× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bef8a9f5a79cf34f0859ced695064fe15b767c2a7784428f28ae8a4d5a2f9b4c
File name: 1122.32.ELF.IptableX.DDoS
Detection ratio: 15 / 55
Analysis date: 2015-07-01 05:08:19 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Linux/Flooder.646674 20150630
Avast ELF:Sotdas-A [Trj] 20150701
AVG Linux/Generic_c.PF 20150701
CAT-QuickHeal Linux.Ropys.P6b0 20150630
ClamAV Linux.Trojan.IptabLex 20150701
DrWeb Linux.Myk.5 20150701
ESET-NOD32 Linux/Agent.BM 20150630
Fortinet PossibleThreat.P0 20150701
GData Linux.Trojan.Agent.23WYYO 20150701
Ikarus Trojan.DDoS 20150701
Jiangmin TrojanDDoS.Linux.ax 20150630
Kaspersky HEUR:Trojan-DDoS.Linux.Sotdas.a 20150701
NANO-Antivirus Trojan.Unix.Sotdas.dsqiao 20150630
Qihoo-360 Trojan.Generic 20150701
Sophos AV Linux/Flood-JC 20150701
Ad-Aware 20150701
AegisLab 20150701
Yandex 20150630
Alibaba 20150630
ALYac 20150630
Antiy-AVL 20150701
Arcabit 20150630
Avira (no cloud) 20150630
AVware 20150701
Baidu-International 20150630
BitDefender 20150701
Bkav 20150630
ByteHero 20150701
Comodo 20150701
Cyren 20150701
Emsisoft 20150701
F-Prot 20150701
F-Secure 20150701
K7AntiVirus 20150630
K7GW 20150701
Kingsoft 20150701
Malwarebytes 20150701
McAfee 20150701
McAfee-GW-Edition 20150630
Microsoft 20150701
eScan 20150701
nProtect 20150630
Panda 20150630
Rising 20150630
SUPERAntiSpyware 20150701
Symantec 20150701
Tencent 20150701
TheHacker 20150701
TrendMicro 20150701
TrendMicro-HouseCall 20150701
VBA32 20150630
VIPRE 20150701
ViRobot 20150701
Zillya 20150630
Zoner 20150701
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 28
ELF sections
ELF Segments
.note.ABI-tag
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_atexit
__libc_subfreeres
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

File identification
MD5 58eefd9183ac89a1b99dda02e0ab4092
SHA1 24b80a366dda4170b96e4a8c7ae7b80630de2ad3
SHA256 bef8a9f5a79cf34f0859ced695064fe15b767c2a7784428f28ae8a4d5a2f9b4c
ssdeep
12288:+1/0Gu7saocG0j9M5kMA5gBY8t9FycVTUbVpojT9MLqOjdcU3T:+1/0DnocG0juy5r8t9FhV4bPotMLq4d/

File size 631.5 KB ( 646674 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf via-tor

VirusTotal metadata
First submission 2015-06-25 14:13:20 UTC ( 3 years, 10 months ago )
Last submission 2015-09-20 20:34:43 UTC ( 3 years, 7 months ago )
File names bef8a9f5a79cf34f0859ced695064fe15b767c2a7784428f28ae8a4d5a2f9b4c-646674
Malware
1122.32
58eefd9183ac89a1b99dda02e0ab4092.data
bef8a9f5a79cf34f0859ced695064fe15b767c2a7784428f28ae8a4d5a2f9b4c.log
1122.32.ELF.IptableX.DDoS
1122 (1).sh
1122.32.ELF.IptabLesX.mmd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!