Report #3478 cancel

Binary
ABI
ELFOSABI_SYSV
Size
13.97KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
c7c873f5baad56d2889e0c819d73fae6
sha1
c712c6af79b93d1e5afd288e9d9c95e6e760c5e1
crc32
0x666abff3
sha224
9de2172adb1ca411f998e323d0e7cb3601651dc3e4b54ff28ea076c3
sha256
2ae7a5aea125f1ca5689236da02be0df7412a01f53580e9a84d386bd82eb26bd
sha384
c55e243450bca49cfa0d8b3e8b707a4851bea461a7f41f6040ba439f103e574f274c6e4eab5d3a9c14237f16f4bbd9ac
sha512
429c78d4bef4f8ed8243219c9751eb1d8a381c6a2276f78603ad1ddccabe0554444e22e34898b48c5d16e90a9caabfbc865f250305ef5860267c639c6fa2bfe6
ssdeep
192:foGaAiHkfzr1MoodbFEh6OHc8aG1j4ZABcGcB57hM1:ffiH62bdbFsc8aAfByL72
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys
../include/sys/cdefs.h, ../misc/sys/cdefs.h
Home

Proc

Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs
/lib/ld-linux.so.2
Mails

Suspicious
True check_circle
Strings
List
.rel.got
libc.so.6
.rel.plt
/lib/ld-linux.so.2
__deregister_frame_info
__register_frame_info
execl@@GLIBC_2.0
__deregister_frame_info@@GLIBC_2.0
__register_frame_info@@GLIBC_2.0
.hash
long long int:t(0,6)=@s64;r(0,6);01000000000000000000000;0777777777777777777777;
GLIBC_2.0
unsigned int:t(0,4)=r(0,4);0000000000000;0037777777777;
completed.1
__off64_t:t(4,54)=(4,24)
__loff_t:t(4,24)=(4,6)
__off_t:t(4,23)=(0,3)
__id_t:t(4,29)=(4,3)
.comment
gcc2_compiled.
gcc2_compiled.
object.2
__DTOR_END__
__CTOR_END__
__FRAME_END__
__key_t:t(4,44)=(0,1)
__EH_FRAME_BEGIN__
__DTOR_LIST__
__CTOR_LIST__
GLIBC_2.1.3
_GLOBAL_OFFSET_TABLE_
_DYNAMIC
call_gmon_start
../iconv/gconv.h
fini_dummy
initfini.c
frame_dummy
init_dummy
data_start
.dynamic
__gmon_start__
__gmon_start__
force_to_data
../misc/sys/cdefs.h
.note.ABI-tag
.gnu.version
.shstrtab
.eh_frame
_IO_stdin_used
_IO_stdin_used
crtstuff.c
.stabstr
__libc_start_main
__do_global_dtors_aux
__do_global_ctors_aux
.gnu.version_r
__cxa_finalize
__data_start
../include/gconv.h
../include/wchar.h
.rodata
../wcsmbs/wchar.h
../include/sys/cdefs.h
.interp
__bss_start
01.01
01.01
01.01
01.01
01.01
01.01
.symtab
.strtab
:T(17,1)=e__GCONV_OK:0,__GCONV_NOCONV:1,__GCONV_NODB:2,__GCONV_NOMEM:3,__GCONV_EMPTY_INPUT:4,__GCONV_FULL_OUTPUT:5,__GCONV_ILLEGAL_INPUT:6,__GCONV_INCOMPLETE_INPUT:7,__GCONV_ILLEGAL_DESCRIPTOR:8,__GCONV_INTERNAL_ERROR:9,;
pro.c
init.c
_edata
init.c
.init
.fini
_fini
_init
.dynsym
.dynstr
.stab
.ctors
.dtors
_start
_end
.got
main
fake
PTRh
__pthread_attr_s:T(9,5)=s36__detachstate:(0,1),0,32;__schedpolicy:(0,1),32,32;__schedparam:(10,1),64,32;__inheritsched:(0,1),96,32;__scope:(0,1),128,32;__guardsize:(8,1),160,32;__stackaddr_set:(0,1),192,32;__stackaddr:(0,19),224,32;__stacksize:(8,1),256,32;;

pthread_barrierattr_t:t(9,24)=(9,25)=s4__pshared:(0,1),0,32;;
__libc_start_main@@GLIBC_2.0
pthread_barrier_t:t(9,22)=(9,23)=s20__ba_lock:(9,1),0,64;__ba_required:(0,1),64,32;__ba_present:(0,1),96,32;__ba_waiting:(9,2),128,32;;
pthread_mutexattr_t:t(9,14)=(9,15)=s4__mutexkind:(0,1),0,32;;
pthread_rwlockattr_t:t(9,19)=(9,20)=s8__lockkind:(0,1),0,32;__pshared:(0,1),32,32;;

Symbols
List
initfini.c, gcc2_compiled., call_gmon_start, init.c, crtstuff.c, gcc2_compiled., p.0, __DTOR_LIST__, completed.1, __do_global_dtors_aux, __EH_FRAME_BEGIN__, fini_dummy, object.2, frame_dummy, init_dummy, force_to_data, __CTOR_LIST__, crtstuff.c, gcc2_compiled., __do_global_ctors_aux, __CTOR_END__, init_dummy, force_to_data, __DTOR_END__, __FRAME_END__, initfini.c, gcc2_compiled., pro.c, gcc2_compiled., execl@@GLIBC_2.0, _DYNAMIC, __register_frame_info@@GLIBC_2.0, _fp_hw, _init, __deregister_frame_info@@GLIBC_2.0, _start, __bss_start, main, __libc_start_main@@GLIBC_2.0, strcat@@GLIBC_2.0, data_start, _fini, __cxa_finalize@@GLIBC_2.1.3, exit@@GLIBC_2.0, _edata, _GLOBAL_OFFSET_TABLE_, _end, _IO_stdin_used, fake, __data_start, __gmon_start__, strcpy@@GLIBC_2.0
Number
82
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .interp, .note.ABI-tag, .hash, .dynsym, .dynstr, .gnu.version, .gnu.version_r, .rel.got, .rel.plt, .init, .plt, .text, .fini, .rodata, .data, .eh_frame, .ctors, .dtors, .got, .dynamic, .sbss, .bss, .stab, .stabstr, .comment, .note, .shstrtab, .symtab, .strtab
Number
30
Suspicious
False cancel
Segments
Number
6
Suspicious
False cancel
Compilers
List
gcc2_compiled., /usr/lib/gcc-lib/i386-redhat-linux/2.96/include/stddef.h, GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-79), GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-79), GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-81), GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-81), GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-81), GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-79), gcc2_compiled.
Identified
9
Suspicious
True check_circle
Functions
List
, , execl, @GLIBC_2.0 (2), __register_frame_info, @GLIBC_2.0 (2), __deregister_frame_info, @GLIBC_2.0 (2), __libc_start_main, @GLIBC_2.0 (2), strcat, @GLIBC_2.0 (2), __cxa_finalize, @GLIBC_2.1.3 (3), exit, @GLIBC_2.0 (2), _IO_stdin_used, , __gmon_start__, , strcpy, @GLIBC_2.0 (2), , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , initfini.c, , gcc2_compiled., , call_gmon_start, , init.c, , crtstuff.c, , gcc2_compiled., , p.0, , __DTOR_LIST__, , completed.1, , __do_global_dtors_aux, , __EH_FRAME_BEGIN__, , fini_dummy, , object.2, , frame_dummy, , init_dummy, , force_to_data, , __CTOR_LIST__, , crtstuff.c, , gcc2_compiled., , __do_global_ctors_aux, , __CTOR_END__, , init_dummy, , force_to_data, , __DTOR_END__, , __FRAME_END__, , initfini.c, , gcc2_compiled., , pro.c, , gcc2_compiled., , execl@@GLIBC_2.0, , _DYNAMIC, , __register_frame_info@@GLIBC_2.0, , _fp_hw, , _init, , __deregister_frame_info@@GLIBC_2.0, , _start, , __bss_start, , main, , __libc_start_main@@GLIBC_2.0, , strcat@@GLIBC_2.0, , data_start, , _fini, , __cxa_finalize@@GLIBC_2.1.3, , exit@@GLIBC_2.0, , _edata, , _GLOBAL_OFFSET_TABLE_, , _end, , _IO_stdin_used, , fake, , __data_start, , __gmon_start__, , strcpy@@GLIBC_2.0,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048400
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
6
Offset
52
Section Header
Size
40
Number
30
Offset
11184
AVclass
None
1
VirusTotal
md5
c7c873f5baad56d2889e0c819d73fae6
sha1
c712c6af79b93d1e5afd288e9d9c95e6e760c5e1
SCANS (DETECTION RATE = 70.18%)
AVG
result: ELF:Small-DH [Expl]
update: 20190925
version: 18.4.3895.0
detected: True check_circle

CMC
result: Generic.Win32.c7c873f5ba!MD
update: 20190321
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=97)
update: 20190925
version: 2019.9.16.1
detected: True check_circle

Bkav
update: 20190924
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190925
version: 11.68.32091
detected: False cancel

ALYac
result: Trojan.Exploit.Linux.Small.F
update: 20190925
version: 1.1.1.5
detected: True check_circle

Avast
result: ELF:Small-DH [Expl]
update: 20190925
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20190925
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: Unix/Exploit
update: 20190925
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Linux.Exploit.Small.12
update: 20190925
version: 7.0.41.7240
detected: True check_circle

GData
result: Trojan.Exploit.Linux.Small.F
update: 20190925
version: A:25.23489B:26.16106
detected: True check_circle

Panda
result: Exploit/Small
update: 20190924
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20190925
version: 4.1.0
detected: False cancel

Zoner
update: 20190925
version: 1.0.0.1
detected: False cancel

ClamAV
result: Unix.Malware.Agent-5303082-0
update: 20190925
version: 0.101.4.0
detected: True check_circle

Comodo
result: Malware@#1wrt2jiwxiohy
update: 20190925
version: 31525
detected: True check_circle

F-Prot
result: Unix/Exploit
update: 20190925
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Linux.Exploit
update: 20190925
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Rootkit-T
update: 20190925
version: 6.0.6.653
detected: True check_circle

Rising
result: Hack.Exploit.Small.a (CLASSIC)
update: 20190925
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/FakeProc-A
update: 20190925
version: 4.98.0
detected: True check_circle

Yandex
result: Exploit.Linux.Small.F
update: 20190923
version: 5.5.2.24
detected: True check_circle

Zillya
result: Exploit.Small.Linux.28
update: 20190924
version: 2.0.0.3907
detected: True check_circle

Arcabit
result: Trojan.Exploit.Linux.Small.F
update: 20190925
version: 1.0.0.857
detected: True check_circle

FireEye
result: Trojan.Exploit.Linux.Small.F
update: 20190925
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190925
version: 2019-09-25.01
detected: False cancel

Tencent
result: Linux.Exploit.Small.Taou
update: 20190925
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190925
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: Trojan.Exploit.Linux.Small.F
update: 20190925
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Hacktool.Linux.Small.3!c
update: 20190925
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Exploit.Linux.Small.F (B)
update: 20190925
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20190925
version: 12.0.86.52
detected: False cancel

Fortinet
result: Linux/Small.F!exploit
update: 20190925
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Exploit.Linux.br
update: 20190925
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190925
version: 2013.8.14.323
detected: False cancel

Symantec
result: Hacktool.Rootkit
update: 20190925
version: 1.10.0.0
detected: True check_circle

AhnLab-V3
update: 20190925
version: 3.16.2.25355
detected: False cancel

Antiy-AVL
result: Trojan[Exploit]/Linux.Small.f
update: 20190925
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Exploit.Linux.Small.f
update: 20190925
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20190924
version: 1.0.0.1
detected: False cancel

Microsoft
result: Exploit:Linux/Small.F
update: 20190925
version: 1.1.16400.2
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Exploit.0ba
update: 20190925
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Exploit.Linux.Small.f
update: 20190925
version: 1.0
detected: True check_circle

ESET-NOD32
result: Linux/Exploit.Small.F
update: 20190925
version: 20076
detected: True check_circle

TrendMicro
result: TROJ_Generic
update: 20190925
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.Exploit.Linux.Small.F
update: 20190925
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20190925
version: 11.68.32091
detected: False cancel

SentinelOne
update: 20190807
version: 1.0.31.22
detected: False cancel

Avast-Mobile
update: 20190925
version: 190925-00
detected: False cancel

Malwarebytes
update: 20190925
version: 2.1.1.1115
detected: False cancel

CAT-QuickHeal
result: Linux.Exploit.Small.f
update: 20190924
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Exploit.Elf32.Small.nkcd
update: 20190925
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.Exploit.Linux.Small.F
update: 20190925
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190920
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Rootkit-T
update: 20190925
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_Generic
update: 20190925
version: 10.0.0.1040
detected: True check_circle

total
57
sha256
2ae7a5aea125f1ca5689236da02be0df7412a01f53580e9a84d386bd82eb26bd
scan_id
2ae7a5aea125f1ca5689236da02be0df7412a01f53580e9a84d386bd82eb26bd-1569407865
resource
c7c873f5baad56d2889e0c819d73fae6
positives
40
scan_date
2019-09-25 10:37:45
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 60.66%
suspicious: True check_circle
MLP
confidence: 62.56%
suspicious: True check_circle
SVM
confidence: 75.01%
suspicious: True check_circle