× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 648acf9de62fbc7876581e4f0d5296e04b509ab7bb3abdd921a315773ba05b42
File name: 648acf9de62fbc7876581e4f0d5296e04b509ab7bb3abdd921a315773ba05b42
Detection ratio: 36 / 58
Analysis date: 2018-10-16 00:13:35 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Mac.OSX.Trojan.MacControl.A 20181015
AhnLab-V3 OSX32-Trojan/Macontrol.B 20181015
ALYac Mac.OSX.Trojan.MacControl.A 20181015
Avast MacOS:MacKontrol-A 20181016
AVG MacOS:MacKontrol-A 20181016
Avira (no cloud) OSX/MaControl.A.1 20181015
BitDefender Mac.OSX.Trojan.MacControl.A 20181016
CAT-QuickHeal Backdoor.MacOSX.Longage.A 20181013
ClamAV Legacy.Trojan.Agent-36792 20181015
Cyren MacOS/MaControl.A 20181016
DrWeb BackDoor.Macontrol.2 20181016
Emsisoft Mac.OSX.Trojan.MacControl.A (B) 20181015
Endgame malicious (high confidence) 20180730
ESET-NOD32 OSX/MacKontrol.B 20181015
F-Prot MacOS/MaControl.A 20181015
F-Secure Backdoor:OSX/MacKontrol.B 20181015
Fortinet MAC/MacKontrol.B!tr 20181015
GData Mac.OSX.Trojan.MacControl.A 20181015
Kaspersky Backdoor.OSX.MaControl.b 20181015
MAX malware (ai score=88) 20181016
McAfee OSX/Longate 20181016
McAfee-GW-Edition BehavesLike.Java.Suspicious.nv 20181015
Microsoft Backdoor:MacOS/Longage.A 20181015
eScan Mac.OSX.Trojan.MacControl.A 20181016
NANO-Antivirus Trojan.Mac.Macontrol.twjbj 20181016
Qihoo-360 Win32/Trojan.05a 20181016
Rising Trojan.Agent.ged (CLASSIC) 20181015
Sophos AV OSX/MacCtrl-A 20181015
Symantec OSX.MacControl 20181015
Tencent Mac.Backdoor.Macontrol.Lige 20181016
TrendMicro OSX_LONGAGE.A 20181015
TrendMicro-HouseCall HO_MACKONTROL.MSMG816 20181015
VBA32 Backdoor.OSX.MaControl.b 20181015
Yandex Backdoor.OSX.Longage.A 20181015
ZoneAlarm by Check Point Backdoor.OSX.MaControl.b 20181015
Zoner Trojan.Generic 20181015
AegisLab 20181015
Alibaba 20180921
Antiy-AVL 20181016
Arcabit 20181016
Avast-Mobile 20181015
Babable 20180918
Baidu 20181015
Bkav 20181014
CMC 20181015
Comodo 20181016
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181016
eGambit 20181016
Sophos ML 20180717
Jiangmin 20181015
K7AntiVirus 20181015
K7GW 20181015
Kingsoft 20181016
Malwarebytes 20181015
Palo Alto Networks (Known Signatures) 20181016
Panda 20181015
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
TheHacker 20181015
TotalDefense 20181015
Trustlook 20181016
VIPRE 20181015
ViRobot 20181015
Webroot 20181016
Zillya 20181015
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 2 Mach-O files.
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 2 Mach-Os in a FAT binary. Details about each Mach-O file follow.
File header
File type 0x2000000
Magic 0xcefaedfe
Required architecture 0x12000000
Sub-architecture 167772160
Load commands 318767104
Load commands size 3557359616
Flags 0x84000000
FORCE_FLAT
NO_HEAP_EXECUTION
Load commands
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x29b4
Load commands 20
Load commands size 2536
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 a20813489914e31e408256ce0790e288
SHA1 839f88f6d3545b0b73210b79a68a9e086b3ed432
SHA256 648acf9de62fbc7876581e4f0d5296e04b509ab7bb3abdd921a315773ba05b42
ssdeep
1536:mumzyqzw9Lm2qQ6AotUotf6QXofX9qs0SY:muYrzwfotfVXCQ

File size 98.2 KB ( 100605 bytes )
File type Mach-O
Magic literal
Mach-O fat file with 2 architectures

TrID Mac OS X Mach-O universal Dynamically linked shared Library (94.7%)
Mac OS X Universal Binary executable (5.2%)
Tags
multi-arch macho

VirusTotal metadata
First submission 2018-10-16 00:13:35 UTC ( 5 months, 1 week ago )
Last submission 2018-10-16 00:13:35 UTC ( 5 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Moved files
Created processes
TCP connections
UDP communications