Malicious
7
/60

Threat

com.vmos.pro

Analyzed on 2022-06-17T14:03:43.982466

0

permissions

0

activities

0

services

0

receivers

0

domains

File sums

MD5 dff38664030c86ae8cf216bc86cd3d5c
SHA1 43245489fc61e271ed66cc5bceb512f3649fd652
SHA256 b6c2a1a528296ce06afcfa03b0b590a0b7fa978f3be4fe2927fd88aa366bfbe6
Size 6.54MB

APKiD

Information computed with APKiD.

/tmp/tmpst47oglx!classes.dex
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 196608:wxUU8EzxLegFc0ajgYRIeTxfLQ+WJsYjXd:wcGLeX9PlfLQVmgN
Manifest 12:0//LvPlMWWPlMB5TlMiEJ8MClUqbe7sChSMdkC67UAlHY/:0HLvPlbWPlaTlUJ8MCl…
classes.dex 196608:knwsiSLl9GkVDjXBYHa9g3iYbx+j9V+hsW6L/A:k4Q9GkVXBmaGVt+RUe97A

Dexofuzzy

Information computed with Dexofuzzy.

APK file 12:LL1r6Pik154IZFUofyVzODqXETtPbBMAUE:LL1rYNZGoaVzHEdBMy
classes.dex 12:LL1r6Pik154IZFUofyVzODqXETtPbBMAUE:LL1rYNZGoaVzHEdBMy

APK details

Information computed with AndroGuard and Pithus.

Package com.vmos.pro
App name
Version name None
Version code 20600
SDK None - None
UAID ebc7e9821ec71ada3d574d9484791893c82fdeba
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.

Sample timeline

Certificate valid not before Feb. 29, 2008, 1:33 a.m.
Oldest file found in APK June 2, 2022, 4:25 p.m.
First submission on VT June 15, 2022, 6:28 a.m.
Last submission on VT June 15, 2022, 6:28 a.m.
Latest file found in APK June 15, 2022, 12:39 p.m.
Upload on Pithus June 17, 2022, 2:03 p.m.
Certificate valid not after July 17, 2035, 1:33 a.m.

VirusTotal

Score 7/60
Report https://www.virustotal.com/gui/file/b6c2a1a528296ce06afcfa03b0b590a0b7fa978f3be4fe2927fd88aa366bfbe6/detection

Most Popular AV Detections

Provided by VirusTotal

Threat name: jiagu Identified 2 times

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Read file from assets directory
Confidence:
100%
Method reflection
Confidence:
80%
Read data and put it into a buffer stream
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Open a file from given absolute path of the file
Confidence:
80%
Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Java reflection
       com/qihoo/util/c.java
com/stub/StubApp.java
Load and manipulate dex files
       com/stub/StubApp.java
com/qihoo/util/QHClassLoader.java
Loading native code (shared library)
       com/stub/StubApp.java
com/qihoo/util/AppZygotePreload.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code