× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb95458e646859b32a88ed9778a5f9c7500d2a81eae31f0f9d70fc6b10511634
File name: shelelf.reverse-shell.x43.ELF.mmd
Detection ratio: 13 / 52
Analysis date: 2016-02-03 08:14:10 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Downloader.Linux!c 20160202
Avast ELF:Shellshock-B [Expl] 20160202
AVG Linux/ShellShock 20160203
Comodo UnclassifiedMalware 20160202
DrWeb Linux.BackDoor.Shell.41 20160203
ESET-NOD32 Linux/Getshell.J.Gen 20160202
GData Linux.Trojan.Agent.3643Y6 20160202
Ikarus Trojan.Linux.Getshell 20160202
Kaspersky Trojan-Downloader.Linux.ShellLoader.a 20160203
McAfee Linux/GetShell.gen.c 20160202
McAfee-GW-Edition Linux/GetShell.gen.c 20160202
Sophos Linux/Shockel-A 20160203
Tencent Linux.Trojan-downloader.Shellloader.Tcbz 20160203
Ad-Aware 20160202
Yandex 20160202
AhnLab-V3 20160202
Alibaba 20160202
ALYac 20160203
Antiy-AVL 20160203
Arcabit 20160202
Avira (no cloud) 20160202
Baidu-International 20160202
BitDefender 20160202
Bkav 20160201
ByteHero 20160203
CAT-QuickHeal 20160202
ClamAV 20160202
Cyren 20160202
Emsisoft 20160202
F-Prot 20160129
Fortinet 20160202
Jiangmin 20160202
K7AntiVirus 20160202
K7GW 20160202
Malwarebytes 20160203
Microsoft 20160203
eScan 20160202
NANO-Antivirus 20160202
nProtect 20160201
Panda 20160201
Qihoo-360 20160203
Rising 20160202
SUPERAntiSpyware 20160202
Symantec 20160201
TheHacker 20160130
TrendMicro 20160203
TrendMicro-HouseCall 20160203
VBA32 20160201
VIPRE 20160203
ViRobot 20160202
Zillya 20160201
Zoner 20160202
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 1
Section headers 0
ELF Segments
Segment without sections
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
i386

File identification
MD5 ccb389d4674f042486c1e9c6f67d5521
SHA1 3bbaa69239f3dd1791ac186883bb6d4e2bfc3c01
SHA256 cb95458e646859b32a88ed9778a5f9c7500d2a81eae31f0f9d70fc6b10511634
ssdeep
3:Bkkk/tMlwXll/O/slrGn4//1lR12ip9q1ubIpc9wG5Lh:Btk/tMl//ES4l920RbIpc9wMh

File size 155 bytes ( 155 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size

TrID ELF Executable and Linkable format (generic) (100.0%)
Tags
elf

VirusTotal metadata
First submission 2015-11-06 18:06:07 UTC ( 1 year, 7 months ago )
Last submission 2016-09-21 16:20:51 UTC ( 9 months ago )
File names shelelf.reverse-shell.x43.ELF.mmd
exploit
shel.elf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!