Sample : 39f005280caa3647ef418a0af145157cbbb3264d040bba5ec03f5ee71b3f8e01

Summary


OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement MSB
File type

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, corrupted section header size
CPU type

MIPS I
Entropy

5.85864257
Syscalls executed (root)

25
Syscalls executed (user)

24
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement MSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

MIPS I
Link

dynamic
Entrypoint

0x404d90
Interpreter

'/lib/ld-uClibc.so.0'
Number of segments

7
Number of sections

0
Program header table offset

52
Section header table offset

0
Program header table - size of entry

32
Section header table - size of entry

0
Program header table - entries

7
Section header table - entries

0
Section header table - index sections names

0
Stripped

True
Sections stripped

True
Needed libraries

libgcc_s.so.1

libc.so.0

libcrypt.so.0

Anomalies


Segments
W^X permission : PT_DYNAMIC at offset 0x128
PT_GNU_STACK at offset 0x0
Memory size doubles physical size : PT_LOAD at offset 0x4d84c
PT_NULL at offset 0x0


Sections
Null section headers : True


Debug information

False

Hash


MD5

f312af78203cca418cc0a8f1a5d7a6d3
SHA1

e541f537c3078574a13e803be012fd945d7c746d
SHA256

39f005280caa3647ef418a0af145157cbbb3264d040bba5ec03f5ee71b3f8e01
SHA512

3328ce187ab38611d807c14a8d211778a756463368645848304891b60923b6883421e0eda1115651f7246fb7479e62c721c7f635b7d70e8f6f6d2645e7d4d239
ssdeep

6144:6AAAKLQyIJUH3NQ3M6rG0to3ltSTjEj0f0T/+5nrvgm0Wj7nvQWhmdqJZrsf7Pk+:sA+f7bC7mKrXLvXrsTsV+3

Bytes


Entropy

5.85864257
Min entropy (16KB blocks)

3.95324564018
Max entropy (16KB blocks)

6.04873746632
Unique bytes (0-255)

256
Null bytes

79166
White spaces

19101
Printable bytes

87809
First 16B

7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00
Last 16B

00 41 6b ac 00 44 52 e0 00 44 52 d0 00 45 f0 58
Longest same bytes sequence

Byte : 0x0

Offset : 0x11e2

Length : 157

Three rarest bytes

0x8b - 29 times

0xd9 - 27 times

0xda - 26 times

Three most common bytes

0x0 - 79166 times

0x8f - 12049 times

0x10 - 11661 times

File type


Mime type

application/x-executable
File type

ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, corrupted section header size

VirusTotal


URL

https://www.virustotal.com/#/file/39f005280caa3647ef418a0af145157cbbb3264d040bba5ec03f5ee71b3f8e01
Positive

0
Scan date

2017-07-20 23:30:32

Data Explore


Paths

/lib/ld-uClibc.so.0

/dev/root

/proc/%d/exe

/proc/%u

/proc/%u/stat

/etc/inittab

/dev/tty2

/dev/tty3

/dev/tty4

/etc/init.d/rcS

/dev/

/var/run/snmpd_pid

/etc/inittab

/usr/bin:/bin:/usr/sbin:/sbin

/bin/sh

/dev/tty5

/etc/passwd

/etc/shadow

/etc/group

/etc/gshadow

/etc/nologin

/etc/securetty

/etc/motd

/bin/sh

/dev/null

/proc/mounts

/proc/%d

/home/%s

/var/factorymode.txt

/usr/bin/cmd

/lib/modules

/proc/sys/kernel/tainted

/proc/modules

/proc/sys/kernel/tainted

/lib/modules/%s/modules.dep

/lib/modules/modules.dep

/etc/modprobe.conf

/etc/modules.conf

/etc/conf.modules

/lib/modules/%s/modules.alias

/lib/modules/modules.alias

/proc/net/arp

/etc/inetd.conf

/proc/net/dev

/proc/net/if_inet6

/proc/net/ipv6_route

/proc/net/route

/dev/ptmx

/dev/pts

/etc/issue.net

/bin/login

/proc/net/vlan/config

/proc/net/%s

/proc/stat

/dev/tty

/etc/profile

/usr/local/bin:/usr/bin:/sbin:/bin

/dev/console

/dev/log

/dev/log

/var/log/messages

/var/log/sysevent.txt

/dev/hd

/proc/ide/%s/media

/proc/partitions

/dev/%s

/dev/usb/%s

/etc/fstab

/etc/filesystems

/proc/filesystems

/usr/sbin:/bin:/usr/bin

URLs

http://www.tux.org/lkml/

IPs (v4 and v6)

::

::D

e::

::

d::

255.255.255.255

Code Explore


Nucleus

Eh_frame

Sandbox (user)


Standard output

Standard error

/tmp/39f005280caa3647ef418a0af145157cbbb3264d040bba5ec03f5ee71b3f8e01: can't load library 'libgcc_s.so.1'

Sandbox (root)


Standard output

Standard error

/tmp/39f005280caa3647ef418a0af145157cbbb3264d040bba5ec03f5ee71b3f8e01: can't load library 'libgcc_s.so.1'

Behavior


User behavior

Syscalls


Unique
write
stat
read
munmap
mmap2
exit
close
open
fstat
execve


Unique number
10

Total number
24

Number of processes

1

Trace lines lost

0

Files being read

/lib/libgcc_s.so.1

/lib/libc.so.0

/usr/lib/libgcc_s.so.1

Max sleep

-1.0



Root behavior

Syscalls


Unique
write
stat
read
commit_creds
mmap2
munmap
exit
close
open
fstat
execve


Unique number
11

Total number
25

Number of processes

1

Trace lines lost

0

Files being read

/lib/libgcc_s.so.1

/lib/libc.so.0

/usr/lib/libgcc_s.so.1

Max sleep

-1.0