Source: com.lib;->sendPost:3171 | API Call: java.net.URL.openConnection("http://ora.studiolegalebasili.com/gate_cb8a5aea1ab302f0_c") |
Source: com.lib;->sendPost:3171 | API Call: java.net.URL.openConnection("http://ora.carlaarrabitoarchitetto.com/gate_cb8a5aea1ab302f0_c") |
Source: com.lib;->downloadFile:1682 | API Call: java.net.URL.openConnection (not executed) |
Source: unknown | TCP traffic detected without corresponding DNS query: 172.217.18.100 |
Source: unknown | TCP traffic detected without corresponding DNS query: 172.217.16.163 |
Source: unknown | TCP traffic detected without corresponding DNS query: 172.217.18.100 |
Source: unknown | TCP traffic detected without corresponding DNS query: 172.217.18.100 |
Source: unknown | DNS traffic detected: queries for: i.ytimg.com |
Source: android | String found in binary or memory: http://ora.carlaarrabitoarchitetto.com/gate_cb8a5aea1ab302f0_c |
Source: android | String found in binary or memory: http://ora.studiolegalebasili.com/gate_cb8a5aea1ab302f0_c |
Source: android | String found in binary or memory: http://ora.studiolegalebasili.com/gate_cb8a5aea1ab302f0_c;http://ora.carlaarrabitoarchitetto.com/gat |
Source: ic_launcher_foreground.xml | String found in binary or memory: http://schemas.android.com/aapt |
Source: abc_tint_btn_checkable.xml, abc_select_dialog_material.xml | String found in binary or memory: http://schemas.android.com/apk/res-auto |
Source: common_google_signin_btn_icon_light_focused.xml, ic_launcher_foreground.xml, abc_tint_btn_checkable.xml, notification_action_background.xml, abc_screen_simple.xml, abc_search_view.xml, abc_seekbar_thumb_material.xml, abc_action_menu_item_layout.xml, abc_alert_dialog_title_material.xml, abc_screen_simple_overlay_action_mode.xml, abc_alert_dialog_button_bar_material.xml, abc_select_dialog_material.xml, abc_cascading_menu_item_layout.xml, abc_slide_out_bottom.xml, abc_expanded_menu_layout.xml | String found in binary or memory: http://schemas.android.com/apk/res/android |
Source: android | String found in binary or memory: https://plus.google.com/ |
Source: android | String found in binary or memory: https://www.googleapis.com/auth/games |
Source: android | String found in binary or memory: https://www.googleapis.com/auth/games_lite |
Source: unknown | Network traffic detected: HTTP traffic on port 55266 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55266 |
Source: unknown | Network traffic detected: HTTP traffic on port 42662 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33152 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33150 |
Source: unknown | Network traffic detected: HTTP traffic on port 33152 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42662 |
Source: unknown | Network traffic detected: HTTP traffic on port 33150 -> 443 |
Source: com.lib;->hideArea:521 | API Call: WindowManager.addView |
Source: com.lib;->hidePinnedHint:532 | API Call: WindowManager.addView |
Source: com.lib;->createOverlay:1097 | API Call: WindowManager.addView |
Source: com.lib;->createOverlay:1110 | API Call: WindowManager.addView |
Source: com.lib;->createOverlayOld:1157 | API Call: WindowManager.addView |
Source: android | String found in binary or memory: keyguard |
Source: com.lib;->setWakeLocks:3294 | API Call: android.os.PowerManager$WakeLock.acquire |
Source: com.lib;->setWakeLocks:3315 | API Call: android.os.PowerManager$WakeLock.acquire |
Source: submitted apk | Request permission: android.permission.INTERNET |
Source: submitted apk | Request permission: android.permission.READ_SMS |
Source: submitted apk | Request permission: android.permission.RECEIVE_SMS |
Source: submitted apk | Request permission: android.permission.SYSTEM_ALERT_WINDOW |
Source: submitted apk | Request permission: android.permission.WAKE_LOCK |
Source: classification engine | Classification label: mal64.troj.spyw.evad.and@0/252@4/0 |
Source: com.lib;->getBotUID:1753 | API Call: android.content.SharedPreferences.getString |
Source: com.lib;->getConfigID:1765 | API Call: android.content.SharedPreferences.getString |
Source: com.lib;->getGateUrl:1810 | API Call: android.content.SharedPreferences.getString |
Source: com.lib;->getPinnedPref:1859 | API Call: android.content.SharedPreferences.getString |
Source: com.lib;->getSystemSmsApp:1872 | API Call: android.content.SharedPreferences.getString |
Source: com.lib;->isNeedASniff:1972 | API Call: android.content.SharedPreferences.getBoolean |
Source: com.lib;->isNeedPinned:1995 | API Call: android.content.SharedPreferences.getBoolean |
Source: com.lib;->isNeedWebInj:2005 | API Call: android.content.SharedPreferences.getBoolean |
Source: com.google.android.gms.auth.api.signin.internal.Storage;->zaf:50 | API Call: android.content.SharedPreferences.getString |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: 0563dd99761227c7ed4e59cacac8d3ff6728c1b1eb4af7fa250f9965b6fbe8c245c1a862785cfefc7a790859db33763fd64100209e63a671cf0cee7dd15faabff9ce4454f388294ce34052f0a5137bb38a7aabc3800ed5bb9038dac14d97d0b837c7c4219194fa0ab09db0ff4ae36d55f2c05a50d6d84252a0cc86f73756642 Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: 19e3f8c7dba690f8e523a373f74770221ba2d4a60e3a0b736958df130851d99bd38f31f171a11e5fa2380565259176390437f4f04f4deeb3af3d6a970274c4eae88fb89d0fa9a05108659e7b17e0d4aa1b7d422b84336027a43c64dafe73d503dd99a625f8e85cc677d8496fb51b7be59eed9270e134e22aa082d753e786d40 Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: 59072a8fdb5c77018e78cd74a7892869a17fa81137900ccd34289d6d632cd193c915e1eb001803fb32ed5d48624962b400d6b29e3bafda5be0e9293256876f85581e724e7c4567144d30a060cedd6904d3cb82d8850868c9b71a0a1affaf6e7e51a551cff753d48e0e787520fb1c1833680849a6af468a9cdfee71ab07bf1a6 Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: 91d8aff7f46aafbf6fd0deb4f0ac7c6d32e7bf3408e4fd18aca0942c0e2acf6a1a2c59142f46878dabc2c2c6dcebac0f7ad071fd72150c9836847ff4a000e5f967be9288a6d77ac1ecaaaa24d0a3cd23eaeb40924a8095dbb0eb490015df084f0d4a8196b7c59ceba76762c8c516a8daa18e5ee78db7b763bceaaf994bede31 Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: 955b4b926d63e37811c0b9d24ece5d7e55662187c32656be818ad5b0f14f535309c0c7de1779305e6b7147831cfccff088e9f5358460640c5960486db05755190584d92971d6c47ea69b03a96f59328c6f68dee6e14d20019466feee7dbc8ed045e9e1802df54747a8334ea2ca4dda3d58649fc7c45f46e2dfcb8bc595b040c Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: ad466d828ff565c85015e770b6e9f94a6badb281dc1e3ff69fab3d57e5e4a33b026aca83c4db075ae9532b1f38745e719f13f787eac6b42ce815e2cfa0ce8ec296bdd6f622ddc75f9743f164057bbdaee8c7325db0117477e2a66ee1ad204e3b5bcee714ec441125946d784632045227049726259e835ecde77eda451695cc5 Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: bb3b5e6a820089303a7972ff12b1839d4cf4f05879d55e0951c7bedac7803e896b5b83be4ebb6a9f9efeb9204f5545f8bdf04f79a3f1b92883413d5e45d0dd4859af4765b8ee118a8880245ce8b15ce5da375765b0b5c2b7a9312c2ff80dd86c6d8bd8ee227361dcc94118009901a1d46e59635e6ed3cde0523b8e2fbf2c76e Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: dcf5893ec2b3b7df0482628e309cc064f6b36573ea418d6d0021b104662bad49299bb8ffb006c1b04919ffd59fbe83f467a6e7924650a1dd052fd3d8495cbeb36b02be2cf889537a7c96469953648e3642ee0cda358fb9ceef2f324560622858938a19c33af73a258bd5776694491969cc33a63c2bbb01b4042e166cbdfe294 Length: 5812 |
Source: Lcom/lib;->bytesToHex([B)Ljava/lang/String; | Method string: ee40db488b6f2bc7ac33cc566601c52bf6cb093c611e0b583d4b3f210ec13c2ce3b2df8de8c61e12ca9852767737f889367fadae4172fd571f39c202bae06f3d116c2683d61bcbe21f12414f0cf46f5dce57ec86ce0d18467cb61e36605a304cc9c8bea18d717aff4c55b65f563df30ed23291897095ae7647ee55abf42cd08 Length: 5812 |
Source: bpLldiCjub | Total valid method names: 60% |
Source: submitted apk | Request permission: android.permission.RECEIVE_BOOT_COMPLETED |
Source: com.lib;->doMMS:1620 | API Call: android.content.BroadcastReceiver.abortBroadcast |
Source: com.lib;->doPUSH:1625 | API Call: android.content.BroadcastReceiver.abortBroadcast |
Source: com.lib;->doSMS:1652 | API Call: android.content.BroadcastReceiver.abortBroadcast |
Source: submitted apk | Request permission: android.permission.SYSTEM_ALERT_WINDOW |
Source: com.example.eventbot.service;->md5:150 | API Call: java.security.MessageDigest.getInstance |
Source: com.example.eventbot.service;->md5:152 | API Call: java.security.MessageDigest.update |
Source: com.example.eventbot.service;->genLibUpdateName:61 | API Call: java.security.MessageDigest.digest |
Source: com.example.eventbot.service;->md5:152 | API Call: java.security.MessageDigest.update |
Source: com.example.eventbot.service;->genLibName:47 | API Call: java.security.MessageDigest.digest |
Source: com.example.eventbot.service;->fallbackLib:12 | API Call: javax.crypto.Cipher.getInstance |
Source: com.example.eventbot.service;->fallbackLib:17 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3323 | API Call: java.security.MessageDigest.getInstance |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.lib;->sha256:3326 | API Call: unknown.Could not access the field in remoteBinder. |
Source: com.lib;->rc4:2904 | API Call: javax.crypto.Cipher.getInstance |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal |
Source: com.example.eventbot.MainActivity;->sha256:77 | API Call: java.security.MessageDigest.getInstance |
Source: com.example.eventbot.MainActivity;->sha256:80 | API Call: java.security.MessageDigest.digest |
Source: com.example.eventbot.MainActivity;->sha256:82 | API Call: java.security.MessageDigest.getInstance |
Source: com.example.eventbot.MainActivity;->sha256:83 | API Call: java.security.MessageDigest.digest |
Source: com.example.eventbot.service;->fallbackLib:16 | API Call: javax.crypto.Cipher.init |
Source: com.example.eventbot.service;->md5:153 | API Call: java.security.MessageDigest.digest |
Source: com.google.android.gms.common.zzm;->zza:10 | API Call: java.security.MessageDigest.digest |
Source: com.lib;->md5:2385 | API Call: java.security.MessageDigest.getInstance |
Source: com.lib;->md5:2387 | API Call: java.security.MessageDigest.update |
Source: com.lib;->md5:2388 | API Call: java.security.MessageDigest.digest |
Source: com.lib;->rc4:2908 | API Call: javax.crypto.Cipher.init |
Source: com.lib;->sha256:3328 | API Call: java.security.MessageDigest.getInstance |
Source: com.lib;->sha256:3329 | API Call: java.security.MessageDigest.digest |
Source: com.google.android.gms.common.util.AndroidUtilsLight;->getPackageCertificateHashBytes:13 | API Call: java.security.MessageDigest.digest |
Source: com.google.android.gms.common.util.AndroidUtilsLight;->zzi:14 | API Call: java.security.MessageDigest.getInstance |
Source: com.example.eventbot.service;->loadLib:70 | Field Access: android.os.Build.MANUFACTURER |
Source: com.example.eventbot.service;->loadLib:70 | Field Access: android.os.Build.MODEL |
Source: com.example.eventbot.service;->loadLib:77 | Field Access: android.os.Build.MANUFACTURER |
Source: com.example.eventbot.service;->loadLib:77 | Field Access: android.os.Build.MODEL |
Source: com.lib;->makeRegPacket:2262 | Field Access: android.os.Build.MANUFACTURER |
Source: com.lib;->makeRegPacket:2265 | Field Access: android.os.Build.MODEL |
Source: com.example.eventbot.service;->genLibName:42 | Field Access: android.os.Build.MANUFACTURER |
Source: com.example.eventbot.service;->genLibName:44 | Field Access: android.os.Build.MODEL |
Source: com.example.eventbot.service;->genLibUpdateName:54 | Field Access: android.os.Build.MANUFACTURER |
Source: com.example.eventbot.service;->genLibUpdateName:56 | Field Access: android.os.Build.MODEL |
Source: com.example.eventbot.service;->genLibUpdateName:58 | Field Access: android.os.Build.MODEL |
Source: com.lib;->activatePinned:927 | Field Access: android.os.Build.MANUFACTURER |
Source: com.lib;->activatePinned:940 | Field Access: android.os.Build.MANUFACTURER |
Source: com.lib;->genLibUpdateName:1725 | Field Access: android.os.Build.MANUFACTURER |
Source: com.lib;->genLibUpdateName:1727 | Field Access: android.os.Build.MODEL |
Source: com.lib;->genLibUpdateName:1729 | Field Access: android.os.Build.MODEL |
Source: com.google.android.gms.common.util.DeviceProperties;->isUserBuild:48 | Field Access: android.os.Build.TYPE |
Source: com.lib;->getUID:1881 | API Call: android.provider.Settings.Secure.getString |
Source: com.example.eventbot.service;->loadLib:71 | API Call: java.io.File.<init> /data/user/0/com.example.eventbot/app_dex/dfe931bcbaf1ab88b1c3895ab745dc6.jar |
Source: com.example.eventbot.service;->loadLib:78 | API Call: java.io.File.<init> /data/user/0/com.example.eventbot/app_dex/72f5ed646cc01b83bc93e921e366fe0.jar |
Source: com.example.eventbot.service;->loadLib:101 | API Call: dalvik.system.DexClassLoader.<init>("/data/user/0/com.example.eventbot/app_dex/72f5ed646cc01b83bc93e921e366fe0.jar") |
Source: com.example.eventbot.service;->loadLib:103 | API Call: dalvik.system.DexClassLoader.loadClass("com.lib") |
Source: com.lib;->rc4:2909 | API Call: javax.crypto.Cipher.doFinal (Encrypted Data: "{"reason":"reg","data":{"UID":"b8e688b87ab41f9","OS":"7.1.2","MODEL":"samsung","VENDOR":"Galaxy Nexus","APPS":"[com.android.cts.priv.ctsshim, com.google.android.youtube, com.google.android.ext.services, com.example.android.rssreader, com.android.providers.telephony, org.android_x86.analytics, com.google.android.googlequicksearchbox, com.android.providers.calendar, com.android.providers.media, com.google.android.onetimeinitializer, com.google.android.ext.shared, com.android.wallpapercropper, org.zeroxlab.util.tscal, com.android.documentsui, com.android.externalstorage, com.android.htmlviewer, com.android.mms.service, com.android.providers.downloads, com.google.android.configupdater, com.android.defcontainer, com.android.providers.downloads.ui, com.android.vending, com.android.pacprocessor, com.android.certinstaller, com.android.carrierconfig, android, com.android.contacts, com.android.camera2, com.android.egg, com.android.mtp, com.android.launcher3, com.android.backupconfirm, com.android.statementservice, com.google.android.gm, com.android.calendar, com.google.android.setupwizard, com.android.providers.settings, com.android.sharedstoragebackup, com.android.printspooler, com.android.dreams.basic, com.android.webview, com.android.inputdevices, com.android.cellbroadcastreceiver, android.ext.shared, com.android.server.telecom, com.google.android.syncadapters.contacts, com.example.android.notepad, com.android.keychain, com.android.chrome, com.android.printservice.recommendation, com.android.dialer, com.android.gallery3d, com.google.android.gms, com.google.android.gsf, android.ext.services, com.android.calllogbackup, com.google.android.partnersetup, com.android.packageinstaller, com.android.basicsmsreceiver, com.svox.pico, com.android.proxyhandler, com.android.inputmethod.latin, com.google.android.feedback, com.google.android.syncadapters.calendar, com.android.managedprovisioning, com.android.providers.partnerbookmarks, com.google.android.gsf.login, com.android.wallpaper.livepicker, jackpal.androidterm, com.google.android.backuptransport, com.android.storagemanager, com.android.bookmarkprovider, com.android.settings, com.farmerbb.taskbar.androidx86, com.cyanogenmod.eleven, com.android.calculator2, com.android.cts.ctsshim, com.android.vpndialogs, com.android.email, com.android.phone, com.android.shell, com.android.wallpaperbackup, com.android.providers.blockednumber, com.android.providers.userdictio |