× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79d5eeff094354e00d44f583ee3fe09533c90368e371dcd85eacb384c493bd96
File name: shellcode
Detection ratio: 1 / 56
Analysis date: 2017-04-19 18:44:37 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ikarus Trojan.Linux.Shellcode 20170419
Ad-Aware 20170419
AegisLab 20170419
AhnLab-V3 20170419
Alibaba 20170419
ALYac 20170419
Antiy-AVL 20170419
Arcabit 20170419
Avast 20170419
AVG 20170419
Avira (no cloud) 20170419
AVware 20170419
Baidu 20170419
BitDefender 20170419
Bkav 20170419
CAT-QuickHeal 20170419
ClamAV 20170419
CMC 20170419
Comodo 20170419
CrowdStrike Falcon (ML) 20170130
Cyren 20170419
DrWeb 20170419
Emsisoft 20170419
Endgame 20170419
ESET-NOD32 20170419
F-Prot 20170419
F-Secure 20170419
Fortinet 20170419
GData 20170419
Sophos ML 20170413
Jiangmin 20170419
K7AntiVirus 20170419
K7GW 20170419
Kaspersky 20170419
Kingsoft 20170419
Malwarebytes 20170419
McAfee 20170419
McAfee-GW-Edition 20170419
Microsoft 20170419
eScan 20170419
NANO-Antivirus 20170419
nProtect 20170419
Palo Alto Networks (Known Signatures) 20170419
Panda 20170419
Qihoo-360 20170419
Rising 20170419
SentinelOne (Static ML) 20170330
Sophos AV 20170419
SUPERAntiSpyware 20170419
Symantec 20170419
Symantec Mobile Insight 20170414
Tencent 20170419
TheHacker 20170419
TrendMicro 20170419
TrendMicro-HouseCall 20170419
Trustlook 20170419
VBA32 20170419
VIPRE 20170419
ViRobot 20170419
Webroot 20170419
WhiteArmor 20170409
Yandex 20170419
Zillya 20170418
ZoneAlarm by Check Point 20170419
Zoner 20170419
The file being studied is an ELF! More specifically, it is a DYN (Shared object file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type DYN (Shared object file)
Required architecture Intel 80386
Object file version 0x1
Program headers 9
Section headers 36
ELF sections
ELF Segments
Segment without sections
.interp
.interp
.note.ABI-tag
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rel.dyn
.rel.plt
.init
.plt
.plt.got
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.jcr
.dynamic
.got
.got.plt
.data
.bss
.dynamic
.note.ABI-tag
.note.gnu.build-id
.eh_frame_hdr
Segment without sections
.init_array
.fini_array
.jcr
.dynamic
.got
Shared libraries
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF shared library

FileTypeExtension
so

ObjectFileType
Shared object file

CPUType
i386

File identification
MD5 ba623c50f66fabcbfcd6ad83cb5851ca
SHA1 d964130ab7f16f32d4c35f80c279cc5f083ec2ed
SHA256 79d5eeff094354e00d44f583ee3fe09533c90368e371dcd85eacb384c493bd96
ssdeep
192:F66oWsBoO0PYz19DEzXdx00cfAoj7DsA:gKP6DmWJ

File size 8.3 KB ( 8540 bytes )
File type ELF
Magic literal
ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf shared-lib

VirusTotal metadata
First submission 2017-04-19 18:44:37 UTC ( 1 year, 7 months ago )
Last submission 2018-02-09 18:47:07 UTC ( 10 months ago )
File names shellcode
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!