systemextensionsctl

executablemacOS171.4 KBx86_64, arm64

Code signing utility — signs and verifies macOS executable integrity

Signs macOS binaries and verifies their code signatures to ensure they haven't been tampered with. Accesses the Keychain to retrieve signing certificates and keys needed for code signing operations. Validates signatures against Apple's trusted roots and enforcement policies. Communicates with remote endpoints, likely Apple's code signing and timestamp services, to complete signing workflows and validate certificate status.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 171.4 KB
UUID: 26069C02-A086-3D75-AC5A-4FF1F97ACD32
Analyzed: 2026-04-07T05:21:12Z
CDHash: c72acbc55e346c14bbd6bacaa08a1c2e41814494656d4eb55f6c81e14b8b4f1b

Capabilities

SecurityKeychain, certificates, code signing

/System/Library/Frameworks/Security.framework/Versions/A/Security

Frameworks13

SystemExtensions Foundation libobjc.A.dylib libSystem.B.dylib CoreFoundation Security libswiftCore.dylib libswiftCoreFoundation.dylib(weak)libswiftDispatch.dylib(weak)libswiftIOKit.dylib(weak)libswiftObjectiveC.dylib(weak)libswiftXPC.dylib(weak)libswift_Builtin_float.dylib(weak)

Entitlements1

com.apple.private.system-extensions.modifytrue

Interesting Strings

Bundle IDs(5)

*com.apple.private.system-extensions.modify <key>com.apple.private.system-extensions.modify</key>com.apple.SystemExtensions com.apple.system-extensions.admin com.apple.systemextensionsctl

File Paths(4)

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/Security.framework/Versions/A/Security /System/Library/Frameworks/SystemExtensions.framework/Versions/A/SystemExtensions

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation libswiftCoreFoundation.dylib

Endpoints(6)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

0

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

0

File Paths

4

Bundle IDs

5

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code0957664932d4e1d83bdf8b57a48b5d2045f6e407a35ae9d1968504428be8c435

Imports798114a6d87839ea3f0dcdf1847ef6214493302fbe161dfcf39b1f547daf914c

Frameworks299186f6b4e0fd6e3f29b05dd002ae58b745293d3216dedc636ad20acecdb90c

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlementsff682de0c6f8ea5b49a3e739f04bdd3d340fbf5dbc1a3cf594ebbb697659336c

Symbols798114a6d87839ea3f0dcdf1847ef6214493302fbe161dfcf39b1f547daf914c

Static Libraries0 / 52 functions identified

Functions(52)

0x100000f38sub_100000f38

0x1000010d4sub_1000010d4

0x10000118csub_10000118c

0x1000011d4sub_1000011d4

0x100001210sub_100001210

0x100001290sub_100001290

0x1000012ccsub_1000012cc

0x1000013e8sub_1000013e8

0x100001494sub_100001494

0x10000150csub_10000150c

0x100001684sub_100001684

0x100001874sub_100001874

0x100001988sub_100001988

0x100001a44sub_100001a44

0x100001d30sub_100001d30

0x100001ea4sub_100001ea4

0x100001f30sub_100001f30

0x100001f4csub_100001f4c

0x100001f54sub_100001f54

0x1000024e8sub_1000024e8

Imports98 symbols from 7 dylibs

libswiftCore.dylib32 libSystem.B.dylib21 libobjc.A.dylib17 Foundation13 SystemExtensions7

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

AppleVirtualPlatformHIDBridge

alwaysonexclavesd

FDERecoveryAgent