File name:

UNI-ASIA1.0.1.apk

Full analysis: https://app.any.run/tasks/bf3e8d0f-c85a-4780-9536-1116a092ad63
Verdict: Malicious activity
Analysis date: May 10, 2025, 05:05:01
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with gradle app-metadata.properties
MD5:

4A05264384B9BCCE319B2A7E858ADC7E

SHA1:

118EAF4FB6EE05F430254411EA2CCF6D1C1B5825

SHA256:

171F43DCCD601863778ADBE7AAD993BA9DFAF0780DC11F1E73BF5CF1C31C1869

SSDEEP:

393216:fx75hcw+J1UUWmajxqhwF0bBWagCFkUCPzVpxHk+p:5dhtEa8hwkhgCFN+zVoS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executes system commands or scripts

      • app_process64 (PID: 2266)

  • SUSPICIOUS

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Accesses external device storage files

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Establishing a connection

      • app_process64 (PID: 2266)

    • Accesses system-level resources

      • app_process64 (PID: 2266)

    • Launches a new activity

      • app_process64 (PID: 2266)

    • Retrieves the MCC and MNC of the SIM card operator

      • app_process64 (PID: 2458)

    • Retrieves the file path to the APK

      • app_process64 (PID: 2458)

    • Checks if ADB is enabled

      • app_process64 (PID: 2458)

    • Uses encryption API functions

      • app_process64 (PID: 2458)

    • Detects emulator through system properties

      • app_process64 (PID: 2458)

  • INFO

    • Handles throwable exceptions in the app

      • app_process64 (PID: 2458)
      • app_process64 (PID: 2266)

    • Loads a native library into the application

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Gets file name without full path

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2266)
      • app_process64 (PID: 2458)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 2458)
      • app_process64 (PID: 2266)

    • Returns elapsed time since boot

      • app_process64 (PID: 2458)

    • Verifies presence of SIM card

      • app_process64 (PID: 2458)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 2458)

    • Creates and writes local files

      • app_process64 (PID: 2458)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (51.9)
.spe | SPSS Extension (29.7)
.jar | Java Archive (14.3)
.zip | ZIP compressed archive (3.9)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0xb337ed0c
ZipCompressedSize: 51
ZipUncompressedSize: 56
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
138
Monitored processes
15
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 app_process32 app_process32 no specs app_process32 toolbox no specs app_process64 no specs libweexjsb.so no specs app_process64 no specs app_process64 app_process32 no specs app_process64 no specs dmesgd no specs toybox no specs libweexjsb.so no specs app_process64 no specs

Process information

PID
CMD
Path
Indicators
Parent process
2266unwviaspia.com /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
6
2312zygote /system/bin/app_process32
app_process32
User:
root
Integrity Level:
UNKNOWN
2329webview_zygote /system/bin/app_process32app_process32
User:
webview_zygote
Integrity Level:
UNKNOWN
Exit code:
9
2367zygote /system/bin/app_process32
app_process32
User:
root
Integrity Level:
UNKNOWN
2385getprop ro.product.cpu.abi/system/bin/toolboxapp_process64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
0
2436/system/bin/app_process64 /system/bin --application org.chromium.components.crash.browser.CrashpadMain /system/bin/app_process64 --sanitization-information=0x200214060 --write-minidump-to-log --database=/data/user/0/unwviaspia.com/cache/WebView/Crashpad "--annotation=abi_name=arm64-v8a, armeabi-v7a, armeabi" --annotation=android_build_fp=asus/rog_phone/ROG_Phone:9/PKQ1.190616.001/20250423.142249:user/release-keys --annotation=android_build_id=UP1A.231105.001.698b25cd --annotation=board=msm8998 --annotation=brand=asus --annotation=channel=unknown --annotation=custom_themes=false --annotation=device=rog_phone "--annotation=gms_core_version=gms versionCode not available\." --annotation=installer_package_name= --annotation=model=ROG_Phone --annotation=plat=Android --annotation=prod=AndroidWebView --annotation=ptype=browser "--annotation=resources_version=Not Enabled" --annotation=sdk=34 --annotation=ver=113.0.5672.136 --trace-parent-with-exception=0x200290808/system/bin/app_process64app_process64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
0
2450unwviaspia.com:jse 172 174 1 /data/user/0/unwviaspia.com/app_crash/crash_dump.log/data/app/~~LU3uZG2Y35TgU8v6BhOybg==/unwviaspia.com-Cy06bmlicfONMuNnnxVilw==/lib/arm64/libweexjsb.soapp_process64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
256
2456unwviaspia.com /system/bin/app_process64app_process64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
0
2458unwviaspia.com /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
6
2512webview_zygote /system/bin/app_process32app_process32
User:
webview_zygote
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
59
Text files
69
Unknown types
0

Dropped files

PID
Process
Filename
Type
2266app_process64/data/data/unwviaspia.com/lib-main/dso_statebinary
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/lib-main/dso_depsbinary
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/lib-main/dso_manifestbinary
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/cache/cache/weex/libs/weexjsb/arm64-v8a/libweexjsb.sobinary
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/shared_prefs/weex_default_settings.xmlxml
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/shared_prefs/pdr.xmlxml
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/shared_prefs/uifa.xmlxml
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/shared_prefs/sai.xmlxml
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/shared_prefs/tbs_emergence.xmlxml
MD5:
SHA256:
2266app_process64/data/data/unwviaspia.com/shared_prefs/WebViewChromiumPrefs.xmlxml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
11
DNS requests
10
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
142.250.184.195:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
445
mdnsd
224.0.0.251:5353
unknown
142.250.184.195:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
216.239.35.0:123
time.android.com
whitelisted
142.250.185.100:443
www.google.com
GOOGLE
US
whitelisted
74.125.206.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2266
app_process64
124.156.190.80:443
tbsrecovery.imtt.qq.com
Tencent Building, Kejizhongyi Avenue
HK
whitelisted
2367
app_process32
172.217.16.195:443
update.googleapis.com
GOOGLE
US
whitelisted
2367
app_process32
142.250.181.238:443
dl.google.com
GOOGLE
US
whitelisted
2312
app_process32
216.58.206.35:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
2458
app_process64
123.207.204.152:443
ac1.dcloud.net.cn
Shenzhen Tencent Computer Systems Company Limited
CN
unknown

DNS requests

Domain
IP
Reputation
connectivitycheck.gstatic.com
  • 142.250.184.195
whitelisted
www.google.com
  • 142.250.185.100
whitelisted
time.android.com
  • 216.239.35.0
  • 216.239.35.12
  • 216.239.35.4
  • 216.239.35.8
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 74.125.206.81
whitelisted
google.com
  • 142.250.184.206
whitelisted
tbsrecovery.imtt.qq.com
  • 124.156.190.80
  • 129.226.107.210
whitelisted
update.googleapis.com
  • 172.217.16.195
whitelisted
dl.google.com
  • 142.250.181.238
whitelisted
clientservices.googleapis.com
  • 216.58.206.35
whitelisted
ac1.dcloud.net.cn
  • 123.207.204.152
  • 124.221.14.222
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
UNI-ASIA1.0.1.apk