Sample : ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115

Summary


OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

Yes
Persistence (root)

Yes
CPU byte order

2's complement LSB
File type

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped
CPU type

Intel 80386
Entropy

6.41429545577
Syscalls executed (root)

7036
Syscalls executed (user)

3127
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

Intel 80386
Link

static
Entrypoint

0x8048120
Number of segments

5
Number of sections

28
Program header table offset

52
Section header table offset

965476
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

5
Section header table - entries

28
Section header table - index sections names

25
Stripped

False
Sections stripped

False
Anomalies


Segments
Memory size doubles physical size : PT_LOAD at offset 0xe9000
PT_TLS at offset 0xe9000


Sections
Uncommon sections : __libc_thread_subfreeres
__libc_freeres_fn
__libc_subfreeres
.tbss
.tdata
__libc_freeres_ptrs
section without a name
__libc_atexit
__libc_thread_freeres_fn
High entropy : __libc_freeres_fn - 6.418420


Debug information

False
Comment

GCC: (GNU) 4.0.0 20050525 (Red Hat 4.0.0-9)

GCC: (GNU) 4.0.0 20050519 (Red Hat 4.0.0-8)

Note

GNU : 

Hash


MD5

0ab3b36702c467ea381e877dfed33f92
SHA1

905b0fea1e6ed1c492438ff322dfcab23532d65f
SHA256

ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115
SHA512

30da79fb7a663c51462b24157c1c9e0aedcc0f1c1605ff015072f2d51965ede6421486b705ffaccddc3461aa135e43a08fa005c3d19500ab09d88668bd82fd36
ssdeep

24576:e845rUHu6gVJKG75oFpA0VWLX4G2y1q2rJp0:7451RVJKGtSA0VWLoVu9p0

Bytes


Entropy

6.41429545577
Min entropy (16KB blocks)

1.31774242922
Max entropy (16KB blocks)

6.62059556985
Unique bytes (0-255)

256
Null bytes

201912
White spaces

30534
Printable bytes

381205
First 16B

7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B

67 65 74 5f 61 6c 6c 6f 63 61 74 6f 72 45 76 00
Longest same bytes sequence

Byte : 0x0

Offset : 0xb7ab3

Length : 4686

Three rarest bytes

0xaf - 401 times

0xdd - 379 times

0xa7 - 345 times

Three most common bytes

0x0 - 201912 times

0xff - 69664 times

0x8 - 38392 times

File type


Mime type

application/x-executable
File type

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped

VirusTotal


URL

https://www.virustotal.com/#/file/ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115
Positive

37
Total AVs

59
Scan date

2018-05-18 06:49:02
AVClass

setag
Detection

ClamAV : Unix.Trojan.Agent-37008

McAfee : Linux/Gates

AegisLab : Backdoor.Linux.Ganiw!c

Rising : Backdoor.Linux.Flood.a (CLASSIC)

Symantec : Linux.Chikdos.B

Arcabit : Trojan.Linux.Billgates.G

Microsoft : Backdoor:Linux/Setag!rfn

Fortinet : ELF/Ganiw.A!tr

TrendMicro-HouseCall : ELF_SETAG.SM

Antiy-AVL : Trojan[Backdoor]/Linux.Ganiw.a

Qihoo-360 : virus.elf.ddos.f

Emsisoft : Trojan.Linux.Billgates.G (B)

Sophos : Linux/DDoS-BD

Ad-Aware : Trojan.Linux.Billgates.G

Cyren : ELF/Trojan.TKZK-1

Comodo : UnclassifiedMalware

Avast : ELF:Elknot-AE [Trj]

Kaspersky : HEUR:Backdoor.Linux.Ganiw.d

NANO-Antivirus : Trojan.Elf32.Ganiw.ditcrf

AVG : ELF:Elknot-AE [Trj]

Jiangmin : Backdoor/Linux.io

BitDefender : Trojan.Linux.Billgates.G

MAX : malware (ai score=98)

ESET-NOD32 : Linux/Setag.B.Gen

CAT-QuickHeal : Backdoor.Linux.Setag.E

TrendMicro : ELF_SETAG.SM

F-Secure : Trojan.Linux.Billgates.G

Ikarus : Trojan.Linux.Setag

McAfee-GW-Edition : Linux/Gates

Avira : LINUX/Setag.ztrec

Tencent : Trojan.Linux.Ganiw.a

AhnLab-V3 : Linux/Backdoor.1223123.B

ZoneAlarm : HEUR:Backdoor.Linux.Ganiw.d

ALYac : Trojan.Linux.Billgates.G

MicroWorld-eScan : Trojan.Linux.Billgates.G

Zillya : Trojan.Agent.Linux.12

GData : Linux.Trojan.Siggen.D

Data Explore


Paths

/etc/resolv.conf

/home/ll2

/usr/lib/libamplify.so

/usr/lib/libamplify.so

/proc/meminfo

/proc/stat

/proc/net/dev

/proc/cpuinfo

/proc/net/arp

/proc/net/route

/bin/netstat

/bin/lsof

/bin/ps

/bin/ss

/usr/bin/netstat

/usr/bin/lsof

/usr/bin/ps

/usr/bin/ss

/usr/sbin/netstat

/usr/sbin/lsof

/usr/sbin/ps

/usr/sbin/ss

/usr/bin/

/proc/net/pktgen/eth%d

/proc/net/pktgen/kpktgend_%d

/proc/net/pktgen/pgctrl

/dev/ptmx

/bin/sh

/dev/null

/proc/%d/exe

/etc/init.d/

/bin/bash %s

/etc/rc%d.d/S%d%s

/etc/init.d/%s

/proc/sys/kernel/version

/proc/sys/kernel/osrelease

/dev/null

/bin/sh

/dev/tty

/proc/self/maps

/usr/libexec/getconf

/proc/sys/kernel/ngroups_max

/proc/sys/kernel/rtsig-max

/dev/log

/dev/console

/etc/mtab

/etc/fstab

/usr/libexec/pt_chown

/dev/pts/

/var/tmp

/var/profile

/etc/suid-debug

/usr/lib/gconv

/usr/lib/gconv/gconv-modules.cache

/usr/lib/locale

/usr/lib/locale/locale-archive

/usr/share/locale

/usr/share/locale

/etc/localtime

/usr/share/zoneinfo

/etc/resolv.conf

/etc/nsswitch.conf

/var/run/nscd/socket

/dev/ptmx

/dev/pts

/dev/

/lib/

/usr/lib/

/lib/obsolete/linuxthreads/

/etc/ld.so.cache

/proc/self/exe

URLs

http://www.gnu.org/software/libc/bugs

IPs (v4 and v6)

127.0.0.1

::

::

::

8.8.8.8

8.8.4.4

::

::

8.8.8.8

::

127.0.0.1

::

::

61.132.163.68

202.102.192.68

202.102.213.68

202.102.200.101

58.242.2.2

202.38.64.1

211.91.88.129

211.138.180.2

218.104.78.2

202.102.199.68

202.175.3.3

202.175.3.8

202.112.144.30

61.233.9.9

61.233.9.61

124.207.160.110

202.97.7.6

202.97.7.17

202.106.0.20

202.106.46.151

202.106.195.68

202.106.196.115

202.106.196.212

202.106.196.228

202.106.196.230

202.106.196.232

202.106.196.237

202.112.112.10

211.136.17.107

211.136.28.231

211.136.28.234

211.136.28.237

211.147.6.3

219.141.136.10

219.141.140.10

219.141.148.37

219.141.148.39

219.239.26.42

221.130.32.100

221.130.32.103

221.130.32.106

221.130.32.109

221.130.33.52

221.130.33.60

221.176.3.70

221.176.3.73

221.176.3.76

221.176.3.79

221.176.3.83

221.176.3.85

221.176.4.6

221.176.4.9

221.176.4.12

221.176.4.15

221.176.4.18

221.176.4.21

58.22.96.66

218.104.128.106

202.101.98.55

211.138.145.194

211.138.151.161

211.138.156.66

218.85.152.99

218.85.157.99

222.47.29.93

202.101.107.85

119.233.255.228

222.47.62.142

122.72.33.240

211.98.121.27

218.203.160.194

221.7.34.10

61.235.70.98

113.111.211.22

202.96.128.68

202.96.128.86

202.96.128.166

210.21.3.140

210.21.4.130

211.95.193.97

211.98.2.4

211.98.4.1

211.162.61.225

211.162.61.235

211.162.61.255

211.162.62.1

211.162.62.60

221.4.66.66

202.103.176.22

202.96.144.47

210.38.192.33

202.96.134.33

202.96.134.133

202.96.154.15

210.21.196.6

221.5.88.88

202.103.243.112

202.193.64.33

61.235.164.13

61.235.164.18

202.103.225.68

221.7.136.68

202.103.224.68

211.97.64.129

211.138.240.100

211.138.242.18

211.138.245.180

221.7.128.68

222.52.118.162

202.98.192.67

202.98.198.167

211.92.136.81

211.139.1.3

211.139.2.18

202.100.192.68

211.97.96.65

211.138.164.6

221.11.132.2

202.100.199.8

202.99.160.68

202.99.166.4

202.99.168.8

222.222.222.222

202.102.224.68

202.102.227.68

222.85.85.85

222.88.88.88

210.42.241.1

202.196.64.1

112.100.100.100

202.97.224.68

219.235.127.1

61.236.93.33

211.93.24.129

211.137.241.34

219.147.198.230

202.103.0.68

202.103.0.117

202.103.24.68

202.103.44.150

202.114.0.242

202.114.240.6

211.161.158.11

211.161.159.3

218.104.111.114

218.104.111.122

218.106.127.114

218.106.127.122

221.232.129.30

59.51.78.210

61.234.254.5

202.103.96.112

219.72.225.253

222.243.129.81

222.246.129.80

211.142.210.98

211.142.210.100

220.168.208.3

220.168.208.6

220.170.64.68

218.76.192.100

61.187.98.3

61.187.98.6

202.98.0.68

211.93.64.129

211.141.16.99

202.98.5.68

219.149.194.55

211.138.200.69

202.102.3.141

202.102.3.144

58.240.57.33

112.4.0.55

114.114.114.114

114.114.115.115

202.102.24.34

218.2.135.1

221.6.4.66

221.131.143.69

202.102.8.141

222.45.0.110

61.177.7.1

218.104.32.106

211.103.13.101

221.228.255.1

61.147.37.1

222.45.1.40

58.241.208.46

202.102.9.141

202.102.7.90

202.101.224.68

202.101.226.68

211.141.90.68

211.137.32.178

202.96.69.38

211.140.197.58

219.149.6.99

202.96.86.18

101.47.189.10

101.47.189.18

118.29.249.50

118.29.249.54

202.96.64.68

202.96.75.68

202.118.1.29

202.118.1.53

219.148.204.66

202.99.224.8

202.99.224.67

211.90.72.65

211.138.91.1

218.203.101.3

202.100.96.68

211.93.0.81

222.75.152.129

211.138.75.123

202.102.154.3

202.102.152.3

219.146.1.66

219.147.1.66

202.102.128.68

202.102.134.68

211.138.106.19

211.90.80.65

202.99.192.66

202.99.192.68

61.134.1.4

202.117.96.5

202.117.96.10

218.30.19.40

218.30.19.50

116.228.111.118

180.168.255.18

202.96.209.5

202.96.209.133

202.101.6.2

211.95.1.97

211.95.72.1

211.136.112.50

211.136.150.66

119.6.6.6

124.161.97.234

124.161.97.238

124.161.97.242

61.139.2.69

202.98.96.68

202.115.32.36

202.115.32.39

218.6.200.139

218.89.0.124

61.139.54.66

61.139.39.73

139.175.10.20

139.175.55.244

139.175.150.20

139.175.252.16

168.95.1.1

210.200.211.193

210.200.211.225

211.78.130.1

61.31.1.1

61.31.233.1

168.95.192.1

168.95.192.174

61.60.224.3

61.60.224.5

202.113.16.10

202.113.16.11

202.99.96.68

202.99.104.68

211.137.160.5

211.137.160.185

219.150.32.132

202.98.224.68

211.139.73.34

61.10.0.130

61.10.1.130

202.14.67.4

202.14.67.14

202.45.84.58

202.45.84.67

202.60.252.8

202.85.128.32

203.80.96.9

203.142.100.18

203.142.100.21

203.186.94.20

203.186.94.241

221.7.1.20

61.128.114.133

61.128.114.166

218.202.152.130

61.166.150.123

202.203.128.33

211.98.72.7

211.139.29.68

211.139.29.150

211.139.29.170

221.3.131.11

222.172.200.68

61.166.150.101

61.166.150.139

202.203.144.33

202.203.160.33

202.203.192.33

202.203.208.33

202.203.224.33

211.92.144.161

222.221.5.240

61.166.25.129

202.96.103.36

221.12.1.227

221.130.252.200

222.46.120.5

202.96.96.68

218.108.248.219

218.108.248.245

61.130.254.34

60.191.244.5

202.96.104.15

202.96.104.26

221.12.33.227

202.96.107.27

61.128.128.68

61.128.192.68

218.201.17.2

221.5.203.86

221.5.203.90

221.5.203.98

221.7.92.86

221.7.92.98

::

::

::

::

1.0.0.0

1.0.0.1

255.0.0.0

254.255.255.254

127.0.0.1

127.0.0.1

::

::

::

10.0.0.0

10.255.255.255

127.0.0.0

127.255.255.255

172.16.0.0

172.31.255.255

192.168.0.0

192.168.255.255

255.0.0.0

254.255.255.254

::

::

::a

::c

::c

::

::ba

::

::a

::

::

::

::e

::a

::

::

d::

d::

d::

d::

d::

d::

d::

d::

d::

d::

Code Explore


Nucleus

Number of functions : 3661

Total size functions [B] : 2605985

Average size a function [B] : 711.82327233

Percentage of covered .text section : 349.965755264

Percentage of covered LOAD segment : 271.682323763

Eh_frame

Number of functions : 1729

Total size functions [B] : 373146

Average size a function [B] : 215.816078658

Percentage of covered .text section : 50.1109260851

Percentage of covered LOAD segment : 38.9016714919

Sandbox (user)


Standard output

Standard error

Sandbox (root)


Standard output

Standard error

Behavior


User behavior

Syscalls


Unique
lseek
getegid
sysctl
rt_sigaction
mprotect
geteuid
uname
brk
connect
getsockname
close
flock
open
getgid
write
exit_group
recv
rt_sigprocmask
send
access
setsid
exit
getpid
getrlimit
set_tid_address
fstat
fcntl
stat
dup2
read
clone
getppid
set_thread_area
readlink
waitpid
unlink
sigreturn
execve
socket
wait4
setsockopt
getuid
getdents
munmap
gettimeofday
futex
mmap2
time
ftruncate
recvfrom
nanosleep


Unique number
51

Total number
3127

Instrumented libc calls


Unique
strchr
memcmp
strcmp
strtok


Unique number
4

Total number
27

If uid is checked

True

If gid is checked

True

Permission related errors

True

Type of permission related error


EACCES
True

Number of processes

8

Trace lines lost

0

Persistence


Modify
/etc/init.d/DbSecuritySpt


Dropped files


Modify
/tmp/moni.lod
/dev/null
/tmp/gates.lod
/tmp/bill.lock
/tmp/conf.n


Files being read

/proc/net/arp

/etc/ld.so.cache

/tmp/conf.n

/proc/cpuinfo

/tmp/cmd.n

/proc/net/dev

/tmp/

/proc/net/route

/etc/resolv.conf

/proc/stat

/proc/meminfo

/usr/lib/libamplify.so

/opt/lib/libc.so.6

/tmp/gates.lod

/lib/modules/4.4.0-77-generic/modules.softdep

/proc/cmdline

Max sleep

120.0

System cmds

insmod /tmp/xpacket.ko

String or memory comparison

"insmod", "until"

"insmod", "continue"

"insmod", "insmod"

"insmod", "jobs"

"lsmod", "insmod"

"rmmod", "insmod"

"sctp", "pre:", 4

"insmod", "export"

"insmod", "for"

"pre: crc32c", "pre:", 4

"insmod", "then"

"insmod", "in"

"insmod", "hash"

"pre: sctp", "pre:", 4

"insmod", "getopts"



Root behavior

Syscalls


Unique
lseek
getegid
sysctl
getsockname
rt_sigaction
mkdir
mprotect
geteuid
uname
brk
connect
llseek
close
flock
open
getgid
write
exit_group
recv
rt_sigprocmask
umask
send
access
setsid
exit
getpid
getrlimit
set_tid_address
fstat
fcntl
stat
dup2
read
commit_creds
clone
getppid
statfs64
symlink
fadvise64
set_robust_list
set_thread_area
readlink
waitpid
unlink
sigreturn
execve
socket
wait4
setsockopt
chdir
getuid
getdents
munmap
gettimeofday
futex
mmap2
time
ftruncate
recvfrom
nanosleep


Unique number
60

Total number
7036

Instrumented libc calls


Unique
strchr
strtok
strcmp
memchr
memcmp


Unique number
5

Total number
2470

Number of processes

38

Trace lines lost

0

Persistence


Modify
/etc/init.d/DbSecuritySpt


Link
/etc/rc5.d/S97DbSecuritySpt
/etc/rc2.d/S97DbSecuritySpt
/etc/rc3.d/S97DbSecuritySpt
/etc/rc1.d/S97DbSecuritySpt
/etc/rc4.d/S97DbSecuritySpt


Link from
/etc/init.d/DbSecuritySpt


Dropped files


Create
/usr/bin/.sshd
/usr/bin/bsd-port/getty


Modify
/tmp/moni.lod
/tmp/conf.n
/dev/null
/tmp/notify.file
/usr/bin/bsd-port/udevd.lock
/tmp/gates.lod
/tmp/bill.lock
/usr/bin/bsd-port/getty.lock


Files being read

/lib/i386-linux-gnu/libpcre.so.3

/opt/lib/libpthread.so.0

/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION

/tmp/

/proc/filesystems

/opt/lib/locale/locale-archive

/usr/lib/libamplify.so

/lib/i386-linux-gnu/libselinux.so.1

/tmp/gates.lod

/opt/lib/libdl.so.2

/proc/cmdline

/opt/lib/libc.so.6

/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION

/opt/lib/locale/en_US/LC_IDENTIFICATION

/lib/i386-linux-gnu/libacl.so.1

/proc/stat

/proc/meminfo

/tmp/moni.lod

/lib/modules/4.4.0-77-generic/modules.softdep

/proc/net/arp

/etc/ld.so.cache

/proc/cpuinfo

/opt/share/locale/locale.alias

/lib/i386-linux-gnu/libattr.so.1

/etc/resolv.conf

/proc/net/route

/tmp/conf.n

/opt/lib/locale/en/LC_IDENTIFICATION

/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION

/tmp/ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115

/opt/lib/locale/en.utf8/LC_IDENTIFICATION

/tmp/cmd.n

/proc/net/dev

Max sleep

120.0

Unlink files

/tmp/notify.file

String or memory comparison

"/usr/bin/bsd-port/getty", "elif"

"", "C"

"en_US.UTF-8", b7660624

"cp", "jobs"

"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"

"insmod", "for"

"insmod", "then"

"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"

"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"

"mkdir", "local"

"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"

"lsmod", "insmod"

"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATI...

"UTF-8", "utf8"

"selinuxfs", "inuxfs", 6

"pre: crc32c", "pre:", 4

"mkdir", "for"

"/usr/bin/bsd-port/getty", "!"

"mkdir", "printf"

"ln", "kill"

"mkdir", "until"

"insmod", "export"

"en_US.UTF-8", "C"

"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION"

"insmod", "getopts"

"/usr/bin/.sshd", "!"

"ln", "then"

"cp", "for"

"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"

"/usr/bin/.sshd", "case"

"SMP", "P", 1

"", b7710a7b

"/usr/bin/bsd-port/getty", "case"

"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"

"en_US.UTF-8", "POSIX"

"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"

"en_US.UTF-8", b76c0624

"mkdir", "read"

"ln", "printf"

"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"

"mkdir", "jobs"

"cp", "case"

"/usr/share/locale", "/opt/share/locale"

"cp", "continue"

"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en_US/LC_IDENTIFICATION"

"ln", "jobs"

"pre: sctp", "pre:", 4

"insmod", "continue"

"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"

"insmod", "in"

"cp", "export"

"/usr/bin/.sshd", "elif"

"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"

"cp", "do"

"/usr/bin/bsd-port/getty", "do"

"/usr/bin/bsd-port/getty", "for"

"cp", "exec"

"insmod", "jobs"

"ln", "local"

"mkdir", "then"

"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"

"coreutils", "messages"

"/usr/bin/.sshd", "do"

"ln", "for"

"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en_US/LC_IDENTIFICATION"

"/usr/bin/.sshd", "for"

"cp", "eval"

"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"

"ln", "read"

"mkdir", "test"

"rmmod", "insmod"

"ln", "until"

"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"

"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION...

"ln", "in"

"insmod", "until"

"ln", "test"

"insmod", "insmod"

"sctp", "pre:", 4

"cp", "elif"

"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"

"insmod", "hash"

"cp", "echo"

"mkdir", "in"