NVISO ApkScan malware analysis report

September 17, 2019

 
General information
File nameSmartSwitch.apk
Other known file namesNone
OriginManually uploaded by anonymous user [2019-07-31 19:56:03]
MD5 hash7851e21554f585b4699bcf054b04040f
SHA256 hashd1807a223bde70c4bc61f2d68b23a61cbfb9a44a7b967c7dc1c342dffc49d86c
File size15551.8 KB
WorkerNVISO_API_KALI_01
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_COARSE_LOCATION Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.
ACCESS_FINE_LOCATION Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.
ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
ACCESS_NETWORK_STATE Allows applications to access information about networks
ACCESS_SURFACE_FLINGER Allows an application to use SurfaceFlinger's low level features
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BROADCAST_STICKY Allows an application to broadcast sticky intents.
CALL_PHONE Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
CAMERA Required to be able to access the camera device.
CHANGE_NETWORK_STATE Allows applications to change network connectivity state
CHANGE_WIFI_MULTICAST_STATE Allows applications to enter Wi-Fi Multicast mode
CHANGE_WIFI_STATE Allows applications to change Wi-Fi connectivity state
DELETE_PACKAGES Allows an application to delete packages.
DISABLE_KEYGUARD Allows applications to disable the keyguard
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
INTERNET Allows applications to open network sockets.
MODIFY_AUDIO_SETTINGS Allows an application to modify global audio settings
MOUNT_UNMOUNT_FILESYSTEMS Allows mounting and unmounting file systems for removable storage.
READ_CALL_LOG Allows an application to read the user's call log.
READ_CONTACTS Allows an application to read the user's contacts data.
READ_SMS Allows an application to read SMS messages.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
RECEIVE_SMS Allows an application to monitor incoming SMS messages, to record or perform processing on them.
RECORD_AUDIO Allows an application to record audio
SYSTEM_ALERT_WINDOW Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.
READ_GSERVICESUnknown permission
RECORD_VIDEOUnknown permission
VIBRATE Allows access to the vibrator
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming
WRITE_CALL_LOG Allows an application to write (but not read) the user's contacts data.
WRITE_CONTACTS Allows an application to write (but not read) the user's contacts data.
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class object.p2pipcam.nativecaller.BridgeService
Virus Total scan results
No scan results received from VirusTotal.

This most probably means that the sample hash is not yet known by the VirusTotal scanners.
You can always upload this sample at VirusTotal.com manually (we do not share samples automatically with third parties).
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot or animated GIF of the analysed application

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the application. This can result in our report showing a different screen than the one you would see when starting the application.

Disk activity
Accessed files
Filename/proc/1254/cmdline
Filename/proc/1268/cmdline
Filename/data/data/com.lanbon.swit.smartswitch/shared_prefs/start.xml
Filename/proc/1298/cmdline
Filename/proc/1379/cmdline
Filename/proc/1308/cmdline
Filename/dev/input/event0
Filename/data/data/com.android.music/shared_prefs/Music.xml
Filename/proc/1227/cmdline
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filename/proc/1242/cmdline
Filename/proc/1311/cmdline
Filename/proc/1313/cmdline
Filename/data/data/com.android.vending/shared_prefs/finsky.xml
Network activity
Opened network connections
No network connections were opened.
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
No text messages were placed automatically.
Cryptographic activity
Used encryption keys
No cryptographic activity detected.
Encryption operations
No cryptographic activity detected.
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
No network information leakage detected.
SMS information leakage
No SMS information leakage detected.
File information leakage
No file information leakage detected.
Miscellaneous
Started services
Service nameobject.p2pipcam.nativecaller.BridgeService
Service namecom.android.music.MediaPlaybackService
Output generated by ADB logcat
Download ADB logcat file (text format - 951 KB)
report overview | terms & conditions | support & feedback | nviso.be