Sample : d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a

Summary


OS ABI

UNIX - System V
CPU class

32 bit
CPU byte order

2's complement LSB
File type

ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
CPU type

MIPS I
Entropy

7.98064402069
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

MIPS I
Link

static
Entrypoint

0x112f20
Number of segments

2
Number of sections

0
Program header table offset

52
Section header table offset

0
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

2
Section header table - entries

0
Section header table - index sections names

0
Stripped

True
Sections stripped

True
Anomalies


Segments
High entropy : PT_LOAD at offset 0x0 - 7.980729
Memory size doubles physical size : PT_LOAD at offset 0xa5a0


Sections
Section header table offset empty : True
Number of section headers empty : True


Debug information

False

Hash


MD5

b8ed2cb3e9fedec5b164ce84ad5a08d0
SHA1

b45ef9ad0a29b0a402d1613b10c3f6e95686230c
SHA256

d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a
SHA512

98aa6abf6bc6b27ea2833122c468e436c267ef40c5ecbbd6446174d0859920e7b7bbcec617e12d7aa9e89e0492e5dcf4cf49a6208e7252fd0619047818454a31
ssdeep

1536:m3LqE6rUQWzVQR7iAGEcUT5PIi7pLqBNs4LOjcwf4nB6XuzGNy+iSc7tNUZM:mOE6PWo1T5bz4LVMXuzVNScWM

Bytes


Entropy

7.98064402069
Min entropy (16KB blocks)

7.78284336141
Max entropy (16KB blocks)

7.98883022102
Unique bytes (0-255)

256
Null bytes

1336
White spaces

1988
Printable bytes

30860
First 16B

7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B

95 0a 00 00 ac a2 03 00 00 00 00 0d 80 00 00 00
Longest same bytes sequence

Byte : 0x0

Offset : 0x9

Length : 8

Three rarest bytes

0xd1 - 287 times

0x75 - 282 times

0xb8 - 282 times

Three most common bytes

0x0 - 1336 times

0x10 - 486 times

0x1 - 481 times

File type


Mime type

application/x-executable
File type

ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

VirusTotal


URL

https://www.virustotal.com/#/file/d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a
Positive

26
Total AVs

60
Scan date

2018-06-21 22:02:07
AVClass

hajime
Detection

Symantec : Linux.Hajime

McAfee : RDN/Generic BackDoor

AegisLab : Backdoor.Linux.Hajime!c

Sophos : Linux/Hajime-A

Microsoft : Trojan:Win32/Occamy.C

Zillya : Backdoor.Hajime.Linux.133

DrWeb : Linux.Hajime.34

Qihoo-360 : Win32/Backdoor.IM.280

Ikarus : Trojan.Linux.Hajime

Cyren : ELF/Trojan.PMWE-1

Comodo : .UnclassifiedMalware

Avast : Other:Malware-gen [Trj]

Kaspersky : HEUR:Backdoor.Linux.Hajime.b

NANO-Antivirus : Trojan.Elf32.Hajime.fbjkxb

AVG : Other:Malware-gen [Trj]

Jiangmin : Backdoor.Linux.azsj

MAX : malware (ai score=95)

ESET-NOD32 : a variant of Linux/Hajime.A

TrendMicro : TROJ_GEN.F04JC00DU18

GData : Linux.Trojan.Agent.KK5LHJ

TrendMicro-HouseCall : TROJ_GEN.F04JC00DU18

McAfee-GW-Edition : RDN/Generic BackDoor

Avira : LINUX/Hajime.ltfzr

Tencent : Linux.Backdoor.Hajime.Pitx

ZoneAlarm : HEUR:Backdoor.Linux.Hajime.b

Fortinet : Linux/Hajime.A!tr.bdr

Code Explore


Nucleus

Eh_frame