Overview

overview

5

Static

static

configure.pl

ubuntu-18.04-amd64

5

configure.pl

debian-9-armhf

5

configure.pl

debian-9-mips

1

configure.pl

debian-9-mipsel

1

etc/aspell

ubuntu-18.04-amd64

5

etc/aspell

debian-9-armhf

1

etc/aspell

debian-9-mips

5

etc/aspell

debian-9-mipsel

5

etc/calc.pl

ubuntu-18.04-amd64

5

etc/calc.pl

debian-9-armhf

1

etc/calc.pl

debian-9-mips

1

etc/calc.pl

debian-9-mipsel

5

etc/check_link

ubuntu-18.04-amd64

5

etc/check_link

debian-9-armhf

1

etc/check_link

debian-9-mips

1

etc/check_link

debian-9-mipsel

1

etc/check_yref

ubuntu-18.04-amd64

5

etc/check_yref

debian-9-armhf

1

etc/check_yref

debian-9-mips

1

etc/check_yref

debian-9-mipsel

5

etc/fileref.pl

ubuntu-18.04-amd64

5

etc/fileref.pl

debian-9-armhf

1

etc/fileref.pl

debian-9-mips

5

etc/fileref.pl

debian-9-mipsel

1

etc/ldp-ht...on.xml

windows7-x64

1

etc/ldp-ht...on.xml

windows10-2004-x64

1

etc/ldp-html.xml

windows7-x64

1

etc/ldp-html.xml

windows10-2004-x64

1

etc/mkdir.sh

ubuntu-18.04-amd64

5

etc/mkdir.sh

debian-9-armhf

1

etc/mkdir.sh

debian-9-mips

5

etc/mkdir.sh

debian-9-mipsel

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    6f06db46cdfd664265e6534fdcd04ac172c8080762ade1cf34d86539ec1bda3d

  • Size

    270KB

  • MD5

    512b6c8f2a713b987bcbe345eb0b2434

  • SHA1

    184b51fb45669a8f158682472acb249743d199d0

  • SHA256

    6f06db46cdfd664265e6534fdcd04ac172c8080762ade1cf34d86539ec1bda3d

  • SHA512

    c7b53fc471689b6255a2a58b6c23b4b984367722c29e83aa58dd204fa5a2514b6fdf9106e57bbe4528860ac2d591bd93a83046677f0d92bb8a7792e9e823f3fc

  • SSDEEP

    3072:IwJ+GhUhvOIHMRG362aLEMRBZuJ5cyn88/QmAgolU787JRzjKEtaWRGtnj8uqVid:IwJ+G8F0Ee0J5Hd/QmSGuJsEowUnCid

Score
N/A

Malware Config

Signatures

Files

  • 6f06db46cdfd664265e6534fdcd04ac172c8080762ade1cf34d86539ec1bda3d
    .zip
  • COPYING
  • CREDITS
  • FDL.txt
  • GPL.txt
  • Makefile
  • README
  • README-src
  • README-xml
  • TODO
  • configure.pl
    .pl .sh linux
  • etc/Disasm.pm
  • etc/Entity.pm
  • etc/GetElfBase.pm
  • etc/Makefile/infection
  • etc/Makefile/scanner
  • etc/Makefile/scanner_driver
  • etc/Makefile/scanner_mkinfect
  • etc/Makefile/test-infection
  • etc/Misc.pm
  • etc/PackageTool.pm
  • etc/Section.pm
  • etc/SectionSet.pm
  • etc/Segment.pm
  • etc/SegmentSet.pm
  • etc/SystemName.pm
  • etc/WhichHash.pm
  • etc/aspell
    .sh linux
  • etc/calc.pl
    .pl .sh linux
  • etc/check_link
    .sh linux
  • etc/check_yref
    .sh linux
  • etc/dict.txt
  • etc/fileref.pl
    .pl .sh linux
  • etc/ftp.dat
  • etc/http.dat
  • etc/ldp-html-common.xsl
    .xml
  • etc/ldp-html.xsl
    .xml
  • etc/ldp.dsl
  • etc/mkdir.sh
    .sh linux
  • etc/mkdisasm.sh
    .sh linux
  • etc/mkdist.sh
    .sh linux
  • etc/mkhtml.sh
    .sh linux
  • etc/mkyref.pl
    .pl .sh linux
  • etc/patch_dsl.pl
    .pl .sh linux
  • etc/pkg_man.pm
  • etc/pkg_ver.pm
  • etc/rmdir
    .sh linux
  • etc/tar-exclude
  • etc/titles.sh
    .sh linux
  • etc/titles.xslt
    .xml
  • etc/ulink.pl
    .pl .sh linux
  • etc/wget.sh
    .sh linux
  • etc/yref-intro.xslt
    .xml
  • etc/yref-platform.xslt
    .xml
  • etc/yref.sh
    .sh linux
  • intro/additional.cs.xml
  • intro/author.xml
  • intro/dual.use.technology.xml
  • intro/example.asm.txt
  • intro/global.xml
  • intro/intro.xml
  • intro/main.xml
    .xml
  • intro/mirrors.xml
  • intro/one.step.closer.xml
  • intro/platforms.xml
  • intro/revision.history.xml
  • intro/rst.xml
  • intro/scanners.xml
  • intro/scratch.xml
  • intro/segment.padding.xml
  • intro/yref.xml
  • intro/yref/GDB.to.the.rescue.xml
  • intro/yref/a.section.called.text.xml
  • intro/yref/additional.cs.xml
  • intro/yref/devil.in.disguise.xml
  • intro/yref/doing.it.in.c.xml
  • intro/yref/e_entry.xml
  • intro/yref/entry.point.xml
  • intro/yref/finding.executables.xml
  • intro/yref/food.for.segment.padding.xml
  • intro/yref/infection.1.xml
  • intro/yref/language.of.evil.xml
  • intro/yref/objdump.d.xml
  • intro/yref/off.we.go.xml
  • intro/yref/offset.of.e_entry.xml
  • intro/yref/packages.xml
  • intro/yref/scanners.xml
  • intro/yref/sections.xml
  • intro/yref/segment.padding.xml
  • intro/yref/segments.xml
  • intro/yref/self.modifying.code.xml
  • intro/yref/variables.prefixed.with.tevwh.xml
  • intro/yref/verifying.installed.packages.xml
  • platform/additional.cs.xml
  • platform/additional.cs/default.xml
  • platform/additional.cs/find.ok/SunOS.xml
  • platform/additional.cs/note/hexdump.xml
  • platform/additional.cs/note/readelf.xml
  • platform/additional.cs/note/xxd.xml
  • platform/additional.cs/readelf.xml
  • platform/doing.it.in.c.xml
  • platform/entry.point.xml
  • platform/language.of.evil.xml
  • platform/language.of.evil/default.xml
  • platform/language.of.evil/hand.crafted/i386-Linux.xml
  • platform/language.of.evil/infection/i386.xml
  • platform/language.of.evil/infection/sparc.xml
  • platform/language.of.evil/ndisasm.xml
  • platform/magic.of.elf.xml
  • platform/magic.of.elf/hexdump.xml
  • platform/magic.of.elf/other.magic/Linux.xml
  • platform/magic.of.elf/other.magic/default.xml
  • platform/magic.of.elf/xxd.xml
  • platform/magic.revealed.xml
  • platform/magic.revealed/ndisasm.xml
  • platform/magic.revealed/syscall/asm/i386-Linux.xml
  • platform/magic.revealed/syscall/asm/sparc-Linux.xml
  • platform/magic.revealed/syscall/asm/sparc-SunOS.xml
  • platform/magic.revealed/syscall/man/FreeBSD.xml
  • platform/magic.revealed/syscall/man/Linux.xml
  • platform/magic.revealed/syscall/man/SunOS.xml
  • platform/magic.revealed/syscall/platform/sparc.xml
  • platform/main.xml
    .xml
  • platform/packages.xml
  • platform/packages/distid.xml
  • platform/packages/finding.owner/FreeBSD.xml
  • platform/packages/finding.owner/SunOS.xml
  • platform/packages/finding.owner/deb.xml
  • platform/packages/finding.owner/rpm.xml
  • platform/packages/finding.owner/slackware.xml
  • platform/packages/isainfo.xml
  • platform/packages/isalist.xml
  • platform/packages/nopkg/deb.xml
  • platform/packages/nopkg/deb/usr_bin_perl.xml
  • platform/packages/nopkg/slackware.xml
  • platform/packages/nopkg/slackware/nopkg_bin_bash.xml
  • platform/packages/os/code/default.xml
  • platform/packages/os/code/sparc-sunos5.9.xml
  • platform/packages/os/uname/FreeBSD.xml
  • platform/packages/os/uname/Linux.xml
  • platform/packages/os/uname/SunOS.xml
  • platform/packages/os/vendor/default.xml
  • platform/packages/verify/FreeBSD.xml
  • platform/packages/verify/SunOS.xml
  • platform/packages/verify/deb.xml
  • platform/packages/verify/rpm.xml
  • platform/packages/verify/slackware.xml
  • platform/scanners.xml
  • platform/sections.xml
  • platform/sections/elfdump.xml
  • platform/sections/readelf.xml
  • platform/sections/sh/default.xml
  • platform/sections/sh/readelf.xml
  • platform/segment.padding.xml
  • platform/segment.padding/default.xml
  • platform/segment.padding/readelf.xml
  • platform/segments.xml
  • platform/segments/elfdump.xml
  • platform/segments/readelf.xml
  • platform/segments/sh/default.xml
  • platform/segments/sh/readelf.xml
  • platform/stub.revisited.xml
  • platform/suspicious.code.xml
  • platform/yref.xml
  • platform/yref/additional.cs.xml
  • platform/yref/cc.sh.xml
  • platform/yref/dressing.up.binary.code.xml
  • platform/yref/e_entry.xml
  • platform/yref/executable.and.linkable.format.xml
  • platform/yref/finding.executables.xml
  • platform/yref/food.for.segment.padding.xml
  • platform/yref/gdb.format.pl.xml
  • platform/yref/get.seg.xml
  • platform/yref/ids.xml
  • platform/yref/objdump.format.pl.xml
  • platform/yref/offset.of.e_entry.xml
  • platform/yref/one.step.closer.xml
  • platform/yref/scan.entry.point.xml
  • platform/yref/scan.filesize.xml
  • platform/yref/scan.note.xml
  • platform/yref/scan.segments.xml
  • platform/yref/scanners.xml
  • platform/yref/segment.padding.xml
  • platform/yref/self.modifying.code.xml
  • platform/yref/target.copy.and.infect.1.xml
  • platform/yref/target.copy.and.infect.2.xml
  • platform/yref/target.write.infection.1.xml
  • src/additional_cs/additional_cs.c
  • src/additional_cs/copy_and_infect.inc
  • src/additional_cs/new_entry_addr.inc
  • src/additional_cs/note/hexdump.sh
    .sh linux
  • src/additional_cs/note/objdump-name.sh
    .sh linux
  • src/additional_cs/note/objdump.sh
    .sh linux
  • src/additional_cs/note/od.sh
    .sh linux
  • src/additional_cs/note/offset.sh
    .sh linux
  • src/additional_cs/note/readelf-name.sh
    .sh linux
  • src/additional_cs/note/readelf.sh
    .sh linux
  • src/additional_cs/note/xxd.sh
    .sh linux
  • src/additional_cs/objdump.sh
    .sh linux
  • src/additional_cs/patch_phdr.inc
  • src/additional_cs/patch_shdr.inc
  • src/additional_cs/readelf.sh
    .sh linux
  • src/additional_cs/scan_segment.sh
    .sh linux
  • src/doing_it_in_c/addr.c
  • src/doing_it_in_c/body.inc
  • src/doing_it_in_c/do_syscall.inc
  • src/doing_it_in_c/doing_it_in_c.c
  • src/doing_it_in_c/get_relocate_ofs.inc
  • src/doing_it_in_c/intel.sh
    .sh .ps1 linux
  • src/doing_it_in_c/write_infection.inc
  • src/entry_point/__libc_start_main
  • src/entry_point/att.sh
    .sh linux
  • src/entry_point/entry_point.sh
    .sh linux
  • src/entry_point/gdb/FreeBSD.sh
    .sh linux
  • src/entry_point/gdb/Linux.sh
    .sh linux
  • src/entry_point/gdb/SunOS.sh
    .sh linux
  • src/entry_point/gdb_core.sh
    .sh linux
  • src/entry_point/get_libc_start_main.sh
    .sh linux
  • src/entry_point/intel.sh
    .sh linux
  • src/entry_point/ldd.sh
    .sh linux
  • src/entry_point/nm.sh
    .sh linux
  • src/evil_magic/alpha_FreeBSD_att.S
  • src/evil_magic/alpha_Linux_att.S
  • src/evil_magic/att.sh
    .sh linux
  • src/evil_magic/cc.sh
    .sh linux
  • src/evil_magic/e_entry.c
  • src/evil_magic/e_entry.sh
    .sh linux
  • src/evil_magic/first_gdb_func.sed
    .sh linux
  • src/evil_magic/func/alpha_FreeBSD_att.S
  • src/evil_magic/func/alpha_Linux_att.S
  • src/evil_magic/func/i386_FreeBSD_att.S
  • src/evil_magic/func/i386_Linux_intel.S
  • src/evil_magic/func/sparc_Linux_att.S
  • src/evil_magic/func/sparc_SunOS_att.S
  • src/evil_magic/gdb_nm.sh
    .sh linux
  • src/evil_magic/gdb_write.sh
    .sh linux
  • src/evil_magic/i386_FreeBSD_att.S
  • src/evil_magic/i386_Linux_att.S
  • src/evil_magic/i386_Linux_intel.S
  • src/evil_magic/intel.sh
    .sh linux
  • src/evil_magic/ndisasm.sh
    .sh linux
  • src/evil_magic/nm.sh
    .sh linux
  • src/evil_magic/objdump.sh
    .sh linux
  • src/evil_magic/od.sh
    .sh linux
  • src/evil_magic/ofs_entry.c
  • src/evil_magic/self_modify.c
  • src/evil_magic/sparc_Linux_att.S
  • src/evil_magic/sparc_SunOS_att.S
  • src/evil_magic/static_write.sh
    .sh linux
  • src/format.hex
  • src/magic_elf/addr_of_main.c
  • src/magic_elf/cc.sh
    .sh linux
  • src/magic_elf/cc_static.sh
    .sh linux
  • src/magic_elf/gdb.sh
    .sh linux
  • src/magic_elf/gdb_core.sh
    .sh linux
  • src/magic_elf/gdb_format.pl
    .pl .sh linux
  • src/magic_elf/hexdump.sh
    .sh linux
  • src/magic_elf/magic_elf.c
  • src/magic_elf/ndisasm.sh
    .sh linux
  • src/magic_elf/objdump.sh
    .sh linux
  • src/magic_elf/objdump_format.pl
    .pl .sh linux
  • src/magic_elf/od/FreeBSD.sh
    .sh linux
  • src/magic_elf/od/Linux.sh
    .sh linux
  • src/magic_elf/od/SunOS.sh
    .sh linux
  • src/magic_elf/other_exe.sh
    .sh linux
  • src/magic_elf/other_mem.sh
    .sh linux
  • src/magic_elf/other_perl.pl
    .pl .sh linux
  • src/magic_elf/strings.sh
    .sh linux
  • src/magic_elf/xxd.sh
    .sh linux
  • src/one_step_closer/action.inc
  • src/one_step_closer/att.sh
    .sh linux
  • src/one_step_closer/cc.sh
    .sh linux
  • src/one_step_closer/check.h
  • src/one_step_closer/close.inc
  • src/one_step_closer/e1/patch_entry_addr.inc
  • src/one_step_closer/e2/patch_entry_addr.inc
  • src/one_step_closer/e3/patch_entry_addr.inc
  • src/one_step_closer/gcc-filter.pl
    .pl .sh linux
  • src/one_step_closer/get_entry_code.inc
  • src/one_step_closer/get_seg.inc
  • src/one_step_closer/i1/alpha_FreeBSD_att.S
  • src/one_step_closer/i1/alpha_Linux_att.S
  • src/one_step_closer/i1/i386_FreeBSD_att.S
  • src/one_step_closer/i1/i386_Linux_intel.S
  • src/one_step_closer/i1/sparc_Linux_att.S
  • src/one_step_closer/i1/sparc_SunOS_att.S
  • src/one_step_closer/i2/i386_Linux_intel.S
  • src/one_step_closer/i3/i386_Linux_intel.S
  • src/one_step_closer/i4/i386_Linux_intel.S
  • src/one_step_closer/infect.sh
    .sh linux
  • src/one_step_closer/intel.sh
    .sh linux
  • src/one_step_closer/is_elf.inc
  • src/one_step_closer/main.inc
  • src/one_step_closer/mktest.sh
    .sh linux
  • src/one_step_closer/open_dst.inc
  • src/one_step_closer/open_src.inc
  • src/one_step_closer/prefix.inc
  • src/one_step_closer/print_errno.inc
  • src/one_step_closer/print_summary.inc
  • src/one_step_closer/suffix.inc
  • src/one_step_closer/target.h
  • src/one_step_closer/test-postfix.sh
  • src/one_step_closer/test-prefix.sh
  • src/one_step_closer/trace_infector.h
  • src/one_step_closer/trace_scanner.h
  • src/one_step_closer/write_infection.inc
  • src/packages/FreeBSD/du.sh
    .sh linux
  • src/packages/FreeBSD/file_list.sh
    .sh linux
  • src/packages/FreeBSD/simple.sh
    .sh linux
  • src/packages/FreeBSD/verify.sh
    .sh linux
  • src/packages/SunOS/du.sh
    .sh linux
  • src/packages/SunOS/isainfo.sh
    .sh linux
  • src/packages/SunOS/isalist.sh
    .sh linux
  • src/packages/SunOS/simple.sh
    .sh linux
  • src/packages/SunOS/verify-all.sh
    .sh linux
  • src/packages/SunOS/verify.sh
    .sh linux
  • src/packages/SunOS/version.sh
    .sh linux
  • src/packages/deb/du.sh
    .sh linux
  • src/packages/deb/hard.sh
    .sh linux
  • src/packages/deb/perl.sh
    .sh linux
  • src/packages/deb/simple.sh
    .sh linux
  • src/packages/deb/status.sh
    .sh linux
  • src/packages/deb/verify.sh
    .sh linux
  • src/packages/distid.sh
    .sh linux
  • src/packages/man-all/FreeBSD.sh
    .sh linux
  • src/packages/man-all/Linux.sh
    .sh linux
  • src/packages/man-all/SunOS.sh
    .sh linux
  • src/packages/man-section/FreeBSD.sh
    .sh linux
  • src/packages/man-section/Linux.sh
    .sh linux
  • src/packages/man-section/SunOS.sh
    .sh linux
  • src/packages/rpm/custom.sh
    .sh linux
  • src/packages/rpm/du.sh
    .sh linux
  • src/packages/rpm/simple.sh
    .sh linux
  • src/packages/rpm/verify-all.sh
    .sh linux
  • src/packages/rpm/verify.sh
    .sh linux
  • src/packages/slackware/bash.sh
    .sh linux
  • src/packages/slackware/du.sh
    .sh linux
  • src/packages/slackware/simple.sh
    .sh linux
  • src/packages/uname.sh
    .sh linux
  • src/platform/disasm.pl
    .pl .sh linux
  • src/rst/01.inc
  • src/rst/02.inc
  • src/scanner/additional_cs/action.inc
  • src/scanner/additional_cs/additional_cs.c
  • src/scanner/additional_cs/print_summary.inc
  • src/scanner/available.sh
    .sh linux
  • src/scanner/entry_point/objdump.pl
    .pl .sh linux
  • src/scanner/filesize/action.inc
  • src/scanner/filesize/filesize_scanner.c
  • src/scanner/filesize/print_summary.inc
  • src/scanner/filetype.sh
    .sh linux
  • src/scanner/find-exec.sh
    .sh linux
  • src/scanner/find-ok.sh
    .sh linux
  • src/scanner/find-shell.lst
  • src/scanner/find-shell.sh
    .sh linux
  • src/scanner/mkinfect.lst
  • src/scanner/mkinfect.pl
    .pl .sh linux
  • src/scanner/mktest.sh
    .sh linux
  • src/scanner/objdump.sh
    .sh linux
  • src/scanner/plain.sh
    .sh linux
  • src/scanner/segment_padding/action.inc
  • src/scanner/segment_padding/cc.sh
    .sh linux
  • src/scanner/segment_padding/print_summary.inc
  • src/scanner/segment_padding/segment_padding.c
  • src/sections/elfdump.sh
    .sh linux
  • src/sections/objdump.sh
    .sh linux
  • src/sections/readelf.sh
    .sh linux
  • src/sections/sh/objdump.sh
    .sh linux
  • src/sections/sh/readelf.sh
    .sh linux
  • src/segment_padding/copy_and_infect.inc
  • src/segment_padding/new_entry_addr.inc
  • src/segment_padding/objdump.sh
    .sh linux
  • src/segment_padding/patch_phdr.inc
  • src/segment_padding/patch_shdr.inc
  • src/segment_padding/readelf.sh
    .sh linux
  • src/segment_padding/scan_segment.sh
    .sh linux
  • src/segment_padding/segment_padding.c
  • src/segment_padding/sysconf.c
  • src/segments/elfdump.sh
    .sh linux
  • src/segments/objdump.sh
    .sh linux
  • src/segments/readelf.sh
    .sh linux
  • src/segments/sh/objdump.sh
    .sh linux
  • src/segments/sh/readelf.sh
    .sh linux
  • src/stub_revisited/__libc_start_main
  • src/stub_revisited/get_libc_start_main.sh
    .sh linux
  • src/stub_revisited/intel.sh
    .sh linux
  • src/stub_revisited/intel_ret.sh
    .sh linux
  • src/stub_revisited/stack.sh
    .sh linux
  • src/suspicious_code/dumpsection.pl
    .pl .sh linux
  • src/suspicious_code/intel.sh
    .sh linux