× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7cc604095cf88a949c4c7271c400475b0297247b69eec26e5593a9779163106a
File name: shtooka_mac_2.app.zip
Detection ratio: 2 / 58
Analysis date: 2017-05-29 13:56:34 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Baidu Multi.Threats.InArchive 20170527
DrWeb Trojan.Popuper.37730 20170529
Ad-Aware 20170529
AegisLab 20170529
AhnLab-V3 20170529
Alibaba 20170527
ALYac 20170529
Antiy-AVL 20170529
Arcabit 20170529
Avast 20170529
AVG 20170529
Avira (no cloud) 20170529
AVware 20170529
BitDefender 20170529
Bkav 20170529
CAT-QuickHeal 20170529
ClamAV 20170529
CMC 20170528
Comodo 20170529
CrowdStrike Falcon (ML) 20170420
Cyren 20170529
Emsisoft 20170529
Endgame 20170515
ESET-NOD32 20170529
F-Prot 20170529
F-Secure 20170529
Fortinet 20170529
GData 20170529
Ikarus 20170529
Sophos ML 20170519
Jiangmin 20170529
K7AntiVirus 20170529
K7GW 20170529
Kaspersky 20170529
Kingsoft 20170529
Malwarebytes 20170529
McAfee 20170529
McAfee-GW-Edition 20170529
Microsoft 20170529
eScan 20170529
NANO-Antivirus 20170529
nProtect 20170529
Palo Alto Networks (Known Signatures) 20170529
Panda 20170529
Qihoo-360 20170529
Rising 20170529
SentinelOne (Static ML) 20170516
Sophos AV 20170529
SUPERAntiSpyware 20170529
Symantec 20170529
Symantec Mobile Insight 20170526
Tencent 20170529
TheHacker 20170528
TrendMicro 20170529
TrendMicro-HouseCall 20170525
Trustlook 20170529
VBA32 20170529
VIPRE 20170529
ViRobot 20170529
Webroot 20170529
WhiteArmor 20170524
Yandex 20170526
Zillya 20170527
ZoneAlarm by Check Point 20170529
Zoner 20170529
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
Interesting properties
The studied file contains at least one Portable Executable.
Contained files
Compression metadata
Contained files
2384
Uncompressed size
11988470
Highest datetime
2017-05-11 19:57:34
Lowest datetime
2008-04-27 13:12:04
Contained files by extension
ttf
324
dll
286
exe
62
txt
34
ini
12
lnk
10
cpl
4
css
4
xml
2
bat
2
zip
2
doc
2
acm
2
url
2
inf
2
drv
2
_c:
1
nib
1
_z:
1
_e:
1
_d:
1
Contained files by type
unknown
693
Portable Executable
178
directory
124
HTML
2
XML
1
ZIP
1
script
1
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
shtooka_mac_2.app/

ZipBitFlag
0

ZipModifyDate
2017:05:09 18:22:23

File identification
MD5 144f45a6f0e5cc992b6c9905d69d98ef
SHA1 98da9a493c5d0dcb29c8c185a56b54e0c71e4947
SHA256 7cc604095cf88a949c4c7271c400475b0297247b69eec26e5593a9779163106a
ssdeep
196608:M58iooNgweisT/7ZxLGAe1POzx1IIchTTVFXJh2SlNwbZaf:M5magVjTNxt4PQeTTVF59ebZG

File size 9.7 MB ( 10140959 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID Mozilla Firefox browser extension (42.1%)
Mozilla Archive Format (gen) (36.8%)
ZIP compressed archive (21.0%)
Tags
nsis contains-pe mac-app zip upx

VirusTotal metadata
First submission 2017-05-11 17:57:44 UTC ( 2 months, 1 week ago )
Last submission 2017-05-11 17:57:44 UTC ( 2 months, 1 week ago )
File names shtooka_mac_2.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
HTTP requests
DNS requests
TCP connections