× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f3fcfdbb211d79d18c386afa973f1182977120a1c61f774105fa9326c4192ce
File name: 612e4e0e7f5cc422b31a7d40f0a82c68581336e0_xx64
Detection ratio: 35 / 58
Analysis date: 2017-08-16 11:05:05 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware Linux.Mayday.C 20170816
AegisLab Backdoor.Linux.Mayday!c 20170816
AhnLab-V3 Linux/Elknot.1639424 20170816
ALYac Linux.Mayday.C 20170816
Antiy-AVL Trojan[Backdoor]/Linux.Mayday.h 20170816
Arcabit Linux.Mayday.C 20170816
Avast ELF:Elknot-F [Trj] 20170816
AVG ELF:Elknot-F [Trj] 20170816
BitDefender Linux.Mayday.C 20170816
CAT-QuickHeal Linux.Elknot.E61 20170816
Comodo UnclassifiedMalware 20170816
DrWeb Linux.DDoS.1 20170816
Emsisoft Linux.Mayday.C (B) 20170816
ESET-NOD32 Linux/Agent.W 20170816
F-Secure Linux.Mayday.C 20170816
GData Linux.Mayday.C 20170816
Ikarus DoS.Linux.Elknot 20170816
Jiangmin Backdoor/Linux.nx 20170816
K7AntiVirus Trojan ( 0001140e1 ) 20170816
K7GW Trojan ( 0001140e1 ) 20170816
Kaspersky HEUR:Backdoor.Linux.Mayday.h 20170816
MAX malware (ai score=86) 20170816
McAfee Linux/Generic.c 20170816
McAfee-GW-Edition Linux/Generic.c 20170816
Microsoft DoS:Linux/Elknot.E 20170815
eScan Linux.Mayday.C 20170816
NANO-Antivirus Trojan.Mayday.dxkepr 20170816
Qihoo-360 Win32/Trojan.ad0 20170816
Sophos AV Linux/DDoS-AZ 20170816
Symantec Linux.Chikdos.B!gen1 20170816
Tencent Linux.Backdoor.Mayday.B 20170816
TrendMicro ELF_ELKNOT.SMC 20170816
TrendMicro-HouseCall ELF_ELKNOT.SMC 20170816
Zillya Downloader.OpenConnection.JS.104102 20170816
ZoneAlarm by Check Point HEUR:Backdoor.Linux.Mayday.h 20170816
Alibaba 20170816
Avira (no cloud) 20170816
AVware 20170816
Baidu 20170816
Bkav 20170816
ClamAV 20170816
CMC 20170816
CrowdStrike Falcon (ML) 20170804
Cylance 20170816
Cyren 20170816
Endgame 20170721
F-Prot 20170816
Fortinet 20170816
Sophos ML 20170607
Kingsoft 20170816
Malwarebytes 20170816
nProtect 20170816
Palo Alto Networks (Known Signatures) 20170816
Panda 20170816
Rising 20170816
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170816
Symantec Mobile Insight 20170815
TheHacker 20170816
Trustlook 20170816
VBA32 20170816
VIPRE 20170816
ViRobot 20170816
Webroot 20170816
WhiteArmor 20170815
Yandex 20170815
Zoner 20170816
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Advanced Micro Devices X86-64 machines.
ELF Header
Class ELF64
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Advanced Micro Devices X86-64
Object file version 0x1
Program headers 6
Section headers 35
ELF sections
ELF Segments
.note.ABI-tag
.note.SuSE
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
.note.SuSE
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
64 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
AMD x86-64

Compressed bundles
File identification
MD5 0001981ceda7a9819c05e60bc288b708
SHA1 612e4e0e7f5cc422b31a7d40f0a82c68581336e0
SHA256 3f3fcfdbb211d79d18c386afa973f1182977120a1c61f774105fa9326c4192ce
ssdeep
24576:yiMKBKBk9eFfKNGElj9bHOCKrFpyhudJeH4DYPgqstch5VZXLld5:yiMKdNGElJOp5bJeYDYPgLUxd5

File size 1.6 MB ( 1639424 bytes )
File type ELF
Magic literal
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, for GNU/Linux 2.6.4, not stripped

TrID ELF Executable and Linkable format (generic) (100.0%)
Tags
64bits elf via-tor

VirusTotal metadata
First submission 2014-05-11 16:41:29 UTC ( 4 years, 6 months ago )
Last submission 2017-08-16 11:05:05 UTC ( 1 year, 2 months ago )
File names xx64
612e4e0e7f5cc422b31a7d40f0a82c68581336e0_xx64
20140511130124_http___222_76_210_140_81_xx64
vti-rescan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!