Pithus report for android Update

File sums

MD5	`e87dfb160bc5b48e4edde52845321c6b`
SHA1	`902b96817762215a8eac6a98b0c431ef685e9d6f`
SHA256	`f873385a6dbf5c6d6b814a741755cf8dfc6caaf2d2c4d1a2aac5946e409ba545`
Size	`4.33MB`

APKiD

Information computed with APKiD.

`/tmp/tmpn73keyud!classes.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes10.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes11.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes12.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes13.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes14.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes15.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes16.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes17.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes18.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes19.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes2.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes20.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes21.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes22.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes23.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes24.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes25.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes26.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes27.dex`
compiler	`r8 without marker (suspicious)`
`/tmp/tmpn73keyud!classes28.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes29.dex`
compiler	`r8`
`/tmp/tmpn73keyud!classes3.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes30.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes31.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes32.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes33.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes34.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes35.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes36.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes37.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes38.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes39.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes4.dex`
anti_vm	`Build.MANUFACTURER check`
compiler	`dx`
`/tmp/tmpn73keyud!classes40.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes41.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes42.dex`
compiler	`r8 without marker (suspicious)`
`/tmp/tmpn73keyud!classes43.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes44.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes45.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes46.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes47.dex`
compiler	`unknown (please file detection issue!)`
`/tmp/tmpn73keyud!classes48.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes5.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes6.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes7.dex`
compiler	`dexlib 1.x`
`/tmp/tmpn73keyud!classes8.dex`
compiler	`dx`
`/tmp/tmpn73keyud!classes9.dex`
compiler	`dexlib 1.x`

SSdeep

Information computed with ssdeep.

APK file	`98304:DPGAPY+1oI8UofrLDmVojhkUWMrPI+7rh6XKihXqZ7EuBiIl3:D+++BbhkUrDkKt3`
Manifest	`384:2hTe5Tt+j0GzQQHIiaRpgXbxjAtpZq1nwVjomvDdZP33M02P+0HNtNPquZu7gx0A:…`
`classes.dex`	`3072:4M7H9V4NcSNWVcXbrvaS8K0yrk+Ck/0L4z3TLnc33BDQH9n:HHjbmPaHK3rk+Ck/…`
`classes10.dex`	`192:+O0fmTxV+M7b6CfAQ58J8liW9qr6Thtb9uOdWDwWM6Quq6kJf66nfZ6TWE3Y06y9:…`
`classes11.dex`	`3072:Tb4mTP9VnQPRcS6ACgS+zhYV7lMe5asBVFe9qn50echbOu8PypKa6hn8UDSsbwek…`
`classes12.dex`	`1536:rLTa6oEbvJjFapXtyH55ZYBuGpj27WuKQKe:ryYvJjspIH2ucq6u3F`
`classes13.dex`	`768:sP8KemJR6E0PzyQoKUHEPqPQfSH5fpxuVTqGZ:s+mJQPPFoKYElSH5Roh9Z`
`classes14.dex`	`768:BVdc2PwB0GTcbnNdT1njfs9zdx2dxQZ9sk9IN3MikKDkfq:BDbPwL9zdx2dxQZ9sK…`
`classes15.dex`	`192:NBUtz6UJAPA5wl9o6QiGuCkmF+B3hm886nYm:NytQAezTGuCxF+B3E886nYm`
`classes16.dex`	`96:7HDcfOHArR62WFe6bNVY2sRaaIBJiFbnn4oH68fgQZgljuyHXY43ca0:7HDcfOcWFz…`
`classes17.dex`	`96:/QmwDBaKJOWm2GADYmSBRuwt9e7YdUIzzCV1YbfKXhcLD6izwiqM8TYHCzRMlolZ:4…`
`classes18.dex`	`192:FwQYh0pB9b36loh5E0xxx7qtu9XnOv5HDk0nKoHEg/ZNw/964muNmu5y/:FwQYyp6…`
`classes19.dex`	`768:HLq8Cb5vrDBVyUsQp7dNa3J2YQjxaZYJsiwF6nzCekZG:HhWVl7dk4LS6nuekZG`
`classes2.dex`	`6144:i2pSK8eGIe9b/kjO9SWgPuF7s+Y/tIjVR8EuGoTlC1xKXHcYHNAwpWFvdgw0BJne…`
`classes20.dex`	`192:Sc9UFqUne4BakIPqjsH0QOnlmhkZNPmWV6i3F8x0mkiGZt:SpFqGe4YkIPKs5On9d…`
`classes21.dex`	`1536:HcN48Im3YJZV8VESrABn6NFZsb7IFmqCTavs4:8uBE4RSrAleI3TYs4`
`classes22.dex`	`768:DP6HHFFk7U9A6AlefspBe8PKf5ZDL7wxaTGBpQR4LwGUb86NZpJ2:el9QG4iD3vjG…`
`classes23.dex`	`768:I79paMk/mMUyfYZZq0QRGv5RSixpstyeeK:I79MMk+zyfYZZq0Ci5RVpstJeK`
`classes24.dex`	`96:bVFz4wVWQElaOtcTX5NZIu/DT5NowCdx4tmABwsV5g:pewVUl0XI0tjC36S`
`classes25.dex`	`384:aVUHr3+bnoThJvJs4W9uNhKO1+yksDCH6f6O+Ox2UDKOd+u4nleCtgWV3xCpntnb:…`
`classes26.dex`	`768:1F545mRMUPyp+k2gUkD0oAGIOFQLJ6sm2Ra58o+Q1v2JeLHROqAAw:1CkPG+k2gU1…`
`classes27.dex`	`12288:sinJAsbPWSmVvA3Sjf2co1knHNuJpGoctbtA/TjfFbXsPLaIWZ68QdnNWkzbovb…`
`classes28.dex`	`384:u3xX3ZuI1+qhcH2u0oz8DUcdjaFFWwPyYY2dmHDzWG0+AeiZc:u3V3ZVEwukw0OFF…`
`classes29.dex`	`6144:PRJpRuZGcbrFjKQDlFePtcPG5PQXP7GXnVLWZrQWcDrrYgYxrjIG5NaqhLtfz:sL…`
`classes3.dex`	`96:VDQgeMXQbUmP6ecTCX9ehpfE0a/JbozAhbN3p1C/lTSXnVVUJ463WrVUrzhjwx+G:e…`
`classes30.dex`	`384:4BtJdc+nBv/2d+7/jUXyH+5+qsxUtA0EmQrF4nrntSb+51eeGY+qf2uIp5yZ60vL:…`
`classes31.dex`	`96:ADFrmqcEmaPJgh92GOD2nx6BsqfbSCQcuNCtxjPFrKFEp+r2mmoyv/M/:s6ahgh92r…`
`classes32.dex`	`6144:hjGegjXRSjh22xJPLS8iz+Mam7KjtOgRr3bChKtaEiVSSs2OtA//:hXmR6izLayK…`
`classes33.dex`	`192:NCJTiZcAQkm4ha4grp11QqlugUalVMyVfVRs4ygLLI5/:ND7m4w3KqJOy/x5LLI5/`
`classes34.dex`	`48:HvI1LlX0uql+/Cw57ifaIpaRd4m9DnGxqWU/eY4MW+cOEJ:iBETl4Td4mlnQO/eeEJ`
`classes35.dex`	`192:saudydr+G8zWplRsAjlnwQclov1ssh12gqogVW3evb7M4VruaLONTvsA7hQTQ:fGW…`
`classes36.dex`	`192:AtWq3jssFTebmzetpMyD8GrHrNH4/5WQiNOa2zu0+0uVQL7rsjhxsyj9Lv+u97SU:…`
`classes37.dex`	`384:GcnJSJD7irbSHUVQB+2neupjLmn5+5mZFPBBdTkF8hCYt:JYN7aS0V+mnM5anpU8M0`
`classes38.dex`	`384:aX9mL5Do/6JyNgGf5oKubjtdWJXhbCrGZB5iGwypUbpIXY3/Hjbr8fyP0byHeUn2:…`
`classes39.dex`	`768:wC4sX3R9JjqSucByhgb0nZDrhri63wmJhDtJIwhUoe2kSlCkMz6:wCruS2+oBtXwm…`
`classes4.dex`	`24576:NXi7mSzuoGrhRGKXAXQXUXEKnAz8BMPr4:piJQK62EIpBM0`
`classes40.dex`	`96:vM/fsrjURZPmSI3i5n0Z9bROQnJrC/3aDk/obKLVkqrE6SZr08:0/fs3URZP4yhiv4…`
`classes41.dex`	`3072:58qq/+67cGPyo7QLJjfzptwcnJLPVes7RRFRWJnB88fzJmrZbR:58vL79X7QdHxP…`
`classes42.dex`	`1536:+6RoHk2RDB3ZUWAfe9QspWlNe5JqvQoaC+Jk:9RGk+DNZUwJqvhaC+Jk`
`classes43.dex`	`3072:jow9VapvrtLvHaL9aggrvEAuLuZyn0cqcxAM9PMPL2H7:0MV8vrtLvIwggrvF2uZ…`
`classes44.dex`	`6144:d7cnDVUA43SiAMQPjdCDvqneb8Opjh0x9fixM8SBA67LN+gUK:dMVYynmx0SzKQg…`
`classes45.dex`	`1536:GCqgcrqiW4gHYlchE34bD+yErk67eJULwPlOzhAtEL5fNp6ES9F1HG7n9eBgrZXl…`
`classes46.dex`	`1536:BU+g2HfOFbBLexKaLdaCsQfccE+3DO3ktOrSDWmpW0D9cszCCoOosSzn/z/UEEp8…`
`classes47.dex`	`12288:8WIdFhOWIU8dBuThmxLpNmpngSYroviv05qfv2cPn2T5acyQmgmdve3L0gmBL:H…`
`classes48.dex`	`12288:4RzhgLuaFCeaj44Do2te4Gq9M+Hui5BepNm29N8cyQm+ndve3L0F5B/:4RFEbJa…`
`classes5.dex`	`192:kC/Cb9R8q08lAG1E0T5uXzP+1fSXaHXAgmwGvQg5z3eKo1Yd++r+dOxl:kgC0ZGC3…`
`classes6.dex`	`384:a1yKRkRb6KeoXZDwWIz7GwzbjU8Zwi23jT8jt9Wh:aMakRb6wLIz7Y8ZwDH8jfa`
`classes7.dex`	`192:dPyUv9lAvUW5kSciAWcAPc01koymcK4sTbxrH7lWGsWXnZX6sJN:lys0SScccUkoy…`
`classes8.dex`	`768:Aqn8Y2vMAN2I9hEGNj4rU3DhKkK0lx8Fsp:AQLurN2I9uGNjGU3lu0l+Kp`
`classes9.dex`	`768:bgSVozluUNXY51OrQPHzQt3QS3PgM47mEXyYQvG5l4RGApsg:bFVILNXY59fzQt3Q…`

Dexofuzzy

Information computed with Dexofuzzy.

APK file	`6144:yLpgZZNuTX8zcuCgL8MONPPF9iEBpTL/7kugRTPt5tb5zifw:yLyuD8z4NPdgSpT…`
`classes.dex`	`24:XF4dHHHH8TS8lDvH1T11GAygZIZM11110E111o5k111h11111111111111111B1d:g…`
`classes10.dex`	`6:EIEPRfktUlMvt0/jb4MgTIqwaw/eo0PdN2dt5kBD9kqK2FGKAGiAGiaDkBx/RiEw:hE…`
`classes11.dex`	`384:i0e0DsGFDRSawzs+PcaBX1O9uwv7sosEmsDoz8PZJxK0D:xe0DpFNSagFcuO9uU7f…`
`classes12.dex`	`48:aBvE2GQv4XGZ7EmrphWVkUzwcZlCxmmZhaXDdB0h+meMfFUb8gO53fSYgCgDssRq:h…`
`classes13.dex`	`48:YELTtR7d5bw59TSosEoBuX96EaHgy8toMqTw0wm0:VTLbwr+osvBuXkTAhv0wm0`
`classes14.dex`	`24:LIi0gwnIiIkIiIkIHRqXWQrR3xUYWYi0N9v/o1irvMiNR3wvt66CYDtg4DlnY5S5:L…`
`classes15.dex`	`6:A4UXaQOxglz2RFYAbI5+vwL0A+vwLa4O3CkDJQXLPH0vAfTLn4u2jDOKOr:A4UXus2g…`
`classes16.dex`	`6:IDiZhiZK20htZAoiRfd9/w98zH2suBoBXuPIvG00nquJ3:2iZhiZt0hQdG9eRkuXyAj…`
`classes17.dex`	`12:/Q9OzTkANmNi2wG+DNsNh/Drwr+L+wkN262NcF2y12NqwriYc:/QYnNwd+qn/D8r+S…`
`classes18.dex`	`12:0Yg9tUOJ4npTtwCeKKylCR2yA2fc8sDnAsnX1KTTIfEM:0YgvUj0C7ly2KfLkAGFKm`
`classes19.dex`	`48:45xbrgvlE86KfvlQU0k0xYBozoH4MCpSfSr7zoB8m5zcqfA8o6P5dkck0W/r:45xPo…`
`classes2.dex`	`768:W5PkkB00t9u0zNuoehbH7x4xS7VRp+Y07n4Xo7chZFF0AsSw:Wsk5uQNu7B7x44VL…`
`classes20.dex`	`6:TPwYgGW8Jldfvf8Htnp22JI/v5aMJuaWOwq98XzhPxQQW03qsnmTI8O2rTnM:TU8Jld…`
`classes21.dex`	`96:TB5+IOOcKfsiKEkeC8ZZE/J/UriqcIR3CeYpKo9IGXTmbyA3kgTc:T74K0iVm9/J/U…`
`classes22.dex`	`48:OTVAY1NrMQo00c6VMMMbAjPk6Q7bA67rl3:OTnr600c6q4PjQHA67d`
`classes23.dex`	`48:fGHgzUXOui6OHC/mLIhTBgCAdGy07CXYu0pO33nd0:eM36kC/kIh9sGdCXb0pOHd0`
`classes24.dex`	`3:xqv46T3kutCzK5:8gWwo`
`classes25.dex`	`48:ZYzfEWkTzolFsfStD4Z9UD4G73aPeVknEUatPSPVdU/3nyyftT6TWnkuqn8CcaPI:K…`
`classes26.dex`	`48:KlA4WSJ2Mt1oF4q3zxNRkE6kT2PTJNHALmlr6aJG0S:XWFIRzLy11VnLw0S`
`classes27.dex`	`1536:tfFGVjgN51i7Mh9v/kCk84FSjHy8Hq57/iiZ6lTtlKh:YgLv8CDu7CTtlKh`
`classes28.dex`	`24:oN9ywPLH0byhLQlUJqf9FMYRvDiZ1QemoqUb/MmfCiUl6da:o6buCYqf8yLaQbRUIm…`
`classes29.dex`	`384:zFTOXd1R5KdVcgj+ncb2CPdq8kkPZEtWTaPymKypajyz6YyLeqns184l04pM99Jc:…`
`classes3.dex`	`3:+LzzDNAJXnKWZwwhOq/jfzzDdJX6wwhOn:izIKQwUOizbX6wUOn`
`classes30.dex`	`48:9KHm/irYFx0pVefOpVeOOOOOkDWvqisxHsx7xXZOCOC/uJIvf9+NPNkVR98:9eyirY…`
`classes31.dex`	`3:79z9whOq659whOn:79RUO7bUOn`
`classes32.dex`	`384:6uQ3UCZnC9LHPIETnIi1VweMZ8lGNzevfJgqyJQNKcn5dz/oxpjJ0T4VQR:6b3zCB…`
`classes33.dex`	`6:9JkfZpC9RhkyNVZxbEV2rihVnpwW36hDWOAJ7xYk0I9OjQKINyavM5QIhgXO/94e:rk…`
`classes34.dex`	`3:h4+6zRrIQzuIM9rcmn:GTrsI8rcm`
`classes35.dex`	`24:D/mlZSzyLwHMBufCfYyilfqbqdlzIdjjqRhalDKMj2DvZojQ6:zOEzyLwHB4ARUWvZg`
`classes36.dex`	`12:qK7wUnFffbYzMX18Lz4RLsQSdL9mTQ4Xjq6pzS3gODZxecuZeZlrRvRSNq:qMX0MX6…`
`classes37.dex`	`12:D9flvHpU76q2Zd37gHbxSoUlObNVdNA19qHKEDxEJbuV9VeaEd0J0IAn:DvHpUmR37…`
`classes38.dex`	`24:f6MWVHk3NMQi1K5zoltZ72beS3vnNIVB+of2HBhOAChpsSRNOPrYyntOmZDPNYy3:y…`
`classes39.dex`	`48:caZxfEC5L5os+CW4Rb8kgSpppUhcWNXpEzollikyip6QTa8Jv0GNhPg44VguLH:9F5…`
`classes4.dex`	`768:MiISBcv4SUVYvoPKJ6x5k+00cr1GqcpOAbwogM02NVV1oGLpm:MC6vbUG8x5kJ0cr…`
`classes40.dex`	`3:RSht6QVdsR90+hK0uyRuFIqwRlUD3X82+xDv+ASOUk:0ht1Vc0+E0uyRuFtEODn8r+A…`
`classes41.dex`	`192:KkCFPKkHmVOu3fVJObGjdwS22a+WSi7sdzgT4yqlKS:KkCFCkC7P9r22a+WSi7sdj…`
`classes42.dex`	`48:5sy+Bq8JDoCtpepIQO+U6u7w5UpFt70KIYc6:5sy0JDotHOWW0Ot70T6`
`classes43.dex`	`192:EddvSwZ392jgv4X54On5RcwZ4EYy/pQZCo+UZpw8s:E7N2D5RcwZ4R+E+UZTs`
`classes44.dex`	`384:5FxG9r2ija9AiaDw8Uf44q+E9O32koGonWAniD6:PqrTmA/k3MGYniD6`
`classes45.dex`	`192:83k3T3nGzV/4wNBSZLyUGMJcB5K6TX3Vizl/nko9obikh:1Gx/3NBI/lcbKf/Gikh`
`classes46.dex`	`96:7/ZrwZzCsszx9p+lhZrJJyS00KtHY6ewIfxIHIHItAQQn:7RrObszx9pm/DXK5Y6ew…`
`classes47.dex`	`24:rLLLLLLLLLLLG563ALLLLLLLLLLLLLLLG563ALLLLLLLLLLLLLLLG563ALLLLLLS:B…`
`classes48.dex`	`48:l3k3S3S3S3P2GzqqU71UUQtNxIVdMoDdiv889884hGnUW3hW+cCpW0Bs:lY++++RyP…`
`classes5.dex`	`12:FfEDrRqB2fxruh1wlnNhARP7h1wezU5lheu/YMgHRRARRRtWjMvH5+bSjORw:O8i0K…`
`classes6.dex`	`24:XNQc65N/8z9QkFfseV6Ku/H6vD5666XTYYY3HytJ+tx496vATqJwS2zGGXGra61:XN…`
`classes7.dex`	`12:tENGpMJt6sjE5Y4CWqislnF51+ItTRK2MkRf6LOJGzjLo8aLqJOwuo1mn3tgkL:tYU…`
`classes8.dex`	`24:VITNwzwvaBSuoTUSL5Bz/ZNtD9g5uKEeZ5j4Y3Lfdx8+N9udwQiMYSaDu:V+YyvH/H…`
`classes9.dex`	`96:X72yeN3MAzx2wswhpSudizBgzioIlj4g+rWNCQELicOH4aTSjMqZ:X7SN3MA12wswL…`

APK details

Information computed with AndroGuard and Pithus.

Package	`com.my.newproject`
App name	`android Update`
Version name	`1.0`
Version code	`1`
SDK	`21` - `28`
UAID	`619da802fa11b216c29bcd3a072f403dc6ec601d`
Signature	Signature V1 Signature V2 Signature V3
Frosting	Not frosted Blocks found within V2 signature: `0x7109871a`: Unknown `0xf05368c0`: Unknown `0x42726577`: Verity padding

Certificate details

Information computed with AndroGuard.

MD5	`e89b158e4bcf988ebd09eb83f5378e87`
SHA1	`61ed377e85d386a8dfee6b864bd85b0bfaa5af81`
SHA256	`a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc`
Issuer	`Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US`
Not before	`2008-02-29T01:33:46+00:00`
Not after	`2035-07-17T01:33:46+00:00`

Manifest analysis

Information computed with MobSF.

High

Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.

Medium

Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.

Main Activity

Information computed with AndroGuard.

com.my.newproject.MainActivity

Activities

Information computed with AndroGuard.

com.my.newproject.MainActivity
com.my.newproject.HackedActivity
com.my.newproject.DebugActivity
com.facebook.ads.AudienceNetworkActivity

Sample timeline

Oldest file found in APK	Jan. 1, 1980, 1 a.m.
Certificate valid not before	Feb. 29, 2008, 1:33 a.m.
First submission on VT	June 7, 2022, 5:59 p.m.
Last submission on VT	June 7, 2022, 5:59 p.m.
Latest file found in APK	June 7, 2022, 7:57 p.m.
Upload on Pithus	June 13, 2022, 6:34 a.m.
Certificate valid not after	July 17, 2035, 1:33 a.m.

VirusTotal

Score	18/61
Report	https://www.virustotal.com/gui/file/f873385a6dbf5c6d6b814a741755cf8dfc6caaf2d2c4d1a2aac5946e409ba545/detection

Most Popular AV Detections

Provided by VirusTotal

Threat name: piom	Identified 2 times
Threat name: artemis	Identified 2 times
Threat name: wiper	Identified 2 times

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1	The application invoke platform-provided DRBG functionality for its cryptographic operations. Random Bit Generation Services
FCS_STO_EXT.1.1	The application does not store any credentials to non-volatile memory. Storage of Credentials
FCS_CKM_EXT.1.1	The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services
FDP_DEC_EXT.1.1	The application has access to ['location', 'bluetooth', 'camera', 'network connectivity']. Access to Platform Resources
FDP_DEC_EXT.1.2	The application has access to ['address book', 'system logs']. Access to Platform Resources
FDP_NET_EXT.1.1	The application has user/application initiated network communications. Network Communications
FDP_DAR_EXT.1.1	The application implement functionality to encrypt sensitive data in non-volatile memory. Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1	The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options. Supported Configuration Mechanism
FTP_DIT_EXT.1.1	The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product. Protection of Data in Transit
FCS_RBG_EXT.2.1 FCS_RBG_EXT.2.2	The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. Random Bit Generation from Application
FCS_HTTPS_EXT.1.2	The application implement HTTPS using TLS. HTTPS Protocol
FCS_HTTPS_EXT.1.3	The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid. HTTPS Protocol
FIA_X509_EXT.1.1	The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['The certificate path must terminate with a trusted CA certificate']. X.509 Certificate Validation
FIA_X509_EXT.2.1	The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS. X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Medium CVSS:7.5	The App uses an insecure Random Number Generator. MASVS: MSTG-CRYPTO-6 CWE-330 Use of Insufficiently Random Values M5: Insufficient Cryptography Files: `com/my/newproject/MainActivity.java com/my/newproject/SketchwareUtil.java com/my/newproject/HackedActivity.java`
High CVSS:5.5	App can read/write to External Storage. Any App can read data written to External Storage. MASVS: MSTG-STORAGE-2 CWE-276 Incorrect Default Permissions M2: Insecure Data Storage Files: `com/my/newproject/FileUtil.java`

Permissions analysis

Information computed with MobSF.

High	`android.permission.CAMERA`	take pictures and videos Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High	`android.permission.READ_EXTERNAL_STORAGE`	read external storage contents Allows an application to read from external storage.
High	`android.permission.WRITE_EXTERNAL_STORAGE`	read/modify/delete external storage contents Allows an application to write to external storage.
High	`android.permission.ACCESS_FINE_LOCATION`	fine (GPS) location Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High	`android.permission.READ_SMS`	read SMS or MMS Allows application to read SMS messages stored on your phone or SIM card. Malicious applications may read your confidential messages.
High	`android.permission.RECEIVE_SMS`	receive SMS Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
High	`android.permission.SEND_SMS`	send SMS messages Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.
High	`android.permission.SEND_SMS_NO_CONFIRMATION`	send SMS messages send SMS messages via the Messaging app with no user input or confirmation.
High	`android.permission.ACCEPT_HANDOVER`	Allows a calling app to continue a call which was started in another app. An example is a video calling app that wants to continue a voice call on the user's mobile network.
High	`android.permission.ACCESS_BACKGROUND_LOCATION`	access location in background Allows an app to access location in the background.
High	`android.permission.ACCESS_COARSE_LOCATION`	coarse (network-based) location Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High	`android.permission.ACCESS_MEDIA_LOCATION`	access any geographic locations Allows an application to access any geographic locations persisted in the user's shared collection.
High	`android.permission.ACCESS_MOCK_LOCATION`	mock location sources for testing Create mock location sources for testing. Malicious applications can use this to override the location and/or status returned by real-location sources such as GPS or Network providers.
High	`android.permission.ACTIVITY_RECOGNITION`	allow application to recognize physical activity Allows an application to recognize physical activity.
High	`android.permission.ANSWER_PHONE_CALLS`	Allows the app to answer an incoming phone call.
High	`android.permission.READ_LOGS`	read sensitive log data Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
High	`android.permission.WRITE_SETTINGS`	modify global system settings Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High	`android.permission.WRITE_SMS`	edit SMS or MMS Allows application to write to SMS messages stored on your phone or SIM card. Malicious applications may delete your messages.
High	`android.permission.READ_CONTACTS`	read contact data Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High	`android.permission.GET_TASKS`	retrieve running applications Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Low	`android.permission.INTERNET`	full Internet access Allows an application to create network sockets.
Low	`android.permission.ACCESS_NETWORK_STATE`	view network status Allows an application to view the status of all networks.
Low	`android.permission.BLUETOOTH`	create Bluetooth connections Allows applications to connect to paired bluetooth devices.
Low	`android.permission.BLUETOOTH_ADMIN`	bluetooth administration Allows applications to discover and pair bluetooth devices.
Low	`android.permission.ACCESS_LOCATION_EXTRA_COMMANDS`	access extra location provider commands Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low	`android.permission.ACCESS_NOTIFICATION_POLICY`	Marker permission for applications that wish to access notification policy.
Low	`android.permission.ACCESS_WIFI_STATE`	view Wi-Fi status Allows an application to view the information about the status of Wi-Fi.
Low	`android.permission.BIND_COMPANION_DEVICE_SERVICE`	Must be required by any CompanionDeviceServices to ensure that only the system can bind to it.
Low	`android.permission.WRITE_SYNC_SETTINGS`	write sync settings Allows an application to modify the sync settings, such as whether sync is enabled for Contacts.
Low	`android.permission.RECEIVE_BOOT_COMPLETED`	automatically start at boot Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low	`android.permission.WAKE_LOCK`	prevent phone from sleeping Allows an application to prevent the phone from going to sleep.
Medium	`android.permission.BROADCAST_SMS`	send SMS-received broadcast Allows an application to broadcast a notification that an SMS message has been received. Malicious applications may use this to forge incoming SMS messages.
Medium	`android.permission.SMS_FINANCIAL_TRANSACTIONS`	Allows financial apps to read filtered sms messages Allows financial apps to read filtered sms messages. Protection level: signature\|appop. This constant was deprecated in API level S.
Medium	`android.permission.ACCESS_SURFACE_FLINGER`	access SurfaceFlinger Allows application to use SurfaceFlinger low-level features.
Medium	`android.permission.ACCOUNT_MANAGER`	act as the Account Manager Service Allows an application to make calls to Account Authenticators.
Medium	`android.permission.BATTERY_STATS`	modify battery statistics Allows the modification of collected battery statistics. Not for use by common applications.
Medium	`android.permission.BIND_ACCESSIBILITY_SERVICE`	Must be required by an AccessibilityService, to ensure that only the system can bind to it.
Medium	`android.permission.BIND_AUTOFILL_SERVICE`	Must be required by a AutofillService, to ensure that only the system can bind to it.
Medium	`android.permission.BIND_CALL_REDIRECTION_SERVICE`	Must be required by a CallRedirectionService, to ensure that only the system can bind to it.
Medium	`android.permission.BIND_CARRIER_MESSAGING_CLIENT_SERVICE`	A subclass of CarrierMessagingClientService must be protected with this permission.
Medium	`android.permission.BIND_CARRIER_MESSAGING_SERVICE`	The system process that is allowed to bind to services in carrier apps will have this permission.
Medium	`android.permission.BIND_CARRIER_SERVICES`	The system process that is allowed to bind to services in carrier apps will have this permission. Carrier apps should use this permission to protect their services that only the system is allowed to bind to.
Medium	`android.permission.BIND_CHOOSER_TARGET_SERVICE`	Must be required by a ChooserTargetService, to ensure that only the system can bind to it.
Medium	`android.permission.BIND_CONDITION_PROVIDER_SERVICE`	Must be required by a ConditionProviderService, to ensure that only the system can bind to it.
Medium	`android.permission.BIND_DEVICE_ADMIN`	interact with device admin Allows the holder to send intents to a device administrator. Should never be needed for common applications.
Medium	`android.permission.BIND_DREAM_SERVICE`	Must be required by an DreamService, to ensure that only the system can bind to it.
Medium	`android.permission.READ_INPUT_STATE`	record what you type and actions that you take Allows applications to watch the keys that you press even when interacting with another application (such as entering a password). Should never be needed for common applications.
Medium	`android.permission.ACCESS_CACHE_FILESYSTEM`	access the cache file system Allows an application to read and write the cache file system.
Medium	`android.permission.ACCESS_CHECKIN_PROPERTIES`	access check-in properties Allows read/write access to properties uploaded by the check-in service. Not for use by common applications.
Medium	`android.permission.BACKUP`	control system back up and restore Allows the application to control the system's back-up and restore mechanism. Not for use by common applications.
Medium	`android.permission.BIND_APPWIDGET`	choose widgets Allows the application to tell the system which widgets can be used by which application. With this permission, applications can give access to personal data to other applications. Not for use by common applications.
Medium	`android.permission.BIND_CONTROLS`	Allows SystemUI to request third party controls. Allows SystemUI to request third party controls. Should only be requested by the System and required by ControlsProviderService declarations.
Medium	`android.permission.WRITE_SECURE_SETTINGS`	modify secure system settings Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium	`android.permission.WRITE_GSERVICES`	modify the Google services map Allows an application to modify the Google services map. Not for use by common applications.
	`android.permission.ACCESS_AMBIENT_LIGHT_STATS`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_BLOBS_ACROSS_USERS`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_BROADCAST_RADIO`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_CONTEXT_HUB`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_DRM_CERTIFICATES`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_FM_RADIO`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_INSTANT_APPS`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_LOCUS_ID_USAGE_STATS`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_MTP`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_NETWORK_CONDITIONS`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_NOTIFICATIONS`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_SHARED_LIBRARIES`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_SHORTCUTS`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_TUNED_INFO`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_TV_DESCRAMBLER`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_TV_TUNER`	Unknown permission Unknown permission from android reference
	`android.permission.ACCESS_VIBRATOR_STATE`	Unknown permission Unknown permission from android reference
	`android.permission.ACTIVITY_EMBEDDING`	Unknown permission Unknown permission from android reference
	`com.samsung.adaptivebrightnessgo.permission.ADAPTIVE_BRIGHTNESS_PERMISSION`	Unknown permission Unknown permission from android reference
	`com.android.voicemail.permission.ADD_VOICEMAIL`	Unknown permission Unknown permission from android reference
	`android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY`	Unknown permission Unknown permission from android reference
	`android.permission.ALLOCATE_AGGRESSIVE`	Unknown permission Unknown permission from android reference
	`android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK`	Unknown permission Unknown permission from android reference
	`android.permission.AMBIENT_WALLPAPER`	Unknown permission Unknown permission from android reference
	`android.permission.APPROVE_INCIDENT_REPORTS`	Unknown permission Unknown permission from android reference
	`android.permission.ASSOCIATE_COMPANION_DEVICES`	Unknown permission Unknown permission from android reference
	`android.permission.BACKGROUND_CAMERA`	Unknown permission Unknown permission from android reference
	`android.permission.BATTERY_PREDICTION`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_ATTENTION_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_AUGMENTED_AUTOFILL_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_CALL_DIAGNOSTIC_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_CELL_BROADCAST_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_CONNECTION_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_CONTENT_CAPTURE_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_CONTENT_SUGGESTIONS_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_DIRECTORY_SEARCH`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_DISPLAY_HASHING_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_DOMAIN_VERIFICATION_AGENT`	Unknown permission Unknown permission from android reference
	`android.permission.BIND_EUICC_SERVICE`	Unknown permission Unknown permission from android reference
	`android.permission.READ_INSTALL_SESSIONS`	Unknown permission Unknown permission from android reference
	`android.permission.READ_NETWORK_USAGE_HISTORY`	Unknown permission Unknown permission from android reference
	`android.permission.READ_OEM_UNLOCK_STATE`	Unknown permission Unknown permission from android reference
	`android.permission.READ_PEOPLE_DATA`	Unknown permission Unknown permission from android reference
	`com.android.voicemail.permission.WRITE_VOICEMAIL`	Unknown permission Unknown permission from android reference
	`android.permission.WRITE_OBB`	Unknown permission Unknown permission from android reference
	`android.permission.WRITE_MEDIA_STORAGE`	Unknown permission Unknown permission from android reference
	`android.intent.action.MAIN`	Unknown permission Unknown permission from android reference
	`android.intent.category.LAUNCHER`	Unknown permission Unknown permission from android reference
	`android.intent.action.SEND`	Unknown permission Unknown permission from android reference
	`android.intent.category.DEFAULT`	Unknown permission Unknown permission from android reference
	`com.elite.SMSReceiver`	Unknown permission Unknown permission from android reference
		Unknown permission Unknown permission from android reference
	`android.provider.Telephony.SMS_RECEIVED`	Unknown permission Unknown permission from android reference

Tracking analysis

Information computed with Exodus-core.

Facebook Ads

https://reports.exodus-privacy.eu.org/fr/trackers/65

Threat analysis

Information computed with Quark-Engine.

Confidence: 100%	Load external class
Confidence: 100%	Find a method from given class name, usually for reflection
Confidence: 100%	Method reflection
Confidence: 100%	Install other APKs from file
Confidence: 100%	Retrieve data from broadcast
Confidence: 100%	Read sensitive data(SMS, CALLLOG, etc)
Confidence: 100%	Open a file from given absolute path of the file
Confidence: 100%	Monitor the broadcast action events (BOOT_COMPLETED)
Confidence: 100%	Get absolute path of the file and store in string
Confidence: 100%	Read file from assets directory
Confidence: 100%	Get last known location of the device
Confidence: 100%	Get calendar information
Confidence: 100%	Get location of the device
Confidence: 100%	Method reflection
Confidence: 100%	Query data from URI (SMS, CALLLOGS)
Confidence: 100%	Get the time of current location
Confidence: 100%	Initialize class object dynamically
Confidence: 100%	Read the input stream from given URL
Confidence: 80%	Connect to a URL and receive input stream from the server
Confidence: 80%	Connect to a URL and read data from it
Confidence: 80%	Read file and put it into a stream
Confidence: 80%	Get declared method from given method name
Confidence: 80%	Connect to the remote server through the given URL
Confidence: 80%	Connect to a URL and set request method
Confidence: 80%	Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Crypto

       okio/HashingSink.java
       okio/HashingSource.java
       okio/ByteString.java
       okio/Buffer.java

Get system service

       com/my/newproject/MainActivity.java
       com/my/newproject/SketchApplication.java
       com/my/newproject/SketchwareUtil.java

Http connection

       android/net/http/RequestQueue.java
       android/net/http/Headers.java
       android/net/http/AndroidHttpClient.java
       android/net/http/AndroidHttpClientConnection.java

Http requests, connections and sessions

       android/net/http/AndroidHttpClient.java

Inter process communication

       com/my/newproject/MainActivity.java
       com/my/newproject/SketchApplication.java
       com/my/newproject/DebugActivity.java
       com/my/newproject/SketchwareUtil.java
       com/my/newproject/BluetoothConnect.java

Java reflection

       okio/ByteString.java

Kill process

       com/my/newproject/SketchApplication.java

Local file i/o operations

       com/my/newproject/MainActivity.java

Message digest

       okio/HashingSink.java
       okio/HashingSource.java
       okio/ByteString.java
       okio/Buffer.java

Starting activity

       com/my/newproject/MainActivity.java
       com/my/newproject/SketchwareUtil.java
       com/my/newproject/BluetoothConnect.java

Tcp socket

       okio/Okio.java
       android/net/http/AndroidHttpClientConnection.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably gets the IMEI of the phone

The application probably gets the advertising ID for tracking purposes

com/facebook/ads/internal/bridge/gms/AdvertisingId

The application probably gets the location based on GPS and/or Wi-Fi

The application probably gets the network connections information

The application probably gets network interfaces addresses (IP and/or MAC)

okhttp3/internal/http2/Http2Connection$Builder

The application probably uses reflection

The application probably plays sound

androidx/appcompat/app/AppCompatDelegateImpl

com.my.newproject

android Update

107

permissions

4

activities

0

services

0

receivers

0

domains

File sums

APKiD

SSdeep

Dexofuzzy

APK details

Certificate details

Manifest analysis

Main Activity

Activities

Sample timeline

VirusTotal

Most Popular AV Detections

NIAP analysis

Code analysis

Permissions analysis

Tracking analysis

Threat analysis

Behavior analysis

Control flow graphs analysis

The application probably dynamically loads code

The application probably gets the IMEI of the phone

The application probably gets the advertising ID for tracking purposes

The application probably gets the location based on GPS and/or Wi-Fi

The application probably gets the network connections information

The application probably gets network interfaces addresses (IP and/or MAC)

The application probably uses reflection

The application probably plays sound

The application probably makes OS calls

The application probably sends data over HTTP/S

The application probably creates an accessibility service

The application probably listens accessibility events