Malware Analysis Report

2025-01-19 06:58

Sample ID 240522-lv4v6sbb91
Target 66dadc1d34d399725a6ef5105aa19ea7_JaffaCakes118
SHA256 2ee5d631fba4f70586a7a95381af68048176f2f5f411d28ca459b1afcfc7eef0
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2ee5d631fba4f70586a7a95381af68048176f2f5f411d28ca459b1afcfc7eef0

Threat Level: Likely malicious

The file 66dadc1d34d399725a6ef5105aa19ea7_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries account information for other applications stored on the device

Reads the contacts stored on the device.

Reads the content of the call log.

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the phone number (MSISDN for GSM devices)

Checks CPU information

Queries the mobile country code (MCC)

Checks memory information

Loads dropped Dex/Jar

Queries information about running processes on the device

Makes use of the framework's foreground persistence service

Obtains sensitive information copied to the device clipboard

Reads information about phone network operator.

Requests dangerous framework permissions

Checks if the internet connection is available

Acquires the wake lock

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 09:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 09:52

Reported

2024-05-22 09:55

Platform

android-x86-arm-20240514-en

Max time kernel

163s

Max time network

187s

Command Line

com.jb.gosms

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/failsafe/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /system/sd/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar N/A N/A
N/A /storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar N/A N/A
N/A /storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A
URI accessed for read content://com.android.contacts/data/phones N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A
URI accessed for read content://call_log/calls N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jb.gosms

chmod 755 /data/user/0/com.jb.gosms/app_daemon/godaemon

com.jb.gosms:com.jb.newswidget

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

com.jb.gosms:com.commerce.chatplane

com.jb.gosms:pushservice

com.jb.gosms:com.jiubang.commerce.service.IntelligentPreloadService

com.jb.gosms:com.jiubang.commerce.service.IntelligentPreloadService

sh

dd if=/init.rc of=/data/local/tmp/init.rc

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar --output-vdex-fd=175 --oat-fd=176 --oat-location=/storage/emulated/0/Android/framework/clrunpath/-936679160/oat/x86/meal.odex --compiler-filter=quicken --class-loader-context=&

com.jb.gosms:com.jiubang.commerce.chargelocker

com.jb.gosms:com.jiubang.commerce.service.IntelligentPreloadService

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 goupdate.3g.cn udp
US 1.1.1.1:53 conf.api.hk.goforandroid.com udp
US 198.11.172.76:80 conf.api.hk.goforandroid.com tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
US 1.1.1.1:53 abtest.goforandroid.com udp
US 47.88.91.115:80 abtest.goforandroid.com tcp
US 1.1.1.1:53 adpush.goforandroid.com udp
CN 139.9.193.166:80 goupdate.3g.cn tcp
US 1.1.1.1:53 goload.wecloud.io udp
CN 139.9.193.166:80 goupdate.3g.cn tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 t.appsflyer.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 gosms.3g.cn udp
US 47.88.94.175:80 adpush.goforandroid.com tcp
US 1.1.1.1:53 adviap.goforandroid.com udp
US 1.1.1.1:53 newstoredata.goforandroid.com udp
US 47.88.60.195:80 newstoredata.goforandroid.com tcp
US 1.1.1.1:53 gosmstheme.3g.cn udp
US 1.1.1.1:53 imupdate.3g.cn udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 goconfigsync.3g.cn udp
HK 8.210.132.106:80 adviap.goforandroid.com tcp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.111:443 t.appsflyer.com tcp
US 69.28.57.140:8888 imupdate.3g.cn tcp
US 47.88.60.195:80 newstoredata.goforandroid.com tcp
US 1.1.1.1:53 api.appsflyer.com udp
GB 18.165.227.6:443 api.appsflyer.com tcp
HK 218.213.248.178:80 tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
US 1.1.1.1:53 version.api.goforandroid.com udp
US 47.88.91.115:80 version.api.goforandroid.com tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
US 47.88.60.195:80 version.api.goforandroid.com tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
US 69.28.57.141:8888 imupdate.3g.cn tcp
HK 218.213.248.178:80 tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.98:443 tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
US 1.1.1.1:53 events.appsflyer.com udp
GB 18.244.155.123:443 events.appsflyer.com tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
US 1.1.1.1:53 smsmarket.goforandroid.com udp
US 47.88.91.115:80 smsmarket.goforandroid.com tcp
US 1.1.1.1:53 gocurrency.goforandroid.com udp
US 1.1.1.1:53 launchermsg.3g.cn udp
US 69.28.57.174:80 launchermsg.3g.cn tcp
US 47.88.60.195:80 smsmarket.goforandroid.com tcp

Files

/data/data/com.jb.gosms/app_daemon/godaemon

MD5 4552c7c9430c1ed7bc43db1504909bd2
SHA1 64559abfc0156d97612b843ebd10abf6d991660c
SHA256 2fbb7428b15fb54440ba1f4938b8629ffa62818053827baa0bf51513768a6d5c
SHA512 291f06ab3187df51bc2e0e419ac465f70e91b677d3c77ec6d56f004900e292490f9a359755afdbc3a215b8810206be24bfa3b7a68b164afda63e8a2041986b40

/data/data/com.jb.gosms/databases/integralwall.db-journal

MD5 5edb9e893b2d84d0b4c5db60ee4e5aef
SHA1 158b5d5b9b8d3e167620540b0726f15f20e1d5dd
SHA256 435062cd98d1257b5664d5719953d6cc70e01e209929144a2fb09f3017b0594e
SHA512 dca17efcb50c9ea52c9f4ccd69ec8aa083e23cdad3bf981f308f20287bdd55d8a66d8371d8444928357b775ce84359be5fff7767836cfe8512fb88252dae1a2b

/data/data/com.jb.gosms/databases/integralwall.db

MD5 7e4189412c0dbafcd4e25cabadb5ccb0
SHA1 a5ed140e60641f569ec04208d63be12a283d00d0
SHA256 f3b81221dafdd3bfd06641b6759f15a8708ce67b71d5ad1733b8bf9d1c61b710
SHA512 d56fc6d5d7e5e709f9a40e1d26e3b5cc70d1bb53955b640590e152429daf1c480de59f1d24b766bdb02ed12546f4d8f4a186869ccde3b0df16f2c9c8d553fbb1

/data/data/com.jb.gosms/databases/integralwall.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jb.gosms/databases/integralwall.db-wal

MD5 2f6adc3ec51344b2e1dd006393707aaa
SHA1 e50885f1fe38a6ae6710d77209e48b83526c32e5
SHA256 9ef6dc2ee4c7027d27074d327fb2f2ece76a8ba5fd499ae592fdf8df5df54d1a
SHA512 6dee1fb20a3cf7063b3d5ae3518b8cecca67b0aaa5f950a7d9741cafa7cce29b4aa63b4ed6a67cc0616f950908a18f72ebeef0cf28eacf1a2926355db3cae3ec

/storage/emulated/0/air/as/statistics/deviceId.txt

MD5 2ab0b1b4d7d163ccd26c2677e89b3962
SHA1 94435072dfe71445a52cafa29c8a8451708410fc
SHA256 cb8e0979900b043d40dade94134f4cf50af46b77b9eb1e9abf43495d76bff036
SHA512 77838314e3ae0e089ff8cb80a5a6067f2deb0f953907a332f7864d33e16f02804e4a0b5e2cfe20a2c0edff326210502a3ad570c9c6147615de9bb322fc599602

/data/data/com.jb.gosms/databases/gostatistics_sdk.db-journal

MD5 1b76bd7fbb14952198df32f9448ffca4
SHA1 eaeae09e3bc2e3ad0787464a28a13355749a0bfa
SHA256 6cac90bd83fb0edaac6ce269dc57883b5ac23c22f202561e99ae55ff2582ce51
SHA512 5931a0420f9fd1af7611bee4a8b132a9169d91a023bebc5f30d41f2bc2e76cbdddac148182379f4dea9a7228f6df47aab742cbf59ae9c8c1f61e2418be249462

/data/data/com.jb.gosms/databases/gostatistics_sdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jb.gosms/databases/gostatistics_sdk.db-wal

MD5 5f7b93d19f3f1eda984b60e1f8a02efe
SHA1 c43d8a318952adf98d14813d4d4b4708e32929b4
SHA256 9900aae170f8f7d743eb4746cfc13a7387ee8fe42f44ec85f76c9a4d377ce6d3
SHA512 38df5f07c54d8d4e792c48931e044e86fd91ad5221ee5f639530b525d93e5ee06d9312cdd61728d32bf155b076fbda405763644fc073a35d448755b564dc32f3

/storage/emulated/0/.goproduct/goid

MD5 7324e0f223b3f9a55ba3ef22333025bb
SHA1 f84812d7f59def35dfd111b0550d0746360dbc86
SHA256 51ed56be74808594fc32c49cb35d9d61cdb2646db99903bb98c3b6673de4c835
SHA512 cbc2896805393a093a3c70a37c6b9faa3520b554d0f4b13a330f43360ffdbb12a95ca6abbc46936adbdde917795925132a37ba3fac1e631f68447b47bd31d692

/storage/emulated/0/.goproduct/goid

MD5 e4dcf4e9f131c7249a35a2f3f231c30f
SHA1 4a7ca80372add437dcc7819f126e59857a2bf870
SHA256 e2d1f00f80c97bdbbb86d91dd7227ee75220de4f434aca5de95d7fb308205f6b
SHA512 e2231144d551484d9b308ce36f834370cceecf3431e683b8beaf4349cb991ecbe9a76b50989123cb1edd2975c5c3391070d772736097c0cbdd7d7b33d153de27

/data/data/com.jb.gosms/files/custom_preference.xml

MD5 d6a69d89672ed269adb4c58f8270c9cf
SHA1 f2d47c0e6279e0c4a241793af4ae04f85d10af48
SHA256 30c291ade219241fba34c13e2e8b835e1dba4c51817c24290ed7f1a51a7fdb92
SHA512 a411371a0ae0e1c5e62dfd884e6b874ffabdb53ca46336e9b9d1f0554293433807b1db19d242f272978105cdb7dd738d08a1c58f08538255b7d7dfd41d46cbc4

/data/data/com.jb.gosms/files/custom_preference.xml

MD5 51e207df2f80519a6924faf147571c17
SHA1 028bbe0de3534e6eee553d56223f60f5e8a3d0da
SHA256 409871e58ed102f977e2cd9035163c12742ff506fa9ab7819f1f7434e9f0f396
SHA512 3a9d850a88fb26b74f8932ac0a7cc014d4b41941240f76bae9df91fd43dffea975aed3bc4929f0ac840da113c8843214cef377ef3ba4cbe8988b08c69d5ed22b

/data/data/com.jb.gosms/files/custom_preference.xml

MD5 96c71d9ce18a19503f272df7b95b3e1a
SHA1 db9587d63ca328e5d4d3183b9f5496507149d4f2
SHA256 1877f7566e855ed45ceac7e3f5488d4ef91ab153db228c7ea4968492ba9932b2
SHA512 edcaf6c91009db5ad7766b1ae6016d49210919191a7de00a8d6674e6d3db1101979e0099425fdc7a8b7f281cc65c551d1b0ef72ce9cbaea223e5408125efa99a

/data/data/com.jb.gosms/databases/messaging.db-journal

MD5 3f8c2cb3666fec9ac9de608d6a97b8f2
SHA1 5bc33f7ec3f9837fb40c1374cd2b25aa069a9fc5
SHA256 3ad51f1bb9009b905e61529dc650d72bd3a53e88f5dd49eaa00572ab83549c59
SHA512 21bc74609bb9d645df5c99ee7b2207769e9cc0fc76aa9a2c644fc6e7453e3a01c39098a8980eef31a4799ecb899535cca7eec208b519322465f3e9d85d4c12b0

/data/data/com.jb.gosms/databases/messaging.db

MD5 60a940769dcf40259f3c36434a86313c
SHA1 1b77065b244c5389611c49861c1f3de72172dc73
SHA256 42f77eb99ef7c69ab562766de8b7690fc8745dc5f9ffea1f220d8db2a3ae6b56
SHA512 036f096d6a6b50b0a25ead1a2a6d28ef4aa8d68137827027b307464f6fc8f08a41af403770401cec8f37faee08723ac46aa7fb83bdc69ba01d38b40c1d6c2f46

/data/data/com.jb.gosms/databases/chatplane.db-journal

MD5 3ee852d31784cf1fdc37cf8f77fb5f85
SHA1 f86b63b8a28a2fb215e9625a2b9bd464e81f4982
SHA256 0256d67bfab5539f9505c7a25de246055466c47f2b27be89d3541124c25de071
SHA512 8709705858b9ebf45ffd8432cfdb305968bdd95600018fa205e79150173c166883e561dcad069e46c80c8bed6331092a3c7a754f83671acceda17093b7e50dbc

/data/data/com.jb.gosms/databases/chatplane.db-wal

MD5 9e77203e2048e479bcd24292dd93505e
SHA1 e1483caf4b95d2ad3d7d62de6b1fc49b20b7e4ac
SHA256 5728e62833476023faf1ba71d64e95ab8f9fa3ad10151b7b968ca18c79b15768
SHA512 9e47c4e261fa509c5deca009d95aa0588fb0fda76edf3f2099fed0b5cf789525f2d091a644f5a71dc702263d03cb8b2b608e1cb6e077a8c470f81dc9724d6c02

/data/data/com.jb.gosms/databases/messaging.db-wal

MD5 4aee50c7da66f60092a93c1ec7615bc1
SHA1 6dae786465c2d3de81157e453330d71049bf0697
SHA256 f766a5bdda088f0b6759ec1ec2ae22ff71da7bb85e6616f02a75d46b7bc79394
SHA512 62c2b727b13eed1d152a87d9db7bf358ad6394d7e055212e4d6ec758b817f4ee0cca6737e55f5ce57c10e6f662b39aff5038c3d7f699d2dace9f4903e46ba85d

/data/data/com.jb.gosms/databases/gosms_subscription.db-journal

MD5 1c397ff649b6491c15b4458c653f9c82
SHA1 9387cd2606f243fef0d51ae90d1c8a6d202bc36b
SHA256 b616dce323e5549628cd19afbdf9abbbe8866b5553d149fe1ad528c77f14de61
SHA512 845fe05b6bdc1dfdd886fbb5fb0a405f35bdbe5db11786f3ac1bf15875f687e5028f015044f969ebf9884ec012906315f8fb49aba19bc300a15dc5fe61f7ff75

/data/data/com.jb.gosms/databases/gosms_subscription.db-wal

MD5 03f2fc4b1892273c402407e1303bcbc4
SHA1 5bb792c168c52fc9d3e7b76f00b87815f06fc8bb
SHA256 2ff0fa79a6d388cd6f69b5ca139168cbf22783e77c82acecc02c699ccaa724ae
SHA512 f2cb93363ee2ef111ae7572377b130df329a3ecb8c4c135ac987a2aa534b9b5a39ebdf634202aa98b475bbb91bdfd0f9f0887decbef1d9c7129a16323f800017

/storage/emulated/0/Android/data/com.jiubang.commerce.notification/evasion

MD5 01394c2ee6ba00687ee40a3c80a21b61
SHA1 58c194ae193e49b47318877ce52e182b57f92b3f
SHA256 d157877c190628783fa99f30d89de1653ba6e9be9cf24b135824d133d1a35c4b
SHA512 18076b7657ef034c6996aa21511782f1d55a05f50b8e0c9334c9a4cc9d533831574a348587c72f232552b3ed063b204362867458c563b234f67fde5484d7bcf8

/data/data/com.jb.gosms/databases/BgDataPro.db-journal

MD5 213b8022509e6654a2a3dcc1554af63b
SHA1 1629a240aef8fc85e7c275ab86543d2f0bb3d2b6
SHA256 47c88c8ae484a51d2f7d0685b75beb4a7f95a938b3f24044073cb3268d220db8
SHA512 e57ee23695fabc265037746c62b38b832ea77f97af8431cdda37d594d80fd8129c5c90c726a7383f5b4152238ac8849c19f24cb5c545e7fb0ae553e94494c767

/data/data/com.jb.gosms/databases/BgDataPro.db-wal

MD5 9040f6488373de067e120b48e4782cf3
SHA1 1065fa8e13f9647ea6d22937b002d10b581b874c
SHA256 00ddcb66a558e8fbd8b5be672feec4deea4ae78dc1d17ed86350f54e5c148ea0
SHA512 3db03d40687fe692f2ddd7ad7f839f72297c16bc63cbac1f1fd3cb1f07659a59375bafa2bfeb7589705f7312acdc70a6852ae27338899d6175990e397b30ff35

/data/data/com.jb.gosms/files/custom_preference.xml

MD5 f0ce898a4c8957e697e6435ffc8a2ffe
SHA1 52a2fffc6dc54c12a04497dae426b3e5c6957f93
SHA256 1cf46e875fd19742e0759dae16b6ea48122c050399c5f79d5459c34d37a33e8d
SHA512 8fba126f85b7d6d5448280b62259573272d9e6d03cd68e44e70d71a55f1cdb9a4a206e1686acde8c9048f458242c24f4cb0387a12ba720802e82c0d206b4b0ca

/data/data/com.jb.gosms/databases/feedback_switch_db-journal

MD5 af7ba298cac2d3d5e11df9cd7e968a7b
SHA1 876da89a2179f2a551ef6292bf68d9b008c0a2b0
SHA256 1a379369bdf1125babaebf427bad1d66240802c1558ed8e69bdd6f51401a0854
SHA512 3041fe7aa103b231f10a05f6a3ac8d75022bf83653b86dc015870bc3482702d5fbd94d42ad273af25b84726e5c0b759e75e4e2ab15dc6bd513ae59eeeb39e8b6

/data/data/com.jb.gosms/databases/feedback_switch_db-wal

MD5 8da51a40b665f327fe2448b5e80d39b8
SHA1 11cd4e5715afab2e86615c06b54e38f34d134155
SHA256 c85e60ddfbfe4f8ddc2c275556283eafcf70e02f390d26f95eeb5f0dd71dcea9
SHA512 3b87582f5f25c0b7360419f51fecd835e9aec1296becbad2a5e4e91d88ee4cae549c6a8d6cc5ddfba3e7ea3a3d9e629670a807a5e9697fa1a2a869cb84c8701c

/data/data/com.jb.gosms/databases/Account.db-journal

MD5 bd1087f22923cd67122acc458a99691e
SHA1 159b2cfae66a206b4acf7626818bcd88318a3bd7
SHA256 a5e1a3e5a48dc78967d1a661c359acc72e8211d35bcbfa7f0511b981921b16b3
SHA512 9da954deea49fbde451f31eede4d3d437258af82b571d03121ccc726a4cc5ff7e96f982792ea6d9d6e72d26b874578cda85553d6f1559c4894592f6e0d05c8cb

/data/data/com.jb.gosms/databases/Account.db-wal

MD5 042099261d6b589fc5e6ff6f23adc37c
SHA1 de124f06d488d4768e5eb8d085131db1ac22ea7d
SHA256 f55429fcc9902b5cba91f235b89a5328319ab248cb9f9f4545b8e520a5428c2f
SHA512 7a49361d3c4cd0c0f2ccfd25fe1f3d8789227e0d0549c7832063b37fdec770bab9c8dc4b2dec0867fc2c72aad93a9f9f7067fe82e1dd73c06b3dfa77e3ededb0

/data/data/com.jb.gosms/databases/schedule.db-journal

MD5 b60bd47f3ec25d7ec15ba5daa407cb6c
SHA1 9e9293114c032de099c5d52d3f93d94a3058720b
SHA256 6eec11e203db89e62e9a1154f22f4a6dcf9a478bd1d5f10ddf13588afb9291b1
SHA512 fb97264231b638bde1178b4497d9e631e1eafb81e70aa8c6090660639cb8fcd049ec7a43a2699a2fceea218c587d11764286a1bff584dd8b870d233cf0fb702c

/data/data/com.jb.gosms/databases/schedule.db

MD5 166791b75f1a03a45886bd100bc30ccc
SHA1 af3cba25a9c684904f8791f942374472d283e61f
SHA256 58190a2b0dba3b7321a9397374ab3aa6be88c6d758088c1d421251090cee425b
SHA512 c88ddfaabde079eac636d4cf3a2a87a77a319a65ac9c528d93310be82c473410edc762e342685fbe1d4469ef563fce3666bf8fabdd1d23edf0a92c716039491c

/data/data/com.jb.gosms/databases/sms_interception.db-journal

MD5 9decc6115b1369b6de35688a74224613
SHA1 078c110bf49a4bb86a25162ff45be923aa73102e
SHA256 1dc499b0904898b98186cb5db498f9b430749f0ced34ba9f914482f340855c08
SHA512 19e9ac2bac9bd3c267cf4551bdbf4ed407c75921439d9b6e78542f989fbb82093b751c63baba159e9362a0bb5c17494183d9d2a38850f61433cde9924fc7de39

/data/data/com.jb.gosms/databases/schedule.db-wal

MD5 c26768de20d8a3e4746d027b753ed1e0
SHA1 20db3e5d93a29b4ea4899da490d0ec9bc12a7966
SHA256 3352b08b2b6c5cbdadd30cb32bdf70a422d0eaa52f88396de70c7b9d2856f0ff
SHA512 feaea48d898576dda7299603926ee6cccb3806f3a361c836337c0c8e4a64da33df7b0d50c87a38b52587721bc432819a904f6c5d4e84e009183be53ea5153bfb

/data/data/com.jb.gosms/databases/sms_interception.db-wal

MD5 ccd96fae847ee94281640af1b2a1c410
SHA1 49aa14032db0d1e0905e3e9e4029aa265838abc6
SHA256 366721a0f01f794548d4c7ff72016d23e722e8bb9c483f16c9c7bcd46b38207c
SHA512 22f0168831e4e416bee8f57fb435ee2f1649d8801346b636b8ea1456af8448a15c39a77609fb30bf30a1e2dd2643d7c34068833c0d33d7007323619bd88584fe

/data/data/com.jb.gosms/files/custom_preference.xml

MD5 409cbc6c2abc1b7b345e04e1c6b7dd71
SHA1 ec3b26aefa80cf384de07c96a4242af556712163
SHA256 d5811cfccabce499d723b35b8335bdc60fa56a6c3892a1c8adb2a0df04de2ad2
SHA512 76e91e2b0a98f3b006c937e0ceff4f2c34ab1049fd47998f48218088cc8105c7a1b8272a58ef9c03ff2cfe6a068fca036a142ac5519cd53b6f0b04948f86fd1c

/data/data/com.jb.gosms/files/custom_preference.xml

MD5 34ed87bb5a9296edd31123c7b5f023c2
SHA1 95026f6e288b3404074660097d18a4e46c7eaea6
SHA256 715f2c7b68ce52a57d9980bf0fdaf68549c8105b31b72a50e0caa18ab8f65db6
SHA512 871790b6ff20ddba563b03e4d9aa25127ce3d5e07a3bedd953dcdb0ca08b0c04fe79370bcf663fee3f2a8352979f44840f82567cf7cf3caff6c5974558fc1891

/data/data/com.jb.gosms/databases/holidays.db-journal

MD5 c3a44ef3c18e929fad5b9535d16bf5cf
SHA1 e173694f982c28adff493bb25c290a68cb1ce42e
SHA256 31cd2db21f3ce6369b1efd27bd0d6dc3d45f35870d40b22bbb3001d9cea0cf7c
SHA512 93a53ab31e1ca346b519cf0ac3d0a2e230ebc04d213493518101b0367b79fd53271435e080c589f080023e5f773cf6cd71eb200e28b1d510dc90b2e452506e45

/data/data/com.jb.gosms/databases/holidays.db-wal

MD5 a4d11ec74b5aefb92f4f4166fa9206e5
SHA1 3673bfcaddcd38a886c11df9215b7a27d4fdccb0
SHA256 b03e6f3ff849f8b0fc0c248ad761ed9c297c4ae5c4cae72cb497ee867dbc321d
SHA512 576b502299f39990800b8a8bbd59e73767d782baa331802135dec74362df3c68db32128387e7693b3a66d6c0f8820a8b5860da6ba56868320887f8afd48b464a

/data/data/com.jb.gosms/databases/gommssms.db-journal

MD5 85e6e8630943adb5a4b6e4889672fe4a
SHA1 0597876c3be242b16fee4961300f68111ef75956
SHA256 572186b9421add66c81583439c25647142a7e710e095b3a13a6cfbb62ce7b3c9
SHA512 2ba2e845e259ea91a1af24fd9fa66903645af0c6280054c37a15b4d972eb6f4eb06461782316a557f56e2c8fb215a5a062ebefe9dffaa026858c09de6a3d1d80

/data/data/com.jb.gosms/databases/gommssms.db-wal

MD5 3eeb8064cb2db4d7ad0f95a4423b1e0b
SHA1 5516dc2b6fbc6a069ee8985d51646cfca12771bc
SHA256 d6db8cc3ad366bbdb5564412854016ba0c887dbb3ce06b22d96a547f7f78451b
SHA512 262782dd8b0db34c6e93e382caaa8dd37e3374c32cb5d6d851aa0f19851c7ea4d2ec4040e4507ac1029ebb9850dddcb6fc0c773adc5298d2061cf9922f586758

/storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar

MD5 704b581ff928e7a1c998fa6c98c0b3ae
SHA1 c862400ae30e318ae3028f3dee5f7b52c19e23ff
SHA256 123398dbbe734a4a602e5f2172eba1c7ad3a015260620acc812bbbd10915ed6c
SHA512 fddaa3356b23f7a6353ed2e55418143fb2412ea4b825d0d2ab9d6a15d50fab446332991fb3b2fa04542f8962ade82714708381dbfb612f44ccd109458b81ea49

/data/data/com.jb.gosms/databases/dynamicload.db-journal

MD5 e2c300a7e236dcf398abc1d529131c10
SHA1 ce173d33205871d25c073861a34dddc29e54f7d0
SHA256 7c23cc1a673c010917d33a235e8d5f8e0aae60c962acc6ef0b41641cb9c1d4f9
SHA512 a0cbc705c71adeae4c920b08deab27b45ebe96521af8e4ff0af2778d24fceb9751dd56e4fbb2c2329dceec62492ac18a9c788451e88b1fe1efe784f92a242cc0

/data/data/com.jb.gosms/databases/dynamicload.db-wal

MD5 782ffeabfc5d7dfe21e4579207c23d8f
SHA1 e54eecba572be7556d5ca261e9daa7b6e9b2a236
SHA256 85aeb3956220098e2006595b1980247a34f993c02b19dc84ad1771b1df75180b
SHA512 0611d372c59c22dfd5fa6c52f02129f0ed21d44b24f21d9fda862a1d8aa6e90e9ec76c6951bbd99be36e43cd8dae061aec19689c309fcfab87731e07313bd5f1

/storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar

MD5 7ec711050cfc0bf2e0bacea44b5aeefb
SHA1 def6ba686b06c854fe6290f6d1e29becaffe7dd2
SHA256 03e61f7d7f0960666cde25b0952e1db32fcaf94f151b61da388ea40d54270395
SHA512 d652c916dfbcaed6adc8a510b3a5d4161beda4d2fb592ab8b7882a40fd3057be81c5b87c1a4ab77c3517aedccebe53ecb971d4e8c4bba97614252388234da69b

/storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar

MD5 c81984dd8784ff0ec3244f1880cf6242
SHA1 f374e9e7b273feb657305de1f9dcc85d1f22750f
SHA256 74ea0b606e5d608859d886d92d34b766eaab03f15fd4aaa0a513005be13ad0f3
SHA512 375ecf4d637bfbdfb7c1ec7288331706ed46b6c51f2f42b1fecd54b3e568f7a1f1e4b25afb74b31b3709ebe39885f9b8c9d2107d4fbe87b87073bf59115b518e

/storage/emulated/0/commerce/statistics/deviceId.txt

MD5 9ce68fee17af4ebff224677379a85711
SHA1 7689a9106ee27e226d50987c0d7648c349c16a0f
SHA256 e1b5bce1e8e638901235e7760ee37a862c56d10bbcca1af3da3a1f160f7d5f5b
SHA512 3ca93eff3b0b7c4137edb57f86c4140be7c027921f15b5f2b69b17816cc6d9da5063a6edcadcbab2e67c6e0e446f3666877b77c4e3cf503798b9b3178424800a

/storage/emulated/0/Android/data/com.jiubang.gochargelockor/hodler.cfg

MD5 44ada8809c99b28706800bfd7c4ab311
SHA1 e81ede5c4681febf1dc7abb4edb1178c957b4596
SHA256 80efbd587e6577eb60448edc104bd02b363b895d0f3c171eb9609ea5c4843339
SHA512 de6d70c0d84ccaa4cfc57baf8fd0967940a013a18175cd2ff039f80f26cd74f31429ae0546b40ad0332611319101e7e9fada088ad032e3c2c7a0468b488cbf65

/data/data/com.jb.gosms/databases/google_analytics.db-journal

MD5 14704055bcb52dd81eebcfcccfe2b65e
SHA1 abfc0dff2023e7a6677d96a406874c42a0978a1f
SHA256 32565f020e1d724844a849e3788e2f494920ecd63b767fd1b4810f56efb628ae
SHA512 c50706b7a873a4293b195942990c5af770186ecc3c1b1b4356170d7454e28a686dd4e81c0c177dd500aac2dd94cac491681d3a0e836f7bcbb3279ba225f2f380

/data/data/com.jb.gosms/databases/google_analytics.db-wal

MD5 c7afd3f533d28ec9a08f62eadf14386d
SHA1 bfcc1aba784eb16d25f0843dd574229d0c387384
SHA256 b0523959790a49071d3f1caf1083c92360bea534a870fa0c1199271a3656ab61
SHA512 35ba46c6322d4c8e34a709b4ca02d6bd01efa2abc9b52dffdbde77c8e31abb207ac2224c1ff44753f005ade874d7858a42a1b7e48d66326970e12546903c07d1

/data/data/com.jb.gosms/databases/MessageBox.db-journal

MD5 5cd058144e4c213c8df55372296d4cc4
SHA1 65535817a6458f5725dfc44dfbdc5b62cf2b196e
SHA256 492ab7eae864f96310f44b6dd3ad7cbe7b4e0f9264bf195ca69c80bb83a1070b
SHA512 cda60a55e03dd0960beccc6d605dd770653f35b2857ec550736d52f965a2e6167c46e43736c217498553923a0984ac3818d27e18add5797d02e0d64961216d3f

/data/data/com.jb.gosms/databases/MessageBox.db-wal

MD5 eb7b55ea6f072cac71ec424c046ce7fc
SHA1 a393fc605445cb13de8404d97cf24359ede85712
SHA256 58ddbd9ff804afb515dd5f49b5a5acebe44573b2b1484217da0e83a13798c93c
SHA512 b5bf477c83199cf14b0818b8ade507d7d73c3fb5936f4dd30e8b5f8c9038c0fc56bf76c2c2c13a59d0f748ef1657bbc158d90705bce6cd513f1cbc96dc96467f

/data/data/com.jb.gosms/databases/SyncHelper.db-journal

MD5 bb587ca0ec362cf32f728bbe3dcf9224
SHA1 a1394bbefe6c1806a840eb48548b93ac828394d7
SHA256 35b2b2d09c7af75e5ddfde5e3692fe865c0da23810b2ce0c3fadfb2c71240b47
SHA512 a02628f8fd145835c363035b77a0da7175c46b8424ae395ab1f1ecdc00af041713a0242babae68d38862a410e86937aaac97d87e3fb18cc34bfd8b75db2e1e44

/data/data/com.jb.gosms/databases/SyncHelper.db

MD5 dced75f2a9a4a615575c50caabed6c3f
SHA1 ffa810bc65891cca29dd16056490bfe6ba84e9ed
SHA256 1f0c373dba48d08bc5f842039ee20f96802ebcd9a76a430c2754c90f4a5db74c
SHA512 2f9dc56261c0a066131fb190be9202e959be126ff2eb7ea52c7c104fb3cc92d7aeb23cdda2fa73da010ad80788f2ffc4ab24ab02394c461459808f7614f04e6e

/data/data/com.jb.gosms/databases/SyncHelper.db-wal

MD5 c4b271c50f919fae81af50ac3a1f8339
SHA1 926e108d730aed5c4583125258dce6bd8c90685d
SHA256 f6339b19bf61b1a26df9c7ceba18e33ca0d068486a0cc97342fe7f9311e2b8c0
SHA512 84bd16c9b2ae4073d56174291b87a61271446fac19d12b6dbdb4969f57516a38b790d6175853d1af6be46d82be24d73df318f872a47b66b8ee9072c4e8c5acb5

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-524

MD5 4e152dd6a9ede2c7fd07e23662ab334d
SHA1 82fdb3405507aa1eccc65f895e20a0f05e8fa35b
SHA256 1b81bee329794d8a489bca5b96ce01ac5eda460c4e43c3ba3863adbd2dbf1e49
SHA512 226c4e757c842bb458c202e0c4d388f33b2fef3b4b1102fc8449621b8a31e6ee44622c844e9634fa4ce6da14c5318e86af56b0e53aa672d70327cace9fc75865

/storage/emulated/0/GoAdSdk/advert/cacheFile/524

MD5 2c015fc322042fd4d827468ef0e41761
SHA1 cf3c676788545c0909466ba542cb0cc540e898af
SHA256 7d12a71ba3f46da6ae4008bc297e2a4f0b71e60869fbf7f697979c2edd7be7a8
SHA512 154caf5c6d7469ad61d125b160b078acd3bb1f6f0bf8a6bc580752d8d93fa3015031ababb243d34ddfc3d792ef9ab1c2c7a0c20f804f5427359a75a4d09b07d8

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-520

MD5 3a59ffd5cd31b529878e8f0e73ea339f
SHA1 0d79d9dce81dae9168427383bcb4918d0ba49086
SHA256 e0010a60a20005312c8a531be225691afaf31adcfcaa27202132ef96914a5162
SHA512 45dff4346a4a14bcbf7253e5cf9d887aea14b590f82d5a3d05086a3d793cbe64d83edc92abcbfbc6a9a05712a835145a5e7bc839172e87d236d9458ad60bc914

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-562

MD5 99279d34e5db1e6585234972e30e07d4
SHA1 2f9659be5da3b178ae2125aeeaded4e4fc612d98
SHA256 e0ea9f692c79168c4a3d2caee9e8b8108f6b53a2f42bea9a1f640c216f79afc4
SHA512 c4522a30ebff1b9068d60511b2f21a0b018a87f15abf8d793f3fff64545951e8cb6f6a6ec2fca714a2aef35f1cb7c821ca0d6ba615e99157ca1decc74211409e

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-692

MD5 2e5b457af3a6c8352d276cff10aa5ecd
SHA1 478854a2b4a090ad2375ec8df8068bb385e1f868
SHA256 21fd895c68fde25684d95976a417d834d7ae845317d542274656551faeb2dba5
SHA512 b014e407dcae96fb2097550ba76967ba6257304f479679f12966ea75e1be980345e35c2ac007570aabdf57cb4054b46d0eaeb06d22ece424771798ab82ad4352

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-1844

MD5 d012bbe1965d705c90b7ff6786455653
SHA1 f8f30d068c72585ba63cd52e9827b9dcde2c4a47
SHA256 6d345e3b598653dfca8f032c69549650898f03df407615b6180241372a1bdbd8
SHA512 85571fadf2beb23293de267b05ff30710fede5c77817c6f049141af713d14948a528737b546f8d9d07868b89f1795ef90c6df56531faa1604594bd356d5dbba5

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-2072

MD5 707be52671bdb9f56c27c1513abde44a
SHA1 a97708477b54318ca609db84d0e188fc80940419
SHA256 f5a36f157e0997acfc3d2e690268eeeabaf4c90406fb3cb6468ee23aa81293e4
SHA512 68ea233889e6f2507cd15cf85709fe88bbd3ed3a4c01eab16e332246deda39fbad5b7ca361314d6f2a05ddf0c2947e6762c73e1382c30605dcf643751ad86f9c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 09:52

Reported

2024-05-22 09:55

Platform

android-x64-arm64-20240514-en

Max time kernel

163s

Max time network

189s

Command Line

com.jb.gosms

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar N/A N/A
N/A /storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A
URI accessed for read content://com.android.contacts/data/phones N/A N/A
URI accessed for read content://com.android.contacts/contacts N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A
URI accessed for read content://call_log/calls N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.jb.gosms

com.jb.gosms:com.jb.newswidget

com.jb.gosms:com.commerce.chatplane

com.jb.gosms:pushservice

com.jb.gosms:com.jiubang.commerce.service.IntelligentPreloadService

com.jb.gosms:com.jiubang.commerce.service.IntelligentPreloadService

com.jb.gosms:com.jiubang.commerce.chargelocker

com.jb.gosms:com.jiubang.commerce.service.IntelligentPreloadService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 conf.api.hk.goforandroid.com udp
US 198.11.172.76:80 conf.api.hk.goforandroid.com tcp
US 1.1.1.1:53 goupdate.3g.cn udp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 abtest.goforandroid.com udp
US 47.88.91.115:80 abtest.goforandroid.com tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 goload.wecloud.io udp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 gosms.3g.cn udp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.128:443 t.appsflyer.com tcp
US 1.1.1.1:53 api.appsflyer.com udp
GB 18.165.227.6:443 api.appsflyer.com tcp
US 1.1.1.1:53 adviap.goforandroid.com udp
HK 47.242.62.57:80 adviap.goforandroid.com tcp
US 1.1.1.1:53 newstoredata.goforandroid.com udp
US 47.88.94.175:80 newstoredata.goforandroid.com tcp
US 1.1.1.1:53 gosmstheme.3g.cn udp
US 1.1.1.1:53 imupdate.3g.cn udp
US 47.88.94.175:80 newstoredata.goforandroid.com tcp
US 69.28.57.141:8888 imupdate.3g.cn tcp
HK 218.213.248.178:80 tcp
US 1.1.1.1:53 goconfigsync.3g.cn udp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 1.1.1.1:53 version.api.goforandroid.com udp
US 47.88.91.115:80 version.api.goforandroid.com tcp
US 47.88.94.175:80 version.api.goforandroid.com tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
US 69.28.57.140:8888 imupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
HK 218.213.248.178:80 tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 events.appsflyer.com udp
GB 18.244.155.54:443 events.appsflyer.com tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
GB 142.250.187.194:443 tcp
GB 172.217.169.78:443 tcp
HK 218.213.248.137:80 tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
GB 142.250.180.4:443 www.google.com tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 smsmarket.goforandroid.com udp
US 1.1.1.1:53 gocurrency.goforandroid.com udp
US 1.1.1.1:53 launchermsg.3g.cn udp
US 47.88.94.175:80 smsmarket.goforandroid.com tcp
US 69.28.57.173:80 launchermsg.3g.cn tcp
US 1.1.1.1:53 newstoredata.goforandroid.com udp
US 47.88.94.175:80 newstoredata.goforandroid.com tcp
US 69.28.57.174:80 launchermsg.3g.cn tcp

Files

/data/user/0/com.jb.gosms/app_daemon/godaemon

MD5 a71f2d8197e4d30dee93b17ee0c6c53e
SHA1 8871b267c6c1d4b4adf9c720db124aa6af2af797
SHA256 8e456c853fe43e907135c0d230a61eba328bfe0c729d66ef006772d864e0d12e
SHA512 11b9c2917d22d638608af7a9ea99992a496ba38cbd59c31813a673863253f37b7006f53ece16adca6c42416fb0b3e07a33529b84a392601848f1e2ea30c4cc5d

/data/user/0/com.jb.gosms/databases/integralwall.db-journal

MD5 323fe879035d3ba84bfac470c89e3512
SHA1 d210d7a859d913cc1c616fcd029b316163b4209e
SHA256 2763aa7e140d2fde96040fde04a98ec7e31d3c2ed54b98eadce40766e48be00e
SHA512 981ebb9d4492e04571fcbc825521c5d31bcdb5c465908669c6ff5270f02ebf94548cfcfecd92268fae875b2d0547147dc8bbb8268a65c21b52b1474f73b4171b

/data/user/0/com.jb.gosms/databases/integralwall.db

MD5 8d5ab85e42d90ba36681158733300b32
SHA1 2194b6be16f019130427ee1967024fc1571b2274
SHA256 c4cd6698465468ccbcd7325d81a4dff33850139640599bf8636a59ad5a50dcf7
SHA512 dacaa596b7af312562c90f59747a892d2e20f79e43a4279e84561ef1eb493133564235aaf8c944fae2b74d91d4872f25a6f4d8cb0e4175c41374472b80d34c55

/data/user/0/com.jb.gosms/databases/integralwall.db-journal

MD5 198df6598b399aa47f372f2d6a1920bf
SHA1 411c2e27239f9c64d520179d738fb55f13f3ca58
SHA256 974f6c6174e0fb0facc75aeba898529e3a94263d4dcfa45366569839cb64947f
SHA512 b553350d9486a844fc0849471c0258ac182cc84020f27994b95a53d3eb6febe33fe4bea63c7a08b1a3700b032ec84648afa3bfaf5b759e41cad66c53cd7e00ba

/data/user/0/com.jb.gosms/databases/integralwall.db-journal

MD5 bf9546711957f133b76daa9da0592c3c
SHA1 8af56d8ef3d934b4dfc251dedefda5677707e4eb
SHA256 0f52d5450b3a21329b7b5f99914cee30bfc3747f3ec3a9522fca21b5197b2247
SHA512 14bef946ed106344dff35341bab77dd1fdd55f4363778fba5e00bcbe99772fbfd16d88165a2a0d7b38880e81d9d9b3cfa5ff33b35f7b87ad4ac01ca7e99f2db2

/data/user/0/com.jb.gosms/databases/gostatistics_sdk.db-journal

MD5 a63ae01c12c6133dd2d7e45e0634150f
SHA1 0d4c4000c7b5de59a1cbe8d127767f77149e8177
SHA256 a13b886eba673c976c48c30abc8247ca3c963a55c95503671248064045eb36ec
SHA512 a20c21674a8205d9e1e3922130d46dd7d4d3ca67f59afb9bda8b373b711a37a1cf312b54147498f89ecb282d01a5eef3c1d4493baa6c331e942a077acec955da

/data/user/0/com.jb.gosms/databases/gostatistics_sdk.db

MD5 e403fadfcf4d498c6b8553b8c5b82e81
SHA1 20320e31777ef62464ebb692f588743779b0989b
SHA256 5eacde45973b5ad20e67a7d1a6e6b804c24460b84e8919e8577f7ea6862ba68a
SHA512 2dd272288bea02a03ea06501b2024addf8912937a03856720dd2a97418fc9a7dbe4977db678068d1e3c9c85cbdf38fb09d16ccabe304425004d29580d7507f0c

/data/user/0/com.jb.gosms/databases/gostatistics_sdk.db-journal

MD5 2660c95543ee9b837518321b16c59c01
SHA1 569e3bf990f8270c535c19bf0c1e2759448793ad
SHA256 f0d1e2a7f30a017f17e5589b226567391d375e40375597ee8569ede182f4b805
SHA512 6cd9c7217ccbe8f29c8818fa864cc085eb9511c759087dec746370ac9e86188b02254e6e2fd6ce67d86c1ae48f833f6dcc53cd203dd084d987600f064940ad7c

/data/user/0/com.jb.gosms/databases/gostatistics_sdk.db-journal

MD5 f7779ec7a65dabf5568ebb253018b92c
SHA1 7a24dcafe7ea87bd4ca5639b0071f509fcc45f0a
SHA256 21f14b0be96225128ac5a67e3048e1d2d3eda429541aea6488cde95a6c051238
SHA512 4f1471536f337b3b2016099dc19be6f0eb08983037ba5c203e825178eeb9a7e15f825cbd91680a5e5fae027ceb1aede69709da13ef0bcee21c4b42401cf6f9ef

/storage/emulated/0/air/as/statistics/deviceId.txt

MD5 ca9f09281f8586184dc1c1b1a2ebb484
SHA1 608889e46040e5689a86f17da1aec44a79d77bc1
SHA256 ce69f845e5456d24c20548200967921f713ff7d2349fc057ae3d7a4e2d959789
SHA512 b4db30098def4c202d0a8520fbc7d6eea25332983139957ab1752ac849a2ad7d906f8c1523da649d676919db377af25fb61fa280bd63fb85fcb1f78b51d8ede1

/storage/emulated/0/.goproduct/goid

MD5 40a9be9ef7a84163182ae2cb0022e63c
SHA1 865e517b7ccb75ca8421b1c8b2836ab5cb241a1a
SHA256 0fe7bea8402546977914184e32e80e68e46fdc968208e50b969a7b97b0e7834e
SHA512 24922d10050e2540e01f2fc0f998556e06fc56e17fccd395a216f9a9cf4db58dc0f7106f8aec396038d10a90db0629216cfb3b18c199c81ec93676eefe4f6314

/data/user/0/com.jb.gosms/databases/gostatistics_sdk.db-journal

MD5 e152332a7ac87df2e3662b886d42cffe
SHA1 97ec618564ee0917c1bee67f954429149287b258
SHA256 f583bd7ba855862653bcccd5dbeea6d084248d77e3887c7dddf7bed704f29e97
SHA512 66db828c5ff92435a42a4303f85c4d315ad6fd9d52d0a91487918d91c1807b80066d5d5a576413d8b229f6de567e9ff53e912b6970ed96165673ba78050cbf5b

/data/user/0/com.jb.gosms/files/custom_preference.xml

MD5 036fbc7ebfa8126642d247f960ccbf7d
SHA1 c6b520592e1af8a924aabc86572d89b22e3965f4
SHA256 2d86bfcbe1080ac29deb824e78662e104c3b4a359b5d8ce6d6a319c3766a268d
SHA512 00635dd9563126079f97c9b1e67daa5a172cb2cc190d3a1a9fe5619dab21e1af1e7e191035d5abc7b94a7daf62b229e904afb355f230506b655d4613dd3d37b5

/data/user/0/com.jb.gosms/files/custom_preference.xml

MD5 b7adfe089b705b4bfd7ec9a5efa9bc35
SHA1 3346ccef913ab5c3eb4cbc8da53a860a10dfe022
SHA256 6e40d065a8225c8dca4e83c6eff04e86d5dbd012e18cf705cf898cbf853fc4ac
SHA512 f89bfcc16dcdaa1aa07767bcf564322c99aca3be63e696a72f578d7726179491640343f2edf55427cbc460d97b1f091020647b765389de7c3ba55a91e0f71387

/data/user/0/com.jb.gosms/files/custom_preference.xml

MD5 14fe8e968b35607bc28de28b19d67fd6
SHA1 aacd3057b4cbf8ebcf6b743855da961a55fdbc0f
SHA256 d98e4fc2e781452ea7e182c7b02f6f2db0215eda4cfc9c2446161734879b750f
SHA512 ea5097a8017f23b07b2f34be772126c22e100354548eeb5f8261cf7b6cbf25075b41f208e37acbb2de3691ad0ba21539c087b00087d109517399260fdcdba2c1

/data/user/0/com.jb.gosms/databases/chatplane.db-journal

MD5 0b6f312190009e96014a5fd6a2046dd6
SHA1 af413db09e49e8771698ac7b1a233b31966a86c0
SHA256 2f490caf64a9036a950b4fd253809db75ca955032132dfac897f24e1ea745616
SHA512 c69a7f6f28c9329bb0b48ab80d8a5039c145faa541ecbb160fe648040ede0f6ba680386cc714ec87df354485c83f3a59c426f28a6d1387bbd5338a0b995324d8

/data/user/0/com.jb.gosms/databases/chatplane.db

MD5 17103828dec15b6a50d0be46fca46980
SHA1 b0656d37fbe431466a3cee442fe9a4a9409733f4
SHA256 a40df2adad217745c2d964d81556fe08b803eddf36e50af7a40a14286e157112
SHA512 e9b4b173d07878c444cb7cf3a8acf9055840a85c39bc0bc55a3db55fcc2769e60256ef39d58446035a925ea00b4e4f57a1ba14bb8b22194397ba6f259ea2eed9

/data/user/0/com.jb.gosms/databases/messaging.db-journal

MD5 2a36f3ae68c7251861e1a3cca5e9206c
SHA1 ccb88048cda40ee238758010d24b0f0e1cc8fe35
SHA256 14e26bce55a482160addec92d49b3cb009ef0fcbed043173c9c16cd93d7d32e1
SHA512 5833a2128d0ed86a8f66a9ca05f3496a6775ac6a6e326fc5acbec789ecfd505f90dc9e0cce0033bd3fbe2c1deef3611cd1eea54bf49165aad196101281ac140f

/data/user/0/com.jb.gosms/databases/chatplane.db-journal

MD5 a0e0079448107588830614449ba667a7
SHA1 cd9ba3581725a4eaa26d2bdd76f4e3d59fdcf8ce
SHA256 4c2c7c39021dd06e6f83b6386f6fba579fa5fa0b158f483a7779e43b2fcececa
SHA512 2276060390c7de8d70ff43b7f01b860dc355df304b82d4eaeab5db8cb455d123c434f65531be8d4bce49c93eb0db24d4ec88dc4af1834bb4b65ad1ec8a9f9acb

/data/user/0/com.jb.gosms/databases/messaging.db

MD5 277f25cc0bc39176ef0c1bcbe27311f5
SHA1 368d679256eace4bdab4e6968a0f62e771db465a
SHA256 029179a8f79c9b0ecd33346f565494e18c5b6fd3ee9d663f83b8d11d04bf9a98
SHA512 6ac8bf8a4b0b1975f305116159e86050b4b25bc6220a02f406c8dd98caa6d64d5f2a4221f017cb0d957442c06a7568762f7012b607f13bcfff50f8482a26f83f

/data/user/0/com.jb.gosms/databases/chatplane.db-journal

MD5 3cd9f85932ce20eab06f5e86a57136ed
SHA1 9e741533cb31573827855ed30d32a4d8252750f8
SHA256 584c00777f071b66021169a60de60caeb04aaec613d6e377e48c16b8a8a73a9b
SHA512 23d8af8a2508c77c73fcf1f31510c1a9519d2e2daa034a87aee16005a423af95c1ae3060bf5369f7f3ec569d498ef53a1e67cc799a37252fdf21fe2e0dc668d7

/data/user/0/com.jb.gosms/databases/ad_sdk.db

MD5 b16a2ea07661c4be8b3d6deb02d08b99
SHA1 ed942de6f22322cfbd423537b59fba8a7d1d9494
SHA256 3220fdb213d94327b8cbc8f5751f141192ac827658c3610e6256061b42cc42fc
SHA512 d75c5ad5a981a1fdb67a784baf74284c545bd1a41bebfe06d842036a0998f3adf5eafbab7c87be5479fe8bbe1902c3be35f6a33f7c95aac3a32c5a4aacdc3b42

/data/user/0/com.jb.gosms/databases/messaging.db-journal

MD5 a974c8117b4d7d03cee4e8ab6dfdf7f9
SHA1 9b7d19c367d8520f1235270ebfded41e2f016624
SHA256 f95dc121974eeee8850fe57c72c4a9518c8aef7d526e98e75437e29416b75892
SHA512 02d3cde214d9d27a071bfe230278440bcc28ec34ade68c37b53b234b18c2ce27074cb70a6ec97a3c0f675299d76efe00ed3a38fcc2ac086ae14124993a0eb33e

/data/user/0/com.jb.gosms/databases/gosms_subscription.db-journal

MD5 fa6771e024b8cf416741298b05273e92
SHA1 5e786961b5b80acf998942d04c2dab76825e77c7
SHA256 fe08440be42e29e04c67f4c412cc66e5d496bfbbdda31423362eee34e6c6c0d4
SHA512 ffda85f654619093f2f304e8a91e36933e5d925c887be846630ba1df369e08eb92fd3e96cb3ad57b83577a1143c1b171d5d1921278fe8f288f4539d0399ae54a

/data/user/0/com.jb.gosms/databases/gosms_subscription.db

MD5 2c28c236ad6e0c70c516915bfb718142
SHA1 f22147b64fe8fde676b65f9d5cc4f6e8ece3ba0c
SHA256 2088eb0197ea793e3fff185e14d22337a509141e5d841fc457a87ed147be7880
SHA512 3935227d590cc7571a1eeeffa8ccd0c38a5e21dd6333c75e34f5f307390305d0197a9132aac7a4d4a1fa4bf864ea4e62c7b98d2744a5d6b134bcffabd9cfbbb7

/data/user/0/com.jb.gosms/databases/gosms_subscription.db-journal

MD5 2cf1ff3c7fd49d839d829d7772ce1326
SHA1 62542442e4da597d3312417db59c9aef3f001a8f
SHA256 b68bacd2216933adad9de665810de2a955413ea702c559f8e4fa5ce6407068de
SHA512 402770a4293f535dda224e9d8c0467c147490bf32f436d6ed37c057b8e01d5f0746dfdd7d0524fc60ddf367183701d6073a3bada9ec386d44aa11268d9c90126

/data/user/0/com.jb.gosms/databases/gosms_subscription.db-journal

MD5 3cffca5012855b85f566557ebc0b1990
SHA1 935f450d7ce560db3949ddd2f336187e87160673
SHA256 d7660db196a18393fc4f5d5ab1dc39febcf07d954a38b363c5de2cb309c2f18c
SHA512 a09528b44dbb8862db0b88d5579b08715487fe3a2338124aa32fe075df5920a3da3ac6a0757a26735f7938b54ddb8f5b795165126355bb044f51749e3f768ca1

/data/user/0/com.jb.gosms/databases/messaging.db-journal

MD5 32a148e6b3c98cf4fa425f16f0eb5ca1
SHA1 e2e2b83f6b1447edcb816f1555964542626040ae
SHA256 65741dfc8f72b2e1167d32215e742fc4aaa93b3a5e953e97e233ea526c0f07e6
SHA512 e72f4b50ac5edf9737039e41c62ae15e2dc22db24bdc13ec5310962ff66a485d388030be934d4394dedbe746353f9f204bec543aac12a1614cc7e84b2b3bab7f

/data/user/0/com.jb.gosms/databases/BgDataPro.db-journal

MD5 7d48bae666a6b3768c2c70b0b1d8d4da
SHA1 363d1b4f8189ac8231a929412f3b73d91a1fa80d
SHA256 a01197aca4f980223507e5b40061992afa6542abfa0adf58086c6e515d5d8a43
SHA512 24d9f6b79cc8a9b2d31c10bff8e6767e387e179bd2359769241f7898eb49228350e137ded2ae5cfff837f04ec92293a88196c2bc96e508b97ea6039f71632028

/data/user/0/com.jb.gosms/databases/BgDataPro.db

MD5 d40ae3b2d66a0a346fc9328f7338aac0
SHA1 7a45c111fcd76aaf9b52294c8b4972e29554beec
SHA256 e7c67b7e0cce45b46cf413ba2e758cc9e72aee87dc7f36beae563dff7dfc9392
SHA512 a5bf565a47ee93c604fc13f379d69353c2d2cf84a5193d680b2c788f9fd6b98e271157856eb8e64ffb833b9a96cff32c4f0e0e00dde2189214fb872482669d42

/data/user/0/com.jb.gosms/databases/BgDataPro.db-journal

MD5 429071d81575bd1e108c5acce80f4098
SHA1 cc4b7228b3486cf5fa0d808dd91d0aba655bf8ae
SHA256 2761915cd7eb04592efeccc1193d5caceeabb5387fb2fc1789b3c112463a94ec
SHA512 861511f0d54e9800e2d1674254381adac960f32f32e26d2030edb87067278c5caf2b5a6aa37e109632ca9cff501d91362d44e7e9f3f4d5a91fe908bba0cd97a1

/data/user/0/com.jb.gosms/databases/BgDataPro.db-journal

MD5 bea3eded64514c2df03fc42a70284cd7
SHA1 a327a1b04f12cf2eaec16153c7aa94533c7b9bb4
SHA256 e16f987d52eb2d432cc850d16bf8c63d98c0ad4f1322078306aad7f2d18b60e8
SHA512 63253ef371666f8f490f79be4c8355506cddfa6e8550aa9516cbf519ae0a74e6932d27b0fe2f8e3bda74a96b5a1dd5e875ae547baebb7ed6c992b1440f438976

/data/user/0/com.jb.gosms/databases/BgDataPro.db-journal

MD5 61fc36f1fcb7dde64fe04269c6fe98f7
SHA1 2842c50e4107707df7b1e23c5c5ad51b75d5dbcc
SHA256 170aa187e9d1ae4f147dd23b5a6ca6d91e2dd32138e16a837ed21b5f8f1ad554
SHA512 327d0f2f55b611506f6dd45a07f147b604571df12fd295ed5c25ca4307f951255a07384f65013c02470ed7e36694d53e56e74a9955ebcc5c8e42e710eeb6611a

/data/user/0/com.jb.gosms/files/custom_preference.xml

MD5 d60cc5c0b913c57f9108e60515091a83
SHA1 80c9b1f47c9240161ad613779ecc0171d8c862c8
SHA256 fecdbf8b3cd395b7e213ef0b0b7161e595b79b638bd6be8ad71d8e772407cf80
SHA512 296d1f28f9b3d059b12276113d1505a9c1b93c1e54dbb683b24c8149ec27fd624ef5fecf2b461904d75a059473fc3d30206b71b48f8a0885b54f3161627e4735

/data/user/0/com.jb.gosms/databases/Account.db-journal

MD5 fe7c135506e359ef5d6181a1a245ec7e
SHA1 336c9895b6f9b88d891a4a4f269cdcbde8737b28
SHA256 89c81de6417d0b5792d634e0d46953153a455ed04c2605519dac449d838733a0
SHA512 67b0d6e15342921bf7edd8721ab5170c24a3d327cd17c05354f3c9fd6a9b8d7f0e83fa06b26814a4cd4196b7be69c787ee8a3c38169d418b9c1db6f9a1e8c8ec

/data/user/0/com.jb.gosms/databases/Account.db

MD5 b75f240cc5446aa8a8f7a0ff206ac227
SHA1 f1ba460775c427c37e36554a9c30030ae9c33b5d
SHA256 ba75e055c3ea1c1c55a81521c50dcbe95b7bc26e1a2c3d816d70f1481b572a96
SHA512 d7bab7626e4d0caa7d0f040ea8e154775608a281f2b9e56726e72ed461081dc79ce5e1c2fef0c5279d514c1879ba7484c58cdd636090a6f71fba68bd204b8ce7

/data/user/0/com.jb.gosms/databases/Account.db-journal

MD5 8a2bbe5c5b58e1bee7c78b48d4c6773a
SHA1 89ecc0be22e549b79a41cf7ebcd9409d6f44b65f
SHA256 7b3aa64fa4f6ca7adba32109432ecc344fac61878356b3671c2935ba86267e8a
SHA512 3ada02fec4a706d997290295d2836f5efd178a54429cb622d50441abb4a1ef99735440c41299ab2c0e8e9f829320518fe259ac19e3e6fba987e698da97589869

/data/user/0/com.jb.gosms/databases/Account.db-journal

MD5 332ba514b203e2ed5f0fd05160105dad
SHA1 25c86864460071f1295217d840d61c61acad11e8
SHA256 71fc2c9f9c8ce26d373602a699e001c25b79824daf9de54e4592b91f5e451f76
SHA512 73b270b0ee2fb43573cfd5c1596f2eae68c7db3f742b58d6dfc6004445a8f839c9e7dd722cb7110375b0ce08eefa0a68d3baa6feb4a2ec89f63c3eb93e08e04c

/data/user/0/com.jb.gosms/databases/sms_interception.db-journal

MD5 f38d9dd3d2a932fa7f88b7052452e697
SHA1 55b31e215275b6ca0f0fcf88700681f3d72f3d9e
SHA256 7393d59c2a1563b8b07791027e47b7dca909979b869a76d3032a370c00231662
SHA512 85a897caf19ed2c65865730f045067b8ad65d4b7a20023bd1dad95ab7522c703b7e36ef8efe84d6dd8bfc781484f9db1edc9530c7ba43eb3f34d7f4b6633d428

/data/user/0/com.jb.gosms/databases/sms_interception.db

MD5 799a25f312f0467b419e22dd42ee37ff
SHA1 4acfa4ff5810c301b3884ca29cd68f8f1344656b
SHA256 b41f9d1cac662acaeeaa098f823dde06001ec2f4021928f4c7d2561a91b7f6b3
SHA512 6d2a36db0e3e717e9b4082d032fac94e78644eb0af9cb0aef875c864817ebb0c9195da8f4d7667822fb0e4c9e68bfa7641132903c3d7636439a104c46c603ecf

/data/user/0/com.jb.gosms/databases/sms_interception.db-journal

MD5 d0ac813b702b77dccf735613d2eb7cfc
SHA1 44b81e9edd0835194b0c6b41f74b0446d29be057
SHA256 762361f9cc4a5dedb87513f1a1771ad3677f5e3e92ba7fd32b329c4644fb8491
SHA512 6d46883190134e0d3a366cd821dd159d68e147e39c87980e9649f1a7b56898bd916c2f58ceeca86f6c63e8626417608c84e76b378666e305be00ec34a2eb4e56

/data/user/0/com.jb.gosms/databases/sms_interception.db-journal

MD5 88b20b8ecc600fffb521a32fcd7ef76e
SHA1 f99be052d234dd7cb84f6e25268614d69c809b8f
SHA256 9f69cd9c8f3c9ae597938b5bbc3bf6f1f353eb1ef46780cd24438e75cf545859
SHA512 5a1b99859568139798c59fac5f79ae8a41b442dc8208999fa52d7ceb2b4af198b3c9e88ba93fef766b0ebdd5be0889770ec4c4296784cccc508b0ead64126f46

/data/user/0/com.jb.gosms/databases/feedback_switch_db-journal

MD5 d1684244846f57893ca327a2de2723a1
SHA1 f9011ade50ba564a6cda7ae5150f2a2fe2a815e2
SHA256 ae357ea8af99a48ea398562dece142eb5818ac5f664d40b4cb413e28026c218f
SHA512 0e820e6ce1fa996d86e0eab11888dc9fe4ebe10e82e2316eefd6f6adb7959a8ca27c95244f992b1a543a86c1a57686abaf0547a2b29df764ca5ff6190aee688a

/data/user/0/com.jb.gosms/databases/feedback_switch_db

MD5 7f15c5fe09852d887b6fd86d483b14f8
SHA1 0197d956c7c1dbf9d6855d72f774a76a1b308c4a
SHA256 826635e96d3df1590623e4bdba670a7a4580b56d743fa1c9bce53a1ab5e534f0
SHA512 f6b89f79ec179dcaad172cae9ab8336098f06ef7ce227c9be0fb04f1abfea6c11a4f638d1cfaf80470d2e651e49ab6facab4982ff9571ff94085167fb756bd84

/data/user/0/com.jb.gosms/databases/feedback_switch_db-journal

MD5 c1bdd72f41a4217254dbf576253096c3
SHA1 27de26605a34c438ffd9678aeeaa62f6d680a5ab
SHA256 964af30905d55d82c57d4e7eab8d5623afc9ce5002f889a8f47d09cee66a74cf
SHA512 4a116e64c745573840a9e37169ea0628eec471e58da830a18de8635dab0a84d8ea7bdb20edf114d094e1d1f36b30ca5dd76a7b95fd55e07d79f843f617c301e5

/data/user/0/com.jb.gosms/databases/feedback_switch_db-journal

MD5 1e2d66fd1580b63bb15dff68a01d53e9
SHA1 19d77019ebc0b127ee9e1e5de5f70ac1afeebc2a
SHA256 304e3064859536845d16f5b1b1fa970db06bb0047947173f428451d7a242d0d7
SHA512 de549bdd366ae35b70fab2cdaf536a0c4c7d7b758bd833f0522feebe3a27ef1b973fcdb70019331c453f8499e88dadbfd235a318d6d44bb2b5f7b04404c0c943

/data/user/0/com.jb.gosms/databases/schedule.db-journal

MD5 ac3e940fb83e294c988c4ef2c1021e54
SHA1 f863581b7a1350f8a61f5cc950eff87d5e1e189f
SHA256 7056f920561e49ce1c6ae2041833a6c2c13b492900de6d6038dc39956b696992
SHA512 6b9f55f827456e885c456cbef33b6a4fa66a3097080dbf7406f3a16429f611ab80de7da6138ab4869f961eda11431401f8d9e15188b4fbcf7ddce704fb4ca5ab

/data/user/0/com.jb.gosms/databases/schedule.db

MD5 d9fda245cd9151198b5a706789b1c20a
SHA1 b1204a1714445ba9ca6d6f63396f8964a7896b61
SHA256 ceca821e184a5ab551b31f8073a571e356a1e145547725fbffa45be02e146154
SHA512 cf477a8252e59a61bf567180e8c0f2efdde34f5bac0e3577d7e3f25aa3e9c4f7f875e6b684d9476510cddfa53123b207112ac5fe02f30b651dd91bec100efa4b

/data/user/0/com.jb.gosms/files/custom_preference.xml

MD5 5722592b7874546edc3e74a30f36cf77
SHA1 717b788c8da2ea14bf5559904886763ee4de0a26
SHA256 6c43a463f5c2fc2ebd0e3e68a85d8bc8c8a5669eae74507684ba6112130e04db
SHA512 cdb50b6f85deef7d36cee610e2269d6128f4bec892a2cd58b7d72e29b161b2f6fdb984e83123ee56f06b095d503b2a0f665db4883cf2b50b7a1b5c72f43f5b40

/data/user/0/com.jb.gosms/databases/schedule.db-journal

MD5 633ca5d78d3a2028ee464fed3a51c320
SHA1 135df689effd14ae42ab347f3e9cef61fa598636
SHA256 993c1f9115e2300f16799c8d1b65a9768973d36b419ab7989e3624ac9d43ccc4
SHA512 e53f0511f55eb20d5d15ae8aab26f4d1b26e3c8748a9e3d7710f7ef9795efb131e790284e6f9f4d61088b88071f1753fae58a97c7f09b1c4817cfd9cbd719ca4

/data/user/0/com.jb.gosms/databases/schedule.db-journal

MD5 cd94d6c771b95ba781ad2472d93e1f21
SHA1 bb701b802b1df4b022a4688967738d7459c60f35
SHA256 f00d13add56a3f3f0bcda9083377790d994f800e8e9471daa4b3f90fb2b9cc2e
SHA512 e26613fd6340ad7eb6efb584999d15b5b63501ecf56fa2e501272bf4e7949d6649afbfcada39d8bf259b18e42eb9a4c09f13ecdba10664a2d6bee71eaab7abb3

/data/user/0/com.jb.gosms/files/custom_preference.xml

MD5 7b1857e7a1441aed1c92a5c1b5c4a498
SHA1 abc4650a9d39cf3c1b175e195b65d1fca14345d6
SHA256 18a33761bc2ef718930acbc4db410a60f6c34b323d0d39bf36cd4e4818b602c3
SHA512 3f0f1d3ed030bc66a9ea632b66f2acfdff981cf952868d8086c9ce42da229e4796fe572f1ad51d8b517be37bcd520e755420ca70248323128755a818f966396d

/data/user/0/com.jb.gosms/databases/holidays.db-journal

MD5 31b6d1b5df7ae389e2aaaf437710b5fd
SHA1 0c2ab9f9acad960fefdcb43f683c4f7d847fb65d
SHA256 9d0b853c46d9a333b9fccbda16c89e5d187d55aa8fda04d14a834ebdc860e446
SHA512 e8152092a5f8d70b7bd6520291384f04e9b66984e06ac0884b0b48ed6a4ca629d218e325541947ec9b65541d431c75acade4a685e2877b1c5c39f63d2ff8bfc3

/data/user/0/com.jb.gosms/databases/holidays.db

MD5 0d1e5927ba67df503836900abf601868
SHA1 f13d9f7f5335ae7901bdeb4abc61cb7a6eae84d3
SHA256 4d19813103c097040b5a9c7bfc2a3f8a740bfa51a443446825304a02c6f1adf8
SHA512 e1c2be3b4f91925c12c71e92f6e79751f316b623e6bc86224631a06052201e895790011abfae9b13cf2c14ba2b5271551860a65581826140d335802998acd680

/data/user/0/com.jb.gosms/databases/holidays.db-journal

MD5 be0d2177b4d573b657660cc9c8d6f894
SHA1 3b77862d9a29913d39c107580b9a357585706275
SHA256 f52dff7909219c6b2f5be288f8e4137f046e0d0fab9d552ed60a39bce57c3d1d
SHA512 d20096ab0d773db139e2cafc173c38a485b349e40fd7f6cafcffbc1a71db60b31d49ff873efa36634c1834b7880cf29277bb83c1869801ec836e88bf9b39d820

/data/user/0/com.jb.gosms/databases/holidays.db-journal

MD5 162fa3804e784f49f0eff6efdb47d6f5
SHA1 6c22437c75a355c93dc6228eee08e9bb67b7d73d
SHA256 5379a98d1bb10540fa76c838e328891e8162e6900ce9262ea12a0b961b78cc85
SHA512 5b6bbb25ff1175a1248ce2fb2a4722b7cb59d9b7aa6d89d229271e303d35ef726e1b451b97d10c3cd3036a69d86928c61d3c233bc4567af2342dce4002b2c04b

/data/user/0/com.jb.gosms/databases/gommssms.db-journal

MD5 a9a82ddf37cd2bb9d13cb1f2002bd365
SHA1 96faeb76f9b82af48f380742bfa87c7d2ce02bc9
SHA256 87c61ee9bdb53ce97d1aab85e213e3fff657b91abbe195960c579128901aef49
SHA512 d4be2fef96b3bcee93f030648e6635912ec7a1bd36f55260afe09483c2ec5897dbb09f95eb7041116dadc8478a4788ef5b70a7f594b35ec5c3b2f99cf50eab35

/data/user/0/com.jb.gosms/databases/gommssms.db

MD5 7bddcc5dd3b14da470a8684e23e4ff57
SHA1 b9a56af7a55945e8769044c43baf91f6bbda836b
SHA256 547188afae1c0e37484595bf6ef4ef0e9d858f568d455b37af1b61e2b0b92f5a
SHA512 cffded43d73e4d87f08e027a7fde2ddb3294340559c14876fbd7aca0217793d653fa9fcbbd20141f5840b01da1466a14b25cc036bfff0c651e9b33c2767482bd

/data/user/0/com.jb.gosms/databases/gommssms.db-journal

MD5 860832ba4813f3c20ca1457a0767d499
SHA1 cd4e4cb2433207153b8d54b912033946cd550c81
SHA256 8cc65eb22536faf84d125d5604b0d5315dea64dc6e819dbd0f22c4603aa0cf56
SHA512 eac7d6e1624303b52c279cfc2ea6a27b64a67f865147b4282b71a71b98667287a64d89584345163186bb7255254e670c9c9ece58665da5e5c562fc60b10d51dd

/data/user/0/com.jb.gosms/databases/gommssms.db-journal

MD5 af73b61b2e48c944d2c5f0766fbcb514
SHA1 94e2b5a00e7109c51a02ba084521002a372b5fcf
SHA256 73d0ca5cfae2783e40fcc9c9992aae6a587405862a0c9f3c661c6248d9c095d1
SHA512 41eef46f7bb9eab82388b69433a90ee06fc87762bfa9aeef941b4309d0757b5e966d783197c8fc9bd91997fb73f59f038c26d12e4fd1b32d93114d6dc3ff69be

/storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar

MD5 704b581ff928e7a1c998fa6c98c0b3ae
SHA1 c862400ae30e318ae3028f3dee5f7b52c19e23ff
SHA256 123398dbbe734a4a602e5f2172eba1c7ad3a015260620acc812bbbd10915ed6c
SHA512 fddaa3356b23f7a6353ed2e55418143fb2412ea4b825d0d2ab9d6a15d50fab446332991fb3b2fa04542f8962ade82714708381dbfb612f44ccd109458b81ea49

/data/user/0/com.jb.gosms/databases/dynamicload.db-journal

MD5 d1a76199f1fb406ab54f137bf46574e7
SHA1 359fbea3450e6de3d397f3d95e54888702f615da
SHA256 2189d66cdbdcefcc9880b0f0f3a85413eb71d39e2f75c6e1eb0cdf7b627d1c94
SHA512 ea4f73f3379bf448221169286cb9a56b0fc4769f12d7f752fb65ad5b1434df59a510010aa027bc3a458ab4683c79c76b4c730c98c0ac8ff4c351595eeba7dd71

/data/user/0/com.jb.gosms/databases/dynamicload.db

MD5 03d15021973bec10b621b9935619f0c2
SHA1 f417196b24ac710066880e70031f0e222666af4e
SHA256 d1d4bf9439caa2bea36a53bd16fde5581e5a260490db7c76244fb2643b8a88d6
SHA512 eea70d4949e9e30f443bbb3e4972b1daac6fdcca72a5ad6fc12ba320c084bb894925830311c8cf6065ecbfde137a31f8ac3c47fec93313f96d4b0bfc638ebada

/data/user/0/com.jb.gosms/databases/dynamicload.db-journal

MD5 ee716a7e6e7fa1981331287cf9f9f564
SHA1 5ee096ebb50d302c02a427c9e48608fb6222574d
SHA256 48e333bb4d02813798b107dceb52b2bbc1724990bb4f99ebd73ee9050c87f3cb
SHA512 b138a9e164711725ab06b95ce143c83c672003fdb38cdf4935c98452b2f5d43f16c4bbb1b4f70e97bb303cde61b4482283b0cfcc8612ca8989d4ab83aa6d809e

/data/user/0/com.jb.gosms/databases/dynamicload.db-journal

MD5 4b2ae3bfdbe38ecfd6316c08740d483a
SHA1 9b244c1064fad847688beae8f074783b5918bce9
SHA256 9339687bf855b0a0a90d7dce0ac08dd4eac0f0f479acc55daf7b677c71ad427e
SHA512 f8be4f193b502ec997e3d2712ba7a842ab9daf130020ac885bea57c8c9a2c4daa3ba8429e3743580f2bf25addff0cb9cc03a06f2b399ddeb44ff65d9b5881f2a

/storage/emulated/0/Android/framework/clrunpath/-936679160/meal.jar

MD5 7ec711050cfc0bf2e0bacea44b5aeefb
SHA1 def6ba686b06c854fe6290f6d1e29becaffe7dd2
SHA256 03e61f7d7f0960666cde25b0952e1db32fcaf94f151b61da388ea40d54270395
SHA512 d652c916dfbcaed6adc8a510b3a5d4161beda4d2fb592ab8b7882a40fd3057be81c5b87c1a4ab77c3517aedccebe53ecb971d4e8c4bba97614252388234da69b

/data/user/0/com.jb.gosms/databases/dynamicload.db-journal

MD5 a4ee176952b68889711b6661d301530c
SHA1 d446a69188ac3e887dc2b13027e36a42752a4fd1
SHA256 feb092a756bae3d32528dfe0b0a6bf70f25fc5bbf2600788c5c4f0a5f79aeef0
SHA512 915de165721431815d8661b1990f32106c867a8d3030c2f3dbfcc38c2fa2483f749a6a6ba476f776c9d4da7d1712c8a4fa5af6df9b85de6513b9179131b3a1e6

/storage/emulated/0/commerce/statistics/deviceId.txt

MD5 62defbb9bb45581de9db47e8c5bc3831
SHA1 6c9d48fc3c7f0aea2e89e7a04d7583958ddc9290
SHA256 feb7fa501b3e6626fe55b03e32d68c2ee3f088212345c9d2a1e8b9e0e4326e7d
SHA512 6c1e7047da2b909d71dc0ef56f8ca249ea3b9b4c797f8b1aaa50a60ab171e397260f39ddadb4914cdba2250f8a6289977a1f53a0bde1515fd4615d0f8882a8b7

/data/user/0/com.jb.gosms/databases/dynamicload.db-journal

MD5 2d3d0c5bb8a3a2606991ce7314fa564c
SHA1 66083981ce9737060f2fc056bb08923a4adc9939
SHA256 4403e9dbba0cfc9ec149d14bb96b437e7cecc057935c16529a63d733be9d5d7f
SHA512 610c5efe0d80d25e6473c89f922dd128113950e9508fb13623c13a036351512270b400c32920ba24c7bbee0ecef8bf5aaf484dc85db824ed9ef840701ee82f96

/data/user/0/com.jb.gosms/databases/google_analytics.db-journal

MD5 36e7832b38e390f972e900ee295d1f87
SHA1 386c1b09b3545f6a728701bd961a828e13853455
SHA256 e9ea217c9b0e14bc9a497c39f5ebc0efc904f97218749971d472843845dc9cb6
SHA512 d60c1f77ff0276529769d983594815a55dfa956e72bebf2e94f41984d25cba76c2308e08eaf8d9592e9505cf53303b7e8de49ed3c46017f7891106eab0a82220

/data/user/0/com.jb.gosms/databases/google_analytics.db

MD5 17cfb379c2f6afaa77da7d5a86ac32a1
SHA1 1740a1badc0b4db0dd6ffdaf5fc2703760e2cfb9
SHA256 28dc8cb2e4ca5bebd00427158d4f2771443f8acbf5a2aabe7ccfce9fbd2e2813
SHA512 d84e4c44c98857fc2d44b303185d36c88c1e631e35236c8ac3a5ef9266aa8a4eb08838385301281e15816dbd6d315d5ba2235f7bb36a5c40e53d2ebba1e569bd

/data/user/0/com.jb.gosms/databases/google_analytics.db-journal

MD5 c9c1119af911b44df4209368266fd5c2
SHA1 5edd8023d25b6210d4b587fc0e1e66efb3873b80
SHA256 d708240000ca61827af257cbaff441d81026d74ead45514a34ed955fbb0886c9
SHA512 ebbc616a98cb2fa0880ac7f21334c4075f0491e6385ac013e093c4432b1eed30d410df926b8fe3781fe64e02adccd26e61b525c3d56d3b07ee250eeb1de2995c

/data/user/0/com.jb.gosms/databases/google_analytics.db-journal

MD5 b288f6d91269f0f518d22289390f2120
SHA1 2b1de8be15d05bff2b3b82f56f0d4ed97b96c3d7
SHA256 771fd0006bcc15a9e946f151d90ee999da75a95a7c0929ab932209c51ac5e44b
SHA512 32daed2929e454295e0fec85891a85057a86918f119d9fbce30021c9ace96fa54b1d434f4485b11b0cd65b0456d47ff43dd2cc2e455f3eebcca5723f0d2aaf49

/data/user/0/com.jb.gosms/databases/google_analytics.db-journal

MD5 c01e793b58cb002fab32471a5d699c50
SHA1 bf3d9d0d94f49549ffac33e28831ad8e412f1acf
SHA256 ba84ef659db93e346a0b2a7bb717bf21224db197683bb3960681be21bf1ef4af
SHA512 3e1acdbcf86f14dceb2815de3b8f5d7e2c628aefeb5db9afead145bebc26409554c72c87c0fa91cf4ec7c24e9e8687627be68f45181e7c3564281308507e3764

/data/user/0/com.jb.gosms/databases/google_analytics.db-journal

MD5 15d4db3b9d33e381bbe43884b32dd2fd
SHA1 9e749139209092c1839b4d9af43966daf49db0d0
SHA256 e94ce3723b27e74e036f6900de13611496993aeb2c76843953ae03f35e998f05
SHA512 f38c44231480788a54702af3fb4f0a6dc1a7dc2c8b3ae897466e032aad107ec2e3d130d8dc5b1d9c5a87cfc26722e9fed5caba97693789f4b7ad8efc5c1165a9

/data/user/0/com.jb.gosms/databases/BgDataPro.db-journal

MD5 237f957aaebeff0cff898c5ddd989374
SHA1 e0c363fb1fa68346be2c4c9a31dc27cfb93cf4ec
SHA256 787e6adccf4087b1fb63b7b1707284ed301910b580fe2d3bbf2201ca0e5ca48f
SHA512 6fe948d22b371f280c962dbc03587a797ee819523b2fba8970a904434b9609e28f155c4755bcc84d3b77882f672647c39c4374ddf37ba36f366fffc50620e722

/data/user/0/com.jb.gosms/databases/MessageBox.db-journal

MD5 992bfa0912dfd1d69b14bfccb217f0e4
SHA1 287db9bdbea99aae4fa2ad55c53b04a4756640fb
SHA256 751a7c3def0c7717fd161462b136dc56e2392ea0462369cf5a788e86576ed45f
SHA512 f87ffb2edeab2d48e15955490155cf0ed5426d2144ceb9535f91362a4c5b030f31895083c63da557ae04e48032bba45cb77a26597ba50cf18ea5e9f5ca39cc18

/data/user/0/com.jb.gosms/databases/MessageBox.db

MD5 9ed1bf884cee2feb601213c054fd2360
SHA1 571cc723bcbff961e7332027889427f7a2b65416
SHA256 56428de6789a35eb61c42105493c1e8611f58e9af598092b06aea9cdd8f7d9b9
SHA512 60a049632db97793409e4e20d8b1a1ba686acd1d21eafdbac14b1c8e2032cecda3a86be2a7100c6be87fdf0df652151a0a403a5f5dbc212d6f9d44a4193f6bea

/data/user/0/com.jb.gosms/databases/MessageBox.db-journal

MD5 04964e849b538b826c8c5db8c08f6f34
SHA1 8ef866442183bed20589cd740b510b06e182b08b
SHA256 7c162e830cedeb9c1ae58f4505940409704c39c49fbf84b7bc24fe384595ed59
SHA512 0fac80e69bc043e94d505ad3ba9cb541e7d6db6f729790c0281c646225f3425d9bee7f8063cd07ac5c7ef1f72275691973f7b8e2c39a214fed16652cb2b6e597

/data/user/0/com.jb.gosms/databases/MessageBox.db-journal

MD5 0a64aee2be08245a163001545d495cb7
SHA1 931edf8ccb4cac1f6978fa727c3e71546897f0b2
SHA256 daa84e171eeb23c0d950a910b326edbe0afff6fb972643395782541ed4e06271
SHA512 47a26b5b33755dba3c83a9b385aa17d7ff3633155ee61d2f4db2a693ee3362391ac57f06daa42628626bdf7879dd79516cf0eed026c058904de1583869d78f93

/data/user/0/com.jb.gosms/databases/SyncHelper.db-journal

MD5 05ca52eb10906316afa4b06008146049
SHA1 0210cfbcc0f14aca15589f7472866f647d97e21a
SHA256 e349ed41c7a719f18e28226228fcd16fec12b09cf2b0ca617c52310353f3f40f
SHA512 0e367415f54fdd65cc4cce2a2967653fa054473421d0dcd0ecd6895e83c26508b7090244de65e3cae3e07aef9e1dcf0326a591e3bc6f2301aa75b3c0cacf36e7

/data/user/0/com.jb.gosms/databases/SyncHelper.db

MD5 f8c3141c07ad0ad3ab7453bed3f1d230
SHA1 b0496348ff7cd322e134532b47ac99382b0cef46
SHA256 3787ec0b3eeb1c2dbdc89375ef6c4694ef6992ea5d8ca84dfdbd3b0fa7201187
SHA512 1a34327396e784ea0c2dba647a989d3e2c379574dadabf97c0198f0cb8c5c5101028cc5eed9bdc228bdf8af4a352dfa47fe9f3ba407e72f5c384588d46c7566e

/data/user/0/com.jb.gosms/databases/SyncHelper.db-journal

MD5 1c896f9d618f1436c82194d008958525
SHA1 fa98cfb96b2ae303a42af24f67a7ca4336f7fec0
SHA256 1f8f6c42090849e4f2e21b6a4a6d8232c729083aadd218e0aabc00eb22fa5442
SHA512 f6ea3f4e7f5f9b0a1c5b87230bfe4a983cb8863c88168c219eaf5878935fcf54d047493f94bb7b82b9ad85d6eab28fdd8bac58998def11fe2e8b4c5ece902e63

/data/user/0/com.jb.gosms/databases/SyncHelper.db-journal

MD5 82af4012fc65b2db6723dd4adfdce4b6
SHA1 b62fee98a6c099dc45d2776715ff3d908175c4fd
SHA256 31af3a9371e92ce07be374d38982e592bebf2d68ebfe52af47a2720c660ee733
SHA512 65c377cd3455e80d640cf8c84c70c405b86aaa4362e2e8fd3922b817333eba05146ebf49e03104f9d69061b09274c8a1320b9c2815c444bb0d7423c2e822e273

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-524

MD5 8bb83b70813c15d25f904e4f271365f9
SHA1 8189b4fa230a4276f41c5089ec97952f2db7899d
SHA256 30eabf53f4efb8367f788abf697c0663ceb131b32fce9940c286bd78d90bb684
SHA512 96a4b72bf923dd6666fa0bac1df9b14e6913931e2c1d1ef70fb2bc0092244645f90ed51a4a1ede591c02394fa3435b6ded31d4a579f1649a0631c9661586a3e8

/storage/emulated/0/GoAdSdk/advert/cacheFile/524

MD5 aabc32607daf8129de08f424f231b327
SHA1 ca45dce8baa2f7ba794ddf2c4fc14dec62e5a8d7
SHA256 b20fe7ca7a7fe644affddff13c61c4043811830bc9a4876e754a69b46c308f0f
SHA512 ef612a154d548c5719837db5d518a3f3bd66df2ce08e55d02a5af6ee4ebf9267cbc75d447328ed1fa820c2078c58ebe1dfb3c6b232f7c5fbfd3841915bc3149c

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-520

MD5 669d2f2ae440db3ff7fc60ec7dfed95a
SHA1 63c07e54af1d90d4f00d2c558057d0f4433fc7a0
SHA256 d58bf6506c73c19f5f286eb61b5c94a2ad54edab0cfcbb5175a91a73ea96016f
SHA512 c4141fb14930fafcaabbfb931f393400a1b5a7f3641dfb4e6fb6fa1df5d9c5d55192888465783ec666c3cb9c7eb84073777717a3bac4d09ef6d3c3fc0357cfcd

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-562

MD5 0f6d95cd285a19600aff38773b613462
SHA1 2878c0cdf29291ec6a9638df5336c821d4ed0111
SHA256 840f700c23ac40d629da912dbff0242e1e06a065cc83fd0df9fba06cc0c90bb7
SHA512 dbd7e414bc9f086fd7e661fa5ac1baf789c4c1a3aa505311475abc45af51ba1873123d8604c0f3d83568c9ca16afc89eea4bfc0897a6327c66622bccb70ec76d

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-692

MD5 2bd73dc89649241ef30122f9e2fa9061
SHA1 afb256de7a7aad04b3be429172d8402ea1bc30a5
SHA256 b8267b920cdf10a72a2816cb52ec9e6b13f7bae8f97b1bf0810ef443a935d083
SHA512 51659630eceffaede1d83edd9d9b058988673a31975e87148dceffa71faa0657af4a4b04972e93a998bb84415f54c249af3e887fc510856722612118f8206c0d

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-1844

MD5 55c1967db3c6f92886a49eee05c1ca88
SHA1 b9628b3f9feb6a475c1b2a5c6a8c2dbef8b7ae16
SHA256 8f6461d71e98ad0f2ce35fa27a1807c429c7daf784143e5b904f5b91acf596e2
SHA512 0aff7e2ebed46ea35b664ea72c2668eefcdda27ffd27b3c8bb9e37cf406a4ade53f33cf039af5ba87187b7917af5cbb565256b887c4a90e2ac13afcc98e1500b

/storage/emulated/0/GoAdSdk/advert/cacheFile/BaseResponseBean-2072

MD5 0768412b7a0d696e89b44b39458c4caa
SHA1 25eca16e68b47e1e970de48dc7ab556ff80104c7
SHA256 a4598ea3763cfecf044114fc69137e0e040e037f37c9e402819dae7ed901ef1e
SHA512 bf94253649b0b89e53b30514762878cf6a0237d78be1763009551823137422f852167ddafa010dd2c37aafa33b07cbe11d20b3d0f2b658b9dfea942cd1f1e98d

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 09:52

Reported

2024-05-22 09:55

Platform

android-x86-arm-20240514-en

Max time kernel

3s

Max time network

131s

Command Line

com.jiubang.commerce.chargelockerapk:com.jiubang.commerce.chargelocker

Signatures

N/A

Processes

com.jiubang.commerce.chargelockerapk:com.jiubang.commerce.chargelocker

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.67:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-22 09:52

Reported

2024-05-22 09:55

Platform

android-x64-20240514-en

Max time kernel

3s

Max time network

163s

Command Line

com.jiubang.commerce.chargelockerapk:com.jiubang.commerce.chargelocker

Signatures

N/A

Processes

com.jiubang.commerce.chargelockerapk:com.jiubang.commerce.chargelocker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-22 09:52

Reported

2024-05-22 09:55

Platform

android-x64-arm64-20240514-en

Max time kernel

3s

Max time network

167s

Command Line

com.jiubang.commerce.chargelockerapk:com.jiubang.commerce.chargelocker

Signatures

N/A

Processes

com.jiubang.commerce.chargelockerapk:com.jiubang.commerce.chargelocker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 172.217.169.46:443 tcp
GB 216.58.213.2:443 tcp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.204.74:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 ugmvhqngkajkfr udp
US 1.1.1.1:53 qlhtebrx udp
US 1.1.1.1:53 lpapkwaqai udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp

Files

N/A