anubis left
Andrubis - Analysis Report
anubis right

Analysis Report for iMessage_1.2.3.apk

Comment on this report

Table of Content



General Information

  - General information about this Android application  
Filename: iMessage_1.2.3.apk 
MD5: 017d14f6fba46eaed9040bcd821c6e07 
SHA-1: bfd61af162a3d7e9a5cbabccc12c2960d2c934f0 
File Size: 4130887 Bytes
API Level:
Maliciousness Rating: 9.98971 (0: likely benign, 10: likely malicious)

Static Analysis Report

  - Activities  
activity.WelcomeActivity
intent-filter action: android.intent.action.MAIN
intent-filter category: android.intent.category.LAUNCHER
activity.HelpActivity
activity.ChatActivity
activity.LoginActivity
activity.Tab1
activity.Tab3
activity.Tab2
activity.NewMessageActivity
activity.aboutactivity
activity.AddToContactActivity
activity.NotifyActivity
activity.FriendListActivity
activity.RegisterActivity
activity.IntroduceActivity
activity.ReadFromCellphoneActivity
activity.ContactListActivity

  - Services  
activity.GetMsgService

  - Required Permissions  
android.permission.READ_CONTACTS
android.permission.VIBRATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.READ_PHONE_STATE
android.permission.GET_TASKS
android.permission.RECORD_AUDIO

  - Used Features  
android.hardware.camera
android.hardware.camera.autofocus
android.hardware.microphone
android.hardware.touchscreen
android.hardware.screen.portrait

  - URLs  
https://service.ess.apple.com/WebObjects/VCProfileService.woa/wp/accountSetup
http://alog.umeng.co/app_logs
https://service.ess.apple.com
http://
http://oc.umeng.co/check_config_update
http://alog.umeng.com/app_logs
https://
https://service.ess.apple.com/WebObjects/TDIdentityService.woa/wa/
http://oc.umeng.com/check_config_update

Dynamic Analysis Report

  - File operations  
Timestamp Operation Path
17.426 write /data/data/com.huluwa.imessage/shared_prefs/saveUser.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="AutoLogin" value="false" /> </map>
17.426 write /data/data/com.huluwa.imessage/shared_prefs/saveUser.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="AutoLogin" value="false" /> <boolean name="isStart" value="false" /> </map>
19.428 write /data/data/com.huluwa.imessage/shared_prefs/saveUser.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="Login" value="false" /> <boolean name="AutoLogin" value="false" /> <boolean name="isStart" value="false" /> </map>
42.427 read /data/data/com.android.music/shared_prefs/Music.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="queue"></string> <int name="curpos" value="-1" /> <int name="cardid" value="-1" /> <int name="shufflemode" value="0" /> <int name="repeatmode" value="0" /> </map>
69.431 write /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_header_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="req_time" value="52241" /> </map>
92.460 read /data/anr/traces.txt|
----- pid 176 at 2013-01-10 14:48:22 ----- Cmd line: android.process.acore DALVIK THREADS: (mutexes: tll=0 tsl=0 tscl=0 ghl=0 hwl=0 hwll=0) "main" prio=5 tid=1 SUSPENDED | group="main" sCount=1 dsCount=0 obj=0x40023f60 self=0xce60 | sysTid=176 nice=0 sched=0/0 cgrp=default handle=-1345006528 | schedstat=( 1041651113 7223328702 202 ) at java.io.BufferedInputStream.read(BufferedInputStream.java:~304) at java.util.zip.ZipEntry.myReadFully(ZipEntry.java:417) at java.util.zip.ZipEntry.<init>(ZipEntry.java:389) at java.util.zip.ZipFile.readCentralDir(ZipFile.java:380) at java.util.zip.ZipFile.<init>(ZipFile.java:135) at java.util.zip.ZipFile.<init>(ZipFile.java:99) at dalvik.system.PathClassLoader.<init>(PathClassLoader.java:131) at android.app.ApplicationLoaders.getClassLoader(ApplicationLoaders.java:57) at android.app.LoadedApk.getClassLoader(LoadedApk.java:288) at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1560) at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1663) at android.app.ActivityThread.access$1500(ActivityThread.java:117) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:931) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:130) at android.app.ActivityThread.main(ActivityThread.java:3683) at java.lang.reflect.Method.invokeNative(Native Method) at java.lang.reflect.Method.invoke(Method.java:507) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:839) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597) at dalvik.system.NativeStart.main(Native Method) "Binder Thread #6" prio=5 tid=12 NATIVE | group="main" sCount=1 dsCount=0 obj=0x4051c150 self=0x3555d8 | sysTid=255 nice=0 sched=0/0 cgrp=default handle=3426800 | schedstat=( 25504002 114751011 13 ) at dalvik.system.NativeStart.run(Native Method) "Binder Thread #5" prio=5 tid=11 NATIVE | group="main" sCount=1 dsCount=0 obj=0x4051caa0 self=0x9ba68 | sysTid=254 nice=0 sched=0/0 cgrp=default handle=3614424 | schedstat=( 7090000 66332006 7 ) at dalvik.system.NativeStart.run(Native Method) "Binder Thread #4" prio=5 tid=10 NATIVE | group="main" sCount=1 dsCount=0 obj=0x4051ec40 self=0x95120 | sysTid=253 nice=0 sched=0/0 cgrp=default handle=3614360 | schedstat=( 6321001 508486052 7 ) at dalvik.system.NativeStart.run(Native Method) "Binder Thread #3" prio=5 tid=9 NATIVE | group="main" sCount=1 dsCount=0 obj=0x405921e0 self=0x35a538 | sysTid=214 nice=0 sched=0/0 cgrp=default handle=3541152 | schedstat=( 19876001 1156696108 14 ) at dalvik.system.NativeStart.run(Native Method) "ApplicationsProviderUpdater" prio=5 tid=8 NATIVE | group="main" sCount=1 dsCount=0 obj=0x4050d710 self=0x2d9070 | sysTid=200 nice=10 sched=0/0 cgrp=bg_non_interactive handle=2987288 | schedstat=( 510450058 36673702556 75 ) at android.os.MessageQueue.nativePollOnce(Native Method) at android.os.MessageQueue.next(MessageQueue.java:119) at android.os.Looper.loop(Looper.java:117) at android.os.HandlerThread.run(HandlerThread.java:60) "Binder Thread #2" prio=5 tid=7 NATIVE | group="main" sCount=1 dsCount=0 obj=0x40511b28 self=0x7ca18 | sysTid=185 nice=0 sched=0/0 cgrp=default handle=1070648 | schedstat=( 22818001 3447616346 22 ) at dalvik.system.NativeStart.run(Native Method) "Binder Thread #1" prio=5 tid=6 NATIVE | group="main" sCount=1 dsCount=0 obj=0x40511a00 self=0x1ba660 | sysTid=184 nice=0 sched=0/0 cgrp=default handle=611432 | schedstat=( 54518003 13157309318 21 ) at dalvik.system.NativeStart.run(Native Method) "JDWP" daemon prio=5 tid=5 VMWAIT | group="system" sCount=1 dsCount=0 obj=0x4050f3f0 self=0x95ee8 | sysTid=182 nice=0 sched=0/0 cgrp=default handle=612896 | schedstat=( 1158000 78286008 7 ) at dalvik.system.NativeStart.run(Native Method) "Signal Catcher" daemon prio=5 tid=4 RUNNABLE | group="system" sCount=0 dsCount=0 obj=0x4050f2d0 self=0x28ded0 | sysTid=181 nice=0 sched=0/0 cgrp=default handle=1243408 | schedstat=( 12059001 88377010 7 ) at dalvik.system.NativeStart.run(Native Method) "GC" daemon prio=5 tid=3 VMWAIT | group="system" sCount=1 dsCount=0 obj=0x4050f1c8 self=0x1b7398 | sysTid=178 nice=0 sched=0/0 cgrp=default handle=2251744 | schedstat=( 208839026 1529703149 55 ) at dalvik.system.NativeStart.run(Native Method) "HeapWorker" daemon prio=5 tid=2 VMWAIT | group="system" sCount=1 dsCount=0 obj=0x4050f0b0 self=0x1b8e08 | sysTid=177 nice=0 sched=0/0 cgrp=default handle=639352 | schedstat=( 91430008 636899065 30 ) at dalvik.system.NativeStart.run(Native Method) ----- end 176 ----- ----- pid 68 at 2013-01-10 14:48:22 ----- Cmd line: system_server DALVIK THREADS: (mutexes: tll=0 tsl=0 tscl=0 ghl=0 hwl=0 hwll=0) "main" prio=5 tid=1 NATIVE | group="main" sCount=1 dsCount=0 obj=0x40023f60 self=0xce60 | sysTid=68 nice=0 sched=0/0 cgrp=default handle=-1345006528 | schedstat=( 1056861099 1170224118 633 ) at com.android.server.SystemServer.init1(Native Method) at com.android.server.SystemServer.
95.456 read /data/data/com.android.mms/shared_prefs/_has_set_default_values.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="_has_set_default_values" value="true" /> </map>
96.534 read /data/data/com.android.mms/shared_prefs/com.android.mms_preferences.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="pref_key_ringtone">content://settings/system/notification_sound</string> <boolean name="pref_key_auto_delete" value="true" /> <boolean name="checked_message_limits" value="true" /> <boolean name="pref_key_mms_auto_retrieval" value="true" /> <string name="pref_key_vibrateWhen">never</string> <boolean name="pref_key_enable_notifications" value="true" /> </map>
104.534 read /data/data/com.android.providers.contacts/shared_prefs/com.android.providers.contacts_preferences.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="locale">en_US</string> </map>

  - Network operations  
Timestamp Operation Host Port
18.429 open 211.151.139.211 80
18.430 write 211.151.139.211 80
H...eR...n...0..................>%J@............K.......B...H....,....%:H ...{I.......= .............f...f...q...U_...8...Fx#.........uJ...CD....M...........}_[S...*t........%.........9"...g:...8......8e...Y>{....?...m|...f....................Z(..."......2<X...............},......zCJc.S...b +Uq ...... ......r...]............Pu............."......;...Q....XJ..."M.JJ...k......6T...P...h...]-.....Z.p...2....................R8W...e...Q...._.3....................OsC)..._.9xw.......m....N'...Nl............7...S$Aa..V.......8............t...:]N......O........5.10......q...&i......B....Y...)......`...1.........w.............M,~?...Ed........&...Z.......!....$4.k...*.#.....)g...........#........[.u.{>....................._q...f...........<................l...'...;D.........3Fr.....................
21.428 open 98.126.147.236 80
21.428 write 98.126.147.236 80
GET /download/platfrom/android/update.json HTTP/1.1 Host: www.huluwa.org Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
69.400 read 98.126.147.236 80
HTTP/1.1 200 OK Content-Length: 157 Content-Type: application/octet-stream Last-Modified: Tue, 24 Sep 2013 09:34:25 GMT Accept-Ranges: bytes ETag: "40e5b429b9ce1:10d2e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 24 Sep 2013 15:59:39 GMT [{"appname":"Update Client","apkname":"iMessage_1.2.3.apk","apkUrl":"http://www.huluwa.org/download/platfrom/android/iMessage_1.2.3.apk","verCode":"1.2.3"}]
69.430 read 98.126.147.236 80
HTTP/1.1 200 OK Content-Length: 157 Content-Type: application/octet-stream Last-Modified: Tue, 24 Sep 2013 09:34:25 GMT Accept-Ranges: bytes ETag: "40e5b429b9ce1:10d2e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 24 Sep 2013 15:59:39 GMT [{"appname":"Update Client","apkname":"iMessage_1.2.3.apk","apkUrl":"http://www.huluwa.org/download/platfrom/android/iMessage_1.2.3.apk","verCode":"1.2.3"}]
74.425 open 98.126.147.236 80
74.426 write 98.126.147.236 80
GET /download/platfrom/android/update.json HTTP/1.1 Host: www.huluwa.org Connection: Keep-Alive User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
128.600 read 98.126.147.236 80
HTTP/1.1 503 Service Unavailable Content-Type: text/html Date: Tue, 24 Sep 2013 16:00:31 GMT Connection: close Content-Length: 28 <h1>Service Unavailable</h1>
171.585 open localhost 123
171.585 write localhost 123
...E}..tr

  - Started Services  
Timestamp Service Name
.435 com.android.vending.util.WorkService
.435 com.android.vending.util.WorkService
16.433 activity.GetMsgService
17.425 activity.GetMsgService
42.427 com.android.music.MediaPlaybackService
42.427 com.android.music.MediaPlaybackService
69.429 com.android.music.MediaPlaybackService
69.429 com.android.music.MediaPlaybackService
71.430 com.android.music.MediaPlaybackService
72.435 com.android.music.MediaPlaybackService
96.534 com.android.mms.transaction.SmsReceiverService
98.532 com.android.mms.transaction.SmsReceiverService

  - Data leaks  
Timestamp Leak Type Content Leaked Destination
17.426 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="end_millis" value="-1" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <long name="start_millis" value="1357825634800" /> </map>
18.429 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="1295" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825636095" /> <long name="start_millis" value="1357825634800" /> </map>
18.429 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="1295" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1]</string> <long name="end_millis" value="1357825636095" /> <long name="terminate_time" value="1357825636095" /> <long name="start_millis" value="-1" /> </map>
18.430 network TAINT_IMEI 211.151.139.211:80
POST /app_logs HTTP/1.1 X-Umeng-Sdk: Android/4.6.2 iMessage%2F1.2.3+generic%2F2.3.4+1ee39685bfb833a2ef38131547d5fad Content-Encoding: deflate Content-Length: 461 Host: alog.umeng.com Connection: Keep-Alive
19.428 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="1295" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825636095" /> <long name="start_millis" value="1357825636983" /> </map>
46.429 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="27992" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825663680" /> <long name="start_millis" value="1357825636983" /> </map>
46.429 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="27992" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26]</string> <long name="end_millis" value="1357825663680" /> <long name="terminate_time" value="1357825663680" /> <long name="start_millis" value="-1" /> </map>
48.431 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="27992" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825663680" /> <long name="start_millis" value="1357825665921" /> </map>
66.434 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="45458" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825683387" /> <long name="start_millis" value="1357825665921" /> </map>
66.435 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="45458" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17]</string> <long name="end_millis" value="1357825683387" /> <long name="terminate_time" value="1357825683387" /> <long name="start_millis" value="-1" /> </map>
66.435 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="45458" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825683387" /> <long name="start_millis" value="1357825684179" /> </map>
69.431 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="49016" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825687737" /> <long name="start_millis" value="1357825684179" /> </map>
71.430 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="49016" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3]</string> <long name="end_millis" value="1357825687737" /> <long name="terminate_time" value="1357825687737" /> <long name="start_millis" value="-1" /> </map>
71.430 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="49016" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825687737" /> <long name="start_millis" value="1357825688073" /> </map>
73.430 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="51964" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3];[activity.WelcomeActivity,2]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825691021" /> <long name="start_millis" value="1357825688073" /> </map>
73.430 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="51964" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3];[activity.WelcomeActivity,2]</string> <long name="end_millis" value="1357825691021" /> <long name="terminate_time" value="1357825691021" /> <long name="start_millis" value="-1" /> </map>
74.425 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="51964" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3];[activity.WelcomeActivity,2]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825691021" /> <long name="start_millis" value="1357825691276" /> </map>
105.529 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="83398" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3];[activity.WelcomeActivity,2];[activity.LoginActivity,31]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825722710" /> <long name="start_millis" value="1357825691276" /> </map>
107.530 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="83398" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3];[activity.WelcomeActivity,2];[activity.LoginActivity,31]</string> <long name="end_millis" value="1357825722710" /> <long name="terminate_time" value="1357825722710" /> <long name="start_millis" value="-1" /> </map>
123.585 file TAINT_IMEI /data/data/com.huluwa.imessage/shared_prefs/mobclick_agent_state_com.huluwa.imessage.xml|
<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="duration" value="83398" /> <string name="session_id">3E492F70385E134B6E2298A265CC9CF8</string> <string name="activities">[activity.WelcomeActivity,1];[activity.LoginActivity,26];[activity.RegisterActivity,17];[activity.LoginActivity,3];[activity.WelcomeActivity,2];[activity.LoginActivity,31]</string> <long name="end_millis" value="-1" /> <long name="terminate_time" value="1357825722710" /> <long name="start_millis" value="1357825740668" /> </map>

Network Traffic Analysis

  - DNS Queries:  
Name Query Type Query Result Successful Protocol
alog.umeng.com  DNS_TYPE_A  211.151.139.211 211.151.139.210  udp 
211.139.151.211.in-addr.arpa  DNS_TYPE_PTR    udp 
www.huluwa.org  DNS_TYPE_A  98.126.147.236  udp 
236.147.126.98.in-addr.arpa  DNS_TYPE_PTR    udp 

  -  HTTP Conversations:  
From ANUBIS:56199 to 211.151.139.211:80 - [alog.umeng.com]
Request: POST /app_logs
Response: 200 "OK"
From ANUBIS:49326 to 98.126.147.236:80 - [www.huluwa.org]
Request: GET /download/platfrom/android/update.json
Response: 200 "OK"
From ANUBIS:52665 to 98.126.147.236:80 - [www.huluwa.org]
Request: GET /download/platfrom/android/update.json
Response: 503 "Service Unavailable"

Screenshots

screenshot

International Secure Systems Lab
Vienna University of Technology, Eurecom France, UC Santa Barbara
Contact: andrubis@iseclab.org