× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2acf2bc72a2095a29bb4c02e3cd95d12e3b4f59d2e7391d9bcbba9f3142b40ae
File name: Hanthie
Detection ratio: 29 / 57
Analysis date: 2015-01-15 04:26:57 UTC ( 2 months, 1 week ago )
Antivirus Result Update
ALYac Linux.CornelGEN.36 20150115
AVG Generic9_c.ADES 20150114
AVware Trojan.ELF.HandofThief.a (v) 20150115
Ad-Aware Linux.CornelGEN.36 20150115
Avast ELF:Hanthie-A [Trj] 20150115
Avira UNIX/Hanthie.A 20150115
BitDefender Linux.CornelGEN.36 20150115
CAT-QuickHeal Linux.Hanthie.A22 20150114
ClamAV Unix.Trojan.Hanthie-4 20150115
Comodo UnclassifiedMalware 20150115
DrWeb Linux.Hanthie.1 20150115
ESET-NOD32 Linux/Hanthie.D 20150115
Emsisoft Backdoor.Linux.Hanthie (A) 20150115
F-Secure Linux.CornelGEN.36 20150115
GData Linux.CornelGEN.36 20150115
Ikarus Backdoor.Linux.Hanthie 20150115
Kaspersky Backdoor.Linux.Hanthie.e 20150115
MicroWorld-eScan Linux.CornelGEN.36 20150115
Microsoft Trojan:Linux/Hanthie.A 20150115
Qihoo-360 Trojan.Generic 20150115
Symantec Linux.Handofthief 20150115
Tencent Linux.Backdoor.Hanthie.Hoz 20150115
TrendMicro UNIX_HANTHIE.B 20150115
TrendMicro-HouseCall UNIX_HANTHIE.B 20150115
VBA32 Backdoor.Linux.Hanthie.a 20150113
VIPRE Trojan.ELF.HandofThief.a (v) 20150115
ViRobot Linux.A.Hanthie.59472[h] 20150115
Zillya Trojan.Hanthie.Linux.1 20150114
nProtect Linux.CornelGEN.36 20150115
AegisLab 20150115
Agnitum 20150114
AhnLab-V3 20150114
Alibaba 20150115
Antiy-AVL 20150115
Baidu-International 20150114
Bkav 20150114
ByteHero 20150115
CMC 20150113
Cyren 20150115
F-Prot 20150115
Fortinet 20150115
Jiangmin 20150114
K7AntiVirus 20150114
K7GW 20150114
Kingsoft 20150115
Malwarebytes 20150115
McAfee 20150115
McAfee-GW-Edition 20150115
NANO-Antivirus 20150115
Norman 20150114
Panda 20150114
Rising 20150114
SUPERAntiSpyware 20150115
Sophos 20150115
TheHacker 20150112
TotalDefense 20150114
Zoner 20150114
The file being studied is an ELF! More specifically, it is a DYN (Shared object file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type DYN (Shared object file)
Required architecture Intel 80386
Object file version 0x1
Program headers 4
Section headers 17
ELF sections
ELF Segments
.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rel.dyn
.rel.plt
.plt
.text
.rodata
.eh_frame
.dynamic
.got
.got.plt
.bss
.dynamic
Segment without sections
Shared libraries
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

FileAccessDate
2015:01:15 05:27:11+01:00

ObjectFileType
Shared object file

CPUType
i386

FileCreateDate
2015:01:15 05:27:11+01:00

Compressed bundles
File identification
MD5 06e148aa1a3aa276bd23fb5b774a227a
SHA1 ea11963aa03aa16ac156e4b84a6598bd02bbde14
SHA256 2acf2bc72a2095a29bb4c02e3cd95d12e3b4f59d2e7391d9bcbba9f3142b40ae
ssdeep
1536:n8GHtXhp9KcnlN2okJzwwLgIIHCQ/M7lfG3:nHH1hpDlN2okZLgHCQ/MRC

File size 58.1 KB ( 59472 bytes )
File type ELF
Magic literal
ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf shared-lib

VirusTotal metadata
First submission 2013-08-16 11:31:08 UTC ( 1 year, 7 months ago )
Last submission 2015-01-15 04:26:57 UTC ( 2 months, 1 week ago )
File names elf1
ea11963aa03aa16ac156e4b84a6598bd02bbde14
2acf2bc72a2095a29bb4c02e3cd95d12e3b4f59d2e7391d9bcbba9f3142b40ae
Hanthie
14.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!