000563c80519cadfc6364c99d7cde6120ca8a87edb6e8115883d2ac37fe54930

Sharing

Copy URL Twitter E-mail

General

Target

000563c80519cadfc6364c99d7cde6120ca8a87edb6e8115883d2ac37fe54930
Size

1.1MB
MD5

de5cb31c5736212e14fb91509eb7fda7
SHA1

725d5add7be5f02e53b0353e95e904d18422304b
SHA256

000563c80519cadfc6364c99d7cde6120ca8a87edb6e8115883d2ac37fe54930
SHA512

ba76b6af8b6d1178358a9ce943ec560c79f226000f3fc1502301453571bd2637dbe7819a27649cf94094d1f53d72a6fc83e15ade9074531d7a46e4caf989b2c2
SSDEEP

24576:JGz5Ui3uCzAgBTvNvHl0A2aQOb8e/XLUEW9tLGCPZ8DkBj7+g8:JnxcHr28vidPZ8Dqj7K

Score

1^/10

Malware Config

Signatures

Files

000563c80519cadfc6364c99d7cde6120ca8a87edb6e8115883d2ac37fe54930
.dll windows:6 windows x86 arch:x86

b68d6d523becee3f5fe0dfc92255c078

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:a9:3b:b5:68:f0:c4:21:db:df:a7:85:d6:8c:4a:7f
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

08/07/2021, 03:56

Not After

08/07/2022, 03:56

Subject

SERIALNUMBER=91440300MA5G5BRD6X,CN=Mobitrix Technology Co.\, Ltd,O=Mobitrix Technology Co.\, Ltd,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:22

Not After

29/12/2040, 23:59

Subject

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:d9:f2:db:51:3c:22:67:fd:47:9c:36:07:3f:7b:1d
Certificate

Issuer

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Not Before

14/05/2021, 00:00

Not After

14/08/2032, 00:00

Subject

CN=Entrust Timestamp Authority - TSA2,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:83:31:f1:bc:01:4b:b8:57:76:b3:b1:9f:5b:4c:3a:31:d2:4d:37:de:76:48:55:81:50:df:d2:90:b8:36:c7
Signer

Actual PE Digest

37:83:31:f1:bc:01:4b:b8:57:76:b3:b1:9f:5b:4c:3a:31:d2:4d:37:de:76:48:55:81:50:df:d2:90:b8:36:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\whatsapp\work\git\whatsapptransfer\build\Release\iDeviceComm.pdb

Imports

kernel32

GetModuleFileNameA
GetCurrentProcess
TerminateProcess
CreateMutexA
GetModuleHandleA
MultiByteToWideChar
QueryPerformanceFrequency
SetFileAttributesA
GetProcAddress
CreateThread
GetCurrentProcessId
QueryPerformanceCounter
GetFileAttributesA
ReleaseMutex
GetStdHandle
GetFileType
WriteFile
FlushConsoleInputBuffer
GetTickCount
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
SetLastError
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
CloseHandle
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
FormatMessageA
EnterCriticalSection
ExitProcess
GetCurrentThreadId
CreateDirectoryA
GetDiskFreeSpaceExA
RemoveDirectoryA
DeleteFileA
GetLastError
Sleep
InitializeSListHead

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memset
memchr
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
strstr
memcmp
__std_exception_destroy
__CxxFrameHandler3
memcpy
memmove
wcsstr
__std_exception_copy
strchr
_purecall
strrchr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_wassert
strerror
signal
perror
_initterm_e
_exit
abort
_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
raise

api-ms-win-crt-stdio-l1-1-0

setbuf
ferror
fwrite
fgets
fclose
__acrt_iob_func
fread
__stdio_common_vfprintf
feof
__stdio_common_vsscanf
fflush
fopen
ftell
fseek
_fileno
fputs
rewind
__stdio_common_vsprintf
_setmode
_wfopen

api-ms-win-crt-string-l1-1-0

isupper
isxdigit
isspace
_stricmp
strcmp
_strnicmp
isdigit
tolower
strncmp
toupper
_strdup
strncpy

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
calloc
realloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoull
atof
atoll
atoi
atol
strtol
strtoul

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-filesystem-l1-1-0

_access
rename
_stat64i32
_findclose
_fullpath
_stat64
_findnext64i32
_findfirst64i32

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_localtime64
strftime

api-ms-win-crt-math-l1-1-0

fmin
_dclass

api-ms-win-crt-conio-l1-1-0

_getch

iphlpapi

GetAdaptersAddresses
ConvertLengthToIpv4Mask

ws2_32

htons
getsockopt
WSAGetLastError
WSASetLastError
ioctlsocket
freeaddrinfo
closesocket
recv
select
setsockopt
ntohl
shutdown
getaddrinfo
WSAStartup
WSAAddressToStringA
send
socket
connect

Exports

Exports

?ADD@@YAHHH@Z
?appisexistI@@YAHPBD0@Z
?appisexistI@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?checkDeviceBackEncrypt@@YAHPBD@Z
?encryptset@@YAHPBDHPAD@Z
?freeiosDeviceList@@YAHAAV?$vector@PAUIOS_DEVICE_INFO@@V?$allocator@PAUIOS_DEVICE_INFO@@@std@@@std@@@Z
?getIosDeviceList@@YAHAAV?$vector@PAUIOS_DEVICE_INFO@@V?$allocator@PAUIOS_DEVICE_INFO@@@std@@@std@@AA_N@Z
?getiDeviceList@@YAHPAPAPAUmulidevice_info@@PAH@Z
?getiDeviceinfo@@YAHPBD0@Z
?getiphonemdmclock@@YAHPBD@Z
?getiphonesearchstatus@@YAHPBD@Z
?getiphonesearchstatusA@@YAHPBD@Z
?iDeviceBackup@@YAHPBDPADP6AHHPAX@Z@Z
?iDeviceRestore@@YAHPBDPADP6AHHPAX@Z@Z
?iPhonePairStatus@@YAHPBD@Z
?mulidevice_device_list_extended_free@@YAHPAPAUmulidevice_info@@@Z
afc_client_free
afc_client_new
afc_client_new_with_service_client
afc_client_start_service
afc_dictionary_free
afc_file_close
afc_file_lock
afc_file_open
afc_file_read
afc_file_seek
afc_file_tell
afc_file_truncate
afc_file_write
afc_get_device_info
afc_get_device_info_key
afc_get_file_info
afc_make_directory
afc_make_link
afc_read_directory
afc_remove_path
afc_remove_path_and_contents
afc_rename_path
afc_set_file_time
afc_truncate
diagnostics_relay_client_free
diagnostics_relay_client_new
diagnostics_relay_client_start_service
diagnostics_relay_goodbye
diagnostics_relay_query_ioregistry_entry
diagnostics_relay_query_ioregistry_plane
diagnostics_relay_query_mobilegestalt
diagnostics_relay_request_diagnostics
diagnostics_relay_restart
diagnostics_relay_shutdown
diagnostics_relay_sleep
idevice_connect
idevice_connection_disable_bypass_ssl
idevice_connection_disable_ssl
idevice_connection_enable_ssl
idevice_connection_get_fd
idevice_connection_receive
idevice_connection_receive_timeout
idevice_connection_send
idevice_device_list_extended_free
idevice_device_list_free
idevice_disconnect
idevice_event_subscribe
idevice_event_unsubscribe
idevice_free
idevice_get_device_list
idevice_get_device_list_extended
idevice_get_handle
idevice_get_udid
idevice_new
idevice_new_with_options
idevice_set_debug_level
instproxy_archive
instproxy_browse
instproxy_browse_with_callback
instproxy_check_capabilities_match
instproxy_client_free
instproxy_client_get_path_for_bundle_identifier
instproxy_client_new
instproxy_client_options_add
instproxy_client_options_free
instproxy_client_options_new
instproxy_client_options_set_return_attributes
instproxy_client_start_service
instproxy_command_get_name
instproxy_install
instproxy_lookup
instproxy_lookup_archives
instproxy_remove_archive
instproxy_restore
instproxy_status_get_current_list
instproxy_status_get_error
instproxy_status_get_name
instproxy_status_get_percent_complete
instproxy_uninstall
instproxy_upgrade
libusbmuxd_set_debug_level
libusbmuxd_set_use_inotify
lockdownd_activate
lockdownd_client_free
lockdownd_client_new
lockdownd_client_new_with_handshake
lockdownd_client_set_label
lockdownd_data_classes_free
lockdownd_deactivate
lockdownd_enter_recovery
lockdownd_get_device_name
lockdownd_get_device_udid
lockdownd_get_sync_data_classes
lockdownd_get_value
lockdownd_goodbye
lockdownd_pair
lockdownd_pair_with_options
lockdownd_query_type
lockdownd_receive
lockdownd_remove_value
lockdownd_send
lockdownd_service_descriptor_free
lockdownd_set_value
lockdownd_start_service
lockdownd_start_service_with_escrow_bag
lockdownd_start_session
lockdownd_stop_session
lockdownd_strerror
lockdownd_unpair
lockdownd_validate_pair
mobilebackup2_client_free
mobilebackup2_client_new
mobilebackup2_client_start_service
mobilebackup2_receive_message
mobilebackup2_receive_raw
mobilebackup2_send_message
mobilebackup2_send_raw
mobilebackup2_send_request
mobilebackup2_send_status_response
mobilebackup2_version_exchange
np_client_free
np_client_new
np_client_start_service
np_observe_notification
np_observe_notifications
np_post_notification
np_set_notify_callback
plist_access_path
plist_access_pathv
plist_array_append_item
plist_array_get_item
plist_array_get_item_index
plist_array_get_size
plist_array_insert_item
plist_array_item_remove
plist_array_new_iter
plist_array_next_item
plist_array_remove_item
plist_array_set_item
plist_bool_val_is_true
plist_compare_node_value
plist_copy
plist_data_val_compare
plist_data_val_compare_with_size
plist_data_val_contains
plist_date_val_compare
plist_dict_get_item
plist_dict_get_item_key
plist_dict_get_size
plist_dict_insert_item
plist_dict_item_get_key
plist_dict_merge
plist_dict_new_iter
plist_dict_next_item
plist_dict_remove_item
plist_dict_set_item
plist_free
plist_from_bin
plist_from_memory
plist_from_xml
plist_get_bool_val
plist_get_data_ptr
plist_get_data_val
plist_get_date_val
plist_get_key_val
plist_get_node_type
plist_get_parent
plist_get_real_val
plist_get_string_ptr
plist_get_string_val
plist_get_uid_val
plist_get_uint_val
plist_is_binary
plist_key_val_compare
plist_key_val_compare_with_size
plist_key_val_contains
plist_new_array
plist_new_bool
plist_new_data
plist_new_date
plist_new_dict
plist_new_real
plist_new_string
plist_new_uid
plist_new_uint
plist_real_val_compare
plist_set_bool_val
plist_set_data_val
plist_set_date_val
plist_set_key_val
plist_set_real_val
plist_set_string_val
plist_set_uid_val
plist_set_uint_val
plist_string_val_compare
plist_string_val_compare_with_size
plist_string_val_contains
plist_to_bin
plist_to_bin_free
plist_to_xml
plist_to_xml_free
plist_uid_val_compare
plist_uint_val_compare
property_list_service_client_free
property_list_service_client_new
property_list_service_disable_ssl
property_list_service_enable_ssl
property_list_service_receive_plist
property_list_service_receive_plist_with_timeout
property_list_service_send_binary_plist
property_list_service_send_xml_plist
sbservices_client_free
sbservices_client_new
sbservices_client_start_service
sbservices_get_home_screen_wallpaper_pngdata
sbservices_get_icon_pngdata
sbservices_get_icon_state
sbservices_get_interface_orientation
sbservices_set_icon_state
service_client_factory_start_service
service_client_free
service_client_new
service_disable_bypass_ssl
service_disable_ssl
service_enable_ssl
service_receive
service_receive_with_timeout
service_send
usbmuxd_connect
usbmuxd_delete_pair_record
usbmuxd_device_list_free
usbmuxd_disconnect
usbmuxd_events_subscribe
usbmuxd_events_unsubscribe
usbmuxd_get_device
usbmuxd_get_device_by_udid
usbmuxd_get_device_list
usbmuxd_read_buid
usbmuxd_read_pair_record
usbmuxd_recv
usbmuxd_recv_timeout
usbmuxd_save_pair_record
usbmuxd_save_pair_record_with_device_id
usbmuxd_send
usbmuxd_subscribe
usbmuxd_unsubscribe

Sections

.text
Size: 847KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b68d6d523becee3f5fe0dfc92255c078

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

73:a9:3b:b5:68:f0:c4:21:db:df:a7:85:d6:8c:4a:7fCertificate

Extended Key Usages

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3bCertificate

Extended Key Usages

Key Usages

74:d9:f2:db:51:3c:22:67:fd:47:9c:36:07:3f:7b:1dCertificate

Extended Key Usages

Key Usages

37:83:31:f1:bc:01:4b:b8:57:76:b3:b1:9f:5b:4c:3a:31:d2:4d:37:de:76:48:55:81:50:df:d2:90:b8:36:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 847KB - Virtual size: 847KB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 15KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 39KB - Virtual size: 38KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

73:a9:3b:b5:68:f0:c4:21:db:df:a7:85:d6:8c:4a:7f
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

74:d9:f2:db:51:3c:22:67:fd:47:9c:36:07:3f:7b:1d
Certificate

37:83:31:f1:bc:01:4b:b8:57:76:b3:b1:9f:5b:4c:3a:31:d2:4d:37:de:76:48:55:81:50:df:d2:90:b8:36:c7
Signer

.text
Size: 847KB - Virtual size: 847KB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 15KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 39KB - Virtual size: 38KB