04350366c28dea9b224d62ce18bd6bb7
Hash
- MD5: 04350366c28dea9b224d62ce18bd6bb7
- SHA1: 8300a14d6ff2258427efecb78e52c2873a191069
- SHA256: 3b1ff1ac2120b0a9b852e686d10b4b2526d41f08c4c6361160efeefb588aaf77
- First Seen: 2026-05-25
- Last Seen: 2026-05-25
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "3b1ff1ac2120b0a9b852e686d10b4b2526d41f08c4c6361160efeefb588aaf77",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/3b1ff1ac2120b0a9b852e686d10b4b2526d41f08c4c6361160efeefb588aaf77"
},
"attributes": {
"meaningful_name": "ewehpn68q.exe",
"telfhash": "t14d4393b1866834f4b576d925e7fa30b4da3728b327d038f0447abca2df60d851826d5e",
"trid": [
{
"file_type": "ELF Executable and Linkable format (Linux)",
"probability": 50.1
},
{
"file_type": "ELF Executable and Linkable format (generic)",
"probability": 49.8
}
],
"type_tag": "elf",
"vhash": "77ac44bddf4050b946718bc38ad0cf3e",
"sandbox_verdicts": {
"SecondWrite": {
"category": "harmless",
"malware_classification": [
"CLEAN"
],
"sandbox_name": "SecondWrite"
}
},
"sha1": "8300a14d6ff2258427efecb78e52c2873a191069",
"magic": "ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=iGeSzYjj03W-Q5hDAOGG/Lc8qiK3izMw9QA1qycdD/PL7RP6qFaEPwj2BBOk2m/6F20FteXF39Df-nimOO6, BuildID[sha1]=a5ac08130206255db9ce3601f989e27c2867497d, stripped",
"last_analysis_date": 1779840419,
"elf_info": {
"build_id": "a5ac08130206255db9ce3601f989e27c2867497d",
"header": {
"type": "EXEC (Executable file)",
"hdr_version": "1 (current)",
"num_prog_headers": 6,
"obj_version": "0x1",
"machine": "Advanced Micro Devices X86-64",
"num_section_headers": 16,
"os_abi": "UNIX - System V",
"abi_version": 0,
"entrypoint": 4771136,
"data": "2's complement, little endian",
"class": "ELF64"
},
"section_list": [
{
"name": "",
"section_type": "NULL",
"virtual_address": 0,
"physical_offset": 0,
"size": 0,
"flags": ""
},
{
"name": ".note.go.buildid",
"section_type": "NOTE",
"virtual_address": 4198264,
"physical_offset": 3960,
"size": 100,
"flags": "A"
},
{
"name": ".note.gnu.build-id",
"section_type": "NOTE",
"virtual_address": 4198364,
"physical_offset": 4060,
"size": 36,
"flags": "A"
},
{
"name": ".text",
"section_type": "PROGBITS",
"virtual_address": 4198400,
"physical_offset": 4096,
"size": 7208113,
"flags": "AX"
},
{
"name": ".rodata",
"section_type": "PROGBITS",
"virtual_address": 11407360,
"physical_offset": 7213056,
"size": 1520761,
"flags": "A"
},
{
"name": ".gopclntab",
"section_type": "PROGBITS",
"virtual_address": 12928128,
"physical_offset": 8733824,
"size": 5390069,
"flags": "A"
},
{
"name": ".typelink",
"section_type": "PROGBITS",
"virtual_address": 18318208,
"physical_offset": 14123904,
"size": 13804,
"flags": "A"
},
{
"name": ".itablink",
"section_type": "PROGBITS",
"virtual_address": 18332032,
"physical_offset": 14137728,
"size": 4456,
"flags": "A"
},
{
"name": ".go.buildinfo",
"section_type": "PROGBITS",
"virtual_address": 18337792,
"physical_offset": 14143488,
"size": 2048,
"flags": "WA"
},
{
"name": ".go.fipsinfo",
"section_type": "PROGBITS",
"virtual_address": 18339840,
"physical_offset": 14145536,
"size": 120,
"flags": "WA"
},
{
"name": ".go.module",
"section_type": "PROGBITS",
"virtual_address": 18339968,
"physical_offset": 14145664,
"size": 592,
"flags": "WA"
},
{
"name": ".noptrdata",
"section_type": "PROGBITS",
"virtual_address": 18340576,
"physical_offset": 14146272,
"size": 400417,
"flags": "WA"
},
{
"name": ".data",
"section_type": "PROGBITS",
"virtual_address": 18741024,
"physical_offset": 14546720,
"size": 107634,
"flags": "WA"
},
{
"name": ".bss",
"section_type": "NOBITS",
"virtual_address": 18848672,
"physical_offset": 14654368,
"size": 148344,
"flags": "WA"
},
{
"name": ".noptrbss",
"section_type": "NOBITS",
"virtual_address": 18997024,
"physical_offset": 14802720,
"size": 33711552,
"flags": "WA"
},
{
"name": ".shstrtab",
"section_type": "STRTAB",
"virtual_address": 0,
"physical_offset": 14655488,
"size": 162,
"flags": ""
}
],
"segment_list": [
{
"segment_type": "PHDR",
"resources": []
},
{
"segment_type": "NOTE",
"resources": [
".note.go.buildid"
]
},
{
"segment_type": "LOAD",
"resources": [
".note.go.buildid",
".note.gnu.build-id",
".text"
]
},
{
"segment_type": "LOAD",
"resources": [
".rodata",
".gopclntab",
".typelink",
".itablink"
]
},
{
"segment_type": "LOAD",
"resources": [
".go.buildinfo",
".go.fipsinfo",
".go.module",
".noptrdata",
".data",
".bss",
".noptrbss"
]
},
{
"segment_type": "GNU_STACK",
"resources": []
}
]
},
"last_submission_date": 1779705010,
"sha256": "3b1ff1ac2120b0a9b852e686d10b4b2526d41f08c4c6361160efeefb588aaf77",
"last_analysis_stats": {
"malicious": 8,
"suspicious": 0,
"undetected": 55,
"harmless": 0,
"timeout": 1,
"confirmed-timeout": 0,
"failure": 0,
"type-unsupported": 11
},
"first_submission_date": 1779705010,
"filecondis": {
"raw_md5": "97503469ed09e05abdd6b8ad72ad5536",
"dhash": "00203e3c3e0d1000"
},
"tlsh": "T19EE64867FCA515A4C0AEC135C6769627BB713C894F3023D36B50B6686F33BD0AAB9710",
"unique_sources": 1,
"md5": "04350366c28dea9b224d62ce18bd6bb7",
"size": 14655650,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"names": [
"ewehpn68q.exe",
"google-update-support-linux-amd64"
],
"popular_threat_classification": {
"popular_threat_name": [
{
"count": 1,
"value": "alien"
}
],
"popular_threat_category": [
{
"count": 3,
"value": "trojan"
}
],
"suggested_threat_label": "trojan.alien"
},
"last_analysis_results": {
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.263",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.54.59624",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.54.59624",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "undetected",
"result": null
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "3441629:3441629:bcc2753:bcc2753",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1215",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260526",
"category": "malicious",
"result": "ELF:Agent-EKA [Trj]"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260526",
"category": "malicious",
"result": "Malicious (score: 99)"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260526",
"category": "malicious",
"result": "HEUR:Trojan.Linux.Alien.gen"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Mal/Generic-S"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.TR/LINUX.Agent.EKA"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5608",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14532",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44688AVA:64.31311",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260526",
"category": "malicious",
"result": "TR/LINUX.Agent.EKA"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan:Script/Wacatac.C!ml"
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.246.174",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38678",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107039",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260526-00",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1779836453",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-05-26.02",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260526",
"category": "malicious",
"result": "ELF:Agent-EKA [Trj]"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "undetected",
"result": null
},
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": null,
"engine_update": "20260526",
"category": "timeout",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260527",
"category": "type-unsupported",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260526",
"category": "type-unsupported",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "type-unsupported",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.782",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260527",
"category": "type-unsupported",
"result": null
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "type-unsupported",
"result": null
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "type-unsupported",
"result": null
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260527",
"category": "type-unsupported",
"result": null
}
},
"ssdeep": "98304:lVbRbgTpBAr1EwR4SjFfE/CsZDtYT9cGVM3jDNodQZQjsyYbpbJr72rD8RFKEreV:lTETQjGJewadQZQjvYb952rDkKEreKSz",
"magika": "ELF",
"reputation": 0,
"crowdsourced_yara_results": [
{
"ruleset_id": "0122a7f913",
"ruleset_version": "0122a7f913|589bbefc22847193cac455858fa15e627d671918",
"ruleset_name": "Windows_API_Function",
"rule_name": "Windows_API_Function",
"match_date": 1779841446,
"description": "This signature detects the presence of a number of Windows API functionality often seen within embedded executables. When this signature alerts on an executable, it is not an indication of malicious behavior. However, if seen firing in other file types, deeper investigation may be warranted.",
"author": "InQuest Labs",
"source": "https://github.com/InQuest/yara-rules-vt"
},
{
"ruleset_id": "00c3b8eb5d",
"ruleset_version": "00c3b8eb5d|e76c93dcdedff04076380ffc60ea54e45b313635",
"ruleset_name": "indicator_suspicious",
"rule_name": "INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs",
"match_date": 1779841446,
"description": "Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.",
"author": "ditekSHen",
"source": "https://github.com/ditekshen/detection"
},
{
"ruleset_id": "01548f5e9f",
"ruleset_version": "01548f5e9f|fc8633fd1aca367bd7e986a2e62f6851b150ad8f",
"ruleset_name": "Macos_Infostealer_Wallets",
"rule_name": "Macos_Infostealer_Wallets_8e469ea0",
"match_date": 1779841446,
"author": "Elastic Security",
"source": "https://github.com/elastic/protections-artifacts"
}
],
"times_submitted": 1,
"type_tags": [
"executable",
"linux",
"elf"
],
"last_modification_date": 1779848643,
"tags": [
"64bits",
"detect-debug-environment",
"elf"
],
"detectiteasy": {
"filetype": "ELF64",
"values": [
{
"info": "EXEC AMD64-64",
"type": "Operation system",
"name": "Unix"
},
{
"info": "EXEC AMD64-64",
"version": "1.10.x-1.17.x",
"type": "Compiler",
"name": "Go"
}
]
},
"type_description": "ELF"
}
}
}