× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2b3ce2195b1422c165faeb1fbbdd098f13df6cf6595fb18f8d618cd78df597c
File name: VirtualBox12121
Detection ratio: 11 / 55
Analysis date: 2014-09-03 07:25:24 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Avast ELF:Elknot-N [Trj] 20140903
CAT-QuickHeal Linux.Elknot.Ec 20140903
ClamAV Unix.Trojan.Elknot-1 20140903
DrWeb Linux.DDoS.8 20140903
Fortinet ELF/DDOS.BA!tr.bdr 20140903
Ikarus DoS.Linux.Elknot 20140903
Kaspersky Backdoor.Linux.Mayday.f 20140903
Microsoft DoS:Linux/Elknot.E 20140903
Sophos AV Linux/DDoS-AZ 20140903
Symantec Trojan.Chikdos.B!gen1 20140903
Zillya Downloader.OpenConnection.JS.100288 20140903
Ad-Aware 20140903
AegisLab 20140903
Yandex 20140902
AhnLab-V3 20140903
AntiVir 20140903
Antiy-AVL 20140903
AVG 20140902
AVware 20140902
Baidu-International 20140902
BitDefender 20140903
Bkav 20140829
ByteHero 20140903
CMC 20140901
Comodo 20140903
Cyren 20140903
Emsisoft 20140903
ESET-NOD32 20140903
F-Prot 20140903
F-Secure 20140903
GData 20140903
Jiangmin 20140901
K7AntiVirus 20140902
K7GW 20140902
Kingsoft 20140903
Malwarebytes 20140903
McAfee 20140903
McAfee-GW-Edition 20140902
eScan 20140903
NANO-Antivirus 20140903
Norman 20140903
nProtect 20140902
Panda 20140902
Qihoo-360 20140903
Rising 20140902
SUPERAntiSpyware 20140903
Tencent 20140903
TheHacker 20140902
TotalDefense 20140903
TrendMicro 20140903
TrendMicro-HouseCall 20140903
VBA32 20140902
VIPRE 20140902
ViRobot 20140903
Zoner 20140901
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Intel 80386 machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Intel 80386
Object file version 0x1
Program headers 5
Section headers 28
ELF sections
ELF Segments
.note.ABI-tag
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.eh_frame
.gcc_except_table
.ctors
.dtors
.jcr
.data.rel.ro
.got
.got.plt
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

FileAccessDate
2014:11:11 12:31:56+01:00

ObjectFileType
Executable file

CPUType
i386

FileCreateDate
2014:11:11 12:31:56+01:00

File identification
MD5 872b6319556392e16228e5982ebe7024
SHA1 31c32d3e2a1b2863843222e1b43a33a019ba2811
SHA256 d2b3ce2195b1422c165faeb1fbbdd098f13df6cf6595fb18f8d618cd78df597c
ssdeep
24576:RQe6k2Ix2FKRhUYofWZWuPeogQkOn7BB8sHFqO9YmyraF2DRR/FFFIvoRlPUh:aP9KEYouZWuPRgQkO9YmyWSRhi8Uh

File size 1.4 MB ( 1504766 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
elf

VirusTotal metadata
First submission 2014-09-03 07:25:24 UTC ( 3 years, 10 months ago )
Last submission 2014-09-29 10:42:17 UTC ( 3 years, 9 months ago )
File names VirtualBox12121
vti-rescan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!