popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sora.spc

ELF AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 9, 2023, 9:07 a.m. Aug. 9, 2023, 9:15 a.m.
Size 73.0KB
Type ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
MD5 1d8c33eee1934dbfa0e581c0051db9db
SHA256 5360fe0dbb8fafaea203eed5b6a8a7192049de0fd49192dcf42c0fefd4d55dcf
CRC32 30D8E716
ssdeep 1536:hD/B6f6UD5hAS7mo0DCCAXpSKV6v3G78nN9WP:927jqCt8v3GI/w
Yara
  • IsELF - Executable and Linking Format executable file (Linux/Unix)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73be1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x764b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x741a0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d61000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72cd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c94000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d62000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73951000
process_handle: 0xffffffff
1 0 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Elastic Linux.Trojan.Gafgyt
DrWeb Linux.Siggen.9999
MicroWorld-eScan Trojan.Linux.Mirai.1
McAfee Linux/Mirai.k
Zillya Trojan.Mirai.Linux.119011
Sangfor Suspicious.Linux.Save.a
Arcabit Trojan.Linux.Mirai.1
BitDefenderTheta Gen:NN.Mirai.36348
Symantec Linux.Mirai
ESET-NOD32 a variant of Linux/Mirai.AT
TrendMicro-HouseCall Backdoor.Linux.MIRAI.SMNM4
Avast ELF:Agent-AYQ [Trj]
ClamAV Unix.Dropper.Mirai-7135890-0
Kaspersky HEUR:Backdoor.Linux.Mirai.ba
BitDefender Trojan.Linux.Mirai.1
Tencent Backdoor.Linux.Mirai.waz
Emsisoft Trojan.Linux.Mirai.1 (B)
F-Secure Exploit.EXP/ELF.Mirai.Bootnet.Gen.o
VIPRE Trojan.Linux.Mirai.1
TrendMicro Backdoor.Linux.MIRAI.SMNM4
McAfee-GW-Edition Linux/Mirai.k
FireEye Trojan.Linux.Mirai.1
Sophos Linux/DDoS-CI
GData Linux.Trojan.Mirai.J
Jiangmin Backdoor.Linux.gugm
Google Detected
Avira EXP/ELF.Mirai.Bootnet.Gen.o
MAX malware (ai score=83)
Antiy-AVL Trojan[Backdoor]/Linux.Mirai.ba
Microsoft Backdoor:Linux/Mirai.BR!xp
ZoneAlarm HEUR:Backdoor.Linux.Mirai.ba
Avast-Mobile ELF:Gafgyt-KS [Trj]
Cynet Malicious (score: 99)
AhnLab-V3 Linux/Mirai.Gen3
ALYac Trojan.Linux.Mirai.1
Rising Backdoor.Mirai/Linux!1.BC48 (CLASSIC)
Ikarus Trojan.Linux.Gafgyt
MaxSecure Trojan.Malware.121218.susgen
Fortinet ELF/Mirai.H!tr
AVG ELF:Agent-AYQ [Trj]