Malware Analysis Report

2024-09-09 16:27

Sample ID 240610-srwtqa1crg
Target 9b240f0609408876bc96a53c4e8ec566_JaffaCakes118
SHA256 b952d6ee5ad854f37e3badab474b198dba49aa03c14063e17246528286352e20
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b952d6ee5ad854f37e3badab474b198dba49aa03c14063e17246528286352e20

Threat Level: Likely malicious

The file 9b240f0609408876bc96a53c4e8ec566_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Queries information about running processes on the device

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Obtains sensitive information copied to the device clipboard

Requests cell location

Queries the mobile country code (MCC)

Reads information about phone network operator.

Queries information about active data network

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 15:22

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 15:22

Reported

2024-06-10 15:25

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

187s

Command Line

com.ifeng.news2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ifeng.news2

com.ifeng.news2:downloadRemote

sh -c cat /proc/sys/kernel/random/uuid

com.ifeng.news2:remote

cat /proc/sys/kernel/random/uuid

sh -c mkdir -p /sdcard/Android/Data/System/local/

mkdir -p /sdcard/Android/Data/System/local/

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.newad.ifeng.com udp
US 1.1.1.1:53 iis3g.deliver.ifeng.com udp
US 1.1.1.1:53 stadig0.ifeng.com udp
US 49.51.190.27:80 api.newad.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
CN 123.57.129.163:80 stadig0.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 1.1.1.1:53 api.iclient.ifeng.com udp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 1.1.1.1:53 m.irs01.com udp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 1.1.1.1:53 ipush.ifengcdn.com udp
US 1.1.1.1:53 exp.3g.ifeng.com udp
CN 152.136.181.124:80 ipush.ifengcdn.com tcp
US 1.1.1.1:53 api.iapps.ifeng.com udp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 1.1.1.1:53 stadig.ifeng.com udp
CN 123.57.129.163:80 stadig.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 1.1.1.1:53 api.irecommend.ifeng.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
US 1.1.1.1:53 cdn.user.iclient.ifeng.com udp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
HK 103.235.47.89:80 loc.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
US 1.1.1.1:53 mall.iclient.ifeng.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
US 170.106.112.116:80 mall.iclient.ifeng.com tcp
US 170.106.112.116:80 mall.iclient.ifeng.com tcp
US 170.106.112.116:80 mall.iclient.ifeng.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
CN 152.136.181.124:8888 ipush.ifengcdn.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
N/A 10.0.0.172:80 tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
US 1.1.1.1:53 api.3g.ifeng.com udp
US 170.106.112.116:80 api.3g.ifeng.com tcp
US 1.1.1.1:53 stadig.ifeng.com udp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 152.136.31.216:80 ipush.ifengcdn.com tcp
CN 152.136.31.216:8888 ipush.ifengcdn.com tcp
CN 152.136.234.61:80 ipush.ifengcdn.com tcp
CN 152.136.234.61:8888 ipush.ifengcdn.com tcp

Files

/storage/emulated/0/baidu/.cuid

MD5 2a42ff6ed8a728e49aa763566aa26d62
SHA1 4279f5f918430239d2708348b1e97e22129fd836
SHA256 5215dd10f0e497f61212baecfe1d2694cc2295920b9660afe0165192c23cc53b
SHA512 87e693f35799194a9702b53700dbf80506e1c769de5f0f8103aab0f14f9629d92870aad87209408a074ef413f6337bb1f7dbe0e44c0689978461552a8e95a96f

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 3bc7f12cd15eb084dd1486e01c662c74
SHA1 ab86052f5c20bf3ff35ddc6f0bc2a73ef9910aec
SHA256 0010563397d2e43490ee6351a4c9da9df9d0469113bc2b8f9316bc535d48fa25
SHA512 3b4fb26c3af0e30ab2ec04216dedbb4db01d3b023d7f23324ef3c768a8cbf42c6a20d7e3ae482c8c53d7331ecdd7e25029d996456fb0671d57b1a591d9cee75c

/data/data/com.ifeng.news2/databases/reading_history.db-journal

MD5 edef45d01725d4abb8c02aa26d545d0a
SHA1 23fcd6b530aae31ba823d35add3c3668ed0d22ab
SHA256 8cb58c2c8d3271d4beebaf14bbe5ebda8e5b5390a15a5833923e0ff90a77b933
SHA512 3c89d47827e2b3f337d79d0c5f48177f060cac3130e7167531315f056aa32906638393ffb8df88122b6d63b5ebc43eb3e43d9325eb66912779b37e49eaf15ab3

/data/data/com.ifeng.news2/databases/reading_history.db

MD5 a61b134bb5f2df1559f1ef8049c1f990
SHA1 c1838e3f2e003bcb79ebad38a5c6cbc61e6f02f2
SHA256 1e18ad89e5b69b9791469a7d95dc6a0c61fe8af13454f816d744bf8e4b3ac84e
SHA512 4545c0dab4d2c471ce9ae5974f9cbb7810d532823a0cc84a114e5ec5b36a6217687788bc17a8ff0af18c1ac302d7f5cc7d4fa429d7a27777029a9d84d563e46e

/data/data/com.ifeng.news2/databases/reading_history.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ifeng.news2/databases/reading_history.db-wal

MD5 62f9063a2544fd7a0993ce1c0c8b3297
SHA1 c5d06e1dd8b1a551a3f72c799e054f826d464970
SHA256 156222c581eb25d21cc77ca57ff7a63f53137c5ada9cc62387137514a2987ed3
SHA512 7fb97e00b5f77c78a09a0d7e97172c8474e0536b941eba51653c9ce55ecf314f90f4b2d9a0611b9a9093a38f300614a229ce653ee89cd65b17e409d1db2b215f

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db

MD5 dfd27d5be422d9d7b545df96fb3dfbbc
SHA1 0b0c00b10b7ee008e789a92d632527e417747288
SHA256 e146519e2c27ef18753c8b02f4eb6bea052d844cddfd5283bf112fe4e0e386c3
SHA512 4e47fdd32c6aa2ed42e10e38c9b13beb7f6f7bfbf9a73b1c64cbdb3e130fd176851c555d814a6adb8666f6e642bd2def318a1bcfaf63dbefde6353cd7bdfeee5

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-wal

MD5 8f271c776e0cb617138d664ce94d9a4c
SHA1 c18ccb7dabe169724d4d98792226bea3a522c120
SHA256 d4462277dd413f5ee62ccadf3f9ae090fad7acf083577cf1e9bb601a2cdb5508
SHA512 96d63e0ed9ffa216761fe16ecd464045f4c623798d28095effdebc676b2987dea3735b07659994634f10c23d90da6b18b5885def7b65da8d46ed876fd5706e38

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/d41d8cd98f0b24e980998ecf8427e

MD5 370416458b1e8037b05fd2010d64e613
SHA1 47caacb5c5ba289583aede5c4fcc7905dbfa00cc
SHA256 76b6e076261a87091772f8cbc63f1b0a3c51c9c5a1392026f2865e07065cf474
SHA512 7c3b52c1588bdb63cd4b4375ae837ec300a40b77ae03588585dcad52a0688c4ba23d5820847c4df4e2d2edbfc2038fbf100e77a4676c49a0e6da94f486d65354

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/add6b41888ff6dcff2369f459ed219e

MD5 2d2004ac9ee819ecd62397c5ede5c424
SHA1 b3ef82973800838ea370a9cb8a5f2813e2dd4448
SHA256 615e2cda9f8b7428be42f6a0552f7fed3d2e637f25491319f4370104b5526f8e
SHA512 133b14418df9f46cdda65eff49dd25947c28cb16810449c204385b53284d0dffb336a13f7e06ecbf13baf7f727525d9cbbda7b6aaba1d3fa4724d2d4179e7988

/data/data/com.ifeng.news2/files/shuzilm.db

MD5 760bd37cbcca285b43b10a98615f5448
SHA1 6a2f1e5736ee8c1564135b7e7cacc214d814aa30
SHA256 a063f6fbe5f7a04c0ade5369fc4d97032a2953794e9cf2606cb0796c32e0b479
SHA512 8bc92af4d950b5bbec3e65bd9629705760e5141d5bd57c693bad89e24677b85d2959bc14972accba4b729941a39afc79167353525348fd48366f26158454ba9a

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032944354

MD5 5c030cc483becdf75b8f7092f8904da9
SHA1 a32196385a2d08ba73d9f7ad64cdfb0b457dd76e
SHA256 89aec07390439b17aa6fb3e638ca687b1673ddab074bd0bd6e0af3032358b77d
SHA512 4ad43bfd39c8f9861e9ecaa978910c87178ff0e5b2136e7a8bab2fbe8d27561b2ada566891cd72423019e5a837cf404f00f432a37c50c0b1255f8a258ce31f22

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 8abc071bc4f13e175483f50e82fc09b0
SHA1 f4b3e8d2abf85edcc34172c6f941b235b6b6bcdb
SHA256 bebae77133be7c7214184a17b9fb0b8c957a388c0a8c9c9f70330cf711295d17
SHA512 eba181dc710ca42bb59dc4ddec791183d2cf2d8cce0a7c5dc23867875698aa9e4ff819ccc4106b23f0e619c50c99a64466ddc71f7cb6cea5651869671609be35

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/d41d8cd98f0b24e980998ecf8427e

MD5 0e17f258da281577100e6af412ea10d1
SHA1 e2826be2a3908d633de571f169925c7d12a45a43
SHA256 8f1c8e550e64964fea33678c85abadcf20e07f842f7f292bfc9bc04163c99b3c
SHA512 3531c53e4f44231f8ceb2ae91b2657bf265ec6808b97fde29fb40cb4b0f069c8925784a40e88f2f8d0fceb5139f3454b82f541358aa2f08f4b06e6251cf92199

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/d41d8cd98f0b24e980998ecf8427e

MD5 f49f0d6242dff8d06dfecc0b5fd8b54c
SHA1 951a0511b047b950ca10e0bdf389868144c4421b
SHA256 6cdc1fff27c43f67d142670d14e659c788d78ecf24e7722644d080445f81d4cc
SHA512 102a38771e6b67866ef8be129482459c70b95f99988889f7f6222a980f834504f96b6ea5eaa7614480c818df268e0d99b631a249d00fc68df4c61bb3a93e3393

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 18003664aff2687d7fb57f6dbddd941e
SHA1 bd8bd9eef9c5df4178cd2d37430e76f53b230629
SHA256 580b88a85a53f22f5e56680c11d5327e7a2a0a29f4edc4eac6eda9e32adc1637
SHA512 178414035a6706b7ccf486b919a6039f8f368242827c779c1214c3e615070ee2ee255c2b2b0c942c9441b42bccbb649da99237c071d41f36433c6f17d63b85b7

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032945046

MD5 f3a4ea93203875eba9e43df0e516674b
SHA1 75419087b1f9da488a75435095c4c23ecab24083
SHA256 66f7a2d4eb9990d480bdac0133080a6ed666851992b4a4b527b29c6f62c049ce
SHA512 2ed559650f0698cc620cb03ae33e4cb3498835ed9c684627ae7918e46225e26b0492ef80772b338c813360ae1094faff5e5ae39900e16275c7b12d849c4cdd11

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032945179

MD5 8b65e1ae4b39dbbe45971c93f476c06c
SHA1 474724be3bf83a49d9ed1543c09c48acb709e73e
SHA256 08890df99e56640f8634e315ee293f78a13823465242e660a852264090ff9775
SHA512 bab30ddd43e3ecf8add8296ad11dc5d1befd05fc5a3b7cf852f8fcc6f5d157937d510a8a7c86ea0527e8024585e0e4dbf2f5882793ea31b5f5ae39ee21e73b92

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032945277

MD5 5100d2d95928654cb592ffcc5535a24c
SHA1 0e1947f774c8c5a196df8bbe0853d42bd98a0479
SHA256 443c2be76f312814e03357b7d00b5c1075303ed6fc3bd4b76d7fe53f54e12a38
SHA512 484b5292c70d30b017f65c1fe73e7926ac90f9052bdf7602279c300b6af1a8cfa78a23ec8b984f57d0fe7ee1c738ec721335036316d9d6ecdcf7af0df8952d53

/storage/emulated/0/baidu/tempdata/ls.db

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/data/data/com.ifeng.news2/files/ChannelConfig.txt

MD5 4aec7e03548cbea4fdd8b2de0d2880f5
SHA1 bf5eec84603a0117513bd3bb3bf627b3189bac7b
SHA256 530facbb952751d6eb7392cc1601c02e9f72466dca7becaa8a236231477006ec
SHA512 dad44e77e0959e6767ae2ab3304dd20f1fcc619bcc10ff72811c62bf700c60a51fd6814a6b59e93c6f216ce7cd79076e362e1547fca6102fbc2499271a2724cb

/data/data/com.ifeng.news2/files/ChannelConfig.txt

MD5 bc156b919c62f3c9a7b6c621983ad1be
SHA1 e5fbced79cb32b0a44531642df43343cd33c45ba
SHA256 e1f33dac23b2abf183f302f38008ca734737ad649186cb82b31837b6946498fa
SHA512 e395fa33eff5324634ca20418bf69fcbfb48b97a375792a49eb102de374c694856af65d5332fa1a5cdf5d9bcbc5029d171aa05543fc06bb8c95b1de45f6510cc

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 4253999ea18ad417445964088570c9d2
SHA1 4e65dda09338af84d73eafeec4326415e10900d9
SHA256 3829936985d2542c30edc85970dc5c64ab8efe09baa7fbf3e8646393ff24fae4
SHA512 5264c85f69bba15415ca7cb2f0de9341bb1170e113679fc570d1b80652c64ece365038e490ac25b8bb2f6304b66fcd194bbd9e755394fb25be06b8fe0365c337

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 03b6bb2bab98dfb2a9e2c620fc13714d
SHA1 c58232f2f72ade46d8586395d801a50ba6059b22
SHA256 89da99556d19c30ebb7d52f554953dd0b7d0685c03b22c4e9c98716779862cab
SHA512 e22796ab59562011f8ac0c76029b8b129788e9e54f1d24e839f6d883ea57042127e497c33ed15e5d771ff275d9c4fc52b5d9bc3fa1013388c777fcb44fe70b77

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 15:22

Reported

2024-06-10 15:25

Platform

android-x64-20240603-en

Max time kernel

179s

Max time network

189s

Command Line

com.ifeng.news2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ifeng.news2

com.ifeng.news2:downloadRemote

com.ifeng.news2:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.newad.ifeng.com udp
US 1.1.1.1:53 iis3g.deliver.ifeng.com udp
US 1.1.1.1:53 stadig0.ifeng.com udp
US 49.51.190.27:80 api.newad.ifeng.com tcp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
CN 123.57.250.119:80 stadig0.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 1.1.1.1:53 api.iclient.ifeng.com udp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 1.1.1.1:53 m.irs01.com udp
US 1.1.1.1:53 ipush.ifengcdn.com udp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
CN 152.136.31.210:80 ipush.ifengcdn.com tcp
US 1.1.1.1:53 exp.3g.ifeng.com udp
US 1.1.1.1:53 api.iapps.ifeng.com udp
US 1.1.1.1:53 stadig.ifeng.com udp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
US 1.1.1.1:53 api.irecommend.ifeng.com udp
US 1.1.1.1:53 cdn.user.iclient.ifeng.com udp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
US 1.1.1.1:53 mall.iclient.ifeng.com udp
CN 182.61.62.50:80 dns.map.baidu.com tcp
US 170.106.112.116:80 mall.iclient.ifeng.com tcp
US 170.106.112.116:80 mall.iclient.ifeng.com tcp
US 170.106.112.116:80 mall.iclient.ifeng.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 152.136.31.210:8888 ipush.ifengcdn.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
N/A 10.0.0.172:80 tcp
FR 15.236.235.216:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 172.217.169.46:443 tcp
US 1.1.1.1:53 api.3g.ifeng.com udp
US 170.106.112.116:80 api.3g.ifeng.com tcp
US 1.1.1.1:53 stadig.ifeng.com udp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 152.136.31.216:80 ipush.ifengcdn.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 152.136.31.216:8888 ipush.ifengcdn.com tcp
CN 152.136.234.61:80 ipush.ifengcdn.com tcp
CN 152.136.31.216:80 ipush.ifengcdn.com tcp
CN 152.136.234.61:8888 ipush.ifengcdn.com tcp
CN 152.136.31.216:8888 ipush.ifengcdn.com tcp
CN 152.136.31.76:80 ipush.ifengcdn.com tcp
CN 152.136.31.76:8888 ipush.ifengcdn.com tcp

Files

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 2cd47ada17ad7a4e3d5e2717cb2762c6
SHA1 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA256 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512 c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

/data/data/com.ifeng.news2/databases/reading_history.db-journal

MD5 5f061470f352772070a67eed88213e90
SHA1 d7533f4f4b83ab2edb6201df7cc63737c72346a2
SHA256 b97a586fa114deaea548f71578d3e7fc5ad140fe3d9b804b4e924abf87bf119b
SHA512 de1cc1bcb35a2e24813bffbb0f80501c3e3b902dd02e458623830d28cf8ef75663445da315798db1a2504ae9d244832b5d9e29f80675625be9df7c292b0030a6

/data/data/com.ifeng.news2/databases/reading_history.db

MD5 d4fc98b885eb0b69e5b85131b4a1d797
SHA1 a38e3462cd258a14abeb1367507af1193bfa7d9d
SHA256 aa247e07c182ceb8a09ce243bf1bad924f805e0a2c427c2fcc708f61347f38bb
SHA512 ec9d838863069193c04a11998fec122c1ca1eef46cb2bee0d6787b7aba2570c61374b6809e800027e5d5a97a93ad12d9d28b4407960d8b7956dcc2f84428894c

/data/data/com.ifeng.news2/databases/reading_history.db-journal

MD5 eaf593f32038067f4838c5adaaab866e
SHA1 66b22a0c39883d21f5348f9866ffb4d0142ff1b0
SHA256 8d6f622a7660c97ad3f8615d39bd4da4f02c9e9f0c74fb7423ab8ac7bf86aa2c
SHA512 b974410a3f0f0b6f01a0b9b4c3f1989dbb522e0308b1c285b3513d7f77725879a344418763a2334207ed2a83ddde5f6dfa595378d8a45f7ea077c17ef57dff1f

/data/data/com.ifeng.news2/databases/reading_history.db-journal

MD5 24a450cd906256fd8ced4c7c4af65317
SHA1 310553c05523d7a12156b74986887232eb0e1c90
SHA256 657567ef7c6e1592a532ef9ea836976def357047aced3a1507cc94b249c52d53
SHA512 bbb5feb3581f1a58ed08abf0976978adba39309bef612941bab365002d7f86eb9d98f9b089dbd6b9a810e2a69bfdc0051f81ff5a98e07e05801f4024e102f3c7

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 a14f0ec499788bea611780e3b2bd67a4
SHA1 b8579a68b3acbc4bc88c40292ace5e57b9edcee9
SHA256 bdea21be6207de24ae1d1ea825c35bf676ebaf001b879a77d96a408b628c7fad
SHA512 81018f34830911b20723cdee6b38aa1a9e13e8587e2d53e7bab552065e86f1631017ac619045484e71ef42e49588a5492e1f14b56409e5be829c3433fd0a5076

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db

MD5 e3dc03c82edaa8bba791cac1b8267f0f
SHA1 1afd979530992f55ad13b755373cf9c056965427
SHA256 c9e476bd3908cefe3ff95dfe5e3f1d96815ad4b05c6c7fc83de03cf7417d93c3
SHA512 591303d98d6fe75a3912316816391057b91967f3c0f6c4323f213e87d1b6c3c8536222bba2824ef01c4325542b1390084ce216ad48be405489979fa6c73259d1

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 a2ab42a9b81ebe87afc75e25a5159a80
SHA1 d0b55ee9c673dec2e3f6878020cdb8ee725bc4d8
SHA256 9b4833e988e790e606895bcb98142c5f0549ad02ae3f4554fd1b08cdc1b8ee9e
SHA512 821483898f69a551a83e7327e0a767c7755ccf75ab775b4ba1eb3b2da1606f8fa0d7c85b230b9b71d631f8ef88d0638406742e47c818676327826fa1dfbe83e5

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 2b7792ae8ad4f3abac9ace77e71be489
SHA1 b9069122b50db6450ae39ae7b15ca9c0643e8c9e
SHA256 ae9c747697c438c7a0e94785a30e225951060a661c4a970f55fb688e688b2e42
SHA512 141d914871e92c9653e705c14535c49c1361ac6e3bd422f3be47cafee27257cde73cb69a326858088785bb852579341ae046315827029dcef7930f0c5a21fe1e

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/d41d8cd98f0b24e980998ecf8427e

MD5 e0bdfcc09c0441a345ee7ee2f911066e
SHA1 89da23b1f0e996e9364957a681ca3b7357d1196e
SHA256 6331b63c40be93f819115c05b2d26e31b90207b8e03ca6e25749a3cedef836e2
SHA512 1255bb6adbf14e2d659bd2cb3490013b12b440f9e2882f0b476d08be697a1bdcb48d90aebc048ccd172c9f4b760de53537edf3422a92b9122c26cca76d25febc

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/7e4cfd2a92cbc78119f57efcb3b2c1

MD5 f2a6c946a2d4ef37ddf8b5b13ab51a67
SHA1 05def285fcfc16a53cd805d0087d965e3d3931bf
SHA256 c3e9f5f3393cc4316017edd119ec6403986f5fd69f332fc19e5e345361c82c28
SHA512 f0893c91e939c22dd31e805ee4b8f1458e6e1707520730a35d7542775b65ccd48bc5bdb71252163d40b976c31f854d546ee308c972439212cd70059d93c46345

/data/data/com.ifeng.news2/files/shuzilm.db

MD5 1ad0dff1e5eafa704636dfcdd82f3c39
SHA1 0b77853515aa0c9f903fd62591818c8d0702ce82
SHA256 78d04106ca400311881dc29c4e8fdb3bd1db4882d8cc4c8334771fa4aa165f59
SHA512 397203a43c1897aa30e595052fe9cd208c62a337e116e92ff0eaf2c50f10d87c2db82e9fdf5772a63a59fdf1503458ab7b94010b68ef766368f5d084bb879c1e

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 744ba4d6f58e22f8f82d56a50e4b5373
SHA1 535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA256 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512 e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/d41d8cd98f0b24e980998ecf8427e

MD5 bbe823c4dc77e275eec5253af70a96b8
SHA1 966041d5460fdbd5b10008f53baaf7d9a235a61d
SHA256 22124a06bb38af645e3049ecc68c6c64192eca2ed88d449b6982d8f8c3039cc8
SHA512 a3d6635c3f256f948e2125247f70b236aa3c07c2ac13651eed12036e31baf28bf60070e6e1281145607f1ec429bf268dbbfaab1cf310ebbb316b55948bc85371

/data/data/com.ifeng.news2/cache/.574e2f69c9e64da5b46ff85d8d12f01d/d41d8cd98f0b24e980998ecf8427e

MD5 6c48a2c09f9ea447ebe2e5ec985a4b38
SHA1 fed1825f34068471901b97e5f932cb491a5c9b5d
SHA256 2a6301be0eb01c1933ec9786a8ebb39f3a4f291143553cb7ff7ad4e001eb88fb
SHA512 17c32ee35c40d4634cbe2d9eb58cbdf7f3e70e7543b66f10b89115c89861d3d9d3b1e392ec71ad90ff9ab96d651018a3051e4c43342bf28f2f38b2c436176eec

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 c3e3a1decb395d8cbab3323301156578
SHA1 cc9db9e9f3064ff40141564891581a19e28e80e4
SHA256 a27934cc0556e895ca54fd71e34d66381d498d7545d304bfb938ad40f31ae295
SHA512 209f5f8cdc73527ca2608c6bbb843f4b1f30e6c89b482bd48fca96d3633c799e3b2d54fb868ecb8fe31329bba03eda7f17b67aa4c74864b7d5f0c5d908535fa7

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032951222

MD5 a176479f9253fec84bad00d094e97517
SHA1 cc9cbfdf511107e64f60d1f4d12b49c80f44e5c5
SHA256 e0771a29512b0ee122912de1cf5c3552bdf84a95d73b5da50350143bd719e641
SHA512 322627a752100c25e6f0714cecf18faaf32bbaa1a90864b5d4ee8decdf77f1494a4247f40697c67006db209a90f9910b6fef77dbbdd82a74400ac4ca10641612

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032951703

MD5 96a2210d1c2e8b6858fb7db8992a1d78
SHA1 5d429d18e650066961b880d79a95b781a2f68418
SHA256 392b6fa6b1df66fa7ac7307307933ee0e32378a1ee95847918239d1e27c0ad1d
SHA512 42465fb09c0d3401c7ebe4077716b97f9edf8ce616fe8a4f9433dce260baf77f2f9ee2e778e6e97fdf1140e33ef12666dc564ef6c15e0babf6a0f5fb0a9dc201

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032951739

MD5 45360d8ed589e5c7b2901728f55687b0
SHA1 a8d858282eba9686380e923fde0fb117c6ab1d3d
SHA256 0d871678d8f1553c4968cfa1aec62ba0bfba8ff5be04677425f0b5a54ec61dfa
SHA512 88d2bf24e3c57a8cd96cd6da8a0a6ab842926fa530aa1c719e95804bb0cbd5be52beb832c996367daf9d1acca4a642f25854bec23cb8c0f501cbde38f2b17dbf

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718032951794

MD5 40008c27bfd5ee915636ca7a318d0f65
SHA1 ca409354107c4b8944105daadd6df43f429af388
SHA256 36c7dfe511eea7ddabfd93d29d2e8134493fb756afa15e82eba3d3c685401b9a
SHA512 8d838d6414ac5db098bed7c7bc811c4fbf272670c7f339bd958868cd1e1e020d6c34d5d0c5c51bd479eaf87eec53eec8d3bfe0950484d124c5a0bc7969da2568

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 a8a5da93c610f64bf9afedd296340ed0
SHA1 7dc8211192cdf60b52ea100fd0f24ec2d7fd5c8a
SHA256 f92bde4a2f03aa05a9fd12136097f31306312a27e576efbd5982316bcb2a55e7
SHA512 bccd91f4aac312b2d8b0f26d1767de8c745df85873ef0141480fc31a889ec8b7bd324c3bbda1c5e93f88d33c66787845246db2c9d66a8f4e8aa0936c9ba5d5a4

/data/data/com.ifeng.news2/files/ofld/ofl_location.db

MD5 49eefa442e55be8652c7c3c5f28d912e
SHA1 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9
SHA256 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7
SHA512 b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7

/data/data/com.ifeng.news2/files/ofld/ofl_location.db-journal

MD5 7836763289d4e4cd207e89021e272763
SHA1 fadf434278dc5d787176f78f5e037f16bad8b74e
SHA256 c38be734b94a41945af0d250a73ebfda6a89ca9f0dc86c22bf1b133eefca177d
SHA512 f6e707ab6ef57b646a18cafeb62c4314ef6d4d0947a718cb903591d93378c911ee3bed8ff31e5b94f077d6337aad504b538828adcd8826bb108a916dcb1bc1ce

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 0d89a7f62c2a49e05ae0893c3c417b57
SHA1 6fee5e554ce1dbe0df578ef1bc81e04e535f7fef
SHA256 881438750c876434a7975cf3c32109c0d74b9ca0c6ff33f1822c3df23c33f59a
SHA512 edbc12a8b86954b66301effb9c7d3a242641f92a7b598dae40cb437465fed0a36720c5404ba752b7eb4417b51b406c1fffe956837af7f309d5ab992c56eae276

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 5cffd5eb9d0f37afb3c0f21531424953
SHA1 756349f56e891d1039933c404a3f8918fe060241
SHA256 eaca01cc1c62b652f59b8d80a4e8a1087e2e196c7c67d439d991c6fc073db574
SHA512 2e87a1cecd26bb446734133196ec3ba501130005b7f35a953289c0720c6db892c44ef7515719d05f5aed1a829ec0b7ec7a7b3d7adee1b8dd392b44671ec99017

/data/data/com.ifeng.news2/files/ofld/ofl.config

MD5 0813d9d4825577465942cf743426d149
SHA1 89cdf9d7763b18f9644d690743ecf36cfca7b8c8
SHA256 145a2ccf24cba62bd6068893913bcb795639965517c1bc8d93c9e8d29db2ca6a
SHA512 11298b9866cda3a4f1dff605a2bd539fea4d1715a170d25648a4af1fed7bd4d9aa373711094db4b60d7dc3037f7c23780f650cef8f482419cdea22871eaf605e

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.dat

MD5 8db9f040a9ff9191bf8a555759b22587
SHA1 25145dc0c6155e0ac318c33fe44318760c40681f
SHA256 f02f73c0d6fed9ab1317b30318c0d4fafbc00ba6e100bc8987425cbd3863d6fd
SHA512 22fc7d107760db84f59cbb62784eff70e46d1c95c53f261388f40454e7775f87d273bf7c0c4226b24be8a0ac990e60844cb00fbdcdd3cf3891609417fcae6429

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 87ee5f003be89a5a01df135443df5fb5
SHA1 8de821968deae34618cd47d13e0c80c060e4bc75
SHA256 09e52d62783baa7f55ac00ade310958f728ada61f9fe4a3be653e295fe20a3a8
SHA512 55788360510a3d145b2e4b4316a1f3db58504d79561045e2278683f412498492dd9d6e417c5b99baf51f5333f2d4db3ab59739bfa9203fb672abad26f3021c31

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 ccd94ec05c13963eb8d686313ed7500b
SHA1 62f236145ad9566b24c901dc788b033195445776
SHA256 4217e76351d6e4e0e15a113187625d5d4a25cd3c3d09b878a93be4693086f918
SHA512 c84f6bba40d5962ccba53fa3612b6bafcd392b34626c18ccf084ff78a8ee37f05b279f69757027d81a2cc6b31ff8b1f12611dcaef5005336890420498a3c36f3

/data/data/com.ifeng.news2/files/ifeng_statitics+5.4.1.dat

MD5 054f0e4fd87a58d622c3374ee089e4db
SHA1 32e029812153c89f4a3369e153f9aace8997abd0
SHA256 55469c23d5840e6ae93f0ef96b8c8f263dd33ce99320b34b06f31105db4a1185
SHA512 c3e09ff4289a2d7f44bdde012dec672a6b523bd0eec0c8b618d5fd3d2186dee29946cd0c50260d353696465c2d6cddbef8b78c075168d82bd1a679f79035e785