× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b651b98e02154593bd307a1c8ed25e4f71f39dbe8a22b649c4b42a0508086ff
File name: libworker.so.Mayhem.mmd
Detection ratio: 11 / 54
Analysis date: 2014-11-12 07:07:48 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Avast ELF:Effusion-I [Trj] 20141112
ClamAV Unix.Trojan.Roopre 20141112
Comodo UnclassifiedMalware 20141112
DrWeb Linux.Roopre.38 20141112
ESET-NOD32 a variant of Linux/Roopre.A 20141112
GData Linux.Trojan.Agent.WWCU4D 20141112
K7AntiVirus Trojan ( 0001140e1 ) 20141111
K7GW Trojan ( 0001140e1 ) 20141112
Qihoo-360 Trojan.Generic 20141112
Sophos AV ELF/Roopre-B 20141112
TrendMicro-HouseCall Suspicious_GEN.F47V1111 20141112
Ad-Aware 20141112
AegisLab 20141112
Yandex 20141111
AhnLab-V3 20141111
Antiy-AVL 20141112
AVG 20141112
Avira (no cloud) 20141112
AVware 20141112
Baidu-International 20141107
BitDefender 20141112
Bkav 20141112
ByteHero 20141112
CAT-QuickHeal 20141112
CMC 20141110
Cyren 20141112
Emsisoft 20141112
F-Prot 20141111
F-Secure 20141112
Fortinet 20141112
Ikarus 20141112
Jiangmin 20141111
Kaspersky 20141112
Kingsoft 20141112
Malwarebytes 20141112
McAfee 20141112
McAfee-GW-Edition 20141112
Microsoft 20141112
eScan 20141112
NANO-Antivirus 20141112
Norman 20141111
nProtect 20141111
Panda 20141110
Rising 20141111
SUPERAntiSpyware 20141112
Symantec 20141112
Tencent 20141112
TheHacker 20141111
TotalDefense 20141111
VBA32 20141111
VIPRE 20141112
ViRobot 20141112
Zillya 20141111
Zoner 20141110
The file being studied is an ELF! More specifically, it is a DYN (Shared object file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type DYN (Shared object file)
Required architecture Intel 80386
Object file version 0x1
Program headers 3
Section headers 16
ELF Segments
Segment without sections
Segment without sections
Segment without sections
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF shared library

FileTypeExtension
so

ObjectFileType
Shared object file

CPUType
i386

File identification
MD5 568f75d19725d15a1551f2710f2f4682
SHA1 800e09a64b65d102cbc9de6a65d0d2c55afa949b
SHA256 9b651b98e02154593bd307a1c8ed25e4f71f39dbe8a22b649c4b42a0508086ff
ssdeep
384:ay/ggTjNltvtPtuddhNKZmppb0V0uZn3w8HD:5fTRlJtPYhsSpb0VJFHD

File size 14.2 KB ( 14539 bytes )
File type ELF
Magic literal
ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf shared-lib

VirusTotal metadata
First submission 2014-11-04 01:57:19 UTC ( 4 years, 6 months ago )
Last submission 2016-02-05 10:13:41 UTC ( 3 years, 3 months ago )
File names libworker.so.Mayhem.mmd
libworker.so.jpg
libworker.so
800e09a64b65d102cbc9de6a65d0d2c55afa949b_libworker.so
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!