Sample:

5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac



Summary

OS ABI: UNIX - FreeBSD

CPU class: 64 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.2, stripped

CPU type: AMD x86-64

Entropy: 4.43647056901

Syscalls executed (root): 5

Syscalls executed (user): 5

ELF type: Executable file

ELF

Class: 64 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - FreeBSD

Object file type: Executable file

ELF version: 0.1

Machine: AMD x86-64

Entrypoint: 0x400a10

Interpreter: '/libexec/ld-elf.so.1'

Number of segments: 8

Number of sections: 28

Program header table offset: 64

Section header table offset: 6296

Program header table - size of entry: 56

Section header table - size of entry: 64

Program header table - entries: 8

Section header table - entries: 28

Section header table - index sections names: 27

Stripped: True

Sections stripped: False

  • libc.so.7
  • malloc
  • cap_ioctls_limit
  • cap_rights_limit
  • atexit
  • err
  • strerror
  • _init_tls
  • cap_fcntls_limit
  • strlen
  • __cap_rights_set
  • cap_enter
  • __stack_chk_fail
  • __error
  • __cap_rights_init
  • exit
  • write
  • writev
  • strcmp
  • .note.tag
  • .gnu_debuglink
  • section without a name

Debug information: False

  • $FreeBSD: releng/11.2/bin/echo/echo.c 332463 2018-04-13 03:30:10Z kevans $
  • FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
  • $FreeBSD: releng/11.2/lib/csu/amd64/crtn.S 217105 2011-01-07 16:07:51Z kib $
  • $FreeBSD: releng/11.2/lib/csu/amd64/crti.S 217105 2011-01-07 16:07:51Z kib $
  • $FreeBSD: releng/11.2/lib/csu/common/ignore_init.c 331722 2018-03-29 02:50:57Z eadler $
  • $FreeBSD: releng/11.2/lib/csu/amd64/crt1.c 331722 2018-03-29 02:50:57Z eadler $
  • $FreeBSD: releng/11.2/lib/csu/common/crtbrand.c 335510 2018-06-21 22:59:49Z gjb $
  • FreeBSD : '\xb0\xd0\x10'
  • FreeBSD :

GDB errors: warning: A handler for the OS ABI "FreeBSD ELF" is not built into this configuration of GDB. Attempting to continue with the default i386:x86-64 settings.

Hash

MD5: cfb0650029a823107c4d3d933fc7b3bd

SHA1: 398c2e57042b98e8f6695a919248d03ba2f5d6a0

SHA256: 5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac

SHA512: f3bddcfbe40e103fdbafbbf410bacc4df5ac564cd1a5904d2588e4e51e2c3f7619368cb97ca044e929216b54901f5c6e795f555c77647f2bfefb532ef2152976

ssdeep: 96:jOChn02dCuhcrPoMwhZ6Tzk43jZ0ENoBVZVYZOs2GWm23WZ1d4da6KAjS:jOyn02dCuhcJwmzP3KfBOON773WZ1oK

Bytes

Entropy: 4.43647056901

Min entropy (16KB blocks): -1.0

Max entropy (16KB blocks): -1.0

Unique bytes (0-255): 232

Null bytes: 4049

White spaces: 184

Printable bytes: 1894

First 16B: 7f 45 4c 46 02 01 01 09 00 00 00 00 00 00 00 00

Last 16B: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Byte: 0x0

Offset: 0x144d

Length: 100

  • 0xea - 0 times
  • 0xee - 0 times
  • 0xf4 - 0 times
  • 0x0 - 4049 times
  • 0xff - 246 times
  • 0x48 - 140 times

File type

Mime type: application/x-executable

File type: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.2, stripped

VirusTotal

URL: https://www.virustotal.com/#/file/5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac

Positive: 0

Scan date: 2018-08-21 09:56:17

Data Explore

  • /lib/csu/amd64/crt1.c
  • /lib/csu/common/crtbrand.c
  • /lib/csu/common/ignore_init.c
  • /lib/csu/amd64/crti.S
  • /bin/echo/echo.c
  • /lib/csu/amd64/crtn.S

Code Explore

Number of functions: 10

Total size functions [B]: 3176

Average size a function [B]: 317.6

Percentage of covered .text section: 168.936170213

Percentage of covered LOAD segment: 57.903372835

Number of functions: 6

Total size functions [B]: 1676

Average size a function [B]: 279.333333333

Percentage of covered .text section: 89.1489361702

Percentage of covered LOAD segment: 30.5560619872

Sandbox (user)

Standard output:

Standard error: sh: 1: /tmp/5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac: not found

Sandbox (root)

Standard output:

Standard error: sh: 1: /tmp/5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac: not found

Behavior

Wrong interpreter: True

  • write
  • exit_group
  • execve

Unique number: 3

Total number: 5

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0

Wrong interpreter: True

  • write
  • exit_group
  • execve

Unique number: 3

Total number: 5

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0