i can tell you right now that this is a false positive... MIRAI and its variants don't work like this... they do not target certain file names... in fact, they remove themselves from the drive as soon as possible so that no one can grab a copy of the binary for dissecting... i know this because one of my day jobs is network security... another is because i'm one of the folks that discovered MIRAI because of its activity*... a 3rd reason is because i have a copy or two of the MIRAI source code that was leaked and there's definitely no code in it for something like this... so, depending on what the scanner is looking for, in general terms, yeah, it is a false positive...
* i am an old school BBS sysop... BBSing is what we did before the internet was opened for public infestation, uh... i mean, use... i still run my BBS and it is still available via dialup as well as also telnet... MIRAI and its variants target port 23, the telnet port, as well as 2323 and at least two other ports... they, the MIRAI bot herders, are only interested in IOT devices with exposed public access to those ports and using default administrative credentials...
"You get more air close to the ground," said Angalo. "I read that in a book. You get lots of air low down, and not much when you go up."
"Why not?" said Gurder.
"Dunno. It's frightened of heights, I guess."