Linux Analysis Report
xd.arm7.elf

Overview

General Information

Sample name: xd.arm7.elf
Analysis ID: 1669055
MD5: 9d901409865a22d0578788bd58250e19
SHA1: 77a3bf98ecc1c1a796446bc7382a21261175c377
SHA256: 53cd3e0f57e4da5638cba9961a5b49fae5207bc2918f42dbeec09ad9ddc5f1a3
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 60
Range: 0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: xd.arm7.elf Virustotal: Detection: 39% Perma Link
Source: xd.arm7.elf ReversingLabs: Detection: 44%
Source: global traffic TCP traffic: 192.168.2.23:60828 -> 209.141.33.93:5538
Source: /tmp/xd.arm7.elf (PID: 6212) Socket: 192.168.2.23:9473 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: unknown TCP traffic detected without corresponding DNS query: 209.141.33.93
Source: xd.arm7.elf String found in binary or memory: http://upx.sf.net
Source: unknown Network traffic detected: HTTP traffic on port 39246 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 39246
Source: unknown Network traffic detected: HTTP traffic on port 33608 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Source: 6212.1.00007fa498017000.00007fa498029000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: xd.arm7.elf PID: 6212, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappings Program segment: 0x8000
Source: 6212.1.00007fa498017000.00007fa498029000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: xd.arm7.elf PID: 6212, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engine Classification label: mal60.evad.linELF@0/51@0/0

Data Obfuscation

barindex
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /usr/sbin/logrotate (PID: 6263) Directory: //. Jump to behavior
Source: /usr/bin/find (PID: 6311) Directory: //. Jump to behavior
Source: /usr/bin/mandb (PID: 6326) Directory: /var/cache/man/.manpath Jump to behavior
Source: /usr/bin/dash (PID: 6342) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.qITcp3Q12J /tmp/tmp.O175aKJtiZ /tmp/tmp.FujIj6PsPc Jump to behavior
Source: /usr/bin/dash (PID: 6343) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.qITcp3Q12J /tmp/tmp.O175aKJtiZ /tmp/tmp.FujIj6PsPc Jump to behavior
Source: xd.arm7.elf Submission file: segment LOAD with 7.9522 entropy (max. 8.0)
Source: /tmp/xd.arm7.elf (PID: 6212) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/find (PID: 6311) Queries kernel information via 'uname': Jump to behavior
Source: 6326.21.dr Binary or memory string: -9915837702310A--gzvmware kernel module
Source: 6326.21.dr Binary or memory string: -1116261022170A--gzQEMU User Emulator
Source: 6326.21.dr Binary or memory string: qemu-or1k
Source: 6326.21.dr Binary or memory string: qemu-riscv64
Source: 6326.21.dr Binary or memory string: {cqemu
Source: 6326.21.dr Binary or memory string: qemu-arm
Source: xd.arm7.elf, 6212.1.00007ffd4e065000.00007ffd4e086000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/xd.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.arm7.elf
Source: 6326.21.dr Binary or memory string: (qemu
Source: 6326.21.dr Binary or memory string: qemu-tilegx
Source: 6326.21.dr Binary or memory string: qemu-hppa
Source: 6326.21.dr Binary or memory string: q{rqemu%
Source: 6326.21.dr Binary or memory string: )qemu
Source: 6326.21.dr Binary or memory string: vmware-toolbox-cmd
Source: 6326.21.dr Binary or memory string: qemu-ppc
Source: 6326.21.dr Binary or memory string: Tqemu9
Source: 6326.21.dr Binary or memory string: qemu-aarch64_be
Source: 6326.21.dr Binary or memory string: 0qemu9
Source: 6326.21.dr Binary or memory string: qemu-sparc64
Source: 6326.21.dr Binary or memory string: qemu-mips64
Source: 6326.21.dr Binary or memory string: vV:qemu9
Source: 6326.21.dr Binary or memory string: qemu-ppc64le
Source: 6326.21.dr Binary or memory string: <glib::param::uint64Glib::Param::UInt643pm315820097650A--gzWrapper for uint64 parameters in GLibx86_64-linux-gnu-ld.gold-1116112426130B--gzThe GNU ELF linkerprinter-profile-1115804162510A--gzProfile using X-Rite ColorMunki and Argyll CMSgrub-fstest-1116214898500A--gzdebug tool for GRUB filesystem driversxdg-user-dir-1115483406210A--gzFind an XDG user dirkmodsign-1115569251480A--gzKernel module signing toolsensible-editor-1115739932820A--gzsensible editing, paging, and web browsingminesMines6615854478170Cgnome-mines-gzinputattach-1115708189280A--gzattach a serial line to an input-layer devicegapplication-1116155671180A--gzD-Bus application launcherip-tunnel-8815816145190A--gztunnel configurationkoi8rxterm-1116140167530A--gzX terminal emulator for KOI8-R environmentsfoo2hiperc-wrapper-1115804162510A-tgzConvert Postscript into a HIPERC printer streamcryptsetup-reencrypt-8816002888050A--gztool for offline LUKS device re-encryptionsyndaemon-1115861716810A--gza program that monitors keyboard activity and disables the touchpad when the keyboard is being used.gslj-1115980290200B--gzFormat and print text for LaserJet printer using ghostscriptfile2brl-1115757179490A--gzTranslate an xml or a text file into an embosser-ready braille filexfdesktop-settings-1115793419820A--gzDesktop settings for Xfceua-1115856013570B--gzManage Ubuntu Advantage services from Canonicallatin4-7715812813670B--gzISO 8859-4 character set encoded in octal, decimal, and hexadecimalsane-genesys-5516003468200A--gzSANE backend for GL646, GL841, GL843, GL847 and GL124 based USB flatbed scannerspdftohtml-1115853266670A--gzprogram to convert PDF files into HTML, XML and PNG imagesbluetooth-sendto-1116015653360A--gzGTK application for transferring files over Bluetoothqemu-ppc64-1116261022170B--gzQEMU User Emulatorcache_metadata_size-8815811608350A--gzEstimate the size of the metadata device needed for a given configuration.net::dbus::exporterNet::DBus::Exporter3pm315773746310A--gzExport object methods and signals to the bussane-pint-5516003468200A--gzSANE backend for scanners that use the PINT device driverbpf-helpers7-7715812813670A--gzlist of eBPF helper functionsfull-4415812813670A--gzalways full devicelogin-1115906478670A--gzbegin session on the systemcups-snmp-8815877390340A--gzcups snmp backend (deprecated)ordchr-3am315728089600A--gzconvert characters to strings and vice versasosreport-1116092694050A--gzCollect and package diagnostic and support datatop-1115827827270A--gzdisplay Linux processesuri::_punycodeURI::_punycode3pm315811897880A--gzencodes Unicode string in Punycodettytty4tty1systemd-localed-8816268940210B--gzLocale bus mechanismlvmsadc-8815816289110
Source: 6326.21.dr Binary or memory string: vmware
Source: 6326.21.dr Binary or memory string: qemu-cris
Source: 6326.21.dr Binary or memory string: libvmtools
Source: 6326.21.dr Binary or memory string: qemu-m68k
Source: 6326.21.dr Binary or memory string: qemu-xtensa
Source: 6326.21.dr Binary or memory string: 9qemu
Source: 6326.21.dr Binary or memory string: qemu-sh4
Source: 6326.21.dr Binary or memory string: Dprezip-bin-1116269780060A--gzprefix zip delta word list compressor/decompressornameif-8815490444730A--gzname network interfaces based on MAC addressesxdg-user-dirs-update-1115483406210A--gzUpdate XDG user dir configurationip-link-8815816145190A--gznetwork device configurationhpsa-4415812813670A--gzHP Smart Array SCSI driverhd4-4415812813670A--gzMFM/IDE hard disk devicessane-canon630u-5516003468200A--gzSANE backend for the Canon 630u USB flatbed scannersg_copy_results-8815825816070A--gzsend SCSI RECEIVE COPY RESULTS command (XCOPY related)grub-macbless-8816214898500A--gzbless a mac file/directoryntfstruncate-8815568625640A-tgztruncate a file on an NTFS volumelessfile-1115936459130B--gz"input preprocessor" for less.sane-artec-5516003468200A--gzSANE backend for Artec flatbed scannersrmdir-1115676799200A--gzremove empty directoriessystemd-networkd-wait-online.service-8816268940210A--gzWait for network to come onlinemkfs.ntfs-8815568625640B-tgzcreate an NTFS file systemsg_inq-8815825816070A--gzissue SCSI INQUIRY command and/or decode its responseradattr.so-8815955079440Cpppd-radattr-gzc_rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valuestc-htb-8815816145190A--gzHierarchy Token Bucketgvfs-open-1115868766090A--gzsg_rbuf-8815825816070A--gzreads data using SCSI READ BUFFER commandglib-compile-schemas-1116155671180A--gzGSettings schema compileropenssl-srp-1ssl116164130370B--gzmaintain SRP password fileopenssl-rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valueslibvmtools-3315837702310A--gzvmware shared librarypasswd5-5515906478670A--gzthe password filenet::dbus::dumperNet::DBus::Dumper3pm315773746310A--gzStringify Net::DBus objects suitable for printingsane-hp4200-5516003468200A--gzSANE backend for Hewlett-Packard 4200 scannersposixoptions-7715812813670A--gzoptional parts of the POSIX standardnetworkmanager.confNetworkManager.conf5516002723180A--gzNetworkManager configuration fileownership-8815771238010A--gzCompaq ownership tag retrieveroakdecode-1115804162510A--gzDecode an OAKT printer stream into human readable form.gvfs-save-1115868766090A--gzmkfs.minix-8815953177680A--gzmake a Minix filesystemuri7-7715812813670A--gzuniform resource identifier (URI), including a URL or URNedit-1115714399500B--gzexecute programs via entries in the mailcap filegit-diff-files-1116148628880A--gzCompares files in the working tree and the index.ldaprc-5516136581350Cldap.conf-gzpactl-1116219586470A--gzControl a running PulseAudio sound servertempfile-1115756848240A--gzcreate a temporary file in a safe mannerhp-check-1115857238880A--gzDependency/Vers
Source: xd.arm7.elf, 6212.1.000055fa01fd0000.000055fa0219e000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: 6326.21.dr Binary or memory string: .qemu{
Source: 6326.21.dr Binary or memory string: qemu-ppc64abi32
Source: 6326.21.dr Binary or memory string: qemu-ppc64
Source: 6326.21.dr Binary or memory string: qemu-i386
Source: 6326.21.dr Binary or memory string: qemu-x86_64
Source: 6326.21.dr Binary or memory string: H~6\nqemu*q
Source: 6326.21.dr Binary or memory string: @qemu
Source: 6326.21.dr Binary or memory string: Fqqemu
Source: xd.arm7.elf, 6212.1.000055fa01fd0000.000055fa0219e000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: 6326.21.dr Binary or memory string: N4qemu
Source: 6326.21.dr Binary or memory string: ~6\nqemu*q
Source: 6326.21.dr Binary or memory string: qemu-mips64el
Source: 6326.21.dr Binary or memory string: hqemu
Source: 6326.21.dr Binary or memory string: &mqemu
Source: 6326.21.dr Binary or memory string: $qemu
Source: 6326.21.dr Binary or memory string: qemu-sparc
Source: 6326.21.dr Binary or memory string: qemu-microblaze
Source: 6326.21.dr Binary or memory string: qemu-user
Source: 6326.21.dr Binary or memory string: qemu-aarch64
Source: 6326.21.dr Binary or memory string: qemu-sh4eb
Source: 6326.21.dr Binary or memory string: iqemu
Source: 6326.21.dr Binary or memory string: qemu-mipsel
Source: 6326.21.dr Binary or memory string: qemuP`
Source: 6326.21.dr Binary or memory string: qemu-alpha
Source: 6326.21.dr Binary or memory string: qemu-microblazeel
Source: 6326.21.dr Binary or memory string: \qemu
Source: 6326.21.dr Binary or memory string: qemu-xtensaeb
Source: 6326.21.dr Binary or memory string: qemu-mipsn32el
Source: 6326.21.dr Binary or memory string: SAqemu
Source: 6326.21.dr Binary or memory string: Vqemu
Source: 6326.21.dr Binary or memory string: qemu-mipsn32
Source: 6326.21.dr Binary or memory string: qemuAU
Source: 6326.21.dr Binary or memory string: qemu-riscv32
Source: 6326.21.dr Binary or memory string: qemu-sparc32plus
Source: 6326.21.dr Binary or memory string: 7,qemu
Source: 6326.21.dr Binary or memory string: qemu-s390x
Source: 6326.21.dr Binary or memory string: vmware-checkvm
Source: 6326.21.dr Binary or memory string: qemu-nios2
Source: 6326.21.dr Binary or memory string: qemu-armeb
Source: 6326.21.dr Binary or memory string: -4415868968400A--gzVMware SVGA video driver
Source: 6326.21.dr Binary or memory string: 7xml::parser::style::streamXML::Parser::Style::Stream3pm315701248990A--gzStream style for XML::Parsersystemd-timedated-8816268940210B--gzTime and date bus mechanismxfce4-keyboard-settings-1115867081120A--gzKeyboard settings for Xfcepygettext2-1115841026830B--gzPython equivalent of xgettext(1)sudoedit-8816110660620B--gzexecute a command as another userintro7-7715812813670A--gzintroduction to overview and miscellany sectionsprof-1115812813670A--gzread and display shared object profiling datadhclient.conf-5516219398220A--gzDHCP client configuration filepam_group-8815953742440A--gzPAM module for group accesssystemd-ask-password-1116268940210A--gzQuery the user for a system passwordupdate-dictcommon-hunspell-8815422954860A--gzrebuild hunspell database and emacsen stuffqemu-nios2-1116261022170B--gzQEMU User Emulatorlwp::useragentLWP::UserAgent3pm315750405830A--gzWeb user agent classgpgcompose-1115838662460A--gzGenerate a stream of OpenPGP packetsecho-1115676799200A--gzdisplay a line of textio::socket::ssl::utilsIO::Socket::SSL::Utils3pm315817106800A--gz- loading, storing, creating certificates and keyscurl-1116268709580A--gztransfer a URLgetcap-8815819434600A--gzexamine file capabilitieszegrep-1115762517060B--gzsearch possibly compressed files for a regular expressiongrub-syslinux2cfg-1116214898500A--gztransform syslinux config into grub.cfgrtc-4415812813670A--gzreal-time clockglib::codegenGlib::CodeGen3pm315820097650A--gzcode generation utilities for Glib-based bindings.wpa_cli-8816146062790A--gzWPA command line clientiso_8859_3-7715812813670B--gzISO 8859-3 character set encoded in octal, decimal, and hexadecimaliso_8859-9-7715812813670A-tgzISO 8859-9 character set encoded in octal, decimal, and hexadecimallvextend-8815816289110A--gzAdd space to a logical volumeresolvectl-1116268940210A--gzResolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolverchgrp-1115676799200A--gzchange group ownershipsystemd-cgls-1116268940210A--gzRecursively show control group contentspygettext3.8-1113852085880A--gzPython equivalent of xgettext(1)ping4-8815804258830B--gzsend ICMP ECHO_REQUEST to network hostsidmapwb-8816000845410A--gzwinbind ID mapping plugin for cifs-utilsapturl-gtk-8815799493830B--gzgraphical apt-protocol interpreting package installersane-epsonds-5516003468200A--gzSANE backend for EPSON ESC/I-2 scannersgvfs-monitor-file-1115868766090A--gzrstart-1115829564830A--gza sample implementation of a Remote Start clientgit-stage-1116148628880A--gzAdd file contents to the staging areatc-pedit-8815816145190A--gzgeneric packet editor actioniptables-save-881582899
Source: 6326.21.dr Binary or memory string: I_qemu
Source: xd.arm7.elf, 6212.1.00007ffd4e065000.00007ffd4e086000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: 6326.21.dr Binary or memory string: -1116261022170B--gzQEMU User Emulator
Source: 6326.21.dr Binary or memory string: -3315837702310A--gzvmware shared library
Source: 6326.21.dr Binary or memory string: qemu-mips
Source: 6326.21.dr Binary or memory string: qemuj\
Source: 6326.21.dr Binary or memory string: {qemuQ&
Source: 6326.21.dr Binary or memory string: Wgnome-text-editor-111629209547491759146B--gztext editor for the GNOME Desktopx11::protocol::connection::filehandleX11::Protocol::Connection::FileHandle3pm314314075500A--gzPerl module base class for FileHandle-based X11 connectionshtbHTB8815816145190Ctc-htb-gzcifscreds-1116000845410A--gzmanage NTLM credentials in kernel keyringiwconfig-8815490049440A--gzconfigure a wireless network interfaceossl_store-file-7ssl716164130370A--gzThe store 'file' scheme loadertc-stab-8815816145190A--gzGeneric size table manipulationsnotifier-7715877390340A--gzcups notification interfaceqemu-arm-1116261022170B--gzQEMU User EmulatorgemfileGemfile5516263767190Cgemfile2.7-gzglib::object::subclassGlib::Object::Subclass3pm315820097650A--gzregister a perl class as a GObject classnetcat-111612200165426646725B--gzarbitrary TCP and UDP connections and listensdpkg::changelog::parseDpkg::Changelog::Parse3perl315849439740A--gzgeneric changelog parser for dpkg-parsechangelogmpris-proxy-1116243432320A--gzBluetooth mpris-proxybundle-pristine2.7-1116263767190A--gzRestores installed gems to their pristine conditionfsck.ext3-8815816604980B--gzcheck a Linux ext2/ext3/ext4 file systemvolname-1115625752510A--gzreturn volume nameiso-8859-9-7715812813670B--gzISO 8859-9 character set encoded in octal, decimal, and hexadecimalheadhead1HEAD1psd-4415812813670A--gzdriver for SCSI disk driveschrt-1115953177680A--gzmanipulate the real-time attributes of a processvcs-4415812813670A--gzvirtual console memorygit-upload-archive-1116148628880A--gzSend archive back to git-archivenet::dbus::binding::message::errorNet::DBus::Binding::Message::Error3pm315773746310A--gza message encoding a method call errorpkcs11.conf-5516097870510A--gzConfiguration files for PKCS#11 modulessfill-1115227593860A--gzsecure free disk and inode space wiper (secure_deletion toolkit)ldattach-8815953177680A--gzattach a line discipline to a serial linethin_restore-8815811608350A--gzrestore thin provisioning metadata file to device or file.phar.phar7.4-1116254980150B--gzPHAR (PHP archive) command line toolbundle-outdated2.7-1116263767190A--gzList installed gems with newer versions availablemail::addressMail::Address3pm315640244160A--gzparse mail addressesopenssl-ca-1ssl116164130370B--gzsample minimal CA applicationchardet3-1115765858900A--gzuniversal character encoding detectorerb2.7-1116263767190A--gzRuby Templatingchktrust-1115826667350A--gzCheck the trust of a PE executable.sg_raw-8815825816070A--gzsend arbitrary SCSI command to a devicegvfs-trash-1115868766090A--gzintro1-1115812813670A--gzintroduction to user commandsmailcap-5515714399500A--gzmetamail capabilities filegigoloGigolo1gig
Source: 6326.21.dr Binary or memory string: vmware-xferlogs
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs