search

rednaga / APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Other
1.96k stars 286 forks source link

[DETECTION] Possible Bangcle variant #212

Open enovella opened 4 years ago

enovella commented 4 years ago

Describe the detection issue Possible version of bangcle, secneo or other chinese protectors

import com.bangcle.everisk.Agent;
import com.bangcle.everisk.checkers.p.a.a;
import com.bangcle.everisk.util.n;

Assets RiskStub.dex

APKiD current results...

[20:05 edu@xps Downloads] >  apkid 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk 
[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!assets/RiskStub.dex
 |-> anti_debug : Debug.isDebuggerConnected() check
 |-> anti_vm : Build.BOARD check, Build.BRAND check, Build.DEVICE check, Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, Build.TAGS check, emulator file check, possible Build.SERIAL check, possible ro.secure check, ro.kernel.qemu check, ro.product.device check, subscriber ID check
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes.dex
 |-> anti_debug : Debug.isDebuggerConnected() check
 |-> anti_vm : Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, SIM operator check, network operator name check, possible VM check, possible ro.secure check, subscriber ID check
 |-> compiler : dx (possible dexmerge)
 |-> manipulator : dexmerge
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes10.dex
 |-> anti_vm : Build.MANUFACTURER check, network operator name check, possible Build.SERIAL check, subscriber ID check
 |-> compiler : dx (possible dexmerge)
 |-> manipulator : dexmerge
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes2.dex
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes3.dex
 |-> anti_vm : Build.BOARD check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, possible Build.SERIAL check, subscriber ID check
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes4.dex
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, Build.TAGS check, SIM operator check, device ID check, emulator file check, network operator name check, possible Build.SERIAL check, possible VM check, possible ro.secure check, ro.kernel.qemu check, ro.product.device check, subscriber ID check
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes5.dex
 |-> anti_vm : Build.BOARD check, Build.MANUFACTURER check, SIM operator check, network operator name check, possible Build.SERIAL check, subscriber ID check
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes6.dex
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.TAGS check, SIM operator check, network operator name check, possible Build.SERIAL check, subscriber ID check
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes7.dex
 |-> anti_vm : Build.FINGERPRINT check, Build.MANUFACTURER check
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes8.dex
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.MANUFACTURER check, Build.MODEL check, SIM operator check, device ID check, network operator name check, possible ro.secure check, subscriber ID check
 |-> compiler : dx (possible dexmerge)
 |-> manipulator : dexmerge
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!classes9.dex
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.MANUFACTURER check, possible Build.SERIAL check
 |-> compiler : dx (possible dexmerge)
 |-> manipulator : dexmerge
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!lib/armeabi/libAPSE_1.1.5.so
 |-> anti_vm : emulator file check
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!lib/armeabi/libdeviceid_1.0.so
 |-> anti_vm : emulator file check
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!lib/armeabi/libservicefakedex.so!classes.dex
 |-> compiler : unknown (please file detection issue!)
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!lib/armeabi/libsgavmp.so!classes.dex
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!lib/armeabi/libsgmain.so!classes.dex
 |-> anti_vm : subscriber ID check
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!lib/armeabi/libsgnocaptcha.so!classes.dex
 |-> compiler : dx
[*] 6fb26804f020048b93b033728def59dc093f99c664b8a408a4e237bbed36de4e.apk!lib/armeabi/libsgsecuritybody.so!classes.dex
 |-> compiler : dx
enovella commented 1 year ago

@apkunpacker Do you have any INTEL in this sample?