Analysis Report

Overview

General Information

Joe Sandbox Version:	18.0.0
Analysis ID:	210643
Start time:	17:34:54
Joe Sandbox Product:	Cloud
Start date:	26.01.2017
Overall analysis duration:	0h 8m 34s
Report type:	full
Sample file name:	charger
Cookbook file name:	defaultandroidfilecookbook.jbs
Analysis system description:	Android x86 5.1
Detection:	MAL
Classification:	mal80.evad.expl.rans.spyw.and@0/254@5/0
Warnings:	Show All No interacted views Not all executed log events are in report (maximum 10 identical API calls) Not all resource files were parsed Report size exceeded maximum capacity and may have missing behavior information.

Detection

Strategy	Score	Range	Reporting	Detection
Threshold	80	0 - 100	Report FP / FN

Classification

Signature Overview

Click to jump to signature section

Change of System Appearance:

Acquires a wake lock

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->o:252	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->o:258	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:367	API Call: android.os.PowerManager$WakeLock.acquire
Source: com.google.android.gms.internal.zzayd;->acquire:71	API Call: android.os.PowerManager$WakeLock.acquire

Mutes ringtone sound

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.nkbgk$16;->a:70	API Call: android.media.AudioManager.setRingerMode("0")
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:389	API Call: android.media.AudioManager.setRingerMode("0")

May access the Android keyguard (lock screen)

Show sources

Source: android

String found in binary or memory: keyguard

Location Tracing:

Queries the phones location (GPS)

Show sources

Source: com.google.android.gms.internal.zzna;->zza:391	API Call: android.location.Location.getLatitude
Source: com.google.android.gms.internal.zzna;->zza:393	API Call: android.location.Location.getLongitude

Operating System Destruction:

Lists and deletes files in the same context

Show sources

Source: com.google.android.gms.internal.zzv;->initialize:132	API Calls in same method context: File.listFiles,File.delete
Source: com.google.android.gms.internal.zzio;->zzgh:296	API Calls in same method context: File.listFiles,File.delete
Source: com.a.a.a.c;->a:15	API Calls in same method context: File.listFiles,File.delete

Spam, unwanted Advertisements and Ransom Demands:

Loads advertisement

Show sources

Source: android	String found in binary or memory: .doubleclick.net
Source: android	String found in binary or memory: //googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html
Source: android	String found in binary or memory: //googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_video_ads.html
Source: android	String found in binary or memory: ad.doubleclick.net
Source: android	String found in binary or memory: googleads.g.doubleclick.net
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html

May dial phone number

Show sources

Source: com.google.android.gms.internal.zzfp;->zzfg:16

API Call: android.net.Uri.parse("tel:")

Strings related to ransomware found

Show sources

Source: android	Method string: To restore files and unlock your mobile deviceYou need to buy Bitcoins and pay us.
Source: android	Method string: WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENTWE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER!
Source: android	Method string: WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENTWE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER!
Source: android	Method string: We collect and download all of your personal data.All information about your social networks, Bank accounts, Credit Cards.We collect all data about your friends and family.

Privilege Escalation:

Checks if the device administrator is active

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->o:218	API Call: android.app.admin.DevicePolicyManager.isAdminActive
Source: com.mdvmonsxa.lhqhmfqodr.sbjtcrjby;->a:4	API Call: android.app.admin.DevicePolicyManager.isAdminActive

Starts an activity on device admin enabled

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.ckractflv.tzuatd;->onDisabled:8

API Call: android.content.Context.startActivity (not executed)

Tries to add a new device administrator

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.sbjtcrjby;->a:6

API Call: android.content.Intent.<init> android.app.action.ADD_DEVICE_ADMIN

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Has permission to take photos

Show sources

Source: submitted apk

Request permission: android.permission.CAMERA

E-Banking Fraud:

Has functionalty to add an overlay to other apps

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen;->onStartCommand:210	API Call: WindowManager.addView
Source: com.mdvmonsxa.lhqhmfqodr.c;->j:332	API Call: WindowManager.addView

Networking:

Urls found in memory or binary data

Show sources

Source: android	String found in binary or memory: file://
Source: android	String found in binary or memory: file:///android_asset/
Source: android	String found in binary or memory: http://
Source: android	String found in binary or memory: http://192.52.167.100:5001
Source: android	String found in binary or memory: http://91.239.64.121:5001
Source: android	String found in binary or memory: http://plus.google.com/
Source: design_tint_password_toggle.xml, design_bottom_sheet_dialog.xml	String found in binary or memory: http://schemas.android.com/apk/res-auto
Source: activity_main.xml, design_bottom_sheet_dialog.xml	String found in binary or memory: http://schemas.android.com/apk/res-auto//android.support.design.widget.coordinatorlayout
Source: abc_secondary_text_material_dark.xml	String found in binary or memory: http://schemas.android.com/apk/res/android
Source: abc_screen_simple_overlay_action_mode.xml	String found in binary or memory: http://schemas.android.com/apk/res/android//android.support.v7.widget.fitwindowsframelayout
Source: abc_screen_simple.xml	String found in binary or memory: http://schemas.android.com/apk/res/android00android.support.v7.widget.fitwindowslinearlayout((androi
Source: design_navigation_menu.xml	String found in binary or memory: http://schemas.android.com/apk/res/android22android.support.design.internal.navigationmenuview
Source: design_navigation_item.xml	String found in binary or memory: http://schemas.android.com/apk/res/android66android.support.design.internal.navigationmenuitemview
Source: android	String found in binary or memory: http://www.example.com
Source: android	String found in binary or memory: http://www.google.com
Source: android	String found in binary or memory: https://
Source: android	String found in binary or memory: https://api.appsflyer.com/install_data/v3/
Source: resources.arsc, android	String found in binary or memory: https://bitquick.co
Source: resources.arsc, android	String found in binary or memory: https://bitstamp.net
Source: resources.arsc, android	String found in binary or memory: https://blockchain.info/wallet/
Source: resources.arsc	String found in binary or memory: https://blockchain.info/wallet/aa4.
Source: resources.arsc, android	String found in binary or memory: https://coinbase.com
Source: resources.arsc, android	String found in binary or memory: https://coincorner.com
Source: resources.arsc, android	String found in binary or memory: https://coinjar.com
Source: android	String found in binary or memory: https://csi.gstatic.com/csi
Source: android	String found in binary or memory: https://events.appsflyer.com/api/v
Source: android	String found in binary or memory: https://fittmaetrix.github.io/
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js
Source: android	String found in binary or memory: https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html
Source: resources.arsc, android	String found in binary or memory: https://localbitcoins.com
Source: android	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: android	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps
Source: resources.arsc, android	String found in binary or memory: https://paxful.com
Source: android	String found in binary or memory: https://register.appsflyer.com/api/v
Source: android	String found in binary or memory: https://sdk-services.appsflyer.com/validate-android-signature
Source: android	String found in binary or memory: https://stats.appsflyer.com/stats
Source: android	String found in binary or memory: https://t.appsflyer.com/api/v
Source: android	String found in binary or memory: https://www.google.com/dfp/debugsignals
Source: android	String found in binary or memory: https://www.google.com/dfp/inapppreview
Source: android	String found in binary or memory: https://www.google.com/dfp/linkdevice
Source: android	String found in binary or memory: https://www.google.com/dfp/senddebugdata

Downloads files from webservers via HTTP

Show sources

Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip

Found strings which match to known social media urls

Show sources

Source: android	String found in binary or memory: Facebook etc.) equals www.facebook.com (Facebook)
Source: android	String found in binary or memory: content://com.facebook.katana.provider.AttributionIdProvider equals www.facebook.com (Facebook)

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: mtalk.google.com

Uses HTTP for connecting to the internet

Show sources

Source: com.a.a.d.a.f;->a:48	API Call: java.net.HttpURLConnection.connect
Source: com.hyitfrfmpw.earivs.AppsFlyerLib$AttributionIdFetcher;->run:56	API Call: java.net.HttpURLConnection.connect
Source: com.hyitfrfmpw.earivs.BackgroundHttpTask;->doInBackground:34	API Call: javax.net.ssl.HttpsURLConnection.connect
Source: com.google.android.gms.internal.zzw;->zza:61	API Call: org.apache.http.client.HttpClient.execute

Uses HTTPS

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 57011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57011

Checks an internet connection is available

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.c.d;->f:102	API Call: android.net.ConnectivityManager.getNetworkInfo
Source: com.mdvmonsxa.lhqhmfqodr.c.d;->f:103	API Call: android.net.NetworkInfo.isConnected
Source: com.mdvmonsxa.lhqhmfqodr.c.d;->f:106	API Call: android.net.wifi.WifiManager.getConnectionInfo
Source: com.a.a.e.e;->a:13	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.a.a.e.e;->a:14	API Call: android.net.NetworkInfo.isConnected
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getNetwork:524	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zznf$zza;->zza:58	API Call: android.net.ConnectivityManager.getActiveNetworkInfo
Source: com.google.android.gms.internal.zznf$zza;->zza:60	API Call: android.net.NetworkInfo.getDetailedState

Opens an internet connection

Show sources

Source: com.a.a.d.a.f$a;->a:3	API Call: java.net.URL.openConnection (not executed)
Source: com.hyitfrfmpw.earivs.AppsFlyerLib$AttributionIdFetcher;->run:49	API Call: java.net.URL.openConnection (not executed)
Source: com.hyitfrfmpw.earivs.AppsFlyerLib$ValidateInAppPurchase;->run:29	API Call: java.net.URL.openConnection (not executed)
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->callServer:269	API Call: java.net.URL.openConnection (not executed)
Source: com.hyitfrfmpw.earivs.BackgroundHttpTask;->doInBackground:15	API Call: java.net.URL.openConnection (not executed)
Source: a.a.f.a;->a:45	API Call: java.net.Socket.connect (not executed)
Source: a.a.f.e;->a:33	API Call: java.net.Socket.connect (not executed)
Source: com.qgauhskskx.pvgobwiyv.identifier.zza;->zzu:3	API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzhy;->zza:3	API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzmz;->zza:169	API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzpz;->zzu:9	API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzqh;->zzb:3	API Call: java.net.URL.openConnection (not executed)
Source: com.google.android.gms.internal.zzz;->zza:68	API Call: java.net.URL.openConnection (not executed)

Performs DNS lookups (Java API)

Show sources

Source: a.o$1;->a:4

API Call: java.net.InetAddress.getAllByName (not executed)

Boot Survival:

Has permission to execute code after phone reboot

Show sources

Source: submitted apk

Request permission: android.permission.RECEIVE_BOOT_COMPLETED

Installs a new wake lock (to get activate on phone screen on)

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:365	API Call: android.os.PowerManager.newWakeLock
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:370	API Call: android.os.PowerManager.newWakeLock
Source: com.google.android.gms.internal.zzayd;-><init>:20	API Call: android.os.PowerManager.newWakeLock

Starts/registers a service/receiver on phone boot (autostart)

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.ckractflv.ayucvj;->onReceive:15

API Call: android.content.Context.startService (not executed)

Stealing of Sensitive Information:

Checks if a SIM card is installed

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.c.d;->d:93

API Call: android.telephony.TelephonyManager.getSimState

Has permission to read contacts

Show sources

Source: submitted apk

Request permission: android.permission.READ_CONTACTS

Has permission to read the SMS storage

Show sources

Source: submitted apk

Request permission: android.permission.READ_SMS

Has permission to read the phones state (phone number, device IDs, active call ect.)

Show sources

Source: submitted apk

Request permission: android.permission.READ_PHONE_STATE

Has permissions to create, read or change account settings (inlcuding account password settings)

Show sources

Source: submitted apk

Request permission: android.permission.GET_ACCOUNTS

Queries SMS data

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.uefpli;->a:26

API Call: android.net.Uri.parse("content://sms/")

Queries a list of installed applications

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.c.d;->g:111	API Call: android.content.pm.PackageManager.getInstalledApplications
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.uefpli;->e:4	API Call: android.content.pm.PackageManager.getInstalledApplications

Queries camera information

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen;->a:11	API Call: android.hardware.Camera.open
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen;->a:85	API Call: android.hardware.Camera.open
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen;->b:127	API Call: android.hardware.Camera.getNumberOfCameras
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen;->b:128	API Call: android.hardware.Camera.getCameraInfo
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen;->b:129	API Call: android.hardware.Camera.open

Queries email messages

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.uefpli;->c:191

Field access: android.provider.ContactsContract$CommonDataKinds$Email.CONTENT_URI

Queries media storage location field

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.uefpli;->b:147

Field access: android.provider.MediaStore$Images$Media.EXTERNAL_CONTENT_URI

Queries phone contact information

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.uefpli;->c:187

Field access: android.provider.ContactsContract$CommonDataKinds$Phone.CONTENT_URI

Queries stored mail and application accounts (e.g. Gmail or Whatsup)

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.d;->a:7	API Call: android.accounts.Account.name
Source: com.google.android.gms.common.internal.zzg;->getAccountName:20	API Call: android.accounts.Account.name
Source: com.google.android.gms.internal.zzaxy;->zzOn:8	API Call: android.accounts.Account.name
Source: com.google.android.gms.auth.api.signin.GoogleSignInOptions;->zzqI:63	API Call: android.accounts.Account.name

Queries the Googlemail Account Name

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.d;->a:5

API Call: android.accounts.AccountManager.getAccountsByType

Data Obfuscation:

Obfuscates method names

Show sources

Source: charger

Total valid method names: 24%

Uses reflection

Show sources

Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public android.content.Context android.content.ContextWrapper.getBaseContext()
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean)
Source: com.mtilpges.oeveohr.a;->b:318	API Call: Real call: public static final int android.content.Context.MODE_PRIVATE
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public java.io.File android.app.ContextImpl.getDir(java.lang.String,int)
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public java.lang.String java.io.File.getAbsolutePath()
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public android.content.res.AssetManager android.app.ContextImpl.getAssets()
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public final java.io.InputStream android.content.res.AssetManager.open(java.lang.String) throws java.io.IOException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public final int android.content.res.AssetManager$AssetInputStream.read(byte[]) throws java.io.IOException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public static void java.lang.System.arraycopy(byte[],int,byte[],int,int)
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public final int android.content.res.AssetManager$AssetInputStream.read(byte[]) throws java.io.IOException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public final int android.content.res.AssetManager$AssetInputStream.read(byte[]) throws java.io.IOException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public void java.io.OutputStream.write(byte[]) throws java.io.IOException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public java.lang.ClassLoader java.lang.Class.getClassLoader()
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public static java.lang.Class java.lang.Class.forName(java.lang.String) throws java.lang.ClassNotFoundException
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean)
Source: com.mtilpges.oeveohr.a;->a:168	API Call: Real call: final android.app.LoadedApk android.app.ContextImpl.mPackageInfo
Source: com.mtilpges.oeveohr.a;->a:1313	API Call: Real call: public void java.lang.reflect.AccessibleObject.setAccessible(boolean)
Source: com.google.a.b.a.h$1;->a:8	API Call: java.lang.reflect.Field.get
Source: com.google.a.b.a.h$1;->a:16	API Call: java.lang.reflect.Field.get
Source: a.a.b.e;->a:6	API Call: java.lang.reflect.Method.invoke
Source: com.google.a.b.j$1;->a:4	API Call: java.lang.reflect.Method.invoke
Source: com.google.a.b.j$2;->a:4	API Call: java.lang.reflect.Method.invoke
Source: com.google.a.b.j$3;->a:3	API Call: java.lang.reflect.Method.invoke
Source: com.google.a.b.j;->a:7	API Call: java.lang.reflect.Field.get
Source: com.google.a.b.j;->a:14	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.dynamic.zze;->zzE:10	API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzA:35	API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzA:38	API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.dynamite.DynamiteModule;->zzD:93	API Call: java.lang.reflect.Field.get
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->addDeviceTracking:159	API Call: java.lang.reflect.Method.invoke
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1200	API Call: java.lang.reflect.Field.get
Source: org.greenrobot.eventbus.c;->a:187	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.a$a;->a:7	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.a;->a:66	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.a;->a:69	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.b;->a:8	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.b;->a:17	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.c$a;->invoke:31	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.c;->a:30	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.c;->a:47	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.c;->b:50	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.d;->a:14	API Call: java.lang.reflect.Method.invoke
Source: a.a.f.d;->c:34	API Call: java.lang.reflect.Method.invoke
Source: a.a.g.e$a;->a:4	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzack;->zzb:101	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzat;->zza:9	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzat;->zza:145	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzat;->zzb:263	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbg;->zzbe:9	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbh;->zzbe:11	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbi;->zze:57	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbj;->zzbe:9	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbk;->zzbe:7	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbl;->zzbe:3	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbm;->zzbj:7	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbo;->zzbe:7	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbp;->zzbe:7	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbq;->zzbe:9	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbr;->zzbe:10	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbs;->zzbe:5	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbt;->zzbe:4	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbu;->zzbe:7	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbuu;->zza:20	API Call: java.lang.reflect.Field.get
Source: com.google.android.gms.internal.zzbuu;->zza:39	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbuu;->zza:47	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbv;->zzbe:7	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzbw;->zzbe:5	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzpx;->zzR:45	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.internal.zzpx;->zzR:49	API Call: java.lang.reflect.Method.invoke
Source: com.mtilpges.oeveohr.a;->a:1043	API Call: java.lang.reflect.Field.get
Source: com.qgauhskskx.pvgobwiyv.internal.purchase.zzb;->zzV:9	API Call: java.lang.reflect.Method.invoke
Source: com.qgauhskskx.pvgobwiyv.internal.purchase.zzb;->zzb:22	API Call: java.lang.reflect.Method.invoke
Source: com.qgauhskskx.pvgobwiyv.internal.purchase.zzb;->zzb:37	API Call: java.lang.reflect.Method.invoke
Source: com.qgauhskskx.pvgobwiyv.internal.purchase.zzb;->zzl:50	API Call: java.lang.reflect.Method.invoke
Source: com.qgauhskskx.pvgobwiyv.internal.purchase.zzb;->zzm:65	API Call: java.lang.reflect.Method.invoke
Source: com.qgauhskskx.pvgobwiyv.internal.purchase.zzd;->zziq:89	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.security.ProviderInstaller;->installIfNeeded:17	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzy;->zza:8	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzy;->zza:16	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzy;->zza:24	API Call: java.lang.reflect.Method.invoke
Source: com.google.android.gms.common.util.zzy;->zza:31	API Call: java.lang.reflect.Method.invoke

Accesses Class Loader via Reflection

Show sources

Source: com.mtilpges.oeveohr.a;->a:1313

API Call: Reflective call: public java.lang.ClassLoader java.lang.Class.getClassLoader()

Spreading:

Accesses external storage location

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.c.d;->b:43	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mdvmonsxa.lhqhmfqodr.c.d;->c:78	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen$1;->onPictureTaken:136	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen$1;->onPictureTaken:157	API Call: android.os.Environment.getExternalStorageDirectory
Source: com.google.android.gms.internal.zzfp;->zzfj:5	API Call: android.os.Environment.getExternalStorageState
Source: com.google.android.gms.internal.zzfz;-><init>:12	API Call: android.os.Environment.getExternalStorageDirectory

System Summary:

Classification label

Show sources

Source: classification engine

Classification label: mal80.evad.expl.rans.spyw.and@0/254@5/0

Reads shares settings

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.Grid.CustomGrid;->d:62	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.c.d;->a:34	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.ckractflv.ayucvj;->onReceive:4	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.ckractflv.pgcgk;->onReceive:4	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen;->onDestroy:177	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.eqtdhba.uefpli;->d:231	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.MainActivity;->k:10	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.MainActivity;->o:36	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.MainActivity;->onCreate:92	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.b;->a:11	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.c;->v:96	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->b:133	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.c;->c:146	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->d:156	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->f:282	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->g:302	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->q:354	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.c;->q:360	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->q:364	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->q:368	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->setInstalledPhotos:383	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.c;->setInstalledSMSs:411	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk$16;->a:15	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk$16;->a:57	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk$2;->a:8	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->g:66	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->g:70	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->g:83	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->h:106	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->i:138	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->j:167	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->o:227	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->o:244	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->o:264	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->c:290	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->c:310	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->c:315	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->c:319	API Call: android.content.SharedPreferences.getString
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->c:342	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->c:345	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->c:349	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:384	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:393	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:406	API Call: android.content.SharedPreferences.getBoolean
Source: com.mdvmonsxa.lhqhmfqodr.nkbgk;->onCreate:411	API Call: android.content.SharedPreferences.getBoolean
Source: com.hyitfrfmpw.earivs.AppsFlyerLib$SendToServerRunnable;->run:20	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->addDeviceTracking:152	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->addDeviceTracking:168	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->callServer:322	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->callServer:336	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getCachedChannel:458	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getCachedStore:466	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getFirstInstallDate:492	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getPreInstallName:535	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->lastEventsProcessing:599	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->lastEventsProcessing:612	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:1071	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getConversionData:1165	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerProperties;->getReferrer:22	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerProperties;->loadProperties:36	API Call: android.content.SharedPreferences.getString
Source: com.hyitfrfmpw.earivs.Installation;->readInstallationSP:41	API Call: android.content.SharedPreferences.getString
Source: com.qgauhskskx.pvgobwiyv.identifier.AdvertisingIdClient;->getAdvertisingIdInfo:10	API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.flags.impl.zza$zza$1;->zzkt:7	API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.flags.impl.zza$zzd$1;->zzou:6	API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.auth.api.signin.internal.zzl;->zzcA:50	API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzft$1;->zzb:6	API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzft$5;->zzf:5	API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzis;->restore:124	API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzpg$10;->zzcm:7	API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzpg$13;->zzcm:7	API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzpg$15;->zzcm:8	API Call: android.content.SharedPreferences.getString
Source: com.google.android.gms.internal.zzpg$4;->zzcm:7	API Call: android.content.SharedPreferences.getBoolean
Source: com.google.android.gms.internal.zzpg$6;->zzcm:8	API Call: android.content.SharedPreferences.getString

Requests potentially dangerous permissions

Show sources

Source: submitted apk	Request permission: android.permission.CAMERA
Source: submitted apk	Request permission: android.permission.INTERNET
Source: submitted apk	Request permission: android.permission.READ_CONTACTS
Source: submitted apk	Request permission: android.permission.READ_PHONE_STATE
Source: submitted apk	Request permission: android.permission.READ_SMS
Source: submitted apk	Request permission: android.permission.SYSTEM_ALERT_WINDOW
Source: submitted apk	Request permission: android.permission.WAKE_LOCK
Source: submitted apk	Request permission: android.permission.WRITE_EXTERNAL_STORAGE

HIPS / PFW / Operating System Protection Evasion:

Uses the DexClassLoader (often used for code injection)

Show sources

Source: com.google.android.gms.internal.zzbc;->zzp:180	API Call: dalvik.system.DexClassLoader.<init> (not executed)
Source: com.google.android.gms.internal.zzbx;->zzbm:16	API Call: dalvik.system.DexClassLoader.loadClass (not executed)

Anti Debugging:

Access the class loader (often done to load a new code)

Show sources

Source: Lcom/mtilpges/oeveohr/a;->a(Ljava/lang/Object;Ljava/lang/Object;)V

Method string: "mClassLoader"

Creates a new dex file (likely to load a new code)

Show sources

Source: Lcom/mtilpges/oeveohr/a;->a(Landroid/content/Context;)V	Method string: "/data/data/com.mdvmonsxa.lhqhmfqodr/app_fctorp/qodnigsofy.dex"
Source: Lcom/google/android/gms/internal/zzbc;->zza(Ljava/io/File;Ljava/lang/String;)V	Method string: "%s/%s.dex"
Source: Lcom/google/android/gms/internal/zzbc;->zzb(Ljava/io/File;Ljava/lang/String;)Z	Method string: "%s/%s.dex"

Creates a new jar file (likely to load a new code)

Show sources

Source: Lcom/mtilpges/oeveohr/a;->a(Landroid/content/Context;)V	Method string: "/data/data/com.mdvmonsxa.lhqhmfqodr/app_fctorp/qodnigsofy.jar"
Source: Lcom/google/android/gms/internal/zzbc;->zza(Ljava/lang/String;Ljava/io/File;Ljava/lang/String;)Ljava/io/File;	Method string: "%s/%s.jar"

Malware Analysis System Evasion:

Accesses /proc

Show sources

Source: Lcom/google/android/gms/common/util/zzt;->zzdk(I)Ljava/lang/String;

Method string: "/proc/"

Accesses android OS build fields

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.b.c;->a:5	Field Access: android.os.Build$VERSION.RELEASE
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:1	Field Access: android.os.Build.PRODUCT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:4	Field Access: android.os.Build.PRODUCT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:7	Field Access: android.os.Build.PRODUCT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:10	Field Access: android.os.Build.PRODUCT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:13	Field Access: android.os.Build.PRODUCT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:16	Field Access: android.os.Build.PRODUCT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:19	Field Access: android.os.Build.MANUFACTURER
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:22	Field Access: android.os.Build.MANUFACTURER
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:25	Field Access: android.os.Build.BRAND
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:28	Field Access: android.os.Build.BRAND
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:31	Field Access: android.os.Build.DEVICE
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:34	Field Access: android.os.Build.DEVICE
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:37	Field Access: android.os.Build.DEVICE
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:40	Field Access: android.os.Build.DEVICE
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:43	Field Access: android.os.Build.DEVICE
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:46	Field Access: android.os.Build.MODEL
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:49	Field Access: android.os.Build.MODEL
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:52	Field Access: android.os.Build.MODEL
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:55	Field Access: android.os.Build.MODEL
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:58	Field Access: android.os.Build.MODEL
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:67	Field Access: android.os.Build.FINGERPRINT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:70	Field Access: android.os.Build.FINGERPRINT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:73	Field Access: android.os.Build.FINGERPRINT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:76	Field Access: android.os.Build.FINGERPRINT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:79	Field Access: android.os.Build.FINGERPRINT
Source: com.mdvmonsxa.lhqhmfqodr.c.b;->a:82	Field Access: android.os.Build.FINGERPRINT
Source: com.mdvmonsxa.lhqhmfqodr.c.d;->a:6	Field Access: android.os.Build.MANUFACTURER
Source: com.mdvmonsxa.lhqhmfqodr.c.d;->a:7	Field Access: android.os.Build.MODEL
Source: com.mdvmonsxa.lhqhmfqodr.a;->a:33	Field Access: android.os.Build$VERSION.RELEASE
Source: com.mdvmonsxa.lhqhmfqodr.a;->b:41	Field Access: android.os.Build.MANUFACTURER
Source: com.mdvmonsxa.lhqhmfqodr.a;->b:42	Field Access: android.os.Build.MODEL
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:879	Field Access: android.os.Build.BRAND
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:882	Field Access: android.os.Build.DEVICE
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:885	Field Access: android.os.Build.PRODUCT
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:891	Field Access: android.os.Build.MODEL
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:894	Field Access: android.os.Build.TYPE
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1176	Field Access: android.os.Build.BOARD
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1179	Field Access: android.os.Build.BRAND
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1182	Field Access: android.os.Build.CPU_ABI
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1185	Field Access: android.os.Build.DEVICE
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1188	Field Access: android.os.Build.MANUFACTURER
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1191	Field Access: android.os.Build.MODEL
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->getUniquePsuedoID:1194	Field Access: android.os.Build.PRODUCT
Source: com.google.android.gms.internal.zzbc;->zza:41	Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzbc;->zzb:126	Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzfy;-><init>:18	Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzfy;-><init>:22	Field Access: android.os.Build$VERSION.SDK
Source: com.google.android.gms.internal.zzlz;->zza:71	Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzna;->zza:255	Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzna;->zza:258	Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zznf$zza;->zzu:83	Field Access: android.os.Build.FINGERPRINT
Source: com.google.android.gms.internal.zzpi;->zzkj:530	Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzpi;->zzkj:533	Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzpi;->zzkj:539	Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzpi;->zzkj:542	Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.internal.zzpi;->zzkj:544	Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzpi;->zzkj:547	Field Access: android.os.Build.DISPLAY
Source: com.google.android.gms.internal.zzpi;->zzkm:571	Field Access: android.os.Build.MANUFACTURER
Source: com.google.android.gms.internal.zzpi;->zzkm:572	Field Access: android.os.Build.MODEL
Source: com.google.android.gms.internal.zzpx;->zza:83	Field Access: android.os.Build$VERSION.RELEASE
Source: com.google.android.gms.internal.zzpx;->zzkI:155	Field Access: android.os.Build.DEVICE
Source: com.google.android.gms.common.util.zzi;->zzyw:40	Field Access: android.os.Build.TYPE

Queries several sensitive phone informations

Show sources

Source: Lcom/google/android/gms/internal/zzpx;->zzS(Landroid/content/Context;)I	Method string: "android"
Source: Lcom/google/android/gms/internal/zzqt;->zzkP()V	Method string: "version"
Source: Lcom/google/android/gms/internal/zzpx;->zza(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Landroid/os/Bundle;ZLcom/google/android/gms/internal/zzpx$zza;)V	Method string: "os"
Source: Lcom/hyitfrfmpw/earivs/AppsFlyerLib;->addDeviceTracking(Landroid/content/Context;Ljava/util/Map;)V	Method string: "imei"
Source: Lcom/google/android/gms/internal/zzah;-><clinit>()V	Method string: "category"
Source: Lcom/hyitfrfmpw/earivs/AppsFlyerLib;->sendTrackingWithEvent(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Z)V	Method string: "model"
Source: Lcom/qgauhskskx/pvgobwiyv/internal/overlay/zzz;->onStop()V	Method string: "type"
Source: Lcom/qgauhskskx/pvgobwiyv/internal/purchase/zzd;->zzip()Ljava/util/Map;	Method string: "appid"
Source: Lcom/google/android/gms/internal/zznf$zza;->zza(Landroid/content/Context;Landroid/content/pm/PackageManager;)V	Method string: "phone"
Source: Lcom/hyitfrfmpw/earivs/AppsFlyerLib;->sendTrackingWithEvent(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Z)V	Method string: "brand"
Source: Lcom/qgauhskskx/pvgobwiyv/internal/overlay/zzl;->zzhH()V	Method string: "time"
Source: Lcom/google/android/gms/internal/zzfy;-><init>(Landroid/content/Context;Ljava/lang/String;)V	Method string: "sdk"

Queries the unique operating system id (ANDROID_ID)

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.c.d;->b:69	API Call: android.provider.Settings$Secure.getString
Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->addDeviceTracking:172	API Call: android.provider.Settings$Secure.getString
Source: com.google.android.gms.internal.zzpx;->zzO:28	API Call: android.provider.Settings$Secure.getString

Tries to detect Android x86

Show sources

Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "sdk_x86"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "generic_x86"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "generic_x86_64"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "generic_x86_64"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "Android SDK built for x86_64"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "Android SDK built for x86_64"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "Android SDK built for x86"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "generic_x86/sdk_x86/generic_x86"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "generic_x86/sdk_x86/generic_x86"

Tries to detect Virtualbox

Show sources

Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "vbox86p"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "vbox86p"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "vbox86"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "generic/vbox86p/vbox86p"
Source: Lcom/mdvmonsxa/lhqhmfqodr/c/b;->a()Z	Method string: "generic/vbox86p/vbox86p"

Hooking and other Techniques for Hiding and Protection:

Uses Crypto APIs

Show sources

Source: a.a.c;->a:13	API Call: java.security.MessageDigest.getInstance
Source: a.a.c;->a:15	API Call: java.security.MessageDigest.digest
Source: a.a.c;->b:77	API Call: java.security.MessageDigest.getInstance
Source: a.a.c;->b:79	API Call: java.security.MessageDigest.digest
Source: com.a.a.d.b.f;->a:16	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.f;->a:17	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.f;->a:23	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.f;->a:29	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.f;->a:35	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.f;->a:41	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.f;->a:47	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.j;->a:5	API Call: java.security.MessageDigest.update
Source: com.a.a.d.b.b.j;->a:7	API Call: java.security.MessageDigest.getInstance
Source: com.a.a.d.b.b.j;->a:9	API Call: java.security.MessageDigest.digest
Source: com.hyitfrfmpw.earivs.HashUtils;->toMD5:9	API Call: java.security.MessageDigest.getInstance
Source: com.hyitfrfmpw.earivs.HashUtils;->toMD5:13	API Call: java.security.MessageDigest.update
Source: com.hyitfrfmpw.earivs.HashUtils;->toMD5:14	API Call: java.security.MessageDigest.digest
Source: com.hyitfrfmpw.earivs.HashUtils;->toSHA1:19	API Call: java.security.MessageDigest.getInstance
Source: com.hyitfrfmpw.earivs.HashUtils;->toSHA1:23	API Call: java.security.MessageDigest.update
Source: com.hyitfrfmpw.earivs.HashUtils;->toSHA1:24	API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzan$zza;->run:4	API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzan;->zzh:97	API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzan;->zzh:99	API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzax;->getCipher:7	API Call: javax.crypto.Cipher.getInstance
Source: com.google.android.gms.internal.zzax;->zzc:23	API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.zzax;->zzc:25	API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzax;->zzd:38	API Call: javax.crypto.Cipher.init
Source: com.google.android.gms.internal.zzax;->zzd:40	API Call: javax.crypto.Cipher.doFinal
Source: com.google.android.gms.internal.zzdd;->zzeo:7	API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzdg;->zzF:11	API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzdg;->zzF:13	API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzdi;->zzF:11	API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzdi;->zzF:13	API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzpi;->zzkl:564	API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzpi;->zzkl:565	API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzpi;->zzkl:566	API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzpi;->zzkl:567	API Call: java.security.MessageDigest.digest
Source: com.google.android.gms.internal.zzpx;->zzbb:141	API Call: java.security.MessageDigest.getInstance
Source: com.google.android.gms.internal.zzpx;->zzbb:143	API Call: java.security.MessageDigest.update
Source: com.google.android.gms.internal.zzpx;->zzbb:146	API Call: java.security.MessageDigest.digest

Has permission to draw over other applications or user interfaces

Show sources

Source: submitted apk

Request permission: android.permission.SYSTEM_ALERT_WINDOW

Queries list of running processes/tasks

Show sources

Source: com.google.android.gms.internal.zzdb;->zzef:157	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzie$zza;->zza:41	API Call: android.app.ActivityManager.getRunningAppProcesses
Source: com.google.android.gms.internal.zzpi;->zzD:81	API Call: android.app.ActivityManager.getRunningTasks
Source: com.google.android.gms.internal.zzpi;->zzE:91	API Call: android.app.ActivityManager.getRunningAppProcesses

Language, Device and Operating System Detection:

Queries the SIM provider name (SPN - Service Provider Name)

Show sources

Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:1011

API Call: android.telephony.TelephonyManager.getSimOperatorName

Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code)

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.c.d;->d:94

API Call: android.telephony.TelephonyManager.getSimOperator

Queries the network operator name

Show sources

Source: com.hyitfrfmpw.earivs.AppsFlyerLib;->sendTrackingWithEvent:1014

API Call: android.telephony.TelephonyManager.getNetworkOperatorName

Queries the network operator numeric MCC+MNC (mobile country code + mobile network code)

Show sources

Source: com.google.android.gms.internal.zznf$zza;->zza:51

API Call: android.telephony.TelephonyManager.getNetworkOperator

Queries the unqiue device ID (IMEI, MEID or ESN)

Show sources

Source: com.mdvmonsxa.lhqhmfqodr.c.d;->b:62	API Call: android.telephony.TelephonyManager.getDeviceId
Source: com.mdvmonsxa.lhqhmfqodr.c.d;->c:87	API Call: android.telephony.TelephonyManager.getLine1Number

Yara Overview

No Yara matches

Screenshot

Created / dropped Files

File Path	Type and Hashes
	Type: Dalvik dex file version 035 MD5: F88B900D1B9A248A801509464C45793C SHA: B6B18D7DEDD7D62509F9A740EF1A17D84C432944 SHA-256: 6E074FEA9A3C5083E173C908D25D4C13E10D49D00A0F3E4EF61B369B9409EBC5 SHA-512: D98F8B9570FF807DF531F93EA4688E9E7E4A2CCECF820B6DFA27D6AF0017C0FEFB555B95A8AD4B376ED071E52B13AFD03C795A353C9AF793BC79FB4101B62CF5
/data/data/com.mdvmonsxa.lhqhmfqodr/app_fctorp/qodnigsofy.dex	Type: ELF 32-bit LSB shared object, Intel 80386, version 1 (GNU/Linux), dynamically linked, stripped MD5: E0163DF3B6BADBE1CC8EF9DBDA66C419 SHA: 300368582B54B6C5BF87A658A5D200B0C28CADEC SHA-256: FD524EF1D179027FF7B484E8DB1D7FBB048F93D00EFF6337AEA25002C8734A54 SHA-512: C76E108C21529A0E5743660B41E842FD79C753B553ACB5586F2699EE15B585EF5114BD722E0E7F7F6CECEDF0FAEC5B1A2EF1F955B3B1BECFFBB1629D78C8BBE4
/data/data/com.mdvmonsxa.lhqhmfqodr/app_fctorp/qodnigsofy.jar	Type: Zip archive data, at least v2.0 to extract MD5: 911384C7A5DCF7687A5648D9A44B65E3 SHA: 00CF45674E8BAD8C4F189567E62D55D168D49A81 SHA-256: 2BD048BA88D634BB5AE468126C8A15512ADC20E2D34DC1FDC95B3D697B35EFCB SHA-512: 5D704D1D9370F52925B426A8A4D6D49D5475B2A3B36B9E504BAB99219DE435978D60617171AA913C0521C5C97FC88E89151AE7868A8DABA1BE9A109D7ACB265D

Contacted Domains/Contacted IPs

Contacted Domains

Name	IP	Active
android.clients.google.com	216.58.209.238	true
mtalk.google.com	66.102.1.188	true

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

IP	Country	ASN	ASN Name
74.125.143.188	United States	15169	GoogleInc
173.194.69.188	United States	15169	GoogleInc
216.58.209.238	United States	15169	GoogleInc
8.8.8.8	United States	15169	GoogleInc
8.8.4.4	United States	15169	GoogleInc
66.102.1.188	United States	15169	GoogleInc
172.217.17.78	United States	15169	GoogleInc

Static File Info

General
File type:	Zip archive data, at least v2.0 to extract
TrID:	Android Package (19004/1) 52.05% Java Archive (13504/1) 36.99% ZIP compressed archive (4004/1) 10.97%
File name:	charger
File size:	2409189
MD5:	2b83bd1d97eb911e9d53765edb5ea79e
SHA1:	9e439c0bde41ce900bc44c49146c9fbd6e1e602d
SHA256:	58eb6c368e129b17559bdeacb3aed4d9a5d3596f774cf5ed3fdcf51775232ba0
SHA512:	e8e62e201c6e71b2a6152057755edab8036e1d3d8ddf9545699c71f9dee719c1d5f491ba76ee00d022b69d1d3eaba1452878a601921fe96baa732e6246e6fb56
File Content Preview:	PK..........\|I.Yl.PA..........META-INF/MANIFEST.MF..Y..H...>f....^.....1..B..E..I.K...o..."2.2#...f.......?.w.........'.n."...........g...o......@?`....#...z.Z.uY.V{..........he...........S....-...(h.......V.#.R...ZN..]....<...Rw+..t..~...k..\|.D.e..}..y

File Icon

Static APK Info

General
Label:	Energy Rescue
Minimum SDK required:	14
Target SDK required:	24
Version Code:	2
Version Name:	2
Package Name:	com.mdvmonsxa.lhqhmfqodr
Is Activity:	true
Is Receiver:	true
Is Service:	true
Requests System Level Permissions:	false
Play Store Compatible:	true

Activities

Name	Is Entrypoint
com.mdvmonsxa.lhqhmfqodrcom.mdvmonsxa.lhqhmfqodr.MainActivity	true
com.mdvmonsxa.lhqhmfqodrcom.npclngvqv.vfijrjsq.vqxblumr
com.mdvmonsxa.lhqhmfqodrcom.mdvmonsxa.lhqhmfqodr.xhflfd
com.mdvmonsxa.lhqhmfqodrcom.npclngvqv.vfijrjsq.rubpfukbt
com.mdvmonsxa.lhqhmfqodrcom.mdvmonsxa.lhqhmfqodr.sbjtcrjby
com.mdvmonsxa.lhqhmfqodrcom.npclngvqv.vfijrjsq.erwfgswqs
com.mdvmonsxa.lhqhmfqodrcom.qgauhskskx.pvgobwiyv.lxsrsmf
com.mdvmonsxa.lhqhmfqodrcom.qgauhskskx.pvgobwiyv.pzemfuk.rcjbr
com.mdvmonsxa.lhqhmfqodrcom.npclngvqv.vfijrjsq.vqiea

Receivers

com.hyitfrfmpw.earivs.bplpjwve	Intent: com.android.vending.INSTALL_REFERRER
com.mdvmonsxa.lhqhmfqodr.ckractflv.ayucvj	Intent: android.intent.action.BOOT_COMPLETED (Priority 999)
com.mdvmonsxa.lhqhmfqodr.ckractflv.hobxnlxuo	Intent: android.intent.action.BATTERY_CHANGED
com.mdvmonsxa.lhqhmfqodr.ckractflv.pgcgk	Intent: android.intent.action.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE
com.mdvmonsxa.lhqhmfqodr.ckractflv.tzuatd	Intent: android.app.action.DEVICE_ADMIN_ENABLED

Services

com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen
com.mdvmonsxa.lhqhmfqodr.eqtdhba.uefpli
com.mdvmonsxa.lhqhmfqodr.nkbgk
com.npclngvqv.vfijrjsq.chqdpafn
com.npclngvqv.vfijrjsq.duieyqhxvp
com.npclngvqv.vfijrjsq.ewkdrlm
com.npclngvqv.vfijrjsq.jgdcrhgs
com.npclngvqv.vfijrjsq.kjmupa
com.npclngvqv.vfijrjsq.tpxqa

Permission Requested

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CAMERA

android.permission.GET_ACCOUNTS

android.permission.INTERNET

android.permission.READ_CONTACTS

android.permission.READ_PHONE_STATE

android.permission.READ_PROFILE

android.permission.READ_SMS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.SYSTEM_ALERT_WINDOW

android.permission.WAKE_LOCK

android.permission.WRITE_EXTERNAL_STORAGE

Certificate

Name:	classes.dex
Issuer:	CN=dfsdfds435,OU=fsdf5345345,O=45rwe,L=sdfwefewrewr,ST=we,C=4tert
Subject:	CN=dfsdfds435,OU=fsdf5345345,O=45rwe,L=sdfwefewrewr,ST=we,C=4tert

Resources

Name	Type
design_navigation_item_separator.xml
common_google_signin_btn_icon_light_focused.xml
abc_text_select_handle_right_mtrl_light.png
abc_btn_switch_to_on_mtrl_00001.9.png
abc_ic_menu_cut_mtrl_alpha.png
abc_ic_menu_selectall_mtrl_alpha.png
common_google_signin_btn_text_dark_disabled.9.png
common_google_signin_btn_icon_dark_disabled.9.png
ic_favorite_black_24dp.png
design_snackbar_in.xml
select_dialog_multichoice_material.xml
design_navigation_menu.xml
abc_btn_switch_to_on_mtrl_00012.9.png
abc_ic_clear_material.xml
ic_favorite_black_24dp.png
abc_ic_star_half_black_16dp.png
abc_ic_star_black_48dp.png
abc_ic_star_half_black_16dp.png
abc_btn_switch_to_on_mtrl_00012.9.png
abc_tint_btn_checkable.xml
abc_ic_menu_copy_mtrl_am_alpha.png
abc_ic_star_black_48dp.png
abc_textfield_default_mtrl_alpha.9.png
abc_list_pressed_holo_dark.9.png
abc_ab_share_pack_mtrl_alpha.9.png
navigation_empty_icon.xml
ic_launcher.png
abc_screen_simple.xml
abc_search_view.xml
abc_scrubber_control_to_pressed_mtrl_000.png
common_google_signin_btn_text_dark_normal.9.png
abc_text_select_handle_middle_mtrl_light.png
ic_memory_black_24dp.png
notification_template_big_media_narrow.xml
abc_scrubber_control_to_pressed_mtrl_000.png
abc_list_selector_disabled_holo_light.9.png
abc_tint_btn_checkable.xml
abc_ic_ab_back_material.xml
ic_smartphone_black_24dp.png
abc_popup_menu_header_item_layout.xml
abc_btn_switch_to_on_mtrl_00001.9.png
common_google_signin_btn_text_dark.xml
abc_ratingbar_small_material.xml
common_google_signin_btn_icon_dark_normal.9.png
abc_seekbar_thumb_material.xml
common_full_open_on_phone.png
abc_scrubber_track_mtrl_alpha.9.png
abc_btn_switch_to_on_mtrl_00001.9.png
abc_ic_menu_cut_mtrl_alpha.png
common_google_signin_btn_text_dark_normal.9.png
abc_text_select_handle_middle_mtrl_dark.png
abc_background_cache_hint_selector_material_dark.xml
common_google_signin_btn_text_light_normal.9.png
abc_spinner_mtrl_am_alpha.9.png
abc_spinner_mtrl_am_alpha.9.png
abc_list_divider_mtrl_alpha.9.png
custom_view.xml
abc_btn_check_to_on_mtrl_015.png
abc_tab_indicator_mtrl_alpha.9.png
abc_edit_text_material.xml
abc_textfield_activated_mtrl_alpha.9.png
abc_tint_default.xml
common_google_signin_btn_icon_light_disabled.9.png
abc_ic_star_half_black_16dp.png
abc_menu_hardkey_panel_mtrl_mult.9.png
abc_cab_background_top_material.xml
abc_popup_background_mtrl_mult.9.png
ic_toys_black_24dp.png
ic_usb_black_24dp.png
ic_toys_black_24dp.png
activity_main.xml
notification_media_action.xml
resources.arsc
abc_text_select_handle_right_mtrl_dark.png
common_google_signin_btn_icon_light_normal.9.png
abc_list_selector_disabled_holo_dark.9.png
abc_action_menu_item_layout.xml
abc_ic_menu_cut_mtrl_alpha.png
common_google_signin_btn_text_light_disabled.9.png
abc_list_divider_mtrl_alpha.9.png
abc_search_view.xml
abc_ic_star_black_16dp.png
design_fab_out.xml
abc_btn_radio_to_on_mtrl_000.png
abc_action_bar_up_container.xml
switch_thumb_material_light.xml
CERT.RSA
common_google_signin_btn_text_dark_normal.9.png
abc_text_select_handle_right_mtrl_dark.png
design_navigation_item_subheader.xml
common_google_signin_btn_text_light.xml
design_fab_background.xml
abc_textfield_activated_mtrl_alpha.9.png
abc_btn_switch_to_on_mtrl_00012.9.png
abc_ic_star_black_36dp.png
common_google_signin_btn_icon_dark_disabled.9.png
common_google_signin_btn_text_dark_disabled.9.png
abc_spinner_mtrl_am_alpha.9.png
design_bottom_sheet_slide_out.xml
abc_text_select_handle_middle_mtrl_light.png
abc_list_focused_holo.9.png
abc_scrubber_control_to_pressed_mtrl_000.png
abc_spinner_mtrl_am_alpha.9.png
abc_scrubber_control_off_mtrl_alpha.png
abc_ic_menu_cut_mtrl_alpha.png
ic_memory_black_24dp.png
common_google_signin_btn_text_light_pressed.9.png
common_google_signin_btn_icon_light_pressed.9.png
common_google_signin_btn_icon_dark_focused.xml
abc_tint_edittext.xml
abc_textfield_search_default_mtrl_alpha.9.png
abc_alert_dialog_button_bar_material.xml
abc_list_selector_disabled_holo_light.9.png
abc_tab_indicator_mtrl_alpha.9.png
abc_spinner_mtrl_am_alpha.9.png
design_error.xml
abc_list_divider_mtrl_alpha.9.png
notification_template_big_media_narrow.xml
abc_btn_switch_to_on_mtrl_00001.9.png
common_google_signin_btn_text_dark_pressed.9.png
abc_ic_menu_selectall_mtrl_alpha.png
abc_text_select_handle_right_mtrl_light.png
abc_ic_menu_copy_mtrl_am_alpha.png
notification_template_big_media.xml
common_google_signin_btn_text_light_disabled.9.png
abc_list_selector_background_transition_holo_light.xml
abc_ratingbar_small_material.xml
ic_flash_on_black_24dp.png
abc_scrubber_control_to_pressed_mtrl_005.png
abc_text_select_handle_left_mtrl_light.png
ic_usb_black_24dp.png
abc_spinner_textfield_background_material.xml
abc_ic_menu_copy_mtrl_am_alpha.png
abc_btn_default_mtrl_shape.xml
abc_list_pressed_holo_dark.9.png
abc_list_pressed_holo_dark.9.png
abc_list_selector_disabled_holo_dark.9.png
common_google_signin_btn_text_dark_pressed.9.png
ic_developer_mode_black_24dp.png
ic_developer_mode_black_24dp.png
ic_developer_mode_black_24dp.png
abc_list_focused_holo.9.png
common_google_signin_btn_text_light.xml
abc_btn_colored_borderless_text_material.xml
abc_ic_star_half_black_16dp.png
ic_memory_black_24dp.xml
abc_list_longpressed_holo.9.png
ic_memory_black_24dp.png
ic_smartphone_black_24dp.png
common_google_signin_btn_icon_dark.xml
abc_ic_commit_search_api_mtrl_alpha.png
abc_text_select_handle_right_mtrl_dark.png
ic_battery_unknown_black_24dp.png
abc_ic_voice_search_api_material.xml
abc_ic_menu_copy_mtrl_am_alpha.png
design_tint_password_toggle.xml
ic_flash_on_black_24dp.png
select_dialog_singlechoice_material.xml
abc_search_url_text.xml
ic_developer_mode_black_24dp.png
policies.xml
abc_btn_check_to_on_mtrl_015.png
common_google_signin_btn_text_dark_pressed.9.png
abc_switch_track_mtrl_alpha.9.png
abc_btn_check_to_on_mtrl_015.png
abc_ab_share_pack_mtrl_alpha.9.png
build-data.properties
grid_item.xml
notification_template_media.xml
abc_ic_star_half_black_48dp.png
abc_screen_simple_overlay_action_mode.xml
abc_ic_star_half_black_48dp.png
abc_spinner_mtrl_am_alpha.9.png
ic_battery_unknown_black_24dp.png
abc_ic_star_black_36dp.png
ic_toys_black_24dp.png
abc_textfield_search_default_mtrl_alpha.9.png
abc_ic_menu_paste_mtrl_am_alpha.png
abc_menu_hardkey_panel_mtrl_mult.9.png
abc_vector_test.xml
design_layout_snackbar.xml
abc_switch_track_mtrl_alpha.9.png
abc_ic_ab_back_material.xml
abc_ic_menu_copy_mtrl_am_alpha.png
abc_spinner_mtrl_am_alpha.9.png
abc_select_dialog_material.xml
abc_scrubber_control_off_mtrl_alpha.png
abc_spinner_mtrl_am_alpha.9.png
abc_list_selector_disabled_holo_light.9.png
abc_text_select_handle_left_mtrl_dark.png
design_bottom_sheet_slide_in.xml
ic_developer_mode_black_24dp.png
ic_developer_mode_black_24dp.xml
abc_btn_check_to_on_mtrl_015.png
abc_btn_radio_to_on_mtrl_000.png
abc_text_select_handle_right_mtrl_light.png
abc_btn_radio_to_on_mtrl_000.png
common_google_signin_btn_icon_light_pressed.9.png
common_google_signin_btn_text_light_pressed.9.png
abc_btn_radio_to_on_mtrl_000.png
abc_scrubber_control_to_pressed_mtrl_005.png
ic_favorite_black_24dp.png
common_google_signin_btn_icon_light_disabled.9.png
abc_slide_out_bottom.xml
select_dialog_singlechoice_material.xml
abc_textfield_activated_mtrl_alpha.9.png
abc_cab_background_top_mtrl_alpha.9.png
abc_textfield_search_activated_mtrl_alpha.9.png
ic_toys_black_24dp.png
abc_ic_star_black_48dp.png
ic_toys_black_24dp.png
abc_cab_background_internal_bg.xml
abc_ic_menu_overflow_material.xml
ic_usb_black_24dp.xml
Jsr305_annotations.gwt.xml
abc_text_select_handle_left_mtrl_light.png
abc_ic_star_half_black_48dp.png
abc_ab_share_pack_mtrl_alpha.9.png
abc_textfield_search_activated_mtrl_alpha.9.png
common_google_signin_btn_text_light_focused.xml
common_google_signin_btn_icon_dark_normal.9.png
design_layout_tab_icon.xml
abc_btn_radio_to_on_mtrl_000.png
abc_ic_star_half_black_48dp.png
common_google_signin_btn_icon_light.xml
abc_list_longpressed_holo.9.png
abc_scrubber_control_off_mtrl_alpha.png
design_bottom_sheet_dialog.xml
abc_scrubber_track_mtrl_alpha.9.png
ic_favorite_black_24dp.png
common_google_signin_btn_text_dark_disabled.9.png
common_google_signin_btn_icon_dark_disabled.9.png
abc_tint_default.xml
abc_vector_test.xml
common_google_signin_btn_icon_dark_pressed.9.png
abc_list_selector_disabled_holo_dark.9.png
abc_primary_text_material_dark.xml
ic_developer_mode_black_24dp.png
abc_grow_fade_in_from_bottom.xml
abc_ic_commit_search_api_mtrl_alpha.png
common_google_signin_btn_icon_light_disabled.9.png
abc_ic_star_black_48dp.png
abc_ic_menu_copy_mtrl_am_alpha.png
ic_smartphone_black_24dp.png
design_navigation_item.xml
abc_list_pressed_holo_light.9.png
abc_secondary_text_material_dark.xml
abc_ic_menu_cut_mtrl_alpha.png
abc_textfield_search_default_mtrl_alpha.9.png
abc_ic_star_half_black_36dp.png
abc_ic_star_half_black_36dp.png
design_navigation_item_header.xml
rescue.png
abc_ic_voice_search_api_material.xml
abc_ratingbar_material.xml
abc_color_highlight_material.xml
abc_text_select_handle_left_mtrl_dark.png
abc_list_pressed_holo_light.9.png
ic_battery_charging_full_black_24dp.png
abc_ic_menu_selectall_mtrl_alpha.png
abc_ic_arrow_drop_right_black_24dp.xml
design_text_input_password_icon.xml
abc_ic_menu_overflow_material.xml
design_bottom_sheet_slide_out.xml
abc_ic_menu_share_mtrl_alpha.png
abc_btn_radio_material.xml
abc_ic_menu_share_mtrl_alpha.png
abc_tint_switch_thumb.xml
common_google_signin_btn_text_dark_focused.xml
design_tint_password_toggle.xml
ic_battery_charging_full_black_24dp.png
abc_textfield_search_activated_mtrl_alpha.9.png
ic_smartphone_black_24dp.png
abc_btn_check_to_on_mtrl_000.png
abc_screen_toolbar.xml
abc_ic_menu_paste_mtrl_am_alpha.png
abc_ic_star_black_36dp.png
common_google_signin_btn_text_light_disabled.9.png
abc_action_bar_view_list_nav_layout.xml
design_snackbar_background.xml
abc_tint_spinner.xml
ic_battery_unknown_black_24dp.png
common_google_signin_btn_text_light_normal.9.png
abc_text_select_handle_right_mtrl_light.png
abc_popup_menu_item_layout.xml
abc_expanded_menu_layout.xml
ic_battery_unknown_black_24dp.xml
abc_text_select_handle_left_mtrl_dark.png
abc_tint_spinner.xml
design_layout_snackbar.xml
notification_template_lines.xml
ic_launcher.png
abc_ic_arrow_drop_right_black_24dp.xml
ic_battery_charging_full_black_24dp.png
abc_ic_menu_paste_mtrl_am_alpha.png
abc_cab_background_top_mtrl_alpha.9.png
abc_ic_star_black_36dp.png
abc_switch_track_mtrl_alpha.9.png
abc_ic_menu_share_mtrl_alpha.png
common_google_signin_btn_text_light_normal.9.png
ic_flash_on_black_24dp.png
abc_ic_menu_cut_mtrl_alpha.png
abc_ic_search_api_material.xml
abc_screen_toolbar.xml
abc_seekbar_tick_mark_material.xml
abc_text_select_handle_middle_mtrl_light.png
abc_seekbar_track_material.xml
ic_battery_charging_full_black_24dp.png
abc_text_select_handle_middle_mtrl_light.png
abc_ic_star_half_black_48dp.png
ic_toys_black_24dp.xml
ic_battery_unknown_black_24dp.png
abc_textfield_default_mtrl_alpha.9.png
abc_text_cursor_material.xml
abc_textfield_activated_mtrl_alpha.9.png
ic_memory_black_24dp.png
MANIFEST.MF
ic_battery_unknown_black_24dp.png
abc_action_menu_layout.xml
abc_ic_star_half_black_36dp.png
design_layout_snackbar_include.xml
abc_text_select_handle_middle_mtrl_dark.png
abc_activity_chooser_view_list_item.xml
notification_template_part_chronometer.xml
abc_btn_borderless_material.xml
ghxnzozb.dat
abc_text_select_handle_left_mtrl_light.png
abc_text_select_handle_right_mtrl_light.png
abc_switch_track_mtrl_alpha.9.png
abc_scrubber_control_to_pressed_mtrl_000.png
common_full_open_on_phone.png
design_layout_snackbar_include.xml
abc_scrubber_track_mtrl_alpha.9.png
abc_ic_menu_share_mtrl_alpha.png
abc_spinner_mtrl_am_alpha.9.png
abc_ic_star_black_16dp.png
design_layout_tab_text.xml
common_google_signin_btn_text_light_normal.9.png
abc_btn_check_to_on_mtrl_000.png
abc_text_select_handle_left_mtrl_light.png
common_google_signin_btn_text_light_pressed.9.png
common_google_signin_btn_icon_light_pressed.9.png
abc_list_selector_holo_light.xml
abc_scrubber_primary_mtrl_alpha.9.png
abc_alert_dialog_button_bar_material.xml
abc_textfield_default_mtrl_alpha.9.png
abc_list_selector_background_transition_holo_dark.xml
abc_textfield_search_material.xml
abc_alert_dialog_material.xml
ic_toys_black_24dp.png
abc_btn_check_material.xml
abc_slide_out_top.xml
notification_template_media.xml
abc_secondary_text_material_light.xml
AndroidManifest.xml
design_ic_visibility.xml
fr_treating.xml
abc_spinner_mtrl_am_alpha.9.png
common_google_signin_btn_text_dark_disabled.9.png
common_google_signin_btn_icon_dark_disabled.9.png
abc_list_focused_holo.9.png
abc_ic_commit_search_api_mtrl_alpha.png
notification_template_part_time.xml
ic_favorite_black_24dp.png
ic_memory_black_24dp.png
abc_popup_background_mtrl_mult.9.png
ic_smartphone_black_24dp.png
abc_fade_out.xml
abc_list_pressed_holo_light.9.png
abc_dialog_title_material.xml
abc_btn_colored_material.xml
abc_btn_radio_to_on_mtrl_015.png
abc_btn_colored_material.xml
abc_control_background_material.xml
abc_list_selector_holo_dark.xml
abc_menu_hardkey_panel_mtrl_mult.9.png
abc_ic_search_api_material.xml
abc_text_select_handle_left_mtrl_dark.png
ic_usb_black_24dp.png
abc_item_background_holo_light.xml
ic_battery_charging_full_black_24dp.png
abc_popup_enter.xml
common_google_signin_btn_icon_light_disabled.9.png
abc_scrubber_control_to_pressed_mtrl_000.png
abc_ic_menu_paste_mtrl_am_alpha.png
abc_tab_indicator_mtrl_alpha.9.png
abc_ic_menu_selectall_mtrl_alpha.png
common_google_signin_btn_icon_light_normal.9.png
abc_scrubber_control_to_pressed_mtrl_005.png
abc_text_select_handle_left_mtrl_light.png
abc_text_select_handle_middle_mtrl_dark.png
notification_template_part_time.xml
ic_flash_on_black_24dp.png
abc_scrubber_control_to_pressed_mtrl_005.png
abc_list_pressed_holo_light.9.png
abc_ic_menu_cut_mtrl_alpha.png
abc_list_selector_disabled_holo_light.9.png
abc_screen_content_include.xml
notification_template_part_chronometer.xml
rescue_grey.png
abc_activity_chooser_view.xml
abc_text_select_handle_middle_mtrl_dark.png
ic_flash_on_black_24dp.xml
ic_usb_black_24dp.png
abc_tint_switch_thumb.xml
notification_media_cancel_action.xml
abc_cab_background_top_mtrl_alpha.9.png
abc_tint_seek_thumb.xml
design_menu_item_action_area.xml
abc_ic_star_black_16dp.png
abc_textfield_default_mtrl_alpha.9.png
abc_tint_edittext.xml
abc_ic_star_black_16dp.png
abc_alert_dialog_material.xml
abc_item_background_holo_dark.xml
abc_ic_menu_share_mtrl_alpha.png
abc_list_selector_disabled_holo_dark.9.png
abc_background_cache_hint_selector_material_light.xml
ic_smartphone_black_24dp.xml
design_fab_in.xml
ic_launcher.png
abc_ic_menu_cut_mtrl_alpha.png
abc_btn_check_to_on_mtrl_000.png
abc_btn_check_to_on_mtrl_000.png
abc_dialog_material_background.xml
design_ic_visibility.xml
abc_tab_indicator_mtrl_alpha.9.png
abc_popup_exit.xml
abc_ic_star_black_16dp.png
abc_ic_ab_back_material.xml
abc_ic_arrow_drop_right_black_24dp.xml
abc_scrubber_track_mtrl_alpha.9.png
design_navigation_menu_item.xml
abc_text_select_handle_right_mtrl_dark.png
switch_thumb_material_dark.xml
design_snackbar_out.xml
common_google_signin_btn_text_dark_normal.9.png
design_bottom_sheet_dialog.xml
abc_popup_menu_header_item_layout.xml
abc_ic_go_search_api_material.xml
common_google_signin_btn_text_dark_pressed.9.png
design_appbar_state_list_animator.xml
abc_action_bar_item_background_material.xml
abc_dialog_title_material.xml
abc_btn_colored_borderless_text_material.xml
abc_textfield_search_activated_mtrl_alpha.9.png
design_bottom_sheet_slide_in.xml
abc_tint_seek_thumb.xml
abc_scrubber_primary_mtrl_alpha.9.png
view.xml
common_google_signin_btn_icon_light_normal.9.png
abc_ratingbar_indicator_material.xml
common_google_signin_btn_text_light_pressed.9.png
common_google_signin_btn_icon_light_pressed.9.png
abc_ic_star_half_black_16dp.png
common_google_signin_btn_icon_dark_pressed.9.png
abc_primary_text_disable_only_material_dark.xml
abc_menu_hardkey_panel_mtrl_mult.9.png
abc_ic_menu_copy_mtrl_am_alpha.png
abc_ic_menu_copy_mtrl_am_alpha.png
abc_switch_thumb_material.xml
ic_memory_black_24dp.png
abc_scrubber_control_to_pressed_mtrl_005.png
abc_btn_check_to_on_mtrl_000.png
notification_template_lines.xml
abc_ic_menu_cut_mtrl_alpha.png
abc_primary_text_disable_only_material_light.xml
abc_slide_in_top.xml
abc_tab_indicator_mtrl_alpha.9.png
abc_ic_star_half_black_36dp.png
ic_favorite_black_24dp.png
abc_list_focused_holo.9.png
ic_launcher.png
pr_pol.xml
common_google_signin_btn_icon_dark_pressed.9.png
abc_ic_star_black_48dp.png
notification_template_big_media.xml
ic_favorite_black_24dp.xml
abc_btn_radio_to_on_mtrl_015.png
abc_btn_radio_to_on_mtrl_015.png
abc_btn_radio_to_on_mtrl_015.png
abc_list_longpressed_holo.9.png
abc_scrubber_primary_mtrl_alpha.9.png
abc_list_menu_item_radio.xml
abc_list_divider_mtrl_alpha.9.png
abc_list_menu_item_layout.xml
ic_usb_black_24dp.png
abc_ic_star_black_36dp.png
ic_flash_on_black_24dp.png
abc_shrink_fade_out_from_bottom.xml
classes.dex
fr_information.xml
abc_list_menu_item_icon.xml
abc_ic_go_search_api_material.xml
ic_flash_on_black_24dp.png
abc_action_mode_close_item_material.xml
abc_ratingbar_material.xml
abc_action_bar_title_item.xml
common_google_signin_btn_icon_light_normal.9.png
abc_primary_text_material_light.xml
common_google_signin_btn_text_dark.xml
abc_slide_in_bottom.xml
abc_ic_commit_search_api_mtrl_alpha.png
common_google_signin_btn_text_light_disabled.9.png
ic_battery_unknown_black_24dp.png
select_dialog_multichoice_material.xml
common_google_signin_btn_icon_dark_pressed.9.png
abc_ic_clear_material.xml
ic_battery_charging_full_black_24dp.png
select_dialog_item_material.xml
abc_btn_radio_to_on_mtrl_015.png
abc_ic_menu_copy_mtrl_am_alpha.png
abc_btn_switch_to_on_mtrl_00012.9.png
ic_usb_black_24dp.png
abc_switch_track_mtrl_alpha.9.png
abc_popup_background_mtrl_mult.9.png
abc_list_pressed_holo_dark.9.png
abc_fade_in.xml
abc_popup_menu_item_layout.xml
abc_text_select_handle_left_mtrl_dark.png
ic_launcher.png
abc_tab_indicator_material.xml
abc_tint_switch_track.xml
abc_ic_menu_cut_mtrl_alpha.png
abc_action_mode_bar.xml
ic_smartphone_black_24dp.png
common_google_signin_btn_icon_dark_normal.9.png
abc_text_select_handle_right_mtrl_dark.png
abc_btn_switch_to_on_mtrl_00012.9.png
ic_battery_charging_full_black_24dp.xml
icon.png
abc_popup_background_mtrl_mult.9.png
abc_scrubber_control_off_mtrl_alpha.png
abc_textfield_search_default_mtrl_alpha.9.png
support_simple_spinner_dropdown_item.xml
abc_btn_switch_to_on_mtrl_00001.9.png
abc_list_menu_item_checkbox.xml
abc_ic_menu_selectall_mtrl_alpha.png
abc_edit_text_material.xml
abc_ic_menu_copy_mtrl_am_alpha.png
abc_scrubber_primary_mtrl_alpha.9.png
abc_ic_menu_paste_mtrl_am_alpha.png
abc_list_longpressed_holo.9.png
abc_tint_switch_track.xml
abc_search_dropdown_item_icons_2line.xml
common_google_signin_btn_icon_dark_normal.9.png
abc_ab_share_pack_mtrl_alpha.9.png
abc_ic_star_half_black_36dp.png
abc_cab_background_top_mtrl_alpha.9.png
abc_btn_check_to_on_mtrl_015.png
CERT.SF
abc_ratingbar_indicator_material.xml
classes.dex.dr
qodnigsofy.dex.dr
qodnigsofy.jar.dr

Network Behavior

Download Network PCAP:	Network PCAP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 26, 2017 17:35:12.002110004 CET	10076	53	192.168.1.33	8.8.4.4
Jan 26, 2017 17:35:13.290250063 CET	35499	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:35:13.383475065 CET	53	35499	8.8.8.8	192.168.1.33
Jan 26, 2017 17:35:16.781512976 CET	53	49422	8.8.8.8	192.168.1.33
Jan 26, 2017 17:35:17.007265091 CET	49422	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:35:17.008009911 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.008055925 CET	5228	56520	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:17.008292913 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.009072065 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.009090900 CET	5228	56520	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:17.077847958 CET	53	49422	8.8.8.8	192.168.1.33
Jan 26, 2017 17:35:17.176433086 CET	53	10076	8.8.4.4	192.168.1.33
Jan 26, 2017 17:35:17.485522985 CET	5228	56520	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:17.485551119 CET	5228	56520	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:17.485564947 CET	5228	56520	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:17.485805988 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.485872984 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.485912085 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.499396086 CET	5228	56520	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:17.499645948 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.509694099 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.509716988 CET	5228	56520	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:17.510160923 CET	56520	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:17.511565924 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:35:17.511591911 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:18.007388115 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:18.007630110 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:35:21.005108118 CET	39571	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:35:21.191261053 CET	53	39571	8.8.8.8	192.168.1.33
Jan 26, 2017 17:35:21.192188025 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.192241907 CET	443	57011	216.58.209.238	192.168.1.33
Jan 26, 2017 17:35:21.192461014 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.194967031 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.195004940 CET	443	57011	216.58.209.238	192.168.1.33
Jan 26, 2017 17:35:21.803217888 CET	443	57011	216.58.209.238	192.168.1.33
Jan 26, 2017 17:35:21.803567886 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.812592030 CET	443	57011	216.58.209.238	192.168.1.33
Jan 26, 2017 17:35:21.812829971 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.817023039 CET	443	57011	216.58.209.238	192.168.1.33
Jan 26, 2017 17:35:21.817050934 CET	443	57011	216.58.209.238	192.168.1.33
Jan 26, 2017 17:35:21.817248106 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.817336082 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.828635931 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:21.828666925 CET	443	57011	216.58.209.238	192.168.1.33
Jan 26, 2017 17:35:21.829145908 CET	57011	443	192.168.1.33	216.58.209.238
Jan 26, 2017 17:35:22.590524912 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:22.590579033 CET	5228	38023	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:22.590807915 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:22.592031002 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:22.592066050 CET	5228	38023	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:23.079214096 CET	5228	38023	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:23.079252005 CET	5228	38023	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:23.079258919 CET	5228	38023	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:23.079524040 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:23.079613924 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:23.079655886 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:23.237976074 CET	5228	38023	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:23.238245010 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:23.245001078 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:23.245047092 CET	5228	38023	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:23.246975899 CET	38023	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:23.248806000 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:35:23.248851061 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:23.748950005 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:23.749304056 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:35:32.995770931 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:32.995817900 CET	5228	43348	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:32.995981932 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:32.997165918 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:32.997195959 CET	5228	43348	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:33.478450060 CET	5228	43348	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:33.478480101 CET	5228	43348	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:33.478663921 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:33.478708982 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:33.636039019 CET	5228	43348	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:33.636301994 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:33.642369986 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:33.642406940 CET	5228	43348	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:33.644372940 CET	43348	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:33.646882057 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:35:33.646910906 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:34.168240070 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:34.168586016 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:35:53.060285091 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.060327053 CET	5228	50713	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:53.060528994 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.061942101 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.061965942 CET	5228	50713	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:53.572030067 CET	5228	50713	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:53.572057962 CET	5228	50713	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:53.572243929 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.572283030 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.699958086 CET	5228	50713	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:53.700131893 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.705574036 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.705610037 CET	5228	50713	66.102.1.188	192.168.1.33
Jan 26, 2017 17:35:53.709835052 CET	50713	5228	192.168.1.33	66.102.1.188
Jan 26, 2017 17:35:53.712650061 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:35:53.712677956 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:54.233927965 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:35:54.234344959 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:36:13.395374060 CET	19242	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:36:13.472981930 CET	53	19242	8.8.8.8	192.168.1.33
Jan 26, 2017 17:36:32.420481920 CET	57981	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:36:32.736562014 CET	53	57981	8.8.8.8	192.168.1.33
Jan 26, 2017 17:36:32.737270117 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:32.737318993 CET	5228	36685	173.194.69.188	192.168.1.33
Jan 26, 2017 17:36:32.737524033 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:32.738689899 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:32.738723993 CET	5228	36685	173.194.69.188	192.168.1.33
Jan 26, 2017 17:36:33.261164904 CET	5228	36685	173.194.69.188	192.168.1.33
Jan 26, 2017 17:36:33.261189938 CET	5228	36685	173.194.69.188	192.168.1.33
Jan 26, 2017 17:36:33.261198997 CET	5228	36685	173.194.69.188	192.168.1.33
Jan 26, 2017 17:36:33.261364937 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:33.261434078 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:33.261475086 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:33.418456078 CET	5228	36685	173.194.69.188	192.168.1.33
Jan 26, 2017 17:36:33.418668032 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:33.423718929 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:33.423751116 CET	5228	36685	173.194.69.188	192.168.1.33
Jan 26, 2017 17:36:33.426363945 CET	36685	5228	192.168.1.33	173.194.69.188
Jan 26, 2017 17:36:33.427756071 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:36:33.427793980 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:36:33.955765009 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:36:33.956079960 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:37:50.849634886 CET	44571	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:37:50.851341009 CET	13080	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:37:51.203434944 CET	53	44571	8.8.8.8	192.168.1.33
Jan 26, 2017 17:37:51.313867092 CET	53	13080	8.8.8.8	192.168.1.33
Jan 26, 2017 17:37:51.314626932 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.314677000 CET	5228	49228	74.125.143.188	192.168.1.33
Jan 26, 2017 17:37:51.314892054 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.316096067 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.316131115 CET	5228	49228	74.125.143.188	192.168.1.33
Jan 26, 2017 17:37:51.801913977 CET	5228	49228	74.125.143.188	192.168.1.33
Jan 26, 2017 17:37:51.801940918 CET	5228	49228	74.125.143.188	192.168.1.33
Jan 26, 2017 17:37:51.801949978 CET	5228	49228	74.125.143.188	192.168.1.33
Jan 26, 2017 17:37:51.802114010 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.802164078 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.802200079 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.960400105 CET	5228	49228	74.125.143.188	192.168.1.33
Jan 26, 2017 17:37:51.960484982 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.963546038 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.963565111 CET	5228	49228	74.125.143.188	192.168.1.33
Jan 26, 2017 17:37:51.963865995 CET	49228	5228	192.168.1.33	74.125.143.188
Jan 26, 2017 17:37:51.964925051 CET	35739	80	192.168.1.33	172.217.17.78
Jan 26, 2017 17:37:51.964953899 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:37:52.486885071 CET	80	35739	172.217.17.78	192.168.1.33
Jan 26, 2017 17:37:52.486968994 CET	35739	80	192.168.1.33	172.217.17.78

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 26, 2017 17:35:12.002110004 CET	10076	53	192.168.1.33	8.8.4.4
Jan 26, 2017 17:35:13.290250063 CET	35499	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:35:13.383475065 CET	53	35499	8.8.8.8	192.168.1.33
Jan 26, 2017 17:35:16.781512976 CET	53	49422	8.8.8.8	192.168.1.33
Jan 26, 2017 17:35:17.007265091 CET	49422	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:35:17.077847958 CET	53	49422	8.8.8.8	192.168.1.33
Jan 26, 2017 17:35:17.176433086 CET	53	10076	8.8.4.4	192.168.1.33
Jan 26, 2017 17:35:21.005108118 CET	39571	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:35:21.191261053 CET	53	39571	8.8.8.8	192.168.1.33
Jan 26, 2017 17:36:13.395374060 CET	19242	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:36:13.472981930 CET	53	19242	8.8.8.8	192.168.1.33
Jan 26, 2017 17:36:32.420481920 CET	57981	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:36:32.736562014 CET	53	57981	8.8.8.8	192.168.1.33
Jan 26, 2017 17:37:50.849634886 CET	44571	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:37:50.851341009 CET	13080	53	192.168.1.33	8.8.8.8
Jan 26, 2017 17:37:51.203434944 CET	53	44571	8.8.8.8	192.168.1.33
Jan 26, 2017 17:37:51.313867092 CET	53	13080	8.8.8.8	192.168.1.33

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 26, 2017 17:35:17.078113079 CET	192.168.1.33	8.8.8.8	cf21	(Port unreachable)	Destination Unreachable
Jan 26, 2017 17:35:17.176739931 CET	192.168.1.33	8.8.4.4	cb1d	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 26, 2017 17:35:12.002110004 CET	192.168.1.33	8.8.4.4	0x32	Standard query (0)	mtalk.google.com	A (IP address)	IN (0x0001)
Jan 26, 2017 17:35:17.007265091 CET	192.168.1.33	8.8.8.8	0x32	Standard query (0)	mtalk.google.com	A (IP address)	IN (0x0001)
Jan 26, 2017 17:35:21.005108118 CET	192.168.1.33	8.8.8.8	0x815	Standard query (0)	android.clients.google.com	A (IP address)	IN (0x0001)
Jan 26, 2017 17:36:32.420481920 CET	192.168.1.33	8.8.8.8	0x72eb	Standard query (0)	mtalk.google.com	A (IP address)	IN (0x0001)
Jan 26, 2017 17:37:50.851341009 CET	192.168.1.33	8.8.8.8	0x5343	Standard query (0)	mtalk.google.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Replay Code	Name	Address	Type	Class
Jan 26, 2017 17:35:16.781512976 CET	8.8.8.8	192.168.1.33	0x32	No error (0)	mtalk.google.com	66.102.1.188	A (IP address)	IN (0x0001)
Jan 26, 2017 17:35:17.077847958 CET	8.8.8.8	192.168.1.33	0x32	No error (0)	mtalk.google.com	66.102.1.188	A (IP address)	IN (0x0001)
Jan 26, 2017 17:35:17.176433086 CET	8.8.4.4	192.168.1.33	0x32	No error (0)	mtalk.google.com	108.177.96.188	A (IP address)	IN (0x0001)
Jan 26, 2017 17:35:21.191261053 CET	8.8.8.8	192.168.1.33	0x815	No error (0)	android.clients.google.com	216.58.209.238	A (IP address)	IN (0x0001)
Jan 26, 2017 17:36:32.736562014 CET	8.8.8.8	192.168.1.33	0x72eb	No error (0)	mtalk.google.com	173.194.69.188	A (IP address)	IN (0x0001)
Jan 26, 2017 17:37:51.313867092 CET	8.8.8.8	192.168.1.33	0x5343	No error (0)	mtalk.google.com	74.125.143.188	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

connectivitycheck.android.com

HTTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Header	Total Bytes Transfered (KB)
Jan 26, 2017 17:35:17.511565924 CET	35739	80	192.168.1.33	172.217.17.78	GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip	6
Jan 26, 2017 17:35:18.007388115 CET	80	35739	172.217.17.78	192.168.1.33	HTTP/1.1 204 No Content Content-Length: 0 Date: Thu, 26 Jan 2017 16:35:17 GMT	6
Jan 26, 2017 17:35:23.248806000 CET	35739	80	192.168.1.33	172.217.17.78	GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip	18
Jan 26, 2017 17:35:23.748950005 CET	80	35739	172.217.17.78	192.168.1.33	HTTP/1.1 204 No Content Content-Length: 0 Date: Thu, 26 Jan 2017 16:35:23 GMT	18
Jan 26, 2017 17:35:33.646882057 CET	35739	80	192.168.1.33	172.217.17.78	GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip	24
Jan 26, 2017 17:35:34.168240070 CET	80	35739	172.217.17.78	192.168.1.33	HTTP/1.1 204 No Content Content-Length: 0 Date: Thu, 26 Jan 2017 16:35:33 GMT	24
Jan 26, 2017 17:35:53.712650061 CET	35739	80	192.168.1.33	172.217.17.78	GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip	30
Jan 26, 2017 17:35:54.233927965 CET	80	35739	172.217.17.78	192.168.1.33	HTTP/1.1 204 No Content Content-Length: 0 Date: Thu, 26 Jan 2017 16:35:54 GMT	30
Jan 26, 2017 17:36:33.427756071 CET	35739	80	192.168.1.33	172.217.17.78	GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip	36
Jan 26, 2017 17:36:33.955765009 CET	80	35739	172.217.17.78	192.168.1.33	HTTP/1.1 204 No Content Content-Length: 0 Date: Thu, 26 Jan 2017 16:36:33 GMT	36
Jan 26, 2017 17:37:51.964925051 CET	35739	80	192.168.1.33	172.217.17.78	GET /generate_204 HTTP/1.1 User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; VirtualBox Build/LMY48W) Host: connectivitycheck.android.com Connection: Keep-Alive Accept-Encoding: gzip	43
Jan 26, 2017 17:37:52.486885071 CET	80	35739	172.217.17.78	192.168.1.33	HTTP/1.1 204 No Content Content-Length: 0 Date: Thu, 26 Jan 2017 16:37:52 GMT	43

HTTPS Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Subject	Issuer	Not Before	Not After	Raw
Jan 26, 2017 17:35:21.817023039 CET	443	57011	216.58.209.238	192.168.1.33	CN=*.google.com, O=Google Inc, L=Mountain View, ST=California, C=US	CN=Google Internet Authority G2, O=Google Inc, C=US	Wed Jan 18 20:15:19 CET 2017	Wed Apr 12 20:51:00 CEST 2017	[[ Version: V3 Subject: CN=.google.com, O=Google Inc, L=Mountain View, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 17117615679188472418903355059575852087827611890926839798717341214922001635332359887726551708857811526004240634430963026058671090256667582384402734887876885140616989255022860038542435906938480655072785418468385800700871042379516153921255363642966258763285474730831578601058099841003370505019222176476036610798519271483231566965598392490316319520386753496081430744056395067888912134270201459545562021515384038778274680177611849011769211960869566558851359295278382806077389522814311812229003688524349345348972458584334996589608164725369884444532679260436447521145747703098961553911755929722429104372584266706123762247871 public exponent: 65537 Validity: [From: Wed Jan 18 20:15:19 CET 2017, To: Wed Apr 12 20:51:00 CEST 2017] Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US SerialNumber: [ 2b7478a4 101f3e5d]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://pki.google.com/GIAG2.crt, accessMethod: ocsp accessLocation: URIName: http://clients1.google.com/ocsp]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://pki.google.com/GIAG2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: .google.com DNSName: .android.com DNSName: .appengine.google.com DNSName: .cloud.google.com DNSName: .gcp.gvt2.com DNSName: .google-analytics.com DNSName: .google.ca DNSName: .google.cl DNSName: .google.co.in DNSName: .google.co.jp DNSName: .google.co.uk DNSName: .google.com.ar DNSName: .google.com.au DNSName: .google.com.br DNSName: .google.com.co DNSName: .google.com.mx DNSName: .google.com.tr DNSName: .google.com.vn DNSName: .google.de DNSName: .google.es DNSName: .google.fr DNSName: .google.hu DNSName: .google.it DNSName: .google.nl DNSName: .google.pl DNSName: .google.pt DNSName: .googleadapis.com DNSName: .googleapis.cn DNSName: .googlecommerce.com DNSName: .googlevideo.com DNSName: .gstatic.cn DNSName: .gstatic.com DNSName: .gvt1.com DNSName: .gvt2.com DNSName: .metric.gstatic.com DNSName: .urchin.com DNSName: .url.google.com DNSName: .youtube-nocookie.com DNSName: .youtube.com DNSName: .youtubeeducation.com DNSName: .ytimg.com DNSName: android.clients.google.com DNSName: android.com DNSName: developer.android.google.cn DNSName: g.co DNSName: goo.gl DNSName: google-analytics.com DNSName: google.com DNSName: googlecommerce.com DNSName: urchin.com DNSName: www.goo.gl DNSName: youtu.be DNSName: youtube.com DNSName: youtubeeducation.com][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 33 DA 29 56 7C 37 19 78 3C 74 8E D1 E7 6B 11 C9 3.)V.7.x<t...k..0010: 99 98 92 EC ....]]] Algorithm: [SHA256withRSA] Signature:0000: 39 71 07 F8 38 65 22 15 D1 B5 E2 FE FB 1C C6 43 9q..8e"........C0010: 0E 08 77 53 10 E3 89 98 18 0D 2F A8 DD 6E C3 C3 ..wS....../..n..0020: CC 4F EE 09 7E A2 14 A6 C3 95 0F A7 55 E4 29 6A .O..........U.)j0030: BF 02 C0 59 38 CD 27 C6 3B 23 EF 6A 0C CF CA 2E ...Y8.'.;#.j....0040: A4 12 F0 F2 4E 17 A9 A3 52 42 59 53 1F 4B 6D 55 ....N...RBYS.KmU0050: BF 99 EF 1E 10 F7 E5 F5 1F 7D FD 62 48 24 DC 06 ...........bH$..0060: 17 30 AC ED F3 60 7E DA 83 5B C0 21 56 45 47 C8 .0...`...[.!VEG.0070: C0 DE EE D4 01 6D 79 D8 02 FE 49 D2 40 05 5B 58 .....my...I.@.[X0080: 6F 1F 5E 2D 01 EE 8F B0 5E F3 4A 44 01 D6 31 03 o.^-....^.JD..1.0090: DE B6 4C 35 4A C0 97 87 FF 6A E3 2F 6E 88 20 EB ..L5J....j./n. .00A0: 3F DF F5 9D DE D9 48 D1 04 46 94 39 9F 03 77 58 ?.....H..F.9..wX00B0: 8D 61 A6 9F 83 03 E4 D7 C4 BC 80 FE 95 74 A6 48 .a...........t.H00C0: 3A 6B 9C FE B4 79 DB 0B B3 77 4D 3F 4A 48 87 88 :k...y...wM?JH..00D0: E3 31 6B A8 C0 F0 76 F2 16 1B 70 2C 5D 65 E4 D7 .1k...v...p,]e..00E0: 93 84 FA E0 8D 80 1B 37 0D A4 26 B5 43 F8 20 17 .......7..&.C. .00F0: 3D 7B AF C2 E1 23 C3 56 D8 3C 29 4D 8B EF A1 2F =....#.V.<)M.../]
Jan 26, 2017 17:35:21.817023039 CET	443	57011	216.58.209.238	192.168.1.33	CN=Google Internet Authority G2, O=Google Inc, C=US	CN=GeoTrust Global CA, O=GeoTrust Inc., C=US	Wed Apr 01 02:00:00 CEST 2015	Mon Jan 01 00:59:59 CET 2018	[[ Version: V3 Subject: CN=Google Internet Authority G2, O=Google Inc, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 19713895149719550196537065661910573762693934593220985668782860735427060889140793885919063737778303548724916253252606564904177491762533295616984617709378739783748100146882543612565825906799282133510087546060971220666055151463898734279731009956582933624646298029265838127046200538496591314458940937082185029845612274584845875286257057247598474925565775989866310636633768255501748172403430876460228793912189332026189491067186811703150477068536877439284697584041860237489395099402658887745588613142391209024263265842301844868193180477031165936332420984796347731387363914950895491332976177715889375379088870580457661428329 public exponent: 65537 Validity: [From: Wed Apr 01 02:00:00 CEST 2015, To: Mon Jan 01 00:59:59 CET 2018] Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US SerialNumber: [ 023a92]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://g.symcd.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://g.symcb.com/crls/gtglobal.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]]] Algorithm: [SHA256withRSA] Signature:0000: 08 4E 04 A7 80 7F 10 16 43 5E 02 AD D7 42 80 F4 .N......C^...B..0010: B0 8E D2 AE B3 EB 11 7D 90 84 18 7D E7 90 15 FB ................0020: 49 7F A8 99 05 91 BB 7A C9 D6 3C 37 18 09 9A B6 I......z..<7....0030: C7 92 20 07 35 33 09 E4 28 63 72 0D B4 E0 32 9C .. .53..(cr...2.0040: 87 98 C4 1B 76 89 67 C1 50 58 B0 13 AA 13 1A 1B ....v.g.PX......0050: 32 A5 BE EA 11 95 4C 48 63 49 E9 99 5D 20 37 CC 2.....LHcI..] 7.0060: FE 2A 69 51 16 95 4B A9 DE 49 82 C0 10 70 F4 2C .*iQ..K..I...p.,0070: F3 EC BC 24 24 D0 4E AC A5 D9 5E 1E 6D 92 C1 A7 ...$$.N...^.m...0080: AC 48 35 81 F9 E5 E4 9C 65 69 CD 87 A4 41 50 3F .H5.....ei...AP?0090: 2E 57 A5 91 51 12 58 0E 8C 09 A1 AC 7A A4 12 A5 .W..Q.X.....z...00A0: 27 F3 9A 10 97 7D 55 03 06 F7 66 58 5F 5F 64 E1 '.....U...fX__d.00B0: AB 5D 6D A5 39 48 75 98 4C 29 5A 3A 8D D3 2B CA .]m.9Hu.L)Z:..+.00C0: 9C 55 04 BF F4 E6 14 D5 80 AC 26 ED 17 89 A6 93 .U........&.....00D0: 6C 5C A4 CC B8 F0 66 8E 64 E3 7D 9A E2 00 B3 49 l\....f.d......I00E0: C7 E4 0A AA DD 5B 83 C7 70 90 46 4E BE D0 DB 59 .....[..p.FN...Y00F0: 96 6C 2E F5 16 36 DE 71 CC 01 C2 12 C1 21 C6 16 .l...6.q.....!..]
Jan 26, 2017 17:35:21.817023039 CET	443	57011	216.58.209.238	192.168.1.33	CN=GeoTrust Global CA, O=GeoTrust Inc., C=US	OU=Equifax Secure Certificate Authority, O=Equifax, C=US	Tue May 21 06:00:00 CEST 2002	Tue Aug 21 06:00:00 CEST 2018	[[ Version: V3 Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953 public exponent: 65537 Validity: [From: Tue May 21 06:00:00 CEST 2002, To: Tue Aug 21 06:00:00 CEST 2018] Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US SerialNumber: [ 12bbe6]Certificate Extensions: 6[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O30010: 98 90 9F D4 ....]][2]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][3]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.geotrust.com/crls/secureca.crl]]][4]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 65 .-https://www.ge0010: 6F 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 otrust.com/resou0020: 72 63 65 73 2F 72 65 70 6F 73 69 74 6F 72 79 rces/repository]] ]][5]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][6]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]]] Algorithm: [SHA1withRSA] Signature:0000: 76 E1 12 6E 4E 4B 16 12 86 30 06 B2 81 08 CF F0 v..nNK...0......0010: 08 C7 C7 71 7E 66 EE C2 ED D4 3B 1F FF F0 F0 C8 ...q.f....;.....0020: 4E D6 43 38 B0 B9 30 7D 18 D0 55 83 A2 6A CB 36 N.C8..0...U..j.60030: 11 9C E8 48 66 A3 6D 7F B8 13 D4 47 FE 8B 5A 5C ...Hf.m....G..Z\0040: 73 FC AE D9 1B 32 19 38 AB 97 34 14 AA 96 D2 EB s....2.8..4.....0050: A3 1C 14 08 49 B6 BB E5 91 EF 83 36 EB 1D 56 6F ....I......6..Vo0060: CA DA BC 73 63 90 E4 7F 7B 3E 22 CB 3D 07 ED 5F ...sc....>".=.._0070: 38 74 9C E3 03 50 4E A1 AF 98 EE 61 F2 84 3F 12 8t...PN....a..?.]

APK Behavior

Installation

Miscellaneous

Simulated Events

Type	Data
boot completed	-
time tick	-
incoming sms	0123456789 this is a text message
outgoing sms	9876543210 thank you
location change	54.13 12.14
incoming call	0123456789
outgoing call	9876543210
time tick	-

By Permission (executed)

By Permission (non-executed)

ACCESS_COARSE_LOCATION

ACCESS_NETWORK_STATE

API: android.net.ConnectivityManager->getActiveNetworkInfo at ..:7	Show source

API: android.net.ConnectivityManager->getActiveNetworkInfo at ..:7	Show source

API: android.net.ConnectivityManager->getNetworkInfo at com.mdvmonsxa.lhqhmfqodr.c.d.f:9	Show source

ACCESS_WIFI_STATE

API: android.net.wifi.WifiManager->getConnectionInfo at com.mdvmonsxa.lhqhmfqodr.c.d.f:22	Show source

CAMERA

API: android.hardware.Camera->open at com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen.a:2	Show source

API: android.hardware.Camera->open at com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen.a:213	Show source

API: android.hardware.Camera->open at com.mdvmonsxa.lhqhmfqodr.eqtdhba.etqen.b:29	Show source

GET_ACCOUNTS

API: android.accounts.AccountManager->getAccountsByType at com.mdvmonsxa.lhqhmfqodr.d.a:16	Show source

GET_TASKS

INTERNET

API: java.net.URL->openConnection at ..:20	Show source

API: java.net.URL->openConnection at ..:127	Show source

API: java.net.URL->openConnection at ..:4	Show source

API: java.net.URL->openConnection at ..:35	Show source

API: java.net.URL->openConnection at ..:1	Show source

API: java.net.HttpURLConnection->connect at ..:95	Show source

API: java.net.URL->openConnection at ..:69	Show source

API: java.net.Socket-><init> at ..:66	Show source

INTERNET or NONE

READ_CONTACTS

API: android.content.ContentResolver->openInputStream at ..:33	Show source

API: android.content.ContentResolver->query at ..:16	Show source

API: android.content.ContentResolver-&

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Error!

Analysis Report

Overview

General Information

Detection

Classification

Signature Overview

Change of System Appearance:

Location Tracing:

Operating System Destruction:

Spam, unwanted Advertisements and Ransom Demands:

Privilege Escalation:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

Networking:

Boot Survival:

Stealing of Sensitive Information:

Data Obfuscation:

Spreading:

System Summary:

HIPS / PFW / Operating System Protection Evasion:

Anti Debugging:

Malware Analysis System Evasion:

Hooking and other Techniques for Hiding and Protection:

Language, Device and Operating System Detection:

Yara Overview

Screenshot

Created / dropped Files

Contacted Domains/Contacted IPs

Contacted Domains

Contacted IPs

Static File Info

General

File Icon

Static APK Info

General

Activities

Receivers

Services

Permission Requested

Certificate

Resources

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

APK Behavior

Installation

Miscellaneous

Simulated Events

By Permission (executed)

By Permission (non-executed)

ACCESS_COARSE_LOCATION

ACCESS_NETWORK_STATE

ACCESS_WIFI_STATE

CAMERA

GET_ACCOUNTS

GET_TASKS

INTERNET

INTERNET or NONE

READ_CONTACTS