Edit tour

Linux Analysis Report
586.elf

Overview

General Information

Sample name:	586.elf
Analysis ID:	1582118
MD5:	c61c82ec02a70a7dfc67f05e58ac836d
SHA1:	64f47fe6aaf1e4190ea5bfdef94175178397a6c7
SHA256:	1de70cafe7cea0a83673f5341d9437b09a2814e2dfef819f73775f06836d9097
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai

Score:	88
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Gafgyt

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Machine Learning detection for sample

Detected TCP or UDP traffic on non-standard ports

Sample contains strings that are user agent strings indicative of HTTP manipulation

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582118
Start date and time:	2024-12-30 02:26:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	586.elf
Detection:	MAL
Classification:	mal88.troj.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/586.elf
PID:	5549
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

586.elf (PID: 5549, Parent: 5469, MD5: c61c82ec02a70a7dfc67f05e58ac836d) Arguments: /tmp/586.elf

586.elf New Fork (PID: 5550, Parent: 5549)

586.elf New Fork (PID: 5551, Parent: 5550)

586.elf New Fork (PID: 5552, Parent: 5551)

586.elf New Fork (PID: 5553, Parent: 5552)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
586.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
586.elf	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
586.elf	Linux_Trojan_Gafgyt_c573932b	unknown	unknown	0x54a:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
586.elf	Linux_Trojan_Gafgyt_5bf62ce4	unknown	unknown	0xa405:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
586.elf	Linux_Trojan_Gafgyt_6122acdf	unknown	unknown	0x2cf:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
586.elf	Linux_Trojan_Gafgyt_7167d08f	unknown	unknown	0x5e7:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
586.elf	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xa0d8:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
5551.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5551.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_c573932b	unknown	unknown	0x54a:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
5551.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_5bf62ce4	unknown	unknown	0xa405:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
5551.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_6122acdf	unknown	unknown	0x2cf:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
5551.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_7167d08f	unknown	unknown	0x5e7:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
5551.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xa0d8:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5549.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5549.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_c573932b	unknown	unknown	0x54a:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
5549.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_5bf62ce4	unknown	unknown	0xa405:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
5549.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_6122acdf	unknown	unknown	0x2cf:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
5549.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_7167d08f	unknown	unknown	0x5e7:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
5549.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xa0d8:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5552.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5552.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_c573932b	unknown	unknown	0x54a:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
5552.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_5bf62ce4	unknown	unknown	0xa405:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
5552.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_6122acdf	unknown	unknown	0x2cf:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
5552.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_7167d08f	unknown	unknown	0x5e7:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
5552.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xa0d8:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5550.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5550.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_c573932b	unknown	unknown	0x54a:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
5550.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_5bf62ce4	unknown	unknown	0xa405:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
5550.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_6122acdf	unknown	unknown	0x2cf:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
5550.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_7167d08f	unknown	unknown	0x5e7:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
5550.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xa0d8:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5553.1.0000000008048000.000000000805a000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5553.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_c573932b	unknown	unknown	0x54a:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
5553.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_5bf62ce4	unknown	unknown	0xa405:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
5553.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_6122acdf	unknown	unknown	0x2cf:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
5553.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Gafgyt_7167d08f	unknown	unknown	0x5e7:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
5553.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xa0d8:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
Process Memory Space: 586.elf PID: 5549	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: 586.elf PID: 5550	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: 586.elf PID: 5551	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: 586.elf PID: 5552	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: 586.elf PID: 5553	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Click to see the 30 entries

Suricata Signatures

ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T02:26:56.294124+0100	2847206	1	A Network Trojan was detected	192.168.2.15	53822	31.13.224.110	49182	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 586.elf	Virustotal: Detection: 60%			Perma Link
Source: 586.elf	ReversingLabs: Detection: 63%

Machine Learning detection for sample

Source: 586.elf

Joe Sandbox ML: detected

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2847206 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin : 192.168.2.15:53822 -> 31.13.224.110:49182

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 31.13.224.110 ports 1,49182,2,4,8,9

Source: global traffic

TCP traffic: 192.168.2.15:53822 -> 31.13.224.110:49182

Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.224.110
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.224.110
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.224.110
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.224.110
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.224.110

System Summary

Malicious sample detected (through community Yara rule)

Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown

Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 586.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26

Source: classification engine

Classification label: mal88.troj.linELF@0/0@0/0

Source: 586.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/i386/crt1.S
Source: 586.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/i386/crti.S
Source: 586.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/i386/crtn.S
Source: 586.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/i386/mmap.S
Source: 586.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/i386/vfork.S

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: 586.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: 586.elf, type: SAMPLE
Source: Yara match	File source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5549, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5550, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5551, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5552, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5553, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Safari/604.1.38
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; CrOS x86_64 9592.96.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.114 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 535) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Mobile Safari/537.36 Edge/14.14393
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.4; HTC Desire 620 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Mobile/14D27
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: 586.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: 586.elf, type: SAMPLE
Source: Yara match	File source: 5551.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5549.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5552.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5550.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5553.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5549, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5550, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5551, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5552, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 586.elf PID: 5553, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
586.elf	61%	Virustotal		Browse
586.elf	63%	ReversingLabs	Linux.Trojan.Gafgyt
586.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
31.13.224.110	unknown	Bulgaria		48584	SARNICA-ASBG	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
31.13.224.110	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse
31.13.224.110	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SARNICA-ASBG	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	31.13.224.110
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	31.13.224.110
	1734707047fff7a4a195c1e77157873964de3a3a708aa4bdc0aee24f3a94bc5bd05cc323f3964.dat-decoded.exe	Get hash	malicious	Remcos	Browse	31.13.224.72
	17346150108fd59162a7f50db4b74cc85f1873b39cc8eaeab355e353b3b8b18e8e21fd369d493.dat-decoded.exe	Get hash	malicious	Remcos	Browse	31.13.224.72
	sh4.elf	Get hash	malicious	Mirai	Browse	31.13.224.244
	armv4l.elf	Get hash	malicious	Mirai	Browse	31.13.224.244
	m68k.elf	Get hash	malicious	Mirai	Browse	31.13.224.244
	mipsel.elf	Get hash	malicious	Mirai	Browse	31.13.224.244
	armv6l.elf	Get hash	malicious	Mirai	Browse	31.13.224.244
	mips.elf	Get hash	malicious	Mirai	Browse	31.13.224.244

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	6.444733696040497
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	586.elf
File size:	96'268 bytes
MD5:	c61c82ec02a70a7dfc67f05e58ac836d
SHA1:	64f47fe6aaf1e4190ea5bfdef94175178397a6c7
SHA256:	1de70cafe7cea0a83673f5341d9437b09a2814e2dfef819f73775f06836d9097
SHA512:	11d91cbbb15ef45b45d58d0e080acb7f247f50ffe3c68abd6fb94a0a7eeb1f41ee98feac5822973a228e2c22c50f1043406e909be69f3cef7f7affe98169785c
SSDEEP:	1536:mgqm0Tbw7U+OU0Cf5UI8E8WwP6kHzgk81VwcG2em8GMUNLe5um7WAgcVjmZIcBI:mgO2UVUtBUI8GwPfHkk8rWeLesmqAgcr
TLSH:	AF933B56A780D5B3D14305B316979B620033FE7B1A5EAE0AE35E7CF18F3A0987221B5D
File Content Preview:	.ELF....................d...4...l$......4. ...(.....................................................\|...`j..........Q.td............................U..S.......[$...h........[]...$.............U......=`....t..5....$......$.......u........t....h............

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	74860
Section Header Size:	40
Number of Section Headers:	16
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	0	0	1
.text	PROGBITS	0x80480b0	0xb0	0xdc28	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x8055cd8	0xdcd8	0x17	0x0	0x6	AX	0	0	1
.rodata	PROGBITS	0x8055d00	0xdd00	0x37e0	0x0	0x2	A	0	0	32
.eh_frame	PROGBITS	0x80594e0	0x114e0	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x805a4e4	0x114e4	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x805a4ec	0x114ec	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x805a4f4	0x114f4	0x4	0x0	0x3	WA	0	0	4
.got.plt	PROGBITS	0x805a4f8	0x114f8	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x805a520	0x11520	0x340	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x805a860	0x11860	0x66e4	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0x11860	0xb9a	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x123fa	0x6f	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x126ec	0x2e60	0x10	0x0		15	267	4
.strtab	STRTAB	0x0	0x1554c	0x22c0	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x114e4	0x114e4	6.5635	0x5	R E	0x1000	.init .text .fini .rodata .eh_frame
LOAD	0x114e4	0x805a4e4	0x805a4e4	0x37c	0x6a60	3.7572	0x6	RW	0x1000	.ctors .dtors .jcr .got.plt .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x8048094	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80480b0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x8055cd8	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x8055d00	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x80594e0	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x805a4e4	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x805a4ec	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x805a4f4	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x805a4f8	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x805a520	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x805a860	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
C.100.4686	.symtab	0x80563c0	144	OBJECT	<unknown>	DEFAULT	4
C.104.4726	.symtab	0x8056460	144	OBJECT	<unknown>	DEFAULT	4
C.108.4766	.symtab	0x8056500	144	OBJECT	<unknown>	DEFAULT	4
C.112.4806	.symtab	0x80565a0	144	OBJECT	<unknown>	DEFAULT	4
C.116.4846	.symtab	0x8056640	144	OBJECT	<unknown>	DEFAULT	4
C.120.4886	.symtab	0x80566e0	144	OBJECT	<unknown>	DEFAULT	4
C.96.4645	.symtab	0x8056320	144	OBJECT	<unknown>	DEFAULT	4
GetRandomIP	.symtab	0x8049374	48	FUNC	<unknown>	DEFAULT	2
OreoServer	.symtab	0x805a540	4	OBJECT	<unknown>	DEFAULT	10
Q	.symtab	0x805a8a0	16384	OBJECT	<unknown>	DEFAULT	11
RandString	.symtab	0x8049054	103	FUNC	<unknown>	DEFAULT	2
Send100UP	.symtab	0x804a402	273	FUNC	<unknown>	DEFAULT	2
SendNUKE	.symtab	0x804a624	273	FUNC	<unknown>	DEFAULT	2
SendOVH	.symtab	0x804a1e0	273	FUNC	<unknown>	DEFAULT	2
SendPAKI	.symtab	0x804a513	273	FUNC	<unknown>	DEFAULT	2
SendZAP	.symtab	0x804a2f1	273	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x805a4f8	0	OBJECT	<unknown>	HIDDEN	9
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x805a4e8	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x805a4e4	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x805a5e0	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x8057ba0	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x805a858	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x80591e0	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x805a5e8	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x8057ea0	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x805a4f0	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x805a4ec	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x80594e0	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x80594e0	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x805a5e0	4	OBJECT	<unknown>	HIDDEN	10
__GI___C_ctype_b_data	.symtab	0x8057ba0	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_tolower	.symtab	0x805a858	4	OBJECT	<unknown>	HIDDEN	10
__GI___C_ctype_tolower_data	.symtab	0x80591e0	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_toupper	.symtab	0x805a5e8	4	OBJECT	<unknown>	HIDDEN	10
__GI___C_ctype_toupper_data	.symtab	0x8057ea0	768	OBJECT	<unknown>	HIDDEN	4
__GI___ctype_b	.symtab	0x805a5e4	4	OBJECT	<unknown>	HIDDEN	10
__GI___ctype_tolower	.symtab	0x805a85c	4	OBJECT	<unknown>	HIDDEN	10
__GI___ctype_toupper	.symtab	0x805a5ec	4	OBJECT	<unknown>	HIDDEN	10
__GI___errno_location	.symtab	0x804f92c	6	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x8055918	220	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x8050974	29	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x8052d84	6	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x804f36c	87	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl64	.symtab	0x804f3c4	63	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x804f5e0	75	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x8052774	63	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x80527eb	64	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x8050994	183	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x804f404	40	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x8051dbc	273	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x8052254	20	FUNC	<unknown>	HIDDEN	2
__GI_atol	.symtab	0x8052254	20	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x80543e0	54	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x804f42c	46	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x8052b70	50	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x804f45c	46	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x8050f28	43	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x804f48c	50	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x8060ae0	4	OBJECT	<unknown>	HIDDEN	11
__GI_execl	.symtab	0x8052404	105	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x8052ba4	54	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x805239c	103	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x8054450	265	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x804f36c	87	FUNC	<unknown>	HIDDEN	2
__GI_fcntl64	.symtab	0x804f3c4	63	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x8054ac8	321	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x8055918	220	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x8054980	98	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x8054c0c	105	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x805455c	24	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x804f4c0	38	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x8050730	51	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x8054574	27	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x8054590	227	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x8050764	116	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x8055918	220	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x804f4e8	37	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x8052bdc	38	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x8052c04	38	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x8052c2c	38	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname	.symtab	0x8050bc4	48	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x8050bf4	818	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x8052c54	19	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x804f510	38	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x804f538	50	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x8050f54	43	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x8052c68	38	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x8060ae4	4	OBJECT	<unknown>	HIDDEN	11
__GI_inet_addr	.symtab	0x8050b9c	37	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x805395c	148	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x8050b87	21	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x8050b38	79	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x80550f0	462	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x8054e1e	458	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x80521a6	171	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x804f56c	63	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x8050a80	29	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x804f5ac	50	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x8055898	95	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x80537b8	35	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x80507d8	39	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x80537dc	39	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x8053804	33	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x8053828	176	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x8050800	21	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x8052ae4	27	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x8052c90	50	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x8052cc4	50	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x804f5e0	75	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x804f644	46	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x8054418	54	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x80543b4	24	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x8051ed8	72	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x80520b1	95	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x8054cc8	99	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x804f6b4	54	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x8050fbc	51	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x8052cf8	78	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x804f6ec	63	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x8050ff0	51	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x8051024	67	FUNC	<unknown>	HIDDEN	2
__GI_seteuid	.symtab	0x804f72c	82	FUNC	<unknown>	HIDDEN	2
__GI_setresuid	.symtab	0x804f780	54	FUNC	<unknown>	HIDDEN	2
__GI_setreuid	.symtab	0x804f7b8	50	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x8051068	59	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x8052018	153	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x80529f3	217	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x80510d0	42	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x80510fc	25	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x8051118	175	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x804f81c	85	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x8052470	393	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x80510a4	43	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x804f934	31	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x8052110	150	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x80559f4	54	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x8050818	30	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x8054c78	29	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x8054c78	29	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x8050838	27	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x8054d60	54	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x8050854	19	FUNC	<unknown>	HIDDEN	2
__GI_strncat	.symtab	0x8054c98	46	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x8050868	38	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x8050890	25	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x8053934	39	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x8054d2c	50	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0x80508ac	198	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x8050a64	25	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x80538d8	89	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x8052268	26	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x80525fc	325	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x8050aa0	112	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x804f874	46	FUNC	<unknown>	HIDDEN	2
__GI_tolower	.symtab	0x80558f8	29	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x804f90c	29	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x804f354	21	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x804f954	178	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x8052d48	59	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x804f8a4	26	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x8052d8c	68	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x8052df0	134	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x8052dd0	30	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x804f8c0	54	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x805a4f4	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x805a4f4	0	OBJECT	<unknown>	DEFAULT	8
__app_fini	.symtab	0x8060ad4	4	OBJECT	<unknown>	HIDDEN	11
__atexit_lock	.symtab	0x805a820	24	OBJECT	<unknown>	DEFAULT	10
__bsd_signal	.symtab	0x8051118	175	FUNC	<unknown>	HIDDEN	2
__bss_start	.symtab	0x805a860	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x80527b7	52	FUNC	<unknown>	DEFAULT	2
__ctype_b	.symtab	0x805a5e4	4	OBJECT	<unknown>	DEFAULT	10
__ctype_tolower	.symtab	0x805a85c	4	OBJECT	<unknown>	DEFAULT	10
__ctype_toupper	.symtab	0x805a5ec	4	OBJECT	<unknown>	DEFAULT	10
__curbrk	.symtab	0x8060b04	4	OBJECT	<unknown>	HIDDEN	11
__data_start	.symtab	0x805a528	0	NOTYPE	<unknown>	DEFAULT	10
__decode_answer	.symtab	0x8055494	249	FUNC	<unknown>	HIDDEN	2
__decode_dotted	.symtab	0x8055abc	215	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x8055374	171	FUNC	<unknown>	HIDDEN	2
__deregister_frame_info_bases	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x80539f0	1876	FUNC	<unknown>	HIDDEN	2
__do_global_ctors_aux	.symtab	0x8055cb0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x80480c0	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x805a520	0	OBJECT	<unknown>	HIDDEN	10
__encode_dotted	.symtab	0x8055a2c	144	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x80552c0	177	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x8055420	83	FUNC	<unknown>	HIDDEN	2
__environ	.symtab	0x8060acc	4	OBJECT	<unknown>	DEFAULT	11
__errno_location	.symtab	0x804f92c	6	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x8060ac4	4	OBJECT	<unknown>	HIDDEN	11
__fgetc_unlocked	.symtab	0x8055918	220	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x805a4e4	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x805a4e4	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x8054388	44	FUNC	<unknown>	HIDDEN	2
__get_pc_thunk_bx	.symtab	0x80480b0	0	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x8052c54	19	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x8050974	29	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x8052d84	6	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x805a4e4	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x805a4e4	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__length_dotted	.symtab	0x8055b94	65	FUNC	<unknown>	HIDDEN	2
__length_question	.symtab	0x8055474	30	FUNC	<unknown>	HIDDEN	2
__libc_close	.symtab	0x804f45c	46	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x8050f28	43	FUNC	<unknown>	DEFAULT	2
__libc_creat	.symtab	0x804f62b	25	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x804f36c	87	FUNC	<unknown>	DEFAULT	2
__libc_fcntl64	.symtab	0x804f3c4	63	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x804f4c0	38	FUNC	<unknown>	DEFAULT	2
__libc_getpid	.symtab	0x804f510	38	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x8055898	95	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x8052cc4	50	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x804f5e0	75	FUNC	<unknown>	DEFAULT	2
__libc_poll	.symtab	0x8054418	54	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x804f6b4	54	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x8050fbc	51	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x804f6ec	63	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x8050ff0	51	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x8051024	67	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x80529f3	217	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x8060ac8	4	OBJECT	<unknown>	DEFAULT	11
__libc_waitpid	.symtab	0x804f8a4	26	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x804f8c0	54	FUNC	<unknown>	DEFAULT	2
__malloc_consolidate	.symtab	0x8051a55	424	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x805122c	38	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x805a730	24	OBJECT	<unknown>	DEFAULT	10
__malloc_state	.symtab	0x8060ba0	888	OBJECT	<unknown>	DEFAULT	11
__malloc_trim	.symtab	0x80519c8	141	FUNC	<unknown>	DEFAULT	2
__nameserver	.symtab	0x8060f28	12	OBJECT	<unknown>	HIDDEN	11
__nameservers	.symtab	0x8060f34	4	OBJECT	<unknown>	HIDDEN	11
__open_etc_hosts	.symtab	0x8055590	49	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x8054144	579	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x8060ad0	4	OBJECT	<unknown>	DEFAULT	11
__preinit_array_end	.symtab	0x805a4e4	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x805a4e4	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x80527b3	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x80527b3	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x80527b3	3	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x80527b3	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x80527b3	3	FUNC	<unknown>	DEFAULT	2
__pthread_return_void	.symtab	0x80527b6	1	FUNC	<unknown>	DEFAULT	2
__raise	.symtab	0x80543b4	24	FUNC	<unknown>	HIDDEN	2
__read_etc_hosts_r	.symtab	0x80555c1	724	FUNC	<unknown>	HIDDEN	2
__register_frame_info_bases	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__resolv_lock	.symtab	0x805a840	24	OBJECT	<unknown>	DEFAULT	10
__restore	.symtab	0x80529eb	0	NOTYPE	<unknown>	DEFAULT	2
__restore_rt	.symtab	0x80529e4	0	NOTYPE	<unknown>	DEFAULT	2
__rtld_fini	.symtab	0x8060ad8	4	OBJECT	<unknown>	HIDDEN	11
__searchdomain	.symtab	0x8060f18	16	OBJECT	<unknown>	HIDDEN	11
__searchdomains	.symtab	0x8060f38	4	OBJECT	<unknown>	HIDDEN	11
__sigaddset	.symtab	0x80511ec	32	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x805120c	32	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x80511c8	36	FUNC	<unknown>	DEFAULT	2
__socketcall	.symtab	0x8052b00	50	FUNC	<unknown>	HIDDEN	2
__socketcall.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdin	.symtab	0x805a5fc	4	OBJECT	<unknown>	DEFAULT	10
__stdio_READ	.symtab	0x8055bd8	68	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x8052e78	126	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x8054674	168	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x8052ef8	240	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x804fa69	23	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.3991	.symtab	0x80581a0	24	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x8055c1c	40	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x805494c	51	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x8055c44	101	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x8052fe8	158	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x804fb08	43	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x805a600	4	OBJECT	<unknown>	DEFAULT	10
__syscall_error	.symtab	0x8052acc	21	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x8052b34	59	FUNC	<unknown>	HIDDEN	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x8052774	63	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x80527eb	64	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x805282b	441	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x805a838	4	OBJECT	<unknown>	HIDDEN	10
__vfork	.symtab	0x804f354	21	FUNC	<unknown>	HIDDEN	2
__xpg_strerror_r	.symtab	0x8050994	183	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x804fb34	54	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x80543cc	18	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x8060f3c	4	OBJECT	<unknown>	DEFAULT	11
_dl_phnum	.symtab	0x8060f40	4	OBJECT	<unknown>	DEFAULT	11
_edata	.symtab	0x805a860	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x8060f44	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x8060ae0	4	OBJECT	<unknown>	DEFAULT	11
_exit	.symtab	0x804f404	40	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x8055cd8	3	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x805e8c0	8192	OBJECT	<unknown>	DEFAULT	11
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x804fb6a	106	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x80531f4	1476	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x8060ae4	4	OBJECT	<unknown>	DEFAULT	11
_init	.symtab	0x8048094	3	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x8053088	86	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x805017c	111	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x8050369	966	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x80501ec	66	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x8050230	271	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x8050340	41	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x80527b6	1	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x80527b6	1	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x8060b20	128	OBJECT	<unknown>	HIDDEN	11
_start	.symtab	0x8048164	34	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x805471c	559	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x804fa08	97	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x805a604	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_add_lock	.symtab	0x805a608	24	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_dec_use	.symtab	0x80549e4	228	FUNC	<unknown>	DEFAULT	2
_stdio_openlist_del_count	.symtab	0x805e8a8	4	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_del_lock	.symtab	0x805a620	24	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_use_count	.symtab	0x805e8a4	4	OBJECT	<unknown>	DEFAULT	11
_stdio_streams	.symtab	0x805a640	240	OBJECT	<unknown>	DEFAULT	10
_stdio_term	.symtab	0x804fa80	136	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x805a638	4	OBJECT	<unknown>	DEFAULT	10
_stdlib_strto_l	.symtab	0x8052284	277	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x80530e0	61	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x8058280	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x8053120	209	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x804fbd4	1448	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x8051dbc	273	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
atoi	.symtab	0x8052254	20	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x8052254	20	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bcopy	.symtab	0x8050a4c	21	FUNC	<unknown>	DEFAULT	2
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x8060ac0	1	OBJECT	<unknown>	DEFAULT	11
been_there_done_that.2832	.symtab	0x8060adc	1	OBJECT	<unknown>	DEFAULT	11
bot.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk	.symtab	0x80543e0	54	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x8051118	175	FUNC	<unknown>	DEFAULT	2
buf.2658	.symtab	0x80608c4	16	OBJECT	<unknown>	DEFAULT	11
buf.4993	.symtab	0x80608e0	460	OBJECT	<unknown>	DEFAULT	11
c	.symtab	0x805a54c	4	OBJECT	<unknown>	DEFAULT	10
chdir	.symtab	0x804f42c	46	FUNC	<unknown>	DEFAULT	2
chdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_tcp_udp	.symtab	0x804944c	223	FUNC	<unknown>	DEFAULT	2
clock_getres	.symtab	0x8052b70	50	FUNC	<unknown>	DEFAULT	2
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x804f45c	46	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.2429	.symtab	0x805a860	1	OBJECT	<unknown>	DEFAULT	11
connect	.symtab	0x8050f28	43	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x8048ca5	455	FUNC	<unknown>	DEFAULT	2
creat	.symtab	0x804f62b	25	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x80493a4	168	FUNC	<unknown>	DEFAULT	2
currentServer	.symtab	0x805a544	4	OBJECT	<unknown>	DEFAULT	10
data_start	.symtab	0x805a528	0	NOTYPE	<unknown>	DEFAULT	10
decodea.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x804f48c	50	FUNC	<unknown>	DEFAULT	2
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x8060acc	4	OBJECT	<unknown>	DEFAULT	11
errno	.symtab	0x8060ae0	4	OBJECT	<unknown>	DEFAULT	11
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execl	.symtab	0x8052404	105	FUNC	<unknown>	DEFAULT	2
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x8052ba4	54	FUNC	<unknown>	DEFAULT	2
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x805239c	103	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x80590a0	156	OBJECT	<unknown>	DEFAULT	4
fclose	.symtab	0x8054450	265	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x804f36c	87	FUNC	<unknown>	DEFAULT	2
fcntl64	.symtab	0x804f3c4	63	FUNC	<unknown>	DEFAULT	2
fdgets	.symtab	0x8048c3d	104	FUNC	<unknown>	DEFAULT	2
fdopen_pids	.symtab	0x805e8a0	4	OBJECT	<unknown>	DEFAULT	11
fdpclose	.symtab	0x8048ad9	356	FUNC	<unknown>	DEFAULT	2
fdpopen	.symtab	0x80488e3	502	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0x8054ac8	321	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x8055918	220	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x8054980	98	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x8054c0c	105	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt	.symtab	0x805907c	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0x805455c	24	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x804f4c0	38	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x8050730	51	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x8048110	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x8051bfd	412	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x8054574	27	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x8054574	27	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x8054590	227	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x8050764	116	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getHost	.symtab	0x8048fe6	59	FUNC	<unknown>	DEFAULT	2
getOurIP	.symtab	0x804ea90	521	FUNC	<unknown>	DEFAULT	2
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc_unlocked	.symtab	0x8055918	220	FUNC	<unknown>	DEFAULT	2
getdtablesize	.symtab	0x804f4e8	37	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x8052bdc	38	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x8052c04	38	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x8052c2c	38	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x8050bc4	48	FUNC	<unknown>	DEFAULT	2
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x8050bf4	818	FUNC	<unknown>	DEFAULT	2
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x8052c54	19	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x804f510	38	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x804f538	50	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x8050f54	43	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x8050f80	59	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x8052c68	38	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gotIP	.symtab	0x805a888	4	OBJECT	<unknown>	DEFAULT	11
h.4992	.symtab	0x8060aac	20	OBJECT	<unknown>	DEFAULT	11
h_errno	.symtab	0x8060ae4	4	OBJECT	<unknown>	DEFAULT	11
hextable	.symtab	0x8055d40	1024	OBJECT	<unknown>	DEFAULT	4
htonl	.symtab	0x8050b1c	7	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x8050b10	12	FUNC	<unknown>	DEFAULT	2
i.3754	.symtab	0x805a550	4	OBJECT	<unknown>	DEFAULT	10
index	.symtab	0x8050818	30	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x8050b9c	37	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x805395c	148	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa	.symtab	0x8050b87	21	FUNC	<unknown>	DEFAULT	2
inet_ntoa.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa_r	.symtab	0x8050b38	79	FUNC	<unknown>	DEFAULT	2
inet_ntop	.symtab	0x80550f0	462	FUNC	<unknown>	DEFAULT	2
inet_ntop4	.symtab	0x8054fe8	264	FUNC	<unknown>	DEFAULT	2
inet_pton	.symtab	0x8054e1e	458	FUNC	<unknown>	DEFAULT	2
inet_pton4	.symtab	0x8054d98	134	FUNC	<unknown>	DEFAULT	2
initConnection	.symtab	0x804e95b	309	FUNC	<unknown>	DEFAULT	2
init_rand	.symtab	0x8048188	111	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x8051f7d	87	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x80521a6	171	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x804f56c	63	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ioctl_keepalive	.symtab	0x804c56f	230	FUNC	<unknown>	DEFAULT	2
ioctl_pid	.symtab	0x805a880	4	OBJECT	<unknown>	DEFAULT	11
isatty	.symtab	0x8050a80	29	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isspace	.symtab	0x804f8f8	17	FUNC	<unknown>	DEFAULT	2
isspace.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x804f5ac	50	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthd.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/i386/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/i386/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/i386/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/i386/mmap.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/i386/vfork.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x8049268	268	FUNC	<unknown>	DEFAULT	2
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x8055898	95	FUNC	<unknown>	DEFAULT	2
macAddress	.symtab	0x805a898	6	OBJECT	<unknown>	DEFAULT	11
main	.symtab	0x804ec99	1720	FUNC	<unknown>	DEFAULT	2
mainCommSock	.symtab	0x805a884	4	OBJECT	<unknown>	DEFAULT	11
makeIPPacket	.symtab	0x80495e6	126	FUNC	<unknown>	DEFAULT	2
makeVSEPacket	.symtab	0x8049664	141	FUNC	<unknown>	DEFAULT	2
malloc	.symtab	0x8051252	1908	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x8051d99	34	FUNC	<unknown>	DEFAULT	2
memchr	.symtab	0x80537b8	35	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x80507d8	39	FUNC	<unknown>	DEFAULT	2
memcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memmove	.symtab	0x80537dc	39	FUNC	<unknown>	DEFAULT	2
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x8053804	33	FUNC	<unknown>	DEFAULT	2
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x8053828	176	FUNC	<unknown>	DEFAULT	2
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x8050800	21	FUNC	<unknown>	DEFAULT	2
memset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mmap	.symtab	0x8052ae4	27	FUNC	<unknown>	DEFAULT	2
munmap	.symtab	0x8052c90	50	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x805a748	24	OBJECT	<unknown>	DEFAULT	10
mylock	.symtab	0x805a760	24	OBJECT	<unknown>	DEFAULT	10
mylock	.symtab	0x8060ae8	24	OBJECT	<unknown>	DEFAULT	11
nanosleep	.symtab	0x8052cc4	50	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1109	.symtab	0x80608c0	4	OBJECT	<unknown>	DEFAULT	11
ntohl	.symtab	0x8050b2f	7	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x8050b23	12	FUNC	<unknown>	DEFAULT	2
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x805a890	8	OBJECT	<unknown>	DEFAULT	11
object.2482	.symtab	0x805a864	24	OBJECT	<unknown>	DEFAULT	11
open	.symtab	0x804f5e0	75	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x8060b08	4	OBJECT	<unknown>	DEFAULT	11
ourPublicIP	.symtab	0x8060b0c	4	OBJECT	<unknown>	DEFAULT	11
ovhl7	.symtab	0x804ac59	1619	FUNC	<unknown>	DEFAULT	2
p.2427	.symtab	0x805a524	0	OBJECT	<unknown>	DEFAULT	10
parseHex	.symtab	0x8048e6c	68	FUNC	<unknown>	DEFAULT	2
pids	.symtab	0x8060b14	4	OBJECT	<unknown>	DEFAULT	11
pipe	.symtab	0x804f644	46	FUNC	<unknown>	DEFAULT	2
pipe.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
poll	.symtab	0x8054418	54	FUNC	<unknown>	DEFAULT	2
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x804f674	63	FUNC	<unknown>	DEFAULT	2
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4202	.symtab	0x80581c5	12	OBJECT	<unknown>	DEFAULT	4
print	.symtab	0x804859c	584	FUNC	<unknown>	DEFAULT	2
printchar	.symtab	0x8048366	58	FUNC	<unknown>	DEFAULT	2
printi	.symtab	0x8048477	293	FUNC	<unknown>	DEFAULT	2
prints	.symtab	0x80483a0	215	FUNC	<unknown>	DEFAULT	2
processCmd	.symtab	0x804c655	8966	FUNC	<unknown>	DEFAULT	2
qual_chars.4208	.symtab	0x80581d8	20	OBJECT	<unknown>	DEFAULT	4
raise	.symtab	0x80543b4	24	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x8051ed0	5	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_cmwc	.symtab	0x80481f7	192	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x8051ed8	72	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x8058de0	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x80520b1	95	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x805a7a0	128	OBJECT	<unknown>	DEFAULT	10
rangechoice	.symtab	0x805a548	4	OBJECT	<unknown>	DEFAULT	10
rawmemchr	.symtab	0x8054cc8	99	FUNC	<unknown>	DEFAULT	2
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x804f6b4	54	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x8050fbc	51	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x80490bb	429	FUNC	<unknown>	DEFAULT	2
sbrk	.symtab	0x8052cf8	78	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x8060b10	4	OBJECT	<unknown>	DEFAULT	11
sclose	.symtab	0x80496f1	47	FUNC	<unknown>	DEFAULT	2
select	.symtab	0x804f6ec	63	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x8050ff0	51	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendFLUX	.symtab	0x804bd2f	848	FUNC	<unknown>	DEFAULT	2
sendHEX	.symtab	0x804aafa	351	FUNC	<unknown>	DEFAULT	2
sendHTTP	.symtab	0x804a735	965	FUNC	<unknown>	DEFAULT	2
sendLDAP	.symtab	0x804996a	361	FUNC	<unknown>	DEFAULT	2
sendNTP	.symtab	0x8049ad3	361	FUNC	<unknown>	DEFAULT	2
sendSNMP	.symtab	0x8049c3c	361	FUNC	<unknown>	DEFAULT	2
sendSSDP	.symtab	0x8049f0e	361	FUNC	<unknown>	DEFAULT	2
sendSTD	.symtab	0x8049801	361	FUNC	<unknown>	DEFAULT	2
sendTCP	.symtab	0x804b79d	1426	FUNC	<unknown>	DEFAULT	2
sendTELNET	.symtab	0x804a077	361	FUNC	<unknown>	DEFAULT	2
sendTFTP	.symtab	0x8049da5	361	FUNC	<unknown>	DEFAULT	2
sendUDP	.symtab	0x804b2ac	1265	FUNC	<unknown>	DEFAULT	2
sendVSE	.symtab	0x804c07f	1264	FUNC	<unknown>	DEFAULT	2
sendto	.symtab	0x8051024	67	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
seteuid	.symtab	0x804f72c	82	FUNC	<unknown>	DEFAULT	2
seteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setresuid	.symtab	0x804f780	54	FUNC	<unknown>	DEFAULT	2
setresuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setreuid	.symtab	0x804f7b8	50	FUNC	<unknown>	DEFAULT	2
setreuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x8051068	59	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x8051f20	93	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x8052018	153	FUNC	<unknown>	DEFAULT	2
setuid	.symtab	0x804f7ec	46	FUNC	<unknown>	DEFAULT	2
setuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaction	.symtab	0x80529f3	217	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x80510d0	42	FUNC	<unknown>	DEFAULT	2
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x80510fc	25	FUNC	<unknown>	DEFAULT	2
signal	.symtab	0x8051118	175	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x804f81c	85	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x8052470	393	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x80510a4	43	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x8049720	225	FUNC	<unknown>	DEFAULT	2
sockprintf	.symtab	0x804882a	185	FUNC	<unknown>	DEFAULT	2
spec_and_mask.4207	.symtab	0x80581ec	16	OBJECT	<unknown>	DEFAULT	4
spec_base.4201	.symtab	0x80581d1	7	OBJECT	<unknown>	DEFAULT	4
spec_chars.4204	.symtab	0x8058215	21	OBJECT	<unknown>	DEFAULT	4
spec_flags.4203	.symtab	0x805822a	8	OBJECT	<unknown>	DEFAULT	4
spec_or_mask.4206	.symtab	0x80581fc	16	OBJECT	<unknown>	DEFAULT	4
spec_ranges.4205	.symtab	0x805820c	9	OBJECT	<unknown>	DEFAULT	4
sprintf	.symtab	0x804f934	31	FUNC	<unknown>	DEFAULT	2
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x8051fd4	67	FUNC	<unknown>	DEFAULT	2
srandom	.symtab	0x8051fd4	67	FUNC	<unknown>	DEFAULT	2
srandom_r	.symtab	0x8052110	150	FUNC	<unknown>	DEFAULT	2
static_id	.symtab	0x805a83c	2	OBJECT	<unknown>	DEFAULT	10
static_ns	.symtab	0x8060b00	4	OBJECT	<unknown>	DEFAULT	11
stderr	.symtab	0x805a5f8	4	OBJECT	<unknown>	DEFAULT	10
stdin	.symtab	0x805a5f0	4	OBJECT	<unknown>	DEFAULT	10
stdout	.symtab	0x805a5f4	4	OBJECT	<unknown>	DEFAULT	10
strcasecmp	.symtab	0x80559f4	54	FUNC	<unknown>	DEFAULT	2
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x8050818	30	FUNC	<unknown>	DEFAULT	2
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x8054c78	29	FUNC	<unknown>	DEFAULT	2
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcoll	.symtab	0x8054c78	29	FUNC	<unknown>	DEFAULT	2
strcpy	.symtab	0x8050838	27	FUNC	<unknown>	DEFAULT	2
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strdup	.symtab	0x8054d60	54	FUNC	<unknown>	DEFAULT	2
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x8050994	183	FUNC	<unknown>	DEFAULT	2
strlen	.symtab	0x8050854	19	FUNC	<unknown>	DEFAULT	2
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncat	.symtab	0x8054c98	46	FUNC	<unknown>	DEFAULT	2
strncat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x8050868	38	FUNC	<unknown>	DEFAULT	2
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x8050890	25	FUNC	<unknown>	DEFAULT	2
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x8053934	39	FUNC	<unknown>	DEFAULT	2
strpbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x8054d2c	50	FUNC	<unknown>	DEFAULT	2
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x80508ac	198	FUNC	<unknown>	DEFAULT	2
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok	.symtab	0x8050a64	25	FUNC	<unknown>	DEFAULT	2
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x80538d8	89	FUNC	<unknown>	DEFAULT	2
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x8052268	26	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sysconf	.symtab	0x80525fc	325	FUNC	<unknown>	DEFAULT	2
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
szprintf	.symtab	0x8048806	36	FUNC	<unknown>	DEFAULT	2
tcgetattr	.symtab	0x8050aa0	112	FUNC	<unknown>	DEFAULT	2
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpcsum	.symtab	0x804952b	187	FUNC	<unknown>	DEFAULT	2
time	.symtab	0x804f874	46	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tolower	.symtab	0x80558f8	29	FUNC	<unknown>	DEFAULT	2
tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toupper	.symtab	0x804f90c	29	FUNC	<unknown>	DEFAULT	2
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x80482b7	175	FUNC	<unknown>	DEFAULT	2
type_codes	.symtab	0x8058232	24	OBJECT	<unknown>	DEFAULT	4
type_sizes	.symtab	0x805824a	12	OBJECT	<unknown>	DEFAULT	4
unknown.1161	.symtab	0x8058256	14	OBJECT	<unknown>	DEFAULT	4
unsafe_state	.symtab	0x805a778	28	OBJECT	<unknown>	DEFAULT	10
uppercase	.symtab	0x8049021	51	FUNC	<unknown>	DEFAULT	2
useragents	.symtab	0x805a560	128	OBJECT	<unknown>	DEFAULT	10
usleep	.symtab	0x8052744	48	FUNC	<unknown>	DEFAULT	2
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vfork	.symtab	0x804f354	21	FUNC	<unknown>	DEFAULT	2
vsnprintf	.symtab	0x804f954	178	FUNC	<unknown>	DEFAULT	2
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wait4	.symtab	0x8052d48	59	FUNC	<unknown>	DEFAULT	2
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x804f8a4	26	FUNC	<unknown>	DEFAULT	2
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcrtomb	.symtab	0x8052d8c	68	FUNC	<unknown>	DEFAULT	2
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x8052df0	134	FUNC	<unknown>	DEFAULT	2
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x8052dd0	30	FUNC	<unknown>	DEFAULT	2
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wildString	.symtab	0x8048eb0	310	FUNC	<unknown>	DEFAULT	2
write	.symtab	0x804f8c0	54	FUNC	<unknown>	DEFAULT	2
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
xdigits.3116	.symtab	0x8059194	17	OBJECT	<unknown>	DEFAULT	4
zprintf	.symtab	0x80487e4	34	FUNC	<unknown>	DEFAULT	2

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-30T02:26:56.294124+0100	2847206	ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin	1	192.168.2.15	53822	31.13.224.110	49182	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 02:26:56.288945913 CET	53822	49182	192.168.2.15	31.13.224.110
Dec 30, 2024 02:26:56.293977022 CET	49182	53822	31.13.224.110	192.168.2.15
Dec 30, 2024 02:26:56.294048071 CET	53822	49182	192.168.2.15	31.13.224.110
Dec 30, 2024 02:26:56.294123888 CET	53822	49182	192.168.2.15	31.13.224.110
Dec 30, 2024 02:26:56.298979044 CET	49182	53822	31.13.224.110	192.168.2.15
Dec 30, 2024 02:26:57.901464939 CET	49182	53822	31.13.224.110	192.168.2.15
Dec 30, 2024 02:26:57.905426025 CET	53822	49182	192.168.2.15	31.13.224.110
Dec 30, 2024 02:26:57.909693003 CET	53822	49182	192.168.2.15	31.13.224.110
Dec 30, 2024 02:26:57.914494991 CET	49182	53822	31.13.224.110	192.168.2.15

System Behavior

Analysis Process: 586.elf PID: 5549, Parent PID: 5469

General

Start time (UTC):	01:26:55
Start date (UTC):	30/12/2024
Path:	/tmp/586.elf
Arguments:	/tmp/586.elf
File size:	96268 bytes
MD5 hash:	c61c82ec02a70a7dfc67f05e58ac836d

Chronological Activities

Analysis Process: 586.elf PID: 5550, Parent PID: 5549

General

Start time (UTC):	01:26:55
Start date (UTC):	30/12/2024
Path:	/tmp/586.elf
Arguments:	-
File size:	96268 bytes
MD5 hash:	c61c82ec02a70a7dfc67f05e58ac836d

Chronological Activities

Analysis Process: 586.elf PID: 5551, Parent PID: 5550

General

Start time (UTC):	01:26:55
Start date (UTC):	30/12/2024
Path:	/tmp/586.elf
Arguments:	-
File size:	96268 bytes
MD5 hash:	c61c82ec02a70a7dfc67f05e58ac836d

Chronological Activities

Analysis Process: 586.elf PID: 5552, Parent PID: 5551

General

Start time (UTC):	01:26:55
Start date (UTC):	30/12/2024
Path:	/tmp/586.elf
Arguments:	-
File size:	96268 bytes
MD5 hash:	c61c82ec02a70a7dfc67f05e58ac836d

Chronological Activities

Analysis Process: 586.elf PID: 5553, Parent PID: 5552

General

Start time (UTC):	01:26:55
Start date (UTC):	30/12/2024
Path:	/tmp/586.elf
Arguments:	-
File size:	96268 bytes
MD5 hash:	c61c82ec02a70a7dfc67f05e58ac836d

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report 586.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: 586.elf PID: 5549, Parent PID: 5469

General

Chronological Activities

Analysis Process: 586.elf PID: 5550, Parent PID: 5549

General

Chronological Activities

Analysis Process: 586.elf PID: 5551, Parent PID: 5550

General

Chronological Activities

Analysis Process: 586.elf PID: 5552, Parent PID: 5551

General

Chronological Activities

Analysis Process: 586.elf PID: 5553, Parent PID: 5552

General

Chronological Activities

Linux Analysis Report
586.elf