popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1a.txt

ScreenShot ELF AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 9, 2021, 6:15 p.m. July 9, 2021, 6:24 p.m.
Size 546.6KB
Type ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
MD5 429164dbad09cd108d22105e628a3daa
SHA256 f48d2e608faeb0747b32205489e8ca88a3b10ecfd3c2cc2ff31fabf11fac03b3
CRC32 37C4E481
ssdeep 12288:D3P1A0+Kvdnd4Asvhc27/ao+PzENGtkZg0/CedRlZRqR6yse:Dfm0+KlZsJc27io2zYGtk20/LdF0+
Yara
  • IsELF - Executable and Linking Format executable file (Linux/Unix)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.67.188.154 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1304
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72a62000
process_handle: 0xffffffff
1 0 0
description Take ScreenShot rule ScreenShot
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
host 172.67.188.154
Lionic Trojan.Linux.Xarcen.9!c
MicroWorld-eScan Trojan.Linux.Agent.IPF
FireEye Trojan.Linux.Agent.IPF
ALYac Trojan.Linux.Agent.IPF
Zillya Trojan.Xorddos.Linux.91
Sangfor Suspicious.Linux.Save.a
Symantec Linux.Xorddos
ESET-NOD32 a variant of Linux/Xorddos.P
TrendMicro-HouseCall ELF_XORDDOS.SM
Avast ELF:Xorddos-M [Trj]
ClamAV Unix.Trojan.Xorddos-7644452-0
Kaspersky HEUR:Trojan-DDoS.Linux.Xarcen.d
BitDefender Trojan.Linux.Agent.IPF
NANO-Antivirus Trojan.Elf32.Xarcen.hfirtk
Tencent Trojan-Ddos.Linux.Xarcen.a
Ad-Aware Trojan.Linux.Agent.IPF
Sophos Linux/DDoS-BH
Comodo Malware@#54cl3vl8qprt
DrWeb Linux.DDoS.86
TrendMicro ELF_XORDDOS.SM
McAfee-GW-Edition Linux/DDoS-Xor.B
Emsisoft Trojan.Linux.Agent.IPF (B)
SentinelOne Static AI - Malicious ELF
GData Trojan.Linux.Agent.IPF
Jiangmin TrojanDDoS.Linux.qc
Avira LINUX/Xorddos.mluqn
Antiy-AVL Trojan/Generic.ASELF.23E06
Microsoft DoS:Linux/Xorddos!rfn
ZoneAlarm HEUR:Trojan-DDoS.Linux.Xarcen.d
Cynet Malicious (score: 99)
AhnLab-V3 Linux/Xarcen.Gen
McAfee Linux/DDoS-Xor.B
MAX malware (ai score=100)
Rising Trojan.XorDDoS/Linux!1.A3E4 (CLASSIC)
Ikarus Trojan.Linux.Xorddos
Fortinet ELF/Xorddos.D!tr
AVG ELF:Xorddos-M [Trj]