Pithus report for 阳光守护-孩子 - com.broaddeep.safe.childrennetguard

File sums

MD5	`0da419cb5cd1c821299ca7399c5ec309`
SHA1	`cbf35dff4e46171a562e51a3d25d209bfe0b976d`
SHA256	`92bbe8daf40c8a178108a7be40315f78b6bbafaec7d82057df19d0dbe7aa8bb1`
Size	`18.95MB`

APKiD

Information computed with APKiD.

`/tmp/tmpqjsu0xkh`
packer	`Jiagu`
`/tmp/tmpqjsu0xkh!classes.dex`
compiler	`dexlib 2.x`

SSdeep

Information computed with ssdeep.

APK file	`393216:VPin8Xnxcze7+a67EohppC+UhQ7KNmbuU3tTGm+e5sFyKqtYTs79EuzpgdGv:0unue+a6Th375btTGm+kqsz`
Manifest	`768:EF5SF8AMk0sgfB4o26/k3VayDeK3sFxTApp8jLCZz6Bro6TSQ3k8Es7i0nDyv58P:…`
`classes.dex`	`98304:HQ/iJ2/xShXaSGq3iU6BL/Fvb2AzBDDaJMs3jW7wVVeJVPg13:HQDxShXaSGCd6…`

Dexofuzzy

Information computed with Dexofuzzy.

APK file	`12:RWm3r6Pik154IZFUofyVzODqXEUPbGMo3E:RWm3rYNZGoaVzHEMGMoU`
`classes.dex`	`12:RWm3r6Pik154IZFUofyVzODqXEUPbGMo3E:RWm3rYNZGoaVzHEMGMoU`

APK details

Information computed with AndroGuard and Pithus.

Package	`com.broaddeep.safe.childrennetguard`
App name	`阳光守护-孩子`
Version name	`4.0.0.30`
Version code	`11012`
SDK	`22` - `29`
UAID	`b57c58eea46dc1d035b2d7a034b8de9cf317287e`
Signature	Signature V1 Signature V2
Frosting	Not frosted Blocks found within V2 signature: `0x7109871a`: Unknown `0x42726577`: Verity padding

Certificate details

Information computed with AndroGuard.

MD5	`c27d7409f225e43cc567a280f0d9689a`
SHA1	`9c850a349a3622b48507fabb30ba0374935e5f23`
SHA256	`3d86db3f6f09abcb5a0eb42849d6a089d54b31f13f128e7885fc0868564d3665`
Issuer	`Common Name: YanHaiRong, Organizational Unit: 博泰雄森（北京）网络科技有限公司, Organization: 博泰雄森（北京）网络科技有限公司, Locality: 北京, State/Province: 北京, Country: 86`
Not before	`2015-11-27T09:42:49+00:00`
Not after	`2040-11-20T09:42:49+00:00`

File Analysis

Information computed with MobSF.

Findings	Files
Certificate/Key files hardcoded inside the app.	`assets/.appkey` `okhttp3/internal/publicsuffix/NOTICE`

Manifest analysis

Information computed with MobSF.

High	Clear text traffic is Enabled For App[android:usesCleartextTraffic=true] The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
High	Activity (com.broaddeep.safe.SplashActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity-Alias (com.broaddeep.safe.childrennetguard.Stub) is not Protected.An intent-filter exists. An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity-Alias is explicitly exported.
High	Activity-Alias (com.broaddeep.safe.childrennetguard.Main) is not Protected.An intent-filter exists. An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity-Alias is explicitly exported.
High	TaskAffinity is set for Activity (com.broaddeep.safe.launcher.Launcher) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Content Provider (com.broaddeep.safe.launcher.provider.LauncherProvider) is not Protected. [android:exported=true] A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Broadcast Receiver (com.broaddeep.safe.launcher.receiver.SessionCommitReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Broadcast Receiver (com.broaddeep.safe.launcher.widget.AppWidgetsRestoredReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Service (com.broaddeep.safe.launcher.notification.NotificationListener) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High	Service (com.broaddeep.safe.module.guard.accessibility.GuardAccessibilityService) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High	Broadcast Receiver (com.broaddeep.safe.module.guard.deviceadmin.AdminReceiver) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High	Broadcast Receiver (com.broaddeep.safe.module.guard.deviceadmin.DeviceAdmin) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High	Broadcast Receiver (com.broaddeep.safe.common.LauncherBootReceiver) is not Protected. [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Broadcast Receiver (com.broaddeep.safe.common.broadcast.PowerConnectionReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Service (com.broaddeep.safe.ipc.IpcServerService) is Protected by a permission, but the protection level of the permission should be checked. Permission: com.broaddeep.safe.ipc protectionLevel: normal [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
High	Broadcast Receiver (com.broaddeep.safe.module.clockwidget.view.ClockWidget) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	TaskAffinity is set for Activity (com.broaddeep.safe.module.apprestrictions.ui.ToastActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.broaddeep.safe.module.update.ui.DownloadActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.broaddeep.safe.module.guide.ui.DefaultGuideHomeActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.broaddeep.safe.module.guide.ui.auto.AutoGuideHomeActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.broaddeep.safe.module.guide.ui.mdm.MdmGuideHomeActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.broaddeep.safe.module.screenshot.ui.ScreenShotActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.broaddeep.safe.module.screencontrol.ui.ScreenControlActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.tencent.rtmp.video.TXScreenCapture$TXScreenCaptureAssistantActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Service (com.broaddeep.safe.push.ge.GePushService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High	Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked. Permission: android.permission.DUMP [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High	Activity (cn.jpush.android.ui.PopWinActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Activity (cn.jpush.android.ui.PushActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Service (cn.jpush.android.service.DaemonService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	TaskAffinity is set for Activity (cn.jpush.android.service.DActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Activity (cn.jpush.android.service.DActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Broadcast Receiver (cn.jpush.android.service.PushReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	Content Provider (cn.jpush.android.service.DownloadProvider) is not Protected. [android:exported=true] A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	TaskAffinity is set for Activity (cn.jpush.android.service.JNotifyActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Activity (cn.jpush.android.service.JNotifyActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High	Broadcast Receiver (com.igexin.sdk.PushReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High	TaskAffinity is set for Activity (com.igexin.sdk.PushActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	TaskAffinity is set for Activity (com.igexin.sdk.GActivity) If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High	Activity (com.igexin.sdk.GActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Medium	High Intent Priority (2147483647)[android:priority] By setting an intent priority higher than another intent, the app effectively overrides other requests.
Medium	High Intent Priority (1000)[android:priority] By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

com.broaddeep.safe.SplashActivity

Hosts: open

Schemes: eversunshine://

Main Activity

Information computed with AndroGuard.

com.broaddeep.safe.childrennetguard.Main

Activities

Information computed with AndroGuard.

com.broaddeep.safe.SplashActivity
com.broaddeep.safe.MainActivity
com.broaddeep.safe.launcher.Launcher
com.broaddeep.safe.module.guard.activity.StubActivity
com.broaddeep.safe.module.setting.presenter.SettingMainActivity
com.broaddeep.safe.module.setting.presenter.SettingPersonalActivity
com.broaddeep.safe.module.setting.presenter.SettingSystemActivity
com.broaddeep.safe.module.setting.presenter.SettingFeedbackActivity
com.broaddeep.safe.module.setting.presenter.SettingAboutEnterpriseActivity
com.broaddeep.safe.module.user.presenter.UserDataActivity
com.broaddeep.safe.module.user.presenter.UserScanQRCodeActivity
com.broaddeep.safe.module.user.presenter.UserLoginActivity
com.broaddeep.safe.module.home.HomeActivity
com.broaddeep.safe.module.home.HomeMessageDetailActivity
com.broaddeep.safe.module.user.presenter.HWMdmUserLoginActivity
com.broaddeep.safe.module.user.presenter.UserPhoneEnterpriseLoginActivity
com.broaddeep.safe.module.setting.presenter.SettingDeviceActivity
com.broaddeep.safe.module.appmanager.ui.AppMainActivity
com.broaddeep.safe.module.appoint.ui.AppointMainActivity
com.broaddeep.safe.module.appoint.ui.AppointListActivity
com.broaddeep.safe.module.appoint.ui.AddAppointActivity
com.broaddeep.safe.module.appoint.ui.AppointListItemDetailActivity
com.broaddeep.safe.module.appoint.ui.TimeManageActivity
com.broaddeep.safe.module.appoint.ui.AppManageListActivity
com.broaddeep.safe.module.apprestrictions.ui.ToastActivity
com.broaddeep.safe.module.browser.ui.BrowserActivity
com.broaddeep.safe.module.update.ui.UpdateActivity
com.broaddeep.safe.module.update.ui.DownloadActivity
com.broaddeep.safe.module.guide.ui.DefaultGuideHomeActivity
com.broaddeep.safe.module.guide.ui.mdm.HwMdmGuideHomeActivity
com.broaddeep.safe.module.guide.ui.auto.AutoGuideHomeActivity
com.broaddeep.safe.module.guide.ui.mdm.MdmGuideHomeActivity
com.broaddeep.safe.module.screenshot.ui.ScreenShotActivity
com.broaddeep.safe.module.screenlock.presenter.StudyTaskActivity
com.broaddeep.safe.module.screenlock.presenter.StudyTaskDetailActivity
com.broaddeep.safe.module.screenlock.presenter.HistoryStudyTaskActivity
com.luck.picture.lib.PictureSelectorActivity
com.luck.picture.lib.PicturePreviewActivity
com.luck.picture.lib.PictureVideoPlayActivity
com.luck.picture.lib.PictureExternalPreviewActivity
com.yalantis.ucrop.UCropActivity
com.yalantis.ucrop.PictureMultiCuttingActivity
com.luck.picture.lib.PicturePlayAudioActivity
com.broaddeep.safe.module.screencontrol.ui.ScreenControlActivity
com.tencent.rtmp.video.TXScreenCapture$TXScreenCaptureAssistantActivity
com.luck.picture.lib.PictureSelectorWeChatStyleActivity
com.luck.picture.lib.PictureSelectorCameraEmptyActivity
com.luck.picture.lib.PictureCustomCameraActivity
com.luck.picture.lib.PictureSelectorPreviewWeChatStyleActivity
cn.jpush.android.ui.PopWinActivity
cn.jpush.android.ui.PushActivity
cn.jpush.android.service.DActivity
cn.jpush.android.service.JNotifyActivity
com.igexin.sdk.PushActivity
com.igexin.sdk.GActivity

Receivers

Information computed with AndroGuard.

com.broaddeep.safe.launcher.receiver.InstallShortcutReceiver
com.broaddeep.safe.launcher.receiver.SessionCommitReceiver
com.broaddeep.safe.launcher.widget.AppWidgetsRestoredReceiver
com.broaddeep.safe.module.guard.deviceadmin.AdminReceiver
com.broaddeep.safe.module.guard.deviceadmin.DeviceAdmin
com.broaddeep.safe.common.LauncherBootReceiver
com.broaddeep.safe.common.broadcast.PowerConnectionReceiver
com.broaddeep.safe.module.clockwidget.view.ClockWidget
com.broaddeep.safe.push.jpush.JPushReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
cn.jpush.android.service.PushReceiver
cn.jpush.android.service.AlarmReceiver
cn.jpush.android.service.SchedulerReceiver
cn.jpush.android.asus.AsusPushMessageReceiver
com.igexin.sdk.PushReceiver

Services

Information computed with AndroGuard.

com.baidu.location.f
com.broaddeep.safe.launcher.dynamicui.ColorExtractionService
com.broaddeep.safe.launcher.compat.WallpaperManagerCompatVL$ColorExtractionService
com.broaddeep.safe.launcher.notification.NotificationListener
com.broaddeep.safe.common.service.CommonService
com.broaddeep.safe.module.guard.accessibility.GuardAccessibilityService
com.broaddeep.safe.common.job.JobSchedulerService
com.broaddeep.safe.ipc.IpcServerService
com.broaddeep.safe.module.clockwidget.ClockWidgetService
cn.jpush.android.service.PushService
com.broaddeep.safe.push.ge.GePushService
com.broaddeep.safe.module.guard.GuardService
com.broaddeep.safe.common.polling.impl.alarm.PollingService
com.broaddeep.safe.push.jpush.JPushService
com.broaddeep.safe.push.ge.GeIntentService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
cn.jpush.android.service.DaemonService
cn.jpush.android.service.MessagingIntentService
com.igexin.sdk.PushService

Similar samples

Information computed by Pithus.

SHA256	Similarity
`f863b45e8d9a91a619f6931bc47d67d5be1bd454a435957899a6f09ba64ff658`	100%
`d4d31cdcec81a7ba9f465012f7506b70cfa8397269a323035e79f84e8b0395cf`	100%
`0d617ed9e61d04b50d56d94dcaaa84580546dd4fdbd3a5d1560bf7b6675b3e5a`	100%
`99a4f58191bd3935e1bc8ad65c08d79033e5a253381cdd1bf9754b3d518a0b34`	100%
`e83f09133d709431c9be51619a299bb215b3ab5e25b83717cd2cbefd11e00985`	100%
`b1dfc0120c92621f0e3d4a386788b7602e5f178380f24a2a7ab919c5d54f3e1e`	100%
`f70c005b3733f6e4cb0ef406756df302791a8b0e9dc661a7c895ba6beaac9fad`	100%
`d660114ff029788f9024d3e8277b78f81d2a1f28703e1a8fc87830363cb13bb2`	100%
`7a76c85e50c7e2c39215fe5a81a86d82409bb4b4263dcfeaec0395ccf2659de5`	100%

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1	The application does not store any credentials to non-volatile memory. Storage of Credentials
FCS_CKM_EXT.1.1	The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services
FDP_DEC_EXT.1.1	The application has access to ['network connectivity', 'camera', 'location', 'bluetooth', 'microphone']. Access to Platform Resources
FDP_DEC_EXT.1.2	The application has access to no sensitive information repositories. Access to Platform Resources
FDP_NET_EXT.1.1	The application has user/application initiated network communications. Network Communications
FDP_DAR_EXT.1.1	The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1	The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

CN	`s.file.myqcloud.com`	`42.56.76.93`
DE	`cloud.tim.qq.com`	`49.51.141.228`
DE	`www.qq.com`	`104.111.239.81`
CN	`test.tim.qq.com`	`106.55.123.101`
CN	`cloud-test.tim.qq.com`	`111.230.233.181`
DE	`www.openssl.org`	`23.45.99.93`
-	`informal.opensso.tencent-cloud.com`	`0.0.0.1`
-	`test.opensso.tencent-cloud.com`	`0.0.0.1`
CN	`avc.qcloud.com`	`157.148.32.34`
CN	`speedtest.trtc.tencent-cloud.com`	`162.14.19.55`
DE	`yun.tim.qq.com`	`162.62.115.14`
HK	`official.opensso.tencent-cloud.com`	`119.28.229.236`
CN	`mlvbdc.live.qcloud.com`	`183.47.97.245`

URL analysis

Information computed with MobSF.

`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`https://%s.file.myqcloud.com/files/v2/%s/%s/%s/%s` `http://mlvbdc.live.qcloud.com/` `data:%d` `https://test.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://informal.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `https://official.opensso.tencent-cloud.com/v4/openim/jsonvideoinfo?sdkappid=%d&identifier=%s&usersig=%s&random=99999999&contenttype=json` `http://obfjaaaafhiehjjf/ohae.oiaa` `https://avc.qcloud.com/log/appsign.php` `https://avc.qcloud.com/log/report.php` `https://yun.tim.qq.com` `https://test.tim.qq.com` `https://cloud.tim.qq.com/v3/liveinterface/` `https://cloud-test.tim.qq.com/v3/liveinterface/` `www.qq.com` `https://speedtest.trtc.tencent-cloud.com` Defined in `lib/armeabi/libliteavsdk.so`
`http://www.openssl.org/support/faq.html` Defined in `lib/armeabi/libtxffmpeg.so`

Permissions analysis

Information computed with MobSF.

High	`android.permission.SYSTEM_ALERT_WINDOW`	display system-level alerts Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High	`android.permission.READ_EXTERNAL_STORAGE`	read external storage contents Allows an application to read from external storage.
High	`android.permission.WRITE_EXTERNAL_STORAGE`	read/modify/delete external storage contents Allows an application to write to external storage.
High	`android.permission.ACCESS_COARSE_LOCATION`	coarse (network-based) location Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High	`android.permission.ACCESS_FINE_LOCATION`	fine (GPS) location Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High	`android.permission.ACCESS_BACKGROUND_LOCATION`	access location in background Allows an app to access location in the background. If you're requesting this permission, you must also request either
High	`android.permission.MOUNT_UNMOUNT_FILESYSTEMS`	mount and unmount file systems Allows the application to mount and unmount file systems for removable storage.
High	`android.permission.CAMERA`	take pictures and videos Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High	`android.permission.REQUEST_INSTALL_PACKAGES`	Allows an application to request installing packages. Malicious applications can use this to try and trick users into installing additional malicious packages.
High	`android.permission.RECORD_AUDIO`	record audio Allows application to access the audio record path.
High	`android.permission.GET_TASKS`	retrieve running applications Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Low	`android.permission.SET_ALARM`	set alarm in alarm clock Allows the application to set an alarm in an installed alarm clock application. Some alarm clock applications may not implement this feature.
Low	`android.permission.SET_WALLPAPER`	set wallpaper Allows the application to set the system wallpaper.
Low	`android.permission.SET_WALLPAPER_HINTS`	set wallpaper size hints Allows the application to set the system wallpaper size hints.
Low	`android.permission.RECEIVE_BOOT_COMPLETED`	automatically start at boot Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low	`android.permission.ACCESS_WIFI_STATE`	view Wi-Fi status Allows an application to view the information about the status of Wi-Fi.
Low	`android.permission.ACCESS_NETWORK_STATE`	view network status Allows an application to view the status of all networks.
Low	`android.permission.CHANGE_WIFI_STATE`	change Wi-Fi status Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low	`android.permission.BLUETOOTH_ADMIN`	bluetooth administration Allows applications to discover and pair bluetooth devices.
Low	`android.permission.INTERNET`	full Internet access Allows an application to create network sockets.
Low	`android.permission.VIBRATE`	control vibrator Allows the application to control the vibrator.
Low	`android.permission.ACCESS_NOTIFICATION_POLICY`	Marker permission for applications that wish to access notification policy.
Low	`android.permission.WAKE_LOCK`	prevent phone from sleeping Allows an application to prevent the phone from going to sleep.
Low	`android.permission.FOREGROUND_SERVICE`	Allows a regular application to use Service.startForeground
Low	`android.permission.REQUEST_DELETE_PACKAGES`	Allows an application to request deleting packages.
Low	`android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS`	Permission an application must hold in order to use Settings.ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS.
Low	`android.permission.DISABLE_KEYGUARD`	Allows applications to disable the keyguard if it is not secure.
Low	`android.permission.QUERY_ALL_PACKAGES`	Allows query of any normal app on the device, regardless of manifest declarations.
Low	`android.permission.MODIFY_AUDIO_SETTINGS`	change your audio settings Allows application to modify global audio settings, such as volume and routing.
Low	`android.permission.BLUETOOTH`	create Bluetooth connections Allows applications to connect to paired bluetooth devices.
Low	`android.permission.ACCESS_LOCATION_EXTRA_COMMANDS`	access extra location provider commands Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low	`android.permission.CHANGE_NETWORK_STATE`	change network connectivity Allows applications to change network connectivity state.
Medium	`android.permission.PACKAGE_USAGE_STATS`	update component usage statistics Allows the modification of collected component usage statistics. Not for use by common applications.
Medium	`android.permission.DEVICE_POWER`	turn phone on or off Allows the application to turn the phone on or off.
Medium	`android.permission.STOP_APP_SWITCHES`	prevent app switches Prevents the user from switching to another application.
Medium	`android.permission.BIND_APPWIDGET`	choose widgets Allows the application to tell the system which widgets can be used by which application. With this permission, applications can give access to personal data to other applications. Not for use by common applications.
	`com.android.alarm.permission.SET_ALARM`	Unknown permission Unknown permission from android reference
	`com.broaddeep.safe.ipc`	Unknown permission Unknown permission from android reference
	`android.permission.INTERACT_ACROSS_USERS_FULL`	Unknown permission Unknown permission from android reference
	`getui.permission.GetuiService.com.broaddeep.safe.childrennetguard`	Unknown permission Unknown permission from android reference
	`android.permission.RECEIVE_USER_PRESENT`	Unknown permission Unknown permission from android reference
	`com.broaddeep.safe.childrennetguard.permission.JPUSH_MESSAGE`	Unknown permission Unknown permission from android reference
	`com.huawei.android.launcher.permission.CHANGE_BADGE`	Unknown permission Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence: 100%	Read file from assets directory
Confidence: 100%	Method reflection
Confidence: 80%	Read data and put it into a buffer stream
Confidence: 80%	Read file and put it into a stream
Confidence: 80%	Open a file from given absolute path of the file
Confidence: 80%	Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Java reflection

       com/qihoo/util/c.java
       com/stub/StubApp.java

Load and manipulate dex files

       com/stub/StubApp.java

Loading native code (shared library)

       com/stub/StubApp.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

com/stub/StubApp

Low Risk

com.broaddeep.safe.childrennetguard

阳光守护-孩子

43

permissions

55

activities

22

services

22

receivers

13

domains

File sums

APKiD

SSdeep

Dexofuzzy

APK details

Certificate details

File Analysis

Manifest analysis

Browsable activities

Main Activity

Activities

Receivers

Services

Similar samples

NIAP analysis

Domains analysis

URL analysis

Permissions analysis

Threat analysis

Behavior analysis

Control flow graphs analysis

The application probably dynamically loads code