Malware Analysis Report

2025-08-10 23:58

Sample ID 240518-jqxvysae33
Target 53b1e66a9d2bcd4e0bafc461874191a8_JaffaCakes118
SHA256 ba31e250bd49158eadbbab08f5ee16049706fee59c152340b03b09f9e46bd70b
Tags
discovery evasion impact persistence banker
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ba31e250bd49158eadbbab08f5ee16049706fee59c152340b03b09f9e46bd70b

Threat Level: Likely malicious

The file 53b1e66a9d2bcd4e0bafc461874191a8_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence banker

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about running processes on the device

Checks memory information

Queries information about the current Wi-Fi connection

Checks known Qemu pipes.

Checks known Qemu files.

Declares services with permission to bind to the system

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 07:53

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by remote views services to bind with the system. Allows apps to share and display views across different processes. android.permission.BIND_REMOTEVIEWS N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 07:52

Reported

2024-05-18 07:56

Platform

android-x86-arm-20240514-en

Max time kernel

175s

Max time network

188s

Command Line

com.everhomes.android.bilinshe

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/socket/qemud N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.everhomes.android.bilinshe

com.everhomes.android.bilinshe:pushservice

/system/bin/sh -c getprop

getprop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 core.zuolin.com udp
CN 139.159.160.161:443 core.zuolin.com tcp
CN 139.159.160.161:443 core.zuolin.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
GB 142.250.187.206:443 tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 139.159.160.161:443 core.zuolin.com tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp

Files

/data/data/com.everhomes.android.bilinshe/files/libcuid.so

MD5 f8732a4232ff1eb1e64b061ca82a3f61
SHA1 f2d4b88e99049f45b648ca54b480bc9b7b4814c5
SHA256 2e5a96b155850b86f972f5ce17c0ad39fb5a535aa1865df2a375bc73d3575791
SHA512 154b2fd62be6977f75b59f2955c11d1b61cfd73b8ad82a378bce7cf749fd32d43ad822dfbcacde40593d1ee2fe62a556669114b06fe65fb3dcaa43fe02c04bac

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 966f3734117529dc559c3173af20399a
SHA1 708da86aa139864b6d7e820edcd97a2a4ec47ae1
SHA256 889050c70b046f79baf28e0849c8994f0e64feec040019827a3269b17835658f
SHA512 b467ff408089e758995eb06368ba8dda257a7577679cb92b13b111f2ff4a6c987d91a4388f6f0c75bce041afdb8a8d3c760528c5da5b3792edc2266c148dfee2

/data/data/com.everhomes.android.bilinshe/app_crashrecord/1004

MD5 533cc5190c591d25c3243a8c692e8f63
SHA1 2074124cd8dee4e57f30eaec4b15a5a2ae08d9f8
SHA256 94141e1b887dd8d60dd50ac0c0988abbde1f6134ff6fc8353e2502bb15c823ca
SHA512 217fe25c74c3ba08c7eaa473fe60b50f3e68e7e3e004d3069eeab756771f57c3b00d559b927ce9b557e74f555b5064dec5bc8b93c45ac2d06c09d9f96076c6bc

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 c93d41a45db73b396d974a84285b1d43
SHA1 397e0ee05531eaa71a2a27871523891027131650
SHA256 f07da4b54a7532eac3e11acca8b5e42b52d7af3d0d2b6a50e2036f001c03676d
SHA512 0b0ea5f2f565e7f1c64930cfbdb361ee200a74308b0d3ef5af4648e6c74b7ea5c7fcee42ffa38c08b16a93648378465e23467d5732690cddf4ac44c7546ab3a1

/data/data/com.everhomes.android.bilinshe/app_crashrecord/1004

MD5 b4054e26311706eb7157887dd0440b21
SHA1 da7e7f747d8f84cdc3496ea22dccab40b6920e88
SHA256 04ccd299a46b224c93915b774280ed4c89c121036e7f3c348d94a2a8f50625d1
SHA512 44b41d87ed3f03f1ade10db7a78b26b24ef761675a18fcfb06fa573c66f932b31ebd66e72c31d413e3216b7db1d1c5f2a0ad9cd79e72c9b13ddd8816c9e076e4

/storage/emulated/0/Android/data/com.everhomes.android.bilinshe/files/tbslog/tbslog.txt

MD5 d67ee96c768b21f4e9f8439d35445e4f
SHA1 fb06dbc9ac5e2374ae20f4919efedf3c6fc7d036
SHA256 9b7a5fad2bcfe567f9e4dbc743a62b264166f54fe4a7ef22bc0ae938cd81e9df
SHA512 ee430adb4fe0319a0cb0f1e0db7baea8396ffc156e6f0c089b70b8f5f499fd0a380d7e023a1e2954337b46dfdd6b338c7673454db50a586518c67f0cecca8a5c

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 56de9b406406ca205eec7ca40c5295b0
SHA1 262cc604e7724cd33fbc7493f383dc3d3e28f607
SHA256 7bb40a4f125803696159492b3ea538a11b9ffdd69a83173fd2372158b9caa3ac
SHA512 79e882df01db51e3fac47e8ffc2fe417e8214bd59c90543ce6c88ae89f7ed685e43543797aa01aad1103389d19ef6e8e683df1bbfdb32d657675c64aa81df4e2

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 6249451cee13439c4d5830c3e2a8e7d5
SHA1 b72e33ee094410f45580baee9d9c0bb36a46d556
SHA256 49c32c52e67ba96d5aede007afd36bc33b2d60c4b20be0ab8d5ed24a88ea8600
SHA512 a218e4f8cbfe3a7feaaf7f967ce95c590e99d187c41f16fbc427bc568e08a3e0f336f57464f7bdc5902e4f77e0b3aa8da466e34ee701528ed5c1d993ce12f9ee

/data/data/com.everhomes.android.bilinshe/app_crashrecord/1004

MD5 0f6c5510b1f284c9d5447794b36f506d
SHA1 682772433e02012ebfa66661d1b1e042169930c0
SHA256 b9102f341dc7b8b61d677377cd19b987ba70b12ae87ee3b074e77afa837311e3
SHA512 471135fb2de081e3be94c77bc7720f250456859bd2a9b6c7f756dc28f9c2369d8f8daaf196cbc42bc47bdf1a3b4d8df2d9f7a2e6629d7ac0c471c626a8b03ab0

/data/data/com.everhomes.android.bilinshe/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/storage/emulated/0/Android/data/com.everhomes.android.bilinshe/files/tbslog/tbslog.txt

MD5 286e9619c2976d0f8f51af94aba39ab3
SHA1 12b4cd0556e6399d8197d8cebd421249cfecd3f7
SHA256 7ad463b8091d2685ba7f55a259c100a38e2107c537b8720dd28e9e99c90835cd
SHA512 071b407dc26ff2f5fc53d48107bcfabd366bf008de4a71f6163dc7a63fd3cfcc68f42d4e4cd64824a7451f76ae2f59cf211a9939357cb682ed221feedd13655c

/data/data/com.everhomes.android.bilinshe/files/init_c1.pid

MD5 57e91431976cbef76bd2f7cb864f1c4d
SHA1 9a52a4feb6c09bbf2aca1ffb5d0baaf6972c9f8a
SHA256 be5a3d38641cf7456b68525b195fbef293b008a14e75f0bd03cb1d4bd710cb07
SHA512 f5c06e48ebe3548c1bb42764d69f9bdbb51dfc49f614a7f6024916f7b4ed7f694954d4dbbf9dff020a2394332b1f2dd35bebd3ed1120d4d33bad1297a98e78a6

/data/data/com.everhomes.android.bilinshe/databases/pushsdk.db-journal

MD5 79c4971544889e3b63186dc43c272e27
SHA1 39d8ab178783fdcd7ddd3c1843766a5020b06e7b
SHA256 cb341f489a1eca435c3df738f0311d173e61de0e1f6334225989b63ab8407eae
SHA512 880ed66ca78130383541c1157e6358a64266fd414b74884b01616105b893c6cac27e240b981d7440c0f8ac2788fbf2e4dfaca5d48d9e7946bd3ed199c6c1dbce

/data/data/com.everhomes.android.bilinshe/databases/pushsdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.everhomes.android.bilinshe/databases/bugly_db_-journal

MD5 7cd00568735bd047aaacf4403fcdf8a7
SHA1 9267afc8f5e15bf21288f5ff771ea7fdf0632c37
SHA256 71775fc137cd36bd20505eff23b2f81af97ef278fd1f071299d791a7ca0d2463
SHA512 cba6541640e3c8dfa18080489d0e119949fb80ba351652f13819138f73f537b1570f680cf4dade73fdcce4763688ec731144fd328c18899a94bf6caa3b71d94f

/data/data/com.everhomes.android.bilinshe/databases/bugly_db_-wal

MD5 1dd3061b87874ba830c2ef7cd9566f83
SHA1 f0cc232365446353a6e9a254a877e15f34d6c0a5
SHA256 d5e50a0333cc63ffe64d195268bd7a6e1fa12a61962fb3550cfbb7fbf3ddd08d
SHA512 882168dd132bf15df9162c12f7066028fd85d14dd8b447425dd50b0d8d04ce320e6277ea555edb65374a0ca8314d6af4a826fa3ca7176627df742ffd57890895

/storage/emulated/0/libs/com.everhomes.android.bilinshe.bin

MD5 ea78dfc8c2b13df96d76f2bc9fdf55e3
SHA1 083ce3ed388e2c0b43c7529469f9abcb76f57ed2
SHA256 2d1ae5952d764f7b24ebf6abf14081d68386bd52f72fbbdaac848cc032d5e770
SHA512 0a9c5902c1318e82c59d3c23977cd3893d4d4c846788462057a508bdad0ad81dd9cc3ea5b142da860c99f46442fab5b854c3c019a22d090da18e39129800060a

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 07:52

Reported

2024-05-18 07:56

Platform

android-x64-20240514-en

Max time kernel

142s

Max time network

193s

Command Line

com.everhomes.android.bilinshe

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.everhomes.android.bilinshe

com.everhomes.android.bilinshe:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 core.zuolin.com udp
CN 139.159.160.161:443 core.zuolin.com tcp
CN 139.159.160.161:443 core.zuolin.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 183.134.98.76:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 139.159.160.161:443 core.zuolin.com tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.conf.getui.com udp
US 1.1.1.1:53 cm-10-44.getui.com udp
CN 183.134.98.35:5224 cm-10-44.getui.com tcp
CN 218.12.76.166:80 sdk.conf.getui.com tcp
CN 183.134.98.35:5224 cm-10-44.getui.com tcp
CN 120.52.95.239:80 sdk.conf.getui.com tcp
CN 183.134.98.35:5224 cm-10-44.getui.com tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp

Files

/data/data/com.everhomes.android.bilinshe/files/libcuid.so

MD5 732478fd49c62fec93b16b72f1630986
SHA1 31ecafe8b3d12e2e48a25cc5143d1148cedc0857
SHA256 522ca9c6873b9cb07d093198efc6633c6bd16561447c2341f806a3efcfcaa668
SHA512 c89ca12d9bd5e4334e2c5cc1ee450e45152dbd1b17e6f3b0be4777df857b7fc2785ef65cc94d6e9eb0679e5edaab7ec633d198082dacc6175a8be6c8d218040d

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 b43b003418bedeb59bcd0a51d98a6827
SHA1 459593c8aa94cdc4d1639acaf34f98b59cb2e9bc
SHA256 0b4e09165b8249bb651d4c2174e2e7f6d0fed728ec441976b6dfbcf4ee61cd93
SHA512 fdb9d720b2b0eea4cb3f79c835530a5f9df50b41f8e3d3f5d7b11e8b8ea74ba10ca36fe405d15c95aa745d50e028d74b6134ad833a7affcfab1356860670c6f8

/data/data/com.everhomes.android.bilinshe/app_crashrecord/1004

MD5 2156cde19be462e06c0c021f736e5d7e
SHA1 dc5050239afcdd207c922a73fbd51a752ee91dcc
SHA256 7176c0fa8b0501e682fbb588801033092d8d325c9c5d2785a47d5e6ee4d8bdcf
SHA512 a2901d4fb3e1617fcd7d8d11a4f98cf7fd6c5d0f650181221f99b550d4e4482fa2a8ca449ef2f97ded7c48612c0c07b85a51cb8912717477821a567223bd1fec

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 3f209c0da8a1255a9e5c7d44c60b0f47
SHA1 9f4b6bbc67ebdafe6d3409542d5ca4d06c6f0c28
SHA256 5dac28f93b5eb920047e1fdfeb331774ec46fd9b29281ef9ca45c4a723a51ebe
SHA512 a56bd483229f0e9919919fd588be275419ecb280099e7d10d5918a876f025a99e3ceff885b99977d3cfd6710c9345786bc09523dd64fd7778c117138394043a4

/data/data/com.everhomes.android.bilinshe/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/storage/emulated/0/Android/data/com.everhomes.android.bilinshe/files/tbslog/tbslog.txt

MD5 24b19074f8f0248a4b6606a1b0d6f9f7
SHA1 d184326fbc3ed46be95abc35f3420016951a107b
SHA256 15a2dafd51f20adc4db52454ebdd8f0a88c3e683daac03a27e989bafc29b1e94
SHA512 cda70a6f037f7040d6de6c7f4c7c098871b870af6b6581b8921018dbbd20c80f843d24bc0257c098c680094abe1927300e5d75016bc60898d906ab8f23aa48d8

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 2962ae148072945f8c52733f739f2dfe
SHA1 50cd7b4fa4500f22c9ecc09c3e679a85210b951e
SHA256 95d6f02a568345f290571c2adb955e84eb74ea12244b7ddadb4b1b7290f06977
SHA512 efaef87a0db95a3dab5273f3ef6b376bb672748d22b40b1ed7d65002ece97c65985f7fbc14676704403bfc8ac119566814b142d7febc7297fd5c41a071ff5f4e

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 1e34183c4a11bb93db72526c412b060e
SHA1 94d2d84db2bad773ef0e0586d4f2d635cd0fd6ac
SHA256 c7718127e1ec79acad4b3c63909a7f9315c6e21ec65d2ad5bd66aff6aa213ce3
SHA512 f31ee535eddf6d8914af023d4b80d782bc3debb2c5c6773d29d6e6d800b33bf8d7241de02100f2a94b254996ad1dd4fe2fa80be240514efb8ae966df50a05cba

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 7d9471076d3a2ca4151bfa5a993d3308
SHA1 50fad942b674fc0a8092ee92166f1b3550383100
SHA256 d0a9962349c137ce964eec2c0e72ae89c16e82f99e784a1d4adc0121f561b8bd
SHA512 480b2d5db4d48a8691bc7a125a830450bf21e924ed6c02f5e1644e6174ff8300b1ee18738966859c55c1649bec6b130f4fe2abcebb9a2affacdccb9df278d3f0

/storage/emulated/0/Android/data/com.everhomes.android.bilinshe/files/tbslog/tbslog.txt

MD5 0447c11e998de7b9f27b3d3a0ad719a0
SHA1 6da93274c585c2b555e9a364a59b41bbd92ec936
SHA256 eb9e0d50a24fae79fb69ff45fcb2cb347431378cc6badff035a7aef74a0f4bd8
SHA512 c8e6f4b0c7f64d235d879e2965c9ac5c748c5b2b21c22e1f3d81e139c3b8e00b547724261259077f1a94aa031b89117bc2e94abe11bba3b2dd0ded378395adf6

/data/data/com.everhomes.android.bilinshe/files/init_c1.pid

MD5 0dfe7f2c35d489c4e73553f91105f6df
SHA1 4ca492f3673d6ea4e0f45fc9f7cf90da042e5670
SHA256 0b44ee0369a42f00342046d649523d7d8d19d733734a05acb74f00b52a495c69
SHA512 e74a7c47cb3ced59e4cdff68b96a36b85c1d50ab6b3226c92830d26d834e8ca1d15ddbe3b32168e2011e936bdddfc5ddf91784218f0068c1cb79788a7b250a8e

/data/data/com.everhomes.android.bilinshe/databases/pushsdk.db

MD5 761165db17912b6f0a09ac0983becd79
SHA1 71e4dee56ab4bcfd4f653390cc7b17d60c1df3b2
SHA256 f8274c70c6d15209dda4bdff2615aef4c50d28b96a3aa869d616f7c7f0bfcec7
SHA512 d8bf7a99cdd49cfebea84feded74fc92bdfc8185f2797dd388e8985c117fa1ee5eedf2b2e6752ed9b2b30b430bcecdc1a8890b1ea43bdb126915e04eb5bbe120

/data/data/com.everhomes.android.bilinshe/databases/pushsdk.db-journal

MD5 e9cd0a7c8985ee0b7ceed68dfec9a9aa
SHA1 c091a6d45e703a7bdc25d0183df053ba0a3395c3
SHA256 db2fab6e9565b5abd89dfa27c5f1e6ce444f092d7bb871050b1ad75752deaa6b
SHA512 0413f46a6681b9463a65ce51bc6c120908b7a194971ea865d27ea7e6744efdd95e04b984120fd905a324165617dde651f712de5f9662aad4fb8e6b82df9e1da2

/data/data/com.everhomes.android.bilinshe/databases/pushsdk.db-journal

MD5 e11871bf900c64ebbdf1bab18023ad80
SHA1 faa02bef8903db901d409a27bc16480e8b803c7c
SHA256 da3f1ec65e26d2bafb8c833066caca24791d9783b7daeb6a15efcad9e641eeee
SHA512 f8662b5bff495e27509dd1d386b21b96324a7cad438cb1c779ede4c69be1541a6583c8124c12de275751d0a307f4bb754ce85dbbc25a340dce7d29bf7e1dbae7

/data/data/com.everhomes.android.bilinshe/databases/bugly_db_-journal

MD5 a8626ef0652741b5ce877df172a0cb9b
SHA1 cd2ba1f613be6740aedb55c2bc21f446acbc56f9
SHA256 99a26b616b83c6c0898f910092001927454016652d680ff4a495cc2541811473
SHA512 bdbf335b728fdfa0731bee606e539e8948719523feb18aefce48620e74f1146a65a8a4da2295305f9733211235942ab7b707dcf56c24e2e36f02948c3c69f240

/data/data/com.everhomes.android.bilinshe/databases/bugly_db_-journal

MD5 dac34e2daca0a83e2dcaea9b83b2e509
SHA1 ae0fbe31165a9b047425c881deb90dddff4e9365
SHA256 400ec3cb35230809854ce3ceb8ec8d176c4bc14d325226559eda3ff0c7545ad9
SHA512 b20773cea4db6954a79e74a0b58d3c38dd889e7b9812b20766daf65e30c278ec8fa634dfd90a0ff7de8579e115eaada5a71fcebab48662d06477b8b01332788a

/data/data/com.everhomes.android.bilinshe/databases/pushsdk.db-journal

MD5 b27e7e01e2de565b2cc735fdb5d17f15
SHA1 77a58a37b9ef14205860762c73c56ad12f0e72fa
SHA256 4ba75329a03d23b4136fe268f191856b85a4cf1663b6786c47e5a50ae6a02504
SHA512 020bd5e742ff6ade6f4cb6bd6994e7dcca8450218136b52ad961e16d9337a7bc349fb6744ff69d4e6ecf18189039910b43d991e1fd6bdce9f9339c8a6bf41832

/data/data/com.everhomes.android.bilinshe/databases/bugly_db_-journal

MD5 a6dc8cc88600d599284c273c6159d877
SHA1 87ce2cd60dfb67571d6c1ce448de8c144960af0d
SHA256 add7029d4b87ada42a424b1347ba0a5121b62499e134f58fe24dfcfaacba9fd8
SHA512 81ec1972877911d6921b356cda04039d92eadf0ef21e2a40247cb0dc1ca73a61b36823fc65eb38709881192d78b3e8c2a419d62e0e2ced61d68c05b9149689cd

/data/data/com.everhomes.android.bilinshe/app_tbs/core_private/download_upload

MD5 205648d32d561056ffe2927e4a5ad1cd
SHA1 6ebf435af0f73987b8a2160b279670c7766faf55
SHA256 b67ae6dd41734f44a3906544649e33e862599c1f65fa51cd57ef05c947ca5f85
SHA512 f2af4f91dd4952a3a4fb35b642af1d079922f5bceebe235f8b4391ad79aec771d4182080429fdbdd9aba8dba0b8d6807896413048bc8066b2b29adfdfcd862ab

/storage/emulated/0/libs/com.everhomes.android.bilinshe.bin

MD5 b7fc74088f5b089700607385743ccca3
SHA1 7925cfe14dfe3bde587ec45ab5edd79c133dbbb4
SHA256 53393393e28aee7fdc8a4a883c164446f1e2fcc2b10d04615c5e132abded041b
SHA512 775eef26a65725b32ef74e600addf21ead56c71699d9f21a52e3f5b3958686ab78dfd228213d1f574ce831080e33aa44037480686b1a857a063f678c3e517b3f

/storage/emulated/0/libs/com.everhomes.android.bilinshe.bin

MD5 eb68dff1b952341715ed725febbea91f
SHA1 d8e533b8f1e890ef9c446b42eb3180e88df80e5a
SHA256 bcaa9ad3af289a565b5b8fac66524cab32739cdea8b6fe4ba4098dab7a905990
SHA512 8a2398e8e49b3c7ce8bbff472906fdac87e109bdcf2ed1e39e82c4277d810eed15d13326d41b0e75090f19e68743e60bb447b41fe9e19e70db71d4cf3c527c49

/data/data/com.everhomes.android.bilinshe/databases/bugly_db_-journal

MD5 eaa3a0debce1fc1fd6d246178235a437
SHA1 5c6392aed4465962e504791c4b660dc0f9e664ba
SHA256 9892293a6a7e5707cad4433fd1a83034689e6e08912c8b6f498738c0132a0e1f
SHA512 53e94c8675b36c4588f68bff18c783ca4bcbe40294d0313dd446b6b99c4a61b98e6ef4764793cc73a6c817f666ed3e23484bbc9b403ac0e8a7fd6d8a96afd6f2

/storage/emulated/0/libs/com.everhomes.android.bilinshe.db

MD5 dcb424a674532d5c26d3cef22b37c41f
SHA1 f3e9582f3296209f7a3114d5f0283b14721f72b0
SHA256 400ee00957711ddd1047354520bfb76848f68a75062919dc98013b24e3d3cc08
SHA512 8fd53babb29a7f34f4efa6cdf186d2aeb2732d73bea8cfc99a930a5f9daf5b7e194030313765df52f129e811e69981f326587a2fcb16ce33545ba8cc9d791e24

/storage/emulated/0/libs/com.igexin.sdk.deviceId.db

MD5 309d704968169d032789a19e0e579950
SHA1 e92cbf09b9083a67a705bf42bdd36a8f19b1d693
SHA256 114870effe359432c7c842b2cf1044b59c62c360c8a5fa3cdc386bfc738a5218
SHA512 31e147c3974f10eae087e17b21c69a557a5b05e1262fbd15696b1f5fd0ffb176585fe9f4fdd89fee780227b18458c30b20f35faea374b23812d494898be98539

/data/data/com.everhomes.android.bilinshe/files/init.pid

MD5 d12330ed7d9face86db202d6ace6c5a8
SHA1 5d7b9ca1ac03230fa771038bbdf83f03fa8a09ca
SHA256 3d99f32075d437839557cc09d2270aaaf0bfe548f2679c5a23875733e3fa63cb
SHA512 fdd54fbc5813dd7e34421d14c3157e4cff55b217f256bea4d4748b812ee49f720f238042eafb72f656fc672e5b69f45f21614fe4b86fadc149d0611ac74627fc

/storage/emulated/0/libs/app.db

MD5 8417f104a4b97bb6bbd46200480de468
SHA1 be4d1041c8ab22af2986a527b057087c1aa33f02
SHA256 356ae0f87b6dd9ec858271675f6d34ce5b8b799e5f66c15891f04879f9e7c156
SHA512 17ebed3b1d1443998f6dc6ec9be4da6d4f333cfa0f36ab289f77291756eb5d0df99ad301f679cdb29c450a40acb7530ec33c5be0b293f56712f371c05e06b280