Sample : 9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492
Modules
Summary
OS ABI
UNIX - System V
CPU class
32 bit
Persistence (user)
No
Persistence (root)
No
CPU byte order
2's complement LSB
File type
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /usr/lib/libc.so.1, not stripped
CPU type
Intel 80386
Entropy
5.89363485207
Syscalls executed (root)
5
Syscalls executed (user)
5
ELF type
Executable file
ELF
Class
32 bit
Data encoding
2's complement LSB
Operating system ABI
UNIX - System V
Object file type
Executable file
ELF version
0.1
Machine
Intel 80386
Link
dynamic
Entrypoint
0x8049a30
Interpreter
'/usr/lib/libc.so.1'
Number of segments
5
Number of sections
37
Program header table offset
52
Section header table offset
416436
Program header table - size of entry
32
Section header table - size of entry
40
Program header table - entries
5
Section header table - entries
37
Section header table - index sections names
34
Stripped
False
Sections stripped
False
Needed libraries
librt.so.1
libc.so.1
libsec.so.1
libc.so.1
libsec.so.1
Dynamic symbols
strcmp
iswcntrl
wcslen
__flsbuf
tzset
towlower
wctype
sigprocmask
acl_trivial
getgrgid
atexit
ldexp
strftime
getpwuid
malloc
setlocale
sigaction
toupper
strlen
localtime
_fini
__major
memchr
abort
_exit
stat64
readdir64
gmtime_r
isatty
fputs
sigaddset
signal
wcwidth
mbsinit
calloc
strcoll
snprintf
sprintf
localtime_r
wcscat
getgrnam
raise
getpwnam
tolower
lstat64
_get_exit_frame_monitor
fprintf
strncpy
iswprint
longjmp
free
memset
realloc
strtoumax
ioctl
frexp
opendir
strncmp
memmove
exit
tcgetpgrp
strrchr
fstat64
getenv
gettimeofday
sigismember
__fpending
iswctype
strcpy
wmemchr
fflush
__fpstart
fwrite
closedir
fclose
mbrtowc
__minor
strerror_r
printf
sigemptyset
setjmp
readlink
localeconv
mbrlen
strtoul
mbsrtowcs
memcpy
__assert_c99
btowc
wmemcpy
clock_gettime
_init
strdup
strchr
strcat
iswcntrl
wcslen
__flsbuf
tzset
towlower
wctype
sigprocmask
acl_trivial
getgrgid
atexit
ldexp
strftime
getpwuid
malloc
setlocale
sigaction
toupper
strlen
localtime
_fini
__major
memchr
abort
_exit
stat64
readdir64
gmtime_r
isatty
fputs
sigaddset
signal
wcwidth
mbsinit
calloc
strcoll
snprintf
sprintf
localtime_r
wcscat
getgrnam
raise
getpwnam
tolower
lstat64
_get_exit_frame_monitor
fprintf
strncpy
iswprint
longjmp
free
memset
realloc
strtoumax
ioctl
frexp
opendir
strncmp
memmove
exit
tcgetpgrp
strrchr
fstat64
getenv
gettimeofday
sigismember
__fpending
iswctype
strcpy
wmemchr
fflush
__fpstart
fwrite
closedir
fclose
mbrtowc
__minor
strerror_r
printf
sigemptyset
setjmp
readlink
localeconv
mbrlen
strtoul
mbsrtowcs
memcpy
__assert_c99
btowc
wmemcpy
clock_gettime
_init
strdup
strchr
strcat
Anomalies
Entrypoint
Section : .
p
l
t
Segments
High entropy : PT_LOAD at offset 0x0 - 6.516418
Memory size doubles physical size : PT_LOAD at offset 0x21000
Sections
Uncommon sections : .debug_frame
.debug_loc
.SUNW_signature
.debug_ranges
section without a name
High entropy : .text - 6.402256
Debug information
True
Comment
@(#)SunOS 5.10 Generic January 2005
GCC: (GNU) 4.3.2
GCC: (GNU) 4.3.2
Hash
MD5
320f67744944a9c753f42ae21877642b
SHA1
9b36d70636e230a9fb3cb6e01930efd263689b64
SHA256
9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492
SHA512
94d392f60e0eac02e57a678e8db8e433d8209feab5a19da5de88073b82bc0b7b93d771f398174a21214c186db53c87200f4c01b67943e4b793c032157b263b4a
ssdeep
12288:fvMLLvx8H9QFVxmIfbl65QmXo0/aLYNHinBW:fvMnvOyvV65QA9TWBW
Bytes
Entropy
5.89363485207
Min entropy (16KB blocks)
3.77441405444
Max entropy (16KB blocks)
6.42683759417
Unique bytes (0-255)
256
Null bytes
132754
White spaces
15588
Printable bytes
114095
First 16B
7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B
61 73 68 5f 67 65 74 5f 65 6e 74 72 69 65 73 00
Longest same bytes sequence
Byte :
0x0
Offset : 0x20366
Length : 3227
Offset : 0x20366
Length : 3227
Three rarest bytes
0xc5 - 178 times
0xaa - 166 times
0xcd - 136 times
0xaa - 166 times
0xcd - 136 times
Three most common bytes
0x0 - 132754 times
0x1 - 16395 times
0xff - 11645 times
0x1 - 16395 times
0xff - 11645 times
File type
Mime type
application/x-executable
File type
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /usr/lib/libc.so.1, not stripped
VirusTotal
Error
Resource not found
Data Explore
Paths
/usr/lib/libc.so.1
/lib/selinux
/usr/include/sys
/usr/include/iso
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include-fixed/iso
/usr/include/sys
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/sys
/usr/include
/usr/include/sys
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/usr/include/sys
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/usr/include
/usr/include/iso
/usr/include/iso
/usr/include/sys
/usr/include
/usr/include/iso
/usr/include
/usr/include/iso
/usr/include/sys
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/usr/include/iso
/usr/include
/usr/include/sys
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/usr/include
/usr/include/iso
/usr/include/iso
/usr/include/iso
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/sys
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/lib/selinux
/usr/include/sys
/usr/include/iso
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include-fixed/iso
/usr/include/sys
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/sys
/usr/include
/usr/include/sys
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/usr/include/sys
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/usr/include
/usr/include/iso
/usr/include/iso
/usr/include/sys
/usr/include
/usr/include/iso
/usr/include
/usr/include/iso
/usr/include/sys
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include
/usr/include/iso
/usr/include/iso
/usr/include
/usr/include/sys
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/usr/include
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/usr/include
/usr/include/iso
/usr/include/iso
/usr/include/iso
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/sys
/usr/include/iso
/home/mabshoff/x86_64-solaris-gcc-4.3.2/bin/../lib/gcc/i386-pc-solaris2.10/4.3.2/include
/usr/include/iso
/usr/include
URLs
http://gnu.org/licenses/gpl
IPs (v4 and v6)
49.1.1.55
Code Explore
Nucleus
Number of functions :
245
Total size functions [B] : 127174
Average size a function [B] : 519.07755102
Percentage of covered .text section : 118.605909125
Percentage of covered LOAD segment : 95.5678129133
Total size functions [B] : 127174
Average size a function [B] : 519.07755102
Percentage of covered .text section : 118.605909125
Percentage of covered LOAD segment : 95.5678129133
Eh_frame
Number of functions :
4
Total size functions [B] : 1619
Average size a function [B] : 404.75
Percentage of covered .text section : 1.50992315153
Percentage of covered LOAD segment : 1.21663460382
Total size functions [B] : 1619
Average size a function [B] : 404.75
Percentage of covered .text section : 1.50992315153
Percentage of covered LOAD segment : 1.21663460382
Sandbox (user)
Standard output
Standard error
sh: 1: /tmp/9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492: not found
Sandbox (root)
Standard output
Standard error
sh: 1: /tmp/9a7b755f4b6cb202a2845c795d6376607122acbd166ae045bd8fb39ba713c492: not found
Behavior
User behavior
Errors
Wrong interpreter
True
Syscalls
Unique
write
exit_group
execve
Unique number
3
Total number
5
Instrumented libc calls
Unique
strchr
Unique number
1
Total number
1
Number of processes
1
Trace lines lost
0
Max sleep
-1.0
Root behavior
Errors
Wrong interpreter
True
Syscalls
Unique
write
exit_group
execve
Unique number
3
Total number
5
Instrumented libc calls
Unique
strchr
Unique number
1
Total number
1
Number of processes
1
Trace lines lost
0
Max sleep
-1.0