Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ss.elf

Overview

General Information

Sample name:ss.elf
Analysis ID:1588278
MD5:571cf759d074ffb3ade51d8d72964416
SHA1:bf3d0db705b8deb7015e80ef0c7419aefa833dd8
SHA256:3173307bd4fb47b9bfff050f22be58fe2396e13f514d41b23f8f1922d5c7dd31
Tags:elfuser-abuse_ch
Infos:

Detection

Gafgyt
Score:88
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Gafgyt
Connects to many ports of the same IP (likely port scanning)
Contains symbols with names commonly found in malware
Machine Learning detection for sample
Opens /proc/net/* files useful for finding connected devices and routers
Detected TCP or UDP traffic on non-standard ports
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1588278
Start date and time:2025-01-10 23:24:34 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 3s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ss.elf
Detection:MAL
Classification:mal88.spre.troj.linELF@0/0@0/0

Runtime Messages

Command:/tmp/ss.elf
PID:6240
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

  • system is lnxubuntu20
  • ss.elf (PID: 6240, Parent: 6159, MD5: 571cf759d074ffb3ade51d8d72964416) Arguments: /tmp/ss.elf
    • ss.elf New Fork (PID: 6241, Parent: 6240)
    • ss.elf New Fork (PID: 6242, Parent: 6240)
      • ss.elf New Fork (PID: 6243, Parent: 6242)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ss.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    ss.elfLinux_Trojan_Gafgyt_c573932bunknownunknown
    • 0x93b:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
    ss.elfLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
    • 0xa541:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
    ss.elfLinux_Trojan_Gafgyt_6122acdfunknownunknown
    • 0x544:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
    ss.elfLinux_Trojan_Gafgyt_7167d08funknownunknown
    • 0x9d8:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6241.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Gafgyt_c573932bunknownunknown
    • 0x93b:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
    6241.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
    • 0xa541:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
    6241.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Gafgyt_6122acdfunknownunknown
    • 0x544:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
    6241.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Gafgyt_7167d08funknownunknown
    • 0x9d8:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
    6241.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
    • 0xa214:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
    Click to see the 10 entries

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T23:25:21.828266+010028394911Malware Command and Control Activity Detected192.168.2.234441889.33.192.13865487TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: ss.elfVirustotal: Detection: 59%Perma Link
    Source: ss.elfReversingLabs: Detection: 68%
    Machine Learning detection for sample
    Source: ss.elfJoe Sandbox ML: detected

    Spreading

    barindex
    Opens /proc/net/* files useful for finding connected devices and routers
    Source: /tmp/ss.elf (PID: 6240)Opens: /proc/net/routeJump to behavior

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2839491 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin M2 : 192.168.2.23:44418 -> 89.33.192.138:65487
    Connects to many ports of the same IP (likely port scanning)
    Source: global trafficTCP traffic: 89.33.192.138 ports 65487,4,5,6,7,8
    Source: global trafficTCP traffic: 192.168.2.23:44418 -> 89.33.192.138:65487
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownTCP traffic detected without corresponding DNS query: 89.33.192.138
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Contains symbols with names commonly found in malware
    Source: ELF static info symbol of initial sampleName: vseattack
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
    Source: ss.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
    Source: 6241.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
    Source: 6242.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
    Source: 6240.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: classification engineClassification label: mal88.spre.troj.linELF@0/0@0/0
    Source: ss.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crt1.S
    Source: ss.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crti.S
    Source: ss.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crtn.S
    Source: ss.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/mmap.S
    Source: ss.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/vfork.S

    Stealing of Sensitive Information

    barindex
    Yara detected Gafgyt
    Source: Yara matchFile source: ss.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Yara detected Gafgyt
    Source: Yara matchFile source: ss.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
    Remote System Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588278 Sample: ss.elf Startdate: 10/01/2025 Architecture: LINUX Score: 88 17 89.33.192.138, 44418, 65487 M247GB Romania 2->17 19 109.202.202.202, 80 INIT7CH Switzerland 2->19 21 2 other IPs or domains 2->21 23 Suricata IDS alerts for network traffic 2->23 25 Malicious sample detected (through community Yara rule) 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 4 other signatures 2->29 8 ss.elf 2->8         started        signatures3 process4 signatures5 31 Opens /proc/net/* files useful for finding connected devices and routers 8->31 11 ss.elf 8->11         started        13 ss.elf 8->13         started        process6 process7 15 ss.elf 11->15         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ss.elf59%VirustotalBrowse
    ss.elf68%ReversingLabsLinux.Trojan.LnxGafgyt
    ss.elf100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    89.33.192.138
    		unknownRomania
    		9009M247GBtrue
    109.202.202.202
    		unknownSwitzerland
    		13030INIT7CHfalse
    91.189.91.43
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse
    91.189.91.42
    		unknownUnited Kingdom
    		41231CANONICAL-ASGBfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    89.33.192.138ssd.elfGet hashmaliciousGafgytBrowse
      ssg.elfGet hashmaliciousGafgytBrowse
        ssy.elfGet hashmaliciousGafgytBrowse
          ssh.elfGet hashmaliciousGafgytBrowse
            ssc.elfGet hashmaliciousGafgytBrowse
              sst.elfGet hashmaliciousGafgytBrowse
                ssx.elfGet hashmaliciousGafgytBrowse
                  sss.elfGet hashmaliciousGafgytBrowse
                    ssi.elfGet hashmaliciousGafgytBrowse
                      sse.elfGet hashmaliciousGafgytBrowse
                        109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                        • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                        91.189.91.43boatnet.x86.elfGet hashmaliciousUnknownBrowse
                          Space.arm5.elfGet hashmaliciousUnknownBrowse
                            ssd.elfGet hashmaliciousGafgytBrowse
                              arm7.elfGet hashmaliciousMiraiBrowse
                                ssy.elfGet hashmaliciousGafgytBrowse
                                  UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                                    UnHAnaAW.sh4.elfGet hashmaliciousMiraiBrowse
                                      wrjkngh4.elfGet hashmaliciousUnknownBrowse
                                        fqkjei686.elfGet hashmaliciousUnknownBrowse
                                          ngwa5.elfGet hashmaliciousUnknownBrowse

                                            Domains

                                            No context

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CANONICAL-ASGBboatnet.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 185.125.190.26
                                            boatnet.x86.elfGet hashmaliciousUnknownBrowse
                                            • 91.189.91.42
                                            Space.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 91.189.91.42
                                            boatnet.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 185.125.190.26
                                            ssd.elfGet hashmaliciousGafgytBrowse
                                            • 91.189.91.42
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            ssy.elfGet hashmaliciousGafgytBrowse
                                            • 91.189.91.42
                                            ssh.elfGet hashmaliciousGafgytBrowse
                                            • 185.125.190.26
                                            UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            UnHAnaAW.arm7.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            CANONICAL-ASGBboatnet.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 185.125.190.26
                                            boatnet.x86.elfGet hashmaliciousUnknownBrowse
                                            • 91.189.91.42
                                            Space.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 91.189.91.42
                                            boatnet.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 185.125.190.26
                                            ssd.elfGet hashmaliciousGafgytBrowse
                                            • 91.189.91.42
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            ssy.elfGet hashmaliciousGafgytBrowse
                                            • 91.189.91.42
                                            ssh.elfGet hashmaliciousGafgytBrowse
                                            • 185.125.190.26
                                            UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            UnHAnaAW.arm7.elfGet hashmaliciousMiraiBrowse
                                            • 91.189.91.42
                                            M247GBssd.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            ssg.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            ssy.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            ssh.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            ssc.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 173.211.38.225
                                            sst.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            3.elfGet hashmaliciousUnknownBrowse
                                            • 38.202.83.251
                                            ssx.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            sss.elfGet hashmaliciousGafgytBrowse
                                            • 89.33.192.138
                                            INIT7CHboatnet.x86.elfGet hashmaliciousUnknownBrowse
                                            • 109.202.202.202
                                            Space.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 109.202.202.202
                                            ssd.elfGet hashmaliciousGafgytBrowse
                                            • 109.202.202.202
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            ssy.elfGet hashmaliciousGafgytBrowse
                                            • 109.202.202.202
                                            UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            UnHAnaAW.arm7.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            UnHAnaAW.sh4.elfGet hashmaliciousMiraiBrowse
                                            • 109.202.202.202
                                            wrjkngh4.elfGet hashmaliciousUnknownBrowse
                                            • 109.202.202.202
                                            fqkjei686.elfGet hashmaliciousUnknownBrowse
                                            • 109.202.202.202

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
                                            Entropy (8bit):6.356456575279746
                                            TrID:
                                            • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                            • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                            File name:ss.elf
                                            File size:96'221 bytes
                                            MD5:571cf759d074ffb3ade51d8d72964416
                                            SHA1:bf3d0db705b8deb7015e80ef0c7419aefa833dd8
                                            SHA256:3173307bd4fb47b9bfff050f22be58fe2396e13f514d41b23f8f1922d5c7dd31
                                            SHA512:bda9127534ba0a674e378538268cf3450d58aff27142685afdac146759479f0d2af4429110b3b41b4c5b22652840820453f775861a0a9f2df572ddbe63c106e6
                                            SSDEEP:1536:Ek0OQmh/c4jU4AJ3cEsMHHz5Dd38q2tBXrpEn9omJUeO7mnmmmioVcYRZLrn04i:Ek0OlfjUdVcRMVDdMqQBXrKJeHAmmmFA
                                            TLSH:5D932A12A780D673D14317B61297DF250132FD7E2A5B9E1AE3697CB49B3A0C4B222F5C
                                            File Content Preview:.ELF....................d...4...x.......4. ...(..........................................................j..........Q.td............................U..S.......w....h........[]...$.............U......=.....t..5....$......$.......u........t....h............

                                            Static ELF Info

                                            ELF header

                                            Class:ELF32
                                            Data:2's complement, little endian
                                            Version:1 (current)
                                            Machine:Intel 80386
                                            Version Number:0x1
                                            Type:EXEC (Executable file)
                                            OS/ABI:UNIX - System V
                                            ABI Version:0
                                            Entry Point Address:0x8048164
                                            Flags:0x0
                                            ELF Header Size:52
                                            Program Header Offset:52
                                            Program Header Size:32
                                            Number of Program Headers:3
                                            Section Header Offset:73592
                                            Section Header Size:40
                                            Number of Section Headers:16
                                            Header String Table Index:13

                                            Sections

                                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                            NULL0x00x00x00x00x0000
                                            .initPROGBITS0x80480940x940x1c0x00x6AX001
                                            .textPROGBITS0x80480b00xb00xdda80x00x6AX0016
                                            .finiPROGBITS0x8055e580xde580x170x00x6AX001
                                            .rodataPROGBITS0x8055e800xde800x2b400x00x2A0032
                                            .eh_framePROGBITS0x80589c00x109c00x40x00x2A004
                                            .ctorsPROGBITS0x80590000x110000x80x00x3WA004
                                            .dtorsPROGBITS0x80590080x110080x80x00x3WA004
                                            .jcrPROGBITS0x80590100x110100x40x00x3WA004
                                            .got.pltPROGBITS0x80590140x110140xc0x40x3WA004
                                            .dataPROGBITS0x80590200x110200x2e00x00x3WA0032
                                            .bssNOBITS0x80593000x113000x67e40x00x3WA0032
                                            .commentPROGBITS0x00x113000xc060x00x0001
                                            .shstrtabSTRTAB0x00x11f060x6f0x00x0001
                                            .symtabSYMTAB0x00x121f80x31400x100x0152784
                                            .strtabSTRTAB0x00x153380x24a50x00x0001

                                            Program Segments

                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                            LOAD0x00x80480000x80480000x109c40x109c46.52580x5R E0x1000.init .text .fini .rodata .eh_frame
                                            LOAD0x110000x80590000x80590000x3000x6ae43.50810x6RW 0x1000.ctors .dtors .jcr .got.plt .data .bss
                                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                            Symbols

                                            NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                            .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            .symtab0x80480940SECTION<unknown>DEFAULT1
                                            .symtab0x80480b00SECTION<unknown>DEFAULT2
                                            .symtab0x8055e580SECTION<unknown>DEFAULT3
                                            .symtab0x8055e800SECTION<unknown>DEFAULT4
                                            .symtab0x80589c00SECTION<unknown>DEFAULT5
                                            .symtab0x80590000SECTION<unknown>DEFAULT6
                                            .symtab0x80590080SECTION<unknown>DEFAULT7
                                            .symtab0x80590100SECTION<unknown>DEFAULT8
                                            .symtab0x80590140SECTION<unknown>DEFAULT9
                                            .symtab0x80590200SECTION<unknown>DEFAULT10
                                            .symtab0x80593000SECTION<unknown>DEFAULT11
                                            .symtab0x00SECTION<unknown>DEFAULT12
                                            .symtab0x00SECTION<unknown>DEFAULT13
                                            .symtab0x00SECTION<unknown>DEFAULT14
                                            .symtab0x00SECTION<unknown>DEFAULT15
                                            C.158.5855.symtab0x805686036OBJECT<unknown>DEFAULT4
                                            C.163.5901.symtab0x8056c0024OBJECT<unknown>DEFAULT4
                                            Hexed.symtab0x804a7b2320FUNC<unknown>DEFAULT2
                                            KHcommSOCK.symtab0x80593204OBJECT<unknown>DEFAULT11
                                            KHserverHACKER.symtab0x805905c4OBJECT<unknown>DEFAULT10
                                            LOCAL_ADDR.symtab0x805f5a84OBJECT<unknown>DEFAULT11
                                            Percocet_bp.symtab0x805903c4OBJECT<unknown>DEFAULT10
                                            Q.symtab0x805934016384OBJECT<unknown>DEFAULT11
                                            RSF.symtab0x804a8f2447FUNC<unknown>DEFAULT2
                                            SendHttpRand.symtab0x804b321482FUNC<unknown>DEFAULT2
                                            UDPBYPASS.symtab0x8049e04265FUNC<unknown>DEFAULT2
                                            UserAgents.symtab0x805905012OBJECT<unknown>DEFAULT10
                                            _GLOBAL_OFFSET_TABLE_.symtab0x80590140OBJECT<unknown>HIDDEN9
                                            _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __CTOR_END__.symtab0x80590040OBJECT<unknown>DEFAULT6
                                            __CTOR_LIST__.symtab0x80590000OBJECT<unknown>DEFAULT6
                                            __C_ctype_b.symtab0x80590704OBJECT<unknown>DEFAULT10
                                            __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __C_ctype_b_data.symtab0x8057080768OBJECT<unknown>DEFAULT4
                                            __C_ctype_tolower.symtab0x80592f84OBJECT<unknown>DEFAULT10
                                            __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __C_ctype_tolower_data.symtab0x80586c0768OBJECT<unknown>DEFAULT4
                                            __C_ctype_toupper.symtab0x80590784OBJECT<unknown>DEFAULT10
                                            __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __C_ctype_toupper_data.symtab0x8057380768OBJECT<unknown>DEFAULT4
                                            __DTOR_END__.symtab0x805900c0OBJECT<unknown>DEFAULT7
                                            __DTOR_LIST__.symtab0x80590080OBJECT<unknown>DEFAULT7
                                            __EH_FRAME_BEGIN__.symtab0x80589c00OBJECT<unknown>DEFAULT5
                                            __FRAME_END__.symtab0x80589c00OBJECT<unknown>DEFAULT5
                                            __GI___C_ctype_b.symtab0x80590704OBJECT<unknown>HIDDEN10
                                            __GI___C_ctype_b_data.symtab0x8057080768OBJECT<unknown>HIDDEN4
                                            __GI___C_ctype_tolower.symtab0x80592f84OBJECT<unknown>HIDDEN10
                                            __GI___C_ctype_tolower_data.symtab0x80586c0768OBJECT<unknown>HIDDEN4
                                            __GI___C_ctype_toupper.symtab0x80590784OBJECT<unknown>HIDDEN10
                                            __GI___C_ctype_toupper_data.symtab0x8057380768OBJECT<unknown>HIDDEN4
                                            __GI___ctype_b.symtab0x80590744OBJECT<unknown>HIDDEN10
                                            __GI___ctype_tolower.symtab0x80592fc4OBJECT<unknown>HIDDEN10
                                            __GI___ctype_toupper.symtab0x805907c4OBJECT<unknown>HIDDEN10
                                            __GI___errno_location.symtab0x804f6486FUNC<unknown>HIDDEN2
                                            __GI___fgetc_unlocked.symtab0x8055a9c220FUNC<unknown>HIDDEN2
                                            __GI___glibc_strerror_r.symtab0x80506b429FUNC<unknown>HIDDEN2
                                            __GI___h_errno_location.symtab0x8052f086FUNC<unknown>HIDDEN2
                                            __GI___libc_fcntl.symtab0x804f13887FUNC<unknown>HIDDEN2
                                            __GI___libc_fcntl64.symtab0x804f19063FUNC<unknown>HIDDEN2
                                            __GI___libc_open.symtab0x804f40075FUNC<unknown>HIDDEN2
                                            __GI___uClibc_fini.symtab0x80528b063FUNC<unknown>HIDDEN2
                                            __GI___uClibc_init.symtab0x805292764FUNC<unknown>HIDDEN2
                                            __GI___xpg_strerror_r.symtab0x80506d4183FUNC<unknown>HIDDEN2
                                            __GI__exit.symtab0x804f1d040FUNC<unknown>HIDDEN2
                                            __GI_abort.symtab0x8051ef8273FUNC<unknown>HIDDEN2
                                            __GI_atoi.symtab0x805239020FUNC<unknown>HIDDEN2
                                            __GI_atol.symtab0x805239020FUNC<unknown>HIDDEN2
                                            __GI_brk.symtab0x805456454FUNC<unknown>HIDDEN2
                                            __GI_clock_getres.symtab0x8052cac50FUNC<unknown>HIDDEN2
                                            __GI_close.symtab0x804f22c46FUNC<unknown>HIDDEN2
                                            __GI_connect.symtab0x8050c0443FUNC<unknown>HIDDEN2
                                            __GI_dup2.symtab0x804f25c50FUNC<unknown>HIDDEN2
                                            __GI_errno.symtab0x805f5804OBJECT<unknown>HIDDEN11
                                            __GI_execl.symtab0x8052540105FUNC<unknown>HIDDEN2
                                            __GI_execve.symtab0x8052ce054FUNC<unknown>HIDDEN2
                                            __GI_exit.symtab0x80524d8103FUNC<unknown>HIDDEN2
                                            __GI_fclose.symtab0x80545d4265FUNC<unknown>HIDDEN2
                                            __GI_fcntl.symtab0x804f13887FUNC<unknown>HIDDEN2
                                            __GI_fcntl64.symtab0x804f19063FUNC<unknown>HIDDEN2
                                            __GI_fflush_unlocked.symtab0x8054c4c321FUNC<unknown>HIDDEN2
                                            __GI_fgetc_unlocked.symtab0x8055a9c220FUNC<unknown>HIDDEN2
                                            __GI_fgets.symtab0x8054b0498FUNC<unknown>HIDDEN2
                                            __GI_fgets_unlocked.symtab0x8054d90105FUNC<unknown>HIDDEN2
                                            __GI_fopen.symtab0x80546e024FUNC<unknown>HIDDEN2
                                            __GI_fork.symtab0x804f29038FUNC<unknown>HIDDEN2
                                            __GI_fputs_unlocked.symtab0x805047051FUNC<unknown>HIDDEN2
                                            __GI_fseek.symtab0x80546f827FUNC<unknown>HIDDEN2
                                            __GI_fseeko64.symtab0x8054714227FUNC<unknown>HIDDEN2
                                            __GI_fwrite_unlocked.symtab0x80504a4116FUNC<unknown>HIDDEN2
                                            __GI_getc_unlocked.symtab0x8055a9c220FUNC<unknown>HIDDEN2
                                            __GI_getdtablesize.symtab0x804f2b837FUNC<unknown>HIDDEN2
                                            __GI_getegid.symtab0x8052d1838FUNC<unknown>HIDDEN2
                                            __GI_geteuid.symtab0x804f2e038FUNC<unknown>HIDDEN2
                                            __GI_getgid.symtab0x8052d4038FUNC<unknown>HIDDEN2
                                            __GI_gethostbyname.symtab0x80508a048FUNC<unknown>HIDDEN2
                                            __GI_gethostbyname_r.symtab0x80508d0818FUNC<unknown>HIDDEN2
                                            __GI_getpagesize.symtab0x8052d6819FUNC<unknown>HIDDEN2
                                            __GI_getpid.symtab0x804f30838FUNC<unknown>HIDDEN2
                                            __GI_getrlimit.symtab0x804f35850FUNC<unknown>HIDDEN2
                                            __GI_getsockname.symtab0x8050c3043FUNC<unknown>HIDDEN2
                                            __GI_getuid.symtab0x8052d7c38FUNC<unknown>HIDDEN2
                                            __GI_h_errno.symtab0x805f5844OBJECT<unknown>HIDDEN11
                                            __GI_inet_addr.symtab0x805087837FUNC<unknown>HIDDEN2
                                            __GI_inet_aton.symtab0x8053ae0148FUNC<unknown>HIDDEN2
                                            __GI_inet_ntop.symtab0x8055274462FUNC<unknown>HIDDEN2
                                            __GI_inet_pton.symtab0x8054fa2458FUNC<unknown>HIDDEN2
                                            __GI_initstate_r.symtab0x80522e2171FUNC<unknown>HIDDEN2
                                            __GI_ioctl.symtab0x804f38c63FUNC<unknown>HIDDEN2
                                            __GI_isatty.symtab0x80507c029FUNC<unknown>HIDDEN2
                                            __GI_kill.symtab0x804f3cc50FUNC<unknown>HIDDEN2
                                            __GI_lseek64.symtab0x8055a1c95FUNC<unknown>HIDDEN2
                                            __GI_memchr.symtab0x805393c35FUNC<unknown>HIDDEN2
                                            __GI_memcpy.symtab0x805051839FUNC<unknown>HIDDEN2
                                            __GI_memmove.symtab0x805396039FUNC<unknown>HIDDEN2
                                            __GI_mempcpy.symtab0x805398833FUNC<unknown>HIDDEN2
                                            __GI_memrchr.symtab0x80539ac176FUNC<unknown>HIDDEN2
                                            __GI_memset.symtab0x805054021FUNC<unknown>HIDDEN2
                                            __GI_mmap.symtab0x8052c2027FUNC<unknown>HIDDEN2
                                            __GI_mremap.symtab0x8052da463FUNC<unknown>HIDDEN2
                                            __GI_munmap.symtab0x8052de450FUNC<unknown>HIDDEN2
                                            __GI_nanosleep.symtab0x8052e1850FUNC<unknown>HIDDEN2
                                            __GI_open.symtab0x804f40075FUNC<unknown>HIDDEN2
                                            __GI_pipe.symtab0x804f46446FUNC<unknown>HIDDEN2
                                            __GI_poll.symtab0x805459c54FUNC<unknown>HIDDEN2
                                            __GI_raise.symtab0x805453824FUNC<unknown>HIDDEN2
                                            __GI_random.symtab0x805201472FUNC<unknown>HIDDEN2
                                            __GI_random_r.symtab0x80521ed95FUNC<unknown>HIDDEN2
                                            __GI_rawmemchr.symtab0x8054e4c99FUNC<unknown>HIDDEN2
                                            __GI_read.symtab0x804f4d454FUNC<unknown>HIDDEN2
                                            __GI_recv.symtab0x8050c9851FUNC<unknown>HIDDEN2
                                            __GI_recvfrom.symtab0x8050ccc67FUNC<unknown>HIDDEN2
                                            __GI_sbrk.symtab0x8052e4c78FUNC<unknown>HIDDEN2
                                            __GI_select.symtab0x804f50c63FUNC<unknown>HIDDEN2
                                            __GI_send.symtab0x8050d1051FUNC<unknown>HIDDEN2
                                            __GI_sendto.symtab0x8050d4467FUNC<unknown>HIDDEN2
                                            __GI_setsockopt.symtab0x8050d8859FUNC<unknown>HIDDEN2
                                            __GI_setstate_r.symtab0x8052154153FUNC<unknown>HIDDEN2
                                            __GI_sigaction.symtab0x8052b2f217FUNC<unknown>HIDDEN2
                                            __GI_sigaddset.symtab0x8050df042FUNC<unknown>HIDDEN2
                                            __GI_sigemptyset.symtab0x8050e1c25FUNC<unknown>HIDDEN2
                                            __GI_signal.symtab0x8050e38175FUNC<unknown>HIDDEN2
                                            __GI_sigprocmask.symtab0x804f54c85FUNC<unknown>HIDDEN2
                                            __GI_sleep.symtab0x80525ac393FUNC<unknown>HIDDEN2
                                            __GI_socket.symtab0x8050dc443FUNC<unknown>HIDDEN2
                                            __GI_sprintf.symtab0x804f67431FUNC<unknown>HIDDEN2
                                            __GI_srandom_r.symtab0x805224c150FUNC<unknown>HIDDEN2
                                            __GI_strcasecmp.symtab0x8055b7854FUNC<unknown>HIDDEN2
                                            __GI_strchr.symtab0x805055830FUNC<unknown>HIDDEN2
                                            __GI_strcmp.symtab0x8054dfc29FUNC<unknown>HIDDEN2
                                            __GI_strcoll.symtab0x8054dfc29FUNC<unknown>HIDDEN2
                                            __GI_strcpy.symtab0x805057827FUNC<unknown>HIDDEN2
                                            __GI_strdup.symtab0x8054ee454FUNC<unknown>HIDDEN2
                                            __GI_strlen.symtab0x805059419FUNC<unknown>HIDDEN2
                                            __GI_strncat.symtab0x8054e1c46FUNC<unknown>HIDDEN2
                                            __GI_strncpy.symtab0x80505a838FUNC<unknown>HIDDEN2
                                            __GI_strnlen.symtab0x80505d025FUNC<unknown>HIDDEN2
                                            __GI_strpbrk.symtab0x8053ab839FUNC<unknown>HIDDEN2
                                            __GI_strspn.symtab0x8054eb050FUNC<unknown>HIDDEN2
                                            __GI_strstr.symtab0x80505ec198FUNC<unknown>HIDDEN2
                                            __GI_strtok.symtab0x80507a425FUNC<unknown>HIDDEN2
                                            __GI_strtok_r.symtab0x8053a5c89FUNC<unknown>HIDDEN2
                                            __GI_strtol.symtab0x80523a426FUNC<unknown>HIDDEN2
                                            __GI_sysconf.symtab0x8052738325FUNC<unknown>HIDDEN2
                                            __GI_tcgetattr.symtab0x80507e0112FUNC<unknown>HIDDEN2
                                            __GI_time.symtab0x804f5a446FUNC<unknown>HIDDEN2
                                            __GI_times.symtab0x8052e9c46FUNC<unknown>HIDDEN2
                                            __GI_tolower.symtab0x8055a7c29FUNC<unknown>HIDDEN2
                                            __GI_toupper.symtab0x804f62829FUNC<unknown>HIDDEN2
                                            __GI_vfork.symtab0x804f12021FUNC<unknown>HIDDEN2
                                            __GI_vsnprintf.symtab0x804f694178FUNC<unknown>HIDDEN2
                                            __GI_wait4.symtab0x8052ecc59FUNC<unknown>HIDDEN2
                                            __GI_waitpid.symtab0x804f5d426FUNC<unknown>HIDDEN2
                                            __GI_wcrtomb.symtab0x8052f1068FUNC<unknown>HIDDEN2
                                            __GI_wcsnrtombs.symtab0x8052f74134FUNC<unknown>HIDDEN2
                                            __GI_wcsrtombs.symtab0x8052f5430FUNC<unknown>HIDDEN2
                                            __GI_write.symtab0x804f5f054FUNC<unknown>HIDDEN2
                                            __JCR_END__.symtab0x80590100OBJECT<unknown>DEFAULT8
                                            __JCR_LIST__.symtab0x80590100OBJECT<unknown>DEFAULT8
                                            __app_fini.symtab0x805f5744OBJECT<unknown>HIDDEN11
                                            __atexit_lock.symtab0x80592c024OBJECT<unknown>DEFAULT10
                                            __bsd_signal.symtab0x8050e38175FUNC<unknown>HIDDEN2
                                            __bss_start.symtab0x80593000NOTYPE<unknown>DEFAULTSHN_ABS
                                            __check_one_fd.symtab0x80528f352FUNC<unknown>DEFAULT2
                                            __ctype_b.symtab0x80590744OBJECT<unknown>DEFAULT10
                                            __ctype_tolower.symtab0x80592fc4OBJECT<unknown>DEFAULT10
                                            __ctype_toupper.symtab0x805907c4OBJECT<unknown>DEFAULT10
                                            __curbrk.symtab0x805f5a44OBJECT<unknown>HIDDEN11
                                            __data_start.symtab0x80590280NOTYPE<unknown>DEFAULT10
                                            __decode_answer.symtab0x8055618249FUNC<unknown>HIDDEN2
                                            __decode_dotted.symtab0x8055c40215FUNC<unknown>HIDDEN2
                                            __decode_header.symtab0x80554f8171FUNC<unknown>HIDDEN2
                                            __deregister_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            __dns_lookup.symtab0x8053b741876FUNC<unknown>HIDDEN2
                                            __do_global_ctors_aux.symtab0x8055e300FUNC<unknown>DEFAULT2
                                            __do_global_dtors_aux.symtab0x80480c00FUNC<unknown>DEFAULT2
                                            __dso_handle.symtab0x80590200OBJECT<unknown>HIDDEN10
                                            __encode_dotted.symtab0x8055bb0144FUNC<unknown>HIDDEN2
                                            __encode_header.symtab0x8055444177FUNC<unknown>HIDDEN2
                                            __encode_question.symtab0x80555a483FUNC<unknown>HIDDEN2
                                            __environ.symtab0x805f56c4OBJECT<unknown>DEFAULT11
                                            __errno_location.symtab0x804f6486FUNC<unknown>DEFAULT2
                                            __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __exit_cleanup.symtab0x805f5644OBJECT<unknown>HIDDEN11
                                            __fgetc_unlocked.symtab0x8055a9c220FUNC<unknown>DEFAULT2
                                            __fini_array_end.symtab0x80590000NOTYPE<unknown>HIDDENSHN_ABS
                                            __fini_array_start.symtab0x80590000NOTYPE<unknown>HIDDENSHN_ABS
                                            __get_hosts_byname_r.symtab0x805450c44FUNC<unknown>HIDDEN2
                                            __get_pc_thunk_bx.symtab0x80480b00FUNC<unknown>HIDDEN2
                                            __getpagesize.symtab0x8052d6819FUNC<unknown>DEFAULT2
                                            __glibc_strerror_r.symtab0x80506b429FUNC<unknown>DEFAULT2
                                            __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __h_errno_location.symtab0x8052f086FUNC<unknown>DEFAULT2
                                            __h_errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __init_array_end.symtab0x80590000NOTYPE<unknown>HIDDENSHN_ABS
                                            __init_array_start.symtab0x80590000NOTYPE<unknown>HIDDENSHN_ABS
                                            __length_dotted.symtab0x8055d1865FUNC<unknown>HIDDEN2
                                            __length_question.symtab0x80555f830FUNC<unknown>HIDDEN2
                                            __libc_close.symtab0x804f22c46FUNC<unknown>DEFAULT2
                                            __libc_connect.symtab0x8050c0443FUNC<unknown>DEFAULT2
                                            __libc_creat.symtab0x804f44b25FUNC<unknown>DEFAULT2
                                            __libc_fcntl.symtab0x804f13887FUNC<unknown>DEFAULT2
                                            __libc_fcntl64.symtab0x804f19063FUNC<unknown>DEFAULT2
                                            __libc_fork.symtab0x804f29038FUNC<unknown>DEFAULT2
                                            __libc_getpid.symtab0x804f30838FUNC<unknown>DEFAULT2
                                            __libc_lseek64.symtab0x8055a1c95FUNC<unknown>DEFAULT2
                                            __libc_nanosleep.symtab0x8052e1850FUNC<unknown>DEFAULT2
                                            __libc_open.symtab0x804f40075FUNC<unknown>DEFAULT2
                                            __libc_poll.symtab0x805459c54FUNC<unknown>DEFAULT2
                                            __libc_read.symtab0x804f4d454FUNC<unknown>DEFAULT2
                                            __libc_recv.symtab0x8050c9851FUNC<unknown>DEFAULT2
                                            __libc_recvfrom.symtab0x8050ccc67FUNC<unknown>DEFAULT2
                                            __libc_select.symtab0x804f50c63FUNC<unknown>DEFAULT2
                                            __libc_send.symtab0x8050d1051FUNC<unknown>DEFAULT2
                                            __libc_sendto.symtab0x8050d4467FUNC<unknown>DEFAULT2
                                            __libc_sigaction.symtab0x8052b2f217FUNC<unknown>DEFAULT2
                                            __libc_stack_end.symtab0x805f5684OBJECT<unknown>DEFAULT11
                                            __libc_waitpid.symtab0x804f5d426FUNC<unknown>DEFAULT2
                                            __libc_write.symtab0x804f5f054FUNC<unknown>DEFAULT2
                                            __malloc_consolidate.symtab0x8051b91424FUNC<unknown>HIDDEN2
                                            __malloc_largebin_index.symtab0x8050f4c38FUNC<unknown>DEFAULT2
                                            __malloc_lock.symtab0x80591d024OBJECT<unknown>DEFAULT10
                                            __malloc_state.symtab0x805f740888OBJECT<unknown>DEFAULT11
                                            __malloc_trim.symtab0x8051b04141FUNC<unknown>DEFAULT2
                                            __nameserver.symtab0x805fac812OBJECT<unknown>HIDDEN11
                                            __nameservers.symtab0x805fad44OBJECT<unknown>HIDDEN11
                                            __open_etc_hosts.symtab0x805571449FUNC<unknown>HIDDEN2
                                            __open_nameservers.symtab0x80542c8579FUNC<unknown>HIDDEN2
                                            __pagesize.symtab0x805f5704OBJECT<unknown>DEFAULT11
                                            __preinit_array_end.symtab0x80590000NOTYPE<unknown>HIDDENSHN_ABS
                                            __preinit_array_start.symtab0x80590000NOTYPE<unknown>HIDDENSHN_ABS
                                            __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            __pthread_mutex_init.symtab0x80528ef3FUNC<unknown>DEFAULT2
                                            __pthread_mutex_lock.symtab0x80528ef3FUNC<unknown>DEFAULT2
                                            __pthread_mutex_trylock.symtab0x80528ef3FUNC<unknown>DEFAULT2
                                            __pthread_mutex_unlock.symtab0x80528ef3FUNC<unknown>DEFAULT2
                                            __pthread_return_0.symtab0x80528ef3FUNC<unknown>DEFAULT2
                                            __pthread_return_void.symtab0x80528f21FUNC<unknown>DEFAULT2
                                            __raise.symtab0x805453824FUNC<unknown>HIDDEN2
                                            __read_etc_hosts_r.symtab0x8055745724FUNC<unknown>HIDDEN2
                                            __register_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            __resolv_lock.symtab0x80592e024OBJECT<unknown>DEFAULT10
                                            __restore.symtab0x8052b270NOTYPE<unknown>DEFAULT2
                                            __restore_rt.symtab0x8052b200NOTYPE<unknown>DEFAULT2
                                            __rtld_fini.symtab0x805f5784OBJECT<unknown>HIDDEN11
                                            __searchdomain.symtab0x805fab816OBJECT<unknown>HIDDEN11
                                            __searchdomains.symtab0x805fad84OBJECT<unknown>HIDDEN11
                                            __sigaddset.symtab0x8050f0c32FUNC<unknown>DEFAULT2
                                            __sigdelset.symtab0x8050f2c32FUNC<unknown>DEFAULT2
                                            __sigismember.symtab0x8050ee836FUNC<unknown>DEFAULT2
                                            __socketcall.symtab0x8052c3c50FUNC<unknown>HIDDEN2
                                            __socketcall.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __stdin.symtab0x805908c4OBJECT<unknown>DEFAULT10
                                            __stdio_READ.symtab0x8055d5c68FUNC<unknown>HIDDEN2
                                            __stdio_WRITE.symtab0x8052ffc126FUNC<unknown>HIDDEN2
                                            __stdio_adjust_position.symtab0x80547f8168FUNC<unknown>HIDDEN2
                                            __stdio_fwrite.symtab0x805307c240FUNC<unknown>HIDDEN2
                                            __stdio_init_mutex.symtab0x804f7a923FUNC<unknown>HIDDEN2
                                            __stdio_mutex_initializer.3991.symtab0x805768024OBJECT<unknown>DEFAULT4
                                            __stdio_rfill.symtab0x8055da040FUNC<unknown>HIDDEN2
                                            __stdio_seek.symtab0x8054ad051FUNC<unknown>HIDDEN2
                                            __stdio_trans2r_o.symtab0x8055dc8101FUNC<unknown>HIDDEN2
                                            __stdio_trans2w_o.symtab0x805316c158FUNC<unknown>HIDDEN2
                                            __stdio_wcommit.symtab0x804f84843FUNC<unknown>HIDDEN2
                                            __stdout.symtab0x80590904OBJECT<unknown>DEFAULT10
                                            __syscall_error.symtab0x8052c0821FUNC<unknown>HIDDEN2
                                            __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __syscall_fcntl64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __syscall_rt_sigaction.symtab0x8052c7059FUNC<unknown>HIDDEN2
                                            __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __uClibc_fini.symtab0x80528b063FUNC<unknown>DEFAULT2
                                            __uClibc_init.symtab0x805292764FUNC<unknown>DEFAULT2
                                            __uClibc_main.symtab0x8052967441FUNC<unknown>DEFAULT2
                                            __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __uclibc_progname.symtab0x80592d84OBJECT<unknown>HIDDEN10
                                            __vfork.symtab0x804f12021FUNC<unknown>HIDDEN2
                                            __xpg_strerror_r.symtab0x80506d4183FUNC<unknown>DEFAULT2
                                            __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _charpad.symtab0x804f87454FUNC<unknown>DEFAULT2
                                            _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _dl_aux_init.symtab0x805455018FUNC<unknown>DEFAULT2
                                            _dl_phdr.symtab0x805fadc4OBJECT<unknown>DEFAULT11
                                            _dl_phnum.symtab0x805fae04OBJECT<unknown>DEFAULT11
                                            _edata.symtab0x80593000NOTYPE<unknown>DEFAULTSHN_ABS
                                            _end.symtab0x805fae40NOTYPE<unknown>DEFAULTSHN_ABS
                                            _endswith.symtab0x804ee8d150FUNC<unknown>DEFAULT2
                                            _errno.symtab0x805f5804OBJECT<unknown>DEFAULT11
                                            _exit.symtab0x804f1d040FUNC<unknown>DEFAULT2
                                            _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _fini.symtab0x8055e583FUNC<unknown>DEFAULT3
                                            _fixed_buffers.symtab0x805d3608192OBJECT<unknown>DEFAULT11
                                            _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _fp_out_narrow.symtab0x804f8aa106FUNC<unknown>DEFAULT2
                                            _fpmaxtostr.symtab0x80533781476FUNC<unknown>HIDDEN2
                                            _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _h_errno.symtab0x805f5844OBJECT<unknown>DEFAULT11
                                            _init.symtab0x80480943FUNC<unknown>DEFAULT1
                                            _load_inttype.symtab0x805320c86FUNC<unknown>HIDDEN2
                                            _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _memcpy.symtab0x804ec8947FUNC<unknown>DEFAULT2
                                            _memmove.symtab0x804ecb8101FUNC<unknown>DEFAULT2
                                            _memset.symtab0x804ed1d42FUNC<unknown>DEFAULT2
                                            _ppfs_init.symtab0x804febc111FUNC<unknown>HIDDEN2
                                            _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _ppfs_parsespec.symtab0x80500a9966FUNC<unknown>HIDDEN2
                                            _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _ppfs_prepargs.symtab0x804ff2c66FUNC<unknown>HIDDEN2
                                            _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _ppfs_setargs.symtab0x804ff70271FUNC<unknown>HIDDEN2
                                            _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _promoted_size.symtab0x805008041FUNC<unknown>DEFAULT2
                                            _pthread_cleanup_pop_restore.symtab0x80528f21FUNC<unknown>DEFAULT2
                                            _pthread_cleanup_push_defer.symtab0x80528f21FUNC<unknown>DEFAULT2
                                            _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _sigintr.symtab0x805f6c0128OBJECT<unknown>HIDDEN11
                                            _start.symtab0x804816434FUNC<unknown>DEFAULT2
                                            _startswith.symtab0x804ee4e63FUNC<unknown>DEFAULT2
                                            _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _stdio_fopen.symtab0x80548a0559FUNC<unknown>HIDDEN2
                                            _stdio_init.symtab0x804f74897FUNC<unknown>HIDDEN2
                                            _stdio_openlist.symtab0x80590944OBJECT<unknown>DEFAULT10
                                            _stdio_openlist_add_lock.symtab0x805909824OBJECT<unknown>DEFAULT10
                                            _stdio_openlist_dec_use.symtab0x8054b68228FUNC<unknown>DEFAULT2
                                            _stdio_openlist_del_count.symtab0x805d3584OBJECT<unknown>DEFAULT11
                                            _stdio_openlist_del_lock.symtab0x80590b024OBJECT<unknown>DEFAULT10
                                            _stdio_openlist_use_count.symtab0x805d3544OBJECT<unknown>DEFAULT11
                                            _stdio_streams.symtab0x80590e0240OBJECT<unknown>DEFAULT10
                                            _stdio_term.symtab0x804f7c0136FUNC<unknown>HIDDEN2
                                            _stdio_user_locking.symtab0x80590c84OBJECT<unknown>DEFAULT10
                                            _stdlib_strto_l.symtab0x80523c0277FUNC<unknown>HIDDEN2
                                            _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _store_inttype.symtab0x805326461FUNC<unknown>HIDDEN2
                                            _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _strcat.symtab0x804ed7955FUNC<unknown>DEFAULT2
                                            _strcmp.symtab0x804ec1f106FUNC<unknown>DEFAULT2
                                            _strcpy.symtab0x804ed4750FUNC<unknown>DEFAULT2
                                            _strdup.symtab0x804edb054FUNC<unknown>DEFAULT2
                                            _string_syserrmsgs.symtab0x80577602906OBJECT<unknown>HIDDEN4
                                            _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _strlen.symtab0x804ebfe33FUNC<unknown>DEFAULT2
                                            _strstr.symtab0x804ede6104FUNC<unknown>DEFAULT2
                                            _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _uintmaxtostr.symtab0x80532a4209FUNC<unknown>HIDDEN2
                                            _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _vfprintf_internal.symtab0x804f9141448FUNC<unknown>HIDDEN2
                                            _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            abort.symtab0x8051ef8273FUNC<unknown>DEFAULT2
                                            abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            access.symtab0x804f1f850FUNC<unknown>DEFAULT2
                                            access.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            acnc.symtab0x804b19e162FUNC<unknown>DEFAULT2
                                            add_entry.symtab0x804e52689FUNC<unknown>DEFAULT2
                                            atoi.symtab0x805239020FUNC<unknown>DEFAULT2
                                            atol.symtab0x805239020FUNC<unknown>DEFAULT2
                                            atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            bcopy.symtab0x805078c21FUNC<unknown>DEFAULT2
                                            bcopy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            been_there_done_that.symtab0x805f5601OBJECT<unknown>DEFAULT11
                                            been_there_done_that.2832.symtab0x805f57c1OBJECT<unknown>DEFAULT11
                                            brk.symtab0x805456454FUNC<unknown>DEFAULT2
                                            brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            bsd_signal.symtab0x8050e38175FUNC<unknown>DEFAULT2
                                            buf.4993.symtab0x805f380460OBJECT<unknown>DEFAULT11
                                            c.symtab0x80590644OBJECT<unknown>DEFAULT10
                                            calloc.symtab0x80516e8244FUNC<unknown>DEFAULT2
                                            calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            checksum_generic.symtab0x804818897FUNC<unknown>DEFAULT2
                                            checksum_tcp_udp.symtab0x80481e9223FUNC<unknown>DEFAULT2
                                            checksum_tcpudp.symtab0x80482c8223FUNC<unknown>DEFAULT2
                                            clock.symtab0x804f65036FUNC<unknown>DEFAULT2
                                            clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            clock_getres.symtab0x8052cac50FUNC<unknown>DEFAULT2
                                            clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            close.symtab0x804f22c46FUNC<unknown>DEFAULT2
                                            close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            completed.2429.symtab0x80593001OBJECT<unknown>DEFAULT11
                                            connect.symtab0x8050c0443FUNC<unknown>DEFAULT2
                                            connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            connectTimeout.symtab0x8049471456FUNC<unknown>DEFAULT2
                                            creat.symtab0x804f44b25FUNC<unknown>DEFAULT2
                                            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            csum.symtab0x8049775168FUNC<unknown>DEFAULT2
                                            data_start.symtab0x80590280NOTYPE<unknown>DEFAULT10
                                            decodea.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            decoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            decodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            dnslookup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            dup2.symtab0x804f25c50FUNC<unknown>DEFAULT2
                                            dup2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            encoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            encodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            encodeq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            environ.symtab0x805f56c4OBJECT<unknown>DEFAULT11
                                            errno.symtab0x805f5804OBJECT<unknown>DEFAULT11
                                            errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            execl.symtab0x8052540105FUNC<unknown>DEFAULT2
                                            execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            execve.symtab0x8052ce054FUNC<unknown>DEFAULT2
                                            execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            exit.symtab0x80524d8103FUNC<unknown>DEFAULT2
                                            exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            exp10_table.symtab0x8058580156OBJECT<unknown>DEFAULT4
                                            fclose.symtab0x80545d4265FUNC<unknown>DEFAULT2
                                            fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fcntl.symtab0x804f13887FUNC<unknown>DEFAULT2
                                            fcntl64.symtab0x804f19063FUNC<unknown>DEFAULT2
                                            fdgets.symtab0x804902e104FUNC<unknown>DEFAULT2
                                            fdopen_pids.symtab0x805d3404OBJECT<unknown>DEFAULT11
                                            fdpclose.symtab0x8048eca356FUNC<unknown>DEFAULT2
                                            fdpopen.symtab0x8048cd4502FUNC<unknown>DEFAULT2
                                            fflush_unlocked.symtab0x8054c4c321FUNC<unknown>DEFAULT2
                                            fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fgetc_unlocked.symtab0x8055a9c220FUNC<unknown>DEFAULT2
                                            fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fgets.symtab0x8054b0498FUNC<unknown>DEFAULT2
                                            fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fgets_unlocked.symtab0x8054d90105FUNC<unknown>DEFAULT2
                                            fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            findRandIP.symtab0x804974548FUNC<unknown>DEFAULT2
                                            fmt.symtab0x805855c20OBJECT<unknown>DEFAULT4
                                            fopen.symtab0x80546e024FUNC<unknown>DEFAULT2
                                            fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fork.symtab0x804f29038FUNC<unknown>DEFAULT2
                                            fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fputs_unlocked.symtab0x805047051FUNC<unknown>DEFAULT2
                                            fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            frame_dummy.symtab0x80481100FUNC<unknown>DEFAULT2
                                            free.symtab0x8051d39412FUNC<unknown>DEFAULT2
                                            free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fseek.symtab0x80546f827FUNC<unknown>DEFAULT2
                                            fseeko.symtab0x80546f827FUNC<unknown>DEFAULT2
                                            fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fseeko64.symtab0x8054714227FUNC<unknown>DEFAULT2
                                            fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fwrite_unlocked.symtab0x80504a4116FUNC<unknown>DEFAULT2
                                            fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getBuild.symtab0x804d38d5FUNC<unknown>DEFAULT2
                                            getHost.symtab0x804921059FUNC<unknown>DEFAULT2
                                            getOurIP.symtab0x804d184521FUNC<unknown>DEFAULT2
                                            get_hosts_byname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getc_unlocked.symtab0x8055a9c220FUNC<unknown>DEFAULT2
                                            getdtablesize.symtab0x804f2b837FUNC<unknown>DEFAULT2
                                            getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getegid.symtab0x8052d1838FUNC<unknown>DEFAULT2
                                            getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            geteuid.symtab0x804f2e038FUNC<unknown>DEFAULT2
                                            geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getgid.symtab0x8052d4038FUNC<unknown>DEFAULT2
                                            getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gethostbyname.symtab0x80508a048FUNC<unknown>DEFAULT2
                                            gethostbyname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gethostbyname_r.symtab0x80508d0818FUNC<unknown>DEFAULT2
                                            gethostbyname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getpagesize.symtab0x8052d6819FUNC<unknown>DEFAULT2
                                            getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getpid.symtab0x804f30838FUNC<unknown>DEFAULT2
                                            getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getppid.symtab0x804f33038FUNC<unknown>DEFAULT2
                                            getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getrlimit.symtab0x804f35850FUNC<unknown>DEFAULT2
                                            getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getsockname.symtab0x8050c3043FUNC<unknown>DEFAULT2
                                            getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getsockopt.symtab0x8050c5c59FUNC<unknown>DEFAULT2
                                            getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getuid.symtab0x8052d7c38FUNC<unknown>DEFAULT2
                                            getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            h.4992.symtab0x805f54c20OBJECT<unknown>DEFAULT11
                                            h_errno.symtab0x805f5844OBJECT<unknown>DEFAULT11
                                            hacks.symtab0x805902c4OBJECT<unknown>DEFAULT10
                                            hacks2.symtab0x80590304OBJECT<unknown>DEFAULT10
                                            hacks3.symtab0x80590344OBJECT<unknown>DEFAULT10
                                            hacks4.symtab0x80590384OBJECT<unknown>DEFAULT10
                                            hextable.symtab0x80561601024OBJECT<unknown>DEFAULT4
                                            htonl.symtab0x805085c7FUNC<unknown>DEFAULT2
                                            htons.symtab0x805085012FUNC<unknown>DEFAULT2
                                            i.4564.symtab0x80590684OBJECT<unknown>DEFAULT10
                                            index.symtab0x805055830FUNC<unknown>DEFAULT2
                                            inet_addr.symtab0x805087837FUNC<unknown>DEFAULT2
                                            inet_aton.symtab0x8053ae0148FUNC<unknown>DEFAULT2
                                            inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            inet_ntop.symtab0x8055274462FUNC<unknown>DEFAULT2
                                            inet_ntop4.symtab0x805516c264FUNC<unknown>DEFAULT2
                                            inet_pton.symtab0x8054fa2458FUNC<unknown>DEFAULT2
                                            inet_pton4.symtab0x8054f1c134FUNC<unknown>DEFAULT2
                                            initConnection.symtab0x804d019363FUNC<unknown>DEFAULT2
                                            init_rand.symtab0x80484bd111FUNC<unknown>DEFAULT2
                                            initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            initstate.symtab0x80520b987FUNC<unknown>DEFAULT2
                                            initstate_r.symtab0x80522e2171FUNC<unknown>DEFAULT2
                                            ioctl.symtab0x804f38c63FUNC<unknown>DEFAULT2
                                            ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            isatty.symtab0x80507c029FUNC<unknown>DEFAULT2
                                            isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            kill.symtab0x804f3cc50FUNC<unknown>DEFAULT2
                                            kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            killer_status.symtab0x80593304OBJECT<unknown>DEFAULT11
                                            lengthd.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            lengthq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/i386/crt1.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/i386/crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/i386/crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/i386/mmap.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/i386/vfork.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            listFork.symtab0x8049639268FUNC<unknown>DEFAULT2
                                            llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            lseek64.symtab0x8055a1c95FUNC<unknown>DEFAULT2
                                            macAddress.symtab0x80593346OBJECT<unknown>DEFAULT11
                                            main.symtab0x804d3921752FUNC<unknown>DEFAULT2
                                            main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            makeIPPacket.symtab0x80498d8126FUNC<unknown>DEFAULT2
                                            makeRandomStr.symtab0x804927e103FUNC<unknown>DEFAULT2
                                            makevsepacket.symtab0x804ac2c141FUNC<unknown>DEFAULT2
                                            malloc.symtab0x8050f721908FUNC<unknown>DEFAULT2
                                            malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            malloc_trim.symtab0x8051ed534FUNC<unknown>DEFAULT2
                                            memchr.symtab0x805393c35FUNC<unknown>DEFAULT2
                                            memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            memcpy.symtab0x805051839FUNC<unknown>DEFAULT2
                                            memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            memmove.symtab0x805396039FUNC<unknown>DEFAULT2
                                            memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            mempcpy.symtab0x805398833FUNC<unknown>DEFAULT2
                                            mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            memrchr.symtab0x80539ac176FUNC<unknown>DEFAULT2
                                            memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            memset.symtab0x805054021FUNC<unknown>DEFAULT2
                                            memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            mmap.symtab0x8052c2027FUNC<unknown>DEFAULT2
                                            mremap.symtab0x8052da463FUNC<unknown>DEFAULT2
                                            mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            munmap.symtab0x8052de450FUNC<unknown>DEFAULT2
                                            munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            mylock.symtab0x80591e824OBJECT<unknown>DEFAULT10
                                            mylock.symtab0x805920024OBJECT<unknown>DEFAULT10
                                            mylock.symtab0x805f58824OBJECT<unknown>DEFAULT11
                                            nanosleep.symtab0x8052e1850FUNC<unknown>DEFAULT2
                                            nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            next_start.1109.symtab0x805f3604OBJECT<unknown>DEFAULT11
                                            ngPid.symtab0x805f5b04OBJECT<unknown>DEFAULT11
                                            ntohl.symtab0x805086f7FUNC<unknown>DEFAULT2
                                            ntohl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            ntohs.symtab0x805086312FUNC<unknown>DEFAULT2
                                            ntop.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            numpids.symtab0x80593288OBJECT<unknown>DEFAULT11
                                            object.2482.symtab0x805930424OBJECT<unknown>DEFAULT11
                                            open.symtab0x804f40075FUNC<unknown>DEFAULT2
                                            open.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            opennameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            ourIP.symtab0x805f5ac4OBJECT<unknown>DEFAULT11
                                            p.2427.symtab0x80590240OBJECT<unknown>DEFAULT10
                                            parseHex.symtab0x804909668FUNC<unknown>DEFAULT2
                                            pids.symtab0x805f5b84OBJECT<unknown>DEFAULT11
                                            pipe.symtab0x804f46446FUNC<unknown>DEFAULT2
                                            pipe.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            poll.symtab0x805459c54FUNC<unknown>DEFAULT2
                                            poll.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            prctl.symtab0x804f49463FUNC<unknown>DEFAULT2
                                            prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            prefix.4202.symtab0x80576a512OBJECT<unknown>DEFAULT4
                                            print.symtab0x804898d584FUNC<unknown>DEFAULT2
                                            printchar.symtab0x804875758FUNC<unknown>DEFAULT2
                                            printi.symtab0x8048868293FUNC<unknown>DEFAULT2
                                            prints.symtab0x8048791215FUNC<unknown>DEFAULT2
                                            processCmd.symtab0x804b5036934FUNC<unknown>DEFAULT2
                                            qual_chars.4208.symtab0x80576b820OBJECT<unknown>DEFAULT4
                                            raise.symtab0x805453824FUNC<unknown>DEFAULT2
                                            raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            rand.symtab0x805200c5FUNC<unknown>DEFAULT2
                                            rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            rand__str.symtab0x804db21115FUNC<unknown>DEFAULT2
                                            rand_alpha_str.symtab0x804db94114FUNC<unknown>DEFAULT2
                                            rand_alphastr.symtab0x80486b2165FUNC<unknown>DEFAULT2
                                            rand_cmwc.symtab0x80485f2192FUNC<unknown>DEFAULT2
                                            rand_init.symtab0x804da6c77FUNC<unknown>DEFAULT2
                                            rand_next.symtab0x804dab9104FUNC<unknown>DEFAULT2
                                            random.symtab0x805201472FUNC<unknown>DEFAULT2
                                            random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            random_poly_info.symtab0x80582c040OBJECT<unknown>DEFAULT4
                                            random_r.symtab0x80521ed95FUNC<unknown>DEFAULT2
                                            random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            randstrings.symtab0x805904016OBJECT<unknown>DEFAULT10
                                            randtbl.symtab0x8059240128OBJECT<unknown>DEFAULT10
                                            rawmemchr.symtab0x8054e4c99FUNC<unknown>DEFAULT2
                                            rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            read.symtab0x804f4d454FUNC<unknown>DEFAULT2
                                            read.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            read_etc_hosts_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            realloc.symtab0x80517dc808FUNC<unknown>DEFAULT2
                                            realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            recv.symtab0x8050c9851FUNC<unknown>DEFAULT2
                                            recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            recvLine.symtab0x80492e5396FUNC<unknown>DEFAULT2
                                            recvfrom.symtab0x8050ccc67FUNC<unknown>DEFAULT2
                                            recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            resolv_domain_to_hostname.symtab0x804dc08125FUNC<unknown>DEFAULT2
                                            resolv_entries_free.symtab0x804e27a56FUNC<unknown>DEFAULT2
                                            resolv_lookup.symtab0x804dd101386FUNC<unknown>DEFAULT2
                                            resolv_skip_name.symtab0x804dc85139FUNC<unknown>DEFAULT2
                                            rtcp.symtab0x804a458858FUNC<unknown>DEFAULT2
                                            sbrk.symtab0x8052e4c78FUNC<unknown>DEFAULT2
                                            sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            scanPid.symtab0x805f5b44OBJECT<unknown>DEFAULT11
                                            select.symtab0x804f50c63FUNC<unknown>DEFAULT2
                                            select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            send.symtab0x8050d1051FUNC<unknown>DEFAULT2
                                            send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sendSTD.symtab0x804aab1379FUNC<unknown>DEFAULT2
                                            sendto.symtab0x8050d4467FUNC<unknown>DEFAULT2
                                            sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            setsockopt.symtab0x8050d8859FUNC<unknown>DEFAULT2
                                            setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            setstate.symtab0x805205c93FUNC<unknown>DEFAULT2
                                            setstate_r.symtab0x8052154153FUNC<unknown>DEFAULT2
                                            sigaction.symtab0x8052b2f217FUNC<unknown>DEFAULT2
                                            sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sigaddset.symtab0x8050df042FUNC<unknown>DEFAULT2
                                            sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sigemptyset.symtab0x8050e1c25FUNC<unknown>DEFAULT2
                                            signal.symtab0x8050e38175FUNC<unknown>DEFAULT2
                                            signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sigprocmask.symtab0x804f54c85FUNC<unknown>DEFAULT2
                                            sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sleep.symtab0x80525ac393FUNC<unknown>DEFAULT2
                                            sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            socket.symtab0x8050dc443FUNC<unknown>DEFAULT2
                                            socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            socket_connect.symtab0x804b240225FUNC<unknown>DEFAULT2
                                            sockprintf.symtab0x8048c1b185FUNC<unknown>DEFAULT2
                                            spec_and_mask.4207.symtab0x80576cc16OBJECT<unknown>DEFAULT4
                                            spec_base.4201.symtab0x80576b17OBJECT<unknown>DEFAULT4
                                            spec_chars.4204.symtab0x80576f521OBJECT<unknown>DEFAULT4
                                            spec_flags.4203.symtab0x805770a8OBJECT<unknown>DEFAULT4
                                            spec_or_mask.4206.symtab0x80576dc16OBJECT<unknown>DEFAULT4
                                            spec_ranges.4205.symtab0x80576ec9OBJECT<unknown>DEFAULT4
                                            sprintf.symtab0x804f67431FUNC<unknown>DEFAULT2
                                            sprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            srand.symtab0x805211067FUNC<unknown>DEFAULT2
                                            srandom.symtab0x805211067FUNC<unknown>DEFAULT2
                                            srandom_r.symtab0x805224c150FUNC<unknown>DEFAULT2
                                            static_id.symtab0x80592dc2OBJECT<unknown>DEFAULT10
                                            static_ns.symtab0x805f5a04OBJECT<unknown>DEFAULT11
                                            stderr.symtab0x80590884OBJECT<unknown>DEFAULT10
                                            stdin.symtab0x80590804OBJECT<unknown>DEFAULT10
                                            stdout.symtab0x80590844OBJECT<unknown>DEFAULT10
                                            strcasecmp.symtab0x8055b7854FUNC<unknown>DEFAULT2
                                            strcasecmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strchr.symtab0x805055830FUNC<unknown>DEFAULT2
                                            strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strcmp.symtab0x8054dfc29FUNC<unknown>DEFAULT2
                                            strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strcoll.symtab0x8054dfc29FUNC<unknown>DEFAULT2
                                            strcpy.symtab0x805057827FUNC<unknown>DEFAULT2
                                            strcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strdup.symtab0x8054ee454FUNC<unknown>DEFAULT2
                                            strdup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strerror_r.symtab0x80506d4183FUNC<unknown>DEFAULT2
                                            strlen.symtab0x805059419FUNC<unknown>DEFAULT2
                                            strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strncat.symtab0x8054e1c46FUNC<unknown>DEFAULT2
                                            strncat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strncpy.symtab0x80505a838FUNC<unknown>DEFAULT2
                                            strncpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strnlen.symtab0x80505d025FUNC<unknown>DEFAULT2
                                            strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strpbrk.symtab0x8053ab839FUNC<unknown>DEFAULT2
                                            strpbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strspn.symtab0x8054eb050FUNC<unknown>DEFAULT2
                                            strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strstr.symtab0x80505ec198FUNC<unknown>DEFAULT2
                                            strstr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strtok.symtab0x80507a425FUNC<unknown>DEFAULT2
                                            strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strtok_r.symtab0x8053a5c89FUNC<unknown>DEFAULT2
                                            strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            strtol.symtab0x80523a426FUNC<unknown>DEFAULT2
                                            strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            sysconf.symtab0x8052738325FUNC<unknown>DEFAULT2
                                            sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            szprintf.symtab0x8048bf736FUNC<unknown>DEFAULT2
                                            table.symtab0x805f5c0232OBJECT<unknown>DEFAULT11
                                            table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            table_init.symtab0x804e2b4468FUNC<unknown>DEFAULT2
                                            table_key.symtab0x805906c4OBJECT<unknown>DEFAULT10
                                            table_lock_val.symtab0x804e4bd53FUNC<unknown>DEFAULT2
                                            table_retrieve_val.symtab0x804e4f252FUNC<unknown>DEFAULT2
                                            table_unlock_val.symtab0x804e48853FUNC<unknown>DEFAULT2
                                            tcgetattr.symtab0x80507e0112FUNC<unknown>DEFAULT2
                                            tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            tcpFl00d.symtab0x8049f0d1355FUNC<unknown>DEFAULT2
                                            tcpcsum.symtab0x804981d187FUNC<unknown>DEFAULT2
                                            time.symtab0x804f5a446FUNC<unknown>DEFAULT2
                                            time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            times.symtab0x8052e9c46FUNC<unknown>DEFAULT2
                                            times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            toggle_obf.symtab0x804e57f237FUNC<unknown>DEFAULT2
                                            tolower.symtab0x8055a7c29FUNC<unknown>DEFAULT2
                                            tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            toupper.symtab0x804f62829FUNC<unknown>DEFAULT2
                                            toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            trim.symtab0x804852c198FUNC<unknown>DEFAULT2
                                            type_codes.symtab0x805771224OBJECT<unknown>DEFAULT4
                                            type_sizes.symtab0x805772a12OBJECT<unknown>DEFAULT4
                                            udpfl00d.symtab0x80499561198FUNC<unknown>DEFAULT2
                                            unknown.1161.symtab0x805773614OBJECT<unknown>DEFAULT4
                                            unsafe_state.symtab0x805921828OBJECT<unknown>DEFAULT10
                                            uppercase.symtab0x804924b51FUNC<unknown>DEFAULT2
                                            userID.symtab0x80590604OBJECT<unknown>DEFAULT10
                                            usleep.symtab0x805288048FUNC<unknown>DEFAULT2
                                            usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            util_atoi.symtab0x804e81c424FUNC<unknown>DEFAULT2
                                            util_fdgets.symtab0x804efd4126FUNC<unknown>DEFAULT2
                                            util_isalpha.symtab0x804f07f57FUNC<unknown>DEFAULT2
                                            util_isdigit.symtab0x804f0f145FUNC<unknown>DEFAULT2
                                            util_isspace.symtab0x804f0b857FUNC<unknown>DEFAULT2
                                            util_isupper.symtab0x804f05245FUNC<unknown>DEFAULT2
                                            util_itoa.symtab0x804e9c4253FUNC<unknown>DEFAULT2
                                            util_local_addr.symtab0x804ef23177FUNC<unknown>DEFAULT2
                                            util_memcpy.symtab0x804e7cb47FUNC<unknown>DEFAULT2
                                            util_memsearch.symtab0x804eac1116FUNC<unknown>DEFAULT2
                                            util_strcat.symtab0x804e79f44FUNC<unknown>DEFAULT2
                                            util_strcmp.symtab0x804e706106FUNC<unknown>DEFAULT2
                                            util_strcpy.symtab0x804e77047FUNC<unknown>DEFAULT2
                                            util_stristr.symtab0x804eb35201FUNC<unknown>DEFAULT2
                                            util_strlen.symtab0x804e66c40FUNC<unknown>DEFAULT2
                                            util_strncmp.symtab0x804e694114FUNC<unknown>DEFAULT2
                                            util_zero.symtab0x804e7fa34FUNC<unknown>DEFAULT2
                                            vfork.symtab0x804f12021FUNC<unknown>DEFAULT2
                                            vseattack.symtab0x804acb91253FUNC<unknown>DEFAULT2
                                            vsnprintf.symtab0x804f694178FUNC<unknown>DEFAULT2
                                            vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            w.symtab0x805d3504OBJECT<unknown>DEFAULT11
                                            wait4.symtab0x8052ecc59FUNC<unknown>DEFAULT2
                                            wait4.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            waitpid.symtab0x804f5d426FUNC<unknown>DEFAULT2
                                            waitpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            watchdog_maintain.symtab0x80483a8277FUNC<unknown>DEFAULT2
                                            watchdog_pid.symtab0x80593244OBJECT<unknown>DEFAULT11
                                            wcrtomb.symtab0x8052f1068FUNC<unknown>DEFAULT2
                                            wcrtomb.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            wcsnrtombs.symtab0x8052f74134FUNC<unknown>DEFAULT2
                                            wcsnrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            wcsrtombs.symtab0x8052f5430FUNC<unknown>DEFAULT2
                                            wcsrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            wildString.symtab0x80490da310FUNC<unknown>DEFAULT2
                                            write.symtab0x804f5f054FUNC<unknown>DEFAULT2
                                            write.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            x.symtab0x805d3444OBJECT<unknown>DEFAULT11
                                            xdigits.3116.symtab0x805867417OBJECT<unknown>DEFAULT4
                                            y.symtab0x805d3484OBJECT<unknown>DEFAULT11
                                            z.symtab0x805d34c4OBJECT<unknown>DEFAULT11
                                            zprintf.symtab0x8048bd534FUNC<unknown>DEFAULT2

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-01-10T23:25:21.828266+01002839491ETPRO MALWARE ELF/BASHLITE Variant CnC Checkin M21192.168.2.234441889.33.192.13865487TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 10, 2025 23:25:20.646573067 CET43928443192.168.2.2391.189.91.42
                                            Jan 10, 2025 23:25:21.823235989 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:25:21.828161955 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:25:21.828213930 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:25:21.828265905 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:25:21.833004951 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:25:26.020824909 CET42836443192.168.2.2391.189.91.43
                                            Jan 10, 2025 23:25:26.788775921 CET4251680192.168.2.23109.202.202.202
                                            Jan 10, 2025 23:25:41.378813028 CET43928443192.168.2.2391.189.91.42
                                            Jan 10, 2025 23:25:51.617364883 CET42836443192.168.2.2391.189.91.43
                                            Jan 10, 2025 23:25:56.919481993 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:25:56.919730902 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:25:57.046700001 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:25:57.046852112 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:25:57.760520935 CET4251680192.168.2.23109.202.202.202
                                            Jan 10, 2025 23:26:22.332973003 CET43928443192.168.2.2391.189.91.42
                                            Jan 10, 2025 23:26:42.810233116 CET42836443192.168.2.2391.189.91.43
                                            Jan 10, 2025 23:26:56.920830011 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:26:56.921345949 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:26:58.870090961 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:26:58.870500088 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:27:56.922568083 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:27:56.922775030 CET4441865487192.168.2.2389.33.192.138
                                            Jan 10, 2025 23:27:57.027298927 CET654874441889.33.192.138192.168.2.23
                                            Jan 10, 2025 23:27:57.027434111 CET4441865487192.168.2.2389.33.192.138

                                            System Behavior

                                            General

                                            Start time (UTC):22:25:20
                                            Start date (UTC):10/01/2025
                                            Path:/tmp/ss.elf
                                            Arguments:/tmp/ss.elf
                                            File size:96221 bytes
                                            MD5 hash:571cf759d074ffb3ade51d8d72964416

                                            Chronological Activities


                                            General

                                            Start time (UTC):22:25:20
                                            Start date (UTC):10/01/2025
                                            Path:/tmp/ss.elf
                                            Arguments:-
                                            File size:96221 bytes
                                            MD5 hash:571cf759d074ffb3ade51d8d72964416

                                            Chronological Activities


                                            General

                                            Start time (UTC):22:25:20
                                            Start date (UTC):10/01/2025
                                            Path:/tmp/ss.elf
                                            Arguments:-
                                            File size:96221 bytes
                                            MD5 hash:571cf759d074ffb3ade51d8d72964416

                                            Chronological Activities


                                            General

                                            Start time (UTC):22:25:20
                                            Start date (UTC):10/01/2025
                                            Path:/tmp/ss.elf
                                            Arguments:-
                                            File size:96221 bytes
                                            MD5 hash:571cf759d074ffb3ade51d8d72964416