Sample : b944f2a981d74c8e14a6a8f3388ca0b3502ce09016acb678cb11ae7568786931
Modules
Summary
OS ABI
UNIX - System V
CPU class
64 bit
Persistence (user)
No
Persistence (root)
No
CPU byte order
2's complement LSB
File type
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped
CPU type
AMD x86-64
Entropy
5.40342607392
Syscalls executed (root)
9
Syscalls executed (user)
8
ELF type
Shared object file
ELF
Class
64 bit
Data encoding
2's complement LSB
Operating system ABI
UNIX - System V
Object file type
Shared object file
ELF version
0.1
Machine
AMD x86-64
Link
dynamic
Entrypoint
0xdbc
Interpreter
<none>
Number of segments
5
Number of sections
22
Program header table offset
64
Section header table offset
34344
Program header table - size of entry
56
Section header table - size of entry
64
Program header table - entries
5
Section header table - entries
22
Section header table - index sections names
21
Stripped
True
Sections stripped
False
Anomalies
Segments
Memory size doubles physical size : PT_LOAD at offset 0x7e28
Sections
Uncommon sections : section without a name
Debug information
False
Comment
GCC: (Alpine 6.4.0) 6.4.0
Hash
MD5
9e788bee6f2de8f5367cd1d1ca25a05b
SHA1
05fdd63b5c49cd6e34d38417f11a040521d472a4
SHA256
b944f2a981d74c8e14a6a8f3388ca0b3502ce09016acb678cb11ae7568786931
SHA512
a07af3ff16fa868729f0b5d3f71f4ceae85607424a146615477f8db33fe8e38ecfe0f3b1f400c667dea3c9fb7c4a45d20b76da03ab910bbb12f3126e1ce3e9ce
ssdeep
768:NwT0W34fQNMt1gxRG6N3R9jWPui0gWKHL1Er:84f+Mt613Rh+ui0gFHLmr
Bytes
Entropy
5.40342607392
Min entropy (16KB blocks)
5.28649332004
Max entropy (16KB blocks)
5.79711340052
Unique bytes (0-255)
255
Null bytes
12456
White spaces
1011
Printable bytes
10527
First 16B
7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Last 16B
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Longest same bytes sequence
Byte :
0x0
Offset : 0x6f49
Length : 3808
Offset : 0x6f49
Length : 3808
Three rarest bytes
0xb3 - 2 times
0xad - 1 times
0xa2 - 0 times
0xad - 1 times
0xa2 - 0 times
Three most common bytes
0x0 - 12456 times
0x48 - 1882 times
0xff - 1065 times
0x48 - 1882 times
0xff - 1065 times
File type
Mime type
application/x-sharedlib
File type
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped
VirusTotal
URL
https://www.virustotal.com/#/file/b944f2a981d74c8e14a6a8f3388ca0b3502ce09016acb678cb11ae7568786931
Positive
0
Scan date
2018-10-17 17:47:56
Error
Resource not found
Data Explore
Paths
/dev/null
Code Explore
Nucleus
Number of functions :
136
Total size functions [B] : 41485
Average size a function [B] : 305.036764706
Percentage of covered .text section : 200.886155634
Percentage of covered LOAD segment : 136.661615496
Total size functions [B] : 41485
Average size a function [B] : 305.036764706
Percentage of covered .text section : 200.886155634
Percentage of covered LOAD segment : 136.661615496
Eh_frame
Number of functions :
6
Total size functions [B] : 1472
Average size a function [B] : 245.333333333
Percentage of covered .text section : 7.12798411699
Percentage of covered LOAD segment : 4.84912373172
Total size functions [B] : 1472
Average size a function [B] : 245.333333333
Percentage of covered .text section : 7.12798411699
Percentage of covered LOAD segment : 4.84912373172
Sandbox (user)
Standard output
Standard error
Sandbox (root)
Standard output
Standard error
Behavior
User behavior
Syscalls
Unique
fcntl
exit_group
arch_prctl
mmap2
getpid
readv
set_tid_address
execve
Unique number
8
Total number
8
Instrumented libc calls
Unique
strchr
Unique number
1
Total number
1
Number of processes
1
Trace lines lost
0
Max sleep
-1.0
Root behavior
Syscalls
Unique
fcntl
exit_group
commit_creds
arch_prctl
mmap2
getpid
readv
set_tid_address
execve
Unique number
9
Total number
9
Instrumented libc calls
Unique
strchr
Unique number
1
Total number
1
Number of processes
1
Trace lines lost
0
Max sleep
-1.0