Loading ...

Play interactive tourEdit tour

Analysis Report SpLW6lfIV3

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:218143
Start date:26.03.2020
Start time:09:33:35
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 41s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:SpLW6lfIV3
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 6.0
APK Instrumentation enabled:true
Detection:MAL
Classification:mal68.spyw.evad.and@0/251@1/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 216.58.215.227, 108.177.127.188, 172.217.168.46, 172.217.168.42, 173.194.188.7, 172.217.168.10, 172.217.168.67, 173.194.188.198, 172.217.168.72, 172.217.168.74, 172.217.168.78, 216.58.215.238, 216.58.215.234, 172.217.168.3
  • Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, www.googleadservices.com, android.googleapis.com, fonts.gstatic.com, mobile-gtalk.l.google.com, r1.sn-4g5ednsd.gvt1.com, pagead2.googlesyndication.com, r1---sn-4g5ednsd.gvt1.com, connectivitycheck.gstatic.com, ssl.google-analytics.com, youtubei.googleapis.com, firebaseinstallations.googleapis.com, youtube-ui.l.google.com, phonedeviceverification-pa.googleapis.com, dl.google.com, cloudconfig.googleapis.com, play.googleapis.com, r2---sn-4g5edns7.gvt1.com, ssl-google-analytics.l.google.com, www.gstatic.com, digitalassetlinks.googleapis.com, r2.sn-4g5edns7.gvt1.com, mtalk.google.com
  • No interacted views
  • Not all executed log events are in report (maximum 10 identical API calls)
  • Not all non-executed APIs are in report
  • Not all resource files were parsed
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size exceeded maximum capacity and may have missing dynamic data code.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold680 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification Spiderchart

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsObfuscated Files or Information1Credential DumpingSystem Network Connections Discovery1Application Deployment SoftwareAccess Contact List1Data CompressedStandard Cryptographic Protocol1Exploit SS7 to Redirect Phone Calls/SMS1Remotely Track Device Without AuthorizationGenerate Fraudulent Advertising Revenue2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingSystem Network Configuration Discovery2Remote ServicesLocation Tracking1Exfiltration Over Other Network MediumStandard Non-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDelete Device Data1
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureLocation Tracking1Windows Remote ManagementNetwork Information Discovery1Automated ExfiltrationStandard Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsPremium SMS Toll Fraud1
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesSystem Information Discovery2Logon ScriptsAccess Calendar Entries1Data EncryptedMultiband CommunicationSIM Card SwapPremium SMS Toll Fraud
Exploit Public-Facing ApplicationCommand-Line InterfaceShortcut ModificationFile System Permissions WeaknessMasqueradingAccount ManipulationProcess Discovery1Shared WebrootData StagedScheduled TransferStandard Cryptographic ProtocolManipulate Device CommunicationManipulate App Store Rankings or Ratings

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for sampleShow sources
Source: SpLW6lfIV3Avira: detection malicious, Label: SPR/ANDR.SMSreg.CG.Gen
Multi AV Scanner detection for submitted fileShow sources
Source: SpLW6lfIV3Virustotal: Detection: 19%Perma Link
Source: SpLW6lfIV3ReversingLabs: Detection: 20%

Location Tracking:

barindex
Queries the phones location (GPS)Show sources
Source: com.flurry.android.FlurryAgent;->d:789API Call: android.location.LocationManager.getLastKnownLocation
Source: com.flurry.android.FlurryAgent;->i:862API Call: android.location.Location.getLatitude
Source: com.flurry.android.FlurryAgent;->i:866API Call: android.location.Location.getLongitude
Source: com.inmobi.androidsdk.impl.UserInfo;->Y:31API Call: android.location.LocationManager.getLastKnownLocation
Source: com.inmobi.androidsdk.impl.UserInfo;->Z:64API Call: android.location.LocationManager.getLastKnownLocation
Source: com.inmobi.androidsdk.impl.UserInfo;->a:66API Call: android.location.Location.getLatitude
Source: com.inmobi.androidsdk.impl.UserInfo;->a:67API Call: android.location.Location.getLongitude
Source: com.mopub.mobileads.AdView;->s:286API Call: android.location.LocationManager.getLastKnownLocation
Source: com.mopub.mobileads.AdView;->s:288API Call: android.location.LocationManager.getLastKnownLocation
Source: com.mopub.mobileads.AdView;->s:292API Call: android.location.Location.getLatitude
Source: com.mopub.mobileads.AdView;->s:297API Call: android.location.Location.getLongitude
Source: com.mopub.mobileads.AdView;->t:348API Call: android.location.Location.getLatitude
Source: com.mopub.mobileads.AdView;->t:353API Call: android.location.Location.getLongitude
Source: com.google.ads.util.AdUtil;->a:32API Call: android.location.Location.getLatitude
Source: com.google.ads.util.AdUtil;->a:34API Call: android.location.Location.getLongitude

Spreading:

barindex
Accesses external storage locationShow sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->hasSDCard:684API Call: android.os.Environment.getExternalStorageDirectory
Source: com.gameloft.android.GAND.GloftMBHP.Game;->hasSDCard:685API Call: android.os.Environment.getExternalStorageState
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->hasSDCard:632API Call: android.os.Environment.getExternalStorageState
Source: com.jirbo.adcolony.AdManager;->a:209API Call: android.os.Environment.getExternalStorageState
Source: com.jirbo.adcolony.AdManager;->a:215API Call: android.os.Environment.getExternalStorageDirectory
Source: com.inmobi.androidsdk.impl.MemoryStatus;->externalMemoryAvailable:2API Call: android.os.Environment.getExternalStorageState
Source: com.inmobi.androidsdk.impl.MemoryStatus;->getTotalExternalMemorySize:13API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoodUtil;-><init>:17API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoodUtil$DownloadVirtualGoodTask;->b:174API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoodsData$TJCUtility;->externalFreeMemorySize:2API Call: android.os.Environment.getExternalStorageState
Source: com.tapjoy.TJCVirtualGoodsData$TJCUtility;->externalFreeMemorySize:5API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoodsData;-><init>:10API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoodsData;->extractZipFileToFolder:111API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoodsData;->a:521API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoods;->access$600:1153API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TJCVirtualGoods;->b:1489API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TapjoyVideo;->a:118API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TapjoyVideo;->a:125API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TapjoyVideo;->a:132API Call: android.os.Environment.getExternalStorageDirectory
Source: com.tapjoy.TapjoyVideo;->a:185API Call: android.os.Environment.getExternalStorageState
Source: com.tapjoy.TapjoyVideo;->a:193API Call: android.os.Environment.getExternalStorageState
Source: com.tapjoy.br;->run:85API Call: android.os.Environment.getExternalStorageDirectory

Networking:

barindex
Checks an internet connection is availableShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->IsConnectionReady:87API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->IsConnectionReady:88API Call: android.net.NetworkInfo.getState
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->IsWifiDisabling:91API Call: android.net.wifi.WifiManager.getWifiState
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->IsWifiEnable:95API Call: android.net.wifi.WifiManager.getWifiState
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->IsWifiEnabling:97API Call: android.net.wifi.WifiManager.getWifiState
Source: com.gameloft.android.GAND.GloftMBHP.Game;->HasNetworkConnection:342API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.gameloft.android.GAND.GloftMBHP.Game;->HasNetworkConnection:343API Call: android.net.NetworkInfo.isConnected
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getMac:617API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.gameloft.android.GAND.GloftMBHP.Game;->isWifiEnabled:743API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->getMac:185API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.gameloft.android.GAND.GloftMBHP.iab.CustomizeDialog;-><init>:152API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.gameloft.android.GAND.GloftMBHP.iab.CustomizeDialog;->IsValidConnection:211API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->r:1272API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->r:1274API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->r:1275API Call: android.net.NetworkInfo.isConnected
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->r:1277API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->s:1281API Call: android.net.wifi.WifiManager.isWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->s:1293API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->t:1314API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->t:1319API Call: android.net.NetworkInfo.isConnected
Source: com.jirbo.adcolony.NetworkStatus;->usingMobileNetwork:12API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.jirbo.adcolony.NetworkStatus;->usingWiFiNetwork:17API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:138API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:155API Call: android.net.NetworkInfo.isAvailable
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:156API Call: android.net.NetworkInfo.isConnected
Source: com.inmobi.androidsdk.impl.UserInfo;->ab:189API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.inmobi.androidsdk.impl.UserInfo;->a:360API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.tapjoy.TapjoyConnectCore;->getParamsWithoutAppID:284API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.tapjoy.TapjoyConnectCore;->getParamsWithoutAppID:285API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.ads.util.AdUtil;->d:177API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Enables or disables WIFIShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->DisableWifi:26API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->EnableWifi:28API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.Game;->enableWifi:544API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.Game;->enableWifi:546API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->s:1283API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->run:2045API Call: android.net.wifi.WifiManager.setWifiEnabled
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->run:2056API Call: android.net.wifi.WifiManager.setWifiEnabled
Loads a webpage with cache disabledShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->onCreate:457API Call: android.webkit.WebSettings.setCacheMode
Opens an internet connectionShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:93API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:168API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:194API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:272API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->fetchImage:282API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.FacebookFacade;->GetBytesUrl:8API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.TwUtil;->openUrl:74API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.Util;->openUrl:78API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->getHttpsURLConnection:529API Call: java.net.URL.openConnection (not executed)
Source: .e;->run:59API Call: java.net.URL.openConnection (not executed)
Source: .p;->run:11API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.iab.InAppBilling;->IsInternetAvaliable:7API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.iab.InAppBilling;->handleOperations:185API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.installer.f;->run:4API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.HttpClient;->d:13API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.HttpClient;->a:20API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.HttpClient;->a:33API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.HttpClient;->b:70API Call: java.net.URL.openConnection (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.g;->run:15API Call: java.net.URL.openConnection (not executed)
Source: com.jirbo.adcolony.DataDownloader;->run:8API Call: java.net.URL.openConnection (not executed)
Source: com.google.ads.InstallReceiver;->onReceive:102API Call: java.net.URL.openConnection (not executed)
Source: oauth.signpost.basic.DefaultOAuthProvider;->createRequest:5API Call: java.net.URL.openConnection (not executed)
Source: com.inmobi.androidsdk.impl.c;->a:84API Call: java.net.URL.openConnection (not executed)
Source: com.inmobi.androidsdk.impl.net.b;->run:11API Call: java.net.URL.openConnection (not executed)
Source: com.inmobi.androidsdk.impl.net.RequestResponseManager;->setupConnection:246API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.TJCVirtualGoodUtil$DownloadVirtualGoodTask;->b:194API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.TapjoyURLConnection;->connectToURL:10API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.TapjoyURLConnection;->getContentLength:68API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.ak;->run:5API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.ak;->run:10API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.bs;->run:5API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.bt;->run:5API Call: java.net.URL.openConnection (not executed)
Source: com.tapjoy.bz;->a:6API Call: java.net.URL.openConnection (not executed)
Performs DNS lookups (Java API)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:88API Call: java.net.InetAddress.getByName (not executed)
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:189API Call: java.net.InetAddress.getByName (not executed)
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.14
Found strings which match to known social media urlsShow sources
Source: libMIB3.soString found in binary or memory: OnSeshatGetDataSendGetFriendsDataSendStoreDataHandleResponse13SeshatManager10CSingletonI13SeshatManagerEN9GLBaseLib16MemberFuncWraperIP13SeshatManagerMS1_FvRNS_15EventDispatcherERNS_8GLXEventEEEEandroid tweetFollower: {"id":"100001847080922","name":"San Zhang","first_name":"San","last_name":"Zhang","link":"http://www.facebook.com/profile.php?id=100001847080922","birthday":"11/11/1980","gender":"male","timezone":8,"locale":"en_US"}sfx_ambient_hqm_hq1328sfx_menu_btn_confirm_02sfx_room_placedsfx_menu_btn_negativeGS_BaseMode EnterState equals www.facebook.com (Facebook)
Source: androidString found in binary or memory: http://www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: libMIB3.soString found in binary or memory: {"id":"100001847080922","name":"San Zhang","first_name":"San","last_name":"Zhang","link":"http://www.facebook.com/profile.php?id=100001847080922","birthday":"11/11/1980","gender":"male","timezone":8,"locale":"en_US"} equals www.facebook.com (Facebook)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.youtube.com
Urls found in memory or binary dataShow sources
Source: androidString found in binary or memory: http://a.admob.com/f0?
Source: androidString found in binary or memory: http://ad.flurry.com/getAndroidApp.do
Source: androidString found in binary or memory: http://ad.flurry.com/getCanvas.do
Source: androidString found in binary or memory: http://ads.mopub.com/
Source: androidString found in binary or memory: http://ads.mopub.com/m/ad
Source: androidString found in binary or memory: http://ads.mopub.com/m/imp
Source: androidString found in binary or memory: http://code.google.com/p/android/issues/detail?id=10789
Source: libMIB3.soString found in binary or memory: http://confirmation.gameloft.com/partners/offline_ingame/item_list.php
Source: libMIB3.soString found in binary or memory: http://confirmation.gameloft.com/partners/offline_ingame/item_list.phpproductplatformandroid12PriceM
Source: androidString found in binary or memory: http://data.flurry.com/aap.do
Source: androidString found in binary or memory: http://dl.dropbox.com/u/30899852/mraid/inmobi_mraid.js
Source: androidString found in binary or memory: http://dl.dropbox.com/u/30899852/mraid/inmobi_mraid_bridge.js
Source: androidString found in binary or memory: http://dl.gameloft.com
Source: data.txt, androidString found in binary or memory: http://dl.gameloft.com/partners/androidmarket/d.cdn.php
Source: libMIB3.soString found in binary or memory: http://dl.gameloft.com/partners/apple_assets/d.php?model=iphone&product=1328&version=0
Source: libMIB3.soString found in binary or memory: http://dl.gameloft.com/partners/apple_assets/d.php?model=iphone&product=1328&version=0Download
Source: libMIB3.soString found in binary or memory: http://gllive.gameloft.com/ope/ServerConfig.php
Source: androidString found in binary or memory: http://gllive.gameloft.com/productfiles/1328/wall/
Source: androidString found in binary or memory: http://gloft.co/
Source: androidString found in binary or memory: http://i.w.inmobi.com/showad.asm
Source: androidString found in binary or memory: http://i.w.sandbox.inmobi.com/showad.asm
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/?from
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/?from=
Source: libMIB3.soString found in binary or memory: http://ingameads.gameloft.com/redir/?from=MBHM&op=ANMP&ctg=SUPPORT
Source: libMIB3.soString found in binary or memory: http://ingameads.gameloft.com/redir/?from=MBHM&op=ANMP&ctg=SUPPORTshop_top10shop_facilitiesshop_stru
Source: libMIB3.soString found in binary or memory: http://ingameads.gameloft.com/redir/?from=MBHM&op=ANMP&game=MBHM
Source: libMIB3.soString found in binary or memory: http://ingameads.gameloft.com/redir/?from=MBHM&op=ANMP&game=MBHMappDestroy
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/?from=MBHP&op=FVGL&game=MBHP&ctg=FBOOK
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/ads/ads_server_view.php?from=GAME_CODE&lg=LANGUAGE&udid=UDID&d=D
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/ads/splashscreen_click.php
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/ads/splashscreen_view.php?from=FROM&country=COUNTRY&lg=LANG&udid
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/ads_capping.php?game=GAME_CODE&udid=UDID
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/ads_server.php?game_code=GAME_CODE&udid=UDID&d=DEVICE_NAME&f=FIR
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/android/index.php?page=gameinformation
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/freemium/hdfreemium.php?from=GAME_CODE&country=COUNTRY_DETECTED&
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/hdloading.php
Source: androidString found in binary or memory: http://ingameads.gameloft.com/redir/hdloading.php?game=#GAME#&country=#COUNTRY#&lg=#LANG#&ver=#IGP_V
Source: boku.es_es.xmlString found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: androidString found in binary or memory: http://ma.inmobi.com/downloads/trackerV1?adv_id=
Source: androidString found in binary or memory: http://schemas.android.com/apk/lib/com.google.ads
Source: iab_layout_login_wrong_email_password.xml, data_downloader_button_selector.xml, androidString found in binary or memory: http://schemas.android.com/apk/res/android
Source: androidString found in binary or memory: http://signal-back.com
Source: androidString found in binary or memory: http://twitter.com/statuses/update.xml
Source: androidString found in binary or memory: http://vgold.gameloft.com:20000
Source: androidString found in binary or memory: http://vgold.gameloft.com:20000/locate?service=
Source: libMIB3.soString found in binary or memory: http://vgold.gameloft.com:20001
Source: libMIB3.soString found in binary or memory: http://vgold.gameloft.com:20001/config/asset_uploadteam_roomcapacitypeer_to_peer_roomgame_startedlob
Source: androidString found in binary or memory: http://wapshop.gameloft.com
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=serve&action=adConfig
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=tracking&action=appTrack
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidContinueTrack
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidDownloadTrack
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidImpressionTrack
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidInfoTrack
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidRequestTrack
Source: androidString found in binary or memory: http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidStartTrack
Source: androidString found in binary or memory: http://www.adtilt.com/clients/skins/resource_json_iphone.json
Source: gen_rules_dutch.txtString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: androidString found in binary or memory: http://www.boku.com/about/privacy
Source: androidString found in binary or memory: http://www.boku.com/about/terms
Source: androidString found in binary or memory: http://www.boku.com/support
Source: androidString found in binary or memory: http://www.google.com
Source: androidString found in binary or memory: http://www.gstatic.com/afma/sdk-core-v40.js
Source: androidString found in binary or memory: http://www.inmobi.com/
Source: libMIB3.soString found in binary or memory: http://www.openssl.org/support/faq.html
Source: libMIB3.soString found in binary or memory: http://www.openssl.org/support/faq.html/var/run/egd-pool/dev/egd-pool/etc/egd-pool/etc/entropy/dev/u
Source: androidString found in binary or memory: http://www.youtube.com/watch?v=
Source: androidString found in binary or memory: https://api.twitter.com/1
Source: androidString found in binary or memory: https://api.twitter.com/oauth/access_token
Source: androidString found in binary or memory: https://api.twitter.com/oauth/authorize
Source: androidString found in binary or memory: https://api.twitter.com/oauth/request_token
Source: androidString found in binary or memory: https://data.flurry.com/aap.do
Source: androidString found in binary or memory: https://livewebapp.gameloft.com/glive3d/?udid=UDID&lg=LANG&d=DEVICE_ANDROID&f=FIRMWARE_ANDROID&appty
Source: androidString found in binary or memory: https://livewebapp.gameloft.com/scripts/ckecklogin.php?identifier=UDID&lg=LANG
Source: androidString found in binary or memory: https://livewebapp.gameloft.com/scripts/settings.php
Source: androidString found in binary or memory: https://market.android.com/details?id=
Source: androidString found in binary or memory: https://s3.amazonaws.com/tapjoy/videos/assets/background.png
Source: androidString found in binary or memory: https://s3.amazonaws.com/tapjoy/videos/assets/default.png
Source: androidString found in binary or memory: https://s3.amazonaws.com/tapjoy/videos/assets/watermark.png
Source: androidString found in binary or memory: https://secure.gameloft.com/android/3g_carrier.php
Source: androidString found in binary or memory: https://secure.gameloft.com/freemium/wapbilling/validate.php
Source: androidString found in binary or memory: https://secure.gameloft.com/partners/android/update_check.php
Source: androidString found in binary or memory: https://secure.gameloft.com/tryandbuy/notifications/
Source: libMIB3.soString found in binary or memory: https://tuna.gameloft.org/
Source: androidString found in binary or memory: https://ws.tapjoyads.com/
Source: androidString found in binary or memory: https://ws.tapjoyads.com/connect?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/display_ad?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/get_offers/featured?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/get_offers/webpage?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/get_vg_store_items/user_account?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/points/award?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/points/spend?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/set_publisher_user_id?
Source: androidString found in binary or memory: https://ws.tapjoyads.com/videos?
Uses HTTP for connecting to the internetShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->fetchImage:284API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->getHttpResponse:290API Call: org.apache.http.client.HttpClient.execute
Source: com.gameloft.android.GAND.GloftMBHP.AdServer;->getHttpResponse:57API Call: org.apache.http.client.HttpClient.execute
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->getHttpResponse:161API Call: org.apache.http.client.HttpClient.execute
Source: com.gameloft.android.GAND.GloftMBHP.Twitter;->a:52API Call: org.apache.http.client.HttpClient.execute
Source: com.gameloft.android.GAND.GloftMBHP.TwUtil;->openUrl:120API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.Util;->openUrl:124API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->GetPandoraURLService:77API Call: org.apache.http.client.HttpClient.execute
Source: .e;->run:71API Call: java.net.HttpURLConnection.connect
Source: .p;->run:15API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.iab.InAppBilling;->IsInternetAvaliable:9API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.installer.f;->run:5API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.HttpClient;->a:26API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.HttpClient;->a:50API Call: java.net.HttpURLConnection.connect
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.HttpClient;->b:76API Call: java.net.HttpURLConnection.connect
Source: com.flurry.android.FlurryAgent;->a:390API Call: org.apache.http.client.HttpClient.execute
Source: com.flurry.android.u;->d:136API Call: org.apache.http.client.HttpClient.execute
Source: oauth.signpost.basic.DefaultOAuthProvider;->sendRequest:14API Call: java.net.HttpURLConnection.connect
Source: oauth.signpost.commonshttp.CommonsHttpOAuthProvider;->sendRequest:12API Call: org.apache.http.client.HttpClient.execute
Source: com.inmobi.androidsdk.ai.container.IMWebView;->recursiveGetCall:1038API Call: org.apache.http.client.HttpClient.execute
Source: com.inmobi.androidsdk.ai.controller.JSAssetController;->getHttpEntity:104API Call: org.apache.http.impl.client.DefaultHttpClient.execute
Source: j.a;->a:31API Call: org.apache.http.impl.client.DefaultHttpClient.execute
Source: com.mopub.mobileads.ag;->run:10API Call: org.apache.http.impl.client.DefaultHttpClient.execute
Source: com.mopub.mobileads.aj;->run:10API Call: org.apache.http.impl.client.DefaultHttpClient.execute
Source: com.mopub.mobileads.MraidView;->loadUrl:235API Call: org.apache.http.client.HttpClient.execute
Source: com.mopub.mobileads.au;->a:19API Call: org.apache.http.client.HttpClient.execute
Source: com.mopub.mobileads.v;->run:41API Call: org.apache.http.impl.client.DefaultHttpClient.execute
Source: com.tapjoy.TapjoyURLConnection;->connectToURL:14API Call: java.net.HttpURLConnection.connect
Source: com.tapjoy.TapjoyURLConnection;->connectToURLwithPOST:61API Call: org.apache.http.client.HttpClient.execute
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 47251 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44780
Source: unknownNetwork traffic detected: HTTP traffic on port 59458 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 44780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54978
Source: unknownNetwork traffic detected: HTTP traffic on port 38627 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47251
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54719
Source: unknownNetwork traffic detected: HTTP traffic on port 53325 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39235
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59458
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53325
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38627
Source: unknownNetwork traffic detected: HTTP traffic on port 54719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 39235 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54978 -> 443

E-Banking Fraud:

barindex
Loads a webpage with cache disabledShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->onCreate:457API Call: android.webkit.WebSettings.setCacheMode

Spam, unwanted Advertisements and Ransom Demands:

barindex
Dials phone numbersShow sources
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->a:100API Call: android.app.Activity.startActivity
Has permission to send SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.SEND_SMS
May dial phone numberShow sources
Source: com.google.ads.util.AdUtil;->e:206API Call: android.net.Uri.parse("tel://6509313940")
May use Google Cloud Messaging (GCM) or Google's Cloud to Device Messaging (C2DM) servicesShow sources
Source: submitted apkRequest permission: com.gameloft.android.GAND.GloftMBHP.permission.C2D_MESSAGE
Sends SMS using SmsManagerShow sources
Source: com.gameloft.android.GAND.GloftMBHP.iab.SMS;->sendSMS:22API Call: android.telephony.SmsManager.sendTextMessage
Source: com.gameloft.android.GAND.GloftMBHP.iab.SMS;->a:120API Call: android.telephony.SmsManager.sendTextMessage
Source: k.j;->a:12API Call: android.telephony.gsm.SmsManager.sendTextMessage
Source: k.k;->a:12API Call: android.telephony.SmsManager.sendTextMessage
Found advertisement frameworksShow sources
Source: Lcom/mopub/mobileads/AdView;->t()Ljava/lang/String;Method: Modpub https://www.mopub.com/
Source: Lcom/inmobi/androidsdk/ai/container/e;->onSensorChanged(Landroid/hardware/SensorEvent;)VMethod: INMOBI https://www.inmobi.com/
Loads advertisementShow sources
Source: androidString found in binary or memory: .admob.com
Source: androidString found in binary or memory: ads.mopub.com
Source: androidString found in binary or memory: http://a.admob.com/f0?
Source: androidString found in binary or memory: http://ads.mopub.com/
Source: androidString found in binary or memory: http://ads.mopub.com/m/ad
Source: androidString found in binary or memory: http://ads.mopub.com/m/imp
Source: androidString found in binary or memory: http://i.w.inmobi.com/showad.asm
Source: androidString found in binary or memory: http://i.w.sandbox.inmobi.com/showad.asm
Source: androidString found in binary or memory: http://ma.inmobi.com/downloads/trackerv1?adv_id=
Source: androidString found in binary or memory: http://www.inmobi.com/

Operating System Destruction:

barindex
Lists and deletes files in the same contextShow sources
Source: com.inmobi.androidsdk.ai.controller.JSAssetController;->deleteDirectory:81API Calls in same method context: File.listFiles,File.delete
Source: com.tapjoy.TapjoyUtil;->deleteFileOrDirectory:23API Calls in same method context: File.listFiles,File.delete
Source: com.jirbo.adcolony.Dir;->delete:7API Calls in same method context: File.listFiles,File.delete

Change of System Appearance:

barindex
Acquires a wake lockShow sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->keepScreenOn:758API Call: android.os.PowerManager$WakeLock.acquire
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->l:1110API Call: android.os.PowerManager$WakeLock.acquire
Source: com.google.android.c2dm.C2DMBaseReceiver;->runIntentInService:28API Call: android.os.PowerManager$WakeLock.acquire

System Summary:

barindex
Tries to change file permissions on the native system using chmodShow sources
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->makeLibExecutable:1137API Call: java.lang.Runtime.exec
Executes native commandsShow sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getCPUSerial:556API Call: java.lang.ProcessBuilder.start
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getCPUSerial:27API Call: java.lang.ProcessBuilder.start
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->makeLibExecutable:1130API Call: java.lang.Runtime.exec
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->makeLibExecutable:1137API Call: java.lang.Runtime.exec
Kills/terminates processesShow sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->Exit:67API Call: android.os.Process.killProcess
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onDestroy:1053API Call: android.os.Process.killProcess
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->Exit:156API Call: android.os.Process.killProcess
Requests potentially dangerous permissionsShow sources
Source: submitted apkRequest permission: android.permission.INTERNET
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Source: submitted apkRequest permission: android.permission.SEND_SMS
Source: submitted apkRequest permission: android.permission.WAKE_LOCK
Source: submitted apkRequest permission: android.permission.WRITE_EXTERNAL_STORAGE
Classification labelShow sources
Source: classification engineClassification label: mal68.spyw.evad.and@0/251@1/0
Creates SQLiteDatabase tableShow sources
Source: com.tapjoy.be;->onCreate:7API Call: android.database.sqlite.SQLiteDatabase.execSQL
Loads native librariesShow sources
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->setContext:197API Call: java.lang.System.loadLibrary ("MIB3")
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->run:2043API Call: java.lang.System.loadLibrary ("MIB3")
Reads shares settingsShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.SUtils;->getPreferenceString:105API Call: "SDFolder":
Source: com.google.android.c2dm.C2DMessaging;->getRegistrationId:24API Call: "dm_registration":
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.SUtils;->getPreferenceBoolean:90API Call: android.content.SharedPreferences.getBoolean
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.SUtils;->getPreferenceString:102API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->getPassword:312API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->getUsername:323API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.v;->onPageFinished:129API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getGLLivePwd:577API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getGLLiveUsr:593API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.MIB3Service;->onStart:84API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.MIB3Service;->onStart:87API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.MIB3Service;->onStart:90API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.MIB3Service;->onStart:145API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getPreferenceString:137API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getSavedInOtherPreferences:169API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.SessionStore;->restore:10API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.TwSessionStore;->restore:10API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.TwSessionStore;->restore:13API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->DeletePush:16API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.LocalPushManager;->LoadAlarmInfo:85API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->SendPush:179API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->SendPushToMyself:225API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->SendPushToMyself:227API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.Prefs;->isEnableLocal:21API Call: android.content.SharedPreferences.getBoolean
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.Prefs;->isEnableRemote:24API Call: android.content.SharedPreferences.getBoolean
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.Prefs;->isEnabled:27API Call: android.content.SharedPreferences.getBoolean
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->SetOnlineUserCredential:357API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.b;->a:6API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.b;->a:14API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.b;->a:19API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->deletePushFromServer:436API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.e;->a:14API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.e;->a:19API Call: android.content.SharedPreferences.getString
Source: com.gameloft.android.GAND.GloftMBHP.installer.Utils;->getPreferenceBoolean:10API Call: android.content.SharedPreferences.getBoolean
Source: com.gameloft.android.GAND.GloftMBHP.installer.Utils;->getPreferenceString:21API Call: android.content.SharedPreferences.getString
Source: com.inmobi.androidsdk.IMSDKUtil;->sendAppTrackerConversion:14API Call: android.content.SharedPreferences.getString
Source: com.mopub.mobileads.MoPubConversionTracker;->a:16API Call: android.content.SharedPreferences.getBoolean
Source: com.inmobi.androidsdk.impl.net.RequestResponseManager;->a:108API Call: android.content.SharedPreferences.getString
Source: com.inmobi.androidsdk.impl.net.RequestResponseManager;->access$0:148API Call: android.content.SharedPreferences.getString
Source: com.inmobi.androidsdk.impl.net.RequestResponseManager;->b:163API Call: android.content.SharedPreferences.getString
Source: com.tapjoy.TJCVirtualGoodsData;-><init>:26API Call: android.content.SharedPreferences.getString
Source: com.tapjoy.TapjoyConnectCore;->init:396API Call: android.content.SharedPreferences.getString
Source: com.tapjoy.TapjoyConnectCore;->init:419API Call: android.content.SharedPreferences.getString
Registers a Sensor listener (to get data about accelerometer, gyrometer etc.)Show sources
Source: com.inmobi.androidsdk.ai.container.IMWebView;->D:85API Call: android.hardware.SensorManager.registerListener
Source: com.inmobi.androidsdk.ai.container.IMWebView;->a:279API Call: android.hardware.SensorManager.registerListener
Source: com.inmobi.androidsdk.ai.container.IMWebView;->access$4:741API Call: android.hardware.SensorManager.registerListener
Source: com.inmobi.androidsdk.ai.container.IMWebView;->b:875API Call: android.hardware.SensorManager.registerListener
Source: com.inmobi.androidsdk.ai.container.IMWebView;->n:1862API Call: android.hardware.SensorManager.registerListener

Data Obfuscation:

barindex
Found very long method stringsShow sources
Source: Lcom/inmobi/androidsdk/ai/container/a;->onPageFinished(Landroid/webkit/WebView;Ljava/lang/String;)VMethod string: (function(){var c=window.mraidview={},f={},g=[],j=!1;c.fireReadyEvent=function(){var b=f.ready;if(null!=b)for(var a=0;a<b.length;a++)b[a]();return\"OK\"};c.fireStateChangeEvent=function(b){var a=f.stateChange;if(null!=a)for(var d=0;d<a.length;d++)a[d](b); Length: 8401
Source: Lcom/inmobi/androidsdk/ai/container/a;->onPageFinished(Landroid/webkit/WebView;Ljava/lang/String;)VMethod string: (function(){var c=window.mraid={};c.STATES={LOADING:\"loading\",DEFAULT:\"default\",RESIZED:\"resized\",EXPANDED:\"expanded\",HIDDEN:\"hidden\"};var d=c.EVENTS={READY:\"ready\",ERROR:\"error\",STATECHANGE:\"stateChange\",VIEWABLECHANGE:\"viewableChange\", Length: 6112
Source: Lcom/inmobi/androidsdk/ai/container/a;->onLoadResource(Landroid/webkit/WebView;Ljava/lang/String;)VMethod string: (function(){var c=window.mraidview={},f={},g=[],j=!1;c.fireReadyEvent=function(){var b=f.ready;if(null!=b)for(var a=0;a<b.length;a++)b[a]();return\"OK\"};c.fireStateChangeEvent=function(b){var a=f.stateChange;if(null!=a)for(var d=0;d<a.length;d++)a[d](b); Length: 8401
Source: Lcom/inmobi/androidsdk/ai/container/a;->onLoadResource(Landroid/webkit/WebView;Ljava/lang/String;)VMethod string: (function(){var c=window.mraid={};c.STATES={LOADING:\"loading\",DEFAULT:\"default\",RESIZED:\"resized\",EXPANDED:\"expanded\",HIDDEN:\"hidden\"};var d=c.EVENTS={READY:\"ready\",ERROR:\"error\",STATECHANGE:\"stateChange\",VIEWABLECHANGE:\"viewableChange\", Length: 6112
Obfuscates method namesShow sources
Source: SpLW6lfIV3Total valid method names: 31%
Uses reflectionShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->d1:129API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.AdServer;->a:45API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getSerialNo:675API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getSerialNo:181API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->getSerialNo:198API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.BokuIABActivity;->sendConfirmation:84API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.BokuIABActivity;->onActivityResult:128API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.BokuIABActivity;->onActivityResult:163API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.BokuIABActivity;->onActivityResult:202API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.CustomizeDialog;->onClick:287API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.GLOFTHelper;->d:395API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.GLOFTHelper;->e:456API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.GLOFTHelper;->e:512API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.InAppBilling;->handleOperations:250API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ab;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ad;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ae;->onClick:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.InAppBillingActivity;->c:611API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ag;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.aj;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.an;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ao;->onClick:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.aq;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ar;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.at;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.au;->onClick:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.av;->onClick:35API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.aw;->onClick:35API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ax;->onClick:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.ay;->onClick:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.bk;->onClick:75API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.bo;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.c;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.d;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.g;->run:75API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.t;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.y;->onCancel:33API Call: java.lang.reflect.Method.invoke
Source: com.gameloft.android.GAND.GloftMBHP.iab.z;->run:71API Call: java.lang.reflect.Method.invoke
Source: com.jirbo.adcolony.AdColony;->hasLargeMemory:117API Call: java.lang.reflect.Method.invoke
Source: com.inmobi.androidsdk.ai.controller.JSController$ReflectedParcelable;-><init>:19API Call: java.lang.reflect.Field.get
Source: com.inmobi.androidsdk.ai.controller.JSController$ReflectedParcelable;->writeToParcel:30API Call: java.lang.reflect.Field.get
Source: com.inmobi.androidsdk.ai.controller.JSController$ReflectedParcelable;->writeToParcel:35API Call: java.lang.reflect.Field.get
Source: com.inmobi.androidsdk.ai.controller.JSController$ReflectedParcelable;->writeToParcel:39API Call: java.lang.reflect.Field.get
Source: com.mopub.mobileads.p;->a:24API Call: java.lang.reflect.Method.invoke

Persistence and Installation Behavior:

barindex
Launches other applicationsShow sources
Source: com.gameloft.android.GAND.GloftMBHP.m;->shouldOverrideUrlLoading:42API Call: android.content.pm.PackageManager.getLaunchIntentForPackage
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->access$2600:188API Call: android.content.pm.PackageManager.getLaunchIntentForPackage
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->b:236API Call: android.content.pm.PackageManager.getLaunchIntentForPackage
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->LaunchPackage:74API Call: android.content.pm.PackageManager.getLaunchIntentForPackage
Creates filesShow sources
Source: com.gameloft.android.GAND.GloftMBHP.MIB3Service;->a:10API Call: com.gameloft.android.GAND.GloftMBHP.MIB3Service.openFileOutput
Source: com.jirbo.adcolony.AdColony;->openPrivateOutputFile:143API Call: android.app.Activity.openFileOutput

Boot Survival:

barindex
Has permission to execute code after phone rebootShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_BOOT_COMPLETED
Installs a new wake lock (to get activate on phone screen on)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onCreate:1030API Call: android.os.PowerManager.newWakeLock
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->l:1106API Call: android.os.PowerManager.newWakeLock
Source: com.google.android.c2dm.C2DMBaseReceiver;->runIntentInService:26API Call: android.os.PowerManager.newWakeLock
Starts/registers a service/receiver on phone boot (autostart)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.BootUpReceiver;->onReceive:3API Call: com.gameloft.android.GAND.GloftMBHP.Game.startService("Intent { cmp=com.gameloft.android.GAND.GloftMBHP/.MIB3Service }")

Hooking and other Techniques for Hiding and Protection:

barindex
Queries list of running processes/tasksShow sources
Source: com.jirbo.adcolony.y;->run:17API Call: android.app.ActivityManager.getRunningAppProcesses
Uses Crypto APIsShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Encrypter;->crypt:16API Call: javax.crypto.Cipher.getInstance
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Encrypter;->crypt:17API Call: javax.crypto.Cipher.init
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Encrypter;->crypt:19API Call: javax.crypto.Cipher.doFinal
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Encrypter;->decrypt:27API Call: javax.crypto.Cipher.getInstance
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Encrypter;->decrypt:28API Call: javax.crypto.Cipher.init
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Encrypter;->decrypt:30API Call: javax.crypto.Cipher.doFinal
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.AModelActivity;->md5:21API Call: java.security.MessageDigest.getInstance
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.AModelActivity;->md5:23API Call: java.security.MessageDigest.update
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.AModelActivity;->md5:24API Call: java.security.MessageDigest.digest
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:15API Call: javax.crypto.Cipher.getInstance
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:18API Call: javax.crypto.Cipher.init
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:20API Call: javax.crypto.Cipher.getInstance
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:23API Call: javax.crypto.Cipher.init
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:90API Call: javax.crypto.Cipher.getInstance
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:93API Call: javax.crypto.Cipher.init
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:95API Call: javax.crypto.Cipher.getInstance
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;-><init>:98API Call: javax.crypto.Cipher.init
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;->decryptBase64:166API Call: javax.crypto.Cipher.doFinal
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;->getRawKey:175API Call: javax.crypto.KeyGenerator.generateKey
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;->a:201API Call: javax.crypto.Cipher.doFinal
Source: com.gameloft.android.GAND.GloftMBHP.billing.common.StringEncrypter;->b:208API Call: javax.crypto.Cipher.doFinal
Source: com.jirbo.adcolony.DataDownloader;->run:18API Call: java.security.MessageDigest.getInstance
Source: com.jirbo.adcolony.DataDownloader;->run:34API Call: java.security.MessageDigest.update
Source: com.jirbo.adcolony.DataDownloader;->run:57API Call: java.security.MessageDigest.digest
Source: com.inmobi.androidsdk.ai.controller.JSAssetController;->asHex:19API Call: java.security.MessageDigest.digest
Source: com.inmobi.androidsdk.ai.controller.JSAssetController;->a:145API Call: java.security.MessageDigest.getInstance
Source: com.inmobi.androidsdk.ai.controller.JSAssetController;->a:148API Call: java.security.MessageDigest.update
Source: org.apache.commons.codec.digest.DigestUtils;->digest:3API Call: java.security.MessageDigest.update
Source: org.apache.commons.codec.digest.DigestUtils;->digest:5API Call: java.security.MessageDigest.digest
Source: org.apache.commons.codec.digest.DigestUtils;->getDigest:7API Call: java.security.MessageDigest.getInstance
Source: org.apache.commons.codec.digest.DigestUtils;->md5:25API Call: java.security.MessageDigest.digest
Source: org.apache.commons.codec.digest.DigestUtils;->sha:37API Call: java.security.MessageDigest.digest
Source: org.apache.commons.codec.digest.DigestUtils;->sha256:43API Call: java.security.MessageDigest.digest
Source: org.apache.commons.codec.digest.DigestUtils;->sha384:55API Call: java.security.MessageDigest.digest
Source: org.apache.commons.codec.digest.DigestUtils;->sha512:67API Call: java.security.MessageDigest.digest
Source: k.b;->a:53API Call: java.security.MessageDigest.getInstance
Source: k.b;->a:54API Call: java.security.MessageDigest.update
Source: k.b;->a:55API Call: java.security.MessageDigest.digest
Source: com.mopub.mobileads.Utils;->sha1:3API Call: java.security.MessageDigest.getInstance
Source: com.mopub.mobileads.Utils;->sha1:5API Call: java.security.MessageDigest.update
Source: com.mopub.mobileads.Utils;->sha1:6API Call: java.security.MessageDigest.digest
Source: com.tapjoy.TapjoyUtil;->SHA256:3API Call: java.security.MessageDigest.getInstance
Source: com.tapjoy.TapjoyUtil;->SHA256:7API Call: java.security.MessageDigest.update
Source: com.tapjoy.TapjoyUtil;->SHA256:8API Call: java.security.MessageDigest.digest
Source: com.google.ads.util.AdUtil;->a:47API Call: java.security.MessageDigest.getInstance
Source: com.google.ads.util.AdUtil;->a:50API Call: java.security.MessageDigest.update
Source: com.google.ads.util.AdUtil;->a:52API Call: java.security.MessageDigest.digest
Source: com.google.ads.util.AdUtil;->b:95API Call: javax.crypto.Cipher.getInstance
Source: com.google.ads.util.AdUtil;->b:98API Call: javax.crypto.Cipher.init
Source: com.google.ads.util.AdUtil;->b:101API Call: javax.crypto.Cipher.doFinal
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->blockCipher:2API Call: javax.crypto.Cipher.doFinal
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->blockCipher:4API Call: javax.crypto.Cipher.doFinal
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->createMessageDigest:20API Call: java.security.MessageDigest.getInstance
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->createMessageDigest:22API Call: java.security.MessageDigest.update
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->createMessageDigest:23API Call: java.security.MessageDigest.digest
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->encryptRSA:40API Call: javax.crypto.Cipher.getInstance
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->encryptRSA:41API Call: javax.crypto.Cipher.init
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->getODIN1:52API Call: java.security.MessageDigest.getInstance
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->getODIN1:54API Call: java.security.MessageDigest.update
Source: com.inmobi.androidsdk.ai.controller.util.Utils;->getODIN1:55API Call: java.security.MessageDigest.digest

Malware Analysis System Evasion:

barindex
Tries to detect the analysis device (e.g. the Android emulator)Show sources
Source: Lcom/tapjoy/TapjoyConnectCore;->init()VMethod string: "EMULATOR"
Accesses /procShow sources
Source: Lcom/gameloft/android/GAND/GloftMBHP/installer/GameInstaller;->u()Ljava/util/Vector;Method string: "/proc/mounts"
Source: Lcom/gameloft/android/GAND/GloftMBHP/Game;->GetPhoneInfo()VMethod string: "/proc/cpuinfo"
Accesses android OS build fieldsShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->getDevice:163Field Access: android.os.Build.DEVICE
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->getDeviceId:165Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->getDeviceId:166Field Access: android.os.Build.DEVICE
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->getHostName:171Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->getHostName:175Field Access: android.os.Build.PRODUCT
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->getPhoneModel:190Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:117Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.HTTP;->run:218Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.SUtils;->getPhoneDevice:84Field Access: android.os.Build.DEVICE
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.SUtils;->getPhoneManufacture:85Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.SUtils;->getPhoneModel:86Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.SUtils;->getPhoneProduct:87Field Access: android.os.Build.PRODUCT
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->a:56Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->a:60Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.GLiveHTML.GLLiveActivity;->a:65Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.AdServer$2;->run:4Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.AdServer$2;->run:8Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.AdServer$2;->run:11Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.AdServer$ShowBannerThread;->run:86Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.AdServer$ShowBannerThread;->run:90Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.AdServer$ShowBannerThread;->run:93Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.Game;->GetPhoneInfo:98Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.Game;->GetPhoneInfo:107Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.Game;->GetPhoneInfo:120Field Access: android.os.Build.DEVICE
Source: com.gameloft.android.GAND.GloftMBHP.Game;->GetPhoneInfo:124Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.Game;->GetPhoneInfo:128Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.IGPFreemiumActivity;->a:24Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.IGPFreemiumActivity;->a:28Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.IGPFreemiumActivity;->a:31Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.IGPFreemiumActivity;->onCreate:208Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.IGPFreemiumActivity;->onCreate:212Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.IGPFreemiumActivity;->onCreate:215Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.Game;->initAds:704Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getManufacturerModel:108Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getManufacturerModel:112Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onCreate:929Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onCreate:931Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onCreate:933Field Access: android.os.Build.PRODUCT
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onCreate:1008Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onCreate:1012Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.ac;->run:14Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.bo;->run:4Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.bp;->run:4Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.bo;->run:8Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.bp;->run:8Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.bo;->run:11Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.bp;->run:11Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.cg;->run:8Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.cg;->run:12Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.cg;->run:15Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->SetDeviceInfo:272Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.installer.Utils;->getPhoneDevice:7Field Access: android.os.Build.DEVICE
Source: com.gameloft.android.GAND.GloftMBHP.installer.Utils;->getPhoneModel:8Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->F:159Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->F:161Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.Tracking;->init:53Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.Tracking;->init:57Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.Tracking;->init:60Field Access: android.os.Build$VERSION.RELEASE
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->onTouchEvent:1664Field Access: android.os.Build.MANUFACTURER
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->onTouchEvent:1668Field Access: android.os.Build.MODEL
Source: com.gameloft.android.GAND.GloftMBHP.installer.GameInstaller;->onTouchEvent:1672Field Access: android.os.Build$VERSION.RELEASE
Source: com.jirbo.adcolony.AdColony;->configure:67Field Access: android.os.Build.MODEL
Source: com.jirbo.adcolony.z;->a:31Field Access: android.os.Build.MODEL
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:97Field Access: android.os.Build$VERSION.SDK
Source: com.flurry.android.am;->a:46Field Access: android.os.Build$VERSION.SDK
Source: com.flurry.android.FlurryAgent;->b:679Field Access: android.os.Build.MODEL
Source: com.flurry.android.FlurryAgent;->b:683Field Access: android.os.Build.BRAND
Source: com.flurry.android.FlurryAgent;->b:687Field Access: android.os.Build.ID
Source: com.flurry.android.FlurryAgent;->b:691Field Access: android.os.Build$VERSION.RELEASE
Source: com.flurry.android.FlurryAgent;->b:695Field Access: android.os.Build.DEVICE
Source: com.flurry.android.FlurryAgent;->b:699Field Access: android.os.Build.PRODUCT
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->a:27Field Access: android.os.Build$VERSION.SDK
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->a:44Field Access: android.os.Build$VERSION.SDK
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->b:299Field Access: android.os.Build$VERSION.SDK
Source: h.a;-><init>:15Field Access: android.os.Build$VERSION.SDK
Source: h.a;-><init>:19Field Access: android.os.Build.DEVICE
Source: h.a;-><init>:23Field Access: android.os.Build.BOARD
Source: h.a;-><init>:27Field Access: android.os.Build.BRAND
Source: h.a;-><init>:31Field Access: android.os.Build.MODEL
Source: com.inmobi.androidsdk.impl.UserInfo;->ab:77Field Access: android.os.Build.BRAND
Source: com.inmobi.androidsdk.impl.UserInfo;->ab:78Field Access: android.os.Build.MODEL
Source: com.inmobi.androidsdk.impl.UserInfo;->ab:79Field Access: android.os.Build.ID
Source: com.inmobi.androidsdk.impl.UserInfo;->ab:82Field Access: android.os.Build.ID
Source: com.inmobi.androidsdk.impl.UserInfo;->ab:83Field Access: android.os.Build$VERSION.RELEASE
Source: com.inmobi.androidsdk.impl.UserInfo;->ab:86Field Access: android.os.Build$VERSION.RELEASE
Source: com.inmobi.androidsdk.impl.UserInfo;->a:248Field Access: android.os.Build.BRAND
Source: com.inmobi.androidsdk.impl.UserInfo;->a:249Field Access: android.os.Build.MODEL
Source: com.inmobi.androidsdk.impl.UserInfo;->a:250Field Access: android.os.Build.ID
Source: com.inmobi.androidsdk.impl.UserInfo;->a:253Field Access: android.os.Build.ID
Source: com.inmobi.androidsdk.impl.UserInfo;->a:254Field Access: android.os.Build$VERSION.RELEASE
Source: com.inmobi.androidsdk.impl.UserInfo;->a:257Field Access: android.os.Build$VERSION.RELEASE
Source: com.mopub.mobileads.HTML5AdView;-><init>:3Field Access: android.os.Build$VERSION.SDK
Source: com.mopub.mobileads.MoPubView;-><init>:11Field Access: android.os.Build$VERSION.SDK
Source: com.mopub.mobileads.MoPubView;->a:49Field Access: android.os.Build$VERSION.SDK
Source: com.tapjoy.TapjoyConnectCore;->init:369Field Access: android.os.Build.MODEL
Source: com.tapjoy.TapjoyConnectCore;->init:370Field Access: android.os.Build.MANUFACTURER
Source: com.tapjoy.TapjoyConnectCore;->init:371Field Access: android.os.Build$VERSION.RELEASE
Source: com.tapjoy.TapjoyConnectCore;->init:388Field Access: android.os.Build$VERSION.SDK
Source: com.tapjoy.TapjoyConnectCore;->init:402Field Access: android.os.Build$VERSION.SDK
Source: com.tapjoy.TapjoyVideoView;->b:113Field Access: android.os.Build$VERSION.SDK
Source: com.tapjoy.TapjoyVideoView;->onCompletion:374Field Access: android.os.Build$VERSION.SDK
Source: com.tapjoy.TapjoyVideoView;->onCreate:626Field Access: android.os.Build$VERSION.SDK
Source: com.boku.mobile.android.ui.e;-><init>:13Field Access: android.os.Build$VERSION.SDK
Source: com.google.ads.util.AdUtil;-><clinit>:1Field Access: android.os.Build$VERSION.SDK
Source: com.google.ads.util.AdUtil;-><clinit>:6Field Access: android.os.Build$VERSION.SDK
Source: com.google.ads.util.AdUtil;->c:148Field Access: android.os.Build.BOARD
Source: com.google.ads.util.AdUtil;->c:151Field Access: android.os.Build.DEVICE
Source: com.google.ads.util.AdUtil;->c:154Field Access: android.os.Build.BRAND
Source: com.google.ads.util.AdUtil;->h:253Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.ads.util.AdUtil;->h:273Field Access: android.os.Build.MODEL
Source: com.google.ads.util.AdUtil;->h:277Field Access: android.os.Build.ID
Checks CPU detailsShow sources
Source: Lcom/gameloft/android/GAND/GloftMBHP/Game;->GetPhoneInfo()VMethod string: "/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq"
Source: Lcom/gameloft/android/GAND/GloftMBHP/Game;->GetPhoneInfo()VMethod string: "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq"
Source: Lcom/gameloft/android/GAND/GloftMBHP/Game;->GetPhoneInfo()VMethod string: "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq"
Checks partitionsShow sources
Source: Lcom/gameloft/android/GAND/GloftMBHP/installer/GameInstaller;->u()Ljava/util/Vector;Method string: "/proc/mounts"
Queries several sensitive phone informationsShow sources
Source: Lorg/apache/commons/codec/language/DoubleMetaphone;->conditionL0(Ljava/lang/String;I)ZMethod string: "os"
Source: Lcom/inmobi/androidsdk/impl/AdUnit;->adActionNamefromString(Ljava/lang/String;)Lcom/inmobi/androidsdk/impl/AdUnit$AdActionNames;Method string: "android"
Source: Lcom/boku/mobile/android/d;->b()Ljava/lang/String;Method string: "imsi"
Source: Lcom/jirbo/adcolony/AdManager$AdZoneInfo;->b()Ljava/lang/String;Method string: "type"
Source: Lcom/jirbo/adcolony/AdManager;->h()VMethod string: "version"
Source: Lcom/flurry/android/u;->a(Lcom/flurry/android/x;)Ljava/lang/String;Method string: "sid"
Source: Lcom/gameloft/android/GAND/GloftMBHP/installer/utils/j;->startElement(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Lorg/xml/sax/Attributes;)VMethod string: "manufacturer"
Source: Lcom/gameloft/android/GAND/GloftMBHP/Game;->isTablet()IMethod string: "phone"
Source: Lcom/inmobi/androidsdk/IMAdView;-><init>(Landroid/content/Context;Landroid/util/AttributeSet;)VMethod string: "appid"
Source: Lcom/gameloft/android/GAND/GloftMBHP/iab/bm;->run()VMethod string: "imei"
Source: Lcom/gameloft/android/GAND/GloftMBHP/installer/utils/j;->startElement(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Lorg/xml/sax/Attributes;)VMethod string: "model"
Source: Lq;->a(Ld;Ljava/util/HashMap;Landroid/webkit/WebView;)VMethod string: "time"
Source: Lh/a;-><init>(Landroid/content/ContentResolver;Landroid/net/NetworkInfo;)VMethod string: "sdk"
Source: Lh/a;-><init>(Landroid/content/ContentResolver;Landroid/net/NetworkInfo;)VMethod string: "brand"
Queries the unique operating system id (ANDROID_ID)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->d1:135API Call: android.provider.Settings$Secure.getString
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getAndroidID:551API Call: android.provider.Settings$Secure.getString
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getAndroidID:16API Call: android.provider.Settings$Secure.getString
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->getAndroidID:157API Call: android.provider.Settings$Secure.getString
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->b:234API Call: android.provider.Settings$Secure.getString
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.Tracking;->init:47API Call: android.provider.Settings$Secure.getString
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:172API Call: android.provider.Settings$Secure.getString
Source: h.a;-><init>:34API Call: android.provider.Settings$Secure.getString
Source: com.inmobi.androidsdk.impl.c;->b:14API Call: android.provider.Settings$Secure.getString
Source: com.inmobi.androidsdk.impl.UserInfo;->ac:226API Call: android.provider.Settings$Secure.getString
Source: com.mopub.mobileads.AdView;->t:326API Call: android.provider.Settings$Secure.getString
Source: com.mopub.mobileads.v;->run:23API Call: android.provider.Settings$Secure.getString
Source: com.tapjoy.TapjoyConnectCore;->init:362API Call: android.provider.Settings$Secure.getString
Source: com.google.ads.util.AdUtil;->a:21API Call: android.provider.Settings$Secure.getString
Tries to query CPU infoShow sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getCPUSerial:556API Call: java.lang.ProcessBuilder.start
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getCPUSerial:27API Call: java.lang.ProcessBuilder.start

Language, Device and Operating System Detection:

barindex
Queries the SIM provider ISO country codeShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:72API Call: android.telephony.TelephonyManager.getSimCountryIso
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getLocaleCountry:98API Call: android.telephony.TelephonyManager.getSimCountryIso
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:193API Call: android.telephony.TelephonyManager.getSimCountryIso
Queries the SIM provider name (SPN - Service Provider Name)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:57API Call: android.telephony.TelephonyManager.getSimOperatorName
Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:52API Call: android.telephony.TelephonyManager.getSimOperator
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:244API Call: android.telephony.TelephonyManager.getSimOperator
Queries the WIFI MAC addressShow sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getMac:618API Call: android.net.wifi.WifiInfo.getMacAddress
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->getMac:186API Call: android.net.wifi.WifiInfo.getMacAddress
Queries the network operator ISO country codeShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:70API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getLocaleCountry:93API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->SetDeviceInfo:276API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:213API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Source: com.tapjoy.TapjoyConnectCore;->init:385API Call: android.telephony.TelephonyManager.getNetworkCountryIso
Queries the network operator nameShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:46API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getPhoneCarrier:130API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: com.jirbo.adcolony.AdColony;->configure:31API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Source: com.tapjoy.TapjoyConnectCore;->init:384API Call: android.telephony.TelephonyManager.getNetworkOperatorName
Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:41API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: com.gameloft.android.GAND.GloftMBHP.PushNotification.C2DMAndroidUtils;->SetDeviceInfo:274API Call: android.telephony.TelephonyManager.getNetworkOperator
Source: com.tapjoy.TapjoyConnectCore;->init:386API Call: android.telephony.TelephonyManager.getNetworkOperator
Queries the unqiue device ID (IMEI, MEID or ESN)Show sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:66API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->d1:121API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.gameloft.android.GAND.GloftMBHP.Game;->getIMEI:608API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getIMEI:86API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.gameloft.android.GAND.GloftMBHP.Game;->onCreate:1006API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.gameloft.android.GAND.GloftMBHP.SplashScreenDialog;->getIMEI:179API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.gameloft.android.GAND.GloftMBHP.installer.utils.Tracking;->init:61API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:180API Call: android.telephony.TelephonyManager.getSubscriberId
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:363API Call: android.telephony.TelephonyManager.getLine1Number
Source: com.tapjoy.TapjoyConnectCore;->init:383API Call: android.telephony.TelephonyManager.getDeviceId

Stealing of Sensitive Information:

barindex
Reads the serial number of the deviceShow sources
Source: Lcom/gameloft/android/GAND/GloftMBHP/GLUtils/Device;->d1()Ljava/lang/String;Method string: "ro.serialno"
Source: Lcom/gameloft/android/GAND/GloftMBHP/SendInfo;->getSerialNo()Ljava/lang/String;Method string: "ro.serialno"
Source: Lcom/gameloft/android/GAND/GloftMBHP/Game;->getSerialNo()Ljava/lang/String;Method string: "ro.serialno"
Source: Lcom/gameloft/android/GAND/GloftMBHP/SplashScreenDialog;->getSerialNo()Ljava/lang/String;Method string: "ro.serialno"
Checks if a SIM card is installedShow sources
Source: com.gameloft.android.GAND.GloftMBHP.GLUtils.Device;->InitDeviceValues:36API Call: android.telephony.TelephonyManager.getSimState
Source: com.gameloft.android.GAND.GloftMBHP.iab.CustomizeDialog;->IsValidSIM:222API Call: android.telephony.TelephonyManager.getSimState
Source: com.boku.mobile.android.PaymentPanelActivity;->onCreate:346API Call: android.telephony.TelephonyManager.getSimState
Creates SMS data (e.g. PDU)Show sources
Source: k.g;->onReceive:5API Call: android.telephony.SmsMessage.createFromPdu
Source: k.h;->onReceive:5API Call: android.telephony.gsm.SmsMessage.createFromPdu
Has permission to read the phones state (phone number, device IDs, active call ect.)Show sources
Source: submitted apkRequest permission: android.permission.READ_PHONE_STATE
Has permission to receive SMS in the backgroundShow sources
Source: submitted apkRequest permission: android.permission.RECEIVE_SMS
Parses SMS data (e.g. originating address)Show sources
Source: k.g;->onReceive:6API Call: android.telephony.SmsMessage.getOriginatingAddress
Source: k.g;->onReceive:21API Call: android.telephony.SmsMessage.getMessageBody
Source: k.h;->onReceive:6API Call: android.telephony.gsm.SmsMessage.getOriginatingAddress
Source: k.g;->onReceive:40API Call: android.telephony.SmsMessage.getMessageBody
Source: k.h;->onReceive:21API Call: android.telephony.gsm.SmsMessage.getMessageBody
Source: k.h;->onReceive:35API Call: android.telephony.gsm.SmsMessage.getMessageBody
Queries calendar entriesShow sources
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->a:54API Call: android.net.Uri.parse("content://calendar/events")
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->a:57API Call: android.net.Uri.parse("content://calendar/reminders")
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->b:302API Call: android.net.Uri.parse("content://com.android.calendar/calendars")
Source: com.inmobi.androidsdk.ai.controller.JSUtilityController;->b:311API Call: android.net.Uri.parse("content://calendar/calendars")
Queries list of installed packagesShow sources
Source: com.gameloft.android.GAND.GloftMBHP.SendInfo;->getPackages:118API Call: android.content.pm.PackageManager.getInstalledPackages
Queries phone contact informationShow sources
Source: com.gameloft.android.GAND.GloftMBHP.Game;->QueryPhoneBook:414Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI

Remote Access Functionality:

barindex
Found suspicious command strings (may be related to BOT commands)Show sources
Source: Lcom/inmobi/androidsdk/ai/container/a;->onLoadResource(Landroid/webkit/WebView;Ljava/lang/String;)VMethod string: "(function(){var c=window.mraid={};c.states={loading:\"loading\",default:\"default\",resized:\"resized\",expanded:\"expanded\",hidden:\"hidden\"};var d=c.events={ready:\"ready\",error:\"error\",statechange:\"statechange\",viewablechange:\"viewablechange\",orientationchange:\"orientationchange\"},i={width:0,height:0},g={width:0,height:0},f={},h={width:0,height:0,usecustomclose:!1,ismodal:!0,lockorientation:!1,orientation:\"\"},l=function(a){this.event=a;this.count=0;var b={};this.add=function(a){var c=\"\"+a;b[c]||(b[c]=a,this.count++)};this.remove=function(a){a=\"\"+a;return b[a]?(b[a]=null,delete b[a],this.count--,!0):!1};this.removeall=function(){for(var a in b)this.remove(b[a])};this.broadcast=function(a){for(var c in b)b[c].apply({},a)};this.tostring=function(){var c=[a,\":\"],d;for(d in b)c.push(\"|\",d,\"|\");return c.join(\"\")}};mraidview.addeventlistener(d.ready,function(){e(d.ready)});mraidview.addeventlistener(d.statechange,function(a){e(d.statechange,a)});mraidview.addeventlistener(d.viewablechange,function(a){e(d.viewablechange,a)});mraidview.addeventlistener(\"error\",function(a,b){e(d.error,a,b)});mraidview.addeventlistener(d.orientationchange,function(a){e(d.orientationchange,a)});var k=function(a){var b=function(){};b.prototype=a;return new b},e=function(){for(var a=array(arguments.length),b=0;b<arguments.length;b++)a[b]=arguments[b];b=a.shift();try{f[b]&&f[b].broadcast(a)}catch(c){}},j=function(a){for(var b=0,c=a.length-1;b<a.length&&\" \"==a[b];)b++;for(;c>b&&\" \"==a[c];)c-=1;return a.substring(b,c+1)};c.addeventlistener=function(a,b){try{!a||!b?e(d.error,\"both event and listener are required.\",\"addeventlistener\"):d.error==a||d.ready==a||d.statechange==a||d.viewablechange==a||d.orientationchange==a?(f[a]||(f[a]=new l(a)),f[a].add(b)):mraidview.addeventlistener(a,b)}catch(c){mraidview.log(c)}};c.usecustomclose=function(a){h.usecustomclose=a;mraidview.usecustomclose(a)};c.close=function(){mraidview.close()};c.getexpandproperties=function(){return h};c.setexpandproperties=function(a){h=a;h.ismodal=!0;mraidview.setexpandproperties(h)};c.expand=function(a){mraidview.expand(a)};c.getmaxsize=function(){return k(g)};c.getsize=function(){return k(i)};c.getstate=function(){return mraidview.getstate()};c.getorientation=function(){return mraidview.getorientation()};c.isviewable=function(){return mraidview.isviewable()};c.open=function(a){a?mraidview.open(a):e(d.error,\"url is required.\",\"open\")};c.removeeventlistener=function(a,b){try{if(a){if(b)if(f[a])f[a].remove(b);else{mraidview.removeeventlistener(a,b);return}else f[a]&&f[a].removeall();f[a]&&0==f[a].count&&(f[a]=null,delete f[a])}else e(d.error,\"must specify an event.\",\"removeeventlistener\")}catch(c){mraidview.log(\"removeeventlistener\"+c)}};c.resize=function(a,b){null==a||null==b||isnan(a)||isnan(b)||0>a||0>b?e(d.error,\"requested size must be numeric values between 0 and maxsize.\",\"resize\"):a>g.width||b>g.height?e(d.error,\"request (\"+a+\" x \"+b+\") exceeds maximu
Source: Lcom/inmobi/androidsdk/ai/container/a;->onLoadResource(Landroid/webkit/WebView;Ljava/lang/String;)VMethod string: "(function(){var c=window.mraid={};c.states={loading:\"loading\",default:\"default\",resized:\"resized\",expanded:\"expanded\",hidden:\"hidden\"};var d=c.events={ready:\"ready\",error:\"error\",statechange:\"statechange\",viewablechange:\"viewablechange\",orientationchange:\"orientationchange\"},i={width:0,height:0},g={width:0,height:0},f={},h={width:0,height:0,usecustomclose:!1,ismodal:!0,lockorientation:!1,orientation:\"\"},l=function(a){this.event=a;this.count=0;var b={};this.add=function(a){var c=\"\"+a;b[c]||(b[c]=a,this.count++)};this.remove=function(a){a=\"\"+a;return b[a]?(b[a]=null,delete b[a],this.count--,!0):!1};this.removeall=function(){for(var a in b)this.remove(b[a])};this.broadcast=function(a){for(var c in b)b[c].apply({},a)};this.tostring=function(){var c=[a,\":\"],d;for(d in b)c.push(\"|\",d,\"|\");return c.join(\"\")}};mraidview.addeventlistener(d.ready,function(){e(d.ready)});mraidview.addeventlistener(d.statechange,function(a){e(d.statechange,a)});mraidview.addeventlistener(d.viewablechange,function(a){e(d.viewablechange,a)});mraidview.addeventlistener(\"error\",function(a,b){e(d.error,a,b)});mraidview.addeventlistener(d.orientationchange,function(a){e(d.orientationchange,a)});var k=function(a){var b=function(){};b.prototype=a;return new b},e=function(){for(var a=array(arguments.length),b=0;b<arguments.length;b++)a[b]=arguments[b];b=a.shift();try{f[b]&&f[b].broadcast(a)}catch(c){}},j=function(a){for(var b=0,c=a.length-1;b<a.length&&\" \"==a[b];)b++;for(;c>b&&\" \"==a[c];)c-=1;return a.substring(b,c+1)};c.addeventlistener=function(a,b){try{!a||!b?e(d.error,\"both event and listener are required.\",\"addeventlistener\"):d.error==a||d.ready==a||d.statechange==a||d.viewablechange==a||d.orientationchange==a?(f[a]||(f[a]=new l(a)),f[a].add(b)):mraidview.addeventlistener(a,b)}catch(c){mraidview.log(c)}};c.usecustomclose=function(a){h.usecustomclose=a;mraidview.usecustomclose(a)};c.close=function(){mraidview.close()};c.getexpandproperties=function(){return h};c.setexpandproperties=function(a){h=a;h.ismodal=!0;mraidview.setexpandproperties(h)};c.expand=function(a){mraidview.expand(a)};c.getmaxsize=function(){return k(g)};c.getsize=function(){return k(i)};c.getstate=function(){return mraidview.getstate()};c.getorientation=function(){return mraidview.getorientation()};c.isviewable=function(){return mraidview.isviewable()};c.open=function(a){a?mraidview.open(a):e(d.error,\"url is required.\",\"open\")};c.removeeventlistener=function(a,b){try{if(a){if(b)if(f[a])f[a].remove(b);else{mraidview.removeeventlistener(a,b);return}else f[a]&&f[a].removeall();f[a]&&0==f[a].count&&(f[a]=null,delete f[a])}else e(d.error,\"must specify an event.\",\"removeeventlistener\")}catch(c){mraidview.log(\"removeeventlistener\"+c)}};c.resize=function(a,b){null==a||null==b||isnan(a)||isnan(b)||0>a||0>b?e(d.error,\"requested size must be numeric values between 0 and maxsize.\",\"resize\"):a>g.width||b>g.height?e(d.error,\"request (\"+a+\" x \"+b+\") exceeds maximu
Source: Lcom/gameloft/android/GAND/GloftMBHP/billing/common/LManager;->b(Ljava/lang/String;)Ljava/lang/String;Instruction: "lcom/gameloft/android/gand/gloftmbhp/glutils/device;->getimei()ljava/lang/string;"
Source: Lcom/inmobi/androidsdk/ai/container/a;->onLoadResource(Landroid/webkit/WebView;Ljava/lang/String;)VInstruction: "const-string v1, "(function(){var c=window.mraid={};c.states={loading:\"loading\",default:\"default\",resized:\"resized\",expanded:\"expanded\",hidden:\"hidden\"};var d=c.events={ready:\"ready\",error:\"error\",statechange:\"statechange\",viewablechange:\"viewablechange\",orientationchange:\"orientationchange\"},i={width:0,height:0},g={width:0,height:0},f={},h={width:0,height:0,usecustomclose:!1,ismodal:!0,lockorientation:!1,orientation:\"\"},l=function(a){this.event=a;this.count=0;var b={};this.add=function(a){var c=\"\"+a;b[c]||(b[c]=a,this.count++)};this.remove=function(a){a=\"\"+a;return b[a]?(b[a]=null,delete b[a],this.count--,!0):!1};this.removeall=function(){for(var a in b)this.remove(b[a])};this.broadcast=function(a){for(var c in b)b[c].apply({},a)};this.tostring=function(){var c=[a,\":\"],d;for(d in b)c.push(\"|\",d,\"|\");return c.join(\"\")}};mraidview.addeventlistener(d.ready,function(){e(d.ready)});mraidview.addeventlistener(d.statechange,function(a){e(d.statechange,a)});mraidview.addeventlistener(d.viewablechange,function(a){e(d.viewablechange,a)});mraidview.addeventlistener(\"error\",function(a,b){e(d.error,a,b)});mraidview.addeventlistener(d.orientationchange,function(a){e(d.orientationchange,a)});var k=function(a){var b=function(){};b.prototype=a;return new b},e=function(){for(var a=array(arguments.length),b=0;b<arguments.length;b++)a[b]=arguments[b];b=a.shift();try{f[b]&&f[b].broadcast(a)}catch(c){}},j=function(a){for(var b=0,c=a.length-1;b<a.length&&\" \"==a[b];)b++;for(;c>b&&\" \"==a[c];)c-=1;return a.substring(b,c+1)};c.addeventlistener=function(a,b){try{!a||!b?e(d.error,\"both event and listener are required.\",\"addeventlistener\"):d.error==a||d.ready==a||d.statechange==a||d.viewablechange==a||d.orientationchange==a?(f[a]||(f[a]=new l(a)),f[a].add(b)):mraidview.addeventlistener(a,b)}catch(c){mraidview.log(c)}};c.usecustomclose=function(a){h.usecustomclose=a;mraidview.usecustomclose(a)};c.close=function(){mraidview.close()};c.getexpandproperties=function(){return h};c.setexpandproperties=function(a){h=a;h.ismodal=!0;mraidview.setexpandproperties(h)};c.expand=function(a){mraidview.expand(a)};c.getmaxsize=function(){return k(g)};c.getsize=function(){return k(i)};c.getstate=function(){return mraidview.getstate()};c.getorientation=function(){return mraidview.getorientation()};c.isviewable=function(){return mraidview.isviewable()};c.open=function(a){a?mraidview.open(a):e(d.error,\"url is required.\",\"open\")};c.removeeventlistener=function(a,b){try{if(a){if(b)if(f[a])f[a].remove(b);else{mraidview.removeeventlistener(a,b);return}else f[a]&&f[a].removeall();f[a]&&0==f[a].count&&(f[a]=null,delete f[a])}else e(d.error,\"must specify an event.\",\"removeeventlistener\")}catch(c){mraidview.log(\"removeeventlistener\"+c)}};c.resize=function(a,b){null==a||null==b||isnan(a)||isnan(b)||0>a||0>b?e(d.error,\"requested size must be numeric values between 0 and maxsize.\",\"resize\"):a>g.width||b>g.height?e(d.error,\"request (\"+a+\" x \"+b+
Source: Lcom/inmobi/androidsdk/ai/container/a;->onLoadResource(Landroid/webkit/WebView;Ljava/lang/String;)VInstruction: "const-string v1, "(function(){var c=window.mraid={};c.states={loading:\"loading\",default:\"default\",resized:\"resized\",expanded:\"expanded\",hidden:\"hidden\"};var d=c.events={ready:\"ready\",error:\"error\",statechange:\"statechange\",viewablechange:\"viewablechange\",orientationchange:\"orientationchange\"},i={width:0,height:0},g={width:0,height:0},f={},h={width:0,height:0,usecustomclose:!1,ismodal:!0,lockorientation:!1,orientation:\"\"},l=function(a){this.event=a;this.count=0;var b={};this.add=function(a){var c=\"\"+a;b[c]||(b[c]=a,this.count++)};this.remove=function(a){a=\"\"+a;return b[a]?(b[a]=null,delete b[a],this.count--,!0):!1};this.removeall=function(){for(var a in b)this.remove(b[a])};this.broadcast=function(a){for(var c in b)b[c].apply({},a)};this.tostring=function(){var c=[a,\":\"],d;for(d in b)c.push(\"|\",d,\"|\");return c.join(\"\")}};mraidview.addeventlistener(d.ready,function(){e(d.ready)});mraidview.addeventlistener(d.statechange,function(a){e(d.statechange,a)});mraidview.addeventlistener(d.viewablechange,function(a){e(d.viewablechange,a)});mraidview.addeventlistener(\"error\",function(a,b){e(d.error,a,b)});mraidview.addeventlistener(d.orientationchange,function(a){e(d.orientationchange,a)});var k=function(a){var b=function(){};b.prototype=a;return new b},e=function(){for(var a=array(arguments.length),b=0;b<arguments.length;b++)a[b]=arguments[b];b=a.shift();try{f[b]&&f[b].broadcast(a)}catch(c){}},j=function(a){for(var b=0,c=a.length-1;b<a.length&&\" \"==a[b];)b++;for(;c>b&&\" \"==a[c];)c-=1;return a.substring(b,c+1)};c.addeventlistener=function(a,b){try{!a||!b?e(d.error,\"both event and listener are required.\",\"addeventlistener\"):d.error==a||d.ready==a||d.statechange==a||d.viewablechange==a||d.orientationchange==a?(f[a]||(f[a]=new l(a)),f[a].add(b)):mraidview.addeventlistener(a,b)}catch(c){mraidview.log(c)}};c.usecustomclose=function(a){h.usecustomclose=a;mraidview.usecustomclose(a)};c.close=function(){mraidview.close()};c.getexpandproperties=function(){return h};c.setexpandproperties=function(a){h=a;h.ismodal=!0;mraidview.setexpandproperties(h)};c.expand=function(a){mraidview.expand(a)};c.getmaxsize=function(){return k(g)};c.getsize=function(){return k(i)};c.getstate=function(){return mraidview.getstate()};c.getorientation=function(){return mraidview.getorientation()};c.isviewable=function(){return mraidview.isviewable()};c.open=function(a){a?mraidview.open(a):e(d.error,\"url is required.\",\"open\")};c.removeeventlistener=function(a,b){try{if(a){if(b)if(f[a])f[a].remove(b);else{mraidview.removeeventlistener(a,b);return}else f[a]&&f[a].removeall();f[a]&&0==f[a].count&&(f[a]=null,delete f[a])}else e(d.error,\"must specify an event.\",\"removeeventlistener\")}catch(c){mraidview.log(\"removeeventlistener\"+c)}};c.resize=function(a,b){null==a||null==b||isnan(a)||isnan(b)||0>a||0>b?e(d.error,\"requested size must be numeric values between 0 and maxsize.\",\"resize\"):a>g.width||b>g.height?e(d.error,\"request (\"+a+\" x \"+b+

Malware Configuration

No configs have been found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SpLW6lfIV319%VirustotalBrowse
SpLW6lfIV321%ReversingLabsAndroid.PUA.Smsreg
SpLW6lfIV3100%AviraSPR/ANDR.SMSreg.CG.Gen

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ws.tapjoyads.com/get_vg_store_items/user_account?0%VirustotalBrowse
https://ws.tapjoyads.com/get_vg_store_items/user_account?0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidContinueTrack0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidContinueTrack0%Avira URL Cloudsafe
http://signal-back.com0%VirustotalBrowse
http://signal-back.com0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidImpressionTrack0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidImpressionTrack0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidRequestTrack0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidRequestTrack0%Avira URL Cloudsafe
https://ws.tapjoyads.com/points/spend?0%VirustotalBrowse
https://ws.tapjoyads.com/points/spend?0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidDownloadTrack0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidDownloadTrack0%Avira URL Cloudsafe
https://ws.tapjoyads.com/0%VirustotalBrowse
https://ws.tapjoyads.com/0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=tracking&action=appTrack0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=tracking&action=appTrack0%Avira URL Cloudsafe
https://ws.tapjoyads.com/points/award?0%VirustotalBrowse
https://ws.tapjoyads.com/points/award?0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=serve&action=adConfig0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=serve&action=adConfig0%Avira URL Cloudsafe
https://ws.tapjoyads.com/videos?0%VirustotalBrowse
https://ws.tapjoyads.com/videos?0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidStartTrack0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidStartTrack0%Avira URL Cloudsafe
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidInfoTrack0%VirustotalBrowse
http://www.adtilt.com/clients/index.php?section=tracking_1_9_6&action=acVidInfoTrack0%Avira URL Cloudsafe
http://www.adtilt.com/clients/skins/resource_json_iphone.json0%VirustotalBrowse
http://www.adtilt.com/clients/skins/resource_json_iphone.json0%Avira URL Cloudsafe
https://ws.tapjoyads.com/connect?0%VirustotalBrowse
https://ws.tapjoyads.com/connect?0%Avira URL Cloudsafe
https://ws.tapjoyads.com/get_offers/webpage?0%VirustotalBrowse
https://ws.tapjoyads.com/get_offers/webpage?0%Avira URL Cloudsafe
http://java.sun.com/dtd/properties.dtd0%VirustotalBrowse
http://java.sun.com/dtd/properties.dtd0%Avira URL Cloudsafe
https://ws.tapjoyads.com/display_ad?0%VirustotalBrowse
https://ws.tapjoyads.com/display_ad?0%Avira URL Cloudsafe
http://gloft.co/1%VirustotalBrowse
http://gloft.co/0%Avira URL Cloudsafe
https://ws.tapjoyads.com/set_publisher_user_id?0%VirustotalBrowse
https://ws.tapjoyads.com/set_publisher_user_id?0%Avira URL Cloudsafe
https://ws.tapjoyads.com/get_offers/featured?0%VirustotalBrowse
https://ws.tapjoyads.com/get_offers/featured?0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
216.58.215.226http://104.238.179.196/code2111/chrome_win/Get hashmaliciousBrowse
  • www.googleadservices.com/pagead/conversion_async.js
http://dev.interop.comGet hashmaliciousBrowse
  • www.googletagservices.com/tag/js/gpt.js
http://rgho.st/7jXZr4XY6Get hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=albs&google_cm=&psid=6574252106362827873&google_hm=NjU3NDI1MjEwNjM2MjgyNzg3Mw&_lxrnd_=735613763&google_tc=
http://www.toexten.com/lp2?type=safe&pub_id=3729&sub_id=wL91F9I93AQ5G9KJHSP4QE1E&srcid=9225325b-0778-4b3a-80bd-ad6f5b882333_2134446Get hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm=&google_sc=&_origin=0&google_tc=
https://www.thredup.com/product/36006388?pdp_mode=pdp&link_name=Primary_Button_available_item&utm_source=responsys&utm_medium=email&utm_campaign=pdp-item-available-v2&t=Get hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=xplusone1&_r=1&google_hm=TkctMDAwMDAwMDM4Njg0MTg5NDA=&google_cm&google_sc&google_ula=1502692
https://www.thredup.com?utm_source=responsys&utm_medium=email&utm_campaign=ob-v13-day-2-ceo-noteGet hashmaliciousBrowse
  • cm.g.doubleclick.net/pixel?google_nid=xplusone1&_r=1&google_hm=TkUtMDAwMDAwMDg1ODk4NzkzMjM=&google_cm&google_sc&google_ula=1502692

Domains

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
pagead46.l.doubleclick.nethttps://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 172.217.168.2
https://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 172.217.168.66
https://sorozatbarat.eu/Get hashmaliciousBrowse
  • 172.217.168.2
https://pdf2tiff.com/Get hashmaliciousBrowse
  • 172.217.21.194
https://www.worldometers.info/coronavirus/country/australia/Get hashmaliciousBrowse
  • 216.58.205.226
http://mksadvertising.com/app.phpGet hashmaliciousBrowse
  • 216.58.201.66
http://chng.it/LyFZV7NkrPGet hashmaliciousBrowse
  • 172.217.23.194
http://chng.it/bHZ28dcGsTGet hashmaliciousBrowse
  • 172.217.23.194
http://jotform-dr.magicicescraper.com/screen_.php?_dfEERifoGfjgvSwqq__ew0dXXskdcZmaspowwwq______________doffkvlgpPdkfjgggWqqweRe=joe@joe.comGet hashmaliciousBrowse
  • 172.217.23.226
http://chng.it/JkSmZ5Bs7xGet hashmaliciousBrowse
  • 216.58.201.98
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Frnngroup.com%2F&data=02%7C01%7Cmcrear%40populusfinancial.com%7C7cb1f332a8e64513c7d908d7cf5bfd4a%7Cd6a191d2e4974ac29c2d35f55df102d3%7C0%7C0%7C637205867265058623&sdata=O1zwNgo%2BZnC%2F%2BxWNQctDQeELUwBtV%2FUhsdwNU7RWuIU%3D&reserved=0Get hashmaliciousBrowse
  • 172.217.23.194
http://coronavirus-map.comGet hashmaliciousBrowse
  • 172.217.23.226
5993436.docGet hashmaliciousBrowse
  • 216.58.201.66
https://cardsactivation.comGet hashmaliciousBrowse
  • 172.217.23.194
https://onedrive.live.com/?authkey=%21AMC02yT9gJedbcw&cid=58A6FB5C2EBB4ED8&id=58A6FB5C2EBB4ED8%211173&parId=root&o=OneUpGet hashmaliciousBrowse
  • 172.217.23.194
http://iamanonymous.com/operationsGet hashmaliciousBrowse
  • 216.58.201.98
https://beoriginalcoaching.com/lndex.phpGet hashmaliciousBrowse
  • 216.58.201.98
http://coronavirus-map.comGet hashmaliciousBrowse
  • 172.217.23.194
http://www.shedemeryville.com/wp-content/uploads/2018/11/badezimmer-verputzen-statt-fliesen-wohndesign-mobel-ideen-von-badezimmer-farbe-statt-fliesen-photo.jpgGet hashmaliciousBrowse
  • 172.217.23.226
https://onedrive.live.com/?authkey=%21AMC02yT9gJedbcw&cid=58A6FB5C2EBB4ED8&id=58A6FB5C2EBB4ED8%211173&parId=root&o=OneUpGet hashmaliciousBrowse
  • 216.58.201.66
pagead.l.doubleclick.nethttps://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 172.217.168.2
https://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 216.58.215.226
https://sorozatbarat.eu/Get hashmaliciousBrowse
  • 172.217.168.66
https://www.worldometers.info/coronavirus/country/australia/Get hashmaliciousBrowse
  • 172.217.22.34
http://mksadvertising.com/app.phpGet hashmaliciousBrowse
  • 216.58.201.66
http://chng.it/LyFZV7NkrPGet hashmaliciousBrowse
  • 216.58.201.66
http://chng.it/bHZ28dcGsTGet hashmaliciousBrowse
  • 172.217.23.226
http://chng.it/JkSmZ5Bs7xGet hashmaliciousBrowse
  • 172.217.23.226
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Frnngroup.com%2F&data=02%7C01%7Cmcrear%40populusfinancial.com%7C7cb1f332a8e64513c7d908d7cf5bfd4a%7Cd6a191d2e4974ac29c2d35f55df102d3%7C0%7C0%7C637205867265058623&sdata=O1zwNgo%2BZnC%2F%2BxWNQctDQeELUwBtV%2FUhsdwNU7RWuIU%3D&reserved=0Get hashmaliciousBrowse
  • 172.217.23.226
http://coronavirus-map.comGet hashmaliciousBrowse
  • 172.217.23.194
https://cardsactivation.comGet hashmaliciousBrowse
  • 216.58.201.66
https://beoriginalcoaching.com/lndex.phpGet hashmaliciousBrowse
  • 216.58.201.66
http://coronavirus-map.comGet hashmaliciousBrowse
  • 216.58.201.66
http://www.shedemeryville.com/wp-content/uploads/2018/11/badezimmer-verputzen-statt-fliesen-wohndesign-mobel-ideen-von-badezimmer-farbe-statt-fliesen-photo.jpgGet hashmaliciousBrowse
  • 172.217.23.194
https://www.jottacloud.com/s/21942f16122aa704a88a32f5feeb6fd1d60Get hashmaliciousBrowse
  • 172.217.23.194
Nova Launcher_v6.2.9_apkpure.com.apkGet hashmaliciousBrowse
  • 172.217.23.226
https://protect2.fireeye.com/v1/url?k=8046f9f9-dcccdb10-8041e57b-0cc47ad93e2e-633e734247df6cea&q=1&e=9ca7041e-25e4-4b45-bee2-8b57a4628228&u=http%3A%2F%2F123asdqwer.online%2FGet hashmaliciousBrowse
  • 172.217.23.226
https://blacurlik.com/Get hashmaliciousBrowse
  • 172.217.23.226
http://coronavirus-map.comGet hashmaliciousBrowse
  • 172.217.23.194
https://storage.googleapis.com/dsafghjklbvc/9988.html#qs%3Dr-afcciafjbikkcfbaebccdfhaedbgbhjaeededabababaedahhaccafhdacfgjagejkjacbGet hashmaliciousBrowse
  • 172.217.23.194

ASN

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
unknownhttp://www.tucows.com/thankyou.html?swid=1597673Get hashmaliciousBrowse
  • 64.99.128.15
Scanned-file452071.pdf.lnkGet hashmaliciousBrowse
  • 216.58.215.225
86soq_01[1].exeGet hashmaliciousBrowse
  • 45.79.188.67
Document needed.docGet hashmaliciousBrowse
  • 185.42.104.172
look_attach_s0r.jsGet hashmaliciousBrowse
  • 5.101.51.91
https://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 104.16.251.5
https://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 162.216.250.35
#Ud83d#Udcde Portvanusa.com Voice-message_4.htmGet hashmaliciousBrowse
  • 13.224.96.127
0.884289.jsGet hashmaliciousBrowse
  • 89.107.186.3
Mark Shared Message.htmlGet hashmaliciousBrowse
  • 148.72.248.46
dokument9034432.htaGet hashmaliciousBrowse
  • 203.124.113.131
http://www.hs24st.culbco.com/aHR0cHM6Ly9ib3VjaGVmZXp0ZXIuY29tL3ZvaWNlZT9zMjRwJmVtYWlsPW1ob2hpbWVyQGZhbWlseS1pbnN0aXR1dGUub3JnJm4yNHQ=Get hashmaliciousBrowse
  • 47.91.107.110
zaMTU7CMVg.exeGet hashmaliciousBrowse
  • 104.18.88.101
https://polykaura.com/staple/8095423/8095423.zipGet hashmaliciousBrowse
  • 127.0.0.1
job_presentation_w5i.jsGet hashmaliciousBrowse
  • 5.101.51.91
pw11-pro-demo.exeGet hashmaliciousBrowse
  • 151.101.12.134
https://u15378345.ct.sendgrid.net/ls/click?upn=LnRBZ0nlWE6aikWcMGzbxSndG29F1nfrc3pRL4WE6n5D96fp4WIRaLWjD2mYFsWx-2FvC3z4u6LcWfb5gedruMlC9n7T6yCeg-2BF4wruqUdOwMewU-2FnkROAGyPf-2B-2FvnpD2Zfszo_Plxpf-2FwIng3KxtCnd5dGO72CsxCEs4aYImay408PZTz7bWiDnyl3pbjPf3GfZTjBGZCyn1MtGvxgcVELOYwV9GDDDEcMAaUJGvrgvH32fWwrHFOhatvN4UQeOsjonQztmgto4c6Un1sK9DDuj8NndB1gk7yRf2BtSW-2Bvo82sqow9y4N3arjbuysXVhUySz7QdoxBdwd81xncE9Qgd-2FKFIhQoqECyewc7Gm-2B9r-2BBfM46nIYRYKydtdqjeP8jmXWtrGet hashmaliciousBrowse
  • 167.89.118.35
TableOfColors.exeGet hashmaliciousBrowse
  • 127.0.0.1
TableOfColors.exeGet hashmaliciousBrowse
  • 127.0.0.1
SDLTradosStudio2019TrialInstaller (1).exeGet hashmaliciousBrowse
  • 13.224.96.93
unknownhttp://www.tucows.com/thankyou.html?swid=1597673Get hashmaliciousBrowse
  • 64.99.128.15
Scanned-file452071.pdf.lnkGet hashmaliciousBrowse
  • 216.58.215.225
86soq_01[1].exeGet hashmaliciousBrowse
  • 45.79.188.67
Document needed.docGet hashmaliciousBrowse
  • 185.42.104.172
look_attach_s0r.jsGet hashmaliciousBrowse
  • 5.101.51.91
https://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 104.16.251.5
https://www.transfernow.net/rfcDkn032020/742afcGet hashmaliciousBrowse
  • 162.216.250.35
#Ud83d#Udcde Portvanusa.com Voice-message_4.htmGet hashmaliciousBrowse
  • 13.224.96.127
0.884289.jsGet hashmaliciousBrowse
  • 89.107.186.3
Mark Shared Message.htmlGet hashmaliciousBrowse
  • 148.72.248.46
dokument9034432.htaGet hashmaliciousBrowse
  • 203.124.113.131
http://www.hs24st.culbco.com/aHR0cHM6Ly9ib3VjaGVmZXp0ZXIuY29tL3ZvaWNlZT9zMjRwJmVtYWlsPW1ob2hpbWVyQGZhbWlseS1pbnN0aXR1dGUub3JnJm4yNHQ=Get hashmaliciousBrowse
  • 47.91.107.110
zaMTU7CMVg.exeGet hashmaliciousBrowse
  • 104.18.88.101
https://polykaura.com/staple/8095423/8095423.zipGet hashmaliciousBrowse
  • 127.0.0.1
job_presentation_w5i.jsGet hashmaliciousBrowse
  • 5.101.51.91
pw11-pro-demo.exeGet hashmaliciousBrowse
  • 151.101.12.134
https://u15378345.ct.sendgrid.net/ls/click?upn=LnRBZ0nlWE6aikWcMGzbxSndG29F1nfrc3pRL4WE6n5D96fp4WIRaLWjD2mYFsWx-2FvC3z4u6LcWfb5gedruMlC9n7T6yCeg-2BF4wruqUdOwMewU-2FnkROAGyPf-2B-2FvnpD2Zfszo_Plxpf-2FwIng3KxtCnd5dGO72CsxCEs4aYImay408PZTz7bWiDnyl3pbjPf3GfZTjBGZCyn1MtGvxgcVELOYwV9GDDDEcMAaUJGvrgvH32fWwrHFOhatvN4UQeOsjonQztmgto4c6Un1sK9DDuj8NndB1gk7yRf2BtSW-2Bvo82sqow9y4N3arjbuysXVhUySz7QdoxBdwd81xncE9Qgd-2FKFIhQoqECyewc7Gm-2B9r-2BBfM46nIYRYKydtdqjeP8jmXWtrGet hashmaliciousBrowse
  • 167.89.118.35
TableOfColors.exeGet hashma