rotatelogs

executablemacOS117.4 KBx86_64, arm64

System service — communicates with remote endpoints for configuration or telemetry

Executable binary signed by Apple that establishes network connections to six remote endpoints. Contains bundle identifiers and file paths indicating integration with the broader macOS system. The presence of multiple URLs and network endpoints suggests this service either retrieves configuration data, sends telemetry, or coordinates with Apple's infrastructure. Runs as a system-level process with minimal local interface complexity based on the limited function count.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 11.0.0
SDK: 26.1.0
File Size: 117.4 KB
UUID: 170D4013-ABDF-3AEB-B0C0-75071F05BA72
Analyzed: 2026-04-07T05:21:11Z
CDHash: 53dc7fab314eb828e4e1822786ed29f50157b5d7742e0752bd9f7d50f6d909ee

Frameworks10

CoreFoundation libcrypto.46.dylib libssl.48.dylib libaprutil-1.0.dylib libexpat.1.dylib libiconv.2.dylib libsqlite3.dylib LDAP libapr-1.0.dylib libSystem.B.dylib

Interesting Strings

Bundle IDs(1)

com.apple.rotatelogs

File Paths(2)

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

Endpoints(6)

Urlhttp://www.apple.com/appleca/root.crl0

Hostnamewww.apple.com

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

0

IPC

0

Analytics

0

Security

0

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

0

File Paths

2

Bundle IDs

1

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code8daf2aac8eaa8a726cc50ca3c601dce48fc333df98b3c788fbe69d0c75854a35

Imports045ba8ffb738f4372abe1103e57dbbed458afcdbce2dcabf60061efaa71008d3

Frameworks3ba3283a0a5a81a543fbe3f5bcae742e52c6be41c909933b66403fdda4b7d5a4

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlementse3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Symbols045ba8ffb738f4372abe1103e57dbbed458afcdbce2dcabf60061efaa71008d3

Static Libraries0 / 10 functions identified

Functions(10)

0x100000840main

0x100001214usage

0x1000012e4get_time_or_size

0x100001510dumpConfig

0x100001768doRotate

0x100001decget_now

0x100001e9ccheckRotate

0x10000206ctruncate_and_write_error

0x10000213cpost_rotate

0x1000024ecclose_logfile

Imports48 symbols from 2 dylibs

libapr-1.0.dylib34 libSystem.B.dylib14

Exports2

_mh_execute_header0x0

main0x840

Similar Binaries1,470 comparable