Linux Analysis Report
sh4.elf

Overview

General Information

Sample name: sh4.elf
Analysis ID: 1541347
MD5: 021ff60806f15abc05f2c15d7f78ad22
SHA1: 78321f3866c93255c345d8b97fe3b4f6c553b28f
SHA256: a910f3e49c14af9df274e7a3c63c65751d4ad3b129f08005ace51ffb13a09f81
Tags: elfuser-abuse_ch

Detection

Score: 0
Range: 0 - 100
Whitelisted: false

Signatures

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Source: classification engine Classification label: clean0.linELF@0/0@0/0
Source: /tmp/sh4.elf (PID: 5490) Queries kernel information via 'uname': Jump to behavior
Source: sh4.elf, 5490.1.00007ffeb7733000.00007ffeb7754000.rw-.sdmp Binary or memory string: /usr/bin/qemu-sh4
Source: sh4.elf, 5490.1.00005572ba1f3000.00005572ba256000.rw-.sdmp Binary or memory string: rU5!/etc/qemu-binfmt/sh4
Source: sh4.elf, 5490.1.00005572ba1f3000.00005572ba256000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/sh4
Source: sh4.elf, 5490.1.00007ffeb7733000.00007ffeb7754000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sh4.elf
No contacted IP infos