Edit tour

Linux Analysis Report
p0hr6mFo4a.elf

Overview

General Information

Sample Name:	p0hr6mFo4a.elf
Analysis ID:	756316
MD5:	6ffbb525463973b94b047cb7e87a3f7b
SHA1:	b44d04f5f7c258596cfd4b3584beaf23504ca38f
SHA256:	3b8cd3d659758d58c07fb37045a07aa1afa74beb160d1393c5f51b4828774418
Tags:	32armelfgafgyt
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Opens /proc/net/* files useful for finding connected devices and routers

Yara signature match

Sample contains strings that are user agent strings indicative of HTTP manipulation

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	756316
Start date and time:	2022-11-30 01:09:09 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	p0hr6mFo4a.elf
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.spre.troj.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/p0hr6mFo4a.elf
PID:	6222
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

system is lnxubuntu20

p0hr6mFo4a.elf (PID: 6222, Parent: 6121, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/p0hr6mFo4a.elf

p0hr6mFo4a.elf New Fork (PID: 6224, Parent: 6222)

p0hr6mFo4a.elf New Fork (PID: 6225, Parent: 6222)

p0hr6mFo4a.elf New Fork (PID: 6228, Parent: 6225)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
p0hr6mFo4a.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
p0hr6mFo4a.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x125f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1260c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1265c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1274c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6224.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6224.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x125f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1260c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1265c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1274c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6222.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6222.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x125f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1260c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1265c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1274c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6225.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6225.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x125f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1260c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12620:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12634:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12648:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1265c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12670:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12684:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12698:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12710:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12724:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12738:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1274c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12760:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12774:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12788:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: p0hr6mFo4a.elf PID: 6222	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x4c49:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c5d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c71:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c85:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4c99:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cad:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cc1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cd5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4ce9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4cfd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d11:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d25:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d39:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d4d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d61:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d75:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d89:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4d9d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4db1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4dc5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4dd9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: p0hr6mFo4a.elf PID: 6224	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x4682:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4696:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x46aa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x46be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x46d2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x46e6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x46fa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x470e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4722:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4736:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x474a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x475e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4772:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4786:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x479a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x47ae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x47c2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x47d6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x47ea:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x47fe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4812:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: p0hr6mFo4a.elf PID: 6225	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x16941:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16955:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16969:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1697d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16991:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x169a5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x169b9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x169cd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x169e1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x169f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a09:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a1d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a31:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a45:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a59:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a6d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a81:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a95:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16aa9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16abd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16ad1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 4 entries

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: p0hr6mFo4a.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: p0hr6mFo4a.elf	Virustotal: Detection: 66%			Perma Link
Source: p0hr6mFo4a.elf	ReversingLabs: Detection: 65%

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/p0hr6mFo4a.elf (PID: 6222)

Opens: /proc/net/route

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic

TCP traffic: 192.168.2.23:38500 -> 47.87.197.232:576

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232

System Summary

Malicious sample detected (through community Yara rule)

Source: p0hr6mFo4a.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6224.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6222.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6225.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: p0hr6mFo4a.elf PID: 6222, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: p0hr6mFo4a.elf PID: 6224, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: p0hr6mFo4a.elf PID: 6225, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: p0hr6mFo4a.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6224.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6222.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6225.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: p0hr6mFo4a.elf PID: 6222, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: p0hr6mFo4a.elf PID: 6224, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: p0hr6mFo4a.elf PID: 6225, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal76.spre.troj.linELF@0/0@0/0

Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: /home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/string/arm/_memcpy.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/string/arm/bcopy.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/string/arm/memcpy.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/string/arm/memmove.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/string/arm/memset.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/string/arm/strcmp.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/string/arm/strlen.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crt1.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crti.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/crtn.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/sigrestorer.S
Source: p0hr6mFo4a.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/arm/vfork.S

Source: /tmp/p0hr6mFo4a.elf (PID: 6222)

Queries kernel information via 'uname':

Jump to behavior

Source: p0hr6mFo4a.elf, 6222.1.00007fff1aee7000.00007fff1af08000.rw-.sdmp, p0hr6mFo4a.elf, 6224.1.00007fff1aee7000.00007fff1af08000.rw-.sdmp, p0hr6mFo4a.elf, 6225.1.00007fff1aee7000.00007fff1af08000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/p0hr6mFo4a.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/p0hr6mFo4a.elf
Source: p0hr6mFo4a.elf, 6222.1.00005651f2419000.00005651f2568000.rw-.sdmp, p0hr6mFo4a.elf, 6224.1.00005651f2419000.00005651f2568000.rw-.sdmp, p0hr6mFo4a.elf, 6225.1.00005651f2419000.00005651f2568000.rw-.sdmp	Binary or memory string: QV!/etc/qemu-binfmt/arm
Source: p0hr6mFo4a.elf, 6222.1.00005651f2419000.00005651f2568000.rw-.sdmp, p0hr6mFo4a.elf, 6224.1.00005651f2419000.00005651f2568000.rw-.sdmp, p0hr6mFo4a.elf, 6225.1.00005651f2419000.00005651f2568000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: p0hr6mFo4a.elf, 6222.1.00007fff1aee7000.00007fff1af08000.rw-.sdmp, p0hr6mFo4a.elf, 6224.1.00007fff1aee7000.00007fff1af08000.rw-.sdmp, p0hr6mFo4a.elf, 6225.1.00007fff1aee7000.00007fff1af08000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: p0hr6mFo4a.elf, type: SAMPLE
Source: Yara match	File source: 6224.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6225.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY

Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: p0hr6mFo4a.elf, type: SAMPLE
Source: Yara match	File source: 6224.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6225.1.00007fedcc017000.00007fedcc02d000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
p0hr6mFo4a.elf	66%	Virustotal		Browse
p0hr6mFo4a.elf	65%	ReversingLabs	Linux.Trojan.Gafgyt
p0hr6mFo4a.elf	100%	Avira	LINUX/Gafgyt.opnd

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
47.87.197.232	unknown	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
109.202.202.202	portainer	Get hash	malicious	Browse
	l.out.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse
	8LzAAQOA5F.elf	Get hash	malicious	Browse
	GzQ3LRVbSB.elf	Get hash	malicious	Browse
	QIsLuTv1ka.elf	Get hash	malicious	Browse
	FIieajcRYe.elf	Get hash	malicious	Browse
	o9epZmdr6x.elf	Get hash	malicious	Browse
	auD8Kknsmc.elf	Get hash	malicious	Browse
	7Cz3REBlrI.elf	Get hash	malicious	Browse
	R2YElGmM5e.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	YziyrKNTFz.elf	Get hash	malicious	Browse
	9FrHfq70Fi.elf	Get hash	malicious	Browse
	CZr4ZXLsLe	Get hash	malicious	Browse
	M8GOt1nlUu.elf	Get hash	malicious	Browse
91.189.91.43	portainer	Get hash	malicious	Browse
	l.out.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse
	8LzAAQOA5F.elf	Get hash	malicious	Browse
	GzQ3LRVbSB.elf	Get hash	malicious	Browse
	QIsLuTv1ka.elf	Get hash	malicious	Browse
	FIieajcRYe.elf	Get hash	malicious	Browse
	o9epZmdr6x.elf	Get hash	malicious	Browse
	auD8Kknsmc.elf	Get hash	malicious	Browse
	7Cz3REBlrI.elf	Get hash	malicious	Browse
	R2YElGmM5e.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	YziyrKNTFz.elf	Get hash	malicious	Browse
	9FrHfq70Fi.elf	Get hash	malicious	Browse
	CZr4ZXLsLe	Get hash	malicious	Browse
	M8GOt1nlUu.elf	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
INIT7CH	portainer	Get hash	malicious	Browse	109.202.202.202
	l.out.elf	Get hash	malicious	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse	109.202.202.202
	8LzAAQOA5F.elf	Get hash	malicious	Browse	109.202.202.202
	GzQ3LRVbSB.elf	Get hash	malicious	Browse	109.202.202.202
	QIsLuTv1ka.elf	Get hash	malicious	Browse	109.202.202.202
	FIieajcRYe.elf	Get hash	malicious	Browse	109.202.202.202
	o9epZmdr6x.elf	Get hash	malicious	Browse	109.202.202.202
	auD8Kknsmc.elf	Get hash	malicious	Browse	109.202.202.202
	7Cz3REBlrI.elf	Get hash	malicious	Browse	109.202.202.202
	R2YElGmM5e.elf	Get hash	malicious	Browse	109.202.202.202
	sora.arm7.elf	Get hash	malicious	Browse	109.202.202.202
	sora.x86.elf	Get hash	malicious	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse	109.202.202.202
	sora.arm7.elf	Get hash	malicious	Browse	109.202.202.202
	sora.x86.elf	Get hash	malicious	Browse	109.202.202.202
	YziyrKNTFz.elf	Get hash	malicious	Browse	109.202.202.202
	9FrHfq70Fi.elf	Get hash	malicious	Browse	109.202.202.202
	CZr4ZXLsLe	Get hash	malicious	Browse	109.202.202.202
	M8GOt1nlUu.elf	Get hash	malicious	Browse	109.202.202.202
VODANETInternationalIP-BackboneofVodafoneDE	7HuJu44thW.elf	Get hash	malicious	Browse	188.110.182.82
	Yw0HhtLWAz.elf	Get hash	malicious	Browse	188.109.141.7
	MZbxLJqYM3.elf	Get hash	malicious	Browse	2.203.197.21
	oAUrOBvfbV.elf	Get hash	malicious	Browse	2.205.253.113
	jew.x86.elf	Get hash	malicious	Browse	88.73.217.45
	3y849k7eIG.elf	Get hash	malicious	Browse	188.97.131.92
	ewfDbhCyw3.elf	Get hash	malicious	Browse	188.107.42.3
	wIUY7HguZD.elf	Get hash	malicious	Browse	88.68.114.1
	87uWrdTuhh.elf	Get hash	malicious	Browse	94.221.53.89
	tYV5avLJzh.elf	Get hash	malicious	Browse	188.107.45.128
	kQhLxBYJGw.elf	Get hash	malicious	Browse	109.41.117.192
	zg8P6HaVf2.elf	Get hash	malicious	Browse	213.23.15.180
	Mddos.arm.elf	Get hash	malicious	Browse	47.87.28.61
	SecuriteInfo.com.Linux.Siggen.9999.7635.14049.elf	Get hash	malicious	Browse	178.5.76.73
	4Wu0n8HHNS.elf	Get hash	malicious	Browse	47.70.112.98
	hotnet.arm.elf	Get hash	malicious	Browse	188.106.42.82
	2BDwNIeogc.elf	Get hash	malicious	Browse	109.47.30.165
	GoVDsH5Zz1.elf	Get hash	malicious	Browse	2.205.253.141
	sCxUFOf8Ls.elf	Get hash	malicious	Browse	47.65.161.98
	gjnmd04mew.elf	Get hash	malicious	Browse	2.206.82.182

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, with debug_info, not stripped
Entropy (8bit):	5.988533115484921
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	p0hr6mFo4a.elf
File size:	125008
MD5:	6ffbb525463973b94b047cb7e87a3f7b
SHA1:	b44d04f5f7c258596cfd4b3584beaf23504ca38f
SHA256:	3b8cd3d659758d58c07fb37045a07aa1afa74beb160d1393c5f51b4828774418
SHA512:	09adceed5796ddfed2684752b223f62b5ace60f6b46daa25bfc0cf9450605132992017c0e83c22746eb78209a06496e1de425eea792d38f91c73c962e41a1a24
SSDEEP:	3072:QjDy/ayFRLtnPUK3lbd3oU3i6m7/L7QsvmGfIiNb:eOlRL1b3lb+km7/L7QsvmGfIiNb
TLSH:	0CC3F730E8044B1BC2D223F6E75A869E3F351E9797A733155B3879B02FF27991E29520
File Content Preview:	.ELF...a..........(.........4...Xx......4. ...(......................Y...Y...............`...`...`..@....h..........Q.td..................................-...L."....D..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:
Data:
Version:
Machine:
Version Number:
Type:
OS/ABI:
ABI Version:
Entry Point Address:
Flags:
ELF Header Size:
Program Header Offset:
Program Header Size:
Number of Program Headers:
Section Header Offset:
Section Header Size:
Number of Section Headers:
Header String Table Index:

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80b0	0xb0	0x11424	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x194d4	0x114d4	0x14	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x194e8	0x114e8	0x4494	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x1d97c	0x1597c	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x26000	0x16000	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x26008	0x16008	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x26010	0x16010	0x4	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x26014	0x16014	0x42c	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x26440	0x16440	0x6458	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x16440	0xbd4	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x17018	0xa0	0x0	0x0		0	0	8
.debug_info	PROGBITS	0x0	0x170b8	0x30c	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x173c4	0x64	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x17428	0x2e7	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x17710	0xa0	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0x177b0	0xa8	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x17b78	0x4750	0x10	0x0		19	640	4
.strtab	STRTAB	0x0	0x1c2c8	0x2588	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0x15980	0x15980	6.1502	0x5	R E	0x8000	.init .text .fini .rodata .eh_frame
LOAD	0x16000	0x26000	0x26000	0x440	0x6898	3.0990	0x6	RW	0x8000	.ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x8094	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80b0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x194d4	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x194e8	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x1d97c	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x26000	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x26008	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x26010	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x26014	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x26440	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
$a	.symtab	0x8094	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x194d4	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8128	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x194e0	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x8188	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x80a0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x19498	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x194cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x80a4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x80a8	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x194e4	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x8190	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8630	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8778	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x884c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x89b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8ae8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x93c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x979c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9920	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9a70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa030	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa448	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa4a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb550	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbc30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbd68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc490	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xca8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdadc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe7b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xea94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf3d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf460	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf52c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf6c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10198	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10374	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x103bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10404	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10478	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10508	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11478	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11588	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11654	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11738	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1173c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11790	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x117c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11834	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11884	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x118ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x118d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11904	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11930	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1195c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11984	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ab0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ba4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11bd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11cbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11cc8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11cfc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11de0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11e50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11e60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11f18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11f48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1260c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12878	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x128c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12d88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12dbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12e70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12e80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12e90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fb0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1318c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1326c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13364	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13378	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13460	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1346c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1348c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x134f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13568	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1358c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x135d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13944	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13970	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1399c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13abc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ae8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13be8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13c54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13da8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13e00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ef0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14008	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1409c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14128	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14250	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14398	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1439c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14418	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x144a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1453c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x145b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14678	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14708	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x147d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1489c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x148a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x148b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14a48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14adc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14b70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14dcc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x150b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1519c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15218	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15244	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15270	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1529c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x152c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15320	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1534c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15378	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15384	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x153d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x153f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x154b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1556c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x156a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x157a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15818	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1584c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1599c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15dbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16010	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x164a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x164b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x166b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16724	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16764	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16850	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1705c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17330	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17378	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17390	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x173b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x173f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1741c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1759c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x175a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x175b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x176e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x177b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17aa8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17ad8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17b6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17cac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17e90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17fe0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x180a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x180f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18128	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18404	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18568	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x187c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x188b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18968	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x189c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x189d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18ab4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18ae8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18e10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18e74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18ea8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18fd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19054	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x190fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x191c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19214	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19270	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1929c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19358	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26000	0	NOTYPE	<unknown>	DEFAULT	6
$d	.symtab	0x26008	0	NOTYPE	<unknown>	DEFAULT	7
$d	.symtab	0x2601c	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x8118	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8174	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x194c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26020	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x81c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26024	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x8774	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8844	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x89ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8adc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x93c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x978c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x991c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a1dc	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x9a6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa02c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa440	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa4a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb534	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbc2c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbd64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc48c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xca6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xda88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe790	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xea80	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf3a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf450	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf51c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf6bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x260d8	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x10318	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x103b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10400	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10474	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10504	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10690	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11b18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11cb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x260dc	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x260e4	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x11cc4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11cf8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11e4c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11e5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11f08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x260ec	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x1c924	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x125f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12874	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x128b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12d64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x130b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13264	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13458	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13468	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x134f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x135c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13928	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13be4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13d90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26228	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x13ed8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13ff8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14388	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26330	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x14400	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1448c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14524	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x145a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26348	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x14674	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14704	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x147c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14898	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d550	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x14a44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14ac0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x263fc	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x14b6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14d10	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14d5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14dbc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14e0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14e5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15084	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26414	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x15194	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1531c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2c6b0	0	NOTYPE	<unknown>	DEFAULT	10
$d	.symtab	0x15380	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15d84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d598	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x165a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x166a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1684c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17028	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x172f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2641c	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x173ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x173ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17580	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x176d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17a78	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17b5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17c84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17e6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17fd8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18400	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18564	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x187c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18adc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18e0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18ea4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x26434	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x18fd4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19050	0	NOTYPE	<unknown>	DEFAULT	2
/home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/firmware/build/temp-armv5l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
C.151.5663	.symtab	0x1b8fc	40	OBJECT	<unknown>	DEFAULT	4
C.182.5957	.symtab	0x1b968	16	OBJECT	<unknown>	DEFAULT	4
C.183.5958	.symtab	0x1b93c	20	OBJECT	<unknown>	DEFAULT	4
KHcommSOCK	.symtab	0x2645c	4	OBJECT	<unknown>	DEFAULT	10
KHserverHACKER	.symtab	0x260c8	4	OBJECT	<unknown>	DEFAULT	9
LOCAL_ADDR	.symtab	0x2c6d8	4	OBJECT	<unknown>	DEFAULT	10
Laligned	.symtab	0x12f78	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0x12f94	0	NOTYPE	<unknown>	DEFAULT	2
Q	.symtab	0x26478	16384	OBJECT	<unknown>	DEFAULT	10
UserAgents	.symtab	0x26038	144	OBJECT	<unknown>	DEFAULT	9
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x26004	0	OBJECT	<unknown>	DEFAULT	6
__CTOR_LIST__	.symtab	0x26000	0	OBJECT	<unknown>	DEFAULT	6
__C_ctype_b	.symtab	0x260dc	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x1c324	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x26434	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x1d67c	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x260e4	4	OBJECT	<unknown>	DEFAULT	9
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x1c624	768	OBJECT	<unknown>	DEFAULT	4
__DTOR_END__	.symtab	0x2600c	0	OBJECT	<unknown>	DEFAULT	7
__DTOR_LIST__	.symtab	0x26008	0	OBJECT	<unknown>	DEFAULT	7
__EH_FRAME_BEGIN__	.symtab	0x1d97c	0	OBJECT	<unknown>	DEFAULT	5
__FRAME_END__	.symtab	0x1d97c	0	OBJECT	<unknown>	DEFAULT	5
__GI___C_ctype_b	.symtab	0x260dc	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_b_data	.symtab	0x1c324	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_tolower	.symtab	0x26434	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_tolower_data	.symtab	0x1d67c	768	OBJECT	<unknown>	HIDDEN	4
__GI___C_ctype_toupper	.symtab	0x260e4	4	OBJECT	<unknown>	HIDDEN	9
__GI___C_ctype_toupper_data	.symtab	0x1c624	768	OBJECT	<unknown>	HIDDEN	4
__GI___ctype_b	.symtab	0x260e0	4	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_tolower	.symtab	0x26438	4	OBJECT	<unknown>	HIDDEN	9
__GI___ctype_toupper	.symtab	0x260e8	4	OBJECT	<unknown>	HIDDEN	9
__GI___errno_location	.symtab	0x11cbc	12	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x18ea8	304	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x13364	20	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x15378	12	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x117c0	116	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl64	.symtab	0x11834	80	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x11ab0	92	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x14d60	108	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x14e10	92	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x13378	232	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x11884	40	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x14250	328	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x1489c	12	FUNC	<unknown>	HIDDEN	2
__GI_atol	.symtab	0x1489c	12	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x173b4	60	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x118d8	44	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x13944	44	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x11904	44	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x2c6b0	4	OBJECT	<unknown>	HIDDEN	10
__GI_execl	.symtab	0x14adc	148	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x151ec	44	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x14a48	148	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x1741c	384	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x117c0	116	FUNC	<unknown>	HIDDEN	2
__GI_fcntl64	.symtab	0x11834	80	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x17cac	484	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x18ea8	304	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x17ad8	148	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x17e90	152	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x1759c	12	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x11930	44	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x12d88	52	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x175a8	12	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x175b4	304	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x12dbc	172	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x18ea8	304	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x1195c	40	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x15218	44	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x11984	44	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x15244	44	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname	.symtab	0x1358c	68	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x135d0	884	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x119b0	44	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x11a08	44	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x13970	44	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x15270	44	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x2c6b4	4	OBJECT	<unknown>	HIDDEN	10
__GI_inet_addr	.symtab	0x13568	36	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x16764	236	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x18568	608	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x181f4	528	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x147d4	200	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x11a34	80	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x1346c	32	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x11a84	44	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x18e10	100	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x164b0	252	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x12e80	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x164a0	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x165ac	24	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x165c4	236	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x12e90	156	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x1529c	44	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x11ab0	92	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x11b1c	44	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x173f0	44	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x17378	24	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x1439c	124	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x14678	144	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x17f28	184	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x11b78	44	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x139cc	44	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x139f8	52	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x152c8	88	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x11ba4	48	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x13a2c	44	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x13a58	52	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x13a8c	48	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x145b8	192	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x150b8	228	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x13ae8	48	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x13b18	24	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x13b30	184	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x11bd4	84	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x14b70	420	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x13abc	44	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x11cfc	52	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x14708	204	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x18fd8	124	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x12fb0	264	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x12f30	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x12f30	28	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x130b8	28	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x180f8	48	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x12f50	96	FUNC	<unknown>	HIDDEN	2
__GI_strncat	.symtab	0x17fe0	200	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x130d4	184	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x1318c	224	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x16724	64	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x180a8	80	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0x1326c	248	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x13460	12	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x166b0	116	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x148a8	8	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x1348c	108	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x11c28	44	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x15320	44	FUNC	<unknown>	HIDDEN	2
__GI_tolower	.symtab	0x18e74	52	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x11c88	52	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x11790	40	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x11d30	176	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x1534c	44	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x11c54	8	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x15384	80	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x153f4	188	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x153d4	32	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x11c5c	44	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x26010	0	OBJECT	<unknown>	DEFAULT	8
__JCR_LIST__	.symtab	0x26010	0	OBJECT	<unknown>	DEFAULT	8
__aeabi_idiv	.symtab	0x19358	0	FUNC	<unknown>	DEFAULT	2
__aeabi_idiv0	.symtab	0x11738	4	FUNC	<unknown>	DEFAULT	2
__aeabi_idivmod	.symtab	0x19480	24	FUNC	<unknown>	DEFAULT	2
__aeabi_ldiv0	.symtab	0x11738	4	FUNC	<unknown>	DEFAULT	2
__aeabi_uidiv	.symtab	0x11478	0	FUNC	<unknown>	DEFAULT	2
__aeabi_uidivmod	.symtab	0x11570	24	FUNC	<unknown>	DEFAULT	2
__app_fini	.symtab	0x2c6a4	4	OBJECT	<unknown>	HIDDEN	10
__atexit_lock	.symtab	0x263fc	24	OBJECT	<unknown>	DEFAULT	9
__bsd_signal	.symtab	0x13b30	184	FUNC	<unknown>	HIDDEN	2
__bss_end__	.symtab	0x2c898	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x26440	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x26440	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x14dd8	56	FUNC	<unknown>	DEFAULT	2
__ctype_b	.symtab	0x260e0	4	OBJECT	<unknown>	DEFAULT	9
__ctype_tolower	.symtab	0x26438	4	OBJECT	<unknown>	DEFAULT	9
__ctype_toupper	.symtab	0x260e8	4	OBJECT	<unknown>	DEFAULT	9
__curbrk	.symtab	0x2c6d4	4	OBJECT	<unknown>	HIDDEN	10
__data_start	.symtab	0x26014	0	NOTYPE	<unknown>	DEFAULT	9
__decode_answer	.symtab	0x189d8	220	FUNC	<unknown>	HIDDEN	2
__decode_dotted	.symtab	0x190fc	204	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x188b0	184	FUNC	<unknown>	HIDDEN	2
__default_rt_sa_restorer	.symtab	0x151bc	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x151b8	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0x11738	4	FUNC	<unknown>	DEFAULT	2
__divsi3	.symtab	0x19358	296	FUNC	<unknown>	DEFAULT	2
__dns_lookup	.symtab	0x16850	2060	FUNC	<unknown>	HIDDEN	2
__do_global_ctors_aux	.symtab	0x19498	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux	.symtab	0x80b0	0	FUNC	<unknown>	DEFAULT	2
__dso_handle	.symtab	0x26018	0	OBJECT	<unknown>	HIDDEN	9
__encode_dotted	.symtab	0x19054	168	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x187c8	232	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x18968	92	FUNC	<unknown>	HIDDEN	2
__end__	.symtab	0x2c898	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x2c69c	4	OBJECT	<unknown>	DEFAULT	10
__errno_location	.symtab	0x11cbc	12	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__error	.symtab	0x117b4	0	NOTYPE	<unknown>	DEFAULT	2
__exit_cleanup	.symtab	0x2c694	4	OBJECT	<unknown>	HIDDEN	10
__fgetc_unlocked	.symtab	0x18ea8	304	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x26000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x26000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__get_hosts_byname_r	.symtab	0x17330	72	FUNC	<unknown>	HIDDEN	2
__glibc_strerror_r	.symtab	0x13364	20	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x15378	12	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__heap_alloc	.symtab	0x14008	148	FUNC	<unknown>	DEFAULT	2
__heap_alloc_at	.symtab	0x1409c	140	FUNC	<unknown>	DEFAULT	2
__heap_free	.symtab	0x1415c	244	FUNC	<unknown>	DEFAULT	2
__heap_link_free_area	.symtab	0x14128	32	FUNC	<unknown>	DEFAULT	2
__heap_link_free_area_after	.symtab	0x14148	20	FUNC	<unknown>	DEFAULT	2
__init_array_end	.symtab	0x26000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x26000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__length_dotted	.symtab	0x191c8	76	FUNC	<unknown>	HIDDEN	2
__length_question	.symtab	0x189c4	20	FUNC	<unknown>	HIDDEN	2
__libc_close	.symtab	0x118d8	44	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x13944	44	FUNC	<unknown>	DEFAULT	2
__libc_creat	.symtab	0x11b0c	16	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x117c0	116	FUNC	<unknown>	DEFAULT	2
__libc_fcntl64	.symtab	0x11834	80	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x11930	44	FUNC	<unknown>	DEFAULT	2
__libc_getpid	.symtab	0x119b0	44	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x18e10	100	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x1529c	44	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x11ab0	92	FUNC	<unknown>	DEFAULT	2
__libc_poll	.symtab	0x173f0	44	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x11b78	44	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x139cc	44	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x139f8	52	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x11ba4	48	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x13a2c	44	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x13a58	52	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x150b8	228	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x2c698	4	OBJECT	<unknown>	DEFAULT	10
__libc_waitpid	.symtab	0x11c54	8	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x11c5c	44	FUNC	<unknown>	DEFAULT	2
__malloc_heap	.symtab	0x26228	4	OBJECT	<unknown>	DEFAULT	9
__malloc_heap_lock	.symtab	0x2c678	24	OBJECT	<unknown>	DEFAULT	10
__malloc_sbrk_lock	.symtab	0x2c854	24	OBJECT	<unknown>	DEFAULT	10
__modsi3	.symtab	0x11654	228	FUNC	<unknown>	DEFAULT	2
__muldi3	.symtab	0x1173c	80	FUNC	<unknown>	DEFAULT	2
__nameserver	.symtab	0x2c87c	12	OBJECT	<unknown>	HIDDEN	10
__nameservers	.symtab	0x2c888	4	OBJECT	<unknown>	HIDDEN	10
__open_etc_hosts	.symtab	0x18ab4	52	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x1705c	724	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x2c6a0	4	OBJECT	<unknown>	DEFAULT	10
__preinit_array_end	.symtab	0x26000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x26000	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x14dcc	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x14dcc	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x14dcc	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x14dcc	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x14dcc	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_void	.symtab	0x14dd4	4	FUNC	<unknown>	DEFAULT	2
__raise	.symtab	0x17378	24	FUNC	<unknown>	HIDDEN	2
__read_etc_hosts_r	.symtab	0x18ae8	808	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__resolv_lock	.symtab	0x2641c	24	OBJECT	<unknown>	DEFAULT	9
__rtld_fini	.symtab	0x2c6a8	4	OBJECT	<unknown>	HIDDEN	10
__searchdomain	.symtab	0x2c86c	16	OBJECT	<unknown>	HIDDEN	10
__searchdomains	.symtab	0x2c88c	4	OBJECT	<unknown>	HIDDEN	10
__sigaddset	.symtab	0x13c0c	36	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x13c30	36	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x13be8	36	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x260f8	4	OBJECT	<unknown>	DEFAULT	9
__stdio_READ	.symtab	0x19214	92	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x154b0	188	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x176e4	204	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x1556c	312	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x11e50	16	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.3929	.symtab	0x1c924	24	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x19270	44	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x17aa8	48	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x1929c	188	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x156a4	260	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x11f18	48	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x260fc	4	OBJECT	<unknown>	DEFAULT	9
__syscall_error	.symtab	0x1519c	28	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x151c0	44	FUNC	<unknown>	HIDDEN	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x14d60	108	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x14e10	92	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x14e6c	588	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x26414	4	OBJECT	<unknown>	HIDDEN	9
__udivsi3	.symtab	0x11478	248	FUNC	<unknown>	DEFAULT	2
__umodsi3	.symtab	0x11588	204	FUNC	<unknown>	DEFAULT	2
__vfork	.symtab	0x11790	40	FUNC	<unknown>	HIDDEN	2
__xpg_strerror_r	.symtab	0x13378	232	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_end__	.symtab	0x2c898	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x11f48	76	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x17390	36	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x2c890	4	OBJECT	<unknown>	DEFAULT	10
_dl_phnum	.symtab	0x2c894	4	OBJECT	<unknown>	DEFAULT	10
_edata	.symtab	0x26440	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x2c898	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x2c6b0	4	OBJECT	<unknown>	DEFAULT	10
_exit	.symtab	0x11884	40	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x194d4	4	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x2a494	8192	OBJECT	<unknown>	DEFAULT	10
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x11f94	132	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x1599c	1640	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x2c6b4	4	OBJECT	<unknown>	DEFAULT	10
_init	.symtab	0x8094	4	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x157a8	112	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_memcpy	.symtab	0x16010	0	FUNC	<unknown>	HIDDEN	2
_ppfs_init	.symtab	0x1260c	152	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x128c4	1220	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x126a4	56	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x126dc	412	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x12878	76	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x14dd4	4	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x14dd4	4	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x2c7d4	128	OBJECT	<unknown>	HIDDEN	10
_start	.symtab	0x8190	0	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x177b0	760	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x11de0	112	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x26100	4	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_add_lock	.symtab	0x26104	24	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_dec_use	.symtab	0x17b6c	320	FUNC	<unknown>	DEFAULT	2
_stdio_openlist_del_count	.symtab	0x2a490	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_del_lock	.symtab	0x2611c	24	OBJECT	<unknown>	DEFAULT	9
_stdio_openlist_use_count	.symtab	0x2a48c	4	OBJECT	<unknown>	DEFAULT	10
_stdio_streams	.symtab	0x26138	240	OBJECT	<unknown>	DEFAULT	9
_stdio_term	.symtab	0x11e60	184	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x26134	4	OBJECT	<unknown>	DEFAULT	9
_stdlib_strto_l	.symtab	0x148b0	408	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x15818	52	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x1c9f4	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x1584c	336	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x12018	1524	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x14250	328	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x118ac	44	FUNC	<unknown>	DEFAULT	2
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
acnc	.symtab	0xc490	220	FUNC	<unknown>	DEFAULT	2
add_entry	.symtab	0x10478	144	FUNC	<unknown>	DEFAULT	2
atoi	.symtab	0x1489c	12	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x1489c	12	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
axis_bp	.symtab	0x26034	4	OBJECT	<unknown>	DEFAULT	9
bcopy	.symtab	0x12e70	16	FUNC	<unknown>	DEFAULT	2
been_there_done_that	.symtab	0x2c690	4	OBJECT	<unknown>	DEFAULT	10
been_there_done_that.2789	.symtab	0x2c6ac	4	OBJECT	<unknown>	DEFAULT	10
brk	.symtab	0x173b4	60	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x13b30	184	FUNC	<unknown>	DEFAULT	2
buf.4901	.symtab	0x2c498	460	OBJECT	<unknown>	DEFAULT	10
c	.symtab	0x260d0	4	OBJECT	<unknown>	DEFAULT	9
call___do_global_ctors_aux	.symtab	0x194cc	0	FUNC	<unknown>	DEFAULT	2
call___do_global_dtors_aux	.symtab	0x8128	0	FUNC	<unknown>	DEFAULT	2
call_frame_dummy	.symtab	0x8188	0	FUNC	<unknown>	DEFAULT	2
calloc	.symtab	0x13da8	88	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x81cc	228	FUNC	<unknown>	DEFAULT	2
checksum_tcp_udp	.symtab	0x82b0	448	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0x8470	448	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0x11cc8	52	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x118d8	44	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.2555	.symtab	0x26440	1	OBJECT	<unknown>	DEFAULT	10
connect	.symtab	0x13944	44	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0xa030	640	FUNC	<unknown>	DEFAULT	2
creat	.symtab	0x11b0c	16	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0xa4a8	344	FUNC	<unknown>	DEFAULT	2
data_start	.symtab	0x26020	0	NOTYPE	<unknown>	DEFAULT	9
decodea.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x11904	44	FUNC	<unknown>	DEFAULT	2
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x2c69c	4	OBJECT	<unknown>	DEFAULT	10
errno	.symtab	0x2c6b0	4	OBJECT	<unknown>	DEFAULT	10
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execl	.symtab	0x14adc	148	FUNC	<unknown>	DEFAULT	2
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x151ec	44	FUNC	<unknown>	DEFAULT	2
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x14a48	148	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x1d598	72	OBJECT	<unknown>	DEFAULT	4
fclose	.symtab	0x1741c	384	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x117c0	116	FUNC	<unknown>	DEFAULT	2
fcntl64	.symtab	0x11834	80	FUNC	<unknown>	DEFAULT	2
fdgets	.symtab	0x9920	208	FUNC	<unknown>	DEFAULT	2
fdopen_pids	.symtab	0x2a478	4	OBJECT	<unknown>	DEFAULT	10
fdpclose	.symtab	0x979c	388	FUNC	<unknown>	DEFAULT	2
fdpopen	.symtab	0x9514	648	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0x17cac	484	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x18ea8	304	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x17ad8	148	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x17e90	152	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
findRandIP	.symtab	0xa448	96	FUNC	<unknown>	DEFAULT	2
fmt	.symtab	0x1d584	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0x1759c	12	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
force_to_data	.symtab	0x26014	0	OBJECT	<unknown>	DEFAULT	9
force_to_data	.symtab	0x2643c	0	OBJECT	<unknown>	DEFAULT	9
fork	.symtab	0x11930	44	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x12d88	52	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x8130	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x13e00	240	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x175a8	12	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x175a8	12	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x175b4	304	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x12dbc	172	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBuild	.symtab	0xea94	16	FUNC	<unknown>	DEFAULT	2
getHost	.symtab	0x9c18	100	FUNC	<unknown>	DEFAULT	2
getOurIP	.symtab	0xe7b0	740	FUNC	<unknown>	DEFAULT	2
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc_unlocked	.symtab	0x18ea8	304	FUNC	<unknown>	DEFAULT	2
getdtablesize	.symtab	0x1195c	40	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x15218	44	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x11984	44	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x15244	44	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x1358c	68	FUNC	<unknown>	DEFAULT	2
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x135d0	884	FUNC	<unknown>	DEFAULT	2
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x119b0	44	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x119dc	44	FUNC	<unknown>	DEFAULT	2
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x11a08	44	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x13970	44	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x1399c	48	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x15270	44	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h.4900	.symtab	0x2c664	20	OBJECT	<unknown>	DEFAULT	10
h_errno	.symtab	0x2c6b4	4	OBJECT	<unknown>	DEFAULT	10
hacks	.symtab	0x26024	4	OBJECT	<unknown>	DEFAULT	9
hacks2	.symtab	0x26028	4	OBJECT	<unknown>	DEFAULT	9
hacks3	.symtab	0x2602c	4	OBJECT	<unknown>	DEFAULT	9
hacks4	.symtab	0x26030	4	OBJECT	<unknown>	DEFAULT	9
heap_alloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_alloc_at.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
hextable	.symtab	0x1a1dc	1024	OBJECT	<unknown>	DEFAULT	4
htonl	.symtab	0x13530	36	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x13554	20	FUNC	<unknown>	DEFAULT	2
httphex	.symtab	0xc6b8	980	FUNC	<unknown>	DEFAULT	2
i.4419	.symtab	0x260d4	4	OBJECT	<unknown>	DEFAULT	9
index	.symtab	0x12fb0	264	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x13568	36	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x16764	236	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x18568	608	FUNC	<unknown>	DEFAULT	2
inet_ntop4	.symtab	0x18404	356	FUNC	<unknown>	DEFAULT	2
inet_pton	.symtab	0x181f4	528	FUNC	<unknown>	DEFAULT	2
inet_pton4	.symtab	0x18128	204	FUNC	<unknown>	DEFAULT	2
initConnection	.symtab	0xe58c	548	FUNC	<unknown>	DEFAULT	2
init_rand	.symtab	0x8778	212	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initial_fa	.symtab	0x2622c	260	OBJECT	<unknown>	DEFAULT	9
initstate	.symtab	0x144a4	152	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x147d4	200	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x11a34	80	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x1346c	32	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x11a84	44	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_status	.symtab	0x2646c	4	OBJECT	<unknown>	DEFAULT	10
lengthd.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lengthq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/_memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/bcopy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/memmove.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/strcmp.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/arm/strlen.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/sigrestorer.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/arm/vfork.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libgcc2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
listFork	.symtab	0xa2b0	408	FUNC	<unknown>	DEFAULT	2
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x18e10	100	FUNC	<unknown>	DEFAULT	2
macAddress	.symtab	0x26470	6	OBJECT	<unknown>	DEFAULT	10
main	.symtab	0xeaa4	2356	FUNC	<unknown>	DEFAULT	2
main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
makeIPPacket	.symtab	0xa710	276	FUNC	<unknown>	DEFAULT	2
makeRandomStr	.symtab	0x9cd4	136	FUNC	<unknown>	DEFAULT	2
makevsepacket	.symtab	0xbc30	312	FUNC	<unknown>	DEFAULT	2
malloc	.symtab	0x13c54	340	FUNC	<unknown>	DEFAULT	2
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x164b0	252	FUNC	<unknown>	DEFAULT	2
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x12e80	4	FUNC	<unknown>	DEFAULT	2
memmove	.symtab	0x164a0	4	FUNC	<unknown>	DEFAULT	2
mempcpy	.symtab	0x165ac	24	FUNC	<unknown>	DEFAULT	2
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x165c4	236	FUNC	<unknown>	DEFAULT	2
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x12e90	156	FUNC	<unknown>	DEFAULT	2
mylock	.symtab	0x26330	24	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x26348	24	OBJECT	<unknown>	DEFAULT	9
mylock	.symtab	0x2c6b8	24	OBJECT	<unknown>	DEFAULT	10
nanosleep	.symtab	0x1529c	44	FUNC	<unknown>	DEFAULT	2
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
next_start.1066	.symtab	0x2c494	4	OBJECT	<unknown>	DEFAULT	10
ngPid	.symtab	0x2c6e0	4	OBJECT	<unknown>	DEFAULT	10
ntohl	.symtab	0x134f8	36	FUNC	<unknown>	DEFAULT	2
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x1351c	20	FUNC	<unknown>	DEFAULT	2
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
numpids	.symtab	0x26464	8	OBJECT	<unknown>	DEFAULT	10
object.2636	.symtab	0x26444	24	OBJECT	<unknown>	DEFAULT	10
open	.symtab	0x11ab0	92	FUNC	<unknown>	DEFAULT	2
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
opennameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ourIP	.symtab	0x2c6dc	4	OBJECT	<unknown>	DEFAULT	10
p.2553	.symtab	0x2601c	0	OBJECT	<unknown>	DEFAULT	9
parseHex	.symtab	0x99f0	128	FUNC	<unknown>	DEFAULT	2
pids	.symtab	0x2c6e8	4	OBJECT	<unknown>	DEFAULT	10
pipe	.symtab	0x11b1c	44	FUNC	<unknown>	DEFAULT	2
pipe.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
poll	.symtab	0x173f0	44	FUNC	<unknown>	DEFAULT	2
poll.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prctl	.symtab	0x11b48	48	FUNC	<unknown>	DEFAULT	2
prctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
prefix.4141	.symtab	0x1c94c	12	OBJECT	<unknown>	DEFAULT	4
print	.symtab	0x8fd8	1008	FUNC	<unknown>	DEFAULT	2
printchar	.symtab	0x8c00	108	FUNC	<unknown>	DEFAULT	2
printi	.symtab	0x8df0	488	FUNC	<unknown>	DEFAULT	2
prints	.symtab	0x8c6c	388	FUNC	<unknown>	DEFAULT	2
processCmd	.symtab	0xca8c	6912	FUNC	<unknown>	DEFAULT	2
qual_chars.4147	.symtab	0x1c960	20	OBJECT	<unknown>	DEFAULT	4
raise	.symtab	0x17378	24	FUNC	<unknown>	DEFAULT	2
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand	.symtab	0x14398	4	FUNC	<unknown>	DEFAULT	2
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
rand__str	.symtab	0xf52c	232	FUNC	<unknown>	DEFAULT	2
rand_alpha_str	.symtab	0xf614	172	FUNC	<unknown>	DEFAULT	2
rand_alphastr	.symtab	0x8ae8	280	FUNC	<unknown>	DEFAULT	2
rand_cmwc	.symtab	0x89b0	312	FUNC	<unknown>	DEFAULT	2
rand_init	.symtab	0xf3d8	136	FUNC	<unknown>	DEFAULT	2
rand_next	.symtab	0xf460	204	FUNC	<unknown>	DEFAULT	2
random	.symtab	0x1439c	124	FUNC	<unknown>	DEFAULT	2
random.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
random_poly_info	.symtab	0x1d550	40	OBJECT	<unknown>	DEFAULT	4
random_r	.symtab	0x14678	144	FUNC	<unknown>	DEFAULT	2
random_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
randtbl	.symtab	0x2637c	128	OBJECT	<unknown>	DEFAULT	9
rawmemchr	.symtab	0x17f28	184	FUNC	<unknown>	DEFAULT	2
rawmemchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x11b78	44	FUNC	<unknown>	DEFAULT	2
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read_etc_hosts_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
realloc	.symtab	0x13ef0	280	FUNC	<unknown>	DEFAULT	2
realloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recv	.symtab	0x139cc	44	FUNC	<unknown>	DEFAULT	2
recv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
recvLine	.symtab	0x9d5c	724	FUNC	<unknown>	DEFAULT	2
recvfrom	.symtab	0x139f8	52	FUNC	<unknown>	DEFAULT	2
recvfrom.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
resolv_domain_to_hostname	.symtab	0xf6c0	264	FUNC	<unknown>	DEFAULT	2
resolv_entries_free	.symtab	0x1014c	76	FUNC	<unknown>	DEFAULT	2
resolv_lookup	.symtab	0xf8b0	2204	FUNC	<unknown>	DEFAULT	2
resolv_skip_name	.symtab	0xf7c8	232	FUNC	<unknown>	DEFAULT	2
rtcp	.symtab	0xb550	1292	FUNC	<unknown>	DEFAULT	2
sbrk	.symtab	0x152c8	88	FUNC	<unknown>	DEFAULT	2
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
scanPid	.symtab	0x2c6e4	4	OBJECT	<unknown>	DEFAULT	10
select	.symtab	0x11ba4	48	FUNC	<unknown>	DEFAULT	2
select.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x13a2c	44	FUNC	<unknown>	DEFAULT	2
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sendSTD	.symtab	0xba5c	468	FUNC	<unknown>	DEFAULT	2
sendto	.symtab	0x13a58	52	FUNC	<unknown>	DEFAULT	2
sendto.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setsockopt	.symtab	0x13a8c	48	FUNC	<unknown>	DEFAULT	2
setsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
setstate	.symtab	0x14418	140	FUNC	<unknown>	DEFAULT	2
setstate_r	.symtab	0x145b8	192	FUNC	<unknown>	DEFAULT	2
sigaction	.symtab	0x150b8	228	FUNC	<unknown>	DEFAULT	2
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaddset	.symtab	0x13ae8	48	FUNC	<unknown>	DEFAULT	2
sigaddset.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigempty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigemptyset	.symtab	0x13b18	24	FUNC	<unknown>	DEFAULT	2
signal	.symtab	0x13b30	184	FUNC	<unknown>	DEFAULT	2
signal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x11bd4	84	FUNC	<unknown>	DEFAULT	2
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sleep	.symtab	0x14b70	420	FUNC	<unknown>	DEFAULT	2
sleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x13abc	44	FUNC	<unknown>	DEFAULT	2
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket_connect	.symtab	0xc56c	332	FUNC	<unknown>	DEFAULT	2
sockprintf	.symtab	0x944c	200	FUNC	<unknown>	DEFAULT	2
spec_and_mask.4146	.symtab	0x1c974	16	OBJECT	<unknown>	DEFAULT	4
spec_base.4140	.symtab	0x1c958	7	OBJECT	<unknown>	DEFAULT	4
spec_chars.4143	.symtab	0x1c9a0	21	OBJECT	<unknown>	DEFAULT	4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 30, 2022 01:09:55.835618973 CET	38500	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:09:56.151525974 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:09:56.663491011 CET	42516	80	192.168.2.23	109.202.202.202
Nov 30, 2022 01:10:10.742953062 CET	43928	443	192.168.2.23	91.189.91.42
Nov 30, 2022 01:10:15.976265907 CET	38502	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:10:23.030189037 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:10:27.125935078 CET	42516	80	192.168.2.23	109.202.202.202
Nov 30, 2022 01:10:36.115139008 CET	38504	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:10:51.700663090 CET	43928	443	192.168.2.23	91.189.91.42
Nov 30, 2022 01:10:56.253876925 CET	38506	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:11:16.392740965 CET	38508	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:11:36.531618118 CET	38510	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:11:56.670679092 CET	38512	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:12:16.809533119 CET	38514	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:12:36.948303938 CET	38516	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:12:57.086751938 CET	38518	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:13:17.225655079 CET	38520	576	192.168.2.23	47.87.197.232

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 30, 2022 01:09:55.974899054 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:10:16.114824057 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:10:36.253580093 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:10:56.392294884 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:11:16.531349897 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:11:36.670198917 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:11:56.809078932 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:12:16.948012114 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:12:37.086628914 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:12:57.225187063 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:13:17.364171028 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable

System Behavior

Analysis Process: p0hr6mFo4a.elf PID: 6222, Parent PID: 6121

General

Start time:	01:09:54
Start date:	30/11/2022
Path:	/tmp/p0hr6mFo4a.elf
Arguments:	/tmp/p0hr6mFo4a.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: p0hr6mFo4a.elf PID: 6224, Parent PID: 6222

General

Start time:	01:09:55
Start date:	30/11/2022
Path:	/tmp/p0hr6mFo4a.elf
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: p0hr6mFo4a.elf PID: 6225, Parent PID: 6222

General

Start time:	01:09:55
Start date:	30/11/2022
Path:	/tmp/p0hr6mFo4a.elf
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: p0hr6mFo4a.elf PID: 6228, Parent PID: 6225

General

Start time:	01:09:55
Start date:	30/11/2022
Path:	/tmp/p0hr6mFo4a.elf
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net . Adversaries may also use local host files (ex: `C:\Windows\System32\Drivers\etc\hosts` or `/etc/hosts` ) in order to discover the hostname to IP address mappings of remote systems.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report p0hr6mFo4a.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

ICMP Packets

System Behavior

Analysis Process: p0hr6mFo4a.elf PID: 6222, Parent PID: 6121

General

Chronological Activities

Analysis Process: p0hr6mFo4a.elf PID: 6224, Parent PID: 6222

General

Chronological Activities

Analysis Process: p0hr6mFo4a.elf PID: 6225, Parent PID: 6222

General

Chronological Activities

Analysis Process: p0hr6mFo4a.elf PID: 6228, Parent PID: 6225

General

Linux Analysis Report
p0hr6mFo4a.elf