Sample:

03a75a27193848f9fe415a9c1407cfdc443a6dc6f75229e4dae7ab5d4b49fc94



Summary

OS ABI: UNIX - System V

CPU class: 64 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=171aec551e723455171d9241c0ca936cb5d949b7, not stripped

CPU type: AMD x86-64

Entropy: 3.08529667588

Syscalls executed (root): 28

Syscalls executed (user): 27

ELF type: Shared object file

ELF

Class: 64 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Shared object file

ELF version: 0.1

Machine: AMD x86-64

Entrypoint: 0x6e0

Interpreter: '/lib64/ld-linux-x86-64.so.2'

Number of segments: 9

Number of sections: 28

Program header table offset: 64

Section header table offset: 6456

Program header table - size of entry: 56

Section header table - size of entry: 64

Program header table - entries: 9

Section header table - entries: 28

Section header table - index sections names: 27

Stripped: False

Sections stripped: False

  • libc.so.6
  • __libc_start_main
  • __cxa_finalize
  • __libc_csu_init
  • _start
  • main
  • _init
  • __libc_csu_fini
  • _fini
  • section without a name

Debug information: False

  • GCC: (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0
  • GNU : '\x17\x1a\xecU\x1er4U\x17\x1d\x92A\xc0\xca\x93l\xb5\xd9I'

Hash

MD5: 635399ff0b2166f47b13ca3ebb900ad3

SHA1: 8b157dd83a0e2e618bb8043702a2acf14532ecd9

SHA256: 03a75a27193848f9fe415a9c1407cfdc443a6dc6f75229e4dae7ab5d4b49fc94

SHA512: 0436a69ff2dcdcafacb76226777cb574d55f71b43f5be755dd1a4c63e61dddfe9ba8a69329be7426e9651fc11d8f1d1e47fd8df97a7d9c489e50fa307db0f108

ssdeep: 96:RIRTuQBt5BiCu90sV/EzMRGcnPMJiw7lwMBjiBqScVnwOw:R6jZvK7MznHDHQsSc

Bytes

Entropy: 3.08529667588

Min entropy (16KB blocks): -1.0

Max entropy (16KB blocks): -1.0

Unique bytes (0-255): 221

Null bytes: 5541

White spaces: 165

Printable bytes: 1384

First 16B: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Byte: 0x0

Offset: 0xa27

Length: 970

  • 0xee - 0 times
  • 0xf2 - 0 times
  • 0xf7 - 0 times
  • 0x0 - 5541 times
  • 0x5f - 138 times
  • 0x1 - 109 times

File type

Mime type: application/x-sharedlib

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=171aec551e723455171d9241c0ca936cb5d949b7, not stripped

VirusTotal

URL: https://www.virustotal.com/#/file/03a75a27193848f9fe415a9c1407cfdc443a6dc6f75229e4dae7ab5d4b49fc94

Positive: 0

Scan date: 2018-11-06 12:02:37

Code Explore

Number of functions: 10

Total size functions [B]: 371

Average size a function [B]: 37.1

Percentage of covered .text section: 82.4444444444

Percentage of covered LOAD segment: 11.7703045685

Number of functions: 6

Total size functions [B]: 239

Average size a function [B]: 39.8333333333

Percentage of covered .text section: 53.1111111111

Percentage of covered LOAD segment: 7.58248730964

Sandbox (user)

Standard output:

Standard error:

Sandbox (root)

Standard output:

Standard error:

Behavior

  • mmap2
  • exit_group
  • read
  • munmap
  • mprotect
  • arch_prctl
  • access
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 12

Total number: 27

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libc.so.6
  • /etc/ld.so.cache

Max sleep: -1.0

  • mmap2
  • exit_group
  • read
  • commit_creds
  • mprotect
  • arch_prctl
  • access
  • munmap
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 13

Total number: 28

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libc.so.6
  • /etc/ld.so.cache

Max sleep: -1.0