Moderate Risk

Threat level

com.guanhong.guanhongpcb

IncarPcbTest

Analyzed on 2021-12-09T08:12:06.731982

25

permissions

1

activities

0

services

2

receivers

0

domains

File sums

MD5 5576c469cce941a22908c53aef33306b
SHA1 6b6cfaf2dd9f8526c3914606180a9019cc4eecd7
SHA256 9e61eb18b411e4e171bd548f0c52db526d5fe61834fe09dfe35c4a69cac29381
Size 0.54MB

APKiD

Information computed with APKiD.

/tmp/tmpl7hgjwe3!classes.dex
yara_issue
  • yara issue - dex file recognized by apkid but not yara module
compiler
  • unknown (please file detection issue!)

SSdeep

Information computed with ssdeep.

APK file 12288:+x+XBwCO/A4gigs+g3/jSC7iUMk6ieo8XhRSO4vAZ:USwL1giv+g3/jSC7iUMk63rXuO4vM
Manifest 192:OCrKsq9Y2pLMLAQi38ilHPTfAXvQFoWcKVzpO06Kpm5SfqBxJmEJf:OCrKsq9Y2pL…
classes.dex 6144:9+PkrDykmZBw47d7OpWqAmVRgiNxkdf3aM4Rb+g3/jSC7iUMk6i3TdIQxLOP:9x+…

Dexofuzzy

Information computed with Dexofuzzy.

classes.dex None

APK details

Information computed with AndroGuard and Pithus.

Package com.guanhong.guanhongpcb
App name IncarPcbTest
Version name 1.0
Version code 1
SDK 30 - 30
UAID 2fce2cf1103b1106399694909502299f73a57ea1
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 124aa6cd95f42b5c8b38e185a0c685c2
SHA1 f1a54a3f024a8d1b74d1ff1f74d3be66ed79312e
SHA256 5304915c4bb7baca28776231993996fde1baffcbbe6500fb0fc7f2d3a2888cb7
Issuer Common Name: release, Organizational Unit: Zhantang, Organization: Zhantang, Locality: SH, State/Province: SH, Country: CN
Not before 2015-01-21T15:25:54+00:00
Not after 2042-06-08T15:25:54+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Broadcast Receiver (com.guanhong.guanhongpcb.StartReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.guanhong.guanhongpcb.MediaMountReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Dailer Code: 555666 Found [android:scheme="android_secret_code"]
A secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.

Activities

Information computed with AndroGuard. 

com.guanhong.guanhongpcb.GuanhongTools

Receivers

Information computed with AndroGuard. 

com.guanhong.guanhongpcb.StartReceiver
com.guanhong.guanhongpcb.MediaMountReceiver

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'bluetooth', 'camera', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files: 
 com/guanhong/guanhongpcb/GuanhongTools.java
 com/guanhong/itemstest/MemeryItme.java
 com/guanhong/itemstest/SIMItem.java
 com/guanhong/guanhongpcb/StartReceiver.java
 com/guanhong/guanhongpcb/Preview.java
 com/guanhong/util/WifiTestUtil.java
 com/guanhong/itemstest/VersionTest.java
 com/guanhong/itemstest/NandItem.java
 com/guanhong/util/BtTestUtil.java
 com/guanhong/receiver/guanhongUsbReceiver.java
 com/guanhong/guanhongpcb/MediaMountReceiver.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files: 
 com/guanhong/guanhongpcb/GuanhongTools.java
 com/guanhong/itemstest/NandItem.java

Permissions analysis

Information computed with MobSF.

High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.GET_TASKS retrieve running applications
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.MOUNT_UNMOUNT_FILESYSTEMS mount and unmount file systems
Allows the application to mount and unmount file systems for removable storage.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.DISABLE_KEYGUARD Allows applications to disable the keyguard if it is not secure.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.BLUETOOTH_ADMIN bluetooth administration
Allows applications to discover and pair bluetooth devices.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Medium android.permission.FORCE_STOP_PACKAGES force-stop other applications
Allows an application to stop other applications forcibly.
Medium android.permission.WRITE_SECURE_SETTINGS modify secure system settings
Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium android.permission.MODIFY_PHONE_STATE modify phone status
Allows the application to control the phone features of the device. An application with this permission can switch networks, turn the phone radio on and off and the like, without ever notifying you.
Medium android.permission.CALL_PRIVILEGED directly call any phone numbers
Allows the application to call any phone number, including emergency numbers, without your intervention. Malicious applications may place unnecessary and illegal calls to emergency services.
android.permission.WRITE_OWNER_DATA Unknown permission
Unknown permission from android reference
android.permission.LOCATION Unknown permission
Unknown permission from android reference
android.permission.SYSTEM_OVERLAY_WINDOW Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Query the IMEI number
Confidence:
100%
Method reflection
Confidence:
100%
Use absolute path of directory for the output media file path
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Method reflection
Confidence:
100%
Query WiFi information and WiFi Mac Address
Confidence:
100%
Check the list of currently running applications
Confidence:
80%
Get absolute path of the file and store in string
Confidence:
80%
Get the current WIFI information
Confidence:
80%
Query the IMEI number
Confidence:
80%
Get the current WiFi MAC address

Behavior analysis

Information computed with MobSF.

Execute os command 
       com/guanhong/itemstest/NandItem.java
Gps location 
       com/guanhong/guanhongpcb/GuanhongTools.java
Get installed applications 
       com/guanhong/guanhongpcb/GuanhongTools.java
Get system service 
       com/guanhong/guanhongpcb/GuanhongTools.java
       com/guanhong/itemstest/MemeryItme.java
       com/guanhong/itemstest/SIMItem.java
       com/guanhong/guanhongpcb/MediaMountReceiver.java
Get wifi details 
       com/guanhong/guanhongpcb/GuanhongTools.java
Inter process communication 
       com/guanhong/guanhongpcb/GuanhongTools.java
       com/guanhong/guanhongpcb/StartReceiver.java
       com/guanhong/util/WifiTestUtil.java
       com/guanhong/util/BtTestUtil.java
       com/guanhong/receiver/guanhongUsbReceiver.java
       com/guanhong/guanhongpcb/MediaMountReceiver.java
Local file i/o operations 
       com/guanhong/itemstest/NandItem.java
Starting activity 
       com/guanhong/guanhongpcb/GuanhongTools.java
       com/guanhong/guanhongpcb/StartReceiver.java
       com/guanhong/guanhongpcb/MediaMountReceiver.java

Control flow graphs analysis

Information computed by Pithus.

The application probably lists running applications

The application probably dynamically loads code

The application probably gets different information regarding the telephony capabilities

The application probably gets the IMEI of the phone

The application probably gets the location based on GPS and/or Wi-Fi

The application probably scans the Wi-Fi network

The application probably gets the Wi-Fi connection information

The application probably gets network interfaces addresses (IP and/or MAC)

The application probably uses the phone sensors

The application probably executes OS commands

The application probably records media (audio and/or video