Low Risk

Threat level

com.kyhsgeekcode.fixzip

FixZip

Analyzed on 2022-06-19T19:16:51.260595

2

permissions

1

activities

0

services

0

receivers

0

domains

File sums

MD5 1a4be7a8032ade72eaab8f2c5c6b0dbf
SHA1 3bbfb96d9bf17a79570932434c96a6ee1d458999
SHA256 513a5c0e243d8b22e001c8e7ad5a6f892995c797ba2e939feb166103f8970cd0
Size 0.06MB

APKiD

Information computed with APKiD.

/tmp/tmpy64ok3ti!classes.dex
compiler
  • dexlib 1.x

SSdeep

Information computed with ssdeep.

APK file 1536:WgiwF3cobgLKxe7wuXt6XVyLaFg9Er7yS+20:fEKxEMXVyf9ECS+j
Manifest 48:uZ4O3SvTBkpzglyPlold8BvJh4DNVdlZc1lZpeYzlR3lSWsgWqRBPwzwk8C/FH:uZ4…
classes.dex 192:vLi8CwE11Ue+HVgzYoCS7NCJNA1AkXntjNjxVR9Xfa11LYZ:vLs15+HVgsVDAdXth…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6:IWGqFBRKLBLx+4RK2xT0KWzwRhsKlWLvX6fUQD0naU70UFrMd4fTfW8RUdyb2/a3:FG…
classes.dex 6:IWGqFBRKLBLx+4RK2xT0KWzwRhsKlWLvX6fUQD0naU70UFrMd4fTfW8RUdyb2/a3:FG…

APK details

Information computed with AndroGuard and Pithus.

Package com.kyhsgeekcode.fixzip
App name FixZip
Version name 1.0
Version code 1
SDK 14 - 21
UAID b77787014e6cf89b8ce000a561526f2634e37b7c
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

Manifest analysis

Information computed with MobSF.

High Debug Enabled For App[android:debuggable=true]
Debugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.
Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.

Main Activity

Information computed with AndroGuard.

com.kyhsgeekcode.fixzip.MainActivity

Activities

Information computed with AndroGuard.

com.kyhsgeekcode.fixzip.MainActivity

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/kyhsgeekcode/fixzip/FixZip.java

Permissions analysis

Information computed with MobSF.

High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.

Threat analysis

Information computed with Quark-Engine.

Confidence:
80%
Read data and put it into a buffer stream
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Executes the specified string Linux command

Behavior analysis

Information computed with MobSF.

Execute os command
       adrt/ADRTLogCatReader.java
Inter process communication
       adrt/ADRTSender.java
Sending broadcast
       adrt/ADRTSender.java

Control flow graphs analysis

Information computed by Pithus.

The application probably executes OS commands