× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40327773ba7b855e8fa3f9a519b5f07e321c52b023c39518e1e42973cef2ad82
File name: FotoSketcher_Mac.app.zip
Detection ratio: 3 / 49
Analysis date: 2017-11-08 22:57:25 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Jiangmin Trojan/Genome.dlco 20171110
Kingsoft VIRUS_UNKNOWN 20171110
TheHacker Trojan/Jorik.Gbot.rdq 20171102
Ad-Aware 20171110
AegisLab 20171110
AhnLab-V3 20171110
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171110
Arcabit 20171110
Avast-Mobile 20171109
Avira (no cloud) 20171109
Baidu 20171109
BitDefender 20171110
Bkav 20171109
CAT-QuickHeal 20171110
ClamAV 20171110
CMC 20171109
Comodo 20171110
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cyren 20171110
DrWeb 20171110
eGambit 20171110
Emsisoft 20171110
Endgame 20171024
ESET-NOD32 20171110
Fortinet 20171110
GData 20171110
Ikarus 20171109
Sophos ML 20170914
K7AntiVirus 20171109
K7GW 20171110
Kaspersky 20171110
Malwarebytes 20171110
MAX 20171110
eScan 20171110
NANO-Antivirus 20171110
nProtect 20171110
Palo Alto Networks (Known Signatures) 20171110
Panda 20171109
Qihoo-360 20171110
SentinelOne (Static ML) 20171019
Sophos AV 20171110
SUPERAntiSpyware 20171110
Symantec 20171109
Symantec Mobile Insight 20171110
Tencent 20171110
TotalDefense 20171110
TrendMicro-HouseCall 20171110
Trustlook 20171110
VBA32 20171109
VIPRE 20171110
ViRobot 20171110
WhiteArmor 20171104
Yandex 20171109
ZoneAlarm by Check Point 20171110
Zoner 20171110
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
14287
Uncompressed size
25011696
Highest datetime
2017-06-12 08:25:22
Lowest datetime
2015-12-14 05:25:58
Contained files by extension
h
124
nib
58
txt
28
jpg
16
sh
16
png
6
d/
3
_A
3
exe
2
d
2
os2
2
23/
2
pem
2
pl
2
FAQ
2
aix
2
23
1
Contained files by type
unknown
731
directory
127
Mac OS X Executable
82
script
35
XML
10
JPG
8
HTML
3
PNG
3
Portable Executable
1
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
FotoSketcher_Mac.app/

ZipBitFlag
0

ZipModifyDate
2017:06:12 08:18:19

File identification
MD5 1e4d011a839dff30e4b8866c25589d3c
SHA1 4305c513bbfbcd2f8098f4f9fd2e256848649eb4
SHA256 40327773ba7b855e8fa3f9a519b5f07e321c52b023c39518e1e42973cef2ad82
ssdeep
1572864:/45EKvkDVT1pt/g2MxBPWhp8MFz3g1XV5EkeNG/1MtayymsCxobzWqb:vg2MvPWP8yEXYc0ayymLqb

File size 75.2 MB ( 78883034 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID Konfabulator widget (29.6%)
foobar2000 component (29.6%)
Mozilla Archive Format (gen) (25.9%)
ZIP compressed archive (14.8%)
Tags
mac-app contains-pe contains-macho zip

VirusTotal metadata
First submission 2017-09-13 20:48:28 UTC ( 8 months, 1 week ago )
Last submission 2017-11-08 22:57:25 UTC ( 6 months, 2 weeks ago )
File names FotoSketcher_Mac.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
DNS requests
TCP connections