× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 928a28dfb660a135a31e04f95e2f4665b15972a7ab195c3c286680d1922ce94e
File name: Wine.app.zip
Detection ratio: 2 / 57
Analysis date: 2017-11-08 22:46:33 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Jiangmin Trojan/Genome.dlco 20171109
TheHacker Trojan/Jorik.Gbot.rdq 20171102
Ad-Aware 20171109
AegisLab 20171109
AhnLab-V3 20171109
Alibaba 20170911
ALYac 20171109
Antiy-AVL 20171109
Arcabit 20171110
Avast 20171109
Avast-Mobile 20171109
AVG 20171109
Avira (no cloud) 20171109
AVware 20171109
Baidu 20171109
BitDefender 20171109
Bkav 20171109
CAT-QuickHeal 20171109
ClamAV 20171109
CMC 20171109
Comodo 20171109
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cyren 20171109
DrWeb 20171109
eGambit 20171110
Emsisoft 20171109
Endgame 20171024
ESET-NOD32 20171109
F-Prot 20171109
F-Secure 20171109
Fortinet 20171109
GData 20171109
Ikarus 20171109
Sophos ML 20170914
K7AntiVirus 20171109
K7GW 20171109
Kaspersky 20171109
Kingsoft 20171110
Malwarebytes 20171109
MAX 20171109
McAfee-GW-Edition 20171109
Microsoft 20171109
eScan 20171109
NANO-Antivirus 20171109
nProtect 20171109
Palo Alto Networks (Known Signatures) 20171110
Panda 20171109
Qihoo-360 20171110
SentinelOne (Static ML) 20171019
Sophos AV 20171109
SUPERAntiSpyware 20171109
Symantec 20171109
Symantec Mobile Insight 20171109
Tencent 20171110
TotalDefense 20171109
TrendMicro 20171109
TrendMicro-HouseCall 20171110
Trustlook 20171110
VBA32 20171109
VIPRE 20171109
ViRobot 20171109
WhiteArmor 20171104
Yandex 20171109
ZoneAlarm by Check Point 20171109
Zoner 20171109
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
File signature
Identifier org.kronenberg.Wine
Format bundle with Mach-O thin (x86_64)
CDHash adce28e45bc3ca0afd162649a336ec3b7ab3bbe8
Signature size 4604
Authority Developer ID Application: Tapenta GmbH (S3B4DFK8MA)
Authority Developer ID Certification Authority
Authority Apple Root CA
Signed Time Aug 20, 2017, 7:33:05 PM
Info.plist entries 26
TeamIdentifier S3B4DFK8MA
Signers
[+] Tapenta GmbH
Status Valid
Issuer Apple Inc.
Valid from 07:18 AM 05/16/2017
Valid to 07:18 AM 05/17/2022
Valid usage Digital Signature, Code Signing
Algorithm sha256WithRSAEncryption
Thumbprint E3B179BDE55EF7F45535DA43E4CA683CBBA106FF
Serial number 7E 37 52 0F 7A FB 35 51
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 10:12 PM 02/01/2012
Valid to 10:12 PM 02/01/2027
Valid usage Digital Signature, Certificate Sign, CRL Sign
Algorithm sha256WithRSAEncryption
Thumbprint 3B166C3B7DC4B751C9FE2AFAB9135641E388E186
Serial number 18 7A A9 A8 C2 96 21 0C
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 09:40 PM 04/25/2006
Valid to 09:40 PM 02/09/2035
Valid usage Certificate Sign, CRL Sign
Algorithm sha1WithRSAEncryption
Thumbprint 611E5B662C593A08FF58D14AE22452D198DF6C60
Serial number 2
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
10862
Uncompressed size
37271833
Highest datetime
2017-10-08 00:11:24
Lowest datetime
2017-08-17 02:08:30
Contained files by extension
la
180
so
142
sh
16
nib
8
h
8
png
6
d/
3
0
3
a
2
exe
2
pem
2
1
2
2
2
_A
2
pl
2
9
2
14/
2
5
2
0/
2
d
2
14
1
Contained files by type
unknown
704
Mac OS X Executable
183
directory
64
script
37
XML
6
PNG
3
HTML
2
Portable Executable
1
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
Wine.app/

ZipBitFlag
0

ZipModifyDate
2017:08:20 14:33:02

File identification
MD5 2c9d012ed0605de792a00010b1712ac3
SHA1 c9ac4bd237cca4b1bc2474522953c8e039d85caf
SHA256 928a28dfb660a135a31e04f95e2f4665b15972a7ab195c3c286680d1922ce94e
ssdeep
3145728:/t806JD3h640y6zxNiUWdC6lcfrolEuzf23ETZEOupT:/t7Mrh6JpftX6lTEuzTaOY

File size 139.8 MB ( 146545942 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID Mozilla Firefox browser extension (42.1%)
Mozilla Archive Format (gen) (36.8%)
ZIP compressed archive (21.0%)
Tags
contains-macho contains-pe mac-app zip

VirusTotal metadata
First submission 2017-10-08 04:14:00 UTC ( 3 months, 1 week ago )
Last submission 2017-11-08 22:46:33 UTC ( 2 months, 1 week ago )
File names Wine.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections