Malicious
8
/63

Threat

com.proxgrind.usbkiller

USBKill

Analyzed on 2021-01-24T05:30:59.904316

3

permissions

4

activities

0

services

0

receivers

0

domains

File sums

MD5 9c09703eff1cbf5380c4ddeabe425e96
SHA1 06c757cfd1bd7682314cd2a6c7b20dd1a626c04d
SHA256 f83de85b03707423e6a6286fe01a238d85510a043381644690fd0fb8b0eaddec
Size 4.33MB

APKiD

Information computed with APKiD.

/tmp/tmpqvja1znu
packer
  • Jiagu
/tmp/tmpqvja1znu!classes.dex
obfuscator
  • unreadable field names
  • unreadable method names
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 98304:IqIdL82ou/svntbQjYLjVtXhKhNMT/IRrlMqi:eIy/ytbQcNtRKhNId
Manifest 96:rcN19qSIDNDPTPaMNY3uUr3XSYpINiBafQ:r5S65Ly+Y3NrXSWDafQ
classes.dex 24576:N2dXQkqhpEzP/CS1RKux28nTgOUoX2wiEo:N2NQkAg5xnp2wro

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6:RWm3KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCKT5OH:RW…
classes.dex 6:RWm3KnK56PikiEE8GtVm0fFUUlzYfdQV/AprGzOovyqXEATmJtxMmeL5xtCKT5OH:RW…

APK details

Information computed with AndroGuard and Pithus.

Package com.proxgrind.usbkiller
App name USBKill
Version name 1.0.5
Version code 5
SDK 19 - 29
UAID 301c6770685d8a07cc225feebc93027887b1a263
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 c59973d713f3ade551a8db2007bfa382
SHA1 436b719064f85d79bed85920c5e360767611d92a
SHA256 e1f49ef8f7bf1d6ad770bd80e0b5b3461fd199334505385c7da779d8db880633
Issuer Common Name: DXL, Organizational Unit: DXL, Organization: DXL, Locality: DXL, State/Province: DXL, Country: DXL
Not before 2017-09-13T13:23:09+00:00
Not after 2042-09-07T13:23:09+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/.appkey

Main Activity

Information computed with AndroGuard.

['com.proxgrind.usbkiller.activitys.DevicesFastActivity', 'com.proxgrind.usbkiller.activitys.MainActivity', 'com.proxgrind.usbkiller.activitys.SettingsActivity', 'com.proxgrind.usbkiller.activitys.DeviceRemarksActivity']

Activities

Information computed with AndroGuard.

com.proxgrind.usbkiller.activitys.DevicesFastActivity
com.proxgrind.usbkiller.activitys.MainActivity
com.proxgrind.usbkiller.activitys.SettingsActivity
com.proxgrind.usbkiller.activitys.DeviceRemarksActivity

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['bluetooth', 'location'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Permissions analysis

Information computed with MobSF.

Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.BLUETOOTH_ADMIN bluetooth administration
Allows applications to discover and pair bluetooth devices.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Read file from assets directory
Confidence:
100%
Method reflection
Confidence:
80%
Read data and put it into a buffer stream
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Open a file from given absolute path of the file
Confidence:
80%
Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Java reflection
       com/stub/StubApp.java
com/qihoo/util/C0002.java
Load and manipulate dex files
       com/stub/StubApp.java
Loading native code (shared library)
       com/stub/StubApp.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code