NVISO ApkScan malware analysis report

October 18, 2018

 
General information
File nameNewKingrootV4.52_C127_B227_xda_release_2015_09_28_105243_.apk
Other known file namesKingroot_v4.5_.2_build928_(One_Click_Root)_.apk, NewKingrootV4.5_.2_.apk
OriginManually uploaded by anonymous user [2017-07-08 23:23:24]
MD5 hash9660d89810ceaeba61b382f55d4ed35e
SHA256 hashcc4bcff8991af0293d14c6354c087d9d422fd309e5b12dc7c324a3aef527c27f
File size5463.61 KB
WorkerNVISO_API_KALI_01
Static malware analysis
Android manifest (AndroidManifest.xml)
Permissions
ACCESS_MOCK_LOCATION Allows an application to create mock location providers for testing
ACCESS_NETWORK_STATE Allows applications to access information about networks
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BLUETOOTH Allows applications to connect to paired bluetooth devices
CAMERA Required to be able to access the camera device.
CHANGE_NETWORK_STATE Allows applications to change network connectivity state
CHANGE_WIFI_MULTICAST_STATE Allows applications to enter Wi-Fi Multicast mode
CHANGE_WIFI_STATE Allows applications to change Wi-Fi connectivity state
DIAGNOSTIC Allows applications to RW to diagnostic resources.
GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
GET_TASKS Allows an application to get information about the currently or recently running tasks.
INSTALL_PACKAGES Allows an application to install packages.
INTERNET Allows applications to open network sockets.
MOUNT_UNMOUNT_FILESYSTEMS Allows mounting and unmounting file systems for removable storage.
READ_LOGS Allows an application to read the low-level system log files.
READ_PHONE_STATE Allows read only access to phone state.
RECEIVE_BOOT_COMPLETED Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
SYSTEM_ALERT_WINDOW Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.
ACCESS_CACHE_FILESYSTEMUnknown permission
ACCESS_MTK_MMHWUnknown permission
activityCalledUnknown permission
REQUESTUnknown permission
WAKE_LOCK Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
Services
Class com.kingroot.kinguser.service.SuNotifyService
Class com.kingroot.kinguser.service.SuService
Class com.kingroot.kinguser.service.KingRootAppListService
Class com.kingroot.kinguser.service.KuCommonService
Virus Total scan results
AegisLabAndroid.Kingroot.Gen|2|5!c
AhnLab-V3Android-AppCare/Kingroot.10206
Antiy-AVLTrojan/AndroidOS.TSGeneric
AVGAndroid/Deng.MAT
AVwarePUP.AndroidOS.kingroot
CAT-QuickHealAndroid.Rooter.E (PUP)
ClamAVAndr.Malware.Agent-1575530
CyrenAndroidOS/GenPua.2EEB5CF0!Olympus
ESET-NOD32a variant of Android/DroidRooter.AG potentially unsafe
FortinetAdware/DrdDream!Android
IkarusPUA.AndroidOS.DroidRooter
McAfeeArtemis!9660D89810CE
McAfee-GW-EditionArtemis
NANO-AntivirusTrojan.Android.Rooter.drlftw
RisingMalware.Undefined!8.C-ou89kRN2wkI (cloud)
SophosAndroid KingRoot (PUA)
ZonerExploit.AndroidOS.Droidrooter.A
Disassembled source code
Hardcoded URL's
Dynamic malware analysis
Screenshot or animated GIF of the analysed application

Random artificial input is provided to the scanned applications during dynamic analysis, in order to mimic a human being using and interacting with the application. This can result in our report showing a different screen than the one you would see when starting the application.

Disk activity
Accessed files
Filename/data/data/com.kingroot.kinguser/applib/kmPlugins.apk
Filename/data/data/com.kingroot.kinguser/app_kpex/kp_plugin_kingroot.p
Filename/data/data/com.kingroot.kinguser/applib/kd
Filename/data/data/com.kingroot.kinguser/applib/libhxy.so
Filename/data/data/com.kingroot.kinguser/applib/ktools
Filename/data/data/com.kingroot.kinguser/shared_prefs/switchStats.xml
Filename/data/data/com.kingroot.kinguser/applib/su
Filenamepipe:[3502]
Filenamepipe:[3459]
Filename/data/data/com.kingroot.kinguser/applib/libNativeRQD.so
Filename/data/data/com.kingroot.kinguser/applib/otasurvival.sh
Filename/data/data/com.android.music/shared_prefs/Music.xml
Filename/data/data/com.kingroot.kinguser/files/tsset.dat
Filenamepipe:[3461]
Filenamepipe:[3460]
Filenamepipe:[3477]
Filenamepipe:[3501]
Filename/data/data/com.kingroot.kinguser/shared_prefs/actionStats.xml
Filename/data/data/com.kingroot.kinguser/files/cl.conf
Filename/proc/1397/cmdline
Filenamepipe:[3541]
Filenamepipe:[3503]
Filename/data/data/com.kingroot.kinguser/shared_prefs/DENGTA_META.xml
Filename/data/data/com.kingroot.kinguser/app_workspace/app/com.kingroot.RushRoot-2372037120.apk
Filename/data/data/com.kingroot.kinguser/files/kulibs.conf
Filename/dev/input/event0
Filenamepipe:[3478]
Filename/data/data/com.kingroot.kinguser/shared_prefs/RootManagerSetting.xml
Filename/proc/meminfo
Filename/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml
Filenamepipe:[3542]
Filename/proc/version
Filename/proc/1212/cmdline
Filenamepipe:[3510]
Filename/data/data/com.kingroot.kinguser/shared_prefs/ImmediaDataStats.xml
Filename/data/data/com.kingroot.kinguser/files/40251.dat
Filenamepipe:[3511]
Filename/proc/1301/cmdline
Filenamepipe:[3479]
Filenamepipe:[3619]
Filename/proc/1324/cmdline
Filenamepipe:[3651]
Filenamepipe:[3509]
Filenamepipe:[3613]
Filenamepipe:[3571]
Filename/proc/1282/cmdline
Filenamepipe:[3573]
Filename/data/data/com.kingroot.kinguser/files/xda_config.dat
Filenamepipe:[3552]
Filenamepipe:[3551]
Filenamepipe:[3572]
Filename/data/data/com.kingroot.kinguser/files/40246.xdat
Filename/data/data/com.android.vending/shared_prefs/finsky.xml
Filenamepipe:[3650]
Filenamepipe:[3649]
Filename/proc/1348/cmdline
Filename/proc/1254/cmdline
Filenamepipe:[3614]
Filenamepipe:[3543]
Filename/proc/1227/cmdline
Filenamepipe:[3620]
Filename/proc/1299/cmdline
Filename/proc/1239/cmdline
Filename/proc/1295/cmdline
Network activity
Opened network connections
Destination163.177.67.189:80File descriptor67
Destination163.177.67.189:80File descriptor71
Automatically placed calls and text messages
Placed phone calls
No phone calls were placed automatically.
Sent SMS messages
No text messages were placed automatically.
Cryptographic activity
Used encryption keys
AlgorithmAES
Key51, 69, 66, 52, 67, 67, 67, 51, 57, 53, 67, 68, 67, 67, 50, 50, 57, 69, 51, 52, 48, 48, 57, 52, 70, 49, 65, 57, 55, 49, 66, 50
  
AlgorithmDES
Key42, 94, 64, 75, 35, 75, 64, 33
  
AlgorithmDES
Key83, 40, 64, 76, 64, 76, 64, 41
  
Encryption operations
No cryptographic activity detected.
Decryption operations
No cryptographic activity detected.
Information leakage
Network information leakage
No network information leakage detected.
SMS information leakage
No SMS information leakage detected.
File information leakage
No file information leakage detected.
Miscellaneous
Started services
Service namecom.kingroot.kinguser.service.SuService
Service namecom.android.music.MediaPlaybackService
Output generated by ADB logcat
Download ADB logcat file (text format - 5730 KB)
report overview | terms & conditions | support & feedback | nviso.be