× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84a60c8bb2cdf454fdb593318e7c26ba93cc48ba3058530998c8886050981f11
File name: General.rtf
Detection ratio: 11 / 54
Analysis date: 2016-03-07 22:31:05 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.MAC.KeRangerRansom.A 20160307
Arcabit Trojan.MAC.KeRangerRansom.A 20160307
AVG OSX/Agent_c.JW 20160307
BitDefender Trojan.MAC.KeRangerRansom.A 20160307
Emsisoft Trojan.MAC.KeRangerRansom.A (B) 20160307
ESET-NOD32 OSX/Filecoder.KeRanger.A 20160307
F-Secure Trojan:OSX/KeRanger.A 20160307
GData Trojan.MAC.KeRangerRansom.A 20160307
Kaspersky Trojan-Ransom.OSX.KeRanger.a 20160307
eScan Trojan.MAC.KeRangerRansom.A 20160307
Symantec OSX.Keranger 20160307
AegisLab 20160307
Yandex 20160306
AhnLab-V3 20160307
Alibaba 20160307
ALYac 20160307
Avast 20160307
Avira (no cloud) 20160307
AVware 20160307
Baidu-International 20160307
Bkav 20160307
ByteHero 20160307
CAT-QuickHeal 20160305
ClamAV 20160307
CMC 20160307
Comodo 20160307
Cyren 20160307
DrWeb 20160307
F-Prot 20160307
Fortinet 20160307
Ikarus 20160307
Jiangmin 20160307
K7AntiVirus 20160307
K7GW 20160307
Malwarebytes 20160307
McAfee 20160307
McAfee-GW-Edition 20160307
Microsoft 20160307
NANO-Antivirus 20160307
nProtect 20160307
Panda 20160307
Qihoo-360 20160307
Rising 20160307
Sophos AV 20160307
SUPERAntiSpyware 20160306
Tencent 20160307
TheHacker 20160307
TrendMicro 20160307
TrendMicro-HouseCall 20160307
VBA32 20160306
VIPRE 20160307
ViRobot 20160307
Zillya 20160306
Zoner 20160307
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for x86_64 based machines.
Interesting properties
This file seems to extract from its body and drop some additional Mach-O files.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x10c0
Reserved 0x0
Load commands 17
Load commands size 2032
Flags DYLDLINK
NOUNDEFS
PIE
TWOLEVEL
File segments
Shared libraries
Load commands
Compressed bundles
File identification
MD5 dacc2facbace1dd0ec883508ed06e4db
SHA1 689cf98c54357d90527a38d922412c04a7107a89
SHA256 84a60c8bb2cdf454fdb593318e7c26ba93cc48ba3058530998c8886050981f11
ssdeep
6144:s6rH3Uv7K2+wZnFnIXBBwZiw3VAn4Lhzet9JoJFhKz:uZFIXwZpW416tMsz

File size 297.3 KB ( 304416 bytes )
File type Mach-O
Magic literal
Mach-O 64-bit executable

TrID Mac OS X Mach-O 64bit Intel executable (100.0%)
Tags
64bits macho dropper

VirusTotal metadata
First submission 2016-03-06 19:27:09 UTC ( 3 years ago )
Last submission 2017-10-22 16:37:00 UTC ( 1 year, 5 months ago )
File names 689cf98c54357d90527a38d922412c04a7107a89_General_un-upx
General.rtf
689cf98c54357d90527a38d922412c04a7107a89_General.rtf.un-upx
General-unpacked.rtf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections