Sample : 5c8c41253aa68adeb955e7d1c7b8e084e06537f75eff12c3f3a0f3cb30cb2152

Summary


OS ABI

UNIX - System V
CPU class

32 bit
CPU byte order

2's complement LSB
File type

ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
CPU type

MIPS I
Entropy

7.79278316752
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

MIPS I
Link

static
Entrypoint

0x21c778
Number of segments

2
Number of sections

0
Program header table offset

52
Section header table offset

0
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

2
Section header table - entries

0
Section header table - index sections names

0
Stripped

True
Sections stripped

True
Anomalies


Segments
High entropy : PT_LOAD at offset 0x0 - 7.790731
Memory size doubles physical size : PT_LOAD at offset 0x4940


Sections
Section header table offset empty : True
Number of section headers empty : True


Debug information

False

Hash


MD5

856f14251f643bac62b9193c54449472
SHA1

be4b4f732e26d32a8d02504a252a1ab4832f2cce
SHA256

5c8c41253aa68adeb955e7d1c7b8e084e06537f75eff12c3f3a0f3cb30cb2152
SHA512

1dfb07872524469b7cb910da60222b920da24659a8c13ec306ae771a61d8f7eca1d197c43b4bfb64535d31c2c587c6ef94538b29ed2da313372a6b78339f9938
ssdeep

24576:Htt6KVUUKdedoZworM9X+LwxiY3ggL25NMPc71QeCdvrrZnSlHWlnq:Hv6KVU2d2vsL1fL2rDlevrNnS5WM

Bytes


Entropy

7.79278316752
Min entropy (16KB blocks)

7.20374519681
Max entropy (16KB blocks)

7.82676336768
Unique bytes (0-255)

256
Null bytes

20211
White spaces

34795
Printable bytes

434866
First 16B

7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B

0a b5 96 43 b4 2c 50 f4 9e 8d 55 c2 46 f8 21 12
Longest same bytes sequence

Byte : 0x0

Offset : 0x9

Length : 8

Three rarest bytes

0xf2 - 1388 times

0xe5 - 1253 times

0xf9 - 835 times

Three most common bytes

0x0 - 20211 times

0xff - 16153 times

0x2 - 12264 times

File type


Mime type

application/x-executable
File type

ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

VirusTotal


URL

https://www.virustotal.com/#/file/5c8c41253aa68adeb955e7d1c7b8e084e06537f75eff12c3f3a0f3cb30cb2152
Positive

32
Total AVs

59
Scan date

2018-05-15 00:00:06
AVClass

pnscan
Detection

ClamAV : Unix.Malware.Agent-1393485

AegisLab : Linux.Troj.Agent!c

Symantec : Linux.Raubdo

Microsoft : Trojan:Linux/Pienscan.A

Fortinet : ELF/PnScan2.A!tr

TrendMicro-HouseCall : ELF_RAUBIDO.A

Jiangmin : Backdoor.Linux.anx

K7AntiVirus : Trojan ( 0001140e1 )

Emsisoft : Linux.Trojan.Agent.A (B)

Sophos : Mal/Generic-S

Cyren : ELF/Trojan.WGDB-0

Zillya : Downloader.OpenConnection.JS.135746

Avast : ELF:PNScan-AG [PUP]

Kaspersky : Backdoor.Linux.Agent.ae

NANO-Antivirus : Trojan.Elf32.Agent.ebdaxn

AVG : ELF:PNScan-AG [PUP]

BitDefender : Linux.Trojan.Agent.A

K7GW : Trojan ( 0001140e1 )

MAX : malware (ai score=97)

ESET-NOD32 : Linux/PNScan.A

CAT-QuickHeal : Linux/Svirtu.PR77f

F-Secure : Linux.Trojan.Agent.A

Ikarus : Backdoor.Linux.Agent

Ad-Aware : Linux.Trojan.Agent.A

Avira : LINUX/PNScan.7

Tencent : Linux.Backdoor.Agent.Dztv

AhnLab-V3 : Linux/Pnscan.1203885

ZoneAlarm : Backdoor.Linux.Agent.ae

ALYac : Linux.Trojan.Agent.A

MicroWorld-eScan : Linux.Trojan.Agent.A

VBA32 : Linux.PNScan.2

GData : Linux.Trojan.Agent.A

Data Explore


Paths

~/~5

~/

~/

~/w

/proc/ver{

/proc/[

URLs

http://upx.sf.net

IPs (v4 and v6)

::

::

::

::

::

20::

Code Explore


Nucleus

Eh_frame