home

AppleMobileDeviceService.exe

The executable AppleMobileDeviceService.exe, “MobileDeviceService” has been detected as malware by 2 anti-virus scanners. It runs as a windows Service named “Apple Mobile Device Service”. While running, it connects to the Internet address mailrelay.203.website.ws on port 80 using the HTTP protocol.
Publisher:
Apple Inc.*  (Invalid match)

Description:
MobileDeviceService

Version:
17.364.0.22

MD5:
416c12303899d8b623a7e95a0f0824fa

SHA-1:
f5e690dadfde7cee74f2d791b5cd1cb6ab29a5e2

SHA-256:
56aa9eb72d2901f7454528df9328eaa647f88d262a98cac458d880ac276ea152

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/26/2024 2:14:57 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Win64.Expiro.108
9.0.1.05190

ESET NOD32
Win64/Expiro.AC virus
6.3.12010.0

File size:
652.5 KB (668,160 bytes)

Product version:
3.3.0.0

Copyright:
© 2015 Apple Inc. All rights reserved.

Original file name:
AppleMobileDeviceService.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\apple\mobile device support\applemobiledeviceservice.exe

File PE Metadata
Compilation timestamp:
2/13/2015 3:18:56 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

Entry address:
0x8590

Entry point:
90, 55, 48, 89, E5, 56, 48, FF, CE, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 81, EC, D0, 00, 00, 00, 48, C7, 85, 70, FF, FF, FF, 00, 00, 00, 00, 48, C7, 45, A8, 0E, 00, 00, 00, 4C, 8B, 55, A8, 49, 83, EA, 0E, 4C, 89, 55, A0, 48, C7, 45, 98, 09, 00, 00, 00, 45, 31, F6, 4C, 8B, 55, A0, 4D, 89, D5, 49, 83, ED, 00, 49, BA, B6, 6B, 00, 00, 00, 00, 00, 00, 4C, 89, 95, 40, FF, FF, FF, BE, F4, D2, 2B, C2, 4C, 8B, 95, 40, FF, FF, FF, 49, B9, 1F, 98, 00, 00, 00, 00, 00, 00, 4D, 89, D6, 4D, 0F, AF, F1, 41, BD, 93, 2F...
 
[+]

Entropy:
7.1892

Code size:
38.5 KB (39,424 bytes)

Service
Display name:
Apple Mobile Device Service

Description:
Provides the interface to Apple mobile devices.

Type:
Win32OwnProcess, InteractiveProcess

Depends on:
Tcpip


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mailrelay.203.website.ws  (64.70.19.203:80)

TCP (HTTP):
Connects to ip234.208-100-26.static.steadfastdns.net  (208.100.26.234:80)

Remove AppleMobileDeviceService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.