File name:

Smart Launcher Premium v6.6 build 020 Mod.apk

Full analysis: https://app.any.run/tasks/fa7492d1-be0b-4780-92d6-f5c52797b87d
Verdict: Malicious activity
Analysis date: April 05, 2025, 04:01:13
OS: Android 14
Tags:
pastebin
MIME: application/vnd.android.package-archive
File info: Android package (APK), with classes.dex
MD5:

8AA25F7F82602FDB4538505B032C0E35

SHA1:

EE3CE698B2DE80DEEBE8D02D91C774D33F2F3FD6

SHA256:

76A698A8A0B4EFA5622BE97C81C28222B0957BFF4EA6A3E2AB98565E58BB01C1

SSDEEP:

196608:SQEf/Gov5eKi5dffavXeQ4ysp0t//Hxtl:5Ef1525ZWpo2//rl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2233)

    • Establishing a connection

      • app_process64 (PID: 2233)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2233)

    • Retrieves the ISO country code of the current SIM card

      • app_process64 (PID: 2233)

    • Accesses system-level resources

      • app_process64 (PID: 2233)

    • Retrieves a list of running application processes

      • app_process64 (PID: 2233)

    • Acquires a wake lock to keep the device awake

      • app_process64 (PID: 2233)

    • Launches a new activity

      • app_process64 (PID: 2233)

    • Creates a WakeLock to manage power state

      • app_process64 (PID: 2233)

  • INFO

    • Loads a native library into the application

      • app_process64 (PID: 2233)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2233)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2233)

    • Detects if debugger is connected

      • app_process64 (PID: 2233)

    • Returns elapsed time since boot

      • app_process64 (PID: 2233)

    • Gets file name without full path

      • app_process64 (PID: 2233)

    • Stores data using SQLite database

      • app_process64 (PID: 2233)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 2233)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2233)

    • Retrieves the value of a secure system setting

      • app_process64 (PID: 2233)

    • Retrieves the value of a system setting

      • app_process64 (PID: 2233)

    • Activates device vibro-function

      • app_process64 (PID: 2233)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 2233)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2233)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (73.9)
.jar | Java Archive (20.4)
.zip | ZIP compressed archive (5.6)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0800
ZipCompression: Deflated
ZipModifyDate: 2025:04:02 15:50:40
ZipCRC: 0x050c07ff
ZipCompressedSize: 10810
ZipUncompressedSize: 58656
ZipFileName: AndroidManifest.xml
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
134
Monitored processes
9
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 crash_dump64 no specs crash_dump64 no specs app_process64 no specs app_process64 no specs app_process64 app_process64 no specs dumpsys no specs app_process64 no specs

Process information

PID
CMD
Path
Indicators
Parent process
2233ginlemon.flowerfree /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
11
2371crash_dump64 2296 2370 4/apex/com.android.runtime/bin/crash_dump64app_process64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
0
2372crash_dump64 2296 2370 4/apex/com.android.runtime/bin/crash_dump64crash_dump64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
0
2373ginlemon.flowerfree /system/bin/app_process64app_process64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
0
2374ginlemon.flowerfree /system/bin/app_process64app_process64
User:
u0_a108
Integrity Level:
UNKNOWN
Exit code:
0
2379ginlemon.flowerfree /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2574com.android.dialer /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2706/system/bin/dumpsys telecom EmergencyDiagnostics/system/bin/dumpsysapp_process64
User:
radio
Integrity Level:
UNKNOWN
Exit code:
0
2978com.android.deskclock /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
47
Text files
64
Unknown types
0

Dropped files

PID
Process
Filename
Type
2233app_process64/data/data/ginlemon.flowerfree/shared_prefs/com.google.firebase.crashlytics.xmlxml
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/files/.com.google.firebase.crashlytics.files.v2:ginlemon.flowerfree/open-sessions/67F0AB2403BB000108B915129DF2D3AF/reportbinary
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MTo3NDIwMTYxMDcyOTc6YW5kcm9pZDo0NmI3ZDY5NjgwOTk3YzJh.xmlxml
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/shared_prefs/com.google.firebase.messaging.xmlxml
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/files/frc_1:742016107297:android:46b7d69680997c2a_firebase_defaults.jsonbinary
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/shared_prefs/frc_1:742016107297:android:46b7d69680997c2a_firebase_settings.xmlxml
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/files/PersistedInstallation3618211230460403358tmpbinary
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/databases/ginlemon.flower.db-journalbinary
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/files/PersistedInstallation.W0RFRkFVTFRd+MTo3NDIwMTYxMDcyOTc6YW5kcm9pZDo0NmI3ZDY5NjgwOTk3YzJh.jsonbinary
MD5:
SHA256:
2233app_process64/data/data/ginlemon.flowerfree/shared_prefs/ginlemon.flowerfree.xmlxml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
12
DNS requests
11
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
142.250.184.227:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
449
mdnsd
224.0.0.251:5353
unknown
216.239.35.0:123
time.android.com
whitelisted
142.250.186.68:443
www.google.com
GOOGLE
US
whitelisted
142.250.184.227:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.251.18.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
1773
app_process64
188.166.201.8:443
applink.smartlauncher.net
DIGITALOCEAN-ASN
NL
unknown
2233
app_process64
216.58.206.42:443
firebaseinstallations.googleapis.com
GOOGLE
US
whitelisted
2233
app_process64
172.67.25.94:443
pastebin.com
CLOUDFLARENET
US
whitelisted
2233
app_process64
142.250.186.106:443
firebaseinstallations.googleapis.com
GOOGLE
US
whitelisted
2379
app_process64
172.67.25.94:443
pastebin.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
www.google.com
  • 142.250.186.68
whitelisted
connectivitycheck.gstatic.com
  • 142.250.184.227
whitelisted
time.android.com
  • 216.239.35.0
  • 216.239.35.12
  • 216.239.35.8
  • 216.239.35.4
whitelisted
google.com
  • 142.250.186.46
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 142.251.18.81
whitelisted
applink.smartlauncher.net
  • 188.166.201.8
unknown
firebaseinstallations.googleapis.com
  • 216.58.206.42
  • 142.250.186.42
  • 142.250.185.74
  • 142.250.74.202
  • 142.250.185.170
  • 142.250.186.170
  • 172.217.18.10
  • 142.250.184.234
  • 216.58.212.170
  • 142.250.181.234
  • 142.250.185.138
  • 142.250.185.234
  • 142.250.186.106
  • 142.250.185.202
  • 142.250.184.202
  • 142.250.185.106
whitelisted
pastebin.com
  • 172.67.25.94
  • 104.22.69.199
  • 104.22.68.199
whitelisted
firebaseremoteconfig.googleapis.com
  • 142.250.186.106
  • 142.250.184.234
  • 142.250.186.138
  • 172.217.23.106
  • 142.250.185.202
  • 172.217.16.202
  • 142.250.186.74
  • 172.217.18.10
  • 142.250.185.106
  • 216.58.206.74
  • 216.58.212.138
  • 142.250.184.202
  • 142.250.185.74
  • 142.250.185.170
  • 142.250.185.234
  • 142.250.185.138
whitelisted
spi
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
342
netd
Not Suspicious Traffic
INFO [ANY.RUN] Online Pastebin Text Storage
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Smart Launcher Premium v6.6 build 020 Mod.apk