Edit tour

Linux Analysis Report
mzdWUcvUU2.elf

Overview

General Information

Sample name:	mzdWUcvUU2.elf renamed because original name is a hash value
Original sample name:	e4a521fa4ced1859f5f853271a22fb3c.elf
Analysis ID:	1447009
MD5:	e4a521fa4ced1859f5f853271a22fb3c
SHA1:	c75ccbbe2b7d0e3db5e87b73e606159c14c53ff7
SHA256:	b0c23a25a0eba05d0bb0c947e0badfc10b67b7f00ce4020fa0c3c43f85e5b3a4
Tags:	32elfgafgytmips
Infos:

Detection

Gafgyt, Mirai

Score:	88
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Gafgyt

Yara detected Mirai

Contains symbols with names commonly found in malware

Opens /proc/net/* files useful for finding connected devices and routers

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample contains strings that are user agent strings indicative of HTTP manipulation

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447009
Start date and time:	2024-05-24 08:27:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	mzdWUcvUU2.elf renamed because original name is a hash value
Original Sample Name:	e4a521fa4ced1859f5f853271a22fb3c.elf
Detection:	MAL
Classification:	mal88.spre.troj.linELF@0/1@0/0

Warnings

VT rate limit hit for: mzdWUcvUU2.elf

Runtime Messages

Command:	/tmp/mzdWUcvUU2.elf
PID:	6213
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6199, Parent: 4331)

rm (PID: 6199, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.rvUodmgBFz /tmp/tmp.kbcm3CnpXc /tmp/tmp.ntMrqaC4IJ

dash New Fork (PID: 6200, Parent: 4331)

rm (PID: 6200, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.rvUodmgBFz /tmp/tmp.kbcm3CnpXc /tmp/tmp.ntMrqaC4IJ

mzdWUcvUU2.elf (PID: 6213, Parent: 6126, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mzdWUcvUU2.elf

mzdWUcvUU2.elf New Fork (PID: 6215, Parent: 6213)

mzdWUcvUU2.elf New Fork (PID: 6217, Parent: 6213)

mzdWUcvUU2.elf New Fork (PID: 6219, Parent: 6217)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
mzdWUcvUU2.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
mzdWUcvUU2.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
mzdWUcvUU2.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1e2d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e30c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e35c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e44c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6215.1.00007f148c400000.00007f148c422000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6215.1.00007f148c400000.00007f148c422000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1e2d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e30c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e35c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e44c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6213.1.00007f148c400000.00007f148c422000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6213.1.00007f148c400000.00007f148c422000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1e2d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e30c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e35c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e44c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6217.1.00007f148c400000.00007f148c422000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6217.1.00007f148c400000.00007f148c422000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1e2d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e2f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e30c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e320:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e334:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e348:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e35c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e370:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e384:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e398:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e3fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e410:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e424:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e438:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e44c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e460:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mzdWUcvUU2.elf PID: 6213	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mzdWUcvUU2.elf PID: 6213	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x917e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9192:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91f6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x920a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x921e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9232:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9246:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x925a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x926e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9282:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9296:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92aa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92d2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92e6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92fa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x930e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mzdWUcvUU2.elf PID: 6215	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mzdWUcvUU2.elf PID: 6215	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x5fb7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5fcb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5fdf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5ff3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6007:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x601b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x602f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6043:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6057:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x606b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x607f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6093:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60a7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60bb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60cf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60e3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x60f7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x610b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x611f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6133:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6147:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mzdWUcvUU2.elf PID: 6217	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mzdWUcvUU2.elf PID: 6217	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x948a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x949e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x94b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x94c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x94da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x94ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9502:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9516:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x952a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x953e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9552:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9566:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x957a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x958e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x95a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x95b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x95ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x95de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x95f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9606:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x961a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: mzdWUcvUU2.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: mzdWUcvUU2.elf

ReversingLabs: Detection: 63%

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/mzdWUcvUU2.elf (PID: 6213)

Opens: /proc/net/route

Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.23:47256 -> 64.23.184.217:666

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217
Source: unknown	TCP traffic detected without corresponding DNS query: 64.23.184.217

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: mzdWUcvUU2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6215.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6213.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6217.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mzdWUcvUU2.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mzdWUcvUU2.elf PID: 6215, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mzdWUcvUU2.elf PID: 6217, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: vseattack

Source: mzdWUcvUU2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6215.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6213.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6217.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mzdWUcvUU2.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mzdWUcvUU2.elf PID: 6215, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mzdWUcvUU2.elf PID: 6217, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal88.spre.troj.linELF@0/1@0/0

Source: /usr/bin/dash (PID: 6199)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.rvUodmgBFz /tmp/tmp.kbcm3CnpXc /tmp/tmp.ntMrqaC4IJ			Jump to behavior
Source: /usr/bin/dash (PID: 6200)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.rvUodmgBFz /tmp/tmp.kbcm3CnpXc /tmp/tmp.ntMrqaC4IJ			Jump to behavior

Source: /tmp/mzdWUcvUU2.elf (PID: 6213)

Queries kernel information via 'uname':

Jump to behavior

Source: mzdWUcvUU2.elf, 6213.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp, mzdWUcvUU2.elf, 6215.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp, mzdWUcvUU2.elf, 6217.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp	Binary or memory string: "x86_64/usr/bin/qemu-mips/tmp/mzdWUcvUU2.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mzdWUcvUU2.elf
Source: mzdWUcvUU2.elf, 6213.1.0000558470b15000.0000558470bbd000.rw-.sdmp, mzdWUcvUU2.elf, 6215.1.0000558470b15000.0000558470b9c000.rw-.sdmp, mzdWUcvUU2.elf, 6217.1.0000558470b15000.0000558470b9c000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: mzdWUcvUU2.elf, 6213.1.0000558470b15000.0000558470bbd000.rw-.sdmp, mzdWUcvUU2.elf, 6215.1.0000558470b15000.0000558470b9c000.rw-.sdmp, mzdWUcvUU2.elf, 6217.1.0000558470b15000.0000558470b9c000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: mzdWUcvUU2.elf, 6213.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.veEX00
Source: mzdWUcvUU2.elf, 6213.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp, mzdWUcvUU2.elf, 6215.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp, mzdWUcvUU2.elf, 6217.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: mzdWUcvUU2.elf, 6213.1.00007ffd520c2000.00007ffd520e3000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.veEX00\t

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: mzdWUcvUU2.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: mzdWUcvUU2.elf, type: SAMPLE
Source: Yara match	File source: 6215.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6213.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6217.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mzdWUcvUU2.elf PID: 6213, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mzdWUcvUU2.elf PID: 6215, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mzdWUcvUU2.elf PID: 6217, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: mzdWUcvUU2.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: mzdWUcvUU2.elf, type: SAMPLE
Source: Yara match	File source: 6215.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6213.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6217.1.00007f148c400000.00007f148c422000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mzdWUcvUU2.elf PID: 6213, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mzdWUcvUU2.elf PID: 6215, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mzdWUcvUU2.elf PID: 6217, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mzdWUcvUU2.elf	63%	ReversingLabs	Linux.Backdoor.Bashlite
mzdWUcvUU2.elf	100%	Avira	LINUX/Mirai.Gafgyt.

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
64.23.184.217	unknown	United States	3064	AFFINITY-FTLUS	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
109.202.202.202	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	SecuriteInfo.com.Linux.Mirai.REAL.tr.23871.3834.elf	Get hash	malicious	Mirai	Browse
	9CQ9cIJc3w.elf	Get hash	malicious	Mirai	Browse
	v15ZfXB65d.elf	Get hash	malicious	Unknown	Browse
	zUCeX9wuiq.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	mOiF84WXdB.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	A8Va4XJ5K5.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	6ZGQp03KWF.elf	Get hash	malicious	Gafgyt	Browse
	DIINNdhQCF.elf	Get hash	malicious	Gafgyt	Browse
64.23.184.217	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	GIPlLTG4sS.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	3oLSV0THh9.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse
91.189.91.43	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	SecuriteInfo.com.Linux.Mirai.REAL.tr.23871.3834.elf	Get hash	malicious	Mirai	Browse
	9CQ9cIJc3w.elf	Get hash	malicious	Mirai	Browse
	v15ZfXB65d.elf	Get hash	malicious	Unknown	Browse
	zUCeX9wuiq.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	mOiF84WXdB.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	A8Va4XJ5K5.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	6ZGQp03KWF.elf	Get hash	malicious	Gafgyt	Browse
	DIINNdhQCF.elf	Get hash	malicious	Gafgyt	Browse
91.189.91.42	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	SecuriteInfo.com.Linux.Mirai.REAL.tr.23871.3834.elf	Get hash	malicious	Mirai	Browse
	9CQ9cIJc3w.elf	Get hash	malicious	Mirai	Browse
	v15ZfXB65d.elf	Get hash	malicious	Unknown	Browse
	zUCeX9wuiq.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	mOiF84WXdB.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	A8Va4XJ5K5.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	6ZGQp03KWF.elf	Get hash	malicious	Gafgyt	Browse
	DIINNdhQCF.elf	Get hash	malicious	Gafgyt	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	GIPlLTG4sS.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
	3oLSV0THh9.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.REAL.tr.23871.3834.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	9CQ9cIJc3w.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	v15ZfXB65d.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	IiALS48m2K.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	185.125.190.26
	1yGFyG1l3i.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	185.125.190.26
	zUCeX9wuiq.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	91.189.91.42
CANONICAL-ASGB	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	GIPlLTG4sS.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
	3oLSV0THh9.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.REAL.tr.23871.3834.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	9CQ9cIJc3w.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	v15ZfXB65d.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	IiALS48m2K.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	185.125.190.26
	1yGFyG1l3i.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	185.125.190.26
	zUCeX9wuiq.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	91.189.91.42
AFFINITY-FTLUS	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse	64.23.184.217
	GIPlLTG4sS.elf	Get hash	malicious	Gafgyt, Mirai	Browse	64.23.184.217
	3oLSV0THh9.elf	Get hash	malicious	Gafgyt, Mirai	Browse	64.23.184.217
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse	64.23.184.217
	2300-02998.exe	Get hash	malicious	FormBook	Browse	66.113.136.229
	6uBxa0vGQt.elf	Get hash	malicious	Gafgyt	Browse	216.110.166.141
	a6lzHWp4pa.exe	Get hash	malicious	LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar	Browse	64.23.223.5
	2T6MGxlKZT.exe	Get hash	malicious	SmokeLoader	Browse	64.23.223.5
	https://www.google.com.bh/url?hl=en&q=https://www.google.com.bh/url?hl%3Den%26q%3Dhttp://www.google.com/amp/www.google.com/amp/www.google.com/amp/%252574%252569%25256E%252579%252575%252572%25256C%25252E%252563%25256F%25256D%25252F%25256D%252576%252574%252575%252575%252566%252537%252533%26source%3Dgmail%26ust%3D1716286979743000%26usg%3DAOvVaw0kIG15Hao_4RLWdhQSbrTj&source=gmail&ust=1716287016979000&usg=AOvVaw2OvZXU7t2_QCy0TjxskKGn	Get hash	malicious	Unknown	Browse	64.23.234.137
	W2uS7iLcSG.elf	Get hash	malicious	Mirai	Browse	207.36.247.170
INIT7CH	LJ6BZHggzR.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	HB7PyjAkmd.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Mirai.REAL.tr.23871.3834.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	9CQ9cIJc3w.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	v15ZfXB65d.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	zUCeX9wuiq.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	109.202.202.202
	mOiF84WXdB.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	109.202.202.202
	A8Va4XJ5K5.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse	109.202.202.202
	6ZGQp03KWF.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	DIINNdhQCF.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/qemu-open.veEX00 (deleted)

Download File

Process:	/tmp/mzdWUcvUU2.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	230
Entropy (8bit):	3.709552666863289
Encrypted:	false
SSDEEP:	6:iekrEcvwAsE5KlwSd4pzKaV6Lpms/a/1VCxGF:ur+m5MwSdIKaV6L1adVRF
MD5:	2E667F43AE18CD1FE3C108641708A82C
SHA1:	12B90DE2DA0FBCFE66F3D6130905E56C8D6A68D3
SHA-256:	6F721492E7A337C5B498A8F55F5EB7AC745AFF716D0B5B08EFF2C1B6B250F983
SHA-512:	D2A0EE2509154EC1098994F38BE172F98F4150399C534A04D5C675D7C05630802225019F19344CC9070C576BC465A4FEB382AC7712DE6BF25E9244B54A9DB830
Malicious:	false
Reputation:	high, very likely benign file
Preview:	Iface.Destination.Gateway .Flags.RefCnt.Use.Metric.Mask..MTU.Window.IRTT .ens160.00000000.c0a80201.0003.0.0.0.00000000.0.0.0.ens160.c0a80200.00000000.0001.0.0.0.ffffff00.0.0.0.

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.353119921997735
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	mzdWUcvUU2.elf
File size:	181'137 bytes
MD5:	e4a521fa4ced1859f5f853271a22fb3c
SHA1:	c75ccbbe2b7d0e3db5e87b73e606159c14c53ff7
SHA256:	b0c23a25a0eba05d0bb0c947e0badfc10b67b7f00ce4020fa0c3c43f85e5b3a4
SHA512:	43c07f6360642b739569d78630f80a6e6403f155daed4e27fed3118ffe8f0d552928fcd8cdcdf1ac1706f47d9314a51ff1b3c5fd856b85994f641cb3190663f2
SSDEEP:	3072:PKn3FSO7m16k9DfF1sHEENZYuW3amB0v4vnaNu:ynmgXNZY3qmB0v4vnaNu
TLSH:	6204B53E7A11ABBEE169827107F66F708F9529D327A09341E26CE7185E3124D1CCFB94
File Content Preview:	.ELF.....................@.....4..]......4. ...(....p........@...@...........................@...@........................ ..C ..C .......\|p.............. D.C D.C D................dt.Q.................................................C.0<...'..D...!'......

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4002d0
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	155068
Section Header Size:	40
Number of Section Headers:	23
Header String Table Index:	20

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.reginfo	MIPS_REGINFO	0x4000d4	0xd4	0x18	0x18	0x2	A	0	0	4
.init	PROGBITS	0x4000ec	0xec	0x8c	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x400180	0x180	0x1cfe0	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x41d160	0x1d160	0x5c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x41d1c0	0x1d1c0	0x4a20	0x0	0x2	A	0	0	16
.eh_frame	PROGBITS	0x432000	0x22000	0x44	0x0	0x3	WA	0	0	4
.tbss	NOBITS	0x432044	0x22044	0x8	0x0	0x403	WAT	0	0	4
.ctors	PROGBITS	0x432044	0x22044	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x43204c	0x2204c	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x432054	0x22054	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x432058	0x22058	0x4c	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x4320b0	0x220b0	0x390	0x0	0x3	WA	0	0	16
.got	PROGBITS	0x432440	0x22440	0x598	0x4	0x10000003	WAp	0	0	16
.sdata	PROGBITS	0x4329d8	0x229d8	0x4	0x0	0x10000003	WAp	0	0	4
.sbss	NOBITS	0x4329dc	0x229dc	0x58	0x0	0x10000003	WAp	0	0	4
.bss	NOBITS	0x432a40	0x229dc	0x7230	0x0	0x3	WA	0	0	16
.comment	PROGBITS	0x0	0x229dc	0xc96	0x0	0x0		0	0	1
.mdebug.abi32	PROGBITS	0xc96	0x23672	0x0	0x0	0x0		0	0	1
.pdr	PROGBITS	0x0	0x23674	0x26a0	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x25d14	0xa7	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x26154	0x3800	0x10	0x0		22	357	4
.strtab	STRTAB	0x0	0x29954	0x2a3d	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xd4	0x4000d4	0x4000d4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x21be0	0x21be0	5.3762	0x5	R E	0x10000	.reginfo .init .text .fini .rodata
LOAD	0x22000	0x432000	0x432000	0x9dc	0x7c70	4.6840	0x6	RW	0x10000	.eh_frame .tbss .ctors .dtors .jcr .data.rel.ro .data .got .sdata .sbss .bss
TLS	0x22044	0x432044	0x432044	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000ec	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x400180	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x41d160	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x41d1c0	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x432000	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x432044	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x432044	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x43204c	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x432054	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x432058	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x4320b0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x432440	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x4329d8	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x4329dc	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x432a40	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0xc96	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
C.1.5091	.symtab	0x421720	24	OBJECT	<unknown>	DEFAULT	5
C.147.6238	.symtab	0x432058	40	OBJECT	<unknown>	DEFAULT	11
C.177.6529	.symtab	0x432094	16	OBJECT	<unknown>	DEFAULT	11
C.178.6530	.symtab	0x432080	20	OBJECT	<unknown>	DEFAULT	11
C.3.5380	.symtab	0x4216fc	12	OBJECT	<unknown>	DEFAULT	5
C.3.6092	.symtab	0x4205c0	12	OBJECT	<unknown>	DEFAULT	5
C.3.6114	.symtab	0x421768	12	OBJECT	<unknown>	DEFAULT	5
C.3.6172	.symtab	0x421740	12	OBJECT	<unknown>	DEFAULT	5
C.4.6115	.symtab	0x42175c	12	OBJECT	<unknown>	DEFAULT	5
C.5.6123	.symtab	0x421750	12	OBJECT	<unknown>	DEFAULT	5
C.6.5518	.symtab	0x4216f0	12	OBJECT	<unknown>	DEFAULT	5
FRAMESZ	.symtab	0x20	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
FRAMESZ	.symtab	0x18	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
GPOFF	.symtab	0x18	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
GPOFF	.symtab	0x14	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
KHcommSOCK	.symtab	0x432a60	4	OBJECT	<unknown>	DEFAULT	16
KHserverHACKER	.symtab	0x4320e4	4	OBJECT	<unknown>	DEFAULT	12
LOCALSZ	.symtab	0x3	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
LOCALSZ	.symtab	0x1	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
LOCAL_ADDR	.symtab	0x4329dc	4	OBJECT	<unknown>	DEFAULT	15
Q	.symtab	0x432a7c	16384	OBJECT	<unknown>	DEFAULT	16
RAOFF	.symtab	0x1c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
UserAgents	.symtab	0x432100	144	OBJECT	<unknown>	DEFAULT	12
V0OFF	.symtab	0x14	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_Exit	.symtab	0x40dcf0	76	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_	.symtab	0x432440	0	OBJECT	<unknown>	DEFAULT	13
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x432048	0	OBJECT	<unknown>	DEFAULT	8
__CTOR_LIST__	.symtab	0x432044	0	OBJECT	<unknown>	DEFAULT	8
__C_ctype_b	.symtab	0x4321a0	4	OBJECT	<unknown>	DEFAULT	12
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x41ffc0	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_tolower	.symtab	0x432430	4	OBJECT	<unknown>	DEFAULT	12
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x4218e0	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_toupper	.symtab	0x4321b0	4	OBJECT	<unknown>	DEFAULT	12
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x4202c0	768	OBJECT	<unknown>	DEFAULT	5
__DTOR_END__	.symtab	0x432050	0	OBJECT	<unknown>	DEFAULT	9
__DTOR_LIST__	.symtab	0x43204c	0	OBJECT	<unknown>	DEFAULT	9
__EH_FRAME_BEGIN__	.symtab	0x432000	0	OBJECT	<unknown>	DEFAULT	6
__FRAME_END__	.symtab	0x432040	0	OBJECT	<unknown>	DEFAULT	6
__GI___C_ctype_b	.symtab	0x4321a0	4	OBJECT	<unknown>	HIDDEN	12
__GI___C_ctype_tolower	.symtab	0x432430	4	OBJECT	<unknown>	HIDDEN	12
__GI___C_ctype_toupper	.symtab	0x4321b0	4	OBJECT	<unknown>	HIDDEN	12
__GI___close	.symtab	0x4142fc	176	FUNC	<unknown>	HIDDEN	3
__GI___close_nocancel	.symtab	0x4142d4	40	FUNC	<unknown>	HIDDEN	3
__GI___ctype_b	.symtab	0x4321a4	4	OBJECT	<unknown>	HIDDEN	12
__GI___ctype_tolower	.symtab	0x432434	4	OBJECT	<unknown>	HIDDEN	12
__GI___ctype_toupper	.symtab	0x4321b4	4	OBJECT	<unknown>	HIDDEN	12
__GI___errno_location	.symtab	0x40e280	28	FUNC	<unknown>	HIDDEN	3
__GI___fcntl_nocancel	.symtab	0x40db70	108	FUNC	<unknown>	HIDDEN	3
__GI___fgetc_unlocked	.symtab	0x4181f0	388	FUNC	<unknown>	HIDDEN	3
__GI___glibc_strerror_r	.symtab	0x410160	68	FUNC	<unknown>	HIDDEN	3
__GI___libc_close	.symtab	0x4142fc	176	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl	.symtab	0x40dbdc	268	FUNC	<unknown>	HIDDEN	3
__GI___libc_open	.symtab	0x4143ec	192	FUNC	<unknown>	HIDDEN	3
__GI___libc_read	.symtab	0x4145ec	192	FUNC	<unknown>	HIDDEN	3
__GI___libc_waitpid	.symtab	0x4146ec	192	FUNC	<unknown>	HIDDEN	3
__GI___libc_write	.symtab	0x4144ec	192	FUNC	<unknown>	HIDDEN	3
__GI___open	.symtab	0x4143ec	192	FUNC	<unknown>	HIDDEN	3
__GI___open_nocancel	.symtab	0x4143c4	40	FUNC	<unknown>	HIDDEN	3
__GI___read	.symtab	0x4145ec	192	FUNC	<unknown>	HIDDEN	3
__GI___read_nocancel	.symtab	0x4145c4	40	FUNC	<unknown>	HIDDEN	3
__GI___register_atfork	.symtab	0x413d60	452	FUNC	<unknown>	HIDDEN	3
__GI___sigaddset	.symtab	0x410e08	44	FUNC	<unknown>	HIDDEN	3
__GI___sigdelset	.symtab	0x410e34	48	FUNC	<unknown>	HIDDEN	3
__GI___sigismember	.symtab	0x410de0	40	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_fini	.symtab	0x414960	204	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_init	.symtab	0x414ab4	120	FUNC	<unknown>	HIDDEN	3
__GI___waitpid	.symtab	0x4146ec	192	FUNC	<unknown>	HIDDEN	3
__GI___write	.symtab	0x4144ec	192	FUNC	<unknown>	HIDDEN	3
__GI___write_nocancel	.symtab	0x4144c4	40	FUNC	<unknown>	HIDDEN	3
__GI___xpg_strerror_r	.symtab	0x4101b0	380	FUNC	<unknown>	HIDDEN	3
__GI__exit	.symtab	0x40dcf0	76	FUNC	<unknown>	HIDDEN	3
__GI_abort	.symtab	0x4125d0	408	FUNC	<unknown>	HIDDEN	3
__GI_atoi	.symtab	0x412ef0	28	FUNC	<unknown>	HIDDEN	3
__GI_brk	.symtab	0x419790	80	FUNC	<unknown>	HIDDEN	3
__GI_close	.symtab	0x4142fc	176	FUNC	<unknown>	HIDDEN	3
__GI_closedir	.symtab	0x4153d0	292	FUNC	<unknown>	HIDDEN	3
__GI_config_close	.symtab	0x415dc4	132	FUNC	<unknown>	HIDDEN	3
__GI_config_open	.symtab	0x415e48	116	FUNC	<unknown>	HIDDEN	3
__GI_config_read	.symtab	0x415900	1220	FUNC	<unknown>	HIDDEN	3
__GI_connect	.symtab	0x4104cc	220	FUNC	<unknown>	HIDDEN	3
__GI_dup2	.symtab	0x40dd80	60	FUNC	<unknown>	HIDDEN	3
__GI_execl	.symtab	0x413210	196	FUNC	<unknown>	HIDDEN	3
__GI_execve	.symtab	0x4150c0	60	FUNC	<unknown>	HIDDEN	3
__GI_exit	.symtab	0x413120	240	FUNC	<unknown>	HIDDEN	3
__GI_fclose	.symtab	0x416030	804	FUNC	<unknown>	HIDDEN	3
__GI_fcntl	.symtab	0x40dbdc	268	FUNC	<unknown>	HIDDEN	3
__GI_fflush_unlocked	.symtab	0x417e38	940	FUNC	<unknown>	HIDDEN	3
__GI_fgetc	.symtab	0x4178f0	372	FUNC	<unknown>	HIDDEN	3
__GI_fgetc_unlocked	.symtab	0x4181f0	388	FUNC	<unknown>	HIDDEN	3
__GI_fgets	.symtab	0x417a70	320	FUNC	<unknown>	HIDDEN	3
__GI_fgets_unlocked	.symtab	0x418380	276	FUNC	<unknown>	HIDDEN	3
__GI_fopen	.symtab	0x416360	28	FUNC	<unknown>	HIDDEN	3
__GI_fork	.symtab	0x413930	988	FUNC	<unknown>	HIDDEN	3
__GI_fputs_unlocked	.symtab	0x40f920	124	FUNC	<unknown>	HIDDEN	3
__GI_fseek	.symtab	0x419c90	68	FUNC	<unknown>	HIDDEN	3
__GI_fseeko64	.symtab	0x419ce0	500	FUNC	<unknown>	HIDDEN	3
__GI_fstat	.symtab	0x419860	136	FUNC	<unknown>	HIDDEN	3
__GI_fwrite_unlocked	.symtab	0x40f9a0	268	FUNC	<unknown>	HIDDEN	3
__GI_getc_unlocked	.symtab	0x4181f0	388	FUNC	<unknown>	HIDDEN	3
__GI_getdtablesize	.symtab	0x40ddc0	72	FUNC	<unknown>	HIDDEN	3
__GI_getegid	.symtab	0x415100	16	FUNC	<unknown>	HIDDEN	3
__GI_geteuid	.symtab	0x40de10	16	FUNC	<unknown>	HIDDEN	3
__GI_getgid	.symtab	0x415110	16	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname	.symtab	0x410400	28	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname2	.symtab	0x410420	104	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname2_r	.symtab	0x418f80	948	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname_r	.symtab	0x41c190	968	FUNC	<unknown>	HIDDEN	3
__GI_gethostname	.symtab	0x41c5c0	192	FUNC	<unknown>	HIDDEN	3
__GI_getpagesize	.symtab	0x415120	48	FUNC	<unknown>	HIDDEN	3
__GI_getpid	.symtab	0x413f30	84	FUNC	<unknown>	HIDDEN	3
__GI_getrlimit	.symtab	0x40de30	60	FUNC	<unknown>	HIDDEN	3
__GI_getsockname	.symtab	0x4105b0	60	FUNC	<unknown>	HIDDEN	3
__GI_getuid	.symtab	0x415150	16	FUNC	<unknown>	HIDDEN	3
__GI_htonl	.symtab	0x4103a0	8	FUNC	<unknown>	HIDDEN	3
__GI_htons	.symtab	0x4103a8	8	FUNC	<unknown>	HIDDEN	3
__GI_inet_addr	.symtab	0x4103b0	72	FUNC	<unknown>	HIDDEN	3
__GI_inet_aton	.symtab	0x418e80	244	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntop	.symtab	0x41a9ec	852	FUNC	<unknown>	HIDDEN	3
__GI_inet_pton	.symtab	0x41a578	696	FUNC	<unknown>	HIDDEN	3
__GI_initstate_r	.symtab	0x412cac	300	FUNC	<unknown>	HIDDEN	3
__GI_ioctl	.symtab	0x40de70	248	FUNC	<unknown>	HIDDEN	3
__GI_isatty	.symtab	0x418d90	60	FUNC	<unknown>	HIDDEN	3
__GI_kill	.symtab	0x40df70	56	FUNC	<unknown>	HIDDEN	3
__GI_lseek64	.symtab	0x41c870	140	FUNC	<unknown>	HIDDEN	3
__GI_memchr	.symtab	0x4184a0	260	FUNC	<unknown>	HIDDEN	3
__GI_memcpy	.symtab	0x40fab0	308	FUNC	<unknown>	HIDDEN	3
__GI_memmove	.symtab	0x4185b0	824	FUNC	<unknown>	HIDDEN	3
__GI_mempcpy	.symtab	0x41a380	76	FUNC	<unknown>	HIDDEN	3
__GI_memrchr	.symtab	0x4188f0	260	FUNC	<unknown>	HIDDEN	3
__GI_memset	.symtab	0x40fbf0	144	FUNC	<unknown>	HIDDEN	3
__GI_mmap	.symtab	0x414fa0	112	FUNC	<unknown>	HIDDEN	3
__GI_mremap	.symtab	0x415160	96	FUNC	<unknown>	HIDDEN	3
__GI_munmap	.symtab	0x4151c0	60	FUNC	<unknown>	HIDDEN	3
__GI_nanosleep	.symtab	0x41523c	200	FUNC	<unknown>	HIDDEN	3
__GI_ntohl	.symtab	0x410390	8	FUNC	<unknown>	HIDDEN	3
__GI_ntohs	.symtab	0x410398	8	FUNC	<unknown>	HIDDEN	3
__GI_open	.symtab	0x4143ec	192	FUNC	<unknown>	HIDDEN	3
__GI_opendir	.symtab	0x415614	240	FUNC	<unknown>	HIDDEN	3
__GI_pipe	.symtab	0x40dad0	64	FUNC	<unknown>	HIDDEN	3
__GI_poll	.symtab	0x41c6bc	220	FUNC	<unknown>	HIDDEN	3
__GI_raise	.symtab	0x413f90	264	FUNC	<unknown>	HIDDEN	3
__GI_random	.symtab	0x412790	164	FUNC	<unknown>	HIDDEN	3
__GI_random_r	.symtab	0x412a70	172	FUNC	<unknown>	HIDDEN	3
__GI_rawmemchr	.symtab	0x41a3d0	192	FUNC	<unknown>	HIDDEN	3
__GI_read	.symtab	0x4145ec	192	FUNC	<unknown>	HIDDEN	3
__GI_readdir64	.symtab	0x4157f0	272	FUNC	<unknown>	HIDDEN	3
__GI_recv	.symtab	0x41068c	240	FUNC	<unknown>	HIDDEN	3
__GI_recvfrom	.symtab	0x4107f0	280	FUNC	<unknown>	HIDDEN	3
__GI_sbrk	.symtab	0x415310	164	FUNC	<unknown>	HIDDEN	3
__GI_select	.symtab	0x40e070	260	FUNC	<unknown>	HIDDEN	3
__GI_send	.symtab	0x41094c	240	FUNC	<unknown>	HIDDEN	3
__GI_sendto	.symtab	0x410ab0	280	FUNC	<unknown>	HIDDEN	3
__GI_setsockopt	.symtab	0x410bd0	96	FUNC	<unknown>	HIDDEN	3
__GI_setstate_r	.symtab	0x412dd8	272	FUNC	<unknown>	HIDDEN	3
__GI_sigaction	.symtab	0x415010	28	FUNC	<unknown>	HIDDEN	3
__GI_sigaddset	.symtab	0x410c70	76	FUNC	<unknown>	HIDDEN	3
__GI_sigemptyset	.symtab	0x410cc0	36	FUNC	<unknown>	HIDDEN	3
__GI_signal	.symtab	0x410cf0	228	FUNC	<unknown>	HIDDEN	3
__GI_sigprocmask	.symtab	0x40e180	176	FUNC	<unknown>	HIDDEN	3
__GI_sleep	.symtab	0x4140a0	404	FUNC	<unknown>	HIDDEN	3
__GI_socket	.symtab	0x410c30	60	FUNC	<unknown>	HIDDEN	3
__GI_sprintf	.symtab	0x40e310	80	FUNC	<unknown>	HIDDEN	3
__GI_srandom_r	.symtab	0x412b1c	400	FUNC	<unknown>	HIDDEN	3
__GI_stat	.symtab	0x41c7a0	136	FUNC	<unknown>	HIDDEN	3
__GI_strcasecmp	.symtab	0x41cf40	108	FUNC	<unknown>	HIDDEN	3
__GI_strchr	.symtab	0x40fc80	248	FUNC	<unknown>	HIDDEN	3
__GI_strchrnul	.symtab	0x418a00	248	FUNC	<unknown>	HIDDEN	3
__GI_strcmp	.symtab	0x40fd80	44	FUNC	<unknown>	HIDDEN	3
__GI_strcoll	.symtab	0x40fd80	44	FUNC	<unknown>	HIDDEN	3
__GI_strcpy	.symtab	0x40fdb0	36	FUNC	<unknown>	HIDDEN	3
__GI_strcspn	.symtab	0x418b00	144	FUNC	<unknown>	HIDDEN	3
__GI_strdup	.symtab	0x41c900	140	FUNC	<unknown>	HIDDEN	3
__GI_strlen	.symtab	0x40fde0	184	FUNC	<unknown>	HIDDEN	3
__GI_strncpy	.symtab	0x40fea0	188	FUNC	<unknown>	HIDDEN	3
__GI_strnlen	.symtab	0x40ff60	248	FUNC	<unknown>	HIDDEN	3
__GI_strpbrk	.symtab	0x418d50	64	FUNC	<unknown>	HIDDEN	3
__GI_strrchr	.symtab	0x418b90	160	FUNC	<unknown>	HIDDEN	3
__GI_strspn	.symtab	0x418c30	72	FUNC	<unknown>	HIDDEN	3
__GI_strstr	.symtab	0x410060	256	FUNC	<unknown>	HIDDEN	3
__GI_strtok	.symtab	0x410370	32	FUNC	<unknown>	HIDDEN	3
__GI_strtok_r	.symtab	0x418c80	208	FUNC	<unknown>	HIDDEN	3
__GI_strtol	.symtab	0x412f10	28	FUNC	<unknown>	HIDDEN	3
__GI_sysconf	.symtab	0x4134dc	792	FUNC	<unknown>	HIDDEN	3
__GI_tcgetattr	.symtab	0x418dd0	176	FUNC	<unknown>	HIDDEN	3
__GI_time	.symtab	0x40e230	16	FUNC	<unknown>	HIDDEN	3
__GI_times	.symtab	0x4153c0	16	FUNC	<unknown>	HIDDEN	3
__GI_toupper	.symtab	0x40e240	60	FUNC	<unknown>	HIDDEN	3
__GI_uname	.symtab	0x41c830	60	FUNC	<unknown>	HIDDEN	3
__GI_vfork	.symtab	0x413890	152	FUNC	<unknown>	HIDDEN	3
__GI_vsnprintf	.symtab	0x40e360	248	FUNC	<unknown>	HIDDEN	3
__GI_waitpid	.symtab	0x4146ec	192	FUNC	<unknown>	HIDDEN	3
__GI_wcrtomb	.symtab	0x415ec0	108	FUNC	<unknown>	HIDDEN	3
__GI_wcsnrtombs	.symtab	0x415f70	192	FUNC	<unknown>	HIDDEN	3
__GI_wcsrtombs	.symtab	0x415f30	64	FUNC	<unknown>	HIDDEN	3
__GI_write	.symtab	0x4144ec	192	FUNC	<unknown>	HIDDEN	3
__JCR_END__	.symtab	0x432054	0	OBJECT	<unknown>	DEFAULT	10
__JCR_LIST__	.symtab	0x432054	0	OBJECT	<unknown>	DEFAULT	10
__app_fini	.symtab	0x4371fc	4	OBJECT	<unknown>	HIDDEN	16
__atexit_lock	.symtab	0x4322d0	24	OBJECT	<unknown>	DEFAULT	12
__bss_start	.symtab	0x4329dc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x414a2c	136	FUNC	<unknown>	DEFAULT	3
__close	.symtab	0x4142fc	176	FUNC	<unknown>	DEFAULT	3
__close_nameservers	.symtab	0x41c040	220	FUNC	<unknown>	HIDDEN	3
__close_nocancel	.symtab	0x4142d4	40	FUNC	<unknown>	DEFAULT	3
__ctype_b	.symtab	0x4321a4	4	OBJECT	<unknown>	DEFAULT	12
__ctype_tolower	.symtab	0x432434	4	OBJECT	<unknown>	DEFAULT	12
__ctype_toupper	.symtab	0x4321b4	4	OBJECT	<unknown>	DEFAULT	12
__curbrk	.symtab	0x439770	4	OBJECT	<unknown>	HIDDEN	16
__data_start	.symtab	0x4320c0	0	OBJECT	<unknown>	DEFAULT	12
__decode_dotted	.symtab	0x41ad40	400	FUNC	<unknown>	HIDDEN	3
__decode_header	.symtab	0x41cab0	228	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x41aed0	2608	FUNC	<unknown>	HIDDEN	3
__do_global_ctors_aux	.symtab	0x41d0f0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x400180	0	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x4329d8	0	OBJECT	<unknown>	HIDDEN	14
__encode_dotted	.symtab	0x41cfb0	316	FUNC	<unknown>	HIDDEN	3
__encode_header	.symtab	0x41c990	276	FUNC	<unknown>	HIDDEN	3
__encode_question	.symtab	0x41cba0	172	FUNC	<unknown>	HIDDEN	3
__environ	.symtab	0x4371f4	4	OBJECT	<unknown>	DEFAULT	16
__errno_location	.symtab	0x40e280	28	FUNC	<unknown>	DEFAULT	3
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x436c90	4	OBJECT	<unknown>	HIDDEN	16
__fcntl_nocancel	.symtab	0x40db70	108	FUNC	<unknown>	DEFAULT	3
__fgetc_unlocked	.symtab	0x4181f0	388	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x432044	0	NOTYPE	<unknown>	HIDDEN	7
__fini_array_start	.symtab	0x432044	0	NOTYPE	<unknown>	HIDDEN	7
__fork	.symtab	0x413930	988	FUNC	<unknown>	DEFAULT	3
__fork_generation_pointer	.symtab	0x4329f0	4	OBJECT	<unknown>	HIDDEN	15
__fork_handlers	.symtab	0x4329f4	4	OBJECT	<unknown>	HIDDEN	15
__fork_lock	.symtab	0x436ca0	4	OBJECT	<unknown>	HIDDEN	16
__get_hosts_byname_r	.symtab	0x41c120	104	FUNC	<unknown>	HIDDEN	3
__getdents64	.symtab	0x419ad0	436	FUNC	<unknown>	HIDDEN	3
__getpagesize	.symtab	0x415120	48	FUNC	<unknown>	DEFAULT	3
__getpid	.symtab	0x413f30	84	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r	.symtab	0x410160	68	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x432044	0	NOTYPE	<unknown>	HIDDEN	7
__init_array_start	.symtab	0x432044	0	NOTYPE	<unknown>	HIDDEN	7
__libc_close	.symtab	0x4142fc	176	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x4104cc	220	FUNC	<unknown>	DEFAULT	3
__libc_disable_asynccancel	.symtab	0x4147b0	136	FUNC	<unknown>	HIDDEN	3
__libc_enable_asynccancel	.symtab	0x414838	220	FUNC	<unknown>	HIDDEN	3
__libc_errno	.symtab	0x0	4	TLS	<unknown>	HIDDEN	7
__libc_fcntl	.symtab	0x40dbdc	268	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x413930	988	FUNC	<unknown>	DEFAULT	3
__libc_h_errno	.symtab	0x4	4	TLS	<unknown>	HIDDEN	7
__libc_nanosleep	.symtab	0x41523c	200	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x4143ec	192	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x4145ec	192	FUNC	<unknown>	DEFAULT	3
__libc_recv	.symtab	0x41068c	240	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom	.symtab	0x4107f0	280	FUNC	<unknown>	DEFAULT	3
__libc_select	.symtab	0x40e070	260	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x41094c	240	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x410ab0	280	FUNC	<unknown>	DEFAULT	3
__libc_setup_tls	.symtab	0x419418	660	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x415010	28	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x4371f0	4	OBJECT	<unknown>	DEFAULT	16
__libc_waitpid	.symtab	0x4146ec	192	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x4144ec	192	FUNC	<unknown>	DEFAULT	3
__linkin_atfork	.symtab	0x413d10	80	FUNC	<unknown>	HIDDEN	3
__lll_lock_wait_private	.symtab	0x414240	120	FUNC	<unknown>	HIDDEN	3
__local_nameserver	.symtab	0x4218c0	16	OBJECT	<unknown>	HIDDEN	5
__malloc_consolidate	.symtab	0x4120d4	520	FUNC	<unknown>	HIDDEN	3
__malloc_largebin_index	.symtab	0x410e70	140	FUNC	<unknown>	DEFAULT	3
__malloc_lock	.symtab	0x4321d0	24	OBJECT	<unknown>	DEFAULT	12
__malloc_state	.symtab	0x4398f8	888	OBJECT	<unknown>	DEFAULT	16
__malloc_trim	.symtab	0x411fb0	292	FUNC	<unknown>	DEFAULT	3
__nameserver	.symtab	0x432a28	4	OBJECT	<unknown>	HIDDEN	15
__nameservers	.symtab	0x432a2c	4	OBJECT	<unknown>	HIDDEN	15
__nptl_deallocate_tsd	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__nptl_nthreads	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__open	.symtab	0x4143ec	192	FUNC	<unknown>	DEFAULT	3
__open_etc_hosts	.symtab	0x41cc50	32	FUNC	<unknown>	HIDDEN	3
__open_nameservers	.symtab	0x41b9d0	1636	FUNC	<unknown>	HIDDEN	3
__open_nocancel	.symtab	0x4143c4	40	FUNC	<unknown>	DEFAULT	3
__pagesize	.symtab	0x4371f8	4	OBJECT	<unknown>	DEFAULT	16
__preinit_array_end	.symtab	0x432044	0	NOTYPE	<unknown>	HIDDEN	7
__preinit_array_start	.symtab	0x432044	0	NOTYPE	<unknown>	HIDDEN	7
__progname	.symtab	0x4322f4	4	OBJECT	<unknown>	DEFAULT	12
__progname_full	.symtab	0x4322f8	4	OBJECT	<unknown>	DEFAULT	12
__pthread_initialize_minimal	.symtab	0x4196ac	28	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_init	.symtab	0x414928	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_lock	.symtab	0x414920	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_trylock	.symtab	0x414920	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_unlock	.symtab	0x414920	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_0	.symtab	0x414920	8	FUNC	<unknown>	DEFAULT	3
__pthread_unwind	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__read	.symtab	0x4145ec	192	FUNC	<unknown>	DEFAULT	3
__read_etc_hosts_r	.symtab	0x41cc70	720	FUNC	<unknown>	HIDDEN	3
__read_nocancel	.symtab	0x4145c4	40	FUNC	<unknown>	DEFAULT	3
__register_atfork	.symtab	0x413d60	452	FUNC	<unknown>	DEFAULT	3
__register_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__res_sync	.symtab	0x432a20	4	OBJECT	<unknown>	HIDDEN	15
__resolv_attempts	.symtab	0x432421	1	OBJECT	<unknown>	HIDDEN	12
__resolv_lock	.symtab	0x439790	24	OBJECT	<unknown>	DEFAULT	16
__resolv_timeout	.symtab	0x432420	1	OBJECT	<unknown>	HIDDEN	12
__rtld_fini	.symtab	0x437200	4	OBJECT	<unknown>	HIDDEN	16
__searchdomain	.symtab	0x432a24	4	OBJECT	<unknown>	HIDDEN	15
__searchdomains	.symtab	0x432a30	4	OBJECT	<unknown>	HIDDEN	15
__sigaddset	.symtab	0x410e08	44	FUNC	<unknown>	DEFAULT	3
__sigdelset	.symtab	0x410e34	48	FUNC	<unknown>	DEFAULT	3
__sigismember	.symtab	0x410de0	40	FUNC	<unknown>	DEFAULT	3
__sigjmp_save	.symtab	0x41c560	96	FUNC	<unknown>	HIDDEN	3
__sigsetjmp	.symtab	0x415050	36	FUNC	<unknown>	DEFAULT	3
__sigsetjmp_aux	.symtab	0x4197e0	128	FUNC	<unknown>	DEFAULT	3
__start	.symtab	0x4002d0	100	FUNC	<unknown>	DEFAULT	3
__stdin	.symtab	0x43231c	4	OBJECT	<unknown>	DEFAULT	12
__stdio_READ	.symtab	0x419ee0	144	FUNC	<unknown>	HIDDEN	3
__stdio_WRITE	.symtab	0x419f70	344	FUNC	<unknown>	HIDDEN	3
__stdio_adjust_position	.symtab	0x41a0d0	256	FUNC	<unknown>	HIDDEN	3
__stdio_fwrite	.symtab	0x416810	472	FUNC	<unknown>	HIDDEN	3
__stdio_rfill	.symtab	0x41a1d0	88	FUNC	<unknown>	HIDDEN	3
__stdio_seek	.symtab	0x41a310	112	FUNC	<unknown>	HIDDEN	3
__stdio_trans2r_o	.symtab	0x41a230	220	FUNC	<unknown>	HIDDEN	3
__stdio_trans2w_o	.symtab	0x416c50	304	FUNC	<unknown>	HIDDEN	3
__stdio_wcommit	.symtab	0x416d80	100	FUNC	<unknown>	HIDDEN	3
__stdout	.symtab	0x432320	4	OBJECT	<unknown>	DEFAULT	12
__sys_connect	.symtab	0x410490	60	FUNC	<unknown>	DEFAULT	3
__sys_recv	.symtab	0x410650	60	FUNC	<unknown>	DEFAULT	3
__sys_recvfrom	.symtab	0x410780	112	FUNC	<unknown>	DEFAULT	3
__sys_send	.symtab	0x410910	60	FUNC	<unknown>	DEFAULT	3
__sys_sendto	.symtab	0x410a40	112	FUNC	<unknown>	DEFAULT	3
__syscall_error	.symtab	0x40db10	92	FUNC	<unknown>	DEFAULT	3
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_nanosleep	.symtab	0x415200	60	FUNC	<unknown>	DEFAULT	3
__syscall_poll	.symtab	0x41c680	60	FUNC	<unknown>	DEFAULT	3
__syscall_rt_sigaction	.symtab	0x415080	60	FUNC	<unknown>	DEFAULT	3
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_select	.symtab	0x40e010	96	FUNC	<unknown>	DEFAULT	3
__tls_get_addr	.symtab	0x4193f8	32	FUNC	<unknown>	DEFAULT	3
__uClibc_fini	.symtab	0x414960	204	FUNC	<unknown>	DEFAULT	3
__uClibc_init	.symtab	0x414ab4	120	FUNC	<unknown>	DEFAULT	3
__uClibc_main	.symtab	0x414b2c	1132	FUNC	<unknown>	DEFAULT	3
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x4322f0	4	OBJECT	<unknown>	HIDDEN	12
__vfork	.symtab	0x413890	152	FUNC	<unknown>	DEFAULT	3
__waitpid	.symtab	0x4146ec	192	FUNC	<unknown>	DEFAULT	3
__waitpid_nocancel	.symtab	0x4146c4	40	FUNC	<unknown>	DEFAULT	3
__write	.symtab	0x4144ec	192	FUNC	<unknown>	DEFAULT	3
__write_nocancel	.symtab	0x4144c4	40	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r	.symtab	0x4101b0	380	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x4199e8	220	FUNC	<unknown>	HIDDEN	3
__xstat64_conv	.symtab	0x4198f0	248	FUNC	<unknown>	HIDDEN	3
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x436a90	10	OBJECT	<unknown>	DEFAULT	16
_charpad	.symtab	0x40e460	156	FUNC	<unknown>	DEFAULT	3
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x439898	40	OBJECT	<unknown>	HIDDEN	16
_custom_printf_handler	.symtab	0x4398c0	40	OBJECT	<unknown>	HIDDEN	16
_custom_printf_spec	.symtab	0x4321c0	4	OBJECT	<unknown>	HIDDEN	12
_dl_aux_init	.symtab	0x4196d0	40	FUNC	<unknown>	DEFAULT	3
_dl_init_static_tls	.symtab	0x432400	4	OBJECT	<unknown>	DEFAULT	12
_dl_nothread_init_static_tls	.symtab	0x4196f8	148	FUNC	<unknown>	HIDDEN	3
_dl_phdr	.symtab	0x432a18	4	OBJECT	<unknown>	DEFAULT	15
_dl_phnum	.symtab	0x432a1c	4	OBJECT	<unknown>	DEFAULT	15
_dl_tls_dtv_gaps	.symtab	0x432a0c	1	OBJECT	<unknown>	DEFAULT	15
_dl_tls_dtv_slotinfo_list	.symtab	0x432a08	4	OBJECT	<unknown>	DEFAULT	15
_dl_tls_generation	.symtab	0x432a10	4	OBJECT	<unknown>	DEFAULT	15
_dl_tls_max_dtv_idx	.symtab	0x432a00	4	OBJECT	<unknown>	DEFAULT	15
_dl_tls_setup	.symtab	0x419394	100	FUNC	<unknown>	DEFAULT	3
_dl_tls_static_align	.symtab	0x4329fc	4	OBJECT	<unknown>	DEFAULT	15
_dl_tls_static_nelem	.symtab	0x432a14	4	OBJECT	<unknown>	DEFAULT	15
_dl_tls_static_size	.symtab	0x432a04	4	OBJECT	<unknown>	DEFAULT	15
_dl_tls_static_used	.symtab	0x4329f8	4	OBJECT	<unknown>	DEFAULT	15
_edata	.symtab	0x4329dc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x439c70	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_exit	.symtab	0x40dcf0	76	FUNC	<unknown>	DEFAULT	3
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fbss	.symtab	0x4329dc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_fdata	.symtab	0x4320b0	0	NOTYPE	<unknown>	DEFAULT	12
_fini	.symtab	0x41d160	28	FUNC	<unknown>	DEFAULT	4
_fixed_buffers	.symtab	0x437230	8192	OBJECT	<unknown>	DEFAULT	16
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x40e4fc	232	FUNC	<unknown>	DEFAULT	3
_fpmaxtostr	.symtab	0x417020	2252	FUNC	<unknown>	HIDDEN	3
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ftext	.symtab	0x400180	0	NOTYPE	<unknown>	DEFAULT	3
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_gp	.symtab	0x43a430	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_gp_disp	.symtab	0x0	0	OBJECT	<unknown>	DEFAULT	SHN_UNDEF
_init	.symtab	0x4000ec	28	FUNC	<unknown>	DEFAULT	2
_load_inttype	.symtab	0x416df0	136	FUNC	<unknown>	HIDDEN	3
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x40ee80	248	FUNC	<unknown>	HIDDEN	3
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x40f28c	1684	FUNC	<unknown>	HIDDEN	3
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x40ef80	100	FUNC	<unknown>	HIDDEN	3
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x40eff0	548	FUNC	<unknown>	HIDDEN	3
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x40f220	108	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_pop_restore	.symtab	0x41493c	36	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_push_defer	.symtab	0x414930	12	FUNC	<unknown>	DEFAULT	3
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_setjmp	.symtab	0x415030	28	FUNC	<unknown>	DEFAULT	3
_sigintr	.symtab	0x4398e8	16	OBJECT	<unknown>	HIDDEN	16
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x416380	1168	FUNC	<unknown>	HIDDEN	3
_stdio_init	.symtab	0x4169f0	184	FUNC	<unknown>	HIDDEN	3
_stdio_openlist	.symtab	0x432324	4	OBJECT	<unknown>	DEFAULT	12
_stdio_openlist_add_lock	.symtab	0x437210	12	OBJECT	<unknown>	DEFAULT	16
_stdio_openlist_dec_use	.symtab	0x417bb0	648	FUNC	<unknown>	HIDDEN	3
_stdio_openlist_del_count	.symtab	0x43722c	4	OBJECT	<unknown>	DEFAULT	16
_stdio_openlist_del_lock	.symtab	0x43721c	12	OBJECT	<unknown>	DEFAULT	16
_stdio_openlist_use_count	.symtab	0x437228	4	OBJECT	<unknown>	DEFAULT	16
_stdio_streams	.symtab	0x432328	204	OBJECT	<unknown>	DEFAULT	12
_stdio_term	.symtab	0x416aa8	416	FUNC	<unknown>	HIDDEN	3
_stdio_user_locking	.symtab	0x432300	4	OBJECT	<unknown>	DEFAULT	12
_stdlib_strto_l	.symtab	0x412f30	488	FUNC	<unknown>	HIDDEN	3
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x416e80	68	FUNC	<unknown>	HIDDEN	3
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x420720	2934	OBJECT	<unknown>	HIDDEN	5
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x416ed0	332	FUNC	<unknown>	HIDDEN	3
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x40e5e4	2204	FUNC	<unknown>	HIDDEN	3
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x4125d0	408	FUNC	<unknown>	DEFAULT	3
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x40dd40	60	FUNC	<unknown>	DEFAULT	3
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
acnc	.symtab	0x40625c	372	FUNC	<unknown>	DEFAULT	3
add_entry	.symtab	0x40c504	200	FUNC	<unknown>	DEFAULT	3
atoi	.symtab	0x412ef0	28	FUNC	<unknown>	DEFAULT	3
atol	.symtab	0x412ef0	28	FUNC	<unknown>	DEFAULT	3
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
axis_bp	.symtab	0x4320e0	4	OBJECT	<unknown>	DEFAULT	12
bcopy	.symtab	0x410330	32	FUNC	<unknown>	DEFAULT	3
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x436c80	4	OBJECT	<unknown>	DEFAULT	16
brk	.symtab	0x419790	80	FUNC	<unknown>	DEFAULT	3
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x410cf0	228	FUNC	<unknown>	DEFAULT	3
buf.6560	.symtab	0x436ab0	440	OBJECT	<unknown>	DEFAULT	16
bzero	.symtab	0x410350	28	FUNC	<unknown>	DEFAULT	3
bzero.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
c	.symtab	0x4320ec	4	OBJECT	<unknown>	DEFAULT	12
calloc	.symtab	0x4119d0	344	FUNC	<unknown>	DEFAULT	3
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x400340	268	FUNC	<unknown>	DEFAULT	3
checksum_tcp_udp	.symtab	0x40044c	572	FUNC	<unknown>	DEFAULT	3
checksum_tcpudp	.symtab	0x400688	572	FUNC	<unknown>	DEFAULT	3
clock	.symtab	0x40e2a0	108	FUNC	<unknown>	DEFAULT	3
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x4142fc	176	FUNC	<unknown>	DEFAULT	3
closedir	.symtab	0x4153d0	292	FUNC	<unknown>	DEFAULT	3
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closenameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.4786	.symtab	0x432a40	1	OBJECT	<unknown>	DEFAULT	16
connect	.symtab	0x4104cc	220	FUNC	<unknown>	DEFAULT	3
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x403054	828	FUNC	<unknown>	DEFAULT	3
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x4036d8	460	FUNC	<unknown>	DEFAULT	3
data_start	.symtab	0x4320c0	0	OBJECT	<unknown>	DEFAULT	12
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x40dd80	60	FUNC	<unknown>	DEFAULT	3
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x4371f4	4	OBJECT	<unknown>	DEFAULT	16
errno	.symtab	0x0	4	TLS	<unknown>	DEFAULT	7
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
estridx	.symtab	0x420690	126	OBJECT	<unknown>	DEFAULT	5
execl	.symtab	0x413210	196	FUNC	<unknown>	DEFAULT	3
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x4150c0	60	FUNC	<unknown>	DEFAULT	3
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x413120	240	FUNC	<unknown>	DEFAULT	3
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x421798	72	OBJECT	<unknown>	DEFAULT	5
fclose	.symtab	0x416030	804	FUNC	<unknown>	DEFAULT	3
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x40dbdc	268	FUNC	<unknown>	DEFAULT	3
fd_to_DIR	.symtab	0x415500	276	FUNC	<unknown>	DEFAULT	3
fdgets	.symtab	0x402634	292	FUNC	<unknown>	DEFAULT	3
fdopen_pids	.symtab	0x436a7c	4	OBJECT	<unknown>	DEFAULT	16
fdopendir	.symtab	0x415704	228	FUNC	<unknown>	DEFAULT	3
fdpclose	.symtab	0x4023b8	636	FUNC	<unknown>	DEFAULT	3
fdpopen	.symtab	0x401f4c	1132	FUNC	<unknown>	DEFAULT	3
fflush_unlocked	.symtab	0x417e38	940	FUNC	<unknown>	DEFAULT	3
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x4178f0	372	FUNC	<unknown>	DEFAULT	3
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x4181f0	388	FUNC	<unknown>	DEFAULT	3
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x417a70	320	FUNC	<unknown>	DEFAULT	3
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x418380	276	FUNC	<unknown>	DEFAULT	3
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
findRandIP	.symtab	0x40362c	172	FUNC	<unknown>	DEFAULT	3
fmt	.symtab	0x421780	20	OBJECT	<unknown>	DEFAULT	5
fopen	.symtab	0x416360	28	FUNC	<unknown>	DEFAULT	3
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x413930	988	FUNC	<unknown>	DEFAULT	3
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork_handler_pool	.symtab	0x436ca4	1348	OBJECT	<unknown>	DEFAULT	16
fputs_unlocked	.symtab	0x40f920	124	FUNC	<unknown>	DEFAULT	3
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x40023c	0	FUNC	<unknown>	DEFAULT	3
free	.symtab	0x4122dc	660	FUNC	<unknown>	DEFAULT	3
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x419c90	68	FUNC	<unknown>	DEFAULT	3
fseeko	.symtab	0x419c90	68	FUNC	<unknown>	DEFAULT	3
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x419ce0	500	FUNC	<unknown>	DEFAULT	3
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x419860	136	FUNC	<unknown>	DEFAULT	3
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x40f9a0	268	FUNC	<unknown>	DEFAULT	3
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBuild	.symtab	0x409f9c	32	FUNC	<unknown>	DEFAULT	3
getHost	.symtab	0x402a98	160	FUNC	<unknown>	DEFAULT	3
getOurIP	.symtab	0x409c1c	896	FUNC	<unknown>	DEFAULT	3
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc	.symtab	0x4178f0	372	FUNC	<unknown>	DEFAULT	3
getc_unlocked	.symtab	0x4181f0	388	FUNC	<unknown>	DEFAULT	3
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x40ddc0	72	FUNC	<unknown>	DEFAULT	3
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x415100	16	FUNC	<unknown>	DEFAULT	3
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x40de10	16	FUNC	<unknown>	DEFAULT	3
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x415110	16	FUNC	<unknown>	DEFAULT	3
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x410400	28	FUNC	<unknown>	DEFAULT	3
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2	.symtab	0x410420	104	FUNC	<unknown>	DEFAULT	3
gethostbyname2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2_r	.symtab	0x418f80	948	FUNC	<unknown>	DEFAULT	3
gethostbyname2_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x41c190	968	FUNC	<unknown>	DEFAULT	3
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostname	.symtab	0x41c5c0	192	FUNC	<unknown>	DEFAULT	3
gethostname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x415120	48	FUNC	<unknown>	DEFAULT	3
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x413f30	84	FUNC	<unknown>	DEFAULT	3
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x40de20	16	FUNC	<unknown>	DEFAULT	3
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x40de30	60	FUNC	<unknown>	DEFAULT	3
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x4105b0	60	FUNC	<unknown>	DEFAULT	3
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x4105f0	96	FUNC	<unknown>	DEFAULT	3
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x415150	16	FUNC	<unknown>	DEFAULT	3
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x4	4	TLS	<unknown>	DEFAULT	7
hacks	.symtab	0x4320d0	4	OBJECT	<unknown>	DEFAULT	12
hacks2	.symtab	0x4320d4	4	OBJECT	<unknown>	DEFAULT	12
hacks3	.symtab	0x4320d8	4	OBJECT	<unknown>	DEFAULT	12
hacks4	.symtab	0x4320dc	4	OBJECT	<unknown>	DEFAULT	12
hextable	.symtab	0x41deb4	1024	OBJECT	<unknown>	DEFAULT	5
hlt	.symtab	0x40032c	0	NOTYPE	<unknown>	DEFAULT	3
hoste.6559	.symtab	0x436c68	20	OBJECT	<unknown>	DEFAULT	16
htonl	.symtab	0x4103a0	8	FUNC	<unknown>	DEFAULT	3
htons	.symtab	0x4103a8	8	FUNC	<unknown>	DEFAULT	3
httphex	.symtab	0x40658c	1664	FUNC	<unknown>	DEFAULT	3
i.5014	.symtab	0x4320f0	4	OBJECT	<unknown>	DEFAULT	12
index	.symtab	0x40fc80	248	FUNC	<unknown>	DEFAULT	3
inet_addr	.symtab	0x4103b0	72	FUNC	<unknown>	DEFAULT	3
inet_aton	.symtab	0x418e80	244	FUNC	<unknown>	DEFAULT	3
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x41a9ec	852	FUNC	<unknown>	DEFAULT	3
inet_ntop4	.symtab	0x41a830	444	FUNC	<unknown>	DEFAULT	3
inet_pton	.symtab	0x41a578	696	FUNC	<unknown>	DEFAULT	3
inet_pton4	.symtab	0x41a490	232	FUNC	<unknown>	DEFAULT	3
initConnection	.symtab	0x409958	708	FUNC	<unknown>	DEFAULT	3
init_rand	.symtab	0x400b04	300	FUNC	<unknown>	DEFAULT	3
init_static_tls	.symtab	0x419340	84	FUNC	<unknown>	DEFAULT	3
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x4128ec	208	FUNC	<unknown>	DEFAULT	3
initstate_r	.symtab	0x412cac	300	FUNC	<unknown>	DEFAULT	3
ioctl	.symtab	0x40de70	248	FUNC	<unknown>	DEFAULT	3
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x418d90	60	FUNC	<unknown>	DEFAULT	3
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x40df70	56	FUNC	<unknown>	DEFAULT	3
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_status	.symtab	0x432a70	4	OBJECT	<unknown>	DEFAULT	16
last_id.6617	.symtab	0x432410	2	OBJECT	<unknown>	DEFAULT	12
last_ns_num.6616	.symtab	0x439780	4	OBJECT	<unknown>	DEFAULT	16
libc-cancellation.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc-lowlevellock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc-tls.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x403390	668	FUNC	<unknown>	DEFAULT	3
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x41c870	140	FUNC	<unknown>	DEFAULT	3
macAddress	.symtab	0x432a74	6	OBJECT	<unknown>	DEFAULT	16
main	.symtab	0x409fbc	3472	FUNC	<unknown>	DEFAULT	3
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
makeIPPacket	.symtab	0x403a00	312	FUNC	<unknown>	DEFAULT	3
makeRandomStr	.symtab	0x402bdc	268	FUNC	<unknown>	DEFAULT	3
makevsepacket	.symtab	0x405744	348	FUNC	<unknown>	DEFAULT	3
malloc	.symtab	0x410efc	2764	FUNC	<unknown>	DEFAULT	3
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x412570	84	FUNC	<unknown>	DEFAULT	3
memchr	.symtab	0x4184a0	260	FUNC	<unknown>	DEFAULT	3
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x40fab0	308	FUNC	<unknown>	DEFAULT	3
memmove	.symtab	0x4185b0	824	FUNC	<unknown>	DEFAULT	3
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x41a380	76	FUNC	<unknown>	DEFAULT	3
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x4188f0	260	FUNC	<unknown>	DEFAULT	3
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x40fbf0	144	FUNC	<unknown>	DEFAULT	3
mmap	.symtab	0x414fa0	112	FUNC	<unknown>	DEFAULT	3
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mremap	.symtab	0x415160	96	FUNC	<unknown>	DEFAULT	3
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x4151c0	60	FUNC	<unknown>	DEFAULT	3
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x4321f0	24	OBJECT	<unknown>	DEFAULT	12
mylock	.symtab	0x432210	24	OBJECT	<unknown>	DEFAULT	12
nanosleep	.symtab	0x41523c	200	FUNC	<unknown>	DEFAULT	3
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1303	.symtab	0x436aa0	4	OBJECT	<unknown>	DEFAULT	16
ngPid	.symtab	0x4329e4	4	OBJECT	<unknown>	DEFAULT	15
nprocessors_onln	.symtab	0x4132e0	508	FUNC	<unknown>	DEFAULT	3
ntohl	.symtab	0x410390	8	FUNC	<unknown>	DEFAULT	3
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x410398	8	FUNC	<unknown>	DEFAULT	3
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x432a68	8	OBJECT	<unknown>	DEFAULT	16
object.4798	.symtab	0x432a44	24	OBJECT	<unknown>	DEFAULT	16
open	.symtab	0x4143ec	192	FUNC	<unknown>	DEFAULT	3
opendir	.symtab	0x415614	240	FUNC	<unknown>	DEFAULT	3
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x4329e0	4	OBJECT	<unknown>	DEFAULT	15
p.4784	.symtab	0x4320b0	0	OBJECT	<unknown>	DEFAULT	12
parseHex	.symtab	0x402758	176	FUNC	<unknown>	DEFAULT	3
parse_config.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pids	.symtab	0x4329ec	4	OBJECT	<unknown>	DEFAULT	15
pipe	.symtab	0x40dad0	64	FUNC	<unknown>	DEFAULT	3
poll	.symtab	0x41c6bc	220	FUNC	<unknown>	DEFAULT	3
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x40dfb0	96	FUNC	<unknown>	DEFAULT	3
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.6318	.symtab	0x4205e0	12	OBJECT	<unknown>	DEFAULT	5
print	.symtab	0x401750	1460	FUNC	<unknown>	DEFAULT	3
printchar	.symtab	0x4011c0	184	FUNC	<unknown>	DEFAULT	3
printi	.symtab	0x4014b4	668	FUNC	<unknown>	DEFAULT	3
prints	.symtab	0x401278	572	FUNC	<unknown>	DEFAULT	3
processCmd	.symtab	0x406c0c	11596	FUNC	<unknown>	DEFAULT	3
program_invocation_name	.symtab	0x4322f8	4	OBJECT	<unknown>	DEFAULT	12
program_invocation_short_name	.symtab	0x4322f4	4	OBJECT	<unknown>	DEFAULT	12
qual_chars.6326	.symtab	0x420600	20	OBJECT	<unknown>	DEFAULT	5
raise	.symtab	0x413f90	264	FUNC	<unknown>	DEFAULT	3
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x412770	28	FUNC	<unknown>	DEFAULT	3
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand__str	.symtab	0x40af6c	348	FUNC	<unknown>	DEFAULT	3
rand_alpha_str	.symtab	0x40b0c8	300	FUNC	<unknown>	DEFAULT	3
rand_alphastr	.symtab	0x400ff0	464	FUNC	<unknown>	DEFAULT	3
rand_cmwc	.symtab	0x400e1c	468	FUNC	<unknown>	DEFAULT	3
rand_init	.symtab	0x40ad50	248	FUNC	<unknown>	DEFAULT	3
rand_next	.symtab	0x40ae48	292	FUNC	<unknown>	DEFAULT	3
random	.symtab	0x412790	164	FUNC	<unknown>	DEFAULT	3
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x4212a0	40	OBJECT	<unknown>	DEFAULT	5
random_r	.symtab	0x412a70	172	FUNC	<unknown>	DEFAULT	3
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x432228	128	OBJECT	<unknown>	DEFAULT	12
rawmemchr	.symtab	0x41a3d0	192	FUNC	<unknown>	DEFAULT	3
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x4145ec	192	FUNC	<unknown>	DEFAULT	3
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir64	.symtab	0x4157f0	272	FUNC	<unknown>	DEFAULT	3
readdir64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x411b30	1152	FUNC	<unknown>	DEFAULT	3
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x41068c	240	FUNC	<unknown>	DEFAULT	3
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x402ce8	876	FUNC	<unknown>	DEFAULT	3
recvfrom	.symtab	0x4107f0	280	FUNC	<unknown>	DEFAULT	3
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
register-atfork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_conf_mtime.6599	.symtab	0x4397a8	4	OBJECT	<unknown>	DEFAULT	16
resolv_domain_to_hostname	.symtab	0x40b200	360	FUNC	<unknown>	DEFAULT	3
resolv_entries_free	.symtab	0x40be94	164	FUNC	<unknown>	DEFAULT	3
resolv_lookup	.symtab	0x40b4ac	2536	FUNC	<unknown>	DEFAULT	3
resolv_skip_name	.symtab	0x40b368	324	FUNC	<unknown>	DEFAULT	3
rindex	.symtab	0x418b90	160	FUNC	<unknown>	DEFAULT	3
rtcp	.symtab	0x404da0	1740	FUNC	<unknown>	DEFAULT	3
sbrk	.symtab	0x415310	164	FUNC	<unknown>	DEFAULT	3
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x4329e8	4	OBJECT	<unknown>	DEFAULT	15
select	.symtab	0x40e070	260	FUNC	<unknown>	DEFAULT	3
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x41094c	240	FUNC	<unknown>	DEFAULT	3
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendSTD	.symtab	0x40546c	728	FUNC	<unknown>	DEFAULT	3
sendto	.symtab	0x410ab0	280	FUNC	<unknown>	DEFAULT	3
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setjmp_aux.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x410bd0	96	FUNC	<unknown>	DEFAULT	3
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x412834	184	FUNC	<unknown>	DEFAULT	3
setstate_r	.symtab	0x412dd8	272	FUNC	<unknown>	DEFAULT	3
sigaction	.symtab	0x415010	28	FUNC	<unknown>	DEFAULT	3
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x410c70	76	FUNC	<unknown>	DEFAULT	3
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x410cc0	36	FUNC	<unknown>	DEFAULT	3
sigjmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x410cf0	228	FUNC	<unknown>	DEFAULT	3
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x40e180	176	FUNC	<unknown>	DEFAULT	3
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
skip_and_NUL_space	.symtab	0x41b968	104	FUNC	<unknown>	DEFAULT	3
skip_nospace	.symtab	0x41b900	104	FUNC	<unknown>	DEFAULT	3
sleep	.symtab	0x4140a0	404	FUNC	<unknown>	DEFAULT	3
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x410c30	60	FUNC	<unknown>	DEFAULT	3
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x4063d0	444	FUNC	<unknown>	DEFAULT	3
sockprintf	.symtab	0x401df4	344	FUNC	<unknown>	DEFAULT	3
spec_and_mask.6325	.symtab	0x420614	16	OBJECT	<unknown>	DEFAULT	5
spec_base.6317	.symtab	0x4205ec	7	OBJECT	<unknown>	DEFAULT	5
spec_chars.6322	.symtab	0x420670	21	OBJECT	<unknown>	DEFAULT	5
spec_flags.6321	.symtab	0x420688	8	OBJECT	<unknown>	DEFAULT	5
spec_or_mask.6324	.symtab	0x420624	16	OBJECT	<unknown>	DEFAULT	5
spec_ranges.6323	.symtab	0x420634	9	OBJECT	<unknown>	DEFAULT	5
sprintf	.symtab	0x40e310	80	FUNC	<unknown>	DEFAULT	3
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x4129bc	172	FUNC	<unknown>	DEFAULT	3
srandom	.symtab	0x4129bc	172	FUNC	<unknown>	DEFAULT	3
srandom_r	.symtab	0x412b1c	400	FUNC	<unknown>	DEFAULT	3
stat	.symtab	0x41c7a0	136	FUNC	<unknown>	DEFAULT	3
stat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
static_dtv	.symtab	0x439230	512	OBJECT	<unknown>	DEFAULT	16
static_map	.symtab	0x439738	52	OBJECT	<unknown>	DEFAULT	16
static_slotinfo	.symtab	0x439430	776	OBJECT	<unknown>	DEFAULT	16
stderr	.symtab	0x432318	4	OBJECT	<unknown>	DEFAULT	12
stdin	.symtab	0x432310	4	OBJECT	<unknown>	DEFAULT	12
stdout	.symtab	0x432314	4	OBJECT	<unknown>	DEFAULT	12
strcasecmp	.symtab	0x41cf40	108	FUNC	<unknown>	DEFAULT	3
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x40fc80	248	FUNC	<unknown>	DEFAULT	3
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchrnul	.symtab	0x418a00	248	FUNC	<unknown>	DEFAULT	3
strchrnul.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x40fd80	44	FUNC	<unknown>	DEFAULT	3
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcoll	.symtab	0x40fd80	44	FUNC	<unknown>	DEFAULT	3
strcpy	.symtab	0x40fdb0	36	FUNC	<unknown>	DEFAULT	3
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcspn	.symtab	0x418b00	144	FUNC	<unknown>	DEFAULT	3
strcspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strdup	.symtab	0x41c900	140	FUNC	<unknown>	DEFAULT	3
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x4101b0	380	FUNC	<unknown>	DEFAULT	3
strlen	.symtab	0x40fde0	184	FUNC	<unknown>	DEFAULT	3
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x40fea0	188	FUNC	<unknown>	DEFAULT	3
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x40ff60	248	FUNC	<unknown>	DEFAULT	3
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x418d50	64	FUNC	<unknown>	DEFAULT	3
strpbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strrchr	.symtab	0x418b90	160	FUNC	<unknown>	DEFAULT	3
strrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x418c30	72	FUNC	<unknown>	DEFAULT	3
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x410060	256	FUNC	<unknown>	DEFAULT	3
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok	.symtab	0x410370	32	FUNC	<unknown>	DEFAULT	3
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x418c80	208	FUNC	<unknown>	DEFAULT	3
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x412f10	28	FUNC	<unknown>	DEFAULT	3
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sysconf	.symtab	0x4134dc	792	FUNC	<unknown>	DEFAULT	3
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
szprintf	.symtab	0x401d7c	120	FUNC	<unknown>	DEFAULT	3
table	.symtab	0x4397b0	232	OBJECT	<unknown>	DEFAULT	16
table.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table_init	.symtab	0x40bf40	1068	FUNC	<unknown>	DEFAULT	3
table_key	.symtab	0x432190	4	OBJECT	<unknown>	DEFAULT	12
table_lock_val	.symtab	0x40c3f0	132	FUNC	<unknown>	DEFAULT	3
table_retrieve_val	.symtab	0x40c474	144	FUNC	<unknown>	DEFAULT	3
table_unlock_val	.symtab	0x40c36c	132	FUNC	<unknown>	DEFAULT	3
tcgetattr	.symtab	0x418dd0	176	FUNC	<unknown>	DEFAULT	3
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpFl00d	.symtab	0x40448c	2324	FUNC	<unknown>	DEFAULT	3
tcpcsum	.symtab	0x4038a4	348	FUNC	<unknown>	DEFAULT	3
time	.symtab	0x40e230	16	FUNC	<unknown>	DEFAULT	3
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
times	.symtab	0x4153c0	16	FUNC	<unknown>	DEFAULT	3
times.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toggle_obf	.symtab	0x40c5cc	552	FUNC	<unknown>	DEFAULT	3
toupper	.symtab	0x40e240	60	FUNC	<unknown>	DEFAULT	3
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x400c30	492	FUNC	<unknown>	DEFAULT	3
type_codes	.symtab	0x420640	24	OBJECT	<unknown>	DEFAULT	5
type_sizes	.symtab	0x420658	12	OBJECT	<unknown>	DEFAULT	5
udpfl00d	.symtab	0x403b38	2388	FUNC	<unknown>	DEFAULT	3
uname	.symtab	0x41c830	60	FUNC	<unknown>	DEFAULT	3
uname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
unknown.1327	.symtab	0x420710	14	OBJECT	<unknown>	DEFAULT	5
unsafe_state	.symtab	0x4322b0	20	OBJECT	<unknown>	DEFAULT	12
uppercase	.symtab	0x402b38	164	FUNC	<unknown>	DEFAULT	3
userID	.symtab	0x4320e8	4	OBJECT	<unknown>	DEFAULT	12
usleep	.symtab	0x413800	144	FUNC	<unknown>	DEFAULT	3
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_atoi	.symtab	0x40cd24	968	FUNC	<unknown>	DEFAULT	3
util_fdgets	.symtab	0x40d7ac	324	FUNC	<unknown>	DEFAULT	3
util_isalpha	.symtab	0x40d958	144	FUNC	<unknown>	DEFAULT	3
util_isdigit	.symtab	0x40da68	104	FUNC	<unknown>	DEFAULT	3
util_isspace	.symtab	0x40d9e8	128	FUNC	<unknown>	DEFAULT	3
util_isupper	.symtab	0x40d8f0	104	FUNC	<unknown>	DEFAULT	3
util_itoa	.symtab	0x40d0ec	572	FUNC	<unknown>	DEFAULT	3
util_local_addr	.symtab	0x40d658	340	FUNC	<unknown>	DEFAULT	3
util_memcpy	.symtab	0x40cc08	164	FUNC	<unknown>	DEFAULT	3
util_memsearch	.symtab	0x40d328	292	FUNC	<unknown>	DEFAULT	3
util_strcat	.symtab	0x40cb60	168	FUNC	<unknown>	DEFAULT	3
util_strcmp	.symtab	0x40c9b4	288	FUNC	<unknown>	DEFAULT	3
util_strcpy	.symtab	0x40cad4	140	FUNC	<unknown>	DEFAULT	3
util_stristr	.symtab	0x40d44c	524	FUNC	<unknown>	DEFAULT	3
util_strlen	.symtab	0x40c800	116	FUNC	<unknown>	DEFAULT	3
util_strncmp	.symtab	0x40c874	320	FUNC	<unknown>	DEFAULT	3
util_zero	.symtab	0x40ccac	120	FUNC	<unknown>	DEFAULT	3
vfork	.symtab	0x413890	152	FUNC	<unknown>	DEFAULT	3
vseattack	.symtab	0x4058a0	2492	FUNC	<unknown>	DEFAULT	3
vsnprintf	.symtab	0x40e360	248	FUNC	<unknown>	DEFAULT	3
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x436a8c	4	OBJECT	<unknown>	DEFAULT	16
waitpid	.symtab	0x4146ec	192	FUNC	<unknown>	DEFAULT	3
watchdog_maintain	.symtab	0x4008d0	564	FUNC	<unknown>	DEFAULT	3
watchdog_pid	.symtab	0x432a64	4	OBJECT	<unknown>	DEFAULT	16
wcrtomb	.symtab	0x415ec0	108	FUNC	<unknown>	DEFAULT	3
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x415f70	192	FUNC	<unknown>	DEFAULT	3
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x415f30	64	FUNC	<unknown>	DEFAULT	3
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wildString	.symtab	0x402808	656	FUNC	<unknown>	DEFAULT	3
write	.symtab	0x4144ec	192	FUNC	<unknown>	DEFAULT	3
x	.symtab	0x436a80	4	OBJECT	<unknown>	DEFAULT	16
xdigits.4935	.symtab	0x421854	17	OBJECT	<unknown>	DEFAULT	5
xstatconv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
y	.symtab	0x436a84	4	OBJECT	<unknown>	DEFAULT	16
z	.symtab	0x436a88	4	OBJECT	<unknown>	DEFAULT	16
zprintf	.symtab	0x401d04	120	FUNC	<unknown>	DEFAULT	3

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 08:27:49.797162056 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:27:49.818906069 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:27:49.819015026 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:27:50.803574085 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:27:50.827131033 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:27:50.827250957 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:27:50.827851057 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:27:50.841274023 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:27:52.627274036 CEST	42836	443	192.168.2.23	91.189.91.43
May 24, 2024 08:27:53.395154953 CEST	42516	80	192.168.2.23	109.202.202.202
May 24, 2024 08:27:54.020132065 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:27:54.020443916 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:27:54.150187969 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:27:54.150510073 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:28:07.473301888 CEST	43928	443	192.168.2.23	91.189.91.42
May 24, 2024 08:28:19.759386063 CEST	42836	443	192.168.2.23	91.189.91.43
May 24, 2024 08:28:23.854839087 CEST	42516	80	192.168.2.23	109.202.202.202
May 24, 2024 08:28:48.427495003 CEST	43928	443	192.168.2.23	91.189.91.42
May 24, 2024 08:28:54.024022102 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:28:54.024240971 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:28:54.143893003 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:28:54.144226074 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:29:54.038554907 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:29:54.038697958 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:29:54.149362087 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:29:54.149472952 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:30:54.072501898 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:30:54.072626114 CEST	47256	666	192.168.2.23	64.23.184.217
May 24, 2024 08:30:54.164729118 CEST	666	47256	64.23.184.217	192.168.2.23
May 24, 2024 08:30:54.164858103 CEST	47256	666	192.168.2.23	64.23.184.217

System Behavior

Analysis Process: dash PID: 6199, Parent PID: 4331

General

Start time (UTC):	06:27:36
Start date (UTC):	24/05/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6199, Parent PID: 4331

General

Start time (UTC):	06:27:36
Start date (UTC):	24/05/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.rvUodmgBFz /tmp/tmp.kbcm3CnpXc /tmp/tmp.ntMrqaC4IJ
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6200, Parent PID: 4331

General

Start time (UTC):	06:27:36
Start date (UTC):	24/05/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6200, Parent PID: 4331

General

Start time (UTC):	06:27:36
Start date (UTC):	24/05/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.rvUodmgBFz /tmp/tmp.kbcm3CnpXc /tmp/tmp.ntMrqaC4IJ
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: mzdWUcvUU2.elf PID: 6213, Parent PID: 6126

General

Start time (UTC):	06:27:48
Start date (UTC):	24/05/2024
Path:	/tmp/mzdWUcvUU2.elf
Arguments:	/tmp/mzdWUcvUU2.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mzdWUcvUU2.elf PID: 6215, Parent PID: 6213

General

Start time (UTC):	06:27:49
Start date (UTC):	24/05/2024
Path:	/tmp/mzdWUcvUU2.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mzdWUcvUU2.elf PID: 6217, Parent PID: 6213

General

Start time (UTC):	06:27:49
Start date (UTC):	24/05/2024
Path:	/tmp/mzdWUcvUU2.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mzdWUcvUU2.elf PID: 6219, Parent PID: 6217

General

Start time (UTC):	06:27:49
Start date (UTC):	24/05/2024
Path:	/tmp/mzdWUcvUU2.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net .
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report mzdWUcvUU2.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/qemu-open.veEX00 (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: dash PID: 6199, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6199, Parent PID: 4331

General

Chronological Activities

Analysis Process: dash PID: 6200, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6200, Parent PID: 4331

General

Chronological Activities

Analysis Process: mzdWUcvUU2.elf PID: 6213, Parent PID: 6126

General

Chronological Activities

Analysis Process: mzdWUcvUU2.elf PID: 6215, Parent PID: 6213

General

Chronological Activities

Linux Analysis Report
mzdWUcvUU2.elf