Sample:

d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a



Summary

OS ABI: UNIX - System V

CPU class: 32 bit

CPU byte order: 2's complement LSB

File type: ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

CPU type: MIPS I

Entropy: 7.98064402069

ELF type: Executable file

ELF

Class: 32 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Executable file

ELF version: 0.1

Machine: MIPS I

Entrypoint: 0x112f20

Number of segments: 2

Number of sections: 0

Program header table offset: 52

Section header table offset: 0

Program header table - size of entry: 32

Section header table - size of entry: 40

Program header table - entries: 2

Section header table - entries: 0

Section header table - index sections names: 0

Stripped: True

Sections stripped: True

  • PT_LOAD at offset 0x0 - 7.980729
  • PT_LOAD at offset 0xa5a0

Section header table offset empty: True

Number of section headers empty: True

Debug information: False

Hash

MD5: b8ed2cb3e9fedec5b164ce84ad5a08d0

SHA1: b45ef9ad0a29b0a402d1613b10c3f6e95686230c

SHA256: d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a

SHA512: 98aa6abf6bc6b27ea2833122c468e436c267ef40c5ecbbd6446174d0859920e7b7bbcec617e12d7aa9e89e0492e5dcf4cf49a6208e7252fd0619047818454a31

ssdeep: 1536:m3LqE6rUQWzVQR7iAGEcUT5PIi7pLqBNs4LOjcwf4nB6XuzGNy+iSc7tNUZM:mOE6PWo1T5bz4LVMXuzVNScWM

Bytes

Entropy: 7.98064402069

Min entropy (16KB blocks): 7.78284336141

Max entropy (16KB blocks): 7.98883022102

Unique bytes (0-255): 256

Null bytes: 1336

White spaces: 1988

Printable bytes: 30860

First 16B: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 95 0a 00 00 ac a2 03 00 00 00 00 0d 80 00 00 00

Byte: 0x0

Offset: 0x9

Length: 8

  • 0xd1 - 287 times
  • 0x75 - 282 times
  • 0xb8 - 282 times
  • 0x0 - 1336 times
  • 0x10 - 486 times
  • 0x1 - 481 times

File type

Mime type: application/x-executable

File type: ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped

VirusTotal

URL: https://www.virustotal.com/#/file/d5601202dff3017db238145ff21857415f663031aca9b3d534bec8991b12179a

Positive: 26

Total AVs: 60

Scan date: 2018-06-21 22:02:07

AVClass: hajime

Symantec: Linux.Hajime

McAfee: RDN/Generic BackDoor

AegisLab: Backdoor.Linux.Hajime!c

Sophos: Linux/Hajime-A

Microsoft: Trojan:Win32/Occamy.C

Zillya: Backdoor.Hajime.Linux.133

DrWeb: Linux.Hajime.34

Qihoo-360: Win32/Backdoor.IM.280

Ikarus: Trojan.Linux.Hajime

Cyren: ELF/Trojan.PMWE-1

Comodo: .UnclassifiedMalware

Avast: Other:Malware-gen [Trj]

Kaspersky: HEUR:Backdoor.Linux.Hajime.b

NANO-Antivirus: Trojan.Elf32.Hajime.fbjkxb

AVG: Other:Malware-gen [Trj]

Jiangmin: Backdoor.Linux.azsj

MAX: malware (ai score=95)

ESET-NOD32: a variant of Linux/Hajime.A

TrendMicro: TROJ_GEN.F04JC00DU18

GData: Linux.Trojan.Agent.KK5LHJ

TrendMicro-HouseCall: TROJ_GEN.F04JC00DU18

McAfee-GW-Edition: RDN/Generic BackDoor

Avira: LINUX/Hajime.ltfzr

Tencent: Linux.Backdoor.Hajime.Pitx

ZoneAlarm: HEUR:Backdoor.Linux.Hajime.b

Fortinet: Linux/Hajime.A!tr.bdr

Code Explore