Sample : 1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e

Summary


OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /system/runtime_loader, not stripped
CPU type

Intel 80386
Entropy

6.21999049379
Syscalls executed (root)

5
Syscalls executed (user)

5
ELF type

Shared object file

ELF


Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Shared object file
ELF version

0.1
Machine

Intel 80386
Link

dynamic
Entrypoint

0x4900
Interpreter

'/system/runtime_loader'
Number of segments

5
Number of sections

26
Program header table offset

52
Section header table offset

152364
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

5
Section header table - entries

26
Section header table - index sections names

23
Stripped

False
Sections stripped

False
Needed libraries

libroot.so

Dynamic symbols

longjmp

xalloc_die

get_image_symbol

stpcpy

hash_delete

clock_gettime

xmalloc

strcpy

filevercmp

getgidbyname

xstrtoul

setjmp

hash_insert

__divdi3

ioctl

mpsort

strmode

printf

_obstack_memory_used

putc_unlocked

quotearg_custom_mem

quotearg_alloc_mem

version_etc

memmove

printf_parse

__fpending

snprintf

quotearg

version_etc_ar

quote_n

hash_get_max_bucket_length

version_etc_va

getgrgid

rpl_fseeko

argmatch

set_quoting_flags

getenv

wcslen

iswcntrl

quote_mem

hard_locale

wmempcpy

quotearg_char

quotearg_n

quote_n_mem

usage

argmatch_invalid

error_at_line

xdectoumax

xnmalloc

memcpy

close_stdout

readlink

hash_get_first

argmatch_to_argument

hash_get_entries

mbrtowc

quote

hash_do_for_each

sigaction

rpl_fclose

_obstack_begin_1

malloc

isatty

rpl_readlink

btowc

sigprocmask

mbsnwidth

xnrealloc

strtoumax

strtoul

xcharalloc

_obstack_newchunk

hash_initialize

wcstombs

readdir

mempcpy

last_component

fflush

emit_bug_reporting_address

mbstowcs

__umoddi3

lseek

hash_rehash

quotearg_n_style

rpl_vfprintf

quotearg_free

lstat

_call_init_routines_

__udivdi3

abort

quotearg_buffer

quotearg_alloc

_init

__freading

quotearg_n_mem

umaxtostr

getuidbyname

iswprint

find_thread

nstrftime

strrchr

signal

_obstack_begin

calloc

set_quoting_style

hash_string

quotearg_n_style_mem

human_options

wmemchr

get_quoting_style

fseterr

__ctype_get_mb_cur_max

fprintf

fputs_unlocked

file_has_acl

xstrdup

strcat

getgroup

locale_charset

sigismember

hash_get_n_entries

set_custom_quoting

__deregister_frame_info

hash_get_n_buckets_used

fseeko

rpl_mktime

hash_table_ok

mfile_name_concat

nl_langinfo

hash_clear

memchr

xcalloc

_start

rpl_lstat

strstr

quotearg_mem

dirfd

iswctype

strcoll

strncmp

vasnprintf

getuser

ambsalign

wcwidth

realloc

hash_lookup

set_program_name

hash_insert_if_absent

xrealloc

rpl_getopt_internal

_getopt_internal_r

_getopt_long_only_r

clone_quoting_options

__xargmatch_internal

strdup

_init_c_library_

_obstack_allocated_p

xstrtoumax

__fixunsxfdi

gettimeofday

localtime

memset

main

close_stdout_set_ignore_EPIPE

argmatch_valid

mbsrtowcs

wctype

fclose

opendir

quotearg_style

__assert_fail

_errnop

rpl_fflush

x2nrealloc

version_etc_arn

quotearg_n_custom_mem

strcmp

getpwuid

quotearg_colon_mem

getpwnam

rpl_getopt_long

_fini

xzalloc

quotearg_colon

sprintf

human_readable

strerror_r

quotearg_n_custom

__cmpdi2

hash_reset_tuning

atexit

sigemptyset

quotearg_custom

setlocale

xmemdup

error

filemodestring

rpl_getopt

putchar_unlocked

fputc

dir_len

gnu_mbswidth

areadlink_with_size

rpl_getopt_long_only

localtime_r

fflush_unlocked

strftime

localeconv

fwrite_unlocked

hash_get_next

stpncpy

fwrite

gettime

imaxtostr

tcgetpgrp

hash_free

gnu_fnmatch

_obstack_free

xstrtol_fatal

exit

towlower

getgrnam

close_stdout_set_file_name

file_name_concat

x2realloc

_getopt_long_r

set_char_quoting

ferror_unlocked

fileno

__moddi3

quotearg_char_mem

quotearg_style_mem

_exit

rpl_mbrtowc

wcscat

stat

printf_fetchargs

base_len

mdir_name

rpl_calloc

hash_print_statistics

strchr

wcswidth

fputs

hash_get_n_buckets

rpl_stat

closedir

fcntl

mbsalign

__register_frame_info

close_stream

mktime_internal

fstat

sigaddset

xnumtoumax

raise

free

mbsinit

Anomalies


Sections
Uncommon sections : .gnu_debuglink
section without a name


Debug information

False
Comment

GCC: (GNU) 2.95.3-haiku-2017_07_20

Hash


MD5

0bfcd2d056fc187f99f3524ee6d26e31
SHA1

7e790456f87efbf5a9f1cf8f2cd861cac17a15d8
SHA256

1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e
SHA512

f5a333bd73abed1514d216262578186dbe0c34b08c482a96cdc5cc621769c923c1c985c09513e076421d85b41dd8a7e66de9fd0164c794c08cc54b72326fb9a6
ssdeep

3072:VkhoDk1mk6kw5i3nJJDNU5Hq98JozsLdELCjSC9ao+gMFO6p0VGgLwDnsUpHhV0d:V+oA1hUA3JMZogLMsSC9RMFO6pPgMjsz

Bytes


Entropy

6.21999049379
Min entropy (16KB blocks)

4.16162001771
Max entropy (16KB blocks)

6.36212579972
Unique bytes (0-255)

256
Null bytes

37217
White spaces

8119
Printable bytes

53822
First 16B

7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B

73 65 00 66 72 65 65 00 6d 62 73 69 6e 69 74 00
Longest same bytes sequence

Byte : 0x0

Offset : 0x4f7

Length : 114

Three rarest bytes

0xb1 - 27 times

0x9d - 26 times

0xcb - 20 times

Three most common bytes

0x0 - 37217 times

0xff - 8161 times

0x83 - 4735 times

File type


Mime type

application/x-sharedlib
File type

ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /system/runtime_loader, not stripped

VirusTotal


Error

Resource not found

Data Explore


URLs

http://www.gnu.org/software/coreutils/

http://translationproject.org/team/

http://wiki.xiph.org/index

http://wiki.xiph.org/index

http://gnu.org/licenses/gpl

http://www.gnu.org/software/coreutils/

http://www.gnu.org/gethelp/

Code Explore


Nucleus

Number of functions : 668

Total size functions [B] : 96064

Average size a function [B] : 143.808383234

Percentage of covered .text section : 100.346801487

Percentage of covered LOAD segment : 64.10463448

Eh_frame

Number of functions : 336

Total size functions [B] : 94604

Average size a function [B] : 281.55952381

Percentage of covered .text section : 98.8217106088

Percentage of covered LOAD segment : 63.1303593474

Sandbox (user)


Standard output

Standard error

sh: 1: /tmp/1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e: not found

Sandbox (root)


Standard output

Standard error

sh: 1: /tmp/1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e: not found

Behavior


User behavior

Errors


Wrong interpreter
True

Syscalls


Unique
write
exit_group
execve


Unique number
3

Total number
5

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Max sleep

-1.0



Root behavior

Errors


Wrong interpreter
True

Syscalls


Unique
write
exit_group
execve


Unique number
3

Total number
5

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Max sleep

-1.0