× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55daff443d4c8ba9770f90f8b9668b81e472fccd7cbc508d858046f75add2070
File name: 55daff443d4c8ba9770f90f8b9668b81e472fccd7cbc508d858046f75add2070
Detection ratio: 39 / 59
Analysis date: 2018-10-15 20:09:28 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Mac.OSX.Trojan.MacControl.A 20181015
AhnLab-V3 OSX32-Trojan/Macontrol.B 20181015
ALYac Mac.OSX.Trojan.MacControl.A 20181015
Arcabit Mac.OSX.Trojan.MacControl.A 20181015
Avast MacOS:MacKontrol-A 20181015
AVG MacOS:MacKontrol-A 20181015
Avira (no cloud) OSX/MaControl.A.1 20181015
BitDefender Mac.OSX.Trojan.MacControl.A 20181015
CAT-QuickHeal Backdoor.MacOSX.Longage.A 20181013
ClamAV Legacy.Trojan.Agent-36792 20181015
Cyren MacOS/MaControl.A 20181015
DrWeb BackDoor.Macontrol.2 20181015
Emsisoft Mac.OSX.Trojan.MacControl.A (B) 20181015
Endgame malicious (high confidence) 20180730
ESET-NOD32 OSX/MacKontrol.B 20181015
F-Prot MacOS/MaControl.A 20181015
F-Secure Backdoor:OSX/MacKontrol.B 20181015
Fortinet MAC/MacKontrol.B!tr 20181015
GData Mac.OSX.Trojan.MacControl.A 20181015
Ikarus Trojan.OSX.Mackontrol 20181015
Kaspersky Backdoor.OSX.MaControl.b 20181015
MAX malware (ai score=87) 20181015
McAfee OSX/Longate 20181015
McAfee-GW-Edition BehavesLike.Java.Suspicious.nv 20181015
Microsoft Backdoor:MacOS/Longage.A 20181015
eScan Mac.OSX.Trojan.MacControl.A 20181015
NANO-Antivirus Trojan.Mac.Macontrol.twjbj 20181015
Qihoo-360 Win32/Trojan.bae 20181015
Rising Trojan.Agent.ged (CLASSIC) 20181015
Sophos AV OSX/MacCtrl-A 20181015
Symantec OSX.MacControl 20181015
Tencent Mac.Backdoor.Macontrol.Dxdj 20181015
TrendMicro OSX_LONGAGE.A 20181015
TrendMicro-HouseCall HO_MACKONTROL.MSMG816 20181015
VBA32 Backdoor.OSX.MaControl.b 20181015
Yandex Backdoor.OSX.Longage.A 20181015
Zillya Trojan.MacKontrol..1 20181015
ZoneAlarm by Check Point Backdoor.OSX.MaControl.b 20181015
Zoner Trojan.Generic 20181014
AegisLab 20181015
Alibaba 20180921
Antiy-AVL 20181015
Avast-Mobile 20181015
Babable 20180918
Baidu 20181015
Bkav 20181014
CMC 20181015
Comodo 20181015
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20181015
eGambit 20181015
Sophos ML 20180717
Jiangmin 20181015
K7AntiVirus 20181015
K7GW 20181015
Kingsoft 20181015
Malwarebytes 20181015
Palo Alto Networks (Known Signatures) 20181015
Panda 20181015
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
TheHacker 20181015
TotalDefense 20181015
Trustlook 20181015
VIPRE 20181015
ViRobot 20181015
Webroot 20181015
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 2 Mach-O files.
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 2 Mach-Os in a FAT binary. Details about each Mach-O file follow.
File header
File type 0x2000000
Magic 0xcefaedfe
Required architecture 0x12000000
Sub-architecture 167772160
Load commands 318767104
Load commands size 3557359616
Flags 0x84000000
FORCE_FLAT
NO_HEAP_EXECUTION
Load commands
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x29b4
Load commands 20
Load commands size 2536
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 165b1219a07c2f2b62deec99157649ec
SHA1 7b4af7f243744033e75cd298c7bb7394a4cbc630
SHA256 55daff443d4c8ba9770f90f8b9668b81e472fccd7cbc508d858046f75add2070
ssdeep
1536:mumzyqzw9Lm2qQ6AotUotf6QXofX9qs0St:muYrzwfotfVXCl

File size 98.1 KB ( 100505 bytes )
File type Mach-O
Magic literal
Mach-O fat file with 2 architectures

TrID Mac OS X Mach-O universal Dynamically linked shared Library (94.7%)
Mac OS X Universal Binary executable (5.2%)
Tags
multi-arch macho

VirusTotal metadata
First submission 2018-10-15 20:09:28 UTC ( 5 months, 1 week ago )
Last submission 2018-10-15 20:09:28 UTC ( 5 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Moved files
Created processes
DNS requests
TCP connections