Edit tour

Linux Analysis Report
yS7c2Bzlu2.elf

Overview

General Information

Sample Name:	yS7c2Bzlu2.elf
Analysis ID:	756319
MD5:	8e6aff3da112a5408390546bda8e6e6d
SHA1:	f9cd20a46b0e506506c8a7eeddd4d5363cb2f720
SHA256:	c5771288e2b0bfa97a91236682aefbc565998f4d040b825564f1f6da2e36e9eb
Tags:	32armelfgafgyt
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Opens /proc/net/* files useful for finding connected devices and routers

Yara signature match

Sample contains strings that are user agent strings indicative of HTTP manipulation

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	756319
Start date and time:	2022-11-30 01:13:37 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	yS7c2Bzlu2.elf
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.spre.troj.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/yS7c2Bzlu2.elf
PID:	6228
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

system is lnxubuntu20

yS7c2Bzlu2.elf (PID: 6228, Parent: 6125, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/yS7c2Bzlu2.elf

yS7c2Bzlu2.elf New Fork (PID: 6231, Parent: 6228)

yS7c2Bzlu2.elf New Fork (PID: 6232, Parent: 6228)

yS7c2Bzlu2.elf New Fork (PID: 6235, Parent: 6232)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
yS7c2Bzlu2.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
yS7c2Bzlu2.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x15b48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15be8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
yS7c2Bzlu2.elf	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x1b9e:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
yS7c2Bzlu2.elf	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1aae:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00

Memory Dumps

Source	Rule	Description	Author	Strings
6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x15b48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15be8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x1b9e:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1aae:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x15b48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15be8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x1b9e:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1aae:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x15b48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15be8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15bfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15cd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x1b9e:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1aae:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
Process Memory Space: yS7c2Bzlu2.elf PID: 6228	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x575a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x576e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5782:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5796:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57aa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57d2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57e6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57fa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x580e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5822:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5836:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x584a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x585e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5872:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5886:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x589a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x58ae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x58c2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x58d6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x58ea:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: yS7c2Bzlu2.elf PID: 6231	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1b48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1be8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1bfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: yS7c2Bzlu2.elf PID: 6232	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1969:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x197d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1991:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19a5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19b9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19e1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a09:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a1d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a31:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a45:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a59:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a6d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a81:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a95:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aa9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1abd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ad1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ae5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1af9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 10 entries

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: yS7c2Bzlu2.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: yS7c2Bzlu2.elf	ReversingLabs: Detection: 73%
Source: yS7c2Bzlu2.elf	Virustotal: Detection: 69%			Perma Link

Spreading

Opens /proc/net/* files useful for finding connected devices and routers

Source: /tmp/yS7c2Bzlu2.elf (PID: 6228)

Opens: /proc/net/route

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic

TCP traffic: 192.168.2.23:38500 -> 47.87.197.232:576

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232
Source: unknown	TCP traffic detected without corresponding DNS query: 47.87.197.232

System Summary

Malicious sample detected (through community Yara rule)

Source: yS7c2Bzlu2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: yS7c2Bzlu2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: yS7c2Bzlu2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: Process Memory Space: yS7c2Bzlu2.elf PID: 6228, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: yS7c2Bzlu2.elf PID: 6231, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: yS7c2Bzlu2.elf PID: 6232, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: yS7c2Bzlu2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: yS7c2Bzlu2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: yS7c2Bzlu2.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: Process Memory Space: yS7c2Bzlu2.elf PID: 6228, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: yS7c2Bzlu2.elf PID: 6231, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: yS7c2Bzlu2.elf PID: 6232, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal76.spre.troj.linELF@0/0@0/0

Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yS7c2Bzlu2.elf	ELF static info symbol of initial sample: libc/string/arm/_memcpy.S

Source: /tmp/yS7c2Bzlu2.elf (PID: 6228)

Queries kernel information via 'uname':

Jump to behavior

Source: yS7c2Bzlu2.elf, 6228.1.00005563cae39000.00005563caf88000.rw-.sdmp, yS7c2Bzlu2.elf, 6231.1.00005563cae39000.00005563caf88000.rw-.sdmp, yS7c2Bzlu2.elf, 6232.1.00005563cae39000.00005563caf88000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: yS7c2Bzlu2.elf, 6228.1.00005563cae39000.00005563caf88000.rw-.sdmp, yS7c2Bzlu2.elf, 6231.1.00005563cae39000.00005563caf88000.rw-.sdmp, yS7c2Bzlu2.elf, 6232.1.00005563cae39000.00005563caf88000.rw-.sdmp	Binary or memory string: cU!/etc/qemu-binfmt/arm
Source: yS7c2Bzlu2.elf, 6228.1.00007fffcb23a000.00007fffcb25b000.rw-.sdmp, yS7c2Bzlu2.elf, 6231.1.00007fffcb23a000.00007fffcb25b000.rw-.sdmp, yS7c2Bzlu2.elf, 6232.1.00007fffcb23a000.00007fffcb25b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: yS7c2Bzlu2.elf, 6228.1.00007fffcb23a000.00007fffcb25b000.rw-.sdmp, yS7c2Bzlu2.elf, 6231.1.00007fffcb23a000.00007fffcb25b000.rw-.sdmp, yS7c2Bzlu2.elf, 6232.1.00007fffcb23a000.00007fffcb25b000.rw-.sdmp	Binary or memory string: !)x86_64/usr/bin/qemu-arm/tmp/yS7c2Bzlu2.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/yS7c2Bzlu2.elf

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: yS7c2Bzlu2.elf, type: SAMPLE
Source: Yara match	File source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY

Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Source: Initial sample	User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: yS7c2Bzlu2.elf, type: SAMPLE
Source: Yara match	File source: 6231.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6232.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6228.1.00007f2b1c017000.00007f2b1c030000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
yS7c2Bzlu2.elf	73%	ReversingLabs	Linux.Trojan.Gafgyt
yS7c2Bzlu2.elf	70%	Virustotal		Browse
yS7c2Bzlu2.elf	100%	Avira	LINUX/Gafgyt.opnd

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
47.87.197.232	unknown	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
47.87.197.232	p0hr6mFo4a.elf	Get hash	malicious	Browse
109.202.202.202	p0hr6mFo4a.elf	Get hash	malicious	Browse
	portainer	Get hash	malicious	Browse
	l.out.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse
	8LzAAQOA5F.elf	Get hash	malicious	Browse
	GzQ3LRVbSB.elf	Get hash	malicious	Browse
	QIsLuTv1ka.elf	Get hash	malicious	Browse
	FIieajcRYe.elf	Get hash	malicious	Browse
	o9epZmdr6x.elf	Get hash	malicious	Browse
	auD8Kknsmc.elf	Get hash	malicious	Browse
	7Cz3REBlrI.elf	Get hash	malicious	Browse
	R2YElGmM5e.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	YziyrKNTFz.elf	Get hash	malicious	Browse
	9FrHfq70Fi.elf	Get hash	malicious	Browse
	CZr4ZXLsLe	Get hash	malicious	Browse
91.189.91.43	p0hr6mFo4a.elf	Get hash	malicious	Browse
	portainer	Get hash	malicious	Browse
	l.out.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse
	8LzAAQOA5F.elf	Get hash	malicious	Browse
	GzQ3LRVbSB.elf	Get hash	malicious	Browse
	QIsLuTv1ka.elf	Get hash	malicious	Browse
	FIieajcRYe.elf	Get hash	malicious	Browse
	o9epZmdr6x.elf	Get hash	malicious	Browse
	auD8Kknsmc.elf	Get hash	malicious	Browse
	7Cz3REBlrI.elf	Get hash	malicious	Browse
	R2YElGmM5e.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse
	sora.arm7.elf	Get hash	malicious	Browse
	sora.x86.elf	Get hash	malicious	Browse
	YziyrKNTFz.elf	Get hash	malicious	Browse
	9FrHfq70Fi.elf	Get hash	malicious	Browse
	CZr4ZXLsLe	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CANONICAL-ASGB	p0hr6mFo4a.elf	Get hash	malicious	Browse	91.189.91.42
	portainer	Get hash	malicious	Browse	91.189.91.42
	l.out.elf	Get hash	malicious	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse	91.189.91.42
	8LzAAQOA5F.elf	Get hash	malicious	Browse	91.189.91.42
	GzQ3LRVbSB.elf	Get hash	malicious	Browse	91.189.91.42
	QIsLuTv1ka.elf	Get hash	malicious	Browse	91.189.91.42
	FIieajcRYe.elf	Get hash	malicious	Browse	91.189.91.42
	o9epZmdr6x.elf	Get hash	malicious	Browse	91.189.91.42
	auD8Kknsmc.elf	Get hash	malicious	Browse	91.189.91.42
	7Cz3REBlrI.elf	Get hash	malicious	Browse	91.189.91.42
	R2YElGmM5e.elf	Get hash	malicious	Browse	91.189.91.42
	sora.arm7.elf	Get hash	malicious	Browse	91.189.91.42
	sora.x86.elf	Get hash	malicious	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse	91.189.91.42
	sora.arm7.elf	Get hash	malicious	Browse	91.189.91.42
	sora.x86.elf	Get hash	malicious	Browse	91.189.91.42
	YziyrKNTFz.elf	Get hash	malicious	Browse	91.189.91.42
	9FrHfq70Fi.elf	Get hash	malicious	Browse	91.189.91.42
	CZr4ZXLsLe	Get hash	malicious	Browse	91.189.91.42
INIT7CH	p0hr6mFo4a.elf	Get hash	malicious	Browse	109.202.202.202
	portainer	Get hash	malicious	Browse	109.202.202.202
	l.out.elf	Get hash	malicious	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.4218.14490.21271.elf	Get hash	malicious	Browse	109.202.202.202
	8LzAAQOA5F.elf	Get hash	malicious	Browse	109.202.202.202
	GzQ3LRVbSB.elf	Get hash	malicious	Browse	109.202.202.202
	QIsLuTv1ka.elf	Get hash	malicious	Browse	109.202.202.202
	FIieajcRYe.elf	Get hash	malicious	Browse	109.202.202.202
	o9epZmdr6x.elf	Get hash	malicious	Browse	109.202.202.202
	auD8Kknsmc.elf	Get hash	malicious	Browse	109.202.202.202
	7Cz3REBlrI.elf	Get hash	malicious	Browse	109.202.202.202
	R2YElGmM5e.elf	Get hash	malicious	Browse	109.202.202.202
	sora.arm7.elf	Get hash	malicious	Browse	109.202.202.202
	sora.x86.elf	Get hash	malicious	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.4218.31945.1125.elf	Get hash	malicious	Browse	109.202.202.202
	sora.arm7.elf	Get hash	malicious	Browse	109.202.202.202
	sora.x86.elf	Get hash	malicious	Browse	109.202.202.202
	YziyrKNTFz.elf	Get hash	malicious	Browse	109.202.202.202
	9FrHfq70Fi.elf	Get hash	malicious	Browse	109.202.202.202
	CZr4ZXLsLe	Get hash	malicious	Browse	109.202.202.202
VODANETInternationalIP-BackboneofVodafoneDE	p0hr6mFo4a.elf	Get hash	malicious	Browse	47.87.197.232
	7HuJu44thW.elf	Get hash	malicious	Browse	188.110.182.82
	Yw0HhtLWAz.elf	Get hash	malicious	Browse	188.109.141.7
	MZbxLJqYM3.elf	Get hash	malicious	Browse	2.203.197.21
	oAUrOBvfbV.elf	Get hash	malicious	Browse	2.205.253.113
	jew.x86.elf	Get hash	malicious	Browse	88.73.217.45
	3y849k7eIG.elf	Get hash	malicious	Browse	188.97.131.92
	ewfDbhCyw3.elf	Get hash	malicious	Browse	188.107.42.3
	wIUY7HguZD.elf	Get hash	malicious	Browse	88.68.114.1
	87uWrdTuhh.elf	Get hash	malicious	Browse	94.221.53.89
	tYV5avLJzh.elf	Get hash	malicious	Browse	188.107.45.128
	kQhLxBYJGw.elf	Get hash	malicious	Browse	109.41.117.192
	zg8P6HaVf2.elf	Get hash	malicious	Browse	213.23.15.180
	Mddos.arm.elf	Get hash	malicious	Browse	47.87.28.61
	SecuriteInfo.com.Linux.Siggen.9999.7635.14049.elf	Get hash	malicious	Browse	178.5.76.73
	4Wu0n8HHNS.elf	Get hash	malicious	Browse	47.70.112.98
	hotnet.arm.elf	Get hash	malicious	Browse	188.106.42.82
	2BDwNIeogc.elf	Get hash	malicious	Browse	109.47.30.165
	GoVDsH5Zz1.elf	Get hash	malicious	Browse	2.205.253.141
	sCxUFOf8Ls.elf	Get hash	malicious	Browse	47.65.161.98

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	6.0921113129571935
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	yS7c2Bzlu2.elf
File size:	143019
MD5:	8e6aff3da112a5408390546bda8e6e6d
SHA1:	f9cd20a46b0e506506c8a7eeddd4d5363cb2f720
SHA256:	c5771288e2b0bfa97a91236682aefbc565998f4d040b825564f1f6da2e36e9eb
SHA512:	8e2d9ecc73480d0e36fd2f173490dec1fa5201ac6a1c174b64bf69b8fd48c36c87704aeb0760968dc777f6dfa13b38da3c88a3d42260c9dc7f5b71266ba80545
SSDEEP:	3072:av/WwYYEa1T53qHyCOXN+cLq8jQ7DGgkmhxQwoVSUNu:yPga1T5NN+cLq8fgkmhxQwoVSUNu
TLSH:	6FE32A30D4504B17C2D213FAA79E825E3F221F9793DB33115B38BAB41FE279A1D69924
File Content Preview:	.ELF..............(.........4...D.......4. ...(........p4...4...4...................................D...D................................k..........Q.td..................................-...L..................G.F.G.F.G.F.G.F G.F(G.F0G.F8G.F@G.FHG.FPG.FXG.

Static ELF Info

ELF header
Class:
Data:
Version:
Machine:
Version Number:
Type:
OS/ABI:
ABI Version:
Entry Point Address:
Flags:
ELF Header Size:
Program Header Offset:
Program Header Size:
Number of Program Headers:
Section Header Offset:
Section Header Size:
Number of Section Headers:
Header String Table Index:

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x80b4	0xb4	0x10	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80d0	0xd0	0x14954	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x1ca24	0x14a24	0x10	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x1ca38	0x14a38	0x44e4	0x0	0x2	A	0	0	8
.ARM.extab	PROGBITS	0x20f1c	0x18f1c	0x18	0x0	0x2	A	0	0	4
.ARM.exidx	ARM_EXIDX	0x20f34	0x18f34	0x10	0x0	0x82	AL	2	0	4
.eh_frame	PROGBITS	0x29000	0x19000	0x4	0x0	0x3	WA	0	0	4
.init_array	INIT_ARRAY	0x29004	0x19004	0x4	0x0	0x3	WA	0	0	4
.fini_array	FINI_ARRAY	0x29008	0x19008	0x4	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x2900c	0x1900c	0x4	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x29010	0x19010	0x78	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x29088	0x19088	0x31c	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x293a8	0x193a4	0x6764	0x0	0x3	WA	0	0	8
.comment	PROGBITS	0x0	0x193a4	0xce2	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x1a088	0xe0	0x0	0x0		0	0	8
.debug_info	PROGBITS	0x0	0x1a168	0x4b0	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x1a618	0x8c	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x1a6a4	0x655	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x1acfc	0x58	0x0	0x0		0	0	4
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x1ad54	0x10	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x1ad64	0xdd	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x1b204	0x5130	0x10	0x0		23	700	4
.strtab	STRTAB	0x0	0x20334	0x2b77	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x18f34	0x20f34	0x20f34	0x10	0x10	2.4056	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x18f44	0x18f44	6.1949	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x19000	0x29000	0x29000	0x3a4	0x6b0c	3.9654	0x6	RW	0x8000	.eh_frame .init_array .fini_array .jcr .got .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80d0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x1ca24	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x1ca38	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x20f1c	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x20f34	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x29000	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x29004	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x29008	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x2900c	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x29010	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x29088	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x293a8	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
$a	.symtab	0x80b4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x1ca24	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80c0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x1ca30	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x810c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8150	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8614	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8760	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8838	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8990	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8ad4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x93c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x97a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9930	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9a88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9db4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa08c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa4a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa50c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb530	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbc08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbd2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc3c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xca70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdabc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe798	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xea54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf38c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf420	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf4f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf67c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1011c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10300	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1034c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10398	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10404	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10490	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10618	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1142c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11540	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11560	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x115a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x115d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x115e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11648	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1167c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11690	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x116c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11700	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11714	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11748	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11764	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11798	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x117d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1180c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11838	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1186c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x118a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11978	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ac8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ae4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11da0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12560	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12600	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12644	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x127f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12848	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12db8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12df0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ea0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fb0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fe0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ff0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x131b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x131dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13298	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13388	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x133a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x133d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x134d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x134f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13570	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x135d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x135f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13614	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1367c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x136b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x136ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13730	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13768	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x137dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1381c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13860	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13898	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x138b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x138f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1390c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x143c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x144fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x148b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14eb8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14ed0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14f74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1502c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x150ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15190	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15274	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15304	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x153dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x154c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x154e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x154fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x156bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15774	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15820	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1596c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15f44	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ff0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16040	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16100	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16154	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x161c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16494	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x164fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1651c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16624	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1664c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16660	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16694	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x166c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x166dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16748	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1675c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16790	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x167c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16804	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16818	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1684c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16944	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16a14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16ac0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16b58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16c44	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16c60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17004	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17058	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1707c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1712c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x172e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17300	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x173b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x176bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x177fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x178cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1793c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17968	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17ac4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x182b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18394	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x185d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x187e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18910	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x189b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18e40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18f30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18fa8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18fec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1909c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1917c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x191c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19218	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1923c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19328	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19368	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19460	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19700	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19738	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19784	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19790	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x197e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19a18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19b5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19b80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19cd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19d28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19dec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19e1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19eb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ef0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a1dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a5a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a69c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ae84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1aed8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1af30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b38c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b424	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b470	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b768	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b79c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b814	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b86c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b8d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b8e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b914	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ba00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bab4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bb14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bb44	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bd48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bd7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bde8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1be94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bfd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c3f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c890	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c9d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8144	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29008	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x819c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29004	0	NOTYPE	<unknown>	DEFAULT	8
$d	.symtab	0x2908c	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x81e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29090	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x875c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8830	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x898c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8ac8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x93c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9798	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x992c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d72c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x9a84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9db0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa088	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa4a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa508	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb514	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbc00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbd28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc3bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xca44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xda68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe778	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xea40	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf35c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf410	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf4e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf678	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29144	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x102a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10348	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10394	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10400	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1048c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10610	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11ac0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29148	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x29150	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x11adc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11b14	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11c60	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11c94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11d5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2918c	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x29158	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x1fe74	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x12540	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x127f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1283c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12d88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29294	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x131b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13380	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x133c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x134c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1356c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13670	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x136b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x136e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1372c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13764	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x137d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13818	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1385c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13894	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x139bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x143ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29298	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x144e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14894	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14d34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14d88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14ea4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x292b0	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x14f58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15010	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x150d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15174	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x292c8	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x29360	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x1526c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15300	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x153d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x154b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20aa0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x156b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15754	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29374	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x1581c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15948	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15f20	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15fe8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1603c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x160ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1614c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x161b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16454	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2938c	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x16598	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16644	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16740	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16930	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16a0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16abc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20b1c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x16c30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2f5f8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x16c58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16ffc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x172c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17688	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18298	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20b50	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x18380	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1843c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x185ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x187c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18908	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18f28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19094	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19174	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19320	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19458	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1972c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1977c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19cbc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a1d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a598	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ae48	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1aed0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1af28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b344	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b40c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1bb3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1bd3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1bde0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2939c	0	NOTYPE	<unknown>	DEFAULT	12
$t	.symtab	0x80d0	0	NOTYPE	<unknown>	DEFAULT	2
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
C.1.3506	.symtab	0x20b1c	24	OBJECT	<unknown>	DEFAULT	4
C.147.6116	.symtab	0x1ee4c	40	OBJECT	<unknown>	DEFAULT	4
C.177.6397	.symtab	0x1eeb8	16	OBJECT	<unknown>	DEFAULT	4
C.178.6398	.symtab	0x1ee8c	20	OBJECT	<unknown>	DEFAULT	4
KHcommSOCK	.symtab	0x293c8	4	OBJECT	<unknown>	DEFAULT	13
KHserverHACKER	.symtab	0x29134	4	OBJECT	<unknown>	DEFAULT	12
LOCAL_ADDR	.symtab	0x2f624	4	OBJECT	<unknown>	DEFAULT	13
Laligned	.symtab	0x12f68	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0x12f84	0	NOTYPE	<unknown>	DEFAULT	2
Q	.symtab	0x293e4	16384	OBJECT	<unknown>	DEFAULT	13
UserAgents	.symtab	0x290a4	144	OBJECT	<unknown>	DEFAULT	12
_Exit	.symtab	0x11a00	44	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x29010	0	OBJECT	<unknown>	HIDDEN	11
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b	.symtab	0x29148	4	OBJECT	<unknown>	DEFAULT	12
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x1f874	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x2939c	4	OBJECT	<unknown>	DEFAULT	12
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x20c1c	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x29150	4	OBJECT	<unknown>	DEFAULT	12
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x1fb74	768	OBJECT	<unknown>	DEFAULT	4
__EH_FRAME_BEGIN__	.symtab	0x29000	0	OBJECT	<unknown>	DEFAULT	7
__FRAME_END__	.symtab	0x29000	0	OBJECT	<unknown>	DEFAULT	7
__GI___C_ctype_b	.symtab	0x29148	4	OBJECT	<unknown>	HIDDEN	12
__GI___C_ctype_tolower	.symtab	0x2939c	4	OBJECT	<unknown>	HIDDEN	12
__GI___C_ctype_toupper	.symtab	0x29150	4	OBJECT	<unknown>	HIDDEN	12
__GI___ctype_b	.symtab	0x2914c	4	OBJECT	<unknown>	HIDDEN	12
__GI___ctype_tolower	.symtab	0x293a0	4	OBJECT	<unknown>	HIDDEN	12
__GI___ctype_toupper	.symtab	0x29154	4	OBJECT	<unknown>	HIDDEN	12
__GI___errno_location	.symtab	0x11ac8	28	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0x1190c	108	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x187e4	300	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x13388	24	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x16c44	28	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x118a0	108	FUNC	<unknown>	HIDDEN	2
__GI___sigaddset	.symtab	0x139e8	36	FUNC	<unknown>	HIDDEN	2
__GI___sigdelset	.symtab	0x13a0c	36	FUNC	<unknown>	HIDDEN	2
__GI___sigismember	.symtab	0x139c4	36	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x16084	124	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x16154	108	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x133d0	256	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x11a00	44	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x14d90	296	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x154c0	32	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x19738	76	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x16660	52	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x11a64	52	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x1684c	248	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x16f88	52	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x16fbc	72	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x16c60	808	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x1367c	56	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x115a0	52	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x2f5f8	4	OBJECT	<unknown>	HIDDEN	13
__GI_execl	.symtab	0x15f44	172	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x165f0	52	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x156bc	184	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x1712c	436	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x118a0	108	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x185d8	524	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x182b8	220	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x187e4	300	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x18394	188	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x18910	160	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x172e0	32	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x11714	52	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x12db8	56	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x19b5c	36	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x19b80	336	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x19790	88	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x12df0	176	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x187e4	300	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x1180c	44	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x166c8	20	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x11700	20	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x16748	20	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname	.symtab	0x135f8	28	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2	.symtab	0x13614	104	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2_r	.symtab	0x19460	672	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x1b470	760	FUNC	<unknown>	HIDDEN	2
__GI_gethostname	.symtab	0x1b79c	120	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x16624	40	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x1167c	20	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x16694	52	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x136b4	56	FUNC	<unknown>	HIDDEN	2
__GI_gettimeofday	.symtab	0x1186c	52	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x1664c	20	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x2f5fc	4	OBJECT	<unknown>	HIDDEN	13
__GI_htonl	.symtab	0x13580	32	FUNC	<unknown>	HIDDEN	2
__GI_htons	.symtab	0x13570	16	FUNC	<unknown>	HIDDEN	2
__GI_inet_addr	.symtab	0x135d0	40	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x19368	248	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x1a320	644	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x19fc0	540	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x153dc	228	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x119ac	84	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x134d0	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x11838	52	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x1b86c	100	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x18e40	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x12fd0	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x1b8d0	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x19218	36	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x1909c	224	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x12ea0	156	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x16494	104	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x167c4	64	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x1675c	52	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x16790	52	FUNC	<unknown>	HIDDEN	2
__GI_ntohl	.symtab	0x135b0	32	FUNC	<unknown>	HIDDEN	2
__GI_ntohs	.symtab	0x135a0	16	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x115e8	96	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x16a14	172	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x11648	52	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x1b768	52	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x13898	28	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x14ed0	164	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x15274	144	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x18fec	176	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x117d8	52	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x16b58	236	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x13730	56	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x13768	60	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x166dc	108	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x11798	64	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x137a4	56	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x137dc	64	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x1381c	68	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x15190	228	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x1651c	136	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x138b4	68	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x138f8	20	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x1390c	184	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x11a2c	56	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x15774	172	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x13860	56	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x11b18	52	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x15304	216	FUNC	<unknown>	HIDDEN	2
__GI_stat	.symtab	0x1b814	88	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x1bd7c	108	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x13298	240	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x1923c	236	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x12fb0	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x12fb0	28	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x131b8	36	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x18fa8	68	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x1b8e0	52	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x12f40	96	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x131dc	188	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x130ec	204	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x19328	64	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x191c8	80	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x1917c	76	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0x12ff0	252	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x133a0	48	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x18f30	120	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x154e0	28	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x1596c	1496	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x134f4	124	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x11690	48	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x16804	20	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x11a98	48	FUNC	<unknown>	HIDDEN	2
__GI_uname	.symtab	0x1bd48	52	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x11560	64	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x11b4c	180	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x165bc	52	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x11748	28	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x17004	84	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x1707c	176	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x17058	36	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x11978	52	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x2900c	0	OBJECT	<unknown>	DEFAULT	10
__JCR_LIST__	.symtab	0x2900c	0	OBJECT	<unknown>	DEFAULT	10
__adddf3	.symtab	0x1bfe4	784	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmpeq	.symtab	0x1c940	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmple	.symtab	0x1c940	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdrcmple	.symtab	0x1c924	52	FUNC	<unknown>	HIDDEN	2
__aeabi_d2uiz	.symtab	0x1c9d0	84	FUNC	<unknown>	HIDDEN	2
__aeabi_dadd	.symtab	0x1bfe4	784	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpeq	.symtab	0x1c958	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpge	.symtab	0x1c9a0	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpgt	.symtab	0x1c9b8	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmple	.symtab	0x1c988	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmplt	.symtab	0x1c970	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ddiv	.symtab	0x1c684	524	FUNC	<unknown>	HIDDEN	2
__aeabi_dmul	.symtab	0x1c3f4	656	FUNC	<unknown>	HIDDEN	2
__aeabi_drsub	.symtab	0x1bfd8	0	FUNC	<unknown>	HIDDEN	2
__aeabi_dsub	.symtab	0x1bfe0	788	FUNC	<unknown>	HIDDEN	2
__aeabi_f2d	.symtab	0x1c340	64	FUNC	<unknown>	HIDDEN	2
__aeabi_i2d	.symtab	0x1c318	40	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x1be94	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x1bfc0	24	FUNC	<unknown>	HIDDEN	2
__aeabi_l2d	.symtab	0x1c394	96	FUNC	<unknown>	HIDDEN	2
__aeabi_ui2d	.symtab	0x1c2f4	36	FUNC	<unknown>	HIDDEN	2
__aeabi_uidiv	.symtab	0x1142c	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0x11528	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ul2d	.symtab	0x1c380	116	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr0	.symtab	0x19784	4	FUNC	<unknown>	DEFAULT	2
__aeabi_unwind_cpp_pr1	.symtab	0x19788	4	FUNC	<unknown>	DEFAULT	2
__aeabi_unwind_cpp_pr2	.symtab	0x1978c	4	FUNC	<unknown>	DEFAULT	2
__app_fini	.symtab	0x2f5f0	4	OBJECT	<unknown>	HIDDEN	13
__atexit_lock	.symtab	0x29374	24	OBJECT	<unknown>	DEFAULT	12
__bss_end__	.symtab	0x2fb0c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x293a4	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x293a4	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x16100	84	FUNC	<unknown>	DEFAULT	2
__close_nameservers	.symtab	0x1b38c	152	FUNC	<unknown>	HIDDEN	2
__cmpdf2	.symtab	0x1c8a0	132	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x2914c	4	OBJECT	<unknown>	DEFAULT	12
__ctype_tolower	.symtab	0x293a0	4	OBJECT	<unknown>	DEFAULT	12
__ctype_toupper	.symtab	0x29154	4	OBJECT	<unknown>	DEFAULT	12
__curbrk	.symtab	0x2f600	4	OBJECT	<unknown>	HIDDEN	13
__data_start	.symtab	0x29088	0	NOTYPE	<unknown>	DEFAULT	12
__decode_dotted	.symtab	0x1a5a4	248	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x1ba00	180	FUNC	<unknown>	HIDDEN	2
__default_rt_sa_restorer	.symtab	0x165b4	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x165a8	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0x11540	20	FUNC	<unknown>	HIDDEN	2
__divdf3	.symtab	0x1c684	524	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x1be94	300	FUNC	<unknown>	HIDDEN	2
__dns_lookup	.symtab	0x1a69c	2024	FUNC	<unknown>	HIDDEN	2
__do_global_dtors_aux	.symtab	0x810c	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux_fini_array_entry	.symtab	0x29008	0	OBJECT	<unknown>	DEFAULT	9
__dso_handle	.symtab	0x29088	0	OBJECT	<unknown>	HIDDEN	12
__encode_dotted	.symtab	0x1bde8	172	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x1b914	236	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x1bab4	96	FUNC	<unknown>	HIDDEN	2
__end__	.symtab	0x2fb0c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x2f5e8	4	OBJECT	<unknown>	DEFAULT	13
__eqdf2	.symtab	0x1c8a0	132	FUNC	<unknown>	HIDDEN	2
__errno_location	.symtab	0x11ac8	28	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__error	.symtab	0x1159c	0	NOTYPE	<unknown>	DEFAULT	2
__exidx_end	.symtab	0x20f44	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exidx_start	.symtab	0x20f34	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x2f5e0	4	OBJECT	<unknown>	HIDDEN	13
__extendsfdf2	.symtab	0x1c340	64	FUNC	<unknown>	HIDDEN	2
__fcntl_nocancel	.symtab	0x1190c	108	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x187e4	300	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x2900c	0	NOTYPE	<unknown>	HIDDEN	9
__fini_array_start	.symtab	0x29008	0	NOTYPE	<unknown>	HIDDEN	9
__fixunsdfsi	.symtab	0x1c9d0	84	FUNC	<unknown>	HIDDEN	2
__floatdidf	.symtab	0x1c394	96	FUNC	<unknown>	HIDDEN	2
__floatsidf	.symtab	0x1c318	40	FUNC	<unknown>	HIDDEN	2
__floatundidf	.symtab	0x1c380	116	FUNC	<unknown>	HIDDEN	2
__floatunsidf	.symtab	0x1c2f4	36	FUNC	<unknown>	HIDDEN	2
__frame_dummy_init_array_entry	.symtab	0x29004	0	OBJECT	<unknown>	DEFAULT	8
__gedf2	.symtab	0x1c890	148	FUNC	<unknown>	HIDDEN	2
__get_hosts_byname_r	.symtab	0x1b424	76	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x19a18	324	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x16624	40	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x13388	24	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__gtdf2	.symtab	0x1c890	148	FUNC	<unknown>	HIDDEN	2
__h_errno_location	.symtab	0x16c44	28	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x29008	0	NOTYPE	<unknown>	HIDDEN	8
__init_array_start	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	8
__ledf2	.symtab	0x1c898	140	FUNC	<unknown>	HIDDEN	2
__libc_close	.symtab	0x11a64	52	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x1367c	56	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x118a0	108	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x11714	52	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x1b86c	100	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x16790	52	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x115e8	96	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x117d8	52	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x13730	56	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x13768	60	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x11798	64	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x137a4	56	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x137dc	64	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x1651c	136	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x2f5e4	4	OBJECT	<unknown>	DEFAULT	13
__libc_waitpid	.symtab	0x11748	28	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x11978	52	FUNC	<unknown>	DEFAULT	2
__local_nameserver	.symtab	0x20bfc	16	OBJECT	<unknown>	HIDDEN	4
__ltdf2	.symtab	0x1c898	140	FUNC	<unknown>	HIDDEN	2
__malloc_consolidate	.symtab	0x14960	436	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x13a30	120	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x29298	24	OBJECT	<unknown>	DEFAULT	12
__malloc_state	.symtab	0x2f778	888	OBJECT	<unknown>	DEFAULT	13
__malloc_trim	.symtab	0x148b0	176	FUNC	<unknown>	DEFAULT	2
__muldf3	.symtab	0x1c3f4	656	FUNC	<unknown>	HIDDEN	2
__nameserver	.symtab	0x2fb00	4	OBJECT	<unknown>	HIDDEN	13
__nameservers	.symtab	0x2fb04	4	OBJECT	<unknown>	HIDDEN	13
__nedf2	.symtab	0x1c8a0	132	FUNC	<unknown>	HIDDEN	2
__open_etc_hosts	.symtab	0x1bb14	48	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x1af30	1116	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x2f5ec	4	OBJECT	<unknown>	DEFAULT	13
__preinit_array_end	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x29004	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__progname	.symtab	0x29390	4	OBJECT	<unknown>	DEFAULT	12
__progname_full	.symtab	0x29394	4	OBJECT	<unknown>	DEFAULT	12
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x16048	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x16040	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x16040	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x16040	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x16040	8	FUNC	<unknown>	DEFAULT	2
__read_etc_hosts_r	.symtab	0x1bb44	516	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__res_sync	.symtab	0x2faf8	4	OBJECT	<unknown>	HIDDEN	13
__resolv_attempts	.symtab	0x2939b	1	OBJECT	<unknown>	HIDDEN	12
__resolv_lock	.symtab	0x2f608	24	OBJECT	<unknown>	DEFAULT	13
__resolv_timeout	.symtab	0x2939a	1	OBJECT	<unknown>	HIDDEN	12
__rtld_fini	.symtab	0x2f5f4	4	OBJECT	<unknown>	HIDDEN	13
__searchdomain	.symtab	0x2fafc	4	OBJECT	<unknown>	HIDDEN	13
__searchdomains	.symtab	0x2fb08	4	OBJECT	<unknown>	HIDDEN	13
__sigaddset	.symtab	0x139e8	36	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x13a0c	36	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x139c4	36	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x29198	4	OBJECT	<unknown>	DEFAULT	12
__stdio_READ	.symtab	0x19cd0	88	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x17300	180	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x19d28	196	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x176bc	320	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x11c68	52	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.4636	.symtab	0x1fe74	24	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x19dec	48	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x19eb4	60	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x19e1c	152	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x177fc	208	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x11d70	48	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x2919c	4	OBJECT	<unknown>	DEFAULT	12
__subdf3	.symtab	0x1bfe0	788	FUNC	<unknown>	HIDDEN	2
__syscall_error	.symtab	0x164fc	32	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x16818	52	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x16084	124	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x16154	108	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x161c0	724	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x2938c	4	OBJECT	<unknown>	HIDDEN	12
__udivsi3	.symtab	0x1142c	252	FUNC	<unknown>	HIDDEN	2
__vfork	.symtab	0x11560	64	FUNC	<unknown>	HIDDEN	2
__xpg_strerror_r	.symtab	0x133d0	256	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x198b4	172	FUNC	<unknown>	HIDDEN	2
__xstat64_conv	.symtab	0x197e8	204	FUNC	<unknown>	HIDDEN	2
__xstat_conv	.symtab	0x19960	184	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x2f400	10	OBJECT	<unknown>	DEFAULT	13
_bss_end__	.symtab	0x2fb0c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_call_via_fp	.symtab	0x80fd	4	FUNC	<unknown>	HIDDEN	2
_call_via_ip	.symtab	0x8101	4	FUNC	<unknown>	HIDDEN	2
_call_via_lr	.symtab	0x8109	4	FUNC	<unknown>	HIDDEN	2
_call_via_r0	.symtab	0x80d1	4	FUNC	<unknown>	HIDDEN	2
_call_via_r1	.symtab	0x80d5	4	FUNC	<unknown>	HIDDEN	2
_call_via_r2	.symtab	0x80d9	4	FUNC	<unknown>	HIDDEN	2
_call_via_r3	.symtab	0x80dd	4	FUNC	<unknown>	HIDDEN	2
_call_via_r4	.symtab	0x80e1	4	FUNC	<unknown>	HIDDEN	2
_call_via_r5	.symtab	0x80e5	4	FUNC	<unknown>	HIDDEN	2
_call_via_r6	.symtab	0x80e9	4	FUNC	<unknown>	HIDDEN	2
_call_via_r7	.symtab	0x80ed	4	FUNC	<unknown>	HIDDEN	2
_call_via_r8	.symtab	0x80f1	4	FUNC	<unknown>	HIDDEN	2
_call_via_r9	.symtab	0x80f5	4	FUNC	<unknown>	HIDDEN	2
_call_via_sl	.symtab	0x80f9	4	FUNC	<unknown>	HIDDEN	2
_call_via_sp	.symtab	0x8105	4	FUNC	<unknown>	HIDDEN	2
_charpad	.symtab	0x11da0	84	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x2f720	40	OBJECT	<unknown>	HIDDEN	13
_custom_printf_handler	.symtab	0x2f748	40	OBJECT	<unknown>	HIDDEN	13
_custom_printf_spec	.symtab	0x29294	4	OBJECT	<unknown>	HIDDEN	12
_dl_aux_init	.symtab	0x19700	56	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x2faf0	4	OBJECT	<unknown>	DEFAULT	13
_dl_phnum	.symtab	0x2faf4	4	OBJECT	<unknown>	DEFAULT	13
_edata	.symtab	0x293a4	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x2fb0c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x2f5f8	4	OBJECT	<unknown>	DEFAULT	13
_exit	.symtab	0x11a00	44	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x1ca24	0	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x2d400	8192	OBJECT	<unknown>	DEFAULT	13
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x11df4	132	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x17ac4	2036	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x2f5fc	4	OBJECT	<unknown>	DEFAULT	13
_init	.symtab	0x80b4	0	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x178cc	112	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_memcpy	.symtab	0x189b0	0	FUNC	<unknown>	HIDDEN	2
_ppfs_init	.symtab	0x12560	160	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x12848	1392	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x12600	68	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x12644	432	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x127f4	84	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x16058	44	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x16050	8	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x2f770	8	OBJECT	<unknown>	HIDDEN	13
_start	.symtab	0x81b0	0	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x173b4	776	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x11c00	104	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x291a0	4	OBJECT	<unknown>	DEFAULT	12
_stdio_openlist_add_lock	.symtab	0x29158	24	OBJECT	<unknown>	DEFAULT	12
_stdio_openlist_dec_use	.symtab	0x18450	392	FUNC	<unknown>	HIDDEN	2
_stdio_openlist_del_count	.symtab	0x2d3fc	4	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_del_lock	.symtab	0x29170	24	OBJECT	<unknown>	DEFAULT	12
_stdio_openlist_use_count	.symtab	0x2d3f8	4	OBJECT	<unknown>	DEFAULT	13
_stdio_streams	.symtab	0x291a4	240	OBJECT	<unknown>	DEFAULT	12
_stdio_term	.symtab	0x11c9c	212	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x29188	4	OBJECT	<unknown>	DEFAULT	12
_stdlib_strto_l	.symtab	0x154fc	448	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x1793c	44	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x1ff44	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x17968	348	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x11e78	1768	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x14d90	296	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
access	.symtab	0x11764	52	FUNC	<unknown>	DEFAULT	2
access.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
acnc	.symtab	0xc3c0	208	FUNC	<unknown>	DEFAULT	2
add_entry	.symtab	0x10404	140	FUNC	<unknown>	DEFAULT	2
aeabi_unwind_cpp_pr1.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
atoi	.symtab	0x154c0	32	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x154c0	32	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
axis_bp	.symtab	0x290a0	4	OBJECT	<unknown>	DEFAULT	12
bcopy	.symtab	0x12fa0	16	FUNC	<unknown>	DEFAULT	2
been_there_done_that	.symtab	0x2f5dc	4	OBJECT	<unknown>	DEFAULT	13
brk	.symtab	0x19738	76	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x1390c	184	FUNC	<unknown>	DEFAULT	2
buf.5444	.symtab	0x2f410	440	OBJECT	<unknown>	DEFAULT	13
bzero	.symtab	0x12fe0	12	FUNC	<unknown>	DEFAULT	2
c	.symtab	0x2913c	4	OBJECT	<unknown>	DEFAULT	12
calloc	.symtab	0x143c8	308	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0x81ec	216	FUNC	<unknown>	DEFAULT	2
checksum_tcp_udp	.symtab	0x82c4	424	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0x846c	424	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0x11ae4	52	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
clock_getres	.symtab	0x16660	52	FUNC	<unknown>	DEFAULT	2
clock_getres.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x11a64	52	FUNC	<unknown>	DEFAULT	2
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closedir	.symtab	0x1684c	248	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
closenameservers.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.4959	.symtab	0x293a8	1	OBJECT	<unknown>	DEFAULT	13
connect	.symtab	0x1367c	56	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
connectTimeout	.symtab	0xa08c	628	FUNC	<unknown>	DEFAULT	2
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
csum	.symtab	0xa50c	340	FUNC	<unknown>	DEFAULT	2
data_start	.symtab	0x2908c	0	NOTYPE	<unknown>	DEFAULT	12
decoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
decodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dnslookup.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x115a0	52	FUNC	<unknown>	DEFAULT	2
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encoded.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeh.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
encodeq.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x2f5e8	4	OBJECT	<unknown>	DEFAULT	13
errno	.symtab	0x2f5f8	4	OBJECT	<unknown>	DEFAULT	13
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execl	.symtab	0x15f44	172	FUNC	<unknown>	DEFAULT	2
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x165f0	52	FUNC	<unknown>	DEFAULT	2
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x156bc	184	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x20b50	72	OBJECT	<unknown>	DEFAULT	4
fclose	.symtab	0x1712c	436	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x118a0	108	FUNC	<unknown>	DEFAULT	2
fd_to_DIR	.symtab	0x16944	208	FUNC	<unknown>	DEFAULT	2
fdgets	.symtab	0x9930	212	FUNC	<unknown>	DEFAULT	2
fdopen_pids	.symtab	0x2d3e4	4	OBJECT	<unknown>	DEFAULT	13
fdopendir	.symtab	0x16ac0	152	FUNC	<unknown>	DEFAULT	2
fdpclose	.symtab	0x97a8	392	FUNC	<unknown>	DEFAULT	2
fdpopen	.symtab	0x9520	648	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0x185d8	524	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x182b8	220	FUNC	<unknown>	DEFAULT	2
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x187e4	300	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x18394	188	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x18910	160	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
findRandIP	.symtab	0xa4a8	100	FUNC	<unknown>	DEFAULT	2
fmt	.symtab	0x20b38	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0x172e0	32	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x11714	52	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x12db8	56	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x8150	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x14b14	572	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x19b5c	36	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x19b5c	36	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x19b80	336	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x19790	88	FUNC	<unknown>	DEFAULT	2
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x12df0	176	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getBuild	.symtab	0xea54	24	FUNC	<unknown>	DEFAULT	2
getHost	.symtab	0x9c34	104	FUNC	<unknown>	DEFAULT	2
getOurIP	.symtab	0xe798	700	FUNC	<unknown>	DEFAULT	2
get_hosts_byname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc	.symtab	0x182b8	220	FUNC	<unknown>	DEFAULT	2
getc_unlocked	.symtab	0x187e4	300	FUNC	<unknown>	DEFAULT	2
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdtablesize	.symtab	0x1180c	44	FUNC	<unknown>	DEFAULT	2
getdtablesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getegid	.symtab	0x166c8	20	FUNC	<unknown>	DEFAULT	2
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x11700	20	FUNC	<unknown>	DEFAULT	2
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x16748	20	FUNC	<unknown>	DEFAULT	2
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname	.symtab	0x135f8	28	FUNC	<unknown>	DEFAULT	2
gethostbyname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2	.symtab	0x13614	104	FUNC	<unknown>	DEFAULT	2
gethostbyname2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname2_r	.symtab	0x19460	672	FUNC	<unknown>	DEFAULT	2
gethostbyname2_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostbyname_r	.symtab	0x1b470	760	FUNC	<unknown>	DEFAULT	2
gethostbyname_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gethostname	.symtab	0x1b79c	120	FUNC	<unknown>	DEFAULT	2
gethostname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpagesize	.symtab	0x16624	40	FUNC	<unknown>	DEFAULT	2
getpagesize.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x1167c	20	FUNC	<unknown>	DEFAULT	2
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getppid	.symtab	0x115d4	20	FUNC	<unknown>	DEFAULT	2
getppid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getrlimit	.symtab	0x16694	52	FUNC	<unknown>	DEFAULT	2
getrlimit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockname	.symtab	0x136b4	56	FUNC	<unknown>	DEFAULT	2
getsockname.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getsockopt	.symtab	0x136ec	68	FUNC	<unknown>	DEFAULT	2
getsockopt.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
gettimeofday	.symtab	0x1186c	52	FUNC	<unknown>	DEFAULT	2
gettimeofday.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x1664c	20	FUNC	<unknown>	DEFAULT	2
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x2f5fc	4	OBJECT	<unknown>	DEFAULT	13
hacks	.symtab	0x29090	4	OBJECT	<unknown>	DEFAULT	12
hacks2	.symtab	0x29094	4	OBJECT	<unknown>	DEFAULT	12
hacks3	.symtab	0x29098	4	OBJECT	<unknown>	DEFAULT	12
hacks4	.symtab	0x2909c	4	OBJECT	<unknown>	DEFAULT	12
hextable	.symtab	0x1d72c	1024	OBJECT	<unknown>	DEFAULT	4
hoste.5443	.symtab	0x2f5c8	20	OBJECT	<unknown>	DEFAULT	13
htonl	.symtab	0x13580	32	FUNC	<unknown>	DEFAULT	2
htons	.symtab	0x13570	16	FUNC	<unknown>	DEFAULT	2
httphex	.symtab	0xc5bc	1204	FUNC	<unknown>	DEFAULT	2
i.4902	.symtab	0x29140	4	OBJECT	<unknown>	DEFAULT	12
index	.symtab	0x13298	240	FUNC	<unknown>	DEFAULT	2
inet_addr	.symtab	0x135d0	40	FUNC	<unknown>	DEFAULT	2
inet_aton	.symtab	0x19368	248	FUNC	<unknown>	DEFAULT	2
inet_aton.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_makeaddr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
inet_ntop	.symtab	0x1a320	644	FUNC	<unknown>	DEFAULT	2
inet_ntop4	.symtab	0x1a1dc	324	FUNC	<unknown>	DEFAULT	2
inet_pton	.symtab	0x19fc0	540	FUNC	<unknown>	DEFAULT	2
inet_pton4	.symtab	0x19ef0	208	FUNC	<unknown>	DEFAULT	2
initConnection	.symtab	0xe570	552	FUNC	<unknown>	DEFAULT	2
init_rand	.symtab	0x8760	216	FUNC	<unknown>	DEFAULT	2
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initstate	.symtab	0x1502c	192	FUNC	<unknown>	DEFAULT	2
initstate_r	.symtab	0x153dc	228	FUNC	<unknown>	DEFAULT	2
ioctl	.symtab	0x119ac	84	FUNC	<unknown>	DEFAULT	2
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
isatty	.symtab	0x134d0	36	FUNC	<unknown>	DEFAULT	2
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x11838	52	FUNC	<unknown>	DEFAULT	2
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
killer_status	.symtab	0x293d8	4	OBJECT	<unknown>	DEFAULT	13
last_id.5501	.symtab	0x29398	2	OBJECT	<unknown>	DEFAULT	12
last_ns_num.5500	.symtab	0x2f604	4	OBJECT	<unknown>	DEFAULT	13
libc/string/arm/_memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 30, 2022 01:14:25.071687937 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:14:25.839641094 CET	42516	80	192.168.2.23	109.202.202.202
Nov 30, 2022 01:14:26.938858986 CET	38500	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:14:40.942831039 CET	43928	443	192.168.2.23	91.189.91.42
Nov 30, 2022 01:14:47.077795982 CET	38502	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:14:51.182378054 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:14:55.278234005 CET	42516	80	192.168.2.23	109.202.202.202
Nov 30, 2022 01:15:07.216300964 CET	38504	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:15:21.900590897 CET	43928	443	192.168.2.23	91.189.91.42
Nov 30, 2022 01:15:27.355099916 CET	38506	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:15:42.379657030 CET	42836	443	192.168.2.23	91.189.91.43
Nov 30, 2022 01:15:47.494249105 CET	38508	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:16:07.633409023 CET	38510	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:16:27.772301912 CET	38512	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:16:47.911386967 CET	38514	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:17:08.050347090 CET	38516	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:17:28.188754082 CET	38518	576	192.168.2.23	47.87.197.232
Nov 30, 2022 01:17:48.328001022 CET	38520	576	192.168.2.23	47.87.197.232

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 30, 2022 01:14:27.077004910 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:14:47.216134071 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:15:07.354727030 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:15:27.493565083 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:15:47.632972956 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:16:07.772110939 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:16:27.910872936 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:16:48.049890995 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:17:08.188369036 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:17:28.327342033 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable
Nov 30, 2022 01:17:48.466614962 CET	47.87.197.232	192.168.2.23	b523	(Unknown)	Destination Unreachable

System Behavior

Analysis Process: yS7c2Bzlu2.elf PID: 6228, Parent PID: 6125

General

Start time:	01:14:25
Start date:	30/11/2022
Path:	/tmp/yS7c2Bzlu2.elf
Arguments:	/tmp/yS7c2Bzlu2.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yS7c2Bzlu2.elf PID: 6231, Parent PID: 6228

General

Start time:	01:14:26
Start date:	30/11/2022
Path:	/tmp/yS7c2Bzlu2.elf
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yS7c2Bzlu2.elf PID: 6232, Parent PID: 6228

General

Start time:	01:14:26
Start date:	30/11/2022
Path:	/tmp/yS7c2Bzlu2.elf
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yS7c2Bzlu2.elf PID: 6235, Parent PID: 6232

General

Start time:	01:14:26
Start date:	30/11/2022
Path:	/tmp/yS7c2Bzlu2.elf
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net . Adversaries may also use local host files (ex: `C:\Windows\System32\Drivers\etc\hosts` or `/etc/hosts` ) in order to discover the hostname to IP address mappings of remote systems.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report yS7c2Bzlu2.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

ICMP Packets

System Behavior

Analysis Process: yS7c2Bzlu2.elf PID: 6228, Parent PID: 6125

General

Chronological Activities

Analysis Process: yS7c2Bzlu2.elf PID: 6231, Parent PID: 6228

General

Chronological Activities

Analysis Process: yS7c2Bzlu2.elf PID: 6232, Parent PID: 6228

General

Chronological Activities

Analysis Process: yS7c2Bzlu2.elf PID: 6235, Parent PID: 6232

General

Linux Analysis Report
yS7c2Bzlu2.elf