Low Risk

Threat level

com.zxml.videoline

妹聊

Analyzed on 2022-02-09T02:40:22.885116

31

permissions

142

activities

16

services

11

receivers

21

domains

File sums

MD5 717b18b8374ebd57e8488c16cad6f6fd
SHA1 bc27b5ddd728c116b4a29816ef326d923f7866bf
SHA256 9153f1882151b1fe6b126b4b411a40b577dbc6238f6c5130161cbe4829a2e741
Size 79.98MB

APKiD

Information computed with APKiD.

/tmp/tmpmw5i8n6o
packer
  • Jiagu
/tmp/tmpmw5i8n6o!classes.dex
compiler
  • dexlib 2.x
/tmp/tmpmw5i8n6o!lib/armeabi-v7a/libsophix.so
obfuscator
  • Alipay

SSdeep

Information computed with ssdeep.

APK file 1572864:IKnSc4rJWc2LhJrOXCuq8qHmg2hgTU4pAGu4CYXyJ/VYd76oVhx5U0lDj:tSRwLgCuqBGfF4XuPY4LoVlN
Manifest 768:hf1eBlSxKz3LLVJ3pMe8FjrCahr8yOxOe969FnErm60SJV3zxtBoTXWSx695BRYY:…
classes.dex 196608:OB1KGRnmeHGSua6QcL2h1Vncy7Kuw3axB0:OBTRnmWn4L2h1Vcy7KxaxB0

Dexofuzzy

Information computed with Dexofuzzy.

APK file 12:VWm3r6Pik154IZFUofyVzODqXEUPbGMo3E:VWm3rYNZGoaVzHEMGMoU
classes.dex 12:VWm3r6Pik154IZFUofyVzODqXEUPbGMo3E:VWm3rYNZGoaVzHEMGMoU

APK details

Information computed with AndroGuard and Pithus.

Package com.zxml.videoline
App name 妹聊
Version name 1.1.3
Version code 111
SDK 21 - 28
UAID 9344b522bda8c83fcfaa9ba1f5a1b68cdccf04d3
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 79a3293938f2cc4901cfb2c50cac80aa
SHA1 1bb890a976fd73e6c8d29d7af0f2ee6e5c92e687
SHA256 0f8ad8d81b690ef078e6daf26afe8f056e7083f896d23b876533604940505d8b
Issuer Common Name: zhi, Organizational Unit: zhixing
Not before 2019-04-30T10:04:03+00:00
Not after 3018-08-31T10:04:03+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. META-INF/services/javax.ws.rs.ext.MessageBodyReader
META-INF/services/javax.ws.rs.ext.Providers
assets/.appkey
Findings Files
Hardcoded Keystore found. assets/grs_sp.bks
assets/hmsincas.bks
assets/hmsrootcas.bks
assets/updatesdkcas.bks

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Activity (com.zxml.videoline.wxapi.WXEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.zxml.videoline.wxapi.WXPayEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.tencent.qalsdk.core.NetConnInfoCenter) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.tencent.qalsdk.service.QalService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.xiaomi.mipush.sdk.PushMessageHandler) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.zx.videoline.push.XiaomiMsgReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.vivo.push.sdk.service.CommandClientService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.zx.videoline.push.VIVOPushMessageReceiverImpl) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.heytap.msp.push.service.CompatibleDataMessageCallbackService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.heytap.msp.push.service.DataMessageCallbackService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.heytap.mcs.permission.SEND_PUSH_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (io.rong.push.rongpush.PushService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (io.rong.push.rongpush.PushReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.taobao.sophix.aidl.DownloadService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Low Broadcast Receiver (com.huawei.hms.support.api.push.PushMsgReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.zxml.videoline.permission.PROCESS_PUSH_MSG
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Low Broadcast Receiver (com.huawei.hms.support.api.push.PushReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.zxml.videoline.permission.PROCESS_PUSH_MSG
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High Service (com.huawei.hms.support.api.push.service.HmsMsgService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Low Content Provider (com.huawei.hms.support.api.push.PushProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.zxml.videoline.permission.PUSH_PROVIDER
protectionLevel: signatureOrSystem [android:exported=true]
A Content Provider is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.

Browsable activities

Information computed with MobSF.

com.zx.videoline.ui.SplashActivity

Schemes: afcc9064://

Main Activity

Information computed with AndroGuard.

com.zx.videoline.ui.SplashActivity

Activities

Information computed with AndroGuard.

com.zx.videoline.ui.PrivacySettingActivity
com.zx.videoline.ui.AvatarCertificationPromptActivity
com.zx.videoline.ui.me.HostTypeActivity
com.zx.videoline.ui.KnapsackActivity
com.zx.videoline.ui.me.GiftBagActivity
com.zx.videoline.ui.me.LevelActivity
com.zx.videoline.ErJiActivity
com.zx.videoline.ui.NoteActivity
com.zx.videoline.ui.Recharge2Activity
com.zx.videoline.ui.SVGAActivity
com.zx.videoline.ui.VideohistoryActivity
com.zx.videoline.ui.UserDetailPrivatePhotoActivity
com.zx.videoline.ui.wallet.IncomeDetailActivity
com.zx.videoline.ui.wallet.CostDetailActivity
com.zx.videoline.ui.SplashActivity
com.zx.videoline.ui.LoginEnterCodeActivity
com.zx.videoline.ui.LoginUploadAvatarActivity
com.zx.videoline.ui.BindAlipayActivity
com.zx.videoline.ui.SettingPriceActivity
com.zx.videoline.ui.RegisterSelectActivity
com.zx.videoline.ui.MainActivity
com.zx.videoline.ui.HomePageActivity
com.zx.videoline.ui.VideoPlayerActivity
com.zx.videoline.ui.CallPlayerActivity
com.zx.videoline.ui.PlayerCallActivity
com.zx.videoline.ui.ReportActivity
com.zx.videoline.ui.ToJoinActivity
com.zx.videoline.msg.ui.MsgActivity
com.zx.videoline.msg.ui.AboutFansActivity
com.zx.videoline.ui.EditActivity
com.zx.videoline.ui.WebViewActivity
com.zx.videoline.msg.ui.MsgListActivity
com.zx.chat.ui.ImageViewActivity
com.zx.chat.ui.ImagePreviewActivity
com.zx.videoline.ui.PrivateChatActivity
com.zx.chat.ui.ChatActivity
com.zx.videoline.ui.VideoLineEndActivity
com.zx.videoline.ui.PrivatePhotoActivity
com.zx.videoline.ui.VideoRecordActivity
com.zx.videoline.ui.PushShortVideoActivity
com.zx.videoline.ui.PushAuthShortVideoActivity
com.zx.videoline.ui.PerViewImgActivity
com.zx.videoline.ui.VideoAuthActivity
com.zx.videoline.ui.ShortVideoActivity
com.zx.videoline.ui.RechargeActivity
com.zx.videoline.ui.WealthActivity
com.zx.videoline.ui.me.MemberActivity
com.zx.videoline.ui.SettingActivity
com.zx.videoline.ui.InviteActivity
com.zx.videoline.ui.UserIncomeActivity
com.zx.videoline.ui.UserContribuionRankActivity
com.zx.videoline.ui.BlackListActivity
com.alipay.sdk.app.H5PayActivity
com.alipay.sdk.app.H5AuthActivity
com.zx.videoline.ui.PerfectRegisterInfoActivity
com.zx.videoline.ui.setting.SettingMsgActivity
com.zx.videoline.ui.setting.SettingVideoActivity
com.zxml.videoline.wxapi.WXEntryActivity
com.zxml.videoline.wxapi.WXPayEntryActivity
com.zx.videoline.ui.SystemMessageActivity
com.zx.videoline.ui.CuckooVideoTouchPlayerActivity
com.zx.videoline.ui.CuckooVideoEndEvaluateActivity
com.zx.videoline.ui.CuckooSearchActivity
com.zx.videoline.ui.CuckooOrderActivity
com.zx.videoline.ui.CuckooAuthFormActivity
com.zx.videoline.ui.CuckooAuthUserNicknameActivity
com.zx.videoline.ui.CuckooAuthPhoneActivity
com.zx.videoline.ui.CuckooAuthEditBodyActivity
com.zx.videoline.ui.CuckooSelectLabelActivity
com.zx.videoline.ui.CuckooHomePageActivity
com.zx.videoline.ui.CuckooLoginSelectActivity
com.zx.videoline.ui.CuckooMobileLoginActivity
com.zx.videoline.ui.CuckooVideoCallListActivity
com.zx.videoline.ui.DynamicImagePreviewActivity
com.zx.videoline.ui.DynamicDetailActivity
com.zx.videoline.ui.PushDynamicActivity
com.zx.videoline.ui.login.CuckooLoginShanyanActivity
com.zx.videoline.ui.AudioRecordActivity
com.zx.videoline.ui.RecommendActivity
com.zx.videoline.ui.CuckooSubscribeActivity
com.zx.videoline.ui.DialogH5Activity
com.zx.videoline.ui.CuckooVideoCallWaitActivity
com.zx.videoline.ui.CuckooVoiceCallActivity
com.zx.videoline.ui.ShareIncomeActivity
com.zx.videoline.ui.wallet.SharePersonActivity
com.zx.videoline.ui.wallet.ShareIncomeDetailActivity
com.zx.videoline.ui.FeedbackActivity
com.zx.videoline.ui.me.MineTaskActivity
com.zx.videoline.ui.wallet.ShareDrawHistoryActivity
com.zx.videoline.ui.wallet.WebViewWeixinH5payActivity
com.zx.videoline.ui.wallet.WebviewPayActivity
com.zx.videoline.ui.wallet.WebviewPayInterActivity
com.zx.videoline.ui.UserSignActivity
com.zx.videoline.ui.UserNormalStatusActivity
com.zx.videoline.ui.me.PlayerPictureAuthActivity
com.zx.videoline.ui.GuidActivity
com.zx.videoline.ui.me.PlayerAuth0225Activity
com.zx.videoline.ui.me.EditPrivatePhotoActivity
com.zx.videoline.ui.me.UserQiangliaoScoreStatusActivity
com.zx.videoline.ui.me.VistorsListActivity
com.zx.videoline.ui.DynamicListActivity
com.zx.videoline.ui.me.PlayerAuthResultActivity
com.zx.videoline.ui.me.PlayerAuthInfoActivity
com.zx.videoline.ui.me.SettingUserInfoActivity
com.zx.chat.ui.ChatNotifyActivity
com.zx.chat.ui.UserMsgLikeActivity
com.zx.videoline.ui.ShareNewActivity
com.zx.chat.ui.FemaleEditSayHelloContentActivity
com.zx.videoline.ui.me.MineTaskActivity0426
com.zx.videoline.msg.ui.AudioRecordEditSayHelloActivity
com.zx.videoline.ui.shortvideo.DyPlayerActivity
com.zx.videoline.ui.video.VideoLineActivity0426
com.zx.videoline.ui.video.VideoLineWaitActivity0426
com.zx.videoline.ui.SettingOtherActivity
com.zx.videoline.ui.me.MineTaskActivity1027
com.zx.videoline.ui.wallet.RedPackageActivity
com.zx.videoline.ui.me.CustomerServiceActivity
com.zx.videoline.ui.video.VideoQiuliaoAccepteActivity0426
com.chuanglan.shanyan_sdk.view.CmccLoginActivity
com.chuanglan.shanyan_sdk.view.ShanYanOneKeyActivity
com.zx.videoline.fu.ui.FUSettingChatActivity
com.zx.videoline.ui.video.ShowSuggestFemaleActivity
com.chuanglan.shanyan_sdk.view.CTCCPrivacyProtocolActivity
com.vivo.push.sdk.LinkProxyClientActivity
com.luck.picture.lib.PictureSelectorActivity
com.luck.picture.lib.PicturePreviewActivity
com.luck.picture.lib.PictureVideoPlayActivity
com.luck.picture.lib.PictureExternalPreviewActivity
com.yalantis.ucrop.UCropActivity
com.yalantis.ucrop.PictureMultiCuttingActivity
com.luck.picture.lib.PicturePlayAudioActivity
com.tencent.qcloud.tim.uikit.component.video.CameraActivity
com.tencent.qcloud.tim.uikit.component.video.VideoViewActivity
com.tencent.qcloud.tim.uikit.component.photoview.PhotoViewActivity
com.tencent.qcloud.tim.uikit.modules.group.info.GroupInfoActivity
com.tencent.qcloud.tim.uikit.component.SelectionActivity
com.tencent.qcloud.tim.uikit.modules.group.apply.GroupApplyManagerActivity
com.tencent.qcloud.tim.uikit.modules.group.apply.GroupApplyMemberActivity
com.huawei.hms.activity.BridgeActivity
com.huawei.hms.activity.EnableServiceActivity
com.huawei.updatesdk.service.otaupdate.AppUpdateActivity
com.huawei.updatesdk.support.pm.PackageInstallerActivity

Receivers

Information computed with AndroGuard.

com.tencent.qalsdk.QALBroadcastReceiver
com.tencent.qalsdk.core.NetConnInfoCenter
com.xiaomi.push.service.receivers.NetworkStatusReceiver
com.xiaomi.push.service.receivers.PingReceiver
com.zx.videoline.push.XiaomiMsgReceiver
com.zx.videoline.push.VIVOPushMessageReceiverImpl
io.rong.imlib.ConnectChangeReceiver
io.rong.imlib.HeartbeatReceiver
io.rong.push.rongpush.PushReceiver
com.huawei.hms.support.api.push.PushMsgReceiver
com.huawei.hms.support.api.push.PushReceiver

Services

Information computed with AndroGuard.

com.amap.api.location.APSService
com.tencent.qalsdk.service.QalService
com.tencent.qalsdk.service.QalAssistService
com.xiaomi.push.service.XMPushService
com.xiaomi.push.service.XMJobService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.vivo.push.sdk.service.CommandClientService
com.heytap.msp.push.service.CompatibleDataMessageCallbackService
com.heytap.msp.push.service.DataMessageCallbackService
com.zx.videoline.push.HWHmsMessageService
io.rong.imlib.ipc.RongService
io.rong.push.rongpush.PushService
com.taobao.sophix.aidl.DownloadService
com.huawei.hms.support.api.push.service.HmsMsgService
com.huawei.agconnect.core.ServiceDiscovery

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['bluetooth', 'camera', 'network connectivity', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
Pygal China: 500 Germany: 500 France: 200 Hong Kong: 200 Korea, Republic of: 100 United States: 600

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Domains analysis

Information computed with MobSF.

HK ping.huatuo.qq.com 162.62.80.147
KR tcdns.myqcloud.com 150.109.28.80
FR upload.ffmpeg.org 213.36.253.119
DE appgallery.cloud.huawei.com 80.158.41.227
US argus.agoralab.co 13.52.86.111
DE yun.tim.qq.com 162.62.115.14
CN test.tim.qq.com 106.55.123.101
DE store.hispace.hicloud.com 80.158.2.135
DE www.openssl.org 2.17.187.9
US www.ietf.org 104.16.44.99
US www.google.com 142.250.185.164
FR www.videolan.org 213.36.253.2
US play.google.com 142.250.185.110
CN datacenter.live.qcloud.com 183.47.97.245
CN mlvbdc.live.qcloud.com 183.47.97.245
CN live.qcloud.com 106.55.127.217
US www.webrtc.org 142.250.185.110
DE store-at-dre.hispace.dbankcloud.com 80.158.5.6
HK www.baidu.com 103.235.46.39
US tools.ietf.org 64.170.98.42
CN www.mob.com 116.62.130.46

URL analysis

Information computed with MobSF.

https://appgallery.cloud.huawei.com/app/
https://play.google.com/store/apps/details?id=
https://appgallery.cloud.huawei.com
http://www.mob.com
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
https://store.hispace.hicloud.com/hwmarket/api/
Defined in Android String Resource
https://appgallery.cloud.huawei.com/app/
https://play.google.com/store/apps/details?id=
https://appgallery.cloud.huawei.com
http://www.mob.com
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
https://store.hispace.hicloud.com/hwmarket/api/
Defined in Android String Resource
https://appgallery.cloud.huawei.com/app/
https://play.google.com/store/apps/details?id=
https://appgallery.cloud.huawei.com
http://www.mob.com
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
https://store.hispace.hicloud.com/hwmarket/api/
Defined in Android String Resource
https://appgallery.cloud.huawei.com/app/
https://play.google.com/store/apps/details?id=
https://appgallery.cloud.huawei.com
http://www.mob.com
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
https://store.hispace.hicloud.com/hwmarket/api/
Defined in Android String Resource
https://appgallery.cloud.huawei.com/app/
https://play.google.com/store/apps/details?id=
https://appgallery.cloud.huawei.com
http://www.mob.com
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
https://store.hispace.hicloud.com/hwmarket/api/
Defined in Android String Resource
https://appgallery.cloud.huawei.com/app/
https://play.google.com/store/apps/details?id=
https://appgallery.cloud.huawei.com
http://www.mob.com
https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/
https://store.hispace.hicloud.com/hwmarket/api/
Defined in Android String Resource
ftp://upload.ffmpeg.org/incoming/
Defined in lib/armeabi-v7a/libijkplayer.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
http://www.webrtc.org/experiments/rtp-hdrext/video-timing
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
http://www.webrtc.org/experiments/rtp-hdrext/color-space
Defined in lib/armeabi-v7a/lib_RongRTC_so.so
ftp://upload.ffmpeg.org/incoming/
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
data:application/vnd.ms.wms-hdr.asfv1;base64,
http://%s
Defined in lib/armeabi-v7a/libksylive.so
ftp://upload.ffmpeg.org/incoming/
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
data:application/vnd.ms.wms-hdr.asfv1;base64,
http://%s
Defined in lib/armeabi-v7a/libksylive.so
ftp://upload.ffmpeg.org/incoming/
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
data:application/vnd.ms.wms-hdr.asfv1;base64,
http://%s
Defined in lib/armeabi-v7a/libksylive.so
http://mlvbdc.live.qcloud.com/
http://obfjaaaafhiehjjf/ohae.oiaa
https://yun.tim.qq.com
https://test.tim.qq.com
Defined in lib/armeabi-v7a/libliteavsdk.so
http://mlvbdc.live.qcloud.com/
http://obfjaaaafhiehjjf/ohae.oiaa
https://yun.tim.qq.com
https://test.tim.qq.com
Defined in lib/armeabi-v7a/libliteavsdk.so
http://mlvbdc.live.qcloud.com/
http://obfjaaaafhiehjjf/ohae.oiaa
https://yun.tim.qq.com
https://test.tim.qq.com
Defined in lib/armeabi-v7a/libliteavsdk.so
https://yun.tim.qq.com/v4/im_cos_sign_svr/cos
https://yun.tim.qq.com/v4/imopenstat/im_sdk_report
https://ping.huatuo.qq.com/yun.tim.qq.com
http://182.254.116.116/d?dn=login.tim.qq.com
Defined in lib/armeabi-v7a/libImSDK.so
https://yun.tim.qq.com/v4/im_cos_sign_svr/cos
https://yun.tim.qq.com/v4/imopenstat/im_sdk_report
https://ping.huatuo.qq.com/yun.tim.qq.com
http://182.254.116.116/d?dn=login.tim.qq.com
Defined in lib/armeabi-v7a/libImSDK.so
https://yun.tim.qq.com/v4/im_cos_sign_svr/cos
https://yun.tim.qq.com/v4/imopenstat/im_sdk_report
https://ping.huatuo.qq.com/yun.tim.qq.com
http://182.254.116.116/d?dn=login.tim.qq.com
Defined in lib/armeabi-v7a/libImSDK.so
http://argus.agoralab.co/vosdk/public/report?speaker=%u&listener=%u&venderID=%s&channelName=%s
http://argus.agoralab.co/vosdk/public/report?listener=%u&venderID=%s&channelName=%s
www.google.com
www.baidu.com
http://s
Defined in lib/armeabi-v7a/libagora-rtc-sdk.so
http://argus.agoralab.co/vosdk/public/report?speaker=%u&listener=%u&venderID=%s&channelName=%s
http://argus.agoralab.co/vosdk/public/report?listener=%u&venderID=%s&channelName=%s
www.google.com
www.baidu.com
http://s
Defined in lib/armeabi-v7a/libagora-rtc-sdk.so
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libtxffmpeg.so
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libagora-crypto.so
ftp://upload.ffmpeg.org/incoming/
Defined in lib/armeabi-v7a/libtxplayer.so
ftp://upload.ffmpeg.org/incoming/
http://tcdns.myqcloud.com/queryip
http://datacenter.live.qcloud.com/
http://live.qcloud.com/report.php
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libtxrtmpsdk.so
ftp://upload.ffmpeg.org/incoming/
http://tcdns.myqcloud.com/queryip
http://datacenter.live.qcloud.com/
http://live.qcloud.com/report.php
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libtxrtmpsdk.so
ftp://upload.ffmpeg.org/incoming/
http://tcdns.myqcloud.com/queryip
http://datacenter.live.qcloud.com/
http://live.qcloud.com/report.php
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libtxrtmpsdk.so
ftp://upload.ffmpeg.org/incoming/
http://tcdns.myqcloud.com/queryip
http://datacenter.live.qcloud.com/
http://live.qcloud.com/report.php
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libtxrtmpsdk.so
ftp://upload.ffmpeg.org/incoming/
http://tcdns.myqcloud.com/queryip
http://datacenter.live.qcloud.com/
http://live.qcloud.com/report.php
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libtxrtmpsdk.so
ftp://upload.ffmpeg.org/incoming/
http://tcdns.myqcloud.com/queryip
http://datacenter.live.qcloud.com/
http://live.qcloud.com/report.php
http://www.videolan.org/x264.html
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libtxrtmpsdk.so
http://argus.agoralab.co/vosdk/public/report?speaker=%u&listener=%u&venderID=%s&channelName=%s
http://argus.agoralab.co/vosdk/public/report?listener=%u&venderID=%s&channelName=%s
www.baidu.com
www.google.com
Defined in lib/armeabi-v7a/libagora-rtc-sdk-jni.so
http://argus.agoralab.co/vosdk/public/report?speaker=%u&listener=%u&venderID=%s&channelName=%s
http://argus.agoralab.co/vosdk/public/report?listener=%u&venderID=%s&channelName=%s
www.baidu.com
www.google.com
Defined in lib/armeabi-v7a/libagora-rtc-sdk-jni.so

Permissions analysis

Information computed with MobSF.

High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.GET_TASKS retrieve running applications
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.REQUEST_INSTALL_PACKAGES Allows an application to request installing packages.
Malicious applications can use this to try and trick users into installing additional malicious packages.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.MOUNT_UNMOUNT_FILESYSTEMS mount and unmount file systems
Allows the application to mount and unmount file systems for removable storage.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.BLUETOOTH_ADMIN bluetooth administration
Allows applications to discover and pair bluetooth devices.
Low android.permission.KILL_BACKGROUND_PROCESSES kill background processes
Allows an application to kill background processes of other applications, even if memory is not low.
Low android.permission.CHANGE_NETWORK_STATE change network connectivity
Allows applications to change network connectivity state.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.BROADCAST_STICKY send sticky broadcast
Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.
Low android.permission.FLASHLIGHT control flashlight
Allows the application to control the flashlight.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.DISABLE_KEYGUARD Allows applications to disable the keyguard if it is not secure.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.MODIFY_AUDIO_SETTINGS change your audio settings
Allows application to modify global audio settings, such as volume and routing.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE Unknown permission
Unknown permission from android reference
com.heytap.mcs.permission.RECIEVE_MCS_MESSAGE Unknown permission
Unknown permission from android reference
com.zxml.videoline.permission.MIPUSH_RECEIVE Unknown permission
Unknown permission from android reference
com.zxml.videoline.permission.PROCESS_PUSH_MSG Unknown permission
Unknown permission from android reference
com.zxml.videoline.permission.PUSH_PROVIDER Unknown permission
Unknown permission from android reference
com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Read file from assets directory
Confidence:
100%
Method reflection
Confidence:
80%
Read data and put it into a buffer stream
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Open a file from given absolute path of the file
Confidence:
80%
Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Java reflection
       com/qihoo/util/c.java
com/stub/StubApp.java
Load and manipulate dex files
       com/stub/StubApp.java
Loading native code (shared library)
       com/stub/StubApp.java