Low Risk

Threat level

oversecured.ovaa

Oversecured Vulnerable Android App

Analyzed on 2021-11-03T02:43:41.198794

3

permissions

5

activities

1

services

1

receivers

1

domains

File sums

MD5 4bbcad469823481d324c99c241f5fcf7
SHA1 7225fbd78deb79958b53557d0734c63cd0ac67fe
SHA256 dd942f3175428b1714dffecd5bd9969d874f5a55d914a64f00123d2fb3afd40b
Size 3.87MB

APKiD

Information computed with APKiD.

/tmp/tmphe6q_cm5
packer
  • SecNeo.A
/tmp/tmphe6q_cm5!classes.dex
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 98304:wZYzhlQy4Hz+BnVXL4ACj930orWWD1w2Q/6s8k7Dz:dzhqyqz+3XLFCj9nKcBu6Gz
Manifest 96:UJN117SwMDNcyngFdi0Or/uYOVEHdpSwClUq50z3OTSETu97HgLUD:UD7SNWyngni0…
classes.dex 384:cHvgYESoBcozTOGac4Hbr7GVtZHleU5JNEhSTMPj/MVpi1kA7c/U3O9cQY/vEPY6:…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d…
classes.dex 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d…

APK details

Information computed with AndroGuard and Pithus.

Package oversecured.ovaa
App name Oversecured Vulnerable Android App
Version name 1.0
Version code 1
SDK 17 - 30
UAID 46b06462128fc5fb452ec4eca6166358217da07c
Signature Not signed
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/meta-data/rsa.pub

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Activity (oversecured.ovaa.activities.DeeplinkActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (oversecured.ovaa.activities.LoginActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (oversecured.ovaa.activities.MainActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Service (oversecured.ovaa.services.InsecureLoggerService) is not Protected.An intent-filter exists.
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported.
High Content Provider (oversecured.ovaa.providers.TheftOverwriteProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Browsable activities

Information computed with MobSF.

oversecured.ovaa.activities.DeeplinkActivity

Hosts: ovaa

Schemes: oversecured://

Main Activity

Information computed with AndroGuard.

oversecured.ovaa.activities.EntranceActivity

Activities

Information computed with AndroGuard.

oversecured.ovaa.activities.DeeplinkActivity
oversecured.ovaa.activities.WebViewActivity
oversecured.ovaa.activities.LoginActivity
oversecured.ovaa.activities.EntranceActivity
oversecured.ovaa.activities.MainActivity

Receivers

Information computed with AndroGuard.

oversecured.ovaa.receivers.UselessReceiver

Services

Information computed with AndroGuard.

oversecured.ovaa.services.InsecureLoggerService

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Domains analysis

Information computed with MobSF.

dev.victim.com

URL analysis

Information computed with MobSF.

http://example.com./
https://adm1n:passw0rd@dev.victim.com
Defined in Android String Resource
http://example.com./
https://adm1n:passw0rd@dev.victim.com
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Method reflection
Confidence:
80%
Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Content provider
       com/SecShell/SecShell/AP.java
com/SecShell/SecShell/CP.java
Inter process communication
       com/SecShell/SecShell/AP.java
com/SecShell/SecShell/b.java
Java reflection
       com/SecShell/SecShell/a.java
com/SecShell/SecShell/H.java
Load and manipulate dex files
       com/SecShell/SecShell/c.java
com/SecShell/SecShell/a.java
Loading native code (shared library)
       com/SecShell/SecShell/AW.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code