× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6817f619107402628ffdaa17272b57b8edf3375c10305de6e063479a35f4735
File name: WineBottler.app.zip
Detection ratio: 2 / 61
Analysis date: 2018-01-02 19:27:59 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
Jiangmin Trojan/Genome.dlco 20180102
TrendMicro-HouseCall Suspicious_GEN.F47V1006 20180102
Ad-Aware 20171225
AegisLab 20180102
AhnLab-V3 20180102
Alibaba 20180102
ALYac 20180102
Antiy-AVL 20180102
Arcabit 20180102
Avast 20180102
Avast-Mobile 20180102
AVG 20180102
Avira (no cloud) 20180102
AVware 20180102
Baidu 20180102
BitDefender 20180102
Bkav 20180102
CAT-QuickHeal 20180102
ClamAV 20180102
CMC 20180102
Comodo 20180102
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180102
Cyren 20180102
DrWeb 20180102
eGambit 20180102
Emsisoft 20180102
Endgame 20171130
ESET-NOD32 20180102
F-Prot 20180102
F-Secure 20180102
Fortinet 20180102
GData 20180102
Ikarus 20180102
Sophos ML 20170914
K7AntiVirus 20180102
K7GW 20180102
Kaspersky 20180102
Kingsoft 20180102
Malwarebytes 20180102
MAX 20180102
McAfee 20180102
McAfee-GW-Edition 20180102
Microsoft 20180102
eScan 20180102
NANO-Antivirus 20180102
nProtect 20180102
Palo Alto Networks (Known Signatures) 20180102
Panda 20180102
Qihoo-360 20180102
Rising 20171230
SentinelOne (Static ML) 20171224
Sophos AV 20180102
SUPERAntiSpyware 20180102
Symantec 20180102
Tencent 20180102
TheHacker 20180102
TrendMicro 20180102
Trustlook 20180102
VBA32 20171229
VIPRE 20180102
ViRobot 20180102
Webroot 20180102
WhiteArmor 20171226
Yandex 20171229
Zillya 20180102
ZoneAlarm by Check Point 20180102
Zoner 20180102
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
File signature
Identifier org.kronenberg.WineBottler
Format bundle with Mach-O thin (x86_64)
CDHash cdd8d7595b960486562d6c10a0a53f3e6cb6d907
Signature size 4604
Authority Developer ID Application: Tapenta GmbH (S3B4DFK8MA)
Authority Developer ID Certification Authority
Authority Apple Root CA
Info.plist entries 24
TeamIdentifier S3B4DFK8MA
Signers
[+] Tapenta GmbH
Status Valid
Issuer Apple Inc.
Valid from 07:18 AM 05/16/2017
Valid to 07:18 AM 05/17/2022
Valid usage Digital Signature, Code Signing
Algorithm sha256WithRSAEncryption
Thumbprint E3B179BDE55EF7F45535DA43E4CA683CBBA106FF
Serial number 7E 37 52 0F 7A FB 35 51
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 10:12 PM 02/01/2012
Valid to 10:12 PM 02/01/2027
Valid usage Digital Signature, Certificate Sign, CRL Sign
Algorithm sha256WithRSAEncryption
Thumbprint 3B166C3B7DC4B751C9FE2AFAB9135641E388E186
Serial number 18 7A A9 A8 C2 96 21 0C
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 09:40 PM 04/25/2006
Valid to 09:40 PM 02/09/2035
Valid usage Certificate Sign, CRL Sign
Algorithm sha1WithRSAEncryption
Thumbprint 611E5B662C593A08FF58D14AE22452D198DF6C60
Serial number 2
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
439
Uncompressed size
8127785
Highest datetime
2017-08-20 14:32:58
Lowest datetime
2017-08-17 03:45:26
Contained files by extension
png
51
h
42
nib
38
sh
37
exe
6
svg
1
pem
1
Contained files by type
unknown
128
directory
123
PNG
51
Mac OS X Executable
47
XML
40
script
37
HTML
7
Portable Executable
6
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
0

ZipCompressedSize
2

FileTypeExtension
zip

ZipFileName
WineBottler.app/

ZipBitFlag
0x0800

ZipModifyDate
2017:08:20 14:32:29

File identification
MD5 41d9a037292bf535007dee5fbeb1eb19
SHA1 e9569384f3b6dcc2d186f7ff08235e9e65b07177
SHA256 e6817f619107402628ffdaa17272b57b8edf3375c10305de6e063479a35f4735
ssdeep
98304:9HKOBPr+9QSHm0ONOyOt2QOtOyOhxjjK8O9OyOd2kOpOCOJ6:9HhdC9QSHmg2KxjKA2i6

File size 3.5 MB ( 3692483 bytes )
File type ZIP
Magic literal
Zip archive data, at least v2.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
mac-app contains-pe contains-macho zip

VirusTotal metadata
First submission 2017-10-06 16:19:36 UTC ( 3 months, 2 weeks ago )
Last submission 2018-01-02 19:27:59 UTC ( 2 weeks, 2 days ago )
File names WineBottler.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections