Padawan live

Summary

OS ABI: UNIX - System V

CPU class: 64 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=695b2f620ae6966bd972f594c8a0e03399ae50b9, not stripped

CPU type: AMD x86-64

Entropy: 3.11800622111

Syscalls executed (root): 28

Syscalls executed (user): 27

ELF type: Shared object file

ELF

Class: 64 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Shared object file

ELF version: 0.1

Machine: AMD x86-64

Link: dynamic

Entrypoint: 0x700

Interpreter: '/lib64/ld-linux-x86-64.so.2'

Number of segments: 9

Number of sections: 29

Program header table offset: 64

Section header table offset: 6616

Program header table - size of entry: 56

Section header table - size of entry: 64

Program header table - entries: 9

Section header table - entries: 29

Section header table - index sections names: 26

Stripped: False

Sections stripped: False

libc.so.6

__libc_start_main
__cxa_finalize
__libc_csu_init
_start
main
_init
__libc_csu_fini
_fini

section without a name

Debug information: False

GCC: (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005

GNU : 'i[/b\n\xe6\x96k\xd9r\xf5\x94\xc8\xa0\xe03\x99\xaeP'

Hash

MD5: 1c4dcdbc0b4276b75314b43101d1ee84

SHA1: 8e356cc97ab4ec57058cb5184ad83b6b26505556

SHA256: b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c

SHA512: b85bf581b2cc75eedb2f74c5804f6919bebfbece5cfef2771bc9e95d5aba87b2159b580a8a7a7e0de71b0be602a9bd142e88ea0114ce5e31e6fd3dfed14fc16f

ssdeep: 96:RaTLEBzbWB8nDzekMRCITSy51Q7LscMB5eWBqScvXX:RafEVWIDz5rIzQ2WWsSc

Bytes

Entropy: 3.11800622111

Min entropy (16KB blocks): -1.0

Max entropy (16KB blocks): -1.0

Unique bytes (0-255): 221

Null bytes: 5648

White spaces: 209

Printable bytes: 1470

First 16B: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Byte: 0x0

Offset: 0xa57

Length: 907

0xdf - 0 times
0xe7 - 0 times
0xf7 - 0 times

0x0 - 5648 times
0x5f - 153 times
0x1 - 113 times

File type

Mime type: application/x-sharedlib

VirusTotal

URL: https://www.virustotal.com/#/file/b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c

Positive: 0

Scan date: 2017-05-31 09:09:59

Code Explore

Number of functions: 10

Total size functions [B]: 401

Average size a function [B]: 40.1

Percentage of covered .text section: 80.5220883534

Percentage of covered LOAD segment: 12.4534161491

Number of functions: 5

Total size functions [B]: 231

Average size a function [B]: 46.2

Percentage of covered .text section: 46.3855421687

Percentage of covered LOAD segment: 7.17391304348

Sandbox (user)

Standard output:

Standard error:

Sandbox (root)

Standard output:

Standard error:

Behavior

mmap2
exit_group
read
munmap
mprotect
arch_prctl
access
brk
close
open
fstat
execve

Unique number: 12

Total number: 27

strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

/opt/lib/libc.so.6
/etc/ld.so.cache

Max sleep: -1.0

mmap2
exit_group
read
commit_creds
mprotect
arch_prctl
access
munmap
brk
close
open
fstat
execve

Unique number: 13

Total number: 28

strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

/opt/lib/libc.so.6
/etc/ld.so.cache

Max sleep: -1.0

b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c

Summary

ELF

Needed libraries

Dynamic symbols

Anomalies

Sections

Uncommon sections

Comment

Note

Hash

Bytes

Longest same bytes sequence

Three rarest bytes

Three most common bytes

File type

VirusTotal

Code Explore

Nucleus

Eh_frame

Sandbox (user)

Sandbox (root)

Behavior

User behavior

Syscalls

Unique

Instrumented libc calls

Unique

Files being read

Root behavior

Syscalls

Unique

Instrumented libc calls

Unique

Files being read