Edit tour

Linux Analysis Report
mippywippy.elf

Overview

General Information

Sample name:	mippywippy.elf
Analysis ID:	1586279
MD5:	a05e765ec261f9aa07dc177255fc13e9
SHA1:	ed9f97d1936e214e246310aeedb2d50c76c61f06
SHA256:	573e1358379d0a6dede3bd87711abb5928aedeb493e4a2c401ceaf813973f5e1
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai

Score:	80
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Yara detected Gafgyt

Yara detected Mirai

Contains symbols with names commonly found in malware

Opens /proc/net/* files useful for finding connected devices and routers

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample tries to kill a process (SIGKILL)

Suricata IDS alerts with low severity for network traffic

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1586279
Start date and time:	2025-01-08 23:57:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	mippywippy.elf
Detection:	MAL
Classification:	mal80.spre.troj.linELF@0/0@2/0

Runtime Messages

Command:	/tmp/mippywippy.elf
PID:	5522
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

system is lnxubuntu20

mippywippy.elf (PID: 5522, Parent: 5448, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mippywippy.elf

mippywippy.elf New Fork (PID: 5562, Parent: 5522)

mippywippy.elf New Fork (PID: 5564, Parent: 5522)

mippywippy.elf New Fork (PID: 5566, Parent: 5564)

gnome-session-binary New Fork (PID: 5526, Parent: 1498)

sh (PID: 5526, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

gsd-rfkill (PID: 5526, Parent: 1498, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill

gdm3 New Fork (PID: 5531, Parent: 1333)

Default (PID: 5531, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5551, Parent: 1333)

Default (PID: 5551, Parent: 1333, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 5575, Parent: 1)

systemd-user-runtime-dir (PID: 5575, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
mippywippy.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
mippywippy.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
mippywippy.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2e44d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e461:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e475:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e489:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e49d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e501:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e515:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e529:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e53d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e551:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e565:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e579:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e58d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5a1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5b5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5c9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5dd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
mippywippy.elf	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x2e400:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x39f9c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

Memory Dumps

Source	Rule	Description	Author	Strings
5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2e44d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e461:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e475:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e489:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e49d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e501:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e515:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e529:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e53d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e551:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e565:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e579:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e58d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5a1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5b5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5c9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5dd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x2e400:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x39f9c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2e44d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e461:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e475:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e489:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e49d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e501:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e515:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e529:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e53d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e551:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e565:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e579:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e58d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5a1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5b5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5c9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5dd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x2e400:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x39f9c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2e44d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e461:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e475:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e489:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e49d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e4ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e501:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e515:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e529:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e53d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e551:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e565:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e579:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e58d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5a1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5b5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5c9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2e5dd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x2e400:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x39f9c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: mippywippy.elf PID: 5522	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mippywippy.elf PID: 5522	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfe11:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe25:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe39:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe4d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe61:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe75:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe89:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe9d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfeb1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfec5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfed9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfeed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff01:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff15:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff29:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff3d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff51:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff65:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff79:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff8d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mippywippy.elf PID: 5522	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xfdc4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x1fdc8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x33ac1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: mippywippy.elf PID: 5562	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mippywippy.elf PID: 5562	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1b788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b79c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b7b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b7c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b7d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b7ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b800:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b814:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b828:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b83c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b850:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b864:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b878:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b88c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b904:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b918:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mippywippy.elf PID: 5562	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1b73b:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x2b73f:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x3f438:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: mippywippy.elf PID: 5564	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mippywippy.elf PID: 5564	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfe11:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe25:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe39:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe4d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe61:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe75:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe89:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfe9d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfeb1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfec5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfed9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfeed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff01:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff15:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff29:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff3d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff51:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff65:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff79:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff8d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mippywippy.elf PID: 5564	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0xfdc4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x1fdc8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64 0x33ac1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 16 entries

Suricata Signatures

ETPRO MALWARE Possible ELF/Various IoT Bot Style Device Checkin (unknown)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-08T23:58:01.700499+0100	2848448	1	A Network Trojan was detected	192.168.2.15	47660	154.216.20.70	6478	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: mippywippy.elf

Avira: detected

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/mippywippy.elf (PID: 5522)

Opens: /proc/net/route

Jump to behavior

Source: mippywippy.elf

String: 'shps902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfsoraSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismDeportedXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0GbA1onry0v03FortniteDownLOLZY0urM0mGaypussyfartlmaojkGrAcEnIgGeRaNnYvdGkqndCOqGeoRBe6BEGuiltyCrownZEuS69s4beBsEQhdHOHO-KSNDOZEuz69sat1234aj93hJ23scanHAalie293z0k2LscanJoshoARMHellInSideayyyGangShitscanJoshoARM5HighFryb1glscanJoshoARM6IWhPyucDbJboatnetzscanJoshoARM7IuYgujeIqnbtbatrtahzexsexscanJoshoM68KJJDUHEWBBBIBscanJoshoMIPSJSDGIEVIVAVIGcKbVkzGOPascanJoshoMPSLccADscanJoshoPPCKAZEN-OIU97chickenxingsscanJoshoSH4yakuskzm8KAZEN-PO78HcleanerscanJoshoSPCKAZEN-U79OLdbeefscanJoshoX86yakuz4c24KETASHI32ddrwelperscanarm5zPnr6HpQj2Kaishi-Iz90Ydeexecscanarm6zdrtfxcgyKatrina32doCP3fVjscanarm7zxcfhuioKsif91je39scanm68kKuasadvrhelperl33t_feetl33tl33tfeetscanmipsKuasaBinsMateeQnOhRk85rscanmpslLOLHHHOHOHBUIeXK20CL12ZnyamezyQBotBladeSPOOKYhikariwasherep4029x91xx32uhj4gbejhwizardzhra.outboatnetdbgcondiheroshimaskid.dbglzrdPownedSecurity69.aresfxlyazsxhyUNSTABLEunstable_is_the_story_of_the_universemoobotjnsd9sdoilayourmomgaeissdfjiougsiojOasisSEGRJIJHFVNHSNHEIHFOSapep999KOWAI-BAdAsVKOWAI-SADjHKipU7Ylairdropmalwareyour_verry_fucking_gayBig-Bro-Brightsefaexecshirololieagle.For-Gai-Mezy0x6axNLcloqkisvspookymythSwergjmioGKILLEJW(IU(JIWERGFJGJWJRGHetrhwewrtheIuFdKssCxzjSDFJIjioOnrYoXd666ewrtkjokethajbdf89wu823AAaasrdgsWsGA4@F6FGhostWuzHere666BOGOMIPSbeastmodedvrHelperbestmodesfc6aJfIuYDemon.xeno-is-godICY-P-0ODIJgSHUIHIfhwrgLhu87VhvQPzlunadakuexecbinTacoBellGodYololigangExecutionorbitclientAmnesiaOwariUnHAnaAWz3hirobbomiorieagledoxxRollielessie.hax.yakuzawordminerminerwordSinixV4hohog0dbu7tuorphicfurasshuhorizonassailantAresKawaiihelperECHOBOTDEMONSkalonJoshodaddyscumakira.akHilixdakuTsunamiestellaSolarrift_-255.NetCayosinOkamiKoshabushidotrojanshiinaReaper.Corona.wrgnuwrijoBOXOFABOXAkaHarioragefibregalilstresserpwstresser.pwcatnetTheCowSaysGoodByedistrubter22269reportbacktelportzyad1234stresser.suTohrujeffspenderbotnetOmnihamlogmirailoversxlk.busyboxxxbusyboxxkawaiiFrostisxj472szHU6FIZTQUPFF1500RGplzjustfuckoffnvitpjelfLoadAmakanotokupdatercum-n-gooblivionVoltages

Source: global traffic	TCP traffic: 192.168.2.15:39584 -> 66.59.198.122:7733
Source: global traffic	TCP traffic: 192.168.2.15:47660 -> 154.216.20.70:6478

Source: Network traffic

Suricata IDS: 2848448 - Severity 1 - ETPRO MALWARE Possible ELF/Various IoT Bot Style Device Checkin (unknown) : 192.168.2.15:47660 -> 154.216.20.70:6478

Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 66.59.198.122
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.70
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.70
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.70
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.70
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Malicious sample detected (through community Yara rule)

Source: mippywippy.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: mippywippy.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: mippywippy.elf PID: 5522, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mippywippy.elf PID: 5522, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: mippywippy.elf PID: 5562, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mippywippy.elf PID: 5562, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: mippywippy.elf PID: 5564, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mippywippy.elf PID: 5564, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample	Name: attacks_vector_wabba_jack
Source: ELF static info symbol of initial sample	Name: vseattack

Source: Initial sample	String containing 'busybox' found: busyboxxx
Source: Initial sample	String containing 'busybox' found: busyboxx
Source: Initial sample	String containing 'busybox' found: 'shps902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfsoraSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismDeportedXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer

Source: /tmp/mippywippy.elf (PID: 5522)	SIGKILL sent: pid: 1679, result: successful			Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	SIGKILL sent: pid: 5526, result: successful			Jump to behavior

Source: mippywippy.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: mippywippy.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: mippywippy.elf PID: 5522, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mippywippy.elf PID: 5522, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: mippywippy.elf PID: 5562, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mippywippy.elf PID: 5562, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: mippywippy.elf PID: 5564, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mippywippy.elf PID: 5564, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal80.spre.troj.linELF@0/0@2/0

Source: mippywippy.elf	ELF static info symbol of initial sample: libc/string/mips/memcpy.S
Source: mippywippy.elf	ELF static info symbol of initial sample: libc/string/mips/memset.S
Source: mippywippy.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crt1.S
Source: mippywippy.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crti.S
Source: mippywippy.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crtn.S
Source: mippywippy.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/pipe.S

Source: /tmp/mippywippy.elf (PID: 5522)	Directory: /tmp/.	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	Directory: /tmp/..	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	Directory: /tmp/.	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	Directory: /tmp/..	Jump to behavior

Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/1333/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/1333/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/1695/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/911/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/911/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/19/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/19/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/1591/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/246/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/246/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/1585/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/129/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/129/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/3883/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/3883/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/802/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/802/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/mippywippy.elf (PID: 5522)	File opened: /proc/803/cmdline	Jump to behavior

Source: /tmp/mippywippy.elf (PID: 5522)

Queries kernel information via 'uname':

Jump to behavior

Source: mippywippy.elf, 5522.1.0000561ded22b000.0000561ded2d2000.rw-.sdmp, mippywippy.elf, 5562.1.0000561ded22b000.0000561ded2d2000.rw-.sdmp, mippywippy.elf, 5564.1.0000561ded22b000.0000561ded2d2000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: mippywippy.elf, 5522.1.0000561ded22b000.0000561ded2d2000.rw-.sdmp, mippywippy.elf, 5562.1.0000561ded22b000.0000561ded2d2000.rw-.sdmp, mippywippy.elf, 5564.1.0000561ded22b000.0000561ded2d2000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/mipsel
Source: mippywippy.elf, 5522.1.00007ffec0994000.00007ffec09b5000.rw-.sdmp, mippywippy.elf, 5562.1.00007ffec0994000.00007ffec09b5000.rw-.sdmp, mippywippy.elf, 5564.1.00007ffec0994000.00007ffec09b5000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mippywippy.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mippywippy.elf
Source: mippywippy.elf, 5522.1.00007ffec0994000.00007ffec09b5000.rw-.sdmp, mippywippy.elf, 5562.1.00007ffec0994000.00007ffec09b5000.rw-.sdmp, mippywippy.elf, 5564.1.00007ffec0994000.00007ffec09b5000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match	File source: mippywippy.elf, type: SAMPLE
Source: Yara match	File source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY

Yara detected Mirai

Source: Yara match	File source: mippywippy.elf, type: SAMPLE
Source: Yara match	File source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mippywippy.elf PID: 5522, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mippywippy.elf PID: 5562, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mippywippy.elf PID: 5564, type: MEMORYSTR

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match	File source: mippywippy.elf, type: SAMPLE
Source: Yara match	File source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY

Yara detected Mirai

Source: Yara match	File source: mippywippy.elf, type: SAMPLE
Source: Yara match	File source: 5564.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5522.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5562.1.00007f1d74400000.00007f1d7443c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mippywippy.elf PID: 5522, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mippywippy.elf PID: 5562, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mippywippy.elf PID: 5564, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Hidden Files and Directories	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mippywippy.elf	100%	Avira	LINUX/Mirai.Gafgyt.

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
154.216.20.70	unknown	Seychelles		135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false
66.59.198.122	unknown	Reserved		17184	ATL-CBEYONDUS	false

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	boatnet.arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	boatnet.x86.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	fenty.arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	m1.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	gompsl.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	empsl.elf	Get hash	malicious	Mirai	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ATL-CBEYONDUS	armv7l.elf	Get hash	malicious	Unknown	Browse	173.200.178.217
	botx.arm7.elf	Get hash	malicious	Mirai	Browse	72.54.140.80
	xd.mpsl.elf	Get hash	malicious	Mirai	Browse	72.16.202.25
	armv5l.elf	Get hash	malicious	Mirai	Browse	69.199.235.231
	armv4l.elf	Get hash	malicious	Mirai	Browse	69.198.187.233
	nabarm5.elf	Get hash	malicious	Unknown	Browse	69.199.34.183
	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	69.199.45.224
	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	50.21.114.195
	la.bot.sh4.elf	Get hash	malicious	Mirai	Browse	69.15.59.107
	la.bot.arm5.elf	Get hash	malicious	Mirai	Browse	216.192.135.159
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	gompsl.elf	Get hash	malicious	Mirai	Browse	156.254.70.172
	garm.elf	Get hash	malicious	Mirai	Browse	156.241.11.50
	earm5.elf	Get hash	malicious	Mirai	Browse	156.254.70.166
	emips.elf	Get hash	malicious	Mirai	Browse	156.226.9.162
	LayyB0R.exe	Get hash	malicious	RHADAMANTHYS	Browse	154.216.20.162
	aNfqvgu.exe	Get hash	malicious	RHADAMANTHYS	Browse	154.216.20.162
	miori.x86.elf	Get hash	malicious	Unknown	Browse	45.207.240.67
	Jeffparish.docx	Get hash	malicious	Unknown	Browse	154.216.17.193
	wind.m68k.elf	Get hash	malicious	Mirai	Browse	154.216.17.34
	wind.sh4.elf	Get hash	malicious	Mirai	Browse	154.216.17.34

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.576692574012536
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	mippywippy.elf
File size:	290'917 bytes
MD5:	a05e765ec261f9aa07dc177255fc13e9
SHA1:	ed9f97d1936e214e246310aeedb2d50c76c61f06
SHA256:	573e1358379d0a6dede3bd87711abb5928aedeb493e4a2c401ceaf813973f5e1
SHA512:	98f1127bbe4dd026023e4de66631adecaa1bace659aecbb95823103ed73083a05d244ba668beb7ad6f878edea252db51efb5ed25572b554e8f08c854c6aa09f6
SSDEEP:	3072:PcMmJjecrsAK6YsTn9X6cCWuMhNiJwmIPTBJGXbXi+Nx:PcMm3r26YsT9LDMwmIPTBJGXbXi+Nx
TLSH:	2E5463347E22DA73C45BEEB69AE96942964CE6C70BC4970771F0D01C9BF684E14DBC88
File Content Preview:	.ELF......................@.4...(.......4. ...(........p......@...@...........................@...@...........................G...G......}..........Q.td.................................................QH....<.Q.'!......'.......................<.P.'!... ..

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4002a0
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	265512
Section Header Size:	40
Number of Section Headers:	21
Header String Table Index:	18

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.reginfo	MIPS_REGINFO	0x4000b4	0xb4	0x18	0x18	0x2	A	0	0	4
.init	PROGBITS	0x4000cc	0xcc	0x8c	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x400160	0x160	0x1ecd0	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x41ee30	0x1ee30	0x5c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x41ee90	0x1ee90	0x1ccfc	0x0	0x2	A	0	0	16
.eh_frame	PROGBITS	0x43bb8c	0x3bb8c	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x47c000	0x3c000	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x47c008	0x3c008	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x47c010	0x3c010	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x47c014	0x3c014	0x4d4	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x47c4f0	0x3c4f0	0xcf0	0x0	0x3	WA	0	0	16
.got	PROGBITS	0x47d1e0	0x3d1e0	0x600	0x4	0x10000003	WAp	0	0	16
.sbss	NOBITS	0x47d7e0	0x3d7e0	0x30	0x0	0x10000003	WAp	0	0	4
.bss	NOBITS	0x47d810	0x3d7e0	0x6570	0x0	0x3	WA	0	0	16
.comment	PROGBITS	0x0	0x3d7e0	0xd4a	0x0	0x0		0	0	1
.mdebug.abi32	PROGBITS	0xd4a	0x3e52a	0x0	0x0	0x0		0	0	1
.pdr	PROGBITS	0x0	0x3e52c	0x2760	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x40c8c	0x9a	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x41070	0x3730	0x10	0x0		20	367	4
.strtab	STRTAB	0x0	0x447a0	0x28c5	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xb4	0x4000b4	0x4000b4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x3bb90	0x3bb90	5.5239	0x5	R E	0x10000	.reginfo .init .text .fini .rodata .eh_frame
LOAD	0x3c000	0x47c000	0x47c000	0x17e0	0x7d80	4.7816	0x6	RW	0x10000	.ctors .dtors .jcr .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000cc	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x400160	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x41ee30	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x41ee90	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x43bb8c	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x47c000	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x47c008	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x47c010	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x47c014	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x47c4f0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x47d1e0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x47d7e0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x47d810	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0xd4a	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
C.172.5856	.symtab	0x47c014	48	OBJECT	<unknown>	DEFAULT	10
C.187.5979	.symtab	0x47c044	44	OBJECT	<unknown>	DEFAULT	10
C.192.6027	.symtab	0x47c070	32	OBJECT	<unknown>	DEFAULT	10
C.196.6063	.symtab	0x47c090	8	OBJECT	<unknown>	DEFAULT	10
C.200.6099	.symtab	0x47c098	12	OBJECT	<unknown>	DEFAULT	10
C.204.6136	.symtab	0x47c0a4	24	OBJECT	<unknown>	DEFAULT	10
C.208.6170	.symtab	0x47c0bc	1024	OBJECT	<unknown>	DEFAULT	10
C.212.6216	.symtab	0x47c4bc	16	OBJECT	<unknown>	DEFAULT	10
C.217.6264	.symtab	0x47c4cc	12	OBJECT	<unknown>	DEFAULT	10
C.222.6305	.symtab	0x47c4d8	16	OBJECT	<unknown>	DEFAULT	10
KHcommSOCK	.symtab	0x47d830	4	OBJECT	<unknown>	DEFAULT	14
KHserverHACKER	.symtab	0x47cdb4	4	OBJECT	<unknown>	DEFAULT	11
KillStructure	.symtab	0x47c528	2012	OBJECT	<unknown>	DEFAULT	11
LOCAL_ADDR	.symtab	0x47d7e0	4	OBJECT	<unknown>	DEFAULT	13
Q	.symtab	0x47d84c	16384	OBJECT	<unknown>	DEFAULT	14
Randhex	.symtab	0x408a4c	604	FUNC	<unknown>	DEFAULT	3
Send100UP	.symtab	0x408800	588	FUNC	<unknown>	DEFAULT	3
SendBINARY	.symtab	0x408ca8	844	FUNC	<unknown>	DEFAULT	3
SendKPAC	.symtab	0x408530	720	FUNC	<unknown>	DEFAULT	3
SendOnePacket	.symtab	0x408314	540	FUNC	<unknown>	DEFAULT	3
SendRAPE	.symtab	0x408ff4	896	FUNC	<unknown>	DEFAULT	3
SendSTDHEX	.symtab	0x409374	568	FUNC	<unknown>	DEFAULT	3
SendUDPBYPASS	.symtab	0x4077c4	596	FUNC	<unknown>	DEFAULT	3
WalmartBag	.symtab	0x407ff4	800	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_	.symtab	0x47d1e0	0	OBJECT	<unknown>	DEFAULT	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x47c004	0	OBJECT	<unknown>	DEFAULT	7
__CTOR_LIST__	.symtab	0x47c000	0	OBJECT	<unknown>	DEFAULT	7
__C_ctype_b	.symtab	0x47cde0	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x43a3b0	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_tolower	.symtab	0x47d1a0	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x43b760	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_toupper	.symtab	0x47cdf0	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x43a6b0	768	OBJECT	<unknown>	DEFAULT	5
__DTOR_END__	.symtab	0x47c00c	0	OBJECT	<unknown>	DEFAULT	8
__DTOR_LIST__	.symtab	0x47c008	0	OBJECT	<unknown>	DEFAULT	8
__EH_FRAME_BEGIN__	.symtab	0x43bb8c	0	OBJECT	<unknown>	DEFAULT	6
__FRAME_END__	.symtab	0x43bb8c	0	OBJECT	<unknown>	DEFAULT	6
__GI___C_ctype_b	.symtab	0x47cde0	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_b_data	.symtab	0x43a3b0	768	OBJECT	<unknown>	HIDDEN	5
__GI___C_ctype_tolower	.symtab	0x47d1a0	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_tolower_data	.symtab	0x43b760	768	OBJECT	<unknown>	HIDDEN	5
__GI___C_ctype_toupper	.symtab	0x47cdf0	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_toupper_data	.symtab	0x43a6b0	768	OBJECT	<unknown>	HIDDEN	5
__GI___ctype_b	.symtab	0x47cde4	4	OBJECT	<unknown>	HIDDEN	11
__GI___ctype_tolower	.symtab	0x47d1a4	4	OBJECT	<unknown>	HIDDEN	11
__GI___ctype_toupper	.symtab	0x47cdf4	4	OBJECT	<unknown>	HIDDEN	11
__GI___errno_location	.symtab	0x413290	24	FUNC	<unknown>	HIDDEN	3
__GI___fgetc_unlocked	.symtab	0x41c090	388	FUNC	<unknown>	HIDDEN	3
__GI___glibc_strerror_r	.symtab	0x415fc0	68	FUNC	<unknown>	HIDDEN	3
__GI___h_errno_location	.symtab	0x41af40	24	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl	.symtab	0x4124b0	136	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl64	.symtab	0x412540	104	FUNC	<unknown>	HIDDEN	3
__GI___libc_open	.symtab	0x412a80	124	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_fini	.symtab	0x419ed0	196	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_init	.symtab	0x41a02c	140	FUNC	<unknown>	HIDDEN	3
__GI___xpg_strerror_r	.symtab	0x416010	392	FUNC	<unknown>	HIDDEN	3
__GI__exit	.symtab	0x4125b0	80	FUNC	<unknown>	HIDDEN	3
__GI_abort	.symtab	0x418c20	428	FUNC	<unknown>	HIDDEN	3
__GI_atoi	.symtab	0x4197b0	28	FUNC	<unknown>	HIDDEN	3
__GI_atol	.symtab	0x4197b0	28	FUNC	<unknown>	HIDDEN	3
__GI_bind	.symtab	0x417c40	84	FUNC	<unknown>	HIDDEN	3
__GI_brk	.symtab	0x41d8d0	112	FUNC	<unknown>	HIDDEN	3
__GI_close	.symtab	0x412660	84	FUNC	<unknown>	HIDDEN	3
__GI_closedir	.symtab	0x412ec0	292	FUNC	<unknown>	HIDDEN	3
__GI_connect	.symtab	0x417ca0	84	FUNC	<unknown>	HIDDEN	3
__GI_dup2	.symtab	0x4126c0	84	FUNC	<unknown>	HIDDEN	3
__GI_endprotoent	.symtab	0x4167c4	176	FUNC	<unknown>	HIDDEN	3
__GI_errno	.symtab	0x483af0	4	OBJECT	<unknown>	HIDDEN	14
__GI_execl	.symtab	0x419b30	204	FUNC	<unknown>	HIDDEN	3
__GI_execve	.symtab	0x41a5c0	84	FUNC	<unknown>	HIDDEN	3
__GI_exit	.symtab	0x419a40	236	FUNC	<unknown>	HIDDEN	3
__GI_fclose	.symtab	0x413320	512	FUNC	<unknown>	HIDDEN	3
__GI_fcntl	.symtab	0x4124b0	136	FUNC	<unknown>	HIDDEN	3
__GI_fcntl64	.symtab	0x412540	104	FUNC	<unknown>	HIDDEN	3
__GI_fflush_unlocked	.symtab	0x4153e0	628	FUNC	<unknown>	HIDDEN	3
__GI_fgetc_unlocked	.symtab	0x41c090	388	FUNC	<unknown>	HIDDEN	3
__GI_fgets	.symtab	0x415170	216	FUNC	<unknown>	HIDDEN	3
__GI_fgets_unlocked	.symtab	0x415660	268	FUNC	<unknown>	HIDDEN	3
__GI_fopen	.symtab	0x413520	28	FUNC	<unknown>	HIDDEN	3
__GI_fork	.symtab	0x412720	84	FUNC	<unknown>	HIDDEN	3
__GI_fprintf	.symtab	0x4135a0	72	FUNC	<unknown>	HIDDEN	3
__GI_fputs_unlocked	.symtab	0x415770	128	FUNC	<unknown>	HIDDEN	3
__GI_fseek	.symtab	0x41d9a0	68	FUNC	<unknown>	HIDDEN	3
__GI_fseeko64	.symtab	0x41d9f0	388	FUNC	<unknown>	HIDDEN	3
__GI_fstat	.symtab	0x41a620	140	FUNC	<unknown>	HIDDEN	3
__GI_fwrite_unlocked	.symtab	0x4157f0	280	FUNC	<unknown>	HIDDEN	3
__GI_getc_unlocked	.symtab	0x41c090	388	FUNC	<unknown>	HIDDEN	3
__GI_getdtablesize	.symtab	0x412780	72	FUNC	<unknown>	HIDDEN	3
__GI_getegid	.symtab	0x41a940	88	FUNC	<unknown>	HIDDEN	3
__GI_geteuid	.symtab	0x4127d0	88	FUNC	<unknown>	HIDDEN	3
__GI_getgid	.symtab	0x41a9a0	84	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname	.symtab	0x417760	116	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname_r	.symtab	0x4177e0	1108	FUNC	<unknown>	HIDDEN	3
__GI_getpid	.symtab	0x412830	84	FUNC	<unknown>	HIDDEN	3
__GI_getprotobyname_r	.symtab	0x416b1c	408	FUNC	<unknown>	HIDDEN	3
__GI_getprotobynumber_r	.symtab	0x41695c	332	FUNC	<unknown>	HIDDEN	3
__GI_getprotoent_r	.symtab	0x416480	732	FUNC	<unknown>	HIDDEN	3
__GI_getrlimit	.symtab	0x4128f0	84	FUNC	<unknown>	HIDDEN	3
__GI_getsockname	.symtab	0x417d00	84	FUNC	<unknown>	HIDDEN	3
__GI_gettimeofday	.symtab	0x412950	84	FUNC	<unknown>	HIDDEN	3
__GI_getuid	.symtab	0x41aa00	84	FUNC	<unknown>	HIDDEN	3
__GI_h_errno	.symtab	0x483af4	4	OBJECT	<unknown>	HIDDEN	14
__GI_inet_addr	.symtab	0x417710	72	FUNC	<unknown>	HIDDEN	3
__GI_inet_aton	.symtab	0x41c8d0	280	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntoa	.symtab	0x4176ec	32	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntoa_r	.symtab	0x417630	188	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntop	.symtab	0x4172d0	852	FUNC	<unknown>	HIDDEN	3
__GI_inet_pton	.symtab	0x416e20	700	FUNC	<unknown>	HIDDEN	3
__GI_initstate_r	.symtab	0x419420	328	FUNC	<unknown>	HIDDEN	3
__GI_ioctl	.symtab	0x4129b0	104	FUNC	<unknown>	HIDDEN	3
__GI_isatty	.symtab	0x4162a0	60	FUNC	<unknown>	HIDDEN	3
__GI_kill	.symtab	0x412a20	88	FUNC	<unknown>	HIDDEN	3
__GI_lseek64	.symtab	0x41aa60	164	FUNC	<unknown>	HIDDEN	3
__GI_memchr	.symtab	0x41c220	264	FUNC	<unknown>	HIDDEN	3
__GI_memcpy	.symtab	0x415910	308	FUNC	<unknown>	HIDDEN	3
__GI_memmove	.symtab	0x41c330	816	FUNC	<unknown>	HIDDEN	3
__GI_mempcpy	.symtab	0x41c660	76	FUNC	<unknown>	HIDDEN	3
__GI_memrchr	.symtab	0x41c6b0	272	FUNC	<unknown>	HIDDEN	3
__GI_memset	.symtab	0x415a50	144	FUNC	<unknown>	HIDDEN	3
__GI_nanosleep	.symtab	0x41ab10	84	FUNC	<unknown>	HIDDEN	3
__GI_open	.symtab	0x412a80	124	FUNC	<unknown>	HIDDEN	3
__GI_opendir	.symtab	0x412ff0	408	FUNC	<unknown>	HIDDEN	3
__GI_perror	.symtab	0x413540	84	FUNC	<unknown>	HIDDEN	3
__GI_pipe	.symtab	0x412470	64	FUNC	<unknown>	HIDDEN	3
__GI_poll	.symtab	0x41d940	84	FUNC	<unknown>	HIDDEN	3
__GI_raise	.symtab	0x41d850	76	FUNC	<unknown>	HIDDEN	3
__GI_random	.symtab	0x418df0	164	FUNC	<unknown>	HIDDEN	3
__GI_random_r	.symtab	0x4191fc	176	FUNC	<unknown>	HIDDEN	3
__GI_rawmemchr	.symtab	0x41df10	200	FUNC	<unknown>	HIDDEN	3
__GI_read	.symtab	0x412ba0	84	FUNC	<unknown>	HIDDEN	3
__GI_readdir	.symtab	0x413190	256	FUNC	<unknown>	HIDDEN	3
__GI_readlink	.symtab	0x412c00	84	FUNC	<unknown>	HIDDEN	3
__GI_recv	.symtab	0x417de0	84	FUNC	<unknown>	HIDDEN	3
__GI_recvfrom	.symtab	0x417e40	128	FUNC	<unknown>	HIDDEN	3
__GI_rewind	.symtab	0x41b100	192	FUNC	<unknown>	HIDDEN	3
__GI_sbrk	.symtab	0x41ab70	144	FUNC	<unknown>	HIDDEN	3
__GI_select	.symtab	0x412c60	120	FUNC	<unknown>	HIDDEN	3
__GI_send	.symtab	0x417ec0	84	FUNC	<unknown>	HIDDEN	3
__GI_sendto	.symtab	0x417f20	128	FUNC	<unknown>	HIDDEN	3
__GI_setprotoent	.symtab	0x416874	232	FUNC	<unknown>	HIDDEN	3
__GI_setsockopt	.symtab	0x417fa0	120	FUNC	<unknown>	HIDDEN	3
__GI_setstate_r	.symtab	0x4190c0	316	FUNC	<unknown>	HIDDEN	3
__GI_sigaction	.symtab	0x41a470	232	FUNC	<unknown>	HIDDEN	3
__GI_sigaddset	.symtab	0x418080	104	FUNC	<unknown>	HIDDEN	3
__GI_sigemptyset	.symtab	0x4180f0	60	FUNC	<unknown>	HIDDEN	3
__GI_signal	.symtab	0x418130	252	FUNC	<unknown>	HIDDEN	3
__GI_sigprocmask	.symtab	0x412ce0	148	FUNC	<unknown>	HIDDEN	3
__GI_sleep	.symtab	0x419c00	564	FUNC	<unknown>	HIDDEN	3
__GI_snprintf	.symtab	0x4135f0	68	FUNC	<unknown>	HIDDEN	3
__GI_socket	.symtab	0x418020	84	FUNC	<unknown>	HIDDEN	3
__GI_sprintf	.symtab	0x413640	80	FUNC	<unknown>	HIDDEN	3
__GI_srandom_r	.symtab	0x4192ac	372	FUNC	<unknown>	HIDDEN	3
__GI_strcasecmp	.symtab	0x41ea80	108	FUNC	<unknown>	HIDDEN	3
__GI_strcasestr	.symtab	0x4161e0	152	FUNC	<unknown>	HIDDEN	3
__GI_strchr	.symtab	0x415ae0	256	FUNC	<unknown>	HIDDEN	3
__GI_strcmp	.symtab	0x415be0	44	FUNC	<unknown>	HIDDEN	3
__GI_strcoll	.symtab	0x415be0	44	FUNC	<unknown>	HIDDEN	3
__GI_strcpy	.symtab	0x415c10	36	FUNC	<unknown>	HIDDEN	3
__GI_strdup	.symtab	0x41e0f0	144	FUNC	<unknown>	HIDDEN	3
__GI_strlen	.symtab	0x415c40	184	FUNC	<unknown>	HIDDEN	3
__GI_strncat	.symtab	0x41dfe0	180	FUNC	<unknown>	HIDDEN	3
__GI_strncpy	.symtab	0x415d00	188	FUNC	<unknown>	HIDDEN	3
__GI_strnlen	.symtab	0x415dc0	256	FUNC	<unknown>	HIDDEN	3
__GI_strpbrk	.symtab	0x41c890	64	FUNC	<unknown>	HIDDEN	3
__GI_strspn	.symtab	0x41e0a0	76	FUNC	<unknown>	HIDDEN	3
__GI_strstr	.symtab	0x415ec0	256	FUNC	<unknown>	HIDDEN	3
__GI_strtok	.symtab	0x416280	32	FUNC	<unknown>	HIDDEN	3
__GI_strtok_r	.symtab	0x41c7c0	204	FUNC	<unknown>	HIDDEN	3
__GI_strtol	.symtab	0x4197d0	28	FUNC	<unknown>	HIDDEN	3
__GI_tcgetattr	.symtab	0x4162e0	176	FUNC	<unknown>	HIDDEN	3
__GI_time	.symtab	0x412d80	84	FUNC	<unknown>	HIDDEN	3
__GI_times	.symtab	0x41ac00	84	FUNC	<unknown>	HIDDEN	3
__GI_tolower	.symtab	0x41af00	60	FUNC	<unknown>	HIDDEN	3
__GI_toupper	.symtab	0x412e80	60	FUNC	<unknown>	HIDDEN	3
__GI_vfork	.symtab	0x412de0	28	FUNC	<unknown>	HIDDEN	3
__GI_vfprintf	.symtab	0x413d80	260	FUNC	<unknown>	HIDDEN	3
__GI_vsnprintf	.symtab	0x413690	260	FUNC	<unknown>	HIDDEN	3
__GI_wait4	.symtab	0x41ac60	88	FUNC	<unknown>	HIDDEN	3
__GI_waitpid	.symtab	0x412e00	28	FUNC	<unknown>	HIDDEN	3
__GI_wcrtomb	.symtab	0x41af60	112	FUNC	<unknown>	HIDDEN	3
__GI_wcsnrtombs	.symtab	0x41b010	228	FUNC	<unknown>	HIDDEN	3
__GI_wcsrtombs	.symtab	0x41afd0	64	FUNC	<unknown>	HIDDEN	3
__GI_write	.symtab	0x412e20	84	FUNC	<unknown>	HIDDEN	3
__JCR_END__	.symtab	0x47c010	0	OBJECT	<unknown>	DEFAULT	9
__JCR_LIST__	.symtab	0x47c010	0	OBJECT	<unknown>	DEFAULT	9
__app_fini	.symtab	0x483adc	4	OBJECT	<unknown>	HIDDEN	14
__atexit_lock	.symtab	0x47d170	24	OBJECT	<unknown>	DEFAULT	11
__bsd_signal	.symtab	0x418130	252	FUNC	<unknown>	HIDDEN	3
__bss_start	.symtab	0x47d7e0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x419fa4	136	FUNC	<unknown>	DEFAULT	3
__ctype_b	.symtab	0x47cde4	4	OBJECT	<unknown>	DEFAULT	11
__ctype_tolower	.symtab	0x47d1a4	4	OBJECT	<unknown>	DEFAULT	11
__ctype_toupper	.symtab	0x47cdf4	4	OBJECT	<unknown>	DEFAULT	11
__curbrk	.symtab	0x483b20	4	OBJECT	<unknown>	HIDDEN	14
__data_start	.symtab	0x47c510	0	OBJECT	<unknown>	DEFAULT	11
__decode_answer	.symtab	0x41e480	340	FUNC	<unknown>	HIDDEN	3
__decode_dotted	.symtab	0x41ec10	340	FUNC	<unknown>	HIDDEN	3
__decode_header	.symtab	0x41e290	228	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x41c9f0	2568	FUNC	<unknown>	HIDDEN	3
__do_global_ctors_aux	.symtab	0x41edc0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x400160	0	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x47c4f0	0	OBJECT	<unknown>	HIDDEN	11
__encode_dotted	.symtab	0x41eaf0	280	FUNC	<unknown>	HIDDEN	3
__encode_header	.symtab	0x41e180	272	FUNC	<unknown>	HIDDEN	3
__encode_question	.symtab	0x41e380	172	FUNC	<unknown>	HIDDEN	3
__environ	.symtab	0x483ad4	4	OBJECT	<unknown>	DEFAULT	14
__errno_location	.symtab	0x413290	24	FUNC	<unknown>	DEFAULT	3
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x483ac0	4	OBJECT	<unknown>	HIDDEN	14
__fgetc_unlocked	.symtab	0x41c090	388	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x47c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x47c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x41d7e0	104	FUNC	<unknown>	HIDDEN	3
__getdents	.symtab	0x41a6b0	192	FUNC	<unknown>	HIDDEN	3
__getdents64	.symtab	0x41a770	456	FUNC	<unknown>	HIDDEN	3
__glibc_strerror_r	.symtab	0x415fc0	68	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x41af40	24	FUNC	<unknown>	DEFAULT	3
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__heap_alloc	.symtab	0x4188e0	188	FUNC	<unknown>	DEFAULT	3
__heap_alloc_at	.symtab	0x4189a0	184	FUNC	<unknown>	DEFAULT	3
__heap_free	.symtab	0x418aa8	364	FUNC	<unknown>	DEFAULT	3
__heap_link_free_area	.symtab	0x418a60	44	FUNC	<unknown>	DEFAULT	3
__heap_link_free_area_after	.symtab	0x418a8c	28	FUNC	<unknown>	DEFAULT	3
__init_array_end	.symtab	0x47c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x47c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__initbuf	.symtab	0x416410	112	FUNC	<unknown>	DEFAULT	3
__length_dotted	.symtab	0x41ed70	72	FUNC	<unknown>	HIDDEN	3
__length_question	.symtab	0x41e430	72	FUNC	<unknown>	HIDDEN	3
__libc_close	.symtab	0x412660	84	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x417ca0	84	FUNC	<unknown>	DEFAULT	3
__libc_creat	.symtab	0x412afc	28	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x4124b0	136	FUNC	<unknown>	DEFAULT	3
__libc_fcntl64	.symtab	0x412540	104	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x412720	84	FUNC	<unknown>	DEFAULT	3
__libc_getpid	.symtab	0x412830	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x41aa60	164	FUNC	<unknown>	DEFAULT	3
__libc_nanosleep	.symtab	0x41ab10	84	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x412a80	124	FUNC	<unknown>	DEFAULT	3
__libc_poll	.symtab	0x41d940	84	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x412ba0	84	FUNC	<unknown>	DEFAULT	3
__libc_recv	.symtab	0x417de0	84	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom	.symtab	0x417e40	128	FUNC	<unknown>	DEFAULT	3
__libc_select	.symtab	0x412c60	120	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x417ec0	84	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x417f20	128	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x41a470	232	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x483ad0	4	OBJECT	<unknown>	DEFAULT	14
__libc_system	.symtab	0x419570	568	FUNC	<unknown>	DEFAULT	3
__libc_waitpid	.symtab	0x412e00	28	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x412e20	84	FUNC	<unknown>	DEFAULT	3
__malloc_heap	.symtab	0x47d080	4	OBJECT	<unknown>	DEFAULT	11
__malloc_heap_lock	.symtab	0x483a90	24	OBJECT	<unknown>	DEFAULT	14
__malloc_sbrk_lock	.symtab	0x483d4c	24	OBJECT	<unknown>	DEFAULT	14
__nameserver	.symtab	0x483d74	12	OBJECT	<unknown>	HIDDEN	14
__nameservers	.symtab	0x47d800	4	OBJECT	<unknown>	HIDDEN	13
__open_etc_hosts	.symtab	0x41e5e0	108	FUNC	<unknown>	HIDDEN	3
__open_nameservers	.symtab	0x41d400	984	FUNC	<unknown>	HIDDEN	3
__pagesize	.symtab	0x483ad8	4	OBJECT	<unknown>	DEFAULT	14
__preinit_array_end	.symtab	0x47c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x47c000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x419f94	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_lock	.symtab	0x419f94	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_trylock	.symtab	0x419f94	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_unlock	.symtab	0x419f94	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_0	.symtab	0x419f94	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_void	.symtab	0x419f9c	8	FUNC	<unknown>	DEFAULT	3
__raise	.symtab	0x41d850	76	FUNC	<unknown>	HIDDEN	3
__read_etc_hosts_r	.symtab	0x41e64c	1076	FUNC	<unknown>	HIDDEN	3
__register_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__resolv_lock	.symtab	0x47d1c0	24	OBJECT	<unknown>	DEFAULT	11
__rtld_fini	.symtab	0x483ae0	4	OBJECT	<unknown>	HIDDEN	14
__searchdomain	.symtab	0x483d64	16	OBJECT	<unknown>	HIDDEN	14
__searchdomains	.symtab	0x47d804	4	OBJECT	<unknown>	HIDDEN	13
__sigaddset	.symtab	0x418258	44	FUNC	<unknown>	DEFAULT	3
__sigdelset	.symtab	0x418284	48	FUNC	<unknown>	DEFAULT	3
__sigismember	.symtab	0x418230	40	FUNC	<unknown>	DEFAULT	3
__start	.symtab	0x4002a0	100	FUNC	<unknown>	DEFAULT	3
__stdin	.symtab	0x47ce4c	4	OBJECT	<unknown>	DEFAULT	11
__stdio_READ	.symtab	0x41db80	140	FUNC	<unknown>	HIDDEN	3
__stdio_WRITE	.symtab	0x41b1c0	280	FUNC	<unknown>	HIDDEN	3
__stdio_adjust_position	.symtab	0x41dc10	320	FUNC	<unknown>	HIDDEN	3
__stdio_fwrite	.symtab	0x41b2e0	472	FUNC	<unknown>	HIDDEN	3
__stdio_init_mutex	.symtab	0x413bc8	32	FUNC	<unknown>	HIDDEN	3
__stdio_mutex_initializer.3833	.symtab	0x43a9c0	24	OBJECT	<unknown>	DEFAULT	5
__stdio_rfill	.symtab	0x41dd50	88	FUNC	<unknown>	HIDDEN	3
__stdio_seek	.symtab	0x41dea0	112	FUNC	<unknown>	HIDDEN	3
__stdio_trans2r_o	.symtab	0x41ddb0	228	FUNC	<unknown>	HIDDEN	3
__stdio_trans2w_o	.symtab	0x41b4c0	308	FUNC	<unknown>	HIDDEN	3
__stdio_wcommit	.symtab	0x413d10	100	FUNC	<unknown>	HIDDEN	3
__stdout	.symtab	0x47ce50	4	OBJECT	<unknown>	DEFAULT	11
__syscall_error	.symtab	0x41a420	72	FUNC	<unknown>	HIDDEN	3
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x41a560	84	FUNC	<unknown>	HIDDEN	3
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x419ed0	196	FUNC	<unknown>	DEFAULT	3
__uClibc_init	.symtab	0x41a02c	140	FUNC	<unknown>	DEFAULT	3
__uClibc_main	.symtab	0x41a0b8	864	FUNC	<unknown>	DEFAULT	3
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x47d190	4	OBJECT	<unknown>	HIDDEN	11
__vfork	.symtab	0x412de0	28	FUNC	<unknown>	HIDDEN	3
__xpg_strerror_r	.symtab	0x416010	392	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat64_conv	.symtab	0x41acc0	288	FUNC	<unknown>	HIDDEN	3
__xstat_conv	.symtab	0x41ade0	276	FUNC	<unknown>	HIDDEN	3
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x413e90	128	FUNC	<unknown>	DEFAULT	3
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x41d8a0	44	FUNC	<unknown>	DEFAULT	3
_dl_phdr	.symtab	0x47d808	4	OBJECT	<unknown>	DEFAULT	13
_dl_phnum	.symtab	0x47d80c	4	OBJECT	<unknown>	DEFAULT	13
_edata	.symtab	0x47d7e0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x483d80	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x483af0	4	OBJECT	<unknown>	DEFAULT	14
_exit	.symtab	0x4125b0	80	FUNC	<unknown>	DEFAULT	3
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fbss	.symtab	0x47d7e0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_fdata	.symtab	0x47c4f0	0	NOTYPE	<unknown>	DEFAULT	11
_fini	.symtab	0x41ee30	28	FUNC	<unknown>	DEFAULT	4
_fixed_buffers	.symtab	0x481868	8192	OBJECT	<unknown>	DEFAULT	14
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x413f10	228	FUNC	<unknown>	DEFAULT	3
_fpmaxtostr	.symtab	0x41b840	2120	FUNC	<unknown>	HIDDEN	3
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ftext	.symtab	0x400160	0	NOTYPE	<unknown>	DEFAULT	3
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_gp	.symtab	0x4851d0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_gp_disp	.symtab	0x0	0	OBJECT	<unknown>	DEFAULT	SHN_UNDEF
_h_errno	.symtab	0x483af4	4	OBJECT	<unknown>	DEFAULT	14
_init	.symtab	0x4000cc	28	FUNC	<unknown>	DEFAULT	2
_load_inttype	.symtab	0x41b600	136	FUNC	<unknown>	HIDDEN	3
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x4147a0	220	FUNC	<unknown>	HIDDEN	3
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x414b7c	1512	FUNC	<unknown>	HIDDEN	3
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x414880	100	FUNC	<unknown>	HIDDEN	3
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x4148f0	544	FUNC	<unknown>	HIDDEN	3
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x414b10	108	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_pop_restore	.symtab	0x419f9c	8	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_push_defer	.symtab	0x419f9c	8	FUNC	<unknown>	DEFAULT	3
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x483ccc	128	OBJECT	<unknown>	HIDDEN	14
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x4137a0	880	FUNC	<unknown>	HIDDEN	3
_stdio_init	.symtab	0x413b10	184	FUNC	<unknown>	HIDDEN	3
_stdio_openlist	.symtab	0x47ce54	4	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_add_lock	.symtab	0x47ce00	24	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_dec_use	.symtab	0x415250	400	FUNC	<unknown>	DEFAULT	3
_stdio_openlist_del_count	.symtab	0x481864	4	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_del_lock	.symtab	0x47ce18	24	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_use_count	.symtab	0x481860	4	OBJECT	<unknown>	DEFAULT	14
_stdio_streams	.symtab	0x47ce58	240	OBJECT	<unknown>	DEFAULT	11
_stdio_term	.symtab	0x413be8	284	FUNC	<unknown>	HIDDEN	3
_stdio_user_locking	.symtab	0x47ce30	4	OBJECT	<unknown>	DEFAULT	11
_stdlib_strto_l	.symtab	0x4197f0	592	FUNC	<unknown>	HIDDEN	3
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x41b690	68	FUNC	<unknown>	HIDDEN	3
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x43ab30	2934	OBJECT	<unknown>	HIDDEN	5
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x41b6e0	340	FUNC	<unknown>	HIDDEN	3
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x413ff4	1960	FUNC	<unknown>	HIDDEN	3
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x418c20	428	FUNC	<unknown>	DEFAULT	3
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x412600	84	FUNC	<unknown>	DEFAULT	3
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
acnc	.symtab	0x40a558	372	FUNC	<unknown>	DEFAULT	3
add_entry	.symtab	0x410ea4	200	FUNC	<unknown>	DEFAULT	3
atoi	.symtab	0x4197b0	28	FUNC	<unknown>	DEFAULT	3
atol	.symtab	0x4197b0	28	FUNC	<unknown>	DEFAULT	3
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attacks_vector_wabba_jack	.symtab	0x4060c4	1104	FUNC	<unknown>	DEFAULT	3
bcopy	.symtab	0x4161a0	32	FUNC	<unknown>	DEFAULT	3
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x483ab0	4	OBJECT	<unknown>	DEFAULT	14
been_there_done_that.2792	.symtab	0x483ae4	4	OBJECT	<unknown>	DEFAULT	14
bind	.symtab	0x417c40	84	FUNC	<unknown>	DEFAULT	3
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
blacklist	.symtab	0x47cd04	116	OBJECT	<unknown>	DEFAULT	11
brk	.symtab	0x41d8d0	112	FUNC	<unknown>	DEFAULT	3
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x418130	252	FUNC	<unknown>	DEFAULT	3
buf.2613	.symtab	0x4838a0	16	OBJECT	<unknown>	DEFAULT	14
buf.4833	.symtab	0x4838b0	460	OBJECT	<unknown>	DEFAULT	14
bzero	.symtab	0x4161c0	28	FUNC	<unknown>	DEFAULT	3
bzero.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
c	.symtab	0x47cdbc	4	OBJECT	<unknown>	DEFAULT	11
cal_chksum	.symtab	0x405c34	336	FUNC	<unknown>	DEFAULT	3
calloc	.symtab	0x4184b0	180	FUNC	<unknown>	DEFAULT	3
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x400310	268	FUNC	<unknown>	DEFAULT	3
checksum_tcp_udp	.symtab	0x40041c	572	FUNC	<unknown>	DEFAULT	3
checksum_tcpudp	.symtab	0x400658	572	FUNC	<unknown>	DEFAULT	3
cia_bp	.symtab	0x47cdb0	4	OBJECT	<unknown>	DEFAULT	11
clock	.symtab	0x4132b0	108	FUNC	<unknown>	DEFAULT	3
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x412660	84	FUNC	<unknown>	DEFAULT	3
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closedir	.symtab	0x412ec0	292	FUNC	<unknown>	DEFAULT	3
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.2296	.symtab	0x47d810	1	OBJECT	<unknown>	DEFAULT	14
connect	.symtab	0x417ca0	84	FUNC	<unknown>	DEFAULT	3
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x404818	828	FUNC	<unknown>	DEFAULT	3
creat	.symtab	0x412afc	28	FUNC	<unknown>	DEFAULT	3
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x404e78	460	FUNC	<unknown>	DEFAULT	3
data_start	.symtab	0x47c510	0	OBJECT	<unknown>	DEFAULT	11
decodea.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x4126c0	84	FUNC	<unknown>	DEFAULT	3
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
endprotoent	.symtab	0x4167c4	176	FUNC	<unknown>	DEFAULT	3
environ	.symtab	0x483ad4	4	OBJECT	<unknown>	DEFAULT	14
errno	.symtab	0x483af0	4	OBJECT	<unknown>	DEFAULT	14
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
estridx	.symtab	0x43aaa0	126	OBJECT	<unknown>	DEFAULT	5
execl	.symtab	0x419b30	204	FUNC	<unknown>	DEFAULT	3
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x41a5c0	84	FUNC	<unknown>	DEFAULT	3
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x419a40	236	FUNC	<unknown>	DEFAULT	3
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x43bab8	72	OBJECT	<unknown>	DEFAULT	5
fclose	.symtab	0x413320	512	FUNC	<unknown>	DEFAULT	3
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x4124b0	136	FUNC	<unknown>	DEFAULT	3
fcntl64	.symtab	0x412540	104	FUNC	<unknown>	DEFAULT	3
fd	.symtab	0x47d7e4	4	OBJECT	<unknown>	DEFAULT	13
fdgets	.symtab	0x403df8	292	FUNC	<unknown>	DEFAULT	3
fdopen_pids	.symtab	0x48184c	4	OBJECT	<unknown>	DEFAULT	14
fdpclose	.symtab	0x403b7c	636	FUNC	<unknown>	DEFAULT	3
fdpopen	.symtab	0x403708	1140	FUNC	<unknown>	DEFAULT	3
fflush_unlocked	.symtab	0x4153e0	628	FUNC	<unknown>	DEFAULT	3
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x41c090	388	FUNC	<unknown>	DEFAULT	3
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x415170	216	FUNC	<unknown>	DEFAULT	3
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x415660	268	FUNC	<unknown>	DEFAULT	3
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
findRandIP	.symtab	0x404dcc	172	FUNC	<unknown>	DEFAULT	3
fmt	.symtab	0x43baa0	20	OBJECT	<unknown>	DEFAULT	5
fopen	.symtab	0x413520	28	FUNC	<unknown>	DEFAULT	3
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x412720	84	FUNC	<unknown>	DEFAULT	3
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fprintf	.symtab	0x4135a0	72	FUNC	<unknown>	DEFAULT	3
fprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x415770	128	FUNC	<unknown>	DEFAULT	3
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x40021c	0	FUNC	<unknown>	DEFAULT	3
free	.symtab	0x418570	396	FUNC	<unknown>	DEFAULT	3
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x41d9a0	68	FUNC	<unknown>	DEFAULT	3
fseeko	.symtab	0x41d9a0	68	FUNC	<unknown>	DEFAULT	3
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x41d9f0	388	FUNC	<unknown>	DEFAULT	3
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x41a620	140	FUNC	<unknown>	DEFAULT	3
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x4157f0	280	FUNC	<unknown>	DEFAULT	3
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getArch	.symtab	0x40e828	56	FUNC	<unknown>	DEFAULT	3
getHost	.symtab	0x40425c	160	FUNC	<unknown>	DEFAULT	3
getOurIP	.symtab	0x40e4a8	896	FUNC	<unknown>	DEFAULT	3
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc_unlocked	.symtab	0x41c090	388	FUNC	<unknown>	DEFAULT	3
getdents.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x412780	72	FUNC	<unknown>	DEFAULT	3
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x41a940	88	FUNC	<unknown>	DEFAULT	3
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x4127d0	88	FUNC	<unknown>	DEFAULT	3
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x41a9a0	84	FUNC	<unknown>	DEFAULT	3
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x417760	116	FUNC	<unknown>	DEFAULT	3
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x4177e0	1108	FUNC	<unknown>	DEFAULT	3
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x412830	84	FUNC	<unknown>	DEFAULT	3
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x412890	84	FUNC	<unknown>	DEFAULT	3
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getproto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getprotobyname	.symtab	0x416cb4	116	FUNC	<unknown>	DEFAULT	3
getprotobyname_r	.symtab	0x416b1c	408	FUNC	<unknown>	DEFAULT	3
getprotobynumber	.symtab	0x416aa8	116	FUNC	<unknown>	DEFAULT	3
getprotobynumber_r	.symtab	0x41695c	332	FUNC	<unknown>	DEFAULT	3
getprotoent	.symtab	0x41675c	104	FUNC	<unknown>	DEFAULT	3
getprotoent_r	.symtab	0x416480	732	FUNC	<unknown>	DEFAULT	3
getrlimit	.symtab	0x4128f0	84	FUNC	<unknown>	DEFAULT	3
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x417d00	84	FUNC	<unknown>	DEFAULT	3
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x417d60	120	FUNC	<unknown>	DEFAULT	3
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gettimeofday	.symtab	0x412950	84	FUNC	<unknown>	DEFAULT	3
gettimeofday.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x41aa00	84	FUNC	<unknown>	DEFAULT	3
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h.4832	.symtab	0x483a7c	20	OBJECT	<unknown>	DEFAULT	14
h_errno	.symtab	0x483af4	4	OBJECT	<unknown>	DEFAULT	14
hacks	.symtab	0x47cda0	4	OBJECT	<unknown>	DEFAULT	11
hacks2	.symtab	0x47cda4	4	OBJECT	<unknown>	DEFAULT	11
hacks3	.symtab	0x47cda8	4	OBJECT	<unknown>	DEFAULT	11
hacks4	.symtab	0x47cdac	4	OBJECT	<unknown>	DEFAULT	11
heap_alloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_alloc_at.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
hextable	.symtab	0x41fff8	1024	OBJECT	<unknown>	DEFAULT	5
hlt	.symtab	0x4002fc	0	NOTYPE	<unknown>	DEFAULT	3
htonl	.symtab	0x4163d0	40	FUNC	<unknown>	DEFAULT	3
htons	.symtab	0x4163f8	24	FUNC	<unknown>	DEFAULT	3
i	.symtab	0x47d7e8	4	OBJECT	<unknown>	DEFAULT	13
i.4487	.symtab	0x47cdc0	4	OBJECT	<unknown>	DEFAULT	11
index	.symtab	0x415ae0	256	FUNC	<unknown>	DEFAULT	3
inet_addr	.symtab	0x417710	72	FUNC	<unknown>	DEFAULT	3
inet_aton	.symtab	0x41c8d0	280	FUNC	<unknown>	DEFAULT	3
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa	.symtab	0x4176ec	32	FUNC	<unknown>	DEFAULT	3
inet_ntoa.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa_r	.symtab	0x417630	188	FUNC	<unknown>	DEFAULT	3
inet_ntop	.symtab	0x4172d0	852	FUNC	<unknown>	DEFAULT	3
inet_ntop4	.symtab	0x4170dc	500	FUNC	<unknown>	DEFAULT	3
inet_pton	.symtab	0x416e20	700	FUNC	<unknown>	DEFAULT	3
inet_pton4	.symtab	0x416d30	240	FUNC	<unknown>	DEFAULT	3
initConnection	.symtab	0x40e1e4	708	FUNC	<unknown>	DEFAULT	3
init_rand	.symtab	0x4022c4	300	FUNC	<unknown>	DEFAULT	3
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initial_fa	.symtab	0x47cf70	264	OBJECT	<unknown>	DEFAULT	11
initstate	.symtab	0x418f44	208	FUNC	<unknown>	DEFAULT	3
initstate_r	.symtab	0x419420	328	FUNC	<unknown>	DEFAULT	3
ioctl	.symtab	0x4129b0	104	FUNC	<unknown>	DEFAULT	3
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x4162a0	60	FUNC	<unknown>	DEFAULT	3
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x412a20	88	FUNC	<unknown>	DEFAULT	3
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killdirectories	.symtab	0x47cd78	28	OBJECT	<unknown>	DEFAULT	11
killer.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_kill_by_port	.symtab	0x4013a0	3300	FUNC	<unknown>	DEFAULT	3
killer_status	.symtab	0x47d840	4	OBJECT	<unknown>	DEFAULT	14
killerinit	.symtab	0x400ea4	280	FUNC	<unknown>	DEFAULT	3
killerkillbyname	.symtab	0x400fbc	848	FUNC	<unknown>	DEFAULT	3
killerpid	.symtab	0x47d7ec	4	OBJECT	<unknown>	DEFAULT	13
lengthd.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/pipe.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x404b54	632	FUNC	<unknown>	DEFAULT	3
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lock_device	.symtab	0x400a24	1152	FUNC	<unknown>	DEFAULT	3
lseek64	.symtab	0x41aa60	164	FUNC	<unknown>	DEFAULT	3
macAddress	.symtab	0x47d844	6	OBJECT	<unknown>	DEFAULT	14
main	.symtab	0x40e860	3724	FUNC	<unknown>	DEFAULT	3
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
makeIPPacket	.symtab	0x4051a8	296	FUNC	<unknown>	DEFAULT	3
makeRandomStr	.symtab	0x4043a0	268	FUNC	<unknown>	DEFAULT	3
makevsepacket	.symtab	0x409a40	332	FUNC	<unknown>	DEFAULT	3
malloc	.symtab	0x4182c0	492	FUNC	<unknown>	DEFAULT	3
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x41c220	264	FUNC	<unknown>	DEFAULT	3
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x415910	308	FUNC	<unknown>	DEFAULT	3
memmove	.symtab	0x41c330	816	FUNC	<unknown>	DEFAULT	3
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x41c660	76	FUNC	<unknown>	DEFAULT	3
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x41c6b0	272	FUNC	<unknown>	DEFAULT	3
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x415a50	144	FUNC	<unknown>	DEFAULT	3
mylock	.symtab	0x47cf50	24	OBJECT	<unknown>	DEFAULT	11
mylock	.symtab	0x47d090	24	OBJECT	<unknown>	DEFAULT	11
mylock	.symtab	0x47d0b0	24	OBJECT	<unknown>	DEFAULT	11
mylock	.symtab	0x483b00	24	OBJECT	<unknown>	DEFAULT	14
nanosleep	.symtab	0x41ab10	84	FUNC	<unknown>	DEFAULT	3
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1065	.symtab	0x483870	4	OBJECT	<unknown>	DEFAULT	14
ngPid	.symtab	0x47d7f4	4	OBJECT	<unknown>	DEFAULT	13
ntohl	.symtab	0x416390	40	FUNC	<unknown>	DEFAULT	3
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x4163b8	24	FUNC	<unknown>	DEFAULT	3
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x47d838	8	OBJECT	<unknown>	DEFAULT	14
object.2349	.symtab	0x47d814	24	OBJECT	<unknown>	DEFAULT	14
open	.symtab	0x412a80	124	FUNC	<unknown>	DEFAULT	3
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
openandclose	.symtab	0x40130c	148	FUNC	<unknown>	DEFAULT	3
opendir	.symtab	0x412ff0	408	FUNC	<unknown>	DEFAULT	3
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x47d7f0	4	OBJECT	<unknown>	DEFAULT	13
p.2294	.symtab	0x47c500	0	OBJECT	<unknown>	DEFAULT	11
pack	.symtab	0x405f9c	296	FUNC	<unknown>	DEFAULT	3
parseHex	.symtab	0x403f1c	176	FUNC	<unknown>	DEFAULT	3
perror	.symtab	0x413540	84	FUNC	<unknown>	DEFAULT	3
perror.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pidPath	.symtab	0x483b30	100	OBJECT	<unknown>	DEFAULT	14
pids	.symtab	0x47d7fc	4	OBJECT	<unknown>	DEFAULT	13
pipe	.symtab	0x412470	64	FUNC	<unknown>	DEFAULT	3
poll	.symtab	0x41d940	84	FUNC	<unknown>	DEFAULT	3
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x412b20	120	FUNC	<unknown>	DEFAULT	3
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4045	.symtab	0x43a9f0	12	OBJECT	<unknown>	DEFAULT	5
print	.symtab	0x402f10	1456	FUNC	<unknown>	DEFAULT	3
printchar	.symtab	0x402984	184	FUNC	<unknown>	DEFAULT	3
printi	.symtab	0x402c78	664	FUNC	<unknown>	DEFAULT	3
prints	.symtab	0x402a3c	572	FUNC	<unknown>	DEFAULT	3
processCmd	.symtab	0x40a888	14684	FUNC	<unknown>	DEFAULT	3
proto	.symtab	0x483888	12	OBJECT	<unknown>	DEFAULT	14
proto_stayopen	.symtab	0x483894	4	OBJECT	<unknown>	DEFAULT	14
protof	.symtab	0x483884	4	OBJECT	<unknown>	DEFAULT	14
qual_chars.4050	.symtab	0x43aa10	20	OBJECT	<unknown>	DEFAULT	5
raise	.symtab	0x41d850	76	FUNC	<unknown>	DEFAULT	3
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x418dd0	28	FUNC	<unknown>	DEFAULT	3
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand__str	.symtab	0x40f90c	372	FUNC	<unknown>	DEFAULT	3
rand_alpha_str	.symtab	0x40fa80	300	FUNC	<unknown>	DEFAULT	3
rand_alphastr	.symtab	0x4027b4	464	FUNC	<unknown>	DEFAULT	3
rand_cmwc	.symtab	0x4025dc	472	FUNC	<unknown>	DEFAULT	3
rand_init	.symtab	0x40f6f0	248	FUNC	<unknown>	DEFAULT	3
rand_next	.symtab	0x40f7e8	292	FUNC	<unknown>	DEFAULT	3
random	.symtab	0x418df0	164	FUNC	<unknown>	DEFAULT	3
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x43b710	40	OBJECT	<unknown>	DEFAULT	5
random_r	.symtab	0x4191fc	176	FUNC	<unknown>	DEFAULT	3
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x47d0c8	128	OBJECT	<unknown>	DEFAULT	11
rawmemchr	.symtab	0x41df10	200	FUNC	<unknown>	DEFAULT	3
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x412ba0	84	FUNC	<unknown>	DEFAULT	3
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir	.symtab	0x413190	256	FUNC	<unknown>	DEFAULT	3
readdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readlink	.symtab	0x412c00	84	FUNC	<unknown>	DEFAULT	3
readlink.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x418700	472	FUNC	<unknown>	DEFAULT	3
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x417de0	84	FUNC	<unknown>	DEFAULT	3
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x4044ac	876	FUNC	<unknown>	DEFAULT	3
recvfrom	.symtab	0x417e40	128	FUNC	<unknown>	DEFAULT	3
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
report_kill	.symtab	0x4008a0	388	FUNC	<unknown>	DEFAULT	3
resolv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_domain_to_hostname	.symtab	0x40fbb0	360	FUNC	<unknown>	DEFAULT	3
resolv_entries_free	.symtab	0x410834	164	FUNC	<unknown>	DEFAULT	3
resolv_lookup	.symtab	0x40fe5c	2520	FUNC	<unknown>	DEFAULT	3
resolv_skip_name	.symtab	0x40fd18	324	FUNC	<unknown>	DEFAULT	3
rewind	.symtab	0x41b100	192	FUNC	<unknown>	DEFAULT	3
rewind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rtcp	.symtab	0x406e28	1740	FUNC	<unknown>	DEFAULT	3
sbrk	.symtab	0x41ab70	144	FUNC	<unknown>	DEFAULT	3
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x47d7f8	4	OBJECT	<unknown>	DEFAULT	13
select	.symtab	0x412c60	120	FUNC	<unknown>	DEFAULT	3
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x417ec0	84	FUNC	<unknown>	DEFAULT	3
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendSTD	.symtab	0x407d14	736	FUNC	<unknown>	DEFAULT	3
sendSYNACK	.symtab	0x4095ac	1172	FUNC	<unknown>	DEFAULT	3
sendZgo	.symtab	0x4074f4	720	FUNC	<unknown>	DEFAULT	3
sendto	.symtab	0x417f20	128	FUNC	<unknown>	DEFAULT	3
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setprotoent	.symtab	0x416874	232	FUNC	<unknown>	DEFAULT	3
setsockopt	.symtab	0x417fa0	120	FUNC	<unknown>	DEFAULT	3
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x418e94	176	FUNC	<unknown>	DEFAULT	3
setstate_r	.symtab	0x4190c0	316	FUNC	<unknown>	DEFAULT	3
sigaction	.symtab	0x41a470	232	FUNC	<unknown>	DEFAULT	3
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x418080	104	FUNC	<unknown>	DEFAULT	3
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x4180f0	60	FUNC	<unknown>	DEFAULT	3
signal	.symtab	0x418130	252	FUNC	<unknown>	DEFAULT	3
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x412ce0	148	FUNC	<unknown>	DEFAULT	3
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x419c00	564	FUNC	<unknown>	DEFAULT	3
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
snprintf	.symtab	0x4135f0	68	FUNC	<unknown>	DEFAULT	3
snprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
snype	.symtab	0x483b94	80	OBJECT	<unknown>	DEFAULT	14
socket	.symtab	0x418020	84	FUNC	<unknown>	DEFAULT	3
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x40a6cc	444	FUNC	<unknown>	DEFAULT	3
socket_connect_icmp	.symtab	0x405d84	536	FUNC	<unknown>	DEFAULT	3
sockprintf	.symtab	0x4035b0	344	FUNC	<unknown>	DEFAULT	3
spec_and_mask.4049	.symtab	0x43aa24	16	OBJECT	<unknown>	DEFAULT	5
spec_base.4044	.symtab	0x43a9fc	7	OBJECT	<unknown>	DEFAULT	5
spec_chars.4046	.symtab	0x43aa50	21	OBJECT	<unknown>	DEFAULT	5
spec_flags.4045	.symtab	0x43aa68	8	OBJECT	<unknown>	DEFAULT	5
spec_or_mask.4048	.symtab	0x43aa34	16	OBJECT	<unknown>	DEFAULT	5
spec_ranges.4047	.symtab	0x43aa44	9	OBJECT	<unknown>	DEFAULT	5
sprintf	.symtab	0x413640	80	FUNC	<unknown>	DEFAULT	3
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x419014	172	FUNC	<unknown>	DEFAULT	3
srandom	.symtab	0x419014	172	FUNC	<unknown>	DEFAULT	3
srandom_r	.symtab	0x4192ac	372	FUNC	<unknown>	DEFAULT	3
static_aliases	.symtab	0x483880	4	OBJECT	<unknown>	DEFAULT	14
static_id	.symtab	0x47d1b0	2	OBJECT	<unknown>	DEFAULT	11
static_ns	.symtab	0x483b18	4	OBJECT	<unknown>	DEFAULT	14
stderr	.symtab	0x47ce48	4	OBJECT	<unknown>	DEFAULT	11
stdin	.symtab	0x47ce40	4	OBJECT	<unknown>	DEFAULT	11
stdout	.symtab	0x47ce44	4	OBJECT	<unknown>	DEFAULT	11
strcasecmp	.symtab	0x41ea80	108	FUNC	<unknown>	DEFAULT	3
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcasestr	.symtab	0x4161e0	152	FUNC	<unknown>	DEFAULT	3
strcasestr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x415ae0	256	FUNC	<unknown>	DEFAULT	3
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x415be0	44	FUNC	<unknown>	DEFAULT	3
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcoll	.symtab	0x415be0	44	FUNC	<unknown>	DEFAULT	3
strcpy	.symtab	0x415c10	36	FUNC	<unknown>	DEFAULT	3
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strdup	.symtab	0x41e0f0	144	FUNC	<unknown>	DEFAULT	3
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x416010	392	FUNC	<unknown>	DEFAULT	3
strlen	.symtab	0x415c40	184	FUNC	<unknown>	DEFAULT	3
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncat	.symtab	0x41dfe0	180	FUNC	<unknown>	DEFAULT	3
strncat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x415d00	188	FUNC	<unknown>	DEFAULT	3
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x415dc0	256	FUNC	<unknown>	DEFAULT	3
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x41c890	64	FUNC	<unknown>	DEFAULT	3
strpbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x41e0a0	76	FUNC	<unknown>	DEFAULT	3
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x415ec0	256	FUNC	<unknown>	DEFAULT	3
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok	.symtab	0x416280	32	FUNC	<unknown>	DEFAULT	3
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x41c7c0	204	FUNC	<unknown>	DEFAULT	3
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x4197d0	28	FUNC	<unknown>	DEFAULT	3
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
system	.symtab	0x419570	568	FUNC	<unknown>	DEFAULT	3
system.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
szprintf	.symtab	0x403538	120	FUNC	<unknown>	DEFAULT	3
table	.symtab	0x483be4	232	OBJECT	<unknown>	DEFAULT	14
table.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table_init	.symtab	0x4108e0	1068	FUNC	<unknown>	DEFAULT	3
table_key	.symtab	0x47cdd0	4	OBJECT	<unknown>	DEFAULT	11
table_lock_val	.symtab	0x410d90	132	FUNC	<unknown>	DEFAULT	3
table_retrieve_val	.symtab	0x410e14	144	FUNC	<unknown>	DEFAULT	3
table_unlock_val	.symtab	0x410d0c	132	FUNC	<unknown>	DEFAULT	3
tcgetattr	.symtab	0x4162e0	176	FUNC	<unknown>	DEFAULT	3
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpFl00d	.symtab	0x406514	2324	FUNC	<unknown>	DEFAULT	3
tcpcsum	.symtab	0x405044	356	FUNC	<unknown>	DEFAULT	3
time	.symtab	0x412d80	84	FUNC	<unknown>	DEFAULT	3
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
times	.symtab	0x41ac00	84	FUNC	<unknown>	DEFAULT	3
times.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toggle_obf	.symtab	0x410f6c	552	FUNC	<unknown>	DEFAULT	3
tolower	.symtab	0x41af00	60	FUNC	<unknown>	DEFAULT	3
tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toupper	.symtab	0x412e80	60	FUNC	<unknown>	DEFAULT	3
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x4023f0	492	FUNC	<unknown>	DEFAULT	3
type_codes	.symtab	0x43aa70	24	OBJECT	<unknown>	DEFAULT	5
type_sizes	.symtab	0x43aa88	12	OBJECT	<unknown>	DEFAULT	5
udp_flood	.symtab	0x407a18	764	FUNC	<unknown>	DEFAULT	3
udpfl00d	.symtab	0x4052d0	2404	FUNC	<unknown>	DEFAULT	3
unknown.1088	.symtab	0x43ab20	14	OBJECT	<unknown>	DEFAULT	5
unsafe_state	.symtab	0x47d150	28	OBJECT	<unknown>	DEFAULT	11
uppercase	.symtab	0x4042fc	164	FUNC	<unknown>	DEFAULT	3
userID	.symtab	0x47cdb8	4	OBJECT	<unknown>	DEFAULT	11
usleep	.symtab	0x419e40	144	FUNC	<unknown>	DEFAULT	3
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_atoi	.symtab	0x4116c4	968	FUNC	<unknown>	DEFAULT	3
util_fdgets	.symtab	0x41214c	320	FUNC	<unknown>	DEFAULT	3
util_isalpha	.symtab	0x4122f4	144	FUNC	<unknown>	DEFAULT	3
util_isdigit	.symtab	0x412404	104	FUNC	<unknown>	DEFAULT	3
util_isspace	.symtab	0x412384	128	FUNC	<unknown>	DEFAULT	3
util_isupper	.symtab	0x41228c	104	FUNC	<unknown>	DEFAULT	3
util_itoa	.symtab	0x411a8c	572	FUNC	<unknown>	DEFAULT	3
util_local_addr	.symtab	0x411ff8	340	FUNC	<unknown>	DEFAULT	3
util_memcpy	.symtab	0x4115a8	164	FUNC	<unknown>	DEFAULT	3
util_memsearch	.symtab	0x411cc8	292	FUNC	<unknown>	DEFAULT	3
util_strcat	.symtab	0x411500	168	FUNC	<unknown>	DEFAULT	3
util_strcmp	.symtab	0x411354	288	FUNC	<unknown>	DEFAULT	3
util_strcpy	.symtab	0x411474	140	FUNC	<unknown>	DEFAULT	3
util_stristr	.symtab	0x411dec	524	FUNC	<unknown>	DEFAULT	3
util_strlen	.symtab	0x4111a0	116	FUNC	<unknown>	DEFAULT	3
util_strncmp	.symtab	0x411214	320	FUNC	<unknown>	DEFAULT	3
util_zero	.symtab	0x41164c	120	FUNC	<unknown>	DEFAULT	3
vfork	.symtab	0x412de0	28	FUNC	<unknown>	DEFAULT	3
vfork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vfprintf	.symtab	0x413d80	260	FUNC	<unknown>	DEFAULT	3
vfprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vseattack	.symtab	0x409b8c	2508	FUNC	<unknown>	DEFAULT	3
vsnprintf	.symtab	0x413690	260	FUNC	<unknown>	DEFAULT	3
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x48185c	4	OBJECT	<unknown>	DEFAULT	14
wait4	.symtab	0x41ac60	88	FUNC	<unknown>	DEFAULT	3
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x412e00	28	FUNC	<unknown>	DEFAULT	3
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
watchdog_maintain	.symtab	0x402090	564	FUNC	<unknown>	DEFAULT	3
watchdog_pid	.symtab	0x47d834	4	OBJECT	<unknown>	DEFAULT	14
wcrtomb	.symtab	0x41af60	112	FUNC	<unknown>	DEFAULT	3
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x41b010	228	FUNC	<unknown>	DEFAULT	3
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x41afd0	64	FUNC	<unknown>	DEFAULT	3
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
whitelist	.symtab	0x47c520	8	OBJECT	<unknown>	DEFAULT	11
wildString	.symtab	0x403fcc	656	FUNC	<unknown>	DEFAULT	3
write	.symtab	0x412e20	84	FUNC	<unknown>	DEFAULT	3
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
x	.symtab	0x481850	4	OBJECT	<unknown>	DEFAULT	14
xdigits.3043	.symtab	0x43b6e4	17	OBJECT	<unknown>	DEFAULT	5
xstatconv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
y	.symtab	0x481854	4	OBJECT	<unknown>	DEFAULT	14
z	.symtab	0x481858	4	OBJECT	<unknown>	DEFAULT	14
zprintf	.symtab	0x4034c0	120	FUNC	<unknown>	DEFAULT	3

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-08T23:58:01.700499+0100	2848448	ETPRO MALWARE Possible ELF/Various IoT Bot Style Device Checkin (unknown)	1	192.168.2.15	47660	154.216.20.70	6478	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 23:57:55.311634064 CET	39584	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.316495895 CET	7733	39584	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:55.316562891 CET	39584	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.322532892 CET	39584	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.324054003 CET	39584	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.327466011 CET	7733	39584	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:55.370440960 CET	7733	39584	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:55.695990086 CET	7733	39584	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:55.696060896 CET	39584	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.728817940 CET	39586	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.733609915 CET	7733	39586	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:55.734592915 CET	39586	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.753444910 CET	39586	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.757982016 CET	39586	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:57:55.758260965 CET	7733	39586	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:55.806514978 CET	7733	39586	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:56.110125065 CET	7733	39586	66.59.198.122	192.168.2.15
Jan 8, 2025 23:57:56.110196114 CET	39586	7733	192.168.2.15	66.59.198.122
Jan 8, 2025 23:58:01.690316916 CET	47660	6478	192.168.2.15	154.216.20.70
Jan 8, 2025 23:58:01.695171118 CET	6478	47660	154.216.20.70	192.168.2.15
Jan 8, 2025 23:58:01.695235968 CET	47660	6478	192.168.2.15	154.216.20.70
Jan 8, 2025 23:58:01.695683956 CET	47660	6478	192.168.2.15	154.216.20.70
Jan 8, 2025 23:58:01.700458050 CET	6478	47660	154.216.20.70	192.168.2.15
Jan 8, 2025 23:58:01.700499058 CET	47660	6478	192.168.2.15	154.216.20.70
Jan 8, 2025 23:58:01.705306053 CET	6478	47660	154.216.20.70	192.168.2.15

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 00:00:40.775338888 CET	57714	53	192.168.2.15	1.1.1.1
Jan 9, 2025 00:00:40.775393963 CET	41548	53	192.168.2.15	1.1.1.1
Jan 9, 2025 00:00:40.781919956 CET	53	41548	1.1.1.1	192.168.2.15
Jan 9, 2025 00:00:40.782197952 CET	53	57714	1.1.1.1	192.168.2.15

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 9, 2025 00:00:40.775338888 CET	192.168.2.15	1.1.1.1	0x2cab	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 00:00:40.775393963 CET	192.168.2.15	1.1.1.1	0x26e6	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 9, 2025 00:00:40.782197952 CET	1.1.1.1	192.168.2.15	0x2cab	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Jan 9, 2025 00:00:40.782197952 CET	1.1.1.1	192.168.2.15	0x2cab	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: mippywippy.elf PID: 5522, Parent PID: 5448

General

Start time (UTC):	22:57:52
Start date (UTC):	08/01/2025
Path:	/tmp/mippywippy.elf
Arguments:	/tmp/mippywippy.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	22:58:00
Start date (UTC):	08/01/2025
Path:	/tmp/mippywippy.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	22:58:00
Start date (UTC):	08/01/2025
Path:	/tmp/mippywippy.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	22:58:00
Start date (UTC):	08/01/2025
Path:	/tmp/mippywippy.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	22:57:54
Start date (UTC):	08/01/2025
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Start time (UTC):	22:57:54
Start date (UTC):	08/01/2025
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	22:57:54
Start date (UTC):	08/01/2025
Path:	/usr/libexec/gsd-rfkill
Arguments:	/usr/libexec/gsd-rfkill
File size:	51808 bytes
MD5 hash:	88a16a3c0aba1759358c06215ecfb5cc

Start time (UTC):	22:57:54
Start date (UTC):	08/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	22:57:54
Start date (UTC):	08/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	22:57:54
Start date (UTC):	08/01/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	22:57:54
Start date (UTC):	08/01/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	22:58:04
Start date (UTC):	08/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	22:58:04
Start date (UTC):	08/01/2025
Path:	/lib/systemd/systemd-user-runtime-dir
Arguments:	/lib/systemd/systemd-user-runtime-dir stop 127
File size:	22672 bytes
MD5 hash:	d55f4b0847f88131dbcfb07435178e54

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report mippywippy.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: mippywippy.elf PID: 5522, Parent PID: 5448

General

Chronological Activities

Analysis Process: mippywippy.elf PID: 5562, Parent PID: 5522

General

Chronological Activities

Analysis Process: mippywippy.elf PID: 5564, Parent PID: 5522

General

Chronological Activities

Analysis Process: mippywippy.elf PID: 5566, Parent PID: 5564

General

Chronological Activities

Analysis Process: gnome-session-binary PID: 5526, Parent PID: 1498

General

Chronological Activities

Linux Analysis Report
mippywippy.elf