× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bec7bfc5375dd1c4bac23121c8d83b80f484cd53261f0d3f9f3f64177e4b7caf
File name: activity_agent
Detection ratio: 28 / 61
Analysis date: 2018-04-11 00:39:59 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.MAC.Proton.A 20180410
ALYac Trojan.MAC.Proton.A 20180410
Avast MacOS:Proton-B [Trj] 20180410
AVG MacOS:Proton-B [Trj] 20180410
Avira (no cloud) OSX/Proton.AB 20180410
BitDefender Trojan.MAC.Proton.A 20180410
ClamAV Osx.Malware.Proton-6399553-0 20180410
Comodo .UnclassifiedMalware 20180410
DrWeb Mac.BackDoor.Proton.2 20180410
Emsisoft Trojan.MAC.Proton.A (B) 20180410
Endgame malicious (high confidence) 20180403
ESET-NOD32 OSX/Proton.A 20180410
F-Secure Trojan.MAC.Proton.A 20180410
GData Trojan.MAC.Proton.A 20180410
Ikarus Trojan.OSX.Proton.A 20180410
K7GW Trojan ( 3ac077771 ) 20180410
Kaspersky HEUR:Backdoor.OSX.Proton.b 20180410
MAX malware (ai score=82) 20180411
McAfee OSX/Proton.a 20180410
McAfee-GW-Edition OSX/Proton.a 20180410
eScan Trojan.MAC.Proton.A 20180410
NANO-Antivirus Trojan.Mac.Proton.eojkaz 20180410
Panda OSX/BHT.O 20180410
Sophos AV OSX/Proton-A 20180411
Symantec OSX.Trojan.Gen 20180411
Tencent Win32.Backdoor.Proton.Wogj 20180411
TrendMicro-HouseCall Suspicious_GEN.F47V0328 20180411
ZoneAlarm by Check Point HEUR:Backdoor.OSX.Proton.b 20180410
AegisLab 20180410
AhnLab-V3 20180410
Alibaba 20180410
Antiy-AVL 20180410
Arcabit 20180410
Avast-Mobile 20180410
AVware 20180410
Baidu 20180410
Bkav 20180410
CAT-QuickHeal 20180410
CMC 20180410
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180411
Cyren 20180410
eGambit 20180411
F-Prot 20180410
Fortinet 20180410
Sophos ML 20180121
Jiangmin 20180410
K7AntiVirus 20180410
Kingsoft 20180411
Malwarebytes 20180410
Microsoft 20180410
nProtect 20180410
Palo Alto Networks (Known Signatures) 20180411
Qihoo-360 20180411
Rising 20180411
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180411
Symantec Mobile Insight 20180406
TheHacker 20180410
TotalDefense 20180411
TrendMicro 20180411
Trustlook 20180411
VBA32 20180410
VIPRE 20180411
ViRobot 20180410
Webroot 20180411
WhiteArmor 20180408
Yandex 20180410
Zillya 20180410
Zoner 20180410
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for x86_64 based machines.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x100001180
Reserved 0x0
Load commands 24
Load commands size 4312
Flags DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 6a2d0c8b20efc3fa283176a4bc76d6fd
SHA1 a1d23706522fcc5be456e45a9a64ef6d1275cea1
SHA256 bec7bfc5375dd1c4bac23121c8d83b80f484cd53261f0d3f9f3f64177e4b7caf
ssdeep
6144:38kae8WUmYKNU3d99FRPJ7k7EGtlqzYcdde7DLFdI0ZhAfvoYCMnnmB:ueedzFxGtlqxmLwQhMvo9Mni

File size 457.6 KB ( 468572 bytes )
File type Mach-O
Magic literal
Mach-O 64-bit executable

TrID Mac OS X Mach-O 64bit Intel executable (100.0%)
Tags
64bits macho via-tor

VirusTotal metadata
First submission 2017-05-05 17:45:12 UTC ( 1 year, 3 months ago )
Last submission 2018-03-28 05:59:16 UTC ( 5 months ago )
File names activity_agent
activity_agent
HandBrake
HandBrake
activity_agent
activity_agent
activity_agent
6a2d0c8b20efc3fa283176a4bc76d6fd.bin
activity_agent
activity_agent
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Created processes