Report #1183 check_circle

  • Creation Date: Nov. 16, 2019, 4:37 p.m.
  • Last Update: Nov. 16, 2019, 7:26 p.m.
  • File: function-parameter2.bin
  • Results:
Binary
ABI
ELFOSABI_SYSV
Size
8.40KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
64
Architecture
x64
Hashes
md5
a7cacf30e14f0c67b07a6eaf207eb93e
sha1
1163744cab416e12ff20a68c8003b24826d60ee9
crc32
0xa25018ee
sha224
2317534c838e24081590984e95eb53d2606ae773672265bbc21a4c80
sha256
226860d2a36585c7afdd2bc4f77751cfc6bcd918feac0909a3a9c9dcc623d052
sha384
05a16213f6261e304f9c4d926ebec28d33699267dc3f61a1084dd2c0ed9d2dc0d3cfe16cdab8e2670a6efc4824775717
sha512
df13568dd2d95bd1c61bc01ab39e1dc0324f4276c38150cf75cd20300c59e2756008aaa6db662a59530f746ce3aa280e2e59305095172035375424de5275e87b
ssdeep
96:GzT89LoBW+wVYzMRSKIV+xOaOnOfjQ7IEuBW8DoBeSiy5rSN:Gz4gWrUbKIhOck1DoESi
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, is__elf

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc

Password

Suspicious
False cancel
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs
/lib64/ld-linux-x86-64.so.2
Mails

Suspicious
True check_circle
Strings
List
.note.gnu.build-id
.plt.got
.gnu.hash
libc.so.6
.rela.plt
.rela.dyn
.got.plt
/lib64/ld-linux-x86-64.so.2
_Jv_RegisterClasses
deregister_tm_clones
_ITM_registerTMCloneTable
_ITM_deregisterTMCloneTable
.comment
__FRAME_END__
GLIBC_2.2.5
_GLOBAL_OFFSET_TABLE_
_DYNAMIC
__JCR_END__
__TMC_END__
__JCR_LIST__
__frame_dummy_init_array_entry
frame_dummy
.dynamic
__gmon_start__
__gmon_start__
.note.ABI-tag
__GNU_EH_FRAME_HDR
.gnu.version
.shstrtab
.eh_frame
.eh_frame_hdr
.fini_array
.init_array
_IO_stdin_used
crtstuff.c
__libc_start_main
__init_array_start
__do_global_dtors_aux
.gnu.version_r
__dso_handle
__data_start
.rodata
__init_array_end
__libc_csu_init
__libc_csu_fini
.interp
__bss_start
.strtab
.symtab
_edata
.init
.fini
.dynstr
.dynsym
main
func
GCC: (Ubuntu 5.4.0-6ubuntu1~16.04.11) 5.4.0 20160609
completed.7594
__libc_start_main@@GLIBC_2.2.5
__do_global_dtors_aux_fini_array_entry
function-parameter2.c
g|RF
.data
AUATL
;*3$"
@8 @
UH-0
AWAVA
.text
.bss
.jcr
[]A\A]A^A_
( ,s+

Symbols
List
crtstuff.c, __JCR_LIST__, deregister_tm_clones, register_tm_clones, __do_global_dtors_aux, completed.7594, __do_global_dtors_aux_fini_array_entry, frame_dummy, __frame_dummy_init_array_entry, function-parameter2.c, crtstuff.c, __FRAME_END__, __JCR_END__, __init_array_end, _DYNAMIC, __init_array_start, __GNU_EH_FRAME_HDR, _GLOBAL_OFFSET_TABLE_, __libc_csu_fini, _ITM_deregisterTMCloneTable, data_start, _edata, _fini, __libc_start_main@@GLIBC_2.2.5, __data_start, __gmon_start__, __dso_handle, _IO_stdin_used, func, __libc_csu_init, _end, _start, __bss_start, main, _Jv_RegisterClasses, __TMC_END__, _ITM_registerTMCloneTable, _init
Number
67
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .interp, .note.ABI-tag, .note.gnu.build-id, .gnu.hash, .dynsym, .dynstr, .gnu.version, .gnu.version_r, .rela.dyn, .rela.plt, .init, .plt, .plt.got, .text, .fini, .rodata, .eh_frame_hdr, .eh_frame, .init_array, .fini_array, .jcr, .dynamic, .got, .got.plt, .data, .bss, .comment, .shstrtab, .symtab, .strtab
Number
31
Suspicious
False cancel
Segments
Number
9
Suspicious
False cancel
Compilers
List
GCC: (Ubuntu 5.4.0-6ubuntu1~16.04.11) 5.4.0 20160609
Identified
1
Suspicious
False cancel
Functions
List
, , __libc_start_main, @GLIBC_2.2.5 (2), __gmon_start__, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , crtstuff.c, , __JCR_LIST__, , deregister_tm_clones, , register_tm_clones, , __do_global_dtors_aux, , completed.7594, , __do_global_dtors_aux_fini_array_entry, , frame_dummy, , __frame_dummy_init_array_entry, , function-parameter2.c, , crtstuff.c, , __FRAME_END__, , __JCR_END__, , , , __init_array_end, , _DYNAMIC, , __init_array_start, , __GNU_EH_FRAME_HDR, , _GLOBAL_OFFSET_TABLE_, , __libc_csu_fini, , _ITM_deregisterTMCloneTable, , data_start, , _edata, , _fini, , __libc_start_main@@GLIBC_2.2.5, , __data_start, , __gmon_start__, , __dso_handle, , _IO_stdin_used, , func, , __libc_csu_init, , _end, , _start, , __bss_start, , main, , _Jv_RegisterClasses, , __TMC_END__, , _ITM_registerTMCloneTable, , _init,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x4003e0
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
56
Number
9
Offset
64
Section Header
Size
64
Number
31
Offset
6616
AVclass
None
1
VirusTotal
md5
a7cacf30e14f0c67b07a6eaf207eb93e
sha1
1163744cab416e12ff20a68c8003b24826d60ee9
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20191116
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20191116
version: 2019.9.16.1
detected: False cancel

Bkav
update: 20191116
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20191116
version: 11.78.32577
detected: False cancel

ALYac
update: 20191116
version: 1.1.1.5
detected: False cancel

Avast
update: 20191116
version: 18.4.3895.0
detected: False cancel

Avira
update: 20191116
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191116
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20191116
version: 7.0.41.7240
detected: False cancel

GData
update: 20191116
version: A:25.24004B:26.16672
detected: False cancel

Panda
update: 20191116
version: 4.6.4.2
detected: False cancel

VBA32
update: 20191116
version: 4.2.0
detected: False cancel

VIPRE
update: 20191116
version: 79374
detected: False cancel

Zoner
update: 20191116
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20191116
version: 0.102.0.0
detected: False cancel

Comodo
update: 20191116
version: 31730
detected: False cancel

F-Prot
update: 20191116
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20191116
version: 0.1.5.2
detected: False cancel

McAfee
update: 20191113
version: 6.0.6.653
detected: False cancel

Rising
update: 20191116
version: 25.0.0.24
detected: False cancel

Sophos
update: 20191116
version: 4.98.0
detected: False cancel

Yandex
update: 20191114
version: 5.5.2.24
detected: False cancel

Zillya
update: 20191115
version: 2.0.0.3952
detected: False cancel

Arcabit
update: 20191116
version: 1.0.0.861
detected: False cancel

FireEye
update: 20191116
version: 29.7.0.0
detected: False cancel

TACHYON
update: 20191116
version: 2019-11-16.02
detected: False cancel

Tencent
update: 20191116
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20191116
version: 2014.3.20.0
detected: False cancel

Ad-Aware
update: 20191116
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20191116
version: 4.2
detected: False cancel

Emsisoft
update: 20191031
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20191116
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20191116
version: 5.4.247.0
detected: False cancel

Jiangmin
update: 20191116
version: 16.0.100
detected: False cancel

Kingsoft
update: 20191116
version: 2013.8.14.323
detected: False cancel

Symantec
update: 20191116
version: 1.11.0.0
detected: False cancel

AhnLab-V3
update: 20191116
version: 3.16.4.25692
detected: False cancel

Antiy-AVL
update: 20191116
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20191116
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20191116
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20191116
version: 1.1.16500.1
detected: False cancel

Qihoo-360
update: 20191116
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20191116
version: 1.0
detected: False cancel

ESET-NOD32
update: 20191116
version: 20359
detected: False cancel

TrendMicro
update: 20191116
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20191116
version: 7.2
detected: False cancel

K7AntiVirus
update: 20191116
version: 11.78.32577
detected: False cancel

SentinelOne
update: 20191115
version: 1.0.31.33
detected: False cancel

Avast-Mobile
update: 20191115
version: 191114-10
detected: False cancel

Malwarebytes
update: 20191116
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20191116
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20191116
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20191116
version: 1.0.134.24859
detected: False cancel

BitDefenderTheta
update: 20191113
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20191116
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20191115
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20191116
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20191116
version: 10.0.0.1040
detected: False cancel

total
60
sha256
226860d2a36585c7afdd2bc4f77751cfc6bcd918feac0909a3a9c9dcc623d052
scan_id
226860d2a36585c7afdd2bc4f77751cfc6bcd918feac0909a3a9c9dcc623d052-1573939407
resource
a7cacf30e14f0c67b07a6eaf207eb93e
positives
0
scan_date
2019-11-16 21:23:27
verbose_msg
Scan finished, information embedded
response_code
1
Ltrace
Trace
4290__libc_start_main0x4004ed10x7ffd0aef41680x400510 4290 __libc_start_main(0x4004ed, 1, 0x7ffd0aef4168, 0x400510

Strace
Trace
4291execve"./malware"["./malware"][/* 15 vars */] 0
4291brkNULL 0xdbd000
4291access"/etc/ld.so.nohwcap"F_OK) = -1 ENOENT (No such file or directory -1 ENOENT (No such file or directory)
4291access"/etc/ld.so.preload"R_OK) = -1 ENOENT (No such file or directory -1 ENOENT (No such file or directory)
4291open"/etc/ld.so.cache"O_RDONLY|O_CLOEXEC 3
4291fstat3{st_mode=S_IFREG|0644, {st_mode=S_IFREG|0644, st_size=99075, st_size=99075, ...}...} 0
4291mmapNULL99075PROT_READMAP_PRIVATE30 0x7f03dfb40000
4291close3 0
4291access"/etc/ld.so.nohwcap"F_OK) = -1 ENOENT (No such file or directory -1 ENOENT (No such file or directory)
4291open"/lib/x86_64-linux-gnu/libc.so.6"O_RDONLY|O_CLOEXEC 3
4291read3"\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"...832 832
4291fstat3{st_mode=S_IFREG|0755, {st_mode=S_IFREG|0755, st_size=1868984, st_size=1868984, ...}...} 0
4291mmapNULL4096PROT_READ|PROT_WRITEMAP_PRIVATE|MAP_ANONYMOUS-10 0x7f03dfb3f000
4291mmapNULL3971488PROT_READ|PROT_EXECMAP_PRIVATE|MAP_DENYWRITE30 0x7f03df56a000
4291mprotect0x7f03df72a0002097152PROT_NONE 0
4291mmap0x7f03df92a00024576PROT_READ|PROT_WRITEMAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE30x1c0000 0x7f03df92a000
4291mmap0x7f03df93000014752PROT_READ|PROT_WRITEMAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS-10 0x7f03df930000
4291close3 0
4291mmapNULL4096PROT_READ|PROT_WRITEMAP_PRIVATE|MAP_ANONYMOUS-10 0x7f03dfb3e000
4291mmapNULL4096PROT_READ|PROT_WRITEMAP_PRIVATE|MAP_ANONYMOUS-10 0x7f03dfb3d000
4291arch_prctlARCH_SET_FS0x7f03dfb3e700 0
4291mprotect0x7f03df92a00016384PROT_READ 0
4291mprotect0x6000004096PROT_READ 0
4291mprotect0x7f03dfb590004096PROT_READ 0
4291munmap0x7f03dfb4000099075 0
4291exit_group4 ?

Analysis
Ltrace
Statically-compiled samples cannot be ltraced.

Reason
Timeout

Status
Sucess

Strace
Success

Results
True check_circle

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Binary
RF
confidence: 67.13%
suspicious: False cancel
MLP
confidence: 66.17%
suspicious: False cancel
SVM
confidence: 81.38%
suspicious: False cancel
Add to Collection
Download