× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5030830203c3bf67ef49af6908cbeb6aa234fe0346d8d9ebf85d4dd5d7482be
File name: vti-rescan
Detection ratio: 28 / 55
Analysis date: 2016-11-27 15:08:40 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware MAC.OSX.Trojan.FlashBack.T 20161127
AhnLab-V3 OSX64-Trojan/Flashback 20161127
ALYac MAC.OSX.Trojan.FlashBack.T 20161127
Arcabit MAC.OSX.Trojan.FlashBack.T 20161127
Avast MacOS:Flashback-F [Trj] 20161127
AVG OSX/Flashback 20161127
Avira (no cloud) OSX/Flashback.A.2 20161127
BitDefender MAC.OSX.Trojan.FlashBack.T 20161127
CAT-QuickHeal Backdoor.MacOSX.Flashback.A 20161126
ClamAV Win.Trojan.Flashback-24 20161127
Comodo UnclassifiedMalware 20161127
DrWeb BackDoor.Flashback.10 20161127
Emsisoft MAC.OSX.Trojan.FlashBack.T (B) 20161127
ESET-NOD32 a variant of OSX/Flashback.A 20161127
F-Secure Trojan-Downloader:OSX/Flashback.A 20161127
GData MAC.OSX.Trojan.FlashBack.T 20161127
Ikarus Trojan-Downloader.OSX.Flashfake 20161127
Kaspersky Trojan-Downloader.OSX.Flashfake.a 20161127
McAfee OSX/Flashfake.c 20161127
McAfee-GW-Edition OSX/Flashfake.c 20161127
Microsoft Backdoor:MacOS_X/Flashback.A 20161127
eScan MAC.OSX.Trojan.FlashBack.T 20161127
NANO-Antivirus Trojan.Mac.Flashfake.bmwwrz 20161127
Qihoo-360 Win32/Trojan.3a3 20161127
Sophos OSX/Flshplyr-A 20161127
Symantec Trojan.Gen.2 20161127
Tencent Win32.Trojan-downloader.Flashfake.Llhk 20161127
Zillya Trojan.Flashback.OSX.254 20161125
AegisLab 20161127
Alibaba 20161125
Antiy-AVL 20161127
AVware 20161127
Baidu 20161126
Bkav 20161126
CMC 20161127
CrowdStrike Falcon (ML) 20161024
Cyren 20161127
F-Prot 20161127
Fortinet 20161127
Invincea 20161018
Jiangmin 20161124
K7AntiVirus 20161127
K7GW 20161127
Kingsoft 20161127
Malwarebytes 20161127
nProtect 20161127
Panda 20161127
Rising 20161127
SUPERAntiSpyware 20161127
TheHacker 20161126
TotalDefense 20161127
TrendMicro 20161127
TrendMicro-HouseCall 20161127
Trustlook 20161127
VBA32 20161125
VIPRE 20161127
ViRobot 20161127
WhiteArmor 20161125
Yandex 20161127
Zoner 20161127
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for x86_64 based machines.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x1000014dc
Reserved 0x0
Load commands 19
Load commands size 2544
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 3c54b107dc35a114b0445e9b5aeb5b68
SHA1 d2df0d6dcc12e23c9e018cc67fb76c4b33704ec2
SHA256 c5030830203c3bf67ef49af6908cbeb6aa234fe0346d8d9ebf85d4dd5d7482be
ssdeep
384:1CWL1b5M76YZ7lXqNCfkvBeBr2Sa//PGfb4yr398GQMu9tExTOdNQpY7kcu6nS65:1CM0NtqNCfkvyG/eT9B8GQZwCNnnSjg

File size 44.6 KB ( 45688 bytes )
File type Mach-O
Magic literal
Mach-O 64-bit executable

TrID Mac OS X Mach-O 64bit Intel executable (100.0%)
Tags
64bits macho

VirusTotal metadata
First submission 2013-04-01 17:30:11 UTC ( 3 years, 11 months ago )
Last submission 2014-12-01 05:25:18 UTC ( 2 years, 3 months ago )
File names 3c54b107dc35a114b0445e9b5aeb5b68.d2df0d6dcc12e23c9e018cc67fb76c4b33704ec2
vti-rescan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Created processes
HTTP requests
DNS requests
TCP connections