Malware analysis APK.Editor_5.2.apk Malicious activity

Add for printing

File name:	APK.Editor_5.2.apk
Full analysis:	https://app.any.run/tasks/e5bf3354-c284-4a4d-aed3-9c0bb03013fb
Verdict:	Malicious activity
Analysis date:	April 29, 2026, 06:20:01
OS:	Android 14
Tags:	arch-exec
MIME:	application/vnd.android.package-archive
File info:	Android package (APK), with AndroidManifest.xml
MD5:	F125E381771BC9A7914AAB1FC62A4413
SHA1:	C0F92C18671A18CDBA6BAB4FD7C5023BB86F3412
SHA256:	A715FE300C465A9A2CCBB8E345F54E855B9ED82714FD295B42E877A70A30D4E2
SSDEEP:	98304:n1u8Q5nkpa179rGhe4K8A1eMQOXP8H5gVRa51BAJFXdEBjWmfT6vBgRyifCSCvDb:SUdgUEuye0tV30RzU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: off
Network:: on

Software preset

android (14)
android.cuttlefish.overlay (14)
android.cuttlefish.phone.overlay (14)
android.ext.services (2019-09)
android.ext.shared (1)
com.android.adservices.api (14)
com.android.apps.tag (1.1)
com.android.backupconfirm (14)
com.android.bips (14)
com.android.bluetoothmidiservice (14)
com.android.bookmarkprovider (14)
com.android.calendar (14)
com.android.calllogbackup (14)
com.android.camera2 (2.0.002)
com.android.cameraextensions (14)
com.android.captiveportallogin (14)
com.android.carrierconfig (1.0.0)
com.android.carrierdefaultapp (14)
com.android.cellbroadcastreceiver (R-initial)
com.android.cellbroadcastreceiver.module (R-initial)
com.android.cellbroadcastservice (R-initial)
com.android.certinstaller (14)
com.android.companiondevicemanager (14)
com.android.compos.payload (14)
com.android.connectivity.resources (S-initial)
com.android.connectivity.resources.cuttlefish.overlay (14)
com.android.contacts (1.7.34)
com.android.credentialmanager (14)
com.android.cts.ctsshim (14-10093150)
com.android.cts.priv.ctsshim (14-10093150)
com.android.deskclock (14)
com.android.devicelockcontroller (14)
com.android.dialer (23.0)
com.android.documentsui (14)
com.android.dreams.basic (14)
com.android.dreams.phototable (14)
com.android.dynsystem (14)
com.android.egg (1.0)
com.android.emergency (14)
com.android.ext.adservices.api (14)
com.android.externalstorage (14)
com.android.federatedcompute.services (T-initial)
com.android.gallery3d (1.1.40030)
com.android.google.gce.gceservice (14)
com.android.health.connect.backuprestore (14)
com.android.healthconnect.controller (14)
com.android.hotspot2.osulogin (14)
com.android.htmlviewer (14)
com.android.imsserviceentitlement (14)
com.android.inputdevices (14)
com.android.inputmethod.latin (14)
com.android.intentresolver (2021-11)
com.android.internal.display.cutout.emulation.corner (1.0)
com.android.internal.display.cutout.emulation.double (1.0)
com.android.internal.display.cutout.emulation.hole (1.0)
com.android.internal.display.cutout.emulation.tall (1.0)
com.android.internal.display.cutout.emulation.waterfall (1.0)
com.android.internal.systemui.navbar.gestural (1.0)
com.android.internal.systemui.navbar.gestural_extra_wide_back (1.0)
com.android.internal.systemui.navbar.gestural_narrow_back (1.0)
com.android.internal.systemui.navbar.gestural_wide_back (1.0)
com.android.internal.systemui.navbar.threebutton (1.0)
com.android.internal.systemui.navbar.transparent (1.0)
com.android.keychain (14)
com.android.launcher3 (14)
com.android.localtransport (14)
com.android.location.fused (14)
com.android.managedprovisioning (14)
com.android.messaging (1.0.001)
com.android.microdroid.empty_payload (14)
com.android.mms.service (14)
com.android.modulemetadata (14)
com.android.mtp (14)
com.android.music (14)
com.android.musicfx (1.4)
com.android.nearby.halfsheet (14)
com.android.networkstack (14)
com.android.networkstack.tethering (14)
com.android.networkstack.tethering.cuttlefishoverlay (1.0)
com.android.nfc (14)
com.android.ondevicepersonalization.services (T-initial)
com.android.ons (14)
com.android.packageinstaller (14)
com.android.pacprocessor (14)
com.android.permissioncontroller (33 system image)
com.android.phone (14)
com.android.printservice.recommendation (1.3.0)
com.android.printspooler (14)
com.android.providers.blockednumber (14)
com.android.providers.calendar (14)
com.android.providers.contacts (14)
com.android.providers.downloads (14)
com.android.providers.downloads.ui (14)
com.android.providers.media (14)
com.android.providers.media.module (14)
com.android.providers.partnerbookmarks (14)
com.android.providers.settings (14)
com.android.providers.settings.cuttlefish.overlay (14)
com.android.providers.telephony (14)
com.android.providers.userdictionary (14)
com.android.provision (14)
com.android.proxyhandler (14)
com.android.quicksearchbox (14)
com.android.rkpdapp (14)
com.android.role.notes.enabled (1.0)
com.android.safetycenter.resources (33 system image)
com.android.sdksandbox (T-initial)
com.android.se (14)
com.android.server.telecom (14)
com.android.settings (14)
com.android.settings.intelligence (14)
com.android.sharedstoragebackup (14)
com.android.shell (14)
com.android.simappdialog (14)
com.android.soundpicker (14)
com.android.statementservice (1.0)
com.android.stk (14)
com.android.storagemanager (14)
com.android.systemui (14)
com.android.systemui.accessibility.accessibilitymenu (14)
com.android.telephony.qns (14)
com.android.theme.font.notoserifsource (1.0)
com.android.traceur (1.0)
com.android.uwb.resources (T-initial)
com.android.virtualmachine.res (14)
com.android.vpndialogs (14)
com.android.wallpaper.livepicker (14)
com.android.wallpaperbackup (14)
com.android.wallpapercropper (14)
com.android.wallpaperpicker (1.0)
com.android.webview (137.0.7122.0)
com.android.wifi.dialog (14)
com.android.wifi.resources (R-initial)
com.android.wifi.resources.cf (1.0)
com.google.android.telephony.satellite (14)
org.chromium.chrome (137.0.7122.0)

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Accesses external device storage files
  - app_process64 (PID: 4020)
- Launches a new activity
  - app_process64 (PID: 4020)
- Updates data in the storage of application settings (SharedPreferences)
  - app_process64 (PID: 4020)
- Retrieves installed applications on device
  - app_process64 (PID: 4020)
INFO
- Loads a native library into the application
  - app_process64 (PID: 4020)
- Gets file name without full path
  - app_process64 (PID: 4020)
- Gets the display metrics associated with the device's screen
  - app_process64 (PID: 4020)
- Retrieves data from storage of application settings (SharedPreferences)
  - app_process64 (PID: 4020)
- Dynamically inspects or modifies classes, methods, and fields at runtime
  - app_process64 (PID: 4020)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.apk	\|	Android Package (66)
.jar	\|	Java Archive (18.2)
.honmod	\|	HoN Modification Manager package (10.6)
.zip	\|	ZIP compressed archive (5)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	0x0002
ZipCompression:	Deflated
ZipModifyDate:	2025:06:15 12:20:16
ZipCRC:	0x9fad5604
ZipCompressedSize:	2633
ZipUncompressedSize:	12336
ZipFileName:	AndroidManifest.xml

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

130

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
4020	com.gmail.heagoo.apkeditor.pro	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0

Add for printing

Total events

Read events

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

109

Unknown types

Dropped files

PID	Process	Filename		Type
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/shared_prefs/fd.xml		xml
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/files/mycp		binary
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/files/bin/aaptz		binary
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/cache/oat_primary/arm64/base.4020.tmp		binary
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/shared_prefs/config.xml		xml
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/files/bin/aapt		binary
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/files/bin/tmp.zip		compressed
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/files/bin/android.jar		compressed
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/files/bin/AndroidManifest.xml		binary
		MD5:—	SHA256:—
4020	app_process64	/data/user/0/com.gmail.heagoo.apkeditor.pro/files/bin/resources.arsc		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1921	app_process64	GET	204	142.251.150.119:443	https://www.google.com/generate_204	US	—	—	whitelisted
1921	app_process64	GET	204	192.178.183.94:80	http://connectivitycheck.gstatic.com/generate_204	US	—	—	whitelisted
2931	app_process64	POST	200	142.251.127.81:443	https://staging-remoteprovisioning.sandbox.googleapis.com/v1:fetchEekChain	US	binary	778 b	whitelisted
2931	app_process64	POST	200	142.251.127.81:443	https://staging-remoteprovisioning.sandbox.googleapis.com/v1:signCertificates?challenge=AAABndflPysBILStY0B8UwFZqNEymlDCbIofwA8=&request_id=c3eb3f0d-cda2-4f77-8871-7d58a8a9dc2f	US	binary	11.8 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	142.251.153.119:80	www.google.com	GOOGLE	US	whitelisted
452	mdnsd	224.0.0.251:5353	—	—	—	whitelisted
—	—	142.251.155.119:443	www.google.com	GOOGLE	US	whitelisted
—	—	192.178.183.94:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
580	app_process64	216.239.35.12:123	time.android.com	GOOGLE	US	whitelisted
1921	app_process64	192.178.183.94:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
1921	app_process64	142.251.150.119:443	www.google.com	GOOGLE	US	whitelisted
2931	app_process64	142.251.127.81:443	staging-remoteprovisioning.sandbox.googleapis.com	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.251.110.139 142.251.110.138 142.251.110.113 142.251.110.100 142.251.110.102 142.251.110.101	whitelisted
connectivitycheck.gstatic.com	192.178.183.94	whitelisted
www.google.com	142.251.151.119 142.251.154.119 142.251.150.119 142.251.156.119 142.251.152.119 142.251.157.119 142.251.153.119 142.251.155.119	whitelisted
time.android.com	216.239.35.12 216.239.35.4 216.239.35.8 216.239.35.0	whitelisted
staging-remoteprovisioning.sandbox.googleapis.com	142.251.127.81	whitelisted

Threats

PID	Process	Class	Message
1921	app_process64	Misc activity	ET INFO Android Device Connectivity Check

Add for printing

No debug info

General Info

APK.Editor_5.2.apk

F125E381771BC9A7914AAB1FC62A4413

C0F92C18671A18CDBA6BAB4FD7C5023BB86F3412

A715FE300C465A9A2CCBB8E345F54E855B9ED82714FD295B42E877A70A30D4E2

98304:n1u8Q5nkpa179rGhe4K8A1eMQOXP8H5gVRa51BAJFXdEBjWmfT6vBgRyifCSCvDb:SUdgUEuye0tV30RzU

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

Accesses external device storage files

Launches a new activity

Updates data in the storage of application settings (SharedPreferences)

Retrieves installed applications on device

INFO

Loads a native library into the application

Gets file name without full path

Gets the display metrics associated with the device's screen

Retrieves data from storage of application settings (SharedPreferences)

Dynamically inspects or modifies classes, methods, and fields at runtime

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings