× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5
File name: VirusShare_a16a281cbe544af40f8463c7f5186496
Detection ratio: 25 / 58
Analysis date: 2017-09-14 08:26:06 UTC ( 4 months, 1 week ago )
Antivirus Result Update
AegisLab Linux.Agent.Uporo!c 20170914
AhnLab-V3 Linux/Ddos.676245 20170914
Antiy-AVL Trojan[Backdoor]/Linux.Agent 20170914
Avast ELF:Agent-HW [Trj] 20170914
AVG ELF:Agent-HW [Trj] 20170914
Avira (no cloud) LINUX/Agent.uporo 20170914
CAT-QuickHeal Linux97c 20170914
ClamAV Unix.Malware.Agent-5990648-0 20170914
Comodo UnclassifiedMalware 20170914
Cyren ELF/Trojan.FSVL-5 20170914
DrWeb Linux.DDoS.138 20170914
ESET-NOD32 a variant of Linux/Agent.DU 20170914
GData Linux.Trojan.Agent.R3DLX7 20170914
Ikarus Trojan.Linux.Agent 20170913
Jiangmin Backdoor.Linux.ome 20170914
Kaspersky HEUR:Trojan-DDoS.Linux.Agent.q 20170914
McAfee RDN/Generic BackDoor 20170914
McAfee-GW-Edition RDN/Generic BackDoor 20170914
NANO-Antivirus Trojan.Agent.esgxwh 20170914
Sophos AV Linux/DDoS-CO 20170914
Symantec Linux.Imeij 20170914
Tencent Linux.Trojan-ddos.Agent.Lkdm 20170914
TrendMicro ELF_IMEIJ.A 20170914
TrendMicro-HouseCall ELF_IMEIJ.A 20170914
ZoneAlarm by Check Point HEUR:Trojan-DDoS.Linux.Agent.q 20170914
Ad-Aware 20170914
Alibaba 20170911
ALYac 20170914
Arcabit 20170914
AVware 20170914
Baidu 20170914
BitDefender 20170914
CMC 20170914
CrowdStrike Falcon (ML) 20170804
Cylance 20170914
Emsisoft 20170914
Endgame 20170821
F-Prot 20170914
F-Secure 20170914
Fortinet 20170914
Sophos ML 20170914
K7AntiVirus 20170914
K7GW 20170914
Kingsoft 20170914
Malwarebytes 20170914
MAX 20170914
Microsoft 20170914
eScan 20170914
nProtect 20170914
Palo Alto Networks (Known Signatures) 20170914
Panda 20170913
Qihoo-360 20170914
Rising 20170914
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170914
Symantec Mobile Insight 20170914
TheHacker 20170911
TotalDefense 20170914
Trustlook 20170914
VBA32 20170913
VIPRE 20170914
ViRobot 20170914
Webroot 20170914
WhiteArmor 20170829
Yandex 20170908
Zillya 20170913
Zoner 20170914
The file being studied is an ELF! More specifically, it is a EXEC (Executable file) ELF for Unix systems running on ARM machines.
ELF Header
Class ELF32
Data 2's complement, little endian
Header version 1 (current)
OS ABI UNIX - System V
ABI version 0
Object file type EXEC (Executable file)
Required architecture ARM
Object file version 0x1
Program headers 6
Section headers 30
ELF sections
ELF Segments
.ARM.exidx
.note.ABI-tag
.init
.text
__libc_freeres_fn
__libc_thread_freeres_fn
.fini
.rodata
__libc_subfreeres
__libc_atexit
__libc_thread_subfreeres
.ARM.extab
.ARM.exidx
.eh_frame
.init_array
.fini_array
.jcr
.data.rel.ro
.got
.data
.bss
__libc_freeres_ptrs
.note.ABI-tag
Segment without sections
Segment without sections
Imported symbols
Exported symbols
ExifTool file metadata
MIMEType
application/octet-stream

CPUByteOrder
Little endian

CPUArchitecture
32 bit

FileType
ELF executable

ObjectFileType
Executable file

CPUType
Unknown (40)

File identification
MD5 a16a281cbe544af40f8463c7f5186496
SHA1 931321a4e6fb126f83bb6a0ff8ad4ffd260b9438
SHA256 8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5
ssdeep
12288:GivR9Qv1FiSUq1orf7IU35Ye8GiRQdigaAr76dYu+CDPuLKnhtxMK1:DmP0fUU35Ye8GiRQdCLrnhXMu

File size 660.4 KB ( 676245 bytes )
File type ELF
Magic literal
ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, for GNU/Linux 2.6.14, not stripped

TrID ELF Executable and Linkable format (generic) (100.0%)
Tags
elf

VirusTotal metadata
First submission 2017-02-25 07:46:52 UTC ( 10 months, 4 weeks ago )
Last submission 2017-09-14 08:26:06 UTC ( 4 months, 1 week ago )
File names VirusShare_a16a281cbe544af40f8463c7f5186496
Arm1
aa
Arm1_from_172.247.116.3
Arm1
hp6JuBFr9.doc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!