Loading ...

Analysis Report nUcFpnJ7qZ

Overview

General Information

Joe Sandbox Version:26.0.0
Analysis ID:830721
Start date:03.04.2019
Start time:15:43:08
Joe Sandbox Product:Cloud
Overall analysis duration:0h 5m 48s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:nUcFpnJ7qZ
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 7.1 Nougat
APK Instrumentation enabled:true
Detection:MAL
Classification:mal92.rans.adwa.spyw.evad.and@0/251@1/0
Warnings:
Show All
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all non-executed APIs are in report
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold920 - 100Report FP / FNfalsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: net.vkurhandler.bf;->a:27API Call: android.location.Location.getLatitude
Source: net.vkurhandler.bf;->a:30API Call: android.location.Location.getLongitude
Source: net.vkurhandler.Mobile;->b:129API Call: android.telephony.TelephonyManager.getCellLocation

Privilege Escalation:

barindex
Forces setting a new device unlock passwordShow sources
Source: net.vkurhandler.ParentControlActivity;->a:10API Call: android.app.admin.DevicePolicyManager.resetPassword
Source: net.vkurhandler.SettingsActivity;->a:119API Call: android.app.admin.DevicePolicyManager.resetPassword
Source: net.vkurhandler.ah;->b:1985API Call: android.app.admin.DevicePolicyManager.resetPassword
Starts an activity on device admin enabledShow sources
Source: net.vkurhandler.RDeviceAdminReceiver;->onDisableRequested:17API Call: android.content.Context.startActivity (not executed)
Starts/registers a service/receiver on device admin enabledShow sources
Source: net.vkurhandler.RDeviceAdminReceiver;->onDisableRequested:19API Call: android.content.Context.startService (not executed)
Checks if the device administrator is activeShow sources
Source: net.vkurhandler.ParentControlActivity;->onClickParentControlSetPhoneLockPassword:24API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.SettingsActivity;->a:61API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.SettingsActivity;->onClickDoPhotoOnFailedUnlock:748API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.SettingsActivity;->onClickParentControlSetPhoneLockPassword:780API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.SettingsActivity;->toogleAdmin:937API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.ah;->a:127API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.ah;->a:1770API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.ah;->b:1981API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: net.vkurhandler.fd;->onClick:13API Call: android.app.admin.DevicePolicyManager.isAdminActive
Requests root accessShow sources
Source: net.vkurhandler.ec;->a:39API Call: java.lang.Runtime.exec ("su")
Source: net.vkurhandler.ec;->a:42API Call: java.lang.Runtime.exec ("su")
Source: net.vkurhandler.ec;->b:68API Call: java.lang.Runtime.exec ("su")
Source: net.vkurhandler.ed;->run:4API Call: java.lang.Runtime.exec ("su")
Tries to add a new device administratorShow sources
Source: net.vkurhandler.SettingsActivity;->toogleAdmin:945API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: net.vkurhandler.cl;->onClick:4API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: net.vkurhandler.ff;->onClick:4API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN
Source: net.vkurhandler.fi;->onClick:4API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN

Spreading:

barindex
Has permission to change the WIFI configuration including connecting and disconnectingShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Scans the access points for available WIFI networksShow sources
Source: net.vkurhandler.ah;->a:1633API Call: android.net.wifi.WifiManager.startScan
Accesses external storage locationShow sources
Source: net.vkurhandler.DirectoryPicker;->onCreate:40API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.MediaMountReceiver;->onReceive:3API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.bl;->b:9API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.bm;->onEvent:23API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.bu;->a:1API Call: android.os.Environment.getExternalStorageState
Source: net.vkurhandler.bu;->b:5API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.bu;->c:13API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.cx;->b:8API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.cx;->b:27API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.dw;->run:64API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.dy;->run:46API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->a:256API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->a:312API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->c:457API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->d:472API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->g:603API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->g:624API Call: android.os.Environment.getExternalStorageState
Source: net.vkurhandler.gn;->g:632API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->g:645API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->g:659API Call: android.os.Environment.getExternalStorageDirectory
Source: net.vkurhandler.gn;->g:675API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: net.vkurhandler.gn;->i:777API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: net.vkurhandler.gn;->i:778API Call: android.net.NetworkInfo.isConnected
Source: net.vkurhandler.gn;->a:326API Call: android.net.ConnectivityManager.getNetworkInfo
Source: net.vkurhandler.gn;->a:327API Call: android.net.NetworkInfo.isConnected
Source: net.vkurhandler.ah;->a:1631API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: net.vkurhandler.ai;->onReceive:12API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: net.vkurhandler.gn;->j:784API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: net.vkurhandler.gn;->j:785API Call: android.net.NetworkInfo.isConnected
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.133.188
Enables or disables WIFIShow sources
Source: net.vkurhandler.DispatchService;->a:9API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: net.vkurhandler.DispatchService;->b:167API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: net.vkurhandler.ah;->a:401API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: net.vkurhandler.ah;->a:408API Call: android.net.wifi.WifiManager.setWifiEnabled
HTTP GET or POST without a user agentShow sources
Source: global trafficHTTP traffic detected: GET /backend/new/rp.php HTTP/1.1Host: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: POST /backend/new/handler.php HTTP/1.1Content-Length: 202Content-Type: application/x-www-form-urlencodedHost: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzipData Raw: 70 61 72 61 6d 73 3d 25 37 42 25 32 32 6d 6f 64 75 6c 65 25 32 32 25 33 41 25 32 32 70 72 65 66 65 72 65 6e 63 65 25 32 32 25 32 43 25 32 32 61 63 74 69 6f 6e 25 32 32 25 33 41 25 32 32 6c 6f 61 64 25 32 32 25 32 43 25 32 32 64 65 76 69 63 65 5f 69 64 25 32 32 25 33 41 25 32 32 25 32 32 25 32 43 25 32 32 61 70 70 5f 6e 61 6d 65 25 32 32 25 33 41 25 32 32 53 79 73 74 65 6d 2b 55 70 64 61 74 65 72 25 32 32 25 32 43 25 32 32 70 6b 67 5f 6e 61 6d 65 25 32 32 25 33 41 25 32 32 6e 65 74 2e 76 6b 75 72 68 61 6e 64 6c 65 72 25 32 32 25 32 43 25 32 32 64 6f 6d 61 69 6e 5f 69 64 25 32 32 25 33 41 30 25 37 44 Data Ascii: params=%7B%22module%22%3A%22preference%22%2C%22action%22%3A%22load%22%2C%22device_id%22%3A%22%22%2C%22app_name%22%3A%22System+Updater%22%2C%22pkg_name%22%3A%22net.vkurhandler%22%2C%22domain_id%22%3A0%7D
Source: global trafficHTTP traffic detected: POST /backend/new/handler.php HTTP/1.1Content-Length: 71Content-Type: application/x-www-form-urlencodedHost: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzipData Raw: 70 61 72 61 6d 73 3d 25 37 42 25 32 32 6d 6f 64 75 6c 65 25 32 32 25 33 41 25 32 32 63 6c 69 65 6e 74 25 32 32 25 32 43 25 32 32 61 63 74 69 6f 6e 25 32 32 25 33 41 25 32 32 67 65 74 5f 6c 69 63 25 32 32 25 37 44 Data Ascii: params=%7B%22module%22%3A%22client%22%2C%22action%22%3A%22get_lic%22%7D
Source: global trafficHTTP traffic detected: POST /backend/new/handler.php HTTP/1.1Content-Length: 840Content-Type: application/x-www-form-urlencodedHost: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: POST /backend/new/handler.php HTTP/1.1Content-Length: 71Content-Type: application/x-www-form-urlencodedHost: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzipData Raw: 70 61 72 61 6d 73 3d 25 37 42 25 32 32 6d 6f 64 75 6c 65 25 32 32 25 33 41 25 32 32 63 6c 69 65 6e 74 25 32 32 25 32 43 25 32 32 61 63 74 69 6f 6e 25 32 32 25 33 41 25 32 32 67 65 74 5f 6c 69 63 25 32 32 25 37 44 Data Ascii: params=%7B%22module%22%3A%22client%22%2C%22action%22%3A%22get_lic%22%7D
Source: global trafficHTTP traffic detected: POST /backend/new/handler.php HTTP/1.1Content-Length: 840Content-Type: application/x-www-form-urlencodedHost: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: POST /backend/new/handler.php HTTP/1.1Content-Length: 511Content-Type: application/x-www-form-urlencodedHost: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzip
Opens an internet connectionShow sources
Source: net.vkurhandler.gk;->run:32API Call: java.net.Socket.connect (not executed)
Source: net.vkurhandler.gn;->a:21API Call: java.net.URL.openConnection (not executed)
Scans for WIFI networksShow sources
Source: net.vkurhandler.ah;->a:1633API Call: android.net.wifi.WifiManager.startScan
Source: net.vkurhandler.ai;->onReceive:11API Call: android.net.wifi.WifiManager.getScanResults
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /backend/new/rp.php HTTP/1.1Host: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzip
Found strings which match to known social media urlsShow sources
Source: resources.arscString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: resources.arscString found in binary or memory: Facebook,L equals www.facebook.com (Facebook)
Source: classes.dexString found in binary or memory: +/data/data/com.vkontakte.android/databases/ equals www.vkontakte.ru (VKontakte)
Source: classes.dexString found in binary or memory: /data/data/3/data/data/com.facebook.orca/databases/contacts_db26/data/data/com.facebook.orca/databases/contacts_db2.cp2/data/data/com.facebook.orca/databases/threads_db25/data/data/com.facebook.orca/databases/threads_db2.cp0/data/data/com.gemtechnologies.gem4me/databases/1/data/data/com.gemtechnologies.gem4me/databases/*6/data/data/com.gemtechnologies.gem4me/databases/gem_db+/data/data/com.imo.android.imoim/databases/,/data/data/com.imo.android.imoim/databases/*7/data/data/com.imo.android.imoim/databases/accountdb.db8/data/data/com.imo.android.imoim/databases/imofriends.db+/data/data/com.instagram.android/databases/,/data/data/com.instagram.android/databases/*4/data/data/com.instagram.android/databases/direct.db,/data/data/com.skype.raider/files/%s/main.db,/data/data/com.skype.raider/files/shared.xml'/data/data/com.skype.raider/files/sk.cp2/data/data/com.viber.voip/databases/viber_messagesB/data/data/com.viber.voip/files/preferences/reg_viber_country_code?/data/data/com.viber.voip/files/preferences/reg_viber_p
Source: classes.dexString found in binary or memory: /data/data/3/data/data/com.facebook.orca/databases/contacts_db26/data/data/com.facebook.orca/databases/contacts_db2.cp2/data/data/com.facebook.orca/databases/threads_db25/data/data/com.facebook.orca/databases/threads_db2.cp0/data/data/com.gemtechnologies.gem4me/databases/1/data/data/com.gemtechnologies.gem4me/databases/*6/data/data/com.gemtechnologies.gem4me/databases/gem_db+/data/data/com.imo.android.imoim/databases/,/data/data/com.imo.android.imoim/databases/*7/data/data/com.imo.android.imoim/databases/accountdb.db8/data/data/com.imo.android.imoim/databases/imofriends.db+/data/data/com.instagram.android/databases/,/data/data/com.instagram.android/databases/*4/data/data/com.instagram.android/databases/direct.db,/data/data/com.skype.raider/files/%s/main.db,/data/data/com.skype.raider/files/shared.xml'/data/data/com.skype.raider/files/sk.cp2/data/data/com.viber.voip/databases/viber_messagesB/data/data/com.viber.voip/files/preferences/reg_viber_country_code?/data/data/com.viber.voip/files/preferences/reg_viber_p
Source: androidString found in binary or memory: /data/data/com.facebook.orca/databases/contacts_db2 equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: /data/data/com.facebook.orca/databases/contacts_db2.cp equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: /data/data/com.facebook.orca/databases/threads_db2 equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: /data/data/com.facebook.orca/databases/threads_db2.cp equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: /data/data/com.vkontakte.android/databases/ equals www.vkontakte.ru (VKontakte)
Source: androidString found in binary or memory: /data/data/com.vkontakte.android/databases/vk.db equals www.vkontakte.ru (VKontakte)
Source: androidString found in binary or memory: /data/data/com.vkontakte.android/databases/vkim.sqlite equals www.vkontakte.ru (VKontakte)
Source: androidString found in binary or memory: /data/data/com.vkontakte.android/shared_prefs/null.xml equals www.vkontakte.ru (VKontakte)
Source: classes.dexString found in binary or memory: 0/data/data/com.vkontakte.android/databases/vk.db equals www.vkontakte.ru (VKontakte)
Source: classes.dexString found in binary or memory: 2/data/data/com.facebook.orca/databases/threads_db2 equals www.facebook.com (Facebook)
Source: classes.dexString found in binary or memory: 3/data/data/com.facebook.orca/databases/contacts_db2 equals www.facebook.com (Facebook)
Source: classes.dexString found in binary or memory: 5/data/data/com.facebook.orca/databases/threads_db2.cp equals www.facebook.com (Facebook)
Source: classes.dexString found in binary or memory: 6/data/data/com.facebook.orca/databases/contacts_db2.cp equals www.facebook.com (Facebook)
Source: classes.dexString found in binary or memory: 6/data/data/com.vkontakte.android/databases/vkim.sqlite equals www.vkontakte.ru (VKontakte)
Source: classes.dexString found in binary or memory: 6/data/data/com.vkontakte.android/shared_prefs/null.xml equals www.vkontakte.ru (VKontakte)
Source: resources.arscString found in binary or memory: ;;Messenger archivation filter (Viber/WhatsApp/Facebook/Kate) equals www.facebook.com (Facebook)
Source: resources.arscString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: resources.arscString found in binary or memory: Facebook messages equals www.facebook.com (Facebook)
Source: resources.arscString found in binary or memory: Facebook messages##The numbers added to the phone book equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Messenger archivation filter (Viber/WhatsApp/Facebook/Kate) equals www.facebook.com (Facebook)
Source: resources.arscString found in binary or memory: To prohibit the installation of malware detectors, optimizers, cleaners and other applications that affect on the stable work of the app;;Messenger archivation filter (Viber/WhatsApp/Facebook/Kate) equals www.facebook.com (Facebook)
Source: classes.dexString found in binary or memory: VKontakte messages (Root) equals www.vkontakte.ru (VKontakte)
Source: resources.arscString found in binary or memory: VKontakte messages equals www.vkontakte.ru (VKontakte)
Source: resources.arscString found in binary or memory: com.facebook.orca equals www.facebook.com (Facebook)
Source: resources.arscString found in binary or memory: com.vkontakte.android equals www.vkontakte.ru (VKontakte)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: reptilicus.net
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /backend/new/handler.php HTTP/1.1Content-Length: 202Content-Type: application/x-www-form-urlencodedHost: reptilicus.netConnection: Keep-AliveAccept-Encoding: gzipData Raw: 70 61 72 61 6d 73 3d 25 37 42 25 32 32 6d 6f 64 75 6c 65 25 32 32 25 33 41 25 32 32 70 72 65 66 65 72 65 6e 63 65 25 32 32 25 32 43 25 32 32 61 63 74 69 6f 6e 25 32 32 25 33 41 25 32 32 6c 6f 61 64 25 32 32 25 32 43 25 32 32 64 65 76 69 63 65 5f 69 64 25 32 32 25 33 41 25 32 32 25 32 32 25 32 43 25 32 32 61 70 70 5f 6e 61 6d 65 25 32 32 25 33 41 25 32 32 53 79 73 74 65 6d 2b 55 70 64 61 74 65 72 25 32 32 25 32 43 25 32 32 70 6b 67 5f 6e 61 6d 65 25 32 32 25 33 41 25 32 32 6e 65 74 2e 76 6b 75 72 68 61 6e 64 6c 65 72 25 32 32 25 32 43 25 32 32 64 6f 6d 61 69 6e 5f 69 64 25 32 32 25 33 41 30 25 37 44 Data Ascii: params=%7B%22module%22%3A%22preference%22%2C%22action%22%3A%22load%22%2C%22device_id%22%3A%22%22%2C%22app_name%22%3A%22System+Updater%22%2C%22pkg_name%22%3A%22net.vkurhandler%22%2C%22domain_id%22%3A0%7D
Urls found in memory or binary dataShow sources
Source: libacr.soString found in binary or memory: http://gcc.gnu.org/bugs.html):
Source: androidString found in binary or memory: http://reptilicus.net/backend/new/rp.php
Source: androidString found in binary or memory: http://reptilicus.net/bn/g.php?
Source: activity_main.xml, AndroidManifest.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: libmp3lame.soString found in binary or memory: http://www.mp3dev.org/
Source: libmp3lame.soString found in binary or memory: http://www.mp3dev.org/32bits64bits
Source: classes.dex, androidString found in binary or memory: https://maps.google.com/maps?q=%s
Source: androidString found in binary or memory: https://phonecontrolapp.com/sonfidentiality/
Source: androidString found in binary or memory: https://reptilicus.net/konfidencialnost

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to record audio in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA
Records audio/mediaShow sources
Source: net.vkurhandler.bo;->d:195API Call: com.nll.nativelibs.callrecording.a.startRecording
Source: com.nll.nativelibs.callrecording.a;->startRecording:50API Call: android.media.AudioRecord.startRecording
Accesses the audio/media managersShow sources
Source: net.vkurhandler.bo;-><init>:23API Call: android.media.AudioRecord.<init>
Source: net.vkurhandler.bo;-><init>:53API Call: com.nll.nativelibs.callrecording.a.<init>
Source: net.vkurhandler.bo;->f:244API Call: com.nll.nativelibs.callrecording.a.<init>
Source: com.nll.nativelibs.callrecording.a;-><init>:3API Call: android.media.AudioRecord.<init>

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: net.vkurhandler.AdminUnlockViewService;->c:20API Call: WindowManager.addView
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
May check for popular installed appsShow sources
Source: Lnet/vkurhandler/ah;->b(Landroid/content/Context;Ljava/util/List;)Ljava/lang/String;Method string: "[{"app_name":"YouTube","pkg_name":"com.google.android.youtube"},{"app_name":"RSS Reader","pkg_name":"com.example.android.rssreader"},{"app_name":"Google App","pkg_name":"com.google.android.googlequicksearchbox"},{"app_name":"Calibration","pkg_name":"org.zeroxlab.util.tscal"},{"app_name":"Files","pkg_name":"com.android.documentsui"},{"app_name":"Contacts","pkg_name":"com.android.contacts"},{"app_name":"Gmail","pkg_name":"com.google.android.gm"},{"app_name":"Calendar","pkg_name":"com.android.calendar"},{"app_name":"NotePad","pkg_name":"com.example.android.notepad"},{"app_name":"Chrome","pkg_name":"com.android.chrome"},{"app_name":"Phone","pkg_name":"com.android.dialer"},{"app_name":"Gallery","pkg_name":"com.android.gallery3d"},{"app_name":"System Updater","pkg_name":"net.vkurhandler"},{"app_name":"Terminal Emulator","pkg_name":"jackpal.androidterm"},{"app_name":"Settings","pkg_name":"com.android.settings"},{"app_name":"Taskbar","pkg_name":"com.farmerbb.taskbar.androidx86"},{"app_name":"Music","pkg_name":"com.cy
Source: Lnet/vkurhandler/ds;->run()VMethod string: "/data/data/com.whatsapp/databases/*"
Source: Lnet/vkurhandler/dh;->run()VMethod string: "/data/data/com.imo.android.imoim/databases/*"
Source: Lnet/vkurhandler/dq;->run()VMethod string: "/data/data/com.viber.voip/databases/viber_messages"
Source: Lnet/vkurhandler/df;->run()VMethod string: "/data/data/com.facebook.orca/databases/threads_db2"
Source: Lnet/vkurhandler/di;->run()VMethod string: "/data/data/com.instagram.android/databases/*"
May query for the most recent running application (usually for UI overlaying)Show sources
Source: net.vkurhandler.gn;->agetRunningTasks and getPackageName invocations in same method: net.vkurhandler.gn;->a:78, net.vkurhandler.gn;->a:81
Source: net.vkurhandler.gn;->agetRunningTasks and getPackageName invocations in same method: net.vkurhandler.gn;->a:78, net.vkurhandler.gn;->a:81

Spam, unwanted Advertisements and Ransom Demands:

barindex
Detected Adware ReptilicusShow sources
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "reptilicus"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "reptilicus/data/"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "http://reptilicus.net/bn/g.php?"
Tries to disable the administrator userShow sources
Source: net.vkurhandler.SettingsActivity;->toogleAdmin:940API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Source: net.vkurhandler.ah;->a:1771API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Source: net.vkurhandler.fd;->onClick:18API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Has permission to perform phone calls in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
Has permission to write to the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Has permission to write to the default browser historyShow sources
Source: submitted apkRequest permission: com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
Has permissions to monitor, redirect and/or block callsShow sources
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
May block phone calls / Accesses private ITelephony interfaceShow sources
Source: net.vkurhandler.Mobile;->a:19API Call: java.lang.Class.getDeclaredMethod("getITelephony")
Source: net.vkurhandler.Mobile;->a:43API Call: java.lang.Class.getDeclaredMethod("getITelephony")
May check for popular installed appsShow sources
Source: Lnet/vkurhandler/ah;->b(Landroid/content/Context;Ljava/util/List;)Ljava/lang/String;Method string: "[{"app_name":"YouTube","pkg_name":"com.google.android.youtube"},{"app_name":"RSS Reader","pkg_name":"com.example.android.rssreader"},{"app_name":"Google App","pkg_name":"com.google.android.googlequicksearchbox"},{"app_name":"Calibration","pkg_name":"org.zeroxlab.util.tscal"},{"app_name":"Files","pkg_name":"com.android.documentsui"},{"app_name":"Contacts","pkg_name":"com.android.contacts"},{"app_name":"Gmail","pkg_name":"com.google.android.gm"},{"app_name":"Calendar","pkg_name":"com.android.calendar"},{"app_name":"NotePad","pkg_name":"com.example.android.notepad"},{"app_name":"Chrome","pkg_name":"com.android.chrome"},{"app_name":"Phone","pkg_name":"com.android.dialer"},{"app_name":"Gallery","pkg_name":"com.android.gallery3d"},{"app_name":"System Updater","pkg_name":"net.vkurhandler"},{"app_name":"Terminal Emulator","pkg_name":"jackpal.androidterm"},{"app_name":"Settings","pkg_name":"com.android.settings"},{"app_name":"Taskbar","pkg_name":"com.farmerbb.taskbar.androidx86"},{"app_name":"Music","pkg_name":"com.cy
Source: Lnet/vkurhandler/ds;->run()VMethod string: "/data/data/com.whatsapp/databases/*"
Source: Lnet/vkurhandler/dh;->run()VMethod string: "/data/data/com.imo.android.imoim/databases/*"
Source: Lnet/vkurhandler/dq;->run()VMethod string: "/data/data/com.viber.voip/databases/viber_messages"
Source: Lnet/vkurhandler/df;->run()VMethod string: "/data/data/com.facebook.orca/databases/threads_db2"
Source: Lnet/vkurhandler/di;->run()VMethod string: "/data/data/com.instagram.android/databases/*"
May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) servicesShow sources
Source: submitted apkRequest permission: net.vkurhandler.permission.C2D_MESSAGE
Sends SMS using SmsManagerShow sources
Source: net.vkurhandler.gn;->b:376API Call: android.telephony.SmsManager.sendTextMessage

Operating System Destruction:

barindex
Deletes other packagesShow sources
Source: net.vkurhandler.fd;->onClick:30API Call: net.vkurhandler.SettingsActivity.startActivity
May wipe phone dataShow sources
Source: net.vkurhandler.ak;->run:5API Call: android.app.admin.DevicePolicyManager.wipeData
Has permission to delete other packagesShow sources
Source: submitted apkRequest permission: android.permission.DELETE_PACKAGES
Lists and deletes files in the same contextShow sources
Source: net.vkurhandler.gn;->a:323API Calls in same method context: File.listFiles,File.delete
Source: net.vkurhandler.bm;->onEvent:44API Calls in same method context: File.listFiles,File.delete
Source: org.sqlite.database.sqlite.SQLiteDatabase;->deleteDatabase:63API Calls in same method context: File.listFiles,File.delete
Source: net.vkurhandler.gn;->d:484API Calls in same method context: File.listFiles,File.delete
Source: net.vkurhandler.gn;->b:374API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: AndroidManifest.xmlString found in binary or memory: android.hardware.camera.front#android.permission.ACCESS_SUPERUSER,android.permission.MOUNT_UNMOUNT_FILESYSTEMS)android.permission.WRITE_INTERNAL_STORAGE#android.permission.DISABLE_KEYGUARD#android.permission.INSTALL_PACKAGES"android.permission.DELETE_PACKAGES&android.permission.SYSTEM_ALERT_WINDOW-android.permission.BIND_ACCESSIBILITY_SERVICE&android.permission.PACKAGE_USAGE_STATS

System Summary:

barindex
Executes native commandsShow sources
Source: net.vkurhandler.ec;->a:39API Call: java.lang.Runtime.exec ("su")
Source: net.vkurhandler.ec;->a:42API Call: java.lang.Runtime.exec ("su")
Source: net.vkurhandler.ec;->b:68API Call: java.lang.Runtime.exec ("su")
Source: net.vkurhandler.ed;->run:4API Call: java.lang.Runtime.exec ("su")
Source: com.nll.nativelibs.callrecording.d;->d:12API Call: java.lang.Runtime.exec
Requests permissions only permitted to signed APKsShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_COMPONENT_ENABLED_STATE
Source: submitted apkRequest permission: android.permission.DEVICE_POWER
Source: submitted apkRequest permission: android.permission.PACKAGE_USAGE_STATS
Requests permissions only permitted to signed APKs or APKs which are within the system imageShow sources
Source: submitted apkRequest permission: android.permission.DELETE_PACKAGES
Source: submitted apkRequest permission: android.permission.INSTALL_PACKAGES
Source: submitted apkRequest permission: android.permission.WRITE_SECURE_SETTINGS
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.CHANGE_NETWORK_STATE
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.MODIFY_AUDIO_SETTINGS
Source: submitted apkRequest permission: android.permission.MODIFY_PHONE_STATE
Source: submitted apkRequest permission: android.permission.MOUNT_FORMAT_FILESYSTEMS
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SETTINGS
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Source: submitted apkRequest permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS
Source: submitted apkRequest permission: com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
Classification labelShow sources
Source: classification engineClassification label: mal92.rans.adwa.spyw.evad.and@0/251@1/0
Loads native librariesShow sources
Source: net.vkurhandler.bo;-><clinit>:3API Call: java.lang.System.loadLibrary ("mp3lame")
Source: com.nll.nativelibs.callrecording.Native;-><clinit>:2API Call: java.lang.System.loadLibrary ("acr")
Reads shares settingsShow sources
Source: net.vkurhandler.Mobile;->h:144API Call: "device_id":
Source: net.vkurhandler.dc;->b:59API Call: "last_work_host": reptilicus.net
Source: net.vkurhandler.Sms2Receiver;->onReceive:17API Call: "sms_code_word": netstat
Source: net.vkurhandler.Sms2Receiver;->onReceive:39API Call: "call_password": 3454
Source: net.vkurhandler.CallReceiver;->b:217API Call: "call_password": 3454
Source: net.vkurhandler.AddInterceptionAudioPathActivity;->b:23API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.AddInterceptionPhotoPathActivity;->b:23API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.AddRemovePackageReceiver;->onReceive:45API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.AudiorecordEnvironmentSchedule;->a:16API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.AudiorecordEnvironmentSchedule;->onReceive:226API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.AudiorecordEnvironmentScheduleActivity;->onCreate:310API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.CallReceiver;->a:88API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.CallReceiver;->a:172API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.CallRecordActivity;->a:22API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.CallRecordActivity;->a:28API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.CallRecordActivity;->a:34API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.CallRecordActivity;->a:40API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.CallRecordActivity;->a:46API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.DispatchSchedule;->a:5API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchSchedule;->a:7API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchSchedule;->a:9API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchSchedule;->a:16API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.DispatchService;->a:39API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchService;->a:42API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchService;->a:45API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchService;->a:78API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchService;->d:223API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchService;->onHandleIntent:418API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchService;->onHandleIntent:420API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.DispatchService;->onHandleIntent:422API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.DispatchService;->onHandleIntent:424API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.EnterActivity;->a:30API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.KeysInterceptor;->a:9API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.KeysInterceptor;->a:12API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MainActivity;->a:5API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MediaMountReceiver;->onReceive:25API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MediaMountReceiver;->onReceive:32API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MessengerFilterActivity;->a:9API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.MessengerFilterActivity;->a:46API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.MyApp;->y:140API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MyApp;->c:187API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.MyApp;->c:194API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.MyApp;->c:201API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.MyApp;->c:205API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MyApp;->c:210API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MyApp;->c:221API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MyApp;->c:231API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MyApp;->c:236API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.MyApp;->c:258API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ParentControlBlockAppActivity;->a:100API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.RDeviceAdminReceiver;->onPasswordFailed:34API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.RDeviceAdminReceiver;->onPasswordFailed:39API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ScreenMakerAppFilter;->a:5API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ScreenMakerAppFilter;->onCreate:140API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->a:24API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.SettingsActivity;->i:266API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:294API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:299API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:310API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:344API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.SettingsActivity;->i:398API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.SettingsActivity;->i:404API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.SettingsActivity;->i:410API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.SettingsActivity;->i:429API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:438API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:447API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:456API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:465API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:474API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:483API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:491API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:503API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:512API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->i:521API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->onCreate:874API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->onCreate:878API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->onCreate:883API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsActivity;->onCreate:891API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:32API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:55API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:64API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:73API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:82API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:91API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:100API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.SettingsExpertActivity;->a:118API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:127API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsExpertActivity;->a:136API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:54API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:63API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:72API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:81API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:90API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:99API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:108API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:117API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:126API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:135API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:144API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:153API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:162API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:171API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:180API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:189API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:198API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:207API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:216API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:225API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:234API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:241API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:250API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:259API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SettingsRootActivity;->a:264API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SimChangeNotifier;->onReceive:11API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SimChangeNotifier;->onReceive:25API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.SimChangeNotifier;->onReceive:27API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.Sms2Receiver;->onReceive:65API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.UserPresent;->onReceive:9API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.UserPresent;->onReceive:13API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.WatchDogReceiver;->onReceive:11API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.WatchDogReceiver;->onReceive:17API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.a;->a:23API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ad;->b:18API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ah;->a:897API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ah;->a:930API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ah;->a:965API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ah;->a:998API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ah;->a:1150API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ah;->a:1198API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ah;->a:1496API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ah;->a:1511API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ah;->a:1526API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ah;->a:1536API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ah;->a:1563API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ah;->a:1574API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.ah;->a:1587API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ah;->a:1621API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.al;->onChange:134API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.aw;->a:22API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.bf;->b:98API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.bf;->b:115API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.bh;->a:32API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.bt;->a:38API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ci;->run:76API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.cx;->b:20API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.dd;->run:18API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.df;->f:54API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.df;->g:57API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dg;->f:47API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dg;->g:50API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dg;->run:117API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dg;->run:153API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dg;->run:188API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dh;->f:136API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dh;->f:139API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dh;->f:142API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dh;->g:145API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dh;->run:216API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dh;->run:258API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dh;->run:293API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.di;->f:93API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.di;->g:96API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dj;->b:9API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.dl;->f:111API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dl;->g:114API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dm;->f:113API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dm;->g:116API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.do;->f:188API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.do;->f:191API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.do;->f:194API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.do;->g:197API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.do;->run:278API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dp;->f:77API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dp;->g:80API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dq;->f:129API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dq;->f:132API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dq;->g:135API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dq;->run:235API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dr;->f:149API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.dr;->g:152API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ds;->f:213API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ds;->f:216API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ds;->f:219API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ds;->g:222API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ds;->run:319API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.ds;->run:357API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.du;->onClick:7API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.eg;->b:20API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.eg;->b:29API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.eg;->b:34API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.en;->onReceive:19API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.en;->onReceive:23API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.fy;->run:20API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.fy;->run:35API Call: android.content.SharedPreferences.getString
Source: net.vkurhandler.fz;->onChange:47API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.h;->run:6API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.h;->run:18API Call: android.content.SharedPreferences.getBoolean
Source: net.vkurhandler.n;->b:12API Call: android.content.SharedPreferences.getString
Source: com.nll.nativelibs.callrecording.a;-><init>:15API Call: android.content.SharedPreferences.getString

Data Obfuscation:

barindex
Obfuscates method namesShow sources
Source: nUcFpnJ7qZTotal valid method names: 25%
Uses reflectionShow sources
Source: com.a.a.a.a;->a:94API Call: Real call: protected org.apache.http.HttpEntity org.apache.http.entity.HttpEntityWrapper.wrappedEntity
Source: com.a.a.a.a;->a:94API Call: Real call: protected org.apache.http.HttpEntity org.apache.http.entity.HttpEntityWrapper.wrappedEntity
Source: com.a.a.a.a;->a:94API Call: Real call: protected org.apache.http.HttpEntity org.apache.http.entity.HttpEntityWrapper.wrappedEntity
Source: com.a.a.a.a;->a:94API Call: Real call: protected org.apache.http.HttpEntity org.apache.http.entity.HttpEntityWrapper.wrappedEntity
Source: com.a.a.a.a;->a:94API Call: Real call: protected org.apache.http.HttpEntity org.apache.http.entity.HttpEntityWrapper.wrappedEntity
Source: com.a.a.a.a;->a:94API Call: Real call: protected org.apache.http.HttpEntity org.apache.http.entity.HttpEntityWrapper.wrappedEntity
Source: com.a.a.a.a;->a:94API Call: Real call: protected org.apache.http.HttpEntity org.apache.http.entity.HttpEntityWrapper.wrappedEntity
Source: net.vkurhandler.gn;->b:380API Call: Real call: public static java.lang.String android.os.SystemProperties.get(java.lang.String)
Source: net.vkurhandler.Mobile;->a:21API Call: java.lang.reflect.Method.invoke
Source: net.vkurhandler.Mobile;->a:46API Call: java.lang.reflect.Method.invoke
Source: net.vkurhandler.Mobile;->a:53API Call: java.lang.reflect.Method.invoke
Source: net.vkurhandler.Mobile;->a:63API Call: java.lang.reflect.Field.get
Source: net.vkurhandler.Mobile;->a:72API Call: java.lang.reflect.Method.invoke
Source: net.vkurhandler.Mobile;->h:156API Call: java.lang.reflect.Method.invoke
Source: net.vkurhandler.gn;->c:426API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Has permission to install other packagesShow sources
Source: submitted apkRequest permission: android.permission.INSTALL_PACKAGES

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED

Hooking and other Techniques for Hiding and Protection:

barindex
Removes its application launcher (likely to stay hidden)Show sources
Source: net.vkurhandler.SettingsActivity;->hideUnhideApp:700API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: net.vkurhandler.ah;->a:462API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Source: net.vkurhandler.gn;->g:718API Call: android.content.pm.PackageManager.setComponentEnabledSetting
Aborts a broadcast event (this is often done to hide phone events such as incoming SMS)Show sources
Source: net.vkurhandler.CallReceiver;->b:192API Call: net.vkurhandler.CallReceiver.abortBroadcast
Source: net.vkurhandler.Sms2Receiver;->onReceive:34API Call: net.vkurhandler.Sms2Receiver.abortBroadcast
Source: net.vkurhandler.Sms2Receiver;->onReceive:45API Call: net.vkurhandler.Sms2Receiver.abortBroadcast
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Has permissions to monitor, redirect and/or block callsShow sources
Source: submitted apkRequest permission: android.permission.PROCESS_OUTGOING_CALLS
Queries list of running processes/tasksShow sources
Source: net.vkurhandler.gn;->a:78API Call: android.app.ActivityManager.getRunningTasks
Uses Crypto APIsShow sources
Source: net.vkurhandler.gn;->a:101API Call: java.security.MessageDigest.getInstance
Source: net.vkurhandler.gn;->a:103API Call: java.security.MessageDigest.update
Source: net.vkurhandler.gn;->a:104API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: net.vkurhandler.AddDeviceActivity;->addDevice:39Field Access: android.os.Build.MODEL
Source: net.vkurhandler.AddDeviceActivity;->addDevice:42Field Access: android.os.Build.FINGERPRINT
Source: net.vkurhandler.ParentControlActivity;->a:11Field Access: android.os.Build.MODEL
Source: net.vkurhandler.RegistrationActivity;->onClickCreateAccount:71Field Access: android.os.Build.MODEL
Source: net.vkurhandler.RegistrationActivity;->onClickCreateAccount:74Field Access: android.os.Build.FINGERPRINT
Source: net.vkurhandler.SettingsActivity;->a:120Field Access: android.os.Build.MODEL
Source: net.vkurhandler.ah;->b:1986Field Access: android.os.Build.MODEL
Source: net.vkurhandler.bd;->run:23Field Access: android.os.Build.MODEL
Source: net.vkurhandler.bd;->run:26Field Access: android.os.Build.FINGERPRINT
Source: net.vkurhandler.bg;->c:72Field Access: android.os.Build.MODEL
Source: net.vkurhandler.bg;->d:690Field Access: android.os.Build.MODEL
Source: com.nll.nativelibs.callrecording.c;->a:2Field Access: android.os.Build$VERSION.RELEASE
Source: com.nll.nativelibs.callrecording.c;->a:5Field Access: android.os.Build$VERSION.RELEASE
Source: com.nll.nativelibs.callrecording.c;->g:32Field Access: android.os.Build.MODEL
Source: com.nll.nativelibs.callrecording.c;->h:36Field Access: android.os.Build.MANUFACTURER
Queries several sensitive phone informationsShow sources
Source: Lnet/vkurhandler/AddRemovePackageReceiver;->b(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;I)VMethod string: "type"
Source: Lnet/vkurhandler/ah;->a()VMethod string: "version"
Source: Lnet/vkurhandler/dh;-><clinit>()VMethod string: "phone"
Source: Lnet/vkurhandler/as;-><clinit>()VMethod string: "time"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: net.vkurhandler.Mobile;->h:161API Call: android.provider.Settings$Secure.getString

Language, Device and Operating System Detection:

barindex
Queries the device phone number (MSISDN)Show sources
Source: net.vkurhandler.CallReceiver;->b:187API Call: android.content.Intent.getStringExtra
Queries the network operator nameShow sources
Source: net.vkurhandler.Mobile;->g:137API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: net.vkurhandler.Mobile;->b:122API Call: android.telephony.TelephonyManager.getNetworkOperator
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: net.vkurhandler.Mobile;->a:117API Call: android.telephony.TelephonyManager.getSubscriberId
Source: net.vkurhandler.Mobile;->h:148API Call: android.telephony.TelephonyManager.getDeviceId

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
May check for install Android security applications (AV and firewalls)Show sources
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.drweb"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.cleanmaster.mguard"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.eset.ems2.gp"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.avast.android.mobilesecurity"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.cleanmaster.security"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.qihoo.security"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.antivirus"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.avira.android"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.qihoo.security.lite"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.antivirus.security.forandroid.scanner"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.antivirus.tablet"
Source: Lnet/vkurhandler/de;-><clinit>()VMethod string: "com.wsandroid.suite"

Stealing of Sensitive Information:

barindex
Monitors outgoing Phone callsShow sources
Source: net.vkurhandler.CallReceiverRegistered receiver: android.intent.action.NEW_OUTGOING_CALL
Reads the serial number of the deviceShow sources
Source: Lnet/vkurhandler/Mobile;->h()Ljava/lang/String;Method string: "ro.serialno"
Creates SMS data (e.g. PDU)Show sources
Source: net.vkurhandler.Sms2Receiver;->onReceive:50API Call: android.telephony.SmsManager.createFromPdu
Has an unnatural receiver priority (often indicator for malware)Show sources
Source: android.intent.action.NEW_OUTGOING_CALLUnnatural priority: 2147483647
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the call logShow sources
Source: submitted apkRequest permission: android.permission.READ_CALL_LOG
Has permission to read the default browser historyShow sources
Source: submitted apkRequest permission: com.android.browser.permission.READ_HISTORY_BOOKMARKS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
May spy on facebook databaseShow sources
Source: Lnet/vkurhandler/df;->run()VMethod string: "/data/data/com.facebook.orca/databases/threads_db2" (chat messages)
Source: Lnet/vkurhandler/df;-><init>(Landroid/content/Context;)VMethod string: "/data/data/com.facebook.orca/databases/threads_db2" (chat messages)
Source: Lnet/vkurhandler/df;-><clinit>()VMethod string: "/data/data/com.facebook.orca/databases/threads_db2.cp" (chat messages)
May spy on skype databaseShow sources
Source: Lnet/vkurhandler/dm;-><clinit>()VMethod string: "/data/data/com.skype.raider/files/%s/main.db"
May spy on viber chat VOIP dataShow sources
Source: Lnet/vkurhandler/dq;->run()VMethod string: "/data/data/com.viber.voip/databases/viber_messages"
Source: Lnet/vkurhandler/dq;-><init>(Landroid/content/Context;)VMethod string: "/data/data/com.viber.voip/databases/viber_messages"
May spy on whatsapp messagesShow sources
Source: Lnet/vkurhandler/ds;->run()VMethod string: "/data/data/com.whatsapp/databases/msgstore.db"
Source: Lnet/vkurhandler/ds;->d(Ljava/lang/String;)Ljava/lang/String;Method string: "/data/data/com.whatsapp/databases/msgstore.db"
Monitors incoming Phone callsShow sources
Source: net.vkurhandler.CallReceiverRegistered receiver: android.intent.action.PHONE_STATE
Monitors incoming SMSShow sources
Source: net.vkurhandler.Sms2ReceiverRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Parses SMS data (e.g. originating address)Show sources
Source: net.vkurhandler.Sms2Receiver;->onReceive:56API Call: android.telephony.SmsMessage.getOriginatingAddress
Queries SMS dataShow sources
Source: net.vkurhandler.fz;-><clinit>:2API Call: android.net.Uri.parse("content://sms")
Queries a list of installed applicationsShow sources
Source: net.vkurhandler.ScreenMakerAppFilter;->c:84API Call: android.content.pm.PackageManager.getInstalledApplications
Source: net.vkurhandler.gn;->o:797API Call: android.content.pm.PackageManager.getInstalledApplications
Queries browser bookmarksShow sources
Source: Lnet/vkurhandler/ah;->a()VMethod string: content://com.android.chrome.browser/bookmarks
Queries camera informationShow sources
Source: net.vkurhandler.PhotoActivity;->onCreate:66API Call: android.hardware.Camera.open
Source: net.vkurhandler.ay;->a:3API Call: android.hardware.Camera.getNumberOfCameras
Source: net.vkurhandler.ay;->a:4API Call: android.hardware.Camera.open
Source: net.vkurhandler.ay;->a:5API Call: android.hardware.Camera.getCameraInfo
Source: net.vkurhandler.ay;->a:6API Call: android.hardware.Camera.open
Source: net.vkurhandler.cz;->a:35API Call: android.hardware.Camera.open
Source: net.vkurhandler.ga;->a:2API Call: android.hardware.Camera.open
Queries phone contact informationShow sources
Source: net.vkurhandler.al;->a:12API Call: android.content.ContentResolver.query content://com.android.contacts/data/phones
Source: net.vkurhandler.al;->a:82API Call: android.content.ContentResolver.query content://com.android.contacts/data/phones
Source: net.vkurhandler.MyApp;->y:48Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: net.vkurhandler.ah;->b:1942Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: net.vkurhandler.al;->a:10Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: net.vkurhandler.al;->a:81Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: net.vkurhandler.gn;->a:87Field access: android.provider.ContactsContract$PhoneLookup.CONTENT_FILTER_URI
Reads the incoming call numberShow sources
Source: net.vkurhandler.CallReceiver;->a:11API Call: android.content.Intent.getStringExtra
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Remote Access Functionality:

barindex
Found suspicious command strings (may be related to BOT commands)Show sources
Source: Lnet/vkurhandler/gn;->b(Ljava/lang/String;Ljava/lang/String;)VMethod string: "utils->sendsms"
Source: Lnet/vkurhandler/SettingsActivity;->i()VMethod string: "change_sim_send_sms"
Source: Lcom/nll/nativelibs/callrecording/a;->startRecording()VMethod string: "start recording"
Source: Lnet/vkurhandler/gn;->b(Ljava/lang/String;Ljava/lang/String;)VInstruction: "const-string v1, "utils->sendsms""
Source: Lnet/vkurhandler/SettingsActivity;->i()VInstruction: "const-string v2, "change_sim_send_sms""
Source: Lcom/nll/nativelibs/callrecording/a;->startRecording()VInstruction: "const-string v1, "start recording""
Has permission to mount or unmount file systems (removable storage)Show sources
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.