Loading ...

Play interactive tourEdit tour

Analysis Report com.qrcode.barcode.reader.scanner.free_2019-06-08.apk

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:141277
Start date:12.06.2019
Start time:22:38:26
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 11m 59s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:com.qrcode.barcode.reader.scanner.free_2019-06-08.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
APK Instrumentation enabled:true
Detection:SUS
Classification:sus24.spyw.andAPK@0/251@14/0
Warnings:
Show All
  • An application runtime error occurred
  • Excluded IPs from analysis (whitelisted): 172.217.168.35, 172.217.168.40, 172.217.168.42, 172.217.168.74, 216.58.215.234, 172.217.168.10, 172.217.168.14, 172.217.168.46, 172.217.168.78, 216.58.215.238, 172.217.168.72, 108.177.127.188, 172.217.168.67
  • Excluded domains from analysis (whitelisted): connectivitycheck.gstatic.com, ssl.google-analytics.com, youtubei.googleapis.com, android.clients.google.com, android.l.google.com, youtube-ui.l.google.com, www.googleadservices.com, ssl-google-analytics.l.google.com, googleapis.l.google.com, mobile-gtalk.l.google.com, mtalk.google.com
  • No dynamic data available
  • No interacted views
  • No simulation commands forwarded to apk
  • Not all non-executed APIs are in report
  • Not all resource files were parsed
  • Not all resource strings were parsed
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold240 - 100falsesuspicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold30 - 5true
ConfidenceConfidence


Classification

Analysis Advice

Unable to instrument or execute APK, no dynamic information has been logged
Unable to instrument or execute APK, runtime error occurred



Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: com.google.android.gms.internal.ads.zzafs;->zza:771API Call: android.location.Location.getLatitude
Source: com.google.android.gms.internal.ads.zzafs;->zza:773API Call: android.location.Location.getLongitude
Source: com.amazon.device.ads.AAXParameter$GeoLocationParameter;->getDerivedValue:19API Call: android.location.Location.getLatitude
Source: com.amazon.device.ads.AAXParameter$GeoLocationParameter;->getDerivedValue:23API Call: android.location.Location.getLongitude
Source: com.amazon.device.ads.AdLocation;->getLocation:21API Call: android.location.LocationManager.getLastKnownLocation
Source: com.amazon.device.ads.AdLocation;->getLocation:23API Call: android.location.LocationManager.getLastKnownLocation
Source: com.amazon.device.ads.AdLocation;->getLocation:34API Call: android.location.Location.getLatitude
Source: com.amazon.device.ads.AdLocation;->getLocation:40API Call: android.location.Location.getLongitude
Source: com.flurry.sdk.ads.cg;->a:52API Call: android.location.LocationManager.getLastKnownLocation
Source: com.flurry.sdk.ads.gh;->c:72API Call: android.location.Location.getLatitude
Source: com.flurry.sdk.ads.gh;->c:73API Call: android.location.Location.getLongitude
Source: com.appsflyer.h;->a:1296API Call: android.location.Location.getLatitude
Source: com.appsflyer.h;->a:1300API Call: android.location.Location.getLongitude
Source: com.appsflyer.v;->a:8API Call: android.location.LocationManager.getLastKnownLocation
Source: com.appsflyer.v;->a:12API Call: android.location.LocationManager.getLastKnownLocation
Source: com.snipermob.sdk.mobileads.b.a;->a:14API Call: android.location.Location.getLatitude
Source: com.snipermob.sdk.mobileads.b.a;->a:15API Call: android.location.Location.getLongitude
Source: com.snipermob.sdk.mobileads.b.a;->p:75API Call: android.location.LocationManager.getLastKnownLocation
Source: com.snipermob.sdk.mobileads.b.a;->p:78API Call: android.location.LocationManager.getLastKnownLocation

Spreading:

barindex
Has permission to change the WIFI configuration including connecting and disconnectingShow sources
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Accesses external storage locationShow sources
Source: com.cootek.presentation.a.a.b;->b:46API Call: android.os.Environment.getExternalStorageState
Source: com.gz.gb.gbpermisson.a.s;->a:2API Call: android.os.Environment.getExternalStorageDirectory
Source: com.gz.gb.gbpermisson.a.t;->a:2API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.android.gms.internal.ads.zzhs;->zzc:29API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.android.gms.internal.ads.zzmx;->call:3API Call: android.os.Environment.getExternalStorageState
Source: com.google.android.gms.internal.ads.zznn;->zza:76API Call: android.os.Environment.getExternalStorageDirectory
Source: com.facebook.ads.internal.p.b.o;->a:4API Call: android.os.Environment.getExternalStorageState
Source: com.facebook.ads.internal.p.b.o;->b:28API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.cootek.a.a.j;->a:6API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.cootek.a.a.j;->a:7API Call: android.net.NetworkInfo.isConnected
Source: com.cootek.presentation.a.a.e;->b:12API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.cootek.presentation.a.a.e;->b:13API Call: android.net.NetworkInfo.isConnected
Source: com.google.android.gms.internal.ads.zzafn;->zza:86API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.ads.zzagb;->zzo:88API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.ads.zzagb;->zzo:90API Call: android.net.NetworkInfo.getDetailedState
Source: com.amazon.device.ads.ConnectionInfo;->generateConnectionType:17API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.amazon.device.ads.DeviceInfo;->setMacAddress:149API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.flurry.sdk.ads.ci;->a:14API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.flurry.sdk.ads.ci;->a:15API Call: android.net.NetworkInfo.isConnected
Source: com.flurry.sdk.ads.ci;->b:32API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.flurry.sdk.ads.ci;->b:33API Call: android.net.NetworkInfo.isConnected
Source: com.flurry.sdk.ads.ci;->b:35API Call: android.net.NetworkInfo.isConnected
Source: com.flurry.sdk.ads.e;->a:3API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.flurry.sdk.ads.e;->a:4API Call: android.net.NetworkInfo.isConnected
Source: com.appsflyer.s;->a:6API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.appsflyer.s;->a:7API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.appsflyer.s;->a:22API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.appsflyer.s;->a:23API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.appsflyer.s;->a:25API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.appsflyer.s;->a:26API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.appsflyer.s;->a:28API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.appsflyer.s;->a:29API Call: android.net.NetworkInfo.isConnectedOrConnecting
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.126.188
Loads a webpage with cache disabledShow sources
Source: com.scanner.act.WebActivity;->a:16API Call: android.webkit.WebSettings.setCacheMode
Opens an internet connectionShow sources
Source: com.snipermob.sdk.mobileads.mraid.a.e;->Q:11API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.ads.internal.p.a.f;->a:6API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.a.a.d$a;->a:68API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.tark.active_statistic.ActiveTask;->doInBackground:79API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzafn;->zza:177API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzanf;->zzcz:9API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzaqn;->zzdp:114API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzaqx;->zze:74API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzas;->zza:49API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzasj;->zze:31API Call: java.net.URL.openConnection (not executed)
Source: com.amazon.device.ads.HttpURLConnectionWebRequest;->openConnection:98API Call: java.net.URL.openConnection (not executed)
Source: com.flurry.sdk.ads.ce;->i:12API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.h$d;->run:55API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.h;->a:360API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.i$a;->a:3API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.w;->a:31API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.ads.internal.p.b.h;->a:26API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.facebook.ads.internal.p.b.f;-><init>:10API Call: java.net.InetAddress.getByName (not executed)
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: ng nhp bng Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Aangemeld via Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Aanmelden met Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Accedi con Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Accesso effettuato con Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Bejelentkezs a Facebook hasznlatval equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Bejelentkezve a Facebook hasznlatval equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Com sesso iniciada atravs do Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Confirm your code on Facebook. equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Connect(e) laide de Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Connexion avec Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Continua con Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Continuar com o Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Continuar con Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Continue with Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Continuer avec Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Dilog masuk menggunakan Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Doorgaan met Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Entrar com o Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook - equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook ile Devam Et equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook ile giri yap equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Facebook ile giri yapld equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Fortsett med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Fortst med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Fortstt med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Gaan voort met Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Iniciar sesin con Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Iniciar sesso com o Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Inloggad med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Lanjutkan dengan Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Log in with Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Log masuk dengan Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Log p med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Logg inn med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Logga in med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Logged in using Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Logget inn med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Logget p med Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Mag-log in sa pamamagitan ng Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Magatuloy sa Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Masuk menggunakan Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Meld met Facebook aan equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Met Facebook aangemeld equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Mit Facebook fortfahren equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Naka-log in gamit ang Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Pihlen(a) pes Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Pihlsit se pes Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Pokraovat pes Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Prihlsen cez Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Prihlsi sa cez Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Sesin iniciada con Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Teruskan dengan Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: The Facebook sdk must be initialized before calling activateApp equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Tip tc vi Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: Voc entrou usando o Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: YAHOO equals www.yahoo.com (Yahoo)
Source: androidString found in binary or memory: ber Facebook angemeldet equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: ber Facebook anmelden equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads thread-%d %tF %<tT equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.clicked equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.clicked: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.dismissed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.dismissed: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.displayed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.displayed: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.error equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.error: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.impression.logged equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.impression.logged: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.ad_click equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.ad_impression equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.closed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.completed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.completed.without.reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.end_activity equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.error equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.server_reward_failed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.server_reward_success equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.AnalyticsUserIDStore.userID equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.AppEventsLogger$AccessTokenAppIdPair$SerializationProxyV1 equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.AppEventsLogger$AppEvent$SerializationProxyV1 equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.SessionInfo.interruptionCount equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.SessionInfo.sessionEndTime equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.SessionInfo.sessionId equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.SessionInfo.sessionStartTime equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.SourceApplicationInfo.callingApplicationPackage equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.SourceApplicationInfo.openedByApplink equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.katana equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.platform.APPLINK_NATIVE_CLASS equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.platform.APPLINK_NATIVE_URL equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.platform.APPLINK_TAP_TIME_UTC equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.react.ReactApplication equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.APP_EVENTS_FLUSHED equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.APP_EVENTS_FLUSH_RESULT equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.APP_EVENTS_NUM_EVENTS_FLUSHED equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.appEventPreferences equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: content://com.facebook.katana.provider.AttributionIdProvider equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.yahoo.com equals www.yahoo.com (Yahoo)
Source: androidString found in binary or memory: https://www.%s.facebook.com/audience_network/server_side_reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com/audience_network/server_side_reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: ng nhp bng Facebook equals www.facebook.com (Facebook)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: graph.facebook.com
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://adlog.flurry.com
Source: androidString found in binary or memory: http://ads.flurry.com/v19/getAds.do
Source: androidString found in binary or memory: http://amazon-adsystem.com
Source: androidString found in binary or memory: http://cdn.flurry.com/adSpaceStyles.dev/images/bttn-close-bw.png
Source: androidString found in binary or memory: http://code.google.com/p/android/issues/detail?id=10789
Source: androidString found in binary or memory: http://mads.amazon-adsystem.com/
Source: $avd_hide_password__0.xmlString found in binary or memory: http://schemas.android.com/aapt
Source: androidString found in binary or memory: http://schemas.android.com/apk/lib/com.amazon.device.ads
Source: dialog_style_small_v4_layout.xml, activity_image_preview.xml, fragment_palm_scan.xml, fragment_history_home.xml, activity_edit_image.xml, feed_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: androidString found in binary or memory: http://schemas.android.com/apk/res/
Source: activity_rewaredvideo.xml, select_dialog_multichoice_material.xml, dialog_style_small_v4_layout.xml, $avd_hide_password__0.xml, fragment_docs.xml, feed_item_shadow_background_top.xml, full_screen_ad_layout_5.xml, activity_image_preview.xml, activity_doc_batch_preview.xml, bg_palm_btn_ok_selector.xml, abc_alert_dialog_button_bar_material.xml, design_layout_snackbar_include.xml, abc_screen_content_include.xml, abc_seekbar_track_material.xml, fragment_palm_scan.xml, full_v5_material_layout.xml, abc_action_menu_item_layout.xml, privacy_expandable_group_item_layout.xml, abc_dialog_title_material.xml, dialog_pm_huawei_guide.xml, fragment_history_home.xml, full_screen_poster_layout_2.xml, activity_edit_image.xml, feed_layout.xml, abc_ratingbar_material.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: androidString found in binary or memory: http://schemas.applovin.com/android/1.0
Source: androidString found in binary or memory: http://usa.ime.cdn.cootekservice.com/ad/companionAds.html
Source: androidString found in binary or memory: http://ws2.cootekservice.com
Source: androidString found in binary or memory: http://www.google.com
Source: androidString found in binary or memory: http://www.google.com/m/products?q=
Source: androidString found in binary or memory: http://www.yahoo.com
Source: androidString found in binary or memory: http://xmlpull.org/v1/doc/features.html#process-namespaces
Source: androidString found in binary or memory: https://adlog.flurry.com
Source: androidString found in binary or memory: https://ads.flurry.com/v19/getAds.do
Source: androidString found in binary or memory: https://adx.snipermob.com/adx/rewarded
Source: androidString found in binary or memory: https://api.%s/install_data/v3/
Source: androidString found in binary or memory: https://attr.%s/api/v
Source: androidString found in binary or memory: https://cdn.flurry.com/vast/videocontrols/v2/android.zip
Source: androidString found in binary or memory: https://csi.gstatic.com/csi
Source: androidString found in binary or memory: https://dsp.snipermob.com/awu
Source: androidString found in binary or memory: https://dwxjayoxbnyrr.cloudfront.net/amazon-ads.viewablejs
Source: androidString found in binary or memory: https://events.%s/api/v
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/native_ads.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: androidString found in binary or memory: https://imasdk.googleapis.com/admob/sdkloader/native_video.html
Source: androidString found in binary or memory: https://monitorsdk.%s/remote-debug?app_id=
Source: androidString found in binary or memory: https://onelink.%s/shortlink-sdk/v1
Source: androidString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: androidString found in binary or memory: https://play.google.com/store/apps/details?id=
Source: androidString found in binary or memory: https://register.%s/api/v
Source: androidString found in binary or memory: https://service.cmp.oath.com/cmp/v0/location/eu
Source: androidString found in binary or memory: https://stats.%s/stats
Source: androidString found in binary or memory: https://support.google.com/dfp_premium/answer/7160685#push
Source: androidString found in binary or memory: https://t.%s/api/v
Source: androidString found in binary or memory: https://www.google.com/dfp/debugSignals
Source: androidString found in binary or memory: https://www.google.com/dfp/inAppPreview
Source: androidString found in binary or memory: https://www.google.com/dfp/linkDevice
Source: androidString found in binary or memory: https://www.google.com/dfp/sendDebugData
Uses HTTP for connecting to the internetShow sources
Source: com.facebook.ads.internal.p.a.a;->a:67API Call: java.net.HttpURLConnection.connect
Source: com.cootek.a.a.d$a;->a:75API Call: java.net.HttpURLConnection.connect
Source: com.cootek.tark.active_statistic.ActiveTask;->doInBackground:111API Call: javax.net.ssl.HttpsURLConnection.connect
Source: com.amazon.device.ads.HttpURLConnectionWebRequest;->doHttpNetworkCall:73API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 60334 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52518
Source: unknownNetwork traffic detected: HTTP traffic on port 42951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 38985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 44408 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 38163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60334
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53770
Source: unknownNetwork traffic detected: HTTP traffic on port 44793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 38747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44408
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57693
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41258
Source: unknownNetwork traffic detected: HTTP traffic on port 35609 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54309
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35609
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38163
Source: unknownNetwork traffic detected: HTTP traffic on port 52518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57731
Source: unknownNetwork traffic detected: HTTP traffic on port 42089 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56601
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39328
Source: unknownNetwork traffic detected: HTTP traffic on port 57731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56097
Source: unknownNetwork traffic detected: HTTP traffic on port 40820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60436 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54309 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45006
Source: unknownNetwork traffic detected: HTTP traffic on port 42055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39328 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52330 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42055
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59606
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52330
Source: unknownNetwork traffic detected: HTTP traffic on port 47326 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59449
Source: unknownNetwork traffic detected: HTTP traffic on port 34419 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51617 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56097 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43339
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42089
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60436
Source: unknownNetwork traffic detected: HTTP traffic on port 41797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60711
Source: unknownNetwork traffic detected: HTTP traffic on port 41258 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59606 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 48978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51617
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34419
Source: unknownNetwork traffic detected: HTTP traffic on port 59449 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38985
Source: unknownNetwork traffic detected: HTTP traffic on port 57693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 43339 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56601 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 45006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42951
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47326

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA
Records audio/mediaShow sources
Source: com.gz.gb.gbpermisson.a.n;->a:29API Call: android.media.MediaRecorder.start
Accesses the audio/media managersShow sources
Source: com.gz.gb.gbpermisson.a.n;-><init>:2API Call: android.media.MediaRecorder.<init>

E-Banking Fraud:

barindex
Has functionalty to add an overlay to other appsShow sources
Source: com.snipermob.sdk.mobileads.mraid.b.c;->clearWebViewDeadlock:19API Call: WindowManager.addView
Loads a webpage with cache disabledShow sources
Source: com.scanner.act.WebActivity;->a:16API Call: android.webkit.WebSettings.setCacheMode

Spam, unwanted Advertisements and Ransom Demands:

barindex
May dial phone numberShow sources
Source: com.google.android.gms.internal.ads.zzmw;->zziw:13API Call: android.net.Uri.parse("tel:")
May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) servicesShow sources
Source: submitted apkRequest permission: com.qrcode.barcode.reader.scanner.free.permission.C2D_MESSAGE
Found advertisement frameworksShow sources
Source: Lcom/appsflyer/h;->a(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ZLandroid/content/SharedPreferences;ZLandroid/content/Intent;)Ljava/util/Map;Method: AppsFlyer https://www.appsflyer.com/
Source: Lcom/applovin/impl/adview/k;->a(Landroid/webkit/WebView;Ljava/lang/String;Z)ZMethod: App Lovin https://applovin.com/
Loads advertisementShow sources
Source: androidString found in binary or memory: .doubleclick.net
Source: androidString found in binary or memory: ad.doubleclick.net
Source: androidString found in binary or memory: googleads.g.doubleclick.net
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/native_ads.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: com.google.android.gms.internal.ads.zzaqn;->zzdp:134API Calls in same method context: File.listFiles,File.delete
Source: com.scanner.act.EditImageActivity;->c:7API Calls in same method context: File.listFiles,File.delete
Source: com.flurry.sdk.ads.az;->a:14API Calls in same method context: File.listFiles,File.delete
Source: com.cootek.business.anticheat.AntiCheatProcessor;->checkCacheFileSize:43API Calls in same method context: File.listFiles,File.delete
Source: com.cootek.presentation.a.a.c;->b:40API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.ads.zzam;->zza:146API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: keyguard
Source: androidString found in binary or memory: Invalid Window info in window interactive check, assuming not obstructed by Keyguard.
Source: androidString found in binary or memory: is_keyguard_locked

System Summary:

barindex
Requests permissions only permitted to signed APKsShow sources
Source: submitted apkRequest permission: android.permission.PACKAGE_USAGE_STATS
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.CHANGE_WIFI_STATE
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Source: submitted apkRequest permission: android.permission.READ_LOGS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Source: submitted apkRequest permission: android.permission.WRITE_SETTINGS
Source: submitted apkRequest permission: android.permission.WRITE_SYNC_SETTINGS
Classification labelShow sources
Source: classification engineClassification label: sus24.spyw.andAPK@0/251@14/0
Creates SQLiteDatabase tableShow sources
Source: com.cootek.a.a.c;->a:159API Call: android.database.sqlite.SQLiteDatabase.execSQL
Reads shares settingsShow sources
Source: com.facebook.appevents.a.f;->a:11API Call: android.content.SharedPreferences.getString
Source: com.facebook.appevents.a.h;->a:8API Call: android.content.SharedPreferences.getString
Source: com.facebook.appevents.a.h;->a:10API Call: android.content.SharedPreferences.getBoolean
Source: com.uluru.common.a.b;->a:17API Call: android.content.SharedPreferences.getBoolean
Source: com.cootek.tark.active_statistic.ActiveInfo;->getUuid:22API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:21API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:29API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:37API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:45API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:53API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:61API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:77API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:124API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzamo;->call:7API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzamp;->call:10API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zznb;->zza:5API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zznf;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zztw;->zza:207API Call: android.content.SharedPreferences.getString
Source: com.amazon.device.ads.Settings;->getWrittenBoolean:94API Call: android.content.SharedPreferences.getBoolean
Source: com.amazon.device.ads.Settings;->getWrittenJSONObject:101API Call: android.content.SharedPreferences.getString
Source: com.amazon.device.ads.Settings;->getWrittenString:109API Call: android.content.SharedPreferences.getString
Source: com.flurry.sdk.ads.s;->b:32API Call: android.content.SharedPreferences.getString
Source: com.crashlytics.android.answers.h;->b:14API Call: android.content.SharedPreferences.getBoolean
Source: com.facebook.appevents.AppEventsLogger;->b:56API Call: android.content.SharedPreferences.getString
Source: com.facebook.appevents.a;->d:31API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerProperties;->a:14API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerProperties;->b:39API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.MultipleInstallBroadcastReceiver;->onReceive:13API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.SingleInstallBroadcastReceiver;->onReceive:13API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.ad;->a:15API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.h;->a:136API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:402API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.h;->a:430API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:460API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->f:649API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->g:674API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:979API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:991API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:1133API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:1154API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:1247API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:1250API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.h;->a:1390API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.h;->a:1420API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:1431API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:1516API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.h;->a:1532API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.z;->a:32API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.gz.gb.gbpermisson.a.o;->a:8API Call: android.hardware.SensorManager.registerListener
Source: com.google.android.gms.internal.ads.zzapr;->start:53API Call: android.hardware.SensorManager.registerListener
Source: com.cootek.business.anticheat.AntiCheatHelper;->registerSensorEventListener:40API Call: android.hardware.SensorManager.registerListener
Source: com.appsflyer.r;->a:46API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/flurry/sdk/ads/in;->e()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAGUAAABmCAYAAADS6F9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2hpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg Length: 7598
Source: Lcom/flurry/sdk/ads/in;->e()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAGUAAABmCAYAAADS6F9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2hpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg Length: 8318
Source: Lcom/snipermob/sdk/mobileads/mraid/b/e;-><clinit>()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAEsAAAA8CAYAAAAuaUeTAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAADU1JREFUeNrUW2+kXdkVP/vkCI8QQikllFfv3cu0Q8bwmA8VwpB+CUNG52M/lTChOkKjdExN9VupGUbzqcKEahgThpG0MSFf8jSduvdliFbLMAyPMDzC27tr77vXOr+1zj5/7ptW0/vct8/ZZ/9b66z1W3/2vu7 Length: 4668
Source: Lcom/snipermob/sdk/mobileads/mraid/b/e;-><clinit>()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAJAAAACQCAYAAADnRuK4AAAAAXNSR0IArs4c6QAAGatJREFUeAHtXQlwFcXWTtgXjWwBQgAT2QTZQSDsq2yKLEHDAwQUAS3AgldPVNS/QC38QVzK5cmOCCKIuLCLgCyieQIaZbNCSAggUcO+KYHkfd/9M/ef3HVmuufemXtvV53M3J7u092nv5zTe0dHhZkrKCi4HUWuD2pQSIl4xoDo70rl4XcddMkLZcL/cCG Length: 8856
Source: Lcom/flurry/sdk/ads/ie;->p(Lcom/flurry/sdk/ads/ie;)VMethod string: if(!window.Hogan){var Hogan={};(function(Hogan,useArrayBuffer){Hogan.Template=function(renderFunc,text,compiler,options){this.r=renderFunc||this.r;this.c=compiler;this.options=options;this.text=text||\"\";this.buf=useArrayBuffer?[]:\"\"};Hogan.Template.pr Length: 9415
Source: Lcom/flurry/sdk/ads/ir;->b()VMethod string: var mraidCtor=function(flurryBridge,initState){var mraid={};var STATES=mraid.STATES={LOADING:\"loading\",UNKNOWN:\"unknown\",DEFAULT:\"default\",EXPANDED:\"expanded\",HIDDEN:\"hidden\"};var EVENTS=mraid.EVENTS={ASSETREADY:\"assetReady\",ASSETREMOVED:\"ass Length: 7017
Source: Lcom/flurry/sdk/ads/ie;->b()VMethod string: var Hogan={};(function(Hogan,useArrayBuffer){Hogan.Template=function(renderFunc,text,compiler,options){this.r=renderFunc||this.r;this.c=compiler;this.options=options;this.text=text||\"\";this.buf=useArrayBuffer?[]:\"\"};Hogan.Template.prototype={r:functio Length: 9377
Source: Lcom/flurry/sdk/ads/in;->d()Landroid/graphics/Bitmap;Method string: iVBORw0KGgoAAAANSUhEUgAAAHIAAAByCAYAAACP3YV9AAAAAXNSR0IArs4c6QAADgpJREFUeAHtXXlwTVkaFxJGazpIWUpr0piIJIjY15ruGdrONMo6oqxlyvKHUcq+lVJK6VJKWUohQaHs+24w3dSosotlIiObhIgtEYTG/H6R++Yl7913z9vPve9+VT/3vnvPPfc73y/nnO9859wjqIx+pSxUrwqEAdWLj9/gWB6oUOqIn2XeA4Wljq/wOxd Length: 4888
Obfuscates method namesShow sources
Source: com.qrcode.barcode.reader.scanner.free_2019-06-08.apkTotal valid method names: 30%
Uses reflectionShow sources
Source: rx.internal.util.a.ak;-><clinit>:6API Call: java.lang.reflect.Field.get
Source: com.google.a.a.a.a.a.a;->b:34API Call: java.lang.reflect.Field.get
Source: com.facebook.ads.internal.q.a.a;->b:6API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.q.a.a;->b:10API Call: java.lang.reflect.Field.get
Source: com.facebook.ads.internal.q.a.a;->b:23API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzaiy;->zza:27API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zza:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zza:61API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzb:84API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzd:204API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzy:268API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzy:273API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzamu;->zzbj:135API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzamu;->zzbj:139API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzazr;->zzaau:30API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzbba;->zzacp:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbbo;->zza:64API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbcj;->zzaea:14API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbel;->run:4API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzbfj;->zza:20API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzbfj;->zza:38API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbfj;->zza:45API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzcg;->zza:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzcg;->zza:119API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzcg;->zzb:366API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzde;->zzb:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdl;->zzar:11API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdm;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdn;->zzar:11API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdo;->zzar:34API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdp;->zzar:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdq;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdr;->zzar:3API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzds;->zzar:23API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdu;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdv;->zzar:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdw;->zzar:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdx;->zzar:6API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdy;->zzar:10API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdz;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzea;->zzar:5API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzeb;->zzar:4API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzec;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzed;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzee;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzef;->zzar:9API Call: java.lang.reflect.Method.invoke
Source: com.amazon.device.ads.DeviceInfo;->setSerial:41API Call: java.lang.reflect.Field.get
Source: com.flurry.sdk.ads.dd;->a:13API Call: java.lang.reflect.Method.invoke
Source: com.flurry.sdk.ads.dd;->f:40API Call: java.lang.reflect.Method.invoke
Source: com.flurry.sdk.ads.dd;->f:42API Call: java.lang.reflect.Method.invoke
Source: com.applovin.impl.adview.a;->a:99API Call: java.lang.reflect.Method.invoke
Source: com.crashlytics.android.answers.j;->a:8API Call: java.lang.reflect.Method.invoke
Source: com.crashlytics.android.answers.j;->a:18API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.ad;->b:36API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.ad;->b:40API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.h;->e:588API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.h;->a:1523API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.l;->a:147API Call: java.lang.reflect.Method.invoke
Source: com.google.android.exoplayer2.audio.AudioTrack;->q:197API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Installs an application shortcut on the screenShow sources
Source: com.cootek.presentation.a.a.a;->a:34API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Source: com.cootek.presentation.a.a.a;->a:49API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Sets an intent to the APK data type (used to install other APKs)Show sources
Source: com.cootek.presentation.a.a.a;->a:25API Call: android.content.Intent.setDataAndType(n/a,"application/vnd.android.package-archive")

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Has permission to terminate background processes of other applicationsShow sources
Source: submitted apkRequest permission: android.permission.KILL_BACKGROUND_PROCESSES
Queries list of running processes/tasksShow sources
Source: com.facebook.ads.internal.q.a.g;->a:3API Call: android.app.ActivityManager.getRunningTasks
Source: com.colibrow.cootek.monitorcompat2.a.a;->a:6API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.colibrow.cootek.monitorcompat2.a.b;->a:6API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.ads.zzakk;->zzap:241API Call: android.app.ActivityManager.getRunningTasks
Source: com.google.android.gms.internal.ads.zzakk;->zzaq:251API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.ads.zzgk;->zzgx:75API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.mobutils.android.counter_usage.b.b;->a:5API Call: android.app.ActivityManager.getRunningAppProcesses
Queries package code path (often used for patching other applications)Show sources
Source: com.amazon.device.ads.AdUtils$AdUtilsExecutor;->checkDefinedActivities:7API Call: android.content.Context.getPackageCodePath
Source: io.fabric.sdk.android.c;->b:122API Call: android.content.Context.getPackageCodePath
Uses Crypto APIsShow sources
Source: com.mobutils.android.a.a.a.c;->a:32API Call: javax.crypto.Cipher.getInstance
Source: com.mobutils.android.a.a.a.c;->a:36API Call: javax.crypto.Cipher.init
Source: com.mobutils.android.a.a.a.c;->a:38API Call: javax.crypto.Cipher.doFinal
Source: com.mobutils.android.a.a.a.c;->b:47API Call: java.security.MessageDigest.getInstance
Source: com.mobutils.android.a.a.a.c;->b:52API Call: java.security.MessageDigest.update
Source: com.mobutils.android.a.a.a.c;->b:57API Call: java.security.MessageDigest.digest
Source: com.mobutils.android.a.a.a.c;->b:62API Call: javax.crypto.Cipher.getInstance
Source: com.mobutils.android.a.a.a.c;->b:69API Call: javax.crypto.Cipher.init
Source: com.mobutils.android.a.a.a.c;->b:71API Call: javax.crypto.Cipher.doFinal
Source: com.mobutils.android.a.a.a.c;->c:80API Call: java.security.MessageDigest.getInstance
Source: com.mobutils.android.a.a.a.c;->c:85API Call: java.security.MessageDigest.update
Source: com.mobutils.android.a.a.a.c;->c:89API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.q.a.f;->b:33API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.q.a.f;->b:36API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.q.a.h;->a:3API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.q.a.h;->a:5API Call: java.security.MessageDigest.update
Source: com.facebook.ads.internal.q.a.h;->a:6API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.p.a.o;->a:1API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.p.a.o;->a:3API Call: java.security.MessageDigest.digest
Source: com.cootek.presentation.a.a.c;->a:2API Call: java.security.MessageDigest.getInstance
Source: com.cootek.presentation.a.a.c;->a:5API Call: java.security.MessageDigest.update
Source: com.cootek.presentation.a.a.c;->a:8API Call: java.security.MessageDigest.digest
Source: com.cootek.presentation.a.a.d;->a:2API Call: java.security.MessageDigest.getInstance
Source: com.cootek.presentation.a.a.d;->a:4API Call: java.security.MessageDigest.update
Source: com.cootek.presentation.a.a.d;->a:5API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzamu;->zzde:187API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzamu;->zzde:189API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzamu;->zzde:192API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:223API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:224API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:225API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:226API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzayh;->zzk:24API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayh;->zzk:25API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;-><init>:7API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzayi;-><init>:9API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayi;-><init>:10API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zza:16API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zza:17API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zza:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zza:23API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zzc:31API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzayi;->zzc:33API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayi;->zzc:37API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzayi;->zzc:40API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayi;->zzc:41API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayj;->zzc:13API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayj;->zzc:15API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzaza;->zzb:2API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzaza;->zzb:3API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzazf;->zzb:2API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzazf;->zzb:3API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzbk;->zzb:68API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzbk;->zzb:70API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzbm;->run:4API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzck;->getCipher:7API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzck;->zza:23API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzck;->zza:25API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzck;->zzb:37API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzck;->zzb:39API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzgq;->zzhg:7API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzgv;->zzx:18API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzgv;->zzx:20API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzgz;->zzx:11API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzgz;->zzx:13API Call: java.security.MessageDigest.digest
Source: com.amazon.device.ads.StringUtils;->sha1:45API Call: java.security.MessageDigest.getInstance
Source: com.amazon.device.ads.StringUtils;->sha1:47API Call: java.security.MessageDigest.update
Source: com.amazon.device.ads.StringUtils;->sha1:48API Call: java.security.MessageDigest.digest
Source: com.flurry.sdk.ads.bz;->a:4API Call: com.flurry.sdk.ads.bq.update
Source: com.flurry.android.FlurryPrivacySession$Request;-><init>:9API Call: java.security.MessageDigest.update
Source: com.flurry.android.FlurryPrivacySession$Request;-><init>:10API Call: java.security.MessageDigest.digest
Source: com.facebook.appevents.AppEvent;->md5Checksum:57API Call: java.security.MessageDigest.getInstance
Source: com.facebook.appevents.AppEvent;->md5Checksum:60API Call: java.security.MessageDigest.update
Source: com.facebook.appevents.AppEvent;->md5Checksum:61API Call: java.security.MessageDigest.digest
Source: com.appsflyer.ab;->a:3API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.ab;->a:7API Call: java.security.MessageDigest.update
Source: com.appsflyer.ab;->a:8API Call: java.security.MessageDigest.digest
Source: com.appsflyer.ab;->b:25API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.ab;->b:29API Call: java.security.MessageDigest.update
Source: com.appsflyer.ab;->b:30API Call: java.security.MessageDigest.digest
Source: com.appsflyer.ab;->c:41API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.ab;->c:43API Call: java.security.MessageDigest.update
Source: com.appsflyer.ab;->c:44API Call: java.security.MessageDigest.digest
Source: com.litesuits.orm.db.assit.Encrypt;->getEncodeBytes:2API Call: java.security.MessageDigest.getInstance
Source: com.litesuits.orm.db.assit.Encrypt;->getEncodeBytes:4API Call: java.security.MessageDigest.update
Source: com.litesuits.orm.db.assit.Encrypt;->getEncodeBytes:5API Call: java.security.MessageDigest.digest
Source: com.litesuits.orm.db.assit.Encrypt;->getEncodeString:8API Call: java.security.MessageDigest.getInstance
Source: com.litesuits.orm.db.assit.Encrypt;->getEncodeString:10API Call: java.security.MessageDigest.update
Source: com.litesuits.orm.db.assit.Encrypt;->getEncodeString:11API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.p.b.m;->d:30API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.p.b.m;->d:32API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion:

barindex
Accesses android OS build fieldsShow sources
Source: com.snipermob.sdk.mobileads.model.a.a;-><init>:10Field Access: android.os.Build.MODEL
Source: com.snipermob.sdk.mobileads.model.a.a;-><init>:11Field Access: android.os.Build.MANUFACTURER
Source: com.snipermob.sdk.mobileads.model.a.a;-><init>:12Field Access: android.os.Build$VERSION.RELEASE
Source: com.facebook.devicerequests.a.a;->a:4Field Access: android.os.Build.DEVICE
Source: com.facebook.devicerequests.a.a;->a:7Field Access: android.os.Build.MODEL
Source: com.facebook.ads.internal.q.a.f;->b:42Field Access: android.os.Build.TAGS
Source: com.facebook.ads.internal.p.a.o;->a:6Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzadb;->zza:28Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzadb;->zza:34Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.ads.zzadb;->zza:35Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.ads.zzafs;->zza:550Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.ads.zzafs;->zza:553Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.ads.zzagb;-><init>:25Field Access: android.os.Build.FINGERPRINT
Source: com.google.android.gms.internal.ads.zzagb;-><init>:26Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:424Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:427Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:433Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:436Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:438Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:441Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.ads.zzakk;->zzri:448Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.ads.zzakk;->zzri:449Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.ads.zzamu;->zza:46Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzamu;->zzsg:208Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzcz;->zza:93Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.ads.zzcz;->zzb:182Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.ads.zznm;-><init>:16Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zznm;-><init>:20Field Access: android.os.Build$VERSION.SDK
Source: com.amazon.device.ads.AndroidBuildInfo;-><init>:2Field Access: android.os.Build.MANUFACTURER
Source: com.amazon.device.ads.AndroidBuildInfo;-><init>:3Field Access: android.os.Build.MODEL
Source: com.amazon.device.ads.AndroidBuildInfo;-><init>:4Field Access: android.os.Build$VERSION.RELEASE
Source: com.amazon.device.ads.DeviceInfo;-><init>:7Field Access: android.os.Build.MANUFACTURER
Source: com.amazon.device.ads.DeviceInfo;-><init>:8Field Access: android.os.Build.MODEL
Source: com.amazon.device.ads.DeviceInfo;-><init>:9Field Access: android.os.Build$VERSION.RELEASE
Source: com.flurry.sdk.ads.cj;->b:23Field Access: android.os.Build$VERSION.RELEASE
Source: com.flurry.sdk.ads.cj;->c:24Field Access: android.os.Build.DEVICE
Source: com.flurry.sdk.ads.cj;->d:25Field Access: android.os.Build.ID
Source: com.flurry.sdk.ads.cj;->e:26Field Access: android.os.Build.MANUFACTURER
Source: com.flurry.sdk.ads.cj;->f:27Field Access: android.os.Build.MODEL
Source: com.flurry.sdk.ads.gn;->a:7Field Access: android.os.Build$VERSION.RELEASE
Source: com.flurry.sdk.ads.gn;->a:8Field Access: android.os.Build.ID
Source: com.flurry.sdk.ads.gn;->a:9Field Access: android.os.Build.DEVICE
Source: com.flurry.sdk.ads.gn;->a:10Field Access: android.os.Build.MANUFACTURER
Source: com.flurry.sdk.ads.gn;->a:11Field Access: android.os.Build.MODEL
Source: com.appsflyer.ae;->b:128Field Access: android.os.Build.BRAND
Source: com.appsflyer.ae;->b:129Field Access: android.os.Build.MODEL
Source: com.appsflyer.ae;->b:130Field Access: android.os.Build$VERSION.RELEASE
Source: com.appsflyer.c;->b:39Field Access: android.os.Build.BRAND
Source: com.appsflyer.h;->a:817Field Access: android.os.Build.BRAND
Source: com.appsflyer.h;->a:820Field Access: android.os.Build.DEVICE
Source: com.appsflyer.h;->a:823Field Access: android.os.Build.PRODUCT
Source: com.appsflyer.h;->a:829Field Access: android.os.Build.MODEL
Source: com.appsflyer.h;->a:832Field Access: android.os.Build.TYPE
Source: com.appsflyer.h;->a:889Field Access: android.os.Build.BRAND
Source: com.appsflyer.h;->c:1887Field Access: android.os.Build.MODEL
Source: com.appsflyer.h;->c:1890Field Access: android.os.Build.BRAND
Source: com.appsflyer.y;->a:5Field Access: android.os.Build.MANUFACTURER
Source: com.snipermob.sdk.mobileads.model.b.e;-><init>:7Field Access: android.os.Build.MODEL
Source: com.snipermob.sdk.mobileads.model.b.e;-><init>:8Field Access: android.os.Build.MANUFACTURER
Source: com.snipermob.sdk.mobileads.model.b.e;-><init>:9Field Access: android.os.Build$VERSION.RELEASE
Queries several sensitive phone informationsShow sources
Source: Lcom/snipermob/sdk/mobileads/model/a/b;->r()Ljava/util/Map;Method string: "os"
Source: Lcom/applovin/impl/adview/az;->p()ZMethod string: "android"
Source: Lcom/android/billingclient/api/i;->b()Ljava/lang/String;Method string: "type"
Source: Lcom/applovin/impl/a/k;->a(Lcom/applovin/impl/sdk/fm;Lcom/applovin/impl/a/k;Lcom/applovin/b/o;)Lcom/applovin/impl/a/k;Method string: "version"
Source: Lcom/flurry/sdk/ads/gf;->a(Lcom/flurry/sdk/ads/f;Ljava/lang/String;)Ljava/lang/String;Method string: "sid"
Source: Lcom/gz/gb/gbpermisson/a/m;->a()ZMethod string: "phone"
Source: Lcom/flurry/sdk/ads/o;->a(Lcom/flurry/sdk/ads/f;I)ZMethod string: "appid"
Source: Lcom/appsflyer/ae;->a(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "imei"
Source: Lcom/appsflyer/ae;->a(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "model"
Source: Lcom/appsflyer/h;->a(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "sdk"
Source: Lcom/flurry/sdk/ads/ea;->a(Lcom/flurry/sdk/ads/eb;Lorg/json/JSONObject;)VMethod string: "category"
Source: Lcom/appsflyer/ae;->a(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "brand"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.google.android.gms.internal.ads.zzamu;->zzbc:109API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.internal.ads.zzamu;->zzbd:112API Call: android.provider.Settings$Secure.getString
Source: com.amazon.device.ads.DeviceInfo;->setUdid:52API Call: android.provider.Settings$Secure.getString
Source: com.appsflyer.h;->a:1536API Call: android.provider.Settings$Secure.getString

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.google.android.gms.internal.ads.zzcz;->zza:55API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.google.android.gms.internal.ads.zzeg;->zzav:15API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Language, Device and Operating System Detection:

barindex
Checks if phone is rooted (checks for Superuser.apk)Show sources
Source: com.facebook.ads.internal.q.a.f;->c:46API Call: java.io.File.<init>("/system/app/Superuser.apk")
Checks if phone is rooted (checks for test-keys build tags)Show sources
Source: com.facebook.ads.internal.q.a.f;->b:44API Call: java.lang.String.contains("test-keys")
Queries the SIM provider name (SPN - Service Provider Name)Show sources
Source: com.appsflyer.s;->a:12API Call: android.telephony.TelephonyManager.getSimOperatorName
Queries the WIFI MAC addressShow sources
Source: com.amazon.device.ads.DeviceInfo;->setMacAddress:156API Call: android.net.wifi.WifiInfo.getMacAddress
Queries the network operator nameShow sources
Source: com.amazon.device.ads.DeviceInfo;->setCarrier:18API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: com.appsflyer.s;->a:13API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: com.google.android.gms.internal.ads.zzagb;->zzo:82API Call: android.telephony.TelephonyManager.getNetworkOperator
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.gz.gb.gbpermisson.a.m;->a:5API Call: android.telephony.TelephonyManager.getSubscriberId

Stealing of Sensitive Information:

barindex
Has permission to read low-level log files (spy personal data)Show sources
Source: submitted apkRequest permission: android.permission.READ_LOGS
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permissions to create, read or change account settings (inlcuding account password settings)Show sources
Source: submitted apkRequest permission: android.permission.AUTHENTICATE_ACCOUNTS
Source: submitted apkRequest permission: android.permission.GET_ACCOUNTS
Queries camera informationShow sources
Source: com.gz.gb.gbpermisson.a.f;->a:9API Call: android.hardware.Camera.open
Queries phone contact informationShow sources
Source: com.gz.gb.gbpermisson.a.g;->a:6Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI
Queries stored mail and application accounts (e.g. Gmail or Whatsup)Show sources
Source: com.google.android.gms.appinvite.AppInviteInvitation$IntentBuilder;->setAccount:40API Call: android.accounts.Account.type
Redirects camera/video feedShow sources
Source: com.gz.gb.gbpermisson.a.n;->a:25API Call: android.media.MediaRecorder.setOutputFile
Has permission to query the current locationShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_COARSE_LOCATION
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION

Remote Access Functionality:

barindex
Found suspicious command strings (may be related to BOT commands)Show sources
Source: Lcom/flurry/sdk/ads/p;->a(Lcom/flurry/sdk/ads/k;Ljava/util/List;)VMethod string: "__sendtoserver"
Source: Lcom/gz/gb/gbpermisson/a/u;->a(Landroid/content/Context;Ljava/lang/String;)ZMethod string: "android.permission.send_sms"
Source: Lcom/flurry/sdk/ads/p;->a(Lcom/flurry/sdk/ads/k;Ljava/util/List;)VInstruction: "const-string v1, "__sendtoserver""
Source: Lcom/scanner/a/b;->a()Ljava/util/List;Instruction: "ljava/util/collections;->reverse(ljava/util/list;)v"
Source: Lcom/gz/gb/gbpermisson/a/u;->a(Landroid/content/Context;Ljava/lang/String;)ZInstruction: "const-string v3, "android.permission.send_sms""
Has permission to mount or unmount file systems (removable storage)Show sources
Source: submitted apkRequest permission: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Uses DownloadManager to fetch additional componentsShow sources
Source: com.google.android.gms.internal.ads.zzaaf;->onClick:14API Call: android.app.DownloadManager.enqueue

Antivirus and Machine Learning Detection

Initial Sample

SourceDetectionScannerLabelLink
com.qrcode.barcode.reader.scanner.free_2019-06-08.apk0%virustotalBrowse

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
geo-nginx.mobhey.com0%virustotalBrowse
flury-ycpi.gycpi.b.yahoodns.net0%virustotalBrowse
usa.ime.cootek.com0%virustotalBrowse
adx.snipermob.com0%virustotalBrowse
dsp.snipermob.com0%virustotalBrowse
usa.mobhey.com0%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://adx.snipermob.com/adx/rewarded0%virustotalBrowse
https://adx.snipermob.com/adx/rewarded0%Avira URL Cloudsafe
https://dsp.snipermob.com/awu0%virustotalBrowse
https://dsp.snipermob.com/awu0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
216.58.215.226http://rgho.st/7jXZr4XY6Get hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=albs&google_cm=&psid=6574252106362827873&google_hm=NjU3NDI1MjEwNjM2MjgyNzg3Mw&_lxrnd_=735613763&google_tc=
http://www.toexten.com/lp2?type=safe&pub_id=3729&sub_id=wL91F9I93AQ5G9KJHSP4QE1E&srcid=9225325b-0778-4b3a-80bd-ad6f5b882333_2134446Get hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm=&google_sc=&_origin=0&google_tc=
http://104.238.179.196/code2111/chrome_win/Get hashmaliciousBrowse
  • www.googleadservices.com/pagead/conversion_async.js
http://dev.interop.comGet hashmaliciousBrowse
  • www.googletagservices.com/tag/js/gpt.js
https://www.thredup.com?utm_source=responsys&utm_medium=email&utm_campaign=ob-v13-day-2-ceo-noteGet hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=xplusone1&_r=1&google_hm=TkUtMDAwMDAwMDg1ODk4NzkzMjM=&google_cm&google_sc&google_ula=1502692
https://www.thredup.com/product/36006388?pdp_mode=pdp&link_name=Primary_Button_available_item&utm_source=responsys&utm_medium=email&utm_campaign=pdp-item-available-v2&t=Get hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=xplusone1&_r=1&google_hm=TkctMDAwMDAwMDM4Njg0MTg5NDA=&google_cm&google_sc&google_ula=1502692
52.58.23.193app-sniper-debug.apkGet hashmaliciousBrowse

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    star.c10r.facebook.comhttp://csq1.orgGet hashmaliciousBrowse
    • 31.13.86.8
    me.everything.launcher_2018-06-27.apkGet hashmaliciousBrowse
    • 31.13.86.8
    http://l.e.crainalerts.com/rts/go2.aspx?h=136632&tp=i-H43-Dt-2p1-CVvtZ-1o-4Npx-1c-CW37P-1Rcir&x=2249754Get hashmaliciousBrowse
    • 157.240.20.15
    https://strawberrypianist.com/ertyjuluiytrdgfhjuhytygu/owa/normalof/normalof/office/New/Get hashmaliciousBrowse
    • 185.60.216.15
    LittleSaigon-hockeyDev-debug.apkGet hashmaliciousBrowse
    • 31.13.75.8
    tiempo.apkGet hashmaliciousBrowse
    • 157.240.20.15
    360 Security Free Antivirus Booster Cleaner_v5.1.8.3904_apkpure.com.apkGet hashmaliciousBrowse
    • 31.13.86.8
    com.giantssoftware.fs18.google_1.4.0.1-APK_Award.apkGet hashmaliciousBrowse
    • 31.13.86.8
    88d57021-2946-42c2-b397-05d278b11ec8.apkGet hashmaliciousBrowse
    • 31.13.75.8
    com.app.chat.messenger.apkGet hashmaliciousBrowse
    • 31.13.75.8
    persistent_malware.apkGet hashmaliciousBrowse
    • 185.60.216.15
    Gcinc Proposals II.pdfGet hashmaliciousBrowse
    • 185.60.216.15
    http://examwriting.blogspot.com/2015/02/describe-person-your-best-friend.htmlGet hashmaliciousBrowse
    • 31.13.86.8
    ApeUfoGames.apkGet hashmaliciousBrowse
    • 157.240.20.15
    tiempo.apkGet hashmaliciousBrowse
    • 157.240.20.15
    PrivateZone&Bing.apkGet hashmaliciousBrowse
    • 31.13.86.8
    com.escape.room.door.word.prison.puzzle.adventure_2019-01-09.apkGet hashmaliciousBrowse
    • 31.13.75.8
    apkpure-WordsStoryAddictiveWordGame_v1.4.6_apkpure.com.apkGet hashmaliciousBrowse
    • 31.13.86.8
    com.tenqube.qlip_2018-10-18.apkGet hashmaliciousBrowse
    • 31.13.64.16
    art.filter.editor.imge_102_apkplz.net.apkGet hashmaliciousBrowse
    • 31.13.75.8
    geo-nginx.mobhey.comapp-sniper-debug.apkGet hashmaliciousBrowse
    • 52.58.23.193

    ASN

    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    unknownrequest.docGet hashmaliciousBrowse
    • 192.168.0.44
    FERK444259.docGet hashmaliciousBrowse
    • 192.168.0.44
    b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.jsGet hashmaliciousBrowse
    • 192.168.0.40
    Setup.exeGet hashmaliciousBrowse
    • 192.168.0.40
    base64.pdfGet hashmaliciousBrowse
    • 192.168.0.40
    file.pdfGet hashmaliciousBrowse
    • 192.168.0.40
    Spread sheet 2.pdfGet hashmaliciousBrowse
    • 192.168.0.40
    request_08.30.docGet hashmaliciousBrowse
    • 192.168.0.44
    P_2038402.xlsxGet hashmaliciousBrowse
    • 192.168.0.44
    48b1cf747a678641566cd1778777ca72.apkGet hashmaliciousBrowse
    • 192.168.0.22
    seu nome na lista de favorecidos.exeGet hashmaliciousBrowse
    • 192.168.0.40
    Adm_Boleto.via2.comGet hashmaliciousBrowse
    • 192.168.0.40
    QuitacaoVotorantim345309.exeGet hashmaliciousBrowse
    • 192.168.0.40
    pptxb.pdfGet hashmaliciousBrowse
    • 192.168.0.40
    unknownrequest.docGet hashmaliciousBrowse
    • 192.168.0.44
    FERK444259.docGet hashmaliciousBrowse
    • 192.168.0.44
    b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.jsGet hashmaliciousBrowse
    • 192.168.0.40
    Setup.exeGet hashmaliciousBrowse
    • 192.168.0.40
    base64.pdfGet hashmaliciousBrowse
    • 192.168.0.40
    file.pdfGet hashmaliciousBrowse
    • 192.168.0.40
    Spread sheet 2.pdfGet hashmaliciousBrowse
    • 192.168.0.40
    request_08.30.docGet hashmaliciousBrowse
    • 192.168.0.44
    P_2038402.xlsxGet hashmaliciousBrowse
    • 192.168.0.44
    48b1cf747a678641566cd1778777ca72.apkGet hashmaliciousBrowse
    • 192.168.0.22
    seu nome na lista de favorecidos.exeGet hashmaliciousBrowse
    • 192.168.0.40
    Adm_Boleto.via2.comGet hashmaliciousBrowse
    • 192.168.0.40
    QuitacaoVotorantim345309.exeGet hashmaliciousBrowse
    • 192.168.0.40
    pptxb.pdfGet hashmaliciousBrowse
    • 192.168.0.40

    JA3 Fingerprints

    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    cad0d99275c692e82c0ac8d74cb16db9RicoRapidResponse.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    360 Security Free Antivirus Booster Cleaner_v5.1.8.3904_apkpure.com.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    Faktura_nr_F_2019_84568299857.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    com.giantssoftware.fs18.google_1.4.0.1-APK_Award.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    KuR73RWenxGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    Adobe_Flash_2018.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    test.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    cRS8QApvBfGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    ZyuL16KGfvGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    mp3.converter.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    EqWjUgHkUfGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    88d57021-2946-42c2-b397-05d278b11ec8.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    hZ4YhhZ4gHGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    RoLrmSG8TJGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    OAMMKOBsZGGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    com.app.chat.messenger.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    27XnSFLhC2Get hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    popcorntime.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    persistent_malware.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193
    7e4a.apkGet hashmaliciousBrowse
    • 54.225.190.146
    • 52.208.113.171
    • 54.171.5.118
    • 157.240.20.15
    • 157.240.195.17
    • 52.48.144.188
    • 52.215.36.57
    • 34.240.159.69
    • 3.121.96.78
    • 87.248.118.23
    • 52.58.23.193

    Dropped Files

    No context

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    android-buttoncam-android

    Created / dropped Files

    No created / dropped files found

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    geo-nginx.mobhey.com
    52.58.23.193
    truefalse0%, virustotal, Browseunknown
    star.c10r.facebook.com
    157.240.195.17
    truefalsehigh
    appsflyer-web-4-962407740.eu-west-1.elb.amazonaws.com
    52.215.36.57
    truefalsehigh
    pagead.l.doubleclick.net
    216.58.215.226
    truefalsehigh
    flury-ycpi.gycpi.b.yahoodns.net
    87.248.118.23
    truefalse0%, virustotal, Browselow
    settings.crashlytics.com
    54.225.190.146
    truefalsehigh
    usa.ime.cootek.com
    103.73.195.28
    truefalse0%, virustotal, Browselow
    appsflyer-web-5-2093104013.eu-west-1.elb.amazonaws.com
    52.48.144.188
    truefalsehigh
    appsflyer-web-6-198879441.eu-west-1.elb.amazonaws.com
    52.208.113.171
    truefalsehigh
    appsflyer-web-8-226325341.eu-west-1.elb.amazonaws.com
    34.240.159.69
    truefalsehigh
    adx.snipermob.com
    unknown
    unknownfalse0%, virustotal, Browseunknown
    graph.facebook.com
    unknown
    unknownfalsehigh
    www.youtube.com
    unknown
    unknownfalsehigh
    events.appsflyer.com
    unknown
    unknownfalsehigh
    dsp.snipermob.com
    unknown
    unknownfalse0%, virustotal, Browseunknown
    usa.mobhey.com
    unknown
    unknownfalse0%, virustotal, Browseunknown
    t.appsflyer.com
    unknown
    unknownfalsehigh
    data.flurry.com
    unknown
    unknownfalsehigh

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://cdn.flurry.com/adSpaceStyles.dev/images/bttn-close-bw.pngandroidfalse
      high
      https://cdn.flurry.com/vast/videocontrols/v2/android.zipandroidfalse
        high
        https://onelink.%s/shortlink-sdk/v1androidfalse
          high
          https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/native_ads.jsandroidfalse
            high
            https://dwxjayoxbnyrr.cloudfront.net/amazon-ads.viewablejsandroidfalse
              high
              https://service.cmp.oath.com/cmp/v0/location/euandroidfalse
                high
                https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.jsandroidfalse
                  high
                  http://www.yahoo.comandroidfalse
                    high
                    http://mads.amazon-adsystem.com/androidfalse
                      high
                      http://ws2.cootekservice.comandroidfalse
                        high
                        https://attr.%s/api/vandroidfalse
                          high
                          https://monitorsdk.%s/remote-debug?app_id=androidfalse
                            high
                            https://api.%s/install_data/v3/androidfalse
                              high
                              http://schemas.android.com/apk/lib/com.amazon.device.adsandroidfalse
                                high
                                https://adx.snipermob.com/adx/rewardedandroidfals