[DETECTION] Unknown Chinese Packer/Protector/Obfuscator

[apkunpacker]

Sample First :

BHAU_GFX.apk.zip

$ apkid BHAU_GFX.apk.zip
[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io
[*] BHAU_GFX.apk.zip!classes.dex
 |-> compiler : dexlib 2.x
[*] BHAU_GFX.apk.zip!classes2.dex
 |-> anti_vm : Build.BOARD check, Build.FINGERPRINT check, Build.HARDWARE check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, Build.TAGS check, SIM operator check, emulator file check, network operator name check, possible Build.SERIAL check, possible ro.secure check, ro.kernel.qemu check, ro.product.device check, subscriber ID check
 |-> compiler : dexlib 2.x 

xapk detection:

Additional Info : Chinese tool detect it as "珊瑚灵御" which translatesd to "Coral Lingyu"

Sample Second : Coral_Paper_Royal.apk.zip

$ apkid 'Coral_Paper_Royal.apk.zip'
[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io
[*] Coral_Paper_Royal.apk.zip!assets/Paper.jar
  |-> compiler : dexlib 2.x
[*] Coral_Paper_Royal.apk.zip!assets/arm!assets/Paper.jar
  |-> compiler : dexlib 2.x                                
 [*] Coral_Paper_Royal.apk.zip!assets/arm!classes.dex        
  |-> compiler : dexlib 2.x                                 
[*] Coral_Paper_Royal.apk.zip!classes.dex                  
  |-> compiler : dexlib 2.x                                 
[*] Coral_Paper_Royal.apk.zip!classes2.dex                  
  |-> compiler : dexlib 2.x
[*] Coral_Paper_Royal.apk.zip!classes3.dex
 |-> anti_vm : possible Build.SERIAL check
 |-> compiler : dexlib 2.x

Additional Info : This seems packer/protector itself ( not sure ) but packer/protection used in both sample is same

[enovella]

Have you reversed it a bit to tell us some unique features to fingerprint this packer?