Sample : 5d19ebc50b41b1bcca17cef4b1e1f0ea61fc9d58bbda2e2caace39a709e62172
Modules
Summary
OS ABI
UNIX - System V
CPU class
32 bit
CPU byte order
2's complement MSB
File type
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
CPU type
Motorola 68000
Entropy
6.31685253944
ELF type
Executable file
ELF
Class
32 bit
Data encoding
2's complement MSB
Operating system ABI
UNIX - System V
Object file type
Executable file
ELF version
0.1
Machine
Motorola 68000
Link
static
Entrypoint
0x80000144
Number of segments
3
Number of sections
10
Program header table offset
52
Section header table offset
59340
Program header table - size of entry
32
Section header table - size of entry
40
Program header table - entries
3
Section header table - entries
10
Section header table - index sections names
9
Stripped
True
Sections stripped
False
Anomalies
Segments
Memory size doubles physical size : PT_LOAD at offset 0xe618
Sections
Uncommon sections : section without a name
Debug information
False
Hash
MD5
8dcbc0873d45d6601ee8bdf478d9b500
SHA1
05980a1ac4cba7adc21f8f415fe90be9d89c3f5e
SHA256
5d19ebc50b41b1bcca17cef4b1e1f0ea61fc9d58bbda2e2caace39a709e62172
SHA512
e8420709bef67614d60ceca8f1895ab1f3f95b177d250b0af75ba30f36cf4a43339494a28aa74cc04e5dc078475a5717db7d328a067ade2488d4dfa3c39633a9
ssdeep
1536:XtCdFUWyqsiqIVPZLS6zCklnCyQDVYul68248l:esLIVtLBuHCL
Bytes
Entropy
6.31685253944
Min entropy (16KB blocks)
6.11689319931
Max entropy (16KB blocks)
6.35267395823
Unique bytes (0-255)
256
Null bytes
9843
White spaces
3568
Printable bytes
22764
First 16B
7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00
Last 16B
00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00
Longest same bytes sequence
Byte :
0x0
Offset : 0xe515
Length : 260
Offset : 0xe515
Length : 260
Three rarest bytes
0xa5 - 1 times
0xbd - 1 times
0xcf - 1 times
0xbd - 1 times
0xcf - 1 times
Three most common bytes
0x0 - 9843 times
0xff - 3497 times
0x20 - 1767 times
0xff - 3497 times
0x20 - 1767 times
File type
Mime type
application/x-executable
File type
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
VirusTotal
URL
https://www.virustotal.com/#/file/5d19ebc50b41b1bcca17cef4b1e1f0ea61fc9d58bbda2e2caace39a709e62172
Positive
17
Total AVs
57
Scan date
2017-05-02 02:56:01
AVClass
mirai
Detection
McAfee-GW-Edition :
Linux/Mirai
Kaspersky : HEUR:Backdoor.Linux.Mirai.c
Ikarus : Linux.Mirai
Avast : ELF:Mirai-A [Trj]
ZoneAlarm : HEUR:Backdoor.Linux.Mirai.c
McAfee : Linux/Mirai
Sophos : Linux/DDoS-CI
ESET-NOD32 : Linux/Mirai.I
Qihoo-360 : virus.elf.mirai.b
ClamAV : Unix.Trojan.Mirai-1
TrendMicro-HouseCall : ELF_MIRAI.SM
Antiy-AVL : Trojan[Backdoor]/Linux.Gafgyt.x
DrWeb : Linux.Mirai.31
AhnLab-V3 : Linux/Mirai.Gen
Symantec : Linux.Trojan
AVG : Linux/Fgt.CI
TrendMicro : ELF_MIRAI.SM
Kaspersky : HEUR:Backdoor.Linux.Mirai.c
Ikarus : Linux.Mirai
Avast : ELF:Mirai-A [Trj]
ZoneAlarm : HEUR:Backdoor.Linux.Mirai.c
McAfee : Linux/Mirai
Sophos : Linux/DDoS-CI
ESET-NOD32 : Linux/Mirai.I
Qihoo-360 : virus.elf.mirai.b
ClamAV : Unix.Trojan.Mirai-1
TrendMicro-HouseCall : ELF_MIRAI.SM
Antiy-AVL : Trojan[Backdoor]/Linux.Gafgyt.x
DrWeb : Linux.Mirai.31
AhnLab-V3 : Linux/Mirai.Gen
Symantec : Linux.Trojan
AVG : Linux/Fgt.CI
TrendMicro : ELF_MIRAI.SM
Data Explore
Paths
/proc/net/tcp
/dev/watchdog
/dev/misc/watchdog
/dev/null
/dev/watchdog
/dev/misc/watchdog
/dev/null