× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b3606a398ddcbc2833024e128d225f28d6801325be2b3c63a8571a169690376e
File name: Skype_TSV51P1YJ.dmg
Detection ratio: 14 / 53
Analysis date: 2015-12-21 11:59:49 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Adware.MAC.OSX.Conduit.B 20151221
Arcabit Adware.MAC.OSX.Conduit.B 20151221
Avast MacOS:SearchProtect-G [Adw] 20151221
AVG OSX/Conduit.D 20151221
Avira (no cloud) PUA/OSX.SearchProtect.D 20151221
BitDefender Adware.MAC.OSX.Conduit.B 20151221
DrWeb Trojan.Conduit.19 20151221
Emsisoft Adware.MAC.OSX.Conduit.B (B) 20151221
F-Secure Adware.MAC.OSX 20151221
GData Adware.MAC.OSX.Conduit.B 20151221
eScan Adware.MAC.OSX.Conduit.B 20151221
NANO-Antivirus Trojan.Mac.Conduit.dpvjgt 20151221
nProtect Adware.MAC.OSX.Conduit.B 20151221
Symantec OSX.Malcol.2 20151220
AegisLab 20151221
Yandex 20151220
AhnLab-V3 20151221
Alibaba 20151208
Antiy-AVL 20151221
AVware 20151221
Baidu-International 20151221
Bkav 20151221
ByteHero 20151221
CAT-QuickHeal 20151221
ClamAV 20151219
CMC 20151217
Comodo 20151221
Cyren 20151221
ESET-NOD32 20151221
F-Prot 20151221
Fortinet 20151221
Ikarus 20151221
Jiangmin 20151221
K7AntiVirus 20151221
K7GW 20151221
Kaspersky 20151221
Malwarebytes 20151221
McAfee 20151221
McAfee-GW-Edition 20151221
Microsoft 20151221
Panda 20151221
Rising 20151221
Sophos AV 20151221
SUPERAntiSpyware 20151221
TheHacker 20151221
TotalDefense 20151221
TrendMicro 20151221
TrendMicro-HouseCall 20151221
VBA32 20151221
VIPRE 20151219
ViRobot 20151221
Zillya 20151220
Zoner 20151221
The file being studied is an Apple Disk Image! More specifically it follows the Universal Disk Image Format, commonly found with the DMG extension.
File signature
Identifier ClientConnect.DownloadManager
Format bundle with Mach-O thin (x86_64)
CDHash c8cfb90e0907c0043ef74783bac0629289ec91b0
Signature size 8535
Authority Developer ID Application: Client Connect LTD (4G924YB67N)
Authority Developer ID Certification Authority
Authority Apple Root CA
Timestamp Sep 11, 2014, 7:47:48 PM
Info.plist entries 35
TeamIdentifier not set
Main executable
Package path /Skype.app/Contents/MacOS/DownloadManager
Detection ratio 0 / 57 when this report was generated
File size 248656 Bytes
HFS File ID 28
DMG HFS Property List
DTPlatformVersion GM
ccmPublisherInternalId 198
CFBundleInfoDictionaryVersion 6.0
NSHumanReadableCopyright Copyright © 2014 Perion. All rights reserved.
ccmPublisherAccountId A-480753
DTXcodeBuild 5B1008
CFBundleIdentifier ClientConnect.DownloadManager
DTSDKName macosx10.9
DTSDKBuild 13C64
ccmDecisionEngineUrl http://engine.dmccint.com/DecisionEngine.ashx
ccmMainOfferId 1546809
CFBundleShortVersionString 1.5.0.3
BuildMachineOSBuild 13C1021
SMPrivilegedExecutables com.ClientConnect.DownloadManagerHelper: anchor apple generic and identifier "com.ClientConnect.DownloadManagerHelper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4G924YB67N")
ccmDecisionEngineUrl_test http://localhost/downloadManagerTests/decisionEngine.php
CFBundleExecutable DownloadManager
LSMinimumSystemVersion 10.7
CFBundleVersion 1.5.0.3
ccmFileName Skype
ccmUsageUrl_test http://localhost/downloadManagerTests/usage.php
ccmBundleId 5ddbdf16-72a5-4b51-a9db-5678347217bc
ccmUsageUrl http://ude.databssint.com/
CFBundleIconFile appIcon
DTPlatformBuild 5B1008
NSMainNibFile MainMenu
DTXcode 0511
CFBundleDevelopmentRegion en
ccmPublisherName Incredimail / Perion
DTCompiler com.apple.compilers.llvm.clang.1_0
CFBundleSignature ????
ccmMainOfferUrl http://dmui.dmccint.com/MainOffer/1543745/
CFBundleName Skype
CFBundlePackageType APPL
NSPrincipalClass NSApplication
ccmGlobalPageUrl http://dmui.dmccint.com/Global/GlobalPage/1543745/
Contained Mac OS X executables
BLKX Table
Entry Attributes
Protective Master Boot Record (MBR : 0) 0x0050
GPT Header (Primary GPT Header : 1) 0x0050
GPT Partition Data (Primary GPT Table : 2) 0x0050
(Apple_Free : 3) 0x0050
disk image (Apple_HFS : 4) 0x0050
(Apple_Free : 5) 0x0050
GPT Partition Data (Backup GPT Table : 6) 0x0050
GPT Header (Backup GPT Header : 7) 0x0050
DMG XML Property List
Entry Attributes
ID:0 0x0050
DMG structural properties
DMG version
4
Data fork offset
0x0
Data fork length
688454
Resource fork offset
0x0
Resource fork length
0
Resource fork keys
blkx, plst
Running data fork offset
0x0
XML offset
0x688454
XML length
8979
PLST keys
resource-fork
File identification
MD5 53974ff85e93aba4610aeabde0f3cd55
SHA1 2a52108e2ff2993a0b5dee6f6f5ea0e1db6ec2d6
SHA256 b3606a398ddcbc2833024e128d225f28d6801325be2b3c63a8571a169690376e
ssdeep
12288:0d836NqyulnAvaqH4WH2phgPn8VIqmcHqR5ff8yzqw1b5YmgQGuJ4V0lr4mKDgBg:Eme7ulAxeqn8VB8nffFzhjjJ4OyDgBT9

File size 681.6 KB ( 697945 bytes )
File type Macintosh Disk Image
Magic literal
VAX COFF executable - version 3078

TrID Disk Image (Macintosh) (50.0%)
XMill compressed XML (50.0%)
Tags
dmg

VirusTotal metadata
First submission 2015-03-19 15:55:46 UTC ( 3 years, 3 months ago )
Last submission 2015-10-27 09:59:19 UTC ( 2 years, 7 months ago )
File names Skype_TSV51P1YJ.dmg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections