× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a67b1a9783db88be41e72505681a4d3b3d1d761232ecdfabb199479e370bce40
File name: 81
Detection ratio: 28 / 59
Analysis date: 2019-01-05 12:51:56 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Linux.Gafgyt.4!c 20190105
AhnLab-V3 Linux/Gafgyt.Gen25 20190105
Avast ELF:DDoS-S [Trj] 20190105
Avast-Mobile ELF:DDoS-S [Trj] 20190104
AVG ELF:DDoS-S [Trj] 20190105
Avira (no cloud) LINUX/Gafgyt.opnd 20190104
ClamAV Unix.Trojan.Mirai-5607483-0 20190105
Comodo Malware@#101k0kn7mywio 20190105
Cyren ELF/Trojan.GKJK-0 20190105
DrWeb Linux.BackDoor.Fgt.1467 20190105
ESET-NOD32 a variant of Linux/Gafgyt.VE 20190105
Fortinet ELF/Gafgyt.WN!tr 20190105
GData Linux.Trojan-DDoS.Lightaidra.A 20190105
Ikarus Trojan.Linux.Gafgyt 20190104
Jiangmin Backdoor.Linux.ceyy 20190105
Kaspersky HEUR:Backdoor.Linux.Gafgyt.t 20190105
MAX malware (ai score=99) 20190105
McAfee Linux/Gafgyt.h 20190105
McAfee-GW-Edition Linux/Gafgyt.h 20190105
Microsoft Trojan:Win32/Ditertag.A 20190105
NANO-Antivirus Trojan.ElfArm32.Gafgyt.flpyak 20190105
Qihoo-360 Win32/Virus.1a4 20190105
Sophos AV Mal/Generic-S 20190105
Symantec Linux.Lightaidra 20190104
Tencent Backdoor.Linux.Gafgyt.tap 20190105
TrendMicro Possible_BASHLITE.SMLBO 20190105
TrendMicro-HouseCall Possible_BASHLITE.SMLBO 20190105
ZoneAlarm by Check Point HEUR:Backdoor.Linux.Gafgyt.t 20190105
Acronis 20181227
Ad-Aware 20190105
Alibaba 20180921
ALYac 20190105
Antiy-AVL 20190105
Arcabit 20190105
AVware 20180925
Babable 20180918
Baidu 20190104
BitDefender 20190105
Bkav 20190104
CAT-QuickHeal 20190104
CMC 20190104
CrowdStrike Falcon (ML) 20180202
Cybereason 20180308
Cylance 20190105
eGambit 20190105
Emsisoft 20190105
Endgame 20181108
F-Prot 20190105
F-Secure 20190105
Sophos ML 20181128
K7AntiVirus 20190105
K7GW 20190105
Kingsoft 20190105
Malwarebytes 20190105
eScan 20190105
Palo Alto Networks (Known Signatures) 20190105
Panda 20190105
Rising 20190105
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
TACHYON 20190105
TheHacker 20190104
TotalDefense 20190104
Trapmine 20190103
Trustlook 20190105
VBA32 20190104
VIPRE 20190105
ViRobot 20190105
Webroot 20190105
Yandex 20181229
Zillya 20190105
Zoner 20190105
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on ARM machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture ARM
Object file version 0x1
Program headers 4
Section headers 24
ELF sections
ELF Segments
.ARM.exidx
.init
.text
.fini
.rodata
.ARM.extab
.ARM.exidx
.eh_frame
.init_array
.fini_array
.jcr
.got
.data
.bss
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
Unknown (40)

File identification
MD5 1dc6d75006e89e2a885762795d375d5f
SHA1 4cd8eb5ffebd2318d8c25159c4f8548579db1b76
SHA256 a67b1a9783db88be41e72505681a4d3b3d1d761232ecdfabb199479e370bce40
ssdeep
3072:Ut2rNmSInTKhmJIVb1aIoOtZjqQGZHob6pi5hRO42NL6rC3myhQaSupgwJ:U+Vb1aIoOH0pi5hU425myhQaSWgwJ

File size 136.3 KB ( 139581 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, not stripped

TrID ELF Executable and Linkable format (generic) (100.0%)
Tags
elf

VirusTotal metadata
First submission 2018-12-30 13:17:01 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-07 04:33:40 UTC ( 1 month, 1 week ago )
File names 81
a67b1a9783db88be41e72505681a4d3b3d1d761232ecdfabb199479e370bce40
154
89
258
119
bunny.armv61
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!