× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521
File name: a07.zip.ELF.ChinaZDdos
Detection ratio: 31 / 55
Analysis date: 2015-06-23 16:54:24 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BIXD 20150623
ALYac Trojan.Agent.BIXD 20150623
Arcabit Trojan.Agent.BIXD 20150623
Avast ELF:Xorddos-M [Trj] 20150623
AVG Linux/DDoS.XOR 20150623
Avira (no cloud) LINUX/Xorddos.F.2 20150623
BitDefender Trojan.Agent.BIXD 20150623
CAT-QuickHeal Linux.Xarcen.P6ac 20150623
ClamAV Unix.Trojan.DDoS_XOR-1 20150623
Cyren ELF/Trojan.WJJZ-5 20150623
DrWeb Linux.DDoS.60 20150623
Emsisoft Trojan.Linux.Ddos (A) 20150623
ESET-NOD32 a variant of Linux/Xorddos.F 20150623
F-Secure Trojan.Agent.BIXD 20150623
Fortinet ELF/DDoS.BH!tr 20150623
GData Trojan.Agent.BIXD 20150623
Ikarus Trojan.DDoS 20150623
Jiangmin TrojanDDoS.Linux.k 20150620
Kaspersky HEUR:Trojan-DDoS.Linux.Xarcen.a 20150623
Microsoft DoS:Linux/Xorddos.A 20150623
eScan Trojan.Agent.BIXD 20150623
NANO-Antivirus Trojan.Unix.Xarcen.dsqiab 20150623
nProtect Trojan.Agent.BIXD 20150623
Qihoo-360 Trojan.Generic 20150623
Rising NORMAL:Trojan.Linux.Xorddos.d!1616198 20150623
Sophos AV Linux/DDoS-BH 20150623
Tencent Linux.Trojan-ddos.Xarcen.Pjdm 20150623
TrendMicro ELF_XORDDOS.B 20150623
TrendMicro-HouseCall ELF_XORDDOS.B 20150623
ViRobot Linux.S.DDoS.625707.A[h] 20150623
Zillya Downloader.OpenConnection.JS.114052 20150623
AegisLab 20150623
Yandex 20150622
AhnLab-V3 20150623
Alibaba 20150623
Antiy-AVL 20150623
AVware 20150623
Baidu-International 20150623
Bkav 20150623
ByteHero 20150623
Comodo 20150623
F-Prot 20150622
K7AntiVirus 20150623
K7GW 20150623
Kingsoft 20150623
Malwarebytes 20150623
McAfee 20150623
McAfee-GW-Edition 20150623
Panda 20150623
SUPERAntiSpyware 20150623
Symantec 20150623
TheHacker 20150622
VBA32 20150622
VIPRE 20150623
Zoner 20150623
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 28
ELF sections
ELF Segments
.note.ABI-tag
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

Compressed bundles
File identification
MD5 bcb6b83a4e6e20ffe0ce3c750360ddf5
SHA1 d88755b78834e87418aa3cb3bfee5de5c378bd2f
SHA256 61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521
ssdeep
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiZx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhZfNiGQl/91h

File size 611.0 KB ( 625707 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2015-04-07 07:35:21 UTC ( 2 years, 5 months ago )
Last submission 2017-02-25 02:31:32 UTC ( 7 months ago )
File names 1nV7VqM64E.odt
libudev.so
a07.zip.ELF.XorDdos
a07.zip.ELF.ChinaZDdos
a07
tsXxuj.wsf
ahsnfueirm
a07.zip
VirusShare_bcb6b83a4e6e20ffe0ce3c750360ddf5
20150610092257_http___38_68_17_37_i_a07_zip
a07
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!