Report #3734 cancel

Binary
ABI
ELFOSABI_SYSV
Size
52.59KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
1418702d519da82756547929122edfaf
sha1
5269eae1ad41e2ff2e699317cfb05e0d9079d9eb
crc32
0x512bb4e
sha224
3cf8b6f23f6aeec73b66220fe81c725538d98b5114382a60d702485a
sha256
6c360b5b7d1b2f51af2b0d2ffd441f37440a7752e9773df0744f986fd8624136
sha384
7858ddcfd0abf08a03a1997a4f8aca130f60f18eee3624d2e5738dbb8d23a58693bf0ded0e54d7126116e1cfb414f2aa
sha512
6273995d8ada4884f6ecffd59a343fb0a2eaea0973c33fa3da713c579e576de193530994b516ac3bb27162a79bb9c5494ba5246a4fb4689cfc87ef49972c302b
ssdeep
1536:ulEcvpGGs4HIOM/YMRp7DBnuJO0Otx3mEBCkYj:ulEss4oOM/YMRNDBF0OtlmEBCkA
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/tcp
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs

Mails

Suspicious
False cancel
Strings
List
HTTP/1.1
User-Agent:
/proc/net/tcp
Cookie:
http
Host:
POST /cdn-cgi/
POST
AJWLIGF"
LAMPPGAV"
WPNGLAMFGF"
/dev/watchdog
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
.shstrtab
/dev/null
nmnlmevdm"
egvnmacnkr"
.rodata
GLAMFKLE
nCLEWCEG
At&B1
jvvrdnmmf"
AMLLGAVKML
ANMWFDNCPG
aMLLGAVKML
LCOGQGPTGP
NMACVKML
CRRNKACVKML
CRRNKACVKML
CRRNKACVKML
AMLD"
uEzAs"
CLKOG"
.fini
.init
KOCEG
AMMIKG
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
.dtors
.ctors
\$Th<P
aJPMOG
aJPMOG
cAAGRV
cAAGRV
aJPMOG
aJPMOG
NGLEVJ
t$$hlP
eGAIM
eGAIM
eGAIM
eGAIM
eGAIM
DMWLF"
CNKTG"
|[^_]
DMPO
RPMA
PPShTK
,0<
CRRNGV
[^_]
^[^_
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
_[^_
[^_]
PTRh
/dev/misc/watchdog
abcdefghijklmnopqrstuvw012345678
.data
LGWTMQVMNKKVVM
D$0f@t

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .ctors, .dtors, .data, .bss, .shstrtab
Number
10
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List

Identified
0
Suspicious
False cancel
Functions
List

Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048168
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
10
Offset
53452
AVclass
mirai
1
VirusTotal
md5
1418702d519da82756547929122edfaf
sha1
5269eae1ad41e2ff2e699317cfb05e0d9079d9eb
SCANS (DETECTION RATE = 38.98%)
AVG
result: ELF:Mirai-A [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

CMC
update: 20170805
version: 1.1.0.977
detected: False cancel

MAX
update: 20170807
version: 2017.6.26.1
detected: False cancel

Bkav
update: 20170807
version: 1.3.0.9282
detected: False cancel

K7GW
update: 20170807
version: 10.20.24212
detected: False cancel

ALYac
update: 20170807
version: 1.1.1.2
detected: False cancel

Avast
result: ELF:Mirai-A [Trj]
update: 20170807
version: 8.0.1489.320
detected: True check_circle

Avira
result: LINUX/Mirai.vsdfg
update: 20170807
version: 8.3.3.4
detected: True check_circle

Baidu
update: 20170807
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170807
version: 5.4.30.7
detected: False cancel

DrWeb
result: Linux.Mirai.97
update: 20170807
version: 7.0.28.2020
detected: True check_circle

GData
result: Linux.Trojan.Agent.CG68DM
update: 20170807
version: A:25.13734B:25.10170
detected: True check_circle

Panda
update: 20170807
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170803
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170807
version: 60118
detected: False cancel

Zoner
update: 20170807
version: 1.0
detected: False cancel

AVware
update: 20170807
version: 1.5.0.42
detected: False cancel

ClamAV
result: Unix.Trojan.Mirai-5932143-0
update: 20170807
version: 0.99.2.0
detected: True check_circle

Comodo
result: UnclassifiedMalware
update: 20170807
version: 27567
detected: True check_circle

F-Prot
update: 20170807
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Mirai
update: 20170807
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Mirai
update: 20170807
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Mirai!1.AA81 (classic)
update: 20170807
version: 25.0.0.1
detected: True check_circle

Sophos
result: Linux/DDoS-CI
update: 20170807
version: 4.98.0
detected: True check_circle

Yandex
update: 20170801
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170806
version: 2.0.0.3355
detected: False cancel

Arcabit
update: 20170807
version: 1.0.0.817
detected: False cancel

Tencent
update: 20170807
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20170807
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170807
version: 1.0.0.207
detected: False cancel

Ad-Aware
update: 20170807
version: 3.0.3.1010
detected: False cancel

AegisLab
result: Elf.Mirai.Sm1!c
update: 20170807
version: 4.2
detected: True check_circle

Emsisoft
update: 20170807
version: 4.0.1.883
detected: False cancel

F-Secure
update: 20170807
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20170807
version: 5.4.247.0
detected: False cancel

Jiangmin
update: 20170807
version: 16.0.100
detected: False cancel

Kingsoft
update: 20170807
version: 2013.8.14.323
detected: False cancel

Symantec
result: Linux.Mirai
update: 20170807
version: 1.4.0.0
detected: True check_circle

nProtect
update: 20170807
version: 2017-08-07.02
detected: False cancel

AhnLab-V3
update: 20170807
version: 3.9.2.18278
detected: False cancel

Antiy-AVL
result: Trojan/Linux.TSGeneric
update: 20170807
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Mirai.i
update: 20170807
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Backdoor:Win32/Mirai!rfn
update: 20170807
version: 1.1.14003.0
detected: True check_circle

Qihoo-360
result: virus.elf.mirai.c
update: 20170807
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170806
version: 6.8.0.5.1813
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Mirai.i
update: 20170807
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Mirai.A
update: 20170807
version: 15873
detected: True check_circle

TrendMicro
result: ELF_MIRAI.SM1
update: 20170807
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20170731
detected: False cancel

BitDefender
update: 20170807
version: 7.2
detected: False cancel

K7AntiVirus
update: 20170807
version: 10.20.24214
detected: False cancel

Malwarebytes
update: 20170807
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170807
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170807
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.Mirai.eoitno
update: 20170807
version: 1.0.94.18103
detected: True check_circle

MicroWorld-eScan
update: 20170807
version: 12.0.250.0
detected: False cancel

SUPERAntiSpyware
update: 20170807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Mirai
update: 20170807
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: ELF_MIRAI.SM1
update: 20170807
version: 9.950.0.1006
detected: True check_circle

total
59
sha256
6c360b5b7d1b2f51af2b0d2ffd441f37440a7752e9773df0744f986fd8624136
scan_id
6c360b5b7d1b2f51af2b0d2ffd441f37440a7752e9773df0744f986fd8624136-1502107852
resource
1418702d519da82756547929122edfaf
positives
23
scan_date
2017-08-07 12:10:52
verbose_msg
Scan finished, information embedded
response_code
1
Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.86%
suspicious: True check_circle
SVM
confidence: 95.80%
suspicious: True check_circle