Loading ...

Play interactive tourEdit tour

Analysis Report m2sE4UM7Wk.apk

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:910483
Start date:12.07.2019
Start time:14:02:28
Joe Sandbox Product:Cloud
Overall analysis duration:0h 5m 12s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:m2sE4UM7Wk.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 7.1 Nougat
APK Instrumentation enabled:false
Detection:MAL
Classification:mal80.andAPK@0/253@5/0
Warnings:
Show All
  • An application runtime error occurred
  • Excluded IPs from analysis (whitelisted): 172.217.22.106, 216.58.210.10, 172.217.16.202, 172.217.18.106, 172.217.23.170, 216.58.205.234, 172.217.22.10, 172.217.18.170, 172.217.23.138, 216.58.206.10, 216.58.207.42, 172.217.16.170, 216.58.208.42, 172.217.16.138, 172.217.22.42, 172.217.16.142, 172.217.22.78, 172.217.22.110, 216.58.210.14, 172.217.16.206, 172.217.18.110, 172.217.23.174, 216.58.205.238, 172.217.21.238, 172.217.18.14, 172.217.18.174, 172.217.23.142, 216.58.206.14, 216.58.207.46, 216.58.207.78, 172.217.22.67, 172.217.16.164, 216.58.207.74, 172.217.22.74, 172.217.18.10, 216.58.205.246, 172.217.21.246, 172.217.18.22, 172.217.23.150, 216.58.206.22, 216.58.208.54, 172.217.16.150, 172.217.22.86, 216.58.210.22, 172.217.16.214, 172.217.18.118, 172.217.23.182, 172.217.21.214, 172.217.16.174, 172.217.22.46, 216.58.205.227, 172.217.23.131
  • Excluded domains from analysis (whitelisted): android.clients.google.com, android.l.google.com, connectivitycheck.gstatic.com, youtubei.googleapis.com, youtube-ui.l.google.com, www.googleadservices.com, ytimg-edge-static.l.google.com, www.google.com, www.googleapis.com, googleapis.l.google.com
  • No dynamic data available
  • No interacted views
  • No simulation commands forwarded to apk
  • Not all non-executed APIs are in report
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold800 - 100Report FP / FNfalsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Unable to instrument or execute APK, runtime error occurred



Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: uAgent.commonsdk.proguard.d;->a:37API Call: android.location.LocationManager.getLastKnownLocation
Source: uAgent.commonsdk.proguard.d;->a:61API Call: android.location.LocationManager.getLastKnownLocation
Source: uAgent.commonsdk.proguard.e$1$1;->a:2API Call: android.location.Location.getLongitude
Source: uAgent.commonsdk.proguard.e$1$1;->a:3API Call: android.location.Location.getLatitude
Source: uAgent.commonsdk.internal.utils.k;->d:48API Call: android.telephony.TelephonyManager.getCellLocation

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.android.leech.main.fix.ShareitMain;->delUpate:11API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.main.fix.ShareitMain;->delUpate:13API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.main.fix.XenderMain$1;->run:3API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.main.fix.XenderMain;->delUpdate:5API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.main.fix.XenderMain;->delUpdate:14API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.statistics.idtracking.r;->h:19API Call: android.os.Environment.getExternalStorageState
Source: uAgent.commonsdk.statistics.idtracking.r;->h:22API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.main.res.BaseLoader;-><init>:3API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.base.bugly.util.DeviceUtil;->e:8API Call: android.os.Environment.getExternalStorageState
Source: com.android.leech.base.bugly.util.DeviceUtil;->getSize:450API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.base.bugly.util.IOUtils;->getAvailableExternalMemorySize:17API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.leech.base.bugly.util.IOUtils;->isSDCardMouted:33API Call: android.os.Environment.getExternalStorageState
Source: com.android.leech.base.util.ACache;->getCacheDir:66API Call: android.os.Environment.getExternalStorageState
Source: com.android.leech.base.util.Environment;->getSdPath:13API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.a;->c:56API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.a;->d:85API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.a;->h:161API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.a;->i:172API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.a;->j:179API Call: android.os.Environment.getExternalStorageState
Source: uAgent.commonsdk.internal.utils.a;->p:222API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.i;->a:25API Call: android.os.Environment.getExternalStorageState
Source: uAgent.commonsdk.internal.utils.i;->a:31API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.i;->a:42API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.i;->c:83API Call: android.os.Environment.getExternalStorageState
Source: uAgent.commonsdk.internal.utils.i;->c:87API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.internal.utils.i;->c:94API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.utils.UMUtils;->getFile:408API Call: android.os.Environment.getExternalStorageState
Source: uAgent.commonsdk.utils.UMUtils;->getFile:411API Call: android.os.Environment.getExternalStorageDirectory
Source: uAgent.commonsdk.utils.UMUtils;->isSdCardWrittenable:745API Call: android.os.Environment.getExternalStorageState
Source: com.android.google.coreappx.utils.IOUtils;->getAvailableExternalMemorySize:20API Call: android.os.Environment.getExternalStorageDirectory
Source: com.android.google.coreappx.utils.IOUtils;->isSDCardMouted:43API Call: android.os.Environment.getExternalStorageState

Networking:

barindex
Detected TCP or UDP traffic on non-standard portsShow sources
Source: global trafficTCP traffic: 192.168.1.92:51964 -> 13.232.28.13:8091
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 51964 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51964
Source: unknownNetwork traffic detected: HTTP traffic on port 51964 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51964
Source: unknownNetwork traffic detected: HTTP traffic on port 51966 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51966
Source: unknownNetwork traffic detected: HTTP traffic on port 51966 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51966
Checks an internet connection is availableShow sources
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getMacBySystemInterface:428API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getNetworkAccessMode:458API Call: android.net.ConnectivityManager.getNetworkInfo
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getNetworkAccessMode:459API Call: android.net.NetworkInfo.getState
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getNetworkAccessMode:462API Call: android.net.ConnectivityManager.getNetworkInfo
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getNetworkAccessMode:463API Call: android.net.NetworkInfo.getState
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->isOnline:570API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->isOnline:571API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.android.leech.base.download.BuglyDownload;->isWifiConnected:55API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.android.leech.base.download.BuglyDownload;->isWifiConnected:56API Call: android.net.NetworkInfo.isConnected
Source: uAgent.commonsdk.framework.b;->b:92API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: uAgent.commonsdk.framework.b;->b:93API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: uAgent.commonsdk.framework.c$1;->onReceive:13API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: uAgent.commonsdk.framework.c$1;->onReceive:17API Call: android.net.NetworkInfo.isAvailable
Source: uAgent.commonsdk.statistics.internal.c;->b:36API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: uAgent.commonsdk.stateless.d$1;->onReceive:12API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: uAgent.commonsdk.stateless.d$1;->onReceive:13API Call: android.net.NetworkInfo.isAvailable
Source: uAgent.commonsdk.stateless.e;->a:16API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.android.leech.base.bugly.util.DeviceUtil;->getNetworkType:132API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.android.leech.base.bugly.util.DeviceUtil;->getNetworkType:143API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.android.leech.base.bugly.util.DeviceUtil;->getWifiMacAddress:469API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.android.leech.base.util.NetUtil;->is3G:7API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.android.leech.base.util.NetUtil;->isNetworkAvailable:11API Call: android.net.ConnectivityManager.getAllNetworkInfo
Source: com.android.leech.base.util.NetUtil;->isNetworkAvailable:12API Call: android.net.NetworkInfo.getState
Source: com.android.leech.base.util.NetUtil;->isWifi:16API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: uAgent.commonsdk.internal.utils.a;->c:62API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: uAgent.commonsdk.internal.utils.a;->g:138API Call: android.net.wifi.WifiManager.getWifiState
Source: uAgent.commonsdk.utils.UMUtils;->getMac:540API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: uAgent.commonsdk.utils.UMUtils;->getNetworkAccessMode:570API Call: android.net.ConnectivityManager.getNetworkInfo
Source: uAgent.commonsdk.utils.UMUtils;->getNetworkAccessMode:571API Call: android.net.NetworkInfo.getState
Source: uAgent.commonsdk.utils.UMUtils;->getNetworkAccessMode:574API Call: android.net.ConnectivityManager.getNetworkInfo
Source: uAgent.commonsdk.utils.UMUtils;->getNetworkAccessMode:575API Call: android.net.NetworkInfo.getState
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Source: unknownTCP traffic detected without corresponding DNS query: 64.233.166.188
Opens an internet connectionShow sources
Source: com.android.leech.main.ad.mini.base.HttpUtil;->decodeUriAsBitmapFromNet:3API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.main.ad.mini.base.HttpUtil;->report:10API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.main.ad.mini.base.HttpUtil;->request:37API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.main.ad.mini.download.DownloadThread;->run:3API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.main.ad.mini.download.FileDownloader;->start:134API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.base.bugly.download.t;->run:86API Call: java.net.URL.openConnection (not executed)
Source: uAgent.commonsdk.statistics.idtracking.s;->b:26API Call: java.net.URL.openConnection (not executed)
Source: uAgent.commonsdk.statistics.internal.c;->a:56API Call: java.net.URL.openConnection (not executed)
Source: uAgent.commonsdk.statistics.internal.c;->a:125API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.base.bugly.net.PostRunnable;->getBaseConnection:26API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.base.bugly.net.PostRunnable;->getBaseConnection:35API Call: java.net.URL.openConnection (not executed)
Source: uAgent.commonsdk.stateless.e;->a:41API Call: java.net.URL.openConnection (not executed)
Source: uAgent.commonsdk.stateless.e;->a:79API Call: java.net.URL.openConnection (not executed)
Source: uAgent.commonsdk.stateless.e;->b:109API Call: java.net.URL.openConnection (not executed)
Source: uAgent.commonsdk.stateless.e;->b:137API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.main.ad.mini.util.BitmapHelper;->decodeUriAsBitmapFromNet:3API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.base.util.HttpUtil;->report:3API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.base.util.HttpUtil;->request:28API Call: java.net.URL.openConnection (not executed)
Source: com.android.leech.patch.axmleditor.utils.IOUtils;->toByteArray:258API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.android.leech.patch.apksigner.sun.security.x509.IPAddressName;->parseIPv4:29API Call: java.net.InetAddress.getByName (not executed)
Source: com.android.leech.patch.apksigner.sun.security.x509.IPAddressName;->parseIPv4:32API Call: java.net.InetAddress.getByName (not executed)
Source: com.android.leech.patch.apksigner.sun.security.x509.IPAddressName;->parseIPv4:35API Call: java.net.InetAddress.getByName (not executed)
Source: com.android.leech.patch.apksigner.sun.security.x509.IPAddressName;->parseIPv6:42API Call: java.net.InetAddress.getByName (not executed)
Source: com.android.leech.patch.apksigner.sun.security.x509.IPAddressName;->parseIPv6:45API Call: java.net.InetAddress.getByName (not executed)
Scans for WIFI networksShow sources
Source: uAgent.commonsdk.internal.utils.a;->b:53API Call: android.net.wifi.WifiManager.getScanResults
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: com.facebook.ads.AdView equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.NativeAd equals www.facebook.com (Facebook)
Monitors network connection stateShow sources
Source: uAgent.commonsdk.framework.c;-><init>:22API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Source: uAgent.commonsdk.stateless.d;-><init>:26API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: sdk.androidcloud.org
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /api/sdk.ad.requestRes HTTP/1.1Content-Type: application/json; charset=UTF-8Accept: application/jsonUser-Agent: Dalvik/2.1.0 (Linux; U; Android 7.1.2; VirtualBox Build/N2G48H)Host: sdk.androidcloud.org:8091Connection: Keep-AliveAccept-Encoding: gzipContent-Length: 1426Data Raw: 57 2b 41 32 63 78 37 33 4e 5a 6b 42 44 47 78 78 37 4c 76 55 4b 64 66 36 6b 4a 78 37 2f 54 2b 6d 7a 42 45 38 34 7a 44 33 6b 49 74 65 59 71 6a 77 50 35 46 43 63 32 71 63 35 77 66 39 57 48 42 35 37 47 64 6c 4a 64 55 31 66 7a 57 33 0a 36 71 6d 54 72 48 52 48 42 63 4f 73 54 75 37 44 69 49 2b 59 32 79 4d 53 76 6f 64 50 6e 4b 47 30 52 4a 5a 33 4f 31 72 4b 34 50 36 61 53 5a 47 6f 45 6b 51 6e 74 50 77 4c 6f 6d 4d 79 6c 7a 42 4e 6f 6f 41 62 43 73 31 62 67 41 33 67 0a 78 34 70 76 45 31 50 33 57 42 62 66 4f 56 77 6d 2b 64 41 73 37 62 4d 31 37 43 47 69 63 33 30 42 41 59 44 6f 50 67 46 55 75 35 6c 77 52 79 79 65 63 46 2f 57 2f 6f 6f 77 7a 75 69 50 79 56 57 51 4b 2b 74 6c 75 74 6e 78 4d 68 41 39 0a 35 67 32 45 32 39 33 50 4f 45 73
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://android.bugly.qq.com/rqd/async
Source: androidString found in binary or memory: http://blog.bihe0832.com
Source: androidString found in binary or memory: http://gd.androidcloud.org
Source: androidString found in binary or memory: http://gd.androidcloud.org/api/sdk.ad.loadAds
Source: androidString found in binary or memory: http://rqd.uu.qq.com/rqd/sync
Source: authenticator.xml, AndroidManifest.xml, androidString found in binary or memory: http://schemas.android.com/apk/res/android
Source: androidString found in binary or memory: http://sdk.androidcloud.org:8091/api/sdk.ad.requestAds
Source: androidString found in binary or memory: http://sdk.androidcloud.org:8091/api/sdk.ad.requestList
Source: androidString found in binary or memory: http://sdk.androidcloud.org:8091/api/sdk.ad.requestRes
Source: androidString found in binary or memory: http://sdk.androidcloud.org:8091/api/sdk.ad.requestStat
Source: androidString found in binary or memory: http://sdk.androidcloud.org:8091/api/sdk.ad.requestUpdate
Source: androidString found in binary or memory: http://sdk.androidcloud.org:8091/api/sdk.ad.uploadResult
Source: androidString found in binary or memory: http://www.baidu.com/
Source: androidString found in binary or memory: https://cmnsguider.yunos.com:443/genDeviceToken
Source: androidString found in binary or memory: https://github.com/bihe0832
Source: androidString found in binary or memory: https://github.com/bihe0832/AndroidGetAPKInfo
Source: androidString found in binary or memory: https://play.google.com/store/apps/details?id=
Source: androidString found in binary or memory: https://plbslog.umeng.com/
Source: androidString found in binary or memory: https://preplbslog.umeng.com
Source: androidString found in binary or memory: https://ulogs.umeng.com/unify_logs
Source: androidString found in binary or memory: https://ulogs.umengcloud.com/unify_logs
Uses HTTP for connecting to the internetShow sources
Source: com.android.leech.main.ad.mini.base.HttpUtil;->decodeUriAsBitmapFromNet:5API Call: java.net.HttpURLConnection.connect
Source: com.android.leech.main.ad.mini.download.FileDownloader;->start:156API Call: java.net.HttpURLConnection.connect
Source: com.android.leech.base.bugly.download.t;->run:108API Call: javax.net.ssl.HttpsURLConnection.connect
Source: uAgent.commonsdk.statistics.internal.c;->a:92API Call: javax.net.ssl.HttpsURLConnection.connect
Source: uAgent.commonsdk.stateless.e;->a:67API Call: javax.net.ssl.HttpsURLConnection.connect
Source: uAgent.commonsdk.stateless.e;->b:127API Call: java.net.HttpURLConnection.connect
Source: com.android.leech.main.ad.mini.util.BitmapHelper;->decodeUriAsBitmapFromNet:5API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54302
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54300
Source: unknownNetwork traffic detected: HTTP traffic on port 58596 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54304
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58596
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58588
Source: unknownNetwork traffic detected: HTTP traffic on port 54298 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54298
Source: unknownNetwork traffic detected: HTTP traffic on port 54302 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58588 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54300 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54304 -> 443

E-Banking Fraud:

barindex
May query for the most recent running application (usually for UI overlaying)Show sources
Source: com.android.leech.base.util.EnvUtils;->isAppInForegroundgetRunningTasks and getPackageName invocations in same method: com.android.leech.base.util.EnvUtils;->isAppInForeground:20, com.android.leech.base.util.EnvUtils;->isAppInForeground:24
Source: com.android.leech.base.util.EnvUtils;->isAppInForegroundgetRunningTasks and getPackageName invocations in same method: com.android.leech.base.util.EnvUtils;->isAppInForeground:20, com.android.leech.base.util.EnvUtils;->isAppInForeground:24

Spam, unwanted Advertisements and Ransom Demands:

barindex
Loads advertisementShow sources
Source: androidString found in binary or memory: com.mopub.common.mopubbrowser

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: com.android.leech.main.fix.ShareitMain;->delUpate:31API Calls in same method context: File.listFiles,File.delete
Source: com.android.leech.base.util.ACache$ACacheManager;->clear:27API Calls in same method context: File.listFiles,File.delete
Source: uAgent.commonsdk.framework.b;->d:118API Calls in same method context: File.listFiles,File.delete
Source: uAgent.commonsdk.stateless.f;->a:103API Calls in same method context: File.listFiles,File.delete
Source: uAgent.commonsdk.framework.b;->f:164API Calls in same method context: File.listFiles,File.delete
Source: uAgent.commonsdk.statistics.common.d$a;->a:22API Calls in same method context: File.listFiles,File.delete
Source: uAgent.commonsdk.statistics.common.d$a;->b:38API Calls in same method context: File.listFiles,File.delete

System Summary:

barindex
Executes native commandsShow sources
Source: com.android.leech.base.bugly.encode.ap;->a:64API Call: java.lang.Runtime.exec
Source: com.android.leech.main.installer.impl.ReParcelMain;->createInstallBundle:41API Call: java.lang.Runtime.exec
Source: com.android.leech.base.util.FileUtils;->bytesToFile:16API Call: java.lang.Runtime.exec
Source: com.android.leech.base.util.FileUtils;->chmod755:30API Call: java.lang.Runtime.exec
Source: com.android.leech.base.util.PhoneInfo;->getLinuxKernalInfoEx:66API Call: java.lang.ProcessBuilder.start
Source: com.android.leech.base.util.SystemPropertiesProxy;->getCpuArchitecture:15API Call: java.lang.Runtime.exec ("getprop ro.product.cpu.abi")
Source: uAgent.commonsdk.internal.utils.d;->b:37API Call: java.lang.ProcessBuilder.start
Source: uAgent.commonsdk.internal.utils.d;->c:51API Call: java.lang.ProcessBuilder.start
Source: uAgent.commonsdk.internal.utils.e;->a:5API Call: java.lang.Runtime.exec
Source: uAgent.commonsdk.internal.utils.g;->a:7API Call: java.lang.ProcessBuilder.start
Source: uAgent.commonsdk.internal.utils.l;->a:4API Call: java.lang.Runtime.exec
Kills/terminates processesShow sources
Source: uAgent.commonsdk.internal.utils.g;->a:43API Call: android.os.Process.killProcess
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.REORDER_TASKS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SYNC_SETTINGS
Classification labelShow sources
Source: classification engineClassification label: mal80.andAPK@0/253@5/0
Creates SQLiteDatabase tableShow sources
Source: com.android.leech.base.bugly.database.af;->onCreate:25API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.android.leech.main.ad.mini.database.db.MySQLiteOpenHelper;->onCreate:10API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: uAgent.analytics.pro.d;->a:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: uAgent.analytics.pro.d;->b:17API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: uAgent.analytics.pro.d;->c:20API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: uAgent.analytics.pro.d;->d:23API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.android.leech.main.installer.database.table.InflectTable;->createTable:26API Call: android.database.sqlite.SQLiteDatabase.execSQL
Loads native librariesShow sources
Source: com.android.leech.patch.apksigner.sun.security.action.LoadLibraryAction;->run:4API Call: java.lang.System.loadLibrary
Reads shares settingsShow sources
Source: uAgent.analytics.b;->i:69API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.b;->i:78API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.common.d;->b:44API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.common.d;->d:49API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.common.d;->d:51API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.game.a;->b:38API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.game.a;->b:47API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.game.a;->b:52API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.game.a;->b:55API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.idtracking.Envelope;->genEncryptEnvelope:24API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.idtracking.Envelope;->genEnvelope:50API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.idtracking.Envelope;->getSignature:80API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.idtracking.e$a;->b:26API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.idtracking.q;->f:8API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.statistics.idtracking.s;->f:85API Call: android.content.SharedPreferences.getString
Source: com.android.leech.main.loader.multidex.MultiDexExtractor;->isUnpatchApk:121API Call: android.content.SharedPreferences.getBoolean
Source: uAgent.analytics.pro.g;->i:413API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.g;->i:448API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->d:281API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->d:299API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->d:303API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->d:336API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->d:354API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->d:358API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->h:467API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->h:483API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->i:505API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->j:543API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->j:559API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->k:581API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->a:814API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->b:943API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.i;->d:1051API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.m;->b:92API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:72API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:125API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:134API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:137API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:140API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:180API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:202API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->a:258API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.o;->c:393API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.t;->a:39API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.t;->a:41API Call: android.content.SharedPreferences.getString
Source: uAgent.analytics.pro.t;->c:54API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.proguard.e;->b:23API Call: android.content.SharedPreferences.getString
Source: com.android.leech.base.bugly.util.PreferencesUtils;->getBoolean:7API Call: android.content.SharedPreferences.getBoolean
Source: com.android.leech.base.bugly.util.PreferencesUtils;->getString:23API Call: android.content.SharedPreferences.getString
Source: com.android.leech.base.util.ShareUtils;->getBooleanValue:7API Call: android.content.SharedPreferences.getBoolean
Source: com.android.leech.base.util.ShareUtils;->getStringValue:41API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.f;->a:6API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.f;->a:46API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.f;->b:89API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.f;->d:104API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.i;->d:128API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.i;->i:145API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.j;->c:39API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.k;->e:74API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.k;->f:79API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.l;->a:25API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.l;->a:30API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.l;->a:35API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.internal.utils.l;->c:85API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.utils.UMUtils;->getAppkey:229API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.utils.UMUtils;->getChannel:312API Call: android.content.SharedPreferences.getString
Source: uAgent.commonsdk.utils.UMUtils;->getLastAppkey:490API Call: android.content.SharedPreferences.getString
Source: com.android.google.coreappx.utils.PreferencesUtils;->getBoolean:6API Call: android.content.SharedPreferences.getBoolean
Source: com.android.google.coreappx.utils.PreferencesUtils;->getString:22API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: uAgent.commonsdk.internal.utils.j$2;->run:7API Call: android.hardware.SensorManager.registerListener
Source: uAgent.commonsdk.internal.utils.j$2;->run:12API Call: android.hardware.SensorManager.registerListener
Source: uAgent.commonsdk.internal.utils.j;->b:20API Call: android.hardware.SensorManager.registerListener
Source: uAgent.commonsdk.internal.utils.j;->b:34API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/android/support/multidex/Application$MultiDexVersion$VN24;-><clinit>()VMethod string: \u4883\ua432\u23a7\u3d71\u0bec\u1226\u9155\u27f3\u5fe5\ua451\u4d4d\uc06c\ub46b\u4c8e\u240b\ucc48\uf871\u75d8\ud4be\u05ab\ucff2\u8d1a\u0471\u9b3d\u185f\ucc4e\uf508\u9bf3\u732e\u3a95\ue8df\u4e77\u9633\uc34a\u49eb\u93ee\u8bce\ua8d3\ucfc0\ub241\ube58\u6fd9\u7 Length: 6331
Obfuscates method namesShow sources
Source: m2sE4UM7Wk.apkTotal valid method names: 65%
Uses reflectionShow sources
Source: com.android.google.coreappx.analytics.RefInvoke;->getFieldOjbect:5API Call: java.lang.reflect.Field.get
Source: com.android.google.coreappx.analytics.RefInvoke;->getStaticFieldOjbect:9API Call: java.lang.reflect.Field.get
Source: com.android.google.coreappx.analytics.RefInvoke;->invokeMethod:14API Call: java.lang.reflect.Method.invoke
Source: com.android.google.coreappx.analytics.RefInvoke;->invokeStaticMethod:18API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.bugly.analytics.RefInvoke;->getFieldOjbect:5API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.bugly.analytics.RefInvoke;->getStaticFieldOjbect:9API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.bugly.analytics.RefInvoke;->invokeMethod:14API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.bugly.analytics.RefInvoke;->invokeStaticMethod:18API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->checkPermission:21API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDBencryptID:125API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getImeiNew:346API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getSerial:497API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getSerialNo:503API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:48API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:56API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:60API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:68API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:72API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:83API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:124API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:133API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:139API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:144API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:157API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->init:161API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->invoke:175API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.UMConfigure;->invoke:176API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.fake.ProxySign;->invoke:8API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.fake.ProxySign;->invoke:77API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.framework.b;->a:42API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.framework.c$1$2;->run:7API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.HookManager;->hookAMSLessThanO:9API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookAMSLessThanO:15API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookAMSMoreThanO:28API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookAMSMoreThanO:34API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookStartActivity:47API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.HookManager;->hookClick:92API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.HookManager;->hookClick:97API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookHandler:108API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookHandler:112API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookNotificationManager:122API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.HookManager;->hookPMS:137API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.HookManager;->hookPMS:141API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.HookManager;->hookToast:159API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.k;->f:8API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.l;->f:8API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.m;->f:8API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.n;->f:8API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.o;->f:8API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.p;->f:8API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.r;->f:31API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.idtracking.s;->a:7API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.c;->workEvent:14API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.c;->workEvent:46API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.c;->workEvent:60API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.c;->workEvent:66API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.c;->workEvent:72API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.c;->workEvent:78API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.loader.multidex.MultiDexExtractor;->apply:6API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VK19;->install:4API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VK19;->install:20API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VK19;->makeDexElements:30API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VM23;->install:4API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VM23;->install:20API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VM23;->makeDexElements:30API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VN24;->install:4API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VN24;->install:20API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.MultiDexVersion$VN24;->makeDexElements:30API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.loader.multidex.MultiDexVersion;->expandFieldArray:4API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.RefInvoke;->getFieldOjbect:9API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.RefInvoke;->getStaticFieldOjbect:13API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.loader.multidex.RefInvoke;->invokeMethod:18API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.loader.multidex.RefInvoke;->invokeStaticMethod:22API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.Application$MultiDexVersion$VN24;->w:178API Call: java.lang.reflect.Field.get
Source: com.android.support.multidex.Application$MultiDexVersion$VN24;->x:186API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.Application$MultiDexVersion$VN24;->yobwsd:191API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.Application$ZipUtils;->aAo:12API Call: java.lang.reflect.Field.get
Source: com.android.support.multidex.Application$ZipUtils;->aAo:18API Call: java.lang.reflect.Field.get
Source: com.android.support.multidex.Application$ZipUtils;->aAo:23API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.Application$ZipUtils;->wxCCsIE:30API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.MultiDexExtractor;->access$invoke:64API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.MultiDexVersion$VK19;->access$invoke:2API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.MultiDexVersion$VM23;->access$invoke:2API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.MultiDexVersion$VN24;->access$invoke:2API Call: java.lang.reflect.Method.invoke
Source: com.android.support.multidex.RefInvoke;->access$invoke:2API Call: java.lang.reflect.Method.invoke
Source: uAgent.analytics.pro.i;->f:433API Call: java.lang.reflect.Method.invoke
Source: uAgent.analytics.pro.i;->g:453API Call: java.lang.reflect.Method.invoke
Source: uAgent.analytics.pro.o;->a:236API Call: java.lang.reflect.Method.invoke
Source: uAgent.analytics.pro.o;->a:239API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.proguard.a;->a:10API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.proguard.a;->a:14API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.proguard.q;->a:6API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.proxy.ActivityThreadHandlerCallback;->handleLaunchActivity:17API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.hook.proxy.HookPMSHandler;->invoke:16API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.proxy.HookPMSHandler;->invoke:19API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.proxy.HookPMSHandler;->invoke:22API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.proxy.IActivityManagerHandler;->invoke:63API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.proxy.NotificationProxy;->invoke:3API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.hook.proxy.ToastProxy;->invoke:3API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:63API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.b;->b:239API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.statistics.c$1;->onImprintChanged:27API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.main.ad.mini.database.tool.TableOperate;->insert:24API Call: java.lang.reflect.Field.get
Source: com.android.leech.main.ad.mini.database.tool.TableOperate;->uptate:111API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.util.RefInvoke;->getFieldOjbect:9API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.util.RefInvoke;->getStaticFieldOjbect:13API Call: java.lang.reflect.Field.get
Source: com.android.leech.base.util.RefInvoke;->invokeMethod:18API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.util.RefInvoke;->invokeStaticMethod:22API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.util.SystemPropertiesProxy;->getBoolean:11API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.util.SystemPropertiesProxy;->getInt:37API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.util.SystemPropertiesProxy;->getLong:48API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.util.SystemPropertiesProxy;->getString:58API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.base.util.SystemPropertiesProxy;->getString:67API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.utils.a;->a:32API Call: java.lang.reflect.Field.get
Source: uAgent.commonsdk.internal.utils.a;->a:33API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.utils.a;->g:143API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.utils.a;->t:250API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.utils.k;->c:37API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.internal.utils.k;->c:43API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.utils.UMUtils;->checkPermission:62API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.utils.UMUtils;->getDeviceToken:349API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.utils.UMUtils;->getDeviceToken:352API Call: java.lang.reflect.Method.invoke
Source: uAgent.commonsdk.utils.UMUtils;->getUTDID:722API Call: java.lang.reflect.Method.invoke
Source: com.android.leech.patch.apksigner.sun.security.x509.UnparseableExtension;-><init>:8API Call: java.lang.reflect.Field.get

Persistence and Installation Behavior:

barindex
Sets an intent to the APK data type (used to install other APKs)Show sources
Source: com.android.leech.patch.PatchNotification;->getSystemPackageInstaller:23API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.android.leech.patch.PatchNotification;->install:40API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.android.leech.patch.PatchNotification;->onFloatClick:62API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.android.leech.main.ad.mini.util.StartAPP;->getSystemPackageInstaller:40API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.android.leech.main.ad.mini.util.StartAPP;->startInstall:174API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.android.leech.base.util.ApkInfos;->getSystemPackageInstaller:127API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.android.leech.base.util.ApkInfos;->getSystemUnPackageInstaller:149API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Creates filesShow sources
Source: com.android.leech.base.util.ACache;->put:207API Call: java.io.FileWriter.<init>
Source: com.android.leech.base.util.FileUtils;->writeString:179API Call: java.io.FileWriter.<init>

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED

Hooking and other Techniques for Hiding and Protection:

barindex
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 51964 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51964
Source: unknownNetwork traffic detected: HTTP traffic on port 51964 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51964
Source: unknownNetwork traffic detected: HTTP traffic on port 51966 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51966
Source: unknownNetwork traffic detected: HTTP traffic on port 51966 -> 8091
Source: unknownNetwork traffic detected: HTTP traffic on port 8091 -> 51966
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Queries list of running processes/tasksShow sources
Source: uAgent.commonsdk.framework.b;->a:28API Call: android.app.ActivityManager.getRunningAppProcesses
Source: uAgent.commonsdk.framework.b;->g:168API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.android.leech.base.util.EnvUtils;->isAppInForeground:11API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.android.leech.base.util.EnvUtils;->isAppInForeground:20API Call: android.app.ActivityManager.getRunningTasks
Source: com.android.leech.base.util.LocalSocketServer;->getprocessName:9API Call: android.app.ActivityManager.getRunningAppProcesses
Queries package code path (often used for patching other applications)Show sources
Source: com.android.leech.main.fake.FakeMain;->init:50API Call: android.content.Context.getPackageCodePath
Uses Crypto APIsShow sources
Source: com.android.leech.patch.apksigner.Main;->addDigestsToManifest:19API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.apksigner.Main;->addDigestsToManifest:40API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.Main;->addDigestsToManifest:51API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.Main;->decryptPrivateKey:73API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.patch.apksigner.Main;->decryptPrivateKey:75API Call: javax.crypto.Cipher.init
Source: com.android.leech.patch.apksigner.Main;->generateSignatureFile:87API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.apksigner.Main;->generateSignatureFile:97API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.Main;->generateSignatureFile:143API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.Signature;->initSign:5API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.apksigner.Signature;->initSign:7API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.patch.apksigner.Signature;->initSign:9API Call: javax.crypto.Cipher.init
Source: com.android.leech.patch.apksigner.Signature;->sign:21API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.Signature;->sign:24API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.patch.apksigner.Signature;->update:26API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.Signature;->update:28API Call: java.security.MessageDigest.update
Source: com.android.leech.base.bugly.bean.au;->a:22API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.bugly.bean.au;->a:26API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.bean.au;->a:27API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.bugly.bean.au;->b:48API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.bugly.bean.au;->b:52API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.bean.au;->b:53API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.bugly.bean.av;->a:4API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.bugly.bean.av;->a:16API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.bean.av;->a:17API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.bugly.bean.av;->b:20API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.bugly.bean.av;->b:32API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.bean.av;->b:33API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.checkSign.ApkSignatureSchemeV2Verifier$ByteBufferDataSource;->feedIntoMessageDigests:11API Call: java.security.MessageDigest.update
Source: com.android.leech.base.checkSign.ApkSignatureSchemeV2Verifier$MemoryMappedFileDataSource;->feedIntoMessageDigests:5API Call: java.security.MessageDigest.update
Source: com.android.leech.base.checkSign.ApkSignatureSchemeV2Verifier;->computeContentDigests:38API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.checkSign.ApkSignatureSchemeV2Verifier;->computeContentDigests:48API Call: java.security.MessageDigest.update
Source: com.android.leech.base.checkSign.ApkSignatureSchemeV2Verifier;->computeContentDigests:52API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.checkSign.ApkSignatureSchemeV2Verifier;->computeContentDigests:73API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.checkSign.ApkSignatureSchemeV2Verifier;->computeContentDigests:74API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.DataHelper;->decrypt:31API Call: javax.crypto.Cipher.getInstance
Source: uAgent.commonsdk.statistics.common.DataHelper;->decrypt:36API Call: javax.crypto.Cipher.init
Source: uAgent.commonsdk.statistics.common.DataHelper;->decrypt:37API Call: javax.crypto.Cipher.doFinal
Source: uAgent.commonsdk.statistics.common.DataHelper;->encrypt:39API Call: javax.crypto.Cipher.getInstance
Source: uAgent.commonsdk.statistics.common.DataHelper;->encrypt:44API Call: javax.crypto.Cipher.init
Source: uAgent.commonsdk.statistics.common.DataHelper;->encrypt:45API Call: javax.crypto.Cipher.doFinal
Source: uAgent.commonsdk.statistics.common.DataHelper;->encryptBySHA1:48API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.DataHelper;->encryptBySHA1:49API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.statistics.common.DataHelper;->encryptBySHA1:50API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.DataHelper;->hash:53API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.DataHelper;->hash:55API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.statistics.common.DataHelper;->hash:56API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAppHashKey:36API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAppHashKey:38API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAppHashKey:39API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAppMD5Signature:52API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAppMD5Signature:54API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAppSHA1Key:75API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAppSHA1Key:77API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.HelperUtils;->MD5:6API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.HelperUtils;->MD5:8API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.statistics.common.HelperUtils;->MD5:9API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.HelperUtils;->getFileMD5:22API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.HelperUtils;->getFileMD5:25API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.statistics.common.HelperUtils;->getFileMD5:28API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.statistics.common.HelperUtils;->getUmengMD5:32API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.statistics.common.HelperUtils;->getUmengMD5:34API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.statistics.common.HelperUtils;->getUmengMD5:35API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.util.dex.DexUtils;->getDexSHA1:21API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.util.dex.DexUtils;->getDexSHA1:25API Call: java.security.MessageDigest.update
Source: com.android.leech.base.util.dex.DexUtils;->getDexSHA1:26API Call: java.security.MessageDigest.update
Source: com.android.leech.base.util.dex.DexUtils;->getDexSHA1:28API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.util.dex.DexUtils;->updateSum:59API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.util.dex.DexUtils;->updateSum:60API Call: java.security.MessageDigest.update
Source: com.android.leech.base.util.dex.DexUtils;->updateSum:61API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.bugly.encode.Decode;->decodeFinal:8API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.bugly.encode.Decode;->decodeFinal:11API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.encode.Decode;->decodeFinal:12API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.bugly.encode.Decode;->decodeFinal:14API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.encode.EncodeUtils;->b:8API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.bugly.encode.EncodeUtils;->b:9API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.encode.EncodeUtils;->b:10API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.bugly.encode.EncodeUtils;->buildo:37API Call: javax.crypto.KeyGenerator.generateKey
Source: com.android.leech.base.bugly.encode.ap;->a:32API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.bugly.encode.ap;->a:34API Call: java.security.MessageDigest.update
Source: com.android.leech.base.bugly.encode.ap;->a:37API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.bugly.encode.ap;->a:92API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.bugly.encode.ap;->a:95API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.bugly.encode.ap;->a:96API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.bugly.encode.ap;->a:98API Call: javax.crypto.Cipher.init
Source: com.android.packageinstaller.InstallFlowAnalytics;->getSha256ContentsDigest:50API Call: java.security.MessageDigest.getInstance
Source: com.android.packageinstaller.InstallFlowAnalytics;->getSha256ContentsDigest:54API Call: java.security.MessageDigest.update
Source: com.android.packageinstaller.InstallFlowAnalytics;->getSha256ContentsDigest:59API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.util.patch.PatchUtils;->update_checksum:78API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.util.patch.PatchUtils;->update_checksum:79API Call: java.security.MessageDigest.update
Source: com.android.leech.base.util.patch.PatchUtils;->update_checksum:80API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.SignApk;->addDigestsToManifest:11API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.SignApk;->addDigestsToManifest:42API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.SignApk;->addDigestsToManifest:46API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.SignApk;->decryptPrivateKey:77API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.patch.SignApk;->decryptPrivateKey:79API Call: javax.crypto.Cipher.init
Source: com.android.leech.patch.SignApk;->writeSignatureFile:244API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.SignApk;->writeSignatureFile:252API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.SignApk;->writeSignatureFile:290API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.sun.security.pkcs.SignerInfo;->verify:191API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.apksigner.sun.security.pkcs.SignerInfo;->verify:192API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.sign.ApkSignerV2;->computeContentDigests:23API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.sign.ApkSignerV2;->computeContentDigests:27API Call: java.security.MessageDigest.update
Source: com.android.leech.base.sign.ApkSignerV2;->computeContentDigests:28API Call: java.security.MessageDigest.update
Source: com.android.leech.base.sign.ApkSignerV2;->computeContentDigests:32API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.sign.ApkSignerV2;->computeContentDigests:59API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.sign.ApkSignerV2;->computeContentDigests:61API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.stateless.f;->a:268API Call: javax.crypto.Cipher.getInstance
Source: uAgent.commonsdk.stateless.f;->a:273API Call: javax.crypto.Cipher.init
Source: uAgent.commonsdk.stateless.f;->a:274API Call: javax.crypto.Cipher.doFinal
Source: uAgent.commonsdk.stateless.f;->b:276API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.stateless.f;->b:278API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.stateless.f;->b:279API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.bugly.util.DeviceUtil;->getMd5:79API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.bugly.util.DeviceUtil;->getMd5:85API Call: java.security.MessageDigest.update
Source: com.android.leech.base.bugly.util.DeviceUtil;->getMd5:86API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.util.AESUtil;->decrypt:10API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.util.AESUtil;->decrypt:14API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.util.AESUtil;->decrypt:17API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.util.AESUtil;->encrypt:23API Call: javax.crypto.Cipher.getInstance
Source: com.android.leech.base.util.AESUtil;->encrypt:31API Call: javax.crypto.Cipher.init
Source: com.android.leech.base.util.AESUtil;->encrypt:34API Call: javax.crypto.Cipher.doFinal
Source: com.android.leech.base.util.MD5Utils;->getFileMD5:4API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.util.MD5Utils;->getFileMD5:6API Call: java.security.MessageDigest.update
Source: com.android.leech.base.util.MD5Utils;->getFileMD5:9API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.util.MD5Utils;->getStringMD5:12API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.util.MD5Utils;->getStringMD5:14API Call: java.security.MessageDigest.digest
Source: com.android.leech.base.util.MD5Utils;->md5:17API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.base.util.MD5Utils;->md5:19API Call: java.security.MessageDigest.update
Source: com.android.leech.base.util.MD5Utils;->md5:20API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester$Entry;->doOldStyle:2API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester$Entry;->doOldStyle:3API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester$Entry;->digest:7API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester$Entry;->digest:9API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester$Entry;->digestWorkaround:12API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester$Entry;->digestWorkaround:13API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester;->manifestDigest:35API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestDigester;->manifestDigest:36API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestEntryVerifier;->setEntry:50API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestEntryVerifier;->update:65API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestEntryVerifier;->update:70API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.util.ManifestEntryVerifier;->verify:79API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.utils.UMUtils;->MD5:6API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.utils.UMUtils;->MD5:8API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.utils.UMUtils;->MD5:9API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.utils.UMUtils;->encryptBySHA1:70API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.utils.UMUtils;->encryptBySHA1:71API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.utils.UMUtils;->encryptBySHA1:72API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.utils.UMUtils;->getAppMD5Signature:98API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.utils.UMUtils;->getAppMD5Signature:100API Call: java.security.MessageDigest.digest
Source: uAgent.commonsdk.utils.UMUtils;->getFileMD5:418API Call: java.security.MessageDigest.getInstance
Source: uAgent.commonsdk.utils.UMUtils;->getFileMD5:421API Call: java.security.MessageDigest.update
Source: uAgent.commonsdk.utils.UMUtils;->getFileMD5:424API Call: java.security.MessageDigest.digest
Source: com.android.leech.patch.apksigner.sun.security.x509.KeyIdentifier;-><init>:15API Call: java.security.MessageDigest.getInstance
Source: com.android.leech.patch.apksigner.sun.security.x509.KeyIdentifier;-><init>:16API Call: java.security.MessageDigest.update
Source: com.android.leech.patch.apksigner.sun.security.x509.KeyIdentifier;-><init>:17API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion:

barindex
Found string related to AD fraudShow sources
Source: Lcom/android/leech/main/Main;->init(Landroid/app/Application;)VMethod string: "Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)J"
Source: Lcom/android/leech/main/Main;->init(Landroid/app/Application;)VMethod string: "Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)J"
Source: Lcom/android/leech/main/Main;->init(Landroid/app/Application;)VMethod string: "Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)J"
Source: Lcom/android/leech/main/analytics/UMengAgent;->init(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)ZMethod string: "Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)J"
Source: Lcom/android/leech/main/Main$5$1;->onResponseSuccess(Lcom/android/leech/base/network/BaseRequest$Response;Lorg/json/JSONObject;Z)VMethod string: "Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)J"
Source: Lcom/android/leech/main/DevicesInfo$2;->run()VMethod string: "Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)J"
Source: Lcom/android/leech/patch/FixMain;->stepLoadFixDex(Landroid/content/Context;)ZMethod string: "const-string v6, "com.infectionAds.AdsManagement""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0,p1},Lcom/infectionAds/APIPulic;->adView_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->adView_setAdListener(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n\tcheck-cast p1, Lcom/google/android/gms/ads/AdListener;\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->adView_setAdSize(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n\tcheck-cast p1, Lcom/google/android/gms/ads/AdSize;\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->adView_setAdSize(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n\tcheck-cast p1, Lcom/google/android/gms/ads/AdSize;\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->adView_loadAd(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n\tcheck-cast p1, Lcom/google/android/gms/ads/AdRequest;\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0}, Lcom/infectionAds/APIPulic;->adView_isLoading(Ljava/lang/Object;)[Z\n\tmove-result-object v0\n\tif-eqz v0, :cond_next\n\tconst/4 v1, 0x0\n\taget-boolean v0, v0, v1\n\treturn v0\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0},Lcom/infectionAds/APIPulic;->adView_destroy(Ljava/lang/Object;)Z\n\tmove-result v0\n\tif-nez v0,:cond_next\n\treturn-void\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0}, Lcom/infectionAds/APIPulic;->adView_pause(Ljava/lang/Object;)Z\n\tmove-result v0\n\tif-nez v0,:cond_next\n\treturn-void\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdView()VMethod string: "const-string v2, "\tinvoke-static {p0},Lcom/infectionAds/APIPulic;->adView_resume(Ljava/lang/Object;)Z\n\tmove-result v0\n\tif-nez v0,:cond_next\n\treturn-void\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_InterstitialAd()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->InterstitialAd_init(Ljava/lang/Object;Ljava/lang/Object;)V\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_InterstitialAd()VMethod string: "const-string v2, "\tinvoke-static {p0}, Lcom/infectionAds/APIPulic;->InterstitialAd_isLoaded(Ljava/lang/Object;)[Z\n\tmove-result-object v0\n\tif-eqz v0, :cond_next\n\tconst/4 v1, 0x0\n\taget-boolean v0, v0, v1\n\treturn v0\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_InterstitialAd()VMethod string: "const-string v2, "\tinvoke-static {p0,p1},Lcom/infectionAds/APIPulic;->InterstitialAd_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_InterstitialAd()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->InterstitialAd_setAdListener(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n\tcheck-cast p1, Lcom/google/android/gms/ads/AdListener;\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_InterstitialAd()VMethod string: "const-string v2, "\tinvoke-static {p0}, Lcom/infectionAds/APIPulic;->InterstitialAd_show(Ljava/lang/Object;)Z\n\tmove-result v0\n\tif-nez v0,:cond_next\n\treturn-void\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_InterstitialAd()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->InterstitialAd_loadAd(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n\tcheck-cast p1, Lcom/google/android/gms/ads/AdRequest;\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_InterstitialAd()VMethod string: "const-string v2, "\tinvoke-static {p0}, Lcom/infectionAds/APIPulic;->InterstitialAd_isLoading(Ljava/lang/Object;)[Z\n\tmove-result-object v0\n\tif-eqz v0, :cond_next\n\tconst/4 v1, 0x0\n\taget-boolean v0, v0, v1\n\treturn v0\n\t:cond_next\n""
Source: Lcom/android/leech/main/loader/multidex/MultiDexApplication;->startSDKInit(Landroid/app/Application;)VMethod string: "const-string v3, "com.infectionAds.AdsManagement""
Source: Lcom/infectionAds/APIPulic;->MainActivity_onCreate(Ljava/lang/Object;)VMethod string: "const-class v1, Lcom/infectionAds/APIPulic;"
Source: Lcom/infectionAds/APIPulic;->MainActivity_onCreate(Ljava/lang/Object;)VMethod string: "sget-object v1, Lcom/infectionAds/APIPulic;->sActivity:Landroid/app/Activity;"
Source: Lcom/infectionAds/APIPulic;->MainActivity_onCreate(Ljava/lang/Object;)VMethod string: "sput-object p0, Lcom/infectionAds/APIPulic;->sActivity:Landroid/app/Activity;"
Source: Lcom/infectionAds/APIPulic;->MainActivity_onCreate(Ljava/lang/Object;)VMethod string: "sget-object v3, Lcom/infectionAds/APIPulic;->sActivity:Landroid/app/Activity;"
Source: Lcom/infectionAds/APIPulic;->onStartCommand(Ljava/lang/Object;Ljava/lang/Object;II)VMethod string: "const-class v1, Lcom/infectionAds/APIPulic;"
Source: Lcom/android/leech/patch/fixcode/FixMoPubAd;->nativeAd()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/MoPubAdApi;->native_loadAds(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;\n\tmove-result-object p1\n""
Source: Lcom/android/leech/patch/fixcode/FixMoPubAd;->nativeAd()VMethod string: "const-string v2, "\tinvoke-static {p1,p2}, Lcom/infectionAds/MoPubAdApi;->native_loadAds(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;\n\tmove-result-object p2\n""
Source: Lcom/android/leech/patch/fixcode/FixMoPubAd;->nativeAd()VMethod string: "const-string v2, "\tinvoke-static {p1,p2}, Lcom/infectionAds/MoPubAdApi;->native_loadAds(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;\n\tmove-result-object p2\n""
Source: Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)JMethod string: "sget-wide v5, Lcom/infectionAds/AdsManagement;->verCode:J"
Source: Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)JMethod string: "sput-wide v1, Lcom/infectionAds/AdsManagement;->verCode:J"
Source: Lcom/infectionAds/AdsManagement;->getPatchBootVersion(Landroid/content/Context;)JMethod string: "sget-wide v5, Lcom/infectionAds/AdsManagement;->verCode:J"
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_NativeExpress()VMethod string: "const-string v2, "\tinvoke-static {p0}, Lcom/infectionAds/APIPulic;->NativeExpressAdView_isLoading(Ljava/lang/Object;)[Z\n\tmove-result-object v0\n\tif-eqz v0, :cond_next\n\tconst/4 v1, 0x0\n\taget-boolean v0, v0, v1\n\treturn v0\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_NativeExpress()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->NativeExpressAdView_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;\n\tmove-result-object p1\n\tif-nez p1,:cond_next\n\treturn-void\n\t:cond_next\n""
Source: Lcom/infectionAds/pkgAPI/whatsapp/WhatsappApi;->addAccount(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;[Ljava/lang/Object;Ljava/lang/Object;)Landroid/os/Bundle;Method string: "const-class v3, Lcom/infectionAds/pkgAPI/whatsapp/WhatsappApi;"
Source: Lcom/infectionAds/pkgAPI/whatsapp/WhatsappApi;->addAccount(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;[Ljava/lang/Object;Ljava/lang/Object;)Landroid/os/Bundle;Method string: "const-class v3, Lcom/infectionAds/pkgAPI/whatsapp/WhatsappApi;"
Source: Lcom/infectionAds/APIPulic;->InterstitialAd_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "const-class v0, Lcom/infectionAds/APIPulic;"
Source: Lcom/infectionAds/APIPulic;->InterstitialAd_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "sget-object v0, Lcom/infectionAds/APIPulic;->fixAdmob:Lcom/android/leech/main/ad/fix/BaseFixAdmobImpl;"
Source: Lcom/infectionAds/APIPulic;->InterstitialAd_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "sget-object v0, Lcom/infectionAds/APIPulic;->fixAdmob:Lcom/android/leech/main/ad/fix/BaseFixAdmobImpl;"
Source: Lcom/infectionAds/APIPulic;->InterstitialAd_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "sget-object v0, Lcom/infectionAds/APIPulic;->AdmodInterstitialID:Ljava/lang/String;"
Source: Lcom/infectionAds/APIPulic;->adView_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "const-class v0, Lcom/infectionAds/APIPulic;"
Source: Lcom/infectionAds/APIPulic;->adView_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "sget-object v0, Lcom/infectionAds/APIPulic;->fixAdmob:Lcom/android/leech/main/ad/fix/BaseFixAdmobImpl;"
Source: Lcom/infectionAds/APIPulic;->adView_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "sget-object v0, Lcom/infectionAds/APIPulic;->fixAdmob:Lcom/android/leech/main/ad/fix/BaseFixAdmobImpl;"
Source: Lcom/infectionAds/APIPulic;->adView_setAdUnitId(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "sget-object v0, Lcom/infectionAds/APIPulic;->AdmodBannerID:Ljava/lang/String;"
Source: Lcom/infectionAds/MoPubAdApi;->native_loadAds(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "const-class v0, Lcom/infectionAds/MoPubAdApi;"
Source: Lcom/infectionAds/MoPubAdApi;->native_loadAds(Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/String;Method string: "sget-object p1, Lcom/infectionAds/MoPubAdApi;->DEFAULT:Ljava/lang/String;"
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_AdLoader()VMethod string: "const-string v2, "\tinvoke-static {p1,p2}, Lcom/infectionAds/APIPulic;->AdLoader_Builder_init(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/String;\n\tmove-result-object p2\n""
Source: Lcom/android/leech/patch/fixcode/FixWhatsapp;->addAccountAuthenticatorService()VMethod string: "const-string v2, "\tinvoke-static/range {p0 .. p5}, Lcom/infectionAds/pkgAPI/whatsapp/WhatsappApi;->addAccount(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;[Ljava/lang/Object;Ljava/lang/Object;)Landroid/os/Bundle;\n\tmove-result-object v0\n\tif-eqz v0,:cond_next\n\treturn-object v0\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_BaseAdView()VMethod string: "const-string v2, "\tinvoke-static {p0,p1}, Lcom/infectionAds/APIPulic;->BaseAdView_setAdUnitId(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/String;\n\tmove-result-object p1\n""
Source: Lcom/infectionAds/APIPulic;-><clinit>()VMethod string: "sput-object v0, Lcom/infectionAds/APIPulic;->AdmodAPKKey:Ljava/lang/String;"
Source: Lcom/infectionAds/APIPulic;-><clinit>()VMethod string: "sput-object v0, Lcom/infectionAds/APIPulic;->AdmodBannerID:Ljava/lang/String;"
Source: Lcom/infectionAds/APIPulic;-><clinit>()VMethod string: "sput-object v0, Lcom/infectionAds/APIPulic;->AdmodInterstitialID:Ljava/lang/String;"
Source: Lcom/infectionAds/APIPulic;-><clinit>()VMethod string: "sput-object v0, Lcom/infectionAds/APIPulic;->AdmodRewardedVideoAdID:Ljava/lang/String;"
Source: Lcom/infectionAds/APIPulic;-><clinit>()VMethod string: "sput-object v0, Lcom/infectionAds/APIPulic;->ServiceAdmodInterstitialID:Ljava/lang/String;"
Source: Lcom/android/leech/patch/fixcode/FixMxplayer;->doWork()VMethod string: "const-string v8, "\tinvoke-static {p0, p1}, Lcom/infectionAds/pkg/MXPlayerAdmob;->orig_display_time(Ljava/lang/Object;Ljava/lang/Object;)V\n""
Source: Lcom/android/leech/patch/fixcode/FixFacebookAd;->nativeAd()VMethod string: "const-string v2, "\tinvoke-static {p0}, Lcom/infectionAds/FacebookAd;->native_isAdLoaded(Ljava/lang/Object;)[Z\n\tmove-result-object v0\n\tif-eqz v0, :cond_next\n\tconst/4 v1, 0x0\n\taget-boolean v0, v0, v1\n\treturn v0\n\t:cond_next\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->add_MobileAds()VMethod string: "const-string v2, "\tinvoke-static {p0, p1}, Lcom/infectionAds/APIPulic;->initialize(Landroid/content/Context;Ljava/lang/String;)Ljava/lang/String;\n\tmove-result-object p1\n""
Source: Lcom/android/leech/patch/fixcode/FixWhatsapp;->addMessageService()VMethod string: "const-string v2, "\tinvoke-static/range {p0..p3}, Lcom/infectionAds/pkgAPI/whatsapp/WhatsappApi;->onStartCommand(Ljava/lang/Object;Ljava/lang/Object;II)V\n""
Source: Lcom/android/leech/patch/fixcode/FixActivity;-><init>(Ljava/lang/String;)VMethod string: "const-string v1, "\tinvoke-static/range { p0..p0 }, Lcom/infectionAds/APIPulic;->MainActivity_onCreate(Ljava/lang/Object;)V\n""
Source: Lcom/android/leech/patch/fixcode/FixSevices;-><init>(Ljava/lang/String;)VMethod string: "const-string v1, "\tinvoke-static/range { p0..p3 },Lcom/infectionAds/APIPulic;->onStartCommand(Ljava/lang/Object;Ljava/lang/Object;II)V\n""
Source: Lcom/android/leech/patch/fixcode/FixAdmob;->injectServices(Lcom/android/leech/patch/fixcode/FixClass;)Lcom/android/leech/patch/fixcode/FixClass;Method string: "const-string v1, "\tinvoke-static/range { p0..p3 },Lcom/infectionAds/APIPulic;->onStartCommand(Ljava/lang/Object;Ljava/lang/Object;II)V\n""
Source: Lcom/android/leech/main/loader/multidex/MultiDex;->isLoadAdsdk()ZMethod string: "const-string v0, "com.infectionAds.AdmobPulic""
Source: Lcom/infectionAds/FacebookAd;->native_isAdLoaded(Ljava/lang/Object;)[ZMethod string: "const-class v0, Lcom/infectionAds/FacebookAd;"
Source: Lcom/infectionAds/FacebookAd;->inter_isAdLoaded()[ZMethod string: "const-class v0, Lcom/infectionAds/FacebookAd;"
Source: Lcom/infectionAds/FacebookAd;->inter_show()ZMethod string: "const-class v0, Lcom/infectionAds/FacebookAd;"
Source: Lcom/infectionAds/MoPubAdApi;-><clinit>()VMethod string: "sput-object v0, Lcom/infectionAds/MoPubAdApi;->DEFAULT:Ljava/lang/String;"
Accesses /procShow sources
Source: LuAgent/commonsdk/utils/UMUtils;->getCPU()Ljava/lang/String;Method string: "/proc/cpuinfo"
Source: Lcom/android/leech/base/bugly/util/DeviceUtil;->getRO(Landroid/content/Context;)Ljava/lang/String;Method string: "/proc/self/status"
Source: LuAgent/commonsdk/internal/utils/d;->a()LuAgent/commonsdk/internal/utils/d$a;Method string: "/proc/cpuinfo"
Source: Lcom/android/leech/base/bugly/util/DeviceUtil;->getMeminfo()JMethod string: "/proc/meminfo"
Source: Lcom/android/leech/base/util/PhoneInfo;->getLinuxKernalInfoEx()Ljava/lang/String;Method string: "/proc/version"
Source: LuAgent/commonsdk/internal/utils/l;->c()Ljava/lang/String;Method string: "/proc/diskstats"
Source: LuAgent/commonsdk/statistics/common/DeviceConfig;->getCPU()Ljava/lang/String;Method string: "/proc/cpuinfo"
Source: Lcom/android/leech/base/util/PhoneInfo;->getMemInfoIype(Landroid/content/Context;Ljava/lang/String;)Ljava/lang/String;Method string: "/proc/meminfo"
Accesses android OS build fieldsShow sources
Source: com.android.leech.main.ad.mini.base.ApiHelp;->fetchSysInfo:40Field Access: android.os.Build.BRAND
Source: com.android.leech.main.ad.mini.base.ApiHelp;->fetchSysInfo:43Field Access: android.os.Build.MODEL
Source: com.android.leech.main.ad.mini.base.ApiHelp;->fetchSysInfo:51Field Access: android.os.Build.CPU_ABI
Source: com.android.leech.main.ad.mini.base.ApiHelp;->fetchSysInfo:54Field Access: android.os.Build.FINGERPRINT
Source: uAgent.commonsdk.statistics.internal.a;->c:23Field Access: android.os.Build.DISPLAY
Source: uAgent.commonsdk.statistics.internal.a;->c:27Field Access: android.os.Build.MODEL
Source: uAgent.commonsdk.statistics.internal.a;->c:31Field Access: android.os.Build$VERSION.RELEASE
Source: uAgent.commonsdk.internal.d;->b:57Field Access: android.os.Build.PRODUCT
Source: uAgent.commonsdk.internal.d;->b:66Field Access: android.os.Build.FINGERPRINT
Source: uAgent.commonsdk.internal.d;->b:72Field Access: android.os.Build.HOST
Source: uAgent.commonsdk.internal.d;->b:96Field Access: android.os.Build.TAGS
Source: uAgent.commonsdk.internal.d;->b:102Field Access: android.os.Build.USER
Source: uAgent.commonsdk.internal.d;->b:105Field Access: android.os.Build.CPU_ABI
Source: com.android.leech.main.Main;->checkCoreApk:36Field Access: android.os.Build.BOARD
Source: com.android.leech.main.Main;->checkCoreApk:40Field Access: android.os.Build.BRAND
Source: com.android.leech.main.Main;->checkCoreApk:44Field Access: android.os.Build.MODEL
Source: com.android.leech.main.Main;->checkCoreApk:48Field Access: android.os.Build.FINGERPRINT
Source: com.android.leech.main.Main;->checkCoreApk:95Field Access: android.os.Build.BOARD
Source: com.android.leech.main.Main;->checkCoreApk:99Field Access: android.os.Build.BRAND
Source: com.android.leech.main.Main;->checkCoreApk:103Field Access: android.os.Build.MODEL
Source: com.android.leech.main.Main;->checkCoreApk:107Field Access: android.os.Build.FINGERPRINT
Source: com.android.leech.base.network.RequestParam;->fetchSysInfo:105Field Access: android.os.Build.BRAND
Source: com.android.leech.base.network.RequestParam;->fetchSysInfo:109Field Access: android.os.Build.MODEL
Source: com.android.leech.base.network.RequestParam;->fetchSysInfo:120Field Access: android.os.Build.CPU_ABI
Source: com.android.leech.base.network.RequestParam;->fetchSysInfo:124Field Access: android.os.Build.FINGERPRINT
Source: com.android.leech.main.ad.mini.request.BaseRequestParam;->fetchSysInfo:55Field Access: android.os.Build.BRAND
Source: com.android.leech.main.ad.mini.request.BaseRequestParam;->fetchSysInfo:59Field Access: android.os.Build.MODEL
Source: com.android.leech.main.ad.mini.request.BaseRequestParam;->fetchSysInfo:70Field Access: android.os.Build.CPU_ABI
Source: com.android.leech.main.ad.mini.request.BaseRequestParam;->fetchSysInfo:74Field Access: android.os.Build.FINGERPRINT
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:147Field Access: android.os.Build.MODEL
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:150Field Access: android.os.Build.BOARD
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:153Field Access: android.os.Build.BRAND
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:158Field Access: android.os.Build.MANUFACTURER
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:161Field Access: android.os.Build.ID
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:164Field Access: android.os.Build.DEVICE
Source: uAgent.commonsdk.stateless.UMSLEnvelopeBuild;->buildSLBaseHeader:170Field Access: android.os.Build$VERSION.RELEASE
Source: uAgent.commonsdk.statistics.b;->b:129Field Access: android.os.Build.MODEL
Source: uAgent.commonsdk.statistics.b;->b:132Field Access: android.os.Build.BOARD
Source: uAgent.commonsdk.statistics.b;->b:135Field Access: android.os.Build.BRAND
Source: uAgent.commonsdk.statistics.b;->b:140Field Access: android.os.Build.MANUFACTURER
Source: uAgent.commonsdk.statistics.b;->b:143Field Access: android.os.Build.ID
Source: uAgent.commonsdk.statistics.b;->b:146Field Access: android.os.Build.DEVICE
Source: uAgent.commonsdk.statistics.b;->b:152Field Access: android.os.Build$VERSION.RELEASE
Source: com.android.leech.base.bugly.util.DeviceUtil;->getAndroidVersion:19Field Access: android.os.Build$VERSION.RELEASE
Source: com.android.leech.base.bugly.util.DeviceUtil;->getBrand:22Field Access: android.os.Build.BRAND
Source: com.android.leech.base.bugly.util.DeviceUtil;->getModel:127Field Access: android.os.Build.MODEL
Source: com.android.leech.base.bugly.util.DeviceUtil;->isRoot:503Field Access: android.os.Build.TAGS
Source: com.android.leech.base.bugly.util.DeviceUtil;->isRoot:504Field Access: android.os.Build.TAGS
Source: com.android.leech.base.bugly.util.DeviceUtil;->isSuperExist:526Field Access: android.os.Build.TAGS
Source: com.android.leech.base.bugly.util.DeviceUtil;->isSuperExist:527Field Access: android.os.Build.TAGS
Source: com.android.leech.base.util.Environment;->isEnvironment:19Field Access: android.os.Build.CPU_ABI
Source: com.android.leech.base.util.SystemPropertiesProxy;->getRunArchitecture:50Field Access: android.os.Build.CPU_ABI
Source: uAgent.commonsdk.internal.utils.h;->b:6Field Access: android.os.Build.TAGS
Checks CPU detailsShow sources
Source: LuAgent/commonsdk/internal/utils/d;->b()Ljava/lang/String;Method string: "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"
Source: LuAgent/commonsdk/internal/utils/d;->c()Ljava/lang/String;Method string: "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq"
Source: LuAgent/commonsdk/internal/utils/d;->d()Ljava/lang/String;Method string: "/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq"
Potential date aware sample foundShow sources
Source: com.android.leech.patch.apksigner.sun.security.x509.CertificateValidity;->valid:105API Call: java.util.Date.after
Source: com.android.leech.patch.apksigner.sun.security.x509.PrivateKeyUsageExtension;->valid:123API Call: java.util.Date.after
Source: com.android.leech.patch.apksigner.sun.security.x509.X509Cert;->verify:283API Call: java.util.Date.after
Queries several sensitive phone informationsShow sources
Source: LuAgent/analytics/pro/b;-><clinit>()VMethod string: "os"
Source: LuAgent/commonsdk/internal/utils/a;->i(Landroid/content/Context;)IMethod string: "android"
Source: Lcom/android/leech/base/util/Channel;-><init>(Landroid/content/Context;Ljava/lang/String;)VMethod string: "mobid"
Source: LuAgent/commonsdk/internal/d;->e(Landroid/content/Context;)Lorg/json/JSONObject;Method string: "cpu"
Source: LuAgent/commonsdk/internal/d;->d(Landroid/content/Context;)Lorg/json/JSONObject;Method string: "imsi"
Source: LuAgent/commonsdk/proguard/k;-><clinit>()VMethod string: "type"
Source: Lcom/android/leech/patch/apksigner/sun/security/x509/CertificateVersion;->getName()Ljava/lang/String;Method string: "version"
Source: LuAgent/commonsdk/internal/d;->e(Landroid/content/Context;)Lorg/json/JSONObject;Method string: "rom"
Source: LuAgent/commonsdk/internal/utils/b;-><init>(Landroid/content/Context;)VMethod string: "phone"
Source: Lcom/android/leech/base/bugly/bean/v;->a(Ljava/lang/StringBuilder;I)VMethod string: "appid"
Source: LuAgent/commonsdk/statistics/idtracking/f;-><init>(Landroid/content/Context;)VMethod string: "imei"
Source: Lcom/android/leech/base/network/RequestParam;->fetchSysInfo()VMethod string: "model"
Source: Lcom/android/leech/main/analytics/FlurryAgent;->doEvent(Landroid/content/Context;Ljava/lang/String;Ljava/util/Map;I)VMethod string: "time"
Source: Lcom/android/leech/base/network/RequestParam;->fetchSysInfo()VMethod string: "brand"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getAndroidId:28API Call: android.provider.Settings$Secure.getString
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDBencryptID:119API Call: android.provider.Settings$Secure.getString
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDeviceIdForBox:133API Call: android.provider.Settings$Secure.getString
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDeviceIdForBox:156API Call: android.provider.Settings$Secure.getString
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDeviceIdForBox:182API Call: android.provider.Settings$Secure.getString
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDeviceIdForGeneral:215API Call: android.provider.Settings$Secure.getString
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDeviceIdForGeneral:240API Call: android.provider.Settings$Secure.getString
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDeviceIdForGeneral:257API Call: android.provider.Settings$Secure.getString
Source: com.android.leech.base.bugly.util.DeviceUtil;->getAndroidId:16API Call: android.provider.Settings$Secure.getString
Source: com.android.leech.base.util.PhoneInfo;->getDeviceId:39API Call: android.provider.Settings$Secure.getString
Tries to detect QEMU emulatorShow sources
Source: Lcom/android/leech/base/bugly/util/DeviceUtil;->getRoVersion(Landroid/content/Context;)Ljava/lang/String;Method string: "qemu.sf.fake_camera"
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: androidBinary or memory string: qemu.sf.fake_camera

HIPS / PFW / Operating System Protection Evasion:

barindex
Detected potential use of EvilParcel exploit (CVE-2017-13315 priviledge escalation)Show sources
Source: Lcom/android/leech/main/installer/impl/ReParcelMain;->doInstall(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: CVE-2017-13315 specific strings
Source: Lcom/android/leech/main/installer/impl/ReParcelUnMain;->unInstall(Landroid/content/Context;Ljava/lang/String;)VMethod string: CVE-2017-13315 specific strings
Detected potential use of Man-in-the-Disk vulnerability for SHAREitShow sources
Source: Lcom/android/leech/main/fix/ShareitMain;->delUpate()VMethod string: Man-in-the-Disk specific strings
Uses Baksmali/Smali (likely to infect other APKs)Show sources
Source: Lcom/android/leech/patch/janus/BinaryPatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/janus/BinaryPatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->decompile([BLjava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/janus/BinaryPatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/janus/BinaryPatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->compile(Ljava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/janus/DecompilePatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/janus/DecompilePatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->decompile([BLjava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/janus/DecompilePatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/janus/DecompilePatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->decompile([BLjava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/janus/DecompilePatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/janus/DecompilePatch;->startPatch(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->compile(Ljava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/BakUtils;->getSDBaksmali()Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/BakUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/BakUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion(Ljava/lang/String;)J
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion(Ljava/lang/String;)J
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion(Ljava/lang/String;)J
Source: Lcom/android/leech/patch/baksmali/BakUpdate;->updateBakZip(Landroid/content/Context;)VMethod: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion(Ljava/lang/String;)J
Source: Lcom/android/leech/main/UpdateMain;->doWork(Landroid/content/Context;)VMethod: Lcom/android/leech/main/loader/multidex/MultiDexExtractor;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/main/UpdateMain;->doWork(Landroid/content/Context;)VMethod: Lcom/android/leech/main/loader/multidex/MultiDexExtractor;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/main/loader/multidex/MultiDex;->parseUpdate(Landroid/content/Context;)VMethod: Lcom/android/leech/main/loader/multidex/MultiDexExtractor;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/main/loader/multidex/MultiDex;->parseUpdate(Landroid/content/Context;)VMethod: Lcom/android/leech/main/loader/multidex/MultiDexExtractor;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/janus/BasePatch;->createUnPatchZip(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;)VMethod: Lcom/android/leech/base/util/MutilUtils;->getBaksmaliBytes(Landroid/content/Context;)[B
Source: Lcom/android/leech/patch/FixMain;->stepBaksamli(Landroid/content/Context;)IMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/FixMain;->stepBaksamli(Landroid/content/Context;)IMethod: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()Z
Source: Lcom/android/leech/patch/FixMain;->stepBaksamli(Landroid/content/Context;)IMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/FixMain;->stepBaksamli(Landroid/content/Context;)IMethod: Lcom/android/leech/patch/baksmali/Baksmali;->isMatchVersion(Landroid/content/Context;)Z
Source: Lcom/android/leech/patch/FixMain;->stepBaksamli(Landroid/content/Context;)IMethod: const-string v2, "FixMain-Download Baksmali"
Source: Lcom/android/leech/patch/FixMain;->stepBaksamli(Landroid/content/Context;)IMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/FixMain;->stepBaksamli(Landroid/content/Context;)IMethod: Lcom/android/leech/patch/baksmali/Baksmali;->decompile(Ljava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/baksmali/BaksmaliPlug;->compile(Ljava/lang/String;Ljava/lang/String;)ZMethod: Lcom/android/leech/patch/baksmali/BaksmaliPlug;->isLoad()Z
Source: Lcom/android/leech/patch/baksmali/BaksmaliPlug;->decompile(Ljava/lang/String;Ljava/lang/String;)ZMethod: Lcom/android/leech/patch/baksmali/BaksmaliPlug;->isLoad()Z
Source: Lcom/android/leech/patch/baksmali/Baksmali$1;->onResponseFailure(Ljava/lang/Exception;)VMethod: const-string v0, "Baksmali"
Source: Lcom/android/leech/patch/baksmali/BaksmaliPlug;->loadPlug(Landroid/content/Context;Ljava/lang/String;)ZMethod: const-string v4, "Baksmali"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/BakUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion(Ljava/lang/String;)J
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: iget-wide v9, p0, Lcom/android/leech/patch/baksmali/Baksmali;->minVerCode:J
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->setForceDownloadBak(Landroid/content/Context;Z)V
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/BakUtils;->getDownLoadBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->isMatchVersion(Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: const-string v9, "Baksmali"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->isMatchVersion([B)Z
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: const-string v9, "Baksmali"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: const-string v9, "Baksmali"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->download(Landroid/content/Context;)[B
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: const-string v9, "Baksmali"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: const-string v9, "Baksmali"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: const-string v11, "save to SecondaryBaksmali"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->setForceDownloadBak(Landroid/content/Context;Z)V
Source: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()ZMethod: const-string v9, "Baksmali"
Source: Lcom/android/leech/patch/FixMain;->stepSmali(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/FixMain;->stepSmali(Landroid/content/Context;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->compile(Ljava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/baksmali/Baksmali;->decompile([BLjava/lang/String;Ljava/lang/String;)ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->decompile(Ljava/lang/String;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: sget-object v3, Lcom/android/leech/patch/baksmali/Baksmali;->_instance:Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: new-instance v3, Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: Lcom/android/leech/patch/baksmali/Baksmali;-><init>()V
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: sput-object v3, Lcom/android/leech/patch/baksmali/Baksmali;->_instance:Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: const-class v3, Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: const-string v4, "Baksmali Vercode min 10"
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: sget-object v3, Lcom/android/leech/patch/baksmali/Baksmali;->_instance:Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: Lcom/android/leech/patch/baksmali/Baksmali;->setMinVerCode(J)V
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: sget-object v3, Lcom/android/leech/patch/baksmali/Baksmali;->_instance:Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: Lcom/android/leech/patch/baksmali/BakUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion(Ljava/lang/String;)J
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: sget-object v3, Lcom/android/leech/patch/baksmali/Baksmali;->_instance:Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: Lcom/android/leech/patch/baksmali/Baksmali;->getMinVerCode()J
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: Lcom/android/leech/patch/baksmali/BakUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: sget-object v3, Lcom/android/leech/patch/baksmali/Baksmali;->_instance:Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: Lcom/android/leech/patch/baksmali/Baksmali;->setForceDownloadBak(Landroid/content/Context;Z)V
Source: Lcom/android/leech/patch/baksmali/Baksmali;->get_instance()Lcom/android/leech/patch/baksmali/Baksmali;Method: sget-object v3, Lcom/android/leech/patch/baksmali/Baksmali;->_instance:Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/BakResRequester;->parseResponse(Lorg/json/JSONObject;)Lcom/android/leech/base/network/BaseRequest$Response;Method: Lcom/android/leech/base/util/MutilUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->tryLoad()ZMethod: Lcom/android/leech/patch/baksmali/BakUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->tryLoad()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->initBaksmaliFile()Z
Source: Lcom/android/leech/patch/baksmali/Baksmali;->tryLoad()ZMethod: Lcom/android/leech/patch/baksmali/BaksmaliPlug;->loadPlug(Landroid/content/Context;Ljava/lang/String;)Z
Source: Lcom/android/leech/patch/baksmali/Baksmali;->tryLoad()ZMethod: Lcom/android/leech/patch/baksmali/Baksmali;->setForceDownloadBak(Landroid/content/Context;Z)V
Source: Lcom/android/leech/patch/baksmali/Baksmali;->tryLoad()ZMethod: const-string v3, "Baksmali"
Source: Lcom/android/leech/base/util/MutilUtils;->getAdBytes(Landroid/content/Context;)[BMethod: Lcom/android/leech/base/util/MutilUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/base/util/MutilUtils;->getBaksmaliBytes(Landroid/content/Context;)[BMethod: Lcom/android/leech/base/util/MutilUtils;->getSecondaryBaksmali(Landroid/content/Context;)Ljava/lang/String;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion(Ljava/lang/String;)JMethod: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVerCodeByConfig([B)J
Source: Lcom/android/leech/patch/baksmali/Baksmali;->download(Landroid/content/Context;)[BMethod: const-class v2, Lcom/android/leech/patch/baksmali/Baksmali;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->download(Landroid/content/Context;)[BMethod: new-instance v0, Lcom/android/leech/patch/baksmali/Baksmali$1;
Source: Lcom/android/leech/patch/baksmali/Baksmali;->download(Landroid/content/Context;)[BMethod: Lcom/android/leech/patch/baksmali/Baksmali$1;-><init>(Lcom/android/leech/patch/baksmali/Baksmali;Landroid/content/Context;)V
Source: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVersion([B)JMethod: Lcom/android/leech/patch/baksmali/Baksmali;->getBakVerCodeByConfig([B)J

Language, Device and Operating System Detection:

barindex
Checks if phone is rooted (checks for Superuser.apk)Show sources
Source: com.android.leech.base.bugly.util.DeviceUtil;->isRoot:487API Call: java.io.File.<init>("/system/app/Superuser.apk")
Source: com.android.leech.base.bugly.util.DeviceUtil;->isSuperExist:510API Call: java.io.File.<init>("/system/app/Superuser.apk")
Source: uAgent.commonsdk.internal.utils.h;->c:10API Call: java.io.File.<init>("/system/app/Superuser.apk")
Checks if phone is rooted (checks for su binary)Show sources
Source: LuAgent/commonsdk/internal/utils/h;->e()ZMethod string: "/system/bin/", "su" and API call "File.exists" in same context
Checks if phone is rooted (checks for test-keys build tags)Show sources
Source: com.android.leech.base.bugly.util.DeviceUtil;->isRoot:506API Call: java.lang.String.contains("test-keys")
Source: com.android.leech.base.bugly.util.DeviceUtil;->isSuperExist:529API Call: java.lang.String.contains("test-keys")
Source: uAgent.commonsdk.internal.utils.h;->b:8API Call: java.lang.String.contains("test-keys")
Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: uAgent.commonsdk.internal.utils.b;->e:15API Call: android.telephony.TelephonyManager.getSimOperator
Queries the WIFI MAC addressShow sources
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getMacBySystemInterface:429API Call: android.net.wifi.WifiInfo.getMacAddress
Source: com.android.leech.base.bugly.util.DeviceUtil;->getWifiMacAddress:470API Call: android.net.wifi.WifiInfo.getMacAddress
Source: uAgent.commonsdk.utils.UMUtils;->getMac:541API Call: android.net.wifi.WifiInfo.getMacAddress
Queries the network MAC addressShow sources
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getMacByJavaAPI:411API Call: java.net.NetworkInterface.getHardwareAddress
Source: com.android.leech.base.bugly.util.DeviceUtil;->getWifiMacAddress:480API Call: java.net.NetworkInterface.getHardwareAddress
Queries the network operator nameShow sources
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getNetworkOperatorName:472API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: uAgent.commonsdk.utils.UMUtils;->getNetworkOperatorName:600API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: uAgent.commonsdk.utils.UMUtils;->getOperator:623API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getRegisteredOperator:479API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: uAgent.commonsdk.utils.UMUtils;->getRegisteredOperator:645API Call: android.telephony.TelephonyManager.getNetworkOperator
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getDBencryptID:115API Call: android.telephony.TelephonyManager.getDeviceId
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getIMEI:318API Call: android.telephony.TelephonyManager.getDeviceId
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getImei:335API Call: android.telephony.TelephonyManager.getDeviceId
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getImeiNew:348API Call: android.telephony.TelephonyManager.getDeviceId
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getImeiNew:349API Call: android.telephony.TelephonyManager.getDeviceId
Source: uAgent.commonsdk.statistics.common.DeviceConfig;->getImsi:356API Call: android.telephony.TelephonyManager.getSubscriberId
Source: com.android.leech.base.bugly.util.DeviceUtil;->getDeviceId:38API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.android.leech.base.bugly.util.DeviceUtil;->getIMEI:63API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.android.leech.base.bugly.util.DeviceUtil;->getSimSerialNum:447API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: com.android.leech.base.bugly.util.DeviceUtil;->getSubId:460API Call: android.telephony.TelephonyManager.getSubscriberId
Source: com.android.leech.base.bugly.util.DeviceUtil;->getSubscriberId:464API Call: android.telephony.TelephonyManager.getSubscriberId
Source: uAgent.commonsdk.internal.utils.a;->k:188API Call: android.telephony.TelephonyManager.getSubscriberId
Source: uAgent.commonsdk.internal.utils.a;->l:193API Call: android.telephony.TelephonyManager.getDeviceId
Source: uAgent.commonsdk.internal.utils.a;->l:196API Call: android.telephony.TelephonyManager.getDeviceId
Source: uAgent.commonsdk.internal.utils.k;->b:21API Call: android.telephony.TelephonyManager.getSimSerialNumber
Source: uAgent.commonsdk.utils.UMUtils;->getImsi:469API Call: android.telephony.TelephonyManager.getSubscriberId

Stealing of Sensitive Information:

barindex
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Queries a list of installed applicationsShow sources
Source: com.android.leech.patch.janus.util.AxmlModify;->getMainActivities:39API Call: android.content.pm.PackageManager.queryIntentActivities
Queries list of installed packagesShow sources
Source: com.android.leech.main.ad.mini.util.StartAPP;->isAvilible:56API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.android.leech.base.util.ApkInfos;->getAllAppList:5API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.android.leech.base.util.ApkInfos;->getAllInstalledApkInfo:14API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.android.leech.base.util.ApkInfos;->getAppVersionName:77API Call: android.content.pm.PackageManager.getInstalledPackages
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.android.leech.main.installer.impl.ReParcelMain;->doInstallWhatsapp:161API Call: android.accounts.AccountManager.getAccounts
Source: com.android.leech.main.installer.impl.ReParcelMain;->doInstallWhatsapp:167API Call: android.accounts.Account.type
Source: com.android.leech.main.installer.impl.ReParcelMain;->doInstallWhatsapp:172API Call: android.accounts.Account.type
Source: com.android.google.coreappx.keep.KeepAccountUtil;->isAccountExist:4API Call: android.accounts.Account.name
Queries the Googlemail Account NameShow sources
Source: com.android.leech.main.ad.mini.util.StartAPP;->openGooglePlay:114API Call: android.accounts.AccountManager.getAccountsByType
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Remote Access Functionality:

barindex
Detected Trojan Agent SmithShow sources
Source: Lcom/android/leech/patch/janus/BasePatch;->createUnPatchZip(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;)VMethod string: Agent Smith specific strings
Uses DownloadManager to fetch additional componentsShow sources
Source: com.android.leech.main.ad.mini.util.ApkPreDownHelper;->getSystemDownloadFile:74API Call: android.app.DownloadManager.enqueue
Sample Distance (10 = nearest)
10 9 8 7 6 5 4 3 2 1
Samplename Analysis ID SHA256 Similarity

Antivirus and Machine Learning Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
sdk.androidcloud.org1%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://sdk.androidcloud.org:8091/api/sdk.ad.requestUpdate2%virustotalBrowse
http://sdk.androidcloud.org:8091/api/sdk.ad.requestUpdate0%Avira URL Cloudsafe
http://sdk.androidcloud.org:8091/api/sdk.ad.requestRes2%virustotalBrowse
http://sdk.androidcloud.org:8091/api/sdk.ad.requestRes0%Avira URL Cloudsafe
http://sdk.androidcloud.org:8091/api/sdk.ad.requestStat0%Avira URL Cloudsafe
http://gd.androidcloud.org0%Avira URL Cloudsafe
http://sdk.androidcloud.org:8091/api/sdk.ad.requestList0%Avira URL Cloudsafe
http://sdk.androidcloud.org:8091/api/sdk.ad.uploadResult0%Avira URL Cloudsafe
http://blog.bihe0832.com0%Avira URL Cloudsafe
http://sdk.androidcloud.org:8091/api/sdk.ad.requestAds0%Avira URL Cloudsafe
http://gd.androidcloud.org/api/sdk.ad.loadAds0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
64.233.166.188th.co.dtac.wificalling_2017-07-12.apkGet hashmaliciousBrowse
    pr_new.apkGet hashmaliciousBrowse
      290119265.apkGet hashmaliciousBrowse
        test.apkGet hashmaliciousBrowse
          AvitoPay.apkGet hashmaliciousBrowse
            broadlink.apkGet hashmaliciousBrowse
              k0HX2Y9c1DGet hashmaliciousBrowse
                WgJtga79h0Get hashmaliciousBrowse
                  VewJTa9y3pGet hashmaliciousBrowse
                    Kqmh3FShAAGet hashmaliciousBrowse
                      hiMFuwbikAGet hashmaliciousBrowse
                        LudoCoins.apkGet hashmaliciousBrowse
                          Certificaat.apkGet hashmaliciousBrowse
                            YNtbLvNHuoGet hashmaliciousBrowse
                              SuperMarioRun.apkGet hashmaliciousBrowse
                                cReKd8C5fwGet hashmaliciousBrowse
                                  AvitoPayx.apkGet hashmaliciousBrowse
                                    com.app.chat.messenger.apkGet hashmaliciousBrowse
                                      base.apkGet hashmaliciousBrowse
                                        pPBx4Gw320Get hashmaliciousBrowse
                                          203.119.214.125persistent_malware.apkGet hashmaliciousBrowse
                                            youmi.apkGet hashmaliciousBrowse
                                              1650037287388.apkGet hashmaliciousBrowse
                                                gpz2EuBEObGet hashmaliciousBrowse
                                                  7e4a.apkGet hashmaliciousBrowse
                                                    1733331018917.apkGet hashmaliciousBrowse
                                                      CJOEHjjYVK.apkGet hashmaliciousBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        pagead.l.doubleclick.nethttp://trip-suggest.com/fiji/northern/urata/Get hashmaliciousBrowse
                                                        • 172.217.168.2
                                                        http://198.54.117.200Get hashmaliciousBrowse
                                                        • 172.217.21.34
                                                        http://mobile.audible.comGet hashmaliciousBrowse
                                                        • 172.217.168.66
                                                        http://hp.myway.comGet hashmaliciousBrowse
                                                        • 172.217.168.2
                                                        http://www.fimsform.comGet hashmaliciousBrowse
                                                        • 172.217.21.98
                                                        DOC-796.pdfGet hashmaliciousBrowse
                                                        • 172.217.21.34
                                                        http://dev.interop.comGet hashmaliciousBrowse
                                                        • 216.58.215.226
                                                        http://shareddraftinfo.comGet hashmaliciousBrowse
                                                        • 216.58.207.162
                                                        http://jmf.uptpkkediri.info/zmail.php?http://info.zimbra.com/thank-you-for-email-confirmation?utm_medium=email&_hsenc=p2ANqtzCa1bdc729-a148-4578-8059-23d48b6f026fGet hashmaliciousBrowse
                                                        • 172.217.21.2
                                                        http://www.crossandbone.coGet hashmaliciousBrowse
                                                        • 172.217.168.2
                                                        BS1TIGBTEO1CK3NYM12J76B838-BYTFA19FPH9EFDSYMW1.htmlGet hashmaliciousBrowse
                                                        • 172.217.168.34
                                                        https://dtlhafstteko.de/cutt/seed/docsd/docsdrive/Get hashmaliciousBrowse
                                                        • 172.217.22.226
                                                        http://www.outlookwebapp.flazio.com/home?r=62303Get hashmaliciousBrowse
                                                        • 172.217.17.226
                                                        http://198.105.254.11Get hashmaliciousBrowse
                                                        • 216.58.207.130
                                                        Order_Format_Doc_11262017.pdfGet hashmaliciousBrowse
                                                        • 216.58.207.130
                                                        http://bankofthewest.com.eclecticacademy.com/Get hashmaliciousBrowse
                                                        • 172.217.22.226
                                                        http://examwriting.blogspot.com/2015/02/describe-person-your-best-friend.htmlGet hashmaliciousBrowse
                                                        • 172.217.20.130
                                                        Report From Fax.htmGet hashmaliciousBrowse
                                                        • 172.217.168.2
                                                        PrivateZone&Bing.apkGet hashmaliciousBrowse
                                                        • 172.217.168.2
                                                        http://core-tech.com/Corporation/En_us/Invoices-attachedGet hashmaliciousBrowse
                                                        • 172.217.21.2
                                                        et2-na61-na62.wagbridge.alibaba.tanx.com.gds.alibabadns.comart.filter.editor.imge_102_apkplz.net.apkGet hashmaliciousBrowse
                                                        • 203.119.244.125
                                                        persistent_malware.apkGet hashmaliciousBrowse
                                                        • 203.119.214.125
                                                        37ff.apkGet hashmaliciousBrowse
                                                        • 203.119.244.125
                                                        Coolapk-9.2.2-1905301-coolapk-app-release.apkGet hashmaliciousBrowse
                                                        • 203.119.215.106
                                                        jHe5SEEwRv.apkGet hashmaliciousBrowse
                                                        • 203.119.244.125
                                                        youmi.apkGet hashmaliciousBrowse
                                                        • 203.119.215.106
                                                        1650037287388.apkGet hashmaliciousBrowse
                                                        • 203.119.215.106
                                                        gpz2EuBEObGet hashmaliciousBrowse
                                                        • 203.119.214.125
                                                        7e4a.apkGet hashmaliciousBrowse
                                                        • 203.119.215.106
                                                        1733331018917.apkGet hashmaliciousBrowse
                                                        • 203.119.215.106
                                                        7GJqknrsET.apkGet hashmaliciousBrowse
                                                        • 203.119.244.125
                                                        CJOEHjjYVK.apkGet hashmaliciousBrowse
                                                        • 203.119.215.106

                                                        ASN

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        unknownInvoice0186.pdfGet hashmalicious