4868f1a88d2c0c50719b18fc324dc97e1e6408c8284c913c34239d777e730728N

Sharing

Copy URL Twitter E-mail

General

Target

4868f1a88d2c0c50719b18fc324dc97e1e6408c8284c913c34239d777e730728N
Size

191KB
MD5

1bee08f30fae613366b998a26ed88f50
SHA1

13b64cba11b0aa1642def8d19c969acb6c245f32
SHA256

4868f1a88d2c0c50719b18fc324dc97e1e6408c8284c913c34239d777e730728
SHA512

1742e032560cd1bda408d3844b63952615a74ce6ea79262576b63a75fbf8186e6b0d8df45f28fef11a1629adc9cbc43eb73ca74111db9845cd3ccfa70aae488e
SSDEEP

3072:hE1eRwFkL4JzjOLy31xslvnIp0UMkRPbvvObUtdj4flw3hnzqpnciP6BCGyhNiNB:h0esl9ie37wvIp0UfRDvvObUtdj4flw6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4868f1a88d2c0c50719b18fc324dc97e1e6408c8284c913c34239d777e730728N

Files

4868f1a88d2c0c50719b18fc324dc97e1e6408c8284c913c34239d777e730728N
.exe windows:6 windows x86 arch:x86

056a797702269097e09f17a83bda12ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_sdks\libimobiledevice-vs\Win32\Release\idevicerestore.pdb

Imports

kernel32

GetFullPathNameA
Sleep
GetCurrentThreadId
GetCurrentProcessId
SystemTimeToFileTime
CreateDirectoryA
GetSystemTime
UnlockFileEx
GetLastError
CreateFileA
CloseHandle
LockFileEx
ExitProcess
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
DeleteCriticalSection
CreateSemaphoreA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

ws2_32

htons
setsockopt
recv
connect
socket
send
WSAStartup
closesocket
select
gethostbyname

libcurl

curl_global_cleanup
curl_slist_free_all
curl_easy_setopt
curl_easy_cleanup
curl_easy_init
curl_global_init
curl_slist_append
curl_easy_perform

plist

plist_new_string
plist_to_bin
plist_array_get_item
plist_dict_get_size
plist_copy
plist_array_get_size
plist_dict_remove_item
plist_access_path
plist_is_binary
plist_new_data
plist_array_insert_item
plist_compare_node_value
plist_set_uint_val
plist_dict_get_item
plist_new_bool
plist_get_data_val
plist_get_uint_val
plist_new_uint
plist_get_string_val
plist_get_bool_val
plist_from_bin
plist_dict_merge
plist_new_array
plist_array_append_item
plist_to_xml
plist_dict_next_item
plist_new_dict
plist_dict_set_item
plist_free
plist_dict_new_iter
plist_get_node_type
plist_from_xml

imobiledevice

preboard_commit_stashbag
preboard_client_free
idevice_get_device_list
lockdownd_client_free
lockdownd_unpair
lockdownd_start_service
lockdownd_get_value
lockdownd_query_type
restored_query_type
restored_client_new
restored_receive
restored_reboot
restored_get_value
idevice_connection_receive_timeout
idevice_connect
idevice_connection_receive
idevice_connection_send
idevice_disconnect
restored_start_restore
restored_client_free
restored_send
restored_query_value
lockdownd_client_new
idevice_device_list_free
preboard_client_new
preboard_receive_with_timeout
idevice_free
idevice_event_subscribe
idevice_set_debug_level
idevice_new
idevice_event_unsubscribe
lockdownd_enter_recovery
lockdownd_client_new_with_handshake
lockdownd_service_descriptor_free
preboard_create_stashbag

irecovery

irecv_get_mode
irecv_init
irecv_devices_get_device_by_client
irecv_strerror
irecv_device_event_subscribe
irecv_device_event_unsubscribe
irecv_open_with_ecid
irecv_usb_set_configuration
irecv_getenv
irecv_get_device_info
irecv_devices_get_device_by_hardware_model
irecv_reset
irecv_usb_control_transfer
irecv_send_command
irecv_reset_counters
irecv_event_subscribe
irecv_reconnect
irecv_finish_transfer
irecv_devices_get_device_by_product_type
irecv_set_debug_level
irecv_send_buffer
irecv_close

getopt

getopt_long_a
optind
optarg_a

libeay32

ord504
ord502
ord503

zip

zip_close
zip_fclose
zip_stat_init
zip_fread
zip_fopen_index
zip_open
zip_unchange_all
zip_stat_index
zip_source_free
zip_name_locate
zip_get_num_files
zip_delete
zip_add
zip_get_name
zip_strerror
zip_replace
zip_source_buffer

zlib1

gzeof
gzclose
gzread
gzwrite
gzopen

vcruntime140

__current_exception_context
memmove
memset
strstr
strrchr
strchr
__current_exception
_except_handler4_common
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
realloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_errno
strerror
exit
signal
perror
_seh_filter_exe
_wassert
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initterm_e
_exit

api-ms-win-crt-stdio-l1-1-0

_fileno
_open
fopen
_close
_isatty
__p__commode
_set_fmode
feof
rewind
__stdio_common_vsscanf
fread
_fseeki64
fputc
__acrt_iob_func
__stdio_common_vfprintf
fflush
fwrite
fputs
__stdio_common_vsprintf
fclose

api-ms-win-crt-string-l1-1-0

_strdup
strncpy
strncmp
strcspn
_stricmp
tolower
strtok
isprint

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
strtoll

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
rename
remove
_stat64i32
_stat64
_access
_unlink

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��=�u
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

056a797702269097e09f17a83bda12ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

libcurl

plist

imobiledevice

irecovery

getopt

libeay32

zip

zlib1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 10KB - Virtual size: 9KB

���=�u Size: 16KB - Virtual size: 20KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 10KB - Virtual size: 9KB

��=�u
Size: 16KB - Virtual size: 20KB