× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58507bcfc4441edead0cb4acca3d60cf55d3d5a3563b3e20ffa4843b156d9cfd
File name: Agent
Detection ratio: 0 / 54
Analysis date: 2015-11-07 01:59:34 UTC ( 2 years ago )
Antivirus Result Update
AegisLab 20151106
Yandex 20151106
AhnLab-V3 20151106
Alibaba 20151106
Antiy-AVL 20151107
Arcabit 20151107
Avast 20151107
AVG 20151107
Avira (no cloud) 20151107
AVware 20151106
Baidu-International 20151106
BitDefender 20151107
Bkav 20151106
ByteHero 20151107
CAT-QuickHeal 20151106
ClamAV 20151103
CMC 20151106
Comodo 20151107
Cyren 20151107
DrWeb 20151107
Emsisoft 20151107
ESET-NOD32 20151107
F-Prot 20151107
F-Secure 20151107
Fortinet 20151107
GData 20151107
Ikarus 20151107
Jiangmin 20151107
K7AntiVirus 20151106
K7GW 20151106
Kaspersky 20151107
Malwarebytes 20151107
McAfee 20151107
McAfee-GW-Edition 20151107
Microsoft 20151107
eScan 20151106
NANO-Antivirus 20151107
nProtect 20151106
Panda 20151106
Qihoo-360 20151107
Rising 20151106
Sophos AV 20151107
SUPERAntiSpyware 20151107
Symantec 20151106
Tencent 20151107
TheHacker 20151103
TotalDefense 20151106
TrendMicro 20151107
TrendMicro-HouseCall 20151107
VBA32 20151105
VIPRE 20151107
ViRobot 20151107
Zillya 20151105
Zoner 20151106
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for i386 based machines.
File signature
Identifier com.blizzard.agent
Format Mach-O thin (i386)
CDHash 2fd86b60f8a25756a67a364610a90e3604c1d2da
Signature size 8541
Authority Developer ID Application: Blizzard Entertainment, Inc.
Authority Developer ID Certification Authority
Authority Apple Root CA
Timestamp Nov 3, 2015, 1:24:54 AM
./58507bcfc4441edead0cb4acca3d60cf55d3d5a3563b3e20ffa4843b156d9cfd/sample.bin: postdated timestamp or bad system clock
Interesting properties
This file seems to extract from its body and drop some additional Mach-O files.
This file is signed by Apple's Root Certificate Authority.
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x20e0
Load commands 29
Load commands size 3964
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
NO_HEAP_EXECUTION
PIE
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 b2bfbff9c758b9d1b3231c9bc2b8d537
SHA1 150340fe3df47fcafe86c937eeddb2eafcdfa1c6
SHA256 58507bcfc4441edead0cb4acca3d60cf55d3d5a3563b3e20ffa4843b156d9cfd
ssdeep
196608:HEDEAIdFlJCiSOIyiSoYlxb/Y/WThiPWFS+zJV1s0lygyEq9nbPYHg213EoZgrAz:HMEAIdFlJCiSlzSoYlxb/Y/WTAPsllyi

File size 9.7 MB ( 10123360 bytes )
File type Mach-O
Magic literal
Mach-O executable i386

TrID Mac OS X Mach-O 32bit Intel executable (100.0%)
Tags
macho dropper signed

VirusTotal metadata
First submission 2015-11-07 01:59:34 UTC ( 2 years ago )
Last submission 2015-11-07 01:59:34 UTC ( 2 years ago )
File names Agent
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections