× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60cf05e05231cac5a0f0361f7626785db475f6b8f33bd8c3aaf948c0e1118ad3
File name: nhgbhhj
Detection ratio: 11 / 53
Analysis date: 2014-09-17 08:47:07 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Avast ELF:Elknot-AS [Trj] 20140917
DrWeb Linux.BackDoor.Gates.9 20140917
Fortinet ELF/Ganiw.A!tr 20140917
GData Linux.Trojan.Agent.FXLT25 20140917
Ikarus Trojan.Linux.Agent 20140917
Kaspersky Backdoor.Linux.Ganiw.a 20140916
Qihoo-360 virus.elf.rootkit.f 20140917
Sophos AV Linux/DDoS-BD 20140917
Tencent Linux.Backdoor.Ganiw.Ecul 20140917
TrendMicro-HouseCall Suspicious_GEN.F47V0909 20140917
Zillya Downloader.OpenConnection.JS.102481 20140916
Ad-Aware 20140917
AegisLab 20140917
Yandex 20140916
AhnLab-V3 20140917
Antiy-AVL 20140917
AVG 20140917
Avira (no cloud) 20140917
AVware 20140917
Baidu-International 20140917
BitDefender 20140917
Bkav 20140916
ByteHero 20140917
CAT-QuickHeal 20140917
ClamAV 20140917
CMC 20140917
Comodo 20140917
Cyren 20140917
Emsisoft 20140917
ESET-NOD32 20140917
F-Prot 20140917
F-Secure 20140917
Jiangmin 20140916
K7AntiVirus 20140916
K7GW 20140916
Kingsoft 20140917
Malwarebytes 20140917
McAfee 20140917
McAfee-GW-Edition 20140916
Microsoft 20140917
eScan 20140917
NANO-Antivirus 20140917
Norman 20140917
nProtect 20140917
Panda 20140916
Rising 20140916
SUPERAntiSpyware 20140916
Symantec 20140917
TheHacker 20140915
TotalDefense 20140916
TrendMicro 20140917
VBA32 20140916
VIPRE 20140917
ViRobot 20140917
Zoner 20140916
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 3
Section headers 31
ELF sections
ELF Segments
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.note.ABI-tag
.data
.ctors
.dtors
.jcr
.got
.bss
__libc_freeres_ptrs
.note.ABI-tag
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

File identification
MD5 8a9b27ee8ff7475ef535217583e02d8f
SHA1 51fcbdf6a72f3e22b1c2e5bd8098c5fcb766371a
SHA256 60cf05e05231cac5a0f0361f7626785db475f6b8f33bd8c3aaf948c0e1118ad3
ssdeep
49152:2nilOolLbt1laIunbZsehk6S55555555555555555555555555555555555k55w1:yeOolLbt1laIunlsehWNtYi7COEm

File size 1.5 MB ( 1599477 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2014-09-02 18:12:34 UTC ( 4 years, 6 months ago )
Last submission 2018-10-08 05:00:15 UTC ( 5 months, 1 week ago )
File names 20150105020051__tmp_nhgbhhj
20150113030236__tmp_nhgbhhj
20141228192924__tmp_nhgbhhj
60cf05e05231cac5a0f0361f7626785db475f6b8f33bd8c3aaf948c0e1118ad3
vti-rescan
20150103015611__tmp_nhgbhhj
20150105014617__tmp_nhgbhhj
20150102022253__tmp_nhgbhhj
ps
20150104014039__tmp_nhgbhhj
20150102023910__tmp_nhgbhhj
elf
nhgbhhj.BillGates.mmd
20160808065957_http___116_31_116_41_cfd
20150103021943__tmp_nhgbhhj
3
20160808215530_http___116_31_116_41_elf_x86
test
8a9b27ee8ff7475ef535217583e02d8f
20141229012113__tmp_nhgbhhj
.sshd
20141231021500__tmp_nhgbhhj
netstat
20150106013352__tmp_nhgbhhj
getty
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!