Sample : 5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac

Summary


OS ABI

UNIX - FreeBSD
CPU class

64 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.2, stripped
CPU type

AMD x86-64
Entropy

4.43647056901
Syscalls executed (root)

5
Syscalls executed (user)

5
ELF type

Executable file

ELF


Class

64 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - FreeBSD
Object file type

Executable file
ELF version

0.1
Machine

AMD x86-64
Link

dynamic
Entrypoint

0x400a10
Interpreter

'/libexec/ld-elf.so.1'
Number of segments

8
Number of sections

28
Program header table offset

64
Section header table offset

6296
Program header table - size of entry

56
Section header table - size of entry

64
Program header table - entries

8
Section header table - entries

28
Section header table - index sections names

27
Stripped

True
Sections stripped

False
Needed libraries

libc.so.7

Dynamic symbols

malloc

cap_ioctls_limit

cap_rights_limit

atexit

err

strerror

_init_tls

cap_fcntls_limit

strlen

__cap_rights_set

cap_enter

__stack_chk_fail

__error

__cap_rights_init

exit

write

writev

strcmp

Anomalies


Sections
Uncommon sections : .note.tag
.gnu_debuglink
section without a name


Debug information

False
Comment

$FreeBSD: releng/11.2/bin/echo/echo.c 332463 2018-04-13 03:30:10Z kevans $

FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)

$FreeBSD: releng/11.2/lib/csu/amd64/crtn.S 217105 2011-01-07 16:07:51Z kib $

$FreeBSD: releng/11.2/lib/csu/amd64/crti.S 217105 2011-01-07 16:07:51Z kib $

$FreeBSD: releng/11.2/lib/csu/common/ignore_init.c 331722 2018-03-29 02:50:57Z eadler $

$FreeBSD: releng/11.2/lib/csu/amd64/crt1.c 331722 2018-03-29 02:50:57Z eadler $

$FreeBSD: releng/11.2/lib/csu/common/crtbrand.c 335510 2018-06-21 22:59:49Z gjb $

Note

FreeBSD : '\xb0\xd0\x10'

FreeBSD :

GDB errors

warning: A handler for the OS ABI "FreeBSD ELF" is not built into this configuration of GDB. Attempting to continue with the default i386:x86-64 settings.

Hash


MD5

cfb0650029a823107c4d3d933fc7b3bd
SHA1

398c2e57042b98e8f6695a919248d03ba2f5d6a0
SHA256

5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac
SHA512

f3bddcfbe40e103fdbafbbf410bacc4df5ac564cd1a5904d2588e4e51e2c3f7619368cb97ca044e929216b54901f5c6e795f555c77647f2bfefb532ef2152976
ssdeep

96:jOChn02dCuhcrPoMwhZ6Tzk43jZ0ENoBVZVYZOs2GWm23WZ1d4da6KAjS:jOyn02dCuhcJwmzP3KfBOON773WZ1oK

Bytes


Entropy

4.43647056901
Min entropy (16KB blocks)

-1.0
Max entropy (16KB blocks)

-1.0
Unique bytes (0-255)

232
Null bytes

4049
White spaces

184
Printable bytes

1894
First 16B

7f 45 4c 46 02 01 01 09 00 00 00 00 00 00 00 00
Last 16B

01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Longest same bytes sequence

Byte : 0x0

Offset : 0x144d

Length : 100

Three rarest bytes

0xea - 0 times

0xee - 0 times

0xf4 - 0 times

Three most common bytes

0x0 - 4049 times

0xff - 246 times

0x48 - 140 times

File type


Mime type

application/x-executable
File type

ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 11.2, stripped

VirusTotal


URL

https://www.virustotal.com/#/file/5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac
Positive

0
Scan date

2018-08-21 09:56:17

Data Explore


Paths

/lib/csu/amd64/crt1.c

/lib/csu/common/crtbrand.c

/lib/csu/common/ignore_init.c

/lib/csu/amd64/crti.S

/bin/echo/echo.c

/lib/csu/amd64/crtn.S

Code Explore


Nucleus

Number of functions : 10

Total size functions [B] : 3176

Average size a function [B] : 317.6

Percentage of covered .text section : 168.936170213

Percentage of covered LOAD segment : 57.903372835

Eh_frame

Number of functions : 6

Total size functions [B] : 1676

Average size a function [B] : 279.333333333

Percentage of covered .text section : 89.1489361702

Percentage of covered LOAD segment : 30.5560619872

Sandbox (user)


Standard output

Standard error

sh: 1: /tmp/5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac: not found

Sandbox (root)


Standard output

Standard error

sh: 1: /tmp/5676328c6d1309fd8ee0e80bdc1208dbf9dce3ccabe14c80d69e247a3d1643ac: not found

Behavior


User behavior

Errors


Wrong interpreter
True

Syscalls


Unique
write
exit_group
execve


Unique number
3

Total number
5

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Max sleep

-1.0



Root behavior

Errors


Wrong interpreter
True

Syscalls


Unique
write
exit_group
execve


Unique number
3

Total number
5

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Max sleep

-1.0