Loading ...

Analysis Report com.mobistartapp.win7imulator.apk

Overview

General Information

Joe Sandbox Version:25.0.0 Tiger's Eye
Analysis ID:752653
Start date:03.01.2019
Start time:15:03:57
Joe Sandbox Product:Cloud
Overall analysis duration:0h 6m 44s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:com.mobistartapp.win7imulator.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 8.1 Oreo
Detection:MAL
Classification:mal52.spyw.evad.andAPK@0/253@4/0
Warnings:
Show All
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all resource files were parsed
  • Not all resource strings were parsed
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold520 - 100Report FP / FNfalsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Mitre Att&ck Matrix

Sample Distance (10 = nearest)
10 9 8 7 6 5 4 3 2 1

Similar Samples

SHA256 Analysis ID Samplename Similarity

Signature Overview

Click to jump to signature section


Location Tracing:

barindex
Queries the phones location (GPS)Show sources
Source: com.mobistartapp.win7imulator.services.ServiceRegisterLocation$1;->a:7API Call: android.location.Location.getLatitude
Source: com.mobistartapp.win7imulator.services.ServiceRegisterLocation$1;->a:11API Call: android.location.Location.getLongitude
Source: com.mobistartapp.win7imulator.services.ServiceRegisterLocation$1;->a:21API Call: android.location.Location.getLatitude
Source: com.mobistartapp.win7imulator.services.ServiceRegisterLocation$1;->a:31API Call: android.location.Location.getLongitude
Source: com.mobistartapp.win7imulator.services.ServiceRegisterTrack$1;->a:7API Call: android.location.Location.getLatitude
Source: com.mobistartapp.win7imulator.services.ServiceRegisterTrack$1;->a:11API Call: android.location.Location.getLongitude
Source: com.mobistartapp.win7imulator.services.ServiceRegisterTrack$1;->a:21API Call: android.location.Location.getLatitude
Source: com.mobistartapp.win7imulator.services.ServiceRegisterTrack$1;->a:31API Call: android.location.Location.getLongitude
Source: com.startapp.android.publish.i.m;->a:7API Call: android.location.Location.getLongitude
Source: com.startapp.android.publish.i.m;->a:14API Call: android.location.Location.getLatitude
Source: com.startapp.android.publish.i.m;->a:53API Call: android.location.LocationManager.getLastKnownLocation
Source: com.google.android.gms.internal.zzabt;->zza:777API Call: android.location.Location.getLatitude
Source: com.google.android.gms.internal.zzabt;->zza:779API Call: android.location.Location.getLongitude
Source: com.startapp.android.publish.model.BaseRequest;->fillCellLocationDetails:11API Call: android.telephony.TelephonyManager.getCellLocation

Exploits:

barindex
Might use exploit to break dedexer toolsShow sources
Source: com.mobistartapp.win7imulator.apkCode Location: Lcom/startapp/android/publish/banner/banner3d/a;.a()V

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.mobistartapp.win7imulator.a.a;->a:19API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.a.b;->a:111API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.activities.MainActivity;->a:28API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.activities.MainActivity;->onCreate:493API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.b.a;->a:117API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.b.b;->a:78API Call: android.os.Environment.getExternalStorageState
Source: com.mobistartapp.win7imulator.b.b;->b:87API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.b.b;->d:100API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.b.b;->e:110API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobistartapp.win7imulator.b.c;->c:184API Call: android.os.Environment.getExternalStorageDirectory
Source: com.facebook.ads.internal.k.b.o;->a:4API Call: android.os.Environment.getExternalStorageState
Source: com.facebook.ads.internal.k.b.o;->b:28API Call: android.os.Environment.getExternalStorageDirectory
Source: com.startapp.android.publish.i.r;->a:2API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.android.gms.internal.zzma;->call:3API Call: android.os.Environment.getExternalStorageState
Source: com.google.android.gms.internal.zzmr;-><init>:13API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.mobistartapp.win7imulator.b.a;->i:1561API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.mobistartapp.win7imulator.b.a;->i:1562API Call: android.net.NetworkInfo.isConnected
Source: com.google.firebase.iid.FirebaseInstanceIdService;->c:103API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.firebase.iid.FirebaseInstanceIdService;->c:104API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzcgl;->zzzc:1236API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzcgl;->zzzc:1236API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzcgl;->zzza:2663API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzcgl;->zzza:2663API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzcgl;->zzb:2140API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzcgl;->zzb:2140API Call: android.net.NetworkInfo.isConnected
Source: com.mobistartapp.win7imulator.services.NetworkChangeReceiverList;->onReceive:446API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.mobistartapp.win7imulator.services.NetworkChangeReceiverList;->onReceive:447API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.mobistartapp.win7imulator.services.NetworkChangeReceiverList;->onReceive:451API Call: android.net.NetworkInfo.isAvailable
Source: com.mobistartapp.win7imulator.b.a;->m:1611API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.mobistartapp.win7imulator.b.a;->m:1614API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.mobistartapp.win7imulator.b.a;->n:1625API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.mobistartapp.win7imulator.b.a;->n:1626API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.mobistartapp.win7imulator.services.NetworkChangeReceiverList;->onReceive:452API Call: android.net.NetworkInfo.isAvailable
Source: com.facebook.ads.internal.l.a.a;->c:88API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.facebook.ads.internal.l.a.a;->c:89API Call: android.net.NetworkInfo.isConnected
Source: com.facebook.ads.internal.g.a;->c:40API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.facebook.ads.internal.g.a;->c:41API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.startapp.android.publish.i.p;->b:80API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.startapp.android.publish.i.p;->b:81API Call: android.net.NetworkInfo.isConnected
Source: com.startapp.android.publish.i.p;->c:105API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.startapp.android.publish.i.p;->c:106API Call: android.net.NetworkInfo.isConnected
Source: com.startapp.android.publish.i.p;->c:114API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.startapp.android.publish.i.x;->a:575API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.startapp.android.publish.i.x;->a:576API Call: android.net.NetworkInfo.isConnected
Source: com.facebook.ads.internal.i.e;->d:24API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.facebook.ads.internal.i.e;->d:25API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.google.android.gms.internal.acf;->zze:70API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.acf;->zze:71API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.zzabm;->zza:61API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzacc;->zzl:87API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzacc;->zzl:89API Call: android.net.NetworkInfo.getDetailedState
Source: com.google.android.gms.internal.zzcfp;->zzlQ:32API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzcfp;->zzlQ:33API Call: android.net.NetworkInfo.isConnected
Source: com.startapp.android.publish.model.BaseRequest;->fillWifiDetails:44API Call: android.net.wifi.WifiManager.getConnectionInfo
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.35
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.132
Opens an internet connectionShow sources
Source: com.mobistartapp.win7imulator.b.a;->i:1564API Call: java.net.URL.openConnection("http://www.google.com")
Source: com.oneaudience.sdk.n;->b:89API Call: java.net.URL.openConnection("https://api.oneaudience.com/api/devices")
Source: com.google.android.gms.internal.zzcft;->run:8API Call: java.net.URL.openConnection("https://app-measurement.com/config/app/1%3A315538004582%3Aandroid%3Ae50792d558411d03?app_instance_id=98bb1d23afcb451a051adfd649819135&platform=android&gmp_version=11020")
Source: com.google.android.gms.internal.zzcft;->run:8API Call: java.net.URL.openConnection("https://app-measurement.com/a")
Source: com.mobistartapp.win7imulator.a.e;->a:182API Call: java.net.URL.openConnection("http://www.mobistartapp.com/fcm_server_php/windows7_simulator/fcm_register.php")
Source: com.mobistartapp.win7imulator.a.a;->a:10API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.a.b;->a:72API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.a.f;->a:230API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.a.i;->a:39API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.a.j;->a:125API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.b.a;->a:177API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.b.d;->a:3API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.services.NetworkChangeReceiverList;->a:341API Call: java.net.URL.openConnection (not executed)
Source: com.mobistartapp.win7imulator.services.ServiceUploadCheckLoopList;->a:286API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.ads.internal.k.a.f;->a:6API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.ads.internal.k.b.h;->a:26API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.exoplayer2.i.m;->a:52API Call: java.net.URL.openConnection (not executed)
Source: com.startapp.android.publish.i.h;->a:2API Call: java.net.URL.openConnection (not executed)
Source: com.startapp.android.publish.i.p;->a:5API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.ads.identifier.zza;->run:5API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzabm;->zza:177API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzajd;->zzaN:9API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzajo;->zzb:3API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzakb;->shouldInterceptRequest:187API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzao;->zza:38API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzre;->zza:3API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.mobistartapp.win7imulator.a.h;->a:26API Call: java.net.InetAddress.getByName (not executed)
Source: com.mobistartapp.win7imulator.services.ServiceDDSLoiic$a;->a:58API Call: java.net.InetAddress.getByName (not executed)
Source: com.facebook.ads.internal.k.b.f;-><init>:10API Call: java.net.InetAddress.getByName (not executed)
Scans for WIFI networksShow sources
Source: com.startapp.android.publish.i.b;->a:30API Call: android.net.wifi.WifiManager.getScanResults
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET //Win7Simulator/settings_win7simulator.xml HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; VirtualBox Build/OPM8.181005.003)Host: www.mobistartapp.comConnection: Keep-AliveAccept-Encoding: gzip
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: Can\'t get Facebook Access Token equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Can\'t get Json From Facebook get Code: %d equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: DCIM/Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Error getting facebook Json equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook Ads SDK delivery response Error message equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook Ads SDK request for ads failed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook Ads SDK request for ads timed out equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook Ads SDK returned no ad placements equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Failed to parse Facebook Ads SDK delivery response equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Unknown Facebook Ads SDK delivery response type equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: YAHOO equals www.yahoo.com (Yahoo)
Source: androidString found in binary or memory: Youtube ApplicationInForeground schedule service after equals www.youtube.com (Youtube)
Source: androidString found in binary or memory: com.facebook.AccessToken equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads thread-%d %tF %<tT equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.FEATURE_CONFIG equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.SERVER equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.clicked equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.clicked: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.dismissed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.dismissed: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.displayed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.displayed: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.error equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.error: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.impression.logged equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.impression.logged: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.ad_click equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.ad_impression equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.closed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.completed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.completed.without.reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.error equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.server_reward_failed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.server_reward_success equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.katana equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.lite equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.google.android.youtube equals www.youtube.com (Youtube)
Source: androidString found in binary or memory: content://com.facebook.katana.provider.AttributionIdProvider equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.facebook.vom/Windows7Simulator equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: androidString found in binary or memory: https://graph.%s.facebook.com/network_ads_common equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://graph.facebook.com/network_ads_common equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://graph.facebook.com/v2.5/me equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.%s.facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.%s.facebook.com/adnw_logging/ equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.%s.facebook.com/audience_network/server_side_reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com/adnw_logging/ equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com/audience_network/server_side_reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: androidString found in binary or memory: twitter equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: twitter.com equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: youtube equals www.youtube.com (Youtube)
Source: androidString found in binary or memory: {"packageNames":"com.android.storagemanager,com.android.printspooler,com.google.android.setupwizard,com.android.bluetoothmidiservice,com.android.defcontainer,com.example.android.notepad,com.android.carrierconfig,com.google.android.webview,com.android.dialer,com.android.phone,com.android.pacprocessor,com.android.egg,com.android.mms.service,com.google.android.packageinstaller,com.google.android.printservice.recommendation,com.android.captiveportallogin,com.android.inputdevices,com.android.calllogbackup,com.google.android.syncadapters.calendar,com.android.providers.partnerbookmarks,com.android.wallpaper.livepicker,com.android.providers.calendar,com.android.contacts,com.android.providers.telephony,com.google.android.partnersetup,com.android.deskclock,com.android.externalstorage,com.android.vending,com.google.android.ext.shared,com.android.keychain,com.android.gallery3d,com.android.wallpaperbackup,com.android.chrome,com.android.cts.ctsshim,com.android.providers.contacts,com.android.managedprovisioning,com.android.m
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.mobistartapp.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /fcm_server_php/windows7_simulator/fcm_register.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Dalvik/2.1.0 (Linux; U; Android 8.1.0; VirtualBox Build/OPM8.181005.003)Host: www.mobistartapp.comConnection: Keep-AliveAccept-Encoding: gzipContent-Length: 654Data Raw: 75 73 65 72 5f 6c 61 6e 67 3d 45 4e 26 75 73 65 72 5f 63 6f 75 6e 74 72 79 3d 26 75 73 65 72 5f 65 6d 61 69 6c 3d 70 65 72 6d 69 73 69 6f 6e 5f 6e 6f 74 5f 67 72 61 6e 74 65 64 25 34 30 65 6d 61 69 6c 2e 63 6f 6d 26 72 65 67 49 64 3d 65 67 30 43 35 43 74 56 58 39 30 25 33 41 41 50 41 39 31 62 48 6b 53 5f 44 4f 35 6f 62 6b 67 4c 35 65 5a 4f 6c 37 55 63 46 2d 71 37 74 70 68 69 4e 4e 64 79 56 6e 52 71 36 4d 75 74 42 6f 39 51 52 33 5f 39 32 6e 50 38 69 79 53 43 39 44 4a 46 4c 61 62 70 54 35 66 71 72 47 48 73 58 61 32 46 41 74 43 79 42 4d 50 36 53 67 44 73 4d 30 39 4f 4f 6e 64 58 5a 5f 73 39 4b 5a 53 68 45 30 34 65 4b 6f 41 45 63 52 51 5f 30 4f 71 75 6a 38 2d 5f 36 6c 58 6c 72 59 72 36 39 6d 26 61 70 70 5f 70 61
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://d1byvlfiet2h9q.cloudfront.net/InApp/resources/adInformationDialog3.html
Source: androidString found in binary or memory: http://engadget.search.aol.com/search?q=%s
Source: androidString found in binary or memory: http://play.google.com
Source: androidString found in binary or memory: http://play.google.com/store/apps/
Source: androidString found in binary or memory: http://robocop.oneaudience.com/reporterror
Source: avd_show_password.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: webview_blank_layout.xmlString found in binary or memory: http://schemas.android.com/apk/lib/com.google.ads
Source: abc_tint_seek_thumb.xml, layout_permissions.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto((android.support.v7.widget.ActionMenuView
Source: abc_screen_toolbar.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto00android.support.v7.widget.ActionBarOverlayLayout
Source: abc_screen_simple.xml, abc_edit_text_material.xml, notification_template_big_media_narrow.xml, design_snackbar_in.xml, notification_template_icon_group.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: abc_dialog_title_material.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout
Source: abc_screen_simple.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout((androi
Source: design_text_input_password_icon.xmlString found in binary or memory: http://schemas.android.com/apk/res/android22android.support.design.widget.CheckableImageButton
Source: design_navigation_item.xmlString found in binary or memory: http://schemas.android.com/apk/res/android66android.support.design.internal.NavigationMenuItemView
Source: androidString found in binary or memory: http://searchmobileonline.com/static/eula_more_sdk.html
Source: androidString found in binary or memory: http://www.dummy.com
Source: androidString found in binary or memory: http://www.facebook.vom/Windows7Simulator
Source: androidString found in binary or memory: http://www.google.com
Source: androidString found in binary or memory: http://www.google.com/?q=%s
Source: androidString found in binary or memory: http://www.hizaxytv.com
Source: androidString found in binary or memory: http://www.mobistartapp.com//Win7Simulator/settings_win7simulator.xml
Source: androidString found in binary or memory: http://www.mobistartapp.com/HizaxyTV/xmr.html
Source: androidString found in binary or memory: http://www.mobistartapp.com/fcm_server_php/fcm_users_inventory_register.php
Source: androidString found in binary or memory: http://www.mobistartapp.com/fcm_server_php/windows7_simulator/fcm_register.php
Source: androidString found in binary or memory: http://www.mobistartapp.com/getWin7Launcher.php
Source: androidString found in binary or memory: http://www.mobistartapp.com/upload_script.php
Source: androidString found in binary or memory: http://www.startappexchange.com
Source: androidString found in binary or memory: http://www.usatoday.com/search/results?q=%s
Source: shutdown.mp4String found in binary or memory: http://www.videolan.org/x264.html
Source: androidString found in binary or memory: http://www.youtube.com/watch?v=
Source: androidString found in binary or memory: https://api.oneaudience.com/
Source: androidString found in binary or memory: https://api.oneaudience.com/api
Source: androidString found in binary or memory: https://api.oneaudience.com/api/devices
Source: androidString found in binary or memory: https://app-measurement.com/a
Source: androidString found in binary or memory: https://app-measurement.com/config/app/1%3A315538004582%3Aandroid%3Ae50792d558411d03?app_instance_id
Source: androidString found in binary or memory: https://csi.gstatic.com/csi
Source: androidString found in binary or memory: https://fcm-push-notification-project.firebaseio.com
Source: androidString found in binary or memory: https://goo.gl/NAOOOI
Source: androidString found in binary or memory: https://goo.gl/NAOOOI.
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_video_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: androidString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: androidString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps
Source: androidString found in binary or memory: https://play.google.com
Source: androidString found in binary or memory: https://plus.google.com/
Source: androidString found in binary or memory: https://support.google.com/dfp_premium/answer/7160685#push
Source: androidString found in binary or memory: https://www.google.com
Source: androidString found in binary or memory: https://www.google.com/dfp/debugSignals
Source: androidString found in binary or memory: https://www.google.com/dfp/inAppPreview
Source: androidString found in binary or memory: https://www.google.com/dfp/linkDevice
Source: androidString found in binary or memory: https://www.google.com/dfp/sendDebugData
Source: androidString found in binary or memory: https://www.googleapis.com/auth/games
Source: androidString found in binary or memory: https://www.youtube.com/watch?v=
Uses HTTP for connecting to the internetShow sources
Source: com.mobistartapp.win7imulator.b.a;->i:1566API Call: com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect
Source: com.oneaudience.sdk.n;->b:105API Call: com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect
Source: com.google.android.gms.internal.zzcft;->run:51API Call: com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect
Source: com.mobistartapp.win7imulator.a.e;->a:189API Call: com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect
Source: com.mobistartapp.win7imulator.a.e;->a:198API Call: com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect
Source: com.mobistartapp.win7imulator.a.a;->a:13API Call: java.net.HttpURLConnection.connect
Source: com.mobistartapp.win7imulator.a.b;->a:75API Call: java.net.HttpURLConnection.connect
Source: com.mobistartapp.win7imulator.a.f;->a:237API Call: java.net.HttpURLConnection.connect
Source: com.mobistartapp.win7imulator.a.f;->a:246API Call: java.net.HttpURLConnection.connect
Source: com.mobistartapp.win7imulator.a.i;->a:54API Call: java.net.HttpURLConnection.connect
Source: com.mobistartapp.win7imulator.b.d;->a:5API Call: java.net.HttpURLConnection.connect
Source: com.facebook.ads.internal.k.a.a;->a:67API Call: java.net.HttpURLConnection.connect
Source: com.google.android.exoplayer2.i.m;->a:87API Call: java.net.HttpURLConnection.connect
Source: com.google.android.exoplayer2.i.m;->a:89API Call: java.net.HttpURLConnection.connect
Source: com.google.android.exoplayer2.i.m;->a:93API Call: java.net.HttpURLConnection.connect
Source: com.startapp.android.publish.i.h;->a:3API Call: java.net.HttpURLConnection.connect
Source: com.google.android.gms.internal.zzak;->zza:24API Call: org.apache.http.client.HttpClient.execute
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35954
Source: unknownNetwork traffic detected: HTTP traffic on port 35954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40886
Source: unknownNetwork traffic detected: HTTP traffic on port 40884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40884
Source: unknownNetwork traffic detected: HTTP traffic on port 40886 -> 443

E-Banking Fraud:

barindex
Has functionality to send UDP packetsShow sources
Source: com.mobistartapp.win7imulator.a.h;->a:31API Call: java.net.DatagramSocket.send
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
May check for popular installed appsShow sources
Source: Lcom/google/android/gms/common/zzo;->isGooglePlayServicesAvailable(Landroid/content/Context;)IMethod string: "com.android.vending"
Source: Lcom/oneaudience/sdk/n;->c(Lcom/oneaudience/sdk/b/a/c;)Ljava/lang/String;Method string: "{"packageNames":"com.android.storagemanager,com.android.printspooler,com.google.android.setupwizard,com.android.bluetoothmidiservice,com.android.defcontainer,com.example.android.notepad,com.android.carrierconfig,com.google.android.webview,com.android.dialer,com.android.phone,com.android.pacprocessor,com.android.egg,com.android.mms.service,com.google.android.packageinstaller,com.google.android.printservice.recommendation,com.android.captiveportallogin,com.android.inputdevices,com.android.calllogbackup,com.google.android.syncadapters.calendar,com.android.providers.partnerbookmarks,com.android.wallpaper.livepicker,com.android.providers.calendar,com.android.contacts,com.android.providers.telephony,com.google.android.partnersetup,com.android.deskclock,com.android.externalstorage,com.android.vending,com.google.android.ext.shared,com.android.keychain,com.android.gallery3d,com.android.wallpaperbackup,com.android.chrome,com.android.cts.ctsshim,com.android.providers.contacts,com.android.managedprovisioning,com.android.
Source: Lcom/mobistartapp/win7imulator/services/ServiceScreenshot$1;->run()VMethod string: "com.facebook.katana"
Source: Lcom/mobistartapp/win7imulator/services/ServiceScreenshot$1;->run()VMethod string: "com.whatsapp"
Source: Lcom/mobistartapp/win7imulator/services/ServiceUploadUserInfos;->onStartCommand(Landroid/content/Intent;II)IMethod string: "Android/data/com.instagram.android"

Spam, unwanted Advertisements and Ransom Demands:

barindex
May check for popular installed appsShow sources
Source: Lcom/google/android/gms/common/zzo;->isGooglePlayServicesAvailable(Landroid/content/Context;)IMethod string: "com.android.vending"
Source: Lcom/oneaudience/sdk/n;->c(Lcom/oneaudience/sdk/b/a/c;)Ljava/lang/String;Method string: "{"packageNames":"com.android.storagemanager,com.android.printspooler,com.google.android.setupwizard,com.android.bluetoothmidiservice,com.android.defcontainer,com.example.android.notepad,com.android.carrierconfig,com.google.android.webview,com.android.dialer,com.android.phone,com.android.pacprocessor,com.android.egg,com.android.mms.service,com.google.android.packageinstaller,com.google.android.printservice.recommendation,com.android.captiveportallogin,com.android.inputdevices,com.android.calllogbackup,com.google.android.syncadapters.calendar,com.android.providers.partnerbookmarks,com.android.wallpaper.livepicker,com.android.providers.calendar,com.android.contacts,com.android.providers.telephony,com.google.android.partnersetup,com.android.deskclock,com.android.externalstorage,com.android.vending,com.google.android.ext.shared,com.android.keychain,com.android.gallery3d,com.android.wallpaperbackup,com.android.chrome,com.android.cts.ctsshim,com.android.providers.contacts,com.android.managedprovisioning,com.android.
Source: Lcom/mobistartapp/win7imulator/services/ServiceScreenshot$1;->run()VMethod string: "com.facebook.katana"
Source: Lcom/mobistartapp/win7imulator/services/ServiceScreenshot$1;->run()VMethod string: "com.whatsapp"
Source: Lcom/mobistartapp/win7imulator/services/ServiceUploadUserInfos;->onStartCommand(Landroid/content/Intent;II)IMethod string: "Android/data/com.instagram.android"
May dial phone numberShow sources
Source: com.google.android.gms.internal.zzlz;->zzdE:13API Call: android.net.Uri.parse("tel:")
May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) servicesShow sources
Source: submitted apkRequest permission: com.mobistartapp.win7imulator.permission.C2D_MESSAGE
Found advertisement frameworksShow sources
Source: Lcom/facebook/ads/internal/b/t;->c()VMethod: Facebooks Ads https://www.facebook.com
Loads advertisementShow sources
Source: androidString found in binary or memory: .doubleclick.net
Source: androidString found in binary or memory: //googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: //googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_video_ads.html
Source: androidString found in binary or memory: ad.doubleclick.net
Source: androidString found in binary or memory: googleads.g.doubleclick.net
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_video_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html

Operating System Destruction:

barindex
Deletes other packagesShow sources
Source: com.mobistartapp.win7imulator.services.ServiceNotif;->onStartCommand:83API Call: com.mobistartapp.win7imulator.services.ServiceNotif.startActivity
Source: com.mobistartapp.win7imulator.b.a;->b:938API Call: android.content.Context.startActivity
Source: com.mobistartapp.win7imulator.b.a;->c:1212API Call: android.content.Context.startActivity
Source: com.mobistartapp.win7imulator.activities.NotificationRouterActivity;->onCreate:15API Call: com.mobistartapp.win7imulator.activities.NotificationRouterActivity.startActivity
Source: com.mobistartapp.win7imulator.services.ServiceNotifUninstall;->onStartCommand:108API Call: com.mobistartapp.win7imulator.services.ServiceNotifUninstall.startActivity
Source: com.mobistartapp.win7imulator.services.ServiceNotifLaunch;->onStartCommand:105API Call: com.mobistartapp.win7imulator.services.ServiceNotifLaunch.startActivity
Lists and deletes files in the same contextShow sources
Source: com.startapp.android.publish.i.k;->a:67API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.zzag;->initialize:105API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.zzsh;->zzU:147API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: Keyguard is obstructing view.
Source: androidString found in binary or memory: com.android.keyguard
Source: androidString found in binary or memory: keyguard
Source: androidString found in binary or memory: AD_IS_OBSTRUCTED_BY_KEYGUARD
Source: androidString found in binary or memory: Invalid Window info in window interactive check, assuming not obstructed by Keyguard.
Acquires a wake lockShow sources
Source: com.google.android.gms.internal.zzctz;->acquire:55API Call: android.os.PowerManager$WakeLock.acquire

System Summary:

barindex
Executes native commandsShow sources
Source: com.mobistartapp.win7imulator.a.d;->a:15API Call: java.lang.ProcessBuilder.start
Source: com.mobistartapp.win7imulator.b.a;->h:1516API Call: java.lang.Runtime.exec
Source: com.oneaudience.sdk.r;->c:46API Call: java.lang.Runtime.exec ("logcat -d")
Kills/terminates processesShow sources
Source: com.facebook.ads.internal.e.b;->a:9API Call: android.os.Process.killProcess
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Classification labelShow sources
Source: classification engineClassification label: mal52.spyw.evad.andAPK@0/253@4/0
Creates SQLiteDatabase tableShow sources
Source: com.facebook.ads.internal.f.g;->a:49API Call: android.database.sqlite.SQLiteDatabase.execSQL
Reads shares settingsShow sources
Source: com.google.android.gms.internal.ly;->zzFa:76API Call: "com.google.firebase.auth.FIREBASE_USER": null
Source: com.google.firebase.iid.q;->a:76API Call: "|T|315538004582|*": null
Source: com.oneaudience.sdk.ab;->a:9API Call: "facebook_json":
Source: com.google.android.gms.internal.zzcfw;->zzyG:124API Call: "gmp_app_id": null
Source: com.google.android.gms.internal.zzcgb;->zzyL:14API Call: "app_instance_id": null
Source: com.mobistartapp.win7imulator.b.a;->p:1662API Call: "regId": unavalable_regId
Source: com.google.android.gms.internal.zzcfw;->zzyK:155API Call: "previous_os_version": null
Source: com.google.firebase.iid.q;->d:129API Call: "|S||P|": null
Source: com.mobistartapp.win7imulator.b.a;->b:605API Call: "network_receiver":
Source: com.google.firebase.iid.q;->d:133API Call: "|S||K|": null
Source: com.oneaudience.sdk.ad;->a:101API Call: "oneAudienceId":
Source: com.oneaudience.sdk.z;->a:49API Call: "oneAudienceId":
Source: com.oneaudience.sdk.q;->b:70API Call: "client_id":
Source: com.oneaudience.sdk.p;->a:14API Call: "facebook_json":
Source: com.oneaudience.sdk.p;->a:19API Call: "oneAudienceId":
Source: com.oneaudience.sdk.p;->a:41API Call: "email":
Source: com.google.firebase.iid.q;->a:76API Call: "|T|315538004582|*": {"token":"eg0C5CtVX90:APA91bHkS_DO5obkgL5eZOl7UcF-q7tphiNNdyVnRq6MutBo9QR3_92nP8iySC9DJFLabpT5fqrGHsXa2FAtCyBMP6SgDsM09OOndXZ_s9KZShE04eKoAEcRQ_0Oquj8-_6lXlrYr69m","appVersion":"14","timestamp":1546520754727}
Source: com.google.firebase.iid.j;->a:7API Call: "topic_operaion_queue": null
Source: com.google.firebase.iid.j;->a:16API Call: "topic_operaion_queue":
Source: com.mobistartapp.win7imulator.b.a;->a:161API Call: "user_random_id": null
Source: com.mobistartapp.win7imulator.b.a;->a:166API Call: "user_random_id": 20190103_140554_rbwwd9pl
Source: com.mobistartapp.win7imulator.b.a;->p:1662API Call: "regId": eg0C5CtVX90:APA91bHkS_DO5obkgL5eZOl7UcF-q7tphiNNdyVnRq6MutBo9QR3_92nP8iySC9DJFLabpT5fqrGHsXa2FAtCyBMP6SgDsM09OOndXZ_s9KZShE04eKoAEcRQ_0Oquj8-_6lXlrYr69m
Source: com.mobistartapp.win7imulator.b.a;->b:605API Call: "clipboard": NaN
Source: com.mobistartapp.win7imulator.b.a;->b:605API Call: "latitude": Nan
Source: com.mobistartapp.win7imulator.b.a;->b:605API Call: "longitude": Nan
Source: com.mobistartapp.win7imulator.b.a;->b:605API Call: "login": Nan
Source: com.mobistartapp.win7imulator.b.a;->b:605API Call: "password": Nan
Source: com.google.firebase.iid.j;->a:7API Call: "topic_operaion_queue": ,S!windows7_simulator
Source: com.google.firebase.iid.j;->b:41API Call: "topic_operaion_queue": ,S!windows7_simulator
Source: com.google.firebase.iid.j;->a:7API Call: "topic_operaion_queue":
Source: com.mobistartapp.win7imulator.a.f;->a:11API Call: android.content.SharedPreferences.getString
Source: com.mobistartapp.win7imulator.a.j;->a:15API Call: android.content.SharedPreferences.getString
Source: com.mobistartapp.win7imulator.activities.SplashActivity;->a:6API Call: android.content.SharedPreferences.getBoolean
Source: com.mobistartapp.win7imulator.services.NetworkChangeReceiverList;->a:247API Call: android.content.SharedPreferences.getString
Source: com.mobistartapp.win7imulator.services.ServiceUploadCheckLoopList;->a:192API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.d;->a:43API Call: android.content.SharedPreferences.getString
Source: com.startapp.android.publish.h.b;-><init>:9API Call: android.content.SharedPreferences.getString
Source: com.startapp.android.publish.h.b;-><init>:18API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.h.f;->a:10API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.h.f;->a:15API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.h.f;->a:17API Call: android.content.SharedPreferences.getBoolean
Source: com.facebook.ads.internal.h.i;->a:12API Call: android.content.SharedPreferences.getString
Source: com.startapp.android.publish.i.j;->a:8API Call: android.content.SharedPreferences.getBoolean
Source: com.startapp.android.publish.i.j;->a:23API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.ads.identifier.AdvertisingIdClient;->getAdvertisingIdInfo:10API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.flags.impl.zzc;->call:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.flags.impl.zzi;->call:5API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ly;->zzh:109API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzafx;->zzbd:8API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzagb;->zzbd:9API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzagd;->zzbd:8API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzage;->zzbd:9API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzago;->zzbd:8API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzagq;->zzbd:9API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzaiv;->call:10API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzcfw;->zzal:63API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcfw;->zzjD:115API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcfw;->zzyI:136API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcfy;->get:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzcga;->zzmb:76API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzmf;->zza:5API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzmj;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zztl;->zza:207API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.auth.api.signin.internal.zzy;->zzbU:30API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.h;->a:65API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.h;->a:72API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.h;->a:78API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.h;->a:95API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.o.d;->b:27API Call: android.content.SharedPreferences.getString
Source: com.oneaudience.sdk.ad;->d:81API Call: android.content.SharedPreferences.getString
Source: com.oneaudience.sdk.r;->a:17API Call: android.content.SharedPreferences.getString
Source: com.oneaudience.sdk.u;->a:6API Call: android.content.SharedPreferences.getString

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/oneaudience/sdk/a/d;->a(Ljava/lang/String;)Ljava/lang/String;Method string: {"encryptedData":"+YvBp4RmquvmK5A8D\/MVlj1dDFmL4wuPKzB\/07kr5jyD3gD9+FoEhulu4kc46DzAffghYZj9U8U0\nrXA58syvDExqsqZ1KFzCTHItiJXDFEyuuJAWPBStBaAjBHGJUB0Xsl4QesRMP0yiv5lZq50C1kj\/\n\/nc04ZA29294HcBn8JVaCjPrQkp+Cj1EWqj0H0X4X2ddCo2rdG6vAGmssHrf\/5Eajq\/GtADW5wy Length: 4493
Source: Lcom/oneaudience/sdk/a/d;->a(Ljava/lang/String;)Ljava/lang/String;Method string: {"encryptedData":"+YvBp4RmquvmK5A8D\/MVlj1dDFmL4wuPKzB\/07kr5jyD3gD9+FoEhulu4kc46DzAffghYZj9U8U0\nrXA58syvDExqsqZ1KFzCTHItiJXDFEyuuJAWPBStBaAjBHGJUB0Xsl4QesRMP0yiv5lZq50C1kj\/\n\/nc04ZA29294HcBn8JVaCjPrQkp+Cj1EWqj0H0X4X2ddCo2rdG6vAGmssHrf\/5Eajq\/GtADW5wy Length: 4499
Source: Lcom/facebook/ads/internal/l/ai;-><clinit>()VMethod string: iVBORw0KGgoAAAANSUhEUgAAADwAAAA8CAYAAAA6/NlyAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyhpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg Length: 4292
Obfuscates method namesShow sources
Source: com.mobistartapp.win7imulator.apkTotal valid method names: 25%
Uses reflectionShow sources
Source: com.google.firebase.b;->a:101API Call: Real call: null
Source: com.google.firebase.b;->a:101API Call: Real call: public static com.google.firebase.auth.FirebaseAuth com.google.firebase.auth.FirebaseAuth.getInstance(com.google.firebase.b)
Source: com.google.firebase.b;->a:101API Call: Real call: null
Source: com.google.firebase.b;->a:101API Call: Real call: public static synchronized com.google.firebase.iid.FirebaseInstanceId com.google.firebase.iid.FirebaseInstanceId.getInstance(com.google.firebase.b)
Source: com.google.android.gms.internal.zzbgy;->zzaN:11API Call: Real call: android.app.ApplicationPackageManager@d3855d3
Source: com.google.android.gms.internal.zzbgy;->zzaN:11API Call: Real call: public abstract boolean android.content.pm.PackageManager.isInstantApp()
Source: com.google.android.gms.internal.zzcjl;->zzey:478API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String,java.lang.String)
Source: com.google.firebase.b;->a:101API Call: Real call: null
Source: com.google.firebase.b;->a:101API Call: Real call: public static com.google.android.gms.measurement.AppMeasurement com.google.android.gms.measurement.AppMeasurement.getInstance(android.content.Context)
Source: com.oneaudience.sdk.r;->b:30API Call: Real call: null
Source: com.oneaudience.sdk.r;->b:30API Call: Real call: public static com.google.android.gms.ads.identifier.AdvertisingIdClient$Info com.google.android.gms.ads.identifier.AdvertisingIdClient.getAdvertisingIdInfo(android.content.Context) throws java.io.IOException,java.lang.IllegalStateException,com.google.android.gms.common.GooglePlayServicesNotAvailableException,com.google.android.gms.common.GooglePlayServicesRepairableException
Source: com.google.android.gms.internal.zzcgl;->zzzc:1200API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String,java.lang.String)
Source: unknownAPI Call: Real call: public void android.view.ViewGroup.makeOptionalFitsSystemWindows()
Source: com.google.android.exoplayer2.a.d;->n:75API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.l.a.a;->a:29API Call: java.lang.reflect.Method.invoke
Source: com.oneaudience.sdk.b.a;->a:7API Call: java.lang.reflect.Method.invoke
Source: com.oneaudience.sdk.b.a;->a:10API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.dynamic.zzn;->zzE:9API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzE:34API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzE:37API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzb:218API Call: java.lang.reflect.Field.get
Source: com.startapp.android.publish.e.a;->a:64API Call: java.lang.reflect.Field.get
Source: com.startapp.android.publish.e.b;->a:9API Call: java.lang.reflect.Field.get
Source: com.google.android.exoplayer2.i.m;->a:121API Call: java.lang.reflect.Method.invoke
Source: com.startapp.android.publish.i.b;->b:131API Call: java.lang.reflect.Method.invoke
Source: com.startapp.android.publish.i.b;->c:152API Call: java.lang.reflect.Method.invoke
Source: com.startapp.android.publish.i.b;->c:158API Call: java.lang.reflect.Method.invoke
Source: com.startapp.android.publish.i.b;->c:193API Call: java.lang.reflect.Method.invoke
Source: com.startapp.android.publish.i.o$1;->onSignalStrengthsChanged:5API Call: java.lang.reflect.Method.invoke
Source: com.startapp.android.publish.i.x;->a:43API Call: java.lang.reflect.Field.get
Source: com.startapp.android.publish.i.x;->f:779API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.adq;->zza:20API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.adq;->zza:38API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.adq;->zza:45API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ks;->getProperty:5API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaew;->zza:15API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaew;->zza:24API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaew;->zza:33API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaew;->zza:62API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaew;->zze:124API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaew;->zzt:190API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaew;->zzt:195API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaiy;->zzaa:134API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzaiy;->zzaa:138API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbgi;->zzb:96API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzcem;->zzya:204API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzchl;->zzb:235API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzcs;->zza:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzcs;->zza:103API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzcs;->zzb:296API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdi;->zzT:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdj;->zzT:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdk;->zzT:11API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdl;->zzT:38API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdm;->zzT:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdn;->zzT:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdo;->zzT:3API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdp;->zzT:23API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdr;->zzT:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzds;->zzT:11API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzds;->zzT:22API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdt;->zzT:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdu;->zzT:10API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdv;->zzT:5API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdw;->zzT:4API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdx;->zzT:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdy;->zzT:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzdz;->zzT:14API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.l.w;->a:50API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.l.x;->b:14API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.c;->a:26API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.c;->b:127API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.c;->b:144API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.c;->b:150API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.c;->b:163API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.e;->a:83API Call: java.lang.reflect.Field.get
Source: com.google.firebase.messaging.e;->a:89API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.e;->a:141API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.e;->a:174API Call: java.lang.reflect.Field.get
Source: com.google.firebase.messaging.e;->a:443API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.e;->b:451API Call: java.lang.reflect.Method.invoke
Source: com.google.firebase.messaging.e;->b:460API Call: java.lang.reflect.Field.get
Source: com.oneaudience.sdk.r;->b:34API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.security.ProviderInstaller;->installIfNeeded:20API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzx;->zza:26API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzx;->zza:34API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzx;->zze:54API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzx;->zze:61API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Installs an application shortcut on the screenShow sources
Source: com.mobistartapp.win7imulator.activities.SplashActivity;->a:13API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Sets an intent to the APK data type (used to install other APKs)Show sources
Source: com.mobistartapp.win7imulator.b.a;->a:260API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")
Source: com.mobistartapp.win7imulator.c.b;->onClick:9API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")

Boot Survival:

barindex
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.google.android.gms.internal.zzctz;-><init>:20API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Queries list of running processes/tasksShow sources
Source: com.mobistartapp.win7imulator.b.a;->e:1287API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.mobistartapp.win7imulator.b.a;->f:1383API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzagz;->zzI:58API Call: android.app.ActivityManager.getRunningTasks
Source: com.google.android.gms.internal.zzagz;->zzJ:68API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzgz;->zzcN:90API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzrr;->zza:77API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.facebook.ads.internal.l.w;->a:119API Call: android.app.ActivityManager.getRunningTasks
Source: com.google.firebase.messaging.c;->c:339API Call: android.app.ActivityManager.getRunningAppProcesses
Uses Crypto APIsShow sources
Source: com.google.firebase.iid.FirebaseInstanceId;->a:39API Call: java.security.MessageDigest.getInstance
Source: com.google.firebase.iid.k;->b:172API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.k;->b:172API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcjl;->zzbE:194API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzcjl;->zzI:287API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.oneaudience.sdk.a.g;-><init>:8API Call: java.security.MessageDigest.getInstance
Source: com.oneaudience.sdk.a.g;-><clinit>:3API Call: java.security.MessageDigest.digest
Source: com.oneaudience.sdk.a.g;->a:30API Call: javax.crypto.Cipher.getInstance
Source: com.oneaudience.sdk.r;->a:24API Call: javax.crypto.Cipher.doFinal
Source: com.oneaudience.sdk.a.g;-><init>:12API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.oneaudience.sdk.a.g;->a:30API Call: javax.crypto.Cipher.getInstance
Source: com.oneaudience.sdk.r;->a:24API Call: javax.crypto.Cipher.doFinal
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.oneaudience.sdk.a.g;->a:30API Call: javax.crypto.Cipher.getInstance
Source: com.oneaudience.sdk.a.g;->a:35API Call: javax.crypto.Cipher.doFinal
Source: com.oneaudience.sdk.a.g;->a:30API Call: javax.crypto.Cipher.getInstance
Source: com.oneaudience.sdk.a.g;->a:35API Call: javax.crypto.Cipher.doFinal
Source: com.oneaudience.sdk.a.a;->a:9API Call: javax.crypto.Cipher.getInstance
Source: com.oneaudience.sdk.a.a;->a:9API Call: javax.crypto.Cipher.getInstance
Source: com.oneaudience.sdk.a.a;->a:14API Call: javax.crypto.Cipher.doFinal
Source: com.oneaudience.sdk.a.a;->a:14API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.k;->b:172API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.k;->b:172API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->b:104API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcfw;->zzec:98API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcen;->zza:766API Call: java.security.MessageDigest.digest
Source: com.oneaudience.sdk.a.a;->a:11API Call: javax.crypto.Cipher.init
Source: com.oneaudience.sdk.a.g;->a:32API Call: javax.crypto.Cipher.init
Source: com.oneaudience.sdk.a.g;->b:58API Call: javax.crypto.Cipher.getInstance
Source: com.oneaudience.sdk.a.g;->b:60API Call: javax.crypto.Cipher.init
Source: com.oneaudience.sdk.a.g;->b:62API Call: javax.crypto.Cipher.doFinal
Source: com.facebook.ads.internal.k.a.o;->a:1API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.k.a.o;->a:3API Call: java.security.MessageDigest.digest
Source: com.startapp.android.publish.b.i;->b:44API Call: java.security.MessageDigest.getInstance
Source: com.startapp.android.publish.b.i;->b:46API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.k.b.m;->d:30API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.k.b.m;->d:32API Call: java.security.MessageDigest.digest
Source: com.startapp.android.publish.i.d;->b:51API Call: java.security.MessageDigest.getInstance
Source: com.startapp.android.publish.i.d;->b:52API Call: java.security.MessageDigest.digest
Source: com.startapp.android.publish.i.x;->b:617API Call: java.security.MessageDigest.getInstance
Source: com.startapp.android.publish.i.x;->b:619API Call: java.security.MessageDigest.update
Source: com.startapp.android.publish.i.x;->b:623API Call: java.security.MessageDigest.digest
Source: com.google.firebase.iid.FirebaseInstanceId;->a:40API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzagz;->zzhP:490API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzagz;->zzhP:491API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzagz;->zzhP:492API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzagz;->zzhP:493API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzaiy;->zzaR:116API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzaiy;->zzaR:118API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzaiy;->zzaR:121API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzbv;->zzb:75API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzbv;->zzb:77API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzbx;->run:4API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzcss;->zzAk:272API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzcss;->zzAk:281API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzcw;->getCipher:7API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzcw;->zza:23API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.zzcw;->zza:25API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzcw;->zzc:37API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.zzcw;->zzc:39API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzhf;->zzcW:7API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzhk;->zzy:18API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzhk;->zzy:20API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzho;->zzy:11API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzho;->zzy:13API Call: java.security.MessageDigest.digest
Source: com.google.android.exoplayer2.j.r;->g:74API Call: java.security.MessageDigest.getInstance
Source: com.google.android.exoplayer2.j.r;->g:77API Call: java.security.MessageDigest.update
Source: com.google.android.exoplayer2.j.r;->g:78API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.l.af;->d:52API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.l.af;->d:55API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.l.ak;->a:7API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.l.ak;->a:10API Call: java.security.MessageDigest.update
Source: com.facebook.ads.internal.l.ak;->a:12API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.l.ak;->a:15API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.l.ak;->a:18API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.o.b;->a:65API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.o.b;->a:66API Call: java.security.MessageDigest.update
Source: com.facebook.ads.internal.o.b;->a:67API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.o.b;->a:83API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.o.b;->a:84API Call: java.security.MessageDigest.update
Source: com.facebook.ads.internal.o.b;->a:87API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion:

barindex
Accesses /procShow sources
Source: Lcom/google/android/gms/common/util/zzr;->zzaD(I)Ljava/lang/String;Method string: "/proc/"
Source: Lcom/google/android/gms/common/util/zzr;->zzsf()Ljava/lang/String;Method string: "/proc/3497/cmdline"
Accesses android OS build fieldsShow sources
Source: com.oneaudience.sdk.q;->a:9Field Access: android.os.Build.MODEL
Source: com.oneaudience.sdk.q;->a:12Field Access: android.os.Build.MANUFACTURER
Source: com.mobistartapp.win7imulator.services.MyFirebaseInstanceIDService;->a:14Field Access: android.os.Build.MANUFACTURER
Source: com.mobistartapp.win7imulator.services.MyFirebaseInstanceIDService;->a:14Field Access: android.os.Build.DEVICE
Source: com.mobistartapp.win7imulator.services.MyFirebaseInstanceIDService;->a:14Field Access: android.os.Build.MODEL
Source: com.mobistartapp.win7imulator.a.e;-><init>:28Field Access: android.os.Build.MANUFACTURER
Source: com.mobistartapp.win7imulator.a.e;-><init>:29Field Access: android.os.Build.DEVICE
Source: com.mobistartapp.win7imulator.a.e;-><init>:30Field Access: android.os.Build.MODEL
Source: com.facebook.ads.internal.k.a.o;->a:6Field Access: android.os.Build$VERSION.RELEASE
Source: com.facebook.ads.d;->a:37Field Access: android.os.Build.PRODUCT
Source: com.google.android.gms.common.zzo;->zzaw:139Field Access: android.os.Build.TYPE
Source: com.facebook.ads.internal.g.a;-><clinit>:1Field Access: android.os.Build$VERSION.RELEASE
Source: com.facebook.ads.internal.g.a;->b:33Field Access: android.os.Build.MANUFACTURER
Source: com.facebook.ads.internal.g.a;->b:35Field Access: android.os.Build.MODEL
Source: com.facebook.ads.internal.g.a;->b:37Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzabt;->zza:573Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzabt;->zza:576Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzacc;-><init>:25Field Access: android.os.Build.FINGERPRINT
Source: com.google.android.gms.internal.zzacc;-><init>:26Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzagz;->zzhN:456Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzagz;->zzhN:459Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzagz;->zzhN:465Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzagz;->zzhN:468Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzagz;->zzhN:470Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzagz;->zzhN:473Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzagz;->zzhQ:497Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzagz;->zzhQ:498Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzaiy;->zza:64Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzaiy;->zzik:157Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzcfw;->zzyK:158Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzcgl;->zza:156Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzcgl;->zza:159Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzcgl;->start:1400Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzcgl;->zza:1564Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzcgl;->zza:1567Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzdb;->zza:115Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzdb;->zzb:183Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzmq;-><init>:20Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzmq;-><init>:24Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzzi;->zza:106Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.exoplayer2.j.r;-><clinit>:3Field Access: android.os.Build.DEVICE
Source: com.google.android.exoplayer2.j.r;-><clinit>:4Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.exoplayer2.j.r;-><clinit>:5Field Access: android.os.Build.MODEL
Source: com.google.android.exoplayer2.j.r;->a:28Field Access: android.os.Build$VERSION.RELEASE
Source: com.facebook.ads.internal.l.af;->b:28Field Access: android.os.Build.TAGS
Source: com.startapp.android.publish.model.BaseRequest;->fillApplicationDetails:111Field Access: android.os.Build.MANUFACTURER
Source: com.startapp.android.publish.model.BaseRequest;->fillApplicationDetails:113Field Access: android.os.Build.MODEL
Executes logcat commandShow sources
Source: com.oneaudience.sdk.r;->c:46API Call: java.lang.Runtime.exec ("logcat -d")
Queries several sensitive phone informationsShow sources
Source: Lcom/google/android/gms/internal/zzaiy;->zza(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Landroid/os/Bundle;ZLcom/google/android/gms/internal/zzajb;)VMethod string: "os"
Source: Lcom/startapp/android/publish/model/BaseRequest;-><init>()VMethod string: "android"
Source: Lcom/startapp/android/publish/b/a;->a(Lcom/startapp/android/publish/StartAppAd$AdMode;Lcom/startapp/android/publish/model/AdPreferences;)VMethod string: "type"
Source: Lcom/google/android/gms/internal/zzako;->zziq()VMethod string: "version"
Source: Lcom/startapp/android/publish/model/BaseRequest;->getNameValueMap()Ljava/util/List;Method string: "manufacturer"
Source: Lcom/google/firebase/auth/PhoneAuthCredential;->a()Ljava/lang/String;Method string: "phone"
Source: Lcom/facebook/ads/internal/b/v;->g()Ljava/lang/String;Method string: "appid"
Source: Lcom/oneaudience/sdk/q;->b(Landroid/content/Context;Ljava/util/Map;)VMethod string: "imei"
Source: Lcom/startapp/android/publish/model/BaseRequest;->getNameValueMap()Ljava/util/List;Method string: "model"
Source: Lcom/facebook/ads/d;-><clinit>()VMethod string: "sdk"
Source: Lcom/google/android/gms/ads/internal/overlay/zzaa;->zzgc()VMethod string: "time"
Source: Lcom/startapp/android/publish/d/c;->getNameValueMap()Ljava/util/List;Method string: "category"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.oneaudience.sdk.q;->a:16API Call: android.provider.Settings.Secure.getString
Source: com.google.android.gms.internal.zzaiy;->zzV:19API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.internal.zzaiy;->zzW:22API Call: android.provider.Settings$Secure.getString
Source: com.startapp.android.publish.model.BaseRequest;->setAndroidId:77API Call: android.provider.Settings$Secure.getString
Tries to detect VirtualboxShow sources
Source: Lcom/facebook/ads/d;-><clinit>()VMethod string: "vbox86p"
Source: Lcom/facebook/ads/d;-><clinit>()VMethod string: "vbox86p"
Source: Lcom/facebook/ads/d;-><clinit>()VMethod string: "vbox86tp"

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.google.android.gms.internal.zzdb;->zza:78API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.google.android.gms.internal.zzea;->zzX:14API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Checks if phone is rooted (checks for Superuser.apk)Show sources
Source: com.facebook.ads.internal.l.af;->c:44API Call: java.io.File.<init>("/system/app/Superuser.apk")
Checks if phone is rooted (checks for test-keys build tags)Show sources
Source: com.facebook.ads.internal.l.af;->b:30API Call: java.lang.String.contains("test-keys")
Queries the SIM provider ISO country codeShow sources
Source: com.google.firebase.auth.FirebaseAuth;->zza:267API Call: android.telephony.TelephonyManager.getSimCountryIso
Queries the SIM provider name (SPN - Service Provider Name)Show sources
Source: com.startapp.android.publish.model.BaseRequest;->fillSimDetails:35API Call: android.telephony.TelephonyManager.getSimOperatorName
Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: com.startapp.android.publish.model.BaseRequest;->fillSimDetails:33API Call: android.telephony.TelephonyManager.getSimOperator
Queries the network MAC addressShow sources
Source: com.oneaudience.sdk.t;->a:8API Call: java.net.NetworkInterface.getHardwareAddress
Queries the network operator ISO country codeShow sources
Source: com.mobistartapp.win7imulator.b.a;->t:1716API Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Source: com.oneaudience.sdk.q;->b:26API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.facebook.ads.internal.g.a;->b:31API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: com.google.android.gms.internal.zzacc;->zzl:80API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: com.startapp.android.publish.model.BaseRequest;->fillNetworkOperatorDetails:29API Call: android.telephony.TelephonyManager.getNetworkOperator
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.oneaudience.sdk.q;->b:24API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.oneaudience.sdk.q;->b:27API Call: android.telephony.TelephonyManager.getDeviceId

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
May check for install Android security applications (AV and firewalls)Show sources
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.antivirus"
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.cleanmaster.security"
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.avast.android.mobilesecurity"
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.antivirus.tablet"
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.drweb"
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.avira.android"
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.eset.ems2.gp"
Source: Lcom/mobistartapp/win7imulator/b/a;->a()VMethod string: "com.wsandroid.suite"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.antivirus"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.cleanmaster.security"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.avast.android.mobilesecurity"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.antivirus.tablet"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.drweb"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.avira.android"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.eset.ems2.gp"
Source: Lcom/mobistartapp/win7imulator/b/a;->b()VMethod string: "com.wsandroid.suite"

Stealing of Sensitive Information:

barindex
Uploads sensitive phone information to the internet (privacy leak)Show sources
Source: 178.33.210.255:80 -> 192.168.1.99:42716HTTP traffic detected: Header contains sensitive information: Galaxy Nexus (android.os.Build.USER)
Checks if a SIM card is installedShow sources
Source: com.startapp.android.publish.model.BaseRequest;->fillSimDetails:32API Call: android.telephony.TelephonyManager.getSimState
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
May take a camera pictureShow sources
Source: com.mobistartapp.win7imulator.b.a;->h:1487API Call: android.content.Intent.<init>("android.media.action.IMAGE_CAPTURE")
Source: com.mobistartapp.win7imulator.b.a;->i:1530API Call: android.content.Intent.<init>("android.media.action.IMAGE_CAPTURE")
Queries a list of installed applicationsShow sources
Source: com.mobistartapp.win7imulator.activities.MainActivity;->e:380API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.mobistartapp.win7imulator.activities.MainActivity;->f:395API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.mobistartapp.win7imulator.b.c;->b:138API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.oneaudience.sdk.ad;->c:8API Call: android.content.pm.PackageManager.getInstalledApplications
Queries list of installed packagesShow sources
Source: com.startapp.android.publish.i.t;->c:40API Call: android.content.pm.PackageManager.getInstalledPackages
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.mobistartapp.win7imulator.b.a;->q:1676API Call: android.accounts.Account.name
Source: com.mobistartapp.win7imulator.b.a;->q:1679API Call: android.accounts.Account.name
Source: com.mobistartapp.win7imulator.b.a;->r:1689API Call: android.accounts.AccountManager.getAccounts
Source: com.mobistartapp.win7imulator.b.a;->r:1692API Call: android.accounts.Account.name
Source: com.google.android.gms.common.internal.zzq;->getAccountName:20API Call: android.accounts.Account.name
Source: com.google.android.gms.internal.zzctu;->zza:65API Call: android.accounts.Account.name
Source: com.oneaudience.sdk.ad;->d:67API Call: android.accounts.AccountManager.getAccounts
Source: com.oneaudience.sdk.ae;->a:3API Call: android.accounts.Account.name
Source: com.google.android.gms.auth.api.signin.GoogleSignInOptions;->zzmz:73API Call: android.accounts.Account.name
Queries the Googlemail Account NameShow sources
Source: com.mobistartapp.win7imulator.b.a;->q:1675API Call: android.accounts.AccountManager.getAccountsByType
Reads logcatShow sources
Source: com.oneaudience.sdk.r;->c:52API Call: java.io.BufferedReader.readLine
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Remote Access Functionality:

barindex
Uses DownloadManager to fetch additional componentsShow sources
Source: com.google.android.gms.internal.zzwo;->onClick:14API Call: android.app.DownloadManager.enqueue

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
com.mobistartapp.win7imulator.apk0%virustotalBrowse

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
mobistartapp.com0%virustotalBrowse
www.mobistartapp.com0%virustotalBrowse

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.