Sample : daf9e5e2287c4464b454d15151f59e9f0a89b741d4549786a0e761dec4adccec

Summary


OS ABI

UNIX - System V
CPU class

64 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=17a8b1db8e5b9648e72faa17ed910b6cbb002642, not stripped
CPU type

AMD x86-64
Entropy

3.15367048154
Syscalls executed (root)

28
Syscalls executed (user)

27
ELF type

Shared object file

ELF


Class

64 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Shared object file
ELF version

0.1
Machine

AMD x86-64
Link

dynamic
Entrypoint

0x750
Interpreter

'/lib64/ld-linux-x86-64.so.2'
Number of segments

9
Number of sections

29
Program header table offset

64
Section header table offset

6600
Program header table - size of entry

56
Section header table - size of entry

64
Program header table - entries

9
Section header table - entries

29
Section header table - index sections names

26
Stripped

False
Sections stripped

False
Needed libraries

libc.so.6

Dynamic symbols

__libc_start_main

__cxa_finalize

__libc_csu_init

_start

main

_init

__libc_csu_fini

_fini

Anomalies


Sections
Uncommon sections : section without a name


Debug information

False
Comment

GCC: (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005

Note

GNU : '\x17\xa8\xb1\xdb\x8e[\x96H\xe7/\xaa\x17\xed\x91\x0bl\xbb\x00&'

Hash


MD5

26e9cab5d23bfa1b93ec792a9cc10bc3
SHA1

870a5791547ae2a0db57374ba9c64331598975c1
SHA256

daf9e5e2287c4464b454d15151f59e9f0a89b741d4549786a0e761dec4adccec
SHA512

8c4afdfe9ccf0c3a815ce2f29464ce34210d60e00d0cbff5d5b330f7fca2576af70719e5710d61951ee619ff85f6e7374d7f30e8a2eb243df896cb35c26d9c83
ssdeep

96:RrOTNO7BKMWBnQni6fMRSaTUW3xIrJCza7LshMB2tWBqScYs4XX:RrOZczWQi6fbRum3CWsScYs

Bytes


Entropy

3.15367048154
Min entropy (16KB blocks)

-1.0
Max entropy (16KB blocks)

-1.0
Unique bytes (0-255)

223
Null bytes

5596
White spaces

224
Printable bytes

1489
First 16B

7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Last 16B

01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Longest same bytes sequence

Byte : 0x0

Offset : 0xab7

Length : 810

Three rarest bytes

0xdf - 0 times

0xe6 - 0 times

0xf7 - 0 times

Three most common bytes

0x0 - 5596 times

0x5f - 150 times

0x1 - 114 times

File type


Mime type

application/x-sharedlib
File type

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=17a8b1db8e5b9648e72faa17ed910b6cbb002642, not stripped

VirusTotal


URL

https://www.virustotal.com/#/file/daf9e5e2287c4464b454d15151f59e9f0a89b741d4549786a0e761dec4adccec
Positive

0
Scan date

2018-09-01 08:11:04

Code Explore


Nucleus

Number of functions : 10

Total size functions [B] : 401

Average size a function [B] : 40.1

Percentage of covered .text section : 80.5220883534

Percentage of covered LOAD segment : 12.0928829916

Eh_frame

Number of functions : 5

Total size functions [B] : 231

Average size a function [B] : 46.2

Percentage of covered .text section : 46.3855421687

Percentage of covered LOAD segment : 6.96622436671

Sandbox (user)


Standard output

Standard error

Sandbox (root)


Standard output

Standard error

Behavior


User behavior

Syscalls


Unique
mmap2
exit_group
read
munmap
mprotect
arch_prctl
access
brk
close
open
fstat
execve


Unique number
12

Total number
27

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Files being read

/opt/lib/libc.so.6

/etc/ld.so.cache

Max sleep

-1.0



Root behavior

Syscalls


Unique
mmap2
exit_group
read
commit_creds
mprotect
arch_prctl
access
munmap
brk
close
open
fstat
execve


Unique number
13

Total number
28

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Files being read

/opt/lib/libc.so.6

/etc/ld.so.cache

Max sleep

-1.0