Sample : ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115
Modules
Summary
OS ABI
UNIX - System V
CPU class
32 bit
Persistence (user)
Yes
Persistence (root)
Yes
CPU byte order
2's complement LSB
File type
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped
CPU type
Intel 80386
Entropy
6.41429545577
Syscalls executed (root)
7036
Syscalls executed (user)
3127
ELF type
Executable file
ELF
Class
32 bit
Data encoding
2's complement LSB
Operating system ABI
UNIX - System V
Object file type
Executable file
ELF version
0.1
Machine
Intel 80386
Link
static
Entrypoint
0x8048120
Number of segments
5
Number of sections
28
Program header table offset
52
Section header table offset
965476
Program header table - size of entry
32
Section header table - size of entry
40
Program header table - entries
5
Section header table - entries
28
Section header table - index sections names
25
Stripped
False
Sections stripped
False
Anomalies
Segments
Memory size doubles physical size : PT_LOAD at offset 0xe9000
PT_TLS at offset 0xe9000
Sections
Uncommon sections : __libc_thread_subfreeres
__libc_freeres_fn
__libc_subfreeres
.tbss
.tdata
__libc_freeres_ptrs
section without a name
__libc_atexit
__libc_thread_freeres_fn
High entropy : __libc_freeres_fn - 6.418420
Debug information
False
Comment
GCC: (GNU) 4.0.0 20050525 (Red Hat 4.0.0-9)
GCC: (GNU) 4.0.0 20050519 (Red Hat 4.0.0-8)
GCC: (GNU) 4.0.0 20050519 (Red Hat 4.0.0-8)
Note
GNU :
Hash
MD5
0ab3b36702c467ea381e877dfed33f92
SHA1
905b0fea1e6ed1c492438ff322dfcab23532d65f
SHA256
ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115
SHA512
30da79fb7a663c51462b24157c1c9e0aedcc0f1c1605ff015072f2d51965ede6421486b705ffaccddc3461aa135e43a08fa005c3d19500ab09d88668bd82fd36
ssdeep
24576:e845rUHu6gVJKG75oFpA0VWLX4G2y1q2rJp0:7451RVJKGtSA0VWLoVu9p0
Bytes
Entropy
6.41429545577
Min entropy (16KB blocks)
1.31774242922
Max entropy (16KB blocks)
6.62059556985
Unique bytes (0-255)
256
Null bytes
201912
White spaces
30534
Printable bytes
381205
First 16B
7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B
67 65 74 5f 61 6c 6c 6f 63 61 74 6f 72 45 76 00
Longest same bytes sequence
Byte :
0x0
Offset : 0xb7ab3
Length : 4686
Offset : 0xb7ab3
Length : 4686
Three rarest bytes
0xaf - 401 times
0xdd - 379 times
0xa7 - 345 times
0xdd - 379 times
0xa7 - 345 times
Three most common bytes
0x0 - 201912 times
0xff - 69664 times
0x8 - 38392 times
0xff - 69664 times
0x8 - 38392 times
File type
Mime type
application/x-executable
File type
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, not stripped
VirusTotal
URL
https://www.virustotal.com/#/file/ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115
Positive
37
Total AVs
59
Scan date
2018-05-18 06:49:02
AVClass
setag
Detection
ClamAV :
Unix.Trojan.Agent-37008
McAfee : Linux/Gates
AegisLab : Backdoor.Linux.Ganiw!c
Rising : Backdoor.Linux.Flood.a (CLASSIC)
Symantec : Linux.Chikdos.B
Arcabit : Trojan.Linux.Billgates.G
Microsoft : Backdoor:Linux/Setag!rfn
Fortinet : ELF/Ganiw.A!tr
TrendMicro-HouseCall : ELF_SETAG.SM
Antiy-AVL : Trojan[Backdoor]/Linux.Ganiw.a
Qihoo-360 : virus.elf.ddos.f
Emsisoft : Trojan.Linux.Billgates.G (B)
Sophos : Linux/DDoS-BD
Ad-Aware : Trojan.Linux.Billgates.G
Cyren : ELF/Trojan.TKZK-1
Comodo : UnclassifiedMalware
Avast : ELF:Elknot-AE [Trj]
Kaspersky : HEUR:Backdoor.Linux.Ganiw.d
NANO-Antivirus : Trojan.Elf32.Ganiw.ditcrf
AVG : ELF:Elknot-AE [Trj]
Jiangmin : Backdoor/Linux.io
BitDefender : Trojan.Linux.Billgates.G
MAX : malware (ai score=98)
ESET-NOD32 : Linux/Setag.B.Gen
CAT-QuickHeal : Backdoor.Linux.Setag.E
TrendMicro : ELF_SETAG.SM
F-Secure : Trojan.Linux.Billgates.G
Ikarus : Trojan.Linux.Setag
McAfee-GW-Edition : Linux/Gates
Avira : LINUX/Setag.ztrec
Tencent : Trojan.Linux.Ganiw.a
AhnLab-V3 : Linux/Backdoor.1223123.B
ZoneAlarm : HEUR:Backdoor.Linux.Ganiw.d
ALYac : Trojan.Linux.Billgates.G
MicroWorld-eScan : Trojan.Linux.Billgates.G
Zillya : Trojan.Agent.Linux.12
GData : Linux.Trojan.Siggen.D
McAfee : Linux/Gates
AegisLab : Backdoor.Linux.Ganiw!c
Rising : Backdoor.Linux.Flood.a (CLASSIC)
Symantec : Linux.Chikdos.B
Arcabit : Trojan.Linux.Billgates.G
Microsoft : Backdoor:Linux/Setag!rfn
Fortinet : ELF/Ganiw.A!tr
TrendMicro-HouseCall : ELF_SETAG.SM
Antiy-AVL : Trojan[Backdoor]/Linux.Ganiw.a
Qihoo-360 : virus.elf.ddos.f
Emsisoft : Trojan.Linux.Billgates.G (B)
Sophos : Linux/DDoS-BD
Ad-Aware : Trojan.Linux.Billgates.G
Cyren : ELF/Trojan.TKZK-1
Comodo : UnclassifiedMalware
Avast : ELF:Elknot-AE [Trj]
Kaspersky : HEUR:Backdoor.Linux.Ganiw.d
NANO-Antivirus : Trojan.Elf32.Ganiw.ditcrf
AVG : ELF:Elknot-AE [Trj]
Jiangmin : Backdoor/Linux.io
BitDefender : Trojan.Linux.Billgates.G
MAX : malware (ai score=98)
ESET-NOD32 : Linux/Setag.B.Gen
CAT-QuickHeal : Backdoor.Linux.Setag.E
TrendMicro : ELF_SETAG.SM
F-Secure : Trojan.Linux.Billgates.G
Ikarus : Trojan.Linux.Setag
McAfee-GW-Edition : Linux/Gates
Avira : LINUX/Setag.ztrec
Tencent : Trojan.Linux.Ganiw.a
AhnLab-V3 : Linux/Backdoor.1223123.B
ZoneAlarm : HEUR:Backdoor.Linux.Ganiw.d
ALYac : Trojan.Linux.Billgates.G
MicroWorld-eScan : Trojan.Linux.Billgates.G
Zillya : Trojan.Agent.Linux.12
GData : Linux.Trojan.Siggen.D
Data Explore
Paths
/etc/resolv.conf
/home/ll2
/usr/lib/libamplify.so
/usr/lib/libamplify.so
/proc/meminfo
/proc/stat
/proc/net/dev
/proc/cpuinfo
/proc/net/arp
/proc/net/route
/bin/netstat
/bin/lsof
/bin/ps
/bin/ss
/usr/bin/netstat
/usr/bin/lsof
/usr/bin/ps
/usr/bin/ss
/usr/sbin/netstat
/usr/sbin/lsof
/usr/sbin/ps
/usr/sbin/ss
/usr/bin/
/proc/net/pktgen/eth%d
/proc/net/pktgen/kpktgend_%d
/proc/net/pktgen/pgctrl
/dev/ptmx
/bin/sh
/dev/null
/proc/%d/exe
/etc/init.d/
/bin/bash %s
/etc/rc%d.d/S%d%s
/etc/init.d/%s
/proc/sys/kernel/version
/proc/sys/kernel/osrelease
/dev/null
/bin/sh
/dev/tty
/proc/self/maps
/usr/libexec/getconf
/proc/sys/kernel/ngroups_max
/proc/sys/kernel/rtsig-max
/dev/log
/dev/console
/etc/mtab
/etc/fstab
/usr/libexec/pt_chown
/dev/pts/
/var/tmp
/var/profile
/etc/suid-debug
/usr/lib/gconv
/usr/lib/gconv/gconv-modules.cache
/usr/lib/locale
/usr/lib/locale/locale-archive
/usr/share/locale
/usr/share/locale
/etc/localtime
/usr/share/zoneinfo
/etc/resolv.conf
/etc/nsswitch.conf
/var/run/nscd/socket
/dev/ptmx
/dev/pts
/dev/
/lib/
/usr/lib/
/lib/obsolete/linuxthreads/
/etc/ld.so.cache
/proc/self/exe
/home/ll2
/usr/lib/libamplify.so
/usr/lib/libamplify.so
/proc/meminfo
/proc/stat
/proc/net/dev
/proc/cpuinfo
/proc/net/arp
/proc/net/route
/bin/netstat
/bin/lsof
/bin/ps
/bin/ss
/usr/bin/netstat
/usr/bin/lsof
/usr/bin/ps
/usr/bin/ss
/usr/sbin/netstat
/usr/sbin/lsof
/usr/sbin/ps
/usr/sbin/ss
/usr/bin/
/proc/net/pktgen/eth%d
/proc/net/pktgen/kpktgend_%d
/proc/net/pktgen/pgctrl
/dev/ptmx
/bin/sh
/dev/null
/proc/%d/exe
/etc/init.d/
/bin/bash %s
/etc/rc%d.d/S%d%s
/etc/init.d/%s
/proc/sys/kernel/version
/proc/sys/kernel/osrelease
/dev/null
/bin/sh
/dev/tty
/proc/self/maps
/usr/libexec/getconf
/proc/sys/kernel/ngroups_max
/proc/sys/kernel/rtsig-max
/dev/log
/dev/console
/etc/mtab
/etc/fstab
/usr/libexec/pt_chown
/dev/pts/
/var/tmp
/var/profile
/etc/suid-debug
/usr/lib/gconv
/usr/lib/gconv/gconv-modules.cache
/usr/lib/locale
/usr/lib/locale/locale-archive
/usr/share/locale
/usr/share/locale
/etc/localtime
/usr/share/zoneinfo
/etc/resolv.conf
/etc/nsswitch.conf
/var/run/nscd/socket
/dev/ptmx
/dev/pts
/dev/
/lib/
/usr/lib/
/lib/obsolete/linuxthreads/
/etc/ld.so.cache
/proc/self/exe
URLs
http://www.gnu.org/software/libc/bugs
IPs (v4 and v6)
127.0.0.1
::
::
::
8.8.8.8
8.8.4.4
::
::
8.8.8.8
::
127.0.0.1
::
::
61.132.163.68
202.102.192.68
202.102.213.68
202.102.200.101
58.242.2.2
202.38.64.1
211.91.88.129
211.138.180.2
218.104.78.2
202.102.199.68
202.175.3.3
202.175.3.8
202.112.144.30
61.233.9.9
61.233.9.61
124.207.160.110
202.97.7.6
202.97.7.17
202.106.0.20
202.106.46.151
202.106.195.68
202.106.196.115
202.106.196.212
202.106.196.228
202.106.196.230
202.106.196.232
202.106.196.237
202.112.112.10
211.136.17.107
211.136.28.231
211.136.28.234
211.136.28.237
211.147.6.3
219.141.136.10
219.141.140.10
219.141.148.37
219.141.148.39
219.239.26.42
221.130.32.100
221.130.32.103
221.130.32.106
221.130.32.109
221.130.33.52
221.130.33.60
221.176.3.70
221.176.3.73
221.176.3.76
221.176.3.79
221.176.3.83
221.176.3.85
221.176.4.6
221.176.4.9
221.176.4.12
221.176.4.15
221.176.4.18
221.176.4.21
58.22.96.66
218.104.128.106
202.101.98.55
211.138.145.194
211.138.151.161
211.138.156.66
218.85.152.99
218.85.157.99
222.47.29.93
202.101.107.85
119.233.255.228
222.47.62.142
122.72.33.240
211.98.121.27
218.203.160.194
221.7.34.10
61.235.70.98
113.111.211.22
202.96.128.68
202.96.128.86
202.96.128.166
210.21.3.140
210.21.4.130
211.95.193.97
211.98.2.4
211.98.4.1
211.162.61.225
211.162.61.235
211.162.61.255
211.162.62.1
211.162.62.60
221.4.66.66
202.103.176.22
202.96.144.47
210.38.192.33
202.96.134.33
202.96.134.133
202.96.154.15
210.21.196.6
221.5.88.88
202.103.243.112
202.193.64.33
61.235.164.13
61.235.164.18
202.103.225.68
221.7.136.68
202.103.224.68
211.97.64.129
211.138.240.100
211.138.242.18
211.138.245.180
221.7.128.68
222.52.118.162
202.98.192.67
202.98.198.167
211.92.136.81
211.139.1.3
211.139.2.18
202.100.192.68
211.97.96.65
211.138.164.6
221.11.132.2
202.100.199.8
202.99.160.68
202.99.166.4
202.99.168.8
222.222.222.222
202.102.224.68
202.102.227.68
222.85.85.85
222.88.88.88
210.42.241.1
202.196.64.1
112.100.100.100
202.97.224.68
219.235.127.1
61.236.93.33
211.93.24.129
211.137.241.34
219.147.198.230
202.103.0.68
202.103.0.117
202.103.24.68
202.103.44.150
202.114.0.242
202.114.240.6
211.161.158.11
211.161.159.3
218.104.111.114
218.104.111.122
218.106.127.114
218.106.127.122
221.232.129.30
59.51.78.210
61.234.254.5
202.103.96.112
219.72.225.253
222.243.129.81
222.246.129.80
211.142.210.98
211.142.210.100
220.168.208.3
220.168.208.6
220.170.64.68
218.76.192.100
61.187.98.3
61.187.98.6
202.98.0.68
211.93.64.129
211.141.16.99
202.98.5.68
219.149.194.55
211.138.200.69
202.102.3.141
202.102.3.144
58.240.57.33
112.4.0.55
114.114.114.114
114.114.115.115
202.102.24.34
218.2.135.1
221.6.4.66
221.131.143.69
202.102.8.141
222.45.0.110
61.177.7.1
218.104.32.106
211.103.13.101
221.228.255.1
61.147.37.1
222.45.1.40
58.241.208.46
202.102.9.141
202.102.7.90
202.101.224.68
202.101.226.68
211.141.90.68
211.137.32.178
202.96.69.38
211.140.197.58
219.149.6.99
202.96.86.18
101.47.189.10
101.47.189.18
118.29.249.50
118.29.249.54
202.96.64.68
202.96.75.68
202.118.1.29
202.118.1.53
219.148.204.66
202.99.224.8
202.99.224.67
211.90.72.65
211.138.91.1
218.203.101.3
202.100.96.68
211.93.0.81
222.75.152.129
211.138.75.123
202.102.154.3
202.102.152.3
219.146.1.66
219.147.1.66
202.102.128.68
202.102.134.68
211.138.106.19
211.90.80.65
202.99.192.66
202.99.192.68
61.134.1.4
202.117.96.5
202.117.96.10
218.30.19.40
218.30.19.50
116.228.111.118
180.168.255.18
202.96.209.5
202.96.209.133
202.101.6.2
211.95.1.97
211.95.72.1
211.136.112.50
211.136.150.66
119.6.6.6
124.161.97.234
124.161.97.238
124.161.97.242
61.139.2.69
202.98.96.68
202.115.32.36
202.115.32.39
218.6.200.139
218.89.0.124
61.139.54.66
61.139.39.73
139.175.10.20
139.175.55.244
139.175.150.20
139.175.252.16
168.95.1.1
210.200.211.193
210.200.211.225
211.78.130.1
61.31.1.1
61.31.233.1
168.95.192.1
168.95.192.174
61.60.224.3
61.60.224.5
202.113.16.10
202.113.16.11
202.99.96.68
202.99.104.68
211.137.160.5
211.137.160.185
219.150.32.132
202.98.224.68
211.139.73.34
61.10.0.130
61.10.1.130
202.14.67.4
202.14.67.14
202.45.84.58
202.45.84.67
202.60.252.8
202.85.128.32
203.80.96.9
203.142.100.18
203.142.100.21
203.186.94.20
203.186.94.241
221.7.1.20
61.128.114.133
61.128.114.166
218.202.152.130
61.166.150.123
202.203.128.33
211.98.72.7
211.139.29.68
211.139.29.150
211.139.29.170
221.3.131.11
222.172.200.68
61.166.150.101
61.166.150.139
202.203.144.33
202.203.160.33
202.203.192.33
202.203.208.33
202.203.224.33
211.92.144.161
222.221.5.240
61.166.25.129
202.96.103.36
221.12.1.227
221.130.252.200
222.46.120.5
202.96.96.68
218.108.248.219
218.108.248.245
61.130.254.34
60.191.244.5
202.96.104.15
202.96.104.26
221.12.33.227
202.96.107.27
61.128.128.68
61.128.192.68
218.201.17.2
221.5.203.86
221.5.203.90
221.5.203.98
221.7.92.86
221.7.92.98
::
::
::
::
1.0.0.0
1.0.0.1
255.0.0.0
254.255.255.254
127.0.0.1
127.0.0.1
::
::
::
10.0.0.0
10.255.255.255
127.0.0.0
127.255.255.255
172.16.0.0
172.31.255.255
192.168.0.0
192.168.255.255
255.0.0.0
254.255.255.254
::
::
::a
::c
::c
::
::ba
::
::a
::
::
::
::e
::a
::
::
d::
d::
d::
d::
d::
d::
d::
d::
d::
d::
::
::
::
8.8.8.8
8.8.4.4
::
::
8.8.8.8
::
127.0.0.1
::
::
61.132.163.68
202.102.192.68
202.102.213.68
202.102.200.101
58.242.2.2
202.38.64.1
211.91.88.129
211.138.180.2
218.104.78.2
202.102.199.68
202.175.3.3
202.175.3.8
202.112.144.30
61.233.9.9
61.233.9.61
124.207.160.110
202.97.7.6
202.97.7.17
202.106.0.20
202.106.46.151
202.106.195.68
202.106.196.115
202.106.196.212
202.106.196.228
202.106.196.230
202.106.196.232
202.106.196.237
202.112.112.10
211.136.17.107
211.136.28.231
211.136.28.234
211.136.28.237
211.147.6.3
219.141.136.10
219.141.140.10
219.141.148.37
219.141.148.39
219.239.26.42
221.130.32.100
221.130.32.103
221.130.32.106
221.130.32.109
221.130.33.52
221.130.33.60
221.176.3.70
221.176.3.73
221.176.3.76
221.176.3.79
221.176.3.83
221.176.3.85
221.176.4.6
221.176.4.9
221.176.4.12
221.176.4.15
221.176.4.18
221.176.4.21
58.22.96.66
218.104.128.106
202.101.98.55
211.138.145.194
211.138.151.161
211.138.156.66
218.85.152.99
218.85.157.99
222.47.29.93
202.101.107.85
119.233.255.228
222.47.62.142
122.72.33.240
211.98.121.27
218.203.160.194
221.7.34.10
61.235.70.98
113.111.211.22
202.96.128.68
202.96.128.86
202.96.128.166
210.21.3.140
210.21.4.130
211.95.193.97
211.98.2.4
211.98.4.1
211.162.61.225
211.162.61.235
211.162.61.255
211.162.62.1
211.162.62.60
221.4.66.66
202.103.176.22
202.96.144.47
210.38.192.33
202.96.134.33
202.96.134.133
202.96.154.15
210.21.196.6
221.5.88.88
202.103.243.112
202.193.64.33
61.235.164.13
61.235.164.18
202.103.225.68
221.7.136.68
202.103.224.68
211.97.64.129
211.138.240.100
211.138.242.18
211.138.245.180
221.7.128.68
222.52.118.162
202.98.192.67
202.98.198.167
211.92.136.81
211.139.1.3
211.139.2.18
202.100.192.68
211.97.96.65
211.138.164.6
221.11.132.2
202.100.199.8
202.99.160.68
202.99.166.4
202.99.168.8
222.222.222.222
202.102.224.68
202.102.227.68
222.85.85.85
222.88.88.88
210.42.241.1
202.196.64.1
112.100.100.100
202.97.224.68
219.235.127.1
61.236.93.33
211.93.24.129
211.137.241.34
219.147.198.230
202.103.0.68
202.103.0.117
202.103.24.68
202.103.44.150
202.114.0.242
202.114.240.6
211.161.158.11
211.161.159.3
218.104.111.114
218.104.111.122
218.106.127.114
218.106.127.122
221.232.129.30
59.51.78.210
61.234.254.5
202.103.96.112
219.72.225.253
222.243.129.81
222.246.129.80
211.142.210.98
211.142.210.100
220.168.208.3
220.168.208.6
220.170.64.68
218.76.192.100
61.187.98.3
61.187.98.6
202.98.0.68
211.93.64.129
211.141.16.99
202.98.5.68
219.149.194.55
211.138.200.69
202.102.3.141
202.102.3.144
58.240.57.33
112.4.0.55
114.114.114.114
114.114.115.115
202.102.24.34
218.2.135.1
221.6.4.66
221.131.143.69
202.102.8.141
222.45.0.110
61.177.7.1
218.104.32.106
211.103.13.101
221.228.255.1
61.147.37.1
222.45.1.40
58.241.208.46
202.102.9.141
202.102.7.90
202.101.224.68
202.101.226.68
211.141.90.68
211.137.32.178
202.96.69.38
211.140.197.58
219.149.6.99
202.96.86.18
101.47.189.10
101.47.189.18
118.29.249.50
118.29.249.54
202.96.64.68
202.96.75.68
202.118.1.29
202.118.1.53
219.148.204.66
202.99.224.8
202.99.224.67
211.90.72.65
211.138.91.1
218.203.101.3
202.100.96.68
211.93.0.81
222.75.152.129
211.138.75.123
202.102.154.3
202.102.152.3
219.146.1.66
219.147.1.66
202.102.128.68
202.102.134.68
211.138.106.19
211.90.80.65
202.99.192.66
202.99.192.68
61.134.1.4
202.117.96.5
202.117.96.10
218.30.19.40
218.30.19.50
116.228.111.118
180.168.255.18
202.96.209.5
202.96.209.133
202.101.6.2
211.95.1.97
211.95.72.1
211.136.112.50
211.136.150.66
119.6.6.6
124.161.97.234
124.161.97.238
124.161.97.242
61.139.2.69
202.98.96.68
202.115.32.36
202.115.32.39
218.6.200.139
218.89.0.124
61.139.54.66
61.139.39.73
139.175.10.20
139.175.55.244
139.175.150.20
139.175.252.16
168.95.1.1
210.200.211.193
210.200.211.225
211.78.130.1
61.31.1.1
61.31.233.1
168.95.192.1
168.95.192.174
61.60.224.3
61.60.224.5
202.113.16.10
202.113.16.11
202.99.96.68
202.99.104.68
211.137.160.5
211.137.160.185
219.150.32.132
202.98.224.68
211.139.73.34
61.10.0.130
61.10.1.130
202.14.67.4
202.14.67.14
202.45.84.58
202.45.84.67
202.60.252.8
202.85.128.32
203.80.96.9
203.142.100.18
203.142.100.21
203.186.94.20
203.186.94.241
221.7.1.20
61.128.114.133
61.128.114.166
218.202.152.130
61.166.150.123
202.203.128.33
211.98.72.7
211.139.29.68
211.139.29.150
211.139.29.170
221.3.131.11
222.172.200.68
61.166.150.101
61.166.150.139
202.203.144.33
202.203.160.33
202.203.192.33
202.203.208.33
202.203.224.33
211.92.144.161
222.221.5.240
61.166.25.129
202.96.103.36
221.12.1.227
221.130.252.200
222.46.120.5
202.96.96.68
218.108.248.219
218.108.248.245
61.130.254.34
60.191.244.5
202.96.104.15
202.96.104.26
221.12.33.227
202.96.107.27
61.128.128.68
61.128.192.68
218.201.17.2
221.5.203.86
221.5.203.90
221.5.203.98
221.7.92.86
221.7.92.98
::
::
::
::
1.0.0.0
1.0.0.1
255.0.0.0
254.255.255.254
127.0.0.1
127.0.0.1
::
::
::
10.0.0.0
10.255.255.255
127.0.0.0
127.255.255.255
172.16.0.0
172.31.255.255
192.168.0.0
192.168.255.255
255.0.0.0
254.255.255.254
::
::
::a
::c
::c
::
::ba
::
::a
::
::
::
::e
::a
::
::
d::
d::
d::
d::
d::
d::
d::
d::
d::
d::
Code Explore
Nucleus
Number of functions :
3661
Total size functions [B] : 2605985
Average size a function [B] : 711.82327233
Percentage of covered .text section : 349.965755264
Percentage of covered LOAD segment : 271.682323763
Total size functions [B] : 2605985
Average size a function [B] : 711.82327233
Percentage of covered .text section : 349.965755264
Percentage of covered LOAD segment : 271.682323763
Eh_frame
Number of functions :
1729
Total size functions [B] : 373146
Average size a function [B] : 215.816078658
Percentage of covered .text section : 50.1109260851
Percentage of covered LOAD segment : 38.9016714919
Total size functions [B] : 373146
Average size a function [B] : 215.816078658
Percentage of covered .text section : 50.1109260851
Percentage of covered LOAD segment : 38.9016714919
Sandbox (user)
Standard output
Standard error
Sandbox (root)
Standard output
Standard error
Behavior
User behavior
Syscalls
Unique
lseek
getegid
sysctl
rt_sigaction
mprotect
geteuid
uname
brk
connect
getsockname
close
flock
open
getgid
write
exit_group
recv
rt_sigprocmask
send
access
setsid
exit
getpid
getrlimit
set_tid_address
fstat
fcntl
stat
dup2
read
clone
getppid
set_thread_area
readlink
waitpid
unlink
sigreturn
execve
socket
wait4
setsockopt
getuid
getdents
munmap
gettimeofday
futex
mmap2
time
ftruncate
recvfrom
nanosleep
Unique number
51
Total number
3127
Instrumented libc calls
Unique
strchr
memcmp
strcmp
strtok
Unique number
4
Total number
27
If uid is checked
True
If gid is checked
True
Permission related errors
True
Type of permission related error
EACCES
True
Number of processes
8
Trace lines lost
0
Persistence
Modify
/etc/init.d/DbSecuritySpt
Dropped files
Modify
/tmp/moni.lod
/dev/null
/tmp/gates.lod
/tmp/bill.lock
/tmp/conf.n
Files being read
/proc/net/arp
/etc/ld.so.cache
/tmp/conf.n
/proc/cpuinfo
/tmp/cmd.n
/proc/net/dev
/tmp/
/proc/net/route
/etc/resolv.conf
/proc/stat
/proc/meminfo
/usr/lib/libamplify.so
/opt/lib/libc.so.6
/tmp/gates.lod
/lib/modules/4.4.0-77-generic/modules.softdep
/proc/cmdline
/etc/ld.so.cache
/tmp/conf.n
/proc/cpuinfo
/tmp/cmd.n
/proc/net/dev
/tmp/
/proc/net/route
/etc/resolv.conf
/proc/stat
/proc/meminfo
/usr/lib/libamplify.so
/opt/lib/libc.so.6
/tmp/gates.lod
/lib/modules/4.4.0-77-generic/modules.softdep
/proc/cmdline
Max sleep
120.0
System cmds
insmod /tmp/xpacket.ko
String or memory comparison
"insmod", "until"
"insmod", "continue"
"insmod", "insmod"
"insmod", "jobs"
"lsmod", "insmod"
"rmmod", "insmod"
"sctp", "pre:", 4
"insmod", "export"
"insmod", "for"
"pre: crc32c", "pre:", 4
"insmod", "then"
"insmod", "in"
"insmod", "hash"
"pre: sctp", "pre:", 4
"insmod", "getopts"
"insmod", "continue"
"insmod", "insmod"
"insmod", "jobs"
"lsmod", "insmod"
"rmmod", "insmod"
"sctp", "pre:", 4
"insmod", "export"
"insmod", "for"
"pre: crc32c", "pre:", 4
"insmod", "then"
"insmod", "in"
"insmod", "hash"
"pre: sctp", "pre:", 4
"insmod", "getopts"
Root behavior
Syscalls
Unique
lseek
getegid
sysctl
getsockname
rt_sigaction
mkdir
mprotect
geteuid
uname
brk
connect
llseek
close
flock
open
getgid
write
exit_group
recv
rt_sigprocmask
umask
send
access
setsid
exit
getpid
getrlimit
set_tid_address
fstat
fcntl
stat
dup2
read
commit_creds
clone
getppid
statfs64
symlink
fadvise64
set_robust_list
set_thread_area
readlink
waitpid
unlink
sigreturn
execve
socket
wait4
setsockopt
chdir
getuid
getdents
munmap
gettimeofday
futex
mmap2
time
ftruncate
recvfrom
nanosleep
Unique number
60
Total number
7036
Instrumented libc calls
Unique
strchr
strtok
strcmp
memchr
memcmp
Unique number
5
Total number
2470
Number of processes
38
Trace lines lost
0
Persistence
Modify
/etc/init.d/DbSecuritySpt
Link
/etc/rc5.d/S97DbSecuritySpt
/etc/rc2.d/S97DbSecuritySpt
/etc/rc3.d/S97DbSecuritySpt
/etc/rc1.d/S97DbSecuritySpt
/etc/rc4.d/S97DbSecuritySpt
Link from
/etc/init.d/DbSecuritySpt
Dropped files
Create
/usr/bin/.sshd
/usr/bin/bsd-port/getty
Modify
/tmp/moni.lod
/tmp/conf.n
/dev/null
/tmp/notify.file
/usr/bin/bsd-port/udevd.lock
/tmp/gates.lod
/tmp/bill.lock
/usr/bin/bsd-port/getty.lock
Files being read
/lib/i386-linux-gnu/libpcre.so.3
/opt/lib/libpthread.so.0
/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION
/tmp/
/proc/filesystems
/opt/lib/locale/locale-archive
/usr/lib/libamplify.so
/lib/i386-linux-gnu/libselinux.so.1
/tmp/gates.lod
/opt/lib/libdl.so.2
/proc/cmdline
/opt/lib/libc.so.6
/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION
/opt/lib/locale/en_US/LC_IDENTIFICATION
/lib/i386-linux-gnu/libacl.so.1
/proc/stat
/proc/meminfo
/tmp/moni.lod
/lib/modules/4.4.0-77-generic/modules.softdep
/proc/net/arp
/etc/ld.so.cache
/proc/cpuinfo
/opt/share/locale/locale.alias
/lib/i386-linux-gnu/libattr.so.1
/etc/resolv.conf
/proc/net/route
/tmp/conf.n
/opt/lib/locale/en/LC_IDENTIFICATION
/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION
/tmp/ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115
/opt/lib/locale/en.utf8/LC_IDENTIFICATION
/tmp/cmd.n
/proc/net/dev
/opt/lib/libpthread.so.0
/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION
/tmp/
/proc/filesystems
/opt/lib/locale/locale-archive
/usr/lib/libamplify.so
/lib/i386-linux-gnu/libselinux.so.1
/tmp/gates.lod
/opt/lib/libdl.so.2
/proc/cmdline
/opt/lib/libc.so.6
/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION
/opt/lib/locale/en_US/LC_IDENTIFICATION
/lib/i386-linux-gnu/libacl.so.1
/proc/stat
/proc/meminfo
/tmp/moni.lod
/lib/modules/4.4.0-77-generic/modules.softdep
/proc/net/arp
/etc/ld.so.cache
/proc/cpuinfo
/opt/share/locale/locale.alias
/lib/i386-linux-gnu/libattr.so.1
/etc/resolv.conf
/proc/net/route
/tmp/conf.n
/opt/lib/locale/en/LC_IDENTIFICATION
/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION
/tmp/ad72efedf8c2b6cd88133fea72d1bc8b7c16a6cc592e0f7ec5371a14c33d6115
/opt/lib/locale/en.utf8/LC_IDENTIFICATION
/tmp/cmd.n
/proc/net/dev
Max sleep
120.0
Unlink files
/tmp/notify.file
String or memory comparison
"/usr/bin/bsd-port/getty", "elif"
"", "C"
"en_US.UTF-8", b7660624
"cp", "jobs"
"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"insmod", "for"
"insmod", "then"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"mkdir", "local"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"lsmod", "insmod"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATI...
"UTF-8", "utf8"
"selinuxfs", "inuxfs", 6
"pre: crc32c", "pre:", 4
"mkdir", "for"
"/usr/bin/bsd-port/getty", "!"
"mkdir", "printf"
"ln", "kill"
"mkdir", "until"
"insmod", "export"
"en_US.UTF-8", "C"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION"
"insmod", "getopts"
"/usr/bin/.sshd", "!"
"ln", "then"
"cp", "for"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/usr/bin/.sshd", "case"
"SMP", "P", 1
"", b7710a7b
"/usr/bin/bsd-port/getty", "case"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"en_US.UTF-8", "POSIX"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"en_US.UTF-8", b76c0624
"mkdir", "read"
"ln", "printf"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"mkdir", "jobs"
"cp", "case"
"/usr/share/locale", "/opt/share/locale"
"cp", "continue"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en_US/LC_IDENTIFICATION"
"ln", "jobs"
"pre: sctp", "pre:", 4
"insmod", "continue"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"insmod", "in"
"cp", "export"
"/usr/bin/.sshd", "elif"
"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"cp", "do"
"/usr/bin/bsd-port/getty", "do"
"/usr/bin/bsd-port/getty", "for"
"cp", "exec"
"insmod", "jobs"
"ln", "local"
"mkdir", "then"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"coreutils", "messages"
"/usr/bin/.sshd", "do"
"ln", "for"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en_US/LC_IDENTIFICATION"
"/usr/bin/.sshd", "for"
"cp", "eval"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"ln", "read"
"mkdir", "test"
"rmmod", "insmod"
"ln", "until"
"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION...
"ln", "in"
"insmod", "until"
"ln", "test"
"insmod", "insmod"
"sctp", "pre:", 4
"cp", "elif"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"insmod", "hash"
"cp", "echo"
"mkdir", "in"
"", "C"
"en_US.UTF-8", b7660624
"cp", "jobs"
"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"insmod", "for"
"insmod", "then"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"mkdir", "local"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"lsmod", "insmod"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATI...
"UTF-8", "utf8"
"selinuxfs", "inuxfs", 6
"pre: crc32c", "pre:", 4
"mkdir", "for"
"/usr/bin/bsd-port/getty", "!"
"mkdir", "printf"
"ln", "kill"
"mkdir", "until"
"insmod", "export"
"en_US.UTF-8", "C"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION"
"insmod", "getopts"
"/usr/bin/.sshd", "!"
"ln", "then"
"cp", "for"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/usr/bin/.sshd", "case"
"SMP", "P", 1
"", b7710a7b
"/usr/bin/bsd-port/getty", "case"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"en_US.UTF-8", "POSIX"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"en_US.UTF-8", b76c0624
"mkdir", "read"
"ln", "printf"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"mkdir", "jobs"
"cp", "case"
"/usr/share/locale", "/opt/share/locale"
"cp", "continue"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en_US/LC_IDENTIFICATION"
"ln", "jobs"
"pre: sctp", "pre:", 4
"insmod", "continue"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"insmod", "in"
"cp", "export"
"/usr/bin/.sshd", "elif"
"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US/LC_IDENTIFICATION", "/opt/lib/locale/en/LC_IDENTIFICATION"
"cp", "do"
"/usr/bin/bsd-port/getty", "do"
"/usr/bin/bsd-port/getty", "for"
"cp", "exec"
"insmod", "jobs"
"ln", "local"
"mkdir", "then"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"coreutils", "messages"
"/usr/bin/.sshd", "do"
"ln", "for"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en_US/LC_IDENTIFICATION"
"/usr/bin/.sshd", "for"
"cp", "eval"
"/opt/lib/locale/en/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", "/opt/lib/locale/en.utf8/LC_IDENTIFICATION"
"ln", "read"
"mkdir", "test"
"rmmod", "insmod"
"ln", "until"
"/opt/lib/locale/en.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8/LC_IDENTIFICATION"
"/opt/lib/locale/en_US.UTF-8.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en_US.UTF-8/LC_IDENTIFICATION...
"ln", "in"
"insmod", "until"
"ln", "test"
"insmod", "insmod"
"sctp", "pre:", 4
"cp", "elif"
"/opt/lib/locale/en_US.utf8/LC_IDENTIFICATION", "/opt/lib/locale/en.UTF-8.utf8/LC_IDENTIFICATION"
"insmod", "hash"
"cp", "echo"
"mkdir", "in"