ID: Sample Name: gsa_wearable.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:49:05 Date: 16/10/2017 Version:

Transcription

1 ID: Sample Name: sa_wearable.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:49:05 Date: 1/10/2017 Version:

2 Table of Contents Analysis Report Overview General Information Detection Classification Sinature Overview Chane of System Appearance: Networkin: Boot Survival: Stealin of Sensitive Information: Data Obfuscation: System Summary: Malware Analysis System Evasion: Antivirus Detection Initial Sample Dropped Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info General File Icon Static APK Info General Activities Receivers Services Permission Requested Certificate Resources Network Behavior Network Port Distribution TCP Packets UDP Packets APK Behavior Installation Miscellaneous By Permission (executed) By Permission (non-executed) By Class (executed) By Class (non-executed) By API Disassembly 0 Executed Methods Table of Contents 1 Copyriht Joe Security LLC 2017 Pae 2 of

3 0 Non-Executed Methods 1 Copyriht Joe Security LLC 2017 Pae 3 of 1

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 09:49:05 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 1m 22s false liht sa_wearable.apk Analysis system description: Android.0 Detection: Classification: Warnins: Errors: defaultandroidfilecookbook.jbs CLEAN Show All No dynamic available No interacted views No simulation commands forwarded to apk Not all resource files were parsed Not all resource strins were parsed Report size exceeded maximum capacity and may have missin behavior information. Setup command "_JBInstallAPK" failed: INSTALL_FAILED_UPDATE_INCOMPATIBLE Detection Stratey Score Rane Reportin Detection Threshold Report FP / FN Classification Copyriht Joe Security LLC 2017 Pae 4 of 1

5 Ransomware Evader Spreadin malicious malicious malicious suspicious suspicious suspicious Exploiter Phishin clean clean clean Spyware Banker Adware Trojan / Bot Sinature Overview of System Appearance Chane Networkin Survival Boot of Sensitive Information Stealin Obfuscation Data Summary System Malware Analysis System Evasion Click to jump to sinature section Chane of System Appearance: Copyriht Joe Security LLC 2017 Pae 5 of 1

6 Acquires a wake lock May access the Android keyuard (lock screen) Networkin: Urls found in memory or binary Boot Survival: Installs a new wake lock (to et activate on phone screen on) Stealin of Sensitive Information: Queries stored mail and application accounts (e.. Gmail or Whatsup) Data Obfuscation: Obfuscates method names Uses reflection System Summary: Classification label Reads shares settins Requests potentially danerous permissions Malware Analysis System Evasion: Accesses android OS build fields Antivirus Detection Initial Sample Source Detection Cloud Link sa_wearable.apk 0% virustotal Browse Dropped Files No Antivirus matches Domains No Antivirus matches Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Copyriht Joe Security LLC 2017 Pae of 1

7 Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Created / dropped Files No created / dropped files found Contacted Domains/Contacted IPs Contacted Domains No contacted domains info Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Fla ASN ASN Name Malicious United States 1519 GOOGLE-GooleIncUS false Reserved unknown unknown false Static File Info Copyriht Joe Security LLC 2017 Pae 7 of 1

8 General File type: Java Jar file (zip) TrID: Android Packae (19004/1) 45.23% Java Archive (13504/1) 32.14% ZIP compressed archive (4004/1) 9.53% Java Script embedded in Visual Basic Script (3500/0).33% Java Script (2000/0) 4.7% File name: File size: 1210 MD5: SHA1: SHA25: SHA512: File Content Preview: sa_wearable.apk c5df19c43b1c013a5d9055d4 0d3f07b5149dc0743d5cef4d5fcf2bb 5ececc3db50d922c2c1ce7b2be9e413efa59a5c1aa bcdb7c3bab1404f 1fd1da172cfed2055bad33d3430dd3fcef551b249 40fbbfec5e3533b1aa4437d0e2e9dc441fc25e543d d513c1c15cf9fdd99b5f4f9df571c0 PK...!:...F...META-INF/services/com.oole.pr otobuf.generatedextensionreistryloader com. oole.protobuf.java_com_oole_android_apps_sa_w earable sa_wearable_cea324generatedextension ReistryLite$Loader.com.oole.protobuf.j File Icon Static APK Info General Label: Your feed Minimum SDK required: 21 Taret SDK required: 23 Version Code: 1 Version Name: 1 Packae Name: com.oole.android.oolequicksearchbox Is Activity: false Is Receiver: true Is Service: true Requests System Level Permissions: false Play Store Compatible: true Activities Name com.oole.android.oolequicksearchboxcom.oole.android.apps.sa.wearable.now.views.streamactivity com.oole.android.oolequicksearchboxcom.oole.android.apps.sa.wearable.now.views.detailsactivity com.oole.android.oolequicksearchboxcom.oole.android.apps.sa.wearable.now.views.optinactivity com.oole.android.oolequicksearchboxcom.oole.android.ms.common.api.gooleapiactivity Is Entrypoint Receivers com.oole.android.apps.sa.wearable.now.dismissnotificationsreceiver com.oole.android.apps.sa.wearable.now.updatenotificationsreceiver Intent: com.oole.android.oolequicksearchbox.update_notifications Services com.oole.android.apps.sa.wearable.now.cardsynclistenerservice Intent: com.oole.android.ms.wearable.data_changed (Priority 0) Permission Requested android.permission.vibrate android.permission.wake_lock Certificate Copyriht Joe Security LLC 2017 Pae of 1

9 Name: Issuer: Subject: classes.dex CN=Android,OU=Android,O=Goole Inc.,L=Mountain View,ST=California,C=US CN=Android,OU=Android,O=Goole Inc.,L=Mountain View,ST=California,C=US Resources Name Type sinle_pae_nav_drawer_4_item.x card_noripple_b.x quantum_ic_done_white_4.pn qp_clickable_circle_backround.x card_rey_text_color.x ic_full_open_on_device.pn eneric_confirmation_animation_inte rpolator_0.x ic_cc_settins_button_bottom.x circular_button.x module_multi_option_action.x common_oole_sinin_btn_text_li ht_focused.x ic_full_super_.pn ic_arrow_back.pn ic_expand_less_white_22.x notification_template_bi_media.x ic_launcher_oole_home.pn close_button.x notification_template_bi_media_nar row_custom.x action_item.x ic_oole_home.pn PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit colormap, non-interlaced PNG imae, 24 x 24, -bit colormap, non-interlaced PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced common_oole_sinin_btn_icon_da PNG imae, 73 x 73, -bit/color RGBA, non-interlaced rk_normal_backround.9.pn wearable_drawer_view.x quantum_ic_close_white_24.pn module_tabular.x ic_full_cancel.pn ic_full_open_on_device.pn ic_arrow_forward.pn b_home_niht.pn open_on_phone_animation_interpola tor_0.x qp_border_separator.x notification_icon_backround.x ic_now_openonphone.pn header_item.x ic_cc_settins_button_center.x PNG imae, 3 x 3, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 00 x 500, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced sinle_pae_nav_drawer_5_item.x notification_b.x ic_full_open_on_device.pn notification_b_low_normal.9.pn blue_circle_white_ripple.x module_imae_header.x activity_opt_in.x common_oole_sinin_btn_text_da rk.x open_on_phone_path_2_animation.x ic_arrow_forward.pn divider.x notify_panel_notification_icon_b.pn notification_template_part_chronome ter.x PNG imae, 112 x 112, -bit colormap, non-interlaced PNG imae, 1 x 1, -bit rayscale, non-interlaced PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 15 x 15, -bit colormap, non-interlaced quantum_ic_schedule_white_4.pn PNG imae, 4 x 4, -bit colormap, non-interlaced card_text_color.x accept_deny_dialo.x Copyriht Joe Security LLC 2017 Pae 9 of 1

10 Name eneric_confirmation_animation_inte rpolator_3.x ray_square.pn btn_colored_backround_material.x module_no_cards.x card_frame.9.pn ic_now_super 32.pn PNG imae, 1 x 1, -bit rayscale, non-interlaced classes.dex Dalvik dex file version 035 sinle_pae_nav_drawer item.x common_oole_sinin_btn_icon_di sabled.x card_separator.x ic_full_open_on_device.pn PNG imae, 27 x 27, -bit/color RGBA, non-interlaced PNG imae, 55 x 5, -bit colormap, non-interlaced PNG imae, 9 x 9, -bit colormap, non-interlaced quantum_ic_cloud_off_white_4.pn PNG imae, 192 x 192, -bit colormap, non-interlaced watch_card_content.x eneric_confirmation_icon_animatio n.x oole_standard_color_1.pn notification_tile_b.x oole_disabled_color_1.pn notification_action_backround.x ic_launcher_oole_home.pn action_open_on_phone.x notification_action.x b_suestion.x ic_arrow_back.pn notification_b_normal.9.pn common_oole_sinin_btn_text_da rk_normal_backround.9.pn activity_details.x qp_clickable_module_backround.x card_link_text.x quantum_ic_reminders_alt_white_4.pn PNG imae, 1 x 1, -bit colormap, non-interlaced PNG imae, 1 x 1, -bit colormap, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit rayscale, non-interlaced PNG imae, 111 x 4, -bit/color RGBA, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced quantum_ic_schedule_white_4.pn PNG imae, 72 x 72, -bit colormap, non-interlaced CERT.RSA action_drawer_item_view.x ic_arrow_back.pn action_drawer_peek_view.x notification_template_bi_media_cu stom.x PNG imae, 72 x 72, -bit colormap, non-interlaced sinle_pae_nav_drawer_7_item.x ic_oole_home.pn notification_action_tombstone.x common_oole_sinin_btn_icon_li ht_focused.x ic_cc_settins_button_e.x overlay_confirmation.x ic_expand_more_white_22.x tabular_row.x activity_stream.x notification_b_normal.9.pn ic_full_super_.pn resources.arsc module_header.x common_oole_sinin_btn_icon_li ht.x notification_b_normal_pressed.9.pn ic_arrow_back.pn CERT.SF oole_standard_color_1.pn ic_now_super 32.pn notification_b_low_pressed.9.pn oole_disabled_color_1.pn Type PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 1 x 1, -bit rayscale, non-interlaced PNG imae, 112 x 112, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit/color RGB, non-interlaced PNG imae, 24 x 24, -bit colormap, non-interlaced ASCII text, with CRLF line terminators PNG imae, 27 x 27, -bit colormap, non-interlaced PNG imae, 3 x 4, -bit colormap, non-interlaced PNG imae, x, -bit/color RGB, non-interlaced PNG imae, 27 x 27, -bit colormap, non-interlaced Copyriht Joe Security LLC 2017 Pae 10 of 1

11 Name circular_imae_button_anim.x notification_action_tombstone.x common_oole_sinin_btn_text_da rk_normal.x ic_arrow_back.pn ic_more_vert_24dp_wht.x notification_template_icon_roup.xm l notification_b_low_pressed.9.pn common_full_open_on_phone.pn preference_wrapped_icon.x PNG imae, 3 x 3, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit/color RGB, non-interlaced PNG imae, 9 x 9, -bit colormap, non-interlaced common_oole_sinin_btn_tint.x module_small_content.x eneric_confirmation_eneric_confir mation_animation.x notification_template_icon_roup.xm l card_frame.9.pn notification_b_low_pressed.9.pn small_content_line.x card_ripple_b.x eneric_confirmation.x PNG imae, 41 x 41, -bit/color RGBA, non-interlaced PNG imae, 1 x 1, -bit/color RGB, non-interlaced common_oole_sinin_btn_icon_da PNG imae, 4 x 4, -bit/color RGBA, non-interlaced rk_normal_backround.9.pn ic_now_openonphone.pn PNG imae, 32 x 32, -bit colormap, non-interlaced quantum_ic_schedule_white_4.pn PNG imae, 192 x 192, -bit colormap, non-interlaced common_oole_sinin_btn_text_da rk.x quantum_ic_done_white_4.pn textview_subtext.x eneric_confirmation_animation_inte rpolator_2.x ic_arrow_back.pn eneric_confirmation_animation.x sinle_pae_nav_drawer_peek_view.x quantum_ic_close_white_24.pn quantum_ic_reminders_alt_white_4.pn PNG imae, 144 x 144, -bit colormap, non-interlaced PNG imae, 3 x 3, -bit colormap, non-interlaced PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 192 x 192, -bit colormap, non-interlaced quantum_ic_cloud_off_white_4.pn PNG imae, 144 x 144, -bit colormap, non-interlaced notify_panel_notification_icon_b.pn quantum_ic_close_white_24.pn accept_deny_dialo_positive_b.x quantum_ic_done_white_4.pn setup_wizard_navbar_btn_b.x ic_full_sad.pn quantum_ic_photo_rey00_4.pn common_oole_sinin_btn_text_li ht_normal_backround.9.pn ic_launcher_oole_home.pn qp_clickable_module_backround.x ic_full_cancel.pn PNG imae, 14 x 14, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 192 x 192, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 222 x 9, -bit/color RGBA, non-interlaced PNG imae, 192 x 192, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced quantum_ic_schedule_white_4.pn PNG imae, 9 x 9, -bit colormap, non-interlaced ic_now_openonphone.pn alert_dialo_wearable.x quantum_ic_close_white_24.pn card_frame_pressed.9.pn notification_media_action.x textview_textline.x common_oole_sinin_btn_text_da rk_normal_backround.9.pn notification_b_low.x PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced PNG imae, 27 x 27, -bit/color RGBA, non-interlaced PNG imae, 333 x 144, -bit/color RGBA, non-interlaced quantum_ic_schedule_white_4.pn PNG imae, 144 x 144, -bit colormap, non-interlaced common_oole_sinin_btn_text_li ht_normal_backround.9.pn Type PNG imae, 1 x 73, -bit/color RGBA, non-interlaced Copyriht Joe Security LLC 2017 Pae 11 of 1

12 Name common_oole_sinin_btn_icon_li PNG imae, 9 x 9, -bit/color RGBA, non-interlaced ht_normal_backround.9.pn quantum_ic_naviation_white_4.pn common_oole_sinin_btn_text_di sabled.x PNG imae, 144 x 144, -bit colormap, non-interlaced quantum_ic_cloud_off_white_4.pn PNG imae, 4 x 4, -bit colormap, non-interlaced notification_template_media.x notification_b_normal_pressed.9.pn ic_now_super 32.pn ic_launcher_oole_home.pn quantum_ic_reminders_alt_white_4.pn action_item_icon_backround.x PNG imae, 1 x 1, -bit/color RGB, non-interlaced PNG imae, 32 x 32, -bit/color RGBA, non-interlaced PNG imae, 4 x 4, -bit/color RGBA, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced quantum_ic_cloud_off_white_4.pn PNG imae, 72 x 72, -bit colormap, non-interlaced common_oole_sinin_btn_text_da rk_normal_backround.9.pn action_item_backround.x ic_launcher_oole_home.pn common_oole_sinin_btn_icon_li ht_normal_backround.9.pn action_cancel.x naviation_drawer_item_view.x PNG imae, 222 x 9, -bit/color RGBA, non-interlaced PNG imae, 144 x 144, -bit colormap, non-interlaced PNG imae, 73 x 73, -bit/color RGBA, non-interlaced quantum_ic_cloud_off_white_4.pn PNG imae, 9 x 9, -bit colormap, non-interlaced ic_arrow_forward.pn setup_wizard_navbar_btn_b.x card_ripple_b.x ic_full_sad.pn dismiss_overlay.x textview_meta.x build-.properties notification_template_lines_media.x PNG imae, 72 x 72, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit colormap, non-interlaced ASCII text common_oole_sinin_btn_icon_da rk.x toolbar.x quantum_ic_done_white_4.pn notification_b_low_normal.9.pn common_oole_sinin_btn_text_li ht.x quantum_ic_photo_rey00_4.pn MANIFEST.MF PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, x, -bit rayscale, non-interlaced common_oole_sinin_btn_icon_da rk_focused.x ic_cc_clear.x card_frame_pressed.9.pn com.oole.protobuf.generatedexte nsionreistryloader notify_panel_notification_icon_b.pn accept_deny_dialo_neative_b.x notification_action.x quantum_ic_naviation_white_4.pn PNG imae, 9 x 9, -bit colormap, non-interlaced ASCII text, with CRLF line terminators PNG imae, 41 x 41, -bit/color RGBA, non-interlaced ASCII text PNG imae, 30 x 30, -bit colormap, non-interlaced sinle_pae_nav_drawer_1_item.x eneric_confirmation_animation_inte rpolator_1.x quantum_ic_naviation_white_4.pn ic_oole_home.pn card_item.x quantum_ic_photo_rey00_4.pn open_on_phone_path_1_animation.x primary_text_suest.x common_oole_sinin_btn_text_li ht_normal_backround.9.pn Type PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 192 x 192, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit/color RGBA, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced PNG imae, 333 x 144, -bit/color RGBA, non-interlaced Copyriht Joe Security LLC 2017 Pae 12 of 1

13 Name ic_arrow_back.pn qp_clickable_circle_backround.x PNG imae, 4 x 4, -bit colormap, non-interlaced common_oole_sinin_btn_icon_da PNG imae, 9 x 9, -bit/color RGBA, non-interlaced rk_normal_backround.9.pn oole_standard_color_1.pn notification_b_low_normal.9.pn oole_disabled_color_1.pn quantum_ic_naviation_white_4.pn b_suestion_selector.x textview_small_title.x module_barcode.x common_oole_sinin_btn_icon_li ht_normal.x ic_now_super 32.pn PNG imae, 3 x 3, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit rayscale, non-interlaced PNG imae, 3 x 3, -bit colormap, non-interlaced PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 47 x 4, -bit colormap, non-interlaced common_oole_sinin_btn_icon_da PNG imae, 144 x 144, -bit/color RGBA, non-interlaced rk_normal_backround.9.pn notification_template_media_custom.x open_on_phone_animation_interpola tor_1.x notification_template_bi_media_nar row.x ic_full_sad.pn button_icon_color.x common_oole_sinin_btn_text_li ht.x ic_more_horiz_24dp_wht.x b_suestion.x quantum_ic_reminders_alt_white_4.pn card_frame.9.pn common_oole_sinin_btn_icon_li ht_normal_backround.9.pn oole_standard_color_1.pn tabular_cell.x oole_disabled_color_1.pn notification_b_normal_pressed.9.pn naviation_drawer_view.x PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 9 x 9, -bit colormap, non-interlaced PNG imae, 54 x 54, -bit/color RGBA, non-interlaced PNG imae, 144 x 144, -bit/color RGBA, non-interlaced PNG imae, 54 x 54, -bit/color RGBA, non-interlaced PNG imae, 54 x 54, -bit colormap, non-interlaced PNG imae, x, -bit/color RGB, non-interlaced sinle_pae_nav_drawer_2_item.x ic_full_cancel.pn notification_template_part_time.x common_oole_sinin_btn_text_da rk_focused.x PNG imae, 9 x 9, -bit colormap, non-interlaced common_oole_sinin_btn_icon_da rk_normal.x common_oole_sinin_btn_text_li ht_normal.x notification_template_custom_bi.x open_on_phone_animation.x ic_now_openonphone.pn card_backround.x card_frame_pressed.9.pn notification_template_custom_bi.x b_home_day.pn common_full_open_on_phone.pn common_oole_sinin_btn_text_li ht_normal_backround.9.pn notification_media_cancel_action.xm l open_on_phone.x common_oole_sinin_btn_text_da rk_normal_backround.9.pn quantum_ic_reminders_alt_white_4.pn quantum_ic_naviation_white_4.pn Type PNG imae, 5 x 5, -bit colormap, non-interlaced PNG imae, 54 x 54, -bit/color RGBA, non-interlaced PNG imae, 00 x 500, -bit colormap, non-interlaced PNG imae, 12 x 12, -bit colormap, non-interlaced PNG imae, 111 x 4, -bit/color RGBA, non-interlaced PNG imae, 1 x 73, -bit/color RGBA, non-interlaced PNG imae, 144 x 144, -bit colormap, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced Copyriht Joe Security LLC 2017 Pae 13 of 1

14 Name ic_full_super_.pn textview_lare_title.x PNG imae, 9 x 9, -bit colormap, non-interlaced sinle_pae_nav_drawer_3_item.x module_unknown.x ic_cc_settins_button_top.x textview_title.x notification_template_custom_bi.x action_drawer_title_view.x quantum_ic_close_white_24.pn quantum_ic_done_white_4.pn ic_full_super_.pn quantum_ic_photo_rey00_4.pn ray_divider.x common_oole_sinin_btn_icon_li ht_normal_backround.9.pn cluster_header.x ic_cc_checkmark.x notification_b_normal.9.pn open_on_phone_arrow_animation.x quantum_ic_photo_rey00_4.pn ic_arrow_back.pn AndroidManifest.x Type PNG imae, 24 x 24, -bit colormap, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit colormap, non-interlaced PNG imae, 144 x 144, -bit colormap, non-interlaced PNG imae, 4 x 4, -bit/color RGBA, non-interlaced PNG imae, x, -bit rayscale, non-interlaced PNG imae, 192 x 192, -bit colormap, non-interlaced PNG imae, 72 x 72, -bit colormap, non-interlaced Network Behavior Network Port Distribution Total Packets: undefined 522 undefined TCP Packets Timestamp Source Port Dest Port Source IP Dest IP Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Copyriht Joe Security LLC 2017 Pae 14 of 1

15 Timestamp Source Port Dest Port Source IP Dest IP Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST Oct 1, :49: CEST UDP Packets Timestamp Source Port Dest Port Source IP Dest IP Oct 1, :49: CEST Oct 1, :49: CEST APK Behavior Installation Miscellaneous By Permission (executed) By Permission (non-executed) By Class (executed) Copyriht Joe Security LLC 2017 Pae 15 of 1

16 By Class (non-executed) By API Disassembly 0 Executed Methods 0 Non-Executed Methods Copyriht Joe Security LLC 2017 Copyriht Joe Security LLC 2017 Pae 1 of 1