Modules

Summary

OS ABI

UNIX - Linux

CPU class

32 bit

Persistence (user)

Persistence (root)

CPU byte order

2's complement LSB

File type

ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped

CPU type

Intel 80386

Entropy

7.87655719335

Syscalls executed (root)

Syscalls executed (user)

ELF type

Executable file

ELF

Class

32 bit

Data encoding

2's complement LSB

Operating system ABI

UNIX - Linux

Object file type

Executable file

ELF version

0.1

Machine

Intel 80386

Link

static

Entrypoint

0xc06dd0

Number of segments

Number of sections

Program header table offset

Section header table offset

Program header table - size of entry

Section header table - size of entry

Program header table - entries

Section header table - entries

Section header table - index sections names

Stripped

True

Sections stripped

True

Anomalies

Segments

High entropy : PT_LOAD at offset 0x0 - 7.881539
Memory size doubles physical size : PT_LOAD at offset 0x920

Sections

Section header table offset empty : True
Number of section headers empty : True

Debug information

False

Hash

MD5

a7dbd8a978c746107c9f00f58da23541

SHA1

0b2bfea5c1037c68a047913d2c54dd66073145e2

SHA256

b8d6b7eb1f3f10e8e829d0bafaaba182e60b7597eace99846b76773fd6779afb

SHA512

f2db1157c12a8c1707f3808334af967a7d17c7ea4321a3ae98f60386084649c77a2051e57b6909d4a68425f67ed99855219308492756c4eae0b2eb099cb22ca3

ssdeep

384:M4yQpEKtpgy8AK+z3p+Ddttetxut0cOybZto5K2f0cneZFQETEax/jj8TVU+v1RX:/8D+bp+Li3cOybHuKwneZdTr/sBPX

Bytes

Entropy

7.87655719335

Min entropy (16KB blocks)

7.86871383895

Max entropy (16KB blocks)

7.86871383895

Unique bytes (0-255)

256

Null bytes

444

White spaces

1009

Printable bytes

9595

First 16B

7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00

Last 16B

ad 00 00 00 70 03 01 00 46 06 00 3e a0 00 00 00

Longest same bytes sequence

Byte : 0x0

Offset : 0x7a

Length : 19

Three rarest bytes

0x71 - 47 times

0xf5 - 41 times

0xe5 - 37 times

Three most common bytes

0x0 - 444 times

0x1 - 274 times

0x20 - 265 times

File type

Mime type

application/x-executable

File type

ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped

VirusTotal

URL

https://www.virustotal.com/#/file/b8d6b7eb1f3f10e8e829d0bafaaba182e60b7597eace99846b76773fd6779afb

Positive

Total AVs

Scan date

2018-06-21 04:07:56

AVClass

mirai

Detection

Symantec : Linux.Mirai

McAfee : RDN/Generic BackDoor

AegisLab : Backdoor.Linux.Mirai!c

Jiangmin : Backdoor.Linux.avjd

Fortinet : ELF/Mirai.AT!tr

Ikarus : Trojan.Linux.Mirai

ESET-NOD32 : a variant of Linux/Mirai.L

DrWeb : Linux.Mirai.793

TrendMicro : TROJ_GEN.R002C0OFK18

Qihoo-360 : Win32/Backdoor.996

TrendMicro-HouseCall : TROJ_GEN.F04JC00FL18

Avira : LINUX/Mirai.ceukf

Sophos : Mal/Generic-S

ZoneAlarm : HEUR:Backdoor.Linux.Mirai.ad

NANO-Antivirus : Trojan.Elf32.Mirai.fehkiu

Cyren : ELF/Trojan.NMFE-14

Kaspersky : HEUR:Backdoor.Linux.Mirai.ad

GData : Linux.Trojan.Agent.01D0TH

Data Explore

Paths

/proc/sm

URLs

http://upx.sf.net

Code Explore

Nucleus

Number of functions : 0

Eh_frame

Sandbox (user)

Standard output

Standard error

Segmentation fault

Sandbox (root)

Standard output

Standard error

Segmentation fault

Behavior

User behavior

Errors

Segmentation fault

True

Syscalls

Unique

fcntl
setsockopt
socket
rt_sigaction
bind
mprotect
time
getppid
getpid
times
brk
connect
getsockname
close
readlink
munmap
rt_sigprocmask
execve
listen

Unique number

19

Total number

Instrumented libc calls

Unique

strchr

Unique number

1

Total number

Number of processes

Trace lines lost

Max sleep

-1.0

Root behavior

Errors

Segmentation fault

True

Syscalls

Unique

fcntl
setsockopt
bind
socket
rt_sigaction
commit_creds
mprotect
time
getppid
getpid
times
readlink
connect
getsockname
close
brk
munmap
rt_sigprocmask
execve
listen

Unique number

20

Total number

Instrumented libc calls

Unique

strchr

Unique number

1

Total number

Number of processes

Trace lines lost

Max sleep

-1.0

Sample : b8d6b7eb1f3f10e8e829d0bafaaba182e60b7597eace99846b76773fd6779afb

Modules

Summary

OS ABI

CPU class

Persistence (user)

Persistence (root)

CPU byte order

File type

CPU type

Entropy

Syscalls executed (root)

Syscalls executed (user)

ELF type

ELF

Class

Data encoding

Operating system ABI

Object file type

ELF version

Machine

Link

Entrypoint

Number of segments

Number of sections

Program header table offset

Section header table offset

Program header table - size of entry

Section header table - size of entry

Program header table - entries

Section header table - entries

Section header table - index sections names

Stripped

Sections stripped

Anomalies

Debug information

Hash

MD5

SHA1

SHA256

SHA512

ssdeep

Bytes

Entropy

Min entropy (16KB blocks)

Max entropy (16KB blocks)

Unique bytes (0-255)

Null bytes

White spaces

Printable bytes

First 16B

Last 16B

Longest same bytes sequence

Three rarest bytes

Three most common bytes

File type

Mime type

File type

VirusTotal

URL

Positive

Total AVs

Scan date

AVClass

Detection

Data Explore

Paths

URLs

Code Explore

Nucleus

Eh_frame

Sandbox (user)

Standard output

Standard error

Sandbox (root)

Standard output

Standard error

Behavior

User behavior

Errors