Threat level
Analyzed on 2022-01-29T12:13:34.667657
MD5 | 46edd058b8d2d1dc11b5805a1ba87d91 | |
SHA1 | 8f68208580694f0d05921504d2c8608caab5fd34 | |
SHA256 | d5462ccd3bc9e66270c38cf1cfc8d683e26154966cbd4b9e82b822458396167b | |
Size | 96.15MB |
Information computed with APKiD.
/tmp/tmpfxsoeukd | |
packer |
|
/tmp/tmpfxsoeukd!assets/resthird.data!classes.dex | |
compiler |
|
/tmp/tmpfxsoeukd!classes.dex | |
anti_vm |
|
compiler |
|
Information computed with ssdeep.
APK file | 3145728:T3I4uxnAsrtBXmT3JrQswcNdu56f1qSvI:X+ntbXq3dfqSw | |
Manifest | 768:n5KvESkjMtFywO3Yj2u9mgOmS63ppPp1iXHKpuob7Lm3ekcEC+7ylgoSrg3TBiiG:… | |
classes.dex | 393216:YM9V6oYF5rdXB/aTW7yj43gZY7pGqCpPP32qp747WHcPRU7XPU1/rMS65Y9dSa… |
Information computed with Dexofuzzy.
APK file | 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d… | |
classes.dex | 24:yC/xyxxxxiL5muBJBobKF3AIL9B4uHBPR1lgsiJBI7qRRRSgjwyKBPB+4RGLmjkS:d… |
Information computed with AndroGuard and Pithus.
Package | com.systoon.dongaotoon | |
App name | My 2022 | |
Version name | 2.0.7 | |
Version code | 2122054203 | |
SDK | 21 - 28 | |
UAID | 9e136b898f1451bcb44d5686ccebdbd042fc804b | |
Signature | Signature V1 | |
Frosting | Not frosted |
Information computed with AndroGuard.
Information computed with MobSF.
Findings | Files |
---|---|
Certificate/Key files hardcoded inside the app. |
res/raw/cfca_ov_oca.cer okhttp3/internal/publicsuffix/NOTICE assets/toon.cer assets/WoTrus DV Server CA.cer assets/Apple IST CA 2 - G1.cer assets/my2022r.pem assets/Sectigo RSA Organization Validation Secure Server CA.cer assets/Cloudflare Inc ECC CA-3.cer assets/DigiCert CN RSA CA G1.cer assets/TrustAsia TLS RSA CA.cer assets/GTS CA 1C3.cer assets/Apple Public Server RSA CA 12 - G1.cer assets/secondary_vrlab-public.ljcdn.com.cer assets/my2022.pem assets/secondary_vrlab-image.ljcdn.com.cer assets/Encryption Everywhere DV TLS CA - G1.cer assets/secondary_bj2022-image4.realsee-cdn.com.cer assets/R3.cer assets/ca.crt assets/GeoTrust CN RSA CA G1.cer assets/secondary_bj2022-image1.realsee-cdn.com.cer assets/DigiCert Secure Site CN CA G3.cer assets/TrustAsia OV TLS Pro CA G3.cer assets/secondary_bj2022-public.realsee-cdn.com.cer assets/secondary_s1.ljcdn.com.cer assets/DigiCert SHA2 Secure Server CA.cer assets/Secure Site CA G2.cer assets/secondary_bj2022-image3.realsee-cdn.com.cer assets/Entrust Certification Authority - L1M.cer assets/flutter_assets/packages/flutter_common/assets/certs/*.beijing2022.cn.pem assets/flutter_assets/packages/flutter_common/assets/certs/*.beijing2022.cn1.pem assets/secondary_bj2022-image2.realsee-cdn.com.cer assets/GeoTrust RSA CA 2018.cer assets/secondary_s4.ljcdn.com.cer assets/secondary_dig.lianjia.com.cer assets/WoTrus OV SSL Pro CA.cer assets/RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1.cer assets/secondary_dongaostatic.beijing2022.cn.cer assets/GlobalSign RSA OV SSL CA 2018.cer assets/meta-data/rsa.pub assets/secondary_safebrowsing.googleapis.com.cer assets/DigiCert TLS RSA SHA256 2020 CA1.cer assets/GeoTrust RSA CN CA G2.cer assets/Apple Public EV Server RSA CA 2 - G1.cer assets/Apple Server Authentication CA.cer assets/toon.chain.cer assets/GlobalSign Organization Validation CA - SHA256 - G2.cer |
Findings | Files |
Hardcoded Keystore found. |
assets/updatesdkcas.bks assets/grs_sp.bks assets/hmsincas.bks assets/client2.bks assets/client.bks assets/hmsrootcas.bks |
Information computed with MobSF.
High | Clear text traffic is Enabled For App[android:usesCleartextTraffic=true] The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected. |
Low | App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config] The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app. |
High | Activity (com.systoon.tshare.third.share.view.OutSideShareActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported. |
High | Activity (com.systoon.phoenix.wxapi.WXPayEntryActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
High | Activity (com.systoon.foshantoon.wxapi.WXEntryActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
High | Activity (com.systoon.toon.wxapi.WXEntryActivity) is not Protected. [android:exported=true] An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
High | Activity (com.tencent.tauth.AuthActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported. |
High | Broadcast Receiver (com.systoon.tnoticebox.receiver.MyTPushReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. |
High | Activity (com.sina.weibo.sdk.share.ShareResultActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported. |
High | Activity (com.ccb.ccbnetpay.activity.appresult.ResultActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported. |
High | Broadcast Receiver (com.systoon.customhomepage.receiver.NetChangeReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. |
High | Activity (com.msgseal.module.view.TmailTransitActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported. |
High | Activity (com.systoon.toongine.adapter.ToongineActivity) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported. |
High | Broadcast Receiver (com.moor.imkf.receiver.NetWorkReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. |
High | Broadcast Receiver (com.m7.imkfsdk.receiver.NewMsgReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. |
High | Service (com.vivo.push.sdk.service.CommandClientService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
High | Service (com.xiaomi.mipush.sdk.PushMessageHandler) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
High | Broadcast Receiver (com.systoon.push.XiaomiReceiver) is not Protected. [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
High | Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) is not Protected. [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
High | Broadcast Receiver (com.systoon.push.MeizuReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. |
High | Service (com.heytap.msp.push.service.CompatibleDataMessageCallbackService) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Service (com.heytap.msp.push.service.DataMessageCallbackService) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.heytap.mcs.permission.SEND_PUSH_MESSAGE [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission. |
High | Broadcast Receiver (com.zhuanche.winterolympic.receiver.LanguageReceiver) is not Protected.An intent-filter exists. A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported. |
High | Service (com.meizu.cloud.pushsdk.NotificationService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
Low | Broadcast Receiver (com.huawei.hms.support.api.push.PushMsgReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.systoon.dongaotoon.permission.PROCESS_PUSH_MSGprotectionLevel: signatureOrSystem [android:exported=true] A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device. |
Low | Broadcast Receiver (com.huawei.hms.support.api.push.PushReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.systoon.dongaotoon.permission.PROCESS_PUSH_MSGprotectionLevel: signatureOrSystem [android:exported=true] A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device. |
High | Service (com.huawei.hms.support.api.push.service.HmsMsgService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. |
Low | Content Provider (com.huawei.hms.support.api.push.PushProvider) is Protected by a permission, but the protection level of the permission should be checked.Permission: com.systoon.dongaotoon.permission.PUSH_PROVIDERprotectionLevel: signatureOrSystem [android:exported=true] A Content Provider is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device. |
Medium | High Intent Priority (10000)[android:priority] By setting an intent priority higher than another intent, the app effectively overrides other requests. |
Medium | High Intent Priority (2147483647)[android:priority] By setting an intent priority higher than another intent, the app effectively overrides other requests. |
Medium | High Intent Priority (1000)[android:priority] By setting an intent priority higher than another intent, the app effectively overrides other requests. |
Information computed with MobSF.
com.systoon.tshare.third.share.view.OutSideShareActivity |
Schemes: toon137:// Mime types: */* image/* |
com.tencent.tauth.AuthActivity |
Schemes: tencent1105636982:// |
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed with AndroGuard.
|
Information computed by Pithus.
Information computed with MobSF.
FCS_STO_EXT.1.1 | The application does not store any credentials to non-volatile memory. Storage of Credentials |
FCS_CKM_EXT.1.1 | The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services |
FDP_DEC_EXT.1.1 | The application has access to ['NFC', 'network connectivity', 'camera', 'location', 'bluetooth', 'microphone']. Access to Platform Resources |
FDP_DEC_EXT.1.2 | The application has access to ['calender', 'system logs', 'address book']. Access to Platform Resources |
FDP_NET_EXT.1.1 | The application has user/application initiated network communications. Network Communications |
FDP_DAR_EXT.1.1 | The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data |
FTP_DIT_EXT.1.1 | The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit |
Map computed by Pithus.
Information computed with MobSF.
High | Base config is insecurely configured to permit clear text traffic to all domains. Scope: ['*'] |
Medium | Base config is configured to trust system certificates. Scope: ['*'] |
Information computed with MobSF.
Information computed with MobSF.
https://my2022.beijing2022.cn/org-contact-api https://my2022.beijing2022.cn/content-report http://contentt600.systoon.com/groupapi https://my2022.beijing2022.cn/admanage/ http://contentt600.systoon.com/support http://contentt600.systoon.com/headline https://my2022.beijing2022.cn/org-tproxy http://cardt600.systoon.com/dfs https://my2022.beijing2022.cn/uias https://my2022.beijing2022.cn/cytflinteraction-interaction-app/ http://cardt600.systoon.com/card https://my2022.beijing2022.cn/uias/auth/authorize?clientId= http://developt600.systoon.com/applib https://my2022.beijing2022.cn/content-operating https://my2022.beijing2022.cn/content-audit https://my2022.beijing2022.cn/org-contacts-sync https://bigdata.beijing2022.cn/sa?project=production https://my2022.beijing2022.cn/org-workbench-api https://dongaoserver.beijing2022.cn/medal-table http://noticeappt600.systoon.com https://my2022.beijing2022.cn/homepage-api http://tmailc.huairoutoon.com http://cardt600.systoon.com/tcard https://my2022.beijing2022.cn/search https://my2022.beijing2022.cn/toonuser https://my2022.beijing2022.cn/app-config-api https://tmail.beijing2022.cn/pushgw/ https://tmail.beijing2022.cn/otm/public https://tmail.beijing2022.cn https://tmail.beijing2022.cn/ https://tmail.beijing2022.cn/mediabank/ https://tmail.beijing2022.cn/avatartmail/ https://appgallery.cloud.huawei.com/app/ https://play.google.com/store/apps/details?id= https://appgallery.cloud.huawei.com http://pddstudio.com/ https://github.com/PDDStudio/highlightjs-android https://www.zetetic.net/sqlcipher/ https://www.zetetic.net/sqlcipher/license/ https://github.com/sqlcipher/android-database-sqlcipher https://github.com/vinc3m1 https://github.com/vinc3m1/RoundedImageView https://github.com/vinc3m1/RoundedImageView.git file:///android_asset/private_protocol.html https://dongaostatic.beijing2022.cn/notice-reporting/index.html?language=zh https://dongaostatic.beijing2022.cn/download/index.html https://da.systoon.com/config/?project=production https://da.systoon.com/config/?project=default https://da.systoon.com/sa/?project=production https://da.systoon.com/sa/?project=default https://msgseal.com/download/ file:///android_asset/protocol/save.html file:///android_asset/protocol/use.html https://store-at-dre.hispace.dbankcloud.com/hwmarket/api/ https://store.hispace.hicloud.com/hwmarket/api/ https://realsee.com/ke/kjZwe3qA4nY37dBG/74Lqjm4uxhq9b06zRxdEfqTgApR6Hr89/#lianjia https://www.beijing2022.cn/wap_cn/headlines.htm file:///android_asset/private_protocol_en.html https://dongaostatic.beijing2022.cn/notice-reporting/index.html?language=en file:///android_asset/protocol/save-en.html file:///android_asset/protocol/use-en.html https://www.beijing2022.cn/wap_en/headlines.htm Defined in Android String Resource |