Sample : e1654a6ca6e982d0f5aac70869b69f651224206ce518491135ca11f4eb244f6c

Modules

Summary

OS ABI

UNIX - System V
CPU class

32 bit
Persistence (user)

No
Persistence (root)

No
CPU byte order

2's complement LSB
File type

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size
CPU type

Intel 80386
Entropy

4.68418920876
Syscalls executed (root)

9
Syscalls executed (user)

11
ELF type

Executable file

ELF

Class

32 bit
Data encoding

2's complement LSB
Operating system ABI

UNIX - System V
Object file type

Executable file
ELF version

0.1
Machine

Intel 80386
Link

static
Entrypoint

0x8048054
Number of segments

1
Number of sections

0
Program header table offset

52
Section header table offset

0
Program header table - size of entry

32
Section header table - size of entry

0
Program header table - entries

1
Section header table - entries

0
Section header table - index sections names

0
Stripped

True
Sections stripped

True
Anomalies


Entrypoint
Permission : W
^
X


Segments
W^X permission : PT_LOAD at offset 0x0


Sections
Null section headers : True


Debug information

False

Hash

MD5

fe158c5a72a1e5da7d3650be5403b3b5
SHA1

e2ec44d23075cb9fee419cf95aa76ed12991be8d
SHA256

e1654a6ca6e982d0f5aac70869b69f651224206ce518491135ca11f4eb244f6c
SHA512

81222d03101dfff967c823081b9444524656db00022bc3b5cb76ae820e03c6ec3ff131d4fb7e2f8585472d34cee11d40eaef437adefd7e6323666bfb33b8fa92
ssdeep

3:Bkkk/tMlwXll/O/slrCs4X1lFrSwfjsscIM8IPNioOHyUvwGcV5QfE2:Btk/tMl//E2s4UscIKQXSEwhV5QfE2

Bytes

Entropy

4.68418920876
Min entropy (16KB blocks)

-1.0
Max entropy (16KB blocks)

-1.0
Unique bytes (0-255)

67
Null bytes

69
White spaces

5
Printable bytes

42
First 16B

7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Last 16B

78 02 ff e1 b8 01 00 00 00 bb 01 00 00 00 cd 80
Longest same bytes sequence

Byte : 0x0

Offset : 0x1f

Length : 10

Three rarest bytes

0xfc - 0 times

0xfd - 0 times

0xfe - 0 times

Three most common bytes

0x0 - 69 times

0x1 - 9 times

0x80 - 9 times

File type

Mime type

application/x-executable
File type

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size

VirusTotal

Error

Resource not found

Code Explore

Nucleus

Number of functions : 0

Eh_frame

Sandbox (user)

Standard output

Standard error

Sandbox (root)

Standard output

Standard error

Behavior

User behavior

Syscalls


Unique
nanosleep
socket
execve
connect


Unique number
4

Total number
11

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Max sleep

5.0



Root behavior

Syscalls


Unique
commit_creds
nanosleep
socket
execve
connect


Unique number
5

Total number
9

Instrumented libc calls


Unique
strchr


Unique number
1

Total number
1

Number of processes

1

Trace lines lost

0

Max sleep

5.0