HighVPN_1[.]4[.]9_[.]apk

General

Target

HighVPN_1.4.9_.apk
Size

18.2MB
MD5

7597f3e9ddb73cb071367792804dacdb
SHA1

d379ebea5340e2cf2297af77d931c77597564067
SHA256

2a5545ca62444a101ea6879287dea14fdcc493c22aeb22b7fe0861bdcfbd01a4
SHA512

23c5593def30a7dbb7c5d8b828e681add2bade5837e19f0c2766a4f5d530e816779041f13311ead63748c64bbef669a221b4bb26603b0f504dcf9bc1131c841e
SSDEEP

393216:GtQv2XnC6b1yY8G5VfzVpylC8qkKSLWLfXE42dxNMd785+23vhnW:5uXrxp8G5pd8BK6AP0+23vhW

Score

6^/10

Malware Config

Signatures

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by VPN services to bind with the system. Allows apps to provision VPN services.	android.permission.BIND_VPN_SERVICE

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Files

HighVPN_1.4.9_.apk
.apk android arch:arm

me.highvpn.app

me.dingtone.app.im.ui.HighSplashActivity

Activities

me.dingtone.app.im.ui.HighSplashActivity

android.intent.action.MAIN
android.intent.action.VIEW

skyvpn.ui.activity.SubsActivity

android.intent.action.VIEW

skyvpn.ui.activity.CountryListActivity

android.intent.action.VIEW

me.dingtone.app.im.activity.SuperofferwallActivity

android.intent.action.VIEW

me.dingtone.app.im.activity.GetCreditsActivity

android.intent.action.VIEW

me.dingtone.app.im.activity.CheckinActivity

android.intent.action.VIEW

me.dingtone.app.im.activity.InviteFirstActivity

android.intent.action.VIEW

com.tremorvideo.sdk.android.videoad.Playvideo

com.tremorvideo.sdk.android.videoad.Playvideo

com.facebook.CustomTabActivity

android.intent.action.VIEW

Permissions

android.permission.REQUEST_INSTALL_PACKAGES
me.highvpn.app.permission.C2D_MESSAGE
android.permission.BROADCAST_STICKY
android.permission.SYSTEM_ALERT_WINDOW
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_SETTINGS
com.google.android.c2dm.permission.RECEIVE
me.highvpn.app.permission.MAPS_RECEIVE
com.google.android.providers.gsf.permission.READ_GSERVICES
com.google.android.c2dm.permission.RECEIVE
com.android.vending.BILLING
android.permission.FOREGROUND_SERVICE
android.permission.CHANGE_WIFI_STATE
android.permission.VIBRATE
com.google.android.gms.permission.ACTIVITY_RECOGNITION
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED

Receivers

skyvpn.receiver.TwitterComposeReceiver

com.twitter.sdk.android.tweetcomposer.UPLOAD_SUCCESS
com.twitter.sdk.android.tweetcomposer.UPLOAD_FAILURE
com.twitter.sdk.android.tweetcomposer.TWEET_COMPOSE_CANCEL

me.dingtone.app.im.manager.coupon.CheckinRemindReceiver

coupon.checkin.reminder

me.dingtone.app.im.receiver.ConnectionChangeReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.appsflyer.MultipleInstallBroadcastReceiver

com.android.vending.INSTALL_REFERRER

me.dingtone.app.vpn.receiver.NetworkChangeReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.vungle.warren.NetworkProviderReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.CampaignTrackingReceiver

com.android.vending.INSTALL_REFERRER

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

Services

skyvpn.service.SkyFirebaseInstanceIDService

com.google.firebase.INSTANCE_ID_EVENT

skyvpn.service.SkyFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

me.dingtone.app.vpn.vpn.VpnStateService

me.dingtone.app.vpn.vpn.IVpnStateService

me.dingtone.app.vpn.vpn.BaseConnectService

android.net.VpnService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

Android Permissions

HighVPN_1.4.9_.apk

Permissions

android.permission.REQUEST_INSTALL_PACKAGES

me.highvpn.app.permission.C2D_MESSAGE

android.permission.BROADCAST_STICKY

android.permission.SYSTEM_ALERT_WINDOW

android.permission.INTERNET

android.permission.WAKE_LOCK

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.WRITE_SETTINGS

com.google.android.c2dm.permission.RECEIVE

me.highvpn.app.permission.MAPS_RECEIVE

com.google.android.providers.gsf.permission.READ_GSERVICES

com.google.android.c2dm.permission.RECEIVE

com.android.vending.BILLING

android.permission.FOREGROUND_SERVICE

android.permission.CHANGE_WIFI_STATE

android.permission.VIBRATE

com.google.android.gms.permission.ACTIVITY_RECOGNITION

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.RECEIVE_BOOT_COMPLETED

Resubmissions

Sharing

General

Malware Config

Signatures

Files

me.highvpn.app

me.dingtone.app.im.ui.HighSplashActivity

Activities

me.dingtone.app.im.ui.HighSplashActivity

skyvpn.ui.activity.SubsActivity

skyvpn.ui.activity.CountryListActivity

me.dingtone.app.im.activity.SuperofferwallActivity

me.dingtone.app.im.activity.GetCreditsActivity

me.dingtone.app.im.activity.CheckinActivity

me.dingtone.app.im.activity.InviteFirstActivity

com.tremorvideo.sdk.android.videoad.Playvideo

com.facebook.CustomTabActivity

Permissions

Receivers

skyvpn.receiver.TwitterComposeReceiver

me.dingtone.app.im.manager.coupon.CheckinRemindReceiver

me.dingtone.app.im.receiver.ConnectionChangeReceiver

com.appsflyer.MultipleInstallBroadcastReceiver

me.dingtone.app.vpn.receiver.NetworkChangeReceiver

com.vungle.warren.NetworkProviderReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.CampaignTrackingReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

Services

skyvpn.service.SkyFirebaseInstanceIDService

skyvpn.service.SkyFirebaseMessagingService

me.dingtone.app.vpn.vpn.VpnStateService

me.dingtone.app.vpn.vpn.BaseConnectService

com.google.firebase.messaging.FirebaseMessagingService

Android Permissions

HighVPN_1.4.9_.apk