× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8cf917f730b3432a1d238a44943f520142f52ac07494460aec3008a7e954dfbb
File name: VirusShare_9df1353dbf715d5c4f580549d520fc5a
Detection ratio: 19 / 55
Analysis date: 2014-09-15 14:29:05 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Linux/Backdoor.1135000 20140915
Avast ELF:Elknot-AS [Trj] 20140915
CAT-QuickHeal Linux.Ganiw.a50a 20140915
ClamAV Unix.Trojan.Elknot 20140915
Comodo UnclassifiedMalware 20140915
DrWeb Linux.BackDoor.Gates.6 20140915
ESET-NOD32 Linux/Agent.I.Gen 20140915
Fortinet ELF/GATES.BA!tr.bdr 20140915
GData Linux.Trojan.Agent.5F3OIN 20140915
Ikarus Trojan.Linux.Agent 20140915
Jiangmin Backdoor/Linux.kg 20140914
Kaspersky Backdoor.Linux.Ganiw.a 20140915
Norman Agent.BFMFV 20140915
Qihoo-360 Trojan.Generic 20140915
Sophos AV Linux/DDoS-BD 20140915
Symantec Trojan.Chikdos.B!gen2 20140915
Tencent Linux.Backdoor.Ganiw.Hzdh 20140915
TrendMicro-HouseCall Suspicious_GEN.F47V0716 20140915
Zillya Downloader.OpenConnection.JS.100251 20140915
Ad-Aware 20140915
AegisLab 20140915
Yandex 20140915
Antiy-AVL 20140915
AVG 20140915
Avira (no cloud) 20140915
AVware 20140915
Baidu-International 20140915
BitDefender 20140915
Bkav 20140915
ByteHero 20140915
CMC 20140915
Cyren 20140915
Emsisoft 20140915
F-Prot 20140915
F-Secure 20140915
K7AntiVirus 20140915
K7GW 20140915
Kingsoft 20140915
Malwarebytes 20140915
McAfee 20140915
McAfee-GW-Edition 20140915
Microsoft 20140915
eScan 20140915
NANO-Antivirus 20140915
nProtect 20140915
Panda 20140915
Rising 20140915
SUPERAntiSpyware 20140915
TheHacker 20140913
TotalDefense 20140915
TrendMicro 20140915
VBA32 20140915
VIPRE 20140915
ViRobot 20140915
Zoner 20140915
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 28
ELF sections
ELF Segments
.note.ABI-tag
.init
.text
__libc_thread_freeres_fn
__libc_freeres_fn
.fini
.rodata
__libc_atexit
__libc_subfreeres
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

Compressed bundles
File identification
MD5 9df1353dbf715d5c4f580549d520fc5a
SHA1 55df8257d85a8db943d20e6753b02e53b557b9e8
SHA256 8cf917f730b3432a1d238a44943f520142f52ac07494460aec3008a7e954dfbb
ssdeep
24576:4vRE7caCfKGPqVEDNLFxKsfaGI+gIGYuuCol7r:4vREKfPqVE5jKsfaGRHGVo7r

File size 1.1 MB ( 1135000 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2014-07-16 18:28:29 UTC ( 4 years, 8 months ago )
Last submission 2018-10-09 16:09:44 UTC ( 5 months, 2 weeks ago )
File names sshd
ikUC48qaZ.docm
jio
9df1353dbf715d5c4f580549d520fc5a
b26
n7rEKjaaJ.pps
sshpa
20141205180746_http___61_147_107_117_8089_sshd
55df8257d85a8db943d20e6753b02e53b557b9e8_kerne
VirusShare_9df1353dbf715d5c4f580549d520fc5a
sketchysshdonotrun
kerne
kerne
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!