ID: Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version:

Size: px

Start display at page:

Download "ID: Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version:"

Dayna Susanna Ellis
5 years ago
Views:

1 ID: Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version:

2 Table of Contents Table of Contents Analysis Report Overview General Information Detection Classification Signature Overview AV Detection: Location Traci: Privilege Escalation: Networki: Remote Access Functionality: Steali of Sensitive Information: Data Obfuscation: Spreadi: System Summary: Malware Analysis System Evasion: Hooki and other Techniques for Hidi and Protection: Lauage, Device and Operati System Detection: Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains URLs Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Screenshots Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Public Static File Info General File Icon Static APK Info General Activities Receivers Services Permission Requested Certificate Resources Network Behavior Network Port Distribution TCP Packets UDP Packets APK Behavior Copyright Joe Security LLC 2018 Page 2 of 22

3 Installation Miscellaneous By Permission (executed) By Permission (non-executed) By Class (executed) By Class (non-executed) By API Disassembly 0 Executed Methods 0 Non-Executed Methods Copyright Joe Security LLC 2018 Page 3 of 22

Analysis Report Overview General Information Joe Sandbox Version: 22.0.0 Analysis ID: 61542 Start time: 12:51:18 Joe Sandbox Product: CloudBasic Start date: 29.05.

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 12:51:18 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 3m 12s false light badoo.apk Analysis system description: Android 6.0 Detection: Classification: Warnis: defaultandroidfilecookbook.jbs MAL Show All An application runtime error occurred No interacted views No simulation commands forwarded to apk Not all resource files were parsed Report size exceeded maximum capacity and may have missi dynamic data code. Detection Strategy Score Rae Reporti Detection Threshold Report FP / FN Classification Copyright Joe Security LLC 2018 Page 4 of 22

Ransomware Miner Spreadi malicious malicious malicious Evader Phishi

Spyware Trojan / Bot Adware Signature Overview Detection AV Traci

of Sensitive Information Steali Obfuscation Data Spreadi Summary

and Protection Hooki Lauage, Device and Operati System Detection

5 Ransomware Miner Spreadi malicious malicious malicious Evader Phishi suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Signature Overview Detection AV Traci Location Escalation Privilege Networki Access Functionality Remote of Sensitive Information Steali Obfuscation Data Spreadi Summary System Analysis System Evasion Malware and other Techniques for Hidi and Protection Hooki Lauage, Device and Operati System Detection Click to jump to signature section Copyright Joe Security LLC 2018 Page 5 of 22

6 AV Detection: Antivirus detection for submitted file Multi AV Scanner detection for submitted file Location Traci: Queries the phones location (GPS) Privilege Escalation: Checks if the device administrator is active Tries to add a new device administrator Networki: Checks an internet connection is available Opens an internet connection Scans for WIFI networks Urls found in memory or binary data Uses HTTP for connecti to the internet Remote Access Functionality: Uses DownloadManager to fetch additional components Steali of Sensitive Information: Has permission to read the phones state (phone number, device IDs, active call ect.) Queries a list of installed applications Queries list of installed packages Has permission to query the current location Data Obfuscation: Obfuscates method names Uses reflection Spreadi: Has permission to chae the WIFI configuration includi connecti and disconnecti Accesses external storage location System Summary: Requests potentially daerous permissions Classification label Creates SQLiteDatabase table Loads native libraries Reads shares settis Malware Analysis System Evasion: Accesses android OS build fields Queries several sensitive phone informations Queries the unique operati system id (ANDROID_ID) Copyright Joe Security LLC 2018 Page 6 of 22

7 May try to detect the virtual machine to hinder analysis (VM artifact stris found in memory) Hooki and other Techniques for Hidi and Protection: Uses Crypto APIs Lauage, Device and Operati System Detection: Checks if phone is rooted (checks for Superuser.apk) Queries the SIM provider name (SPN - Service Provider Name) Queries the SIM provider numeric MCC+MNC (mobile country code + mobile network code) Queries the network MAC address Queries the network operator name Queries the network operator numeric MCC+MNC (mobile country code + mobile network code) Queries the unqiue device ID (IMEI, MEID or ESN) Antivirus Detection Initial Sample Source Detection Scanner Label Link badoo.apk 48% virustotal Browse badoo.apk 100% Avira ANDROID/FakeApp.BM.G en Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains No Antivirus matches URLs No Antivirus matches Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Copyright Joe Security LLC 2018 Page of 22

Unpacked PEs No yara matches Screenshots Created / dropped Files /data/user/0/com.smart.storeapp/files/okefsdpgq File Type: Size (bytes): 645968 Entropy (8bit): 6.

8 Unpacked PEs No yara matches Screenshots Created / dropped Files /data/user/0/com.smart.storeapp/files/okefsdpgq File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]= aa60b0 cb2b200cb0f9b8a32ae039d9, stripped false FA0FA9AFFAD40B33B0A6FD5B81513 BDE3DC64F6C5C285A461A9188C5B218BE55D24 A5C36E43584FDEACAC903B0CBAF49FA55232BAE6EEBD39043E0B5F80513F E3AC9F61A6D03B358C58A8AF54FA45DD65CB4C3269FEF3D41F3AC108B50A260E32C15E33EF34D1558DA4CA2 8E9DF28CA9F56BBC4540C29C8D305A405DA false low Contacted Domains/Contacted IPs Contacted Domains No contacted domains info Contacted IPs Copyright Joe Security LLC 2018 Page 8 of 22

9 No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 5% 5% < No. of IPs Public IP Country Flag ASN ASN Name Malicious Reserved unknown unknown false United States GOOGLE-GoogleIncUS false Static File Info General File type: Zip archive data, at least v2.0 to extract Entropy (8bit): TrID: Android Package (19004/1) 49.99% Java Archive (13504/1) 35.53% ZIP compressed archive (4004/1) 10.53% Java Script embedded in Visual Basic Script (1500/0) 3.95% File name: badoo.apk File size: MD5: SHA1: SHA256: SHA512: bc4b19e15addf8c42f813120a880f fca468aa b22b99f4e1086 0d3d63b5d59fb60ecd944d adee58093f9adb3b ddbdbd8dfed458b1e 245a8e401096c3689fa8991de982463cd53e6faba50 541efa5b6ea0c21a38360c3efaafbdade0b1ecd1af22e 38695f42f94aefded828c5b956d4304ee File Content Preview: PK...!...AndroidManifest.xml.XKL.W.> =...UFt..._...?.H.h/0.d %.;..0PNt... File Icon Static APK Info Copyright Joe Security LLC 2018 Page 9 of 22

10 General Label: Play Store Minimum SDK required: 15 Target SDK required: 22 Version Code: 3 Version Name: 3 Package Name: com.smart.storeapp Is Activity: true Is Receiver: true Is Service: true Requests System Level Permissions: false Play Store Compatible: true Activities Name com.smart.storeappcom.smart.storeapp.playappandroid com.smart.storeappcom.lanolated.misanthropia.filesactivity com.smart.storeappcom.lanolated.misanthropia.contactivity Is Entrypoint true Receivers com.lanolated.misanthropia.connchaedreceiver com.smart.storeapp.deviceadmincustomreceiver com.yandex.metrica.metricaeventhandler Intent: android.net.conn.connectivity_change, android.intent.action.user_present Intent: android.app.action.device_admin_enabled Intent: com.android.vendi.install_referrer Services com.lanolated.misanthropia.thewlikepsychalservice com.yandex.metrica.metricaservice Intent: com.yandex.metrica.imetricaservice (Priority 0) Permission Requested android.permission.access_coarse_location android.permission.access_fine_location android.permission.access_network_state android.permission.access_wifi_state android.permission.change_network_state android.permission.change_wifi_state android.permission.internet android.permission.read_external_storage android.permission.read_phone_state android.permission.write_external_storage Certificate Name: Issuer: Subject: classes.dex C=PY C=PY Resources Name Type Size design_navigation_item_separator.x ml data 480 abc_btn_switch_to_on_mtrl_ PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced 2259 abc_ic_menu_cut_mtrl_alpha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 380 abc_ic_menu_selectall_mtrl_alpha.p PNG image data, 2 x 2, 8-bit colormap, non-interlaced 322 design_snackbar_in.xml data 320 ic_chevron_left_white_24px PNG image data, 36 x 36, 8-bit colormap, non-interlaced 229 select_dialog_multichoice_material.x ml data 88 design_navigation_menu.xml data 528 Copyright Joe Security LLC 2018 Page 10 of 22

11 Name Type Size abc_btn_switch_to_on_mtrl_ PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced 3853 abc_ic_star_half_black_16dp PNG image data, 32 x 32, 8-bit colormap, non-interlaced 431 abc_ic_star_half_black_16dp PNG image data, 64 x 64, 8-bit colormap, non-interlaced 31 abc_btn_switch_to_on_mtrl_ PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced 1124 abc_ic_menu_copy_mtrl_am_alpha. p abc_textfield_default_mtrl_alpha.9.p PNG image data, 96 x 96, 8-bit colormap, non-interlaced 398 PNG image data, 12 x 11, 8-bit/color RGBA, non-interlaced 185 abc_list_pressed_holo_dark.9 PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 214 abc_ab_share_pack_mtrl_alpha.9.pn g PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced 29 abc_screen_simple.xml data 82 abc_search_view.xml data 3648 abc_scrubber_control_to_pressed_m trl_000 notification_template_big_media_nar row.xml abc_scrubber_control_to_pressed_m trl_000 PNG image data, 24 x 24, 8-bit colormap, non-interlaced 398 data 1920 PNG image data, 12 x 12, 8-bit colormap, non-interlaced 202 ic_chevron_left_white_24px PNG image data, 24 x 24, 8-bit colormap, non-interlaced 19 abc_list_selector_disabled_holo_ligh t.9 abc_ic_go_search_api_mtrl_alpha.p PNG image data, 21 x 63, 8-bit/color RGBA, non-interlaced 240 PNG image data, 16 x 16, 8-bit colormap, non-interlaced 148 abc_btn_switch_to_on_mtrl_ PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced 3524 abc_ratibar_small_material.xml data 812 abc_seekbar_thumb_material.xml data 1232 abc_scrubber_track_mtrl_alpha.9.pn g PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced 20 abc_btn_switch_to_on_mtrl_ PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced 104 abc_ic_menu_cut_mtrl_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 692 abc_ic_menu_moreoverflow_mtrl_al pha abc_background_cache_hint_select or_material_dark.xml PNG image data, 36 x 36, 8-bit colormap, non-interlaced 189 data 42 abc_spinner_mtrl_am_alpha.9 PNG image data, 36 x 48, 8-bit/color RGBA, non-interlaced 489 abc_spinner_mtrl_am_alpha.9 PNG image data, 2 x 96, 8-bit/color RGBA, non-interlaced 513 abc_list_divider_mtrl_alpha.9 PNG image data, 1 x 1, 8-bit grayscale, non-interlaced 16 abc_btn_check_to_on_mtrl_015 PNG image data, 64 x 64, 8-bit colormap, non-interlaced 555 abc_tab_indicator_mtrl_alpha.9 PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 192 abc_ic_voice_search_api_mtrl_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 18 abc_edit_text_material.xml data 1360 abc_textfield_activated_mtrl_alpha.9 PNG image data, 38 x 33, 8-bit/color RGBA, non-interlaced 202 abc_ic_star_half_black_16dp PNG image data, 16 x 16, 8-bit colormap, non-interlaced 253 abc_menu_hardkey_panel_mtrl_mult.9 abc_cab_background_top_material.x ml abc_popup_background_mtrl_mult.9. p PNG image data, 64 x 24, 8-bit/color RGBA, non-interlaced 589 data 412 PNG image data, 96 x 48, 8-bit/color RGBA, non-interlaced 1256 notification_media_action.xml data 616 resources.arsc data abc_list_selector_disabled_holo_dar k.9 PNG image data, 13 x 41, 8-bit/color RGBA, non-interlaced 226 abc_action_menu_item_layout.xml data 804 abc_ic_menu_cut_mtrl_alpha PNG image data, 36 x 36, 8-bit colormap, non-interlaced 584 abc_list_divider_mtrl_alpha.9 PNG image data, 2 x 2, 8-bit grayscale, non-interlaced 11 abc_search_view.xml data 3696 abc_ic_star_black_16dp PNG image data, 48 x 48, 8-bit colormap, non-interlaced 892 design_fab_out.xml data 688 abc_btn_radio_to_on_mtrl_000 PNG image data, 64 x 64, 8-bit colormap, non-interlaced 830 abc_action_bar_up_container.xml data 448 switch_thumb_material_light.xml data 468 Copyright Joe Security LLC 2018 Page 11 of 22

12 Name Type Size design_navigation_item_subheader. xml data 52 design_fab_background.xml data 436 abc_textfield_activated_mtrl_alpha.9 PNG image data, 19 x 16, 8-bit/color RGBA, non-interlaced 192 DTKVW2CQ.RSA data 10 abc_btn_switch_to_on_mtrl_ PNG image data, 81 x 81, 8-bit gray+alpha, non-interlaced 2804 abc_ic_star_black_36dp PNG image data, 36 x 36, 8-bit colormap, non-interlaced 08 abc_spinner_mtrl_am_alpha.9 PNG image data, 2 x 96, 8-bit/color RGBA, non-interlaced 518 abc_ic_menu_moreoverflow_mtrl_al pha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 354 design_bottom_sheet_slide_out.xml data 620 abc_list_focused_holo.9 PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 258 abc_scrubber_control_to_pressed_m trl_000 PNG image data, 48 x 48, 8-bit colormap, non-interlaced 665 abc_spinner_mtrl_am_alpha.9 PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced 340 abc_scrubber_control_off_mtrl_alpha PNG image data, 18 x 48, 8-bit colormap, non-interlaced 25 abc_ic_menu_cut_mtrl_alpha PNG image data, 36 x 36, 8-bit colormap, non-interlaced 583 ic_chevron_right_white_24px PNG image data, 24 x 24, 8-bit colormap, non-interlaced 188 abc_textfield_search_default_mtrl_al pha.9 PNG image data, 12 x 3, 8-bit/color RGBA, non-interlaced 180 abc_alert_dialog_button_bar_materia data 1692 l.xml abc_list_selector_disabled_holo_ligh t.9 PNG image data, 42 x 126, 8-bit/color RGBA, non-interlaced 305 abc_tab_indicator_mtrl_alpha.9 PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced 210 abc_btn_rati_star_off_mtrl_alpha. p PNG image data, 2 x 2, 8-bit colormap, non-interlaced 158 abc_ic_clear_mtrl_alpha PNG image data, 36 x 36, 8-bit colormap, non-interlaced 29 abc_spinner_mtrl_am_alpha.9 PNG image data, 54 x 2, 8-bit/color RGBA, non-interlaced 595 abc_list_divider_mtrl_alpha.9 PNG image data, 1 x 1, 8-bit grayscale, non-interlaced 16 DTKVW2CQ.SF ASCII text, with CRLF line terminators notification_template_big_media_nar row.xml abc_btn_switch_to_on_mtrl_ data 1660 PNG image data, 81 x 81, 8-bit/color RGBA, non-interlaced 355 abc_ic_menu_copy_mtrl_am_alpha. p abc_ic_menu_selectall_mtrl_alpha.p PNG image data, 24 x 24, 8-bit colormap, non-interlaced 13 PNG image data, 96 x 96, 8-bit colormap, non-interlaced 388 notification_template_big_media.xml data 1640 ic_refresh_white_24px.xml data 1116 abc_list_selector_background_transi tion_holo_light.xml data 508 abc_ratibar_small_material.xml data 60 abc_scrubber_control_to_pressed_m trl_005 PNG image data, 2 x 2, 8-bit colormap, non-interlaced 386 abc_spinner_textfield_background_ material.xml abc_ic_menu_copy_mtrl_am_alpha. p data 1328 PNG image data, 24 x 24, 8-bit colormap, non-interlaced 16 abc_btn_default_mtrl_shape.xml data 1092 abc_ic_menu_moreoverflow_mtrl_al pha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 21 abc_list_pressed_holo_dark.9 PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 221 abc_list_pressed_holo_dark.9 PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced 211 abc_list_selector_disabled_holo_dar k.9 PNG image data, 21 x 63, 8-bit/color RGBA, non-interlaced 239 abc_list_focused_holo.9 PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 261 abc_ic_ab_back_mtrl_am_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 42 abc_btn_rati_star_off_mtrl_alpha. p PNG image data, 144 x 144, 8-bit colormap, non-interlaced 2264 abc_ic_clear_mtrl_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 364 storeapp.dat data abc_ic_star_half_black_16dp PNG image data, 24 x 24, 8-bit colormap, non-interlaced 349 abc_list_lopressed_holo.9 PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced 211 abc_ic_ab_back_mtrl_am_alpha PNG image data, 36 x 36, 8-bit colormap, non-interlaced 383 Copyright Joe Security LLC 2018 Page 12 of 22

13 Name Type Size abc_ic_commit_search_api_mtrl_alp PNG image data, 64 x 64, 8-bit colormap, non-interlaced 325 ha abc_ic_menu_copy_mtrl_am_alpha. p PNG image data, 48 x 48, 8-bit colormap, non-interlaced 236 abc_ic_ab_back_mtrl_am_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 245 select_dialog_silechoice_material. xml data 82 ic_refresh_white_24px PNG image data, 48 x 48, 8-bit colormap, non-interlaced 596 abc_search_url_text.xml data 596 abc_switch_track_mtrl_alpha.9 PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced 428 abc_btn_check_to_on_mtrl_015 PNG image data, 96 x 96, 8-bit colormap, non-interlaced 24 abc_btn_check_to_on_mtrl_015 PNG image data, 32 x 32, 8-bit colormap, non-interlaced 428 abc_ab_share_pack_mtrl_alpha.9.pn g PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced 24 notification_template_media.xml data 1428 abc_screen_simple_overlay_action_ mode.xml data 828 abc_spinner_mtrl_am_alpha.9 PNG image data, 36 x 48, 8-bit/color RGBA, non-interlaced 483 abc_ic_star_black_36dp PNG image data, 54 x 54, 8-bit colormap, non-interlaced 94 abc_ic_menu_moreoverflow_mtrl_al pha abc_textfield_search_default_mtrl_al pha.9 PNG image data, 2 x 2, 8-bit colormap, non-interlaced 282 PNG image data, 18 x 5, 8-bit/color RGBA, non-interlaced 182 abc_ic_menu_paste_mtrl_am_alpha. p abc_menu_hardkey_panel_mtrl_mult.9 PNG image data, 36 x 36, 8-bit colormap, non-interlaced 359 PNG image data, 96 x 36, 8-bit/color RGBA, non-interlaced 81 ic_not_interested_white_24px PNG image data, 48 x 48, 8-bit colormap, non-interlaced 698 design_layout_snackbar.xml data 528 abc_switch_track_mtrl_alpha.9 PNG image data, 35 x 25, 8-bit/color RGBA, non-interlaced 538 abc_ic_voice_search_api_mtrl_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 120 abc_ic_menu_copy_mtrl_am_alpha. p PNG image data, 2 x 2, 8-bit colormap, non-interlaced 34 abc_spinner_mtrl_am_alpha.9 PNG image data, 2 x 36, 8-bit/color RGBA, non-interlaced 368 ic_chevron_right_white_24px PNG image data, 36 x 36, 8-bit colormap, non-interlaced 230 abc_ic_go_search_api_mtrl_alpha.p PNG image data, 32 x 32, 8-bit colormap, non-interlaced 18 abc_select_dialog_material.xml data 68 abc_scrubber_control_off_mtrl_alpha PNG image data, 24 x 64, 8-bit colormap, non-interlaced 344 abc_spinner_mtrl_am_alpha.9 PNG image data, 2 x 36, 8-bit/color RGBA, non-interlaced 36 abc_list_selector_disabled_holo_ligh t.9 PNG image data, 13 x 41, 8-bit/color RGBA, non-interlaced 22 design_bottom_sheet_slide_in.xml data 620 abc_btn_check_to_on_mtrl_015 PNG image data, 128 x 128, 8-bit colormap, non-interlaced 550 abc_ic_search_api_mtrl_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 31 abc_btn_radio_to_on_mtrl_000 PNG image data, 48 x 48, 8-bit colormap, non-interlaced 621 abc_btn_radio_to_on_mtrl_000 PNG image data, 96 x 96, 8-bit colormap, non-interlaced 1248 abc_btn_radio_to_on_mtrl_000 PNG image data, 32 x 32, 8-bit colormap, non-interlaced 428 abc_scrubber_control_to_pressed_m trl_005 PNG image data, 54 x 54, 8-bit colormap, non-interlaced 810 abc_slide_out_bottom.xml data 400 select_dialog_silechoice_material. xml abc_textfield_activated_mtrl_alpha.9 abc_cab_background_top_mtrl_alph a.9 data 88 PNG image data, 12 x 11, 8-bit/color RGBA, non-interlaced 186 PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 234 abc_ratibar_full_material.xml data 664 abc_textfield_search_activated_mtrl _alpha.9 PNG image data, 12 x 3, 8-bit/color RGBA, non-interlaced 181 ic_chevron_left_white_24px PNG image data, 2 x 2, 8-bit colormap, non-interlaced 28 abc_cab_background_internal_bg.x ml data 436 abc_ic_voice_search_api_mtrl_alpha abc_ab_share_pack_mtrl_alpha.9.pn g PNG image data, 24 x 24, 8-bit colormap, non-interlaced 403 PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 305 Copyright Joe Security LLC 2018 Page 13 of 22

14 Name Type Size abc_textfield_search_activated_mtrl _alpha.9 PNG image data, 24 x 6, 8-bit/color RGBA, non-interlaced 190 ic_not_interested_white_24px PNG image data, 18 x 18, 8-bit colormap, non-interlaced 30 design_layout_tab_icon.xml data 368 abc_btn_radio_to_on_mtrl_000 PNG image data, 128 x 128, 8-bit colormap, non-interlaced 1013 abc_btn_rati_star_off_mtrl_alpha. p PNG image data, 96 x 96, 8-bit colormap, non-interlaced 213 abc_list_lopressed_holo.9 PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 212 abc_scrubber_control_off_mtrl_alpha PNG image data, 36 x 96, 8-bit colormap, non-interlaced 396 abc_scrubber_track_mtrl_alpha.9.pn g PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced 201 ic_refresh_white_24px PNG image data, 36 x 36, 8-bit colormap, non-interlaced 46 abc_list_selector_disabled_holo_dar k.9 PNG image data, 28 x 84, 8-bit/color RGBA, non-interlaced 254 abc_primary_text_material_dark.xml data 468 abc_grow_fade_in_from_bottom.xml data 860 abc_ic_commit_search_api_mtrl_alp ha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 225 abc_dialog_material_background_da rk.xml data 844 abc_ic_menu_copy_mtrl_am_alpha. p PNG image data, 2 x 2, 8-bit colormap, non-interlaced 344 design_navigation_item.xml data 536 abc_list_pressed_holo_light.9 PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced 211 abc_secondary_text_material_dark.x ml data 468 abc_ic_menu_cut_mtrl_alpha PNG image data, 2 x 2, 8-bit colormap, non-interlaced 932 abc_textfield_search_default_mtrl_al pha.9 PNG image data, 36 x 10, 8-bit/color RGBA, non-interlaced 196 abc_ic_star_half_black_36dp PNG image data, 2 x 2, 8-bit colormap, non-interlaced 83 abc_ic_star_half_black_36dp PNG image data, 144 x 144, 8-bit colormap, non-interlaced 1328 design_navigation_item_header.xml data 448 abc_dialog_material_background_lig ht.xml data 844 abc_color_highlight_material.xml data 548 abc_list_pressed_holo_light.9 PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 212 abc_ic_menu_selectall_mtrl_alpha.p PNG image data, 36 x 36, 8-bit colormap, non-interlaced 269 design_bottom_sheet_slide_out.xml data 620 abc_ic_menu_share_mtrl_alpha PNG image data, 36 x 36, 8-bit colormap, non-interlaced 91 abc_btn_radio_material.xml data 560 abc_ic_menu_share_mtrl_alpha PNG image data, 2 x 2, 8-bit colormap, non-interlaced 1291 ic_chevron_left_white_24px PNG image data, 96 x 96, 8-bit colormap, non-interlaced 295 abc_textfield_search_activated_mtrl _alpha.9 PNG image data, 36 x 10, 8-bit/color RGBA, non-interlaced 193 abc_btn_check_to_on_mtrl_000 PNG image data, 48 x 48, 8-bit colormap, non-interlaced 305 abc_screen_toolbar.xml data 1580 abc_ic_menu_paste_mtrl_am_alpha. p PNG image data, 2 x 2, 8-bit colormap, non-interlaced 510 abc_ic_star_black_36dp PNG image data, 144 x 144, 8-bit colormap, non-interlaced 2088 abc_action_bar_view_list_nav_layou t.xml data 396 design_snackbar_background.xml data 564 ic_chevron_left_white_24px.xml data 2 ic_refresh_white_24px PNG image data, 2 x 2, 8-bit colormap, non-interlaced 818 abc_popup_menu_item_layout.xml data 1548 abc_expanded_menu_layout.xml data 396 design_layout_snackbar.xml data 528 notification_template_lines.xml data 2848 abc_cab_background_top_mtrl_alph a.9 PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced 229 abc_ic_menu_paste_mtrl_am_alpha. p PNG image data, 96 x 96, 8-bit colormap, non-interlaced 664 ic_not_interested_white_24px PNG image data, 36 x 36, 8-bit colormap, non-interlaced 541 abc_ic_star_black_36dp PNG image data, 2 x 2, 8-bit colormap, non-interlaced 1234 ic_not_interested_white_24px PNG image data, 2 x 2, 8-bit colormap, non-interlaced 1082 ic_not_interested_white_24px PNG image data, 24 x 24, 8-bit colormap, non-interlaced 40 abc_switch_track_mtrl_alpha.9 PNG image data, 4 x 32, 8-bit/color RGBA, non-interlaced 41 Copyright Joe Security LLC 2018 Page 14 of 22

15 Name Type Size abc_ic_menu_share_mtrl_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 1558 abc_ic_menu_cut_mtrl_alpha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 36 abc_screen_toolbar.xml data 1632 abc_seekbar_track_material.xml data 1532 abc_textfield_default_mtrl_alpha.9.p PNG image data, 19 x 16, 8-bit/color RGBA, non-interlaced 198 abc_text_cursor_material.xml data 600 abc_textfield_activated_mtrl_alpha.9 PNG image data, 25 x 22, 8-bit/color RGBA, non-interlaced 198 abc_ic_search_api_mtrl_alpha PNG image data, 36 x 36, 8-bit colormap, non-interlaced 59 abc_ic_search_api_mtrl_alpha PNG image data, 2 x 2, 8-bit colormap, non-interlaced 1030 abc_ic_search_api_mtrl_alpha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 389 MANIFEST.MF ASCII text, with CRLF line terminators abc_action_menu_layout.xml data 584 abc_ic_star_half_black_36dp PNG image data, 108 x 108, 8-bit colormap, non-interlaced 1101 design_layout_snackbar_include.xml data 1336 abc_activity_chooser_view_list_item. xml data 122 abc_ic_ab_back_mtrl_am_alpha PNG image data, 36 x 36, 8-bit colormap, non-interlaced 38 abc_ic_ab_back_mtrl_am_alpha PNG image data, 2 x 2, 8-bit colormap, non-interlaced 46 notification_template_part_chronome ter.xml data 660 abc_btn_borderless_material.xml data 00 ic_not_interested_white_24px PNG image data, 96 x 96, 8-bit colormap, non-interlaced 1204 abc_scrubber_control_to_pressed_m trl_000 PNG image data, 18 x 18, 8-bit colormap, non-interlaced 20 abc_switch_track_mtrl_alpha.9 PNG image data, 1 x 48, 8-bit/color RGBA, non-interlaced 1060 design_layout_snackbar_include.xml data 1240 abc_ic_menu_share_mtrl_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 918 abc_scrubber_track_mtrl_alpha.9.pn g PNG image data, 30 x 36, 8-bit/color RGBA, non-interlaced 212 abc_spinner_mtrl_am_alpha.9 PNG image data, 54 x 2, 8-bit/color RGBA, non-interlaced 593 abc_ic_star_black_16dp PNG image data, 24 x 24, 8-bit colormap, non-interlaced 493 design_layout_tab_text.xml data 444 abc_btn_check_to_on_mtrl_000 PNG image data, 64 x 64, 8-bit colormap, non-interlaced 353 abc_ic_search_api_mtrl_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 132 abc_list_selector_holo_light.xml data 1208 abc_scrubber_primary_mtrl_alpha.9. p PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced 219 abc_alert_dialog_button_bar_materia data 1648 l.xml abc_textfield_default_mtrl_alpha.9.p PNG image data, 38 x 33, 8-bit/color RGBA, non-interlaced 204 ic_launcher PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced 1662 abc_list_selector_background_transi tion_holo_dark.xml data 508 abc_textfield_search_material.xml data 880 abc_alert_dialog_material.xml data 3328 abc_ic_ab_back_mtrl_am_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 239 abc_btn_check_material.xml data 560 ic_not_interested_white_24px.xml data 1192 abc_slide_out_top.xml data 400 notification_template_media.xml data 1336 abc_secondary_text_material_light.x ml data 468 AndroidManifest.xml data 308 abc_spinner_mtrl_am_alpha.9 PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced 342 abc_list_focused_holo.9 PNG image data, 6 x 6, 8-bit/color RGBA, non-interlaced 228 abc_ic_commit_search_api_mtrl_alp ha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 305 notification_template_part_time.xml data 660 abc_ic_clear_mtrl_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 565 abc_popup_background_mtrl_mult.9. p PNG image data, 64 x 32, 8-bit/color RGBA, non-interlaced 850 abc_fade_out.xml data 396 abc_list_pressed_holo_light.9 PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 214 abc_background_cache_hint_select or_material_light.xml data 344 Copyright Joe Security LLC 2018 Page 15 of 22

16 Name Type Size abc_dialog_title_material.xml data 1156 abc_ic_clear_mtrl_alpha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 235 abc_btn_colored_material.xml data 1908 abc_btn_radio_to_on_mtrl_015 PNG image data, 64 x 64, 8-bit colormap, non-interlaced 995 abc_btn_colored_material.xml data 428 abc_ic_ab_back_mtrl_am_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 424 abc_control_background_material.x ml abc_ic_go_search_api_mtrl_alpha.p data 380 PNG image data, 24 x 24, 8-bit colormap, non-interlaced 146 abc_list_selector_holo_dark.xml data 1208 abc_menu_hardkey_panel_mtrl_mult.9 PNG image data, 192 x 2, 8-bit/color RGBA, non-interlaced 181 abc_item_background_holo_light.xm l abc_btn_rati_star_off_mtrl_alpha. p data 1136 PNG image data, 48 x 48, 8-bit colormap, non-interlaced 1330 abc_popup_enter.xml data 512 abc_background_cache_hint_select or_material_dark.xml data 344 abc_ic_menu_paste_mtrl_am_alpha. p abc_scrubber_control_to_pressed_m trl_000 PNG image data, 24 x 24, 8-bit colormap, non-interlaced 233 PNG image data, 36 x 36, 8-bit colormap, non-interlaced 588 abc_tab_indicator_mtrl_alpha.9 PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced 208 abc_ic_menu_selectall_mtrl_alpha.p PNG image data, 24 x 24, 8-bit colormap, non-interlaced 185 abc_scrubber_control_to_pressed_m trl_005 PNG image data, 36 x 36, 8-bit colormap, non-interlaced 556 notification_template_part_time.xml data 616 abc_scrubber_control_to_pressed_m trl_005 PNG image data, 18 x 18, 8-bit colormap, non-interlaced 28 content_main.xml data 2348 abc_ic_menu_cut_mtrl_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 119 abc_list_pressed_holo_light.9 PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 221 abc_list_selector_disabled_holo_ligh t.9 PNG image data, 28 x 84, 8-bit/color RGBA, non-interlaced 253 abc_screen_content_include.xml data 556 notification_template_part_chronome ter.xml data 616 abc_activity_chooser_view.xml data 128 abc_btn_rati_star_on_mtrl_alpha.p PNG image data, 2 x 2, 8-bit colormap, non-interlaced 1056 notification_media_cancel_action.xm l data 92 abc_cab_background_top_mtrl_alph a.9 PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced 246 design_menu_item_action_area.xml data 328 abc_ic_star_black_16dp PNG image data, 16 x 16, 8-bit colormap, non-interlaced 359 abc_textfield_default_mtrl_alpha.9.p PNG image data, 25 x 22, 8-bit/color RGBA, non-interlaced 19 abc_ic_star_black_16dp PNG image data, 64 x 64, 8-bit colormap, non-interlaced 1131 abc_alert_dialog_material.xml data 3284 abc_item_background_holo_dark.xm l data 1136 abc_btn_rati_star_on_mtrl_alpha.p PNG image data, 96 x 96, 8-bit colormap, non-interlaced 1523 abc_ic_menu_share_mtrl_alpha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 544 abc_list_selector_disabled_holo_dar k.9 abc_background_cache_hint_select or_material_light.xml PNG image data, 42 x 126, 8-bit/color RGBA, non-interlaced 30 data 42 design_fab_in.xml data 688 abc_ic_menu_cut_mtrl_alpha PNG image data, 48 x 48, 8-bit colormap, non-interlaced 690 abc_btn_check_to_on_mtrl_000 PNG image data, 96 x 96, 8-bit colormap, non-interlaced 368 abc_btn_check_to_on_mtrl_000 PNG image data, 32 x 32, 8-bit colormap, non-interlaced 288 abc_tab_indicator_mtrl_alpha.9 PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 199 abc_popup_exit.xml data 512 abc_ic_star_black_16dp PNG image data, 32 x 32, 8-bit colormap, non-interlaced 655 ic_chevron_right_white_24px PNG image data, 48 x 48, 8-bit colormap, non-interlaced 240 Copyright Joe Security LLC 2018 Page 16 of 22

17 Name Type Size ic_chevron_right_white_24px PNG image data, 96 x 96, 8-bit colormap, non-interlaced 311 abc_scrubber_track_mtrl_alpha.9.pn g PNG image data, 10 x 12, 8-bit/color RGBA, non-interlaced 19 design_navigation_menu_item.xml data 864 switch_thumb_material_dark.xml data 468 design_snackbar_out.xml data 320 design_bottom_sheet_dialog.xml data 992 abc_action_bar_item_background_m aterial.xml data 336 abc_dialog_title_material.xml data 1112 abc_textfield_search_activated_mtrl _alpha.9 PNG image data, 18 x 5, 8-bit/color RGBA, non-interlaced 182 design_bottom_sheet_slide_in.xml data 620 abc_scrubber_primary_mtrl_alpha.9. p PNG image data, 30 x 36, 8-bit/color RGBA, non-interlaced 218 abc_ratibar_indicator_material.xml data 812 abc_ic_star_half_black_16dp PNG image data, 48 x 48, 8-bit colormap, non-interlaced 584 ic_chevron_left_white_24px PNG image data, 18 x 18, 8-bit colormap, non-interlaced 13 abc_primary_text_disable_only_mat erial_dark.xml data 468 abc_menu_hardkey_panel_mtrl_mult.9 PNG image data, 128 x 48, 8-bit/color RGBA, non-interlaced 1122 abc_ic_menu_copy_mtrl_am_alpha. p abc_ic_menu_copy_mtrl_am_alpha. p PNG image data, 36 x 36, 8-bit colormap, non-interlaced 29 PNG image data, 96 x 96, 8-bit colormap, non-interlaced 400 abc_switch_thumb_material.xml data 560 abc_scrubber_control_to_pressed_m trl_005 PNG image data, 2 x 2, 8-bit colormap, non-interlaced 958 abc_btn_rati_star_on_mtrl_alpha.p PNG image data, 48 x 48, 8-bit colormap, non-interlaced 984 abc_btn_check_to_on_mtrl_000 PNG image data, 128 x 128, 8-bit colormap, non-interlaced 294 notification_template_lines.xml data 266 abc_primary_text_disable_only_mat erial_light.xml data 468 abc_ic_menu_cut_mtrl_alpha PNG image data, 2 x 2, 8-bit colormap, non-interlaced 934 abc_ic_go_search_api_mtrl_alpha.p PNG image data, 48 x 48, 8-bit colormap, non-interlaced 15 abc_slide_in_top.xml data 400 abc_tab_indicator_mtrl_alpha.9 PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced 205 abc_ic_ab_back_mtrl_am_alpha PNG image data, 2 x 2, 8-bit colormap, non-interlaced 44 abc_ic_star_half_black_36dp PNG image data, 36 x 36, 8-bit colormap, non-interlaced 43 abc_list_focused_holo.9 PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 25 ic_refresh_white_24px PNG image data, 18 x 18, 8-bit colormap, non-interlaced 31 notification_template_big_media.xml data 180 abc_ic_menu_moreoverflow_mtrl_al pha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 15 ic_refresh_white_24px PNG image data, 96 x 96, 8-bit colormap, non-interlaced 90 abc_btn_radio_to_on_mtrl_015 PNG image data, 48 x 48, 8-bit colormap, non-interlaced 52 abc_ic_clear_mtrl_alpha PNG image data, 2 x 2, 8-bit colormap, non-interlaced 393 abc_btn_radio_to_on_mtrl_015 PNG image data, 96 x 96, 8-bit colormap, non-interlaced 1466 abc_btn_radio_to_on_mtrl_015 PNG image data, 32 x 32, 8-bit colormap, non-interlaced 492 abc_list_lopressed_holo.9 PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced 214 abc_ic_ab_back_mtrl_am_alpha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 325 abc_scrubber_primary_mtrl_alpha.9. p PNG image data, 15 x 18, 8-bit/color RGBA, non-interlaced 214 abc_list_menu_item_radio.xml data 536 abc_list_divider_mtrl_alpha.9 PNG image data, 1 x 1, 8-bit grayscale, non-interlaced 16 abc_list_menu_item_layout.xml data 1404 abc_ic_star_black_36dp PNG image data, 108 x 108, 8-bit colormap, non-interlaced 104 abc_shrink_fade_out_from_bottom.x ml data 860 classes.dex Dalvik dex file version abc_list_menu_item_icon.xml data 688 abc_ic_voice_search_api_mtrl_alpha abc_action_mode_close_item_mater ial.xml PNG image data, 36 x 36, 8-bit colormap, non-interlaced 540 data 592 abc_action_bar_title_item.xml data 940 Copyright Joe Security LLC 2018 Page 1 of 22

18 Name Type Size ic_chevron_right_white_24px PNG image data, 18 x 18, 8-bit colormap, non-interlaced 181 abc_primary_text_material_light.xml data 468 abc_slide_in_bottom.xml data 400 ic_chevron_right_white_24px PNG image data, 2 x 2, 8-bit colormap, non-interlaced 28 abc_ic_commit_search_api_mtrl_alp ha PNG image data, 32 x 32, 8-bit colormap, non-interlaced 262 ic_chevron_left_white_24px PNG image data, 48 x 48, 8-bit colormap, non-interlaced 243 select_dialog_multichoice_material.x ml data 82 device_admin_sample.xml data 196 select_dialog_item_material.xml data 648 abc_btn_radio_to_on_mtrl_015 PNG image data, 128 x 128, 8-bit colormap, non-interlaced 1224 abc_ic_menu_copy_mtrl_am_alpha. p PNG image data, 36 x 36, 8-bit colormap, non-interlaced 280 abc_btn_switch_to_on_mtrl_ PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced 148 abc_switch_track_mtrl_alpha.9 PNG image data, 94 x 64, 8-bit/color RGBA, non-interlaced 1025 abc_popup_background_mtrl_mult.9. p PNG image data, 128 x 64, 8-bit/color RGBA, non-interlaced 185 abc_list_pressed_holo_dark.9 PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced 212 abc_fade_in.xml data 396 abc_tab_indicator_material.xml data 564 abc_ic_ab_back_mtrl_am_alpha PNG image data, 24 x 24, 8-bit colormap, non-interlaced 324 abc_ic_menu_cut_mtrl_alpha PNG image data, 96 x 96, 8-bit colormap, non-interlaced 111 abc_action_mode_bar.xml data 500 abc_ic_voice_search_api_mtrl_alpha abc_btn_switch_to_on_mtrl_ PNG image data, 2 x 2, 8-bit colormap, non-interlaced 92 PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced 2606 ic_refresh_white_24px PNG image data, 24 x 24, 8-bit colormap, non-interlaced 358 abc_scrubber_control_off_mtrl_alpha abc_popup_background_mtrl_mult.9. p PNG image data, 12 x 32, 8-bit colormap, non-interlaced 213 PNG image data, 192 x 96, 8-bit/color RGBA, non-interlaced 24 abc_textfield_search_default_mtrl_al pha.9 PNG image data, 24 x 6, 8-bit/color RGBA, non-interlaced 190 support_simple_spinner_dropdown_it data 508 em.xml abc_btn_switch_to_on_mtrl_ PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced 1548 abc_list_menu_item_checkbox.xml data 536 abc_ic_menu_selectall_mtrl_alpha.p PNG image data, 48 x 48, 8-bit colormap, non-interlaced 238 abc_edit_text_material.xml data 1040 abc_ic_menu_copy_mtrl_am_alpha. p PNG image data, 48 x 48, 8-bit colormap, non-interlaced 236 ic_chevron_right_white_24px.xml data 6 abc_scrubber_primary_mtrl_alpha.9. p PNG image data, 10 x 12, 8-bit/color RGBA, non-interlaced 208 abc_ic_menu_paste_mtrl_am_alpha. p PNG image data, 48 x 48, 8-bit colormap, non-interlaced 360 abc_list_lopressed_holo.9 PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced 221 abc_btn_rati_star_on_mtrl_alpha.p PNG image data, 144 x 144, 8-bit colormap, non-interlaced 1031 abc_search_dropdown_item_icons_2 data 2204 line.xml abc_ab_share_pack_mtrl_alpha.9.pn g PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced 28 abc_ic_star_half_black_36dp PNG image data, 54 x 54, 8-bit colormap, non-interlaced 621 abc_cab_background_top_mtrl_alph a.9 PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced 225 abc_btn_check_to_on_mtrl_015 PNG image data, 48 x 48, 8-bit colormap, non-interlaced 548 abc_ratibar_indicator_material.xml data 60 okefsdpgq.dr ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]= aa60b0cb2b200cb0f9b8a32ae039d9, stripped Network Behavior Copyright Joe Security LLC 2018 Page 18 of 22

19 Network Port Distribution Total Packets: (DNS) 5353 undefined 5228 undefined TCP Packets Timestamp Source Port Dest Port Source IP Dest IP May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :51: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST Copyright Joe Security LLC 2018 Page 19 of 22

20 Timestamp Source Port Dest Port Source IP Dest IP May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :52: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST May 29, :53: CEST UDP Packets Timestamp Source Port Dest Port Source IP Dest IP May 29, :51: CEST May 29, :51: CEST May 29, :52: CEST May 29, :52: CEST APK Behavior Installation Installation Messages Copyright Joe Security LLC 2018 Page 20 of 22

21 Name >>>>>> START com.android.internal.os.runtimeinit uid 2000 <<<<<< CheckJNI is OFF Calli main entry com.android.commands.am.am Shutti down VM NOTE: attach of thread 'Binder_2' failed Shutti down VM FATAL EXCEPTION: main Process: com.smart.storeapp, PID: 3086 java.la.unsatisfiedlinkerror: dlopen failed: "/data/data/com.smart.storeapp/files/okefsdpgq" is 64-bit instead of 32-bit at com.smart.storeapp.mqrcncehg.td2lz(unknown Source) at com.smart.storeapp.td2lz.td2lz(unknown Source) at com.smart.storeapp.td2lz.td2lz(unknown Source) at com.smart.storeapp.fmnhtz.td2lz(unknown Source) at com.smart.storeapp.fmnhtz.td2lz(unknown Source) at android.support.multidex.multidex.install(unknown Source) at com.smart.storeapp.universalwebview.attachbasecontext(unknown Source) at android.app.activitythread.-wrap1(activitythread.java) at java.la.reflect.method.invoke(native Method) >>>>>> START com.android.internal.os.runtimeinit uid 2000 <<<<<< CheckJNI is OFF Calli main entry com.android.commands.am.am Shutti down VM NOTE: attach of thread 'Binder_2' failed >>>>>> START com.android.internal.os.runtimeinit uid 2000 <<<<<< CheckJNI is OFF Calli main entry com.android.commands.uiautomator.launcher Shutti down VM >>>>>> START com.android.internal.os.runtimeinit uid 2000 <<<<<< CheckJNI is OFF Calli main entry com.android.commands.am.am Shutti down VM NOTE: attach of thread 'Binder_2' failed >>>>>> START com.android.internal.os.runtimeinit uid 2000 <<<<<< CheckJNI is OFF Calli main entry com.android.commands.uiautomator.launcher Is Error true Miscellaneous External Library Dependencies YandexMetricaNativeModule By Permission (executed) By Permission (non-executed) By Class (executed) By Class (non-executed) By API Disassembly Copyright Joe Security LLC 2018 Page 21 of 22

22 0 Executed Methods 0 Non-Executed Methods Copyright Joe Security LLC 2018 Copyright Joe Security LLC 2018 Page 22 of 22

ID: Sample Name: dronefly.apk Cookbook: defaultandroidfilecookbook.jbs Time: 13:19:28 Date: 14/06/2018 Version:

ID: Sample Name: dronefly.apk Cookbook: defaultandroidfilecookbook.jbs Time: 13:19:28 Date: 14/06/2018 Version: ID: 6401 Sample Name: dronefly.apk Cookbook: defaultandroidfilecookbook.jbs Time: 13:19:28 Date: 14/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Classification