There are millions of malicious applets (JAR files) and Android apps (APK files) out there. Have you ever wondered where do they come from? Which country? At least, which is its time zone? In forensics, it may be interesting to check if this malicious app is made in Russia, Brazil, China, India or United States. Let’s see how.
|Certificate date… “Valid from…”|
|ASN.1 view of a certificate date|
|UTC Time – ZIPs file… gets the offset and thus, time zone (map from timeanddate.com)|
Here are some examples:
|A fraudulent app from Spain|
|Malware from U.S.A|
|Fake app from Hong Kong|
|This APK is a fake of an Indian app, Teen Patti poker|
The tool is available in Python and a compiled C# .NET version. They both may be downloaded from http://elevenpaths.com/downloads/gmtcheck.zip
We encourage you to use it.