Malware Analysis Report

2025-01-19 08:01

Sample ID 240616-w5l38awclm
Target b49401ce9e657c1521f2528d8bb32f88_JaffaCakes118
SHA256 a5e371c3704c27dd95b46152d6154117fa222366db29699a331475ad5a5d7dd5
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a5e371c3704c27dd95b46152d6154117fa222366db29699a331475ad5a5d7dd5

Threat Level: Likely malicious

The file b49401ce9e657c1521f2528d8bb32f88_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Checks Android system properties for emulator presence.

Checks Qemu related system properties.

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 18:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 18:30

Reported

2024-06-16 18:33

Platform

android-x86-arm-20240611.1-en

Max time kernel

176s

Max time network

182s

Command Line

com.weiqijr.qihailicai

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.serialno N/A N/A
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.bootmode N/A N/A
Accessed system property key: ro.hardware N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: qemu.sf.fake_camera N/A N/A
Accessed system property key: ro.kernel.android.qemud N/A N/A
Accessed system property key: ro.kernel.qemu.gles N/A N/A
Accessed system property key: ro.kernel.qemu N/A N/A
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A
Accessed system property key: qemu.hw.mainkeys N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.weiqijr.qihailicai/.jiagu/classes.dex N/A N/A
N/A /data/data/com.weiqijr.qihailicai/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.weiqijr.qihailicai/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.weiqijr.qihailicai/.jiagu/tmp.dex N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.weiqijr.qihailicai

chmod 755 /data/data/com.weiqijr.qihailicai/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.weiqijr.qihailicai/.jiagu/classes.dex --dex-file=/data/data/com.weiqijr.qihailicai/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.weiqijr.qihailicai/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

sh -c ps

ps

ps daemonsu

ps | grep su

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.weiqijr.com udp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.92.210:19000 s.jpush.cn udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.53.90:19000 sis.jpush.io udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 119.3.188.193:3000 im64.jpush.cn tcp
CN 123.60.92.210:19000 easytomessage.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 110.41.53.90:19000 easytomessage.com udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 119.3.188.193:3000 im64.jpush.cn tcp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 123.60.92.210:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 119.3.188.193:3000 im64.jpush.cn tcp
CN 123.60.92.210:19000 sis.jpush.io udp
CN 1.92.77.21:19000 sis.jpush.io udp
CN 123.60.89.60:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 113.31.17.106:7000 tcp
CN 119.3.188.193:3000 im64.jpush.cn tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 120.46.131.222:19000 s.jpush.cn udp
CN 1.92.77.21:19000 s.jpush.cn udp
CN 123.60.89.60:19000 easytomessage.com udp

Files

/data/data/com.weiqijr.qihailicai/.jiagu/libjiagu.so

MD5 7e7125a1193cfa8a696c1b8a6d2a103e
SHA1 af193df6127a47f455ebb7d5b792d2e982f4e004
SHA256 707cbb7d210699b111f050a382224f04ba2dbf72ecb4ee8f420d5759b6a23681
SHA512 91a62f00c2a9dc3c28348ef512ca56ab44d999e11dd806d565109159e79f25833c9141023ad639c7f5132acb8038ca0d7cc049ca2118534570d3ef1b36798b03

/data/data/com.weiqijr.qihailicai/.jiagu/classes.dex

MD5 6ff8ddff645a25fecc906cdac98495a1
SHA1 eae1d98935ba65934704f99d4c8d1e0dd4a5b9da
SHA256 14a1b4885e592ef03054ed6b81b5b738fb62a5fcba6ee7cd222513e96151dfd8
SHA512 5af2a5692837aa006ed980e24831220891c74b88397674121baf9fdef8942d3e4016af862ef8cab1dddf6af6d1547441b3140896b70153c5e24a0ada1a233efc

/data/data/com.weiqijr.qihailicai/.jiagu/classes.dex

MD5 df01dacff9e45f93d37fa8c6246a07ae
SHA1 f75297180de9a15c141399357e8dded4916beb49
SHA256 5b28f7cb28b70db8fb7ff2ada4dfe1fdeda2e20683612e38acaf7684c8fe3e03
SHA512 b6ca4cc0f486189c7f2e2da5dbe07233451a7f9cd47d1555e1653fb9d93b2a925e101449a8ad8d20cae704ef219ab278aeea35db7da43537cde2a5714d87df38

/data/data/com.weiqijr.qihailicai/.jiagu/classes.dex!classes2.dex

MD5 c2553ca6fd9c655836e954b6b5727fa4
SHA1 d963be845e26c415ae27d2a1ad50563d8bfa280f
SHA256 16c4cc8178a31d54cdc7b0b12706953d063b734883b4b6bfbeb53f7a44a2859e
SHA512 ef9c8a51a5fc118d43f85c37fcc17017e129f41dc8799776ffbf814036926edaaaa26f00f6b6db12fd6bded4669a9797d52548b2214aef1fbd8a1f557374cd75

/data/data/com.weiqijr.qihailicai/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.weiqijr.qihailicai/files/.jglogs/.jg.ri

MD5 15a9d94fa9d86e0fbbdcba00008eceb4
SHA1 717a95e03b6063c377a42e4a3d439611270fc4d7
SHA256 b82ebdee195f1dc5d99ff06a8ce09954a2fa5b81269f707226b122d5a3f26ec2
SHA512 6f0b6ebdcd511c5dc1f243e1d5e419e363d1513e92e406507e99ae66c90117fd8cefffaef275f2a1ab9e2e8e2ef7cf5d23db78aa622e067a5f96e9f1e597d92d

/data/data/com.weiqijr.qihailicai/files/.jiagu.lock

MD5 adffae855db7e7ff0c0685c1b197a817
SHA1 5326c6c0b9ebd7d320678cef6f7573718a2c048c
SHA256 7db9b2596362b28bcd63570d912a055665ca52483ea688ead374182c0e06273a
SHA512 d0b018af3ebbaaa4db7e56ca5cb0f39d8a8b58c93fb832f4cf8cbd76b5a5243421a2e53e674070d9597a6669c62b17e0f3721118e3f39277f2b9972b72372e59

/data/data/com.weiqijr.qihailicai/files/.jglogs/.jg.ac

MD5 379344d38df7302d4b4c723ce4a2ddcc
SHA1 cfa0ebba23ff1ec1dfe1f8273a26652adfc82b27
SHA256 5c163af12112f5255ba4de4abd7b6d98230eb1761b840c559ae52dd109da2f86
SHA512 a4f6980cd2ed22814674e3e5b29aec1ace2b52bc7aca8ae9733db2cf4d329b9f8daf907f2f9a6043925dbe8529fef8128022c88d90d1f7d39bbe6043c18ef1b1

/data/data/com.weiqijr.qihailicai/files/.jglogs/.jg.ic

MD5 09a548ae059b1f02f8ce27cf6ccea586
SHA1 125c2365c46fd282ec9dcfc33fd73eac9afe6794
SHA256 6763cd0e053b47d668070ad6ec6f78dcfcb256c0b55d3ac61b19a10b53ecacd6
SHA512 483d9dc5e80cc4ee0c5c0661690decee9b37626e8f5caabd230aa73fd0ce5eb924cb0cfb0b42695deee56b5a71228b38f68558f5ffbd67f9734083162a562ab7

/data/data/com.weiqijr.qihailicai/files/.jglogs/.jg.di

MD5 a6a64fe7741ed4bc67ebf3846bcd6b02
SHA1 dcb65d77bbbf1db255fdc8ec3bdf890739782786
SHA256 02b0452522f988d7e7acfdfd586978b3971df83cb2b81c2ccd2b139f845b662a
SHA512 c23e4a22345db4090f050c283d56e5e18f5bf83eeb57b8ce15cd44791345adf1f751acfb6272d9be06c3d0031350884fb7fe6c294d011ce5babd1c6bbd8ea892

/storage/emulated/0/360/.iddata

MD5 5d17044669d4084d3ab28167f0a95180
SHA1 aa97a18448d99e0733a85762e478504b6900edca
SHA256 fbc35f58f01268aa3114b1522acb65abbe149f5676712c833a4e7aec47e14e4f
SHA512 066ca3f184791552ffbe39afaf944bc64d1a8591b4c600dba2fa5919104b18b2d3d73d5d2ff70d8cfd239719cdeba7803032d5d1261ea253ceb2493c05f903b2

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Android/data/com.weiqijr.qihailicai/cache/xBitmapCache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/storage/emulated/0/Android/data/com.weiqijr.qihailicai/cache/xBitmapCache/journal

MD5 b28e97d0142a04b861ccb782ff0f968e
SHA1 a8538a6411a5a2a220161971afc6115b10177691
SHA256 7dc67cd04baffa9319734569bfbc5453ec6df152be19b6174dadb3355f89678e
SHA512 2aed2ed6aa250dcf0ae5dc0c0d02f9e7e807c2e33ccfac36a3516abd95540821170e3c700324ef8d3d6514edd3fe4d4ca218ff5ddc9a9e03fd9f441ed9d83e63

/data/data/com.weiqijr.qihailicai/files/umeng_it.cache

MD5 624cd963b0144eb50efa751e0349403b
SHA1 99d2231a4009caaf134515602e98c3ba3b102e65
SHA256 0d3564926661431e27ff179e7264bbee59df3057e0e14aeb0a5ba82999f59a32
SHA512 3d7c69fd2f8e233e687ed835d58c45b8a0a7510a558c51ba26b868c2dadbabd2863ccdc2b783cb92e2b7b65845488e8d503f33a9004461b3a2c64723f908a84f

/data/data/com.weiqijr.qihailicai/files/.umeng/exchangeIdentity.json

MD5 ce83ceb6ed32f43a70f3d064a1ecfa55
SHA1 a2f29ce49c4392230002b130cf20b2f2e15eed4f
SHA256 f45b77b5485cfb58b25b91a5d9c2b0ebc8cec7ec4d114aedd8b4a809d0f2c22a
SHA512 756c299d4a461a8b2297d84d851e755865ca048ac25575b898c854cf67d7ad8a5c10f5ee126e76202fe65fbf37229655f3a83310f1c9887296b9dfd2836d26be

/data/data/com.weiqijr.qihailicai/databases/xUtils_http_cookie.db-journal

MD5 602691066d4268dca1f831363ff87f40
SHA1 3b8af7366482cc59e8648ab7ec89e94a8d14ba24
SHA256 fdc0875bcfc72c4add0f2a6ae83539bd65db6e269c1fbb3e424a5bdb9cb488fd
SHA512 773064583007634229f44a77a883cb881d80d9e3e486ddf214410313ab8dd232a45465b739de7f1201596d8a63a48c266b356a5c7ad903f103b87c4a4403003b

/data/data/com.weiqijr.qihailicai/databases/xUtils_http_cookie.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/com.weiqijr.qihailicai/databases/xUtils_http_cookie.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.weiqijr.qihailicai/databases/xUtils_http_cookie.db-wal

MD5 4d0820b3ea5edc1efb2e99c7c201b5bf
SHA1 27779b0703be02f41e88723251971953a5062bd6
SHA256 4350013c29094cd3ae5f761d80cd71b9c3e082dd643f84953555775046fae3ad
SHA512 b71391a782d6145bce48914725d180e06cfcba8684a51f1f02263ee18e76a6f204a3f15c57fc654e7b184bc0c425179253980d0471401b02bdc3abde4343e799

/data/data/com.weiqijr.qihailicai/databases/xUtils_http_cookie.db-wal

MD5 ec1cb0e7d5f341f28902aa26d1887df8
SHA1 16fdd799a75e4ca90e530f7afea9fb94528330f8
SHA256 22283bce6e65652c13c5d075ee906a2b1ad69e9c75b0a5a6f70babae9a1625f3
SHA512 6b3e5ba145e3693fbdedeb1929a9b793dffc9d98c9bdc153f0db74d034ef055854b1f424bf77bb6d3ab47f63b61116640145f3e7f2dd55da0a0d6d7b02d14af6

/data/data/com.weiqijr.qihailicai/.jiagu/.jgck

MD5 e8eb336844b2bfbbe847fec205503b08
SHA1 330e67de76eb625534f5073a678fd7f22b796b56
SHA256 20c5f5142db30961ad1fe474ca5c7955d8833aaff6660c08ca904cb10f42382d
SHA512 6dfc5674a1b7d462b55e298493d69d3bda05724abe31291bc4820ec2de58bf3db7a93713fc0a8c252af8b1973ec4e44b130c40fe453139743a5e7ced84302536

/data/data/com.weiqijr.qihailicai/files/.jglogs/.jg.di

MD5 5fce616e6596efc99e4d7f9785fe9368
SHA1 a77a966cc153dcfd5ebdcd8a36e010e8867899be
SHA256 56a58aa3181e31b1b0bab886cdf4db9f3e12ea093bcbefaddee80a4ef1038c13
SHA512 9cb384c1dfb0564e74a6197bf7978059ff877538ca878c66284390b4bad8d351e9676c753297f59acaf58538eabb46eb68bfcf4efca2ce0f2fafcbed751183a5

/data/data/com.weiqijr.qihailicai/files/.jglogs/.jg.ac

MD5 5bc717e71340de4f420350c343247356
SHA1 c542ea779f0d6902bdfe24015399c2860ad73b89
SHA256 a4b67ecb3c0db47e979e03319589d66c3773611504203de205f1c1153e81b4bd
SHA512 12f3ffeb7aa6059815d2536dc9edc451ec617a136a0fd3250910356f6196a891bea2bcda6d2bd9fddda133a696e32ebadc534d04182202f2c07e329842b19156

/data/data/com.weiqijr.qihailicai/files/.um/um_cache_1718562700795.env

MD5 6c42bbb66be1d7015ae9ff0005216dcb
SHA1 2f46c6086725426d0cec7cb9f06a1fec43e74700
SHA256 2f2831fa98d21b04b24b41490156140cafe6466ab5107339c85afa8d07b3f0c0
SHA512 15c0aa16b450efc1535b1c71c76d88157cefcfdbe55a361f783287e954945f96a9526ca597263ef4b53e93b05a7cfc0f49f17ba238acd8e717e583d387dbaf48

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 18:30

Reported

2024-06-16 18:33

Platform

android-x64-arm64-20240611.1-en

Max time kernel

2s

Max time network

132s

Command Line

com.weiqijr.qihailicai

Signatures

N/A

Processes

com.weiqijr.qihailicai

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.weiqijr.qihailicai/.jiagu/libjiagu.so

MD5 7e7125a1193cfa8a696c1b8a6d2a103e
SHA1 af193df6127a47f455ebb7d5b792d2e982f4e004
SHA256 707cbb7d210699b111f050a382224f04ba2dbf72ecb4ee8f420d5759b6a23681
SHA512 91a62f00c2a9dc3c28348ef512ca56ab44d999e11dd806d565109159e79f25833c9141023ad639c7f5132acb8038ca0d7cc049ca2118534570d3ef1b36798b03

/data/user/0/com.weiqijr.qihailicai/.jiagu/libjiagu_64.so

MD5 6ee9a498bd6ed42a154060a4234ccb97
SHA1 4fd634e990722107ab3e72736ff132d6e1e0c8f7
SHA256 f56235bc5b496ec66aefa59b73130ffa19615e522c6aac2dd9e6519d7588cda1
SHA512 25af577f7f23367af461694be979c0b26ca318c696304951837771846d839410083997f3f5c1e0ee3ed55ab2d11a0e596c78f3b59ef6d572f5769d7ea236cbef