ANDROID STATIC ANALYSIS REPORT

 Uang Mengkilap (1.0.2)

File Name: Uang Mengkilap-Uang Online_1.0.2.apk

Package Name: com.mengkilap.uang

Scan Date: Oct. 13, 2023, 9:37 a.m.

App Security Score: 42/100 (MEDIUM RISK)

Grade:
B
Trackers Detection: 2/428
 FINDINGS SEVERITY

 HIGH  MEDIUM  INFO  SECURE  HOTSPOT

6 12 2 2 1

 FILE INFORMATION
File Name: Uang Mengkilap-Uang Online_1.0.2.apk
Size: 7.92MB
MD5: b15961cafa0d65618cd0ed791fbbc4b8
SHA1: 85c12f8b5f529967d7d36ba49f4d9e2630efc9b3
SHA256: c49e6d52cd3514ef1ad4bd6ea8ed6996b21725a3e9d1cdcb7f4584e18ea124c3

 APP INFORMATION
App Name: Uang Mengkilap
Package Name: com.mengkilap.uang
Main Activity: com.jak.kejayaan.dana.view.acactivity.ACSplashActivity
Target SDK: 31
Min SDK: 21
Max SDK:
Android Version Name: 1.0.2
Android Version Code: 2

 APP COMPONENTS
Activities: 32
Services: 12
Receivers: 6
Providers: 2
Exported Activities: 0
Exported Services: 2
Exported Receivers: 4
Exported Providers: 0

 CERTIFICATE INFORMATION
Binary is signed
v1 signature: True
v2 signature: True
v3 signature: True
v4 signature: False
X.509 Subject: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2023-08-05 14:49:54+00:00
Valid To: 2053-08-05 14:49:54+00:00
Issuer: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Serial Number: 0xe365966f0de6b7c242f7f7e62d8448bee9a7492d
Hash Algorithm: sha256
md5: 72b86811fb9595e53672bc80440904b8
sha1: b4df927d7d2ee0101cf264c30bc7141a506b9b69
sha256: 594d3c747d2117789ab8d3687b1aa16ea0516a97c3ca195253644ca14b1ec243
sha512: 19392365744bfea822e375485eef7e21e83f11b5a819835eb858259907397dfabb05c7088baa76c81a65646a06c4b18dd0f9dd83a4d236779121f84986d92781
PublicKey Algorithm: rsa
Bit Size: 4096
Fingerprint: f6f7b0a736a82dcdab6768247da094bd69388935299c858d67126a32bfe2c78f
Found 1 unique certificates
 APPLICATION PERMISSIONS

PERMISSION STATUS INFO DESCRIPTION

Access coarse location sources, such as the mobile

coarse
network database, to determine an approximate
(network-
android.permission.ACCESS_COARSE_LOCATION dangerous phone location, where available. Malicious
based)
applications can use this to determine
location
approximately where you are.

full Internet
android.permission.INTERNET normal Allows an application to create network sockets.
access

view Wi-Fi Allows an application to view the information

android.permission.ACCESS_WIFI_STATE normal
status about the status of Wi-Fi.

Allows the application to access the phone

features of the device. An application with this
read phone
permission can determine the phone number and
android.permission.READ_PHONE_STATE dangerous state and
serial number of this phone, whether a call is
identity
active, the number that call is connected to and so
on.

create
Allows applications to connect to paired bluetooth
android.permission.BLUETOOTH normal Bluetooth
devices.
connections

take Allows application to take pictures and videos with

android.permission.CAMERA dangerous pictures the camera. This allows the application to collect
and videos images that the camera is seeing at any time.

Unknown
android.hardware.camera.autofocus unknown Unknown permission from android reference
permission
PERMISSION STATUS INFO DESCRIPTION

android.permission.READ_CALL_LOG dangerous Allows an application to read the user's call log.

Allows application to read SMS messages stored

read SMS or
android.permission.READ_SMS dangerous on your phone or SIM card. Malicious applications
MMS
may read your confidential messages.

mount and
Allows the application to mount and unmount file
android.permission.MOUNT_UNMOUNT_FILESYSTEMS dangerous unmount
systems for removable storage.
file systems

view
Allows an application to view the status of all
android.permission.ACCESS_NETWORK_STATE normal network
networks.
status

Unknown
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE unknown Unknown permission from android reference
permission

prevent
Allows an application to prevent the phone from
android.permission.WAKE_LOCK normal phone from
going to sleep.
sleeping

C2DM
com.google.android.c2dm.permission.RECEIVE signature Permission for cloud to device messaging.
permissions

 APKID ANALYSIS

FILE DETAILS
FILE DETAILS

FINDINGS DETAILS

Build.FINGERPRINT check
Build.MODEL check
Build.MANUFACTURER check
Build.PRODUCT check
Build.BOARD check
Anti-VM Code
possible Build.SERIAL check
classes.dex
Build.TAGS check
SIM operator check
network operator name check
ro.kernel.qemu check

Compiler unknown (please file detection issue!)

 BROWSABLE ACTIVITIES

ACTIVITY INTENT

Schemes: @string/scheme://,
com.jak.kejayaan.dana.view.acactivity.ACSplashActivity Hosts: @string/scheme_host,
Path Prefixes: @string/scheme_path,

 NETWORK SECURITY
HIGH: 1 | WARNING: 0 | INFO: 0 | SECURE: 0

NO SCOPE SEVERITY DESCRIPTION

1 * high Base config is insecurely configured to permit clear text traffic to all domains.

 CERTIFICATE ANALYSIS
HIGH: 0 | WARNING: 1 | INFO: 1

TITLE SEVERITY DESCRIPTION

Signed Application info Application is signed with a code signing certificate

Application Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed
vulnerable to Janus warning only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also
Vulnerability vulnerable.

 MANIFEST ANALYSIS
HIGH: 4 | WARNING: 3 | INFO: 0 | SUPPRESSED: 0

NO ISSUE SEVERITY DESCRIPTION

This application can be installed on an older version

App can be installed on a vulnerable Android version of android that has multiple unfixed vulnerabilities.
1 warning
[minSdk=21] Support an Android version > 8, API 26 to receive
reasonable security updates.
NO ISSUE SEVERITY DESCRIPTION

The Network Security Configuration feature lets apps

customize their network security settings in a safe,
App has a Network Security Configuration
2 info declarative configuration file without modifying app
[android:networkSecurityConfig=@xml/network]
code. These settings can be configured for specific
domains and for a specific app.

Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) is not A Broadcast Receiver is found to be shared with other
3 Protected. high apps on the device therefore leaving it accessible to
[android:exported=true] any other application on the device.

A Service is found to be shared with other apps on the

Service (com.jak.kejayaan.dana.view.acservice.MsgService) is not Protected.
4 high device therefore leaving it accessible to any other
[android:exported=true]
application on the device.

Broadcast Receiver (com.jak.kejayaan.dana.view.acservice.MsgReceiver) is not A Broadcast Receiver is found to be shared with other
5 Protected. high apps on the device therefore leaving it accessible to
[android:exported=true] any other application on the device.

Broadcast Receiver (com.jak.kejayaan.dana.view.acservice.ACInsReceiver) is not A Broadcast Receiver is found to be shared with other
6 Protected. high apps on the device therefore leaving it accessible to
[android:exported=true] any other application on the device.

A Service is found to be shared with other apps on the

Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is
Protected by a permission, but the protection level of the permission should be
checked.
7 warning
Permission:
com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION
[android:exported=true]
device therefore leaving it accessible to any other
application on the device. It is protected by a
permission which is not defined in the analysed
application. As a result, the protection level of the
permission should be checked where it is defined. If it
is set to normal or dangerous, a malicious application
can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.
 NO ISSUE SEVERITY DESCRIPTION

A Broadcast Receiver is found to be shared with other

Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is
Protected by a permission, but the protection level of the permission should be
8 checked.
Permission: com.google.android.c2dm.permission.SEND
[android:exported=true]
apps on the device therefore leaving it accessible to
any other application on the device. It is protected by
a permission which is not defined in the analysed
application. As a result, the protection level of the
warning permission should be checked where it is defined. If it
is set to normal or dangerous, a malicious application
can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.

 CODE ANALYSIS
HIGH: 1 | WARNING: 6 | INFO: 2 | SECURE: 2 | SUPPRESSED: 0

NO ISSUE SEVERITY STANDARDS FILES

KnKpaUp/Kg/inga/inga.java
KnKpaUp/UaU/inga.java
KnKpaUp/eeUniMgKe/inga/KnKpaUp.j
ava
KnKpaUp/gKU/KnKpaUp/pailMMnpg/
pailMMnpg.java
KnKpaUp/gKU/inga/pie/inga/eeUniMg
Ke.java
KnKpaUp/gKU/ngaape/nn.java
KnKpaUp/gaeKlUnil/inga.java
KnKpaUp/ilUU/Mgiln.java
KnKpaUp/ilUU/gKU.java
KnKpaUp/ilUU/nKaneKKlp.java
KnKpaUp/inga/nn/KnKpaUp.java
KnKpaUp/innaeagg/inga/annnU.java
KnKpaUp/ngaape/pailMMnpg/nMiMe/
 KnKpaUp/ngaape/pailMMnpg/nMiMe/
na/KnKpaUp.java
NO ISSUE SEVERITY STANDARDS FILES
KnKpaUp/ngaape/pailMMnpg/pUigU
M.java
KnKpaUp/pailMMnpg/eUie/UKignn.jav
a
KnKpaUp/pailMMnpg/eUie/gieUiggg.j
ava
KnKpaUp/pailMMnpg/eUie/glpUa.java
KnKpaUp/pailMMnpg/eUie/ilKa.java
KnKpaUp/pailMMnpg/eUie/lUalM.java
KnKpaUp/pailMMnpg/inga/ngnga.java
KnKpaUp/pailMMnpg/inga/pie.java
KnKpaUp/pailMMnpg/nn/pie/pie.java
KnKpaUp/pailMMnpg/pailMMnpg/ing
a/inga.java
KnKpaUp/pie/KnKpaUp/KnKpaUp.java
KnKpaUp/pie/KnKpaUp/eeUniMgKe/in
ga.java
KnKpaUp/pie/KnKpaUp/eeUniMgKe/n
n.java
KnKpaUp/pie/KnKpaUp/leganpM.java
KnKpaUp/pie/KnKpaUp/ngnga.java
KnKpaUp/pie/KnKpaUp/nn.java
KnKpaUp/pie/KnKpaUp/pie.java
KnKpaUp/pie/eUie/iag.java
KnKpaUp/pie/eUie/ngaape.java
KnKpaUp/pie/gKU/pailMMnpg.java
KnKpaUp/pie/inga/Kg.java
KnKpaUp/pie/inga/KnKpaUp.java
KnKpaUp/pie/inga/eUie.java
KnKpaUp/pie/inga/nn.java
KnKpaUp/pie/inga/pie.java
KnKpaUp/pie/leganpM/KnKpaUp.java
KnKpaUp/pie/leganpM/gKU.java
KnKpaUp/pie/leganpM/leganpM.java
KnKpaUp/pie/leganpM/pie.java
KnKpaUp/pie/pailMMnpg/inga.java
KnKpaUp/pie/pailMMnpg/ngaape/eUi
e.java
KnKpaUp/pie/pailMMnpg/ngaape/ing
a.java
 a.java
KnKpaUp/pie/pailMMnpg/ngaape/pail
NO ISSUE SEVERITY STANDARDS FILES
MMnpg.java
KnKpaUp/pie/pie/Mgiln.java
KnKpaUp/pie/pie/annnU.java
KnKpaUp/pie/pie/eagan/KnKpaUp.jav
a
KnKpaUp/pie/pie/gaeKlUnil.java
KnKpaUp/pie/pie/gieUiggg.java
KnKpaUp/pie/pie/iag.java
KnKpaUp/pie/pie/ngnga.java
KnKpaUp/pie/pie/pailMMnpg.java
butterknife/ButterKnife.java
cn/addapp/pickers/widget/WheelView
.java
com/appsflyer/AFLogger.java
com/appsflyer/internal/u.java
com/appsflyer/internal/y.java
com/bumptech/glide/load/engine/Gli
deException.java
com/bumptech/glide/load/resource/bi
tmap/DefaultImageHeaderParser.java
com/tbruyelle/rxpermissions2/RxPer
missionsFragment.java
com/zhy/view/flowlayout/TagFlowLay
out.java
eUie/KnKpaUp/inga/eeUniMgKe/eUie.j
ava
eUie/KnKpaUp/inga/eeUniMgKe/ilKa.j
ava
eUie/KnKpaUp/inga/eeUniMgKe/nn.ja
va
eUie/KnKpaUp/inga/iMgaMgpi/nn.jav
a
eUie/KnKpaUp/inga/ilKa/eeUniMgKe/i
nga.java
eUie/KnKpaUp/inga/innaeagg/gKU/iag
.java
eUie/KnKpaUp/inga/leganpM/eeUniM
gKe/ngaape/eeUniMgKe.java
eUie/KnKpaUp/inga/leganpM/eeUniM
gKe/ngaape/gaeKlUnil.java

NO ISSUE
The App logs information. Sensitive
1 info
information should never be logged.
gKe/ngaape/gaeKlUnil.java
eUie/KnKpaUp/inga/leganpM/eeUniM
SEVERITY STANDARDS FILES
gKe/ngaape/na.java
eUie/KnKpaUp/inga/leganpM/iag/eeU
niMgKe.java
eUie/KnKpaUp/inga/leganpM/iag/inna
eagg/nn.java
eUie/KnKpaUp/inga/leganpM/iag/pail
MMnpg.java
eUie/KnKpaUp/inga/leganpM/iag/pie.j
ava
eUie/KnKpaUp/inga/leganpM/leganp
M/KnKpaUp.java
eUie/KnKpaUp/inga/leganpM/leganp
M/UaU.java
eUie/KnKpaUp/inga/leganpM/pie/gae
KlUnil/leganpM.java
CWE: CWE-532: Insertion of Sensitive Information into
eUie/KnKpaUp/inga/leganpM/pie/gae
Log File
KlUnil/pie.java
OWASP MASVS: MSTG-STORAGE-3
eUie/KnKpaUp/inga/leganpM/pie/gieU
iggg/inga.java
eUie/KnKpaUp/inga/leganpM/pie/gieU
iggg/pailMMnpg.java
eUie/KnKpaUp/inga/leganpM/pie/ilUU
/iag.java
eUie/KnKpaUp/inga/na/pailMMnpg.ja
va
eUie/KnKpaUp/inga/pie/ngaape.java
eUie/KnKpaUp/inga/pie/nn.java
eUie/leganpM/inga/pie/ngaape.java
eUie/ngnga/KnKpaUp/UaU/gaeKlUnil.j
ava
eUie/ngnga/KnKpaUp/UaU/ilUU.java
eUie/ngnga/KnKpaUp/UaU/inga.java
eUie/ngnga/KnKpaUp/UaU/nag.java
eUie/ngnga/KnKpaUp/glUga/pailMMn
pg.java
eUie/ngnga/KnKpaUp/na/annnU.java
eUie/ngnga/KnKpaUp/na/gaeKlUnil.ja
va
eUie/ngnga/KnKpaUp/na/gepap.java
eUie/ngnga/KnKpaUp/pie/ngnga.java
 eUie/ngnga/KnKpaUp/pie/ngnga.java
eUie/ngnga/inga/eUie/inga/inga/KnKp
NO ISSUE SEVERITY STANDARDS FILES
aUp/iag.java
eUie/ngnga/inga/ngaape/KnKpaUp/gl
Uga.java
eUie/ngnga/inga/ngaape/KnKpaUp/ilK
a.java
eUie/ngnga/inga/ngaape/KnKpaUp/na
.java
eUie/ngnga/inga/ngaape/eUie/pailMM
npg.java
eUie/ngnga/inga/ngaape/gKU/pailMM
npg/lg.java
eUie/ngnga/inga/ngaape/inga/inga/Kn
KpaUp.java
eUie/ngnga/inga/ngaape/inga/inga/in
ga.java
eUie/ngnga/inga/ngaape/inga/inga/pa
ilMMnpg.java
eUie/ngnga/inga/ngaape/ngaape/eUie
.java
eUie/ngnga/inga/ngaape/ngaape/eeU
niMgKe/inga.java
eUie/ngnga/inga/ngaape/ngaape/gKU/
pie.java
eUie/ngnga/inga/ngaape/ngaape/ge.ja
va
eUie/ngnga/inga/ngaape/ngaape/inna
eagg/inga.java
eUie/ngnga/inga/ngaape/ngaape/leea
UpUgU.java
eUie/ngnga/inga/ngaape/ngaape/lega
npM/KnKpaUp.java
eUie/ngnga/inga/ngaape/ngaape/lega
npM/KpnnneeM.java
eUie/ngnga/inga/ngaape/ngaape/lega
npM/Mgiln.java
eUie/ngnga/inga/ngaape/ngaape/lega
npM/gaKnMae.java
eUie/ngnga/inga/ngaape/ngaape/lega
npM/gllagKU.java
eUie/ngnga/inga/ngaape/ngaape/lega
 eUie/ngnga/inga/ngaape/ngaape/lega
npM/inga.java
NO ISSUE SEVERITY STANDARDS FILES
eUie/ngnga/inga/ngaape/ngaape/na/g
lUga.java
eUie/ngnga/inga/ngaape/ngaape/na/il
Ka.java
eUie/ngnga/inga/ngaape/ngaape/na/n
gnga.java
eUie/ngnga/inga/ngaape/ngaape/nn.ja
va
eUie/ngnga/inga/ngaape/ngaape/pie/i
nga.java
eUie/ngnga/inga/ngaape/ngnga/gKU/i
nnaeagg.java
eUie/ngnga/inga/ngaape/ngnga/iag/U
K.java
eUie/ngnga/inga/ngaape/ngnga/iag/ga
eeU.java
eUie/ngnga/inga/ngaape/ngnga/iag/n
MiMe.java
eUie/ngnga/inga/ngaape/ngnga/iag/n
aliUi.java
eUie/ngnga/inga/ngaape/ngnga/iag/n
gaia.java
eUie/ngnga/inga/ngaape/ngnga/iag/p
Mleln.java
eUie/ngnga/inga/ngaape/pie/inga.java
eUie/ngnga/inga/nn/annnU/pailMMn
pg.java
eUie/ngnga/inga/nn/gepap/ngaape.jav
a
eUie/ngnga/inga/nn/inga/gKU.java
eUie/ngnga/inga/pailMMnpg/iag/annn
U/inga.java
eUie/ngnga/inga/pailMMnpg/iag/nag/
pie.java
eUie/pie/inga/pailMMnpg/nn.java
eeUniMgKe/inga/inga/ngaape.java
nn/inga/inga/eUie/pailMMnpg.java
org/greenrobot/greendao/DaoExcepti
on.java
org/greenrobot/greendao/DaoLog.jav

NO ISSUE
The App uses an insecure Random
2 warning
Number Generator.
Files may contain hardcoded
3 sensitive information like usernames,
passwords, keys etc.
SEVERITY STANDARDS
CWE: CWE-330: Use of Insufficiently Random Values
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-6
CWE: CWE-312: Cleartext Storage of Sensitive
Information
warning
OWASP Top 10: M9: Reverse Engineering
OWASP MASVS: MSTG-STORAGE-14
org/greenrobot/greendao/DaoLog.jav
a
FILES
org/greenrobot/greendao/DbUtils.java
org/greenrobot/greendao/internal/Lo
ngHashMap.java
org/greenrobot/greendao/test/Abstrac
tDaoTestSinglePk.java
org/greenrobot/greendao/test/DbTest.
java
top/zibin/luban/Checker.java
KnKpaUp/inga/nn/KnKpaUp.java
com/appsflyer/internal/b.java
eUie/ngnga/inga/ngaape/ngnga/KnKp
aUp/pailMMnpg.java
iag/iMgaMgpi/KnKpaUp/inga.java
iag/iMgaMgpi/inga.java
iag/iMgaMgpi/pailMMnpg.java
org/greenrobot/greendao/test/DbTest.
java
com/lzy/okgo/cache/CacheEntity.java
com/lzy/okgo/exception/CacheExcepti
on.java
eUie/KnKpaUp/inga/leganpM/ngaape.j
ava
eUie/KnKpaUp/inga/leganpM/pie/Kg.j
ava
eUie/KnKpaUp/inga/leganpM/pie/KnK
paUp.java
eUie/KnKpaUp/inga/leganpM/pie/nag.
java
NO ISSUE SEVERITY
App can read/write to External
4 Storage. Any App can read data warning
written to External Storage.
App uses SQLite Database and
execute raw SQL query. Untrusted
user input in raw SQL queries can
5 warning
cause SQL Injection. Also sensitive
information should be encrypted and
written to the database.
This App may have root detection
6 secure
capabilities.
The App uses the encryption mode
CBC with PKCS5/PKCS7 padding. This
7 high
configuration is vulnerable to
padding oracle attacks.
This App uses SSL certificate pinning
8 to detect or prevent MITM attacks in secure
secure communication channel.
STANDARDS
CWE: CWE-276: Incorrect Default Permissions
OWASP Top 10: M2: Insecure Data Storage
OWASP MASVS: MSTG-STORAGE-2
CWE: CWE-89: Improper Neutralization of Special
Elements used in an SQL Command ('SQL Injection')
OWASP Top 10: M7: Client Code Quality
OWASP MASVS: MSTG-RESILIENCE-1
CWE: CWE-649: Reliance on Obfuscation or Encryption
of Security-Relevant Inputs without Integrity Checking
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-3
OWASP MASVS: MSTG-NETWORK-4
FILES
KnKpaUp/pie/pailMMnpg/inga.java
eUie/iag/inga/inga/eeUniMgKe/eeUni
MgKe/gKU.java
eUie/iag/inga/inga/eeUniMgKe/iMgaM
gpi/nn.java
eUie/iag/inga/inga/ilKa/KnKpaUp.java
eUie/iag/inga/inga/ilKa/iMgaMgpi.java
eUie/leganpM/inga/eUie/ngaape.java
eUie/leganpM/inga/eUie/nn.java
eUie/ngnga/inga/ngaape/gKU/pailMM
npg/pie.java
eUie/ngnga/inga/pailMMnpg/iag/ilUU/
leganpM/eagan.java
eUie/ngnga/inga/pailMMnpg/iag/ilUU/
leganpM/glpUa.java
org/greenrobot/greendao/DbUtils.java
org/greenrobot/greendao/database/St
andardDatabase.java
eUie/iag/inga/inga/eeUniMgKe/eeUni
MgKe/gKU.java
eUie/ngnga/inga/eUie/inga/inga/KnKp
aUp/gepap.java
com/jak/kejayaan/dana/view/acweigt/
PKTextView.java
eUie/iag/inga/inga/innaeagg/nn.java
eUie/iag/inga/inga/na/eUie.java
eUie/iag/inga/inga/na/ngaape.java
eUie/leganpM/inga/ngnga/inga.java
NO ISSUE SEVERITY STANDARDS FILES

CWE: CWE-327: Use of a Broken or Risky Cryptographic

MD5 is a weak hash known to have Algorithm eUie/iag/inga/inga/innaeagg/nn.java
9 warning
hash collisions. OWASP Top 10: M5: Insufficient Cryptography eUie/iag/inga/inga/na/eUie.java
OWASP MASVS: MSTG-CRYPTO-4

This App uses SQL Cipher. SQLCipher

org/greenrobot/greendao/database/S
10 provides 256-bit AES encryption to info
OWASP MASVS: MSTG-CRYPTO-1 qlCipherEncryptedHelper.java
sqlite database files.

App creates temp file. Sensitive CWE: CWE-276: Incorrect Default Permissions
11 information should never be written warning OWASP Top 10: M2: Insecure Data Storage KnKpaUp/Kg/inga/inga.java
into a temp file. OWASP MASVS: MSTG-STORAGE-2

 SHARED LIBRARY BINARY ANALYSIS

STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
lib/armeabi- executable stack buffer that path or commons insecure
1
v7a/libimage_processing_util_jni.so making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
executable stack buffer that path or commons insecure
2 lib/x86/libimage_processing_util_jni.so
making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
lib/arm64- executable stack buffer that path or
3
v8a/libimage_processing_util_jni.so making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
executable stack buffer that path or
4 lib/x86_64/libimage_processing_util_jni.so
making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
lib/armeabi- executable stack buffer that path or commons insecure
5
v7a/libimage_processing_util_jni.so making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
executable stack buffer that path or commons insecure
6 lib/x86/libimage_processing_util_jni.so
making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
lib/arm64- executable stack buffer that path or
7
v8a/libimage_processing_util_jni.so making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
executable stack buffer that path or
8 lib/x86_64/libimage_processing_util_jni.so
making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.

 NIAP ANALYSIS v1.3

NO IDENTIFIER REQUIREMENT FEATURE DESCRIPTION

 OFAC SANCTIONED COUNTRIES

This app may communicate with the following OFAC sanctioned list of countries.
DOMAIN COUNTRY/REGION

 DOMAIN MALWARE CHECK

DOMAIN STATUS GEOLOCATION

IP: 216.58.207.238
Country: United States of America
Region: California
plus.google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

IP: 140.82.121.3
Country: United States of America
Region: California
github.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 85.13.163.69
Country: Germany
Region: Thuringen
greenrobot.org ok City: Friedersdorf
Latitude: 50.604919
Longitude: 11.035770
View: Google Map

schemas.android.com ok No Geolocation information available.

DOMAIN STATUS GEOLOCATION

developer.android.com
IP: 142.250.74.78
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

app-measurement.com
IP: 142.250.74.46
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

ns.adobe.com ok No Geolocation information available.

pagead2.googlesyndication.com
IP: 142.250.74.34
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

sapp.s ok No Geolocation information available.

DOMAIN STATUS GEOLOCATION

IP: 142.250.74.78
Country: United States of America
Region: California
play.google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

 EMAILS

EMAIL FILE

u0013android@android.com0
eUie/ngnga/inga/ngaape/ngaape/gieUiggg.java
u0013android@android.com

 TRACKERS

TRACKER CATEGORIES URL

AppsFlyer Analytics https://reports.exodus-privacy.eu.org/trackers/12

Google Firebase Analytics Analytics https://reports.exodus-privacy.eu.org/trackers/49

 HARDCODED SECRETS
POSSIBLE SECRETS

"google_crash_reporting_api_key" : "AIzaSyAKZlGazuXOFTbAcwzPwlhLDUPSm2YUkWI"

"str_key" : "41d4o70r6l5dx9cm"

"api_iv" : "a60c0233iskxfzy7"

"sign_key" : "iayqxkggahmnfl5lk6t32zsxe"

"google_api_key" : "AIzaSyAKZlGazuXOFTbAcwzPwlhLDUPSm2YUkWI"

"api_key" : "iqsbkyqoikueq0pt"

iFHLCUwC0zVt9wXcT+cYlhQXgLBoj9tGxScqNxnr5ZU=

iExTZwFB8H7PKPfWeo79N2bMLHvs6c/b6IXdEvTPBh4=

CLDiamAuLJazZp1if9BrdtAL+BiwwUtsMQF/p0dvPUI=

6qK1KTwIM44dv589kav96lNyfGfMBmgktzg/u4vsN3E=

CmNNSvhk9LPR/gVWijlXYabUpmekhYuRcUtEnQoYpUc=

XJKmouUD6TMbTWEHyC8QLk0cI2zVvkdyK1qxP20j0io=

0c8bCV870L8GPXDkEWpvKIImxSsufahMStXqd63FuGA=

PCRhJmMg8oe3yO6SfTCGpmKlH6kcOnq9DiyyesLFU48=

D7jZmKudNzAJqlt3CpRrUg==
POSSIBLE SECRETS

BryohUk06+bplvQgEk5XJruSZYUkuShuG/jvcEx36ms=

2ejI6WamPA0zWswMVoGc4rbaHoUUYmYYW+4w1pa1Gzw=

6QPxAplYtqf5ZJFsZb5LOj6sB6gUQ4SYifMur9NkQpk=

qYKinx8gHLnkYd0qNk/9VKrkJdCD885F073gZuJriqA=

OofTx95QeajVpOu3OzZsN8bCqI+MQGxSAcLoTWt3a/M=

fTHxXPxBmFwaMwTmOt6TgA8ulFCyfSE7P/wFhz4r3cg=

Gc9fhvl+TszhUaSKyvMn13AH26GMCyGurm9EmSJZifI=

FDbYqxkLQPG+dHNJsawzEA==

Gy1gQADPnJniV8vDy7c4Wp2YadyIg23NrDSi6lwHoWYpMaOe0k7Y6K4kbLq4RjaT

D5qqbxq4N/5gnY+18xelVdxN1zSnX0QfI4KgNmsJZCs=

pCUFyVRNxfFvVpaVsndpKgksQxM0NUKOESE0FSn/QDU=

258EAFA5-E914-47DA-95CA-C5AB0DC85B11

V7s6GRF4SMdjnKQ+2ZzA+P4RU0OuBNmp0AMg3OSszaY=

oG5jSNpMWf+bcUyhvEnK1g==

N8G3ObdxP4GqCcuyZTXw8uWxzSzPzNZT0/0zOtNoj2g=
POSSIBLE SECRETS

E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1

G2TJHPdl4t/IFuNmwyDnvA==

zVxncZOPMF13gWmBDiCJ6IReyo6QNfkeFOY299RwdJc=

RLE9uxACqyAXQ8XZz8Pb0sFPbzWi8HjxWL9xyZEDN4w=

W3xGpBDzqWJCHmtuVInGpALkQ+fYQR8wrpWLof1++BY=

ulVsxhXNj0ZFYJELXE79iBkyFaXdSC8ZKc9EX1FDOkY=

Gc9fhvl+TszhUaSKyvMn16V5Qxx+Yqlue7Ya1lPjiwg=

0FvmUTPujroNZxcAaBX2VgQoxW7+5NXEz4n9k93zEaE=

ZtMk+OeVrXZdA4epi1a5G5T1SxbqOLMhrtxNjWPIobw=

lmOpNB9P6DJHkeK79a4gRVNcTqd8MR3iEiKa6ClWr7Q=

R4fhX8QcZMVO+Pyi5nBqEw==

MLlK+7UkUBA+arVDN8YODyq12xhNT0z3jPzSSHWNy2Y=

pESG4amezCD84H2ecz07unwApQzaEyjDA4TlidVYkqk=

ZKbWYqX+wgMxzAAHQRXzbgGC9PIHg+mYBKD4U18hlMs=

7FmObDxjruqpVQSHa1KGAw==
 POSSIBLE SECRETS

HTY8qGRtGiJzF6i4JBsyFychs76skAPk7Tci8LBDzdg=

d20kYw4bRkUBk6O+i6n63Q/Md3ah2ML5mla3IOTtWZE=

acSBXuGiKSW89nNAjXV5Pi5+22wKPkCOto5uwuJPO6A=

rXWTvGMHeroQ3fOWnfNw0j5fU51cOL4+LjIxcBgjtxI=

mWAIXQBR7oLyXCmcYC56/F2jIyuHKzUDtVBiHm0FjTk=

V7s6GRF4SMdjnKQ+2ZzA+PIbdMW4A1Web70ZfV4W/ds=

1SrdVIX1wBhDVRKTuVgWLyfxt6kUz66p4Dz5tKezZcU=

odFp0PAKrtRp/NlcqFrzDszp6xxAYI6Engy6KeMadks=

k1ttu3RspI/TtST8MH+1V0xLDg9TAHnECxzmr8veOpg=

 PLAYSTORE INFORMATION
Title: Uang Mengkilap-Uang Online

Score: 0 Installs: 100,000+ Price: 0 Android Version Support: Category: Finance Play Store URL: com.mengkilap.uang

Developer Details: PT Uang Mengkilap Teknologi, PT+Uang+Mengkilap+Teknologi, None, https://uangmengkilap.com, hrny777heny@gmail.com,

Release Date: None Privacy Policy: Privacy link

Description:

Detailed information contained in Shiny Money The range of online loan amounts: IDR 2,000,000-IDR 6,000,000 Online loan term: the shortest 91 days, the longest 180
days Online loan interest: up to 18% / year (0.05% / day) Other costs: there are no other additional costs Example of loan calculation If the user chooses a loan with a loan
amount of IDR 2,000,000 and a term of 120 days (4 months), after passing verification and receiving IDR 2,000,000, daily interest to be paid: IDR 2,000,000 * 0.05% =
1,000 monthly interest to be paid paid is: IDR 2,000,000 * 0.05% * 30 = 30,000 120 days (4 Months) the total interest to be paid at maturity is: IDR 30,000 * 4 = 120,000,
and the amount of monthly payments is: IDR 2,000,000 / 4 + 30,000 = 530,000, and the amount of repayments required for 120 days (4 months) is: IDR 530,000 * 4 =
2,120,000 Glossy Money-Online Money is an exclusive application for members. The owner of the Glossy Money-Online Money application is PT Uang Glossy Technology,
and this program can provide online loan services to members of PT Uang Glossy Technology. About PT Uang Glossy Technology 1.Only for member savings and
member exclusive loan services 2.Registered at the Ministry of Cooperatives and Small & Medium Enterprises in Indonesia Advantages of PT Uang Glossy Technology 1.
Obtain residual operating income (SHU) which varies from year to year 2. Solutions for SMEs 3. Meet the financial needs of cooperative members How to become a
cooperative member Indonesian citizens; Over 18 years old Have ID Having the same goals as cooperatives; After making mandatory savings, the User can become a
member. How to use Shiny Money-Money Online 1.Download the Shiny Money-Money Online app on Google Play Store 2. Shiny Money Fill in the information listed on
Shiny Money to find out your credit score 3. Shiny Money Know your credit score instantly 4. Shiny Money If your credit score is good, we will recommend the best
financial products for you If Users need our help please contact us via email below Email : hrny777heny@gmail.com Address : Wisma AKR, 7th-8th Floor, Jl. Length No. 5,
Kebon Jeruk, West Jakarta 11530, Indonesia

Report Generated by - MobSF v3.7.9 Beta

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment
framework capable of performing static and dynamic analysis.

© 2023 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.