× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c9430a0b8bdbb92918da25d41d33d9b1c72d0224ea5793a0e1fc2083184f3a32
File name: 436032812738f7f835380637b57b136d
Detection ratio: 37 / 59
Analysis date: 2019-01-18 03:28:16 UTC ( 5 days, 12 hours ago )
Antivirus Result Update
Ad-Aware Trojan.Linux.Generic.10952 20190118
AhnLab-V3 Linux/Agent.149E0D 20190118
ALYac Trojan.Linux.Generic.10952 20190118
Antiy-AVL Trojan[Backdoor]/Linux.Mayday.f 20190118
Arcabit Trojan.Linux.Generic.D2AC8 20190118
Avast ELF:Elknot-AA [Trj] 20190118
AVG ELF:Elknot-AA [Trj] 20190118
Avira (no cloud) LINUX/Elknot.xbpoq 20190117
BitDefender Trojan.Linux.Generic.10952 20190118
CAT-QuickHeal Linux.Elknot.E5f 20190117
Comodo Malware@#1f1v3dqdfxxgr 20190118
DrWeb Linux.DDoS.1 20190118
Emsisoft Trojan.Linux.Generic.10952 (B) 20190118
ESET-NOD32 Linux/Elknot.B 20190118
F-Secure Trojan.Linux.Generic.10952 20190118
Fortinet ELF/DDoS.AZ!tr 20190118
GData Trojan.Linux.Generic.10952 20190118
Ikarus Backdoor.Linux.Mayday 20190117
Jiangmin Backdoor/Linux.id 20190118
K7AntiVirus Trojan ( 0001140e1 ) 20190117
K7GW Trojan ( 0001140e1 ) 20190117
Kaspersky Backdoor.Linux.Mayday.f 20190118
MAX malware (ai score=98) 20190118
McAfee Linux/Generic.b 20190118
McAfee-GW-Edition Linux/Generic.b 20190117
Microsoft DoS:Linux/Elknot.E 20190118
eScan Trojan.Linux.Generic.10952 20190118
NANO-Antivirus Trojan.Elf32.Mayday.ebdogu 20190118
Qihoo-360 Win32/Trojan.b6b 20190118
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Linux/DDoS-AZ 20190117
Symantec Linux.Chikdos.B!gen1 20190117
Tencent Backdoor.Linux.Mayday.f 20190118
TrendMicro Possible_ELKNOT.SMA 20190118
TrendMicro-HouseCall Linux_ELKNOT.SMA 20190118
Zillya Trojan.Agent.Linux.3 20190117
ZoneAlarm by Check Point Backdoor.Linux.Mayday.f 20190118
Acronis 20190117
AegisLab 20190118
Alibaba 20180921
Avast-Mobile 20190117
Babable 20180918
Baidu 20190117
Bkav 20190117
ClamAV 20190117
CMC 20190117
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190118
Cyren 20190118
eGambit 20190118
Endgame 20181108
F-Prot 20190118
Sophos ML 20181128
Kingsoft 20190118
Malwarebytes 20190118
Palo Alto Networks (Known Signatures) 20190118
Panda 20190117
Rising 20190118
SUPERAntiSpyware 20190116
TACHYON 20190118
TheHacker 20190115
TotalDefense 20190117
Trapmine 20190103
Trustlook 20190118
VBA32 20190117
VIPRE 20190117
ViRobot 20190117
Webroot 20190118
Yandex 20190117
Zoner 20190118
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 27
ELF sections
ELF Segments
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.note.ABI-tag
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

Compressed bundles
File identification
MD5 436032812738f7f835380637b57b136d
SHA1 98e867912c2ae36996d7a4e68842230a1acfff88
SHA256 c9430a0b8bdbb92918da25d41d33d9b1c72d0224ea5793a0e1fc2083184f3a32
ssdeep
24576:fAg0g+3YAqKbwt6Mleiv8x7HBruOmjqD0rV8T5KWs2/wNLg6Yvz1VVbBHpusVmMS:og01IAqHtZleikDuOGqYrVy5Kd2/0JYw

File size 1.3 MB ( 1351181 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf via-tor

VirusTotal metadata
First submission 2014-05-11 16:48:40 UTC ( 4 years, 8 months ago )
Last submission 2019-01-18 03:28:16 UTC ( 5 days, 12 hours ago )
File names 436032812738f7f835380637b57b136d
20140511130222_http___222_76_210_140_81_xx32
xx32
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!