× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9fb26c553e793ac4c598a67447f67c85eb9e561a9b7722667f7f45e34e2f71c
File name: vti-rescan
Detection ratio: 26 / 55
Analysis date: 2016-11-27 15:08:14 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Application.MAC.OSX.KextLogger.A 20161127
AegisLab Monitor.OSX.LogKext.e!c 20161127
AhnLab-V3 OSX64-AppCare/Logkext 20161127
Arcabit Application.MAC.OSX.KextLogger.A 20161127
Avast MacOS:LogKext-I [PUP] 20161127
AVG OSX/LogKext.F 20161127
Avira (no cloud) SPR/OSX.LogKext.2 20161127
BitDefender Application.MAC.OSX.KextLogger.A 20161127
CAT-QuickHeal Trojan.MacOSX.Keylogger.D 20161126
ClamAV Osx.Malware.Agent-1438495 20161127
DrWeb Program.Keylogger.88 20161127
ESET-NOD32 OSX/LogKext.A potentially unsafe 20161127
F-Secure Riskware:OSX/LogKext 20161127
GData Application.MAC.OSX.KextLogger.A 20161127
Ikarus not-a-virus:Monitor.OSX.LogKext 20161127
K7AntiVirus Trojan ( 0001140e1 ) 20161127
K7GW Trojan ( 0001140e1 ) 20161127
Kaspersky not-a-virus:Monitor.OSX.LogKext.e 20161127
McAfee OSX/Generics.v 20161127
McAfee-GW-Edition OSX/Generics.v 20161127
eScan Application.MAC.OSX.KextLogger.A 20161127
NANO-Antivirus Riskware.Mac.Keylogger.djpobp 20161127
Qihoo-360 Win32/Application.701 20161127
Sophos Generic PUA NI (PUA) 20161127
Symantec OSX.Klog.A!gen1 20161127
TrendMicro-HouseCall HO_KEXTLOGGER.MSGKC15 20161127
Alibaba 20161125
ALYac 20161127
Antiy-AVL 20161127
AVware 20161127
Baidu 20161126
Bkav 20161126
CMC 20161127
Comodo 20161127
CrowdStrike Falcon (ML) 20161024
Cyren 20161127
Emsisoft 20161127
F-Prot 20161127
Fortinet 20161127
Invincea 20161018
Jiangmin 20161124
Kingsoft 20161127
Malwarebytes 20161127
Microsoft 20161127
nProtect 20161127
Panda 20161127
Rising 20161127
SUPERAntiSpyware 20161127
Tencent 20161127
TheHacker 20161126
TotalDefense 20161127
TrendMicro 20161127
Trustlook 20161127
VBA32 20161125
VIPRE 20161127
ViRobot 20161127
WhiteArmor 20161125
Yandex 20161127
Zillya 20161125
Zoner 20161127
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 3 Mach-O files.
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 3 Mach-Os in a FAT binary. Details about each Mach-O file follow.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x1000008c8
Reserved 0x0
Load commands 16
Load commands size 2064
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x17e4
Load commands 16
Load commands size 1732
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File header
File type 0x2000000
Magic 0xcefaedfe
Required architecture 0x12000000
Sub-architecture 167772160
Load commands 251658240
Load commands size 2953183232
Flags 0x84000000
FORCE_FLAT
NO_HEAP_EXECUTION
Load commands
Execution parents
Compressed bundles
File identification
MD5 c5b4543b7597eb5fb462b31bde1d5aae
SHA1 a4dad891fcb3d2993a44aeb4193246b577faf9cb
SHA256 b9fb26c553e793ac4c598a67447f67c85eb9e561a9b7722667f7f45e34e2f71c
ssdeep
768:xeMTPMBnAb62DnaO4JqRALdx2K1qzU5IeOhQs6Me:5TPqnAb1azUALzCSnsQL

File size 71.3 KB ( 72976 bytes )
File type Mach-O
Magic literal
Mach-O fat file with 3 architectures

TrID Mac OS X Universal Binary executable (100.0%)
Tags
64bits multi-arch macho

VirusTotal metadata
First submission 2013-09-08 19:14:24 UTC ( 3 years, 6 months ago )
Last submission 2014-12-01 09:29:08 UTC ( 2 years, 3 months ago )
File names vti-rescan
logKextClient
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Created processes
HTTP requests
DNS requests
TCP connections