ziphone[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ziphone.zip
Size

44.3MB
MD5

00e547c67fd443805efcfdd06c58b60d
SHA1

faefbf25fea7bc9dbf018755756aad91c2b36004
SHA256

ed8ccec8c7c908dd8dca5ca321fbec27d429e239743e8eab8125a4e222852969
SHA512

25307f4b7411c98ce1e54e8539e38ed8045a5278b8a020d625c1037256395f0d4480638e5d497bcd0884a60ea3446e5f8c58c43b5b3a7ed20ac7aa93e64e4163
SSDEEP

393216:qSDhmg5v6FNn6YXJltlLZCx8xafBE/oEgcmKqFnpIEYiJ1bWSYDt:qSDhmg5SXxhZxaf9r9B+l

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ziphone/ComponentFactory.Krypton.Toolkit.dll
unpack001/ziphone/QTMLClient.dll
unpack001/ziphone/ZiPhoneGUI.exe
unpack001/ziphone/iTunesMobileDevice.dll
unpack001/ziphone/no/ZiPhoneGUI.resources.dll
unpack001/ziphone/ziphone.exe

Files

ziphone.zip
.zip
ziphone/ACTIVATE JAILBREAK IPHONE.bat
ziphone/ComponentFactory.Krypton.Toolkit.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ziphone/Configuration.xml
ziphone/ENTER DFU MODE.bat
ziphone/I WANT THE Z ICON BACK.bat
ziphone/Inga.dat
.zip
ziphone/JAILBREAK IPHONE IPOD.bat
ziphone/QTMLClient.dll
.dll windows:4 windows x86

2a9965855ab18094b473d2a229820c74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
ExitProcess
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
GetVersionExA
GetCommandLineA
GetOEMCP
GlobalFree
GlobalAlloc
FreeLibrary
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetSystemDirectoryA
GetFileAttributesA
GetCurrentThreadId

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

AbortPrePrerollMovie
ActivatePalette
AddCallBackToTimeBase
AddClonedTrackToMovie
AddComp
AddEmptyTrackToMovie
AddFilePreview
AddImageDescriptionExtension
AddMediaDataRef
AddMediaSample
AddMediaSample2
AddMediaSampleFromEncodedFrame
AddMediaSampleReference
AddMediaSampleReferences
AddMediaSampleReferences64
AddMovieExecuteWiredActionsProc
AddMovieResource
AddMovieSelection
AddMovieToStorage
AddPt
AddResource
AddSampleTableEntriesToMedia
AddSampleTableToMedia
AddSearch
AddSoundDescriptionExtension
AddTime
AddTrackReference
AddUserData
AddUserDataText
AdjustMediaDisplayEndTimeToDecodeDuration
Alert
AlignScreenRect
AlignWindow
AllowPurgePixels
AngleFromSlope
AppendDITL
AppendResMenu
ApplicationZone
AttachMovieToCurrentThread
AttachTimeBaseToCurrentThread
AudioChannelLayoutContainsDuplicateDescriptions
AudioChannelLayoutExpandIfPossible
AudioChannelLayoutsAreEquivalent
AudioGetBass
AudioGetInfo
AudioGetMute
AudioGetOutputDevice
AudioGetTreble
AudioGetVolume
AudioMuteOnEvent
AudioSetBass
AudioSetMute
AudioSetToDefaults
AudioSetTreble
AudioSetVolume
BackColor
BackPat
BackPixPat
BeginFullScreen
BeginMediaEdits
BeginUpdate
BitAnd
BitClr
BitMapToRegion
BitNot
BitOr
BitSet
BitShift
BitTst
BitXor
BlockMove
BlockMoveData
BogusDispatcher
BringToFront
Button
CDSequenceBusy
CDSequenceChangedSourceData
CDSequenceDisposeDataSource
CDSequenceDisposeMemory
CDSequenceEnd
CDSequenceEquivalentImageDescription
CDSequenceEquivalentImageDescriptionS
CDSequenceFlush
CDSequenceGetDataSource
CDSequenceInvalidate
CDSequenceNewDataSource
CDSequenceNewMemory
CDSequenceSetSourceData
CDSequenceSetSourceDataQueue
CDSequenceSetTimeBase
CFAllocatorAllocate
CFAllocatorCreate
CFAllocatorDeallocate
CFAllocatorGetContext
CFAllocatorGetDefault
CFAllocatorGetPreferredSizeForSize
CFAllocatorGetTypeID
CFAllocatorReallocate
CFAllocatorSetDefault
CFArrayAppendArray
CFArrayAppendValue
CFArrayApplyFunction
CFArrayBSearchValues
CFArrayContainsValue
CFArrayCreate
CFArrayCreateCopy
CFArrayCreateMutable
CFArrayCreateMutableCopy
CFArrayExchangeValuesAtIndices
CFArrayGetCount
CFArrayGetCountOfValue
CFArrayGetFirstIndexOfValue
CFArrayGetLastIndexOfValue
CFArrayGetTypeID
CFArrayGetValueAtIndex
CFArrayGetValues
CFArrayInsertValueAtIndex
CFArrayRemoveAllValues
CFArrayRemoveValueAtIndex
CFArrayReplaceValues
CFArraySetValueAtIndex
CFArraySortValues
CFBooleanGetTypeID
CFBooleanGetValue
CFCopyDescription
CFCopyTypeIDDescription
CFDataAppendBytes
CFDataCreate
CFDataCreateCopy
CFDataCreateMutable
CFDataCreateMutableCopy
CFDataCreateWithBytesNoCopy
CFDataDeleteBytes
CFDataGetBytePtr
CFDataGetBytes
CFDataGetLength
CFDataGetMutableBytePtr
CFDataGetTypeID
CFDataIncreaseLength
CFDataReplaceBytes
CFDataSetLength
CFDictionaryAddValue
CFDictionaryApplyFunction
CFDictionaryContainsKey
CFDictionaryContainsValue
CFDictionaryCreate
CFDictionaryCreateCopy
CFDictionaryCreateMutable
CFDictionaryCreateMutableCopy
CFDictionaryGetCount
CFDictionaryGetCountOfKey
CFDictionaryGetCountOfValue
CFDictionaryGetKeysAndValues
CFDictionaryGetTypeID
CFDictionaryGetValue
CFDictionaryGetValueIfPresent
CFDictionaryRemoveAllValues
CFDictionaryRemoveValue
CFDictionaryReplaceValue
CFDictionarySetValue
CFEqual
CFGetAllocator
CFGetRetainCount
CFGetTypeID
CFHash
CFNullGetTypeID
CFNumberCompare
CFNumberCreate
CFNumberGetByteSize
CFNumberGetType
CFNumberGetTypeID
CFNumberGetValue
CFNumberIsFloatType
CFRelease
CFRetain
CFShow
CFShowStr
CFStringAppend
CFStringAppendCString
CFStringAppendCharacters
CFStringAppendFormatAndArguments
CFStringAppendPascalString
CFStringCapitalize
CFStringCompare
CFStringCompareWithOptions
CFStringConvertEncodingToIANACharSetName
CFStringConvertEncodingToNSStringEncoding
CFStringConvertEncodingToWindowsCodepage
CFStringConvertIANACharSetNameToEncoding
CFStringConvertNSStringEncodingToEncoding
CFStringConvertWindowsCodepageToEncoding
CFStringCreateArrayBySeparatingStrings
CFStringCreateArrayWithFindResults
CFStringCreateByCombiningStrings
CFStringCreateCopy
CFStringCreateExternalRepresentation
CFStringCreateFromExternalRepresentation
CFStringCreateMutable
CFStringCreateMutableCopy
CFStringCreateMutableWithExternalCharactersNoCopy
CFStringCreateWithBytes
CFStringCreateWithCString
CFStringCreateWithCStringNoCopy
CFStringCreateWithCharacters
CFStringCreateWithCharactersNoCopy
CFStringCreateWithFormatAndArguments
CFStringCreateWithPascalString
CFStringCreateWithPascalStringNoCopy
CFStringCreateWithSubstring
CFStringDelete
CFStringFind
CFStringFindAndReplace
CFStringFindCharacterFromSet
CFStringFindWithOptions
CFStringGetBytes
CFStringGetCString
CFStringGetCStringPtr
CFStringGetCharacterAtIndex
CFStringGetCharacters
CFStringGetCharactersPtr
CFStringGetDoubleValue
CFStringGetFastestEncoding
CFStringGetIntValue
CFStringGetLength
CFStringGetLineBounds
CFStringGetListOfAvailableEncodings
CFStringGetMaximumSizeForEncoding
CFStringGetMostCompatibleMacStringEncoding
CFStringGetNameOfEncoding
CFStringGetPascalString
CFStringGetPascalStringPtr
CFStringGetRangeOfComposedCharactersAtIndex
CFStringGetSmallestEncoding
CFStringGetSystemEncoding
CFStringGetTypeID
CFStringHasPrefix
CFStringHasSuffix
CFStringInsert
CFStringIsEncodingAvailable
CFStringLowercase
CFStringNormalize
CFStringPad
CFStringReplace
CFStringReplaceAll
CFStringSetExternalCharactersNoCopy
CFStringTrim
CFStringTrimWhitespace
CFStringUppercase
CFURLCanBeDecomposed
CFURLCopyAbsoluteURL
CFURLCopyFileSystemPath
CFURLCopyFragment
CFURLCopyHostName
CFURLCopyLastPathComponent
CFURLCopyNetLocation
CFURLCopyParameterString
CFURLCopyPassword
CFURLCopyPath
CFURLCopyPathExtension
CFURLCopyQueryString
CFURLCopyResourceSpecifier
CFURLCopyScheme
CFURLCopyStrictPath
CFURLCopyUserName
CFURLCreateCopyAppendingPathComponent
CFURLCreateCopyAppendingPathExtension
CFURLCreateCopyDeletingLastPathComponent
CFURLCreateCopyDeletingPathExtension
CFURLCreateData
CFURLCreateDataAndPropertiesFromResource
CFURLCreateFromFSRef
CFURLCreateFromFileSystemRepresentation
CFURLCreateFromFileSystemRepresentationRelativeToBase
CFURLCreatePropertyFromResource
CFURLCreateStringByAddingPercentEscapes
CFURLCreateStringByReplacingPercentEscapes
CFURLCreateStringByReplacingPercentEscapesUsingEncoding
CFURLCreateWithBytes
CFURLCreateWithFileSystemPath
CFURLCreateWithFileSystemPathRelativeToBase
CFURLCreateWithString
CFURLDestroyResource
CFURLGetBaseURL
CFURLGetByteRangeForComponent
CFURLGetBytes
CFURLGetFSRef
CFURLGetFileSystemRepresentation
CFURLGetPortNumber
CFURLGetString
CFURLGetTypeID
CFURLHasDirectoryPath
CFURLWriteDataAndPropertiesToResource
CSMemDisposeHandle
CSMemDisposePtr
CSMemEmptyHandle
CSMemGetHandleSize
CSMemGetPtrSize
CSMemHGetState
CSMemHLock
CSMemHNoPurge
CSMemHPurge
CSMemHSetState
CSMemHUnlock
CSMemHandAndHand
CSMemHandToHand
CSMemMunger
CSMemNewEmptyHandle
CSMemNewHandle
CSMemNewHandleClear
CSMemNewPtr
CSMemNewPtrClear
CSMemPtrAndHand
CSMemPtrToHand
CSMemPtrToXHand
CSMemReallocateHandle
CSMemRecoverHandle
CSMemSetHandleSize
CSMemSetPtrSize
CTab2Palette
CTabChanged
CalcCMask
CalcMask
CalcMenuSize
CallComponent
CallComponentCanDo
CallComponentClose
CallComponentExecuteWiredAction
CallComponentFunctionWithStorage
CallComponentGetMPWorkFunction
CallComponentGetPublicResource
CallComponentOpen
CallComponentRegister
CallComponentTarget
CallComponentUnregister
CallComponentVersion
CallMeWhen
CanQuickTimeOpenDataRef
CanQuickTimeOpenFile
CancelCallBack
CaptureComponent
CautionAlert
ChangedResource
CharByte
CharType
CharWidth
CharacterByteType
CharacterType
CheckItem
CheckQuickTimeRegistration
ChooseMovieClock
ClearMenuBar
ClearMovieChanged
ClearMovieSelection
ClearMoviesStickyError
ClipRect
ClockCallMeWhen
ClockCancelCallBack
ClockDisposeCallBack
ClockGetRate
ClockGetRateChangeConstraints
ClockGetTime
ClockGetTimesForRateChange
ClockNewCallBack
ClockRateChanged
ClockSetTimeBase
ClockStartStopChanged
ClockTimeChanged
CloneRgn
CloseCPort
CloseComponent
CloseComponentResFile
CloseDialog
CloseMixerSoundComponent
CloseMovieFile
CloseMovieStorage
ClosePicture
ClosePoly
ClosePort
CloseResFile
CloseRgn
CodecManagerVersion
Color2Index
ColorBit
Comp3to1
Comp6to1
CompAdd
CompCompare
CompDiv
CompFixMul
CompMul
CompMulDiv
CompMulDivTrunc
CompNeg
CompShift
CompSquareRoot
CompSub
CompactMem
CompactMemSys
ComponentFunctionImplemented
ComponentSetTarget
CompressImage
CompressPicture
CompressPictureFile
CompressSequenceBegin
CompressSequenceFrame
ConcatMatrix
ConvertDataRefToMovieDataRef
ConvertFileToMovieFile
ConvertImage
ConvertMovieToDataRef
ConvertMovieToFile
ConvertTime
ConvertTimeScale
ConvertTimeToClockTime
CopyBits
CopyBitsGDI
CopyDeepMask
CopyMask
CopyMatrix
CopyMediaMutableSampleTable
CopyMediaUserData
CopyMovieSelection
CopyMovieSettings
CopyMovieUserData
CopyMutableSampleTableFromMediaEntries
CopyPalette
CopyPixMap
CopyPixPat
CopyTrackSettings
CopyTrackUserData
CopyUserData
CoreAudioErrToMacErr
Count1Resources
Count1Types
CountComponentInstances
CountComponents
CountDITL
CountImageDescriptionExtensionType
CountMItems
CountResources
CountTypes
CountUserDataType
CreateChannelLayoutForUnmarkedAudio
CreateMovieControl
CreateMovieFile
CreateMovieFileUnicode
CreateMovieStorage
CreatePortAssociation
CreateShortcutMovieFile
CurResFile
CurveAddAtomToVectorStream
CurveAddPathAtomToVectorStream
CurveAddZeroAtomToVectorStream
CurveCountPointsInPath
CurveCreateVectorStream
CurveGetAtomDataFromVectorStream
CurveGetLength
CurveGetNearestPathPoint
CurveGetPathPoint
CurveInsertPointIntoPath
CurveLengthToPoint
CurveNewPath
CurvePathPointToLength
CurveSetPathPoint
CustomGetFile
CustomGetFilePreview
CustomPutFile
CutMovieSelection
DTInstall
DataCodecBeginInterruptSafe
DataCodecCompress
DataCodecCompressPartial
DataCodecDecompress
DataCodecDecompressPartial
DataCodecEndInterruptSafe
DataCodecGetCompressBufferSize
DataHAddMovie
DataHAppend64
DataHCanUseDataRef
DataHCloseForRead
DataHCloseForWrite
DataHCompareDataRef
DataHCreateFile
DataHCreateFileWithFlags
DataHDeleteFile
DataHDoesBuffer
DataHFinishData
DataHFlushCache
DataHFlushData
DataHGetAvailableFileSize
DataHGetAvailableFileSize64
DataHGetCacheSizeLimit
DataHGetData
DataHGetDataAvailability
DataHGetDataAvailability64
DataHGetDataInBuffer
DataHGetDataRate
DataHGetDataRef
DataHGetDataRefAsType
DataHGetDataRefExtension

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ziphone/UNLOCK ACTIVATE JAILBREAK IPHONE.bat
ziphone/ZiPhoneGUI.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ziphone/dfu.dat
ziphone/docs/PLUGIN_HOWTO.txt
ziphone/docs/README.txt
ziphone/docs/TROUBLESHOOTING.txt
ziphone/iTunesMobileDevice.dll
.dll windows:4 windows x86

c847bd810fd810029a63c6792332dc3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wsock32

connect
ioctlsocket
setsockopt
WSASetLastError
select
inet_ntoa
recv
closesocket
send
ntohl
htonl
htons
WSAStartup
WSACleanup
WSAGetLastError
socket
shutdown

ws2_32

WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

kernel32

CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
GetFileAttributesExA
CloseHandle
CreateFileA
WriteFile
ReadFile
OutputDebugStringA
WideCharToMultiByte
FindNextFileW
FindFirstFileW
MultiByteToWideChar
FindClose
GetSystemTimeAsFileTime
FlushFileBuffers
EnterCriticalSection
SetFilePointer
DeleteCriticalSection
GetCurrentThreadId
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
CreateEventW
DeviceIoControl
WaitForSingleObject
CreateFileW
GetOverlappedResult
GetLastError
GetProcAddress
CreateThread
SleepEx
GetModuleHandleW
LockResource
SetEnvironmentVariableA
GetModuleHandleA
GetVersionExW
SetErrorMode
FindResourceW
FreeLibrary
LoadResource
SetThreadPriority
Sleep
GetFileSize
TryEnterCriticalSection
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
SetLastError
GlobalFree
GlobalAlloc
GetModuleFileNameA
ReleaseMutex
CreateMutexA
GetSystemDirectoryA
RtlUnwind
GetConsoleMode
GetCurrentProcess
GetConsoleCP
HeapSize
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
FindNextFileA
CreateDirectoryA
DeleteFileA
ReadConsoleInputA
PeekConsoleInputA
SetConsoleMode
GetNumberOfConsoleInputEvents
CreateNamedPipeA
ConnectNamedPipe
SetNamedPipeHandleState
CreateProcessA
GetEnvironmentVariableA
LoadLibraryW
GetStringTypeA
TerminateProcess
SetCurrentDirectoryA
GetStringTypeW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitThread
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
GetLocalTime
GetFileInformationByHandle
PeekNamedPipe
GetTimeZoneInformation
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
SetConsoleCtrlHandler
GetFileAttributesA
SetHandleCount
GetStartupInfoA
ExitProcess
FatalAppExitA
GetFullPathNameA
GetCurrentDirectoryA
HeapDestroy

user32

wsprintfA
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
RegisterClassW
SetPropW
SendMessageW
GetMessageW
PostQuitMessage
UnregisterDeviceNotification
GetPropW
UnregisterClassW
DefWindowProcW
MsgWaitForMultipleObjects
DispatchMessageW
DestroyWindow
CreateWindowExW
RegisterDeviceNotificationW

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

RegQueryValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetUserNameA
RegOpenKeyExA

shell32

SHGetFolderPathA
SHGetFolderPathAndSubDirW

Exports

Exports

AFCConnectionClose
AFCConnectionGetContext
AFCConnectionGetFSBlockSize
AFCConnectionGetIOTimeout
AFCConnectionGetSocketBlockSize
AFCConnectionOpen
AFCConnectionSetContext
AFCConnectionSetFSBlockSize
AFCConnectionSetFatalError
AFCConnectionSetIOTimeout
AFCConnectionSetSocketBlockSize
AFCDeviceInfoOpen
AFCDirectoryClose
AFCDirectoryCreate
AFCDirectoryOpen
AFCDirectoryRead
AFCDiscardBodyData
AFCDiscardData
AFCErrnoToAFCError
AFCFileInfoOpen
AFCFileRefClose
AFCFileRefLock
AFCFileRefOpen
AFCFileRefRead
AFCFileRefSeek
AFCFileRefSetFileSize
AFCFileRefTell
AFCFileRefUnlock
AFCFileRefWrite
AFCFlushData
AFCGetClientVersionString
AFCGetDeviceInfo
AFCGetFileInfo
AFCInitHeader
AFCKeyValueClose
AFCKeyValueRead
AFCLockCreate
AFCLockFree
AFCLockLock
AFCLockTryLock
AFCLockUnlock
AFCParseDataPacketHeader
AFCParseStatusPacket
AFCReadData
AFCReadPacket
AFCReadPacketBody
AFCReadPacketHeader
AFCRemovePath
AFCRenamePath
AFCSendData
AFCSendDataPacket
AFCSendHeader
AFCSendPacket
AFCSendStatus
AFCStringBufferAlloc
AFCStringBufferAppend
AFCStringBufferFree
AFCStringCopy
AFCValidateHeader
AMDFUModeDeviceGetLocationID
AMDFUModeDeviceGetProductID
AMDFUModeDeviceGetProductType
AMDFUModeDeviceGetProgress
AMDFUModeDeviceGetTypeID
AMDListenForNotifications
AMDObserveNotification
AMDPostNotification
AMDShutdownNotificationProxy
AMDeviceActivate
AMDeviceConnect
AMDeviceCopyDeviceIdentifier
AMDeviceCopyValue
AMDeviceDeactivate
AMDeviceDisconnect
AMDeviceEnterRecovery
AMDeviceGetConnectionID
AMDeviceIsPaired
AMDeviceNotificationGetThreadHandle
AMDeviceNotificationSubscribe
AMDeviceNotificationUnsubscribe
AMDevicePair
AMDeviceRelease
AMDeviceRemoveValue
AMDeviceRetain
AMDeviceSetValue
AMDeviceSoftwareUpdate
AMDeviceStartService
AMDeviceStartSession
AMDeviceStopSession
AMDeviceValidatePairing
AMRecoveryModeDeviceGetLocationID
AMRecoveryModeDeviceGetProductID
AMRecoveryModeDeviceGetProductType
AMRecoveryModeDeviceGetProgress
AMRecoveryModeDeviceGetTypeID
AMRestoreCreateBootArgsByAddingArg
AMRestoreCreateBootArgsByRemovingArg
AMRestoreCreateDefaultOptions
AMRestoreCreatePathsForBundle
AMRestoreDisableFileLogging
AMRestoreEnableFileLogging
AMRestoreModeDeviceCopyRestoreLog
AMRestoreModeDeviceCopySerialNumber
AMRestoreModeDeviceCreate
AMRestoreModeDeviceGetDeviceID
AMRestoreModeDeviceGetLocationID
AMRestoreModeDeviceGetProgress
AMRestoreModeDeviceGetTypeID
AMRestorePerformDFURestore
AMRestorePerformRecoveryModeRestore
AMRestorePerformRestoreModeRestore
AMRestoreRegisterForDeviceNotifications
AMRestoreSetLogLevel
AMSBackup
AMSBeginSync
AMSCancelBackupRestore
AMSCancelCrashReportCopy
AMSCancelSync
AMSCleanup
AMSConnectToCrashReportCopyTarget
AMSCopyAndSubmitCrashLogs
AMSCopyAndSubmitCrashLogsFromTarget
AMSCopyCrashReportPath
AMSCopyCrashReportsFromTarget
AMSDisconnectFromCrashReportCopyTarget
AMSGetApplicationProviderInfo
AMSGetCalendarDayLimit
AMSGetClientIdentifierAndDisplayNameForTarget
AMSGetCollectionsForDataClassName
AMSGetConflictInformation
AMSGetConflictInformationForIdentifiers
AMSGetCrashReportCopyPreferencesForTarget
AMSGetDCAChangeInformation
AMSGetDataChangeAlertInfo
AMSGetDataClassInfoForTarget
AMSGetLastSyncDateForDataClass
AMSGetNewRecordCalendarName
AMSGetNumberOfCrashReportsToCopy
AMSGetNumberOfCrashReportsToSubmit
AMSGetSourcesForRestore
AMSGetSupportedDataClassNames
AMSInitialize
AMSRefreshCollectionsForDataClassName
AMSRegisterCallbacks
AMSRegisterClientWithTargetIdentifierAndDisplayName
AMSResetSyncData
AMSRestore
AMSSetCalendarDayLimit
AMSSetConflictWinners
AMSSetCrashReportCopyPreferencesForTarget
AMSSetDataChangeAlertInfo
AMSSetDataClassInfoForTarget
AMSSetDesignatedProviderForDataClassName
AMSSetFilteredCollectionNamesForDataClassName
AMSSetNewRecordCalendarName
AMSSubmitCrashReportsFromTarget
AMSSyncConflictsSelections
AMSUnregisterTarget
ASRServerHandleConnection
USBMuxConnectByPort
USBMuxListenForDevices
USBMuxListenerClose
USBMuxListenerCreate
USBMuxListenerGetEvent
USBMuxListenerGetFD
USBMuxListenerHandleData
USBMuxListenerSetDebug
YahooConduitCopyYahooID
YahooConduitIsTokenValid
YahooConduitLastSyncError
YahooConduitRegister
YahooConduitUnregister
kAMDMobileDeviceVersionNumber
kLDErrorInvalidResponse
lockdown_activate
lockdown_connection_create
lockdown_connection_destroy
lockdown_get_value
lockdown_goodbye
lockdown_pair
lockdown_remove_value
lockdown_service_start
lockdown_session_start
lockdown_session_stop
lockdown_set_value

Sections

.text
Size: 800KB - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ziphone/igor.dat
ziphone/no/ZiPhoneGUI.resources.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ziphone/zibri.dat
ziphone/ziphone.exe
.exe windows:4 windows x86

261a8701347dc176bc813d0ee8090b48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CreateSemaphoreA
ExitProcess
FindAtomA
GetAtomNameA
GetLastError
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

msvcrt

_fdopen
_fstat
_read
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_filelengthi64
_fstati64
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
abort
atexit
exit
fclose
fflush
fgetpos
fopen
fprintf
fread
free
fsetpos
fwrite
getc
getenv
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
setlocale
setvbuf
signal
strcat
strcmp
strcoll
strcpy
strftime
strlen
strncpy
strtod
strxfrm
ungetc

qtmlclient

CFStringCreateWithCString
QTGetCFConstant
__CFStringMakeConstantString

itunesmobiledevice

AFCConnectionOpen
AFCFileRefClose
AFCFileRefOpen
AFCFileRefWrite
AMDeviceConnect
AMDeviceEnterRecovery
AMDeviceIsPaired
AMDeviceNotificationSubscribe
AMDeviceStartService
AMDeviceStartSession
AMDeviceValidatePairing
AMRestoreRegisterForDeviceNotifications

Sections

.text
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.sdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 12B

2a9965855ab18094b473d2a229820c74

Headers

File Characteristics

Imports

kernel32

version

user32

advapi32

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 848B

.reloc Size: 20KB - Virtual size: 17KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 159KB - Virtual size: 159KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

c847bd810fd810029a63c6792332dc3c

Headers

File Characteristics

Imports

version

wsock32

ws2_32

setupapi

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 800KB - Virtual size: 796KB

.rdata Size: 152KB - Virtual size: 149KB

.data Size: 52KB - Virtual size: 79KB

.rsrc Size: 4KB - Virtual size: 1020B

.reloc Size: 48KB - Virtual size: 46KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 4KB - Virtual size: 12B

261a8701347dc176bc813d0ee8090b48

Headers

File Characteristics

Imports

kernel32

msvcrt

qtmlclient

.text
Size: 1.3MB - Virtual size: 1.3MB

.sdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 848B

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 159KB - Virtual size: 159KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 800KB - Virtual size: 796KB

.rdata
Size: 152KB - Virtual size: 149KB

.data
Size: 52KB - Virtual size: 79KB

.rsrc
Size: 4KB - Virtual size: 1020B

.reloc
Size: 48KB - Virtual size: 46KB

.text
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 271KB - Virtual size: 271KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 16KB - Virtual size: 16KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 900B