Report #3728 cancel

Binary
ABI
ELFOSABI_SYSV
Size
7.30KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
f1f4fa48853f046dbff9256692ec0024
sha1
5176828d8fc3e877a8072911581eed7893732082
crc32
0x7d926e07
sha224
0e3e8113811e8cf718fc619eaf0af5b8b45538188457d38f23cdbe47
sha256
56951938791091499002bd2c11a267791117fc58c440276bf413cc28f63c339d
sha384
7871ec336db5ca97188ff4b4eae5a0e7379c5d343d7d60ec45400440f3e2e0dfe86c7e05081c6246f4a4f80b8a65b161
sha512
f01dede5ceba89d8aa6051787745b5387c2009110372bba22f1c28668cf90299c71d91464bba93498e6386a564fac17a1025285c1f0ff3c8d38e33ae7ab892d0
ssdeep
96:fAw4Fbp4giW5SoWlBsiO7mW25Fk3AOkvdE7f770a4BktoBZ:f60g95IlpO7+bOlf68o/
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc

Password

Suspicious
False cancel
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs
/lib/ld-linux.so.2
Mails

Suspicious
True check_circle
Strings
List
.note.gnu.build-id
.gnu.hash
libc.so.6
.rel.plt
.got.plt
.rel.dyn
/lib/ld-linux.so.2
Shellcode Length: %d
_Jv_RegisterClasses
register_tm_clones
deregister_tm_clones
_ITM_deregisterTMCloneTable
_ITM_registerTMCloneTable
GLIBC_2.0
.comment
__FRAME_END__
_GLOBAL_OFFSET_TABLE_
_DYNAMIC
__TMC_END__
__JCR_END__
__JCR_LIST__
__frame_dummy_init_array_entry
Qhfileh/outh/tmp
frame_dummy
data_start
.dynamic
__gmon_start__
__gmon_start__
Qhsswdhc/pah//et
.note.ABI-tag
.gnu.version
.shstrtab
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
_IO_stdin_used
_IO_stdin_used
crtstuff.c
__libc_start_main
__init_array_start
__do_global_dtors_aux
.gnu.version_r
__dso_handle
__data_start
.rodata
__init_array_end
__libc_csu_init
__libc_csu_fini
.interp
__bss_start
.symtab
.strtab
_edata
_init
_fini
.fini
.init
.dynstr
.dynsym
_start
_end
.got
code
main
[^_]
PTRh
__libc_start_main@@GLIBC_2.0
printf@@GLIBC_2.0
completed.6590
strlen@@GLIBC_2.0
GCC: (Ubuntu 4.8.2-19ubuntu1) 4.8.2
__do_global_dtors_aux_fini_array_entry
__x86.get_pc_thunk.bx
.data
printf
strlen
;*2$"
4 (
5.3.c
.text
_fp_hw
.bss
.jcr
QVhM

Symbols
List
crtstuff.c, __JCR_LIST__, deregister_tm_clones, register_tm_clones, __do_global_dtors_aux, completed.6590, __do_global_dtors_aux_fini_array_entry, frame_dummy, __frame_dummy_init_array_entry, 5.3.c, crtstuff.c, __FRAME_END__, __JCR_END__, __init_array_end, _DYNAMIC, __init_array_start, _GLOBAL_OFFSET_TABLE_, __libc_csu_fini, _ITM_deregisterTMCloneTable, __x86.get_pc_thunk.bx, data_start, printf@@GLIBC_2.0, _edata, _fini, __data_start, __gmon_start__, __dso_handle, _IO_stdin_used, strlen@@GLIBC_2.0, __libc_start_main@@GLIBC_2.0, __libc_csu_init, _end, _start, _fp_hw, __bss_start, main, _Jv_RegisterClasses, __TMC_END__, _ITM_registerTMCloneTable, _init, code
Number
69
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .interp, .note.ABI-tag, .note.gnu.build-id, .gnu.hash, .dynsym, .dynstr, .gnu.version, .gnu.version_r, .rel.dyn, .rel.plt, .init, .plt, .text, .fini, .rodata, .eh_frame_hdr, .eh_frame, .init_array, .fini_array, .jcr, .dynamic, .got, .got.plt, .data, .bss, .comment, .shstrtab, .symtab, .strtab
Number
30
Suspicious
False cancel
Segments
Number
9
Suspicious
False cancel
Compilers
List
GCC: (Ubuntu 4.8.2-19ubuntu1) 4.8.2
Identified
1
Suspicious
False cancel
Functions
List
, , printf, @GLIBC_2.0 (2), __gmon_start__, , strlen, @GLIBC_2.0 (2), __libc_start_main, @GLIBC_2.0 (2), _IO_stdin_used, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , crtstuff.c, , __JCR_LIST__, , deregister_tm_clones, , register_tm_clones, , __do_global_dtors_aux, , completed.6590, , __do_global_dtors_aux_fini_array_entry, , frame_dummy, , __frame_dummy_init_array_entry, , 5.3.c, , crtstuff.c, , __FRAME_END__, , __JCR_END__, , , , __init_array_end, , _DYNAMIC, , __init_array_start, , _GLOBAL_OFFSET_TABLE_, , __libc_csu_fini, , _ITM_deregisterTMCloneTable, , __x86.get_pc_thunk.bx, , data_start, , printf@@GLIBC_2.0, , _edata, , _fini, , __data_start, , __gmon_start__, , __dso_handle, , _IO_stdin_used, , strlen@@GLIBC_2.0, , __libc_start_main@@GLIBC_2.0, , __libc_csu_init, , _end, , _start, , _fp_hw, , __bss_start, , main, , _Jv_RegisterClasses, , __TMC_END__, , _ITM_registerTMCloneTable, , _init, , code,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048350
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
9
Offset
52
Section Header
Size
40
Number
30
Offset
4556
AVclass
None
1
VirusTotal
md5
f1f4fa48853f046dbff9256692ec0024
sha1
5176828d8fc3e877a8072911581eed7893732082
SCANS (DETECTION RATE = 16.95%)
AVG
result: ELF:ShellCode-AB [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

CMC
update: 20170805
version: 1.1.0.977
detected: False cancel

MAX
update: 20170807
version: 2017.6.26.1
detected: False cancel

Bkav
update: 20170807
version: 1.3.0.9282
detected: False cancel

K7GW
update: 20170807
version: 10.20.24212
detected: False cancel

ALYac
update: 20170807
version: 1.1.1.2
detected: False cancel

Avast
result: ELF:ShellCode-AB [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

Avira
result: LINUX/ShellCode.jtvyo
update: 20170807
version: 8.3.3.4
detected: True check_circle

Baidu
update: 20170807
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170807
version: 5.4.30.7
detected: False cancel

DrWeb
update: 20170807
version: 7.0.28.2020
detected: False cancel

GData
result: Linux.Trojan.Agent.1H05R4
update: 20170807
version: A:25.13734B:25.10170
detected: True check_circle

Panda
update: 20170807
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170803
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170807
version: 60118
detected: False cancel

Zoner
update: 20170807
version: 1.0
detected: False cancel

AVware
update: 20170807
version: 1.5.0.42
detected: False cancel

ClamAV
update: 20170807
version: 0.99.2.0
detected: False cancel

Comodo
update: 20170807
version: 27566
detected: False cancel

F-Prot
update: 20170807
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Shellcode
update: 20170807
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.dx
update: 20170807
version: 6.0.6.653
detected: True check_circle

Rising
update: 20170807
version: 25.0.0.1
detected: False cancel

Sophos
update: 20170807
version: 4.98.0
detected: False cancel

Yandex
update: 20170801
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170806
version: 2.0.0.3355
detected: False cancel

Arcabit
update: 20170807
version: 1.0.0.817
detected: False cancel

Tencent
update: 20170807
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20170807
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170807
version: 1.0.0.207
detected: False cancel

Ad-Aware
update: 20170807
version: 3.0.3.1010
detected: False cancel

AegisLab
update: 20170807
version: 4.2
detected: False cancel

Emsisoft
update: 20170807
version: 4.0.1.883
detected: False cancel

F-Secure
update: 20170807
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20170807
version: 5.4.247.0
detected: False cancel

Jiangmin
update: 20170807
version: 16.0.100
detected: False cancel

Kingsoft
update: 20170807
version: 2013.8.14.323
detected: False cancel

Symantec
update: 20170807
version: 1.4.0.0
detected: False cancel

nProtect
update: 20170807
version: 2017-08-07.02
detected: False cancel

AhnLab-V3
update: 20170807
version: 3.9.2.18278
detected: False cancel

Antiy-AVL
update: 20170807
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20170807
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20170807
version: 1.1.14003.0
detected: False cancel

Qihoo-360
result: Win32/Trojan.ddf
update: 20170807
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170806
version: 6.8.0.5.1813
detected: False cancel

ZoneAlarm
update: 20170807
version: 1.0
detected: False cancel

ESET-NOD32
result: a variant of Linux/Shellcode.AF
update: 20170807
version: 15873
detected: True check_circle

TrendMicro
update: 20170807
version: 9.862.0.1074
detected: False cancel

WhiteArmor
update: 20170731
detected: False cancel

BitDefender
update: 20170807
version: 7.2
detected: False cancel

K7AntiVirus
update: 20170807
version: 10.20.24214
detected: False cancel

Malwarebytes
update: 20170807
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170807
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170807
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20170807
version: 1.0.94.18103
detected: False cancel

MicroWorld-eScan
update: 20170807
version: 12.0.250.0
detected: False cancel

SUPERAntiSpyware
update: 20170807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic.dx
update: 20170807
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R03KH0CH317
update: 20170807
version: 9.950.0.1006
detected: True check_circle

total
59
sha256
56951938791091499002bd2c11a267791117fc58c440276bf413cc28f63c339d
scan_id
56951938791091499002bd2c11a267791117fc58c440276bf413cc28f63c339d-1502107226
resource
f1f4fa48853f046dbff9256692ec0024
positives
10
scan_date
2017-08-07 12:00:26
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 67.13%
suspicious: False cancel
MLP
confidence: 66.17%
suspicious: False cancel
SVM
confidence: 81.38%
suspicious: False cancel