Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:22.0.0
Analysis ID:637189
Start date:15.08.2018
Start time:10:50:50
Joe Sandbox Product:Cloud
Overall analysis duration:0h 4m 49s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:nezJsAu9o3
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android x86 5.1
Detection:MAL
Classification:mal100.rans.troj.spyw.expl.evad.and@0/244@4/0
Warnings:
Show All
  • An application runtime error occurred
  • No interacted views
  • No simulation commands forwarded to apk
  • Not all executed log events are in report (maximum 10 identical API calls)

Detection

StrategyScoreRangeReportingDetection
Threshold1000 - 100Report FP / FNmalicious

Classification

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: nezJsAu9o3virustotal: Detection: 27%Perma Link

Location Tracing:

barindex
Queries the phones location (GPS)Show sources
Source: com.qroelbnvc.zvrkhuopl.hOCQyI;->b:32API Call: android.location.Location.getLatitude
Source: com.qroelbnvc.zvrkhuopl.hOCQyI;->b:34API Call: android.location.Location.getLongitude
Source: com.qroelbnvc.zvrkhuopl.wifDaoOghxZm;->b:31API Call: android.location.Location.getLatitude
Source: com.qroelbnvc.zvrkhuopl.wifDaoOghxZm;->b:33API Call: android.location.Location.getLongitude

Privilege Escalation:

barindex
Checks if the device administrator is activeShow sources
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->a:69API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.qroelbnvc.zvrkhuopl.eKJKdb;->onHandleIntent:47API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.qroelbnvc.zvrkhuopl.fyqwgb;->onHandleIntent:82API Call: android.app.admin.DevicePolicyManager.isAdminActive
Tries to add a new device administratorShow sources
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.a.a;->onCreate:12API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.qroelbnvc.zvrkhuopl.mUWJxfeKAST;->onHandleIntent:71API Call: android.os.Environment.getExternalStorageDirectory
Source: com.qroelbnvc.zvrkhuopl.tMSeMqWMxbni;->onHandleIntent:63API Call: android.os.Environment.getExternalStorageDirectory
Source: com.qroelbnvc.zvrkhuopl.ySksqHU;->onHandleIntent:104API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.qroelbnvc.zvrkhuopl.c;->r:121API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.qroelbnvc.zvrkhuopl.c;->n:1337API Call: android.net.NetworkInfo.isConnected
Source: com.qroelbnvc.zvrkhuopl.c;->m:1334API Call: android.net.NetworkInfo.isConnected
Opens an internet connectionShow sources
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.b$a;->a:3API Call: java.net.URL.openConnection("https://stefankoebalimivsemotdelom.com/private/checkPanel.php")
Source: com.qroelbnvc.zvrkhuopl.c$a;->a:9API Call: java.net.URL.openConnection("https://twitter.com/JackCorne")
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.b$a;->a:3API Call: java.net.URL.openConnection("http://adennb.com/private/checkPanel.php")
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.b$a;->a:3API Call: java.net.URL.openConnection("http://adennb.com/private/locker.php")
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.b$a;->a:3API Call: java.net.URL.openConnection("http://adennb.com/private/playprot.php")
Source: com.qroelbnvc.zvrkhuopl.c;->a:208API Call: java.net.URL.openConnection (not executed)
Source: com.qroelbnvc.zvrkhuopl.c;->a:316API Call: java.net.URL.openConnection (not executed)
Source: com.qroelbnvc.zvrkhuopl.rmNxjeSFRZn$a;->a:13API Call: java.net.URL.openConnection (not executed)
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: <td><a href="https://support.twitter.com/"> Help</a></td> equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: By using Twitters services you agree to our <a href="https://support.twitter.com/articles/20170514">Cookie Use</a> and <a href="https://support.twitter.com/articles/20174632">Data Transfer</a> outside the EU. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads. equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: <link rel="canonical" href="https://twitter.com/jackcorne"> equals www.twitter.com (Twitter)
Source: iguifprt.dex.drString found in binary or memory: )com.imo.android.imoim,com.twitter.android equals www.twitter.com (Twitter)
Source: iguifprt.dex.drString found in binary or memory: =com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: iguifprt.dex.drString found in binary or memory: com.imb.banking2,)com.imo.android.imoim,com.twitter.android=com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: com.imo.android.imoim,com.twitter.android equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: iguifprt.dex.drString found in binary or memory: https://twitter.com/JackCorne equals www.twitter.com (Twitter)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: stefankoebalimivsemotdelom.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /private/checkPanel.php HTTP/1.1Content-Length: 0User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: adennb.comConnection: Keep-AliveAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded
Urls found in memory or binary dataShow sources
Source: iguifprt.dex.drString found in binary or memory: http://
Source: androidString found in binary or memory: http://adennb.com
Source: androidString found in binary or memory: http://adennb.com/private/checkPanel.php
Source: androidString found in binary or memory: http://adennb.com/private/locker.php
Source: androidString found in binary or memory: http://adennb.com/private/playprot.php
Source: iguifprt.dex.drString found in binary or memory: http://en.utrace.de
Source: iguifprt.dex.dr, androidString found in binary or memory: http://ktosdelaetskrintotpidor.com
Source: adfblpijrgm.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: hdqcukilnka.xml, rvfctvtijta.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: iguifprt.dex.drString found in binary or memory: http://sositehuypidarasi.com
Source: androidString found in binary or memory: http://www.openmobilealliance.org/tech/DTD/xhtml-mobile11.dtd
Source: iguifprt.dex.drString found in binary or memory: https://
Source: iguifprt.dex.drString found in binary or memory: https://&https://stefankoebalimivsemotdelom.comRhttps://support.google.com/calendar/answer/6261951?h
Source: androidString found in binary or memory: https://abs.twimg.com/sticky/default_profile_images/default_profile_normal.png
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/assets/as.css
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/assets/m2_tweets.js
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/brandbar_divider
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/favicon.ico
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/sprites/magnifyi
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/sprites/notifica
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/javascripts/framebust.j
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/javascripts/servicework
Source: iguifprt.dex.dr, androidString found in binary or memory: https://stefankoebalimivsemotdelom.com
Source: androidString found in binary or memory: https://stefankoebalimivsemotdelom.com/private/checkPanel.php
Source: iguifprt.dex.dr, androidString found in binary or memory: https://support.google.com/calendar/answer/6261951?hl=en&co=GENIE.Platform=Android
Source: androidString found in binary or memory: https://support.twitter.com/
Source: androidString found in binary or memory: https://support.twitter.com/articles/20170514
Source: androidString found in binary or memory: https://support.twitter.com/articles/20174632
Source: iguifprt.dex.drString found in binary or memory: https://twitter.com/JackCorne
Source: androidString found in binary or memory: https://twitter.com/jackcorne
Uses HTTP for connecting to the internetShow sources
Source: com.qroelbnvc.zvrkhuopl.c$a;->a:14API Call: com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.b$a;->a:22API Call: com.android.okhttp.internal.http.HttpURLConnectionImpl.connect
Source: com.qroelbnvc.zvrkhuopl.rmNxjeSFRZn$a;->a:15API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47398
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37301
Source: unknownNetwork traffic detected: HTTP traffic on port 37301 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 47398 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Found potential keyloggerShow sources
Source: Lcom/qroelbnvc/zvrkhuopl/YygXZXjrlA;->a()VInstruction: "const-string v5, "keylogger""
Source: Lcom/qroelbnvc/zvrkhuopl/YygXZXjrlA;->a()VInstruction: "const-string v9, "getkeylogger""
Source: Lcom/qroelbnvc/zvrkhuopl/YygXZXjrlA;->a()VInstruction: "const-string v9, "getkeylogger -> commands""
Source: Lcom/qroelbnvc/zvrkhuopl/c;->b(Landroid/content/Context;)VInstruction: "const-string v0, "keylogger""
Source: Lcom/qroelbnvc/zvrkhuopl/c;->b(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;Instruction: "const-string v1, "/private/datakeylogger.php""
Source: Lcom/qroelbnvc/zvrkhuopl/nTmlti;->onAccessibilityEvent(Landroid/view/accessibility/AccessibilityEvent;)VInstruction: "const-string v10, "keylogger""
Has permission to record audio in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Records audio/mediaShow sources
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.dszmnuqdv.UhrXLTtA;->a:15API Call: android.media.MediaRecorder.start
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.dszmnuqdv.XuviGQZlBE;->a:27API Call: android.media.MediaRecorder.start
Accesses the audio/media managersShow sources
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.dszmnuqdv.UhrXLTtA;->a:4API Call: android.media.MediaRecorder.<init>
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.dszmnuqdv.XuviGQZlBE;->a:15API Call: android.media.MediaRecorder.<init>

E-Banking Fraud:

barindex
Detected Anubis BankBot ransomware / banking trojanShow sources
Source: Lcom/qroelbnvc/zvrkhuopl/YygXZXjrlA;->a()VMethod string: htmllocker
Source: Lcom/qroelbnvc/zvrkhuopl/YygXZXjrlA;->a()VMethod string: ERROR -> htmllocker
Source: Lcom/qroelbnvc/zvrkhuopl/c;->b(Landroid/content/Context;)VMethod string: htmllocker
Source: Lcom/qroelbnvc/zvrkhuopl/c;->d(Landroid/content/Context;Ljava/lang/String;)Ljava/lang/String;Method string: htmllocker
Source: Lcom/qroelbnvc/zvrkhuopl/qcplfor/AFothPKmjt;->onCreate(Landroid/os/Bundle;)VMethod string: htmllocker
Source: Lcom/qroelbnvc/zvrkhuopl/ySksqHU;->a(Ljava/io/File;)VMethod string: .AnubisCrypt
Source: Lcom/qroelbnvc/zvrkhuopl/ySksqHU;->b(Ljava/io/File;)VMethod string: .AnubisCrypt
Found large list of e-Banking application (likely related to e-Banking fraud)Show sources
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.spardat.bcrmobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.spardat.netbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankaustria.android.olb
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bmo.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cibc.android.mobi
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbc.mobile.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.scotiabank.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.td
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: cz.airbank.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.inmite.prj.kb.mobilbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankinter.launcher
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.kutxabank.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rsi
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tecnocom.cajalaboral
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.bancopopular.nbmpopular
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.evobanco.bancamovil
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.lacaixa.mobile.android.newwapicon
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.dbs.hk.dbsmbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.FubonMobileClient
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.hangseng.rbmobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.MobileTreeApp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mtel.androidbea
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.scb.breezebanking.hk
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: hk.com.hsbc.hsbchkmobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.aff.otpdirekt
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ideomobile.hapoalim
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.infrasofttech.indianBank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mobikwik_new
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.oxigen.oxigenwallet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.aeonbank.android.passbook
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.netbk
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.rakuten_bank.rakutenbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.sevenbank.AppPassbook
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.smbc.direct
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.mufg.bk.applisp.app
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.barclays.ke.mobile.android.ui
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.anz.android.mobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.asb.asbmobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.bnz.droidbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.kiwibank.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.getingroup.mobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.pekao.firm
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.pekao
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.raiffeisen
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.bzwbk24
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ipko.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.mbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: alior.bankingapp.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.comarch.mobile.banking.bgzbnpparibas.biznes
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.comarch.security.mobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.empik.empikapp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.empik.empikfoto
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.finanteq.finance.ca
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.orangefinansek
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.invest
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.aliorbank.aib
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.allegro
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bosbank.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bph
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bps.bankowoscmobilna
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.ibiznes24
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.mobile.tab.bzwbk24
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ceneo
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.com.rossmann.centauros
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.fmbank.smart
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ideabank.mobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ing.mojeing
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.millennium.corpApp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.orange.mojeorange
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.pkobp.iko
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.pkobp.ipkobiznes
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.kuveytturk.mobil
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.magiclick.odeabank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mobillium.papara
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.albarakaturk
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.teb
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ccom.tmob.denizbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tmob.tabletdeniz
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vakifbank.mobilel
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: tr.com.sekerbilisim.mbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: wit.android.bcpBankingApp.millenniumPL
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.advantage.RaiffeisenBank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: hr.asseco.android.jimba.mUCI.ro
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: may.maybank.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ro.btrl.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.amazon.mShop.android.shopping
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.amazon.windowshop
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ebay.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbankmobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.spasibo
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank_sbbol
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.mobileoffice
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.sberbankir
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.mobile.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.oavdo.amc
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: by.st.alfa
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.sense
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfadirect.app
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.mw
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.idamob.tinkoff.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tcsbank.c2c
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.mgp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.sme
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.goabroad
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.vtb24.mobilebanking.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.bm.mbm
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vtb.mobilebank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bssys.VTBClient
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bssys.vtb.mobileclient
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt_tablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.softotp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt_tablet_20
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.fragment.akbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.android.mobilonay
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.avm
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.androidtablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.veripark.ykbaz
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.softtech.iscek
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.yurtdisi.iscep
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.softtech.isbankasi
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.monitise.isbankmoscow
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.finansbank.mobile.cepsube
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: finansbank.enpara
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.magiclick.FinansPOS
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksdata.finansyatirim
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: finansbank.enpara.sirketim
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vipera.ts.starter.QNB
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.redrockdigimark
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garanti.cepsubesi
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garanti.cepbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garantibank.cepsubesiro
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: biz.mobinex.android.apps.cep_sifrematik
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garantiyatirim.fx
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tmobtech.halkbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.SifrebazCep
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.newfrontier.iBanking.mobile.Halk.Retail
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: tr.com.tradesoft.tradingsystem.gtpmobile.halk
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.DijitalSahne.EnYakinHalkbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ziraat.ziraatmobil
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ziraat.ziraattablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksmobile.android.ziraatTrader
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksdata.ziraatyatirim.pad
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.comdirect.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.commerzbanking.mobil
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.consorsbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.db.mm.deutschebank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.dkb.portalapp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.de.dkb.portalapp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ing.diba.mbbr2
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.postbank.finanzassistent
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: mobile.santander.de
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.fiducia.smartphone.android.banking.vr
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.creditagricole.androidapp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.axa.monaxa
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.banquepopulaire.cyberplus
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: net.bnpparibas.mescomptes
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.boursorama.android.clients
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.caisseepargne.android.mobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.lcl.android.customerarea
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.paypal.android.p2pmobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.wf.wellsfargomobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.wf.wellsfargomobile.tablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.wellsFargo.ceomobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.usbank.mobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.usaa.mobile.android.usaa
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.suntrust.mobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.moneybookers.skrillpayments.neteller
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.moneybookers.skrillpayments
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.clairmail.fth
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.konylabs.capitalone
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.yinzcam.facilities.verizon
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.chase.sig.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.infonow.bofa
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankofamerica.cashpromobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.bankofscotland.businessbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.BOS
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwestoffshore
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwest
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwestbandc
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.investisir
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.phyder.engage
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.rbs
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.rbsbandc
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.santander.santanderUK
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.santander.businessUK.bb
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.sovereign.santander
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ifs.banking.fiid4202
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.fi6122.godough
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.ubr
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.htsu.hsbcpersonalbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.halifax
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.CMBlloydsTSB73
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.barclays.android.barclaysmobilebanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unionbank.ecommerce.mobile.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unionbank.ecommerce.mobile.commercial.legacy
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.snapwork.IDBI
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.idbibank.abhay_card
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: src.com.idbi
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.idbi.mpassbook
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ing.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.snapwork.hdfc
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.sbi.SBIFreedomPlus
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: hdfcbank.hdfcquickbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.csam.icici.bank.imobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: in.co.bankofbaroda.mpassbook
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.axis.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: cz.csob.smartbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: cz.sberbankcz
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: sk.sporoapps.accounts
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: sk.sporoapps.skener
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cleverlance.csas.servis24
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.westpac.bank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.westpac
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.suncorp.SuncorpBank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.stgeorge.bank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.banksa.bank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.newcastlepermanent
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.nab.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.mebank.banking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.ingdirect.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: MyING.be
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.imb.banking2
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.fusion.ATMLocator
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.cua.mb
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.commbank.netbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cba.android.netbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.citibank.mobile.au
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.citibank.mobile.uk
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.citi.citimobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.bom.bank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bendigobank.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: me.doubledutch.hvdnz.cbnationalconference2016
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.bankwest.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankofqueensland.boq
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.android.gomoney
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.SingaporeDigitalBanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anzspot.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.crowdcompass.appSQ0QACAcYJ
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.arubanetworks.atmanz
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.quickmobile.anzirevents15
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.volksbank.volksbankmobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: it.volksbank.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: it.secservizi.mobile.atime.bpaa
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.fiducia.smartphone.android.securego.vr
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.isis_papyrus.raiffeisen_pay_eyewdg
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.mbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.tablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.securityapp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.bawag.mbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bawagpsk.securityapp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.psa.app.bawag
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.iscep
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vakifbank.mobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.vakifbank
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sfinanzstatus
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.mobile.android.pushtan
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.entersekt.authapp.sparkasse
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sfinanzstatus.tablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sbanking
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.palatine.android.mobilebanking.prod
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.laposte.lapostemobile
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.laposte.lapostetablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.bad
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.epasal
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod_tablet.bad
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.nosactus
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: mobi.societegenerale.mobile.lappli
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.netcash
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.bbvacontigo
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.bbvawallet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.bancosantander.apps
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.santander.app
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.cm.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.cm.android.tablet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankia.wallet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.binance.dev
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.btcturk
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.binance.odapplications
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.blockfolio.blockfolio
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.crypter.cryptocyrrency
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: io.getdelta.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.edsoftapps.mycoinsvalue
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coin.profit
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mal.saul.coinmarketcap
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tnx.apps.coinportfolio
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coinbase.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.portfolio.coinbase_tracker
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.schildbach.wallet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: piuk.blockchain.android
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: info.blockchain.merchant
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.jackpf.blockchainsearch
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unocoin.unocoinwallet
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unocoin.unocoinmerchantPoS
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.santoshmehta364.UNOCOIN_LIVE
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: wos.com.zebpay
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.localbitcoinsmbapp
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.manirana54.LocalBitCoins
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.manirana54.LocalBitCoins_unblock
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.localbitcoins.exchange
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coins.bit.local
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coins.ful.bit
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.jamalabbasii1998.localbitcoin
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: zebpay.Application
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bitcoin.ss.zebpayindia
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.kryptokit.jaxx
Contains package name strings related to banking (usually for identifying banking APKs)Show sources
Source: Lcom/qroelbnvc/zvrkhuopl/b;->a(Landroid/content/Context;)Ljava/lang/String;Method String: at.spardat.netbanking, com.bankaustria.android.olb, com.scotiabank.mobile, cz.airbank.android, eu.inmite.prj.kb.mobilbank, com.bankinter.launcher, com.kutxabank.android, com.dbs.hk.dbsmbanking, com.scb.breezebanking.hk, hk.com.hsbc.hsbchkmobilebanking, jp.co.aeonbank.android.passbook, jp.co.rakuten_bank.rakutenbank, jp.co.sevenbank.AppPassbook, nz.co.anz.android.mobilebanking, nz.co.bnz.droidbanking, nz.co.kiwibank.mobile, com.getingroup.mobilebanking, eu.eleader.mobilebanking.pekao.firm, eu.eleader.mobilebanking.pekao, eu.eleader.mobilebanking.raiffeisen, com.comarch.mobile.banking.bgzbnpparibas.biznes, com.comarch.security.mobilebanking, eu.eleader.mobilebanking.invest, pl.aliorbank.aib, pl.bosbank.mobile, pl.bps.bankowoscmobilna, pl.fmbank.smart, pl.ideabank.mobilebanking, com.magiclick.odeabank, com.vakifbank.mobilel, tr.com.sekerbilisim.mbank, may.maybank.android, ru.sberbank.spasibo, ru.sberbank.mobileoffice, ru.sberbank.sberbankir, ru.alfabank.mobile.android, ru.alfabank.oavdo.amc, ru.alfabank.sense, ru
Has functionalty to add an overlay to other appsShow sources
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.a.c$a;->onStart:83API Call: WindowManager.addView
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
May check for popular installed appsShow sources
Source: Lcom/qroelbnvc/zvrkhuopl/nTmlti$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/qroelbnvc/zvrkhuopl/nTmlti$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/qroelbnvc/zvrkhuopl/nTmlti$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android,com.android.vending"
May query for the most recent running application (usually for UI overlaying)Show sources
Source: com.qroelbnvc.zvrkhuopl.sDScVetF;->bgetRunningTasks and getPackageName invocations in same method: com.qroelbnvc.zvrkhuopl.sDScVetF;->b:8, com.qroelbnvc.zvrkhuopl.sDScVetF;->b:13
Source: com.qroelbnvc.zvrkhuopl.sDScVetF;->bgetRunningTasks and getPackageName invocations in same method: com.qroelbnvc.zvrkhuopl.sDScVetF;->b:8, com.qroelbnvc.zvrkhuopl.sDScVetF;->b:13

Spam, unwanted Advertisements and Ransom Demands:

barindex
Tries to disable the administrator userShow sources
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.a.a;->onCreate:26API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Dials phone numbersShow sources
Source: com.qroelbnvc.zvrkhuopl.qcplfor.wgQZMgHDOeLO;->onCreate:22API Call: com.qroelbnvc.zvrkhuopl.qcplfor.wgQZMgHDOeLO.startActivity
Has permission to perform phone calls in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
Has permission to write to the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.WRITE_SMS
May check for popular installed appsShow sources
Source: Lcom/qroelbnvc/zvrkhuopl/nTmlti$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/qroelbnvc/zvrkhuopl/nTmlti$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/qroelbnvc/zvrkhuopl/nTmlti$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android,com.android.vending"
Sends SMS using SmsManagerShow sources
Source: com.qroelbnvc.zvrkhuopl.c;->c:1193API Call: android.telephony.SmsManager.sendMultipartTextMessage

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: com.qroelbnvc.zvrkhuopl.ySksqHU;->b:70API Calls in same method context: File.listFiles,File.delete
Source: com.qroelbnvc.zvrkhuopl.ySksqHU;->a:30API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: iguifprt.dex.drString found in binary or memory: Landroid/app/KeyguardManager;
Source: iguifprt.dex.drString found in binary or memory: inKeyguardRestrictedInputMode
Source: iguifprt.dex.drString found in binary or memory: keyguard
Source: iguifprt.dex.drString found in binary or memory: Landroid/app/KeyguardManager;"Landroid/app/Notification$Builder;
Source: iguifprt.dex.drString found in binary or memory: keyguardkeylogger
Acquires a wake lockShow sources
Source: com.qroelbnvc.zvrkhuopl.fyqwgb;->onHandleIntent:24API Call: android.os.PowerManager$WakeLock.acquire
Mutes ringtone soundShow sources
Source: com.qroelbnvc.zvrkhuopl.qcplfor.wgQZMgHDOeLO;->onCreate:25API Call: android.media.AudioManager.setRingerMode("0")
Source: com.qroelbnvc.zvrkhuopl.c;->l:1332API Call: android.media.AudioManager.setRingerMode("0")
Sets a repeating alarmShow sources
Source: com.qroelbnvc.zvrkhuopl.c;->a:73API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Requests permissions only permitted to signed APKsShow sources
Source: submitted apkRequest permission: android.permission.PACKAGE_USAGE_STATS
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Classification labelShow sources
Source: classification engineClassification label: mal100.rans.troj.spyw.expl.evad.and@0/244@4/0
Reads shares settingsShow sources
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "Interval": null
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "swspacket": null
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "interval": 10000
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "time_work": 0
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "urls": MzA5MGMwOGE4ZjNjMzk1MGM2OGQ2ZjI0OGI3ZjMyMDgwNjc4YzEyNWEzYTFiMDExNDljYTllMTBiYjM5MDNjNzIyZjNiYzgzZDlkNQ==
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "startRequest": Access=0Perm=0
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "save_inj":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "cryptfile": false
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "startRecordSound": stop
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "recordsoundseconds": 0
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "StringAccessibility": Enable access for
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "SettingsAll":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "play_protect":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "url": null
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "network": false
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "gps": false
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "htmllocker":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "urls": MzA5MGMwOGFjNjI5MzkxZWQxOWM2NDJjODgzZjNhMDgwZQ==
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "websocket":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "time_work": 25
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "spamSMS":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "findfiles":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "status":
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "time_work": 50
Source: com.qroelbnvc.zvrkhuopl.c;->d:1200API Call: "url": http://adennb.com

Data Obfuscation:

barindex
Accesses Class Loader via ReflectionShow sources
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Reflective call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Found very long method stringsShow sources
Source: Lcom/qroelbnvc/zvrkhuopl/b;-><clinit>()VMethod string: [az]Yand\u0131rmaq \u00fc\u00e7\u00fcn giri\u015f::[sq]Mund\u00ebsimi i aksesit p\u00ebr::[am]\u12f0\u1228\u1303 \u1218\u12f5\u1228\u1235 \u12f0\u1228\u1303 \u12a0\u120d\u1270\u1230\u1320\u12cd\u121d::[en]Enable access for::[ar]\u062a\u0645\u0643\u064a\u0 Length: 6006
Loads new DEX files via dynamic constructorShow sources
Source: com.teitiae.alslte.DZuHZsZ;->slQimrXWxrKq:43API Call: Constructor call: public dalvik.system.DexClassLoader(java.lang.String,java.lang.String,java.lang.String,java.lang.ClassLoader)
Obfuscates method namesShow sources
Source: nezJsAu9o3Total valid method names: 11%
Uses reflectionShow sources
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public android.content.Context android.content.ContextWrapper.getBaseContext()
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public java.io.File android.app.ContextImpl.getDir(java.lang.String,int)
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public java.lang.String java.io.File.getAbsolutePath()
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public android.content.res.AssetManager android.content.ContextWrapper.getAssets()
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public final android.content.res.AssetFileDescriptor android.content.res.AssetManager.openNonAssetFd(java.lang.String) throws java.io.IOException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public java.io.FileInputStream android.content.res.AssetFileDescriptor.createInputStream() throws java.io.IOException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.teitiae.alslte.KwkFGkGR;->slQimrXWxrKq:86API Call: Real call: public static void java.lang.System.arraycopy(byte[],int,byte[],int,int)
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:762API Call: Real call: public void java.io.OutputStream.write(byte[]) throws java.io.IOException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:399API Call: Real call: public static final java.lang.Boolean java.lang.Boolean.TRUE
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean)
Source: com.teitiae.alslte.JFspeaNtf;->eKZtmW:125API Call: Real call: final android.app.LoadedApk android.app.ContextImpl.mPackageInfo
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean)
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public boolean java.io.File.delete()
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:756API Call: Real call: public boolean java.io.File.delete()
Source: com.qroelbnvc.zvrkhuopl.c;->a:35API Call: java.lang.reflect.Method.invoke
Source: com.qroelbnvc.zvrkhuopl.c;->a:63API Call: java.lang.reflect.Method.invoke
Source: com.qroelbnvc.zvrkhuopl.c;->a:95API Call: java.lang.reflect.Method.invoke
Source: com.teitiae.alslte.JFspeaNtf;->UvuPAVbvj:648API Call: java.lang.reflect.Field.get

Persistence and Installation Behavior:

barindex
Tries to get accessibilty permissions (for UI automation)Show sources
Source: com.qroelbnvc.zvrkhuopl.qcplfor.gmZSVhs;->onCreate:6API Call: com.qroelbnvc.zvrkhuopl.qcplfor.gmZSVhs.startActivity
Creates filesShow sources
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->b:1297API Call: com.qroelbnvc.zvrkhuopl.YygXZXjrlA.openFileOutput
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->a:56API Call: com.qroelbnvc.zvrkhuopl.nTmlti.openFileOutput
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->b:112API Call: com.qroelbnvc.zvrkhuopl.nTmlti.openFileOutput

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.qroelbnvc.zvrkhuopl.fyqwgb;->onHandleIntent:23API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: com.qroelbnvc.zvrkhuopl.unvgcdjgnvuw.xIbAWPwoN;->a:5API Call: android.content.Context.startService (not executed)
Source: com.qroelbnvc.zvrkhuopl.unvgcdjgnvuw.xIbAWPwoN;->a:27API Call: android.content.Context.startService (not executed)
Source: com.qroelbnvc.zvrkhuopl.unvgcdjgnvuw.xIbAWPwoN;->b:53API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Potential hidden JAR / DEX file creation routine findShow sources
Source: com.teitiae.alslte.JFspeaNtf;->PCEtrXALjeq:29API Call: java.lang.String.<init> /iguifprt.jar
Potential hidden file creation routine findShow sources
Source: com.teitiae.alslte.JFspeaNtf;->slQimrXWxrKq:831API Call: java.lang.String.<init> java.io.FileOutputStream
Protects itself from removalShow sources
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:403API Calls in same method context: AccessibilityNodeInfo.findAccessibilityNodeInfosByText,AccessibilityEvent.getPackageName
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Queries list of running processes/tasksShow sources
Source: com.qroelbnvc.zvrkhuopl.sDScVetF;->b:8API Call: android.app.ActivityManager.getRunningTasks
Source: com.qroelbnvc.zvrkhuopl.sDScVetF;->b:17API Call: android.app.ActivityManager.getRunningAppProcesses
Removes its application launcher (likely to stay hidden)Show sources
Source: com.qroelbnvc.zvrkhuopl.qcplfor.OzMZyfADLJR;->onCreate:16API Call: android.content.pm.PackageManager.setComponentEnabledSetting

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->a:35Field Access: android.os.Build$VERSION.RELEASE
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->a:37Field Access: android.os.Build.MODEL
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->a:41Field Access: android.os.Build.PRODUCT
Source: com.qroelbnvc.zvrkhuopl.c;->q:1352Field Access: android.os.Build.BOARD
Source: com.qroelbnvc.zvrkhuopl.c;->q:1355Field Access: android.os.Build.BRAND
Source: com.qroelbnvc.zvrkhuopl.c;->q:1358Field Access: android.os.Build.CPU_ABI
Source: com.qroelbnvc.zvrkhuopl.c;->q:1361Field Access: android.os.Build.DEVICE
Source: com.qroelbnvc.zvrkhuopl.c;->q:1364Field Access: android.os.Build.DISPLAY
Source: com.qroelbnvc.zvrkhuopl.c;->q:1367Field Access: android.os.Build.HOST
Source: com.qroelbnvc.zvrkhuopl.c;->q:1370Field Access: android.os.Build.ID
Source: com.qroelbnvc.zvrkhuopl.c;->q:1373Field Access: android.os.Build.MANUFACTURER
Source: com.qroelbnvc.zvrkhuopl.c;->q:1376Field Access: android.os.Build.MODEL
Source: com.qroelbnvc.zvrkhuopl.c;->q:1379Field Access: android.os.Build.PRODUCT
Source: com.qroelbnvc.zvrkhuopl.c;->q:1382Field Access: android.os.Build.TAGS
Source: com.qroelbnvc.zvrkhuopl.c;->q:1385Field Access: android.os.Build.TYPE
Source: com.qroelbnvc.zvrkhuopl.c;->q:1388Field Access: android.os.Build.USER
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.qroelbnvc.zvrkhuopl.c;->q:1347API Call: android.provider.Settings.Secure.getString
Source: com.qroelbnvc.zvrkhuopl.c;->q:1347API Call: android.provider.Settings.Secure.getString

Anti Debugging:

barindex
Access the class loader (often done to load a new code)Show sources
Source: Lcom/teitiae/alslte/JFspeaNtf;->eKZtmW(Ljava/lang/Object;Ljava/lang/Object;)VMethod string: "mClassLoader"

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.qroelbnvc.zvrkhuopl.c;->a:30API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.qroelbnvc.zvrkhuopl.c;->a:32API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.qroelbnvc.zvrkhuopl.c;->a:57API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.qroelbnvc.zvrkhuopl.c;->a:59API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.qroelbnvc.zvrkhuopl.c;->a:89API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.qroelbnvc.zvrkhuopl.c;->a:91API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Queries the network operator ISO country codeShow sources
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->a:47API Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Source: com.qroelbnvc.zvrkhuopl.c;->p:1343API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->a:55API Call: android.telephony.TelephonyManager.getNetworkOperatorName returned "T-Mobile Deutschland GmbH"
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.qroelbnvc.zvrkhuopl.YygXZXjrlA;->a:60API Call: android.telephony.TelephonyManager.getLine1Number

Stealing of Sensitive Information:

barindex
Uses accessibility services (likely to control other applications)Show sources
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:233API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:238API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:264API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:290API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:308API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:323API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:339API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:349API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:359API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.qroelbnvc.zvrkhuopl.nTmlti;->onAccessibilityEvent:365API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Creates SMS data (e.g. PDU)Show sources
Source: com.qroelbnvc.zvrkhuopl.unvgcdjgnvuw.xIbAWPwoN;->b:41API Call: android.telephony.SmsMessage.createFromPdu
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Monitors incoming SMSShow sources
Source: com.qroelbnvc.zvrkhuopl.unvgcdjgnvuw.xIbAWPwoNRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Queries SMS dataShow sources
Source: com.qroelbnvc.zvrkhuopl.MmowXsXVPtV;->c:4API Call: android.net.Uri.parse("content://sms/inbox")
Source: com.qroelbnvc.zvrkhuopl.MmowXsXVPtV;->b:49API Call: android.net.Uri.parse("content://sms/sent")
Queries a list of installed applicationsShow sources
Source: com.qroelbnvc.zvrkhuopl.b;->a:49API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.qroelbnvc.zvrkhuopl.c;->c:1007API Call: android.content.pm.PackageManager.getInstalledApplications
Queries phone contact informationShow sources
Source: com.qroelbnvc.zvrkhuopl.qcplfor.imLZWEiXjAyl;->a:9Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: com.qroelbnvc.zvrkhuopl.qcplfor.imLZWEiXjAyl;->a:69Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Redirects camera/video feedShow sources
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.dszmnuqdv.UhrXLTtA;->a:11API Call: android.media.MediaRecorder.setOutputFile
Source: com.qroelbnvc.zvrkhuopl.nbeidxln.dszmnuqdv.XuviGQZlBE;->a:23API Call: android.media.MediaRecorder.setOutputFile
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Remote Access Functionality:

barindex
Found parser code for incoming SMS (may be used to act on incoming SMS, BOT)Show sources
Source: com.qroelbnvc.zvrkhuopl.unvgcdjgnvuw.xIbAWPwoN;->a:29API Call: java.lang.String.equals android.provider.Telephony.SMS_RECEIVED
Found suspicious command strings (may be related to BOT commands)Show sources
Source: Lcom/qroelbnvc/zvrkhuopl/nbeidxln/dszmnuqdv/XuviGQZlBE$1;->run()VMethod string: "stop record sound"
Source: Lcom/qroelbnvc/zvrkhuopl/nbeidxln/fzhsqgnygo/iZlXcshdsyW;->onHandleIntent(Landroid/content/Intent;)VMethod string: "sendsms"
Source: Lcom/qroelbnvc/zvrkhuopl/b;-><init>()VMethod string: "android.permission.send_sms"
Source: Lcom/qroelbnvc/zvrkhuopl/nbeidxln/dszmnuqdv/XuviGQZlBE;->a(Landroid/content/Context;Ljava/lang/String;I)VMethod string: "start record sound"
Source: Lcom/qroelbnvc/zvrkhuopl/nbeidxln/dszmnuqdv/XuviGQZlBE$1;->run()VInstruction: "const-string v3, "stop record sound""
Source: Lcom/qroelbnvc/zvrkhuopl/nbeidxln/fzhsqgnygo/iZlXcshdsyW;->onHandleIntent(Landroid/content/Intent;)VInstruction: "const-string v0, "sendsms""
Source: Lcom/qroelbnvc/zvrkhuopl/b;-><init>()VInstruction: "const-string v1, "android.permission.send_sms""
Source: Lcom/qroelbnvc/zvrkhuopl/nbeidxln/dszmnuqdv/XuviGQZlBE;->a(Landroid/content/Context;Ljava/lang/String;I)VInstruction: "const-string v2, "start record sound""

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
nezJsAu9o327%virustotalBrowse

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
adennb.com1%virustotalBrowse
twitter.com0%virustotalBrowse
stefankoebalimivsemotdelom.com4%virustotalBrowse

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots