File name:

4ea62997adcb1e7e3ba45c6b2984f9c208b2d634aba01ab6bbf0cca76f334252.apk

Full analysis: https://app.any.run/tasks/218e4d31-af59-4364-af1e-d429742c974f
Verdict: Malicious activity
Analysis date: May 15, 2025, 18:44:20
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with zipflinger virtual entry
MD5:

BB55351479328E976C3A3524ACF1680F

SHA1:

751B1BFD0D0F36BBEEF4F7143101B0B6CFCB57C0

SHA256:

4EA62997ADCB1E7E3BA45C6B2984F9C208B2D634ABA01AB6BBF0CCA76F334252

SSDEEP:

393216:PiJ9wR61MLZ/05lIpKDQwBH7+R5Bch7tmXlHzu/gTpQQpiJ14LNs:qJ9wREMaroKsiC5B2RmXly/1QY74Lq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Hides app icon from display

      • app_process64 (PID: 2367)

  • SUSPICIOUS

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Sets file permissions, owner, and group for a specified path

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)
      • app_process64 (PID: 2367)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)

    • Scans for popular installed apps

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Establishing a connection

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Accesses external device storage files

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)

    • Retrieves a list of running application processes

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Uses encryption API functions

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Starts a service

      • app_process64 (PID: 2261)

    • Accesses system-level resources

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Launches a new activity

      • app_process64 (PID: 2261)

    • Connects to the server without a host name

      • app_process64 (PID: 2261)

    • Accesses memory information

      • app_process64 (PID: 2470)

    • Connects to unusual port

      • app_process64 (PID: 2367)
      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)

  • INFO

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Gets file name without full path

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Loads a native library into the application

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Retrieves CPU core information

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Returns elapsed time since boot

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Stores data using SQLite database

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 2367)
      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)

    • Listens for connection changes

      • app_process64 (PID: 2261)

    • Retrieves the value of a secure system setting

      • app_process64 (PID: 2470)

    • Checks if Wi-Fi is enabled

      • app_process64 (PID: 2367)

    • Detects device power status

      • app_process64 (PID: 2367)

    • Creates and writes local files

      • app_process64 (PID: 2261)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (73.9)
.jar | Java Archive (20.4)
.zip | ZIP compressed archive (5.6)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0x89e3664e
ZipCompressedSize: 51
ZipUncompressedSize: 55
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 app_process64 app_process64

Process information

PID
CMD
Path
Indicators
Parent process
2261com.fengshows.video /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2367com.fengshows.video:pushcore /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2470com.fengshows.video:lelinkps /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
63
Text files
260
Unknown types
0

Dropped files

PID
Process
Filename
Type
2261app_process64/data/data/com.fengshows.video/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MTo3NDg0MTQ1NjcwMjM6YW5kcm9pZDo0OGIxNzhhZTIxOTQxNWE2MzIwMzlh.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/com.google.firebase.messaging.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/files/PersistedInstallation5961061128781229081tmpbinary
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/files/PersistedInstallation.W0RFRkFVTFRd+MTo3NDg0MTQ1NjcwMjM6YW5kcm9pZDo0OGIxNzhhZTIxOTQxNWE2MzIwMzlh.jsonbinary
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/com.liteav.storage.global.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/databases/google_app_measurement_local.dbbinary
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/ifengVideo6Prefference.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/LicenseChecker.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/files/PersistedInstallation6794757868040375374tmpbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
61
DNS requests
36
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
142.250.185.227:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
2261
app_process64
GET
200
122.188.45.51:80
http://c0.ifengimg.com/pdt/cfg/vm_phone_show.js
unknown
whitelisted
2470
app_process64
GET
200
1.14.243.105:80
http://gslb.hpplay.cn/VipResInfo?sourceId=SDK_UI_LIST_BANNER,SDK_UI_LIST_BANNER_HORIZONTAL&uid=10001792130715&appid=11902&pro_ver=1.0&sdk_ver=41201&apk_ver=5041401&token=f6b09324985a63421747334701
unknown
unknown
2261
app_process64
GET
200
122.188.45.51:80
http://c0.ifengimg.com/pdt/cfg/vm_phone_show.js
unknown
whitelisted
2261
app_process64
POST
200
162.14.6.247:80
http://162.14.6.247/v4/ConfigGetSvc/GetOpenSSOIPList?sdkappid=20000716&cluster=sgp
unknown
unknown
2470
app_process64
GET
200
1.14.243.88:88
http://conf.hpplay.cn:88/sender/conf?uid=10001792130715&appid=11902&prot_ver=1.0&sdk_ver=41201&token=f6b09324985a63421747334701
unknown
unknown
2470
app_process64
GET
200
47.113.66.37:80
http://rp.hpplay.cn/logins?v=2.1&s=1%3D10320421%3D086F0s0_r3nsi4857s3CA4BF21sc%26h%3Dmooc.%26%3D%3Du511%3D0791dBD295r.0b%3D%3DdaABD5d18707112%26d%3DTtohe%262nn71%26071%263201D17%261%3D%26hl%26lncE64C25964C11%26%3D%26%3Dn%26fsfv1vi%264c9%26%3D%3D6chA6A0v11VQsdol02F8a8D5224C5%3Did0c%3Dgil.%3D423500.474903AF44v1T%3D4u%3DdA79A%3DD71A2AB5n%3Dji1.w%26s0s3dc7%3D2v219%3Di1C80%3D%2625%26vci%2635B9iDD258A6C5ms_ucsdg1e%2687s11%26a3%262E176r44jigolu%3D973B161BCF43s1iVQpe.n%3D%26%3Dt48u75as4s%264B4Ea0.%3Dn%26i%26lE981%2691073641t%26m5%26knv%3D4l1
unknown
unknown
2470
app_process64
GET
200
1.14.243.88:88
http://conf.hpplay.cn:88/sender/conf?uid=10001792130715&appid=11902&prot_ver=1.0&sdk_ver=41201&token=f6b09324985a63421747334701
unknown
unknown
2261
app_process64
GET
200
163.181.131.211:80
http://c1.fengshows-cdn.com/a/2020_15/c78b792fdb402fe.png
unknown
unknown
2261
app_process64
GET
200
101.33.11.223:80
http://q1.fengshows.cn/2025/05/15/20250515b873b724-318e-11f0-80ca-fa20200e046a.jpg_360.jpg
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
449
mdnsd
224.0.0.251:5353
unknown
142.250.185.227:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.250.186.132:443
www.google.com
GOOGLE
US
whitelisted
216.239.35.4:123
time.android.com
whitelisted
64.233.167.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2261
app_process64
43.152.26.209:443
license.vod2.myqcloud.com
ACE
DE
whitelisted
2261
app_process64
142.250.74.202:443
firebaseinstallations.googleapis.com
GOOGLE
US
whitelisted
2261
app_process64
124.70.66.249:443
config.jpush.cn
Huawei Cloud Service data center
CN
unknown
2261
app_process64
120.233.50.106:443
ce3e75d5.jpush.cn
China Mobile communications corporation
CN
unknown
2261
app_process64
47.75.233.44:443
m.fengshows.com
Alibaba US Technology Co., Ltd.
HK
unknown

DNS requests

Domain
IP
Reputation
connectivitycheck.gstatic.com
  • 142.250.185.227
whitelisted
www.google.com
  • 142.250.186.132
whitelisted
time.android.com
  • 216.239.35.4
  • 216.239.35.8
  • 216.239.35.12
  • 216.239.35.0
whitelisted
google.com
  • 142.250.184.238
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 64.233.167.81
whitelisted
license.vod2.myqcloud.com
  • 43.152.26.209
  • 43.152.26.197
  • 43.152.28.77
  • 43.152.29.72
  • 43.152.26.154
  • 43.152.28.41
  • 43.152.28.111
  • 43.152.26.142
  • 43.152.28.43
  • 43.152.26.151
  • 43.152.26.239
  • 43.152.29.148
  • 43.152.26.238
  • 43.152.29.77
  • 43.152.29.101
whitelisted
firebaseinstallations.googleapis.com
  • 142.250.74.202
  • 142.250.185.138
  • 142.250.186.170
  • 172.217.16.138
  • 172.217.23.106
  • 142.250.185.74
  • 142.250.184.234
  • 172.217.18.10
  • 216.58.206.42
  • 142.250.186.106
  • 142.250.185.106
  • 142.250.184.202
  • 142.250.186.138
  • 216.58.206.74
  • 142.250.186.42
  • 142.250.186.74
whitelisted
config.jpush.cn
  • 124.70.66.249
  • 124.70.104.123
  • 1.92.65.254
  • 1.92.122.151
unknown
ce3e75d5.jpush.cn
  • 120.233.50.106
unknown
c0.ifengimg.com
  • 122.188.45.51
  • 123.6.40.124
  • 202.97.231.78
  • 122.188.45.140
  • 116.196.150.249
  • 119.188.174.58
  • 101.72.254.91
  • 119.188.174.59
  • 122.188.45.182
  • 60.221.17.73
  • 59.83.212.226
  • 122.188.44.139
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
345
netd
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
2261
app_process64
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
2367
app_process64
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
2470
app_process64
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
345
netd
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
4ea62997adcb1e7e3ba45c6b2984f9c208b2d634aba01ab6bbf0cca76f334252.apk