Sample : 17f4a34631df002d0a36b1bf47bd30489ffba7e3a39177b0fc56c12b2ec02579

Summary


OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement MSB
File type

ELF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, stripped
CPU type

MIPS I
Entropy

7.88042255523
Syscalls executed (root)

49269
Syscalls executed (user)

36808
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement MSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

MIPS I
Link

static
Entrypoint

0x13e1c8
Number of segments

2
Number of sections

0
Program header table offset

52
Section header table offset

0
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

2
Section header table - entries

0
Section header table - index sections names

0
Stripped

True
Sections stripped

True
Anomalies


Segments
High entropy : PT_LOAD at offset 0x0 - 7.880473
Memory size doubles physical size : PT_LOAD at offset 0x0


Sections
Section header table offset empty : True
Number of section headers empty : True


Debug information

False

Hash


MD5

265f762d8c09c2827b733bb35699e34c
SHA1

51dd8c942449b7bb6047ae79d198269c98205ffd
SHA256

17f4a34631df002d0a36b1bf47bd30489ffba7e3a39177b0fc56c12b2ec02579
SHA512

019aa87fe95f75cdf67a03306773bf4da133ab40b03f23a3264fb248e4659c4c4a3839290ac5e8ea8d3bf73499b9c3325020218efb4921e7964fd95903f5d63d
ssdeep

24576:/zCrW7z3g4glpACsnf3zBHlTsutyIuU7j/mgxaU2tadZeD40nGJKm:LCrW/2gCsfjBlHy9UvmgYRYUAJR

Bytes


Entropy

7.88042255523
Min entropy (16KB blocks)

7.44600406289
Max entropy (16KB blocks)

7.87610809509
Unique bytes (0-255)

256
Null bytes

10515
White spaces

44033
Printable bytes

452885
First 16B

7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00
Last 16B

1e 92 29 52 00 3b 1c 20 00 00 00 58 00 00 00 80
Longest same bytes sequence

Byte : 0x0

Offset : 0x9

Length : 9

Three rarest bytes

0xfb - 1788 times

0xf5 - 1779 times

0xfd - 1550 times

Three most common bytes

0x6 - 15347 times

0xff - 11303 times

0x7 - 11256 times

File type


Mime type

application/x-executable
File type

ELF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, stripped

VirusTotal


Error

Resource not found

Data Explore


Paths

~/EH

~/

~/lZrp?

~/:

~/.~

~/b

~/

~/~s

~/

/dev/urdom

~/

~/

/proc/self/exe

/proc/se

URLs

http://upx.sf.net

IPs (v4 and v6)

::1

2.5.4.3

::

::

::

::

::

::

2::

Code Explore


Nucleus

Eh_frame

Sandbox (user)


Standard output

Standard error

Sandbox (root)


Standard output

Standard error

Behavior


User behavior

Syscalls


Unique
clock_gettime
rt_sigaction
epoll_create1
mprotect
setsockopt
brk
connect
getsockname
close
open
select
getsockopt
getdents
rt_sigprocmask
lstat
sched_getaffinity
write
getpid
sigaltstack
munmap
listen
fcntl
stat
readlinkat
read
openat
clone
sched_yield
readlink
getpeername
execve
gettid
socket
epoll_wait
epoll_ctl
futex
mmap2
bind


Unique number
38

Total number
36808

Permission related errors

True

Type of permission related error


EPERM
True

Number of processes

6

Trace lines lost

0

Files being read

/proc/13/fd

/proc/39/fd

/proc/605/net/tcp6

/proc

/proc/257/fd

/proc/3/fd

/proc/79/fd

/proc/15/fd

/proc/604/net/tcp6

/proc/36/fd

/proc/146/fd

/proc/1/fd

/proc/601/fd

/proc/sys/net/core/somaxconn

/proc/45/fd

/proc/18/fd

/proc/22/fd

/proc/4/fd

/proc/595/fd

/proc/16/fd

/proc/38/fd

/proc/17/fd

/proc/98/fd

/proc/43/fd

/proc/308/fd

/proc/2/fd

/proc/8/fd

/proc/41/fd

/proc/271/fd

/proc/594/fd

/proc/142/fd

/proc/7/fd

/proc/605/comm

/proc/19/fd

/proc/244/fd

/proc/564/fd

/proc/6/fd

/proc/11/fd

/proc/128/fd

/proc/self/exe

/proc/595/net/tcp

/proc/9/fd

/proc/273/fd

/proc/97/fd

/proc/42/fd

/proc/10/fd

/proc/37/fd

/proc/275/fd

/proc/605/fd

/proc/303/fd

/proc/40/fd

/proc/21/fd

/proc/12/fd

/proc/605/net/tcp

/proc/47/fd

/proc/604/net/tcp

/proc/46/fd

/proc/23/fd

/proc/14/fd

/proc/44/fd

/proc/270/fd

/proc/592/fd

/proc/35/fd

/proc/24/fd

/proc/603/fd

/proc/77/fd

/proc/595/net/tcp6

/proc/289/fd

/proc/5/fd

/proc/604/fd

/proc/131/fd

/proc/269/fd

/proc/20/fd

Max sleep

-1.0



Root behavior

Syscalls


Unique
clock_gettime
rt_sigaction
epoll_create1
mprotect
setsockopt
brk
connect
getsockname
close
open
select
getsockopt
getdents
epoll_wait
rt_sigprocmask
lstat
sched_getaffinity
write
getpid
commit_creds
getppid
munmap
listen
fcntl
stat
readlinkat
read
openat
clone
sigaltstack
sched_yield
readlink
getpeername
execve
gettid
socket
bind
epoll_ctl
futex
mmap2


Unique number
40

Total number
49269

Number of processes

6

Trace lines lost

0

Files being read

/proc/257/fd

/proc/6/net/tcp6

/proc/45/net/tcp6

/proc/728/fd

/proc/2/net/tcp6

/proc/687/comm

/proc/16/net/tcp

/proc/275/comm

/proc/sys/net/core/somaxconn

/proc/275/fd

/proc/142/net/tcp

/proc/5/net/tcp

/proc/98/fd

/proc/564/net/tcp

/proc/43/fd

/proc/729/net/tcp6

/proc/2/fd

/proc/24/net/tcp6

/proc/273/net/tcp

/proc/146/comm

/proc/19/fd

/proc/729/net/tcp

/proc/244/fd

/proc/self/exe

/proc/14/net/tcp

/proc/23/net/tcp

/proc/24/net/tcp

/proc/257/comm

/proc/271/net/tcp6

/proc/37/fd

/proc/257/net/tcp6

/proc/8/net/tcp

/proc/79/net/tcp

/proc/21/fd

/proc/38/net/tcp6

/proc/15/net/tcp6

/proc/289/comm

/proc/44/net/tcp6

/proc/40/net/tcp6

/proc/46/fd

/proc/11/net/tcp6

/proc/289/net/tcp

/proc/271/net/tcp

/proc/17/net/tcp

/proc/79/net/tcp6

/proc/10/net/tcp6

/proc/4/net/tcp

/proc/269/fd

/proc/3/net/tcp6

/proc/146/net/tcp6

/proc/98/net/tcp

/proc/44/net/tcp

/proc/257/net/tcp

/proc/22/fd

/proc/244/comm

/proc/728/net/tcp6

/proc/1/fd

/proc/289/net/tcp6

/proc/47/net/tcp6

/proc/20/net/tcp

/proc/308/net/tcp6

/proc/12/net/tcp

/proc/21/net/tcp6

/proc/8/fd

/proc/97/net/tcp

/proc/2/net/tcp

/proc/131/net/tcp6

/proc/142/comm

/proc/35/net/tcp6

/proc/47/net/tcp

/proc/4/net/tcp6

/proc/5/fd

/proc/128/fd

/proc/9/fd

/proc/273/fd

/proc/18/net/tcp

/proc/42/fd

/proc/564/net/tcp6

/proc/11/net/tcp

/proc/10/fd

/proc/720/net/tcp

/proc/729/fd

/proc/303/fd

/proc/98/net/tcp6

/proc/36/net/tcp6

/proc/12/fd

/proc/17/net/tcp6

/proc/22/net/tcp

/proc/23/fd

/proc/308/net/tcp

/proc/718/comm

/proc/35/fd

/proc/718/net/tcp

/proc/128/net/tcp

/proc/7/net/tcp6

/proc/77/fd

/proc/142/net/tcp6

/proc/20/fd

/proc/13/fd

/proc/718/net/tcp6

/proc/6/net/tcp

/proc

/proc/15/fd

/proc/21/net/tcp

/proc/45/fd

/proc/1/net/tcp

/proc/38/net/tcp

/proc/4/fd

/proc/43/net/tcp6

/proc/1/net/tcp6

/proc/726/net/tcp

/proc/726/net/tcp6

/proc/41/fd

/proc/275/net/tcp

/proc/39/net/tcp

/proc/7/fd

/proc/269/net/tcp

/proc/77/net/tcp

/proc/36/net/tcp

/proc/40/net/tcp

/proc/97/net/tcp6

/proc/35/net/tcp

/proc/19/net/tcp

/proc/13/net/tcp6

/proc/38/fd

/proc/275/net/tcp6

/proc/142/fd

/proc/14/fd

/proc/5/net/tcp6

/proc/726/fd

/proc/303/net/tcp

/proc/14/net/tcp6

/proc/23/net/tcp6

/proc/22/net/tcp6

/proc/7/net/tcp

/proc/11/fd

/proc/244/net/tcp6

/proc/718/fd

/proc/39/fd

/proc/244/net/tcp

/proc/728/net/tcp

/proc/3/fd

/proc/687/fd

/proc/726/comm

/proc/37/net/tcp

/proc/36/fd

/proc/146/fd

/proc/273/comm

/proc/24/fd

/proc/18/fd

/proc/687/net/tcp

/proc/16/fd

/proc/720/fd

/proc/10/net/tcp

/proc/729/comm

/proc/8/net/tcp6

/proc/9/net/tcp6

/proc/308/fd

/proc/42/net/tcp6

/proc/271/fd

/proc/687/net/tcp6

/proc/13/net/tcp

/proc/44/fd

/proc/20/net/tcp6

/proc/564/fd

/proc/3/net/tcp

/proc/6/fd

/proc/15/net/tcp

/proc/303/net/tcp6

/proc/42/net/tcp

/proc/97/fd

/proc/1/comm

/proc/128/net/tcp6

/proc/273/net/tcp6

/proc/40/fd

/proc/39/net/tcp6

/proc/12/net/tcp6

/proc/45/net/tcp

/proc/146/net/tcp

/proc/47/fd

/proc/16/net/tcp6

/proc/9/net/tcp

/proc/131/net/tcp

/proc/720/net/tcp6

/proc/77/net/tcp6

/proc/79/fd

/proc/17/fd

/proc/18/net/tcp6

/proc/269/comm

/proc/37/net/tcp6

/proc/564/comm

/proc/131/fd

/proc/269/net/tcp6

/proc/289/fd

/proc/43/net/tcp

/proc/19/net/tcp6

Max sleep

-1.0