Analysis Overview
SHA256
45be476f498df09d9070bf51ee2852ac3e807c6cfd7b54b680614e7a13f1af89
Threat Level: Shows suspicious behavior
The file b977d441304766d20c92f0fd38d03c26_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests cell location
Requests cell location
Loads dropped Dex/Jar
Queries information about the current nearby Wi-Fi networks
Queries information about the current Wi-Fi connection
Queries the unique device ID (IMEI, MEID, IMSI)
Queries information about active data network
Reads information about phone network operator.
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 18:46
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 18:46
Reported
2024-06-17 18:46
Platform
android-x86-arm-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 18:46
Reported
2024-06-17 18:46
Platform
android-x64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-17 18:46
Reported
2024-06-17 18:46
Platform
android-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 18:46
Reported
2024-06-17 18:49
Platform
android-x86-arm-20240611.1-en
Max time kernel
134s
Max time network
175s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.yundu.YaLiMaino1449oApp
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
com.yundu.YaLiMaino1449oApp:bdservice_v1
com.yundu.YaLiMaino1449oApp:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | a176b6.xinpear.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| CN | 121.201.11.121:80 | a176b6.xinpear.com | tcp |
| CN | 121.201.11.121:80 | a176b6.xinpear.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| FR | 35.181.105.100:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| GB | 142.250.187.194:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | a176b6.xinpear.com | udp |
| CN | 121.201.11.121:80 | a176b6.xinpear.com | tcp |
Files
/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar
| MD5 | e70723b8f6c4c7c09a6019733022cf53 |
| SHA1 | e3ca32166c65e4dc73c21347ab22d54a7b5a9a83 |
| SHA256 | 32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5 |
| SHA512 | 461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd |
/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.key
| MD5 | 1ea8459a688352c3573a8e80727c2644 |
| SHA1 | 9b47864e96eed98798a6da2b8860c8f8a68f089e |
| SHA256 | be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093 |
| SHA512 | 99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f |
/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar
| MD5 | bdfa71feb08b80b649fddcd7488b03b4 |
| SHA1 | bcacf11199fd2c353034a7271b5dbfe2dd4cbddb |
| SHA256 | f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d |
| SHA512 | 37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a |
/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar
| MD5 | 5597a541eabd3fb792c581587550dc4a |
| SHA1 | 6500b0ff20c75717e1cb67dcee76b4641a4e8a35 |
| SHA256 | 473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2 |
| SHA512 | 39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2 |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal
| MD5 | 9ec82a4ca15f5ad07cff28b2807b60ce |
| SHA1 | a6e8911a586945065077a4db85e14e25c784c4b7 |
| SHA256 | 18cbaa314db8727e36dc4d0d120c5291edce750363a451df27df62b8405116b6 |
| SHA512 | 7f27b482e096a729e02d3c42c52aac13b373f99eb8f5bd7f2772bc2365d50efa24fee946b2492676cc120324d32bc2774c85dbd183d95f60ccc767cf67e0361b |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db
| MD5 | f26c53cb972680bd57103488e067696e |
| SHA1 | 6c2b35331bdbd46782b33bdc2cd83bc5a4e94c0b |
| SHA256 | 906ca0ee78406d8e2ed9eeae5e6b78e445cf443be8c3a8fa9f9f5ac2406615ca |
| SHA512 | 9bed4903db2253ea518f187b8d1a7cfa4448918b8397d7173f916dc68dd9a896c3c87a0682c1468ed5889adce76420965a4128e79bcbb478f31a4d60879d2f23 |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-shm
| MD5 | 86324c186feb2dcf9ceceba915b65cbd |
| SHA1 | 9894bae1354ac9c13c19ae88c06e0d006eb9d235 |
| SHA256 | df7d86c5a7d06572b9c4481a1680174233751ffb480d10746086e73f11ec1b90 |
| SHA512 | 7777f57eed14fccf4e08aac9c85d6d99449b28cd6759fb91cadc2f1db8a6abba4ab807d8baac58206d583c50871d93faa23d9c75e38e6b806bfd2684019501c9 |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-wal
| MD5 | ac7ef5946af863ded02566027f9377b5 |
| SHA1 | fe8dcae6f052f7e062c587a22c194313c60ddc46 |
| SHA256 | d8c9920f39fde6ee1933e8b82f8e8b0e556e4729f2caa8039d5de8dbae2a1b6e |
| SHA512 | 4ad43e5a8f753eb74cc6a930fee13007bf89ff7211a70fc932dada59a282a76d87c804a24d0892ba8cad34f16c005819957d834643568e7c6a5b46b2285f615c |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | 06d4e3a96abff9fa6e0d3e7ed1b5efb8 |
| SHA1 | 3392ba490bb1b9e8eb10cb97b07ff07ccf29c5ec |
| SHA256 | 0c37ac9ca4f65956adc21a86d37a6876b26cc26e34eb929387ffb4199dc086e5 |
| SHA512 | f8cfe5e9cbaeffcdfd3f4f5cddea7686d6ca0df54af451dcc8c915380bc1ba90026a8808cb09edfade642250eaa5ae758afaf9a6f5d9e6f511bd75ce0aa35986 |
/storage/emulated/0/baidu/tempdata/ls.db
| MD5 | 0d3e99204c6401ea499fe9e6d9855497 |
| SHA1 | 09829f00ca458eab7374d5079393a2cd69a2348a |
| SHA256 | 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca |
| SHA512 | 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68 |
/storage/emulated/0/baidu/tempdata/ls.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/storage/emulated/0/baidu/tempdata/ls.db-wal
| MD5 | d5535ca9977ab033010c48375deb19ca |
| SHA1 | 8e1afa492d84b12dcfc7df13f7205361fb390a1b |
| SHA256 | 6883d67e7d175882d59c0059a05ad5c748394ef5a0659e576c24d58b85ba5ec9 |
| SHA512 | fc4c473f351b270333257d3079ab0400fec027f8afe295f9daf4cb2c759b795a752be5f3a8cd325a43c191faf2a53a8c2184cbaa44b165127e0a9678a224122d |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-shm
| MD5 | e374a6d8b783e872598644bb5f12d167 |
| SHA1 | 53aa66aac59dde6744cacc83babce3179df2ac88 |
| SHA256 | 56d813a597993d37d3ec6fe346293274110307914e49625dd8cd21295b0098f8 |
| SHA512 | 93e0a27b9cdf1ac30c8a1c8b23ce5b73aa7f3ad4404c2660c0460c2ec50079138fe1e8662b84bd9af872d18fb5ed50292d8e0fb795eb0a7b4744c27ea1fe7fbb |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal
| MD5 | 15408cb28eb0bcd1a5dd49fc9c3c932c |
| SHA1 | b5b0106741b6a5f359e39ae7d96b21b0fd44a895 |
| SHA256 | 2e91186b6e9939d5bc67c2e3096334754f81be29681650e7f35ada4fa7338aea |
| SHA512 | a3b9d7599cf02766bd859dd297a921a4206eb129e21dc6622f0c05dfcaa4034b999196250a184caa7ed426e2ffc94a9153108f7bba52c7803f4f2b4ba981f319 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-wal
| MD5 | cc4510e5a5c04b0b4dd71451613d1404 |
| SHA1 | 1116681fa9acc1cbf217b4b11535d6f5c11bfa6f |
| SHA256 | aeab619e14b48b6dbe9d0446e85363312ab0862b8ccb6e6950dfb63ce0622722 |
| SHA512 | 0973af796d38e0272ec52d31b727572c7312d07418cfce5ce4d37bea55dd38f1a330213d1222984d333599ef23c5ba0f1d24ab7cb6ecf3790c9a63aafdf4b67f |
/data/data/com.yundu.YaLiMaino1449oApp/files/lldt/firll.dat
| MD5 | f4040d80844404ac192743603454bb1d |
| SHA1 | 3dacb32d20123f53dc0b13a39e4e2c0d5b1263c6 |
| SHA256 | a15415a0171f418c85b973872679f9e12c2eebfcc959a0f2a7a6abc5210056ca |
| SHA512 | 7d8cbae2b181e3dfcf8802ee09b4bd4aa6b9ea15b583bb6bfd8603121487d29d0cccd2192bdaebcbeb683adfa697468114ec78bd4b8fc631c54d913952a04600 |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | ad56fb59eb120484a127b3280ecd06bd |
| SHA1 | 4c290f131ef47a4d28fc6890c88266f164f55188 |
| SHA256 | b25c51464dd0439aa03e4323403bdad4705b82892ca112f162ce1e7a302a9e68 |
| SHA512 | e10fc22dfb9b4e573b7f045129812452b2aa5ac7b16faf94eb3cc6141caf1f6cf8d7f34a7b56f62cee70c1b661ba11a84a3dbaed94a122fc0a02245f9201d306 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat
| MD5 | 161557b06b4a4d3ce095528dea370eb7 |
| SHA1 | 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f |
| SHA256 | f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4 |
| SHA512 | 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat
| MD5 | 8199b75e895e303d5276523669a28612 |
| SHA1 | c81379b9b219b7f6b79e69dc034490257f64bad7 |
| SHA256 | e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a |
| SHA512 | abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887 |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | c8d5c70bd501d119fcdc0c487bd3522f |
| SHA1 | 9344f70c5f73c95562af5eb367a3c9817fd9c7a4 |
| SHA256 | 3ae3428895b3eb5332dcd96856fd333c54ff3f3727bf64bf0a26cc103fb55b53 |
| SHA512 | a16672c8b2f1ba1ee28edc2f2a6e32af11fbde0679b02f6621a307750fb49b7f37f2227f863daee50953ad378ce0850457499c3c97ada20f8beb07047c34f6b7 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat
| MD5 | a936690571e9104e1922dda4a0ba5bd1 |
| SHA1 | 65f49c57edde2f96be2a1dbdfc3f7351f1e66554 |
| SHA256 | f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412 |
| SHA512 | 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 18:46
Reported
2024-06-17 18:49
Platform
android-x64-20240611.1-en
Max time kernel
136s
Max time network
188s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
| N/A | /data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.yundu.YaLiMaino1449oApp
com.yundu.YaLiMaino1449oApp:bdservice_v1
com.yundu.YaLiMaino1449oApp:remote
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | a176b6.xinpear.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| CN | 121.201.11.121:80 | a176b6.xinpear.com | tcp |
| CN | 121.201.11.121:80 | a176b6.xinpear.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | sapi.skyhookwireless.com | udp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | dns.map.baidu.com | udp |
| FR | 35.181.105.100:443 | sapi.skyhookwireless.com | tcp |
| FR | 35.181.105.100:443 | sapi.skyhookwireless.com | tcp |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| FR | 35.181.105.100:443 | sapi.skyhookwireless.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| N/A | 10.0.0.172:80 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| US | 1.1.1.1:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.246:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| N/A | 10.0.0.172:80 | tcp | |
| CN | 182.61.62.50:80 | dns.map.baidu.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | a176b6.xinpear.com | udp |
| CN | 121.201.11.121:80 | a176b6.xinpear.com | tcp |
Files
/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar
| MD5 | e70723b8f6c4c7c09a6019733022cf53 |
| SHA1 | e3ca32166c65e4dc73c21347ab22d54a7b5a9a83 |
| SHA256 | 32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5 |
| SHA512 | 461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd |
/data/data/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.key
| MD5 | 77bfa04a368af0ed7c6459578920a8db |
| SHA1 | 950430053cffcb49345941a744070ec19fa7d4d8 |
| SHA256 | 686bcdab766f2f29ae251c4c22a2ba447e5d619e9ed6c6ee110b0429ff308fb2 |
| SHA512 | 1252fd499d4e1eca79d2fbcacd7c7cf4efc9405d4be086713ac785a1695d268ebb644e48da9f8d59cd73885dca9a36356577c7a7cdf07a87562cb286a7314e7d |
/data/user/0/com.yundu.YaLiMaino1449oApp/app_push_lib/plugin-deploy.jar
| MD5 | bdfa71feb08b80b649fddcd7488b03b4 |
| SHA1 | bcacf11199fd2c353034a7271b5dbfe2dd4cbddb |
| SHA256 | f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d |
| SHA512 | 37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal
| MD5 | dc5875706cd53c74f22c04ede8015e44 |
| SHA1 | a5f8a3b419f153883d9f2f19e58a4d5523f52055 |
| SHA256 | 20089da5bb745793d8617eddd25b71e943594fd84ea2eea9178e94d8d5f9786c |
| SHA512 | 0223258e147f21d4ceebde326feb311cbb516697f7de1decebf6463faf354e4a062f9b8f0b3cc39fbd8448fcb7353388728302002fd322f3d67bc80a6dd765fa |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db
| MD5 | 16f6e03c6b1a1a4e4305ef7c73eccc48 |
| SHA1 | 83a3be2035e97db368c980b34f458b362cc70037 |
| SHA256 | a7ba5c5bde254612fc3e85dac706ce0d1a07f8439c890ae36515c5398a736cfe |
| SHA512 | 76fa309a18d53725d991914022622cb77b48649db8f22fc8e92a4d0305b56739da772e24c09377e7b840bc15e26fdbf0f47f5b0e47e929cb52a845fbd1a86e77 |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal
| MD5 | a868a86985939dfea45164959aea012a |
| SHA1 | 0d08af31d800e698fc123442d64ab4edff837a43 |
| SHA256 | 81638fd9eeaafa43d276464d19c7958f73b3a691e8380240f4ac5bc95611d8e8 |
| SHA512 | 13fb985e673dfce592fb6401e054096ec964c6711f5cc7b47836f27a87eb2b4d8f148e5c075462f172a839edea9652496bafd336b7766e1e518bacb1a25a510b |
/storage/emulated/0/.YaLiMaino1449oApp/._cache/.dat/yalioaData.db-journal
| MD5 | db7a5b9c6dec606bb978cea18943a31f |
| SHA1 | a8d21c90e012b56a8f2ee3487a0e340ce0cb810c |
| SHA256 | 7bd2197d212dfed1c4f3a1f6fad7cdf0bb3a3b01287ef2426c037c9645282d57 |
| SHA512 | 4913f3415a2c47c39f3509f20043028a9a9d4d52a95d93bc3e034efa4bd3a0ef5aed69950202b87cdfb8bfcad6ad433f467ef517eaa1d2115cc35ddf75129b58 |
/storage/emulated/0/baidu/tempdata/ls.db
| MD5 | 2cd47ada17ad7a4e3d5e2717cb2762c6 |
| SHA1 | 7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5 |
| SHA256 | 5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279 |
| SHA512 | c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal
| MD5 | 799a03c18ab059fe12034531a861cd15 |
| SHA1 | d8e1caddaab916cd81de2053e1df1da2aff144d3 |
| SHA256 | c999a44218afe84a4e9e841f709e52954391691f5d1d01e557097006f68d4c73 |
| SHA512 | af874df27a78381b86cbaa8a5868723a2a7a66b33270e17395d4b04315e2e6e21be23c2a1cfa6cf8f2eccfcce54aa166c7b8bf106a2c6dffe7b666976ed2e716 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db
| MD5 | 49eefa442e55be8652c7c3c5f28d912e |
| SHA1 | 941ef7e65d47d38dd5f47084663f4fd7f57fbbc9 |
| SHA256 | 63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7 |
| SHA512 | b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal
| MD5 | b610249c50d6bcf6b125f1359b28378e |
| SHA1 | 1e29f21942a4845afa64f686b1c30fd107b58ef8 |
| SHA256 | b6c7f4adc1929659e51b7251dd04e354cc2292871f290f2f20943596af03f4b8 |
| SHA512 | b161519fdf01a99c3bd2aecccc25717b937182647205ad4d329b7b9baeabd36fcea1d61677c26954a16588999725055476c8d06cc26724cf1c3ed11bbe822929 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal
| MD5 | f01b9e29a58c71fb364b90adb8a5d0c3 |
| SHA1 | 074bf314e03954f50f2c9dd432ca9dc952c12be4 |
| SHA256 | 8fc1152cf1fb14a21b72b5f94fad4b193e72aa9f89e70c888aa0305856ca60f2 |
| SHA512 | a6af4e9139cf1f0f5107120be530295c0cefd5cb865bdfd48185bb0d40a18d7e0d5c8b60b2e93dc9ebbbbeb829d404eb10678797d648bcb87e0ad5dc3be71785 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_location.db-journal
| MD5 | bcb8d92139d7f874d9a11eb1cb7315a2 |
| SHA1 | 17bb8497f51c861761abf5c1daba8c868799699f |
| SHA256 | d16b939fd1a59c768cf93e797d6254d34eb01588c870d445a84a4ed187ca0ba1 |
| SHA512 | 4bb810417d097a2db423ffcb5a3332e62d33d1a80c277d90ee9eb6f4759ba7d8e912413023665f7df4ee8c167bd562bbca7a3b75e14ae11e326b854e30d15f86 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal
| MD5 | 1c2afa8ac8d682e3ded0256c98f2b710 |
| SHA1 | c1402af4f3de673b0e44500cadbde5edd5822790 |
| SHA256 | cce20105efca480a1956198c7f064013a3989373aedd39ee06bf03767d5c7e0a |
| SHA512 | fda4c41a1ecc46ba890949ebe2a1b8ae95cfdf5fd774a3404647ff9e8c4ebb77848e91fdfd50d5deebe256951be26c4cb9960f8ca8e6da4ff2ab2d18bd3b7ecb |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db
| MD5 | 744ba4d6f58e22f8f82d56a50e4b5373 |
| SHA1 | 535e389f9b7f2e0d14e550fdd00011dfc255e0b6 |
| SHA256 | 8b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592 |
| SHA512 | e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal
| MD5 | 82436a7f2047ef76c82448357cccced4 |
| SHA1 | 8d27771de1bbc741946ae4740f753e1edd7948b4 |
| SHA256 | d3c3ca04509fed36cac5f1e62242cf30352fe3173f30af863d3d3c2e78b0a6aa |
| SHA512 | c9e7731633fc7ee27836ab245829be90ced8a94622c1fd67567822f8b21984df7cf2d7244d2ff27e611e4cac25a3fd9cf2cb5ae7c954fa01960c65184a8dad26 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal
| MD5 | ccec4129b7a3d3f62b6488750f120c61 |
| SHA1 | 823404738fa48354cad3aaa0dceb8f4b0c579db7 |
| SHA256 | 746a0667df4b549b408d941829e4d4c0961882b8fde83f5861fd929846f9ee86 |
| SHA512 | 8a1c73dbe095be00a3df1654cd82ae07ebdd0ecdd95013fe0478c93c778299fc3173ba738a58f4e1140b58317cdbb597fe010ccefa5db036725ac62dce17cd66 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal
| MD5 | cbea407a28c58a63e36cb09c7ed31788 |
| SHA1 | c1907bf0f8f207387f8c4c48498f18c719cc3ed5 |
| SHA256 | 5d73888292216e9e0175e4a0a1fe7cd8f338ee71cce7c5b53cb8b75a59933a7c |
| SHA512 | e1295e09ff39bf568bcb43209b2d67f7f6f7178726897954a2ee557a2eda14b27bd510266b1717e9e0e47d8d419b537dfeb999db7a62a25f12f3f6b38e750bfd |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal
| MD5 | ccef0e8130ff1b6bb707b888a4b3c716 |
| SHA1 | e9329ce42571b4134d39a89aadc67e9ae48ff7fa |
| SHA256 | db16f8a7096b2214cc4b39d7ca0aa65707cd5a33eabc1981aa362006c2836bf7 |
| SHA512 | f2a6e48c1d1e323e991c1aba3d42089b68c44d4c525e96c406585220cc4d67746941c97acdffba4a3d9cc1e7064391a5441f0050690b34cfb385657a1303df81 |
/data/data/com.yundu.YaLiMaino1449oApp/files/ofld/ofl_statistics.db-journal
| MD5 | d65a17d9c0bea9bea2920cddd82b8c8e |
| SHA1 | 96be059dd0b6d51db5e74a6116c4b387544086d9 |
| SHA256 | 32d74c026c113b2fbaed590a7addc872a9c5ed30dc6c46887911f51624792aa0 |
| SHA512 | 44fc02571f24a09c6b54ef685948c067b69c8fae6177563758ab5421053d7d37901aea696c738310ac62055226377cace54719e67551569a34549f3b6f99c5f0 |
/data/data/com.yundu.YaLiMaino1449oApp/files/lldt/firll.dat
| MD5 | bafa9f46b305ba8a70fc56c17763a695 |
| SHA1 | 48a38884a9d219e29ce539d6391de6fb00a3357f |
| SHA256 | eddc370fe6045cd17a400493e972f906fcfe2971953d9621b1ea9dfe439a75d0 |
| SHA512 | 20ffc680aa39fb6fc07e0b390fd0162b6e94bb404825df413af864eaab897abce796fa1cb5c1dedfb6521b7304605a1bb2a6481734747f0fea8f09915e9c853b |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | d9e9ca458e2521ae84f2478cb6897b99 |
| SHA1 | 4bf92b1a2a4422e22a72677f389f123bcfae0030 |
| SHA256 | 1dda439880411784c52abbdc6f04e602e478d3f654b376024a0253480d9a0826 |
| SHA512 | a4350ff61c45628b794216fb27f0da0a5914dd03400db20440fc60ae4469fe17abd0067d7e73bcaffd1fcbfa565c77efc49716182615210186c25ab7a7ef5957 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat
| MD5 | 161557b06b4a4d3ce095528dea370eb7 |
| SHA1 | 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f |
| SHA256 | f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4 |
| SHA512 | 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat
| MD5 | 8199b75e895e303d5276523669a28612 |
| SHA1 | c81379b9b219b7f6b79e69dc034490257f64bad7 |
| SHA256 | e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a |
| SHA512 | abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat
| MD5 | 34d7125107f092b2e561258daa857dec |
| SHA1 | 52961c3c1d812598850ae4639ed6a2669ac46c82 |
| SHA256 | 54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1 |
| SHA512 | d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/llg.dat
| MD5 | 31c168cabd8d89a5de2717a4165f820a |
| SHA1 | 623990c0a5ece4ba084c65a73e0bb9bebad79ced |
| SHA256 | b6d08fb556edba36da58ad5d9092cacf5246bf35f991195e88a8fe16a92dac33 |
| SHA512 | f8c403a5048c57f466c0eb72db5a269a8e1bc7a7e4caa671bfa4038c7c3a4b35b3224c8325deb543af3dbd38b591822690fbff4ba9ac6ec2626a5e6989da8ec3 |
/storage/emulated/0/baidu/tempdata/lcvif.dat
| MD5 | df811cdf642a0c87b311615546b03106 |
| SHA1 | b17d666bdaedf79a59e70c13bc3cd85c336ea742 |
| SHA256 | 2451ff2030074f239eb60a7c56792bbee56a62effc47349d87ac77348598baa5 |
| SHA512 | 4f23cb27b698238f7ab3e2631d2f853ab2588aa9d085a5bc79c3efaf392f6ea840c94d347b22bd8ce36d19f17a02c8c7042a7f0dc5c80e5ecac22169fd1e651d |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat
| MD5 | a936690571e9104e1922dda4a0ba5bd1 |
| SHA1 | 65f49c57edde2f96be2a1dbdfc3f7351f1e66554 |
| SHA256 | f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412 |
| SHA512 | 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394 |
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1449oApp/files/baidu/tempdata/yoh.dat
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |