Report - files.vmos.cn/vmospro/plugin/android71xposed_plugin-64bit.zip

Report Overview

Submitted URL
files.vmos.cn/vmospro/plugin/android71xposed_plugin-64bit.zip
IP
119.36.90.148
ASN
#4837 CHINA UNICOM China169 Backbone
Submitted
2024-04-18 13:23:14
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
files.vmos.cn	unknown	2015-06-24	2019-10-09	2024-04-17	515 B	10 MB	123.6.72.214

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
files.vmos.cn/vmospro/plugin/android71xposed_plugin-64bit.zip
IP
123.6.72.214
ASN
#4837 CHINA UNICOM China169 Backbone

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
10 MB (10186515 bytes)
Hash
7c17dd64dd483f913abefcba1f04e1b3
a91ff7b3ac58def288f72d12982b5be45ce7a561
f080ebb800af7d83657e018baee8b36d003acd46b47dc48fa77a9dedf5d703e5

Archive (21)

Filename

Md5

File type

repo_cache.db

3b2087045cb7c1d2deb054df41ecc323

SQLite 3.x database, user version 4, last written using SQLite version 3009002, file counter 4, database pages 11, cookie 0x6, schema 4, largest root page 11, UTF-8, version-valid-for 4

de.robv.android.xposed.installer_preferences.xml

ab754f9a1fc14c2d3f2e88fca539c4c9

XML 1.0 document, ASCII text

download_cache.xml

353322d15e4b6b8b12aec6727fa84762

XML 1.0 document, ASCII text

repo.xml

eb040f0743669ee424a67d2fd18dc5ba

XML 1.0 document, ASCII text

XposedInstaller_3.1.5.apk

315362d994986e6584203fca282f4472

Android package (APK), with AndroidManifest.xml Zip archive data, at least v0.0 to extract, compression method=deflate

app_process32

25d5b0386790b242a88459b1d4e3d21c

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

app_process64

5686c326d48cf2ef6b3469104ee7aa18

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

dex2oat

199447c2da61cb6492bd60b2b1f121f8

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

oatdump

85a2393fbcc3630638a4b18dff98ee54

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

patchoat

6e8b6c517fb0e5c3b53c4ffbfdd1e17f

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

XposedBridge.jar

956145163b20889a7d895020f197e813

Android package (APK), with AndroidManifest.xml Zip archive data, at least v2.0 to extract, compression method=deflate

libart-compiler.so

dbd0b05ef6fad2ceb18ee5fe0702a490

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

libart.so

3e73466c8ec2627bbfa2a51e7efa28e5

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

libsigchain.so

74badce0fa8ea983b7caea1540374027

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

libxposed_art.so

acc20081247461da88be446a5a8f2d40

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

libart-compiler.so

b1fd4f29eb6d0e9d657717a5cb19d6b0

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libart-disassembler.so

46a29d91f6acc7099849b47d831a359c

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libart.so

aa7e6e80dcca405a23d335a973e02ff1

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libsigchain.so

393a59b185ec14a0c79a3eb185073c50

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

libxposed_art.so

fb7e23e3b5aa6ff09a2563c56b560aeb

ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)

xposed.prop

3c59f229469f69e5c30f3159282b0bae

ASCII text

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/62

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

files.vmos.cn/vmospro/plugin/android71xposed_plugin-64bit.zip

123.6.72.214

200 OK

10 MB

URL User Request GET HTTP/2
files.vmos.cn/vmospro/plugin/android71xposed_plugin-64bit.zip
IP
123.6.72.214:443
ASN
#4837 CHINA UNICOM China169 Backbone

Certificate
IssuerDigiCert Inc
Subject*.vmos.cn
Fingerprint82:E1:A6:AB:A2:D0:CB:F6:60:DE:8D:9D:4D:0C:21:1A:0F:84:06:FF
ValidityWed, 01 Nov 2023 00:00:00 GMT - Fri, 01 Nov 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
10 MB (10186515 bytes)
Hash
7c17dd64dd483f913abefcba1f04e1b3
a91ff7b3ac58def288f72d12982b5be45ce7a561
f080ebb800af7d83657e018baee8b36d003acd46b47dc48fa77a9dedf5d703e5

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/62

HTTP Headers

GET /vmospro/plugin/android71xposed_plugin-64bit.zip HTTP/1.1
Host: files.vmos.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Byte-nginx
content-type: application/zip
content-length: 10186515
accept-ranges: bytes
age: 3674417
etag: "5f041183-9b6f13"
last-modified: Tue, 07 Jul 2020 06:09:07 GMT
x-bdcdn-cache-status: TCP_HIT
x-request-id: 7b98beef26e55f60716710dda07a04bf
x-request-ip: 91.90.42.154
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
x-tt-trace-tag: id=5
date: Thu, 18 Apr 2024 13:22:46 GMT
via: cache19.zzcu
X-Firefox-Spdy: h2