1/61

Threat

com.google.android.apps.tachyon

Duo Installer

Analyzed on 2022-06-21T23:48:04.523556

40

permissions

0

activities

0

services

0

receivers

0

domains

File sums

MD5 a56934e8cc25d414192fe0b07a2bab17
SHA1 8158f58c746aa58f5599b60bef25abcf44be75d8
SHA256 9670382eed9632803256bf74c709397a8f21fb2c07dffbcb5e2ebe3fd5068611
Size 0.02MB

APKiD

Information computed with APKiD.

/tmp/tmp4lb3oogb!classes.dex
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 768:5nBYrmqYTZOge9nna7pwxHxCx9xGIV+IVQ:gJYTZ/e9ncwxHxCx9xvdy
Manifest 192:hSWbOdK2Yp31J/7pyN4eAtZ+9JkAiQFBacCNnXYZkTnTTn4TCTyTRAkijQS2TPjY:…
classes.dex 192:akHIylX7ZE1L6ckGiR1WYr31EcFqJ45uApyu/0PBTq8m7BAB463nSd9ivw40OGhw:…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6:Lsh7bHFdIjZnE0Ah1JFdlCDLjHXdRmPFUMp82TSCS7A4mhRrT1lxTGNarBCh9CdE:gz…
classes.dex 6:Lsh7bHFdIjZnE0Ah1JFdlCDLjHXdRmPFUMp82TSCS7A4mhRrT1lxTGNarBCh9CdE:gz…

APK details

Information computed with AndroGuard and Pithus.

Package com.google.android.apps.tachyon
App name Duo Installer
Version name 0.1
Version code 1
SDK 21 - 29
UAID 531a51a944b6a14acb0fad4f0303aa658922b879
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x6dff800d: Source stamp V2 X509 cert
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 3e6040d818dc64323ad5f9362e6b1059
SHA1 a0bc09af527b6397c7a9ef171d6cf76f757becc3
SHA256 7caab6e6ba700e0ddcf75cca52b8c3b19a3c7d23308f7eb177a64eb2476197bd
Issuer Common Name: corp_tachyon, Organizational Unit: Android, Organization: Google Inc., Locality: Mountain View, State/Province: California, Country: US
Not before 2015-01-23T19:11:23+00:00
Not after 2042-06-10T19:11:23+00:00

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before Jan. 23, 2015, 7:11 p.m.
First submission on VT Jan. 22, 2021, 12:59 a.m.
Last submission on VT Nov. 30, 2021, 1:58 a.m.
Upload on Pithus June 21, 2022, 11:48 p.m.
Certificate valid not after June 10, 2042, 7:11 p.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['microphone', 'bluetooth', 'camera', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['address book'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 a/a/a/a.java
a/a/a/e.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 a/a/a/e.java

Permissions analysis

Information computed with MobSF.

High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.READ_PROFILE read the user's personal profile data
Allows an application to read the user's personal profile data.
High android.permission.READ_CONTACTS read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High android.permission.WRITE_CONTACTS write contact data
Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.GET_ACCOUNTS list accounts
Allows access to the list of accounts in the Accounts Service.
High android.permission.WRITE_CALL_LOG Allows an application to write (but not read) the user's call log data.
High android.permission.AUTHENTICATE_ACCOUNTS act as an account authenticator
Allows an application to use the account authenticator capabilities of the Account Manager, including creating accounts as well as obtaining and setting their passwords.
High android.permission.MANAGE_ACCOUNTS manage the accounts list
Allows an application to perform operations like adding and removing accounts and deleting their password.
Low android.permission.MODIFY_AUDIO_SETTINGS change your audio settings
Allows application to modify global audio settings, such as volume and routing.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.CHANGE_NETWORK_STATE change network connectivity
Allows applications to change network connectivity state.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.READ_SYNC_STATS read sync statistics
Allows an application to read the sync stats; e.g. the history of syncs that have occurred.
Low android.permission.WRITE_SYNC_SETTINGS write sync settings
Allows an application to modify the sync settings, such as whether sync is enabled for Contacts.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Low com.sec.android.provider.badge.permission.READ Show notification count on app
Show notification count or badge on application launch icon for samsung phones.
Low com.sec.android.provider.badge.permission.WRITE Show notification count on app
Show notification count or badge on application launch icon for samsung phones.
Low com.htc.launcher.permission.READ_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for htc phones.
Low com.htc.launcher.permission.UPDATE_SHORTCUT Show notification count on app
Show notification count or badge on application launch icon for htc phones.
Low com.sonyericsson.home.permission.BROADCAST_BADGE Show notification count on app
Show notification count or badge on application launch icon for sony phones.
Low com.sonymobile.home.permission.PROVIDER_INSERT_BADGE Show notification count on app
Show notification count or badge on application launch icon for sony phones.
Low com.anddoes.launcher.permission.UPDATE_COUNT Show notification count on app
Show notification count or badge on application launch icon for apex.
Low com.majeur.launcher.permission.UPDATE_BADGE Show notification count on app
Show notification count or badge on application launch icon for solid.
Low com.huawei.android.launcher.permission.CHANGE_BADGE Show notification count on app
Show notification count or badge on application launch icon for huawei phones.
Low com.huawei.android.launcher.permission.READ_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for huawei phones.
Low com.huawei.android.launcher.permission.WRITE_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for huawei phones.
Low android.permission.READ_APP_BADGE show app notification
Allows an application to show app icon badges.
Low com.oppo.launcher.permission.READ_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for oppo phones.
Low com.oppo.launcher.permission.WRITE_SETTINGS Show notification count on app
Show notification count or badge on application launch icon for oppo phones.
Low android.permission.GET_PACKAGE_SIZE measure application storage space
Allows an application to find out the space used by any package.
Medium com.google.android.c2dm.permission.RECEIVE C2DM permissions
Permission for cloud to device messaging.
com.google.android.providers.gsf.permission.READ_GSERVICES Unknown permission
Unknown permission from android reference
com.android.launcher.permission.INSTALL_SHORTCUT Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Method reflection
Confidence:
80%
Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Java reflection
       a/a/a/a.java
Local file i/o operations
       a/a/a/e.java

Control flow graphs analysis

Information computed by Pithus.