JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.2005
Added to the Dr.Web virus database:
2019-07-17
Virus description added:
2019-07-16
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Launches processes:
/proc/self/fd/3 #
sh -c rm -rf /var/tmp/.sniff_version
rm -rf /var/tmp/.sniff_version
sh -c rm -rf /var/tmp/.sniff
rm -rf /var/tmp/.sniff
sh -c rm -rf /var/tmp/.sniff_pid
rm -rf /var/tmp/.sniff_pid
/etc/syslogd.d online e
Performs operations with the file system:
Modifies file access rights:
Creates folders:
Creates symlinks:
/memfd:libcrypto.so.1.0.0
/memfd:libssl.so.1.0.0
/memfd:libpython2.7.so.1.0
/memfd:_locale
/memfd:strop
/memfd:_ctypes
/memfd:_struct
/memfd:select
/memfd:fcntl
/memfd:binascii
/memfd:cStringIO
/memfd:_io
/memfd:math
/memfd:_hashlib
/memfd:_random
/memfd:_collections
/memfd:operator
/memfd:itertools
/memfd:_heapq
/memfd:time
/memfd:_socket
/memfd:_functools
/memfd:_ssl
/memfd:zlib
/memfd:grp
/memfd:array
/memfd:_bisect
/memfd:_json
/memfd:Crypto!Cipher!_raw_ecb.so
/memfd:Crypto!Cipher!_raw_cbc.so
/memfd:Crypto!Cipher!_raw_cfb.so
/memfd:Crypto!Cipher!_raw_ofb.so
/memfd:Crypto!Cipher!_raw_ctr.so
/memfd:Crypto!Util!_strxor.so
/memfd:Crypto!Hash!_BLAKE2s.so
/memfd:Crypto!Hash!_SHA1.so
/memfd:Crypto!Hash!_SHA256.so
/memfd:Crypto!Hash!_MD5.so
/memfd:Crypto!Cipher!_Salsa20.so
/memfd:Crypto!Protocol!_scrypt.so
/memfd:Crypto!Util!_cpuid_c.so
/memfd:Crypto!Hash!_ghash_portable.so
/memfd:Crypto!Cipher!_raw_ocb.so
/memfd:Crypto!Cipher!_raw_aes.so
Creates or modifies files:
/memfd:libc.so.6 (deleted)
/etc/texmf.v
/etc/resolv.conf
/etc/texmf.p
/tmp/.hex_cache
/tmp/.hex_file.32
Deletes files:
/dev/shm/memfd:libcrypto.so.1.0.0
/dev/shm/memfd:libssl.so.1.0.0
/dev/shm/memfd:libpython2.7.so.1.0
/dev/shm/memfd:_locale
/dev/shm/memfd:strop
/dev/shm/memfd:_ctypes
/dev/shm/memfd:_struct
/dev/shm/memfd:select
/dev/shm/memfd:fcntl
/dev/shm/memfd:binascii
/dev/shm/memfd:cStringIO
/dev/shm/memfd:_io
/dev/shm/memfd:math
/dev/shm/memfd:_hashlib
/dev/shm/memfd:_random
/dev/shm/memfd:_collections
/dev/shm/memfd:operator
/dev/shm/memfd:itertools
/dev/shm/memfd:_heapq
/dev/shm/memfd:time
/dev/shm/memfd:_socket
/dev/shm/memfd:_functools
/dev/shm/memfd:_ssl
/dev/shm/memfd:zlib
/dev/shm/memfd:grp
/dev/shm/memfd:array
/dev/shm/memfd:_bisect
/dev/shm/memfd:_json
/dev/shm/memfd:Crypto!Cipher!_raw_ecb.so
/dev/shm/memfd:Crypto!Cipher!_raw_cbc.so
/dev/shm/memfd:Crypto!Cipher!_raw_cfb.so
/dev/shm/memfd:Crypto!Cipher!_raw_ofb.so
/dev/shm/memfd:Crypto!Cipher!_raw_ctr.so
/dev/shm/memfd:Crypto!Util!_strxor.so
/dev/shm/memfd:Crypto!Hash!_BLAKE2s.so
/dev/shm/memfd:Crypto!Hash!_SHA1.so
/dev/shm/memfd:Crypto!Hash!_SHA256.so
/dev/shm/memfd:Crypto!Hash!_MD5.so
/dev/shm/memfd:Crypto!Cipher!_Salsa20.so
/dev/shm/memfd:Crypto!Protocol!_scrypt.so
/dev/shm/memfd:Crypto!Util!_cpuid_c.so
/dev/shm/memfd:Crypto!Hash!_ghash_portable.so
/dev/shm/memfd:Crypto!Cipher!_raw_ocb.so
/dev/shm/memfd:Crypto!Cipher!_raw_aes.so
/var/tmp/.sniff_version
/var/tmp/.sniff
/var/tmp/.sniff_pid
/tmp/.hex_cache
Network activity:
Establishes connection:
HTTP GET requests:
ip####.##m/json?fields=country
DNS ASK:
ip##pi.com
u.####jn4h5342.com
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK