Sample : b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c

Modules

Summary

OS ABI

UNIX - System V
CPU class

64 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=695b2f620ae6966bd972f594c8a0e03399ae50b9, not stripped
CPU type

AMD x86-64
Entropy

3.11800622111
Syscalls executed (root)

28
Syscalls executed (user)

27
ELF type

Shared object file

ELF

Class

64 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Shared object file
ELF version

0.1
Machine

AMD x86-64
Link

dynamic
Entrypoint

0x700
Interpreter

'/lib64/ld-linux-x86-64.so.2'
Number of segments

9
Number of sections

29
Program header table offset

64
Section header table offset

6616
Program header table - size of entry

56
Section header table - size of entry

64
Program header table - entries

9
Section header table - entries

29
Section header table - index sections names

26
Stripped

False
Sections stripped

False
Needed libraries

libc.so.6

Dynamic symbols

__libc_start_main

__cxa_finalize

__libc_csu_init

_start

main

_init

__libc_csu_fini

_fini

Anomalies


Sections
Uncommon sections : section without a name


Debug information

False
Comment

GCC: (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005

Note

GNU : 'i[/b\n\xe6\x96k\xd9r\xf5\x94\xc8\xa0\xe03\x99\xaeP'

Hash

MD5

1c4dcdbc0b4276b75314b43101d1ee84
SHA1

8e356cc97ab4ec57058cb5184ad83b6b26505556
SHA256

b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c
SHA512

b85bf581b2cc75eedb2f74c5804f6919bebfbece5cfef2771bc9e95d5aba87b2159b580a8a7a7e0de71b0be602a9bd142e88ea0114ce5e31e6fd3dfed14fc16f
ssdeep

96:RaTLEBzbWB8nDzekMRCITSy51Q7LscMB5eWBqScvXX:RafEVWIDz5rIzQ2WWsSc

Bytes

Entropy

3.11800622111
Min entropy (16KB blocks)

-1.0
Max entropy (16KB blocks)

-1.0
Unique bytes (0-255)

221
Null bytes

5648
White spaces

209
Printable bytes

1470
First 16B

7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Last 16B

01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Longest same bytes sequence

Byte : 0x0

Offset : 0xa57

Length : 907

Three rarest bytes

0xdf - 0 times

0xe7 - 0 times

0xf7 - 0 times

Three most common bytes

0x0 - 5648 times

0x5f - 153 times

0x1 - 113 times

File type

Mime type

application/x-sharedlib
File type

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=695b2f620ae6966bd972f594c8a0e03399ae50b9, not stripped

VirusTotal

URL

https://www.virustotal.com/#/file/b29ca762a5371e2615683696550a0df627f56103adf4895da97d4bbd5c0d8e7c
Positive

0
Scan date

2017-05-31 09:09:59

Code Explore

Nucleus

Number of functions : 10

Total size functions [B] : 401

Average size a function [B] : 40.1

Percentage of covered .text section : 80.5220883534

Percentage of covered LOAD segment : 12.4534161491

Eh_frame

Number of functions : 5

Total size functions [B] : 231

Average size a function [B] : 46.2

Percentage of covered .text section : 46.3855421687

Percentage of covered LOAD segment : 7.17391304348

Sandbox (user)

Standard output

Standard error

Sandbox (root)

Standard output

Standard error

Behavior

User behavior

Syscalls


Unique
mmap2
exit_group
read
munmap
mprotect
arch_prctl
access
brk
close
open
fstat
execve


Unique number
12

Total number
27

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Files being read

/opt/lib/libc.so.6

/etc/ld.so.cache

Max sleep

-1.0



Root behavior

Syscalls


Unique
mmap2
exit_group
read
commit_creds
mprotect
arch_prctl
access
munmap
brk
close
open
fstat
execve


Unique number
13

Total number
28

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Files being read

/opt/lib/libc.so.6

/etc/ld.so.cache

Max sleep

-1.0