Modules

Summary

OS ABI

UNIX - System V

CPU class

64 bit

Persistence (user)

Persistence (root)

CPU byte order

2's complement LSB

File type

ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=ef59891a64ba2c574aafd10ee26e4c13eb5086eb, not stripped

CPU type

AMD x86-64

Entropy

3.62049124426

Syscalls executed (root)

Syscalls executed (user)

ELF type

Executable file

ELF

Class

64 bit

Data encoding

2's complement LSB

Operating system ABI

UNIX - System V

Object file type

Executable file

ELF version

0.1

Machine

AMD x86-64

Link

dynamic

Entrypoint

0x400790

Interpreter

'/lib64/ld-linux-x86-64.so.2'

Number of segments

Number of sections

Program header table offset

Section header table offset

3864

Program header table - size of entry

Section header table - size of entry

Program header table - entries

Section header table - entries

Section header table - index sections names

Stripped

False

Sections stripped

False

Needed libraries

libgcc_s.so.1

libm.so.6

libstdc++.so.6

libc.so.6

Dynamic symbols

execv

exit

prctl

__libc_start_main

strerror

strtol

__errno_location

getppid

fwrite

perror

fprintf

__gxx_personality_v0

Anomalies

Entrypoint

Section : .
p
l
t

Sections

Uncommon sections : section without a name

Debug information

False

Comment

GCC: (GNU) 4.4.7 20120313 (Red Hat 4.4.7-23)

Note

GNU : '\xefY\x89\x1ad\xba,WJ\xaf\xd1\x0e\xe2nL\x13\xebP\x86'

Hash

MD5

9511b3fa6b54bd3c0ad83c581e63fa40

SHA1

c173bde39d65e178d405866b1a77760dcf69ad3d

SHA256

4d9e56ecebe661e480b93ae0e9a69b7703b33983eb1b39f86820fda627ba87be

SHA512

56fb3ae8ccd7975cb62a74adddc67b5f749aa4742e4b0be5d1de25e5c5fd89ce40df01add05df5eae835b48f8f18bf97a8b37a111e32dda923860a573d1fe2e6

ssdeep

96:GpTacyB7vcwXQ5qTAZ4YsaSwoBsqDmcHl9KRo/qh//YRvqnj2kEeGU:Gpmcy/XSqTdY5SwIk1BYRynjVEeZ

Bytes

Entropy

3.62049124426

Min entropy (16KB blocks)

-1.0

Max entropy (16KB blocks)

-1.0

Unique bytes (0-255)

220

Null bytes

5018

White spaces

199

Printable bytes

1798

First 16B

7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

Last 16B

69 74 00 5f 5a 35 72 75 6e 69 74 69 50 50 63 00

Longest same bytes sequence

Byte : 0x0

Offset : 0xd05

Length : 108

Three rarest bytes

0xdf - 0 times

0xee - 0 times

0xf7 - 0 times

Three most common bytes

0x0 - 5018 times

0xff - 148 times

0x5f - 146 times

File type

Mime type

application/x-executable

File type

VirusTotal

Error

Resource not found

Code Explore

Nucleus

Number of functions : 11

Total size functions [B] : 654

Average size a function [B] : 59.4545454545

Percentage of covered .text section : 93.9655172414

Percentage of covered LOAD segment : 18.3707865169

Eh_frame

Number of functions : 4

Total size functions [B] : 363

Average size a function [B] : 90.75

Percentage of covered .text section : 52.1551724138

Percentage of covered LOAD segment : 10.1966292135

Sandbox (user)

Standard output

Standard error

Incorrect args

Sandbox (root)

Standard output

Standard error

Incorrect args

Behavior

User behavior

Syscalls

Unique

mmap2
exit_group
read
munmap
mprotect
arch_prctl
access
write
brk
close
open
fstat
execve

Unique number

13

Total number

Instrumented libc calls

Unique

strchr

Unique number

1

Total number

Number of processes

Trace lines lost

Files being read

/opt/lib/libc.so.6

/etc/ld.so.cache

/opt/lib/libm.so.6

/usr/lib/x86_64-linux-gnu/libstdc++.so.6

/lib/x86_64-linux-gnu/libgcc_s.so.1

Max sleep

-1.0

Root behavior

Syscalls

Unique

mmap2
write
exit_group
read
commit_creds
mprotect
arch_prctl
access
munmap
brk
close
open
fstat
execve

Unique number

14

Total number

Instrumented libc calls

Unique

strchr

Unique number

1

Total number

Number of processes

Trace lines lost

Files being read

/opt/lib/libc.so.6

/etc/ld.so.cache

/opt/lib/libm.so.6

/usr/lib/x86_64-linux-gnu/libstdc++.so.6

/lib/x86_64-linux-gnu/libgcc_s.so.1

Max sleep

-1.0

Sample : 4d9e56ecebe661e480b93ae0e9a69b7703b33983eb1b39f86820fda627ba87be

Modules

Summary

OS ABI

CPU class

Persistence (user)

Persistence (root)

CPU byte order

File type

CPU type

Entropy

Syscalls executed (root)

Syscalls executed (user)

ELF type

ELF

Class

Data encoding

Operating system ABI

Object file type

ELF version

Machine

Link

Entrypoint

Interpreter

Number of segments

Number of sections

Program header table offset

Section header table offset

Program header table - size of entry

Section header table - size of entry

Program header table - entries

Section header table - entries

Section header table - index sections names

Stripped

Sections stripped

Needed libraries

Dynamic symbols

Anomalies

Debug information

Comment

Note

Hash

MD5

SHA1

SHA256

SHA512

ssdeep

Bytes

Entropy

Min entropy (16KB blocks)

Max entropy (16KB blocks)

Unique bytes (0-255)

Null bytes

White spaces

Printable bytes

First 16B

Last 16B

Longest same bytes sequence

Three rarest bytes

Three most common bytes

File type

Mime type

File type

VirusTotal

Error

Code Explore

Nucleus

Eh_frame

Sandbox (user)

Standard output

Standard error

Sandbox (root)

Standard output

Standard error

Behavior

User behavior

Syscalls

Instrumented libc calls

Number of processes

Trace lines lost