Loading Joe Sandbox Report ...

Edit tour

macOS Analysis Report
softwareupdate

Overview

General Information

Sample Name:softwareupdate
Analysis ID:156493
MD5:9dc9d317a9b63599bbc1ceba6437226e
SHA1:ee0678e58868ebd6603cc2e06a134680d2012c1b
SHA256:f9ad42a9bd9ade188e997845cae1b0587bf496a35c3bffacd20fefe07860a348
Infos:

Detection

DazzleSpy
Score:64
Range:0 - 100
Whitelisted:false

Signatures

Yara detected DazzleSpy
Creates hidden Mach-O files
Writes Mach-O files to hidden directories
Executes hidden files
Contains functionality related to keyboard/mouse events
Contains symbols with suspicious Objective-C names likely related to file search capabilities
Contains symbols with suspicious names likely related to encryption
Contains symbols with suspicious names likely related to networking
Reads the systems hostname
Contains symbols with suspicious Objective-C names likely related to daemon installing capabilities
Detected TCP or UDP traffic on non-standard ports
Creates memory-persistent launch services
Explicitly loads/starts launch services
Contains symbols with suspicious Objective-C names likely related to remote desktop capabilities
Creates user-wide 'launchd' managed services aka launch agents
Creates 'launchd' managed services aka launch agents with bundle ID names to possibly disguise malicious intentions
Creates hidden files, links and/or directories
Executes commands using a shell command-line interpreter
Writes 64-bit Mach-O files to disk
Contains symbols with paths

Classification

Joe Sandbox Version:
Analysis ID:156493
Start date:26.01.2022
Start time:12:53:31
Joe Sandbox Product:Cloud
Overall analysis duration:0h 5m 22s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:softwareupdate
Cookbook file name:defaultmacfilecookbook.jbs
Analysis system description:Mac Mini, Mojave (Office 2016, Java JDK 11.0.4, Adobe Reader 2019.012.20034, Flash 32.0.0.223)
Run name:Potential for more IOCs and behavior
Analysis Mode:default
Detection:MAL
Classification:mal64.troj.spyw.evad.mac@0/3@0/0
  • Excluded domains from analysis (whitelisted): lb._dns-sd._udp.0.0.168.192.in-addr.arpa
Command:/Users/ben/Desktop/softwareupdate
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:
  • System is mac-mojave
  • softwareupdate (MD5: 9dc9d317a9b63599bbc1ceba6437226e) Arguments: /Users/ben/Desktop/softwareupdate
    • bash New Fork (PID: 949, Parent: 947)
    • launchctl (MD5: 3e04cf4fe184467aa2dbf4e4d5c72f3d) Arguments: launchctl load /var/root/Library/LaunchAgents/com.apple.softwareupdate.plist
  • softwareupdate (MD5: 9dc9d317a9b63599bbc1ceba6437226e) Arguments: /var/root/.local/softwareupdate 1
  • cleanup
SourceRuleDescriptionAuthorStrings
softwareupdateJoeSecurity_DazzleSpyYara detected DazzleSpyJoe Security
    SourceRuleDescriptionAuthorStrings
    /private/var/root/.local/.dat.nosync03b3.g06wVmJoeSecurity_DazzleSpyYara detected DazzleSpyJoe Security
      SourceRuleDescriptionAuthorStrings
      00000947.00000271.1.0000000101c9a000.0000000101cd0000.r--.sdmpJoeSecurity_DazzleSpyYara detected DazzleSpyJoe Security
        00000947.00000271.9.0000000101c9a000.0000000101cd0000.r--.sdmpJoeSecurity_DazzleSpyYara detected DazzleSpyJoe Security
          00000948.00000272.9.0000000101c9a000.0000000101cd0000.r--.sdmpJoeSecurity_DazzleSpyYara detected DazzleSpyJoe Security
            00000947.00000271.9.0000000101c22000.0000000101c8a000.r-x.sdmpJoeSecurity_DazzleSpyYara detected DazzleSpyJoe Security
              00000947.00000271.1.0000000101c22000.0000000101c8a000.r-x.sdmpJoeSecurity_DazzleSpyYara detected DazzleSpyJoe Security
                Click to see the 3 entries

                Click to jump to signature section

                Show All Signature Results
                Source: submission: softwareupdateMach-O symbol: +[MethodClass encryptForPlainText:]
                Source: submission: softwareupdateMach-O symbol: +[MethodClass decryptForEncryption:]
                Source: submission: softwareupdateMach-O symbol: +[MethodClass encryptForPlainText:]
                Source: submission: softwareupdateMach-O symbol: +[MethodClass decryptForEncryption:]
                Source: submission: softwareupdateMach-O symbol: _kVTCompressionPropertyKey_MaxKeyFrameIntervalDuration
                Source: submission: softwareupdateMach-O symbol: _kVTCompressionPropertyKey_MaxKeyFrameInterval
                Source: submission: softwareupdateMach-O symbol: _kSecAttrCanEncrypt
                Source: submission: softwareupdateMach-O symbol: _kSecAttrCanDecrypt
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: +[MethodClass encryptForPlainText:]
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: +[MethodClass decryptForEncryption:]
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: +[MethodClass encryptForPlainText:]
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: +[MethodClass decryptForEncryption:]
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: _kVTCompressionPropertyKey_MaxKeyFrameIntervalDuration
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: _kVTCompressionPropertyKey_MaxKeyFrameInterval
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: _kSecAttrCanEncrypt
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: _kSecAttrCanDecrypt
                Source: global trafficTCP traffic: 192.168.0.51:49668 -> 88.218.192.128:5633
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: unknownTCP traffic detected without corresponding DNS query: 88.218.192.128
                Source: softwareupdate, 00000947.00000271.1.000000010acd1000.000000010acf8000.r--.sdmp, softwareupdate, 00000948.00000272.9.000000010acd1000.000000010acf8000.r--.sdmpString found in binary or memory: http://crl.apple.com/codesigning.crl0
                Source: softwareupdate, 00000947.00000271.1.000000010acd1000.000000010acf8000.r--.sdmp, softwareupdate, 00000948.00000272.9.000000010acd1000.000000010acf8000.r--.sdmp, com.apple.softwareupdate.plist.271.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
                Source: softwareupdate, 00000947.00000271.1.000000010acd1000.000000010acf8000.r--.sdmp, softwareupdate, 00000948.00000272.9.000000010acd1000.000000010acf8000.r--.sdmpString found in binary or memory: http://www.apple.com/appleca/root.crl0
                Source: softwareupdate, 00000947.00000271.1.000000010acd1000.000000010acf8000.r--.sdmp, softwareupdate, 00000948.00000272.9.000000010acd1000.000000010acf8000.r--.sdmpString found in binary or memory: http://www.apple.com/certificateauthority0
                Source: softwareupdate, 00000947.00000271.1.000000010acd1000.000000010acf8000.r--.sdmp, softwareupdate, 00000948.00000272.9.000000010acd1000.000000010acf8000.r--.sdmpString found in binary or memory: https://www.apple.com/appleca/0

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Source: submission: softwareupdateMach-O symbol: _CGEventCreateMouseEvent
                Source: submission: softwareupdateMach-O symbol: _CGEventCreateMouseEvent
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: _CGEventCreateMouseEvent
                Source: dropped file: .dat.nosync03b3.g06wVm.271.drMach-O symbol: _CGEventCreateMouseEvent
                Source: classification engineClassification label: mal64.troj.spyw.evad.mac@0/3@0/0
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.writePointer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.readPointer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.writePointer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.preBufferSize
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.readPointer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.preBuffer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.preBufferSize
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.writeTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocketPreBuffer.preBuffer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.writeTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.writeSource
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.writeSource
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.writeQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.writeQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.userData
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.userData
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.stateIndex
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.stateIndex
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslWriteCachedLength
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslPreBuffer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslWriteCachedLength
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslErrCode
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslPreBuffer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslContext
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslErrCode
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketUrl
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.sslContext
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketUN
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketUrl
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketUN
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketFDBytesAvailable
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socketFDBytesAvailable
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socket6FD
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socket6FD
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socket4FD
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.socket4FD
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.readTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.readSource
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.readTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.readQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.readSource
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.preBuffer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.readQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.lastSSLHandshakeError
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.preBuffer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.flags
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.lastSSLHandshakeError
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.flags
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.delegateQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.delegateQueue
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.delegate
                Source: submission: softwareupdateMach-O symbol: _connect
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.delegate
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.currentWrite
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.currentWrite
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.currentRead
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.currentRead
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectInterfaceUN
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectInterface6
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectInterfaceUN
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectInterface4
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectInterface6
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.config
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.connectInterface4
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.alternateAddressDelay
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.config
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.alternateAddressDelay
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.acceptUNSource
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.acceptUNSource
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.accept6Source
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.accept6Source
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.accept4Source
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.accept4Source
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.IsOnSocketQueueOrTargetQueueKey
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_GCDAsyncSocket.IsOnSocketQueueOrTargetQueueKey
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_FileSearchClassObject._writeSocketDataBlock
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_FileSearchClassObject._writeSocketDataBlock
                Source: submission: softwareupdateMach-O symbol: __OBJC_LABEL_PROTOCOL_$_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: __OBJC_LABEL_PROTOCOL_$_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton.root_port
                Source: submission: softwareupdateMach-O symbol: __OBJC_CLASS_RO_$_GCDAsyncSocketPreBuffer
                Source: submission: softwareupdateMach-O symbol: __OBJC_CLASS_RO_$_GCDAsyncSocketPreBuffer
                Source: submission: softwareupdateMach-O symbol: __OBJC_CLASS_RO_$_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_CLASS_RO_$_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROTOCOL_REFS_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROTOCOL_REFS_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROTOCOL_METHOD_TYPES_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROTOCOL_METHOD_TYPES_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROTOCOL_INSTANCE_METHODS_OPT_GCDAsyncSocketDelegate
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton.root_port
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socketReadData
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socketPort
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socketReadData
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socketHost
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socketPort
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socket
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socketHost
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._socket
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._isDisconnected
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._isDisconnected
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._connectTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_Singleton._connectTimer
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_RemoteDesktopClassObject.connectionVideo
                Source: submission: softwareupdateMach-O symbol: _OBJC_IVAR_$_RemoteDesktopClassObject.connectionVideo
                Source: submission: softwareupdateMach-O symbol: _kSecAttrServer
                Source: submission: softwareupdateMach-O symbol: _kIOMasterPortDefault
                Source: submission: softwareupdateMach-O symbol: _kCFStreamSSLIsServer
                Source: submission: softwareupdateMach-O symbol: _inet_ntoa
                Source: submission: softwareupdateMach-O symbol: _inet_addr
                Source: submission: softwareupdateMach-O symbol: _getsockname
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROP_LIST_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_PROP_LIST_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_VARIABLES_GCDAsyncSocketPreBuffer
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_VARIABLES_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_VARIABLES_GCDAsyncSocketPreBuffer
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_VARIABLES_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: ___45-[GCDAsyncSocket connectWithAddressUN:error:]_block_invoke_3
                Source: submission: softwareupdateMach-O symbol: ___45-[GCDAsyncSocket setupWriteTimerWithTimeout:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___45-[GCDAsyncSocket connectWithAddressUN:error:]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___45-[GCDAsyncSocket connectWithAddressUN:error:]_block_invoke_3
                Source: submission: softwareupdateMach-O symbol: ___45-[GCDAsyncSocket connectWithAddressUN:error:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___45-[GCDAsyncSocket connectWithAddressUN:error:]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket writeData:withTimeout:tag:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___45-[GCDAsyncSocket connectWithAddressUN:error:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket setupReadTimerWithTimeout:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket writeData:withTimeout:tag:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket setupReadTimerWithTimeout:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket setDelegate:synchronously:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket setDelegate:synchronously:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket getDelegate:delegateQueue:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___44-[GCDAsyncSocket getDelegate:delegateQueue:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___43-[GCDAsyncSocket setIPv4PreferredOverIPv6:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___43-[GCDAsyncSocket setIPv4PreferredOverIPv6:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___43-[GCDAsyncSocket setAlternateAddressDelay:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___43-[GCDAsyncSocket setAlternateAddressDelay:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke_3
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke_3
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke.640
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke.640
                Source: submission: softwareupdateMach-O symbol: ___41-[GCDAsyncSocket isIPv4PreferredOverIPv6]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___42-[GCDAsyncSocket ssl_continueSSLHandshake]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___41-[GCDAsyncSocket isIPv4PreferredOverIPv6]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___40-[GCDAsyncSocket disconnectAfterWriting]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___40-[GCDAsyncSocket disconnectAfterWriting]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___40-[GCDAsyncSocket disconnectAfterReading]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___40-[GCDAsyncSocket disconnectAfterReading]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___39-[GCDAsyncSocket alternateAddressDelay]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___39-[GCDAsyncSocket alternateAddressDelay]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___38-[GCDAsyncSocket startConnectTimeout:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___38-[GCDAsyncSocket completeCurrentWrite]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___38-[GCDAsyncSocket startConnectTimeout:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___37-[GCDAsyncSocket completeCurrentRead]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___38-[GCDAsyncSocket completeCurrentWrite]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___37-[GCDAsyncSocket completeCurrentRead]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke_3
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke_3
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke.226
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke.226
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___36-[GCDAsyncSocket acceptOnUrl:error:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___34-[GCDAsyncSocket connectedAddress]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___34-[GCDAsyncSocket connectedAddress]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke.676
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke.672
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke.676
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke.672
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke.586
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke.586
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[Singleton analysisData:Socket:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket setIPv6Enabled:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket setIPv6Enabled:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket setIPv4Enabled:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket setIPv4Enabled:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket flushSSLBuffers]_block_invoke
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_METHODS_GCDAsyncSocketPreBuffer
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_METHODS_GCDAsyncSocketPreBuffer
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_METHODS_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_INSTANCE_METHODS_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_CLASS_METHODS_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: __OBJC_$_CLASS_METHODS_GCDAsyncSocket
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket flushSSLBuffers]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket closeWithError:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___33-[GCDAsyncSocket closeWithError:]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___32-[GCDAsyncSocket isDisconnected]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___32-[GCDAsyncSocket isDisconnected]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___32-[GCDAsyncSocket doWriteTimeout]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___32-[GCDAsyncSocket doWriteTimeout]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___32-[GCDAsyncSocket doWriteTimeout]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___32-[GCDAsyncSocket doWriteTimeout]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket isIPv6Enabled]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket isIPv4Enabled]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket isIPv6Enabled]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket doReadTimeout]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket isIPv4Enabled]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket doReadTimeout]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket doReadTimeout]_block_invoke_2
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket delegateQueue]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket doReadTimeout]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket connectedPort]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket delegateQueue]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket connectedPort]_block_invoke
                Source: submission: softwareupdateMach-O symbol: ___31-[GCDAsyncSocket connecte