× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e24cb19a3cfdc88712f3511adfde242abff3c1915b34eeb19dd7cc72380df2
File name: 20131116163507_http___198_2_192_204_22_disknyp
Detection ratio: 34 / 55
Analysis date: 2017-05-17 23:29:34 UTC ( 9 months, 1 week ago )
Antivirus Result Update
Ad-Aware Linux.Mayday.B 20170518
AegisLab Backdoor.Linux.Mayday.f!c 20170517
AhnLab-V3 Linux/Agent.149E0D 20170517
ALYac Linux.Mayday.B 20170518
Arcabit Linux.Mayday.B 20170518
Avast ELF:Elknot-AA [Trj] 20170517
AVG Linux/BackDoor_c.BW 20170517
Avira (no cloud) LINUX/Mayday.1351181.A 20170517
BitDefender Linux.Mayday.B 20170517
CAT-QuickHeal Linux.Elknot.E5f 20170517
ClamAV Unix.Malware.Agent-1409336 20170517
Comodo UnclassifiedMalware 20170517
DrWeb Linux.DDoS.1 20170517
Emsisoft Linux.Mayday.B (B) 20170517
ESET-NOD32 Linux/Elknot.B 20170517
F-Secure Backdoor:Linux/DDoS.B 20170517
Fortinet ELF/DDoS.AZ!tr 20170517
GData Linux.Mayday.B 20170517
Ikarus Backdoor.Linux.Mayday 20170517
Jiangmin Backdoor/Linux.id 20170517
Kaspersky Backdoor.Linux.Mayday.f 20170517
McAfee Linux/Mayday 20170517
McAfee-GW-Edition Linux/Mayday 20170517
Microsoft DoS:Linux/Elknot.E 20170517
eScan Linux.Mayday.B 20170517
NANO-Antivirus Trojan.Unix.Mayday.ebdogu 20170517
Qihoo-360 Win32/Trojan.8cb 20170518
Sophos AV Linux/DDoS-AZ 20170517
Symantec Linux.Chikdos.B!gen1 20170517
Tencent Linux.Backdoor.Mayday.Sxnt 20170518
TrendMicro Possible_ELKNOT.SMA 20170517
TrendMicro-HouseCall Linux_ELKNOT.SMA 20170517
Zillya Trojan.Agent.Linux.3 20170517
ZoneAlarm by Check Point Backdoor.Linux.Mayday.f 20170518
Alibaba 20170517
AVware 20170517
Baidu 20170503
CMC 20170517
CrowdStrike Falcon (ML) 20170130
Cyren 20170517
Endgame 20170515
F-Prot 20170517
Sophos ML 20170516
K7AntiVirus 20170517
K7GW 20170517
Kingsoft 20170518
Malwarebytes 20170517
nProtect 20170517
Palo Alto Networks (Known Signatures) 20170518
Panda 20170517
Rising 20170515
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170517
Symantec Mobile Insight 20170517
TheHacker 20170516
TotalDefense 20170517
Trustlook 20170518
VBA32 20170517
VIPRE 20170517
ViRobot 20170517
Webroot 20170518
WhiteArmor 20170517
Yandex 20170517
Zoner 20170517
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 27
ELF sections
ELF Segments
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.note.ABI-tag
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

Compressed bundles
File identification
MD5 c92129fc230bacd113530fee254fc2b6
SHA1 aadbc55f061ae6c407e5d55142589fd68047fe42
SHA256 60e24cb19a3cfdc88712f3511adfde242abff3c1915b34eeb19dd7cc72380df2
ssdeep
24576:fAg0g+3YAqKbwt6Mleiv8x7HBruOmjqD0rV8T5KWs2/wiLg6Yvz1VVbBHpusVmMS:og01IAqHtZleikDuOGqYrVy5Kd2/vJYw

File size 1.3 MB ( 1351181 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2013-10-30 01:09:39 UTC ( 4 years, 3 months ago )
Last submission 2017-03-08 06:12:21 UTC ( 11 months, 3 weeks ago )
File names 20131116163507_http___198_2_192_204_22_disknyp
20131030145534_http___198_2_192_204_22_disknyp
20131031080631_http___198_2_192_204_22_disknyp
VirusShare_c92129fc230bacd113530fee254fc2b6
16907870
20131116130541_http___198_2_192_204_22_disknyp
20131119181733_http___198_2_192_204_22_disknyp
20131030113401_http___198_2_192_204_22_disknyp
output.16907870.txt
vti-rescan
gpH1Pp.odt
20131104045744_http___198_2_192_204_22_disknyp
disknyp
20131108080910_http___198_2_192_204_22_disknyp
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!