× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79e90b80adeecce5f7410c4fb72c86a3a2d296e8557108c246f60a835d377057
File name: WineBottler.app.zip
Detection ratio: 2 / 56
Analysis date: 2016-02-28 10:44:40 UTC ( 2 years, 3 months ago )
Antivirus Result Update
AegisLab Troj.Downloader.W32.Small 20160228
Jiangmin Trojan/Genome.dlco 20160228
Ad-Aware 20160228
Yandex 20160227
AhnLab-V3 20160227
Alibaba 20160228
ALYac 20160228
Antiy-AVL 20160228
Arcabit 20160228
Avast 20160228
AVG 20160228
Avira (no cloud) 20160227
AVware 20160228
Baidu-International 20160227
BitDefender 20160228
Bkav 20160227
ByteHero 20160228
CAT-QuickHeal 20160227
ClamAV 20160228
CMC 20160225
Comodo 20160228
Cyren 20160228
DrWeb 20160228
Emsisoft 20160228
ESET-NOD32 20160228
F-Prot 20160228
F-Secure 20160227
Fortinet 20160228
GData 20160228
Ikarus 20160228
K7AntiVirus 20160228
K7GW 20160228
Kaspersky 20160228
Malwarebytes 20160228
McAfee 20160228
McAfee-GW-Edition 20160228
Microsoft 20160228
eScan 20160228
NANO-Antivirus 20160228
nProtect 20160226
Panda 20160227
Qihoo-360 20160228
Rising 20160225
Sophos AV 20160228
SUPERAntiSpyware 20160228
Symantec 20160227
Tencent 20160228
TheHacker 20160227
TotalDefense 20160228
TrendMicro 20160228
TrendMicro-HouseCall 20160228
VBA32 20160226
VIPRE 20160228
ViRobot 20160228
Zillya 20160227
Zoner 20160228
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
File signature
Identifier org.kronenberg.WineBottler
Format bundle with Mach-O universal (i386 x86_64)
CDHash 80884f82b577520d1f9a3514c1b00bcdc3fafd3d
Signature size 4238
Authority Developer ID Application: Tapenta GmbH
Authority Developer ID Certification Authority
Authority Apple Root CA
Signed Time Dec 18, 2015, 9:22:20 PM
Info.plist entries 26
TeamIdentifier S3B4DFK8MA
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
127
Uncompressed size
4266280
Highest datetime
2015-12-18 21:22:18
Lowest datetime
2015-12-18 21:22:18
Contained files by extension
nib
30
sh
13
h
11
png
9
exe
2
pem
1
svg
1
txt
1
Contained files by type
unknown
70
Mac OS X Executable
16
XML
14
script
13
PNG
9
HTML
3
Portable Executable
2
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x91837a35

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
27749

ZipCompressedSize
3077

FileTypeExtension
zip

ZipFileName
WineBottler.app/Contents/_CodeSignature/CodeResources

ZipBitFlag
0x0002

ZipModifyDate
2015:12:18 21:22:09

File identification
MD5 29bf3cdc83b0e3a79faa925c183dfc52
SHA1 1414fda88d10cd9807287323d20cb1e4a9c6264b
SHA256 79e90b80adeecce5f7410c4fb72c86a3a2d296e8557108c246f60a835d377057
ssdeep
49152:bOObvRQZyEEzO2jZF9OEkQSB1+KZWRLJSm6j/etxq9FFm:bO+mZpEzdZPlkQuEKwRFKj9fm

File size 2.0 MB ( 2120948 bytes )
File type ZIP
Magic literal
Zip archive data, at least v2.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
contains-macho contains-pe mac-app zip signed

VirusTotal metadata
First submission 2016-02-28 10:44:40 UTC ( 2 years, 3 months ago )
Last submission 2016-02-28 10:44:40 UTC ( 2 years, 3 months ago )
File names WineBottler.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections