Edit tour

Linux Analysis Report
arm7-20231203-0928.elf

Overview

General Information

Sample Name:	arm7-20231203-0928.elf
Analysis ID:	1352513
MD5:	8864efb6b67623c9b5296b5218359249
SHA1:	3ec2c5ce91fc19616d1b019e7699432c3527d471
SHA256:	7a1fa85c527a3e1db5c7a6935099ae483e73624a73f91532dcf8eb440acf4351
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Contains symbols with names commonly found in malware

Yara signature match

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample and/or dropped files contains symbols with suspicious names

Sample listens on a socket

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1352513
Start date and time:	2023-12-03 10:39:57 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample file name:	arm7-20231203-0928.elf
Detection:	MAL
Classification:	mal76.troj.linELF@0/0@17/0

Runtime Messages

Command:	/tmp/arm7-20231203-0928.elf
PID:	6205
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	unstable_is_the_history_of_universe
Standard Error:

Process Tree

system is lnxubuntu20

arm7-20231203-0928.elf (PID: 6205, Parent: 6121, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7-20231203-0928.elf

arm7-20231203-0928.elf New Fork (PID: 6207, Parent: 6205)

arm7-20231203-0928.elf New Fork (PID: 6209, Parent: 6207)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
arm7-20231203-0928.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
arm7-20231203-0928.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10068:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1007c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10090:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10108:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1011c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10130:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10144:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10158:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1016c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10180:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10194:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6205.1.00007fd34002f000.00007fd340031000.rw-.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x108:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x144:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x180:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x194:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6205.1.00007fd340017000.00007fd340028000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10068:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1007c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10090:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x100f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10108:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1011c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10130:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10144:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10158:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1016c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10180:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10194:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x101f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: arm7-20231203-0928.elf PID: 6205	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x13ee6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13efa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f0e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f22:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f36:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f4a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f5e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f72:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f86:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13f9a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13fae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13fc2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13fd6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: arm7-20231203-0928.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: arm7-20231203-0928.elf	ReversingLabs: Detection: 67%
Source: arm7-20231203-0928.elf	Virustotal: Detection: 67%			Perma Link

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: global traffic

TCP traffic: 192.168.2.23:56516 -> 112.213.124.199:56999

Source: /tmp/arm7-20231203-0928.elf (PID: 6205)

Socket: 127.0.0.1::46157

Jump to behavior

Source: unknown

DNS traffic detected: queries for: botnet2.psscc.cn

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43

System Summary

Malicious sample detected (through community Yara rule)

Source: arm7-20231203-0928.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6205.1.00007fd34002f000.00007fd340031000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6205.1.00007fd340017000.00007fd340028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: arm7-20231203-0928.elf PID: 6205, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample	Name: attack.c
Source: ELF static info symbol of initial sample	Name: attack_get_opt_int
Source: ELF static info symbol of initial sample	Name: attack_get_opt_ip
Source: ELF static info symbol of initial sample	Name: attack_init
Source: ELF static info symbol of initial sample	Name: attack_kill_all
Source: ELF static info symbol of initial sample	Name: attack_method_nudp
Source: ELF static info symbol of initial sample	Name: attack_method_stdhex
Source: ELF static info symbol of initial sample	Name: attack_method_tcp
Source: ELF static info symbol of initial sample	Name: attack_ongoing
Source: ELF static info symbol of initial sample	Name: attack_parse

Source: arm7-20231203-0928.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6205.1.00007fd34002f000.00007fd340031000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6205.1.00007fd340017000.00007fd340028000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: arm7-20231203-0928.elf PID: 6205, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: arm7-20231203-0928.elf	ELF static info symbol of initial sample: __gnu_unwind_execute
Source: arm7-20231203-0928.elf	ELF static info symbol of initial sample: hexPayload

Source: classification engine

Classification label: mal76.troj.linELF@0/0@17/0

Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6230/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6232/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6231/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6233/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1582/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/3088/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1579/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1699/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1335/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1698/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1334/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1576/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/2302/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/910/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6227/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6226/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/912/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6229/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6228/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/2307/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/918/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1594/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1349/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1344/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1465/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1586/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/248/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/249/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1463/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/801/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/20/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/21/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1900/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/23/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/24/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/25/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/26/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/27/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/28/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/29/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/491/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/250/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/130/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/251/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/252/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/132/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/253/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/254/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/255/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/256/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1599/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/257/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1477/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/379/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/258/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1476/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/259/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/1475/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/arm7-20231203-0928.elf (PID: 6209)	File opened: /proc/30/cmdline	Jump to behavior

Source: /tmp/arm7-20231203-0928.elf (PID: 6205)

Queries kernel information via 'uname':

Jump to behavior

Source: arm7-20231203-0928.elf, 6205.1.00007fff4d665000.00007fff4d686000.rw-.sdmp	Binary or memory string: ^x86_64/usr/bin/qemu-arm/tmp/arm7-20231203-0928.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7-20231203-0928.elf
Source: arm7-20231203-0928.elf, 6205.1.00005648568bc000.0000564856a0b000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm7-20231203-0928.elf, 6205.1.00007fff4d665000.00007fff4d686000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: arm7-20231203-0928.elf, 6205.1.00005648568bc000.0000564856a0b000.rw-.sdmp	Binary or memory string: VHV!/etc/qemu-binfmt/arm

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: arm7-20231203-0928.elf, type: SAMPLE

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: arm7-20231203-0928.elf, type: SAMPLE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Standard Port	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	2 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
arm7-20231203-0928.elf	68%	ReversingLabs	Linux.Trojan.Mirai
arm7-20231203-0928.elf	68%	Virustotal		Browse
arm7-20231203-0928.elf	100%	Avira	EXP/ELF.Mirai.Gen.J

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
botnet2.psscc.cn	8%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
botnet2.psscc.cn	112.213.124.199	true	false	8%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
112.213.124.199	botnet2.psscc.cn	Hong Kong	38197	SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
109.202.202.202	x86_64-20231203-0928.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Linux.Mirai.29744.17563.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Linux.Mirai.1085.18302.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	j0lGr8krMR.elf	Get hash	malicious	Mirai	Browse
	q5ZB59lfi7.elf	Get hash	malicious	Mirai	Browse
	bot.x86.elf	Get hash	malicious	Mirai	Browse
	bot.arm5.elf	Get hash	malicious	Mirai	Browse
	xaarch64.elf	Get hash	malicious	Unknown	Browse
	eIsiU6BbPe.elf	Get hash	malicious	Mirai	Browse
	tvOnVQPlql.elf	Get hash	malicious	Mirai	Browse
	gjh7N6186u.elf	Get hash	malicious	Mirai	Browse
	arm7-20231201-1833.elf	Get hash	malicious	Unknown	Browse
	tgLEk39U	Get hash	malicious	Unknown	Browse
	rPmpxBOqv6.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	ZlokKccCkK.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	oLiCZWdCxX.elf	Get hash	malicious	Unknown	Browse
	hAr9ItLrN3.elf	Get hash	malicious	Unknown	Browse
112.213.124.199	x86_64-20231203-0928.elf	Get hash	malicious	Unknown	Browse
	5Hgh2qHKJN.elf	Get hash	malicious	Unknown	Browse
	J7acd48WGL.elf	Get hash	malicious	Unknown	Browse
	SePGbmCTYu.elf	Get hash	malicious	Unknown	Browse
	mips-20231125-2108.elf	Get hash	malicious	Unknown	Browse
	x86_64-20231125-2109.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	arm-20231125-2108.elf	Get hash	malicious	Unknown	Browse
	arm7-20231125-2109.elf	Get hash	malicious	Mirai	Browse
	x86-20231125-2108.elf	Get hash	malicious	Unknown	Browse
91.189.91.43	x86_64-20231203-0928.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Linux.Mirai.29744.17563.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Linux.Mirai.1085.18302.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	j0lGr8krMR.elf	Get hash	malicious	Mirai	Browse
	q5ZB59lfi7.elf	Get hash	malicious	Mirai	Browse
	bot.x86.elf	Get hash	malicious	Mirai	Browse
	bot.arm5.elf	Get hash	malicious	Mirai	Browse
	xaarch64.elf	Get hash	malicious	Unknown	Browse
	eIsiU6BbPe.elf	Get hash	malicious	Mirai	Browse
	tvOnVQPlql.elf	Get hash	malicious	Mirai	Browse
	gjh7N6186u.elf	Get hash	malicious	Mirai	Browse
	arm7-20231201-1833.elf	Get hash	malicious	Unknown	Browse
	tgLEk39U	Get hash	malicious	Unknown	Browse
	rPmpxBOqv6.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	ZlokKccCkK.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	oLiCZWdCxX.elf	Get hash	malicious	Unknown	Browse
	hAr9ItLrN3.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
botnet2.psscc.cn	x86_64-20231203-0928.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	5Hgh2qHKJN.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	J7acd48WGL.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	SePGbmCTYu.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	mips-20231125-2108.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	x86_64-20231125-2109.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	mpsl.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	arm-20231125-2108.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	arm7-20231125-2109.elf	Get hash	malicious	Mirai	Browse	112.213.124.199
	x86-20231125-2108.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	arm7.elf	Get hash	malicious	Mirai	Browse	155.159.49.46
	x86.elf	Get hash	malicious	Unknown	Browse	155.159.49.46
	arm.elf	Get hash	malicious	Unknown	Browse	155.159.49.46
	x86	Get hash	malicious	Unknown	Browse	185.216.71.192
	db0fa4b8db0333367e9bda3ab68b8042.x86.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.216.71.192
	meihao.mips	Get hash	malicious	Mirai	Browse	185.216.71.192
	OvSIeMPZTh.elf	Get hash	malicious	Mirai	Browse	185.216.71.192
	ka6rCmpBqI.elf	Get hash	malicious	Mirai	Browse	185.216.71.192
	FMhnJ7YjIw.elf	Get hash	malicious	Mirai	Browse	185.216.71.192
	7Ocsa4MHYx.elf	Get hash	malicious	Mirai	Browse	185.216.71.192

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	arm6-20231203-0928.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	x86_64-20231203-0928.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Trojan.Linux.Mirai.29744.17563.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Trojan.Linux.Mirai.1085.18302.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	j0lGr8krMR.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	q5ZB59lfi7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	bot.x86.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	bot.arm7.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	bot.arm5.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	xaarch64.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	KKb8ltPB5k.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	eIsiU6BbPe.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	tvOnVQPlql.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	gjh7N6186u.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	arm7-20231201-1833.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	tgLEk39U	Get hash	malicious	Unknown	Browse	91.189.91.42
	rPmpxBOqv6.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ZlokKccCkK.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong	x86_64-20231203-0928.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	HURNER_Schweisstechni_L.L.C.exe	Get hash	malicious	FormBook, GuLoader	Browse	121.127.232.43
	PO88393.pdf.pif.exe	Get hash	malicious	FormBook	Browse	103.41.65.167
	Burjeel__Royal__pdf.exe	Get hash	malicious	FormBook, GuLoader	Browse	121.127.232.43
	5Hgh2qHKJN.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	J7acd48WGL.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	SePGbmCTYu.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	mips-20231125-2108.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	x86_64-20231125-2109.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	mpsl.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	arm-20231125-2108.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	arm7-20231125-2109.elf	Get hash	malicious	Mirai	Browse	112.213.124.199
	x86-20231125-2108.elf	Get hash	malicious	Unknown	Browse	112.213.124.199
	https://jibunbsek.top/	Get hash	malicious	Unknown	Browse	121.127.246.223
	0ecjn167WS.dll	Get hash	malicious	Nitol	Browse	112.213.101.150
	https://jibunbank.top/	Get hash	malicious	Unknown	Browse	121.127.246.223
	https://www.fnecpecaoqd170.com/	Get hash	malicious	Unknown	Browse	103.1.40.49
	KkzgaSDVyO.dll	Get hash	malicious	Nitol	Browse	223.26.52.70
	https://www.fuxnbdhlr1840.com/	Get hash	malicious	Unknown	Browse	103.1.40.49
	https://www.alouahlca6454.com/	Get hash	malicious	Unknown	Browse	103.1.40.49
INIT7CH	x86_64-20231203-0928.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.Trojan.Linux.Mirai.29744.17563.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.Trojan.Linux.Mirai.1085.18302.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	arm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	j0lGr8krMR.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	q5ZB59lfi7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	bot.x86.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	bot.arm5.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	xaarch64.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	eIsiU6BbPe.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	tvOnVQPlql.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	gjh7N6186u.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	213.144.142.24
	arm7-20231201-1833.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	tgLEk39U	Get hash	malicious	Unknown	Browse	109.202.202.202
	rPmpxBOqv6.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	arm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ZlokKccCkK.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	arm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	oLiCZWdCxX.elf	Get hash	malicious	Unknown	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	5.919666358314574
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	arm7-20231203-0928.elf
File size:	120'446 bytes
MD5:	8864efb6b67623c9b5296b5218359249
SHA1:	3ec2c5ce91fc19616d1b019e7699432c3527d471
SHA256:	7a1fa85c527a3e1db5c7a6935099ae483e73624a73f91532dcf8eb440acf4351
SHA512:	3a5e73b7bdb0c82c3a8c04a6450e85dd32f5c1b83fe3b21d32438359a865f18e47efad8ecdf02e458a9e8af55f63bc1b90cac4cc5cb5516666271b275b0a4bd7
SSDEEP:	3072:AQO3WqAROKMoMuPGYlqqiaoH+EuNM/9cE:AQO3KXMoMuPzQqYH+E4M/9cE
TLSH:	6DC33B46E6818B13C4D61775B6EF42453323A79593DB73069928AFF43F827AF0E23906
File Content Preview:	.ELF..............(.........4...xm......4. ...(........p.................................................................................1..........................................Q.td..................................-...L..................@-.,@...0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8194
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	93560
Section Header Size:	40
Number of Section Headers:	29
Header String Table Index:	26

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x80d4	0xd4	0x10	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80f0	0xf0	0xfe8c	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x17f7c	0xff7c	0x10	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x17f8c	0xff8c	0xd40	0x0	0x2	A	0	0	4
.ARM.extab	PROGBITS	0x18ccc	0x10ccc	0x18	0x0	0x2	A	0	0	4
.ARM.exidx	ARM_EXIDX	0x18ce4	0x10ce4	0x118	0x0	0x82	AL	2	0	4
.eh_frame	PROGBITS	0x20dfc	0x10dfc	0x4	0x0	0x3	WA	0	0	4
.tbss	NOBITS	0x20e00	0x10e00	0x8	0x0	0x403	WAT	0	0	4
.init_array	INIT_ARRAY	0x20e00	0x10e00	0x4	0x0	0x3	WA	0	0	4
.fini_array	FINI_ARRAY	0x20e04	0x10e04	0x4	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x20e08	0x10e08	0x4	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x20e0c	0x10e0c	0xa8	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x20eb4	0x10eb4	0x208	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x210bc	0x110bc	0x2f20	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x110bc	0x8ce	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x11990	0xc0	0x0	0x0		0	0	8
.debug_pubnames	PROGBITS	0x0	0x11a50	0x213	0x0	0x0		0	0	1
.debug_info	PROGBITS	0x0	0x11c63	0x1d23	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x13986	0x692	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x14018	0x9c7	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x149e0	0x2b8	0x0	0x0		0	0	4
.debug_str	PROGBITS	0x0	0x14c98	0x8ca	0x1	0x30	MS	0	0	1
.debug_loc	PROGBITS	0x0	0x15562	0x118f	0x0	0x0		0	0	1
.debug_ranges	PROGBITS	0x0	0x166f1	0x558	0x0	0x0		0	0	1
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x16c49	0x16	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x16c5f	0x117	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x17200	0x4340	0x10	0x0		28	619	4
.strtab	STRTAB	0x0	0x1b540	0x213e	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x10ce4	0x18ce4	0x18ce4	0x118	0x118	4.4526	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x10dfc	0x10dfc	6.0334	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x10dfc	0x20dfc	0x20dfc	0x2c0	0x31e0	3.9583	0x6	RW	0x8000	.eh_frame .tbss .init_array .fini_array .jcr .got .data .bss
TLS	0x10e00	0x20e00	0x20e00	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80f0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x17f7c	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x17f8c	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x18ccc	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x18ce4	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x20dfc	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x20e00	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x20e00	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x20e04	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x20e08	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x20e0c	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x20eb4	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x210bc	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	25
$a	.symtab	0x80d4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x17f7c	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80e0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x17f88	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8134	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8194	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x82cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8424	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8640	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x86ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x871c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8af8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x91c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x986c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9f5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa718	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xae14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb4ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbbe4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc380	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc384	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc624	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc904	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcf88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcfd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd07c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd0a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd1ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd2c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd2d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd438	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd4a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdc20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdc7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdce4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xde20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdefc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdf24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe42c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe4f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe590	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe69c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xec04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xec2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xec64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xecac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xecd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xecf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xed10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xed24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xed80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xee14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xeea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xefe0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf0dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf1f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf204	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf29c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf390	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf3a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf3dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf420	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf460	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf4a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf528	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf568	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf5f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf624	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf734	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf804	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf8c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf978	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfa60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfa80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfac0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfad0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfb70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfbd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfbf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfc3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfcb0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfcf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfdac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfdf0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfebc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xff2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xff74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfffc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10040	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x100b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x100fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10184	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x101cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10260	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10274	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10338	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x103a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10d54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10e94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11254	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x116f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11734	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1185c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11874	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11918	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11bc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11e80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11f44	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12090	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12a80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12b18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12b60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12c50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12d84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ddc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12de4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12e14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12e6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12e74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12efc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13048	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13124	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x131e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13238	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13290	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1367c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x136f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13724	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13820	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13888	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x138ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1398c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13aa8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13aec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13bcc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13c38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13c4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13dc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13eb0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14254	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14584	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x145a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14a04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14a84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14be8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14c18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15128	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x154d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15600	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x156a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15c50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15dd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ebc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15fb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1602c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16094	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x162e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x162f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1632c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16384	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x163dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x163e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x164c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16610	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16668	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16744	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16774	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16818	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1683c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1687c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x168ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16a30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16a7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16ac8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16ad0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16ad4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16b00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16b0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16b18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16d38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16e88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16ea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16f04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16f70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17028	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17048	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1718c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x176d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x176dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x176e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x176ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x177a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x177ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f48	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8128	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20e04	0	NOTYPE	<unknown>	DEFAULT	10
$d	.symtab	0x8180	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20e00	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x81c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x82c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8420	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8ac0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x91bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9868	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9f58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa714	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xae10	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb4e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbbe0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc378	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc900	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcf30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20eb4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0xd0a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd2bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd2d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd42c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd4a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdbe4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20eb8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x20ebc	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x20ec0	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x20ec4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0xdc6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdcd4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xde08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdeec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe44c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe4e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe588	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe680	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20ec8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0xebfc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x20	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x26	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0xf294	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf380	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf3d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf41c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf45c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf4a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf520	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf564	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf5f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf718	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf7fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf8bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf970	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x188f0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xfa4c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfa7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfab0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfc34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfca8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfcec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfda4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfde8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfeb4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xff24	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xff70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfff4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10038	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x100a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x100f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1017c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x101c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10208	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1025c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1032c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10d30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20ecc	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x10e78	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11234	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x116d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1172c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11848	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20ee4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x118fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x119b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11a74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11b18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20efc	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x20f94	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x11bc0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11c90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11d84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11e74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18908	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x11f24	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20fa8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1206c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12688	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12a58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12c44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12d70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12d80	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12e10	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12ea0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12f30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1311c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x131d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13230	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13284	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13630	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20fc0	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x136f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13720	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x137a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1381c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13880	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x138e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13988	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13a14	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13a50	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13a90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13ae8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13b28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13b68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13bc4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13c30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13e9c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1424c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14574	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x149d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14a74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14bcc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20fd8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x20fd4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1510c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x154bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x155f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15c48	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15d34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15eb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15fac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16014	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16084	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x162c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16320	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x163d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x164b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16608	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16740	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16814	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x168e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x4c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x53	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x16d1c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x176c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x58	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	23
$d	.symtab	0x23c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0xe39	0	NOTYPE	<unknown>	DEFAULT	23
$d	.symtab	0x20fcc	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1899a	0	NOTYPE	<unknown>	DEFAULT	4
C.11.5548	.symtab	0x18978	12	OBJECT	<unknown>	DEFAULT	4
C.5.5083	.symtab	0x188f0	24	OBJECT	<unknown>	DEFAULT	4
C.7.5370	.symtab	0x18984	12	OBJECT	<unknown>	DEFAULT	4
C.7.6109	.symtab	0x18cc0	12	OBJECT	<unknown>	DEFAULT	4
C.7.6182	.symtab	0x18c9c	12	OBJECT	<unknown>	DEFAULT	4
C.8.6110	.symtab	0x18cb4	12	OBJECT	<unknown>	DEFAULT	4
C.9.6119	.symtab	0x18ca8	12	OBJECT	<unknown>	DEFAULT	4
LOCAL_ADDR	.symtab	0x23bdc	4	OBJECT	<unknown>	DEFAULT	14
Laligned	.symtab	0xfb98	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0xfbb4	0	NOTYPE	<unknown>	DEFAULT	2
_Exit	.symtab	0x13820	104	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x20e0c	0	OBJECT	<unknown>	HIDDEN	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_Unwind_Complete	.symtab	0x16ad0	4	FUNC	<unknown>	HIDDEN	2
_Unwind_DeleteException	.symtab	0x16ad4	44	FUNC	<unknown>	HIDDEN	2
_Unwind_ForcedUnwind	.symtab	0x17784	36	FUNC	<unknown>	HIDDEN	2
_Unwind_GetCFA	.symtab	0x16ac8	8	FUNC	<unknown>	HIDDEN	2
_Unwind_GetDataRelBase	.symtab	0x16b0c	12	FUNC	<unknown>	HIDDEN	2
_Unwind_GetLanguageSpecificData	.symtab	0x177a8	68	FUNC	<unknown>	HIDDEN	2
_Unwind_GetRegionStart	.symtab	0x17f48	52	FUNC	<unknown>	HIDDEN	2
_Unwind_GetTextRelBase	.symtab	0x16b00	12	FUNC	<unknown>	HIDDEN	2
_Unwind_RaiseException	.symtab	0x17718	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume	.symtab	0x1773c	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume_or_Rethrow	.symtab	0x17760	36	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Get	.symtab	0x16a30	76	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Pop	.symtab	0x17048	324	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Set	.symtab	0x16a7c	76	FUNC	<unknown>	HIDDEN	2
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b	.symtab	0x20fcc	4	OBJECT	<unknown>	DEFAULT	13
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x1899a	768	OBJECT	<unknown>	DEFAULT	4
__EH_FRAME_BEGIN__	.symtab	0x20dfc	0	OBJECT	<unknown>	DEFAULT	7
__FRAME_END__	.symtab	0x20dfc	0	OBJECT	<unknown>	DEFAULT	7
__GI___C_ctype_b	.symtab	0x20fcc	4	OBJECT	<unknown>	HIDDEN	13
__GI___close	.symtab	0x12da0	100	FUNC	<unknown>	HIDDEN	2
__GI___close_nocancel	.symtab	0x12d84	24	FUNC	<unknown>	HIDDEN	2
__GI___ctype_b	.symtab	0x20fd0	4	OBJECT	<unknown>	HIDDEN	13
__GI___errno_location	.symtab	0xfa60	32	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0xf204	152	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x154d4	300	FUNC	<unknown>	HIDDEN	2
__GI___libc_close	.symtab	0x12da0	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0xf29c	244	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x12e30	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_read	.symtab	0x12f50	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_write	.symtab	0x12ec0	100	FUNC	<unknown>	HIDDEN	2
__GI___open	.symtab	0x12e30	100	FUNC	<unknown>	HIDDEN	2
__GI___open_nocancel	.symtab	0x12e14	24	FUNC	<unknown>	HIDDEN	2
__GI___read	.symtab	0x12f50	100	FUNC	<unknown>	HIDDEN	2
__GI___read_nocancel	.symtab	0x12f34	24	FUNC	<unknown>	HIDDEN	2
__GI___sigaddset	.symtab	0x1035c	36	FUNC	<unknown>	HIDDEN	2
__GI___sigdelset	.symtab	0x10380	36	FUNC	<unknown>	HIDDEN	2
__GI___sigismember	.symtab	0x10338	36	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x13168	124	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x13238	88	FUNC	<unknown>	HIDDEN	2
__GI___write	.symtab	0x12ec0	100	FUNC	<unknown>	HIDDEN	2
__GI___write_nocancel	.symtab	0x12ea4	24	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x13820	104	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x11734	296	FUNC	<unknown>	HIDDEN	2
__GI_accept	.symtab	0xfc3c	116	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0xfcb0	68	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x16384	88	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x12da0	100	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0xf624	272	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x141d8	52	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x1420c	72	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x13eb0	808	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0xfd38	116	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x11e80	196	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x14254	816	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0xf29c	244	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x15128	940	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x14c18	324	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x154d4	300	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x14d5c	284	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x15600	160	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x14584	32	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x126b4	972	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x13888	100	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x154d4	300	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x1398c	44	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x139b8	20	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x139cc	20	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x139e0	20	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x139f4	40	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x12b18	72	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x13a1c	56	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0xfdac	68	FUNC	<unknown>	HIDDEN	2
__GI_gettimeofday	.symtab	0x13a54	64	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x13a94	20	FUNC	<unknown>	HIDDEN	2
__GI_inet_addr	.symtab	0xfbd0	40	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x15ebc	248	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x11c9c	248	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x163e8	224	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x15e1c	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0xf3a4	56	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0xfe38	64	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x1687c	112	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0xfac0	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x15b30	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x16818	36	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0xfad0	156	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x1367c	124	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x13aa8	68	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x13aec	64	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x13b6c	96	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x12e30	100	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0xf804	196	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x12b60	240	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x11874	164	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x11b34	144	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x12f50	100	FUNC	<unknown>	HIDDEN	2
__GI_readdir	.symtab	0xf978	232	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x13dc4	236	FUNC	<unknown>	HIDDEN	2
__GI_readlink	.symtab	0xf420	64	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0xfebc	112	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0xff74	136	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x13bcc	108	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0xf4a4	132	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x10040	112	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x100fc	136	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0xf528	64	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x10184	72	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x11d94	236	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x13724	136	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x10210	80	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x10260	20	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x10274	196	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0xf568	140	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x12c50	300	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x101cc	68	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x11bc4	216	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x15b60	240	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x15c50	236	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x15b40	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x15b40	28	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x15d3c	68	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0xfb70	96	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x15d80	80	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x15dd0	76	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x12090	1572	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x15e40	124	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0xf5f4	48	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x13c38	20	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x12ec0	100	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x20e08	0	OBJECT	<unknown>	DEFAULT	11
__JCR_LIST__	.symtab	0x20e08	0	OBJECT	<unknown>	DEFAULT	11
___Unwind_ForcedUnwind	.symtab	0x17784	36	FUNC	<unknown>	HIDDEN	2
___Unwind_RaiseException	.symtab	0x17718	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume	.symtab	0x1773c	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume_or_Rethrow	.symtab	0x17760	36	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x168ec	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x16a18	24	FUNC	<unknown>	HIDDEN	2
__aeabi_read_tp	.symtab	0x137d0	8	FUNC	<unknown>	DEFAULT	2
__aeabi_uidiv	.symtab	0xf0dc	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0xf1d8	24	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr0	.symtab	0x176e4	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr1	.symtab	0x176dc	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr2	.symtab	0x176d4	8	FUNC	<unknown>	HIDDEN	2
__app_fini	.symtab	0x21674	4	OBJECT	<unknown>	HIDDEN	14
__atexit_lock	.symtab	0x20fa8	24	OBJECT	<unknown>	DEFAULT	13
__bss_end__	.symtab	0x23fdc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x210bc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x210bc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x131e4	84	FUNC	<unknown>	DEFAULT	2
__close	.symtab	0x12da0	100	FUNC	<unknown>	DEFAULT	2
__close_nocancel	.symtab	0x12d84	24	FUNC	<unknown>	DEFAULT	2
__ctype_b	.symtab	0x20fd0	4	OBJECT	<unknown>	DEFAULT	13
__curbrk	.symtab	0x23bd8	4	OBJECT	<unknown>	HIDDEN	14
__cxa_begin_cleanup	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_call_unexpected	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_type_match	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__data_start	.symtab	0x20eb4	0	NOTYPE	<unknown>	DEFAULT	13
__default_rt_sa_restorer	.symtab	0x137c4	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x137b8	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0xf1f0	20	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x168ec	300	FUNC	<unknown>	HIDDEN	2
__do_global_dtors_aux	.symtab	0x80f0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux_fini_array_entry	.symtab	0x20e04	0	OBJECT	<unknown>	DEFAULT	10
__end__	.symtab	0x23fdc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x2166c	4	OBJECT	<unknown>	DEFAULT	14
__errno_location	.symtab	0xfa60	32	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exidx_end	.symtab	0x18dfc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exidx_start	.symtab	0x18ce4	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x2111c	4	OBJECT	<unknown>	HIDDEN	14
__fcntl_nocancel	.symtab	0xf204	152	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x154d4	300	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x20e08	0	NOTYPE	<unknown>	HIDDEN	10
__fini_array_start	.symtab	0x20e04	0	NOTYPE	<unknown>	HIDDEN	10
__fork	.symtab	0x126b4	972	FUNC	<unknown>	DEFAULT	2
__fork_generation_pointer	.symtab	0x23fa8	4	OBJECT	<unknown>	HIDDEN	14
__fork_handlers	.symtab	0x23fac	4	OBJECT	<unknown>	HIDDEN	14
__fork_lock	.symtab	0x21120	4	OBJECT	<unknown>	HIDDEN	14
__frame_dummy_init_array_entry	.symtab	0x20e00	0	OBJECT	<unknown>	DEFAULT	9
__getdents	.symtab	0x138ec	160	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x164c8	328	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x139f4	40	FUNC	<unknown>	DEFAULT	2
__getpid	.symtab	0x12b18	72	FUNC	<unknown>	DEFAULT	2
__gnu_Unwind_Find_exidx	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__gnu_Unwind_ForcedUnwind	.symtab	0x16e88	28	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_RaiseException	.symtab	0x16f70	184	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Restore_VFP	.symtab	0x17708	0	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume	.symtab	0x16f04	108	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume_or_Rethrow	.symtab	0x17028	32	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Save_VFP	.symtab	0x17710	0	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_execute	.symtab	0x177ec	1812	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_frame	.symtab	0x17f00	72	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_pr_common	.symtab	0x1718c	1352	FUNC	<unknown>	DEFAULT	2
__h_errno_location	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x20e04	0	NOTYPE	<unknown>	HIDDEN	9
__init_array_start	.symtab	0x20e00	0	NOTYPE	<unknown>	HIDDEN	9
__libc_accept	.symtab	0xfc3c	116	FUNC	<unknown>	DEFAULT	2
__libc_close	.symtab	0x12da0	100	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0xfd38	116	FUNC	<unknown>	DEFAULT	2
__libc_disable_asynccancel	.symtab	0x12fc0	136	FUNC	<unknown>	HIDDEN	2
__libc_enable_asynccancel	.symtab	0x13048	220	FUNC	<unknown>	HIDDEN	2
__libc_errno	.symtab	0x0	4	TLS	<unknown>	HIDDEN	8
__libc_fcntl	.symtab	0xf29c	244	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x126b4	972	FUNC	<unknown>	DEFAULT	2
__libc_h_errno	.symtab	0x4	4	TLS	<unknown>	HIDDEN	8
__libc_multiple_threads	.symtab	0x23fb0	4	OBJECT	<unknown>	HIDDEN	14
__libc_nanosleep	.symtab	0x13b6c	96	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x12e30	100	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x12f50	100	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0xfebc	112	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0xff74	136	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0xf4a4	132	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x10040	112	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x100fc	136	FUNC	<unknown>	DEFAULT	2
__libc_setup_tls	.symtab	0x160b8	560	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x13724	136	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x21668	4	OBJECT	<unknown>	DEFAULT	14
__libc_write	.symtab	0x12ec0	100	FUNC	<unknown>	DEFAULT	2
__lll_lock_wait_private	.symtab	0x12a80	152	FUNC	<unknown>	HIDDEN	2
__malloc_consolidate	.symtab	0x11304	436	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x103a4	120	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x20ecc	24	OBJECT	<unknown>	DEFAULT	13
__malloc_state	.symtab	0x23c30	888	OBJECT	<unknown>	DEFAULT	14
__malloc_trim	.symtab	0x11254	176	FUNC	<unknown>	DEFAULT	2
__nptl_deallocate_tsd	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__nptl_nthreads	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__open	.symtab	0x12e30	100	FUNC	<unknown>	DEFAULT	2
__open_nocancel	.symtab	0x12e14	24	FUNC	<unknown>	DEFAULT	2
__pagesize	.symtab	0x21670	4	OBJECT	<unknown>	DEFAULT	14
__preinit_array_end	.symtab	0x20e00	0	NOTYPE	<unknown>	HIDDEN	8
__preinit_array_start	.symtab	0x20e00	0	NOTYPE	<unknown>	HIDDEN	8
__progname	.symtab	0x20fc4	4	OBJECT	<unknown>	DEFAULT	13
__progname_full	.symtab	0x20fc8	4	OBJECT	<unknown>	DEFAULT	13
__pthread_initialize_minimal	.symtab	0x162e8	12	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_init	.symtab	0x1312c	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x13124	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x13124	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x13124	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x13124	8	FUNC	<unknown>	DEFAULT	2
__pthread_unwind	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__read	.symtab	0x12f50	100	FUNC	<unknown>	DEFAULT	2
__read_nocancel	.symtab	0x12f34	24	FUNC	<unknown>	DEFAULT	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__restore_core_regs	.symtab	0x176ec	28	FUNC	<unknown>	HIDDEN	2
__rtld_fini	.symtab	0x21678	4	OBJECT	<unknown>	HIDDEN	14
__sigaddset	.symtab	0x1035c	36	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x10380	36	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x10338	36	FUNC	<unknown>	DEFAULT	2
__sigjmp_save	.symtab	0x1683c	64	FUNC	<unknown>	HIDDEN	2
__sigsetjmp	.symtab	0x163dc	12	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x20fe4	4	OBJECT	<unknown>	DEFAULT	13
__stdio_READ	.symtab	0x16610	88	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x16668	220	FUNC	<unknown>	HIDDEN	2
__stdio_rfill	.symtab	0x16744	48	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x16774	164	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x14be8	48	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x20fe8	4	OBJECT	<unknown>	DEFAULT	13
__sys_accept	.symtab	0xfbf8	68	FUNC	<unknown>	DEFAULT	2
__sys_connect	.symtab	0xfcf4	68	FUNC	<unknown>	DEFAULT	2
__sys_recv	.symtab	0xfe78	68	FUNC	<unknown>	DEFAULT	2
__sys_recvfrom	.symtab	0xff2c	72	FUNC	<unknown>	DEFAULT	2
__sys_send	.symtab	0xfffc	68	FUNC	<unknown>	DEFAULT	2
__sys_sendto	.symtab	0x100b0	76	FUNC	<unknown>	DEFAULT	2
__syscall_error	.symtab	0x136f8	44	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_nanosleep	.symtab	0x13b2c	64	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction	.symtab	0x137e0	64	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_select	.symtab	0xf460	68	FUNC	<unknown>	DEFAULT	2
__tls_get_addr	.symtab	0x16094	36	FUNC	<unknown>	DEFAULT	2
__uClibc_fini	.symtab	0x13168	124	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x13238	88	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x13290	1004	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x20fc0	4	OBJECT	<unknown>	HIDDEN	13
__udivsi3	.symtab	0xf0dc	252	FUNC	<unknown>	HIDDEN	2
__write	.symtab	0x12ec0	100	FUNC	<unknown>	DEFAULT	2
__write_nocancel	.symtab	0x12ea4	24	FUNC	<unknown>	DEFAULT	2
__xstat32_conv	.symtab	0x13d18	172	FUNC	<unknown>	HIDDEN	2
__xstat64_conv	.symtab	0x13c4c	204	FUNC	<unknown>	HIDDEN	2
_bss_end__	.symtab	0x23fdc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x162f4	56	FUNC	<unknown>	DEFAULT	2
_dl_nothread_init_static_tls	.symtab	0x1632c	88	FUNC	<unknown>	HIDDEN	2
_dl_phdr	.symtab	0x23fd4	4	OBJECT	<unknown>	DEFAULT	14
_dl_phnum	.symtab	0x23fd8	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_dtv_gaps	.symtab	0x23fc8	1	OBJECT	<unknown>	DEFAULT	14
_dl_tls_dtv_slotinfo_list	.symtab	0x23fc4	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_generation	.symtab	0x23fcc	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_max_dtv_idx	.symtab	0x23fbc	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_setup	.symtab	0x1602c	104	FUNC	<unknown>	DEFAULT	2
_dl_tls_static_align	.symtab	0x23fb8	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_nelem	.symtab	0x23fd0	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_size	.symtab	0x23fc0	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_used	.symtab	0x23fb4	4	OBJECT	<unknown>	DEFAULT	14
_edata	.symtab	0x210bc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x23fdc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_exit	.symtab	0x13820	104	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x17f7c	0	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x2169c	8192	OBJECT	<unknown>	DEFAULT	14
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_init	.symtab	0x80d4	0	FUNC	<unknown>	DEFAULT	1
_memcpy	.symtab	0x156a0	0	FUNC	<unknown>	HIDDEN	2
_pthread_cleanup_pop_restore	.symtab	0x1313c	44	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x13134	8	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_setjmp	.symtab	0x137ac	8	FUNC	<unknown>	DEFAULT	2
_sigintr	.symtab	0x23c28	8	OBJECT	<unknown>	HIDDEN	14
_start	.symtab	0x8194	0	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x145a4	1120	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x14a04	128	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x20fec	4	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_add_lock	.symtab	0x2167c	12	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_dec_use	.symtab	0x14e78	688	FUNC	<unknown>	HIDDEN	2
_stdio_openlist_del_count	.symtab	0x21698	4	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_del_lock	.symtab	0x21688	12	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_use_count	.symtab	0x21694	4	OBJECT	<unknown>	DEFAULT	14
_stdio_streams	.symtab	0x20ff0	204	OBJECT	<unknown>	DEFAULT	13
_stdio_term	.symtab	0x14a84	356	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x20fd4	4	OBJECT	<unknown>	DEFAULT	13
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x11734	296	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
accept	.symtab	0xfc3c	116	FUNC	<unknown>	DEFAULT	2
accept.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
anti_gdb_entry	.symtab	0xd2c0	24	FUNC	<unknown>	DEFAULT	2
attack.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_get_opt_int	.symtab	0x86ac	112	FUNC	<unknown>	DEFAULT	2
attack_get_opt_ip	.symtab	0x8640	108	FUNC	<unknown>	DEFAULT	2
attack_init	.symtab	0x871c	988	FUNC	<unknown>	DEFAULT	2
attack_kill_all	.symtab	0x82cc	344	FUNC	<unknown>	DEFAULT	2
attack_method_nudp	.symtab	0xc904	1668	FUNC	<unknown>	DEFAULT	2
attack_method_stdhex	.symtab	0xc624	736	FUNC	<unknown>	DEFAULT	2
attack_method_tcp	.symtab	0x91c0	1708	FUNC	<unknown>	DEFAULT	2
attack_ongoing	.symtab	0x210e0	32	OBJECT	<unknown>	DEFAULT	14
attack_parse	.symtab	0x8424	540	FUNC	<unknown>	DEFAULT	2
attack_start	.symtab	0x81d0	252	FUNC	<unknown>	DEFAULT	2
attack_tcp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_tcp_ack	.symtab	0xa718	1788	FUNC	<unknown>	DEFAULT	2
attack_tcp_legit	.symtab	0xb4ec	1784	FUNC	<unknown>	DEFAULT	2
attack_tcp_null	.symtab	0xbbe4	1948	FUNC	<unknown>	DEFAULT	2
attack_tcp_sack2	.symtab	0x986c	1776	FUNC	<unknown>	DEFAULT	2
attack_tcp_stomp	.symtab	0x9f5c	1980	FUNC	<unknown>	DEFAULT	2
attack_tcp_syn	.symtab	0x8af8	1736	FUNC	<unknown>	DEFAULT	2
attack_tcp_syndata	.symtab	0xae14	1752	FUNC	<unknown>	DEFAULT	2
attack_udp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_udp_plain	.symtab	0xc384	672	FUNC	<unknown>	DEFAULT	2
been_there_done_that	.symtab	0x21118	4	OBJECT	<unknown>	DEFAULT	14
bind	.symtab	0xfcb0	68	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk	.symtab	0x16384	88	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x10274	196	FUNC	<unknown>	DEFAULT	2
calloc	.symtab	0x10d54	320	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0xcf88	80	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0xcfd8	164	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0xfa80	52	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x12da0	100	FUNC	<unknown>	DEFAULT	2
closedir	.symtab	0xf624	272	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.5105	.symtab	0x210bc	1	OBJECT	<unknown>	DEFAULT	14
connect	.symtab	0xfd38	116	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ensure_single_instance	.symtab	0xd2d8	352	FUNC	<unknown>	DEFAULT	2
environ	.symtab	0x2166c	4	OBJECT	<unknown>	DEFAULT	14
errno	.symtab	0x0	4	TLS	<unknown>	DEFAULT	8
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x11e80	196	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fclose	.symtab	0x14254	816	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0xf29c	244	FUNC	<unknown>	DEFAULT	2
fd_ctrl	.symtab	0x20eb8	4	OBJECT	<unknown>	DEFAULT	13
fd_serv	.symtab	0x20ebc	4	OBJECT	<unknown>	DEFAULT	13
fd_to_DIR	.symtab	0xf734	208	FUNC	<unknown>	DEFAULT	2
fdopendir	.symtab	0xf8c8	176	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0x15128	940	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x14c18	324	FUNC	<unknown>	DEFAULT	2
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x154d4	300	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x14d5c	284	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x15600	160	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fopen	.symtab	0x14584	32	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x126b4	972	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork_handler_pool	.symtab	0x21124	1348	OBJECT	<unknown>	DEFAULT	14
frame_dummy	.symtab	0x8134	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x114b8	572	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x13888	100	FUNC	<unknown>	DEFAULT	2
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
get_eit_entry	.symtab	0x16b18	544	FUNC	<unknown>	DEFAULT	2
getc	.symtab	0x14c18	324	FUNC	<unknown>	DEFAULT	2
getc_unlocked	.symtab	0x154d4	300	FUNC	<unknown>	DEFAULT	2
getdents.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x1398c	44	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x139b8	20	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x139cc	20	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x139e0	20	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x139f4	40	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x12b18	72	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0xf390	20	FUNC	<unknown>	DEFAULT	2
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x13a1c	56	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0xfdac	68	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0xfdf0	72	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gettimeofday	.symtab	0x13a54	64	FUNC	<unknown>	DEFAULT	2
gettimeofday.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x13a94	20	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x4	4	TLS	<unknown>	DEFAULT	8
hexPayload	.symtab	0x20eb4	4	OBJECT	<unknown>	DEFAULT	13
index	.symtab	0x15b60	240	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0xfbd0	40	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x15ebc	248	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
init_static_tls	.symtab	0x15fb4	120	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x119d0	192	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x11c9c	248	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x163e8	224	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x15e1c	36	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0xf3a4	56	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_init	.symtab	0xd1ec	212	FUNC	<unknown>	DEFAULT	2
killer_kill	.symtab	0xd07c	44	FUNC	<unknown>	DEFAULT	2
killer_kill_by_port	.symtab	0xe69c	1384	FUNC	<unknown>	DEFAULT	2
killer_mirai_exists	.symtab	0xd0a8	324	FUNC	<unknown>	DEFAULT	2
killer_pid	.symtab	0x21100	4	OBJECT	<unknown>	DEFAULT	14
libc-cancellation.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc-lowlevellock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc-tls.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc_multiple_threads.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listen	.symtab	0xfe38	64	FUNC	<unknown>	DEFAULT	2
listen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
local_bind.4618	.symtab	0x20ec4	1	OBJECT	<unknown>	DEFAULT	13
lseek64	.symtab	0x1687c	112	FUNC	<unknown>	DEFAULT	2
main	.symtab	0xd4a4	1916	FUNC	<unknown>	DEFAULT	2
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc	.symtab	0x1041c	2360	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x116f4	64	FUNC	<unknown>	DEFAULT	2
memcpy	.symtab	0xfac0	4	FUNC	<unknown>	DEFAULT	2
memmove	.symtab	0x15b30	4	FUNC	<unknown>	DEFAULT	2
mempcpy	.symtab	0x16818	36	FUNC	<unknown>	DEFAULT	2
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0xfad0	156	FUNC	<unknown>	DEFAULT	2
methods	.symtab	0x210dc	4	OBJECT	<unknown>	DEFAULT	14
methods_len	.symtab	0x210d8	1	OBJECT	<unknown>	DEFAULT	14
mmap	.symtab	0x1367c	124	FUNC	<unknown>	DEFAULT	2
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mremap	.symtab	0x13aa8	68	FUNC	<unknown>	DEFAULT	2
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x13aec	64	FUNC	<unknown>	DEFAULT	2
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x20ee4	24	OBJECT	<unknown>	DEFAULT	13
mylock	.symtab	0x20efc	24	OBJECT	<unknown>	DEFAULT	13
nanosleep	.symtab	0x13b6c	96	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
nprocessors_onln	.symtab	0x11f44	332	FUNC	<unknown>	DEFAULT	2
object.5113	.symtab	0x210c0	24	OBJECT	<unknown>	DEFAULT	14
open	.symtab	0x12e30	100	FUNC	<unknown>	DEFAULT	2
opendir	.symtab	0xf804	196	FUNC	<unknown>	DEFAULT	2
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
parse_config.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pending_connection	.symtab	0x21104	1	OBJECT	<unknown>	DEFAULT	14
pr-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0xf3dc	68	FUNC	<unknown>	DEFAULT	2
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
program_invocation_name	.symtab	0x20fc8	4	OBJECT	<unknown>	DEFAULT	13
program_invocation_short_name	.symtab	0x20fc4	4	OBJECT	<unknown>	DEFAULT	13
raise	.symtab	0x12b60	240	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x1185c	24	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand_alphastr	.symtab	0xdce4	316	FUNC	<unknown>	DEFAULT	2
rand_init	.symtab	0xdc7c	104	FUNC	<unknown>	DEFAULT	2
rand_next	.symtab	0xdc20	92	FUNC	<unknown>	DEFAULT	2
rand_str	.symtab	0xde20	220	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x11874	164	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x18908	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x11b34	144	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x20f14	128	OBJECT	<unknown>	DEFAULT	13
read	.symtab	0x12f50	100	FUNC	<unknown>	DEFAULT	2
readdir	.symtab	0xf978	232	FUNC	<unknown>	DEFAULT	2
readdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir64	.symtab	0x13dc4	236	FUNC	<unknown>	DEFAULT	2
readdir64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readlink	.symtab	0xf420	64	FUNC	<unknown>	DEFAULT	2
readlink.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x10e94	960	FUNC	<unknown>	DEFAULT	2
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0xfebc	112	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvfrom	.symtab	0xff74	136	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
register-atfork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_entries_free	.symtab	0xdefc	40	FUNC	<unknown>	DEFAULT	2
resolv_lookup	.symtab	0xdf24	1288	FUNC	<unknown>	DEFAULT	2
resolve_cnc_addr	.symtab	0xd438	108	FUNC	<unknown>	DEFAULT	2
resolve_func	.symtab	0x20ec0	4	OBJECT	<unknown>	DEFAULT	13
restore_core_regs	.symtab	0x176ec	28	FUNC	<unknown>	HIDDEN	2
rindex	.symtab	0x15d80	80	FUNC	<unknown>	DEFAULT	2
sbrk	.symtab	0x13bcc	108	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
select	.symtab	0xf4a4	132	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x10040	112	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendto	.symtab	0x100fc	136	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsid	.symtab	0xf528	64	FUNC	<unknown>	DEFAULT	2
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x10184	72	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x11918	184	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x11d94	236	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x13724	136	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x10210	80	FUNC	<unknown>	DEFAULT	2
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x10260	20	FUNC	<unknown>	DEFAULT	2
sigjmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
signal	.symtab	0x10274	196	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0xf568	140	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x12c50	300	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x101cc	68	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x11a90	164	FUNC	<unknown>	DEFAULT	2
srandom	.symtab	0x11a90	164	FUNC	<unknown>	DEFAULT	2
srandom_r	.symtab	0x11bc4	216	FUNC	<unknown>	DEFAULT	2
srv_addr	.symtab	0x23be0	16	OBJECT	<unknown>	DEFAULT	14
static_dtv	.symtab	0x2369c	512	OBJECT	<unknown>	DEFAULT	14
static_map	.symtab	0x23ba4	52	OBJECT	<unknown>	DEFAULT	14
static_slotinfo	.symtab	0x2389c	776	OBJECT	<unknown>	DEFAULT	14
stderr	.symtab	0x20fe0	4	OBJECT	<unknown>	DEFAULT	13
stdin	.symtab	0x20fd8	4	OBJECT	<unknown>	DEFAULT	13
stdout	.symtab	0x20fdc	4	OBJECT	<unknown>	DEFAULT	13
strchr	.symtab	0x15b60	240	FUNC	<unknown>	DEFAULT	2

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2023 10:40:37.235367060 CET	56516	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:40:37.245060921 CET	43928	443	192.168.2.23	91.189.91.42
Dec 3, 2023 10:40:41.639127016 CET	56518	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:40:42.876348019 CET	42836	443	192.168.2.23	91.189.91.43
Dec 3, 2023 10:40:43.644352913 CET	42516	80	192.168.2.23	109.202.202.202
Dec 3, 2023 10:40:51.104264021 CET	56520	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:40:58.490103960 CET	43928	443	192.168.2.23	91.189.91.42
Dec 3, 2023 10:40:58.506557941 CET	56522	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:07.996556044 CET	56524	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:08.728699923 CET	42836	443	192.168.2.23	91.189.91.43
Dec 3, 2023 10:41:13.516364098 CET	56526	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:14.871846914 CET	42516	80	192.168.2.23	109.202.202.202
Dec 3, 2023 10:41:17.035607100 CET	56528	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:25.622629881 CET	56530	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:31.028791904 CET	56532	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:39.444364071 CET	43928	443	192.168.2.23	91.189.91.42
Dec 3, 2023 10:41:40.429482937 CET	56534	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:50.829309940 CET	56536	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:41:59.921541929 CET	42836	443	192.168.2.23	91.189.91.43
Dec 3, 2023 10:42:00.234903097 CET	56538	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:42:05.635165930 CET	56540	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:42:10.031923056 CET	56542	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:42:19.435599089 CET	56544	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:42:28.855611086 CET	56546	56999	192.168.2.23	112.213.124.199
Dec 3, 2023 10:42:36.260519981 CET	56548	56999	192.168.2.23	112.213.124.199

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2023 10:40:37.135360956 CET	40818	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:40:37.234551907 CET	53	40818	8.8.8.8	192.168.2.23
Dec 3, 2023 10:40:41.539910078 CET	54728	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:40:41.638761044 CET	53	54728	8.8.8.8	192.168.2.23
Dec 3, 2023 10:40:51.004726887 CET	57948	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:40:51.103986979 CET	53	57948	8.8.8.8	192.168.2.23
Dec 3, 2023 10:40:58.407253981 CET	34112	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:40:58.506020069 CET	53	34112	8.8.8.8	192.168.2.23
Dec 3, 2023 10:41:07.897548914 CET	40570	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:41:07.996284008 CET	53	40570	8.8.8.8	192.168.2.23
Dec 3, 2023 10:41:13.416940928 CET	43693	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:41:13.516071081 CET	53	43693	8.8.8.8	192.168.2.23
Dec 3, 2023 10:41:16.936405897 CET	35273	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:41:17.035120010 CET	53	35273	8.8.8.8	192.168.2.23
Dec 3, 2023 10:41:25.523581982 CET	39389	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:41:25.622255087 CET	53	39389	8.8.8.8	192.168.2.23
Dec 3, 2023 10:41:30.929586887 CET	56722	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:41:31.028284073 CET	53	56722	8.8.8.8	192.168.2.23
Dec 3, 2023 10:41:40.329966068 CET	44555	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:41:40.428662062 CET	53	44555	8.8.8.8	192.168.2.23
Dec 3, 2023 10:41:50.729423046 CET	54732	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:41:50.828778028 CET	53	54732	8.8.8.8	192.168.2.23
Dec 3, 2023 10:42:00.136056900 CET	45493	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:42:00.234697104 CET	53	45493	8.8.8.8	192.168.2.23
Dec 3, 2023 10:42:05.535639048 CET	40260	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:42:05.634928942 CET	53	40260	8.8.8.8	192.168.2.23
Dec 3, 2023 10:42:09.932002068 CET	40909	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:42:10.031361103 CET	53	40909	8.8.8.8	192.168.2.23
Dec 3, 2023 10:42:19.336477041 CET	43856	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:42:19.435189962 CET	53	43856	8.8.8.8	192.168.2.23
Dec 3, 2023 10:42:28.756674051 CET	54181	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:42:28.855274916 CET	53	54181	8.8.8.8	192.168.2.23
Dec 3, 2023 10:42:36.161703110 CET	33028	53	192.168.2.23	8.8.8.8
Dec 3, 2023 10:42:36.260214090 CET	53	33028	8.8.8.8	192.168.2.23

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 3, 2023 10:40:37.539606094 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:40:42.005335093 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:40:51.407459974 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:40:58.898092031 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:41:08.417085886 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:41:13.936197042 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:41:17.524184942 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:41:25.929852009 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:41:31.330192089 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:41:40.729907990 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:41:51.136662006 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:42:00.535799026 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:42:05.931771994 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:42:10.334784031 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:42:19.757369995 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:42:29.162120104 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable
Dec 3, 2023 10:42:36.561978102 CET	112.213.124.199	192.168.2.23	ad80	(Unknown)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 3, 2023 10:40:37.135360956 CET	192.168.2.23	8.8.8.8	0x7544	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:40:41.539910078 CET	192.168.2.23	8.8.8.8	0x87c2	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:40:51.004726887 CET	192.168.2.23	8.8.8.8	0x9d37	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:40:58.407253981 CET	192.168.2.23	8.8.8.8	0x724	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:07.897548914 CET	192.168.2.23	8.8.8.8	0x4fe5	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:13.416940928 CET	192.168.2.23	8.8.8.8	0xcabe	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:16.936405897 CET	192.168.2.23	8.8.8.8	0x9944	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:25.523581982 CET	192.168.2.23	8.8.8.8	0xd836	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:30.929586887 CET	192.168.2.23	8.8.8.8	0x5ac4	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:40.329966068 CET	192.168.2.23	8.8.8.8	0xbc99	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:50.729423046 CET	192.168.2.23	8.8.8.8	0x2350	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:00.136056900 CET	192.168.2.23	8.8.8.8	0x5c13	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:05.535639048 CET	192.168.2.23	8.8.8.8	0xb18c	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:09.932002068 CET	192.168.2.23	8.8.8.8	0x922d	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:19.336477041 CET	192.168.2.23	8.8.8.8	0x5787	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:28.756674051 CET	192.168.2.23	8.8.8.8	0x4f01	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:36.161703110 CET	192.168.2.23	8.8.8.8	0x5eb7	Standard query (0)	botnet2.psscc.cn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 3, 2023 10:40:37.234551907 CET	8.8.8.8	192.168.2.23	0x7544	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:40:41.638761044 CET	8.8.8.8	192.168.2.23	0x87c2	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:40:51.103986979 CET	8.8.8.8	192.168.2.23	0x9d37	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:40:58.506020069 CET	8.8.8.8	192.168.2.23	0x724	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:07.996284008 CET	8.8.8.8	192.168.2.23	0x4fe5	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:13.516071081 CET	8.8.8.8	192.168.2.23	0xcabe	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:17.035120010 CET	8.8.8.8	192.168.2.23	0x9944	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:25.622255087 CET	8.8.8.8	192.168.2.23	0xd836	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:31.028284073 CET	8.8.8.8	192.168.2.23	0x5ac4	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:40.428662062 CET	8.8.8.8	192.168.2.23	0xbc99	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:41:50.828778028 CET	8.8.8.8	192.168.2.23	0x2350	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:00.234697104 CET	8.8.8.8	192.168.2.23	0x5c13	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:05.634928942 CET	8.8.8.8	192.168.2.23	0xb18c	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:10.031361103 CET	8.8.8.8	192.168.2.23	0x922d	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:19.435189962 CET	8.8.8.8	192.168.2.23	0x5787	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:28.855274916 CET	8.8.8.8	192.168.2.23	0x4f01	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false
Dec 3, 2023 10:42:36.260214090 CET	8.8.8.8	192.168.2.23	0x5eb7	No error (0)	botnet2.psscc.cn	112.213.124.199	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: arm7-20231203-0928.elf PID: 6205, Parent PID: 6121

General

Start time (UTC):	09:40:35
Start date (UTC):	03/12/2023
Path:	/tmp/arm7-20231203-0928.elf
Arguments:	/tmp/arm7-20231203-0928.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: arm7-20231203-0928.elf PID: 6207, Parent PID: 6205

General

Start time (UTC):	09:40:35
Start date (UTC):	03/12/2023
Path:	/tmp/arm7-20231203-0928.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: arm7-20231203-0928.elf PID: 6209, Parent PID: 6207

General

Start time (UTC):	09:40:35
Start date (UTC):	03/12/2023
Path:	/tmp/arm7-20231203-0928.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report arm7-20231203-0928.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: arm7-20231203-0928.elf PID: 6205, Parent PID: 6121

General

Chronological Activities

Analysis Process: arm7-20231203-0928.elf PID: 6207, Parent PID: 6205

General

Chronological Activities

Analysis Process: arm7-20231203-0928.elf PID: 6209, Parent PID: 6207

General

Chronological Activities

Linux Analysis Report
arm7-20231203-0928.elf