Pithus report for USBKill - com.proxgrind.usbkiller

File sums

MD5	`9c09703eff1cbf5380c4ddeabe425e96`
SHA1	`06c757cfd1bd7682314cd2a6c7b20dd1a626c04d`
SHA256	`f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec`
Size	`4.33MB`

APKiD

Information computed with APKiD.

`/tmp/tmpqvja1znu`
packer	`Jiagu`
`/tmp/tmpqvja1znu!classes.dex`
obfuscator	`unreadable field names` `unreadable method names`
compiler	`dexlib 2.x`

SSdeep

Information computed with ssdeep.

APK file	`98304:IqIdL82ou/svntbQjYLjVtXhKhNMT/IRrlMqi:eIy/ytbQcNtRKhNId`
Manifest	`96:rcN19qSIDNDPTPaMNY3uUr3XSYpINiBafQ:r5S65Ly+Y3NrXSWDafQ`
`classes.dex`	`24576:N2dXQkqhpEzP/CS1RKux28nTgOUoX2wiEo:N2NQkAg5xnp2wro`

Dexofuzzy

Information computed with Dexofuzzy.

APK file	`6:RWm3KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCKT5OH:RW…`
`classes.dex`	`6:RWm3KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCKT5OH:RW…`

APK details

Information computed with AndroGuard and Pithus.

Package	`com.proxgrind.usbkiller`
App name	`USBKill`
Version name	`1.0.5`
Version code	`5`
SDK	`19` - `29`
UAID	`301c6770685d8a07cc225feebc93027887b1a263`
Signature	Signature V1 Signature V2
Frosting	Not frosted Blocks found within V2 signature: `0x7109871a`: Unknown `0x42726577`: Verity padding

Certificate details

Information computed with AndroGuard.

MD5	`c59973d713f3ade551a8db2007bfa382`
SHA1	`436b719064f85d79bed85920c5e360767611d92a`
SHA256	`e1f49ef8f7bf1d6ad770bd80e0b5b3461fd199334505385c7da779d8db880633`
Issuer	`Common Name: DXL, Organizational Unit: DXL, Organization: DXL, Locality: DXL, State/Province: DXL, Country: DXL`
Not before	`2017-09-13T13:23:09+00:00`
Not after	`2042-09-07T13:23:09+00:00`

File Analysis

Information computed with MobSF.

Findings	Files
Certificate/Key files hardcoded inside the app.	`assets/.appkey`

Main Activity

Information computed with AndroGuard.

['com.proxgrind.usbkiller.activitys.DevicesFastActivity', 'com.proxgrind.usbkiller.activitys.MainActivity', 'com.proxgrind.usbkiller.activitys.SettingsActivity', 'com.proxgrind.usbkiller.activitys.DeviceRemarksActivity']

Activities

Information computed with AndroGuard.

com.proxgrind.usbkiller.activitys.DevicesFastActivity
com.proxgrind.usbkiller.activitys.MainActivity
com.proxgrind.usbkiller.activitys.SettingsActivity
com.proxgrind.usbkiller.activitys.DeviceRemarksActivity

Similar samples

Information computed by Pithus.

SHA256	Similarity
`20035c4744ab513a9c3c6d44436789611fedd300b0184ef7163cf314b2553925`	100%
`db00a080aed099c4addcaa20c0cc690a28f62dddf00844f3476229a37400d07b`	100%
`fe2082dd4ff81a392ca2615bda649b85223017e4a25da136958bf32c63bf1917`	97%
`cedce5b2eace19a8993b0326a3fbf4d0eed6a8503c639eb8004c69496ff5299c`	97%
`747b3d06800384a285782986b2091a75304ae6ed48e6ce887b6f3ff8e615d48d`	86%
`2f4ed9fe43efdbf7acbba893d5b69bdf400805e13d6a1e50e14e194ec41778c4`	86%
`ce6de7b1df203649998297aef695543a50fe7001c6f7887f11065e5383749c6e`	88%
`d7ec50fa1848a8d4e623177d50b3ded0f744d7ed564f60c2ad609f014e86c0f3`	85%
`7d0e6a9fabf0f3613b644f3f7c6c1de9c3864e922914e97397f726df5cf76d46`	85%

MalwareBazaar

First seen	2021-02-21 18:32:37
Last seen	None
Report	https://bazaar.abuse.ch/sample/f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec/

ReversingLabs

Threat name	None
Status	KNOWN
First seen	2020-10-01 06:24:23
Score	2/28

CERT-PL MWDB

Detection	None
Report	https://mwdb.cert.pl/sample/f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec/

VirusTotal

Score	8/63
Report	https://www.virustotal.com/gui/file/f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec/detection

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1	The application does not store any credentials to non-volatile memory. Storage of Credentials
FCS_CKM_EXT.1.1	The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services
FDP_DEC_EXT.1.1	The application has access to ['bluetooth', 'location']. Access to Platform Resources
FDP_DEC_EXT.1.2	The application has access to no sensitive information repositories. Access to Platform Resources
FDP_NET_EXT.1.1	The application has no network communications. Network Communications
FDP_DAR_EXT.1.1	The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1	The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit

Permissions analysis

Information computed with MobSF.

Low	`android.permission.BLUETOOTH`	create Bluetooth connections Allows applications to connect to paired bluetooth devices.
Low	`android.permission.BLUETOOTH_ADMIN`	bluetooth administration Allows applications to discover and pair bluetooth devices.
Low	`android.permission.VIBRATE`	control vibrator Allows the application to control the vibrator.

Threat analysis

Information computed with Quark-Engine.

Confidence: 100%	Read file from assets directory
Confidence: 100%	Method reflection
Confidence: 80%	Read data and put it into a buffer stream
Confidence: 80%	Read file and put it into a stream
Confidence: 80%	Open a file from given absolute path of the file
Confidence: 80%	Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Java reflection

       com/stub/StubApp.java
       com/qihoo/util/C0002.java

Load and manipulate dex files

       com/stub/StubApp.java

Loading native code (shared library)

       com/stub/StubApp.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

com/stub/StubApp

com.proxgrind.usbkiller

USBKill

3

permissions

4

activities

0

services

0

receivers

0

domains

File sums

APKiD

SSdeep

Dexofuzzy

APK details

Certificate details

File Analysis

Main Activity

Activities

Similar samples

MalwareBazaar

ReversingLabs

CERT-PL MWDB

VirusTotal

NIAP analysis

Permissions analysis

Threat analysis

Behavior analysis

Control flow graphs analysis

The application probably dynamically loads code