Low Risk

Threat level

com.FwSOF.aFQtC

91视频

Analyzed on 2021-11-16T04:05:36.774614

24

permissions

131

activities

10

services

4

receivers

6

domains

File sums

MD5 032dcb2e12f31e26a0029da9cee6454a
SHA1 6c0d9424f665ef0b14d4a614ee47a8785e470c24
SHA256 b0439ed079586490edbce5468d9795d42e682164c664d585391c85fe154c345c
Size 31.51MB

APKiD

Information computed with APKiD.

/tmp/tmpz4hb9thm
packer
  • SecNeo.A
  • Bangcle (SecShell)
/tmp/tmpz4hb9thm!assets/resthird.data!classes.dex
compiler
  • dexlib 2.x
/tmp/tmpz4hb9thm!classes.dex
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 786432:Co5C11CmCfOjhFmCMPzHBdelK9FXUCgvQJ/x5fS4W:Cj16whsvh4MXUC7X5lW
Manifest 768:uCyYT7SX5yU2gKW8aBcU3mLQYp3wzFyqpz9cQr/w7n5pSlwr7Lkb07jakhf5E6iz:…
classes.dex 384:tkorpTfOGtWc44GbrQ5VLRiwgokELVPRa8a/dwp21tCQJjk9G0Xp/KBYeasCRuOT:…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d…
classes.dex 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d…

APK details

Information computed with AndroGuard and Pithus.

Package com.FwSOF.aFQtC
App name 91视频
Version name 5.1.6
Version code 63
SDK 19 - 27
UAID 05887c94961bcf166788bc814dc4ae466f60946e
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x7a786b21: Unknown

Certificate details

Information computed with AndroGuard.

MD5 64b191496c537a95ce0f6487ae4c167f
SHA1 c31b2dec57f219d8fae7513e8ed0d5c803b0ec30
SHA256 4fb3292218b630b4dd2c2ccf4c07bfa17d5e24e9f9366a62ca7d3579824f8b68
Issuer Common Name: edhVi, Organizational Unit: wdCtU, Organization: KsQvJ, Locality: SOqUl, State/Province: JGZKZ, Country: IcRLO
Not before 2021-11-02T10:27:26+00:00
Not after 2051-10-26T10:27:26+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/meta-data/rsa.pub
okhttp3/internal/publicsuffix/NOTICE
r/ad/ca.pem

Manifest analysis

Information computed with MobSF.

Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/arg_APKTOOL_DUPLICATENAME_0x7f140002]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Broadcast Receiver (com.apple.video.common.receiver.DownloadManagerReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Launch Mode of Activity (com.slzhibo.library.ui.activity.live.SLLiveActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (com.slzhibo.library.ui.activity.shelf.VodPreviewPlayerActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Launch Mode of Activity (com.slzhibo.library.ui.activity.home.VodPlayerActivity) is not standard.
An Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
High Activity (com.miraclehen.monkey.MonkeyActivity) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.

Main Activity

Information computed with AndroGuard.

com.apple.video.common.view.SplashActivity

Activities

Information computed with AndroGuard.

com.apple.video.common.view.SplashActivity
com.apple.video.film.view.FilmDetailActivity
com.apple.video.film.view.LabelRelatedFilmActivity
com.apple.video.film.view.ActorProfileActivity
com.apple.video.film.view.FilmLabelActivity
com.apple.video.mine.view.FilmLabelDetailActivity
com.apple.video.film.view.FilmSubjectDetailActivity
com.apple.video.home.view.HomeDetailActivity
com.apple.video.home.view.LabelRelatedPostActivity
com.apple.video.home.view.FictionMenuActivity
com.apple.video.home.view.CommentReplyDetailActivity
com.apple.video.common.view.MainActivity
com.apple.video.common.view.DeveloperToolActivity
com.apple.video.common.view.WebActivity
com.apple.video.common.view.PreviewVideoActivity
com.apple.video.common.view.ReportActivity
com.apple.video.login.view.LoginActivity
com.apple.video.common.view.CitySelectActivity
com.apple.video.common.view.CountrySelectActivity
com.apple.video.message.view.MessageActivity
com.apple.video.message.view.ChatActivity
com.apple.video.message.view.CustomerServiceActivity
com.apple.video.message.view.MoneyAssistantActivity
com.apple.video.message.view.MyTicketActivity
com.apple.video.message.view.CreateTicketActivity
com.apple.video.message.view.TicketDetailActivity
com.apple.video.mine.view.SettingActivity
com.apple.video.mine.view.TaskCenterActivity
com.apple.video.mine.view.PromotionCenterActivity
com.apple.video.mine.view.AboutUsActivity
com.apple.video.mine.view.FeedBackActivity
com.apple.video.mine.view.FeedbackListActivity
com.apple.video.mine.view.EditProfileActivity
com.apple.video.mine.view.LevelActivity
com.apple.video.mine.view.UserProfileActivity
com.apple.video.mine.view.DownloadManagerActivity
com.apple.video.mine.view.FollowActivity
com.apple.video.mine.view.FansActivity
com.apple.video.mine.view.PurchaseVipActivity
com.apple.video.mine.view.ProxyAccountActivity
com.apple.video.mine.view.WithdrawApplyActivity
com.apple.video.mine.view.RedemptionCodeActivity
com.apple.video.mine.view.BindInvitationCodeActivity
com.apple.video.mine.view.OrderRecordActivity
com.apple.video.mine.view.WalletActivity
com.apple.video.mine.view.TransferPaymentActivity
com.apple.video.search.view.SearchActivity
com.apple.video.shortvideo.view.ShortVideoActivity
com.apple.video.shortvideo.view.ShortVideoCommentActivity
com.apple.video.shortvideo.view.LabelRelatedShortVideoActivity
com.apple.video.publish.view.PublishPostActivity
com.apple.video.publish.view.SelectLabelsActivity
com.apple.video.publish.view.MinePublishActivity
com.apple.video.publish.view.PublishShortVideoActivity
com.apple.video.shortvideo.view.ShortVideoAllLabelActivity
com.apple.video.shortvideo.view.ChannelRelatedShortVideoActivity
com.apple.video.shortvideo.view.OfficialRecommendActivity
com.apple.video.mine.view.IncomeExpensesDetailActivity
com.apple.video.mine.view.WithdrawRecordActivity
com.apple.video.mine.view.MineCommentActivity
com.apple.video.mine.view.MineLikeActivity
com.apple.video.mine.view.MineCollectionActivity
com.apple.video.mine.view.PlayRecordActivity
com.apple.video.merchant.view.MerchantActivity
com.apple.video.merchant.view.MerchantDetailActivity
com.apple.video.game.view.GameWebActivity
com.apple.video.live.view.LiveHomeActivity
com.blankj.utilcode.util.UtilsTransActivity
com.slzhibo.library.ui.view.widget.matisse.ui.MatisseActivity
com.slzhibo.library.ui.view.widget.matisse.internal.ui.AlbumPreviewActivity
com.slzhibo.library.ui.view.widget.matisse.internal.ui.SelectedPreviewActivity
com.slzhibo.library.ui.activity.live.SLLiveActivity
com.slzhibo.library.ui.activity.home.SearchActivity
com.slzhibo.library.utils.ucrop.UCropActivity
com.slzhibo.library.ui.activity.home.AnchorAuthActivity
com.slzhibo.library.ui.activity.home.AnchorAuthResultActivity
com.slzhibo.library.ui.activity.home.WebViewActivity
com.slzhibo.library.ui.activity.mylive.MyLiveActivity
com.slzhibo.library.ui.activity.mylive.MyIncomeActivity
com.slzhibo.library.ui.activity.mylive.IncomeRecordActivity
com.slzhibo.library.ui.activity.mylive.DedicateTopActivity
com.slzhibo.library.ui.activity.mylive.HouseSettingActivity
com.slzhibo.library.ui.activity.mylive.BannedSettingActivity
com.slzhibo.library.ui.activity.mylive.WatchRecordActivity
com.slzhibo.library.ui.activity.home.RankingActivity
com.slzhibo.library.ui.activity.mylive.LivePreNoticeActivity
com.slzhibo.library.ui.activity.mylive.UserGradeActivity
com.slzhibo.library.ui.activity.mylive.AnchorGradeActivity
com.slzhibo.library.ui.activity.mylive.CarMallActivity
com.slzhibo.library.ui.activity.mylive.MyCarActivity
com.slzhibo.library.ui.activity.mylive.CarMallDetailActivity
com.slzhibo.library.ui.activity.mylive.IncomeDetailActivity
com.slzhibo.library.ui.activity.live.ReportLiveActivity
com.slzhibo.library.ui.activity.noble.NobilityPrivilegeActivity
com.slzhibo.library.ui.activity.noble.NobilityOpenActivity
com.slzhibo.library.ui.activity.noble.NobilityOpenOrderActivity
com.slzhibo.library.ui.activity.mylive.MyAccountActivity
com.slzhibo.library.ui.activity.noble.NobleHiddenInRankListActivity
com.slzhibo.library.ui.activity.noble.NobleRecommendActivity
com.slzhibo.library.ui.activity.noble.NobilityOpenRecordActivity
com.slzhibo.library.ui.activity.noble.NobilityRecommendHistoryActivity
com.slzhibo.library.ui.activity.mylive.MyTicketActivity
com.slzhibo.library.ui.activity.mylive.AwardHistoryActivity
com.slzhibo.library.ui.activity.mylive.AwardDetailActivity
com.slzhibo.library.ui.activity.mylive.SubmitAppealActivity
com.slzhibo.library.ui.activity.mylive.AppealHistoryActivity
com.slzhibo.library.ui.activity.mylive.AppealDetailActivity
com.slzhibo.library.ui.activity.home.RankingNewActivity
com.slzhibo.library.ui.activity.home.TargetFragmentActivity
com.slzhibo.library.ui.activity.home.TransparentDialogActivity
com.slzhibo.library.ui.activity.live.AnchorImpressionActivity
com.slzhibo.library.ui.activity.mylive.WearCenterActivity
com.slzhibo.library.ui.activity.mylive.UserIncomeDetailActivity
com.slzhibo.library.ui.activity.mylive.MyClanActivity
com.slzhibo.library.ui.activity.mylive.BusinessIncomeActivity
com.slzhibo.library.ui.activity.home.FastAuthLoginActivity
com.slzhibo.library.ui.activity.shelf.HJProductBuyActivity
com.slzhibo.library.ui.activity.shelf.HJProductBuyDetailActivity
com.slzhibo.library.ui.activity.shelf.HJProductDynamicActivity
com.slzhibo.library.ui.activity.shelf.HJApplyOpenActivity
com.slzhibo.library.ui.activity.shelf.HJProductConfigActivity
com.slzhibo.library.ui.activity.shelf.ProductContentActivity
com.slzhibo.library.ui.activity.shelf.ProductContentUploadActivity
com.slzhibo.library.ui.activity.shelf.HJProductAddActivity
com.slzhibo.library.ui.activity.shelf.VodPreviewPlayerActivity
com.slzhibo.library.ui.activity.home.VodPlayerActivity
com.king.image.imageviewer.ImageViewerActivity
com.miraclehen.monkey.MonkeyActivity
com.miraclehen.monkey.ui.AlbumPreviewActivity
com.miraclehen.monkey.ui.SelectedPreviewActivity
com.google.android.gms.common.api.GoogleApiActivity

Receivers

Information computed with AndroGuard.

com.apple.video.common.receiver.DownloadManagerReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Services

Information computed with AndroGuard.

com.apple.video.common.service.M3u8Service
org.eclipse.paho.android.service.MqttService
com.blankj.utilcode.util.MessengerUtils$ServerService
com.slzhibo.library.service.KickDialogService
com.slzhibo.library.service.TokenDialogService
com.google.firebase.components.ComponentDiscoveryService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity', 'camera', 'location', 'bluetooth', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
Pygal Germany: 100 France: 100 Hong Kong: 100 United States: 300

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Domains analysis

Information computed with MobSF.

FR upload.ffmpeg.org 213.36.253.119
US xiangjiashipin.firebaseio.com 35.201.97.85
DE www.openssl.org 2.17.187.9
US argus.agoralab.co 52.53.64.174
US www.google.com 142.250.186.68
HK www.baidu.com 103.235.46.39

URL analysis

Information computed with MobSF.

https://xiangjiashipin.firebaseio.com
Defined in Android String Resource
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libcrypto.so
ftp://upload.ffmpeg.org/incoming/
Defined in lib/armeabi-v7a/libfqplayer.so
http://argus.agoralab.co/vosdk/public/report?speaker=%u&listener=%u&venderID=%s&channelName=%s
http://argus.agoralab.co/vosdk/public/report?listener=%u&venderID=%s&channelName=%s
www.google.com
www.baidu.com
http://sQUIC
Defined in lib/armeabi-v7a/libagora-rtc-sdk.so
http://argus.agoralab.co/vosdk/public/report?speaker=%u&listener=%u&venderID=%s&channelName=%s
http://argus.agoralab.co/vosdk/public/report?listener=%u&venderID=%s&channelName=%s
www.google.com
www.baidu.com
http://sQUIC
Defined in lib/armeabi-v7a/libagora-rtc-sdk.so
http://www.openssl.org/support/faq.html
Defined in lib/armeabi-v7a/libfqffmpeg.so

Permissions analysis

Information computed with MobSF.

High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.REQUEST_INSTALL_PACKAGES Allows an application to request installing packages.
Malicious applications can use this to try and trick users into installing additional malicious packages.
High android.permission.GET_TASKS retrieve running applications
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High android.permission.MOUNT_UNMOUNT_FILESYSTEMS mount and unmount file systems
Allows the application to mount and unmount file systems for removable storage.
High android.permission.CAMERA take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High android.permission.RECORD_AUDIO record audio
Allows application to access the audio record path.
High android.permission.SYSTEM_ALERT_WINDOW display system-level alerts
Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.ACCESS_COARSE_LOCATION coarse (network-based) location
Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.REQUEST_DELETE_PACKAGES Allows an application to request deleting packages.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.CHANGE_NETWORK_STATE change network connectivity
Allows applications to change network connectivity state.
Low android.permission.MODIFY_AUDIO_SETTINGS change your audio settings
Allows application to modify global audio settings, such as volume and routing.
Medium com.google.android.c2dm.permission.RECEIVE C2DM permissions
Permission for cloud to device messaging.
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Method reflection
Confidence:
80%
Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Content provider
       com/SecShell/SecShell/AP.java
com/SecShell/SecShell/CP.java
Inter process communication
       com/SecShell/SecShell/AP.java
com/SecShell/SecShell/b.java
Java reflection
       com/SecShell/SecShell/a.java
com/SecShell/SecShell/H.java
Load and manipulate dex files
       com/SecShell/SecShell/c.java
com/SecShell/SecShell/a.java
Loading native code (shared library)
       com/SecShell/SecShell/AW.java