Sample : 56fdb379f47c19cd24f710b53582951faa3d376c9af1ad64f2e42f7ce0f62e40

Summary


OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement MSB
File type

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
CPU type

MIPS I
Entropy

7.89548466564
Syscalls executed (root)

2
Syscalls executed (user)

1
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement MSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

MIPS I
Link

static
Entrypoint

0x112fe8
Number of segments

2
Number of sections

0
Program header table offset

52
Section header table offset

0
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

2
Section header table - entries

0
Section header table - index sections names

0
Stripped

True
Sections stripped

True
Malformed

OrderedDict([(u'Beyond LOAD segment', True)])
Anomalies


Segments
Memory size doubles physical size : PT_LOAD at offset 0xa6c0


Sections
Section header table offset empty : True
Number of section headers empty : True


Debug information

False

Hash


MD5

f300342e713b69e5707be47bc2a4826f
SHA1

2588f8668fe05c616aa1f64c9834711171b7a100
SHA256

56fdb379f47c19cd24f710b53582951faa3d376c9af1ad64f2e42f7ce0f62e40
SHA512

38978852e6f0a93a0f131b3358fe38fba8b1c225d22c25e2a04009395364074710dcb898e21b5a2834186a770bd0704385f0261bbc5f2f5ae06f7c2f42dbf871
ssdeep

96:Yr/mCc4Hw6SbITSvQZKBYB0HmDuOjJed7OWuXHIA:YTmCc4HnYXvQ2mDuYedvuXH

Bytes


Entropy

7.89548466564
Min entropy (16KB blocks)

-1.0
Max entropy (16KB blocks)

-1.0
Unique bytes (0-255)

256
Null bytes

114
White spaces

92
Printable bytes

1435
First 16B

7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00
Last 16B

2b 15 94 2e ee 7a bd 29 61 dc 02 e6 b8 d9 01 ae
Longest same bytes sequence

Byte : 0x0

Offset : 0x66

Length : 10

Three rarest bytes

0xde - 6 times

0x92 - 5 times

0xcb - 5 times

Three most common bytes

0x0 - 114 times

0x40 - 27 times

0xc4 - 26 times

File type


Mime type

application/x-executable
File type

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

VirusTotal


URL

https://www.virustotal.com/#/file/56fdb379f47c19cd24f710b53582951faa3d376c9af1ad64f2e42f7ce0f62e40
Positive

9
Total AVs

56
Scan date

2019-12-11 20:29:41
Detection

AVG : ELF:Agent-ACM [Trj]

Avira : LINUX/Siggen.eozef

Qihoo-360 : LINUX/Trojan.3fa

AegisLab : Trojan.Linux.Generic.4!c

DrWeb : Linux.Siggen.689

TrendMicro : Trojan.Linux.ZYX.USELVKQ19

Jiangmin : Backdoor.Linux.bbxo

Avast : ELF:Agent-ACM [Trj]

F-Secure : Malware.LINUX/Siggen.eozef

Code Explore


Nucleus

Eh_frame

Sandbox (user)


Standard output

Standard error

Bus error

Sandbox (root)


Standard output

Standard error

Bus error

Behavior


User behavior

Errors


Bus error
True

Syscalls


Unique
execve


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Empty trace

True

Max sleep

-1.0



Root behavior

Errors


Bus error
True

Syscalls


Unique
commit_creds
execve


Unique number
2

Total number
2

Number of processes

1

Trace lines lost

0

Max sleep

-1.0