9341907e6ac35b8d509c4995987ad5cdd9250b14c2359c2aad8f551ed745498f

Sharing

Copy URL

Twitter E-mail

General

Target

9341907e6ac35b8d509c4995987ad5cdd9250b14c2359c2aad8f551ed745498f
Size

3.1MB
MD5

f94a40d8730843009195f8d606b01e46
SHA1

84c4d058787e2e73f7f3fdf8cb2e4b61ec8b129f
SHA256

9341907e6ac35b8d509c4995987ad5cdd9250b14c2359c2aad8f551ed745498f
SHA512

9a44aa67f393206956e0c115e5dd544ce5f710158858ac2cc90d9108c36a7ecab83f3ef55280102efbfc43d7bd64d1f77b0a1e4657f2f9357726c70231be3e3c
SSDEEP

49152:BdjJYk0LNfcR9RMqv6e+ZH7Cvtc4FBWctBHyRR32fYwE6Gzr8+ER49CGSjJd:BZR0LNfCrQuSRRlxr8jR49CGSNd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9341907e6ac35b8d509c4995987ad5cdd9250b14c2359c2aad8f551ed745498f

Files

9341907e6ac35b8d509c4995987ad5cdd9250b14c2359c2aad8f551ed745498f
.exe windows:6 windows x86 arch:x86

7803b6a1d0b9e24f47176f46819227df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\fengjiedong\libimobiledevice_win_20221110\Release\usbmuxd.pdb

Imports

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ws2_32

freeaddrinfo
getaddrinfo
WSASetLastError
select
getsockopt
ioctlsocket
connect
getsockname
gethostbyname
WSACleanup
inet_ntoa
getservbyname
shutdown
getnameinfo
accept
WSAPoll
WSAGetLastError
WSAStartup
socket
listen
inet_addr
bind
ntohl
htons
htonl
setsockopt
send
recv
ntohs
closesocket

ole32

CoTaskMemFree

kernel32

LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
CreateFileW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
OutputDebugStringW
HeapSize
FlushFileBuffers
GetLastError
Sleep
ReleaseMutex
CreateMutexA
CloseHandle
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
CreateFileA
GetOverlappedResult
DeviceIoControl
ResetEvent
WaitForSingleObject
CreateEventA
FormatMessageA
DuplicateHandle
SetLastError
SetEvent
ReleaseSemaphore
CreateEventW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
SuspendThread
WriteConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadContext
SetThreadContext
OpenProcess
GetSystemDirectoryW
FreeLibrary
GetProcAddress
GetProcessAffinityMask
WaitForMultipleObjects
CreateSemaphoreW
LoadLibraryW
FindClose
GetFullPathNameW
ExitProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleExA
GetStdHandle
GetFileType
WriteFile
GetModuleHandleA
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
FindFirstFileA
FindNextFileA
WideCharToMultiByte
LoadLibraryA
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetStdHandle
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableA
SetEndOfFile
ResumeThread
GetConsoleMode
GetModuleFileNameA
GetConsoleCP
SetFilePointerEx
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
CreateDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
HeapFree
HeapAlloc
HeapReAlloc
EncodePointer
DecodePointer
GetModuleHandleExW
AreFileApisANSI
ReadFile
GetCommandLineA
RtlUnwind
ExitThread
LoadLibraryExW
GetTimeZoneInformation
SetConsoleCtrlHandler
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetModuleFileNameW
DeleteFileW
FindFirstFileExW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegisterEventSourceA
DeregisterEventSource
ReportEventA

bcrypt

BCryptGenRandom

Exports

Exports

debug_info_real
idevice_connect
idevice_connection_disable_bypass_ssl
idevice_connection_disable_ssl
idevice_connection_enable_ssl
idevice_connection_get_fd
idevice_connection_receive
idevice_connection_receive_timeout
idevice_connection_send
idevice_device_list_extended_free
idevice_device_list_free
idevice_disconnect
idevice_event_subscribe
idevice_event_unsubscribe
idevice_free
idevice_get_device_list
idevice_get_device_list_extended
idevice_get_handle
idevice_get_socket_type
idevice_get_tcp_endpoint
idevice_get_udid
idevice_new
idevice_new_with_options
idevice_set_debug_callback
idevice_set_debug_level
idevice_set_socket_type
idevice_set_tcp_endpoint
libusbmuxd_set_debug_level
libusbmuxd_set_use_inotify
lockdownd_activate
lockdownd_client_free
lockdownd_client_new
lockdownd_client_new_with_handshake
lockdownd_client_set_label
lockdownd_data_classes_free
lockdownd_deactivate
lockdownd_enter_recovery
lockdownd_get_device_name
lockdownd_get_device_udid
lockdownd_get_sync_data_classes
lockdownd_get_value
lockdownd_goodbye
lockdownd_pair
lockdownd_pair_with_options
lockdownd_query_type
lockdownd_receive
lockdownd_remove_value
lockdownd_send
lockdownd_service_descriptor_free
lockdownd_set_value
lockdownd_start_service
lockdownd_start_service_with_escrow_bag
lockdownd_start_session
lockdownd_stop_session
lockdownd_strerror
lockdownd_unpair
lockdownd_validate_pair
np_client_free
np_client_new
np_client_start_service
np_observe_notification
np_observe_notifications
np_post_notification
np_set_notify_callback
plist_access_path
plist_access_pathv
plist_array_append_item
plist_array_get_item
plist_array_get_item_index
plist_array_get_size
plist_array_insert_item
plist_array_item_remove
plist_array_new_iter
plist_array_next_item
plist_array_remove_item
plist_array_set_item
plist_bool_val_is_true
plist_compare_node_value
plist_copy
plist_data_val_compare
plist_data_val_compare_with_size
plist_data_val_contains
plist_date_val_compare
plist_dict_get_item
plist_dict_get_item_key
plist_dict_get_size
plist_dict_insert_item
plist_dict_item_get_key
plist_dict_merge
plist_dict_new_iter
plist_dict_next_item
plist_dict_remove_item
plist_dict_set_item
plist_free
plist_from_bin
plist_from_memory
plist_from_xml
plist_get_bool_val
plist_get_data_ptr
plist_get_data_val
plist_get_date_val
plist_get_key_val
plist_get_node_type
plist_get_parent
plist_get_real_val
plist_get_string_ptr
plist_get_string_val
plist_get_uid_val
plist_get_uint_val
plist_is_binary
plist_key_val_compare
plist_key_val_compare_with_size
plist_key_val_contains
plist_new_array
plist_new_bool
plist_new_data
plist_new_date
plist_new_dict
plist_new_real
plist_new_string
plist_new_uid
plist_new_uint
plist_real_val_compare
plist_set_bool_val
plist_set_data_val
plist_set_date_val
plist_set_key_val
plist_set_real_val
plist_set_string_val
plist_set_uid_val
plist_set_uint_val
plist_string_val_compare
plist_string_val_compare_with_size
plist_string_val_contains
plist_to_bin
plist_to_bin_free
plist_to_xml
plist_to_xml_free
plist_uid_val_compare
plist_uint_val_compare
property_list_service_client_free
property_list_service_client_new
property_list_service_disable_ssl
property_list_service_enable_ssl
property_list_service_receive_plist
property_list_service_receive_plist_with_timeout
property_list_service_send_binary_plist
property_list_service_send_xml_plist
service_client_factory_start_service
service_client_free
service_client_new
service_disable_bypass_ssl
service_disable_ssl
service_enable_ssl
service_receive
service_receive_with_timeout
service_send
usbmuxd_connect
usbmuxd_delete_pair_record
usbmuxd_device_list_free
usbmuxd_disconnect
usbmuxd_events_subscribe
usbmuxd_events_unsubscribe
usbmuxd_get_device
usbmuxd_get_device_by_udid
usbmuxd_get_device_list
usbmuxd_get_socket_type
usbmuxd_get_tcp_endpoint
usbmuxd_read_buid
usbmuxd_read_pair_record
usbmuxd_recv
usbmuxd_recv_timeout
usbmuxd_save_pair_record
usbmuxd_save_pair_record_with_device_id
usbmuxd_send
usbmuxd_set_socket_type
usbmuxd_set_tcp_endpoint
usbmuxd_subscribe
usbmuxd_unsubscribe

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 246KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 624KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7803b6a1d0b9e24f47176f46819227df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

ws2_32

ole32

kernel32

user32

advapi32

bcrypt

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 269KB - Virtual size: 269KB

.data Size: 246KB - Virtual size: 260KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 624KB - Virtual size: 628KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 269KB - Virtual size: 269KB

.data
Size: 246KB - Virtual size: 260KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 624KB - Virtual size: 628KB