Report #3483 cancel

Binary
ABI
ELFOSABI_SYSV
Size
48.59KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
eb62e6bc217695e59f5340a433199ac5
sha1
769fb2c98098492c2aa1a1750dbffbdb86934e29
crc32
0x3190b6ae
sha224
78adae0927ede215aeb8ede90bc7db6708ad79a15be7d789a5b2717f
sha256
2e2730abbff1dec022f0592a2524484c9880aa05ff754a23f836f2cae66b82de
sha384
0bc756da8247a149e33d79b9af9e797d462a76a900b4443ea625a20ef97edd1a040513fb138c76f72d53baa05aee4af3
sha512
025076d901a0be4279705f6d88973829a99b49eaafec0bb31af8a1a825223039dda300fbe3d159288bc3ecf491ea883c8854a07c821f227d718d607294a0e250
ssdeep
768:Ii+liNWE5NttVEi4Ws5BkbVTco8Ul/Wfd/0A6SDZkLKI:IiK25NttVEi4WszsVTc6WV/0A6OZk
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/tcp
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs

Mails

Suspicious
False cancel
Strings
List
HTTP/1.1
User-Agent:
/proc/net/tcp
Cookie:
http
Host:
POST /cdn-cgi/
POST
AJWLIGF"
LAMPPGAV"
WPNGLAMFGF"
/dev/watchdog
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
.shstrtab
/dev/null
egvnmacnkr"
nmnlmevdm"
.rodata
GLAMFKLE
nCLEWCEG
jvvrdnmmf"
aMLLGAVKML
LCOGQGPTGP
AMLLGAVKML
ANMWFDNCPG
NMACVKML
CRRNKACVKML
CRRNKACVKML
CRRNKACVKML
AMLD"
NWDD[@MV
uEzAs"
CLKOG"
.init
.fini
KOCEG
AMMIKG
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
.dtors
.ctors
AtSB1
cAAGRV
cAAGRV
aJPMOG
aJPMOG
aJPMOG
aJPMOG
NGLEVJ
eGAIM
eGAIM
eGAIM
eGAIM
eGAIM
CNKTG"
DMWLF"
,[^_]
PPSht8
RPMA
DMPO
;ctYf
wet]
9|$$
CRRNGV
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[[^_
[^_]
[^_]
^[^_
[^_]
[^_]
[^_]
[^_]
;\$$
[^_]
[^_]
[^_]
PTRh
/dev/misc/watchdog
abcdefghijklmnopqrstuvw012345678

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .ctors, .dtors, .data, .bss, .shstrtab
Number
10
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List

Identified
0
Suspicious
False cancel
Functions
List

Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
10
Offset
49356
AVclass
mirai
1
VirusTotal
md5
eb62e6bc217695e59f5340a433199ac5
sha1
769fb2c98098492c2aa1a1750dbffbdb86934e29
SCANS (DETECTION RATE = 42.37%)
AVG
result: ELF:Mirai-A [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

CMC
update: 20170805
version: 1.1.0.977
detected: False cancel

MAX
update: 20170807
version: 2017.6.26.1
detected: False cancel

Bkav
update: 20170807
version: 1.3.0.9282
detected: False cancel

K7GW
update: 20170807
version: 10.20.24215
detected: False cancel

ALYac
update: 20170807
version: 1.1.1.2
detected: False cancel

Avast
result: ELF:Mirai-A [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

Avira
result: LINUX/Mirai.bzuyh
update: 20170807
version: 8.3.3.4
detected: True check_circle

Baidu
update: 20170807
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170807
version: 5.4.30.7
detected: False cancel

DrWeb
result: Linux.Mirai.754
update: 20170807
version: 7.0.28.2020
detected: True check_circle

GData
result: Linux.Trojan.Agent.YCNNKA
update: 20170807
version: A:25.13734B:25.10170
detected: True check_circle

Panda
update: 20170807
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170803
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170807
version: 60118
detected: False cancel

Zoner
update: 20170807
version: 1.0
detected: False cancel

AVware
update: 20170807
version: 1.5.0.42
detected: False cancel

ClamAV
result: Unix.Trojan.Mirai-5932143-0
update: 20170807
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20170807
version: 27567
detected: False cancel

F-Prot
update: 20170807
version: 4.7.1.166
detected: False cancel

Ikarus
result: Linux.Mirai
update: 20170807
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Mirai
update: 20170807
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Mirai!1.AA81 (classic)
update: 20170807
version: 25.0.0.1
detected: True check_circle

Sophos
result: Linux/DDoS-CI
update: 20170807
version: 4.98.0
detected: True check_circle

Yandex
update: 20170801
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170806
version: 2.0.0.3355
detected: False cancel

Arcabit
update: 20170807
version: 1.0.0.817
detected: False cancel

Tencent
result: Linux.Backdoor.Mirai.Alsc
update: 20170807
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20170807
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170807
version: 1.0.0.207
detected: False cancel

Ad-Aware
update: 20170807
version: 3.0.3.1010
detected: False cancel

AegisLab
result: Backdoor.Linux.Mirai!c
update: 20170807
version: 4.2
detected: True check_circle

Emsisoft
update: 20170807
version: 4.0.1.883
detected: False cancel

F-Secure
update: 20170807
version: 11.0.19100.45
detected: False cancel

Fortinet
result: ELF/Mirai.B!tr
update: 20170807
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Backdoor.Linux.hcs
update: 20170807
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20170807
version: 2013.8.14.323
detected: False cancel

Symantec
result: Linux.Mirai
update: 20170807
version: 1.4.0.0
detected: True check_circle

nProtect
update: 20170807
version: 2017-08-07.02
detected: False cancel

AhnLab-V3
update: 20170807
version: 3.9.2.18278
detected: False cancel

Antiy-AVL
result: Trojan[Backdoor]/Linux.Mirai.a
update: 20170807
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Backdoor.Linux.Mirai.a
update: 20170807
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Backdoor:Linux/Mirai.B
update: 20170807
version: 1.1.14003.0
detected: True check_circle

Qihoo-360
result: virus.elf.mirai.c
update: 20170807
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170806
version: 6.8.0.5.1813
detected: False cancel

ZoneAlarm
result: Backdoor.Linux.Mirai.a
update: 20170807
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Mirai.A
update: 20170807
version: 15873
detected: True check_circle

TrendMicro
result: TROJ_GEN.R03KC0CH317
update: 20170807
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20170731
detected: False cancel

BitDefender
update: 20170807
version: 7.2
detected: False cancel

K7AntiVirus
update: 20170807
version: 10.20.24214
detected: False cancel

Malwarebytes
update: 20170807
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170807
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170807
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.Mirai.eoftah
update: 20170807
version: 1.0.94.18103
detected: True check_circle

MicroWorld-eScan
update: 20170807
version: 12.0.250.0
detected: False cancel

SUPERAntiSpyware
update: 20170807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Mirai
update: 20170807
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R03KC0CH317
update: 20170807
version: 9.950.0.1006
detected: True check_circle

total
59
sha256
2e2730abbff1dec022f0592a2524484c9880aa05ff754a23f836f2cae66b82de
scan_id
2e2730abbff1dec022f0592a2524484c9880aa05ff754a23f836f2cae66b82de-1502108456
resource
eb62e6bc217695e59f5340a433199ac5
positives
25
scan_date
2017-08-07 12:20:56
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.86%
suspicious: True check_circle
SVM
confidence: 95.80%
suspicious: True check_circle