× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 505fe4e480531d48261ab79417f006e9bb24e5e74329cbac4aeb2c239f23b1d1
File name: setup
Detection ratio: 4 / 59
Analysis date: 2018-10-12 02:01:05 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Avast MacOS:Genieo-FP [Adw] 20181011
AVG MacOS:Genieo-FP [Adw] 20181011
ESET-NOD32 a variant of OSX/Adware.Genieo.CL 20181012
Tencent Win32.Adware.Genieo.Lmkx 20181012
Ad-Aware 20181012
AegisLab 20181012
AhnLab-V3 20181011
Alibaba 20180921
ALYac 20181011
Antiy-AVL 20181012
Arcabit 20181011
Avast-Mobile 20181011
Avira (no cloud) 20181011
Babable 20180918
Baidu 20181011
BitDefender 20181011
Bkav 20181011
CAT-QuickHeal 20181011
ClamAV 20181011
CMC 20181011
Comodo 20181012
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181012
Cyren 20181011
DrWeb 20181011
eGambit 20181012
Emsisoft 20181011
Endgame 20180730
F-Prot 20181012
F-Secure 20181012
Fortinet 20181012
GData 20181012
Ikarus 20181011
Sophos ML 20180717
Jiangmin 20181012
K7AntiVirus 20181011
K7GW 20181012
Kaspersky 20181012
Kingsoft 20181012
Malwarebytes 20181012
MAX 20181012
McAfee 20181012
McAfee-GW-Edition 20181012
Microsoft 20181012
eScan 20181012
NANO-Antivirus 20181012
Palo Alto Networks (Known Signatures) 20181012
Panda 20181011
Qihoo-360 20181012
Rising 20181011
SentinelOne (Static ML) 20181011
Sophos AV 20181011
SUPERAntiSpyware 20181012
Symantec 20181011
Symantec Mobile Insight 20181001
TACHYON 20181012
TheHacker 20181011
TotalDefense 20181011
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181012
VBA32 20181011
VIPRE 20181011
ViRobot 20181011
Webroot 20181012
Yandex 20181011
Zillya 20181011
ZoneAlarm by Check Point 20181011
Zoner 20181011
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for x86_64 based machines.
File signature
Identifier com.ransack.tablet
Format Mach-O thin (x86_64)
CandidateCDHash sha1 05649b834505f3ac943e8ccc4c222e7bc1f0aef6
CandidateCDHash sha256 6a9928bd53da065c586bf8afdad62d587d310090
Hash choices sha1,sha256
Page size 4096
CDHash 6a9928bd53da065c586bf8afdad62d587d310090
Signature size 8913
Authority Developer ID Application: Fayola Junia (FUS4RN7ZSA)
Authority Developer ID Certification Authority
Authority Apple Root CA
Timestamp Jul 6, 2018 at 3:01:38 PM
Info.plist not bound
TeamIdentifier FUS4RN7ZSA
Sealed Resources none
Signature verification Invalid
Signing Certificates
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 09:40 PM 04/25/2006
Valid to 09:40 PM 02/09/2035
Valid usage Certificate Sign, CRL Sign
Algorithm sha1WithRSAEncryption
Thumbprint 611E5B662C593A08FF58D14AE22452D198DF6C60
Serial number 2
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 10:12 PM 02/01/2012
Valid to 10:12 PM 02/01/2027
Valid usage Digital Signature, Certificate Sign, CRL Sign
Algorithm sha256WithRSAEncryption
Thumbprint 3B166C3B7DC4B751C9FE2AFAB9135641E388E186
Serial number 18 7A A9 A8 C2 96 21 0C
[+] Fayola Junia
Status Valid
Issuer Apple Inc.
Valid from 09:29 AM 05/28/2018
Valid to 09:29 AM 05/29/2023
Valid usage Code Signing, Digital Signature
Algorithm sha256WithRSAEncryption
Thumbprint A2D0BF28DFACC4E7F1E23E24C339667B5FF73A65
Serial number 59 72 91 E0 C6 24 7A 64
Interesting properties
This file is signed by Apple's Root Certificate Authority.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x10000167c
Reserved 0x0
Load commands 19
Load commands size 3344
Flags DYLDLINK
NOUNDEFS
PIE
TWOLEVEL
File segments
Shared libraries
Load commands
Execution parents
File identification
MD5 39b3cc6d6f39ecd30663e29b42362b89
SHA1 a5609ed466e09ef45d1ff65d37f6cca4ff5d9480
SHA256 505fe4e480531d48261ab79417f006e9bb24e5e74329cbac4aeb2c239f23b1d1
ssdeep
768:owpFtWxihp6ZmLmjssS9MvIJAlMen/udY980sD4Tab8:ltuYp6ZkCS+ggnWd0gDOK

File size 52.5 KB ( 53728 bytes )
File type Mach-O
Magic literal
Mach-O 64-bit executable

TrID Mac OS X Mach-O 64bit Intel executable (100.0%)
Tags
64bits invalid-signature macho signed

VirusTotal metadata
First submission 2018-07-08 11:38:56 UTC ( 8 months, 2 weeks ago )
Last submission 2018-07-08 11:38:56 UTC ( 8 months, 2 weeks ago )
File names setup
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Created processes
DNS requests
TCP connections