× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68aef1145b4e208cf6600d2ccda0080d8ec7a7fe97354b92a7378b81975fbb63
File name: bash
Detection ratio: 36 / 56
Analysis date: 2018-10-18 16:28:40 UTC ( 3 days, 6 hours ago )
Antivirus Result Update
Ad-Aware Adware.Linux.Generic.2700 20181018
AhnLab-V3 Linux/Mech.492135 20181018
ALYac Spyware.Unix.Mech.A 20181018
Antiy-AVL HackTool[NetTool]/Unix.Mech.a 20181018
Arcabit Adware.Linux.Generic.DA8C 20181018
Avast ELF:Mechbot-B [Tool] 20181018
AVG ELF:Mechbot-B [Tool] 20181018
BitDefender Adware.Linux.Generic.2700 20181018
CAT-QuickHeal Linux.Sshscan.b120 20181018
ClamAV Unix.Malware.Agent-1396382 20181018
CMC Generic.Win32.dc7b9585c4!MD 20181018
Cyren ELF/Spyware.TAVV-8 20181018
DrWeb Tool.EnergyMech 20181018
Emsisoft Adware.Linux.Generic.2700 (B) 20181018
ESET-NOD32 Linux/Meche.B 20181018
F-Secure Adware.Linux.Generic 20181018
Fortinet Riskware/Mech 20181018
GData Adware.Linux.Generic.2700 20181018
Ikarus Trojan.Linux.Meche 20181018
Jiangmin RiskTool.Linux.a 20181018
Kaspersky not-a-virus:HEUR:RiskTool.Linux.MechBot.a 20181018
MAX malware (ai score=98) 20181018
McAfee OSX/Generic.ag 20181018
McAfee-GW-Edition OSX/Generic.ag 20181018
Microsoft Trojan:Win32/Bitrep.B 20181018
eScan Adware.Linux.Generic.2700 20181018
NANO-Antivirus Riskware.Elf32.EnergyMech.ebdnwp 20181018
Qihoo-360 Win32/Trojan.Spy.356 20181018
Sophos AV Mal/Nix-A 20181018
Symantec Backdoor.IRC.Bot 20181018
TrendMicro ELF_EMECH.A 20181018
TrendMicro-HouseCall ELF_EMECH.A 20181018
VIPRE HackTool.Linux.Xhide.e (v) 20181018
ViRobot Linux.S.Agent.492135 20181018
Zillya Downloader.OpenConnection.JS.397 20181018
ZoneAlarm by Check Point not-a-virus:HEUR:RiskTool.Linux.MechBot.a 20181018
AegisLab 20181018
Alibaba 20180921
Avast-Mobile 20181018
Avira (no cloud) 20181018
Babable 20180918
Baidu 20181018
Bkav 20181018
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20181018
eGambit 20181018
Endgame 20180730
F-Prot 20181018
Sophos ML 20180717
K7AntiVirus 20181018
K7GW 20181018
Kingsoft 20181018
Malwarebytes 20181018
Palo Alto Networks (Known Signatures) 20181018
Panda 20181018
Rising 20181018
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181018
Tencent 20181018
TheHacker 20181015
Trustlook 20181018
VBA32 20181018
Webroot 20181018
Yandex 20181017
Zoner 20181017
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 6
Section headers 27
ELF sections
ELF Segments
Segment without sections
.interp
.interp
.note.ABI-tag
.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rel.dyn
.rel.plt
.init
.plt
.text
.fini
.rodata
.data
.eh_frame
.dynamic
.ctors
.dtors
.got
.bss
.dynamic
.note.ABI-tag
Shared libraries
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

Compressed bundles
File identification
MD5 dc7b9585c47ab44830dc84a11e0272fe
SHA1 7d0f6ecfb4985ec8ef003ab1e8bdf0aae5ffbc75
SHA256 68aef1145b4e208cf6600d2ccda0080d8ec7a7fe97354b92a7378b81975fbb63
ssdeep
6144:Ymw9XywzvzMPz5obmvlJ9RS3Il4js9QneROyYJ0YnTBwLaTubM1DCmPGMhAj6JQ:Ym+XrvUbW4UHTBwLPQ5CNMhRJQ

File size 480.6 KB ( 492135 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2007-04-13 07:13:19 UTC ( 11 years, 6 months ago )
Last submission 2018-08-01 11:20:32 UTC ( 2 months, 3 weeks ago )
File names bash
sshd
3155.vir
dc7b9585c47ab44830dc84a11e0272fe.vir
crond
dc7b9585c47ab44830dc84a11e0272fe.apk
dc7b9585c47ab44830dc84a11e0272fe
pop3-mail
pine
imap
init
pp3-login
vt-upload-0GOhT
[pdflush]
bash.filepart
[kblockd]
VirusShare_9ffbe3d3dfbbad5f7aa7c406ebde3790
crond
bash
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!