Analysis Report mycontacts.ipa
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Signature Overview |
---|
Click to jump to signature section
Source: | CCCrypt: | Jump to behavior |
Source: | CCCrypt: | Jump to behavior |
Source: | CCCrypt: | Jump to behavior |
Networking: |
---|
Sends email addresses over the network | Show sources |
Source: | HTTPS: |
Sends potentially phone numbers over the network | Show sources |
Source: | HTTPS: |
Source: | IP Address: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | NSCameraUsageDescription: |
Source: | NSMicrophoneUsageDescription: |
Source: | LSApplicationQueriesSchemes: |
Source: | Classification label: |
Source: | Static ARM disassembly: | f_10000729c | |
Source: | Static ARM disassembly: | f_10000729c |
Source: | Static ARM disassembly: | f_1000082c0 |
Persistence and Installation Behavior: |
---|
Has the permission to install, browse, and/or archive apps (using a private API) | Show sources |
Source: | Embedded entitlements.plist: |
Has the permission to launch other apps (using a private API) | Show sources |
Source: | Embedded entitlements.plist: |
Has the permission to uninstall and/or remove apps from the archive (using a private API) | Show sources |
Source: | Embedded entitlements.plist: |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides its icon from the SpringBoard | Show sources |
Source: | Info.plist: |
Malware Analysis System Evasion: |
---|
Attempts to read the proc_native sysctl variable (probably to check if the app is being emulated) | Show sources |
Source: | Sysctl read request: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Has the ability to bypass Apple's code review procedure (when using an enterprise certificate for in-house distribution) | Show sources |
Source: | Embedded.mobileprovision: |
Language, Device and Operating System Detection: |
---|
Contains functionality to determine if device is jailbroken | Show sources |
Source: | Static ARM disassembly, keywords found: | f_100007f10 |
Source: | Static ARM disassembly, keywords found: | f_100007350 | |
Source: | Static ARM disassembly, keywords found: | f_100007f10 |
Source: | Static ARM disassembly, keywords found: | f_100007f10 |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Sends email addresses over the network | Show sources |
Source: | HTTPS: |
Sends potentially phone numbers over the network | Show sources |
Source: | HTTPS: |
Source: | CCCrypt: | Jump to behavior |
Source: | CCCrypt: | Jump to behavior |
Source: | NSContactsUsageDescription: |
Source: | NSPhotoLibraryUsageDescription: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Application Discovery1 | OS Credential Dumping | Application Discovery1 | Remote Services | Access Contact List3 | Data Encrypted3 | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Evade Analysis Environment1 | LSASS Memory | System Information Discovery13 | Remote Desktop Protocol | Capture Audio1 | Standard Application Layer Protocol2 | Standard Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Evade Analysis Environment1 | SMB/Windows Admin Shares | Data from Local System1 | Automated Exfiltration | Ingress Tool Transfer2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Capture Camera1 | Scheduled Transfer | Non-Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol4 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.example.com | 93.184.216.34 | true | false | high | |
api.apple-cloudkit.fe.apple-dns.net | 17.248.145.147 | true | false | unknown | |
api.apple-cloudkit.com | unknown | unknown | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
93.184.216.34 | www.example.com | European Union | 15133 | EDGECASTUS | false | |
17.248.145.147 | api.apple-cloudkit.fe.apple-dns.net | United States | 714 | APPLE-ENGINEERINGUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 129790 |
Start date: | 07.04.2021 |
Start time: | 10:09:52 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 2m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | mycontacts.ipa |
Cookbook file name: | defaultiosinteractivecookbook.jbs |
Analysis system description: | IPhone 7, iOS 13.3.1 |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal76.spyw.evad.iosIPA@0/0@2/2 |
Warnings: | Show All
|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.906113375135883 |
TrID: |
|
File name: | mycontacts.ipa |
File size: | 30873 |
MD5: | e0e7ea33957b0b0c30f13df4ec017937 |
SHA1: | 430d7f9c9865dac1f56b9bb5e9ea8700d83409fa |
SHA256: | ceeafc96b3bbd7a20749919a86b407863f9fedc83aaafa16e8d2b16c274dea8f |
SHA512: | ac0ac5124f9adbf118a30bef8b970574c2591c2c51373b39f0bdb82d182f1694bf34dcc7d20d0bda796b21fa5f848a4636b13b32afa6fdbb520f3d37462216c7 |
SSDEEP: | 768:+HY1OLSRIHhf/WHl0NohGxrhyKkA4XhAnOOZk:y7QIHhfVMONWCnO |
File Content Preview: | PK...........R................Payload/UT...d.l`..l`ux.............PK...........R................Payload/mycontacts.app/UT.....l`..l`ux.............PK...........R............&...Payload/mycontacts.app/_CodeSignature/UT.....l`..l`ux.............PK.......... |
Archive IPA |
---|
Archived Files |
---|
File Path | File Attributes | File Size |
mycontacts.app | D | 0 |
mycontacts.app/Base.lproj | D | 0 |
mycontacts.app/Base.lproj/LaunchScreen.storyboardc | D | 0 |
mycontacts.app/Base.lproj/LaunchScreen.storyboardc/01J-lp-oVM-view-Ze5-6b-2t3.nib | 1136 | |
mycontacts.app/Base.lproj/LaunchScreen.storyboardc/Info.plist | 258 | |
mycontacts.app/Base.lproj/LaunchScreen.storyboardc/UIViewController-01J-lp-oVM.nib | 832 | |
mycontacts.app/Base.lproj/Main.storyboardc | D | 0 |
mycontacts.app/Base.lproj/Main.storyboardc/BYZ-38-t0r-view-8bC-Xf-vdC.nib | 1136 | |
mycontacts.app/Base.lproj/Main.storyboardc/Info.plist | 258 | |
mycontacts.app/Base.lproj/Main.storyboardc/UIViewController-BYZ-38-t0r.nib | 916 | |
mycontacts.app/Info.plist | 1680 | |
mycontacts.app/PkgInfo | 8 | |
mycontacts.app/_CodeSignature | D | 0 |
mycontacts.app/_CodeSignature/CodeResources | 3895 | |
mycontacts.app/embedded.mobileprovision | 7840 | |
mycontacts.app/entitlements.plist | 765 | |
mycontacts.app/mycontacts | 98464 |
Extracted Files |
---|
Extracted File | |
File path: | mycontacts.app/Info.plist |
File size: | 1680 |
File type: | Apple binary property list |
|
Extracted File | |
File path: | mycontacts.app/embedded.mobileprovision |
File size: | 7840 |
File type: | data |
|
Extracted File | |
File path: | mycontacts.app/entitlements.plist |
File size: | 765 |
File type: | XML 1.0 document, ASCII text |
|
Extracted File | |
File path: | mycontacts.app/mycontacts |
File size: | 98464 |
File type: | Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE> |
Static Mach Info |
---|
General Information for header 1 | |
---|---|
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
segment_command_64 aggregated: 4 |
---|
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0xC000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0xC000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 9 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x10000C000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x4000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0xC000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x4000 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 14 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x100010000 |
vmsize | 0xC000 |
fileoff | 0x10000 |
filesize | 0x80A0 |
maxprot | 0x1 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
dyld_info_command aggregated: 1 |
---|
Name | Value |
---|---|
rebase_off | 65536 |
rebase_size | 440 |
bind_off | 65976 |
bind_size | 1216 |
weak_bind_off | 0 |
weak_bind_size | 0 |
lazy_bind_off | 67192 |
lazy_bind_size | 584 |
export_off | 67776 |
export_size | 32 |
symtab_command aggregated: 1 |
---|
Name | Value |
---|---|
symoff | 67864 |
nsyms | 283 |
stroff | 72616 |
strsize | 5884 |
dysymtab_command aggregated: 1 |
---|
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 223 |
iextdefsym | 223 |
nextdefsym | 1 |
iundefsym | 224 |
nundefsym | 59 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 72392 |
nindirectsyms | 56 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
dylinker_command aggregated: 1 |
---|
Name | Value |
---|---|
name | 12 |
Datas |
uuid_command aggregated: 1 |
---|
Name | Value |
---|---|
uuid | b'K^a\x8f\xaf\x175\xef\x85\xbd\x1094x\x84\x85' |
build_version_command aggregated: 1 |
---|
Name | Value |
---|---|
platform | 2 |
minos | 786944 |
sdk | 786944 |
ntools | 1 |
Datas |
source_version_command aggregated: 1 |
---|
Name | Value |
---|---|
version | 0 |
entry_point_command aggregated: 1 |
---|
Name | Value |
---|---|
entryoff | 36004 |
stacksize | 0 |
encryption_info_command_64 aggregated: 1 |
---|
Name | Value |
---|---|
cryptoff | 16384 |
cryptsize | 32768 |
cryptid | 0 |
pad | 0 |
dylib_command aggregated: 7 |
---|
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1570.15.0 |
compatibility_version | 300.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 228.0.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1252.250.1 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 2.0.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 0.0.0 |
compatibility_version | 0.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1570.15.0 |
compatibility_version | 150.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 61000.0.0 |
compatibility_version | 1.0.0 |
Datas |
rpath_command aggregated: 1 |
---|
Name | Value |
---|---|
path | 12 |
Datas |
linkedit_data_command aggregated: 3 |
---|
Name | Value |
---|---|
dataoff | 67808 |
datasize | 56 |
Name | Value |
---|---|
dataoff | 67864 |
datasize | 0 |
Name | Value |
---|---|
dataoff | 78512 |
datasize | 19952 |
Internal Symbols |
---|
-[AppDelegate .cxx_destruct] |
-[AppDelegate .cxx_destruct] |
-[AppDelegate application:didFinishLaunchingWithOptions:] |
-[AppDelegate application:didFinishLaunchingWithOptions:] |
-[AppDelegate applicationDidBecomeActive:] |
-[AppDelegate applicationDidBecomeActive:] |
-[AppDelegate applicationDidEnterBackground:] |
-[AppDelegate applicationDidEnterBackground:] |
-[AppDelegate applicationWillEnterForeground:] |
-[AppDelegate applicationWillEnterForeground:] |
-[AppDelegate applicationWillResignActive:] |
-[AppDelegate applicationWillResignActive:] |
-[AppDelegate applicationWillTerminate:] |
-[AppDelegate applicationWillTerminate:] |
-[AppDelegate phoneNumberArray] |
-[AppDelegate phoneNumberArray] |
-[AppDelegate setPhoneNumberArray:] |
-[AppDelegate setPhoneNumberArray:] |
-[AppDelegate setWindow:] |
-[AppDelegate setWindow:] |
-[AppDelegate window] |
-[AppDelegate window] |
-[ViewController .cxx_destruct] |
-[ViewController .cxx_destruct] |
-[ViewController doSimpleJailbreakChecks] |
-[ViewController doSimpleJailbreakChecks] |
-[ViewController encryptData:key:iv:data:] |
-[ViewController encryptData:key:iv:data:] |
-[ViewController getContacts] |
-[ViewController getContacts] |
-[ViewController myContacts] |
-[ViewController myContacts] |
-[ViewController myTableView] |
-[ViewController myTableView] |
-[ViewController sendContacts] |
-[ViewController sendContacts] |
-[ViewController setMyContacts:] |
-[ViewController setMyContacts:] |
-[ViewController setMyTableView:] |
-[ViewController setMyTableView:] |
-[ViewController tableView:cellForRowAtIndexPath:] |
-[ViewController tableView:cellForRowAtIndexPath:] |
-[ViewController tableView:didSelectRowAtIndexPath:] |
-[ViewController tableView:didSelectRowAtIndexPath:] |
-[ViewController tableView:heightForRowAtIndexPath:] |
-[ViewController tableView:heightForRowAtIndexPath:] |
-[ViewController tableView:numberOfRowsInSection:] |
-[ViewController tableView:numberOfRowsInSection:] |
-[ViewController tableView:titleForHeaderInSection:] |
-[ViewController tableView:titleForHeaderInSection:] |
-[ViewController viewDidLoad] |
-[ViewController viewDidLoad] |
/Users/jonny/Documents/secure/svn/trunk/src/ios/usermode/mycontacts/Build/Intermediates/mycontacts.build/Release-iphoneos/mycontacts.build/Objects-normal/arm64/AppDelegate.o |
/Users/jonny/Documents/secure/svn/trunk/src/ios/usermode/mycontacts/Build/Intermediates/mycontacts.build/Release-iphoneos/mycontacts.build/Objects-normal/arm64/ViewController.o |
/Users/jonny/Documents/secure/svn/trunk/src/ios/usermode/mycontacts/Build/Intermediates/mycontacts.build/Release-iphoneos/mycontacts.build/Objects-normal/arm64/main.o |
/Users/jonny/Documents/secure/svn/trunk/src/ios/usermode/mycontacts/mycontacts/ |
/Users/jonny/Documents/secure/svn/trunk/src/ios/usermode/mycontacts/mycontacts/ |
/Users/jonny/Documents/secure/svn/trunk/src/ios/usermode/mycontacts/mycontacts/ |
AppDelegate.m |
ViewController.m |
_CCCrypt |
_CNContactEmailAddressesKey |
_CNContactFamilyNameKey |
_CNContactGivenNameKey |
_CNContactPhoneNumbersKey |
_CNLabelPhoneNumberMobile |
_NSLog |
_NSStringFromClass |
_OBJC_CLASS_$_AVAudioSession |
_OBJC_CLASS_$_AppDelegate |
_OBJC_CLASS_$_AppDelegate |
_OBJC_CLASS_$_CNContactFetchRequest |
_OBJC_CLASS_$_CNContactStore |
_OBJC_CLASS_$_NSArray |
_OBJC_CLASS_$_NSData |
_OBJC_CLASS_$_NSFileManager |
_OBJC_CLASS_$_NSJSONSerialization |
_OBJC_CLASS_$_NSMutableArray |
_OBJC_CLASS_$_NSMutableDictionary |
_OBJC_CLASS_$_NSMutableURLRequest |
_OBJC_CLASS_$_NSString |
_OBJC_CLASS_$_NSURL |
_OBJC_CLASS_$_NSURLConnection |
_OBJC_CLASS_$_UIAlertView |
_OBJC_CLASS_$_UIApplication |
_OBJC_CLASS_$_UIColor |
_OBJC_CLASS_$_UIResponder |
_OBJC_CLASS_$_UITableView |
_OBJC_CLASS_$_UITableViewCell |
_OBJC_CLASS_$_UIView |
_OBJC_CLASS_$_UIViewController |
_OBJC_CLASS_$_ViewController |
_OBJC_CLASS_$_ViewController |
_OBJC_IVAR_$_AppDelegate._phoneNumberArray |
_OBJC_IVAR_$_AppDelegate._phoneNumberArray |
_OBJC_IVAR_$_AppDelegate._window |
_OBJC_IVAR_$_AppDelegate._window |
_OBJC_IVAR_$_ViewController._myContacts |
_OBJC_IVAR_$_ViewController._myContacts |
_OBJC_IVAR_$_ViewController._myTableView |
_OBJC_IVAR_$_ViewController._myTableView |
_OBJC_METACLASS_$_AppDelegate |
_OBJC_METACLASS_$_AppDelegate |
_OBJC_METACLASS_$_NSObject |
_OBJC_METACLASS_$_UIResponder |
_OBJC_METACLASS_$_UIViewController |
_OBJC_METACLASS_$_ViewController |
_OBJC_METACLASS_$_ViewController |
_UIApplicationMain |
__NSConcreteGlobalBlock |
__NSConcreteStackBlock |
___29-[ViewController getContacts]_block_invoke |
___29-[ViewController getContacts]_block_invoke |
___29-[ViewController getContacts]_block_invoke.136 |
___29-[ViewController getContacts]_block_invoke.136 |
___29-[ViewController getContacts]_block_invoke_2 |
___29-[ViewController getContacts]_block_invoke_2 |
___29-[ViewController viewDidLoad]_block_invoke |
___29-[ViewController viewDidLoad]_block_invoke |
___52-[ViewController tableView:didSelectRowAtIndexPath:]_block_invoke |
___52-[ViewController tableView:didSelectRowAtIndexPath:]_block_invoke |
___CFConstantStringClassReference |
___block_descriptor_32_e8_v12@?0B8l |
___block_descriptor_32_e8_v12@?0B8l |
___block_descriptor_40_e8_32s_e23_v24@?0@"CNContact"8^B16l |
___block_descriptor_40_e8_32s_e23_v24@?0@"CNContact"8^B16l |
___block_descriptor_40_e8_32s_e5_v8@?0l |
___block_descriptor_40_e8_32s_e5_v8@?0l |
___block_descriptor_48_e8_32s40s_e20_v20@?0B8@"NSError"12l |
___block_descriptor_48_e8_32s40s_e20_v20@?0B8@"NSError"12l |
___block_literal_global |
___block_literal_global |
___copy_helper_block_e8_32s |
___copy_helper_block_e8_32s |
___copy_helper_block_e8_32s40s |
___copy_helper_block_e8_32s40s |
___destroy_helper_block_e8_32s |
___destroy_helper_block_e8_32s |
___destroy_helper_block_e8_32s40s |
___destroy_helper_block_e8_32s40s |
___stack_chk_fail |
___stack_chk_guard |
__dispatch_main_q |
__mh_execute_header |
__objc_empty_cache |
_checkEmulator |
_checkEmulator |
_dispatch_async |
_free |
_main |
_main |
_malloc |
_objc_autorelease |
_objc_autoreleasePoolPop |
_objc_autoreleasePoolPush |
_objc_autoreleaseReturnValue |
_objc_enumerationMutation |
_objc_getProperty |
_objc_msgSend |
_objc_msgSendSuper2 |
_objc_release |
_objc_retain |
_objc_retainAutorelease |
_objc_retainAutoreleasedReturnValue |
_objc_setProperty_atomic |
_objc_storeStrong |
_sysctlbyname |
dyld_stub_binder |
main.m |
External symbols |
---|
_CCCrypt |
_NSLog |
_NSStringFromClass |
_UIApplicationMain |
___stack_chk_fail |
_dispatch_async |
_free |
_malloc |
_objc_autorelease |
_objc_autoreleasePoolPop |
_objc_autoreleasePoolPush |
_objc_autoreleaseReturnValue |
_objc_enumerationMutation |
_objc_getProperty |
_objc_msgSend |
_objc_msgSendSuper2 |
_objc_release |
_objc_retain |
_objc_retainAutorelease |
_objc_retainAutoreleasedReturnValue |
_objc_setProperty_atomic |
_objc_storeStrong |
_sysctlbyname |
Extracted File | |
File path: | mycontacts.app/Base.lproj/LaunchScreen.storyboardc/Info.plist |
File size: | 258 |
File type: | Apple binary property list |
|
Extracted File | |
File path: | mycontacts.app/Base.lproj/Main.storyboardc/Info.plist |
File size: | 258 |
File type: | Apple binary property list |
|
Extracted File | |
File path: | mycontacts.app/_CodeSignature/CodeResources |
File size: | 3895 |
File type: | XML 1.0 document, ASCII text |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 10:10:39.520167112 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.521358013 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.523772001 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.523776054 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.524985075 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.839765072 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.840943098 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.842883110 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.846473932 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.851003885 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.851260900 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.851262093 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.851780891 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.851783037 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.852880001 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.857106924 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.857249975 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.857460022 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.857620001 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:39.859023094 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.859275103 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:39.859508991 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:40.080440998 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:40.080533981 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:40.081744909 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:40.081880093 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:40.086083889 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:40.086564064 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:40.088212013 CEST | 443 | 60916 | 93.184.216.34 | 192.168.0.70 |
Apr 7, 2021 10:10:40.088349104 CEST | 60916 | 443 | 192.168.0.70 | 93.184.216.34 |
Apr 7, 2021 10:10:56.592191935 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.593377113 CEST | 443 | 60917 | 17.248.145.147 | 192.168.0.70 |
Apr 7, 2021 10:10:56.595767975 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.595772028 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.597008944 CEST | 443 | 60917 | 17.248.145.147 | 192.168.0.70 |
Apr 7, 2021 10:10:56.634155035 CEST | 443 | 60917 | 17.248.145.147 | 192.168.0.70 |
Apr 7, 2021 10:10:56.634244919 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.634964943 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.637451887 CEST | 443 | 60917 | 17.248.145.147 | 192.168.0.70 |
Apr 7, 2021 10:10:56.638135910 CEST | 443 | 60917 | 17.248.145.147 | 192.168.0.70 |
Apr 7, 2021 10:10:56.638138056 CEST | 443 | 60917 | 17.248.145.147 | 192.168.0.70 |
Apr 7, 2021 10:10:56.638258934 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.638261080 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.651468039 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
Apr 7, 2021 10:10:56.652729988 CEST | 443 | 60917 | 17.248.145.147 | 192.168.0.70 |
Apr 7, 2021 10:10:56.653341055 CEST | 60917 | 443 | 192.168.0.70 | 17.248.145.147 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 10:10:18.485677958 CEST | 138 | 138 | 192.168.0.40 | 192.168.0.255 |
Apr 7, 2021 10:10:39.508702040 CEST | 54272 | 53 | 192.168.0.70 | 1.1.1.1 |
Apr 7, 2021 10:10:39.516366005 CEST | 53 | 54272 | 1.1.1.1 | 192.168.0.70 |
Apr 7, 2021 10:10:56.574065924 CEST | 53131 | 53 | 192.168.0.70 | 1.1.1.1 |
Apr 7, 2021 10:10:56.586472988 CEST | 53 | 53131 | 1.1.1.1 | 192.168.0.70 |
Apr 7, 2021 10:11:28.037460089 CEST | 63459 | 53 | 192.168.0.70 | 1.1.1.1 |
Apr 7, 2021 10:11:28.046732903 CEST | 53 | 63459 | 1.1.1.1 | 192.168.0.70 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 7, 2021 10:10:39.508702040 CEST | 192.168.0.70 | 1.1.1.1 | 0x81f9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:10:56.574065924 CEST | 192.168.0.70 | 1.1.1.1 | 0xc8f3 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 7, 2021 10:10:39.516366005 CEST | 1.1.1.1 | 192.168.0.70 | 0x81f9 | No error (0) | 93.184.216.34 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | api.apple-cloudkit.fe.apple-dns.net | CNAME (Canonical name) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.147 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.236 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.76 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.237 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.238 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.112 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.140 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:10:56.586472988 CEST | 1.1.1.1 | 192.168.0.70 | 0xc8f3 | No error (0) | 17.248.145.232 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.0.70 | 60916 | 93.184.216.34 | 443 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-04-07 08:10:39 UTC | 0 | OUT | |
2021-04-07 08:10:39 UTC | 0 | OUT | |
2021-04-07 08:10:40 UTC | 1 | IN | |
2021-04-07 08:10:40 UTC | 1 | IN |
System Behavior |
---|
General |
---|
Start time: | 10:10:19 |
Start date: | 07/04/2021 |
Path: | /var/containers/Bundle/Application/751CF237-924A-4008-9E3F-C6A00D516E2D/mycontacts.app/mycontacts |
File size: | 98464 bytes |
MD5 hash: | c486b4884915af4e27df995b133ed3b9 |
37 Functions |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|
Address | Data | Annotations |
---|