Sample : 9c2848962733846bf50b490fd8f6c7ce9ecade2d3f2f530f5ecbba283af87d3a

Summary


OS ABI

ARM
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 32-bit LSB executable, ARM, version 1, statically linked, stripped
CPU type

ARM 32-bit
Entropy

7.79869394735
Syscalls executed (root)

5
Syscalls executed (user)

4
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

ARM
Object file type

Executable file
ELF version

0.1
Machine

ARM 32-bit
Link

static
Entrypoint

0x10c7d0
Number of segments

2
Number of sections

0
Program header table offset

52
Section header table offset

0
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

2
Section header table - entries

0
Section header table - index sections names

0
Stripped

True
Sections stripped

True
Anomalies


Segments
High entropy : PT_LOAD at offset 0x0 - 7.798660
Memory size doubles physical size : PT_LOAD at offset 0x1d70


Sections
Section header table offset empty : True
Number of section headers empty : True


Debug information

False

Hash


MD5

3ed81eec6c0d6603b4263c89c2561187
SHA1

fc9651f35a50aa5139bd4877b900b922463117c6
SHA256

9c2848962733846bf50b490fd8f6c7ce9ecade2d3f2f530f5ecbba283af87d3a
SHA512

4fd68b0fb9ed4ea1fffcf2fd79fd0b50c7a732eedc19340c83cba99f7518fb8613906e08d97f7211ff8611b45e2bb7a95e49da2edf38fe8b61d56be7910a257c
ssdeep

24576:m+jZ1PUja4xj8vw9MNLeSIUILdE9Igqnz4w3A:ZsoYMydEeFnz4wQ

Bytes


Entropy

7.79869394735
Min entropy (16KB blocks)

7.53073081917
Max entropy (16KB blocks)

7.8248885479
Unique bytes (0-255)

256
Null bytes

13841
White spaces

34433
Printable bytes

381902
First 16B

7f 45 4c 46 01 01 01 61 00 00 00 00 00 00 00 00
Last 16B

73 14 a2 db 86 31 5e fc 8d 24 bf 3d 86 78 67 b2
Longest same bytes sequence

Byte : 0x0

Offset : 0x65

Length : 8

Three rarest bytes

0xd9 - 1274 times

0xf2 - 1066 times

0xf9 - 700 times

Three most common bytes

0x0 - 13841 times

0x6 - 13158 times

0xff - 11096 times

File type


Mime type

application/x-executable
File type

ELF 32-bit LSB executable, ARM, version 1, statically linked, stripped

VirusTotal


URL

https://www.virustotal.com/#/file/9c2848962733846bf50b490fd8f6c7ce9ecade2d3f2f530f5ecbba283af87d3a
Positive

35
Total AVs

52
Scan date

2019-02-22 00:52:38
AVClass

pnscan
Detection

Ad-Aware : Linux.Trojan.Agent.A

Cyren : ELF/Trojan.YHLN-5

CAT-QuickHeal : Linux/Svirtu.PR77b

DrWeb : Linux.PNScan.2

Symantec : Linux.Raubdo

MicroWorld-eScan : Linux.Trojan.Agent.A

ZoneAlarm : Trojan.Linux.PNScan.b

Avira : LINUX/PNScan.10

Avast : ELF:PNScan-X [Trj]

GData : Linux.Trojan.Agent.A

K7AntiVirus : Trojan ( 0001140e1 )

BitDefender : Linux.Trojan.Agent.A

AhnLab-V3 : Linux/Pnscan.1069817

NANO-Antivirus : Trojan.ElfArm32.PNScan.dxpqzr

ESET-NOD32 : a variant of Linux/PNScan.A

AVG : ELF:PNScan-X [Trj]

Jiangmin : Trojan/Linux.af

Rising : Trojan.PNScan!1.ABAC (CLASSIC)

MAX : malware (ai score=100)

Ikarus : Trojan.Linux.Agent

K7GW : Trojan ( 0001140e1 )

Emsisoft : Linux.Trojan.Agent.A (B)

ClamAV : Unix.Malware.Agent-1393484

Arcabit : Linux.Trojan.Agent.A

Avast-Mobile : ELF:PNScan-Y [Trj]

Comodo : Malware@#3pfwc807pvnkc

Kaspersky : Trojan.Linux.PNScan.b

Fortinet : ELF/PnScan2.A!tr

ALYac : Linux.Trojan.Agent.A

Qihoo-360 : Win32/Trojan.5f9

F-Secure : Malware.LINUX/PNScan.10

Sophos : Mal/Generic-S

Tencent : Linux.Trojan.Pnscan.Lpca

Microsoft : Trojan:Linux/Pnsac.A

VBA32 : Linux.PNScan.2

Data Explore


Paths

~/ f

~/

~/

~/\

~/rQ}

URLs

http://upx.sf.net

IPs (v4 and v6)

::

::

Code Explore


Nucleus

Eh_frame

Sandbox (user)


Standard output

Standard error

Segmentation fault

Sandbox (root)


Standard output

Standard error

Segmentation fault

Behavior


User behavior

Errors


Segmentation fault
True

Syscalls


Unique
restart_syscall
execve


Unique number
2

Total number
4

Number of processes

1

Trace lines lost

0

Max sleep

-1.0



Root behavior

Errors


Segmentation fault
True

Syscalls


Unique
commit_creds
restart_syscall
execve


Unique number
3

Total number
5

Number of processes

1

Trace lines lost

0

Max sleep

-1.0