Loading ...

Play interactive tourEdit tour

Analysis Report com.cootek.smartinputv5_2019-06-06.apk

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:141279
Start date:12.06.2019
Start time:23:02:35
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 14m 49s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:com.cootek.smartinputv5_2019-06-06.apk
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
APK Instrumentation enabled:true
Detection:MAL
Classification:mal60.bank.spyw.evad.andAPK@0/251@1/0
Warnings:
Show All
  • Max analysis timeout: 720s exceeded, the analysis took too long
  • Excluded IPs from analysis (whitelisted): 172.217.168.35, 172.217.168.8, 172.217.168.78, 172.217.168.14, 172.217.168.46, 74.125.143.188
  • Excluded domains from analysis (whitelisted): connectivitycheck.gstatic.com, ssl.google-analytics.com, android.clients.google.com, android.l.google.com, ssl-google-analytics.l.google.com, mobile-gtalk.l.google.com, mtalk.google.com
  • No dynamic data available
  • No interacted views
  • No simulation commands forwarded to apk
  • Not all non-executed APIs are in report
  • Not all resource files were parsed
  • Not all resource strings were parsed
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold600 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Unable to instrument or execute APK, no dynamic information has been logged



Mitre Att&ck Matrix

Signature Overview

Click to jump to signature section


Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: com.cootek.touchpal.ai.network.accu.ObservableWeatherService;->a:20API Call: android.location.Location.getLatitude
Source: com.cootek.touchpal.ai.network.accu.ObservableWeatherService;->a:21API Call: android.location.Location.getLongitude
Source: com.google.android.gms.internal.ads.zzafs;->zza:765API Call: android.location.Location.getLatitude
Source: com.google.android.gms.internal.ads.zzafs;->zza:767API Call: android.location.Location.getLongitude
Source: com.amazon.device.ads.AAXParameter$GeoLocationParameter;->getDerivedValue:19API Call: android.location.Location.getLatitude
Source: com.amazon.device.ads.AAXParameter$GeoLocationParameter;->getDerivedValue:23API Call: android.location.Location.getLongitude
Source: com.amazon.device.ads.AdLocation;->getLocation:20API Call: android.location.LocationManager.getLastKnownLocation
Source: com.amazon.device.ads.AdLocation;->getLocation:28API Call: android.location.LocationManager.getLastKnownLocation
Source: com.amazon.device.ads.AdLocation;->getLocation:62API Call: android.location.Location.getLatitude
Source: com.amazon.device.ads.AdLocation;->getLocation:68API Call: android.location.Location.getLongitude
Source: com.flurry.sdk.ads.cg;->a:51API Call: android.location.LocationManager.getLastKnownLocation
Source: com.flurry.sdk.ads.gh;->c:86API Call: android.location.Location.getLatitude
Source: com.flurry.sdk.ads.gh;->c:87API Call: android.location.Location.getLongitude
Source: com.appsflyer.AppsFlyerLib;->:2328API Call: android.location.Location.getLatitude
Source: com.appsflyer.AppsFlyerLib;->:2332API Call: android.location.Location.getLongitude
Source: com.appsflyer.j;->:9API Call: android.location.LocationManager.getLastKnownLocation
Source: com.appsflyer.j;->:13API Call: android.location.LocationManager.getLastKnownLocation
Source: com.snipermob.sdk.mobileads.b.a;->a:14API Call: android.location.Location.getLatitude
Source: com.snipermob.sdk.mobileads.b.a;->a:15API Call: android.location.Location.getLongitude
Source: com.snipermob.sdk.mobileads.b.a;->p:74API Call: android.location.LocationManager.getLastKnownLocation
Source: com.snipermob.sdk.mobileads.b.a;->p:77API Call: android.location.LocationManager.getLastKnownLocation
Source: com.monet.bidder.ao;->a:81API Call: android.location.Location.getLatitude
Source: com.monet.bidder.ao;->a:85API Call: android.location.Location.getLongitude
Source: com.monet.bidder.v;->l:305API Call: android.location.LocationManager.getLastKnownLocation
Source: com.monet.bidder.v;->l:307API Call: android.location.Location.getLatitude
Source: com.monet.bidder.v;->l:310API Call: android.location.Location.getLongitude
Source: com.otaliastudios.cameraview.Camera1;->S:96API Call: android.location.Location.getLatitude
Source: com.otaliastudios.cameraview.Camera1;->S:98API Call: android.location.Location.getLongitude
Source: com.otaliastudios.cameraview.Camera1;->a:207API Call: android.location.Location.getLatitude
Source: com.otaliastudios.cameraview.Camera1;->a:210API Call: android.location.Location.getLongitude
Source: com.otaliastudios.cameraview.Camera1;->a:224API Call: android.location.Location.getLatitude
Source: com.otaliastudios.cameraview.Camera1;->a:226API Call: android.location.Location.getLongitude
Source: com.mopub.common.AdUrlGenerator;->a:33API Call: android.location.Location.getLatitude
Source: com.mopub.common.AdUrlGenerator;->a:37API Call: android.location.Location.getLongitude
Source: com.mopub.common.LocationService;->a:9API Call: android.location.LocationManager.getLastKnownLocation
Source: com.mopub.common.LocationService;->a:42API Call: android.location.Location.getLatitude
Source: com.mopub.common.LocationService;->a:47API Call: android.location.Location.getLongitude
Source: com.cootek.touchpal.ai.component.Archimedes$BackgroundTask;->a:43API Call: android.location.Location.getLatitude
Source: com.cootek.touchpal.ai.component.Archimedes$BackgroundTask;->a:46API Call: android.location.Location.getLongitude
Source: com.cootek.touchpal.ai.component.BackgroundComponent;->g:223API Call: android.location.Location.getLatitude
Source: com.cootek.touchpal.ai.component.BackgroundComponent;->g:225API Call: android.location.Location.getLongitude
Source: com.cootek.touchpal.ai.component.SuperBackgroundComponent;->d:71API Call: android.location.Location.getLatitude
Source: com.cootek.touchpal.ai.component.SuperBackgroundComponent;->d:73API Call: android.location.Location.getLongitude
Source: com.cootek.touchpal.ai.component.SuperPredictor$BackgroundTask;->a:38API Call: android.location.Location.getLatitude
Source: com.cootek.touchpal.ai.component.SuperPredictor$BackgroundTask;->a:41API Call: android.location.Location.getLongitude

Exploits:

barindex
Might use exploit to break dedexer toolsShow sources
Source: com.cootek.smartinputv5_2019-06-06.apkCode Location: Lcom/cootek/smartinput5/ui/RoundProgressView;.onDraw(Landroid/graphics/Canvas;)V

Privilege Escalation:

barindex
Requests root accessShow sources
Source: Lcom/monet/bidder/v;->G()Ljava/lang/Boolean;Method string: "/system/bin/su"
Source: Lcom/monet/bidder/v;->G()Ljava/lang/Boolean;Method string: "/system/xbin/su"

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.tencent.mm.opensdk.diffdev.a.d;-><clinit>:1API Call: android.os.Environment.getExternalStorageState
Source: com.tencent.mm.opensdk.diffdev.a.d;-><clinit>:4API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tencent.mm.opensdk.diffdev.a.d;-><clinit>:9API Call: android.os.Environment.getExternalStorageDirectory
Source: com.cootek.boomtext.adapter.NormalRecyclerViewAdapter;->a:37API Call: android.os.Environment.getExternalStorageState
Source: com.google.android.gms.internal.ads.zzhs;->zzc:29API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.android.gms.internal.ads.zzmx;->call:3API Call: android.os.Environment.getExternalStorageState
Source: com.google.android.gms.internal.ads.zznn;->zza:74API Call: android.os.Environment.getExternalStorageDirectory
Source: com.just.agentweb.AgentWebUtils;->getAvailableStorage:154API Call: android.os.Environment.getExternalStorageDirectory
Source: com.just.agentweb.AgentWebUtils;->getFileAbsolutePath:216API Call: android.os.Environment.getExternalStorageDirectory
Source: com.facebook.ads.internal.p.b.o;->a:4API Call: android.os.Environment.getExternalStorageState
Source: com.facebook.ads.internal.p.b.o;->b:28API Call: android.os.Environment.getExternalStorageDirectory
Source: com.monet.bidder.v;->A:7API Call: android.os.Environment.getExternalStorageDirectory
Source: com.monet.bidder.v;->I:152API Call: android.os.Environment.getExternalStorageState
Source: com.monet.bidder.v;->z:602API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mobutils.android.mediation.cache.e;->a:4API Call: android.os.Environment.getExternalStorageState
Source: com.cootek.presentation.service.config.ContentDownloader;->isExternalStorageWritable:136API Call: android.os.Environment.getExternalStorageState
Source: com.cootek.aremoji.core.ARemojiManager;->f:44API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.google.android.gms.internal.ads.zzafn;->zza:86API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.ads.zzagb;->zzo:88API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.ads.zzagb;->zzo:90API Call: android.net.NetworkInfo.getDetailedState
Source: com.amazon.device.ads.ConnectionInfo;->generateConnectionType:16API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.amazon.device.ads.DeviceInfo;->setMacAddress:148API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.flurry.sdk.ads.ci;->a:13API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.flurry.sdk.ads.ci;->a:14API Call: android.net.NetworkInfo.isConnected
Source: com.flurry.sdk.ads.ci;->b:31API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.flurry.sdk.ads.ci;->b:32API Call: android.net.NetworkInfo.isConnected
Source: com.flurry.sdk.ads.ci;->b:34API Call: android.net.NetworkInfo.isConnected
Source: com.flurry.sdk.ads.e;->a:3API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.flurry.sdk.ads.e;->a:4API Call: android.net.NetworkInfo.isConnected
Source: com.just.agentweb.AgentWebUtils;->checkNetwork:6API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.just.agentweb.AgentWebUtils;->checkNetwork:7API Call: android.net.NetworkInfo.isConnected
Source: com.just.agentweb.AgentWebUtils;->checkNetworkType:10API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.just.agentweb.AgentWebUtils;->checkWifi:15API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.just.agentweb.AgentWebUtils;->checkWifi:16API Call: android.net.NetworkInfo.isConnected
Source: com.appsflyer.g;->:6API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.appsflyer.g;->:7API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.appsflyer.g;->:14API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.appsflyer.g;->:15API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.appsflyer.g;->:17API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.appsflyer.g;->:18API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.appsflyer.g;->:20API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.appsflyer.g;->:21API Call: android.net.NetworkInfo.isConnectedOrConnecting
Source: com.cootek.noah.ararat.NetworkUtil;->a:7API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.cootek.noah.ararat.NetworkUtil;->a:9API Call: android.net.NetworkInfo.isConnected
Source: com.monet.bidder.v;->C:39API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.monet.bidder.v;->C:40API Call: android.net.NetworkInfo.isConnected
Source: com.monet.bidder.v;->h:189API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.monet.bidder.v;->h:190API Call: android.net.NetworkInfo.isConnected
Source: com.monet.bidder.v;->h:191API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.monet.bidder.v;->h:192API Call: android.net.NetworkInfo.isConnected
Source: com.monet.bidder.v;->j:249API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.monet.bidder.w;->a:130API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.monet.bidder.w;->a:131API Call: android.net.NetworkInfo.isConnected
Source: com.facebook.ads.internal.q.c.d;->c:89API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.facebook.ads.internal.q.c.d;->c:90API Call: android.net.NetworkInfo.isConnected
Source: com.mopub.common.ClientMetadata;->getActiveNetworkType:65API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.mopub.common.ClientMetadata;->getActiveNetworkType:66API Call: android.net.NetworkInfo.isConnected
Source: com.mopub.common.ClientMetadata;->getActiveNetworkType:76API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.mopub.common.ClientMetadata;->getActiveNetworkType:77API Call: android.net.NetworkInfo.isConnected
Source: com.mopub.common.ClientMetadata;->getActiveNetworkType:80API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.mopub.common.ClientMetadata;->getActiveNetworkType:81API Call: android.net.NetworkInfo.isConnected
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Source: unknownTCP traffic detected without corresponding DNS query: 108.177.127.188
Loads a webpage with cache disabledShow sources
Source: com.cootek.boomtext.adapter.NormalRecyclerViewAdapter;->a:17API Call: android.webkit.WebSettings.setCacheMode
Source: com.just.agentweb.AgentWebUtils;->clearWebViewAllCache:86API Call: android.webkit.WebSettings.setCacheMode
Source: com.monet.bidder.ac;->c:179API Call: android.webkit.WebSettings.setCacheMode
Opens an internet connectionShow sources
Source: com.snipermob.sdk.mobileads.mraid.a.e;->Q:11API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.ads.internal.p.a.f;->a:6API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.tark.active_statistic.ActiveTask;->a:93API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzafn;->zza:178API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzanf;->zzcz:10API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzaqn;->zzdp:113API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzaqx;->zze:74API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzas;->zza:49API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.ads.zzasj;->zze:31API Call: java.net.URL.openConnection (not executed)
Source: com.amazon.device.ads.HttpURLConnectionWebRequest;->openConnection:97API Call: java.net.URL.openConnection (not executed)
Source: com.flurry.sdk.ads.ce;->i:11API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.smartinput5.func.adsplugin.AdsPluginUpdater;->g:88API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.AppsFlyerLib$d;->run:58API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.AppsFlyerLib;->:222API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.OneLinkHttpTask$HttpsUrlConnectionProvider;->:3API Call: java.net.URL.openConnection (not executed)
Source: com.appsflyer.l;->:52API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.noah.ararat.DataChannel$WorkingHandler;->a:83API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.ads.internal.p.b.h;->a:27API Call: java.net.URL.openConnection (not executed)
Source: com.monet.bidder.w$a;->c:88API Call: java.net.URL.openConnection (not executed)
Source: com.monet.bidder.w;->e:161API Call: java.net.URL.openConnection (not executed)
Source: bolts.WebViewAppLinkResolver$3;->a:5API Call: java.net.URL.openConnection (not executed)
Source: com.mobutils.android.mediation.cache.e;->b:29API Call: java.net.URL.openConnection (not executed)
Source: com.my.target.core.async.commands.c$a;->a:8API Call: java.net.URL.openConnection (not executed)
Source: com.my.target.core.async.commands.f;->a:3API Call: java.net.URL.openConnection (not executed)
Source: com.my.target.core.async.commands.g;->c:7API Call: java.net.URL.openConnection (not executed)
Source: com.my.target.core.async.commands.h;->a:12API Call: java.net.URL.openConnection (not executed)
Source: com.mopub.common.MoPubHttpUrlConnection;->getHttpUrlConnection:36API Call: java.net.URL.openConnection (not executed)
Source: com.mopub.common.UrlResolutionTask;->b:29API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.presentation.service.config.ContentDownloader;->download:38API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.presentation.service.config.ContentDownloader;->download:96API Call: java.net.URL.openConnection (not executed)
Source: com.cootek.presentation.service.config.SingleFileDownloader;->getConnection:16API Call: java.net.URL.openConnection (not executed)
Source: com.google.ads.consent.ConsentInformation$ConsentInfoUpdateTask;->makeConsentLookupRequest:3API Call: java.net.URL.openConnection (not executed)
Source: com.facebook.ads.internal.d.c;->d:103API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.facebook.ads.internal.p.b.f;-><init>:10API Call: java.net.InetAddress.getByName (not executed)
Source: com.google.gson.internal.bind.TypeAdapters$23;->b:10API Call: java.net.InetAddress.getByName (not executed)
Found strings which match to known social media urlsShow sources
Source: androidString found in binary or memory: Facebook equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: The Facebook sdk must be initialized before calling activateApp equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: YAHOO equals www.yahoo.com (Yahoo)
Source: androidString found in binary or memory: com.facebook.ads thread-%d %tF %<tT equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.AudienceNetworkActivity equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.InterstitialAdActivity equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.clicked equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.clicked: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.dismissed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.dismissed: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.displayed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.displayed: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.error equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.error: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.impression.logged equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.interstitial.impression.logged: equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.ad_click equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.ad_impression equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.closed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.completed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.completed.without.reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.end_activity equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.error equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.server_reward_failed equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.ads.rewarded_video.server_reward_success equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.all.All equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.AnalyticsUserIDStore.userID equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.AppEventsLogger$AccessTokenAppIdPair$SerializationProxyV1 equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.AppEventsLogger$AppEvent$SerializationProxyV1 equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.appevents.UserDataStore.userData equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.applinks.AppLinks equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.auth.login equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.core.Core equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.katana equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.login.Login equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.marketing.Marketing equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.messenger.Messenger equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.orca equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.places.Places equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.platform.APPLINK_ARGS equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.platform.APPLINK_NATIVE_CLASS equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.platform.APPLINK_NATIVE_URL equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.platform.APPLINK_TAP_TIME_UTC equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.react equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.react.ReactApplication equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.APP_EVENTS_FLUSHED equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.APP_EVENTS_FLUSH_RESULT equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.APP_EVENTS_NUM_EVENTS_FLUSHED equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.sdk.appEventPreferences equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.facebook.share.Share equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: com.twitter.android equals www.twitter.com (Twitter)
Source: androidString found in binary or memory: content://com.facebook.katana.provider.AttributionIdProvider equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.yahoo.com equals www.yahoo.com (Yahoo)
Source: androidString found in binary or memory: https://www.%s.facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.%s.facebook.com/audience_network/server_side_reward equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: https://www.facebook.com/audience_network/server_side_reward equals www.facebook.com (Facebook)
Monitors network connection stateShow sources
Source: com.monet.bidder.n;->b:81API Call: android.content.IntentFilter.addAction android.net.conn.CONNECTIVITY_CHANGE
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: graph.facebook.com
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://88.88-f.net/hbx/hberr?v=2.3.8
Source: androidString found in binary or memory: http://adlog.flurry.com
Source: androidString found in binary or memory: http://ads.flurry.com/v19/getAds.do
Source: androidString found in binary or memory: http://ai.cdn.cootekservice.com/conf/accessibility/
Source: androidString found in binary or memory: http://ai.cdn.cootekservice.com/weather/icon/%s.png
Source: androidString found in binary or memory: http://amazon-adsystem.com
Source: androidString found in binary or memory: http://app.advertising/sdk?v=09m=
Source: androidString found in binary or memory: http://cdn.flurry.com/adSpaceStyles.dev/images/bttn-close-bw.png
Source: androidString found in binary or memory: http://code.google.com/p/android/issues/detail?id=10789
Source: androidString found in binary or memory: http://mads.amazon-adsystem.com/
Source: androidString found in binary or memory: http://play.google.com/store/apps/
Source: androidString found in binary or memory: http://schemas.android.com/apk/lib/com.amazon.device.ads
Source: assist_entity_type_category_operation.xml, ucrop_activity_photobox.xml, assist_entity_type_game.xml, fragment_camera_layout.xml, layout_ai_accessibility_guide_activity.xml, assist_entity_type_introduce_new.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto
Source: abc_action_menu_layout.xmlString found in binary or memory: http://schemas.android.com/apk/res-auto((android.support.v7.widget.ActionMenuView
Source: androidString found in binary or memory: http://schemas.android.com/apk/res/
Source: type_eran_view.xml, bg_btn_privacy_policy_guide_default.xml, assist_entity_type_category_operation.xml, abc_slide_out_top.xml, layout_ai_accessibility_guide_activity.xmlString found in binary or memory: http://schemas.android.com/apk/res/android
Source: candidates.xml, key_fore_sym_maths.xmlString found in binary or memory: http://schemas.android.com/apk/res/com.cootek.smartinputv5
Source: androidString found in binary or memory: http://schemas.applovin.com/android/1.0
Source: androidString found in binary or memory: http://usa.ime.cdn.cootekservice.com/ad/companionAds.html
Source: androidString found in binary or memory: http://ws2.cootekservice.com
Source: androidString found in binary or memory: http://www.google.com
Source: androidString found in binary or memory: http://www.yahoo.com
Source: androidString found in binary or memory: http://xmlpull.org/v1/doc/features.html#process-namespaces
Source: androidString found in binary or memory: https://%s/default/TouchPal/cootek.smartinput.android.public/config/dcs.cfg
Source: androidString found in binary or memory: https://accounts.google.com
Source: androidString found in binary or memory: https://adlog.flurry.com
Source: androidString found in binary or memory: https://ads.flurry.com/v19/getAds.do
Source: androidString found in binary or memory: https://adservice.google.com/getconfig/pubvendors
Source: androidString found in binary or memory: https://adx.snipermob.com/adx/rewarded
Source: androidString found in binary or memory: https://ap-aremoji.ime.cootek.com
Source: androidString found in binary or memory: https://api.%s/install_data/v3/
Source: androidString found in binary or memory: https://attr.%s/api/v
Source: androidString found in binary or memory: https://cdn.flurry.com/vast/videocontrols/v2/android.zip
Source: androidString found in binary or memory: https://csi.gstatic.com/csi
Source: androidString found in binary or memory: https://dsp.snipermob.com/awu
Source: androidString found in binary or memory: https://dsp.snipermob.com/config
Source: androidString found in binary or memory: https://dsp.snipermob.com/dsp/sspstat
Source: androidString found in binary or memory: https://dsp.snipermob.com/dsp/statistics
Source: androidString found in binary or memory: https://dwxjayoxbnyrr.cloudfront.net/amazon-ads.viewablejs
Source: androidString found in binary or memory: https://eu-aremoji.ime.cootek.com
Source: androidString found in binary or memory: https://events.%s/api/v
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/native_ads.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: androidString found in binary or memory: https://imasdk.googleapis.com/admob/sdkloader/native_video.html
Source: androidString found in binary or memory: https://long.open.weixin.qq.com/connect/l/qrconnect?f=json&uuid=%s
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/00b92d245f3d86e23bc0d81e59f596ac/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/04befa4232889a11a5defcbff702efd6/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/0514a87a8cbd753583e471950b5e8d86/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/05dbf5bf3a3b88275bb045691541dc53/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/065c242b1d6bc39c7491a3d6e578d0d9/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/071432685fcc97fb132a46c1cdb874cb/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/082eb9db13d8d75be448427155d19cf7/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/0b3901f5f25c659e2e89f34bf779c7de/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/0bb10c39ce3092497fe8c20e19774f0f/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/0dd8de25e4437a84a7251bda75eade9b/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/0dfec0d72369e59dd5703ec97f6c1580/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/1035bcad5c3638e330effb54bbecefa8/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/112d8f49402d9e743a24186eaad182be/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/13aef1d405cb32fa4283169900a2cf06/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/14edcecd825f8337ffc4a660113fbbe2/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/175e1f105717e57fd01af0daecc6a234/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/185764b7b713544b9fb353aba36ebbc4/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/19578d5c9af0599e2eb4ac14811db342/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/1d12d1d77874760c7b8ec68f44f4eb07/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/1d4afdd9f279d0a1e978350f20e6c342/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/1e016e61f4c11a55a35945847f92796a/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/1e2db4382b2df94317e507fa665150f4/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/1e8b9a29cce651d29e27666e44eb6301/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/1ef6ec10df11f1fa8f7b9a2c53f46cfd/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/2208f4bccdeaad6c7ed367d8fb97de92/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/24a645c2860aaf2170ca56eb2c6534fd/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/25ff7ea40c4f833fcbc574f37e9e9808/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/2b55bab9307d1bc4a8a387583eda0609/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/2c4baf389a27a49f78a28bbc3c8aafb6/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/3176028b92c680e1b07a159db36cc3a8/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/31e893eeee69e91d32563dd5cc195c98/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/323afacdc54bf9a83764e8b318249cc6/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/3240b08b8c1d722625dfb9e5d73b7b11/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/376b4940282019fba8db70fbf9ebefce/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/3a8c312adc0bc19866090a856e5caae4/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/4026d51c9846087261e26f5c46db3cc9/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/41a0802c644036ad7f9e6830fbc8cafa/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/42083ab3487e170ffa10493a5c6fdcda/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/431eb67b27100729571ff6ae4421a428/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/442c33a9ba44a7dd5792f13914f4d05e/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/46511687417867f0e727be4c72437313/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/4684b847940ce94a09c385cf43d43ff1/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/4a8c48959fb34624f66c74e4f29b88c9/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/528410d17b1c4e54d14856efd02710a9/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/57774da5e53f1461030262fba1e4320a/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/59b237cfbe53d757d19fb7cafc703947/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/5bf088bb9f0f73a30f5c625f0d93e672/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/5de927dd31444d23fc21a544f9667ec3/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/5e0674e7bf47e3adeb62b48b2210e2db/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/6209a06e967e5727e3981458470e9491/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/6ba3097e267d8a24192c9bd654f8ba8e/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/6e6ce2a2ea091124fe1c1f4d93daa790/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/6ff0114a48d44bc223e13292392644b5/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/730528fe3ab2e18c15f2ee740f3415c1/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/73650f0289a58a8fbccc65b70f4e37b7/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/75198ad98cb351270fb79f8368ff4fb1/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/78ca0ab97900e6d114d04d16f13b6679/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/7969bded28baa74fa8dca4025918199b/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/7bc2ce96c28d5e54d78838bb77195959/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/7c11f9b72faea1f3a496c44f18259659/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/7c530befa9ebbcf8f586925f955cb6e8/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/7c9850320a2528e608523423aa0e63cf/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/8053d39a246a73a0606dd64a4eb8761d/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/80d5d71eed931758beb118b7327a3e57/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/8174044b488dfaea79d382bc32deef16/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/82bd075e470635485b9c9bdd661905e6/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/837fc498e5940ddae382825a7c71a631/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/83aa786cbc54db4a42f9bf262680c3e5/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/83c9dede50cce312cfd997ad421aed4d/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/840d565192bb8a90f13815738a301cf8/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/846c9ca7a76f515b1eb04292cfc4d16e/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/874607b08ee5c9d32c2d3984a21b36f8/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/885d1672999d735f1a4d6539656db2f6/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/88804be6bc82dadf5fc52609eefc5374/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/89214537c63aecbd8d5462831791c08b/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/8c016643d42cf98ef8d63a68c3a52ebf/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/8c680fde6d933598fb39737074c57826/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/8ca595d15dad5d44cc18c9e55674c00a/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/8db1864b715e2bc3ae8a9dd5c0244b62/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/8ec55cc929db6d75155a7164955c6057/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/905c1a9b1f56ae3c458b1ef58fd46357/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/9692844cdd95abd05f009327f757f3dd/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/9842a78ee3b78898d278e3d3fcf00456/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/9b04c6e145742abb9b13ee0a7af1f930/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/9fbe87d7590b3fb49542c4bf1ec81dce/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/a16db774329c8a8f958c768ac6b9fbdf/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/a18f57be4ef0b240c045f7a3df91cfc6/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/a6dd0697e3539941fa841ae581d7f535/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/a7efe4f227d99c4aa189688558d790e0/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/a967a759e41cf15fdc4a2a75a6b96b19/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/aae0cdf3c5a291cd7b96432180f6eee3/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/ab1f25fb3c2a6489ccd79a055d2078a2/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/abfcb2aa37c00002d0863553d308973e/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/aea982dd5d31f2bad86562ced078a933/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/b0e040f37d8d488050bf77fd611dae8b/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/b247d3517d0320b1233a5641b836191b/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/b53ed219743c70779830f1bcfd9a87e9/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/bfa1e7c49b2a5785d5d381560e2ec064/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/c153a6fb51b14b2286760a0d2c58769b/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/c3a0e626b56a6e3caf9e0d0775d089c5/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/c7504b9fb03c95b3b5687d744687e11c/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/c836a4ae980b8a057cf0852d868362f9/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/cb39866dc99056c7463a60e811f76c1b/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/cece9f03e910cc750da72bb7a17fc08a/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/cf93e588743759af4a69d2e31e246b55/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/d299e3a05a07c66f0d4e59dceac4b39f/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/d44281c288ce02b21ecd842fa6a08682/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/d4a5539962bf67b72236a29d7cae6e37/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/dae49b8a25ce516ac43c04ab88cfcfdd/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/db2ddfb6c2482fe62acd231e2c5e1585/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/e10c1cfbfa826311bd03739dad16ddf8/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/e280a9216b409415cef8eb86217d4f10/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/e2933e037fc73feb9966fc8209f94db3/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/e5ea79c86c2c86492f5dd905e158209b/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/e9db003894d585aec6f51a13b912bdbf/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/ed8d56a8698a9be5d9d4511d72ba0cc4/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/ef35fdedbea708620bee7c111a02f81f/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f1637734ec28f530f091d90516550567/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f1e4c5c35295821bd5a9742822d7e275/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f42992f2573d5cc9c0dce95c82467a46/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f42a43cbc379f7475a451a36ad59f5c7/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f4c8059e75d21aa301174d4374ec4680/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f5ba5fbd3bc5bf523f753508674a6f03/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f7325efa823d31c6a00c7bc8b55229db/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f8103e73a7439cae2767796ddbe88c21/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f95ab6c33b2c263cc7a0b587ee02e1d3/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/f9ac2e30e3c303b0797e75ef7ea9e94a/raw
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/fec20cd43b9f8906a2899a67c5a38b77/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/fecf4038efc54a27c46090be449055b0/tenor.gif
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/images/ff4a0680c81eb113ad2fe145838eebb8/tenor.png
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/008ad2496bad4b2faede4f0b8eaa335b/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/076f2402c48563a461d3f4f84ab1c9c5/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/0a5b3e599c6b6e167e90eddb4cb8fbe3/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/0c414dde39b465933026fe17c3ca41d4/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/0f79acaeef708585a212f84090dbdc9d/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/1161d47be0fcedc22f188c02d832c959/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/1a01559b30102fe661f3ac0434fb2e95/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/1d3f1a4499bcb6f0c258eebaa36af0d6/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/1da0b5f56808b855b09a859974e4593c/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/238b75d6359173fd51fafc4206fada9b/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/23ca7531eb66f2ea792398f50424f771/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/261fb6abe6a030698015699cf0dfa764/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/2b7f26c47c7b1bf0bf67cb7b9577ad74/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/30df2fe2a11278444f3f8c8cdfe1ec56/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/3122065950ebb0b5923fad3275f34872/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/35c7a701985b0366f34297dbad9ffa7b/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/35e7d6853533549b02c19c971a02b992/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/3815ae37c5502b12adb2262ac7e34413/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/3b6eed3a8723abf5afafd83073c25e2a/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/3b78746873af5479c605f1c38726daa1/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/456ecf148ab1ea75a25632dea4c56353/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/4fd96732ca460e6a25daf84ce2844e21/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/5362215fd441a1cd60a05817df74dd98/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/54b9f2759dcad37b3246533cc4f948ef/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/56ccb115c0379a64c74eb49f4c05d704/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/581eeeee090ad825fca3fcb0a8745948/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/5b97fc2b7cc07cd242c8672f647606b9/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/5c4142d1d5cc91d7222f2b610226c0ea/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/637d6b6020b8c9194933773dd7c9bfd7/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/64dd5a15863909a189e8bd4874266bea/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/6530fa3eb49e17d5682e13930c64f8f5/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/6bc8bd39158168a60a4e1728e51f582e/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/6c5e409850cf399c4d6f6598f5475b2f/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/70b429d21ffef89f134cc5c1f3772979/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/72d4a5803ad6a52e1ce6c75faa109f46/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/72e19d8c90a4db7176b087eb117c8ec6/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/743c962d5532d5db727bf740426e7367/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/7616584b2eee5383ab5924be65304fb7/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/77db2c2fd04640d5ad4e3c5122ba7405/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/7a7d75894d455d1eca91936d96cda4ea/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/7dec43f63050681ced48e06d773030a8/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/7e078fb2729a45472b09d6777210a53e/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/7ebe5e49dcd70be40aa9be5dd39eb56f/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/834a43ebe4abecde5a07d513f2f6e06b/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/86a6bc355d3d4b3654130141158e3196/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/88f3f7c0d132e311385c008c65e3a23f/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/899f32c822f58f6a51ea7501d6ed888c/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/8ac127bf8e171d19dc193cf0c9fee566/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/94f8ec73bb770e1762f4f7dde81e9754/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/958d276ce34c51301400084672c73c56/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/9a186b34b1f1600f93438cb4aa7a4cb8/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/9cf7837eab3c049692512874f2889e34/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/9f3e09883dcffa412a3cbc13d33b47d6/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/a0202674e6784877c96b1c8912c72f49/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/a9e2a8b4199d5f8ed67c9ecc7874ecca/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/abc5ab5dfa78445d7f1eb0ea6c292fee/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/abe8ec87a489da4bca1bd6f53aa1170d/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/ae65d005472f2762b157d79d52c69667/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/b5b0fa684b8b7f26963d2d8c6ba54ed0/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/b65a57c349fb3a3e268fb84fed0e5d42/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/bb808c852a336461f21f8cdf5596fb66/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/bf475ac9db09e635bb5123872b633706/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/bfb899dc10409f2762980aa7851096ed/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/c26a295d73f7f72ee348e5277cfa24e5/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/c4f70e61d55aa7601bb2c904759caff9/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/c6ef6520c6fcbce0751f6d47b807c043/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/c7fb18650531f21e3ed7c4112d168ec0/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/d085c0d4760233f3154f221fcf4acd79/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/d1df9740a2ff49a3894bc1dc06f54179/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/d40d1d91995856b3eeab3ece914dab80/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/d568116c914cf7f8641b0f1cc06e5bef/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/d960cff37096bcad7d9e56a331a24056/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/df4f5052a552737751cb4e2218cd60ef/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/e1ef7ff986196a0134e6a1bcdd47178a/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/e579e2a0c37f16b080629be105cfffa9/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/e77be279a3ebf303a1754b273bb39960/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/e77fca86ca8b3a175b77554205aef9d2/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/e821fe3a1c4e7313f6bba5dd3b503bcf/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/ed4aae2fd90eccb2c46f506aa9bd0a50/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/edd2fe98f0fb263fb8733f4b614eaf33/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/ef6da90a5d302978aff076c6dfd95ead/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/f0cbd87d62af6f83f8cf731ae1e87d1d/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/f17e106787ac1b910bc4b8801ec0842b/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/f1a0d029e9bcb01489f26d009f774b67/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/f979dbd92f04549ee8074695f739dc4a/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/fa707a6ebe394c26b16d17eb704ca51e/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/fd557b30964c2d7d30ed82b9f8269a41/webm
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/fdf5ccbac0219f0c29c550dff7da5dc9/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/feb1cc374286691b3fcfb676fdd3972f/mp4
Source: build_in_gif.jsonString found in binary or memory: https://media.tenor.com/videos/ff49e16abab6acb9e348a92f1df7d702/webm
Source: androidString found in binary or memory: https://monitorsdk.%s/remote-debug?app_id=
Source: androidString found in binary or memory: https://onelink.%s/shortlink-sdk/v1
Source: androidString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: androidString found in binary or memory: https://play.google.com/store/apps/details?id=
Source: androidString found in binary or memory: https://register.%s/api/v
Source: androidString found in binary or memory: https://sdk-services.%s/validate-android-signature
Source: androidString found in binary or memory: https://search.aitouchpal.com/?q=
Source: androidString found in binary or memory: https://service.cmp.oath.com/cmp/v0/location/eu
Source: androidString found in binary or memory: https://stats.%s/stats
Source: androidString found in binary or memory: https://support.google.com/dfp_premium/answer/7160685#push
Source: androidString found in binary or memory: https://t.%s/api/v
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/EqyI.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/LiRx.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/qPBy.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/s9Yp.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/skY8.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/tES0.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/tgys.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/umfC.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/v0ZV.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/vOjC.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/vg9e.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/awkward-twisty-uh-uhh-um-gif-8851577
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/confused-fresh-prince-will-smith-gif-5207985
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/goodnight-love-goodnight-gif-5370656
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/hello-cute-baby-chubby-cheeks-gif-4646332
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/hola-gif-4813026
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/hola-spongebob-rainbow-hey-hello-gif-4527503
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/huh-gif-4331504
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/jonah-hill-yay-greek-aldos-gif-7212866
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/love-iloveyou-romance-gif-5091351
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/loveyou-iloveyou-love-gif-3972550
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/minions-hello-hola-kiss-gif-4552802
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/omg-gif-5031738
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/view/wut-what-po-kung-fu-panda-kung-fu-panda-gifs-gif-5159234
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/vwEJ.gif
Source: build_in_gif.jsonString found in binary or memory: https://tenor.com/wHjE.gif
Source: androidString found in binary or memory: https://usa-aremoji.ime.cootek.com
Source: androidString found in binary or memory: https://validate.%s/api/v
Source: androidString found in binary or memory: https://www.google.com/dfp/debugSignals
Source: androidString found in binary or memory: https://www.google.com/dfp/inAppPreview
Source: androidString found in binary or memory: https://www.google.com/dfp/linkDevice
Source: androidString found in binary or memory: https://www.google.com/dfp/sendDebugData
Source: androidString found in binary or memory: https://www.thestartmagazine.com/feed/summary?isDesktop=false&publisherId=JC_COOTEK-Web&key=qxAh8642
Source: androidString found in binary or memory: https://zh-cn-aremoji.ime.cootek.com
Uses HTTP for connecting to the internetShow sources
Source: com.facebook.ads.internal.p.a.a;->a:66API Call: java.net.HttpURLConnection.connect
Source: com.tencent.mm.opensdk.diffdev.a.e;->a:6API Call: org.apache.http.client.HttpClient.execute
Source: com.cootek.tark.active_statistic.ActiveTask;->a:125API Call: javax.net.ssl.HttpsURLConnection.connect
Source: com.amazon.device.ads.HttpURLConnectionWebRequest;->doHttpNetworkCall:72API Call: java.net.HttpURLConnection.connect
Source: com.cootek.smartinput5.func.adsplugin.AdsPluginUpdater;->g:93API Call: java.net.HttpURLConnection.connect
Source: com.google.api.client.http.apache.ApacheHttpRequest;->a:21API Call: org.apache.http.client.HttpClient.execute
Source: com.cootek.noah.ararat.DataChannel$WorkingHandler;->a:100API Call: java.net.HttpURLConnection.connect
Source: com.my.target.core.async.commands.c$a;->a:15API Call: java.net.HttpURLConnection.connect
Source: com.my.target.core.async.commands.f;->c:33API Call: java.net.HttpURLConnection.connect
Source: com.my.target.core.async.commands.f;->c:100API Call: java.net.HttpURLConnection.connect
Source: com.my.target.core.async.commands.g;->c:19API Call: java.net.HttpURLConnection.connect
Source: com.cootek.presentation.service.config.ContentDownloader;->download:43API Call: java.net.HttpURLConnection.connect
Source: com.cootek.presentation.service.config.ContentDownloader;->download:101API Call: java.net.HttpURLConnection.connect
Source: com.cootek.presentation.service.config.SingleFileDownloader$BackgroundDownloadTask;->doInBackground:84API Call: java.net.HttpURLConnection.connect
Source: com.cootek.presentation.service.config.SingleFileDownloader$BackgroundDownloadTask;->doInBackground:155API Call: java.net.HttpURLConnection.connect
Source: com.facebook.ads.internal.d.c;->d:105API Call: java.net.HttpURLConnection.connect
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51901
Source: unknownNetwork traffic detected: HTTP traffic on port 60523 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39396
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39321
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53662
Source: unknownNetwork traffic detected: HTTP traffic on port 39396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57302
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39556
Source: unknownNetwork traffic detected: HTTP traffic on port 53662 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58361
Source: unknownNetwork traffic detected: HTTP traffic on port 39556 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57302 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 48958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48958
Source: unknownNetwork traffic detected: HTTP traffic on port 51901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58361 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39321 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60523

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Has permission to record audio in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Has permission to take photosShow sources
Source: submitted apkRequest permission: android.permission.CAMERA
Records audio/mediaShow sources
Source: com.otaliastudios.cameraview.Camera1$14;->run:16API Call: android.media.MediaRecorder.start
Accesses the audio/media managersShow sources
Source: com.otaliastudios.cameraview.Camera1;->S:57API Call: android.media.MediaRecorder.<init>

E-Banking Fraud:

barindex
Likely adds an overlay to existing apps to lurk for credit card informationShow sources
Source: Lcom/cootek/touchpal/commercial/suggestion/ui/app/AppSuggestionView;->a(Ljava/util/List;)VMethod string: "com.android.vending"
Has functionalty to add an overlay to other appsShow sources
Source: com.cootek.applock.PatternLockHelper;->c:15API Call: WindowManager.addView
Source: com.snipermob.sdk.mobileads.mraid.b.c;->clearWebViewDeadlock:19API Call: WindowManager.addView
Loads a webpage with cache disabledShow sources
Source: com.cootek.boomtext.adapter.NormalRecyclerViewAdapter;->a:17API Call: android.webkit.WebSettings.setCacheMode
Source: com.just.agentweb.AgentWebUtils;->clearWebViewAllCache:86API Call: android.webkit.WebSettings.setCacheMode
Source: com.monet.bidder.ac;->c:179API Call: android.webkit.WebSettings.setCacheMode
May check for popular installed appsShow sources
Source: Lcom/appsflyer/AppsFlyerLib;->(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ZLandroid/content/SharedPreferences;ZLandroid/content/Intent;)Ljava/util/Map;Method string: "com.facebook.katana"
Source: Lcom/android/vending/billing/IInAppBillingService$Stub;->onTransact(ILandroid/os/Parcel;Landroid/os/Parcel;I)ZMethod string: "com.android.vending.billing.IInAppBillingService"
Source: Lcom/cootek/touchpal/ai/component/DebugComponent;->g()Lcom/cootek/touchpal/ai/network/ReplyRequest;Method string: "com.whatsapp"
Source: Lcom/cootek/boomtext/BoomTextBaseSender;->a(Landroid/net/Uri;Ljava/lang/String;)VMethod string: "com.snapchat.android"
Source: Lcom/cootek/smartinput5/func/smileypanel/emojigif/SendGifAction/OnGifWrittenListener;->a(Ljava/io/File;)VMethod string: "com.facebook.orca"
Source: Lcom/cootek/smartinput5/func/smileypanel/emojigif/SendGifAction/OnGifWrittenListener;->a(Ljava/io/File;)VMethod string: "com.twitter.android"
Source: Lcom/cootek/smartinput5/func/smileypanel/emojigif/SendGifAction/OnGifWrittenListener;->a(Ljava/io/File;)VMethod string: "com.tencent.mm"

Spam, unwanted Advertisements and Ransom Demands:

barindex
May check for popular installed appsShow sources
Source: Lcom/appsflyer/AppsFlyerLib;->(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ZLandroid/content/SharedPreferences;ZLandroid/content/Intent;)Ljava/util/Map;Method string: "com.facebook.katana"
Source: Lcom/android/vending/billing/IInAppBillingService$Stub;->onTransact(ILandroid/os/Parcel;Landroid/os/Parcel;I)ZMethod string: "com.android.vending.billing.IInAppBillingService"
Source: Lcom/cootek/touchpal/ai/component/DebugComponent;->g()Lcom/cootek/touchpal/ai/network/ReplyRequest;Method string: "com.whatsapp"
Source: Lcom/cootek/boomtext/BoomTextBaseSender;->a(Landroid/net/Uri;Ljava/lang/String;)VMethod string: "com.snapchat.android"
Source: Lcom/cootek/smartinput5/func/smileypanel/emojigif/SendGifAction/OnGifWrittenListener;->a(Ljava/io/File;)VMethod string: "com.facebook.orca"
Source: Lcom/cootek/smartinput5/func/smileypanel/emojigif/SendGifAction/OnGifWrittenListener;->a(Ljava/io/File;)VMethod string: "com.twitter.android"
Source: Lcom/cootek/smartinput5/func/smileypanel/emojigif/SendGifAction/OnGifWrittenListener;->a(Ljava/io/File;)VMethod string: "com.tencent.mm"
May dial phone numberShow sources
Source: com.google.android.gms.internal.ads.zzmw;->zziw:13API Call: android.net.Uri.parse("tel:")
May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) servicesShow sources
Source: submitted apkRequest permission: com.cootek.smartinputv5.permission.C2D_MESSAGE
Found advertisement frameworksShow sources
Source: Lcom/mopub/common/ExternalViewabilitySession$VideoEvent;-><clinit>()VMethod: Modpub https://www.mopub.com/
Source: Lcom/appsflyer/AppsFlyerLib;->(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;ZLandroid/content/SharedPreferences;ZLandroid/content/Intent;)Ljava/util/Map;Method: AppsFlyer https://www.appsflyer.com/
Source: Lcom/applovin/impl/adview/ah;->a(Landroid/webkit/WebView;Ljava/lang/String;Z)ZMethod: App Lovin https://applovin.com/
Loads advertisementShow sources
Source: androidString found in binary or memory: .doubleclick.net
Source: androidString found in binary or memory: ad.doubleclick.net
Source: androidString found in binary or memory: googleads.g.doubleclick.net
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/native_ads.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
Source: androidString found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html

Operating System Destruction:

barindex
Deletes other packagesShow sources
Source: com.cootek.smartinput5.func.asset.LoadFailedActivity;->c:30API Call: com.cootek.smartinput5.func.asset.LoadFailedActivity.startActivity
Lists and deletes files in the same contextShow sources
Source: com.mopub.common.DiskLruCacheUtil;->a:22API Calls in same method context: File.listFiles,File.delete
Source: com.just.agentweb.AgentWebUtils;->clearCacheFolder:58API Calls in same method context: File.listFiles,File.delete
Source: com.cootek.boomtext.BoomTextView$GenerateGifAsyncTask;->a:17API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.ads.zzaqn;->zzdp:325API Calls in same method context: File.listFiles,File.delete
Source: com.cootek.smartinput5.ui.settings.controller.DictionaryPreferencePresenter$17;->onClick:17API Calls in same method context: File.listFiles,File.delete
Source: com.flurry.sdk.ads.az;->a:14API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.exoplayer2.upstream.cache.SimpleCache;->c:60API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.ads.zzam;->zza:146API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
May access the Android keyguard (lock screen)Show sources
Source: androidString found in binary or memory: keyguard
Source: androidString found in binary or memory: Invalid Window info in window interactive check, assuming not obstructed by Keyguard.
Source: androidString found in binary or memory: is_keyguard_locked
Sets a repeating alarmShow sources
Source: com.snipermob.wakeup.core.GuardService;->doAlarm:10API Call: android.app.AlarmManager.setRepeating

System Summary:

barindex
Executes native commandsShow sources
Source: com.cootek.deatting.b.b;->a:5API Call: java.lang.ProcessBuilder.start
Source: com.cootek.aremoji.core.FileUtils;->a:6API Call: java.lang.ProcessBuilder.start
Requests permissions only permitted to signed APKsShow sources
Source: submitted apkRequest permission: android.permission.BIND_INPUT_METHOD
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.ACCESS_FINE_LOCATION
Source: submitted apkRequest permission: android.permission.CAMERA
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_CONTACTS
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.READ_USER_DICTIONARY
Source: submitted apkRequest permission: android.permission.RECORD_AUDIO
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Classification labelShow sources
Source: classification engineClassification label: mal60.bank.spyw.evad.andAPK@0/251@1/0
Creates SQLiteDatabase tableShow sources
Source: com.cootek.noah.ararat.AraratDatabase;->a:168API Call: android.database.sqlite.SQLiteDatabase.execSQL
Loads native librariesShow sources
Source: com.cootek.aremoji.core.ARemojiApi;-><clinit>:2API Call: java.lang.System.loadLibrary ("aremoji")
Reads shares settingsShow sources
Source: com.cootek.abtest.ExperimentSettings;->a:15API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:21API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:29API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:37API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:45API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:53API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zzake;->zzdn:61API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:77API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzake;->zzdn:124API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzamo;->call:7API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zzamp;->call:15API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zznb;->zza:5API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.ads.zznf;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.ads.zztw;->zza:198API Call: android.content.SharedPreferences.getString
Source: com.amazon.device.ads.Settings;->getWrittenBoolean:112API Call: android.content.SharedPreferences.getBoolean
Source: com.amazon.device.ads.Settings;->getWrittenJSONObject:119API Call: android.content.SharedPreferences.getString
Source: com.amazon.device.ads.Settings;->getWrittenString:127API Call: android.content.SharedPreferences.getString
Source: com.flurry.sdk.ads.s;->b:32API Call: android.content.SharedPreferences.getString
Source: com.facebook.appevents.AnalyticsUserIDStore;->initAndWait:29API Call: android.content.SharedPreferences.getString
Source: com.facebook.appevents.AppEventsLogger;->getAnonymousAppDeviceGUID:121API Call: android.content.SharedPreferences.getString
Source: com.facebook.appevents.UserDataStore;->initAndWait:45API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:167API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:181API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:264API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.AppsFlyerLib;->:307API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:319API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:663API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:1804API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:1815API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:1885API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:1906API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:2031API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:2058API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:2156API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:2180API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:2279API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerLib;->:2282API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.AppsFlyerLib;->:2422API Call: android.content.SharedPreferences.getBoolean
Source: com.appsflyer.AppsFlyerProperties;->getReferrer:39API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.AppsFlyerProperties;->loadProperties:51API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.MultipleInstallBroadcastReceiver;->onReceive:13API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.SingleInstallBroadcastReceiver;->onReceive:13API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.i;->:58API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.p;->:24API Call: android.content.SharedPreferences.getString
Source: com.appsflyer.u;->:88API Call: android.content.SharedPreferences.getBoolean
Source: com.monet.bidder.al;->b:62API Call: android.content.SharedPreferences.getBoolean
Source: com.monet.bidder.al;->b:70API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.c.b;->a:8API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.c.b;->a:13API Call: android.content.SharedPreferences.getString
Source: com.facebook.ads.internal.c.b;->a:15API Call: android.content.SharedPreferences.getBoolean
Source: com.mopub.common.GpsHelper;->isLimitAdTrackingEnabled:37API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.common.config.zza;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.common.config.zzb;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.common.config.zzc;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.common.config.zzd;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.common.config.zze;->zza:4API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.common.config.zzf;->retrieveFromDirectBootCache:8API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.common.config.zzg;->retrieveFromDirectBootCache:8API Call: android.content.SharedPreferences.getString
Source: com.google.ads.consent.ConsentInformation;->loadConsentData:202API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.google.android.gms.internal.ads.zzapr;->start:53API Call: android.hardware.SensorManager.registerListener
Source: com.appsflyer.f;->:46API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/flurry/sdk/ads/in;->e()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAGUAAABmCAYAAADS6F9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2hpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg Length: 7598
Source: Lcom/flurry/sdk/ads/in;->e()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAGUAAABmCAYAAADS6F9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2hpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg Length: 8318
Source: Lcom/snipermob/sdk/mobileads/mraid/b/e;-><clinit>()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAEsAAAA8CAYAAAAuaUeTAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAADU1JREFUeNrUW2+kXdkVP/vkCI8QQikllFfv3cu0Q8bwmA8VwpB+CUNG52M/lTChOkKjdExN9VupGUbzqcKEahgThpG0MSFf8jSduvdliFbLMAyPMDzC27tr77vXOr+1zj5/7ptW0/vct8/ZZ/9b66z1W3/2vu7 Length: 4668
Source: Lcom/snipermob/sdk/mobileads/mraid/b/e;-><clinit>()VMethod string: iVBORw0KGgoAAAANSUhEUgAAAJAAAACQCAYAAADnRuK4AAAAAXNSR0IArs4c6QAAGatJREFUeAHtXQlwFcXWTtgXjWwBQgAT2QTZQSDsq2yKLEHDAwQUAS3AgldPVNS/QC38QVzK5cmOCCKIuLCLgCyieQIaZbNCSAggUcO+KYHkfd/9M/ef3HVmuufemXtvV53M3J7u092nv5zTe0dHhZkrKCi4HUWuD2pQSIl4xoDo70rl4XcddMkLZcL/cCG Length: 8856
Source: Lcom/flurry/sdk/ads/ie;->p(Lcom/flurry/sdk/ads/ie;)VMethod string: if(!window.Hogan){var Hogan={};(function(Hogan,useArrayBuffer){Hogan.Template=function(renderFunc,text,compiler,options){this.r=renderFunc||this.r;this.c=compiler;this.options=options;this.text=text||\"\";this.buf=useArrayBuffer?[]:\"\"};Hogan.Template.pr Length: 9415
Source: Lcom/flurry/sdk/ads/ir;->b()VMethod string: var mraidCtor=function(flurryBridge,initState){var mraid={};var STATES=mraid.STATES={LOADING:\"loading\",UNKNOWN:\"unknown\",DEFAULT:\"default\",EXPANDED:\"expanded\",HIDDEN:\"hidden\"};var EVENTS=mraid.EVENTS={ASSETREADY:\"assetReady\",ASSETREMOVED:\"ass Length: 7017
Source: Lcom/flurry/sdk/ads/ie;->b()VMethod string: var Hogan={};(function(Hogan,useArrayBuffer){Hogan.Template=function(renderFunc,text,compiler,options){this.r=renderFunc||this.r;this.c=compiler;this.options=options;this.text=text||\"\";this.buf=useArrayBuffer?[]:\"\"};Hogan.Template.prototype={r:functio Length: 9377
Source: Lcom/flurry/sdk/ads/in;->d()Landroid/graphics/Bitmap;Method string: iVBORw0KGgoAAAANSUhEUgAAAHIAAAByCAYAAACP3YV9AAAAAXNSR0IArs4c6QAADgpJREFUeAHtXXlwTVkaFxJGazpIWUpr0piIJIjY15ruGdrONMo6oqxlyvKHUcq+lVJK6VJKWUohQaHs+24w3dSosotlIiObhIgtEYTG/H6R++Yl7913z9vPve9+VT/3vnvPPfc73y/nnO9859wjqIx+pSxUrwqEAdWLj9/gWB6oUOqIn2XeA4Wljq/wOxd Length: 4888
Obfuscates method namesShow sources
Source: com.cootek.smartinputv5_2019-06-06.apkTotal valid method names: 35%
Uses reflectionShow sources
Source: com.facebook.ads.internal.q.a.a;->b:6API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.q.a.a;->b:10API Call: java.lang.reflect.Field.get
Source: com.facebook.ads.internal.q.a.a;->b:23API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzaiy;->zza:27API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zza:37API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zza:61API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzb:84API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzd:204API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzy:268API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzaiy;->zzy:273API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzamu;->zzbj:134API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzamu;->zzbj:138API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzazr;->zzaau:30API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzbba;->zzacp:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbbo;->zza:64API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbcj;->zzaea:14API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbel;->run:4API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzbfj;->zza:20API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.ads.zzbfj;->zza:39API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzbfj;->zza:47API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzcg;->zza:6API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzcg;->zza:117API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzcg;->zzb:364API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzde;->zzb:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdl;->zzar:11API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdm;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdn;->zzar:11API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdo;->zzar:48API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdp;->zzar:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdq;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdr;->zzar:3API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzds;->zzar:23API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdu;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdv;->zzar:8API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdw;->zzar:9API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdx;->zzar:6API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdy;->zzar:10API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzdz;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzea;->zzar:5API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzeb;->zzar:4API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzec;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzed;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzee;->zzar:7API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.ads.zzef;->zzar:9API Call: java.lang.reflect.Method.invoke
Source: com.amazon.device.ads.DeviceInfo;->setSerial:40API Call: java.lang.reflect.Field.get
Source: com.flurry.sdk.ads.dd;->a:13API Call: java.lang.reflect.Method.invoke
Source: com.flurry.sdk.ads.dd;->f:40API Call: java.lang.reflect.Method.invoke
Source: com.flurry.sdk.ads.dd;->f:42API Call: java.lang.reflect.Method.invoke
Source: com.applovin.impl.adview.AdViewControllerImpl;->a:98API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebSettingsImpl;->setDownloader:13API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:511API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:516API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:520API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:524API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:529API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:533API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:537API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:541API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebUtils;->showFileChooserCompat:546API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebView;->setAccessibilityEnabled:99API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebView;->removeSearchBoxJavaBridge:226API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.AgentWebView;->trySetWebDebuggEnabled:253API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.DefaultWebClient;->onMainFrameError:93API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.JsCallJava;->call:283API Call: java.lang.reflect.Method.invoke
Source: com.just.agentweb.WebChromeClientDelegate;->commonRefect:4API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.AppsFlyerLib;->:174API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.AppsFlyerLib;->:2038API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.a;->:39API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.u;->:66API Call: java.lang.reflect.Method.invoke
Source: com.appsflyer.u;->:70API Call: java.lang.reflect.Method.invoke
Source: com.google.android.exoplayer2.audio.AudioTrack;->q:234API Call: java.lang.reflect.Method.invoke
Source: com.cootek.deatting.b.c;->a:18API Call: java.lang.reflect.Field.get
Source: com.google.common.base.FinalizableReferenceQueue;-><init>:15API Call: java.lang.reflect.Method.invoke
Source: com.google.common.base.Throwables;->b:20API Call: java.lang.reflect.Method.invoke
Source: com.google.common.base.Throwables;->e:44API Call: java.lang.reflect.Method.invoke
Source: com.google.common.base.Throwables;->g:65API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.an$a;->b:10API Call: java.lang.reflect.Field.get
Source: com.monet.bidder.an$a;->c:15API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.an;->b:59API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.an;->b:63API Call: java.lang.reflect.Field.get
Source: com.monet.bidder.an;->d:103API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.an;->d:107API Call: java.lang.reflect.Field.get
Source: com.monet.bidder.v$a;->a:18API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.v$a;->a:23API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.v$a;->a:24API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.v;->i:205API Call: java.lang.reflect.Method.invoke
Source: com.monet.bidder.v;->i:211API Call: java.lang.reflect.Method.invoke
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->a:7API Call: java.lang.reflect.Field.get
Source: com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1;->a:16API Call: java.lang.reflect.Field.get
Source: bolts.MeasurementEvent;->a:95API Call: java.lang.reflect.Method.invoke
Source: bolts.MeasurementEvent;->a:104API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.q.c.b;->b:14API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.q.c.d;->a:29API Call: java.lang.reflect.Method.invoke
Source: com.facebook.ads.internal.c.d;->a:1API Call: java.lang.reflect.Method.invoke
Source: com.google.common.cache.Striped64$1;->a:4API Call: java.lang.reflect.Field.get
Source: com.mopub.common.MoPub;->a:15API Call: java.lang.reflect.Method.invoke
Source: com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1;->a:4API Call: java.lang.reflect.Field.get
Source: com.google.common.util.concurrent.MoreExecutors;->c:93API Call: java.lang.reflect.Method.invoke
Source: com.google.common.util.concurrent.MoreExecutors;->d:110API Call: java.lang.reflect.Method.invoke
Source: com.google.common.util.concurrent.SimpleTimeLimiter$1$1;->call:6API Call: java.lang.reflect.Method.invoke
Source: okhttp3.internal.connection.RouteException;->addSuppressedIfPossible:6API Call: java.lang.reflect.Method.invoke
Source: com.cootek.smartinput5.ui.control.PopupUtils;->a:18API Call: java.lang.reflect.Field.get
Source: com.my.target.core.net.cookie.c;->a:25API Call: java.lang.reflect.Field.get
Source: com.cootek.mygif.ui.custom.CustomFragment;->a:15API Call: java.lang.reflect.Field.get
Source: com.cootek.smartinput5.daemon.DaemonManager;->c:38API Call: java.lang.reflect.Method.invoke
Source: com.cootek.smartinput5.daemon.DaemonManager;->c:43API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Installs an application shortcut on the screenShow sources
Source: com.cootek.applock.AppLockListActivity;->a:224API Call: android.content.Intent.putExtra android.intent.extra.shortcut.INTENT
Creates filesShow sources
Source: com.cootek.smartinput5.actionflow.ActionFlowCollector;->d:79API Call: java.io.FileWriter.<init>
Source: com.cootek.smartinput5.actionflow.ActionFlowCollector;->d:102API Call: java.io.FileWriter.<init>
Source: com.cootek.smartinput5.actionflow.ActionFlowCollector;->e:139API Call: java.io.FileWriter.<init>
Source: com.cootek.presentation.service.config.DownloadManager;->createETagFile:45API Call: java.io.FileWriter.<init>
Source: com.cootek.smartinput5.cust.CustomizeDataManager$LocaleRunnable;->a:8API Call: java.io.FileWriter.<init>
Source: com.cootek.smartinput5.cust.CustomizeDataManager;->a:64API Call: java.io.FileWriter.<init>
Source: com.cootek.smartinput5.cust.CustomizeDataManager;->a:105API Call: java.io.FileWriter.<init>
Source: com.cootek.smartinput5.daemon.DaemonManager;->a:13API Call: java.io.FileWriter.<init>

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED

Hooking and other Techniques for Hiding and Protection:

barindex
Has permission to draw over other applications or user interfacesShow sources
Source: submitted apkRequest permission: android.permission.SYSTEM_ALERT_WINDOW
Queries list of running processes/tasksShow sources
Source: com.facebook.ads.internal.q.a.g;->a:3API Call: android.app.ActivityManager.getRunningTasks
Source: com.cootek.smartinput5.net.activate.Activator;->h:169API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.ads.zzakk;->zzap:234API Call: android.app.ActivityManager.getRunningTasks
Source: com.google.android.gms.internal.ads.zzakk;->zzaq:244API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.ads.zzgk;->zzgx:75API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.cootek.deatting.b.c;->b:195API Call: android.app.ActivityManager.getRunningAppProcesses
Queries package code path (often used for patching other applications)Show sources
Source: com.amazon.device.ads.AdUtils$AdUtilsExecutor;->checkDefinedActivities:7API Call: android.content.Context.getPackageCodePath
Uses Crypto APIsShow sources
Source: com.facebook.ads.internal.q.a.f;->b:32API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.q.a.f;->b:35API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.q.a.h;->a:3API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.q.a.h;->a:5API Call: java.security.MessageDigest.update
Source: com.facebook.ads.internal.q.a.h;->a:6API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.p.a.o;->a:1API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.p.a.o;->a:3API Call: java.security.MessageDigest.digest
Source: com.tencent.mm.opensdk.a.b;->a:2API Call: java.security.MessageDigest.getInstance
Source: com.tencent.mm.opensdk.a.b;->a:3API Call: java.security.MessageDigest.update
Source: com.tencent.mm.opensdk.a.b;->a:4API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzamu;->zzde:186API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzamu;->zzde:188API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzamu;->zzde:191API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:222API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:223API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:224API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzamu;->zzsi:225API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzayh;->zzk:24API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayh;->zzk:25API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;-><init>:7API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzayi;-><init>:9API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayi;-><init>:10API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zza:16API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zza:17API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zza:18API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayi;->zzc:30API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzayi;->zzc:32API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayi;->zzc:36API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzayi;->zzc:39API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayi;->zzc:40API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzayj;->zzc:13API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzayj;->zzc:15API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzaza;->zzb:2API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzaza;->zzb:3API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzazf;->zzb:2API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzazf;->zzb:3API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzbk;->zzb:67API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzbk;->zzb:69API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzbm;->run:4API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzck;->getCipher:7API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.ads.zzck;->zza:22API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzck;->zza:24API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzck;->zzb:37API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.ads.zzck;->zzb:39API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.ads.zzgq;->zzhg:7API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.ads.zzgv;->zzx:18API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzgv;->zzx:20API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.ads.zzgz;->zzx:11API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.ads.zzgz;->zzx:13API Call: java.security.MessageDigest.digest
Source: com.amazon.device.ads.StringUtils;->sha1:39API Call: java.security.MessageDigest.getInstance
Source: com.amazon.device.ads.StringUtils;->sha1:41API Call: java.security.MessageDigest.update
Source: com.amazon.device.ads.StringUtils;->sha1:42API Call: java.security.MessageDigest.digest
Source: com.flurry.sdk.ads.bz;->a:3API Call: com.flurry.sdk.ads.bq.update
Source: com.cootek.smartinput5.func.adsplugin.ImageCache;->a:6API Call: java.security.MessageDigest.getInstance
Source: com.cootek.smartinput5.func.adsplugin.ImageCache;->a:8API Call: java.security.MessageDigest.update
Source: com.cootek.smartinput5.func.adsplugin.ImageCache;->a:9API Call: java.security.MessageDigest.digest
Source: com.just.agentweb.AgentWebUtils;->md5:467API Call: java.security.MessageDigest.getInstance
Source: com.just.agentweb.AgentWebUtils;->md5:469API Call: java.security.MessageDigest.update
Source: com.just.agentweb.AgentWebUtils;->md5:470API Call: java.security.MessageDigest.digest
Source: com.flurry.android.FlurryPrivacySession$Request;-><init>:9API Call: java.security.MessageDigest.update
Source: com.flurry.android.FlurryPrivacySession$Request;-><init>:10API Call: java.security.MessageDigest.digest
Source: com.facebook.appevents.AppEvent;->md5Checksum:71API Call: java.security.MessageDigest.getInstance
Source: com.facebook.appevents.AppEvent;->md5Checksum:74API Call: java.security.MessageDigest.update
Source: com.facebook.appevents.AppEvent;->md5Checksum:75API Call: java.security.MessageDigest.digest
Source: com.facebook.appevents.UserDataStore;->encryptData:25API Call: java.security.MessageDigest.getInstance
Source: com.facebook.appevents.UserDataStore;->encryptData:27API Call: java.security.MessageDigest.update
Source: com.facebook.appevents.UserDataStore;->encryptData:28API Call: java.security.MessageDigest.digest
Source: com.appsflyer.r;->:3API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.r;->:5API Call: java.security.MessageDigest.update
Source: com.appsflyer.r;->:6API Call: java.security.MessageDigest.digest
Source: com.appsflyer.r;->:27API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.r;->:31API Call: java.security.MessageDigest.update
Source: com.appsflyer.r;->:32API Call: java.security.MessageDigest.digest
Source: com.appsflyer.r;->:43API Call: java.security.MessageDigest.getInstance
Source: com.appsflyer.r;->:47API Call: java.security.MessageDigest.update
Source: com.appsflyer.r;->:48API Call: java.security.MessageDigest.digest
Source: com.facebook.ads.internal.p.b.m;->d:30API Call: java.security.MessageDigest.getInstance
Source: com.facebook.ads.internal.p.b.m;->d:32API Call: java.security.MessageDigest.digest
Source: com.monet.bidder.aa;->hash:137API Call: java.security.MessageDigest.getInstance
Source: com.monet.bidder.aa;->hash:140API Call: java.security.MessageDigest.update
Source: com.monet.bidder.aa;->hash:141API Call: java.security.MessageDigest.digest
Source: com.google.android.exoplayer2.upstream.cache.CachedContentIndex;-><init>:5API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.exoplayer2.upstream.cache.CachedContentIndex;->f:40API Call: javax.crypto.Cipher.init
Source: com.google.android.exoplayer2.upstream.cache.CachedContentIndex;->g:77API Call: javax.crypto.Cipher.init
Source: com.bumptech.glide.load.engine.cache.SafeKeyGenerator;->getSafeKey:7API Call: java.security.MessageDigest.getInstance
Source: com.bumptech.glide.load.engine.cache.SafeKeyGenerator;->getSafeKey:9API Call: java.security.MessageDigest.digest
Source: com.cootek.smartinput5.net.cmd.CmdTransactionDetailBackup;->a:3API Call: java.security.MessageDigest.getInstance
Source: com.cootek.smartinput5.net.cmd.CmdTransactionDetailBackup;->a:6API Call: java.security.MessageDigest.update
Source: com.cootek.smartinput5.net.cmd.CmdTransactionDetailBackup;->a:10API Call: java.security.MessageDigest.digest
Source: com.cootek.smartinput5.net.cmd.HttpCmdBase;->i:292API Call: java.security.MessageDigest.getInstance
Source: com.cootek.smartinput5.net.cmd.HttpCmdBase;->i:296API Call: java.security.MessageDigest.update
Source: com.cootek.smartinput5.net.cmd.HttpCmdBase;->i:300API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.common.zzi;->getErrorMessage:10API Call: java.security.MessageDigest.digest
Source: com.google.ads.consent.ConsentInformation;->md5:78API Call: java.security.MessageDigest.getInstance
Source: com.google.ads.consent.ConsentInformation;->md5:80API Call: java.security.MessageDigest.update
Source: com.google.ads.consent.ConsentInformation;->md5:83API Call: java.security.MessageDigest.digest
Source: com.mobutils.android.resource.ui.core.c;->a:25API Call: javax.crypto.Cipher.getInstance
Source: com.mobutils.android.resource.ui.core.c;->a:29API Call: javax.crypto.Cipher.init
Source: com.mobutils.android.resource.ui.core.c;->a:31API Call: javax.crypto.Cipher.doFinal
Source: com.mobutils.android.resource.ui.core.c;->a:38API Call: javax.crypto.Cipher.getInstance
Source: com.mobutils.android.resource.ui.core.c;->a:57API Call: javax.crypto.Cipher.init
Source: com.mobutils.android.resource.ui.core.c;->a:82API Call: javax.crypto.Cipher.getInstance
Source: com.mobutils.android.resource.ui.core.c;->a:101API Call: javax.crypto.Cipher.init
Source: com.mobutils.android.resource.ui.core.c;->a:126API Call: java.security.MessageDigest.getInstance
Source: com.mobutils.android.resource.ui.core.c;->a:131API Call: java.security.MessageDigest.update
Source: com.mobutils.android.resource.ui.core.c;->a:132API Call: java.security.MessageDigest.digest
Source: com.mobutils.android.resource.ui.core.c;->b:146API Call: java.security.MessageDigest.getInstance
Source: com.mobutils.android.resource.ui.core.c;->b:151API Call: java.security.MessageDigest.update
Source: com.mobutils.android.resource.ui.core.c;->b:156API Call: java.security.MessageDigest.digest
Source: com.mobutils.android.resource.ui.core.c;->b:161API Call: javax.crypto.Cipher.getInstance
Source: com.mobutils.android.resource.ui.core.c;->b:168API Call: javax.crypto.Cipher.init
Source: com.mobutils.android.resource.ui.core.c;->b:170API Call: javax.crypto.Cipher.doFinal
Source: com.mobutils.android.resource.ui.core.c;->c:179API Call: java.security.MessageDigest.getInstance
Source: com.mobutils.android.resource.ui.core.c;->c:184API Call: java.security.MessageDigest.update
Source: com.mobutils.android.resource.ui.core.c;->c:188API Call: java.security.MessageDigest.digest
Source: com.mobutils.android.resource.ui.core.c;->d:200API Call: java.security.MessageDigest.getInstance
Source: com.mobutils.android.resource.ui.core.c;->d:204API Call: java.security.MessageDigest.update
Source: com.mobutils.android.resource.ui.core.c;->d:205API Call: java.security.MessageDigest.digest
Source: com.google.android.exoplayer2.upstream.crypto.AesFlushingCipher;-><init>:3API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.exoplayer2.upstream.crypto.AesFlushingCipher;-><init>:14API Call: javax.crypto.Cipher.init
Source: com.cootek.touchpal.crypto.AESUtil;->a:25API Call: javax.crypto.Cipher.getInstance
Source: com.cootek.touchpal.crypto.AESUtil;->a:27API Call: javax.crypto.Cipher.init
Source: com.cootek.touchpal.crypto.AESUtil;->a:28API Call: javax.crypto.Cipher.doFinal
Source: com.cootek.touchpal.crypto.RSAUtil;->a:10API Call: javax.crypto.Cipher.getInstance
Source: com.cootek.touchpal.crypto.RSAUtil;->a:11API Call: javax.crypto.Cipher.init
Source: com.cootek.touchpal.crypto.RSAUtil;->a:12API Call: javax.crypto.Cipher.doFinal
Source: com.cootek.touchpal.crypto.RSAUtil;->a:15API Call: javax.crypto.Cipher.getInstance
Source: com.cootek.touchpal.crypto.RSAUtil;->a:16API Call: javax.crypto.Cipher.init
Source: com.cootek.touchpal.crypto.RSAUtil;->a:17API Call: javax.crypto.Cipher.doFinal

Malware Analysis System Evasion:

barindex
Might try to detect if ADB is runningShow sources
Source: Lcom/monet/bidder/v;->o()Ljava/lang/Boolean;Method string: adb_enabled
Tries to detect Android x86Show sources
Source: Lcom/monet/bidder/v;->w()Ljava/lang/Boolean;Method string: "Android SDK built for x86"
Tries to detect the analysis device (e.g. the Android emulator)Show sources
Source: Lcom/monet/bidder/v;->w()Ljava/lang/Boolean;Method string: "Emulator"
Accesses /procShow sources
Source: Lcom/monet/bidder/v;->H()Ljava/lang/String;Method string: "/proc/version"
Source: Lcom/cootek/smartinput5/net/activate/Activator;->h()Ljava/lang/String;Method string: "/proc/cpuinfo"
Accesses android OS build fieldsShow sources
Source: com.snipermob.sdk.mobileads.model.a.a;-><init>:10Field Access: android.os.Build.MODEL
Source: com.snipermob.sdk.mobileads.model.a.a;-><init>:11Field Access: android.os.Build.MANUFACTURER
Source: com.snipermob.sdk.mobileads.model.a.a;-><init>:12Field Access: android.os.Build$VERSION.RELEASE
Source: com.facebook.ads.internal.q.a.f;->b:41Field Access: android.os.Build.TAGS
Source: com.facebook.ads.internal.p.a.o;->a:6Field Access: android.os.Build$VERSION.RELEASE
Source: com.cootek.smartinput5.net.activate.Activator;->b:37Field Access: android.os.Build$VERSION.RELEASE
Source: com.cootek.smartinput5.net.activate.Activator;->b:38Field Access: android.os.Build.MODEL
Source: com.cootek.smartinput5.net.activate.Activator;->b:50Field Access: android.os.Build.MANUFACTURER
Source: com.cootek.smartinput5.net.activate.Activator;->b:51Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.ads.zzadb;->zza:32Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzadb;->zza:38Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.ads.zzadb;->zza:39Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.ads.zzafs;->zza:547Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.ads.zzafs;->zza:550Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.ads.zzagb;-><init>:25Field Access: android.os.Build.FINGERPRINT
Source: com.google.android.gms.internal.ads.zzagb;-><init>:26Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:417Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:420Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:426Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:429Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:431Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.ads.zzakk;->zzrg:434Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.ads.zzakk;->zzri:441Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.ads.zzakk;->zzri:442Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.ads.zzamu;->zza:46Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zzamu;->zzsg:207Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.ads.zzcz;->zza:92Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.ads.zzcz;->zzb:181Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.ads.zznm;-><init>:16Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.ads.zznm;-><init>:20Field Access: android.os.Build$VERSION.SDK
Source: com.amazon.device.ads.AndroidBuildInfo;-><init>:2Field Access: android.os.Build.MANUFACTURER
Source: com.amazon.device.ads.AndroidBuildInfo;-><init>:3Field Access: android.os.Build.MODEL
Source: com.amazon.device.ads.AndroidBuildInfo;-><init>:4Field Access: android.os.Build$VERSION.RELEASE
Source: com.amazon.device.ads.DeviceInfo;-><init>:6Field Access: android.os.Build.MANUFACTURER
Source: com.amazon.device.ads.DeviceInfo;-><init>:7Field Access: android.os.Build.MODEL
Source: com.amazon.device.ads.DeviceInfo;-><init>:8Field Access: android.os.Build$VERSION.RELEASE
Source: com.flurry.sdk.ads.cj;->b:22Field Access: android.os.Build$VERSION.RELEASE
Source: com.flurry.sdk.ads.cj;->c:23Field Access: android.os.Build.DEVICE
Source: com.flurry.sdk.ads.cj;->d:24Field Access: android.os.Build.ID
Source: com.flurry.sdk.ads.cj;->e:25Field Access: android.os.Build.MANUFACTURER
Source: com.flurry.sdk.ads.cj;->f:26Field Access: android.os.Build.MODEL
Source: com.flurry.sdk.ads.gn;->a:11Field Access: android.os.Build$VERSION.RELEASE
Source: com.flurry.sdk.ads.gn;->a:12Field Access: android.os.Build.ID
Source: com.flurry.sdk.ads.gn;->a:13Field Access: android.os.Build.DEVICE
Source: com.flurry.sdk.ads.gn;->a:14Field Access: android.os.Build.MANUFACTURER
Source: com.flurry.sdk.ads.gn;->a:15Field Access: android.os.Build.MODEL
Source: com.facebook.appevents.AppEventsLogger;->augmentWebView:71Field Access: android.os.Build$VERSION.RELEASE
Source: com.appsflyer.AFKeystoreWrapper;->:48Field Access: android.os.Build.BRAND
Source: com.appsflyer.AppsFlyerLib;->:1553Field Access: android.os.Build.MODEL
Source: com.appsflyer.AppsFlyerLib;->:1556Field Access: android.os.Build.BRAND
Source: com.appsflyer.AppsFlyerLib;->:1667Field Access: android.os.Build.BRAND
Source: com.appsflyer.AppsFlyerLib;->:1670Field Access: android.os.Build.DEVICE
Source: com.appsflyer.AppsFlyerLib;->:1673Field Access: android.os.Build.PRODUCT
Source: com.appsflyer.AppsFlyerLib;->:1679Field Access: android.os.Build.MODEL
Source: com.appsflyer.AppsFlyerLib;->:1682Field Access: android.os.Build.TYPE
Source: com.appsflyer.AppsFlyerLib;->:1739Field Access: android.os.Build.BRAND
Source: com.appsflyer.o;->:6Field Access: android.os.Build.MANUFACTURER
Source: com.appsflyer.y;->:101Field Access: android.os.Build.BRAND
Source: com.appsflyer.y;->:102Field Access: android.os.Build.MODEL
Source: com.appsflyer.y;->:103Field Access: android.os.Build$VERSION.RELEASE
Source: com.snipermob.sdk.mobileads.model.b.e;-><init>:7Field Access: android.os.Build.MODEL
Source: com.snipermob.sdk.mobileads.model.b.e;-><init>:8Field Access: android.os.Build.MANUFACTURER
Source: com.snipermob.sdk.mobileads.model.b.e;-><init>:9Field Access: android.os.Build$VERSION.RELEASE
Source: com.monet.bidder.v;->G:77Field Access: android.os.Build.TAGS
Source: com.monet.bidder.v;->G:78Field Access: android.os.Build.TAGS
Source: com.monet.bidder.v;->k:284Field Access: android.os.Build$VERSION.RELEASE
Source: com.monet.bidder.v;->k:287Field Access: android.os.Build.DISPLAY
Source: com.monet.bidder.v;->n:353Field Access: android.os.Build.MANUFACTURER
Source: com.monet.bidder.v;->n:356Field Access: android.os.Build.BRAND
Source: com.monet.bidder.v;->n:359Field Access: android.os.Build.MODEL
Source: com.monet.bidder.v;->n:365Field Access: android.os.Build.ID
Source: com.monet.bidder.v;->n:374Field Access: android.os.Build.PRODUCT
Source: com.monet.bidder.v;->n:377Field Access: android.os.Build.TYPE
Source: com.monet.bidder.v;->n:380Field Access: android.os.Build.DISPLAY
Source: com.monet.bidder.v;->n:389Field Access: android.os.Build.CPU_ABI
Source: com.monet.bidder.v;->n:419Field Access: android.os.Build.FINGERPRINT
Source: com.monet.bidder.v;->u:514Field Access: android.os.Build.MODEL
Source: com.monet.bidder.v;->w:536Field Access: android.os.Build.FINGERPRINT
Source: com.monet.bidder.v;->w:539Field Access: android.os.Build.FINGERPRINT
Source: com.monet.bidder.v;->w:542Field Access: android.os.Build.MODEL
Source: com.monet.bidder.v;->w:545Field Access: android.os.Build.MODEL
Source: com.monet.bidder.v;->w:548Field Access: android.os.Build.MODEL
Source: com.monet.bidder.v;->w:551Field Access: android.os.Build.MANUFACTURER
Source: com.monet.bidder.v;->w:554Field Access: android.os.Build.BRAND
Source: com.monet.bidder.v;->w:557Field Access: android.os.Build.DEVICE
Source: com.monet.bidder.v;->w:561Field Access: android.os.Build.PRODUCT
Source: com.snipermob.wakeup.c.h;-><init>:2Field Access: android.os.Build$VERSION.RELEASE
Source: com.snipermob.wakeup.c.h;-><init>:3Field Access: android.os.Build.MODEL
Source: com.snipermob.wakeup.c.h;-><init>:4Field Access: android.os.Build.MANUFACTURER
Source: com.snipermob.sdk.mobileads.c.c;-><init>:11Field Access: android.os.Build$VERSION.RELEASE
Source: com.cootek.smartinput5.net.cmd.HttpCmdBase;->a:29Field Access: android.os.Build.DEVICE
Source: com.cootek.smartinput5.net.cmd.HttpCmdBase;->a:30Field Access: android.os.Build.ID
Source: com.mopub.common.ClientMetadata;-><init>:6Field Access: android.os.Build.MANUFACTURER
Source: com.mopub.common.ClientMetadata;-><init>:7Field Access: android.os.Build.MODEL
Source: com.mopub.common.ClientMetadata;-><init>:8Field Access: android.os.Build.PRODUCT
Source: com.mopub.common.ClientMetadata;-><init>:9Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.ads.consent.ConsentInformation;->isEmulator:50Field Access: android.os.Build.FINGERPRINT
Source: com.google.ads.consent.ConsentInformation;->isEmulator:53Field Access: android.os.Build.FINGERPRINT
Source: com.google.ads.consent.ConsentInformation;->isEmulator:56Field Access: android.os.Build.MODEL
Source: com.google.ads.consent.ConsentInformation;->isEmulator:59Field Access: android.os.Build.MODEL
Source: com.google.ads.consent.ConsentInformation;->isEmulator:62Field Access: android.os.Build.MODEL
Source: com.google.ads.consent.ConsentInformation;->isEmulator:65Field Access: android.os.Build.MANUFACTURER
Source: com.google.ads.consent.ConsentInformation;->isEmulator:68Field Access: android.os.Build.BRAND
Source: com.google.ads.consent.ConsentInformation;->isEmulator:71Field Access: android.os.Build.DEVICE
Source: com.google.ads.consent.ConsentInformation;->isEmulator:75Field Access: android.os.Build.PRODUCT
Source: com.cootek.smartinput5.ui.control.SpecialEdgeDevice;->manufactureMatch:33Field Access: android.os.Build.MANUFACTURER
Source: com.cootek.smartinput5.ui.control.SpecialEdgeDevice;->modelMatch:35Field Access: android.os.Build.MODEL
Potential date aware sample foundShow sources
Source: com.cootek.scorpio.config.HolidayThemeChecker;->b:62API Call: java.util.Date.after
Queries several sensitive phone informationsShow sources
Source: Lcom/monet/bidder/v;->s()Lorg/json/JSONObject;Method string: "os"
Source: Lbolts/BoltsExecutors;->d()ZMethod string: "android"
Source: Lcom/cootek/smartinput5/configuration/ConfigurationManager;->b(Lorg/w3c/dom/Node;)Lcom/cootek/smartinput5/configuration/ConfigurationData;Method string: "type"
Source: Lcom/my/target/core/communication/js/calls/d;-><init>(Lorg/json/JSONObject;)VMethod string: "version"
Source: Lcom/flurry/sdk/ads/gf;->a(Lcom/flurry/sdk/ads/f;Ljava/lang/String;)Ljava/lang/String;Method string: "sid"
Source: Lcom/monet/bidder/v;->n()Lorg/json/JSONObject;Method string: "manufacturer"
Source: Lcom/cootek/smartinput5/net/cmd/CmdCheckCallLog;->b(Lorg/json/JSONObject;)Ljava/lang/Object;Method string: "phone"
Source: Lcom/appsflyer/AppsFlyerLib;->setAppId(Ljava/lang/String;)VMethod string: "appid"
Source: Lcom/cootek/smartinput5/net/cmd/CmdActivate;->j()Ljava/lang/String;Method string: "imei"
Source: Lcom/appsflyer/y;->(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "model"
Source: Lcom/appsflyer/AppsFlyerLib;->(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "sdk"
Source: Lcom/cootek/smartinput5/actionflow/ActionFlowCollector$2;->a(Lorg/json/JSONObject;Lorg/json/JSONObject;)IMethod string: "time"
Source: Lcom/flurry/sdk/ads/ea;->a(Lcom/flurry/sdk/ads/eb;Lorg/json/JSONObject;)VMethod string: "category"
Source: Lcom/appsflyer/y;->(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)VMethod string: "brand"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.google.android.gms.internal.ads.zzamu;->zzbc:106API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.internal.ads.zzamu;->zzbd:112API Call: android.provider.Settings$Secure.getString
Source: com.amazon.device.ads.DeviceInfo;->setUdid:51API Call: android.provider.Settings$Secure.getString
Source: com.appsflyer.AppsFlyerLib;->:2062API Call: android.provider.Settings$Secure.getString
Source: com.google.ads.consent.ConsentInformation;->getHashedDeviceId:35API Call: android.provider.Settings$Secure.getString

Anti Debugging:

barindex
Checks if debugger is runningShow sources
Source: com.monet.bidder.v;->n:424API Call: android.os.Debug.isDebuggerConnected

HIPS / PFW / Operating System Protection Evasion:

barindex
Uses the DexClassLoader (often used for code injection)Show sources
Source: com.google.android.gms.internal.ads.zzcz;->zza:52API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.google.android.gms.internal.ads.zzeg