automation_trampoline

executablemacOS190.3 KBx86_64, arm64

Code signing validation — verifies digital signatures on macOS executables and bundles

Validates code signatures on macOS binaries and application bundles to ensure they haven't been tampered with and originate from trusted sources. Accesses the Keychain and certificate store to retrieve and verify signing certificates. Communicates with Apple's signature validation services via network endpoints to check revocation status and obtain signing policies. Performs hardware-level operations for cryptographic verification and telemetry reporting on validation results.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 190.3 KB
UUID: 0E89409F-58F0-3600-BB1B-24642C89D6DC
Analyzed: 2026-04-09T09:43:18Z
CDHash: 987a14201be96146e8c5f9fec54b325ad64af3feb06cec58297fb67a687fbb81

Capabilities

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

SecurityKeychain, certificates, code signing

/System/Library/Frameworks/Security.framework/Versions/A/Security

Frameworks12

RemoteServiceDiscovery RecoveryOS libRosetta.dylib DiskImages DiskArbitration Foundation IOKit Security ServiceManagement libobjc.A.dylib libSystem.B.dylib CoreFoundation

Entitlements6

com.apple.ServiceManagement.daemons.modifytrue

com.apple.private.AuthorizationServices

com.apple.trust-settings.admin com.apple.trust-settings.user

com.apple.private.amfi.can-allow-non-platformtrue

com.apple.private.amfi.set-permissivetrue

com.apple.recoveryos_agent.ServiceBootstrappingtrue

com.apple.rootless.install.heritabletrue

Interesting Strings

Bundle IDs(20)

$com.apple.rootless.install.heritable %com.apple.private.amfi.set-permissive 'com.apple.private.AuthorizationServices0?*com.apple.ServiceManagement.daemons.modify -com.apple.private.amfi.can-allow-non-platform

File Paths(15)

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit /System/Library/Frameworks/Security.framework/Versions/A/Security

telemetry(2)

_SMJobSubmit could not submit script launchd job %s: %s

URLs & Endpoints(5)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><string>com.apple.compilers.llvm.clang.1_0</string>https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(7)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Hostnamemacosx26.1.internal

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

API Usage

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

1

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

5

Telemetry Strings

2

File Paths

15

Bundle IDs

20

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code3e219cb9b6d499e4dc35e474b1114d51a543c798a62ca4c1ded91453b6fcc4a4

Imports2d5f059840c189dfbd52e9d79628bd385e96ea7081191e57151a84a6e02ae6cd

Frameworks69990338803eee2a2842fc8a0ab3075984ff42f8c6587c607a3715f683a38bdb

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlements2b0c5b0f75c8e5d1dd6d0d5a2563118aa54c6325fa8aa25c42f45cabf66684a6

Symbols2d5f059840c189dfbd52e9d79628bd385e96ea7081191e57151a84a6e02ae6cd

Static Libraries0 / 41 functions identified

Functions(41)

0x100000e80sub_100000e80

0x100000f6csub_100000f6c

0x100001024sub_100001024

0x1000010e8sub_1000010e8

0x1000010f0sub_1000010f0

0x1000012f0sub_1000012f0

0x10000133csub_10000133c

0x100001424sub_100001424

0x1000014e0sub_1000014e0

0x10000156csub_10000156c

0x100001594sub_100001594

0x1000018b8sub_1000018b8

0x1000018d4sub_1000018d4

0x100003878sub_100003878

0x100003944sub_100003944

0x100003a6csub_100003a6c

0x100003ad4sub_100003ad4

0x100003b74sub_100003b74

0x100003ebcsub_100003ebc

0x100003f58sub_100003f58

Imports156 symbols from 9 dylibs

libSystem.B.dylib70 CoreFoundation26 libobjc.A.dylib14 Foundation13 IOKit12

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

AppleQEMUGuestAgent