File name:

HDRezka+0.9.10-@EasyAPK.apk

Full analysis: https://app.any.run/tasks/4a7c12da-082b-4040-b676-99364c68ec2c
Verdict: Malicious activity
Analysis date: April 23, 2025, 19:22:13
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with gradle app-metadata.properties, with APK Signing Block
MD5:

98FE9A491C70C0062F707C9DB0294612

SHA1:

326815DE32899A5C9A381BD757D39ACD211AC61C

SHA256:

FAEC308710143CF9A7FDF6C4170305722271E7A77ADF7299058FC0B46B1BD57C

SSDEEP:

98304:hYZ97s5wKOCN+UzpOcC2MNYJU62No5fuUG2NlIdGNF986bbf0oZFDYjsDYfO6eLf:dw2OcgSQni

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Accesses system-level resources

      • app_process64 (PID: 2259)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2259)

    • Establishing a connection

      • app_process64 (PID: 2259)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2259)

    • Retrieves a list of running application processes

      • app_process64 (PID: 2259)

  • INFO

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2259)

    • Detects if debugger is connected

      • app_process64 (PID: 2259)

    • Gets file name without full path

      • app_process64 (PID: 2259)

    • Returns elapsed time since boot

      • app_process64 (PID: 2259)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2259)

    • Stores data using SQLite database

      • app_process64 (PID: 2259)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2259)

    • Creates and writes local files

      • app_process64 (PID: 2259)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2259)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (62.8)
.jar | Java Archive (17.3)
.vym | VYM Mind Map (14.9)
.zip | ZIP compressed archive (4.7)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0xa18242e2
ZipCompressedSize: 51
ZipUncompressedSize: 56
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
1
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start app_process64

Process information

PID
CMD
Path
Indicators
Parent process
2259io.fournkoner.hdrezka /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
33
Text files
21
Unknown types
0

Dropped files

PID
Process
Filename
Type
2259app_process64/data/data/io.fournkoner.hdrezka/files/PersistedInstallation5967887625581411231tmpbinary
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/files/PersistedInstallation.W0RFRkFVTFRd+MTozODI2OTk0NzUxNzI6YW5kcm9pZDo1OTcwMzMzODc3MzY4N2NlOTU1Y2Yx.jsonbinary
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/shared_prefs/com.google.firebase.crashlytics.xmlxml
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/files/.crashlytics.v3/io.fournkoner.hdrezka/open-sessions/68093DF5024A000108D3ABB1B2672BC9/reportbinary
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/files/.crashlytics.v3/io.fournkoner.hdrezka/open-sessions/68093DF5024A000108D3ABB1B2672BC9/internal-keysbinary
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MTozODI2OTk0NzUxNzI6YW5kcm9pZDo1OTcwMzMzODc3MzY4N2NlOTU1Y2Yx.xmlxml
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/databases/google_app_measurement_local.dbbinary
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/files/.crashlytics.v3/io.fournkoner.hdrezka/com.crashlytics.settings.jsonbinary
MD5:
SHA256:
2259app_process64/data/data/io.fournkoner.hdrezka/files/.crashlytics.v3/io.fournkoner.hdrezka/open-sessions/68093DF5024A000108D3ABB1B2672BC9/userlog.tmpbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
12
DNS requests
11
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
142.250.186.131:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
449
mdnsd
224.0.0.251:5353
unknown
142.250.186.131:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
172.217.16.196:443
www.google.com
GOOGLE
US
whitelisted
216.239.35.8:123
time.android.com
whitelisted
108.177.127.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2259
app_process64
142.250.186.99:443
firebase-settings.crashlytics.com
GOOGLE
US
whitelisted
2259
app_process64
142.250.185.138:443
firebaseinstallations.googleapis.com
GOOGLE
US
whitelisted
2259
app_process64
82.221.128.102:443
hdrzk.org
Advania Island ehf
IS
unknown
2259
app_process64
179.43.158.229:443
api.hdrezka.tech
Private Layer INC
CH
unknown
2259
app_process64
142.250.186.110:443
app-measurement.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
connectivitycheck.gstatic.com
  • 142.250.186.131
whitelisted
www.google.com
  • 172.217.16.196
whitelisted
google.com
  • 142.250.184.238
whitelisted
time.android.com
  • 216.239.35.8
  • 216.239.35.12
  • 216.239.35.4
  • 216.239.35.0
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 108.177.127.81
whitelisted
firebase-settings.crashlytics.com
  • 142.250.186.99
whitelisted
firebaseinstallations.googleapis.com
  • 142.250.185.138
  • 142.250.186.42
  • 216.58.212.170
  • 142.250.181.234
  • 142.250.186.138
  • 142.250.185.202
  • 142.250.186.170
  • 142.250.186.106
  • 142.251.13.95
  • 142.250.186.74
  • 216.58.206.74
  • 172.217.16.202
  • 142.250.185.170
  • 216.58.206.42
  • 142.250.185.106
  • 142.250.185.234
whitelisted
hdrzk.org
  • 82.221.128.102
unknown
api.hdrezka.tech
  • 179.43.158.229
unknown
app-measurement.com
  • 142.250.186.110
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
2259
app_process64
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HDRezka+0.9.10-@EasyAPK.apk