Sample:

5026580b0d5f3290970a948534c9910274f392689cd97722fc7eaa232ceaca21



Summary

OS ABI: UNIX - System V

CPU class: 64 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=c975719c8ae8451338e2265159819a517ece8c0d, not stripped

CPU type: AMD x86-64

Entropy: 6.10271073829

Syscalls executed (root): 79

Syscalls executed (user): 78

ELF type: Executable file

ELF

Class: 64 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Executable file

ELF version: 0.1

Machine: AMD x86-64

Entrypoint: 0x402160

Interpreter: '/lib64/ld-linux-x86-64.so.2'

Number of segments: 8

Number of sections: 31

Program header table offset: 64

Section header table offset: 77024

Program header table - size of entry: 56

Section header table - size of entry: 64

Program header table - entries: 8

Section header table - entries: 31

Section header table - index sections names: 28

Stripped: False

Sections stripped: False

  • libc.so.6
  • libgcc_s.so.1
  • libm.so.6
  • libstdc++.so.6
  • libcrypto.so.1.0.0
  • _ZNSs6appendEPKcm
  • BIO_new_mem_buf
  • dup2
  • SHA256
  • printf
  • memset
  • _ZSt18_Rb_tree_decrementPKSt18_Rb_tree_node_base
  • close
  • abort
  • vasprintf
  • getpgrp
  • _ZNSsC1EPKcmRKSaIcE
  • _ZNSs6assignEPKc
  • puts
  • _ZdlPv
  • _ZNSs7reserveEm
  • exit
  • __cxa_rethrow
  • RSA_size
  • read
  • strncmp
  • fopen
  • __libc_start_main
  • _ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
  • RSA_sign
  • _ZNSs4_Rep9_S_createEmmRKSaIcE
  • _ZNKSs7compareERKSs
  • _ZNSsC1ERKSs
  • _ZSt20__throw_out_of_rangePKc
  • getpid
  • _ZNSsD1Ev
  • PEM_read_bio_RSAPrivateKey
  • free
  • strlen
  • _ZNSs4_Rep10_M_destroyERKSaIcE
  • ferror
  • listen
  • sprintf
  • pipe
  • _ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
  • _ZNKSs4findEcm
  • poll
  • _ZNKSs7compareEPKc
  • _ZNSsC1EPKcRKSaIcE
  • strerror
  • strstr
  • strtol
  • getsockname
  • execve
  • memcpy
  • signal
  • setbuf
  • memmove
  • strchr
  • waitpid
  • socket
  • fread
  • getenv
  • __errno_location
  • strdup
  • _ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
  • _ZNSs6assignEPKcm
  • _ZNSs6assignERKSs
  • _ZSt19__throw_logic_errorPKc
  • feof
  • fclose
  • remove
  • isspace
  • __cxa_end_catch
  • _ZSt17__throw_bad_allocv
  • isxdigit
  • fork
  • __cxa_begin_catch
  • bind
  • fwrite
  • fprintf
  • write
  • _Znwm
  • _ZNSsC1ERKSsmm
  • _Unwind_Resume
  • accept
  • fcntl
  • _ZNSs6appendERKSs
  • open
  • isprint
  • time
  • fflush
  • _init
  • _fini
  • __gxx_personality_v0
  • section without a name

Debug information: False

  • GCC: (GNU) 4.4.7 20120313 (Red Hat 4.4.7-23)
  • GNU : '\xc9uq\x9c\x8a\xe8E\x138\xe2&QY\x81\x9aQ~\xce\x8c'

Hash

MD5: 61e14056774ea0d9967e8f35ffa0612e

SHA1: db6de3faca25dbb91fdec8d092e090e8e6aba080

SHA256: 5026580b0d5f3290970a948534c9910274f392689cd97722fc7eaa232ceaca21

SHA512: 5794e07768385c397768933e893e2719daee2d226a40f7b15035396afdd152367f1b3343326c5926954c4444ceb9a45c8a54c12058db22ee1b69c67065fa59b8

ssdeep: 1536:T/CmDRCacyFqVWi3HTiNZxC/AUxOfmy82v3rcfK:TBCacNWi3HTUJf/86Qy

Bytes

Entropy: 6.10271073829

Min entropy (16KB blocks): 4.83380710734

Max entropy (16KB blocks): 6.49250770605

Unique bytes (0-255): 256

Null bytes: 20673

White spaces: 1696

Printable bytes: 30044

First 16B: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 69 6c 65 5f 72 65 61 64 61 62 6c 65 45 53 73 00

Byte: 0x0

Offset: 0x12855

Length: 108

  • 0xcd - 32 times
  • 0x9f - 31 times
  • 0x9d - 27 times
  • 0x0 - 20673 times
  • 0xff - 6181 times
  • 0x48 - 3950 times

File type

Mime type: application/x-executable

File type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=c975719c8ae8451338e2265159819a517ece8c0d, not stripped

VirusTotal

Error: Resource not found

Data Explore

  • ~/
  • /dev/null
  • ::
  • 127.0.0.1
  • ::

Code Explore

Number of functions: 129

Total size functions [B]: 56546

Average size a function [B]: 438.341085271

Percentage of covered .text section: 111.998890826

Percentage of covered LOAD segment: 73.7235984355

Number of functions: 84

Total size functions [B]: 49471

Average size a function [B]: 588.94047619

Percentage of covered .text section: 97.9856599588

Percentage of covered LOAD segment: 64.4993481095

Sandbox (user)

Standard output:

Standard error: Env var 'GCP_OS' must be set

Sandbox (root)

Standard output:

Standard error: Env var 'GCP_OS' must be set

Behavior

  • mmap2
  • exit_group
  • rt_sigaction
  • read
  • munmap
  • mprotect
  • arch_prctl
  • access
  • write
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 14

Total number: 78

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libdl.so.2
  • /etc/ld.so.cache
  • /lib/x86_64-linux-gnu/libgcc_s.so.1
  • /opt/lib/libc.so.6
  • /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
  • /usr/lib/x86_64-linux-gnu/libstdc++.so.6
  • /opt/lib/libm.so.6

Max sleep: -1.0

  • mmap2
  • write
  • exit_group
  • rt_sigaction
  • read
  • commit_creds
  • mprotect
  • arch_prctl
  • access
  • munmap
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 15

Total number: 79

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libdl.so.2
  • /etc/ld.so.cache
  • /lib/x86_64-linux-gnu/libgcc_s.so.1
  • /opt/lib/libc.so.6
  • /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
  • /usr/lib/x86_64-linux-gnu/libstdc++.so.6
  • /opt/lib/libm.so.6

Max sleep: -1.0