Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-kv337swhml
Target a01a9dd118fe4689f4634fb46d5f16f7_JaffaCakes118
SHA256 9c6f0b6cd0535a843409ecf3eec2f161e8a90b0a752bbae95d64fd66b3de4478
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9c6f0b6cd0535a843409ecf3eec2f161e8a90b0a752bbae95d64fd66b3de4478

Threat Level: Shows suspicious behavior

The file a01a9dd118fe4689f4634fb46d5f16f7_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 08:56

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 08:56

Reported

2024-06-12 08:59

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

182s

Command Line

com.pykj.ddashop

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.pykj.ddashop/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.pykj.ddashop

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.pykj.ddashop/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.pykj.ddashop/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.pykj.ddashop:mult

com.pykj.ddashop:remote

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 log.umsns.com udp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
US 1.1.1.1:53 app-router.leancloud.cn udp
US 1.1.1.1:53 gtt742co.api.lncld.net udp
CN 106.75.100.17:443 app-router.leancloud.cn tcp
SG 119.29.29.29:80 119.29.29.29 tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.71.170.130:19000 s.jpush.cn udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.89.60:19000 sis.jpush.io udp
CN 182.92.245.193:80 downt.ntalker.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 124.71.170.130:19000 sis.jpush.io udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 app.goyounglife.com udp
CN 47.95.165.147:443 app.goyounglife.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
HK 103.235.46.245:443 api.map.baidu.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 47.95.165.147:443 app.goyounglife.com tcp
CN 47.95.165.147:443 app.goyounglife.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 59.82.29.248:80 log.umsns.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 59.82.29.248:80 log.umsns.com tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 59.82.31.154:80 log.umsns.com tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 59.82.31.154:80 log.umsns.com tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 59.82.31.154:80 log.umsns.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 59.82.31.160:80 log.umsns.com tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 59.82.31.160:80 log.umsns.com tcp
CN 124.71.170.130:19000 easytomessage.com udp
CN 59.82.31.160:80 log.umsns.com tcp
CN 123.60.89.60:19000 easytomessage.com udp
CN 124.71.170.130:19000 easytomessage.com udp

Files

/data/data/com.pykj.ddashop/.jiagu/libjiagu.so

MD5 f380717bd1e3916c7b697fab8d46c5d8
SHA1 04f51f0d16097214e38be517d93be44cb0603a88
SHA256 8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc
SHA512 b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

/data/data/com.pykj.ddashop/.jiagu/classes.dex

MD5 b2a2a30e1f5f02b587d4d6886fc7b629
SHA1 38c3d1e12dbb0168062c884ce7a77cf496124875
SHA256 fcea42742f860a11e2b937e1aaced63271a34ae639fe36830781046427eb93d2
SHA512 8528f5c6c949c6ad8085388ec301428679e6fb8a6288ccf0d3db731266a8a63a65affa163cf9d55d2751e9b914a87dc9893226098b1921fe150254c65342cdd5

/data/data/com.pykj.ddashop/.jiagu/classes.dex!classes2.dex

MD5 75f42225e22a84f1fcc3a3df45978601
SHA1 37fba0bc980c17876f468795a45bbf3047dad91d
SHA256 98d91ff8923d4c2bb20fded1149ee213c4369ed72d25007d936b2439ba9c27d9
SHA512 8c2b14ad587ac21bf91f12401c8f01f566004e8c176f4dda460edf7748fc18d8e0e2f7261961c4c4ce6bd19a43d3cb9bbc3889441709ebdc9a9ccc78bcd5ce67

/data/data/com.pykj.ddashop/.jiagu/classes.dex!classes3.dex

MD5 6d97c38e0b2c30745d0ba8ce09c9e798
SHA1 caa600428905dd678a4d16e1c32c4adc1d1443f1
SHA256 ca6952240853668726d60aca2b8d5293e2bad73306be196156a0226fbb8ca811
SHA512 e34d95001fa9ef28ae936ac8f5001e5864564ab57846b68e32a2962167544ecd7cdabfb56f3aebb01a554ebeff925d63cac4af453096358c03171f436c9b4931

/data/data/com.pykj.ddashop/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.pykj.ddashop/files/.jglogs/.jg.ri

MD5 7a5f3bea3a8fb3738b5120cd0ee56033
SHA1 1b97e7df7d23115be72996899d71dc9508041c14
SHA256 449aa4a8c159a0e6cf182870fe73d80657cf209e8e54205d285f2be0a7e36e94
SHA512 1e111b351a1fd717bab8dd6b3db5b74c7674df5028f347a76de408d9a7a9961fbba4a4893451e8e08b44a202409f3030ebb70f1c8755f87acb35275f0ae15786

/data/data/com.pykj.ddashop/files/.jiagu.lock

MD5 9811c7668ec6700835139be9f0ec7a48
SHA1 0939411f75ba2f5a014d7f5f77211f0b2c557ba3
SHA256 6e5602a6b1bd8e03e2f05412c2c913c7054f6e6f38425a8773d0b0aa61034364
SHA512 6081235cdf995f180aabf8c9491a46b8be8eeaed979470f82231982f60170d08d43a8ac828aa711c9ab271432328c78e12199535160e2017f5678ba2874845f1

/data/data/com.pykj.ddashop/files/.jglogs/.jg.rd

MD5 47ff445c892e97bd925ad254982a36b6
SHA1 44abb7af4adf7e47f57b9123c9461b80c8b03a37
SHA256 3c4d335ad86603e12f1310a6b2c49af6878ccf005c0432877ace799013136fe2
SHA512 49e31baf3bc733a31b17e9d75db01b267d45cf6fe230ec33d7b2e8d3acbca11f7341f3086d70f179b51e799dd4a259fa6f56206b5a3a45ab79c50f24461c2cd0

/data/data/com.pykj.ddashop/files/.jglogs/.jg.store

MD5 8184c6cfd5c946b7abb10aeda133cde0
SHA1 148908515ed7ff859e526c7b1707888bbde54b4a
SHA256 794f11d0f09c976cd5ca8f9e38ddf3dce150765e2c8b596f9799d184fb21e5d5
SHA512 6dc29cee3c34e0639f304f3996da792115f4d59df8b71677af724ef6aa026198d6f737055e1707d608dbb2da37d0c597a9507c7a985799de6e7a18c3225bf8b9

/data/data/com.pykj.ddashop/files/.jglogs/.jg.ac

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.pykj.ddashop/files/.jglogs/.jg.ic

MD5 5004ca9f0481fb0a6ad028c59342d4b8
SHA1 3550e853f56facdec633a7010bba6f441fcf346a
SHA256 26db2cf7a975009180c9e853458d86850622a0d685c7976f5414327cf157dd51
SHA512 1314b2709d68a2439b22b6bc7dbf0c6fa1c5d918c7f6e6f0a4b1a426bba56d6eb2aabc8988b5a42d196a3a83e4b20eacb618597e3cb1903fd22b8a257f29d748

/data/data/com.pykj.ddashop/files/.jglogs/.jg.di

MD5 48dbada5b5cc94bbb66347c73b00cb0f
SHA1 147bc710f5a1b7e261b83af26fb97740ba898916
SHA256 df9e2f3f49b26b02f658ab72d58b4a991cb544db146bd0df46027d744a50a301
SHA512 ac412595a2c3fa78c51a81142ee9f76b2ffe9c2fee05ffd7ed1e4b750764d76bbe2b73cad706007d9054c8c285ca451e316a178f204be53e992b7d9757cf2519

/storage/emulated/0/360/.iddata

MD5 90625042389e6dbdb37ed9f22b20867b
SHA1 463347bc897536fcf5b17158626b678dbcfca08f
SHA256 7069d64f71de14791fd3bcad954a66c7c58caa0f38ad08a59a481f41fa92b86b
SHA512 b1131f34847f3f37ae6e262b3d6fe70b1da7075f89cb8fc570fe97b1751b36f5786b43237ca6a04727a8096b9195e9d73fd3efaa36fcf2cad9f477437fa684d2

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.pykj.ddashop/databases/_nohttp_cookies_db.db-journal

MD5 2dee3750ed9c8e2b2542e2ce0cebe714
SHA1 e7c3ab4f1a0aea98082812e31999256c115e56d9
SHA256 cfbcff85ff442adbce4e904b8c5a48d05b59e78bf109d005453f3840d8460c42
SHA512 b8262efc975d1ff77986c7c293c309aff490dd6a72a7eec49f07ea51cef9f9d7f1842da35c73e5ebdc7b744ce94d354eb683a1aeb86262d9d9fa88995c869d18

/data/data/com.pykj.ddashop/databases/_nohttp_cookies_db.db

MD5 17b0ff572cf67562f2dde50048164b64
SHA1 d377398bfff3fd9dd92449503c76ff72cabfdbe1
SHA256 a4609688cee8a780f4bfc78102b7c3f3399f2069e52d38f67aeeba29027f3960
SHA512 d138c5b0ecdeb70abee3a63b15e48d46f94df49e979dc7fdfad0de31ef39d238a05c85adfe8489a2cc7011e19d01642bb090e98e5d0e275825681b4bff28684e

/data/data/com.pykj.ddashop/databases/_nohttp_cookies_db.db-shm

MD5 9a638d534718a9766fe5612ac6820e6b
SHA1 78d369692954d070f272d1dd3b5ce1149182c903
SHA256 e4d5eb7ac28d8bba9bca673f08740d6ad6c544098c2a6f901f25c4f9a30b0ee8
SHA512 21e603597b4d0bee45294db3aa00e8845c20af3ea60f3aeb1d28b4ead250f567df9c9573f4b8366eb6143f752630ebb28a6e0b60efb47f18640ed8c81fea3ef5

/data/data/com.pykj.ddashop/databases/_nohttp_cookies_db.db-wal

MD5 a73838e5dfacc3bcb2cd7513b0b90e11
SHA1 3c6eefe2cbe9d2dbccc014cc3bc3538ec18a6220
SHA256 d15e242d441cfebcf5836d00fc8d0f9ac0eebe70a78566205835bc36608be30f
SHA512 aa35a577ff4e4a9378a12e69095950effd86958f36194f9d9e36dbe4b88a2d9db20495149236618d551b131033c5803b29fddcf31d864434a293ab33722cf9c7

/data/data/com.pykj.ddashop/files/libcuid.so

MD5 96b92d493ad58acede1feebdf86dd8de
SHA1 4ab6cfbd38a377b6bdc187ec23e1fe8a86b36fef
SHA256 bfd3116aa7518cbda0ff4260b60e346e5b4da79d72a5e9ff906e936ed9849690
SHA512 2fe75dc1a593d44301e6273447bbe2be1ed374586342dd2c224033ab22acc529e6fb3d5212c6d7d73f25aa5d5d87158818f83ff7205b7b4d425e22e8380b89ad

/storage/emulated/0/backups/.SystemConfig/.cuid2

MD5 54e7d18fbd1c09929edb9387322da5f6
SHA1 a3af9028931c1c90b791b0e1edfa22efc164cfe0
SHA256 117b9b3f315dd00e18168f2723291e33829a117e78c5a24c3522a2182d4839d0
SHA512 c726af51882934c25d7bebf7f0654bb246540903eb8e7f14559e4fdd62f1f42656203aaa81993ab1f5b0ec9f829dbe4996467eaaf1e66c79facdf982eb318464

/data/data/com.pykj.ddashop/databases/tx_1000_ISME9754_guest47974609491720737240171393831803108216-journal

MD5 9980b339b300aa1849a67db75a5b9884
SHA1 732e6936dd371f62e5d951fab966f7a69fc1f002
SHA256 373f089940dca3bd423442a0d7900e44d64b58c52189a8864df336549a1be422
SHA512 14769132500d4491542badf637ca3f248ef166ca56754fccc3d4ce5ae9199295ed425b4c439f106e4c7b377edb5d0d5c9d80f05f67d7b388114b31c07f50af9d

/data/data/com.pykj.ddashop/databases/tx_1000_ISME9754_guest47974609491720737240171393831803108216-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pykj.ddashop/databases/tx_1000_ISME9754_guest47974609491720737240171393831803108216-wal

MD5 6efdc1b87deb78a1ce41dc7187761699
SHA1 42c0e5bd140ebfb49e0b593340333ef7f5f2ffe5
SHA256 4d0b37e0b02beb6a17ab78d9d02cb0cc48236752fd4e9094a86b4167cc0f6953
SHA512 6fed37bfa05a2116236d5824edcc78bb215d74f9ce87c313dba48b63fc30265255b8f4bd30c2867113bcb45c26b1a5374266d872da11e2f70e13a3fc060910aa

/storage/emulated/0/data/.push_deviceid

MD5 e7b5d801099c30f7e99408f99542808f
SHA1 5194c2a544c92f2ebc17729dca9c221cc8e9da6d
SHA256 680df0f09ceb10c4c563c07d1731f50f3850cd6e101b47b5890a3a105224a7db
SHA512 e672ddcd6a652310778d33900baf49ba7517a4b286ce662589a7a121c7596a18d0903a67a3a3a08118058c76b79890758e72bb20c243b05b1f7517e05fd2d921

/data/data/com.pykj.ddashop/files/jpush_stat_cache.json

MD5 993a20ca16d701884ca69f6b54ceaf11
SHA1 5a22b898b93fe8b8b2422f6f3eebffa20db9abe3
SHA256 7ed5e8cb4befff7a3cdbb5c866ef0fc04f9c223847610a0a58543c4b54d15ec1
SHA512 8ae3650050a07a902300227d15410f11fb4ca2235828778698f286afd59bb20e1269f6a6d169818c60816de33c2f5b28169f40a2025d2ef7a189538ab9a53015

/data/data/com.pykj.ddashop/databases/notes.db-journal

MD5 187b3d97c529d6f20515d184776d6b99
SHA1 1f75d967a51d1ff61adb4f7d3473970877a6db44
SHA256 b13cc8b9942c00d845e89d10eda06399eabcef35ab637c313cbb89a9ed981afb
SHA512 90cd9f221bc93bc703cc494d0963517eeb6d95ece6bcb4ce892784b8b3fa9165e73d957ece20c782c3366520353ac467286c0760fa77bdc191c2ebbb21828af6

/data/data/com.pykj.ddashop/databases/notes.db-wal

MD5 4b6ecb3e922f0f1941159543a58f686b
SHA1 0f5ab635f02e8110cde570acc7dfdc4a777872ee
SHA256 1141fd16e5537b1a20770cb8b2c13fadf1a9816e4f3a8c12ce8deba4e48f17bb
SHA512 cf97e1ec5205346d07b30da8e22c81222a0579e1ad665ff7fdc387f6a9805c8a78749ddfebb52b2020a8dce34fc282dbec2e3415243205fb27ed9c86dfadfba4

/data/data/com.pykj.ddashop/databases/ua.db-journal

MD5 4459037524713543efaf1bec65ed08cf
SHA1 291c89b813b0f47f90dae8d82d6da701a2275b37
SHA256 6b42878f92d956f2d980d8bdcb3cd7a489167a53c6511651e04e31697016afbf
SHA512 c43189daabe88dca615e24e3ca93c7120deeca37fe4e172feff3dcedee1614a5c92dc6735cc80bb9b3e4b555a901c0cd23ac902a6d573695da82a21a1fd4d1b8

/data/data/com.pykj.ddashop/databases/ua.db

MD5 cb7dc48bb11374057d873f404695c736
SHA1 9367868e9dc6bbc61ef8cc3f60553d5bf19d2ab3
SHA256 975d247fb5577afdf9993533a18237ec69a683da9085eacdb0bee1d8ccfaa44e
SHA512 b634ae17086104f32ca8df153403088e76b278e9ce7325bf41a1c9526c2cf155631870b6dac1ab4175d41b562ae68238a8b5c2798bdc4cf2bbc6b8b29ff10c04

/data/data/com.pykj.ddashop/databases/ua.db-wal

MD5 46a7c9ff8bf1033a916b92bde4a2d15e
SHA1 262b92e601ab11c006f388fa51c4ce359b965a76
SHA256 911b6104fe6bb08520b04006ca5ba9160205043e9c60896d095619c04246dabd
SHA512 96a5863c4772291eb99ca06e69d07354b7e82fa990e84edc485f4d4f4cdb79edcd3013ea3f0890723e826e940e1bad2987a7d668f70d9f5bb10533843e9ae019

/data/data/com.pykj.ddashop/databases/cc/cc.db-journal

MD5 89ab1cf1a668034cd3c841fbc899f904
SHA1 7b97a8f8537c6f4656cde25ed12b229da996f126
SHA256 2483e7b88c3286f38536c2c4e109931b5e2f76b1a9367da6f9485cda65049038
SHA512 c72732a01623ede170148578ebd571803db2c71c9b26276726022e84eed70bfe184a9ab2e8b826d44f134dd631ee5f085ee4f66b611f2b2ee91e705d17b558b6

/data/data/com.pykj.ddashop/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.pykj.ddashop/databases/cc/cc.db-wal

MD5 ac3f32e2842c9f20ef56634bd08bce22
SHA1 fbc1ec3354fa8d6decf83bea783e3929321ac233
SHA256 625524bbb823021d99d1961342cb057b73f08bc431c910831f7417ea238cc221
SHA512 e4b55fa0f8b7a01685d8fef62bad67f1d13db99f09dfd01f9b5d332a7b27acc6068e4b577f58a6fc26385b32a1c7e502b467e73f34f3ea9ea6c5c31abbac51a3

/data/data/com.pykj.ddashop/files/umeng_it.cache

MD5 8627ff14393cb2acfac09a5152d086b4
SHA1 e327947629f06d172519ce72c9f3ae5054366fd2
SHA256 36f0f49004f71530ec56f8cf58c441351be4182de124c26b458d5addc976158f
SHA512 c6a92a957ea2bf8895e41b6182130bab66c830977ea02bb0d144ba0fb716df1b7fbb6c1272805d9c240063b43c73a1297405ec3b585011cad1de541abe048829

/data/data/com.pykj.ddashop/files/.umeng/exchangeIdentity.json

MD5 07fc1d8df1ee99c7d5a7b86983bf2ffc
SHA1 0d4a6f5e299743a80ff971b8e6e454c57f69b3a1
SHA256 70188cb210ea605354abcce93fc3e90c8a963983c8396eeb18738365c46d6eac
SHA512 4ba356762cbcb255d7d0a145521e00407115f417f5b91b568454164d1afd21adb5f5ce5bc74aea20a8b8869c843fb8455e4918eaa9fecbfea161e98d02cb47d6

/data/data/com.pykj.ddashop/files/exid.dat

MD5 f1ef57a2322397fc309af93a3f42410f
SHA1 b90b71ea3fa1022bc5f96b178dce9f55d01d0fd5
SHA256 961588661d9c4c40c1b5bd6288852f3e510d7a50164f4b137a8442b8129c7f20
SHA512 92257ff0e12a8a05882c2ac01b33a8640ea0935e8913c77f2ffe4576a6083ba8d884fae5feefe0da74cc16916ca2eb28dbfcfab51de2de0053e1208c011571d3

/data/data/com.pykj.ddashop/databases/ua.db-wal

MD5 ed3ebf330d00f096b388766946b66015
SHA1 3cc9b7bf2ff5746eaa1c55a39b13c7977032693d
SHA256 914b170648c19f794582dd25a2385be8c899266958799a9fa7b5f26ea8f027cb
SHA512 a88c425504f2a71aec773ce65218ea673a38ec080053a90c67ce9876589ef65f71c195c23a6171cbb72102f753d6bceb853af7e335af229215fe33408c95e97f

/data/data/com.pykj.ddashop/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.pykj.ddashop/databases/cc/cc.db-wal

MD5 62fec246a88320ae40d3ddc5cc24c8c7
SHA1 7b1b8925dd87b75600e24092619ca7938d40f53a
SHA256 258d06c69e3c28f0472148707b43c88b43eaf57b4594920c4c9066224e61445f
SHA512 43ae4d5e39813f4ecaf6c8f6a329b9133a4f7854710c03bf67515f237e16f0fb5a190672ce2fd67601d2278383b621442a1227628b7cd00725deea7b7128180a

/data/data/com.pykj.ddashop/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/storage/emulated/0/backups/system/.confd-journal

MD5 294bc4cd9e52462bdb3fec8e77a4672b
SHA1 585e7be5fde3858fb8f8f8f54ddc109bcaeb12e1
SHA256 b7c34f3e64c200be1a4bc563869469b0454c19585856e3dd8bda2163f5b87aaa
SHA512 95fde66a84bdd0d2cb2face2506058c30349ef45a210f4a29a15c47b99abbb275989d24791a72929b0723e24650e0659cf1ae8a4a74c0891357f613ee33606ea

/storage/emulated/0/backups/system/.confd

MD5 249e034c9703afc1fd6062371c7f3da8
SHA1 9ca489179488e0fe5a35f7c0d5887f163e4890cd
SHA256 18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a
SHA512 b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

/storage/emulated/0/backups/system/.confd-wal

MD5 c6a5c157538ff0f70a921aed2a29d10c
SHA1 619deb1f6b21a3f7eb7a6dc849b328d6efc62766
SHA256 53a616c0bbac34fe2e91c25cf1aaa8dbcdcf253384ea8001ca451fb3f8f09d7e
SHA512 d1398be32184452cb3fbae6b630bfae38ebcc6712802fd1902976badba8e6d9c589147cea938e6b7393806e56287425ee2619b5930b3becf8d64911bcd7444bb

/storage/emulated/0/backups/system/.timestamp

MD5 10d74ee230f43c17064708a543db2192
SHA1 3e47ce2810398866755a055cdc34379b1bfe3a03
SHA256 0dc7edc01ec8f2ac1649a80facd8bae33dd43c39a4ae77838856c56209b56631
SHA512 b81c9ea71edd629c42ba9052e4a705f2ee78d2cc677e93e154c6979f5698a9e1ffdb499750ddaab7c66fd460a92a0ad9983113adf1fbe989152127e75b44dee7

/storage/emulated/0/backups/system/.confd-wal

MD5 0d246f7972fe5fdc828fae25f01a3496
SHA1 3f51baf6493b20a0f3facf010fb926b82bf1ada6
SHA256 0cbd33135f662448c79795ead3358eefbf7adc5a8e869404c5a5fe2de325cc6c
SHA512 99b6f7519d02e02b04bdbef9531d6e8c8d5789736776bc100241ba274e6de6d16e22c523c461976d4ab761a924e449c2cae1dece2c14d71a0853faedbf81575e

/storage/emulated/0/backups/system/.confd

MD5 8c7f6e3b52e6e841b895bbd13644ed43
SHA1 ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2
SHA256 6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c
SHA512 cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

/storage/emulated/0/backups/system/.confd-wal

MD5 40c2ded87e90544695b1c430d3ac5df1
SHA1 75b002439565f04e3aee90fdafebd04f9e35e9ab
SHA256 658e45246e7cdc5736d96657c08e231c38dd783a1ca7a836f1dad1c67018f03e
SHA512 3cb6f260b81d70f64bd895e22dcb8e153047f30d8c66b278e25e14fbbc697c14fabc3c682fe215c3b76f791af2cfc12fabad660cd9a448852a80622dc04e374c

/storage/emulated/0/backups/system/.confd

MD5 37f0f6208806ad46847df9707d9adb92
SHA1 a6c17a1bd2f0ce5c8337a5a88334382998f9dfe1
SHA256 6794da04a35223ac424c0887bb4a3e6743594a1dc067fad01f853c32fa7583f5
SHA512 7632ce0f4bda3603a90922ae0a545e82cef4270ecb9d7a88ce49b0b7cc0b5c3dc65f499ff4b7c2d807b9dad4031dfa3d327a28d24c77595efa1fdb4e2a122dd9

/storage/emulated/0/backups/system/.timestamp

MD5 fd04dc6f4067edefc283ae65e981a891
SHA1 1d11788013c3317fb10dd3e7cf843732c738b22c
SHA256 f0222804456af9d38f5ecc5acc5eab1a994e4514c17815adcf0f9e24449c6d85
SHA512 e2b372494678d5f00536f495590193e439474ed4c6e7b3ccb0541cdd84ff20c5c44f9638946e014b5d2e4a84b7cfdb9df7d50616ec6afbfa3184ee3801d46be0

/storage/emulated/0/backups/system/.confd-wal

MD5 d2fb997c613192db17a51951d8762295
SHA1 f44257ac63f24705ed8f896f102970c5a0fdd4a0
SHA256 476112ba976802e772aded444f0792acd286613e01336ea911579481ff84bb4e
SHA512 b60dd6dae6d8a8f6b82135ceb783af4ffd23e372b62c8a335a0e3a3d66ab4cf7433cccb6f4977a5b5dfb6f00398a286ef43a388dcabd66cfc0fc05a56b811b65

/storage/emulated/0/backups/system/.confd

MD5 ec24010057341bd77fa400d1fdc21b42
SHA1 c10c495f04a5f57198bac7ad6b69d28f483dc2bc
SHA256 b610320234c3a98ef538319dabc0ef297816e461a68a562269be2f0f6ca7fbe7
SHA512 e87d3d21b8f5ca1b998575bbc61151521bdd7204a26218bedb55b3de8db69453739c53f7a6d47569948e0f631bb484d7c281a14790dab321b317ca2bde44b561

/storage/emulated/0/backups/system/.timestamp

MD5 d50d9ea788e7039ea62e2034bb3e9f63
SHA1 14866e3151fbcf87f397fe67d7b439d31b3ef1b3
SHA256 808704c97d0db27966fa739209e71fb22fac41f8d3729b10ab2e566b2eff4adb
SHA512 74b27b17855f66ccb2c46de063c75d2398daf16c7694896f180df91155db7e8030727c6272f9576c4cea272a536d0b746cf82c023979fab4d5d07f716183da81

/storage/emulated/0/backups/system/.confd-wal

MD5 bbd59c938bb593fdacb3ba265a1a4940
SHA1 9aa1704e406ba081490192c34697b0772a9de4b7
SHA256 f86640f99631c49ef9c084f5fe645f26de300d3f60979b2ae6f235637888f520
SHA512 58080916aa08ba786a8a3f22b8605c5fdcd0b3bb72f9ae0e74192470ada46d9e5497559e68c65a1ed10cb1cf65d7ecc02f30a5b055f7589cf06c4fc260a5d02b

/storage/emulated/0/backups/system/.confd

MD5 8c4f19e151d931b3859444f4a82bb31a
SHA1 c3795f9a5e3b04e6e3a72ca326a894434517145a
SHA256 5ff71d3510fac032cfef0b016f297568b24e39357d3951934fe6af5f5355718f
SHA512 b4970ed06ed5014da25feb790ba0a95a732a4450e75c8be311811a1af85b460c7a4b01f5196c532e56ddc1f71dac87b300998482bcb7f7b1af46fc478a3f0cfe

/storage/emulated/0/backups/system/.confd-wal

MD5 eceec013aaa9c40ef9258c3b1c2a2f4b
SHA1 ff269a6a180418769a6118ab0a4ecee6a17925ae
SHA256 8ef9f86c87fa73c8fec7b9073116d5119b8e740ec48ba453aa24397eed60cd11
SHA512 fdd00f96eda08bf43312cf1a79920bad13deecc08d036f7812aca32ceec4f96eeb2767f24d49174b4c1b626740eee680204cdefe3ba692fd7d385e8ca2eaa8dc

/storage/emulated/0/backups/system/.timestamp

MD5 a87c5a914c9812a35307710e5ce15148
SHA1 85ba5b8ba74be94be84c12024cc03c54e9cf050b
SHA256 8c46a93f5c62036a75ad63092a0ca1cceeacfb56b6c66063e18d1dcd2ca2568b
SHA512 4ff81aa9641c24657088ca852904fa2cf0754cb66db1288eabbd1c291e63ac2a0f1c84ed9389d32c18844e893e8833441d17f05c98174545731756511d9381a9

/storage/emulated/0/backups/system/.confd-wal

MD5 e169bb8295ba44220180d5fd0bdbc0e1
SHA1 88b74041ff40ec2b36ad790aeb00368263c6552e
SHA256 64c6f704ab7ac9d63755ec2d7da8c52afa6ae932ac0deed1308ef10e7a3569d2
SHA512 93cc1ead2fd3ba6aba44bebdb1ffd4e647ed25a8108fe2480b8f7db3c778616608277940682efbc68de035fe2693e880272f16c03a3002ca98f777cbf5fe64b4

/storage/emulated/0/backups/system/.confd-wal

MD5 8259f4419900934312ecb3e83e4d2b77
SHA1 1ed90a3297057f64ddb23d0304c396fb0057989b
SHA256 39adcda4c63a173e981ab332803b3292ab60279c9c37cdacfcc0a138fb093ec5
SHA512 8247a92f905e2fcc8bb5102449990d54734d32b5774d6bfcf52083d7f86700f9a1130ba277ad67fa71ed95d3fff7b1a6d582507df4b3c3f2fb9aa786f3414f56

/storage/emulated/0/backups/system/.timestamp

MD5 8af14acba9848cb678345ea76965e968
SHA1 9d4037742068abe8776bab4a98dfa10c56ae59ca
SHA256 b81f56d8c094ebe95d126c93632b010f2789aceb5abd640e8a7be04f71190319
SHA512 2f582cba31b87479125fc9feafad13eda1d35983c67d3a2f83c401102eb58561fb227efaa725f8d87b8ca3cbbc1182e4bd752cbda20187d1d918aee333c24a2d

/data/data/com.pykj.ddashop/files/.um/um_cache_1718182726653.env

MD5 754ad3a63f1229b6526e949c2b45229c
SHA1 8ffaf6e0d9daa2991735cda5a31b2c82abd1413a
SHA256 96b81af77313961b9ee9a6e132200e60af30e51d2cd1722f9e32c381cfe11bf4
SHA512 4c21fa0e5202f002a7040025d2dac285b1265b4b396b28dea35b7c63325a81f67c3818f4b3e9d1907c726df7a731cb5e0ad7c04c8cf6500e9ae39c59001210bf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 08:56

Reported

2024-06-12 08:59

Platform

android-x64-arm64-20240611.1-en

Max time kernel

2s

Max time network

145s

Command Line

com.pykj.ddashop

Signatures

N/A

Processes

com.pykj.ddashop

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.227:443 tcp

Files

/data/user/0/com.pykj.ddashop/.jiagu/libjiagu.so

MD5 f380717bd1e3916c7b697fab8d46c5d8
SHA1 04f51f0d16097214e38be517d93be44cb0603a88
SHA256 8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc
SHA512 b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

/data/user/0/com.pykj.ddashop/.jiagu/libjiagu_64.so

MD5 585208a50849d74967be092bf41ab7ce
SHA1 7b7105bc642c01784e7a301c5008f82fc3d4ec44
SHA256 38cc9d02e42be8f2e0dcd69a0a826f9517b3381b4ca24eb1769c2880e7460a37
SHA512 9f8b659e91f2c40eba6bd82a2d3ecdf0dffaa9a211f0a64fd52ae8f8fa713d2ff9dfa48a94e654d5797e0304ecf53546d828085d9b96b6d3a4c42131405de7f2