We previously announced sandbox execution of Windows PE files in 2012, and Android in 2013. We are happy to announce equal treatment for Mac OS X apps. Files scanned that are Mach-O executables, DMG files, or ZIP files containing a Mac app, will be sent to the sandbox in order to produce behavioral reports.
Users may scan these file types directly on www.virustotal.com, with our OS X Uploader app, or via the API.
As before, users with private API or "allinfo" privileges will see this information in the API responses. For VirusTotal Intelligence customers the information is also indexed and searchable.
Here are a couple of example reports, have a look at the "Behavioural information" tab...
DMG files:
Users may scan these file types directly on www.virustotal.com, with our OS X Uploader app, or via the API.
As before, users with private API or "allinfo" privileges will see this information in the API responses. For VirusTotal Intelligence customers the information is also indexed and searchable.
Here are a couple of example reports, have a look at the "Behavioural information" tab...
DMG files:
- https://www.virustotal.com/file/22569f42180fbb3ea333d0ca9a8573c2edf3465f3a18a36e4ea7755b34a5fdc5/analysis/1446818987/
- https://www.virustotal.com/en/file/b3606a398ddcbc2833024e128d225f28d6801325be2b3c63a8571a169690376e/analysis/
Mach-O files:
ZIP files with an Mac app inside:
- https://www.virustotal.com/file/ee6409be3374200b92ac9c85ff2647ab498ce03116d665985481a4a025a13ad0/analysis/
- https://www.virustotal.com/file/0b8e83649f8ad3c62fde92c2b944c2180718633c6fcf5815dd1902208f3e35d6/analysis/
If you find issues, or have suggestions to improve the Mac sandbox please send an email to contact [at] virustotal [dot] com.