Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1532147
MD5:	455337989426e790c12683d911783dc5
SHA1:	6676d5c971389710b5a522b2fc2385a4de29f122
SHA256:	17f1ca3fd8f8f36c1b2585fe38298d69ee693153c950f21f2f224d1555a2ccf7
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Contains symbols with names commonly found in malware

Found strings indicative of a multi-platform dropper

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532147
Start date and time:	2024-10-12 16:27:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	na.elf
Detection:	MAL
Classification:	mal52.linELF@0/0@1/0

Runtime Messages

Command:	/tmp/na.elf
PID:	5490
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

na.elf (PID: 5490, Parent: 5413, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/na.elf

na.elf New Fork (PID: 5492, Parent: 5490)

na.elf New Fork (PID: 5494, Parent: 5492)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf

Virustotal: Detection: 21%

Perma Link

Source: na.elf

String: /lib//sbin//usr//proc//exeself/fd/fd/socket:/proc/proc//exewgetcurlftpmountabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/proc/net/tcp/proc//exe/fd//proc//maps/lib/usr/lib

Source: /tmp/na.elf (PID: 5490)

Socket: 127.0.0.1:45295

Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.234.244.102

Source: global traffic

DNS traffic detected: DNS query: dvrhelpers.su

Source: unknown

Network traffic detected: HTTP traffic on port 46540 -> 443

System Summary

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample	Name: add_attack
Source: ELF static info symbol of initial sample	Name: attack_add_pid
Source: ELF static info symbol of initial sample	Name: attack_init
Source: ELF static info symbol of initial sample	Name: attack_ongoing
Source: ELF static info symbol of initial sample	Name: attack_parse
Source: ELF static info symbol of initial sample	Name: attack_remove_id
Source: ELF static info symbol of initial sample	Name: attack_start
Source: ELF static info symbol of initial sample	Name: attack_stop
Source: ELF static info symbol of initial sample	Name: attacks_ack
Source: ELF static info symbol of initial sample	Name: attacks_gre

Source: classification engine

Classification label: mal52.linELF@0/0@1/0

Source: na.elf	ELF static info symbol of initial sample: /home/landley/aboriginal/aboriginal/build/temp-mipsel/gcc-core/gcc/libgcc2.c
Source: na.elf	ELF static info symbol of initial sample: /home/landley/aboriginal/aboriginal/build/temp-mipsel/gcc-core/gcc/libgcc2.c
Source: na.elf	ELF static info symbol of initial sample: /home/landley/aboriginal/aboriginal/build/temp-mipsel/gcc-core/gcc/libgcc2.h

Source: /tmp/na.elf (PID: 5490)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5490.1.000055c0cfde3000.000055c0cfe6a000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: na.elf, 5490.1.000055c0cfde3000.000055c0cfe6a000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: na.elf, 5490.1.00007ffcd6f70000.00007ffcd6f91000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel
Source: na.elf, 5490.1.00007ffcd6f70000.00007ffcd6f91000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
na.elf	22%	Virustotal		Browse
na.elf	11%	ReversingLabs	Linux.Trojan.DDOSAgent

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
dvrhelpers.su	1%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dvrhelpers.su	unknown	unknown	false	1%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false
172.234.244.102	unknown	United States		20940	AKAMAI-ASN1EU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
185.125.190.26	na.elf	Get hash	malicious	Mirai	Browse
	bash.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	RavHMt492R.elf	Get hash	malicious	Mirai	Browse
	VLi6LJSker.elf	Get hash	malicious	Mirai	Browse
	17CiAkKMyC.elf	Get hash	malicious	Gafgyt, Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	https://uqr.to/rell.com	Get hash	malicious	HTMLPhisher	Browse	172.232.209.99
	quote894590895pdf.exe	Get hash	malicious	FormBook	Browse	172.232.112.221
	SETTLEMENT-2023-165092-SP-21.html	Get hash	malicious	Unknown	Browse	2.16.241.93
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Unknown	Browse	23.215.23.189
	dNBHFhYkoO.elf	Get hash	malicious	Mirai, Okiru	Browse	172.236.97.162
	https://helawok.x-sns.cloud/	Get hash	malicious	HTMLPhisher	Browse	172.233.53.209
	https://anviict.com/?qvtvxymb	Get hash	malicious	HTMLPhisher	Browse	23.10.249.72
	bc3c228ad2c13f96cb14375c3860e802.pdf	Get hash	malicious	Unknown	Browse	95.101.23.155
	original (1).eml	Get hash	malicious	Unknown	Browse	2.20.245.140
	file.exe	Get hash	malicious	LummaC	Browse	23.197.127.21
CANONICAL-ASGB	mhmdm9Hb6i.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	4.681147036477083
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	na.elf
File size:	215'642 bytes
MD5:	455337989426e790c12683d911783dc5
SHA1:	6676d5c971389710b5a522b2fc2385a4de29f122
SHA256:	17f1ca3fd8f8f36c1b2585fe38298d69ee693153c950f21f2f224d1555a2ccf7
SHA512:	0b4daeea6aa568acd56b11446109daa6540c368f38ad5b0ac451060c1e0a1f8a60d3ec3e3cb88b7db7f736775f4a9b26e2d8d2d138168f5b5cca5e50abb6aafb
SSDEEP:	1536:cJwI+ASf6rnirA6r1SXoF2RTZOXT/LVbDrAUCHDqkg8El9gv9rid7OZPJqFRqe:cJwpQBRTgBCeIpi6PJqFRqe
TLSH:	4B2401AA7FA17EBFD80ECD3301958902029DD54953D9AF6FB664C508E78B90E48E3D4C
File Content Preview:	.ELF......................@.4...........4. ...(........p......@...@...........................@...@.P...P.....................C...C......=..........Q.td................................................."D....'...................<0!.'!.............9'.. ....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4002a0
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	197572
Section Header Size:	40
Number of Section Headers:	31
Header String Table Index:	28

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.reginfo	MIPS_REGINFO	0x4000b4	0xb4	0x18	0x18	0x2	A	0	0	4
.init	PROGBITS	0x4000cc	0xcc	0x7c	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x400150	0x150	0x285e0	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x428730	0x28730	0x4c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x428780	0x28780	0x13d0	0x0	0x2	A	0	0	16
.eh_frame	PROGBITS	0x43a000	0x2a000	0x3c	0x0	0x3	WA	0	0	4
.ctors	PROGBITS	0x43a03c	0x2a03c	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x43a044	0x2a044	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x43a04c	0x2a04c	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x43a050	0x2a050	0x30	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x43a080	0x2a080	0x1a0	0x0	0x3	WA	0	0	16
.got	PROGBITS	0x43a220	0x2a220	0x3f4	0x4	0x10000003	WAp	0	0	16
.sdata	PROGBITS	0x43a614	0x2a614	0x4	0x0	0x10000003	WAp	0	0	4
.sbss	NOBITS	0x43a618	0x2a618	0x8	0x0	0x10000003	WAp	0	0	4
.bss	NOBITS	0x43a620	0x2a618	0x37bc	0x0	0x3	WA	0	0	16
.comment	PROGBITS	0x0	0x2a618	0x990	0x0	0x0		0	0	1
.debug_aranges	MIPS_DWARF	0x0	0x2afa8	0x40	0x0	0x0		0	0	1
.debug_pubnames	MIPS_DWARF	0x0	0x2afe8	0x60	0x0	0x0		0	0	1
.debug_info	MIPS_DWARF	0x0	0x2b048	0xd81	0x0	0x0		0	0	1
.debug_abbrev	MIPS_DWARF	0x0	0x2bdc9	0x359	0x0	0x0		0	0	1
.debug_line	MIPS_DWARF	0x0	0x2c122	0x306	0x0	0x0		0	0	1
.debug_frame	MIPS_DWARF	0x0	0x2c428	0x48	0x0	0x0		0	0	4
.debug_str	MIPS_DWARF	0x0	0x2c470	0x145	0x1	0x30	MS	0	0	1
.debug_loc	MIPS_DWARF	0x0	0x2c5b5	0xfec	0x0	0x0		0	0	1
.debug_ranges	MIPS_DWARF	0x0	0x2d5a1	0x288	0x0	0x0		0	0	1
.mdebug.abi32	PROGBITS	0x288	0x2d829	0x0	0x0	0x0		0	0	1
.pdr	PROGBITS	0x0	0x2d82c	0x2a80	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x302ac	0x117	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x3089c	0x2a10	0x10	0x0		30	391	4
.strtab	STRTAB	0x0	0x332ac	0x17ae	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xb4	0x4000b4	0x4000b4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x29b50	0x29b50	4.5491	0x5	R E	0x10000	.reginfo .init .text .fini .rodata
LOAD	0x2a000	0x43a000	0x43a000	0x618	0x3ddc	4.3107	0x6	RW	0x10000	.eh_frame .ctors .dtors .jcr .data.rel.ro .data .got .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000cc	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x400150	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x428730	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x428780	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x43a000	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x43a03c	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x43a044	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x43a04c	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x43a050	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x43a080	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x43a220	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x43a614	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x43a618	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x43a620	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	25
	.symtab	0x288	0	SECTION	<unknown>	DEFAULT	26
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	27
/home/landley/aboriginal/aboriginal/build/temp-mipsel/gcc-core/gcc/libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/aboriginal/aboriginal/build/temp-mipsel/gcc-core/gcc/libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/aboriginal/aboriginal/build/temp-mipsel/gcc-core/gcc/libgcc2.h	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
C.0.3022	.symtab	0x43a058	40	OBJECT	<unknown>	DEFAULT	10
C.10.3318	.symtab	0x428b70	16	OBJECT	<unknown>	DEFAULT	5
C.10.3318	.symtab	0x428bd8	12	OBJECT	<unknown>	DEFAULT	5
C.11.3319	.symtab	0x428b58	24	OBJECT	<unknown>	DEFAULT	5
C.11.3319	.symtab	0x428bc4	20	OBJECT	<unknown>	DEFAULT	5
C.12.3320	.symtab	0x428b40	24	OBJECT	<unknown>	DEFAULT	5
C.12.3320	.symtab	0x428bb0	20	OBJECT	<unknown>	DEFAULT	5
C.18.3339	.symtab	0x428b90	25	OBJECT	<unknown>	DEFAULT	5
C.18.3354	.symtab	0x428b24	16	OBJECT	<unknown>	DEFAULT	5
C.19.3364	.symtab	0x428b14	16	OBJECT	<unknown>	DEFAULT	5
C.22.3386	.symtab	0x428b10	2	OBJECT	<unknown>	DEFAULT	5
C.38.3994	.symtab	0x42878c	8	OBJECT	<unknown>	DEFAULT	5
C.7.3640	.symtab	0x43a050	8	OBJECT	<unknown>	DEFAULT	10
C.9.3317	.symtab	0x428b80	16	OBJECT	<unknown>	DEFAULT	5
C.9.3317	.symtab	0x428be4	12	OBJECT	<unknown>	DEFAULT	5
_DYNAMIC	.symtab	0x0	0	NOTYPE	<unknown>	HIDDEN	SHN_UNDEF
_Exit	.symtab	0x41e840	100	FUNC	<unknown>	HIDDEN	3
_Exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_GLOBAL_OFFSET_TABLE_	.symtab	0x43a220	0	OBJECT	<unknown>	DEFAULT	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__CTOR_END__	.symtab	0x43a040	0	OBJECT	<unknown>	DEFAULT	7
__CTOR_LIST__	.symtab	0x43a03c	0	OBJECT	<unknown>	DEFAULT	7
__DOUBLE_BITS	.symtab	0x423bf0	56	FUNC	<unknown>	DEFAULT	3
__DTOR_END__	.symtab	0x43a048	0	OBJECT	<unknown>	DEFAULT	8
__DTOR_LIST__	.symtab	0x43a044	0	OBJECT	<unknown>	DEFAULT	8
__EH_FRAME_BEGIN__	.symtab	0x43a000	0	OBJECT	<unknown>	DEFAULT	6
__FRAME_END__	.symtab	0x43a038	0	OBJECT	<unknown>	DEFAULT	6
__JCR_END__	.symtab	0x43a04c	0	OBJECT	<unknown>	DEFAULT	9
__JCR_LIST__	.symtab	0x43a04c	0	OBJECT	<unknown>	DEFAULT	9
___environ	.symtab	0x43bb40	4	OBJECT	<unknown>	HIDDEN	15
__aio_close	.symtab	0x41da20	16	FUNC	<unknown>	HIDDEN	3
__block_all_sigs	.symtab	0x418db0	104	FUNC	<unknown>	HIDDEN	3
__block_app_sigs	.symtab	0x418e88	104	FUNC	<unknown>	HIDDEN	3
__bss_start	.symtab	0x43a618	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bswap_16	.symtab	0x417518	76	FUNC	<unknown>	DEFAULT	3
__bswap_16	.symtab	0x4182b8	76	FUNC	<unknown>	DEFAULT	3
__bswap_32	.symtab	0x41743c	84	FUNC	<unknown>	DEFAULT	3
__bswap_32	.symtab	0x4181dc	84	FUNC	<unknown>	DEFAULT	3
__clock_gettime	.symtab	0x41d954	80	FUNC	<unknown>	HIDDEN	3
__clz_tab	.symtab	0x429a50	256	OBJECT	<unknown>	HIDDEN	5
__copy_tls	.symtab	0x41e2c4	356	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__do_global_ctors_aux	.symtab	0x4286c0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x400150	0	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x43a614	0	OBJECT	<unknown>	HIDDEN	13
__environ	.symtab	0x43bb40	4	OBJECT	<unknown>	HIDDEN	15
__environ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__errno_location	.symtab	0x412cc0	68	FUNC	<unknown>	HIDDEN	3
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__expand_heap	.symtab	0x4203a8	876	FUNC	<unknown>	HIDDEN	3
__fini_array_end	.symtab	0x43a03c	0	NOTYPE	<unknown>	HIDDEN	7
__fini_array_start	.symtab	0x43a03c	0	NOTYPE	<unknown>	HIDDEN	7
__fork_handler	.symtab	0x418b70	12	FUNC	<unknown>	HIDDEN	3
__funcs_on_exit	.symtab	0x412d10	8	FUNC	<unknown>	HIDDEN	3
__fwritex	.symtab	0x426c30	596	FUNC	<unknown>	HIDDEN	3
__get_handler_set	.symtab	0x420760	84	FUNC	<unknown>	HIDDEN	3
__hwcap	.symtab	0x43a618	4	OBJECT	<unknown>	HIDDEN	14
__inet_aton	.symtab	0x4175f0	732	FUNC	<unknown>	HIDDEN	3
__init_array_end	.symtab	0x43a03c	0	NOTYPE	<unknown>	HIDDEN	7
__init_array_start	.symtab	0x43a03c	0	NOTYPE	<unknown>	HIDDEN	7
__init_libc	.symtab	0x4126b4	1044	FUNC	<unknown>	DEFAULT	3
__init_ssp	.symtab	0x4126a8	12	FUNC	<unknown>	HIDDEN	3
__init_tls	.symtab	0x41e428	836	FUNC	<unknown>	HIDDEN	3
__init_tls.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_tp	.symtab	0x41e160	284	FUNC	<unknown>	DEFAULT	3
__intscan	.symtab	0x41e8f0	5120	FUNC	<unknown>	HIDDEN	3
__isspace	.symtab	0x41985c	84	FUNC	<unknown>	DEFAULT	3
__isspace	.symtab	0x41fcf0	84	FUNC	<unknown>	DEFAULT	3
__lctrans	.symtab	0x4264f4	76	FUNC	<unknown>	HIDDEN	3
__lctrans.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lctrans_cur	.symtab	0x426540	108	FUNC	<unknown>	HIDDEN	3
__lctrans_impl	.symtab	0x4264e0	20	FUNC	<unknown>	HIDDEN	3
__libc	.symtab	0x43dd98	52	OBJECT	<unknown>	HIDDEN	15
__libc_sigaction	.symtab	0x4207b4	852	FUNC	<unknown>	HIDDEN	3
__libc_start_main	.symtab	0x412ba0	288	FUNC	<unknown>	HIDDEN	3
__libc_start_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lock	.symtab	0x41cd80	164	FUNC	<unknown>	HIDDEN	3
__lock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lockfile	.symtab	0x4266b0	260	FUNC	<unknown>	HIDDEN	3
__lockfile.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__madvise	.symtab	0x4169a0	124	FUNC	<unknown>	HIDDEN	3
__malloc0	.symtab	0x415778	248	FUNC	<unknown>	HIDDEN	3
__mmap	.symtab	0x416a98	392	FUNC	<unknown>	HIDDEN	3
__mremap	.symtab	0x416ce0	180	FUNC	<unknown>	HIDDEN	3
__munmap	.symtab	0x416e58	136	FUNC	<unknown>	HIDDEN	3
__ofl_lock	.symtab	0x4279b0	88	FUNC	<unknown>	HIDDEN	3
__ofl_unlock	.symtab	0x427a08	72	FUNC	<unknown>	HIDDEN	3
__progname	.symtab	0x43b6e0	4	OBJECT	<unknown>	HIDDEN	15
__progname_full	.symtab	0x43b6e4	4	OBJECT	<unknown>	HIDDEN	15
__pthread_self	.symtab	0x412d04	12	FUNC	<unknown>	DEFAULT	3
__pthread_self	.symtab	0x418cd0	12	FUNC	<unknown>	DEFAULT	3
__pthread_self	.symtab	0x4264d4	12	FUNC	<unknown>	DEFAULT	3
__pthread_self	.symtab	0x4265ac	12	FUNC	<unknown>	DEFAULT	3
__pthread_self	.symtab	0x4267b4	12	FUNC	<unknown>	DEFAULT	3
__pthread_self	.symtab	0x427600	12	FUNC	<unknown>	DEFAULT	3
__register_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__restore	.symtab	0x4266a8	0	FUNC	<unknown>	DEFAULT	3
__restore_rt	.symtab	0x4266a0	0	FUNC	<unknown>	DEFAULT	3
__restore_sigs	.symtab	0x418ef0	96	FUNC	<unknown>	HIDDEN	3
__set_thread_area	.symtab	0x4261e0	80	FUNC	<unknown>	HIDDEN	3
__set_thread_area.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__shgetc	.symtab	0x41fe84	892	FUNC	<unknown>	HIDDEN	3
__shlim	.symtab	0x41fd50	308	FUNC	<unknown>	HIDDEN	3
__sigaction	.symtab	0x420c14	164	FUNC	<unknown>	HIDDEN	3
__simple_malloc	.symtab	0x413840	660	FUNC	<unknown>	HIDDEN	3
__start	.symtab	0x4002a0	0	FUNC	<unknown>	DEFAULT	3
__static_tls	.symtab	0x43ddcc	16	OBJECT	<unknown>	HIDDEN	15
__stderr_used	.symtab	0x43bca0	4	OBJECT	<unknown>	HIDDEN	15
__stdin_used	.symtab	0x43bca0	4	OBJECT	<unknown>	HIDDEN	15
__stdio_exit	.symtab	0x427754	236	FUNC	<unknown>	HIDDEN	3
__stdio_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdio_exit_needed	.symtab	0x427754	236	FUNC	<unknown>	HIDDEN	3
__stdout_used	.symtab	0x43bca0	4	OBJECT	<unknown>	HIDDEN	15
__stpcpy	.symtab	0x425880	468	FUNC	<unknown>	HIDDEN	3
__stpncpy	.symtab	0x425a60	636	FUNC	<unknown>	HIDDEN	3
__strchrnul	.symtab	0x425d70	584	FUNC	<unknown>	HIDDEN	3
__strerror_l	.symtab	0x426300	368	FUNC	<unknown>	HIDDEN	3
__strtoimax_internal	.symtab	0x419ba8	84	FUNC	<unknown>	HIDDEN	3
__strtol_internal	.symtab	0x419b3c	108	FUNC	<unknown>	HIDDEN	3
__strtoll_internal	.symtab	0x419a64	108	FUNC	<unknown>	HIDDEN	3
__strtoul_internal	.symtab	0x419ad0	108	FUNC	<unknown>	HIDDEN	3
__strtoull_internal	.symtab	0x4199f8	108	FUNC	<unknown>	HIDDEN	3
__strtoumax_internal	.symtab	0x419bfc	84	FUNC	<unknown>	HIDDEN	3
__syscall	.symtab	0x420200	0	FUNC	<unknown>	HIDDEN	3
__syscall0	.symtab	0x418cdc	64	FUNC	<unknown>	DEFAULT	3
__syscall0	.symtab	0x41dc14	64	FUNC	<unknown>	DEFAULT	3
__syscall0	.symtab	0x41dca4	64	FUNC	<unknown>	DEFAULT	3
__syscall0	.symtab	0x41df0c	64	FUNC	<unknown>	DEFAULT	3
__syscall1	.symtab	0x412444	72	FUNC	<unknown>	DEFAULT	3
__syscall1	.symtab	0x4132a8	72	FUNC	<unknown>	DEFAULT	3
__syscall1	.symtab	0x41e27c	72	FUNC	<unknown>	DEFAULT	3
__syscall1	.symtab	0x41e8a4	72	FUNC	<unknown>	DEFAULT	3
__syscall1	.symtab	0x420714	72	FUNC	<unknown>	DEFAULT	3
__syscall1	.symtab	0x426230	72	FUNC	<unknown>	DEFAULT	3
__syscall2	.symtab	0x412b34	92	FUNC	<unknown>	DEFAULT	3
__syscall2	.symtab	0x416ee0	92	FUNC	<unknown>	DEFAULT	3
__syscall2	.symtab	0x418fbc	92	FUNC	<unknown>	DEFAULT	3
__syscall2	.symtab	0x419334	92	FUNC	<unknown>	DEFAULT	3
__syscall2	.symtab	0x41d8f8	92	FUNC	<unknown>	DEFAULT	3
__syscall2	.symtab	0x41db68	92	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x412628	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x412ac8	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x4132f0	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x4134a0	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x41419c	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x416a1c	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x41891c	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x418afc	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x41d01c	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x41de3c	108	FUNC	<unknown>	DEFAULT	3
__syscall3	.symtab	0x4269c0	108	FUNC	<unknown>	DEFAULT	3
__syscall4	.symtab	0x418e18	112	FUNC	<unknown>	DEFAULT	3
__syscall4	.symtab	0x41d444	112	FUNC	<unknown>	DEFAULT	3
__syscall4	.symtab	0x41d5fc	112	FUNC	<unknown>	DEFAULT	3
__syscall4	.symtab	0x420ba4	112	FUNC	<unknown>	DEFAULT	3
__syscall5	.symtab	0x4136a4	176	FUNC	<unknown>	DEFAULT	3
__syscall5	.symtab	0x416d94	176	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x416c20	188	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x416fc8	188	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x4171a8	188	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x4172fc	188	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x41809c	188	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x41859c	188	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x418860	188	FUNC	<unknown>	DEFAULT	3
__syscall6	.symtab	0x41e76c	188	FUNC	<unknown>	DEFAULT	3
__syscall_cp	.symtab	0x41d110	128	FUNC	<unknown>	HIDDEN	3
__syscall_cp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_cp_c	.symtab	0x41d090	128	FUNC	<unknown>	HIDDEN	3
__syscall_ret	.symtab	0x413510	136	FUNC	<unknown>	HIDDEN	3
__sysinfo	.symtab	0x43a61c	4	OBJECT	<unknown>	HIDDEN	14
__sysv_signal	.symtab	0x419150	188	FUNC	<unknown>	HIDDEN	3
__toread	.symtab	0x426a30	448	FUNC	<unknown>	HIDDEN	3
__toread.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__toread_needs_stdio_exit	.symtab	0x426bf0	60	FUNC	<unknown>	HIDDEN	3
__towrite	.symtab	0x427840	304	FUNC	<unknown>	HIDDEN	3
__towrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__towrite_needs_stdio_exit	.symtab	0x427970	60	FUNC	<unknown>	HIDDEN	3
__udivdi3	.symtab	0x427a50	1564	FUNC	<unknown>	HIDDEN	3
__uflow	.symtab	0x420cc0	164	FUNC	<unknown>	PROTECTED	3
__uflow.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__umoddi3	.symtab	0x428070	1604	FUNC	<unknown>	HIDDEN	3
__unlock	.symtab	0x41ce74	164	FUNC	<unknown>	HIDDEN	3
__unlockfile	.symtab	0x42681c	160	FUNC	<unknown>	HIDDEN	3
__vm_wait	.symtab	0x416a90	8	FUNC	<unknown>	HIDDEN	3
__wait	.symtab	0x41d190	456	FUNC	<unknown>	HIDDEN	3
__wait.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__wake	.symtab	0x4140c0	220	FUNC	<unknown>	DEFAULT	3
__wake	.symtab	0x41cf40	220	FUNC	<unknown>	DEFAULT	3
__wake	.symtab	0x4268e4	220	FUNC	<unknown>	DEFAULT	3
_atoi	.symtab	0x411064	204	FUNC	<unknown>	DEFAULT	3
_edata	.symtab	0x43a618	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x43dddc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_environ	.symtab	0x43bb40	4	OBJECT	<unknown>	HIDDEN	15
_fbss	.symtab	0x43a618	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_fdata	.symtab	0x43a080	0	NOTYPE	<unknown>	DEFAULT	11
_fini	.symtab	0x428730	0	FUNC	<unknown>	DEFAULT	4
_ftext	.symtab	0x400150	0	NOTYPE	<unknown>	DEFAULT	3
_gp	.symtab	0x442210	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_gp_disp	.symtab	0x0	0	OBJECT	<unknown>	DEFAULT	SHN_UNDEF
_init	.symtab	0x4000cc	0	FUNC	<unknown>	DEFAULT	2
_start	.symtab	0x4002a0	0	FUNC	<unknown>	DEFAULT	3
_start_c	.symtab	0x4002e0	112	FUNC	<unknown>	DEFAULT	3
_start_data	.symtab	0x4002a8	0	FUNC	<unknown>	DEFAULT	3
a_and	.symtab	0x414584	68	FUNC	<unknown>	DEFAULT	3
a_and_64	.symtab	0x4144d8	172	FUNC	<unknown>	DEFAULT	3
a_barrier	.symtab	0x41d358	84	FUNC	<unknown>	DEFAULT	3
a_cas	.symtab	0x41d3ac	92	FUNC	<unknown>	DEFAULT	3
a_cas	.symtab	0x4267c0	92	FUNC	<unknown>	DEFAULT	3
a_crash	.symtab	0x412b90	16	FUNC	<unknown>	DEFAULT	3
a_crash	.symtab	0x415dc8	16	FUNC	<unknown>	DEFAULT	3
a_crash	.symtab	0x41e828	16	FUNC	<unknown>	DEFAULT	3
a_ctz_64	.symtab	0x413b30	176	FUNC	<unknown>	DEFAULT	3
a_ctz_l	.symtab	0x413be0	88	FUNC	<unknown>	DEFAULT	3
a_dec	.symtab	0x41d4b4	60	FUNC	<unknown>	DEFAULT	3
a_inc	.symtab	0x41d408	60	FUNC	<unknown>	DEFAULT	3
a_or	.symtab	0x416958	68	FUNC	<unknown>	DEFAULT	3
a_or	.symtab	0x420b60	68	FUNC	<unknown>	DEFAULT	3
a_or_64	.symtab	0x4168ac	172	FUNC	<unknown>	DEFAULT	3
a_or_l	.symtab	0x420b08	88	FUNC	<unknown>	DEFAULT	3
a_store	.symtab	0x414098	40	FUNC	<unknown>	DEFAULT	3
a_store	.symtab	0x41cf18	40	FUNC	<unknown>	DEFAULT	3
a_store	.symtab	0x4268bc	40	FUNC	<unknown>	DEFAULT	3
a_swap	.symtab	0x414048	80	FUNC	<unknown>	DEFAULT	3
a_swap	.symtab	0x41ce24	80	FUNC	<unknown>	DEFAULT	3
ack.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
add_attack	.symtab	0x4038a4	292	FUNC	<unknown>	DEFAULT	3
add_entry	.symtab	0x41207c	232	FUNC	<unknown>	DEFAULT	3
adjust_size	.symtab	0x414208	244	FUNC	<unknown>	DEFAULT	3
all_mask	.symtab	0x428e00	8	OBJECT	<unknown>	DEFAULT	5
alloc_fwd	.symtab	0x4145c8	872	FUNC	<unknown>	DEFAULT	3
alloc_rev	.symtab	0x414930	900	FUNC	<unknown>	DEFAULT	3
app_mask	.symtab	0x428e08	16	OBJECT	<unknown>	DEFAULT	5
atoi	.symtab	0x4196e0	380	FUNC	<unknown>	HIDDEN	3
atoi.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_add_pid	.symtab	0x402ab0	200	FUNC	<unknown>	DEFAULT	3
attack_init	.symtab	0x4026c0	444	FUNC	<unknown>	DEFAULT	3
attack_ongoing	.symtab	0x43a658	80	OBJECT	<unknown>	DEFAULT	15
attack_parse	.symtab	0x402c34	1552	FUNC	<unknown>	DEFAULT	3
attack_remove_id	.symtab	0x402b78	188	FUNC	<unknown>	DEFAULT	3
attack_start	.symtab	0x403244	628	FUNC	<unknown>	DEFAULT	3
attack_stop	.symtab	0x40287c	564	FUNC	<unknown>	DEFAULT	3
attacks_ack	.symtab	0x4042a0	2664	FUNC	<unknown>	DEFAULT	3
attacks_gre	.symtab	0x404d10	2148	FUNC	<unknown>	DEFAULT	3
attacks_icmp	.symtab	0x405580	2012	FUNC	<unknown>	DEFAULT	3
attacks_raknet	.symtab	0x405d60	3284	FUNC	<unknown>	DEFAULT	3
attacks_rand	.symtab	0x406a40	2096	FUNC	<unknown>	DEFAULT	3
attacks_socket	.symtab	0x407334	2376	FUNC	<unknown>	DEFAULT	3
attacks_std	.symtab	0x407c80	2192	FUNC	<unknown>	DEFAULT	3
attacks_stomp	.symtab	0x408510	3976	FUNC	<unknown>	DEFAULT	3
attacks_tfo	.symtab	0x4094a0	3308	FUNC	<unknown>	DEFAULT	3
attacks_udp	.symtab	0x40a190	2684	FUNC	<unknown>	DEFAULT	3
attacks_vse	.symtab	0x40ac10	2688	FUNC	<unknown>	DEFAULT	3
attacks_wra	.symtab	0x40b690	3196	FUNC	<unknown>	DEFAULT	3
authenticate	.symtab	0x40171c	464	FUNC	<unknown>	DEFAULT	3
bin_index	.symtab	0x413c38	156	FUNC	<unknown>	DEFAULT	3
bin_index_up	.symtab	0x413cd4	128	FUNC	<unknown>	DEFAULT	3
bind	.symtab	0x416f40	136	FUNC	<unknown>	HIDDEN	3
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
block.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk.1741	.symtab	0x43bc74	4	OBJECT	<unknown>	DEFAULT	15
bsd_signal	.symtab	0x419150	188	FUNC	<unknown>	HIDDEN	3
builtin_tls	.symtab	0x43bb50	288	OBJECT	<unknown>	DEFAULT	15
calloc	.symtab	0x413760	212	FUNC	<unknown>	HIDDEN	3
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
check_conn	.symtab	0x407270	196	FUNC	<unknown>	DEFAULT	3
check_proc	.symtab	0x40d67c	980	FUNC	<unknown>	DEFAULT	3
checksum	.symtab	0x40dc70	324	FUNC	<unknown>	DEFAULT	3
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock	.symtab	0x41d670	320	FUNC	<unknown>	HIDDEN	3
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_gettime	.symtab	0x41d954	80	FUNC	<unknown>	HIDDEN	3
clock_gettime.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x41da30	176	FUNC	<unknown>	HIDDEN	3
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close_file	.symtab	0x427610	324	FUNC	<unknown>	DEFAULT	3
closedir	.symtab	0x4122e0	116	FUNC	<unknown>	HIDDEN	3
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cnc_ports	.symtab	0x43a094	24	OBJECT	<unknown>	DEFAULT	11
command_parse	.symtab	0x400350	1168	FUNC	<unknown>	DEFAULT	3
completed.3873	.symtab	0x43a620	1	OBJECT	<unknown>	DEFAULT	15
conn	.symtab	0x43bcc0	8368	OBJECT	<unknown>	DEFAULT	15
connect	.symtab	0x417090	132	FUNC	<unknown>	HIDDEN	3
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crt1.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cur.1534	.symtab	0x43b6fc	4	OBJECT	<unknown>	DEFAULT	15
debruijn32.1896	.symtab	0x428d80	32	OBJECT	<unknown>	DEFAULT	5
dummy	.symtab	0x4126a0	8	FUNC	<unknown>	DEFAULT	3
dummy	.symtab	0x412d10	8	FUNC	<unknown>	DEFAULT	3
dummy	.symtab	0x416a90	8	FUNC	<unknown>	DEFAULT	3
dummy	.symtab	0x416e50	8	FUNC	<unknown>	DEFAULT	3
dummy	.symtab	0x418b70	12	FUNC	<unknown>	DEFAULT	3
dummy	.symtab	0x41da20	16	FUNC	<unknown>	DEFAULT	3
dummy	.symtab	0x4264e0	20	FUNC	<unknown>	DEFAULT	3
dummy1	.symtab	0x4126a8	12	FUNC	<unknown>	DEFAULT	3
dummy_file	.symtab	0x43bca0	4	OBJECT	<unknown>	DEFAULT	15
dup2	.symtab	0x41dae0	136	FUNC	<unknown>	HIDDEN	3
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
end.1535	.symtab	0x43b6f8	4	OBJECT	<unknown>	DEFAULT	15
end.3226	.symtab	0x43b700	4	OBJECT	<unknown>	DEFAULT	15
environ	.symtab	0x43bb40	4	OBJECT	<unknown>	HIDDEN	15
errid	.symtab	0x4292d0	88	OBJECT	<unknown>	DEFAULT	5
errmsg	.symtab	0x429328	1804	OBJECT	<unknown>	DEFAULT	5
esi_fd	.symtab	0x43a0ac	4	OBJECT	<unknown>	DEFAULT	11
exe_access	.symtab	0x40d100	484	FUNC	<unknown>	DEFAULT	3
execve	.symtab	0x418a80	124	FUNC	<unknown>	HIDDEN	3
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x412d18	216	FUNC	<unknown>	HIDDEN	3
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
expand_heap	.symtab	0x413d54	756	FUNC	<unknown>	DEFAULT	3
expand_heap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x412df0	1208	FUNC	<unknown>	HIDDEN	3
fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
first_set	.symtab	0x413ae0	80	FUNC	<unknown>	DEFAULT	3
fmt_fp	.symtab	0x4215e0	9744	FUNC	<unknown>	DEFAULT	3
fmt_o	.symtab	0x4213b0	152	FUNC	<unknown>	DEFAULT	3
fmt_u	.symtab	0x421448	408	FUNC	<unknown>	DEFAULT	3
fmt_x	.symtab	0x4212e4	204	FUNC	<unknown>	DEFAULT	3
fork	.symtab	0x418b7c	340	FUNC	<unknown>	HIDDEN	3
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fourbyte_strstr	.symtab	0x41bdf4	408	FUNC	<unknown>	DEFAULT	3
frame_dummy	.symtab	0x40020c	0	FUNC	<unknown>	DEFAULT	3
free	.symtab	0x415dd8	2772	FUNC	<unknown>	HIDDEN	3
free_opts	.symtab	0x4039c8	260	FUNC	<unknown>	DEFAULT	3
frexp	.symtab	0x426fc0	520	FUNC	<unknown>	HIDDEN	3
frexp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frexpl	.symtab	0x4265c0	96	FUNC	<unknown>	HIDDEN	3
frexpl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite	.symtab	0x426e84	316	FUNC	<unknown>	HIDDEN	3
fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x426e84	316	FUNC	<unknown>	HIDDEN	3
get_local_addr	.symtab	0x411940	312	FUNC	<unknown>	DEFAULT	3
getint	.symtab	0x423c28	164	FUNC	<unknown>	DEFAULT	3
getpid	.symtab	0x41dbd0	68	FUNC	<unknown>	HIDDEN	3
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x41dc60	68	FUNC	<unknown>	HIDDEN	3
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x417120	136	FUNC	<unknown>	HIDDEN	3
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x417270	140	FUNC	<unknown>	HIDDEN	3
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gre.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
handler_set	.symtab	0x43bc84	16	OBJECT	<unknown>	DEFAULT	15
head	.symtab	0x43a6b0	4	OBJECT	<unknown>	DEFAULT	15
heap_lock.3225	.symtab	0x43b704	8	OBJECT	<unknown>	DEFAULT	15
htonl	.symtab	0x4173c0	124	FUNC	<unknown>	HIDDEN	3
htonl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
htons	.symtab	0x417490	136	FUNC	<unknown>	HIDDEN	3
htons.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
icmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_addr	.symtab	0x417570	116	FUNC	<unknown>	HIDDEN	3
inet_addr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_aton	.symtab	0x4175f0	732	FUNC	<unknown>	HIDDEN	3
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x4178d0	1872	FUNC	<unknown>	HIDDEN	3
inet_ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
intscan.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x418f50	108	FUNC	<unknown>	HIDDEN	3
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_add_process	.symtab	0x40c4fc	172	FUNC	<unknown>	DEFAULT	3
killer_check_paths	.symtab	0x40c310	308	FUNC	<unknown>	DEFAULT	3
killer_find_realpath	.symtab	0x40c5a8	268	FUNC	<unknown>	DEFAULT	3
killer_pid	.symtab	0x43a644	4	OBJECT	<unknown>	DEFAULT	15
killer_realpath	.symtab	0x43a6c4	4096	OBJECT	<unknown>	DEFAULT	15
killer_shoot_list	.symtab	0x40c6b4	796	FUNC	<unknown>	DEFAULT	3
killer_start	.symtab	0x40c9d0	1840	FUNC	<unknown>	DEFAULT	3
killer_vanish_list	.symtab	0x40c444	184	FUNC	<unknown>	DEFAULT	3
libc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listen	.symtab	0x418020	124	FUNC	<unknown>	HIDDEN	3
listen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lite_malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lock.1536	.symtab	0x43b6f0	8	OBJECT	<unknown>	DEFAULT	15
locker.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
locker_find	.symtab	0x40d2e4	276	FUNC	<unknown>	DEFAULT	3
locker_getpids	.symtab	0x40d530	332	FUNC	<unknown>	DEFAULT	3
locker_init	.symtab	0x40da50	532	FUNC	<unknown>	DEFAULT	3
locker_insert	.symtab	0x40d3f8	312	FUNC	<unknown>	DEFAULT	3
locker_pid	.symtab	0x43a640	4	OBJECT	<unknown>	DEFAULT	15
locker_process	.symtab	0x401d84	336	FUNC	<unknown>	DEFAULT	3
locker_status	.symtab	0x43a648	1	OBJECT	<unknown>	DEFAULT	15
madvise	.symtab	0x4169a0	124	FUNC	<unknown>	HIDDEN	3
madvise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
main	.symtab	0x402250	1132	FUNC	<unknown>	DEFAULT	3
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
main_check_connection	.symtab	0x40104c	352	FUNC	<unknown>	DEFAULT	3
main_disconnect_connection	.symtab	0x4011ac	296	FUNC	<unknown>	DEFAULT	3
main_handle_connection	.symtab	0x4018ec	1004	FUNC	<unknown>	DEFAULT	3
main_make_connection	.symtab	0x4007e0	2156	FUNC	<unknown>	DEFAULT	3
main_read_connection	.symtab	0x401640	220	FUNC	<unknown>	DEFAULT	3
main_read_data	.symtab	0x4012d4	692	FUNC	<unknown>	DEFAULT	3
mal	.symtab	0x43b710	1040	OBJECT	<unknown>	DEFAULT	15
malloc	.symtab	0x41503c	1852	FUNC	<unknown>	HIDDEN	3
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x425650	560	FUNC	<unknown>	HIDDEN	3
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcmp	.symtab	0x419c50	236	FUNC	<unknown>	HIDDEN	3
memcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x419d40	4244	FUNC	<unknown>	HIDDEN	3
memcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memmove	.symtab	0x41ade0	984	FUNC	<unknown>	HIDDEN	3
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x41b1c0	1368	FUNC	<unknown>	HIDDEN	3
memset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
methods	.symtab	0x43a654	4	OBJECT	<unknown>	DEFAULT	15
methods_len	.symtab	0x43a650	1	OBJECT	<unknown>	DEFAULT	15
mmap	.symtab	0x416a98	392	FUNC	<unknown>	HIDDEN	3
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mmap64	.symtab	0x416a98	392	FUNC	<unknown>	HIDDEN	3
mmap_step.1742	.symtab	0x43bc70	4	OBJECT	<unknown>	DEFAULT	15
mremap	.symtab	0x416ce0	180	FUNC	<unknown>	HIDDEN	3
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x416e58	136	FUNC	<unknown>	HIDDEN	3
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
nanosleep	.symtab	0x426280	128	FUNC	<unknown>	HIDDEN	3
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohl	.symtab	0x418160	124	FUNC	<unknown>	HIDDEN	3
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x418230	136	FUNC	<unknown>	HIDDEN	3
ntohs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
number	.symtab	0x43a090	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a0b0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a0c0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a0d0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a0e0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a0f0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a100	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a110	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a120	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a130	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a140	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a150	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a160	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a170	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a180	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a190	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a1a0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a1b0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a1c0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a1d0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a1e0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a1f0	4	OBJECT	<unknown>	DEFAULT	11
number	.symtab	0x43a200	4	OBJECT	<unknown>	DEFAULT	11
object.3885	.symtab	0x43a624	24	OBJECT	<unknown>	DEFAULT	15
ofl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ofl_head	.symtab	0x43bcb0	4	OBJECT	<unknown>	DEFAULT	15
ofl_lock	.symtab	0x43bcb4	8	OBJECT	<unknown>	DEFAULT	15
open	.symtab	0x413360	320	FUNC	<unknown>	HIDDEN	3
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
open64	.symtab	0x413360	320	FUNC	<unknown>	HIDDEN	3
opendir	.symtab	0x412360	228	FUNC	<unknown>	HIDDEN	3
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
options_hex	.symtab	0x40365c	584	FUNC	<unknown>	DEFAULT	3
options_int	.symtab	0x403594	200	FUNC	<unknown>	DEFAULT	3
options_str	.symtab	0x4034b8	220	FUNC	<unknown>	DEFAULT	3
out	.symtab	0x42110c	120	FUNC	<unknown>	DEFAULT	3
p.1172	.symtab	0x43bb30	4	OBJECT	<unknown>	DEFAULT	15
p.3871	.symtab	0x43a080	0	OBJECT	<unknown>	DEFAULT	11
pad	.symtab	0x421184	352	FUNC	<unknown>	DEFAULT	3
parse.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pipe	.symtab	0x41dcf0	0	FUNC	<unknown>	DEFAULT	3
pop_arg	.symtab	0x420d70	924	FUNC	<unknown>	DEFAULT	3
prctl	.symtab	0x4135a0	260	FUNC	<unknown>	HIDDEN	3
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pretrim	.symtab	0x414cb4	592	FUNC	<unknown>	DEFAULT	3
printf_core	.symtab	0x423ccc	5696	FUNC	<unknown>	DEFAULT	3
profiles.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
program_invocation_name	.symtab	0x43b6e4	4	OBJECT	<unknown>	HIDDEN	15
program_invocation_short_name	.symtab	0x43b6e0	4	OBJECT	<unknown>	HIDDEN	15
pthread_sigmask	.symtab	0x41d4f0	268	FUNC	<unknown>	HIDDEN	3
pthread_sigmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
raknet.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x4189cc	172	FUNC	<unknown>	HIDDEN	3
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_domain	.symtab	0x40e59c	328	FUNC	<unknown>	DEFAULT	3
rand_init	.symtab	0x40e380	248	FUNC	<unknown>	DEFAULT	3
rand_next	.symtab	0x40e478	292	FUNC	<unknown>	DEFAULT	3
rand_num	.symtab	0x40e6e4	148	FUNC	<unknown>	DEFAULT	3
rand_str	.symtab	0x40e778	348	FUNC	<unknown>	DEFAULT	3
read	.symtab	0x41dd30	132	FUNC	<unknown>	HIDDEN	3
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir	.symtab	0x412490	408	FUNC	<unknown>	HIDDEN	3
readdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir64	.symtab	0x412490	408	FUNC	<unknown>	HIDDEN	3
readlink	.symtab	0x41ddc0	124	FUNC	<unknown>	HIDDEN	3
readlink.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x415870	1368	FUNC	<unknown>	HIDDEN	3
recv	.symtab	0x418310	100	FUNC	<unknown>	HIDDEN	3
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvfrom	.symtab	0x418380	144	FUNC	<unknown>	HIDDEN	3
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_domain_to_hostname	.symtab	0x40e8e0	360	FUNC	<unknown>	DEFAULT	3
resolv_entries_free	.symtab	0x40f704	164	FUNC	<unknown>	DEFAULT	3
resolv_lookup	.symtab	0x40eb8c	2936	FUNC	<unknown>	DEFAULT	3
resolv_skip_name	.symtab	0x40ea48	324	FUNC	<unknown>	DEFAULT	3
resolver.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
root	.symtab	0x43a6c0	4	OBJECT	<unknown>	DEFAULT	15
sc_clock_gettime	.symtab	0x41d7b0	328	FUNC	<unknown>	DEFAULT	3
sccp	.symtab	0x41d090	128	FUNC	<unknown>	DEFAULT	3
seed	.symtab	0x43bb20	8	OBJECT	<unknown>	DEFAULT	15
select	.symtab	0x418d20	136	FUNC	<unknown>	HIDDEN	3
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
select_profile	.symtab	0x403ad0	1996	FUNC	<unknown>	DEFAULT	3
send	.symtab	0x418410	100	FUNC	<unknown>	HIDDEN	3
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send_heartbeat	.symtab	0x401588	184	FUNC	<unknown>	DEFAULT	3
sendto	.symtab	0x418480	144	FUNC	<unknown>	HIDDEN	3
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0x41deb0	92	FUNC	<unknown>	HIDDEN	3
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x418510	140	FUNC	<unknown>	HIDDEN	3
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
shgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaction	.symtab	0x420c14	164	FUNC	<unknown>	HIDDEN	3
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x419020	236	FUNC	<unknown>	HIDDEN	3
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x419110	64	FUNC	<unknown>	HIDDEN	3
sigemptyset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x419150	188	FUNC	<unknown>	HIDDEN	3
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x419210	172	FUNC	<unknown>	HIDDEN	3
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
single_instance	.symtab	0x401ed4	892	FUNC	<unknown>	DEFAULT	3
sleep	.symtab	0x41df50	132	FUNC	<unknown>	HIDDEN	3
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sn_write	.symtab	0x419400	220	FUNC	<unknown>	DEFAULT	3
snprintf	.symtab	0x419390	112	FUNC	<unknown>	HIDDEN	3
snprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x418660	512	FUNC	<unknown>	HIDDEN	3
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x418990	60	FUNC	<unknown>	HIDDEN	3
start_killer_pid	.symtab	0x401cd8	172	FUNC	<unknown>	DEFAULT	3
stat	.symtab	0x4192c0	116	FUNC	<unknown>	HIDDEN	3
stat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stat64	.symtab	0x4192c0	116	FUNC	<unknown>	HIDDEN	3
states	.symtab	0x428f30	464	OBJECT	<unknown>	DEFAULT	5
std.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stomp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stpcpy	.symtab	0x425880	468	FUNC	<unknown>	HIDDEN	3
stpcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stpncpy	.symtab	0x425a60	636	FUNC	<unknown>	HIDDEN	3
stpncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x425ce0	140	FUNC	<unknown>	HIDDEN	3
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchrnul	.symtab	0x425d70	584	FUNC	<unknown>	HIDDEN	3
strchrnul.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcpy	.symtab	0x41b720	80	FUNC	<unknown>	HIDDEN	3
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcspn	.symtab	0x425fc0	532	FUNC	<unknown>	HIDDEN	3
strcspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror	.symtab	0x426470	100	FUNC	<unknown>	HIDDEN	3
strerror.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_l	.symtab	0x426300	368	FUNC	<unknown>	HIDDEN	3
strlen	.symtab	0x41b770	316	FUNC	<unknown>	HIDDEN	3
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x41b8b0	88	FUNC	<unknown>	HIDDEN	3
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x41b910	532	FUNC	<unknown>	HIDDEN	3
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x41c9a0	608	FUNC	<unknown>	HIDDEN	3
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoimax	.symtab	0x419ba8	84	FUNC	<unknown>	HIDDEN	3
strtok	.symtab	0x41cc00	384	FUNC	<unknown>	HIDDEN	3
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x419b3c	108	FUNC	<unknown>	HIDDEN	3
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoll	.symtab	0x419a64	108	FUNC	<unknown>	HIDDEN	3
strtoul	.symtab	0x419ad0	108	FUNC	<unknown>	HIDDEN	3
strtoull	.symtab	0x4199f8	108	FUNC	<unknown>	HIDDEN	3
strtoumax	.symtab	0x419bfc	84	FUNC	<unknown>	HIDDEN	3
strtox	.symtab	0x4198b0	328	FUNC	<unknown>	DEFAULT	3
syscall_ret.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table	.symtab	0x428e20	257	OBJECT	<unknown>	DEFAULT	5
table	.symtab	0x43dd70	40	OBJECT	<unknown>	DEFAULT	15
table.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table_init	.symtab	0x411da0	232	FUNC	<unknown>	DEFAULT	3
table_key	.symtab	0x43a204	16	OBJECT	<unknown>	DEFAULT	11
table_lock_val	.symtab	0x411f0c	132	FUNC	<unknown>	DEFAULT	3
table_retrieve_val	.symtab	0x411f90	236	FUNC	<unknown>	DEFAULT	3
table_unlock_val	.symtab	0x411e88	132	FUNC	<unknown>	DEFAULT	3
tcp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcp_checksum	.symtab	0x40e1c0	448	FUNC	<unknown>	DEFAULT	3
tcp_kill_port	.symtab	0x40f7b0	2932	FUNC	<unknown>	DEFAULT	3
tfo.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
threebyte_strstr	.symtab	0x41bc88	364	FUNC	<unknown>	DEFAULT	3
time	.symtab	0x41d9b0	112	FUNC	<unknown>	HIDDEN	3
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toggle_obf	.symtab	0x412164	368	FUNC	<unknown>	DEFAULT	3
traverses_stack_p	.symtab	0x420250	344	FUNC	<unknown>	DEFAULT	3
trim	.symtab	0x414f04	312	FUNC	<unknown>	DEFAULT	3
twobyte_strstr	.symtab	0x41bb30	344	FUNC	<unknown>	DEFAULT	3
twoway_strstr	.symtab	0x41bf8c	2580	FUNC	<unknown>	DEFAULT	3
udp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
udp4_checksum	.symtab	0x40ddb4	1036	FUNC	<unknown>	DEFAULT	3
unbin	.symtab	0x4142fc	476	FUNC	<unknown>	DEFAULT	3
unmask_done	.symtab	0x43bc80	4	OBJECT	<unknown>	DEFAULT	15
usleep	.symtab	0x41dfe0	232	FUNC	<unknown>	HIDDEN	3
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_atoi	.symtab	0x411130	968	FUNC	<unknown>	DEFAULT	3
util_fdgets	.symtab	0x411a78	324	FUNC	<unknown>	DEFAULT	3
util_isalpha	.symtab	0x411c24	144	FUNC	<unknown>	DEFAULT	3
util_isdigit	.symtab	0x411d34	104	FUNC	<unknown>	DEFAULT	3
util_isspace	.symtab	0x411cb4	128	FUNC	<unknown>	DEFAULT	3
util_isupper	.symtab	0x411bbc	104	FUNC	<unknown>	DEFAULT	3
util_itoa	.symtab	0x4114f8	572	FUNC	<unknown>	DEFAULT	3
util_memcmp	.symtab	0x410330	288	FUNC	<unknown>	DEFAULT	3
util_memcpy	.symtab	0x410f48	164	FUNC	<unknown>	DEFAULT	3
util_memset	.symtab	0x4105a8	120	FUNC	<unknown>	DEFAULT	3
util_readlink	.symtab	0x410620	976	FUNC	<unknown>	DEFAULT	3
util_startswith	.symtab	0x4109f0	176	FUNC	<unknown>	DEFAULT	3
util_strcat	.symtab	0x410ea0	168	FUNC	<unknown>	DEFAULT	3
util_strcmp	.symtab	0x410cf4	288	FUNC	<unknown>	DEFAULT	3
util_strcpy	.symtab	0x410e14	140	FUNC	<unknown>	DEFAULT	3
util_strdup	.symtab	0x410aa0	160	FUNC	<unknown>	DEFAULT	3
util_stristr	.symtab	0x411734	524	FUNC	<unknown>	DEFAULT	3
util_strlen	.symtab	0x410b40	116	FUNC	<unknown>	DEFAULT	3
util_strncmp	.symtab	0x410bb4	320	FUNC	<unknown>	DEFAULT	3
util_strstr	.symtab	0x410450	344	FUNC	<unknown>	DEFAULT	3
util_zero	.symtab	0x410fec	120	FUNC	<unknown>	DEFAULT	3
vfprintf	.symtab	0x42530c	832	FUNC	<unknown>	HIDDEN	3
vfprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vse.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vsnprintf	.symtab	0x4194dc	516	FUNC	<unknown>	HIDDEN	3
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x43b6dc	4	OBJECT	<unknown>	DEFAULT	15
wcrtomb	.symtab	0x4271d0	1072	FUNC	<unknown>	HIDDEN	3
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wctomb	.symtab	0x426620	116	FUNC	<unknown>	HIDDEN	3
wctomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wra.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
write	.symtab	0x41e0d0	132	FUNC	<unknown>	HIDDEN	3
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
x	.symtab	0x43b6d0	4	OBJECT	<unknown>	DEFAULT	15
xdigits	.symtab	0x429128	16	OBJECT	<unknown>	DEFAULT	5
y	.symtab	0x43b6d4	4	OBJECT	<unknown>	DEFAULT	15
z	.symtab	0x43b6d8	4	OBJECT	<unknown>	DEFAULT	15

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 12, 2024 16:27:58.160324097 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:27:58.165648937 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:27:58.165759087 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:28:00.182436943 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:28:00.187971115 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:28:00.188188076 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:28:00.193459034 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:28:05.735016108 CEST	46540	443	192.168.2.14	185.125.190.26
Oct 12, 2024 16:28:36.965899944 CEST	46540	443	192.168.2.14	185.125.190.26
Oct 12, 2024 16:30:00.276612043 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:30:00.282599926 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:30:01.408159971 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:30:01.408354998 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:30:01.408639908 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:30:01.408641100 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:30:01.408807039 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:30:01.409018040 CEST	50462	5555	192.168.2.14	172.234.244.102
Oct 12, 2024 16:30:01.409468889 CEST	5555	50462	172.234.244.102	192.168.2.14
Oct 12, 2024 16:30:01.409692049 CEST	50462	5555	192.168.2.14	172.234.244.102

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 12, 2024 16:27:58.144002914 CEST	43101	53	192.168.2.14	8.8.8.8
Oct 12, 2024 16:27:58.154752016 CEST	53	43101	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 12, 2024 16:27:58.144002914 CEST	192.168.2.14	8.8.8.8	0x8780	Standard query (0)	dvrhelpers.su	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: na.elf PID: 5490, Parent PID: 5413

General

Start time (UTC):	14:27:56
Start date (UTC):	12/10/2024
Path:	/tmp/na.elf
Arguments:	/tmp/na.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: na.elf PID: 5492, Parent PID: 5490

General

Start time (UTC):	14:27:57
Start date (UTC):	12/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: na.elf PID: 5494, Parent PID: 5492

General

Start time (UTC):	14:27:57
Start date (UTC):	12/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

System Behavior

Analysis Process: na.elf PID: 5490, Parent PID: 5413

General

Chronological Activities

Analysis Process: na.elf PID: 5492, Parent PID: 5490

General

Chronological Activities

Analysis Process: na.elf PID: 5494, Parent PID: 5492

General

Chronological Activities

Linux Analysis Report
na.elf