Report #1708 cancel

Binary
ABI
ELFOSABI_LINUX
Size
247.39KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
469ef1810de604f11f879bbcdffd0adb
sha1
acd72de5363f28545ada438611ee0bb329865b78
crc32
0x2fb9198a
sha224
bbf30dc73465b988f052eeed56265ecdf241a98e2998ff2e5499f355
sha256
28d680def872dea352319bd75e0fd10771c22a840e21dc83903531d25b758e92
sha384
6ba17ce4e1690c6fd90c9be08d995ddd7e73d1b0b837bca7b448d49d0facc7f3c197732555ad9ef50488c42a9071ad80
sha512
858b9787245d74c08b7ee1f357bb01c01f52e4406ab8001c49d6812a8d0fc77c14fcbe40eb97e2a5b0ef94bba827459a9c9aec9f0cfa433a5726edb5e1882e6e
ssdeep
6144:KSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCiYhhhnaLQ/mqYX:FZRgUY/fsJcO1KOiXBYhhhnOQeX
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, CRC32_poly_Constant, url, IP, contentis_base64, suspicious_packer_section, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
(/proc/self/exe
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs
103.6.9.2288.
URLs
O
Mails

Suspicious
True check_circle
Strings
List
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
u.Ad
c4.sh
Y.GY
S.Cm
O<http://w
L.dZ
udev4.so!.6
/locale.alia
chk.fig
fail<whe\6;
<Y]afl
S>H-D
`EFh
Pr,E
dHT]_
.d/%src%dS90"--de
}o%e|
%suid-
`t%iA
G=%ha
nHFt
PROT_EXEC|PROT_WRITE failed.
FEDxHS
RdGAC
ompleted
%Xvnteli
%consohd
%cPRIVH
lob<%d<%h C
VO=%P[%lu]; g^
|DEBUG"UTP
dns/off
http
MYSQL_HISTFIL vv/nx
killmain
eaf8
YNAMIC_WEAK
SIZE_PSEUD
bAC6e
ONF_DIR
TOP_PAD
rl.unctlnu
%hook
4bcdef
IP_H
TZ HTTP/1.1
T,N,4&
0e1Totx(
$Id: UPX 3.05 Copyright (C) 1996-2010 the UPX Team. All Rights Reserved. $
4,L0P4%CE
=PAPOA9V
|A44V#3oM
}A[Ae%0W6a
+Tu0ViQFA
7"`gmon@a}*
4ve<pdate-
1l2fTe(
?MONETARY5ESSAG
gi<Fc0'/iF
158<ADi
56t8!HE
''#Oq3rst''''uv
e2;F4BO
OFFSET_TABLE_u
4S4nAC/
call_gmon_start
F2:5tp%N
70c/get
syU^`v3.dg
32b-D_LAR
p('GLOBAL_[[
x&ip=hm.[$n3
DEH_FRAME_
EBABI3/
TPumB,.
1792652[
\goOHT|
+(d-wO<B
(/proc/self/exe
MNONNNNPRTUNNNNVWYZNNNN[\_`NNNNabcdNNNNefhiONNNjk
sd_MALLOC
MMA$MADo
libc_free
procso_tcG
]ApmNIan
BEGIN%JC?
`&R%WE*
irtsig-e
jplural=
<ipti:4
C[HtBO,
4IO_wfi
,EiZ5tD
a/Yr3GI
]8in\WN
.gnu.H9
dSbYG,@a[R
HTWE'
103.6.9.2288.

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List

Number
0
Suspicious
True check_circle
Segments
Number
2
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.1.2 20080704(Re#b?
Identified
1
Suspicious
False cancel
Functions
List

Present
Stripped
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0xc3e548
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
2
Offset
52
Section Header
Size
40
Number
0
Offset
0
AVclass
xorddos
1
VirusTotal
md5
469ef1810de604f11f879bbcdffd0adb
sha1
acd72de5363f28545ada438611ee0bb329865b78
SCANS (DETECTION RATE = 44.07%)
AVG
result: ELF:Xorddos-AD [Trj]
update: 20180828
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180828
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=88)
update: 20180828
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180828
version: 1.3.0.8876
detected: False cancel

K7GW
update: 20180828
version: 10.60.28202
detected: False cancel

ALYac
result: GenPack:Trojan.Linux.Xorddos.B
update: 20180828
version: 1.1.1.5
detected: True check_circle

Avast
result: ELF:Xorddos-AD [Trj]
update: 20180828
version: 18.4.3895.0
detected: True check_circle

Avira
result: LINUX/Xorddos.rghsx
update: 20180828
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180828
version: 1.0.0.2
detected: False cancel

Cyren
update: 20180828
version: 6.0.0.4
detected: False cancel

DrWeb
result: Linux.DDoS.Xor.2
update: 20180828
version: 7.0.33.6080
detected: True check_circle

GData
result: GenPack:Trojan.Linux.Xorddos.B
update: 20180828
version: A:25.18279B:25.13076
detected: True check_circle

Panda
update: 20180828
version: 4.6.4.2
detected: False cancel

VBA32
update: 20180828
version: 3.33.0
detected: False cancel

VIPRE
update: 20180828
version: 69154
detected: False cancel

Zoner
update: 20180827
version: 1.0
detected: False cancel

AVware
update: 20180823
version: 1.6.0.52
detected: False cancel

ClamAV
result: Unix.Malware.Agent-6308272-0
update: 20180828
version: 0.100.1.0
detected: True check_circle

Comodo
update: 20180828
detected: False cancel

F-Prot
update: 20180828
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Xorddos
update: 20180828
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.dx
update: 20180828
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180828
version: 25.0.0.24
detected: False cancel

Sophos
result: Linux/DDoS-BH
update: 20180828
version: 4.98.0
detected: True check_circle

Yandex
update: 20180827
version: 5.5.1.3
detected: False cancel

Zillya
result: Trojan.Xorddos.Linux.68
update: 20180827
version: 2.0.0.3625
detected: True check_circle

Arcabit
update: 20180828
version: 1.0.0.833
detected: False cancel

Babable
update: 20180822
version: 9107201
detected: False cancel

TACHYON
update: 20180828
version: 2018-08-28.02
detected: False cancel

Tencent
result: Linux.Trojan-ddos.Agent.Pdms
update: 20180828
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180828
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: GenPack:Trojan.Linux.Xorddos.B
update: 20180828
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Linux.Generic.9!c
update: 20180828
version: 4.2
detected: True check_circle

Emsisoft
result: GenPack:Trojan.Linux.Xorddos.B (B)
update: 20180828
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: GenPack:Trojan.Linux.Xorddos.B
update: 20180828
version: 11.0.19100.45
detected: True check_circle

Fortinet
update: 20180828
version: 5.4.247.0
detected: False cancel

Jiangmin
update: 20180828
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180828
version: 2013.8.14.323
detected: False cancel

Symantec
result: Trojan.Gen.NPE
update: 20180828
version: 1.7.0.0
detected: True check_circle

AhnLab-V3
update: 20180828
version: 3.13.1.21616
detected: False cancel

Antiy-AVL
update: 20180828
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-DDoS.Linux.Agent.g
update: 20180828
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180828
version: 1.1.15200.1
detected: False cancel

Qihoo-360
result: Win32/Virus.DDoS.49d
update: 20180828
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180824
version: 6.8.0.5.3581
detected: False cancel

ZoneAlarm
result: HEUR:Trojan-DDoS.Linux.Agent.g
update: 20180828
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Xorddos.D
update: 20180828
version: 17956
detected: True check_circle

TrendMicro
update: 20180828
version: 10.0.0.1040
detected: False cancel

BitDefender
result: GenPack:Trojan.Linux.Xorddos.B
update: 20180828
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20180828
version: 10.61.28206
detected: False cancel

Avast-Mobile
update: 20180828
version: 180827-06
detected: False cancel

Malwarebytes
update: 20180828
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180828
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20180828
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Elf32.Agent.eoigxa
update: 20180828
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: GenPack:Trojan.Linux.Xorddos.B
update: 20180828
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180828
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic.dx
update: 20180828
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20180828
version: 9.950.0.1006
detected: False cancel

total
59
sha256
28d680def872dea352319bd75e0fd10771c22a840e21dc83903531d25b758e92
scan_id
28d680def872dea352319bd75e0fd10771c22a840e21dc83903531d25b758e92-1535462742
resource
469ef1810de604f11f879bbcdffd0adb
positives
26
scan_date
2018-08-28 13:25:42
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.93%
suspicious: True check_circle
SVM
confidence: 98.04%
suspicious: True check_circle