popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.txt

ScreenShot ELF AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 9, 2021, 6:15 p.m. July 9, 2021, 6:21 p.m.
Size 611.2KB
Type ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
MD5 175e623cb74600fba53df0db094894b0
SHA256 b1b32e4ca117a393ad2dec01b112819864f34261a56b0dbebe5263840f769076
CRC32 320DA564
ssdeep 12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrBT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNBBVEBl/91h
Yara
  • IsELF - Executable and Linking Format executable file (Linux/Unix)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
104.21.19.200 Active Moloch
147.124.213.132 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74312000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74053000
process_handle: 0xffffffff
1 0 0
description Take ScreenShot rule ScreenShot
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
host 104.21.19.200
host 147.124.213.132
Lionic Trojan.Linux.Xarcen.9!e
MicroWorld-eScan Trojan.Linux.Generic.182662
FireEye Trojan.Linux.Generic.182662
ALYac Trojan.Linux.Generic.182662
Sangfor Suspicious.Linux.Save.a
Cyren E32/Xorddos.A.gen!Camelot
Symantec Linux.Xorddos
ESET-NOD32 a variant of Linux/Xorddos.C
TrendMicro-HouseCall ELF_XORDDOS.SM
Avast ELF:Xorddos-E [Trj]
ClamAV Unix.Trojan.DDoS_XOR-1
Kaspersky HEUR:Trojan-DDoS.Linux.Xarcen.a
BitDefender Trojan.Linux.Generic.182662
NANO-Antivirus Trojan.Elf32.Xarcen.eftmox
Rising Trojan.XorDDoS/Linux!1.A3E4 (CLASSIC)
Ad-Aware Trojan.Linux.Generic.182662
Emsisoft Trojan.Linux.Generic.182662 (B)
Comodo Malware@#p1qhhl8kb8r4
DrWeb Linux.DDoS.Xor.4
Zillya Trojan.Xorddos.Linux.34
TrendMicro ELF_XORDDOS.SM
McAfee-GW-Edition Linux/DDoS-Xor.A
Sophos Linux/DDoS-BH
Ikarus Trojan.Linux.DDoS
Avast-Mobile ELF:Xorddos-I [Trj]
Jiangmin TrojanDDoS.Linux.ff
Avira LINUX/Xorddos.cona
Antiy-AVL Trojan/Generic.ASELF.D64
Microsoft Backdoor:Win32/Berbew
Gridinsoft Virus.U.Doser.oa
ViRobot Trojan.Linux.XorDDoS.B
ZoneAlarm HEUR:Trojan-DDoS.Linux.Xarcen.a
GData Trojan.Linux.Generic.182662
Cynet Malicious (score: 99)
AhnLab-V3 Linux/Xorddos.625867
McAfee Linux/DDoS-Xor.A
MAX malware (ai score=100)
Tencent Trojan.Linux.XorDdos.a
SentinelOne Static AI - Malicious ELF
MaxSecure Trojan.Malware.121218.susgen
Fortinet ELF/DDoS.BH!tr
AVG ELF:Xorddos-E [Trj]
Panda ELF/XorDDos.A