Analysis Result
The # of rules for each confidence
Sample Information
Select lables to see max confidence in radare chart
The labels with 100% confidence crimes
| Rule No. | Crime Description | Confidence |
|---|---|---|
|
00019 |
Find a method from given class name, usually for reflection |
100% |
|
00058 |
Connect to the specific WIFI network |
20% |
|
00166 |
Get SMS message body and retrieve a string from it (possibly PIN / mTAN) |
20% |
|
00023 |
Start another application from current application |
20% |
|
00189 |
Get the content of a SMS message |
100% |
|
00131 |
Get location of the current GSM and put it into JSON |
40% |
|
00074 |
Get IMSI and the ISO country code |
20% |
|
00127 |
Monitor the broadcast action events (BOOT_COMPLETED, etc) |
20% |
|
00062 |
Query WiFi information and WiFi Mac Address |
20% |
|
00170 |
Get installed applications and put the list in shared preferences |
20% |
|
00035 |
Query the list of the installed packages |
40% |
|
00042 |
Query WiFi BSSID and scan results |
20% |
|
00107 |
Write the IMSI number into a file |
20% |
|
00015 |
Put buffer stream (data) to JSON object |
80% |
|
00150 |
Send IMSI over Internet |
40% |
|
00003 |
Put the compressed bitmap data into JSON object |
80% |
|
00146 |
Get the network operator name and IMSI |
20% |
|
00054 |
Install other APKs from file |
20% |
|
00111 |
Get the sender address of the SMS |
20% |
|
00185 |
Start capturing camera preview frames to the screen |
100% |
|
00097 |
Get the sender address of the SMS and put it into JSON |
40% |
|
00078 |
Get the network operator name |
40% |
|
00202 |
Make a phone call |
20% |
|
00081 |
Get declared method from given method name |
40% |
|
00039 |
Start a web server |
20% |
|
00193 |
Send a SMS message |
100% |
|
00038 |
Query the phone number |
40% |
|
00192 |
Get messages in the SMS inbox |
100% |
|
00080 |
Save recorded audio/video to a file |
40% |
|
00203 |
Put a phone number into an intent |
40% |
|
00096 |
Connect to a URL and set request method |
60% |
|
00079 |
Hide the current app's icon |
40% |
|
00184 |
Set camera preview texture |
40% |
|
00055 |
Query the SMS content and the source of the phone number |
20% |
|
00110 |
Query the ICCID number |
20% |
|
00002 |
Open the camera and take picture |
100% |
|
00147 |
Get the time of current location |
40% |
|
00014 |
Read file into a stream and put it into a JSON object |
80% |
|
00151 |
Send phone number over Internet |
40% |
|
00043 |
Calculate WiFi signal strength |
20% |
|
00106 |
Get the currently formatted WiFi IP address |
20% |
|
00171 |
Compare network operator with a string |
40% |
|
00034 |
Query the current data network type |
40% |
|
00126 |
Read sensitive data(SMS, CALLLOG, etc) |
40% |
|
00063 |
Implicit intent(view a web page, make a phone call, etc.) |
40% |
|
00130 |
Get the current WIFI information |
40% |
|
00075 |
Get location of the device |
80% |
|
00167 |
Use accessibility service to perform action getting root in active window |
20% |
|
00022 |
Open a file from given absolute path of the file |
60% |
|
00188 |
Get the address of a SMS message |
100% |
|
00059 |
Query the SIM card status |
40% |
|
00018 |
Get JSON object prepared and fill in location info |
60% |
|
00044 |
Query the last time this package's activity was used |
20% |
|
00101 |
Initialize recorder |
40% |
|
00013 |
Read file and put it into a stream |
100% |
|
00156 |
Acquire lock on Power Manager |
20% |
|
00005 |
Get absolute path of file and put it to JSON object |
100% |
|
00140 |
Write the phone number into a file |
20% |
|
00052 |
Deletes media specified by a content URI(SMS, CALL_LOG, File, etc.) |
40% |
|
00117 |
Get the IMSI and network operator name |
20% |
|
00183 |
Get current camera paremeters and change the setting. |
20% |
|
00029 |
Initialize class object dynamically |
100% |
|
00091 |
Retrieve data from broadcast |
20% |
|
00204 |
Get the default ringtone |
20% |
|
00087 |
Check the current network type |
40% |
|
00068 |
Executes the specified string Linux command |
20% |
|
00195 |
Set the output path of the recorded file |
100% |
|
00048 |
Query the SMS contents |
20% |
|
00009 |
Put data in cursor to JSON object |
100% |
|
00160 |
Use accessibility service to perform action getting node info by View Id |
20% |
|
00025 |
Monitor the general action to be performed |
40% |
|
00137 |
Get last known location of the device |
40% |
|
00072 |
Write HTTP input stream into a file |
40% |
|
00121 |
Create a directory |
40% |
|
00064 |
Monitor incoming call status |
40% |
|
00176 |
Send sms to a contact of contact list |
40% |
|
00199 |
Stop recording and release recording resources |
80% |
|
00033 |
Query the IMEI number |
40% |
|
00177 |
Check if permission is granted and request it |
20% |
|
00198 |
Initialize the recorder and start recording |
100% |
|
00032 |
Load external class |
40% |
|
00120 |
Append the sender's address to the string |
40% |
|
00065 |
Get the country code of the SIM card provider |
40% |
|
00136 |
Stop recording |
40% |
|
00073 |
Write the SIM card information into a file |
20% |
|
00161 |
Perfom accessibility service action on accessibility node info |
20% |
|
00024 |
Write file after Base64 decoding |
20% |
|
00008 |
Check if successfully sending out SMS |
100% |
|
00049 |
Query the phone number from SMS sender |
20% |
|
00194 |
Set the audio source (MIC) and recorded file format |
100% |
|
00086 |
Check if the device is in data roaming mode |
40% |
|
00069 |
Run shell script programmably |
20% |
|
00090 |
Set recroded audio/video file format |
40% |
|
00182 |
Open camera. |
100% |
|
00028 |
Read file from assets directory |
40% |
|
00053 |
Monitor data identified by a given content URI changes(SMS, MMS, etc.) |
40% |
|
00116 |
Get the current WiFi MAC address and put it into JSON |
40% |
|
00004 |
Get filename and put it to JSON object |
100% |
|
00141 |
Load class from given class name |
40% |
|
00012 |
Read data and put it into a buffer stream |
100% |
|
00157 |
Instantiate new object using reflection, possibly used for dexClassLoader |
100% |
|
00045 |
Query the name of currently running application |
20% |
|
00100 |
Check the network capabilities |
40% |
|
00197 |
Set the audio encoder and initialize the recorder |
100% |
|
00178 |
Execute Linux commands via ProcessBuilder |
20% |
|
00085 |
Get the ISO country code and put it into JSON |
40% |
|
00139 |
Get the current WiFi id |
40% |
|
00093 |
Get the content of SMS and forward it to others via SMS |
40% |
|
00181 |
Load native libraries(.so) via System.load (60% means caught) |
20% |
|
00115 |
Get last known location of the device |
100% |
|
00050 |
Query the SMS service centre timestamp |
20% |
|
00142 |
Get calendar information |
40% |
|
00007 |
Use absolute path of directory for the output media file path |
100% |
|
00154 |
Connect hostname to TCP or UDP socket using KryoNet |
20% |
|
00011 |
Query data from URI (SMS, CALLLOGS) |
100% |
|
00103 |
Check the active network type |
40% |
|
00046 |
Method reflection |
60% |
|
00031 |
Check the list of currently running applications |
20% |
|
00174 |
Get all accounts by type and put them in a JSON object |
40% |
|
00066 |
Query the ICCID number |
40% |
|
00123 |
Save the response to JSON after connecting to the remote server |
40% |
|
00089 |
Connect to a URL and receive input stream from the server |
60% |
|
00070 |
Get sender's address and send SMS |
40% |
|
00135 |
Get the current WiFi id and put it into JSON. |
40% |
|
00027 |
Get specific method from other Dex files |
40% |
|
00162 |
Create InetSocketAddress object and connecting to it |
20% |
|
00119 |
Write the IMEI number into a file |
20% |
|
00158 |
Connect to a URL and send sensitive data got from resolver |
60% |
|
00159 |
Use accessibility service to perform action getting node info by text |
20% |
|
00118 |
Check if the content of SMS contains given string |
40% |
|
00026 |
Method reflection |
100% |
|
00163 |
Create new Socket and connecting to it |
20% |
|
00071 |
Write the ISO country code of the current network operator into a file |
20% |
|
00134 |
Get the current WiFi IP address |
40% |
|
00067 |
Query the IMSI number |
40% |
|
00122 |
Check if the sender address of SMS contains the given string |
40% |
|
00088 |
Create a secure socket connection to the given host address |
60% |
|
00030 |
Connect to the remote server through the given URL |
40% |
|
00175 |
Get notification manager and cancel notifications |
40% |
|
00102 |
Set the phone speaker on |
40% |
|
00047 |
Query the local IP address |
40% |
|
00155 |
Execute commands on shell using DataOutputStream object |
20% |
|
00010 |
Read sensitive data(SMS, CALLLOG) and put it into JSON object |
100% |
|
00143 |
Get external class from given path or file name |
40% |
|
00006 |
Scheduling recording task |
80% |
|
00114 |
Create a secure socket connection to the proxy address |
60% |
|
00051 |
Implicit intent(view a web page, make a phone call, etc.) via setData |
40% |
|
00180 |
Load native libraries(.so) via System.loadLibrary (60% means caught) |
20% |
|
00138 |
Set the audio source (MIC) |
40% |
|
00092 |
Send broadcast |
20% |
|
00084 |
Get the ISO country code and IMSI |
20% |
|
00196 |
Set the recorded file format and output path |
100% |
|
00179 |
Send Location via SMS |
0% |
|
00037 |
Send notification |
20% |
|
00172 |
Check Admin permissions to (probably) get them |
0% |
|
00060 |
Query the network operator name |
40% |
|
00125 |
Check if the given file path exist |
40% |
|
00076 |
Get the current WiFi information and put it into JSON |
40% |
|
00099 |
Get location of the current GSM and put it into JSON |
40% |
|
00133 |
Start recording |
40% |
|
00021 |
Load additional DEX files dynamically |
40% |
|
00164 |
Get SMS address and send it through http |
40% |
|
00148 |
Create a socket connection to the given host address |
60% |
|
00109 |
Connect to a URL and get the response code |
60% |
|
00191 |
Get messages in the SMS inbox |
100% |
|
00083 |
Query the IMEI number |
20% |
|
00129 |
Get the content of SMS |
20% |
|
00200 |
Query data from the contact list |
100% |
|
00095 |
Write the ICCID of device into a file |
20% |
|
00187 |
Query a URI and check the result |
100% |
|
00168 |
Use accessibility service to perform global action getting node info by text |
20% |
|
00113 |
Get location and put it into JSON |
60% |
|
00056 |
Modify voice volume |
20% |
|
00144 |
Write SIM card serial number into a file |
20% |
|
00001 |
Initialize bitmap object and compress data (e.g. JPEG) into bitmap object |
100% |
|
00152 |
Get data from HTTP and send SMS |
60% |
|
00017 |
Get Location of the device and append this info to a string |
100% |
|
00105 |
Append the sender's address to the string |
40% |
|
00040 |
Send SMS |
20% |
|
00104 |
Check if the given path is directory |
40% |
|
00041 |
Save recorded audio/video to file |
40% |
|
00153 |
Send binary data over HTTP |
40% |
|
00016 |
Get location info of the device and put it to JSON object |
60% |
|
00145 |
Create a socket connection to the proxy address |
60% |
|
00112 |
Get the date of the calendar event |
40% |
|
00057 |
Return the DHCP-assigned addresses from the last successful DHCP request |
40% |
|
00186 |
Control camera to take picture |
100% |
|
00169 |
Use accessibility service to perform global action getting node info by View Id |
20% |
|
00094 |
Connect to a URL and read data from it |
60% |
|
00201 |
Query data from the call log |
100% |
|
00082 |
Get the current WiFi MAC address |
40% |
|
00128 |
Query user account information |
20% |
|
00190 |
Query a URI and append the result into a string |
80% |
|
00108 |
Read the input stream from given URL |
100% |
|
00149 |
Unpack an asset, possibly decrypt it and load it as DEX |
20% |
|
00020 |
Get absolute path of the file and store in string |
80% |
|
00165 |
Get SMS message body and send it through http |
40% |
|
00077 |
Read sensitive data(SMS, CALLLOG, etc) |
100% |
|
00098 |
Check if the network is connected |
40% |
|
00132 |
Query The ISO country code |
40% |
|
00061 |
Return dynamic information about the current Wi-Fi connection |
40% |
|
00124 |
Check the current active network type |
40% |
|
00036 |
Get resource file from res/raw directory |
40% |
|
00173 |
Get bounds in screen of an AccessibilityNodeInfo and perform action |
20% |