Nikolay Elenkov - Android Security Internals_ An In-Depth Guide to Android’s Security Architecture-No Starch Press (2014).pdf
This report is generated from a file or URL submitted to this webservice on June 18th 2022 05:14:04 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v9.2.1 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 2
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "webmasters@gnu.org"
Pattern match: "bug-m4@gnu.org"
Pattern match: "m4-discuss@gnu.org"
Pattern match: "m4-patches@gnu.org"
Pattern match: "m4-announce@gnu.org"
Pattern match: "bug-m4-request@gnu.org"
Pattern match: "info-gnu@gnu.org"
Pattern match: "anonymous@pserver.git.sv.gnu.org"
Pattern match: "gnu@gnu.org" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Installation/Persistence
-
PDF file has an embedded URL to file
- details
- "http://developer.android.com/guide/topics/manifest/permission-element.html#plevel" references a file
- source
- File/Memory
- relevance
- 10/10
- ATT&CK ID
- T1566.002 (Show technique in the MITRE ATT&CK™ matrix)
-
PDF file has an embedded URL to file
-
Informative 12
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/60 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"Local\Acrobat Instance Mutex"
"DBWinMutex"
"com.adobe.acrobat.rna.RdrCefBrowserLock.DC" - source
- Created Mutant
- relevance
- 3/10
-
Found API related strings
- details
-
"http://www.openssl.org/" (Indicator: "open") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://developer.android.com/guide/topics/connectivity/nfc/nfc.html#p2p" (Indicator: "connect") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"http://www.angryredplanet.com/~hackbod/openbinder/docs/html/" (Indicator: "bind") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://developer.android.com/guide/topics/connectivity/nfc/hce.html#PaymentApps" (Indicator: "connect") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"http://openid.net/specs/openid-connect-core-1_0.html" (Indicator: "connect") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"http://openvpn.net/index.php/open-source/documentation/security-overview.html" (Indicator: "open") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://code.google.com/p/ics-openvpn/" (Indicator: "open") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"<link rel="preconnect" href="//www.gstatic.com" crossorigin>" (Indicator: "connect") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<link rel="preconnect" href="//fonts.gstatic.com" crossorigin>" (Indicator: "connect") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<link rel="preconnect" href="//fonts.googleapis.com" crossorigin>" (Indicator: "connect") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<link rel="preconnect" href="//apis.google.com" crossorigin>" (Indicator: "connect") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<link rel="preconnect" href="//www.google-analytics.com" crossorigin><link rel="stylesheet" href="//fonts.googleapis.com/css?family=Roboto:300
400
400italic
500
500italic
700
700italic|Roboto+Mono:400
500
700&display=swap">" (Indicator: "connect") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<link rel="apple-touch-icon" href="https://www.gstatic.com/devrel-devsite/prod/v2325d8c952b9b608081f2b039989eacb0148117feedf74c3efc58771dfb973db/android/images/touchicon-180.png"><link rel="canonical" href="https://developer.android.com/reference/android/content/pm/Signature"><link rel="search" type="application/opensearchdescription+xml"" (Indicator: "open") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"title="Android Developers" href="https://developer.android.com/s/opensearch.xml">" (Indicator: "open") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"aria-label="Docs
selected"" (Indicator: "select") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"search-open" (Indicator: "open") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<devsite-language-selector>" (Indicator: "select") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<devsite-select class="devsite-language-selector-menu">" (Indicator: "select") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"<select aria-label="Select your language preference."" (Indicator: "select") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
"class="devsite-language-selector-select"" (Indicator: "select") in Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html - source
- File/Memory
- relevance
- 1/10
-
PDF file has an embedded URL
- details
-
"https://www.gnu.org/software/m4/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://bitbucket.org/seandroid/manifests/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://www.imperialviolet.org/2012/02/05/crlsets.html" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"http://developer.android.com/guide/topics/manifest/permission-element.html#plevel" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://static.googleusercontent.com/media/source.android.com/en//compatibility/4.4/android-4.4-cdd.pdf" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://developer.android.com/reference/android/content/pm/Signature.html" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://www.sdcard.org/developers/overview/ASSD/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://code.google.com/p/cryptsetup/wiki/DMVerity" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://tools.ietf.org/html/rfc5931/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"http://www.ietf.org/rfc/rfc5116.txt" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://docs.google.com/presentation/d/1YDYUrD22Xq12nKkhBfwoJBfw2Q-OReMr0BrDfHyfyPw" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"http://square.github.io/okhttp/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"https://developer.android.com/reference/android/os/Messenger.html" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"http://selinuxproject.org/page/SEAndroid" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"http://tools.ietf.org/html/rfc6749" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin")
"http://www.openssl.org/" (Based on: "76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin") - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1566.002 (Show technique in the MITRE ATT&CK™ matrix)
-
Process launched with changed environment
- details
-
Process "RdrCEF.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\test_tools""
Process "RdrCEF.exe" (Show Process) was launched with missing environment variables: "MEOW" - source
- Monitored Target
- relevance
- 10/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R18"
"AcroRd32.exe" searching for class "JFWUI2"
"AcroRd32.exe" searching for class "Shell_TrayWnd" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
-
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=4D60354FC6DEDB4E6864BC41 ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=A9BE75E33D50D2C976B0956F ..." (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Creates mutants
-
Installation/Persistence
-
Dropped files
- details
-
"Visited Links" has type "data"- Location: [%LOCALAPPDATA%\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links]- [targetUID: 00000000-00002176]
"0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl" has type "data"- Location: [%APPDATA%\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl]- [targetUID: 00000000-00003656]
"CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl" has type "data"- Location: [%APPDATA%\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl]- [targetUID: 00000000-00003656] - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
- ATT&CK ID
- T1055.011 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://www.gnu.org/software/m4/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://bitbucket.org/seandroid/manifests/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.imperialviolet.org/2012/02/05/crlsets.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://static.googleusercontent.com/media/source.android.com/en//compatibility/4.4/android-4.4-cdd.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/reference/android/content/pm/Signature.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.sdcard.org/developers/overview/ASSD/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://code.google.com/p/cryptsetup/wiki/DMVerity"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://tools.ietf.org/html/rfc5931/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.ietf.org/rfc/rfc5116.txt"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://docs.google.com/presentation/d/1YDYUrD22Xq12nKkhBfwoJBfw2Q-OReMr0BrDfHyfyPw"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://square.github.io/okhttp/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/reference/android/os/Messenger.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://selinuxproject.org/page/SEAndroid"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc6749"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.openssl.org/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc5652"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://support.google.com/accounts/answer/2812853"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc6101"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.usenix.org/legacy/events/vee05/full_papers/p153-yunhe.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/guide/topics/connectivity/nfc/nfc.html#p2p"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-7-cryptographic-message-syntax-standar.htm"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://ipsec-tools.sourceforge.net/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.codeaurora.org/blogs/little-kernel-based-android-bootloader/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc2818"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.globalplatform.org/specificationscard.asp"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://github.com/commonsguy/cwac-security"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://code.google.com/p/cryptsetup/wiki/DMCrypt"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_The_Foundations_3rd_Edition.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.ietf.org/rfc/rfc2898.txt"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.defcon.org/images/defcon-20/dc-20-presentations/Cannon/DEFCON-20-Cannon-Into-The-Droid.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc5246"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.oracle.com/technetwork/java/javacard/specs-jsp-136430.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tack.io/draft.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/reference/android/nfc/NfcAdapter.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/reference/android/app/admin/DeviceAdminInfo.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/reference/android/nfc/tech/TagTechnology.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.daemonology.net/bsdiff/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.angryredplanet.com/~hackbod/openbinder/docs/html/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developers.google.com/gdata/faq#clientlogin"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://github.com/kruton/adb-on-chrome/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/draft-ietf-websec-key-pinning-2"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://download.chainfire.eu/supersu/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://elinux.org/Android_Mainlining_Project"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://github.com/Chainfire/libsuperuser/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-373.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://randomoracle.wordpress.com/2014/03/08/hce-vs-embedded-secure-element-comparing-risks-part-i/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc6962"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://source.android.com/devices/tech/security/#sim-card-access"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc6960"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://nfc-forum.org/our-work/specifications-and-application-documents/specifications/nfc-forum-technical-specifications/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.cyanogenmod.org/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://rtyley.github.io/spongycastle/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://source.android.com/devices/tech/storage/index.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://code.google.com/p/seek-for-android/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://su.chainfire.eu/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/public-key-cryptography-standards.htm"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/reference/android/os/IBinder.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc3447"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.eff.org/observatory"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.internetsociety.org/sites/default/files/02_4.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://hostap.epitest.fi/wpa_supplicant/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/guide/topics/connectivity/nfc/hce.html#PaymentApps"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://source.android.com/devices/tech/security/dm-verity.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.cardwerk.com/smartcards/smartcard_standards.aspx"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://source.android.com/devices/tech/security/se-linux.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://openid.net/specs/openid-connect-core-1_0.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/guide/topics/admin/device-admin.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/reference/android/accounts/AbstractAccountAuthenticator.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc2104"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://harmony.apache.org/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.sourceware.org/dm/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.3gpp.org/ftp/Specs/html-info/27007.htm"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://source.android.com/devices/tech/security/enhancements43.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/reference/android/content/ClipData.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/reference/android/accounts/AccountAuthenticatorActivity.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.simalliance.org/en?t=/documentManager/sfdoc.file.supply&fileID=1392314878580"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://github.com/cybojenix/PyAdb/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://code.google.com/p/seek-for-android/wiki/SmartcardAPI"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developers.google.com/accounts/docs/AuthForInstalledApps"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://static.googleusercontent.com/media/source.android.com/en//compatibility/4.4/android-4.4-cdd.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/google/play-services/index.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://github.com/TeamWin/Team-Win-Recovery-Project/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://tools.ietf.org/html/rfc5281/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-8-private-key-information-syntax-stand.htm"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://teamw.in/project/twrp2/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc3546"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://fuse.sourceforge.net/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://openvpn.net/index.php/open-source/documentation/security-overview.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://www.iso.org/iso/home/store/catalogue_ics.htm"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://docs.oracle.com/javase/7/docs/technotes/guides/jni/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/device-mapper/verity.txt"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://developer.android.com/reference/android/net/VpnService.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.bouncycastle.org/java.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc5280"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://code.google.com/p/ics-openvpn/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc6066#section-8"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.codeaurora.org/cgit/quic/la/kernel/lk/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://jcp.org/en/jsr/detail?id=177"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://code.google.com/p/jarjar/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://tools.ietf.org/html/rfc5216/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/reference/android/accounts/AccountManager.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-10/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.eff.org/deeplinks/2011/04/unqualified-names-ssl-observatory"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://source.android.com/devices/tech/storage/config-example.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://convergence.io/"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "http://developer.android.com/reference/android/Manifest.permission.html"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://static.googleusercontent.com/media/source.android.com/en//compatibility/android-cdd.pdf"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://android.clients.google.com"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Heuristic match: "ILHRQiR.IL"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Heuristic match: "8ND'!%0.LT"- [Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin]
Pattern match: "https://www.googleapis.com/auth/developerprofiles"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "www.gstatic.com"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "www.google-analytics.com"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "fonts.googleapis.com/css?family=Material+Icons&display=block"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://www.gstatic.com/devrel-devsite/prod/v2325d8c952b9b608081f2b039989eacb0148117feedf74c3efc58771dfb973db/android/images/favicon.png"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://www.gstatic.com/devrel-devsite/prod/v2325d8c952b9b608081f2b039989eacb0148117feedf74c3efc58771dfb973db/android/images/touchicon-180.png"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/s/opensearch.xml"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/reference/android/content/pm/Signature"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://www.gstatic.com/devrel-devsite/prod/v2325d8c952b9b608081f2b039989eacb0148117feedf74c3efc58771dfb973db/android/images/lockup.svg"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/about"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/studio"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/distribute"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/jetpack"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/kotlin"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/docs"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/games"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/s/results"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/guide"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/reference"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/samples"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://developer.android.com/design"- [Source: urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html]
Pattern match: "https://twitter.com/agl__"- [Source: urlref_httpswww.imperialviolet.org20120205crlsets.html]
Pattern match: "https://indieauth.com/openid"- [Source: urlref_httpswww.imperialviolet.org20120205crlsets.html]
Pattern match: "https://www.imperialviolet.org/"- [Source: urlref_httpswww.imperialviolet.org20120205crlsets.html]
Pattern match: "https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz:extralight&text=ImperialVioletAdamLangleysWeblog%27"- [Source: urlref_httpswww.imperialviolet.org20120205crlsets.html]
Pattern match: "https://www.imperialviolet.org"- [Source: urlref_httpswww.imperialviolet.org20120205crlsets.html]
Pattern match: "http://www.imperialviolet.org/2011/03/18/revocation.html"- [Source: urlref_httpswww.imperialviolet.org20120205crlsets.html]
Pattern match: "https://github.com/agl/crlset-tools"- [Source: urlref_httpswww.imperialviolet.org20120205crlsets.html]
Pattern match: "https://www.ietf.org/lib/dt/8.4.0/ietf/images/ietf-logo-nor-180.png"- [Source: urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00]
Pattern match: "https://www.ietf.org/lib/dt/8.4.0/ietf/images/ietf-logo-nor-32.png"- [Source: urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00]
Pattern match: "https://www.ietf.org/lib/dt/8.4.0/ietf/images/ietf-logo-nor-16.png"- [Source: urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00]
Pattern match: "https://www.ietf.org/lib/dt/8.4.0/ietf/images/ietf-logo-nor-mask.svg"- [Source: urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00]
Pattern match: "https://datatracker.ietf.org"- [Source: urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00]
Pattern match: "https://www.ietf.org/ietf/1id-abstracts.txt"- [Source: urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00]
Pattern match: "https://www.ietf.org/shadow.html"- [Source: urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00]
Pattern match: "http://www.w3.org/1999/xhtml"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "https://my.fsf.org/donate?mtm_campaign=spring22&mtm_source=banner"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "static.gnu.org/nosvn/banners/202206fundraiser/img/left-715.svg"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "static.gnu.org/nosvn/banners/202206fundraiser/img/right-715.svg"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "static.gnu.org/nosvn/banners/202206fundraiser/img/right-360.svg"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "www.gnu.org/cgi-bin/estseek.cgi"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "www.gnu.org] "- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "https://h-node.org/"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://ftp.gnu.org/gnu/m4/"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "ftp.gnu.org/gnu/m4/"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "git.sv.gnu.org/m4"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://git.savannah.gnu.org/r/m4.git"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://www.gnu.org/software/m4/manual/"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://lists.gnu.org/mailman/listinfo/m4-announce"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://lists.gnu.org/mailman/listinfo/info-gnu"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://lists.gnu.org/mailman/listinfo/bug-m4"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://lists.gnu.org/mailman/listinfo/m4-patches"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://savannah.gnu.org/projects/m4/"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://git.sv.gnu.org/gitweb/?p=m4.git"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://translationproject.org/domain/m4.html"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://lists.gnu.org/mailman/listinfo/m4-discuss"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "www.fsf.org"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "www.fsf.org/associate/support_freedom?referrer=4052"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "www.gnu.org/prep/maintain"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "http://creativecommons.org/licenses/by-nd/4.0/"- [Source: urlref_httpswww.gnu.orgsoftwarem4]
Pattern match: "www.fsf.org/about/dmca-notice"- [Source: urlref_httpswww.gnu.orgsoftwarem4] - source
- File/Memory
- relevance
- 10/10
-
Possibly tries to communicate over SSL connection (HTTPS)
- details
-
"https://www.gnu.org/software/m4/" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://bitbucket.org/seandroid/manifests/" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://www.imperialviolet.org/2012/02/05/crlsets.html" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00/" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://static.googleusercontent.com/media/source.android.com/en//compatibility/4.4/android-4.4-cdd.pdf" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://developer.android.com/reference/android/content/pm/Signature.html" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://www.sdcard.org/developers/overview/ASSD/" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://code.google.com/p/cryptsetup/wiki/DMVerity" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://tools.ietf.org/html/rfc5931/" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://docs.google.com/presentation/d/1YDYUrD22Xq12nKkhBfwoJBfw2Q-OReMr0BrDfHyfyPw" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin
"https://developer.android.com/reference/android/os/Messenger.html" (Indicator: "https://") in Source: 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914.bin - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1573 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"<meta property="og:image:height" content="675"><meta property="og:locale" content="en"><meta name="twitter:card" content="summary_large_image">" (Indicator: "twitter")
"<link href="https://twitter.com/agl__" rel="me">" (Indicator: "twitter") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
File Details
Nikolay Elenkov - Android Security Internals_ An In-Depth Guide to Android’s Security Architecture-No Starch Press (2014).pdf
- Filename
- Nikolay Elenkov - Android Security Internals_ An In-Depth Guide to Android’s Security Architecture-No Starch Press (2014).pdf
- Size
- 7.1MiB (7407825 bytes)
- Type
- Description
- PDF document, version 1.7
- Architecture
- WINDOWS
- SHA256
- 76ccd30776f34ad02c6af732b47e02d2e9c2bab0d39d862e5c5767dda3d4d914
- MD5
- 9cd46bcc46e40a13f4e9b213a459b205
- SHA1
- 4c1154e9ffdd1c6862ad38d01d85d3b9ceb30fd2
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 4 processes in total.
-
AcroRd32.exe
"C:\NikolayElenkov-AndroidSecurityInternals_AnIn-DepthGuidetoAndroid_sSecurityArchitecture-NoStarchPress_2014_.pdf"
(PID: 3656)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 2176)
- RdrCEF.exe --type=renderer --primordial-pipe-token=4D60354FC6DEDB4E6864BC41367B9857 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=4D60354FC6DEDB4E6864BC41367B9857 --renderer-client-id=2 --mojo-platform-channel-handle=1292 --allow-no-sandbox-job /prefetch:1 (PID: 2912)
- RdrCEF.exe --type=renderer --primordial-pipe-token=A9BE75E33D50D2C976B0956F29304A02 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=A9BE75E33D50D2C976B0956F29304A02 --renderer-client-id=3 --mojo-platform-channel-handle=1348 --allow-no-sandbox-job /prefetch:1 (PID: 2928)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 2176)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 7
-
-
0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
- Size
- 637B (637 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3656)
- MD5
- 974e8536b8767ac5be204f35d16f73e8
- SHA1
- e847897947a3db26e35cb7d490c688e8c410dfb7
- SHA256
- d1bb4b163fe01acc368a92b385bb0bd3a9fc2340b6d485b77a20553a713166d3
-
CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
- Size
- 425B (425 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3656)
- MD5
- b1783b97d2072e141e12e8911e151704
- SHA1
- e3a9fe0da15be51286f39d6092e9126443669e49
- SHA256
- 9009ab7605c35a2b5121b8b5c966b3c893edba9966925268c45ad05b348671c8
-
Visited Links
- Size
- 128KiB (131072 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 2176)
- MD5
- 81a284a2b84dde3230ff339415b0112f
- SHA1
- f61be0648fe365bc7d398aa4907c097a06739384
- SHA256
- cdb94563c99017ea9eb34642740794033fb48257f3f06df0ab5af0da5f7cbf6c
-
urlref_httpswww.gnu.orgsoftwarem4
- Size
- 15KiB (14863 bytes)
- Type
- html
- Description
- HTML document, ASCII text
- Runtime Process
- AcroRd32.exe (PID: 3656)
- Context
- https://www.gnu.org/software/m4/
- MD5
- 88a74088fbc3c1f311c4b60a1f532874
- SHA1
- 0a0d9d3159ff24c15525bd2a53968daf18cd48f5
- SHA256
- 3bba7910c44abdb71a9bfc8bb58fe1c65ffdcdc8ca481fbd3e984d0b5677ac7c
-
urlref_httpswww.imperialviolet.org20120205crlsets.html
- Size
- 9.5KiB (9714 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines
- Runtime Process
- AcroRd32.exe (PID: 3656)
- Context
- https://www.imperialviolet.org/2012/02/05/crlsets.html
- MD5
- bcd12f2fadf1702492598d41371f2e40
- SHA1
- 91647a1473a9380bae2460d2b8f50532e72d655a
- SHA256
- 53a8edfdcd6952fb58310c88f6f244e52576ca5157d9e2f97172b42126246ea9
-
urlref_httpstools.ietf.orghtmldraft-kamath-pppext-peapv0-00
- Size
- 47KiB (48202 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines
- Runtime Process
- AcroRd32.exe (PID: 3656)
- Context
- https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00/
- MD5
- 22c95db405bc9f0973ddda2b266e1a1e
- SHA1
- 62d9a56a3c94792dea289f74d915b23d43c9bcfe
- SHA256
- 0c99be398b379acdc9961aa6f0f24fe6f91f8cb00d674245dac22fcf49b31410
-
urlref_httpsdeveloper.android.comreferenceandroidcontentpmSignature.html
- Size
- 1.6MiB (1675598 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode text, with very long lines
- Runtime Process
- AcroRd32.exe (PID: 3656)
- Context
- https://developer.android.com/reference/android/content/pm/Signature.html
- MD5
- f04d0739b0501ff2873d1fd5f805e80d
- SHA1
- 318d241feeaa8fb9ebb1531d6f0a3778f427369c
- SHA256
- b165c510601ea4fb2e1deabbe10c775d135cece0ad06537c093f889b5c076013
-
Notifications
-
Runtime
- No static analysis parsing on sample was performed
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all file accesses are visible for RdrCEF.exe (PID: 2176)
- Not all file accesses are visible for RdrCEF.exe (PID: 2912)
- Not all file accesses are visible for RdrCEF.exe (PID: 2928)
- Not all referenced URLs were checked, as a threshold was met
- Not all sources for indicator ID "string-101" are available in the report
- Not all sources for indicator ID "string-25" are available in the report
- Not all sources for indicator ID "string-98" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)
- Some low-level data is hidden, as this is only a slim report