× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9
File name: General.rtf
Detection ratio: 17 / 54
Analysis date: 2016-03-07 22:04:30 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.MAC.KeRangerRansom.A 20160307
AhnLab-V3 OSX64/Keranger.139264 20160307
Arcabit Trojan.MAC.KeRangerRansom.A 20160307
AVG OSX/Agent_c.JT 20160307
Avira (no cloud) OSX/KeRanger.1 20160307
BitDefender Trojan.MAC.KeRangerRansom.A 20160307
Emsisoft Trojan.MAC.KeRangerRansom.A (B) 20160307
ESET-NOD32 OSX/Filecoder.KeRanger.A 20160307
F-Secure Trojan.MAC.KeRangerRansom.A 20160307
GData Trojan.MAC.KeRangerRansom.A 20160307
Ikarus Trojan.OSX.KeRanger 20160307
Kaspersky Trojan-Ransom.OSX.KeRanger.a 20160307
eScan Trojan.MAC.KeRangerRansom.A 20160307
Sophos AV OSX/KeRanger-A 20160307
Symantec OSX.Keranger 20160307
TrendMicro OSX_KeRanger.A 20160307
TrendMicro-HouseCall OSX_KeRanger.A 20160307
AegisLab 20160307
Yandex 20160306
Alibaba 20160307
ALYac 20160307
Avast 20160307
AVware 20160307
Baidu-International 20160307
Bkav 20160307
ByteHero 20160307
CAT-QuickHeal 20160305
ClamAV 20160307
CMC 20160307
Comodo 20160307
Cyren 20160307
DrWeb 20160307
F-Prot 20160307
Fortinet 20160307
Jiangmin 20160307
K7AntiVirus 20160307
K7GW 20160307
Malwarebytes 20160307
McAfee 20160307
McAfee-GW-Edition 20160307
Microsoft 20160307
NANO-Antivirus 20160307
nProtect 20160307
Panda 20160307
Qihoo-360 20160307
Rising 20160307
SUPERAntiSpyware 20160306
Tencent 20160307
TheHacker 20160307
VBA32 20160306
VIPRE 20160307
ViRobot 20160307
Zillya 20160306
Zoner 20160307
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for x86_64 based machines.
Interesting properties
This file seems to extract from its body and drop some additional Mach-O files.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x10006f004
Reserved 0x0
Load commands 5
Load commands size 632
Flags DYLDLINK
NOUNDEFS
File segments
Load commands
File identification
MD5 14a4df1df622562b3bf5bc9a94e6a783
SHA1 fd1f246ee9effafba0811fd692e2e76947e82687
SHA256 31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9
ssdeep
3072:Mvs7iaCVlKWcLIT/ie5QG7l28T134jNguMuimk:MzwMSMl2IZ4JguHk

File size 136.0 KB ( 139264 bytes )
File type Mach-O
Magic literal
Mach-O 64-bit executable

TrID Mac OS X Mach-O 64bit Intel executable (100.0%)
Tags
64bits macho dropper

VirusTotal metadata
First submission 2016-03-04 21:42:24 UTC ( 3 years ago )
Last submission 2018-05-14 23:50:46 UTC ( 10 months, 1 week ago )
File names General.rtf
test2
14a4df1df622562b3bf5bc9a94e6a783.rtf_
General.upx
31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9
1.rtf
14a4df1df622562b3bf5bc9a94e6a783 _General.rtf_
kernel_service
58c99fe20b348702b936abb0
General.rtf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
HTTP requests
DNS requests
TCP connections