× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e24cb19a3cfdc88712f3511adfde242abff3c1915b34eeb19dd7cc72380df2
File name: 20131030113401_http___198_2_192_204_22_disknyp
Detection ratio: 35 / 59
Analysis date: 2018-04-15 10:01:48 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Linux.Mayday.B 20180415
AegisLab Backdoor.Linux.Mayday.f!c 20180415
AhnLab-V3 Linux/Agent.149E0D 20180414
ALYac Linux.Mayday.B 20180415
Antiy-AVL Trojan[Backdoor]/Linux.Mayday.f 20180415
Arcabit Linux.Mayday.B 20180415
Avast ELF:Elknot-BY [Trj] 20180415
AVG ELF:Elknot-BY [Trj] 20180415
Avira (no cloud) LINUX/Mayday.1351181.A 20180415
BitDefender Linux.Mayday.B 20180415
CAT-QuickHeal Linux.Elknot.E5f 20180414
ClamAV Unix.Malware.Agent-1409336 20180415
Comodo .UnclassifiedMalware 20180415
DrWeb Linux.DDoS.1 20180415
Emsisoft Linux.Mayday.B (B) 20180415
ESET-NOD32 Linux/Elknot.B 20180415
F-Secure Backdoor:Linux/DDoS.B 20180415
Fortinet ELF/DDoS.AZ!tr 20180415
GData Linux.Mayday.B 20180415
Jiangmin Backdoor/Linux.id 20180415
Kaspersky Backdoor.Linux.Mayday.f 20180415
MAX malware (ai score=98) 20180415
McAfee Linux/Mayday 20180415
McAfee-GW-Edition Linux/Mayday 20180414
Microsoft DoS:Linux/Elknot.E 20180415
eScan Linux.Mayday.B 20180415
NANO-Antivirus Trojan.Elf32.Mayday.ebdogu 20180415
Qihoo-360 Win32/Trojan.8cb 20180415
Sophos AV Linux/DDoS-AZ 20180415
Symantec Linux.Chikdos.B!gen1 20180414
Tencent Linux.Backdoor.Mayday.Sxnt 20180415
TrendMicro Possible_ELKNOT.SMA 20180415
TrendMicro-HouseCall Linux_ELKNOT.SMA 20180415
Zillya Trojan.Agent.Linux.3 20180413
ZoneAlarm by Check Point Backdoor.Linux.Mayday.f 20180415
Alibaba 20180413
Avast-Mobile 20180415
AVware 20180415
Baidu 20180413
Bkav 20180410
CMC 20180415
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180415
Cyren 20180415
eGambit 20180415
Endgame 20180403
F-Prot 20180415
Sophos ML 20180121
K7AntiVirus 20180415
K7GW 20180415
Kingsoft 20180415
Malwarebytes 20180415
nProtect 20180415
Palo Alto Networks (Known Signatures) 20180415
Panda 20180415
Rising 20180415
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180415
Symantec Mobile Insight 20180412
TheHacker 20180410
TotalDefense 20180413
Trustlook 20180415
VBA32 20180414
VIPRE 20180415
ViRobot 20180414
Webroot 20180415
WhiteArmor 20180408
Yandex 20180414
Zoner 20180414
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 27
ELF sections
ELF Segments
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.note.ABI-tag
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

Compressed bundles
File identification
MD5 c92129fc230bacd113530fee254fc2b6
SHA1 aadbc55f061ae6c407e5d55142589fd68047fe42
SHA256 60e24cb19a3cfdc88712f3511adfde242abff3c1915b34eeb19dd7cc72380df2
ssdeep
24576:fAg0g+3YAqKbwt6Mleiv8x7HBruOmjqD0rV8T5KWs2/wiLg6Yvz1VVbBHpusVmMS:og01IAqHtZleikDuOGqYrVy5Kd2/vJYw

File size 1.3 MB ( 1351181 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2013-10-30 01:09:39 UTC ( 4 years, 6 months ago )
Last submission 2018-03-04 05:22:14 UTC ( 2 months, 2 weeks ago )
File names 20131116163507_http___198_2_192_204_22_disknyp
20131030145534_http___198_2_192_204_22_disknyp
20131031080631_http___198_2_192_204_22_disknyp
VirusShare_c92129fc230bacd113530fee254fc2b6
16907870
20131116130541_http___198_2_192_204_22_disknyp
20131119181733_http___198_2_192_204_22_disknyp
20131030113401_http___198_2_192_204_22_disknyp
output.16907870.txt
vti-rescan
gpH1Pp.odt
20131104045744_http___198_2_192_204_22_disknyp
disknyp
20131108080910_http___198_2_192_204_22_disknyp
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!