This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
There are no files for this filter
There are no files in this analysis
|
MIME Type
|
application/x-mach-binary
|
|
File Size
|
5.29 MB
|
|
MD5
|
0fa57611176f0db85a9d353940754376
|
|
SHA1
|
e8cf125a04b9e998f156e1f7ff3f8678cd7ae2d7
|
|
SHA256
|
bc26106b8acc05b075922353be3b252b49c03f35adff4ee2b456dba23e77a080
|
|
SSDeep
|
98304:djRGJYo1H99SkmVLqEYEMxft6tL/6qDFf9ZRpmLQryi1V:jLP3Vyi1V
|
|
ImpHash
|
-
|
|
Verdict
|
Malicious
|
|
Names
|
Mal/Generic-S
|
|
Arch Type
|
x86_64
|
|
Arch Subtype
|
x86_64_all
|
|
Type
|
Executable
|
|
Flags
|
noundefs, dyldlink, twolevel, binds_to_weak, pie
|
|
UUID
|
3d472805-22a1-3d6d-bd5b-eca78d67b840
|
|
Entry Point
|
0x100527680
|
|
Virtual Address
|
0x00000000
|
|
Virtual Size
|
0x100000000
|
|
Raw Data Offset
|
0x00000000
|
|
Raw Data Size
|
0x00000000
|
|
Initial Protection
|
-
|
|
Maximum Protection
|
-
|
|
Flags
|
-
|
|
Entropy
|
0.0
|
|
Virtual Address
|
0x100000000
|
|
Virtual Size
|
0x0052C000
|
|
Raw Data Offset
|
0x00000000
|
|
Raw Data Size
|
0x0052C000
|
|
Initial Protection
|
read, execute
|
|
Maximum Protection
|
read, execute
|
|
Flags
|
-
|
|
Entropy
|
5.34
|
|
Name
|
Type
|
Virtual Address
|
Raw Data Offset
|
Size
|
Attributes
|
|
__text
|
regular
|
0x100000680
|
0x00000680
|
0x0052B24A
|
pure_instructions, some_instructions
|
|
__stubs
|
symbol_stubs
|
0x10052B8CA
|
0x0052B8CA
|
0x000000D8
|
pure_instructions, some_instructions
|
|
__stub_helper
|
regular
|
0x10052B9A2
|
0x0052B9A2
|
0x00000150
|
pure_instructions, some_instructions
|
|
__gcc_except_tab
|
regular
|
0x10052BAF4
|
0x0052BAF4
|
0x00000278
|
-
|
|
__cstring
|
cstring_literals
|
0x10052BD6C
|
0x0052BD6C
|
0x00000022
|
-
|
|
__const
|
regular
|
0x10052BD90
|
0x0052BD90
|
0x00000020
|
-
|
|
__unwind_info
|
regular
|
0x10052BDB0
|
0x0052BDB0
|
0x00000248
|
-
|
|
Virtual Address
|
0x10052C000
|
|
Virtual Size
|
0x00001000
|
|
Raw Data Offset
|
0x0052C000
|
|
Raw Data Size
|
0x00001000
|
|
Initial Protection
|
read, write
|
|
Maximum Protection
|
read, write
|
|
Flags
|
-
|
|
Entropy
|
0.0
|
|
Name
|
Type
|
Virtual Address
|
Raw Data Offset
|
Size
|
Attributes
|
|
__got
|
non_lazy_symbol_pointers
|
0x10052C000
|
0x0052C000
|
0x00000068
|
-
|
|
Virtual Address
|
0x10052D000
|
|
Virtual Size
|
0x00001000
|
|
Raw Data Offset
|
0x0052D000
|
|
Raw Data Size
|
0x00001000
|
|
Initial Protection
|
read, write
|
|
Maximum Protection
|
read, write
|
|
Flags
|
-
|
|
Entropy
|
0.31
|
|
Name
|
Type
|
Virtual Address
|
Raw Data Offset
|
Size
|
Attributes
|
|
__la_symbol_ptr
|
lazy_symbol_pointers
|
0x10052D000
|
0x0052D000
|
0x00000100
|
-
|
|
__data
|
regular
|
0x10052D100
|
0x0052D100
|
0x00000008
|
-
|
|
Virtual Address
|
0x10052E000
|
|
Virtual Size
|
0x00020000
|
|
Raw Data Offset
|
0x0052E000
|
|
Raw Data Size
|
0x0001DAC0
|
|
Initial Protection
|
read
|
|
Maximum Protection
|
read
|
|
Flags
|
-
|
|
Entropy
|
4.49
|
|
Name
|
Version
|
Compatibility Version
|
|
/usr/lib/libc++.1.dylib
|
1800.105.0
|
1.0.0
|
|
/usr/lib/libSystem.B.dylib
|
1351.0.0
|
1.0.0
|
|
bind_off
|
5431304
|
|
bind_size
|
304
|
|
export_off
|
5432816
|
|
export_size
|
32
|
|
lazy_bind_off
|
5431712
|
|
lazy_bind_size
|
1104
|
|
rebase_off
|
5431296
|
|
rebase_size
|
8
|
|
weak_bind_off
|
5431608
|
|
weak_bind_size
|
104
|
|
nsyms
|
47
|
|
stroff
|
5489960
|
|
strsize
|
1200
|
|
symoff
|
5488880
|
|
extrefsymoff
|
0
|
|
extreloff
|
0
|
|
iextdefsym
|
1
|
|
ilocalsym
|
0
|
|
indirectsymoff
|
5489632
|
|
iundefsym
|
2
|
|
locreloff
|
0
|
|
modtaboff
|
0
|
|
nextdefsym
|
1
|
|
nextrefsyms
|
0
|
|
nextrel
|
0
|
|
nindirectsyms
|
81
|
|
nlocalsym
|
1
|
|
nlocrel
|
0
|
|
nmodtab
|
0
|
|
ntoc
|
0
|
|
nundefsym
|
45
|
|
tocoff
|
0
|
|
uuid
|
3d472805-22a1-3d6d-bd5b-eca78d67b840
|
|
minos
|
10.15.0
|
|
platform
|
PLATFORM_MACOS
|
|
sdk
|
15.2.0
|
|
tools
|
[{'tool': 'TOOL_LD', 'version': '1115.7.3'}]
|
|
entryoff
|
5404288
|
|
stacksize
|
0
|
|
dataoff
|
5432848
|
|
datasize
|
56032
|
|
dataoff
|
5488880
|
|
datasize
|
0
|
|
dataoff
|
5491168
|
|
datasize
|
61664
|
|
Name
|
Process ID
|
Start VA
|
End VA
|
Dump Reason
|
Mach-O Rebuild
|
Bitness
|
Entry Point
|
YARA
|
Actions
|
|
localfile~
|
1
|
0x10BFF0000
|
0x10C53BFFF
|
Relevant Image
|
|
64-bit
|
0x10BFF1110
|
|
|
|
MIME Type
|
application/octet-stream
|
|
File Size
|
4.19 KB
|
|
MD5
|
e1b78841cf6e294b1cddc8545323aec7
|
|
SHA1
|
a7f9fbb1ef82fa4f5babc7c5ea2e19ceaa4a4653
|
|
SHA256
|
2aa9985ece442c67bf45504a1a7225ebe24ff3998c6fd7ab3f5786169e65de1a
|
|
SSDeep
|
48:/rE/DVbttvHHFflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyu:w/9//lN26MT0D5MdtbZPAVwzVRwO
|
|
ImpHash
|
-
|
|
MIME Type
|
application/octet-stream
|
|
File Size
|
3.37 KB
|
|
MD5
|
c729e5750fc0aa3ce49f699151b28203
|
|
SHA1
|
97c0819ecfa6baf1bf5728bfb8efe13fc75ee640
|
|
SHA256
|
22bc37a25606b92ab87db1f689793131708bbc16827a4e15797a1b2fc3f186a5
|
|
SSDeep
|
96:zyFM3SNiqVsS8lAkZfdQ5yL4qYDNdAgWURq+m1GvrrKTN46b:6MiJsS8ikZ1tYDNqgWU8JGvKTN46b
|
|
ImpHash
|
-
|
|
MIME Type
|
text/plain
|
|
File Size
|
1.37 KB
|
|
MD5
|
e6770bc40f53f4d71824b30af6024436
|
|
SHA1
|
97c4c5cb26cf3cb5062818f528e67d886c380f18
|
|
SHA256
|
c2470b43fecf8eee075889910ef9cced46ed5df242d89a52395c666044801097
|
|
SSDeep
|
24:MBj8uBan4RP1S27D1f1gMeMCHmt26AAft7BYIQoELnoEkMdQaW6dIZgtfoWTC1cH:wNBRRPEaHveMEmt28fJ2ItELoEkMV9d1
|
|
ImpHash
|
-
|
