Analysis Result

The # of rules for each confidence

100% 31
80% 9
60% 25
40% 83
20% 60
0% 3

Sample Information

File name
frostbyte.apk
MD5
804d4a01070af1c1b57763bc86aee21f
File size
72.41 Mb
Labels

Select labels to see max confidence in radar chart

The labels with 100% confidence crimes

Rule No. Crime Description Confidence

00001

Initialize bitmap object and compress data (e.g. JPEG) into bitmap object

60%

00002

Open the camera and take picture

20%

00003

Put the compressed bitmap data into JSON object

60%

00004

Get filename and put it to JSON object

60%

00005

Get absolute path of file and put it to JSON object

60%

00006

Scheduling recording task

20%

00007

Use absolute path of directory for the output media file path

40%

00008

Check if successfully sending out SMS

40%

00009

Put data in cursor to JSON object

60%

00010

Read sensitive data(SMS, CALLLOG) and put it into JSON object

60%

00011

Query data from URI (SMS, CALLLOGS)

60%

00012

Read data and put it into a buffer stream

40%

00013

Read file and put it into a stream

100%

00014

Read file into a stream and put it into a JSON object

100%

00015

Put buffer stream (data) to JSON object

40%

00016

Get location info of the device and put it to JSON object

60%

00017

Get Location of the device and append this info to a string

60%

00018

Get JSON object prepared and fill in location info

40%

00019

Find a method from given class name, usually for reflection

100%

00020

Get absolute path of the file and store in string

100%

00021

Load additional DEX files dynamically

60%

00022

Open a file from given absolute path of the file

100%

00023

Start another application from current application

100%

00024

Write file after Base64 decoding

40%

00025

Monitor the general action to be performed

100%

00026

Method reflection

100%

00027

Get specific method from other Dex files

100%

00028

Read file from assets directory

60%

00029

Initialize class object dynamically

100%

00030

Connect to the remote server through the given URL

40%

00031

Check the list of currently running applications

40%

00032

Load external class

100%

00033

Query the IMEI number

40%

00034

Query the current data network type

40%

00035

Query the list of the installed packages

40%

00036

Get resource file from res/raw directory

100%

00037

Send notification

60%

00038

Query the phone number

40%

00039

Start a web server

20%

00040

Send SMS

20%

00041

Save recorded audio/video to file

40%

00042

Query WiFi BSSID and scan results

20%

00043

Calculate WiFi signal strength

20%

00044

Query the last time this package's activity was used

20%

00045

Query the name of currently running application

20%

00046

Method reflection

100%

00047

Query the local IP address

40%

00048

Query the SMS contents

20%

00049

Query the phone number from SMS sender

20%

00050

Query the SMS service centre timestamp

20%

00051

Implicit intent(view a web page, make a phone call, etc.) via setData

100%

00052

Deletes media specified by a content URI(SMS, CALL_LOG, File, etc.)

40%

00053

Monitor data identified by a given content URI changes(SMS, MMS, etc.)

100%

00054

Install other APKs from file

40%

00055

Query the SMS content and the source of the phone number

20%

00056

Modify voice volume

20%

00057

Return the DHCP-assigned addresses from the last successful DHCP request

40%

00058

Connect to the specific WIFI network

20%

00059

Query the SIM card status

60%

00060

Query the network operator name

40%

00061

Return dynamic information about the current Wi-Fi connection

40%

00062

Query WiFi information and WiFi Mac Address

20%

00063

Implicit intent(view a web page, make a phone call, etc.)

100%

00064

Monitor incoming call status

40%

00065

Get the country code of the SIM card provider

40%

00066

Query the ICCID number

40%

00067

Query the IMSI number

40%

00068

Executes the specified string Linux command

40%

00069

Run shell script programmably

20%

00070

Get sender's address and send SMS

20%

00071

Write the ISO country code of the current network operator into a file

40%

00072

Write HTTP input stream into a file

40%

00073

Write the SIM card information into a file

40%

00074

Get IMSI and the ISO country code

20%

00075

Get location of the device

100%

00076

Get the current WiFi information and put it into JSON

40%

00077

Read sensitive data(SMS, CALLLOG, etc)

100%

00078

Get the network operator name

40%

00079

Hide the current app's icon

100%

00080

Save recorded audio/video to a file

20%

00081

Get declared method from given method name

60%

00082

Get the current WiFi MAC address

40%

00083

Query the IMEI number

40%

00084

Get the ISO country code and IMSI

20%

00085

Get the ISO country code and put it into JSON

40%

00086

Check if the device is in data roaming mode

40%

00087

Check the current network type

60%

00088

Create a secure socket connection to the given host address

40%

00089

Connect to a URL and receive input stream from the server

40%

00090

Set recroded audio/video file format

20%

00091

Retrieve data from broadcast

40%

00092

Send broadcast

40%

00093

Get the content of SMS and forward it to others via SMS

20%

00094

Connect to a URL and read data from it

60%

00095

Write the ICCID of device into a file

40%

00096

Connect to a URL and set request method

100%

00097

Get the sender address of the SMS and put it into JSON

40%

00098

Check if the network is connected

80%

00099

Get location of the current GSM and put it into JSON

40%

00100

Check the network capabilities

60%

00101

Initialize recorder

20%

00102

Set the phone speaker on

40%

00103

Check the active network type

80%

00104

Check if the given path is directory

40%

00105

Append the sender's address to the string

40%

00106

Get the currently formatted WiFi IP address

20%

00107

Write the IMSI number into a file

40%

00108

Read the input stream from given URL

40%

00109

Connect to a URL and get the response code

100%

00110

Query the ICCID number

20%

00111

Get the sender address of the SMS

20%

00112

Get the date of the calendar event

40%

00113

Get location and put it into JSON

60%

00114

Create a secure socket connection to the proxy address

20%

00115

Get last known location of the device

100%

00116

Get the current WiFi MAC address and put it into JSON

40%

00117

Get the IMSI and network operator name

20%

00118

Check if the content of SMS contains given string

40%

00119

Write the IMEI number into a file

40%

00120

Append the sender's address to the string

40%

00121

Create a directory

40%

00122

Check if the sender address of SMS contains the given string

40%

00123

Save the response to JSON after connecting to the remote server

40%

00124

Check the current active network type

60%

00125

Check if the given file path exist

40%

00126

Read sensitive data(SMS, CALLLOG, etc)

40%

00127

Monitor the broadcast action events (BOOT_COMPLETED, etc)

40%

00128

Query user account information

40%

00129

Get the content of SMS

20%

00130

Get the current WIFI information

40%

00131

Get location of the current GSM and put it into JSON

40%

00132

Query The ISO country code

40%

00133

Start recording

20%

00134

Get the current WiFi IP address

40%

00135

Get the current WiFi id and put it into JSON.

40%

00136

Stop recording

20%

00137

Get last known location of the device

40%

00138

Set the audio source (MIC)

20%

00139

Get the current WiFi id

40%

00140

Write the phone number into a file

40%

00141

Load class from given class name

100%

00142

Get calendar information

100%

00143

Get external class from given path or file name

40%

00144

Write SIM card serial number into a file

40%

00145

Create a socket connection to the proxy address

20%

00146

Get the network operator name and IMSI

20%

00147

Get the time of current location

100%

00148

Create a socket connection to the given host address

40%

00149

Unpack an asset, possibly decrypt it and load it as DEX

20%

00150

Send IMSI over Internet

40%

00151

Send phone number over Internet

40%

00152

Get data from HTTP and send SMS

40%

00153

Send binary data over HTTP

20%

00154

Connect hostname to TCP or UDP socket using KryoNet

40%

00155

Execute commands on shell using DataOutputStream object

20%

00156

Acquire lock on Power Manager

100%

00157

Instantiate new object using reflection, possibly used for dexClassLoader

100%

00158

Connect to a URL and send sensitive data got from resolver

40%

00159

Use accessibility service to perform action getting node info by text

20%

00160

Use accessibility service to perform action getting node info by View Id

20%

00161

Perfom accessibility service action on accessibility node info

20%

00162

Create InetSocketAddress object and connecting to it

20%

00163

Create new Socket and connecting to it

20%

00164

Get SMS address and send it through http

20%

00165

Get SMS message body and send it through http

20%

00166

Get SMS message body and retrieve a string from it (possibly PIN / mTAN)

20%

00167

Use accessibility service to perform action getting root in active window

20%

00168

Use accessibility service to perform global action getting node info by text

20%

00169

Use accessibility service to perform global action getting node info by View Id

20%

00170

Get installed applications and put the list in shared preferences

40%

00171

Compare network operator with a string

40%

00172

Check Admin permissions to (probably) get them

0%

00173

Get bounds in screen of an AccessibilityNodeInfo and perform action

40%

00174

Get all accounts by type and put them in a JSON object

40%

00175

Get notification manager and cancel notifications

100%

00176

Send sms to a contact of contact list

0%

00177

Check if permission is granted and request it

80%

00178

Execute Linux commands via ProcessBuilder

20%

00179

Send Location via SMS

0%

00180

Load native libraries(.so) via System.loadLibrary (60% means caught)

60%

00181

Load native libraries(.so) via System.load (60% means caught)

20%

00182

Open camera.

40%

00183

Get current camera paremeters and change the setting.

20%

00184

Set camera preview texture

40%

00185

Start capturing camera preview frames to the screen

40%

00186

Control camera to take picture

40%

00187

Query a URI and check the result

100%

00188

Get the address of a SMS message

80%

00189

Get the content of a SMS message

80%

00190

Query a URI and append the result into a string

80%

00191

Get messages in the SMS inbox

80%

00192

Get messages in the SMS inbox

60%

00193

Send a SMS message

20%

00194

Set the audio source (MIC) and recorded file format

20%

00195

Set the output path of the recorded file

40%

00196

Set the recorded file format and output path

20%

00197

Set the audio encoder and initialize the recorder

20%

00198

Initialize the recorder and start recording

20%

00199

Stop recording and release recording resources

20%

00200

Query data from the contact list

80%

00201

Query data from the call log

80%

00202

Make a phone call

100%

00203

Put a phone number into an intent

100%

00204

Get the default ringtone

40%

00205

Simulate a touch gesture on the device screen

20%

00206

Check if the text of the view contains the given string

60%

00207

Check if the resource name of the view contains the given string

60%

00208

Capture the contents of the device screen

20%

00209

Get pixels from the latest rendered image

60%

00210

Copy pixels from the latest rendered image into a Bitmap

60%

00211

Open an URL in Wevbiew

20%