Malicious
24
/61

Threat

com.FourInRow

Four In Row

Analyzed on 2021-12-30T18:37:51.836029

10

permissions

16

activities

1

services

3

receivers

13

domains

File sums

MD5 4469b20b8ad64477610269ec56c21cbf
SHA1 b44636918a1fbdeb64d7cf744d1ecb789ad01e51
SHA256 000ab3d5bec4fd7343e8511588e3d083deaad830bbedd20d448013c23777a897
Size 3.08MB

APKiD

Information computed with APKiD.

/tmp/tmpzon5537b!classes.dex
anti_vm
  • Build.MANUFACTURER check
  • Build.BOARD check
  • possible Build.SERIAL check
  • SIM operator check
  • network operator name check
manipulator
  • dexmerge
compiler
  • dx (possible dexmerge)

SSdeep

Information computed with ssdeep.

APK file 49152:0R2uuenGF1anatsfE0lUSL4bnrP5TrWb4wDKlC72rc+vfiSDG+bjlV3Ke9:+21e6Yhc06RrP5HA4wDRCrcmfk+HKC
Manifest 192:uKagSD1Wyb6Ro8sQiSO8+E7/XlMjjGK1k1Qr6e+Sgjj3C2it:ufgSDcyb6Ro8sQvO…
classes.dex 12288:Q6Q83Km2G3vSh/zgVDH1PMCIYuFYK5EdrYYCm+:F373YzgF5m5Ed9Cm+

Dexofuzzy

Information computed with Dexofuzzy.

APK file 768:3C3OoQPZZNaM9PDoR0VYFjU4jt7jqI1L0vFQDZTLwxUqwP5fkhrWbIp7LPR0spCe:…
classes.dex 768:3C3OoQPZZNaM9PDoR0VYFjU4jt7jqI1L0vFQDZTLwxUqwP5fkhrWbIp7LPR0spCe:…

APK details

Information computed with AndroGuard and Pithus.

Package com.FourInRow
App name Four In Row
Version name 1.0
Version code 1
SDK 8 - None
UAID fcd5671b147f8bfeb09208f29f4d7f76d8fcaf6c
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 3ff7da781a56920b48bd36f2e54c098e
SHA1 e246202d1c975838e80568dc5a92bc3914398549
SHA256 b3a30179980a90b0bc72eca346e534570799992188040442039e42909e52fe71
Issuer Common Name: Mark, Organizational Unit: software, Organization: sendkdep, Locality: london, State/Province: london, Country: 85
Not before 2014-03-19T19:06:42+00:00
Not after 2039-03-13T19:06:42+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High TaskAffinity is set for Activity
(com.startapp.android.publish.list3d.List3DActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High TaskAffinity is set for Activity
(com.startapp.android.publish.AppWallActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Broadcast Receiver (net.mz.callflakessdk.core.ReceiverCall) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (net.mz.callflakessdk.core.ReceiverPackageAdded) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (net.mz.callflakessdk.core.ReceiverPackageRemoved) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Launch Mode of Activity (net.mz.callflakessdk.core.ActivityCallTerminate) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Main Activity

Information computed with AndroGuard.

com.FourInRow.FourInRow

Activities

Information computed with AndroGuard.

com.startapp.android.eula.EULAActivity
com.startapp.android.publish.list3d.List3DActivity
com.startapp.android.publish.AppWallActivity
net.mz.callflakessdk.core.ActivityCallTerminate
net.mz.callflakessdk.core.ActivityAdBannerURL
net.mz.callflakessdk.core.ActivityAds
com.FourInRow.FourInRow
com.FourInRow.Game_Selection
com.FourInRow.Play_Ground_11
com.FourInRow.Play_Ground_12
com.FourInRow.Play_Ground_21
com.FourInRow.Play_Ground_22
com.FourInRow.Player_Selection
com.FourInRow.Stricker_Selection_1
com.FourInRow.Stricker_Selection_2
com.FourInRow.Stricker_Selection_12

Receivers

Information computed with AndroGuard.

net.mz.callflakessdk.core.ReceiverCall
net.mz.callflakessdk.core.ReceiverPackageAdded
net.mz.callflakessdk.core.ReceiverPackageRemoved

Services

Information computed with AndroGuard.

net.mz.callflakessdk.core.ServiceBannerCaching

Sample timeline

Oldest file found in APK Oct. 2, 2013, 3:12 p.m.
Certificate valid not before March 19, 2014, 7:06 p.m.
Latest file found in APK March 20, 2014, 12:36 a.m.
First submission on VT June 30, 2014, 1:19 p.m.
Last submission on VT Sept. 12, 2021, 7:45 p.m.
Upload on Pithus Dec. 30, 2021, 6:37 p.m.
Certificate valid not after March 13, 2039, 7:06 p.m.

VirusTotal

Score 24/61
Report https://www.virustotal.com/gui/file/000ab3d5bec4fd7343e8511588e3d083deaad830bbedd20d448013c23777a897/detection

Most Popular AV Detections

Provided by VirusTotal

Threat name: callflakes Identified 8 times
Threat name: artemis Identified 2 times

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_COP.1.1(1) The application perform encryption/decryption in accordance with a specified cryptographic algorithm AES-CBC (as defined in NIST SP 800-38A) mode or AES-GCM (as defined in NIST SP 800-38D) and cryptographic key sizes 256-bit/128-bit.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 net/mz/callflakessdk/core/CFFunctions.java
com/mobfox/sdk/InAppWebView.java
com/FourInRow/Play_Ground_12.java
com/mobfox/sdk/RequestAd.java
com/localytics/android/C0013b.java
net/mz/callflakessdk/core/ActivityCallTerminate.java
com/FourInRow/Play_Ground_22.java
com/FourInRow/AdHelper.java
com/FourInRow/Play_Ground_21.java
com/FourInRow/FourInRow.java
com/FourInRow/Play_Ground_11.java
com/mobfox/sdk/MobFoxView.java
com/localytics/android/v.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/searchboxsdk/android/util/f.java
com/postcallmanager/android/d/d.java
com/startapp/android/eula/b/e.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/localytics/android/o.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files:
 com/startapp/android/eula/EULAActivity.java
com/startapp/android/publish/AppWallActivity.java
com/startapp/android/publish/d.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 com/startapp/android/publish/StartAppAd.java
com/startapp/android/publish/banner/Banner.java
Pygal Netherlands: 100 United States: 800

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US analytics.localytics.com 54.172.74.140
US www.searchmobileonline.com 217.65.36.213
- eula.ad-market.mobi 0.0.0.0
www.mysearch-online.com
US play.google.com 142.250.186.142
www.mobile.peopleace.com
US www.freeappsoftheday.com 69.16.231.151
US my.mobfox.com 8.2.110.215
US www.google.com 142.250.186.36
US www.ad-exchange.mobi 64.225.91.73
US www.search-results.mobi 69.16.230.42
NL www.startappexchange.com 93.184.221.133
- www.ad-market.mobi 0.0.0.0

URL analysis

Information computed with MobSF.

http://analytics.localytics.com/api/v2/applications/%s/uploads
Defined in com/localytics/android/C.java
http://eula.ad-market.mobi/ProtocolGW/protocol/eula
http://eula.ad-market.mobi/ProtocolGW/protocol/eulastatus
Defined in com/startapp/android/eula/b.java
http://eula.ad-market.mobi/ProtocolGW/protocol/eula
http://eula.ad-market.mobi/ProtocolGW/protocol/eulastatus
Defined in com/startapp/android/eula/b.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/d.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/d.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/AppWallDelegateActivity.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/AppWallDelegateActivity.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/d/k.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/d/k.java
http://www.startappexchange.com/1.3/getadsmetadata
Defined in com/startapp/android/publish/b/h.java
http://www.startappexchange.com/1.3/getads
Defined in com/startapp/android/publish/b/c.java
http://www.startappexchange.com/1.3/gethtmlad
Defined in com/startapp/android/publish/b/b.java
http://www.startappexchange.com/tracking/adImpression?
Defined in com/startapp/android/publish/b/a.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/list3d/g.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/list3d/g.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/list3d/List3DActivity.java
http://play.google.com
https://play.google.com
Defined in com/startapp/android/publish/list3d/List3DActivity.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Stricker_Selection_1.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Player_Selection.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Stricker_Selection_12.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Play_Ground_22.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Stricker_Selection_2.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Play_Ground_12.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Play_Ground_11.java
http://www.mobile.peopleace.com/
Defined in com/FourInRow/Play_Ground_21.java
http://www.ad-market.mobi/1.3/getads
Defined in com/searchboxsdk/android/c/c.java
http://www.ad-market.mobi/1.3/getads
http://www.search-results.mobi/?p=ssb&c=US&sourceid=6
Defined in com/searchboxsdk/android/c/b.java
http://www.ad-market.mobi/1.3/getads
http://www.search-results.mobi/?p=ssb&c=US&sourceid=6
Defined in com/searchboxsdk/android/c/b.java
http://www.mysearch-online.com/?sourceid=14&prodid=209468861&pubid=109682855
http://www.ad-exchange.mobi/1.3/gethtmlad
http://www.ad-exchange.mobi/tracking/optout/startapp
Defined in com/postcallmanager/android/PostCallWrapper.java
http://www.mysearch-online.com/?sourceid=14&prodid=209468861&pubid=109682855
http://www.ad-exchange.mobi/1.3/gethtmlad
http://www.ad-exchange.mobi/tracking/optout/startapp
Defined in com/postcallmanager/android/PostCallWrapper.java
http://www.mysearch-online.com/?sourceid=14&prodid=209468861&pubid=109682855
http://www.ad-exchange.mobi/1.3/gethtmlad
http://www.ad-exchange.mobi/tracking/optout/startapp
Defined in com/postcallmanager/android/PostCallWrapper.java
http://www.ad-exchange.mobi/1.3/getads
Defined in com/postcallmanager/android/b/b.java
http://my.mobfox.com/request.php
Defined in com/mobfox/sdk/Const.java
http://www.google.com/complete/search?hl=en&client=android&
Defined in net/mz/callflakessdk/core/CFConstants.java
http://play.google.com
https://play.google.com
Defined in net/mz/callflakessdk/core/ActivityAdBannerURL.java
http://play.google.com
https://play.google.com
Defined in net/mz/callflakessdk/core/ActivityAdBannerURL.java
http://www.freeappsoftheday.com/?sourceid=14&pubid=5589&prodid=%1$s&userid=%2$s
http://www.searchmobileonline.com/?p=gr&sourceid=14&pubid=5589
Defined in net/mz/callflakessdk/libcfint/CFLib.java
http://www.freeappsoftheday.com/?sourceid=14&pubid=5589&prodid=%1$s&userid=%2$s
http://www.searchmobileonline.com/?p=gr&sourceid=14&pubid=5589
Defined in net/mz/callflakessdk/libcfint/CFLib.java
http://www.startappexchange.com/1.2/gethtmlad?
Defined in net/mz/callflakessdk/libcfint/a.java

Permissions analysis

Information computed with MobSF.

High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.GET_TASKS retrieve running applications
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High android.permission.PROCESS_OUTGOING_CALLS intercept outgoing calls
Allows application to process outgoing calls and change the number to be dialled. Malicious applications may monitor, redirect or prevent outgoing calls.
High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.DISABLE_KEYGUARD Allows applications to disable the keyguard if it is not secure.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Connect to a URL and receive input stream from the server
Confidence:
100%
Method reflection
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Put data in cursor to JSON object
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Connect to a URL and get the response code
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get absolute path of the file and store in string
Confidence:
100%
Get the current WIFI information
Confidence:
100%
Query the IMEI number
Confidence:
100%
Hide the current app's icon
Confidence:
100%
Connect to the remote server through the given URL
Confidence:
100%
Query WiFi information and WiFi Mac Address
Confidence:
100%
Query data from URI (SMS, CALLLOGS)
Confidence:
100%
Get the current WiFi MAC address
Confidence:
100%
Connect to a URL and set request method
Confidence:
80%
Query the current data network type
Confidence:
80%
Check the active network type
Confidence:
80%
Get location info of the device and put it to JSON object
Confidence:
80%
Get the network operator name
Confidence:
80%
Check the current network type
Confidence:
80%
Query The ISO country code
Confidence:
80%
Get the country code of the SIM card provider
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Base64 decode
       com/startapp/android/eula/model/h.java
Base64 encode
       com/startapp/android/publish/banner/bannerstandard/BannerStandard.java
com/startapp/android/publish/AppWallActivity.java
Crypto
       com/startapp/android/eula/b/i.java
Gps location
       com/mobfox/sdk/MobFoxView.java
Get installed applications
       net/mz/callflakessdk/core/ReceiverPackageRemoved.java
Get sim provider details
       com/startapp/android/publish/model/BaseRequest.java
com/startapp/android/eula/b/i.java
com/postcallmanager/android/model/c.java
com/searchboxsdk/android/b/d.java
Get system service
       com/postcallmanager/android/d/h.java
net/mz/callflakessdk/core/PostCallManager.java
com/startapp/android/publish/banner/bannerstandard/BannerStandard.java
com/searchboxsdk/android/util/k.java
com/postcallmanager/android/PostCallWrapper.java
net/mz/callflakessdk/core/CFFunctions.java
com/startapp/android/publish/list3d/g.java
com/startapp/android/publish/banner/banner3d/Banner3D.java
com/searchboxsdk/android/c/c.java
com/startapp/android/publish/d.java
com/localytics/android/C0013b.java
com/startapp/android/eula/b/i.java
com/startapp/android/publish/b.java
com/postcallmanager/android/model/c.java
com/startapp/android/publish/HtmlAd.java
com/startapp/android/publish/model/BaseRequest.java
com/startapp/android/publish/d/k.java
com/mobfox/sdk/MobFoxView.java
com/localytics/android/v.java
com/searchboxsdk/android/b/d.java
Get wifi details
       com/postcallmanager/android/d/h.java
com/searchboxsdk/android/util/k.java
com/localytics/android/C0013b.java
com/startapp/android/eula/b/i.java
Http connection
       com/startapp/android/publish/d/d.java
com/searchboxsdk/android/util/i.java
com/localytics/android/C.java
net/mz/callflakessdk/core/CFFunctions.java
com/startapp/android/publish/d/h.java
com/postcallmanager/android/d/f.java
com/mobfox/sdk/MobFoxView.java
com/startapp/android/eula/b/f.java
Http requests, connections and sessions
       net/mz/callflakessdk/core/CFFunctions.java
Inter process communication
       com/FourInRow/Stricker_Selection_12.java
net/mz/callflakessdk/core/PostCallManager.java
net/mz/callflakessdk/core/ActivityAdBannerURL.java
com/startapp/android/publish/AppWallDelegateActivity.java
com/startapp/android/publish/list3d/List3DActivity.java
com/startapp/android/publish/banner/banner3d/Banner3D.java
com/searchboxsdk/android/c/a/e.java
com/startapp/android/publish/d.java
com/FourInRow/Play_Ground_12.java
com/startapp/android/eula/a.java
com/searchboxsdk/android/c/a/c.java
com/startapp/android/publish/b.java
com/startapp/android/publish/HtmlAd.java
com/FourInRow/Stricker_Selection_1.java
com/FourInRow/Play_Ground_22.java
net/mz/callflakessdk/core/ActivityAds.java
com/startapp/android/publish/list3d/c.java
com/startapp/android/publish/d/k.java
com/FourInRow/Game_Selection.java
com/FourInRow/FourInRow.java
com/searchboxsdk/android/c/a/b.java
net/mz/callflakessdk/core/ReceiverPackageAdded.java
com/FourInRow/Play_Ground_11.java
com/startapp/android/publish/banner/bannerstandard/BannerStandard.java
com/startapp/android/eula/EULAActivity.java
com/searchboxsdk/android/c/a/d.java
com/FourInRow/Player_Selection.java
net/mz/callflakessdk/core/ReceiverPackageRemoved.java
com/startapp/android/publish/StartAppAd.java
com/FourInRow/Stricker_Selection_2.java
net/mz/callflakessdk/core/ReceiverCall.java
net/mz/callflakessdk/core/CFFunctions.java
com/startapp/android/publish/AppWallActivity.java
com/startapp/android/publish/list3d/g.java
com/mobfox/sdk/InAppWebView.java
com/searchboxsdk/android/c/c.java
com/startapp/android/publish/a/a.java
net/mz/callflakessdk/core/ActivityCallTerminate.java
net/mz/callflakessdk/libcfint/CFLib.java
com/searchboxsdk/android/util/g.java
com/FourInRow/Play_Ground_21.java
com/mobfox/sdk/MobFoxView.java
com/startapp/android/eula/EULAManager.java
net/mz/callflakessdk/core/ServiceBannerCaching.java
Java reflection
       com/startapp/android/eula/EULAManager.java
com/localytics/android/E.java
Local file i/o operations
       com/postcallmanager/android/d/h.java
net/mz/callflakessdk/core/PostCallManager.java
com/searchboxsdk/android/util/k.java
com/startapp/android/eula/EULAActivity.java
com/startapp/android/publish/model/MetaDataStyle.java
com/startapp/android/publish/d/a.java
com/postcallmanager/android/d/a.java
com/startapp/android/eula/a.java
com/startapp/android/eula/b/i.java
com/startapp/android/publish/banner/BannerOptions.java
com/startapp/android/publish/model/MetaData.java
com/startapp/android/eula/b/c.java
com/startapp/android/publish/d/e.java
com/searchboxsdk/android/util/g.java
com/searchboxsdk/android/util/d.java
com/startapp/android/eula/EULAManager.java
net/mz/callflakessdk/core/ServiceBannerCaching.java
com/postcallmanager/android/d/c.java
Message digest
       com/searchboxsdk/android/util/f.java
com/postcallmanager/android/d/d.java
com/localytics/android/C0013b.java
com/startapp/android/eula/b/e.java
Query database of sms, contacts etc
       com/searchboxsdk/android/c/a/b.java
Sending broadcast
       com/startapp/android/eula/EULAActivity.java
com/startapp/android/publish/StartAppAd.java
com/startapp/android/publish/list3d/List3DActivity.java
net/mz/callflakessdk/core/ReceiverCall.java
com/startapp/android/publish/AppWallActivity.java
com/startapp/android/publish/list3d/c.java
com/searchboxsdk/android/util/g.java
com/startapp/android/publish/d.java
com/startapp/android/eula/a.java
Starting activity
       com/FourInRow/Stricker_Selection_12.java
net/mz/callflakessdk/core/PostCallManager.java
net/mz/callflakessdk/core/ActivityAdBannerURL.java
com/startapp/android/publish/AppWallDelegateActivity.java
com/startapp/android/publish/list3d/List3DActivity.java
com/startapp/android/publish/banner/banner3d/Banner3D.java
com/startapp/android/publish/d.java
com/FourInRow/Play_Ground_12.java
com/startapp/android/publish/b.java
com/startapp/android/publish/HtmlAd.java
com/FourInRow/Stricker_Selection_1.java
com/FourInRow/Play_Ground_22.java
net/mz/callflakessdk/core/ActivityAds.java
com/startapp/android/publish/d/k.java
com/FourInRow/Game_Selection.java
com/FourInRow/FourInRow.java
com/FourInRow/Play_Ground_11.java
com/startapp/android/publish/banner/bannerstandard/BannerStandard.java
com/FourInRow/Player_Selection.java
com/FourInRow/Stricker_Selection_2.java
net/mz/callflakessdk/core/ReceiverCall.java
net/mz/callflakessdk/core/CFFunctions.java
com/startapp/android/publish/AppWallActivity.java
com/startapp/android/publish/list3d/g.java
com/searchboxsdk/android/c/c.java
com/startapp/android/publish/a/a.java
net/mz/callflakessdk/core/ActivityCallTerminate.java
net/mz/callflakessdk/libcfint/CFLib.java
com/FourInRow/Play_Ground_21.java
com/mobfox/sdk/MobFoxView.java
com/startapp/android/eula/EULAManager.java
Starting service
       net/mz/callflakessdk/core/ReceiverCall.java
Webview get request
       com/startapp/android/publish/banner/bannerstandard/BannerStandard.java
com/startapp/android/publish/AppWallActivity.java
net/mz/callflakessdk/core/ActivityCallTerminate.java
com/mobfox/sdk/MobFoxView.java
Webview javascript interface
       com/startapp/android/eula/EULAActivity.java
com/startapp/android/publish/AppWallActivity.java
com/startapp/android/publish/d.java

Control flow graphs analysis

Information computed by Pithus.

The application probably lists running applications

The application probably gets network interfaces addresses (IP and/or MAC)

The application probably lists all installed applications

The application probably starts another application