NVISO ApkScan malware analysis report

September 17, 2019

 
General information
File namePlex_for_Android_v6.1_.1_.656_.apk
Other known file namesPlex_for_Android_v6.1_.1_.656_cracked_.apk
OriginManually uploaded by anonymous user [2019-07-31 19:56:03]
MD5 hash555380b3967e4b95aa166036491eab41
SHA256 hashb85fcb306d17027966e919c4d1afd2c122923aa8dc3b091dc7026a049bbcdc7d
File size31700 KB
WorkerNVISO_API_KALI_01
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
CHANGE_WIFI_MULTICAST_STATE Allows applications to enter Wi-Fi Multicast mode
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
INTERNET Allows applications to open network sockets.
READ_EXTERNAL_STORAGE Allows an application to read from external storage.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
BILLINGUnknown permission
C2D_MESSAGEUnknown permission
RECEIVEUnknown permission
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class com.plexapp.plex.services.SyncProgressService
Class com.plexapp.plex.services.cameraupload.CameraUploadMediaMonitorJob
Class com.plexapp.plex.services.cameraupload.CameraUploadService
Class com.plexapp.plex.application.FocusService
Class com.plexapp.plex.GCMIntentService
Class com.plexapp.plex.services.FriendsService
Class com.plexapp.plex.services.PlaybackNotificationsService
Class com.plexapp.plex.audioplayer.MediaBrowserAudioService
Class com.plexapp.plex.audioplayer.AudioService
Class com.plexapp.plex.services.SyncNowPlayingService
Class com.plexapp.plex.services.UpdateRecommendationsService
Class com.google.android.gms.measurement.AppMeasurementService
Virus Total scan results
WhiteArmorPUP.HighConfidence
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot or animated GIF of the analysed application

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the application. This can result in our report showing a different screen than the one you would see when starting the application.

Disk activity
Accessed files
Filename/data/data/com.plexapp.android/code_cache/secondary-dexes/com.plexapp.android-1.apk.classes-496567412.zip
Filename/data/data/com.plexapp.android/app_logs/log_0.txt
Filenamepipe:[5083]
Filename/data/data/com.plexapp.android/shared_prefs/com.plexapp.android.xml
Filename/data/data/com.plexapp.android/Resources/cacert.pem
Filename/data/data/com.plexapp.android/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.db
Filename/proc/1229/cmdline
Filename/proc/41/cmdline
Filename/data/data/com.plexapp.android/code_cache/secondary-dexes/com.plexapp.android-1.apk.classes2.zip
Filename/proc/4/cmdline
Filename/proc/1285/net/if_inet6
Filename/data/data/com.plexapp.android/shared_prefs/com.google.android.gms.measurement.prefs.xml
Filename/proc/1380/cmdline
Filename/data/data/com.plexapp.android/shared_prefs/com.plexapp.android_preferences.xml
Filename/proc/1176/cmdline
Filename/proc/9/cmdline
Filename/proc/464/cmdline
Filename/proc/28/cmdline
Filename/proc/29/cmdline
Filename/data/data/com.plexapp.android/shared_prefs/multidex.version.xml
Filename/proc/10/cmdline
Filename/proc/12/cmdline
Filename/sys/devices/virtual/net/lo/ifindex
Filename/proc/35/cmdline
Filename/proc/1301/cmdline
Filename/proc/802/cmdline
Filename/proc/677/cmdline
Filename/proc/917/cmdline
Filename/proc/11/cmdline
Filename/sys/devices/virtual/net/sit0/ifindex
Filename/proc/274/cmdline
Filename/proc/42/cmdline
Filename/data/data/com.plexapp.android/app_state/metrics.json
Filename/sys/devices/platform/smc91x.0/net/eth0/ifindex
Filename/proc/1297/cmdline
Filename/proc/14/cmdline
Filename/proc/1256/cmdline
Filename/proc/25/cmdline
Filename/proc/352/cmdline
Filenamepipe:[5088]
Filename/proc/45/cmdline
Filename/proc/13/cmdline
Filename/proc/692/cmdline
Filename/proc/273/cmdline
Filename/data/data/com.plexapp.android/Resources/rootCA.pem
Filename/proc/37/cmdline
Filename/proc/24/cmdline
Filename/proc/1080/cmdline
Filename/proc/494/cmdline
Filename/proc/622/cmdline
Filename/proc/782/cmdline
Filename/proc/27/cmdline
Filename/proc/6/cmdline
Filename/proc/576/cmdline
Filename/proc/1242/cmdline
Filename/proc/1285/cmdline
Filename/proc/30/cmdline
Filenamepipe:[4879]
Filename/proc/39/cmdline
Filename/proc/47/cmdline
Filename/proc/272/cmdline
Filename/proc/40/cmdline
Filename/proc/5/cmdline
Filename/proc/665/cmdline
Filename/proc/1129/cmdline
Filename/dev/urandom
Filename/proc/1364/cmdline
Filename/proc/735/cmdline
Filename/data/data/com.plexapp.android/Resources/dh512.pem
Filename/proc/7/cmdline
Filename/proc/26/cmdline
Filename/proc/3/cmdline
Filename/proc/34/cmdline
Filename/proc/8/cmdline
Filename/proc/33/cmdline
Filename/proc/479/cmdline
Filename/proc/1116/cmdline
Filename/data/anr/traces.txt
Filename/proc/1/cmdline
Filename/data/data/com.android.music/shared_prefs/Music.xml
Filename/proc/514/cmdline
Filename/proc/821/cmdline
Filename/data/data/com.android.vending/shared_prefs/finsky.xml
Filename/dev/input/event0
Filename/proc/584/cmdline
Filename/proc/1214/cmdline
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filename/proc/2/cmdline
Filename/proc/1303/cmdline
Network activity
Opened network connections
No network connections were opened.
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
No text messages were placed automatically.
Cryptographic activity
Used encryption keys
AlgorithmAES
Key36, -57, 9, -109, 23, -35, -100, -126, 82, -77, 52, 58, 62, 83, 62, -43, -77, 12, 98, -68, 47, -99, -92, 101, 48, 14, -101, 75, -25, -15, 1, -50
  
AlgorithmAES
Key40, -113, 54, 86, -94, 48, -63, -18, 7, -30, 118, 114, 43, 16, -77, -36, 10, 36, -72, -93, 54, -23, 79, 123, 70, -96, 19, -89, -78, -67, -120, -58
  
Encryption operations
AlgorithmAES
Data (ASCII)oneApp.entitledBySubscription
  
AlgorithmAES
Data (ASCII)JMcJkxfdnIJSszQ6PlM+1bMMYrwvnaRlMA6bS+fxAc4
  
AlgorithmAES
Data (ASCII)oneApp.entitledByInstallation
  
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
No network information leakage detected.
SMS information leakage
No SMS information leakage detected.
File information leakage
No file information leakage detected.
Miscellaneous
Started services
Service namecom.android.music.MediaPlaybackService
Output generated by ADB logcat
Download ADB logcat file (text format - 2105 KB)
report overview | terms & conditions | support & feedback | nviso.be