Malicious
16
/65

Threat

bulb.soap.casual

Google Chrome

Analyzed on 2021-10-18T03:55:36.360907

22

permissions

46

activities

15

services

3

receivers

6

domains

File sums

MD5 0bbd989f048e51e40af7677327476dd2
SHA1 8dbfa8d83ee37f95c5db48eb5251b480ee991ba6
SHA256 496319be630cc855cadeacf5473b8fa610527965c0c117f5388ff8d820be32c7
Size 2.81MB

APKiD

Information computed with APKiD.

/tmp/tmp1c6atui6!classes.dex
anti_vm
  • Build.MANUFACTURER check
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 49152:kjfTkBRv2RbNRdyffXsdjEQD0GnRjl9x4XWySVCWcfvj9+1w6baxH5c:ofTkz2RBgIRNnRrxWWhQxnjM13axu
Manifest 768:ScgS6zltyOMtwAmU3wx0pA7lziI5ZLLcLvXIY0hGrRzhdK3g3CB2z1V24hdvIkg1:…
classes.dex 24576:t99+BLPS4GRTLsHltKfoiAR5IHWk4l5oPTfrlXhoRmivEGPsLS94v+oNMHQJ4je…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 3072:me7AvpA6TUlhyCBAwwA7mr53A1QXwqRGK55WQAaFeXnkSCGZ96kADMZBkO/E+swX…
classes.dex 3072:me7AvpA6TUlhyCBAwwA7mr53A1QXwqRGK55WQAaFeXnkSCGZ96kADMZBkO/E+swX…

APK details

Information computed with AndroGuard and Pithus.

Package bulb.soap.casual
App name Google Chrome
Version name 1.0
Version code 1
SDK 20 - 29
UAID de8ff6bcf2e7abba70789f9465b57c64d3bbce74
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

File Analysis

Information computed with MobSF.

Findings Files
Hardcoded Keystore found. assets/grs_sp.bks
assets/hmsincas.bks
assets/updatesdkcas.bks
assets/hmsrootcas.bks

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Service (knife.crime.uniform.yyuilhzc) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (knife.crime.uniform.fbyyemqtynrdvbsx) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (knife.crime.uniform.xixpgjpq) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (knife.crime.uniform.hwfikdrwj) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (knife.crime.uniform.yzrmia) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BROADCAST_WAP_PUSH [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (knife.crime.uniform.pxcvjhlbqehvkv) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.SEND_RESPOND_VIA_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (knife.crime.uniform.kylztwlgmq) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Launch Mode of Activity (knife.crime.uniform.wdes) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Broadcast Receiver (knife.crime.uniform.fuz) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BROADCAST_SMS [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (knife.crime.uniform.guhthkpoispryb) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Medium High Intent Priority (136)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (993)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

knife.crime.uniform.hwfikdrwj

Schemes: sms:// smsto:// mms:// mmsto://

Main Activity

Information computed with AndroGuard.

knife.crime.uniform.yssjrtovgxsjeq

Activities

Information computed with AndroGuard.

knife.crime.uniform.PQfIlZjMlWxMzNrTcOtKsQoBx
knife.crime.uniform.XSfUpEdJrLkEzNePlDiAbUsEnWzFcBn
knife.crime.uniform.DYuUlSwYlZlFbFaJxXbHcOaZoLf
knife.crime.uniform.FPkReZg
knife.crime.uniform.ZAaByMnGyOqUgTaEoAq
com.google.android.gms.common.api.GoogleApiActivity
knife.crime.uniform.AKlHaBfSiAnRgPhQrRiTpEsBgRbQsKjJkSiNkXxSiYlThYl
knife.crime.uniform.UQpFkNfWyHhXgIeWyDn
knife.crime.uniform.twf
knife.crime.uniform.XTmXuEyQtFjPp
knife.crime.uniform.CQfXjQuWoEbUsKrMxTdZf
knife.crime.uniform.mmm
knife.crime.uniform.NRoUtQgFyAgIoMjSlBaRcMtCjXfEqYwDcGwZnIaFyMkTgEhBd
knife.crime.uniform.GPwBrIkZzOhYzTcTeBxObRz
knife.crime.uniform.IFeDlAhIiGwXjFzBdXhTfGwXaYwKhSfQhMzTxFlYa
knife.crime.uniform.DWwZwTfJlQrDg
knife.crime.uniform.hwfikdrwj
knife.crime.uniform.XBmBrTkInUuAfMgHjXcTsQiAwRmXlBlPxDyRiOxPdCqLsAa
knife.crime.uniform.LLjNuMoRzHrAcAdFpJgMhDlMdFbOjYpWhEsEr
knife.crime.uniform.KReXnQgMq
knife.crime.uniform.JMcLpRkNmCnEtDgOoJgNpWiKxUwSr
knife.crime.uniform.ZSdAdTnWeUrOjYjZgTcOwGuEcMfQkHfHyBkYjLk
knife.crime.uniform.LWaIwJf
knife.crime.uniform.TMwUpEmXhWlOiIsFe
knife.crime.uniform.rdxukerwsj
knife.crime.uniform.DIcFkSsDdSuSxOzKjGmXcCoEfQkBw
knife.crime.uniform.BAsMfKyOzYjZjQz
knife.crime.uniform.BWwDpJrXnKrGmIfCcAsYlKiFuKhGoOiWrTqOzEfIsOhGxAeHn
knife.crime.uniform.KTkQmJpBmQxYrOmTjWhReIsMjMwIjSxDcHwEjQgGlJhCiGg
knife.crime.uniform.AIcJlPbQxKdSdYzAeFmIgLbRaAgRxRaKbWoKaKmRnNqDf
knife.crime.uniform.wdes
knife.crime.uniform.HPeHdJcAeOzJqCtLmZbZeWxOeGx
knife.crime.uniform.DFiJnMrFzPrYlTnGqArFlUkHxEwHhXrAhPy
knife.crime.uniform.yssjrtovgxsjeq
knife.crime.uniform.JGqLuQkXr
knife.crime.uniform.KWxRpZzMgSpKoBz
knife.crime.uniform.aykdeckavqmgh
knife.crime.uniform.XJqTlOdPfZwWzAwWwHmYsJzThZbQqEhWaKuDgMi
knife.crime.uniform.dxditwzspc
knife.crime.uniform.QHxSwBmZmKxPzWzOcUtLeAtAoUjYhIgYdJb
knife.crime.uniform.KUlBiKySmNlRfEaQkOwChJtNiGoLlZtCsRgEuSgSlBrIs
knife.crime.uniform.QWnSwMuMaQwQhCxHtWeAgTpBrUhFcWnLmXbZuKtExMwKhUoCfJrAuNw
knife.crime.uniform.IAlElSyScIwSoDrTrXlTjBiDt
knife.crime.uniform.CRwAhNzOpAkMgAt
knife.crime.uniform.UWrFkRuNeZgEcRnTa
knife.crime.uniform.XWsYdWbYyUbGxKjZkGxRnRwUh

Receivers

Information computed with AndroGuard.

knife.crime.uniform.yzrmia
knife.crime.uniform.kylztwlgmq
knife.crime.uniform.fuz

Services

Information computed with AndroGuard.

knife.crime.uniform.ziusxuxswn
knife.crime.uniform.lrlroazqcixckhuy
knife.crime.uniform.yyuilhzc
knife.crime.uniform.bvprsxdfi
knife.crime.uniform.sewhdzmegeqjev
knife.crime.uniform.fbyyemqtynrdvbsx
knife.crime.uniform.dbd
knife.crime.uniform.xixpgjpq
knife.crime.uniform.pxcvjhlbqehvkv
knife.crime.uniform.zysmsnwnxhiaiz
knife.crime.uniform.vybszrov
knife.crime.uniform.rtjhfqyeonrc
knife.crime.uniform.uxffwkvuofguaxy
knife.crime.uniform.vduycacdfsa
knife.crime.uniform.guhthkpoispryb

Sample timeline

Certificate valid not before Feb. 29, 2008, 1:33 a.m.
Oldest file found in APK Nov. 29, 2020, 3:23 p.m.
Latest file found in APK Nov. 29, 2020, 3:23 p.m.
First submission on VT Dec. 2, 2020, 12:18 p.m.
Last submission on VT Dec. 2, 2020, 12:18 p.m.
Upload on Pithus Oct. 18, 2021, 3:55 a.m.
Certificate valid not after July 17, 2035, 1:33 a.m.

VirusTotal

Score 16/65
Report https://www.virustotal.com/gui/file/496319be630cc855cadeacf5473b8fa610527965c0c117f5388ff8d820be32c7/detection

Most Popular AV Detections

Provided by VirusTotal

Threat name: drop Identified 2 times
Threat name: sasps Identified 2 times
Threat name: hqwar Identified 2 times

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['bluetooth', 'network connectivity', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 bulb/soap/quiz/RApKcJqFjHoXeIqBuXdHsZbTnAtUlKxDjOiIsKzCpGhAo.java
bulb/soap/casual/YCuTaZuNzCzWkUoWhTmMlPbRpLrWoOu.java
bulb/soap/casual/ZXfOhIbTqQgMjBmHgSwXt.java
bulb/duck/TWcOdEjIhLbGhUoBsYkOsAyLuUcOdGrYbBfIeQmRz.java
bulb/duck/KOuWbHpOdRbKqLjYwIaWkKpUhKfDfTxMeExJjXfYa.java
bulb/amazing/OPjBmAyUiIc.java
bulb/soap/casual/topic/ZPeSqNrQmMrYlDwJfZbWuQaSsUyKaAtAnNiRdNcLmPnAnPpRx.java
bulb/soap/wine/RSbLzNeXmPeJiKgAzNoAxUiTdGuMmThFwGuGxXpZqIjEf.java
bulb/soap/plate/BTbNzEeYzFtHkJcGbMfFrKrCyDyFeQzRgPeWgLaNhLfZeSg.java
run/WEcGcOmAiBzAaSxFr.java
bulb/soap/casual/slow/CRlBuBoKzZeCiRaPhWwBnYsHfPwOcPfCnEkLwAdCxPb.java
org/b/a/h.java
shrimp/BBmXxXhDdXbJsUpDhApMpWpGwIjZrAiEeLbYsOtBzUnLsMq.java
bulb/soap/casual/TMaDxXpRdHyCoMeNfRn.java
bulb/soap/quiz/MDwPcDkLkPnUsAsKpQjZpDlUtPkNxSbTyWmXbXtJdSs.java
bulb/soap/casual/topic/OCzMtXmArJpAsDyZyTk.java
bulb/soap/casual/later/JMpMqTwBsOrIyAfIsHxFm.java
bulb/soap/casual/nuclear/RXgYnScYmYhIfTmWhEwXcNuNiUsFm.java
bulb/soap/quiz/TLgAjNfMtNkToEfJrWeRsYnXhKm.java
bulb/bargain/TYdJnLiGhFfUoRuAiFcJx.java
brief/QKyJfOjCwEiAhBd.java
i/a/a/c/g.java
theory/KJdXmCiEs.java
i/a/a/c/j.java
slogan/XPtCdCyPwBfUzJzDzXeBfAqXjPxXqZrMaMbIsQdTfCiYbFxXxTgOn.java
bulb/soap/slam/RCuEuMcJsCeSjQjXhIzRrQfLyHtAxRjXlJpFqSoLbTwQhRjWrCxUlNn.java
i/a/a/a.java
bulb/soap/wine/EFdFbFaLiQr.java
bulb/soap/plate/PFeHlBdGcZyPxRzOqRnDgAgKwBrIyFhBnWlYjHdIsNeFoJeNcDrWpPs.java
bulb/soap/casual/nuclear/OWpNlSqInMr.java
bulb/transfer/UArRuUkQiZeBpOsPuCaLyStIhNbBaNnRkZqJyUr.java
bulb/duck/GRiZdUnZdPtNoAoXcLyYoFqDqPdFmArSu.java
i/a/a/c/k.java
bulb/soap/casual/topic/JIaHzBwDaKrCrJuTeIhEeHwArRa.java
bulb/soap/slam/GWeBaOxFsTaKmXsBxMtGtDiLrQaXuBbUzMyFiUjDhRhKqMcJlZx.java
bulb/soap/casual/OLjSaMpAfQtPeMiLsQgOhFiKtXlTlJbEzXjLeJoJuUs.java
slogan/RFwEyZsUy.java
bulb/soap/plate/RGqDcKuYnTdKcAyFhQmLpLhGp.java
brief/QWzShFz.java
shrimp/MWaUqDuGjDgNhSzHqSqDjAjRkCzDdAcSqDoBxYrYqJkUz.java
bulb/soap/morning/RRbUxYqMy.java
bulb/soap/wine/IFjYaMuSbJe.java
bulb/soap/wine/DIgOzIzZeUpTbKjCmPwYcOgAo.java
slogan/UNgYbIiRaSiJfAyRsFmKbQzJb.java
bulb/soap/wine/WKpUwLdTrRgWlPsAzZsLhGuNqTcIgNkFyJuBdHbOsSj.java
brief/KSqQlEnWcNnFgDsQdQpUhHlRkLeCwPqCwMeGsUnMu.java
bulb/soap/casual/ILgYwSfDrBoNsIeGyWaRa.java
brief/DYiCbNgEcMrDzGnJmCcHrCdPlNyFfBsTqOnXwJtFe.java
bulb/amazing/AYjLgQyIhLrJxQwCzPmSiXwNmRg.java
bulb/transfer/QLfRnBbKuMoHhJwPhGfHpOtIbGmFxDmYjApKiTmCoGkIhCkHsOxCc.java
bulb/soap/casual/JGlQlFqDzReYiMiCdGwAiThNsFnWaMeTaUnSjIpYwDpZr.java
bulb/soap/slam/UJaAsWzMgEySiXnRrOtWgLiTc.java
brief/UShEmPjOyZePsPsNzDeTuRgIgAsJgLoHlEkXiBdFxDcOtXhWeBbYzQh.java
run/LFhTfNhDhKoKkXrUsOeRtFjLxWmBlQpYgUt.java
run/WQdHlEwIhMmClCx.java
run/NWpSlHoOpKuWyNaSxOqFgWqIzNaMnNhYcSqNeDmUePqBgMqFkCa.java
run/YCuFwDe.java
bulb/soap/casual/nuclear/TGkZpCuGpRsOfJkBaRbLdMlKqXiHdTp.java
run/QJrOiNjYxXyHqLgYwKnOtKmRcNk.java
theory/HMnCuTcWcGhYcOdKsZaHpBxJoYePzZqGoFjTaBmChOmYtWhBhSi.java
bulb/soap/wine/OLkLdZxPpSt.java
bulb/soap/casual/later/XQoBrEhAsJrPqYfRyEsTx.java
bulb/soap/plate/TDuEeMbTuMxYyCjWcDzSdTb.java
bulb/soap/casual/topic/OYyUyUfYzPlKfBqLwQkErHsNzAeCgWf.java
bulb/soap/slam/LXxSmOyRaYmAhUfLcYqUcLqJgXtLcEdZbXm.java
bulb/duck/OEwMpUcZsHwYfUaYbRnLrWfJwJiGqOfMbOcYeEoXbCbJi.java
bulb/bargain/XQlXtFsGqZsMyBrPxJbBeEiIoTtNgJjExOkPpLrPi.java
bulb/soap/casual/NZkChZmJqDiLzAgDrGzOgBxJtFlAuMhRlOxYjEw.java
shrimp/BSkSwNlZdKmIpGcZhEfIoWsHtJlHdOn.java
bulb/soap/casual/SLlTmIbInDxMhRpIhLhGtXdZeEcWgNlNcYiLg.java
bulb/soap/slam/ZYfOrAhUdSfOwLiHcIz.java
run/QXxKkJwSeUrLmWcQnLgKpYeEtHpMfZyLxKrJq.java
bulb/soap/casual/QQkCcPbHhZzPtOpArGmGfYmRcRiJnOuPpCuNuDgUiSfRx.java
bulb/transfer/GWfJbAwQaAiJdSzZuIoMoQrMtAqPqFs.java
j/d0/b.java
shrimp/JDiDmAfOdJqRbBjHn.java
bulb/soap/plate/EFxRiYiZyFnKoFlCgTzHzWt.java
theory/OSyWzEuHqKfOuWsInJhYdSsKeEhDmCsOfYiCe.java
bulb/soap/casual/stand/HQlUsSpUpLmJbIiMnWsIsBjJqPcWeFg.java
bulb/bargain/BWsTeTg.java
bulb/soap/wine/EWxDhXpSoXgNkUyZeLyGrNzYoOwRwDtQx.java
slogan/FYrPkOcRhYfBa.java
bulb/student/JGiJrZmTaImWxXsKkJjKqCtAcErJzRaGrEdQdQbBuSfLoXrKc.java
bulb/soap/casual/PGlNmCbFpDfItUaMbDlFqKgPmMq.java
bulb/soap/casual/FSkCeKfDaTqArBrDlKxGpXeBhDyPgGmQrZa.java
bulb/duck/SIqDmJpAiJkFqZfObKyCsWnYb.java
bulb/student/DJfJuXpPqQkFwSrLdHaPnAxPuKtBzDlPl.java
bulb/soap/casual/nuclear/XAfYxIiZkIxEbIoOhRlSiOcSqMcGjYhAiTsYbClYwGtToMwWmRw.java
run/YMzCiYxYpTgZnLuZpAiUqPqJtSxAwTyJrOdLeDf.java
bulb/bargain/QAzAiFiKeJnOmCaWiKpToEdDoEmQdJqJoGoDhZzZbBkUq.java
bulb/transfer/NKfQyKkEzFrMkRmAxHlFlGuYwLeRyJaRh.java
bulb/duck/TKqKsWpTmZkJa.java
bulb/soap/casual/SAyKfQkCgKaYhNeCtKqAkIxBpCgScMoLlMzDkIuIl.java
bulb/soap/casual/CZzUxXuJlEeBiXlFhHo.java
bulb/soap/casual/stand/HCyIePtIcFw.java
bulb/soap/casual/topic/JHcSnRyElSaNrOhUlHkKuYxHjRpPlIwEzPtWsMiUeWaBmHd.java
bulb/soap/casual/YFqAaYpBsStZhGnTaPs.java
bulb/soap/plate/JKyGhZkHgKdOyYdWhNtExTuTgFyFrUhUsXmScQjNiTySuDdEjQpUfGm.java
bulb/soap/wine/ACxBgEaHyMhNaXsDeYgOqSzSgNeFkQzCkUkHlYsRh.java
d/c/c/c.java
bulb/duck/JHaDcIqIxUgSjYe.java
bulb/soap/slam/BPyTlLuFuXxMlSwFqUiTyUrOpLaReOoCrPtOn.java
bulb/soap/casual/later/HKiSeQeLsDpZbIlWbGwLeJfKqWwDjNkDeUwKyBaWdOt.java
bulb/soap/casual/CTeQdEfQtNjPtZsCzWuUpXuJgPmUiCsAhEgDnBmWyUl.java
bulb/soap/quiz/TTiFlHdNoWhWiGbSuYfKzSwDgDlZqDoUcPdXtRrTmCeArKeUk.java
bulb/duck/JOgCfOmIyRdDgDsQqGpHlLdUfWlEiHsDhOoIkDbShYz.java
bulb/soap/casual/later/OXoPwOuDfAqBzGhDpEzWfSwDrGsXlAzUp.java
shrimp/EDfJlEsBwDeXyDiCrQrDnEaBwDqBwAb.java
bulb/soap/casual/stand/WWjFmCnHwGe.java
h/a/a/c.java
shrimp/ZXzOeYhIbScPmJnTbWiQhKoSbOgNyQaBp.java
bulb/soap/morning/ZGzGiSk.java
bulb/soap/quiz/SDpUcXzBhSkSoThPxQaQnUcGzEgThAuNzOn.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 g/u/b.java
nl/dionsegijn/konfetti/c/c.java
nl/dionsegijn/konfetti/f/b.java
nl/dionsegijn/konfetti/b.java
g/u/a.java
g/p/v.java
nl/dionsegijn/konfetti/f/a.java
org/codehaus/jackson/map/ser/BasicSerializerFactory.java
org/java_websocket/b/b.java
d/c/a/b/i1/h0.java
g/p/b.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 j/d0/i/c.java
j/d0/i/h.java
j/d0/i/g.java
High
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 org/java_websocket/b/b.java
High
CVSS:7.4
Insecure Implementation of SSL. Trusting all the certificates or accepting self signed certificates is a critical Security Hole. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 j/d0/i/i/b.java
Pygal Switzerland: 100 Germany: 100 United States: 400

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

DE developer.apple.com 17.253.57.203
US www.w3.org 128.30.52.100
US aomedia.org 185.199.109.153
CH www.slf4j.org 83.166.144.67
US github.com 140.82.121.3
US exoplayer.dev 185.199.108.153

URL analysis

Information computed with MobSF.

https://exoplayer.dev/issues/player-accessed-on-wrong-thread
Defined in d/c/a/b/y0.java
https://developer.apple.com/streaming/emsg-id3
https://aomedia.org/emsg/ID3
Defined in d/c/a/b/h1/h/a.java
https://developer.apple.com/streaming/emsg-id3
https://aomedia.org/emsg/ID3
Defined in d/c/a/b/h1/h/a.java
http://www.w3.org/ns/ttml#parameter
Defined in d/c/a/b/j1/q/a.java
https://github.com/TooTallNate/Java-WebSocket/wiki/Lost-connection-detection
Defined in org/java_websocket/a.java
http://www.slf4j.org/codes.html#StaticLoggerBinder
http://www.slf4j.org/codes.html#substituteLogger
http://www.slf4j.org/codes.html#version_mismatch
http://www.slf4j.org/codes.html#multiple_bindings
http://www.slf4j.org/codes.html#unsuccessfulInit
Defined in org/b/c.java
http://www.slf4j.org/codes.html#StaticLoggerBinder
http://www.slf4j.org/codes.html#substituteLogger
http://www.slf4j.org/codes.html#version_mismatch
http://www.slf4j.org/codes.html#multiple_bindings
http://www.slf4j.org/codes.html#unsuccessfulInit
Defined in org/b/c.java
http://www.slf4j.org/codes.html#StaticLoggerBinder
http://www.slf4j.org/codes.html#substituteLogger
http://www.slf4j.org/codes.html#version_mismatch
http://www.slf4j.org/codes.html#multiple_bindings
http://www.slf4j.org/codes.html#unsuccessfulInit
Defined in org/b/c.java
http://www.slf4j.org/codes.html#StaticLoggerBinder
http://www.slf4j.org/codes.html#substituteLogger
http://www.slf4j.org/codes.html#version_mismatch
http://www.slf4j.org/codes.html#multiple_bindings
http://www.slf4j.org/codes.html#unsuccessfulInit
Defined in org/b/c.java
http://www.slf4j.org/codes.html#StaticLoggerBinder
http://www.slf4j.org/codes.html#substituteLogger
http://www.slf4j.org/codes.html#version_mismatch
http://www.slf4j.org/codes.html#multiple_bindings
http://www.slf4j.org/codes.html#unsuccessfulInit
Defined in org/b/c.java
http://www.slf4j.org/codes.html#log4j_version
Defined in org/b/b/c.java

Permissions analysis

Information computed with MobSF.

High android.permission.RECEIVE_SMS receive SMS
Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.READ_SMS read SMS or MMS
Allows application to read SMS messages stored on your phone or SIM card. Malicious applications may read your confidential messages.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
High android.permission.SEND_SMS send SMS messages
Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground
Low android.permission.GET_PACKAGE_SIZE measure application storage space
Allows an application to find out the space used by any package.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.USE_FULL_SCREEN_INTENT Required for apps targeting Build.VERSION_CODES.Q that want to use notification full screen intents.
Low android.permission.REQUEST_DELETE_PACKAGES Allows an application to request deleting packages.
Low android.permission.MODIFY_AUDIO_SETTINGS change your audio settings
Allows application to modify global audio settings, such as volume and routing.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Permission an application must hold in order to use Settings.ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.REQUEST_COMPANION_USE_DATA_IN_BACKGROUND Allows a companion app to use data in the background.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Load external class
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Load class from given class name
Confidence:
100%
Send notification
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Method reflection
Confidence:
100%
Initialize class object dynamically
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get declared method from given method name
Confidence:
80%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
80%
Get calendar information
Confidence:
80%
Query data from URI (SMS, CALLLOGS)
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Android notifications
       me/leolin/shortcutbadger/impl/XiaomiHomeBadger.java
Base64 decode
       d/c/a/b/j1/q/b.java
Base64 encode
       bulb/soap/plate/LLdTjEiWsIy.java
bulb/bargain/DDmJaWw.java
theory/NUaReUlEbFaApFaQmKkEwOmNrOeXnWuMoMr.java
bulb/soap/casual/NYrMwYxFyImMbDxPfMrHqToPmLgMwNc.java
theory/EBkKtOyYiOjKaEgMbKtZoLcFpDqRxWgUhLfAo.java
slogan/QNoZeCwFnShUuAg.java
bulb/soap/casual/nuclear/FMlHhCtMqLqQlEwRoUuTaByZkWrOiPoIa.java
bulb/soap/morning/PSpHgAmHqJpDlZfFsUqMkOiKjTeCxDqSsUnCrGnFxQfZtGqOjZaRbZd.java
bulb/soap/casual/nuclear/RXiBoMfWfBeItBkArTkEzOjHmEsYhObJxWyXbZmDyNtFyHhOjAa.java
bulb/soap/casual/nuclear/OUmDnNpSbNdGfZuAaKm.java
shrimp/ZIyBsNnGpAwZqUdXaYqEuEnCtXiPsUd.java
bulb/soap/plate/GZyItXbBjSoLaTuChAkPqYkWmUpFqSfFxNdJqZuFnQeCqNoCy.java
bulb/soap/casual/EFcYfAbHrFiLmYrLfUkSmUtDxPyBqDqOfUfOnLdLeZxKqGz.java
bulb/soap/casual/DWnSpWxRlHqZbKfTqYgOwUmHiHuPcRxLkKzOrUxUfRlNdPxJiUkNqIg.java
d/c/c/f/g/d.java
bulb/bargain/NAtZqPsDsBnOfMyZl.java
bulb/soap/casual/topic/HAjCxKmZqLpGyWwPiYyZyDuHkEbSxHcQe.java
bulb/soap/casual/nuclear/QLbMxKs.java
brief/YWmUyPzChKtLnFtWjXjIpUiCxWgZmDaDtBrEoJkWqJdGeJoBn.java
bulb/student/UGiQsTkHcAkCdFoXcYiHuMbBbNgDsDnEmQpRiBjMg.java
bulb/duck/PEnFbJsMhOtTgSkFtFhWqWtSoSzYwJcOxKl.java
bulb/transfer/HWjTjIoHxEnRfYnQrMlGaXdTlBzYuObAm.java
bulb/student/KLoSqJjUsAuFqLsRcEnNrQuOh.java
bulb/soap/casual/slow/EEfQlLyHnFg.java
bulb/bargain/CQwExWyYyHoWyRgLlFjIjUdSgFsAp.java
bulb/soap/casual/ZHoYiUkWaTyHmUaDsEo.java
bulb/soap/quiz/JPlWhYt.java
bulb/bargain/WZhCuNoEbMeRgEo.java
bulb/soap/casual/later/CUqOlTrWhFrNzRr.java
bulb/bargain/LJmFqBkHyAcBeBpNiIaQzFeStBjHpIeTwHtGxRfJgHoKyOd.java
theory/BNhKnBp.java
bulb/transfer/ARnWfRhMpClMhOgHoAlNhYtTlNyQqTqSbItYdWtYxXxUdJpPtXg.java
bulb/soap/casual/XMcQzXgEe.java
brief/AQtJcIfNuPePaTaLnOePgAhCsWdSyGpGuAhNwLtMl.java
bulb/student/RHfLjUs.java
slogan/AOlRcDwRd.java
shrimp/NLfItOzXcIbEtNpUlPnBrTgDpOlCtOlKeQfScOhKtXr.java
bulb/soap/quiz/YObHiSiDgTsUjBuWhXtUtJfBdSo.java
bulb/soap/quiz/MGuMlZkDaZyTnHy.java
Certificate handling
       j/d0/i/i/i.java
j/a.java
j/d0/i/h.java
j/d0/i/d.java
j/v.java
j/d0/e/e.java
j/d0/e/f.java
Dynamic class and dexloading
       bulb/soap/casual/DCgZrDiJlWdZgCtEbMyJgAwTrCdDtKfNjQhMwWpPtOrXiTkImEzBaAb.java
Get installed applications
       h/a/a/c.java
Get system service
       d/c/a/b/k1/i.java
slogan/FYrPkOcRhYfBa.java
bulb/soap/slam/RCuEuMcJsCeSjQjXhIzRrQfLyHtAxRjXlJpFqSoLbTwQhRjWrCxUlNn.java
me/leolin/shortcutbadger/impl/XiaomiHomeBadger.java
bulb/soap/plate/PFeHlBdGcZyPxRzOqRnDgAgKwBrIyFhBnWlYjHdIsNeFoJeNcDrWpPs.java
bulb/amazing/AYjLgQyIhLrJxQwCzPmSiXwNmRg.java
bulb/soap/casual/nuclear/OWpNlSqInMr.java
brief/UShEmPjOyZePsPsNzDeTuRgIgAsJgLoHlEkXiBdFxDcOtXhWeBbYzQh.java
bulb/duck/KOuWbHpOdRbKqLjYwIaWkKpUhKfDfTxMeExJjXfYa.java
run/LFhTfNhDhKoKkXrUsOeRtFjLxWmBlQpYgUt.java
run/WQdHlEwIhMmClCx.java
bulb/duck/GRiZdUnZdPtNoAoXcLyYoFqDqPdFmArSu.java
bulb/soap/casual/nuclear/XAfYxIiZkIxEbIoOhRlSiOcSqMcGjYhAiTsYbClYwGtToMwWmRw.java
run/YCuFwDe.java
bulb/soap/casual/SAyKfQkCgKaYhNeCtKqAkIxBpCgScMoLlMzDkIuIl.java
bulb/soap/plate/BTbNzEeYzFtHkJcGbMfFrKrCyDyFeQzRgPeWgLaNhLfZeSg.java
bulb/soap/wine/OLkLdZxPpSt.java
d/c/a/b/a1.java
bulb/soap/casual/stand/HCyIePtIcFw.java
d/c/a/b/s.java
bulb/soap/casual/slow/CRlBuBoKzZeCiRaPhWwBnYsHfPwOcPfCnEkLwAdCxPb.java
bulb/soap/plate/TDuEeMbTuMxYyCjWcDzSdTb.java
bulb/soap/casual/topic/OYyUyUfYzPlKfBqLwQkErHsNzAeCgWf.java
slogan/RFwEyZsUy.java
bulb/soap/wine/ACxBgEaHyMhNaXsDeYgOqSzSgNeFkQzCkUkHlYsRh.java
bulb/bargain/XQlXtFsGqZsMyBrPxJbBeEiIoTtNgJjExOkPpLrPi.java
bulb/soap/plate/RGqDcKuYnTdKcAyFhQmLpLhGp.java
bulb/soap/slam/BPyTlLuFuXxMlSwFqUiTyUrOpLaReOoCrPtOn.java
bulb/soap/casual/later/HKiSeQeLsDpZbIlWbGwLeJfKqWwDjNkDeUwKyBaWdOt.java
bulb/soap/casual/CTeQdEfQtNjPtZsCzWuUpXuJgPmUiCsAhEgDnBmWyUl.java
d/c/a/b/b1.java
bulb/soap/casual/QQkCcPbHhZzPtOpArGmGfYmRcRiJnOuPpCuNuDgUiSfRx.java
theory/OSyWzEuHqKfOuWsInJhYdSsKeEhDmCsOfYiCe.java
bulb/soap/casual/stand/WWjFmCnHwGe.java
slogan/UNgYbIiRaSiJfAyRsFmKbQzJb.java
bulb/soap/casual/stand/HQlUsSpUpLmJbIiMnWsIsBjJqPcWeFg.java
Inter process communication
       d/c/a/b/d1/j.java
me/leolin/shortcutbadger/impl/XiaomiHomeBadger.java
slogan/OSxTeAgIfWmKsNkYdQi.java
me/leolin/shortcutbadger/impl/AsusHomeBadger.java
bulb/soap/casual/topic/IXlPjOlXwAbHrAdAaAkDsXuTsXwItIdYiFnEoSpXcGdMkRyCgXmSq.java
bulb/transfer/OCnPiDmYuOiLnDfGuSjHeUzZpTkFgYqZqCuFyBsBmCnXnRoPr.java
me/leolin/shortcutbadger/impl/NewHtcHomeBadger.java
bulb/soap/casual/nuclear/GUjQyGmLuUbIaFtMzPbWyMrQuLaLpEtNsLcBaFdKtFuSgCa.java
bulb/soap/casual/ISwWcIgMiGbUeCqCpGe.java
bulb/soap/morning/HNcJlHpXjWyLaFbSkIkUtBeCfIyHdNaRcSiXlZcLxPs.java
bulb/soap/casual/slow/YMuSbQxObJrYbPkShSeJwWgYj.java
bulb/soap/casual/slow/DRwGlEsUsOyAnJcQeEaTcLs.java
bulb/soap/casual/JEbDdPtKxCtTbIrXgHwLeNfDfLpEoYwFeCeImIdXmOuJnBrOdWoZy.java
me/leolin/shortcutbadger/impl/VivoHomeBadger.java
bulb/soap/casual/QMkMnRrBzAdWyJePoDeUbSgRoBoOyEpGcMlJgHoHpQkIzKxLrZxEd.java
bulb/soap/casual/later/WIuLjWjOxWuEgNtCiKkXgXxKzEpKgCuFtEqDiLtKo.java
bulb/soap/casual/nuclear/OLtUgOgOtNkCfBhXiLhKhRlAnGuTfYbTtTjIfOrJnTmLuPdPmUsNe.java
bulb/soap/casual/nuclear/MOrLdYaHaTm.java
bulb/soap/casual/CNnYpCfIm.java
bulb/soap/casual/NLhAdCqYwIxRzTbLsShTwEtAzTe.java
d/c/a/b/r.java
bulb/soap/plate/ODpQkUpSqOzYeSbJs.java
bulb/soap/casual/later/WIbYjMiJrNwRlEdZnOuOxRuNmXyLu.java
bulb/soap/quiz/RFbTdCcUcIfNyRmBmWbTsXqLm.java
bulb/soap/slam/QFfHhKrPjYgJbOgOpSmGmHtQaQbOgAjXoUzYh.java
theory/MEuQcFsXhZkCsJm.java
me/leolin/shortcutbadger/impl/AdwHomeBadger.java
bulb/soap/casual/topic/HYxXtJoWrIpRtYhEmXzKn.java
bulb/duck/DHsNlNwItOcCaPiTjIgXlBcCkCrJkUsGySfImBbAeNfRlGrNxCwAr.java
me/leolin/shortcutbadger/impl/DefaultBadger.java
bulb/soap/morning/WZfSqZlBtWfHtItKyHuEuJkPkMiOnJdSqPlWlKd.java
bulb/soap/casual/XNkOjWfDyWaJtCs.java
me/leolin/shortcutbadger/impl/LGHomeBadger.java
brief/CHxAkSuHzGmLeJp.java
bulb/soap/casual/JJkGmCdFpSzTdCtUgFiNbUlXeGsKiMoEl.java
bulb/soap/quiz/KEsUbMmAbWrAiNjBkFkZgAiDjOhNdAxSr.java
me/leolin/shortcutbadger/impl/SonyHomeBadger.java
bulb/transfer/IBfDeSwDfUjSzNiTtMjMtAxYjTqOwTp.java
slogan/IOtYkObTuOwNzFhKoUiDpDsGiFo.java
bulb/soap/casual/nuclear/AHgTlDiHlGnUkCyHzUz.java
theory/BYaOsIrYbJuDlTrDqOoSqQbAxMuBsWoCbLxXqWxLkFbNdUbKs.java
bulb/soap/casual/QZwZbHpSqFqGpOdBlAyKiJtOfPkDePgEkHxRk.java
bulb/transfer/UDsPcFgWyWuWxAcQpUjIaAsPjTxMt.java
bulb/soap/casual/slow/PSxHmPpDuHjHc.java
me/leolin/shortcutbadger/impl/OPPOHomeBader.java
bulb/duck/FRiRqXwOwBeWt.java
me/leolin/shortcutbadger/impl/ApexHomeBadger.java
bulb/duck/SZdLsPmGbTsPsXbTeMhUuPyToUw.java
bulb/soap/wine/ILwOqBhScKbDpKrTsKdObZqTwRjUyGlSaIpGoBjHhBwJkWpWiTcIc.java
me/leolin/shortcutbadger/impl/IntentConstants.java
d/c/c/c.java
bulb/soap/quiz/AKyYjIuLcCpOrQdShXdWdRdWtJkOfNp.java
h/a/a/d/a.java
slogan/PPyPhGhYoDiUsAaZnQlQfUsRjBrLoRhExAjLnAbAyOxLnOqRjSyEf.java
run/UJmJcSgTrFqNuOtGcQlDyLtIfPqQt.java
org/parceler/b.java
h/a/a/c.java
Java reflection
       org/codehaus/jackson/map/ser/std/JsonValueSerializer.java
org/codehaus/jackson/map/util/ClassUtil.java
org/codehaus/jackson/map/ser/PropertyBuilder.java
org/codehaus/jackson/map/deser/BasicDeserializerFactory.java
me/leolin/shortcutbadger/impl/XiaomiHomeBadger.java
org/codehaus/jackson/map/introspect/MethodFilter.java
org/codehaus/jackson/map/deser/SettableBeanProperty.java
org/codehaus/jackson/map/introspect/AnnotatedMethod.java
j/d0/i/g.java
j/d0/i/b.java
j/d0/i/i/d.java
g/r/b.java
org/codehaus/jackson/map/introspect/BasicBeanDescription.java
j/d0/i/i/c.java
bulb/soap/casual/DCgZrDiJlWdZgCtEbMyJgAwTrCdDtKfNjQhMwWpPtOrXiTkImEzBaAb.java
j/d0/i/e.java
j/d0/i/i/i.java
g/r/a.java
org/codehaus/jackson/map/ext/OptionalHandlerFactory.java
d/c/a/b/f1/f.java
j/d0/i/d.java
org/codehaus/jackson/map/ser/AnyGetterWriter.java
d/c/a/b/y.java
org/codehaus/jackson/map/deser/SettableAnyProperty.java
bulb/soap/casual/MTmYtHnXwHaHzIiOfDzDsUhOwCcXdZzKaQkRwQtXqFcBsNtMtLt.java
g/t/c/o.java
org/codehaus/jackson/map/introspect/AnnotatedClass.java
j/d0/i/c.java
org/codehaus/jackson/map/introspect/AnnotatedMethodMap.java
bulb/soap/casual/TFoQgWpUhOyFsReJlPoWaHsAoXfZsBlHdObUdIhDh.java
d/c/a/b/d1/q.java
org/threeten/bp/a/h.java
org/codehaus/jackson/map/ser/BasicSerializerFactory.java
org/codehaus/jackson/map/deser/std/StdKeyDeserializers.java
org/codehaus/jackson/map/ser/BeanPropertyWriter.java
org/codehaus/jackson/map/introspect/AnnotatedField.java
org/codehaus/jackson/map/introspect/MemberKey.java
j/d0/i/i/e.java
org/codehaus/jackson/map/introspect/BasicClassIntrospector.java
org/codehaus/jackson/map/deser/std/EnumDeserializer.java
org/codehaus/jackson/map/deser/std/StdKeyDeserializer.java
l/a/b/b/b.java
Local file i/o operations
       d/c/c/h/d.java
d/c/c/j/a.java
Message digest
       org/java_websocket/b/b.java
Query database of sms, contacts etc
       me/leolin/shortcutbadger/impl/SamsungHomeBadger.java
Sending broadcast
       me/leolin/shortcutbadger/impl/VivoHomeBadger.java
me/leolin/shortcutbadger/impl/SonyHomeBadger.java
h/a/a/d/a.java
Starting activity
       bulb/soap/morning/WZfSqZlBtWfHtItKyHuEuJkPkMiOnJdSqPlWlKd.java
bulb/soap/casual/XNkOjWfDyWaJtCs.java
brief/CHxAkSuHzGmLeJp.java
slogan/OSxTeAgIfWmKsNkYdQi.java
bulb/soap/casual/JJkGmCdFpSzTdCtUgFiNbUlXeGsKiMoEl.java
bulb/soap/casual/topic/IXlPjOlXwAbHrAdAaAkDsXuTsXwItIdYiFnEoSpXcGdMkRyCgXmSq.java
bulb/soap/quiz/KEsUbMmAbWrAiNjBkFkZgAiDjOhNdAxSr.java
bulb/transfer/OCnPiDmYuOiLnDfGuSjHeUzZpTkFgYqZqCuFyBsBmCnXnRoPr.java
bulb/transfer/IBfDeSwDfUjSzNiTtMjMtAxYjTqOwTp.java
slogan/IOtYkObTuOwNzFhKoUiDpDsGiFo.java
bulb/soap/casual/nuclear/GUjQyGmLuUbIaFtMzPbWyMrQuLaLpEtNsLcBaFdKtFuSgCa.java
bulb/soap/casual/ISwWcIgMiGbUeCqCpGe.java
bulb/soap/casual/nuclear/AHgTlDiHlGnUkCyHzUz.java
bulb/soap/morning/HNcJlHpXjWyLaFbSkIkUtBeCfIyHdNaRcSiXlZcLxPs.java
theory/BYaOsIrYbJuDlTrDqOoSqQbAxMuBsWoCbLxXqWxLkFbNdUbKs.java
bulb/soap/casual/slow/YMuSbQxObJrYbPkShSeJwWgYj.java
bulb/soap/casual/slow/DRwGlEsUsOyAnJcQeEaTcLs.java
bulb/soap/casual/JEbDdPtKxCtTbIrXgHwLeNfDfLpEoYwFeCeImIdXmOuJnBrOdWoZy.java
bulb/soap/casual/QMkMnRrBzAdWyJePoDeUbSgRoBoOyEpGcMlJgHoHpQkIzKxLrZxEd.java
bulb/soap/casual/QZwZbHpSqFqGpOdBlAyKiJtOfPkDePgEkHxRk.java
bulb/transfer/UDsPcFgWyWuWxAcQpUjIaAsPjTxMt.java
bulb/soap/casual/slow/PSxHmPpDuHjHc.java
bulb/duck/FRiRqXwOwBeWt.java
bulb/soap/casual/later/WIuLjWjOxWuEgNtCiKkXgXxKzEpKgCuFtEqDiLtKo.java
bulb/soap/casual/nuclear/OLtUgOgOtNkCfBhXiLhKhRlAnGuTfYbTtTjIfOrJnTmLuPdPmUsNe.java
bulb/duck/SZdLsPmGbTsPsXbTeMhUuPyToUw.java
bulb/soap/casual/nuclear/MOrLdYaHaTm.java
bulb/soap/wine/ILwOqBhScKbDpKrTsKdObZqTwRjUyGlSaIpGoBjHhBwJkWpWiTcIc.java
bulb/soap/casual/CNnYpCfIm.java
bulb/soap/quiz/AKyYjIuLcCpOrQdShXdWdRdWtJkOfNp.java
bulb/soap/casual/NLhAdCqYwIxRzTbLsShTwEtAzTe.java
bulb/soap/plate/ODpQkUpSqOzYeSbJs.java
slogan/PPyPhGhYoDiUsAaZnQlQfUsRjBrLoRhExAjLnAbAyOxLnOqRjSyEf.java
run/UJmJcSgTrFqNuOtGcQlDyLtIfPqQt.java
bulb/soap/casual/later/WIbYjMiJrNwRlEdZnOuOxRuNmXyLu.java
bulb/soap/quiz/RFbTdCcUcIfNyRmBmWbTsXqLm.java
bulb/soap/slam/QFfHhKrPjYgJbOgOpSmGmHtQaQbOgAjXoUzYh.java
theory/MEuQcFsXhZkCsJm.java
bulb/soap/casual/topic/HYxXtJoWrIpRtYhEmXzKn.java
bulb/duck/DHsNlNwItOcCaPiTjIgXlBcCkCrJkUsGySfImBbAeNfRlGrNxCwAr.java
Tcp socket
       j/d0/h/i.java
j/v.java
j/d0/i/i/b.java
j/d0/e/e.java
j/d0/i/b.java
j/d0/f/j.java
org/java_websocket/a/b.java
j/a.java
j/d0/e/d.java
j/d0/b.java
j/d0/i/h.java
j/d0/e/k.java
j/d0/j/a.java
j/d0/e/f.java
j/d0/h/f.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably starts another application