Malicious
10
/64
Threat
Analyzed on 2021-10-12T06:32:03.568347
MD5 | 04653b92edd4ef9cec3b1483d3044790 | |
SHA1 | 5812b8644facab92f3973e47b23b4c21fa8c3b0c | |
SHA256 | 2f4ed9fe43efdbf7acbba893d5b69bdf400805e13d6a1e50e14e194ec41778c4 | |
Size | 6.67MB |
Information computed with APKiD.
/tmp/tmpix9wmcye | |
packer |
|
/tmp/tmpix9wmcye!assets/gdt_plugin/gdtadv2.jar!classes.dex | |
anti_vm |
|
compiler |
|
/tmp/tmpix9wmcye!classes.dex | |
obfuscator |
|
compiler |
|
Information computed with ssdeep.
APK file | 98304:IwdvdbCKRmmWXxSCz+hjusak+gb/2Ovf1XymRJjqDzpfKKxz4Nsu2:IwaKZWmhSk8mRJ2DzpfKKaq | |
Manifest | 192:cvq1Sf+Ng9ywOWg5E9CcllvF9QrjWmIUVeDvMsRbB/TCAwa4T39XaJpoIdHW:x1Sy… | |
classes.dex | 49152:6mfqmP0Bk9ekHXkFK3Vh5D6jF95AQqlwzKEd3:6mfnGk9tHXkIXaFVGG3 |
Information computed with Dexofuzzy.
APK file | 6:iLxh5PJ7KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCl:gv… | |
classes.dex | 6:iLxh5PJ7KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCl:gv… |
Information computed with AndroGuard and Pithus.
Information computed with AndroGuard.
Information computed with MobSF.
Findings | Files |
---|---|
Certificate/Key files hardcoded inside the app. |
assets/.appkey |
Information computed with MobSF.
Low | App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config] The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app. |
Medium | Application Data can be Backed up[android:allowBackup=true] This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device. |
High | Broadcast Receiver (com.network.base.NetworkReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. |
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Certificate valid not before | May 12, 2020, 6:05 a.m. |
Latest file found in APK | May 26, 2020, 9:32 a.m. |
First submission on VT | June 10, 2020, 8:17 p.m. |
Last submission on VT | Oct. 26, 2020, 1:07 p.m. |
Upload on Pithus | Oct. 12, 2021, 6:32 a.m. |
Certificate valid not after | May 6, 2045, 6:05 a.m. |
Information computed by Pithus.
Score | 10/64 |
Report | https://www.virustotal.com/gui/file/2f4ed9fe43efdbf7acbba893d5b69bdf400805e13d6a1e50e14e194ec41778c4/detection |
Provided by VirusTotal
Threat name: jiagu | Identified 3 times |
Information computed with MobSF.
FCS_STO_EXT.1.1 | The application does not store any credentials to non-volatile memory. Storage of Credentials |
FCS_CKM_EXT.1.1 | The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services |
FDP_DEC_EXT.1.1 | The application has access to ['network connectivity']. Access to Platform Resources |
FDP_DEC_EXT.1.2 | The application has access to no sensitive information repositories. Access to Platform Resources |
FDP_NET_EXT.1.1 | The application has user/application initiated network communications. Network Communications |
FDP_DAR_EXT.1.1 | The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data |
FTP_DIT_EXT.1.1 | The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit |
Information computed with MobSF.
High | Base config is insecurely configured to permit clear text traffic to all domains. Scope: ['*'] |
Information computed with MobSF.
Information computed with Quark-Engine.
Confidence:
|
Read file from assets directory |
Confidence:
|
Method reflection |
Confidence:
|
Read data and put it into a buffer stream |
Confidence:
|
Read file and put it into a stream |
Confidence:
|
Open a file from given absolute path of the file |
Confidence:
|
Get absolute path of the file and store in string |
Information computed with MobSF.
Information computed by Pithus.