Pithus report for 中国三沙 - net.xinhuamm.d0233

File sums

MD5	`23645dc96d62dc6bd7c51f27d4fd60cd`
SHA1	`9fcd099dd886fa8a4198b0a3745725b208d9ac60`
SHA256	`8ed24716472bce7c9850fbac171d842a18ebe2f39927fb70457ab2dd4151e1c4`
Size	`42.42MB`

APKiD

Information computed with APKiD.

`/tmp/tmp_gmf0stn`
packer	`Ijiami`
`/tmp/tmp_gmf0stn!assets/ijm_lib/armeabi/libexec.so`
packer	`UPX (unknown, modified)`
`/tmp/tmp_gmf0stn!assets/ijm_lib/armeabi/libexecmain.so`
packer	`UPX (unknown, modified)`
`/tmp/tmp_gmf0stn!assets/libijmDataEncryption.so`
packer	`UPX (unknown, modified)`
`/tmp/tmp_gmf0stn!classes.dex`
compiler	`dexlib 2.x`
`/tmp/tmp_gmf0stn!lib/armeabi-v7a/libAMapSDK_MAP_v7_5_0.so`
packer	`sharelib UPX`

SSdeep

Information computed with ssdeep.

APK file	`786432:UBmCBeQmGNGVcTElt+brz/LErIL7ut2O8PjZcAbeSePKFFUYFssMFFgiOJSTM0Tn:UBmEFmnCTpz/LEreO8PSpPKTUYKs6FvT`
Manifest	`768:wcyTrKqR8m4VHUQtoTYobQOegzmA5+xN/p3R3c3joTynYjAtuvQAtwKcKYODN4Ph:…`
`classes.dex`	`1536:1mwIRGjT0aKo3Dzznf6T99QjdbiYN4rzZMknPt5qlGw+2wQ09CNRW4O8DoTYlslo…`

Dexofuzzy

Information computed with Dexofuzzy.

APK file	`48:0I67hyplfpwb7tg7He+WLWoZOkwpw5wYabjiSfWSggggAjFLDBYEviN307V:0hhypl…`
`classes.dex`	`48:0I67hyplfpwb7tg7He+WLWoZOkwpw5wYabjiSfWSggggAjFLDBYEviN307V:0hhypl…`

APK details

Information computed with AndroGuard and Pithus.

Package	`net.xinhuamm.d0233`
App name	`中国三沙`
Version name	`1.2.0`
Version code	`373`
SDK	`19` - `27`
UAID	`a31702b45a64f2d0de86b56b0dcb218693235636`
Signature	Signature V1 Signature V2
Frosting	Not frosted Blocks found within V2 signature: `0x7109871a`: Unknown

Certificate details

Information computed with AndroGuard.

MD5	`399f76e7eb14a1fb91518371215e314b`
SHA1	`6f65af0d9378ed4474a929287a392565e2a0ac65`
SHA256	`8c3a967b7198589dfa6a88a05550e441d7c3cedfb7cb27986058363afca540d1`
Issuer	`Common Name: hangzhou, Organizational Unit: bangxun, Organization: hangzhou, Locality: hangzhou, State/Province: zhejing, Country: 310011`
Not before	`2011-08-26T03:44:53+00:00`
Not after	`2036-08-19T03:44:53+00:00`

Manifest analysis

Information computed with MobSF.

High	Clear text traffic is Enabled For App[android:usesCleartextTraffic=true] The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
High	Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.HomeActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.Home2Activity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.welcome.activity.GuideActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	TaskAffinity is set for Activity (com.ynxhs.dznews.mvp.ui.main.activity.SpeechLockActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.main.activity.SpeechLockActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Activity (net.xinhuamm.d0233.wxapi.WXEntryActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Launch Mode of Activity (com.tencent.tauth.AuthActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Activity (com.tencent.tauth.AuthActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Broadcast Receiver (org.matomo.sdk.extra.InstallReferrerReceiver) is not Protected. [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Service (com.xinhuamm.xinhuasdk.push.GetuiPushService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	TaskAffinity is set for Activity (com.xinhuamm.intelligentspeech.speechSynthesizer.LockActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Launch Mode of Activity (com.xinhuamm.intelligentspeech.speechSynthesizer.LockActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Broadcast Receiver (com.huawei.hms.support.api.push.PushEventReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Service (com.meizu.cloud.pushsdk.NotificationService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Broadcast Receiver (com.meizu.cloud.pushsdk.SystemReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Broadcast Receiver (com.igexin.sdk.FlymePushReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Service (com.xiaomi.mipush.sdk.PushMessageHandler) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Broadcast Receiver (com.igexin.sdk.MiuiPushReceiver) is not Protected. [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Service (com.vivo.push.sdk.service.CommandClientService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Broadcast Receiver (com.igexin.sdk.VivoPushMessageReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Service (com.igexin.sdk.OppoPushService) is not Protected.An intent-filter exists. A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported.
High	Launch Mode of Activity (com.sina.weibo.sdk.share.WbShareTransActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Activity (com.sina.weibo.sdk.share.WbShareTransActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Launch Mode of Activity (com.ygou.picture_edit.PictureEditActivity) is not standard. An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High	Service (com.igexin.sdk.PushService) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High	Broadcast Receiver (com.igexin.sdk.PushReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	TaskAffinity is set for Activity (com.igexin.sdk.PushActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.igexin.sdk.GActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Activity (com.igexin.sdk.GActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Browsable activities

Information computed with MobSF.

`com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity`	Schemes: `xinhuamm110171://`
`com.tencent.tauth.AuthActivity`	Schemes: `tencent1101817544://`

Main Activity

Information computed with AndroGuard.

com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity

Activities

Information computed with AndroGuard.

com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity
com.ynxhs.dznews.mvp.ui.HomeActivity
com.ynxhs.dznews.mvp.ui.Home2Activity
com.ynxhs.dznews.mvp.ui.login.PhoneLoginActivity
com.ynxhs.dznews.mvp.ui.login.VerificationLoginActivity
com.ynxhs.dznews.mvp.ui.login.PwdLoginActivity
com.ynxhs.dznews.mvp.ui.login.SettingPwdActivity
com.ynxhs.dznews.mvp.ui.login.BindPhoneActivity
com.ynxhs.dznews.mvp.ui.login.RegisterActivity
com.ynxhs.dznews.mvp.ui.login.FindPwdActivity
com.ynxhs.dznews.mvp.ui.user.activity.SettingActivity
com.ynxhs.dznews.mvp.ui.user.activity.FontSizeSettingActivity
com.ynxhs.dznews.mvp.ui.user.activity.UserInfoActivity
com.ynxhs.dznews.mvp.ui.user.activity.MessageDetailActivity
com.ynxhs.dznews.mvp.ui.user.activity.FeedbackActivity
com.ynxhs.dznews.mvp.ui.news.activity.LiveMenuDetailActivity
com.ynxhs.dznews.mvp.ui.welcome.activity.GuideActivity
com.ynxhs.dznews.mvp.ui.user.activity.ModifyUserNameActivity
com.ynxhs.dznews.mvp.ui.user.activity.ModifyPhoneActivity
com.ynxhs.dznews.mvp.ui.user.activity.ModifyPwdActivity
com.ynxhs.dznews.mvp.ui.user.activity.MineMessageActivity
com.ynxhs.dznews.mvp.ui.user.activity.MineCommentActivity
com.ynxhs.dznews.mvp.ui.news.activity.WapDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.NewsDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.PhotoBrowActivity
com.ynxhs.dznews.mvp.ui.news.activity.DetailCommentsActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailAActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectMoreListActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailBActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailCActivity
com.ynxhs.dznews.mvp.ui.news.activity.VideoDetailActivity
com.ynxhs.dznews.mvp.ui.search.activity.SearchResultActivity
com.ynxhs.dznews.mvp.ui.search.activity.SearchActivity
com.ynxhs.dznews.mvp.ui.main.activity.AreaCenterActivity
com.ynxhs.dznews.mvp.ui.main.activity.SearchAreaCenterActivity
com.ynxhs.dznews.mvp.ui.main.activity.NavigatorContentActivity
com.ynxhs.dznews.mvp.ui.main.activity.MoreServiceActivity
com.ynxhs.dznews.mvp.ui.main.activity.NewMoreServiceActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepListFActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepQuizActivity
com.ynxhs.dznews.mvp.ui.main.activity.EditorDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.GovernmentAffairsActivity
com.ynxhs.dznews.mvp.ui.main.activity.PokeDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.PublishDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepMyUploadActivity
com.ynxhs.dznews.mvp.ui.main.activity.ColumnEditActivity
com.ynxhs.dznews.mvp.ui.news.activity.AdvertActivity
com.ynxhs.dznews.mvp.ui.main.activity.BlockTopMoreListActivity
com.ynxhs.dznews.mvp.ui.user.activity.UserCollectionActivity
com.ynxhs.dznews.mvp.ui.main.activity.NewsListActivity
com.ynxhs.dznews.mvp.ui.main.activity.RollingNewsListActivity
com.ynxhs.dznews.mvp.ui.main.activity.SubscriptionDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.SubscriptionCenterActivity
com.ynxhs.dznews.mvp.ui.main.activity.SubscriptionMyActivity
com.ynxhs.dznews.mvp.ui.news.activity.LiveDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.ShortVideoDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.CommentActivity
com.ynxhs.dznews.mvp.ui.main.activity.SpeechLockActivity
com.ynxhs.dznews.mvp.ui.news.activity.TopicCardDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.TopicOpinionDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.TopicOpinionUploadActivity
com.ynxhs.dznews.mvp.ui.news.activity.PhotoBrowPreviewActivity
com.ynxhs.dznews.mvp.ui.news.activity.CommentDetailActivity
com.ynxhs.dznews.mvp.ui.upload.UploadGenericActivity
com.ynxhs.dznews.mvp.ui.main.activity.CityPickerActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepUnitActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepUploadMediaPreviewActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepAboutMeActivity
com.ynxhs.dznews.mvp.ui.upload.DepUploadActivity
com.ynxhs.dznews.mvp.ui.news.activity.DepDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.ThematicColumnListActivity
com.ynxhs.dznews.mvp.ui.main.activity.ServicesHomeActivity
com.ynxhs.dznews.mvp.ui.news.activity.LivelihoodServicesDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.OrganListActivity
com.ynxhs.dznews.mvp.ui.main.activity.PaiKeUploadActivity
com.ynxhs.dznews.mvp.ui.main.activity.LivelihoodUploadDataActivity
com.ynxhs.dznews.mvp.ui.main.activity.LivelihoodWriteCommentActivity
com.ynxhs.dznews.mvp.ui.main.activity.LivelihoodEvaluateActivity
com.ynxhs.dznews.mvp.ui.upload.LivelihoodReportActivity
com.ynxhs.dznews.mvp.ui.user.activity.VerifyPhoneActivity
com.ynxhs.dznews.mvp.ui.user.activity.AccountManagementActivity
com.ynxhs.dznews.mvp.ui.user.activity.EnterpriseInfoActivity
com.ynxhs.dznews.mvp.ui.user.activity.RiskWarningActivity
com.ynxhs.dznews.mvp.ui.videocall.VideoCallActivity
com.ynxhs.dznews.mvp.ui.main.activity.ListenRadioActivity
com.ynxhs.dznews.mvp.ui.main.activity.SelectedRadioDetailActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTHomeActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTSearchActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTJieqinRecordActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTFarmerStoryActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTUploadActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.LocationLabelActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.BecomePartnerActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.ShowShowActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTNewsDetailActivity
net.xinhuamm.d0233.wxapi.WXEntryActivity
com.tencent.tauth.AuthActivity
com.tencent.connect.common.AssistActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmMainActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmProjectDetailActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmChooseVolunteerTeamActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmChooseServiceItemActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmActivityCenterActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmMyWishActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmWishPoolActivity
net.xinhuamm.xwm.mvp.ui.news.activity.XwmNewsActivity
net.xinhuamm.xwm.mvp.ui.news.activity.XwmH5WebActivity
net.xinhuamm.xwm.mvp.ui.news.activity.XwmWapDetailActivity
net.xinhuamm.xwm.mvp.ui.volunteer.activity.XwmVolunteerTeamActivity
net.xinhuamm.xwm.mvp.ui.volunteer.activity.XwmNewVolunteerTeamActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmActivityServiceActivity
net.xinhuamm.xwm.mvp.ui.practice.activity.XwmPracticePositionActivity
net.xinhuamm.xwm.mvp.ui.goodman.activity.XwmGoodManActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmPhotoBrowseActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmContentActivity
net.xinhuamm.xwm.mvp.ui.volunteer.activity.XwmVolunteerTeamDetailActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmWishDetailActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmMediaPreviewActivity
net.xinhuamm.xwm.mvp.ui.practice.activity.XwmPracticePositionDetailActivity
net.xinhuamm.xwm.mvp.ui.platform.activity.XwmPlatformActivity
net.xinhuamm.xwm.mvp.ui.goodman.activity.XwmGoodManIntroductionActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmSearchActivity
net.xinhuamm.xwm.mvp.ui.civilization.activity.XwmCivilizationBoardActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmAcceptanceCenterActivity
net.xinhuamm.xwm.mvp.ui.user.activity.XwmMyActivityActivity
net.xinhuamm.xwm.mvp.ui.user.activity.XwmServiceRecordActivity
com.xinhuamm.xinhuasdk.rqcode.scan.QRCodeScanActivity
com.xinhuamm.lbsamap.locationPoint.LocationPointActivity
com.xinhuamm.video.VideoRecorder
com.xinhuamm.video.VideoCrop
com.xinhuamm.intelligentspeech.speechSynthesizer.LockActivity
com.huawei.android.hms.agent.common.HMSAgentActivity
com.huawei.hms.activity.BridgeActivity
com.vivo.push.sdk.LinkProxyClientActivity
com.luck.picture.lib.PictureSelectorActivity
com.luck.picture.lib.PictureBaseActivity
com.luck.picture.lib.PicturePreviewActivity
com.luck.picture.lib.PictureVideoPlayActivity
com.luck.picture.lib.PictureExternalPreviewActivity
com.yalantis.ucrop.UCropActivity
com.luck.picture.lib.PicturePlayAudioActivity
com.umeng.socialize.media.WBShareCallBackActivity
com.sina.weibo.sdk.web.WeiboSdkWebActivity
com.sina.weibo.sdk.share.WbShareTransActivity
com.umeng.facebook.FacebookActivity
com.xinhuamm.gsyplayer.activity.CommonVideoPlayActivity
com.ygou.picture_edit.PictureEditActivity
com.twitter.sdk.android.tweetcomposer.ComposerActivity
com.twitter.sdk.android.core.identity.OAuthActivity
com.igexin.sdk.PushActivity
com.igexin.sdk.GActivity

Receivers

Information computed with AndroGuard.

org.matomo.sdk.extra.InstallReferrerReceiver
com.igexin.sdk.HmsPushReceiver
com.huawei.hms.support.api.push.PushEventReceiver
com.meizu.cloud.pushsdk.SystemReceiver
com.igexin.sdk.FlymePushReceiver
com.igexin.sdk.MiuiPushReceiver
com.igexin.sdk.VivoPushMessageReceiver
com.umeng.share.twitterapi.TwitterShareReceiver
com.igexin.sdk.PushReceiver

Services

Information computed with AndroGuard.

com.ynxhs.dznews.mvp.push.PushService
com.baidu.location.f
com.xinhuamm.xinhuasdk.push.GetuiPushService
com.xinhuamm.xinhuasdk.ossUpload.service.DefaultTaskService
com.tencent.smtt.export.external.DexClassLoaderProviderService
com.amap.api.location.APSService
com.xinhuamm.intelligentspeech.speechSynthesizer.service.LockService
com.meizu.cloud.pushsdk.NotificationService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.vivo.push.sdk.service.CommandClientService
com.igexin.sdk.OppoPushService
com.shuwen.analytics.sink.SinkService
com.shuwen.analytics.report.ReportJobService
com.shuwen.analytics.report.ReportIntentService
com.vector.update_app.service.DownloadService
zlc.season.rxdownload2.function.DownloadService
com.twitter.sdk.android.tweetcomposer.TweetUploadService
com.igexin.sdk.PushService

Sample timeline

Certificate valid not before	Aug. 26, 2011, 3:44 a.m.
First submission on VT	July 8, 2020, 10:23 a.m.
Last submission on VT	July 8, 2020, 10:23 a.m.
Upload on Pithus	Jan. 12, 2022, 8:14 a.m.
Certificate valid not after	Aug. 19, 2036, 3:44 a.m.

VirusTotal

Score	0/60
Report	https://www.virustotal.com/gui/file/8ed24716472bce7c9850fbac171d842a18ebe2f39927fb70457ab2dd4151e1c4/detection

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1	The application does not store any credentials to non-volatile memory. Storage of Credentials
FCS_CKM_EXT.1.1	The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services
FDP_DEC_EXT.1.1	The application has access to ['network connectivity', 'camera', 'location', 'bluetooth', 'microphone']. Access to Platform Resources
FDP_DEC_EXT.1.2	The application has access to ['system logs']. Access to Platform Resources
FDP_NET_EXT.1.1	The application has user/application initiated network communications. Network Communications
FDP_DAR_EXT.1.1	The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1	The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options. Supported Configuration Mechanism
FTP_DIT_EXT.1.1	The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low CVSS:7.5	The App logs information. Sensitive information should never be logged. MASVS: MSTG-STORAGE-3 CWE-532 Insertion of Sensitive Information into Log File Files: `com/alibaba/android/arouter/launcher/_ARouter.java com/alibaba/android/arouter/utils/ClassUtils.java com/alibaba/android/arouter/utils/DefaultLogger.java`
High CVSS:7.4	Files may contain hardcoded sensitive informations like usernames, passwords, keys etc. MASVS: MSTG-STORAGE-14 CWE-312 Cleartext Storage of Sensitive Information M9: Reverse Engineering Files: `com/alibaba/android/arouter/utils/Consts.java`

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US	`www.webrtc.org`	`142.250.186.78`
DE	`slsrole.alicdn.com`	`163.181.56.193`
FR	`upload.ffmpeg.org`	`213.36.253.119`
CA	`www.winimage.com`	`198.50.170.91`
US	`www.ietf.org`	`104.16.45.99`
DE	`www.openssl.org`	`23.45.99.93`
CN	`videocloud.cn-hangzhou.log.aliyuncs.com`	`120.55.220.4`
CN	`live.aliyuncs.com`	`106.11.162.170`
DE	`www.alibaba.com`	`104.111.243.137`
US	`libusb.info`	`185.199.109.153`
FR	`www.videolan.org`	`213.36.253.2`

URL analysis

Information computed with MobSF.

`ftp://upload.ffmpeg.org/incoming/` Defined in `lib/armeabi-v7a/libijkplayer.so`
`data:application/vnd.ms.wms-hdr.asfv1;base64,` `http://www.openssl.org/support/faq.html` Defined in `lib/armeabi-v7a/libijkffmpeg.so`
`http://libusb.info` Defined in `lib/armeabi-v7a/libusb100.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://203.107.1.33/131392/d?host=` `http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time` `http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01` `http://www.webrtc.org/experiments/rtp-hdrext/playout-delay` `http://www.webrtc.org/experiments/rtp-hdrext/video-content-type` `http://www.webrtc.org/experiments/rtp-hdrext/video-timing` `http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id` `http://www.alibaba.com/experiments/rtp-hdrext/picture_id` `ftp://%s:%s@%s` `file://hostname/,` `http://www.openssl.org/support/faq.html` `http://www.winimage.com/zLibDll` Defined in `lib/armeabi-v7a/libwukong_ua.so`
`http://live.aliyuncs.com` `https://slsrole.alicdn.com` `https://videocloud.cn-hangzhou.log.aliyuncs.com` `http://www.winimage.com/zLibDll` `file://%s%s%s` `ftp://%s:%s@%s` Defined in `lib/armeabi-v7a/libalivc_conan.so`
`http://live.aliyuncs.com` `https://slsrole.alicdn.com` `https://videocloud.cn-hangzhou.log.aliyuncs.com` `http://www.winimage.com/zLibDll` `file://%s%s%s` `ftp://%s:%s@%s` Defined in `lib/armeabi-v7a/libalivc_conan.so`
`http://live.aliyuncs.com` `https://slsrole.alicdn.com` `https://videocloud.cn-hangzhou.log.aliyuncs.com` `http://www.winimage.com/zLibDll` `file://%s%s%s` `ftp://%s:%s@%s` Defined in `lib/armeabi-v7a/libalivc_conan.so`
`http://live.aliyuncs.com` `https://slsrole.alicdn.com` `https://videocloud.cn-hangzhou.log.aliyuncs.com` `http://www.winimage.com/zLibDll` `file://%s%s%s` `ftp://%s:%s@%s` Defined in `lib/armeabi-v7a/libalivc_conan.so`
`http://www.openssl.org/support/faq.html` Defined in `lib/armeabi-v7a/libnlsCppSdk.so`
`http://www.videolan.org/x264.html` Defined in `lib/armeabi-v7a/libalivcffmpeg.so`

Permissions analysis

Information computed with MobSF.

High	`android.permission.CALL_PHONE`	directly call phone numbers Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High	`android.permission.CAMERA`	take pictures and videos Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High	`android.permission.WRITE_SETTINGS`	modify global system settings Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High	`android.permission.READ_LOGS`	read sensitive log data Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
High	`android.permission.RECORD_AUDIO`	record audio Allows application to access the audio record path.
High	`android.permission.GET_TASKS`	retrieve running applications Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High	`android.permission.SYSTEM_ALERT_WINDOW`	display system-level alerts Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High	`android.permission.REQUEST_INSTALL_PACKAGES`	Allows an application to request installing packages. Malicious applications can use this to try and trick users into installing additional malicious packages.
High	`android.permission.READ_EXTERNAL_STORAGE`	read external storage contents Allows an application to read from external storage.
High	`android.permission.ACCESS_COARSE_LOCATION`	coarse (network-based) location Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High	`android.permission.ACCESS_FINE_LOCATION`	fine (GPS) location Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High	`android.permission.READ_PHONE_STATE`	read phone state and identity Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High	`android.permission.WRITE_EXTERNAL_STORAGE`	read/modify/delete external storage contents Allows an application to write to external storage.
High	`android.permission.MOUNT_UNMOUNT_FILESYSTEMS`	mount and unmount file systems Allows the application to mount and unmount file systems for removable storage.
Low	`android.permission.INTERNET`	full Internet access Allows an application to create network sockets.
Low	`android.permission.EXPAND_STATUS_BAR`	expand/collapse status bar Allows application to expand or collapse the status bar.
Low	`android.permission.BROADCAST_STICKY`	send sticky broadcast Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.
Low	`android.permission.WAKE_LOCK`	prevent phone from sleeping Allows an application to prevent the phone from going to sleep.
Low	`android.permission.RECEIVE_BOOT_COMPLETED`	automatically start at boot Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low	`android.permission.VIBRATE`	control vibrator Allows the application to control the vibrator.
Low	`android.permission.ACCESS_WIFI_STATE`	view Wi-Fi status Allows an application to view the information about the status of Wi-Fi.
Low	`android.permission.ACCESS_NETWORK_STATE`	view network status Allows an application to view the status of all networks.
Low	`android.permission.CHANGE_NETWORK_STATE`	change network connectivity Allows applications to change network connectivity state.
Low	`android.permission.MODIFY_AUDIO_SETTINGS`	change your audio settings Allows application to modify global audio settings, such as volume and routing.
Low	`android.permission.CHANGE_WIFI_STATE`	change Wi-Fi status Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low	`android.permission.BLUETOOTH`	create Bluetooth connections Allows applications to connect to paired bluetooth devices.
Low	`android.permission.ACCESS_LOCATION_EXTRA_COMMANDS`	access extra location provider commands Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low	`android.permission.RESTART_PACKAGES`	kill background processes Allows an application to kill background processes of other applications, even if memory is not low.
Medium	`android.permission.CHANGE_CONFIGURATION`	change your UI settings Allows an application to change the current configuration, such as the locale or overall font size.
	`android.hardware.camera`	Unknown permission Unknown permission from android reference
	`com.meizu.flyme.push.permission.RECEIVE`	Unknown permission Unknown permission from android reference
	`com.meizu.c2dm.permission.RECEIVE`	Unknown permission Unknown permission from android reference
	`net.xinhuamm.d0233.push.permission.MESSAGE`	Unknown permission Unknown permission from android reference
	`net.xinhuamm.d0233.permission.C2D_MESSAGE`	Unknown permission Unknown permission from android reference
	`android.permission.BROADCAST_PACKAGE_ADDED`	Unknown permission Unknown permission from android reference
	`android.permission.BROADCAST_PACKAGE_CHANGED`	Unknown permission Unknown permission from android reference
	`android.permission.BROADCAST_PACKAGE_INSTALL`	Unknown permission Unknown permission from android reference
	`android.permission.BROADCAST_PACKAGE_REPLACED`	Unknown permission Unknown permission from android reference
	`net.xinhuamm.d0233.permission.MIPUSH_RECEIVE`	Unknown permission Unknown permission from android reference
	`com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE`	Unknown permission Unknown permission from android reference
	`android.permission.WRITE_MEDIA_STORAGE`	Unknown permission Unknown permission from android reference
	`getui.permission.GetuiService.net.xinhuamm.d0233`	Unknown permission Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence: 100%	Method reflection
Confidence: 100%	Method reflection
Confidence: 100%	Initialize class object dynamically
Confidence: 80%	Read file and put it into a stream
Confidence: 80%	Get absolute path of the file and store in string
Confidence: 80%	Read file from assets directory
Confidence: 80%	Load additional DEX files dynamically
Confidence: 80%	Executes the specified string Linux command

Behavior analysis

Information computed with MobSF.

Content provider

       s/h/e/l/l/A.java

Execute os command

       s/h/e/l/l/S.java

Inter process communication

       com/alibaba/android/arouter/core/InstrumentationHook.java
       com/alibaba/android/arouter/launcher/_ARouter.java
       s/h/e/l/l/A.java

Java reflection

       com/alibaba/android/arouter/core/LogisticsCenter.java
       com/alibaba/android/arouter/core/InstrumentationHook.java
       com/alibaba/android/arouter/launcher/_ARouter.java
       com/alibaba/android/arouter/utils/ClassUtils.java
       com/alibaba/android/arouter/core/AutowiredServiceImpl.java

Load and manipulate dex files

       com/alibaba/android/arouter/utils/ClassUtils.java

Loading native code (shared library)

       s/h/e/l/l/N.java

Local file i/o operations

       com/alibaba/android/arouter/core/LogisticsCenter.java
       com/alibaba/android/arouter/utils/PackageUtils.java
       com/alibaba/android/arouter/utils/ClassUtils.java

Starting activity

       com/alibaba/android/arouter/launcher/_ARouter.java

net.xinhuamm.d0233

中国三沙

42

permissions

152

activities

19

services

9

receivers

11

domains

File sums

APKiD

SSdeep

Dexofuzzy

APK details

Certificate details

Manifest analysis

Browsable activities

Main Activity

Activities

Receivers

Services

Sample timeline

VirusTotal

NIAP analysis

Code analysis

Domains analysis

URL analysis

Permissions analysis

Threat analysis

Behavior analysis