Sample : b8d6b7eb1f3f10e8e829d0bafaaba182e60b7597eace99846b76773fd6779afb
Modules
Summary
OS ABI
UNIX - Linux
CPU class
32 bit
Persistence (user)
No
Persistence (root)
No
CPU byte order
2's complement LSB
File type
ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
CPU type
Intel 80386
Entropy
7.87655719335
Syscalls executed (root)
26
Syscalls executed (user)
25
ELF type
Executable file
ELF
Class
32 bit
Data encoding
2's complement LSB
Operating system ABI
UNIX - Linux
Object file type
Executable file
ELF version
0.1
Machine
Intel 80386
Link
static
Entrypoint
0xc06dd0
Number of segments
3
Number of sections
0
Program header table offset
52
Section header table offset
0
Program header table - size of entry
32
Section header table - size of entry
40
Program header table - entries
3
Section header table - entries
0
Section header table - index sections names
0
Stripped
True
Sections stripped
True
Anomalies
Segments
High entropy : PT_LOAD at offset 0x0 - 7.881539
Memory size doubles physical size : PT_LOAD at offset 0x920
Sections
Section header table offset empty : True
Number of section headers empty : True
Debug information
False
Hash
MD5
a7dbd8a978c746107c9f00f58da23541
SHA1
0b2bfea5c1037c68a047913d2c54dd66073145e2
SHA256
b8d6b7eb1f3f10e8e829d0bafaaba182e60b7597eace99846b76773fd6779afb
SHA512
f2db1157c12a8c1707f3808334af967a7d17c7ea4321a3ae98f60386084649c77a2051e57b6909d4a68425f67ed99855219308492756c4eae0b2eb099cb22ca3
ssdeep
384:M4yQpEKtpgy8AK+z3p+Ddttetxut0cOybZto5K2f0cneZFQETEax/jj8TVU+v1RX:/8D+bp+Li3cOybHuKwneZdTr/sBPX
Bytes
Entropy
7.87655719335
Min entropy (16KB blocks)
7.86871383895
Max entropy (16KB blocks)
7.86871383895
Unique bytes (0-255)
256
Null bytes
444
White spaces
1009
Printable bytes
9595
First 16B
7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00
Last 16B
ad 00 00 00 70 03 01 00 46 06 00 3e a0 00 00 00
Longest same bytes sequence
Byte :
0x0
Offset : 0x7a
Length : 19
Offset : 0x7a
Length : 19
Three rarest bytes
0x71 - 47 times
0xf5 - 41 times
0xe5 - 37 times
0xf5 - 41 times
0xe5 - 37 times
Three most common bytes
0x0 - 444 times
0x1 - 274 times
0x20 - 265 times
0x1 - 274 times
0x20 - 265 times
File type
Mime type
application/x-executable
File type
ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
VirusTotal
URL
https://www.virustotal.com/#/file/b8d6b7eb1f3f10e8e829d0bafaaba182e60b7597eace99846b76773fd6779afb
Positive
18
Total AVs
60
Scan date
2018-06-21 04:07:56
AVClass
mirai
Detection
Symantec :
Linux.Mirai
McAfee : RDN/Generic BackDoor
AegisLab : Backdoor.Linux.Mirai!c
Jiangmin : Backdoor.Linux.avjd
Fortinet : ELF/Mirai.AT!tr
Ikarus : Trojan.Linux.Mirai
ESET-NOD32 : a variant of Linux/Mirai.L
DrWeb : Linux.Mirai.793
TrendMicro : TROJ_GEN.R002C0OFK18
Qihoo-360 : Win32/Backdoor.996
TrendMicro-HouseCall : TROJ_GEN.F04JC00FL18
Avira : LINUX/Mirai.ceukf
Sophos : Mal/Generic-S
ZoneAlarm : HEUR:Backdoor.Linux.Mirai.ad
NANO-Antivirus : Trojan.Elf32.Mirai.fehkiu
Cyren : ELF/Trojan.NMFE-14
Kaspersky : HEUR:Backdoor.Linux.Mirai.ad
GData : Linux.Trojan.Agent.01D0TH
McAfee : RDN/Generic BackDoor
AegisLab : Backdoor.Linux.Mirai!c
Jiangmin : Backdoor.Linux.avjd
Fortinet : ELF/Mirai.AT!tr
Ikarus : Trojan.Linux.Mirai
ESET-NOD32 : a variant of Linux/Mirai.L
DrWeb : Linux.Mirai.793
TrendMicro : TROJ_GEN.R002C0OFK18
Qihoo-360 : Win32/Backdoor.996
TrendMicro-HouseCall : TROJ_GEN.F04JC00FL18
Avira : LINUX/Mirai.ceukf
Sophos : Mal/Generic-S
ZoneAlarm : HEUR:Backdoor.Linux.Mirai.ad
NANO-Antivirus : Trojan.Elf32.Mirai.fehkiu
Cyren : ELF/Trojan.NMFE-14
Kaspersky : HEUR:Backdoor.Linux.Mirai.ad
GData : Linux.Trojan.Agent.01D0TH
Data Explore
Paths
/proc/sm
URLs
http://upx.sf.net
Code Explore
Nucleus
Number of functions :
0
Eh_frame
Sandbox (user)
Standard output
Standard error
Segmentation fault
Sandbox (root)
Standard output
Standard error
Segmentation fault
Behavior
User behavior
Errors
Segmentation fault
True
Syscalls
Unique
fcntl
setsockopt
socket
rt_sigaction
bind
mprotect
time
getppid
getpid
times
brk
connect
getsockname
close
readlink
munmap
rt_sigprocmask
execve
listen
Unique number
19
Total number
25
Instrumented libc calls
Unique
strchr
Unique number
1
Total number
1
Number of processes
1
Trace lines lost
0
Max sleep
-1.0
Root behavior
Errors
Segmentation fault
True
Syscalls
Unique
fcntl
setsockopt
bind
socket
rt_sigaction
commit_creds
mprotect
time
getppid
getpid
times
readlink
connect
getsockname
close
brk
munmap
rt_sigprocmask
execve
listen
Unique number
20
Total number
26
Instrumented libc calls
Unique
strchr
Unique number
1
Total number
1
Number of processes
1
Trace lines lost
0
Max sleep
-1.0