Photo icon

_h___.apk

Photo

476.93 KB

Analyzed: 2026-06-28 18:01 UTC

Twitter / X Facebook LinkedIn WhatsApp Telegram Reddit
Analyze Another

APK Security & Privacy Score

Security scoring uses multi-engine scan signals and APK indicators. Privacy scoring uses requested permissions and network endpoint patterns.

Security Scan-weighted
36/100
Threat scan flagged Modern target SDK
Privacy Permissions & network
98/100
AllowBackup enabled Low data access
53/100
High Risk
Overall trust

Facts

Threat scan 13/75 flagged, 0 suspicious
Permissions 2 requested
Network strings 2 URLs (0 HTTP, 2 HTTPS)
Target SDK 34
Certificate Valid until 2035-07-17 (9 years, suspicious)

Warnings

Threat scan flagged: 13/75 scanners marked this file as malicious.
AllowBackup is enabled.
Package Name ru.jpydaqcfb.ufqaq
Version Code 1
Version Name 1.0
Application Name zloy.MyApp
Debuggable No
Allow Backup Yes
Min SDK Android 24 (Nougat)
Target SDK Android 34 (Android 14)
Supported ABIs
Universal

Certificate & Signer

Valid From 2008-02-29 01:33:46
Valid To 2035-07-17 01:33:46
Serial Number 936eacbe07f201df
Thumbprint 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
Issuer: C US
Issuer: CN Android
Issuer: DN C:US, CN:Android, L:Mountain View, O:Android, ST:California, OU:Android, email:android@android.com
Issuer: L Mountain View
Issuer: O Android
Issuer: OU Android
Issuer: ST California
Issuer: email android@android.com
Subject: C US
Subject: CN Android
Subject: DN C:US, CN:Android, L:Mountain View, O:Android, ST:California, OU:Android, email:android@android.com
Subject: L Mountain View
Subject: O Android
Subject: OU Android
Subject: ST California
Subject: email android@android.com

Security Scan

13 /75
⚠️ Threats Detected
Detected by 13 vendors: AVG (Android:Evo-gen [Trj]), Avast (Android:Evo-gen [Trj]), Avast-Mobile (Android:Evo-gen [Trj])
Scanned by 75 security vendors
Last scan: 2026-06-28 17:40 UTC
Malicious
13
Suspicious
0
Harmless
0
Undetected
52
Timeout
0
Failure
0

Scan Providers

75 vendors
ALYac undetected
No result reported
Engine 2.0.0.10
APEX type-unsupported
No result reported
Engine 6.793
AVG malicious
Android:Evo-gen [Trj]
Engine 23.9.8494.0
Acronis undetected
No result reported
Engine 1.2.0.121
AhnLab-V3 undetected
No result reported
Engine 3.30.1.10706
Alibaba undetected
No result reported
Engine 0.3.0.5
Antiy-AVL undetected
No result reported
Engine 3.0
Arcabit undetected
No result reported
Engine 2025.0.0.23
Avast malicious
Android:Evo-gen [Trj]
Engine 23.9.8494.0
Avast-Mobile malicious
Android:Evo-gen [Trj]
Engine 260628-00
Avira malicious
ANDROID/Evo.AG1586004.Gen
Engine 8.3.3.24
BitDefender undetected
No result reported
Engine 7.2
BitDefenderFalx malicious
Android.Riskware.Agent.aEKMQ
Engine 2.0.936
Bkav undetected
No result reported
Engine 8.2.40(8338)
CAT-QuickHeal undetected
No result reported
Engine 22.00
CMC undetected
No result reported
Engine 2.4.2022.1
CTX undetected
No result reported
Engine 2024.8.29.1
ClamAV undetected
No result reported
Engine 1.5.2.0
CrowdStrike undetected
No result reported
Engine 1.0
Cylance type-unsupported
No result reported
Engine 3.0.0.0
Cynet malicious
Malicious (score: 99)
Engine 4.0.3.4
DeepInstinct type-unsupported
No result reported
Engine 5.0.0.8
DrWeb malicious
Android.Banker.Mamont.259.origin
Engine 7.0.75.2070
ESET-NOD32 malicious
Android/Spy.Banker.EAR trojan
Engine 18.2.18.0
Elastic type-unsupported
No result reported
Engine 4.0.268
Emsisoft undetected
No result reported
Engine 2024.8.0.61147
F-Secure malicious
Trojan:Android/Corrupted.BC
Engine 18.10.1547.307
Fortinet undetected
No result reported
Engine 7.0.48.0
GData undetected
No result reported
Engine GD:27.45073AVA:64.31490
Google undetected
No result reported
Engine 1782662462
Gridinsoft undetected
No result reported
Engine 1.0.249.174
Ikarus undetected
No result reported
Engine 6.5.4.0
Jiangmin undetected
No result reported
Engine 16.0.100
K7AntiVirus undetected
No result reported
Engine 14.59.59967
K7GW malicious
Trojan ( 005c9c5a1 )
Engine 14.59.59967
Kaspersky malicious
HEUR:Trojan-Banker.AndroidOS.Mamont.hl
Engine 22.0.1.28
Kingsoft undetected
No result reported
Engine None
Lionic undetected
No result reported
Engine 8.16
Malwarebytes undetected
No result reported
Engine 3.1.0.239
MaxSecure undetected
No result reported
Engine 1.0.0.1
McAfeeD undetected
No result reported
Engine 1.2.0.15146
MicroWorld-eScan undetected
No result reported
Engine 14.0.409.0
Microsoft undetected
No result reported
Engine 1.1.26050.11
NANO-Antivirus undetected
No result reported
Engine 1.0.170.26895
Paloalto type-unsupported
No result reported
Engine 0.9.0.1003
Panda undetected
No result reported
Engine 4.6.4.2
Rising undetected
No result reported
Engine 25.0.0.28
SUPERAntiSpyware undetected
No result reported
Engine 5.6.0.1032
Sangfor undetected
No result reported
Engine 2.22.3.0
SentinelOne type-unsupported
No result reported
Engine 7.7.0.1
Skyhigh undetected
No result reported
Engine v2021.2.0+4045
Sophos undetected
No result reported
Engine 3.5.1.0
Symantec undetected
No result reported
Engine 1.22.0.0
SymantecMobileInsight type-unsupported
No result reported
Engine 2.0
TACHYON undetected
No result reported
Engine 2026-06-28.02
Tencent undetected
No result reported
Engine 1.0.0.1
Trapmine type-unsupported
No result reported
Engine 4.0.12.0
TrellixENS undetected
No result reported
Engine 6.0.6.653
TrendMicro malicious
HEUR_ZIP.PWTRICK
Engine 24.550.0.1002
TrendMicro-HouseCall malicious
HEUR_ZIP.PWTRICK
Engine 24.550.0.1002
Trustlook undetected
No result reported
Engine 1.0
VBA32 undetected
No result reported
Engine 5.6.1
VIPRE undetected
No result reported
Engine 6.0.0.35
Varist undetected
No result reported
Engine 6.6.1.3
ViRobot undetected
No result reported
Engine 2014.3.20.0
VirIT undetected
No result reported
Engine 9.5.1237
Webroot undetected
No result reported
Engine 1.9.0.8
Xcitium undetected
No result reported
Engine 38765
Yandex undetected
No result reported
Engine 5.5.2.24
Zillya undetected
No result reported
Engine 2.0.0.5630
ZoneAlarm undetected
No result reported
Engine 6.25-116107927
Zoner undetected
No result reported
Engine 2.2.2.0
alibabacloud type-unsupported
No result reported
Engine 2.2.0
huorong undetected
No result reported
Engine 0aa8ddc:0aa8ddc:6990e76:6990e76
tehtris type-unsupported
No result reported

File Signatures

SHA-256 c0eda0387fd215bb2e2fb49c7d7b1ea3a996a76a974f107185ae8dfb2cbee7e4
MD5 4be9b73e7ea1162626a231511ece80bc
SHA-1 d5fcc0a24cc551663200052b675c4729e18deaae
SSDEEP 12288:q2+BOM0OGd/tt/OXXy45gbUJ5xl5xJXoBKfWu7kXoBKfWu7dE0IepjEjNgDT:INyBtt/OnyOgc5j5vXoBKfWekXoBKfWi
TLSH T132A40247A71266EAC1F3863F4E03067664338E74D60386CB5E51F5782DBA7998B4CBC8
VHASH edfe7a9ce976b429ed864d2a3483166c

File Intelligence

Type Description Android Human-friendly file type name based on multiple detection methods.
Type Extension apk Most likely file extension inferred from the content.
Type Tag android Primary type tag assigned by the classifier.
Type Tags executable, mobile, android, apk Additional type tags that describe the file content.
Magic Zip archive data, at least v2.0 to extract, compression method=[0x96] File signature result from magic bytes inspection.
Magika APK File type predicted by Magika (ML-based file type detection).
TrID Android Package (49%), Java Archive (24.5%), Sweet Home 3D Design (generic) (19%), ZIP compressed archive (7.2%) TrID file type guesses with probabilities.
dhash 0000001c1e0d0400 Perceptual hash used to compare visual similarity of files.
raw md5 c95ca054bf7b72acdde5545a79d4c1df Raw MD5 hash of the file contents.
extensions png (26), xml (18), kotlin_builtins (7), arsc (1), dex (1), gz (1), json (1), MF (1), RSA (1), SF (1) File extensions found inside the APK and how many of each.
file types PNG (26), XML (17), unknown (14), DEX (1) Detected embedded file types and their counts.
highest datetime 2017-12-29 16:41:34 UTC Latest timestamp found among files inside the archive.
lowest datetime 2017-12-29 16:41:34 UTC Earliest timestamp found among files inside the archive.
num children 59 Number of files contained within the archive.
type APK Container type detected for the analyzed file.
uncompressed size 702 KB Estimated total size of all files after extraction.

Sandbox

Sandbox Verdicts

Zenbox android
Malicious 64% confidence MALWARE TROJAN EVADER

Deep Manifest Analysis

Activity Intents (2)

zloy.MainActivity
Actions
Main Activity Action: Start as a main entry point, does not expect to android.intent.action.MAIN
Categories
android.intent.category.DEFAULT android.intent.category.INFO
zloy.core.SmsActivity
Actions
Send Activity Action: Deliver some data to someone else. android.intent.action.SEND
Sendto Activity Action: Send a message to someone specified by the data. android.intent.action.SENDTO
Categories
android.intent.category.DEFAULT android.intent.category.BROWSABLE

Service Intents (5)

zloy.ForegroundService
Actions
Send Activity Action: Deliver some data to someone else. android.intent.action.SEND
RESTART_SERVICE RESTART_SERVICE
zloy.PushNotificationListener
Actions
android.service.notification.NotificationListenerService android.service.notification.NotificationListenerService
zloy.core.SmsService
Actions
android.intent.action.RESPOND_VIA_MESSAGE android.intent.action.RESPOND_VIA_MESSAGE
zloy.sync.StubAuthenticatorService
Actions
android.accounts.AccountAuthenticator android.accounts.AccountAuthenticator
zloy.sync.SyncService
Actions
android.content.SyncAdapter android.content.SyncAdapter

Receiver Intents (6)

zloy.ServiceRestartReceiver
Actions
Locked Boot Completed Broadcast Action: This is broadcast once, after the system has finished android.intent.action.LOCKED_BOOT_COMPLETED
Boot Completed Broadcast Action: This is broadcast once, after the system has finished android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON com.htc.intent.action.QUICKBOOT_POWERON
My Package Replaced Broadcast Action: A new version of your application has been installed android.intent.action.MY_PACKAGE_REPLACED
zloy.RESTART_SERVICE zloy.RESTART_SERVICE
android.provider.action.DEFAULT_SMS_PACKAGE_CHANGED android.provider.action.DEFAULT_SMS_PACKAGE_CHANGED
User Unlocked Broadcast Action: Sent when the credential-encrypted private storage has android.intent.action.USER_UNLOCKED
Screen On Broadcast Action: Sent when the device wakes up and becomes interactive. android.intent.action.SCREEN_ON
Power Connected Broadcast Action: External power has been connected to the device. android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED android.intent.action.ACTION_POWER_DISCONNECTED
android.net.conn.CONNECTIVITY_CHANGE android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.MIUI_BATTERY_FEATURE_CHANGE android.intent.action.MIUI_BATTERY_FEATURE_CHANGE
miui.intent.action.POWER_MODE_CHANGED miui.intent.action.POWER_MODE_CHANGED
zloy.core.WapPushReceiver
Actions
android.provider.Telephony.WAP_PUSH_DELIVER android.provider.Telephony.WAP_PUSH_DELIVER
zloy.core.alarm.ServiceMonitorReceiver
Actions
zloy.SERVICE_MONITOR zloy.SERVICE_MONITOR
zloy.core.telephony.sms.DeliverySmsReceiver
Actions
SMS_DELIVERED SMS_DELIVERED
SMS_SENT SMS_SENT
zloy.core.telephony.sms.SmsReceiver
Actions
android.provider.Telephony.SMS_RECEIVED android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER android.provider.Telephony.SMS_DELIVER
zloy.watchdog.WatchdogReceiver
Actions
zloy.WATCHDOG_PING zloy.WATCHDOG_PING

Requested Permissions (2)

have full network access Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. android.permission.INTERNET
view network connections Allows the app to view information about network connections such as which networks exist and are connected. android.permission.ACCESS_NETWORK_STATE

Uses Features (12)

Audio Pro Feature for {@link #getSystemAvailableFeatures} and {@link #hasSystemFeature}: android.hardware.audio.pro
Bluetooth Le Feature for {@link #getSystemAvailableFeatures} and android.hardware.bluetooth_le
Camera Front Feature for {@link #getSystemAvailableFeatures} and android.hardware.camera.front
Ethernet Feature for {@link #getSystemAvailableFeatures} and android.hardware.ethernet
Fingerprint Feature for {@link #getSystemAvailableFeatures} and android.hardware.fingerprint
Location Gps Feature for {@link #getSystemAvailableFeatures} and android.hardware.location.gps
Location Network Feature for {@link #getSystemAvailableFeatures} and android.hardware.location.network
Opengles Extension Pack Feature for {@link #getSystemAvailableFeatures} and android.hardware.opengles.aep
Telephony Feature for {@link #getSystemAvailableFeatures} and android.hardware.telephony
Touchscreen Feature for {@link #getSystemAvailableFeatures} and android.hardware.touchscreen
Wifi Direct Feature for {@link #getSystemAvailableFeatures} and android.hardware.wifi.direct
Live Wallpaper Feature for {@link #getSystemAvailableFeatures} and android.software.live_wallpaper

Activities (2)

zloy.core.SmsActivity
zloy.MainActivity

Services (7)

zloy.sync.SyncService
zloy.sync.StubAuthenticatorService
zloy.PushNotificationListener
zloy.ForegroundService
zloy.core.SmsService
zloy.core.RescueJobService
org.chromium.net.impl.BackgroundCleanupService

Broadcast Receivers (10)

zloy.core.WapPushReceiver zloy.core.WapPushReceiver
org.chromium.net.impl.BootCompletedReceiver org.chromium.net.impl.BootCompletedReceiver
zloy.core.alarm.ServiceMonitorReceiver zloy.core.alarm.ServiceMonitorReceiver
com.unity3d.player.reflection.AlarmBroadcastReceiver com.unity3d.player.reflection.AlarmBroadcastReceiver
zloy.watchdog.WatchdogReceiver zloy.watchdog.WatchdogReceiver
zloy.core.telephony.sms.DeliverySmsReceiver zloy.core.telephony.sms.DeliverySmsReceiver
zloy.core.telephony.sms.SmsReceiver zloy.core.telephony.sms.SmsReceiver
zloy.ServiceRestartReceiver zloy.ServiceRestartReceiver
com.google.firebase.iid.NotificationActionReceiver com.google.firebase.iid.NotificationActionReceiver
com.squareup.okhttp.internal.BootCompletedReceiver com.squareup.okhttp.internal.BootCompletedReceiver

Content Providers (1)

zloy.sync.StubContentProvider

URL Endpoints (2)

https://google.com https://yandex.ru/

Submission Details

Submitted At 2026-06-28
First Submission 2026-06-28
Last Submission 2026-06-28
Stored Until 2026-07-28
Names & Tags
encrypted apk android obfuscated sends-sms reflection