0/63
Threat
Analyzed on 2021-07-21T21:31:27.494266
MD5 | d4551500b9c72a3ff35336afcc2abe61 | |
SHA1 | b9744ead99ae421fd655a1222070eca9b5384618 | |
SHA256 | afe494847a049d24e0770191775aa65e9e6f4ea2d18224bf6fd4538795762f1d | |
Size | 8.61MB |
Information computed with APKiD.
/tmp/tmpgyh71lrs!classes.dex | |
anti_vm |
|
compiler |
|
/tmp/tmpgyh71lrs!classes2.dex | |
anti_vm |
|
compiler |
|
Information computed with ssdeep.
APK file | 196608:+sg+ggAnUH/U2S9caxYukFvPkrympzmZJRw31f45/EspKA3dgN6W43HmJfOeZQaw:zKnUfU2qXYukxNa0O1AlvKAuE5mJfOeA | |
Manifest | 384:LkDZrKTAdG/RxcKE6X1SbAoTmR95etyO7tufz+TtrTFu0HQqxRs7Ur6KISo9vqS1:… | |
classes.dex | 98304:oZMQLC/+QBk8o3WXMglpnHK62Dje3q7iZXmuYQKzS0:oVLC/+ttglpbU | |
classes2.dex | 49152:xt8lSnN7nOTKhX/BHu0cY7lLTlRd/JS+SwXeTIkUKfWL5UyDsE32r171eD2fVKk… |
Information computed with Dexofuzzy.
Information computed with AndroGuard and Pithus.
Information computed with AndroGuard.
Information computed with MobSF.
Findings | Files |
---|---|
Certificate/Key files hardcoded inside the app. |
okhttp3/internal/publicsuffix/NOTICE stamp-cert-sha256 |
Information computed with MobSF.
High | Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.DUMP [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Certificate valid not before | May 24, 2021, 4:14 p.m. |
First submission on VT | June 22, 2021, 8:55 a.m. |
Last submission on VT | June 22, 2021, 8:55 a.m. |
Upload on Pithus | July 21, 2021, 9:31 p.m. |
Certificate valid not after | May 24, 2051, 4:14 p.m. |
Information computed by Pithus.
Score | 0/63 |
Report | https://www.virustotal.com/gui/file/afe494847a049d24e0770191775aa65e9e6f4ea2d18224bf6fd4538795762f1d/detection |
Information computed with MobSF.
FCS_RBG_EXT.1.1 | The application invoke platform-provided DRBG functionality for its cryptographic operations. Random Bit Generation Services |
FCS_STO_EXT.1.1 | The application does not store any credentials to non-volatile memory. Storage of Credentials |
FCS_CKM_EXT.1.1 | The application implement asymmetric key generation. Cryptographic Key Generation Services |
FDP_DEC_EXT.1.1 | The application has access to ['camera', 'network connectivity']. Access to Platform Resources |
FDP_DEC_EXT.1.2 | The application has access to no sensitive information repositories. Access to Platform Resources |
FDP_NET_EXT.1.1 | The application has user/application initiated network communications. Network Communications |
FDP_DAR_EXT.1.1 | The application implement functionality to encrypt sensitive data in non-volatile memory. Encryption Of Sensitive Application Data |
FMT_MEC_EXT.1.1 | The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options. Supported Configuration Mechanism |
FTP_DIT_EXT.1.1 | The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product. Protection of Data in Transit |
FCS_RBG_EXT.2.1 FCS_RBG_EXT.2.2 |
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. Random Bit Generation from Application |
FCS_CKM.1.1(1) | The application generate asymmetric cryptographic keys not in accordance with FCS_CKM.1.1(1) using key generation algorithm RSA schemes and cryptographic key sizes of 1024-bit or lower. Cryptographic Asymmetric Key Generation |
FCS_COP.1.1(1) | The application perform encryption/decryption in accordance with a specified cryptographic algorithm AES-CBC (as defined in NIST SP 800-38A) mode or AES-GCM (as defined in NIST SP 800-38D) and cryptographic key sizes 256-bit/128-bit. Cryptographic Operation - Encryption/Decryption |
FCS_COP.1.1(2) | The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5. Cryptographic Operation - Hashing |
FCS_COP.1.1(3) | The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater. Cryptographic Operation - Signing |
FCS_HTTPS_EXT.1.2 | The application implement HTTPS using TLS. HTTPS Protocol |
FCS_HTTPS_EXT.1.3 | The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid. HTTPS Protocol |
FIA_X509_EXT.1.1 | The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate']. X.509 Certificate Validation |
FIA_X509_EXT.2.1 | The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS. X.509 Certificate Authentication |
FCS_CKM.1.1(2) | The application shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes 128 bit or 256 bit. Cryptographic Symmetric Key Generation |
Information computed with MobSF.
Map computed by Pithus.
Information computed with MobSF.
Information computed with MobSF.
http://www.apache.org/licenses/LICENSE-2.0 Defined in kotlin/reflect/jvm/internal/impl/descriptors/annotations/BuiltInAnnotationDescriptor.java |
|
http://localhost/ Defined in retrofit2/Response.java |
|
https://get.dgc.gov.it/v1/dgc/ Defined in it/ministerodellasalute/verificaC19/BuildConfig.java |
|
https://play.google.com/store/apps/details?id= Defined in it/ministerodellasalute/verificaC19/ui/FirstActivity.java |
|
https://www.dgc.gov.it/web/pn.html Defined in it/ministerodellasalute/verificaC19/ui/FirstActivity$onCreate$3.java |
|
http://javax.xml.XMLConstants/feature/secure-processing http://apache.org/xml/features/disallow-doctype-decl http://apache.org/xml/features/nonvalidating/load-external-dtd Defined in com/fasterxml/jackson/databind/ext/DOMDeserializer.java |
|
http://json-schema.org/draft-04/schema# http://json-schema.org/draft-03/schema# http://json-schema.org/draft-04/hyper-schema# Defined in com/github/fge/jsonschema/SchemaVersion.java |
|
http://my.site/schemas/fstab.json# Defined in com/github/fge/jsonschema/examples/Example6.java |
|
http://my.site/myschema# Defined in com/github/fge/jsonschema/examples/Example9.java |
|
http://my.site/myschema# Defined in com/github/fge/jsonschema/examples/Example8.java |
|
https://json-schema.org/draft/2020-12/schema https://id.uvci.eu/DGC.combined-schema.json https://semver.org/ https://ec.europa.eu/health/sites/health/files/ehealth/docs/vaccination-proof_interoperability-guidelines_en.pdf Defined in dgca/verifier/app/decoder/JsonSchemaKt.java |
|
http://www.w3.org/2000/xmlns/ Defined in org/mozilla/javascript/xmlimpl/XmlNode.java |
|
http://127.0.0.1 Defined in org/mozilla/javascript/tools/debugger/Dim.java |
|
http://www.openuri.org/fragment Defined in org/mozilla/javascript/xml/impl/xmlbeans/XML.java |
|
https://journeyapps.com/ https://github.com/journeyapps/zxing-android-embedded Defined in Android String Resource |
Information computed with MobSF.
Information computed with Quark-Engine.
Confidence:
|
Load external class |
Confidence:
|
Implicit intent(view a web page, make a phone call, etc.) |
Confidence:
|
Find a method from given class name, usually for reflection |
Confidence:
|
Method reflection |
Confidence:
|
Load class from given class name |
Confidence:
|
Retrieve data from broadcast |
Confidence:
|
Read sensitive data(SMS, CALLLOG, etc) |
Confidence:
|
Open a file from given absolute path of the file |
Confidence:
|
Implicit intent(view a web page, make a phone call, etc.) via setData |
Confidence:
|
Connect to a URL and get the response code |
Confidence:
|
Monitor the broadcast action events (BOOT_COMPLETED) |
Confidence:
|
Get absolute path of the file and store in string |
Confidence:
|
Get last known location of the device |
Confidence:
|
Get location of the device |
Confidence:
|
Method reflection |
Confidence:
|
Hide the current app's icon |
Confidence:
|
Get the time of current location |
Confidence:
|
Initialize class object dynamically |
Confidence:
|
Get specific method from other Dex files |
Confidence:
|
Start another application from current application |
Confidence:
|
Read file and put it into a stream |
Confidence:
|
Read file from assets directory |
Confidence:
|
Get calendar information |
Confidence:
|
Get resource file from res/raw directory |
Information computed with MobSF.
Information computed by Pithus.