Malware Analysis Report

2025-01-19 06:59

Sample ID 240521-2a1k1scc62
Target 64fadba52c0fd81244bb48fd4c5018b4_JaffaCakes118
SHA256 97d4c96aa1cdfcb073848b5a60480c1718c28426f586aa9c57382fb7f185f6c2
Tags
upx banker discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

97d4c96aa1cdfcb073848b5a60480c1718c28426f586aa9c57382fb7f185f6c2

Threat Level: Likely malicious

The file 64fadba52c0fd81244bb48fd4c5018b4_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

upx banker discovery evasion impact persistence collection credential_access

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Patched UPX-packed file

Checks CPU information

Checks memory information

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Obtains sensitive information copied to the device clipboard

UPX packed file

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Checks if the internet connection is available

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 22:23

Signatures

Patched UPX-packed file

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-21 22:23

Reported

2024-05-21 22:26

Platform

android-x86-arm-20240514-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
GB 142.250.180.10:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-21 22:23

Reported

2024-05-21 22:23

Platform

android-x64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.227:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-21 22:23

Reported

2024-05-21 22:23

Platform

android-x64-arm64-20240514-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 22:23

Reported

2024-05-21 22:29

Platform

android-x86-arm-20240514-en

Max time kernel

174s

Max time network

185s

Command Line

com.juheps.dingding

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.juheps.dingding

com.juheps.dingding:pushservice

com.juheps.dingding:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stream.dcloud.net.cn udp
CN 43.142.67.81:80 stream.dcloud.net.cn tcp
US 1.1.1.1:53 service.dcloud.net.cn udp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 dingding.juheps.com udp
CN 43.142.150.110:80 stream.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.10:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
GB 142.250.187.206:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp

Files

/storage/emulated/0/.imei.txt

MD5 c02e1ea7ca2cc151a0fc0479d0316feb
SHA1 81c9e0578f99ab7652922a92ee105e9531f30b10
SHA256 f339b00990f1db0e60b799f2431b8c504d0749b70b18c46b894f73ae3ac78bc7
SHA512 77382eab320f9364a050c43f3723fab408112350e326a4358f945f400b623a19403fefe4850e131ba66e0b3262529bd2045e0831122d6f73d63e7904a816cc98

/data/data/com.juheps.dingding/files/.imei.txt

MD5 0bc92d6e9104826daf1da980a081dbcb
SHA1 fdaecc8513cb98bcca8293409e3724d9adc7ff06
SHA256 ae3cb091e1952ad57b9e0c5b0145f653442da302ec0f83458af46b16dbc733b7
SHA512 4ec6a462bd047d7e638dbe93a6353cc270df6b2d50fcabdb46e1cbbf260b3b011ce92ef93ad9f938e7f3fad2d8b7b34b0997100bd4a9f6f212d9c83463cf66e9

/data/data/com.juheps.dingding/shared_prefs_ext/test_app

MD5 b9e2cf5c83dfcc143f565d5d171f3dfd
SHA1 e1dc3722f05dd9a06ae14164eb0d7ab82bbde6e3
SHA256 45ade8bd0c1984fd27c05ff3c397ca0bc2eb3c3c817da88e783f6f97eecd362c
SHA512 ee7b9ff39b8593e029f2c5cb1bccdfa6cdc3bdff1295b3a22e6640591241d4c97eaf162cc13b7c18cfe3ccfa6530ddd8021c3c43a734134078977060435792b6

/data/data/com.juheps.dingding/files/cnc3ejE6/eje3cnc

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.juheps.dingding/databases/pushsdk.db

MD5 9b7970b5d9f04b9baab3e3dde788d254
SHA1 1ef976be635ba401a68e12e0fa208b19cd0b6462
SHA256 1d11c4a2b0300096ea8d0e2cb4d5588a4fc098bfbdb9fa1fd18dab6a9873a861
SHA512 a1281e57d0035fa362abae0868fd174b637a648961fc9002a4123bc6af230fe4ba6a99b81621f0b1e90707f4eb50eeca608b01080a91de5565deef1f269d48c2

/data/data/com.juheps.dingding/databases/pushsdk.db-wal

MD5 f93db28b375c3fe72d0a78ea8104a14d
SHA1 037bc9bf83db3bc60f6328d3f7044a15495a14bd
SHA256 5a22d292257178ddcc59580bd6c267f6de0a32d28cd7ed20780a495204237f9b
SHA512 d3e304ce0dc7b02da3685322807b47c482298683f70f2126f311bddf16507e23d6492b1a5170ee40eb7dfd4de7c4204055667ddb5ce36aab6e13ed3779f0feef

/data/data/com.juheps.dingding/databases/pushext.db-journal

MD5 a8ffe1dd56bb7cabee077647c9d735ec
SHA1 cf18f129e13669be6442cdec919b4ce89b54c813
SHA256 779de9189bd5e09b1b7f1a11253523c70e4b6f21ff0d1310eb168a0404a18a40
SHA512 f42098dbb953e212c565bebd61b18e5ff6237bb7eb9759c3016f7b76175b961bcc3bb597d139ba9f450f7cc4b594d7b15880b508e4bc853741c860b1dc85c503

/data/data/com.juheps.dingding/databases/pushext.db-shm

MD5 ca4919c223ea2aa07ffaac391be78d69
SHA1 412bdf7859c6d606d52a4964e1cb4968edf69ad1
SHA256 0c33e9d2a7728a34e39095ee5456bfeb9fc0a4a08a3a81ecd01d51050fc57daa
SHA512 1e86dd45c46c8d572c13ba6f971d2cacf075eef2018ca73dd9bd3cfe33b972e9b33f8578a46a73405e4708fdc1c43f57b6ae6475d19fc988999d1c320c12153f

/data/data/com.juheps.dingding/databases/pushext.db-wal

MD5 79e5b2cba6eeef46ee45a9cd6a6e2cbc
SHA1 0a1e34c36b412a1100df61d354092e68167b745a
SHA256 a289e5f36a8236db337a50dc8ce273e64841f566a6148e5f9f44e37b6cdd1443
SHA512 e4e9398d1239de104a3ea98a6c4e64e9dc6508cf06483929921ccdb0c82a7313813623c514501e9320c6eaa9910c9f9b6f1b1acff0d13fd4e020a371909b8505

/data/data/com.juheps.dingding/databases/pushg.db-journal

MD5 8373f3455f699390437e619966067e34
SHA1 e5745d1568922df65a09e701d6bd7e926d12f30f
SHA256 3c5df4c296d549444ba2c3b61360257a3877e91cb0dcd713eb07ccb852d90724
SHA512 aee20eb3d7aefff8e4879b76b5f570b7efcde7f8d00e2e4a07661aae19e2ce8a89d3fe7b07380ee27d49e99f3dd867ec05f2376e26bf076bfaa403dc72fb1cfe

/data/data/com.juheps.dingding/databases/pushg.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/libs/com.juheps.dingding.bin

MD5 2bea906c6381e792dd616cf8aab6da28
SHA1 11302b0c8e518670a29daaa351c38e458a00399e
SHA256 23ec5914ad493380516c3a1925a172177e579ec107c7e33d1853245e2b510e48
SHA512 b2b45017febd4782f33582c2e8934a493aecdbd0474acad47376ee2236b08a41702d04ebbb635bfef7c62dd3df952b91c44a9048166d56a44d82cf6433358061

/data/data/com.juheps.dingding/databases/pushg.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.juheps.dingding/databases/pushg.db-wal

MD5 567aeddd03750f00e5b464cd8031080e
SHA1 a8f0f13be669c434bb28504a7c45ef9303a61f38
SHA256 9c1d8b702d327d3600aaca3a973fe3087522760ecddc7aec9032ceb04add7d10
SHA512 ffe355eec9156ab66c66e71e420d386070c0eea88136a055f3a012397425742fe3a26f1a48575fdca48a5d576c946fb758902f32cacf6c8287b5f88e3120949b

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-21 22:23

Reported

2024-05-21 22:26

Platform

android-x64-20240514-en

Max time kernel

177s

Max time network

188s

Command Line

com.juheps.dingding

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.juheps.dingding

com.juheps.dingding:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 stream.dcloud.net.cn udp
CN 43.142.166.20:80 stream.dcloud.net.cn tcp
US 1.1.1.1:53 service.dcloud.net.cn udp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 dingding.juheps.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 49.234.42.40:80 stream.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 110.40.181.119:443 service.dcloud.net.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 49.234.44.193:80 stream.dcloud.net.cn tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
CN 111.229.199.57:443 service.dcloud.net.cn tcp
US 1.1.1.1:53 c-hzgt2.getui.com udp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 115.159.41.92:80 stream.dcloud.net.cn tcp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
CN 115.159.204.155:443 service.dcloud.net.cn tcp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.2:443 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 124.220.154.50:80 stream.dcloud.net.cn tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
CN 124.220.57.196:443 service.dcloud.net.cn tcp
CN 150.158.157.83:80 stream.dcloud.net.cn tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 110.40.169.99:443 service.dcloud.net.cn tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.15:80 c-hzgt2.getui.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 43.142.22.58:80 stream.dcloud.net.cn tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
CN 43.142.67.81:80 stream.dcloud.net.cn tcp
CN 43.142.150.110:80 stream.dcloud.net.cn tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 stream.mobihtml5.com udp
US 23.27.132.60:80 stream.mobihtml5.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.16:80 c-hzgt2.getui.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.13:80 c-hzgt2.getui.com tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.14:80 c-hzgt2.getui.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp

Files

/storage/emulated/0/.imei.txt

MD5 36f21815c9331f6b76e3cd7a44a6dfc8
SHA1 1cbbc3345d221936684d1391313c829e994af16e
SHA256 e01aba132aed1d6ea18ac4e9a3031d6c191192504f247c2a2ad9afa7aded0971
SHA512 b5df71faf9a4c8dca0987310216b2db0f301c31c7e250c4a416320c5a7d311fa8bbd5851b86aef9fc7c5d16b3e2e62a6f8654ee05c57af6898b6db669132b552

/data/data/com.juheps.dingding/files/.imei.txt

MD5 5c31d02cfc69a481e4e3b109efbd46ec
SHA1 10db4ed117c51bc25f348f802f538a3214a89bfa
SHA256 efb93315c1f3aa03a8b9cf61553e8d48382674c04a3d1277408f03f7b0cfc971
SHA512 b7a6524458946934ddc906eff92432e2a5cacb48b51a8dde6759117b1da385cb3e8bf7f319659605f3383ed9cfbfa820d3e1210807e03e406b800ae33c5cee2b

/data/data/com.juheps.dingding/shared_prefs_ext/test_app

MD5 110ae100f3ca9f3b3a2cf3b0a528930e
SHA1 d4cd96604d7fb6d303efa29c7cedf2cea19ac781
SHA256 da3f778303d7252e43e1d376a17f9ed077cc024a4a8fd99cde6c142c7c85680c
SHA512 c5ba021eb3ceaad903fbac1ea44114691fb199e42157f735d9c54f1269731e0429a9105e731e790e64e7d3c796c6389b1689f2fd4f54cc9dbf60223d912872fe

/data/data/com.juheps.dingding/files/cnc3ejE6/eje3cnc

MD5 480da342613b8b2ef3d21861ab4d60ae
SHA1 a03a809a735b88e0a65fa3d6ade4f96be2aeaf95
SHA256 bf69b6786c3fd203c3433e0952803f2a4beb9198a92cb589c8bca70dda2f223a
SHA512 51cd5be90e8193937828e70fb3ab060319474b7e235d21463c403921ff59f51a6ef923f15c97754c480be8d537c524bd37dfa74a07b7832e02fc68bc72a6a540

/data/data/com.juheps.dingding/databases/pushsdk.db

MD5 f6311a6757cf07caf745709773f0bbaf
SHA1 519f550ec804848c8ffcf6764676a9dfc8587371
SHA256 38eb7dfd3cc501ae7890ea178e96846475c9e36206f42488b5ebf41fc899d607
SHA512 fdb89c425605a669ee3815c8d3b13b8982a1214e01f18c7fc2a8519a7e92a2fe85d744a14c88bea861c6f885b533e4e7510575d6f954f9d7c5ea811382242b0c

/data/data/com.juheps.dingding/databases/pushsdk.db-journal

MD5 309a94dfb63e092301808914599db2d6
SHA1 ee579fb3105dc8fe241473311955c76f520cf6c8
SHA256 12d6b7c81410cda81645527bef7b45765305ba1ea19fecb1abb3cd16b9eacd53
SHA512 d6e4324de8cc31495270296f8f94ae51021a7a7660143c437902adbbdaee75c94f0a02e3d6248d3299111908e99e7464ded4b441379515b42eea6e177e24a81f

/data/data/com.juheps.dingding/databases/pushsdk.db-journal

MD5 c6972c62997ff6c49a2be26717ba275e
SHA1 0044014bd90a72697a842a4da947b7127468eefa
SHA256 70bc7185c4b92dba95c14e452bf7d8dbc42f4050fb06beae8a4459485e01e380
SHA512 5ff690b4acacbe5a42f48b532edf1219606d317c1ba3b79d4f2dd44f9433ba1573c6374b7717e77db8118ef8e335a3a434eaa2c2a9914954751ed17d3bc92369

/data/data/com.juheps.dingding/databases/pushsdk.db-journal

MD5 35e0791293d8cac7e5f65c8747550d3e
SHA1 660b7f74e28089e85b6296f1ee3c6c19e1573df2
SHA256 5de447912043e74e766c39bce5b40d51f001492e3697989a27fd6d7640ee657b
SHA512 b57267896a461f04c3c9d74b3652278da43842e344b23d958fb91f24bef9c64f7dd1b615df95a9f89c68e75d11bc7cef2712a7c5c7f73a5351a0ce99e845f147

/data/data/com.juheps.dingding/databases/pushext.db-journal

MD5 5ee85733317c144dd46f9155276eff06
SHA1 fcbb78b771fe2b5fcaa9fce269496329453a10ba
SHA256 f7fde14174c3250381c41bc7005bc8ce46acb7c1c3038fb553c11395d99fc0e1
SHA512 7c01d6077766034efb8edbf25a66e6b0070c2d71ae28aa871700a43c4a03424f077ecca695231295ad1cf6a1ae0e335626910d7f2d485eef99fe03bc1c99eaf7

/data/data/com.juheps.dingding/databases/pushext.db

MD5 6b03b330b25a55de6e48db23c142acab
SHA1 03f16cc74c06ab583ff71e2047492bd6c56ea4f8
SHA256 01c1716f77b376ed8a1bc54d23d06af655478dac863d213a3ca83b75cfed3b32
SHA512 6ede8ffa130155b7558daac242eb4eb37ad0d61c50d1bf11c0feeae7d6892c0980fe00d17a3ebcb15655d4631e765de80c3fa8f93e213d9550fd347bfcc6fc4d

/data/data/com.juheps.dingding/databases/pushext.db-journal

MD5 3ffa9e0d5cf2284bcca49f0d84043fdf
SHA1 45c26182d404d9cde7c0ed4c57f9a61b344d7287
SHA256 6a6b5fb3ea06dc0b5893ae84d38862d0d2e767d6d24b8baa39616fff508cbf7b
SHA512 28f8aaabdad5c7f531825d213097386a0834bdafea7adaea5176c9d3ef5a3c9247aabcca974e9b0bfab1a30988f2dde7faa5663fab1493a3fec0dd70c50a2cd1

/data/data/com.juheps.dingding/databases/pushext.db-journal

MD5 a075c747328794a18e68ddc537bd05b6
SHA1 5d1129bb2d06ea136ba467d1b720904603c2a9b6
SHA256 15d308b1792be3ab1133115ba351775b1672e5fa7c38bebc1c691e29a679cb69
SHA512 7b7748ce1441344b5ce614c3c59813926e43936ed410f766f139632830d0c360528f94a204ff0def8f69dde562f12e26bf7453b105f03586ae5fa56ff6aec697

/data/data/com.juheps.dingding/databases/pushext.db-journal

MD5 e300c316b137144868cff6bcb45b0fed
SHA1 a147f33dd6040918ff988aae264db3ddf89681a4
SHA256 6d589436a351dc798a848bdd83a53333d305dd10f07181f829abf29c9710cc02
SHA512 229430348cb4f2797c20d3ff61e7eede2be95065d91f1eacc194ca82bacedd65b4c8a530b0d40d0df5ce2fa4e8800c686e63cf042e532160df47b5d3f6d112cd

/data/data/com.juheps.dingding/databases/pushg.db-journal

MD5 4f4dd5978cd355425559b23fb2581386
SHA1 77a3df48b009096d9b6b6dfafcae16bdf4bd483c
SHA256 cba7ed45ac4329690b5df9397ed3b22fcb61623845bb9fba2eabf2ce29d04048
SHA512 2e20729906506da5d373100da769f7c3aef45b934e49d2ec0edc3c1e131ba71d6a6d91ad09d899d9670f2353264d2972b33b412b8066fc078ce6841ec518d500

/data/data/com.juheps.dingding/databases/pushg.db

MD5 630b9eac2537aa3395c6afdaf9f9c942
SHA1 449fd8f98bc57b7c99bfe9113e3d4eed4d5b0c10
SHA256 d4cda7ea19bbc64c93b8a6bcf96c7bebce4255e778dc56af5320bf8d71095ce9
SHA512 65ebdfa0b249714df791db05a57effa6895942a3a24c2515776399e97f63984f61cfc346666687b1e7ee322dc13c89b5d4aa687a99331857b6ef22979602f8af

/data/data/com.juheps.dingding/databases/pushg.db-journal

MD5 eab501b1dfde42b978e0674564146836
SHA1 ba1deb05408ee874ca65a755af9c373a4f49bf0d
SHA256 04ab444ebf0c9149cf9b7292859b7ca12aadcc8d1babd540672ef2374b3e81a1
SHA512 f7766a58a66eaeb7f9bbbfaf4c136e10d79120e7ee72c1d7f1dfdef275262fbd65a8d8a17a725ab60da56bc0d806ec370f647f568014425608834532605f3181

/storage/emulated/0/libs/com.juheps.dingding.bin

MD5 b523908665e2746cb79dec2d4816c3ef
SHA1 c1df37b130086e8c28bb970ee372e19129838ec4
SHA256 ac1063f2770095a7d3ebe9d23a84a9c940590e23287384da04d5e3d959bfa784
SHA512 f16b28919b8ccfa2e415a933a2ddf4a9f1efa6d6534d75f2b9d8c0a4ca9bb9a1652bfd576da900755dae89519121a9c14de0f6adef7b7b178b0acd20119610b1

/data/data/com.juheps.dingding/databases/pushg.db-journal

MD5 08ab3d3ab53f049b6261d2bf2df7c28a
SHA1 db4c276b11e9dbbcdc3b6675f64938775d159a11
SHA256 59e4318e9ad42919370ba49a31a984f1ed87dce0122256114e010efce461c102
SHA512 bf7ff7567f43400d43392b96b238ce28bf17f899d61627264dbeb0b1f9cc03214a1b9361d8f89f016fa5e08f3eb07668011e3d38df8c1f6e487a18a366406f33

/data/data/com.juheps.dingding/databases/pushg.db-journal

MD5 89016b279482e0561dc25885f877a300
SHA1 a1604af2247397b7ced59cdd75c527d41cd07f06
SHA256 1e8d2c7cdca686a44c513731f3a6b4fc11108f63497a4eaeff64c8710f51d3f8
SHA512 5ff79f0690ffb66cbbb4069e808d48820c895f626ba5448ca31dd1030717f55532bbd9977356d13fd409effc46524854829292f1c83318922f966a65d5c86ce3

/data/data/com.juheps.dingding/databases/pushg.db-journal

MD5 0dd1cceda18b4292f357a323c368c702
SHA1 2937ab9966351dbe94bb79a7a035c2a430942ba1
SHA256 5a458dd6a2b9f1da909a3866bd6a55c06ad3bb166324fb748d4827923ea6a29d
SHA512 90b97e3562c04798f5c65f033f28b0240992f5a06da24a9d3f4b7e6d3b400b814e1b90603c5b75f4519c52dde7c8d18f5def74ba1eb9065bea7d109f7a18c0b2

/data/data/com.juheps.dingding/databases/pushg.db-journal

MD5 a28ac0183ef3c57ff6515c6e2005215a
SHA1 1140b0b3a875ff645c0a4ee0b438058b6b55a155
SHA256 60189e25bfc34af21ae88a079d2826628ec3155fec93eabdc56cda28d8f1694e
SHA512 1364ba0924aeef7371c48dec61c4c87428bbd237dc0a87a3c24f63f6ed5a128581d0a6c5d60729599b28a6c514f2bfe94dfe27fb7a8dc637f4687b9938b0629f

/data/data/com.juheps.dingding/databases/pushext.db-journal

MD5 ff340287c3a2c5023346351370f83214
SHA1 f7b20519ae653eb77ad240ae3f73c244480acf77
SHA256 009add1b46b3d534fff4dc52837dd61da225efc70ed135caf50885f061b2ce89
SHA512 807112cdee04c44935213790e281b0b0ead6d823ef759659350055a655cc100abe74bd98f0670e0471b6be48c45b09028db9649cdf0013a7937fc1b4e3a54890