Android.Infostealer.Regon

Threat

heart.vacant.choice

TeaTV

Analyzed on 2021-01-18T10:36:01.606105

20

permissions

40

activities

3

services

3

receivers

240

domains

File sums

MD5 d4420465fced7188fa28d8ed934a96af
SHA1 ec9f79e845f7ce95d6ae7147fecc5223d9ddd5ed
SHA256 638f5a51aca3308e00418dc119a481feb0f72b04041a9a7fafce8587b74f62da
Size 3.2MB

APKiD

Information computed with APKiD.

/tmp/tmp1v8_peh2!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
  • Build.BOARD check
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 98304:eAT5eNLHOs1iJ2It7JfHYU1SU8iFoeSzQ3jB5X2/o1O4Dl:eAsLus1iJr7ZHYU1yxe13jB5G/qOw
Manifest 384:0gSxIQvt5MHaBzCo1gD5HquysPriz0tDIgNzvk5ZDYfIuk9gDz521S1Hie7+yac1:…
classes.dex 49152:oQYuGnM3HigB1ONOyjxe+AeyOtZfaZAHsRcCFpyB:VYuGSFeyOtZfBfQQB

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:GDxRcRQ6uIwOC1oqlxUHuE7SiRLLyPhwiWLr3azZ3mvDzhQhe0Q/hgIaKKgwz1Ko…
classes.dex 6144:GDxRcRQ6uIwOC1oqlxUHuE7SiRLLyPhwiWLr3azZ3mvDzhQhe0Q/hgIaKKgwz1Ko…

APK details

Information computed with AndroGuard and Pithus.

Package heart.vacant.choice
App name TeaTV
Version name 1.0
Version code 1
SDK 24 - 30
UAID 80f49a0139d1d4a9d80b0fe942e0b1b76067a86a
Signature Signature V1
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/afwejionaiowef]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Service (cube.toddler.happy.RenamedClass0) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (cube.toddler.happy.RenamedClass1) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.SEND_RESPOND_VIA_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (cube.toddler.happy.RenamedClass13) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (cube.toddler.happy.receiver.RenamedClass14) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BROADCAST_SMS [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (cube.toddler.happy.receiver.RenamedClass15) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (cube.toddler.happy.RenamedClass16) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BROADCAST_WAP_PUSH [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Medium High Intent Priority (999)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium High Intent Priority (988)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

cube.toddler.happy.RenamedClass13

Schemes: sms:// smsto:// mms:// mmsto://

Main Activity

Information computed with AndroGuard.

['cube.toddler.happy.BFfOwQdTtZaRjDeAsAfUeNxRwCrAfQi', 'cube.toddler.happy.KDaBlTzPrMeNjFlRaDrYcEqHpLzDcXl', 'cube.toddler.happy.SWaGoYrMyPpQqZwEsDeAfZbUoCaEqHnLuScMwDbLqAmHtUfJuOuEf', 'cube.toddler.happy.GObAmYhIpKtItTcGwIuBeEzAjZyMsUyGtRm', 'cube.toddler.happy.ZGyKeThKwLjAhQxPzKtRcIdPdNfAlWqWhXoYyTt', 'cube.toddler.happy.util.RenamedClass3', 'cube.toddler.happy.FZzIaRmLmKnRoHeCgMyLgHg', 'cube.toddler.happy.RenamedClass4', 'cube.toddler.happy.HFmUcFfOoGaEnHyRgYcDnQeOdSqUhOyCwBpDnExBaKxYwLoBeFy', 'cube.toddler.happy.RenamedClass5', 'cube.toddler.happy.JNbUbIpRgWfIqZx', 'cube.toddler.happy.XYbTaMlFiYdCaDw', 'cube.toddler.happy.RenamedClass6', 'cube.toddler.happy.CKxPoUhLyChWw', 'cube.toddler.happy.util.RenamedClass7', 'cube.toddler.happy.JJfZnSzQxUpPdSnHzImDqTgKnQaQtMlQtClBgRdJbWyJbKkHeOwSe', 'cube.toddler.happy.CIyTpCtOrFoRkNwNrQjWsCsDbFmBbHnUaJyGzQj', 'cube.toddler.happy.util.RenamedClass8', 'cube.toddler.happy.FHzFuCjSoWk', 'cube.toddler.happy.XUdSiTfWeMxOoMcJdYnYbPqLzDf', 'cube.toddler.happy.RenamedClass9', 'cube.toddler.happy.EIhUwSeRqPaLxLu', 'cube.toddler.happy.inject.RenamedClass10', 'cube.toddler.happy.PRrBtWtQfIkMtBoMjGwXz', 'cube.toddler.happy.RenamedClass11', 'cube.toddler.happy.EGwZbXqKkDoSiXaDyUpYfAlGiQzCsPhDpAoPnGe', 'cube.toddler.happy.RZkRrOpTkZkYcYeIkRuSiHbJmGrXwDuKeBbIaBmMo', 'cube.toddler.happy.util.RenamedClass12', 'cube.toddler.happy.OQjCpCeEcAdZwWfWtAuZtCd', 'cube.toddler.happy.RenamedClass13', 'cube.toddler.happy.NNqSyZfOi', 'cube.toddler.happy.LJkOdOiYaOcGbCsOiMgZmZdRkWsSoClAiSiJd', 'cube.toddler.happy.RTeGrPlHwPdChIePoWlWgWs', 'cube.toddler.happy.PXjEmBaOoYuFbMfDu', 'cube.toddler.happy.PMpUeFwTbYsYaQlYeZbTiFtOiYeWoFcQsBnEaElFwImTdZjPtXzPqNd', 'cube.toddler.happy.TUsPuEnHdYmGaQpMiLcSzTfZnLrNoBqBuYuAcOd', 'cube.toddler.happy.JLnWeJnFg', 'com.google.android.gms.common.api.GoogleApiActivity', 'cube.toddler.happy.MEfSqFaMjImHuDnKsDsWcMhGsRaEgBdLePrTlXzGg', 'cube.toddler.happy.RQxNmZoOrSrJhIcXuKfWjAaTxUzSbMgHgQjUpYoXnCdKrSfJy']

Activities

Information computed with AndroGuard.

cube.toddler.happy.BFfOwQdTtZaRjDeAsAfUeNxRwCrAfQi
cube.toddler.happy.KDaBlTzPrMeNjFlRaDrYcEqHpLzDcXl
cube.toddler.happy.SWaGoYrMyPpQqZwEsDeAfZbUoCaEqHnLuScMwDbLqAmHtUfJuOuEf
cube.toddler.happy.GObAmYhIpKtItTcGwIuBeEzAjZyMsUyGtRm
cube.toddler.happy.ZGyKeThKwLjAhQxPzKtRcIdPdNfAlWqWhXoYyTt
cube.toddler.happy.util.RenamedClass3
cube.toddler.happy.FZzIaRmLmKnRoHeCgMyLgHg
cube.toddler.happy.RenamedClass4
cube.toddler.happy.HFmUcFfOoGaEnHyRgYcDnQeOdSqUhOyCwBpDnExBaKxYwLoBeFy
cube.toddler.happy.RenamedClass5
cube.toddler.happy.JNbUbIpRgWfIqZx
cube.toddler.happy.XYbTaMlFiYdCaDw
cube.toddler.happy.RenamedClass6
cube.toddler.happy.CKxPoUhLyChWw
cube.toddler.happy.util.RenamedClass7
cube.toddler.happy.JJfZnSzQxUpPdSnHzImDqTgKnQaQtMlQtClBgRdJbWyJbKkHeOwSe
cube.toddler.happy.CIyTpCtOrFoRkNwNrQjWsCsDbFmBbHnUaJyGzQj
cube.toddler.happy.util.RenamedClass8
cube.toddler.happy.FHzFuCjSoWk
cube.toddler.happy.XUdSiTfWeMxOoMcJdYnYbPqLzDf
cube.toddler.happy.RenamedClass9
cube.toddler.happy.EIhUwSeRqPaLxLu
cube.toddler.happy.inject.RenamedClass10
cube.toddler.happy.PRrBtWtQfIkMtBoMjGwXz
cube.toddler.happy.RenamedClass11
cube.toddler.happy.EGwZbXqKkDoSiXaDyUpYfAlGiQzCsPhDpAoPnGe
cube.toddler.happy.RZkRrOpTkZkYcYeIkRuSiHbJmGrXwDuKeBbIaBmMo
cube.toddler.happy.util.RenamedClass12
cube.toddler.happy.OQjCpCeEcAdZwWfWtAuZtCd
cube.toddler.happy.RenamedClass13
cube.toddler.happy.NNqSyZfOi
cube.toddler.happy.LJkOdOiYaOcGbCsOiMgZmZdRkWsSoClAiSiJd
cube.toddler.happy.RTeGrPlHwPdChIePoWlWgWs
cube.toddler.happy.PXjEmBaOoYuFbMfDu
cube.toddler.happy.PMpUeFwTbYsYaQlYeZbTiFtOiYeWoFcQsBnEaElFwImTdZjPtXzPqNd
cube.toddler.happy.TUsPuEnHdYmGaQpMiLcSzTfZnLrNoBqBuYuAcOd
cube.toddler.happy.JLnWeJnFg
com.google.android.gms.common.api.GoogleApiActivity
cube.toddler.happy.MEfSqFaMjImHuDnKsDsWcMhGsRaEgBdLePrTlXzGg
cube.toddler.happy.RQxNmZoOrSrJhIcXuKfWjAaTxUzSbMgHgQjUpYoXnCdKrSfJy

Receivers

Information computed with AndroGuard.

cube.toddler.happy.receiver.RenamedClass14
cube.toddler.happy.receiver.RenamedClass15
cube.toddler.happy.RenamedClass16

Services

Information computed with AndroGuard.

cube.toddler.happy.RenamedClass0
cube.toddler.happy.RenamedClass1
cube.toddler.happy.RenamedClass2

Sample timeline

Certificate valid not before Feb. 29, 2008, 1:33 a.m.
Oldest file found in APK Jan. 6, 2021, 10:10 p.m.
Latest file found in APK Jan. 6, 2021, 10:15 p.m.
First submission on VT Jan. 7, 2021, 12:15 p.m.
Last submission on VT Jan. 7, 2021, 12:15 p.m.
Upload on Pithus Jan. 18, 2021, 10:36 a.m.
Certificate valid not after July 17, 2035, 1:33 a.m.

MalwareBazaar

First seen 2021-02-21 18:31:42
Last seen None
Report https://bazaar.abuse.ch/sample/638f5a51aca3308e00418dc119a481feb0f72b04041a9a7fafce8587b74f62da/
ReversingLabs
Threat name Android.Infostealer.Regon
Status MALICIOUS
First seen 2021-01-07 23:17:17
Score 9/29
CERT-PL MWDB
Detection None
Report https://mwdb.cert.pl/sample/638f5a51aca3308e00418dc119a481feb0f72b04041a9a7fafce8587b74f62da/

VirusTotal

Score 30/61
Report https://www.virustotal.com/gui/file/638f5a51aca3308e00418dc119a481feb0f72b04041a9a7fafce8587b74f62da/detection

Most Popular AV Detections

Provided by VirusTotal

Threat name: regon Identified 3 times
Threat name: bankbot Identified 2 times

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application implement DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application invoke the functionality provided by the platform to securely store credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/microsoft/bing/commonlib/componentchooser/ComponentChooser.java
heart/fossil/AYiLgZnRoCzZrTiZkDqIaMqRsNmDtLeNr.java
com/microsoft/bing/commonlib/imageloader/internal/image/ViewAbstract.java
com/microsoft/bing/usbsdk/api/views/BingSearchView.java
heart/vacant/choice/recycle/QYhQmExHxMgIjMjSrWoUhItXqLyAs.java
com/microsoft/bing/usbsdk/api/searchlist/filters/GeneralFilter.java
heart/fossil/QCzTxJcEzKrMiGeBtHwKrSkSzYtQdUdYsHsEp.java
com/microsoft/mmx/common_wizard/view/DualFrameLayout.java
com/microsoft/bing/usbsdk/internal/searchlist/AutoSuggestionView.java
penalty/WEnXaCqCaBiJmDmMfMsGlEqClSdGgGi.java
com/microsoft/rewards/react/RNRewardsModule.java
heart/vacant/choice/unhappy/DQkApOlTwTmDwUcOiFiZkXqFpTpFhGgBqTzUe.java
com/microsoft/bing/visualsearch/camera/compat/api14/Camera1.java
heart/vacant/choice/ask/SQbGwZdXpYfShYzIiQtWsQeNsWdMdJyGhPmUkIdBiBnFgJqKfIhGqDb.java
heart/vacant/choice/UDkTsHzJlWzWoXdRi.java
scene/SCgScFkGzCkPzLsCaMzXxXbJiPhCyPdRjZeMhNwRw.java
heart/vacant/choice/unhappy/MBtFuNuAjXpMpIzGdXqNdTjPiQeEjYzQoXzKcCzAxDdFcBr.java
good/XGiCnRgGhGeMyUkYoZjSpXqGyTu.java
heart/fossil/KPsTcAgChDsPa.java
heart/vacant/ladder/JAsGrPkEuXsOpAgHaGdIhXdQo.java
heart/vacant/choice/QToEeUiCiFtCuMjNoLdRzKdLcEjDgAuAwSxDdOmRdNhCgJqUhAmMrFp.java
com/microsoft/mmx/continuity/initializer/AsyncInitializer.java
heart/vacant/nose/CHeAhPrCqXiFnLsYaSmObEyJtFbBjYdCnQkGtOiDtNzDxAnMaLyBeQe.java
com/microsoft/office/feedback/shared/transport/files/Manifest.java
com/microsoft/mmx/feedback/userfeedback/UserFeedbackActivityContext.java
com/microsoft/bing/usbsdk/internal/searchlist/answerviews/ASSMSAnswerView.java
heart/vacant/choice/NJuTxJwSaFqLaOuEjYfAkWmLpHeKsMuAiQdJhBaLm.java
heart/hollow/UKxOsBtTyCpAfHaDqKl.java
com/microsoft/bing/voiceai/search/VoiceSearchManager.java
com/microsoft/bing/commonlib/history/JournalStore.java
com/microsoft/bing/commonlib/imageloader/api/ImageLoader.java
heart/hollow/IKgWzAtJoDjDiMiQqIsReRyKoFrSrKlHkTkEdSzNx.java
heart/vacant/choice/WPdCdTaScTmHoAsQzImTySaFkKiDoNdSsHeAmInRe.java
com/microsoft/bing/instantsearchsdk/api/InstantSearchManager.java
heart/worth/ARkZzRiTbHeOrJsSxGxMqNeZwEqOfXlSgZeWiDzZr.java
heart/vacant/nose/OKkWzPzSrSmMpDeKsDlXgCtHrMl.java
heart/account/BZnGlHiJwYxJeMoBgIpRwRbZiHiNsBsJsIsWkToOrHuYiXrMt.java
com/microsoft/mmx/continuity/initializer/AsyncInitializerTask.java
heart/vacant/choice/EYoRrWkCzUfHdEzUw.java
com/microsoft/bing/speechrecognition/processor/SpeechTelemetry.java
com/microsoft/bing/visualsearch/util/RotateImageTask.java
heart/vacant/choice/UOdZiByDuLwEpIoQpKuOsBnKoOtTaLbZwLgRzHqDfWgKiRtUwMh.java
com/microsoft/bing/commonlib/imageloader/internal/flashcache/LruDiskCache.java
com/microsoft/bing/network/websocket/api/WebSocketConnection.java
heart/vacant/choice/recycle/JYuJjRtDiYeFoLwKjPtXdOcBwEaPbEmPqHsCxMfNqYhSgKbIoTmXk.java
heart/vacant/choice/FBhLjGzNt.java
heart/vacant/prefer/UDfAqPzEuCbTfIaFxFmOlIwCrTdXgUtXc.java
com/microsoft/bing/commonlib/imageloader/api/ImageLoaderConfiguration.java
com/microsoft/bing/visualsearch/camera/compat/api21/Camera2.java
heart/fossil/WTjAjAmIaKnYjOlTlAnQlZpXjXlYnFaGgTaMiBuYrSgFfAwAwLi.java
heart/vacant/prefer/WLoDlXgCeZuDdTsXuHmEnMqRgOeLnUdGiMaOtDh.java
diary/ZQtQqInLnWnXgGlDjBjKpBlPyQmPkWlIbSzKyUpImJlIgXtUnQc.java
heart/vacant/choice/recycle/BEsNbUeKmJdDnMpFdJzSrIrUaDyXkTqDyWpRbZnGzGnIcFjPgAtPx.java
canvas/XOsDkFmRuOcZtEiLoYbChYoOtKqWcEsQyQzDlXmSd.java
scene/FTlMrIyCzYsChNpXjDcAuBeFqOsOkJnIjZmAi.java
heart/vacant/ladder/XNiXmQh.java
heart/vacant/choice/QDmRrYgGuBxMwPmGsNoUwBxOcTcFl.java
com/microsoft/bing/speechrecognition/recorder/MicrophoneRecorder.java
heart/vacant/choice/unhappy/ZTyAbJeBhNuZkToTnRkQy.java
heart/vacant/panda/WCyGoBdTsEnJjKrNyBtHpMdGsCnRxMnErGgWsLaJbApQdTx.java
diary/UIxRaSySoKoCwMnAtLhRiZbKpCwSwOpTwXuDmQmJmHsKoRpBqKlAzDp.java
com/microsoft/bing/constantslib/Constants.java
penalty/AGiSuDzBeNpMdLrMxYaYxPqGwJyQdTlJtWxQsOaSdSfZdDdXcUzNcYt.java
com/microsoft/ruby/anaheim/SyncSwitchConfirmDialogFragment.java
penalty/RMzYgYgWdMkJoZzLf.java
heart/vacant/choice/ask/XPhSqOjAgLsJiZnOlJaAkWsTlSrUeOhLk.java
com/microsoft/mmx/reporting/SharedStateManager.java
com/microsoft/bing/commonlib/utils/HanziToPinyin.java
heart/vacant/choice/recycle/ZCuKsHgWfXeUoJpKyJkPkSaWs.java
com/microsoft/bing/commonlib/imageloader/internal/DefaultConfigurationFactory.java
canvas/MCoUeZyNzAdGi.java
heart/surprise/UHgWiNuNfYjMaNpBfQjCkRhPzNn.java
com/microsoft/onlineid/internal/log/LogInstance.java
com/microsoft/mmx/continuity/ui/DebugActivity.java
diary/JBaStQcTzArGtQiLkQnLnTeYrZsQsTjNj.java
canvas/OWbHmBnPpZwTfUwRyQoQqNkJdBdPeDlFwIzAfKnPfLuZi.java
diary/XFjXlQpUjIuKrJsInUfRxRyAuYlKwSdIdAwIhSnZkSbJwMo.java
heart/vacant/nose/UQiLfGwGmMnKpItJmJaQjHh.java
heart/vacant/choice/OEaEsIxDoZzRhOxEoIsEiGwNeTdQcWo.java
com/microsoft/mmx/feedback/data/DiagnosticData.java
com/microsoft/bing/commonlib/utils/CommonUtility.java
com/microsoft/mmx/feedback/data/collector/scoped/mmx/MMXDataCollector.java
heart/surprise/YZmSkEjWiZtLuKoOnLrPqLuOlLfKsOwRcDlPnPdCyXyRk.java
com/microsoft/bing/commonlib/imageloader/internal/decode/BaseImageDecoder.java
diary/KZwCnMiOoCn.java
heart/vacant/prefer/RHyGmFmEjYdFxDjHlWwCjUsGhDyKmNzZyIhCpNoXkMnFmXhYhRmApLk.java
heart/vacant/ladder/BAqCeTyFwWgSzFhBtXeAgCbFjUrYzPbHjIjYzFnNrIqWlGsOm.java
heart/vacant/ladder/LEwPkPcRrYhLpMh.java
heart/worth/MIdXqNnDp.java
heart/vacant/choice/unhappy/DTyKoMqDqLbMpOfIrIeXiKgZtFcKoQf.java
com/microsoft/security/oss/PRNGFixes$LinuxPRNGSecureRandom.java
good/WPgElOcFo.java
com/microsoft/bing/speechrecognition/processor/SpeechUtility.java
heart/vacant/prefer/EAaOzMqDpLiEtZzZoNoTnAyFpIcBhMiMyNpBeXmLbNgQrDzNo.java
com/microsoft/bing/visualsearch/util/CurrencyUtil.java
com/microsoft/bing/commonlib/utils/thread/ThreadUtils.java
heart/account/JRxCkAuHrGoOjMxXcNsShQsMhTmPaJpLqJc.java
com/microsoft/ruby/branding/BrandInfoManager.java
com/microsoft/mmx/continuity/logging/ContinuityLogger.java
diary/RLsUkAtEbRuZtJnZsUuNzDjQkQkQsFpTnOuHdYiIbQyUb.java
com/microsoft/bing/commonlib/imageloader/api/LoadAndDisplayImageTask.java
com/microsoft/bing/instantsearchsdk/internal/views/InstantContentView.java
heart/vacant/choice/JKiTkIyWkGgGpKiNwFlYaUx.java
com/microsoft/bing/usbsdk/internal/utils/Utility.java
heart/vacant/choice/FFaAlFgNdFuTkNkJpDoRrJbSaInJsEkRlGtGlElNdIrYiQo.java
penalty/EPuSfLxJcTiHxEpKzQqSnCjHqBjKbIpYkEgKkCb.java
com/microsoft/mmx/reporting/PostRequestService.java
com/microsoft/bing/answer/api/contexts/builder/BusinessASBuilderContext.java
canvas/CLfLdJsBu.java
heart/vacant/nose/MBjCkIkDz.java
com/microsoft/bing/speechrecognition/processor/SpeechRecognitionClient.java
com/microsoft/bing/partnercodelib/api/InstallListener.java
com/microsoft/mmx/feedback/userfeedback/ui/UserFeedbackActivity.java
com/microsoft/bing/answer/api/AnswerSDKManager.java
penalty/XAkXjNoLcQqKfGbXlBiKlIzEmPgUkCzRqNkSqAcIfLnNkUi.java
com/microsoft/bing/visualsearch/cameraui/CameraFragment.java
com/microsoft/bing/commonlib/imageloader/internal/image/ImageViewAbstract.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/microsoft/bing/commonlib/instrumentation/InstrumentationUtils.java
com/microsoft/bing/constantslib/Constants.java
com/microsoft/identity/common/adal/internal/AuthenticationConstants.java
com/microsoft/bing/constantslib/ConstantsVoiceAI.java
com/microsoft/identity/common/internal/broker/BrokerResult.java
com/microsoft/onlineid/internal/storage/TypedStorage.java
com/microsoft/reactnative/RNBaseModule.java
com/microsoft/bing/commonlib/preference/PreferenceConstants.java
com/microsoft/onlineid/internal/sso/BundleMarshaller.java
com/microsoft/identity/common/internal/dto/AccountRecord$SerializedNames.java
com/microsoft/onlineid/internal/sts/CookieManager.java
com/microsoft/identity/common/internal/dto/Credential$SerializedNames.java
com/microsoft/bing/partnercodelib/api/InstallListener.java
com/microsoft/mmx/continuity/MMXConstants.java
com/microsoft/identity/common/internal/broker/BrokerRequest.java
com/microsoft/onlineid/internal/AppProperties.java
com/microsoft/powerlift/PowerLiftClient.java
com/microsoft/mmx/continuity/controller/FindingDevicesController.java
com/microsoft/onlineid/internal/MsaService.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/microsoft/mmx/continuity/ui/DebugActivity.java
com/microsoft/bing/visualsearch/util/PictureUtil.java
com/microsoft/mmx/continuity/registration/DeviceRegistrarViaClientSdk.java
com/microsoft/ruby/file_explorer/FileExplorerView.java
com/microsoft/connecteddevices/DeviceProperties.java
com/microsoft/onlineid/internal/log/ErrorReportManager.java
com/microsoft/mmx/logging/LocalLogger.java
High
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 com/microsoft/bing/speechrecognition/processor/SpeechRecognitionClient.java
com/microsoft/bing/commonlib/utils/CommonUtility.java
High
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/microsoft/connecteddevices/AFCDataAceessLayer.java
com/microsoft/bing/commonlib/history/JournalStore.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 com/microsoft/connecteddevices/DeviceProperties.java
Info
CVSS:0
This App uses an SSL Pinning Library (org.thoughtcrime.ssl.pinning) to prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 com/microsoft/informationprotection/communication/CustomTrustManager.java
High
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/microsoft/bing/visualsearch/util/PictureUtil.java
com/microsoft/bing/visualsearch/util/VisualSearchUtil.java
Pygal Austria: 100 China: 700 Germany: 1300 United Kingdom: 200 Hong Kong: 100 Ireland: 13300 Korea, Republic of: 100 Netherlands: 1000 Russian Federation: 1900 Singapore: 400 United States: 2500

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']
Medium Base config is configured to trust system certificates.
Scope: ['*']

Domains analysis

Information computed with MobSF.

IE tw.search.yahoo.com 212.82.100.137
US centralus.api.cognitive.microsoft.com 168.61.158.107
IE de.search.yahoo.com 212.82.100.137
IE nl.images.search.yahoo.com 212.82.100.137
US powerlift-frontdesk.acompli.net 104.214.20.35
IE sg.video.search.yahoo.com 212.82.100.137
storage.2s
RU www.yandex.com.tr 87.250.255.11
DE privacy.microsoft.com 2.21.38.54
IE pe.news.search.yahoo.com 212.82.100.137
RU suggest.yandex.ua 213.180.204.63
IE mx.news.search.yahoo.com 212.82.100.137
US www.so.com 104.192.110.226
IE fi.news.search.yahoo.com 212.82.100.137
IE fr.search.yahoo.com 212.82.100.137
US opalupload.azurewebsites.net 40.83.145.50
IE dk.images.search.yahoo.com 212.82.100.137
RU yandex.kz 5.255.255.55
IE se.search.yahoo.com 212.82.100.137
IE qc.search.yahoo.com 212.82.100.137
IE se.news.search.yahoo.com 212.82.100.137
GB www.bingapis.com 13.107.13.80
RU m.news.yandex.by 87.250.251.12
IE images.search.yahoo.com 212.82.100.137
pf.directory.live.com
IE malaysia.video.search.yahoo.com 212.82.100.137
IE ar.news.search.yahoo.com 212.82.100.137
NL graph.microsoft.com 40.126.9.51
IE cl.news.search.yahoo.com 212.82.100.137
IE gr.search.yahoo.com 212.82.100.137
US ss.uk.ask.com 34.102.208.152
IE maktoob.search.yahoo.com 212.82.100.137
US m.so.com 104.192.110.225
US centralus.stt.speech.microsoft.com 20.37.157.98
DE m.v.sogou.com 49.51.130.237
US dev-powerlift-gym.acompli.net 104.214.20.0
gr.video.search.yahoo.com
IE br.video.search.yahoo.com 212.82.100.137
US br.ask.com 151.101.114.114
RU yandex.com.tr 87.250.255.11
IE ar.video.search.yahoo.com 212.82.100.137
SG southeastasia.stt.speech.microsoft.com 20.43.132.0
IE at.news.search.yahoo.com 212.82.100.137
IE es.images.search.yahoo.com 212.82.100.137
IE malaysia.images.search.yahoo.com 212.82.100.137
DE aka.ms 23.211.149.25
IE ar.images.search.yahoo.com 212.82.100.137
IE id.news.search.yahoo.com 212.82.100.137
IE maktoob.images.search.yahoo.com 212.82.100.137
IE nz.search.yahoo.com 212.82.100.137
CN suggestion.baidu.com 39.156.68.207
KR search.naver.com 125.209.230.167
IE qc.images.search.yahoo.com 212.82.100.137
IE vn.news.search.yahoo.com 212.82.100.137
sp.br.ask.com
RU yandex.ru 77.88.55.77
IE mx.images.search.yahoo.com 212.82.100.137
IE ph.news.search.yahoo.com 212.82.100.137
IE in.video.search.yahoo.com 212.82.100.137
RU yandex.ua 80.239.201.92
IE login.microsoftonline.com 20.190.159.132
IE petrol.office.microsoft.com 138.91.50.119
IE uk.news.search.yahoo.com 212.82.100.137
IE cl.images.search.yahoo.com 212.82.100.137
IE nz.video.search.yahoo.com 212.82.100.137
IE maktoob.video.search.yahoo.com 212.82.100.137
sp.uk.ask.com
IE ch.video.search.yahoo.com 212.82.100.137
DE www.naver.com 104.75.88.197
US ss.ask.com 34.102.208.152
IE de.video.search.yahoo.com 212.82.100.137
RU m.news.yandex.ru 87.250.251.12
RU suggest.yandex.by 213.180.204.63
nl.video.search.yahoo.com
IE pe.search.yahoo.com 212.82.100.137
IE ve.news.search.yahoo.com 212.82.100.137
gr.images.search.yahoo.com
IE au.video.search.yahoo.com 212.82.100.137
IE fi.images.search.yahoo.com 212.82.100.137
NL olmprodpowerlift-cdn.azureedge.net 13.107.246.13
IE co.video.search.yahoo.com 212.82.100.137
IE hk.search.yahoo.com 212.82.100.137
tr.video.search.yahoo.com
DE pic.sogou.com 49.51.130.237
CN m.image.so.com 171.8.167.62
IE co.news.search.yahoo.com 212.82.100.137
US c.bingapis.com 204.79.197.200
IE in.images.search.yahoo.com 212.82.100.137
JP search.yahooapis.jp 182.22.31.124
US www.ask.com 151.101.14.114
IE in.news.search.yahoo.com 212.82.100.137
IE sg.images.search.yahoo.com 212.82.100.137
IE ve.video.search.yahoo.com 212.82.100.137
DE api.sugg.sogou.com 49.51.130.237
IE th.images.search.yahoo.com 212.82.100.137
IE ch.images.search.yahoo.com 212.82.100.137
AT go.microsoft.com 92.123.16.55
IE ph.video.search.yahoo.com 212.82.100.137
IE malaysia.news.search.yahoo.com 212.82.100.137
IE at.images.search.yahoo.com 212.82.100.137
JP news.yahoo.co.jp 182.22.16.251
RU suggest.yandex.kz 213.180.204.63
US petrol-int.office.microsoft.com 52.183.93.38
IE au.images.search.yahoo.com 212.82.100.137