× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a80b6d59e56b7526a6ed39fbd8a94ff078c8269aa28250e1784dee62214b9995
File name: a80b6d59e56b7526a6ed39fbd8a94ff078c8269aa28250e1784dee62214b9995
Detection ratio: 39 / 58
Analysis date: 2018-10-16 00:07:26 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Mac.OSX.Trojan.MacControl.A 20181015
AhnLab-V3 OSX32-Trojan/Macontrol.B 20181015
ALYac Mac.OSX.Trojan.MacControl.A 20181015
Arcabit Mac.OSX.Trojan.MacControl.A 20181015
Avast MacOS:MacKontrol-A 20181015
AVG MacOS:MacKontrol-A 20181015
Avira (no cloud) OSX/MaControl.A.1 20181015
BitDefender Mac.OSX.Trojan.MacControl.A 20181015
CAT-QuickHeal Backdoor.MacOSX.Longage.A 20181013
ClamAV Legacy.Trojan.Agent-36792 20181015
Cyren MacOS/MaControl.A 20181015
DrWeb BackDoor.Macontrol.2 20181015
Emsisoft Mac.OSX.Trojan.MacControl.A (B) 20181015
Endgame malicious (high confidence) 20180730
ESET-NOD32 OSX/MacKontrol.B 20181015
F-Prot MacOS/MaControl.A 20181015
F-Secure Backdoor:OSX/MacKontrol.B 20181015
Fortinet MAC/MacKontrol.B!tr 20181015
GData Mac.OSX.Trojan.MacControl.A 20181015
Ikarus Trojan.OSX.Mackontrol 20181015
Kaspersky Backdoor.OSX.MaControl.b 20181015
MAX malware (ai score=83) 20181016
McAfee OSX/Longate 20181015
McAfee-GW-Edition BehavesLike.Java.Suspicious.nv 20181015
Microsoft Backdoor:MacOS/Longage.A 20181015
eScan Mac.OSX.Trojan.MacControl.A 20181015
NANO-Antivirus Trojan.Mac.Macontrol.twjbj 20181015
Qihoo-360 Win32/Trojan.05a 20181016
Rising Trojan.Agent.ged (CLASSIC) 20181015
Sophos AV OSX/MacCtrl-A 20181015
Symantec OSX.MacControl 20181015
Tencent Mac.Backdoor.Macontrol.Ljap 20181016
TrendMicro OSX_LONGAGE.A 20181015
TrendMicro-HouseCall HO_MACKONTROL.MSMG816 20181015
VBA32 Backdoor.OSX.MaControl.b 20181015
Yandex Backdoor.OSX.Longage.A 20181015
Zillya Trojan.MacKontrol..1 20181015
ZoneAlarm by Check Point Backdoor.OSX.MaControl.b 20181015
Zoner Trojan.Generic 20181015
AegisLab 20181015
Alibaba 20180921
Antiy-AVL 20181015
Avast-Mobile 20181015
Babable 20180918
Baidu 20181015
Bkav 20181014
CMC 20181015
Comodo 20181015
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181016
eGambit 20181016
Sophos ML 20180717
Jiangmin 20181015
K7AntiVirus 20181015
K7GW 20181015
Kingsoft 20181016
Malwarebytes 20181015
Palo Alto Networks (Known Signatures) 20181016
Panda 20181015
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
TheHacker 20181015
TotalDefense 20181015
Trustlook 20181016
ViRobot 20181015
Webroot 20181016
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 2 Mach-O files.
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 2 Mach-Os in a FAT binary. Details about each Mach-O file follow.
File header
File type 0x2000000
Magic 0xcefaedfe
Required architecture 0x12000000
Sub-architecture 167772160
Load commands 318767104
Load commands size 3557359616
Flags 0x84000000
FORCE_FLAT
NO_HEAP_EXECUTION
Load commands
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x29b4
Load commands 20
Load commands size 2536
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 347b6b212619d5b9f3f4d952fa8790e7
SHA1 45cc3e53205d38b580dab3d5da86d0a083910503
SHA256 a80b6d59e56b7526a6ed39fbd8a94ff078c8269aa28250e1784dee62214b9995
ssdeep
1536:mumzyqzw9Lm2qQ6AotUotf6QXofX9qs0Sw:muYrzwfotfVXCY

File size 98.1 KB ( 100422 bytes )
File type Mach-O
Magic literal
Mach-O fat file with 2 architectures

TrID Mac OS X Mach-O universal Dynamically linked shared Library (94.7%)
Mac OS X Universal Binary executable (5.2%)
Tags
multi-arch macho

VirusTotal metadata
First submission 2018-10-16 00:07:26 UTC ( 5 months, 1 week ago )
Last submission 2018-10-16 00:07:26 UTC ( 5 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Moved files
Created processes
DNS requests
TCP connections