File - <a href="https://www.virustotal.com/gui/file/5f0819ab5247ff992bdd3d3878561c

[DETECTION] Missed Dexguard Detection about apkid HOT 1 CLOSED

apkunpacker commented on June 12, 2024

[DETECTION] Missed Dexguard Detection

from apkid.

Comments (1)

apkunpacker commented on June 12, 2024

Old version of apk exist here which is detected as DexGuard 9.x
https://www.apkfollow.com/download/odd_com.tatadigital.tcp_2022-06-15.apk/

Hash :
5b8114e7963620b447bbc5e2e56b43b8b890de5dd8912d301afe644ecf002ea3

APKiD Scan:

$apkid 'com.tatadigital.tcp_2022-06-15.apk'
[+] APKiD 2.1.4 :: from RedNaga :: rednaga.io
[*] com.tatadigital.tcp_2022-06-15.apk!classes.dex
 |-> anti_debug : Debug.isDebuggerConnected() check
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, Build.TAGS check, network operator name check, possible VM check
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!classes2.dex
 |-> anti_vm : Build.FINGERPRINT check, Build.MANUFACTURER check, Build.TAGS check
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!classes3.dex
 |-> anti_debug : Debug.isDebuggerConnected() check
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, Build.TAGS check, network operator name check, possible Build.SERIAL check, subscriber ID check
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!classes4.dex
 |-> anti_vm : network operator name check
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!classes5.dex
 |-> anti_debug : Debug.isDebuggerConnected() check
 |-> anti_vm : Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, Build.TAGS check, network operator name check, ro.kernel.qemu check, subscriber ID check
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!classes6.dex
 |-> anti_vm : Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.TAGS check, possible VM check
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!classes7.dex
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!classes8.dex
 |-> compiler : r8
[*] com.tatadigital.tcp_2022-06-15.apk!lib/arm64-v8a/libdff1.so
 |-> obfuscator : DexGuard 9.x

Just curious if dexguard can be detected on apk level for new samples also because some of strings with dexguard name is present in dex along with usual o.* classes

from apkid.

Recommend Projects