Low Risk

Threat level

com.ljlife.android

龙江生活

Analyzed on 2021-10-21T06:04:38.835297

22

permissions

22

activities

4

services

0

receivers

0

domains

File sums

MD5 25deddc61b5064d94e6fc4b429a21219
SHA1 0bc4ba798d82009fdea58fb73e0a18aa95165b6c
SHA256 d827793b86d04794ddcd85a0d42d3e6dd9fa556c4631e1762964e3306a761de1
Size 13.46MB

APKiD

Information computed with APKiD.

/tmp/tmp8owic55s
packer
  • SecNeo.B
/tmp/tmp8owic55s!classes.dex
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 393216:DPF+lRwGJTOpc0Jac1+aUL/itHyJVwuGRlLvRKxNCaZ:gfZxOi097ULAHOVwucBaZ
Manifest 384:R4Pb6S0Byw13Dz4mgoXzYh3LZLACggTg4oAOh2okrWg8WGqF+6Rg/c78ovA+aBm3:…
classes.dex 12288:izmBn52vNlRWtCdZ4ufVR7RqXfJeiBBMy0:izGklHjn4UVR7RqXfJeiBBn0

Dexofuzzy

Information computed with Dexofuzzy.

APK file 768:V602DAHvR1we+6sgb9/uWLLHDF8TWeIPho6LRr6yw:V602UHGI/z/uJJ6LRr6N
classes.dex 768:V602DAHvR1we+6sgb9/uWLLHDF8TWeIPho6LRr6yw:V602UHGI/z/uJJ6LRr6N

APK details

Information computed with AndroGuard and Pithus.

Package com.ljlife.android
App name 龙江生活
Version name 1.0.2
Version code 2
SDK 21 - 30
UAID 6d9487daed376bd4bfe6ed0ab85e0f375dd6335b
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 9b454c9994268a8c478458d9c721d944
SHA1 21df333e073e806d3e2b6726df2300b63e340322
SHA256 5496e6ecc7582af81e394e1592ccef3137ff14118234df261e703f75900c9493
Issuer Common Name: China Mobile, Organizational Unit: China Mobile, Organization: China Mobile, Locality: Shanghai, State/Province: Shanghai, Country: CN
Not before 2021-07-17T10:09:42+00:00
Not after 2046-07-11T10:09:42+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/meta-data/rsa.pub

Manifest analysis

Information computed with MobSF.

Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
High Activity-Alias (com.ljlife.android.wxapi.WXPayEntryActivity) is not Protected. [android:exported=true]
An Activity-Alias is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Main Activity

Information computed with AndroGuard.

com.ljlife.android.activity.LauncherActivity

Activities

Information computed with AndroGuard.

com.ljlife.android.activity.MainActivity
com.ljlife.android.activity.CardRechargeActivity
com.ljlife.android.activity.LauncherActivity
com.ljlife.android.activity.MainTabActivity
com.ljlife.android.activity.LoginActivity
com.ljlife.android.activity.SearchActivity
com.ljlife.android.activity.OrderListActivity
com.ljlife.android.activity.OrderDetailActivity
com.ljlife.android.activity.CouponDetailActivity
com.ljlife.android.activity.ProductDetailActivity
com.ljlife.android.activity.PurchaseOrderActivity
com.ljlife.android.activity.ReceiveSuccessActivity
com.ljlife.android.activity.ApplicableStoresActivity
com.ljlife.android.activity.MoreFuliActivity
com.ljlife.android.activity.YinsiActivity
com.ljlife.android.activity.FuwuxieyiActivity
com.ljlife.android.activity.WebViewActivity
com.ljlife.android.activity.ChinaMobileLoginActivity
com.ljlife.android.wxpay.WXPayEntryActivity
me.goldze.mvvmhabit.base.ContainerActivity
me.goldze.mvvmhabit.crash.DefaultErrorActivity
com.google.android.gms.common.api.GoogleApiActivity

Services

Information computed with AndroGuard.

com.ljlife.android.sync.SyncService
com.tencent.map.geolocation.s
me.goldze.mvvmhabit.sync.SyncService
com.king.app.updater.service.DownloadService

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'bluetooth', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['system logs'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

High
CVSS:7.4
Files may contain hardcoded sensitive informations like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/secneo/apkwrapper/H.java

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Permissions analysis

Information computed with MobSF.

High android.permission.READ_PHONE_STATE read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High android.permission.READ_PHONE_NUMBERS Allows read access to the device's phone number(s). This is a subset of the capabilities granted by
High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
High android.permission.READ_EXTERNAL_STORAGE read external storage contents
Allows an application to read from external storage.
High android.permission.ACCESS_COARSE_LOCATION coarse (network-based) location
Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High android.permission.ACCESS_FINE_LOCATION fine (GPS) location
Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High android.permission.ACCESS_BACKGROUND_LOCATION access location in background
Allows an app to access location in the background. If you're requesting this permission, you must also request either
High android.permission.READ_LOGS read sensitive log data
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
High android.permission.REQUEST_INSTALL_PACKAGES Allows an application to request installing packages.
Malicious applications can use this to try and trick users into installing additional malicious packages.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.CHANGE_NETWORK_STATE change network connectivity
Allows applications to change network connectivity state.
Low android.permission.ACCESS_WIFI_STATE view Wi-Fi status
Allows an application to view the information about the status of Wi-Fi.
Low android.permission.CHANGE_WIFI_STATE change Wi-Fi status
Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.BLUETOOTH_ADMIN bluetooth administration
Allows applications to discover and pair bluetooth devices.
Low android.permission.ACCESS_LOCATION_EXTRA_COMMANDS access extra location provider commands
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.DISABLE_KEYGUARD Allows applications to disable the keyguard if it is not secure.
android.permission.READ_PRIVILEGED_PHONE_STATE Unknown permission
Unknown permission from android reference
org.simalliance.openmobileapi.SMARTCARD Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Method reflection
Confidence:
80%
Get absolute path of the file and store in string

Behavior analysis

Information computed with MobSF.

Java reflection
       com/secneo/apkwrapper/AW.java
com/secneo/apkwrapper/a.java
Load and manipulate dex files
       com/secneo/apkwrapper/b.java
com/secneo/apkwrapper/a.java
Loading native code (shared library)
       com/secneo/apkwrapper/AW.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code