Sample : 56fdb379f47c19cd24f710b53582951faa3d376c9af1ad64f2e42f7ce0f62e40
Modules
Summary
OS ABI
UNIX - System V
CPU class
32 bit
Persistence (user)
No
Persistence (root)
No
CPU byte order
2's complement MSB
File type
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
CPU type
MIPS I
Entropy
7.89548466564
Syscalls executed (root)
2
Syscalls executed (user)
1
ELF type
Executable file
ELF
Class
32 bit
Data encoding
2's complement MSB
Operating system ABI
UNIX - System V
Object file type
Executable file
ELF version
0.1
Machine
MIPS I
Link
static
Entrypoint
0x112fe8
Number of segments
2
Number of sections
0
Program header table offset
52
Section header table offset
0
Program header table - size of entry
32
Section header table - size of entry
40
Program header table - entries
2
Section header table - entries
0
Section header table - index sections names
0
Stripped
True
Sections stripped
True
Malformed
OrderedDict([(u'Beyond LOAD segment', True)])
Anomalies
Segments
Memory size doubles physical size : PT_LOAD at offset 0xa6c0
Sections
Section header table offset empty : True
Number of section headers empty : True
Debug information
False
Hash
MD5
f300342e713b69e5707be47bc2a4826f
SHA1
2588f8668fe05c616aa1f64c9834711171b7a100
SHA256
56fdb379f47c19cd24f710b53582951faa3d376c9af1ad64f2e42f7ce0f62e40
SHA512
38978852e6f0a93a0f131b3358fe38fba8b1c225d22c25e2a04009395364074710dcb898e21b5a2834186a770bd0704385f0261bbc5f2f5ae06f7c2f42dbf871
ssdeep
96:Yr/mCc4Hw6SbITSvQZKBYB0HmDuOjJed7OWuXHIA:YTmCc4HnYXvQ2mDuYedvuXH
Bytes
Entropy
7.89548466564
Min entropy (16KB blocks)
-1.0
Max entropy (16KB blocks)
-1.0
Unique bytes (0-255)
256
Null bytes
114
White spaces
92
Printable bytes
1435
First 16B
7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00
Last 16B
2b 15 94 2e ee 7a bd 29 61 dc 02 e6 b8 d9 01 ae
Longest same bytes sequence
Byte :
0x0
Offset : 0x66
Length : 10
Offset : 0x66
Length : 10
Three rarest bytes
0xde - 6 times
0x92 - 5 times
0xcb - 5 times
0x92 - 5 times
0xcb - 5 times
Three most common bytes
0x0 - 114 times
0x40 - 27 times
0xc4 - 26 times
0x40 - 27 times
0xc4 - 26 times
File type
Mime type
application/x-executable
File type
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
VirusTotal
URL
https://www.virustotal.com/#/file/56fdb379f47c19cd24f710b53582951faa3d376c9af1ad64f2e42f7ce0f62e40
Positive
9
Total AVs
56
Scan date
2019-12-11 20:29:41
Detection
AVG :
ELF:Agent-ACM [Trj]
Avira : LINUX/Siggen.eozef
Qihoo-360 : LINUX/Trojan.3fa
AegisLab : Trojan.Linux.Generic.4!c
DrWeb : Linux.Siggen.689
TrendMicro : Trojan.Linux.ZYX.USELVKQ19
Jiangmin : Backdoor.Linux.bbxo
Avast : ELF:Agent-ACM [Trj]
F-Secure : Malware.LINUX/Siggen.eozef
Avira : LINUX/Siggen.eozef
Qihoo-360 : LINUX/Trojan.3fa
AegisLab : Trojan.Linux.Generic.4!c
DrWeb : Linux.Siggen.689
TrendMicro : Trojan.Linux.ZYX.USELVKQ19
Jiangmin : Backdoor.Linux.bbxo
Avast : ELF:Agent-ACM [Trj]
F-Secure : Malware.LINUX/Siggen.eozef
Code Explore
Nucleus
Eh_frame
Sandbox (user)
Standard output
Standard error
Bus error
Sandbox (root)
Standard output
Standard error
Bus error
Behavior
User behavior
Errors
Bus error
True
Syscalls
Unique
execve
Unique number
1
Total number
1
Number of processes
1
Trace lines lost
0
Empty trace
True
Max sleep
-1.0
Root behavior
Errors
Bus error
True
Syscalls
Unique
commit_creds
execve
Unique number
2
Total number
2
Number of processes
1
Trace lines lost
0
Max sleep
-1.0