Malware Analysis Report

2025-01-19 08:02

Sample ID 240616-wrerzsverq
Target b47d70369ab9118da7934775dab9a48f_JaffaCakes118
SHA256 a98dd8bff1885fd1ea727b507651040c1c176bfe604e45f16931ebd7d03916de
Tags
banker discovery execution impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a98dd8bff1885fd1ea727b507651040c1c176bfe604e45f16931ebd7d03916de

Threat Level: Shows suspicious behavior

The file b47d70369ab9118da7934775dab9a48f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery execution impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Schedules tasks to execute at a specified time

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 18:09

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by VPN services to bind with the system. Allows apps to provision VPN services. android.permission.BIND_VPN_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:12

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

189s

Command Line

com.qihoo.gameunion

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.qihoo.gameunion

com.qihoo.gameunion:remote

com.qihoo.gameunion:PushClient

com.qihoo360.accounts

com.qihoo.gameunion:mult

chmod 777 /storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/log

com.qihoo.gameunion:pushservice

com.qihoo.gameunion.account

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sdk.live.360.cn udp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 1.1.1.1:53 sdk.s.360.cn udp
US 104.192.108.23:80 sdk.s.360.cn tcp
US 1.1.1.1:53 sqhd.u.360.cn udp
CN 111.206.170.198:80 sqhd.u.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 1.1.1.1:53 next.gamebox.360.cn udp
CN 111.206.170.198:80 sqhd.u.360.cn tcp
US 1.1.1.1:53 qos.live.360.cn udp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
US 1.1.1.1:53 p.s.360.cn udp
CN 180.163.249.138:80 p.s.360.cn tcp
US 1.1.1.1:53 passport.360.cn udp
HK 101.198.192.77:443 passport.360.cn tcp
US 104.192.108.23:80 sdk.s.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 1.1.1.1:53 cc.push.dc.360.cn udp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 1.1.1.1:53 tr.p.360.cn udp
CN 180.163.237.229:443 cc.push.dc.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 111.206.170.198:80 sqhd.u.360.cn tcp
CN 111.206.170.198:80 sqhd.u.360.cn tcp
US 1.1.1.1:53 dp.push.dc.360.cn udp
CN 106.63.25.248:80 qos.live.360.cn tcp
US 104.192.110.235:443 dp.push.dc.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 111.206.170.198:80 sqhd.u.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 223.167.166.45:80 tcp
CN 112.64.200.182:443 cc.push.dc.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
HK 101.198.192.77:443 passport.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
CN 111.206.170.198:80 sqhd.u.360.cn tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 180.163.237.229:443 cc.push.dc.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
US 1.1.1.1:53 openbox.mobilem.360.cn udp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 180.163.251.81:80 openbox.mobilem.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
US 1.1.1.1:53 openboxcdn.mobilem.360.cn udp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
GB 138.113.101.20:80 openboxcdn.mobilem.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 112.64.200.182:443 cc.push.dc.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 115.227.15.227:80 sdk.open.phone.igexin.com tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 115.227.15.229:80 sdk.open.phone.igexin.com tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
US 1.1.1.1:53 img.vcloud.360.cn udp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
US 104.192.108.182:80 img.vcloud.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 106.63.24.127:80 p.s.360.cn tcp
CN 115.227.15.233:80 sdk.open.phone.igexin.com tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
US 101.198.193.208:80 sdk.live.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 111.206.170.198:80 sqhd.u.360.cn tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 115.227.15.7:80 sdk.open.phone.igexin.com tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 106.63.25.248:80 qos.live.360.cn tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 171.8.167.68:80 p.s.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 115.227.15.241:80 sdk.open.phone.igexin.com tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 223.167.166.45:80 tcp
CN 171.8.167.69:80 p.s.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp
CN 101.198.3.20:80 next.gamebox.360.cn tcp

Files

/data/data/com.qihoo.gameunion/databases/gameunion.db-journal

MD5 0aba9f6453861d4024e81b3e1f53092b
SHA1 ba60a05bc8990bac912a95c7845a73cb925938ef
SHA256 d5c3a163337eab40c74db8d5026d8bc5c26aacdb0758bf27d5292548494d8055
SHA512 612e5c83dba96d3b13e166e2c3b15c5a020f0d31ee759eeabcbf8403709a8eda6be47b45e83ceea067327800a9e3bb1ef9cefd8767b96118b2d8164a28749768

/data/data/com.qihoo.gameunion/databases/gameunion.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.qihoo.gameunion/databases/gameunion.db-shm

MD5 c9d0a7cb400a7975ca2a5debf7fe827e
SHA1 af854c26808e3733b9b39cd0877ac157634e92cf
SHA256 8652f64856bc2778b31c38d2249b4fb4ec40422dcce252af494b24e610b221a6
SHA512 cf3ae594be5d6a088967ba405e2b5c59e49a160f928cad9e5ba28b3127c3131b89186aca3fdb0ac969e2c151979a1e1fa430c0b736ba40646e4c57fd93437575

/data/data/com.qihoo.gameunion/databases/gameunion.db-wal

MD5 caa8e3fbebf81b9df41f35af2175bc60
SHA1 1b4f7a23c5b6c795fc9c4532c0c14859e6a33eaf
SHA256 f89544643ac655be0cbe103ae4b6efc90a85718e81858b84be684f2f041a30be
SHA512 d72755202f16d425e15acef3fbc63af801e2c23bf34627caa3b876a5fee505987b2f5fae026654cb0ec8807427242765b254c446613d34141bff2b641972ba0b

/data/data/com.qihoo.gameunion/databases/gameuniondjq.db-journal

MD5 d4b15565cf6c2bd6a726bd5104ad9620
SHA1 0966b7d9420b8525e1ff733fb7e2fc860b0d1baf
SHA256 f8900579d5ee84bd5d7099186c952aa11a2d2b41417192824c735dec7c71fa96
SHA512 e63d13594eebf47835e374ccb867315e436eed773d0946a810d863d2d1900702fd6fd755601155d4ebee84fffe7ea03db0e7c65ab37ca6a064b055018922910c

/data/data/com.qihoo.gameunion/databases/gameuniondjq.db

MD5 3f6708335b33b262ab5dcec1c84de573
SHA1 a86c259bae57a7d660313c394019826a97de85e0
SHA256 01234ded8dea256aa7488a3b21e3f7ba09213926d211040c0aa356e371344d86
SHA512 b2fbcdbcc05293abed9c629ce8a8868cb3208ae2aad1b966ce2dcbf2adc11708d0885695b484626298eda01e9043a05b0e402042e42834d64f436d2e6d4d1031

/data/data/com.qihoo.gameunion/databases/gameuniondjq.db-shm

MD5 fec1a10e38bcb9c540af84529a4a39c6
SHA1 edd2f8037793708d0ec51fe922425a584a946522
SHA256 a63fdcc6bcad2c60fe3d509ea34c7d48bfd588552a4e170c0a58557a74ab73e4
SHA512 d86f23be4c8e2096eba127bcf228d68aeb12540e9aacdf290273280076f20b8c9f8f773524e940f65a442f9b9b3ee56bebcd123a7a6a94cf91eab0021bdabc1d

/data/data/com.qihoo.gameunion/databases/gameuniondjq.db-wal

MD5 381a9a18347424ffcf19ff5b968ebf64
SHA1 064ec2481432172c28af78113a4e18c2903faa2a
SHA256 1540f00f56ac16a2fa58139432b2829937a779f386a9688132a3eedcf855679d
SHA512 4d9b1e6b75f7f4a6b3bcb00325331b6c37e59dda8f8bf99b631804e04c86a091782e795d1ffe3584352e4cd58e19bb151ef661b304cad24753a33d08f8f109f0

/storage/emulated/0/360/sdk/persistence/930

MD5 85d34dc312dd0ef78f9aa5192aa335a0
SHA1 6485cda7549d55fa0e995c76b93fa556f8878bb4
SHA256 0bfd7628624cdb1b3a3089bf8a7f86df9afc0fbf7d5962a6192a18aa03db516c
SHA512 176a084744344c21e377e8e690880dc1f4f913c867b30d7cf93ec792e224d90aac574c53f0805728221cc0877a42717202616c214691d3c8bed5864b995a9ef9

/data/data/com.qihoo.gameunion/cache/ACache/188727362

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 81f095368261541293f55a4b239117ba
SHA1 d23bee81f2130a625ebefcb6054b7ecacd8f90a7
SHA256 4f170392d5d5fb98a512cf1547cb26599b410ced54ca1ec6d0b2227f0897b3b5
SHA512 35f2324f8e9e6b662c255ee88e28880666cfaf7609b4fe428c4195306e6af1ef1e4b00e2815ebada881a67edb1700b0de40f1539752df7e6269df63ef699a484

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 b3a2116e7005a9cad9fe83080360eb55
SHA1 5f17a9f5fa42ef6c45c8add781e5f36ed0a40ad7
SHA256 4197f420d0635c929fd4f551bac99cef914f7256f6e0c8098db4b8b4a9e9007f
SHA512 e003f49126f3460bf77e1f85ab959d9b0b0b78df73d7e6352e0f30de889abfd86824f272e67df8114e30daaf5888786737c1a8f8e8bee4c4d8e411ebcfab0810

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 a844561609bc6d6442d2caad077a4c83
SHA1 e1e540a21c096b18b2ba9e54dd8e2ee936382d83
SHA256 8147870226d2656cbed5c4147611e40b0f1c23157752101d29d6a412c864804d
SHA512 5f6f7c9c344bbcffe739cbf3ddb9a8a656a7541063463fb12ec50980a4941b5ca818bba7308e5e7abcb7acda319125e60477c362bb12fca066bb6997b88f9a94

/storage/emulated/0/360/.deviceId

MD5 e28883d66773519c5c87d4a431e45abd
SHA1 7c921942a94f820cf9caaf8830137aca12b26709
SHA256 a9e952f1a46893299c79a2c3520d42bb89d8dcd3cb546e5f7f415e7be586cb48
SHA512 70a92cf7725fe5a5b37d2d494992f6e02bc519d03a68d4a91d731a8d0cc564a0f3032decb2d5c5863a5e98d4933796d4be7845522e486746ce64d16dd8a6f7b0

/storage/emulated/0/360/.deviceId

MD5 60dee6812eecfe4653d44441e56c9cf2
SHA1 d0a42ac0acfd6d2b1e948a1aad9cbc24b1c8997f
SHA256 bdb9a7d4eaa90584baf618ad87c9bee5c5b926131c651e0c95dfcd32708d9faf
SHA512 0c46ef50db83632cb62baec87843c35d4ae2729b327009d82aaabf1099dc8cc4ee7c4f42467de89c6646d73ed4c6624dc5f6bf318c8b64d5421390ef52843ab8

/data/data/com.qihoo.gameunion/files/torch_game/core/1.2/finalcore.jar

MD5 8b6b5ab7e32a8c28d296e512ebcbef8e
SHA1 09b390c82969efe509e1ef7cc7158a9b1a056a69
SHA256 17852b53bdb8f9bf3ef5fa9de74c1e6bcee95b28b728769d18bcbb68fe76a9a3
SHA512 1fe4aa3d1c8f8009e8891d324160efebeed5fe5e905da3865a6b43b9ce5d22db99182f0cd5635c727556f681db08c5381899bd3845488e4bb408eecc192cecec

/storage/emulated/0/360/.deviceId

MD5 0d7c0fb69a34cd359cef251cd8882560
SHA1 d6c946e3fb55a91efcf616d4a19de93288695be0
SHA256 262ea0a2b71083da8bce31b737ad4f9bb092697107c5462eb261e5ac7898a5fe
SHA512 f3809bbecc246f0496c6dd075978dae47d9007ab48374743f59c5a578a85921367b99f14c0e823024db0740823a2710345a3b8bb50f6186a6cff9995660d8095

/storage/emulated/0/360/.iddata

MD5 f36fb9534b16932ace4aaddf6df0687f
SHA1 1b0cfd60f7e32e96e1bf437e1d5832a3787e5eda
SHA256 209320acf7b111e69f6851aa4690b84b0cc7c1fc05cec1d0a71757a85f5f46e6
SHA512 2a937781fca484a3767e8c9f94129e40801e102b406d3ee2494c02bc73931fe167655cbffa91b5dcd911cf10192b753426001ca2498dbd6df3b4221a98db6002

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/log/Log.txt

MD5 2cde28454bfbc4e12b1b2c1be92a157c
SHA1 ad4d0935caaa9caae5c9e82a3266834fa76ee641
SHA256 caea1492badc8bbef83b017c7267c999ec0f2fd0196485abcbbe5872e4b3141a
SHA512 c9fe50561946aaac0deeb2a88b71cf4700d0f6e5bf3ac988743b6e272d5c9588d71e1a4340f2fc0bdd50edd72db6d0c21af40b94490dc5c89e226964bb8f2c1e

/data/data/com.qihoo.gameunion/files/E5236AA052F398D139F7A9BFE4457259.dat

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/storage/emulated/0/360/sdk/persistence/3Sl

MD5 0cc175b9c0f1b6a831c399e269772661
SHA1 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
SHA256 ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
SHA512 1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 df84c55da2a27f0e16814bc536b0f279
SHA1 b33e37a45eb58ef4abd7cc16aa3c0e730a87ae94
SHA256 e138ad49aa29a85356d8b678adff9ab9946fbf6a4dbc760b1ed59adea17c0df9
SHA512 07ea072a0ca87dccf160ccdfa941dbc05aca54c26ec0fff886ce5121a660abf322da5fec4b08f073ff4aa911776f1004a90add67d3fd1a4652d45de69d619dad

/storage/emulated/0/LiveCloud/LocalServerCache/__VERSION__

MD5 9a434ef9c8a295bb14092a443defbd71
SHA1 6222a34c62ce8ae5dd5866ded33bbcff60877c57
SHA256 9141bfb7043a59e1a555f5672139b92a3f9b92d04aa471e1160fb491e7a65e94
SHA512 644c04770998434f556a2945206e0504371401cf24f12ba6a9a76f875bb142276f15f2e8c8f4081a617aa02d969f31a17f26cc7e8d5250f5be642d7be227366f

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 383beb61fa2f95df9e7de6c97abb26ed
SHA1 0e58c03f7860a8668454403a4dd51ebe2b4dff15
SHA256 bd0824c9e5e98230a468c7a8f6748e558269a01ee4633ed75ed4f833edfd9928
SHA512 af774f403b9081e6ba4016fc6a8144a853e90a2e06ee759fceebc2a73e378e050fe711b4c53a86c35506bfdb530401699d33d07f8b8858f772b64ee71bc4ae56

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 b2ade749d39dac26f9cc720ead7fddba
SHA1 c880e4125885862b973ea9f87a8d11294a3fcff3
SHA256 cc870216eba7c67294213aaadffbb0b13a3247a9e06935952064e94d11c23a9a
SHA512 754a3d30be737eec073683da94c214af9c401d6301049e7d4f40a8e5d4e5952504bcd46f7ad51991d081feda27c504a20710aa00136facb43b4285d5b9b6c2a0

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 5242e8bfb8154e06b0d5b91f6a324434
SHA1 7f2fff6398ffd85497989c0dc17f65e34e5607c4
SHA256 23856597edf59c4c2c9c31d690eb1d58ee7bbac2141b9b4cd7866b126750fae7
SHA512 1bccc55c27ef8d188f40d361367cbdeed578ea6dde2bc4976fb16314d74dfc4a6c8a2932f04b26da64217327f1660af6b61d72c9db8cf4346ce78b5933eb5791

/data/data/com.qihoo.gameunion/files/init_c1.pid

MD5 7571e750b1b1e8103ef53c1ac543bc95
SHA1 bdbea49a03bf90e3e23a14e56aeb841b4207e651
SHA256 8c0d5c61ae6e24722777ea9cdb3f18b4ccf961b6dce0867c1bc9eab036e32fa9
SHA512 1421a5a3d234c51f8571377cb2525d01ab214669055812cf6b1e7f1c44801a109b51061c85fc381fc545f5c4a0a154f22701a4c8a67e1da081d57a3782bd594f

/storage/emulated/0/360/sdk/persistence/data/6766aa2750c19aad2fa1b32f36ed4aee

MD5 f5a79d403c5ca992ef1ab797a9d1cdbb
SHA1 5da635ed071b014a665cdef5c75f3fcdf74aa2e5
SHA256 485c2c6df80cf5ed1f02423c443dd6a7823a9a31784531c798a4e2c864689c0f
SHA512 23885e8fcdaa1f2cbfea40c17913fe17f2704506c1b0b0b4d2cdafe71f19a04d4188f9764d43622557f5a85c26a229050066952c2fe46450ed8aba781bcd9c8d

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 67152e44ab180b6215b2a2829d9954eb
SHA1 b0c5837b62fbce6de55f977e90fb646c0225fdd3
SHA256 c7985fecf0a16b533cc0ab2dfdaf04a50fc103f481b84a9682c0594427531e73
SHA512 cfee18d49223de0267deeae174d1627d51cfa59ce748923bf12d521fb7c4a10028e17194c4edabfc5fc34654ba7fe925436945bd5afd75cc539c06a5296425d6

/storage/emulated/0/360/sdk/persistence/data/6766aa2750c19aad2fa1b32f36ed4aee

MD5 08376508b16a30b5bbeecf08e273f06e
SHA1 e9f9598cfb6994e317d9d2c4934610049c826d71
SHA256 2910ba687efe9056dbc5a60779aa488964e728bfecd66f67c334f286b1211188
SHA512 5a9b82ca93dc85a9d0b23b6d0a2f9fb92e4fcb33761e230db8e96919a1727da63129da7cee9cc2357b7bbd3a9e67dfb867a3311a6347fa05a8b77cc52badf2a4

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 bb5f8943ec7d8e1f909d2fccd66858bb
SHA1 e7dfe7df662bf617a7489197ecbb5847e9f39b69
SHA256 7ae3c1056b638cbe70784d3a793f86f98db92a260b0aac8231737df82890dbcf
SHA512 a8427b64a955cc94d422949fd20fab8254e9c461b654f2429ee8addd0c73f87ce178785979d920062cc3b53f34fac29ccbe93bbac56d3de532eaa4a1c0240651

/storage/emulated/0/data/.push_deviceid

MD5 fdeed64af42717cbb7ad9a380ea62416
SHA1 675408c8b88b76726ea68a69b93fb14c30f74d8e
SHA256 26d10483d802a45f240b4f0c65c0e594634274b12a950a5033dd20b3b9b83a18
SHA512 4bc4adf4fc792b1b71d77d2a099eae717652f79f0254f5d3db9cdbf786d2e976947b3e8080e19c305819af975bd8fe42f50cc021c95c10e8626824a7717825cb

/data/data/com.qihoo.gameunion/files/jpush_stat_history/normal/nowrap/2abba9d9-5a6b-4cdb-bca4-fb8f7309b6a8

MD5 8a3ba85da932b90f2196e43b4983215b
SHA1 52ead7e6c750904990eccb5c69d0f4017373edaa
SHA256 33f632096ffc1e15e23211e8640ebd3e62a565ac80f8e10cf7220714d09bd1ef
SHA512 ee47c8fdec730fb20028225e2700dd788562481ba30878840330c008123368a0ec8414d0ea25badaf86beb29a3e26cc3bcd78a5ebe96323f6ef8a9fbc074fc84

/data/data/com.qihoo.gameunion/cache/ACache/1300860820

MD5 ab99663622f7ced2d59d4b7b1fa2661e
SHA1 1c16ac1b8f2ea2bc8fcf17d28f7fb3c8063caa21
SHA256 028e25027c3f56b8865ab2804743ebd7e4af199dc63d64687a1e31b4f267c01c
SHA512 05473a016b68047dff81429639dc36ad77d99771f8b25bdc1141565317c2cc73fd583afb91643410bf0aadae95dc13e263f032197d24ba4ca4dff33c11d57db1

/data/data/com.qihoo.gameunion/cache/ACache/1776399586

MD5 80791b3ae7002cb88c246876d9faa8f8
SHA1 77b5f8e343a90f6f597751021fb8b7a08fe83083
SHA256 e0603c499aae47eb89343ad0ef3178e044c62e70ae2309b35591d1d49a3211ec
SHA512 dbbf6d79d43f961604d7c55aff92dfe728db914f654480a56ef0815aa7a8a87a56088a30ee07f94c2eed7b1e1ba61f52ace161780914f4818e40ca730aa4a56d

/data/data/com.qihoo.gameunion/cache/ACache/1776399586

MD5 957b527bcfbad2e80f58d20683931435
SHA1 f9aba3f1299b4a48e75ee40ef3baf522152a817c
SHA256 bb9af5d1915da1fbc132ced081325efcd2e63e4804f96890f42e9739677237a4
SHA512 49a1c8b5f64a5beb4c37edeac197710b5fef8f41f57e7719c49cc7ca8fd6669839b7d95cfba08fb9be36080bad593a6007c59199d528654202db434ccf180940

/storage/emulated/0/Android/data/com.qihoo.gameunion/files/gameunion/.cache/requestlog/request.log

MD5 e2a81142748a6ccfaf692e7afee1cce0
SHA1 85c23ef2b3dbc1e5bb63323dd19ad7ee7d5227a0
SHA256 13f35699f5d3bc8b239a02a1a84911fd19b80f2d35ee8c7fd79676da147f21a3
SHA512 aed88face30ac1d8d12a53c1776045b9f2273b14b528bb3ff03d122b92e2895cbf151fc07606bcefdf13d66125949375c12e72425384078e77f87e0e04f885e1

/data/data/com.qihoo.gameunion/cache/ACache/-559561335

MD5 7b00b553aacefa9d21541143a9beb498
SHA1 cc342dd6f78ffdec1e37af54218ce9882a9d59ba
SHA256 56cbf6b863fc18f063a654a837c4caa431066c5a1dcc3bf5b35ff2a10b8b7369
SHA512 8dbbdf74b3eb01260f7a124b6b2afec202e3de4715548524ba2d20eaf33a5dfeacb4b1ba1e2d235dd74eaf11bbcd8adbe20720473a235d76320834ad7446c8c9

/data/data/com.qihoo.gameunion/files/plugin/armeabi-v7a/ssl/libmyssl.so.1.1

MD5 6e82a7e365df07c106caf72cfffddace
SHA1 4add6d82a84005f2202d7ff1fe266e193829d0de
SHA256 2424758dd8df637bb9e854fe02f8f576fede7e5bb82c8d32dd2ad20d5a9a033d
SHA512 54ec0a81d8e8b858c773d8779ac7e1a84b2257cc724b6d9c98f05fa06b4151cff1bb4df6c60bc42be2307243223386e1acee7d56c3fe0c7a04b5e6c4334aa099

/data/data/com.qihoo.gameunion/files/plugin/armeabi-v7a/ssl/cacerts.crt

MD5 1be746b044476041ad4eca067cbdcf56
SHA1 804b2018ab08d323c6e251938251fb22cdebf4f8
SHA256 840afcf1dfb834ecdf402249a0b48a1aada8a263c3f49f36c0de613fc8aebf05
SHA512 15cb276c37e2648d6fa3c113a52961558a2ba9c84d512a6d817ffa24f743abe3cde2cff858082f6b60f551f3dfd4a356a422d76944eb79db5698265b9e0a5358

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:09

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:09

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:09

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:12

Platform

android-x86-arm-20240611.1-en

Max time network

141s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:09

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:09

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-16 18:09

Reported

2024-06-16 18:09

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A