× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9e159089b3edeaf85c4dd05d86338c2d7dc17e03e95040d63a9cba73be9e2f9
File name: WineBottler .app.zip
Detection ratio: 1 / 53
Analysis date: 2016-07-07 08:15:55 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Jiangmin Trojan/Genome.dlco 20160707
Ad-Aware 20160707
AegisLab 20160707
AhnLab-V3 20160706
Alibaba 20160707
ALYac 20160707
Antiy-AVL 20160707
Arcabit 20160707
Avast 20160707
AVG 20160707
AVware 20160707
Baidu 20160706
BitDefender 20160707
Bkav 20160706
CAT-QuickHeal 20160707
ClamAV 20160707
CMC 20160704
Comodo 20160707
Cyren 20160707
DrWeb 20160707
Emsisoft 20160707
ESET-NOD32 20160707
F-Prot 20160707
F-Secure 20160707
Fortinet 20160707
GData 20160707
Ikarus 20160707
K7AntiVirus 20160707
K7GW 20160707
Kaspersky 20160707
Kingsoft 20160707
Malwarebytes 20160707
McAfee 20160707
McAfee-GW-Edition 20160707
Microsoft 20160707
eScan 20160707
NANO-Antivirus 20160707
nProtect 20160707
Panda 20160706
Qihoo-360 20160707
Sophos AV 20160707
SUPERAntiSpyware 20160707
Symantec 20160707
Tencent 20160707
TheHacker 20160707
TrendMicro 20160707
TrendMicro-HouseCall 20160707
VBA32 20160706
VIPRE 20160707
ViRobot 20160707
Yandex 20160706
Zillya 20160707
Zoner 20160707
The file being studied is a compressed stream! More specifically, it is a ZIP file. It seems to be a bundled Mac OS X application.
File signature
Identifier org.kronenberg.WineBottler
Format bundle with Mach-O universal (i386 x86_64)
CDHash c653501fe8715c8464f3bb6f4a21d118c405c2e4
Signature size 8510
Authority Developer ID Application: Tapenta GmbH
Authority Developer ID Certification Authority
Authority Apple Root CA
Timestamp Feb 24, 2015, 12:15:13 AM
Info.plist entries 24
TeamIdentifier S3B4DFK8MA
Signers
[+] Tapenta GmbH
Status Valid
Issuer Apple Inc.
Valid from 09:31 AM 03/24/2012
Valid to 09:31 AM 03/25/2017
Valid usage Digital Signature, Code Signing
Algorithm sha256WithRSAEncryption
Thumbprint 4A812261AA0B90175F818F9D816E4AD3C6A66332
Serial number 1F 13 ED C2 D1 9D C0 C5
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 10:12 PM 02/01/2012
Valid to 10:12 PM 02/01/2027
Valid usage Digital Signature, Certificate Sign, CRL Sign
Algorithm sha256WithRSAEncryption
Thumbprint 3B166C3B7DC4B751C9FE2AFAB9135641E388E186
Serial number 18 7A A9 A8 C2 96 21 0C
[+] Apple Inc.
Status Valid
Issuer Apple Inc.
Valid from 09:40 PM 04/25/2006
Valid to 09:40 PM 02/09/2035
Valid usage Certificate Sign, CRL Sign
Algorithm sha1WithRSAEncryption
Thumbprint 611E5B662C593A08FF58D14AE22452D198DF6C60
Serial number 2
Interesting properties
The studied file contains at least one Portable Executable.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
549
Uncompressed size
4507396
Highest datetime
2016-07-07 13:45:26
Lowest datetime
2015-02-24 05:00:02
Contained files by extension
nib
70
h
30
png
30
sh
26
_A
6
exe
4
pem
2
svg
2
txt
2
app
1
Contained files by type
unknown
350
directory
131
XML
18
Mac OS X Executable
17
PNG
15
script
13
HTML
3
Portable Executable
2
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
WineBottler .app/

ZipBitFlag
0

ZipModifyDate
2015:02:24 05:45:07

File identification
MD5 00c227d20948198222b7c38d4c6ea3bb
SHA1 883947378874c96852c8866439e57fb64e74c830
SHA256 f9e159089b3edeaf85c4dd05d86338c2d7dc17e03e95040d63a9cba73be9e2f9
ssdeep
49152:xemTd6VmNOl1NKAfz76m5rLd8Hq9dbuKWWj9235+k:xewW1HKS7xrd9uKWl3sk

File size 2.3 MB ( 2411849 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID ZIP compressed archive (100.0%)
Tags
mac-app contains-pe contains-macho signed zip

VirusTotal metadata
First submission 2016-07-07 08:15:55 UTC ( 1 year, 10 months ago )
Last submission 2016-07-07 08:15:55 UTC ( 1 year, 10 months ago )
File names WineBottler .app.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
HTTP requests
DNS requests
TCP connections