Report #3482 cancel

Binary
ABI
ELFOSABI_SYSV
Size
52.66KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
ce6606aff683266dc8a5846e9bb1dbf1
sha1
c34fc374060c5385985879adfd21fdb4990ee95c
crc32
0xb2fbc596
sha224
c8e21b23174cfc98b78da9c24ec012278f952c3026b43b0086334af1
sha256
2d1985e971af7c64f2a39974a4c05ec0e4807b57c29f825fbcdc07c934860527
sha384
6d47b0814389cd82e0930aabcd6ae87e7a329ad555cd15171f3ceebf5853b3fd94e35db3116498e1a4f82f2121119a5d
sha512
79f4690583e141a96689e161d4154cdbeb82cf05fd69a26f94682172cffed5045298826e0b21ebca9ad1b807cbdaa28085f69d8ac4202da1f960575642fbb615
ssdeep
1536:eDK7xTvpttImMenvIgoL4FWBYrj06id8:eDgxLpttIAvIgoLWWOrj5i+
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, Mirai_2, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/tcp
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs

Mails

Suspicious
False cancel
Strings
List
HTTP/1.1
User-Agent:
/proc/net/tcp
Cookie:
http
Host:
POST /cdn-cgi/
POST
AJWLIGF"
LAMPPGAV"
WPNGLAMFGF"
/dev/watchdog
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
.shstrtab
/dev/null
nmnlmevdm"
egvnmacnkr"
.rodata
nCLEWCEG
GLAMFKLE
jvvrdnmmf"
GRKAPMWVGP
ANMWFDNCPG
aMLLGAVKML
LCOGQGPTGP
AMLLGAVKML
HWCLVGAJ
NMACVKML
CRRNKACVKML
CRRNKACVKML
CRRNKACVKML
AMLD"
uEzAs"
CLKOG"
assword
.fini
.init
KOCEG
AMMIKG
MRGPCVMP
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
.dtors
.ctors
AtSB1
enter
aJPMOG
cAAGRV
aJPMOG
cAAGRV
aJPMOG
aJPMOG
NGLEVJ
OGPNKL
eGAIM
eGAIM
eGAIM
eGAIM
eGAIM
CFOKL
CFOKL
CFOKL
DMWLF"
CNKTG"
,[^_]
FGDCWNV
DMWLFGP
RPMA
DMPO
D$LhmC
wet]
ogin
9|$$
CRRNGV
[^_]
[^_]
[^_]
;\$$
_[^_
[^_]
^[^_
[[^_
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .ctors, .dtors, .data, .bss, .shstrtab
Number
10
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List

Identified
0
Suspicious
False cancel
Functions
List

Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
10
Offset
53520
AVclass
mirai
1
VirusTotal
md5
ce6606aff683266dc8a5846e9bb1dbf1
sha1
c34fc374060c5385985879adfd21fdb4990ee95c
SCANS (DETECTION RATE = 64.29%)
CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20190808
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190808
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190808
version: 11.59.31671
detected: False cancel

ALYac
result: Trojan.Linux.Backdoor.C
update: 20190808
version: 1.1.1.5
detected: True check_circle

Avira
result: LINUX/Mirai.bonc
update: 20190808
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190808
version: 6.2.0.1
detected: False cancel

DrWeb
result: Linux.Mirai.2253
update: 20190808
version: 7.0.41.7240
detected: True check_circle

GData
result: Linux.Trojan.Mirai.B
update: 20190808
version: A:25.23018B:26.15738
detected: True check_circle

Panda
update: 20190807
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190807
version: 4.0.0
detected: False cancel

VIPRE
version: None
detected: False cancel

Zoner
update: 20190807
version: 1.0.0.1
detected: False cancel

ClamAV
result: Unix.Trojan.Mirai-1
update: 20190807
version: 0.101.3.0
detected: True check_circle

Comodo
result: Malware@#6rhr8xddpfle
update: 20190808
version: 31289
detected: True check_circle

F-Prot
update: 20190808
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Mirai
update: 20190807
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Mirai
update: 20190808
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Linux/Mirai!1.B311 (CLASSIC)
update: 20190808
version: 25.0.0.24
detected: True check_circle

Sophos
result: Linux/DDoS-CI
update: 20190808
version: 4.98.0
detected: True check_circle

Yandex
update: 20190807
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Mirai.Linux.714
update: 20190807
version: 2.0.0.3871
detected: True check_circle

Arcabit
result: Trojan.Linux.Backdoor.C
update: 20190808
version: 1.0.0.856
detected: True check_circle

FireEye
result: Trojan.Linux.Backdoor.C
update: 20190808
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190808
version: 2019-08-08.01
detected: False cancel

Tencent
result: Backdoor.Linux.Mirai.wan
update: 20190808
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190808
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: Trojan.Linux.Backdoor.C
update: 20190808
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Linux.Mirai.4!c
update: 20190808
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Linux.Backdoor.C (B)
update: 20190808
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Malware.LINUX/Mirai.bonc
update: 20190807
version: 12.0.86.52
detected: True check_circle

Jiangmin
result: Backdoor.Linux.rji
update: 20190808
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190808
version: 2013.8.14.323
detected: False cancel

Symantec
result: Linux.Mirai
update: 20190808
version: 1.10.0.0
detected: True check_circle

AhnLab-V3
result: Linux/Mirai.Gen
update: 20190808
version: 3.16.0.24856
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Linux.Mirai.c
update: 20190808
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Mirai.n
update: 20190808
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20190803
version: 1.0.0.1
detected: False cancel

Microsoft
result: Backdoor:Linux/Mirai.B
update: 20190808
version: 1.1.16200.1
detected: True check_circle

Qihoo-360
result: virus.elf.mirai.c
update: 20190808
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.Linux.Mirai.n
update: 20190808
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Mirai.A
update: 20190808
version: 19818
detected: True check_circle

TrendMicro
result: ELF_MIRAI.SM1
update: 20190808
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.Linux.Backdoor.C
update: 20190808
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20190808
version: 11.59.31671
detected: False cancel

SentinelOne
result: DFI - Malicious ELF
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
result: ELF:Mirai-AJO [Trj]
update: 20190807
version: 190807-00
detected: True check_circle

Malwarebytes
update: 20190808
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190808
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190807
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Elf32.Mirai.eokqoa
update: 20190808
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.Linux.Backdoor.C
update: 20190808
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190802
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Mirai
update: 20190808
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: ELF_MIRAI.SM1
update: 20190808
version: 10.0.0.1040
detected: True check_circle

total
56
sha256
2d1985e971af7c64f2a39974a4c05ec0e4807b57c29f825fbcdc07c934860527
scan_id
2d1985e971af7c64f2a39974a4c05ec0e4807b57c29f825fbcdc07c934860527-1565246116
resource
ce6606aff683266dc8a5846e9bb1dbf1
positives
36
scan_date
2019-08-08 06:35:16
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.86%
suspicious: True check_circle
SVM
confidence: 95.80%
suspicious: True check_circle