chamelon

Asked by Michael on 2018-12-15

Search or scan a URL, IP address, domain, or file hash
Sign in
1 / 61
One engine detected this file
SHA-256 76e27c4b09f9c1cbbf0b414719b741d3087fc744f6de9431a282fbd976bd445a
File name mssoJ77AHDuALWGu6G
File size 11.78 MB
Last analysis 2018-03-28 08:17:09 UTC
Detection
Details
Relations
Behavior
Community
VirusTotal Droidy
Detailed report
Network Communication
HTTP Requests
http://api.exc.mob.com:80/errconf
http://api.share.mob.com:80/conn
http://api.share.mob.com:80/snsconf
https://static.yuanbaopu.com/hotcode/fidewd/
http://api.share.mob.com:80/conf4
http://api.share.mob.com:80/data2
http://api.share.mob.com:80/date
http://loc.map.baidu.com/offline_loc
http://loc.map.baidu.com/sdk.php
http://loc.map.baidu.com/statloc
DNS Resolutions
loc.map.baidu.com
180.97.104.187
cdn.polyfill.io
151.101.122.109
dualstack.f3.shared.global.fastly.net
151.101.122.109
api.share.mob.com
newloc.map.n.shifen.com
api.exc.mob.com
static.yuanbaopu.com
IP Traffic
61.174.10.208:80 (TCP)
120.132.176.173:80 (TCP)
151.101.122.109:443 (TCP)
182.254.154.23:443 (TCP)
180.97.104.187:80 (TCP)
File System Actions
Files Opened
/data/data/com.yuanbaopu.ybpmark/shared_prefs/chcp_plugin_config_pref.xml
/data/misc/keychain/pins
/storage/emulated/0/ShareSDK/com.yuanbaopu.ybpmark/cache/com.yuanbaopu.ybpmark/.lock
/storage/emulated/0/baidu/.cuid
/proc/net/if_inet6
/sys/class/net/ip6tnl0/ifindex
/sys/class/net/lo/ifindex
/sys/class/net/sit0/ifindex
/sys/class/net/eth0/ifindex
/storage/emulated/0/ShareSDK/.dk
Files Written
/storage/emulated/0/baidu/tempdata/ls.db
/data/data/com.yuanbaopu.ybpmark/files/ofld/ofl_location.db
/data/data/com.yuanbaopu.ybpmark/files/ofld/ofl_statistics.db
/storage/emulated/0/test.0
/data/data/com.yuanbaopu.ybpmark/files/ofld/ofl.config
/storage/emulated/0/baidu/tempdata/ller.dat
/storage/emulated/0/baidu/tempdata/conlts.dat
/storage/emulated/0/baidu/tempdata/grtcf.dat
Files Deleted
/data/data/com.yuanbaopu.ybpmark/shared_prefs/chcp_plugin_config_pref.xml.bak
/data/data/com.yuanbaopu.ybpmark/shared_prefs/chcp_plugin_config_pref.xml
/data/data/com.yuanbaopu.ybpmark/shared_prefs/share_sdk_1.xml.bak
/data/data/com.yuanbaopu.ybpmark/shared_prefs/share_sdk_1.xml
/storage/emulated/0/test.0
Files Copied
/data/data/com.yuanbaopu.ybpmark/shared_prefs/chcp_plugin_config_pref.xml
/data/data/com.yuanbaopu.ybpmark/shared_prefs/share_sdk_1.xml
Files Dropped
36ac59e578357746f7ab39a543f47e84260ca584534b3bbf3371bc1f4b407fd9
Process And Service Actions
Permissions Checked
android.permission.READ_PHONE_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.GET_TASKS
Shell Commands
su
Services Opened
com.google.android.gms.games.service.GamesIntentService (com.google.android.gms)
com.google.android.gms.people.service.bg.PeopleBackgroundTasks (com.google.android.gms)
Activities Started
com.yuanbaopu.ybpmark.MainActivity (com.yuanbaopu.ybpmark)
Synchronization Mechanisms & Signals
Signals Hooked
android.intent.action.PROXY_CHANGE
android.intent.action.CONFIGURATION_CHANGED
android.intent.action.PHONE_STATE
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.net.wifi.SCAN_RESULTS
Modules Loaded
Runtime Modules
neh
locSDK6a
Invoked Methods
android.os.SystemProperties.addChangeCallback
android.os.SystemProperties.getLong
com.fasterxml.jackson.databind.MapperFeature.values
com.fasterxml.jackson.databind.DeserializationFeature.values
com.fasterxml.jackson.databind.SerializationFeature.values
com.android.org.conscrypt.OpenSSLCipher$Padding.values
com.android.org.conscrypt.OpenSSLCipher$Mode.values
android.net.wifi.SupplicantState.values
android.net.wifi.WifiSsid.createFromAsciiEncoded
com.nordnetab.chcp.main.model.ChcpError.values
Highlighted Actions
Calls Highlighted
android.net.wifi.WifiInfo.getBSSID
android.net.wifi.WifiInfo.getMacAddress
android.net.wifi.WifiInfo.getSSID
android.os.Debug.isDebuggerConnected
android.telephony.TelephonyManager.getCellLocation
android.telephony.TelephonyManager.getDeviceId
android.telephony.TelephonyManager.getNetworkCountryIso
android.telephony.TelephonyManager.getSimOperator
android.telephony.TelephonyManager.getSubscriberId
android.util.Base64.encode
Cryptographical Algorithms Observed
AES
Cryptographical Keys Observed
30212102dicudiab
sdk.sharesdk.sdk
14f0c07c317771a2
Encoding Algorithms Observed
base64
Dataset Actions
System Property Lookups
debug.force_rtl
debug.second-display.pkg
debug.atrace.tags.enableflags
sys.settings_system_version
persist.sys.timezone
persist.sys.ui.hw
debug.layout
sys.settings_secure_version
viewroot.profile_rendering
config.disable_media
Shared Preferences Sets
config_json
config_json
device_time
device_data
device_ext_data
service_time
lastInsertRunEventTime
insertRunEventCount
Content Model Observers
NOT CACHED
Content Model Sets
exception_time
exception_msg
exception_level
exception_md5
exception_time
exception_msg
exception_md5
exception_time
exception_msg
exception_md5
VirusTotal
Contact Us
How It Works
Terms of Service
Privacy Policy
Join Us
Community
Join Community
Vote and Comment
Contributors
Top Users
Latest Comments
Blog
Tools
API Scripts
YARA
Desktop Apps
Browser Extensions
Mobile App
Private Services
Documentation
Get Started
Searching
Reports
API
Use Cases
English (US)

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
2018-12-15
Last reply:
2018-12-15
Manfred Hampl (m-hampl) said : #1

The contents of the message look like the search output for a certain apk file provided by virustotal:
https://www.virustotal.com/#/file/76e27c4b09f9c1cbbf0b414719b741d3087fc744f6de9431a282fbd976bd445a/detection

I cannot see a relationship to a project housed on launchpad.

Can you help with this problem?

Provide an answer of your own, or ask Michael for more information if necessary.

To post a message you must log in.