× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0bb35dc4eebdf6572535a3e79220f7020b70c28795ffb7f951be33e8e08d0181
File name: grumfork-qt
Detection ratio: 0 / 56
Analysis date: 2017-04-16 03:49:07 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20170416
AegisLab 20170414
AhnLab-V3 20170415
Alibaba 20170415
ALYac 20170416
Antiy-AVL 20170416
Arcabit 20170416
Avast 20170416
AVG 20170416
Avira (no cloud) 20170415
AVware 20170410
Baidu 20170414
BitDefender 20170416
Bkav 20170415
CAT-QuickHeal 20170415
ClamAV 20170415
CMC 20170415
Comodo 20170416
CrowdStrike Falcon (ML) 20170130
Cyren 20170416
DrWeb 20170416
Emsisoft 20170416
Endgame 20170413
ESET-NOD32 20170415
F-Prot 20170416
F-Secure 20170416
Fortinet 20170416
GData 20170416
Ikarus 20170415
Sophos ML 20170413
Jiangmin 20170416
K7AntiVirus 20170416
K7GW 20170416
Kaspersky 20170416
Kingsoft 20170416
Malwarebytes 20170416
McAfee 20170416
McAfee-GW-Edition 20170416
Microsoft 20170416
eScan 20170416
NANO-Antivirus 20170416
nProtect 20170416
Palo Alto Networks (Known Signatures) 20170416
Panda 20170415
Qihoo-360 20170416
Rising 20170416
SentinelOne (Static ML) 20170330
Sophos AV 20170416
SUPERAntiSpyware 20170415
Symantec 20170415
Symantec Mobile Insight 20170414
Tencent 20170416
TheHacker 20170412
TrendMicro 20170416
TrendMicro-HouseCall 20170416
Trustlook 20170416
VBA32 20170414
VIPRE 20170416
ViRobot 20170416
Webroot 20170416
WhiteArmor 20170409
Yandex 20170414
Zillya 20170414
ZoneAlarm by Check Point 20170416
Zoner 20170416
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Advanced Micro Devices X86-64 machines.
ELF Header
Class ELF64
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - Linux
ABI version 0
Object file type EXEC (Executable file)
Required architecture Advanced Micro Devices X86-64
Object file version 0x1
Program headers 10
Section headers 33
ELF sections
ELF Segments
Segment without sections
.interp
.interp
.note.ABI-tag
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.init
.plt
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.gcc_except_table
.init_array
.fini_array
.jcr
.data.rel.ro
.dynamic
.got
.got.plt
.data
.bss
.dynamic
.note.ABI-tag
.note.gnu.build-id
Segment without sections
.eh_frame_hdr
Segment without sections
.init_array
.fini_array
.jcr
.data.rel.ro
.dynamic
.got
Shared libraries
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
64 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
AMD x86-64

File identification
MD5 5ba58543486a6acc80592eefd3c7d4fb
SHA1 63888c1304e59db96f1e952a6e90bd4c897c0d69
SHA256 0bb35dc4eebdf6572535a3e79220f7020b70c28795ffb7f951be33e8e08d0181
ssdeep
98304:QbBmQWnP7qrdKa5g60Redx8eGzz3i9cR9FHXeCXGvliEnYMzB0+nMaSRGraJE6:gWnT/yCXlQnzvYj

File size 10.5 MB ( 11043530 bytes )
File type ELF
Magic literal
ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
64bits elf

VirusTotal metadata
First submission 2017-04-16 03:49:07 UTC ( 2 years, 1 month ago )
Last submission 2017-04-16 03:49:07 UTC ( 2 years, 1 month ago )
File names grumfork-qt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!