0/55

Threat

com.satya.antar

Antar

Analyzed on 2022-08-28T01:26:09.641940

10

permissions

9

activities

11

services

11

receivers

18

domains

File sums

MD5 809bd65a4e08a042190b5e7f7ecb5b34
SHA1 71caf45da929b2857202c263453b0b74984b623f
SHA256 1ee6853adfa718c3c577094f6c8dd0229fb25d07831a7a04a1c0f4d2cb57fe5c
Size 6.35MB

APKiD

Information computed with APKiD.

/tmp/tmpa_nge8t_!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • device ID check
  • possible VM check
anti_debug
  • Debug.isDebuggerConnected() check
compiler
  • r8 without marker (suspicious)
/tmp/tmpa_nge8t_!classes2.dex
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 98304:ZvrUVmUSh8s+MBTvoouvxG/Ao6Oww4CCucVAMPgDHAiOeE8oqt9zare7g/MEOsJ9:tUVM+QQ66r7BuxABqt9Rg/+m
Manifest 384:Vjo+4RxcKE6Xb7SbA+ITmRzetyOQTJ/QhZjdXNXmO/a4FAFP4z+TtrTFu0HQqxR9:…
classes.dex 98304:ILRz4mmWLKKonaoYzmAwjZ5gRHyB6Myq6tQxU5:IL+XB4a5gROd6tQxA
classes2.dex 6144:GuwD8alfVsuIOSpcoh9e6IJDLnd1xaT1tosY82fOWmxE:+DXtsNOXovIdCnwYO

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:3QC0u5SyolsoZ7WjhCW0wBQSzonhH80RDfzzUswp4v5+nYMiNVbeCdbc2qA:ACOW…
classes.dex 6144:3QC0u5SyolsoZ7WjhCW0wBQSzonhH80RDfzzUswp4v5+nYMiNVbeq:ACOWjhOwBZ…
classes2.dex 768:GmYRj6y48l8oPSNRbb6F3P3PF/F/33b9r8d7bFuAbc29rpazvir3B0e:GmYRj6y48…

APK details

Information computed with AndroGuard and Pithus.

Package com.satya.antar
App name Antar
Version name 1.0.39
Version code 64
SDK 23 - 30
UAID 8f9df969acd05c952f017567064ca2d48a165b79
Signature Signature V1 Signature V2 Signature V3
Frosting Frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x6dff800d: Source stamp V2 X509 cert
  • 0x2146444e: Google metadata
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 97c8725453082ba1614761dfeb392864
SHA1 1bcf4cc57314a558b8d24b69bb4042038fd24ce2
SHA256 2ef428713a5730d1e2b62189d5bc3cb23eac43ae85a8cf408372cc0e3547d19d
Issuer Common Name: Android, Organizational Unit: Android, Organization: Google Inc., Locality: Mountain View, State/Province: California, Country: US
Not before 2020-07-16T23:20:57+00:00
Not after 2050-07-16T23:20:57+00:00

Manifest analysis

Information computed with MobSF.

High Activity (androidx.compose.ui.tooling.PreviewActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Main Activity

Information computed with AndroGuard.

com.satya.antar.ui.onboarding.SplashActivity

Activities

Information computed with AndroGuard.

com.satya.antar.ui.onboarding.OnboardingActivity
com.satya.antar.ui.onboarding.SplashActivity
com.satya.antar.ui.topic.TopicListActivity
com.github.dhaval2404.imagepicker.ImagePickerActivity
com.yalantis.ucrop.UCropActivity
com.google.android.gms.common.api.GoogleApiActivity
androidx.compose.ui.tooling.PreviewActivity
com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity
com.google.android.play.core.common.PlayCoreDialogWrapperActivity

Receivers

Information computed with AndroGuard.

com.google.android.gms.measurement.AppMeasurementReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
androidx.profileinstaller.ProfileInstallReceiver

Services

Information computed with AndroGuard.

com.google.firebase.components.ComponentDiscoveryService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.play.core.assetpacks.AssetPackExtractionService
com.google.android.play.core.assetpacks.ExtractionForegroundService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

Sample timeline

Oldest file found in APK Jan. 1, 1981, 1:01 a.m.
Latest file found in APK Jan. 1, 1981, 1:01 a.m.
Certificate valid not before July 16, 2020, 11:20 p.m.
First submission on VT June 5, 2022, 5:54 a.m.
Last submission on VT June 19, 2022, 4:46 a.m.
Upload on Pithus Aug. 28, 2022, 1:26 a.m.
Certificate valid not after July 16, 2050, 11:20 p.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['microphone', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_COP.1.1(1) The application perform encryption/decryption in accordance with a specified cryptographic algorithm AES-CBC (as defined in NIST SP 800-38A) mode or AES-GCM (as defined in NIST SP 800-38D) and cryptographic key sizes 256-bit/128-bit.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 a8/r.java
e2/d0.java
b9/l.java
z7/j.java
a8/u.java
b9/b.java
z7/h.java
a8/w.java
b9/j7.java
a8/t.java
a8/m.java
b9/z2.java
a8/p.java
b9/k.java
o4/a.java
a8/v.java
y7/a.java
a8/s.java
y5/n.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 l4/b.java
p8/a.java
y2/i.java
mb/f.java
qb/e.java
rb/b.java
m8/s0.java
j3/i.java
a9/a.java
m8/u.java
d6/d.java
k6/e.java
j8/c0.java
a4/k.java
x8/g1.java
k6/r.java
t8/b.java
t6/k.java
com/bumptech/glide/load/data/b.java
g/a.java
g9/g.java
x8/q4.java
ud/d.java
ed/h.java
b9/r1.java
b9/g3.java
k6/c.java
kb/c.java
w3/c.java
r6/h.java
com/github/dhaval2404/imagepicker/ImagePickerActivity.java
l7/c.java
lb/v.java
j8/j.java
t6/o.java
lb/x.java
u2/a.java
g8/b.java
c4/c.java
l8/d.java
dc/a.java
lb/a0.java
n6/k.java
x8/p4.java
ca/d.java
sb/c.java
x6/h.java
g6/s.java
m8/h0.java
y5/s.java
j8/l.java
q3/c.java
y5/d.java
n4/c.java
com/bumptech/glide/h.java
l8/t.java
j8/f.java
mb/b.java
o4/b.java
sc/d.java
n3/b.java
n6/m.java
vb/g.java
a3/g.java
w6/i.java
lb/f0.java
m8/e.java
m8/a1.java
y2/d.java
aa/a.java
b3/d.java
y5/n.java
m8/o0.java
j8/x.java
f6/a.java
b9/b.java
h6/j.java
lb/e.java
b3/e.java
ib/c.java
a3/i.java
k/g.java
g6/n.java
j3/w.java
j3/f0.java
r3/d.java
f/q.java
x8/m4.java
f/e.java
l8/v.java
y9/e.java
ib/d.java
d4/a.java
lb/w.java
g6/i.java
m8/x.java
o1/a.java
b9/q7.java
lb/k.java
hb/b.java
ud/b.java
j8/e.java
fa/f.java
c4/d.java
b7/a.java
u4/b.java
b9/e0.java
pb/a.java
n6/r.java
y5/b.java
da/a.java
f4/e.java
lb/d0.java
q8/h.java
t2/d.java
com/bumptech/glide/load/data/l.java
f3/i.java
x8/h4.java
d2/p.java
y2/h.java
gc/b.java
e4/m.java
w5/b.java
t6/l.java
a4/a.java
qb/d.java
b3/h.java
x8/n4.java
com/yalantis/ucrop/UCropActivity.java
ce/c.java
lb/j.java
r2/e.java
de/blox/graphview/GraphView.java
u7/l.java
lb/l.java
com/satya/antar/AntarApp.java
q4/a.java
com/bumptech/glide/load/data/j.java
of/c.java
u2/b.java
uc/b.java
i4/y.java
n6/b0.java
y5/g.java
y5/p.java
ud/c.java
n6/z.java
s4/b.java
l3/d.java
f/g.java
j8/i.java
w3/d.java
b3/f.java
cc/h.java
b3/l.java
com/bumptech/glide/b.java
f/p.java
lb/o.java
i6/e.java
wf/d.java
x8/r4.java
ae/b.java
r6/a.java
f/t.java
he/c.java
lb/z.java
h6/i.java
n6/n.java
ae/a.java
wa/d.java
j3/y.java
l0/f2.java
g6/l.java
m8/z0.java
ib/b.java
zc/g.java
vf/h.java
lb/n.java
f/h.java
j3/b.java
u3/b.java
lb/i0.java
j6/a.java
y0/e.java
y2/e.java
lb/m.java
e2/q.java
l8/h0.java
b9/k1.java
w4/j.java
sb/d.java
t6/q.java
g6/b0.java
u2/d.java
x8/l0.java
q5/e.java
x8/w1.java
m3/h.java
i4/n.java
com/bumptech/glide/i.java
b9/x7.java
r7/d.java
m8/b.java
y5/r.java
m6/a.java
p2/d.java
b3/g.java
y5/q.java
gb/i.java
d5/g.java
b9/k0.java
r7/c.java
mb/d.java
b9/l0.java
n6/c.java
vc/c.java
g8/a.java
j3/a.java
l8/f0.java
i4/u.java
f3/d.java
be/c.java
z7/i.java
b9/j7.java
jb/c.java
x8/n0.java
j8/t.java
i6/j.java
d6/e.java
n6/i.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 yb/b.java
yc/i.java
za/a.java
ye/a.java
yc/j.java
j$/util/concurrent/ThreadLocalRandom.java
b9/q7.java
ye/b.java
ze/a.java
g4/g.java
ic/j.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 g6/r.java
l0/z0.java
Low
CVSS:3.9
App can write to App Directory. Sensitive Information should be encrypted.
MASVS: MSTG-STORAGE-14
CWE-276 Incorrect Default Permissions
Files:
 g7/a.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 o1/a.java
oa/q.java
lb/e.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 u3/b.java
uc/c.java
i4/y.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 z2/b.java
la/f1.java
b9/j1.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 vf/g.java
vf/c.java
vf/d.java
vf/h.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 cc/h.java
uc/b.java
lb/e.java
High
CVSS:7.4
Insecure Implementation of SSL. Trusting all the certificates or accepting self signed certificates is a critical Security Hole. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 ic/e.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 b9/q7.java
Pygal United States: 1600

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US www.antar.chat 151.101.65.195
US issuetracker.google.com 142.250.186.46
US api2.amplitude.com 52.42.203.157
US github.com 140.82.121.3
US goo.gl 142.250.185.206
US google.com 142.250.185.78
US app-measurement.com 142.250.185.78
schemas.android.com
US antar-4c474.firebaseio.com 34.120.160.131
US developer.android.com 142.250.186.46
US goo.gle 67.199.248.13
US www.googleadservices.com 142.250.186.34
ns.adobe.com
US pagead2.googlesyndication.com 172.217.16.194
US firebase.google.com 142.250.185.238
US www.google.com 142.250.185.228
US console.firebase.google.com 142.250.184.238
US plus.google.com 142.250.185.174

URL analysis

Information computed with MobSF.

https://goo.gl/J1sWQy
Defined in x8/w1.java
https://app-measurement.com/a
Defined in x8/t9.java
http://schemas.android.com/apk/res/android
Defined in a3/i.java
www.google.com
https://www.google.com
Defined in b9/n5.java
https://google.com/search?
Defined in b9/j5.java
https://goo.gl/NAOOOI.
https://goo.gl/NAOOOI
Defined in b9/q7.java
https://goo.gl/NAOOOI.
https://goo.gl/NAOOOI
Defined in b9/q7.java
https://app-measurement.com/a
Defined in b9/t2.java
https://www.googleadservices.com/pagead/conversion/app/deeplink?id_type=adid&sdk_version=%s&rdid=%s&bundleid=%s&retry=%s
Defined in b9/d5.java
https://firebase.google.com/support/guides/disable-analytics
Defined in b9/x2.java
http://ns.adobe.com/xap/1.0/
Defined in u3/b.java
https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps
Defined in g8/b.java
https://developer.android.com/reference/com/google/android/play/core/review/model/ReviewErrorCode.html#
Defined in ra/a.java
https://issuetracker.google.com/issues/new?component=413106
Defined in e4/m.java
https://www.antar.chat
Defined in com/satya/antar/ui/settings/PreferencesFragment.java
https://firebase.google.com/docs/database/ios/structure-data#best_practices_for_data_structure
https://firebase.google.com/docs/database/android/retrieve-data#filtering_data
https://github.com/firebase/firebase-android-sdk
Defined in vb/e.java
https://firebase.google.com/docs/database/ios/structure-data#best_practices_for_data_structure
https://firebase.google.com/docs/database/android/retrieve-data#filtering_data
https://github.com/firebase/firebase-android-sdk
Defined in vb/e.java
https://firebase.google.com/docs/database/ios/structure-data#best_practices_for_data_structure
https://firebase.google.com/docs/database/android/retrieve-data#filtering_data
https://github.com/firebase/firebase-android-sdk
Defined in vb/e.java
https://api2.amplitude.com/
Defined in y5/g.java
https://goo.gle/compose-feedback
Defined in l0/o.java
https://plus.google.com/
Defined in m8/c1.java
https://firebase.google.com/support/privacy/init-options.
Defined in sc/d.java
https://developer.android.com/reference/com/google/android/play/core/assetpacks/model/AssetPackErrorCode.html#
Defined in la/a.java
https://console.firebase.google.com/.
Defined in xb/l.java
https://antar-4c474.firebaseio.com
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
Low android.permission.USE_BIOMETRIC Allows an app to use device supported biometric modalities.
Low android.permission.USE_FINGERPRINT allow use of fingerprint
This constant was deprecated in API level 28. Applications should request USE_BIOMETRIC instead.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
com.google.android.gms.permission.AD_ID Unknown permission
Unknown permission from android reference
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission
Unknown permission from android reference

Tracking analysis

Information computed with Exodus-core.

Google CrashLytics https://reports.exodus-privacy.eu.org/fr/trackers/27
Google Firebase Analytics https://reports.exodus-privacy.eu.org/fr/trackers/49

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Check if the network is connected
Confidence:
100%
Load external class
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Check the active network type
Confidence:
100%
Connect to a URL and receive input stream from the server
Confidence:
100%
Method reflection
Confidence:
100%
Get the network operator name
Confidence:
100%
Connect to a URL and read data from it
Confidence:
100%
Monitor data identified by a given content URI changes(SMS, MMS, etc.)
Confidence:
100%
Load class from given class name
Confidence:
100%
Retrieve data from broadcast
Confidence:
100%
Get the ISO country code and put it into JSON
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Open a file from given absolute path of the file
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Connect to a URL and get the response code
Confidence:
100%
Send notification
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get absolute path of the file and store in string
Confidence:
100%
Check the current active network type
Confidence:
100%
Create a socket connection to the proxy address
Confidence:
100%
Query The ISO country code
Confidence:
100%
Check the network capabilities
Confidence:
100%
Get last known location of the device
Confidence:
100%
Get calendar information
Confidence:
100%
Query the network operator name
Confidence:
100%
Get location of the device
Confidence:
100%
Create a secure socket connection to the proxy address
Confidence:
100%
Method reflection
Confidence:
100%
Hide the current app's icon
Confidence:
100%
Connect to the remote server through the given URL
Confidence:
100%
Check if the device is in data roaming mode
Confidence:
100%
Read file into a stream and put it into a JSON object
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Read the input stream from given URL
Confidence:
100%
Connect to a URL and set request method
Confidence:
80%
Create a socket connection to the given host address
Confidence:
80%
Read data and put it into a buffer stream
Confidence:
80%
Get location info of the device and put it to JSON object
Confidence:
80%
Save the response to JSON after connecting to the remote server
Confidence:
80%
Create a secure socket connection to the given host address
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get declared method from given method name
Confidence:
80%
Put data in cursor to JSON object
Confidence:
80%
Read file from assets directory
Confidence:
80%
Check if the given file path exist
Confidence:
80%
Load additional DEX files dynamically
Confidence:
80%
Get location and put it into JSON
Confidence:
80%
Create a directory
Confidence:
80%
Get resource file from res/raw directory
Confidence:
80%
Get specific method from other Dex files

Behavior analysis

Information computed with MobSF.

Android notifications
       j8/e.java
Base64 decode
       a8/o.java
e2/d0.java
s5/d.java
o1/a.java
a8/n.java
a3/e.java
uc/b.java
k6/d.java
ob/a.java
Base64 encode
       g3/e.java
cc/h.java
wa/d.java
a8/p.java
sc/j.java
b9/a0.java
uc/b.java
oa/q.java
d5/g.java
t7/p.java
nc/f.java
z7/d.java
Certificate handling
       nf/a.java
wf/l.java
sf/h.java
nf/v.java
vf/d.java
vf/h.java
rf/i.java
Content provider
       z2/b.java
Crypto
       d3/a.java
d3/b.java
Gps location
       y5/g.java
y5/p.java
f/t.java
f/h.java
Get installed applications
       m3/g.java
b9/r5.java
Get sim provider details
       r7/d.java
Get system service
       lb/o.java
y2/f.java
lb/l.java
t6/o.java
z7/n.java
lb/x.java
q3/a.java
r7/d.java
y0/a.java
x6/h.java
g5/l.java
z4/a.java
z2/a.java
e2/m.java
j8/e.java
z7/d.java
o2/t.java
f/h.java
b9/l3.java
n3/c.java
ce/c.java
y5/p.java
f3/j.java
x4/j.java
b9/c7.java
i4/u.java
j8/i.java
b9/d5.java
a5/b.java
y9/r.java
b9/j7.java
g5/h.java
f4/a.java
ia/p.java
d5/e.java
i6/j.java
la/s.java
k/c.java
q8/h.java
j3/w.java
la/v0.java
d3/b.java
Http connection
       vc/c.java
com/bumptech/glide/load/data/j.java
t5/b.java
b9/r5.java
g8/b.java
sc/d.java
r7/c.java
Https connection
       pb/a.java
ic/e.java
Inter process communication
       m8/e1.java
m8/v.java
p8/a.java
p7/a.java
e2/l.java
o8/d.java
l8/y.java
y2/i.java
d5/c.java
oa/l.java
l7/b.java
d9/c.java
l8/x0.java
m8/s0.java
l/a.java
com/satya/antar/ui/onboarding/SplashActivity.java
ra/c.java
d/b.java
la/t.java
y2/h.java
w8/b.java
l7/a.java
a/b.java
s8/c.java
a4/a.java
e2/m.java
oa/e0.java
j8/c0.java
a4/k.java
ra/d.java
oa/y.java
com/yalantis/ucrop/UCropActivity.java
m8/w.java
w8/a.java
a/a.java
com/satya/antar/ui/settings/PreferencesFragment.java
m8/e0.java
d9/b.java
oa/k.java
d5/e.java
d/c.java
s8/a.java
l/c.java
com/github/dhaval2404/imagepicker/ImagePickerActivity.java
x4/c.java
d5/b.java
x8/e0.java
t6/o.java
lb/x.java
l8/d.java
d5/f.java
ld/q.java
l7/d.java
ra/f.java
y2/k.java
b9/r5.java
x8/p0.java
l/e.java
la/q.java
m8/h0.java
com/satya/antar/ui/onboarding/OnboardingActivity.java
com/satya/antar/ui/message/ChatFragment.java
s8/b.java
i4/j.java
b9/v3.java
d7/a.java
e8/a.java
j8/f.java
t8/g.java
b9/b3.java
b9/o6.java
oa/o.java
m8/g0.java
x8/q0.java
m8/i0.java
l8/q0.java
t8/f.java
j8/y.java
ra/h.java
u8/c.java
m8/f0.java
m8/e.java
ae/a.java
y2/d.java
wa/d.java
m8/z0.java
b9/e2.java
z4/a.java
z2/a.java
l8/h.java
j8/b.java
f/h.java
k8/l.java
com/satya/antar/ui/topic/SessionsFragment.java
m8/o0.java
l7/f.java
la/n0.java
j8/x.java
m8/f1.java
la/e1.java
y2/m.java
j8/a.java
b9/n3.java
x8/f0.java
b9/n6.java
n8/b.java
j8/m.java
b9/t6.java
u8/a.java
x8/v0.java
u2/d.java
x8/y0.java
i7/b.java
f/e.java
o8/a.java
j8/d0.java
m8/b.java
qa/b.java
a4/o.java
oa/n.java
x8/s0.java
d5/a.java
m8/r0.java
m3/g.java
m8/x0.java
m8/h.java
l7/e.java
qa/c.java
b6/a.java
j8/e.java
c4/d.java
x8/h0.java
r7/c.java
l8/f.java
d/a.java
g8/a.java
d9/g.java
b9/s6.java
oa/d.java
oa/d0.java
l8/f0.java
b9/c7.java
d9/a.java
b9/u2.java
m8/j0.java
v8/a.java
oa/a.java
d/d.java
b9/j7.java
z7/l.java
j8/z.java
f4/e.java
b9/n5.java
m8/q0.java
b9/c1.java
Java reflection
       lb/o.java
j$/time/zone/e.java
p4/a.java
x8/w8.java
vf/g.java
b9/z.java
x8/m7.java
vf/b.java
j$/util/DesugarCollections.java
y2/d.java
wa/d.java
j3/y.java
a4/x.java
vf/h.java
f/h.java
b3/h.java
a4/e.java
t4/b.java
pe/a.java
ff/x0.java
w4/s.java
y2/e.java
f/o.java
b3/e.java
a4/b0.java
k/g.java
x8/w7.java
q5/k.java
j$/util/concurrent/v.java
c1/o.java
x8/t7.java
x8/l0.java
vf/c.java
l/c.java
j3/w.java
x8/i6.java
re/a.java
b9/f.java
j3/f0.java
u7/l.java
kf/c.java
f/q.java
u2/a.java
dc/a.java
qe/b.java
q4/a.java
vf/d.java
pe/f.java
vf/e.java
m3/g.java
x8/o6.java
wf/h.java
b3/g.java
x8/d8.java
j3/e.java
b9/o5.java
b9/l0.java
x8/s7.java
s8/b.java
x8/d6.java
x8/t8.java
a3/h.java
x4/m.java
u6/e.java
y5/p.java
t3/b.java
i4/u.java
x8/i7.java
b9/j7.java
b3/f.java
g5/h.java
se/a.java
f4/e.java
ve/z.java
t4/a.java
qe/a.java
com/bumptech/glide/b.java
s9/a.java
com/jem/liquidswipe/LiquidSwipeViewPager.java
a4/f.java
wf/f.java
b3/i.java
kf/s.java
Load and manipulate dex files
       t8/c.java
Local file i/o operations
       com/satya/antar/ui/home/HomeFragment.java
yc/j.java
com/satya/antar/utilities/SeedDatabaseWorker.java
com/satya/antar/ui/letitgo/LetItGoFragment.java
od/n.java
com/satya/antar/utilities/FetchSamplesDatabaseWorker.java
com/satya/antar/ui/home/PersonaManagerFragment.java
b9/r3.java
com/satya/antar/ui/topic/VisualizationFragment.java
sb/c.java
com/satya/antar/ui/onboarding/SplashActivity.java
b9/c3.java
b9/r5.java
b9/p3.java
wc/a.java
rd/f.java
uc/b.java
i4/y.java
b9/o5.java
com/satya/antar/ui/onboarding/OnboardingActivity.java
com/satya/antar/ui/message/ChatFragment.java
g7/a.java
b9/q3.java
com/satya/antar/ui/topic/k.java
b9/s3.java
qc/j.java
l8/f0.java
d7/a.java
b9/j1.java
com/satya/antar/ui/settings/PreferencesFragment.java
lb/e.java
b9/o3.java
z2/b.java
b9/o6.java
i8/a.java
g6/n.java
b3/l.java
f/p.java
b9/t3.java
vd/p.java
l7/c.java
Message digest
       i6/k.java
e6/f.java
g6/q.java
m6/b.java
n6/j.java
g6/e.java
b9/l7.java
r6/d.java
q8/a.java
oa/q.java
n6/h.java
g6/y.java
b9/q7.java
b9/a0.java
uc/b.java
n6/q.java
zf/h.java
n6/b0.java
b9/q6.java
z6/a.java
z5/a.java
j8/x.java
e6/g.java
n6/o.java
k6/f.java
lb/e.java
e6/h.java
zf/v.java
cc/h.java
b9/o6.java
z6/b.java
n6/i.java
Query database of sms, contacts etc
       f6/a.java
b9/j1.java
Sending broadcast
       b9/r5.java
Starting activity
       l8/f.java
m8/v.java
l8/q0.java
i7/b.java
m8/w.java
l7/b.java
d7/a.java
z7/l.java
com/satya/antar/ui/onboarding/SplashActivity.java
ra/f.java
z2/a.java
a4/a.java
com/satya/antar/ui/onboarding/OnboardingActivity.java
com/github/dhaval2404/imagepicker/ImagePickerActivity.java
Starting service
       oa/h.java
p8/a.java
com/satya/antar/ui/onboarding/SplashActivity.java
i4/n.java
g5/n.java
oa/d0.java
rd/f.java
oa/i.java
x4/c.java
Tcp socket
       xf/a.java
nf/a.java
zf/x.java
b9/b1.java
uf/f.java
sf/h.java
nf/v.java
ic/i.java
com/airbnb/lottie/LottieAnimationView.java
rf/e.java
rf/j.java
vf/b.java
rf/d.java
of/c.java
uf/o.java
tf/b.java
vf/h.java
rf/i.java
ic/e.java
Url connection to file/http/https/ftp/jar
       vc/c.java
b9/r5.java

Control flow graphs analysis

Information computed by Pithus.

The application probably gets different information regarding the telephony capabilities

The application probably gets the location based on GPS and/or Wi-Fi

The application probably gets the network connections information

The application probably uses cryptography

The application probably uses reflection

The application probably uses the phone sensors

The application probably plays sound

The application probably makes OS calls

The application probably records media (audio and/or video

The application probably gets memory and CPU information

The application probably listens accessibility events