Malware Analysis Report

2025-01-19 05:02

Sample ID 240605-2ertnsag8t
Target 9968402d6281de3e9cfc1109dd416762_JaffaCakes118
SHA256 bdc6e9d37bc799fca8627b2ca5972a8893536c6e0f5016604befced404e3d974
Tags
collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

bdc6e9d37bc799fca8627b2ca5972a8893536c6e0f5016604befced404e3d974

Threat Level: Likely malicious

The file 9968402d6281de3e9cfc1109dd416762_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 22:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 22:30

Reported

2024-06-05 22:33

Platform

android-x86-arm-20240603-en

Max time kernel

163s

Max time network

186s

Command Line

com.huadu.reader

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.huadu.reader

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

com.huadu.reader:channel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 36.143.252.67:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 203.107.1.97:443 tcp
CN 59.82.29.162:80 log.umsns.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.100:443 tcp
CN 36.143.252.67:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 36.143.252.112:80 umengjmacs.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 tcp
US 1.1.1.1:53 httpdns-sc.aliyuncs.com udp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.177:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.107.1.100:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 106.11.61.135:80 tcp
CN 106.11.61.135:80 tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 httpdns-sc.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.11.61.137:80 tcp
CN 106.11.61.135:80 tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 36.143.252.112:80 umengjmacs.m.taobao.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 36.143.252.112:443 umengjmacs.m.taobao.com tcp
CN 59.82.31.154:80 log.umsns.com tcp
CN 59.82.31.154:80 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 59.82.31.160:80 log.umsns.com tcp
CN 36.143.252.112:443 umengjmacs.m.taobao.com tcp
US 1.1.1.1:53 amdcopen.m.taobao.com udp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 203.119.217.116:80 amdcopen.m.taobao.com tcp
CN 59.82.31.160:80 log.umsns.com tcp

Files

/data/data/com.huadu.reader/databases/MessageStore.db-journal

MD5 6f537eeb70efa9447dee1bfcfe013b91
SHA1 810539c2a89a71094983102e5724110e161519b0
SHA256 e34c995b0d848c5a2831c3dabd86c93ec1b74097da1c118631ef8c9aa3010a29
SHA512 6901f70d8df49aa3b519b8905628653b024fe6a1c4869b486eb5780c3849da6c5a506cb0839d3ee86bb10ad34b705aabc6e40a3fd87a965f07e516362c28adc4

/data/data/com.huadu.reader/databases/MessageStore.db

MD5 1c2a9605ae676223a66da2833daeccd1
SHA1 b03820c61cbee499a852d4bcc42f4d1dc911b548
SHA256 80f0e62083fdd99354e169a906e467a3ddbe1f61fe993eecbcfe159566cf2d41
SHA512 38d714956ee00cb1a0e309e3e4cfa1e0841fc6050f095e5b0210fce78592bb208161821c1a21426b8367ff9534073df61595ae8c3a4db49703723b914bd4bd47

/data/data/com.huadu.reader/databases/MessageStore.db-shm

MD5 8627465e5deac058cb96d21051a74e7f
SHA1 c7f2c2e198a1358eaa0d407888b9d50a5fba22a7
SHA256 658c63ee4bdf181ca829e4fe06ea07603458c78d8316bdf249f998309211009c
SHA512 2a3b8d4c2082d2606e639958322714e0b8dcb3b9d47a68b47690c8045a9b17c61286e33c484b297d082cef879a9f543e10ee7f988b00a330b317eec96a519248

/data/data/com.huadu.reader/databases/MessageStore.db-wal

MD5 e09240ab2a52d7fb3be7b846c4ed2a6e
SHA1 68f44154ce78a923897df46f20715add9b5c59c6
SHA256 7aaeaae6be250d3fb0eafaf98a2fe2ed794d4be84d0d77095ae29f2cdfa07ae0
SHA512 f2d92967ba8b31b36b1852acc7c0bee26c8f8c57a2922d3fb9a3d30225ee17c0d28a1d4e8ec0cd8ad2d20078ae8b9efc8eaa98e31932fe5b79144db03008b61c

/data/data/com.huadu.reader/databases/MsgLogStore.db-journal

MD5 d24f1783eaa852cb0fcd11b0b06f1b3d
SHA1 10c4bb3a687f75bba767cede2673d9db6f85d145
SHA256 ad484fe313aa995b6618c7ca8ef2cb04c64013c5ed267a0a7497f5078c58f926
SHA512 93ee89e74131decfe78ced5fb92024f12ee837006ad4d80804b5f5d697522613d73fe2560279866ce4ba52b4df2f5fbd83949c17d7d394ed00af7bae884499bc

/data/data/com.huadu.reader/databases/MsgLogStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.huadu.reader/databases/MsgLogStore.db-wal

MD5 45efe09697f9bad3c3faf5b7cc98ce15
SHA1 dccfd05d54b100894017fa9ed2e6cbdd16b61df7
SHA256 03e4e3f5fbddbdf207649e2da264f4975a7057673a31cd44d802a86f00be8128
SHA512 4011a85dfec006a6528961f903dc42372307eed936e42773a2b77dbb86805d4ef882f05e568fdb447167b12643addb916a0c17c1b71393975ffb7b6fbdce6938

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 dd4f1f076cd4e40cbf50e8bb28535c52
SHA1 378ceaf84ed5a6046d538a4b0c394844264d978d
SHA256 0f0ba7ca42d231521c0ae06814c0b86832beebbe4b3584e6c1f1f56c77ac9c81
SHA512 8c3079bb83de3cc38abde617c7cc58c793342a3c7107cc90e456f83780cd37aa2181dd492fb2484a203992b9dfbc6cabe92d53d52d3c6e2c024b1179ae343b65

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 643716a843bcc1d946f2d07dc5b70aee
SHA1 025e8601935c0730ef21dfa49d85ef85422a6651
SHA256 3a4fc502e3b78fbdaa352b77d7fb7b15eb4c232cc3f697d1d7873e3e83b4c128
SHA512 8466d9cee7ddd2bd6b62082364de92a7e3af8afd88839adbe27b209e057489ec289904c39ed5e0cb36c7b26d3940038e3e2576cfa9009ddd5801346659cfd80e

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a1c2d4d7c0d22c9bdad6f9cef38f59e1
SHA1 5217acfd57693c464486e4cf137bf8c16621e28d
SHA256 4e9ecf92cf21670962e93a2633e8f760ec13971eb4ab4fb694f2a0ba73202e49
SHA512 5653305deef70a050f2d81e49fc5383cfa85e3a5f21be9f5dd09550a2590ddd5984b84ba725a5d9ebdc949e3f72b32eb98608ef2ca82348691eb28d1983a7994

/data/data/com.huadu.reader/databases/accs.db-journal

MD5 f9662acf4ee0f5fc6e5c938cd0245a30
SHA1 2e8233c6cbbcd17c9ecdb854766bef056ce6098d
SHA256 6edb49cf7f8da6268072d6f2ef9003d06e7e2a73fd99b77839655b1ff41dbfcf
SHA512 3db717ab1b27b398a4913a851be209c1758e75d60389d4c7e03eabf9c3a208ffd057fb846862ac7c4115191c43f3bdca81c5f32783c2ba95bce4802b49cae471

/data/data/com.huadu.reader/databases/accs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.huadu.reader/databases/accs.db-wal

MD5 4b79642506b70fe490d2bac1c01e1f30
SHA1 64c15eaf9e4bcb2460aefcea71e781fa9aab598f
SHA256 c3f781c5f86f8f8daa705e00f4045c609edd9cc8d1e5a77e7ff1eecb85714cbe
SHA512 a0416b1e18bd3ce3906286cc4fac929b7ead531b2592f441081e6f785acb690f0eaa420176ba781685eb982eac493c3548135ee356ca2317ca42c022e9fb3d0a

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 efce840a6b28db3f18666a3352553112
SHA1 34c45270a0d17fe5304aa53efdd0ede6d96c3f17
SHA256 353cfb720858b45ca182a5d565bedf6ec319539fc6e68bf43f9d7b7c31523156
SHA512 6329c52f7e47bf1b4f69bd754a876f2739d05d05857ac2ff18fc6c80af760e8528b9fe335f907ea99e5e6658d18e7d4f9ed34cf1843077b98fc685f3d24cf28e

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 1be5023a35b93ee18143504fab419e32
SHA1 f8e509f6e0dac12385338f2cd9c08c4acb81cbf9
SHA256 4976a6cafb300979dda7f93055c04295f4d0a21ce4d9bdc608b7936b061f8f24
SHA512 2d1ec9721ee1304ec7fa1f4ebfbf5264839b9eb895021c4acd7fcbfe965cf550f355d8a2ec67aabf7573b25a06199ed4331c12ca38392d37070799d8c1112345

/data/data/com.huadu.reader/files/umeng_it.cache

MD5 7e029c96c2b58b102081b1e4b36dc0aa
SHA1 c37e4d7db3022e23fddf8a220ea005e0b051dbef
SHA256 c002239b8cb7d1bb4dd1ab2abc2e7e5e5ec9bb1d220b1d1407cde436aeace9dd
SHA512 e2c76e5640c70cdd39054f53cc89df1aecedb818023c712aeb20ee4cfc1f2ba70fae524170544685923429eba5d10048c8d3c3b9fde14ee2beb8a25bc1afbdac

/data/data/com.huadu.reader/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjI2NjE4NjA0

MD5 afdebdd362c649c80ef20ceddb29a799
SHA1 7aa331f4d72f95c89f7caab329cc1ccfc00eb080
SHA256 624bbfa62d7432899c643c348cad5e53e0310e05aef677730b87735a412c8248
SHA512 67446aa183dbb83a21b21691c540292927aae5ed58c1c9692dd25447b1b1fb8545e2d25c0d6d7d223f39ba9b7d381f718558e4ef8c131eec23ba9bb6352ab705

/data/data/com.huadu.reader/files/.umeng/exchangeIdentity.json

MD5 02ef2b920ce26ed41de95428e71f435b
SHA1 6f3a2da5aac94b9dd06a37129cca5facc40308ef
SHA256 8ebbf30a58cc02e46b7d32cd4d6a18244d4f685c38a5189e64d050c480ebaf78
SHA512 27acf280d75c968a7134e26f26af40cf66d71c9bb6f227c4b0cdcbe62d36795f2b7c1a9fc83496e655d046bc24ef4c1c2caef7b5844f6a039be0c257165709e4

/data/data/com.huadu.reader/files/exid.dat

MD5 b7769cacd44e3cc55912c9d3d208a658
SHA1 16149e698d66fc3de7d4ca8d670080c33a43660d
SHA256 8860418cb1fd10fc19dc8192c61a04ca49f5896e1ebbe9877398b35e1a571af7
SHA512 4d8e5ee2a75ac731c5da7b1fff6ecf135369074991c83ba5e999d9de1707d7c2adbc0b74b4c716c784d81f1ca2842e3bfd0ce7b2a77f0c93035e66d03c4d8b17

/data/data/com.huadu.reader/files/.envelope/i==1.2.0&&3.2_1717626619505_envelope.log

MD5 b3999e5b1949c8ceb7d253dbbae19e16
SHA1 dd545936af03a4c63511cb43aed31bccb49992a7
SHA256 fd3ad264e2b4233dea92e50c39a812eed29469745e0d424666f7ca527842f21d
SHA512 49ed56f7ba1ab254a343a1f182690c25f0c583c95c5d8d705d010fabc668d98c44516af92cb62c1a346567c51b8e7fdb228dcd07668100444ad663caaadb6fc3

/data/data/com.huadu.reader/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NjI2NjQ5MDQ5

MD5 bbdfec609a0b29f20044480a500b6443
SHA1 17fd329e0578ad8beba185851c526f9b7ed8ba8c
SHA256 e36b7c12e71d1c8b493f925822e5b923ce46b3c51af734073e383e806dd0a328
SHA512 883764eb70096eb3d8f253d6dc03ddec412b88085780630f847241472cc6bbc532cb2d48602db873fba0879e5911fd8223d2e5b6a372187174c95ad802462360

/data/data/com.huadu.reader/files/.imprint

MD5 789fa4f2b3c9230f96034c9358cb31df
SHA1 0518c7ae17f0d9a8ece8247483186d0f1442fe51
SHA256 ce75d61c09e90b8f5423c26ddafec9981fe50cfcd1cc237050e7319ad9ad5b6f
SHA512 08676dcb1ef9a0c305acd5ad09401a4ec053519d81ab30d49301b1ccfda11ae5a71553a7446c2bb7826b9a8798a96eecb99a8f7c494b7dfcefddc79ed8ff2b3d

/data/data/com.huadu.reader/files/umeng_it.cache

MD5 b12e9fc9ae47572d06771e9d8fa7780f
SHA1 fa489c0478e9f9161c169aecbb87460d926b5dd3
SHA256 1b203dabb82478a4d1e0ab4da60eeaae58cfff1b6c562fa40ca3b920f7ba60e0
SHA512 a6d59b7dd0f3b09f466ffad293d79b61ac98601fe00da254e94d9cf9ea89c4ded56ecfc20dc7f5908b883886ce9ea8711feea07b5667bf8ee760defd2af0faa1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 22:30

Reported

2024-06-05 22:33

Platform

android-x64-20240603-en

Max time kernel

4s

Max time network

190s

Command Line

com.huadu.reader

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.huadu.reader

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.187.234:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
CN 203.107.1.97:443 tcp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
GB 216.58.212.202:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.75:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.14:443 tcp

Files

/data/data/com.huadu.reader/databases/MessageStore.db-journal

MD5 be76917c2b333b8c63d78a0fa1f76454
SHA1 6143734c950f5384f260a6733688cbf964b38671
SHA256 969d42a01481b43e9b84aa71e4299a218e741003a71625af7017206d03e93ac5
SHA512 2001eb807ca7cf88c3a43968d2dde12bbcb09075bc0df4940eead0534135dae7b0a09244943ee01b089da8c3c4d736eb4545865eb9c1a5560d512c724bd20db8

/data/data/com.huadu.reader/databases/MessageStore.db

MD5 15669eb47bb19111cb64fa7508b227d7
SHA1 c7585424afeb0fc7051697b771eb3d81e0e3aae3
SHA256 ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071
SHA512 13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

/data/data/com.huadu.reader/databases/MessageStore.db-journal

MD5 628e0528762306da11b5b6fb05514439
SHA1 7c0436a96e06c8f2747afd4669b6fdf7a92c8b9f
SHA256 0d70975d0fbba2b4467de7ddf882420c9ff627a621be25154eb5e7d8ae6a79f3
SHA512 11947b76f7e2c83bde707d2504606a525ec76ff73b8f935344a32f04ab24178ae7b173c563168c7fbd987bbaa1cf5bf7dbd53613fe262a4698d01457a2361558

/data/data/com.huadu.reader/databases/MessageStore.db-journal

MD5 8a38fe5725ff9e0c1e1dc8438614bef0
SHA1 28223ac92e9a42b11d8c3beb8e9865d5b4ebcb9e
SHA256 d6efc32d331981f4cdcc8e8ee05a15aaaa2b952faba006bcb09763787473d859
SHA512 cf4ad503e51701b5fc96887c900fd5d445f43a3d2afc3b4f6eba97f55e13892c842c84527224e116e2c26e621f979cae3f7fbb548e0e3b30fb9a97f87d7abd21

/data/data/com.huadu.reader/databases/MsgLogStore.db-journal

MD5 f03686abb0dacdc908cce9cb8bc60e05
SHA1 96bdf5f196370529ce4f67eb62ba74dd97a5d738
SHA256 0932bbeb2fe210e92dac1bb2b9776035018ac7bf0ea85e6559be103d77a55a73
SHA512 47101458ad825291d954ba7a4ba00d8545613d2b7492649adbf0022f3428c1acc7f67d26eee29b080d4de3edd5a0f9b92d98354a00ef771afa3f159a929c43b4

/data/data/com.huadu.reader/databases/MsgLogStore.db

MD5 9cec591e3ef91ae568f4cb6e7c2a8745
SHA1 ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA256 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512 f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

/data/data/com.huadu.reader/databases/MsgLogStore.db-journal

MD5 209a90e2f7618c3b64bb9b89c4debc3e
SHA1 2de2e9e737000aa6ca21ff102754d78d68bd5141
SHA256 a4dff46028612e1b926b11c52fd60b20745e659921fdf68a838baad6335b1fca
SHA512 1ac3da5d5ebf2630fc55ff3b2ca771df3b01f472a1409d457e8138ddf32ab08bd0aaa441b5c3846c680335a3629aba06ac552a904692376c3191ffd8303630c3

/data/data/com.huadu.reader/databases/MsgLogStore.db-journal

MD5 1d14b1739afa5b03d0844002c4016850
SHA1 bad064c1ba264f6c8e8dbe1a064a19a860040020
SHA256 fd79d527835ff22c85cb17f4ea22e6f1a070a404bfd79881b8efd48d30aa1367
SHA512 9c7b020785697c8b09b9d1ff24b50d2d8d413da39df901149a55e370cac5426763e7494613abdb95d82ada889e62428e885703d8c513cc72b4df058a6758cff9

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e51fe88bd5f61b1797ef4cf6a0ef6b69
SHA1 a04912e1b13aed77da35e946eb68dac1ef806fb1
SHA256 558ccc7256af4ab0eebf085675046357eff11effed004ef8415d863279988b88
SHA512 3afa53b61d8fabf1d7b68a7a952d1c1d88f6b4b9e5d900d0dd33fe4ce351e1de0547a10bed7d5d05e522c464d0b360fa2e62b018bde9f3dd3c9759db7be54e03

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 3c864a43035bd51051462d23c1d33394
SHA1 8e042d3b0d92df5ba44f05aa06e00d88b2a8bccd
SHA256 3d95bf8131caf558975ea22d6edfb76859b7c944346309ff6fa1d18aa7d168f1
SHA512 f7448cfa75d7ad532cbe36d4ada07ba6590f2a8b423b3c4e5abc0a74f191672d5f2d659a6a6e5e829d25a6830874abac6f8cad3c17f09eb8b98ec3d0d03970ff

/data/data/com.huadu.reader/databases/accs.db-journal

MD5 279811d5d29b4dced32db95d7450c506
SHA1 642326855d31b38b2ddc8127f5b2c210751c60ee
SHA256 f1b7bd68f482abc84c1a7312ff9007494f125f5aabcb496c8677d026a9709652
SHA512 770baf967c4eef034a714b06b3238444e6efbf33df224a72562a5caecdb399d7d66e38fc9282caa6fbb08bae9b5c119ee748be92793d9ae9dc30b9297df110c8

/data/data/com.huadu.reader/databases/accs.db

MD5 d95e1280cc553509d7b5b7851398db12
SHA1 121eb76ea37f3407d0f3b56392f6f67893fbe649
SHA256 58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c
SHA512 f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

/data/data/com.huadu.reader/databases/accs.db-journal

MD5 83d803e3237b3344d986548347e8a593
SHA1 bcc76f10acd6397fa137ff1a06e5692616d0f73b
SHA256 1212fa46306624e4b405774382df2d1ec88f925bc3652a37fd35ef4aa1a52e6b
SHA512 c57a5777d35903abdd83dae26cae3e7524803f35260a4cbdb863824ee3a1106ae26a25724739c668c8c580f2e6d6662ddeb2dd556f5d1585726614221316d466

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9a37477d1ee9cf2e2a45c7456bfb1fdf
SHA1 0a65c52cc12f1942ed6ea586eb13e11639da3b80
SHA256 883c564b990d2254cc6bd95b5b6bd1751471e4e8fb98cae2a15e83ae03af0288
SHA512 9961f4e54e7997641f63cef3d1906e6442a4ea5806d5f3cd79c3e7ab8f073c23a61f32ea746073776548f891783f985d315c848dcf5c7769cbe907ef75fbd90b

/data/data/com.huadu.reader/databases/accs.db-journal

MD5 52051dbb21d84cd87baa132f260153af
SHA1 28c5545c0f62023bd163c0bc317a2d841e6ada4f
SHA256 134400641d6bc3d9e5f91b5889071d8e45173ec8d3ef28f06d9279179816068c
SHA512 1c5b34cdb7ee86a5c2e0cf387401941aca17eb5560379b91f749eec38c8a5d31a065ea1ea1cdb3d8208576847253cc9deb2f0610593d4793aeaa53051c336558

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 73394f5a3605add0b78d8f7e221d7257
SHA1 99446bcb5e387b3d2d76f36a3ce563e9b80669d9
SHA256 3421c2c47f0c60f4a45e60b19814faf02ccf4a4b4a1a44323a3b77f042e48c95
SHA512 b119da1b4d294ba867050cff112776ec5ece5989be12e3461f30d4fa0d531f9118fefc825698d6e17882852474a7dc6f3b309bb9ff64152d73615bd85ba0f4bc