encode_keychange

executablemacOS133.1 KBx86_64, arm64

Hardware communication utility — manages direct driver and device interactions

Communicates directly with hardware drivers and devices through low-level interfaces. Contacts multiple network endpoints for operations or telemetry purposes. Accesses five file paths during execution and references bundle identifiers for inter-process communication. Uses eight standard macOS frameworks to support its hardware operations. Runs with capabilities that bypass normal sandboxing restrictions to interface with drivers and hardware directly.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 133.1 KB
UUID: FEE5AF0C-30BD-3698-AF07-45700558AD45
Analyzed: 2026-04-07T05:21:12Z
CDHash: c39bd79a53c480b84168c6efb0781485eb20009a11e6193c83601116815e00fa

Capabilities

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Frameworks8

libnetsnmp.25.dylib libcrypto.46.dylib IOKit CoreFoundation CoreServices ApplicationServices DiskArbitration libSystem.B.dylib

Interesting Strings

Bundle IDs(1)

com.apple.encode_keychange

File Paths(5)

/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

Endpoints(6)

Urlhttp://www.apple.com/appleca/root.crl0

Hostnamewww.apple.com

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

1

IPC

0

Analytics

0

Security

0

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

0

File Paths

5

Bundle IDs

1

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code9d54807b8a268158dd5d93c593a2dc95685bee26108fae00215636b9cc3aeaf1

Imports91750d91aaccd9490e2bd5f3ec947f325145431f010771307025b4d2acf026e2

Frameworks3424c5d7b567b50e80592e96bdc82f42e91d3902aa12c2007e748ee2fe11f228

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlementse3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Symbols91750d91aaccd9490e2bd5f3ec947f325145431f010771307025b4d2acf026e2

Static Libraries0 / 7 functions identified

Functions(7)

0x1000008c8sub_1000008c8

0x100001688sub_100001688

0x100001714sub_100001714

0x100001748sub_100001748

0x100001bd8sub_100001bd8

0x100001be8sub_100001be8

0x100001d4csub_100001d4c

Imports44 symbols from 2 dylibs

libSystem.B.dylib30 libnetsnmp.25.dylib14

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable