Report #1592 check_circle

Binary
ABI
ELFOSABI_SYSV
Size
71.55KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
b98db8f669e73166ec41ec52d626a58b
sha1
d6b7e2d1471e59e379666d9f9b8d8bbb0486f62e
crc32
0x9c281189
sha224
6316f5ca1dd3d29d96617c5c673ccfb5d875aca311de97c31038ce2a
sha256
4f79f68fef559dcedc72d60105d5a1fe5c81f43f08a1eaa2aeb6d82879fb6a81
sha384
e59eefc3d3dd5706e2034d4550ec6154d2929e293b983dc49623a955f1fe35ab5ef92c8b46cb33f7d408d313097946d0
sha512
7e5eb46f185a2f8d3dca51f6777cd373745e079736f0ccd6c562c3e5ccdf79c5b25a99dcc07e034a47ac455b3496a8c585df1f14e5515c2332fec06c036e19bd
ssdeep
1536:9mMihLK3J9Wts80N4a3Dl0jQV5TaS35hGPz0Mpm7IVVcFjfpbA93:whL368s4a3Dl0WTp/CmkVVcFbpbA93
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, is__elf, IP

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/route
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs
23.94.164.176:666, Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2883.87 Safari/537.36, Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36, Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36, Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36, Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
URLs

Mails

Suspicious
True check_circle
Strings
List
23.94.164.176:666
%s %s HTTP/1.1
/etc/config/resolv.conf
.got.plt
/etc/resolv.conf
User-Agent: %s
Network is down
Machine is not on the network
No route to host
Host is down
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2883.87 Safari/537.36
Host: %s
been_there_done_that.3001
been_there_done_that
_fwrite.c
open.c
write.c
Transport endpoint is not connected
No such process
Block device required
Remote address changed
No such device or address
Operation now in progress
Too many links
No such device
fork failed
Connection reset by peer
Link has been severed
Object is remote
Is a named type file
Too many open files in system
Too many open files
.lib section in a.out corrupted
Cannot send after transport endpoint shutdown
Operation not permitted
recv: %s
8.8.8.8
dnslookup.c
Too many users
__GI_execl
__dns_lookup
__GI_fflush_unlocked
/etc/config/hosts
__libc_nanosleep
__GI_sleep
__open_nameservers
__nameserver
__socketcall
__GI_execve
__register_frame_info_bases
/etc/hosts
__GI_pipe
_Jv_RegisterClasses
__deregister_frame_info_bases
socket_connect
gethostbyname_r
gethostbyname.c
opennameservers.c
fflush_unlocked.c
__GI_nanosleep
nanosleep.c
read_etc_hosts_r.c
__socketcall.c
fflush_unlocked
socket.c
__nameservers
__read_etc_hosts_r
__open_etc_hosts
__get_hosts_byname_r
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
__GI_socket
sleep.c
sendHTTP
tcpcsum
commServer
pipe.c
Software caused connection abort
Socket operation on non-socket
inet_addr
currentServer
UserAgents
Identifier removed
Interrupted system call should be restarted
Operation already in progress
Address family not supported by protocol
Too many references: cannot splice
makeIPPacket
nameserver
Transport endpoint is already connected
random_poly_info
random.c
random_r
Permission denied
nanosleep
srandom_r
__GI_random_r
sendTCP

Symbols
List
libc/sysdeps/linux/i386/crti.S, crtstuff.c, __CTOR_LIST__, __DTOR_LIST__, __EH_FRAME_BEGIN__, __JCR_LIST__, completed.2429, p.2427, __do_global_dtors_aux, object.2482, frame_dummy, crtstuff.c, __CTOR_END__, __DTOR_END__, __FRAME_END__, __JCR_END__, __do_global_ctors_aux, initfini.c, libc/sysdeps/linux/i386/crtn.S, libc/sysdeps/linux/i386/crt1.S, bot.c, c, Q, i.4242, printchar, prints, printi, print, fdopen_pids, hextable, libc/sysdeps/linux/i386/vfork.S, __syscall_fcntl.c, __syscall_fcntl64.c, _exit.c, chdir.c, close.c, dup2.c, fork.c, getdtablesize.c, getpid.c, getrlimit.c, ioctl.c, open.c, pipe.c, read.c, select.c, setsid.c, sigprocmask.c, time.c, waitpid.c, write.c, isspace.c, toupper.c, __C_ctype_b.c, __C_ctype_toupper.c, __errno_location.c, puts.c, sprintf.c, vsnprintf.c, _stdio.c, _stdio_streams, __stdio_mutex_initializer.4160, _fixed_buffers, _wcommit.c, _vfprintf_internal.c, _charpad, _fp_out_narrow, spec_base.4370, prefix.4371, _ppfs_init.c, _ppfs_prepargs.c, _ppfs_setargs.c, _ppfs_parsespec.c, _promoted_size, type_codes, type_sizes, spec_flags.4372, qual_chars.4377, spec_chars.4373, spec_ranges.4374, spec_or_mask.4375, spec_and_mask.4376, fputc_unlocked.c, fputs_unlocked.c, fwrite_unlocked.c, memcpy.c, memset.c, strchr.c, strcpy.c, strlen.c, strnlen.c, strstr.c, __glibc_strerror_r.c, __xpg_strerror_r.c, unknown.1330, _string_syserrmsgs.c, bcopy.c, strtok.c, next_start.1278, isatty.c, tcgetattr.c, ntohl.c, inet_makeaddr.c, gethostbyname.c, buf.5162, h.5161, gethostbyname_r.c, connect.c, getsockname.c, getsockopt.c, recv.c, send.c, sendto.c, setsockopt.c, socket.c, sigaddset.c, sigempty.c, signal.c, sigsetops.c, malloc.c, __malloc_largebin_index, free.c, __malloc_trim, abort.c, mylock, been_there_done_that, rand.c, random.c, mylock, unsafe_state, randtbl, random_r.c, random_poly_info, atol.c, strtol.c, _stdlib_strto_l.c, exit.c, execl.c, sleep.c, sysconf.c, __uClibc_main.c, __pthread_return_0, __pthread_return_void, __check_one_fd, been_there_done_that.3001, sigaction.c, __restore_rt, __restore, __syscall_error.c, libc/sysdeps/linux/i386/mmap.S, __socketcall.c, __syscall_rt_sigaction.c, clock_getres.c, execve.c, getegid.c, geteuid.c, getgid.c, getpagesize.c, getuid.c, munmap.c, nanosleep.c, sbrk.c, wait4.c, errno.c, __h_errno_location.c, wcrtomb.c, wcsrtombs.c, wcsnrtombs.c, _WRITE.c, _fwrite.c, _trans2w.c, _load_inttype.c, _store_inttype.c, _uintmaxtostr.c, _fpmaxtostr.c, fmt, exp10_table, memchr.c, memmove.c, strncpy.c, mempcpy.c, memrchr.c, strtok_r.c, strpbrk.c, inet_aton.c, dnslookup.c, mylock, static_ns, static_id, opennameservers.c, get_hosts_byname_r.c, raise.c, dl-support.c, brk.c, kill.c, poll.c, fclose.c, fopen.c, fseeko.c, fseeko64.c, _adjust_pos.c, _fopen.c, _cs_funcs.c, fgets.c, fflush_unlocked.c, fgets_unlocked.c, strcmp.c, strncat.c, rawmemchr.c, strspn.c, strdup.c, ntop.c, inet_pton4, xdigits.3285, inet_ntop4, encodeh.c, decodeh.c, encodeq.c, lengthq.c, decodea.c, read_etc_hosts_r.c, llseek.c, tolower.c, __C_ctype_tolower.c, fgetc_unlocked.c, strcasecmp.c, encoded.c, decoded.c, lengthd.c, _READ.c, _rfill.c, _trans2r.c, __fini_array_end, __fini_array_start, __init_array_end, __preinit_array_end, _GLOBAL_OFFSET_TABLE_, __init_array_start, __preinit_array_start, __read_etc_hosts_r, __GI_execve, __libc_sigaction, strcpy, __GI_fcntl64, recvLine, __GI_sigaddset, __socketcall, __GI___ctype_b, __GI_memchr, __GI___glibc_strerror_r, waitpid, __open_nameservers, __GI_fopen, getrlimit, ioctl, _stdio_openlist_use_count, __GI_initstate_r, __GI_sigaction, strtok_r, __GI___C_ctype_toupper_data, __GI_time, getgid, sysconf, stdout, random, __GI_strdup, __GI_getpagesize, getdtablesize, __GI_h_errno, __length_question, __GI___ctype_toupper, __GI_strcasecmp, __GI_tolower, putc_unlocked, recv, connect, __encode_question, __GI___uClibc_fini, numpids, __encode_header, __GI_strncat, sigemptyset, __pthread_mutex_lock, initConnection, __sigdelset, __GI_clock_getres, __uClibc_fini, memrchr, geteuid, inet_pton, __GI_vsnprintf, __GI_setsid, memmove, sendTCP, __bsd_signal, __GI_strpbrk, __stdio_trans2r_o, munmap, __GI_setsockopt, __libc_stack_end, __GI_fclose, __GI_wcsnrtombs, __GI_pipe, _uintmaxtostr, __libc_fcntl, atol, _h_errno, getc_unlocked, __ctype_b, __GI_random_r, errno, getegid, __GI_sbrk, zprintf, __GI___uClibc_init, execve, getpagesize, getpid, __GI_lseek64, setstate_r, fgets, getHost, __libc_getpid, wildString, __xpg_strerror_r, fcntl64, memcpy, makeRandomStr, getRandomIP, __GI_fputs_unlocked, execl, __GI_fgets, sendHTTP, creat, _stdio_openlist_dec_use, __libc_select, _ppfs_init, puts, __GI___C_ctype_toupper, __GI_fgetc_unlocked, __libc_nanosleep, trim, __GI_fgets_unlocked, dup2, __pthread_mutex_init, tolower, getuid, __open_etc_hosts, malloc, isatty, sleep, __GI_atol, vsnprintf, __dns_lookup, __GI_read, __C_ctype_tolower, random_r, __dso_handle, clock_getres, gethostbyname_r, tcpcsum, fdpclose, socket, __GI_dup2, select, _pthread_cleanup_pop_restore, __GI_wcrtomb, __GI___libc_fcntl, __GI_memset, isspace, __stdio_seek, mempcpy, __GI_strcoll, __GI_write, __ctype_toupper, __libc_read, _string_syserrmsgs, __GI_open, __GI_strchr, __searchdomain, sigaddset, __GI_tcgetattr, __environ, mmap, wcsnrtombs, makeIPPacket, sockprintf, send, __fgetc_unlocked, abort, __GI_fcntl, __GI_wcsrtombs, __GI_fwrite_unlocked, __GI_getgid, srandom_r, _init, __GI_setstate_r, parseHex, strtol, pipe, __libc_lseek64, strnlen, rawmemchr, __GI_mempcpy, __malloc_state, __GI___C_ctype_b_data, __sigaddset, nanosleep, __GI_send, h_errno, __pthread_mutex_unlock, wait4, __register_frame_info_bases, __GI_exit, __app_fini, csum, __exit_cleanup, __GI_execl, __GI_srandom_r, __GI___ctype_tolower, write, environ, __GI_close, __resolv_lock, kill, fputs_unlocked, __pthread_mutex_trylock, __GI_brk, __GI_nanosleep, __GI_strtok, _stdio_openlist, __GI_sigprocmask, inet_addr, ntohl, __GI_fseek, ourIP, chdir, fseeko, _stdio_openlist_del_count, connectTimeout, __raise, setsockopt, bsd_signal, fseek, __GI_kill, __GI_strcmp, __GI_memmove, setstate, __decode_dotted, __stdio_READ, memchr, __GI_toupper, __pthread_initialize_minimal, __GI_recv, __stdin, stdin, __GI_isatty, _start, __deregister_frame_info_bases, strstr, __GI_ioctl, init_rand, rand, signal, read, __decode_header, __GI___h_errno_location, __GI_memcpy, strcoll, wcsrtombs, _stdio_user_locking, strncpy, strcasecmp, htonl, sendto, __C_ctype_toupper, __GI___C_ctype_b, __GI_gethostbyname_r, __GI_strncpy, __libc_send, __GI___xpg_strerror_r, currentServer, __GI___C_ctype_tolower, __GI_getrlimit, bcopy, __GI_strcpy, __GI_inet_ntop, strtok, __GI___fputc_unlocked, __stdio_adjust_position, malloc_trim, __GI_poll, _vfprintf_internal, fork, __stdio_rfill, strncat, gotIP, __GI_sleep, sigaction, __GI_gethostbyname, _dl_phdr, __GI_getc_unlocked, __GI___libc_fcntl64, __uClibc_init, __GI_munmap, _store_inttype, __length_dotted, __getpagesize, __GI_random, __syscall_error, __uclibc_progname, __GI_getegid, __GI_wait4, __malloc_lock, __uClibc_main, sbrk, __rtld_fini, __GI_fork, strdup, __libc_close, __GI_getpid, inet_aton, UserAgents, index, _pthread_cleanup_push_defer, processCmd, __sigismember, fopen, __bss_start, __libc_open, getOurIP, memset, __GI_socket, main, __glibc_strerror_r, listFork, __GI___C_ctype_tolower_data, __stdio_fwrite, srand, initstate, fclose, __syscall_rt_sigaction, ntohs, sendUDP, tcgetattr, __C_ctype_tolower_data, time, __GI_abort, poll, fdpopen, __get_hosts_byname_r, __stdio_init_mutex, __GI__exit, strcmp, __nameserver, data_start, __GI_sysconf, __h_errno_location, __GI_putc_unlocked, __C_ctype_b_data, __GI_inet_pton, gethostbyname, _stdio_fopen, _fini, __GI_chdir, __vfork, __GI_mmap, sprintf, fdgets, __get_pc_thunk_bx, strerror_r, __GI_select, __libc_waitpid, socket_connect, __GI_waitpid, _stdio_term, __decode_answer, __GI_signal, stderr, commServer, vfork, __C_ctype_b, srandom, _ppfs_setargs, __GI_sendto, __GI_sigemptyset, __libc_fork, __atexit_lock, rand_cmwc, __libc_fcntl64, getsockopt, __GI_fseeko64, fflush_unlocked, __stdio_wcommit, __GI___fgetc_unlocked, __nameservers, fwrite_unlocked, __pagesize, _stdio_openlist_add_lock, __GI_getdtablesize, _edata, __stdout, __GI_memrchr, __GI_fflush_unlocked, __GI_strstr, __searchdomains, _end, htons, _sigintr, _ppfs_prepargs, __GI_strspn, fgetc_unlocked, initstate_r, __GI_connect, __curbrk, __libc_poll, _dl_phnum, _fpmaxtostr, __errno_location, uppercase, _stdlib_strto_l, __GI___libc_open, exit, __stdio_WRITE, _stdio_init, __GI_geteuid, inet_ntop, brk, __C_ctype_toupper_data, _dl_aux_init, _errno, atoi, _stdio_openlist_del_lock, __GI_inet_aton, fgets_unlocked, _exit, szprintf, strspn, __libc_recv, __libc_creat, strlen, lseek64, open, toupper, __libc_write, __malloc_consolidate, _ppfs_parsespec, __GI_strtol, __GI_getuid, __GI_strtok_r, __GI_errno, __libc_sendto, __stdio_trans2w_o, __GI_vfork, strchr, __GI_rawmemchr, __GI_raise, __data_start, setsid, __GI_inet_addr, __encode_dotted, __GI_strnlen, _Jv_RegisterClasses, macAddress, __GI___errno_location, fputc_unlocked, fcntl, __GI_atoi, fseeko64, __GI_sprintf, __ctype_tolower, wcrtomb, __GI_getsockname, close, __libc_connect, __GI_strlen, mainCommSock, pids, strpbrk, _load_inttype, raise, free, sigprocmask, __fputc_unlocked, getsockname
Number
701
Reason
None
Suspicious
False cancel
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .eh_frame, .ctors, .dtors, .jcr, .got.plt, .data, .bss, .comment, .shstrtab, .symtab, .strtab
Number
16
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List
GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2, GCC: (GNU) 4.1.2
Identified
161
Suspicious
True check_circle
Functions
List
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , libc/sysdeps/linux/i386/crti.S, , crtstuff.c, , __CTOR_LIST__, , __DTOR_LIST__, , __EH_FRAME_BEGIN__, , __JCR_LIST__, , completed.2429, , p.2427, , __do_global_dtors_aux, , object.2482, , frame_dummy, , crtstuff.c, , __CTOR_END__, , __DTOR_END__, , __FRAME_END__, , __JCR_END__, , __do_global_ctors_aux, , initfini.c, , libc/sysdeps/linux/i386/crtn.S, , libc/sysdeps/linux/i386/crt1.S, , bot.c, , c, , Q, , i.4242, , printchar, , prints, , printi, , print, , fdopen_pids, , hextable, , libc/sysdeps/linux/i386/vfork.S, , __syscall_fcntl.c, , __syscall_fcntl64.c, , _exit.c, , chdir.c, , close.c, , dup2.c, , fork.c, , getdtablesize.c, , getpid.c, , getrlimit.c, , ioctl.c, , open.c, , pipe.c, , read.c, , select.c, , setsid.c, , sigprocmask.c, , time.c, , waitpid.c, , write.c, , isspace.c, , toupper.c, , __C_ctype_b.c, , __C_ctype_toupper.c, , __errno_location.c, , puts.c, , sprintf.c, , vsnprintf.c, , _stdio.c, , _stdio_streams, , __stdio_mutex_initializer.4160, , _fixed_buffers, , _wcommit.c, , _vfprintf_internal.c, , _charpad, , _fp_out_narrow, , spec_base.4370, , prefix.4371, , _ppfs_init.c, , _ppfs_prepargs.c, , _ppfs_setargs.c, , _ppfs_parsespec.c, , _promoted_size, , type_codes, , type_sizes, , spec_flags.4372, , qual_chars.4377, , spec_chars.4373, , spec_ranges.4374, , spec_or_mask.4375, , spec_and_mask.4376, , fputc_unlocked.c, , fputs_unlocked.c, , fwrite_unlocked.c, , memcpy.c, , memset.c, , strchr.c, , strcpy.c, , strlen.c, , strnlen.c, , strstr.c, , __glibc_strerror_r.c, , __xpg_strerror_r.c, , unknown.1330, , _string_syserrmsgs.c, , bcopy.c, , strtok.c, , next_start.1278, , isatty.c, , tcgetattr.c, , ntohl.c, , inet_makeaddr.c, , gethostbyname.c, , buf.5162, , h.5161, , gethostbyname_r.c, , connect.c, , getsockname.c, , getsockopt.c, , recv.c, , send.c, , sendto.c, , setsockopt.c, , socket.c, , sigaddset.c, , sigempty.c, , signal.c, , sigsetops.c, , malloc.c, , __malloc_largebin_index, , free.c, , __malloc_trim, , abort.c, , mylock, , been_there_done_that, , rand.c, , random.c, , mylock, , unsafe_state, , randtbl, , random_r.c, , random_poly_info, , atol.c, , strtol.c, , _stdlib_strto_l.c, , exit.c, , execl.c, , sleep.c, , sysconf.c, , __uClibc_main.c, , __pthread_return_0, , __pthread_return_void, , __check_one_fd, , been_there_done_that.3001, , sigaction.c, , __restore_rt, , __restore, , __syscall_error.c, , libc/sysdeps/linux/i386/mmap.S, , __socketcall.c, , __syscall_rt_sigaction.c, , clock_getres.c, , execve.c, , getegid.c, , geteuid.c, , getgid.c, , getpagesize.c, , getuid.c, , munmap.c, , nanosleep.c, , sbrk.c, , wait4.c, , errno.c, , __h_errno_location.c, , wcrtomb.c, , wcsrtombs.c, , wcsnrtombs.c, , _WRITE.c, , _fwrite.c, , _trans2w.c, , _load_inttype.c, , _store_inttype.c, , _uintmaxtostr.c, , _fpmaxtostr.c, , fmt, , exp10_table, , memchr.c, , memmove.c, , strncpy.c, , mempcpy.c, , memrchr.c, , strtok_r.c, , strpbrk.c, , inet_aton.c, , dnslookup.c, , mylock, , static_ns, , static_id, , opennameservers.c, , get_hosts_byname_r.c, , raise.c, , dl-support.c, , brk.c, , kill.c, , poll.c, , fclose.c, , fopen.c, , fseeko.c, , fseeko64.c, , _adjust_pos.c, , _fopen.c, , _cs_funcs.c, , fgets.c, , fflush_unlocked.c, , fgets_unlocked.c, , strcmp.c, , strncat.c, , rawmemchr.c, , strspn.c, , strdup.c, , ntop.c, , inet_pton4, , xdigits.3285, , inet_ntop4, , encodeh.c, , decodeh.c, , encodeq.c, , lengthq.c, , decodea.c, , read_etc_hosts_r.c, , llseek.c, , tolower.c, , __C_ctype_tolower.c, , fgetc_unlocked.c, , strcasecmp.c, , encoded.c, , decoded.c, , lengthd.c, , _READ.c, , _rfill.c, , _trans2r.c, , __fini_array_end, , __fini_array_start, , __init_array_end, , __preinit_array_end, , _GLOBAL_OFFSET_TABLE_, , __init_array_start, , __preinit_array_start, , __read_etc_hosts_r, , __GI_execve, , __libc_sigaction, , strcpy, , __GI_fcntl64, , recvLine, , __GI_sigaddset, , __socketcall, , __GI___ctype_b, , __GI_memchr, , __GI___glibc_strerror_r, , waitpid, , __open_nameservers, , __GI_fopen, , getrlimit, , ioctl, , _stdio_openlist_use_count, , __GI_initstate_r, , __GI_sigaction, , strtok_r, , __GI___C_ctype_toupper_data, , __GI_time, , getgid, , sysconf, , stdout, , random, , __GI_strdup, , __GI_getpagesize, , getdtablesize, , __GI_h_errno, , __length_question, , __GI___ctype_toupper, , __GI_strcasecmp, , __GI_tolower, , putc_unlocked, , recv, , connect, , __encode_question, , __GI___uClibc_fini, , numpids, , __encode_header, , __GI_strncat, , sigemptyset, , __pthread_mutex_lock, , initConnection, , __sigdelset, , __GI_clock_getres, , __uClibc_fini, , memrchr, , geteuid, , inet_pton, , __GI_vsnprintf, , __GI_setsid, , memmove, , sendTCP, , __bsd_signal, , __GI_strpbrk, , __stdio_trans2r_o, , munmap, , __GI_setsockopt, , __libc_stack_end, , __GI_fclose, , __GI_wcsnrtombs, , __GI_pipe, , _uintmaxtostr, , __libc_fcntl, , atol, , _h_errno, , getc_unlocked, , __ctype_b, , __GI_random_r, , errno, , getegid, , __GI_sbrk, , zprintf, , __GI___uClibc_init, , execve, , getpagesize, , getpid, , __GI_lseek64, , setstate_r, , fgets, , getHost, , __libc_getpid, , wildString, , __xpg_strerror_r, , fcntl64, , memcpy, , makeRandomStr, , getRandomIP, , __GI_fputs_unlocked, , execl, , __GI_fgets, , sendHTTP, , creat, , _stdio_openlist_dec_use, , __libc_select, , _ppfs_init, , puts, , __GI___C_ctype_toupper, , __GI_fgetc_unlocked, , __libc_nanosleep, , trim, , __GI_fgets_unlocked, , dup2, , __pthread_mutex_init, , tolower, , getuid, , __open_etc_hosts, , malloc, , isatty, , sleep, , __GI_atol, , vsnprintf, , __dns_lookup, , __GI_read, , __C_ctype_tolower, , random_r, , __dso_handle, , clock_getres, , gethostbyname_r, , tcpcsum, , fdpclose, , socket, , __GI_dup2, , select, , _pthread_cleanup_pop_restore, , __GI_wcrtomb, , __GI___libc_fcntl, , __GI_memset, , isspace, , __stdio_seek, , mempcpy, , __GI_strcoll, , __GI_write, , __ctype_toupper, , __libc_read, , _string_syserrmsgs, , __GI_open, , __GI_strchr, , __searchdomain, , sigaddset, , __GI_tcgetattr, , __environ, , mmap, , wcsnrtombs, , makeIPPacket, , sockprintf, , send, , __fgetc_unlocked, , abort, , __GI_fcntl, , __GI_wcsrtombs, , __GI_fwrite_unlocked, , __GI_getgid, , srandom_r, , _init, , __GI_setstate_r, , parseHex, , strtol, , pipe, , __libc_lseek64, , strnlen, , rawmemchr, , __GI_mempcpy, , __malloc_state, , __GI___C_ctype_b_data, , __sigaddset, , nanosleep, , __GI_send, , h_errno, , __pthread_mutex_unlock, , wait4, , __register_frame_info_bases, , __GI_exit, , __app_fini, , csum, , __exit_cleanup, , __GI_execl, , __GI_srandom_r, , __GI___ctype_tolower, , write, , environ, , __GI_close, , __resolv_lock, , kill, , fputs_unlocked, , __pthread_mutex_trylock, , __GI_brk, , __GI_nanosleep, , __GI_strtok, , _stdio_openlist, , __GI_sigprocmask, , inet_addr, , ntohl, , __GI_fseek, , ourIP, , chdir, , fseeko, , _stdio_openlist_del_count, , connectTimeout, , __raise, , setsockopt, , bsd_signal, , fseek, , __GI_kill, , __GI_strcmp, , __GI_memmove, , setstate, , __decode_dotted, , __stdio_READ, , memchr, , __GI_toupper, , __pthread_initialize_minimal, , __GI_recv, , __stdin, , stdin, , __GI_isatty, , _start, , __deregister_frame_info_bases, , strstr, , __GI_ioctl, , init_rand, , rand, , signal, , read, , __decode_header, , __GI___h_errno_location, , __GI_memcpy, , strcoll, , wcsrtombs, , _stdio_user_locking, , strncpy, , strcasecmp, , htonl, , sendto, , __C_ctype_toupper, , __GI___C_ctype_b, , __GI_gethostbyname_r, , __GI_strncpy, , __libc_send, , __GI___xpg_strerror_r, , currentServer, , __GI___C_ctype_tolower, , __GI_getrlimit, , bcopy, , __GI_strcpy, , __GI_inet_ntop, , strtok, , __GI___fputc_unlocked, , __stdio_adjust_position, , malloc_trim, , __GI_poll, , _vfprintf_internal, , fork, , __stdio_rfill, , strncat, , gotIP, , __GI_sleep, , sigaction, , __GI_gethostbyname, , _dl_phdr, , __GI_getc_unlocked, , __GI___libc_fcntl64, , __uClibc_init, , __GI_munmap, , _store_inttype, , __length_dotted, , __getpagesize, , __GI_random, , __syscall_error, , __uclibc_progname, , __GI_getegid, , __GI_wait4, , __malloc_lock, , __uClibc_main, , sbrk, , __rtld_fini, , __GI_fork, , strdup, , __libc_close, , __GI_getpid, , inet_aton, , UserAgents, , index, , _pthread_cleanup_push_defer, , processCmd, , __sigismember, , fopen, , __bss_start, , __libc_open, , getOurIP, , memset, , __GI_socket, , main, , __glibc_strerror_r, , listFork, , __GI___C_ctype_tolower_data, , __stdio_fwrite, , srand, , initstate, , fclose, , __syscall_rt_sigaction, , ntohs, , sendUDP, , tcgetattr, , __C_ctype_tolower_data, , time, , __GI_abort, , poll, , fdpopen, , __get_hosts_byname_r, , __stdio_init_mutex, , __GI__exit, , strcmp, , __nameserver, , data_start, , __GI_sysconf, , __h_errno_location, , __GI_putc_unlocked, , __C_ctype_b_data, , __GI_inet_pton, , gethostbyname, , _stdio_fopen, , _fini, , __GI_chdir, , __vfork, , __GI_mmap, , sprintf, , fdgets, , __get_pc_thunk_bx, , strerror_r, , __GI_select, , __libc_waitpid, , socket_connect, , __GI_waitpid, , _stdio_term, , __decode_answer, , __GI_signal, , stderr, , commServer, , vfork, , __C_ctype_b, , srandom, , _ppfs_setargs, , __GI_sendto, , __GI_sigemptyset, , __libc_fork, , __atexit_lock, , rand_cmwc, , __libc_fcntl64, , getsockopt, , __GI_fseeko64, , fflush_unlocked, , __stdio_wcommit, , __GI___fgetc_unlocked, , __nameservers, , fwrite_unlocked, , __pagesize, , _stdio_openlist_add_lock, , __GI_getdtablesize, , _edata, , __stdout, , __GI_memrchr, , __GI_fflush_unlocked, , __GI_strstr, , __searchdomains, , _end, , htons, , _sigintr, , _ppfs_prepargs, , __GI_strspn, , fgetc_unlocked, , initstate_r, , __GI_connect, , __curbrk, , __libc_poll, , _dl_phnum, , _fpmaxtostr, , __errno_location, , uppercase, , _stdlib_strto_l, , __GI___libc_open, , exit, , __stdio_WRITE, , _stdio_init, , __GI_geteuid, , inet_ntop, , brk, , __C_ctype_toupper_data, , _dl_aux_init, , _errno, , atoi, , _stdio_openlist_del_lock, , __GI_inet_aton, , fgets_unlocked, , _exit, , szprintf, , strspn, , __libc_recv, , __libc_creat, , strlen, , lseek64, , open, , toupper, , __libc_write, , __malloc_consolidate, , _ppfs_parsespec, , __GI_strtol, , __GI_getuid, , __GI_strtok_r, , __GI_errno, , __libc_sendto, , __stdio_trans2w_o, , __GI_vfork, , strchr, , __GI_rawmemchr, , __GI_raise, , __data_start, , setsid, , __GI_inet_addr, , __encode_dotted, , __GI_strnlen, , _Jv_RegisterClasses, , macAddress, , __GI___errno_location, , fputc_unlocked, , fcntl, , __GI_atoi, , fseeko64, , __GI_sprintf, , __ctype_tolower, , wcrtomb, , __GI_getsockname, , close, , __libc_connect, , __GI_strlen, , mainCommSock, , pids, , strpbrk, , _load_inttype, , raise, , free, , sigprocmask, , __fputc_unlocked, , getsockname,
Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048168
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
16
Offset
52900
AVclass
scarsi
1
VirusTotal
md5
b98db8f669e73166ec41ec52d626a58b
sha1
d6b7e2d1471e59e379666d9f9b8d8bbb0486f62e
SCANS (DETECTION RATE = 29.09%)
AVG
result: Linux/Fgt
update: 20170518
version: 16.0.0.4776
detected: True check_circle

CMC
update: 20170517
version: 1.1.0.977
detected: False cancel

Bkav
update: 20170518
version: 1.3.0.8876
detected: False cancel

K7GW
update: 20170518
version: 10.13.23372
detected: False cancel

ALYac
update: 20170518
version: 1.0.1.9
detected: False cancel

Avast
result: ELF:DDoS-Y [Trj]
update: 20170518
version: 8.0.1489.320
detected: True check_circle

Avira
result: LINUX/Gafgyt.nopsy
update: 20170517
version: 8.3.3.4
detected: True check_circle

Baidu
update: 20170503
version: 1.0.0.2
detected: False cancel

Cyren
update: 20170518
version: 5.4.30.7
detected: False cancel

DrWeb
result: Linux.BackDoor.Fgt.44
update: 20170518
version: 7.0.28.2020
detected: True check_circle

GData
result: Linux.Trojan.Agent.WYYAF7
update: 20170518
version: A:25.12434B:25.9552
detected: True check_circle

Panda
update: 20170517
version: 4.6.4.2
detected: False cancel

VBA32
update: 20170517
version: 3.12.26.4
detected: False cancel

VIPRE
update: 20170517
version: 58160
detected: False cancel

Zoner
update: 20170518
version: 1.0
detected: False cancel

AVware
update: 20170518
version: 1.5.0.42
detected: False cancel

ClamAV
update: 20170518
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20170518
version: 27111
detected: True check_circle

F-Prot
update: 20170518
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Linux.Gafgyt
update: 20170517
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.dx
update: 20170518
version: 6.0.6.653
detected: True check_circle

Rising
update: 20170518
version: 28.0.0.1
detected: False cancel

Sophos
result: Linux/DDoS-BI
update: 20170517
version: 4.98.0
detected: True check_circle

Yandex
update: 20170517
version: 5.5.1.3
detected: False cancel

Zillya
update: 20170517
version: 2.0.0.3282
detected: False cancel

Arcabit
update: 20170518
version: 1.0.0.804
detected: False cancel

Tencent
update: 20170518
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20170517
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20170518
version: 1.0.0.207
detected: False cancel

Ad-Aware
update: 20170518
version: 3.0.3.1010
detected: False cancel

AegisLab
result: Linux.Fgt.Gen!c
update: 20170518
version: 4.2
detected: True check_circle

Emsisoft
update: 20170518
version: 4.0.0.834
detected: False cancel

F-Secure
update: 20170518
version: 11.0.19100.45
detected: False cancel

Fortinet
result: Malware_Generic.P0
update: 20170518
version: 5.4.233.0
detected: True check_circle

Jiangmin
update: 20170518
version: 16.0.100
detected: False cancel

Kingsoft
update: 20170518
version: 2013.8.14.323
detected: False cancel

Symantec
result: Trojan.Gen.NPE
update: 20170517
version: 1.3.1.0
detected: True check_circle

nProtect
update: 20170518
version: 2017-05-18.01
detected: False cancel

AhnLab-V3
update: 20170517
version: 3.9.0.17572
detected: False cancel

Kaspersky
update: 20170518
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20170518
version: 1.1.13704.0
detected: False cancel

Qihoo-360
result: Win32/Trojan.DDoS.1be
update: 20170518
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20170516
version: 6.8.0.5.1532
detected: False cancel

ZoneAlarm
update: 20170518
version: 1.0
detected: False cancel

ESET-NOD32
result: a variant of Linux/Gafgyt.AJE
update: 20170517
version: 15433
detected: True check_circle

TrendMicro
update: 20170517
version: 9.740.0.1012
detected: False cancel

BitDefender
update: 20170517
version: 7.2
detected: False cancel

K7AntiVirus
update: 20170517
version: 10.13.23372
detected: False cancel

Malwarebytes
update: 20170517
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20170517
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20170517
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.Gafgyt.eikqfj
update: 20170518
version: 1.0.76.16894
detected: True check_circle

MicroWorld-eScan
update: 20170518
version: 12.0.250.0
detected: False cancel

SUPERAntiSpyware
update: 20170518
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic.dx
update: 20170517
version: v2015
detected: True check_circle

total
55
sha256
4f79f68fef559dcedc72d60105d5a1fe5c81f43f08a1eaa2aeb6d82879fb6a81
scan_id
4f79f68fef559dcedc72d60105d5a1fe5c81f43f08a1eaa2aeb6d82879fb6a81-1495074162
resource
b98db8f669e73166ec41ec52d626a58b
positives
16
scan_date
2017-05-18 02:22:42
verbose_msg
Scan finished, information embedded
response_code
1
Ltrace
Trace

Strace
Trace
4291execve"./malware"["./malware"][/* 15 vars */] 0
4291ioctl0TCGETS0xfffc0e90) = -1 ENOTTY (Inappropriate ioctl for device -1 ENOTTY (Inappropriate ioctl for device)
4291ioctl1TCGETS0xfffc0e90) = -1 ENOTTY (Inappropriate ioctl for device -1 ENOTTY (Inappropriate ioctl for device)
4291timeNULL 1571351692
4291getpid 4291
4291timeNULL 1571351692
4291getpid 4291
4291socketPF_INETSOCK_DGRAMIPPROTO_IP 3
4291connect3{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4291getsockname3{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(54082), sin_port=htons(54082), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4291open"/proc/net/route"O_RDONLY 4
4291read4"I"1 1
4291read4"f"1 1
4291read4"a"1 1
4291read4"c"1 1
4291read4"e"1 1
4291read4"\t"1 1
4291read4"D"1 1
4291read4"e"1 1
4291read4"s"1 1
4291read4"t"1 1
4291read4"i"1 1
4291read4"n"1 1
4291read4"a"1 1
4291read4"t"1 1
4291read4"i"1 1
4291read4"o"1 1
4291read4"n"1 1
4291read4"\t"1 1
4291read4"G"1 1
4291read4"a"1 1
4291read4"t"1 1
4291read4"e"1 1
4291read4"w"1 1
4291read4"a"1 1
4291read4"y"1 1
4291read4" "1 1
4291read4"\t"1 1
4291read4"F"1 1
4291read4"l"1 1
4291read4"a"1 1
4291read4"g"1 1
4291read4"s"1 1
4291read4"\t"1 1
4291read4"R"1 1
4291read4"e"1 1
4291read4"f"1 1
4291read4"C"1 1
4291read4"n"1 1
4291read4"t"1 1
4291read4"\t"1 1
4291read4"U"1 1
4291read4"s"1 1
4291read4"e"1 1
4291read4"\t"1 1
4291read4"M"1 1
4291read4"e"1 1
4291read4"t"1 1
4291read4"r"1 1
4291read4"i"1 1
4291read4"c"1 1
4291read4"\t"1 1
4291read4"M"1 1
4291read4"a"1 1
4291read4"s"1 1
4291read4"k"1 1
4291read4"\t"1 1
4291read4"\t"1 1
4291read4"M"1 1
4291read4"T"1 1
4291read4"U"1 1
4291read4"\t"1 1
4291read4"W"1 1
4291read4"i"1 1
4291read4"n"1 1
4291read4"d"1 1
4291read4"o"1 1
4291read4"w"1 1
4291read4"\t"1 1
4291read4"I"1 1
4291read4"R"1 1
4291read4"T"1 1
4291read4"T"1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4"\n"1 1
4291read4"e"1 1
4291read4"n"1 1
4291read4"s"1 1
4291read4"3"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"1"1 1
4291read4"7"1 1
4291read4"A"1 1
4291read4"A"1 1
4291read4"8"1 1
4291read4"C"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"3"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"1"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4"\t"1 1
4291read4"0"1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4" "1 1
4291read4"\n"1 1
4291close4 0
4291ioctl3SIOCGIFHWADDR{ifr_name="ens3", {ifr_name="ens3", ifr_hwaddr=52:54:00:94:44:aa}ifr_hwaddr=52:54:00:94:44:aa} 0
4291close3 0
4291write1"M"1 1
4291write1"A"1 1
4291write1"C"1 1
4291write1":"1 1
4291write1" "1 1
4291write1"5"1 1
4291write1"2"1 1
4291write1":"1 1
4291write1"5"1 1
4291write1"4"1 1
4291write1":"1 1
4291write1"0"1 1
4291write1"0"1 1
4291write1":"1 1
4291write1"9"1 1
4291write1"4"1 1
4291write1":"1 1
4291write1"4"1 1
4291write1"4"1 1
4291write1":"1 1
4291write1"A"1 1
4291write1"A"1 1
4291write1"\n"1 1
4291fork 4292
4291wait442924291 wait4(4292,
4292fork 4293
4292exit0 ?
4291[{WIFEXITEDs) && WEXITSTATUS(s) == 0}]0NULL 4292
4291---4291 --- SIGCHLD {si_signo=SIGCHLDsi_code=CLD_EXITEDsi_pid=4292si_uid=1000si_status=0si_utime=0si_stime=0} --0} ---
4291exit0 ?
4293setsid 4293
4293chdir"/" 0
4293rt_sigactionSIGPIPE{SIG_IGN, {SIG_IGN, [PIPE], [PIPE]SA_RESTORER|SA_RESTART0x804eaff}{SIG_DFL, {SIG_DFL, [], []0}8 0
4293socketPF_INETSOCK_STREAMIPPROTO_IP 3
4293fcntl3F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4293fcntl3F_SETFLO_RDWR|O_NONBLOCK 0
4293connect3{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(666), sin_port=htons(666), sin_addr=inet_addr("23.94.164.176")}sin_addr=inet_addr("23.94.164.176")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4293_newselect4NULL[3]NULL 0 (Timeout)
4293rt_sigprocmaskSIG_BLOCK[CHLD][]8 0
4293rt_sigactionSIGCHLDNULL{SIG_DFL, {SIG_DFL, [], []0}8 0
4293rt_sigprocmaskSIG_SETMASK[]NULL8 0
4293nanosleep{5,{5, 577909547851579476}577909547851579476}0xfffbfa14 0
4293close3 0
4293socketPF_INETSOCK_STREAMIPPROTO_IP 3
4293fcntl3F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4293fcntl3F_SETFLO_RDWR|O_NONBLOCK 0
4293connect3{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(666), sin_port=htons(666), sin_addr=inet_addr("23.94.164.176")}sin_addr=inet_addr("23.94.164.176")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4293_newselect4NULL[3]NULL4293 _newselect(4, NULL, [3], NULL, {30, 8}

Analysis
Ltrace
Statically-compiled samples cannot be ltraced.

Reason
Timeout

Status
Sucess

Strace
Success

Results
True check_circle

DNS
Query

Response

TCP
Info
computer localhost:40710 arrow_forward 23.94.164.176:666
computer localhost:40708 arrow_forward 23.94.164.176:666

UDP
Info
computer localhost:5353 arrow_forward help_outline 224.0.0.251:5353

HTTP
Info

Summary
DNS
False cancel

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.95%
suspicious: True check_circle
SVM
confidence: 98.91%
suspicious: True check_circle
Add to Collection
Download