Edit tour

Linux Analysis Report
i486.elf

Overview

General Information

Sample name:	i486.elf
Analysis ID:	1541013
MD5:	bd0da6d215821625c85f701133b3d758
SHA1:	0b0eca5e58828339727ed228a25e70d98c1a39ed
SHA256:	ed9e82f85045eab3ef7c4e42b9c9ac2b85d4b619e7c34398b96b3eefa8f3a884
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Contains symbols with names commonly found in malware

Machine Learning detection for sample

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541013
Start date and time:	2024-10-24 11:32:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	i486.elf
Detection:	MAL
Classification:	mal64.linELF@0/0@1/0

Warnings

VT rate limit hit for: i486.elf

Runtime Messages

Command:	/tmp/i486.elf
PID:	6206
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

i486.elf (PID: 6206, Parent: 6122, MD5: bd0da6d215821625c85f701133b3d758) Arguments: /tmp/i486.elf

i486.elf New Fork (PID: 6207, Parent: 6206)

i486.elf New Fork (PID: 6208, Parent: 6207)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
i486.elf	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0xb423:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
i486.elf	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x9b32:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00

Memory Dumps

Source	Rule	Description	Author	Strings
6206.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0xb423:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6206.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x9b32:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: i486.elf

ReversingLabs: Detection: 13%

Machine Learning detection for sample

Source: i486.elf

Joe Sandbox ML: detected

Source: i486.elf

String: /lib//sbin//usr//proc//exeself/fd/fd/socket:/proc/proc//exewgetcurlftpmountabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/proc/net/tcp/proc//exe/fd//proc//maps/lib/usr/lib

Source: global traffic

TCP traffic: 192.168.2.23:50922 -> 193.70.75.42:5555

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: global traffic

DNS traffic detected: DNS query: foxthreatnointel.africa

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: i486.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: i486.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6206.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6206.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample	Name: add_attack
Source: ELF static info symbol of initial sample	Name: attack_add_pid
Source: ELF static info symbol of initial sample	Name: attack_init
Source: ELF static info symbol of initial sample	Name: attack_ongoing
Source: ELF static info symbol of initial sample	Name: attack_parse
Source: ELF static info symbol of initial sample	Name: attack_remove_id
Source: ELF static info symbol of initial sample	Name: attack_start
Source: ELF static info symbol of initial sample	Name: attack_stop
Source: ELF static info symbol of initial sample	Name: attacks_ack
Source: ELF static info symbol of initial sample	Name: attacks_gre

Source: i486.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: i486.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6206.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6206.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26

Source: classification engine

Classification label: mal64.linELF@0/0@1/0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
i486.elf	13%	ReversingLabs	Linux.Backdoor.Mirai
i486.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
foxthreatnointel.africa	193.70.75.42	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
193.70.75.42	foxthreatnointel.africa	France	16276	OVHFR	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	boatnet.arm5.elf	Get hash	malicious	Mirai	Browse
	nsharm6.elf	Get hash	malicious	Mirai	Browse
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse
91.189.91.42	boatnet.arm5.elf	Get hash	malicious	Mirai	Browse
	nsharm6.elf	Get hash	malicious	Mirai	Browse
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
foxthreatnointel.africa	SecuriteInfo.com.ELF.Mirai-CKB.17654.5746.elf	Get hash	malicious	Unknown	Browse	178.215.238.42
	SecuriteInfo.com.Linux.Siggen.9999.16805.28476.elf	Get hash	malicious	Unknown	Browse	89.110.102.82
	mips	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	193.124.33.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	boatnet.arm5.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	nsharm6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	botnet.mips.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	bot.arm6.elf	Get hash	malicious	Mirai, Okiru	Browse	185.125.190.26
	na.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
CANONICAL-ASGB	boatnet.arm5.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	nsharm6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	botnet.mips.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	bot.arm6.elf	Get hash	malicious	Mirai, Okiru	Browse	185.125.190.26
	na.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
OVHFR	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	178.32.95.253
	Demande de proposition du CPE Les Coquins.pdf	Get hash	malicious	Unknown	Browse	144.217.158.133
	Demande de proposition du CPE Les Coquins.pdf	Get hash	malicious	Unknown	Browse	144.217.158.133
	http://tracking.nod.ro/tracking/click?d=v4CWpEHK8Z1tV13Kq0SNnCz3l4pJsmApRreVnXMqsPjuOlW2erarYEe1nKHryrl0g1Aum4XVcWSRzzL9_ygST87VKk2nbDBhx1QybYWkDoE7f-SCn7T5e0BBYpqLQzpruG7FRHbBYNDPftLgaaLpRJA1	Get hash	malicious	Unknown	Browse	46.105.88.234
	https://us-west-2.protection.sophos.com/?d=site.pro&u=aHR0cHM6Ly9jbGF1ZGlha3J1ZWdlci5zaXRlLnByby8=&i=NThlN2NjYzYyOTljZjkxNGY4YmM1Njkz&t=QTRyTlRXbysvd3IyNERLT1pJYVNuNlAvU0FLMVAyb2pCN053UGFJSWtBST0=&h=dd65eaa7298b4ffebbd13b01dcbd3434&s=AVNPUEhUT0NFTkNSWVBUSVYfWTd0VrJEAZ1PFPx8UNdDDkWk4HVuGeVZrBnJzV7Ifg	Get hash	malicious	Unknown	Browse	51.75.86.98
	https://wetransfer.com/downloads/21820466a51be0cc0de4ef5fd28415d320241023112541/61ecbec42424c68f99ca983cd530758a20241023112545/5d3030?t_exp=1729941941&t_lsid=761fb8c4-59e5-4423-a2fe-24d132de0406&t_network=email&t_rid=YXV0aDB8NjcxMjZmN2QzOGFjMDNkYThkOGJmMDM3&t_s=download_link&t_ts=1729682745&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01	Get hash	malicious	Unknown	Browse	87.98.227.35
	mpsl.elf	Get hash	malicious	Mirai	Browse	164.133.71.228
	https://docdro.id/1KhZgy2	Get hash	malicious	Unknown	Browse	54.37.79.95
	https://zupimages.net/up/24/42/ol13.jpg?d6mSMvU0ZvpGwffnuqPHYMR7NvlxIzVjDfTD4YJjdRSCOcc	Get hash	malicious	Unknown	Browse	51.38.120.206
	Doc 784-01965670.exe	Get hash	malicious	FormBook	Browse	94.23.162.163
INIT7CH	boatnet.arm5.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	nsharm6.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	na.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	6.300366753469721
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	i486.elf
File size:	94'472 bytes
MD5:	bd0da6d215821625c85f701133b3d758
SHA1:	0b0eca5e58828339727ed228a25e70d98c1a39ed
SHA256:	ed9e82f85045eab3ef7c4e42b9c9ac2b85d4b619e7c34398b96b3eefa8f3a884
SHA512:	2225e74a305b73ca21971dad73b20725acd0beab179b6b8f3d5963a044d8320edefefebdf1def06e7a62df229d4f0c3b9accac3d4bdafc46dccffebab0002199
SSDEEP:	1536:dobXVO9V4z6afHKDaI8PUu3103YkGbrX2G/K0bTvBsmqe:dobgV4Wafqsi3wPmGsmqe
TLSH:	E7934B05A351D072D04703B021D3CBA68630EE762769C92FF3587EB5BF35285B2A676E
File Content Preview:	.ELF....................d...4....4......4. ...(.....................................................$...09..........Q.td................................t.......................U......=.....t..D...................P......P.......u........t....h.............

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	78848
Section Header Size:	40
Number of Section Headers:	25
Header String Table Index:	22

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x8048094	0x94	0x11	0x0	0x6	AX	0	0	1
.text	PROGBITS	0x80480b0	0xb0	0x102b4	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x8058364	0x10364	0xc	0x0	0x6	AX	0	0	1
.rodata	PROGBITS	0x8058380	0x10380	0x1238	0x0	0x2	A	0	0	32
.eh_frame	PROGBITS	0x805a5b8	0x115b8	0x74	0x0	0x3	WA	0	0	4
.ctors	PROGBITS	0x805a62c	0x1162c	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x805a634	0x11634	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x805a63c	0x1163c	0x4	0x0	0x3	WA	0	0	4
.got.plt	PROGBITS	0x805a640	0x11640	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x805a64c	0x1164c	0x90	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x805a6e0	0x116dc	0x3808	0x0	0x3	WA	0	0	32
.comment	PROGBITS	0x0	0x116dc	0x990	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x1206c	0x40	0x0	0x0		0	0	1
.debug_pubnames	PROGBITS	0x0	0x120ac	0x40	0x0	0x0		0	0	1
.debug_info	PROGBITS	0x0	0x120ec	0x60a	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x126f6	0x2ac	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x129a2	0x190	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x12b34	0x80	0x0	0x0		0	0	4
.debug_str	PROGBITS	0x0	0x12bb4	0x127	0x1	0x30	MS	0	0	1
.debug_loc	PROGBITS	0x0	0x12cdb	0x5dd	0x0	0x0		0	0	1
.debug_ranges	PROGBITS	0x0	0x132b8	0x60	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x13318	0xe5	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x137e8	0x23c0	0x10	0x0		24	276	4
.strtab	STRTAB	0x0	0x15ba8	0x1560	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x115b8	0x115b8	6.3728	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x115b8	0x805a5b8	0x805a5b8	0x124	0x3930	2.9741	0x6	RW	0x1000	.eh_frame .ctors .dtors .jcr .got.plt .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x8048094	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80480b0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x8058364	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x8058380	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x805a5b8	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x805a62c	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x805a634	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x805a63c	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x805a640	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x805a64c	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x805a6e0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
C.0.3074	.symtab	0x80584c0	40	OBJECT	<unknown>	DEFAULT	4
C.10.3370	.symtab	0x805877c	12	OBJECT	<unknown>	DEFAULT	4
C.10.3370	.symtab	0x80587c4	16	OBJECT	<unknown>	DEFAULT	4
C.10.3370	.symtab	0x8058825	12	OBJECT	<unknown>	DEFAULT	4
C.11.3371	.symtab	0x8058768	20	OBJECT	<unknown>	DEFAULT	4
C.11.3371	.symtab	0x80587ac	24	OBJECT	<unknown>	DEFAULT	4
C.11.3371	.symtab	0x8058811	20	OBJECT	<unknown>	DEFAULT	4
C.12.3372	.symtab	0x8058754	20	OBJECT	<unknown>	DEFAULT	4
C.12.3372	.symtab	0x8058794	24	OBJECT	<unknown>	DEFAULT	4
C.12.3372	.symtab	0x80587fd	20	OBJECT	<unknown>	DEFAULT	4
C.18.3391	.symtab	0x80587e4	25	OBJECT	<unknown>	DEFAULT	4
C.18.3406	.symtab	0x8058744	16	OBJECT	<unknown>	DEFAULT	4
C.19.3416	.symtab	0x8058734	16	OBJECT	<unknown>	DEFAULT	4
C.9.3369	.symtab	0x8058788	12	OBJECT	<unknown>	DEFAULT	4
C.9.3369	.symtab	0x80587d4	16	OBJECT	<unknown>	DEFAULT	4
C.9.3369	.symtab	0x8058831	12	OBJECT	<unknown>	DEFAULT	4
_DYNAMIC	.symtab	0x0	0	NOTYPE	<unknown>	HIDDEN	SHN_UNDEF
_Exit	.symtab	0x8054da8	21	FUNC	<unknown>	DEFAULT	2
_Exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_GLOBAL_OFFSET_TABLE_	.symtab	0x805a640	0	OBJECT	<unknown>	HIDDEN	9
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__CTOR_END__	.symtab	0x805a630	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x805a62c	0	OBJECT	<unknown>	DEFAULT	6
__DTOR_END__	.symtab	0x805a638	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x805a634	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x805a5b8	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x805a628	0	OBJECT	<unknown>	DEFAULT	5
__JCR_END__	.symtab	0x805a63c	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x805a63c	0	OBJECT	<unknown>	DEFAULT	8
___environ	.symtab	0x805bc40	4	OBJECT	<unknown>	DEFAULT	11
__aio_close	.symtab	0x8054a84	5	FUNC	<unknown>	DEFAULT	2
__block_all_sigs	.symtab	0x8053af7	31	FUNC	<unknown>	DEFAULT	2
__block_app_sigs	.symtab	0x8053ad8	31	FUNC	<unknown>	DEFAULT	2
__bss_start	.symtab	0x805a6dc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__clock_gettime	.symtab	0x80549a0	87	FUNC	<unknown>	DEFAULT	2
__copy_tls	.symtab	0x8054c04	96	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info_bases	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__do_global_ctors_aux	.symtab	0x8058330	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x80480b0	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x805a64c	0	OBJECT	<unknown>	HIDDEN	10
__environ	.symtab	0x805bc40	4	OBJECT	<unknown>	DEFAULT	11
__environ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__errno_location	.symtab	0x8051acc	10	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__expand_heap	.symtab	0x8055900	389	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x805a62c	0	NOTYPE	<unknown>	HIDDEN	6
__fini_array_start	.symtab	0x805a62c	0	NOTYPE	<unknown>	HIDDEN	6
__fork_handler	.symtab	0x8053a1c	1	FUNC	<unknown>	DEFAULT	2
__fpclassifyl	.symtab	0x8057afc	103	FUNC	<unknown>	DEFAULT	2
__fpclassifyl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__funcs_on_exit	.symtab	0x8051ad8	1	FUNC	<unknown>	DEFAULT	2
__fwritex	.symtab	0x8057d60	152	FUNC	<unknown>	DEFAULT	2
__get_handler_set	.symtab	0x8055a88	23	FUNC	<unknown>	DEFAULT	2
__hwcap	.symtab	0x805de80	4	OBJECT	<unknown>	DEFAULT	11
__inet_aton	.symtab	0x8053380	234	FUNC	<unknown>	DEFAULT	2
__init_array_end	.symtab	0x805a62c	0	NOTYPE	<unknown>	HIDDEN	6
__init_array_start	.symtab	0x805a62c	0	NOTYPE	<unknown>	HIDDEN	6
__init_ssp	.symtab	0x8051949	1	FUNC	<unknown>	DEFAULT	2
__init_tls	.symtab	0x8054c64	324	FUNC	<unknown>	DEFAULT	2
__init_tls.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__intscan	.symtab	0x8054dc0	1929	FUNC	<unknown>	DEFAULT	2
__lctrans	.symtab	0x8057ad5	5	FUNC	<unknown>	DEFAULT	2
__lctrans.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lctrans_cur	.symtab	0x8057ada	32	FUNC	<unknown>	DEFAULT	2
__lctrans_impl	.symtab	0x8057ad0	5	FUNC	<unknown>	DEFAULT	2
__libc	.symtab	0x805dea0	52	OBJECT	<unknown>	DEFAULT	11
__libc_sigaction	.symtab	0x8055a9f	331	FUNC	<unknown>	DEFAULT	2
__libc_start_main	.symtab	0x805194a	386	FUNC	<unknown>	DEFAULT	2
__libc_start_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lock	.symtab	0x805483b	52	FUNC	<unknown>	DEFAULT	2
__lock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__lockfile	.symtab	0x8057ca1	78	FUNC	<unknown>	DEFAULT	2
__lockfile.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__madvise	.symtab	0x8053094	33	FUNC	<unknown>	DEFAULT	2
__malloc0	.symtab	0x8053050	65	FUNC	<unknown>	DEFAULT	2
__memcpy_fwd	.symtab	0x8053f50	0	NOTYPE	<unknown>	HIDDEN	2
__mmap	.symtab	0x80530b9	162	FUNC	<unknown>	DEFAULT	2
__mremap	.symtab	0x805315c	64	FUNC	<unknown>	DEFAULT	2
__munmap	.symtab	0x805319d	44	FUNC	<unknown>	DEFAULT	2
__ofl_lock	.symtab	0x8058051	22	FUNC	<unknown>	DEFAULT	2
__ofl_unlock	.symtab	0x8058040	17	FUNC	<unknown>	DEFAULT	2
__progname	.symtab	0x805b7d0	4	OBJECT	<unknown>	DEFAULT	11
__progname_full	.symtab	0x805b7d4	4	OBJECT	<unknown>	DEFAULT	11
__register_frame_info_bases	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__restore	.symtab	0x8057c48	0	FUNC	<unknown>	DEFAULT	2
__restore_rt	.symtab	0x8057c50	0	FUNC	<unknown>	DEFAULT	2
__restore_sigs	.symtab	0x8053b16	31	FUNC	<unknown>	DEFAULT	2
__set_thread_area	.symtab	0x80579e4	0	FUNC	<unknown>	DEFAULT	2
__shgetc	.symtab	0x80555d0	273	FUNC	<unknown>	DEFAULT	2
__shlim	.symtab	0x8055550	118	FUNC	<unknown>	DEFAULT	2
__sigaction	.symtab	0x8055bea	42	FUNC	<unknown>	DEFAULT	2
__signbitl	.symtab	0x8057b64	35	FUNC	<unknown>	DEFAULT	2
__signbitl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__simple_malloc	.symtab	0x8051e40	245	FUNC	<unknown>	DEFAULT	2
__static_tls	.symtab	0x805ded8	16	OBJECT	<unknown>	DEFAULT	11
__stderr_used	.symtab	0x805bd70	4	OBJECT	<unknown>	DEFAULT	11
__stdin_used	.symtab	0x805bd70	4	OBJECT	<unknown>	DEFAULT	11
__stdio_exit	.symtab	0x8057fc9	47	FUNC	<unknown>	DEFAULT	2
__stdio_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__stdio_exit_needed	.symtab	0x8057fc9	47	FUNC	<unknown>	DEFAULT	2
__stdout_used	.symtab	0x805bd70	4	OBJECT	<unknown>	DEFAULT	11
__stpcpy	.symtab	0x8057660	131	FUNC	<unknown>	DEFAULT	2
__stpncpy	.symtab	0x80576f0	206	FUNC	<unknown>	DEFAULT	2
__strchrnul	.symtab	0x80577f0	203	FUNC	<unknown>	DEFAULT	2
__strerror_l	.symtab	0x8057a68	74	FUNC	<unknown>	DEFAULT	2
__strtoimax_internal	.symtab	0x8053ed2	5	FUNC	<unknown>	DEFAULT	2
__strtol_internal	.symtab	0x8053e76	31	FUNC	<unknown>	DEFAULT	2
__strtoll_internal	.symtab	0x8053eb1	33	FUNC	<unknown>	DEFAULT	2
__strtoul_internal	.symtab	0x8053e95	28	FUNC	<unknown>	DEFAULT	2
__strtoull_internal	.symtab	0x8053ed7	33	FUNC	<unknown>	DEFAULT	2
__strtoumax_internal	.symtab	0x8053ef8	5	FUNC	<unknown>	DEFAULT	2
__syscall	.symtab	0x8051d47	0	FUNC	<unknown>	HIDDEN	2
__syscall_cp	.symtab	0x8054870	5	FUNC	<unknown>	DEFAULT	2
__syscall_cp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_cp_c	.symtab	0x8054875	5	FUNC	<unknown>	DEFAULT	2
__syscall_ret	.symtab	0x8051d70	39	FUNC	<unknown>	DEFAULT	2
__sysinfo	.symtab	0x805ded4	4	OBJECT	<unknown>	HIDDEN	11
__sysv_signal	.symtab	0x8053bac	98	FUNC	<unknown>	DEFAULT	2
__toread	.symtab	0x8057cf0	104	FUNC	<unknown>	DEFAULT	2
__toread.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__toread_needs_stdio_exit	.symtab	0x8057d58	5	FUNC	<unknown>	DEFAULT	2
__towrite	.symtab	0x8057ff8	65	FUNC	<unknown>	DEFAULT	2
__towrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__towrite_needs_stdio_exit	.symtab	0x8058039	5	FUNC	<unknown>	DEFAULT	2
__udivdi3	.symtab	0x8058070	331	FUNC	<unknown>	HIDDEN	2
__uflow	.symtab	0x8055c14	54	FUNC	<unknown>	DEFAULT	2
__uflow.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__umoddi3	.symtab	0x80581c0	367	FUNC	<unknown>	HIDDEN	2
__unlock	.symtab	0x80547f4	71	FUNC	<unknown>	DEFAULT	2
__unlockfile	.symtab	0x8057c58	73	FUNC	<unknown>	DEFAULT	2
__vdsosym	.symtab	0x80556f0	525	FUNC	<unknown>	DEFAULT	2
__vm_wait	.symtab	0x80530b8	1	FUNC	<unknown>	DEFAULT	2
__vsyscall	.symtab	0x8051cfc	0	FUNC	<unknown>	HIDDEN	2
__vsyscall6	.symtab	0x8051d2d	0	FUNC	<unknown>	HIDDEN	2
__wait	.symtab	0x805487c	148	FUNC	<unknown>	DEFAULT	2
__wait.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_atoi	.symtab	0x80510b7	76	FUNC	<unknown>	DEFAULT	2
_edata	.symtab	0x805a6dc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x805dee8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_environ	.symtab	0x805bc40	4	OBJECT	<unknown>	DEFAULT	11
_fini	.symtab	0x8058364	0	NOTYPE	<unknown>	DEFAULT	3
_init	.symtab	0x8048094	0	NOTYPE	<unknown>	DEFAULT	1
_start	.symtab	0x8048164	0	NOTYPE	<unknown>	DEFAULT	2
_start_c	.symtab	0x804817f	35	FUNC	<unknown>	DEFAULT	2
ack.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
add_attack	.symtab	0x8049af5	125	FUNC	<unknown>	DEFAULT	2
add_entry	.symtab	0x8051784	99	FUNC	<unknown>	DEFAULT	2
all_mask	.symtab	0x80589b4	8	OBJECT	<unknown>	DEFAULT	4
alloc_fwd	.symtab	0x80521a0	561	FUNC	<unknown>	DEFAULT	2
alloc_rev	.symtab	0x8051f40	594	FUNC	<unknown>	DEFAULT	2
app_mask	.symtab	0x80589ac	8	OBJECT	<unknown>	DEFAULT	4
atoi	.symtab	0x8053d84	76	FUNC	<unknown>	DEFAULT	2
atoi.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_add_pid	.symtab	0x804949a	69	FUNC	<unknown>	DEFAULT	2
attack_init	.symtab	0x80492b8	229	FUNC	<unknown>	DEFAULT	2
attack_ongoing	.symtab	0x805a740	80	OBJECT	<unknown>	DEFAULT	11
attack_parse	.symtab	0x804952a	772	FUNC	<unknown>	DEFAULT	2
attack_remove_id	.symtab	0x80494df	75	FUNC	<unknown>	DEFAULT	2
attack_start	.symtab	0x804982e	268	FUNC	<unknown>	DEFAULT	2
attack_stop	.symtab	0x804939d	253	FUNC	<unknown>	DEFAULT	2
attacks_ack	.symtab	0x804a024	1379	FUNC	<unknown>	DEFAULT	2
attacks_gre	.symtab	0x804a588	1117	FUNC	<unknown>	DEFAULT	2
attacks_icmp	.symtab	0x804a9e8	1022	FUNC	<unknown>	DEFAULT	2
attacks_raknet	.symtab	0x804ade8	1797	FUNC	<unknown>	DEFAULT	2
attacks_rand	.symtab	0x804b4f0	1078	FUNC	<unknown>	DEFAULT	2
attacks_socket	.symtab	0x804b981	1371	FUNC	<unknown>	DEFAULT	2
attacks_std	.symtab	0x804bedc	1120	FUNC	<unknown>	DEFAULT	2
attacks_stomp	.symtab	0x804c33c	2131	FUNC	<unknown>	DEFAULT	2
attacks_syn	.symtab	0x804cb90	1778	FUNC	<unknown>	DEFAULT	2
attacks_tfo	.symtab	0x804d284	1834	FUNC	<unknown>	DEFAULT	2
attacks_udp	.symtab	0x804d9b0	1414	FUNC	<unknown>	DEFAULT	2
attacks_vse	.symtab	0x804df38	1387	FUNC	<unknown>	DEFAULT	2
attacks_wra	.symtab	0x804e4a4	1778	FUNC	<unknown>	DEFAULT	2
authenticate	.symtab	0x8048b4b	264	FUNC	<unknown>	DEFAULT	2
bind	.symtab	0x80531cc	83	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
block.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk.1727	.symtab	0x805bd60	4	OBJECT	<unknown>	DEFAULT	11
bsd_signal	.symtab	0x8053bac	98	FUNC	<unknown>	DEFAULT	2
builtin_tls	.symtab	0x805bc44	280	OBJECT	<unknown>	DEFAULT	11
calloc	.symtab	0x8051e00	63	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cgt.1877	.symtab	0x805bc3c	4	OBJECT	<unknown>	DEFAULT	11
check_conn	.symtab	0x804b928	89	FUNC	<unknown>	DEFAULT	2
check_proc	.symtab	0x804f529	545	FUNC	<unknown>	DEFAULT	2
checksum	.symtab	0x804f820	141	FUNC	<unknown>	DEFAULT	2
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock	.symtab	0x805494c	81	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_gettime	.symtab	0x80549a0	87	FUNC	<unknown>	DEFAULT	2
clock_gettime.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x8054a89	57	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close_file	.symtab	0x8057f7c	77	FUNC	<unknown>	DEFAULT	2
closedir	.symtab	0x8051870	34	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cnc_ports	.symtab	0x805a658	16	OBJECT	<unknown>	DEFAULT	10
command_parse	.symtab	0x80481a4	655	FUNC	<unknown>	DEFAULT	2
completed.4058	.symtab	0x805a6e0	1	OBJECT	<unknown>	DEFAULT	11
conn	.symtab	0x805bd80	8368	OBJECT	<unknown>	DEFAULT	11
connect	.symtab	0x8053220	87	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crt1.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
cur.1594	.symtab	0x805b7e4	4	OBJECT	<unknown>	DEFAULT	11
dummy	.symtab	0x8051948	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x8051ad8	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x80530b8	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x805319c	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x8053a1c	1	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x8054a84	5	FUNC	<unknown>	DEFAULT	2
dummy	.symtab	0x8057ad0	5	FUNC	<unknown>	DEFAULT	2
dummy1	.symtab	0x8051949	1	FUNC	<unknown>	DEFAULT	2
dummy_file	.symtab	0x805bd70	4	OBJECT	<unknown>	DEFAULT	11
dup2	.symtab	0x8054ac4	32	FUNC	<unknown>	DEFAULT	2
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
end.1595	.symtab	0x805b7e0	4	OBJECT	<unknown>	DEFAULT	11
end.3155	.symtab	0x805b800	4	OBJECT	<unknown>	DEFAULT	11
environ	.symtab	0x805bc40	4	OBJECT	<unknown>	DEFAULT	11
errid	.symtab	0x8058e50	88	OBJECT	<unknown>	DEFAULT	4
errmsg	.symtab	0x8058ea8	1804	OBJECT	<unknown>	DEFAULT	4
esi_fd	.symtab	0x805a668	4	OBJECT	<unknown>	DEFAULT	10
exe_access	.symtab	0x804f298	279	FUNC	<unknown>	DEFAULT	2
execve	.symtab	0x80539f8	33	FUNC	<unknown>	DEFAULT	2
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x8051ad9	51	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
expand_heap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x8051b0c	373	FUNC	<unknown>	DEFAULT	2
fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt_u	.symtab	0x8055cfd	87	FUNC	<unknown>	DEFAULT	2
fork	.symtab	0x8053a1d	138	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x8048110	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x80523e0	1107	FUNC	<unknown>	DEFAULT	2
free_opts	.symtab	0x8049b72	86	FUNC	<unknown>	DEFAULT	2
frexpl	.symtab	0x8057b88	155	FUNC	<unknown>	DEFAULT	2
frexpl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite	.symtab	0x8057df8	115	FUNC	<unknown>	DEFAULT	2
fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x8057df8	115	FUNC	<unknown>	DEFAULT	2
get_local_addr	.symtab	0x8051471	157	FUNC	<unknown>	DEFAULT	2
getint	.symtab	0x8055d54	37	FUNC	<unknown>	DEFAULT	2
getpid	.symtab	0x8054ae4	11	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x8054af0	11	FUNC	<unknown>	DEFAULT	2
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x8053278	83	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x80532cc	83	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gre.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
handler_set	.symtab	0x805bd68	8	OBJECT	<unknown>	DEFAULT	11
head	.symtab	0x805a790	4	OBJECT	<unknown>	DEFAULT	11
heap_lock.3154	.symtab	0x805b804	8	OBJECT	<unknown>	DEFAULT	11
htonl	.symtab	0x8053320	41	FUNC	<unknown>	DEFAULT	2
htonl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
htons	.symtab	0x805334c	12	FUNC	<unknown>	DEFAULT	2
htons.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
icmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_addr	.symtab	0x8053358	37	FUNC	<unknown>	DEFAULT	2
inet_addr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_aton	.symtab	0x8053380	234	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x805346c	582	FUNC	<unknown>	DEFAULT	2
inet_ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
intscan.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x8053b38	27	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_add_process	.symtab	0x804ec6d	67	FUNC	<unknown>	DEFAULT	2
killer_check_paths	.symtab	0x804eb98	144	FUNC	<unknown>	DEFAULT	2
killer_find_realpath	.symtab	0x804ecb0	109	FUNC	<unknown>	DEFAULT	2
killer_pid	.symtab	0x805a700	4	OBJECT	<unknown>	DEFAULT	11
killer_realpath	.symtab	0x805a7c0	4096	OBJECT	<unknown>	DEFAULT	11
killer_shoot_list	.symtab	0x804ed1d	438	FUNC	<unknown>	DEFAULT	2
killer_start	.symtab	0x804eed3	962	FUNC	<unknown>	DEFAULT	2
killer_vanish_list	.symtab	0x804ec28	69	FUNC	<unknown>	DEFAULT	2
libc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listen	.symtab	0x80536b4	83	FUNC	<unknown>	DEFAULT	2
listen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lite_malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lock.1596	.symtab	0x805b7d8	8	OBJECT	<unknown>	DEFAULT	11
locker.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
locker_find	.symtab	0x804f3af	111	FUNC	<unknown>	DEFAULT	2
locker_getpids	.symtab	0x804f49c	141	FUNC	<unknown>	DEFAULT	2
locker_init	.symtab	0x804f74a	211	FUNC	<unknown>	DEFAULT	2
locker_insert	.symtab	0x804f41e	126	FUNC	<unknown>	DEFAULT	2
locker_pid	.symtab	0x805a6fc	4	OBJECT	<unknown>	DEFAULT	11
locker_process	.symtab	0x8048e2f	127	FUNC	<unknown>	DEFAULT	2
locker_status	.symtab	0x805a704	1	OBJECT	<unknown>	DEFAULT	11
madvise	.symtab	0x8053094	33	FUNC	<unknown>	DEFAULT	2
madvise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
main	.symtab	0x804903f	631	FUNC	<unknown>	DEFAULT	2
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
main_check_connection	.symtab	0x804883e	157	FUNC	<unknown>	DEFAULT	2
main_disconnect_connection	.symtab	0x80488db	111	FUNC	<unknown>	DEFAULT	2
main_handle_connection	.symtab	0x8048c53	426	FUNC	<unknown>	DEFAULT	2
main_make_connection	.symtab	0x8048433	1035	FUNC	<unknown>	DEFAULT	2
main_read_connection	.symtab	0x8048af5	86	FUNC	<unknown>	DEFAULT	2
main_read_data	.symtab	0x804894a	350	FUNC	<unknown>	DEFAULT	2
mal	.symtab	0x805b820	1040	OBJECT	<unknown>	DEFAULT	11
malloc	.symtab	0x8052840	1459	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x80575a0	178	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcmp	.symtab	0x8053f00	80	FUNC	<unknown>	DEFAULT	2
memcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x8053f50	0	FUNC	<unknown>	DEFAULT	2
memmove	.symtab	0x8053f8c	0	FUNC	<unknown>	DEFAULT	2
memset	.symtab	0x8053fc0	0	FUNC	<unknown>	DEFAULT	2
methods	.symtab	0x805a724	4	OBJECT	<unknown>	DEFAULT	11
methods_len	.symtab	0x805a720	1	OBJECT	<unknown>	DEFAULT	11
mmap	.symtab	0x80530b9	162	FUNC	<unknown>	DEFAULT	2
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mmap64	.symtab	0x80530b9	162	FUNC	<unknown>	DEFAULT	2
mmap_step.1728	.symtab	0x805bd5c	4	OBJECT	<unknown>	DEFAULT	11
mremap	.symtab	0x805315c	64	FUNC	<unknown>	DEFAULT	2
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x805319d	44	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
nanosleep	.symtab	0x8057a3c	41	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohl	.symtab	0x8053708	41	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x8053734	12	FUNC	<unknown>	DEFAULT	2
ntohs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
number	.symtab	0x805a654	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a66c	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a670	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a674	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a678	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a67c	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a680	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a684	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a688	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a68c	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a690	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a694	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a698	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a69c	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6a0	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6a4	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6a8	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6ac	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6b0	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6b4	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6b8	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6bc	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6c0	4	OBJECT	<unknown>	DEFAULT	10
number	.symtab	0x805a6c4	4	OBJECT	<unknown>	DEFAULT	10
object.4070	.symtab	0x805a6e4	24	OBJECT	<unknown>	DEFAULT	11
ofl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ofl_head	.symtab	0x805bd74	4	OBJECT	<unknown>	DEFAULT	11
ofl_lock	.symtab	0x805bd78	8	OBJECT	<unknown>	DEFAULT	11
open	.symtab	0x8051c84	120	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
open64	.symtab	0x8051c84	120	FUNC	<unknown>	DEFAULT	2
opendir	.symtab	0x8051894	69	FUNC	<unknown>	DEFAULT	2
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
options_hex	.symtab	0x80499eb	266	FUNC	<unknown>	DEFAULT	2
options_int	.symtab	0x8049991	90	FUNC	<unknown>	DEFAULT	2
options_str	.symtab	0x804993a	87	FUNC	<unknown>	DEFAULT	2
out	.symtab	0x8055d79	26	FUNC	<unknown>	DEFAULT	2
p.1232	.symtab	0x805bc38	4	OBJECT	<unknown>	DEFAULT	11
p.4056	.symtab	0x805a650	0	OBJECT	<unknown>	DEFAULT	10
pad	.symtab	0x8055d93	126	FUNC	<unknown>	DEFAULT	2
parse.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pipe	.symtab	0x8054afc	23	FUNC	<unknown>	DEFAULT	2
pipe.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pop_arg	.symtab	0x8055c4c	177	FUNC	<unknown>	DEFAULT	2
prctl	.symtab	0x8051d98	95	FUNC	<unknown>	DEFAULT	2
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
printf_core	.symtab	0x8055e11	5694	FUNC	<unknown>	DEFAULT	2
profiles.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
program_invocation_name	.symtab	0x805b7d4	4	OBJECT	<unknown>	DEFAULT	11
program_invocation_short_name	.symtab	0x805b7d0	4	OBJECT	<unknown>	DEFAULT	11
pthread_sigmask	.symtab	0x8054910	57	FUNC	<unknown>	DEFAULT	2
pthread_sigmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
raknet.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x80539b9	60	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_domain	.symtab	0x804fbf1	134	FUNC	<unknown>	DEFAULT	2
rand_init	.symtab	0x804fb3c	77	FUNC	<unknown>	DEFAULT	2
rand_next	.symtab	0x804fb89	104	FUNC	<unknown>	DEFAULT	2
rand_num	.symtab	0x804fc77	48	FUNC	<unknown>	DEFAULT	2
rand_str	.symtab	0x804fca7	96	FUNC	<unknown>	DEFAULT	2
read	.symtab	0x8054b14	40	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir	.symtab	0x80518dc	108	FUNC	<unknown>	DEFAULT	2
readdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir64	.symtab	0x80518dc	108	FUNC	<unknown>	DEFAULT	2
readlink	.symtab	0x8054b3c	33	FUNC	<unknown>	DEFAULT	2
readlink.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x8052e00	584	FUNC	<unknown>	DEFAULT	2
recv	.symtab	0x8053740	32	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvfrom	.symtab	0x8053760	87	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_domain_to_hostname	.symtab	0x804fd08	125	FUNC	<unknown>	DEFAULT	2
resolv_entries_free	.symtab	0x80504a7	56	FUNC	<unknown>	DEFAULT	2
resolv_lookup	.symtab	0x804fe10	1687	FUNC	<unknown>	DEFAULT	2
resolv_skip_name	.symtab	0x804fd85	139	FUNC	<unknown>	DEFAULT	2
resolver.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
root	.symtab	0x805a7a0	4	OBJECT	<unknown>	DEFAULT	11
sc_clock_gettime	.symtab	0x80549f7	95	FUNC	<unknown>	DEFAULT	2
sccp	.symtab	0x8054875	5	FUNC	<unknown>	DEFAULT	2
seed	.symtab	0x805bc30	8	OBJECT	<unknown>	DEFAULT	11
select	.symtab	0x8053aa8	47	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
select_profile	.symtab	0x8049bc8	1115	FUNC	<unknown>	DEFAULT	2
send	.symtab	0x80537b8	32	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send_heartbeat	.symtab	0x8048aa8	77	FUNC	<unknown>	DEFAULT	2
sendto	.symtab	0x80537d8	87	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0x8054b60	23	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x8053830	83	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
shgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaction	.symtab	0x8055bea	42	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x8053b54	68	FUNC	<unknown>	DEFAULT	2
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x8053b98	20	FUNC	<unknown>	DEFAULT	2
sigemptyset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x8053bac	98	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x8053c10	46	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
single_instance	.symtab	0x8048eae	401	FUNC	<unknown>	DEFAULT	2
sleep	.symtab	0x8054b78	49	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sn_write	.symtab	0x8053d4f	51	FUNC	<unknown>	DEFAULT	2
snprintf	.symtab	0x8053c5c	33	FUNC	<unknown>	DEFAULT	2
snprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x8053884	287	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x80539a4	21	FUNC	<unknown>	DEFAULT	2
start_killer_pid	.symtab	0x8048dfd	50	FUNC	<unknown>	DEFAULT	2
stat	.symtab	0x8053c40	27	FUNC	<unknown>	DEFAULT	2
stat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stat64	.symtab	0x8053c40	27	FUNC	<unknown>	DEFAULT	2
states	.symtab	0x8058c2c	464	OBJECT	<unknown>	DEFAULT	4
std.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stomp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stpcpy	.symtab	0x8057660	131	FUNC	<unknown>	DEFAULT	2
stpcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stpncpy	.symtab	0x80576f0	206	FUNC	<unknown>	DEFAULT	2
stpncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x80577c0	43	FUNC	<unknown>	DEFAULT	2
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchrnul	.symtab	0x80577f0	203	FUNC	<unknown>	DEFAULT	2
strchrnul.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x80578c0	43	FUNC	<unknown>	DEFAULT	2
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcpy	.symtab	0x8054080	31	FUNC	<unknown>	DEFAULT	2
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcspn	.symtab	0x80578f0	242	FUNC	<unknown>	DEFAULT	2
strcspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror	.symtab	0x8057ab2	28	FUNC	<unknown>	DEFAULT	2
strerror.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_l	.symtab	0x8057a68	74	FUNC	<unknown>	DEFAULT	2
strlen	.symtab	0x80540a0	81	FUNC	<unknown>	DEFAULT	2
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x8054100	39	FUNC	<unknown>	DEFAULT	2
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x8054130	193	FUNC	<unknown>	DEFAULT	2
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x8054200	1386	FUNC	<unknown>	DEFAULT	2
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoimax	.symtab	0x8053ed2	5	FUNC	<unknown>	DEFAULT	2
strtok	.symtab	0x8054770	131	FUNC	<unknown>	DEFAULT	2
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x8053e76	31	FUNC	<unknown>	DEFAULT	2
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtoll	.symtab	0x8053eb1	33	FUNC	<unknown>	DEFAULT	2
strtoul	.symtab	0x8053e95	28	FUNC	<unknown>	DEFAULT	2
strtoull	.symtab	0x8053ed7	33	FUNC	<unknown>	DEFAULT	2
strtoumax	.symtab	0x8053ef8	5	FUNC	<unknown>	DEFAULT	2
strtox	.symtab	0x8053dd0	166	FUNC	<unknown>	DEFAULT	2
syn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
syscall_ret.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table	.symtab	0x8058a00	257	OBJECT	<unknown>	DEFAULT	4
table	.symtab	0x805de40	40	OBJECT	<unknown>	DEFAULT	11
table.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table_init	.symtab	0x805165c	88	FUNC	<unknown>	DEFAULT	2
table_key	.symtab	0x805a6c8	16	OBJECT	<unknown>	DEFAULT	10
table_lock_val	.symtab	0x80516e9	53	FUNC	<unknown>	DEFAULT	2
table_retrieve_val	.symtab	0x805171e	102	FUNC	<unknown>	DEFAULT	2
table_unlock_val	.symtab	0x80516b4	53	FUNC	<unknown>	DEFAULT	2
tcp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcp_checksum	.symtab	0x804fa6a	209	FUNC	<unknown>	DEFAULT	2
tcp_kill_port	.symtab	0x80504e0	1631	FUNC	<unknown>	DEFAULT	2
tfo.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
time	.symtab	0x8054a58	42	FUNC	<unknown>	DEFAULT	2
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toggle_obf	.symtab	0x80517e7	137	FUNC	<unknown>	DEFAULT	2
udp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
udp4_checksum	.symtab	0x804f8ad	445	FUNC	<unknown>	DEFAULT	2
unmask_done	.symtab	0x805bd64	4	OBJECT	<unknown>	DEFAULT	11
usleep	.symtab	0x8054bac	47	FUNC	<unknown>	DEFAULT	2
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_atoi	.symtab	0x8051103	424	FUNC	<unknown>	DEFAULT	2
util_fdgets	.symtab	0x805150e	129	FUNC	<unknown>	DEFAULT	2
util_isalpha	.symtab	0x80515bc	57	FUNC	<unknown>	DEFAULT	2
util_isdigit	.symtab	0x805162e	45	FUNC	<unknown>	DEFAULT	2
util_isspace	.symtab	0x80515f5	57	FUNC	<unknown>	DEFAULT	2
util_isupper	.symtab	0x805158f	45	FUNC	<unknown>	DEFAULT	2
util_itoa	.symtab	0x80512ab	253	FUNC	<unknown>	DEFAULT	2
util_memcmp	.symtab	0x8050b40	106	FUNC	<unknown>	DEFAULT	2
util_memcpy	.symtab	0x8051066	47	FUNC	<unknown>	DEFAULT	2
util_memset	.symtab	0x8050c2a	36	FUNC	<unknown>	DEFAULT	2
util_readlink	.symtab	0x8050c4e	570	FUNC	<unknown>	DEFAULT	2
util_startswith	.symtab	0x8050e88	63	FUNC	<unknown>	DEFAULT	2
util_strcat	.symtab	0x805103a	44	FUNC	<unknown>	DEFAULT	2
util_strcmp	.symtab	0x8050fa1	106	FUNC	<unknown>	DEFAULT	2
util_strcpy	.symtab	0x805100b	47	FUNC	<unknown>	DEFAULT	2
util_strdup	.symtab	0x8050ec7	64	FUNC	<unknown>	DEFAULT	2
util_stristr	.symtab	0x80513a8	201	FUNC	<unknown>	DEFAULT	2
util_strlen	.symtab	0x8050f07	40	FUNC	<unknown>	DEFAULT	2
util_strncmp	.symtab	0x8050f2f	114	FUNC	<unknown>	DEFAULT	2
util_strstr	.symtab	0x8050baa	128	FUNC	<unknown>	DEFAULT	2
util_zero	.symtab	0x8051095	34	FUNC	<unknown>	DEFAULT	2
vdso.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vfprintf	.symtab	0x805744f	333	FUNC	<unknown>	DEFAULT	2
vfprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vse.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vsnprintf	.symtab	0x8053c80	207	FUNC	<unknown>	DEFAULT	2
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x805b7cc	4	OBJECT	<unknown>	DEFAULT	11
wcrtomb	.symtab	0x8057e6c	270	FUNC	<unknown>	DEFAULT	2
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wctomb	.symtab	0x8057c24	33	FUNC	<unknown>	DEFAULT	2
wctomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wra.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
write	.symtab	0x8054bdc	40	FUNC	<unknown>	DEFAULT	2
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
x	.symtab	0x805b7c0	4	OBJECT	<unknown>	DEFAULT	11
xdigits	.symtab	0x8058dfc	16	OBJECT	<unknown>	DEFAULT	4
y	.symtab	0x805b7c4	4	OBJECT	<unknown>	DEFAULT	11
z	.symtab	0x805b7c8	4	OBJECT	<unknown>	DEFAULT	11

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 11:33:04.460598946 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 24, 2024 11:33:06.090667963 CEST	50922	5555	192.168.2.23	193.70.75.42
Oct 24, 2024 11:33:06.097945929 CEST	5555	50922	193.70.75.42	192.168.2.23
Oct 24, 2024 11:33:06.098016977 CEST	50922	5555	192.168.2.23	193.70.75.42
Oct 24, 2024 11:33:08.099093914 CEST	50922	5555	192.168.2.23	193.70.75.42
Oct 24, 2024 11:33:08.104418039 CEST	5555	50922	193.70.75.42	192.168.2.23
Oct 24, 2024 11:33:08.104461908 CEST	50922	5555	192.168.2.23	193.70.75.42
Oct 24, 2024 11:33:08.109770060 CEST	5555	50922	193.70.75.42	192.168.2.23
Oct 24, 2024 11:33:09.835799932 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 24, 2024 11:33:11.371615887 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 24, 2024 11:33:26.217397928 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 24, 2024 11:33:36.456248045 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 24, 2024 11:33:42.599384069 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 24, 2024 11:34:07.171858072 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 24, 2024 11:35:08.191968918 CEST	50922	5555	192.168.2.23	193.70.75.42
Oct 24, 2024 11:35:08.197491884 CEST	5555	50922	193.70.75.42	192.168.2.23
Oct 24, 2024 11:35:08.506351948 CEST	5555	50922	193.70.75.42	192.168.2.23
Oct 24, 2024 11:35:08.506609917 CEST	50922	5555	192.168.2.23	193.70.75.42

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 11:33:06.081237078 CEST	38160	53	192.168.2.23	8.8.8.8
Oct 24, 2024 11:33:06.090548038 CEST	53	38160	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 11:33:06.081237078 CEST	192.168.2.23	8.8.8.8	0x52b7	Standard query (0)	foxthreatnointel.africa	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 11:33:06.090548038 CEST	8.8.8.8	192.168.2.23	0x52b7	No error (0)	foxthreatnointel.africa	193.70.75.42	A (IP address)	IN (0x0001)	false
Oct 24, 2024 11:33:06.090548038 CEST	8.8.8.8	192.168.2.23	0x52b7	No error (0)	foxthreatnointel.africa	178.215.238.10	A (IP address)	IN (0x0001)	false
Oct 24, 2024 11:33:06.090548038 CEST	8.8.8.8	192.168.2.23	0x52b7	No error (0)	foxthreatnointel.africa	141.94.169.35	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: i486.elf PID: 6206, Parent PID: 6122

General

Start time (UTC):	09:33:04
Start date (UTC):	24/10/2024
Path:	/tmp/i486.elf
Arguments:	/tmp/i486.elf
File size:	94472 bytes
MD5 hash:	bd0da6d215821625c85f701133b3d758

Chronological Activities

Analysis Process: i486.elf PID: 6207, Parent PID: 6206

General

Start time (UTC):	09:33:04
Start date (UTC):	24/10/2024
Path:	/tmp/i486.elf
Arguments:	-
File size:	94472 bytes
MD5 hash:	bd0da6d215821625c85f701133b3d758

Chronological Activities

Analysis Process: i486.elf PID: 6208, Parent PID: 6207

General

Start time (UTC):	09:33:04
Start date (UTC):	24/10/2024
Path:	/tmp/i486.elf
Arguments:	-
File size:	94472 bytes
MD5 hash:	bd0da6d215821625c85f701133b3d758

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report i486.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: i486.elf PID: 6206, Parent PID: 6122

General

Chronological Activities

Analysis Process: i486.elf PID: 6207, Parent PID: 6206

General

Chronological Activities

Analysis Process: i486.elf PID: 6208, Parent PID: 6207

General

Chronological Activities

Linux Analysis Report
i486.elf