Sample:

b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c



Summary

OS ABI: UNIX - System V

CPU class: 64 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=695b2f620ae6966bd972f594c8a0e03399ae50b9, not stripped

CPU type: AMD x86-64

Entropy: 3.11800622111

Syscalls executed (root): 28

Syscalls executed (user): 27

ELF type: Shared object file

ELF

Class: 64 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Shared object file

ELF version: 0.1

Machine: AMD x86-64

Entrypoint: 0x700

Interpreter: '/lib64/ld-linux-x86-64.so.2'

Number of segments: 9

Number of sections: 29

Program header table offset: 64

Section header table offset: 6616

Program header table - size of entry: 56

Section header table - size of entry: 64

Program header table - entries: 9

Section header table - entries: 29

Section header table - index sections names: 26

Stripped: False

Sections stripped: False

  • libc.so.6
  • __libc_start_main
  • __cxa_finalize
  • __libc_csu_init
  • _start
  • main
  • _init
  • __libc_csu_fini
  • _fini
  • section without a name

Debug information: False

  • GCC: (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005
  • GNU : 'i[/b\n\xe6\x96k\xd9r\xf5\x94\xc8\xa0\xe03\x99\xaeP'

Hash

MD5: 1c4dcdbc0b4276b75314b43101d1ee84

SHA1: 8e356cc97ab4ec57058cb5184ad83b6b26505556

SHA256: b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c

SHA512: b85bf581b2cc75eedb2f74c5804f6919bebfbece5cfef2771bc9e95d5aba87b2159b580a8a7a7e0de71b0be602a9bd142e88ea0114ce5e31e6fd3dfed14fc16f

ssdeep: 96:RaTLEBzbWB8nDzekMRCITSy51Q7LscMB5eWBqScvXX:RafEVWIDz5rIzQ2WWsSc

Bytes

Entropy: 3.11800622111

Min entropy (16KB blocks): -1.0

Max entropy (16KB blocks): -1.0

Unique bytes (0-255): 221

Null bytes: 5648

White spaces: 209

Printable bytes: 1470

First 16B: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Byte: 0x0

Offset: 0xa57

Length: 907

  • 0xdf - 0 times
  • 0xe7 - 0 times
  • 0xf7 - 0 times
  • 0x0 - 5648 times
  • 0x5f - 153 times
  • 0x1 - 113 times

File type

Mime type: application/x-sharedlib

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=695b2f620ae6966bd972f594c8a0e03399ae50b9, not stripped

VirusTotal

URL: https://www.virustotal.com/#/file/b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c

Positive: 0

Scan date: 2017-05-31 09:09:59

Code Explore

Number of functions: 10

Total size functions [B]: 401

Average size a function [B]: 40.1

Percentage of covered .text section: 80.5220883534

Percentage of covered LOAD segment: 12.4534161491

Number of functions: 5

Total size functions [B]: 231

Average size a function [B]: 46.2

Percentage of covered .text section: 46.3855421687

Percentage of covered LOAD segment: 7.17391304348

Sandbox (user)

Standard output:

Standard error:

Sandbox (root)

Standard output:

Standard error:

Behavior

  • mmap2
  • exit_group
  • read
  • munmap
  • mprotect
  • arch_prctl
  • access
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 12

Total number: 27

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libc.so.6
  • /etc/ld.so.cache

Max sleep: -1.0

  • mmap2
  • exit_group
  • read
  • commit_creds
  • mprotect
  • arch_prctl
  • access
  • munmap
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 13

Total number: 28

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libc.so.6
  • /etc/ld.so.cache

Max sleep: -1.0