Antivirus scan for 2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9 at 2019-01-07 23:04:00 UTC

Antivirus	Result	Update
Ad-Aware	Gen:Variant.Trojan.Linux.XorDDoS.2	20190107
AhnLab-V3	Linux/Xorddos.625867	20190107
ALYac	Gen:Variant.Trojan.Linux.XorDDoS.2	20190107
Antiy-AVL	Trojan[DDoS]/Linux.Xarcen.a	20190107
Avast	ELF:Xorddos-E [Trj]	20190107
Avast-Mobile	ELF:Xorddos-I [Trj]	20190107
AVG	ELF:Xorddos-E [Trj]	20190107
Avira (no cloud)	LINUX/Xorddos.cona	20190107
BitDefender	Gen:Variant.Trojan.Linux.XorDDoS.2	20190107
CAT-QuickHeal	TrojanXor.Linux.DDos.A	20190107
ClamAV	Unix.Trojan.DDoS_XOR-1	20190107
Comodo	Malware@#13tm1ukrdwdg0	20190107
Cyren	ELF/Trojan.GLXP-8	20190107
DrWeb	Linux.DDoS.Xor.4	20190107
Emsisoft	Gen:Variant.Trojan.Linux.XorDDoS.2 (B)	20190107
ESET-NOD32	a variant of Linux/Xorddos.C	20190107
F-Secure	Gen:Variant.Trojan.Linux.XorDDoS.2	20190107
Fortinet	ELF/DDoS.BH!tr	20190107
GData	Gen:Variant.Trojan.Linux.XorDDoS.2	20190107
Ikarus	Trojan.Linux.DDoS	20190107
Jiangmin	TrojanDDoS.Linux.ff	20190107
Kaspersky	HEUR:Trojan-DDoS.Linux.Xarcen.a	20190107
MAX	malware (ai score=100)	20190108
McAfee	Linux/DDoS-Xor.A	20190107
McAfee-GW-Edition	Linux/DDoS-Xor.A	20190107
Microsoft	DoS:Linux/Xorddos!rfn	20190107
eScan	Gen:Variant.Trojan.Linux.XorDDoS.2	20190107
NANO-Antivirus	Trojan.Elf32.Xarcen.eftmox	20190107
Panda	ELF/XorDDos.A	20190107
Qihoo-360	Win32/Trojan.DDoS.bbc	20190108
Rising	Trojan.DDoS-Xor/Linux!1.A3E4 (CLASSIC)	20190107
SentinelOne (Static ML)	static engine - malicious	20181223
Sophos AV	Linux/DDoS-BH	20190107
Symantec	Linux.Xorddos	20190107
Tencent	Trojan.Linux.XorDdos.a	20190108
TrendMicro	ELF_XORDDOS.SM	20190107
TrendMicro-HouseCall	ELF_XORDDOS.SM	20190107
Zillya	Trojan.Xorddos.Linux.34	20190105
ZoneAlarm by Check Point	HEUR:Trojan-DDoS.Linux.Xarcen.a	20190107
Acronis		20181227
AegisLab		20190107
Alibaba		20180921
Arcabit		20190107
Babable		20180918
Baidu		20190107
Bkav		20190107
CMC		20190107
CrowdStrike Falcon (ML)		20181022
Cybereason		20180225
Cylance		20190108
eGambit		20190108
Endgame		20181108
F-Prot		20190107
Sophos ML		20181128
K7AntiVirus		20190107
K7GW		20190107
Kingsoft		20190108
Malwarebytes		20190107
Palo Alto Networks (Known Signatures)		20190108
SUPERAntiSpyware		20190102
TACHYON		20190107
TheHacker		20190106
TotalDefense		20190107
Trapmine		20190103
Trustlook		20190108
VBA32		20190104
VIPRE		20190107
ViRobot		20190107
Webroot		20190108
Yandex		20181229
Zoner		20190107

The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.

ELF Header

Class ELF32

Data 2's complement, little endian

Header version 1 (current)

OS ABI UNIX - System V

ABI version 0

Object file type EXEC (Executable file)

Required architecture Intel 80386

Object file version 0x1

Program headers 5

Section headers 28

ELF sections

Name Type Address Offset Size Flags

NULL 0x00000000 0x00000000 0

.note.ABI-tag NOTE 0x080480d4 0x000000d4 32 A

.init PROGBITS 0x080480f4 0x000000f4 23 A, X

.text PROGBITS 0x08048110 0x00000110 432088 A, X

__libc_freeres_fn PROGBITS 0x080b18f0 0x000698f0 4111 A, X

__libc_thread_freeres_fn PROGBITS 0x080b2900 0x0006a900 475 A, X

.fini PROGBITS 0x080b2adc 0x0006aadc 28 A, X

.rodata PROGBITS 0x080b2b00 0x0006ab00 86976 A

__libc_subfreeres PROGBITS 0x080c7ec0 0x0007fec0 48 A

__libc_atexit PROGBITS 0x080c7ef0 0x0007fef0 4 A

ELF Segments

Imported symbols

_nl_current_LC_COLLATE_used (NOTYPE)

__pthread_cleanup_upto (NOTYPE)

_nl_current_LC_TELEPHONE (TLS)

__pthread_rwlock_init (NOTYPE)

_nl_current_LC_IDENTIFICATION_used (NOTYPE)

__pthread_rwlock_wrlock (NOTYPE)

_nl_current_LC_TELEPHONE_used (NOTYPE)

_nl_current_LC_PAPER (TLS)

_dl_rtld_map (NOTYPE)

_nl_current_LC_MEASUREMENT (TLS)

Exported symbols

__vsyslog_chk (FUNC)

_nl_C_LC_CTYPE (OBJECT)

__stack_chk_fail_local (FUNC)

longjmp (FUNC)

read_proc_data (FUNC)

set_sock_keep_alive (FUNC)

stpcpy (FUNC)

read_kill_cfg (FUNC)

_nl_C_LC_CTYPE_class_print (OBJECT)

tsearch (FUNC)

ExifTool file metadata

MIMEType

application/octet-stream

CPUByteOrder

Little endian

CPUArchitecture

32 bit

FileType

ELF executable

ObjectFileType

Executable file

CPUType

i386

Compressed bundles

This file was also submitted to VirusTotal in the following compressed file bundles.

1e1cf99cb4de11218d28daa93b4bbf6fb4b7f42b2949b06d1dd8edce29d16220

9c3ef76e0ee2ac05b7c67e9dbe2ef2fc534d180373623398f9ba5c22d606361e

f3674785b7404104f73e5ab0752637d1c676fb0b97e88723944e2d3f799f5d8c

File identification

MD5 3291432c0084225333ee57320404e655

SHA1 96a637393566a51222a87f3588b01e021faac651

SHA256 2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9

ssdeep

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr/T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN/BVEBl/91h

File size 611.2 KB ( 625867 bytes )

File type ELF

Magic literal

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped

TrID	ELF Executable and Linkable format (Linux) (50.1%) ELF Executable and Linkable format (generic) (49.8%)

VirusTotal metadata

First submission 2017-01-17 15:42:40 UTC ( 2 years, 1 month ago )

Last submission 2019-02-19 23:30:33 UTC ( 4 days, 2 hours ago )

File names

242
186
58
aa
46
output.107450717.txt
361
56
50
output.110344980.txt
output.107632111.txt
98
20170402063748_http___185_191_229_167_s443ls
241
tmpPLLt4F
228
tmp1ckwNd
317
101
96
97
135
3291432c0084225333ee57320404e655
3291432c0084225333ee57320404e655
131

SHA256:	2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9
File name:	119
Detection ratio:	39 / 59
Analysis date:	2019-01-07 23:04:00 UTC ( 1 month, 2 weeks ago ) View latest

Ciphered bundle

ELF Header

ELF sections

ELF Segments

Imported symbols

Exported symbols

ExifTool file metadata

Compressed bundles

File identification

VirusTotal metadata

Leave your comment...

Recover your password

Join VirusTotal Community

Sign in