0/61
Threat
Analyzed on 2021-11-22T06:16:38.571498
MD5 | 6380c3e7eccf739ca6095f95d4c12e86 | |
SHA1 | 489f82b0c3736b8a9add16e4ddaa936890a2cd26 | |
SHA256 | aa989cb0e68dd7e8debfd1370f092f562dd608c10ad600c8ee45d64ff697b0d0 | |
Size | 56.85MB |
Information computed with APKiD.
/tmp/tmp8aq2gcvy!classes.dex | |
anti_vm |
|
compiler |
|
/tmp/tmp8aq2gcvy!classes2.dex | |
anti_vm |
|
compiler |
|
Information computed with ssdeep.
APK file | 1572864:neTdeOQ2d3f2F4hK3gc4DnsO3Hn5f2NQuM+6wvY:nCd7Rpf2F4B7scn5f2N3M3wvY | |
Manifest | 384:hz8eDzOevyGBtQkRknNWJ0p30pRja8TRAkirSK0eRw5azLpKH:hz8eDzOevyGBtQk… | |
classes.dex | 49152:dUGuxU3i8GhLfnfYSSLuLXjckMBq1x0lZz+PLJndz3V/K62EAj4I6nx6IjZ4INk… | |
classes2.dex | 49152:GyWNYbY+cPYbvXNh/uXvB/As4C+4CkHpHc2KUC:1Y80DL4543HDKn |
Information computed with Dexofuzzy.
Information computed with AndroGuard and Pithus.
Information computed with AndroGuard.
Information computed with MobSF.
High | Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.google.android.c2dm.permission.SEND [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.google.android.c2dm.permission.SEND [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Oldest file found in APK | Jan. 1, 1981, 1:01 a.m. |
Latest file found in APK | Jan. 1, 1981, 1:01 a.m. |
Certificate valid not before | Dec. 31, 2013, 10:35 p.m. |
First submission on VT | Nov. 18, 2021, 7:12 a.m. |
Last submission on VT | Nov. 18, 2021, 7:12 a.m. |
Upload on Pithus | Nov. 22, 2021, 6:16 a.m. |
Certificate valid not after | April 30, 2052, 10:35 p.m. |
Information computed by Pithus.
Score | 0/61 |
Report | https://www.virustotal.com/gui/file/aa989cb0e68dd7e8debfd1370f092f562dd608c10ad600c8ee45d64ff697b0d0/detection |
Information computed with MobSF.
FCS_RBG_EXT.1.1 | The application invoke platform-provided DRBG functionality for its cryptographic operations. Random Bit Generation Services |
FCS_STO_EXT.1.1 | The application does not store any credentials to non-volatile memory. Storage of Credentials |
FCS_CKM_EXT.1.1 | The application implement asymmetric key generation. Cryptographic Key Generation Services |
FDP_DEC_EXT.1.1 | The application has access to ['network connectivity']. Access to Platform Resources |
FDP_DEC_EXT.1.2 | The application has access to no sensitive information repositories. Access to Platform Resources |
FDP_NET_EXT.1.1 | The application has user/application initiated network communications. Network Communications |
FDP_DAR_EXT.1.1 | The application implement functionality to encrypt sensitive data in non-volatile memory. Encryption Of Sensitive Application Data |
FMT_MEC_EXT.1.1 | The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options. Supported Configuration Mechanism |
FTP_DIT_EXT.1.1 | The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product. Protection of Data in Transit |
FCS_RBG_EXT.2.1 FCS_RBG_EXT.2.2 |
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. Random Bit Generation from Application |
FCS_CKM.1.1(1) | The application generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater. Cryptographic Asymmetric Key Generation |
FCS_COP.1.1(2) | The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5. Cryptographic Operation - Hashing |
FCS_HTTPS_EXT.1.1 | The application implement the HTTPS protocol that complies with RFC 2818. HTTPS Protocol |
FCS_HTTPS_EXT.1.2 | The application implement HTTPS using TLS. HTTPS Protocol |
FCS_HTTPS_EXT.1.3 | The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid. HTTPS Protocol |
FIA_X509_EXT.2.1 | The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS. X.509 Certificate Authentication |
FPT_TUD_EXT.2.1 | The application shall be distributed using the format of the platform-supported package manager. Integrity for Installation and Update |
Information computed with MobSF.
Map computed by Pithus.
Information computed with MobSF.
JP | abbott-acare-backend-uat.herokuapp.com | 52.69.25.146 | ||
US | github.com | 140.82.121.3 | ||
IE | realm.mongodb.com | 52.49.130.120 |
Information computed with MobSF.
https://github.com/realm/realm-js/issues/2455 http://localhost:8081 Defined in io/realm/react/RealmReactModule.java |
|
https://github.com/software-mansion/react-native-screens/issues/17#issuecomment-424704067 Defined in com/swmansion/rnscreens/ScreenFragment.java |
|
https://github.com/software-mansion/react-native-screens/issues/17#issuecomment-424704067 Defined in com/swmansion/rnscreens/ScreenStackFragment.java |
|
https://abbott-acare-backend-uat.herokuapp.com/v1/ https://abbott-acare-backend-uat.herokuapp.com/resources/ Defined in com/acare/BuildConfig.java |
|
https://abbott-acare-backend-uat.herokuapp.com/v1/ https://abbott-acare-backend-uat.herokuapp.com/resources/ Defined in com/acare/BuildConfig.java |
|
https://abbott-acare-backend-uat.herokuapp.com/v1/ https://abbott-acare-backend-uat.herokuapp.com/resources/ Defined in Android String Resource |
|
https://abbott-acare-backend-uat.herokuapp.com/v1/ https://abbott-acare-backend-uat.herokuapp.com/resources/ Defined in Android String Resource |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/armeabi-v7a/librealm.so |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/armeabi-v7a/librealm.so |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/x86_64/librealm.so |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/x86_64/librealm.so |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/arm64-v8a/librealm.so |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/arm64-v8a/librealm.so |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/x86/librealm.so |
|
https://realm.mongodb.com https://github.com/realm/realm-core/issues/new/choose Defined in lib/x86/librealm.so |
Information computed with MobSF.
Information computed with Exodus-core.
Google Firebase Analytics | https://reports.exodus-privacy.eu.org/fr/trackers/49 |
Information computed with Quark-Engine.
Confidence:
|
Load external class |
Confidence:
|
Implicit intent(view a web page, make a phone call, etc.) |
Confidence:
|
Find a method from given class name, usually for reflection |
Confidence:
|
Connect to a URL and receive input stream from the server |
Confidence:
|
Method reflection |
Confidence:
|
Load class from given class name |
Confidence:
|
Retrieve data from broadcast |
Confidence:
|
Read sensitive data(SMS, CALLLOG, etc) |
Confidence:
|
Implicit intent(view a web page, make a phone call, etc.) via setData |
Confidence:
|
Connect to a URL and get the response code |
Confidence:
|
Send notification |
Confidence:
|
Monitor the broadcast action events (BOOT_COMPLETED) |
Confidence:
|
Return dynamic information about the current Wi-Fi connection |
Confidence:
|
Get Location of the device and append this info to a string |
Confidence:
|
Get last known location of the device |
Confidence:
|
Get the current WIFI information |
Confidence:
|
Get location of the device |
Confidence:
|
Method reflection |
Confidence:
|
Query WiFi information and WiFi Mac Address |
Confidence:
|
Query data from URI (SMS, CALLLOGS) |
Confidence:
|
Read file into a stream and put it into a JSON object |
Confidence:
|
Get the current WiFi IP address |
Confidence:
|
Get the time of current location |
Confidence:
|
Initialize class object dynamically |
Confidence:
|
Calculate WiFi signal strength |
Confidence:
|
Get the current WiFi MAC address |
Confidence:
|
Connect to a URL and set request method |
Confidence:
|
Get specific method from other Dex files |
Confidence:
|
Start another application from current application |
Confidence:
|
Read data and put it into a buffer stream |
Confidence:
|
Read file and put it into a stream |
Confidence:
|
Put data in cursor to JSON object |
Confidence:
|
Get absolute path of the file and store in string |
Confidence:
|
Get calendar information |
Confidence:
|
Check if the given file path exist |
Confidence:
|
Get resource file from res/raw directory |
Information computed with MobSF.