Loading ...

Analysis Report 7RORCb5RSo

Overview

General Information

Joe Sandbox Version:24.0.0
Analysis ID:672842
Start date:21.09.2018
Start time:21:26:16
Joe Sandbox Product:Cloud
Overall analysis duration:0h 4m 2s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:7RORCb5RSo
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android x86 5.1
Detection:MAL
Classification:mal100.rans.troj.spyw.expl.evad.and@0/249@5/0
Warnings:
Show All
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingDetection
Threshold1000 - 100Report FP / FNmalicious

Classification

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for submitted fileShow sources
Source: 7RORCb5RSoAvira: Label: ANDROID/Dropper.NACP.Gen
Multi AV Scanner detection for submitted fileShow sources
Source: 7RORCb5RSovirustotal: Detection: 40%Perma Link

Location Tracing:

barindex
Queries the phones location (GPS)Show sources
Source: com.midmsz.lhlytazfhrp.ESbKZOA;->b:31API Call: android.location.Location.getLatitude
Source: com.midmsz.lhlytazfhrp.ESbKZOA;->b:33API Call: android.location.Location.getLongitude
Source: com.midmsz.lhlytazfhrp.dSDrkSh;->b:32API Call: android.location.Location.getLatitude
Source: com.midmsz.lhlytazfhrp.dSDrkSh;->b:34API Call: android.location.Location.getLongitude

Privilege Escalation:

barindex
Checks if the device administrator is activeShow sources
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->a:69API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.midmsz.lhlytazfhrp.YOdljfSlmTYA;->onHandleIntent:82API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.midmsz.lhlytazfhrp.lCxfdob;->onHandleIntent:47API Call: android.app.admin.DevicePolicyManager.isAdminActive
Tries to add a new device administratorShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.a.a;->onCreate:12API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.midmsz.lhlytazfhrp.EPjYwbYa;->onHandleIntent:104API Call: android.os.Environment.getExternalStorageDirectory
Source: com.midmsz.lhlytazfhrp.Lyawisar;->onHandleIntent:71API Call: android.os.Environment.getExternalStorageDirectory
Source: com.midmsz.lhlytazfhrp.ufhkflzriv;->onHandleIntent:63API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.midmsz.lhlytazfhrp.c;->r:121API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.midmsz.lhlytazfhrp.c;->n:1337API Call: android.net.NetworkInfo.isConnected
Source: com.midmsz.lhlytazfhrp.c;->m:1334API Call: android.net.NetworkInfo.isConnected
Opens an internet connectionShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.b$a;->a:3API Call: java.net.URL.openConnection("https://stefankoebalimivsemotdelom.com/private/checkPanel.php")
Source: com.midmsz.lhlytazfhrp.c$a;->a:9API Call: java.net.URL.openConnection("https://twitter.com/JackCorne")
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.b$a;->a:3API Call: java.net.URL.openConnection("http://adobe3245292f9f.pw/private/checkPanel.php")
Source: com.midmsz.lhlytazfhrp.NLkgkai$a;->a:13API Call: java.net.URL.openConnection (not executed)
Source: com.midmsz.lhlytazfhrp.c;->a:208API Call: java.net.URL.openConnection (not executed)
Source: com.midmsz.lhlytazfhrp.c;->a:316API Call: java.net.URL.openConnection (not executed)
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /JackCorne HTTP/1.1User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: mobile.twitter.comConnection: Keep-AliveAccept-Encoding: gzip
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: <td><a href="https://support.twitter.com/"> Help</a></td> equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: By using Twitters services you agree to our <a href="https://support.twitter.com/articles/20170514">Cookie Use</a> and <a href="https://support.twitter.com/articles/20174632">Data Transfer</a> outside the EU. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads. equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: <link rel="canonical" href="https://twitter.com/jackcorne"> equals www.twitter.com (Twitter)
Source: xjhzyerdwxwl.dex.drString found in binary or memory: )com.imo.android.imoim,com.twitter.android equals www.twitter.com (Twitter)
Source: xjhzyerdwxwl.dex.drString found in binary or memory: =com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: xjhzyerdwxwl.dex.drString found in binary or memory: com.imb.banking2,)com.imo.android.imoim,com.twitter.android=com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: com.imo.android.imoim,com.twitter.android equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: xjhzyerdwxwl.dex.drString found in binary or memory: https://twitter.com/JackCorne equals www.twitter.com (Twitter)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: stefankoebalimivsemotdelom.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /private/checkPanel.php HTTP/1.1Content-Length: 0User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W)Host: stefankoebalimivsemotdelom.comConnection: Keep-AliveAccept-Encoding: gzipContent-Type: application/x-www-form-urlencoded
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://adobe3245292f9f.pw
Source: androidString found in binary or memory: http://adobe3245292f9f.pw/private/checkPanel.php
Source: xjhzyerdwxwl.dex.drString found in binary or memory: http://en.utrace.de
Source: xjhzyerdwxwl.dex.dr, androidString found in binary or memory: http://ktosdelaetskrintotpidor.com
Source: zqnanaz.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: dcuahmuli.xml, zmlycmyztje.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: xjhzyerdwxwl.dex.drString found in binary or memory: http://sositehuypidarasi.com
Source: androidString found in binary or memory: http://www.openmobilealliance.org/tech/DTD/xhtml-mobile11.dtd
Source: xjhzyerdwxwl.dex.drString found in binary or memory: https://&https://stefankoebalimivsemotdelom.comRhttps://support.google.com/calendar/answer/6261951?h
Source: androidString found in binary or memory: https://abs.twimg.com/sticky/default_profile_images/default_profile_normal.png
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/assets/as.css
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/assets/m2_tweets.js
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/brandbar_divider
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/favicon.ico
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/sprites/magnifyi
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/images/sprites/notifica
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/javascripts/framebust.j
Source: androidString found in binary or memory: https://ma.twimg.com/twitter-mobile/3010d5e15915cc908e62a14eb1ffb7d95c1248b6/javascripts/servicework
Source: xjhzyerdwxwl.dex.dr, androidString found in binary or memory: https://stefankoebalimivsemotdelom.com
Source: androidString found in binary or memory: https://stefankoebalimivsemotdelom.com/private/checkPanel.php
Source: xjhzyerdwxwl.dex.dr, androidString found in binary or memory: https://support.google.com/calendar/answer/6261951?hl=en&co=GENIE.Platform=Android
Source: androidString found in binary or memory: https://support.twitter.com/
Source: androidString found in binary or memory: https://support.twitter.com/articles/20170514
Source: androidString found in binary or memory: https://support.twitter.com/articles/20174632
Source: xjhzyerdwxwl.dex.drString found in binary or memory: https://twitter.com/JackCorne
Source: androidString found in binary or memory: https://twitter.com/jackcorne
Uses HTTP for connecting to the internetShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.b$a;->a:22API Call: com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect
Source: com.midmsz.lhlytazfhrp.c$a;->a:14API Call: com.android.okhttp.internal.http.HttpsURLConnectionImpl.connect
Source: com.midmsz.lhlytazfhrp.NLkgkai$a;->a:15API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46631
Source: unknownNetwork traffic detected: HTTP traffic on port 42137 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52234
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36597
Source: unknownNetwork traffic detected: HTTP traffic on port 34933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47319
Source: unknownNetwork traffic detected: HTTP traffic on port 57396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49139
Source: unknownNetwork traffic detected: HTTP traffic on port 43051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 43322 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53015
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36188
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33547
Source: unknownNetwork traffic detected: HTTP traffic on port 56730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60481 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42137
Source: unknownNetwork traffic detected: HTTP traffic on port 33547 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49642
Source: unknownNetwork traffic detected: HTTP traffic on port 38849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49139 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52018
Source: unknownNetwork traffic detected: HTTP traffic on port 53015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34345
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35322
Source: unknownNetwork traffic detected: HTTP traffic on port 52234 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57396
Source: unknownNetwork traffic detected: HTTP traffic on port 53041 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49642 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49155
Source: unknownNetwork traffic detected: HTTP traffic on port 49155 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43051
Source: unknownNetwork traffic detected: HTTP traffic on port 35322 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34933
Source: unknownNetwork traffic detected: HTTP traffic on port 44720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56191 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59347
Source: unknownNetwork traffic detected: HTTP traffic on port 47319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60481
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53041
Source: unknownNetwork traffic detected: HTTP traffic on port 46631 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 36597 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45902
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43322
Source: unknownNetwork traffic detected: HTTP traffic on port 34345 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 36188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 45902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59347 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Found potential keyloggerShow sources
Source: Lcom/midmsz/lhlytazfhrp/ClzpwjSDbK;->a()VInstruction: "const-string v5, "keylogger""
Source: Lcom/midmsz/lhlytazfhrp/ClzpwjSDbK;->a()VInstruction: "const-string v9, "getkeylogger""
Source: Lcom/midmsz/lhlytazfhrp/ClzpwjSDbK;->a()VInstruction: "const-string v9, "getkeylogger -> commands""
Source: Lcom/midmsz/lhlytazfhrp/c;->b(Landroid/content/Context;)VInstruction: "const-string v0, "keylogger""
Source: Lcom/midmsz/lhlytazfhrp/c;->b(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;Instruction: "const-string v1, "/private/datakeylogger.php""
Source: Lcom/midmsz/lhlytazfhrp/ieURcXnUxB;->onAccessibilityEvent(Landroid/view/accessibility/AccessibilityEvent;)VInstruction: "const-string v10, "keylogger""
Has permission to record audio in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Records audio/mediaShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.hbanyboq.XiNFRe;->a:15API Call: android.media.MediaRecorder.start
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.hbanyboq.rEWlchjPN;->a:27API Call: android.media.MediaRecorder.start
Accesses the audio/media managersShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.hbanyboq.XiNFRe;->a:4API Call: android.media.MediaRecorder.<init>
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.hbanyboq.rEWlchjPN;->a:15API Call: android.media.MediaRecorder.<init>

E-Banking Fraud:

barindex
Detected Anubis BankBot ransomware / banking trojanShow sources
Source: Lcom/midmsz/lhlytazfhrp/ClzpwjSDbK;->a()VMethod string: htmllocker
Source: Lcom/midmsz/lhlytazfhrp/ClzpwjSDbK;->a()VMethod string: ERROR -> htmllocker
Source: Lcom/midmsz/lhlytazfhrp/c;->b(Landroid/content/Context;)VMethod string: htmllocker
Source: Lcom/midmsz/lhlytazfhrp/c;->d(Landroid/content/Context;Ljava/lang/String;)Ljava/lang/String;Method string: htmllocker
Source: Lcom/midmsz/lhlytazfhrp/EPjYwbYa;->a(Ljava/io/File;)VMethod string: .AnubisCrypt
Source: Lcom/midmsz/lhlytazfhrp/EPjYwbYa;->b(Ljava/io/File;)VMethod string: .AnubisCrypt
Source: Lcom/midmsz/lhlytazfhrp/misnhpdmas/mkZckIRiMZ;->onCreate(Landroid/os/Bundle;)VMethod string: htmllocker
Found large list of e-Banking application (likely related to e-Banking fraud)Show sources
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.spardat.bcrmobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.spardat.netbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankaustria.android.olb
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bmo.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cibc.android.mobi
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbc.mobile.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.scotiabank.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.td
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: cz.airbank.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.inmite.prj.kb.mobilbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankinter.launcher
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.kutxabank.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rsi
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tecnocom.cajalaboral
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.bancopopular.nbmpopular
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.evobanco.bancamovil
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.lacaixa.mobile.android.newwapicon
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.dbs.hk.dbsmbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.FubonMobileClient
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.hangseng.rbmobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.MobileTreeApp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mtel.androidbea
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.scb.breezebanking.hk
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: hk.com.hsbc.hsbchkmobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.aff.otpdirekt
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ideomobile.hapoalim
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.infrasofttech.indianBank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mobikwik_new
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.oxigen.oxigenwallet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.aeonbank.android.passbook
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.netbk
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.rakuten_bank.rakutenbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.sevenbank.AppPassbook
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.smbc.direct
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: jp.mufg.bk.applisp.app
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.barclays.ke.mobile.android.ui
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.anz.android.mobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.asb.asbmobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.bnz.droidbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.kiwibank.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.getingroup.mobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.pekao.firm
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.pekao
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.raiffeisen
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.bzwbk24
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ipko.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.mbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: alior.bankingapp.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.comarch.mobile.banking.bgzbnpparibas.biznes
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.comarch.security.mobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.empik.empikapp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.empik.empikfoto
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.finanteq.finance.ca
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.orangefinansek
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.invest
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.aliorbank.aib
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.allegro
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bosbank.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bph
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bps.bankowoscmobilna
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.ibiznes24
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.mobile.tab.bzwbk24
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ceneo
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.com.rossmann.centauros
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.fmbank.smart
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ideabank.mobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ing.mojeing
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.millennium.corpApp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.orange.mojeorange
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.pkobp.iko
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: pl.pkobp.ipkobiznes
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.kuveytturk.mobil
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.magiclick.odeabank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mobillium.papara
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.albarakaturk
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.teb
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ccom.tmob.denizbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tmob.tabletdeniz
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vakifbank.mobilel
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: tr.com.sekerbilisim.mbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: wit.android.bcpBankingApp.millenniumPL
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.advantage.RaiffeisenBank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: hr.asseco.android.jimba.mUCI.ro
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: may.maybank.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ro.btrl.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.amazon.mShop.android.shopping
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.amazon.windowshop
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ebay.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbankmobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.spasibo
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank_sbbol
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.mobileoffice
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.sberbankir
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.mobile.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.oavdo.amc
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: by.st.alfa
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.sense
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfadirect.app
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.mw
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.idamob.tinkoff.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tcsbank.c2c
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.mgp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.sme
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.goabroad
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.vtb24.mobilebanking.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: ru.bm.mbm
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vtb.mobilebank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bssys.VTBClient
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bssys.vtb.mobileclient
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt_tablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.softotp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt_tablet_20
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.fragment.akbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.android.mobilonay
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.avm
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.androidtablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.veripark.ykbaz
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.softtech.iscek
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.yurtdisi.iscep
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.softtech.isbankasi
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.monitise.isbankmoscow
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.finansbank.mobile.cepsube
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: finansbank.enpara
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.magiclick.FinansPOS
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksdata.finansyatirim
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: finansbank.enpara.sirketim
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vipera.ts.starter.QNB
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.redrockdigimark
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garanti.cepsubesi
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garanti.cepbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garantibank.cepsubesiro
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: biz.mobinex.android.apps.cep_sifrematik
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.garantiyatirim.fx
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tmobtech.halkbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.SifrebazCep
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: eu.newfrontier.iBanking.mobile.Halk.Retail
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: tr.com.tradesoft.tradingsystem.gtpmobile.halk
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.DijitalSahne.EnYakinHalkbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ziraat.ziraatmobil
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ziraat.ziraattablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksmobile.android.ziraatTrader
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksdata.ziraatyatirim.pad
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.comdirect.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.commerzbanking.mobil
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.consorsbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.db.mm.deutschebank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.dkb.portalapp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.de.dkb.portalapp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ing.diba.mbbr2
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.postbank.finanzassistent
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: mobile.santander.de
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.fiducia.smartphone.android.banking.vr
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.creditagricole.androidapp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.axa.monaxa
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.banquepopulaire.cyberplus
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: net.bnpparibas.mescomptes
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.boursorama.android.clients
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.caisseepargne.android.mobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.lcl.android.customerarea
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.paypal.android.p2pmobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.wf.wellsfargomobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.wf.wellsfargomobile.tablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.wellsFargo.ceomobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.usbank.mobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.usaa.mobile.android.usaa
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.suntrust.mobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.moneybookers.skrillpayments.neteller
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.moneybookers.skrillpayments
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.clairmail.fth
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.konylabs.capitalone
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.yinzcam.facilities.verizon
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.chase.sig.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.infonow.bofa
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankofamerica.cashpromobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.bankofscotland.businessbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.BOS
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwestoffshore
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwest
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwestbandc
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.investisir
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.phyder.engage
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.rbs
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.rbsbandc
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.santander.santanderUK
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.santander.businessUK.bb
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.sovereign.santander
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ifs.banking.fiid4202
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.fi6122.godough
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.ubr
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.htsu.hsbcpersonalbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.halifax
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.CMBlloydsTSB73
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.barclays.android.barclaysmobilebanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unionbank.ecommerce.mobile.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unionbank.ecommerce.mobile.commercial.legacy
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.snapwork.IDBI
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.idbibank.abhay_card
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: src.com.idbi
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.idbi.mpassbook
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.ing.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.snapwork.hdfc
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.sbi.SBIFreedomPlus
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: hdfcbank.hdfcquickbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.csam.icici.bank.imobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: in.co.bankofbaroda.mpassbook
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.axis.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: cz.csob.smartbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: cz.sberbankcz
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: sk.sporoapps.accounts
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: sk.sporoapps.skener
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cleverlance.csas.servis24
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.westpac.bank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.westpac
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.suncorp.SuncorpBank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.stgeorge.bank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.banksa.bank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.newcastlepermanent
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.nab.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.mebank.banking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.ingdirect.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: MyING.be
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.imb.banking2
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.fusion.ATMLocator
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.cua.mb
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.commbank.netbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cba.android.netbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.citibank.mobile.au
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.citibank.mobile.uk
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.citi.citimobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: org.bom.bank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bendigobank.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: me.doubledutch.hvdnz.cbnationalconference2016
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.bankwest.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankofqueensland.boq
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.android.gomoney
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.SingaporeDigitalBanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.anzspot.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.crowdcompass.appSQ0QACAcYJ
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.arubanetworks.atmanz
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.quickmobile.anzirevents15
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.volksbank.volksbankmobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: it.volksbank.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: it.secservizi.mobile.atime.bpaa
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.fiducia.smartphone.android.securego.vr
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.isis_papyrus.raiffeisen_pay_eyewdg
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.mbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.tablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.securityapp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.bawag.mbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bawagpsk.securityapp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: at.psa.app.bawag
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.iscep
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.vakifbank.mobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.vakifbank
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sfinanzstatus
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.mobile.android.pushtan
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.entersekt.authapp.sparkasse
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sfinanzstatus.tablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sbanking
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.palatine.android.mobilebanking.prod
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.laposte.lapostemobile
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: fr.laposte.lapostetablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.bad
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.epasal
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod_tablet.bad
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.nosactus
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: mobi.societegenerale.mobile.lappli
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.netcash
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.bbvacontigo
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.bbvawallet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.bancosantander.apps
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.santander.app
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.cm.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: es.cm.android.tablet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankia.wallet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.binance.dev
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.btcturk
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.binance.odapplications
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.blockfolio.blockfolio
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.crypter.cryptocyrrency
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: io.getdelta.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.edsoftapps.mycoinsvalue
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coin.profit
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.mal.saul.coinmarketcap
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.tnx.apps.coinportfolio
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coinbase.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.portfolio.coinbase_tracker
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: de.schildbach.wallet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: piuk.blockchain.android
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: info.blockchain.merchant
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.jackpf.blockchainsearch
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unocoin.unocoinwallet
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.unocoin.unocoinmerchantPoS
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.santoshmehta364.UNOCOIN_LIVE
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: wos.com.zebpay
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.localbitcoinsmbapp
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.manirana54.LocalBitCoins
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.manirana54.LocalBitCoins_unblock
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.localbitcoins.exchange
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coins.bit.local
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.coins.ful.bit
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.jamalabbasii1998.localbitcoin
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: zebpay.Application
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.bitcoin.ss.zebpayindia
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method string: com.kryptokit.jaxx
Contains package name strings related to banking (usually for identifying banking APKs)Show sources
Source: Lcom/midmsz/lhlytazfhrp/b;->a(Landroid/content/Context;)Ljava/lang/String;Method String: at.spardat.netbanking, com.bankaustria.android.olb, com.scotiabank.mobile, cz.airbank.android, eu.inmite.prj.kb.mobilbank, com.bankinter.launcher, com.kutxabank.android, com.dbs.hk.dbsmbanking, com.scb.breezebanking.hk, hk.com.hsbc.hsbchkmobilebanking, jp.co.aeonbank.android.passbook, jp.co.rakuten_bank.rakutenbank, jp.co.sevenbank.AppPassbook, nz.co.anz.android.mobilebanking, nz.co.bnz.droidbanking, nz.co.kiwibank.mobile, com.getingroup.mobilebanking, eu.eleader.mobilebanking.pekao.firm, eu.eleader.mobilebanking.pekao, eu.eleader.mobilebanking.raiffeisen, com.comarch.mobile.banking.bgzbnpparibas.biznes, com.comarch.security.mobilebanking, eu.eleader.mobilebanking.invest, pl.aliorbank.aib, pl.bosbank.mobile, pl.bps.bankowoscmobilna, pl.fmbank.smart, pl.ideabank.mobilebanking, com.magiclick.odeabank, com.vakifbank.mobilel, tr.com.sekerbilisim.mbank, may.maybank.android, ru.sberbank.spasibo, ru.sberbank.mobileoffice, ru.sberbank.sberbankir, ru.alfabank.mobile.android, ru.alfabank.oavdo.amc, ru.alfabank.sense, ru
Has functionalty to add an overlay to other appsShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.a.c$a;->onStart:83API Call: WindowManager.addView
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
May check for popular installed appsShow sources
Source: Lcom/midmsz/lhlytazfhrp/ieURcXnUxB$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/midmsz/lhlytazfhrp/ieURcXnUxB$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/midmsz/lhlytazfhrp/ieURcXnUxB$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android,com.android.vending"
May query for the most recent running application (usually for UI overlaying)Show sources
Source: com.midmsz.lhlytazfhrp.mcTWTMbWl;->bgetRunningTasks and getPackageName invocations in same method: com.midmsz.lhlytazfhrp.mcTWTMbWl;->b:8, com.midmsz.lhlytazfhrp.mcTWTMbWl;->b:13
Source: com.midmsz.lhlytazfhrp.mcTWTMbWl;->bgetRunningTasks and getPackageName invocations in same method: com.midmsz.lhlytazfhrp.mcTWTMbWl;->b:8, com.midmsz.lhlytazfhrp.mcTWTMbWl;->b:13

Spam, unwanted Advertisements and Ransom Demands:

barindex
Tries to disable the administrator userShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.a.a;->onCreate:26API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Dials phone numbersShow sources
Source: com.midmsz.lhlytazfhrp.misnhpdmas.RcGhOT;->onCreate:22API Call: com.midmsz.lhlytazfhrp.misnhpdmas.RcGhOT.startActivity
Has permission to perform phone calls in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
Has permission to write to the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.WRITE_SMS
May check for popular installed appsShow sources
Source: Lcom/midmsz/lhlytazfhrp/ieURcXnUxB$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/midmsz/lhlytazfhrp/ieURcXnUxB$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/midmsz/lhlytazfhrp/ieURcXnUxB$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android,com.android.vending"
Sends SMS using SmsManagerShow sources
Source: com.midmsz.lhlytazfhrp.c;->c:1193API Call: android.telephony.SmsManager.sendMultipartTextMessage

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: com.midmsz.lhlytazfhrp.EPjYwbYa;->b:70API Calls in same method context: File.listFiles,File.delete
Source: com.midmsz.lhlytazfhrp.EPjYwbYa;->a:30API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: xjhzyerdwxwl.dex.drString found in binary or memory: Landroid/app/KeyguardManager;
Source: xjhzyerdwxwl.dex.drString found in binary or memory: inKeyguardRestrictedInputMode
Source: xjhzyerdwxwl.dex.drString found in binary or memory: keyguard
Source: xjhzyerdwxwl.dex.drString found in binary or memory: Landroid/app/KeyguardManager;"Landroid/app/Notification$Builder;
Source: xjhzyerdwxwl.dex.drString found in binary or memory: keyguardkeylogger
Acquires a wake lockShow sources
Source: com.midmsz.lhlytazfhrp.YOdljfSlmTYA;->onHandleIntent:24API Call: android.os.PowerManager$WakeLock.acquire
Mutes ringtone soundShow sources
Source: com.midmsz.lhlytazfhrp.c;->l:1332API Call: android.media.AudioManager.setRingerMode("0")
Source: com.midmsz.lhlytazfhrp.misnhpdmas.RcGhOT;->onCreate:25API Call: android.media.AudioManager.setRingerMode("0")
Sets a repeating alarmShow sources
Source: com.midmsz.lhlytazfhrp.c;->a:73API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Requests permissions only permitted to signed APKsShow sources
Source: submitted apkRequest permission: android.permission.PACKAGE_USAGE_STATS
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Classification labelShow sources
Source: classification engineClassification label: mal100.rans.troj.spyw.expl.evad.and@0/249@5/0
Reads shares settingsShow sources
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "Interval": null
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "swspacket": null
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "interval": 10000
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "time_work": 0
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "urls": MzA5MGMwOGE4ZjNjMzk1MGM2OGQ2ZjI0OGI3ZjMyMDgwNjc4YzEyNWEzYTFiMDExNDljYTllMTBiYjM5MDNjNzIyZjNiYzgzZDlkNQ==
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "startRequest": Access=0Perm=0
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "save_inj":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "cryptfile": false
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "startRecordSound": stop
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "recordsoundseconds": 0
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "StringAccessibility": Enable access for
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "SettingsAll":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "play_protect":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "url": null
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "network": false
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "gps": false
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "htmllocker":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "urls": MzA5MGMwOGFjNjI5MzkxZWQxOTY2ODI3ZDkyMzZkNTI1MTIzOTIyZmYzYWFmNzE3NGQ=
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "websocket":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "spamSMS":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "findfiles":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "time_work": 25
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "status":
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "time_work": 50
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "time_work": 75
Source: com.midmsz.lhlytazfhrp.c;->d:1200API Call: "time_work": 100

Data Obfuscation:

barindex
Accesses Class Loader via ReflectionShow sources
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Reflective call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Loads new DEX files via dynamic constructorShow sources
Source: com.ifenbof.rloaerl.bucqrDfK;->uDsLeosDkNjy:58API Call: Constructor call: public dalvik.system.DexClassLoader(java.lang.String,java.lang.String,java.lang.String,java.lang.ClassLoader)
Found very long method stringsShow sources
Source: Lcom/midmsz/lhlytazfhrp/b;-><clinit>()VMethod string: [az]Yand\u0131rmaq \u00fc\u00e7\u00fcn giri\u015f::[sq]Mund\u00ebsimi i aksesit p\u00ebr::[am]\u12f0\u1228\u1303 \u1218\u12f5\u1228\u1235 \u12f0\u1228\u1303 \u12a0\u120d\u1270\u1230\u1320\u12cd\u121d::[en]Enable access for::[ar]\u062a\u0645\u0643\u064a\u0 Length: 6006
Obfuscates method namesShow sources
Source: 7RORCb5RSoTotal valid method names: 10%
Uses reflectionShow sources
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public android.content.Context android.content.ContextWrapper.getBaseContext()
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public java.io.File android.app.ContextImpl.getDir(java.lang.String,int)
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public java.lang.String java.io.File.getAbsolutePath()
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public android.content.res.AssetManager android.content.ContextWrapper.getAssets()
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public final android.content.res.AssetFileDescriptor android.content.res.AssetManager.openNonAssetFd(java.lang.String) throws java.io.IOException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public java.io.FileInputStream android.content.res.AssetFileDescriptor.createInputStream() throws java.io.IOException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.ifenbof.rloaerl.alpEDTaEFP;->uDsLeosDkNjy:99API Call: Real call: public static void java.lang.System.arraycopy(byte[],int,byte[],int,int)
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:624API Call: Real call: public void java.io.OutputStream.write(byte[]) throws java.io.IOException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:301API Call: Real call: public static final java.lang.Boolean java.lang.Boolean.TRUE
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean)
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:411API Call: Real call: final android.app.LoadedApk android.app.ContextImpl.mPackageInfo
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean)
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public boolean java.io.File.delete()
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:621API Call: Real call: public boolean java.io.File.delete()
Source: com.midmsz.lhlytazfhrp.c;->a:35API Call: java.lang.reflect.Method.invoke
Source: com.midmsz.lhlytazfhrp.c;->a:63API Call: java.lang.reflect.Method.invoke
Source: com.midmsz.lhlytazfhrp.c;->a:95API Call: java.lang.reflect.Method.invoke
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->qimcrpUJVuZn:557API Call: java.lang.reflect.Field.get

Persistence and Installation Behavior:

barindex
Tries to get accessibilty permissions (for UI automation)Show sources
Source: com.midmsz.lhlytazfhrp.misnhpdmas.amvCJP;->onCreate:6API Call: com.midmsz.lhlytazfhrp.misnhpdmas.amvCJP.startActivity
Creates filesShow sources
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->b:1297API Call: com.midmsz.lhlytazfhrp.ClzpwjSDbK.openFileOutput
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->a:56API Call: com.midmsz.lhlytazfhrp.ieURcXnUxB.openFileOutput
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->b:112API Call: com.midmsz.lhlytazfhrp.ieURcXnUxB.openFileOutput

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.midmsz.lhlytazfhrp.YOdljfSlmTYA;->onHandleIntent:23API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: com.midmsz.lhlytazfhrp.sajqbronxe.rHVmIGXxH;->a:5API Call: android.content.Context.startService (not executed)
Source: com.midmsz.lhlytazfhrp.sajqbronxe.rHVmIGXxH;->a:27API Call: android.content.Context.startService (not executed)
Source: com.midmsz.lhlytazfhrp.sajqbronxe.rHVmIGXxH;->b:53API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Potential hidden JAR / DEX file creation routine findShow sources
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->CmnvQKmOxW:47API Call: java.lang.String.<init> /xjhzyerdwxwl.jar
Potential hidden file creation routine findShow sources
Source: com.ifenbof.rloaerl.hzeGAusFSaNG;->uDsLeosDkNjy:696API Call: java.lang.String.<init> java.io.FileOutputStream
Protects itself from removalShow sources
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:403API Calls in same method context: AccessibilityNodeInfo.findAccessibilityNodeInfosByText,AccessibilityEvent.getPackageName
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Queries list of running processes/tasksShow sources
Source: com.midmsz.lhlytazfhrp.mcTWTMbWl;->b:8API Call: android.app.ActivityManager.getRunningTasks
Source: com.midmsz.lhlytazfhrp.mcTWTMbWl;->b:17API Call: android.app.ActivityManager.getRunningAppProcesses
Removes its application launcher (likely to stay hidden)Show sources
Source: com.midmsz.lhlytazfhrp.misnhpdmas.QmkEVeIcy;->onCreate:16API Call: android.content.pm.PackageManager.setComponentEnabledSetting

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->a:35Field Access: android.os.Build$VERSION.RELEASE
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->a:37Field Access: android.os.Build.MODEL
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->a:41Field Access: android.os.Build.PRODUCT
Source: com.midmsz.lhlytazfhrp.c;->q:1352Field Access: android.os.Build.BOARD
Source: com.midmsz.lhlytazfhrp.c;->q:1355Field Access: android.os.Build.BRAND
Source: com.midmsz.lhlytazfhrp.c;->q:1358Field Access: android.os.Build.CPU_ABI
Source: com.midmsz.lhlytazfhrp.c;->q:1361Field Access: android.os.Build.DEVICE
Source: com.midmsz.lhlytazfhrp.c;->q:1364Field Access: android.os.Build.DISPLAY
Source: com.midmsz.lhlytazfhrp.c;->q:1367Field Access: android.os.Build.HOST
Source: com.midmsz.lhlytazfhrp.c;->q:1370Field Access: android.os.Build.ID
Source: com.midmsz.lhlytazfhrp.c;->q:1373Field Access: android.os.Build.MANUFACTURER
Source: com.midmsz.lhlytazfhrp.c;->q:1376Field Access: android.os.Build.MODEL
Source: com.midmsz.lhlytazfhrp.c;->q:1379Field Access: android.os.Build.PRODUCT
Source: com.midmsz.lhlytazfhrp.c;->q:1382Field Access: android.os.Build.TAGS
Source: com.midmsz.lhlytazfhrp.c;->q:1385Field Access: android.os.Build.TYPE
Source: com.midmsz.lhlytazfhrp.c;->q:1388Field Access: android.os.Build.USER
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.midmsz.lhlytazfhrp.c;->q:1347API Call: android.provider.Settings.Secure.getString
Source: com.midmsz.lhlytazfhrp.c;->q:1347API Call: android.provider.Settings.Secure.getString
Source: com.midmsz.lhlytazfhrp.c;->q:1347API Call: android.provider.Settings.Secure.getString
Source: com.midmsz.lhlytazfhrp.c;->q:1347API Call: android.provider.Settings.Secure.getString
Source: com.midmsz.lhlytazfhrp.c;->q:1347API Call: android.provider.Settings.Secure.getString
Source: com.midmsz.lhlytazfhrp.c;->q:1347API Call: android.provider.Settings.Secure.getString

Anti Debugging:

barindex
Access the class loader (often done to load a new code)Show sources
Source: Lcom/ifenbof/rloaerl/hzeGAusFSaNG;->uDsLeosDkNjy(Ljava/lang/Object;Ljava/lang/Object;)VMethod string: "mClassLoader"

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.midmsz.lhlytazfhrp.c;->a:30API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.midmsz.lhlytazfhrp.c;->a:32API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.midmsz.lhlytazfhrp.c;->a:57API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.midmsz.lhlytazfhrp.c;->a:59API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.midmsz.lhlytazfhrp.c;->a:89API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.midmsz.lhlytazfhrp.c;->a:91API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Queries the network operator ISO country codeShow sources
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->a:47API Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Source: com.midmsz.lhlytazfhrp.c;->p:1343API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->a:55API Call: android.telephony.TelephonyManager.getNetworkOperatorName returned "Swisscom Ltd"
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.midmsz.lhlytazfhrp.ClzpwjSDbK;->a:60API Call: android.telephony.TelephonyManager.getLine1Number

Stealing of Sensitive Information:

barindex
Uses accessibility services (likely to control other applications)Show sources
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:233API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:238API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:264API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:290API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:308API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:323API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:339API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:349API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:359API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.midmsz.lhlytazfhrp.ieURcXnUxB;->onAccessibilityEvent:365API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Creates SMS data (e.g. PDU)Show sources
Source: com.midmsz.lhlytazfhrp.sajqbronxe.rHVmIGXxH;->b:41API Call: android.telephony.SmsMessage.createFromPdu
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Monitors incoming SMSShow sources
Source: com.midmsz.lhlytazfhrp.sajqbronxe.rHVmIGXxHRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Queries SMS dataShow sources
Source: com.midmsz.lhlytazfhrp.prYyUQn;->c:4API Call: android.net.Uri.parse("content://sms/inbox")
Source: com.midmsz.lhlytazfhrp.prYyUQn;->b:49API Call: android.net.Uri.parse("content://sms/sent")
Queries a list of installed applicationsShow sources
Source: com.midmsz.lhlytazfhrp.b;->a:49API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.midmsz.lhlytazfhrp.c;->c:1007API Call: android.content.pm.PackageManager.getInstalledApplications
Queries phone contact informationShow sources
Source: com.midmsz.lhlytazfhrp.misnhpdmas.jahfLZvxewv;->a:9Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: com.midmsz.lhlytazfhrp.misnhpdmas.jahfLZvxewv;->a:69Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Redirects camera/video feedShow sources
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.hbanyboq.XiNFRe;->a:11API Call: android.media.MediaRecorder.setOutputFile
Source: com.midmsz.lhlytazfhrp.qfjbtlzm.hbanyboq.rEWlchjPN;->a:23API Call: android.media.MediaRecorder.setOutputFile
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Remote Access Functionality:

barindex
Found parser code for incoming SMS (may be used to act on incoming SMS, BOT)Show sources
Source: com.midmsz.lhlytazfhrp.sajqbronxe.rHVmIGXxH;->a:29API Call: java.lang.String.equals android.provider.Telephony.SMS_RECEIVED
Found suspicious command strings (may be related to BOT commands)Show sources
Source: Lcom/midmsz/lhlytazfhrp/qfjbtlzm/hbanyboq/rEWlchjPN$1;->run()VMethod string: "stop record sound"
Source: Lcom/midmsz/lhlytazfhrp/qfjbtlzm/ehzutzj/RAJfXSspO;->onHandleIntent(Landroid/content/Intent;)VMethod string: "sendsms"
Source: Lcom/midmsz/lhlytazfhrp/b;-><init>()VMethod string: "android.permission.send_sms"
Source: Lcom/midmsz/lhlytazfhrp/qfjbtlzm/hbanyboq/rEWlchjPN;->a(Landroid/content/Context;Ljava/lang/String;I)VMethod string: "start record sound"
Source: Lcom/midmsz/lhlytazfhrp/qfjbtlzm/hbanyboq/rEWlchjPN$1;->run()VInstruction: "const-string v3, "stop record sound""
Source: Lcom/midmsz/lhlytazfhrp/qfjbtlzm/ehzutzj/RAJfXSspO;->onHandleIntent(Landroid/content/Intent;)VInstruction: "const-string v0, "sendsms""
Source: Lcom/midmsz/lhlytazfhrp/b;-><init>()VInstruction: "const-string v1, "android.permission.send_sms""
Source: Lcom/midmsz/lhlytazfhrp/qfjbtlzm/hbanyboq/rEWlchjPN;->a(Landroid/content/Context;Ljava/lang/String;I)VInstruction: "const-string v2, "start record sound""

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
7RORCb5RSo41%virustotalBrowse
7RORCb5RSo100%AviraANDROID/Dropper.NACP.Gen

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
stefankoebalimivsemotdelom.com4%virustotalBrowse
adobe3245292f9f.pw9%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://ktosdelaetskrintotpidor.com0%virustotalBrowse
https://stefankoebalimivsemotdelom.com/private/checkPanel.php0%virustotalBrowse

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.