Report #3572 cancel

Binary
ABI
ELFOSABI_SYSV
Size
54.53KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
590ca4125cb75869f78fd6935d605f88
sha1
268689a18f27ef71fafb9a867a993073ba8b3e0d
crc32
0x84be158a
sha224
72e97c23a332351e32a7f646f6c9c60dc4b6075f4de27506059a581f
sha256
3cc675113fa372d9ec7453f0e7ce99c443252cb4653721a62b158e06f5368540
sha384
d7f0c55b90ac71fbfb497627d24e077e217fa1c209c813c8558a6bafe7bfee0da051c3bdaf4778264088a03e217b3cf0
sha512
7840eed21d95db59b5c6f7441c73c20b218807906b40db4f505d7284cf8883d7bcacb9847f0ed985a8122296e8333979b6d3837d361d4d21b23d81be9c6c8fb7
ssdeep
1536:d6EwVWibZ6uzpNrmvFtWbF3F6WCTZrt+xc:QVWYZ6uzv4FKF3F6WoZrQq
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, is__elf, Mirai_3

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/tcp
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs

Mails

Suspicious
False cancel
Strings
List
HTTP/1.1
User-Agent:
/proc/net/tcp
Cookie:
http
Host:
POST /cdn-cgi/
POST
AJWLIGF"
LAMPPGAV"
WPNGLAMFGF"
/dev/watchdog
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
.shstrtab
/dev/null
egvnmacnkr"
nmnlmevdm"
.rodata
QOACFOKL
nCLEWCEG
GLAMFKLE
jvvrdnmmf"
LCOGQGPTGP
aMLLGAVKML
ANMWFDNCPG
AMLLGAVKML
HWCLVGAJ
NMACVKML
CRRNKACVKML
CRRNKACVKML
CRRNKACVKML
AMLD"
uEzAs"
CLKOG"
PGCNVGI
assword
.init
.fini
KOCEG
AMMIKG
DWAIGP
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
.ctors
.dtors
AtSB1
enter
aJPMOG
cAAGRV
aJPMOG
aJPMOG
cAAGRV
aJPMOG
NGLEVJ
WHoIM
eGAIM
WHoIM
eGAIM
eGAIM
eGAIM
eGAIM
CFOKL
CFOKL
CFOKL
CNKTG"
DMWLF"
,[^_]
FGDCWNV
CLIM
DMPO
RPMA
;ctYf
wet]
ogin
9|$$
CRRNGV
[^_]
[^_]
[^_]
[^_]
[^_]
;\$$
[^_]
_[^_
^[^_
[[^_
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .ctors, .dtors, .data, .bss, .shstrtab
Number
10
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List

Identified
0
Suspicious
False cancel
Functions
List

Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
10
Offset
55440
AVclass
mirai
1
VirusTotal
md5
590ca4125cb75869f78fd6935d605f88
sha1
268689a18f27ef71fafb9a867a993073ba8b3e0d
SCANS (DETECTION RATE = 64.91%)
AVG
result: ELF:Mirai-A [Trj]
update: 20190530
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=97)
update: 20190530
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20190529
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190530
version: 11.46.31064
detected: False cancel

Avast
result: ELF:Mirai-A [Trj]
update: 20190530
version: 18.4.3895.0
detected: True check_circle

Avira
result: LINUX/Mirai.bonc
update: 20190530
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190530
version: 6.2.0.1
detected: False cancel

DrWeb
result: Linux.Mirai.2253
update: 20190530
version: 7.0.34.11020
detected: True check_circle

GData
result: Linux.Trojan.Mirai.B
update: 20190530
version: A:25.22167B:25.15201
detected: True check_circle

Panda
update: 20190529
version: 4.6.4.2
detected: False cancel

VBA32
update: 20190529
version: 4.0.0
detected: False cancel

VIPRE
update: 20190529
version: 75364
detected: False cancel

Zoner
update: 20190529
version: 1.0
detected: False cancel

ClamAV
result: Unix.Trojan.Mirai-1
update: 20190529
version: 0.101.2.0
detected: True check_circle

Comodo
result: Malware@#1zc6bltgrrorv
update: 20190530
version: 30943
detected: True check_circle

F-Prot
update: 20190530
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Mirai
update: 20190529
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Mirai
update: 20190530
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Mirai!1.AB17 (CLASSIC)
update: 20190530
version: 25.0.0.24
detected: True check_circle

Sophos
result: Linux/DDoS-CI
update: 20190530
version: 4.98.0
detected: True check_circle

Zillya
update: 20190529
version: 2.0.0.3821
detected: False cancel

Arcabit
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 1.0.0.846
detected: True check_circle

FireEye
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190530
version: 2019-05-30.01
detected: False cancel

Tencent
result: Backdoor.Linux.Mirai.wan
update: 20190530
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190530
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Linux.Mirai.4!c
update: 20190530
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Linux.Backdoor.C (B)
update: 20190530
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Malware.LINUX/Mirai.bonc
update: 20190530
version: 12.0.86.52
detected: True check_circle

Fortinet
result: ELF/Mirai.A!tr
update: 20190530
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Backdoor.Linux.avpl
update: 20190529
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190530
version: 2013.8.14.323
detected: False cancel

Symantec
result: Linux.Mirai
update: 20190530
version: 1.9.0.0
detected: True check_circle

AhnLab-V3
result: Linux/Mirai.55840
update: 20190530
version: 3.15.2.24252
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Linux.Gafgyt.x
update: 20190530
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Mirai.n
update: 20190530
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Backdoor:Linux/Mirai.B
update: 20190530
version: 1.1.15900.4
detected: True check_circle

Qihoo-360
result: virus.elf.mirai.b
update: 20190530
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20190530
version: 6.8.0.5.4241
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Mirai.n
update: 20190530
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Mirai.A
update: 20190530
version: 19439
detected: True check_circle

TrendMicro
result: ELF_MIRAI.SM1
update: 20190530
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20190529
version: 11.46.31063
detected: False cancel

SentinelOne
result: DFI - Malicious ELF
update: 20190511
version: 1.0.26.329
detected: True check_circle

Avast-Mobile
result: ELF:Mirai-AH [Trj]
update: 20190529
version: 190529-04
detected: True check_circle

Malwarebytes
update: 20190530
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190530
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190529
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Elf32.Mirai.eoexag
update: 20190529
version: 1.0.134.24826
detected: True check_circle

MicroWorld-eScan
result: Trojan.Linux.Backdoor.C
update: 20190530
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190528
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Mirai
update: 20190530
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: ELF_MIRAI.SM1
update: 20190530
version: 10.0.0.1040
detected: True check_circle

total
57
sha256
3cc675113fa372d9ec7453f0e7ce99c443252cb4653721a62b158e06f5368540
scan_id
3cc675113fa372d9ec7453f0e7ce99c443252cb4653721a62b158e06f5368540-1559196326
resource
590ca4125cb75869f78fd6935d605f88
positives
37
scan_date
2019-05-30 06:05:26
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.86%
suspicious: True check_circle
SVM
confidence: 95.80%
suspicious: True check_circle