Sample : 814b919d22f69b7cd9ee28ba9cae9776643d66e1b1f9b10be6c1c6895c6ffedb

Summary


OS ABI

ARM
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
CPU type

ARM 32-bit
Entropy

5.82365932325
Syscalls executed (root)

1
Syscalls executed (user)

1
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

ARM
Object file type

Executable file
ELF version

0.1
Machine

ARM 32-bit
Link

static
Entrypoint

0x8190
Number of segments

3
Number of sections

0
Program header table offset

52
Section header table offset

79448
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

3
Section header table - entries

10
Section header table - index sections names

9
Stripped

True
Sections stripped

True
Malformed

OrderedDict([(u'Beyond LOAD segment', True)])
Anomalies


Segments
W^X permission : PT_GNU_STACK at offset 0x0
Memory size doubles physical size : PT_LOAD at offset 0x13410


Sections
Wrong number of section headers : i
n
v
a
l
i
d
Section header table offset beyond file : True


Debug information

False
Pyelftools errors

expected 4, found 0
GDB errors

"/tmp/tmp.b6g3mzzK5M/814b919d22f69b7cd9ee28ba9cae9776643d66e1b1f9b10be6c1c6895c6ffedb": not in executable format: File truncated
Readelf errors

readelf: Error: Reading 0x190 bytes extends past end of file for section headers readelf: Error: Section headers are not available!

Hash


MD5

ff05af9af5734a15c3552df8871ce843
SHA1

5f5822fda076d171b9b1f66616a5911c192116f7
SHA256

814b919d22f69b7cd9ee28ba9cae9776643d66e1b1f9b10be6c1c6895c6ffedb
SHA512

b21641659cf3854f21798409df4dec30bcb05b9af26279208bef0bbebdab995ac2454a7dac7eba371b7b5a3797a51c7b06b713e114f6059a2cc950913acd4371
ssdeep

192:NLa8hznaY7XHBkPsE7sqk+PBdMhBuEvUJRRJUdGibVhihPIpazYlN7PsYDkTYc9:N2Sznh7XGEbJwMGbQGihhihPLzMs6s9

Bytes


Entropy

5.82365932325
Min entropy (16KB blocks)

-1.0
Max entropy (16KB blocks)

-1.0
Unique bytes (0-255)

246
Null bytes

1691
White spaces

400
Printable bytes

1662
First 16B

7f 45 4c 46 01 01 01 61 00 00 00 00 00 00 00 00
Last 16B

02 70 96 e0 00 20 a5 e2 04 70 81 e4 04 40 90 e4
Longest same bytes sequence

Byte : 0x0

Offset : 0x7a

Length : 19

Three rarest bytes

0xb7 - 0 times

0xcf - 0 times

0xdb - 0 times

Three most common bytes

0x0 - 1691 times

0xa0 - 585 times

0xe1 - 400 times

VirusTotal


Error

Resource not found

Code Explore


Nucleus

Eh_frame

Sandbox (user)


Standard output

Standard error

Segmentation fault

Sandbox (root)


Standard output

Standard error

Segmentation fault

Behavior


User behavior

Errors


Segmentation fault
True

Execution fault
True

Syscalls


Unique
execve


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Empty trace

True

Max sleep

-1.0



Root behavior

Errors


Segmentation fault
True

Execution fault
True

Syscalls


Unique
execve


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Empty trace

True

Max sleep

-1.0