Malware Analysis Report

2025-08-05 10:12

Sample ID 241016-3xwq1stenl
Target 4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118
SHA256 d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1
Tags
banker collection discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d58b783d002062d8ec9b32e3ff089060f0aeb5038efcf6127417271660244fc1

Threat Level: Shows suspicious behavior

The file 4fb6927b3601ac7a98ec2cceaa115474_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Requests cell location

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about active data network

Acquires the wake lock

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 23:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 23:54

Reported

2024-10-16 23:56

Platform

android-x86-arm-20240624-en

Max time kernel

140s

Max time network

147s

Command Line

com.feibo.yizhong

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.feibo.yizhong

com.feibo.yizhong:pushservice

com.feibo.yizhong:remote

Network

Country Destination Domain Proto
US 1.1.1.1:53 api.yizhong.cccwei.com udp
US 1.1.1.1:53 sapi.map.baidu.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
HK 180.76.11.208:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.111:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 180.76.11.229:80 loc.map.baidu.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 180.76.11.229:80 loc.map.baidu.com tcp
HK 180.76.11.229:80 loc.map.baidu.com tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 180.76.11.229:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 15.236.15.186:443 sapi.skyhookwireless.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.101:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.111:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.feibo.yizhong/files/ver.dat

MD5 4445c88dcaf8e79be1894a4d4f1cb617
SHA1 8e12761547c8d234b6026c871a7d6dfebd8571bc
SHA256 236dc8b2fd03445a7817c416a7e724965bd051e28093d39f04af1c7f512de347
SHA512 81af35b4dfa55c6506fa6ddd674cfdae5104a8423f8b9bd1acd6d573dffa46c957c411e55eede90e12e9c513daca39cbff1875c75fe9de4b96762086d8e36220

/data/data/com.feibo.yizhong/files/cfg/a/ResPack.rs

MD5 7e9c5c8da4a5477c0410bc2b0d2a9865
SHA1 322fc0bc448964411d39d4593f95544bc53a5e44
SHA256 886169e003e1ef9427177d6bab2a3755a854b307e39c5f8d2aa08f12c23b6ff5
SHA512 d2c934aae969b9e63c1e695a9358ac7360e976f644031590505e9fa7e73bf80c3e32b3b2666d18405da8e8fc9a88f92201fa4e8fec5de5be5445ceff8adf51bc

/data/data/com.feibo.yizhong/files/cfg/h/DVHotcity.cfg

MD5 883c30365d5d377966125dd0c079debd
SHA1 d296ec1e3f4badb6e3e6166c1473fb55d4265761
SHA256 50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa
SHA512 00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

/data/data/com.feibo.yizhong/files/cfg/l/DVHotcity.cfg

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.feibo.yizhong/files/cfg/h/DVHotMap.cfg

MD5 f7d59341cecca192173e14bc74e073f1
SHA1 7828feb29267982a0393f640d1e7c13c9df57f42
SHA256 bfccf4f9b263e599b6a92e612fcb86315e89409bce5b36b24a510d1aad180e65
SHA512 d9fa97df1bb4d0e824486d2c9d70041f61e89ad0546078fa417fac6ce434af588263f2b3e732548969cce52b81ae26388192e79d9b2fba3b91cf428775c24934

/data/data/com.feibo.yizhong/files/cfg/l/DVHotMap.cfg

MD5 55f5e170f8e068c879cca9f453b9a247
SHA1 8808604b72dd5843b0bb3967f92a3c0a0a6cc032
SHA256 5ce49cea34c7aa6a57a4d632faafc7874acbe378e5da0c0c268ceb3daa0fe229
SHA512 f7ebd58d48d3daddad8c9628a97864aba14cf54d29655fdbe93240ef09ba888e0a45504aba90bbcb5bc1c1a68b9e1d3e1edad1be4cc667eb1ec9bf401ccf117f

/data/data/com.feibo.yizhong/files/cfg/l/DVDirectory.cfg

MD5 26e4a838fadb348ec9e1cad5e5292169
SHA1 881666dfa6feb2efeaf625508f984c8065855e03
SHA256 1f54edde65dfed5af8b8a464ab000cf5df615dcc105172fe90bf5fa182642996
SHA512 cc055d3d9fd66fab768c33193e9d1c57c99cdf450c35b65bcd1b6cd19a876c2577d931ece596ca7fd81b24f7d92c4e55f5fcb0569fcd329edfd3aa715f924ad6

/data/data/com.feibo.yizhong/files/cfg/l/DVVersion.cfg

MD5 d54b7b380a5ff46c78283013a07d8e0f
SHA1 f697c5f7028ba2679a96d6bc5291c38ff96d7982
SHA256 c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c
SHA512 ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

/data/data/com.feibo.yizhong/files/cfg/h/DVDirectory.cfg

MD5 4e9eab735928758b860e48b2f9befd7b
SHA1 7223dfdd00f8059d3b83c28c6f7d78d2dcaa0569
SHA256 1a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4
SHA512 c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599

/data/data/com.feibo.yizhong/files/cfg/h/DVVersion.cfg

MD5 298924848d2517a508f43ff0cc51bd3b
SHA1 b9fcde7b86653ead6deb57280a6049cf87745710
SHA256 0b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b
SHA512 63b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342

/data/data/com.feibo.yizhong/files/cfg/a/mapstyle.sty

MD5 46a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1 915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256 ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512 185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

/data/data/com.feibo.yizhong/files/cfg/a/satellitestyle.sty

MD5 3f1348cd6165c9a66a9892565c917ca1
SHA1 96f0c939438c494cf3fd89246d458e92c0c7203b
SHA256 5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512 405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

/data/data/com.feibo.yizhong/files/cfg/a/trafficstyle.sty

MD5 ffe83f044c9ce66fe9bb874b15d2c859
SHA1 3a30050762fb62707faa857afb95bde08913ac6a
SHA256 8d88186b5094de3b8e7deb86038e991005097aadea668aea2d5d4c6e72d2c114
SHA512 902a739b86d90cc187fa7866f508c036dcc61b36419cd9578ff6345c2516f02f3dbdf68ed49e5402feeedcec45abf430997a2cbc8985c42e8354c40bb500fe78

/storage/emulated/0/baidu/.cuid

MD5 6057076d2f3fb05235b7514540ca276c
SHA1 d6d26d7585ca439b45ccbe5faa0d29353b5a2c05
SHA256 087e60ce534d679c48e85c317d690507f68b89efa1caff396c64d3a9d75c9f5c
SHA512 d6a2542cbb295e652e09c5ccb71ab9e2f6e15e9366e81d20677ab93c7d2c0b9d6de72570bc3cf8026b73a6428ed8e989835c7cf723ecaf5fa1f4e924d0814c2b

/data/data/com.feibo.yizhong/cache/picasso-cache/journal.tmp

MD5 8a4e797ba5f277be243fe050a5bd8b6e
SHA1 389b8199cff7f2953931ab2b65456c290227968c
SHA256 63c26cee8f626350c2083ea52ae9b8a2cd5162885e64498fd8a9292031f59d1f
SHA512 c846f526f98f69ff8793382d99b09f008472b6d962fab3a64b2c8206820ed8784bea93f10f6b4ae64e1a4d5b49af089f3ddcdcdaaa744eb3487b9d86db046db1

/data/data/com.feibo.yizhong/files/umeng_it.cache

MD5 761db243348ce480c261867d20d28610
SHA1 dd7677052f628f0daea5f8441daa153bc4ba7b82
SHA256 839aeabac3f830cbd6617fbdef8dc4b4755a43f748d53b218099ae8f5d0d3df8
SHA512 5dff99aa808104eabc24cf0a64cc86b9703a70f4f25340a0bbab3061fd5a54a81df0e1ff4f99435e7c033ac4e9447db723ba2d112a08aabc825060af4ab36dc5

/data/data/com.feibo.yizhong/databases/pushsdk.db-wal

MD5 52f40bcad55e0eca45703db59d2bc4b9
SHA1 8cf4f7710470ab788dd0a58c9823daa4f55e9f7b
SHA256 67c85052d5d91d67afbfd2335c583b660425435ee7a18576b6a990a1139baae2
SHA512 b39cf02c48130c0976926ec8d2548073f51badec8969fe9d4975e034bbb902f5b242935437f819e6b14d8c0d2892b679be90ab5905cc8e43b553f08b1b98a16a

/storage/emulated/0/yizhong/cache/journal.tmp

MD5 eb62d86fec4d82e18c875e869ebb8842
SHA1 7528d1a9126d1fb4fc07d8fe54aea4b6da6d1f6f
SHA256 849f0e9a8881ec3e0a6b83cdc4928d7448ef8ef20708c3a88f40bf61b1cbd670
SHA512 b4a6262b5a5af722ea81baf8c21333fb78f3321c4a9bb6e13423752fa6a130c89f9e0c2411e34363844d92534e9fc02bbdaa35a12af4fb2bd188ab2fe8459690

/storage/emulated/0/baidu/tempdata/ls.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.feibo.yizhong/files/ofld/ofl_location.db-journal

MD5 5edb18a609a5fa64e1c04b88a57916de
SHA1 3840370ea2bc4343aea8b0955e8322cc342ec74f
SHA256 0ce38f05706054924a28e091c88916411dfe09fc5c9a25d0f9702e3638b6b000
SHA512 3a90547b573421fdd836026ea0c1860f0cb9063381a80b49995315c794839e959e79d2514a3fbf2dad7cc1f7723a390555de86dc6313f0d8f0eb643c06270f9f

/data/data/com.feibo.yizhong/files/ofld/ofl_location.db-wal

MD5 719c3fc84a059b3766d267a3a275161b
SHA1 85234b52c7e4b80589604b2fe86b0db63195a06f
SHA256 cf7afa5c804f482ed334be3d81e389138357e78fe4330b5fca6b059317faa64b
SHA512 1310548f8e8cd7635fd15d6cef97d97fa42601f345de23cca70780776a15f095a1895367e496fa450dc85f5ad569e2bf083c32bf444e952177a2bb447f7dbf82

/data/data/com.feibo.yizhong/files/lldt/firll.dat

MD5 879101d51556de41cb85d17759084118
SHA1 7ed033923b5e28ef6ed107eb2c1b19a98c68df2f
SHA256 db8d96af9a72645d7edb0aa44b674b8abf0b991f1ed1c55f662564b3cc289bec
SHA512 f7c93e25d8b9aef683687499b8d2714989ccee82f285314f9d71687cc0bdee3126ec32c40347dc016cf8f03e9304560c0e98f37643f44d2ee2837515d7aee9c0

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 8350d83d0a9caf4e67b8291ddf8199dc
SHA1 b66fd251744afdb56560d0d352dbb2bb9a7c0ee0
SHA256 4c86a67c7df5c5f6bd6a8d9c0df69ad2eed78426f2411a2d381885fda81d5906
SHA512 9373465c05c291c6fd26609b16787dbae1446ba73a8728e1235ebf742ad8d9d11a504ed271d89f407c86f0347b96323baa8a204c450be9b50d50748c059b49c8

/data/data/com.feibo.yizhong/files/ofld/ofl.config

MD5 bd867ac812f8b47566c7e5261791a707
SHA1 667db86d22754a3eb86e5626963856ea74b6c62b
SHA256 0893921f9bdbcb7acedbf1dc3f500d644ef8aa8e11dd75792133dec3305e6688
SHA512 72444bbcc901dc1ffdc55b6210d571292f8ecdfd376b5da8f8df49388fed838a43655a78583978d5c7eb233bea7b2800d394f0c525c68673a8cb0b15aceb2917

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yom.dat

MD5 3ffdea726a5aba48a6e6f19e75229c8a
SHA1 509de773beccf9604d915ba6928f7644717cfda4
SHA256 3912ae7b891631198ec817bcdab0a663e3e6986e5d692956c033fd83fdf3d2b1
SHA512 df78391f5e2ebd17da827e6a20048b876ec8f781ead2b1431f16e21b9fb019f0c57dd9a087f15318a68f00cbcb558347db3a77ca7df16b5f8a9c027f1564c022

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yom.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yol.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 23:54

Reported

2024-10-16 23:56

Platform

android-33-x64-arm64-20240624-en

Max time kernel

135s

Max time network

139s

Command Line

com.feibo.yizhong

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.feibo.yizhong

com.feibo.yizhong:pushservice

com.feibo.yizhong:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 api.yizhong.cccwei.com udp
US 1.1.1.1:53 sapi.map.baidu.com udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
HK 180.76.11.208:443 sapi.map.baidu.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
CN 183.134.98.111:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
HK 180.76.11.136:80 loc.map.baidu.com tcp
HK 180.76.11.136:80 loc.map.baidu.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 180.76.11.136:80 loc.map.baidu.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
FR 15.236.15.186:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.202:443 remoteprovisioning.googleapis.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 142.250.178.3:443 tcp
GB 142.250.178.3:443 tcp
US 162.159.61.3:443 udp
GB 142.250.178.3:443 udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.187.228:443 udp
CN 183.134.98.111:5224 sdk.open.talk.getui.net tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.111:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.111:5224 sdk.open.talk.gepush.com tcp

Files

/data/user/0/com.feibo.yizhong/files/ver.dat

MD5 3d1b99a108cfbff4713bf1d858a0bc56
SHA1 77393649005d5b2e993d85f5fc6480b0a9d7c527
SHA256 c547e039908cd5b5527169c160ae26b90a3b1c6795f984ee71d951233bd51385
SHA512 1f230b1604f105f61a1ec0f3e18253cc192a864082aa6079236bafd6f30acbc0164e6334068fda513e21377e28fdbfddf2bf6ac14e5a7eee45e6e1b099c598a0

/data/user/0/com.feibo.yizhong/files/cfg/a/ResPack.rs

MD5 1286e76d616974e76a3643a3114af65d
SHA1 978e3456e210d4629b71d63743392695c47e1cb3
SHA256 219d9e84a44aa5fa66da56e153c9b38673e996bfcea69966977208ca6bdfffc0
SHA512 d9729c799b36a7312f2fd54178ba3467ab924732e2f2b951ced40fda79a60aeec4d90beb7e7ed218dbf868e9af242865bdec12aa5613d36bfefba242a53e6712

/data/user/0/com.feibo.yizhong/files/cfg/h/DVHotcity.cfg

MD5 f26f25b3d8f199c763a64445d2fd6a26
SHA1 8adfa6d846d455993df459049a547d7ea4138a45
SHA256 5e9eadee0da357460553f076414e9ded212deca90c24cc48f1cad2913b15feac
SHA512 fd8ecc438cef3f415a5e16c710a27b44f6ab6f567e033949f57a5a280e47ed61d701fc5448d3ba8073816c8054b72352fa12d70765bf28edfd18984cb2e06c66

/data/user/0/com.feibo.yizhong/files/cfg/l/DVHotcity.cfg

MD5 1c6abcbbd253448057930ad1cc59ac75
SHA1 a5845d1c4bc87b8b4785b456d76edcb8309eda4e
SHA256 a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136
SHA512 71aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631

/data/user/0/com.feibo.yizhong/files/cfg/h/DVHotMap.cfg

MD5 4a5738275ba2210055579a5cb2b8f245
SHA1 8684e24b58caa38f49e0e3dc58722d542517020f
SHA256 16969d55c6f0e55c63c8e9a0c98011387ea74d1deb141cae8d781ef910a74eef
SHA512 768e58b37fb90f36df11e66494ad15f059bb7e0bbf7e76e17471babd8bf97d07b6c7974628a944e2f564bfb9dbb188a6192a3c03f32547eb48ea67edf2b95488

/data/user/0/com.feibo.yizhong/files/cfg/l/DVHotMap.cfg

MD5 dec0840e55fea03ec61038fcea390fe0
SHA1 faa917ab7c5a55822274e86cd099bc0a8d873057
SHA256 ec8af3d61b6c9230a276b381adaa79fe132f77391307d4bdb78b20877518d036
SHA512 4246416ffb0dad05e0017d1e2ab0aadcf41daf1697a8964a024f75be07ac16b86083de852bec7146f8dd17090cd918a1c55d35096fdb8d6567634e1b31f74032

/data/user/0/com.feibo.yizhong/files/cfg/l/DVDirectory.cfg

MD5 65685a117c72fe8fbf5a92b07073c99e
SHA1 b115b527f74e4c291edcaab19b316a446aca8f5b
SHA256 19bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8
SHA512 e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253

/data/user/0/com.feibo.yizhong/files/cfg/l/DVVersion.cfg

MD5 cf2cea7e9b08ffeccdad60248f536765
SHA1 61f97840aaf57a7d1c9ce994a5176ccfcdd7188c
SHA256 b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1
SHA512 c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009

/data/user/0/com.feibo.yizhong/files/cfg/h/DVDirectory.cfg

MD5 9e4145050ad63c003ced385ad1fd1e15
SHA1 fcb4b897fe91f80fe069d4e2c5afd32745859474
SHA256 1a11dd1d90c3cbd74e0f06173b6ad520db0a75f132cfcc56c01b4fdaa1701c28
SHA512 89c215b24382882159d97262ba01dc03de6d90cdcce967ced4e33264fb9c16fb8b57b40aac572b1adc4108df07ee8e46f8072f1646aeb5cff4ce0a1a26463247

/data/user/0/com.feibo.yizhong/files/cfg/h/DVVersion.cfg

MD5 dbb3f277995a1569270e6bf107d230b8
SHA1 c4adec10b015b5a9298ac50d39f4f82bd5844f07
SHA256 5e5d3ff1df5d19a952643c271617ffb18aac10f37a8ef17f22964006bf036d9e
SHA512 169aae782be14e09536b9c3a29f1f4fa9e76c374fe3dd42ed3d8ea396f1b41311257b24cfe5e17c99e533af1cea6931c530b87bf30a7b3ae8ba3ea5cd27bb922

/data/user/0/com.feibo.yizhong/files/cfg/a/mapstyle.sty

MD5 46a9f9a5221dbe4ff71bfcd2ee045c5c
SHA1 915cb3bc2f0096dede38afc1cd7f09c8782360a9
SHA256 ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9
SHA512 185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

/data/user/0/com.feibo.yizhong/files/cfg/a/satellitestyle.sty

MD5 3f1348cd6165c9a66a9892565c917ca1
SHA1 96f0c939438c494cf3fd89246d458e92c0c7203b
SHA256 5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a
SHA512 405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

/data/user/0/com.feibo.yizhong/files/cfg/a/trafficstyle.sty

MD5 6a86f30539dfc9332cd235fc48fcb62c
SHA1 5c202003f6346edb85175b8df7c460793f5512c6
SHA256 34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f
SHA512 f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

/data/user/0/com.feibo.yizhong/cache/picasso-cache/journal.tmp

MD5 295e29cf91f97caca2fc29f2e75376a3
SHA1 a9ca3fa80ac9b2590ed590365b045fdc9e8c98bf
SHA256 f2161b4b655008dda0957347ddde1dfac07203d51d1808f2df968773984daf3f
SHA512 0010aa369fd8ffd140bef281fedc742af705cd2a99df671e1913a43df6c8c4d344bd51833588dd8d27e505d52f09c2d5245c2fdf8dcdc667bc4a77d1acceb839

/data/user/0/com.feibo.yizhong/files/umeng_it.cache

MD5 b7e55eaa1f8b788668a6a83efdfcf593
SHA1 68314fa05369b4dbe84454165c0f8c5760d169b7
SHA256 1a5e5c877353d0264f3e94af859cc4da57b3046c75554ba4709887c54aef786c
SHA512 d9921634ed86d1983ee1bcb2573fea1bc81159a20b8801167eb5b513a332bb184dbaddb76928f40468afb64a4cf03a62dad1498c038a7976dc2983da918a72a8

/data/user/0/com.feibo.yizhong/databases/pushsdk.db

MD5 d6bf39c0754d2f6200557ef64fa852a9
SHA1 43ec3de61f43b703f0875773b5e5c78c16561022
SHA256 900b127a967e7f6f349a0f350e622f20abd2b89c8071036f8ebbb2dc4e185340
SHA512 fd58989338fe57590a67a39aeb5fd08230e8b87132c88d951b034b21e1196007b591a0c82098e8a94662cb6ad8accf292839d3f8eff5397313de7602d6bded6b

/data/user/0/com.feibo.yizhong/databases/pushsdk.db-journal

MD5 f8df032b186b8daec21b955238836997
SHA1 6670b787d78d0391ca067ee9d89c1fc99ab248b8
SHA256 0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283
SHA512 97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

/data/user/0/com.feibo.yizhong/databases/pushsdk.db-journal

MD5 bf5732f3cc5d0975fd0ed3bb724d86e8
SHA1 d970e8b2382ed4bc22a59b129700dfe8505ea6fe
SHA256 91f246cd893f498e5b5b3a4a4da653ddb228e660d371a7d434b1cc6da0a646fa
SHA512 73c09e0e1fca1936ab84155f07a82809aa913bceabd3f0e4cce526499d8a69072ca8592dff0d8c6edb3b0036e2a169c9e376efa90ef327f7c0c87dd50b4ab854

/data/user/0/com.feibo.yizhong/databases/pushsdk.db-journal

MD5 6cd63654504b86ccc7c7c87dc3bde98e
SHA1 007488da78856255d572c4368d14d782e0e2a76d
SHA256 c387eba5d6949827389efeb265cec93a48cecb08b706368a107b16a8820dcf36
SHA512 f38eab93894a859f0b31388e1ebd8f8ec45182b6d728e9a57f2de5f3f28e56ccb99a81baeb4afb5f74816828cf29a0b8c87f33b059a372eb49476b2e2eb0cc83

/storage/emulated/0/yizhong/cache/journal.tmp

MD5 42d2ed65ea3ebdf604ba1b1127e1882f
SHA1 2c91b670baca73c8874b3827331731ab57325612
SHA256 0ccaec198e8d1b50268ee8f5000b530f932c4eaa61f51694cb1bb4cab5af4958
SHA512 da10a92d6325c94b627ada59e7e5cad76647466cdd87b7d98cb83f67dcf8a0208d864bffbd16edc4060739f485e6fc13659685855af58494ff3555a9c88051c7

/data/user/0/com.feibo.yizhong/files/ofld/ofl_location.db-journal

MD5 449832116524c14afa3c50afac5b2a62
SHA1 78877d2128f03029a4455cc6fefd0b265b588c22
SHA256 91a27495ca0dadd072a156a4028028a54f89054951a8ba2053e5f6524a3295ed
SHA512 b2a7e6d204a5a5c473000914fcb81cd032c8bcb225862f6c2ab05acbcd36a30b94fe051bc0a898d245880d5d121267b9d198dba0ca11ab275021b1b1392ef98f

/data/user/0/com.feibo.yizhong/files/ofld/ofl_location.db-journal

MD5 e5887f7ab0ba3cdea40223dee8e73858
SHA1 857c8484c7704ce10f77d3cf354ce81605e3a50d
SHA256 85a54d96c5ce69bc7440a2d64bbf568766ec2fbefdecbca72412903ed92183ce
SHA512 9002761f848a4e1a97c62334e225943961d315ded29ebd49ba3904f005e14c91d3e6f2a83bffc67c6536395291a897d341448c77fbdaf2220ef8ea4224db4830

/data/user/0/com.feibo.yizhong/files/ofld/ofl_location.db-journal

MD5 6deb20d802270ef8f7c3c4e485d9235d
SHA1 bc806993b71ce8789c4685ea1bd2c35875ddfcf5
SHA256 ac45059b38c8bbe9221497570d58b11091b181b2e967b6a6a62cf823182a94c3
SHA512 f05826d359625990f36ed79c1833eb47e881956b3a1e16a347f6de31e92c0b9852fce7a0bf0abefdaa63bbf082abfebbb32cb94d681f3c50c47ca7c80090cd1a

/data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

MD5 31318983c987856766f9030449e45210
SHA1 4c3cd9cd8f53a49e3e5cf97766868bc381fdc00e
SHA256 c5f16cf29428d327f40f9cc1ff57af3e0a74cebbeb5acfd177068512dda6fb34
SHA512 ac739961dca585024afbe147d561c385ce0a4339652229fc97698dbf91e5bb258ad645ce1929e906673252fdf39bbb49ab9615bed54b41204bebb13c13873ba2

/data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

MD5 c341bd0dd9587d71f36aafabe2d1ee09
SHA1 39e818a794695b4536311f5b91f657a116e53907
SHA256 55fda8ce6cc3a39873822773df8bb5690494d9dea18c9224ec97c1d7f21f6c29
SHA512 71ad42528d1cb22402cb56fc8e3b7591714274e9ae3c581613163c4c978c6b7e30c5684d1cfb25e26848615a1bf0122fd6e0ae4e27b662597fd88988d3cc0cdf

/data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

MD5 2cc2c15f66650a558f551251c7b8335f
SHA1 7238c905e3ab1cbb69e08d227756ab08c3f4e521
SHA256 d1a2c4f260095220a6879a963704eb0ecee93c16d474f3778c50d6241753f49b
SHA512 97eecc03b9a2247d6f55e22d309da8d1bb29c74f8818bfb3b82c4aeef03ebde28f10e3d9e8e60f7cd798c966267ec1ecf883b9e2d956b70c84289b6fdf105c4a

/data/user/0/com.feibo.yizhong/files/ofld/ofl_statistics.db-journal

MD5 3272259d1d2693b4372176d824d4296b
SHA1 d76e768f05871e4da240e74c77a97948ef77f50e
SHA256 6448b441d75ebc7d2ed19565e9e687b5eafc30a5aead03dafbfff5b8da3944d1
SHA512 2df570e66f190ba3d824ae731ea656aa692ec06261c5e275af35a5bd5dfb4ce16f785d878e92c23326bd3658d37573a57d3d0b035e414ba07959ebe385814000

/data/user/0/com.feibo.yizhong/files/ofld/ofl.config

MD5 07674fc744e677ee0ff687eb31578fec
SHA1 dbdf478b73ac2972fba51b65e97e8c55fcd40e42
SHA256 40f17c80c4fd3b5580a8ea1e0bf4dcb77fb70fb56305726b94fb939230c38d89
SHA512 74e139ee355e48d108fd18552723ec7ae81283bbdf3d0b51a3e9faaccea7208165a649dcdb23c21cf0a2aee3fa51ef36f8993a9b03e1638427678221a22fc759

/data/user/0/com.feibo.yizhong/files/lldt/firll.dat

MD5 a49e31ef1f8f98b5b9314f63d8a8bd28
SHA1 e5f9fe9db80743d04368d84a49448dfe6028116b
SHA256 5e33330cc805b5b87dc0901f77dddf2cba67da0048c5a6a820044c5b139c0e1c
SHA512 76fc692681f8f71da66ae0e28ccac67fbc155291680abfdc44253cf1b2418c83dcb38f07ceda84c637d09fc169c97bd384541eba4018fcb25542ca059b84669a

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/llg.dat

MD5 31a94ddcce9d64723a001aa0c72e39f9
SHA1 0215e5317ee36a565aae69e7e18062d553806b72
SHA256 45df306e688e667b1b92273d73e5fb76ffd31657bed2f8a96ae3e6f23f8b3b10
SHA512 a035dd5ba9e7ff5bd8881c05c03aba660e1d7a4eb85ff26c515a762cde4c74891a43e2626a11b67ade89c3e06d5f5ca4d44125106c70a8a9ec281c06a4cc15e4

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/llg.dat

MD5 14a318c1a115d024ca516c7829b4c753
SHA1 6fe594e38d5618885887650df27a6a355a3c8b80
SHA256 6175586f83035a330a1f66b3635fe3099999161aa1f86b4d0a8dcb8bfe52ba35
SHA512 8efef51931fb0ba6cbe7300a9ae6507ae706fb1933622e324938c69cd43c9ec6f1e702335cb77c3df3efbb294edb6a5f64ffe52772f86fb3c1d2eb32773d4ede

/storage/emulated/0/baidu/tempdata/lcvif.dat

MD5 5477187e90008940c015b9bdbad614d0
SHA1 bb4ee68a9e9f7d1eb996f46ab3774b6864895924
SHA256 1b470687188afa873bb7e6d3dfa15c8637bf2da62fb801c0ce9ce295bd1fbb6c
SHA512 c22a37297a23f62cc208bbeab7e493c77416523933624adb1a797e4e1553b58ad80367755c1b6d9701de4be4c804753307f6b5ca6e3c07d947ad9c09c15e0950

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yoh.dat

MD5 a936690571e9104e1922dda4a0ba5bd1
SHA1 65f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256 f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA512 3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

/storage/emulated/0/Android/data/com.feibo.yizhong/files/baidu/tempdata/yoh.dat

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5