The # of rules for each confidence
Rule No. | Crime Description | Confidence |
---|---|---|
00001 |
Initialize bitmap object and compress data (e.g. JPEG) into bitmap object |
60% |
00002 |
Open the camera and take picture |
20% |
00003 |
Put the compressed bitmap data into JSON object |
60% |
00004 |
Get filename and put it to JSON object |
60% |
00005 |
Get absolute path of file and put it to JSON object |
60% |
00006 |
Scheduling recording task |
20% |
00007 |
Use absolute path of directory for the output media file path |
40% |
00008 |
Check if successfully sending out SMS |
40% |
00009 |
Put data in cursor to JSON object |
60% |
00010 |
Read sensitive data(SMS, CALLLOG) and put it into JSON object |
60% |
00011 |
Query data from URI (SMS, CALLLOGS) |
60% |
00012 |
Read data and put it into a buffer stream |
40% |
00013 |
Read file and put it into a stream |
100% |
00014 |
Read file into a stream and put it into a JSON object |
100% |
00015 |
Put buffer stream (data) to JSON object |
40% |
00016 |
Get location info of the device and put it to JSON object |
60% |
00017 |
Get Location of the device and append this info to a string |
60% |
00018 |
Get JSON object prepared and fill in location info |
40% |
00019 |
Find a method from given class name, usually for reflection |
100% |
00020 |
Get absolute path of the file and store in string |
100% |
00021 |
Load additional DEX files dynamically |
60% |
00022 |
Open a file from given absolute path of the file |
100% |
00023 |
Start another application from current application |
100% |
00024 |
Write file after Base64 decoding |
40% |
00025 |
Monitor the general action to be performed |
100% |
00026 |
Method reflection |
100% |
00027 |
Get specific method from other Dex files |
100% |
00028 |
Read file from assets directory |
60% |
00029 |
Initialize class object dynamically |
100% |
00030 |
Connect to the remote server through the given URL |
40% |
00031 |
Check the list of currently running applications |
40% |
00032 |
Load external class |
100% |
00033 |
Query the IMEI number |
40% |
00034 |
Query the current data network type |
40% |
00035 |
Query the list of the installed packages |
40% |
00036 |
Get resource file from res/raw directory |
100% |
00037 |
Send notification |
60% |
00038 |
Query the phone number |
40% |
00039 |
Start a web server |
20% |
00040 |
Send SMS |
20% |
00041 |
Save recorded audio/video to file |
40% |
00042 |
Query WiFi BSSID and scan results |
20% |
00043 |
Calculate WiFi signal strength |
20% |
00044 |
Query the last time this package's activity was used |
20% |
00045 |
Query the name of currently running application |
20% |
00046 |
Method reflection |
100% |
00047 |
Query the local IP address |
40% |
00048 |
Query the SMS contents |
20% |
00049 |
Query the phone number from SMS sender |
20% |
00050 |
Query the SMS service centre timestamp |
20% |
00051 |
Implicit intent(view a web page, make a phone call, etc.) via setData |
100% |
00052 |
Deletes media specified by a content URI(SMS, CALL_LOG, File, etc.) |
40% |
00053 |
Monitor data identified by a given content URI changes(SMS, MMS, etc.) |
100% |
00054 |
Install other APKs from file |
40% |
00055 |
Query the SMS content and the source of the phone number |
20% |
00056 |
Modify voice volume |
20% |
00057 |
Return the DHCP-assigned addresses from the last successful DHCP request |
40% |
00058 |
Connect to the specific WIFI network |
20% |
00059 |
Query the SIM card status |
60% |
00060 |
Query the network operator name |
40% |
00061 |
Return dynamic information about the current Wi-Fi connection |
40% |
00062 |
Query WiFi information and WiFi Mac Address |
20% |
00063 |
Implicit intent(view a web page, make a phone call, etc.) |
100% |
00064 |
Monitor incoming call status |
40% |
00065 |
Get the country code of the SIM card provider |
40% |
00066 |
Query the ICCID number |
40% |
00067 |
Query the IMSI number |
40% |
00068 |
Executes the specified string Linux command |
40% |
00069 |
Run shell script programmably |
20% |
00070 |
Get sender's address and send SMS |
20% |
00071 |
Write the ISO country code of the current network operator into a file |
40% |
00072 |
Write HTTP input stream into a file |
40% |
00073 |
Write the SIM card information into a file |
40% |
00074 |
Get IMSI and the ISO country code |
20% |
00075 |
Get location of the device |
100% |
00076 |
Get the current WiFi information and put it into JSON |
40% |
00077 |
Read sensitive data(SMS, CALLLOG, etc) |
100% |
00078 |
Get the network operator name |
40% |
00079 |
Hide the current app's icon |
100% |
00080 |
Save recorded audio/video to a file |
20% |
00081 |
Get declared method from given method name |
60% |
00082 |
Get the current WiFi MAC address |
40% |
00083 |
Query the IMEI number |
40% |
00084 |
Get the ISO country code and IMSI |
20% |
00085 |
Get the ISO country code and put it into JSON |
40% |
00086 |
Check if the device is in data roaming mode |
40% |
00087 |
Check the current network type |
60% |
00088 |
Create a secure socket connection to the given host address |
40% |
00089 |
Connect to a URL and receive input stream from the server |
40% |
00090 |
Set recroded audio/video file format |
20% |
00091 |
Retrieve data from broadcast |
40% |
00092 |
Send broadcast |
40% |
00093 |
Get the content of SMS and forward it to others via SMS |
20% |
00094 |
Connect to a URL and read data from it |
60% |
00095 |
Write the ICCID of device into a file |
40% |
00096 |
Connect to a URL and set request method |
100% |
00097 |
Get the sender address of the SMS and put it into JSON |
40% |
00098 |
Check if the network is connected |
80% |
00099 |
Get location of the current GSM and put it into JSON |
40% |
00100 |
Check the network capabilities |
60% |
00101 |
Initialize recorder |
20% |
00102 |
Set the phone speaker on |
40% |
00103 |
Check the active network type |
80% |
00104 |
Check if the given path is directory |
40% |
00105 |
Append the sender's address to the string |
40% |
00106 |
Get the currently formatted WiFi IP address |
20% |
00107 |
Write the IMSI number into a file |
40% |
00108 |
Read the input stream from given URL |
40% |
00109 |
Connect to a URL and get the response code |
100% |
00110 |
Query the ICCID number |
20% |
00111 |
Get the sender address of the SMS |
20% |
00112 |
Get the date of the calendar event |
40% |
00113 |
Get location and put it into JSON |
60% |
00114 |
Create a secure socket connection to the proxy address |
20% |
00115 |
Get last known location of the device |
100% |
00116 |
Get the current WiFi MAC address and put it into JSON |
40% |
00117 |
Get the IMSI and network operator name |
20% |
00118 |
Check if the content of SMS contains given string |
40% |
00119 |
Write the IMEI number into a file |
40% |
00120 |
Append the sender's address to the string |
40% |
00121 |
Create a directory |
40% |
00122 |
Check if the sender address of SMS contains the given string |
40% |
00123 |
Save the response to JSON after connecting to the remote server |
40% |
00124 |
Check the current active network type |
60% |
00125 |
Check if the given file path exist |
40% |
00126 |
Read sensitive data(SMS, CALLLOG, etc) |
40% |
00127 |
Monitor the broadcast action events (BOOT_COMPLETED, etc) |
40% |
00128 |
Query user account information |
40% |
00129 |
Get the content of SMS |
20% |
00130 |
Get the current WIFI information |
40% |
00131 |
Get location of the current GSM and put it into JSON |
40% |
00132 |
Query The ISO country code |
40% |
00133 |
Start recording |
20% |
00134 |
Get the current WiFi IP address |
40% |
00135 |
Get the current WiFi id and put it into JSON. |
40% |
00136 |
Stop recording |
20% |
00137 |
Get last known location of the device |
40% |
00138 |
Set the audio source (MIC) |
20% |
00139 |
Get the current WiFi id |
40% |
00140 |
Write the phone number into a file |
40% |
00141 |
Load class from given class name |
100% |
00142 |
Get calendar information |
100% |
00143 |
Get external class from given path or file name |
40% |
00144 |
Write SIM card serial number into a file |
40% |
00145 |
Create a socket connection to the proxy address |
20% |
00146 |
Get the network operator name and IMSI |
20% |
00147 |
Get the time of current location |
100% |
00148 |
Create a socket connection to the given host address |
40% |
00149 |
Unpack an asset, possibly decrypt it and load it as DEX |
20% |
00150 |
Send IMSI over Internet |
40% |
00151 |
Send phone number over Internet |
40% |
00152 |
Get data from HTTP and send SMS |
40% |
00153 |
Send binary data over HTTP |
20% |
00154 |
Connect hostname to TCP or UDP socket using KryoNet |
40% |
00155 |
Execute commands on shell using DataOutputStream object |
20% |
00156 |
Acquire lock on Power Manager |
100% |
00157 |
Instantiate new object using reflection, possibly used for dexClassLoader |
100% |
00158 |
Connect to a URL and send sensitive data got from resolver |
40% |
00159 |
Use accessibility service to perform action getting node info by text |
20% |
00160 |
Use accessibility service to perform action getting node info by View Id |
20% |
00161 |
Perfom accessibility service action on accessibility node info |
20% |
00162 |
Create InetSocketAddress object and connecting to it |
20% |
00163 |
Create new Socket and connecting to it |
20% |
00164 |
Get SMS address and send it through http |
20% |
00165 |
Get SMS message body and send it through http |
20% |
00166 |
Get SMS message body and retrieve a string from it (possibly PIN / mTAN) |
20% |
00167 |
Use accessibility service to perform action getting root in active window |
20% |
00168 |
Use accessibility service to perform global action getting node info by text |
20% |
00169 |
Use accessibility service to perform global action getting node info by View Id |
20% |
00170 |
Get installed applications and put the list in shared preferences |
40% |
00171 |
Compare network operator with a string |
40% |
00172 |
Check Admin permissions to (probably) get them |
0% |
00173 |
Get bounds in screen of an AccessibilityNodeInfo and perform action |
40% |
00174 |
Get all accounts by type and put them in a JSON object |
40% |
00175 |
Get notification manager and cancel notifications |
100% |
00176 |
Send sms to a contact of contact list |
0% |
00177 |
Check if permission is granted and request it |
80% |
00178 |
Execute Linux commands via ProcessBuilder |
20% |
00179 |
Send Location via SMS |
0% |
00180 |
Load native libraries(.so) via System.loadLibrary (60% means caught) |
60% |
00181 |
Load native libraries(.so) via System.load (60% means caught) |
20% |
00182 |
Open camera. |
40% |
00183 |
Get current camera paremeters and change the setting. |
20% |
00184 |
Set camera preview texture |
40% |
00185 |
Start capturing camera preview frames to the screen |
40% |
00186 |
Control camera to take picture |
40% |
00187 |
Query a URI and check the result |
100% |
00188 |
Get the address of a SMS message |
80% |
00189 |
Get the content of a SMS message |
80% |
00190 |
Query a URI and append the result into a string |
80% |
00191 |
Get messages in the SMS inbox |
80% |
00192 |
Get messages in the SMS inbox |
60% |
00193 |
Send a SMS message |
20% |
00194 |
Set the audio source (MIC) and recorded file format |
20% |
00195 |
Set the output path of the recorded file |
40% |
00196 |
Set the recorded file format and output path |
20% |
00197 |
Set the audio encoder and initialize the recorder |
20% |
00198 |
Initialize the recorder and start recording |
20% |
00199 |
Stop recording and release recording resources |
20% |
00200 |
Query data from the contact list |
80% |
00201 |
Query data from the call log |
80% |
00202 |
Make a phone call |
100% |
00203 |
Put a phone number into an intent |
100% |
00204 |
Get the default ringtone |
40% |
00205 |
Simulate a touch gesture on the device screen |
20% |
00206 |
Check if the text of the view contains the given string |
60% |
00207 |
Check if the resource name of the view contains the given string |
60% |
00208 |
Capture the contents of the device screen |
20% |
00209 |
Get pixels from the latest rendered image |
60% |
00210 |
Copy pixels from the latest rendered image into a Bitmap |
60% |
00211 |
Open an URL in Wevbiew |
20% |