General

Malware Config

Signatures

Files

• iphone-passcode-unlocker.exe

  .exe windows x86

  f565624051940e59e2c1f264bbf35c78

  
  

  Code Sign

  02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2031 00:00

  Subject

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:ee:8a:e2:6a:f9:10:6c:15:69:98:85:f3:61:76:ae

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  03-04-2020 00:00

  Not After

  07-04-2021 12:00

  Subject

  SERIALNUMBER=91440300MA5G2XD041,CN=Shenzhen FoneGeek Software Co.\,Ltd,O=Shenzhen FoneGeek Software Co.\,Ltd,L=深圳市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b7b1e59cb3e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  df:4d:ed:fd:8a:b7:87:63:3e:44:a0:9c:c1:8c:6e:8f:bf:bf:06:7e:fe:03:a5:6c:84:80:81:a6:69:02:24:cb

  Signer

  Actual PE Digest

  df:4d:ed:fd:8a:b7:87:63:3e:44:a0:9c:c1:8c:6e:8f:bf:bf:06:7e:fe:03:a5:6c:84:80:81:a6:69:02:24:cb

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=91440300MA5G2XD041,CN=Shenzhen FoneGeek Software Co.\,Ltd,O=Shenzhen FoneGeek Software Co.\,Ltd,L=深圳市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b7b1e59cb3e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

  01-04-2021 12:52

  Valid: true

  Chain 1

  SERIALNUMBER=91440300MA5G2XD041,CN=Shenzhen FoneGeek Software Co.\,Ltd,O=Shenzhen FoneGeek Software Co.\,Ltd,L=深圳市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b7b1e59cb3e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateFileW

  FlushFileBuffers

  WriteFile

  CloseHandle

  HeapDestroy

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetProcessHeap

  WaitForSingleObject

  ResumeThread

  CreateProcessW

  FindResourceExW

  FreeResource

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GlobalFree

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  InitializeCriticalSection

  ReadConsoleW

  ReadFile

  SetEndOfFile

  GetStringTypeW

  GetTimeZoneInformation

  WriteConsoleW

  SetFilePointerEx

  SetStdHandle

  LCMapStringW

  CompareStringW

  CreateDirectoryW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetFileType

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  GetConsoleMode

  GetConsoleCP

  GetStdHandle

  GetStartupInfoW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  TerminateProcess

  Sleep

  InitializeCriticalSectionAndSpinCount

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  AreFileApisANSI

  GetModuleHandleExW

  ExitProcess

  GetCommandLineW

  ExitThread

  CreateThread

  DeleteFileW

  MoveFileExW

  GetFileAttributesExW

  FileTimeToSystemTime

  SystemTimeToTzSpecificLocalTime

  FindClose

  FindNextFileW

  SetCurrentDirectoryW

  GetUserDefaultUILanguage

  MultiByteToWideChar

  FindResourceW

  lstrcmpiW

  SizeofResource

  LockResource

  LoadResource

  LoadLibraryExW

  GetProcAddress

  GetModuleHandleW

  GetModuleFileNameW

  FreeLibrary

  FlushInstructionCache

  GetCurrentProcess

  DeleteCriticalSection

  InitializeCriticalSectionEx

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  RaiseException

  DecodePointer

  WideCharToMultiByte

  GetPrivateProfileStringW

  FindFirstFileExW

  EncodePointer

  RtlUnwind

  OutputDebugStringW

  IsDebuggerPresent

  VirtualFree

  VirtualAlloc

  IsProcessorFeaturePresent

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  SetEnvironmentVariableA

  InitializeSListHead

  QueryPerformanceCounter

  GetLastError

  user32

  SendMessageW

  UnregisterClassW

  DestroyWindow

  ShowWindow

  CreateDialogParamW

  GetDlgItem

  CharNextW

  LoadStringW

  PostMessageW

  PostQuitMessage

  MoveWindow

  SetWindowPos

  IsWindowVisible

  SetDlgItemTextW

  SetFocus

  SetTimer

  KillTimer

  EnableWindow

  GetSystemMetrics

  GetMessageW

  BeginPaint

  EndPaint

  SetWindowRgn

  PeekMessageW

  SetWindowTextW

  GetWindowTextW

  GetWindowTextLengthW

  GetClientRect

  GetWindowRect

  MessageBoxW

  MessageBeep

  ClientToScreen

  MapWindowPoints

  PtInRect

  GetParent

  GetMonitorInfoW

  GetDlgCtrlID

  GetDC

  ReleaseDC

  SetCursor

  GetCursorPos

  ScreenToClient

  FillRect

  CopyRect

  LoadCursorW

  SetWindowLongW

  GetWindowLongW

  DispatchMessageW

  InvalidateRect

  TranslateMessage

  CallWindowProcW

  UpdateWindow

  DefWindowProcW

  IsDialogMessageW

  LoadImageW

  GetWindow

  MonitorFromWindow

  gdi32

  CreateSolidBrush

  SetTextColor

  SetBkMode

  GetStockObject

  GetCurrentObject

  CreateRoundRectRgn

  SelectObject

  DeleteObject

  DeleteDC

  CreateCompatibleDC

  CreateCompatibleBitmap

  BitBlt

  GetTextMetricsW

  advapi32

  RegOpenKeyExW

  RegSetValueExW

  RegQueryInfoKeyW

  RegCloseKey

  RegEnumKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  shell32

  SHGetMalloc

  Shell_NotifyIconW

  ShellExecuteExW

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  ord165

  SHBrowseForFolderW

  ole32

  CoCreateInstance

  CoTaskMemRealloc

  CoUninitialize

  CoTaskMemFree

  CoInitialize

  CreateStreamOnHGlobal

  CoTaskMemAlloc

  oleaut32

  VarUI4FromStr

  shlwapi

  StrCatW

  PathFindFileNameW

  comctl32

  InitCommonControlsEx

  gdiplus

  GdipDeleteBrush

  GdipFree

  GdipLoadImageFromFile

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipDrawString

  GdipGetFontSize

  GdipDeleteFont

  GdipCreateFont

  GdipGetLineSpacing

  GdipGetEmHeight

  GdipDeleteFontFamily

  GdipCreateFontFamilyFromName

  GdipFillRectangleI

  GdipDrawRectangleI

  GdipLoadImageFromStream

  GdipDeletePen

  GdipCreatePen1

  GdipCreateSolidFill

  GdiplusShutdown

  GdiplusStartup

  GdipDrawImageRectI

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipDisposeImage

  GdipCloneImage

  GdipAlloc

  winhttp

  WinHttpConnect

  WinHttpReadData

  WinHttpOpenRequest

  WinHttpAddRequestHeaders

  WinHttpSendRequest

  WinHttpReceiveResponse

  WinHttpQueryHeaders

  WinHttpOpen

  wininet

  InternetConnectW

  InternetOpenW

  InternetReadFile

  InternetQueryOptionW

  InternetSetOptionW

  HttpOpenRequestW

  HttpAddRequestHeadersW

  HttpSendRequestW

  HttpQueryInfoW

  InternetGetConnectedState

  InternetCloseHandle

  Sections

  .text

  Size: 134KB - Virtual size: 133KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 38KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 633KB - Virtual size: 632KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ