Loading ...

Play interactive tourEdit tour

Analysis Report wdeQEksXgm

Overview

General Information

Joe Sandbox Version:26.0.0
Analysis ID:84847
Start date:16.09.2019
Start time:09:56:56
Joe Sandbox Product:Cloud
Overall analysis duration:0h 9m 7s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:wdeQEksXgm
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 5.1 Native (Motorola Moto G 3rd Generation)
APK Instrumentation enabled:true
Detection:MAL
Classification:mal100.troj.spyw.expl.evad.and@0/254@1/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 216.58.215.234, 172.217.168.42, 172.217.168.74
  • Excluded domains from analysis (whitelisted): cloudconfig.googleapis.com, googleapis.l.google.com
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all non-executed APIs are in report
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedThreatDetection
Threshold1000 - 100Report FP / FNfalse
Nicro
malicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


Privilege Escalation:

barindex
Requests root accessShow sources
Source: com.omg.event.utils.RootContext$ScriptRunner;->run:38API Call: java.lang.Runtime.exec ("su")
Source: Lcom/omgSdk/outport/GetParamsUtil;->f()ZMethod string: "/system/bin/su"
Source: Lcom/omgSdk/outport/GetParamsUtil;->f()ZMethod string: "/system/xbin/su"
Source: Lcom/omg/event/utils/RootContext;->getInstance()Lcom/omg/event/utils/RootContext;Method string: "/system/xbin/su"
Source: Lcom/omg/event/utils/RootContext;->getInstance()Lcom/omg/event/utils/RootContext;Method string: "/system/bin/su"

Spreading:

barindex
Has permission to change the WIFI configuration including connecting and disconnectingShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Accesses external storage locationShow sources
Source: b.a.m;->c:20API Call: android.os.Environment.getExternalStorageState
Source: b.a.m;->c:23API Call: android.os.Environment.getExternalStorageDirectory
Source: com.omg.tool.builds.FileBuild;-><init>:3API Call: android.os.Environment.getExternalStorageDirectory
Source: sdk.nicro.lu.l;->a:46API Call: android.os.Environment.getExternalStorageState
Source: sdk.nicro.lu.l;->b:62API Call: android.os.Environment.getExternalStorageDirectory
Source: sdk.nicro.lu.l;->c:100API Call: android.os.Environment.getExternalStorageDirectory
Source: sdk.nicro.lu.l;->c:105API Call: android.os.Environment.getExternalStorageDirectory
Source: sdk.nicro.lu.s;->c:39API Call: android.os.Environment.getExternalStorageDirectory
Source: sdk.nicro.lu.s;->a:68API Call: android.os.Environment.getExternalStorageDirectory
Source: com.core.model.h;->a:6API Call: android.os.Environment.getExternalStorageDirectory
Source: com.omgSdk.outport.LiveApplication;->fastCoupleIn:45API Call: android.os.Environment.getExternalStorageDirectory
Source: com.omg.tool.StorageManager;->a:30API Call: android.os.Environment.getExternalStorageDirectory
Source: com.omg.tool.StorageManager;->createFile:45API Call: android.os.Environment.getExternalStorageDirectory
Source: com.omg.tool.StorageManager;->createWriteFile:79API Call: android.os.Environment.getExternalStorageDirectory
Source: com.omg.tool.StorageManager;->validExternal:108API Call: android.os.Environment.getExternalStorageState
Source: com.omg.tool.URLManager;->addFromSd:24API Call: android.os.Environment.getExternalStorageState
Source: com.omg.tool.URLManager;->addFromSd:30API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.omg.base.terminal.OmgTerminalinfo;->c:49API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.omg.tool.net.NetworkCheck;->isNetworkConnected:14API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.omg.tool.net.NetworkCheck;->isNetworkConnected:15API Call: android.net.NetworkInfo.isAvailable
Source: com.omg.tool.net.NetworkCheck;->isNetworkConnected:16API Call: android.net.NetworkInfo.isConnected
Source: b.a.at;->h:193API Call: android.net.ConnectivityManager.getNetworkInfo
Source: b.a.at;->h:194API Call: android.net.NetworkInfo.getState
Source: b.a.at;->h:197API Call: android.net.ConnectivityManager.getNetworkInfo
Source: b.a.at;->h:198API Call: android.net.NetworkInfo.getState
Source: b.a.at;->j:209API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: b.a.at;->j:210API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: b.a.at;->y:336API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: b.a.w;->c:137API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.omgSdk.andoclib.d;->a:7API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.omgSdk.commen.d;->a:153API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.omgSdk.commen.d;->a:154API Call: android.net.NetworkInfo.isConnected
Source: com.omgSdk.commen.d;->a:155API Call: android.net.NetworkInfo.getState
Source: com.omg.base.phone.factoryimpl.PhoneController;->b:32API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.omg.base.phone.factoryimpl.PhoneController;->b:33API Call: android.net.NetworkInfo.getState
Source: com.omg.base.phone.factoryimpl.PhoneController;->c:37API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.omg.base.phone.factoryimpl.PhoneController;->c:38API Call: android.net.NetworkInfo.getState
Source: sdk.nicro.lu.k;->a:8API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: sdk.nicro.lu.k;->a:9API Call: android.net.NetworkInfo.isAvailable
Source: sdk.nicro.lu.k;->a:10API Call: android.net.NetworkInfo.isConnected
Source: com.omg.tool.net.NetProxyManager;->getProxy:8API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.omg.tool.net.NetProxyManager;->getProxy:9API Call: android.net.NetworkInfo.isAvailable
Source: com.omg.tool.net.NetworkCheck;->getConnectedType:4API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.omg.tool.net.NetworkCheck;->getConnectedType:5API Call: android.net.NetworkInfo.isAvailable
Source: com.omg.tool.net.NetworkCheck;->isMobileConnected:9API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.omg.tool.net.NetworkCheck;->isMobileConnected:10API Call: android.net.NetworkInfo.isAvailable
Source: com.omg.tool.net.NetworkCheck;->isMobileConnected:11API Call: android.net.NetworkInfo.isConnected
Source: com.omg.tool.net.NetworkCheck;->isWifiConnected:19API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.omg.tool.net.NetworkCheck;->isWifiConnected:20API Call: android.net.NetworkInfo.isAvailable
Source: com.omg.tool.net.NetworkCheck;->isWifiConnected:21API Call: android.net.NetworkInfo.isConnected
Loads a webpage with cache disabledShow sources
Source: com.omg.event.EventPlayController;->setSettings:26API Call: android.webkit.WebSettings.setCacheMode
Opens an internet connectionShow sources
Source: b.a.n;->b:27API Call: java.net.URL.openConnection (not executed)
Source: b.a.w;->a:47API Call: java.net.URL.openConnection (not executed)
Source: b.a.w;->a:95API Call: java.net.URL.openConnection (not executed)
Source: com.omgSdk.a.c;->b:7API Call: java.net.URL.openConnection (not executed)
Source: com.omgSdk.a.c;->c:98API Call: java.net.URL.openConnection (not executed)
Source: sdk.nicro.lu.a.a$a;->b:3API Call: java.net.URL.openConnection (not executed)
Source: a.a.b.b;->a:10API Call: java.net.URL.openConnection (not executed)
Source: a.a.b.b;->a:28API Call: java.net.URL.openConnection (not executed)
Source: com.omg.base.network.connection.HTTPConnection$Http;->b:4API Call: java.net.URL.openConnection (not executed)
Source: sdk.nicro.lu.a;->a:27API Call: java.net.URL.openConnection (not executed)
Source: sdk.nicro.lu.a;->a:28API Call: java.net.URL.openConnection (not executed)
Source: sdk.nicro.lu.e$b;->b:9API Call: java.net.URL.openConnection (not executed)
Source: com.omg.tool.net.WebClient$HttpBackgroudTask;->a:6API Call: java.net.URL.openConnection (not executed)
Source: com.omg.tool.net.WebClient$HttpBackgroudTask;->a:7API Call: java.net.URL.openConnection (not executed)
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: com.facebook.katana equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: facebook equals www.facebook.com (Facebook)
Monitors network connection stateShow sources
Source: com.omg.services.download.DownLoadClientService;->onCreate:117API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Source: com.omgSdk.outport.BackgroundService;->a:151API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Source: com.omgSdk.outport.BackgroundService;->onCreate:267API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: api.niumobi.com
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://alog.umeng.com/app_logs
Source: androidString found in binary or memory: http://alog.umengcloud.com/app_logs
Source: abc_tint_switch_thumb.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto((android.support.v7.widget.ActionMenuView
Source: abc_screen_toolbar.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto00android.support.v7.widget.ActionBarOverlayLayout
Source: abc_tint_switch_thumb.xml, abc_slide_in_top.xml, abc_list_menu_item_icon.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: abc_expanded_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res/android--android.support.v7.view.menu.ExpandedMenuView
Source: abc_list_menu_item_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res/android--android.support.v7.view.menu.ListMenuItemView
Source: abc_screen_simple_overlay_action_mode.xmlString found in binary or memory: http://schemas.android.com/apk/res/android//android.support.v7.widget.FitWindowsFrameLayout
Source: abc_dialog_title_material.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout
Source: abc_screen_simple.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout((androi
Source: androidString found in binary or memory: http://xmlpull.org/v1/doc/features.html#indent-output
Source: androidString found in binary or memory: https://cmnsguider.yunos.com:443/genDeviceToken
Source: androidString found in binary or memory: https://uop.umeng.com
Uses HTTP for connecting to the internetShow sources
Source: b.a.w;->a:173API Call: org.apache.http.impl.client.DefaultHttpClient.execute
Source: sdk.nicro.lu.a;->a:102API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44275
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33038
Source: unknownNetwork traffic detected: HTTP traffic on port 44275 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 33038 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: com.omgSdk.andoclib.b;->a:28API Call: WindowManager.addView
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Loads a webpage with cache disabledShow sources
Source: com.omg.event.EventPlayController;->setSettings:26API Call: android.webkit.WebSettings.setCacheMode
May query for the most recent running application (usually for UI overlaying)Show sources
Source: com.omg.android.tool.AppRunningChecker$ActivityAppRunningChecker;->getRunningAppgetRunningTasks and getPackageName invocations in same method: com.omg.android.tool.AppRunningChecker$ActivityAppRunningChecker;->getRunningApp:8, com.omg.android.tool.AppRunningChecker$ActivityAppRunningChecker;->getRunningApp:12
Source: com.omg.android.tool.AppRunningChecker$ActivityAppRunningChecker;->getRunningAppgetRunningTasks and getPackageName invocations in same method: com.omg.android.tool.AppRunningChecker$ActivityAppRunningChecker;->getRunningApp:8, com.omg.android.tool.AppRunningChecker$ActivityAppRunningChecker;->getRunningApp:12

Spam, unwanted Advertisements and Ransom Demands:

barindex
Blocks or controls phone keysShow sources
Source: com.core.model.a;->d:64API Call: android.app.KeyguardManager.newKeyguardLock
May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) servicesShow sources
Source: submitted apkRequest permission: com.yonder.robi.permission.C2D_MESSAGE

Operating System Destruction:

barindex
Kills background processesShow sources
Source: com.omgSdk.andoclib.AutoAccessibilityService;->onAccessibilityEvent:499API Call: android.app.ActivityManager.killBackgroundProcesses
Source: com.omgSdk.andoclib.AutoAccessibilityService;->onAccessibilityEvent:507API Call: android.app.ActivityManager.killBackgroundProcesses
Lists and deletes files in the same contextShow sources
Source: a.a.b.b;->a:90API Calls in same method context: File.listFiles,File.delete
Source: b.a.bb$a;->a:24API Calls in same method context: File.listFiles,File.delete
Source: com.cultivate.fairly.Incredible;->celebrate:29API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: AndroidManifest.xmlString found in binary or memory: android.permission.GET_TASKS&android.permission.SYSTEM_ALERT_WINDOW android.permission.SET_WALLPAPER$android.permission.EXPAND_STATUS_BAR'android.permission.CHANGE_NETWORK_STATE#android.permission.DISABLE_KEYGUARD"android.permission.READ_SYNC_STATS(android.permission.AUTHENTICATE_ACCOUNTS'dianxin.permission.ACCESS_LAUNCHER_DATA&android.permission.SET_WALLPAPER_HINTS)android.permission.ACCESS_BLUETOOTH_SHARE,android.permission.MOUNT_UNMOUNT_FILESYSTEMS(android.permission.MODIFY_AUDIO_SETTINGS#com.goibibo.permission.MAPS_RECEIVE&android.permission.RUN_INSTRUMENTATION!android.permission.WRITE_CONTACTS"android.permission.MANAGE_ACCOUNTS
Source: androidString found in binary or memory: keyguard
Acquires a wake lockShow sources
Source: com.google.apps.tiktok.concurrent.AndroidFutures;->a:9API Call: android.os.PowerManager$WakeLock.acquire
Source: com.core.model.a;->d:59API Call: android.os.PowerManager$WakeLock.acquire
Sets a repeating alarmShow sources
Source: com.omgSdk.outport.LiveService;->a:8API Call: android.app.AlarmManager.setRepeating
Source: com.omg.services.CommonReceiver;->startAlarm:72API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Tries to change file permissions on the native system using chmodShow sources
Source: com.omg.event.utils.RootContext$ScriptRunner;->run:38API Call: java.lang.Runtime.exec
Executes native commandsShow sources
Source: com.inasmuch.trample.Fly;->deceive:19API Call: java.lang.ProcessBuilder.start
Source: com.omgSdk.outport.GetParamsUtil;->w:6API Call: java.lang.ProcessBuilder.start
Source: com.omgSdk.commen.b;->a:80API Call: java.lang.Runtime.exec ("ps")
Source: com.omgSdk.outport.AntiEmulator;->c:51API Call: java.lang.ProcessBuilder.start
Source: sdk.nicro.lu.ps.b;->c:88API Call: java.lang.ProcessBuilder.start
Source: com.lody.virtual.helper.utils.FileUtils;->chmod:36API Call: java.lang.Runtime.exec
Source: com.lody.virtual.helper.utils.FileUtils;->createSymlink:64API Call: java.lang.Runtime.exec
Source: com.omg.event.utils.CmdInvoke;->invoke:37API Call: java.lang.Runtime.exec
Source: com.omg.event.utils.CmdInvoke;->invokeFor:55API Call: java.lang.Runtime.exec
Source: com.omg.event.utils.CmdInvoke;->invokeFor:61API Call: java.lang.Runtime.exec
Source: com.omg.event.utils.RootContext$ScriptRunner;->run:15API Call: java.lang.Runtime.exec
Source: com.omg.event.utils.RootContext$ScriptRunner;->run:38API Call: java.lang.Runtime.exec ("su")
Source: com.omg.event.utils.RootContext;->init:28API Call: java.lang.Runtime.exec
Kills/terminates processesShow sources
Source: com.lody.virtual.server.am.VActivityManagerService;->attachClient:21API Call: android.os.Process.killProcess
Source: com.lody.virtual.server.am.VActivityManagerService;->attachClient:24API Call: android.os.Process.killProcess
Source: com.lody.virtual.server.am.VActivityManagerService;->attachClient:26API Call: android.os.Process.killProcess
Source: com.lody.virtual.server.am.VActivityManagerService;->killAllApps:365API Call: android.os.Process.killProcess
Source: com.lody.virtual.server.am.VActivityManagerService;->killAppByPkg:375API Call: android.os.Process.killProcess
Source: com.lody.virtual.server.am.VActivityManagerService;->killApplicationProcess:379API Call: android.os.Process.killProcess
Source: com.lody.virtual.server.am.VActivityManagerService;->stopUser:515API Call: android.os.Process.killProcess
Source: com.omg.tool.builds.ExceptionUtils$2$1;->run:3API Call: android.os.Process.killProcess
Source: com.lody.virtual.client.VClientImpl;->bindApplicationNoCheck:22API Call: android.os.Process.killProcess
Source: com.lody.virtual.client.env.VirtualRuntime;->crash:8API Call: android.os.Process.killProcess
Source: com.omg.event.webjs.JsPlayer$2;->kill:8API Call: android.os.Process.killProcess
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.BLUETOOTH
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.CHANGE_NETWORK_STATE
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.MANAGE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.MODIFY_AUDIO_SETTINGS
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Source: submitted apkRequest permission: android.permission.PERSISTENT_ACTIVITY
Source: submitted apkRequest permission: android.permission.READ_LOGS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.REORDER_TASKS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_CONTACTS
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SETTINGS
Source: submitted apkRequest permission: android.permission.WRITE_SYNC_SETTINGS
Classification labelShow sources
Source: classification engineClassification label: mal100.troj.spyw.expl.evad.and@0/254@1/0
Creates SQLiteDatabase tableShow sources
Source: com.omgSdk.a.a;->onUpgrade:131API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: com.omgSdk.a.a;->onCreate:110API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.a.az;->c:38API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.a.az;->a:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.a.az;->b:30API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.a.cu;->a:13API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.a.cu;->b:26API Call: android.database.sqlite.SQLiteDatabase.execSQL
Source: b.a.cu;->c:29API Call: android.database.sqlite.SQLiteDatabase.execSQL
Loads native librariesShow sources
Source: com.taobao.android.dex.interpret.ARTUtils;->init:8API Call: java.lang.System.loadLibrary ("dexinterpret")
Source: com.taobao.android.runtime.DalvikUtils;->init:30API Call: java.lang.System.loadLibrary ("dalvikhack")
Reads shares settingsShow sources
Source: b.a.ac;->a:85API Call: android.content.SharedPreferences.getString
Source: b.a.ad;->g:59API Call: android.content.SharedPreferences.getString
Source: b.a.ad;->a:63API Call: android.content.SharedPreferences.getString
Source: b.a.ad;->c:141API Call: android.content.SharedPreferences.getString
Source: b.a.ad;->c:162API Call: android.content.SharedPreferences.getString
Source: b.a.ad;->e:198API Call: android.content.SharedPreferences.getString
Source: b.a.b;->a:11API Call: android.content.SharedPreferences.getString
Source: b.a.b;->a:34API Call: android.content.SharedPreferences.getString
Source: b.a.b;->b:43API Call: android.content.SharedPreferences.getString
Source: b.a.bb;->a:59API Call: android.content.SharedPreferences.getString
Source: b.a.bb;->a:61API Call: android.content.SharedPreferences.getString
Source: b.a.bb;->b:65API Call: android.content.SharedPreferences.getString
Source: b.a.bb;->c:69API Call: android.content.SharedPreferences.getString
Source: b.a.co;->h:45API Call: android.content.SharedPreferences.getBoolean
Source: b.a.cx;->b:146API Call: android.content.SharedPreferences.getString
Source: b.a.cx;->b:181API Call: android.content.SharedPreferences.getString
Source: b.a.e$a;->b:26API Call: android.content.SharedPreferences.getString
Source: b.a.l;->a:8API Call: android.content.SharedPreferences.getString
Source: b.a.n;->a:99API Call: android.content.SharedPreferences.getString
Source: b.a.q;->a:158API Call: android.content.SharedPreferences.getString
Source: b.a.q;->a:254API Call: android.content.SharedPreferences.getString
Source: b.a.t;->a:36API Call: android.content.SharedPreferences.getString
Source: com.omgSdk.andoclib.h;->b:38API Call: android.content.SharedPreferences.getBoolean
Source: com.omgSdk.andoclib.h;->c:47API Call: android.content.SharedPreferences.getString
Source: com.omg.base.SdkBasic$ThirdBaseSdkBasic;->get:4API Call: android.content.SharedPreferences.getString
Source: com.omg.tool.data.DataEvent$LockDataEvent$LockShare;->getEventList:76API Call: android.content.SharedPreferences.getString
Source: com.core.model.k;->b:23API Call: android.content.SharedPreferences.getBoolean
Source: com.core.model.k;->c:27API Call: android.content.SharedPreferences.getString
Source: com.omg.plugin.PluginList$SharedPreferencesPluginList;->get:16API Call: android.content.SharedPreferences.getString
Source: com.taobao.android.runtime.AndroidRuntime;->init:46API Call: android.content.SharedPreferences.getBoolean
Source: com.taobao.android.runtime.AndroidRuntime;->init:56API Call: android.content.SharedPreferences.getString
Source: com.taobao.android.runtime.AndroidRuntime;->init:59API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.omgSdk.andoclib.g;->a:25API Call: android.hardware.SensorManager.registerListener
Source: com.omgSdk.andoclib.g;->a:32API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Obfuscates method namesShow sources
Source: wdeQEksXgmTotal valid method names: 62%
Uses reflectionShow sources
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: null
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: public static synchronized android.bluetooth.BluetoothAdapter android.bluetooth.BluetoothAdapter.getDefaultAdapter()
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: android.bluetooth.BluetoothAdapter@3f034e42
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: public java.lang.String android.bluetooth.BluetoothAdapter.getName()
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: com.wag.CongratulationLC@a89c243
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: public abstract java.lang.Object android.content.Context.getSystemService(java.lang.String)
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: android.hardware.SystemSensorManager@399f11f9
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Real call: public android.hardware.Sensor android.hardware.SensorManager.getDefaultSensor(int)
Source: com.cultivate.fairly.Incredible;->awful:21API Call: Real call: public static java.lang.String android.app.ActivityThread.currentProcessName()
Source: sdk.nicro.lu.q$a;->a:3API Call: Real call: private java.lang.ClassLoader java.lang.ClassLoader.parent
Source: com.omgSdk.outport.GetParamsUtil;->p:258API Call: Real call: null
Source: com.omgSdk.outport.GetParamsUtil;->p:258API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String)
Source: com.omgSdk.outport.GetParamsUtil;->m:212API Call: Real call: android.os.Build@26af99b7
Source: com.omgSdk.outport.GetParamsUtil;->m:212API Call: Real call: private static java.lang.String android.os.Build.getString(java.lang.String)
Source: com.sdk.entry.LoadVSdk;->getCurrentProcessName:8API Call: Real call: null
Source: com.sdk.entry.LoadVSdk;->getCurrentProcessName:8API Call: Real call: public static java.lang.String android.app.ActivityThread.currentProcessName()
Source: com.sdk.entry.LoadVSdk;->loaderPath:41API Call: Real call: android.content.res.AssetManager@51fd308
Source: com.sdk.entry.LoadVSdk;->loaderPath:41API Call: Real call: public final int android.content.res.AssetManager.addAssetPath(java.lang.String)
Source: a.a.a.b;->a:4API Call: java.lang.reflect.Method.invoke
Source: a.a.a.b;->a:7API Call: java.lang.reflect.Method.invoke
Source: b.a.ad;->a:97API Call: java.lang.reflect.Method.invoke
Source: b.a.ad;->a:100API Call: java.lang.reflect.Method.invoke
Source: b.a.at;->a:94API Call: java.lang.reflect.Method.invoke
Source: b.a.m;->a:32API Call: java.lang.reflect.Method.invoke
Source: b.a.n;->a:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.account.AccountManagerStub$addSharedAccountAsUser;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.account.AccountManagerStub$copyAccountToUser;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.account.AccountManagerStub$getSharedAccountsAsUser;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.account.AccountManagerStub$removeSharedAccountAsUser;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.account.AccountManagerStub$renameSharedAccountAsUser;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.account.AccountManagerStub$updateAppPermission;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.ActivityManagerStub$3;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.ActivityManagerStub$4;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$AddPackageDependency;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$BindService;->call:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$BindService;->call:19API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$BroadcastIntent;->call:79API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$CheckGrantUriPermission;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$CheckPermission;->call:9API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$CrashApplication;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GetContentProvider;->call:13API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GetContentProvider;->call:31API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GetIntentSender;->call:45API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GetPackageAskScreenCompat;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GetPersistedUriPermissions;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GetRunningAppProcesses;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GetTasks;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$GrantUriPermissionFromOwner;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$HandleIncomingUser;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$KillApplicationProcess;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$PublishContentProviders;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$PublishService;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$RegisterReceiver;->call:21API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$ServiceDoneExecuting;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$SetPackageAskScreenCompat;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$SetTaskDescription;->call:19API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StartActivity;->call:29API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StartActivity;->call:70API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StartActivity;->call:102API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StartService;->call:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StartService;->call:25API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StopService;->call:19API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StopServiceToken;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$StopServiceToken;->call:9API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$UnbindService;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$UnstableProviderDied;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$UpdateDeviceOwner;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.andoclib.Admob;->loadMiddlePlugin:184API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.andoclib.Admob;->loadMiddlePlugin:232API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.andoclib.Admob;->onDestroy:259API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.andoclib.c;->a:7API Call: java.lang.reflect.Field.get
Source: com.lody.virtual.client.hook.base.BinderInvocationStub;->asInterface:14API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.base.MethodBox;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.base.MethodBox;->callSafe:10API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.base.MethodInvocationStub$HookInvocationHandler;->invoke:50API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.base.MethodProxy;->call:40API Call: java.lang.reflect.Method.invoke
Source: com.omg.base.ComponentQuery$ApkParser;->parser:11API Call: java.lang.reflect.Method.invoke
Source: com.omg.base.ComponentQuery$NewApkParser;->parser:5API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.commen.c;->a:3API Call: java.lang.reflect.Field.get
Source: com.omgSdk.commen.c;->a:9API Call: java.lang.reflect.Field.get
Source: com.omgSdk.commen.c;->a:16API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.commen.c;->b:48API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.commen.d;->a:99API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.commen.d;->a:126API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.helper.compat.StorageManagerCompat;->getAllPoints:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.helper.compat.StorageManagerCompat;->getMountedPoints:15API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.helper.compat.StorageManagerCompat;->getMountedPoints:19API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.helper.compat.StorageManagerCompat;->isMounted:29API Call: java.lang.reflect.Method.invoke
Source: com.sdk.entry.LoadVSdk;->instance:22API Call: java.lang.reflect.Method.invoke
Source: com.sdk.entry.LoadVSdk;->loadOnCreate:75API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.EventInjectService$3;->invoke:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.input.MethodProxies$StartInputOrWindowGainedFocus;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.ipc.LocalProxyUtils$1;->invoke:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.libcore.MethodProxies$Stat;->afterCall:12API Call: java.lang.reflect.Field.get
Source: com.lody.virtual.client.hook.proxies.location.MockLocationHelper;->setGpsStatus:182API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.location.MockLocationHelper;->setGpsStatus:196API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.location.BinderHookHandler;->invoke:7API Call: java.lang.reflect.Method.invoke
Source: sdk.nicro.lu.SdkLauncher$3;->a:8API Call: java.lang.reflect.Method.invoke
Source: sdk.nicro.lu.g;->a:50API Call: java.lang.reflect.Method.invoke
Source: sdk.nicro.lu.q$b;->a:3API Call: java.lang.reflect.Method.invoke
Source: mirror.RefMethod;-><init>:12API Call: java.lang.reflect.Field.get
Source: mirror.RefMethod;->call:38API Call: java.lang.reflect.Method.invoke
Source: mirror.RefMethod;->callWithException:45API Call: java.lang.reflect.Method.invoke
Source: mirror.RefObject;->get:7API Call: java.lang.reflect.Field.get
Source: mirror.RefStaticMethod;-><init>:12API Call: java.lang.reflect.Field.get
Source: mirror.RefStaticMethod;->call:73API Call: java.lang.reflect.Method.invoke
Source: mirror.RefStaticMethod;->callWithException:76API Call: java.lang.reflect.Method.invoke
Source: mirror.RefStaticObject;->get:7API Call: java.lang.reflect.Field.get
Source: com.core.model.MApplication$3$1$1;->invoke:17API Call: java.lang.reflect.Method.invoke
Source: com.core.model.MApplication$3$1$1;->invoke:23API Call: java.lang.reflect.Method.invoke
Source: com.core.model.MApplication$3$1$1;->invoke:26API Call: java.lang.reflect.Method.invoke
Source: com.core.model.a;->a:8API Call: java.lang.reflect.Method.invoke
Source: com.core.model.a;->a:12API Call: java.lang.reflect.Method.invoke
Source: com.core.model.c$1$1;->invoke:27API Call: java.lang.reflect.Method.invoke
Source: com.core.model.c$1$1;->invoke:36API Call: java.lang.reflect.Method.invoke
Source: com.core.model.e$2;->invoke:9API Call: java.lang.reflect.Method.invoke
Source: com.core.model.f$1;->invoke:7API Call: java.lang.reflect.Method.invoke
Source: com.core.model.f;->a:8API Call: java.lang.reflect.Method.invoke
Source: com.core.model.f;->a:12API Call: java.lang.reflect.Field.get
Source: com.core.model.g;->a:24API Call: java.lang.reflect.Field.get
Source: com.core.model.g;->a:29API Call: java.lang.reflect.Field.get
Source: com.core.model.g;->a:36API Call: java.lang.reflect.Method.invoke
Source: com.core.model.g;->b:47API Call: java.lang.reflect.Field.get
Source: com.core.model.g;->b:52API Call: java.lang.reflect.Field.get
Source: com.core.model.g;->b:59API Call: java.lang.reflect.Method.invoke
Source: com.core.model.i$a;->a:5API Call: java.lang.reflect.Field.get
Source: com.core.model.j;->a:3API Call: java.lang.reflect.Field.get
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$AreNotificationsEnabledForPackage;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$CancelAllNotifications;->call:9API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$CancelNotificationWithTag;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$CancelNotificationWithTag;->call:14API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$EnqueueNotification;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$EnqueueNotification;->call:19API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$EnqueueNotificationWithTag;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$EnqueueNotificationWithTag;->call:23API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.notification.MethodProxies$SetNotificationsEnabledForPackage;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.outport.CoreLeader;->a:5API Call: java.lang.reflect.Field.get
Source: com.omgSdk.outport.CoreLeader;->a:10API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.outport.CoreLeader;->invoke:49API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.outport.CoreLeader;->invoke:60API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.outport.SdkInvoker;->a:7API Call: java.lang.reflect.Method.invoke
Source: com.omgSdk.outport.SdkInvoker;->a:13API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$CheckSignatures;->call:16API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$ClearPackagePersistentPreferredActivities;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$ClearPackagePreferredActivities;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$DeleteApplicationCacheFiles;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetActivityInfo;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetActivityInfo;->call:10API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetApplicationBlockedSettingAsUser;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetApplicationEnabledSetting;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetApplicationInfo;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetApplicationInfo;->call:9API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetComponentEnabledSetting;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetPackageGids;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetPackageInfo;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetPackageInstaller;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetPackageUid;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetPermissionFlags;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetPermissions;->call:2API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetPreferredActivities;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetProviderInfo;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetProviderInfo;->call:10API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetReceiverInfo;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetReceiverInfo;->call:9API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetServiceInfo;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$IsPackageAvailable;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$QueryIntentActivities;->call:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$QueryIntentContentProviders;->call:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$QueryIntentReceivers;->call:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$QueryIntentServices;->call:7API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$RemovePackageFromPreferred;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$ResolveContentProvider;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$ResolveIntent;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$ResolveService;->call:6API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$RevokeRuntimePermission;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$SetApplicationBlockedSettingAsUser;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$SetApplicationEnabledSetting;->call:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$SetPackageStoppedState;->call:3API Call: java.lang.reflect.Method.invoke
Source: sdk.nicro.lu.ps.b$a;->a:15API Call: java.lang.reflect.Method.invoke
Source: sdk.nicro.lu.ps.f$c;->a:27API Call: java.lang.reflect.Method.invoke
Source: sdk.nicro.lu.ps.f$d$1;->getTheme:27API Call: java.lang.reflect.Method.invoke
Source: sdk.nicro.lu.ps.f$d;->b:78API Call: java.lang.reflect.Method.invoke
Source: com.taobao.android.runtime.ReflectionUtils;->getField:4API Call: java.lang.reflect.Field.get
Source: com.taobao.android.runtime.RuntimeUtils;->isYunOS:28API Call: java.lang.reflect.Method.invoke
Source: com.taobao.android.runtime.RuntimeUtils;->isYunOS:30API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.search.SearchManagerStub$GetSearchableInfo;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.secondary.ProxyServiceFactory$1$1$1;->invoke:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.secondary.ProxyServiceFactory$2$1$1;->invoke:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.secondary.ProxyServiceFactory$3$1$1;->invoke:3API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.secondary.StubBinder;->queryLocalInterface:29API Call: java.lang.reflect.Method.invoke
Source: com.omg.base.network.serializer.MessageCodec;->c:80API Call: java.lang.reflect.Field.get
Source: com.omg.base.network.serializer.MessageCodec;->deserializeObject:152API Call: java.lang.reflect.Field.get
Source: com.omg.base.network.serializer.MessageCodec;->serializeObject:246API Call: java.lang.reflect.Field.get
Source: com.omg.base.network.serializer.MessageCodec;->serializeObject:253API Call: java.lang.reflect.Field.get
Source: com.omg.base.network.serializer.MessageCodec;->serializeObject:286API Call: java.lang.reflect.Field.get
Source: com.omg.base.network.serializer.MessageCodec;->serializeObject:302API Call: java.lang.reflect.Field.get
Source: com.lody.virtual.client.hook.proxies.window.session.BaseMethodProxy;->call:4API Call: java.lang.reflect.Method.invoke
Source: com.omg.tool.ClassCopier;->a:32API Call: java.lang.reflect.Field.get
Source: com.omg.tool.Reflect$Method;->invoke:3API Call: java.lang.reflect.Method.invoke
Source: com.omg.tool.Reflect$Method;->invoke:6API Call: java.lang.reflect.Method.invoke
Source: com.omg.tool.ReflectHelper;->getValue:25API Call: java.lang.reflect.Field.get
Source: com.omg.tool.ReflectHelper;->invoke:32API Call: java.lang.reflect.Method.invoke
Source: com.omg.tool.Type$FieldProperty;->getValue:14API Call: java.lang.reflect.Field.get
Source: com.omg.tool.Type$MethodProperty;->getValue:26API Call: java.lang.reflect.Method.invoke
Source: com.omg.tool.Type$MethodProperty;->setValue:28API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.helper.utils.Reflect;->on:73API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.helper.utils.Reflect;->on:75API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.helper.utils.Reflect;->field:188API Call: java.lang.reflect.Field.get
Source: com.omg.event.utils.NativeInvoke;->invokeMethodByFactory:48API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.NativeInvoke;->invokeMethodByFactory:53API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->get:4API Call: java.lang.reflect.Field.get
Source: com.omg.event.utils.ReflacUtlis;->get:11API Call: java.lang.reflect.Field.get
Source: com.omg.event.utils.ReflacUtlis;->invokeMeth:26API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMeth:27API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMeth:33API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMeth:34API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMeth:40API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMeth:41API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMethFor:47API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMethFor:48API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMethFor:54API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.ReflacUtlis;->invokeMethFor:55API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.Reflect;->on:73API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.Reflect;->on:75API Call: java.lang.reflect.Method.invoke
Source: com.omg.event.utils.Reflect;->field:188API Call: java.lang.reflect.Field.get
Source: com.omg.event.utils.ViewHelp;->getAllRootViewsObject:107API Call: java.lang.reflect.Field.get
Source: com.omg.event.utils.ViewHelp;->getAllRootViewsObject:112API Call: java.lang.reflect.Field.get
Source: com.omg.event.utils.ViewHelp;->getAllRootViewsObject:119API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.DelegateApplication64Bit;->expandFieldArray:3API Call: java.lang.reflect.Field.get
Source: com.lody.virtual.DelegateApplication64Bit;->expandFieldList:11API Call: java.lang.reflect.Field.get
Source: com.lody.virtual.DelegateApplication64Bit;->makeDexElements:56API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.DelegateApplication64Bit;->attachBaseContext:66API Call: java.lang.reflect.Field.get
Source: com.lody.virtual.DelegateApplication64Bit;->attachBaseContext:83API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.DelegateApplication64Bit;->attachBaseContext:110API Call: java.lang.reflect.Field.get
Source: .abq;->a:7API Call: java.lang.reflect.Method.invoke
Source: .abq;->a:87API Call: java.lang.reflect.Method.invoke
Source: .aco;->a:15API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.window.MethodProxies$BasePatchSession;->call:5API Call: java.lang.reflect.Method.invoke
Source: com.lody.virtual.client.hook.proxies.window.MethodProxies$OverridePendingAppTransitionInPlace;->call:3API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Drops a new APK fileShow sources
Source: Android AppFile dump: /data/data/air.nu.strafwerk.takecontrol/cache/07f457cd737b20bb7c8673ca1c8f0470.apkJump to dropped file
Installs an application shortcut on the screenShow sources
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$BroadcastIntent;->handleInstallShortcutIntent:25API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Source: com.lody.virtual.client.hook.proxies.am.MethodProxies$BroadcastIntent;->handleUninstallShortcutIntent:70API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Source: com.lody.virtual.client.core.VirtualCore;->createShortcut:83API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Source: com.lody.virtual.client.core.VirtualCore;->removeShortcut:267API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Source: com.omg.android.tool.AndroidTool;->createShortcut:16API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Sets an intent to the APK data type (used to install other APKs)Show sources
Source: com.omg.android.tool.AppInstaller;->b:12API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.google.apps.tiktok.concurrent.AndroidFutures;->a:8API Call: android.os.PowerManager.newWakeLock
Source: com.core.model.a;->d:58API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Has permission to use bluetooth to discover and pair with other devicesShow sources
Source: submitted apkRequest permission: android.permission.BLUETOOTH_ADMIN
Queries list of running processes/tasksShow sources
Source: com.lody.virtual.server.am.ActivityStack;->getRunningTaskIds:82API Call: android.app.ActivityManager.getRunningTasks
Source: com.lody.virtual.server.am.VActivityManagerService;->getProcessName:67API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.lody.virtual.client.core.VirtualCore;->isEngineLaunched:201API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.sdk.export.APIExporter$1;->getRunningProcess:3API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.sdk.export.APIExporter$1;->getRunningTasks:5API Call: android.app.ActivityManager.getRunningTasks
Source: com.sdk.export.APIExporter$1;->getTopTask:7API Call: android.app.ActivityManager.getRunningTasks
Source: com.omg.android.tool.AppRunningChecker$ActivityAppRunningChecker;->getRunningApp:8API Call: android.app.ActivityManager.getRunningTasks
Source: com.omg.android.tool.ProcessHelper;->isProcessRunning:28API Call: android.app.ActivityManager.getRunningAppProcesses
Queries package code path (often used for patching other applications)Show sources
Source: sdk.nicro.lu.s$a;->c:92API Call: android.content.Context.getPackageCodePath
Uses Crypto APIsShow sources
Source: com.omg.tool.DesHelper;->decrypt:13API Call: javax.crypto.Cipher.getInstance
Source: com.omg.tool.DesHelper;->decrypt:15API Call: javax.crypto.Cipher.doFinal
Source: sdk.nicro.lu.d;->a:4API Call: java.security.MessageDigest.getInstance
Source: sdk.nicro.lu.d;->a:5API Call: java.security.MessageDigest.digest
Source: sdk.nicro.lu.c;->b:17API Call: javax.crypto.Cipher.getInstance
Source: sdk.nicro.lu.c;->b:19API Call: javax.crypto.Cipher.doFinal
Source: com.sdk.entry.LoadVSdk;->md5ProcessName:48API Call: java.security.MessageDigest.getInstance
Source: com.sdk.entry.LoadVSdk;->md5ProcessName:50API Call: java.security.MessageDigest.update
Source: com.sdk.entry.LoadVSdk;->md5ProcessName:52API Call: java.security.MessageDigest.digest
Source: a.a.a.c;->a:58API Call: java.security.MessageDigest.getInstance
Source: a.a.a.c;->a:60API Call: java.security.MessageDigest.update
Source: a.a.a.c;->a:61API Call: java.security.MessageDigest.digest
Source: b.a.ar;->a:39API Call: javax.crypto.Cipher.getInstance
Source: b.a.ar;->a:44API Call: javax.crypto.Cipher.init
Source: b.a.ar;->a:45API Call: javax.crypto.Cipher.doFinal
Source: b.a.ar;->b:54API Call: java.security.MessageDigest.getInstance
Source: b.a.ar;->b:56API Call: java.security.MessageDigest.update
Source: b.a.ar;->b:57API Call: java.security.MessageDigest.digest
Source: b.a.ar;->b:60API Call: javax.crypto.Cipher.getInstance
Source: b.a.ar;->b:65API Call: javax.crypto.Cipher.init
Source: b.a.ar;->b:66API Call: javax.crypto.Cipher.doFinal
Source: b.a.ar;->c:69API Call: java.security.MessageDigest.getInstance
Source: b.a.ar;->c:70API Call: java.security.MessageDigest.update
Source: b.a.ar;->c:71API Call: java.security.MessageDigest.digest
Source: b.a.at;->r:280API Call: java.security.MessageDigest.getInstance
Source: b.a.at;->r:282API Call: java.security.MessageDigest.digest
Source: b.a.au;->a:19API Call: java.security.MessageDigest.getInstance
Source: b.a.au;->a:21API Call: java.security.MessageDigest.update
Source: b.a.au;->a:22API Call: java.security.MessageDigest.digest
Source: b.a.au;->b:54API Call: java.security.MessageDigest.getInstance
Source: b.a.au;->b:56API Call: java.security.MessageDigest.update
Source: b.a.au;->b:57API Call: java.security.MessageDigest.digest
Source: a.a.b.b;->b:96API Call: java.security.MessageDigest.getInstance
Source: a.a.b.b;->b:100API Call: java.security.MessageDigest.digest
Source: a.a.b.b;->b:103API Call: java.security.MessageDigest.update
Source: sdk.nicro.lu.c;->a:9API Call: javax.crypto.Cipher.getInstance
Source: sdk.nicro.lu.c;->a:10API Call: javax.crypto.Cipher.init
Source: sdk.nicro.lu.c;->a:11API Call: javax.crypto.Cipher.doFinal
Source: sdk.nicro.lu.c;->b:18API Call: javax.crypto.Cipher.init
Source: com.core.model.MApplication$2;->a:231API Call: javax.crypto.Cipher.getInstance
Source: com.core.model.MApplication$2;->a:232API Call: javax.crypto.Cipher.init
Source: com.core.model.MApplication$2;->a:233API Call: javax.crypto.Cipher.doFinal
Source: com.lody.virtual.client.stub.VASettings;->decrypt:16API Call: javax.crypto.Cipher.getInstance
Source: com.lody.virtual.client.stub.VASettings;->decrypt:17API Call: javax.crypto.Cipher.init
Source: com.lody.virtual.client.stub.VASettings;->decrypt:18API Call: javax.crypto.Cipher.doFinal
Source: com.omg.tool.DesHelper;->decrypt:14API Call: javax.crypto.Cipher.init
Source: com.omg.tool.DesHelper;->encrypt:22API Call: javax.crypto.Cipher.getInstance
Source: com.omg.tool.DesHelper;->encrypt:23API Call: javax.crypto.Cipher.init
Source: com.omg.tool.DesHelper;->encrypt:24API Call: javax.crypto.Cipher.doFinal
Source: com.omg.tool.MD5Util;->md5:3API Call: java.security.MessageDigest.getInstance
Source: com.omg.tool.MD5Util;->md5:4API Call: java.security.MessageDigest.update
Source: com.omg.tool.MD5Util;->md5:5API Call: java.security.MessageDigest.digest
Source: com.lody.virtual.helper.utils.MD5Utils;-><clinit>:2API Call: java.security.MessageDigest.getInstance
Source: com.lody.virtual.helper.utils.MD5Utils;->getFileMD5String:22API Call: java.security.MessageDigest.update
Source: com.lody.virtual.helper.utils.MD5Utils;->getFileMD5String:25API Call: java.security.MessageDigest.digest
Source: com.lody.virtual.helper.utils.MD5Utils;->getFileMD5String:29API Call: java.security.MessageDigest.update
Source: com.lody.virtual.helper.utils.MD5Utils;->getFileMD5String:32API Call: java.security.MessageDigest.digest
Source: com.omg.event.utils.Digest;->md5:5API Call: java.security.MessageDigest.getInstance
Source: com.omg.event.utils.Digest;->md5:6API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion:

barindex
Might try to detect if ADB is runningShow sources
Source: Lsdk/nicro/lu/ps/b;->a(Landroid/content/Context;Lorg/json/JSONObject;)VMethod string: adb_enabled
Source: Lcom/omgSdk/outport/GetParamsUtil;->h()ZMethod string: adb_enabled
Tries to check if this is a real phone (bluethoot adapter)Show sources
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Reflective call: android.bluetooth.BluetoothAdapter@3f034e42
Tries to check if this is a real phone (default sensor)Show sources
Source: com.inasmuch.trample.Fly;->mountainous:58API Call: Reflective call: android.hardware.SystemSensorManager@399f11f9
Tries to detect Cuckoo Sandbox via stack trace enumerationShow sources
Source: Lsdk/nicro/lu/ps/b;->e()ZMethod string: "cuckoo"
Tries to detect Cydia Substrate code modification platformShow sources
Source: Lcom/omgSdk/outport/GetParamsUtil;->y()ZMethod string: com.saurik.substrate
Source: Lcom/omgSdk/outport/AntiEmulator;->d()ZMethod string: com.saurik.substrate
Source: Lsdk/nicro/lu/ps/b;->d()ZMethod string: com.saurik.substrate
Source: Lsdk/nicro/lu/ps/b;->e()ZMethod string: com.saurik.substrate.MS$2
Source: Lcom/omgSdk/outport/AntiEmulator;->e()ZMethod string: com.saurik.substrate.MS$2
Source: Lcom/omgSdk/outport/GetParamsUtil;->z()ZMethod string: com.saurik.substrate.MS$2
Source: Lcom/omgSdk/outport/GetParamsUtil;->x()ZMethod string: com.saurik.substrate
Source: Lcom/omgSdk/outport/AntiEmulator;->a(Landroid/content/Context;)ZMethod string: com.saurik.substrate
Source: Lsdk/nicro/lu/ps/b;->d(Landroid/content/Context;)ZMethod string: com.saurik.substrate
Tries to detect Droidbox via stack trace enumerationShow sources
Source: Lsdk/nicro/lu/ps/b;->e()ZMethod string: "droidbox"
Tries to detect XPosed instrumentation frameworkShow sources
Source: Lcom/omgSdk/outport/GetParamsUtil;->y()ZMethod string: XposedBridge.jar
Source: Lcom/omgSdk/outport/AntiEmulator;->d()ZMethod string: XposedBridge.jar
Source: Lsdk/nicro/lu/ps/b;->d()ZMethod string: XposedBridge.jar
Source: Lsdk/nicro/lu/ps/b;->e()ZMethod string: de.robv.android.xposed.XposedBridge
Source: Lcom/omgSdk/outport/AntiEmulator;->e()ZMethod string: de.robv.android.xposed.XposedBridge
Source: Lcom/omgSdk/outport/GetParamsUtil;->z()ZMethod string: de.robv.android.xposed.XposedBridge
Source: Lcom/omgSdk/outport/GetParamsUtil;->x()ZMethod string: de.robv.android.xposed.installer
Source: Lcom/omgSdk/outport/AntiEmulator;->a(Landroid/content/Context;)ZMethod string: de.robv.android.xposed.installer
Source: Lsdk/nicro/lu/ps/b;->d(Landroid/content/Context;)ZMethod string: de.robv.android.xposed.installer
Accesses /procShow sources
Source: Lcom/inasmuch/trample/Fly;->deceive()Ljava/lang/String;Method string: "/proc/cpuinfo"
Source: Lcom/omgSdk/outport/GetParamsUtil;->w()Ljava/lang/String;Method string: "/proc/cpuinfo"
Source: Lcom/omgSdk/outport/AntiEmulator;->d()ZMethod string: "/proc/"
Source: Lsdk/nicro/lu/ps/b;->d()ZMethod string: "/proc/"
Source: Lcom/omgSdk/outport/AntiEmulator;->c()Ljava/lang/String;Method string: "/proc/cpuinfo"
Source: Lsdk/nicro/lu/ps/b;->c()Ljava/lang/String;Method string: "/proc/cpuinfo"
Source: Lb/a/at;->a()Ljava/lang/String;Method string: "/proc/cpuinfo"
Source: Lsdk/nicro/lu/s$a;->v()IMethod string: "/proc/meminfo"
Accesses android OS build fieldsShow sources
Source: com.convenience.amplify.Faithful;->chairman:2Field Access: android.os.Build.MANUFACTURER
Source: com.convenience.amplify.Faithful;->chairman:7Field Access: android.os.Build.MODEL
Source: com.omg.base.terminal.OmgTerminalinfo;->init:64Field Access: android.os.Build.PRODUCT
Source: com.omg.base.terminal.OmgTerminalinfo;->init:67Field Access: android.os.Build.MODEL
Source: com.omg.base.terminal.OmgPhoneInfo;->init:52Field Access: android.os.Build.MANUFACTURER
Source: com.omg.base.terminal.OmgPhoneInfo;->init:55Field Access: android.os.Build.MODEL
Source: com.omg.base.terminal.OmgPhoneInfo;->init:63Field Access: android.os.Build.BRAND
Source: sdk.nicro.lu.s$b;-><init>:7Field Access: android.os.Build.MODEL
Source: com.omgSdk.outport.GetParamsUtil;->f:121Field Access: android.os.Build.TAGS
Source: a.a.a.c;->a:7Field Access: android.os.Build.MANUFACTURER
Source: a.a.a.c;->a:14Field Access: android.os.Build.MODEL
Source: a.a.a.c;->a:21Field Access: android.os.Build.BOARD
Source: a.a.a.c;->a:28Field Access: android.os.Build.BRAND
Source: a.a.a.c;->a:35Field Access: android.os.Build.DEVICE
Source: a.a.a.c;->a:49Field Access: android.os.Build.PRODUCT
Source: b.a.q;->a:292Field Access: android.os.Build$VERSION.RELEASE
Source: b.a.q;->a:313Field Access: android.os.Build.MODEL
Source: b.a.q;->a:316Field Access: android.os.Build.BOARD
Source: b.a.q;->a:319Field Access: android.os.Build.BRAND
Source: b.a.q;->a:324Field Access: android.os.Build.MANUFACTURER
Source: b.a.q;->a:327Field Access: android.os.Build.ID
Source: b.a.q;->a:330Field Access: android.os.Build.DEVICE
Source: b.a.w;->a:22Field Access: android.os.Build.MODEL
Source: b.a.w;->a:26Field Access: android.os.Build$VERSION.RELEASE
Source: com.omg.base.phone.factoryimpl.PhoneController;->a:7Field Access: android.os.Build.MODEL
Source: com.omg.base.phone.factoryimpl.PhoneController;->a:10Field Access: android.os.Build.BOARD
Source: com.omg.base.phone.factoryimpl.PhoneController;->a:13Field Access: android.os.Build.DEVICE
Source: com.omg.base.phone.factoryimpl.PhoneController;->a:16Field Access: android.os.Build.MANUFACTURER
Source: com.omg.base.phone.factoryimpl.PhoneController;->a:19Field Access: android.os.Build.PRODUCT
Source: com.lody.virtual.client.hook.proxies.location.LocationManagerStub;->onBindMethods:41Field Access: android.os.Build$VERSION.RELEASE
Source: sdk.nicro.lu.b;->a:3Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.l;->a:12Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.l;->a:14Field Access: android.os.Build.MANUFACTURER
Source: sdk.nicro.lu.l;->a:16Field Access: android.os.Build.PRODUCT
Source: sdk.nicro.lu.p$2;->a:4Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.p;->a:3Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.s$a;-><init>:2Field Access: android.os.Build.PRODUCT
Source: sdk.nicro.lu.s$a;-><init>:4Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.s$a;-><init>:9Field Access: android.os.Build$VERSION.RELEASE
Source: sdk.nicro.lu.s$c;-><init>:7Field Access: android.os.Build.MODEL
Source: com.lody.virtual.client.hook.proxies.notification.NotificationManagerStub;->onBindMethods:43Field Access: android.os.Build.BRAND
Source: com.lody.virtual.client.hook.proxies.notification.NotificationManagerStub;->onBindMethods:46Field Access: android.os.Build.MANUFACTURER
Source: com.omg.plugin.PluginContext$DexClassLoaderPluginContext;->loadPluginPackage:16Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.ps.b;->a:24Field Access: android.os.Build.TYPE
Source: sdk.nicro.lu.ps.e;->a:23Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.ps.e;->a:25Field Access: android.os.Build.PRODUCT
Source: sdk.nicro.lu.ps.e;->a:27Field Access: android.os.Build$VERSION.RELEASE
Source: sdk.nicro.lu.ps.f$b;->b:5Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.ps.f$b;->b:20Field Access: android.os.Build.MANUFACTURER
Source: sdk.nicro.lu.ps.f$d;->c:5Field Access: android.os.Build.MODEL
Source: sdk.nicro.lu.ps.f$d;->c:20Field Access: android.os.Build.MANUFACTURER
Source: com.taobao.android.runtime.AndroidRuntime;->trace:16Field Access: android.os.Build.MODEL
Source: com.taobao.android.runtime.AndroidRuntime;->trace:20Field Access: android.os.Build$VERSION.RELEASE
Source: com.taobao.android.runtime.AndroidRuntime;->init:79Field Access: android.os.Build.BRAND
Source: com.omg.tool.FileCreator;->getDir:3Field Access: android.os.Build.DEVICE
Source: com.omg.tool.FileCreator;->getDir:5Field Access: android.os.Build.PRODUCT
Source: com.omg.tool.FileCreator;->getDir:7Field Access: android.os.Build$VERSION.RELEASE
Queries several sensitive phone informationsShow sources
Source: Lb/a/q;->a([I)Lorg/json/JSONObject;Method string: "os"
Source: Lcom/lody/virtual/server/am/ActivityStack;->getCallingPackage(ILandroid/os/IBinder;)Ljava/lang/String;Method string: "android"
Source: Lb/a/q;->a([I)Lorg/json/JSONObject;Method string: "cpu"
Source: Lcom/omg/base/network/objects/TerminalInfo;->fromJson(Ljava/lang/String;)VMethod string: "imsi"
Source: Lcom/omg/base/network/serializer/MessageCodec;->c(Ljava/lang/Class;)ZMethod string: "type"
Source: Lb/a/ak;-><clinit>()VMethod string: "version"
Source: Lcom/omg/base/phone/factoryimpl/PhoneController;->a(Landroid/content/Context;)VMethod string: "manufacturer"
Source: Lcom/lody/virtual/client/hook/proxies/telephony/TelephonyStub;-><init>()VMethod string: "phone"
Source: Lsdk/nicro/lu/s$c;->a()Ljava/lang/String;Method string: "appid"
Source: Lb/a/f;-><init>(Landroid/content/Context;)VMethod string: "imei"
Source: Lcom/omg/base/phone/factoryimpl/PhoneController;->a(Landroid/content/Context;)VMethod string: "model"
Source: Lsdk/nicro/lu/t$a;->d(Ljava/lang/String;)VMethod string: "sdk"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: b.a.at;->A:6API Call: android.provider.Settings$Secure.getString
Source: b.a.at;->A:15API Call: android.provider.Settings$Secure.getString
Source: b.a.at;->A:27API Call: android.provider.Settings$Secure.getString
Source: b.a.at;->w:320API Call: android.provider.Settings$Secure.getString
Source: b.a.at;->z:347API Call: android.provider.Settings$Secure.getString
Source: b.a.at;->z:358API Call: android.provider.Settings$Secure.getString
Source: b.a.at;->z:368API Call: android.provider.Settings$Secure.getString
Source: b.a.cz;->a:6API Call: android.provider.Settings$Secure.getString
Tries to query CPU infoShow sources
Source: com.inasmuch.trample.Fly;->deceive:19API Call: java.lang.ProcessBuilder.start
Source: com.omgSdk.outport.GetParamsUtil;->w:6API Call: java.lang.ProcessBuilder.start
Source: com.omgSdk.outport.AntiEmulator;->c:51API Call: java.lang.ProcessBuilder.start
Source: sdk.nicro.lu.ps.b;->c:88API Call: java.lang.ProcessBuilder.start

Anti Debugging:

barindex
Checks if app is currently debuggedShow sources
Source: Lsdk/nicro/lu/ps/b;->a(Landroid/content/Context;Lorg/json/JSONObject;)VMethod string: s_debug
Source: Lsdk/nicro/lu/ps/b;->a(Landroid/content/Context;Lorg/json/JSONObject;)VMethod string: ro.debuggable
Source: Lsdk/nicro/lu/ps/b;->a(Landroid/content/Context;Lorg/json/JSONObject;)VMethod string: s_appDebug
Creates a new jar file (likely to load a new code)Show sources
Source: com.convenience.amplify.Faithful;->chairman:11API Call: java.io.File.__construct /data/data/air.nu.strafwerk.takecontrol/cache/1178572636/9377583.jar
Tries to detect Bluestack emulatorShow sources
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.setup"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.appsettings"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/app/com.bluestacks.help-1.apk"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.bstfolder"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/app/com.bluestacks.BstCommandProcessor-1.apk"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.spotlight"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/mnt/prebundledapps/bluestacks.prop.orig"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/bluestacks.prop"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.help"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/app/com.bluestacks.appmart-1.apk"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.home"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.BstCommandProcessor"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.appfinder"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.settings"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/app/com.bluestacks.searchapp-1.apk"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/app/com.bluestacks.s2p-1.apk"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.androVM.vmconfig"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/app/com.bluestacks.home-1.apk"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.s2p"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.accelerometerui"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.appmart"
Source: Lcom/omgSdk/outport/GetParamsUtil;->s()ZMethod string: "/data/data/com.bluestacks.searchapp"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.setup"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.appsettings"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/app/com.bluestacks.help-1.apk"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.bstfolder"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/app/com.bluestacks.BstCommandProcessor-1.apk"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.spotlight"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/mnt/prebundledapps/bluestacks.prop.orig"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/bluestacks.prop"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.help"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/app/com.bluestacks.appmart-1.apk"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.home"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.appfinder"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.BstCommandProcessor"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.settings"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/app/com.bluestacks.searchapp-1.apk"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/app/com.bluestacks.s2p-1.apk"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.androVM.vmconfig"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/app/com.bluestacks.home-1.apk"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.s2p"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.accelerometerui"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.appmart"
Source: Lcom/omgSdk/outport/AntiEmulator;-><clinit>()VMethod string: "/data/data/com.bluestacks.searchapp"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.setup"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.appsettings"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/app/com.bluestacks.help-1.apk"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.bstfolder"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/app/com.bluestacks.BstCommandProcessor-1.apk"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.spotlight"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/mnt/prebundledapps/bluestacks.prop.orig"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/bluestacks.prop"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.help"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/app/com.bluestacks.appmart-1.apk"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.home"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.appfinder"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.BstCommandProcessor"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.settings"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/app/com.bluestacks.searchapp-1.apk"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/app/com.bluestacks.s2p-1.apk"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.androVM.vmconfig"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/app/com.bluestacks.home-1.apk"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.s2p"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.accelerometerui"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.appmart"
Source: Lsdk/nicro/lu/ps/b;-><clinit>()VMethod string: "/data/data/com.bluestacks.searchapp"

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.full.naturally.Assist;->intention:33API Call: dalvik.system.DexClassLoader.__construct("/data/data/air.nu.strafwerk.takecontrol/cache/1178572636/9377583.jar")
Source: com.full.naturally.Assist;->intention:36API Call: dalvik.system.DexClassLoader.loadClass("com.sdk.entry.SdkEntry")
Source: com.omgSdk.andoclib.Admob;->loadMiddlePlugin:186API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omgSdk.andoclib.Admob;->loadMiddlePlugin:207API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.omgSdk.andoclib.Admob;->onDestroy:256API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: a.a.b.b;->a:126API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omgSdk.commen.d;->a:102API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omgSdk.commen.d;->a:119API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.sdk.entry.LoadVSdk;->loaderPath:44API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omg.plugin.PluginContext$DexClassLoaderPluginContext;->loadPluginPackage:54API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omg.plugin.PluginContext$DexClassLoaderPluginContext;->loadPluginPackage:85API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omg.plugin.PluginContext$ResourcesPluginContext;->a:46API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: sdk.nicro.lu.ps.f$b;->b:41API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: sdk.nicro.lu.ps.f$b;->b:67API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: sdk.nicro.lu.ps.f$d;->c:41API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: sdk.nicro.lu.ps.f$d;->c:57API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.taobao.android.runtime.ClassLoaderInjectorAboveApi14;->injectAboveEqualApiLevel14:30API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.taobao.android.runtime.ClassLoaderInjectorAliyunOs;->injectInAliyunOs:5API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.taobao.android.runtime.ClassLoaderInjectorBelowApiLevel14;->injectBelowApiLevel14:6API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omg.tool.Loader$AssetsClassLoader;->a:45API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.omg.tool.Loader$ResourceClassLoader;->a:40API Call: dalvik.system.DexClassLoader.<init> (not executed)

Language, Device and Operating System Detection:

barindex
Checks if phone is rooted (checks for Superuser.apk)Show sources
Source: com.omgSdk.outport.GetParamsUtil;->f:134API Call: java.io.File.__construct("/system/app/Superuser.apk")
Checks if phone is rooted (checks for su binary)Show sources
Source: Lsdk/nicro/lu/s$a;->c()BMethod string: "/system/bin/", "su" and API call "File.exists" in same context
Checks if phone is rooted (checks for test-keys build tags)Show sources
Source: com.omgSdk.outport.GetParamsUtil;->f:123API Call: java.lang.String.contains("test-keys")
Queries the WIFI MAC addressShow sources
Source: b.a.at;->y:337API Call: android.net.wifi.WifiInfo.getMacAddress
Queries the network MAC addressShow sources
Source: b.a.at;->b:108API Call: java.net.NetworkInterface.getHardwareAddress
Source: sdk.nicro.lu.s$a;->u:202API Call: java.net.NetworkInterface.getHardwareAddress
Source: com.omg.base.terminal.OmgPhoneInfo;->getMacAddress:15API Call: java.net.NetworkInterface.getHardwareAddress
Queries the network operator nameShow sources
Source: b.a.at;->g:183API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.omg.base.phone.factoryimpl.SingleSimController;->a:4API Call: android.telephony.TelephonyManager.getSubscriberId
Source: com.omg.base.phone.factoryimpl.SingleSimController;->b:8API Call: android.telephony.TelephonyManager.getDeviceId
Source: b.a.at;->B:41API Call: android.telephony.TelephonyManager.getDeviceId
Source: b.a.at;->f:176API Call: android.telephony.TelephonyManager.getSubscriberId
Source: b.a.at;->w:316API Call: android.telephony.TelephonyManager.getDeviceId
Source: b.a.f;->a:9API Call: android.telephony.TelephonyManager.getDeviceId
Source: sdk.nicro.lu.r;->c:15API Call: android.telephony.TelephonyManager.getSubscriberId
Source: sdk.nicro.lu.s$a;-><init>:24API Call: android.telephony.TelephonyManager.getSubscriberId
Source: sdk.nicro.lu.s$a;-><init>:26API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.omg.tool.net.NetProxyManager;->a:4API Call: android.telephony.TelephonyManager.getSubscriberId

Stealing of Sensitive Information:

barindex
Sets itself as the default SMS applicationShow sources
Source: Lcom/lody/virtual/client/env/SpecialComponentList;-><clinit>()VMethod string: "android.provider.Telephony.SMS_DELIVER"
Uses accessibility services (likely to control other applications)Show sources
Source: com.omgSdk.andoclib.AutoAccessibilityService;->a:84API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.omgSdk.andoclib.AutoAccessibilityService;->a:92API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.omgSdk.andoclib.AutoAccessibilityService;->a:100API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.omgSdk.andoclib.AutoAccessibilityService;->a:245API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.omgSdk.andoclib.AutoAccessibilityService;->c:398API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.omgSdk.andoclib.AutoAccessibilityService;->c:403API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.omgSdk.andoclib.AutoAccessibilityService;->c:408API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Checks if a SIM card is installedShow sources
Source: sdk.nicro.lu.r;->b:10API Call: android.telephony.TelephonyManager.getSimState
Has permission to read low-level log files (spy personal data)Show sources
Source: submitted apkRequest permission: android.permission.READ_LOGS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Source: submitted apkRequest permission: android.permission.MANAGE_ACCOUNTS
Queries a list of installed applicationsShow sources
Source: com.omgSdk.outport.AntiEmulator;->a:29API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.omgSdk.outport.GetParamsUtil;->x:22API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.omgSdk.outport.GetParamsUtil;->o:248API Call: android.content.pm.PackageManager.getInstalledApplications
Source: sdk.nicro.lu.ps.b;->d:138API Call: android.content.pm.PackageManager.getInstalledApplications
Queries camera informationShow sources
Source: com.omgSdk.outport.GetParamsUtil;->k:177API Call: android.hardware.Camera.getNumberOfCameras
Queries list of installed packagesShow sources
Source: com.omgSdk.andoclib.f;->d:225API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.omgSdk.outport.BackgroundService;->b:168API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.omgSdk.outport.SdkLauncher;->hasApp:52API Call: android.content.pm.PackageManager.getInstalledPackages
Source: com.lody.virtual.client.hook.proxies.pm.MethodProxies$GetInstalledPackages;->call:15API Call: android.content.pm.PackageManager.getInstalledPackages
Source: sdk.nicro.lu.ps.PluginServer;->d:261API Call: android.content.pm.PackageManager.getInstalledPackages
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.lody.virtual.server.accounts.VAccount;-><init>:3API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccount;-><init>:4API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAccount:52API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAccount:53API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->removeAccountInternal:187API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->removeAccountInternal:189API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->confirmCredentials:282API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->confirmCredentials:287API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAuthToken:334API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAuthToken:358API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAuthToken:361API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAuthToken:369API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAuthToken:372API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->getAuthToken:375API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->hasFeatures:423API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->hasFeatures:428API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->removeAccount:483API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->removeAccount:488API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->renameAccount:497API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VAccountManagerService;->renameAccount:500API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->updateCredentials:533API Call: android.accounts.Account.type
Source: com.lody.virtual.server.accounts.VAccountManagerService;->updateCredentials:538API Call: android.accounts.Account.name
Source: com.lody.virtual.server.accounts.VContentService;->isAccountExist:36API Call: android.accounts.Account.type
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->getAcceptableAccountChoices:10API Call: android.accounts.Account.type
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->getItemIndexToSelect:24API Call: android.accounts.Account.name
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->getListOfDisplayableOptions:29API Call: android.accounts.Account.name
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->onAccountSelected:49API Call: android.accounts.Account.name
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->onAccountSelected:50API Call: android.accounts.Account.type
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->onActivityResult:175API Call: android.accounts.Account.name
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->onActivityResult:176API Call: android.accounts.Account.type
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->onCreate:211API Call: android.accounts.Account.name
Source: com.tmk.ywb.activity.ChooseTypeAndAccountActivity;->onSaveInstanceState:265API Call: android.accounts.Account.name
Source: com.omgSdk.outport.GetParamsUtil;->l:184API Call: android.accounts.AccountManager.getAccounts
Source: com.omgSdk.outport.GetParamsUtil;->l:189API Call: android.accounts.Account.name
Source: com.omgSdk.outport.GetParamsUtil;->l:196API Call: android.accounts.Account.type
Source: com.omgSdk.outport.GetParamsUtil;->l:200API Call: android.accounts.Account.type

Remote Access Functionality:

barindex
Detected Trojan NicroShow sources
Source: Lcom/inasmuch/trample/Fly;->mountainous(Ljava/lang/Class;Ljava/lang/Object;Ljava/lang/String;[Ljava/lang/Class;[Ljava/lang/Object;)Ljava/lang/Object;Method string: Nicro strings
Found suspicious command strings (may be related to BOT commands)Show sources
Source: Lcom/lody/virtual/client/hook/proxies/phonesubinfo/PhoneSubInfoStub;->onBindMethods()VMethod string: "getimeiforsubscriber"
Source: Lcom/lody/virtual/client/env/SpecialComponentList;-><clinit>()VInstruction: "sget-object v1, lcom/lody/virtual/client/env/specialcomponentlist;->spec_system_app_list:ljava/util/hashset;"
Source: Ladj;->prepareForDrop(Landroid/view/View;Landroid/view/View;II)VInstruction: "iget-boolean v4, p0, ladj;->mshouldreverselayout:z"
Source: Lcom/lody/virtual/client/hook/proxies/phonesubinfo/PhoneSubInfoStub;->onBindMethods()VInstruction: "const-string v1, "getimeiforsubscriber""
Has permission to mount or unmount file systems (removable storage)Show sources
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.