Padawan live

Summary

OS ABI: UNIX - System V

CPU class: 64 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped

CPU type: AMD x86-64

Entropy: 5.40342607392

Syscalls executed (root): 9

Syscalls executed (user): 8

ELF type: Shared object file

ELF

Class: 64 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Shared object file

ELF version: 0.1

Machine: AMD x86-64

Link: dynamic

Entrypoint: 0xdbc

Interpreter: <none>

Number of segments: 5

Number of sections: 22

Program header table offset: 64

Section header table offset: 34344

Program header table - size of entry: 56

Section header table - size of entry: 64

Program header table - entries: 5

Section header table - entries: 22

Section header table - index sections names: 21

Stripped: True

Sections stripped: False

PT_LOAD at offset 0x7e28

section without a name

Debug information: False

GCC: (Alpine 6.4.0) 6.4.0

Hash

MD5: 9e788bee6f2de8f5367cd1d1ca25a05b

SHA1: 05fdd63b5c49cd6e34d38417f11a040521d472a4

SHA256: b944f2a981d74c8e14a6a8f3388ca0b3502ce09016acb678cb11ae7568786931

SHA512: a07af3ff16fa868729f0b5d3f71f4ceae85607424a146615477f8db33fe8e38ecfe0f3b1f400c667dea3c9fb7c4a45d20b76da03ab910bbb12f3126e1ce3e9ce

ssdeep: 768:NwT0W34fQNMt1gxRG6N3R9jWPui0gWKHL1Er:84f+Mt613Rh+ui0gFHLmr

Bytes

Entropy: 5.40342607392

Min entropy (16KB blocks): 5.28649332004

Max entropy (16KB blocks): 5.79711340052

Unique bytes (0-255): 255

Null bytes: 12456

White spaces: 1011

Printable bytes: 10527

First 16B: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Byte: 0x0

Offset: 0x6f49

Length: 3808

0xb3 - 2 times
0xad - 1 times
0xa2 - 0 times

0x0 - 12456 times
0x48 - 1882 times
0xff - 1065 times

File type

Mime type: application/x-sharedlib

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped

VirusTotal

URL: https://www.virustotal.com/#/file/b944f2a981d74c8e14a6a8f3388ca0b3502ce09016acb678cb11ae7568786931

Positive: 0

Scan date: 2018-10-17 17:47:56

Error: Resource not found

Data Explore

/dev/null

Code Explore

Number of functions: 136

Total size functions [B]: 41485

Average size a function [B]: 305.036764706

Percentage of covered .text section: 200.886155634

Percentage of covered LOAD segment: 136.661615496

Number of functions: 6

Total size functions [B]: 1472

Average size a function [B]: 245.333333333

Percentage of covered .text section: 7.12798411699

Percentage of covered LOAD segment: 4.84912373172

Sandbox (user)

Standard output:

Standard error:

Sandbox (root)

Standard output:

Standard error:

Behavior

fcntl
exit_group
arch_prctl
mmap2
getpid
readv
set_tid_address
execve

Unique number: 8

Total number: 8

strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0

fcntl
exit_group
commit_creds
arch_prctl
mmap2
getpid
readv
set_tid_address
execve

Unique number: 9

Total number: 9

strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: -1.0

b944f2a981d74c8e14a6a8f3388ca0b3502ce09016acb678cb11ae7568786931

Summary

ELF

Anomalies

Segments

Memory size doubles physical size

Sections

Uncommon sections

Comment

Hash

Bytes

Longest same bytes sequence

Three rarest bytes

Three most common bytes

File type

VirusTotal

Data Explore

Paths

Code Explore

Nucleus

Eh_frame

Sandbox (user)

Sandbox (root)

Behavior

User behavior

Syscalls

Unique

Instrumented libc calls

Unique

Root behavior

Syscalls

Unique

Instrumented libc calls

Unique