× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7cc604095cf88a949c4c7271c400475b0297247b69eec26e5593a9779163106a
File name: shtooka_mac_2.app.zip
Detection ratio: 4 / 58
Analysis date: 2017-05-26 09:09:32 UTC ( 17 hours, 5 minutes ago )
Antivirus Result Update
Baidu Multi.Threats.InArchive 20170525
DrWeb Trojan.Popuper.37730 20170526
Jiangmin Trojan/Genome.dlco 20170526
TrendMicro-HouseCall PAK_Generic.005 20170525
Ad-Aware 20170526
AegisLab 20170526
AhnLab-V3 20170526
Alibaba 20170526
ALYac 20170526
Arcabit 20170526
Avast 20170526
AVG 20170526
Avira (no cloud) 20170525
AVware 20170526
BitDefender 20170526
Bkav 20170525
CAT-QuickHeal 20170525
ClamAV 20170526
CMC 20170525
Comodo 20170526
CrowdStrike Falcon (ML) 20170420
Cyren 20170526
Emsisoft 20170526
Endgame 20170515
ESET-NOD32 20170526
F-Prot 20170526
F-Secure 20170526
Fortinet 20170526
GData 20170526
Ikarus 20170526
Invincea 20170519
K7AntiVirus 20170526
K7GW 20170525
Kaspersky 20170526
Kingsoft 20170526
Malwarebytes 20170526
McAfee 20170526
McAfee-GW-Edition 20170525
Microsoft 20170526
eScan 20170526
NANO-Antivirus 20170526
nProtect 20170526
Palo Alto Networks (Known Signatures) 20170526
Panda 20170526
Qihoo-360 20170526
Rising 20170526
SentinelOne (Static ML) 20170516
Sophos 20170526
SUPERAntiSpyware 20170526
Symantec 20170526
Symantec Mobile Insight 20170526
Tencent 20170526
TheHacker 20170525
TotalDefense 20170526
TrendMicro 20170526
VBA32 20170525
VIPRE 20170526
ViRobot 20170526
Webroot 20170526
WhiteArmor 20170524
Yandex 20170518
Zillya 20170525
ZoneAlarm by Check Point 20170526
Zoner 20170526
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
Interesting properties
The studied file contains at least one Portable Executable.
Contained files
Compression metadata
Contained files
2384
Uncompressed size
11988470
Highest datetime
2017-05-11 19:57:34
Lowest datetime
2008-04-27 13:12:04
Contained files by extension
ttf
324
dll
286
exe
62
txt
34
ini
12
lnk
10
cpl
4
css
4
xml
2
bat
2
zip
2
doc
2
acm
2
url
2
inf
2
drv
2
_c:
1
nib
1
_z:
1
_e:
1
_d:
1
Contained files by type
unknown
693
Portable Executable
178
directory
124
HTML
2
XML
1
ZIP
1
script
1
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
shtooka_mac_2.app/

ZipBitFlag
0

ZipModifyDate
2017:05:09 18:22:23

File identification
MD5 144f45a6f0e5cc992b6c9905d69d98ef
SHA1 98da9a493c5d0dcb29c8c185a56b54e0c71e4947
SHA256 7cc604095cf88a949c4c7271c400475b0297247b69eec26e5593a9779163106a
ssdeep
196608:M58iooNgweisT/7ZxLGAe1POzx1IIchTTVFXJh2SlNwbZaf:M5magVjTNxt4PQeTTVF59ebZG

File size 9.7 MB ( 10140959 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID Mozilla Firefox browser extension (42.1%)
Mozilla Archive Format (gen) (36.8%)
ZIP compressed archive (21.0%)
Tags
nsis contains-pe mac-app upx zip

VirusTotal metadata
First submission 2017-05-11 17:57:44 UTC ( 2 weeks, 1 day ago )
Last submission 2017-05-11 17:57:44 UTC ( 2 weeks, 1 day ago )
File names shtooka_mac_2.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
HTTP requests
DNS requests
TCP connections