× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 6acd92d0dfe3e298d73b78a3dcc6d52ff4f85a70a9f2d0dcfe7ae4af2dd685cc
Dosya adı: macs
Tespit edilme orani 38 / 59
Analiz tarihi: 2018-04-02 22:28:10 UTC ( 5 ay, 3 hafta önce)
Antivirus Sonuç Güncelle
Ad-Aware MAC.OSX.Backdoor.KitM.A 20180402
AhnLab-V3 OSX64-Trojan/Kitm 20180402
ALYac MAC.OSX.Backdoor.KitM.A 20180402
Arcabit MAC.OSX.Backdoor.KitM.A 20180402
Avast MacOS:Kitmos-A [Spy] 20180402
AVG MacOS:Kitmos-A [Spy] 20180402
Avira (no cloud) OSX/Kitm.B 20180402
AVware Trojan.OSX.Generic (v) 20180402
BitDefender MAC.OSX.Backdoor.KitM.A 20180402
CAT-QuickHeal Backdoor.MacOSX.Kitmos.A 20180402
ClamAV Osx.Trojan.KitM-1 20180402
Comodo UnclassifiedMalware 20180402
Cyren MacOS/Kitmos.A 20180402
DrWeb Trojan.HackBack.2 20180402
Emsisoft MAC.OSX.Backdoor.KitM.A (B) 20180402
Endgame malicious (high confidence) 20180316
ESET-NOD32 OSX/Kitm.A 20180402
F-Prot MacOS/Kitmos.A 20180402
F-Secure MAC.OSX.Backdoor.KitM.A 20180402
Fortinet OSX/Kitm.A!tr.bdr 20180402
GData MAC.OSX.Backdoor.KitM.A 20180402
Ikarus Backdoor.OSX.Kitm 20180402
Kaspersky Backdoor.OSX.Kitm.a 20180402
MAX malware (ai score=83) 20180402
McAfee OSX/Kitmos 20180402
McAfee-GW-Edition OSX/Kitmos 20180402
Microsoft Backdoor:MacOS_X/Kitmos.A 20180402
eScan MAC.OSX.Backdoor.KitM.A 20180402
NANO-Antivirus Trojan.Mac.HackBack.culozj 20180402
Qihoo-360 Win32/Backdoor.3d9 20180402
Sophos AV OSX/Kitm-A 20180402
Symantec OSX.Kitmos 20180402
Tencent Win32.Backdoor.Kitm.Ehhy 20180402
TrendMicro OSX_KITM.A 20180402
TrendMicro-HouseCall OSX_KITM.A 20180402
VIPRE Trojan.OSX.Generic (v) 20180402
Zillya Trojan.Kitm..2 20180402
ZoneAlarm by Check Point Backdoor.OSX.Kitm.a 20180402
AegisLab 20180402
Alibaba 20180402
Antiy-AVL 20180402
Avast-Mobile 20180402
Baidu 20180402
Bkav 20180402
CMC 20180402
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180402
eGambit 20180402
Sophos ML 20180121
Jiangmin 20180402
K7AntiVirus 20180402
K7GW 20180402
Kingsoft 20180402
Malwarebytes 20180402
nProtect 20180402
Palo Alto Networks (Known Signatures) 20180402
Panda 20180402
Rising 20180402
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180402
Symantec Mobile Insight 20180401
TheHacker 20180330
Trustlook 20180402
VBA32 20180402
ViRobot 20180402
WhiteArmor 20180324
Yandex 20180331
Zoner 20180401
The file being studied is a Mac OS X executable! More specifically it is a FAT multi-architecture binary, either a PPC/PPC64 binary or a universal package made up of 2 Mach-O files.
File signature
Identifier com.util.file
Format Mach-O universal (i386 x86_64)
CDHash b0aa57a281c2d8cce6c9a09568c6e3fea52ff80e
Signature size 8514
Authority Developer ID Application: Rajinder Kumar
Authority Developer ID Certification Authority
Authority Apple Root CA
Timestamp Apr 8, 2013, 9:52:49 AM
Info.plist not bound
TeamIdentifier not set
Sealed Resources none
FAT multi-architecture binary
This file targets more than one architecture, this is done by packaging up 2 Mach-Os in a FAT binary. Details about each Mach-O file follow.
Interesting properties
This file is signed by Apple's Root Certificate Authority.
File header
File type executable file
Magic 0xfeedfacf
Required architecture x86_64
Sub-architecture X86_64_ALL
Entry point 0x100001ee0
Reserved 0x0
Load commands 22
Load commands size 3968
Flags DYLDLINK
NOUNDEFS
TWOLEVEL
File segments
Shared libraries
Load commands
Interesting properties
This file is signed by Apple's Root Certificate Authority.
File header
File type executable file
Magic 0xfeedface
Required architecture i386
Sub-architecture I386_ALL
Entry point 0x1e00
Load commands 23
Load commands size 3392
Flags DYLDLINK
NOUNDEFS
NO_HEAP_EXECUTION
TWOLEVEL
File segments
Shared libraries
Load commands
File identification
MD5 f9fabd1637d190e0e0a5c117c71921fc
SHA1 4395a2da164e09721700815ea3f816cddb9d676e
SHA256 6acd92d0dfe3e298d73b78a3dcc6d52ff4f85a70a9f2d0dcfe7ae4af2dd685cc
ssdeep
12288:TMGSQliDiNZZrF7PXKxXG5HX/MO4t9p8:wGSQl3apcXNur

Dosya boyutu 460.2 KB ( 471232 bytes )
Dosya türü Mach-O
Magic lafzı
Mach-O fat file with 2 architectures

TrID Mac OS X Universal Binary executable (100.0%)
Tags
64bits multi-arch macho signed

VirusTotal metadata
First submission 2013-05-13 14:48:59 UTC ( 5 yıl, 4 ay önce)
Last submission 2018-04-02 22:28:10 UTC ( 5 ay, 3 hafta önce)
Dosya isimleri 1
vti-rescan
macs
4395a2da164e09721700815ea3f816cddb9d676e.fat
6acd92d0dfe3e298d73b78a3dcc6d52ff4f85a70a9f2d0dcfe7ae4af2dd685cc
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Output
Opened files
Read files
Written files
Created processes