NVISO ApkScan malware analysis report

February 23, 2019

 
General information
File nameSimple2048_1.5_apk-dl_.com_.apk
Other known file namesNone
OriginManually uploaded by anonymous user [2016-05-10 13:14:24]
MD5 hash5d42c18b7ad0b1c1dede3f909c0269bf
SHA256 hash04a2bb37acc06d9b1e32589ff8e0c13783b59f667d319464d7a465ef121354ba
File size941.92 KB
WorkerNVISO_API_KALI_01
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_NETWORK_STATE Allows applications to access information about networks
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
INTERNET Allows applications to open network sockets.
READ_PHONE_STATE Allows read only access to phone state.
READ_SMS Allows an application to read SMS messages.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
RECEIVE_SMS Allows an application to monitor incoming SMS messages, to record or perform processing on them.
SEND_SMS Allows an application to send SMS messages.
SYSTEM_ALERT_WINDOW Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class com.uberspot.a2048.Cool.Services.SystemService
Class com.uberspot.a2048.Cool.Services.StartService
Class com.uberspot.a2048.Cool.Services.OverlayViewService
Virus Total scan results
No scan results received from VirusTotal.

This most probably means that the sample hash is not yet known by the VirusTotal scanners.
You can always upload this sample at VirusTotal.com manually (we do not share samples automatically with third parties).
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot or animated GIF of the analysed application

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the application. This can result in our report showing a different screen than the one you would see when starting the application.

Disk activity
Accessed files
Filename/proc/1396/cmdline
Filenamepipe:[3769]
Filenamepipe:[3430]
Filenamepipe:[3719]
Filename/data/data/com.fa.simple2048/files/AF_INSTALLATION
Filenamepipe:[3888]
Filename/proc/1280/cmdline
Filename/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Filenamepipe:[3432]
Filenamepipe:[3721]
Filenamepipe:[3884]
Filenamepipe:[3529]
Filenamepipe:[3761]
Filenamepipe:[3720]
Filenamepipe:[3794]
Filenamepipe:[3828]
Filenamepipe:[3774]
Filenamepipe:[3492]
Filenamepipe:[3756]
Filenamepipe:[3431]
Filenamepipe:[3509]
Filenamepipe:[3868]
Filename/data/data/com.android.musicfx/shared_prefs/musicfx.xml
Filenamepipe:[3806]
Filename/proc/meminfo
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filename/proc/1547/cmdline
Filenamepipe:[3856]
Filenamepipe:[3482]
Filename/proc/1217/cmdline
Filenamepipe:[3765]
Filenamepipe:[3513]
Filename/proc/1413/cmdline
Filenamepipe:[3811]
Filenamepipe:[3836]
Filenamepipe:[3786]
Filenamepipe:[3880]
Filename/data/data/com.android.vending/shared_prefs/finsky.xml
Filenamepipe:[3824]
Filenamepipe:[3848]
Filename/data/data/com.fa.simple2048/shared_prefs/MY_PREF.xml
Filenamepipe:[3504]
Filenamepipe:[3488]
Filename/proc/1232/cmdline
Filenamepipe:[3525]
Filenamepipe:[3469]
Filenamepipe:[3474]
Filenamepipe:[3816]
Filename/dev/input/event0
Filenamepipe:[3496]
Filename/data/data/com.android.music/shared_prefs/Music.xml
Filenamepipe:[3478]
Filenamepipe:[3790]
Filenamepipe:[3483]
Filenamepipe:[3820]
Filenamepipe:[3832]
Filenamepipe:[3748]
Filenamepipe:[3757]
Filename/proc/1268/cmdline
Filenamepipe:[3782]
Filenamepipe:[3752]
Filename/proc/1287/cmdline
Filenamepipe:[3876]
Filenamepipe:[3743]
Filename/proc/1308/cmdline
Filenamepipe:[3517]
Filenamepipe:[3864]
Filenamepipe:[3852]
Filenamepipe:[3533]
Filenamepipe:[3872]
Filenamepipe:[3844]
Filenamepipe:[3500]
Filenamepipe:[3860]
Filenamepipe:[3778]
Filenamepipe:[3840]
Filenamepipe:[3798]
Filenamepipe:[3802]
Filename/proc/1285/cmdline
Filename/proc/1577/cmdline
Filenamepipe:[3510]
Filenamepipe:[3521]
Network activity
Opened network connections
Destination54.72.230.77:443File descriptor32
Destination54.72.230.77:443File descriptor23
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
No text messages were placed automatically.
Cryptographic activity
Used encryption keys
No cryptographic activity detected.
Encryption operations
No cryptographic activity detected.
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
No network information leakage detected.
SMS information leakage
No SMS information leakage detected.
File information leakage
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c6e756c6c206e
  
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c737472696e67
  
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c696e74206e61
  
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c696e74206e61
  
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c737472696e67
  
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c696e74206e61
  
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c737472696e67
  
Path/data/data/com.fa.simple2048/shared_prefs/appsflyer-data.xml
Operationwrite
TagTAINT_IMEI
Data (ASCII)
Data (RAW)3c3f786d6c2076657273696f6e3d27312e302720656e636f64696e673d277574662d3827207374616e64616c6f6e653d2779657327203f3e0a3c6d61703e0a3c6e756c6c206e616d653d22494e5354414c4c5f53544f524522202f3e0a3c696e74206e61
  
Miscellaneous
Started services
Service namecom.android.musicfx.Compatibility$Service
Service namecom.uberspot.a2048.Cool.Services.StartService
Service namecom.android.music.MediaPlaybackService
Service namecom.uberspot.a2048.Cool.Services.SystemService
Output generated by ADB logcat
Download ADB logcat file (text format - 248 KB)
report overview | terms & conditions | support & feedback | nviso.be