macOS Analysis Report
AlDente.dmg

Overview

General Information

Sample name:	AlDente.dmg
Analysis ID:	1540052
MD5:	00b0457af4d3d3f4e4cc06bf247eb5b4
SHA1:	59c29e89a14dbcf0a0f5eeb755f40a2cdefa5b49
SHA256:	37ed1b3600fcd0b2f3c1102f630c5c2c2d169cc829bd2e039d7fdd671d2722f1
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false

Signatures

Contains symbols with paths

Contains symbols with suspicious names likely related to networking

Contains symbols with suspicious names likely related to well-known browsers

Sample or dropped file has a small TEXT segment size indicating that the actual code is not in this segment hampering debugging

Classification

Signatures

Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49402 version: TLS 1.2

Contains symbols with suspicious names likely related to networking

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine18PassthroughSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine19CurrentValueSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine25ObservableObjectPublisherC4sendyyF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherPAAs5NeverO7FailureRtzrlE4sink12receiveValueAA14AnyCancellableCy6OutputQzc_tF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherP7receive10subscriberyqd___tAA10SubscriberRd__7FailureQyd__AGRtz5InputQyd__6OutputRtzlFTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receive12subscriptionyAA12Subscription_p_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receiveyAA11SubscribersO6DemandV5InputQzFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP27multipliedReportingOverflow2byx12partialValue_Sb8overflowtx_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP28subtractingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP23addingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainSystemLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainUserLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$sSz8clampingxqd___tcSzRd__lufCTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _OBJC_CLASS_$_NSXPCConnection
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7SwiftUI9AnimationV6spring8response15dampingFraction13blendDurationACSd_S2dtFZ
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding5value2to18wrappingComponentsAA4DateVSgAC9ComponentO_SiAJSbtF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runys5Int64VAA6InsertVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC5pluckyAA3RowVSgAA9QueryType_pKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC6scalaryxAA11ScalarQueryVyxGKAA5ValueRzlF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMa
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3key_2dbySS_SStKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runyAA9StatementCSS_SayAA7Binding_pSgGtKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runySiAA6DeleteVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMn
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC_8readonlyACSS_SbtKcfC
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine18PassthroughSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine25ObservableObjectPublisherC4sendyyF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine19CurrentValueSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherPAAs5NeverO7FailureRtzrlE4sink12receiveValueAA14AnyCancellableCy6OutputQzc_tF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherP7receive10subscriberyqd___tAA10SubscriberRd__7FailureQyd__AGRtz5InputQyd__6OutputRtzlFTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receive12subscriptionyAA12Subscription_p_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receiveyAA11SubscribersO6DemandV5InputQzFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP28subtractingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP23addingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP27multipliedReportingOverflow2byx12partialValue_Sb8overflowtx_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainUserLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainSystemLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$sSz8clampingxqd___tcSzRd__lufCTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _OBJC_CLASS_$_NSXPCConnection
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7SwiftUI9AnimationV6spring8response15dampingFraction13blendDurationACSd_S2dtFZ
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding5value2to18wrappingComponentsAA4DateVSgAC9ComponentO_SiAJSbtF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runys5Int64VAA6InsertVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC5pluckyAA3RowVSgAA9QueryType_pKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC6scalaryxAA11ScalarQueryVyxGKAA5ValueRzlF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMa
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3key_2dbySS_SStKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runyAA9StatementCSS_SayAA7Binding_pSgGtKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runySiAA6DeleteVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMn
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC_8readonlyACSS_SbtKcfC

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.224.247
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.224.247
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /2021/mobileassets/041-40471/B96AF6E1-5FF6-4786-9956-944A1AFE086A/com_apple_MobileAsset_KextDenyList/404087a7302927411b6ea0e05114d2c68355185e.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/062-08173/234EE7F7-CC33-4CD3-85FC-60590A103560/com_apple_MobileAsset_CoreSuggestions/84f6102e2a09dd10dd694d795792a7771b6014fc.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/052-54451/D609556E-69B1-482E-9C33-B2E3510A1311/com_apple_MobileAsset_TimeZoneUpdate/c5a4d0df08e8faecf4faebbbadc4d96a07d9d990.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: AlDente	String found in binary or memory: http://certs.apple.com/devidg2.der02
Source: CodeResources	String found in binary or memory: http://crl.apple.com/applerootcag3.crl0
Source: AlDente	String found in binary or memory: http://crl.apple.com/root.crl0
Source: AlDente	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: AlDente	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootca0.
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootcag307
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-asica4020
Source: AlDente	String found in binary or memory: http://ocsp.apple.com/ocsp03-devidg2010
Source: AlDente, CodeResources	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: AlDente	String found in binary or memory: http://www.apple.com/appleca0
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/?utm_campaign=aldente-
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/adding-aldente-pro-support-to-16-new-intel-macbook-models-full-list-belo
Source: Info.plist	String found in binary or memory: https://apphousekitchen.com/aldente/aldenteproappcast.xml
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-automatic-discharge/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-calibration-mode-2/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-disable-sleep-until-charge-limit/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-hardware-battery-percentage/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-heat-protection/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-sailing-mode/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-schedule/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-stop-charging-when-app-closed/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-stop-charging-when-sleeping/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/pricing/?utm_campaign=aldente-
Source: AlDente	String found in binary or memory: https://www.apple.com/appleca/0
Source: AlDente	String found in binary or memory: https://www.apple.com/certificateauthority/0

Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown	Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49384
Source: unknown	Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49380
Source: unknown	Network traffic detected: HTTP traffic on port 49378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49379
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 49379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown	Network traffic detected: HTTP traffic on port 49381 -> 443

Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49402 version: TLS 1.2

Source: classification engine

Classification label: clean2.macDMG@0/0@1/0

Contains symbols with paths

Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/x86_64/main.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/dev/oss/LaunchAtLogin/Sources/LaunchAtLoginHelper/
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/x86_64/LaunchAtLoginHelper.swiftmodule
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/x86_64/LaunchAtLoginHelper_vers.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/DerivedSources/
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/arm64/main.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/dev/oss/LaunchAtLogin/Sources/LaunchAtLoginHelper/
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/arm64/LaunchAtLoginHelper.swiftmodule
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/arm64/LaunchAtLoginHelper_vers.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/DerivedSources/

Contains symbols with suspicious names likely related to well-known browsers

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_operatingSystemVersion

Source: extracted file from DMG submission	CodeResources XML file: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/_CodeSignature/CodeResources
Source: extracted file from DMG submission	CodeResources XML file: AlDente.app/Contents/_CodeSignature/CodeResources

Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: submission

CodeSign Info: Executable=/Volumes/AlDente/AlDente.app/Contents/MacOS/AlDente

Sample or dropped file has a small TEXT segment size indicating that the actual code is not in this segment hampering debugging

Source: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O __TEXT segment size: 0x4000 <= 16 KB
Source: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O __TEXT segment size: 0x4000 <= 16 KB

Source: /usr/bin/open (PID: 631)

System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist

Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.3.6	h3.apis.apple.map.fastly.net	United States	54113	FASTLYUS	false
151.101.3.8	appledownload.map.fastly.net	United States	54113	FASTLYUS	false
23.46.224.247	unknown	United States	16625	AKAMAI-ASUS	false

Contacted Domains

Name	IP	Active
appledownload.map.fastly.net	151.101.3.8	true
h3.apis.apple.map.fastly.net	151.101.3.6	true

Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49402 version: TLS 1.2

Contains symbols with suspicious names likely related to networking

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine18PassthroughSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine19CurrentValueSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine25ObservableObjectPublisherC4sendyyF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherPAAs5NeverO7FailureRtzrlE4sink12receiveValueAA14AnyCancellableCy6OutputQzc_tF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherP7receive10subscriberyqd___tAA10SubscriberRd__7FailureQyd__AGRtz5InputQyd__6OutputRtzlFTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receive12subscriptionyAA12Subscription_p_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receiveyAA11SubscribersO6DemandV5InputQzFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP27multipliedReportingOverflow2byx12partialValue_Sb8overflowtx_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP28subtractingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP23addingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainSystemLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainUserLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$sSz8clampingxqd___tcSzRd__lufCTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _OBJC_CLASS_$_NSXPCConnection
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7SwiftUI9AnimationV6spring8response15dampingFraction13blendDurationACSd_S2dtFZ
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding5value2to18wrappingComponentsAA4DateVSgAC9ComponentO_SiAJSbtF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runys5Int64VAA6InsertVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC5pluckyAA3RowVSgAA9QueryType_pKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC6scalaryxAA11ScalarQueryVyxGKAA5ValueRzlF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMa
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3key_2dbySS_SStKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runyAA9StatementCSS_SayAA7Binding_pSgGtKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runySiAA6DeleteVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMn
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC_8readonlyACSS_SbtKcfC
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorPsE7_domainSSvg
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine18PassthroughSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss5ErrorP7_domainSSvgTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine25ObservableObjectPublisherC4sendyyF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine19CurrentValueSubjectC4sendyyxF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherPAAs5NeverO7FailureRtzrlE4sink12receiveValueAA14AnyCancellableCy6OutputQzc_tF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine9PublisherP7receive10subscriberyqd___tAA10SubscriberRd__7FailureQyd__AGRtz5InputQyd__6OutputRtzlFTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _swift_isEscapingClosureAtFileLocation
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receive12subscriptionyAA12Subscription_p_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7Combine10SubscriberP7receiveyAA11SubscribersO6DemandV5InputQzFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP28subtractingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP23addingReportingOverflowyx12partialValue_Sb8overflowtxFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$ss17FixedWidthIntegerP27multipliedReportingOverflow2byx12partialValue_Sb8overflowtx_tFTj
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainUserLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kIOMasterPortDefault
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _kSMDomainSystemLaunchd
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_reportUnimplementedInitializer
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$sSz8clampingxqd___tcSzRd__lufCTq
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _OBJC_CLASS_$_NSXPCConnection
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s7SwiftUI9AnimationV6spring8response15dampingFraction13blendDurationACSd_S2dtFZ
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s10Foundation8CalendarV4date8byAdding5value2to18wrappingComponentsAA4DateVSgAC9ComponentO_SiAJSbtF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runys5Int64VAA6InsertVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC5pluckyAA3RowVSgAA9QueryType_pKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC6scalaryxAA11ScalarQueryVyxGKAA5ValueRzlF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMa
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3key_2dbySS_SStKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runyAA9StatementCSS_SayAA7Binding_pSgGtKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC3runySiAA6DeleteVKF
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionCMn
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: _$s6SQLite10ConnectionC_8readonlyACSS_SbtKcfC

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.224.247
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.224.247
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /2021/mobileassets/041-40471/B96AF6E1-5FF6-4786-9956-944A1AFE086A/com_apple_MobileAsset_KextDenyList/404087a7302927411b6ea0e05114d2c68355185e.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/062-08173/234EE7F7-CC33-4CD3-85FC-60590A103560/com_apple_MobileAsset_CoreSuggestions/84f6102e2a09dd10dd694d795792a7771b6014fc.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)
Source: global traffic	HTTP traffic detected: GET /2024/patches/052-54451/D609556E-69B1-482E-9C33-B2E3510A1311/com_apple_MobileAsset_TimeZoneUpdate/c5a4d0df08e8faecf4faebbbadc4d96a07d9d990.zip HTTP/1.1Host: updates.cdn-apple.comAccept: /Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: mobileassetd (unknown version) CFNetwork/976 Darwin/18.2.0 (x86_64)

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: AlDente	String found in binary or memory: http://certs.apple.com/devidg2.der02
Source: CodeResources	String found in binary or memory: http://crl.apple.com/applerootcag3.crl0
Source: AlDente	String found in binary or memory: http://crl.apple.com/root.crl0
Source: AlDente	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: AlDente	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootca0.
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootcag307
Source: CodeResources	String found in binary or memory: http://ocsp.apple.com/ocsp03-asica4020
Source: AlDente	String found in binary or memory: http://ocsp.apple.com/ocsp03-devidg2010
Source: AlDente, CodeResources	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: AlDente	String found in binary or memory: http://www.apple.com/appleca0
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/?utm_campaign=aldente-
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/adding-aldente-pro-support-to-16-new-intel-macbook-models-full-list-belo
Source: Info.plist	String found in binary or memory: https://apphousekitchen.com/aldente/aldenteproappcast.xml
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-automatic-discharge/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-calibration-mode-2/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-disable-sleep-until-charge-limit/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-hardware-battery-percentage/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-heat-protection/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-sailing-mode/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-schedule/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-stop-charging-when-app-closed/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/feature-explanation-stop-charging-when-sleeping/
Source: AlDente	String found in binary or memory: https://apphousekitchen.com/pricing/?utm_campaign=aldente-
Source: AlDente	String found in binary or memory: https://www.apple.com/appleca/0
Source: AlDente	String found in binary or memory: https://www.apple.com/certificateauthority/0

Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown	Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49384
Source: unknown	Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49380
Source: unknown	Network traffic detected: HTTP traffic on port 49378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49379
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 49379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown	Network traffic detected: HTTP traffic on port 49381 -> 443

Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.8:443 -> 192.168.11.12:49378 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49402 version: TLS 1.2

Source: classification engine

Classification label: clean2.macDMG@0/0@1/0

Contains symbols with paths

Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/x86_64/main.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/dev/oss/LaunchAtLogin/Sources/LaunchAtLoginHelper/
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/x86_64/LaunchAtLoginHelper.swiftmodule
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/x86_64/LaunchAtLoginHelper_vers.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/DerivedSources/
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/arm64/main.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/dev/oss/LaunchAtLogin/Sources/LaunchAtLoginHelper/
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/arm64/LaunchAtLoginHelper.swiftmodule
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/Objects-normal/arm64/LaunchAtLoginHelper_vers.o
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O symbol: /Users/sindresorhus/Library/Developer/Xcode/DerivedData/LaunchAtLogin-cahfdwxhpdgtvcfxydujvyqjaihs/Build/Intermediates.noindex/LaunchAtLogin.build/Release/LaunchAtLoginHelper.build/DerivedSources/

Contains symbols with suspicious names likely related to well-known browsers

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_operatingSystemVersion
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O symbol: __swift_stdlib_operatingSystemVersion

Source: extracted file from DMG submission	CodeResources XML file: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/_CodeSignature/CodeResources
Source: extracted file from DMG submission	CodeResources XML file: AlDente.app/Contents/_CodeSignature/CodeResources

Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: extracted file from submission: AlDente.app/Contents/MacOS/AlDente	Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: submission

CodeSign Info: Executable=/Volumes/AlDente/AlDente.app/Contents/MacOS/AlDente

Sample or dropped file has a small TEXT segment size indicating that the actual code is not in this segment hampering debugging

Source: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O __TEXT segment size: 0x4000 <= 16 KB
Source: AlDente.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app/Contents/MacOS/LaunchAtLoginHelper	Mach-O __TEXT segment size: 0x4000 <= 16 KB

Source: /usr/bin/open (PID: 631)

System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist

Jump to behavior

ID:	1540052
Product:	CloudBasic
Start time:	11:29:47
Start date:	23.10.2024
Sample:	AlDente.dmg
Cookbook:	defaultmacfilecookbook.jbs
System description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Architecture:	MAC
MD5:	00b0457af4d3d3f4e4cc06bf247eb5b4
SHA1:	59c29e89a14dbcf0a0f5eeb755f40a2cdefa5b49
SHA256:	37ed1b3600fcd0b2f3c1102f630c5c2c2d169cc829bd2e039d7fdd671d2722f1
Filetype:	Disk Image (Macintosh), GPT (APFS) (47500/0) 57.23%

macOS Analysis Report
AlDente.dmg

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

macOS Analysis Report AlDente.dmg

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

macOS Analysis Report
AlDente.dmg