Sample : aab51b11032f58597ea573935943fd2b1c083f79389895b69bc15619780e57c3

Summary


OS ABI

UNIX - System V
CPU class

64 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, for OpenBSD, stripped
CPU type

AMD x86-64
Entropy

6.38850742273
Syscalls executed (root)

2
Syscalls executed (user)

1
ELF type

Shared object file

ELF


Class

64 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Shared object file
ELF version

0.1
Machine

AMD x86-64
Link

dynamic
Entrypoint

0x350
Interpreter

<none>
Number of segments

9
Number of sections

24
Program header table offset

64
Section header table offset

562400
Program header table - size of entry

56
Section header table - size of entry

64
Program header table - entries

9
Section header table - entries

24
Section header table - index sections names

23
Stripped

True
Sections stripped

False
Dynamic symbols

c_command

xstrcmp

c_builtin

c_exec

__fini

Anomalies


Entrypoint
Section : .
p
l
t


Segments
High entropy : PT_LOAD at offset 0x0 - 6.490699
Memory size doubles physical size : PT_LOAD at offset 0x862b8


Sections
Uncommon sections : .openbsd.randomdata
.note.openbsd.ident
section without a name
High entropy : .text - 6.494973


Debug information

False
Note

OpenBSD :

GDB errors

warning: A handler for the OS ABI "OpenBSD ELF" is not built into this configuration of GDB. Attempting to continue with the default i386:x86-64 settings.

Hash


MD5

cd1dc68b53252e85b7c99531148a6964
SHA1

4ee6685144fe43002e28b917399f60dd1afcb81d
SHA256

aab51b11032f58597ea573935943fd2b1c083f79389895b69bc15619780e57c3
SHA512

96096b6aefe6868146b2c038cc112a4bc957fb7fc58b9c327ba266cc00d84c599303fd333a74e5f04f3ecf441b5f804391757903ed825b010284ec8d2bb1e59f
ssdeep

6144:4SW2E3eTrQoXlW9vMmtoxs8tELTBkMtoOuqK22IjOXr7DeZ0kXw9mEi5DCr3FE6b:ZW2EOTkoXI5Mma0yBKK2fA2+UEikLP

Bytes


Entropy

6.38850742273
Min entropy (16KB blocks)

2.77317779588
Max entropy (16KB blocks)

6.53549539281
Unique bytes (0-255)

256
Null bytes

99476
White spaces

10694
Printable bytes

163757
First 16B

7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Last 16B

01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Longest same bytes sequence

Byte : 0x0

Offset : 0x8551b

Length : 3526

Three rarest bytes

0xa1 - 201 times

0xa2 - 201 times

0xae - 189 times

Three most common bytes

0x0 - 99476 times

0xff - 31902 times

0x48 - 26747 times

File type


Mime type

application/x-sharedlib
File type

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, for OpenBSD, stripped

VirusTotal


Error

Resource not found

Data Explore


Paths

/bin/sh

/bin/ed}

/dev/null

~/%s

/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin

/etc/profile

/etc/suid_profile

/dev/tty

/dev/tty:

/dev/

/var/run/dev.db

/var/run/ypbind.lock

/etc/spwd.db

/etc/pwd.db

/etc/netgroup.db

/var/yp/binding

/etc/malloc.conf

/etc/localtime

/usr/share/zoneinfo

IPs (v4 and v6)

::

Code Explore


Nucleus

Number of functions : 965

Total size functions [B] : 1086585

Average size a function [B] : 1125.99481865

Percentage of covered .text section : 246.129957324

Percentage of covered LOAD segment : 194.475467403

Eh_frame

Number of functions : 943

Total size functions [B] : 430573

Average size a function [B] : 456.599151644

Percentage of covered .text section : 97.5320974567

Percentage of covered LOAD segment : 77.0633548466

Sandbox (user)


Standard output

Standard error

Segmentation fault

Sandbox (root)


Standard output

Standard error

Segmentation fault

Behavior


User behavior

Errors


Segmentation fault
True

Syscalls


Unique
execve


Unique number
1

Total number
1

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Empty trace

True

Max sleep

-1.0



Root behavior

Errors


Segmentation fault
True

Syscalls


Unique
commit_creds
execve


Unique number
2

Total number
2

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Max sleep

-1.0