0/60

Threat

net.xinhuamm.d0233

中国三沙

Analyzed on 2022-01-12T08:14:25.489872

42

permissions

152

activities

19

services

9

receivers

11

domains

File sums

MD5 23645dc96d62dc6bd7c51f27d4fd60cd
SHA1 9fcd099dd886fa8a4198b0a3745725b208d9ac60
SHA256 8ed24716472bce7c9850fbac171d842a18ebe2f39927fb70457ab2dd4151e1c4
Size 42.42MB

APKiD

Information computed with APKiD.

/tmp/tmp_gmf0stn
packer
  • Ijiami
/tmp/tmp_gmf0stn!assets/ijm_lib/armeabi/libexec.so
packer
  • UPX (unknown, modified)
/tmp/tmp_gmf0stn!assets/ijm_lib/armeabi/libexecmain.so
packer
  • UPX (unknown, modified)
/tmp/tmp_gmf0stn!assets/libijmDataEncryption.so
packer
  • UPX (unknown, modified)
/tmp/tmp_gmf0stn!classes.dex
compiler
  • dexlib 2.x
/tmp/tmp_gmf0stn!lib/armeabi-v7a/libAMapSDK_MAP_v7_5_0.so
packer
  • sharelib UPX

SSdeep

Information computed with ssdeep.

APK file 786432:UBmCBeQmGNGVcTElt+brz/LErIL7ut2O8PjZcAbeSePKFFUYFssMFFgiOJSTM0Tn:UBmEFmnCTpz/LEreO8PSpPKTUYKs6FvT
Manifest 768:wcyTrKqR8m4VHUQtoTYobQOegzmA5+xN/p3R3c3joTynYjAtuvQAtwKcKYODN4Ph:…
classes.dex 1536:1mwIRGjT0aKo3Dzznf6T99QjdbiYN4rzZMknPt5qlGw+2wQ09CNRW4O8DoTYlslo…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 48:0I67hyplfpwb7tg7He+WLWoZOkwpw5wYabjiSfWSggggAjFLDBYEviN307V:0hhypl…
classes.dex 48:0I67hyplfpwb7tg7He+WLWoZOkwpw5wYabjiSfWSggggAjFLDBYEviN307V:0hhypl…

APK details

Information computed with AndroGuard and Pithus.

Package net.xinhuamm.d0233
App name 中国三沙
Version name 1.2.0
Version code 373
SDK 19 - 27
UAID a31702b45a64f2d0de86b56b0dcb218693235636
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown

Certificate details

Information computed with AndroGuard.

MD5 399f76e7eb14a1fb91518371215e314b
SHA1 6f65af0d9378ed4474a929287a392565e2a0ac65
SHA256 8c3a967b7198589dfa6a88a05550e441d7c3cedfb7cb27986058363afca540d1
Issuer Common Name: hangzhou, Organizational Unit: bangxun, Organization: hangzhou, Locality: hangzhou, State/Province: zhejing, Country: 310011
Not before 2011-08-26T03:44:53+00:00
Not after 2036-08-19T03:44:53+00:00

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
High Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.HomeActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.Home2Activity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.welcome.activity.GuideActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High TaskAffinity is set for Activity
(com.ynxhs.dznews.mvp.ui.main.activity.SpeechLockActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Launch Mode of Activity (com.ynxhs.dznews.mvp.ui.main.activity.SpeechLockActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (net.xinhuamm.d0233.wxapi.WXEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Launch Mode of Activity (com.tencent.tauth.AuthActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (com.tencent.tauth.AuthActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (org.matomo.sdk.extra.InstallReferrerReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.xinhuamm.xinhuasdk.push.GetuiPushService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High TaskAffinity is set for Activity
(com.xinhuamm.intelligentspeech.speechSynthesizer.LockActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Launch Mode of Activity (com.xinhuamm.intelligentspeech.speechSynthesizer.LockActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Broadcast Receiver (com.huawei.hms.support.api.push.PushEventReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.meizu.cloud.pushsdk.NotificationService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.meizu.cloud.pushsdk.SystemReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Broadcast Receiver (com.igexin.sdk.FlymePushReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.xiaomi.mipush.sdk.PushMessageHandler) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.igexin.sdk.MiuiPushReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.vivo.push.sdk.service.CommandClientService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.igexin.sdk.VivoPushMessageReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.igexin.sdk.OppoPushService) is not Protected.An intent-filter exists.
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Service is explicitly exported.
High Launch Mode of Activity (com.sina.weibo.sdk.share.WbShareTransActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (com.sina.weibo.sdk.share.WbShareTransActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Launch Mode of Activity (com.ygou.picture_edit.PictureEditActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Service (com.igexin.sdk.PushService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.igexin.sdk.PushReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High TaskAffinity is set for Activity
(com.igexin.sdk.PushActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High TaskAffinity is set for Activity
(com.igexin.sdk.GActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.igexin.sdk.GActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Browsable activities

Information computed with MobSF.

com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity

Schemes: xinhuamm110171://

com.tencent.tauth.AuthActivity

Schemes: tencent1101817544://

Main Activity

Information computed with AndroGuard.

com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity

Activities

Information computed with AndroGuard.

com.ynxhs.dznews.mvp.ui.welcome.activity.WelcomeActivity
com.ynxhs.dznews.mvp.ui.HomeActivity
com.ynxhs.dznews.mvp.ui.Home2Activity
com.ynxhs.dznews.mvp.ui.login.PhoneLoginActivity
com.ynxhs.dznews.mvp.ui.login.VerificationLoginActivity
com.ynxhs.dznews.mvp.ui.login.PwdLoginActivity
com.ynxhs.dznews.mvp.ui.login.SettingPwdActivity
com.ynxhs.dznews.mvp.ui.login.BindPhoneActivity
com.ynxhs.dznews.mvp.ui.login.RegisterActivity
com.ynxhs.dznews.mvp.ui.login.FindPwdActivity
com.ynxhs.dznews.mvp.ui.user.activity.SettingActivity
com.ynxhs.dznews.mvp.ui.user.activity.FontSizeSettingActivity
com.ynxhs.dznews.mvp.ui.user.activity.UserInfoActivity
com.ynxhs.dznews.mvp.ui.user.activity.MessageDetailActivity
com.ynxhs.dznews.mvp.ui.user.activity.FeedbackActivity
com.ynxhs.dznews.mvp.ui.news.activity.LiveMenuDetailActivity
com.ynxhs.dznews.mvp.ui.welcome.activity.GuideActivity
com.ynxhs.dznews.mvp.ui.user.activity.ModifyUserNameActivity
com.ynxhs.dznews.mvp.ui.user.activity.ModifyPhoneActivity
com.ynxhs.dznews.mvp.ui.user.activity.ModifyPwdActivity
com.ynxhs.dznews.mvp.ui.user.activity.MineMessageActivity
com.ynxhs.dznews.mvp.ui.user.activity.MineCommentActivity
com.ynxhs.dznews.mvp.ui.news.activity.WapDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.NewsDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.PhotoBrowActivity
com.ynxhs.dznews.mvp.ui.news.activity.DetailCommentsActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailAActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectMoreListActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailBActivity
com.ynxhs.dznews.mvp.ui.news.activity.SubjectDetailCActivity
com.ynxhs.dznews.mvp.ui.news.activity.VideoDetailActivity
com.ynxhs.dznews.mvp.ui.search.activity.SearchResultActivity
com.ynxhs.dznews.mvp.ui.search.activity.SearchActivity
com.ynxhs.dznews.mvp.ui.main.activity.AreaCenterActivity
com.ynxhs.dznews.mvp.ui.main.activity.SearchAreaCenterActivity
com.ynxhs.dznews.mvp.ui.main.activity.NavigatorContentActivity
com.ynxhs.dznews.mvp.ui.main.activity.MoreServiceActivity
com.ynxhs.dznews.mvp.ui.main.activity.NewMoreServiceActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepListFActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepQuizActivity
com.ynxhs.dznews.mvp.ui.main.activity.EditorDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.GovernmentAffairsActivity
com.ynxhs.dznews.mvp.ui.main.activity.PokeDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.PublishDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepMyUploadActivity
com.ynxhs.dznews.mvp.ui.main.activity.ColumnEditActivity
com.ynxhs.dznews.mvp.ui.news.activity.AdvertActivity
com.ynxhs.dznews.mvp.ui.main.activity.BlockTopMoreListActivity
com.ynxhs.dznews.mvp.ui.user.activity.UserCollectionActivity
com.ynxhs.dznews.mvp.ui.main.activity.NewsListActivity
com.ynxhs.dznews.mvp.ui.main.activity.RollingNewsListActivity
com.ynxhs.dznews.mvp.ui.main.activity.SubscriptionDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.SubscriptionCenterActivity
com.ynxhs.dznews.mvp.ui.main.activity.SubscriptionMyActivity
com.ynxhs.dznews.mvp.ui.news.activity.LiveDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.ShortVideoDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.CommentActivity
com.ynxhs.dznews.mvp.ui.main.activity.SpeechLockActivity
com.ynxhs.dznews.mvp.ui.news.activity.TopicCardDetailActivity
com.ynxhs.dznews.mvp.ui.news.activity.TopicOpinionDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.TopicOpinionUploadActivity
com.ynxhs.dznews.mvp.ui.news.activity.PhotoBrowPreviewActivity
com.ynxhs.dznews.mvp.ui.news.activity.CommentDetailActivity
com.ynxhs.dznews.mvp.ui.upload.UploadGenericActivity
com.ynxhs.dznews.mvp.ui.main.activity.CityPickerActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepUnitActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepUploadMediaPreviewActivity
com.ynxhs.dznews.mvp.ui.main.activity.DepAboutMeActivity
com.ynxhs.dznews.mvp.ui.upload.DepUploadActivity
com.ynxhs.dznews.mvp.ui.news.activity.DepDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.ThematicColumnListActivity
com.ynxhs.dznews.mvp.ui.main.activity.ServicesHomeActivity
com.ynxhs.dznews.mvp.ui.news.activity.LivelihoodServicesDetailActivity
com.ynxhs.dznews.mvp.ui.main.activity.OrganListActivity
com.ynxhs.dznews.mvp.ui.main.activity.PaiKeUploadActivity
com.ynxhs.dznews.mvp.ui.main.activity.LivelihoodUploadDataActivity
com.ynxhs.dznews.mvp.ui.main.activity.LivelihoodWriteCommentActivity
com.ynxhs.dznews.mvp.ui.main.activity.LivelihoodEvaluateActivity
com.ynxhs.dznews.mvp.ui.upload.LivelihoodReportActivity
com.ynxhs.dznews.mvp.ui.user.activity.VerifyPhoneActivity
com.ynxhs.dznews.mvp.ui.user.activity.AccountManagementActivity
com.ynxhs.dznews.mvp.ui.user.activity.EnterpriseInfoActivity
com.ynxhs.dznews.mvp.ui.user.activity.RiskWarningActivity
com.ynxhs.dznews.mvp.ui.videocall.VideoCallActivity
com.ynxhs.dznews.mvp.ui.main.activity.ListenRadioActivity
com.ynxhs.dznews.mvp.ui.main.activity.SelectedRadioDetailActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTHomeActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTSearchActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTJieqinRecordActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTFarmerStoryActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTUploadActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.LocationLabelActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.BecomePartnerActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.ShowShowActivity
com.ynxhs.dznews.mvp.ui.jieqin.activity.YDTNewsDetailActivity
net.xinhuamm.d0233.wxapi.WXEntryActivity
com.tencent.tauth.AuthActivity
com.tencent.connect.common.AssistActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmMainActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmProjectDetailActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmChooseVolunteerTeamActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmChooseServiceItemActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmActivityCenterActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmMyWishActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmWishPoolActivity
net.xinhuamm.xwm.mvp.ui.news.activity.XwmNewsActivity
net.xinhuamm.xwm.mvp.ui.news.activity.XwmH5WebActivity
net.xinhuamm.xwm.mvp.ui.news.activity.XwmWapDetailActivity
net.xinhuamm.xwm.mvp.ui.volunteer.activity.XwmVolunteerTeamActivity
net.xinhuamm.xwm.mvp.ui.volunteer.activity.XwmNewVolunteerTeamActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmActivityServiceActivity
net.xinhuamm.xwm.mvp.ui.practice.activity.XwmPracticePositionActivity
net.xinhuamm.xwm.mvp.ui.goodman.activity.XwmGoodManActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmPhotoBrowseActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmContentActivity
net.xinhuamm.xwm.mvp.ui.volunteer.activity.XwmVolunteerTeamDetailActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmWishDetailActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmMediaPreviewActivity
net.xinhuamm.xwm.mvp.ui.practice.activity.XwmPracticePositionDetailActivity
net.xinhuamm.xwm.mvp.ui.platform.activity.XwmPlatformActivity
net.xinhuamm.xwm.mvp.ui.goodman.activity.XwmGoodManIntroductionActivity
net.xinhuamm.xwm.mvp.ui.main.activity.XwmSearchActivity
net.xinhuamm.xwm.mvp.ui.civilization.activity.XwmCivilizationBoardActivity
net.xinhuamm.xwm.mvp.ui.activityservice.activity.XwmAcceptanceCenterActivity
net.xinhuamm.xwm.mvp.ui.user.activity.XwmMyActivityActivity
net.xinhuamm.xwm.mvp.ui.user.activity.XwmServiceRecordActivity
com.xinhuamm.xinhuasdk.rqcode.scan.QRCodeScanActivity
com.xinhuamm.lbsamap.locationPoint.LocationPointActivity
com.xinhuamm.video.VideoRecorder
com.xinhuamm.video.VideoCrop
com.xinhuamm.intelligentspeech.speechSynthesizer.LockActivity
com.huawei.android.hms.agent.common.HMSAgentActivity
com.huawei.hms.activity.BridgeActivity
com.vivo.push.sdk.LinkProxyClientActivity
com.luck.picture.lib.PictureSelectorActivity
com.luck.picture.lib.PictureBaseActivity
com.luck.picture.lib.PicturePreviewActivity
com.luck.picture.lib.PictureVideoPlayActivity
com.luck.picture.lib.PictureExternalPreviewActivity
com.yalantis.ucrop.UCropActivity
com.luck.picture.lib.PicturePlayAudioActivity
com.umeng.socialize.media.WBShareCallBackActivity
com.sina.weibo.sdk.web.WeiboSdkWebActivity
com.sina.weibo.sdk.share.WbShareTransActivity
com.umeng.facebook.FacebookActivity
com.xinhuamm.gsyplayer.activity.CommonVideoPlayActivity
com.ygou.picture_edit.PictureEditActivity
com.twitter.sdk.android.tweetcomposer.ComposerActivity
com.twitter.sdk.android.core.identity.OAuthActivity
com.igexin.sdk.PushActivity
com.igexin.sdk.GActivity

Receivers

Information computed with AndroGuard.

org.matomo.sdk.extra.InstallReferrerReceiver
com.igexin.sdk.HmsPushReceiver
com.huawei.hms.support.api.push.PushEventReceiver
com.meizu.cloud.pushsdk.SystemReceiver
com.igexin.sdk.FlymePushReceiver
com.igexin.sdk.MiuiPushReceiver
com.igexin.sdk.VivoPushMessageReceiver
com.umeng.share.twitterapi.TwitterShareReceiver
com.igexin.sdk.PushReceiver

Services

Information computed with AndroGuard.

com.ynxhs.dznews.mvp.push.PushService
com.baidu.location.f
com.xinhuamm.xinhuasdk.push.GetuiPushService
com.xinhuamm.xinhuasdk.ossUpload.service.DefaultTaskService
com.tencent.smtt.export.external.DexClassLoaderProviderService
com.amap.api.location.APSService
com.xinhuamm.intelligentspeech.speechSynthesizer.service.LockService
com.meizu.cloud.pushsdk.NotificationService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.vivo.push.sdk.service.CommandClientService
com.igexin.sdk.OppoPushService
com.shuwen.analytics.sink.SinkService
com.shuwen.analytics.report.ReportJobService
com.shuwen.analytics.report.ReportIntentService
com.vector.update_app.service.DownloadService
zlc.season.rxdownload2.function.DownloadService
com.twitter.sdk.android.tweetcomposer.TweetUploadService
com.igexin.sdk.PushService

Sample timeline

Certificate valid not before Aug. 26, 2011, 3:44 a.m.
First submission on VT July 8, 2020, 10:23 a.m.
Last submission on VT July 8, 2020, 10:23 a.m.
Upload on Pithus Jan. 12, 2022, 8:14 a.m.
Certificate valid not after Aug. 19, 2036, 3:44 a.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity', 'camera', 'location', 'bluetooth', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['system logs'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/alibaba/android/arouter/launcher/_ARouter.java
com/alibaba/android/arouter/utils/ClassUtils.java
com/alibaba/android/arouter/utils/DefaultLogger.java
High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/alibaba/android/arouter/utils/Consts.java
Pygal Canada: 100 China: 200 Germany: 300 France: 200 United States: 300

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US www.webrtc.org 142.250.186.78
DE slsrole.alicdn.com 163.181.56.193
FR upload.ffmpeg.org 213.36.253.119
CA www.winimage.com 198.50.170.91
US www.ietf.org 104.16.45.99
DE www.openssl.org 23.45.99.93
CN videocloud.cn-hangzhou.log.aliyuncs.com 120.55.220.4
CN live.aliyuncs.com 106.11.162.170
DE www.alibaba.com 104.111.243.137
US libusb.info 185.199.109.153
FR www.videolan.org 213.36.253.2

URL analysis

Information computed with MobSF.

ftp://upload.ffmpeg.org/incoming/
Defined in lib/armeabi-v7a/libijkplayer.so
data:application/vnd.ms.wms-hdr.asfv1;base64,
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libijkffmpeg.so
http://libusb.info
Defined in lib/armeabi-v7a/libusb100.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://203.107.1.33/131392/d?host=
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://www.alibaba.com/experiments/rtp-hdrext/audio_ranking_level_id
http://www.alibaba.com/experiments/rtp-hdrext/picture_id
ftp://%s:%s@%s
file://hostname/,
http://www.openssl.org/support/faq.html
http://www.winimage.com/zLibDll
Defined in lib/armeabi-v7a/libwukong_ua.so
http://live.aliyuncs.com
https://slsrole.alicdn.com
https://videocloud.cn-hangzhou.log.aliyuncs.com
http://www.winimage.com/zLibDll
file://%s%s%s
ftp://%s:%s@%s
Defined in lib/armeabi-v7a/libalivc_conan.so
http://live.aliyuncs.com
https://slsrole.alicdn.com
https://videocloud.cn-hangzhou.log.aliyuncs.com
http://www.winimage.com/zLibDll
file://%s%s%s
ftp://%s:%s@%s
Defined in lib/armeabi-v7a/libalivc_conan.so
http://live.aliyuncs.com
https://slsrole.alicdn.com
https://videocloud.cn-hangzhou.log.aliyuncs.com
http://www.winimage.com/zLibDll
file://%s%s%s
ftp://%s:%s@%s
Defined in lib/armeabi-v7a/libalivc_conan.so
http://live.aliyuncs.com
https://slsrole.alicdn.com
https://videocloud.cn-hangzhou.log.aliyuncs.com
http://www.winimage.com/zLibDll
file://%s%s%s
ftp://%s:%s@%s
Defined in lib/armeabi-v7a/libalivc_conan.so
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libnlsCppSdk.so
http://www.videolan.org/x264.html
Defined in lib/armeabi-v7a/libalivcffmpeg.so

Permissions analysis

Information computed with MobSF.

High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.WRITE_SETTINGS modify global system settings
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High android.permission.READ_LOGS read sensitive log data
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.GET_TASKS retrieve running applications
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.REQUEST_INSTALL_PACKAGES Allows an application to request installing packages.
Malicious applications can use this to try and trick users into installing additional malicious packages.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.ACCESS_COARSE_LOCATION coarse (network-based) location
Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.MOUNT_UNMOUNT_FILESYSTEMS mount and unmount file systems
Allows the application to mount and unmount file systems for removable storage.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.EXPAND_STATUS_BAR expand/collapse status bar
Allows application to expand or collapse the status bar.
Low android.permission.BROADCAST_STICKY send sticky broadcast
Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.CHANGE_NETWORK_STATE change network connectivity
Allows applications to change network connectivity state.
Low android.permission.MODIFY_AUDIO_SETTINGS change your audio settings
Allows application to modify global audio settings, such as volume and routing.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.ACCESS_LOCATION_EXTRA_COMMANDS access extra location provider commands
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low android.permission.RESTART_PACKAGES kill background processes
Allows an application to kill background processes of other applications, even if memory is not low.
Medium android.permission.CHANGE_CONFIGURATION change your UI settings
Allows an application to change the current configuration, such as the locale or overall font size.
android.hardware.camera Unknown permission
Unknown permission from android reference
com.meizu.flyme.push.permission.RECEIVE Unknown permission
Unknown permission from android reference
com.meizu.c2dm.permission.RECEIVE Unknown permission
Unknown permission from android reference
net.xinhuamm.d0233.push.permission.MESSAGE Unknown permission
Unknown permission from android reference
net.xinhuamm.d0233.permission.C2D_MESSAGE Unknown permission
Unknown permission from android reference
android.permission.BROADCAST_PACKAGE_ADDED Unknown permission
Unknown permission from android reference
android.permission.BROADCAST_PACKAGE_CHANGED Unknown permission
Unknown permission from android reference
android.permission.BROADCAST_PACKAGE_INSTALL Unknown permission
Unknown permission from android reference
android.permission.BROADCAST_PACKAGE_REPLACED Unknown permission
Unknown permission from android reference
net.xinhuamm.d0233.permission.MIPUSH_RECEIVE Unknown permission
Unknown permission from android reference
com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE Unknown permission
Unknown permission from android reference
android.permission.WRITE_MEDIA_STORAGE Unknown permission
Unknown permission from android reference
getui.permission.GetuiService.net.xinhuamm.d0233 Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Method reflection
Confidence:
100%
Method reflection
Confidence:
100%
Initialize class object dynamically
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get absolute path of the file and store in string
Confidence:
80%
Read file from assets directory
Confidence:
80%
Load additional DEX files dynamically
Confidence:
80%
Executes the specified string Linux command

Behavior analysis

Information computed with MobSF.

Content provider
       s/h/e/l/l/A.java
Execute os command
       s/h/e/l/l/S.java
Inter process communication
       com/alibaba/android/arouter/core/InstrumentationHook.java
com/alibaba/android/arouter/launcher/_ARouter.java
s/h/e/l/l/A.java
Java reflection
       com/alibaba/android/arouter/core/LogisticsCenter.java
com/alibaba/android/arouter/core/InstrumentationHook.java
com/alibaba/android/arouter/launcher/_ARouter.java
com/alibaba/android/arouter/utils/ClassUtils.java
com/alibaba/android/arouter/core/AutowiredServiceImpl.java
Load and manipulate dex files
       com/alibaba/android/arouter/utils/ClassUtils.java
Loading native code (shared library)
       s/h/e/l/l/N.java
Local file i/o operations
       com/alibaba/android/arouter/core/LogisticsCenter.java
com/alibaba/android/arouter/utils/PackageUtils.java
com/alibaba/android/arouter/utils/ClassUtils.java
Starting activity
       com/alibaba/android/arouter/launcher/_ARouter.java