Report #1828 cancel

Binary
ABI
ELFOSABI_SYSV
Size
79.46KB
Type
ET_DYN
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
e66a3a69aaa9c21e07f099ee4d4af443
sha1
ddb424c5f8d192fdd5d9bb7d6bd693777bcb0293
crc32
0x67de2b76
sha224
80b78142731a9d624984f586c228436830b601cb3a096fb35c2835ff
sha256
c5efeca8aacb95b0283da3ff146606a98614c32c397ab53b018a2169640a949b
sha384
2050b27162cf0a5caca4d6197e1ee8bef879f10016789ef7173735af0ae937957e60bbdf2e2e57ccda9466c5a897b988
sha512
690d2e54ee8a28f9cb9a9dbd259ee6aa266ae8b157f5cd09078357edbc7a9f4c39845358b5e0edf1f6e80068376374b789650b9f9fae17adc50d76db3589fa1c
ssdeep
1536:Gr6oBevhn2ZNC3xclms1i/o6XkwGR7l6aHUmyD1p/mYr/JOOU4XyK/QbHMr:Gr6osvhniNCpokGR7l6a0mwFtXDAHw
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/self/exe, /proc/stat, /proc/meminfo, /proc/cpuinfo
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs
libcve-2009-2692.so
Mails

Suspicious
True check_circle
Strings
List
.note.gnu.gold-version
libm.so
libc.so
libdl.so
libcve-2009-2692.so
/data/data/com.duosecurity.xray/files/wunderbar
.rel.plt
.got.plt
.rel.dyn
fD<Ct`0PU
FAILURE: Didn't get root.
somehow we're not dead?
MemFree: %ld kB
SUCCESS: Got root!
=h.hoh
abort() called in pid %d
MemTotal: %ld kB
/dev/urandom
HTC_RIL
sleep
fwrite
fopen
.hash
FAILURE: Unable to setup.
.comment
/proc/self/exe
!1CS`baA`
`Ftp0p
.ARM.attributes
/usr/bin:/bin
/proc/meminfo
/proc/cpuinfo
/proc/stat
libc-abort
.dynamic
gold 1.11
.ARM.exidx
.ARM.extab
.preinit_array
.shstrtab
.shstrtab
.eh_frame_hdr
/dev/log/main
.eh_frame
.init_array
.fini_array
.fini_array
.init_array
PROPvOCE
__cxa_finalize
/dev/log/radio
<unknown>
__cxa_atexit
.rodata
.rodata
,hTP
__stack_chk_fail
in use bytes = %10lu
processor
aia)aAh
h[hoHoI
#phka+a
/system/bin/sh
system bytes = %10lu
libstdc++.so
__bss_start
: path too long
checkIsVulnerable
wunderbar
{haB!C
uJuMvNzDTY
?aCoc
ANDROID_PROPERTY_WORKSPACE
hbFEa|
`fadFO
waitpid
_edata
>H>I
;H;I
i"hei
'dMeN
.dynsym
.dynstr
/H0I
!dMeNC
.ctors
unlink
aeabi
inity
hea a
umask
PATH
haF(
|DIh
F,Nyh
chmod
.got
_end
.got
!%`%aaa

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .dynsym, .dynstr, .hash, .rel.dyn, .rel.plt, .plt, .text, .rodata, .eh_frame, .eh_frame_hdr, .fini_array, .init_array, .dynamic, .got, .got.plt, .data, .bss, .comment, .note.gnu.gold-version, .shstrtab
Number
21
Suspicious
False cancel
Segments
Number
7
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.8
Identified
1
Suspicious
False cancel
Functions
List
, , __cxa_finalize, , __cxa_atexit, , __stack_chk_fail, , checkIsVulnerable, , umask, , fopen, , asroot, , fwrite, , fclose, , chmod, , fork, , execl, , kill, , unlink, , sleep, , waitpid, , exit, , Java_fuzion24_device_vulnerability_vulnerabilities_kernel_CVE_12009_12692_checkWunderbar, , main, , _edata, , __bss_start, , _end,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x0
Suspicious
False cancel
Embedded ELF
List
4129
Identified
1
Program Header
Size
32
Number
7
Offset
52
Section Header
Size
40
Number
21
Offset
80528
AVclass
None
1
VirusTotal
md5
e66a3a69aaa9c21e07f099ee4d4af443
sha1
ddb424c5f8d192fdd5d9bb7d6bd693777bcb0293
SCANS (DETECTION RATE = 3.39%)
AVG
update: 20170807
version: 8.0.1489.320
detected: False cancel

CMC
update: 20170805
version: 1.1.0.977
detected: False cancel

MAX
update: 20170807
version: 2017.6.26.1
detected: False cancel

Bkav
update: 20170807
version: 1.3.0.9282
detected: False cancel

K7GW
update: 20170807
version: 10.20.24212
detected: False cancel

ALYac
update: 20170807
version: 1.1.1.2
detected: False cancel

Avast
update: 20170807
version: 8.0.1489.320
detected: False cancel

Avira
update: 20170807
version: 8.3.3.4
detected: False cancel

Baidu
update: 20170807
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170807
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20170807
version: 7.0.28.2020
detected: False cancel

GData
update: 20170807
version: A:25.13734B:25.10170
detected: False cancel

Panda
update: 20170806
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170803
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170807
version: 60118
detected: False cancel

Zoner
update: 20170807
version: 1.0
detected: False cancel

AVware
update: 20170807
version: 1.5.0.42
detected: False cancel

ClamAV
update: 20170807
version: 0.99.2.0
detected: False cancel

Comodo
update: 20170807
version: 27566
detected: False cancel

F-Prot
update: 20170807
version: 4.7.1.166
detected: False cancel

Ikarus
result: Exploit.AndroidOS.Lootor
update: 20170807
version: 0.1.5.2
detected: True check_circle

McAfee
update: 20170807
version: 6.0.6.653
detected: False cancel

Rising
update: 20170807
version: 25.0.0.1
detected: False cancel

Sophos
update: 20170807
version: 4.98.0
detected: False cancel

Yandex
update: 20170801
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170806
version: 2.0.0.3355
detected: False cancel

Arcabit
update: 20170807
version: 1.0.0.817
detected: False cancel

Tencent
update: 20170807
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20170807
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170807
version: 1.0.0.207
detected: False cancel

Ad-Aware
update: 20170807
version: 3.0.3.1010
detected: False cancel

AegisLab
update: 20170807
version: 4.2
detected: False cancel

Emsisoft
update: 20170807
version: 4.0.1.883
detected: False cancel

F-Secure
update: 20170807
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20170807
version: 5.4.247.0
detected: False cancel

Jiangmin
update: 20170807
version: 16.0.100
detected: False cancel

Kingsoft
update: 20170807
version: 2013.8.14.323
detected: False cancel

Symantec
update: 20170807
version: 1.4.0.0
detected: False cancel

nProtect
update: 20170807
version: 2017-08-07.02
detected: False cancel

AhnLab-V3
update: 20170807
version: 3.9.2.18278
detected: False cancel

Antiy-AVL
update: 20170807
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20170807
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20170807
version: 1.1.14003.0
detected: False cancel

Qihoo-360
update: 20170807
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20170806
version: 6.8.0.5.1813
detected: False cancel

ZoneAlarm
update: 20170807
version: 1.0
detected: False cancel

ESET-NOD32
update: 20170807
version: 15873
detected: False cancel

TrendMicro
update: 20170807
version: 9.862.0.1074
detected: False cancel

WhiteArmor
update: 20170731
detected: False cancel

BitDefender
update: 20170807
version: 7.2
detected: False cancel

K7AntiVirus
update: 20170807
version: 10.20.24214
detected: False cancel

Malwarebytes
update: 20170807
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170807
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170807
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20170807
version: 1.0.94.18103
detected: False cancel

MicroWorld-eScan
update: 20170807
version: 12.0.250.0
detected: False cancel

SUPERAntiSpyware
update: 20170807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20170807
version: v2015
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.F04JH00F617
update: 20170807
version: 9.950.0.1006
detected: True check_circle

total
59
sha256
c5efeca8aacb95b0283da3ff146606a98614c32c397ab53b018a2169640a949b
scan_id
c5efeca8aacb95b0283da3ff146606a98614c32c397ab53b018a2169640a949b-1502099613
resource
e66a3a69aaa9c21e07f099ee4d4af443
positives
2
scan_date
2017-08-07 09:53:33
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 68.86%
suspicious: True check_circle
MLP
confidence: 69.60%
suspicious: True check_circle
SVM
confidence: 75.00%
suspicious: True check_circle