Фото27 icon

____27.apk

Фото27

416.74 KB

Analyzed: 2026-05-29 01:18 UTC

Twitter / X Facebook LinkedIn WhatsApp Telegram Reddit
Analyze Another

APK Security & Privacy Score

Security scoring uses multi-engine scan signals and APK indicators. Privacy scoring uses requested permissions and network endpoint patterns.

Security Scan-weighted
26/100
Threat scan flagged Modern target SDK
Privacy Permissions & network
98/100
AllowBackup enabled Low data access
41/100
High Risk
Overall trust

Facts

Threat scan 19/75 flagged, 0 suspicious
Permissions 2 requested
Network strings 2 URLs (0 HTTP, 2 HTTPS)
Target SDK 34
Certificate Valid until 2047-12-30 (22 years, suspicious)

Warnings

Threat scan flagged: 19/75 scanners marked this file as malicious.
AllowBackup is enabled.
Package Name com.zloy
Version Code 1
Version Name 1.0
Application Name zloy.MyApp
Debuggable No
Allow Backup Yes
Min SDK Android 23 (Marshmallow)
Target SDK Android 34 (Android 14)
Supported ABIs
Universal

Certificate & Signer

Valid From 2020-08-13 20:29:11
Valid To 2047-12-30 20:29:11
Serial Number 8fb74c69dd0886cb
Thumbprint 7526a4e6b2b4aa67399a64383392e4eb19ee8f78
Issuer: C FE
Issuer: CN p0d3fa884
Issuer: DN C:FE, CN:p0d3fa884, L:lab80, O:c5a555a, ST:se9ff, OU:o6b962f
Issuer: L lab80
Issuer: O c5a555a
Issuer: OU o6b962f
Issuer: ST se9ff
Subject: C FE
Subject: CN p0d3fa884
Subject: DN C:FE, CN:p0d3fa884, L:lab80, O:c5a555a, ST:se9ff, OU:o6b962f
Subject: L lab80
Subject: O c5a555a
Subject: OU o6b962f
Subject: ST se9ff

Security Scan

19 /75
⚠️ Threats Detected
Detected by 19 vendors: AVG (Android:Evo-gen [Trj]), Alibaba (TrojanBanker:Android/Mamont.779dda02), Avast (Android:Evo-gen [Trj])
Scanned by 75 security vendors
Last scan: 2026-05-13 00:10 UTC
Malicious
19
Suspicious
0
Harmless
0
Undetected
45
Timeout
1
Failure
1

Scan Providers

75 vendors
ALYac undetected
No result reported
Engine 2.0.0.10
APEX type-unsupported
No result reported
Engine 6.777
AVG malicious
Android:Evo-gen [Trj]
Engine 23.9.8494.0
Acronis undetected
No result reported
Engine 1.2.0.121
AhnLab-V3 undetected
No result reported
Engine 3.30.0.10666
Alibaba malicious
TrojanBanker:Android/Mamont.779dda02
Engine 0.3.0.5
Antiy-AVL undetected
No result reported
Engine 3.0
Arcabit undetected
No result reported
Engine 2025.0.0.23
Avast malicious
Android:Evo-gen [Trj]
Engine 23.9.8494.0
Avast-Mobile malicious
Android:Evo-gen [Trj]
Engine 260512-02
Avira malicious
ANDROID/Evo.AG1576793.Gen
Engine 8.3.3.24
BitDefender undetected
No result reported
Engine 7.2
BitDefenderFalx malicious
Android.Riskware.Agent.aDSHL
Engine 2.0.936
Bkav type-unsupported
No result reported
Engine 8.2.40(8338)
CAT-QuickHeal undetected
No result reported
Engine 22.00
CMC undetected
No result reported
Engine 2.4.2022.1
CTX undetected
No result reported
Engine 2024.8.29.1
ClamAV undetected
No result reported
Engine 1.5.2.0
CrowdStrike undetected
No result reported
Engine 1.0
Cylance type-unsupported
No result reported
Engine 3.0.0.0
Cynet malicious
Malicious (score: 99)
Engine 4.0.3.4
DeepInstinct type-unsupported
No result reported
Engine 5.0.0.8
DrWeb malicious
Android.Banker.Mamont.193.origin
Engine 7.0.75.2070
ESET-NOD32 malicious
Android/Spy.Banker.EAR trojan
Engine 18.2.18.0
Elastic failure
No result reported
Emsisoft undetected
No result reported
Engine 2024.8.0.61147
F-Secure malicious
Trojan:Android/Corrupted.BB
Engine 18.10.1547.307
Fortinet undetected
No result reported
Engine 7.0.30.0
GData undetected
No result reported
Engine GD:27.44524AVA:64.31231
Google undetected
No result reported
Engine 1778626857
Gridinsoft undetected
No result reported
Engine 1.0.245.174
Ikarus malicious
Trojan-Spy.AndroidOS.Banker
Engine 6.4.16.0
Jiangmin undetected
No result reported
Engine 16.0.100
K7AntiVirus undetected
No result reported
Engine 14.52.59485
K7GW malicious
Trojan ( 006dc0cd1 )
Engine 14.52.59485
Kaspersky malicious
HEUR:Trojan-Banker.AndroidOS.Mamont.hl
Engine 22.0.1.28
Kingsoft undetected
No result reported
Engine None
Lionic undetected
No result reported
Engine 8.16
Malwarebytes undetected
No result reported
Engine 3.1.0.235
MaxSecure timeout
No result reported
Engine 1.0.0.1
McAfeeD malicious
ti!3E69F1A18CF8
Engine 1.2.0.14532
MicroWorld-eScan undetected
No result reported
Engine 14.0.409.0
Microsoft undetected
No result reported
Engine 1.1.26030.3008
NANO-Antivirus undetected
No result reported
Engine 1.0.170.26895
Paloalto type-unsupported
No result reported
Engine 0.9.0.1003
Panda undetected
No result reported
Engine 4.6.4.2
Rising undetected
No result reported
Engine 25.0.0.28
SUPERAntiSpyware undetected
No result reported
Engine 5.6.0.1032
Sangfor undetected
No result reported
Engine 2.22.3.0
SentinelOne type-unsupported
No result reported
Engine 7.6.2.19
Skyhigh undetected
No result reported
Engine v2021.2.0+4045
Sophos undetected
No result reported
Engine 3.4.1.0
Symantec malicious
Trojan.Gen.NPE
Engine 1.22.0.0
SymantecMobileInsight malicious
AppRisk:Generisk
Engine 2.0
TACHYON undetected
No result reported
Engine 2026-05-12.02
Tencent malicious
a.privacy.InfoStealer
Engine 1.0.0.1
Trapmine type-unsupported
No result reported
Engine 4.0.12.0
TrellixENS malicious
Artemis!E76EAE4884DC
Engine 6.0.6.653
TrendMicro undetected
No result reported
Engine 24.550.0.1002
TrendMicro-HouseCall undetected
No result reported
Engine 24.550.0.1002
Trustlook malicious
Android.Malware.Trojan
Engine 1.0
VBA32 undetected
No result reported
Engine 5.6.0
VIPRE undetected
No result reported
Engine 6.0.0.35
Varist undetected
No result reported
Engine 6.6.1.3
ViRobot undetected
No result reported
Engine 2014.3.20.0
VirIT undetected
No result reported
Engine 9.5.1205
Webroot undetected
No result reported
Engine 1.9.0.8
Xcitium undetected
No result reported
Engine 38641
Yandex undetected
No result reported
Engine 5.5.2.24
Zillya undetected
No result reported
Engine 2.0.0.5600
ZoneAlarm undetected
No result reported
Engine 6.24-114820814
Zoner undetected
No result reported
Engine 2.2.2.0
alibabacloud type-unsupported
No result reported
Engine 2.2.0
huorong undetected
No result reported
Engine 8e87f09:8e87f09:364e302:364e302
tehtris type-unsupported
No result reported
Engine v0.1.4

File Signatures

SHA-256 3e69f1a18cf84c5c8184b163326fac677926b3ef78414547e44fe9d133d20b5b
MD5 e76eae4884dca101705086161f7ac701
SHA-1 f1e4977593c9c187b2b0ee3c96fef462f12317c5
SSDEEP 12288:D0RgeL3dRGAXPLe8otOGyLgUxOopbAbhEOIeNjEjNgv:uTjTDe8iGxn8hEOVEj2
TLSH T1AE94F047E70662EAE5F28C3B9C470631A4338D38D6538ADB5E54F13818BA38C975DBD8
VHASH dc1b51af57a74feab0da34259d7e6717

File Intelligence

Type Description Android Human-friendly file type name based on multiple detection methods.
Type Extension apk Most likely file extension inferred from the content.
Type Tag android Primary type tag assigned by the classifier.
Type Tags executable, mobile, android, apk Additional type tags that describe the file content.
Magic Zip archive data, at least v2.0 to extract, compression method=deflate File signature result from magic bytes inspection.
Magika APK File type predicted by Magika (ML-based file type detection).
TrID Sweet Home 3D Design (generic) (72.4%), ZIP compressed archive (27.5%) TrID file type guesses with probabilities.
dhash 0000001c1e0d1400 Perceptual hash used to compare visual similarity of files.
raw md5 2aa78515fedea4e876a9101b07a8cf34 Raw MD5 hash of the file contents.
extensions png (26), xml (18), kotlin_builtins (7), arsc (1), dex (1), gz (1), json (1) File extensions found inside the APK and how many of each.
highest datetime 2020-08-13 23:29:10 UTC Latest timestamp found among files inside the archive.
lowest datetime 2020-08-13 23:29:10 UTC Earliest timestamp found among files inside the archive.
num children 56 Number of files contained within the archive.
type ZIP Container type detected for the analyzed file.
uncompressed size 642 KB Estimated total size of all files after extraction.

Sandbox

Sandbox Verdicts

Zenbox android
Malicious 64% confidence MALWARE TROJAN EVADER

Deep Manifest Analysis

Activity Intents (2)

zloy.MainActivity
Actions
Main Activity Action: Start as a main entry point, does not expect to android.intent.action.MAIN
Categories
android.intent.category.DEFAULT android.intent.category.INFO
zloy.core.SmsActivity
Actions
Send Activity Action: Deliver some data to someone else. android.intent.action.SEND
Sendto Activity Action: Send a message to someone specified by the data. android.intent.action.SENDTO
Categories
android.intent.category.DEFAULT android.intent.category.BROWSABLE

Service Intents (5)

zloy.ForegroundService
Actions
android.provider.Telephony.SMS_RECEIVED android.provider.Telephony.SMS_RECEIVED
Send Activity Action: Deliver some data to someone else. android.intent.action.SEND
RESTART_SERVICE RESTART_SERVICE
zloy.PushNotificationListener
Actions
android.service.notification.NotificationListenerService android.service.notification.NotificationListenerService
zloy.core.SmsService
Actions
android.intent.action.RESPOND_VIA_MESSAGE android.intent.action.RESPOND_VIA_MESSAGE
zloy.sync.StubAuthenticatorService
Actions
android.accounts.AccountAuthenticator android.accounts.AccountAuthenticator
zloy.sync.SyncService
Actions
android.content.SyncAdapter android.content.SyncAdapter

Receiver Intents (6)

zloy.ServiceRestartReceiver
Actions
Locked Boot Completed Broadcast Action: This is broadcast once, after the system has finished android.intent.action.LOCKED_BOOT_COMPLETED
Boot Completed Broadcast Action: This is broadcast once, after the system has finished android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON com.htc.intent.action.QUICKBOOT_POWERON
My Package Replaced Broadcast Action: A new version of your application has been installed android.intent.action.MY_PACKAGE_REPLACED
zloy.RESTART_SERVICE zloy.RESTART_SERVICE
android.provider.action.DEFAULT_SMS_PACKAGE_CHANGED android.provider.action.DEFAULT_SMS_PACKAGE_CHANGED
User Unlocked Broadcast Action: Sent when the credential-encrypted private storage has android.intent.action.USER_UNLOCKED
zloy.core.WapPushReceiver
Actions
android.provider.Telephony.WAP_PUSH_DELIVER android.provider.Telephony.WAP_PUSH_DELIVER
zloy.core.alarm.ServiceMonitorReceiver
Actions
zloy.SERVICE_MONITOR zloy.SERVICE_MONITOR
zloy.core.telephony.sms.DeliverySmsReceiver
Actions
SMS_DELIVERED SMS_DELIVERED
SMS_SENT SMS_SENT
zloy.core.telephony.sms.SmsReceiver
Actions
android.provider.Telephony.SMS_RECEIVED android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_DELIVER android.provider.Telephony.SMS_DELIVER
zloy.watchdog.WatchdogReceiver
Actions
zloy.WATCHDOG_PING zloy.WATCHDOG_PING

Requested Permissions (2)

have full network access Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. android.permission.INTERNET
view network connections Allows the app to view information about network connections such as which networks exist and are connected. android.permission.ACCESS_NETWORK_STATE

Uses Features (7)

Location Feature for {@link #getSystemAvailableFeatures} and android.hardware.location
Sensor Barometer Feature for {@link #getSystemAvailableFeatures} and android.hardware.sensor.barometer
Sensor Step Detector Feature for {@link #getSystemAvailableFeatures} and android.hardware.sensor.stepdetector
Telephony Feature for {@link #getSystemAvailableFeatures} and android.hardware.telephony
Vulkan Hardware Version Feature for {@link #getSystemAvailableFeatures} and android.hardware.vulkan.version
App Widgets Feature for {@link #getSystemAvailableFeatures} and android.software.app_widgets
Managed Profiles @hide android.software.managed_users

Activities (2)

zloy.MainActivity
zloy.core.SmsActivity

Services (8)

zloy.sync.SyncService
zloy.sync.StubAuthenticatorService
com.google.android.gms.measurement.DeviceStatusMonitorService
zloy.core.SmsService
zloy.PushNotificationListener
androidx.core.app.TokenRefreshService
io.reactivex.internal.schedulers.JobExecutionService
zloy.ForegroundService

Broadcast Receivers (8)

zloy.ServiceRestartReceiver zloy.ServiceRestartReceiver
zloy.core.telephony.sms.DeliverySmsReceiver zloy.core.telephony.sms.DeliverySmsReceiver
zloy.core.telephony.sms.SmsReceiver zloy.core.telephony.sms.SmsReceiver
zloy.core.WapPushReceiver zloy.core.WapPushReceiver
zloy.core.alarm.ServiceMonitorReceiver zloy.core.alarm.ServiceMonitorReceiver
androidx.lifecycle.ConnectivityChangeReceiver androidx.lifecycle.ConnectivityChangeReceiver
zloy.watchdog.WatchdogReceiver zloy.watchdog.WatchdogReceiver
androidx.work.impl.background.InstallReferrerReceiver androidx.work.impl.background.InstallReferrerReceiver

Content Providers (4)

zloy.sync.StubContentProvider
com.squareup.okhttp.internal.FacebookInitProvider
com.google.firebase.iid.LifecycleProcessLifecycleOwner
io.reactivex.internal.schedulers.FacebookInitProvider

URL Endpoints (2)

https://photo2025-11-28.ct.ws/ https://yandex.ru/

Submission Details

Submitted At 2026-05-29
First Submission 2026-05-29
Last Submission 2026-05-29
Stored Until 2026-06-28
Names & Tags
Фοтο27.apk encrypted android obfuscated sends-sms apk reflection