Linux Analysis Report 7EUcDDmmRE

Overview

General Information

Sample Name: 7EUcDDmmRE
Analysis ID: 452455
MD5: ec4637f5d716f29fd464b15e1c499a5a
SHA1: b02af8052352d60b686b3224192f132be747e331
SHA256: 737429af897437fc5315d8861d92502477a801bcd59526f10f30d78b96d88b0a
Tags: 32armelfmirai
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false

Signatures

Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: 7EUcDDmmRE Virustotal: Detection: 41% Perma Link
Source: 7EUcDDmmRE ReversingLabs: Detection: 40%
Source: 7EUcDDmmRE String found in binary or memory: http://upx.sf.net

System Summary:

barindex
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x8000
Source: classification engine Classification label: mal52.evad.lin@0/2@0/0

Data Obfuscation:

barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Malware Analysis System Evasion:

barindex
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/7EUcDDmmRE (PID: 4588) Queries kernel information via 'uname': Jump to behavior
Source: /usr/share/apport/apport-gtk (PID: 4644) Queries kernel information via 'uname': Jump to behavior
Source: /usr/share/apport/apport-gtk (PID: 4663) Queries kernel information via 'uname': Jump to behavior

No Screenshots

No contacted IP infos