Static Analysis 12/5/25, 21:55

 APP SCORES  FILE INFORMATION  APP INFORMATION

File NameShinhan_SOL_Viet_Nam_3.4.5_APKPure.xapk App Name SOL VN

Size 80.42MB Package Name
MD5 36f70e06dac21fa119f76d3980af45c5 com.shinhan.global.vn.bank
Security Score
SHA1 6a86040091187fa52f9b62998530d54b832bf3ab Main Activity
41/100 SHA256 com.shinhan.global.vn.bank.main.activi
Trackers Detection
f7c7778bc08bb488cb1f1030ad017f05e559dc979395fb66 ty.IntroActivity
5/432 b7912d179515bd5d Target SDK 34 Min SDK 26 Max SDK
Android Version Name 3.4.5
Android Version Code 315

 PLAYSTORE INFORMATION


Title Shinhan SOL Viet Nam

Score 4.41 Installs 1,000,000+ Price 0 Android Version Support Category Finance Play Store URL
com.shinhan.global.vn.bank
Developer SHINHAN BANK Global Dev Dept., Developer ID SHINHAN+BANK+Global+Dev+Dept.
Developer Address None
Developer Website http://www.shinhanglobal.com
Developer Email shinhan.developer@gmail.com
Release Date Dec 21, 2015 Privacy Policy Privacy link
Description

Shinhan Bank Vietnam has launched Shinhan SOL Vietnam application with the hope of bringing best
experiences to Customer:

- Modern and friendly user interface.

- Dominant features:

• App notification: Enhance the convenience of the interaction between Shinhan Bank and Customers.

• Asset management: Manage assets and liabilities’s source safely and closely.

• Digital on-boarding credit card: Easily to get digital registration process and auto-approval.

• Open account and register SOL/Internet

• Banking service: 100% online without visting The Bank.

• Payment with variety of bills feature.
And other significant improvements.
Let's experience the latest version Shinhan SOL Vietnam application!

Best regards,

Shinhan Bank Vietnam

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 1 of 29
Static Analysis 12/5/25, 21:55

4 / 197 3 / 21 3 / 10 0/5

EXPORTED ACTIVITIES 
EXPORTED SERVICES 
EXPORTED RECEIVERS EXPORTED PROVIDERS 
View All  View All  View All  View All 

 SCAN OPTIONS  DECOMPILED CODE

 SIGNER CERTIFICATE

Binary is signed
v1 signature: False
v2 signature: True
v3 signature: True
v4 signature: False
X.509 Subject: C=KR, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=shinhan_glb
Signature Algorithm: rsassa_pkcs1v15
Valid From: 2015-01-13 00:49:22+00:00
Valid To: 2064-12-31 00:49:22+00:00
Issuer: C=KR, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=shinhan_glb
Serial Number: 0x54b46b92
Hash Algorithm: sha1
md5: 755e006971019bff47ea87669b425c0f
sha1: 53c465e74efd2a3ae353210f2594d5b8ba60aa0d
sha256: bbc6fe16de8dc28060b5d350c66bea0b8357b7ffb7dfd1936e792e3ee15585ad
sha512:
ecdb4548095751fec8557dbd6b2d1603b764a62fec204b8f2f553c3573925a216eb2a56652f86ce7bc16c2b0595a894d171d041
4da1c6acf4135ff4b007e882c
PublicKey Algorithm: rsa
Bit Size: 2048
Fingerprint: a1b9ee3c2da74a86ca38027e83dcd273d497f8c280eb973e1f6f8123fa744acc
Found 1 unique certificates

 APPLICATION PERMISSIONS

Search:

▲ ▲ ▲ ▲ CODE
▼ ▼ ▼ ▼
PERMISSION STATUS INFO DESCRIPTION MAPPIN

android.permission.ACCESS_ADSERVICES_ATTRIBUTION normal allow This enables

applications the app to
to access retrieve
advertising information
service related to

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 2 of 29
Static Analysis 12/5/25, 21:55

attribution advertising
attribution,
which can be
used for
targeted
advertising
purposes. App
can gather data
about how
users interact
with ads, such
as clicks or
impressions, to
measure the
effectiveness of
advertising
campaigns.

android.permission.ACCESS_NETWORK_STATE normal view network Allows an

status application to
view the status
of all networks.

android.permission.ACCESS_WIFI_STATE normal view Wi-Fi Allows an

status application to
view the
information
about the status
of Wi-Fi.

android.permission.ACTION_MANAGE_OVERLAY_PERMISSION unknown Unknown Unknown

permission permission from
android
reference

android.permission.BLUETOOTH normal create Allows

Bluetooth applications to
connections connect to
paired
bluetooth
devices.

android.permission.BLUETOOTH_ADMIN normal bluetooth Allows

administration applications to
discover and
pair bluetooth
devices.

android.permission.BLUETOOTH_CONNECT dangerous necessary for Required to be

connecting to able to connect
paired to paired
Bluetooth Bluetooth

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 3 of 29
Static Analysis 12/5/25, 21:55

devices. devices.

android.permission.CALL_PHONE dangerous directly call Allows the

phone application to
numbers call phone
numbers
without your
intervention.
Malicious
applications
may cause
unexpected
calls on your
phone bill. Note
that this does
not allow the
application to
call emergency
numbers.

android.permission.CAMERA dangerous take pictures Allows

and videos application to
take pictures
and videos with
the camera.
This allows the
application to
collect images
that the camera
is seeing at any
time.

android.permission.CAPTURE_VIDEO_OUTPUT normal allows Allows an

capturing of application to
video output. capture video
output.

Showing 1 to 10 of 42 entries

Previous 1 2 3 4 5 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 4 of 29
Static Analysis 12/5/25, 21:55

 ANDROID API


Search:

API ▲ FILES ▲
▼ ▼

Android Notifications

Base64 Decode

Base64 Encode

Certificate Handling

Content Provider

Crypto

Dynamic Class and Dexloading

Execute OS Command

Get Android Advertising ID

Get Cell Information

Showing 1 to 10 of 42 entries

Previous 1 2 3 4 5 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 5 of 29
Static Analysis 12/5/25, 21:55

 BROWSABLE ACTIVITIES

Search:

ACTIVITY ▲ INTENT ▲
▼ ▼

com.google.firebase.auth.internal.GenericIdpActivity Schemes: genericidp://,

Hosts: firebase.auth,
Paths: /,

com.google.firebase.auth.internal.RecaptchaActivity Schemes: recaptcha://,

Hosts: firebase.auth,
Paths: /,

com.shinhan.global.vn.bank.common.deeplink.EntryActivity Schemes: shinhanglbvnbank://, https://,

Hosts: vnsol.onelink.me,
vnsoltstenz.onelink.me,
Path Prefixes: /ipGX, /95Tz,

com.useinsider.insider.InsiderLoginActivity Schemes: insidershinhanbankvn://,

Showing 1 to 4 of 4 entries

Previous 1 Next

 NETWORK SECURITY

Search:

NO ▲ SCOPE ▲ SEVERITY ▲ DESCRIPTION ▲

▼ ▼ ▼ ▼

No data available in table

Showing 0 to 0 of 0 entries

Previous Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 6 of 29
Static Analysis 12/5/25, 21:55

 CERTIFICATE ANALYSIS

HIGH WARNING INFO

1 0 1

Search:

TITLE ▲ SEVERITY ▲ DESCRIPTION ▲

▼ ▼ ▼

Certificate algorithm vulnerable high Application is signed with SHA1withRSA. SHA1 hash algorithm
to hash collision is known to have collision issues.

Signed Application info Application is signed with a code signing certificate

Showing 1 to 2 of 2 entries

Previous 1 Next

 MANIFEST ANALYSIS

HIGH WARNING INFO SUPPRESSED

1 11 0 0

Search:

NO ▲ ISSUE ▲ SEVERITY ▲ DESCRIPTION

▼ ▼ ▼

1 App can be installed on a vulnerable Android version warning This application

Android 8.0, minSdk=26] can be installed on
an older version of
android that has
multiple
vulnerabilities.
Support an
Android version =>
10, API 29 to
receive reasonable
security updates.

2 Clear text traffic is Enabled For App high The app intends to
[android:usesCleartextTraffic=true] use cleartext
network traffic,
such as cleartext
HTTP, FTP stacks,
DownloadManager,
and MediaPlayer.
The default value
for apps that

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 7 of 29
Static Analysis 12/5/25, 21:55

target API level 27

or lower is "true".
Apps that target
API level 28 or
higher default to
"false". The key
reason for avoiding
cleartext traffic is
the lack of
confidentiality,
authenticity, and
protections
against tampering;
a network attacker
can eavesdrop on
transmitted data
and also modify it
without being
detected.

3 Activity (com.shinhan.global.vn.bank.common.deeplink.EntryActivity) is warning An Activity is

not Protected. found to be shared
[android:exported=true] with other apps on
the device
therefore leaving it
accessible to any
other application
on the device.

4 Service (com.shinhan.nfiltermodule.SecureService) is not Protected. warning A Service is found

[android:exported=true] to be shared with
other apps on the
device therefore
leaving it
accessible to any
other application
on the device.

5 Broadcast Receiver (com.safeon.pushlib.LocalPushBroadcastReceiver) is warning A Broadcast

Protected by a permission, but the protection level of the permission Receiver is found
should be checked. to be shared with
Permission: android.permission.RECEIVE_BOOT_COMPLETED other apps on the
[android:exported=true] device therefore
leaving it
accessible to any
other application
on the device. It is
protected by a
permission which
is not defined in
the analysed
application. As a
result, the

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 8 of 29
Static Analysis 12/5/25, 21:55

protection level of
the permission
should be checked
where it is defined.
If it is set to
normal or
dangerous, a
malicious
application can
request and obtain
the permission and
interact with the
component. If it is
set to signature,
only applications
signed with the
same certificate
can obtain the
permission.

6 Service (com.safeon.pushlib.SafeOnInstanceIDListenerService) is not warning A Service is found

Protected. to be shared with
[android:exported=true] other apps on the
device therefore
leaving it
accessible to any
other application
on the device.

7 Broadcast Receiver warning A Broadcast

(com.shinhan.global.vn.bank.push.FcmListenerService$ReregisterReceiver) Receiver is found
is not Protected. to be shared with
[android:exported=true] other apps on the
device therefore
leaving it
accessible to any
other application
on the device.

8 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) warning A Broadcast

is Protected by a permission, but the protection level of the permission Receiver is found
should be checked. to be shared with
Permission: com.google.android.c2dm.permission.SEND other apps on the
[android:exported=true] device therefore
leaving it
accessible to any
other application
on the device. It is
protected by a
permission which
is not defined in
the analysed
application. As a

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 9 of 29
Static Analysis 12/5/25, 21:55

result, the
protection level of
the permission
should be checked
where it is defined.
If it is set to
normal or
dangerous, a
malicious
application can
request and obtain
the permission and
interact with the
component. If it is
set to signature,
only applications
signed with the
same certificate
can obtain the
permission.

9 Activity (com.google.firebase.auth.internal.GenericIdpActivity) is not warning An Activity is

Protected. found to be shared
[android:exported=true] with other apps on
the device
therefore leaving it
accessible to any
other application
on the device.

10 Activity (com.google.firebase.auth.internal.RecaptchaActivity) is not warning An Activity is

Protected. found to be shared
[android:exported=true] with other apps on
the device
therefore leaving it
accessible to any
other application
on the device.

Showing 1 to 10 of 12 entries

Previous 1 2 Next

 CODE ANALYSIS

HIGH WARNING INFO SECURE SUPPRESSED

7 11 3 2 0

Search:

▲ ▲ ▲ ▲ ▲ ▲

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 10 of 29
Static Analysis 12/5/25, 21:55

▲ ▲ ▲ ▲ ▲ ▲
NO ▼ ISSUE ▼ SEVERITY ▼ STANDARDS ▼ FILES ▼ OPTIONS ▼

1 This App uses secure

SSL certificate OWASP
pinning to detect MASVS:
or prevent MITM MSTG-
attacks in secure NETWORK-4
communication
channel.

2 IP Address warning CWE: CWE-

disclosure 200:
Information
Exposure
OWASP
MASVS:
MSTG-CODE-2

3 Files may warning CWE: CWE-

contain 312: Cleartext
hardcoded Storage of
sensitive Sensitive
information like Information
usernames, OWASP Top
passwords, keys 10: M9:
etc. Reverse
Engineering
OWASP
MASVS:
MSTG-
STORAGE-14

4 The App logs info CWE: CWE-

information. 532: Insertion
Sensitive of Sensitive
information Information
should never be into Log File
logged. OWASP
MASVS:
MSTG-
STORAGE-3

5 The App uses an warning CWE: CWE-

insecure 330: Use of
Random Number Insufficiently
Generator. Random Values
OWASP Top
10: M5:
Insufficient
Cryptography
OWASP
MASVS:
MSTG-

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 11 of 29
Static Analysis 12/5/25, 21:55

CRYPTO-6

6 App uses SQLite warning CWE: CWE- com/safeon/pushlib/PushClientDB.java

Database and 89: Improper
execute raw SQL Neutralization
query. Untrusted of Special
user input in raw Elements used
SQL queries can in an SQL
cause SQL Command
Injection. Also ('SQL
sensitive Injection')
information OWASP Top
should be 10: M7: Client
encrypted and Code Quality
written to the
database.

7 SHA-1 is a weak warning CWE: CWE-

hash known to 327: Use of a
have hash Broken or
collisions. Risky
Cryptographic
Algorithm
OWASP Top
10: M5:
Insufficient
Cryptography
OWASP
MASVS:
MSTG-
CRYPTO-4

8 The App uses high CWE: CWE-

the encryption 649: Reliance
mode CBC with on Obfuscation
PKCS5/PKCS7 or Encryption
padding. This of Security-
configuration is Relevant Inputs
vulnerable to without
padding oracle Integrity
attacks. Checking
OWASP Top
10: M5:
Insufficient
Cryptography
OWASP
MASVS:
MSTG-
CRYPTO-3

9 MD5 is a weak warning CWE: CWE-

hash known to 327: Use of a
have hash Broken or

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 12 of 29
Static Analysis 12/5/25, 21:55

collisions. Risky
Cryptographic
Algorithm
OWASP Top
10: M5:
Insufficient
Cryptography
OWASP
MASVS:
MSTG-
CRYPTO-4

10 App can warning CWE: CWE-

read/write to 276: Incorrect
External Storage. Default
Any App can Permissions
read data written OWASP Top
to External 10: M2:
Storage. Insecure Data
Storage
OWASP
MASVS:
MSTG-
STORAGE-2

Showing 1 to 10 of 23 entries

Previous 1 2 3 Next

 SHARED LIBRARY BINARY ANALYSIS

No Shared Objects found.

Search:

▲ SHARED ▲ ▲ ▲ STACK ▲ ▲ ▲ ▲ ▲ SYMBOLS

▼ ▼ ▼ ▼ ▼ ▼ ▼ ▼ ▼
NO OBJECT NX PIE CANARY RELRO RPATH RUNPATH FORTIFY STRIPPED

No data available in table

Showing 0 to 0 of 0 entries

Previous Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 13 of 29
Static Analysis 12/5/25, 21:55

 NIAP ANALYSIS v1.3

Search:

NO ▲ IDENTIFIER ▲ REQUIREMENT ▲ FEATURE ▲ DESCRIPTION ▲

▼ ▼ ▼ ▼ ▼

No data available in table

Showing 0 to 0 of 0 entries

Previous Next

 FILE ANALYSIS

Search:

NO ▲ ISSUE ▲ FILES ▲
▼ ▼ ▼

1 Hardcoded Keystore found. assets/shinhan.bks

Showing 1 to 1 of 1 entries

Previous 1 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 14 of 29
Static Analysis 12/5/25, 21:55

 FIREBASE DATABASE ANALYSIS

Search:

TITLE ▲ SEVERITY ▲ DESCRIPTION

▼ ▼

App info The app talks to Firebase database at https://shinhanvn-183811.firebaseio.com

talks to a
Firebase
database

Firebase secure Firebase Remote Config is disabled for

Remote https://firebaseremoteconfig.googleapis.com/v1/projects/1024831484571/namespaces/firebase:fetc
Config key=AIzaSyAtq6263_ay6nnvmVXLYtTCrWZiwr8OeJA. This is indicated by the response: {'state':
disabled 'NO_TEMPLATE'}

Showing 1 to 2 of 2 entries

Previous 1 Next

 MALWARE LOOKUP

 VirusTotal Report  Triage Report  MetaDefender Report  Hybrid Analysis Report

 APKiD ANALYSIS

Search:

DEX ▲ DETECTIONS ▲
▼ ▼

classes.dex Search:

FINDINGS ▲ DETAILS ▲
▼ ▼

Anti Debug Code Debug.isDebuggerConnected() check

Anti-VM Code Build.FINGERPRINT check

Build.MODEL check
Build.MANUFACTURER check
Build.PRODUCT check
Build.HARDWARE check
Build.TAGS check
SIM operator check

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 15 of 29
Static Analysis 12/5/25, 21:55

network operator name check

subscriber ID check
ro.kernel.qemu check
possible VM check

Compiler r8 without marker (suspicious)

Showing 1 to 3 of 3 entries

Previous 1 Next

classes2.dex Search:

FINDINGS ▲ DETAILS ▲
▼ ▼

Anti Debug Code Debug.isDebuggerConnected() check

Anti-VM Code Build.FINGERPRINT check

Build.MANUFACTURER check
Build.HARDWARE check
Build.TAGS check

Compiler r8 without marker (suspicious)

Obfuscator unreadable field names

Showing 1 to 4 of 4 entries

Previous 1 Next

classes3.dex Search:

FINDINGS ▲ DETAILS ▲
▼ ▼

Anti Debug Code Debug.isDebuggerConnected() check

Anti-VM Code Build.MODEL check

Build.MANUFACTURER check
Build.PRODUCT check
Build.HARDWARE check
Build.BOARD check
possible Build.SERIAL check
Build.TAGS check
SIM operator check
network operator name check
possible VM check

Compiler r8 without marker (suspicious)

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 16 of 29
Static Analysis 12/5/25, 21:55

Obfuscator DexGuard

Showing 1 to 4 of 4 entries

Previous 1 Next

classes4.dex Search:

FINDINGS ▲ DETAILS ▲
▼ ▼

Anti Debug Code Debug.isDebuggerConnected() check

Anti-VM Code Build.FINGERPRINT check

Build.MANUFACTURER check
Build.BOARD check
possible Build.SERIAL check
SIM operator check
network operator name check

Compiler r8 without marker (suspicious)

Obfuscator unreadable field names

unreadable method names

Showing 1 to 4 of 4 entries

Previous 1 Next

classes5.dex Search:

FINDINGS ▲ DETAILS ▲
▼ ▼

Anti-VM Code Build.FINGERPRINT check

Build.MODEL check
Build.MANUFACTURER check
Build.PRODUCT check
Build.HARDWARE check
Build.BOARD check
ro.kernel.qemu check
possible VM check

Compiler r8 without marker (suspicious)

Showing 1 to 2 of 2 entries

Previous 1 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 17 of 29
Static Analysis 12/5/25, 21:55

Showing 1 to 5 of 5 entries

Previous 1 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 18 of 29
Static Analysis 12/5/25, 21:55

 BEHAVIOUR ANALYSIS

Search:

RULE ▲ ▲ ▲ ▲
▼ ▼ ▼ ▼
ID BEHAVIOUR LABEL FILES

00001 Initialize bitmap object and camera

compress data (e.g. JPEG)
into bitmap object

00002 Open the camera and take camera com/vnpay/qr/CameraSource.java

picture

00003 Put the compressed bitmap camera

data into JSON object

00004 Get filename and put it to file collection

JSON object

00005 Get absolute path of file and file

put it to JSON object

00007 Use absolute path of file com/otaliastudios/cameraview/video/FullVideoRecorder.java

directory for the output
media file path

00009 Put data in cursor to JSON file

object

00010 Read sensitive data(SMS, sms calllog defpackage/AppSuitLinker4.java

CALLLOG) and put it into collection
JSON object

00011 Query data from URI (SMS, sms calllog com/appsflyer/internal/AFb1jSDK.java

CALLLOGS) collection com/appsflyer/internal/AFi1bSDK.java

00012 Read data and put it into a file

buffer stream

Showing 1 to 10 of 89 entries

Previous 1 2 3 4 5 … 9 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 19 of 29
Static Analysis 12/5/25, 21:55

 ABUSED PERMISSIONS

Top Malware Permissions

android.permission.READ_PHONE_STATE, android.permission.ACCESS_NETWORK_STATE,
android.permission.ACCESS_WIFI_STATE, android.permission.WRITE_EXTERNAL_STORAGE,
android.permission.READ_EXTERNAL_STORAGE, android.permission.CAMERA, android.permission.INTERNET,
android.permission.RECEIVE_BOOT_COMPLETED, android.permission.SYSTEM_ALERT_WINDOW,
android.permission.GET_ACCOUNTS, android.permission.WAKE_LOCK, android.permission.VIBRATE,
android.permission.RECORD_AUDIO

Other Common Permissions

android.permission.CALL_PHONE, com.google.android.c2dm.permission.RECEIVE,
android.permission.MODIFY_AUDIO_SETTINGS, android.permission.BLUETOOTH, android.permission.BLUETOOTH_ADMIN,
android.permission.FOREGROUND_SERVICE, android.permission.CHANGE_WIFI_STATE,
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE, com.google.android.gms.permission.AD_ID

Malware Permissions are the top permissions that are widely abused by known malware.
Other Common Permissions are permissions that are commonly abused by known malware.

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 20 of 29
Static Analysis 12/5/25, 21:55

 SERVER LOCATIONS

This app may communicate with the following OFAC sanctioned list of countries.

Search:

DOMAIN ▲ COUNTRY/REGION ▲
▼ ▼

No data available in table

Showing 0 to 0 of 0 entries

Previous Next

 DOMAIN MALWARE CHECK



Search:

DOMAIN ▲ STATUS ▲ GEOLOCATION ▲

▼ ▼ ▼

192.168.155.43 ok IP: 192.168.155.43

Country: -
Region: -
City: -
Latitude: 0.000000
Longitude: 0.000000

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 21 of 29
Static Analysis 12/5/25, 21:55

View: Google Map

192.168.91.93 ok IP: 192.168.91.93

Country: -
Region: -
City: -
Latitude: 0.000000
Longitude: 0.000000
View: Google Map

api.bit.ly ok IP: 67.199.248.27

Country: United States of America
Region: New York
City: New York City
Latitude: 40.739288
Longitude: -73.984955
View: Google Map

apig.idcheck.xplat.online ok IP: 192.223.15.9

Country: Canada
Region: British Columbia
City: Kelowna
Latitude: 49.883072
Longitude: -119.485680
View: Google Map

appmon.shinhan.com ok IP: 59.7.252.55

Country: Korea (Republic of)
Region: Seoul-teukbyeolsi
City: Seoul
Latitude: 37.568260
Longitude: 126.977829
View: Google Map

appr.tc ok IP: 216.239.38.21

Country: United States of America
Region: California
City: Mountain View
Latitude: 37.405991
Longitude: -122.078514
View: Google Map

aps-webhandler.appsflyer.com ok IP: 108.157.32.9

Country: United States of America
Region: Washington
City: Redmond
Latitude: 47.682899
Longitude: -122.120903
View: Google Map

cert.shinhan.com ok IP: 59.7.252.245

Country: Korea (Republic of)

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 22 of 29
Static Analysis 12/5/25, 21:55

Region: Seoul-teukbyeolsi
City: Seoul
Latitude: 37.568260
Longitude: 126.977829
View: Google Map

devcert3.shinhan.com ok IP: 106.241.47.158

Country: Korea (Republic of)
Region: Seoul-teukbyeolsi
City: Seoul
Latitude: 37.568260
Longitude: 126.977829
View: Google Map

devimg3.shinhan.com ok IP: 125.130.60.165

Country: Korea (Republic of)
Region: Seoul-teukbyeolsi
City: Seoul
Latitude: 37.568260
Longitude: 126.977829
View: Google Map

Showing 1 to 10 of 82 entries

Previous 1 2 3 4 5 … 9 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 23 of 29
Static Analysis 12/5/25, 21:55

 URLS

Search:

URL ▲ FILE
▼

data::%s com/atsolutions/secure/command/smartone/GenerateOTPDSCommand.java

data::class.java) com/trustingsocial/ekyc/data/a.java

data:image com/bumptech/glide/load/model/DataUrlLoader.java

data:image/jpeg;base64, vn/kalapa/faceotp/utils/BitmapUtil.java

data:image/png;base64, com/fis/ekyc/nfc/build_in/utils/Base64Util.java
data:image

file:///android_asset/ com/bumptech/glide/load/model/AssetUriLoader.java

http://api.bit.ly/v3/shorten com/shinhan/bank/framework/core/util/StringUtil.java

http://localhost/ retrofit2/Response.java

http://schemas.android.com/apk/res/android pl/droidsonroids/gif/GifTextureView.java

http://schemas.android.com/apk/res/android pl/droidsonroids/gif/GifTextView.java

Showing 1 to 10 of 47 entries

Previous 1 2 3 4 5 Next

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 24 of 29
Static Analysis 12/5/25, 21:55

 EMAILS

Search:

EMAIL ▲ FILE ▲
▼ ▼

base.apk@classes.dex btworks/codeguard/agent/AgentManager.java
-1@base.apk
-3@base.apk
-2@base.apk

Showing 1 to 1 of 1 entries

Previous 1 Next

 TRACKERS

Search:

TRACKER NAME ▲ CATEGORIES ▲ URL ▲

▼ ▼ ▼

AppsFlyer Analytics https://reports.exodus-privacy.eu.org/trackers/12

Google CrashLytics Crash reporting https://reports.exodus-privacy.eu.org/trackers/27

Google Firebase Analytics Analytics https://reports.exodus-privacy.eu.org/trackers/49

Insider Analytics https://reports.exodus-privacy.eu.org/trackers/409

Splunk MINT Analytics https://reports.exodus-privacy.eu.org/trackers/242

Showing 1 to 5 of 5 entries

Previous 1 Next

 POSSIBLE HARDCODED SECRETS

Show all 467 secrets

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 25 of 29
Static Analysis 12/5/25, 21:55

 STRINGS

From APK Resource

Show all 3921 strings

From Code

Show all 56026 strings

From Shared Objects

 ACTIVITIES

Show all 197 activities

 SERVICES

Showing all 21 services

com.shinhan.global.vn.bank.common.auth.motp.OtpDisplayWindow
com.shinhan.global.vn.bank.livechat.service.WidgetChatService
com.shinhan.nfiltermodule.SecureService
com.safeon.pushlib.SafeOnInstanceIDListenerService
com.shinhan.global.vn.bank.push.FcmListenerService
com.google.firebase.messaging.FirebaseMessagingService
com.google.firebase.components.ComponentDiscoveryService
androidx.camera.core.impl.MetadataHolderService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.mlkit.common.internal.MlKitComponentDiscoveryService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
com.google.firebase.auth.api.fallback.service.FirebaseAuthFallbackService
com.google.android.gms.auth.api.signin.RevocationBoundService
androidx.room.MultiInstanceInvalidationService
com.useinsider.insider.GifPlayService
com.useinsider.insider.InsiderFirebaseMessagingService
com.useinsider.insider.IntegrationWizard
com.useinsider.insider.SessionPayloadService
com.useinsider.insider.InsiderAmplificationService

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 26 of 29
Static Analysis 12/5/25, 21:55

 RECEIVERS

Showing all 10 receivers

com.safeon.pushlib.LocalPushBroadcastReceiver
com.shinhan.global.vn.bank.push.FcmListenerService$ReregisterReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
com.useinsider.insider.InsiderGeofenceReceiver
com.useinsider.insider.InteractiveDirectionReceiver
com.useinsider.insider.DeleteInteractiveReceiver
com.useinsider.insider.DeleteGifReceiver
com.useinsider.insider.GifPlayReceiver

 PROVIDERS

Showing all 5 providers

androidx.core.content.FileProvider
androidx.startup.InitializationProvider
com.vnpay.qr.LibContentProvider
com.google.mlkit.common.internal.MlKitInitProvider
com.google.firebase.provider.FirebaseInitProvider

 LIBRARIES


Showing all 1 libraries

androidx.camera.extensions.impl

 SBOM

Showing all 70 Versioned Packages

androidx.activity:activity-ktx@1.6.0
androidx.activity:activity@1.6.0
androidx.annotation:annotation-experimental@1.3.0
androidx.appcompat:appcompat-resources@1.6.1
androidx.appcompat:appcompat@1.6.1
androidx.arch.core:core-runtime@2.1.0
androidx.asynclayoutinflater:asynclayoutinflater@1.0.0
androidx.camera:camera-camera2@1.2.2
androidx.camera:camera-core@1.2.2
androidx.camera:camera-extensions@1.2.2
androidx.camera:camera-lifecycle@1.2.2
androidx.camera:camera-video@1.2.2
androidx.camera:camera-view@1.2.2
androidx.cardview:cardview@1.0.0

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 27 of 29
Static Analysis 12/5/25, 21:55

androidx.coordinatorlayout:coordinatorlayout@1.1.0
androidx.core:core-ktx@1.9.0
androidx.core:core@1.9.0
androidx.cursoradapter:cursoradapter@1.0.0
androidx.customview:customview@1.1.0
androidx.databinding:baseAdapters@7.2.2
androidx.databinding:library@7.2.2
androidx.databinding:viewbinding@7.2.2
androidx.documentfile:documentfile@1.0.0
androidx.drawerlayout:drawerlayout@1.1.1
androidx.dynamicanimation:dynamicanimation@1.0.0
androidx.emoji2:emoji2-views-helper@1.2.0
androidx.emoji2:emoji2@1.2.0
androidx.exifinterface:exifinterface@1.3.3
androidx.fragment:fragment-ktx@1.5.1
androidx.fragment:fragment@1.5.1
androidx.interpolator:interpolator@1.0.0
androidx.legacy:legacy-support-core-ui@1.0.0
androidx.legacy:legacy-support-core-utils@1.0.0
androidx.legacy:legacy-support-v4@1.0.0
androidx.lifecycle:lifecycle-extensions@2.0.0
androidx.lifecycle:lifecycle-livedata-core-ktx@2.5.1
androidx.lifecycle:lifecycle-livedata-core@2.5.1
androidx.lifecycle:lifecycle-livedata@2.1.0
androidx.lifecycle:lifecycle-process@2.5.1
androidx.lifecycle:lifecycle-runtime-ktx@2.5.1
androidx.lifecycle:lifecycle-runtime@2.5.1
androidx.lifecycle:lifecycle-service@2.0.0
androidx.lifecycle:lifecycle-viewmodel-ktx@2.5.1
androidx.lifecycle:lifecycle-viewmodel-savedstate@2.5.1
androidx.lifecycle:lifecycle-viewmodel@2.5.1
androidx.loader:loader@1.0.0
androidx.localbroadcastmanager:localbroadcastmanager@1.0.0
androidx.media:media@1.0.0
androidx.print:print@1.0.0
androidx.recyclerview:recyclerview@1.2.1
androidx.room:room-ktx@2.5.1
androidx.room:room-runtime@2.5.1
androidx.savedstate:savedstate-ktx@1.2.0
androidx.savedstate:savedstate@1.2.0
androidx.slidingpanelayout:slidingpanelayout@1.0.0
androidx.sqlite:sqlite-framework@2.3.1
androidx.sqlite:sqlite@2.3.1
androidx.startup:startup-runtime@1.1.1
androidx.swiperefreshlayout:swiperefreshlayout@1.0.0
androidx.tracing:tracing@1.0.0
androidx.transition:transition@1.2.0
androidx.vectordrawable:vectordrawable-animated@1.1.0
androidx.vectordrawable:vectordrawable@1.1.0
androidx.versionedparcelable:versionedparcelable@1.1.1
androidx.viewpager2:viewpager2@1.0.0
androidx.viewpager:viewpager@1.0.0
com.google.android.material:material@1.9.0
org.jetbrains.kotlinx:kotlinx-coroutines-android@1.6.4

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 28 of 29
Static Analysis 12/5/25, 21:55

org.jetbrains.kotlinx:kotlinx-coroutines-core@1.6.4
org.jetbrains.kotlinx:kotlinx-coroutines-play-services@1.6.4
Show all 159 Packages

 FILES

Show all 10457 files

© 2025 Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity. Version v4.3.3

http://localhost:8000/static_analyzer/36f70e06dac21fa119f76d3980af45c5/ Page 29 of 29