Moderate Risk

Threat level

net.iz2uuf.cwkoch

IZ2UUF Morse Koch CW

Analyzed on 2021-10-18T07:49:36.608492

6

permissions

16

activities

0

services

1

receivers

2

domains

File sums

MD5 eeee6d432ef3b9192ee1210881e46f20
SHA1 b7003edbf5aedcdb37c76a8b4e5583e4ab568b4b
SHA256 06dba9d97e9d70857ed372a0e8c63131100f1e5c003627346a83e413df3f3cd7
Size 4.31MB

APKiD

Information computed with APKiD.

/tmp/tmpdlyo_6_y!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 98304:nUi96ncUoKo09VNL9ve1YK4x4bYQ6G9I+pjQ:n594roKf9hFK4x7Q6G9ta
Manifest 192:IdJ6QgSrNgVtywOjrD/i8/R0qTMgZ64QARQa0G:IdJ6QgS5gVtywOjrbLi4Mg6lAG…
classes.dex 24576:QqLuGtuO5aCnhKNsRFGNGZikRTiFk/kkRAL6zXucX2J2e6e29NZ7YPty449yLXo…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 768:O0PMQy3SGTH4XToeKvtwEv6X5EzfryRNS+nEuDV5W0Wlh6dQKfDJZH:O0hy314H06…
classes.dex 768:O0PMQy3SGTH4XToeKvtwEv6X5EzfryRNS+nEuDV5W0Wlh6dQKfDJZH:O0hy314H06…

APK details

Information computed with AndroGuard and Pithus.

Package net.iz2uuf.cwkoch
App name IZ2UUF Morse Koch CW
Version name 2.0.24345
Version code 20024345
SDK 16 - 27
UAID 38a745a7dfec8045ad96361817b89976a3da00e8
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Activity (net.iz2uuf.cwkoch.LoadCustomTextActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (net.iz2uuf.cwkoch.PhoneStateDetector) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.

Main Activity

Information computed with AndroGuard.

net.iz2uuf.cwkoch.WelcomeActivty

Activities

Information computed with AndroGuard.

net.iz2uuf.cwkoch.WelcomeActivty
net.iz2uuf.cwkoch.InfoActivity
net.iz2uuf.cwkoch.MasterActivity
net.iz2uuf.cwkoch.CwPreferencesActivity
net.iz2uuf.cwkoch.HelpActivity
net.iz2uuf.cwkoch.SelectKochLevelActivty
net.iz2uuf.cwkoch.LoadCustomTextActivity
net.iz2uuf.cwkoch.ChooseExerciseActivity
net.iz2uuf.cwkoch.DownloadTextActivity
net.iz2uuf.cwkoch.SelectFileActivity
net.iz2uuf.cwkoch.AudioReadbackActivity
net.iz2uuf.cwkoch.TypeBackActivity
net.iz2uuf.cwkoch.PurchaseProActivity
net.iz2uuf.cwkoch.TypeBackCheckActivity
com.rohitss.uceh.UCEDefaultActivity
com.android.billingclient.api.ProxyBillingActivity

Receivers

Information computed with AndroGuard.

net.iz2uuf.cwkoch.PhoneStateDetector

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 a/b/e/a/a/d.java
net/iz2uuf/cwkoch/U.java
a/b/e/b/f.java
a/b/d/a/k.java
a/b/e/h/z.java
net/iz2uuf/cwkoch/CwApplication.java
net/iz2uuf/cwkoch/C0172b.java
net/iz2uuf/cwkoch/C0175c.java
net/iz2uuf/cwkoch/qb.java
com/rohitss/uceh/l.java
a/b/e/b/e.java
a/b/e/h/AbstractC0024g.java
b/a/a/a/a.java
a/b/e/h/x.java
a/b/e/h/k.java
d/h.java
com/rohitss/uceh/n.java
net/iz2uuf/cwkoch/sb.java
a/b/e/b/a/f.java
a/b/e/b/j.java
a/b/e/b/b.java
a/b/e/g/g.java
a/b/f/b/a/b.java
net/iz2uuf/cwkoch/RunnableC0189ha.java
soundLib/E.java
a/b/e/b/a/a.java
a/b/e/h/i.java
a/b/f/e/g.java
com/rohitss/uceh/UCEDefaultActivity.java
net/iz2uuf/cwkoch/C0210sa.java
net/iz2uuf/cwkoch/SelectFileActivity.java
net/iz2uuf/cwkoch/rb.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 soundLib/u.java
soundLib/C0225a.java
net/iz2uuf/cwkoch/CwApplication.java
soundLib/N.java
c/s.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 net/iz2uuf/cwkoch/C0188h.java
net/iz2uuf/cwkoch/RunnableC0208ra.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 net/iz2uuf/cwkoch/sb.java
com/rohitss/uceh/UCEDefaultActivity.java
net/iz2uuf/cwkoch/SelectFileActivity.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 net/iz2uuf/cwkoch/ub.java
com/rohitss/uceh/UCEDefaultActivity.java
Pygal Germany: 100

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

DE www.iz2uuf.net 213.136.77.180
schemas.android.com

URL analysis

Information computed with MobSF.

http://10.0.2.2/cw/cwx.php
https://www.iz2uuf.net/cw/cwx.php
Defined in net/iz2uuf/cwkoch/C0188h.java
https://www.iz2uuf.net/cw
Defined in net/iz2uuf/cwkoch/Ab.java
http://10.0.2.2/cw/cwinapp.php
https://www.iz2uuf.net/cw/cwinapp.php
Defined in net/iz2uuf/cwkoch/RunnableC0208ra.java
https://www.iz2uuf.net/cw
Defined in net/iz2uuf/cwkoch/HelpActivity.java
https://www.iz2uuf.net/cw/pro.php
Defined in net/iz2uuf/cwkoch/RunnableC0177cb.java
http://schemas.android.com/apk/res/android
Defined in a/b/e/a/a/e.java
https://www.iz2uuf.net/cw/conditions.php
www.iz2uuf.net/cw/conditions.php
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
com.android.vending.BILLING Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Connect to a URL and receive input stream from the server
Confidence:
100%
Method reflection
Confidence:
100%
Load class from given class name
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Open a file from given absolute path of the file
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get last known location of the device
Confidence:
100%
Get location of the device
Confidence:
100%
Method reflection
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Connect to a URL and set request method
Confidence:
80%
Load external class
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get absolute path of the file and store in string
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Base64 decode
       a/b/e/a/a/a.java
Base64 encode
       a/b/e/f/a.java
Get system service
       a/b/e/h/v.java
net/iz2uuf/cwkoch/DownloadTextActivity.java
net/iz2uuf/cwkoch/ChooseExerciseActivity.java
net/iz2uuf/cwkoch/ub.java
a/b/f/e/d.java
com/rohitss/uceh/UCEDefaultActivity.java
net/iz2uuf/cwkoch/ib.java
net/iz2uuf/cwkoch/PhoneStateDetector.java
Http connection
       d/h.java
Inter process communication
       net/iz2uuf/cwkoch/MasterActivity.java
b/a/b/a/a.java
net/iz2uuf/cwkoch/CwApplication.java
a/b/e/e/b.java
net/iz2uuf/cwkoch/RunnableC0177cb.java
a/b/e/a/a.java
com/rohitss/uceh/l.java
net/iz2uuf/cwkoch/AudioReadbackActivity.java
b/a/a/a/a.java
net/iz2uuf/cwkoch/CwPreferencesActivity.java
net/iz2uuf/cwkoch/PhoneStateDetector.java
net/iz2uuf/cwkoch/Cb.java
net/iz2uuf/cwkoch/zb.java
net/iz2uuf/cwkoch/TypeBackActivity.java
net/iz2uuf/cwkoch/ChooseExerciseActivity.java
com/rohitss/uceh/k.java
net/iz2uuf/cwkoch/sb.java
net/iz2uuf/cwkoch/WelcomeActivty.java
net/iz2uuf/cwkoch/TypeBackCheckActivity.java
net/iz2uuf/cwkoch/LoadCustomTextActivity.java
net/iz2uuf/cwkoch/DownloadTextActivity.java
net/iz2uuf/cwkoch/InfoActivity.java
com/rohitss/uceh/UCEDefaultActivity.java
net/iz2uuf/cwkoch/SelectFileActivity.java
net/iz2uuf/cwkoch/Ab.java
Java reflection
       a/b/e/h/v.java
a/b/e/b/f.java
a/b/e/b/a/a.java
a/b/e/h/i.java
a/b/f/e/g.java
a/b/e/b/e.java
net/iz2uuf/cwkoch/PreferenceSpinnerInt.java
a/b/e/b/a/f.java
a/b/e/h/x.java
Loading native code (shared library)
       soundLib/Resample.java
Local file i/o operations
       com/rohitss/uceh/n.java
net/iz2uuf/cwkoch/sb.java
net/iz2uuf/cwkoch/CwApplication.java
com/rohitss/uceh/UCEDefaultActivity.java
net/iz2uuf/cwkoch/Q.java
a/b/e/b/j.java
net/iz2uuf/cwkoch/M.java
d/h.java
Set or read clipboard data
       net/iz2uuf/cwkoch/ub.java
com/rohitss/uceh/UCEDefaultActivity.java
Starting activity
       net/iz2uuf/cwkoch/Cb.java
net/iz2uuf/cwkoch/MasterActivity.java
net/iz2uuf/cwkoch/zb.java
net/iz2uuf/cwkoch/TypeBackActivity.java
net/iz2uuf/cwkoch/ChooseExerciseActivity.java
net/iz2uuf/cwkoch/sb.java
net/iz2uuf/cwkoch/CwApplication.java
net/iz2uuf/cwkoch/RunnableC0177cb.java
net/iz2uuf/cwkoch/TypeBackCheckActivity.java
net/iz2uuf/cwkoch/LoadCustomTextActivity.java
com/rohitss/uceh/l.java
net/iz2uuf/cwkoch/DownloadTextActivity.java
net/iz2uuf/cwkoch/AudioReadbackActivity.java
net/iz2uuf/cwkoch/InfoActivity.java
com/rohitss/uceh/UCEDefaultActivity.java
net/iz2uuf/cwkoch/SelectFileActivity.java
net/iz2uuf/cwkoch/Ab.java

Control flow graphs analysis

Information computed by Pithus.

The application probably gets the location based on GPS and/or Wi-Fi

The application probably plays sound

The application probably makes OS calls

The application probably sends data over HTTP/S

The application probably gets memory and CPU information

The application probably creates an accessibility service