× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9fb26c553e793ac4c598a67447f67c85eb9e561a9b7722667f7f45e34e2f71c
File name: vti-rescan
Detection ratio: 28 / 56
Analysis date: 2017-06-07 08:11:15 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Application.MAC.OSX.KextLogger.A 20170607
AegisLab Monitor.OSX.LogKext.e!c 20170607
AhnLab-V3 OSX64-AppCare/Logkext 20170606
Arcabit Application.MAC.OSX.KextLogger.A 20170607
Avast MacOS:LogKext-I [PUP] 20170607
AVG OSX/LogKext.F 20170606
Avira (no cloud) SPR/OSX.LogKext.2 20170607
BitDefender Application.MAC.OSX.KextLogger.A 20170607
CAT-QuickHeal Trojan.MacOSX.Keylogger.D 20170607
ClamAV Osx.Malware.Agent-1438495 20170607
DrWeb Program.Keylogger.88 20170607
Emsisoft Application.MAC.OSX.KextLogger.A (B) 20170607
ESET-NOD32 OSX/LogKext.A potentially unsafe 20170607
F-Secure Riskware:OSX/LogKext 20170607
GData Application.MAC.OSX.KextLogger.A 20170607
Ikarus not-a-virus:Monitor.OSX.LogKext 20170607
K7AntiVirus Trojan ( 0001140e1 ) 20170607
K7GW Trojan ( 0001140e1 ) 20170607
Kaspersky not-a-virus:Monitor.OSX.LogKext.e 20170607
McAfee OSX/Generics.v 20170607
McAfee-GW-Edition OSX/Generics.v 20170606
eScan Application.MAC.OSX.KextLogger.A 20170607
NANO-Antivirus Riskware.Mac.Keylogger.djpobp 20170607
Qihoo-360 Win32/Application.701 20170607
Sophos AV Generic PUA NI (PUA) 20170607
Symantec OSX.Klog.A!gen1 20170607
Webroot W32.Malware.Gen 20170607
ZoneAlarm by Check Point not-a-virus:Monitor.OSX.LogKext.e 20170607
Alibaba 20170607
ALYac 20170607
AVware 20170607
Baidu 20170601
Bkav 20170606
CMC 20170606
Comodo 20170607
CrowdStrike Falcon (ML) 20170420
Cyren 20170607
Endgame 20170515
F-Prot 20170607
Fortinet 20170607
Sophos ML 20170604
Jiangmin 20170607
Kingsoft 20170607
Malwarebytes 20170607
Microsoft 20170607
nProtect 20170607
Palo Alto Networks (Known Signatures) 20170607
Panda 20170606
Rising 20170605
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170607
Symantec Mobile Insight 20170606
Tencent 20170607
TheHacker 20170605
TotalDefense 20170607
TrendMicro 20170607
TrendMicro-HouseCall 20170607
Trustlook 20170607
VBA32 20170606
VIPRE 20170607
ViRobot 20170607
WhiteArmor 20170601
Yandex 20170606
Zillya 20170606
Zoner 20170607
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 3 Mach-O files.
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 3 Mach-Os in a FAT binary. Details about each Mach-O file follow.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x1000008c8
Reserved 0x0
Load commands 16
Load commands size 2064
File segments
Shared libraries
Load commands
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x17e4
Load commands 16
Load commands size 1732
File segments
Shared libraries
Load commands
File header
File type 0x2000000
Magic 0xcefaedfe
Required architecture 0x12000000
Sub-architecture 167772160
Load commands 251658240
Load commands size 2953183232
Flags 0x84000000
Load commands
Execution parents
Compressed bundles
File identification
MD5 c5b4543b7597eb5fb462b31bde1d5aae
SHA1 a4dad891fcb3d2993a44aeb4193246b577faf9cb
SHA256 b9fb26c553e793ac4c598a67447f67c85eb9e561a9b7722667f7f45e34e2f71c

File size 71.3 KB ( 72976 bytes )
File type Mach-O
Magic literal
Mach-O fat file with 3 architectures

TrID Mac OS X Universal Binary executable (100.0%)
64bits multi-arch macho

VirusTotal metadata
First submission 2013-09-08 19:14:24 UTC ( 4 years ago )
Last submission 2014-12-01 09:29:08 UTC ( 2 years, 9 months ago )
File names vti-rescan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
HTTP requests
DNS requests
TCP connections