Sample : 39c3a0714be0d43dc6561b289eb65bd0e9e77e4207248978b924339c3ca21465

Summary


OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement MSB
File type

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
CPU type

MIPS I
Entropy

5.34986545203
Syscalls executed (root)

21
Syscalls executed (user)

20
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement MSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

MIPS I
Link

static
Entrypoint

0x400260
Number of segments

3
Number of sections

13
Program header table offset

52
Section header table offset

35980
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

3
Section header table - entries

13
Section header table - index sections names

12
Stripped

True
Sections stripped

False
Anomalies


Segments
W^X permission : PT_GNU_STACK at offset 0x0


Sections
Uncommon sections : .mdebug.abi32
.sbss
section without a name
High entropy : .rodata - 6.461358


Debug information

False

Hash


MD5

69cdd06ff427c60bf9850be3bea40354
SHA1

6c5440bd9dd5a090df79fcc4399c903d63c8f96b
SHA256

39c3a0714be0d43dc6561b289eb65bd0e9e77e4207248978b924339c3ca21465
SHA512

5f56d99faafc7b535e38e653e61f7c9b410ecce38602407c0a3abf8252e5f66809de947d1ed27fc0df083ea48b13730d836a1e9b0323f580269737d9048a4edf
ssdeep

768:GRKD+Y32xeFAHQT+uMxiqKO7fkGlehPgIl26/z0x2thv31jYl:GR7pgqKEfsL68hv6l

Bytes


Entropy

5.34986545203
Min entropy (16KB blocks)

5.16852597856
Max entropy (16KB blocks)

5.20517652298
Unique bytes (0-255)

255
Null bytes

10543
White spaces

1983
Printable bytes

6710
First 16B

7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00
Last 16B

00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00
Longest same bytes sequence

Byte : 0x0

Offset : 0x87da

Length : 257

Three rarest bytes

0xef - 1 times

0xf7 - 1 times

0xc1 - 0 times

Three most common bytes

0x0 - 10543 times

0x8f - 1704 times

0x10 - 1341 times

File type


Mime type

application/x-executable
File type

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

VirusTotal


URL

https://www.virustotal.com/#/file/39c3a0714be0d43dc6561b289eb65bd0e9e77e4207248978b924339c3ca21465
Positive

28
Total AVs

59
Scan date

2018-08-23 02:37:36
AVClass

mirai
Detection

Avast-Mobile : ELF:Mirai-UD [Trj]

Jiangmin : Backdoor.Linux.bkww

Cyren : ELF/Trojan.PEFJ-9

GData : Linux.Trojan.Mirai.E

TrendMicro : Possible_MIRAI.SMLBO14

Tencent : Linux.Backdoor.Mirai.Wrqz

TrendMicro-HouseCall : Possible_MIRAI.SMLBO14

Microsoft : Backdoor:Linux/Mirai!rfn

Ikarus : Trojan.Linux.Mirai

Qihoo-360 : Win32/Backdoor.6f4

ClamAV : Unix.Malware.Agent-6625397-0

ESET-NOD32 : Linux/Mirai.DZ

Sophos : Mal/Generic-S

Antiy-AVL : Trojan[Backdoor]/Linux.Mirai.b

Fortinet : Linux/Mirai.B!tr.bdr

Kaspersky : HEUR:Backdoor.Linux.Mirai.b

AegisLab : Backdoor.Linux.Mirai!c

NANO-Antivirus : Trojan.Mirai.ffqqrq

Comodo : UnclassifiedMalware

DrWeb : Linux.Mirai.1570

ZoneAlarm : HEUR:Backdoor.Linux.Mirai.b

AVG : ELF:Mirai-UC [Trj]

Symantec : Linux.Mirai

McAfee-GW-Edition : Linux/Mirai.f

Avast : ELF:Mirai-UC [Trj]

Zillya : Backdoor.Mirai.Linux.24271

Avira : LINUX/Mirai.leqkt

McAfee : Linux/Mirai.f

Data Explore


Paths

/bin/busybox

/dev/null

Code Explore


Nucleus

Eh_frame

Sandbox (user)


Standard output

Standard error

Segmentation fault

Sandbox (root)


Standard output

Standard error

Segmentation fault

Behavior


User behavior

Errors


Segmentation fault
True

Syscalls


Unique
fcntl
setsockopt
socket
rt_sigaction
bind
rt_sigprocmask
getppid
getpid
times
brk
connect
getsockname
time
close
execve
listen


Unique number
16

Total number
20

Number of processes

1

Trace lines lost

0

Max sleep

-1.0



Root behavior

Errors


Segmentation fault
True

Syscalls


Unique
fcntl
setsockopt
socket
rt_sigaction
commit_creds
rt_sigprocmask
time
getppid
getpid
times
brk
connect
getsockname
bind
close
execve
listen


Unique number
17

Total number
21

Number of processes

1

Trace lines lost

0

Max sleep

-1.0