» redsn0w.exe
Overview
Analysis
File Details
Programs (6)
Downloads (42)

redsn0w.exe

Apple Inc.

This is a setup program which is used to install the application. This is installed with multiple programs including Apple Application Support (32-bit) and Apple Application Support. The file has been seen being downloaded from download1324.mediafire.com and multiple other hosts.

File name:

redsn0w.exe

Publisher:

Apple Inc. (signed and verified)

MD5:

cfc19371ed05b6d38ec45a737618da3c

SHA-1:

8374421c3e45f75b731176e1345ea71e4eb78d87

SHA-256:

064367859a46043cc921cf56c17370fe8f576b9ab6f79a0f3db6edbbd4311f10

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/4/2024 4:58:27 PM UTC (today)

File size:

131.2 MB (137,580,544 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\redsn0w_win_0.9.15b3\redsn0w.exe

Digital Signature

Signed by:

Apple Inc.

Authority:

Apple Inc.

Valid from:

4/25/2006 11:40:36 PM

Valid to:

2/9/2035 10:40:36 PM

Subject:

CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US

Issuer:

CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US

Serial number:

File PE Metadata

Compilation timestamp:

11/1/2012 1:31:10 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

393216:kS9Z2NmH2ldJWbhumrkfVoTNtVZ8XHpOV0Kxm+J6aUoNP7KHJ:rMgYJWdujWTNtL4wHmoLUopKHJ

Entry address:

0x1240

Entry point:

55, 89, E5, 83, EC, 14, 6A, 02, FF, 15, 48, 61, 76, 08, E8, BD, FE, FF, FF, 8D, B6, 00, 00, 00, 00, 8D, BC, 27, 00, 00, 00, 00, 55, 8B, 0D, F0, 61, 76, 08, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, A8, 61, 76, 08, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 08, A1, 40, 7A, 6B, 08, 85, C0, 74, 3B, 83, EC, 0C, 68, 00, 80, 6B, 08, E8, CC, 93, 27, 00, 89, C2, 83, C4, 0C, B8, 00, 00, 00, 00, 85, D2, 74, 0F, 50, 50, 68, 0D, 80, 6B, 08, 52, E8, C1, 93, 27, 00, 5A, 59, 85, C0, 74, 0D, 83, EC, 0C... 
[+]

Packer / compiler:

Dev-C++ v5

Code size:

3.4 MB (3,536,896 bytes)

The file redsn0w.exe has been discovered within the following programs.

Apple Application Support by Apple Inc.

Apple Application Support is required to run iTunes, QuickTime and other Apple installed products (do not remove this if you use any of these programs). If you remove this program you will need to reinstall it in order for iTunes to load.

www.apple.com

6% remove it

Apple Application Support (32 bits) by Apple Inc.

www.apple.com/fr

9% remove it

Apple Application Support (32-bit) by Apple Inc.

8% remove it

Apple Mobile Device Support by Apple Inc.

Apple Mobile Device Support is required and used for the synchronisation between an Apple mobile iOS devices (iPod, iPhone or iPad) and a PC through iTunes.

8% remove it

Apple Software Update by Apple Inc.

With a Windows PC, you can use Apple Software Update for Windows to keep your Apple software up-to-date via the Internet. Apple software includes Safari, iTunes for Windows, Bonjour for Windows, and QuickTime for Windows.

www.apple.com/softwareupdate

21% remove it

Compatibilidad con Aplicaciones de Apple by Apple Inc.

Publisher's description - “Unlike traditional screen reader, VoiceOver is built into the operating system, so you can use new applications directly accessible. No need to buy an upgrade for VoiceOver, install a fresh copy and add the application to a "white list".”

www.apple.com/es

12% remove it

The file redsn0w.exe has been seen being distributed by the following 42 URLs.

http://download1324.mediafire.com/lhp1t2kcqgpg/.../redsn0w.exe

http://download32.mediafire.com/25rj6xt9o7eg/.../redsn0w.exe

http://download2028.mediafire.com/x97luqti4vlg/.../redsn0w.exe

http://www.signtodayclean.com/oW_FTHqnaVNsrr4P7fu8zENjqGPzxUflUVpX6yGyzy08hBgg4QjEqHLiwz3TFuM1_8rNjusMTi9l_lWmSOhEPom9wsP0hE B5tQdPHiPsnh5MZ782Mg7IaIhK5PzcxJAavFyhe8yDw9NWFMhPR0xJwL6_HJm fHNQPCu2B74Rg8myxbGlx8Fery5dATHNAUtDoHKMJC -Ow==

http://www.townmetaupdate.com/zJj6dQw9QT66pxn7q5uGlHCGPoCO8PGErOYIWXJYE0TUjjkaG_mE453CvEbIiJ1QaH3jdS5PaPzyPF1BSF04hhmBlg7JFEzl2HMf0fealqGNL56HCS8U_kumEW3o5k EI1P_MqzIO3kCyXKaP8z7 xRvqnprp8_ZWofJT8s_a4TDdRS0WnMseKpZrk37l5GOlsBid3dR-Ow==

http://www.signtodayclean.com/0sQC1YIxzmBjExL7Himj6yoW9nn7JKZVZowBK3GSYXLPc9Fk SXeosoLr3Lpb2YnzK_8iWmAFNxjY6bDXqLiOEee6WKoien5vNPqyrWPJlpilZN1PfNmQXUNlb3a8jXnoPkpcD_tQcc1kuTeLOqge0Zr950ah5JcbqN_rC3KTwzdxz1AGAsWyvyjy0a7Sj8m4l_N8hYY-Ow==

https://docs.google.com/uc?export=download&confirm=hBGH&id=0B9_l6Hw-SqBeWTA0TGtTWnZCSFU

http://download1629.mediafire.com/n7w0g9xhdcdg/.../redsn0w.exe

http://www.signtodayclean.com/1rTqP74rFMUNXX2I4ime2dHV9TiVy9Hevj2_MrHGNWmoGJss1sxT1p5igdpj K8XyrbkJrZzn0vZxBjpQx8zCubGJn0MlZ2o O krE r1UGDfGU3iF3vKzHdz1ZU9784RE1fdvwXVpF GqBAUeLvwEo AMO2GICb4u25XLVRm04TF6MJvPUg8D2fWW89AVHkZg7BEzxHenEJwIpu3F2tzQYPF3R1gkF8QdE58CLJFLxUYJYg3AhXKYrrYE08xqVUyH6I0IUR5NS58jjvoNR3bHdp0Gu2j57M_tlz2ZEzrxjQH275M5u_393ZJ8P3 U5Fjc22jXOo7K5N3 2sgz33cHe2U6wHFNu54mr5ibqPKfftEEbRtZ8m8L2rPti1PWYh 863ZlDYmmjQ4cR4dOVc_RUNdFhM hPuNjdcZWJJQ3em_Xgio2DxxP_SMn1bClWp9OAtNOKRgF6e4JvuZslxySajWkGIK9AHaKPuMRYEeZXqFtje_0qp8p1gjDKGU22qLw6DQfTIfh_L3ZCo2Zzg7d hsVaV3J89XzIa MEjaI7Yxr0ZXrE1au1vprpMNYPA990HMcnjUDEo79TxP9agoVuJNSWVIDM7mJ1GE47_PtRO_AVF4cSGuydjr7RWxXsuQCGgyFEHea4TsWScDfS9Nl4 4Ivldj0Nh3kXKyZ46wZIw7bFc45ZpyT4X Rm9YQXzR9d8Ao2GZXArhsuwPm6fijeom5L6g==-Ow==-e

http://www.signtodayclean.com/u1AJGpyP1CKfPogdvciMpLWQvLxI25w0GMrcSqG M0JpmZ2vbv9 Wp0aPO01zVdu5v04bhcgEi0myzwhCdjiGIWiiNWAEtzvxgcFzJkPqCQVIvn4ep_HYC77KWhvQcBy02G4KSiZWMgX1eEWTODR8ZNqXbphXa3t lN5Sl4ItkufOpRju3t0B7 kQf0R7I3 z3N zHS-Ow==

http://www.signtodayclean.com/kwkBfY5DOT2Ls7LcB22lw9PyI6 6I3amZn5SHcE4IaBo_nVlLla6Y0G E8GtM6B3iWewJrIGJc195R4FpN2VZ3rZhsrFWDQhKlckTXNS6rE6y6SOfzd5ItEZrq49Szy2YBcLFVn6ksRSsB01KdD4PbU6Tzh 2OtcNUY Y6fVE_WdrgiFSsg1fM XXUSmDpMoUGztr7OZ-Ow==

http://download1124.mediafire.com/s86eh9b6xifg/.../redsn0w.exe

http://download1124.mediafire.com/wh4smj2ce6ng/.../redsn0w.exe

http://download2096.mediafire.com/8vk8dm3bxbpg/.../Redsn0w.exe

http://download1359.mediafire.com/w76kztj8w56g/.../redsn0w.exe

http://www.townmetaupdate.com/HQwvLNheRvuUFOXZFq4K0FyFaA0RJnBrgnW_piA9l5yShZcwjdD3jkeDCO2bzmf2gu4nzE_LO2EyfRyNNlm5cd9zfPH Ew9xhZQ3iMTBPrC8vMWbWyV6yib4W j vPW4VtMMWfJ3zRvnY04HSpV6LcldN VV74gWIQawivvw8ocHk783OFiSMYze1sqCQSxZcw22Ranf-Ow==

http://www.filesfunpresent.com/c?x=WgaUd1tw9eykP RJsE/hutXpRVZfKZfsPnvXw8LV5MM=&c=GQ5Lvrm1LEo3MQEPzoCJy/XnYdA4WFVUfI5KsCz67LgW3DpZNGsAsLrNH5kgOxqQfM/.../hxVbm924 nBiQq1wYVEGINyYQ5mmG9zKv7qXlUhRmBLiGKWtUE=&e=0&downloadAs=Redsn0w_Setup.exe

http://www.filesfunpresent.com/c?x=7nD9OaH98NI3rTLVNs02VGpJ uKGlChDZPKfTFlKHaU=&c=eKXqsJUUDEU3QaxgAAttGhLP5GsDUvNNRmtGa12WmRfNxjseqEqWRi0vd62QxUuwhiUjNPli/.../WUCg=&e=0&downloadAs=Redsn0w_Setup.exe

http://www.filesfunpresent.com/c?x=6GcFt8t6tB3oWNKbwue1tORJTezOlHUo1Uw4KABFxJM=&c=AXqllu2Q/hT rXt/by3CbU0gfgHHN2qjDb6OWseKfZFRAiVxdXMirrNqRpI/PZb9D4AtjUfpUd OOqrQyV43WJaPomRwW 59UKr/DnqnPYAAEX gCZkaEP4t nYf2/HQ3b/K91pnY1LQf8S/.../B6Qxahwx6iVP23V5NM=&e=0&downloadAs=Redsn0w_Setup.exe

http://redsn0w-project.org/.../RedSn0w_Setup.exe

http://download2223.mediafire.com/irrg79i10leg/.../redsn0w.exe

http://download2059.mediafire.com/t7rx04s4h3kg/.../redsn0w.exe

http://www.currentsigncontent.com/c?x=Ro3zOAOSAJTJFKvDXd09 dLXHxBWNPZd Ynept/cgR8=&c=aapAaOgwdRshKShbJSokG358DNDkEi7jgSB3pNL3vHuzUeltsHMy CKl9HuwA/kKj /lHT1ocL/.../RrP7xfwoC8zGx1Ort QQRhP3ZDS8uXR6r7AhBnUJYAu8xReHq96WK2g4ZiOnlsFfNL7GYOD8nEAtz&e=0&downloadAs=Redsn0w_Setup.exe

http://www.filesfunpresent.com/c?x=Toa9o00YK18A4wTxujBpwtFF3VhQ/MHEBI5lU0hcVWI=&c=crJxA5TDt9h6lphb6wyIw1W6PaXR9S/.../JWPqhrloBa9L0d0BZMMI9AiIpxXrJlJOVejgjtuuR6xj1m3Xy5iyX sfmf72OKAMU2hLzeVaYmx0HKEec9uF1SXa4JJl gVjmRLmcORZLOQdPrAvWAdhjDINfY=&e=0&downloadAs=Redsn0w_Setup.exe

http://www.towndeliverybody.com/WVl6OTRQV3hVYkZwNlZtTm1hekIwTmpocmFXcE1aRlpTZVdWWmJIZHVWbUpvV0c5SFRYUkRjMVp4ZDA1WGEyc2xNMFFtWXoxeFRVRnRRbkZFTUZoallWQjRaVWxhVEZkUVFYcDRla3NsTWtabE5HVjVOVzVNWTIxbVIwVmlXa3R2VVZabmJWVjZOMHBSUjNSeVpETlBZVkZJZG1kTE9EaHZjRzF3UnpNeFJVc2xNa0k0T0hseE1EQnpNVmR4VVdob2FuSmlia0lsTWtKaFZISk1NVlZWTVZkbUpUSkNaWFZvY21WbVdrUm5XRnBCZGtkYVJ6TmhPVnB5UjFOa2NqbEZSVXBSY0cxSU0wYzRaa294TUhRMFdHWjRkeVV6UkNVelJDWmxQVEFtWkc5M2JteHZZV1JCY3oxU1pXUnpiakIzWDFObGRIVndMbVY0WlE9PQ==

http://download2223.mediafire.com/1cz2ccdeeikg/.../redsn0w.exe

https://mega.nz/temporary/.../bRNC1YaY

http://download1324.mediafire.com/1qagfkz61w7g/.../redsn0w.exe

http://www.bundlessafetag.com/c?x=Rg1vdL/nd3Ujsx07x3BdGT78O36ICKY/8RzTWW8ZEwI=&c=VGtXq/CVwq7aflzst rA9JvwIZLWyNCnmUE6pGJ60xNLsLDF3m73Xdp01pAuv3a5GXNJ46adrO8rrDDzllDYvf8jqtMGPBwYVJ46g0NOkiwGWCUYmFQPYvkiaNzLasa8wNs3/.../H8gkX3I=&e=0&downloadAs=Redsn0w_Setup.exe

temp:redsn0w.exe

Latest 30 of 42 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.