Edit tour

Linux Analysis Report
systemd-udevd (deleted)

Overview

General Information

Sample name:	systemd-udevd (deleted)
Analysis ID:	1490729
MD5:	079a2a9ca1da0f3e023de3ae04e5d3e4
SHA1:	1d8a7ee1266731a84e7031d1bee446c8815acce6
SHA256:	22615e5bf518c4236c94af82b5689cd519eccd99eaf55e90aba45b5836b4fc36
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Drops files in suspicious directories

Machine Learning detection for sample

Sample deletes itself

Sample is packed with UPX

Sample tries to set files in /etc globally writable

Creates hidden files and/or directories

ELF contains segments with high entropy indicating compressed/encrypted content

Reads CPU information from /proc indicative of miner or evasive malware

Reads system information from the proc file system

Sample contains only a LOAD segment without any section mappings

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Sleeps for long times indicative of sandbox evasion

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1490729
Start date and time:	2024-08-09 18:41:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Run name:	Potential for more IOCs and behavior
Analysis Mode:	default
Sample name:	systemd-udevd (deleted)
Detection:	MAL
Classification:	mal76.troj.evad.lin@0/52@4/0

Warnings

VT rate limit hit for: systemd-udevd (deleted)

Runtime Messages

Command:	/tmp/systemd-udevd (deleted)
PID:	6218
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

systemd-udevd (deleted) (PID: 6218, Parent: 6133, MD5: 079a2a9ca1da0f3e023de3ae04e5d3e4) Arguments: "/tmp/systemd-udevd (deleted)"

systemd-udevd (deleted) New Fork (PID: 6219, Parent: 6218)

systemd-udevd (deleted) New Fork (PID: 6220, Parent: 6219)

systemd-udevd (deleted) New Fork (PID: 6250, Parent: 6220)

systemd-udevd (deleted) New Fork (PID: 6221, Parent: 6219)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: systemd-udevd (deleted)

Avira: detected

Multi AV Scanner detection for submitted file

Source: systemd-udevd (deleted)

ReversingLabs: Detection: 65%

Machine Learning detection for sample

Source: systemd-udevd (deleted)

Joe Sandbox ML: detected

Source: /tmp/systemd-udevd (deleted) (PID: 6220)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comProxy-Connection: keep-aliveAccept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: BAIDUID=A45556CHKNDKNSDBDNData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Source: global traffic

DNS traffic detected: DNS query: os.bd-static.com

Source: kerneloops.15.dr	String found in binary or memory: http://oops.kernel.org
Source: systemd-udevd (deleted)	String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59740
Source: unknown	Network traffic detected: HTTP traffic on port 59744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59742
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: LOAD without section mappings

Program segment: 0xc01000

Source: /tmp/systemd-udevd (deleted) (PID: 6220)

SIGKILL sent: pid: 6250, result: successful

Jump to behavior

Source: classification engine

Classification label: mal76.troj.evad.lin@0/52@4/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

Sample tries to set files in /etc globally writable

Source: /tmp/systemd-udevd (deleted) (PID: 6221)

File: /etc/selinux/configs.conf (bits: u usr: -x grp: x all: rwx)

Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Directory: /etc/init.d/.	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Directory: /etc/init.d/..	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Directory: /etc/init.d/.	Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Directory: /etc/init.d/..	Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 6220)	Reads from proc file: /proc/cpuinfo			Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 6220)	Reads from proc file: /proc/meminfo			Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/selinux/configs.conf (bits: u usr: -x grp: x all: rwx)			Jump to behavior
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /usr/local/share/man/man1/configs.conf (bits: u usr: -x grp: x all: rwx)			Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/pulseaudio-enable-autospawn	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/speech-dispatcher	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/udev	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/saned	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/procps	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/kerneloops	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/network-manager	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/grub-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/atd	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/pppd-dns	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/cron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apport	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Writes shell script file to disk with an unusual file extension: /etc/init.d/apparmor	Jump to dropped file

Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Shell script file created: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Shell script file created: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	Shell script file created: /etc/init.d/hwclock.sh	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/multipath-tools	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/cups	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/ufw	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/iscsid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/keyboard-setup.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/anacron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/binfmt-support	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/cups-browsed	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/uuidd	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/bluetooth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/unattended-upgrades	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/pulseaudio-enable-autospawn	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/gdm3	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/lm-sensors	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/cryptdisks	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/ssh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/speech-dispatcher	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/open-iscsi	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/rsyslog	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/cryptdisks-early	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/lvm2	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/udev	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/plymouth-log	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/kmod	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/console-setup.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/hwclock.sh	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/avahi-daemon	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/mono-xsp4	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/irqbalance	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/acpid	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/alsa-utils	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/open-vm-tools	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/plymouth	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/saned	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/lvm2-lvmpolld	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/procps	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/lightdm	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/kerneloops	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/network-manager	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/grub-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/rsync	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/spice-vdagent	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/atd	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/screen-cleanup	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/x11-common	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/pppd-dns	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/cron	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/dbus	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/apport	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/hddtemp	Jump to dropped file
Source: /tmp/systemd-udevd (deleted) (PID: 6221)	File: /etc/init.d/apparmor	Jump to dropped file

Sample deletes itself

Source: /tmp/systemd-udevd (deleted) (PID: 6218)

File: /tmp/systemd-udevd (deleted)

Jump to behavior

Source: systemd-udevd (deleted)

Submission file: segment LOAD with 7.8939 entropy (max. 8.0)

Source: /tmp/systemd-udevd (deleted) (PID: 6220)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 6220)

Sleeps longer then 60s: 120.0s

Jump to behavior

Source: /tmp/systemd-udevd (deleted) (PID: 6220)

Queries kernel information via 'uname':

Jump to behavior

Source: open-vm-tools.15.dr	Binary or memory string: # Check if we're running inside VMWare
Source: open-vm-tools.15.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1
Source: open-vm-tools.15.dr	Binary or memory string: if ! ${checktool} \| grep -iq vmware; then
Source: open-vm-tools.15.dr	Binary or memory string: rm -f /var/run/vmtoolsd.pid
Source: open-vm-tools.15.dr	Binary or memory string: checktool='vmware-checkvm'
Source: open-vm-tools.15.dr	Binary or memory string: start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
Source: open-vm-tools.15.dr	Binary or memory string: log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
Source: open-vm-tools.15.dr	Binary or memory string: echo "open-vm-tools: not starting as this is not a VMware VM"
Source: open-vm-tools.15.dr	Binary or memory string: start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid \|\| exit 2
Source: open-vm-tools.15.dr	Binary or memory string: log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
Source: open-vm-tools.15.dr	Binary or memory string: status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 \|\| exit $?

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File and Directory Permissions Modification	Security Account Manager	2 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Hidden Files and Directories	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
systemd-udevd (deleted)	66%	ReversingLabs	Linux.Packed.DDOSAgent
systemd-udevd (deleted)	100%	Avira	LINUX/AVI.DDOSAgent.oqcof
systemd-udevd (deleted)	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
/etc/init.d/acpid	0%	ReversingLabs
/etc/init.d/alsa-utils	0%	ReversingLabs
/etc/init.d/anacron	0%	ReversingLabs
/etc/init.d/apparmor	0%	ReversingLabs
/etc/init.d/avahi-daemon	0%	ReversingLabs
/etc/init.d/bluetooth	0%	ReversingLabs
/etc/init.d/console-setup.sh	0%	ReversingLabs
/etc/init.d/cryptdisks	0%	ReversingLabs
/etc/init.d/cryptdisks-early	0%	ReversingLabs
/etc/init.d/cups	0%	ReversingLabs
/etc/init.d/cups-browsed	0%	ReversingLabs
/etc/init.d/dbus	0%	ReversingLabs
/etc/init.d/grub-common	0%	ReversingLabs
/etc/init.d/irqbalance	0%	ReversingLabs
/etc/init.d/iscsid	0%	ReversingLabs
/etc/init.d/keyboard-setup.sh	0%	ReversingLabs
/etc/init.d/kmod	0%	ReversingLabs
/etc/init.d/lvm2	0%	ReversingLabs
/etc/init.d/lvm2-lvmpolld	0%	ReversingLabs
/etc/init.d/open-vm-tools	0%	ReversingLabs
/etc/init.d/pulseaudio-enable-autospawn	0%	ReversingLabs
/etc/init.d/rsync	0%	ReversingLabs
/etc/init.d/screen-cleanup	3%	ReversingLabs
/etc/init.d/speech-dispatcher	0%	ReversingLabs
/etc/init.d/spice-vdagent	0%	ReversingLabs
/etc/init.d/ufw	0%	ReversingLabs
/etc/init.d/unattended-upgrades	0%	ReversingLabs
/etc/init.d/uuidd	0%	ReversingLabs

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://upx.sf.net	0%	URL Reputation	safe
http://oops.kernel.org	0%	Avira URL Cloud	safe
https://www.baidu.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
os.bd-static.com	45.148.120.142	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.baidu.com/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	systemd-udevd (deleted)	true	URL Reputation: safe	unknown
http://oops.kernel.org	kerneloops.15.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
45.148.120.142	os.bd-static.com	Netherlands	64425	SKB-ENTERPRISENL	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
45.148.120.142	configs.conf	Get hash	malicious	Unknown	Browse	www.baidu.com/
45.148.120.142	configs.conf	Get hash	malicious	Unknown	Browse	www.baidu.com/
91.189.91.43	configs.conf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.27719.26196.elf	Get hash	malicious	Unknown	Browse
	lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx.elf	Get hash	malicious	Unknown	Browse
	6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb.elf	Get hash	malicious	Unknown	Browse
	ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI.elf	Get hash	malicious	Unknown	Browse
	jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs.elf	Get hash	malicious	Unknown	Browse
	mirai.armv4l.elf	Get hash	malicious	Mirai	Browse
	earm	Get hash	malicious	Unknown	Browse
	vlxx.ppc.elf	Get hash	malicious	Mirai, Okiru	Browse
	vlxx.mips.elf	Get hash	malicious	Mirai, Okiru	Browse
91.189.91.42	configs.conf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.27719.26196.elf	Get hash	malicious	Unknown	Browse
	lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx.elf	Get hash	malicious	Unknown	Browse
	6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb.elf	Get hash	malicious	Unknown	Browse
	ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI.elf	Get hash	malicious	Unknown	Browse
	jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs.elf	Get hash	malicious	Unknown	Browse
	mirai.armv4l.elf	Get hash	malicious	Mirai	Browse
	earm	Get hash	malicious	Unknown	Browse
	vlxx.ppc.elf	Get hash	malicious	Mirai, Okiru	Browse
	vlxx.mips.elf	Get hash	malicious	Mirai, Okiru	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
os.bd-static.com	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	carved.elf	Get hash	malicious	Unknown	Browse	180.188.198.244
	zf	Get hash	malicious	Unknown	Browse	180.188.198.244
	test	Get hash	malicious	Unknown	Browse	180.188.198.244

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	configs.conf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.27719.26196.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mirai.armv4l.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	earm	Get hash	malicious	Unknown	Browse	91.189.91.42
CANONICAL-ASGB	configs.conf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.27719.26196.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mirai.armv4l.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	earm	Get hash	malicious	Unknown	Browse	91.189.91.42
INIT7CH	configs.conf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.9999.27719.26196.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	mirai.armv4l.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	earm	Get hash	malicious	Unknown	Browse	109.202.202.202
	vlxx.ppc.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	vlxx.mips.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
SKB-ENTERPRISENL	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	configs.conf	Get hash	malicious	Unknown	Browse	45.148.120.142
	Inquiry HA-22-28199 22-Q22024.doc	Get hash	malicious	FormBook	Browse	45.148.122.66
	Inquiry HA-22-28199 22-Q22024.doc	Get hash	malicious	FormBook	Browse	45.148.122.66
	Silverlining	Get hash	malicious	Sliver	Browse	45.148.120.192
	Demand Q2-2024.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151
	DomandaXB2-2024.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151
	POX17265XSCB.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151
	POX17265XSCB.xlsx	Get hash	malicious	Unknown	Browse	5.182.211.151

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/init.d/acpid	configs.conf	Get hash	malicious	Unknown	Browse
	long.elf	Get hash	malicious	Unknown	Browse
	zf	Get hash	malicious	Unknown	Browse
	test	Get hash	malicious	Unknown	Browse
/etc/init.d/anacron	configs.conf	Get hash	malicious	Unknown	Browse
	long.elf	Get hash	malicious	Unknown	Browse
	zf	Get hash	malicious	Unknown	Browse
	test	Get hash	malicious	Unknown	Browse
/etc/init.d/alsa-utils	configs.conf	Get hash	malicious	Unknown	Browse
	long.elf	Get hash	malicious	Unknown	Browse
	zf	Get hash	malicious	Unknown	Browse
	test	Get hash	malicious	Unknown	Browse

Created / dropped Files

/etc/init.d/acpid

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2308
Entropy (8bit):	5.100819714957812
Encrypted:	false
SSDEEP:	48:UQtdVEA2+3MPMiOqdxAvGbsbcq1himLHLHmvgjWb:ZtdVEA2+3MPieZQbcq1Q4Hrmvd
MD5:	574C70C0AE4A136FFDE42CA2CCF99387
SHA1:	359FDA28CF33D34F5CA5F9D6B6D96E080E884BD1
SHA-256:	E0E29C105CEBB90E5C9E2657D310254C820677221B375C71E89BC9B3E424F4E4
SHA-512:	2FE467BB843C68332C64C2C8A695F9D5559F0641FE9F9D232B2F864B9CAF502371F8101351D981DCAC5417AD0A8E94ECE24B9C1C45FB8F941C4F654A90D989BE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: configs.conf, Detection: malicious, Browse Filename: long.elf, Detection: malicious, Browse Filename: zf, Detection: malicious, Browse Filename: test, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: acpid.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# X-Start-Before: kdm gdm3 xdm lightdm.# X-Stop-After: kdm gdm3 xdm lightdm.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: Start the Advanced Configuration and Power Interface daemon.# Description: Provide a socket for X11, hald and others to multiplex.# kernel ACPI events..### END INIT INFO..set -e..ACPID="/usr/sbin/acpid".DEFAULTS="/etc/default/acpid"..# Check for daemon presence.[ -x "$ACPID" ] \|\| exit 0..OPTIONS="".MODULES="".# Include acpid defaults if available.[ -r "$DEFAULTS" ] && . "$DEFAULTS"..# Get lsb functions.. /lib/lsb/init-functions..# As the name says. If the kernel supports modules, it'll try to load.# the ones listed in "MODULES"..load_modules() {. [ -f /proc/modules ] \|\| return 0. if [ "$MODULES" = "all" ]; then. MODULES="$

/etc/init.d/alsa-utils

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	5613
Entropy (8bit):	5.411584794544131
Encrypted:	false
SSDEEP:	96:OKtDd9/iVDaLEkE9nwcmFRzF+r817TypDyhHk5eEkn:OCdlM6EkUnreRB+r81XyByZkg
MD5:	98A52C39DFB5905135B4055893E2C225
SHA1:	717047D818D0B4A6810932D663766ED376D87783
SHA-256:	E476291811DDBE00B4211A13D9D33AEF37F159878B0181B0A7F289A033D305AF
SHA-512:	6BF5609078F58029D0C2976B6B29153CD9FE6DC1225232BE139B12D016BF47A38FC486E2C87C955E253F166C3FBFAD0743BA09749A13014C1AEF869698F9C94C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: configs.conf, Detection: malicious, Browse Filename: long.elf, Detection: malicious, Browse Filename: zf, Detection: malicious, Browse Filename: test, Detection: malicious, Browse
Reputation:	low
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# alsa-utils initscript.#.### BEGIN INIT INFO.# Provides: alsa-utils.# Required-Start: $local_fs $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Restore and store ALSA driver settings.# Description: This script stores and restores mixer levels on.# shutdown and bootup.On sysv-rc systems: to.# disable storing of mixer levels on shutdown,.# remove /etc/rc[06].d/K50alsa-utils. To disable.# restoring of mixer levels on bootup, rename the.# "S50alsa-utils" symbolic link in /etc/rcS.d/ to.# "K50alsa-utils"..### END INIT INFO..# Don't use set -e; check exit status instead..# Exit silently if package is no longer installed.[ -x /usr/sbin/alsactl ] \|\| exit 0..PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.MYNAME=/etc/init.d/alsa-u

/etc/init.d/anacron

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2094
Entropy (8bit):	4.745462012998011
Encrypted:	false
SSDEEP:	24:ajpGF8WzzU+LuN5K6YqfON5i1CPehecMZR11s+M8k93ILlf6W6910kF4T0Ox:WQRzgTNNOHi1eqrMZR1vX5fXKX008
MD5:	FDE7C25CED648A8BEDAD6928BDC2102C
SHA1:	726CD594A8C05CA76105720B092CA24479EDA4DB
SHA-256:	DD10E2EACDAC2BB2BCCC751571563C82B2118B8F43CCB54D00FC635C7BC2EDDA
SHA-512:	3D9021E80DC415962D825089E79AFD8253A091578C30B5F0DFF4CD660621624AD304D18870EA7EC68D601B79BD4473EA43A9F8F7F9BCDCC7E300787F3BDD4516
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: configs.conf, Detection: malicious, Browse Filename: long.elf, Detection: malicious, Browse Filename: zf, Detection: malicious, Browse Filename: test, Detection: malicious, Browse
Reputation:	low
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: anacron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Run anacron jobs.# Description: The first purpose of this script is to run anacron at.# boot so that it can catch up with missed jobs. Note.# that anacron is not a daemon. It is run here just once.# and is later started by the real cron. The second.# purpose of this script is that said cron job invokes.# this script to start anacron at those subsequent times,.# to keep the logic in one place..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin..test -x /usr/sbin/anacron \|\| exit 0.test -r /etc/default/anacron && . /etc/default/anacron... /lib/lsb/init-functions..case "$1" in. start). if init_is_upstart 2>/dev/null; then. exit 1. fi. log

/etc/init.d/apparmor

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3779
Entropy (8bit):	5.2470698847805135
Encrypted:	false
SSDEEP:	96:tFCjnn83hjzpn1zJNSNuDNBqNPoNpGbANEFjgG9M3zR9hszR9hxR1:yjn4hjRX9uL1
MD5:	94076817C47CE2C2B68D8341C0BCDF52
SHA1:	6696D7BE70E568B75869CA456ED530C5E95B869A
SHA-256:	79FDD1C9ACE1EA85FCB742656B9FF661B86D4F12AE13897D5687EBC6FB545658
SHA-512:	834B17AD9B1B4027DFF7B00500C1EC8F111AC90B1DA443BB5615C808E3AB31FC399C563D6D8FCA2C5373E04BDB1A47CFB5B14296A96FD43FCEF9DAD20E31D41D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# ----------------------------------------------------------------------.# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007.# NOVELL (All rights reserved).# Copyright (c) 2008, 2009 Canonical, Ltd..#.# This program is free software; you can redistribute it and/or.# modify it under the terms of version 2 of the GNU General Public.# License published by the Free Software Foundation..#.# This program is distributed in the hope that it will be useful,.# but WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License.# along with this program; if not, contact Novell, Inc..# ----------------------------------------------------------------------.# Authors:.# Steve Beattie <steve.beattie@canonical.com>.# Kees Coo

/etc/init.d/apport

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3003
Entropy (8bit):	5.212529403563785
Encrypted:	false
SSDEEP:	48:WSV/OxxHuoBusZABLm/tiUmZanXdBuSZWg/e/fupjZDGdxboGxzh:rV/OxNDBusZABLm1BmeXbuSZWg2/OFOj
MD5:	7A68C5018478E06295DAFF010042666E
SHA1:	6B7CD01BEDA8175CF769F0AC87493102F62828E5
SHA-256:	6F56E6594FC6A2E58764AB346306B98F1457FE2B89626569F8AECFDE5E1F57BD
SHA-512:	4B630C504FF200CA2B6EFFFF43B263E205ACAD72D9BBD687C9D5905E38C32324B6C65C17B2AFC59229A3BB621649EB8D3B7301D740E6DF7657213484EB394B97
Malicious:	true
Reputation:	low
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: apport.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: automatic crash report generation.### END INIT INFO..DESC="automatic crash report generation".NAME=apport.AGENT=/usr/share/apport/apport.SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$AGENT" ] \|\| exit 0..# read default file.enabled=1.[ -e /etc/default/$NAME ] && . /etc/default/$NAME \|\| true..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..#.# Function that starts the daemon/service.#.do_start().{..# Return..# 0 if daemon has been started..# 1 if daemon was already running..# 2 if daemon could not be started...[ -e /var/crash ] \|\| mkdir -p /var/crash..chmod 1777 /var/crash...# check for kernel crash dump, convert it to apport report..if [

/etc/init.d/atd

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1110
Entropy (8bit):	5.052909980456182
Encrypted:	false
SSDEEP:	24:ajpGw2hO8Bx8fwKFZru5qZD5pYmPI5r0S69OY:WQ/h7AxpuYxImgW91
MD5:	B4F9DBD46368F9B556C71F4DDB49501A
SHA1:	300E2EEA8DCB32905CB890567B89B8E40FDE00D3
SHA-256:	F776379B49FF87833B0325D33C8F481D6DF57891A3E428606ED743DE5F2E92D0
SHA-512:	B2D361EFB1A00C4105CC838E148F1B18EEC1C07B994EB4960FAD51DBEF34B439C69FA2DAB4379E9A58BEEA3D3C0F278DF5E53BA48911C1F5F1732D71A52AF7B5
Malicious:	true
Reputation:	low
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: atd.# Required-Start: $syslog $time $remote_fs.# Required-Stop: $syslog $time $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Deferred execution scheduler.# Description: Debian init script for the atd deferred executions.# scheduler.### END INIT INFO.#.# Author:.Ryan Murray <rmurray@debian.org>.#..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/atd.PIDFILE=/var/run/atd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting deferred execution scheduler" "atd"..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping deferred execution scheduler" "atd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. force-reload\|restart). $0 stop. $0 start. ;;. status). status_of_proc -p $PIDFILE $DAEMON atd && exit 0 \|\| exit $?. ;;.

/etc/init.d/avahi-daemon

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2440
Entropy (8bit):	4.845073694120317
Encrypted:	false
SSDEEP:	48:UQs2V+ig+Ui83MZoJQukTSxVC2/ulSA0uv3uKv2ZsGyjyRfF/zsDE7Et:Z3oijU4ukTSVuP0uv3uKvdJORNADHt
MD5:	E514BF28341EE5F4FD4D08EAA3C8B22E
SHA1:	4F8CE7B3818D3434241727E96CAC57A97841F273
SHA-256:	F0F5C3FBB256E829C906D388FB0184F7E9BA1F035D6E6CEB955D4326B0163A09
SHA-512:	CCA1D84894E899EDD9100C35FADAF4C33F7573AEBA0800A3CE98AAFC68A35E314CC9D691F371CBCF5F7C9A1F43F109ACE0953E2F2F2F980D3BE6217C948B5E16
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: avahi avahi-daemon.# Required-Start: $remote_fs dbus.# Required-Stop: $remote_fs dbus.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Avahi mDNS/DNS-SD Daemon.# Description: Zeroconf daemon for configuring your network .# automatically.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC="Avahi mDNS/DNS-SD Daemon".NAME="avahi-daemon".DAEMON="/usr/sbin/$NAME".SCRIPTNAME=/etc/init.d/$NAME..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Include avahi-daemon defaults if available..test -f /etc/default/avahi-daemon && . /etc/default/avahi-daemon..DISABLE_TAG="/var/run/avahi-daemon/disabled-for-unicast-local"..#.# Function that starts the daemon/service..#.d_start() {. $DAEMON -c && return 0.. if [ -e $DISABLE

/etc/init.d/binfmt-support

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1214
Entropy (8bit):	5.0542734684338075
Encrypted:	false
SSDEEP:	24:ajpG3V6yXngSBVSBNyj6edNHcBcNCekvx2w5mw+76opY:WQ3ZngWVWNMNH0YCbJ2w4wrR
MD5:	32C86D2E35824FF62373286AEDE64C92
SHA1:	29938D9E60B2993C26F026EA7EF39067795AC2B0
SHA-256:	D6A3304A27527A4171B7A73C94D4125A2EC52AB7F0FDFAB53E3C676F4DCAC886
SHA-512:	705231C48A8A684B3B10B4A9D278D317404AE4DD365645563C8654AB13DDAE2A61D39ABF70F4AD6ED376F7AAF9F69BE76AB810024C0DF424248EFBF7F4E8A72A
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: binfmt-support.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Support for extra binary formats.# Description: Enable support for extra binary formats using the Linux.# kernel's binfmt_misc facility..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=binfmt-support.DESC="additional executable binary formats"..if [ "$(uname)" != Linux ]; then. exit 0.fi..which update-binfmts >/dev/null 2>&1 \|\| exit 0... /lib/lsb/init-functions.[ -r /etc/default/rcS ] && . /etc/default/rcS..set -e.CODE=0..case "$1" in. start). log_daemon_msg "Enabling $DESC" "$NAME". update-binfmts --enable \|\| CODE=$?. log_end_msg $CODE. exit $CODE. ;;.. stop). log_daemon_msg "Disabling $DESC" "$NAME". update-binfmts --disable \|\| CODE=$?. log

/etc/init.d/bluetooth

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3007
Entropy (8bit):	5.400575707693715
Encrypted:	false
SSDEEP:	48:WQ1OoPrcMbC/BUUzGrm92+kbM9b5LmilQoOZoKkkFDM+Zh9Y1FDMrVOtc:j9TcWC/BUeem92R4t5LR+t5X9eYIO
MD5:	6001C051B53CE3C3F16E734A541D0080
SHA1:	4E56C265AC7F2621629980AF669CBC4A0FCAA089
SHA-256:	6048BF9F65908D8DF63F9EEA004019FADCF0E612E1253A2555540BEF32AE8431
SHA-512:	858A340935A73A3377013E43B2E4F5877337FDBA26E16C1F4AD709B51867FC067E4C1F1A2857F553805093FAF4680C67DC1EA59C9B15AD58FDDD8C93C93D2C38
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: bluetooth.# Required-Start: $local_fs $syslog $remote_fs dbus.# Required-Stop: $local_fs $syslog $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Start bluetooth daemons.### END INIT INFO.#.# bluez Bluetooth subsystem starting and stopping.#.# originally from bluez's scripts/bluetooth.init.#.# Edd Dumbill <ejad@debian.org>.# LSB 3.0 compilance and enhancements by Filippo Giunchedi <filippo@debian.org>.#.# Updated for bluez 4.7 by Mario Limonciello <mario_limonciello@dell.com>.# Updated for bluez 5.5 by Nobuhiro Iwamatsu <iwamatsu@debian.org>.#.# Note: older daemons like dund pand hidd are now shipped inside the.# bluez-compat package..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DESC=bluetooth..DAEMON=/usr/sbin/bluetoothd.HCIATTACH=/usr/bin/hciattach..BLUETOOTH_ENABLED=0.HID2HCI_ENABLED=1.HID2HCI_UNDO=1..SDPTOOL=/usr/bin/sdptool..# If you want to be ignore error of "

/etc/init.d/console-setup.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1271
Entropy (8bit):	4.298242079723382
Encrypted:	false
SSDEEP:	24:UpGlBiewtKzeBcxao8/z3ejhbJckS5gzjdJ2ZWkZg7zcOqbQ:UQ3KKzYcY/LshbJckS5gJ28kG7A9bQ
MD5:	80F1F76E4D0260B6AA850B3C0F9C258C
SHA1:	FD8938078EEC8B8D0DA90E8E540AC4896851B4AA
SHA-256:	FD807A79F63BA6DA9E2AA6B2FE2F6BA9FA5B56B7B547920B936DEA059FA5D88C
SHA-512:	E16200C8449AE5D3912424C843C18C0E1F894DE3163377218496958405906315540DFB16E4940B32898FA153039F5461EB1695FC32BFC267BEB076C75983D563
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: console-setup.sh.# Required-Start: $remote_fs.# Required-Stop:.# Should-Start: console-screen kbd.# Default-Start: 2 3 4 5.# Default-Stop:.# X-Interactive: true.# Short-Description: Set console font and keymap.### END INIT INFO..if [ -f /bin/setupcon ]; then. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {.. if [ "$1" -eq 0 ]; then.. echo done... else.. echo failed... fi. }. fi. log_action_begin_msg "Setting up console font and keymap". if /lib/console-se

/etc/init.d/cron

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3098
Entropy (8bit):	4.906689770969694
Encrypted:	false
SSDEEP:	48:UQPMic6MicW4dJIrcz8WD23fK2LAb38CkFATwuMoZisTdDKoA3gHML3:dE3s4dJWRWD23y2Lgs3yTtMnidD/A3gq
MD5:	E33C4BEAD082234E4CCEB1F6163AEF3B
SHA1:	84947EA0C84B140F61F1C9998BFD02D04132B3E6
SHA-256:	30460EC8D03B4275EE3926DEBFC515C3C9B4803F4C3B730B3C892C32538B5917
SHA-512:	D8CA919685F2997609174E47F0343D946F842C6B2DEE28DC3527FB6D0839180AD692E52954EBB724DD328E548F755875F15CC5839D6F875B296F3A71F3AD7E6D
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# Start/stop the cron daemon..#.### BEGIN INIT INFO.# Provides: cron.# Required-Start: $remote_fs $syslog $time.# Required-Stop: $remote_fs $syslog $time.# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Regular background program processing daemon.# Description: cron is a standard UNIX program that runs user-specified .# programs at periodic scheduled times. vixie cron adds a .# number of features to the basic UNIX cron, including better.# security and more powerful configuration options..### END INIT INFO..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DESC="cron daemon".NAME=cron.DAEMON=/usr/sbin/cron.PIDFILE=/var/run/crond.pid.SCRIPTNAME=/etc/init.d/"$NAME"..test -f $DAEMON \|\| exit 0... /lib/l

/etc/init.d/cryptdisks

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	976
Entropy (8bit):	5.176640217589351
Encrypted:	false
SSDEEP:	12:ajZW0Gy4BTty5r2MVOc4qVp1b7NBq2dS1uaqLgcIcr3crmjcdpEMyuDHkkGKErIf:ajpGVT5MQsL1bPq2MK9cr/ZkVyKDpj+
MD5:	8B081966733F70D7783C055CE460585E
SHA1:	04B646D1F5DE7AB02F1834F33C44BD91F8B7FF7A
SHA-256:	E9EEE85806482EBBD54B7E581536194446C41BDC77757404BC00D82F21AD5F00
SHA-512:	9F1A555D5DE2538590C7CDC12B9F396F55D1BE4F946151780DCF798EC2A24A57204476267A407011EAFCE95C14A79C1BAC1DEA3BAB0BFF750A9ADFAD7FAEAB00
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cryptdisks.# Required-Start: checkroot cryptdisks-early.# Required-Stop: umountroot cryptdisks-early.# Should-Start: udev mdadm-raid lvm2.# Should-Stop: udev mdadm-raid lvm2.# X-Start-Before: checkfs.# X-Stop-After: umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup remaining encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="remaining".DEFAULT_LOUD="yes"..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac.

/etc/init.d/cryptdisks-early

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	935
Entropy (8bit):	5.17680759768536
Encrypted:	false
SSDEEP:	12:ajZW0Gy2BTCZN2MVW4qVS5sNBq2dX9qLgcIcr3crmZm2dpBdMyuDHkkGKErIKDqv:ajpG/TTMkw5Mq2CiKYZkVyKDvj+
MD5:	63BDDADA4BD5A31602FD234305BD4477
SHA1:	31567A8005708E5A1F13F84E86E789D5B77694C6
SHA-256:	2BBC39A8857250B016578FE60A4B3B5954690FDBEA1A5CB3597EA499302A123D
SHA-512:	7FC4E64999CEB85357F7F56F591E83962DC43A0910D5D245A1B90703A10FDA5495E60FD846CA1DF59DBDDF16193E0A3E3E165C1CBCE4B59F9C49DA194D8C07E1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cryptdisks-early.# Required-Start: checkroot.# Required-Stop: umountroot.# Should-Start: udev mdadm-raid.# Should-Stop: udev mdadm-raid.# X-Start-Before: lvm2.# X-Stop-After: lvm2 umountfs.# X-Interactive: true.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Setup early encrypted block devices..# Description:.### END INIT INFO..set -e..if [ -r /lib/cryptsetup/cryptdisks-functions ]; then... /lib/cryptsetup/cryptdisks-functions.else..exit 0.fi..INITSTATE="early".DEFAULT_LOUD=""..case "$CRYPTDISKS_ENABLE" in.[Nn])..exit 0..;;.esac..case "$1" in.start)..do_start..;;.stop)..do_stop..;;.restart\|reload\|force-reload)..do_stop..do_start..;;.force-start)..FORCE_START="yes"..do_start..;;.)..echo "Usage: cryptdisks-early {start\|stop\|restart\|reload\|force-reload\|force-start}"..exit 1..;;.esac.

/etc/init.d/cups

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2843
Entropy (8bit):	5.225301716102254
Encrypted:	false
SSDEEP:	48:WQ6MLNMwmbAzAZVCoLqLVe1J6NH/qAh1UoAaYmUoG/FVv/FkG/UoG/FZRetsR:jBWwmEMZVChDB7UoAaZUoGDvuG/UoGzX
MD5:	51D08ADD7DE19D7820C8E3CBF163F87E
SHA1:	40C42445358DF51318E648933123CD6AA30577CB
SHA-256:	84BD04911A2301D915D21A17BCD1929F17DFF0ACEC0AF0E89FA2539FEC129317
SHA-512:	9C3EB6A0F8D524F8558F88EFECFA73D7322435D7E4D808465760C9C0A80CC25662CC1429ADEF3C24067DC00E0D64290C5D043D7B8D4D20EFA72366B530D9965C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cups.# Required-Start: $syslog $remote_fs.# Required-Stop: $syslog $remote_fs.# Should-Start: $network avahi-daemon slapd nslcd.# Should-Stop: $network.# X-Start-Before: samba.# X-Stop-After: samba.# Default-Start: 2 3 4 5.# Default-Stop: 1.# Short-Description: CUPS Printing spooler and server.# Description: Manage the CUPS Printing spooler and server;.# make it's web interface accessible on http://localhost:631/.### END INIT INFO..# Author: Debian Printing Team <debian-printing@lists.debian.org>..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/cupsd.NAME=cupsd.PIDFILE=/run/cups/$NAME.pid.DESC="Common Unix Printing System".SCRIPTNAME=/etc/init.d/cups..unset TMPDIR..# Exit if the package is not installed.test -x $DAEMON \|\| exit 0..mkdir -p /run/cups/certs.[ -x /sbin/restorecon ] && /sbin/restorecon -R /r

/etc/init.d/cups-browsed

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2000
Entropy (8bit):	5.153047261673086
Encrypted:	false
SSDEEP:	48:WQmU3mK7xpvyCKyhfPV5upSYf54v6YSBFQJvFO2L:jj3FpjhnV5upSYuv3ScJY2L
MD5:	78B63A9E0908C2B032833FF0346E02EA
SHA1:	0EE1F3B30BC1D9DE50E35124A943E1F8FCD74195
SHA-256:	2177D721D43FD27F6411DC9E101EF145CC5980A96D0237ACEBF4766BB0C22CF0
SHA-512:	2694D148BDA03998142750DE5F2AC79A89744D9CB3D415A1B3FBC1FB54FDA01A9F049166B62C4ACA5B842717447B8F112193803A8C884982AF0162C83C1B54C2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: cups-browsed.# Required-Start: $syslog $remote_fs $network $named $time.# Required-Stop: $syslog $remote_fs $network $named $time.# Should-Start: avahi-daemon.# Should-Stop: avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: cups-browsed - Make remote CUPS printers available locally.# Description: This daemon browses Bonjour broadcasts of shared remote CUPS.# printers and makes these printers available locally by creating.# local CUPS queues pointing to the remote queues. This replaces.# the CUPS browsing which was dropped in CUPS 1.6.1. For the end.# the behavior is the same as with the old CUPS broadcasting/.# browsing, but in the background the standard method for network.# service announcement and discovery, Bonjour, is used..### END INIT INFO..DAEMON=/usr/sbi

/etc/init.d/dbus

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, Unicode text, UTF-8 text executable
Category:	dropped
Size (bytes):	3191
Entropy (8bit):	5.113121886822009
Encrypted:	false
SSDEEP:	96:ZJOxbGMBPJfsQmx+xZRGWoGUuK2gY5W7zTXmg2:ZJwCufMSIr7nXmb
MD5:	0A33998A3A1F135F2B3629684EF1B5D6
SHA1:	8A219A2CD6494DC4DA7ABB4D880620F39070312B
SHA-256:	1AC3C24F56CDBCB1F947220814AE6700B793C5992718FE0127673F9818F5D974
SHA-512:	5B33E8E50226D41813EB1F1FCC472A1D74F3D43DAA0F51DF5103CA35D8A7E457B59B7449FA7783B393F84FA0FCE193C882E1FF4E880DC959FA0C5CEFE0F2DF37
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: dbus.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: D-Bus systemwide message bus.# Description: D-Bus is a simple interprocess messaging system, used.# for sending messages between applications..### END INIT INFO.# -- coding: utf-8 --.# Debian init.d script for D-BUS.# Copyright . 2003 Colin Walters <walters@debian.org>.# Copyright . 2005 Sjoerd Simons <sjoerd@debian.org>..set -e..DAEMON=/usr/bin/dbus-daemon.UUIDGEN=/usr/bin/dbus-uuidgen.UUIDGEN_OPTS=--ensure.NAME=dbus.DAEMONUSER=messagebus.PIDDIR=/var/run/dbus.PIDFILE=$PIDDIR/pid.DESC="system message bus"..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..# Source defaults file; edit that file to configure this script..PARAMS="".if [ -e /etc/default/dbus ]; then. . /etc/default/dbus.fi..create_machineid() {. # Crea

/etc/init.d/gdm3

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3072
Entropy (8bit):	5.038653841768968
Encrypted:	false
SSDEEP:	48:WQ8unF1gLpJlduwTebFGBHB4ndfPa8a59zq+N/UsCVADsZvOsFzmxOsFC2WtFj4:jdnM1JV3Bid+TaVAGvoe2WtS
MD5:	E3A97737F73D64035DEEB3ED5143D75B
SHA1:	B97122893F4DC087CD9FCC32CAA4F1D81EC0F0F0
SHA-256:	056B945B05ADC7AE3953A22BB20130AF1AF6B935AF64A7D6B00CCE32AEAAD0D6
SHA-512:	E9C25AE078D69C2FD328527634668366C79387AD807FF1AA97510C7F9A384961BF0D121E7F6AE3F0E4F34FDB63D11CA42FCC5DC9A07D6AFAE638C1A42E4D5ED9
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: gdm3.# Should-Start: console-screen dbus network-manager.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: GNOME Display Manager.# Description: Debian init script for the GNOME Display Manager.### END INIT INFO.#.# Author: Ryan Murray <rmurray@debian.org>.#.set -e..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/gdm3.PIDFILE=/var/run/gdm3.pid..test -x $DAEMON \|\| exit 0..if [ -r /etc/default/locale ]; then. . /etc/default/locale. export LANG LANGUAGE.fi... /lib/lsb/init-functions..# To start gdm even if it is not the default display manager, change.# HEED_DEFAULT_DISPLAY_MANAGER to "false.".HEED_DEFAULT_DISPLAY_MANAGER=true.DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager..activate_logind() {. # Try to dbus activate logind to avoid a race conditions if

/etc/init.d/grub-common

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	4.956631554857246
Encrypted:	false
SSDEEP:	24:ajpGPHQ5FKl8vZoV80/9BHkDPVtD9b1gT:WQfQ5glmoNlGDdtD9bc
MD5:	545D92D767EC3EF8ED431EB969FB4275
SHA1:	8B57EC42A2DF7475FD33EAEF9C3E803DA90D8126
SHA-256:	58ED3F3E6363EA0C32C0915B44A57CE3EA0DD946E56838FAF509FA10D901B6E7
SHA-512:	D1E05614D7165CD6F15E5F2CD7546CAD40E82F3A7DB07F01C264393753165860E0AA191E07A3B2F7611325D511682DB6D8D60F9EDF442AEBF88FBC2056D44817
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: grub-common.# Required-Start: $all.# Required-Stop:.# Default-Start: 2 3 4 5.# Default-Stop:.# Short-Description: Record successful boot for GRUB.# Description: GRUB displays the boot menu at the next boot if it.# believes that the previous boot failed. This script.# informs it that the system booted successfully..### END INIT INFO..which grub-editenv >/dev/null 2>&1 \|\| exit 0..# Define LSB log_* functions..# Depend on lsb-base (>= 3.0-6) to ensure that this file is present... /lib/lsb/init-functions..case $1 in. start\|restart\|force-reload)..log_action_msg "Recording successful boot for GRUB"..[ -s /boot/grub/grubenv ] \|\| rm -f /boot/grub/grubenv..mkdir -p /boot/grub..grub-editenv /boot/grub/grubenv unset recordfail..log_end_msg $?..;;. stop)..;;. status)..exit 0..;;. *)..echo "Usage: $0 {start\|stop\|status\|restart\|force-reload}" >&2..

/etc/init.d/hddtemp

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3099
Entropy (8bit):	5.250653281885159
Encrypted:	false
SSDEEP:	48:UnetQlU+vdYb5tM7yL7yi47yIrrFXc6YRy50JDRABzNJuhCv8Z//UZJ7iuT052mS:RtQlTd65tp6iNgcLREQWAsUkTo2mS
MD5:	2409D10195239A2A2495B66FEB312E73
SHA1:	AFE31E47B8FFDF42253F5FBDBAD4C221575C2775
SHA-256:	1F4610D7E36FA74904C70A3F0D8A53F24960B19222534D1A54EE6B1FBDC3D771
SHA-512:	5ED09E097899EC1399FEF52EF688ACE903E1A4EFC6BBF11A46AB95FAE7B294A6470FF7C3C534AE8D46526FF6BFE183CAAE6D93C37AFA18FE737F08D0397B47B5
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# skeleton example file to build /etc/init.d/ scripts..# This file should be used to construct scripts for /etc/init.d..#.# Written by Miquel van Smoorenburg <miquels@cistron.nl>..# Modified for Debian GNU/Linux.# by Ian Murdock <imurdock@gnu.ai.mit.edu>..#.# Version: @(#)skeleton 1.8 03-Mar-1998 miquels@cistron.nl.#..### BEGIN INIT INFO.# Provides: hddtemp.# Required-Start: $remote_fs $syslog $network.# Required-Stop: $remote_fs $syslog $network.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: disk temperature monitoring daemon.# Description: hddtemp is a disk temperature monitoring daemon.### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.NAME=hddtemp.DAEMON=/usr/sbin/$NAME.DESC="disk temperature monitoring daemon"..DISKS="/dev/hd[a-z] /dev/hd[a-z][a-z]".DISKS="$DISKS /dev/sd

/etc/init.d/hwclock.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3848
Entropy (8bit):	5.144506024386939
Encrypted:	false
SSDEEP:	96:yYqy3be4txLsMwqTZL1FFTEaTfNvagXQwjVjNvaYXNkeQD:ZZbxtXFZpBTfNvawpjNva4e
MD5:	A3DB5CF382C86CFD56786267EF88D84C
SHA1:	621D8398E547DDAD041825421F2315F54248B715
SHA-256:	9C6874FA0AFA7B4AC34EA0CD4B46B2CB8A872CB1A81D1F97268C35D2B42DB6B5
SHA-512:	72E63492F33ED50D860FE2CEE4EDF4B8AF70C27C63D727DBD27B57C483DCDED3ADD07A62B1E4BDD8423EFEF25C31DBD91E761B87C363EC207276D17EA4BC62A8
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# hwclock.sh.Set and adjust the CMOS clock..#.# Version:.@(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl.#.# Patches:.#..2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>.#.. - Minor cosmetic changes in an attempt to help new.#.. users notice something IS changing their clocks.#.. during startup/shutdown..#.. - Added comments to alert users of hwclock issues.#.. and discourage tampering without proper doc reading..# 2012-02-16 Roger Leigh <rleigh@debian.org>.# - Use the UTC/LOCAL setting in /etc/adjtime rather than.# the UTC setting in /etc/default/rcS. Additionally.# source /etc/default/hwclock to permit configuration...### BEGIN INIT INFO.# Provides: hwclock.# Required-Start: mountdevsubfs.# Required-Stop: mountdevsubfs.# Should-Stop: umountfs.# Default-Start: S.# X-Start-Before: checkroot.# Default-Stop: 0 6.# Short-Description

/etc/init.d/irqbalance

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.989413787307676
Encrypted:	false
SSDEEP:	48:UQ2ZPnWGmH6TMV5m11QU7NXCWbgxxsXuHtpyBMbtKxxsDYV/BkHh:Z2Z/WbZnm11LNyWcxKXuHtcBMbtKxKD1
MD5:	F8F111F6E16240A4663C1B1EFE8B2BDD
SHA1:	E3F8CD89E1E1290CDED65C1110F7719231C01B52
SHA-256:	4C20F8511BD9212861616B39D109B4EBE4147EA3DA84427456F57023B2CE000B
SHA-512:	9437CD01572735043C0F176E792790E1EF384226BBFD393AC3CC0B4895068EB88663C91265B9889E3CB86AC1904202CB9ED31B32FEE6A56CFFAD6D9EE2C1DE1B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: irqbalance.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: daemon to balance interrupts for SMP systems.### END INIT INFO.# irqbalance init script.# August 2003.# Eric Dorland..# Based on spamassassin init script..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/irqbalance.NAME=irqbalance.SNAME=irqbalance.DESC="SMP IRQ Balancer".PIDFILE="/run/$NAME.pid".PNAME="irqbalance".DOPTIONS=""..# Defaults - don't touch, edit /etc/default/.OPTIONS=""..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/irqbalance && . /etc/default/irqbalance..# Beware: irqbalance tries to read and handle environment variables.# directly itself, but since start-stop-daemon clears the env.# we convert the variables to commandline arguments here....# (Note: in the daemon an option is enabled eve

/etc/init.d/iscsid

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1542
Entropy (8bit):	4.962938769428281
Encrypted:	false
SSDEEP:	24:Upfw/YpMr8MICUV7OlfrDNhay+HNCNclH3U8lrQ5l8u4uu8E:UEuMAMICu7OlN+UclH3U8lc/ZW8E
MD5:	AEC2C14084B8C481BF2A0E18E1BFD5B6
SHA1:	92E0E58A90F0E38FB2416FFA47B7712CBD987A71
SHA-256:	D30B90BCFEBF19F4EB727147C3F3BF5F019D0A6E97B1BA7C7C457F325DD7B562
SHA-512:	70939B66BF10040B3AEEA660787F711E51679D23CDC1E198BD58BCC9FF2AE348F0BE1CFF113B2612E72A3EAC8F2F5E1F7BF54300D43A7BC5369C731B4407D497
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: iscsid.# Required-Start: $network $local_fs.# Required-Stop: $network $local_fs sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: iSCSI initiator daemon (iscsid).# Description: The iSCSI initiator daemon takes care of.# monitoring iSCSI connections to targets. It is.# also the daemon providing the interface for the.# iscisadm tool to talk to when administering iSCSI.# connections..### END INIT INFO..# Author: Christian Seiler <christian@iwakd.de>..DESC="iSCSI initiator daemon".DAEMON=/sbin/iscsid.PIDFILE=/run/iscsid.pid.OMITDIR=/run/sendsigs.omit.d..do_start_prepare() {..if ! /lib/o

/etc/init.d/kerneloops

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3170
Entropy (8bit):	5.247344555025115
Encrypted:	false
SSDEEP:	96:ji8+8hGGv8uwtusZABLm1tdWzNnuSZWg2dtdIeLEMNI:j9G+/wt81ZerzE2I
MD5:	164462F73344BB280CF5DCDECE1C89FE
SHA1:	7761485217EF07120DA93CB7AB3513F8524D8E89
SHA-256:	1AA2FCFDAF1A2C62E3377A5BDC0C68B20CE4662E958FC24D48C87B8249F4D6F1
SHA-512:	FF8697B2DD3216EC878C5639E024DD57A6912B4BF09A83BEAADC4A470ADD989C28645788D07CADEF88262FDAB9B99FA3C1B1B9A385BB2EEAD308F7CB3B1DE3DD
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: kerneloops.# Required-Start: $remote_fs $named $network $time $syslog.# Required-Stop: $remote_fs $named $network $time $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Tool to automatically collect and submit kernel crash signatures.# Description: A tool that collects and submits kernel crash.# signatures to the http://oops.kernel.org website for use by the Linux.# kernel developers..### END INIT INFO..# Author: Laurent Bigonville <bigon@debian.org>..# Do NOT "set -e"..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="Kernel crash collector".NAME=kerneloops.DAEMON_ARGS=--nodaemon.DAEMON=/usr/sbin/$NAME.PIDFILE=/var/run/$NAME.pid.SCRIPTNAME=/etc/init.d/$NAME.ENABLED=1..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read confi

/etc/init.d/keyboard-setup.sh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1518
Entropy (8bit):	4.289191042981506
Encrypted:	false
SSDEEP:	24:UpGXx5g19o+yHtKzeBcxao8/z3ejhbJckS57EdJATZWkZgh5zcOqbQ:UQXfgD1yNKzYcY/LshbJckS5MJAT8kGX
MD5:	EA0D435B8DEEF95B8EB95F1DE4FF49B0
SHA1:	206EEBB0D1D0E9853F753F3D9058C2B9BF520497
SHA-256:	0E2E77D4F1FB9444FE24A07F5AF104876C9E8EAF4C9E5A6469DF5A8A49FE9632
SHA-512:	1DED4FCA460F5921EE47CBD11FCC1077392862F958BDBD340CCA3C5A5AE07F0E3CCDB920EE05152AEE7A1C9AE4F6F2764A8C99B8760907F631473E7695B9F365
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: keyboard-setup.sh.# Required-Start: mountkernfs.# Required-Stop:.# X-Start-Before: checkroot.# Default-Start: S.# Default-Stop:.# X-Interactive: true.# Short-Description: Set the console keyboard layout.# Description: Set the console keyboard as early as possible.# so during the file systems checks the administrator.# can interact. At this stage of the boot process.# only the ASCII symbols are supported..### END INIT INFO..if [ -f /bin/setupcon ]; then. case "$1" in. stop\|status). # console-setup isn't a daemon. ;;. start\|force-reload\|restart\|reload). if [ -f /lib/lsb/init-functions ]; then. . /lib/lsb/init-functions. else. log_action_begin_msg () {.. echo -n "$@... ". }.. log_action_end_msg () {..

/etc/init.d/kmod

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2083
Entropy (8bit):	4.883714525715849
Encrypted:	false
SSDEEP:	24:spGUxLADBzBQYDMAKjqg3UlfbcMZC/tCYJGMsMHwDa10ig/CeZNRGglclYt:sQ/dtQYxKjRQfby/oYJbJQA0i6PvN
MD5:	237FE08A17E56817785A569EA472F3D7
SHA1:	4285D859E16A2347DA487A71C7D7C8864B862030
SHA-256:	5B8A5DB318872E51723B6CEC7A2C39367272CB3FD089A2C007469D97F29C2215
SHA-512:	92623A940B70B0B0B293D74595947159A09ECDF99A6AC425A6DC833D1DE1D95E73516A4B5A63B32C87FACC17C1CC1939BDD741F6B0F1CB9BDEE4F203B37A569C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: kmod.# Required-Start: .# Required-Stop: .# Should-Start: checkroot.# Should-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Load the modules listed in /etc/modules..# Description: Load the modules listed in /etc/modules..### END INIT INFO..# Silently exit if the kernel does not support modules..[ -f /proc/modules ] \|\| exit 0.[ -x /sbin/modprobe ] \|\| exit 0..[ -f /etc/default/rcS ] && . /etc/default/rcS.. /lib/lsb/init-functions..PATH='/sbin:/bin'..case "$1" in. start). ;;.. stop\|restart\|reload\|force-reload). log_warning_msg "Action '$1' is meaningless for this init script". exit 0. ;;.. *). log_success_msg "Usage: $0 start". exit 1.esac..load_module() {. local module args. module="$1". args="$2".. if [ "$VERBOSE" != no ]; then. log_action_msg "Loading kernel module $module". modprobe $module $args \|\| true. else. modprobe $module $args

/etc/init.d/lightdm

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3470
Entropy (8bit):	5.277433159012979
Encrypted:	false
SSDEEP:	48:UAbmo8vyUjH3J+cNrWId4KF9wDeX3/FI/F7R7cJ0IB+rd/g1ZsbHaXeZ4td/WzvQ:x8z3J+cNiR8SzGqJHyrDubTMlt
MD5:	70094A8C1A43A24447D18C9B11123238
SHA1:	030471DAE39A16934722E1B5B694CC3A1BBA14C1
SHA-256:	8A464FC5B68C5456B3E212E313BF5FD494325B0520827921B68875DD3F12A2EF
SHA-512:	711AF8F27A51D384F0AC0F1B2B7264F4230B1E39898914F8D725BF76A45B731BC49E998908E8836EAC01AB57948FB0B4112AC929D50CA701C5662EAC36FBB609
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..# Largely adapted from xdm's init script:.# Copyright 1998-2002, 2004, 2005 Branden Robinson <branden@debian.org>..# Copyright 2006 Eugene Konev <ejka@imfi.kspu.ru>.#.# This is free software; you may redistribute it and/or modify.# it under the terms of the GNU General Public License as.# published by the Free Software Foundation; either version 2,.# or (at your option) any later version..#.# This is distributed in the hope that it will be useful, but.# WITHOUT ANY WARRANTY; without even the implied warranty of.# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.# GNU General Public License for more details..#.# You should have received a copy of the GNU General Public License with.# the Debian operating system, in /usr/share/common-licenses/GPL; if.# not, write to the Free Software Foundation, Inc., 51 Franklin Street, .# Fifth Floor, Boston, MA 02110-1301, USA...### BEGIN INIT INFO.# Provides: lightdm.# Required-

/etc/init.d/lm-sensors

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	922
Entropy (8bit):	5.092995564173827
Encrypted:	false
SSDEEP:	12:UZW0QCpBMHQHf7Wc9rlVYhRwDyh0QvstXoiXmH0+QhKDydO6aock1j6yLRujvlT:UpQi4WyM/Iwfp2Hjq13s
MD5:	1C37E2E8184FD2FDA91BF40BD520150F
SHA1:	175179F09CA31453686A0BCA2441B5AD5B07C35B
SHA-256:	6449958A37F3ADF92EE0B203CB3E163B7F7FD803D7BB77BF39B250E240D847AE
SHA-512:	F2B48A34DCE87C240D95CA701E28936DF8C85434017DEB3632E0ED6A18E21A3A711AC11C3F53A209B8C849E8BA86836349A15704149DB4CA6D2CD12D89BD2EC9
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: lm-sensors.# Required-Start: $remote_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: lm-sensors.# Description: hardware health monitoring.### END INIT INFO... /lib/lsb/init-functions..[ -f /etc/default/rcS ] && . /etc/default/rcS.PATH=/bin:/usr/bin:/sbin:/usr/sbin.PROGRAM=/usr/bin/sensors..test -x $PROGRAM \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting sensors limits"..if [ "$VERBOSE" = "no" ]; then.../usr/bin/sensors -s 1> /dev/null 2> /dev/null.../usr/bin/sensors 1> /dev/null 2> /dev/null..else.../usr/bin/sensors -s.../usr/bin/sensors > /dev/null..fi..log_action_end_msg 0..;;. stop)..;;. force-reload\|restart)..$0 start..;;. status)..exit 0..;;. *)..log_success_msg "Usage: /etc/init.d/lm-sensors {start\|stop\|restart\|force-reload\|status}"..exit 1.esac..exit 0.

/etc/init.d/lvm2

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	734
Entropy (8bit):	5.196958720698973
Encrypted:	false
SSDEEP:	12:UZW0GNBwO12MVy6Pl4YS1C4t6zkhcSRwDy00Ms8DBxrzvFyURujivFhbyNb:UpGrsMHPvS1C4aOvwgMsGv75vWb
MD5:	400A795660A36BC2E5C4A0487E40C9EA
SHA1:	B9F358372C9D157C7CE3A60491586EF293C508CE
SHA-256:	6BD2551EA4C947A740998966A2170F995CADAB10628A2BD006D3CF2A536E4DCD
SHA-512:	9A2FC3AABC469E4769E7F42B607BECF246D07C0B2E54BBCF8B469E99F44F92F6E231C21CEFBBB328AF5D168B5FDA30F09B66F2AF437D1E15A6BFF5572105027D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: lvm2 lvm.# Required-Start: mountdevsubfs.# Required-Stop:.# Should-Start: udev mdadm-raid cryptdisks-early multipath-tools-boot.# Should-Stop: umountroot mdadm-raid.# X-Start-Before: checkfs mountall.# X-Stop-After: umountfs.# Default-Start: S.# Default-Stop:.### END INIT INFO..SCRIPTNAME=/etc/init.d/lvm2... /lib/lsb/init-functions..[ -x /sbin/vgchange ] \|\| exit 0..case "$1" in. start)..log_action_begin_msg "Setting up LVM Volume Groups"../sbin/lvm vgchange -aay --sysinit >/dev/null..log_action_end_msg "$?"..;;. stop\|restart\|force-reload\|status)..;;. *)..echo "Usage: $SCRIPTNAME start" >&2..exit 3..;;.esac..

/etc/init.d/lvm2-lvmpolld

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	625
Entropy (8bit):	5.320004352093456
Encrypted:	false
SSDEEP:	12:UZW0pdRDNeBuYremCU33VLBa5kI5GKq9XquaZ+w2CjX:Upfw/lti9OXyljX
MD5:	4C535177E2C0123329DE7B41F3B5B5A1
SHA1:	62FAED3252EAF2DE3222576242D6BA1A2772C970
SHA-256:	B59430BB8361A951409F89A4B437EBBA2C4A425C582AA7F36D1325B865F3EA72
SHA-512:	E18FA33DBBBDEBC7516E61EBA9B9B257A24BBB4A1D6A3549CAB9A56B271EFC95C1B050826BFC8B1AF586D2209855E4AF3EC81902FD216762E0F195B218D3E8F5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: lvm2-lvmpolld.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: LVM2 poll daemon.### END INIT INFO..DESC="LVM2 poll daemon".DAEMON=/sbin/lvmpolld.DAEMON_ARGS="-t 60".PIDFILE=/run/lvmpolld.pid..do_start_prepare() {. mkdir -m 0700 -p /run/lvm.}.

/etc/init.d/mono-xsp4

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2454
Entropy (8bit):	5.317734484233596
Encrypted:	false
SSDEEP:	48:WQHvaUX9Q3esRt3r74UWNr/42jwkUqmA4UO4pTjmCjVwUf:jPaUX0eSt3nLczCwHbjmCjVwI
MD5:	6032B80496538085991D869E1CEF0337
SHA1:	AB34DF125445735F2D00655586BDF0934780888D
SHA-256:	1C4D343770ECA4DFBFACBEB62F3B71B7D1EACB7BABF70B2B195A9C5D0911F28A
SHA-512:	57019878E08B7544AF7353F17D2AAD3CAECCECDDEDE1CAADA4CC59F2F2A0CC3E7782AEC45C15B6CB90587F1394F11EE5E25866F0A9C3AF172DEBB6960A576DFC
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: mono-xsp4.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Should-Start: .# Should-Stop:.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Mono XSP4.# Description: Debian init script for Mono XSP4..### END INIT INFO.#.# Written by Pablo Fischer <pablo@pablo.com.mx>.# Dylan R. E. Moonfire <debian@mfgames.com>.# Modified for Debian GNU/Linux.#.# Version:.@(#)mono-xsp4 pablo@pablo.com.mx.#..# Variables.PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/xsp4.NAME=mono-xsp4.DESC="XSP 4.0 WebServer".DEFAULT=/etc/default/$NAME.CFGDIR=/etc/xsp4.VIRTUALFILE=$CFGDIR/debian.webapp.MONO_SHARED_DIR=/var/run/$NAME.start_boot=false..# Use LSB.. /lib/lsb/init-functions..# If we don't have the basics, don't bother.test -x $DAEMON \|\| exit 0.test -f $DEFAULT && . $DEFAULT...if [ "x$start_boot" != "xtrue" ] ; then. ex

/etc/init.d/multipath-tools

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2866
Entropy (8bit):	5.312135888947244
Encrypted:	false
SSDEEP:	48:WQHUksR9JLtfCDCJ97TaPn1PCDCJ97TafOBUV1kqH2fQujfg6ZU149Wh7KKSKMC:jHUkwbLAD2+Pn1qD2+2qV1RHSQujQ4sh
MD5:	E5C0F27F9FB1418DF6B2DEC00EC2133D
SHA1:	96B914AE7F8136A65AC676C2FD4CB71CDF1DE146
SHA-256:	BF6FAE57D6E27D1883D1F91D35FF87EB86CFA7CB707EFF16F7F56CF7197DBB62
SHA-512:	0392EFBDBD1E20241963A0B74AA9C1E777A527763B270CDD603911246E5D87C7B6007B1974A33D3BA063A524D893E8F4A84310D15FF2444F43DEFF40EDA2A09F
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: multipath-tools.# Required-Start: udev $local_fs $remote_fs $syslog.# Required-Stop: udev $local_fs $remote_fs $syslog.# Should-Start: iscsi.# Should-Stop: iscsi.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: multipath daemon.# Description:.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin/:/usr/bin.DAEMON=/sbin/multipathd.NAME=multipathd.DESC="multipath daemon".syspath=/sys/block..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -f /etc/default/multipath-tools ] ; then... /etc/default/multipath-tools.fi..teardown_slaves().{.cd $1; .if [ -d "slaves" ]; then.for slave in slaves/;.do..if [ "$slave" = "slaves/" ]; then...read dev < $1/dev...tablename=$(dmsetup table --target multipath \| sed -n "s/$.$: . $dev .*/\1/p")...if ! [ -z $tablename ]; then....log_daemon_msg "Root is on a multipathed device, multipathd can not be stopped"....DONT_ST

/etc/init.d/network-manager

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1981
Entropy (8bit):	5.278628210284342
Encrypted:	false
SSDEEP:	48:WQ3OLVNoaieaz+uSA9eulAQAHhZd+yZ2KYUj4:j6szt+uSA9eulAQA1+3KYT
MD5:	5B01BF716BECA815051AE6800DA7152C
SHA1:	32A8AFEA62A7B7FCBA6E13EFA4DF4805D65C9F5E
SHA-256:	80590753390E1CB685397554654ADB384C4078C0C152964F1121BAFDC2CBA8CA
SHA-512:	8E2A1300B3FD4474DFC4752B865BAFD4AD4C5CE08AC939A5A5E468E1F4950F3586A3B53AE8BB94586890ACA18DC8D19B670DE22898424C52B77F4AC897CF41E1
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: network-manager.# Required-Start: $remote_fs dbus udev.# Required-Stop: $remote_fs dbus udev.# Should-Start:. $syslog.# Should-Stop: $syslog.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: network connection manager.# Description: Daemon for automatically switching network .#.. connections to the best available connection..### END INIT INFO..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DESC="network connection manager".NAME="NetworkManager"..DAEMON=/usr/sbin/$NAME..PIDFILE=/run/$NAME/$NAME.pid..SCRIPTNAME=/etc/init.d/network-manager..# Gracefully exit if the package has been removed..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..test -f /etc/default/NetworkManager && . /etc/default/NetworkManager..#.#.Function that starts the daemon/service..#.d_start() {..start-stop-daemon --start --quiet --pidfile $PIDFILE \...

/etc/init.d/open-iscsi

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2542
Entropy (8bit):	5.10762352610323
Encrypted:	false
SSDEEP:	48:WQUMRMrEm3cy8NYINgZlfEMtWBAl3ATeTPAdWINRdWdtREg02AC9ArANTcAhicV:jb2rH338yPZlff/lwA4dWIJCMDUbb
MD5:	5EED0777A077113CDE608466C6E0E422
SHA1:	2D31CD68EFAC51A6FC2EA45593EED371E9883850
SHA-256:	5AFDED26E6C266BA029E5BE5FE0426812EF7101E8A1F7305834A068E2B4090FE
SHA-512:	F3F05CD26411F81DDFA8C9727B755857C418F0894A868CF63A97BCD444F82691E943771042D8E336699AB1418B4FE984A6843FB7D83C6FC9E262AC6DECAF471C
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: open-iscsi iscsi.# Required-Start: $network $local_fs iscsid.# Required-Stop: $network $local_fs iscsid sendsigs.# Default-Start: S.# Default-Stop: 0 1 6.# Short-Description: Login to default iSCSI targets.# Description: Login to default iSCSI targets at boot and log out.# of all iSCSI targets at shutdown..### END INIT INFO..PATH=/sbin:/bin.DAEMON=/sbin/iscsid.ADM=/sbin/iscsiadm.PIDFILE=/run/iscsid.pid.NAMEFILE=/etc/iscsi/initiatorname.iscsi.CONFIGFILE=/etc/iscsi/iscsid.conf.OMITDIR=/run/sendsigs.omit.d..[ -x "$DAEMON" ] \|\| exit 0... /lib/lsb/init-functions..# Include defaults if available.if [ -f /etc/default/open-iscsi ]; then... /etc/default/open-iscsi.fi...if [ ! -d /sys/class/ ]; then. log_failure_msg "iSCSI requires a mounted sysfs, not started.". exit 0.fi..RETVAL=0..start() {..if ! [ -s $PIDFILE ] \|\| ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; th

/etc/init.d/open-vm-tools

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1885
Entropy (8bit):	4.863430460367773
Encrypted:	false
SSDEEP:	48:USa/f0aOHh8I/X/kA4pWh8FgM8QhmMl8FkgPooG2DKYUH:pa/f0aOB8If4e8j8Q8Ml8OmooG2D3a
MD5:	4E8593AFCC46826D947FF7DF86AF6FD7
SHA1:	609B7FCEC7EB30CA8D73865A4C114C06275635BB
SHA-256:	86FBF2B2538F7A01F1F51DA0CA4194C19ADDEBDA7E561E59772A3E3CD0C65C9F
SHA-512:	9D8C37A9B0CE75F192125FBE13C59EEE963111B8E23B74EFBE8D95C133639825B2DC1869DC9C2BA239F0E95405197B13F14C17004E518AC943C63F8D778EB101
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..open-vm-tools.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# X-Start-Before:.# X-Stop-After:.# Default-Start:.2 3 4 5.# Default-Stop:..0 1 6.# Description:..Runs the open-vm-tools services.# Short-Description:.Runs the open-vm-tools services.### END INIT INFO... /lib/lsb/init-functions..exit_if_not_in_vm () {. if which systemd-detect-virt 1>/dev/null; then. checktool='systemd-detect-virt'. else. checktool='vmware-checkvm'. fi.. if ! ${checktool} \| grep -iq vmware; then. echo "open-vm-tools: not starting as this is not a VMware VM". exit 0. fi.}..case "${1}" in. start). # Check if we're running inside VMWare. exit_if_not_in_vm.. log_daemon_msg "Starting open-vm daemon" "vmtoolsd". start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null \|\| exit 1.

/etc/init.d/plymouth

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1405
Entropy (8bit):	5.3081834192747115
Encrypted:	false
SSDEEP:	24:UpQsqE3A2EYVwMwRwDTMBgH2APfcVwAPYIpPgfS+xGgEIT8YojAf5XERmgLGmgOi:USsl3AhYG7RgzWAsVwAgGYfdxz58Y9f5
MD5:	8BDCF11C0150CE4668A13430EBA02C97
SHA1:	679269AD7CCFD40D1E58A9CBF3F572D73F9090D6
SHA-256:	8F4315C47A0DCE90577DAF9477FFA6129E79B96AFBC51229E7B564F2132921A3
SHA-512:	CA9CE6073B26CD95FBCA88A55891D2070FEB30A1BDA2DE70F0EC92FEE47B468D2B46C80E156332EB9CF1FD36AB2372506108A97A4E721A5552328F2974BA63AC
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..plymouth.# Required-Start:.udev $remote_fs $all.# Required-Stop:.$remote_fs.# Should-Start:..$x-display-manager.# Should-Stop:..$x-display-manager.# Default-Start:.2 3 4 5.# Default-Stop:..0 6.# Short-Description:.Stop plymouth during boot and start it on shutdown.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth".DESC="Boot splash manager"..test -x /sbin/plymouthd \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..SPLASH="true".for ARGUMENT in $(cat /proc/cmdline).do..case "${ARGUMENT}" in...splash)....SPLASH="true"....;;....nosplash\|plymouth.enable=0)....SPLASH="false"....;;..esac.done..case "${1}" in..start)...case "${SPLASH}" in....true)...../bin/plymouth quit --retain-splash.....;;...esac...;;...stop)...case "${SPLASH}" in....true).....if ! plymouth --ping.....then....../sbin/plymouthd --mode=shutdown.....fi......R

/etc/init.d/plymouth-log

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	791
Entropy (8bit):	5.280472297283459
Encrypted:	false
SSDEEP:	12:UZW0QsnBEfVmWr2lr4HhJ8PWXsbgwfGgrCRuD02ggvRiqhtcy5RujGqGRujrVgz:UpQsBEf0FlwhuPBb9GgpHggvR4MLoVI
MD5:	59B5F87A634F24C9688B22D42A656C4B
SHA1:	3B0B2E32FBBDAE0F9F1241B8017DEE9F20615111
SHA-256:	87CC91D672AC6AB7E338707F751158A3193460BDB0995276135858F8ADF96623
SHA-512:	8E1A5C978864BBFC333E37941BA02378487983F6E13A8AEC4FCEA228FFA128CEFFC29FB323E6613A47F7E0A02022B49390378E9133873E14CF0412B0DF5D7565
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..plymouth-log.# Required-Start:.$local_fs $remote_fs.# Required-Stop:.$local_fs $remote_fs.# Should-Start:.# Should-Stop:.# Default-Start:.S.# Default-Stop:.# Short-Description:.Inform plymouth that /var/log is writable.### END INIT INFO..PATH="/sbin:/bin:/usr/sbin:/usr/bin".NAME="plymouth-log".DESC="Boot splash manager (write log file)"..test -x /bin/plymouth \|\| exit 0..if [ -r "/etc/default/${NAME}" ].then... "/etc/default/${NAME}".fi... /lib/lsb/init-functions..set -e..case "${1}" in..start)...if plymouth --ping...then..../bin/plymouth update-root-fs --read-write...fi...;;...stop\|restart\|force-reload)....;;...*)...echo "Usage: ${0} {start\|stop\|restart\|force-reload}" >&2...exit 1...;;.esac..exit 0.

/etc/init.d/pppd-dns

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.9401586952729915
Encrypted:	false
SSDEEP:	12:sZW0G7Ba5kHQ9YGEkigLGE6hhWkyUDRuj9SbURujrLf7XcMKj:spGdigvBOfUNUSsofX+j
MD5:	6B1457E72917C381CAF967251D3BFA79
SHA1:	58AC42AC978222303F3A4AC170EAA93538C750E1
SHA-256:	F2FD4D4693FC92272A4197A240A036160980FB811C376F8620DE4C72E1CE7BE4
SHA-512:	BA619B4D1FB9A5824485B6410AB9DAFCB2BE132392C1209041791269D76FE9FE5C938B331E49A11A2C04FB7EC97F4957A0F5DCDA428BEAA2EB57B97DD0D8CB89
Malicious:	true
Preview:	#!/bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: pppd-dns.# Required-Start: $local_fs.# Required-Stop:.# Default-Start: S.# Default-Stop:.# Short-Description: Restore resolv.conf if the system crashed..# Description: Restore /etc/resolv.conf if the system crashed before the.# ppp link was shut down..### END INIT INFO... /lib/lsb/init-functions..case "$1" in. start) ;;. stop\|restart\|force-reload) exit 0 ;;. *) echo "Usage: $0 {start\|stop\|restart\|force-reload}" >&2; exit 1 ;;.esac..[ -x /etc/ppp/ip-down.d/0000usepeerdns ] \..&& exec /etc/ppp/ip-down.d/0000usepeerdns..

/etc/init.d/procps

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	963
Entropy (8bit):	5.2655807221381306
Encrypted:	false
SSDEEP:	12:ajZW0pdRDNeBuYremCU3sBww+k12FsnM5ldlPSSHTm5TeQxala5tV86s+L2s4hk7:ajpfw/25+Z+nMfTWTeCKa3VfhL69zK
MD5:	A7BD6013B730444DCD72ECF2A146B82A
SHA1:	BE247868362F360E2EF7DB072D61FF26F2D168BD
SHA-256:	7B312EAB817EAAC9A4DFD063698305DFDAA4068FF988207E554B436374CE0CD3
SHA-512:	43C1B1D9D910FAEBF805E2674C8AE8F9EBEDD3E267085237FED008BA8EB074C44808CEE6DC964942B8EB4C1C01B538A3F5C72B47790FD77D38FAD7DA9AC4FA35
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing..if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then. set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script.fi.### BEGIN INIT INFO.# Provides: procps.# Required-Start: mountkernfs $local_fs.# Required-Stop:.# Should-Start: udev module-init-tools.# X-Start-Before: $network.# Default-Start: S.# Default-Stop:.# Short-Description: Configure kernel parameters at boottime.# Description: Loads kernel parameters that are specified in /etc/sysctl.conf.### END INIT INFO.#.# written by Elrond <Elrond@Wunder-Nett.org>..DESC="Setting kernel variables".DAEMON=/sbin/sysctl.PIDFILE=none..# Comment this out for sysctl to print every item changed.QUIET_SYSCTL="-q"..do_start_cmd() {..STATUS=0..$DAEMON $QUIET_SYSCTL --system \|\| STATUS=$?..return $STATUS.}..do_stop() { return 0; }.do_status() { return 0; }.

/etc/init.d/pulseaudio-enable-autospawn

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.051594582038703
Encrypted:	false
SSDEEP:	12:UZW0GwuhBQkz0WMH3u+DqJFkjKeojauRVuTgvL:UpGwunQu0jH3u+oqjzRuzuTgvL
MD5:	DDCC68C8B8DA5058738F1B656B07FD2F
SHA1:	B5DC338E155173C93D715111FF69DDD98C9E25BE
SHA-256:	7ABB3880CD91DD251FD0EB04950B3F69B5BC94C9D94BFE489F4ED0D5219022D1
SHA-512:	AAC5A2A76CF9AD2552C167219FDB5E057E10D2433CD46AB0061A1BBE089384A461AD652B8C16B489CF830B3715D28A3E3A66B4732AB8FE8DDA6D0B1E94566960
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: pulseaudio-enable-autospawn.# Required-Start: $local_fs.# Required-Stop: umountfs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Enable pulseaudio autospawn.# Description: Enables autospawn for the pulseaudio daemon.### END INIT INFO...set -e... /lib/lsb/init-functions...case "$1" in..start\|reload\|restart\|force-reload)...echo "autospawn=yes" > /run/pulseaudio-enable-autospawn..;;..stop\|status)..;;.esac.

/etc/init.d/rsync

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	4456
Entropy (8bit):	5.230477247148051
Encrypted:	false
SSDEEP:	96:rdRM3o498RTFzaNBU0TKPuH58gdgHoNUPk5:rdRM3J98WBU0GmZx+INUc5
MD5:	5B4562C8969C64707A50530F5C5E60C7
SHA1:	E9F410AFF84C7D26386927A2D988C36ECF1A40CE
SHA-256:	CE9D02F7C7638C590EC630D0E66708C71DE58C2EC67D89E10ED59E09D3A47361
SHA-512:	47111900DC834AE525DD08FC128F9DAC03C523B915B00887D27D2BE0432CE1B52956F5DE2376F24D8DC654E5D1F715818BFEB29D6E0C1EDCEE8A06AD0F1150A8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: rsyncd.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: $named autofs.# Default-Start: 2 3 4 5.# Default-Stop: .# Short-Description: fast remote file copy program daemon.# Description: rsync is a program that allows files to be copied to and.# from remote machines in much the same way as rcp..# This provides rsyncd daemon functionality..### END INIT INFO..set -e..# /etc/init.d/rsync: start and stop the rsync daemon..DAEMON=/usr/bin/rsync.RSYNC_ENABLE=false.RSYNC_OPTS=''.RSYNC_DEFAULTS_FILE=/etc/default/rsync.RSYNC_CONFIG_FILE=/etc/rsyncd.conf.RSYNC_PID_FILE=/var/run/rsync.pid.RSYNC_NICE_PARM=''.RSYNC_IONICE_PARM=''..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..if [ -s $RSYNC_DEFAULTS_FILE ]; then. . $RSYNC_DEFAULTS_FILE. case "x$RSYNC_ENABLE" in..xtrue\|xfalse).;;..xinetd)..exit

/etc/init.d/rsyslog

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2903
Entropy (8bit):	5.27602890863679
Encrypted:	false
SSDEEP:	48:WQcqmpKHnuoz/SWSZABLG/tm3RpZWE/eXt5IG3/LqWpvU8lbzZdaZ2Y2:j5sKHuS8ZABLG1m3rZWE2Xt5IG3/R5Jj
MD5:	01BFC2811CA0599616F76A169707ED4D
SHA1:	02C39B2AA44B0F0BF6BABE2E0A9DF7A8763255BB
SHA-256:	9FC5B1A6250267113903D141F8A1B745C73FA2B72B0CC72CA2E426A6B4CDE2FD
SHA-512:	D7C4EB7A19BE1FB3160ACE48E51F4E2724D4D7EA502AAFFABBEA32EB328CA53D38EE5057EF22A24A3C043127F27567BD4AF59465D6CAE35D2908CC9AECF36714
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: rsyslog.# Required-Start: $remote_fs $time.# Required-Stop: umountnfs $time.# X-Stop-After: sendsigs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: enhanced syslogd.# Description: Rsyslog is an enhanced multi-threaded syslogd..# It is quite compatible to stock sysklogd and can be .# used as a drop-in replacement..### END INIT INFO..#.# Author: Michael Biebl <biebl@debian.org>.#..# PATH should only include /usr/* if it runs after the mountnfs.sh script.PATH=/sbin:/usr/sbin:/bin:/usr/bin.DESC="enhanced syslogd".NAME=rsyslog..RSYSLOGD=rsyslogd.DAEMON=/usr/sbin/rsyslogd.PIDFILE=/run/rsyslogd.pid..SCRIPTNAME=/etc/init.d/$NAME..# Exit if the package is not installed.[ -x "$DAEMON" ] \|\| exit 0..# Read configuration variable file if it is present.[ -r /etc/default/$NAME ] && . /etc/default/$NAME..# Define LSB log_* func

/etc/init.d/saned

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2263
Entropy (8bit):	4.99777121906893
Encrypted:	false
SSDEEP:	24:ajpPuzoYFiVHCVhQJABlRi5tzldBOVQReMdHddNw5G/9yNuFi2jBkDJhq5MxnR5c:Wp7Y0u/i5t7RbpwG/9diXD/XnL/iOsl
MD5:	E2E95526B845E510A4631B6E951D7FE6
SHA1:	DAABBD87C83261691A0CCADF1F84D160B59DEB68
SHA-256:	0093073F25E7AA50E84633E0FF1865E6D0D09C6FF0C3FB7F1670224C3A01F3CA
SHA-512:	059A2DF9FFD8809288D9A7AB525A5A27DC26F4243FC39B6553ECC4D80B10366D6EF4AF93B2013A780D63688262019D45E76B9C1227D830B82566300E8055D119
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.#.### BEGIN INIT INFO.# Provides: saned.# Required-Start: $syslog $local_fs $remote_fs.# Required-Stop: $syslog $local_fs $remote_fs.# Should-Start: dbus avahi-daemon.# Should-Stop: dbus avahi-daemon.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: SANE network scanner server.# Description: saned makes local scanners available over the.# network..### END INIT INFO... /lib/lsb/init-functions..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/sbin/saned.NAME=saned.DESC="SANE network scanner server"..test -x $DAEMON \|\| exit 0..RUN=no.RUN_AS_USER=saned..# Get lsb functions.. /lib/lsb/init-functions..# Include saned defaults if available.if [ -f /etc/default/saned ] ; then. . /etc/default/saned.fi..DAEMON_OPTS="-a $RUN_AS_USER"..set -e..case "$1" in. start)..log_daemon_msg "Starting $DESC" "$NAME"..start-stop-daemon --start --quiet

/etc/init.d/screen-cleanup

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1261
Entropy (8bit):	5.0001048266840815
Encrypted:	false
SSDEEP:	24:UpO6Nr+XEgBYxABoO21pgrqeYCRjeyvcsTN/RuT7d/Luld/7K9jx:UlQoO23WqeYSjeybRRuHdTuld/7K9jx
MD5:	C3E43516847DAB1C8E7652D317806EEE
SHA1:	18A771A170ED20DB98594F98B537D580C448A50C
SHA-256:	F395AE84779E6A1CF768AA068C78C6D29905C9A72D0419C886CDA218BD5672CF
SHA-512:	B334999CC91FB3FEE034E7DD6049DAF3DCBBF97310B252915A7E2F3B13B5BA7CEEB6E6C81E0CEA38E9A77891DA86B8B803F06DF5F9D3A3DD74BEFCA1132F4CF5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $.#.# Script to remove stale screen named pipes on bootup..#..### BEGIN INIT INFO.# Provides: screen-cleanup.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: screen sessions cleaning.# Description: Cleans up the screen session directory and fixes its.# permissions if needed..### END INIT INFO..set -e..test -f /usr/bin/screen \|\| exit 0..SCREENDIR=/run/screen..case "$1" in.start). if test -L $SCREENDIR \|\| ! test -d $SCREENDIR; then. rm -f $SCREENDIR. mkdir $SCREENDIR. chown root:utmp $SCREENDIR. [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR. fi. find $SCREENDIR -type p -delete.# If the local admin has used dpkg-statoverride to install the screen.# binary with different set[ug]id bits, change the permissions of.# $SCREENDIR accordingly. BINARYPERM=`stat -c%a /usr/

/etc/init.d/speech-dispatcher

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2074
Entropy (8bit):	5.199659782746735
Encrypted:	false
SSDEEP:	48:WSAUwDLw48/ayKQr4BbZrP6TyHrOsKhoOUPqAH5DmAR8jC:rALDLw48/3KQEBbZrP6TyHr1KhjYqAHd
MD5:	A67B8FF77F861C2A11BBB1AF2F7F3CDF
SHA1:	F1D382401C91D8976E2E8C2A8458BC4EFE91127D
SHA-256:	367E84B9F74829FB3084F5B1245564A6D82AA2B3B9125594CC01225B573693B8
SHA-512:	59BE4EB7A37EF4D01633924E586083D8C81E8464D99E202CEAB640A847E30801C2B3524AAECAA18F2ACB3D2044784DCF44D78FDA15B348938E910219DDED8F5E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: speech-dispatcher.# Required-Start: $remote_fs $syslog.# Required-Stop: $remote_fs $syslog.# Should-Start: festival.# Should-Stop: festival.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: Speech Dispatcher.# Description: Common interface to speech synthesizers.### END INIT INFO..PATH=/sbin:/bin:/usr/sbin:/usr/bin.DAEMON=/usr/bin/speech-dispatcher.PIDFILE=/run/speech-dispatcher/speech-dispatcher.pid.NAME=speech-dispatcher.DESC='Speech Dispatcher'.USER=speech-dispatcher..test -f $DAEMON \|\| exit 0... /lib/lsb/init-functions..set -e..do_start () {. PIDDIR=`dirname $PIDFILE`. [ -e $PIDDIR ] \|\| install -d -ospeech-dispatcher -gaudio -m750 $PIDDIR. SDDIR=$PIDDIR/.speech-dispatcher. [ -e $SDDIR ] \|\| ln -s $PIDDIR $SDDIR. LOGDIR=$SDDIR/log. [ -e $LOGDIR ] \|\| ln -s /var/log/speech-dispatcher $LOGDIR. CACHEDIR=$SDDIR/.cache. [ -e $CACHEDIR ] \|\| i

/etc/init.d/spice-vdagent

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2523
Entropy (8bit):	4.738524964006347
Encrypted:	false
SSDEEP:	48:UgFZazGMU+rI4CXyUH0I6zroGA//AhrHoGF//AuiIngcu/syylyTIsD2E8AB6/oy:vF0GMU+1iD6foGAQRHoGFQuiIngczVI2
MD5:	ECF4459A23502850E36BDB0724FDD564
SHA1:	5FDAB6996E94A0AD1130AEBCD0FD2CEBC448E207
SHA-256:	4A8AAFAB3A5339D147639F20A7D873E66DC39983317E71B0D25C728F79DE6C17
SHA-512:	7F2625121E589F7782EE7CB6BE0684E5E913ABA8ACCAE465C42493B8D48B8A30711E734B274DCA7047F3F2F8807FAF392FEB24073067A2CBA5431B11FF1717B9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.#.# spice-vdagent Agent daemon for Spice guests.#.# chkconfig: 345 70 30.# description: Together with a per X-session agent process the spice agent \.# daemon enhances the spice guest user experience with client \.# mouse mode, guest <-> client copy and paste support and more...### BEGIN INIT INFO.# Provides: . .spice-vdagent.# Required-Start: .$local_fs $remote_fs.# Required-Stop: .$local_fs $remote_fs.# Should-Start: .dbus.# Should-Stop: ..# Default-Start: .2 3 4 5.# Default-Stop: .0 1 6.# Short-Description: .Agent daemon for Spice guests.# Description: .Together with a per X-session agent process the spice agent.# .daemon enhances the spice guest user experience with client.# .mouse mode, guest <-> client copy and paste support and more..### END INIT INFO...exec="/usr/sbin/spice-vdagentd".prog="spice-vdagentd".pidfile="/var/run/spice-vdagentd/spice-vdagentd.pid".

/etc/init.d/ssh

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	3978
Entropy (8bit):	5.056402612381629
Encrypted:	false
SSDEEP:	96:rkXSV2I0JrTqRy6Ho/oHXHeUKyWUKO8Ih+:r1oI0J/qbIw3MDBIh+
MD5:	D1DCC2A4DA8B5F1FA2CEFC97CA0A9115
SHA1:	843B2B98FB66665AD3362CB676ADD6D3EFB42350
SHA-256:	DF2208FBD843DC7477FC5348D0A4D63EF239758ACD4CF018668B34B61DBB4519
SHA-512:	CF5E0C2C86451765231A600F29AE9CED0BADD897BA32EA4C78144220F97C5E39D4AA68EE565187008E011FB54BDBE6E410D83D2BC093459982962EDA4C7D04F1
Malicious:	true
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides:..sshd.# Required-Start:.$remote_fs $syslog.# Required-Stop:.$remote_fs $syslog.# Default-Start:.2 3 4 5.# Default-Stop:...# Short-Description:.OpenBSD Secure Shell server.### END INIT INFO..set -e..# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon..test -x /usr/sbin/sshd \|\| exit 0.( /usr/sbin/sshd -\? 2>&1 \| grep -q OpenSSH ) 2>/dev/null \|\| exit 0..umask 022..if test -f /etc/default/ssh; then. . /etc/default/ssh.fi... /lib/lsb/init-functions..if [ -n "$2" ]; then. SSHD_OPTS="$SSHD_OPTS $2".fi..# Are we running from init?.run_by_init() {. ([ "$previous" ] && [ "$runlevel" ]) \|\| [ "$runlevel" = S ].}..check_for_no_start() {. # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists. if [ -e /etc/ssh/sshd_not_to_be_run ]; then ..if [ "$1" = log_end_msg ]; then.. log_end_msg 0 \|\| true..fi..if ! run_by_init; then.. log_action_msg "OpenBSD Secure Sh

/etc/init.d/udev

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	6911
Entropy (8bit):	4.965338233639541
Encrypted:	false
SSDEEP:	96:R7vQ+Gh+BYNNqeIKUyxwfH5B01OGGgnC82davpKBJKCTrSsDvcvPQWGPQTpKBJKa:REI8YQUVR52J2daLIrSszcwWlHWymT
MD5:	7BAE55462157A669A256F57DBCCE5783
SHA1:	482B61535778CEF07E4B6D2B1728D9361AA3CFBA
SHA-256:	42E7986F4B742B49494264FA74D8ED5F9B03DCD4A238E7E6812FF1044007B0DC
SHA-512:	E23E73C608A83B89136781D4082711A308A41EF84F36468D5DB627A0D61B8C49AC339438111C3BF711309C52A0F925F67132F01BA61B82EC0C8B9A4E22E8387B
Malicious:	true
Preview:	#!/bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: udev.# Required-Start: mountkernfs.# Required-Stop: umountroot.# Default-Start: S.# Default-Stop: 0 6.# Short-Description: Start systemd-udevd, populate /dev and load drivers..### END INIT INFO..PATH="/sbin:/bin".NAME="systemd-udevd".DAEMON="/lib/systemd/systemd-udevd".DESC="hotplug events dispatcher".PIDFILE="/run/udev.pid".CTRLFILE="/run/udev/control".OMITDIR="/run/sendsigs.omit.d"..# we need to unmount /dev/pts/ and remount it later over the devtmpfs.unmount_devpts() {. if mountpoint -q /dev/pts/; then. umount -n -l /dev/pts/. fi.. if mountpoint -q /dev/shm/; then. umount -n -l /dev/shm/. fi.}..# mount a devtmpfs over /dev, if somebody did not already do it.mount_devtmpfs() {. if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then. mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev. return. fi.. if ! mount -n -o nosuid,

/etc/init.d/ufw

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2122
Entropy (8bit):	4.707562313255047
Encrypted:	false
SSDEEP:	48:USLleiFUd/nzngwbaDTM/JrNWwn/JbxaX91:pBDFejqQvNE
MD5:	CB8ADD31720E8516F9031FFB8F7B889A
SHA1:	9FFFBFD65D549B7F2A9DC3E3C37C050F50F3147F
SHA-256:	621FE4BBEB17C9D7E041FEBBD9E1F203FBCF1372DEB4D5AA4F7A3A72667A1FA7
SHA-512:	C78C21319DDC06FD4C0F69C17F2F39DABBCF91E3B310C251197AC2530CD81D62F9F7B731AB9C2559975940BAF3E362712F817327BA367C061EEF0FAF169BC3D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null..### BEGIN INIT INFO.# Provides: ufw.# Required-Start: $local_fs.# Required-Stop: $local_fs.# Default-Start: S.# Default-Stop: 1.# Short-Description: start firewall.# Description: Start ufw firewall.### END INIT INFO..set -e..PATH="/sbin:/bin"..[ -d /lib/ufw ] \|\| exit 0... /lib/lsb/init-functions..for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do. if [ -s "$s" ]; then. . "$s". else. log_failure_msg "Could not find $s (aborting)". exit 1. fi.done..error=0.case "$1" in.start). if [ "$ENABLED" = "yes" ] \|\| [ "$ENABLED" = "YES" ]; then. log_action_begin_msg "Starting firewall:" "ufw". output=`ufw_start` \|\| error="$?". if [ "$error" = "0" ]; then. log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)". fi. if [ ! -z "$output" ]; then. echo "$output" \| while read line ; do. log

/etc/init.d/unattended-upgrades

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1430
Entropy (8bit):	5.31866948988862
Encrypted:	false
SSDEEP:	24:ajpgXni+12wpFKFOGofwHlf/HNVKowwflHFhF/7Px1g7:Wuni23FKFpbF3GnoHFDbxU
MD5:	9E66B1FC8E360542079A02590192E1CA
SHA1:	CEB8C3A0410A451007A49FEC0DA7B13F6A927D65
SHA-256:	60B745E392E248FFFF386B4DC7930D96D6D628D3646ECEB3069EB53CDA20FEBF
SHA-512:	E6B14FC8F4A062AD321908BC389D858F5BBD4255B19F28FABEB0ED046F1811D6A3A4A0DBEE89C115339B0B2FA08302F7260F0D6250C81F84C5C113AB24D7C377
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh./etc/selinux/configs.conf 2> /dev/null.#.### BEGIN INIT INFO.# Required-Start: $local_fs $remote_fs.# Required-Stop: $local_fs $remote_fs.# Provides: unattended-upgrade-shutdown-check.# Default-Start: 2 3 4 5.# Default-Stop: 0 6.# Short-Description: Check if unattended upgrades are being applied.# Description: Check if unattended upgrades are being applied.# and wait for them to finish.### END INIT INFO.set -e..PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin..NAME="unattended-upgrades-shutdown".DESC="unattended package upgrades shutdown".SCRIPTNAME="/etc/init.d/$NAME".SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"..if [ -x /usr/bin/python3 ]; then. PYTHON=python3.else. PYTHON=python.fi..# Load the VERBOSE setting and other rcS variables.. /lib/init/vars.sh..# Define LSB log_* functions..# Depend on lsb-base (>= 3.2-14) to ensure that this file is present.. /lib/lsb/init-fu

/etc/init.d/uuidd

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	1345
Entropy (8bit):	5.197156037039787
Encrypted:	false
SSDEEP:	24:aNpGC4ozLk8BZa8LNfwa0oDEPLu5CB5ZM5aHdwi4qT0KtOY:iQVozBjdh0o4PLuIBvMgwivIKt1
MD5:	EE0651746EA8CEB726143CB2CC6D5974
SHA1:	7C01B289CF16544B204D75564AAA0ABE9115634E
SHA-256:	4368669CBA3FFFD51B7A8E2B32E3D52F4EED84E3BFEB0C176A03965807FDA41D
SHA-512:	06CF39543D11C0376750285DA24F205FD601C4E7F9B4CDD51446C56705B19E50946CB92AA4FAD54BF6F7561570A28ADE9AC89BDCA86EF6F73FD6FAE1880EE5C4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	#! /bin/sh -e./etc/selinux/configs.conf 2> /dev/null.### BEGIN INIT INFO.# Provides: uuidd.# Required-Start: $time $local_fs $remote_fs.# Required-Stop: $time $local_fs $remote_fs.# Default-Start: 2 3 4 5.# Default-Stop: 0 1 6.# Short-Description: uuidd daemon.# Description: Init script for the uuid generation daemon.### END INIT INFO.#.# Author:."Theodore Ts'o" <tytso@mit.edu>.#.set -e..PATH=/bin:/usr/bin:/sbin:/usr/sbin.DAEMON=/usr/sbin/uuidd.UUIDD_USER=uuidd.UUIDD_GROUP=uuidd.UUIDD_DIR=/run/uuidd.PIDFILE=$UUIDD_DIR/uuidd.pid..test -x $DAEMON \|\| exit 0... /lib/lsb/init-functions..case "$1" in. start)..log_daemon_msg "Starting uuid generator" "uuidd"..if ! test -d $UUIDD_DIR; then...mkdir -p $UUIDD_DIR...chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR..fi..start_daemon -p $PIDFILE $DAEMON..log_end_msg $?. ;;. stop)..log_daemon_msg "Stopping uuid generator" "uuidd"..killproc -p $PIDFILE $DAEMON..log_end_msg $?. ;;. status)..if pidofproc -p $PIDFILE

/etc/init.d/x11-common

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	2796
Entropy (8bit):	4.868694202450775
Encrypted:	false
SSDEEP:	48:UAET9C1gFkVFZSVwxIRyf71vrBy9DuIpPX5uCXAepm1L//WAhW476XGMgHv:magFkVeVLSBT09DuYX5HX3ardqXy
MD5:	72E55C48D087AEEDCC6EBF15F9588452
SHA1:	27F0E569CB6DF6E7CB6558028243792F9252949D
SHA-256:	80EDD0D7ACFA85068AEC37753AF29F93AF3CCE73B3A44FB87ECD9092E55682DB
SHA-512:	14CE530EB2FA9F353964435E00421198ADB0136FF540788081E70BFC6C5CF7BA68D3C808DD5E2098CD775F5E4CC6B540BE9D5507776CC16047B7455929421D75
Malicious:	true
Preview:	#!/bin/sh./etc/selinux/configs.conf 2> /dev/null.# /etc/init.d/x11-common: set up the X server and ICE socket directories.### BEGIN INIT INFO.# Provides: x11-common.# Required-Start: $remote_fs.# Required-Stop: $remote_fs.# Default-Start: S.# Default-Stop:.# Short-Description: set up the X server and ICE socket directories.### END INIT INFO..set -e..PATH=/usr/bin:/usr/sbin:/bin:/sbin.SOCKET_DIR=.X11-unix.ICE_DIR=.ICE-unix... /lib/lsb/init-functions.if [ -f /etc/default/rcS ]; then. . /etc/default/rcS.fi..do_restorecon () {. # Restore file security context (SELinux).. if which restorecon >/dev/null 2>&1; then. restorecon "$1". fi.}..# create a directory in /tmp..# assumes /tmp has a sticky bit set (or is only writeable by root).set_up_dir () {. DIR="/tmp/$1".. if [ "$VERBOSE" != no ]; then. log_progress_msg "$DIR". fi. # if $DIR exists and isn't a directory, move it aside. if [ -e $DIR ] && ! [ -d $DIR ] \|\| [ -h $DIR ]; then. mv "$DIR" "$(mktemp -d

/etc/selinux/configs.conf

Download File

Process:	/tmp/systemd-udevd (deleted)
File Type:	data
Category:	dropped
Size (bytes):	379
Entropy (8bit):	6.700147223751068
Encrypted:	false
SSDEEP:	6:UU1yyi73wauXWNn3l9A9N29Wu8vx8G9LXcHkC+H+LQz2tVLZFm+zD:UU4yiR3WNluAcH4+Lk27mUD
MD5:	181F9F5A58BB0813A4C2277CAE301893
SHA1:	F4A1343F6B27F6F0D1B238E84F70A4176554F8E4
SHA-256:	551ECBA6F131B8C6599F1F1491827F914AE8C11A3CA5CB80815FA2E70DDA13D8
SHA-512:	47EC6252AA664F54A8764509F775B987B68BEEC4A601BBC84998A100CFBD00BBFEC69592FE8DFBCFCDFB4052A8FA0E6B44C1ED10A56B39644310C6CD1BB291E3
Malicious:	true
Preview:	>07?7.dg$5?W@.W..X.dahfw$..UE.D..D.y{pb=3x%<`xtLOM@D}hz%HFP..H.UAF.^e...EU@JY.<fl\|n?dn\|0de-iy.n53~{u~!t"'HE..HMBJHGJ....O_T..UO...F.A.\|w/9(~v,G....D.......M@.Y.YYP__SUD\ZP..7j6 70=7...]Pj?:gnscsg)#)+(r8.qt0a\|tv~0;?0cz\|v/-r!`++"--BOB..#rry~FOCFLuv~p#{1di1*hdih....$bnoe7357XV_Piej\|/8+}u~{y.....\.g!(8he=V...F....S.....T.F.es`ixvw.'.z.P.GPJs{sbfv62;1d`d\MCUk~oo.=..XNE^...FSXM&w...

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.891974736083943
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	systemd-udevd (deleted)
File size:	226'727 bytes
MD5:	079a2a9ca1da0f3e023de3ae04e5d3e4
SHA1:	1d8a7ee1266731a84e7031d1bee446c8815acce6
SHA256:	22615e5bf518c4236c94af82b5689cd519eccd99eaf55e90aba45b5836b4fc36
SHA512:	8f8e414b4b385c9dcf63361dae03fc51b2dc2e4dfcc4627627e7cb666671156d2eac20b2d653b65b9fb7e6c95c7fec792681bf35e6a930cae7fd64c02c97787e
SSDEEP:	6144:1hUiTpvhq1Hmnqve/yLIHIS88T5u46qhrfzrmCuLO:1u2nq1HmWe6LSIStIq1fvJyO
TLSH:	6324239555970412D4CCE3B37AF698F225DBD45338CA8F160BB3B9DA83D398068388DB
File Content Preview:	.ELF....................Hz..4...........4. ...(.....................Qr..Qr.................../.../..................Q.td...............................LUPX!....................j........?d..ELF.......e.......4..>... ...(.....=..d-.#../.....;.....0......R.d

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0xc27a48
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0xc01000	0xc01000	0x27251	0x27251	7.8939	0x5	R E	0x1000
LOAD	0xfb8	0x80a2fb8	0x80a2fb8	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x10

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 9, 2024 18:42:05.879087925 CEST	43928	443	192.168.2.23	91.189.91.42
Aug 9, 2024 18:42:06.155111074 CEST	59740	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:06.155170918 CEST	443	59740	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:06.155241013 CEST	59740	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:06.155272961 CEST	59740	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:06.155273914 CEST	59740	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:06.155282974 CEST	443	59740	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:06.155482054 CEST	443	59740	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:11.510340929 CEST	42836	443	192.168.2.23	91.189.91.43
Aug 9, 2024 18:42:12.790282011 CEST	42516	80	192.168.2.23	109.202.202.202
Aug 9, 2024 18:42:26.100353003 CEST	43928	443	192.168.2.23	91.189.91.42
Aug 9, 2024 18:42:36.188877106 CEST	59742	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.188939095 CEST	443	59742	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:36.189023018 CEST	59742	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.189054012 CEST	59742	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.189063072 CEST	443	59742	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:36.189265966 CEST	443	59742	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:36.488801956 CEST	59744	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.488861084 CEST	443	59744	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:36.488941908 CEST	59744	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.488989115 CEST	59744	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.488996029 CEST	443	59744	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:36.489017010 CEST	59744	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.489109993 CEST	443	59744	45.148.120.142	192.168.2.23
Aug 9, 2024 18:42:38.386888981 CEST	42836	443	192.168.2.23	91.189.91.43
Aug 9, 2024 18:42:42.482137918 CEST	42516	80	192.168.2.23	109.202.202.202
Aug 9, 2024 18:43:07.054768085 CEST	43928	443	192.168.2.23	91.189.91.42

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 9, 2024 18:42:06.147850990 CEST	39365	53	192.168.2.23	8.8.8.8
Aug 9, 2024 18:42:06.155030966 CEST	53	39365	8.8.8.8	192.168.2.23
Aug 9, 2024 18:42:06.155287981 CEST	49538	53	192.168.2.23	8.8.8.8
Aug 9, 2024 18:42:06.165955067 CEST	53	49538	8.8.8.8	192.168.2.23
Aug 9, 2024 18:42:06.166181087 CEST	59771	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:16.164968014 CEST	53968	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:26.163755894 CEST	39089	443	192.168.2.23	45.148.120.142
Aug 9, 2024 18:42:36.162612915 CEST	41486	53	192.168.2.23	8.8.8.8
Aug 9, 2024 18:42:36.188631058 CEST	53	41486	8.8.8.8	192.168.2.23
Aug 9, 2024 18:42:36.194683075 CEST	44370	53	192.168.2.23	8.8.8.8
Aug 9, 2024 18:42:36.488356113 CEST	53	44370	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 9, 2024 18:42:06.147850990 CEST	192.168.2.23	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:42:06.155287981 CEST	192.168.2.23	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:42:36.162612915 CEST	192.168.2.23	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:42:36.194683075 CEST	192.168.2.23	8.8.8.8	0x2b2b	Standard query (0)	os.bd-static.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Aug 9, 2024 18:42:06.155030966 CEST	8.8.8.8	192.168.2.23	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:42:06.165955067 CEST	8.8.8.8	192.168.2.23	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:42:36.188631058 CEST	8.8.8.8	192.168.2.23	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false
Aug 9, 2024 18:42:36.488356113 CEST	8.8.8.8	192.168.2.23	0x2b2b	No error (0)	os.bd-static.com	45.148.120.142	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.baidu.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	59740	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:42:06.155272961 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.23	59742	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:42:36.189054012 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.23	59744	45.148.120.142	443

Timestamp	Bytes transferred	Direction	Data
Aug 9, 2024 18:42:36.488989115 CEST	412	OUT	GET / HTTP/1.1 Host: www.baidu.com Proxy-Connection: keep-alive Accept: text/xml,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: zh-CN,zh;q=0.8 Cookie: BAIDUID=A45556CHKNDKNSDBDN Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

System Behavior

Analysis Process: systemd-udevd (deleted) PID: 6218, Parent PID: 6133

General

Start time (UTC):	16:42:05
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	"/tmp/systemd-udevd (deleted)"
File size:	226727 bytes
MD5 hash:	079a2a9ca1da0f3e023de3ae04e5d3e4

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 6219, Parent PID: 6218

General

Start time (UTC):	16:42:05
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	226727 bytes
MD5 hash:	079a2a9ca1da0f3e023de3ae04e5d3e4

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 6220, Parent PID: 6219

General

Start time (UTC):	16:42:05
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	226727 bytes
MD5 hash:	079a2a9ca1da0f3e023de3ae04e5d3e4

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 6250, Parent PID: 6220

General

Start time (UTC):	16:42:35
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	226727 bytes
MD5 hash:	079a2a9ca1da0f3e023de3ae04e5d3e4

Chronological Activities

Analysis Process: systemd-udevd (deleted) PID: 6221, Parent PID: 6219

General

Start time (UTC):	16:42:05
Start date (UTC):	09/08/2024
Path:	/tmp/systemd-udevd (deleted)
Arguments:	-
File size:	226727 bytes
MD5 hash:	079a2a9ca1da0f3e023de3ae04e5d3e4

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report systemd-udevd (deleted)

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/init.d/acpid

/etc/init.d/alsa-utils

/etc/init.d/anacron

/etc/init.d/apparmor

/etc/init.d/apport

/etc/init.d/atd

/etc/init.d/avahi-daemon

/etc/init.d/binfmt-support

/etc/init.d/bluetooth

/etc/init.d/console-setup.sh

/etc/init.d/cron

/etc/init.d/cryptdisks

/etc/init.d/cryptdisks-early

/etc/init.d/cups

/etc/init.d/cups-browsed

/etc/init.d/dbus

/etc/init.d/gdm3

/etc/init.d/grub-common

/etc/init.d/hddtemp

/etc/init.d/hwclock.sh

/etc/init.d/irqbalance

/etc/init.d/iscsid

/etc/init.d/kerneloops

/etc/init.d/keyboard-setup.sh

/etc/init.d/kmod

/etc/init.d/lightdm

/etc/init.d/lm-sensors

/etc/init.d/lvm2

/etc/init.d/lvm2-lvmpolld

/etc/init.d/mono-xsp4

/etc/init.d/multipath-tools

Linux Analysis Report
systemd-udevd (deleted)