Padawan live

Summary

OS ABI: UNIX - System V

CPU class: 32 bit

Persistence (user): No

Persistence (root): No

CPU byte order: 2's complement LSB

File type: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size

CPU type: Intel 80386

Entropy: 4.68418920876

Syscalls executed (root): 9

Syscalls executed (user): 11

ELF type: Executable file

ELF

Class: 32 bit

Data encoding: 2's complement LSB

Operating system ABI: UNIX - System V

Object file type: Executable file

ELF version: 0.1

Machine: Intel 80386

Link: static

Entrypoint: 0x8048054

Number of segments: 1

Number of sections: 0

Program header table offset: 52

Section header table offset: 0

Program header table - size of entry: 32

Section header table - size of entry: 0

Program header table - entries: 1

Section header table - entries: 0

Section header table - index sections names: 0

Stripped: True

Sections stripped: True

Permission: W^X

PT_LOAD at offset 0x0

Null section headers: True

Debug information: False

Hash

MD5: fe158c5a72a1e5da7d3650be5403b3b5

SHA1: e2ec44d23075cb9fee419cf95aa76ed12991be8d

SHA256: e1654a6ca6e982d0f5aac70869b69f651224206ce518491135ca11f4eb244f6c

SHA512: 81222d03101dfff967c823081b9444524656db00022bc3b5cb76ae820e03c6ec3ff131d4fb7e2f8585472d34cee11d40eaef437adefd7e6323666bfb33b8fa92

ssdeep: 3:Bkkk/tMlwXll/O/slrCs4X1lFrSwfjsscIM8IPNioOHyUvwGcV5QfE2:Btk/tMl//E2s4UscIKQXSEwhV5QfE2

Bytes

Entropy: 4.68418920876

Min entropy (16KB blocks): -1.0

Max entropy (16KB blocks): -1.0

Unique bytes (0-255): 67

Null bytes: 69

White spaces: 5

Printable bytes: 42

First 16B: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00

Last 16B: 78 02 ff e1 b8 01 00 00 00 bb 01 00 00 00 cd 80

Byte: 0x0

Offset: 0x1f

Length: 10

0xfc - 0 times
0xfd - 0 times
0xfe - 0 times

0x0 - 69 times
0x1 - 9 times
0x80 - 9 times

File type

Mime type: application/x-executable

File type: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size

VirusTotal

Error: Resource not found

Code Explore

Number of functions: 0

Sandbox (user)

Standard output:

Standard error:

Sandbox (root)

Standard output:

Standard error:

Behavior

nanosleep
socket
execve
connect

Unique number: 4

Total number: 11

strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: 5.0

commit_creds
nanosleep
socket
execve
connect

Unique number: 5

Total number: 9

strchr

Unique number: 1

Total number: 1

Number of processes: 1

Trace lines lost: 0

Max sleep: 5.0

e1654a6ca6e982d0f5aac70869b69f651224206ce518491135ca11f4eb244f6c

Summary

ELF

Anomalies

Entrypoint

Segments

W^X permission

Sections

Hash

Bytes

Longest same bytes sequence

Three rarest bytes

Three most common bytes

File type

VirusTotal

Code Explore

Nucleus

Eh_frame

Sandbox (user)

Sandbox (root)

Behavior

User behavior

Syscalls

Unique

Instrumented libc calls

Unique

Root behavior

Syscalls

Unique

Instrumented libc calls

Unique