× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ccd0e9df8c2411dfe60b76edb25607193bfb316acac21b7250be65c37215ca3
File name: exp
Detection ratio: 18 / 56
Analysis date: 2017-07-03 10:52:41 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.MAC.Exploit.A 20170703
ALYac Trojan.MAC.Exploit.A 20170703
Arcabit Trojan.MAC.Exploit.A 20170703
Avast MacOS:CVE-2016-4625-F [Trj] 20170703
AVG MacOS:CVE-2016-4625-F [Trj] 20170703
Avira (no cloud) OSX/OSX.CVE-2016-4625.pvcws 20170703
BitDefender Trojan.MAC.Exploit.A 20170703
DrWeb Exploit.CVE-2016-4625.1 20170703
Emsisoft Trojan.MAC.Exploit.A (B) 20170703
ESET-NOD32 a variant of OSX/Exploit.CVE-2016-4625.B 20170703
F-Secure Trojan.MAC.Exploit.A 20170703
GData Trojan.MAC.Exploit.A 20170703
Ikarus Trojan.Osx.Exploit 20170703
Kaspersky HEUR:Exploit.OSX.CVE-2016-4625.a 20170703
eScan Trojan.MAC.Exploit.A 20170703
Symantec OSX.Trojan.Gen 20170703
TrendMicro-HouseCall Suspicious_GEN.F47V0701 20170703
ZoneAlarm by Check Point HEUR:Exploit.OSX.CVE-2016-4625.a 20170703
AegisLab 20170703
AhnLab-V3 20170703
Alibaba 20170703
Antiy-AVL 20170703
AVware 20170703
Baidu 20170703
Bkav 20170703
CAT-QuickHeal 20170703
ClamAV 20170703
CMC 20170701
Comodo 20170702
CrowdStrike Falcon (ML) 20170420
Cyren 20170703
Endgame 20170629
F-Prot 20170703
Fortinet 20170629
Sophos ML 20170607
Jiangmin 20170703
K7AntiVirus 20170703
K7GW 20170703
Kingsoft 20170703
Malwarebytes 20170703
McAfee 20170703
McAfee-GW-Edition 20170702
Microsoft 20170703
NANO-Antivirus 20170703
nProtect 20170703
Palo Alto Networks (Known Signatures) 20170703
Panda 20170702
Qihoo-360 20170703
Rising 20170703
SentinelOne (Static ML) 20170516
Sophos AV 20170703
SUPERAntiSpyware 20170703
Symantec Mobile Insight 20170630
Tencent 20170703
TheHacker 20170702
TrendMicro 20170703
Trustlook 20170703
VBA32 20170630
VIPRE 20170703
ViRobot 20170703
Webroot 20170703
WhiteArmor 20170627
Yandex 20170630
Zillya 20170701
Zoner 20170703
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for x86_64 based machines.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x25a0
Reserved 0x0
Load commands 18
Load commands size 1728
Flags DYLDLINK
NOUNDEFS
PIE
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 7bc64fefb160333f2ed854041402bdd6
SHA1 07715c8b7cc6861b8d9aa4c98e20ca82da133667
SHA256 2ccd0e9df8c2411dfe60b76edb25607193bfb316acac21b7250be65c37215ca3
ssdeep
192:rMIJvh2LIeTqnXH7sqMwyCQPBMEpMv9D1OCAkvV15U3sDMpDvGvn9r54AYO/:rMCmTSXcJSEivyCVfgswVeVQ+

File size 19.9 KB ( 20344 bytes )
File type Mach-O
Magic literal
Mach-O 64-bit executable

TrID Mac OS X Mach-O 64bit Intel executable (100.0%)
Tags
64bits exploit macho cve-2016-4625

VirusTotal metadata
First submission 2017-06-30 02:24:39 UTC ( 1 year, 8 months ago )
Last submission 2017-08-11 07:03:35 UTC ( 1 year, 7 months ago )
File names 07715c8b7cc6861b8d9aa4c98e20ca82da133667_exp
exp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Created processes
HTTP requests
DNS requests
TCP connections