文件信息
文件名 flu2024.apk文件大小 50.37MB
MD5值 6ae2c69fdb21001d2e5fb276860d32ed
SHA1值 29632ddcefb95accb5465721b2b4e32a11367d80
SHA256值 37b78894da47b0e80608d49483260a8cfc21828bafa2dfc143128bee3e89c366
APK信息
APK名称 e.m.c包名 com.femc.prod
主活动 com.example.emc_app.MainActivity
安卓版本名称 5.9.0
域名线索
| 域名 | 查询域名 | ip | 地区 | 查询地区 |
|---|---|---|---|---|
| ap.api.fpjs.io | 3.33.219.3 | United States of America - Washington | ||
| default.url | 没有ip信息 | 没有地区信息 | ||
| errnewlogos.umeng.com | 47.246.110.18 | Singapore - Singapore | ||
| developer.mozilla.org | 34.111.97.67 | United States of America - Missouri | ||
| schemas.microsoft.com | 13.107.246.74 | United States of America - Washington | ||
| errlog.umeng.com | 223.109.148.129 | China - Jiangsu | ||
| resolve.umeng.com | 223.109.148.177 | China - Jiangsu | ||
| api.fpjs.io | 13.248.176.92 | United States of America - Washington | ||
| community.openvpn.net | 49.2.123.56 | Australia - New South Wales | ||
| ulogs.umeng.com | 223.109.148.177 | China - Jiangsu | ||
| aomedia.org | 127.0.0.1 | - - - | ||
| eu.api.fpjs.io | 75.2.52.67 | United States of America - Washington | ||
| www.unicode.org | 64.182.27.164 | United States of America - Texas | ||
| developer.android.com | 74.125.135.139 | United States of America - California | ||
| openvpn.net | 23.89.5.60 | United States of America - California | ||
| app.mi.com | 123.125.102.202 | China - Beijing | ||
| g.co | 142.251.188.113 | United States of America - California | ||
| www.example.com | 23.220.68.32 | Japan - Tokyo | ||
| repo.xposed.info | 45.55.233.97 | United States of America - New Jersey | ||
| code.google.com | 74.125.195.100 | United States of America - California | ||
| errnewlog.umeng.com | 223.109.148.180 | China - Jiangsu | ||
| dartbug.com | 216.239.32.21 | United States of America - California | ||
| natmchugh.blogspot.de | 199.59.149.207 | United States of America - California | ||
| www.w3.org | 104.18.22.19 | United States of America - California | ||
| plus.google.com | 69.162.134.178 | United States of America - Illinois | ||
| www.bouncycastle.org | 43.250.142.130 | Australia - Queensland | ||
| cnlogs.umeng.com | 223.109.148.177 | China - Jiangsu | ||
| a.app.qq.com | 60.29.240.104 | China - Tianjin | ||
| dev.to | 151.101.194.217 | United States of America - California | ||
| sites.inka.de | 193.197.184.17 | Germany - Baden-Wurttemberg | ||
| github.com | 127.0.0.1 | - - - | ||
| api.flutter.dev | 199.36.158.100 | United States of America - California | ||
| xposed.info | 45.55.233.97 | United States of America - New Jersey | ||
| www.google.com | 199.16.158.9 | United States of America - California | ||
| accounts.google.com | 59.24.3.174 | Korea (Republic of) - Gyeonggi-do | ||
| android.googlesource.com | 127.0.0.1 | - - - | ||
| developer.apple.com | 17.253.85.201 | Hong Kong - Hong Kong | ||
| cs.android.com | 74.125.142.113 | United States of America - California | ||
| alogsus.umeng.com | 223.109.148.141 | China - Jiangsu | ||
| ucc.umeng.com | 203.119.145.45 | China - Beijing | ||
| play.google.com | 59.24.3.174 | Korea (Republic of) - Gyeonggi-do | ||
| alogus.umeng.com | 223.109.148.178 | China - Jiangsu | ||
| fpnpmcdn.net | 3.171.198.91 | United States of America - Washington | ||
| developer.umeng.com | 59.82.31.154 | China - Zhejiang | ||
| crowdin.net | 54.80.52.199 | United States of America - Virginia | ||
| gist.github.com | 20.205.243.166 | Singapore - Singapore | ||
| pslog.umeng.com | 59.82.29.162 | China - Zhejiang | ||
| ulogs.umengcloud.com | 223.109.148.177 | China - Jiangsu | ||
| dashif.org | 127.0.0.1 | - - - | ||
| ns.adobe.com | 没有ip信息 | 没有地区信息 | ||
| aspect-upush.umeng.com | 223.109.148.177 | China - Jiangsu | ||
| issuetracker.google.com | 108.177.98.113 | United States of America - California | ||
| utoken.umeng.com | 223.109.148.171 | China - Jiangsu | ||
| docs.flutter.dev | 199.36.158.100 | United States of America - California | ||
| errlogos.umeng.com | 47.246.110.96 | Singapore - Singapore |
URL线索
邮箱线索
| 邮箱地址 | 所在文件 |
|---|---|
|
u0013android@android.com0 |
z4/q.java |
|
u0013android@android.com |
z4/q.java |
|
arne@rfc2549.org |
摸瓜V1引擎 |
|
helbeierling@t-online.de |
摸瓜V1引擎 |
|
eay@cryptsoft.com |
摸瓜V1引擎 |
|
sales@openvpn.net |
摸瓜V1引擎 |
|
appro@openssl.org |
lib/arm64-v8a/libflutter.so |
|
ssh-ed25519-cert-v01@openssh.comssh |
lib/arm64-v8a/libgojni.so |
|
-ecdsa-sha2-nistp256@openssh.comslice |
lib/arm64-v8a/libgojni.so |
|
a2-nistp256-cert-v01@openssh.comssh |
lib/arm64-v8a/libgojni.so |
|
sales@openvpn.net |
lib/arm64-v8a/libopenvpn.so |
手机线索
| 手机号 | 所在文件 |
|---|---|
|
15724800000 |
cn/jiguang/am/a.java |
|
17512775099 |
y5/a.java |
|
17222222222 |
r2/e.java |
|
18222222222 |
r2/e.java |
签名证书
APK已签名
v1 签名: True
v2 签名: True
v3 签名: False
找到 1 个唯一证书
主题: C=020
签名算法: rsassa_pkcs1v15
有效期自: 2024-03-30 08:09:49+00:00
有效期至: 2124-03-06 08:09:49+00:00
发行人: C=020
序列号: 0x1
哈希算法: sha256
md5值: ca2265220a1a059d21e49a6f1d60e77e
sha1值: 70dc2666cea459ee033fb0f83164db3e836f1243
sha256值: 9c1b7bb576760e1c0238a01932b611893e02059b45d3067bbe2e147334b6b16e
sha512值: 55bb5f74b6fdc223a33ccd1d1546247225eaf67e111d8630723655e99e8f45cc1718539cd1d1db0cd65e331e40293d6f50ed2d9435a5cc72213bcdde9e992574
公钥算法: rsa
密钥长度: 2048
指纹: 39891e78329e70d425bf5f3e8654c73a4d020ef97051f69948e011b6b6356e53硬编码敏感信息
"auth_username" : "Username"
"client_no_certificate" : "No Certificate"
"external_authenticator" : "External Authenticator"
"faq_remote_api" : "OpenVPN for Android supports two remote APIs, a sophisticated API using AIDL (remoteEXample in the git repository) and a simple one using Intents. <p>Examples using adb shell and the intents. Replace profilname with your profile name<p><p> adb shell am start-activity -a android.intent.action.MAIN de.blinkt.openvpn/.api.DisconnectVPN<p> adb shell am start-activity -a android.intent.action.MAIN -e de.blinkt.openvpn.api.profileName Blinkt de.blinkt.openvpn/.api.ConnectVPN"
"missing_ca_certificate" : "Missing CA certificate"
"no_certificate" : "You must select a certificate"
"packet_auth" : "Packet authentication"
"password" : "Password"
"pkcs12_file_encryption_key" : "PKCS12 File Encryption Key"
"private_key_password" : "Private Key Password"
"save_password" : "Save Password"
"session_ipv4string" : "%1$s - %2$s"
"session_ipv6string" : "%1$s - %3$s, %2$s"
"settings_auth" : "Authentication/Encryption"
"show_password" : "Show password"
"state_auth" : "Authenticating"
"state_auth_failed" : "Authentication failed"
"state_auth_pending" : "Authentication pending"
"state_user_vpn_password" : "Waiting for user VPN password"
"tls_auth_file" : "TLS Auth File"
"tls_authentication" : "TLS Authentication/Encryption"
"tls_key_auth" : "Enables the TLS Key Authentication"
加壳分析
第三方插件
危险动作
| 向手机申请的权限 | 是否危险 | 类型 | 详细情况 |
|---|---|---|---|
| android.permission.READ_MEDIA_IMAGES | 未知 | 调用了未知的操作 | |
| android.permission.READ_MEDIA_VIDEO | 未知 | 调用了未知的操作 | |
| android.permission.READ_MEDIA_AUDIO | 未知 | 调用了未知的操作 | |
| android.permission.CAMERA | 危险 | 拍照和录像 | 允许应用程序用相机拍照和录像。这允许应用程序收集相机随时看到的图像 |
| android.permission.READ_PHONE_STATE | 危险 | 读取电话状态和身份 | 允许应用访问设备的电话功能。具有此权限的应用程序可以确定此电话的电话号码和序列号,呼叫是否处于活动状态,呼叫所连接的号码等 |
| android.permission.INTERNET | 正常 | 互联网接入 | 允许应用程序创建网络套接字 |
| android.permission.ACCESS_NETWORK_STATE | 正常 | 查看网络状态 | 允许应用程序查看所有网络的状态 |
| android.permission.ACCESS_WIFI_STATE | 正常 | 查看Wi-Fi状态 | 允许应用程序查看有关 Wi-Fi 状态的信息 |
| android.permission.WRITE_EXTERNAL_STORAGE | 危险 | 读取/修改/删除外部存储内容 | 允许应用程序写入外部存储 |
| android.permission.READ_EXTERNAL_STORAGE | 危险 | 读取外部存储器内容 | 允许应用程序从外部存储读取 |
| android.permission.VIBRATE | 正常 | 可控震源 | 允许应用程序控制振动器 |
| android.permission.REQUEST_INSTALL_PACKAGES | 危险 | 允许应用程序请求安装包。 | 恶意应用程序可以利用它来尝试诱骗用户安装其他恶意软件包。 |
| android.permission.QUERY_ALL_PACKAGES | 正常 | 允许查询设备上的任何普通应用程序,无论清单声明如何 | |
| com.huawei.android.launcher.permission.CHANGE_BADGE | 正常 | 在应用程序上显示通知计数 | 在华为手机的应用程序启动图标上显示通知计数或徽章。 |
| android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED | 未知 | 调用了未知的操作 | |
| android.permission.POST_NOTIFICATIONS | 未知 | 调用了未知的操作 | |
| android.permission.FOREGROUND_SERVICE | 正常 | 允许常规应用程序使用 Service.startForeground。 | |
| com.google.android.providers.gsf.permission.READ_GSERVICES | 未知 | 调用了未知的操作 | |
| com.femc.prod.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION | 未知 | 调用了未知的操作 | |
| com.google.android.gms.permission.AD_ID | 未知 | 调用了未知的操作 | |
| com.femc.prod.permission.JPUSH_MESSAGE | 未知 | 调用了未知的操作 | |
| com.vivo.notification.permission.BADGE_ICON | 未知 | 调用了未知的操作 | |
| com.hihonor.android.launcher.permission.CHANGE_BADGE | 未知 | 调用了未知的操作 | |
| android.permission.ACCESS_COARSE_LOCATION | 危险 | 粗定位 | 访问粗略位置源,例如移动网络数据库,以确定大概的电话位置(如果可用)。恶意应用程序可以使用它来确定您的大致位置 |
| android.permission.ACCESS_FINE_LOCATION | 危险 | 精细定位(GPS) | 访问精细位置源,例如手机上的全球定位系统,如果可用。恶意应用程序可以使用它来确定您的位置,并可能消耗额外的电池电量 |
| android.permission.ACCESS_BACKGROUND_LOCATION | 危险 | 后台访问位置 | 允许应用程序在后台访问位置 |
| android.permission.GET_TASKS | 危险 | 检索正在运行的应用程序 | 允许应用程序检索有关当前和最近运行的任务的信息。可能允许恶意应用程序发现有关其他应用程序的私人信息 |