× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1f6d967db61ee131dc32b817a9285f5da3ebe3e1f9a4281c8fac9339e2b4521
File name: sample.Linux.LUA.bot.mmd
Detection ratio: 4 / 55
Analysis date: 2016-09-07 08:06:23 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Linux/Luabot.996512 20160906
DrWeb Linux.LuaBot.1 20160907
ESET-NOD32 a variant of Linux/Luabot.A 20160907
Kaspersky HEUR:Backdoor.Linux.LuaBot.a 20160907
Ad-Aware 20160907
AegisLab 20160907
Alibaba 20160907
ALYac 20160907
Antiy-AVL 20160907
Arcabit 20160907
Avast 20160907
AVG 20160907
Avira (no cloud) 20160907
AVware 20160907
Baidu 20160907
BitDefender 20160907
Bkav 20160907
CAT-QuickHeal 20160907
ClamAV 20160907
CMC 20160905
Comodo 20160907
Cyren 20160907
Emsisoft 20160907
F-Prot 20160907
Fortinet 20160907
GData 20160907
Ikarus 20160906
Jiangmin 20160907
K7AntiVirus 20160907
K7GW 20160907
Kingsoft 20160907
Malwarebytes 20160907
McAfee 20160907
McAfee-GW-Edition 20160907
Microsoft 20160907
eScan 20160907
NANO-Antivirus 20160907
nProtect 20160907
Panda 20160906
Qihoo-360 20160907
Rising 20160907
Sophos AV 20160907
SUPERAntiSpyware 20160907
Symantec 20160907
Tencent 20160907
TheHacker 20160905
TotalDefense 20160907
TrendMicro 20160907
TrendMicro-HouseCall 20160907
VBA32 20160905
VIPRE 20160907
ViRobot 20160907
Yandex 20160906
Zillya 20160907
Zoner 20160907
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on ARM machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture ARM
Object file version 0x1
Program headers 4
Section headers 15
ELF sections
ELF Segments
.ARM.exidx
.init
.text
.fini
.rodata
.ARM.exidx
.eh_frame
.init_array
.fini_array
.jcr
.data
.bss
Segment without sections
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
Unknown (40)

File identification
MD5 a220940db4be6878e47b74403a8079a1
SHA1 b67ab8d107c23158ca42de04bb0e6c4d8e5b30e9
SHA256 e1f6d967db61ee131dc32b817a9285f5da3ebe3e1f9a4281c8fac9339e2b4521
ssdeep
12288:lRfH9+VAm3esEApF8EGWCEr9jbAJfF5vMYtUMT7EJkvEC7K+4b24LM5SHD:lBH9+Om3eDEGWFx05NUMTJvEYK+4b7f

File size 973.2 KB ( 996512 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, stripped

TrID ELF Executable and Linkable format (generic) (100.0%)
Tags
elf

VirusTotal metadata
First submission 2016-09-04 15:45:55 UTC ( 2 years, 4 months ago )
Last submission 2017-09-14 06:58:49 UTC ( 1 year, 4 months ago )
File names sample.Linux.LUA.bot.mmd
sample.Linux.LUA.bot.mmd
bot
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!