ANDROID STATIC ANALYSIS REPORT

 Duit Sayang (1.0.2)

File Name: Duit Sayang-Kredit Uang Kilat_1.0.2.apk

Package Name: com.duitsayang

Scan Date: Oct. 13, 2023, 9:33 a.m.

App Security Score: 42/100 (MEDIUM RISK)

Grade:
B
Trackers Detection: 1/428
 FINDINGS SEVERITY

 HIGH  MEDIUM  INFO  SECURE  HOTSPOT

6 14 3 2 1

 FILE INFORMATION
File Name: Duit Sayang-Kredit Uang Kilat_1.0.2.apk
Size: 5.51MB
MD5: d1c6530476a71dc267a20ddaccd40abc
SHA1: c022ec32f5ea57724f42e8c417f5a56c19265266
SHA256: fd70e4b5fc5cab202d61fc03f19956461555c9b40585e704bbf3b1056a8d4b91

 APP INFORMATION
App Name: Duit Sayang
Package Name: com.duitsayang
Main Activity: com.duitsayang.peachview.home.StartActivity
Target SDK: 31
Min SDK: 21
Max SDK:
Android Version Name: 1.0.2
Android Version Code: 2

 APP COMPONENTS
Activities: 33
Services: 12
Receivers: 4
Providers: 5
Exported Activities: 0
Exported Services: 2
Exported Receivers: 3
Exported Providers: 0

 CERTIFICATE INFORMATION
Binary is signed
v1 signature: True
v2 signature: True
v3 signature: True
v4 signature: False
X.509 Subject: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2023-08-03 12:08:20+00:00
Valid To: 2053-08-03 12:08:20+00:00
Issuer: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android
Serial Number: 0x954fcd4b6aeb9cf5e6847a6630331d1fe14a74b7
Hash Algorithm: sha256
md5: e9a073a34455686d1a5987ee9f7f2ec3
sha1: 27130144955210ce493c6c0b36d1e0e4da98c414
sha256: 0622d9362e05edf45918f37fcc50e9d2a41847a2453d41ed7770070ad9bce1f7
sha512: 4c233734fbad9e8305086ba60c13e6a038d9af526da2f557cdefb96c8a03df3cb42a8925d0324b78e83c291db112c8b01e9311d13783d25f2edf4bc8db735a7f
PublicKey Algorithm: rsa
Bit Size: 4096
Fingerprint: 43d6f0a6f0082e1ad46b54bd703682894889319649883884be8c239daf492a71
Found 1 unique certificates
 APPLICATION PERMISSIONS

PERMISSION STATUS INFO DESCRIPTION

Access coarse location sources, such as the mobile

coarse
network database, to determine an approximate
(network-
android.permission.ACCESS_COARSE_LOCATION dangerous phone location, where available. Malicious
based)
applications can use this to determine
location
approximately where you are.

create
Allows applications to connect to paired bluetooth
android.permission.BLUETOOTH normal Bluetooth
devices.
connections

view Wi-Fi Allows an application to view the information

android.permission.ACCESS_WIFI_STATE normal
status about the status of Wi-Fi.

full Internet
android.permission.INTERNET normal Allows an application to create network sockets.
access

Allows the application to access the phone

features of the device. An application with this
read phone
permission can determine the phone number and
android.permission.READ_PHONE_STATE dangerous state and
serial number of this phone, whether a call is
identity
active, the number that call is connected to and so
on.

take Allows application to take pictures and videos with

android.permission.CAMERA dangerous pictures the camera. This allows the application to collect
and videos images that the camera is seeing at any time.

Allows application to read SMS messages stored

read SMS or
android.permission.READ_SMS dangerous on your phone or SIM card. Malicious applications
MMS
may read your confidential messages.
PERMISSION STATUS INFO DESCRIPTION

android.permission.READ_CALL_LOG dangerous Allows an application to read the user's call log.

view
Allows an application to view the status of all
android.permission.ACCESS_NETWORK_STATE normal network
networks.
status

Unknown
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE unknown Unknown permission from android reference
permission

mount and
Allows the application to mount and unmount file
android.permission.MOUNT_UNMOUNT_FILESYSTEMS dangerous unmount
systems for removable storage.
file systems

prevent
Allows an application to prevent the phone from
android.permission.WAKE_LOCK normal phone from
going to sleep.
sleeping

C2DM
com.google.android.c2dm.permission.RECEIVE signature Permission for cloud to device messaging.
permissions

 APKID ANALYSIS

FILE DETAILS
FILE DETAILS

FINDINGS DETAILS

Build.FINGERPRINT check
Build.MODEL check
Build.MANUFACTURER check
Build.PRODUCT check
Build.BOARD check
Anti-VM Code
possible Build.SERIAL check
Build.TAGS check
SIM operator check
classes.dex network operator name check
ro.kernel.qemu check

Compiler dx

 BROWSABLE ACTIVITIES

ACTIVITY INTENT

Schemes: @string/scheme_duit://,
com.duitsayang.peachview.home.StartActivity Hosts: @string/scheme_host_duit,
Path Prefixes: @string/scheme_path_duit,
 NETWORK SECURITY
HIGH: 1 | WARNING: 0 | INFO: 0 | SECURE: 0

NO SCOPE SEVERITY DESCRIPTION

1 * high Base config is insecurely configured to permit clear text traffic to all domains.

 CERTIFICATE ANALYSIS
HIGH: 0 | WARNING: 1 | INFO: 1

TITLE SEVERITY DESCRIPTION

Signed Application info Application is signed with a code signing certificate

Application Application is signed with v1 signature scheme, making it vulnerable to Janus vulnerability on Android 5.0-8.0, if signed
vulnerable to Janus warning only with v1 signature scheme. Applications running on Android 5.0-7.0 signed with v1, and v2/v3 scheme is also
Vulnerability vulnerable.

 MANIFEST ANALYSIS
HIGH: 3 | WARNING: 4 | INFO: 0 | SUPPRESSED: 0

NO ISSUE SEVERITY DESCRIPTION

This application can be installed on an older version

App can be installed on a vulnerable Android version of android that has multiple unfixed vulnerabilities.
1 warning
[minSdk=21] Support an Android version > 8, API 26 to receive
reasonable security updates.
NO ISSUE SEVERITY DESCRIPTION

The Network Security Configuration feature lets apps

customize their network security settings in a safe,
App has a Network Security Configuration
2 info declarative configuration file without modifying app
[android:networkSecurityConfig=@xml/network]
code. These settings can be configured for specific
domains and for a specific app.

Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) is not A Broadcast Receiver is found to be shared with other
3 Protected. high apps on the device therefore leaving it accessible to
[android:exported=true] any other application on the device.

A Service is found to be shared with other apps on the

Service (com.duitsayang.pomelofirebase.MessageService) is not Protected.
4 high device therefore leaving it accessible to any other
[android:exported=true]
application on the device.

Broadcast Receiver (com.duitsayang.pomelofirebase.MessageBroadcastReceiver) A Broadcast Receiver is found to be shared with other

5 is not Protected. high apps on the device therefore leaving it accessible to
[android:exported=true] any other application on the device.

If taskAffinity is set, then other application could read

TaskAffinity is set for activity
6 warning
(com.readystatesoftware.chuck.internal.ui.MainActivity)
the Intents sent to Activities belonging to another
task. Always use the default setting keeping the
affinity as the package name in order to prevent
sensitive information inside sent or received Intents
from being read by another application.
 NO ISSUE SEVERITY DESCRIPTION

A Service is found to be shared with other apps on the

Service (com.google.android.gms.auth.api.signin.RevocationBoundService) is
Protected by a permission, but the protection level of the permission should be
checked.
7 warning
Permission:
com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION
[android:exported=true]
device therefore leaving it accessible to any other
application on the device. It is protected by a
permission which is not defined in the analysed
application. As a result, the protection level of the
permission should be checked where it is defined. If it
is set to normal or dangerous, a malicious application
can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.

A Broadcast Receiver is found to be shared with other

Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is
Protected by a permission, but the protection level of the permission should be
8 checked.
Permission: com.google.android.c2dm.permission.SEND
[android:exported=true]
apps on the device therefore leaving it accessible to
any other application on the device. It is protected by
a permission which is not defined in the analysed
application. As a result, the protection level of the
warning permission should be checked where it is defined. If it
is set to normal or dangerous, a malicious application
can request and obtain the permission and interact
with the component. If it is set to signature, only
applications signed with the same certificate can
obtain the permission.

 CODE ANALYSIS
HIGH: 2 | WARNING: 7 | INFO: 3 | SECURE: 2 | SUPPRESSED: 0

NO ISSUE SEVERITY STANDARDS FILES

NO ISSUE SEVERITY STANDARDS FILES

Files may contain hardcoded
1 sensitive information like usernames,
passwords, keys etc.
CWE: CWE-312: Cleartext Storage of Sensitive
Information
warning
OWASP Top 10: M9: Reverse Engineering
OWASP MASVS: MSTG-STORAGE-14
aan/ssnnukahu.java
com/bumptech/glide/load/engine/Dk
usDnuKa.java
com/bumptech/glide/load/engine/ks.j
ava
com/bumptech/glide/load/engine/ssn
nukahu.java
com/lzy/okgo/cache/CacheEntity.java
com/lzy/okgo/exception/CacheExcepti
on.java

DDs/DDs.java
Du/Dsus.java
Du/uss.java
KKuhn/huh.java
aDahsssnk/husuDahkD.java
aak/uhaa.java
ahu/uKK.java
aku/huh.java
au/Dsus.java
au/nh.java
butterknife/ButterKnife.java
com/appsflyer/AFLogger.java
com/appsflyer/internal/ab.java
com/appsflyer/internal/ba.java
com/appsflyer/internal/bs.java
com/appsflyer/internal/bu.java
com/appsflyer/internal/ch.java
com/appsflyer/internal/i.java
com/appsflyer/internal/u.java
com/appsflyer/internal/y.java
com/appsflyer/share/LinkGenerator.ja
va
com/blankj/utilcode/util/DDs.java
com/blankj/utilcode/util/DkusDnuKa.j
ava
com/blankj/utilcode/util/ThreadUtils.j
 ava
NO ISSUE SEVERITY STANDARDS FILES
com/blankj/utilcode/util/uhaa.java
com/bumptech/glide/huh.java
com/bumptech/glide/load/data/hDDh
.java
com/bumptech/glide/load/data/hasuK
.java
com/bumptech/glide/load/data/huh.ja
va
com/bumptech/glide/load/engine/DD
s.java
com/bumptech/glide/load/engine/Dec
odeJob.java
com/bumptech/glide/load/engine/Ds.j
ava
com/bumptech/glide/load/engine/Gli
deException.java
com/bumptech/glide/load/engine/uss.
java
com/bumptech/glide/load/resource/bi
tmap/DefaultImageHeaderParser.java
com/bumptech/glide/load/resource/bi
tmap/VideoDecoder.java
com/bumptech/glide/load/resource/bi
tmap/auKu.java
com/bumptech/glide/load/resource/bi
tmap/hDDh.java
com/bumptech/glide/load/resource/bi
tmap/nh.java
com/bumptech/glide/load/resource/bi
tmap/ssnnukahu.java
com/bumptech/glide/load/resource/bi
tmap/uaDsK.java
com/bumptech/glide/load/resource/bi
tmap/uaKh.java
com/bumptech/glide/manager/Reque
stManagerFragment.java
com/bumptech/glide/manager/husuD
ahkD.java
com/bumptech/glide/manager/uss.jav
 a
NO ISSUE SEVERITY STANDARDS FILES
com/bumptech/glide/request/SingleR
equest.java
com/duitsayang/orangebase/BaseActi
vity.java
com/duitsayang/peachview/SobatMai
nActivity.java
com/duitsayang/peachview/fragment/
DuitFragment.java
com/jude/easyrecyclerview/EasyRecyc
lerView.java
com/jude/easyrecyclerview/swipe/Swi
peRefreshLayout.java
com/tbruyelle/rxpermissions2/RxPer
missionsFragment.java
hDussnuDh/huh.java
CWE: CWE-532: Insertion of Sensitive Information into
The App logs information. Sensitive hDussnuDh/uKK.java
2 info Log File
information should never be logged. haD/uss.java
OWASP MASVS: MSTG-STORAGE-3
hh/Dsus.java
hh/hasuK.java
hha/DDs.java
hha/hDDh.java
hha/hhu.java
hha/husuDahkD.java
hha/nh.java
hha/un.java
hhhshs/uKK.java
hhuKnK/huh.java
hkhu/Dsus.java
hkhu/huh.java
hknDhknnD/uKK.java
hnahu/husuDahkD.java
hnahu/nh.java
hnahu/ssnnukahu.java
hnsa/hasuK.java
hnsa/nh.java
hnsa/uKK.java
hssKnuasK/ssnnukahu.java
huD/uKK.java
huKn/husuDahkD.java
 huauu/Dsus.java
NO ISSUE SEVERITY STANDARDS FILES
huauu/ssnnukahu.java
husuDahkD/ssnnukahu.java
kKuDKasuD/uKK.java
ks/nh.java
kshDhh/huh.java
kuKsush/ssnnukahu.java
na/hhu.java
na/nh.java
na/ssnnukahu.java
na/uKK.java
nkk/husuDahkD.java
nnass/huh.java
org/greenrobot/greendao/AbstractDa
o.java
org/greenrobot/greendao/DaoExcepti
on.java
org/greenrobot/greendao/DaoLog.jav
a
org/greenrobot/greendao/DbUtils.java
org/greenrobot/greendao/async/Asyn
cOperationExecutor.java
org/greenrobot/greendao/internal/Lo
ngHashMap.java
org/greenrobot/greendao/query/Quer
yBuilder.java
org/greenrobot/greendao/test/Abstrac
tDaoTest.java
org/greenrobot/greendao/test/Abstrac
tDaoTestLongPk.java
org/greenrobot/greendao/test/Abstrac
tDaoTestSinglePk.java
org/greenrobot/greendao/test/DbTest.
java
sKa/nh.java
sahK/uss.java
sh/hDDh.java
shhs/hasuK.java
shhs/un.java
skh/nh.java
 skh/ssnnukahu.java
NO ISSUE SEVERITY STANDARDS FILES
skh/uss.java
sn/as.java
sn/hhu.java
sn/hknhKauu.java
sn/nh.java
sn/ssnnukahu.java
ss/uKK.java
ssDKh/nh.java
ssh/uKK.java
sssussDDs/DDs.java
sssussDDs/DkusDnuKa.java
suns/uKK.java
sush/ssnnukahu.java
top/zibin/luban/Checker.java
top/zibin/luban/nh.java
uaua/nh.java
ukKauD/uKK.java
unkshau/hDDh.java
unkshau/un.java
ush/sh.java
App creates temp file. Sensitive CWE: CWE-276: Incorrect Default Permissions ush/uuk.java
3 information should never be written warning OWASP Top 10: M2: Insecure Data Storage huD/uKK.java
into a temp file. OWASP MASVS: MSTG-STORAGE-2

KKkK/hnahu.java
KKkK/na.java
KKkK/sh.java
assunh/hhu.java
App uses SQLite Database and
com/duitsayang/rupiah/data/utils/Dat
execute raw SQL query. Untrusted
CWE: CWE-89: Improper Neutralization of Special aBeanDao.java
user input in raw SQL queries can
4 warning Elements used in an SQL Command ('SQL Injection') org/greenrobot/greendao/AbstractDa
cause SQL Injection. Also sensitive
OWASP Top 10: M7: Client Code Quality o.java
information should be encrypted and
org/greenrobot/greendao/DbUtils.java
written to the database.
org/greenrobot/greendao/database/St
andardDatabase.java
shau/Dsus.java
shau/nh.java
NO ISSUE SEVERITY
This App may have root detection
5 secure
capabilities.
SHA-1 is a weak hash known to have
6 warning
hash collisions.
The App uses an insecure Random
7 warning
Number Generator.
The file or SharedPreference is World
8 Readable. Any App can read from the high
file
This App copies data to clipboard.
Sensitive data should not be copied
9 info
to clipboard as other applications can
access it.
MD5 is a weak hash known to have
10 warning
hash collisions.
This App uses SQL Cipher. SQLCipher
11 provides 256-bit AES encryption to info
sqlite database files.
STANDARDS FILES
aDahsssnk/auKu.java
OWASP MASVS: MSTG-RESILIENCE-1 aku/uhaa.java
CWE: CWE-327: Use of a Broken or Risky Cryptographic
Algorithm
hknDhknnD/uKK.java
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-4
com/appsflyer/internal/b.java
CWE: CWE-330: Use of Insufficiently Random Values
nK/uKK.java
OWASP Top 10: M5: Insufficient Cryptography
org/greenrobot/greendao/test/DbTest.
OWASP MASVS: MSTG-CRYPTO-6
java
CWE: CWE-276: Incorrect Default Permissions
OWASP Top 10: M2: Insecure Data Storage com/appsflyer/internal/ab.java
OWASP MASVS: MSTG-STORAGE-2
aDahsssnk/husuDahkD.java
OWASP MASVS: MSTG-STORAGE-10
CWE: CWE-327: Use of a Broken or Risky Cryptographic
Algorithm com/appsflyer/internal/ai.java
OWASP Top 10: M5: Insufficient Cryptography hhuKnK/un.java
OWASP MASVS: MSTG-CRYPTO-4
org/greenrobot/greendao/database/S
OWASP MASVS: MSTG-CRYPTO-1 qlCipherEncryptedHelper.java
NO ISSUE SEVERITY STANDARDS FILES

App can read/write to External
12 Storage. Any App can read data
written to External Storage.
aDahsssnk/auKu.java
CWE: CWE-276: Incorrect Default Permissions
com/duitsayang/pearapi/huh.java
warning OWASP Top 10: M2: Insecure Data Storage
hhuKnK/nh.java
OWASP MASVS: MSTG-STORAGE-2
uDkks/Dsus.java

The App uses the encryption mode
CBC with PKCS5/PKCS7 padding. This
13
configuration is vulnerable to
padding oracle attacks.
CWE: CWE-649: Reliance on Obfuscation or Encryption
of Security-Relevant Inputs without Integrity Checking
high kuDD/husuDahkD.java
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-3

This App uses SSL certificate pinning

14 to detect or prevent MITM attacks in secure nn/uKK.java
OWASP MASVS: MSTG-NETWORK-4
secure communication channel.

 SHARED LIBRARY BINARY ANALYSIS

STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
lib/armeabi- executable stack buffer that path or commons insecure
1
v7a/libimage_processing_util_jni.so making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
executable stack buffer that path or commons insecure
2 lib/x86/libimage_processing_util_jni.so
making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
lib/arm64- executable stack buffer that path or
3
v8a/libimage_processing_util_jni.so making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
executable stack buffer that path or
4 lib/x86_64/libimage_processing_util_jni.so
making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
lib/armeabi- executable stack buffer that path or commons insecure
5
v7a/libimage_processing_util_jni.so making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None False True

info info info info warning info
The binary This binary has a The The binary The binary does not Symbols are
has NX bit stack canary binary does not have any fortified stripped.
set. This value added to does not have functions. Fortified
marks a the stack so that have RUNPATH functions provides
memory it will be run-time set. buffer overflow checks
page non- overwritten by a search against glibc's
executable stack buffer that path or commons insecure
6 lib/x86/libimage_processing_util_jni.so
making overflows the RPATH functions like strcpy,
attacker return address. set. gets etc. Use the
injected This allows compiler option -
shellcode detection of D_FORTIFY_SOURCE=2
non- overflows by to fortify functions.
executable. verifying the This check is not
integrity of the applicable for
canary before Dart/Flutter libraries.
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
lib/arm64- executable stack buffer that path or
7
v8a/libimage_processing_util_jni.so making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.
 STACK SYMBOLS
NO SHARED OBJECT NX RPATH RUNPATH FORTIFY
CANARY STRIPPED

True True None None True True

info info info info info info
The binary This binary has a The The binary The binary has the Symbols are
has NX bit stack canary binary does not following fortified stripped.
set. This value added to does not have functions:
marks a the stack so that have RUNPATH ['__memcpy_chk']
memory it will be run-time set.
page non- overwritten by a search
executable stack buffer that path or
8 lib/x86_64/libimage_processing_util_jni.so
making overflows the RPATH
attacker return address. set.
injected This allows
shellcode detection of
non- overflows by
executable. verifying the
integrity of the
canary before
function return.

 NIAP ANALYSIS v1.3

NO IDENTIFIER REQUIREMENT FEATURE DESCRIPTION

 OFAC SANCTIONED COUNTRIES

This app may communicate with the following OFAC sanctioned list of countries.
DOMAIN COUNTRY/REGION

 DOMAIN MALWARE CHECK

DOMAIN STATUS GEOLOCATION

sregister.s ok No Geolocation information available.

sdlsdk.s ok No Geolocation information available.

accounts.google.com
IP: 142.250.74.173
Country: United States of America
Region: California
ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

sconversions.s ok No Geolocation information available.

sars.s ok No Geolocation information available.

IP: 142.250.74.174
Country: United States of America
Region: California
plus.google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map
DOMAIN STATUS GEOLOCATION

IP: 95.101.133.59
Country: Sweden
Region: Stockholms lan
cdn-testsettings.appsflyersdk.com ok City: Stockholm
Latitude: 59.332581
Longitude: 18.064899
View: Google Map

IP: 140.82.121.4
Country: United States of America
Region: California
github.com ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

IP: 95.101.133.59
Country: Sweden
Region: Stockholms lan
cdn-settings.appsflyersdk.com ok City: Stockholm
Latitude: 59.332581
Longitude: 18.064899
View: Google Map

sinapps.s ok No Geolocation information available.

sadrevenue.s ok No Geolocation information available.

DOMAIN STATUS GEOLOCATION

IP: 172.217.21.174
Country: United States of America
Region: California
play.google.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

sattr.s ok No Geolocation information available.

smonitorsdk.s ok No Geolocation information available.

IP: 157.240.205.60
Country: Netherlands
Region: Noord-Holland
api.whatsapp.com ok City: Amsterdam
Latitude: 52.374031
Longitude: 4.889690
View: Google Map

simpression.s ok No Geolocation information available.

IP: 85.13.163.69
Country: Germany
Region: Thuringen
greenrobot.org ok City: Friedersdorf
Latitude: 50.604919
Longitude: 11.035770
View: Google Map

ssdk-services.s ok No Geolocation information available.

DOMAIN STATUS GEOLOCATION

sapp.s ok No Geolocation information available.

sstats.s ok No Geolocation information available.

slaunches.s ok No Geolocation information available.

IP: 151.101.2.132
Country: United States of America
Region: California
xml.apache.org ok City: San Francisco
Latitude: 37.775700
Longitude: -122.395203
View: Google Map

sonelink.s ok No Geolocation information available.

schemas.android.com ok No Geolocation information available.

IP: 216.58.211.14
Country: United States of America
Region: California
developer.android.com ok City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

sgcdsdk.s ok No Geolocation information available.

svalidate.s ok No Geolocation information available.

ns.adobe.com ok No Geolocation information available.

 TRACKERS

TRACKER CATEGORIES URL

AppsFlyer Analytics https://reports.exodus-privacy.eu.org/trackers/12

 HARDCODED SECRETS

POSSIBLE SECRETS

"google_api_key" : "AIzaSyC2XHvwgDEzf8W2hR0mB4GrA09SYER7w1M"

"google_crash_reporting_api_key" : "AIzaSyC2XHvwgDEzf8W2hR0mB4GrA09SYER7w1M"

fIM510RA3pv29gppJCD3Yv7O6RqgeE/nu15wQ0hX1tc=

ctyt6mwcplNROZ3WDklSj+L7AwEhR3LW6xyqX08kIW0=

NO8iYFf1Wd7Lg5jNS6Zt9T8GQklr+8WhnZCGMlgTu+M=

jUpo2CeKxnHYlTDKOhms4UFEOQUxEqMqGhGHqSJtc+M=

cR/CWfFzvctqb4yM0d81ZkM1v0mDNGmXMYlQCSlyllA=

rNHTchdDNzQL8flnXCQ5GXC60fgvUg1JBnwTtQ0WSoc=

Nhp6oAbkegbW2x70ymFzl7E+r+DJFC6dPeW9oecBWNs=
POSSIBLE SECRETS

FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901

giA/kLhflGyPssvu9I1HUeJPay5XFN8L49KAfjhWlYQ=

83s/OOf1Gn3yCpMbTLn193RYlLAKwjFekl6NULTQaaM=

RDpGKRu0scxAb+mBKNGl7c079KGW/E7RYkRVkF4VFDvVvHQiXwo6WbozG5+sVhxFUGen3FBbw74HviehK4b2D4nEwtrokk2KTQ12t1xdn6A=

481vrWx2uDNFRck5TCEqgQ==

WUMieu6Vrh7ZXFEHmzw2BA==

FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212

XGgpkIlElVl1V2WjaYDe1ywglQyRzp2z9McI8JBu8YY=

ikp2ebHuOqeE30vYdfZtHvYak6K0SQHU9bPXDMKu1N8=

EYKHgsRXUXv9cDTkwgsjZzC0vn95ExHHo+++Tttnkx51EcbKq5XHUf3nBOkx/X8feGqv6eEaRfDHWPecPb83VQ==

aPM5EK2xvhOONw1+ySgHuujvShyl8rbI+voh9jwPONU=

jwUeLM8jO64uBm5f6iKv9maHr102kx8QraTzTsMmpNo=

EBsmFkHpXUtutVgOH6I83Mu7+SkuWenk0nopgAyyEIo=

unyId7XEkcKsQQOWj8sQp6Y5zUQBHZXgjFKi1SHshyYXV0MmXaeXqvhJPxVK082O1vqG18rNg84WCpv99Ebhw4QEZ0dTFQWHIl8jzbzgOMo=

hBEnGs9HLEtqU0Ayg2eZe7bLLdj4aTGX5Zw2bYvydBo=
POSSIBLE SECRETS

VQQNjh2oln2AMTPPZp2YBSXbXutAZ8B22FrLnVtq1JhBlfnsYLBb70MPx6RoGPfJWTf6AnOgdQU81ZfSHxt58Ol33xqXhMHL8PF+79dwq6pkzqdHwFWHS7xkDBRhyl4GNGx
Y+gWP1D3bP4+UtmwJGKHTfD8G36fJAL/r33z030U=

MHNhYTNpc3htbHNyamxtaWR1OHV6ZjU4bw==

z9XfZw8HjIbiN9xKjXWCN81TmZa7TXDCKQvtbgywQXw=

KwB7FPAVfA9xGulZEGMb7utO2BYq9FcZFz+R0GCYszHVN7kaLvJxqjDODhCF0w3ZLAL3wzQueRCaPonhU1ralbh0ddDNl/7L2HSIdTqHgp4=

PWua6ZrMEq4m+0dSbTLhFXYMh/b0guxoR6ApZ5oktt4=

DopdEm1ONS32MFh0EXYqGsRymRXcRdmR5BZASNRGrGo=

Y6Y8P4z8xboxX4xIc5A0yJNDRcY+qAGimOmKa+c/ZjA=

GjPjAe0GgpYQranOiSHT38d19XBeVUUd3RUSfahImBM=

uS6axJgfwp6u7KNiHcgpYXSuR0p6FesU20IZXca6vCg=

SCZtH/7aHHOpEBQyKsZdhObKhvN7ms9gzRQO5dAWLbk=

DopdEm1ONS32MFh0EXYqGj6WdC6uMgLWc/QLNM4cUn4=

LP2xx5CvTGQ7qSDzFb5rIvZM3y0Hp3s4Nx4P+3QWfLQ=

mi5Wl1JluW4B4qQhS2mk9LnapH56iWk9BFZOqGoB/+A=

hNxbb6nEmhBZLdyfxjwRINbrYtRwQFszCtF+ZMEqiF8=

XDASjpZ8PRrl4fIWyEYKoQ==
POSSIBLE SECRETS

MShqbswfWDFa5XTBkCHl4A==

NO8iYFf1Wd7Lg5jNS6Zt9YsQGZ2Hw+CsjcjpWSJZF+c=

5VH8YSDrCfnGSIMoFdGLLIEYFOrMgzo0olRXkkbhLRE=

IQH0HwLNr7a6owY6IK4/pC98Cx0aAxYvcaUrXJKxkeQ=

ErQCCDhxFLCFc435WTJlQ0B1pMtqf0NPeOA5Vb1IAPw=

IkyzDxeOZjL09fVe/Lgzrb609KHHA6uHFFbpZqGMwUM=

l/6rEQDy+eWi8IVHMskjow==

3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F

258EAFA5-E914-47DA-95CA-C5AB0DC85B11

E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1

A/YnqxkcnQJ6vGuqJKYHdR6tlYTs17OtRSDkxUEOlkQ=

6uKvylR5bXFo+6WiEGIWNL83Kng5hmZwJDHpxw9/YE4=

pQDG40Cih2nK9bJ88TnetriUKKbzJMbujVLPeCK5Y0o=

Y5DJiWCZkJceTcTQPn52rIEPSAS3ggmZ2G0Jy8XGSHE=

TsB88hoIeCJQQkbhsnHCZflrcnfwGR0gWr/JNhgDu9s=
POSSIBLE SECRETS

Zcr7IPexjm3HpiFYNqmVk81xJUAbrj2YkjsAuxkqZsA=

nvoE0PiKtXjhxDmHM5f9TQ==

1DvbjKzgOD62S+acNzLazv6kg2Ww7TKZXbboizDxTiI=

Wz3+7iqkCp/sQ818plolyLn181dkcg8t6MGt2o7+Y9w9sJPmofxEb26T3qp5TqTY

dficCxm4JHqG2mYc49EV8mdrodN09B4U9Az7yPcmpfqU2wMG6lCtPANPUYZb7DDW

01360240043788015936020505

Y3lFjzzQ9J7e+bAXAxlNkQDEuw6inTfcs8U532roSAs=

LV3jIRo6qv8l5h95OnqBcUoCOTvLhjJpkV3H1AAsbWE=

VGsL4BAivI6Nntqq2WbUnyz4NtncvvoSmgf5npF9b0g=

kf44FdHx8MTWUtxjZzugcL/cR8CCvwaZnYkOqRKo4awZV73Ql3hXDpYupVX0dOHZzw9cBv3TWvtTo2gXvT44XQ==

yBeQ0d6R9f8iKBTcqpyEZtun70ayQg3nB7B2zPuVroU=

KMmGuznxFs7rt3a6WIwl8A==

yozLwGf33bf97t2lDCqOEomv2EQPI2S4sCuHOy8YUpI=

QiWWy7r9ub5BZecI9os0+i4OV8iE4KVt7mltS6NVxlY=

rNHTchdDNzQL8flnXCQ5GQn5TEJP1bGfHDgNwUH2qUQ=
 POSSIBLE SECRETS

EBsmFkHpXUtutVgOH6I83MX+totrmY/+e+Kqdd0QG7U=

pRI0BjlzyIjfmVvWi3oDm4CixSfJNSmJS64gw5ssZTA=

2amgRW016/uxhaaRALbDCpcoI0BezFHlXAUTxXRlkCQ=

EepfTlwv8sValZR6+PabQ+YVBb9ldwHIHTvPi86QIcs=

mQ4H01ozaIsw4iOtnf3SFdNdoPnFzfnIw3Af1q248Sg=

CFawujikgVT/iYHpz4NyGMDUKLy2zkzMACL82ZRF62o=

qGzfsg4GRlHhSBtUE+79+9lB0Eh1JQtuRb9dW83JC+w=

k4l1KGJY9cGNxZe1SXqdvKDAe3ViSOH94gGXJOYbRyc=

 PLAYSTORE INFORMATION
Title: Duit Sayang-Kredit Uang Kilat

Score: 0 Installs: 100,000+ Price: 0 Android Version Support: Category: Finance Play Store URL: com.duitsayang

Developer Details: PT.Duit Sayang Indonesia, PT.Duit+Sayang+Indonesia, None, https://duitsayang.com, tweedjoanne433@gmail.com,

Release Date: None Privacy Policy: Privacy link

Description:

Duit Sayang is a product of PT. Duit Sayang Indonesia, which was established so that members can obtain high quality loan services. Duit Sayang only provides
membership registration services for PT. Duit Sayang Indonesia, and does not directly provide loans to users. After a user registers as a member of PT. Duit Sayang
Indonesia at Duit Sayang, Duit Sayang can help members apply for loans. All loan product information on Duit Sayang: ◉Loan amount: IDR 400,000- IDR 6,000,000 ◉Loan
term: The shortest period is 91 days, the longest is 300 days ◉Maximum interest: 18% per annum, no other additional fees Example: The selected loan product has a
term of 300 days (i.e. 10 months), the loan amount on the selected loan product is IDR 4,000,000, and the product interest rate is 18% per year (around 0.05% per day),
After the application is approved, the principal loan to IDR 4,000,000. Then the daily interest fee is IDR 2,000 (calculation: 4,000,000 * 0.05% = 2,000), the monthly interest
fee is IDR 60,000 (calculation: 2,000 * 30 = 60,000), and the monthly payment amount is IDR 460,000 (calculation: 4,000. 000 / 10 + 60,000 = 460,000). After the loan period
ends, the total interest is IDR 600,000 (calculation: 60,000 * 10 = 600,000), the total loan that must be repaid is IDR 4,600,000 (calculation: 4,000,000 + 600,000 = 4,600,000)
What are the requirements for getting a loan at Duit Sayang? ✔Indonesian citizen ✔ Age over 18 years ✔KTP and personal collection accounts Easy to use Only by
downloading the Duit Sayang application, you can easily apply for a loan, there is no signature process. ⚡Fast verification Your submission will be reviewed within 24
hours How to pay off the loan? You can easily make payments through any bank, if the loan is approved and the funds have been disbursed, then for loan payments we
will provide a virtual account number for you to make payments. Payment methods: ATM, M-banking, I-banking, OVO and Alfamart & Alfamidi. After payment, Duit Sayang
will automatically receive your loan payment and then your loan status will change in the application. contact us If Users need our help please contact us via the email
below Email: tweedjoanne433@gmail.com Address : Metro Building, 8th Floor, Jl. H. Samanhudi Pasar Baru, Central Jakarta

Report Generated by - MobSF v3.7.9 Beta

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment
framework capable of performing static and dynamic analysis.

© 2023 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.