File name:

4ea62997adcb1e7e3ba45c6b2984f9c208b2d634aba01ab6bbf0cca76f334252.apk

Full analysis: https://app.any.run/tasks/218e4d31-af59-4364-af1e-d429742c974f
Verdict: Malicious activity
Analysis date: May 15, 2025, 18:44:20
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with zipflinger virtual entry
MD5:

BB55351479328E976C3A3524ACF1680F

SHA1:

751B1BFD0D0F36BBEEF4F7143101B0B6CFCB57C0

SHA256:

4EA62997ADCB1E7E3BA45C6B2984F9C208B2D634ABA01AB6BBF0CCA76F334252

SSDEEP:

393216:PiJ9wR61MLZ/05lIpKDQwBH7+R5Bch7tmXlHzu/gTpQQpiJ14LNs:qJ9wREMaroKsiC5B2RmXly/1QY74Lq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Hides app icon from display

      • app_process64 (PID: 2367)

  • SUSPICIOUS

    • Accesses system-level resources

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)

    • Establishing a connection

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Scans for popular installed apps

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Uses encryption API functions

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Accesses external device storage files

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)

    • Starts a service

      • app_process64 (PID: 2261)

    • Retrieves a list of running application processes

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Launches a new activity

      • app_process64 (PID: 2261)

    • Sets file permissions, owner, and group for a specified path

      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)
      • app_process64 (PID: 2261)

    • Accesses memory information

      • app_process64 (PID: 2470)

    • Connects to unusual port

      • app_process64 (PID: 2367)
      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)

    • Connects to the server without a host name

      • app_process64 (PID: 2261)

  • INFO

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)
      • app_process64 (PID: 2367)

    • Loads a native library into the application

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Gets file name without full path

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Retrieves CPU core information

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Dynamically loads a class in Java

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)
      • app_process64 (PID: 2470)

    • Returns elapsed time since boot

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2470)
      • app_process64 (PID: 2367)

    • Stores data using SQLite database

      • app_process64 (PID: 2261)
      • app_process64 (PID: 2367)

    • Listens for connection changes

      • app_process64 (PID: 2261)

    • Retrieves the value of a secure system setting

      • app_process64 (PID: 2470)

    • Checks if Wi-Fi is enabled

      • app_process64 (PID: 2367)

    • Creates and writes local files

      • app_process64 (PID: 2261)

    • Detects device power status

      • app_process64 (PID: 2367)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (73.9)
.jar | Java Archive (20.4)
.zip | ZIP compressed archive (5.6)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0x89e3664e
ZipCompressedSize: 51
ZipUncompressedSize: 55
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 app_process64 app_process64

Process information

PID
CMD
Path
Indicators
Parent process
2261com.fengshows.video /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2367com.fengshows.video:pushcore /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2470com.fengshows.video:lelinkps /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
63
Text files
260
Unknown types
0

Dropped files

PID
Process
Filename
Type
2261app_process64/data/data/com.fengshows.video/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MTo3NDg0MTQ1NjcwMjM6YW5kcm9pZDo0OGIxNzhhZTIxOTQxNWE2MzIwMzlh.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/com.google.firebase.messaging.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/files/PersistedInstallation5961061128781229081tmpbinary
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/files/PersistedInstallation.W0RFRkFVTFRd+MTo3NDg0MTQ1NjcwMjM6YW5kcm9pZDo0OGIxNzhhZTIxOTQxNWE2MzIwMzlh.jsonbinary
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/com.liteav.storage.global.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/databases/google_app_measurement_local.dbbinary
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/ifengVideo6Prefference.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/shared_prefs/LicenseChecker.xmlxml
MD5:
SHA256:
2261app_process64/data/data/com.fengshows.video/files/PersistedInstallation6794757868040375374tmpbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
61
DNS requests
36
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
142.250.185.227:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
2470
app_process64
GET
200
1.14.243.88:88
http://conf.hpplay.cn:88/sender/conf?uid=10001792130715&appid=11902&prot_ver=1.0&sdk_ver=41201&token=f6b09324985a63421747334701
unknown
unknown
2470
app_process64
GET
200
1.14.243.88:88
http://conf.hpplay.cn:88/sender/conf?uid=10001792130715&appid=11902&prot_ver=1.0&sdk_ver=41201&token=f6b09324985a63421747334701
unknown
unknown
2261
app_process64
GET
200
101.33.11.223:80
http://q1.fengshows.cn/a/2022_16/44b3e2ed7010b15.png_128.jpg
unknown
unknown
2261
app_process64
GET
200
163.181.131.211:80
http://c1.fengshows-cdn.com/a/2020_15/c78b792fdb402fe.png
unknown
unknown
2470
app_process64
GET
200
47.113.66.37:80
http://rp.hpplay.cn/logins?v=2.1&s=1%3D10320421%3D086F0s0_r3nsi4857s3CA4BF21sc%26h%3Dmooc.%26%3D%3Du511%3D0791dBD295r.0b%3D%3DdaABD5d18707112%26d%3DTtohe%262nn71%26071%263201D17%261%3D%26hl%26lncE64C25964C11%26%3D%26%3Dn%26fsfv1vi%264c9%26%3D%3D6chA6A0v11VQsdol02F8a8D5224C5%3Did0c%3Dgil.%3D423500.474903AF44v1T%3D4u%3DdA79A%3DD71A2AB5n%3Dji1.w%26s0s3dc7%3D2v219%3Di1C80%3D%2625%26vci%2635B9iDD258A6C5ms_ucsdg1e%2687s11%26a3%262E176r44jigolu%3D973B161BCF43s1iVQpe.n%3D%26%3Dt48u75as4s%264B4Ea0.%3Dn%26i%26lE981%2691073641t%26m5%26knv%3D4l1
unknown
unknown
2261
app_process64
GET
200
101.33.11.223:80
http://q1.fengshows.cn/2025/05/15/202505156ef68b48-318a-11f0-96a2-fa20200ddfb4.jpg_360.jpg
unknown
unknown
2261
app_process64
GET
200
101.33.11.223:80
http://q1.fengshows.cn/2025/05/15/20250515e14dc9e6-318e-11f0-845b-fa20200e046a.jpg_360.jpg
unknown
unknown
2261
app_process64
GET
200
122.188.45.51:80
http://c0.ifengimg.com/pdt/cfg/vm_phone_show.js
unknown
whitelisted
2261
app_process64
GET
200
122.188.45.51:80
http://c0.ifengimg.com/pdt/cfg/vm_phone_show.js
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
449
mdnsd
224.0.0.251:5353
unknown
142.250.185.227:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.250.186.132:443
www.google.com
GOOGLE
US
whitelisted
216.239.35.4:123
time.android.com
whitelisted
64.233.167.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2261
app_process64
43.152.26.209:443
license.vod2.myqcloud.com
ACE
DE
whitelisted
2261
app_process64
142.250.74.202:443
firebaseinstallations.googleapis.com
GOOGLE
US
whitelisted
2261
app_process64
124.70.66.249:443
config.jpush.cn
Huawei Cloud Service data center
CN
unknown
2261
app_process64
120.233.50.106:443
ce3e75d5.jpush.cn
China Mobile communications corporation
CN
unknown
2261
app_process64
47.75.233.44:443
m.fengshows.com
Alibaba US Technology Co., Ltd.
HK
unknown

DNS requests

Domain
IP
Reputation
connectivitycheck.gstatic.com
  • 142.250.185.227
whitelisted
www.google.com
  • 142.250.186.132
whitelisted
time.android.com
  • 216.239.35.4
  • 216.239.35.8
  • 216.239.35.12
  • 216.239.35.0
whitelisted
google.com
  • 142.250.184.238
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 64.233.167.81
whitelisted
license.vod2.myqcloud.com
  • 43.152.26.209
  • 43.152.26.197
  • 43.152.28.77
  • 43.152.29.72
  • 43.152.26.154
  • 43.152.28.41
  • 43.152.28.111
  • 43.152.26.142
  • 43.152.28.43
  • 43.152.26.151
  • 43.152.26.239
  • 43.152.29.148
  • 43.152.26.238
  • 43.152.29.77
  • 43.152.29.101
whitelisted
firebaseinstallations.googleapis.com
  • 142.250.74.202
  • 142.250.185.138
  • 142.250.186.170
  • 172.217.16.138
  • 172.217.23.106
  • 142.250.185.74
  • 142.250.184.234
  • 172.217.18.10
  • 216.58.206.42
  • 142.250.186.106
  • 142.250.185.106
  • 142.250.184.202
  • 142.250.186.138
  • 216.58.206.74
  • 142.250.186.42
  • 142.250.186.74
whitelisted
config.jpush.cn
  • 124.70.66.249
  • 124.70.104.123
  • 1.92.65.254
  • 1.92.122.151
unknown
ce3e75d5.jpush.cn
  • 120.233.50.106
unknown
c0.ifengimg.com
  • 122.188.45.51
  • 123.6.40.124
  • 202.97.231.78
  • 122.188.45.140
  • 116.196.150.249
  • 119.188.174.58
  • 101.72.254.91
  • 119.188.174.59
  • 122.188.45.182
  • 60.221.17.73
  • 59.83.212.226
  • 122.188.44.139
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
345
netd
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
2261
app_process64
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
2367
app_process64
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
2470
app_process64
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
345
netd
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2261
app_process64
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
4ea62997adcb1e7e3ba45c6b2984f9c208b2d634aba01ab6bbf0cca76f334252.apk