Analysis Overview
SHA256
30fb8863fe9ab35917deb1041000ca54d37b24dc9e6b9969a78ec587b1aba9df
Threat Level: Likely malicious
The file a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Requests cell location
Requests cell location
Reads information about phone network operator.
Queries information about active data network
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Listens for changes in the sensor environment (might be used to detect emulation)
Uses Crypto APIs (Might try to encrypt user data)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 08:42
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:45
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
186s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ynxhs.dznews.yuxi.tonghai
com.ynxhs.dznews.yuxi.tonghai:pushservice
/system/bin/sh -c getprop
getprop
/system/bin/sh -c getprop
com.ynxhs.dznews.yuxi.tonghai:remote
getprop
/system/bin/sh -c getprop
getprop
/system/bin/sh -c type su
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | party.api.xinhuaapp.com | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.getui.net | udp |
| US | 1.1.1.1:53 | sdk.open.talk.gepush.com | udp |
| US | 1.1.1.1:53 | sdk.open.talk.igexin.com | udp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
| CN | 183.134.98.76:5224 | sdk.open.talk.igexin.com | tcp |
Files
/data/data/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004
| MD5 | 6f0e28a2f99e5005398eec0ea6e11299 |
| SHA1 | 2bf6d79003d4255be27066d694443dbccbb37cbc |
| SHA256 | e4becc7729121ffeb4d95ac273ef5ce50f7a1519186cf3400effb3e809369fe1 |
| SHA512 | aea8870462ff0971cc87289c04c93555fbb3fc852b622c46e79e81bee7dc733dd7886ee187fea28ae6935152850ca211c545b1eac7d6207eee88b51727238558 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal
| MD5 | 0fab1817aeb6122d5798ce57fa1626f1 |
| SHA1 | 0114e1292a4312f56b6d84041a9f5dd867f1f544 |
| SHA256 | ea4d1f6ab37fd41e7ec0145d941b0bbc5e78164475f9da9429c07829927c5dfd |
| SHA512 | a67da4c899a403b5752b568b322d68ba13eb239f715077bb79c304be95a0cd1718c50db09c2512e3beeb7a83f121db4a00286ab76e47ef785863baf12a720d50 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_
| MD5 | 05c9edc48ebae0942e3309d6a4106d92 |
| SHA1 | 408fca0187936e58c84cdfad3ef643aee35794fd |
| SHA256 | 9bef24a8a288037124c6f7cbaf6cd859d66246c8b32d5bb8cf4de39b7df90d4d |
| SHA512 | 484e0d01340f2092141234c028b2dba03c59d262326b7566049e04b6f72de5ef97e40025bcb2669837ce0213a7db8ace1e99062a3e01bb094edd8fb6059a010a |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-shm
| MD5 | 4c126487d8842995f2921e023311364a |
| SHA1 | 458694bc8d4ada4cd88a5215b2f695eb662bca5a |
| SHA256 | 959353e946aecd9ff366bf4b8d57e04da937961386012c66e9560f79dd42058a |
| SHA512 | bee5635ae8530981898cdf0f994be5b64296cc333eaa91e57b2b4f90cc5e0d081fa69af94726920ce4341391b1d1b4b1bf1a098ec4b333d0f004cd329f960ea4 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-wal
| MD5 | cc2478672c53da7ae5b65dbfee2195e9 |
| SHA1 | 1b92e98cedd257709c89070c0f7d436e016808c6 |
| SHA256 | 45c1a725eb1c1ae6d2d0377394e3df181606d2826f4a7166395d9e2d5cab7efe |
| SHA512 | 491329d31927dd528d2e32b6d105eecf3b24bece996b3d8f14d7e730699242c5c5d4c530758bf5ccf670e868e7923190549f9131bb410dc90faf893cb0bc3246 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | a6215828de4f6363118596ff463e0bfb |
| SHA1 | 19b83ade551b015b8ccc7b25ab2ecd5274fd27d9 |
| SHA256 | e89bea04361e43b9ed37bd5e25418e6412c366a8f54ed6f03b6223a2c0b2c756 |
| SHA512 | 461636e17fe3e38c5b62ce066a282386dd7071291c3185de2c6b4c296df19247addf79493b4f455fbdf54928741d44864701659ac2aa0a2bc64b03bc796969c6 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-shm
| MD5 | 3724eb4070b68db936b7b50fa7c0efcf |
| SHA1 | 39026fcc4ca9ee670adf8e9ef7eb5e4bdc5490dc |
| SHA256 | 810856e6a32131a59f547676ce70292778fbc7fd15236ebc51d960ac7940aced |
| SHA512 | a440c1fecd39a1bda348a730a181275e33ed1a4e49c6f73d0d0bb5d2a4f1092e731ae019e41ba1ca7d87116850ea2293dd3f9a46cb822ed6828571444eff2877 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal
| MD5 | a89091c153d6f69d5310983dc0c7c118 |
| SHA1 | 06841e4d51a76090a88269853e9f2531b182482e |
| SHA256 | a9bc352874448bdb59151361859903cb37ae51d098d7c189338a9e97b4c7c76d |
| SHA512 | 945eb6e69bd97aaeb5c477dd7a7b3eb73b0323541ef38b5f62a5c0f6378efb0f7251d1fab397df6a476446e0b102f91eeb6ae9d4eebcac9813e079019debe553 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal
| MD5 | 972725fb7349476caeceec0661c9201e |
| SHA1 | 3c44801fa73c30536158ccceddb968d1015e1e0b |
| SHA256 | f61dfcb7040e5fd23773c788e9ac79a6e3ea73689242b41af2781eb0bbbc4378 |
| SHA512 | b1925c1f93d36d3a88b0172e065c4fe91dbb0221932d35c0e0160a0417a14e706c2779046cd39dcc4280278e1b3a47b7b4effbe00a0df633b34c87afd164c826 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | 99e9a62a1835202247c787a646782ec4 |
| SHA1 | 6879005aeef3095ec255442165ebd1bf676af662 |
| SHA256 | 0d3309f481f7ab003b8bf93e4d347b09321b468e41b366908b253e53023ac773 |
| SHA512 | 1c35e5682203a517c1758f6074c6a22444ccda6e7726ef20f7a5d2e396a9a486440ee12af9001ab5a3c7d1909997b120166b1a17f921019e4a2c77da8b996639 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal
| MD5 | fd53de3b7931da8e30f5db7c088dc924 |
| SHA1 | 346cb8898a6fe92d22edbadcee615684d1d01642 |
| SHA256 | 9e61716440fc0e6cc0857004b91595b554c8013ce3a4ebc42aedc072c2cb17c8 |
| SHA512 | 4557c1f1f836ca3a4b5a1bb97f492944db698dfde154aebf56ef5658270957db9b35077170fccdaeb0c342a3b6f3360f96f97abd38ea6a079ca3168c6635a5d8 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | b876092ff49038dfd83e6d77f9d322cd |
| SHA1 | 13e920aa7b019a46c0378211770b46c96d008109 |
| SHA256 | 33b1de0981153cffed59ce474a8a16d51decff027e7ad851f737dbcfe2dc0f52 |
| SHA512 | dc431b0d7c8d5f786b632cd305b70f9e8575f22e224ca927385bd2451cf319ac2567add1fee6bf8707259a1ba96b24b5a0c1933e18d2f9dbbb04c90ac61da937 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal
| MD5 | 37afbbd1e1c34065c814447d5c6a1425 |
| SHA1 | de13339706d4eff802cc761251f987f5c434e452 |
| SHA256 | 255bfbba3d5fe8562fbae42cdb3c08cc8d3d206cd9763742e1bd840560f36e88 |
| SHA512 | 6feb200844cf63e9eee07f278c945cfd1ea1827dbd31ede22a68a84dff29ac67ee6e8c583ec27353570ebe00c9ee4a230bf1e6afc57906023cfc018996b0f1e3 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | 82aba2d427f63af05eb3c3c0682a7f8b |
| SHA1 | a9307781219f84687bc4578037ad3b11f12f3132 |
| SHA256 | e15dda3058f439a41bbe7ac89b8018d3b40933fa760bc3e6c20ea2294bf4ccba |
| SHA512 | f2f0de4df31446b0a656967c5bda350772532ac4dc318be9b384258763e467798207949a4d8db16d47a0c2297c9a2f650c413dc73fd1aee05e3cda7165a4f850 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal
| MD5 | f6ef3c14460a54eb46fcdece105b53ee |
| SHA1 | 8dcf8aeed27e534d92922a642c1f3627c3590897 |
| SHA256 | d1714b5270f8d0f2f2c9f7ad98268d282c52cb1f420cc150568b8effb3f21c2b |
| SHA512 | 8a1c5cae2f2921915f21b60d036e511596a7934eb71e411e4c66aac2ee82780ac08bab980defc743e2cd16acd3ade58f3f59a682ea8636a19a25a119d602dcf6 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | 9092f116349504a93bf24ad216956a8c |
| SHA1 | 9b8d0b8356d72425ce55eb430bdc9c9d97f67824 |
| SHA256 | bb717dd6ae8bc2e722b06efd9a72fcb4c202fc9291febd20fe65558120058487 |
| SHA512 | 0737e5b359d5181fa666dec030bca71c087f602232be79126d9d405957d43bc40c35ab34882164fea924a9d07909ef226a79b399e155ad06c00cb646220ef351 |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-wal
| MD5 | 5b6de45f86ea96d74dcffaf15f50bf43 |
| SHA1 | bd77e6b57046278def0aa7f7f66ef795d86810ff |
| SHA256 | 29c1da68eec6d5e7202946ce28a2467fa28fa2d9f19e7cd09b356be5c6431d10 |
| SHA512 | ee35c8ea3a02d70996dbab4c32a94e677a711ef77dbd02acaa0cc8872d608c036f6593c322d029fbf787148e4c363b7251aeabcf498f27e0c0ec2132b4a2748f |
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | ea04d3f4c66f4f554cb961591826518a |
| SHA1 | 5b7ace9ebb17d1f0044e19b1d6d25377c08cbb84 |
| SHA256 | b2eddf9d02c61bf9fb4a4741b462f1ba3332c84f16c7e2d10fbb440135fa79a7 |
| SHA512 | 4e51a02cd46090894ddfbd6efa526c65a0059e752f1a1c5b536ee1eed91d73ee9fc672b1077648cdc96a3bcfc0daacbbb71ab72be341170bcd77bde42c27833f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 08:42
Reported
2024-06-14 08:45
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
179s
Max time network
186s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ynxhs.dznews.yuxi.tonghai
com.ynxhs.dznews.yuxi.tonghai:pushservice
com.ynxhs.dznews.yuxi.tonghai:remote
com.ynxhs.dznews.yuxi.tonghai:remote
com.ynxhs.dznews.yuxi.tonghai:pushservice
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | party.api.xinhuaapp.com | udp |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:443 | api.map.baidu.com | tcp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.gepush.com | udp |
| US | 1.1.1.1:53 | sdk.open.talk.igexin.com | udp |
| US | 1.1.1.1:53 | sdk.open.talk.getui.net | udp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.getui.net | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.getui.net | tcp |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 142.250.178.3:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.102:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| US | 1.1.1.1:53 | sdk.open.talk.getui.net | udp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| GB | 142.250.179.228:443 | tcp | |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
| CN | 183.134.98.112:5224 | sdk.open.talk.getui.net | tcp |
Files
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004
| MD5 | 32006ebc5b2f6219b46b6b320642023a |
| SHA1 | c0106d98c88c9f8d10fe819dfaf9f1cbf6fc7730 |
| SHA256 | f8588f94c8bb74d07c4e26427bc7df60aff38556344ff0eecf72d0a15cc9de8f |
| SHA512 | abff6a62c21b6ac1ffbe3a3b98ed3c18f43910beab55d021c54209af9ba4dd32a3dd90f09cb635b1dc3b4d14dfec6dc6631064577613753f36289778a84b29a6 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal
| MD5 | 4d4dd2a63e159fd52275797c03654ce8 |
| SHA1 | a64346241960c333dd301bae2ed3c07999a910cf |
| SHA256 | af98f2d4f1d13bfd5176c756fe56428c528ea34b2dde09a5aebfe33115134105 |
| SHA512 | a72fbdc3256064a88276bae1cc11f4b598099826fbec66988833221f8993a8990143b937bd56e81dc13325e37cc79866838bcd4f9e0fd1900bc693338d684099 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_
| MD5 | 3aab4c5a851d4c3d87c8f369eba78dd9 |
| SHA1 | 06ec8244201c349dd0c13a82434c76171413715f |
| SHA256 | 3d15057455640464a24c877f753002a46ec7e52c0be892116233ef4bc12d66a9 |
| SHA512 | 8c26676b33e9c482ca30873105f5c464af028a9067226f9e514b3a78ab74b31a80453b000e79d672617691c9ae2f12a94ce8cd4fd1f2ea4d13b2020e3343e520 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004
| MD5 | f53f1867384a126a5409a7977b174a54 |
| SHA1 | dd4b44105ff893ec081fb920dfebcf09d77a5957 |
| SHA256 | 1fb371a6a0941738e674b7d915169febe90fbdccd528a6493943863eecb8f25e |
| SHA512 | 51835934655475e738c285748ccc90d87f6d7bd51abf025a4c93dca3d79318c6b44fc74f90334af8ed99bbb5e4cad712a75f84738e2bcfac51e0bf17fadb8cd0 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal
| MD5 | 2afc75e40189cd18153a25efe81af843 |
| SHA1 | 7a4807e7e959a18386b80bd0fe368d5ead56c793 |
| SHA256 | 7b414feda502ecda7362a1456f448a5d254cf9cbb6d9a5b1d469f481dc2a3e84 |
| SHA512 | 256fec58510bc363cbf41779693c2f98992c9d2f774043257788e1a604ccf0e435991f73900cc0a38920ae7c64ca2b24dfdc3e2267223df937195643f97506b4 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal
| MD5 | 395d4484b4d03380d69524daac5dd839 |
| SHA1 | fd66bd95ef00a2dd87f8fe56142ff6cf66a9e3d0 |
| SHA256 | e2f6c8373760a2b8063cb437646051e82244d76bc4f45ae1b20013f3353ef66d |
| SHA512 | 5848f380f6d2015d61fd63707e4de37d7896ea2d0240ed11d9d266fd10cff013d34a465ff3b64afdff2751fd1e57910ee088bae17baa3039a7fac73aaa0f0bed |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal
| MD5 | ef4cee190e0404f79555ff41e159bf19 |
| SHA1 | d9f0297383afb2efb4ea47b988a97fadf5bd1896 |
| SHA256 | 5e0a9b37b926c11e51e256a600859272b2e3db3cbd4a046da918c3b86b8c2d5d |
| SHA512 | c98f35c1c8f9383e39862cb3c254ea17a1fe1a90df35738475dbadbda579f65cfdeae5ecf0c562849e0863b58947f4d6ba25b7f64a5793aa1ab29626f709bf55 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal
| MD5 | 707e58354ddf9a0bc131d9aefd47aae0 |
| SHA1 | a41f71186ac27887231cc2c52aa118ef707c1ada |
| SHA256 | 129baa86766dc2ae75571e2cbb73e321d38a79e78af9632744356e2ae53147da |
| SHA512 | 8f5f7d08b8f179553dc32391b55868e062ff7f8e7781b8c344c1d425ca827f991b45619a91fa23990f4a3fb0aa7a80f16b118bf0cc89d40e0376403945269d1e |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | 1e0c2603f2736c8a497460a0403dbc6a |
| SHA1 | 98e7bfa807d7f5152c263186d3896ac73d9e5430 |
| SHA256 | b0102c148d5d854546e553cef5c719786d164df71c34c854191b13491e29aef7 |
| SHA512 | a84a91ce69c524fd8b4c230ffeb4b2f59cee1a6d11dced9ad7b1ed5cc022c364a247c4838492f4b32ff475045b1f94792dd623153ec8bd36235adac75594f17b |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal
| MD5 | c93218b2f3292104e20305d49b68ad7b |
| SHA1 | 4928d56782536f10619bcc40fc9d63097775e936 |
| SHA256 | 65fc651bfe913c9018ecb96cf06e549ecf58f8457e60cc84eac7c9d552a0c2c5 |
| SHA512 | 92753e6a6a1420dd1a10700aa0285c2c71f8320daf2833b3e9163f94e9d04a3639247690d387585189e7a9f82174d3857b6504f5ecb7303d062fda9ff5c4732c |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal
| MD5 | dca0ada8afbe381079e39e82bf0968db |
| SHA1 | a3438c2585e0d2df7f8047d69ad603b9651ea908 |
| SHA256 | 42a59e9f3764b66cf83fb2b5127a7591447a1306270ca64ef04de6df5544c82b |
| SHA512 | b1300590740ad5e767d76a14eebe1d3d58cdace35db1921cf60ed825e24e33498a289a1a145bd417f3181200f8dbb991848995ab2e8faf13ee77a7c68682b055 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal
| MD5 | 58c9ba18e5387b15676f75f122362a36 |
| SHA1 | fbf380a304ac8e3cd46e92500acdeabab5304ba0 |
| SHA256 | e2ab3d741b10464438c06eaca6f1a8291f0c5d83ad73fb1ab08a422514d26df1 |
| SHA512 | c3fa4d82f9f41cfbb89589c501c04caf279723fbecef22a3b8b1cc4c528b1bd512c9890592af07d61b0c6d9f78a0401a3d61ed1df6795dc9a7353018909d1e1d |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal
| MD5 | ef2f1a85a1f1556183ab769e2104cdbb |
| SHA1 | a259f1bc4bd7b15012505fd744094c271f534204 |
| SHA256 | 1f879554ef2469ad5c51c74bdbfe2b8be062759453304bee316822b25f1af667 |
| SHA512 | 4bc4828f0301bd59ecf553e3a93ec9feb7107949d304dba079c2b391af1fa8f46b0c4320fb419e04e8de0b351f4b3ede5c295410dc6ff31a57139f1c5b52f768 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | 89f24c55c5d0c357908fd2dd2033f074 |
| SHA1 | 98afc3573d80278fa9c28c35cac5358e67ca069e |
| SHA256 | 7b054b6fbdefdc1ded6c728ae7d191fcb8bb3d4ee04d1aec6444bd777e5cec27 |
| SHA512 | 31aa44a2bc76a12f86e246ac02aea15a2acb5dcd2510624e068cbaf47680495f13f745eb40b8eae71e39aed55c3deb282b75fe3698ebfcf8e1848cbf6806c1c9 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journal
| MD5 | b03ab7696ed42e23784ba00bce20a23b |
| SHA1 | 52e3d1156a2443f863ad3ea14eb3d371c0e17d21 |
| SHA256 | 43082671b8b30eb5eeb3863db7145cc7784788ff312aadc53a0e73205c77a008 |
| SHA512 | bd568f36e685ab8de642543f39c67beec8d02be2c8182717d6018a57a1f306eef99c4c78cff4533861633b653e2ad3f9532e727ab68212a2feb56f3728eeebd4 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | 9748af263ce3fdf1269b13810a05f2f7 |
| SHA1 | 6883ec2d90d7bb6e94b417b7032c2385f82fb22a |
| SHA256 | 8acc4931421a2200da3bb4f6df2adb77f2bbc538cfa79d4c2c3ab75ffc59eac5 |
| SHA512 | de7d510da823e91d4d1f4d4180b3e42da8c87b0fec1e3ec18676dd10f07cc9cd1910e310b1e0f9953a7cbc38186aecb1bd41d8356d046f1218cad236b7521139 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | f5f7184e089cebf426f4604c6d990a72 |
| SHA1 | d90aed3a15beedd60087d8ecdb884cc1e8f65fa8 |
| SHA256 | 49f12ab90931f044a86bdf260d7ae66622b1d65be863d5550dce60722730e590 |
| SHA512 | 54ad678b5e72501835796bef108fd5c1ffa9d17a95b3ad130edbe5135d150b8b63ac0fcf90c9ded9f6c0d764bf98cdb010da2e7cc2cd4260bbe8fc33082f791c |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | f264a6f36d854fe97978ecd49f1cbd79 |
| SHA1 | c59dd21a7ed257ed90b113e8af466fc874284355 |
| SHA256 | 8dc7fc06bab9d86974e12753c1f820739583a88055ed94b61ee89e62c6665094 |
| SHA512 | 1c28e1bc1e87137aabeeba3d7e2eefea62fdfdd43d581fdbe9136f6b23d381c25239d901990b84d2c5b611fe68b659e41e27351a4d1d1cd363f244725da1581d |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db
| MD5 | 44b98c0d0ab33f8df1253e26e8e6117b |
| SHA1 | d0fdfcfee51782a0c62add8e1bc4e2b05ade5c18 |
| SHA256 | 4b03e9dcfac93f0716b985fb1e3e48ee94c66e880d8edd488062adb80bb8c0c6 |
| SHA512 | 91f8a4f2a4da3fd9b19f9faa386d7201c585237f1f32e1cb73d7cf74e67691a8c2ee573c31657e1c217d328d9ad809e3dc005c8cbcd858ef3188d686ee9daa59 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journal
| MD5 | ce1ff63645b8bf52ea758e549fa3a859 |
| SHA1 | 314d871447bdbe3f7586f663339020bbf7667f83 |
| SHA256 | f049091970fb353a36a75ad6806549c3492dac203e0a698785d40c972494214d |
| SHA512 | 5213f8ca03e7bc6a690c858a3fda3e722b0d0d0ece53ec324ef586c9ce9a2ea9906202a53689b6122a0b46a1c55289ce629df6c07e37075414a022e5c9efc177 |
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/files/libcuid.so
| MD5 | 6a2dbaeb0e2b94e2527cff7eaefd7f86 |
| SHA1 | 87ff5f0a611a9b5c4db2066eea9f9de4592703ea |
| SHA256 | ad65bb158a59642195b8fbc219932a42aa566121d3104907baf53749f6c2acb3 |
| SHA512 | 22ec4b2e3a1eccc492baaed207e7fe0e3ffc0946debffee2b7397d37dc4cbc5feefca9e277b74d63d167fee915125071c71a45e3bb660c33c50daa168a9de6da |