× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f26de7ac60f6ce9b474017f1f21b1498bc5aa796f276c584696d127c53262002
File name: Wine.app.zip
Detection ratio: 1 / 34
Analysis date: 2017-11-19 20:32:19 UTC ( 3 months ago )
Antivirus Result Update
TheHacker Trojan/Jorik.Gbot.rdq 20171117
Ad-Aware 20171119
AhnLab-V3 20171119
Alibaba 20170911
ALYac 20171119
Antiy-AVL 20171119
Arcabit 20171119
Avast-Mobile 20171119
Avira (no cloud) 20171119
AVware 20171118
Baidu 20171117
Bkav 20171118
CAT-QuickHeal 20171118
ClamAV 20171119
CrowdStrike Falcon (ML) 20171016
Cybereason None
eGambit 20171119
Emsisoft 20171119
Endgame 20171024
Fortinet 20171119
Sophos ML 20170914
K7AntiVirus 20171117
K7GW 20171119
Kingsoft 20171119
Malwarebytes 20171119
MAX 20171119
eScan 20171119
nProtect 20171119
Palo Alto Networks (Known Signatures) 20171119
Qihoo-360 20171119
SentinelOne (Static ML) 20171113
Sophos AV 20171119
SUPERAntiSpyware 20171119
Symantec 20171118
Symantec Mobile Insight 20171117
Tencent 20171119
Trustlook 20171119
VIPRE 20171119
ViRobot 20171119
WhiteArmor 20171104
Yandex 20171118
ZoneAlarm by Check Point 20171119
Zoner 20171119
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
File signature
Identifier org.kronenberg.Wine
Format app bundle with Mach-O thin (x86_64)
OSPlatform 36
OSSDKVersion 658432
OSVersionMin 656896
CandidateCDHash sha1 adce28e45bc3ca0afd162649a336ec3b7ab3bbe8
CandidateCDHash sha256 709ae34ca0c02db67372ba9e9b603a532975bd42
Hash choices sha1,sha256
Page size 4096
CDHash 709ae34ca0c02db67372ba9e9b603a532975bd42
Signature size 4604
Authority Developer ID Application: Tapenta GmbH (S3B4DFK8MA)
Authority Developer ID Certification Authority
Authority Apple Root CA
Signed Time Aug 20, 2017, 6:33:05 PM
Info.plist entries 26
TeamIdentifier S3B4DFK8MA
Signers
[+] Tapenta GmbH
Status Valid
Issuer Apple Inc.
Valid from 07:18 AM 05/16/2017
Valid to 07:18 AM 05/17/2022
Valid usage Digital Signature, Code Signing
Algorithm sha256WithRSAEncryption
Thumbprint E3B179BDE55EF7F45535DA43E4CA683CBBA106FF
Serial number 7E 37 52 0F 7A FB 35 51
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 10:12 PM 02/01/2012
Valid to 10:12 PM 02/01/2027
Valid usage Digital Signature, Certificate Sign, CRL Sign
Algorithm sha256WithRSAEncryption
Thumbprint 3B166C3B7DC4B751C9FE2AFAB9135641E388E186
Serial number 18 7A A9 A8 C2 96 21 0C
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 09:40 PM 04/25/2006
Valid to 09:40 PM 02/09/2035
Valid usage Certificate Sign, CRL Sign
Algorithm sha1WithRSAEncryption
Thumbprint 611E5B662C593A08FF58D14AE22452D198DF6C60
Serial number 2
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
10862
Uncompressed size
37271833
Highest datetime
2017-11-19 15:31:38
Lowest datetime
2017-08-17 02:08:30
Contained files by extension
la
180
so
142
sh
16
nib
8
h
8
png
6
d/
3
0
3
a
2
exe
2
1
2
2
2
pl
2
14/
2
9
2
pem
2
_A
2
5
2
0/
2
d
2
14
1
Contained files by type
unknown
704
Mac OS X Executable
183
directory
64
script
37
XML
6
PNG
3
HTML
2
Portable Executable
1
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
Wine.app/

ZipBitFlag
0

ZipModifyDate
2017:08:20 14:33:02

File identification
MD5 cac0441b05540079b61e77b980497787
SHA1 3067f4efe726d6b2ef5e2b4751f5fbc288ea0d00
SHA256 f26de7ac60f6ce9b474017f1f21b1498bc5aa796f276c584696d127c53262002
ssdeep
3145728:HtIZmtXG1K8ouKvxWiUWdC6lcfKolEuzf23ETZEOupp:HtigW1KtJUtX6lUEuzTaOe

File size 139.8 MB ( 146545942 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID Mozilla Firefox browser extension (42.1%)
Mozilla Archive Format (gen) (36.8%)
ZIP compressed archive (21.0%)
Tags
mac-app contains-pe contains-macho signed zip

VirusTotal metadata
First submission 2017-11-19 20:32:19 UTC ( 3 months ago )
Last submission 2017-11-19 20:32:19 UTC ( 3 months ago )
File names Wine.app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections