Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
skid.x86.elf
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
|
initial sample
|
||
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/skid.x86.elf
|
/tmp/skid.x86.elf
|
||
/tmp/skid.x86.elf
|
-
|
||
/tmp/skid.x86.elf
|
-
|
||
/tmp/skid.x86.elf
|
-
|
||
/tmp/skid.x86.elf
|
-
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
|
||
/usr/libexec/gsd-sharing
|
/usr/libexec/gsd-sharing
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
|
||
/usr/libexec/gsd-wacom
|
/usr/libexec/gsd-wacom
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/upower/upowerd
|
/usr/lib/upower/upowerd
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
|
||
/usr/libexec/gsd-keyboard
|
/usr/libexec/gsd-keyboard
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
|
||
/usr/libexec/gsd-color
|
/usr/libexec/gsd-color
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
|
||
/usr/libexec/gsd-print-notifications
|
/usr/libexec/gsd-print-notifications
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
|
||
/usr/libexec/gsd-smartcard
|
/usr/libexec/gsd-smartcard
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
|
||
/usr/libexec/gsd-datetime
|
/usr/libexec/gsd-datetime
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
|
||
/usr/libexec/gsd-media-keys
|
/usr/libexec/gsd-media-keys
|
||
/usr/libexec/gvfsd-fuse
|
-
|
||
/bin/fusermount
|
fusermount -u -q -z -- /run/user/1000/gvfs
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
|
||
/usr/libexec/gsd-screensaver-proxy
|
/usr/libexec/gsd-screensaver-proxy
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
|
||
/usr/libexec/gsd-a11y-settings
|
/usr/libexec/gsd-a11y-settings
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
|
||
/usr/libexec/gsd-sound
|
/usr/libexec/gsd-sound
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray
"Notification Area" "Area where notification icons appear"
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921
statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8
12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
|
||
/usr/libexec/gsd-power
|
/usr/libexec/gsd-power
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9
12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness
of your display"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so
10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925
actions "Action Buttons" "Log out, lock or other system actions"
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/upower/upowerd
|
/usr/lib/upower/upowerd
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
|
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/upower/upowerd
|
/usr/lib/upower/upowerd
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/upower/upowerd
|
/usr/lib/upower/upowerd
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-user-runtime-dir
|
/lib/systemd/systemd-user-runtime-dir stop 127
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
There are 75 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
9wg0dstmud.pirate
|
2.58.95.134
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
197.128.22.103
|
unknown
|
Morocco
|
||
197.231.215.3
|
unknown
|
unknown
|
||
197.130.162.10
|
unknown
|
Morocco
|
||
153.198.67.43
|
unknown
|
Japan
|
||
157.229.105.50
|
unknown
|
United States
|
||
157.82.48.228
|
unknown
|
Japan
|
||
157.57.242.69
|
unknown
|
United States
|
||
197.19.253.193
|
unknown
|
Tunisia
|
||
197.59.229.29
|
unknown
|
Egypt
|
||
138.15.239.4
|
unknown
|
United States
|
||
157.215.239.61
|
unknown
|
United States
|
||
197.76.213.117
|
unknown
|
South Africa
|
||
41.108.83.77
|
unknown
|
Algeria
|
||
187.27.7.220
|
unknown
|
Brazil
|
||
197.160.244.183
|
unknown
|
Egypt
|
||
41.227.18.69
|
unknown
|
Tunisia
|
||
197.234.167.179
|
unknown
|
South Africa
|
||
197.71.86.140
|
unknown
|
South Africa
|
||
197.60.107.98
|
unknown
|
Egypt
|
||
157.194.39.12
|
unknown
|
United States
|
||
41.198.207.244
|
unknown
|
South Africa
|
||
41.230.97.182
|
unknown
|
Tunisia
|
||
197.73.219.208
|
unknown
|
South Africa
|
||
197.102.233.94
|
unknown
|
South Africa
|
||
197.166.142.54
|
unknown
|
Egypt
|
||
197.224.41.182
|
unknown
|
Mauritius
|
||
19.242.1.180
|
unknown
|
United States
|
||
157.227.65.47
|
unknown
|
Australia
|
||
41.142.174.167
|
unknown
|
Morocco
|
||
157.146.162.192
|
unknown
|
United States
|
||
81.113.214.158
|
unknown
|
Italy
|
||
41.35.57.84
|
unknown
|
Egypt
|
||
157.41.214.252
|
unknown
|
India
|
||
186.178.176.191
|
unknown
|
Ecuador
|
||
109.49.178.67
|
unknown
|
Portugal
|
||
208.32.74.190
|
unknown
|
United States
|
||
41.122.213.82
|
unknown
|
South Africa
|
||
41.17.0.106
|
unknown
|
South Africa
|
||
142.133.143.202
|
unknown
|
Canada
|
||
197.43.51.120
|
unknown
|
Egypt
|
||
121.229.221.149
|
unknown
|
China
|
||
157.37.178.134
|
unknown
|
India
|
||
41.39.124.167
|
unknown
|
Egypt
|
||
41.8.13.52
|
unknown
|
South Africa
|
||
41.92.37.101
|
unknown
|
Morocco
|
||
197.40.144.185
|
unknown
|
Egypt
|
||
41.165.243.16
|
unknown
|
South Africa
|
||
41.149.186.125
|
unknown
|
South Africa
|
||
190.207.174.24
|
unknown
|
Venezuela
|
||
157.182.20.36
|
unknown
|
United States
|
||
157.57.242.31
|
unknown
|
United States
|
||
197.224.41.174
|
unknown
|
Mauritius
|
||
126.111.87.243
|
unknown
|
Japan
|
||
197.71.86.123
|
unknown
|
South Africa
|
||
41.95.85.7
|
unknown
|
Sudan
|
||
197.33.36.84
|
unknown
|
Egypt
|
||
41.215.11.64
|
unknown
|
Kenya
|
||
157.220.202.152
|
unknown
|
United States
|
||
197.202.110.238
|
unknown
|
Algeria
|
||
41.57.232.97
|
unknown
|
Ghana
|
||
41.143.104.78
|
unknown
|
Morocco
|
||
167.216.36.47
|
unknown
|
United States
|
||
197.116.212.219
|
unknown
|
Algeria
|
||
203.96.78.220
|
unknown
|
New Zealand
|
||
70.30.247.10
|
unknown
|
Canada
|
||
197.144.115.218
|
unknown
|
Morocco
|
||
41.66.91.118
|
unknown
|
South Africa
|
||
157.251.170.240
|
unknown
|
United States
|
||
45.99.51.242
|
unknown
|
Egypt
|
||
157.179.150.128
|
unknown
|
Thailand
|
||
41.105.231.143
|
unknown
|
Algeria
|
||
197.190.12.229
|
unknown
|
Ghana
|
||
157.245.211.184
|
unknown
|
United States
|
||
157.0.158.249
|
unknown
|
China
|
||
197.75.183.131
|
unknown
|
South Africa
|
||
119.225.95.94
|
unknown
|
Australia
|
||
41.165.243.73
|
unknown
|
South Africa
|
||
41.41.152.229
|
unknown
|
Egypt
|
||
205.234.68.103
|
unknown
|
United States
|
||
41.177.92.59
|
unknown
|
South Africa
|
||
157.220.202.173
|
unknown
|
United States
|
||
157.42.153.20
|
unknown
|
India
|
||
171.204.24.105
|
unknown
|
United States
|
||
157.157.15.93
|
unknown
|
Iceland
|
||
197.108.43.37
|
unknown
|
South Africa
|
||
197.16.42.185
|
unknown
|
Tunisia
|
||
106.94.227.22
|
unknown
|
China
|
||
140.13.164.141
|
unknown
|
United States
|
||
197.237.248.102
|
unknown
|
Kenya
|
||
157.227.65.11
|
unknown
|
Australia
|
||
197.76.213.166
|
unknown
|
South Africa
|
||
109.154.121.220
|
unknown
|
United Kingdom
|
||
41.138.141.98
|
unknown
|
Mauritania
|
||
222.60.154.248
|
unknown
|
China
|
||
41.76.191.203
|
unknown
|
Kenya
|
||
41.242.158.86
|
unknown
|
unknown
|
||
41.41.152.233
|
unknown
|
Egypt
|
||
157.176.156.241
|
unknown
|
United States
|
||
41.104.241.214
|
unknown
|
Algeria
|
||
201.79.172.50
|
unknown
|
Brazil
|
There are 90 hidden IPs, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
41e000
|
page execute read
|
|||
41e000
|
page execute read
|
|||
91b000
|
page read and write
|
|||
52f000
|
page read and write
|
|||
527000
|
page read and write
|
|||
91c000
|
page read and write
|
|||
52f000
|
page read and write
|
|||
7ffd21947000
|
page read and write
|
|||
91b000
|
page read and write
|
|||
7ffd21947000
|
page read and write
|
|||
7ffd2196a000
|
page execute read
|
|||
527000
|
page read and write
|
|||
7ffd2196a000
|
page execute read
|
There are 3 hidden memdumps, click here to show them.