Sample : dcba57d5622bc6199089394bbd5cb0b0d893a47126bafd348576bda8a1a1bedc

Summary


OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 2.6.32, BuildID[sha1]=653c3cf1c30c0eb0ad555c1f2e7d94030c277b75, not stripped
CPU type

ARM 32-bit
Entropy

3.64468940687
Syscalls executed (root)

34
Syscalls executed (user)

33
ELF type

Executable file

ELF


Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

ARM 32-bit
Link

dynamic
Entrypoint

0x84e1
Interpreter

'/lib/ld-linux-armhf.so.3'
Number of segments

9
Number of sections

30
Program header table offset

52
Section header table offset

4576
Program header table - size of entry

32
Section header table - size of entry

40
Program header table - entries

9
Section header table - entries

30
Section header table - index sections names

27
Stripped

False
Sections stripped

False
Needed libraries

ld-linux-armhf.so.3

libc.so.6

Dynamic symbols

htons

socket

send

perror

abort

close

connect

__stack_chk_fail

__libc_start_main

inet_addr

Anomalies


Sections
Uncommon sections : section without a name


Debug information

False
Comment

GCC: (Ubuntu/Linaro 4.8.4-2ubuntu1~14.04.1) 4.8.4

GCC: (Ubuntu/Linaro 4.8.2-16ubuntu3) 4.8.2

Note

GNU : "e<<\xf1\xc3\x0c\x0e\xb0\xadU\\\x1f.}\x94\x03\x0c'{"

Hash


MD5

c1d2dcdbb70d6e0b9f695199faa82364
SHA1

fb6c88d879e001232b4cf79718cecb5c7d5be12c
SHA256

dcba57d5622bc6199089394bbd5cb0b0d893a47126bafd348576bda8a1a1bedc
SHA512

e1b81ca98e4ec42b15552a367e279a5ca6c78aa2ef18e1d1e4e50afa6308e780dee1a17e59fdedee27a8d2d2ddb86f248a81298a3e7f9fbdb369256774bc0507
ssdeep

96:KyZex1yKFavbdVDGHEpc7rWkl/7Bybf7ssiDa4Bi/32HBo:DZVcavb/CHEiBybfmBE/GH6

Bytes


Entropy

3.64468940687
Min entropy (16KB blocks)

-1.0
Max entropy (16KB blocks)

-1.0
Unique bytes (0-255)

223
Null bytes

5186
White spaces

94
Printable bytes

1966
First 16B

7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B

6e 65 63 74 40 40 47 4c 49 42 43 5f 32 2e 34 00
Longest same bytes sequence

Byte : 0x0

Offset : 0x6ff

Length : 2054

Three rarest bytes

0xf3 - 0 times

0xf4 - 0 times

0xf9 - 0 times

Three most common bytes

0x0 - 5186 times

0x1 - 170 times

0x5f - 161 times

File type


Mime type

application/x-executable
File type

ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 2.6.32, BuildID[sha1]=653c3cf1c30c0eb0ad555c1f2e7d94030c277b75, not stripped

VirusTotal


Error

Resource not found

Data Explore


Paths

/lib/ld-linux-armhf.so.3

/usr/lib/gcc-cross/arm-linux-gnueabihf/4.8/../../../../arm-linux-gnueabihf/lib/../lib/crt1.o

/usr/lib/gcc-cross/arm-linux-gnueabihf/4.8/../../../../arm-linux-gnueabihf/lib/../lib/crti.o

/usr/lib/gcc-cross/arm-linux-gnueabihf/4.8/../../../../arm-linux-gnueabihf/lib/../lib/crtn.o

IPs (v4 and v6)

210.230.130.251

Code Explore


Nucleus

Eh_frame

Number of functions : 0

Sandbox (user)


Standard output

Standard error

Sandbox (root)


Standard output

Standard error

Behavior


User behavior

Syscalls


Unique
mmap2
socket
exit_group
lseek
read
munmap
mprotect
send
access
uname
brk
connect
close
open
fstat
execve


Unique number
16

Total number
33

Number of processes

1

Trace lines lost

0

Files being read

/lib/arm-linux-gnueabihf/libc.so.6

6fd026

Max sleep

-1.0



Root behavior

Syscalls


Unique
mmap2
socket
exit_group
lseek
read
commit_creds
mprotect
send
access
uname
munmap
brk
connect
close
open
fstat
execve


Unique number
17

Total number
34

Number of processes

1

Trace lines lost

0

Files being read

/lib/arm-linux-gnueabihf/libc.so.6

/etc/ld.so.cache

Max sleep

-1.0