× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ebfd9354ed83635ed38bd117b375903f9984a18780ef86dbf7a642fc6584271c
File name: sshd.bad
Detection ratio: 0 / 46
Analysis date: 2013-01-11 17:28:30 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Yandex 20130111
AhnLab-V3 20130111
AntiVir 20130107
Antiy-AVL 20130111
Avast 20130111
AVG 20130111
BitDefender 20130111
ByteHero 20130111
CAT-QuickHeal 20130111
ClamAV 20130111
Commtouch 20130111
Comodo 20130111
DrWeb 20130111
Emsisoft 20130111
eSafe 20130110
ESET-NOD32 20130111
F-Prot 20130111
F-Secure 20130111
Fortinet 20130111
GData 20130111
Ikarus 20130111
Jiangmin 20121221
K7AntiVirus 20130111
Kaspersky 20130111
Kingsoft 20130107
Malwarebytes 20130111
McAfee 20130111
McAfee-GW-Edition 20130111
Microsoft 20130111
eScan 20130111
NANO-Antivirus 20130111
Norman 20130111
nProtect 20130111
Panda 20130111
PCTools 20130111
Rising 20130110
Sophos AV 20130111
SUPERAntiSpyware 20130111
Symantec 20130111
TheHacker 20130109
TotalDefense 20130111
TrendMicro 20130111
TrendMicro-HouseCall 20130111
VBA32 20130111
VIPRE 20130111
ViRobot 20130111
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on Advanced Micro Devices X86-64 machines.
ELF Header
Class ELF64
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture Advanced Micro Devices X86-64
Object file version 0x1
Program headers 8
Section headers 28
ELF sections
ELF Segments
Segment without sections
.interp
.interp
.note.ABI-tag
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.init
.plt
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.ctors
.dtors
.jcr
.dynamic
.got
.got.plt
.data
.bss
.dynamic
.note.ABI-tag
.note.gnu.build-id
.eh_frame_hdr
Segment without sections
Shared libraries
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
64 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
AMD x86-64

Compressed bundles
File identification
MD5 90dc9de5f93b8cc2d70a1be37acea23a
SHA1 cb7a464aa8d58f26f6561c32ef4a1464c583a7ca
SHA256 ebfd9354ed83635ed38bd117b375903f9984a18780ef86dbf7a642fc6584271c
ssdeep
6144:QJ5uF53S/6kaCIIiz+nhaLDiPavYPPH+eBnNMxohL0d1uiz0g0ift0grMr0xC:QJ8F53eaCIanFPawHLL0H/siKu

File size 469.9 KB ( 481200 bytes )
File type ELF
Magic literal
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

TrID ELF Executable and Linkable format (Linux) (50.1%)
ELF Executable and Linkable format (generic) (49.8%)
Tags
64bits elf

VirusTotal metadata
First submission 2013-01-11 17:28:30 UTC ( 4 years, 8 months ago )
Last submission 2017-08-18 19:37:23 UTC ( 1 month ago )
File names ELF_Linux_SSHDoor_90DC9DE5F93B8CC2D70A1BE37ACEA23A.elf
sshd.bad
CB7A464AA8D58F26F6561C32EF4A1464C583A7CA
vti-rescan
90dc9de5f93b8cc2d70a1be37acea23a
90DC9DE5F93B8CC2D70A1BE37ACEA23A
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!