1/61

Threat

cz.hipercalc.pro

HiPER Calc Pro

Analyzed on 2022-08-15T01:41:27.808335

3

permissions

17

activities

2

services

0

receivers

1

domains

File sums

MD5 37a12c3d0e416b18ed7df10e3c1057c4
SHA1 b431df2337835877b4c3ad859bbaf297de6bd9b8
SHA256 a061b6d11cad912e62f99af7f61cb702b6553704df9d5924e934a44a305d1cdd
Size 3.7MB

APKiD

Information computed with APKiD.

/tmp/tmpk11m6g21!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
  • Build.TAGS check
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 98304:S7F9TgyCuvWNm6RXCdYvgIIuKeG+0gOSCLv+p1wr2Xq:SfTgyCMWFRX6YoIZKK/Ox6p1wr26
Manifest 192:njKpce7ektuc2gV17CqoK7rCCTPTFT7TLvT+TS/S5tgcuopDM8:+C6ektuc2gV17C…
classes.dex 49152:XGB7/EfH4Ou0zBODNUQdVTmIxGj+g4QDbSNFpVJS0vMOAxwBKsNpfY:WR/EfH4O…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:oLG588TYFUdXuzSP9cVyCGnK1NOtMtoAzUXd:AGSCgUtXP9c0GGtB
classes.dex 6144:oLG588TYFUdXuzSP9cVyCGnK1NOtMtoAzUXd:AGSCgUtXP9c0GGtB

APK details

Information computed with AndroGuard and Pithus.

Package cz.hipercalc.pro
App name HiPER Calc Pro
Version name 10.0.1
Version code 182
SDK 16 - 30
UAID 853ff203b41f15e1f32124f467fafab0a67c7355
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Activity (app.hipercalc.SendCrashReportActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Launch Mode of Activity (com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Main Activity

Information computed with AndroGuard.

app.hipercalc.CalculatorActivity

Activities

Information computed with AndroGuard.

app.hipercalc.CalculatorActivity
app.hipercalc.SendCrashReportActivity
app.hipercalc.view.theme.ThemeActivity
app.hipercalc.view.detail.DetailActivity
app.hipercalc.view.help.HelpActivity
app.hipercalc.view.settings.SettingsActivity
app.hipercalc.view.settings.KeyboardParamsActivity
app.hipercalc.view.settings.KeysFunctionsActivity
app.hipercalc.view.resulthistory.ResultHistoryActivity
app.hipercalc.view.memory.MemoryActivity
app.hipercalc.view.valueEdit.ValueEditActivity
app.hipercalc.view.valueEdit.VariableEditActivity
app.hipercalc.view.constants.ConstantsActivity
app.hipercalc.view.conversions.ConversionsActivity
app.hipercalc.view.upgrade.UpgradeActivity
com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity
com.google.android.play.core.common.PlayCoreDialogWrapperActivity

Services

Information computed with AndroGuard.

com.google.android.play.core.assetpacks.AssetPackExtractionService
com.google.android.play.core.assetpacks.ExtractionForegroundService

Sample timeline

Certificate valid not before Feb. 29, 2008, 1:33 a.m.
First submission on VT June 23, 2022, 10:51 a.m.
Oldest file found in APK June 23, 2022, 12:22 p.m.
Latest file found in APK June 23, 2022, 12:22 p.m.
Last submission on VT Aug. 6, 2022, 11:12 a.m.
Upload on Pithus Aug. 15, 2022, 1:41 a.m.
Certificate valid not after July 17, 2035, 1:33 a.m.

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_COP.1.1(2) The application perform cryptographic hashing services in accordance with a specified cryptographic algorithm SHA-1/SHA-256/SHA-384/SHA-512 and message digest sizes 160/256/384/512 bits.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 android_os/rba.java
android_os/cw.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 android_os/qka.java
Pygal United States: 100

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US hiper-calc-android.firebaseio.com 34.120.160.131

URL analysis

Information computed with MobSF.

https://hiper-calc-android.firebaseio.com
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Start another application from current application
Confidence:
100%
Load external class
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get absolute path of the file and store in string
Confidence:
100%
Get last known location of the device
Confidence:
100%
Get calendar information
Confidence:
100%
Get location of the device
Confidence:
100%
Method reflection
Confidence:
100%
Hide the current app's icon
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Get system service
       android_os/nga.java
android_os/qka.java
Inter process communication
       android_os/lr.java
android_os/iw.java
android_os/kca.java
app/hipercalc/AlternativeActivity.java
android_os/lja.java
app/hipercalc/view/memory/MemoryActivity.java
android_os/yda.java
app/hipercalc/view/upgrade/UpgradeActivity.java
app/hipercalc/view/valueEdit/ValueEditActivity.java
android_os/vr.java
app/hipercalc/view/settings/KeysFunctionsActivity.java
app/hipercalc/view/valueEdit/VariableEditActivity.java
app/hipercalc/view/settings/SettingsActivity.java
android_os/tr.java
android_os/rba.java
android_os/yu.java
app/hipercalc/view/resulthistory/ResultHistoryActivity.java
app/hipercalc/SendCrashReportActivity.java
android_os/wo.java
app/hipercalc/view/settings/KeyboardParamsActivity.java
app/hipercalc/CalculatorActivity.java
android_os/fs.java
android_os/yka.java
app/hipercalc/view/conversions/ConversionsActivity.java
android_os/ska.java
Java reflection
       android_os/ega.java
Local file i/o operations
       android_os/kca.java
Set or read clipboard data
       android_os/qka.java
Starting activity
       android_os/lr.java
android_os/iw.java
android_os/kca.java
android_os/vr.java
app/hipercalc/CalculatorActivity.java
android_os/yu.java
app/hipercalc/view/settings/SettingsActivity.java
android_os/fs.java
android_os/yka.java
app/hipercalc/view/memory/MemoryActivity.java
android_os/ska.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably starts another application