Malware Analysis Report

2025-08-10 23:54

Sample ID 240517-s94maaeh72
Target 5043537704010b4e7ece10f65cbb315a_JaffaCakes118
SHA256 8d7bbbf3f6892ab2c1cbc453644ee6091ddc1c36eb4fa9fab422d52bf9334e72
Tags
collection discovery evasion execution impact persistence banker
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8d7bbbf3f6892ab2c1cbc453644ee6091ddc1c36eb4fa9fab422d52bf9334e72

Threat Level: Likely malicious

The file 5043537704010b4e7ece10f65cbb315a_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion execution impact persistence banker

Requests cell location

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Checks if the internet connection is available

Requests dangerous framework permissions

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 15:50

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 15:50

Reported

2024-05-17 15:53

Platform

android-x86-arm-20240514-en

Max time kernel

178s

Max time network

188s

Command Line

com.mobiletool.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mobiletool.appstore

chmod 777 /data/user/0/com.mobiletool.appstore/cache

chmod 777 /data/user/0/com.mobiletool.appstore/cache

com.mobiletool.appstore:remote_proxy

chmod 777 /data/user/0/com.mobiletool.appstore/cache

com.mobiletool.appstore:push_service

chmod 777 /data/user/0/com.mobiletool.appstore/cache

com.mobiletool.appstore:channel

chmod 777 /data/user/0/com.mobiletool.appstore/cache

com.mobiletool.appstore:remote_proxy

/system/bin/sh -c getprop ro.board.platform

getprop ro.board.platform

/system/bin/sh -c type su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 awpping.mse.sogou.com udp
US 1.1.1.1:53 get.sogou.com udp
HK 129.226.103.145:80 get.sogou.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 defake.pingback.zhushou.sogou.com udp
US 1.1.1.1:53 mobile.zhushou.sogou.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
HK 129.226.103.145:80 get.sogou.com tcp
HK 129.226.103.145:80 get.sogou.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 124.239.14.248:80 umengjmacs.m.taobao.com tcp
CN 203.107.1.100:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.135:80 tcp
CN 106.11.61.137:80 tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 124.239.14.248:443 umengjmacs.m.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 124.239.14.248:443 umengjmacs.m.taobao.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 124.239.14.248:80 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp

Files

/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

MD5 1232177bea22894953c5ee01b481b1c7
SHA1 fe3b1f6d80c92e0ca54e5b3d4f8eec72c1f9f78f
SHA256 db563de347bd18da1209303aaf2f00833b3c9d72331e2d6553dfb1edbc18e75d
SHA512 ecae9445c2620a8c3115bfb48aa5bc9719d1a1fcde6635e41f381d4164327c183a5fb037455b59b8ab452098dd6b4c2fd682c493dbf544e8c2028ca0e309d69d

/data/data/com.mobiletool.appstore/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.mobiletool.appstore/databases/MessageStore.db-shm

MD5 ba81ade0b4765bce7a1ae0b9633ae6dc
SHA1 0945be36045cd679ee519eb27a0f3d79c423d6d6
SHA256 7260f969127244d12b35b06d96e447e450abf0f7df1f677c6d596894cb47454d
SHA512 a9043d1449af1d6c652f1420d4558a591f79b6330cbd27e7ab063534e480981881a4129f6854d7167cc468ee4bea1aba23516e1e7ccf660bfed33af462cc4065

/data/data/com.mobiletool.appstore/databases/MessageStore.db-wal

MD5 b85afc2caaace09bf05dc617b464b553
SHA1 d0bc3dc6ab6a0d4483bfa4f5d5fbb57071011906
SHA256 aefff27a82e33829c8b6512c1d0c25d1094d9374dca7f539f096d644f69ab556
SHA512 60cb6355ea092d5d263160221b22fd3131a6d69303484c0b3dc726b2723c7a6e3d6514d2e2d09d88d996edbfb7461787fc3b1bced957ebafa13ddbda28b7aef5

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal

MD5 6bef254d264997eb9636aebcf385ee40
SHA1 07ae20011e143c23f5504d67974e44f04b19513a
SHA256 3c3f281dbb8a4ce81d9f739d25966827c77381f39c83878d0b8aa50673ae2cd7
SHA512 7f8d30b08acb3728aed1dc392c1df3b4f99221042fa4dbd619b266a9f70e86629a0bbe6cd878c002f501411624a14b3f1d22d893b04e6254d1e086efc3cac83a

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db

MD5 7f6383011076100b3a0821fd8922812d
SHA1 a9fe73d0c9d0302ec67fe7c6019244a6f7361dec
SHA256 2d82e8326dff0ca3ec53dbfbe961b18b2bb0adf9b8600ba35abfd78a0958d4ab
SHA512 665a87d2f40c413fee62c646ac2f0359a2d33f83d9aae6e7d473d9ec593a910e627245f24dc0b0bf1b53b2862409d4f70d77584c614da3c229851ec2a2840d96

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-wal

MD5 8e6f040aab3e28f672a8e76b425e2b51
SHA1 9abf83294e16f8a7977373bb35423e87cc2d63c8
SHA256 aa580a09fbcb4188411f0bd641d4ecfd3d70be8bfdc073a9ccb3152685e87e82
SHA512 0dc8220521c37b4a859aa7742e175ee549083356874ddd1af8c7c5997439ab285b4ccb0673c2737e74066b43d4434c9abae5e42c68f6c94e617d82866aea0535

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

MD5 2f9f7ae41db886caefdfadd7eeddc26c
SHA1 311c95f93caf1865de4a7a62f3bdbc3589e692fd
SHA256 25a00e67c3de4406a0fb54c30599762ef7a13316642b61c7f53c64ccc78d2b1c
SHA512 8f7942ba3399d1d7e0c9717d6e99d78cf1c48eec07e5c9a992b4a3b9f1cd11195dd386f3f783efe800b57147282a27b0587483e917fbd39f3545d060c502ec01

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-shm

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-wal

MD5 1b7fb327bcf4accf0dd32410bec2d2a0
SHA1 168959b94990f15926681dff1f9a432941e4c8e6
SHA256 6854e05e5d4eb7bb090176f8662324830b9f1eb8c0b18ae16036d92ae321a61e
SHA512 3dcb47ccaec4f05e6073c6f101218eb2fe1df0762fd44323499220c6f6acbffd29c0531a09d29b94a5f58553c24e2b317628ed41282d7ff575b518a0fd50f0de

/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

MD5 703232acabc1435d43f00eebb542db2c
SHA1 3372bb0612c64710d68c92338be1a94f9b410377
SHA256 9b3004a891f8e6c8c3fe01eff6d00091c80eaf0c4e5f85626805d33c2da277cc
SHA512 07f0351453ed92c3a4ee7619798e720c4820ec350e4d61f7fd08f16003b91a2630b6c7425c4488745c1c25892c708dd4717d3f81813e37ee36773b64c89e554d

/data/data/com.mobiletool.appstore/databases/bugly_db_

MD5 4512ff1fd452e9947d0d90b4fc20254f
SHA1 e824073d6ce22ac9305e624f08610a183f6eefef
SHA256 8d12cdb2fbcf814320930151c2c59bbc601e68caebe4c5a4d8634603f3c8a935
SHA512 666c158b43a0a99711cce13bed5147641be5b002e4f0f98abc690d8eb905ab734e663ef16342ab9c28b632f577756adb5efcc65ad56a85de4eac2071413bbe14

/data/data/com.mobiletool.appstore/databases/bugly_db_-wal

MD5 760d1036e80bf98965a2f8c1cbc1d7f0
SHA1 3156c24d04d5c22270c18aca972052963bd14f57
SHA256 08ac0513435425473213afd4c260668041992105ca3daf3b271cf2975d8d15d4
SHA512 205407eb959028cf7c53ff07a548ebfbb221f8f655923cebd6f0b1c616fe8eb22530cd39e7f4df5a4e1153c9bc935e281e4cc9c03b559f7c136268d72cb6a05f

/data/data/com.mobiletool.appstore/databases/pb_db-journal

MD5 e67888f76e4c0d677572b2430f77ed18
SHA1 88b9a546b87ebda5d88c232d75b9ddd22548a808
SHA256 00b593adc7f61ac68624800677a49523282981e4a3b79a72209023e16b391c21
SHA512 fb2d0ba4ba0395d195ac994b8ebd9e6c04ba3794dab1b8a111fe1c7081bd22a530b6880fc184366ecc97c3a56b12b077c9299728b2a3e9d20d90b77812049abd

/data/data/com.mobiletool.appstore/databases/pb_db

MD5 650956f5790780ebe873a98ec3c6208e
SHA1 93d153640b298e9214eca32825ec30b181f9e8ce
SHA256 36b4a521ca7add4a85d3ceffd27777e37c0c0e06c44977492e58657664d59cab
SHA512 9fcc0dd8a702424908286f597c6418516a939038d264c2d31f65dc48fc5b025d7a4c85d85a54dbaf33708b7ccb0c703c2bb0762033a6fcfe7917287c6d307449

/data/data/com.mobiletool.appstore/databases/pb_db-wal

MD5 7fff78db72373cb6da3a6f8168e5ce08
SHA1 b24bab0b83bcb409629bc70150628504b86e4a54
SHA256 9c476a649db7f54cc5f92768ea430dac1dcb92642ce6bab54804fde532c1b30c
SHA512 305d9ec67531a622c779370e9532f38635313debc4aa7a7ec8f44fc0018f52c0d833066c6b3df851596d0486cb1aeb404b481489fa46b9f6db538fe2bd434f19

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 15:50

Reported

2024-05-17 15:53

Platform

android-x64-20240514-en

Max time kernel

173s

Max time network

191s

Command Line

com.mobiletool.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mobiletool.appstore

com.mobiletool.appstore:remote_proxy

com.mobiletool.appstore:push_service

com.mobiletool.appstore:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 awpping.mse.sogou.com udp
US 1.1.1.1:53 get.sogou.com udp
HK 129.226.103.145:80 get.sogou.com tcp
US 1.1.1.1:53 defake.pingback.zhushou.sogou.com udp
US 1.1.1.1:53 mobile.zhushou.sogou.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
HK 129.226.103.145:80 get.sogou.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
HK 129.226.103.145:80 get.sogou.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
DE 8.211.35.113:443 ulogs.umeng.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 config.push.sogou.com udp
CN 203.107.1.97:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.137:80 tcp
CN 106.11.61.135:80 tcp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 36.143.252.48:80 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

MD5 dd08c1049a8ac1a310fe915df4bcca61
SHA1 d7141cf41662ab5d1d64b4adbcfdea0d6cdc3db6
SHA256 17564d947a99fda8e66e5581026d6f4035a5a2761191f84b47ae811b9686ffca
SHA512 b6ffce39b326cd57e598777c667af214f2bd0af8b97066b68b05ba27094cb21963dd0ad6d55cdbf4e3230c5bf86722ddf4f9e3f8912d90b7df7582be04ee1ae3

/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

MD5 96b70217e1b020be6d1b7e0961c71ab4
SHA1 06331c1b5cf94c120fefee1164d018819127228f
SHA256 b15799bbcefdad0d9c738c81910312ebfe0b700ee765191f39919340800aebfe
SHA512 9aba7a593170c9877344a5f7911bb0ddfed26c70274eb9e53ac56a6fbdf189da8a0fcd221cb4e83be9f1bc438d78ca484975187dafb5c76839138720695fa14e

/data/data/com.mobiletool.appstore/databases/downloads_classic.db

MD5 dc45edf9049a9a860a780c564e692bd3
SHA1 f48f2398e837fd70b5a0cbad5717d2bdce8f7407
SHA256 10b12ced315543fdc710187626fbadae00c02e85331ed88d2755036a8d8ea33d
SHA512 c924461778f1caee57c68379a32a6f27ad47f63ac91f1447c3a691e831b092ca7efe2345c2e6633ae45df3247b4ba48e3d6b8660b9fbebe09a16f39e70e8b15c

/data/data/com.mobiletool.appstore/databases/MessageStore.db

MD5 8e282bcf588353c0fcb5c4e8e921d213
SHA1 35ace4a2a26df2138a6e6eb2d0d5c480a2d86276
SHA256 7a817cfbf881d8237821020ea690dbaed2e9f257ff7cccacf385bc8c2413dc07
SHA512 91b958b0ef401421f858e68c3fec030a1b2287320b3d2a1a9cf7cd325852d0b03c6c425cdb20a49d75aef102ac2230caff5f03036fa91847ff16b4d57c60ea20

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

MD5 bc592c54bfd3419b3b0bd04c8502d509
SHA1 6e93d47140258efdf65241deb14ff308a3a452ad
SHA256 a82ea2a052ea37620b38e500e57ca74c7b71c23c37cc2cf7ee53c3b3b16cac73
SHA512 8bb4fe81b359de83f5c35c472ab6a8f9616a744df2961182f155882e890e52839fd698356caa93640936a517210f0d6d16e89c12b9a706a9fbd628aae26c0db5

/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

MD5 59e1f19f8dff1e70191e59d7a732b4e9
SHA1 a7f06356c1e05322f50e0688d66386aaf82cc7f5
SHA256 40413465fb17139deba347745fa0f4860b9b76bd8d5c0f9f9a60c9dbe3d0eb81
SHA512 9e5b799fc89555cbe6f4fb1ac22ca3098955da5bd70ed27ec3d582b0b3b502143c172e9deca35e154be048ce7286eaa01d0419a171a1c08af70f4f4071a25daf

/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

MD5 c3bd72523358da599f393d1836b5d985
SHA1 e603dc633dd4febb46a66e963661cbdb2d9bc4ba
SHA256 6d94d7e23114383742e988adc47607dbcf3de25e546240453235e341d6351108
SHA512 5162756098529364e2afc5657cea048ce96d91f2f81e7d4281820628c1207a77fb8a1a5a9ba6323ecb1a15e8244d13c6562f52c7faaab4352a657c2b3fc7bf85

/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

MD5 e5f51f1e53752dde0203fe77de61d258
SHA1 25b6629487c199eb612181ba96fa2849b968e60f
SHA256 a640cb294be35c18f5520a77ec2db9c2f76c0427f35eaa4106d9d76aba463a43
SHA512 d4b7e6a3c18cb9dbb7f3a5e40885d4ab958eebc4e27794c48cdbc54a783444dadcbc397365784e308ee2541185438a80696ab7093b22a9c6e2719b790eced028

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal

MD5 a29d1f44b2ac43e6bb77c512818ef190
SHA1 dcb98c330d571226061463b123fd07964dba5e16
SHA256 7c59dd6c374c91a700096b4cc06926f86506c301051765005de475ea8133b5bb
SHA512 c9f4af8ec881e65aef95330e3799594a1b13d1a2604e94217edf3ece1d97deb6d71a6763afd154bda36d5fa8676ea38ba92606fe40bddade6f85ae58ef18f742

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db

MD5 ddbb1009d18ffac135ff10b8065169fe
SHA1 aaafce41cbe84945cc912afe75e6fc82389c2ef5
SHA256 45eceae33f191bc284ab8822fa76b156fab03610de4106e4d067c903bbf080b9
SHA512 78822e97f68c04b6f3c7f915ebbbe8cba843e11ddf36872a0e0ec0ba47f0c3a58444469df0649750b9b5fb252aad0048ce4948cce7c7eb96d27203565a84debd

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal

MD5 d973d6197e90e4952353317d0be6ce8d
SHA1 957fe28aab83e3431038e86fe767ef2b8901543a
SHA256 cc10b2cfbe0a4827a2b705e877a55b93ed9bb58002cb4ae228a8e8ae470bad31
SHA512 2b070b16ec6827ac9d3b8c28444f37f5ed2cd4fe3a3b2c3fbcdc976b3e8bf16e91d0d404832f2461384ffc5ab7331a62165571489b3996262face3702e790ab1

/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal

MD5 50f3d63f4b9241e212be8ec20bf3e374
SHA1 10353f506f0aa9dfab398275482eb42da167232a
SHA256 be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653
SHA512 dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

MD5 a34e276a77b93e00cdc54b603de4e734
SHA1 62bd7e4f4fba1d9ffa61aecc03a696534dc0a1e9
SHA256 3637fbb764cb55139cddcf9f1d0a0d19bb47e14b6b7d08792544a9b99c3597fa
SHA512 5ed225a4a8e749861e7d7611aec79db4cb38f3a7ce8576428ff50e58f610afb440338c6d5fbb417d0fa936c62bf68b4ec5ef250ee17cf6310a3fc4ed623171b3

/data/data/com.mobiletool.appstore/databases/bugly_db_

MD5 402a847b1424357a316c5bb6b9d7d735
SHA1 2bd36464145d167309e05cd0e598ce9dfc05b7dd
SHA256 7958eca5a6410e6b18bdf9537c7951b5a49f2ef5eb5ba10ea0fdb13a950d9d60
SHA512 ad921b8b1203c648fb46ef232409789cec0da3eea78f5e1ed3fc502338c4036db985cb375589f4a5fcabc0eab8a5810d87656f29a2bdb08e27b8ef54e86c5ad3

/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

MD5 d6d9cfa138c9026ea2b8fb3d28c012e6
SHA1 e24bd1ce981429feea395987fdfcdd48f744d14e
SHA256 2a03d783a1b50313f6b6bd27730c1ef3209ad3201a4e2314d009c6d334eb9f5d
SHA512 f5b01405aff22a0d67b22be5f3248a25f523ad2df217803856cf8ae88a5a51a30d817814488e61c009799576198a747a8b63eb32b563a0d2bb0c95f56153acc9

/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

MD5 cd463e4c0134bdf9901518252b0499a1
SHA1 f79d6d54702b57c5cf9b7ffa1a7630510d48bafc
SHA256 d359a57e235fa8bf90a73a975b32e47538c885fe44e57e21aec6996e281375d1
SHA512 1547e6919ca38a0287f732cf82147b01aeed39e1d5d6d67b98dc1241b3e2f67f8c626a78c3950c4ef5deab4b3867f604df1f338452fef05b54ab059d3fb6bcab

/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

MD5 fe8724f18fa96009a98094ce49760fd9
SHA1 32c9a7ad62160bc4441e8443303af846edfdb1f6
SHA256 f0a2a4bc17008e96d60c58fc78d6ba2168cb7051f40dfc86ae505fe3effca2d4
SHA512 f61b51c60a38ec5ebd4681fdc231affe5c23262446f103cfac920aa9f3c0bcc83148d2dd0d04f55544a65ac761732c9b9a3017be23eb434d02897de2ba2350d1

/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

MD5 5abffcbad48696ff18e2596a856ac561
SHA1 b17da341d3aa370c67d148467400d9eb3b5ac98f
SHA256 5da5d3977f518a0893166bb275ba05fa7b3990a131196312b49c8ed89459f6ef
SHA512 b95ef3435fe8bba10526cb70212bae5c5fa7b3c53d98aa94974366df0c724c56c867c5e699b78c4b3b43909d67145031fcc19ab0a54bb1773633f369718edbe3

/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

MD5 88040b0f5ec33e5e1a2928cdd828caa5
SHA1 ac48f5901925989e40eb0cbe522756ef0f88bb79
SHA256 2bbc76308b3d0a0aad01bb8bb6642dca3cf1af239c2f6b64c059eea50d95f3a7
SHA512 65294c66c73db67948a037a0b1d77408249498057866ea40f6e565ad7ceb78c1fa00736e31f176b9826d5236203b4769bdeb48d64071ad25b62457f7e27b7fa8

/data/data/com.mobiletool.appstore/databases/account.db-journal

MD5 87530932474c1e9714d4dbc8daa2f879
SHA1 7e5039f118ebe93b89dd4386678c2384d1fd9f04
SHA256 fb9ad7e9129106c538b94ffb6ad6e837289dbe6a3481578c159c41178943469b
SHA512 cac0f9fe5f9082645dc4a220218b68c51944f214cabd1bcf72cf00e7d4d080e14963bfba921b5430b81220cde2aa44d43d3074edbd8bedc1076bd9ebf80ed1b7

/data/data/com.mobiletool.appstore/databases/account.db

MD5 b2aec2a775854360f68b021ce413f83a
SHA1 79a0abbf123e70ad97d516cbcaae1db9a56f5f7a
SHA256 e9210840283cc5362216e5b8f0c07b44bfc403173969142e4e9c0089feab340c
SHA512 22c4efd2119511d8887e4063c9b28d8dcce5392b170eafb760e3f56d5492659d4df7551077aaf541528e7ad7d455c5e889bb8f883a8782000926fcbebae0737e

/data/data/com.mobiletool.appstore/databases/account.db-journal

MD5 4bacdea38f6d349e99b3287fe0203c13
SHA1 679db764194e4e1d3486764b39ff2391d16e69b8
SHA256 d5dec3c95d5e5e3e6452fcff3acd83ce937c7ae6e537e11398bc576247a7614d
SHA512 1ac0731069469ae0674b30ee0ab6e0ecb52c9f695e6fb396573e1f0cc34644974c8b221ecdb38fd5272883d83a7b5901efd4f44370d5f981c8b94c9f03ad64a0

/data/data/com.mobiletool.appstore/databases/account.db-journal

MD5 e798d65c668c6e7d72d8db182484f47d
SHA1 9b1b38359c4bd22f9e8b495392cd3cdc9130ba68
SHA256 e7a9d7da672c6caaaa051fbef7c9e7427ef7531ea0d96b9f3858553e7ad4e106
SHA512 460aadd1d07ad362b6172128f9af0f2a7d3c7019a633d698840c51291c9bd06d472cdce5d14f59a6165b3eac368ab07cd2691b18c9411588d2f7ce79aa51f576

/data/data/com.mobiletool.appstore/databases/pb_db-journal

MD5 0f331c929522d024d9570bc42d4e2083
SHA1 33e9f150657d8c2b0e5dca58c4b1882429dd2d88
SHA256 1dab6d763cd39ad7d3400dabcb5a69a990ce104afb2cf1cce5d99fd8d9b6c336
SHA512 3d564dd91cc08a2598728012f5942344d3a61278ba7af88815e3a1cdc755385b950325950bb2f7bf14943f64c233308895d19c7c51f740956a2acdf34da70a4e

/data/data/com.mobiletool.appstore/databases/pb_db

MD5 09f820c93e859ec750d3d98dea6c5919
SHA1 7f2351d858576faeece6790ca662c8d8e074c25d
SHA256 24a937e220e4145ca69aa28e9f714f0b6c6c7e760a871fde091d0eb803ef2fd5
SHA512 dd339cfabe04133224458d246a210da9745ce7f86d664bd3360741647b8a8a392270404a21201b6ba0412e505d5b6f12e56964ba299647dafdf1cf2aa18216a8

/data/data/com.mobiletool.appstore/databases/pb_db-journal

MD5 4a3b099d4fa2432c0d66ae90d11be940
SHA1 6292b55f4ce3e71aee6e4b828bddd7efea91b827
SHA256 670d1c29780d291d1bda344a7e0f4fbb8ac46228a62ab7672f3ee91d6042b83b
SHA512 6385fbba253631b02f14b0df5490888e1d5c615f39a4e89559751de12a820b182ea09d0aa6522816cd87c592e6f85af4fbcac923c7085a49f97199ff96a0f8b6

/data/data/com.mobiletool.appstore/databases/pb_db-journal

MD5 269bb2e2ae64b7978eb03cd0196d25f2
SHA1 a57d77a2a0f1d418a8a2149d4a451702a030c309
SHA256 89bac577a034ff046484637029fc15427d6c9f8160d929f4a50af72f0fe92831
SHA512 57268b343f387239eb3d5362f23dd181ef43799776abcc41b45b1b917171c437f20de2476d3df982f14f3e64e44dc27656a1e29b90fa7b0b8a14aa2045a9c3f2