× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ac1f917913389eae0b88f1256bf5121cce07e2c7945ca93984a1c33ea19b72c
File name: vti-rescan
Detection ratio: 22 / 56
Analysis date: 2015-04-22 14:52:12 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Linux.DDOS.Flood.C 20150422
Avast ELF:Elknot-AS [Trj] 20150422
AVG Linux/Backdoor 20150422
BitDefender Linux.DDOS.Flood.C 20150422
CAT-QuickHeal Linux.Ganiw.a 56e 20150422
ClamAV Unix.Trojan.Elknot 20150422
Comodo UnclassifiedMalware 20150422
DrWeb Linux.BackDoor.Gates.5 20150422
Emsisoft Linux.DDOS.Flood.C (B) 20150422
ESET-NOD32 Linux/Setag.B 20150422
F-Secure Linux.DDOS.Flood.C 20150422
GData Linux.DDOS.Flood.C 20150422
Ikarus Trojan.Linux.Agent 20150422
Kaspersky HEUR:Backdoor.Linux.Ganiw.a 20150422
Microsoft Backdoor:Linux/Setag.gen!A 20150422
eScan Linux.DDOS.Flood.C 20150422
NANO-Antivirus Trojan.Unix.Ganiw.dhpptz 20150422
nProtect Linux.DDOS.Flood.C 20150422
Qihoo-360 Trojan.Generic 20150422
Sophos AV Linux/DDoS-BD 20150422
Symantec Trojan.Chikdos.B!gen2 20150422
Tencent Linux.Backdoor.Ganiw.Edxb 20150422
AegisLab 20150422
Yandex 20150421
AhnLab-V3 20150422
Alibaba 20150422
Antiy-AVL 20150422
Avira (no cloud) 20150422
AVware 20150422
Baidu-International 20150421
Bkav 20150422
ByteHero 20150422
CMC 20150421
Cyren 20150422
F-Prot 20150422
Fortinet 20150422
Jiangmin 20150421
K7AntiVirus 20150422
K7GW 20150422
Kingsoft 20150422
Malwarebytes 20150422
McAfee 20150422
McAfee-GW-Edition 20150422
Norman 20150422
Panda 20150422
Rising 20150422
SUPERAntiSpyware 20150422
TheHacker 20150421
TotalDefense 20150422
TrendMicro 20150422
TrendMicro-HouseCall 20150422
VBA32 20150422
VIPRE 20150422
ViRobot 20150422
Zillya 20150422
Zoner 20150422
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 28
ELF sections
ELF Segments
.note.ABI-tag
.init
.text
__libc_thread_freeres_fn
__libc_freeres_fn
.fini
.rodata
__libc_atexit
__libc_subfreeres
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

File identification
MD5 f4b3e2cc6422f9a72b26f25f19adf00e
SHA1 15a6e65a8af34ceaf0be7565f45dd2792d257b81
SHA256 1ac1f917913389eae0b88f1256bf5121cce07e2c7945ca93984a1c33ea19b72c
ssdeep
24576:QblpCkBxondmFFheiGExNFbPdgyVMYOdDYiqLd1Fr3X6QDPAyUcB66i:M3CWx+UFFheHsdgyVMPdDwdzrH6QDPAx

File size 1.3 MB ( 1344645 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (generic) (100.0%)
Tags
elf

VirusTotal metadata
First submission 2014-05-21 00:35:36 UTC ( 5 years ago )
Last submission 2015-01-17 09:17:34 UTC ( 4 years, 4 months ago )
File names vti-rescan
15a6e65a8af34ceaf0be7565f45dd2792d257b81_bash_root.tmp3
.bash_root.tmp3
bash_root.tmp3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!