File name:

YassinTVlatest.apk

Full analysis: https://app.any.run/tasks/dff56a4b-e124-422a-91a0-fa40e1ca0d4b
Verdict: Malicious activity
Analysis date: May 20, 2026, 09:25:49
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with gradle app-metadata.properties
MD5:

2CAAC2E815BB3828F6B320D3CAA5BCEE

SHA1:

640F759111156BD2443D7941510AA478D4CA8D66

SHA256:

0CBC222443477B45EDBFD4D15033868D910D3758CAE38C22204771677EC2DE1B

SSDEEP:

98304:StU18Xu0Trlf0MBsLqEgvsYYtvyJ0GvxiIPhrYwIOWQBuB5qA35HN09bie+GXLju:dLZDH8e6gqH6P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Hides app icon from display

      • app_process64 (PID: 4026)

    • Detects root access on device

      • app_process64 (PID: 4026)

  • SUSPICIOUS

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 4026)

    • Creates a WakeLock to manage power state

      • app_process64 (PID: 4026)

    • Acquires a wake lock to keep the device awake

      • app_process64 (PID: 4026)

    • Accesses system-level resources

      • app_process64 (PID: 4026)

    • Retrieves Android OS build information

      • app_process64 (PID: 4026)

    • Returns the name of the current network operator

      • app_process64 (PID: 4026)

    • Establishing a connection

      • app_process64 (PID: 4026)

    • Launches a new activity

      • app_process64 (PID: 4026)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 4026)

  • INFO

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 4026)

    • Handles throwable exceptions in the app

      • app_process64 (PID: 4026)

    • Gets file name without full path

      • app_process64 (PID: 4026)

    • Stores data using SQLite database

      • app_process64 (PID: 4026)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 4026)

    • Returns elapsed time since boot

      • app_process64 (PID: 4026)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 4026)

    • Dynamically loads a class in Java

      • app_process64 (PID: 4026)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 4026)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 4026)

    • Loads a native library into the application

      • app_process64 (PID: 4026)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (62.8)
.jar | Java Archive (17.3)
.vym | VYM Mind Map (14.9)
.zip | ZIP compressed archive (4.7)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0xaa2cdc4d
ZipCompressedSize: 52
ZipUncompressedSize: 56
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64

Process information

PID
CMD
Path
Indicators
Parent process
4026ver3.ycntivi.off /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
12
Text files
40
Unknown types
11

Dropped files

PID
Process
Filename
Type
4026app_process64/data/data/ver3.ycntivi.off/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MTo2OTIzMzA1ODQxOTY6YW5kcm9pZDo2OGVhOWYwYzkyMGFhMTc5MDRjYWQx.xmlxml
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/shared_prefs/com.google.firebase.messaging.xmlxml
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/no_backup/androidx.work.workdb-journalbinary
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/shared_prefs/com.google.android.gms.analytics.prefs.xmlxml
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/no_backup/androidx.work.workdb-walbinary
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/files/PersistedInstallation1618913200988707182tmptext
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/files/PersistedInstallation.W0RFRkFVTFRd+MTo2OTIzMzA1ODQxOTY6YW5kcm9pZDo2OGVhOWYwYzkyMGFhMTc5MDRjYWQx.jsontext
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.dbbinary
MD5:
SHA256:
4026app_process64/data/data/ver3.ycntivi.off/shared_prefs/OneSignal.xmlxml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
15
DNS requests
12
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1921
app_process64
GET
204
142.251.156.119:443
https://www.google.com/generate_204
US
whitelisted
4026
app_process64
POST
200
142.251.14.97:443
https://ssl.google-analytics.com/batch
US
image
35 b
whitelisted
4026
app_process64
POST
403
104.16.160.145:443
https://api.onesignal.com/apps/3b7d79b3-3c74-47ff-b5a6-b7a0114061de/users
US
text
24 b
unknown
2931
app_process64
POST
200
142.251.127.81:443
https://staging-remoteprovisioning.sandbox.googleapis.com/v1:signCertificates?challenge=AAABnkS03JMBILStY085juysvDnIKzxVlRMn4GE=&request_id=9ea7f447-8666-487c-b946-876ecedba248
US
binary
11.8 Kb
whitelisted
2931
app_process64
POST
200
142.251.127.81:443
https://staging-remoteprovisioning.sandbox.googleapis.com/v1:fetchEekChain
US
binary
778 b
whitelisted
4026
app_process64
GET
200
104.16.160.145:443
https://api.onesignal.com/apps/3b7d79b3-3c74-47ff-b5a6-b7a0114061de/android_params.js
US
text
306 b
unknown
4026
app_process64
POST
200
142.251.13.95:443
https://firebaseremoteconfig.googleapis.com/v1/projects/692330584196/namespaces/firebase:fetch
US
text
180 b
whitelisted
4026
app_process64
GET
200
142.251.14.139:443
https://app-measurement.com/config/app/1%3A692330584196%3Aandroid%3A68ea9f0c920aa17904cad1?platform=android&gmp_version=97001&runtime_version=0
US
binary
793 b
unknown
4026
app_process64
GET
200
142.251.14.139:443
https://app-measurement.com/config/app/1%3A692330584196%3Aandroid%3A68ea9f0c920aa17904cad1?platform=android&gmp_version=97001&runtime_version=0
US
binary
876 b
unknown
4026
app_process64
GET
200
188.114.96.3:443
https://a2.apk-api.com/api/config?code=
US
text
2.93 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
452
mdnsd
224.0.0.251:5353
whitelisted
192.178.183.94:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.251.156.119:443
www.google.com
GOOGLE
US
whitelisted
142.251.150.119:80
www.google.com
GOOGLE
US
whitelisted
4026
app_process64
142.251.13.95:443
firebaseinstallations.googleapis.com
GOOGLE
US
whitelisted
580
app_process64
216.239.35.12:123
time.android.com
GOOGLE
US
whitelisted
4026
app_process64
104.16.160.145:443
api.onesignal.com
CLOUDFLARENET
US
whitelisted
1921
app_process64
142.251.156.119:443
www.google.com
GOOGLE
US
whitelisted
1921
app_process64
192.178.183.94:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
2931
app_process64
142.251.127.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.154.113
  • 142.250.154.100
  • 142.250.154.139
  • 142.250.154.138
  • 142.250.154.102
  • 142.250.154.101
whitelisted
firebaseinstallations.googleapis.com
  • 142.251.13.95
  • 142.251.14.95
  • 142.250.154.95
  • 142.251.127.95
  • 142.251.110.95
  • 192.178.183.95
  • 142.251.20.95
whitelisted
api.onesignal.com
  • 104.16.160.145
  • 104.17.111.223
whitelisted
connectivitycheck.gstatic.com
  • 192.178.183.94
whitelisted
www.google.com
  • 142.251.153.119
  • 142.251.155.119
  • 142.251.150.119
  • 142.251.157.119
  • 142.251.156.119
  • 142.251.151.119
  • 142.251.154.119
  • 142.251.152.119
whitelisted
time.android.com
  • 216.239.35.12
  • 216.239.35.8
  • 216.239.35.4
  • 216.239.35.0
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 142.251.127.81
whitelisted
ssl.google-analytics.com
  • 142.251.14.97
whitelisted
firebaseremoteconfig.googleapis.com
  • 142.251.13.95
  • 142.251.110.95
  • 142.251.14.95
  • 142.250.154.95
  • 192.178.183.95
  • 142.251.20.95
whitelisted
app-measurement.com
  • 142.251.14.139
  • 142.251.14.100
  • 142.251.14.138
  • 142.251.14.101
  • 142.251.14.102
  • 142.251.14.113
whitelisted

Threats

PID
Process
Class
Message
1921
app_process64
Misc activity
ET INFO Android Device Connectivity Check
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
YassinTVlatest.apk