest.getInstance
Source: okhttp3.internal.Util;->sha256:90API Call: java.security.MessageDigest.digest
Source: okhttp3.internal.Util;->shaBase64:94API Call: java.security.MessageDigest.getInstance
Source: okhttp3.internal.Util;->shaBase64:97API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzak;->zza:32API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzak;->zza:33API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzak;->zza:34API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzar;->zzc:14API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzar;->zzc:16API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.zzar;->zzc:17API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzbl;->zzcy:7API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzbo;->zzz:13API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzbo;->zzz:15API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzhu;->zzgs:441API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzhu;->zzgs:442API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzhu;->zzgs:443API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzhu;->zzgs:444API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.analytics.internal.zza;->zzaW:50API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.analytics.internal.zzam;->zzbq:132API Call: java.security.MessageDigest.getInstance
Source: com.octopus.managersdk.ModuleAction;->encrypt:130API Call: javax.crypto.Cipher.init
Source: io.fabric.sdk.android.services.network.PinningTrustManager;->isValidPin:46API Call: java.security.MessageDigest.getInstance
Source: io.fabric.sdk.android.services.network.PinningTrustManager;->isValidPin:49API Call: java.security.MessageDigest.digest
Source: okio.Buffer;->digest:2API Call: java.security.MessageDigest.getInstance
Source: okio.Buffer;->digest:8API Call: java.security.MessageDigest.update
Source: okio.Buffer;->digest:13API Call: java.security.MessageDigest.update
Source: okio.Buffer;->digest:15API Call: java.security.MessageDigest.digest
Source: okio.ByteString;->digest:33API Call: java.security.MessageDigest.getInstance
Source: okio.ByteString;->digest:35API Call: java.security.MessageDigest.digest
Source: okio.HashingSink;-><init>:2API Call: java.security.MessageDigest.getInstance
Source: okio.HashingSink;->hash:11API Call: java.security.MessageDigest.digest
Source: okio.HashingSink;->write:18API Call: java.security.MessageDigest.update
Source: okio.HashingSource;-><init>:2API Call: java.security.MessageDigest.getInstance
Source: okio.HashingSource;->hash:11API Call: java.security.MessageDigest.digest
Source: okio.HashingSource;->read:18API Call: java.security.MessageDigest.update
Source: com.google.android.gms.tagmanager.zzap;->zzd:12API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.tagmanager.zzap;->zzd:13API Call: java.security.MessageDigest.update
Source: com.google.android.gms.tagmanager.zzap;->zzd:14API Call: java.security.MessageDigest.digest
Source: co.octopus.mpblib.mpb.common.util.Utils;->sha1:9API Call: java.security.MessageDigest.getInstance
Source: co.octopus.mpblib.mpb.common.util.Utils;->sha1:12API Call: java.security.MessageDigest.update
Source: co.octopus.mpblib.mpb.common.util.Utils;->sha1:13API Call: java.security.MessageDigest.digest
Source: com.yandex.metrica.impl.utils.a;->a:9API Call: javax.crypto.Cipher.init
Source: com.yandex.metrica.impl.utils.a;->a:10API Call: javax.crypto.Cipher.doFinal
Source: com.yandex.metrica.impl.utils.b;->a:22API Call: javax.crypto.Cipher.init
Source: com.yandex.metrica.impl.utils.b;->a:24API Call: javax.crypto.Cipher.doFinal

Malware Analysis System Evasion:

barindex
Accesses /procShow sources
Source: Lio/fabric/sdk/android/services/common/CommonUtils;->getTotalRamInBytes()JMethod string: "/proc/meminfo"
Accesses android OS build fieldsShow sources
Source: io.fabric.sdk.android.services.settings.Settings;->initialize:34Field Access: android.os.Build.MANUFACTURER
Source: io.fabric.sdk.android.services.settings.Settings;->initialize:34Field Access: android.os.Build.MODEL
Source: com.crashlytics.android.answers.SessionMetadataCollector;->getMetadata:21Field Access: android.os.Build.MANUFACTURER
Source: com.crashlytics.android.answers.SessionMetadataCollector;->getMetadata:21Field Access: android.os.Build.MODEL
Source: io.fabric.sdk.android.services.common.CommonUtils;->isRooted:234Field Access: android.os.Build.PRODUCT
Source: com.crashlytics.android.core.CrashlyticsController;->writeSessionOS:674Field Access: android.os.Build.TAGS
Source: io.fabric.sdk.android.services.common.CommonUtils;->getCpuArchitectureInt:123Field Access: android.os.Build.CPU_ABI
Source: com.crashlytics.android.core.CrashlyticsController;->writeSessionDevice:617Field Access: android.os.Build.PRODUCT
Source: com.yandex.metrica.impl.ob.cj;-><init>:2Field Access: android.os.Build.MANUFACTURER
Source: com.yandex.metrica.impl.ob.cj;-><init>:3Field Access: android.os.Build.MODEL
Source: io.fabric.sdk.android.services.common.CommonUtils;->getDeviceState:125Field Access: android.os.Build.PRODUCT
Source: io.fabric.sdk.android.services.common.CommonUtils;->isRooted:234Field Access: android.os.Build.PRODUCT
Source: io.fabric.sdk.android.services.common.CommonUtils;->getDeviceState:126Field Access: android.os.Build.TAGS
Source: com.yandex.metrica.impl.ob.fi;->b:23Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.ads.internal.util.client.zza;->zzgH:74Field Access: android.os.Build.DEVICE
Source: io.fabric.sdk.android.services.common.CommonUtils$Architecture;->getValue:49Field Access: android.os.Build.CPU_ABI
Source: io.fabric.sdk.android.services.common.CommonUtils;->isEmulator:228Field Access: android.os.Build.PRODUCT
Source: io.fabric.sdk.android.services.common.CommonUtils;->isEmulator:231Field Access: android.os.Build.PRODUCT
Source: io.fabric.sdk.android.services.common.CommonUtils;->isRooted:235Field Access: android.os.Build.TAGS
Source: io.fabric.sdk.android.services.common.IdManager;->getModelName:142Field Access: android.os.Build.MANUFACTURER
Source: io.fabric.sdk.android.services.common.IdManager;->getModelName:144Field Access: android.os.Build.MODEL
Source: io.fabric.sdk.android.services.common.IdManager;->getOsDisplayVersionString:149Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.common.GooglePlayServicesUtil;->zzmX:325Field Access: android.os.Build.TYPE
Source: com.crashlytics.android.core.CrashlyticsController$21;->writeTo:2Field Access: android.os.Build$VERSION.RELEASE
Source: com.crashlytics.android.core.CrashlyticsController$22$1;-><init>:3Field Access: android.os.Build$VERSION.RELEASE
Source: com.crashlytics.android.core.CrashlyticsController$23;->writeTo:2Field Access: android.os.Build.MODEL
Source: com.crashlytics.android.core.CrashlyticsController$23;->writeTo:4Field Access: android.os.Build.MANUFACTURER
Source: com.crashlytics.android.core.CrashlyticsController$23;->writeTo:5Field Access: android.os.Build.PRODUCT
Source: com.crashlytics.android.core.CrashlyticsController$24$1;-><init>:7Field Access: android.os.Build.MODEL
Source: com.crashlytics.android.core.CrashlyticsController$24$1;-><init>:34Field Access: android.os.Build.MANUFACTURER
Source: com.crashlytics.android.core.CrashlyticsController$24$1;-><init>:37Field Access: android.os.Build.PRODUCT
Source: com.yandex.metrica.impl.ba;-><init>:2Field Access: android.os.Build.MANUFACTURER
Source: com.yandex.metrica.impl.ba;-><init>:3Field Access: android.os.Build.MODEL
Source: com.yandex.metrica.impl.bc;->a:17Field Access: android.os.Build.MODEL
Source: com.yandex.metrica.impl.bc;->a:18Field Access: android.os.Build.MANUFACTURER
Source: com.yandex.metrica.impl.bc;->a:20Field Access: android.os.Build.MODEL
Source: com.yandex.metrica.impl.bc;->a:23Field Access: android.os.Build.MANUFACTURER
Source: com.yandex.metrica.impl.bc;->a:28Field Access: android.os.Build.MODEL
Source: com.yandex.metrica.impl.bc;->a:34Field Access: android.os.Build$VERSION.RELEASE
Source: com.yandex.metrica.impl.interact.DeviceInfo;-><init>:8Field Access: android.os.Build.MANUFACTURER
Source: com.yandex.metrica.impl.interact.DeviceInfo;-><init>:9Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzbz;-><init>:18Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzbz;-><init>:22Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzgj;->zzb:105Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzgn;->zza:193Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzgn;->zza:196Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzgr$zza;->zzC:45Field Access: android.os.Build.FINGERPRINT
Source: com.google.android.gms.internal.zzhu;->zza:260Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzhu;->zzgr:409Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzhu;->zzgr:412Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzhu;->zzgr:418Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzhu;->zzgr:421Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzhu;->zzgr:423Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzhu;->zzgr:426Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzhu;->zzgt:448Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzhu;->zzgt:449Field Access: android.os.Build.MODEL
Source: com.google.android.gms.analytics.internal.zzah;-><init>:6Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.analytics.internal.zzah;-><init>:9Field Access: android.os.Build.MODEL
Source: com.google.android.gms.analytics.internal.zzah;-><init>:10Field Access: android.os.Build.ID
Source: com.google.android.gms.analytics.internal.zzx;->version:1Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.analytics.internal.zzx;->version:4Field Access: android.os.Build$VERSION.SDK
Source: co.octopus.mpblib.MPB;->collectExtraDeviceData:91Field Access: android.os.Build.MANUFACTURER
Source: co.octopus.mpblib.MPB;->collectExtraDeviceData:94Field Access: android.os.Build.MODEL
Source: co.octopus.mpblib.MPB;->collectExtraDeviceData:97Field Access: android.os.Build.PRODUCT
Source: com.yandex.metrica.impl.ob.fh;-><init>:15Field Access: android.os.Build$VERSION.RELEASE
Source: com.yandex.metrica.impl.ob.fh;-><init>:21Field Access: android.os.Build.MANUFACTURER
Source: com.yandex.metrica.impl.ob.fh;-><init>:25Field Access: android.os.Build.MODEL
Source: com.yandex.metrica.impl.ob.fi;->b:24Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.tagmanager.zzab;->zzG:5Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.tagmanager.zzab;->zzG:6Field Access: android.os.Build.MODEL
Source: com.google.android.gms.tagmanager.zzal;->version:1Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.tagmanager.zzal;->version:6Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.tagmanager.zzbx;->zzG:5Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.tagmanager.zzcx;-><init>:5Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.tagmanager.zzcx;-><init>:8Field Access: android.os.Build.MODEL
Source: com.google.android.gms.tagmanager.zzcx;-><init>:9Field Access: android.os.Build.ID
Potential date aware sample foundShow sources
Source: io.jsonwebtoken.impl.DefaultJwtParser;->parse:152API Call: java.util.Date.after
Queries several sensitive phone informationsShow sources
Source: Lco/octopus/mpblib/Device;->fromJson(Lorg/json/JSONObject;)Lco/octopus/mpblib/Device;Method string: "os"
Source: Lcom/google/android/gms/tagmanager/zzbz;-><clinit>()VMethod string: "android"
Source: Lcom/google/android/gms/appindexing/Thing$Builder;->setType(Ljava/lang/String;)Lcom/google/android/gms/appindexing/Thing$Builder;Method string: "type"
Source: Lcom/google/android/gms/internal/zzis;->zzgM()VMethod string: "version"
Source: Lcom/yandex/metrica/impl/ob/cj;->a()Lorg/json/JSONObject;Method string: "manufacturer"
Source: Lcom/yandex/metrica/impl/ob/eb;-><init>(Landroid/content/Context;)VMethod string: "phone"
Source: Lcom/google/android/gms/internal/zzok;->toString()Ljava/lang/String;Method string: "appid"
Source: Lcom/yandex/metrica/impl/ob/cj;->a()Lorg/json/JSONObject;Method string: "model"
Source: Lco/octopus/mpblib/MPB$GetEventAsyncTask;->doInBackground([Ljava/lang/String;)Ljava/lang/Void;Method string: "sdk"
Source: Lcom/google/android/gms/ads/internal/overlay/zzk;->zzeR()VMethod string: "time"
Source: Lcom/google/android/gms/internal/zzos;->toString()Ljava/lang/String;Method string: "category"
Source: Lcom/google/android/gms/tagmanager/zzdg;->zzR(Ljava/util/Map;)Lcom/google/android/gms/analytics/ecommerce/Product;Method string: "brand"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: io.fabric.sdk.android.services.common.IdManager;->getAndroidId:104API Call: android.provider.Settings.Secure.getString
Source: io.fabric.sdk.android.services.common.IdManager;->getAndroidId:104API Call: android.provider.Settings.Secure.getString
Source: io.fabric.sdk.android.services.common.CommonUtils;->isEmulator:226API Call: android.provider.Settings.Secure.getString
Source: io.fabric.sdk.android.services.common.IdManager;->getAndroidId:104API Call: android.provider.Settings.Secure.getString
Source: io.fabric.sdk.android.services.common.CommonUtils;->isEmulator:226API Call: android.provider.Settings.Secure.getString
Source: com.yandex.metrica.impl.interact.DeviceInfo;-><init>:7API Call: android.provider.Settings.Secure.getString
Source: io.fabric.sdk.android.services.common.CommonUtils;->isEmulator:226API Call: android.provider.Settings.Secure.getString
Source: io.fabric.sdk.android.services.common.IdManager;->getAndroidId:104API Call: android.provider.Settings.Secure.getString
Source: io.fabric.sdk.android.services.common.CommonUtils;->isEmulator:226API Call: android.provider.Settings.Secure.getString
Source: com.octopus.managersdk.Utils;->getAndroidId:5API Call: android.provider.Settings.Secure.getString
Source: com.sparkle.flashlight.util.FlashLightUtils;->getAndroidId:5API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.ads.internal.util.client.zza;->zzQ:19API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.tagmanager.zzaa;->zzaN:11API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.tagmanager.zzbk;->zzaN:11API Call: android.provider.Settings$Secure.getString
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: rtbvv6b.jar.drBinary or memory string: MhGFs

Anti Debugging:

barindex
Creates a new jar file (likely to load a new code)Show sources
Source: com.octopus.managersdk.ModuleAction;->readFileModule:92API Call: java.io.File.<init>
Source: com.octopus.managersdk.ModuleAction;->readFileModule:92API Call: java.io.File.<init>
Checks if debugger is runningShow sources
Source: io.fabric.sdk.android.services.common.CommonUtils;->isDebuggerAttached:222API Call: android.os.Debug.isDebuggerConnected

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.octopus.managersdk.ModuleAction;->createDexLoader:9API Call: dalvik.system.DexClassLoader.<init>("/data/user/0/com.sparkle.flashlight/app_dex/mpbv61.jar")
Source: com.octopus.managersdk.ModuleAction;->invokeClass:12API Call: dalvik.system.DexClassLoader.loadClass("co.octopus.mpblib.MPBClass")
Source: com.octopus.managersdk.ModuleAction;->createDexLoader:9API Call: dalvik.system.DexClassLoader.<init>("/data/user/0/com.sparkle.flashlight/app_dex/rtbvv6b.jar")
Source: com.octopus.managersdk.ModuleAction;->invokeClass:12API Call: dalvik.system.DexClassLoader.loadClass("com.octopus.rtbv.CClass")
Source: com.google.android.gms.internal.zzal;->zzl:129API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:132API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:135API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:138API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:141API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:144API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:147API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:150API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:153API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:156API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:159API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:162API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:165API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzl:168API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Checks if phone is rooted (checks for Superuser.apk)Show sources
Source: com.crashlytics.android.core.CrashlyticsController;->writeSessionOS:674API Call: java.io.File.<init>("/system/app/Superuser.apk")
Source: com.yandex.metrica.impl.am$a;->c:20API Call: java.io.File.<init>("/system/app/Superuser.apk")
Source: com.yandex.metrica.impl.interact.DeviceInfo$1;-><init>:2API Call: java.io.File.<init>("/system/app/Superuser.apk")
Source: io.fabric.sdk.android.services.common.CommonUtils;->getDeviceState:126API Call: java.io.File.<init>("/system/app/Superuser.apk")
Source: io.fabric.sdk.android.services.common.CommonUtils;->isRooted:239API Call: java.io.File.<init>("/system/app/Superuser.apk")
Source: com.yandex.metrica.impl.am$a;->a:10API Call: java.io.File.<init>("/system/app/Superuser.apk")
Checks if phone is rooted (checks for test-keys build tags)Show sources
Source: io.fabric.sdk.android.services.common.CommonUtils;->isRooted:237API Call: java.lang.String.contains("test-keys")
Queries the SIM provider name (SPN - Service Provider Name)Show sources
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:47API Call: android.telephony.TelephonyManager.getSimOperatorName
Source: com.yandex.metrica.impl.ob.eb;->r:125API Call: android.telephony.TelephonyManager.getSimOperatorName
Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:39API Call: android.telephony.TelephonyManager.getSimOperator
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:40API Call: android.telephony.TelephonyManager.getSimOperator
Source: com.yandex.metrica.impl.ob.eb;->j:75API Call: android.telephony.TelephonyManager.getSimOperator
Source: com.yandex.metrica.impl.ob.eb;->k:81API Call: android.telephony.TelephonyManager.getSimOperator
Queries the network MAC addressShow sources
Source: com.yandex.metrica.impl.bm;->a:19API Call: java.net.NetworkInterface.getHardwareAddress
Queries the network operator nameShow sources
Source: co.octopus.mpblib.DeviceUtils;->getCarrierName:6API Call: android.telephony.TelephonyManager.getNetworkOperatorName returned "Verizon Wireless"
Source: com.octopus.rtbv.DeviceUtils;->getCarrierName:6API Call: android.telephony.TelephonyManager.getNetworkOperatorName returned "Verizon Wireless"
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:45API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: com.yandex.metrica.impl.ob.eb;->d:176API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:35API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:36API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: com.google.android.gms.internal.zzgr$zza;->zza:72API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: com.yandex.metrica.impl.ob.eb;->h:63API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: com.yandex.metrica.impl.ob.eb;->i:69API Call: android.telephony.TelephonyManager.getNetworkOperator
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.yandex.metrica.impl.ob.eb;->o:107API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.yandex.metrica.impl.ob.eb;->p:113API Call: android.telephony.TelephonyManager.getDeviceId

Stealing of Sensitive Information:

barindex
Leaking sensitive information via HTTP to a webserverShow sources
Source: com.yandex.metrica.impl.ob.cq;->a:4API Call: java.net.URL.openConnection (URL: "https://report.appmetrica.yandex.net/report?deviceid=4533000b0ff1fe2450a92d6c34a1d121&uuid=b29fd78be25f2673f46c55c7cbf1ef89&analytics_sdk_version=273&client_analytics_sdk_version=273&app_version_name=1.31&app_build_number=31&os_version=4.2.1&os_api_level=23&analytics_sdk_build_number=7854&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&api_key_128=560b155f-00e5-4cd0-b8b3-e0b27887b8de&app_id=com.sparkle.flashlight&app_platform=android&protocol_version=2&model=Galaxy%20Nexus&manufacturer=samsung&screen_width=1024&screen_height=768&screen_dpi=160&scalefactor=1.0&device_type=tablet&android_id=dee2cdd8a7942efa&adv_id=6f15c563-fc1d-4649-b78d-d287051049c6", POST data: "https://report.appmetrica.yandex.net/report?deviceid=4533000b0ff1fe2450a92d6c34a1d121&uuid=b29fd78be25f2673f46c55c7cbf1ef89&analytics_sdk_version=273&client_analytics_sdk_version=273&app_version_name=1.31&app_build_number=31&os_version=4.2.1&os_api_level=23&analytics_sdk_
Source: com.yandex.metrica.impl.ob.cq;->a:4API Call: java.net.URL.openConnection (URL: "https://report.appmetrica.yandex.net/report?deviceid=4533000b0ff1fe2450a92d6c34a1d121&uuid=b29fd78be25f2673f46c55c7cbf1ef89&analytics_sdk_version=273&client_analytics_sdk_version=273&app_version_name=1.31&app_build_number=31&os_version=4.2.1&os_api_level=23&analytics_sdk_build_number=7854&analytics_sdk_build_type=public&app_debuggable=0&locale=en_US&is_rooted=1&app_framework=native&api_key_128=20799a27-fa80-4b36-b2db-0f8141f24180&app_id=com.sparkle.flashlight&app_platform=android&protocol_version=2&model=Galaxy%20Nexus&manufacturer=samsung&screen_width=1024&screen_height=768&screen_dpi=160&scalefactor=1.0&device_type=tablet&android_id=dee2cdd8a7942efa&adv_id=6f15c563-fc1d-4649-b78d-d287051049c6", POST data: "https://report.appmetrica.yandex.net/report?deviceid=4533000b0ff1fe2450a92d6c34a1d121&uuid=b29fd78be25f2673f46c55c7cbf1ef89&analytics_sdk_version=273&client_analytics_sdk_version=273&app_version_name=1.31&app_build_number=31&os_version=4.2.1&os_api_level=23&analytics_sdk_
Uploads sensitive phone information to the internet (privacy leak)Show sources
Source: 192.168.1.87:54323 -> 35.201.105.92:80HTTP traffic detected: Header contains sensitive information: dee2cdd8a7942efa (Secure.ANDROID_ID)
Checks if a SIM card is installedShow sources
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:38API Call: android.telephony.TelephonyManager.getSimState
Source: co.octopus.mpblib.mpb.common.ClientMetadata;-><init>:46API Call: android.telephony.TelephonyManager.getSimState
Source: co.octopus.mpblib.DeviceUtils;->getCarrierName:5API Call: android.telephony.TelephonyManager.getSimState
Source: com.octopus.rtbv.DeviceUtils;->getCarrierName:5API Call: android.telephony.TelephonyManager.getSimState
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Queries a list of installed applicationsShow sources
Source: com.yandex.metrica.impl.ag;->a:100API Call: android.content.pm.PackageManager.getInstalledApplications
Queries camera informationShow sources
Source: com.sparkle.flashlight.activity.MainActivity;->safeCameraOpen:106API Call: android.hardware.Camera.open
Queries list of installed packagesShow sources
Source: com.yandex.metrica.impl.t;->a:34API Call: android.content.pm.PackageManager.getInstalledPackages
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.google.android.gms.auth.api.credentials.IdentityProviders;->getIdentityProviderForAccount:5API Call: android.accounts.Account.type
Source: com.google.android.gms.auth.api.credentials.IdentityProviders;->getIdentityProviderForAccount:9API Call: android.accounts.Account.type
Source: com.google.android.gms.common.internal.zzf;->getAccountName:20API Call: android.accounts.Account.name
Source: com.android.volley.toolbox.AndroidAuthenticator;->invalidateAuthToken:32API Call: android.accounts.Account.type

Remote Access Functionality:

barindex
Uses DownloadManager to fetch additional componentsShow sources
Source: com.google.android.gms.internal.zzey$1;->onClick:10API Call: android.app.DownloadManager.enqueue

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
ndYLLP35Z220%virustotalBrowse

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
act.mobbt.com0%virustotalBrowse
sdk.mobbt.com0%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://octopus-rtb.alemagu.com/actions/mb/clk0%virustotalBrowse

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.