Professional Documents
Culture Documents
----------------------------------------
ssdeep comparison:
/home/rabbiya/Downloads/Ransomware2/AvosLocker/avoslocker1.elf matches
/root/linux_reports/ssdeep_master.txt:/root/Ransomware/AvosLocker/
avoslocker1.elf (100)
/home/rabbiya/Downloads/Ransomware2/AvosLocker/avoslocker1.elf matches
/root/linux_reports/ssdeep_master.txt:/root/Ransomware/AvosLocker/
avoslocker1.elf (100)
----------------------------------------
Strings:
Ascii strings written to
/root/linux_reports/avoslocker1.elf/strings_ascii.txt
Unicode strings written to
/root/linux_reports/avoslocker1.elf/strings_unicode.txt
----------------------------------------
Packers:
[]
----------------------------------------
Malware Capabilities and classification using YARA rules:
[peertopeer]
----------------------------------------
Virustotal:
----------------------------------------
Dependencies:
linux-vdso.so.1 (0x00007ffca2f07000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6
(0x00007f1123126000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1122d88000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f1122b70000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f112277f000)
/lib64/ld-linux-x86-64.so.2 (0x00007f11234af000)
----------------------------------------
Program Header Information:
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001c0 0x00000000000001c0 R E 0x8
INTERP 0x0000000000000200 0x0000000000400200 0x0000000000400200
0x000000000000001c 0x000000000000001c R 0x1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x00000000001555e1 0x00000000001555e1 R E 0x200000
LOAD 0x0000000000156000 0x0000000000756000 0x0000000000756000
0x0000000000033c58 0x0000000000036be0 RW 0x200000
DYNAMIC 0x0000000000187b80 0x0000000000787b80 0x0000000000787b80
0x00000000000001c0 0x00000000000001c0 RW 0x8
NOTE 0x000000000000021c 0x000000000040021c 0x000000000040021c
0x0000000000000044 0x0000000000000044 R 0x4
GNU_EH_FRAME 0x000000000010f850 0x000000000050f850 0x000000000050f850
0x00000000000098c4 0x00000000000098c4 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x8
----------------------------------------
Section Header Information:
There are 31 section headers, starting at offset 0x189da0:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000400200 00000200
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 000000000040021c 0000021c
0000000000000020 0000000000000000 A 0 0 4
[ 3] .note.gnu.build-i NOTE 000000000040023c 0000023c
0000000000000024 0000000000000000 A 0 0 4
[ 4] .gnu.hash GNU_HASH 0000000000400260 00000260
0000000000001344 0000000000000000 A 5 0 8
[ 5] .dynsym DYNSYM 00000000004015a8 000015a8
0000000000004518 0000000000000018 A 6 1 8
[ 6] .dynstr STRTAB 0000000000405ac0 00005ac0
00000000000093ff 0000000000000000 A 0 0 1
[ 7] .gnu.version VERSYM 000000000040eec0 0000eec0
00000000000005c2 0000000000000002 A 5 0 2
[ 8] .gnu.version_r VERNEED 000000000040f488 0000f488
00000000000000c0 0000000000000000 A 6 4 8
[ 9] .rela.dyn RELA 000000000040f548 0000f548
0000000000003b58 0000000000000018 A 5 0 8
[10] .rela.plt RELA 00000000004130a0 000130a0
0000000000000cd8 0000000000000018 A 5 12 8
[11] .init PROGBITS 0000000000413d78 00013d78
0000000000000018 0000000000000000 AX 0 0 4
[12] .plt PROGBITS 0000000000413d90 00013d90
00000000000008a0 0000000000000010 AX 0 0 4
[13] .text PROGBITS 0000000000414630 00014630
00000000000e0038 0000000000000000 AX 0 0 16
[14] .fini PROGBITS 00000000004f4668 000f4668
000000000000000e 0000000000000000 AX 0 0 4
[15] .rodata PROGBITS 00000000004f4680 000f4680
000000000001b1cd 0000000000000000 A 0 0 32
[16] .eh_frame_hdr PROGBITS 000000000050f850 0010f850
00000000000098c4 0000000000000000 A 0 0 4
[17] .eh_frame PROGBITS 0000000000519118 00119118
00000000000298cc 0000000000000000 A 0 0 8
[18] .gcc_except_table PROGBITS 00000000005429e4 001429e4
0000000000012bfd 0000000000000000 A 0 0 4
[19] .ctors PROGBITS 0000000000756000 00156000
00000000000000a0 0000000000000000 WA 0 0 8
[20] .dtors PROGBITS 00000000007560a0 001560a0
0000000000000010 0000000000000000 WA 0 0 8
[21] .jcr PROGBITS 00000000007560b0 001560b0
0000000000000008 0000000000000000 WA 0 0 8
[22] .data.rel.ro PROGBITS 00000000007560c0 001560c0
0000000000031ac0 0000000000000000 WA 0 0 32
[23] .dynamic DYNAMIC 0000000000787b80 00187b80
00000000000001c0 0000000000000010 WA 6 0 8
[24] .got PROGBITS 0000000000787d40 00187d40
0000000000001250 0000000000000008 WA 0 0 8
[25] .got.plt PROGBITS 0000000000788f90 00188f90
0000000000000460 0000000000000008 WA 0 0 8
[26] .data PROGBITS 0000000000789400 00189400
0000000000000840 0000000000000000 WA 0 0 32
[27] nocommon PROGBITS 0000000000789c40 00189c40
0000000000000018 0000000000000000 WA 0 0 4
[28] .bss NOBITS 0000000000789c60 00189c58
0000000000002f80 0000000000000000 WA 0 0 32
[29] .comment PROGBITS 0000000000000000 00189c58
000000000000002d 0000000000000001 MS 0 0 1
[30] .shstrtab STRTAB 0000000000000000 00189c85
0000000000000116 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
----------------------------------------
Symbol Information:
----------------------------------------
==========================[DYNAMIC ANALYSIS RESULTS]==========================
NETWORK ACTIVITIES
=======================================
DNS SUMMARY
=======================================
TCP CONVERSATIONS
=======================================