× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b794ce9e7291fe822b0e1f1804bd5a9a2efc304a1e2870699c60ef5083c7bac2
File name: 26996f3bea1bf54c5651837fe3c38565c15e0e91_formgrabber
Detection ratio: 30 / 54
Analysis date: 2016-10-24 19:40:32 UTC ( 5 months ago )
Antivirus Result Update
Ad-Aware Linux.CornelGEN.950 20161024
ALYac Linux.CornelGEN.950 20161024
Arcabit Linux.CornelGEN.950 20161024
Avast ELF:Hanthie-D [Trj] 20161024
AVG Generic9_c.ADEW 20161024
Avira (no cloud) UNIX/Hanthie.B 20161024
AVware Trojan.ELF.HandofThief.a (v) 20161024
BitDefender Linux.CornelGEN.950 20161024
CAT-QuickHeal Linux.Hanthie.A25 20161024
ClamAV Unix.Trojan.Hanthie-5 20161024
Comodo UnclassifiedMalware 20161024
DrWeb Linux.Hanthie.1 20161024
Emsisoft Backdoor.Linux.Hanthie (A) 20161024
ESET-NOD32 Linux/Hanthie.C 20161024
F-Secure Linux.CornelGEN.950 20161024
GData Linux.CornelGEN.950 20161024
Ikarus Backdoor.Linux.Hanthie 20161024
Kaspersky Backdoor.Linux.Hanthie.c 20161024
Microsoft Trojan:Linux/Hanthie.A 20161024
eScan Linux.CornelGEN.950 20161024
NANO-Antivirus Trojan.Unix.Hanthie.drxblf 20161024
Qihoo-360 Trojan.Generic 20161024
Sophos Mal/Generic-S 20161024
Symantec Linux.Handofthief 20161024
Tencent Linux.Backdoor.Hanthie.Lnef 20161024
TrendMicro UNIX_HANTHIE.B 20161024
TrendMicro-HouseCall UNIX_HANTHIE.B 20161024
VBA32 Backdoor.Linux.Hanthie.a 20161024
VIPRE Trojan.ELF.HandofThief.a (v) 20161024
Zillya Trojan.Hanthie.Linux.3 20161024
AegisLab 20161024
AhnLab-V3 20161024
Alibaba 20161024
Antiy-AVL 20161024
Baidu 20161024
Bkav 20161024
CMC 20161024
CrowdStrike Falcon (ML) 20160725
Cyren 20161024
F-Prot 20161024
Fortinet 20161024
Invincea 20161018
Jiangmin 20161024
K7AntiVirus 20161024
K7GW 20161024
Kingsoft 20161024
Malwarebytes 20161024
McAfee 20161024
McAfee-GW-Edition 20161024
nProtect 20161024
Panda 20161024
Rising 20161024
SUPERAntiSpyware 20161024
TheHacker 20161022
ViRobot 20161024
Yandex 20161024
Zoner 20161024
The file being studied is an ELF! More specifically, it is a DYN (Shared object file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type DYN (Shared object file)
Required architecture Intel 80386
Object file version 0x1
Program headers 4
Section headers 15
ELF sections
ELF Segments
.hash
.dynsym
.dynstr
.rel.dyn
.rel.plt
.plt
.text
.rodata
.eh_frame
.dynamic
.got
.got.plt
.bss
.dynamic
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF shared library

FileTypeExtension
so

ObjectFileType
Shared object file

CPUType
i386

Compressed bundles
File identification
MD5 ac39482b476c9f84c3437c22f760e009
SHA1 26996f3bea1bf54c5651837fe3c38565c15e0e91
SHA256 b794ce9e7291fe822b0e1f1804bd5a9a2efc304a1e2870699c60ef5083c7bac2
ssdeep
768:C/EB0yLzfTRlHCc5KxkUkyke10O1PlFn4CBBAY/U9nJmEaCxNs4+k8k3/kSkUKDE:CcrftX5KNdj4CmBJmEv+Dfil

File size 41.3 KB ( 42320 bytes )
File type ELF
Magic literal
ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf shared-lib

VirusTotal metadata
First submission 2013-08-17 08:07:52 UTC ( 3 years, 7 months ago )
Last submission 2016-10-24 19:40:32 UTC ( 5 months ago )
File names 26996f3bea1bf54c5651837fe3c38565c15e0e91
b794ce9e7291fe822b0e1f1804bd5a9a2efc304a1e2870699c60ef5083c7bac2
13.txt
Hanthie (4)
26996f3bea1bf54c5651837fe3c38565c15e0e91_formgrabber
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!