Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
sh4.elf

Overview

General Information

Sample name:sh4.elf
Analysis ID:1644171
MD5:a90e2c23340a23253197818ea9a12830
SHA1:64eb178cf030f73c746494fd81e82bbd38aacd0f
SHA256:fb4865448b86213dcbea78542950ec2c0e63a0217ded139de81a9c13826e4b92
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Contains symbols with names commonly found in malware
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample and/or dropped files contains symbols with suspicious names
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1644171
Start date and time:2025-03-20 12:25:12 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 24s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sh4.elf
Detection:MAL
Classification:mal76.troj.linELF@0/0@1/0

Runtime Messages

Command:/tmp/sh4.elf
PID:5521
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
srolangvan.com
Standard Error:

Process Tree

  • system is lnxubuntu20
  • sh4.elf (PID: 5521, Parent: 5448, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/sh4.elf
    • sh4.elf New Fork (PID: 5523, Parent: 5521)
      • sh4.elf New Fork (PID: 5529, Parent: 5523)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
sh4.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    sh4.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xcde0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcdf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcea8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcebc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xced0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5521.1.00007ff19041d000.00007ff19041e000.rw-.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x100:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x114:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x150:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x164:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x178:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x18c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5521.1.00007ff190400000.00007ff19040e000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xcde0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcdf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xce94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcea8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcebc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xced0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcee4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcef8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xcf70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    Process Memory Space: sh4.elf PID: 5521Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x100:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x114:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x128:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x13c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x150:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x164:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x178:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x18c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Networking
    • System Summary
    • Persistence and Installation Behavior
    • Malware Analysis System Evasion
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: sh4.elfAvira: detected
    Source: sh4.elfVirustotal: Detection: 43%Perma Link
    Source: sh4.elfReversingLabs: Detection: 47%
    Source: global trafficTCP traffic: 192.168.2.15:55726 -> 103.142.27.125:56999
    Source: /tmp/sh4.elf (PID: 5521)Socket: 127.0.0.1:46157Jump to behavior
    Source: global trafficDNS traffic detected: DNS query: srolangvan.com

    System Summary

    barindex
    Source: sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5521.1.00007ff19041d000.00007ff19041e000.rw-.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5521.1.00007ff190400000.00007ff19040e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: sh4.elf PID: 5521, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_kill_all
    Source: ELF static info symbol of initial sampleName: attack_method_nudp
    Source: ELF static info symbol of initial sampleName: attack_method_stdhex
    Source: ELF static info symbol of initial sampleName: attack_method_tcp
    Source: ELF static info symbol of initial sampleName: attack_ongoing
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: sh4.elfELF static info symbol of initial sample: hexPayload
    Source: sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5521.1.00007ff19041d000.00007ff19041e000.rw-.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5521.1.00007ff190400000.00007ff19040e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: sh4.elf PID: 5521, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal76.troj.linELF@0/0@1/0
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/110/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/231/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/111/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/112/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/233/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/113/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/114/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/235/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/115/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1333/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/116/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1695/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/117/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/118/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/119/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/911/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/3874/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/914/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/10/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/917/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/11/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/12/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/13/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/14/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/15/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/16/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/17/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/18/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/19/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1591/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/120/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/121/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/122/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/243/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/2/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/123/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/3/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/124/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1588/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/125/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/4/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/246/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/126/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/5/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/127/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/6/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1585/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/128/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/7/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/129/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/8/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/800/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/9/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/802/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/803/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/804/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/20/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/21/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/3407/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/22/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/23/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/24/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/25/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/26/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/27/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/28/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/29/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1484/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/490/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/250/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/130/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/251/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/131/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/132/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/133/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1479/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/378/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/258/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/259/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/931/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1595/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/812/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/933/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/30/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/3419/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/35/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/3310/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/260/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/261/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/262/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/142/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/263/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/264/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/265/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/145/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/266/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/267/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/268/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/3303/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/269/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1486/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/1806/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/3440/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5529)File opened: /proc/270/cmdlineJump to behavior
    Source: /tmp/sh4.elf (PID: 5521)Queries kernel information via 'uname': Jump to behavior
    Source: sh4.elf, 5521.1.0000555ea027a000.0000555ea02dd000.rw-.sdmpBinary or memory string: ^U5!/etc/qemu-binfmt/sh4
    Source: sh4.elf, 5521.1.00007fffc99bf000.00007fffc99e0000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
    Source: sh4.elf, 5521.1.0000555ea027a000.0000555ea02dd000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
    Source: sh4.elf, 5521.1.00007fffc99bf000.00007fffc99e0000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sh4.elf

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: sh4.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: sh4.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Masquerading    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1644171 Sample: sh4.elf Startdate: 20/03/2025 Architecture: LINUX Score: 76 14 srolangvan.com 103.142.27.125, 55726, 56999 WEBICO-AS-VNWebicoCompanyLimitedVN Viet Nam 2->14 16 Malicious sample detected (through community Yara rule) 2->16 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 2 other signatures 2->22 8 sh4.elf 2->8         started        signatures3 process4 process5 10 sh4.elf 8->10         started        process6 12 sh4.elf 10->12         started       

    Screenshots

    Download Video

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    sh4.elf44%VirustotalBrowse
    sh4.elf47%ReversingLabsLinux.Backdoor.Mirai
    sh4.elf100%AviraEXP/ELF.Mirai.J

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Download Network PCAP: filteredfull

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    srolangvan.com
    		103.142.27.125
    		truefalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      103.142.27.125
      		srolangvan.comViet Nam
      		135951WEBICO-AS-VNWebicoCompanyLimitedVNfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      103.142.27.125m68k.elfGet hashmaliciousUnknownBrowse
        debug.dbg.elfGet hashmaliciousMiraiBrowse
          ppc.elfGet hashmaliciousMiraiBrowse
            spc.elfGet hashmaliciousMiraiBrowse
              x86.elfGet hashmaliciousMiraiBrowse
                mpsl.elfGet hashmaliciousMiraiBrowse
                  mips.elfGet hashmaliciousMiraiBrowse
                    arm.elfGet hashmaliciousUnknownBrowse
                      arm6.elfGet hashmaliciousMiraiBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        srolangvan.comm68k.elfGet hashmaliciousUnknownBrowse
                        • 103.142.27.125
                        debug.dbg.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        ppc.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        spc.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        x86.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        mpsl.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        mips.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        arm.elfGet hashmaliciousUnknownBrowse
                        • 103.142.27.125
                        arm6.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        sh4.elfGet hashmaliciousMiraiBrowse
                        • 160.22.161.89

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        WEBICO-AS-VNWebicoCompanyLimitedVNm68k.elfGet hashmaliciousUnknownBrowse
                        • 103.142.27.125
                        debug.dbg.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        ppc.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        spc.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        x86.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        mpsl.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        mips.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        arm.elfGet hashmaliciousUnknownBrowse
                        • 103.142.27.125
                        arm6.elfGet hashmaliciousMiraiBrowse
                        • 103.142.27.125
                        http://admin-globalviolationpolicies.online/Get hashmaliciousUnknownBrowse
                        • 103.130.216.144

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        No created / dropped files found

                        Static File Info

                        General

                        File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, not stripped
                        Entropy (8bit):6.602418346707125
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:sh4.elf
                        File size:77'177 bytes
                        MD5:a90e2c23340a23253197818ea9a12830
                        SHA1:64eb178cf030f73c746494fd81e82bbd38aacd0f
                        SHA256:fb4865448b86213dcbea78542950ec2c0e63a0217ded139de81a9c13826e4b92
                        SHA512:d2285a02bd4ec00e5ecc620815c2f26f308dc2afd654576343a57582de195c9bcfc44a89b4c7fcc604b8204c38b4efe1141bda6c3ce887df53837eb6f2c843c2
                        SSDEEP:768:Nsl1YzmRYTbur3evAyFaJMkhDikVfoawBb4yIwdSDb3DmwwhomD5xh4pKJrL:2BRibuSdbojfoaab4yeDvmxhprh4pKJL
                        TLSH:E9733B17E1715FA3C0861BB825BBCE390B13B8A157522E32562D8BF80E47DCDBC45BA5
                        File Content Preview:.ELF..............*.......@.4...x.......4. ...(...............@...@...........................A...A......1....................A...A.................Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l.............................

                        Static ELF Info

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:<unknown>
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - System V
                        ABI Version:0
                        Entry Point Address:0x4001c0
                        Flags:0x9
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:4
                        Section Header Offset:58744
                        Section Header Size:40
                        Number of Section Headers:17
                        Header String Table Index:14

                        Sections

                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .initPROGBITS0x4000b40xb40x300x00x6AX004
                        .textPROGBITS0x4001000x1000xcbe00x00x6AX0032
                        .finiPROGBITS0x40cce00xcce00x240x00x6AX004
                        .rodataPROGBITS0x40cd040xcd040xd140x00x2A004
                        .eh_framePROGBITS0x41da180xda180x7c0x00x3WA004
                        .tbssNOBITS0x41da940xda940x80x00x403WAT004
                        .ctorsPROGBITS0x41da940xda940x80x00x3WA004
                        .dtorsPROGBITS0x41da9c0xda9c0x80x00x3WA004
                        .jcrPROGBITS0x41daa40xdaa40x40x00x3WA004
                        .dataPROGBITS0x41daa80xdaa80x2100x00x3WA004
                        .gotPROGBITS0x41dcb80xdcb80x140x40x3WA004
                        .bssNOBITS0x41dccc0xdccc0x2f1c0x00x3WA004
                        .commentPROGBITS0x00xdccc0x83a0x00x0001
                        .shstrtabSTRTAB0x00xe5060x710x00x0001
                        .symtabSYMTAB0x00xe8200x27b00x100x0162244
                        .strtabSTRTAB0x00x10fd00x1da90x00x0001

                        Program Segments

                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x4000000x4000000xda180xda186.86340x5R E0x10000.init .text .fini .rodata
                        LOAD0xda180x41da180x41da180x2b40x31d03.93680x6RW 0x10000.eh_frame .tbss .ctors .dtors .jcr .data .got .bss
                        TLS0xda940x41da940x41da940x00x80.00000x4R 0x4.tbss
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Symbols

                        NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                        .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        .symtab0x4000b40SECTION<unknown>DEFAULT1
                        .symtab0x4001000SECTION<unknown>DEFAULT2
                        .symtab0x40cce00SECTION<unknown>DEFAULT3
                        .symtab0x40cd040SECTION<unknown>DEFAULT4
                        .symtab0x41da180SECTION<unknown>DEFAULT5
                        .symtab0x41da940SECTION<unknown>DEFAULT6
                        .symtab0x41da940SECTION<unknown>DEFAULT7
                        .symtab0x41da9c0SECTION<unknown>DEFAULT8
                        .symtab0x41daa40SECTION<unknown>DEFAULT9
                        .symtab0x41daa80SECTION<unknown>DEFAULT10
                        .symtab0x41dcb80SECTION<unknown>DEFAULT11
                        .symtab0x41dccc0SECTION<unknown>DEFAULT12
                        .symtab0x00SECTION<unknown>DEFAULT13
                        .jmp_loc.symtab0x40756a0NOTYPE<unknown>DEFAULT2
                        .jmp_loc.symtab0x40760a0NOTYPE<unknown>DEFAULT2
                        .jmp_loc.symtab0x407a2a0NOTYPE<unknown>DEFAULT2
                        .jmp_loc.symtab0x409fea0NOTYPE<unknown>DEFAULT2
                        .jmp_loc.symtab0x40a0ea0NOTYPE<unknown>DEFAULT2
                        .jmp_loc.symtab0x40a1ea0NOTYPE<unknown>DEFAULT2
                        .jmp_loc.symtab0x40a2ea0NOTYPE<unknown>DEFAULT2
                        .jmp_loc.symtab0x40c3ca0NOTYPE<unknown>DEFAULT2
                        C.3.5229.symtab0x40d6d012OBJECT<unknown>DEFAULT4
                        C.3.5941.symtab0x40d9e812OBJECT<unknown>DEFAULT4
                        C.3.5941.symtab0x40da0c12OBJECT<unknown>DEFAULT4
                        C.4.5303.symtab0x40d63c24OBJECT<unknown>DEFAULT4
                        C.4.5942.symtab0x40da0012OBJECT<unknown>DEFAULT4
                        C.5.5949.symtab0x40d9f412OBJECT<unknown>DEFAULT4
                        C.8.5347.symtab0x40d6c412OBJECT<unknown>DEFAULT4
                        LOCAL_ADDR.symtab0x4207ec4OBJECT<unknown>DEFAULT12
                        L_abort.symtab0x4001f00NOTYPE<unknown>DEFAULT2
                        L_fini.symtab0x4001e80NOTYPE<unknown>DEFAULT2
                        L_init.symtab0x4001e40NOTYPE<unknown>DEFAULT2
                        L_main.symtab0x4001e00NOTYPE<unknown>DEFAULT2
                        L_movmem_2mod4_end.symtab0x40cc400NOTYPE<unknown>DEFAULT2
                        L_movmem_loop.symtab0x40cc5a0NOTYPE<unknown>DEFAULT2
                        L_movmem_start_even.symtab0x40cc660NOTYPE<unknown>DEFAULT2
                        L_uClibc_main.symtab0x4001ec0NOTYPE<unknown>DEFAULT2
                        _Exit.symtab0x40a9d0104FUNC<unknown>DEFAULT2
                        _GLOBAL_OFFSET_TABLE_.symtab0x41dcb80OBJECT<unknown>HIDDEN11
                        _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        __CTOR_END__.symtab0x41da980OBJECT<unknown>DEFAULT7
                        __CTOR_LIST__.symtab0x41da940OBJECT<unknown>DEFAULT7
                        __C_ctype_b.symtab0x41dbc84OBJECT<unknown>DEFAULT10
                        __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        __C_ctype_b_data.symtab0x40d6e6768OBJECT<unknown>DEFAULT4
                        __DTOR_END__.symtab0x41daa00OBJECT<unknown>DEFAULT8
                        __DTOR_LIST__.symtab0x41da9c0OBJECT<unknown>DEFAULT8
                        __EH_FRAME_BEGIN__.symtab0x41da180OBJECT<unknown>DEFAULT5
                        __FRAME_END__.symtab0x41da900OBJECT<unknown>DEFAULT5
                        __GI___C_ctype_b.symtab0x41dbc84OBJECT<unknown>HIDDEN10
                        __GI___close.symtab0x40a020164FUNC<unknown>HIDDEN2
                        __GI___close_nocancel.symtab0x40a03040FUNC<unknown>HIDDEN2
                        __GI___ctype_b.symtab0x41dbcc4OBJECT<unknown>HIDDEN10
                        __GI___errno_location.symtab0x4074e444FUNC<unknown>HIDDEN2
                        __GI___fcntl_nocancel.symtab0x406d84180FUNC<unknown>HIDDEN2
                        __GI___fgetc_unlocked.symtab0x40bd88216FUNC<unknown>HIDDEN2
                        __GI___libc_close.symtab0x40a020164FUNC<unknown>HIDDEN2
                        __GI___libc_fcntl.symtab0x406e38280FUNC<unknown>HIDDEN2
                        __GI___libc_open.symtab0x40a120172FUNC<unknown>HIDDEN2
                        __GI___libc_read.symtab0x40a320172FUNC<unknown>HIDDEN2
                        __GI___libc_write.symtab0x40a220172FUNC<unknown>HIDDEN2
                        __GI___open.symtab0x40a120172FUNC<unknown>HIDDEN2
                        __GI___open_nocancel.symtab0x40a13040FUNC<unknown>HIDDEN2
                        __GI___read.symtab0x40a320172FUNC<unknown>HIDDEN2
                        __GI___read_nocancel.symtab0x40a33040FUNC<unknown>HIDDEN2
                        __GI___sigaddset.symtab0x40826c40FUNC<unknown>HIDDEN2
                        __GI___sigdelset.symtab0x40829442FUNC<unknown>HIDDEN2
                        __GI___sigismember.symtab0x40824044FUNC<unknown>HIDDEN2
                        __GI___uClibc_fini.symtab0x40a538108FUNC<unknown>HIDDEN2
                        __GI___uClibc_init.symtab0x40a5ec68FUNC<unknown>HIDDEN2
                        __GI___write.symtab0x40a220172FUNC<unknown>HIDDEN2
                        __GI___write_nocancel.symtab0x40a23040FUNC<unknown>HIDDEN2
                        __GI__exit.symtab0x40a9d0104FUNC<unknown>HIDDEN2
                        __GI_abort.symtab0x409124184FUNC<unknown>HIDDEN2
                        __GI_accept.symtab0x407b6c116FUNC<unknown>HIDDEN2
                        __GI_bind.symtab0x407be064FUNC<unknown>HIDDEN2
                        __GI_close.symtab0x40a020164FUNC<unknown>HIDDEN2
                        __GI_closedir.symtab0x4071a8200FUNC<unknown>HIDDEN2
                        __GI_config_close.symtab0x40b1a072FUNC<unknown>HIDDEN2
                        __GI_config_open.symtab0x40b1e860FUNC<unknown>HIDDEN2
                        __GI_config_read.symtab0x40af04668FUNC<unknown>HIDDEN2
                        __GI_connect.symtab0x407c60116FUNC<unknown>HIDDEN2
                        __GI_exit.symtab0x409680116FUNC<unknown>HIDDEN2
                        __GI_fclose.symtab0x40b224444FUNC<unknown>HIDDEN2
                        __GI_fcntl.symtab0x406e38280FUNC<unknown>HIDDEN2
                        __GI_fflush_unlocked.symtab0x40bb84516FUNC<unknown>HIDDEN2
                        __GI_fgetc.symtab0x40b878212FUNC<unknown>HIDDEN2
                        __GI_fgetc_unlocked.symtab0x40bd88216FUNC<unknown>HIDDEN2
                        __GI_fgets.symtab0x40b94c188FUNC<unknown>HIDDEN2
                        __GI_fgets_unlocked.symtab0x40be60132FUNC<unknown>HIDDEN2
                        __GI_fopen.symtab0x40b3e024FUNC<unknown>HIDDEN2
                        __GI_fork.symtab0x409c04572FUNC<unknown>HIDDEN2
                        __GI_fstat.symtab0x40aa3896FUNC<unknown>HIDDEN2
                        __GI_getc_unlocked.symtab0x40bd88216FUNC<unknown>HIDDEN2
                        __GI_getdtablesize.symtab0x40ab4852FUNC<unknown>HIDDEN2
                        __GI_getegid.symtab0x40ab7c18FUNC<unknown>HIDDEN2
                        __GI_geteuid.symtab0x40ab8e18FUNC<unknown>HIDDEN2
                        __GI_getgid.symtab0x40aba018FUNC<unknown>HIDDEN2
                        __GI_getpagesize.symtab0x40abb428FUNC<unknown>HIDDEN2
                        __GI_getpid.symtab0x409e4052FUNC<unknown>HIDDEN2
                        __GI_getrlimit.symtab0x40abd064FUNC<unknown>HIDDEN2
                        __GI_getsockname.symtab0x407cd464FUNC<unknown>HIDDEN2
                        __GI_getuid.symtab0x40ac1018FUNC<unknown>HIDDEN2
                        __GI_inet_addr.symtab0x407b0044FUNC<unknown>HIDDEN2
                        __GI_inet_aton.symtab0x40c2a8200FUNC<unknown>HIDDEN2
                        __GI_initstate_r.symtab0x4094d0204FUNC<unknown>HIDDEN2
                        __GI_ioctl.symtab0x40c7c4268FUNC<unknown>HIDDEN2
                        __GI_isatty.symtab0x40c21036FUNC<unknown>HIDDEN2
                        __GI_kill.symtab0x406f6060FUNC<unknown>HIDDEN2
                        __GI_listen.symtab0x407d5864FUNC<unknown>HIDDEN2
                        __GI_lseek64.symtab0x40cbd4108FUNC<unknown>HIDDEN2
                        __GI_memcpy.symtab0x4076c0860FUNC<unknown>HIDDEN2
                        __GI_memmove.symtab0x40bee4188FUNC<unknown>HIDDEN2
                        __GI_mempcpy.symtab0x40cbb036FUNC<unknown>HIDDEN2
                        __GI_memset.symtab0x407a60150FUNC<unknown>HIDDEN2
                        __GI_mmap.symtab0x40a8c464FUNC<unknown>HIDDEN2
                        __GI_mremap.symtab0x40ac2468FUNC<unknown>HIDDEN2
                        __GI_munmap.symtab0x40ac6860FUNC<unknown>HIDDEN2
                        __GI_nanosleep.symtab0x40ace4108FUNC<unknown>HIDDEN2
                        __GI_open.symtab0x40a120172FUNC<unknown>HIDDEN2
                        __GI_opendir.symtab0x407300176FUNC<unknown>HIDDEN2
                        __GI_raise.symtab0x409e74116FUNC<unknown>HIDDEN2
                        __GI_random.symtab0x4091f0100FUNC<unknown>HIDDEN2
                        __GI_random_r.symtab0x409398108FUNC<unknown>HIDDEN2
                        __GI_read.symtab0x40a320172FUNC<unknown>HIDDEN2
                        __GI_readdir.symtab0x407450148FUNC<unknown>HIDDEN2
                        __GI_readdir64.symtab0x40ae6c152FUNC<unknown>HIDDEN2
                        __GI_readlink.symtab0x406fe060FUNC<unknown>HIDDEN2
                        __GI_recv.symtab0x407dd8128FUNC<unknown>HIDDEN2
                        __GI_recvfrom.symtab0x407e9c144FUNC<unknown>HIDDEN2
                        __GI_sbrk.symtab0x40a904104FUNC<unknown>HIDDEN2
                        __GI_select.symtab0x407060136FUNC<unknown>HIDDEN2
                        __GI_send.symtab0x407f6c128FUNC<unknown>HIDDEN2
                        __GI_sendto.symtab0x408030144FUNC<unknown>HIDDEN2
                        __GI_setsid.symtab0x4070e860FUNC<unknown>HIDDEN2
                        __GI_setsockopt.symtab0x4080c068FUNC<unknown>HIDDEN2
                        __GI_setstate_r.symtab0x40959c228FUNC<unknown>HIDDEN2
                        __GI_sigaction.symtab0x40c37020FUNC<unknown>HIDDEN2
                        __GI_sigaddset.symtab0x40814472FUNC<unknown>HIDDEN2
                        __GI_sigemptyset.symtab0x40818c20FUNC<unknown>HIDDEN2
                        __GI_signal.symtab0x4081a0160FUNC<unknown>HIDDEN2
                        __GI_sigprocmask.symtab0x407124116FUNC<unknown>HIDDEN2
                        __GI_sleep.symtab0x409ee8224FUNC<unknown>HIDDEN2
                        __GI_socket.symtab0x40810464FUNC<unknown>HIDDEN2
                        __GI_srandom_r.symtab0x409404204FUNC<unknown>HIDDEN2
                        __GI_strchr.symtab0x40bfa0196FUNC<unknown>HIDDEN2
                        __GI_strchrnul.symtab0x40c064192FUNC<unknown>HIDDEN2
                        __GI_strcmp.symtab0x40c12434FUNC<unknown>HIDDEN2
                        __GI_strcoll.symtab0x40c12434FUNC<unknown>HIDDEN2
                        __GI_strcspn.symtab0x40c14872FUNC<unknown>HIDDEN2
                        __GI_strlen.symtab0x4075a088FUNC<unknown>HIDDEN2
                        __GI_strrchr.symtab0x40c19080FUNC<unknown>HIDDEN2
                        __GI_strspn.symtab0x40c1e048FUNC<unknown>HIDDEN2
                        __GI_sysconf.symtab0x4097fc1032FUNC<unknown>HIDDEN2
                        __GI_tcgetattr.symtab0x40c234116FUNC<unknown>HIDDEN2
                        __GI_time.symtab0x40719816FUNC<unknown>HIDDEN2
                        __GI_times.symtab0x40ad5016FUNC<unknown>HIDDEN2
                        __GI_write.symtab0x40a220172FUNC<unknown>HIDDEN2
                        __JCR_END__.symtab0x41daa40OBJECT<unknown>DEFAULT9
                        __JCR_LIST__.symtab0x41daa40OBJECT<unknown>DEFAULT9
                        __app_fini.symtab0x41e2844OBJECT<unknown>HIDDEN12
                        __atexit_lock.symtab0x41dba424OBJECT<unknown>DEFAULT10
                        __bss_start.symtab0x41dccc0NOTYPE<unknown>DEFAULTSHN_ABS
                        __check_one_fd.symtab0x40a5a472FUNC<unknown>DEFAULT2
                        __close.symtab0x40a020164FUNC<unknown>DEFAULT2
                        __close_nocancel.symtab0x40a03040FUNC<unknown>DEFAULT2
                        __ctype_b.symtab0x41dbcc4OBJECT<unknown>DEFAULT10
                        __curbrk.symtab0x4207e84OBJECT<unknown>HIDDEN12
                        __data_start.symtab0x41daa80NOTYPE<unknown>DEFAULT10
                        __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        __do_global_ctors_aux.symtab0x40cca00FUNC<unknown>DEFAULT2
                        __do_global_dtors_aux.symtab0x4001000FUNC<unknown>DEFAULT2
                        __dso_handle.symtab0x41daa80OBJECT<unknown>HIDDEN10
                        __environ.symtab0x41e27c4OBJECT<unknown>DEFAULT12
                        __errno_location.symtab0x4074e444FUNC<unknown>DEFAULT2
                        __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        __exit_cleanup.symtab0x41dd2c4OBJECT<unknown>HIDDEN12
                        __fcntl_nocancel.symtab0x406d84180FUNC<unknown>DEFAULT2
                        __fgetc_unlocked.symtab0x40bd88216FUNC<unknown>DEFAULT2
                        __fini_array_end.symtab0x41da940NOTYPE<unknown>HIDDEN6
                        __fini_array_start.symtab0x41da940NOTYPE<unknown>HIDDEN6
                        __fork.symtab0x409c04572FUNC<unknown>DEFAULT2
                        __fork_generation_pointer.symtab0x420bb84OBJECT<unknown>HIDDEN12
                        __fork_handlers.symtab0x420bbc4OBJECT<unknown>HIDDEN12
                        __fork_lock.symtab0x41dd304OBJECT<unknown>HIDDEN12
                        __getdents.symtab0x40aa98176FUNC<unknown>HIDDEN2
                        __getdents64.symtab0x40c8d0276FUNC<unknown>HIDDEN2
                        __getpagesize.symtab0x40abb428FUNC<unknown>DEFAULT2
                        __getpid.symtab0x409e4052FUNC<unknown>DEFAULT2
                        __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        __init_array_end.symtab0x41da940NOTYPE<unknown>HIDDEN6
                        __init_array_start.symtab0x41da940NOTYPE<unknown>HIDDEN6
                        __init_brk.symtab0x40c73084FUNC<unknown>HIDDEN2
                        __init_brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        __libc_accept.symtab0x407b6c116FUNC<unknown>DEFAULT2
                        __libc_close.symtab0x40a020164FUNC<unknown>DEFAULT2
                        __libc_connect.symtab0x407c60116FUNC<unknown>DEFAULT2
                        __libc_disable_asynccancel.symtab0x40a3e0136FUNC<unknown>HIDDEN2
                        __libc_enable_asynccancel.symtab0x40a468136FUNC<unknown>HIDDEN2
                        __libc_errno.symtab0x04TLS<unknown>HIDDEN6
                        __libc_fcntl.symtab0x406e38280FUNC<unknown>DEFAULT2
                        __libc_fork.symtab0x409c04572FUNC<unknown>DEFAULT2
                        __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
                        __libc_nanosleep.symtab0x40ace4108FUNC<unknown>DEFAULT2
                        __libc_open.symtab0x40a120172FUNC<unknown>DEFAULT2
                        __libc_read.symtab0x40a320172FUNC<unknown>DEFAULT2
                        __libc_recv.symtab0x407dd8128FUNC<unknown>DEFAULT2
                        __libc_recvfrom.symtab0x407e9c144FUNC<unknown>DEFAULT2
                        __libc_select.symtab0x407060136FUNC<unknown>DEFAULT2
                        __libc_send.symtab0x407f6c128FUNC<unknown>DEFAULT2
                        __libc_sendto.symtab0x408030144FUNC<unknown>DEFAULT2
                        __libc_setup_tls.symtab0x40c4f2366FUNC<unknown>DEFAULT2
                        __libc_sigaction.symtab0x40c37020FUNC<unknown>DEFAULT2
                        __libc_stack_end.symtab0x41e2784OBJECT<unknown>DEFAULT12
                        __libc_write.symtab0x40a220172FUNC<unknown>DEFAULT2
                        __lll_lock_wait_private.symtab0x40c40064FUNC<unknown>HIDDEN2
                        __lll_unlock_wake_private.symtab0x40c44030FUNC<unknown>HIDDEN2
                        __malloc_consolidate.symtab0x408e28328FUNC<unknown>HIDDEN2
                        __malloc_largebin_index.symtab0x4082c0112FUNC<unknown>DEFAULT2
                        __malloc_lock.symtab0x41dac824OBJECT<unknown>DEFAULT10
                        __malloc_state.symtab0x420840888OBJECT<unknown>DEFAULT12
                        __malloc_trim.symtab0x408d8c156FUNC<unknown>DEFAULT2
                        __movmemSI12_i4.symtab0x40cc8014FUNC<unknown>HIDDEN2
                        __movmem_i4_even.symtab0x40cc4848FUNC<unknown>HIDDEN2
                        __movmem_i4_odd.symtab0x40cc4e42FUNC<unknown>HIDDEN2
                        __movstrSI12_i4.symtab0x40cc8014FUNC<unknown>HIDDEN2
                        __movstr_i4_even.symtab0x40cc4848FUNC<unknown>HIDDEN2
                        __movstr_i4_odd.symtab0x40cc4e42FUNC<unknown>HIDDEN2
                        __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        __open.symtab0x40a120172FUNC<unknown>DEFAULT2
                        __open_nocancel.symtab0x40a13040FUNC<unknown>DEFAULT2
                        __pagesize.symtab0x41e2804OBJECT<unknown>DEFAULT12
                        __preinit_array_end.symtab0x41da940NOTYPE<unknown>HIDDEN6
                        __preinit_array_start.symtab0x41da940NOTYPE<unknown>HIDDEN6
                        __progname.symtab0x41dbc04OBJECT<unknown>DEFAULT10
                        __progname_full.symtab0x41dbc44OBJECT<unknown>DEFAULT10
                        __pthread_initialize_minimal.symtab0x40c66024FUNC<unknown>DEFAULT2
                        __pthread_mutex_init.symtab0x40a4fe14FUNC<unknown>DEFAULT2
                        __pthread_mutex_lock.symtab0x40a4f014FUNC<unknown>DEFAULT2
                        __pthread_mutex_trylock.symtab0x40a4f014FUNC<unknown>DEFAULT2
                        __pthread_mutex_unlock.symtab0x40a4f014FUNC<unknown>DEFAULT2
                        __pthread_return_0.symtab0x40a4f014FUNC<unknown>DEFAULT2
                        __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        __read.symtab0x40a320172FUNC<unknown>DEFAULT2
                        __read_nocancel.symtab0x40a33040FUNC<unknown>DEFAULT2
                        __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                        __rtld_fini.symtab0x41e2884OBJECT<unknown>HIDDEN12
                        __sdivsi3_i4i.symtab0x406a30852FUNC<unknown>HIDDEN2
                        __sigaddset.symtab0x40826c40FUNC<unknown>DEFAULT2
                        __sigdelset.symtab0x40829442FUNC<unknown>DEFAULT2
                        __sigismember.symtab0x40824044FUNC<unknown>DEFAULT2
                        __sigjmp_save.symtab0x40c38456FUNC<unknown>HIDDEN2
                        __sigsetjmp.symtab0x40a99060FUNC<unknown>DEFAULT2
                        __sigsetjmp_intern.symtab0x40a9940NOTYPE<unknown>DEFAULT2
                        __stdin.symtab0x41dbdc4OBJECT<unknown>DEFAULT10
                        __stdio_READ.symtab0x40c9e480FUNC<unknown>HIDDEN2
                        __stdio_WRITE.symtab0x40ca34192FUNC<unknown>HIDDEN2
                        __stdio_rfill.symtab0x40caf448FUNC<unknown>HIDDEN2
                        __stdio_trans2r_o.symtab0x40cb24140FUNC<unknown>HIDDEN2
                        __stdio_wcommit.symtab0x40b84452FUNC<unknown>HIDDEN2
                        __stdout.symtab0x41dbe04OBJECT<unknown>DEFAULT10
                        __sys_accept.symtab0x407b2c64FUNC<unknown>DEFAULT2
                        __sys_connect.symtab0x407c2064FUNC<unknown>DEFAULT2
                        __sys_recv.symtab0x407d9864FUNC<unknown>DEFAULT2
                        __sys_recvfrom.symtab0x407e5868FUNC<unknown>DEFAULT2
                        __sys_send.symtab0x407f2c64FUNC<unknown>DEFAULT2
                        __sys_sendto.symtab0x407fec68FUNC<unknown>DEFAULT2
                        __syscall_error.symtab0x4075600NOTYPE<unknown>DEFAULT2
                        __syscall_error.symtab0x4076000NOTYPE<unknown>DEFAULT2
                        __syscall_error.symtab0x407a200NOTYPE<unknown>DEFAULT2
                        __syscall_error.symtab0x409fe00NOTYPE<unknown>DEFAULT2
                        __syscall_error.symtab0x40a0e00NOTYPE<unknown>DEFAULT2
                        __syscall_error.symtab0x40a1e00NOTYPE<unknown>DEFAULT2
                        __syscall_error.symtab0x40a2e00NOTYPE<unknown>DEFAULT2
                        __syscall_error.symtab0x40c3c00NOTYPE<unknown>DEFAULT2
                        __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        __syscall_nanosleep.symtab0x40aca464FUNC<unknown>DEFAULT2
                        __syscall_rt_sigaction.symtab0x40c78464FUNC<unknown>DEFAULT2
                        __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        __syscall_select.symtab0x40701c68FUNC<unknown>DEFAULT2
                        __tls_get_addr.symtab0x40c4dc22FUNC<unknown>DEFAULT2
                        __uClibc_fini.symtab0x40a538108FUNC<unknown>DEFAULT2
                        __uClibc_init.symtab0x40a5ec68FUNC<unknown>DEFAULT2
                        __uClibc_main.symtab0x40a630660FUNC<unknown>DEFAULT2
                        __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        __uclibc_progname.symtab0x41dbbc4OBJECT<unknown>HIDDEN10
                        __udivsi3_i4i.symtab0x406960208FUNC<unknown>HIDDEN2
                        __write.symtab0x40a220172FUNC<unknown>DEFAULT2
                        __write_nocancel.symtab0x40a23040FUNC<unknown>DEFAULT2
                        __xstat32_conv.symtab0x40adec128FUNC<unknown>HIDDEN2
                        __xstat64_conv.symtab0x40ad60140FUNC<unknown>HIDDEN2
                        _brk.symtab0x40c6f460FUNC<unknown>HIDDEN2
                        _dl_aux_init.symtab0x40c67832FUNC<unknown>DEFAULT2
                        _dl_nothread_init_static_tls.symtab0x40c69892FUNC<unknown>HIDDEN2
                        _dl_phdr.symtab0x420be04OBJECT<unknown>DEFAULT12
                        _dl_phnum.symtab0x420be44OBJECT<unknown>DEFAULT12
                        _dl_tls_dtv_gaps.symtab0x420bd41OBJECT<unknown>DEFAULT12
                        _dl_tls_dtv_slotinfo_list.symtab0x420bd04OBJECT<unknown>DEFAULT12
                        _dl_tls_generation.symtab0x420bd84OBJECT<unknown>DEFAULT12
                        _dl_tls_max_dtv_idx.symtab0x420bc84OBJECT<unknown>DEFAULT12
                        _dl_tls_setup.symtab0x40c4a060FUNC<unknown>DEFAULT2
                        _dl_tls_static_align.symtab0x420bc44OBJECT<unknown>DEFAULT12
                        _dl_tls_static_nelem.symtab0x420bdc4OBJECT<unknown>DEFAULT12
                        _dl_tls_static_size.symtab0x420bcc4OBJECT<unknown>DEFAULT12
                        _dl_tls_static_used.symtab0x420bc04OBJECT<unknown>DEFAULT12
                        _edata.symtab0x41dccc0NOTYPE<unknown>DEFAULTSHN_ABS
                        _end.symtab0x420be80NOTYPE<unknown>DEFAULTSHN_ABS
                        _exit.symtab0x40a9d0104FUNC<unknown>DEFAULT2
                        _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        _fini.symtab0x40cce00FUNC<unknown>HIDDEN3
                        _fixed_buffers.symtab0x41e2ac8192OBJECT<unknown>DEFAULT12
                        _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        _init.symtab0x4000b40FUNC<unknown>HIDDEN1
                        _pthread_cleanup_pop_restore.symtab0x40a51c28FUNC<unknown>DEFAULT2
                        _pthread_cleanup_push_defer.symtab0x40a50c16FUNC<unknown>DEFAULT2
                        _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        _setjmp.symtab0x40a9704FUNC<unknown>DEFAULT2
                        _sigintr.symtab0x4208388OBJECT<unknown>HIDDEN12
                        _start.symtab0x4001c030FUNC<unknown>DEFAULT2
                        _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        _stdio_fopen.symtab0x40b3f8732FUNC<unknown>HIDDEN2
                        _stdio_init.symtab0x40b6d4116FUNC<unknown>HIDDEN2
                        _stdio_openlist.symtab0x41dbe44OBJECT<unknown>DEFAULT10
                        _stdio_openlist_add_lock.symtab0x41e28c12OBJECT<unknown>DEFAULT12
                        _stdio_openlist_dec_use.symtab0x40ba08380FUNC<unknown>HIDDEN2
                        _stdio_openlist_del_count.symtab0x41e2a84OBJECT<unknown>DEFAULT12
                        _stdio_openlist_del_lock.symtab0x41e29812OBJECT<unknown>DEFAULT12
                        _stdio_openlist_use_count.symtab0x41e2a44OBJECT<unknown>DEFAULT12
                        _stdio_streams.symtab0x41dbec204OBJECT<unknown>DEFAULT10
                        _stdio_term.symtab0x40b748252FUNC<unknown>HIDDEN2
                        _stdio_user_locking.symtab0x41dbe84OBJECT<unknown>DEFAULT10
                        _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        abort.symtab0x409124184FUNC<unknown>DEFAULT2
                        abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        accept.symtab0x407b6c116FUNC<unknown>DEFAULT2
                        accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        anti_gdb_entry.symtab0x404ac020FUNC<unknown>DEFAULT2
                        attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        attack_get_opt_int.symtab0x4006c0136FUNC<unknown>DEFAULT2
                        attack_get_opt_ip.symtab0x400620136FUNC<unknown>DEFAULT2
                        attack_init.symtab0x400760676FUNC<unknown>DEFAULT2
                        attack_kill_all.symtab0x400300220FUNC<unknown>DEFAULT2
                        attack_method_nudp.symtab0x4041401480FUNC<unknown>DEFAULT2
                        attack_method_stdhex.symtab0x403e80704FUNC<unknown>DEFAULT2
                        attack_method_tcp.symtab0x400fe01476FUNC<unknown>DEFAULT2
                        attack_ongoing.symtab0x41dcf032OBJECT<unknown>DEFAULT12
                        attack_parse.symtab0x4003e0552FUNC<unknown>DEFAULT2
                        attack_start.symtab0x400200228FUNC<unknown>DEFAULT2
                        attack_tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        attack_tcp_ack.symtab0x4022c01544FUNC<unknown>DEFAULT2
                        attack_tcp_legit.symtab0x402ee01524FUNC<unknown>DEFAULT2
                        attack_tcp_null.symtab0x4034e01700FUNC<unknown>DEFAULT2
                        attack_tcp_sack2.symtab0x4015c01508FUNC<unknown>DEFAULT2
                        attack_tcp_stomp.symtab0x401bc01792FUNC<unknown>DEFAULT2
                        attack_tcp_syn.symtab0x400a201464FUNC<unknown>DEFAULT2
                        attack_tcp_syndata.symtab0x4028e01512FUNC<unknown>DEFAULT2
                        attack_udp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        attack_udp_plain.symtab0x403bc0692FUNC<unknown>DEFAULT2
                        been_there_done_that.symtab0x41dd284OBJECT<unknown>DEFAULT12
                        bind.symtab0x407be064FUNC<unknown>DEFAULT2
                        bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        bsd_signal.symtab0x4081a0160FUNC<unknown>DEFAULT2
                        calloc.symtab0x4089f4228FUNC<unknown>DEFAULT2
                        calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        checksum_generic.symtab0x40472052FUNC<unknown>DEFAULT2
                        checksum_tcpudp.symtab0x404760140FUNC<unknown>DEFAULT2
                        clock.symtab0x40751056FUNC<unknown>DEFAULT2
                        clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        close.symtab0x40a020164FUNC<unknown>DEFAULT2
                        closedir.symtab0x4071a8200FUNC<unknown>DEFAULT2
                        closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        completed.4720.symtab0x41dccc1OBJECT<unknown>DEFAULT12
                        connect.symtab0x407c60116FUNC<unknown>DEFAULT2
                        connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        ensure_single_instance.symtab0x404ae0364FUNC<unknown>DEFAULT2
                        environ.symtab0x41e27c4OBJECT<unknown>DEFAULT12
                        errno.symtab0x04TLS<unknown>DEFAULT6
                        errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        exit.symtab0x409680116FUNC<unknown>DEFAULT2
                        exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fclose.symtab0x40b224444FUNC<unknown>DEFAULT2
                        fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fcntl.symtab0x406e38280FUNC<unknown>DEFAULT2
                        fd_ctrl.symtab0x41dab44OBJECT<unknown>DEFAULT10
                        fd_serv.symtab0x41dab84OBJECT<unknown>DEFAULT10
                        fd_to_DIR.symtab0x407270144FUNC<unknown>DEFAULT2
                        fdopendir.symtab0x4073b0160FUNC<unknown>DEFAULT2
                        fflush_unlocked.symtab0x40bb84516FUNC<unknown>DEFAULT2
                        fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fgetc.symtab0x40b878212FUNC<unknown>DEFAULT2
                        fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fgetc_unlocked.symtab0x40bd88216FUNC<unknown>DEFAULT2
                        fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fgets.symtab0x40b94c188FUNC<unknown>DEFAULT2
                        fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fgets_unlocked.symtab0x40be60132FUNC<unknown>DEFAULT2
                        fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fopen.symtab0x40b3e024FUNC<unknown>DEFAULT2
                        fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fork.symtab0x409c04572FUNC<unknown>DEFAULT2
                        fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fork_handler_pool.symtab0x41dd341348OBJECT<unknown>DEFAULT12
                        frame_dummy.symtab0x4001600FUNC<unknown>DEFAULT2
                        free.symtab0x408f70384FUNC<unknown>DEFAULT2
                        free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        fstat.symtab0x40aa3896FUNC<unknown>DEFAULT2
                        fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getc.symtab0x40b878212FUNC<unknown>DEFAULT2
                        getc_unlocked.symtab0x40bd88216FUNC<unknown>DEFAULT2
                        getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getdtablesize.symtab0x40ab4852FUNC<unknown>DEFAULT2
                        getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getegid.symtab0x40ab7c18FUNC<unknown>DEFAULT2
                        getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        geteuid.symtab0x40ab8e18FUNC<unknown>DEFAULT2
                        geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getgid.symtab0x40aba018FUNC<unknown>DEFAULT2
                        getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getpagesize.symtab0x40abb428FUNC<unknown>DEFAULT2
                        getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getpid.symtab0x409e4052FUNC<unknown>DEFAULT2
                        getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getppid.symtab0x406f5016FUNC<unknown>DEFAULT2
                        getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getrlimit.symtab0x40abd064FUNC<unknown>DEFAULT2
                        getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getsockname.symtab0x407cd464FUNC<unknown>DEFAULT2
                        getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getsockopt.symtab0x407d1468FUNC<unknown>DEFAULT2
                        getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        getuid.symtab0x40ac1018FUNC<unknown>DEFAULT2
                        getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        h_errno.symtab0x44TLS<unknown>DEFAULT6
                        hexPayload.symtab0x41dab04OBJECT<unknown>DEFAULT10
                        index.symtab0x40bfa0196FUNC<unknown>DEFAULT2
                        inet_addr.symtab0x407b0044FUNC<unknown>DEFAULT2
                        inet_aton.symtab0x40c2a8200FUNC<unknown>DEFAULT2
                        inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        init_static_tls.symtab0x40c46064FUNC<unknown>DEFAULT2
                        initstate.symtab0x4092c0120FUNC<unknown>DEFAULT2
                        initstate_r.symtab0x4094d0204FUNC<unknown>DEFAULT2
                        ioctl.symtab0x40c7c4268FUNC<unknown>DEFAULT2
                        ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        isatty.symtab0x40c21036FUNC<unknown>DEFAULT2
                        isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        kill.symtab0x406f6060FUNC<unknown>DEFAULT2
                        kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        killer_init.symtab0x404980292FUNC<unknown>DEFAULT2
                        killer_kill.symtab0x40480048FUNC<unknown>DEFAULT2
                        killer_kill_by_port.symtab0x405ee01332FUNC<unknown>DEFAULT2
                        killer_mirai_exists.symtab0x404840320FUNC<unknown>DEFAULT2
                        killer_pid.symtab0x41dd104OBJECT<unknown>DEFAULT12
                        libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        listen.symtab0x407d5864FUNC<unknown>DEFAULT2
                        listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        local_bind.4378.symtab0x41dac01OBJECT<unknown>DEFAULT10
                        lseek64.symtab0x40cbd4108FUNC<unknown>DEFAULT2
                        main.symtab0x404d001940FUNC<unknown>DEFAULT2
                        main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        malloc.symtab0x4083301732FUNC<unknown>DEFAULT2
                        malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        malloc_trim.symtab0x4090f052FUNC<unknown>DEFAULT2
                        memcpy.symtab0x4076c0860FUNC<unknown>DEFAULT2
                        memmove.symtab0x40bee4188FUNC<unknown>DEFAULT2
                        memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        mempcpy.symtab0x40cbb036FUNC<unknown>DEFAULT2
                        mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        memset.symtab0x407a60150FUNC<unknown>DEFAULT2
                        methods.symtab0x41dcec4OBJECT<unknown>DEFAULT12
                        methods_len.symtab0x41dce81OBJECT<unknown>DEFAULT12
                        mmap.symtab0x40a8c464FUNC<unknown>DEFAULT2
                        mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        mremap.symtab0x40ac2468FUNC<unknown>DEFAULT2
                        mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        munmap.symtab0x40ac6860FUNC<unknown>DEFAULT2
                        munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        mylock.symtab0x41dae024OBJECT<unknown>DEFAULT10
                        mylock.symtab0x41daf824OBJECT<unknown>DEFAULT10
                        nanosleep.symtab0x40ace4108FUNC<unknown>DEFAULT2
                        nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        nprocessors_onln.symtab0x4096f4264FUNC<unknown>DEFAULT2
                        object.4732.symtab0x41dcd024OBJECT<unknown>DEFAULT12
                        open.symtab0x40a120172FUNC<unknown>DEFAULT2
                        opendir.symtab0x407300176FUNC<unknown>DEFAULT2
                        opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        p.4718.symtab0x41daac0OBJECT<unknown>DEFAULT10
                        parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        pending_connection.symtab0x41dd141OBJECT<unknown>DEFAULT12
                        prctl.symtab0x406f9c68FUNC<unknown>DEFAULT2
                        prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        program_invocation_name.symtab0x41dbc44OBJECT<unknown>DEFAULT10
                        program_invocation_short_name.symtab0x41dbc04OBJECT<unknown>DEFAULT10
                        raise.symtab0x409e74116FUNC<unknown>DEFAULT2
                        raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        rand.symtab0x4091dc20FUNC<unknown>DEFAULT2
                        rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        rand_alphastr.symtab0x405560276FUNC<unknown>DEFAULT2
                        rand_init.symtab0x40550096FUNC<unknown>DEFAULT2
                        rand_next.symtab0x4054a068FUNC<unknown>DEFAULT2
                        rand_str.symtab0x405680252FUNC<unknown>DEFAULT2
                        random.symtab0x4091f0100FUNC<unknown>DEFAULT2
                        random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        random_poly_info.symtab0x40d65440OBJECT<unknown>DEFAULT4
                        random_r.symtab0x409398108FUNC<unknown>DEFAULT2
                        random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        randtbl.symtab0x41db24128OBJECT<unknown>DEFAULT10
                        read.symtab0x40a320172FUNC<unknown>DEFAULT2
                        readdir.symtab0x407450148FUNC<unknown>DEFAULT2
                        readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        readdir64.symtab0x40ae6c152FUNC<unknown>DEFAULT2
                        readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        readlink.symtab0x406fe060FUNC<unknown>DEFAULT2
                        readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        realloc.symtab0x408ad8692FUNC<unknown>DEFAULT2
                        realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        recv.symtab0x407dd8128FUNC<unknown>DEFAULT2
                        recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        recvfrom.symtab0x407e9c144FUNC<unknown>DEFAULT2
                        recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        resolv_entries_free.symtab0x40578080FUNC<unknown>DEFAULT2
                        resolv_lookup.symtab0x4057e01228FUNC<unknown>DEFAULT2
                        resolve_cnc_addr.symtab0x404c60140FUNC<unknown>DEFAULT2
                        resolve_func.symtab0x41dabc4OBJECT<unknown>DEFAULT10
                        rindex.symtab0x40c19080FUNC<unknown>DEFAULT2
                        sbrk.symtab0x40a904104FUNC<unknown>DEFAULT2
                        sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        select.symtab0x407060136FUNC<unknown>DEFAULT2
                        select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        send.symtab0x407f6c128FUNC<unknown>DEFAULT2
                        send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sendto.symtab0x408030144FUNC<unknown>DEFAULT2
                        sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        setjmp.symtab0x40a9804FUNC<unknown>DEFAULT2
                        setsid.symtab0x4070e860FUNC<unknown>DEFAULT2
                        setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        setsockopt.symtab0x4080c068FUNC<unknown>DEFAULT2
                        setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        setstate.symtab0x409254108FUNC<unknown>DEFAULT2
                        setstate_r.symtab0x40959c228FUNC<unknown>DEFAULT2
                        sigaction.symtab0x40c37020FUNC<unknown>DEFAULT2
                        sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sigaddset.symtab0x40814472FUNC<unknown>DEFAULT2
                        sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sigemptyset.symtab0x40818c20FUNC<unknown>DEFAULT2
                        sigjmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        signal.symtab0x4081a0160FUNC<unknown>DEFAULT2
                        signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sigprocmask.symtab0x407124116FUNC<unknown>DEFAULT2
                        sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sleep.symtab0x409ee8224FUNC<unknown>DEFAULT2
                        sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        socket.symtab0x40810464FUNC<unknown>DEFAULT2
                        socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        srand.symtab0x40933896FUNC<unknown>DEFAULT2
                        srandom.symtab0x40933896FUNC<unknown>DEFAULT2
                        srandom_r.symtab0x409404204FUNC<unknown>DEFAULT2
                        srv_addr.symtab0x4207f016OBJECT<unknown>DEFAULT12
                        static_dtv.symtab0x4202ac512OBJECT<unknown>DEFAULT12
                        static_map.symtab0x4207b452OBJECT<unknown>DEFAULT12
                        static_slotinfo.symtab0x4204ac776OBJECT<unknown>DEFAULT12
                        stderr.symtab0x41dbd84OBJECT<unknown>DEFAULT10
                        stdin.symtab0x41dbd04OBJECT<unknown>DEFAULT10
                        stdout.symtab0x41dbd44OBJECT<unknown>DEFAULT10
                        strchr.symtab0x40bfa0196FUNC<unknown>DEFAULT2
                        strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        strchrnul.symtab0x40c064192FUNC<unknown>DEFAULT2
                        strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        strcmp.symtab0x40c12434FUNC<unknown>DEFAULT2
                        strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        strcoll.symtab0x40c12434FUNC<unknown>DEFAULT2
                        strcspn.symtab0x40c14872FUNC<unknown>DEFAULT2
                        strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        strlen.symtab0x4075a088FUNC<unknown>DEFAULT2
                        strrchr.symtab0x40c19080FUNC<unknown>DEFAULT2
                        strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        strspn.symtab0x40c1e048FUNC<unknown>DEFAULT2
                        strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        sysconf.symtab0x4097fc1032FUNC<unknown>DEFAULT2
                        sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        table.symtab0x42080056OBJECT<unknown>DEFAULT12
                        table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        table_init.symtab0x405e00212FUNC<unknown>DEFAULT2
                        table_key.symtab0x41dac44OBJECT<unknown>DEFAULT10
                        table_lock_val.symtab0x405d00120FUNC<unknown>DEFAULT2
                        table_retrieve_val.symtab0x405cc036FUNC<unknown>DEFAULT2
                        table_unlock_val.symtab0x405d80120FUNC<unknown>DEFAULT2
                        tcgetattr.symtab0x40c234116FUNC<unknown>DEFAULT2
                        tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        time.symtab0x40719816FUNC<unknown>DEFAULT2
                        time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        times.symtab0x40ad5016FUNC<unknown>DEFAULT2
                        times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        unsafe_state.symtab0x41db1020OBJECT<unknown>DEFAULT10
                        update_process.symtab0x403ba04FUNC<unknown>DEFAULT2
                        util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        util_atoi.symtab0x4066e0380FUNC<unknown>DEFAULT2
                        util_fdgets.symtab0x406540124FUNC<unknown>DEFAULT2
                        util_isalpha.symtab0x40650024FUNC<unknown>DEFAULT2
                        util_isdigit.symtab0x40652012FUNC<unknown>DEFAULT2
                        util_itoa.symtab0x406860244FUNC<unknown>DEFAULT2
                        util_local_addr.symtab0x4065c0128FUNC<unknown>DEFAULT2
                        util_memcpy.symtab0x4064c020FUNC<unknown>DEFAULT2
                        util_strcat.symtab0x40644064FUNC<unknown>DEFAULT2
                        util_strcpy.symtab0x40648050FUNC<unknown>DEFAULT2
                        util_stristr.symtab0x406640150FUNC<unknown>DEFAULT2
                        util_strlen.symtab0x40642024FUNC<unknown>DEFAULT2
                        util_zero.symtab0x4064e020FUNC<unknown>DEFAULT2
                        w.symtab0x41dd244OBJECT<unknown>DEFAULT12
                        write.symtab0x40a220172FUNC<unknown>DEFAULT2
                        x.symtab0x41dd184OBJECT<unknown>DEFAULT12
                        xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                        y.symtab0x41dd1c4OBJECT<unknown>DEFAULT12
                        z.symtab0x41dd204OBJECT<unknown>DEFAULT12

                        Network Behavior

                        Download Network PCAP: filteredfull

                        Network Port Distribution

                        • Total Packets: 17
                        • 56999 undefined
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 20, 2025 12:25:54.133938074 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:25:54.472826958 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:25:54.472913027 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:25:55.163841963 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:25:55.500623941 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:25:55.500758886 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:25:55.501970053 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:25:55.838485003 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:25:55.838831902 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:25:56.176124096 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:26:05.511554003 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:26:05.852658987 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:26:05.852684975 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:26:05.852786064 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:26:21.445369005 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:26:21.445600033 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:26:36.785852909 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:26:36.786159992 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:26:52.124439001 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:26:52.124593973 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:27:05.878503084 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:27:06.216008902 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:27:06.216167927 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:27:21.611766100 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:27:21.612216949 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:27:36.952872992 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:27:36.953278065 CET5572656999192.168.2.15103.142.27.125
                        Mar 20, 2025 12:27:52.292776108 CET5699955726103.142.27.125192.168.2.15
                        Mar 20, 2025 12:27:52.293011904 CET5572656999192.168.2.15103.142.27.125
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 20, 2025 12:25:54.033335924 CET5863353192.168.2.158.8.8.8
                        Mar 20, 2025 12:25:54.132369995 CET53586338.8.8.8192.168.2.15

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 20, 2025 12:25:54.033335924 CET192.168.2.158.8.8.80x9a10Standard query (0)srolangvan.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 20, 2025 12:25:54.132369995 CET8.8.8.8192.168.2.150x9a10No error (0)srolangvan.com103.142.27.125A (IP address)IN (0x0001)false

                        System Behavior

                        General

                        Start time (UTC):11:25:53
                        Start date (UTC):20/03/2025
                        Path:/tmp/sh4.elf
                        Arguments:/tmp/sh4.elf
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        File Activities

                        Process Activities

                        System Activities

                        Network Activities


                        General

                        Start time (UTC):11:25:53
                        Start date (UTC):20/03/2025
                        Path:/tmp/sh4.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        Process Activities

                        Network Activities


                        General

                        Start time (UTC):11:25:53
                        Start date (UTC):20/03/2025
                        Path:/tmp/sh4.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        File Activities

                        Process Activities