× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9fb26c553e793ac4c598a67447f67c85eb9e561a9b7722667f7f45e34e2f71c
File name: vti-rescan
Detection ratio: 28 / 57
Analysis date: 2017-04-17 11:00:47 UTC ( 5 days, 20 hours ago )
Antivirus Result Update
Ad-Aware Application.MAC.OSX.KextLogger.A 20170417
AegisLab Monitor.OSX.LogKext.e!c 20170417
AhnLab-V3 OSX64-AppCare/Logkext 20170417
Arcabit Application.MAC.OSX.KextLogger.A 20170417
Avast MacOS:LogKext-I [PUP] 20170417
AVG OSX/LogKext.F 20170417
Avira (no cloud) SPR/OSX.LogKext.2 20170417
BitDefender Application.MAC.OSX.KextLogger.A 20170417
CAT-QuickHeal Trojan.MacOSX.Keylogger.D 20170417
ClamAV Osx.Malware.Agent-1438495 20170417
DrWeb Program.Keylogger.88 20170417
Emsisoft Application.MAC.OSX.KextLogger.A (B) 20170417
ESET-NOD32 OSX/LogKext.A potentially unsafe 20170417
F-Secure Riskware:OSX/LogKext 20170417
GData Application.MAC.OSX.KextLogger.A 20170417
Ikarus not-a-virus:Monitor.OSX.LogKext 20170417
K7AntiVirus Trojan ( 0001140e1 ) 20170417
K7GW Trojan ( 0001140e1 ) 20170417
Kaspersky not-a-virus:Monitor.OSX.LogKext.e 20170417
McAfee OSX/Generics.v 20170417
McAfee-GW-Edition OSX/Generics.v 20170417
eScan Application.MAC.OSX.KextLogger.A 20170417
NANO-Antivirus Riskware.Mac.Keylogger.djpobp 20170416
Qihoo-360 Win32/Application.701 20170417
Sophos Generic PUA NI (PUA) 20170417
Symantec OSX.Klog.A!gen1 20170416
Webroot W32.Malware.Gen 20170417
ZoneAlarm by Check Point not-a-virus:Monitor.OSX.LogKext.e 20170417
Alibaba 20170417
ALYac 20170417
Antiy-AVL 20170417
AVware 20170410
Baidu 20170417
Bkav 20170415
CMC 20170417
Comodo 20170417
CrowdStrike Falcon (ML) 20170130
Cyren 20170417
Endgame 20170413
F-Prot 20170417
Fortinet 20170417
Invincea 20170413
Jiangmin 20170417
Kingsoft 20170417
Malwarebytes 20170417
Microsoft 20170417
nProtect 20170417
Palo Alto Networks (Known Signatures) 20170417
Panda 20170417
Rising 20170417
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170417
Symantec Mobile Insight 20170414
Tencent 20170417
TheHacker 20170416
TotalDefense 20170417
TrendMicro 20170417
TrendMicro-HouseCall 20170417
Trustlook 20170417
VBA32 20170417
VIPRE 20170417
ViRobot 20170417
WhiteArmor 20170409
Yandex 20170417
Zillya 20170414
Zoner 20170417
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 3 Mach-O files.
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 3 Mach-Os in a FAT binary. Details about each Mach-O file follow.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x1000008c8
Reserved 0x0
Load commands 16
Load commands size 2064
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x17e4
Load commands 16
Load commands size 1732
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File header
File type 0x2000000
Magic 0xcefaedfe
Required architecture 0x12000000
Sub-architecture 167772160
Load commands 251658240
Load commands size 2953183232
Flags 0x84000000
FORCE_FLAT
NO_HEAP_EXECUTION
Load commands
Execution parents
Compressed bundles
File identification
MD5 c5b4543b7597eb5fb462b31bde1d5aae
SHA1 a4dad891fcb3d2993a44aeb4193246b577faf9cb
SHA256 b9fb26c553e793ac4c598a67447f67c85eb9e561a9b7722667f7f45e34e2f71c
ssdeep
768:xeMTPMBnAb62DnaO4JqRALdx2K1qzU5IeOhQs6Me:5TPqnAb1azUALzCSnsQL

File size 71.3 KB ( 72976 bytes )
File type Mach-O
Magic literal
Mach-O fat file with 3 architectures

TrID Mac OS X Universal Binary executable (100.0%)
Tags
64bits multi-arch macho

VirusTotal metadata
First submission 2013-09-08 19:14:24 UTC ( 3 years, 7 months ago )
Last submission 2014-12-01 09:29:08 UTC ( 2 years, 4 months ago )
File names vti-rescan
logKextClient
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Created processes
HTTP requests
DNS requests
TCP connections