Sample:

9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492



Summary

OS ABI: UNIX - System V

CPU class: 32 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /usr/lib/libc.so.1, not stripped

CPU type: Intel 80386

Entropy: 5.89363485207

Syscalls executed (root): 5

Syscalls executed (user): 5

ELF type: Executable file

ELF

Class: 32 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Executable file

ELF version: 0.1

Machine: Intel 80386

Link: dynamic

Entrypoint: 0x8049a30

Interpreter: '/usr/lib/libc.so.1'

Number of segments: 5

Number of sections: 37

Program header table offset: 52

Section header table offset: 416436

Program header table - size of entry: 32

Section header table - size of entry: 40

Program header table - entries: 5

Section header table - entries: 37

Section header table - index sections names: 34

Stripped: False

Sections stripped: False

  • librt.so.1
  • libc.so.1
  • libsec.so.1
  • strcmp
  • iswcntrl
  • wcslen
  • __flsbuf
  • tzset
  • towlower
  • wctype
  • sigprocmask
  • acl_trivial
  • getgrgid
  • atexit
  • ldexp
  • strftime
  • getpwuid
  • malloc
  • setlocale
  • sigaction
  • toupper
  • strlen
  • localtime
  • _fini
  • __major
  • memchr
  • abort
  • _exit
  • stat64
  • readdir64
  • gmtime_r
  • isatty
  • fputs
  • sigaddset
  • signal
  • wcwidth
  • mbsinit
  • calloc
  • strcoll
  • snprintf
  • sprintf
  • localtime_r
  • wcscat
  • getgrnam
  • raise
  • getpwnam
  • tolower
  • lstat64
  • _get_exit_frame_monitor
  • fprintf
  • strncpy
  • iswprint
  • longjmp
  • free
  • memset
  • realloc
  • strtoumax
  • ioctl
  • frexp
  • opendir
  • strncmp
  • memmove
  • exit
  • tcgetpgrp
  • strrchr
  • fstat64
  • getenv
  • gettimeofday
  • sigismember
  • __fpending
  • iswctype
  • strcpy
  • wmemchr
  • fflush
  • __fpstart
  • fwrite
  • closedir
  • fclose
  • mbrtowc
  • __minor
  • strerror_r
  • printf
  • sigemptyset
  • setjmp
  • readlink
  • localeconv
  • mbrlen
  • strtoul
  • mbsrtowcs
  • memcpy
  • __assert_c99
  • btowc
  • wmemcpy
  • clock_gettime
  • _init
  • strdup
  • strchr
  • strcat

Section: .plt

  • PT_LOAD at offset 0x0 - 6.516418
  • PT_LOAD at offset 0x21000
  • .debug_frame
  • .debug_loc
  • .SUNW_signature
  • .debug_ranges
  • section without a name
  • .text - 6.402256

Debug information: True

  • @(#)SunOS 5.10 Generic January 2005
  • GCC: (GNU) 4.3.2

Hash

MD5: 320f67744944a9c753f42ae21877642b

SHA1: 9b36d70636e230a9fb3cb6e01930efd263689b64

SHA256: 9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492

SHA512: 94d392f60e0eac02e57a678e8db8e433d8209feab5a19da5de88073b82bc0b7b93d771f398174a21214c186db53c87200f4c01b67943e4b793c032157b263b4a

ssdeep: 12288:fvMLLvx8H9QFVxmIfbl65QmXo0/aLYNHinBW:fvMnvOyvV65QA9TWBW

Bytes

Entropy: 5.89363485207

Min entropy (16KB blocks): 3.77441405444

Max entropy (16KB blocks): 6.42683759417

Unique bytes (0-255): 256

Null bytes: 132754

White spaces: 15588

Printable bytes: 114095

First 16B: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 61 73 68 5f 67 65 74 5f 65 6e 74 72 69 65 73 00

Byte: 0x0

Offset: 0x20366

Length: 3227

  • 0xc5 - 178 times
  • 0xaa - 166 times
  • 0xcd - 136 times
  • 0x0 - 132754 times
  • 0x1 - 16395 times
  • 0xff - 11645 times

File type

Mime type: application/x-executable

File type: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /usr/lib/libc.so.1, not stripped

VirusTotal

Error: Resource not found

Data Explore

  • /usr/lib/libc.so.1
  • /lib/selinux
  • /usr/include/sys
  • /usr/include/iso
  • /usr/include
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include-fixed/iso
  • /usr/include/sys
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include/sys
  • /usr/include
  • /usr/include/sys
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include
  • /usr/include/iso
  • /usr/include
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include
  • /usr/include/iso
  • /usr/include/sys
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include/iso
  • /usr/include
  • /usr/include
  • /usr/include/iso
  • /usr/include/iso
  • /usr/include/sys
  • /usr/include
  • /usr/include/iso
  • /usr/include
  • /usr/include/iso
  • /usr/include/sys
  • /usr/include
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include
  • /usr/include/iso
  • /usr/include/iso
  • /usr/include
  • /usr/include/sys
  • /usr/include
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include/iso
  • /usr/include
  • /usr/include
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include/iso
  • /usr/include
  • /usr/include
  • /usr/include/iso
  • /usr/include/iso
  • /usr/include/iso
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include/iso
  • /usr/include
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include/sys
  • /usr/include/iso
  • /home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
  • /usr/include/iso
  • /usr/include
  • http://gnu.org/licenses/gpl
  • 49.1.1.55

Code Explore

Number of functions: 245

Total size functions [B]: 127174

Average size a function [B]: 519.07755102

Percentage of covered .text section: 118.605909125

Percentage of covered LOAD segment: 95.5678129133

Number of functions: 4

Total size functions [B]: 1619

Average size a function [B]: 404.75

Percentage of covered .text section: 1.50992315153

Percentage of covered LOAD segment: 1.21663460382

Sandbox (user)

Standard output:

Standard error: sh: 1: /tmp/9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492: not found

Sandbox (root)

Standard output:

Standard error: sh: 1: /tmp/9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492: not found

Behavior

Wrong interpreter: True

  • write
  • exit_group
  • execve

Unique number: 3

Total number: 5

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0

Wrong interpreter: True

  • write
  • exit_group
  • execve

Unique number: 3

Total number: 5

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0