× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1c026c60ec7aa873b6a29ef69fcbde1888c8c17bc8fde772c823bd16d2c9fad0
File name: WineBottler.app.zip
Detection ratio: 2 / 59
Analysis date: 2017-05-13 09:11:33 UTC ( 1 year ago )
Antivirus Result Update
Jiangmin Trojan/Genome.dlco 20170513
Rising Malware.Undefined!8.C (cloud:449YgnhiGME) 20170513
Ad-Aware 20170513
AegisLab 20170513
AhnLab-V3 20170512
Alibaba 20170513
ALYac 20170513
Antiy-AVL 20170513
Arcabit 20170513
Avast 20170513
AVG 20170513
Avira (no cloud) 20170513
AVware 20170513
Baidu 20170503
BitDefender 20170513
Bkav 20170513
CAT-QuickHeal 20170512
ClamAV 20170513
CMC 20170512
Comodo 20170513
CrowdStrike Falcon (ML) 20170130
Cyren 20170513
DrWeb 20170513
Emsisoft 20170513
Endgame 20170503
ESET-NOD32 20170513
F-Prot 20170513
F-Secure 20170513
Fortinet 20170513
GData 20170513
Ikarus 20170513
Sophos ML 20170413
K7AntiVirus 20170513
K7GW 20170513
Kaspersky 20170513
Kingsoft 20170513
Malwarebytes 20170513
McAfee 20170512
McAfee-GW-Edition 20170513
Microsoft 20170513
eScan 20170513
NANO-Antivirus 20170513
nProtect 20170513
Palo Alto Networks (Known Signatures) 20170513
Panda 20170513
Qihoo-360 20170513
SentinelOne (Static ML) 20170330
Sophos AV 20170513
SUPERAntiSpyware 20170513
Symantec 20170513
Symantec Mobile Insight 20170512
Tencent 20170513
TheHacker 20170508
TotalDefense 20170513
TrendMicro 20170513
TrendMicro-HouseCall 20170513
VBA32 20170512
VIPRE 20170513
ViRobot 20170513
Webroot 20170513
WhiteArmor 20170512
Yandex 20170512
Zillya 20170511
ZoneAlarm by Check Point 20170513
Zoner 20170513
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
File signature
Identifier org.kronenberg.WineBottler
Format bundle with Mach-O universal (i386 x86_64)
CDHash 80884f82b577520d1f9a3514c1b00bcdc3fafd3d
Signature size 4238
Authority Developer ID Application: Tapenta GmbH
Authority Developer ID Certification Authority
Authority Apple Root CA
Signed Time Dec 18, 2015, 9:22:20 PM
Info.plist entries 26
TeamIdentifier S3B4DFK8MA
Signers
[+] Tapenta GmbH
Status Certificate out of its validity period
Issuer Apple Inc.
Valid from 09:31 AM 03/24/2012
Valid to 09:31 AM 03/25/2017
Valid usage Digital Signature, Code Signing
Algorithm sha256WithRSAEncryption
Thumbprint 4A812261AA0B90175F818F9D816E4AD3C6A66332
Serial number 1F 13 ED C2 D1 9D C0 C5
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 10:12 PM 02/01/2012
Valid to 10:12 PM 02/01/2027
Valid usage Digital Signature, Certificate Sign, CRL Sign
Algorithm sha256WithRSAEncryption
Thumbprint 3B166C3B7DC4B751C9FE2AFAB9135641E388E186
Serial number 18 7A A9 A8 C2 96 21 0C
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 09:40 PM 04/25/2006
Valid to 09:40 PM 02/09/2035
Valid usage Certificate Sign, CRL Sign
Algorithm sha1WithRSAEncryption
Thumbprint 611E5B662C593A08FF58D14AE22452D198DF6C60
Serial number 2
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
607
Uncompressed size
11071885
Highest datetime
2015-12-19 00:22:18
Lowest datetime
2015-12-19 00:22:18
Contained files by extension
nib
113
h
57
png
51
sh
37
exe
6
txt
3
svg
1
pem
1
Contained files by type
unknown
246
directory
159
Mac OS X Executable
53
PNG
51
XML
48
script
37
HTML
7
Portable Executable
6
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
0

ZipCompressedSize
2

FileTypeExtension
zip

ZipFileName
WineBottler.app/

ZipBitFlag
0x0800

ZipModifyDate
2015:12:19 00:22:09

File identification
MD5 fcc7311fa648f7cd68a4d0b47a13da17
SHA1 0b847a4a59f54c40385961e188f345e5397cc0e8
SHA256 1c026c60ec7aa873b6a29ef69fcbde1888c8c17bc8fde772c823bd16d2c9fad0
ssdeep
98304:THKwNCrv9F+ZBxDi+/9BxTKSNBx5jBxTyeLBxX261BxUtFdQ5Vwxo:THPYL9F+ZTDi+/9TTKSNT5jTTyeLTX2Y

File size 4.6 MB ( 4796815 bytes )
File type ZIP
Magic literal
Zip archive data, at least v2.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
contains-macho contains-pe mac-app zip

VirusTotal metadata
First submission 2017-04-28 05:45:49 UTC ( 1 year ago )
Last submission 2017-04-28 05:45:49 UTC ( 1 year ago )
File names WineBottler.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections