Report #1689 cancel

Binary
ABI
ELFOSABI_SYSV
Size
54.56KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
4957a33ccda81b61dec9ab0b13027b85
sha1
7042feb8d5fdbf07c7448e84b44a20b8cbecc9d9
crc32
0x757adacd
sha224
804dd9e3a6d5daca75db37286add7775b4a655df2db3c6df45f6c518
sha256
16bd583d3f82c1234a62247be73c85f8023467bedbd82dcec29aa6a2d9cb7df3
sha384
5010d0ef92f45693ab58869c39c163aecab96f40688898cd467d1f4f31a7efcfa449b7d77e70b98781b20fce2e0abb52
sha512
3252d6f549475df50c8725a050124f62016640041121ef50cd571f5d36632f02f987f5430fa7ae56982da0f00382ebca5a666d164506018041be6e2e8ac19ecd
ssdeep
1536:36Ew7hWCbZ6OzptrGP85wXyUWTF+Lt+Rc:C1W4Z6OzP4NXyUWp+LQK
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, is__elf, Mirai_3

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/tcp
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs

Mails

Suspicious
False cancel
Strings
List
HTTP/1.1
User-Agent:
/proc/net/tcp
Cookie:
http
Host:
POST /cdn-cgi/
POST
AJWLIGF"
LAMPPGAV"
WPNGLAMFGF"
/dev/watchdog
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
.shstrtab
/dev/null
egvnmacnkr"
nmnlmevdm"
.rodata
QOACFOKL
GLAMFKLE
nCLEWCEG
jvvrdnmmf"
ANMWFDNCPG
AMLLGAVKML
LCOGQGPTGP
aMLLGAVKML
HWCLVGAJ
NMACVKML
CRRNKACVKML
CRRNKACVKML
CRRNKACVKML
AMLD"
uEzAs"
CLKOG"
PGCNVGI
assword
.fini
.init
KOCEG
AMMIKG
DWAIGP
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
.dtors
.ctors
AtSB1
enter
cAAGRV
aJPMOG
aJPMOG
aJPMOG
aJPMOG
cAAGRV
NGLEVJ
t$$hPh
WHoIM
eGAIM
eGAIM
eGAIM
eGAIM
WHoIM
eGAIM
CFOKL
CFOKL
CFOKL
DMWLF"
CNKTG"
,[^_]
FGDCWNV
\$Th h
DMPO
RPMA
CLIM
SOGN
;ctYf
wet]
ogin
9|$$
CRRNGV
[^_]
[^_]
;\$$
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .ctors, .dtors, .data, .bss, .shstrtab
Number
10
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List

Identified
0
Suspicious
False cancel
Functions
List

Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
10
Offset
55472
AVclass
mirai
1
VirusTotal
md5
4957a33ccda81b61dec9ab0b13027b85
sha1
7042feb8d5fdbf07c7448e84b44a20b8cbecc9d9
SCANS (DETECTION RATE = 61.67%)
AVG
result: ELF:Mirai-A [Trj]
update: 20190530
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20190530
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190529
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190530
version: 11.46.31064
detected: False cancel

ALYac
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 1.1.1.5
detected: True check_circle

Avast
result: ELF:Mirai-A [Trj]
update: 20190530
version: 18.4.3895.0
detected: True check_circle

Avira
result: LINUX/Mirai.bonc
update: 20190530
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190530
version: 6.2.0.1
detected: False cancel

DrWeb
result: Linux.Mirai.2253
update: 20190530
version: 7.0.34.11020
detected: True check_circle

GData
result: Linux.Trojan.Mirai.B
update: 20190530
version: A:25.22167B:25.15201
detected: True check_circle

Panda
update: 20190529
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190529
version: 4.0.0
detected: False cancel

VIPRE
update: 20190530
version: 75380
detected: False cancel

Zoner
update: 20190529
version: 1.0
detected: False cancel

ClamAV
result: Unix.Trojan.Mirai-1
update: 20190529
version: 0.101.2.0
detected: True check_circle

Comodo
update: 20190530
version: 30943
detected: False cancel

F-Prot
update: 20190530
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Mirai
update: 20190529
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Mirai
update: 20190530
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Mirai!1.AB17 (CLASSIC)
update: 20190530
version: 25.0.0.24
detected: True check_circle

Sophos
result: Linux/DDoS-CI
update: 20190530
version: 4.98.0
detected: True check_circle

Zillya
update: 20190529
version: 2.0.0.3821
detected: False cancel

Arcabit
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 1.0.0.846
detected: True check_circle

Babable
update: 20190424
version: 9107201
detected: False cancel

FireEye
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190530
version: 2019-05-30.01
detected: False cancel

Tencent
result: Backdoor.Linux.Mirai.wan
update: 20190530
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190530
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Linux.Mirai.4!c
update: 20190530
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Linux.Backdoor.C (B)
update: 20190530
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Malware.LINUX/Mirai.bonc
update: 20190530
version: 12.0.86.52
detected: True check_circle

Fortinet
result: ELF/Mirai.A!tr
update: 20190530
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Backdoor.Linux.avpl
update: 20190529
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190530
version: 2013.8.14.323
detected: False cancel

Symantec
result: Linux.Mirai
update: 20190530
version: 1.9.0.0
detected: True check_circle

AhnLab-V3
result: Linux/Mirai.55872.D
update: 20190530
version: 3.15.2.24252
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Linux.Gafgyt.x
update: 20190530
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Mirai.n
update: 20190530
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20190529
version: 1.0.0.1
detected: False cancel

Microsoft
result: Backdoor:Linux/Mirai.B
update: 20190530
version: 1.1.15900.4
detected: True check_circle

Qihoo-360
result: virus.elf.mirai.b
update: 20190530
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190530
version: 6.8.0.5.4241
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Mirai.n
update: 20190530
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Mirai.A
update: 20190530
version: 19439
detected: True check_circle

TrendMicro
result: ELF_MIRAI.SM1
update: 20190530
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20190529
version: 11.46.31063
detected: False cancel

SentinelOne
result: DFI - Malicious ELF
update: 20190511
version: 1.0.26.329
detected: True check_circle

Avast-Mobile
result: ELF:Mirai-AH [Trj]
update: 20190529
version: 190529-04
detected: True check_circle

Malwarebytes
update: 20190530
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190530
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190529
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Elf32.Mirai.eoxllj
update: 20190529
version: 1.0.134.24826
detected: True check_circle

MicroWorld-eScan
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190528
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Mirai
update: 20190530
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: ELF_MIRAI.SM1
update: 20190530
version: 10.0.0.1040
detected: True check_circle

total
60
sha256
16bd583d3f82c1234a62247be73c85f8023467bedbd82dcec29aa6a2d9cb7df3
scan_id
16bd583d3f82c1234a62247be73c85f8023467bedbd82dcec29aa6a2d9cb7df3-1559196578
resource
4957a33ccda81b61dec9ab0b13027b85
positives
37
scan_date
2019-05-30 06:09:38
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.86%
suspicious: True check_circle
SVM
confidence: 95.80%
suspicious: True check_circle