Sample:

1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e



Summary

OS ABI: UNIX - System V

CPU class: 32 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /system/runtime_loader, not stripped

CPU type: Intel 80386

Entropy: 6.21999049379

Syscalls executed (root): 5

Syscalls executed (user): 5

ELF type: Shared object file

ELF

Class: 32 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Shared object file

ELF version: 0.1

Machine: Intel 80386

Entrypoint: 0x4900

Interpreter: '/system/runtime_loader'

Number of segments: 5

Number of sections: 26

Program header table offset: 52

Section header table offset: 152364

Program header table - size of entry: 32

Section header table - size of entry: 40

Program header table - entries: 5

Section header table - entries: 26

Section header table - index sections names: 23

Stripped: False

Sections stripped: False

  • libroot.so
  • longjmp
  • xalloc_die
  • get_image_symbol
  • stpcpy
  • hash_delete
  • clock_gettime
  • xmalloc
  • strcpy
  • filevercmp
  • getgidbyname
  • xstrtoul
  • setjmp
  • hash_insert
  • __divdi3
  • ioctl
  • mpsort
  • strmode
  • printf
  • _obstack_memory_used
  • putc_unlocked
  • quotearg_custom_mem
  • quotearg_alloc_mem
  • version_etc
  • memmove
  • printf_parse
  • __fpending
  • snprintf
  • quotearg
  • version_etc_ar
  • quote_n
  • hash_get_max_bucket_length
  • version_etc_va
  • getgrgid
  • rpl_fseeko
  • argmatch
  • set_quoting_flags
  • getenv
  • wcslen
  • iswcntrl
  • quote_mem
  • hard_locale
  • wmempcpy
  • quotearg_char
  • quotearg_n
  • quote_n_mem
  • usage
  • argmatch_invalid
  • error_at_line
  • xdectoumax
  • xnmalloc
  • memcpy
  • close_stdout
  • readlink
  • hash_get_first
  • argmatch_to_argument
  • hash_get_entries
  • mbrtowc
  • quote
  • hash_do_for_each
  • sigaction
  • rpl_fclose
  • _obstack_begin_1
  • malloc
  • isatty
  • rpl_readlink
  • btowc
  • sigprocmask
  • mbsnwidth
  • xnrealloc
  • strtoumax
  • strtoul
  • xcharalloc
  • _obstack_newchunk
  • hash_initialize
  • wcstombs
  • readdir
  • mempcpy
  • last_component
  • fflush
  • emit_bug_reporting_address
  • mbstowcs
  • __umoddi3
  • lseek
  • hash_rehash
  • quotearg_n_style
  • rpl_vfprintf
  • quotearg_free
  • lstat
  • _call_init_routines_
  • __udivdi3
  • abort
  • quotearg_buffer
  • quotearg_alloc
  • _init
  • __freading
  • quotearg_n_mem
  • umaxtostr
  • getuidbyname
  • iswprint
  • find_thread
  • nstrftime
  • strrchr
  • signal
  • _obstack_begin
  • calloc
  • set_quoting_style
  • hash_string
  • quotearg_n_style_mem
  • human_options
  • wmemchr
  • get_quoting_style
  • fseterr
  • __ctype_get_mb_cur_max
  • fprintf
  • fputs_unlocked
  • file_has_acl
  • xstrdup
  • strcat
  • getgroup
  • locale_charset
  • sigismember
  • hash_get_n_entries
  • set_custom_quoting
  • __deregister_frame_info
  • hash_get_n_buckets_used
  • fseeko
  • rpl_mktime
  • hash_table_ok
  • mfile_name_concat
  • nl_langinfo
  • hash_clear
  • memchr
  • xcalloc
  • _start
  • rpl_lstat
  • strstr
  • quotearg_mem
  • dirfd
  • iswctype
  • strcoll
  • strncmp
  • vasnprintf
  • getuser
  • ambsalign
  • wcwidth
  • realloc
  • hash_lookup
  • set_program_name
  • hash_insert_if_absent
  • xrealloc
  • rpl_getopt_internal
  • _getopt_internal_r
  • _getopt_long_only_r
  • clone_quoting_options
  • __xargmatch_internal
  • strdup
  • _init_c_library_
  • _obstack_allocated_p
  • xstrtoumax
  • __fixunsxfdi
  • gettimeofday
  • localtime
  • memset
  • main
  • close_stdout_set_ignore_EPIPE
  • argmatch_valid
  • mbsrtowcs
  • wctype
  • fclose
  • opendir
  • quotearg_style
  • __assert_fail
  • _errnop
  • rpl_fflush
  • x2nrealloc
  • version_etc_arn
  • quotearg_n_custom_mem
  • strcmp
  • getpwuid
  • quotearg_colon_mem
  • getpwnam
  • rpl_getopt_long
  • _fini
  • xzalloc
  • quotearg_colon
  • sprintf
  • human_readable
  • strerror_r
  • quotearg_n_custom
  • __cmpdi2
  • hash_reset_tuning
  • atexit
  • sigemptyset
  • quotearg_custom
  • setlocale
  • xmemdup
  • error
  • filemodestring
  • rpl_getopt
  • putchar_unlocked
  • fputc
  • dir_len
  • gnu_mbswidth
  • areadlink_with_size
  • rpl_getopt_long_only
  • localtime_r
  • fflush_unlocked
  • strftime
  • localeconv
  • fwrite_unlocked
  • hash_get_next
  • stpncpy
  • fwrite
  • gettime
  • imaxtostr
  • tcgetpgrp
  • hash_free
  • gnu_fnmatch
  • _obstack_free
  • xstrtol_fatal
  • exit
  • towlower
  • getgrnam
  • close_stdout_set_file_name
  • file_name_concat
  • x2realloc
  • _getopt_long_r
  • set_char_quoting
  • ferror_unlocked
  • fileno
  • __moddi3
  • quotearg_char_mem
  • quotearg_style_mem
  • _exit
  • rpl_mbrtowc
  • wcscat
  • stat
  • printf_fetchargs
  • base_len
  • mdir_name
  • rpl_calloc
  • hash_print_statistics
  • strchr
  • wcswidth
  • fputs
  • hash_get_n_buckets
  • rpl_stat
  • closedir
  • fcntl
  • mbsalign
  • __register_frame_info
  • close_stream
  • mktime_internal
  • fstat
  • sigaddset
  • xnumtoumax
  • raise
  • free
  • mbsinit
  • .gnu_debuglink
  • section without a name

Debug information: False

  • GCC: (GNU) 2.95.3-haiku-2017_07_20

Hash

MD5: 0bfcd2d056fc187f99f3524ee6d26e31

SHA1: 7e790456f87efbf5a9f1cf8f2cd861cac17a15d8

SHA256: 1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e

SHA512: f5a333bd73abed1514d216262578186dbe0c34b08c482a96cdc5cc621769c923c1c985c09513e076421d85b41dd8a7e66de9fd0164c794c08cc54b72326fb9a6

ssdeep: 3072:VkhoDk1mk6kw5i3nJJDNU5Hq98JozsLdELCjSC9ao+gMFO6p0VGgLwDnsUpHhV0d:V+oA1hUA3JMZogLMsSC9RMFO6pPgMjsz

Bytes

Entropy: 6.21999049379

Min entropy (16KB blocks): 4.16162001771

Max entropy (16KB blocks): 6.36212579972

Unique bytes (0-255): 256

Null bytes: 37217

White spaces: 8119

Printable bytes: 53822

First 16B: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 73 65 00 66 72 65 65 00 6d 62 73 69 6e 69 74 00

Byte: 0x0

Offset: 0x4f7

Length: 114

  • 0xb1 - 27 times
  • 0x9d - 26 times
  • 0xcb - 20 times
  • 0x0 - 37217 times
  • 0xff - 8161 times
  • 0x83 - 4735 times

File type

Mime type: application/x-sharedlib

File type: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /system/runtime_loader, not stripped

VirusTotal

Error: Resource not found

Data Explore

  • http://www.gnu.org/software/coreutils/
  • http://translationproject.org/team/
  • http://wiki.xiph.org/index
  • http://wiki.xiph.org/index
  • http://gnu.org/licenses/gpl
  • http://www.gnu.org/software/coreutils/
  • http://www.gnu.org/gethelp/

Code Explore

Number of functions: 668

Total size functions [B]: 96064

Average size a function [B]: 143.808383234

Percentage of covered .text section: 100.346801487

Percentage of covered LOAD segment: 64.10463448

Number of functions: 336

Total size functions [B]: 94604

Average size a function [B]: 281.55952381

Percentage of covered .text section: 98.8217106088

Percentage of covered LOAD segment: 63.1303593474

Sandbox (user)

Standard output:

Standard error: sh: 1: /tmp/1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e: not found

Sandbox (root)

Standard output:

Standard error: sh: 1: /tmp/1b68a8230c95aa77fd4a0e7545fb58ddc7fe05a07954be63913219bdec0c181e: not found

Behavior

Wrong interpreter: True

  • write
  • exit_group
  • execve

Unique number: 3

Total number: 5

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0

Wrong interpreter: True

  • write
  • exit_group
  • execve

Unique number: 3

Total number: 5

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0