Sample:

daf9e5e2287c4464b454d15151f59e9f0a89b741d4549786a0e761dec4adccec



Summary

OS ABI: UNIX - System V

CPU class: 64 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=17a8b1db8e5b9648e72faa17ed910b6cbb002642, not stripped

CPU type: AMD x86-64

Entropy: 3.15367048154

Syscalls executed (root): 28

Syscalls executed (user): 27

ELF type: Shared object file

ELF

Class: 64 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Shared object file

ELF version: 0.1

Machine: AMD x86-64

Entrypoint: 0x750

Interpreter: '/lib64/ld-linux-x86-64.so.2'

Number of segments: 9

Number of sections: 29

Program header table offset: 64

Section header table offset: 6600

Program header table - size of entry: 56

Section header table - size of entry: 64

Program header table - entries: 9

Section header table - entries: 29

Section header table - index sections names: 26

Stripped: False

Sections stripped: False

  • libc.so.6
  • __libc_start_main
  • __cxa_finalize
  • __libc_csu_init
  • _start
  • main
  • _init
  • __libc_csu_fini
  • _fini
  • section without a name

Debug information: False

  • GCC: (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005
  • GNU : '\x17\xa8\xb1\xdb\x8e[\x96H\xe7/\xaa\x17\xed\x91\x0bl\xbb\x00&'

Hash

MD5: 26e9cab5d23bfa1b93ec792a9cc10bc3

SHA1: 870a5791547ae2a0db57374ba9c64331598975c1

SHA256: daf9e5e2287c4464b454d15151f59e9f0a89b741d4549786a0e761dec4adccec

SHA512: 8c4afdfe9ccf0c3a815ce2f29464ce34210d60e00d0cbff5d5b330f7fca2576af70719e5710d61951ee619ff85f6e7374d7f30e8a2eb243df896cb35c26d9c83

ssdeep: 96:RrOTNO7BKMWBnQni6fMRSaTUW3xIrJCza7LshMB2tWBqScYs4XX:RrOZczWQi6fbRum3CWsScYs

Bytes

Entropy: 3.15367048154

Min entropy (16KB blocks): -1.0

Max entropy (16KB blocks): -1.0

Unique bytes (0-255): 223

Null bytes: 5596

White spaces: 224

Printable bytes: 1489

First 16B: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Byte: 0x0

Offset: 0xab7

Length: 810

  • 0xdf - 0 times
  • 0xe6 - 0 times
  • 0xf7 - 0 times
  • 0x0 - 5596 times
  • 0x5f - 150 times
  • 0x1 - 114 times

File type

Mime type: application/x-sharedlib

File type: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=17a8b1db8e5b9648e72faa17ed910b6cbb002642, not stripped

VirusTotal

URL: https://www.virustotal.com/#/file/daf9e5e2287c4464b454d15151f59e9f0a89b741d4549786a0e761dec4adccec

Positive: 0

Scan date: 2018-09-01 08:11:04

Code Explore

Number of functions: 10

Total size functions [B]: 401

Average size a function [B]: 40.1

Percentage of covered .text section: 80.5220883534

Percentage of covered LOAD segment: 12.0928829916

Number of functions: 5

Total size functions [B]: 231

Average size a function [B]: 46.2

Percentage of covered .text section: 46.3855421687

Percentage of covered LOAD segment: 6.96622436671

Sandbox (user)

Standard output:

Standard error:

Sandbox (root)

Standard output:

Standard error:

Behavior

  • mmap2
  • exit_group
  • read
  • munmap
  • mprotect
  • arch_prctl
  • access
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 12

Total number: 27

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libc.so.6
  • /etc/ld.so.cache

Max sleep: -1.0

  • mmap2
  • exit_group
  • read
  • commit_creds
  • mprotect
  • arch_prctl
  • access
  • munmap
  • brk
  • close
  • open
  • fstat
  • execve

Unique number: 13

Total number: 28

  • strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

  • /opt/lib/libc.so.6
  • /etc/ld.so.cache

Max sleep: -1.0