文件信息
文件名 xirui-202506071042.apk文件大小 73.63MB
MD5值 5049a2f743211fd4169969554f869e37
SHA1值 fd8089e4e864ff1b9ef0b7794a910c01fe452f66
SHA256值 c340993721b7e66dded80b7c580810534505d7915c468c1d018aabf1d6cd1e6f
APK信息
APK名称 惜蕊包名 com.xiruichat.app
主活动 com.xiruichat.app.activity.LauncherActivity
安卓版本名称 1.0.1
域名线索
| 域名 | 查询域名 | ip | 地区 | 查询地区 |
|---|---|---|---|---|
| secure.checkout.visa.com | 104.19.208.81 | United States of America - California | ||
| im.sdk.qcloud.com | 42.236.6.83 | China - Henan | ||
| pipeline.qiniu.com | 没有ip信息 | 没有地区信息 | ||
| mcgw.alipay.com | 111.202.5.210 | China - Beijing | ||
| m.alipay.com | 203.209.245.120 | China - Zhejiang | ||
| checkout.paypal.com | 151.101.90.133 | United States of America - California | ||
| rtt2b.map.qq.com | 116.130.224.140 | China - Beijing | ||
| mobilegw.alipay.com | 203.209.243.98 | China - Zhejiang | ||
| plbslog.umeng.com | 36.156.202.75 | China - Jiangsu | ||
| github.com | 20.205.243.166 | Singapore - Singapore | ||
| www.mytoday.net | 13.248.169.48 | United States of America - Washington | ||
| api-m.sandbox.paypal.com | 151.101.91.1 | United States of America - California | ||
| 43.129.43.42 | 43.129.43.42 | Indonesia - Jakarta Raya | ||
| apis.map.qq.com | 116.130.223.114 | China - Beijing | ||
| cmnsguider.yunos.com | 203.119.169.246 | China - Zhejiang | ||
| 162.14.13.104 | 162.14.13.104 | China - Beijing | ||
| developers.google.com | 142.250.107.101 | United States of America - California | ||
| appapi.kbeky.cn | 没有ip信息 | 没有地区信息 | ||
| developers.braintreepayments.com | 151.101.89.21 | United States of America - California | ||
| 162.14.17.129 | 162.14.17.129 | China - Beijing | ||
| sdk-im-1252463788.file.myqcloud.com | 119.188.150.187 | China - Shandong | ||
| api.share.mob.com | 180.188.25.40 | China - Zhejiang | ||
| uri.paypal.com | 没有ip信息 | 没有地区信息 | ||
| www.paypal.com | 151.101.89.21 | United States of America - California | ||
| rtt2c.map.qq.com | 116.130.224.140 | China - Beijing | ||
| android.bugly.qq.com | 124.95.225.146 | China - Liaoning | ||
| graph.qq.com | 60.28.215.27 | China - Tianjin | ||
| xml.apache.org | 151.101.2.132 | United States of America - California | ||
| mta.oa.com | 141.144.196.217 | Netherlands - Noord-Holland | ||
| ue.indoorloc.map.qq.com | 116.130.223.156 | China - Beijing | ||
| www.w3.org | 104.18.23.19 | United States of America - California | ||
| meiqia.com | 114.117.133.42 | China - Beijing | ||
| notify.bugsnag.com | 35.186.205.6 | United States of America - Missouri | ||
| api.weixin.qq.com | 116.128.184.169 | China - Shanghai | ||
| 162.14.3.250 | 162.14.3.250 | China - Beijing | ||
| www.facebook.com | 31.13.88.169 | Ireland - Dublin | ||
| s1.map.gtimg.com | 42.236.6.64 | China - Henan | ||
| s2.map.gtimg.com | 42.236.6.64 | China - Henan | ||
| sdk-im-1252463788.cos.ap-hongkong.myqcloud.com | 127.0.0.1 | - - - | ||
| upload.twitter.com | 202.160.128.203 | Singapore - Singapore | ||
| 162.14.11.59 | 162.14.11.59 | China - Beijing | ||
| s3-us-west-1.amazonaws.com | 52.219.121.32 | United States of America - California | ||
| b.stats.paypal.com | 34.84.160.32 | Japan - Tokyo | ||
| rtt2a.map.qq.com | 116.130.224.140 | China - Beijing | ||
| assets.staging.braintreepayments.com | 184.105.254.110 | United States of America - California | ||
| appapi-1333632706.cos.ap-nanjing.myqcloud.com | 112.80.252.190 | China - Jiangsu | ||
| mobilegw.stable.alipay.net | 没有ip信息 | 没有地区信息 | ||
| p3.map.gtimg.com | 42.236.6.64 | China - Henan | ||
| twitter.com | 172.66.0.227 | United States of America - California | ||
| p1.map.gtimg.com | 60.221.17.184 | China - Shanxi | ||
| xmlpull.org | 185.199.111.153 | United States of America - Pennsylvania | ||
| 162.14.10.42 | 162.14.10.42 | China - Beijing | ||
| api.utag.mob.com | 没有ip信息 | 没有地区信息 | ||
| c.paypal.com | 151.101.89.21 | United States of America - California | ||
| mobilegw-1-64.test.alipay.net | 没有ip信息 | 没有地区信息 | ||
| api.braintreegateway.com | 3.122.176.248 | Germany - Hessen | ||
| api.twitter.com | 162.125.8.1 | United States of America - California | ||
| confinfo.map.qq.com | 220.194.120.95 | China - Tianjin | ||
| uplog.qbox.me | 101.251.144.177 | China - Zhejiang | ||
| c.sandbox.paypal.com | 151.101.91.1 | United States of America - California | ||
| wappaygw.alipay.com | 111.202.5.210 | China - Beijing | ||
| astat.bugly.qcloud.com | 119.28.121.133 | Singapore - Singapore | ||
| up.mob.com | 60.191.231.227 | China - Zhejiang | ||
| 162.14.13.181 | 162.14.13.181 | China - Beijing | ||
| mta.qq.com | 0.0.0.1 | - - - | ||
| upload.qq163.iego.cn | 没有ip信息 | 没有地区信息 | ||
| m0.map.gtimg.com | 221.204.15.91 | China - Shanxi | ||
| pingma.qq.com | 0.0.0.1 | - - - | ||
| license.vod-pro.com | 123.6.105.16 | China - Henan | ||
| qzs.qq.com | 60.221.17.184 | China - Shanxi | ||
| www.mob.com | 180.188.26.28 | China - Zhejiang | ||
| pr.map.qq.com | 116.130.224.82 | China - Beijing | ||
| open.weixin.qq.com | 116.128.171.214 | China - Shanghai | ||
| mobilegw.aaa.alipay.net | 没有ip信息 | 没有地区信息 | ||
| api.sandbox.braintreegateway.com | 159.242.242.128 | United States of America - California | ||
| lark.alipay.com | 110.76.22.106 | China - Zhejiang | ||
| sandbox.secure.checkout.visa.com | 104.16.97.27 | United States of America - California | ||
| yun-hl.3g.qq.com | 125.36.181.143 | China - Tianjin | ||
| acs.amazonaws.com | 没有ip信息 | 没有地区信息 | ||
| long.open.weixin.qq.com | 112.65.193.170 | China - Shanghai | ||
| www.paypalobjects.com | 151.101.91.1 | United States of America - California | ||
| 162.14.6.156 | 162.14.6.156 | China - Beijing | ||
| s3.amazonaws.com | 52.216.218.8 | United States of America - Virginia | ||
| s3.map.gtimg.com | 42.236.6.64 | China - Henan | ||
| h5.m.taobao.com | 125.39.155.58 | China - Tianjin | ||
| alogus.umeng.com | 223.109.148.178 | China - Jiangsu | ||
| cc.map.qq.com | 125.36.181.144 | China - Tianjin | ||
| m1.map.gtimg.com | 221.204.15.61 | China - Shanxi | ||
| 162.14.19.159 | 162.14.19.159 | China - Beijing | ||
| p0.map.gtimg.com | 42.236.6.64 | China - Henan | ||
| developer.umeng.com | 59.82.31.160 | China - Zhejiang | ||
| astat.bugly.cros.wr.pvp.net | 170.106.118.26 | United States of America - California | ||
| l.mob.com | 180.188.25.40 | China - Zhejiang | ||
| m3.map.gtimg.com | 221.204.15.61 | China - Shanxi | ||
| www.myapp.com | 60.29.240.122 | China - Tianjin | ||
| openmobile.qq.com | 60.28.215.27 | China - Tianjin | ||
| analytics.map.qq.com | 125.36.181.143 | China - Tianjin | ||
| api.u.mob.com | 没有ip信息 | 没有地区信息 | ||
| mclient.alipay.com | 218.61.164.135 | China - Liaoning | ||
| up-hl.3g.qq.com | 112.64.235.44 | China - Shanghai | ||
| play.google.com | 93.46.8.90 | Italy - Lombardia | ||
| api-m.paypal.com | 151.101.91.1 | United States of America - California | ||
| ouplog.umeng.com | 47.246.110.93 | Singapore - Singapore | ||
| p2.map.gtimg.com | 42.236.6.64 | China - Henan | ||
| 162.14.3.17 | 162.14.3.17 | China - Beijing | ||
| uc.qbox.me | 153.99.246.133 | China - Jiangsu | ||
| alogsus.umeng.com | 223.109.148.141 | China - Jiangsu | ||
| www.ngs.ac.uk | 130.246.140.235 | United Kingdom of Great Britain and Northern Ireland - England | ||
| ulogs.umengcloud.com | 223.109.148.178 | China - Jiangsu | ||
| s0.map.gtimg.com | 42.236.6.64 | China - Henan | ||
| mobilegw.alipaydev.com | 110.75.132.131 | China - Zhejiang | ||
| schemas.android.com | 没有ip信息 | 没有地区信息 | ||
| app.qq.com | 60.29.240.122 | China - Tianjin | ||
| 10.0.2.2 | 10.0.2.2 | - - - | ||
| up.sdk.mob.com | 180.188.26.28 | China - Zhejiang | ||
| 162.14.19.114 | 162.14.19.114 | China - Beijing | ||
| sdk-im-1252463788.cos.accelerate.myqcloud.com | 127.0.0.1 | - - - | ||
| 162.14.19.46 | 162.14.19.46 | China - Beijing | ||
| rtt2.map.qq.com | 116.130.223.114 | China - Beijing | ||
| graph.facebook.com | 98.159.108.71 | United States of America - California | ||
| paygate-yf.meituan.com | 101.236.69.63 | China - Beijing | ||
| d55f1fc5.ngrok.io | 18.177.76.42 | Japan - Tokyo | ||
| h.trace.qq.com | 113.56.189.246 | China - Hubei | ||
| dnsrepo-pub.alibaba.com | 106.11.43.250 | China - Beijing | ||
| 162.14.13.203 | 162.14.13.203 | China - Beijing | ||
| m2.map.gtimg.com | 123.6.42.84 | China - Henan | ||
| 162.14.13.170 | 162.14.13.170 | China - Beijing | ||
| 162.14.20.148 | 162.14.20.148 | China - Beijing | ||
| new-api.meiqia.com | 114.117.133.42 | China - Beijing | ||
| apikey.map.qq.com | 116.130.224.140 | China - Beijing | ||
| 43.129.34.169 | 43.129.34.169 | Indonesia - Jakarta Raya | ||
| ulogs.umeng.com | 223.109.148.179 | China - Jiangsu |
URL线索
邮箱线索
| 邮箱地址 | 所在文件 |
|---|---|
|
xxx@email.elided |
com/tencent/liteav/base/PiiElider.java |
|
jrs@cs.berkeley |
lib/arm64-v8a/libCNamaSDK.so |
手机线索
| 手机号 | 所在文件 |
|---|---|
|
15222222222 |
com/mob/commons/clt/DClt.java |
|
16222222222 |
com/mob/commons/clt/DClt.java |
|
17222222222 |
com/mob/commons/clt/DClt.java |
|
18222222222 |
com/mob/commons/clt/DClt.java |
|
19222222222 |
com/mob/commons/clt/DClt.java |
签名证书
APK已签名
v1 签名: True
v2 签名: True
v3 签名: False
找到 1 个唯一证书
主题: CN=df, OU=df, O=ddf, L=beijing, ST=beijing, C=86
签名算法: rsassa_pkcs1v15
有效期自: 2025-03-26 13:58:38+00:00
有效期至: 2050-03-20 13:58:38+00:00
发行人: CN=df, OU=df, O=ddf, L=beijing, ST=beijing, C=86
序列号: 0x1
哈希算法: sha256
md5值: c379bdc60e13266dcabfcb4e2db5a771
sha1值: 86b5bac2f6c1a906990d72fd5903b014624cc147
sha256值: c304d93cf396aff176b8c81b8d00d77f8c56623b9f746c5d7b33475ed685c82f
sha512值: 8e8d38882c63db21374c497e3a3e10d0b5201b1b9494a1dc215052ef9ac0cdc09617780ec6e41aaab29269dbc90929a6073829562a5b5073ba0c01bcfdf73e30
公钥算法: rsa
密钥长度: 2048
指纹: 8481c01d53bfcc982a6cc461a77f5b992dbabd51b96f2229367b37cba520def6硬编码敏感信息
"auth_my_auth" : "我要认证"
"cash_input_bank_user_name" : "请输入持卡人姓名"
"chat_gift_user_not_auth" : "对方未认证"
"choose_user" : "请选择用户"
"find_pwd_find" : "立即找回"
"find_pwd_forget" : "忘记密码"
"go_auth" : "去认证"
"have_auth" : "已认证"
"home_user" : "用户"
"library_roundedimageview_author" : "Vince Mi"
"library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1"
"live_input_password" : "请输入房间密码"
"live_set_pwd" : "请设置房间密码"
"login_auth_cancle" : "授权取消"
"login_auth_failure" : "授权失败"
"login_auth_ing" : "正在授权登录"
"login_auth_success" : "登录成功"
"login_forget_pwd" : "忘记密码"
"match_one_key" : "一键匹配"
"mq_auth_code" : "验证码"
"not_auth" : "未认证"
"rank_auth_tip" : "该用户还未认证~"
"reg_input_pwd_1" : "请填写密码"
"reg_input_pwd_2" : "请确认密码"
"search_user_name" : "搜索用户昵称"
"ssdk_cmcc_auth" : "手机认证服务由中国移动提供"
"ssdk_cmcc_login_one_key" : "本机号码一键登录"
"ssdk_instapaper_pwd" : "密码"
"ssdk_weibo_oauth_regiseter" : "应用授权"
"video_comment_author" : "作者"
"mq_auth_code" : "CAPTCHA"
"ssdk_cmcc_auth" : "Provided by China Mobile"
"ssdk_cmcc_login_one_key" : "PhoneNum Login"
"ssdk_instapaper_pwd" : "Password"
"ssdk_weibo_oauth_regiseter" : "Authorization"
"mq_auth_code" : "Kode verifikaso"
"mq_auth_code" : "Kod pengesahan"
"mq_auth_code" : "驗證碼"
加壳分析
第三方插件
危险动作
| 向手机申请的权限 | 是否危险 | 类型 | 详细情况 |
|---|---|---|---|
| android.permission.READ_PHONE_STATE | 危险 | 读取电话状态和身份 | 允许应用访问设备的电话功能。具有此权限的应用程序可以确定此电话的电话号码和序列号,呼叫是否处于活动状态,呼叫所连接的号码等 |
| android.permission.INTERNET | 正常 | 互联网接入 | 允许应用程序创建网络套接字 |
| android.permission.WAKE_LOCK | 正常 | 防止手机睡眠 | 允许应用程序防止手机进入睡眠状态 |
| android.permission.ACCESS_NETWORK_STATE | 正常 | 查看网络状态 | 允许应用程序查看所有网络的状态 |
| android.permission.ACCESS_WIFI_STATE | 正常 | 查看Wi-Fi状态 | 允许应用程序查看有关 Wi-Fi 状态的信息 |
| android.permission.SYSTEM_ALERT_WINDOW | 危险 | 显示系统级警报 | 允许应用程序显示系统警报窗口。恶意应用程序可以接管手机的整个屏幕 |
| android.permission.NETWORK_PROVIDER | 未知 | 调用了未知的操作 | |
| android.permission.ACCESS_COARSE_LOCATION | 危险 | 粗定位 | 访问粗略位置源,例如移动网络数据库,以确定大概的电话位置(如果可用)。恶意应用程序可以使用它来确定您的大致位置 |
| android.permission.ACCESS_FINE_LOCATION | 危险 | 精细定位(GPS) | 访问精细位置源,例如手机上的全球定位系统,如果可用。恶意应用程序可以使用它来确定您的位置,并可能消耗额外的电池电量 |
| android.permission.VIBRATE | 正常 | 可控震源 | 允许应用程序控制振动器 |
| android.permission.RECORD_AUDIO | 危险 | 录音 | 允许应用程序访问音频记录路径 |
| android.permission.CAMERA | 危险 | 拍照和录像 | 允许应用程序用相机拍照和录像。这允许应用程序收集相机随时看到的图像 |
| android.permission.FLASHLIGHT | 正常 | 控制手电筒 | 允许应用程序控制手电筒 |
| android.permission.READ_EXTERNAL_STORAGE | 危险 | 读取外部存储器内容 | 允许应用程序从外部存储读取 |
| android.permission.WRITE_EXTERNAL_STORAGE | 危险 | 读取/修改/删除外部存储内容 | 允许应用程序写入外部存储 |
| android.permission.MOUNT_UNMOUNT_FILESYSTEMS | 危险 | 装载和卸载文件系统 | 允许应用程序为可移动存储安装和卸载文件系统 |
| android.permission.CHANGE_WIFI_STATE | 正常 | 更改Wi-Fi状态 | 允许应用程序连接和断开 Wi-Fi 接入点,并对配置的 Wi-Fi 网络进行更改 |
| android.permission.RECEIVE_BOOT_COMPLETED | 正常 | 开机时自动启动 | 允许应用程序在系统完成启动后立即启动。这可能会使启动手机需要更长的时间,并允许应用程序通过始终运行来减慢整个手机的速度 |
| android.permission.REORDER_TASKS | 正常 | 重新排序正在运行的应用程序 | 允许应用程序将任务移动到前台和后台。恶意应用程序可以在不受您控制的情况下将自己强加于前 |
| android.permission.CHANGE_NETWORK_STATE | 正常 | 更改网络连接 | 允许应用程序更改网络连接状态。 |
| android.permission.MANAGE_ACCOUNTS | 危险 | 管理帐户列表 | 允许应用程序执行添加和删除帐户以及删除其密码等操作 |
| android.permission.RECEIVE_USER_PRESENT | 未知 | 调用了未知的操作 | |
| android.permission.WRITE_SETTINGS | 危险 | 修改全局系统设置 | 允许应用程序修改系统设定数据。恶意应用可能会损坏你的系统的配置。 |
| android.permission.ACCESS_LOCATION_EXTRA_COMMANDS | 正常 | 访问额外的位置提供程序命令 | 访问额外的位置提供程序命令,恶意应用程序可能会使用它来干扰 GPS 或其他位置源的操作 |
| android.permission.DISABLE_KEYGUARD | 正常 | 如果键盘不安全,允许应用程序禁用它。 | |
| android.permission.MODIFY_AUDIO_SETTINGS | 正常 | 更改您的音频设置 | 允许应用程序修改全局音频设置,例如音量和路由 |
| android.permission.FOREGROUND_SERVICE | 正常 | 允许常规应用程序使用 Service.startForeground。 | |
| android.permission.CALL_PHONE | 危险 | 直接拨打电话号码 | 允许应用程序在没有您干预的情况下拨打电话号码。恶意应用程序可能会导致您的电话账单出现意外呼叫。请注意,这不允许应用程序拨打紧急电话号码 |
| android.permission.REQUEST_INSTALL_PACKAGES | 危险 | 允许应用程序请求安装包。 | 恶意应用程序可以利用它来尝试诱骗用户安装其他恶意软件包。 |
| android.permission.BLUETOOTH | 正常 | 创建蓝牙连接 | 允许应用程序连接到配对的蓝牙设备 |