× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 682e7668b3e9314681b1b70ac3c4d2a5a890fc966c59d9d36851acee61398438
File name: VirusShare_3f5c73745f7c17702bac0642a85d7d80
Detection ratio: 39 / 59
Analysis date: 2018-10-09 11:44:43 UTC ( 1 week, 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.Linux.Generic.1503 20181009
AegisLab Trojan.Linux.Mayday.m!c 20181009
AhnLab-V3 Linux/Ddosagent.1524643 20181009
ALYac Backdoor.Linux.Mayday 20181009
Antiy-AVL Trojan[Backdoor]/Linux.Mayday.f 20181009
Arcabit Trojan.Linux.Generic.D5DF 20181009
Avast ELF:Elknot-BY [Trj] 20181009
AVG ELF:Elknot-BY [Trj] 20181009
BitDefender Trojan.Linux.Generic.1503 20181009
CAT-QuickHeal Linux/Elknot.Q825 20181008
ClamAV Unix.Malware.Agent-1420068 20181009
Cyren ELF/Trojan.RORP-6 20181009
DrWeb Linux.DDoS.11 20181009
Emsisoft Trojan.Linux.Generic.1503 (B) 20181009
ESET-NOD32 Linux/Elknot.B 20181009
F-Secure Trojan.Linux.Generic.1503 20181009
Fortinet ELF/DDOS.BA!tr.bdr 20181009
GData Trojan.Linux.Generic.1503 20181009
Ikarus DoS.Linux.Elknot 20181009
Jiangmin Backdoor/Linux.hw 20181009
K7AntiVirus Trojan ( 0001140e1 ) 20181009
K7GW Trojan ( 0001140e1 ) 20181009
Kaspersky Backdoor.Linux.Mayday.f 20181009
MAX malware (ai score=100) 20181009
McAfee Linux/BackDoor 20181009
McAfee-GW-Edition Linux/BackDoor 20181009
Microsoft DoS:Linux/Elknot!rfn 20181009
eScan Trojan.Linux.Generic.1503 20181009
NANO-Antivirus Trojan.Elf32.DDoS.dnckxa 20181009
Qihoo-360 Win32/Trojan.9e3 20181009
Sophos AV Linux/DDoS-AZ 20181009
Symantec Linux.Chikdos.B 20181009
Tencent Trojan.Linux.Mayday.a 20181009
TotalDefense Linux/Mayday.A 20181009
TrendMicro ELF_ELKNOT.TNI 20181009
TrendMicro-HouseCall ELF_ELKNOT.TNI 20181009
VBA32 Trojan.Linux.DDoSer 20181009
Zillya Downloader.OpenConnection.JS.93127 20181008
ZoneAlarm by Check Point Backdoor.Linux.Mayday.f 20181009
Alibaba 20180921
Avast-Mobile 20181008
Avira (no cloud) 20181009
AVware 20180925
Babable 20180918
Baidu 20181009
Bkav 20181009
CMC 20181009
Comodo 20181009
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181009
eGambit 20181009
Endgame 20180730
F-Prot 20181009
Sophos ML 20180717
Kingsoft 20181009
Malwarebytes 20181009
Palo Alto Networks (Known Signatures) 20181009
Panda 20181008
Rising 20181009
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181009
TheHacker 20181008
Trustlook 20181009
VIPRE 20181009
ViRobot 20181008
Webroot 20181009
Yandex 20181008
Zoner 20181008
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 28
ELF sections
ELF Segments
.note.ABI-tag
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

File identification
MD5 3f5c73745f7c17702bac0642a85d7d80
SHA1 34261024f4dfa63a16055230a325e8767cfef253
SHA256 682e7668b3e9314681b1b70ac3c4d2a5a890fc966c59d9d36851acee61398438
ssdeep
24576:hNJp/2SkgT4KUAopmhDO2Aan9XgnU6tZAf4Nzbm6g+qF2SdYOrhGh+bL+cH8y6LL:hNvOx/Vp/2bn9XgnNtmf28rhCbccIwhL

File size 1.5 MB ( 1524643 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2014-02-03 14:32:34 UTC ( 4 years, 8 months ago )
Last submission 2018-10-09 11:44:43 UTC ( 1 week, 6 days ago )
File names skysapd
cMxQ.sys
file-7133502_
download.1397410960
aa
3f5c73745f7c17702bac0642a85d7d80
nr2vj_o4q.kwu
dsfrefr
dsfrefr.decomp
codex-gigas_6739ca4a835c7976089e2f00150f252b
_fUG31ex.html
skysapdd
download.1398165465
20140505171624_http___122_224_34_75_8188_dsfrefr
VirusShare_3f5c73745f7c17702bac0642a85d7d80
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!