Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
wget.elf

Overview

General Information

Sample name:wget.elf
Analysis ID:1645510
MD5:d22d580c17f65c1cec1120b194ab453d
SHA1:427ef13913305d613d8b1e60fe9723f6a3c1272c
SHA256:f23f8bc8abf0a224ae81ba8620e89ae3e018c0d4f0cfa7b67ef18b2d6fcd42b7
Tags:elfuser-abuse_ch
Infos:

Detection

Gafgyt
Score:84
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Opens /proc/net/* files useful for finding connected devices and routers
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1645510
Start date and time:2025-03-21 21:05:59 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 52s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:wget.elf
Detection:MAL
Classification:mal84.spre.troj.linELF@0/0@2/0
  • VT rate limit hit for: 93.115.172.234:6667

Runtime Messages

Command:/tmp/wget.elf
PID:5477
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
MAC: EC:F4:BB:61:AE:30
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wget.elf (PID: 5477, Parent: 5399, MD5: d22d580c17f65c1cec1120b194ab453d) Arguments: /tmp/wget.elf
    • wget.elf New Fork (PID: 5478, Parent: 5477)
      • wget.elf New Fork (PID: 5479, Parent: 5478)
  • dash New Fork (PID: 5549, Parent: 3632)
  • rm (PID: 5549, Parent: 3632, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.fWOb9WKTDA /tmp/tmp.9ijiu0TQHx /tmp/tmp.pBTa6aCfnW
  • dash New Fork (PID: 5550, Parent: 3632)
  • rm (PID: 5550, Parent: 3632, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.fWOb9WKTDA /tmp/tmp.9ijiu0TQHx /tmp/tmp.pBTa6aCfnW
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
wget.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    wget.elfLinux_Trojan_Gafgyt_83715433unknownunknown
    • 0xf41:$a: 8B 45 08 88 10 FF 45 08 8B 45 08 0F B6 00 84 C0 75 DB C9 C3 55
    wget.elfLinux_Trojan_Gafgyt_6321b565unknownunknown
    • 0x26ce:$a: D8 89 D0 01 C0 01 D0 C1 E0 03 8B 04 08 83 E0 1F 0F AB 84 9D 58 FF
    wget.elfLinux_Trojan_Gafgyt_6122acdfunknownunknown
    • 0x2d3:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
    wget.elfLinux_Trojan_Gafgyt_f51c5ac3unknownunknown
    • 0xe18:$a: 74 2A 8B 45 0C 0F B6 00 84 C0 74 17 8B 45 0C 40 89 44 24 04 8B
    Click to see the 4 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5478.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Gafgyt_83715433unknownunknown
    • 0xf41:$a: 8B 45 08 88 10 FF 45 08 8B 45 08 0F B6 00 84 C0 75 DB C9 C3 55
    5478.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Gafgyt_6321b565unknownunknown
    • 0x26ce:$a: D8 89 D0 01 C0 01 D0 C1 E0 03 8B 04 08 83 E0 1F 0F AB 84 9D 58 FF
    5478.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Gafgyt_6122acdfunknownunknown
    • 0x2d3:$a: E8 B0 00 FC 8B 7D E8 F2 AE 89 C8 F7 D0 48 48 89 45 F8 EB 03 FF
    5478.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Gafgyt_f51c5ac3unknownunknown
    • 0xe18:$a: 74 2A 8B 45 0C 0F B6 00 84 C0 74 17 8B 45 0C 40 89 44 24 04 8B
    5478.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Gafgyt_27de1106unknownunknown
    • 0xe58:$a: 0C 0F B6 00 84 C0 74 18 8B 45 0C 40 8B 55 08 42 89 44 24 04 89
    Click to see the 11 entries

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Spreading
    • Networking
    • System Summary
    • Persistence and Installation Behavior
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: wget.elfAvira: detected
    Source: wget.elfMalware Configuration Extractor: Gafgyt {"C2 url": "93.115.172.234:6667"}
    Source: wget.elfVirustotal: Detection: 64%Perma Link
    Source: wget.elfReversingLabs: Detection: 69%

    Spreading

    barindex
    Source: /tmp/wget.elf (PID: 5477)Opens: /proc/net/routeJump to behavior
    Source: global trafficTCP traffic: 192.168.2.14:39376 -> 93.115.172.234:6667
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
    Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
    Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: unknownTCP traffic detected without corresponding DNS query: 93.115.172.234
    Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37924
    Source: unknownNetwork traffic detected: HTTP traffic on port 46540 -> 443

    System Summary

    barindex
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_83715433 Author: unknown
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_f51c5ac3 Author: unknown
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_27de1106 Author: unknown
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_1b2e2a3a Author: unknown
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9127f7be Author: unknown
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_83715433 Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f51c5ac3 Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_27de1106 Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_1b2e2a3a Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9127f7be Author: unknown
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_83715433 Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6321b565 Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f51c5ac3 Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_27de1106 Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_1b2e2a3a Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9127f7be Author: unknown
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_fb14e81f Author: unknown
    Source: wget.elfELF static info symbol of initial sample: passwords
    Source: wget.elfELF static info symbol of initial sample: usernames
    Source: Initial sampleString containing 'busybox' found: /bin/busybox;echo -e '\147\141\171\146\147\164'
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_83715433 reference_sample = 3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 25ac15f4b903d9e28653dad0db399ebd20d4e9baabf5078fbc33d3cd838dd7e9, id = 83715433-3dff-4238-8cdb-c51279565e05, last_modified = 2021-09-16
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_f51c5ac3 reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 34f254afdf94b1eb29bae4eb8e3864ea49e918a5dbe6e4c9d06a4292c104a792, id = f51c5ac3-ade9-4d01-b578-3473a2b116db, last_modified = 2021-09-16
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_27de1106 reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9a747f0fc7ccc55f24f2654344484f643103da709270a45de4c1174d8e4101cc, id = 27de1106-497d-40a0-8fc4-929f7a927628, last_modified = 2021-09-16
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_1b2e2a3a reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6f24b67d0a6a4fc4e1cfea5a5414b82af1332a3e6074eb2178aee6b27702b407, id = 1b2e2a3a-1302-41c7-be99-43edb5563294, last_modified = 2021-09-16
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9127f7be reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 72c742cb8b11ddf030e10f67e13c0392748dcd970394ec77ace3d2baa705a375, id = 9127f7be-6e82-46a1-9f11-0b3570b0cd76, last_modified = 2021-09-16
    Source: wget.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_83715433 reference_sample = 3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 25ac15f4b903d9e28653dad0db399ebd20d4e9baabf5078fbc33d3cd838dd7e9, id = 83715433-3dff-4238-8cdb-c51279565e05, last_modified = 2021-09-16
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f51c5ac3 reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 34f254afdf94b1eb29bae4eb8e3864ea49e918a5dbe6e4c9d06a4292c104a792, id = f51c5ac3-ade9-4d01-b578-3473a2b116db, last_modified = 2021-09-16
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_27de1106 reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9a747f0fc7ccc55f24f2654344484f643103da709270a45de4c1174d8e4101cc, id = 27de1106-497d-40a0-8fc4-929f7a927628, last_modified = 2021-09-16
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_1b2e2a3a reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6f24b67d0a6a4fc4e1cfea5a5414b82af1332a3e6074eb2178aee6b27702b407, id = 1b2e2a3a-1302-41c7-be99-43edb5563294, last_modified = 2021-09-16
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9127f7be reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 72c742cb8b11ddf030e10f67e13c0392748dcd970394ec77ace3d2baa705a375, id = 9127f7be-6e82-46a1-9f11-0b3570b0cd76, last_modified = 2021-09-16
    Source: 5478.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_83715433 reference_sample = 3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 25ac15f4b903d9e28653dad0db399ebd20d4e9baabf5078fbc33d3cd838dd7e9, id = 83715433-3dff-4238-8cdb-c51279565e05, last_modified = 2021-09-16
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6321b565 reference_sample = cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = c1d286e82426cbf19fc52836ef9a6b88c1f6e144967f43760df93cf1ab497d07, id = 6321b565-ed25-4bf2-be4f-3ffa0e643085, last_modified = 2021-09-16
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6122acdf os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 283275705c729be23d7dc75056388ecae00390bd25ee7b66b0cfc9b85feee212, id = 6122acdf-1eef-45ea-83ea-699d21c2dc20, last_modified = 2021-09-16
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f51c5ac3 reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 34f254afdf94b1eb29bae4eb8e3864ea49e918a5dbe6e4c9d06a4292c104a792, id = f51c5ac3-ade9-4d01-b578-3473a2b116db, last_modified = 2021-09-16
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_27de1106 reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9a747f0fc7ccc55f24f2654344484f643103da709270a45de4c1174d8e4101cc, id = 27de1106-497d-40a0-8fc4-929f7a927628, last_modified = 2021-09-16
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_1b2e2a3a reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 6f24b67d0a6a4fc4e1cfea5a5414b82af1332a3e6074eb2178aee6b27702b407, id = 1b2e2a3a-1302-41c7-be99-43edb5563294, last_modified = 2021-09-16
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9127f7be reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 72c742cb8b11ddf030e10f67e13c0392748dcd970394ec77ace3d2baa705a375, id = 9127f7be-6e82-46a1-9f11-0b3570b0cd76, last_modified = 2021-09-16
    Source: 5477.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_fb14e81f severity = 100, os = linux, arch_context = x86, creation_date = 2022-01-05, scan_context = file, memory, reference = 0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52, id = fb14e81f-be2a-4428-9877-958e394a7ae2, last_modified = 2022-01-26
    Source: classification engineClassification label: mal84.spre.troj.linELF@0/0@2/0
    Source: wget.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crt1.S
    Source: wget.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crti.S
    Source: wget.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crtn.S
    Source: wget.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/mmap.S
    Source: wget.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/vfork.S
    Source: /usr/bin/dash (PID: 5549)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.fWOb9WKTDA /tmp/tmp.9ijiu0TQHx /tmp/tmp.pBTa6aCfnWJump to behavior
    Source: /usr/bin/dash (PID: 5550)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.fWOb9WKTDA /tmp/tmp.9ijiu0TQHx /tmp/tmp.pBTa6aCfnWJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: wget.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: wget.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Masquerading    		OS Credential Dumping1
    Remote System Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    File Deletion    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
    Application Layer Protocol    		Traffic DuplicationData Destruction

    Malware Configuration

    Threatname: Gafgyt

    {
  "C2 url": "93.115.172.234:6667"
}

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1645510 Sample: wget.elf Startdate: 21/03/2025 Architecture: LINUX Score: 84 19 93.115.172.234, 39376, 39378, 39380 ALTER-NET-ASZorilorNr11SfGheorgheRO Romania 2->19 21 185.125.190.26, 443 CANONICAL-ASGB United Kingdom 2->21 23 3 other IPs or domains 2->23 25 Found malware configuration 2->25 27 Malicious sample detected (through community Yara rule) 2->27 29 Antivirus / Scanner detection for submitted sample 2->29 31 2 other signatures 2->31 8 wget.elf 2->8         started        11 dash rm 2->11         started        13 dash rm 2->13         started        signatures3 process4 signatures5 33 Opens /proc/net/* files useful for finding connected devices and routers 8->33 15 wget.elf 8->15         started        process6 process7 17 wget.elf 15->17         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    wget.elf65%VirustotalBrowse
    wget.elf69%ReversingLabsLinux.Trojan.Gafgyt
    wget.elf100%AviraLINUX/Gafgyt.cona

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Download Network PCAP: filteredfull

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		162.213.35.24
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      93.115.172.234:6667true
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        54.171.230.55
        		unknownUnited States
        		16509AMAZON-02USfalse
        54.217.10.153
        		unknownUnited States
        		16509AMAZON-02USfalse
        185.125.190.26
        		unknownUnited Kingdom
        		41231CANONICAL-ASGBfalse
        93.115.172.234
        		unknownRomania
        		39531ALTER-NET-ASZorilorNr11SfGheorgheROtrue

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        54.171.230.55na.elfGet hashmaliciousPrometeiBrowse
          jwyt4py98x.mips.elfGet hashmaliciousMiraiBrowse
            na.elfGet hashmaliciousPrometeiBrowse
              na.elfGet hashmaliciousPrometeiBrowse
                na.elfGet hashmaliciousPrometeiBrowse
                  na.elfGet hashmaliciousPrometeiBrowse
                    conf.pngGet hashmaliciousTsunamiBrowse
                      miner.elfGet hashmaliciousUnknownBrowse
                        na.elfGet hashmaliciousPrometeiBrowse
                          na.elfGet hashmaliciousPrometeiBrowse
                            54.217.10.153main_x86_64.elfGet hashmaliciousUnknownBrowse
                              arm7.elfGet hashmaliciousMiraiBrowse
                                46.19.143.26-mips-2025-03-01T06_09_25.elfGet hashmaliciousUnknownBrowse
                                  dlr.sh4.elfGet hashmaliciousUnknownBrowse
                                    i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                      miner.elfGet hashmaliciousUnknownBrowse
                                        psmips.elfGet hashmaliciousUnknownBrowse
                                          yakuza.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            main_x86.elfGet hashmaliciousMiraiBrowse
                                              jkse.arm7.elfGet hashmaliciousMiraiBrowse
                                                185.125.190.26x.rar.elfGet hashmaliciousXmrigBrowse
                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                    46.19.143.26-mips-2025-03-01T06_09_25.elfGet hashmaliciousUnknownBrowse
                                                      boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                        sshd.elfGet hashmaliciousUnknownBrowse
                                                          hiss.mips.elfGet hashmaliciousUnknownBrowse
                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                    93.115.172.234cron.elfGet hashmaliciousGafgytBrowse
                                                                      apache2.elfGet hashmaliciousGafgytBrowse
                                                                        openssh.elfGet hashmaliciousGafgytBrowse
                                                                          pftp.elfGet hashmaliciousGafgytBrowse
                                                                            sh.elfGet hashmaliciousGafgytBrowse
                                                                              sshd.elfGet hashmaliciousGafgytBrowse
                                                                                ftp.elfGet hashmaliciousGafgytBrowse
                                                                                  tftp.elfGet hashmaliciousGafgytBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    daisy.ubuntu.comapache2.elfGet hashmaliciousGafgytBrowse
                                                                                    • 162.213.35.24
                                                                                    openssh.elfGet hashmaliciousGafgytBrowse
                                                                                    • 162.213.35.25
                                                                                    pftp.elfGet hashmaliciousGafgytBrowse
                                                                                    • 162.213.35.24
                                                                                    sshd.elfGet hashmaliciousGafgytBrowse
                                                                                    • 162.213.35.24
                                                                                    ftp.elfGet hashmaliciousGafgytBrowse
                                                                                    • 162.213.35.25
                                                                                    tftp.elfGet hashmaliciousGafgytBrowse
                                                                                    • 162.213.35.24
                                                                                    jwyt4py98x.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                    • 162.213.35.25
                                                                                    .main.elfGet hashmaliciousXmrigBrowse
                                                                                    • 162.213.35.25
                                                                                    jwyt4py98x.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                    • 162.213.35.25
                                                                                    jwyt4py98x.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                    • 162.213.35.25

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    ALTER-NET-ASZorilorNr11SfGheorgheROcron.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    apache2.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    openssh.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    pftp.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    sh.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    sshd.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    ftp.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    tftp.elfGet hashmaliciousGafgytBrowse
                                                                                    • 93.115.172.234
                                                                                    Ravateb.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                    • 89.46.233.239
                                                                                    pp.dd.exeGet hashmaliciousUnknownBrowse
                                                                                    • 93.115.172.125
                                                                                    CANONICAL-ASGBcron.elfGet hashmaliciousGafgytBrowse
                                                                                    • 91.189.91.42
                                                                                    sh.elfGet hashmaliciousGafgytBrowse
                                                                                    • 91.189.91.42
                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                    • 91.189.91.42
                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                    • 91.189.91.42
                                                                                    sshd.elfGet hashmaliciousUnknownBrowse
                                                                                    • 91.189.91.42
                                                                                    jwyt4py98x.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                    • 91.189.91.42
                                                                                    x.rar.elfGet hashmaliciousXmrigBrowse
                                                                                    • 185.125.190.26
                                                                                    jwyt4py98x.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                    • 91.189.91.42
                                                                                    jwyt4py98x.mips.elfGet hashmaliciousMiraiBrowse
                                                                                    • 91.189.91.42
                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                    • 91.189.91.42
                                                                                    AMAZON-02USopenssh.elfGet hashmaliciousGafgytBrowse
                                                                                    • 54.247.62.1
                                                                                    YG.ps1Get hashmaliciousFormBookBrowse
                                                                                    • 13.248.169.48
                                                                                    STEPH.ps1Get hashmaliciousFormBookBrowse
                                                                                    • 13.248.169.48
                                                                                    GUYBIN.ps1Get hashmaliciousFormBookBrowse
                                                                                    • 13.248.169.48
                                                                                    https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/51260/13866?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVlRyN1FMVjdQUFEyWmpkUURtQndBMnJ2Nk1iOWtYSEJQY0UzY1NodklLd05WQ2RtaG9SSHJrL0FGZk40Y0FNdlNwczAxdFp6WXI5b3h4WVZPOW12Rko0UDhwS1dPb3A0T3pCTXdxU210Y3dvWDIwaTFZZ2ZBeEUxRDFYQnVINmR2blI0TExHM2wrcEtIYTJqL3lWWXBKOVhQTHo3ZHVlLzZxTGdvZXhPc1owZUFrZFllSEFjWStwZGkyMlVaQzFidzBpU2ZBTW5wTjhFWW5SUmlxQXVQOVVPZE1UOVRNREs4WSttZkNXeEhmdS9ncktZaC9VTzZLbERPTjNzSVp0cm5aZmFkTEV6Vk96d0k4bTZaL3p1QUpsSHEwUHhpWlgrNG11M05SUVVWZUpxVTlTR0svVHQ3clFnZ0lLd29iNS9ERVJWOG8wVnNhK2V3TVdKMVM0RUhSMTZJTFlTKzhKY29TWk9WY3lwOFlOWS9ySXRWcVhtcHY0STFKVE9oUHpGSFkzcXhpalJnOGNTRFVBTDBBVHU4cDJGZURnN2k3VEsyQVkvL0gxQm90cmtZYXRmVmpub0tERDBsU0hZSlUzUmlnMGZtR0ZPbW1lOVpMRHV1WDZDSWpwL3FBWlZ6OW00Y2ZhbEdJd3lUeGpRPT0%3D#?email=test@gotcha.comGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                                                    • 3.168.73.64
                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                    • 34.249.145.219
                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                    • 52.212.150.54
                                                                                    x.rar.elfGet hashmaliciousXmrigBrowse
                                                                                    • 34.254.182.186
                                                                                    Scanned Inv#118953-0012345.svgGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 13.33.252.45
                                                                                    jwyt4py98x.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                    • 34.249.145.219
                                                                                    AMAZON-02USopenssh.elfGet hashmaliciousGafgytBrowse
                                                                                    • 54.247.62.1
                                                                                    YG.ps1Get hashmaliciousFormBookBrowse
                                                                                    • 13.248.169.48
                                                                                    STEPH.ps1Get hashmaliciousFormBookBrowse
                                                                                    • 13.248.169.48
                                                                                    GUYBIN.ps1Get hashmaliciousFormBookBrowse
                                                                                    • 13.248.169.48
                                                                                    https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/51260/13866?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVlRyN1FMVjdQUFEyWmpkUURtQndBMnJ2Nk1iOWtYSEJQY0UzY1NodklLd05WQ2RtaG9SSHJrL0FGZk40Y0FNdlNwczAxdFp6WXI5b3h4WVZPOW12Rko0UDhwS1dPb3A0T3pCTXdxU210Y3dvWDIwaTFZZ2ZBeEUxRDFYQnVINmR2blI0TExHM2wrcEtIYTJqL3lWWXBKOVhQTHo3ZHVlLzZxTGdvZXhPc1owZUFrZFllSEFjWStwZGkyMlVaQzFidzBpU2ZBTW5wTjhFWW5SUmlxQXVQOVVPZE1UOVRNREs4WSttZkNXeEhmdS9ncktZaC9VTzZLbERPTjNzSVp0cm5aZmFkTEV6Vk96d0k4bTZaL3p1QUpsSHEwUHhpWlgrNG11M05SUVVWZUpxVTlTR0svVHQ3clFnZ0lLd29iNS9ERVJWOG8wVnNhK2V3TVdKMVM0RUhSMTZJTFlTKzhKY29TWk9WY3lwOFlOWS9ySXRWcVhtcHY0STFKVE9oUHpGSFkzcXhpalJnOGNTRFVBTDBBVHU4cDJGZURnN2k3VEsyQVkvL0gxQm90cmtZYXRmVmpub0tERDBsU0hZSlUzUmlnMGZtR0ZPbW1lOVpMRHV1WDZDSWpwL3FBWlZ6OW00Y2ZhbEdJd3lUeGpRPT0%3D#?email=test@gotcha.comGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                                                    • 3.168.73.64
                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                    • 34.249.145.219
                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                    • 52.212.150.54
                                                                                    x.rar.elfGet hashmaliciousXmrigBrowse
                                                                                    • 34.254.182.186
                                                                                    Scanned Inv#118953-0012345.svgGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 13.33.252.45
                                                                                    jwyt4py98x.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                    • 34.249.145.219

                                                                                    JA3 Fingerprints

                                                                                    No context

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    No created / dropped files found

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
                                                                                    Entropy (8bit):6.142393181783485
                                                                                    TrID:
                                                                                    • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                                    • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                                    File name:wget.elf
                                                                                    File size:63'479 bytes
                                                                                    MD5:d22d580c17f65c1cec1120b194ab453d
                                                                                    SHA1:427ef13913305d613d8b1e60fe9723f6a3c1272c
                                                                                    SHA256:f23f8bc8abf0a224ae81ba8620e89ae3e018c0d4f0cfa7b67ef18b2d6fcd42b7
                                                                                    SHA512:44f4452058d376e23fb426c699fb05238ebbe3a94adb66f3c7200aabff681a5ce9d2f44a4c58689d2ba4f8c08fdd3cd4e034db831001bb52a53bed003e393b90
                                                                                    SSDEEP:1536:ZMsL7rO6tPhCVjMWrj1FnFiYNPTuBvMBzAzAulDgqX:r7rO6tPhCVjMWrjLYwPTuRMlG
                                                                                    TLSH:50530649B556C5F7C8120BB1029BBDDE0769FD398A7AAE44F3183CF45BB3894392A311
                                                                                    File Content Preview:.ELF....................h...4...........4. ...(..............................................0...0.......g..........Q.td............................U..S.......w....h........[]...$.............U......=.3...t..1....$0.....$0......u........t...$.*..........3

                                                                                    Static ELF Info

                                                                                    ELF header

                                                                                    Class:ELF32
                                                                                    Data:2's complement, little endian
                                                                                    Version:1 (current)
                                                                                    Machine:Intel 80386
                                                                                    Version Number:0x1
                                                                                    Type:EXEC (Executable file)
                                                                                    OS/ABI:UNIX - System V
                                                                                    ABI Version:0
                                                                                    Entry Point Address:0x8048168
                                                                                    Flags:0x0
                                                                                    ELF Header Size:52
                                                                                    Program Header Offset:52
                                                                                    Program Header Size:32
                                                                                    Number of Program Headers:3
                                                                                    Section Header Offset:47896
                                                                                    Section Header Size:40
                                                                                    Number of Section Headers:16
                                                                                    Header String Table Index:13

                                                                                    Sections

                                                                                    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                    NULL0x00x00x00x00x0000
                                                                                    .initPROGBITS0x80480940x940x1c0x00x6AX001
                                                                                    .textPROGBITS0x80480b00xb00x98140x00x6AX0016
                                                                                    .finiPROGBITS0x80518c40x98c40x170x00x6AX001
                                                                                    .rodataPROGBITS0x80518e00x98e00x120a0x00x2A0032
                                                                                    .eh_framePROGBITS0x8052aec0xaaec0x40x00x2A004
                                                                                    .ctorsPROGBITS0x80530000xb0000x80x00x3WA004
                                                                                    .dtorsPROGBITS0x80530080xb0080x80x00x3WA004
                                                                                    .jcrPROGBITS0x80530100xb0100x40x00x3WA004
                                                                                    .got.pltPROGBITS0x80530140xb0140xc0x40x3WA004
                                                                                    .dataPROGBITS0x80530200xb0200x2dc0x00x3WA0032
                                                                                    .bssNOBITS0x80533000xb2fc0x64c00x00x3WA0032
                                                                                    .commentPROGBITS0x00xb2fc0x7aa0x00x0001
                                                                                    .shstrtabSTRTAB0x00xbaa60x6f0x00x0001
                                                                                    .symtabSYMTAB0x00xbd980x21e00x100x0151814
                                                                                    .strtabSTRTAB0x00xdf780x187f0x00x0001

                                                                                    Program Segments

                                                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                    LOAD0x00x80480000x80480000xaaf00xaaf06.21290x5R E0x1000.init .text .fini .rodata .eh_frame
                                                                                    LOAD0xb0000x80530000x80530000x2fc0x67c03.72290x6RW 0x1000.ctors .dtors .jcr .got.plt .data .bss
                                                                                    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                                    Symbols

                                                                                    NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                                                                    .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                    .symtab0x80480940SECTION<unknown>DEFAULT1
                                                                                    .symtab0x80480b00SECTION<unknown>DEFAULT2
                                                                                    .symtab0x80518c40SECTION<unknown>DEFAULT3
                                                                                    .symtab0x80518e00SECTION<unknown>DEFAULT4
                                                                                    .symtab0x8052aec0SECTION<unknown>DEFAULT5
                                                                                    .symtab0x80530000SECTION<unknown>DEFAULT6
                                                                                    .symtab0x80530080SECTION<unknown>DEFAULT7
                                                                                    .symtab0x80530100SECTION<unknown>DEFAULT8
                                                                                    .symtab0x80530140SECTION<unknown>DEFAULT9
                                                                                    .symtab0x80530200SECTION<unknown>DEFAULT10
                                                                                    .symtab0x80533000SECTION<unknown>DEFAULT11
                                                                                    .symtab0x00SECTION<unknown>DEFAULT12
                                                                                    .symtab0x00SECTION<unknown>DEFAULT13
                                                                                    .symtab0x00SECTION<unknown>DEFAULT14
                                                                                    .symtab0x00SECTION<unknown>DEFAULT15
                                                                                    Q.symtab0x805334016384OBJECT<unknown>DEFAULT11
                                                                                    StartTheLelz.symtab0x804a19f6704FUNC<unknown>DEFAULT2
                                                                                    _GLOBAL_OFFSET_TABLE_.symtab0x80530140OBJECT<unknown>HIDDEN9
                                                                                    _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                    _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __CTOR_END__.symtab0x80530040OBJECT<unknown>DEFAULT6
                                                                                    __CTOR_LIST__.symtab0x80530000OBJECT<unknown>DEFAULT6
                                                                                    __C_ctype_b.symtab0x80530a04OBJECT<unknown>DEFAULT10
                                                                                    __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __C_ctype_b_data.symtab0x8052240768OBJECT<unknown>DEFAULT4
                                                                                    __C_ctype_toupper.symtab0x80530a84OBJECT<unknown>DEFAULT10
                                                                                    __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __C_ctype_toupper_data.symtab0x8052540768OBJECT<unknown>DEFAULT4
                                                                                    __DTOR_END__.symtab0x805300c0OBJECT<unknown>DEFAULT7
                                                                                    __DTOR_LIST__.symtab0x80530080OBJECT<unknown>DEFAULT7
                                                                                    __EH_FRAME_BEGIN__.symtab0x8052aec0OBJECT<unknown>DEFAULT5
                                                                                    __FRAME_END__.symtab0x8052aec0OBJECT<unknown>DEFAULT5
                                                                                    __GI___C_ctype_b.symtab0x80530a04OBJECT<unknown>HIDDEN10
                                                                                    __GI___C_ctype_b_data.symtab0x8052240768OBJECT<unknown>HIDDEN4
                                                                                    __GI___C_ctype_toupper.symtab0x80530a84OBJECT<unknown>HIDDEN10
                                                                                    __GI___C_ctype_toupper_data.symtab0x8052540768OBJECT<unknown>HIDDEN4
                                                                                    __GI___ctype_b.symtab0x80530a44OBJECT<unknown>HIDDEN10
                                                                                    __GI___ctype_toupper.symtab0x80530ac4OBJECT<unknown>HIDDEN10
                                                                                    __GI___errno_location.symtab0x804ec186FUNC<unknown>HIDDEN2
                                                                                    __GI___fputc_unlocked.symtab0x804edcc187FUNC<unknown>HIDDEN2
                                                                                    __GI___libc_fcntl.symtab0x804e76087FUNC<unknown>HIDDEN2
                                                                                    __GI___libc_fcntl64.symtab0x804e7b863FUNC<unknown>HIDDEN2
                                                                                    __GI___libc_open.symtab0x804e9d475FUNC<unknown>HIDDEN2
                                                                                    __GI___uClibc_fini.symtab0x8050a4863FUNC<unknown>HIDDEN2
                                                                                    __GI___uClibc_init.symtab0x8050abf64FUNC<unknown>HIDDEN2
                                                                                    __GI__exit.symtab0x804e7f840FUNC<unknown>HIDDEN2
                                                                                    __GI_abort.symtab0x80500b4273FUNC<unknown>HIDDEN2
                                                                                    __GI_atoi.symtab0x805054c20FUNC<unknown>HIDDEN2
                                                                                    __GI_atol.symtab0x805054c20FUNC<unknown>HIDDEN2
                                                                                    __GI_brk.symtab0x805158054FUNC<unknown>HIDDEN2
                                                                                    __GI_chdir.symtab0x804e82046FUNC<unknown>HIDDEN2
                                                                                    __GI_clock_getres.symtab0x8050e4c50FUNC<unknown>HIDDEN2
                                                                                    __GI_close.symtab0x804e85046FUNC<unknown>HIDDEN2
                                                                                    __GI_connect.symtab0x804f1f443FUNC<unknown>HIDDEN2
                                                                                    __GI_dup2.symtab0x804e88050FUNC<unknown>HIDDEN2
                                                                                    __GI_errno.symtab0x80593944OBJECT<unknown>HIDDEN11
                                                                                    __GI_execl.symtab0x8050708105FUNC<unknown>HIDDEN2
                                                                                    __GI_execve.symtab0x8050e8054FUNC<unknown>HIDDEN2
                                                                                    __GI_exit.symtab0x80506a0103FUNC<unknown>HIDDEN2
                                                                                    __GI_fcntl.symtab0x804e76087FUNC<unknown>HIDDEN2
                                                                                    __GI_fcntl64.symtab0x804e7b863FUNC<unknown>HIDDEN2
                                                                                    __GI_fork.symtab0x804e8b438FUNC<unknown>HIDDEN2
                                                                                    __GI_fputs_unlocked.symtab0x804ee8849FUNC<unknown>HIDDEN2
                                                                                    __GI_fseek.symtab0x80515b827FUNC<unknown>HIDDEN2
                                                                                    __GI_fseeko64.symtab0x80515d4231FUNC<unknown>HIDDEN2
                                                                                    __GI_fwrite_unlocked.symtab0x804eebc120FUNC<unknown>HIDDEN2
                                                                                    __GI_getdtablesize.symtab0x804e8dc37FUNC<unknown>HIDDEN2
                                                                                    __GI_getegid.symtab0x8050eb838FUNC<unknown>HIDDEN2
                                                                                    __GI_geteuid.symtab0x8050ee038FUNC<unknown>HIDDEN2
                                                                                    __GI_getgid.symtab0x8050f0838FUNC<unknown>HIDDEN2
                                                                                    __GI_getpagesize.symtab0x8050f3017FUNC<unknown>HIDDEN2
                                                                                    __GI_getpid.symtab0x804e90438FUNC<unknown>HIDDEN2
                                                                                    __GI_getrlimit.symtab0x804e92c50FUNC<unknown>HIDDEN2
                                                                                    __GI_getsockname.symtab0x804f22043FUNC<unknown>HIDDEN2
                                                                                    __GI_getuid.symtab0x8050f4438FUNC<unknown>HIDDEN2
                                                                                    __GI_h_errno.symtab0x80593984OBJECT<unknown>HIDDEN11
                                                                                    __GI_inet_addr.symtab0x804f1cc37FUNC<unknown>HIDDEN2
                                                                                    __GI_inet_aton.symtab0x80514c0148FUNC<unknown>HIDDEN2
                                                                                    __GI_inet_ntoa.symtab0x804f1b721FUNC<unknown>HIDDEN2
                                                                                    __GI_inet_ntoa_r.symtab0x804f16879FUNC<unknown>HIDDEN2
                                                                                    __GI_initstate_r.symtab0x80504a1171FUNC<unknown>HIDDEN2
                                                                                    __GI_ioctl.symtab0x804e96063FUNC<unknown>HIDDEN2
                                                                                    __GI_isatty.symtab0x804f0b029FUNC<unknown>HIDDEN2
                                                                                    __GI_kill.symtab0x804e9a050FUNC<unknown>HIDDEN2
                                                                                    __GI_lseek64.symtab0x805182c86FUNC<unknown>HIDDEN2
                                                                                    __GI_memchr.symtab0x805134435FUNC<unknown>HIDDEN2
                                                                                    __GI_memcpy.symtab0x804ef3439FUNC<unknown>HIDDEN2
                                                                                    __GI_mempcpy.symtab0x805136833FUNC<unknown>HIDDEN2
                                                                                    __GI_memrchr.symtab0x805138c176FUNC<unknown>HIDDEN2
                                                                                    __GI_memset.symtab0x804ef5c21FUNC<unknown>HIDDEN2
                                                                                    __GI_mmap.symtab0x8050dc027FUNC<unknown>HIDDEN2
                                                                                    __GI_munmap.symtab0x8050f6c50FUNC<unknown>HIDDEN2
                                                                                    __GI_nanosleep.symtab0x8050fa050FUNC<unknown>HIDDEN2
                                                                                    __GI_open.symtab0x804e9d475FUNC<unknown>HIDDEN2
                                                                                    __GI_pipe.symtab0x804ea3846FUNC<unknown>HIDDEN2
                                                                                    __GI_putc_unlocked.symtab0x804edcc187FUNC<unknown>HIDDEN2
                                                                                    __GI_raise.symtab0x805155424FUNC<unknown>HIDDEN2
                                                                                    __GI_random.symtab0x80501d072FUNC<unknown>HIDDEN2
                                                                                    __GI_random_r.symtab0x80503a994FUNC<unknown>HIDDEN2
                                                                                    __GI_rawmemchr.symtab0x805179499FUNC<unknown>HIDDEN2
                                                                                    __GI_read.symtab0x804ea6854FUNC<unknown>HIDDEN2
                                                                                    __GI_recv.symtab0x804f28851FUNC<unknown>HIDDEN2
                                                                                    __GI_sbrk.symtab0x8050fd478FUNC<unknown>HIDDEN2
                                                                                    __GI_select.symtab0x804eaa063FUNC<unknown>HIDDEN2
                                                                                    __GI_send.symtab0x804f2bc51FUNC<unknown>HIDDEN2
                                                                                    __GI_sendto.symtab0x804f2f067FUNC<unknown>HIDDEN2
                                                                                    __GI_setsid.symtab0x804eae038FUNC<unknown>HIDDEN2
                                                                                    __GI_setsockopt.symtab0x804f33459FUNC<unknown>HIDDEN2
                                                                                    __GI_setstate_r.symtab0x8050310153FUNC<unknown>HIDDEN2
                                                                                    __GI_sigaction.symtab0x8050ccb218FUNC<unknown>HIDDEN2
                                                                                    __GI_sigaddset.symtab0x804f39c42FUNC<unknown>HIDDEN2
                                                                                    __GI_sigemptyset.symtab0x804f3c825FUNC<unknown>HIDDEN2
                                                                                    __GI_signal.symtab0x804f3e4175FUNC<unknown>HIDDEN2
                                                                                    __GI_sigprocmask.symtab0x804eb0885FUNC<unknown>HIDDEN2
                                                                                    __GI_sleep.symtab0x8050774393FUNC<unknown>HIDDEN2
                                                                                    __GI_socket.symtab0x804f37043FUNC<unknown>HIDDEN2
                                                                                    __GI_srandom_r.symtab0x8050407154FUNC<unknown>HIDDEN2
                                                                                    __GI_strchr.symtab0x804ef7430FUNC<unknown>HIDDEN2
                                                                                    __GI_strcpy.symtab0x804ef9427FUNC<unknown>HIDDEN2
                                                                                    __GI_strlen.symtab0x804efb019FUNC<unknown>HIDDEN2
                                                                                    __GI_strpbrk.symtab0x805149839FUNC<unknown>HIDDEN2
                                                                                    __GI_strspn.symtab0x80517f850FUNC<unknown>HIDDEN2
                                                                                    __GI_strstr.symtab0x804efc4206FUNC<unknown>HIDDEN2
                                                                                    __GI_strtok.symtab0x804f09425FUNC<unknown>HIDDEN2
                                                                                    __GI_strtok_r.symtab0x805143c89FUNC<unknown>HIDDEN2
                                                                                    __GI_strtol.symtab0x805056026FUNC<unknown>HIDDEN2
                                                                                    __GI_sysconf.symtab0x8050900325FUNC<unknown>HIDDEN2
                                                                                    __GI_tcgetattr.symtab0x804f0d0112FUNC<unknown>HIDDEN2
                                                                                    __GI_time.symtab0x804eb6046FUNC<unknown>HIDDEN2
                                                                                    __GI_toupper.symtab0x804ebf829FUNC<unknown>HIDDEN2
                                                                                    __GI_vfork.symtab0x804e74821FUNC<unknown>HIDDEN2
                                                                                    __GI_wait4.symtab0x805102459FUNC<unknown>HIDDEN2
                                                                                    __GI_waitpid.symtab0x804eb9026FUNC<unknown>HIDDEN2
                                                                                    __GI_write.symtab0x804ebac54FUNC<unknown>HIDDEN2
                                                                                    __JCR_END__.symtab0x80530100OBJECT<unknown>DEFAULT8
                                                                                    __JCR_LIST__.symtab0x80530100OBJECT<unknown>DEFAULT8
                                                                                    __app_fini.symtab0x80593884OBJECT<unknown>HIDDEN11
                                                                                    __atexit_lock.symtab0x80532e024OBJECT<unknown>DEFAULT10
                                                                                    __bsd_signal.symtab0x804f3e4175FUNC<unknown>HIDDEN2
                                                                                    __bss_start.symtab0x80532fc0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                    __check_one_fd.symtab0x8050a8b52FUNC<unknown>DEFAULT2
                                                                                    __ctype_b.symtab0x80530a44OBJECT<unknown>DEFAULT10
                                                                                    __ctype_toupper.symtab0x80530ac4OBJECT<unknown>DEFAULT10
                                                                                    __curbrk.symtab0x805939c4OBJECT<unknown>HIDDEN11
                                                                                    __data_start.symtab0x80530280NOTYPE<unknown>DEFAULT10
                                                                                    __deregister_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                    __do_global_ctors_aux.symtab0x80518900FUNC<unknown>DEFAULT2
                                                                                    __do_global_dtors_aux.symtab0x80480c00FUNC<unknown>DEFAULT2
                                                                                    __dso_handle.symtab0x80530200OBJECT<unknown>HIDDEN10
                                                                                    __environ.symtab0x80593804OBJECT<unknown>DEFAULT11
                                                                                    __errno_location.symtab0x804ec186FUNC<unknown>DEFAULT2
                                                                                    __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __exit_cleanup.symtab0x80593784OBJECT<unknown>HIDDEN11
                                                                                    __fini_array_end.symtab0x80530000NOTYPE<unknown>HIDDENSHN_ABS
                                                                                    __fini_array_start.symtab0x80530000NOTYPE<unknown>HIDDENSHN_ABS
                                                                                    __fputc_unlocked.symtab0x804edcc187FUNC<unknown>DEFAULT2
                                                                                    __get_pc_thunk_bx.symtab0x80480b00FUNC<unknown>HIDDEN2
                                                                                    __getpagesize.symtab0x8050f3017FUNC<unknown>DEFAULT2
                                                                                    __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                    __init_array_end.symtab0x80530000NOTYPE<unknown>HIDDENSHN_ABS
                                                                                    __init_array_start.symtab0x80530000NOTYPE<unknown>HIDDENSHN_ABS
                                                                                    __libc_close.symtab0x804e85046FUNC<unknown>DEFAULT2
                                                                                    __libc_connect.symtab0x804f1f443FUNC<unknown>DEFAULT2
                                                                                    __libc_creat.symtab0x804ea1f25FUNC<unknown>DEFAULT2
                                                                                    __libc_fcntl.symtab0x804e76087FUNC<unknown>DEFAULT2
                                                                                    __libc_fcntl64.symtab0x804e7b863FUNC<unknown>DEFAULT2
                                                                                    __libc_fork.symtab0x804e8b438FUNC<unknown>DEFAULT2
                                                                                    __libc_getpid.symtab0x804e90438FUNC<unknown>DEFAULT2
                                                                                    __libc_lseek64.symtab0x805182c86FUNC<unknown>DEFAULT2
                                                                                    __libc_nanosleep.symtab0x8050fa050FUNC<unknown>DEFAULT2
                                                                                    __libc_open.symtab0x804e9d475FUNC<unknown>DEFAULT2
                                                                                    __libc_read.symtab0x804ea6854FUNC<unknown>DEFAULT2
                                                                                    __libc_recv.symtab0x804f28851FUNC<unknown>DEFAULT2
                                                                                    __libc_select.symtab0x804eaa063FUNC<unknown>DEFAULT2
                                                                                    __libc_send.symtab0x804f2bc51FUNC<unknown>DEFAULT2
                                                                                    __libc_sendto.symtab0x804f2f067FUNC<unknown>DEFAULT2
                                                                                    __libc_sigaction.symtab0x8050ccb218FUNC<unknown>DEFAULT2
                                                                                    __libc_stack_end.symtab0x805937c4OBJECT<unknown>DEFAULT11
                                                                                    __libc_waitpid.symtab0x804eb9026FUNC<unknown>DEFAULT2
                                                                                    __libc_write.symtab0x804ebac54FUNC<unknown>DEFAULT2
                                                                                    __malloc_consolidate.symtab0x804fd4d424FUNC<unknown>HIDDEN2
                                                                                    __malloc_largebin_index.symtab0x804f4f838FUNC<unknown>DEFAULT2
                                                                                    __malloc_lock.symtab0x80531f024OBJECT<unknown>DEFAULT10
                                                                                    __malloc_state.symtab0x8059440888OBJECT<unknown>DEFAULT11
                                                                                    __malloc_trim.symtab0x804fcc0141FUNC<unknown>DEFAULT2
                                                                                    __pagesize.symtab0x80593844OBJECT<unknown>DEFAULT11
                                                                                    __preinit_array_end.symtab0x80530000NOTYPE<unknown>HIDDENSHN_ABS
                                                                                    __preinit_array_start.symtab0x80530000NOTYPE<unknown>HIDDENSHN_ABS
                                                                                    __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                    __pthread_mutex_init.symtab0x8050a873FUNC<unknown>DEFAULT2
                                                                                    __pthread_mutex_lock.symtab0x8050a873FUNC<unknown>DEFAULT2
                                                                                    __pthread_mutex_trylock.symtab0x8050a873FUNC<unknown>DEFAULT2
                                                                                    __pthread_mutex_unlock.symtab0x8050a873FUNC<unknown>DEFAULT2
                                                                                    __pthread_return_0.symtab0x8050a873FUNC<unknown>DEFAULT2
                                                                                    __pthread_return_void.symtab0x8050a8a1FUNC<unknown>DEFAULT2
                                                                                    __raise.symtab0x805155424FUNC<unknown>HIDDEN2
                                                                                    __register_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                    __restore.symtab0x8050cc30NOTYPE<unknown>DEFAULT2
                                                                                    __restore_rt.symtab0x8050cbc0NOTYPE<unknown>DEFAULT2
                                                                                    __rtld_fini.symtab0x805938c4OBJECT<unknown>HIDDEN11
                                                                                    __sigaddset.symtab0x804f4b832FUNC<unknown>DEFAULT2
                                                                                    __sigdelset.symtab0x804f4d832FUNC<unknown>DEFAULT2
                                                                                    __sigismember.symtab0x804f49436FUNC<unknown>DEFAULT2
                                                                                    __socketcall.symtab0x8050ddc50FUNC<unknown>HIDDEN2
                                                                                    __socketcall.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __stdin.symtab0x80530bc4OBJECT<unknown>DEFAULT10
                                                                                    __stdio_WRITE.symtab0x8051060128FUNC<unknown>HIDDEN2
                                                                                    __stdio_adjust_position.symtab0x80516bc164FUNC<unknown>HIDDEN2
                                                                                    __stdio_fwrite.symtab0x80510e0234FUNC<unknown>HIDDEN2
                                                                                    __stdio_init_mutex.symtab0x804ecff23FUNC<unknown>HIDDEN2
                                                                                    __stdio_mutex_initializer.4160.symtab0x805284024OBJECT<unknown>DEFAULT4
                                                                                    __stdio_seek.symtab0x805176051FUNC<unknown>HIDDEN2
                                                                                    __stdio_trans2w_o.symtab0x80511cc167FUNC<unknown>HIDDEN2
                                                                                    __stdio_wcommit.symtab0x804eda043FUNC<unknown>HIDDEN2
                                                                                    __stdout.symtab0x80530c04OBJECT<unknown>DEFAULT10
                                                                                    __syscall_error.symtab0x8050da821FUNC<unknown>HIDDEN2
                                                                                    __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __syscall_fcntl64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __syscall_rt_sigaction.symtab0x8050e1059FUNC<unknown>HIDDEN2
                                                                                    __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __uClibc_fini.symtab0x8050a4863FUNC<unknown>DEFAULT2
                                                                                    __uClibc_init.symtab0x8050abf64FUNC<unknown>DEFAULT2
                                                                                    __uClibc_main.symtab0x8050aff443FUNC<unknown>DEFAULT2
                                                                                    __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    __uclibc_progname.symtab0x80532f84OBJECT<unknown>HIDDEN10
                                                                                    __vfork.symtab0x804e74821FUNC<unknown>HIDDEN2
                                                                                    _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _dl_aux_init.symtab0x805156c18FUNC<unknown>DEFAULT2
                                                                                    _dl_phdr.symtab0x80597b84OBJECT<unknown>DEFAULT11
                                                                                    _dl_phnum.symtab0x80597bc4OBJECT<unknown>DEFAULT11
                                                                                    _edata.symtab0x80532fc0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                    _end.symtab0x80597c00NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                    _errno.symtab0x80593944OBJECT<unknown>DEFAULT11
                                                                                    _exit.symtab0x804e7f840FUNC<unknown>DEFAULT2
                                                                                    _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _fini.symtab0x80518c43FUNC<unknown>DEFAULT3
                                                                                    _fixed_buffers.symtab0x80573608192OBJECT<unknown>DEFAULT11
                                                                                    _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _h_errno.symtab0x80593984OBJECT<unknown>DEFAULT11
                                                                                    _init.symtab0x80480943FUNC<unknown>DEFAULT1
                                                                                    _pthread_cleanup_pop_restore.symtab0x8050a8a1FUNC<unknown>DEFAULT2
                                                                                    _pthread_cleanup_push_defer.symtab0x8050a8a1FUNC<unknown>DEFAULT2
                                                                                    _sigintr.symtab0x80593c0128OBJECT<unknown>HIDDEN11
                                                                                    _start.symtab0x804816834FUNC<unknown>DEFAULT2
                                                                                    _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _stdio_init.symtab0x804ec9c99FUNC<unknown>HIDDEN2
                                                                                    _stdio_openlist.symtab0x80530c44OBJECT<unknown>DEFAULT10
                                                                                    _stdio_openlist_add_lock.symtab0x80530c824OBJECT<unknown>DEFAULT10
                                                                                    _stdio_openlist_del_count.symtab0x80573484OBJECT<unknown>DEFAULT11
                                                                                    _stdio_openlist_del_lock.symtab0x80530e024OBJECT<unknown>DEFAULT10
                                                                                    _stdio_openlist_use_count.symtab0x80573444OBJECT<unknown>DEFAULT11
                                                                                    _stdio_streams.symtab0x8053100240OBJECT<unknown>DEFAULT10
                                                                                    _stdio_term.symtab0x804ed16136FUNC<unknown>HIDDEN2
                                                                                    _stdio_user_locking.symtab0x80530f84OBJECT<unknown>DEFAULT10
                                                                                    _stdlib_strto_l.symtab0x805057c289FUNC<unknown>HIDDEN2
                                                                                    _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _uintmaxtostr.symtab0x8051274207FUNC<unknown>HIDDEN2
                                                                                    _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    abort.symtab0x80500b4273FUNC<unknown>DEFAULT2
                                                                                    abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    atoi.symtab0x805054c20FUNC<unknown>DEFAULT2
                                                                                    atol.symtab0x805054c20FUNC<unknown>DEFAULT2
                                                                                    atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    been_there_done_that.symtab0x80593741OBJECT<unknown>DEFAULT11
                                                                                    been_there_done_that.3001.symtab0x80593901OBJECT<unknown>DEFAULT11
                                                                                    brk.symtab0x805158054FUNC<unknown>DEFAULT2
                                                                                    brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    bsd_signal.symtab0x804f3e4175FUNC<unknown>DEFAULT2
                                                                                    buf.2827.symtab0x805936416OBJECT<unknown>DEFAULT11
                                                                                    c.symtab0x80530984OBJECT<unknown>DEFAULT10
                                                                                    chdir.symtab0x804e82046FUNC<unknown>DEFAULT2
                                                                                    chdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    client.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    clock_getres.symtab0x8050e4c50FUNC<unknown>DEFAULT2
                                                                                    clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    close.symtab0x804e85046FUNC<unknown>DEFAULT2
                                                                                    close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    commServer.symtab0x80530404OBJECT<unknown>DEFAULT10
                                                                                    completed.2429.symtab0x80533001OBJECT<unknown>DEFAULT11
                                                                                    connect.symtab0x804f1f443FUNC<unknown>DEFAULT2
                                                                                    connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    connectTimeout.symtab0x8049419523FUNC<unknown>DEFAULT2
                                                                                    creat.symtab0x804ea1f25FUNC<unknown>DEFAULT2
                                                                                    crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    csum.symtab0x8049f98159FUNC<unknown>DEFAULT2
                                                                                    currentServer.symtab0x80530444OBJECT<unknown>DEFAULT10
                                                                                    data_start.symtab0x80530280NOTYPE<unknown>DEFAULT10
                                                                                    dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    dup2.symtab0x804e88050FUNC<unknown>DEFAULT2
                                                                                    dup2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    environ.symtab0x80593804OBJECT<unknown>DEFAULT11
                                                                                    errno.symtab0x80593944OBJECT<unknown>DEFAULT11
                                                                                    errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    execl.symtab0x8050708105FUNC<unknown>DEFAULT2
                                                                                    execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    execve.symtab0x8050e8054FUNC<unknown>DEFAULT2
                                                                                    execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    exit.symtab0x80506a0103FUNC<unknown>DEFAULT2
                                                                                    exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    fcntl.symtab0x804e76087FUNC<unknown>DEFAULT2
                                                                                    fcntl64.symtab0x804e7b863FUNC<unknown>DEFAULT2
                                                                                    fdgets.symtab0x8048d15111FUNC<unknown>DEFAULT2
                                                                                    fdopen_pids.symtab0x80573404OBJECT<unknown>DEFAULT11
                                                                                    fdpclose.symtab0x8048ba0373FUNC<unknown>DEFAULT2
                                                                                    fdpopen.symtab0x80489ba486FUNC<unknown>DEFAULT2
                                                                                    fork.symtab0x804e8b438FUNC<unknown>DEFAULT2
                                                                                    fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    fputc_unlocked.symtab0x804edcc187FUNC<unknown>DEFAULT2
                                                                                    fputc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    fputs_unlocked.symtab0x804ee8849FUNC<unknown>DEFAULT2
                                                                                    fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    frame_dummy.symtab0x80481100FUNC<unknown>DEFAULT2
                                                                                    free.symtab0x804fef5412FUNC<unknown>DEFAULT2
                                                                                    free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    fseek.symtab0x80515b827FUNC<unknown>DEFAULT2
                                                                                    fseeko.symtab0x80515b827FUNC<unknown>DEFAULT2
                                                                                    fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    fseeko64.symtab0x80515d4231FUNC<unknown>DEFAULT2
                                                                                    fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    fwrite_unlocked.symtab0x804eebc120FUNC<unknown>DEFAULT2
                                                                                    fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getBogos.symtab0x8048f55450FUNC<unknown>DEFAULT2
                                                                                    getBuild.symtab0x804df1f10FUNC<unknown>DEFAULT2
                                                                                    getCores.symtab0x8049117174FUNC<unknown>DEFAULT2
                                                                                    getHost.symtab0x8048eef55FUNC<unknown>DEFAULT2
                                                                                    getOurIP.symtab0x804dcfc547FUNC<unknown>DEFAULT2
                                                                                    getRandomIP.symtab0x8049f6c44FUNC<unknown>DEFAULT2
                                                                                    getRandomPublicIP.symtab0x8049b461062FUNC<unknown>DEFAULT2
                                                                                    getdtablesize.symtab0x804e8dc37FUNC<unknown>DEFAULT2
                                                                                    getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getegid.symtab0x8050eb838FUNC<unknown>DEFAULT2
                                                                                    getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    geteuid.symtab0x8050ee038FUNC<unknown>DEFAULT2
                                                                                    geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getgid.symtab0x8050f0838FUNC<unknown>DEFAULT2
                                                                                    getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getpagesize.symtab0x8050f3017FUNC<unknown>DEFAULT2
                                                                                    getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getpid.symtab0x804e90438FUNC<unknown>DEFAULT2
                                                                                    getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getrlimit.symtab0x804e92c50FUNC<unknown>DEFAULT2
                                                                                    getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getsockname.symtab0x804f22043FUNC<unknown>DEFAULT2
                                                                                    getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getsockopt.symtab0x804f24c59FUNC<unknown>DEFAULT2
                                                                                    getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    getuid.symtab0x8050f4438FUNC<unknown>DEFAULT2
                                                                                    getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    gotIP.symtab0x80533244OBJECT<unknown>DEFAULT11
                                                                                    h_errno.symtab0x80593984OBJECT<unknown>DEFAULT11
                                                                                    hextable.symtab0x80519801024OBJECT<unknown>DEFAULT4
                                                                                    htonl.symtab0x804f14d7FUNC<unknown>DEFAULT2
                                                                                    htons.symtab0x804f14013FUNC<unknown>DEFAULT2
                                                                                    i.4251.symtab0x805309c4OBJECT<unknown>DEFAULT10
                                                                                    index.symtab0x804ef7430FUNC<unknown>DEFAULT2
                                                                                    inet_addr.symtab0x804f1cc37FUNC<unknown>DEFAULT2
                                                                                    inet_aton.symtab0x80514c0148FUNC<unknown>DEFAULT2
                                                                                    inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    inet_ntoa.symtab0x804f1b721FUNC<unknown>DEFAULT2
                                                                                    inet_ntoa.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    inet_ntoa_r.symtab0x804f16879FUNC<unknown>DEFAULT2
                                                                                    initConnection.symtab0x804dbae334FUNC<unknown>DEFAULT2
                                                                                    init_rand.symtab0x804818c111FUNC<unknown>DEFAULT2
                                                                                    initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    initstate.symtab0x805027587FUNC<unknown>DEFAULT2
                                                                                    initstate_r.symtab0x80504a1171FUNC<unknown>DEFAULT2
                                                                                    ioctl.symtab0x804e96063FUNC<unknown>DEFAULT2
                                                                                    ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    ipState.symtab0x80533365OBJECT<unknown>DEFAULT11
                                                                                    isatty.symtab0x804f0b029FUNC<unknown>DEFAULT2
                                                                                    isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    isspace.symtab0x804ebe417FUNC<unknown>DEFAULT2
                                                                                    isspace.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    kill.symtab0x804e9a050FUNC<unknown>DEFAULT2
                                                                                    kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    libc/sysdeps/linux/i386/crt1.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    libc/sysdeps/linux/i386/crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    libc/sysdeps/linux/i386/crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    libc/sysdeps/linux/i386/mmap.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    libc/sysdeps/linux/i386/vfork.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    listFork.symtab0x8049624261FUNC<unknown>DEFAULT2
                                                                                    llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    lseek64.symtab0x805182c86FUNC<unknown>DEFAULT2
                                                                                    macAddress.symtab0x80533306OBJECT<unknown>DEFAULT11
                                                                                    main.symtab0x804df292077FUNC<unknown>DEFAULT2
                                                                                    mainCommSock.symtab0x80533204OBJECT<unknown>DEFAULT11
                                                                                    makeIPPacket.symtab0x804a0ef132FUNC<unknown>DEFAULT2
                                                                                    makeRandomStr.symtab0x80491c5106FUNC<unknown>DEFAULT2
                                                                                    malloc.symtab0x804f51e1954FUNC<unknown>DEFAULT2
                                                                                    malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    malloc_trim.symtab0x805009134FUNC<unknown>DEFAULT2
                                                                                    matchPrompt.symtab0x804984c263FUNC<unknown>DEFAULT2
                                                                                    memchr.symtab0x805134435FUNC<unknown>DEFAULT2
                                                                                    memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    memcpy.symtab0x804ef3439FUNC<unknown>DEFAULT2
                                                                                    memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    mempcpy.symtab0x805136833FUNC<unknown>DEFAULT2
                                                                                    mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    memrchr.symtab0x805138c176FUNC<unknown>DEFAULT2
                                                                                    memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    memset.symtab0x804ef5c21FUNC<unknown>DEFAULT2
                                                                                    memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    mmap.symtab0x8050dc027FUNC<unknown>DEFAULT2
                                                                                    munmap.symtab0x8050f6c50FUNC<unknown>DEFAULT2
                                                                                    munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    mylock.symtab0x805320824OBJECT<unknown>DEFAULT10
                                                                                    mylock.symtab0x805322024OBJECT<unknown>DEFAULT10
                                                                                    nanosleep.symtab0x8050fa050FUNC<unknown>DEFAULT2
                                                                                    nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    negotiate.symtab0x8049729291FUNC<unknown>DEFAULT2
                                                                                    next_start.1278.symtab0x80593604OBJECT<unknown>DEFAULT11
                                                                                    ntohl.symtab0x804f1617FUNC<unknown>DEFAULT2
                                                                                    ntohl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    ntohs.symtab0x804f15413FUNC<unknown>DEFAULT2
                                                                                    numpids.symtab0x80533288OBJECT<unknown>DEFAULT11
                                                                                    object.2482.symtab0x805330424OBJECT<unknown>DEFAULT11
                                                                                    open.symtab0x804e9d475FUNC<unknown>DEFAULT2
                                                                                    open.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    ourIP.symtab0x80593a04OBJECT<unknown>DEFAULT11
                                                                                    p.2427.symtab0x80530240OBJECT<unknown>DEFAULT10
                                                                                    parseHex.symtab0x8048d8468FUNC<unknown>DEFAULT2
                                                                                    passwords.symtab0x805306056OBJECT<unknown>DEFAULT10
                                                                                    pids.symtab0x80593a84OBJECT<unknown>DEFAULT11
                                                                                    pipe.symtab0x804ea3846FUNC<unknown>DEFAULT2
                                                                                    pipe.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    print.symtab0x80485c1722FUNC<unknown>DEFAULT2
                                                                                    printchar.symtab0x804836666FUNC<unknown>DEFAULT2
                                                                                    printi.symtab0x8048482319FUNC<unknown>DEFAULT2
                                                                                    prints.symtab0x80483a8218FUNC<unknown>DEFAULT2
                                                                                    processCmd.symtab0x804ce393445FUNC<unknown>DEFAULT2
                                                                                    putc_unlocked.symtab0x804edcc187FUNC<unknown>DEFAULT2
                                                                                    puts.symtab0x804ec20124FUNC<unknown>DEFAULT2
                                                                                    puts.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    raise.symtab0x805155424FUNC<unknown>DEFAULT2
                                                                                    raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    rand.symtab0x80501c85FUNC<unknown>DEFAULT2
                                                                                    rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    rand_cmwc.symtab0x80481fb192FUNC<unknown>DEFAULT2
                                                                                    random.symtab0x80501d072FUNC<unknown>DEFAULT2
                                                                                    random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    random_poly_info.symtab0x805286040OBJECT<unknown>DEFAULT4
                                                                                    random_r.symtab0x80503a994FUNC<unknown>DEFAULT2
                                                                                    random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    randtbl.symtab0x8053260128OBJECT<unknown>DEFAULT10
                                                                                    rawmemchr.symtab0x805179499FUNC<unknown>DEFAULT2
                                                                                    rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    read.symtab0x804ea6854FUNC<unknown>DEFAULT2
                                                                                    read.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    readUntil.symtab0x8049953499FUNC<unknown>DEFAULT2
                                                                                    recv.symtab0x804f28851FUNC<unknown>DEFAULT2
                                                                                    recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    recvLine.symtab0x804922f490FUNC<unknown>DEFAULT2
                                                                                    sbrk.symtab0x8050fd478FUNC<unknown>DEFAULT2
                                                                                    sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    scanPid.symtab0x80593a44OBJECT<unknown>DEFAULT11
                                                                                    sclose.symtab0x804a17344FUNC<unknown>DEFAULT2
                                                                                    select.symtab0x804eaa063FUNC<unknown>DEFAULT2
                                                                                    select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    send.symtab0x804f2bc51FUNC<unknown>DEFAULT2
                                                                                    send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sendHOLD.symtab0x804ca121063FUNC<unknown>DEFAULT2
                                                                                    sendJUNK.symtab0x804c632992FUNC<unknown>DEFAULT2
                                                                                    sendTCP.symtab0x804c06a1480FUNC<unknown>DEFAULT2
                                                                                    sendUDP.symtab0x804bbcf1179FUNC<unknown>DEFAULT2
                                                                                    sendto.symtab0x804f2f067FUNC<unknown>DEFAULT2
                                                                                    sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    setsid.symtab0x804eae038FUNC<unknown>DEFAULT2
                                                                                    setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    setsockopt.symtab0x804f33459FUNC<unknown>DEFAULT2
                                                                                    setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    setstate.symtab0x805021893FUNC<unknown>DEFAULT2
                                                                                    setstate_r.symtab0x8050310153FUNC<unknown>DEFAULT2
                                                                                    sigaction.symtab0x8050ccb218FUNC<unknown>DEFAULT2
                                                                                    sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sigaddset.symtab0x804f39c42FUNC<unknown>DEFAULT2
                                                                                    sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sigemptyset.symtab0x804f3c825FUNC<unknown>DEFAULT2
                                                                                    signal.symtab0x804f3e4175FUNC<unknown>DEFAULT2
                                                                                    signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sigprocmask.symtab0x804eb0885FUNC<unknown>DEFAULT2
                                                                                    sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sleep.symtab0x8050774393FUNC<unknown>DEFAULT2
                                                                                    sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    socket.symtab0x804f37043FUNC<unknown>DEFAULT2
                                                                                    socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sockprintf.symtab0x80488e2216FUNC<unknown>DEFAULT2
                                                                                    srand.symtab0x80502cc67FUNC<unknown>DEFAULT2
                                                                                    srandom.symtab0x80502cc67FUNC<unknown>DEFAULT2
                                                                                    srandom_r.symtab0x8050407154FUNC<unknown>DEFAULT2
                                                                                    stderr.symtab0x80530b84OBJECT<unknown>DEFAULT10
                                                                                    stdin.symtab0x80530b04OBJECT<unknown>DEFAULT10
                                                                                    stdout.symtab0x80530b44OBJECT<unknown>DEFAULT10
                                                                                    strchr.symtab0x804ef7430FUNC<unknown>DEFAULT2
                                                                                    strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strcpy.symtab0x804ef9427FUNC<unknown>DEFAULT2
                                                                                    strcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strlen.symtab0x804efb019FUNC<unknown>DEFAULT2
                                                                                    strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strpbrk.symtab0x805149839FUNC<unknown>DEFAULT2
                                                                                    strpbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strspn.symtab0x80517f850FUNC<unknown>DEFAULT2
                                                                                    strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strstr.symtab0x804efc4206FUNC<unknown>DEFAULT2
                                                                                    strstr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strtok.symtab0x804f09425FUNC<unknown>DEFAULT2
                                                                                    strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strtok_r.symtab0x805143c89FUNC<unknown>DEFAULT2
                                                                                    strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    strtol.symtab0x805056026FUNC<unknown>DEFAULT2
                                                                                    strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    sysconf.symtab0x8050900325FUNC<unknown>DEFAULT2
                                                                                    sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    szprintf.symtab0x80488bb39FUNC<unknown>DEFAULT2
                                                                                    tcgetattr.symtab0x804f0d0112FUNC<unknown>DEFAULT2
                                                                                    tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    tcpcsum.symtab0x804a037184FUNC<unknown>DEFAULT2
                                                                                    time.symtab0x804eb6046FUNC<unknown>DEFAULT2
                                                                                    time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    toupper.symtab0x804ebf829FUNC<unknown>DEFAULT2
                                                                                    toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    trim.symtab0x80482bb171FUNC<unknown>DEFAULT2
                                                                                    unsafe_state.symtab0x805323828OBJECT<unknown>DEFAULT10
                                                                                    uppercase.symtab0x8048f2647FUNC<unknown>DEFAULT2
                                                                                    usernames.symtab0x805304824OBJECT<unknown>DEFAULT10
                                                                                    vfork.symtab0x804e74821FUNC<unknown>DEFAULT2
                                                                                    wait4.symtab0x805102459FUNC<unknown>DEFAULT2
                                                                                    wait4.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    waitpid.symtab0x804eb9026FUNC<unknown>DEFAULT2
                                                                                    waitpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    wildString.symtab0x8048dc8295FUNC<unknown>DEFAULT2
                                                                                    write.symtab0x804ebac54FUNC<unknown>DEFAULT2
                                                                                    write.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                    zprintf.symtab0x804889340FUNC<unknown>DEFAULT2

                                                                                    Network Behavior

                                                                                    Download Network PCAP: filteredfull

                                                                                    Network Port Distribution

                                                                                    • Total Packets: 51
                                                                                    • 6667 undefined
                                                                                    • 443 (HTTPS)
                                                                                    • 53 (DNS)
                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 21, 2025 21:06:38.014450073 CET393766667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:06:38.188672066 CET66673937693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:06:42.703258991 CET34590443192.168.2.1454.217.10.153
                                                                                    Mar 21, 2025 21:06:43.190279961 CET393786667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:06:43.368585110 CET66673937893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:06:48.370062113 CET393806667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:06:48.537039995 CET66673938093.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:06:48.847064972 CET46540443192.168.2.14185.125.190.26
                                                                                    Mar 21, 2025 21:06:53.539273977 CET393826667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:06:53.709377050 CET66673938293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:06:58.711025000 CET393846667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:06:58.879674911 CET66673938493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:03.881742001 CET393866667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:04.056922913 CET66673938693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:09.059433937 CET393886667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:09.234214067 CET66673938893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:11.327085972 CET37924443192.168.2.1454.171.230.55
                                                                                    Mar 21, 2025 21:07:11.327186108 CET4433792454.171.230.55192.168.2.14
                                                                                    Mar 21, 2025 21:07:11.327316999 CET37924443192.168.2.1454.171.230.55
                                                                                    Mar 21, 2025 21:07:11.329454899 CET37924443192.168.2.1454.171.230.55
                                                                                    Mar 21, 2025 21:07:11.329492092 CET4433792454.171.230.55192.168.2.14
                                                                                    Mar 21, 2025 21:07:14.236216068 CET393926667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:14.400830984 CET66673939293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:19.402612925 CET393946667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:19.574062109 CET66673939493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:19.821578026 CET46540443192.168.2.14185.125.190.26
                                                                                    Mar 21, 2025 21:07:24.576033115 CET393966667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:24.750900984 CET66673939693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:29.753273010 CET393986667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:29.929107904 CET66673939893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:34.931277990 CET394006667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:35.097965002 CET66673940093.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:40.099839926 CET394026667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:40.268589020 CET66673940293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:45.270535946 CET394046667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:45.446297884 CET66673940493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:50.448252916 CET394066667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:50.626514912 CET66673940693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:07:55.628391981 CET394086667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:07:55.793901920 CET66673940893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:00.796004057 CET394106667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:00.972845078 CET66673941093.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:05.974884033 CET394126667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:06.155261040 CET66673941293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:11.157155991 CET394146667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:11.324326992 CET66673941493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:11.325438023 CET37924443192.168.2.1454.171.230.55
                                                                                    Mar 21, 2025 21:08:11.368336916 CET4433792454.171.230.55192.168.2.14
                                                                                    Mar 21, 2025 21:08:16.327184916 CET394166667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:16.490289927 CET66673941693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:21.491918087 CET394186667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:21.667943001 CET66673941893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:26.669743061 CET394206667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:26.840187073 CET66673942093.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:31.841880083 CET394226667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:32.017949104 CET66673942293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:37.019221067 CET394246667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:37.188457012 CET66673942493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:42.190665960 CET394266667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:42.364200115 CET66673942693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:47.366224051 CET394286667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:47.541614056 CET66673942893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:52.553258896 CET394306667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:52.727278948 CET66673943093.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:08:57.729748964 CET394326667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:08:57.899399042 CET66673943293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:02.901094913 CET394346667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:03.071039915 CET66673943493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:08.072791100 CET394366667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:08.243237019 CET66673943693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:13.244808912 CET394386667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:13.414674997 CET66673943893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:18.416677952 CET394406667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:18.588408947 CET66673944093.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:23.589953899 CET394426667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:23.760080099 CET66673944293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:28.761569977 CET394446667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:28.926265955 CET66673944493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:33.927473068 CET394466667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:34.096992970 CET66673944693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:39.098201036 CET394486667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:39.271661997 CET66673944893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:44.273565054 CET394506667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:44.446161985 CET66673945093.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:49.448050022 CET394526667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:49.616540909 CET66673945293.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:54.617955923 CET394546667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:54.788321972 CET66673945493.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:09:59.790226936 CET394566667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:09:59.966064930 CET66673945693.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:10:04.967763901 CET394586667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:10:05.139556885 CET66673945893.115.172.234192.168.2.14
                                                                                    Mar 21, 2025 21:10:10.140979052 CET394606667192.168.2.1493.115.172.234
                                                                                    Mar 21, 2025 21:10:10.306997061 CET66673946093.115.172.234192.168.2.14
                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 21, 2025 21:09:22.960658073 CET4193453192.168.2.148.8.8.8
                                                                                    Mar 21, 2025 21:09:22.960722923 CET5979353192.168.2.148.8.8.8
                                                                                    Mar 21, 2025 21:09:23.051613092 CET53597938.8.8.8192.168.2.14
                                                                                    Mar 21, 2025 21:09:23.057862997 CET53419348.8.8.8192.168.2.14

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Mar 21, 2025 21:09:22.960658073 CET192.168.2.148.8.8.80xce3eStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                                                    Mar 21, 2025 21:09:22.960722923 CET192.168.2.148.8.8.80xf735Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Mar 21, 2025 21:09:23.057862997 CET8.8.8.8192.168.2.140xce3eNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                                                                    Mar 21, 2025 21:09:23.057862997 CET8.8.8.8192.168.2.140xce3eNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                                                                    System Behavior

                                                                                    General

                                                                                    Start time (UTC):20:06:36
                                                                                    Start date (UTC):21/03/2025
                                                                                    Path:/tmp/wget.elf
                                                                                    Arguments:/tmp/wget.elf
                                                                                    File size:63479 bytes
                                                                                    MD5 hash:d22d580c17f65c1cec1120b194ab453d

                                                                                    File Activities

                                                                                    Process Activities


                                                                                    General

                                                                                    Start time (UTC):20:06:36
                                                                                    Start date (UTC):21/03/2025
                                                                                    Path:/tmp/wget.elf
                                                                                    Arguments:-
                                                                                    File size:63479 bytes
                                                                                    MD5 hash:d22d580c17f65c1cec1120b194ab453d

                                                                                    Process Activities


                                                                                    General

                                                                                    Start time (UTC):20:06:36
                                                                                    Start date (UTC):21/03/2025
                                                                                    Path:/tmp/wget.elf
                                                                                    Arguments:-
                                                                                    File size:63479 bytes
                                                                                    MD5 hash:d22d580c17f65c1cec1120b194ab453d

                                                                                    Process Activities


                                                                                    General

                                                                                    Start time (UTC):20:08:10
                                                                                    Start date (UTC):21/03/2025
                                                                                    Path:/usr/bin/dash
                                                                                    Arguments:-
                                                                                    File size:129816 bytes
                                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                    Process Activities


                                                                                    General

                                                                                    Start time (UTC):20:08:10
                                                                                    Start date (UTC):21/03/2025
                                                                                    Path:/usr/bin/rm
                                                                                    Arguments:rm -f /tmp/tmp.fWOb9WKTDA /tmp/tmp.9ijiu0TQHx /tmp/tmp.pBTa6aCfnW
                                                                                    File size:72056 bytes
                                                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                                    File Activities


                                                                                    General

                                                                                    Start time (UTC):20:08:10
                                                                                    Start date (UTC):21/03/2025
                                                                                    Path:/usr/bin/dash
                                                                                    Arguments:-
                                                                                    File size:129816 bytes
                                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                    Process Activities


                                                                                    General

                                                                                    Start time (UTC):20:08:10
                                                                                    Start date (UTC):21/03/2025
                                                                                    Path:/usr/bin/rm
                                                                                    Arguments:rm -f /tmp/tmp.fWOb9WKTDA /tmp/tmp.9ijiu0TQHx /tmp/tmp.pBTa6aCfnW
                                                                                    File size:72056 bytes
                                                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                                    File Activities