× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 68aef1145b4e208cf6600d2ccda0080d8ec7a7fe97354b92a7378b81975fbb63
Dateiname: bash.filepart
Erkennungsrate: 35 / 56
Analyse-Datum: 2016-08-22 16:51:15 UTC ( vor 6 Tage, 12 Stunden )
Antivirus Ergebnis Aktualisierung
ALYac Spyware.Unix.Mech.A 20160822
AVG Linux/Mech.A 20160822
AVware HackTool.Linux.Xhide.e (v) 20160822
Ad-Aware Spyware.Unix.Mech.A 20160822
AegisLab Risktool.Linux.Mechbot!c 20160822
AhnLab-V3 Linux/Mech.492135 20160822
Arcabit Spyware.Unix.Mech.A 20160822
Avast ELF:Mechbot-B [Tool] 20160822
Avira (no cloud) SPR/Unix.Mech.A 20160822
BitDefender Spyware.Unix.Mech.A 20160822
CAT-QuickHeal Linux.Sshscan.b120 20160822
CMC Generic.Win32.dc7b9585c4!MD 20160822
ClamAV Unix.Malware.Agent-1396382 20160822
Comodo UnclassifiedMalware 20160822
DrWeb Tool.EnergyMech 20160822
ESET-NOD32 Linux/Meche.B 20160822
Emsisoft Spyware.Unix.Mech.A (B) 20160822
F-Secure Spyware.Unix.Mech 20160822
Fortinet Riskware/Mech 20160822
GData Spyware.Unix.Mech.A 20160822
Ikarus Trojan.Linux.Meche 20160822
Jiangmin RiskTool.Linux.a 20160822
Kaspersky not-a-virus:HEUR:RiskTool.Linux.MechBot.a 20160822
McAfee OSX/Generic.ag 20160822
McAfee-GW-Edition OSX/Generic.ag 20160822
eScan Spyware.Unix.Mech.A 20160822
NANO-Antivirus Riskware.Unix.EnergyMech.ebdnwp 20160822
Qihoo-360 Win32/Trojan.Spy.356 20160822
Sophos Mal/Nix-A 20160822
Symantec Backdoor.IRC.Bot 20160822
TrendMicro ELF_EMECH.A 20160822
TrendMicro-HouseCall ELF_EMECH.A 20160822
VIPRE HackTool.Linux.Xhide.e (v) 20160822
ViRobot NetTool.Mech.492135[h] 20160822
Zillya Downloader.OpenConnection.JS.397 20160820
Alibaba 20160822
Antiy-AVL 20160822
Baidu 20160820
Bkav 20160822
Cyren 20160822
F-Prot 20160822
K7AntiVirus 20160822
K7GW 20160822
Kingsoft 20160822
Malwarebytes 20160822
Microsoft 20160822
Panda 20160822
Rising 20160822
SUPERAntiSpyware 20160822
Tencent 20160822
TheHacker 20160821
TotalDefense 20160822
VBA32 20160822
Yandex 20160821
Zoner 20160822
nProtect 20160822
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 6
Section headers 27
ELF sections
ELF Segments
Segment without sections
.interp
.interp
.note.ABI-tag
.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rel.dyn
.rel.plt
.init
.plt
.text
.fini
.rodata
.data
.eh_frame
.dynamic
.ctors
.dtors
.got
.bss
.dynamic
.note.ABI-tag
Shared libraries
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

Compressed bundles
File identification
MD5 dc7b9585c47ab44830dc84a11e0272fe
SHA1 7d0f6ecfb4985ec8ef003ab1e8bdf0aae5ffbc75
SHA256 68aef1145b4e208cf6600d2ccda0080d8ec7a7fe97354b92a7378b81975fbb63
ssdeep
6144:Ymw9XywzvzMPz5obmvlJ9RS3Il4js9QneROyYJ0YnTBwLaTubM1DCmPGMhAj6JQ:Ym+XrvUbW4UHTBwLPQ5CNMhRJQ

File size 480.6 KB ( 492135 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2007-04-13 07:13:19 UTC ( vor 9 Jahre, 4 Monate )
Last submission 2016-06-06 02:24:41 UTC ( vor 2 Monate, 3 Wochen )
Dateinamen bash
3155.vir
dc7b9585c47ab44830dc84a11e0272fe.vir
crond
dc7b9585c47ab44830dc84a11e0272fe.apk
dc7b9585c47ab44830dc84a11e0272fe
pop3-mail
pine
imap
init
vt-upload-0GOhT
bash.filepart
[pdflush]
pp3-login
crond
bash
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!