× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d295807085c96cabe5b4344d0ff2a6eaea6b7eecece859cedf61584670cd4fdf
File name: Telegram
Detection ratio: 0 / 61
Analysis date: 2018-03-06 01:21:11 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180306
AegisLab 20180306
AhnLab-V3 20180305
Alibaba 20180305
ALYac 20180306
Antiy-AVL 20180306
Arcabit 20180306
Avast 20180306
Avast-Mobile 20180305
AVG 20180306
Avira (no cloud) 20180306
AVware 20180306
Baidu 20180305
BitDefender 20180306
Bkav 20180305
CAT-QuickHeal 20180305
ClamAV 20180306
CMC 20180305
Comodo 20180306
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180306
Cyren 20180306
DrWeb 20180306
eGambit 20180306
Emsisoft 20180306
Endgame 20180303
ESET-NOD32 20180306
F-Prot 20180306
F-Secure 20180306
Fortinet 20180306
GData 20180306
Ikarus 20180305
Sophos ML 20180121
Jiangmin 20180305
K7AntiVirus 20180305
K7GW 20180306
Kaspersky 20180306
Kingsoft 20180306
Malwarebytes 20180306
MAX 20180306
McAfee 20180305
McAfee-GW-Edition 20180305
Microsoft 20180306
eScan 20180305
NANO-Antivirus 20180305
nProtect 20180306
Palo Alto Networks (Known Signatures) 20180306
Panda 20180305
Qihoo-360 20180306
Rising 20180306
SentinelOne (Static ML) 20180225
Sophos AV 20180306
SUPERAntiSpyware 20180306
Symantec 20180305
Symantec Mobile Insight 20180220
Tencent 20180306
TheHacker 20180305
TotalDefense 20180305
TrendMicro 20180305
TrendMicro-HouseCall 20180305
Trustlook 20180306
VBA32 20180305
VIPRE 20180305
ViRobot 20180305
Webroot 20180306
WhiteArmor 20180223
Yandex 20180303
Zillya 20180305
ZoneAlarm by Check Point 20180306
Zoner 20180306
The file being studied is a Mac OS X executable! More specifically it is a executable file Mach-O for x86_64 based machines.
File signature
Identifier com.tdesktop.Telegram
Format Mach-O thin (x86_64)
CDHash 0c315b150ea12e5383802648d1785904f244c814
Signature size 8559
Authority Developer ID Application: John Preston (63FLR8MQA9)
Authority Developer ID Certification Authority
Authority Apple Root CA
Timestamp Oct 15, 2015, 1:25:43 AM
Info.plist not bound
TeamIdentifier 63FLR8MQA9
Sealed Resources none
Interesting properties
This file seems to extract from its body and drop some additional Mach-O files.
This file is signed by Apple's Root Certificate Authority.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x94f0
Reserved 0x0
Load commands 43
Load commands size 5880
Flags BINDS_TO_WEAK
DYLDLINK
NOUNDEFS
PIE
TWOLEVEL
File segments
Shared libraries
Load commands
Compressed bundles
File identification
MD5 323f47b5fb019ac791e882b4a7914bce
SHA1 a15dc7d0af1aea9ccce68fa88df0884de2dd7e3f
SHA256 d295807085c96cabe5b4344d0ff2a6eaea6b7eecece859cedf61584670cd4fdf
ssdeep
393216:ve89jFghTIQ2d9aDCxg4XsL8jMz0htDL3YVkcUIgLy5pEJsv6tWKFdu9Ct3Bj:NjRdMCbimAkKyV

File size 42.3 MB ( 44378736 bytes )
File type Mach-O
Magic literal
Mach-O 64-bit executable

TrID Mac OS X Mach-O 64bit Intel executable (100.0%)
Tags
64bits macho dropper signed

VirusTotal metadata
First submission 2015-10-28 17:45:24 UTC ( 3 years ago )
Last submission 2015-10-28 17:45:24 UTC ( 3 years ago )
File names Telegram
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections