Loading... Additional Content is being loaded

Linux Analysis Report
pict.jpg

Overview

General Information

Sample name:	pict.jpg
Analysis ID:	1523488
MD5:	c2c7e9be6e780a56601e686998bbf93c
SHA1:	c026533f36e6fccde39239cf4a1df926fbff0ff9
SHA256:	384d513d6c0706d93c56426e893b4582fe9861dc223ccce2f74c53d57ff2b7ce
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false

Signatures

Creates hidden files and/or directories

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

Source: classification engine

Classification label: clean1.linJPG@0/0@0/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4819)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/exo-open (PID: 4819)	Directory: /home/james/.cache			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4827)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.Xdefaults-ubuntu			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /tmp/.X0-lock			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /tmp/.hidden			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /tmp/.xfsm-ICE-TWMPB2			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.cache			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.local			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.config			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Directory: /home/james/.Xauthority			Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4819)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4827)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Queries kernel information via 'uname':			Jump to behavior

Screenshots

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256

Source: classification engine

Classification label: clean1.linJPG@0/0@0/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4819)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/exo-open (PID: 4819)	Directory: /home/james/.cache			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4827)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.Xauthority			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.Xdefaults-ubuntu			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /tmp/.X0-lock			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /tmp/.hidden			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /tmp/.xfsm-ICE-TWMPB2			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.cache			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.local			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Directory: /home/james/.config			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Directory: /home/james/.Xauthority			Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4819)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4827)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ristretto (PID: 4845)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4862)	Queries kernel information via 'uname':			Jump to behavior