× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c2cc33d72fdb4e372506cb98d5a7760d64a52377316bd92267bc5343478155b
File name: 6c2cc33d72fdb4e372506cb98d5a7760d64a52377316bd92267bc5343478155b
Detection ratio: 37 / 59
Analysis date: 2018-10-16 00:17:42 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Mac.OSX.Trojan.MacControl.A 20181015
AhnLab-V3 OSX32-Trojan/Macontrol.B 20181015
ALYac Mac.OSX.Trojan.MacControl.A 20181015
Arcabit Mac.OSX.Trojan.MacControl.A 20181016
Avast MacOS:MacKontrol-A 20181016
AVG MacOS:MacKontrol-A 20181016
Avira (no cloud) OSX/MaControl.A.1 20181015
BitDefender Mac.OSX.Trojan.MacControl.A 20181016
CAT-QuickHeal Backdoor.MacOSX.Longage.A 20181013
ClamAV Legacy.Trojan.Agent-36792 20181015
Cyren MacOS/MaControl.A 20181015
DrWeb BackDoor.Macontrol.2 20181015
Emsisoft Mac.OSX.Trojan.MacControl.A (B) 20181015
Endgame malicious (high confidence) 20180730
ESET-NOD32 OSX/MacKontrol.B 20181015
F-Prot MacOS/MaControl.A 20181015
F-Secure Backdoor:OSX/MacKontrol.B 20181015
Fortinet MAC/MacKontrol.B!tr 20181015
GData Mac.OSX.Trojan.MacControl.A (2x) 20181015
Ikarus Trojan.OSX.Mackontrol 20181015
Kaspersky Backdoor.OSX.MaControl.b 20181015
MAX malware (ai score=87) 20181016
McAfee OSX/Longate 20181016
McAfee-GW-Edition BehavesLike.Java.Suspicious.nv 20181015
Microsoft Backdoor:MacOS/Longage.A 20181015
eScan Mac.OSX.Trojan.MacControl.A 20181016
NANO-Antivirus Trojan.Mac.Macontrol.twjbj 20181016
Qihoo-360 Win32/Trojan.bae 20181016
Rising Trojan.Agent.ged (CLASSIC) 20181015
Sophos AV OSX/MacCtrl-A 20181015
Symantec OSX.MacControl 20181015
Tencent Mac.Backdoor.Macontrol.Ejev 20181016
TrendMicro OSX_LONGAGE.A 20181015
TrendMicro-HouseCall HO_MACKONTROL.MSMG816 20181015
VBA32 Backdoor.OSX.MaControl.b 20181015
Yandex Backdoor.OSX.Longage.A 20181015
ZoneAlarm by Check Point Backdoor.OSX.MaControl.b 20181015
AegisLab 20181015
Alibaba 20180921
Antiy-AVL 20181016
Avast-Mobile 20181015
Babable 20180918
Baidu 20181015
Bkav 20181014
CMC 20181015
Comodo 20181016
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181016
eGambit 20181016
Sophos ML 20180717
Jiangmin 20181015
K7AntiVirus 20181015
K7GW 20181015
Kingsoft 20181016
Malwarebytes 20181015
Palo Alto Networks (Known Signatures) 20181016
Panda 20181015
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
TheHacker 20181015
TotalDefense 20181015
Trustlook 20181016
VIPRE 20181015
ViRobot 20181015
Webroot 20181016
Zillya 20181015
Zoner 20181015
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 2 Mach-O files.
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 2 Mach-Os in a FAT binary. Details about each Mach-O file follow.
File header
File type 0x2000000
Magic 0xcefaedfe
Required architecture 0x12000000
Sub-architecture 167772160
Load commands 318767104
Load commands size 3557359616
Flags 0x84000000
Load commands
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x29b4
Load commands 20
Load commands size 2536
File segments
Shared libraries
Load commands
File identification
MD5 ffe154f3226c022f997d6ce6c9fc0998
SHA1 be9db81b47610aef84ed49afd882698cdaf161f8
SHA256 6c2cc33d72fdb4e372506cb98d5a7760d64a52377316bd92267bc5343478155b

File size 98.0 KB ( 100376 bytes )
File type Mach-O
Magic literal
Mach-O fat file with 2 architectures

TrID Mac OS X Mach-O universal Dynamically linked shared Library (94.7%)
Mac OS X Universal Binary executable (5.2%)
multi-arch macho

VirusTotal metadata
First submission 2018-10-16 00:17:42 UTC ( 5 months, 1 week ago )
Last submission 2018-10-16 00:17:42 UTC ( 5 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
TCP connections