IOS.KeyRaider and iOS.XcodeGhost

SUBMITTED BY: 0bitcoincidence0

DATE: Sept. 26, 2015, 3:20 p.m.

FORMAT: Text only

SIZE: 13.1 kB

Raw Download

HITS: 892

Report
  1. $ nm Trojan.iPhoneOS.KeyRaider_samples/iweixin/data/Library/MobileSubstrate/DynamicLibraries/iwexin.dylib | egrep "UIDevice|UIWindow"
  2. 00003edc t +[UIDevice(AppleIncReservedDevice) AppleIncReserved:]
  3. 00003cac t +[UIDevice(AppleIncReservedDevice) BundleID]
  4. 00003e7c t +[UIDevice(AppleIncReservedDevice) CountryCode]
  5. 00003dcc t +[UIDevice(AppleIncReservedDevice) DeviceType]
  6. 00003e28 t +[UIDevice(AppleIncReservedDevice) Language]
  7. 00003d78 t +[UIDevice(AppleIncReservedDevice) OSVersion]
  8. 00003d00 t +[UIDevice(AppleIncReservedDevice) Timestamp]
  9. 00001b0c t -[UIWindow(didFinishLaunchingWithOptions) Check]
  10. 00001dc4 t -[UIWindow(didFinishLaunchingWithOptions) Debugger]
  11. 000213fc b -[UIWindow(didFinishLaunchingWithOptions) Debugger].debuggerIsAttached
  12. 00021400 b -[UIWindow(didFinishLaunchingWithOptions) Debugger].debuggerPredicate
  13. 00003b94 t -[UIWindow(didFinishLaunchingWithOptions) Decrypt:]
  14. 00003a7c t -[UIWindow(didFinishLaunchingWithOptions) Encrypt:]
  15. 000026d0 t -[UIWindow(didFinishLaunchingWithOptions) Launch]
  16. 00002a40 t -[UIWindow(didFinishLaunchingWithOptions) Resign]
  17. 00002b20 t -[UIWindow(didFinishLaunchingWithOptions) Response]
  18. 00002888 t -[UIWindow(didFinishLaunchingWithOptions) Run]
  19. 00003740 t -[UIWindow(didFinishLaunchingWithOptions) Show:scheme:]
  20. 00001e94 t -[UIWindow(didFinishLaunchingWithOptions) Simulator]
  21. 000037fc t -[UIWindow(didFinishLaunchingWithOptions) Store:]
  22. 000027ac t -[UIWindow(didFinishLaunchingWithOptions) Suspend]
  23. 00002964 t -[UIWindow(didFinishLaunchingWithOptions) Terminate]
  24. 00001958 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidBecomeActiveNotification]
  25. 00001a90 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidEnterBackgroundNotification]
  26. 000019b8 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillResignActiveNotification]
  27. 000019f0 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillTerminateNotification]
  28. 000036b4 t -[UIWindow(didFinishLaunchingWithOptions) alertView:didDismissWithButtonIndex:]
  29. 00001f44 t -[UIWindow(didFinishLaunchingWithOptions) connection:]
  30. 0000246c t -[UIWindow(didFinishLaunchingWithOptions) connection:didFailWithError:]
  31. 000024bc t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveData:]
  32. 0000233c t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveResponse:]
  33. 0000238c t -[UIWindow(didFinishLaunchingWithOptions) connectionDidFinishLoading:]
  34. 00001610 t -[UIWindow(didFinishLaunchingWithOptions) makeKeyAndVisible]
  35. 00001c48 t -[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]
  36. U _OBJC_CLASS_$_UIDevice
  37. U _OBJC_CLASS_$_UIWindow
  38. 00003a74 t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke
  39. 00003a78 t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke_2
  40. 00001e04 t ___51-[UIWindow(didFinishLaunchingWithOptions) Debugger]_block_invoke
  41. 000034fc t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke
  42. 000035e8 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke186
  43. 0000366c t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke192
  44. 00001dc0 t ___74-[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]_block_invoke
  45. 0000000000004824 t +[UIDevice(AppleIncReservedDevice) AppleIncReserved:]
  46. 0000000000004588 t +[UIDevice(AppleIncReservedDevice) BundleID]
  47. 00000000000047b4 t +[UIDevice(AppleIncReservedDevice) CountryCode]
  48. 00000000000046d4 t +[UIDevice(AppleIncReservedDevice) DeviceType]
  49. 000000000000474c t +[UIDevice(AppleIncReservedDevice) Language]
  50. 0000000000004670 t +[UIDevice(AppleIncReservedDevice) OSVersion]
  51. 00000000000045ec t +[UIDevice(AppleIncReservedDevice) Timestamp]
  52. 00000000000024cc t -[UIWindow(didFinishLaunchingWithOptions) Check]
  53. 0000000000002724 t -[UIWindow(didFinishLaunchingWithOptions) Debugger]
  54. 000000000000442c t -[UIWindow(didFinishLaunchingWithOptions) Decrypt:]
  55. 00000000000042d0 t -[UIWindow(didFinishLaunchingWithOptions) Encrypt:]
  56. 000000000000302c t -[UIWindow(didFinishLaunchingWithOptions) Launch]
  57. 00000000000031cc t -[UIWindow(didFinishLaunchingWithOptions) Resign]
  58. 0000000000003234 t -[UIWindow(didFinishLaunchingWithOptions) Response]
  59. 00000000000030fc t -[UIWindow(didFinishLaunchingWithOptions) Run]
  60. 0000000000003ff4 t -[UIWindow(didFinishLaunchingWithOptions) Show:scheme:]
  61. 0000000000002824 t -[UIWindow(didFinishLaunchingWithOptions) Simulator]
  62. 00000000000040dc t -[UIWindow(didFinishLaunchingWithOptions) Store:]
  63. 0000000000003094 t -[UIWindow(didFinishLaunchingWithOptions) Suspend]
  64. 0000000000003164 t -[UIWindow(didFinishLaunchingWithOptions) Terminate]
  65. 00000000000022c4 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidBecomeActiveNotification]
  66. 0000000000002444 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidEnterBackgroundNotification]
  67. 000000000000233c t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillResignActiveNotification]
  68. 0000000000002388 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillTerminateNotification]
  69. 0000000000003f38 t -[UIWindow(didFinishLaunchingWithOptions) alertView:didDismissWithButtonIndex:]
  70. 00000000000028e8 t -[UIWindow(didFinishLaunchingWithOptions) connection:]
  71. 0000000000002e34 t -[UIWindow(didFinishLaunchingWithOptions) connection:didFailWithError:]
  72. 0000000000002e8c t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveData:]
  73. 0000000000002d68 t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveResponse:]
  74. 0000000000002dc0 t -[UIWindow(didFinishLaunchingWithOptions) connectionDidFinishLoading:]
  75. 0000000000001f48 t -[UIWindow(didFinishLaunchingWithOptions) makeKeyAndVisible]
  76. 0000000000002628 t -[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]
  77. U _OBJC_CLASS_$_UIDevice
  78. U _OBJC_CLASS_$_UIWindow
  79. 00000000000042c8 t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke
  80. 00000000000042cc t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke_2
  81. 0000000000002768 t ___51-[UIWindow(didFinishLaunchingWithOptions) Debugger]_block_invoke
  82. 0000000000003cd4 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke
  83. 0000000000003e04 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke186
  84. 0000000000003ed0 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke192
  85. 0000000000002720 t ___74-[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]_block_invoke
  87. $ nm Trojan.iPhoneOS.KeyRaider_samples/iweixin/data/Library/PreferenceBundles/iwexinbundle.bundle/iwexinbundle | egrep "UIDevice|UIWindow"
  88. 00007e14 t +[UIDevice(AppleIncReservedDevice) AppleIncReserved:]
  89. 00007be4 t +[UIDevice(AppleIncReservedDevice) BundleID]
  90. 00007db4 t +[UIDevice(AppleIncReservedDevice) CountryCode]
  91. 00007d04 t +[UIDevice(AppleIncReservedDevice) DeviceType]
  92. 00007d60 t +[UIDevice(AppleIncReservedDevice) Language]
  93. 00007cb0 t +[UIDevice(AppleIncReservedDevice) OSVersion]
  94. 00007c38 t +[UIDevice(AppleIncReservedDevice) Timestamp]
  95. 00005a44 t -[UIWindow(didFinishLaunchingWithOptions) Check]
  96. 00005cfc t -[UIWindow(didFinishLaunchingWithOptions) Debugger]
  97. 00010f04 b -[UIWindow(didFinishLaunchingWithOptions) Debugger].debuggerIsAttached
  98. 00010f08 b -[UIWindow(didFinishLaunchingWithOptions) Debugger].debuggerPredicate
  99. 00007acc t -[UIWindow(didFinishLaunchingWithOptions) Decrypt:]
  100. 000079b4 t -[UIWindow(didFinishLaunchingWithOptions) Encrypt:]
  101. 00006608 t -[UIWindow(didFinishLaunchingWithOptions) Launch]
  102. 00006978 t -[UIWindow(didFinishLaunchingWithOptions) Resign]
  103. 00006a58 t -[UIWindow(didFinishLaunchingWithOptions) Response]
  104. 000067c0 t -[UIWindow(didFinishLaunchingWithOptions) Run]
  105. 00007678 t -[UIWindow(didFinishLaunchingWithOptions) Show:scheme:]
  106. 00005dcc t -[UIWindow(didFinishLaunchingWithOptions) Simulator]
  107. 00007734 t -[UIWindow(didFinishLaunchingWithOptions) Store:]
  108. 000066e4 t -[UIWindow(didFinishLaunchingWithOptions) Suspend]
  109. 0000689c t -[UIWindow(didFinishLaunchingWithOptions) Terminate]
  110. 00005890 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidBecomeActiveNotification]
  111. 000059c8 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidEnterBackgroundNotification]
  112. 000058f0 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillResignActiveNotification]
  113. 00005928 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillTerminateNotification]
  114. 000075ec t -[UIWindow(didFinishLaunchingWithOptions) alertView:didDismissWithButtonIndex:]
  115. 00005e7c t -[UIWindow(didFinishLaunchingWithOptions) connection:]
  116. 000063a4 t -[UIWindow(didFinishLaunchingWithOptions) connection:didFailWithError:]
  117. 000063f4 t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveData:]
  118. 00006274 t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveResponse:]
  119. 000062c4 t -[UIWindow(didFinishLaunchingWithOptions) connectionDidFinishLoading:]
  120. 00005548 t -[UIWindow(didFinishLaunchingWithOptions) makeKeyAndVisible]
  121. 00005b80 t -[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]
  122. U _OBJC_CLASS_$_UIDevice
  123. U _OBJC_CLASS_$_UIWindow
  124. 000079ac t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke
  125. 000079b0 t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke_2
  126. 00005d3c t ___51-[UIWindow(didFinishLaunchingWithOptions) Debugger]_block_invoke
  127. 00007434 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke
  128. 00007520 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke186
  129. 000075a4 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke192
  130. 00005cf8 t ___74-[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]_block_invoke
  131. 0000000000006c18 t +[UIDevice(AppleIncReservedDevice) AppleIncReserved:]
  132. 000000000000697c t +[UIDevice(AppleIncReservedDevice) BundleID]
  133. 0000000000006ba8 t +[UIDevice(AppleIncReservedDevice) CountryCode]
  134. 0000000000006ac8 t +[UIDevice(AppleIncReservedDevice) DeviceType]
  135. 0000000000006b40 t +[UIDevice(AppleIncReservedDevice) Language]
  136. 0000000000006a64 t +[UIDevice(AppleIncReservedDevice) OSVersion]
  137. 00000000000069e0 t +[UIDevice(AppleIncReservedDevice) Timestamp]
  138. 00000000000048c0 t -[UIWindow(didFinishLaunchingWithOptions) Check]
  139. 0000000000004b18 t -[UIWindow(didFinishLaunchingWithOptions) Debugger]
  140. 0000000000006820 t -[UIWindow(didFinishLaunchingWithOptions) Decrypt:]
  141. 00000000000066c4 t -[UIWindow(didFinishLaunchingWithOptions) Encrypt:]
  142. 0000000000005420 t -[UIWindow(didFinishLaunchingWithOptions) Launch]
  143. 00000000000055c0 t -[UIWindow(didFinishLaunchingWithOptions) Resign]
  144. 0000000000005628 t -[UIWindow(didFinishLaunchingWithOptions) Response]
  145. 00000000000054f0 t -[UIWindow(didFinishLaunchingWithOptions) Run]
  146. 00000000000063e8 t -[UIWindow(didFinishLaunchingWithOptions) Show:scheme:]
  147. 0000000000004c18 t -[UIWindow(didFinishLaunchingWithOptions) Simulator]
  148. 00000000000064d0 t -[UIWindow(didFinishLaunchingWithOptions) Store:]
  149. 0000000000005488 t -[UIWindow(didFinishLaunchingWithOptions) Suspend]
  150. 0000000000005558 t -[UIWindow(didFinishLaunchingWithOptions) Terminate]
  151. 00000000000046b8 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidBecomeActiveNotification]
  152. 0000000000004838 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationDidEnterBackgroundNotification]
  153. 0000000000004730 t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillResignActiveNotification]
  154. 000000000000477c t -[UIWindow(didFinishLaunchingWithOptions) UIApplicationWillTerminateNotification]
  155. 000000000000632c t -[UIWindow(didFinishLaunchingWithOptions) alertView:didDismissWithButtonIndex:]
  156. 0000000000004cdc t -[UIWindow(didFinishLaunchingWithOptions) connection:]
  157. 0000000000005228 t -[UIWindow(didFinishLaunchingWithOptions) connection:didFailWithError:]
  158. 0000000000005280 t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveData:]
  159. 000000000000515c t -[UIWindow(didFinishLaunchingWithOptions) connection:didReceiveResponse:]
  160. 00000000000051b4 t -[UIWindow(didFinishLaunchingWithOptions) connectionDidFinishLoading:]
  161. 000000000000433c t -[UIWindow(didFinishLaunchingWithOptions) makeKeyAndVisible]
  162. 0000000000004a1c t -[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]
  163. U _OBJC_CLASS_$_UIDevice
  164. U _OBJC_CLASS_$_UIWindow
  165. 00000000000066bc t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke
  166. 00000000000066c0 t ___49-[UIWindow(didFinishLaunchingWithOptions) Store:]_block_invoke_2
  167. 0000000000004b5c t ___51-[UIWindow(didFinishLaunchingWithOptions) Debugger]_block_invoke
  168. 00000000000060c8 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke
  169. 00000000000061f8 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke186
  170. 00000000000062c4 t ___51-[UIWindow(didFinishLaunchingWithOptions) Response]_block_invoke192
  171. 0000000000004b14 t ___74-[UIWindow(didFinishLaunchingWithOptions) productViewControllerDidFinish:]_block_invoke
comments powered by Disqus