macOS
Analysis Report
locker
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Joe Sandbox Version: | 38.0.0 Beryl |
Analysis ID: | 3293996 |
Start date and time: | 2023-08-16 09:48:28 +02:00 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 3m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | macOS - Ventura.jbs |
Analysis system description: | Mac Mini, Apple Silicon ARM64, Ventura |
macOS major version: | 13 |
CPU architecture: | arm64 |
Analysis Mode: | default |
Sample file name: | locker |
Detection: | MAL |
Classification: | mal72.rans.evad.mac@0/3@0/0 |
- Excluded IPs from analysis (whitelisted): 23.32.238.66, 23.32.238.50
- Excluded domains from analysis (whitelisted): 1-courier.sandbox.push.apple.com, lb._dns-sd._udp.0.0.168.192.in-addr.arpa, 56.0.168.192.in-addr.arpa, weather-data.apple.com.akamaized.net, weather-data.apple.com, stocks-data-service.apple.com, a1091.dscw154.akamai.net, weather-data.apple.com.akadns.net, stocks-data-service.lb-apple.com.akadns.net, stocks-data-service.apple.com.edgesuite.net, api.smoot.apple.com, bag-smoot.v.aaplimg.com
Command: | /Users/rodrigo/Desktop/locker -f -p test -i /Users/rodrigo/Downloads/myfiles |
PID: | 1322 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
- System is mac-arm-ventura
- mono-sgen64 New Fork (PID: 1322, Parent: 1257)
- locker New Fork (PID: 1323, Parent: 1322)
- locker New Fork (PID: 1324, Parent: 1323)
- locker New Fork (PID: 1325, Parent: 1323)
- locker New Fork (PID: 1329, Parent: 1323)
- bash New Fork (PID: 1330, Parent: 1329)
- bash New Fork (PID: 1331, Parent: 1329)
- bash New Fork (PID: 1332, Parent: 1329)
- bash New Fork (PID: 1333, Parent: 1329)
- bash New Fork (PID: 1334, Parent: 1329)
- locker New Fork (PID: 1338, Parent: 1323)
- bash New Fork (PID: 1339, Parent: 1338)
- bash New Fork (PID: 1340, Parent: 1338)
- bash New Fork (PID: 1341, Parent: 1338)
- bash New Fork (PID: 1342, Parent: 1338)
- bash New Fork (PID: 1343, Parent: 1338)
- locker New Fork (PID: 1345, Parent: 1323)
- bash New Fork (PID: 1346, Parent: 1345)
- locker New Fork (PID: 1348, Parent: 1323)
- bash New Fork (PID: 1349, Parent: 1348)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_RANSOM_LNX_macOS_LockBit_Apr23_1 | Detects LockBit ransomware samples for Linux and macOS | Florian Roth |
| |
MAL_RANSOM_LockBit_Apr23_1 | Detects indicators found in LockBit ransomware | Florian Roth |
| |
JoeSecurity_LockBit_ransomware | Yara detected LockBit ransomware | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_RANSOM_LockBit_Apr23_1 | Detects indicators found in LockBit ransomware | Florian Roth |
| |
JoeSecurity_LockBit_ransomware | Yara detected LockBit ransomware | Joe Security | ||
MAL_RANSOM_LockBit_Locker_LOG_Apr23_1 | Detects indicators found in LockBit ransomware log files | Florian Roth |
|
Click to jump to signature section
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Networking |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Written file moved: | Jump to behavior | ||
Source: | Written file moved: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code Signing Info: |
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior |
Source: | File created in download directory: | Jump to dropped file |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Source: | Ps executable: | Jump to behavior | ||
Source: | Ps executable: | Jump to behavior |
Source: | Awk executable: | Jump to behavior | ||
Source: | Awk executable: | Jump to behavior |
Source: | CodeSign Info: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Kill vmsyslogd: | Jump to behavior | ||
Source: | Kill vmsyslogd: | Jump to behavior |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Binary or memory string: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | Path Interception | Path Interception | 22 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 1 Scripting | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | 1 Service Stop |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Scripting | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Proxy | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 11 Invalid Code Signature | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 11 Code Signing | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
false | high | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown | |||
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
2.21.20.146 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASN1EU | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher, SharepointPhisher | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | FormBook, DBatLoader | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | Petya / NotPetya, Mimikatz | Browse |
|
Process: | /Users/rodrigo/Desktop/locker |
File Type: | |
Category: | dropped |
Size (bytes): | 4171 |
Entropy (8bit): | 5.0273174802063165 |
Encrypted: | false |
SSDEEP: | 96:vW0YUS8YT0Zn/yjKzyxhSkKLByEfJinWKwZurLA0:vWYVYT0Zn/yjFhj2fJuQiZ |
MD5: | 3522EEAA83392B60EEC1C746A07F1B9D |
SHA1: | EF958F3CF201F9323CEAE9663D86464021F8E10D |
SHA-256: | 8AA41F78D44F80C56B7364954B397525B5271EB2338C2C2A8ED4A1D05FD1F0D3 |
SHA-512: | 8103B8DC09FF63BEBE278DE2D9697056D78115D15BB24CBE24794BFB12DEEC9E006537B0ED331D344516CB671387117BB8A46757DC9298847AA496699399C6A9 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
Process: | /Users/rodrigo/Desktop/locker |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | /Users/rodrigo/Desktop/locker |
File Type: | |
Category: | dropped |
Size (bytes): | 1122 |
Entropy (8bit): | 5.200729478336906 |
Encrypted: | false |
SSDEEP: | 24:yGYwFuUDf+34Z+L4ZbL4Z+CO4ZBCZvAPULTPkWVUaPkW0:yWFukUU/4woPQHVC |
MD5: | 083A1256D33DFFE220931B9E2E5273BF |
SHA1: | E1288F4E68365AB30468B9C93DC80D828459B337 |
SHA-256: | 81F06CB5B768B5FAF065D4B24E612406528D26422B7245E71AA7C24D05BDA23B |
SHA-512: | B38B96FF2E6DE52B4DCCC9A9D0092194C568590E0513FB45D7116EE2E3DBF51D0D49C29DA384A8946B8E04484BDF482D58634D2C8BD72D458B3207106597C0A9 |
Malicious: | false |
Yara Hits: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.843741465163178 |
TrID: |
|
File name: | locker |
File size: | 412'227 bytes |
MD5: | abf01633960dd77c6137175a21fccf34 |
SHA1: | 2d15286d25f0e0938823dcd742bc928e78199b3d |
SHA256: | 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79 |
SHA512: | 4929d96033de0ecbb5a2356f12dc8e1cbf1a4d9659bb3c30005b55e8691981176e7162672b250ff1a8008e8dbdf4272df2a8d7fd0b7f03a6069df64f87ea01c3 |
SSDEEP: | 6144:dsjtmdjmg8o3TMkdSFKvrhWmc/aa/YxyPy0y5ykyPpelPyrO8BrGd2//ryj4hqq1:dsj0dApBS3lPy7nn24cq1g+bKpbIfp |
TLSH: | 93949D099C6C1D77EAC6A0FD18504ECC710FFFA8CE5092B2728E885D9FDA695B050B79 |
File Content Preview: | .......................... .........H...__PAGEZERO..........................................................x...__TEXT..........................................................__text..........__TEXT..........x...............x.............................. |
|
General Information for header 1 | |
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | 17 |
Entry point: |
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x50000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x50000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA_CONST | ||||||||||||||||||||||||||||||
vmaddr | 0x100050000 | ||||||||||||||||||||||||||||||
vmsize | 0x4000 | ||||||||||||||||||||||||||||||
fileoff | 0x50000 | ||||||||||||||||||||||||||||||
filesize | 0x4000 | ||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||
nsects | 2 | ||||||||||||||||||||||||||||||
flags | 0x10 | ||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | ||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100054000 | ||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x8000 | ||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x54000 | ||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x8000 | ||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 4 | ||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x10005C000 |
vmsize | 0xC000 |
fileoff | 0x5C000 |
filesize | 0x8A43 |
maxprot | 0x1 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
Name | Value |
---|---|
rebase_off | 376832 |
rebase_size | 24 |
bind_off | 376856 |
bind_size | 128 |
weak_bind_off | 0 |
weak_bind_size | 0 |
lazy_bind_off | 376984 |
lazy_bind_size | 1840 |
export_off | 378824 |
export_size | 8704 |
Name | Value |
---|---|
symoff | 388064 |
nsyms | 587 |
stroff | 398368 |
strsize | 10536 |
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 0 |
iextdefsym | 0 |
nextdefsym | 469 |
iundefsym | 469 |
nundefsym | 118 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 397456 |
nindirectsyms | 227 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
Name | Value |
---|---|
name | 12 |
Datas | /usr/lib/dyld |
Name | Value |
---|---|
uuid | b'\xf9b\xf1\x8b\x12\xa136\x8a\xa4\x07y\x08\x9c+\t' |
Name | Value |
---|---|
platform | 1 |
minos | 720896 |
sdk | 721664 |
ntools | 1 |
Datas | . |
Name | Value |
---|---|
version | 0 |
Name | Value |
---|---|
entryoff | 45268 |
stacksize | 0 |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1292.100.5 |
compatibility_version | 1.0.0 |
Datas | /usr/lib/libSystem.B.dylib |
Name | Value |
---|---|
dataoff | 387528 |
datasize | 536 |
Name | Value |
---|---|
dataoff | 388064 |
datasize | 0 |
Name | Value |
---|---|
dataoff | 408912 |
datasize | 3315 |
_CalculateCryptoBlocksShift |
_KEYSIZE |
_PrintLog |
_PrintLog2 |
_Restore_My_Files_body |
_Restore_My_Files_body_1 |
_Restore_My_Files_body_2 |
_Restore_My_Files_body_3 |
_Restore_My_Files_name |
_SkipByDirName |
_SkipByFileName |
_Suspend_VM_ID_ERROR |
_Suspended_VM_ID |
___assert_rtn |
___chkstk_darwin |
___error |
___memcpy_chk |
___sprintf_chk |
___stack_chk_fail |
___stack_chk_guard |
___stderrp |
___stdinp |
___strcat_chk |
___strcpy_chk |
___strncat_chk |
___tolower |
__mh_execute_header |
_abort |
_access |
_add_dir |
_add_node_to_chain |
_all_aparams |
_all_bytes_encrypted |
_all_bytes_ignored |
_all_bytes_readed |
_all_failed_files_count |
_all_files_count |
_all_success_files_count |
_all_vms_count |
_alloc_node |
_apple_config |
_ast |
_atoi |
_atol |
_autostart_off |
_avmdk |
_bRunning |
_bSelfRemove |
_bVMDKmode |
_basename |
_bdaemon |
_beginfile |
_bfullog |
_bin |
_bin_vim_cmd |
_bin_vm_support |
_bnostop |
_boot_cmd |
_bwipe |
_bzero |
_calloc |
_chdir |
_check_esxi |
_chmod |
_close |
_comma |
_cpusummary1_bsd |
_cpusummary1_linux |
_cpusummary2_bsd |
_cpusummary2_linux |
_cpusummary3_bsd |
_cpusummary3_linux |
_crc32_table |
_create_log_file |
_create_spots |
_create_spots_2 |
_crypto_box |
_crypto_box_afternm |
_crypto_box_beforenm |
_crypto_box_beforenmbytes |
_crypto_box_boxzerobytes |
_crypto_box_curve25519xsalsa20poly1305 |
_crypto_box_curve25519xsalsa20poly1305_afternm |
_crypto_box_curve25519xsalsa20poly1305_beforenm |
_crypto_box_curve25519xsalsa20poly1305_beforenmbytes |
_crypto_box_curve25519xsalsa20poly1305_boxzerobytes |
_crypto_box_curve25519xsalsa20poly1305_keypair |
_crypto_box_curve25519xsalsa20poly1305_macbytes |
_crypto_box_curve25519xsalsa20poly1305_messagebytes_max |
_crypto_box_curve25519xsalsa20poly1305_noncebytes |
_crypto_box_curve25519xsalsa20poly1305_open |
_crypto_box_curve25519xsalsa20poly1305_open_afternm |
_crypto_box_curve25519xsalsa20poly1305_publickeybytes |
_crypto_box_curve25519xsalsa20poly1305_secretkeybytes |
_crypto_box_curve25519xsalsa20poly1305_seed_keypair |
_crypto_box_curve25519xsalsa20poly1305_seedbytes |
_crypto_box_curve25519xsalsa20poly1305_zerobytes |
_crypto_box_detached |
_crypto_box_detached_afternm |
_crypto_box_easy |
_crypto_box_easy_afternm |
_crypto_box_keypair |
_crypto_box_macbytes |
_crypto_box_messagebytes_max |
_crypto_box_noncebytes |
_crypto_box_open |
_crypto_box_open_afternm |
_crypto_box_open_detached |
_crypto_box_open_detached_afternm |
_crypto_box_open_easy |
_crypto_box_open_easy_afternm |
_crypto_box_primitive |
_crypto_box_publickeybytes |
_crypto_box_seal |
_crypto_box_seal_open |
_crypto_box_sealbytes |
_crypto_box_secretkeybytes |
_crypto_box_seed_keypair |
_crypto_box_seedbytes |
_crypto_box_zerobytes |
_crypto_core_hsalsa20 |
_crypto_core_salsa20 |
_crypto_core_salsa2012 |
_crypto_core_salsa2012_constbytes |
_crypto_core_salsa2012_inputbytes |
_crypto_core_salsa2012_keybytes |
_crypto_core_salsa2012_outputbytes |
_crypto_core_salsa208 |
_crypto_core_salsa208_constbytes |
_crypto_core_salsa208_inputbytes |
_crypto_core_salsa208_keybytes |
_crypto_core_salsa208_outputbytes |
_crypto_core_salsa20_constbytes |
_crypto_core_salsa20_inputbytes |
_crypto_core_salsa20_keybytes |
_crypto_core_salsa20_outputbytes |
_crypto_generichash |
_crypto_generichash_blake2b |
_crypto_generichash_blake2b_final |
_crypto_generichash_blake2b_init |
_crypto_generichash_blake2b_init_salt_personal |
_crypto_generichash_blake2b_salt_personal |
_crypto_generichash_blake2b_update |
_crypto_generichash_bytes |
_crypto_generichash_bytes_max |
_crypto_generichash_bytes_min |
_crypto_generichash_final |
_crypto_generichash_init |
_crypto_generichash_keybytes |
_crypto_generichash_keybytes_max |
_crypto_generichash_keybytes_min |
_crypto_generichash_keygen |
_crypto_generichash_primitive |
_crypto_generichash_statebytes |
_crypto_generichash_update |
_crypto_hash_sha512 |
_crypto_hash_sha512_final |
_crypto_hash_sha512_init |
_crypto_hash_sha512_update |
_crypto_onetimeauth_poly1305 |
_crypto_onetimeauth_poly1305_bytes |
_crypto_onetimeauth_poly1305_final |
_crypto_onetimeauth_poly1305_init |
_crypto_onetimeauth_poly1305_keybytes |
_crypto_onetimeauth_poly1305_keygen |
_crypto_onetimeauth_poly1305_statebytes |
_crypto_onetimeauth_poly1305_update |
_crypto_onetimeauth_poly1305_verify |
_crypto_scalarmult_curve25519 |
_crypto_scalarmult_curve25519_base |
_crypto_scalarmult_curve25519_bytes |
_crypto_scalarmult_curve25519_scalarbytes |
_crypto_secretbox_detached |
_crypto_secretbox_easy |
_crypto_secretbox_open_detached |
_crypto_secretbox_open_easy |
_crypto_secretbox_xsalsa20poly1305 |
_crypto_secretbox_xsalsa20poly1305_boxzerobytes |
_crypto_secretbox_xsalsa20poly1305_keybytes |
_crypto_secretbox_xsalsa20poly1305_keygen |
_crypto_secretbox_xsalsa20poly1305_macbytes |
_crypto_secretbox_xsalsa20poly1305_messagebytes_max |
_crypto_secretbox_xsalsa20poly1305_noncebytes |
_crypto_secretbox_xsalsa20poly1305_open |
_crypto_secretbox_xsalsa20poly1305_zerobytes |
_crypto_stream_chacha20 |
_crypto_stream_chacha20_ietf |
_crypto_stream_chacha20_ietf_keybytes |
_crypto_stream_chacha20_ietf_keygen |
_crypto_stream_chacha20_ietf_messagebytes_max |
_crypto_stream_chacha20_ietf_noncebytes |
_crypto_stream_chacha20_ietf_xor |
_crypto_stream_chacha20_ietf_xor_ic |
_crypto_stream_chacha20_keybytes |
_crypto_stream_chacha20_keygen |
_crypto_stream_chacha20_messagebytes_max |
_crypto_stream_chacha20_noncebytes |
_crypto_stream_chacha20_xor |
_crypto_stream_chacha20_xor_ic |
_crypto_stream_salsa20 |
_crypto_stream_salsa20_keybytes |
_crypto_stream_salsa20_keygen |
_crypto_stream_salsa20_messagebytes_max |
_crypto_stream_salsa20_noncebytes |
_crypto_stream_salsa20_xor |
_crypto_stream_salsa20_xor_ic |
_crypto_stream_xsalsa20 |
_crypto_stream_xsalsa20_keybytes |
_crypto_stream_xsalsa20_keygen |
_crypto_stream_xsalsa20_messagebytes_max |
_crypto_stream_xsalsa20_noncebytes |
_crypto_stream_xsalsa20_xor |
_crypto_stream_xsalsa20_xor_ic |
_crypto_verify_16 |
_crypto_verify_16_bytes |
_crypto_verify_32 |
_crypto_verify_32_bytes |
_crypto_verify_64 |
_crypto_verify_64_bytes |
_daemon |
_daemonize |
_dashes |
_date_time_fmt |
_de_xor |
_de_xor_all |
_dec |
_delay_c |
_df_h |
_dirkipped |
_dirname |
_dis_autostart |
_disable_autostart |
_displayName |
_do_I_need_to_bypass_this_file |
_do_I_need_to_bypass_this_folder2 |
_do_I_need_to_bypass_this_folder_ubuntu |
_do_I_need_to_bypass_this_vms |
_dontforget |
_dot |
_dotdot |
_en_ssh |
_en_ssh_fmt_m |
_en_ssh_fmt_p |
_enable_ssh |
_enable_ssh_t |
_enc |
_enc_entry |
_enced |
_encing |
_encrypt_all_files_in_dir |
_encrypt_all_files_in_dir_by_ext |
_encrypt_file |
_encrypt_file_by_spots |
_encrypt_file_first_N_bytes |
_encrypt_small_file |
_end_wipe |
_end_wiping |
_enter_pass |
_err |
_esxcfg_scsidevs1 |
_esxcfg_scsidevs2 |
_esxcfg_scsidevs3 |
_esxi_disable |
_esxi_enable |
_etc_c |
_except_foler1 |
_except_foler2 |
_exit |
_extensions_c |
_extrac |
_exts_divide |
_fclose |
_fcntl |
_fd_log |
_fgets |
_filesystemlist1 |
_filesystemlist1_bsd |
_filesystemlist1_linux |
_filesystemlist2 |
_filesystemlist2_bsd |
_filesystemlist2_linux |
_filesystemlist3_bsd |
_finished_time |
_flock |
_fopen |
_force_kill_fmt_1 |
_force_kill_fmt_2 |
_fork |
_fprintf |
_free |
_free_chain |
_free_ram |
_fstat |
_fstatfs |
_fsync |
_full_c |
_g_Config |
_getFile |
_get_all_files |
_get_all_processes |
_get_displayName |
_get_filename_ext |
_get_filename_ext2 |
_get_hardware |
_get_password |
_get_proccesorinfo |
_get_uname_a |
_get_version |
_get_volumes_info |
_getopt_long |
_getpagesize |
_getppid |
_gl_err |
_glob |
_globfree |
_gmtime |
_go |
_home |
_hostname |
_hostsummary1 |
_hostsummary2 |
_hostsummary3 |
_hostsummary4 |
_iMinfilesize |
_iSpotMaximum |
_ibeginRegion |
_idelayinmin |
_indir |
_init |
_irepeatinmin |
_isBE |
_is_directory |
_is_esxi |
_kill_1 |
_kill_2 |
_kill_3 |
_kill_4 |
_kill_5 |
_kill_esxi_1 |
_kill_esxi_2 |
_kill_esxi_3 |
_kill_processes |
_kill_processes_Esxi |
_killed_force_vm_id |
_listvms |
_lock_all_files_in_dir |
_lock_all_files_in_dir_by_ext |
_lockbit |
_locker_pid |
_lockex |
_log_c |
_log_to_console |
_logg |
_logg_1 |
_logg_2 |
_ls_al_p_r |
_ls_al_r |
_lseek |
_lspci_bsd_c |
_lspci_c |
_main |
_malloc |
_mask_all |
_mbedtls_aes_decrypt_cbc |
_mbedtls_aes_encrypt_cbc |
_mbedtls_aes_free |
_mbedtls_aes_init_decrypt |
_mbedtls_aes_init_encrypt |
_mbedtls_internal_aes_decrypt |
_mbedtls_internal_aes_encrypt |
_memcmp |
_memcpy |
_memmove |
_memset |
_memset_s |
_minfile |
_minus_d |
_minus_f |
_minus_l |
_minus_n |
_minus_o |
_minus_r |
_minus_t |
_minus_w |
_mlock |
_mmap |
_mmap_alloc |
_mmap_error |
_mprotect |
_munlock |
_munmap |
_mutex |
_nanosleep |
_need_ram |
_no_log |
_noext |
_noexts_c |
_nolog |
_nostop |
_not_dec |
_not_enc |
_null_two |
_number_of_processors |
_open |
_optarg |
_opterr |
_optind |
_optopt |
_page_size |
_pass |
_pclose |
_pid_file |
_popen |
_pre_encrypt_file |
_pre_str |
_printf |
_processor_info |
_processors |
_ps_bsd |
_ps_esxi |
_ps_linux |
_pthread_cond_broadcast |
_pthread_cond_destroy |
_pthread_cond_init |
_pthread_cond_signal |
_pthread_cond_wait |
_pthread_create |
_pthread_detach |
_pthread_join |
_pthread_mutex_destroy |
_pthread_mutex_init |
_pthread_mutex_lock |
_pthread_mutex_unlock |
_pthread_self |
_ptrace |
_publickey |
_put_note |
_qstrcmp |
_raise |
_rand |
_rand_value |
_randombytes |
_randombytes_buf |
_randombytes_buf_deterministic |
_randombytes_close |
_randombytes_implementation_name |
_randombytes_random |
_randombytes_seedbytes |
_randombytes_set_implementation |
_randombytes_stir |
_randombytes_sysrandom_implementation |
_randombytes_uniform |
_rc_local |
_read |
_read_with_retry |
_readlink |
_remove_c |
_rename |
_repeat_c |
_reports |
_rmd |
_rstrstr |
_running |
_s |
_s_a_s_n |
_s_s |
_s_s_n |
_sbin |
_sbin_vm_support |
_sbin_vmdumper |
_setitimer |
_setsid |
_setvbuf |
_sigaction |
_signal |
_skeleton_daemon |
_slash |
_sleep |
_snprintf |
_sodium_add |
_sodium_allocarray |
_sodium_compare |
_sodium_free |
_sodium_increment |
_sodium_init |
_sodium_is_zero |
_sodium_malloc |
_sodium_memcmp |
_sodium_memzero |
_sodium_misuse |
_sodium_mlock |
_sodium_mprotect_noaccess |
_sodium_mprotect_readonly |
_sodium_mprotect_readwrite |
_sodium_munlock |
_sodium_pad |
_sodium_runtime_has_aesni |
_sodium_runtime_has_avx |
_sodium_runtime_has_avx2 |
_sodium_runtime_has_avx512f |
_sodium_runtime_has_neon |
_sodium_runtime_has_pclmul |
_sodium_runtime_has_rdrand |
_sodium_runtime_has_sse2 |
_sodium_runtime_has_sse3 |
_sodium_runtime_has_sse41 |
_sodium_runtime_has_ssse3 |
_sodium_set_misuse_handler |
_sodium_stackzero |
_sodium_sub |
_sodium_unpad |
_spot |
_srand |
_start_enc |
_start_enc_offset |
_start_enc_spot |
_start_from_dir |
_start_wipe |
_start_wiping |
_started_time |
_stat |
_strcasecmp |
_strchr |
_strcmp |
_strcpy |
_strdup |
_strerror |
_strftime |
_strlen |
_strncmp |
_strncpy |
_strrchr |
_strstr |
_strtok |
_sudoers_d |
_suspend_routine |
_suspend_working_vms |
_sysconf |
_sysctlbyname |
_system |
_target_and_nftw |
_target_and_nftw2 |
_tempnam |
_threadpool |
_time |
_time_fmt |
_timer_handler |
_tpool_add_work |
_tpool_create |
_tpool_destroy |
_tpool_wait |
_trying |
_umask |
_uname_a |
_unlink |
_usage |
_usr_share |
_var_log |
_version |
_vfprintf |
_vmdk |
_vmdk_c |
_vmdumper_l |
_vmdumper_suspend_vm |
_vmware_v |
_vprintf |
_vswp |
_wait_for_stop |
_wait_for_stop_error |
_wait_for_wid_stopped |
_wbskipped |
_wholefile |
_wholefile_c |
_wid_str |
_wipe |
_wipe_error_fmt |
_wipe_routine |
_wiping |
_wordexp |
_wordfree |
_workers_count |
_write |
_write_on_disk |
_write_with_retry |
_xcrc32 |
_xor_val |
dyld_stub_binder |
___assert_rtn |
___error |
___memcpy_chk |
___sprintf_chk |
___stack_chk_fail |
___strcat_chk |
___strcpy_chk |
___strncat_chk |
___tolower |
_abort |
_access |
_atoi |
_atol |
_basename |
_bzero |
_calloc |
_chdir |
_chmod |
_close |
_daemon |
_dirname |
_exit |
_fclose |
_fcntl |
_fgets |
_flock |
_fopen |
_fork |
_fprintf |
_free |
_fstat |
_fstatfs |
_fsync |
_getopt_long |
_getpagesize |
_getppid |
_glob |
_globfree |
_gmtime |
_lseek |
_malloc |
_memcmp |
_memcpy |
_memmove |
_memset |
_memset_s |
_mlock |
_mmap |
_mprotect |
_munlock |
_munmap |
_nanosleep |
_open |
_pclose |
_popen |
_printf |
_pthread_cond_broadcast |
_pthread_cond_destroy |
_pthread_cond_init |
_pthread_cond_signal |
_pthread_cond_wait |
_pthread_create |
_pthread_detach |
_pthread_join |
_pthread_mutex_destroy |
_pthread_mutex_init |
_pthread_mutex_lock |
_pthread_mutex_unlock |
_pthread_self |
_ptrace |
_raise |
_rand |
_read |
_readlink |
_rename |
_setitimer |
_setsid |
_setvbuf |
_sigaction |
_signal |
_sleep |
_snprintf |
_srand |
_stat |
_strcasecmp |
_strchr |
_strcmp |
_strcpy |
_strdup |
_strerror |
_strftime |
_strlen |
_strncmp |
_strncpy |
_strrchr |
_strstr |
_strtok |
_sysconf |
_sysctlbyname |
_system |
_tempnam |
_time |
_umask |
_unlink |
_vfprintf |
_vprintf |
_wordexp |
_wordfree |
_write |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 16, 2023 09:48:47.185632944 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.196001053 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.196578979 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.196578979 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.206788063 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.218308926 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.218341112 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.218359947 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.218380928 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.218902111 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.222924948 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.223351955 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.233186960 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.233238935 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.233360052 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.233378887 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.233576059 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.233652115 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.465276003 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.465306997 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.465327024 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.465344906 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.465363979 CEST | 443 | 54215 | 2.21.20.146 | 192.168.0.56 |
Aug 16, 2023 09:48:47.465626955 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.465744972 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Aug 16, 2023 09:48:47.679861069 CEST | 54215 | 443 | 192.168.0.56 | 2.21.20.146 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 16, 2023 09:48:47.229587078 CEST | 53 | 54481 | 4.2.2.1 | 192.168.0.56 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Aug 16, 2023 09:48:46.760468006 CEST | 4.2.2.1 | 192.168.0.56 | c424 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:48:48.819890022 CEST | 4.2.2.1 | 192.168.0.56 | c424 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:48:48.819921970 CEST | 4.2.2.1 | 192.168.0.56 | c42b | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:48:52.993401051 CEST | 4.2.2.1 | 192.168.0.56 | c424 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:48:52.993432045 CEST | 4.2.2.1 | 192.168.0.56 | c42b | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:48:52.993887901 CEST | 4.2.2.1 | 192.168.0.56 | c433 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:48:52.993918896 CEST | 4.2.2.1 | 192.168.0.56 | c422 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:01.157387972 CEST | 4.2.2.2 | 192.168.0.56 | c425 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:01.157526016 CEST | 4.2.2.2 | 192.168.0.56 | c41f | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:01.157830000 CEST | 4.2.2.2 | 192.168.0.56 | c42c | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:01.157847881 CEST | 4.2.2.2 | 192.168.0.56 | c423 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:01.157936096 CEST | 4.2.2.2 | 192.168.0.56 | c434 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:17.792175055 CEST | 4.2.2.2 | 192.168.0.56 | c425 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:17.792273045 CEST | 4.2.2.2 | 192.168.0.56 | c41f | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:17.792542934 CEST | 4.2.2.2 | 192.168.0.56 | c42c | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:17.792671919 CEST | 4.2.2.2 | 192.168.0.56 | c434 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:17.792690039 CEST | 4.2.2.2 | 192.168.0.56 | c423 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:47.841537952 CEST | 4.2.2.1 | 192.168.0.56 | c424 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:47.841648102 CEST | 4.2.2.1 | 192.168.0.56 | c42b | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:47.842015028 CEST | 4.2.2.1 | 192.168.0.56 | c433 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:47.842137098 CEST | 4.2.2.1 | 192.168.0.56 | c422 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:49:47.842272043 CEST | 4.2.2.1 | 192.168.0.56 | c41e | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:18.930401087 CEST | 4.2.2.1 | 192.168.0.56 | c424 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:18.930430889 CEST | 4.2.2.1 | 192.168.0.56 | c42b | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:18.930721045 CEST | 4.2.2.1 | 192.168.0.56 | c433 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:18.930825949 CEST | 4.2.2.1 | 192.168.0.56 | c422 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:18.931076050 CEST | 4.2.2.1 | 192.168.0.56 | c41e | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:49.775155067 CEST | 4.2.2.2 | 192.168.0.56 | c425 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:49.775286913 CEST | 4.2.2.2 | 192.168.0.56 | c41f | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:49.775516987 CEST | 4.2.2.2 | 192.168.0.56 | c42c | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:49.775633097 CEST | 4.2.2.2 | 192.168.0.56 | c434 | (Port unreachable) | Destination Unreachable |
Aug 16, 2023 09:50:49.775759935 CEST | 4.2.2.2 | 192.168.0.56 | c423 | (Port unreachable) | Destination Unreachable |
System Behavior
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /Library/Frameworks/Mono.framework/Versions/6.12.0/bin/mono-sgen64 |
Arguments: | - |
File size: | 4699168 bytes |
MD5 hash: | 98f65da8c6a62423d3f4cda359f06a87 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | /Users/rodrigo/Desktop/locker -f -p test -i /Users/rodrigo/Downloads/myfiles |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | - |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | - |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /bin/sh |
Arguments: | sh -c pciconf -lv |
File size: | 134000 bytes |
MD5 hash: | 68a37d17986d5af3dc693748d56e9248 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | sh -c pciconf -lv |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | - |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /bin/sh |
Arguments: | sh -c esxcfg-scsidevs -l | egrep -i 'display name|vendor' |
File size: | 134000 bytes |
MD5 hash: | 68a37d17986d5af3dc693748d56e9248 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | sh -c esxcfg-scsidevs -l | egrep -i 'display name|vendor' |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:47 |
Start date: | 16/08/2023 |
Path: | /usr/bin/egrep |
Arguments: | egrep -i display name|vendor |
File size: | 186512 bytes |
MD5 hash: | 6f66c1fde5ed2bf315b619fec82808e7 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | - |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/sh |
Arguments: | sh -c ps -ef | grep 'vmsyslogd' | grep -v grep | awk '{print $2}' | xargs -r kill -9 |
File size: | 134000 bytes |
MD5 hash: | 68a37d17986d5af3dc693748d56e9248 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | sh -c ps -ef | grep 'vmsyslogd' | grep -v grep | awk '{print $2}' | xargs -r kill -9 |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/ps |
Arguments: | ps -ef |
File size: | 203584 bytes |
MD5 hash: | c69d135ec952c1e7e71a6661d7f2c668 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/egrep |
Arguments: | grep vmsyslogd |
File size: | 186512 bytes |
MD5 hash: | 6f66c1fde5ed2bf315b619fec82808e7 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/grep |
Arguments: | grep -v grep |
File size: | 186512 bytes |
MD5 hash: | 6f66c1fde5ed2bf315b619fec82808e7 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/awk |
Arguments: | awk {print $2} |
File size: | 334992 bytes |
MD5 hash: | 97896adae88543b8cb6b90100baf16fb |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/xargs |
Arguments: | xargs -r kill -9 |
File size: | 168768 bytes |
MD5 hash: | dc3e49e00351048640a9116224da6c69 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | - |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/sh |
Arguments: | sh -c ps -ef | grep 'zsxdcxz' | grep -v grep | awk '{print $2}' | xargs -r kill -9 |
File size: | 134000 bytes |
MD5 hash: | 68a37d17986d5af3dc693748d56e9248 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | sh -c ps -ef | grep 'zsxdcxz' | grep -v grep | awk '{print $2}' | xargs -r kill -9 |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/ps |
Arguments: | ps -ef |
File size: | 203584 bytes |
MD5 hash: | c69d135ec952c1e7e71a6661d7f2c668 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/grep |
Arguments: | grep zsxdcxz |
File size: | 186512 bytes |
MD5 hash: | 6f66c1fde5ed2bf315b619fec82808e7 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/grep |
Arguments: | grep -v grep |
File size: | 186512 bytes |
MD5 hash: | 6f66c1fde5ed2bf315b619fec82808e7 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/awk |
Arguments: | awk {print $2} |
File size: | 334992 bytes |
MD5 hash: | 97896adae88543b8cb6b90100baf16fb |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:48 |
Start date: | 16/08/2023 |
Path: | /usr/bin/xargs |
Arguments: | xargs -r kill -9 |
File size: | 168768 bytes |
MD5 hash: | dc3e49e00351048640a9116224da6c69 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | - |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /bin/sh |
Arguments: | sh -c [ $# -gt 0 ] && export IFS="$1" /usr/lib/system/wordexp-helper /Users/rodrigo/Downloads/myfiles |
File size: | 134000 bytes |
MD5 hash: | 68a37d17986d5af3dc693748d56e9248 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | sh -c [ $# -gt 0 ] && export IFS="$1" /usr/lib/system/wordexp-helper /Users/rodrigo/Downloads/myfiles |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /usr/lib/system/wordexp-helper |
Arguments: | /usr/lib/system/wordexp-helper /Users/rodrigo/Downloads/myfiles |
File size: | 133696 bytes |
MD5 hash: | fe300e6642f4527972a259fc8f350927 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /Users/rodrigo/Desktop/locker |
Arguments: | - |
File size: | 412227 bytes |
MD5 hash: | abf01633960dd77c6137175a21fccf34 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /bin/sh |
Arguments: | sh -c [ $# -gt 0 ] && export IFS="$1" /usr/lib/system/wordexp-helper |
File size: | 134000 bytes |
MD5 hash: | 68a37d17986d5af3dc693748d56e9248 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | sh -c [ $# -gt 0 ] && export IFS="$1" /usr/lib/system/wordexp-helper |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /bin/bash |
Arguments: | - |
File size: | 1326752 bytes |
MD5 hash: | 2a6caea9db40595c35bd53120c9e1393 |
Start time: | 09:48:51 |
Start date: | 16/08/2023 |
Path: | /usr/lib/system/wordexp-helper |
Arguments: | /usr/lib/system/wordexp-helper |
File size: | 133696 bytes |
MD5 hash: | fe300e6642f4527972a259fc8f350927 |