× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 66ca7790320213b108ce5e67007f67f2b749433811b5e5b86450cdad854b149d
File name: 66ca7790320213b108ce5e67007f67f2b749433811b5e5b86450cdad854b149d....
Detection ratio: 3 / 60
Analysis date: 2017-09-24 12:48:45 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Jiangmin Trojan/Genome.dlco 20170924
Rising Malware.Undefined!8.C (C64:YzY0OlyX7pVRXt0w) 20170924
TrendMicro-HouseCall Suspicious_GEN.F47V0909 20170924
Ad-Aware 20170924
AegisLab 20170924
AhnLab-V3 20170923
Alibaba 20170911
ALYac 20170924
Arcabit 20170924
Avast 20170924
Avast-Mobile 20170923
AVG 20170924
Avira (no cloud) 20170923
AVware 20170923
Baidu 20170922
BitDefender 20170924
CAT-QuickHeal 20170923
ClamAV 20170924
CMC 20170920
Comodo 20170924
CrowdStrike Falcon (ML) 20170804
Cylance 20170924
Cyren 20170924
DrWeb 20170924
Emsisoft 20170924
Endgame 20170821
ESET-NOD32 20170924
F-Prot 20170924
F-Secure 20170924
Fortinet 20170924
GData 20170924
Ikarus 20170924
Sophos ML 20170914
K7AntiVirus 20170924
K7GW 20170924
Kaspersky 20170924
Kingsoft 20170924
Malwarebytes 20170924
MAX 20170924
McAfee 20170924
McAfee-GW-Edition 20170924
Microsoft 20170924
eScan 20170924
NANO-Antivirus 20170924
nProtect 20170924
Palo Alto Networks (Known Signatures) 20170924
Panda 20170924
Qihoo-360 20170924
SentinelOne (Static ML) 20170806
Sophos AV 20170923
SUPERAntiSpyware 20170924
Symantec 20170923
Symantec Mobile Insight 20170922
Tencent 20170924
TheHacker 20170921
TotalDefense 20170924
TrendMicro 20170924
Trustlook 20170924
VBA32 20170922
VIPRE 20170924
ViRobot 20170924
Webroot 20170924
WhiteArmor 20170829
Yandex 20170908
Zillya 20170922
ZoneAlarm by Check Point 20170924
Zoner 20170924
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
File signature
Identifier org.kronenberg.WineBottler
Format bundle with Mach-O universal (i386 x86_64)
CDHash 80884f82b577520d1f9a3514c1b00bcdc3fafd3d
Signature size 4238
Authority Developer ID Application: Tapenta GmbH
Authority Developer ID Certification Authority
Authority Apple Root CA
Signed Time Dec 18, 2015, 9:22:20 PM
Info.plist entries 26
TeamIdentifier S3B4DFK8MA
Signers
[+] Tapenta GmbH
Status Certificate out of its validity period
Issuer Apple Inc.
Valid from 09:31 AM 03/24/2012
Valid to 09:31 AM 03/25/2017
Valid usage Digital Signature, Code Signing
Algorithm sha256WithRSAEncryption
Thumbprint 4A812261AA0B90175F818F9D816E4AD3C6A66332
Serial number 1F 13 ED C2 D1 9D C0 C5
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 10:12 PM 02/01/2012
Valid to 10:12 PM 02/01/2027
Valid usage Digital Signature, Certificate Sign, CRL Sign
Algorithm sha256WithRSAEncryption
Thumbprint 3B166C3B7DC4B751C9FE2AFAB9135641E388E186
Serial number 18 7A A9 A8 C2 96 21 0C
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 09:40 PM 04/25/2006
Valid to 09:40 PM 02/09/2035
Valid usage Certificate Sign, CRL Sign
Algorithm sha1WithRSAEncryption
Thumbprint 611E5B662C593A08FF58D14AE22452D198DF6C60
Serial number 2
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
547
Uncompressed size
4507693
Highest datetime
2016-02-04 19:06:56
Lowest datetime
2015-12-18 13:22:18
Contained files by extension
nib
70
h
30
png
30
sh
26
_A
6
exe
4
pem
2
svg
2
txt
2
app
1
Contained files by type
unknown
348
directory
131
XML
18
Mac OS X Executable
17
PNG
15
script
13
HTML
3
Portable Executable
2
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
WineBottler.app/

ZipBitFlag
0

ZipModifyDate
2015:12:18 13:22:10

File identification
MD5 852caae548000c607eef31d072b9ff36
SHA1 d6b6660dccb274767b98df09d5fb563962e42cca
SHA256 66ca7790320213b108ce5e67007f67f2b749433811b5e5b86450cdad854b149d
ssdeep
49152:zmNSE00mezN1NKtpzaZm5rLSsHq9dbqWI8+rwJSaH:zmEezNHKLaor49qWINu

File size 2.3 MB ( 2374276 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
contains-macho contains-pe mac-app zip

VirusTotal metadata
First submission 2016-02-05 03:07:52 UTC ( 2 years, 4 months ago )
Last submission 2017-09-09 07:13:58 UTC ( 9 months, 1 week ago )
File names 66ca7790320213b108ce5e67007f67f2b749433811b5e5b86450cdad854b149d.file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections