× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e5dcfbc9d8368470bd846b6f1cf4faed9aff64ff2fdf8aa023425cb6ac5d535
File name: xxz.rar.ELF.KillFile.x32.mmd
Detection ratio: 9 / 55
Analysis date: 2015-07-17 08:08:56 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Avast ELF:Iptablesx-H [Drp] 20150717
AVG Linux/DDoS.Iptablex 20150717
ESET-NOD32 a variant of Linux/Slexec.A 20150717
Fortinet PossibleThreat.P0 20150717
GData Linux.Trojan.Agent.32VZGL 20150717
Ikarus Trojan.Linux.Slexec 20150717
Kaspersky Backdoor.Linux.Slexec.b 20150717
Qihoo-360 Trojan.Generic 20150717
Tencent Linux.Backdoor.Slexec.Aket 20150717
Ad-Aware 20150717
AegisLab 20150717
Yandex 20150717
AhnLab-V3 20150716
Alibaba 20150717
ALYac 20150717
Antiy-AVL 20150717
Arcabit 20150717
Avira (no cloud) 20150715
AVware 20150717
Baidu-International 20150715
BitDefender 20150717
Bkav 20150716
ByteHero 20150717
CAT-QuickHeal 20150717
ClamAV 20150716
Comodo 20150717
Cyren 20150717
DrWeb 20150717
Emsisoft 20150717
F-Prot 20150717
F-Secure 20150716
Jiangmin 20150716
K7AntiVirus 20150717
K7GW 20150717
Kingsoft 20150717
Malwarebytes 20150717
McAfee 20150717
McAfee-GW-Edition 20150716
Microsoft 20150717
eScan 20150717
NANO-Antivirus 20150717
nProtect 20150715
Panda 20150715
Rising 20150713
Sophos AV 20150717
SUPERAntiSpyware 20150717
Symantec 20150717
TheHacker 20150713
TrendMicro 20150717
TrendMicro-HouseCall 20150717
VBA32 20150715
VIPRE 20150717
ViRobot 20150717
Zillya 20150717
Zoner 20150717
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 4
Section headers 25
ELF sections
ELF Segments
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_atexit
__libc_subfreeres
__libc_thread_subfreeres
.eh_frame
.note.ABI-tag
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

File identification
MD5 e76378a6dd15a19f247faacc9f18a0bc
SHA1 d530c93730f2a056ebb8db28342270603c369fb5
SHA256 6e5dcfbc9d8368470bd846b6f1cf4faed9aff64ff2fdf8aa023425cb6ac5d535
ssdeep
12288:6hEuvarV/qnE4Y1v0CzuTgYTeGm8lQCv5LTeeelyqLoYswhKclvwqILRWn:6hUrV/AQv0ZgYiGRlQm5LTNelyHYswhr

File size 537.9 KB ( 550797 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2015-07-13 21:14:49 UTC ( 3 years, 8 months ago )
Last submission 2015-07-27 20:35:17 UTC ( 3 years, 7 months ago )
File names E76378A6DD15A19F247FAACC9F18A0BC
xxz.rar.ELF.KillFile.x32.mmd
xxz
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!