Malware Analysis Report

2024-09-09 13:20

Sample ID 240613-cabt8atekn
Target a371c56bc810c29b9a4a4234dc4512ab_JaffaCakes118
SHA256 353afab492b8e1b0cd60ca4de40ab1c52a8562b81c7c3ba3e1bd7883d6532bd4
Tags
banker discovery execution impact persistence collection evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

353afab492b8e1b0cd60ca4de40ab1c52a8562b81c7c3ba3e1bd7883d6532bd4

Threat Level: Likely malicious

The file a371c56bc810c29b9a4a4234dc4512ab_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery execution impact persistence collection evasion

Checks if the Android device is rooted.

Checks known Qemu files.

Queries account information for other applications stored on the device

Loads dropped Dex/Jar

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests cell location

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Declares services with permission to bind to the system

Acquires the wake lock

Makes use of the framework's foreground persistence service

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:51

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:55

Platform

android-x86-arm-20240611.1-en

Max time network

143s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.227:80 tcp
GB 172.217.169.36:443 tcp
GB 216.58.204.78:443 tcp
BE 173.194.76.188:5228 tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.194:443 tcp
GB 142.250.187.202:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.3:443 tcp
GB 216.58.201.110:443 tcp
GB 142.250.178.3:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.16.234:443 mdh-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:52

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:55

Platform

android-x86-arm-20240611.1-en

Max time kernel

170s

Max time network

188s

Command Line

com.qihoo.appstore

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

/system/bin/sh

com.qihoo.appstore:critical

cat /proc/version

app_process32 / com.qihoo.appstore.rootcommand.persistent.CoreDaemon --nice-name=com.qihoo.appstore_CoreDaemon --daemon

com.qihoo.appstore

com.qihoo.appstore

/system/bin/sh /system/bin/pm list packages

cmd package list packages

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

/system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 sdk.s.360.cn udp
US 1.1.1.1:53 s.360.cn udp
CN 171.13.14.66:80 s.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
GB 216.58.212.238:443 tcp
HK 101.198.192.7:80 sdk.s.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 m.irs01.com udp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 123.125.82.206:80 tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 125.88.193.234:80 tcp
CN 218.30.118.222:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 180.163.249.138:80 p.s.360.cn tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.224:80 p.s.360.cn tcp
CN 125.88.193.234:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 180.163.249.138:80 p.s.360.cn tcp
US 1.1.1.1:53 md.openapi.360.cn udp
CN 221.130.199.88:7 tcp
US 1.1.1.1:53 md.openapi.360.cn udp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 180.163.251.230:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.224:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp

Files

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 a14e9d4c23c2a557baf1c3664de2ef49
SHA1 9d026019eb71917e8a34878c064e5ba5dbc9cf10
SHA256 3b79249c29a9367e2dbf437ac2fabf8f08795c3c20c58357cab5f14bc2c7c42b
SHA512 55e4772d5d0b4a53a58ee6e3d047611ee474eae8e98a214fd3a25092376179c0a1617c74069492f90b49de285a0e116de96ad36d14eab2bee0e32b9523d92dc6

/data/data/com.qihoo.appstore/databases/filelist.db

MD5 e61196476905bdc070a32c46b1b23b5f
SHA1 6763e8ee65a38d4e81d75916117b221945b2a4a8
SHA256 f3ed960cdb3b5e3a8dc1030bb9f9901774bb39bb72df17bc2ab50fd8cba198ef
SHA512 a69b32aa8462190ee9d9fb332c09b3d84ec430f70aeec0deaa04fad7a8d48086039a89e19dd111f05319156974aa6167c6c06d054466d87cca81aa576a6dc9e9

/data/data/com.qihoo.appstore/files/sllak/opt/4314/finalcore.jar

MD5 51101fff006710c6a7054cb8b551765f
SHA1 a1c8f5363be1afd368bd1b17bafefe7097bcaca3
SHA256 2577ff5589da130ec2bf041a89ebba9767aebad1e4c9006ead7d949e9139bca0
SHA512 1ae9478e1a98541766fd25284a59feaf123219fad3a2421840d7e0f179ad44dcba17ea66ff12cf139161d8a0150a578711011fc5d45d48419b5ef96aadbde195

/data/data/com.qihoo.appstore/databases/filelist.db-shm

MD5 299c128f857b684a90ce9e701b07fc60
SHA1 627aeea6830d6bd416fbc768c14b919b1b333fd6
SHA256 38c345670635377f4bb9aef065ac4fa876a7d0047dcd2c5b91e29c984390150b
SHA512 013c7b3d9dec2cee274c6a2d5f9e9e2fdaedb57040122473b62fbcff171259380554df847321f4070d36d76da41ec2b0dac2c793a4163c93670831affa866683

/data/data/com.qihoo.appstore/databases/filelist.db-wal

MD5 45ddd426b1518c247cdf49dd1b0bb6bd
SHA1 fc09c7a408d9dd5ef87f0dee436f20244a4e4b06
SHA256 6e72b95ddae0cfe18c3de6b5a33d4ad4fd3a6b45fa4879825f490ecc5f16123b
SHA512 1b21b0fa32ef9da5e9468f338551b15e61838e184b491425ada647fc04c0162d5ee4994a39af8c3a62cb23dceb21c453e570dd6479a0afcbce7995dd7a04d7dd

/data/data/com.qihoo.appstore/files/sllak/opt/4314/finalcore.jar.tmp

MD5 9b76e5add39a073c549684c74c9d59c5
SHA1 7280155025f98e8c5584409f29a0783763fd5f9f
SHA256 748ca8dbd029b8c464217ff1405ec1998545eaddbf212e14875da3550f06d885
SHA512 016726892a73986c01ac83e37e889aa66a20c4fd804d641da8c3f41916e8caef7fe52b5d8e0b5dfcb2b32c96e015fb64e795f083e26974fbda3b156e643b8170

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 a5d410a3e4e12745bd232221da7a704e
SHA1 becd814e8cec3bb5228bedce95939b02f6e1f438
SHA256 3509bf9a861c79070c248595910cab74279ec266aa6696d39925886c93281ee7
SHA512 337a82410ce67ed8566007e7f03ca753a347a5f900db774b865ab58935a7658dfbe3ac6ed14e15b2d4cfc4fcef5bb681a4c4ef95f89851d781b75cebce48e025

/data/data/com.qihoo.appstore/files/360/sdk/persistence/backup/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 3092cb933512b9dabbfb97291982a23d
SHA1 af29adf35e494e84a7080f2a8e97c19ac8bcff0c
SHA256 649843d672121db72d33a1d0de42dd988714c00722eae0a40534e9a7f7ee5526
SHA512 e25cf71d0cac90dd92322cccd625f61e19e384c3a5c9403546bd0f25044270f4cd79062167c175d2e6a255a74b80e80babe57937635e9e79c02d9ae98ec4fec9

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 7c2b8c160f54a2b4f4fc0ace3d17f527
SHA1 c0a586516b02ff6fcbddaeb4035225abd18aa515
SHA256 beac061d5c9c507c838d29b740ccb6824fd67a0b580b284575e1b63aa13f6904
SHA512 429938c213e69c9091ff0759de808762096aeef52a1d28912008a7ab3e14f477b2c37585e6f26726d57128791e1ac310853343e60e75afe3d1c6dfbe6f1c664f

/data/data/com.qihoo.appstore/databases/new_downloads.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.qihoo.appstore/databases/new_downloads.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.qihoo.appstore/databases/new_downloads.db-wal

MD5 87ad5483fa86f87222fb54e2f3e4e238
SHA1 8c2024db6271c7608fb33d435a5f9f3f0dc78d48
SHA256 c002d32f4c6354093ec908700138299c0b9562cb7129598004705d27c073bccf
SHA512 b64df3022c540278d939ed9cb1f276e89240ea196764f35d90622920abc31428f8d4007a1575422f15bba8a2f43cbb6d245568b3f1e92a890f8ba005d448a883

/data/data/com.qihoo.appstore/databases/_ire-journal

MD5 9e978c161f85e1afb8dd25829d50bb1b
SHA1 95e5dd16e9264946687be32c098c303da2e5e904
SHA256 86db5760ba569a8dffe38043922271aa217af5411167634eed25909ca4beade8
SHA512 252e6cb679abd8ad74f195262e4f4ae6f66dba9022283eedf69e2b6c0fcabadbab158f2a7f7847b136caaec5fa99b019aaf65a75bd4f19df1ee15007f9928a38

/data/data/com.qihoo.appstore/databases/_ire

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qihoo.appstore/databases/_ire-wal

MD5 340c14e3488c12ae47447d6ce6bc01a5
SHA1 67e3a0fcc9f440fd157d284af9bc2c40806fe362
SHA256 629233aa68545a195ebfdab498b6cc985670355da72a62f97ec983f9b44ebfe1
SHA512 4581ebe84a49603c5a2315227cb485ade0a1b724e3ddc92f9a641346aae28cbde658e0c2cd5ced1d225a2b131f754043169d1820decf53a0b880d009e93d99f3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:55

Platform

android-x64-20240611.1-en

Max time kernel

175s

Max time network

191s

Command Line

com.qihoo.appstore

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A
N/A /system/bin/qemu-props N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.qihoo.appstore/files/sllak/opt/5198/finalcore.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.qihoo.appstore

com.qihoo.daemon

com.qihoo.appstore:critical

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 sdk.look.360.cn udp
US 1.1.1.1:53 show-m.mediav.com udp
HK 101.198.192.67:80 sdk.look.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
HK 101.198.192.67:80 sdk.look.360.cn tcp
CN 180.163.247.134:443 show-m.mediav.com tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
US 1.1.1.1:53 m.irs01.com udp
US 1.1.1.1:53 p.s.360.cn udp
US 1.1.1.1:53 sdk.mediav.com udp
US 1.1.1.1:53 www.google.com udp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
US 1.1.1.1:53 s.360.cn udp
CN 180.163.251.231:80 s.360.cn tcp
US 1.1.1.1:53 api.kuaidi.360.cn udp
US 1.1.1.1:53 android.apis.google.com udp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 101.198.1.205:80 api.kuaidi.360.cn tcp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.110.245:80 sdk.s.360.cn tcp
US 1.1.1.1:53 update.api.sj.360.cn udp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
US 1.1.1.1:53 p.s.360.cn udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:80 www.google.com tcp
CN 180.163.251.81:80 update.api.sj.360.cn tcp
US 1.1.1.1:53 android.apis.google.com udp
CN 218.30.118.222:80 tcp
CN 218.30.118.222:80 tcp
US 1.1.1.1:53 recommend.api.sj.360.cn udp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
US 1.1.1.1:53 profile.sj.360.cn udp
CN 221.130.199.88:7 tcp
GB 216.58.212.196:80 www.google.com tcp
CN 123.125.82.206:80 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 profile.sj.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
US 1.1.1.1:53 p.s.360.cn udp
CN 180.163.247.134:443 sdk.mediav.com tcp
CN 180.163.247.134:443 sdk.mediav.com tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
CN 221.130.199.88:7 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 www.youtube.com udp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.249.138:80 p.s.360.cn tcp
DE 47.254.148.188:80 p.s.360.cn tcp
CN 218.30.118.222:80 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 221.130.199.88:7 tcp
GB 172.217.169.78:443 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
GB 216.58.212.196:443 www.google.com tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
US 1.1.1.1:53 track.mediav.com udp
CN 218.30.118.222:80 tcp
CN 221.130.199.88:7 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 221.130.199.88:7 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 101.198.1.205:80 profile.sj.360.cn tcp
CN 218.30.118.222:80 tcp
CN 180.163.249.138:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 profile.sj.360.cn tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 1.1.1.1:53 track.mediav.com udp
CN 180.163.247.134:443 track.mediav.com tcp
GB 172.217.169.68:443 tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 180.163.247.134:443 track.mediav.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 218.30.118.222:80 tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 125.88.193.234:80 tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.224:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 profile.sj.360.cn tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 218.30.118.222:80 tcp
CN 218.30.118.222:80 tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 180.163.247.134:443 track.mediav.com tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 180.163.251.81:80 recommend.api.sj.360.cn tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 101.198.1.205:80 profile.sj.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
US 1.1.1.1:53 md.openapi.360.cn udp
CN 221.130.199.88:80 tcp
CN 125.88.193.234:80 tcp
US 104.192.110.235:80 md.openapi.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 171.8.167.90:80 s.360.cn tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:7 tcp
CN 221.130.199.88:80 tcp
CN 180.163.251.224:80 p.s.360.cn tcp

Files

/data/data/com.qihoo.appstore/files/sllak/opt/5198/finalcore.jar

MD5 3d659d22c97207df462b8cad6a1ef72c
SHA1 a901aa332d2b0a0d40c3c550b5c70eb26c0dae56
SHA256 55750e823413c6317d0646955137f01eadebf74efc6e72d0cb420d33fa09ce4f
SHA512 def81ee3af223effbd8f703dbc15cfaf0103a0b29d7bbca08f8dbd74d29b5e4ba16f4cd986b44f2a4675611d170b12792e0c7a5b07371036719a42e9e11d2f6d

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 5ce7a7a31a057b86472c233bd7885832
SHA1 3630ac4c0bc6d99e3bab4cbb95ec6050de86f52f
SHA256 2e074cc33765b7bf6dff3bcf707bf0c8d8bae32458f1b9c9d5b2b72bcfdac871
SHA512 3740092b212a00fa67a23dc9082ea6d09c12ea337986bbd544683d89c219db7a5843b34a8346c5d575f4e7b7b242c2059491ae52496eac38accce3c56d7969f2

/data/data/com.qihoo.appstore/databases/filelist.db

MD5 42b37e68263398e8938ed2f26631691d
SHA1 010c80da53f8626c4941e83e33b53ef22a6481d1
SHA256 6d64bac67f2ab730b800cebae37840856d0a44c100afd9b4fe66fe97698fa30b
SHA512 f174ec28e10be375f24807b6740e74141a1b4f2c515fa4771f7690d90d1f04f24a6e09ea6249828746d5777bef63700dc9c222fc8c5366191944f7653cdfd373

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 8ff0f1aaa82300273af782eb822b5f57
SHA1 d8dc0bdb72fd810bc0ccf29c77b1d1f45ab9b83a
SHA256 81359f1501155870cf2a7ccc16dd7db1685a48a3bd87b0fe88c7adbff0c47cf9
SHA512 1de791e80330efed8e9a5f46dee3d0b77567a0744fea237d7c51ef80530b6d6e4c9e18357e88cf770acfdcb9a8cf0fb0877054e6dfe0b11b1c9792c9dd49d6cc

/data/data/com.qihoo.appstore/databases/filelist.db-journal

MD5 f2619cf30e5606c16b0eb1272f9a1de3
SHA1 7f32cbc3ceb83bd18f47165e28a1a6c879f056dc
SHA256 94ea7a0fdbb81a44eb9702ffa994399b53d6a110bb4ca19e789781e690890b59
SHA512 bf3706bb1553f93100e77f16b3b0e4ed4422d88e62f1d58c6a583e19d764298bcafec890e3c03f00aa03a75342220e95a93a808e2ad718d21807322bc2238d40

/data/data/com.qihoo.appstore/files/sllak/opt/5198/finalcore.jar.tmp

MD5 6572abd0b9e88d969d905fec09f98864
SHA1 adcc674b9f420d3d6b444f317b699d982f69c7da
SHA256 74ff73c955c5d9e544a559558a16e4c02d0c66acaa0065a7bbcf226e8ddcf851
SHA512 b780f07f6d421c68b97356e78e02810504594872e6038977ad37aab0bd70f2b55a4359e58b3991fcaf0ac79371c3e2d94f286853db23fd30efb509d7b4e9b586

/data/user/0/com.qihoo.appstore/files/sllak/opt/5198/finalcore.jar

MD5 b667ca71e42bbeb899566c8834ed085e
SHA1 053a3f889e326efdfa0d3ae7e5b2655f0b7376d2
SHA256 536678202267f95d80480f15065e784d7ec609922a0963d935e9c5a4b0f62bef
SHA512 52255d3d7066d01bd47a9da788f86c707af14e7666a918737fa5ffb4bb003e97b28dd84a7cead3439ee39e10b568c97e80174a80bf776c7dd58335b06656f8f2

/storage/emulated/0/.sfp/.sfp

MD5 82d05890e891a788585d5e05cf6ee251
SHA1 b6837cade69734f9a75ccde0b1e338578a62c35f
SHA256 db0525e5f03eaddba2eed7330b7b14e48c18c4507669da829a86f3d01d9f35dd
SHA512 f3d8d7e81c5f8517aacd794b374c56bf50e99307c9d8b03bb91634434c8a7fb436063f7c839698b4b20ed2ba730b78062443375abde02163746fcc2ff7760d41

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 68d1c5571a10b616f42bdad05e7a42bf
SHA1 c2a5bb427f3ab2b9d85ed225ee47c19e8e517eb6
SHA256 c0f894ad15a1b8f93b95ea76c454c28c5df863791546e50b0d7ae1a4b9f2a889
SHA512 a3d4da8fb8e03d17d9fd876e2b64946f209c0dfe8a1734d0ad70971967d16ffa9db20045d30404c59066661b965d066c06805b6a4127b8072d4f092a357d648c

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 f63c12beb88cdc7d4cfee6cab985ccb8
SHA1 649d323f33efcc12beec01f3f5c88762275e8fac
SHA256 421f553ea0a8c444a8675d8b8aff6f678eed14d667f924f667eb37d39e538e01
SHA512 f23df31b1a4263f42756a0ba20f3b839b8e70861ffc237cddfc4abd593b0388e8f43c59b907dee898a368a2384bcae5fb6b4a3986d40d5deeb1fdfbf3c65d2ef

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 fd4e402345f4f73b20c195dfd7ca27ac
SHA1 28a9b9cecb21562508bc5d7781ef0a0e53f19a15
SHA256 12ef010b6ce3a145fa61bede18e661ad0a0061ab6b846851f8afca132350daa6
SHA512 4efefc6ca2d58cb5988810722ef3bc5938d3277febfd5f8ead6f94cc1226bcc689294cd89a110d25c06d6d6b6e46e1e8a9c81becaa7dd66e6b69c71f3f60b72b

/data/data/com.qihoo.appstore/databases/download5.db

MD5 fc8157c20aff4c65d310c8b1495a6c09
SHA1 527adb90ff40b74b6b0268a5018d8af7faf53c8e
SHA256 d3ac468ba80900c4780701925d0a9b119be2317ba08a41b5c7084965195d56ca
SHA512 d962ea97226a5f9937a55dc46fb1f3ba4fb0782dc9a34ac362000d7e2abb4d9c2cbc7bde310708a4462bb5e8af7ee0d6a4b87c0410804a71d0848537ea6b9fd4

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 8e4e33dd3349d9e40976a5cd9dce833b
SHA1 d791af7acc9ffb1954ae6047ebe9625202d9ef64
SHA256 13259e3142b00d4b8d09d320c8430d02ac44572d2a129b960993320d0a180df3
SHA512 c9334abc675ecc01c722c8f55848ff7980b7ef4ce9068b5003570204aad9a005563a3ef93bc457890039bd6910d619a643be0a8d4a25a74d6e2288dad927fed4

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 d0cf5e75ce81516e7ac9aa8a6a79410d
SHA1 c9c4312d6ea9ad16e2c3fd68d6b617f19204c345
SHA256 f372729657fc6aa519a5b562ca80d73869fe70afee6468d9ce8081098dac0ee7
SHA512 d622c909997f80ae04ed482ee42439b3ad35744b154b5bef3ba20a200539f680c1187c62eb9e7871d8ca5e8a57d4af8f16c1e2df1a068cd77f69b30f11faa632

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 ea628e04765adaf4238a5dcdff4bbd51
SHA1 a801947619ea8c368efe9c006a324dc6339ac60b
SHA256 885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512 c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

/data/data/com.qihoo.appstore/databases/download5.db-journal

MD5 591a0f3729dd8bf164b3cc282bd538c0
SHA1 6388ce331d095b43e5dc63d02c093d44171c84bc
SHA256 ca74157135d9c139b6e462f0b2ab39323d2f1164eed8ba69a0177ccc9df0beeb
SHA512 67fc4d9a7c0228d2140494821b52253084481f00858476424e82c1ae6b4a4e38346d3bd0a0feb24d0d5f693b3d3643bcf7e763d168cf3b644853cfdc36b6b3c9

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 37c8e2d3b8a2ce1acabb1eecc6c58f3a
SHA1 ce69bd74e4531ee502f4d880e18989bea4af60da
SHA256 5ab25fe70ca8c18ad3ddb38f879e67c286c76775f7218116350219d9e5fc7052
SHA512 3bcbb96ca9db38c56eda53deda1ac2b8cf6e54d80c6294988e6b5325bb27519901549e875c9f9b5347ea8d56aa101c7790694ffe3d1706c0b9aa7a66e34a5cd5

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 b3b4c6a31324be37343fd59645c8078e
SHA1 c9926a8b0486d23290a1f74390a0cf4d12008072
SHA256 bc13b2e020d5edd93e6dfe6df2a4400abd5f77f934935a6be2e3ec71d2bb26a8
SHA512 6f3b10d6bdf35010982f91953fb2bcb5cd6f9630ce294f4930e95bfe9d4dd5600739703fc44696a2090248fce55474d7499a88c7057b689076472c2ab7252712

/data/data/com.qihoo.appstore/databases/new_downloads.db-journal

MD5 ffb80aae8acc04b22db4ef92b59121b2
SHA1 33837985d70c0b071453e2214e014ff07d6c8012
SHA256 e6754f486a0311a5d79a109f9d6c88a8e1b441e111276b8f7dbed7335b163d38
SHA512 9ea53d2d3eadcce654026b6ee0ba9fb1cb0e47d6d7c316a61b8847f5457eb8fff147370d83268babe0ec3e7c4a4c11153d1a6af4482e2e55d993d4d46a12b8b2

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 65a3345901bb2210f3a14aee03761cda
SHA1 acf19ecb0d93a5c4c8dd6745967fc53b73c7e9c5
SHA256 6ef285a109e2f8c08b1c8e878dac2a9cd76a25a22a53f46b385440c0ef50b674
SHA512 d23ea763b2ba718f40788f68452f223d2108079d8b2c98e2ce564ddbab5c8d5828a292d575fa022e8c438b899d7496291b1e3e091941dae3f45a9704446de3bc

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 932058c83d1f903c515b112590a35051
SHA1 ee90cb29f0554168077f60ae66d458a22218824a
SHA256 ec21c5db01d91ef738a7d990bcd11337bae4b475d9127eb5675657c68e881676
SHA512 940b6557f623b18787bd549a84f5483da73a46429d5949f74bc7f13d0dc74dc620a40ae5489508f85463c256de5f71751c72e3852c6a722a7ade4b98ee2b072a

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 b68accd6899768e3a580fd2c9e0136ae
SHA1 b4f9c96206b1d026d3296cc9405de088d5490022
SHA256 485dcd78c9ac7d4f05666619ff659a4d9e6aa9a16ab23731563552739bdb3be7
SHA512 9f9453e91eaa2b3eb7d2eb2fd471287d7cb4947daf9011b5fc4074ef857cd942c6c906971b1d067c056d3cd7790ef4c0d57c1d31dda2f8ebbdf98119da82efed

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db-journal

MD5 2a0bd8a0b4e3fa98295d6c12b40b89b9
SHA1 9860cfad08a12b2d0bfaba60b85e68c01ab76fc1
SHA256 11fcea6acefc761e0bcaf49250726a5e500b9c89b1ebe7e7e7558b6fee6e9b18
SHA512 10bcbba8154ab5dad67c4484c27224fd471a0a8ff44ec745fe579c6404200c6aac1bb21d607164bcfa8a7fe0d4063254992f0730da4aca356da459c812ab1698

/data/data/com.qihoo.appstore/databases/ignoreupdate_appinfo.db

MD5 0685bc716a586d0f6b849b97d0fc2d02
SHA1 fb3ae859d35e4e5c86af4a045c8f7126bbd4e73a
SHA256 c7f6ba4fe586c85516bbefb4e5702ce81e8b5b573f413fc5304f38f2dab69c3f
SHA512 04cf6da457e89dd0061334477ee24b39925fc4bcde182692732cbf9694a81ca89bfefec38ebc56e02555630ffe8f7f0e5033168294d8d6751c6aba914617dd00

/data/data/com.qihoo.appstore/databases/_ire-journal

MD5 b7ef20bb73dd74cf37877fe0c67dfeda
SHA1 67a0ad9732a808775cecc7fd9935b99eeecc2cfb
SHA256 46f247c2ec5c5f3973484366b7ebb633ff4a34661505fa9be39f617e631b6eb4
SHA512 fd0b1eb0388350322ad4becd9598b4e944bb2c88683947a29a906c47c720525bd8a5475e9ce88c226e30587789c7a34f9632f3acadee44e896607058e113e298

/data/data/com.qihoo.appstore/databases/_ire

MD5 6da302a2e5fc0263420684f38a00e3fd
SHA1 9e1c35e91c3b84600dd8ebc10e072ccb91b5895a
SHA256 a9b2f6227429fd83edc4db9e62c5e3f8c45b55598f7b10c3132d6b339283c8d2
SHA512 6e91d3076e4f382a5e4119e6429b90bd4d604c858acb4914e8b67226f4ad0626e29726e09d12965f075ac6aebc49eb22faf0f5c6a286913aad9515887f91fa1b

/data/data/com.qihoo.appstore/databases/_ire-journal

MD5 0f59f3fd6afde3832ed40d4e5c476129
SHA1 e59d6c1e48036f31d57aa7e455db2ab46c9c2ba5
SHA256 77cc13d526bf0ff44a591039ae5064c7614f445542b6af39cc202764d419c588
SHA512 bcfc4a81cad37036cb3cbae1d29c4f1fdc9b7a416aa2c82576e0af4f7ee99667c1187ef7d17313c2d8c44e909d831e1810d89f8f905db8288e78ac2e38d4b35a

/data/data/com.qihoo.appstore/databases/_ire-journal

MD5 0a73957a0c024d5e4244d576bf35ecd3
SHA1 64c5134b2658e07a6713d163c7be3d0c067addca
SHA256 5dd3c0eeec4e62589b1572de8651172741d0dd640d5f06a02449626cec3f43df
SHA512 0f07bea53d496c14d5e54557a3b9739b38bf80c0fc559ec7e6b00485103cecd9bf38e79a3f706c1fb9d339a8362beffe9933e97a8d9628da05e7b8becc5ffccd

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 34c38f1b4b7b28c9250d9cef3620e3a7
SHA1 6a6bf1a132e5fd070de4e4033e727d1482c44c05
SHA256 c0467770015a9fff7e3c7a2a86c02fa5ff740a0a6cc51a2676f518dda0e97047
SHA512 2c1f22064b307e814e0a90e9d448ff6a9e21b3ce8659b5ae6ebf929f8a7aa226fc16b5433459266796bf2c5c44c90c35ab623b2286f3692994573bc27e8e494c

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 7db04f3bfdf3337d5d36c8e3702acddb
SHA1 3ce7cd76831d1a0d08de5cb8dd3b7fe56f25d395
SHA256 370de794568c63dd6b010e03f0470d2901e9fe4a8efe172c45bb002709afe171
SHA512 a406c588818b55aa910874ce86f5ad8dec58ab0f45a64ccdcd114d564e45a4b5565fafc6d50b93b522d1f4431d6317929104b65dd2ee3c2eb975d25bd7f55073

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 9f797afbcfb61a5916aba149f69d5b6f
SHA1 b59ee8dc8714a0baad80182d31cd9f34409340ec
SHA256 66e19e0ecdad464b1d7c9d7506a7116b7c016d3d9ec51654dc39c6021d81d6b4
SHA512 bc8ac725208b6132c0c6ef7abbe3fdc83d24787ecd12ce259f68e6b1d7bc64fc99872637d4e8e68a45e19508438e07873cae1ed3c9492383a018271c3546a0fb

/data/data/com.qihoo.appstore/databases/update_history.db

MD5 63034ee19c8ac183f4be94f0e4350592
SHA1 8bb94ab357099476de70fa34031349c4f82c8f12
SHA256 fc8213a10a4907987570701d47828767ffd9517ac55111519fb6c909b015ec7f
SHA512 14f6fb8b3648f247bb1c675f5e10f0259845c7a6c559d960ad74759634c1bfc92e0f41cc4cbc973cec45395b2269c885f9dac07d926f490f505cf2a89bb93aaa

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 3bbfe4552caee7ac6c255dec9dfd2ba0
SHA1 40bf4399e04ab0e1e46615a55bbf3bbc0c69c4e2
SHA256 16b7220d2f662ff5936b4665747d16b3253aa5a5d108d2538f35bcee2779faa8
SHA512 6f3b6d41754f66be5f8bcbc216b679c5c1568d6c0bb04e733596b8199c3c9bd3bd6f9addedb40059c998722544521bb36141ab524e9cdea4dc32c8e6ec7f41a1

/data/data/com.qihoo.appstore/databases/update_history.db-journal

MD5 f7bc9d6fb438141c8070f403097cc29f
SHA1 f2eaf61d0983cf8e72ebde200cb43377f20d2865
SHA256 f132e03dd3b944826f66672da04bb819e1a8795ef57949412b589a90aef3a63d
SHA512 ddd3b4f2552574915c733b068dadcd4c9ba2a04eafe6725063f677d019ad820d00da708f63d596cc9cf9780de278b3f48c1f2e47883d451f7ac855fecdb0e344

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 174372ee0822dd5634fed6ce20f63dc3
SHA1 4173cc7ea2d5090e42d5040a046fa888765b3dbf
SHA256 7ce46e7ef44cb65b10b6f13543872da91d86d5a66d0f4e18e6682fa9754e9b3b
SHA512 6eff9de61ef00385914574bfaa707777b7575cd42e338a6ca42eb5ca8e9eb8a9793c1614924c158e3cef9c36709a4bfa5f9ff14b98ed42ba9234451c4885c181

/data/data/com.qihoo.appstore/databases/account.db-journal

MD5 afe0aa373e6134d3f404455df6126407
SHA1 a29b3bfb9ef294220684c9ba643438a1c51f7ca3
SHA256 6fecaff4540b1a42f31ff7b3ff16ef4f88770df5d07bbf205e3a0153131b1005
SHA512 f850abb22adbdfe2b3e4fe87e273e62c019fe802892831c87f2feb72603cd8e096123e0b4a59c223ae2aa88b01c99bad181622276048802782b0130f10d2b9c8

/data/data/com.qihoo.appstore/databases/account.db

MD5 f630f8cf9174c836248b6d30cbdd5779
SHA1 4db6d82e8e17de9fcdf0ead09e97123cda1ca86f
SHA256 ae606221ff789289e1c69cd9f79ee035d1c587a96d556ad8ac6ee91fe6741041
SHA512 c5045a96a9214932971165424348327e2396c204839749884ab3105c7d185693c6900acc3d52cdc1463633890cb123e21abd7e68d71907c043d37f4b52a7ec5a

/data/data/com.qihoo.appstore/databases/account.db-journal

MD5 78cb2d7fc6ea449bdae17b1a42e5c109
SHA1 1e502f2f55d8f43e2c2ed01fb0af8c17c6cc8535
SHA256 275589e8592d166a25ab6f322387c78b7f6ee7c692d91890f8296e7f93c84117
SHA512 08a9c753669643270c67c83ca601d80b56b9445002e77c0f7857b14f6f701670756b5170da067bef4e92b1faa2a0aac1903a662ea7ce64c2db94ddf407cce7e8

/data/data/com.qihoo.appstore/databases/account.db-journal

MD5 20c71a4bed9b929f97df8149bde13a7b
SHA1 8ad722c4016b34e676a3aeb043c7ea80cddf9278
SHA256 9bd5c89f7ce7cd6891bfe011d59f24f2896e16437287aaf9bb76037ec0913499
SHA512 cb78d8d3a5198771af82c42cebcd72ce040f4517a125bcdd60a40de8f93a3fa760aaa3c8e140ad84dc73a5f3abf6cd96f8ced226b2e41ba81f1714be90df9fc1

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 3e7c4f464250ce4082725e0f21addc79
SHA1 571c4a3744a960b37a7216861c3d618e86b7c8a6
SHA256 46d643d23c2726d37efc3c2a81379e2a5be2735d188905de4ba5e2bc57230e99
SHA512 06d11dda3764a0931c4dad631fec5733088f77da92236b8f13afab71d694593d58b6f90d149af3f39e1be193425eb23a039350295a6ba60e64a4d3c5dc8a8fc7

/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-journal

MD5 84bfd278499fd3e12efd4d72ad2a21cd
SHA1 b3d32a4d65c75b096f15ca419710a6b684c440be
SHA256 ee1dec19826ff200a9921a0f9c1a19a2df85fcc810b6c12507060f76aa4892ac
SHA512 e2d014a00c639f840a084c41d5a5ddd07cd27c26fee281e692b8d928adeeabec4c60a55ff1223a0ba5ebfa234817685bf644dd090de97030d4c17ce078ccf655

/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db

MD5 073bf578f358397eb0890a40280081ac
SHA1 3ef956e97836079ef32105e6f84b401e7dd4d10c
SHA256 c48a18c175de831a21353fb0bdf0d3e43b83ba7655982152df5cf0100b2bf37b
SHA512 22c8bca8429348bf9c0614ba55e6e8dc865cae42306bda2d05b588d7ab34ceda0071695654efe0a429cdf5a6ee812db8d18ba794a80be2512c5305bcdb314134

/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-journal

MD5 1d60585a64df8c604b5b8fd1b8e9907d
SHA1 7f8aa144a7481e8c86f18ba21c35b8a3d5e544c1
SHA256 74d1eba75dc4c0269b96f122474a531c066edb6fd178bd3ff53d89a23d090f30
SHA512 bdca69915913981a495118eb99ea10c54b7def1be7e5544a868c481d74ce35929bd5649de85353d20b2ca8a5def7d80673fbfb6060a59c5cfbc8ff9271572aa4

/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-journal

MD5 76a98189a2b5fe1a8a53ef659bc574f5
SHA1 dc14cab956dfb1d3ce5485c91508ce0523d06d92
SHA256 bc80511bb035589fe3441ba506912181899d0c25d9cd2e022f9115c40a70ef0c
SHA512 0c46007aca6e00542f295f242f23517935384fd0d6dea3fc2735fabcce09681dacb107e187d5556ab274f351dd816f3aed707ada49cd975e4e1c267287548146

/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db-journal

MD5 02ee3ec64fe3362bc7671b2208f2de24
SHA1 007e819cd72fd7afb2fc2c02c69aec98e921b5f6
SHA256 6242df137410d48da65cc119b35aa688bd2f861e95b0c4af5202fd9be0224db7
SHA512 a4dd5e6b250bf10986ecea6bcd4cf6b5be18668c812900d58f54bcb12e95a95d1c720e7a27f5520afce7ec24c015d076fb295a53efc4741c18a0d0e36635f334

/data/data/com.qihoo.appstore/databases/360appstoreInstallHistory.db

MD5 68a663c3f95568e27a9480c447c29c1b
SHA1 bdbd0c162d679fc3e2f96beec7b3fc21be4cf78b
SHA256 442847f7a12c988f83a674323cd5da163d5ec79152b658abe27baafbf70935c4
SHA512 b3317e0dd3be80101b53bd0eca193f4654baea2c8682e0d880afc248f142c6e34c22f5ecd689e56914954bfbc842cc450fa2efe01f668cc8315250c3b4d706e2

/data/data/com.qihoo.appstore/localApkInfo.json

MD5 e0da21f9b6bdb1cf20dab7a4319ff6eb
SHA1 40fe708f56aeda9f925047836b3a4cc6aaa9f46e
SHA256 aa3ee8a204cb05b03fc508933cdf9fce34996cdf7e89594ffab571fdb6f9e97b
SHA512 13da530aeaa4b4203b8fa9de21a0c1e4ad0e36dcc70d9c047cfd9ec738c445f9e004300bbeeee87afce64c86fd35c203f45a0e739310d43e6e3111996a28fefa

/data/data/com.qihoo.appstore/files/sllak/opt/5198/oat/finalcore.jar.cur.prof

MD5 3e18d7736f37f4d7aaa45759af8cabef
SHA1 a50d75b2ed7b1c211ce49fee102e44418ee65037
SHA256 0b845dec37de9926614c28e54383baaacc9315a7ec8006a27163c2ec0a2941f2
SHA512 91d7606bb1620ce9c88d7ed8553b4bc2e1dde50d245d3f0ed31a468ab636809f7506c7cb3d8a7957e2f72efc08e0348789fa8e64f3599c48307867fb3e1d8fc1

/data/data/com.qihoo.appstore/files/sllak/logcache/log1718243550496

MD5 fb44523aab16c6e3bb4191fb6f83a184
SHA1 f5f44a82f29b354e497435ad42e7e5eb3a3e647e
SHA256 d28887a7318590e1407c258e4779fcafe2d28d1c3167e46f6e564d3ec555969f
SHA512 056fb28872ecddacb1af17c0b1fa80e6b76b395de5b798dc44a1dbf558aa2a4dd069f578da9ec65e485a5d147f33b412ebd0ef42492f12bb09641c66da5fe64c

/data/data/com.qihoo.appstore/files/sllak/logcache/log1718243550301

MD5 32ae00f32cd1a972d712a671dbf59585
SHA1 4be6985ef79fcdad5d44c69dd267422ce8a26b7d
SHA256 80123a7dad758409f5d9f5270fe0a1e036f12ba3dc943490fc40c878bdccb38d
SHA512 231ca32059c693221330bbab3b9ebc20b5666f721990ebc1f39e23789d0f7273bcc4c5f1d1bf0e54607a83ef83b4809523240b772e3d0699a49d44d4f7db8d43

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 319bb735ddd501fd0f16a85b5accf434
SHA1 8160e9d76f443980201212062be18836d800eed9
SHA256 ec9967a7449815a9c3c2597565ccac9680bdd9620f8b01d8fae087f823d3c4aa
SHA512 0f86741247e9b05d6caacd1501fc075688f6031c44a643c40c49dafb40a141375abe81360a202a422cea707a62fcb23c1aad416711d6e3bc6500f250dea14a86

/data/data/com.qihoo.appstore/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl

MD5 a46f62f60d3654f30f1fa7a85cf83538
SHA1 d56658373ec3c851da046ca73fdaeda125e6a7be
SHA256 690c2aed22dff66b7828758079b8256ee528f168b986fd5b2cd3ef420aa15494
SHA512 a2ecc6458c8ead31cfa16e69958c2acdc81603f59775da0ae896f640788207925e22a4b0eeec2f0153e6de441e167dbf19393f9b795c81726575eef4e70996f7

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:52

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:52

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:52

Platform

android-x64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.74:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:52

Platform

android-x64-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:52

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:55

Platform

android-x64-20240611.1-en

Max time network

174s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.234:443 tcp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-13 01:51

Reported

2024-06-13 01:55

Platform

android-x64-arm64-20240611.1-en

Max time network

189s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.187.206:443 tcp
GB 216.58.204.67:443 tcp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
BE 173.194.76.84:443 accounts.google.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.187.234:80 android.googleapis.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
GB 142.250.200.35:443 update.googleapis.com tcp
GB 142.250.200.36:443 www.google.com tcp

Files

N/A