VirusTotal, the Google-owned free website that will scan suspicious files against dozens of antivirus engines, has announced that they have expanded behavior analysis to include Mac apps. VirusTotal introduced this for Windows files in 2012 and Android in 2013. Mac files join them today in 2015.
The behavioral analysis is seen under the ‘Behavioral information’ tab. It shows what other files on a system are read, moved, or written to, any processes created, or HTTP web traffic observed. Now, any uploaded Mach-O executables, DMG files, or ZIP files containing a Mac app, will be sent to the sandbox in order to produce behavioral reports. Scans can be performed by uploading the file on www.virustotal.co, using the API, or using their OS X Uploader tool.
The announcement provided a few example reports, which allow you to see the new functionality under the “Behavioral information” tab.
DMG files:
https://www.virustotal.com/file/22569f42180fbb3ea333d0ca9a8573c2edf3465f3a18a36e4ea7755b34a5fdc5/analysis/1446818987/
https://www.virustotal.com/en/file/b3606a398ddcbc2833024e128d225f28d6801325be2b3c63a8571a169690376e/analysis/
Mach-O files:
https://www.virustotal.com/file/58507bcfc4441edead0cb4acca3d60cf55d3d5a3563b3e20ffa4843b156d9cfd/analysis/
https://www.virustotal.com/en/file/d295807085c96cabe5b4344d0ff2a6eaea6b7eecece859cedf61584670cd4fdf/analysis/
ZIP files with an Mac app inside:
https://www.virustotal.com/file/ee6409be3374200b92ac9c85ff2647ab498ce03116d665985481a4a025a13ad0/analysis/
https://www.virustotal.com/file/0b8e83649f8ad3c62fde92c2b944c2180718633c6fcf5815dd1902208f3e35d6/analysis/