Loading ...

Analysis Report FaTCBy8Mfj

Overview

General Information

Joe Sandbox Version:26.0.0
Analysis ID:792716
Start date:20.02.2019
Start time:15:17:47
Joe Sandbox Product:Cloud
Overall analysis duration:0h 7m 25s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:FaTCBy8Mfj
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 7.1 Nougat
APK Instrumentation enabled:true
Detection:MAL
Classification:mal84.rans.troj.spyw.expl.evad.and@0/253@4/0
Warnings:
Show All
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold840 - 100Report FP / FNfalsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.JIhQhoCX;->oooooooooooooooooo:31API Call: android.location.Location.getLatitude
Source: com.lvqvtnzlhs.oxhldsfx.JIhQhoCX;->oooooooooooooooooo:33API Call: android.location.Location.getLongitude
Source: com.lvqvtnzlhs.oxhldsfx.uUpYzGoaZU;->oooooooooooooooooo:32API Call: android.location.Location.getLatitude
Source: com.lvqvtnzlhs.oxhldsfx.uUpYzGoaZU;->oooooooooooooooooo:34API Call: android.location.Location.getLongitude

Privilege Escalation:

barindex
Checks if the device administrator is activeShow sources
Source: com.lvqvtnzlhs.oxhldsfx.JfCAGAxFdH;->onHandleIntent:125API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->ooooooooooooooooo:88API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.lvqvtnzlhs.oxhldsfx.wQSmFQgfLSh;->onHandleIntent:58API Call: android.app.admin.DevicePolicyManager.isAdminActive
Tries to add a new device administratorShow sources
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.oooooooooooooooooo.oooooooooooooooooo;->onCreate:11API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.lvqvtnzlhs.oxhldsfx.TPGzdFM;->onHandleIntent:36API Call: android.os.Environment.getExternalStorageDirectory
Source: com.lvqvtnzlhs.oxhldsfx.WEBnQpP;->onHandleIntent:88API Call: android.os.Environment.getExternalStorageDirectory
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:517API Call: android.os.Environment.getExternalStorageState
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:525API Call: android.os.Environment.getExternalStorageState
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:529API Call: android.os.Environment.getExternalStorageDirectory
Source: com.lvqvtnzlhs.oxhldsfx.pzdBoOj;->onHandleIntent:35API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0oooooooooooooooooooo:207API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooo:312API Call: android.net.NetworkInfo.isConnected
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0oooooooooooooooo:315API Call: android.net.NetworkInfo.isConnected
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.74
Opens an internet connectionShow sources
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.ooooooooooooooooo$ooooooooooooooooo;->ooooooooooooooooo:6API Call: java.net.URL.openConnection (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.AOfQyHmXIY$ooooooooooooooooo;->ooooooooooooooooo:15API Call: java.net.URL.openConnection (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo$ooooooooooooooooo;->ooooooooooooooooo:9API Call: java.net.URL.openConnection (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:687API Call: java.net.URL.openConnection (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:848API Call: java.net.URL.openConnection (not executed)
Downloads compressed data via HTTPShow sources
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 20 Feb 2019 14:21:17 GMTServer: Apache/2.4.25 (Debian)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 316Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 15 91 c1 8e 84 20 0c 40 3f 69 1d d4 db ec 26 4e 50 e3 24 2d d1 60 48 7b db 38 89 88 70 db 44 e5 eb b7 9e e0 40 1f ef c1 f3 ef 77 fd c1 34 56 10 da 1a 6c 53 61 e8 3c eb 55 71 f8 44 cc f3 c1 81 4a c8 d3 4e f9 b5 91 1a 2f 4a 6d 81 76 bd 38 c9 3e c3 41 a9 f3 90 97 8c fd a8 38 0d a5 71 ed 61 1c 14 ac e3 4e a1 55 64 e7 c3 e8 b5 82 bc d7 98 87 82 94 b0 42 f3 a0 8c 1b 5a 3a d9 d2 45 ae db 31 4d 9e f2 67 e7 7e 4a ec c6 0c d9 47 92 d5 f4 e3 79 7b a0 6d 2f b4 73 c9 16 03 a5 41 bc 16 61 75 1b 07 b8 d8 41 cd 76 2d c9 be 3d 3a 3a 21 77 81 ac 8f c6 8d c2 1f 0a 71 92 bb f7 12 34 7a d0 bc 73 9a 2b 39 77 98 7e 50 ac 9b 9a 13 6f e2 7f 41 1a 4f 08 37 e7 15 c8 0d b5 78 56 d2 28 ec 46 9a 86 42 e6 2e d0 77 6f 8c e0 d8 a3 a2 82 6d 7b 40 0f b5 d1 8b b4 2e a5 b1 90 d1 2e 0f d4 53 c2 d4 9
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 20 Feb 2019 14:21:39 GMTServer: Apache/2.4.25 (Debian)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 135Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 15 8d c1 0a c2 30 10 05 3f c9 36 c5 5b 2b 54 c4 60 e1 25 b4 24 86 dd 9b a7 84 c4 dc 84 d6 fd 7a e3 6d 18 06 66 fc bc e2 c5 e4 a5 40 b6 84 1c cf 46 b6 62 35 7a c8 b3 18 fd 10 76 d4 f8 5a 29 43 48 e6 81 eb 3d 41 fb 81 5d 7a 93 f2 07 05 ff 45 5e 05 1a 1d 87 e6 35 29 7b 2b 9d 75 a9 92 5b 15 bb 59 91 5a 0a 49 3c d0 7a 84 75 e7 1c 7b b3 4f d3 78 fa df 7f f5 91 b1 e2 83 00 00 00 Data Ascii: 0?6[+T`%$zmf@Fb5zvZ)CH=A]zE^5){+u[YZI<zu{Ox
Found strings which match to known social media urlsShow sources
Source: yzvjwnya.dex.drString found in binary or memory: )com.imo.android.imoim,com.twitter.android equals www.twitter.com (Twitter)
Source: yzvjwnya.dex.drString found in binary or memory: =com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: AndroidManifest.xmlString found in binary or memory: Facebook Service com.lvqvtnzlhs.oxhldsfx.MCwPpBxW-android.permission.BIND_ACCESSIBILITY_SERVICE1android.accessibilityservice.AccessibilityService equals www.facebook.com (Facebook)
Source: AndroidManifest.xmlString found in binary or memory: Facebook Update equals www.facebook.com (Facebook)
Source: yzvjwnya.dex.drString found in binary or memory: com.imb.banking2,)com.imo.android.imoim,com.twitter.android=com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: com.imo.android.imoim,com.twitter.android equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: com.imo.android.imoim,com.twitter.android,com.android.vending equals www.twitter.com (Twitter)
Source: yzvjwnya.dex.drString found in binary or memory: com.vkontakte.android equals www.vkontakte.ru (VKontakte)
Source: yzvjwnya.dex.drString found in binary or memory: com.vkontakte.android, equals www.vkontakte.ru (VKontakte)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: keagfkueghifubykctfikusbkycbrubcsury3r4wfwrf.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /o1o/a16.php HTTP/1.1Content-Length: 0Content-Type: application/x-www-form-urlencodedUser-Agent: Dalvik/2.1.0 (Linux; U; Android 7.1.2; VirtualBox Build/N2G48H)Host: blackleaf.topConnection: Keep-AliveAccept-Encoding: gzip
Urls found in memory or binary dataShow sources
Source: zdsmojmtekmo.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: yzvjwnya.dex.dr, androidString found in binary or memory: https://support.google.com/calendar/answer/6261951?hl=en&co=GENIE.Platform=Android
Uses HTTP for connecting to the internetShow sources
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.ooooooooooooooooo$ooooooooooooooooo;->ooooooooooooooooo:25API Call: java.net.HttpURLConnection.connect
Source: com.lvqvtnzlhs.oxhldsfx.AOfQyHmXIY$ooooooooooooooooo;->ooooooooooooooooo:17API Call: java.net.HttpURLConnection.connect
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo$ooooooooooooooooo;->ooooooooooooooooo:14API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50932
Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51086 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51086
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to record audio in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Records audio/mediaShow sources
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.csytvmtdn.XYLGLvBzP;->ooooooooooooooooo:71API Call: android.media.MediaRecorder.start
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.csytvmtdn.qYPiGEPgaPCj;->ooooooooooooooooo:78API Call: android.media.MediaRecorder.start
Accesses the audio/media managersShow sources
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.csytvmtdn.XYLGLvBzP;->ooooooooooooooooo:60API Call: android.media.MediaRecorder.<init>
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.csytvmtdn.qYPiGEPgaPCj;->ooooooooooooooooo:66API Call: android.media.MediaRecorder.<init>

E-Banking Fraud:

barindex
Detected Anubis BankBot ransomware / banking trojanShow sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/MCwPpBxW;->onAccessibilityEvent(Landroid/view/accessibility/AccessibilityEvent;)VMethod string: |(FOCUSED)|
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/lhtystfx/qgJqYzDEjWj;->onHandleIntent(Landroid/content/Intent;)VMethod string: |Ended balance, SMS spam stopped!|
Source: Lcom/lvqvtnzlhs/oxhldsfx/gzyumyihyqk/HSndaCHNXWIB;->onCreate(Landroid/os/Bundle;)VMethod string: htmllocker
Found large list of e-Banking application (likely related to e-Banking fraud)Show sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.spardat.bcrmobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.spardat.netbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankaustria.android.olb
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bmo.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.cibc.android.mobi
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbc.mobile.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.scotiabank.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.td
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: cz.airbank.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: eu.inmite.prj.kb.mobilbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankinter.launcher
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.kutxabank.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rsi
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.tecnocom.cajalaboral
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: es.bancopopular.nbmpopular
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: es.evobanco.bancamovil
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: es.lacaixa.mobile.android.newwapicon
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.dbs.hk.dbsmbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.FubonMobileClient
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.hangseng.rbmobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.MobileTreeApp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.mtel.androidbea
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.scb.breezebanking.hk
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: hk.com.hsbc.hsbchkmobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.aff.otpdirekt
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ideomobile.hapoalim
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.infrasofttech.indianBank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.mobikwik_new
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.oxigen.oxigenwallet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.aeonbank.android.passbook
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.netbk
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.rakuten_bank.rakutenbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.sevenbank.AppPassbook
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: jp.co.smbc.direct
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: jp.mufg.bk.applisp.app
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.barclays.ke.mobile.android.ui
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.anz.android.mobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.asb.asbmobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.bnz.droidbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.kiwibank.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.getingroup.mobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.pekao.firm
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.pekao
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.raiffeisen
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.bzwbk24
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ipko.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.mbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: alior.bankingapp.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.comarch.mobile.banking.bgzbnpparibas.biznes
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.comarch.security.mobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.empik.empikapp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.empik.empikfoto
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.finanteq.finance.ca
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.orangefinansek
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: eu.eleader.mobilebanking.invest
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.aliorbank.aib
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.allegro
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bosbank.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bph
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bps.bankowoscmobilna
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.ibiznes24
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.bzwbk.mobile.tab.bzwbk24
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ceneo
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.com.rossmann.centauros
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.fmbank.smart
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ideabank.mobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.ing.mojeing
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.millennium.corpApp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.orange.mojeorange
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.pkobp.iko
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: pl.pkobp.ipkobiznes
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.kuveytturk.mobil
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.magiclick.odeabank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.mobillium.papara
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.albarakaturk
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.teb
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ccom.tmob.denizbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.tmob.tabletdeniz
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.vakifbank.mobilel
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: tr.com.sekerbilisim.mbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: wit.android.bcpBankingApp.millenniumPL
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.advantage.RaiffeisenBank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: hr.asseco.android.jimba.mUCI.ro
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: may.maybank.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ro.btrl.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.amazon.mShop.android.shopping
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.amazon.windowshop
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ebay.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbankmobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.spasibo
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank_sbbol
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.mobileoffice
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.sberbank.sberbankir
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.mobile.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.oavdo.amc
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: by.st.alfa
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfabank.sense
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.alfadirect.app
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.mw
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.idamob.tinkoff.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tcsbank.c2c
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.mgp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.sme
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.tinkoff.goabroad
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.vtb24.mobilebanking.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: ru.bm.mbm
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.vtb.mobilebank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bssys.VTBClient
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bssys.vtb.mobileclient
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt_tablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.softotp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.akbank.android.apps.akbank_direkt_tablet_20
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.fragment.akbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.android.mobilonay
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.avm
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ykb.androidtablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.veripark.ykbaz
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.softtech.iscek
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.yurtdisi.iscep
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.softtech.isbankasi
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.monitise.isbankmoscow
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.finansbank.mobile.cepsube
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: finansbank.enpara
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.magiclick.FinansPOS
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksdata.finansyatirim
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: finansbank.enpara.sirketim
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.vipera.ts.starter.QNB
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.redrockdigimark
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.garanti.cepsubesi
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.garanti.cepbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.garantibank.cepsubesiro
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: biz.mobinex.android.apps.cep_sifrematik
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.garantiyatirim.fx
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.tmobtech.halkbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.SifrebazCep
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: eu.newfrontier.iBanking.mobile.Halk.Retail
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: tr.com.tradesoft.tradingsystem.gtpmobile.halk
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.DijitalSahne.EnYakinHalkbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ziraat.ziraatmobil
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ziraat.ziraattablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksmobile.android.ziraatTrader
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.matriksdata.ziraatyatirim.pad
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.comdirect.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.commerzbanking.mobil
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.consorsbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.db.mm.deutschebank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.dkb.portalapp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.de.dkb.portalapp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ing.diba.mbbr2
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.postbank.finanzassistent
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: mobile.santander.de
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.fiducia.smartphone.android.banking.vr
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: fr.creditagricole.androidapp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: fr.axa.monaxa
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: fr.banquepopulaire.cyberplus
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: net.bnpparibas.mescomptes
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.boursorama.android.clients
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.caisseepargne.android.mobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: fr.lcl.android.customerarea
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.paypal.android.p2pmobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.wf.wellsfargomobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.wf.wellsfargomobile.tablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.wellsFargo.ceomobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.usbank.mobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.usaa.mobile.android.usaa
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.suntrust.mobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.moneybookers.skrillpayments.neteller
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.moneybookers.skrillpayments
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.clairmail.fth
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.konylabs.capitalone
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.yinzcam.facilities.verizon
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.chase.sig.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.infonow.bofa
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankofamerica.cashpromobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.bankofscotland.businessbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.BOS
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwestoffshore
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwest
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.natwestbandc
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.investisir
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.phyder.engage
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.rbs
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.rbsbandc
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.santander.santanderUK
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: uk.co.santander.businessUK.bb
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.sovereign.santander
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ifs.banking.fiid4202
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.fi6122.godough
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.rbs.mobile.android.ubr
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.htsu.hsbcpersonalbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.halifax
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.grppl.android.shell.CMBlloydsTSB73
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.barclays.android.barclaysmobilebanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.unionbank.ecommerce.mobile.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.unionbank.ecommerce.mobile.commercial.legacy
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.snapwork.IDBI
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.idbibank.abhay_card
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: src.com.idbi
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.idbi.mpassbook
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.ing.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.snapwork.hdfc
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.sbi.SBIFreedomPlus
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: hdfcbank.hdfcquickbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.csam.icici.bank.imobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: in.co.bankofbaroda.mpassbook
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.axis.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: cz.csob.smartbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: cz.sberbankcz
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: sk.sporoapps.accounts
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: sk.sporoapps.skener
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.cleverlance.csas.servis24
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: org.westpac.bank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: nz.co.westpac
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.suncorp.SuncorpBank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: org.stgeorge.bank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: org.banksa.bank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.newcastlepermanent
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.nab.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.mebank.banking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.ingdirect.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: MyING.be
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.imb.banking2
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.fusion.ATMLocator
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.cua.mb
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.commbank.netbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.cba.android.netbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.citibank.mobile.au
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.citibank.mobile.uk
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.citi.citimobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: org.bom.bank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bendigobank.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: me.doubledutch.hvdnz.cbnationalconference2016
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: au.com.bankwest.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankofqueensland.boq
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.android.gomoney
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.anz.SingaporeDigitalBanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.anzspot.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.crowdcompass.appSQ0QACAcYJ
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.arubanetworks.atmanz
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.quickmobile.anzirevents15
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.volksbank.volksbankmobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: it.volksbank.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: it.secservizi.mobile.atime.bpaa
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.fiducia.smartphone.android.securego.vr
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.isis_papyrus.raiffeisen_pay_eyewdg
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.mbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.tablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.easybank.securityapp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.bawag.mbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bawagpsk.securityapp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: at.psa.app.bawag
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.iscep
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.vakifbank.mobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.pozitron.vakifbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sfinanzstatus
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.mobile.android.pushtan
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.entersekt.authapp.sparkasse
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sfinanzstatus.tablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.starfinanz.smob.android.sbanking
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.palatine.android.mobilebanking.prod
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: fr.laposte.lapostemobile
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: fr.laposte.lapostetablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.bad
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.epasal
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod_tablet.bad
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.cm_prod.nosactus
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: mobi.societegenerale.mobile.lappli
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.netcash
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.bbvacontigo
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bbva.bbvawallet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: es.bancosantander.apps
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.santander.app
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: es.cm.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: es.cm.android.tablet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bankia.wallet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.btcturk
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.tmob.denizbank
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.binance.dev
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.binance.odapplications
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.blockfolio.blockfolio
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.crypter.cryptocyrrency
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: io.getdelta.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.edsoftapps.mycoinsvalue
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.coin.profit
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.mal.saul.coinmarketcap
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.tnx.apps.coinportfolio
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.coinbase.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.portfolio.coinbase_tracker
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: de.schildbach.wallet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: piuk.blockchain.android
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: info.blockchain.merchant
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.jackpf.blockchainsearch
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.unocoin.unocoinwallet
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.unocoin.unocoinmerchantPoS
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.santoshmehta364.UNOCOIN_LIVE
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: wos.com.zebpay
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.localbitcoinsmbapp
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.manirana54.LocalBitCoins
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.thunkable.android.manirana54.LocalBitCoins_unblock
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.localbitcoins.exchange
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.coins.bit.local
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.coins.ful.bit
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.jamalabbasii1998.localbitcoin
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: zebpay.Application
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.bitcoin.ss.zebpayindia
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: com.kryptokit.jaxx
Contains package name strings related to banking (usually for identifying banking APKs)Show sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;->ooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method String: at.spardat.netbanking, com.bankaustria.android.olb, com.scotiabank.mobile, cz.airbank.android, eu.inmite.prj.kb.mobilbank, com.bankinter.launcher, com.kutxabank.android, com.dbs.hk.dbsmbanking, com.scb.breezebanking.hk, hk.com.hsbc.hsbchkmobilebanking, jp.co.aeonbank.android.passbook, jp.co.rakuten_bank.rakutenbank, jp.co.sevenbank.AppPassbook, nz.co.anz.android.mobilebanking, nz.co.bnz.droidbanking, nz.co.kiwibank.mobile, com.getingroup.mobilebanking, eu.eleader.mobilebanking.pekao.firm, eu.eleader.mobilebanking.pekao, eu.eleader.mobilebanking.raiffeisen, com.comarch.mobile.banking.bgzbnpparibas.biznes, com.comarch.security.mobilebanking, eu.eleader.mobilebanking.invest, pl.aliorbank.aib, pl.bosbank.mobile, pl.bps.bankowoscmobilna, pl.fmbank.smart, pl.ideabank.mobilebanking, com.magiclick.odeabank, com.vakifbank.mobilel, tr.com.sekerbilisim.mbank, ru.rosbank.android, ru.simpls.brs2.mobbank, may.maybank.android, ru.sberbank.spasibo, ru.sberbank.mobileoffice, ru.sberbank.sberbankir, ru.alfabank.mobile.android,
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
May check for popular installed appsShow sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/MCwPpBxW$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/lvqvtnzlhs/oxhldsfx/MCwPpBxW$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/lvqvtnzlhs/oxhldsfx/MCwPpBxW$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android,com.android.vending"
May query for the most recent running application (usually for UI overlaying)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooogetRunningTasks and getPackageName invocations in same method: com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooo:8, com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooo:13
Source: com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooogetRunningTasks and getPackageName invocations in same method: com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooo:8, com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooo:13

Spam, unwanted Advertisements and Ransom Demands:

barindex
Tries to disable the administrator userShow sources
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.oooooooooooooooooo.oooooooooooooooooo;->onCreate:25API Call: android.app.admin.DevicePolicyManager.removeActiveAdmin
Dials phone numbersShow sources
Source: com.lvqvtnzlhs.oxhldsfx.gzyumyihyqk.dTFdFp;->onCreate:21API Call: com.lvqvtnzlhs.oxhldsfx.gzyumyihyqk.dTFdFp.startActivity
Has permission to perform phone calls in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
Has permission to write to the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.WRITE_SMS
May check for popular installed appsShow sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/MCwPpBxW$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/lvqvtnzlhs/oxhldsfx/MCwPpBxW$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android"
Source: Lcom/lvqvtnzlhs/oxhldsfx/MCwPpBxW$1;->run()VMethod string: "com.imo.android.imoim,com.twitter.android,com.android.vending"
Sends SMS using SmsManagerShow sources
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1874API Call: android.telephony.SmsManager.sendMultipartTextMessage

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: com.lvqvtnzlhs.oxhldsfx.TPGzdFM;->oooooooooooooooooo:238API Calls in same method context: File.listFiles,File.delete
Source: com.lvqvtnzlhs.oxhldsfx.TPGzdFM;->ooooooooooooooooo:186API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: yzvjwnya.dex.drString found in binary or memory: Landroid/app/KeyguardManager;
Source: yzvjwnya.dex.drString found in binary or memory: Landroid/app/KeyguardManager;"Landroid/app/Notification$Builder;
Source: yzvjwnya.dex.drString found in binary or memory: inKeyguardRestrictedInputMode
Source: yzvjwnya.dex.drString found in binary or memory: keyguard
Source: yzvjwnya.dex.drString found in binary or memory: keyguardkeylogger
Acquires a wake lockShow sources
Source: com.lvqvtnzlhs.oxhldsfx.JfCAGAxFdH;->onHandleIntent:38API Call: android.os.PowerManager$WakeLock.acquire
Mutes ringtone soundShow sources
Source: com.lvqvtnzlhs.oxhldsfx.gzyumyihyqk.dTFdFp;->onCreate:24API Call: android.media.AudioManager.setRingerMode("0")
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->o0ooooooooooooooooooooo:310API Call: android.media.AudioManager.setRingerMode("0")
Sets a repeating alarmShow sources
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:214API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Requests permissions only permitted to signed APKsShow sources
Source: submitted apkRequest permission: android.permission.PACKAGE_USAGE_STATS
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.CALL_PHONE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_SMS
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SMS
Classification labelShow sources
Source: classification engineClassification label: mal84.rans.troj.spyw.expl.evad.and@0/253@4/0
Reads shares settingsShow sources
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooooo:2243API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.oltZRq;->onCreate:12API Call: android.hardware.SensorManager.registerListener
Source: com.lvqvtnzlhs.oxhldsfx.oltZRq;->onSensorChanged:17API Call: android.hardware.SensorManager.registerListener
Source: com.lvqvtnzlhs.oxhldsfx.oltZRq;->onSensorChanged:20API Call: android.hardware.SensorManager.registerListener
Source: com.lvqvtnzlhs.oxhldsfx.oltZRq;->onStartCommand:30API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Accesses Class Loader via ReflectionShow sources
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Reflective call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Accesses FileOutputStream via ReflectionShow sources
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Reflective call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException
Found very long method stringsShow sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;-><clinit>()VMethod string: [az]Eri\u015fimi aktivl\u0259\u015fdirin::[sq]Aktivizo aksesin p\u00ebr::[am]\u1218\u12f3\u1228\u123b \u1208 \u12eb\u1295\u1241::[en]Enable access for::[ar]\u062a\u0645\u0643\u064a\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0640\u0649::[hy]\u0544\ Length: 6244
Obfuscates method namesShow sources
Source: FaTCBy8MfjTotal valid method names: 9%
Uses reflectionShow sources
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class com.fxmeaspd.rolpsc.euPcaoFS
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public android.content.Context android.content.ContextWrapper.getBaseContext()
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class android.app.ContextImpl
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.io.File android.app.ContextImpl.getDir(java.lang.String,int)
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.io.File
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.String java.io.File.getAbsolutePath()
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public android.content.res.AssetManager android.content.ContextWrapper.getAssets()
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public final android.content.res.AssetFileDescriptor android.content.res.AssetManager.openNonAssetFd(java.lang.String) throws java.io.IOException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public java.io.FileInputStream android.content.res.AssetFileDescriptor.createInputStream() throws java.io.IOException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.PgYzXRXxG;->tCjIUVMpAuZT:92API Call: Real call: public static void java.lang.System.arraycopy(byte[],int,byte[],int,int)
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public int android.content.res.AssetFileDescriptor$AutoCloseInputStream.read(byte[]) throws java.io.IOException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public java.lang.reflect.Constructor java.lang.Class.getConstructor(java.lang.Class[]) throws java.lang.NoSuchMethodException,java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:878API Call: Real call: public void java.io.FileOutputStream.write(byte[]) throws java.io.IOException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:818API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.reflect.Constructor java.lang.Class.getConstructor(java.lang.Class[]) throws java.lang.NoSuchMethodException,java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Constructor
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:384API Call: Real call: public static final java.lang.Boolean java.lang.Boolean.TRUE
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Field
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean) throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:493API Call: Real call: final android.app.LoadedApk android.app.ContextImpl.mPackageInfo
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Field
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean) throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Field
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.reflect.Constructor java.lang.Class.getConstructor(java.lang.Class[]) throws java.lang.NoSuchMethodException,java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Constructor
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.io.File
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public boolean java.io.File.delete()
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Constructor
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.Object java.lang.reflect.Constructor.newInstance(java.lang.Object[]) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.IllegalArgumentException,java.lang.reflect.InvocationTargetException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.io.File
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public boolean java.io.File.delete()
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class dalvik.system.DexClassLoader
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class android.app.Instrumentation
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public static android.app.Application android.app.Instrumentation.newApplication(java.lang.Class,android.content.Context) throws java.lang.InstantiationException,java.lang.IllegalAccessException,java.lang.ClassNotFoundException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Field
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->mCDsJosm:697API Call: Real call: final android.app.LoadedApk android.app.ContextImpl.mPackageInfo
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.Class
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Field
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean) throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class java.lang.reflect.Field
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: class com.lvqvtnzlhs.oxhldsfx.HBhavOtJQrF
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:768API Call: Real call: public java.lang.reflect.Method[] java.lang.Class.getMethods() throws java.lang.SecurityException
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:874API Call: Real call: public void com.lvqvtnzlhs.oxhldsfx.HBhavOtJQrF.onCreate()
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:423API Call: java.lang.reflect.Method.invoke
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:465API Call: java.lang.reflect.Method.invoke
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:500API Call: java.lang.reflect.Method.invoke
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:815API Call: java.lang.reflect.Method.invoke
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:498API Call: java.lang.reflect.Field.get

Persistence and Installation Behavior:

barindex
Creates filesShow sources
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->ooooooooooooooooo:455API Call: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW.openFileOutput
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->oooooooooooooooooo:511API Call: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW.openFileOutput
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->oooooooooooooooooo:1879API Call: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI.openFileOutput

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.JfCAGAxFdH;->onHandleIntent:37API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.qnhlyoucumra.fjEWiwqhAX;->ooooooooooooooooo:8API Call: android.content.Context.startService (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.qnhlyoucumra.fjEWiwqhAX;->ooooooooooooooooo:30API Call: android.content.Context.startService (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.qnhlyoucumra.fjEWiwqhAX;->oooooooooooooooooo:56API Call: android.content.Context.startService (not executed)

Hooking and other Techniques for Hiding and Protection:

barindex
Potential hidden JAR / DEX file creation routine findShow sources
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->ePGHOnEW:127API Call: java.lang.String.<init> /yzvjwnya.jar
Potential hidden file creation routine findShow sources
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:960API Call: java.lang.String.<init> java.io.FileOutputStream
Protects itself from removalShow sources
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:310API Calls in same method context: AccessibilityNodeInfo.findAccessibilityNodeInfosByText,AccessibilityEvent.getPackageName
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Queries list of running processes/tasksShow sources
Source: com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooo:8API Call: android.app.ActivityManager.getRunningTasks
Source: com.lvqvtnzlhs.oxhldsfx.mxlVyxiVkK;->oooooooooooooooooo:17API Call: android.app.ActivityManager.getRunningAppProcesses

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->ooooooooooooooooo:50Field Access: android.os.Build$VERSION.RELEASE
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->ooooooooooooooooo:52Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->ooooooooooooooooo:56Field Access: android.os.Build.PRODUCT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:330Field Access: android.os.Build.BOARD
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:333Field Access: android.os.Build.BRAND
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:336Field Access: android.os.Build.CPU_ABI
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:339Field Access: android.os.Build.DEVICE
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:342Field Access: android.os.Build.DISPLAY
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:345Field Access: android.os.Build.HOST
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:348Field Access: android.os.Build.ID
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:351Field Access: android.os.Build.MANUFACTURER
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:354Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:357Field Access: android.os.Build.PRODUCT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:360Field Access: android.os.Build.TAGS
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:363Field Access: android.os.Build.TYPE
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:366Field Access: android.os.Build.USER
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1756Field Access: android.os.Build.FINGERPRINT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1761Field Access: android.os.Build.FINGERPRINT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1766Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1771Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1776Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1781Field Access: android.os.Build.MANUFACTURER
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1786Field Access: android.os.Build.BRAND
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1791Field Access: android.os.Build.DEVICE
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oooooooooooooooooo:1799Field Access: android.os.Build.PRODUCT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1875Field Access: android.os.Build.PRODUCT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1878Field Access: android.os.Build.PRODUCT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1883Field Access: android.os.Build.PRODUCT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1888Field Access: android.os.Build.PRODUCT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1893Field Access: android.os.Build.MANUFACTURER
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1898Field Access: android.os.Build.MANUFACTURER
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1903Field Access: android.os.Build.BRAND
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1908Field Access: android.os.Build.BRAND
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1913Field Access: android.os.Build.DEVICE
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1918Field Access: android.os.Build.DEVICE
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1923Field Access: android.os.Build.DEVICE
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1928Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1931Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1936Field Access: android.os.Build.MODEL
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1951Field Access: android.os.Build.FINGERPRINT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1956Field Access: android.os.Build.FINGERPRINT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1961Field Access: android.os.Build.FINGERPRINT
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1966Field Access: android.os.Build.FINGERPRINT
Queries several sensitive phone informationsShow sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/ooooooooooooooooo/ooooooooooooooooooo;-><init>(I)VMethod string: "cpu"
Source: Lcom/lvqvtnzlhs/oxhldsfx/oooooooooooooooooo;->oo0oooooooooooooooooo(Landroid/content/Context;)Ljava/lang/String;Method string: "phone"
Source: Lcom/lvqvtnzlhs/oxhldsfx/oooooooooooooooooo;->ooooooooooooooooooo()ZMethod string: "sdk"
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/csytvmtdn/XYLGLvBzP;->onHandleIntent(Landroid/content/Intent;)VMethod string: "time"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0ooooooooooooooooooo:325API Call: android.provider.Settings$Secure.getString

Anti Debugging:

barindex
Access the class loader (often done to load a new code)Show sources
Source: com.fxmeaspd.rolpsc.pdOzNQxtY;->tCjIUVMpAuZT:370API Call: java.lang.Class.getDeclaredField("mClassLoader")
Source: Lcom/fxmeaspd/rolpsc/pdOzNQxtY;->tCjIUVMpAuZT(Ljava/lang/Object;ILjava/lang/Object;)VMethod string: "mClassLoader"
Source: Lcom/fxmeaspd/rolpsc/pdOzNQxtY;->tCjIUVMpAuZT(Ljava/lang/Class;IFLjava/lang/String;)Ljava/lang/reflect/Field;Method string: "mClassLoader"

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:416API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:420API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:455API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:459API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:490API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:494API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:805API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooo:809API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Queries the network operator ISO country codeShow sources
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->ooooooooooooooooo:62API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->oo0oooooooooooooooooo:321API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->ooooooooooooooooo:70API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.TRqkOhVAI;->ooooooooooooooooo:75API Call: android.telephony.TelephonyManager.getLine1Number

Stealing of Sensitive Information:

barindex
Uses accessibility services (likely to control other applications)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:139API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:144API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:170API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:196API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:215API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:230API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:246API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:256API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:266API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Source: com.lvqvtnzlhs.oxhldsfx.MCwPpBxW;->onAccessibilityEvent:272API Call: android.view.accessibility.AccessibilityNodeInfo.findAccessibilityNodeInfosByText
Creates SMS data (e.g. PDU)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.qnhlyoucumra.fjEWiwqhAX;->oooooooooooooooooo:44API Call: android.telephony.SmsMessage.createFromPdu
Has permission to read contactsShow sources
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Has permission to read the SMS storageShow sources
Source: submitted apkRequest permission: android.permission.READ_SMS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Monitors incoming SMSShow sources
Source: com.lvqvtnzlhs.oxhldsfx.qnhlyoucumra.fjEWiwqhAXRegistered receiver: android.provider.Telephony.SMS_RECEIVED
Queries SMS dataShow sources
Source: com.lvqvtnzlhs.oxhldsfx.GXoBCDkEUxE;->ooooooooooooooooooo:4API Call: android.net.Uri.parse("content://sms/inbox")
Source: com.lvqvtnzlhs.oxhldsfx.GXoBCDkEUxE;->oooooooooooooooooo:55API Call: android.net.Uri.parse("content://sms/sent")
Queries a list of installed applicationsShow sources
Source: com.lvqvtnzlhs.oxhldsfx.ooooooooooooooooo;->ooooooooooooooooo:174API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.lvqvtnzlhs.oxhldsfx.oooooooooooooooooo;->ooooooooooooooooooo:1822API Call: android.content.pm.PackageManager.getInstalledApplications
Queries phone contact informationShow sources
Source: com.lvqvtnzlhs.oxhldsfx.gzyumyihyqk.AyeNQX;->ooooooooooooooooo:25Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Source: com.lvqvtnzlhs.oxhldsfx.gzyumyihyqk.AyeNQX;->ooooooooooooooooo:85Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Redirects camera/video feedShow sources
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.csytvmtdn.XYLGLvBzP;->ooooooooooooooooo:67API Call: android.media.MediaRecorder.setOutputFile
Source: com.lvqvtnzlhs.oxhldsfx.urmdgwxty.csytvmtdn.qYPiGEPgaPCj;->ooooooooooooooooo:74API Call: android.media.MediaRecorder.setOutputFile
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Remote Access Functionality:

barindex
Found parser code for incoming SMS (may be used to act on incoming SMS, BOT)Show sources
Source: com.lvqvtnzlhs.oxhldsfx.qnhlyoucumra.fjEWiwqhAX;->ooooooooooooooooo:32API Call: java.lang.String.equals android.provider.Telephony.SMS_RECEIVED
Found suspicious command strings (may be related to BOT commands)Show sources
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/csytvmtdn/qYPiGEPgaPCj$1;->run()VMethod string: "stop record sound"
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/lhtystfx/qgJqYzDEjWj;->onHandleIntent(Landroid/content/Intent;)VMethod string: "sendsms"
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;-><init>()VMethod string: "android.permission.send_sms"
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/csytvmtdn/qYPiGEPgaPCj;->ooooooooooooooooo(Landroid/content/Context;Ljava/lang/String;I)VMethod string: "start record sound"
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/csytvmtdn/qYPiGEPgaPCj$1;->run()VInstruction: "const-string v3, "stop record sound""
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/lhtystfx/qgJqYzDEjWj;->onHandleIntent(Landroid/content/Intent;)VInstruction: "const-string v0, "sendsms""
Source: Lcom/lvqvtnzlhs/oxhldsfx/ooooooooooooooooo;-><init>()VInstruction: "const-string v1, "android.permission.send_sms""
Source: Lcom/lvqvtnzlhs/oxhldsfx/urmdgwxty/csytvmtdn/qYPiGEPgaPCj;->ooooooooooooooooo(Landroid/content/Context;Ljava/lang/String;I)VInstruction: "const-string v2, "start record sound""

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.