Report - 9az1.197784.com/xmxj

Report Overview

Submitted URL
9az1.197784.com/xmxj_v1.0.0.apk
IP
163.171.134.108
ASN
#54994 ML-1432-54994
Submitted
2024-05-04 08:31:36
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.cn	37572	2006-01-24	2020-03-20	2024-05-03	328 B	972 B	47.246.3.238
9az1.197784.com	unknown	2015-11-04	2022-06-07	2024-02-16	401 B	1.4 MB	163.171.134.108

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
9az1.197784.com/xmxj_v1.0.0.apk
IP
163.171.134.108
ASN
#54994 ML-1432-54994

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.4 MB (1405609 bytes)
Hash
4df0110dbc0e6be6476dcec623d42bd9
9703a5b9fb8c557f7849133dff638cc29219fdc8
55aab7fc29bf622b280db5f011949bd79c004c339275dc7b16a3ad414490465a

Archive (75)

Filename

Md5

File type

MANIFEST.MF

0858acd6991e3ff4f6fa9ecf6b9ac3bc

JAR Manifest, ASCII text, with CRLF line terminators

GWQQO.SF

af76b0057698227b633a85c25c59c53e

JAR Signature File, ASCII text, with CRLF line terminators

GWQQO.RSA

07643041bf90fe1ce420767739e899e2

DER Encoded PKCS#7 Signed Data

AndroidManifest.xml

8f403e0d18a19ec07fc06d0f6624974a

Android binary XML

.appkey

cbcbf715127cead2ef7a28697438f245

ASCII text, with no line terminators

libjiagu.so

f5cb39f8d632053287239794d4418494

ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV)

libjiagu_ls.so

d94076eab0748e2e06591265b4e84926

data

libjiagu_x86.so

374db0863d780b5f54aa59101e184de0

ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV)

classes.dex

22e4ad2ee7a69cf9feae074cfd469bc7

Dalvik dex file version 035

libjiagu_art.so

d41d8cd98f00b204e9800998ecf8427e

libjiagu_art.so

d41d8cd98f00b204e9800998ecf8427e

delaydisappear.xml

0deca48b6ccca2e14925747fe4b258ad

Android binary XML

disappear.xml

f544e211fcf4c2ddbc7fde1e751e91e5

Android binary XML

disappearout.xml

a5db4fcbe524184369827c6474fbc91e

Android binary XML

grow_from_bottom.xml

5235bb46c1a14eec2e015f4c5701dfc3

Android binary XML

grow_from_bottomleft_to_topright.xml

044a8035f6549f037d98f80c0d6567c8

Android binary XML

grow_from_bottomright_to_topleft.xml

04eafaf6cce865c88acbb58b42b1566e

Android binary XML

grow_from_top.xml

f5372190182f3db5c3fa981b7e272df8

Android binary XML

grow_from_topleft_to_bottomright.xml

f21256b8d8b9365eb4bcd0ca18e4e58a

Android binary XML

grow_from_topright_to_bottomleft.xml

c091774d78c70247721836143c5692da

Android binary XML

pump_bottom.xml

e0b278bba9ae22ccef923e50f9ce5b52

Android binary XML

pump_top.xml

c58d0dfe78a7302e1b4abd35d8111461

Android binary XML

rail.xml

5270869cceda7dc960472eae0aecacd4

Android binary XML

shrink_from_bottom.xml

dea0dafadc87004528058faf867abf57

Android binary XML

shrink_from_bottomleft_to_topright.xml

ee195151a8ab10a13643de64ec5b8dac

Android binary XML

shrink_from_bottomright_to_topleft.xml

c273145a78eea5c26ba020b3e9292395

Android binary XML

shrink_from_top.xml

70aa7f024201e797d842a52741d23277

Android binary XML

shrink_from_topleft_to_bottomright.xml

9da0ffaf189c8570a5b85aaaf37ab8a3

Android binary XML

shrink_from_topright_to_bottomleft.xml

f97dcb68c54f1cedc35d17aaf74c4250

Android binary XML

btn_mode_switch_knob_normal.png

4d7f538c44148c40ab5515586157db72

PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced

btn_mode_switch_knob_pressed.png

4ed6d27fbe383fc3171e3cc415ef4069

PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced

btn_shutter_normal.png

e2ad3caf765417777eb47c158fdf12db

PNG image data, 105 x 105, 8-bit/color RGBA, non-interlaced

ic_exposure.png

146c4836b86bb9b2e1180ee8155e278c

PNG image data, 42 x 42, 8-bit colormap, non-interlaced

ic_face_detect_off.png

7791e40379382d6bfd02795336f57011

PNG image data, 42 x 42, 8-bit gray+alpha, non-interlaced

ic_face_detect_on.png

a80d2d29a431f8697ca271693d4ef4b1

PNG image data, 42 x 42, 8-bit colormap, non-interlaced

ic_viewfinder_flash_off.png

de092326b7d3bc105a06428afdc32aee

PNG image data, 42 x 42, 8-bit colormap, non-interlaced

ic_viewfinder_flash_on.png

e19767579f90d7c145fe26e71d53b13b

PNG image data, 42 x 42, 8-bit colormap, non-interlaced

ic_viewfinder_focus.png

8f9cfe74b1185d6e8c47c1f2aa583849

PNG image data, 42 x 42, 8-bit colormap, non-interlaced

ic_viewfinder_sound.png

dff0dcdb40299cc0d44ac9e127923c28

PNG image data, 42 x 42, 8-bit gray+alpha, non-interlaced

ic_viewfinder_sound_off.png

3a7c539a297b8bf1a8f23cd1cc718473

PNG image data, 42 x 42, 8-bit gray+alpha, non-interlaced

ic_viewfinder_zoom.png

37e015dff6e63d29de0b2c8030c445c8

PNG image data, 42 x 42, 8-bit colormap, non-interlaced

largeicon.png

3e5f735bd5a1d31d388cb1403f7ed7a5

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

settings.png

f8291e13081d628e0559f29ae58d36db

PNG image data, 72 x 72, 8-bit gray+alpha, non-interlaced

smallicon.png

8f15f61de181288b858650e539fd3bd6

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

settings.png

a2a065f21f28da2e865acfa5ec012ff9

PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced

settings.png

3d6b65e2d56f105f8fa0e4a047511048

PNG image data, 36 x 36, 8-bit colormap, non-interlaced

action_item_btn.xml

d0436e337899b76788dccd863087c326

Android binary XML

action_item_selected.9.png

c9d514ca4c18b9f147b7aea548cad219

PNG image data, 18 x 40, 8-bit/color RGBA, non-interlaced

arrleft.png

03b6a0a0bc7e67563439715bd2c406a4

PNG image data, 32 x 32, 8-bit colormap, non-interlaced

arrow_down.png

0f0bec56c5c455fdf4d798e89c251202

PNG image data, 41 x 19, 8-bit colormap, non-interlaced

arrow_up.png

5b4f153fa45b1cb62c127f4aac1c4e44

PNG image data, 41 x 19, 8-bit colormap, non-interlaced

arrright.png

3a61a7ccf0585ad7a7524308ad5fb674

PNG image data, 32 x 32, 8-bit colormap, non-interlaced

btn_mode_switch_knob.xml

7a808d1717078d627b8db8843e830e5b

Android binary XML

focus_focusing.9.png

f7d0f4ab1457c0785433c662c6cd82cf

PNG image data, 156 x 156, 8-bit/color RGBA, non-interlaced

icon.png

883e4d0f24869cf7b96436bdd494205f

PNG image data, 512 x 512, 8-bit gray+alpha, non-interlaced

popup.9.png

e3eca3e8285f78c8220253723691f51c

PNG image data, 21 x 26, 8-bit/color RGBA, non-interlaced

roundcornershape.xml

5630238a746d43bfb9bedb9c960a1184

Android binary XML

roundcornershape2.xml

958845860e4a8ae6bfd96acd9d6f60e4

Android binary XML

screenshot6.png

1011944afa8522934da583794caa1add

PNG image data, 551 x 466, 8-bit/color RGB, non-interlaced

action_exposurebar_item.xml

99a58b7059d612655fefd7d8605b80a6

Android binary XML

action_item.xml

65c5619b2c997fa98f8a57542e6b8e68

Android binary XML

action_seekbar_item.xml

8ac1c2edb994498c238d27b4e3a17127

Android binary XML

burstrow.xml

4f307384666770660e2c72b60299cd9a

Android binary XML

facedetect.xml

8fabefc8ea6a8a058894a5c47080e57c

Android binary XML

goodbye.xml

a5aed8e95116580613ed679edccd8c2c

Android binary XML

main.xml

1c20decfd9b52040a5ccb23e707818e1

Android binary XML

main_vert.xml

2bc51656dbf60d2d59e543f636c56215

Android binary XML

popup.xml

b9e79f8b3e5b00ddf25ffc5a534ee40e

Android binary XML

viewimage.xml

7fdd05038c71cf297a2233da39a5e786

Android binary XML

menu.xml

4d9f07d636ff548a3b8a0bebf354b4a5

Android binary XML

menulite.xml

3fd79711091ee693fadebbb38fc84e46

Android binary XML

fastshutter.wav

d7017b0a44daedce4608fbc68ffec0a8

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

fastshutter2.ogg

9d17107fd3025f2b3cbfc4d78e424f57

Ogg data, Vorbis audio, stereo, 44100 Hz, ~160000 bps, created by: Xiph.Org libVorbis I (1.3.1)

preferences.xml

9e21e87722a14caebf8675e330d28a46

Android binary XML

resources.arsc

2557d27180c27f2519e8deb0c454c34a

Android package resource table (ARSC), 76 string(s), utf8

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	malicious	VirusTotal - Scan result 17/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.digicert.cn/

47.246.3.238

471 B

URL
ocsp.digicert.cn/
IP
47.246.3.238:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
8bc94e87e539e4bcfc7a168d20df2dfc
b0bd2cac950431f24c1bd8aa43b645183f3d6fa6
1030693a52fdc5ebf2613750ec2aedef5beab35344c70fa4427ac00c6a2175a6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 08:31:11 GMT
Ali-Swift-Global-Savetime: 1714811471
Via: cache36.l2fr1[648,648,200-0,M], cache36.l2fr1[649,0], cache10.ru4[705,705,200-0,M], cache10.ru4[706,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 May 2024 08:31:11 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6039e17148114706391252e

9az1.197784.com/xmxj_v1.0.0.apk

163.171.134.108

200 OK

1.4 MB

URL User Request GET HTTP/1.1
9az1.197784.com/xmxj_v1.0.0.apk
IP
163.171.134.108:80
ASN
#54994 ML-1432-54994

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.4 MB (1405609 bytes)
Hash
4df0110dbc0e6be6476dcec623d42bd9
9703a5b9fb8c557f7849133dff638cc29219fdc8
55aab7fc29bf622b280db5f011949bd79c004c339275dc7b16a3ad414490465a

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 17/63

HTTP Headers

GET /xmxj_v1.0.0.apk HTTP/1.1
Host: 9az1.197784.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 May 2024 08:31:11 GMT
Content-Type: application/vnd.android.package-archive
Content-Length: 1405609
Connection: keep-alive
Server: nginx
Last-Modified: Wed, 21 Jun 2017 10:03:18 GMT
ETag: "594a4466-1572a9"
Accept-Ranges: bytes
Age: 852222
x-via: 1.1 PSzjnbsxmw53:1 (Cdn Cache Server V2.0), 1.1 PSrdsdgemSTO1ab82:2 (Cdn Cache Server V2.0)
x-ws-request-id: 6635f24f_PSrdsdgemSTO1ab82_1590-47700

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (75)

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers