Sample details: e981a74cbfab6df9b99d360337f07b3f --

Hashes
MD5: e981a74cbfab6df9b99d360337f07b3f
SHA1: 5e0e9d36747089a6b2eb7f3c45f826d36c224491
SHA256: bd869a4353e4fc2a40aa03a7f57544eb4a954c9fd38815d3df547e3de6b89075
SSDEEP: 3072:yXMuyN8ZRtiaGUhsvAgXlNraAzS4vdJgV49a+RhO:SMuyN8Dti/UhsvAgX//zSaRhO
Details
File Type: ELF
Added: 2019-09-10 03:27:09
Yara Hits
YRP/domain | YRP/contentis_base64 |
Strings
		/lib64/ld-linux-x86-64.so.2
libaudit.so.1
_ITM_deregisterTMCloneTable
__gmon_start__
_ITM_registerTMCloneTable
audit_open
audit_log_user_message
libselinux.so.1
context_str
get_default_type
is_selinux_enabled
security_getenforce
context_type_set
setkeycreatecon
security_compute_relabel
context_role_set
fgetfilecon
freecon
setexeccon
fsetfilecon
context_free
security_check_context
context_new
string_to_security_class
getprevcon
libutil.so.1
openpty
libsudo_util.so.0
sudo_conf_plugins_v1
sudo_setgroups_v1
sudo_term_eof
sudo_debug_exit_int_v1
sudo_dso_findsym_v1
sudo_conf_debug_files_v1
sudo_debug_update_fd_v1
sudo_strtomode_v1
initprogname
sudo_ev_alloc_v1
sudo_strlcpy
sudo_dso_unload_v1
sudo_warn_set_conversation_v1
sudo_conf_probe_interfaces_v1
sudo_term_cbreak_v1
sudo_conf_askpass_path_v1
sudo_term_kill
sudo_warn_nodebug_v1
sudo_debug_fork_v1
sudo_pw_dup
sudo_debug_get_fds_v1
sudo_debug_get_active_instance_v1
sudo_debug_exit_bool_v1
sudo_fatal_callback_register_v1
sudo_term_copy_v1
sudo_ev_base_free_v1
sudo_ev_base_setdef_v1
sudo_ev_dispatch_v1
sudo_ev_loop_v1
sudo_conf_disable_coredump_v1
sudo_fatal_nodebug_v1
sudo_strsplit_v1
sudo_ev_del_v1
sudo_term_erase
sudo_conf_noexec_path_v1
sudo_conf_plugin_dir_path_v1
sudo_ev_loopcontinue_v1
sudo_dso_strerror_v1
sudo_lbuf_append_v1
sudo_memset_s
sudo_parse_gids_v1
sudo_debug_set_active_instance_v1
sudo_ev_loopbreak_v1
sudo_ev_loopexit_v1
sudo_debug_exit_ptr_v1
sudo_conf_sesh_path_v1
sudo_get_ttysize_v1
sudo_conf_max_groups_v1
sudo_closefrom
sudo_lbuf_destroy_v1
sudo_ev_add_v2
sudo_getprogname
sudo_debug_execve2_v1
sudo_debug_enter_v1
sudo_debug_exit_v1
sudo_term_raw_v1
sudo_ev_base_alloc_v1
sudo_warn_gettext_v1
sudo_term_restore_v1
sudo_debug_exit_str_masked_v1
sudo_conf_group_source_v1
sudo_ttyname_dev_v1
sudo_debug_printf2_v1
sudo_warnx_nodebug_v1
sudo_getgrouplist2_v1
sudo_strtonum
sudo_gettime_real_v1
sudo_fatalx_nodebug_v1
sudo_conf_read_v1
sudo_sig2str
sudo_strtobool_v1
sudo_strtoid_v1
sudo_debug_register_v1
sudo_gethostname_v1
sudo_new_key_val_v1
sudo_ev_free_v1
sudo_ev_got_break_v1
sudo_debug_exit_str_v1
sudo_term_noecho_v1
sudo_lbuf_init_v1
sudo_dso_load_v1
sudo_lbuf_print_v1
libpthread.so.0
nanosleep
waitpid
__errno_location
sigaction
libdl.so.2
libc.so.6
setuid
chroot
fflush
__printf_chk
setlocale
strncmp
optind
strrchr
dcgettext
getpwuid
inet_ntop
strncpy
sigprocmask
sigfillset
__stack_chk_fail
unlink
socketpair
memchr
getpid
strdup
setutxent
strtol
isatty
getppid
calloc
futimens
strlen
sigemptyset
utimensat
memcmp
unsetenv
fexecve
sigaddset
getgrnam
putenv
stdout
getsid
strtok_r
memcpy
tcsetpgrp
malloc
killpg
setegid
setpgid
__strncpy_chk
getgid
__ctype_b_loc
getenv
setresuid
optarg
stderr
__snprintf_chk
seteuid
pututxline
getgroups
getuid
getegid
setrlimit
getopt_long
getpgid
freeifaddrs
getifaddrs
__fxstat
getcwd
gettimeofday
geteuid
endutxent
strchr
__vfprintf_chk
mkstemps
getutxline
__cxa_finalize
setsid
openat
__xstat
getrlimit
bindtextdomain
access
setgid
faccessat
strcmp
strerror
__asprintf_chk
tcgetpgrp
__libc_start_main
setpriority
sysconf
reallocarray
__environ
GLIBC_2.2.5
GLIBC_2.9
GLIBC_2.3
GLIBC_2.14
GLIBC_2.8
GLIBC_2.4
GLIBC_2.26
GLIBC_2.6
GLIBC_2.3.4
GLIBC_2.11
/usr/lib/sudo
[]A\A]A^A_
[]A\A]A^A_
AVAUATI
[]A\A]A^A_
<+=t I
[]A\A]
[]A\A]
[]A\A]A^
[]A\A]A^
[]A\A]A^
AUATUSH
[]A\A]
[]A\A]
 []A\A]A^
AVAUATUH
\$8dH3
H[]A\A]A^A_
]A\A]A^
D$(dH3
8[]A\A]
D$8dH3
[]A\A]A^A_
AVAUATUSH
[]A\A]A^A_
D$(dH3
8[]A\A]
[]A\A]A^
[]A\A]A^
[]A\A]A^
[]A\A]A^
[]A\A]A^
[]A\A]A^
D$(dH3
AVAUATI
[]A\A]A^A_
D$(dH3
8[]A\A]
C,9C(~
C,9C(~
C,9C(~
;h8tZH
AWAVAUATA
[]A\A]A^A_
D+K,AT
AWAVAUATA
[]A\A]A^A_
[]A\A]
D$XdH3
h[]A\A]
[]A\A]A^
AVAUATI
[]A\A]A^A_
[]A\A]A^
AUATUSH
[]A\A]
AUATUSH
[]A\A]
AUATUSH
[]A\A]A^A_
AUATUSH
[]A\A]A^A_
[]A\A]A^A_
AUATUSH
D$hdH3
p[]A\A]A^
AWAVAUATU
[]A\A]A^A_
AVAUATA
[]A\A]A^A_
[]A\A]A^
AUATUSH
]A\A]A^A_
[]A\A]
[]A\A]
AUATUSH
H#D$(H=
[]A\A]A^
AVAUATUH
[]A\A]A^A_
[]A\A]A^A_
AUATUSH
[]A\A]A^A_
A]A^E1
AVAUATA
]A\A]A^A_
[]A\A]
AVAUATU
[]A\A]A^A_
AWAVAUATU
D$`H9C
[]A\A]A^A_
AVAUATUH
[]A\A]A^A_
AVAUATA
[]A\A]A^A_
[]A\A]
L$(dH3
8[]A\A]A^A_
AUATUSH
[]A\A]A^A_
AWAVAUATUSH
dH3<%(
[]A\A]A^A_
[]A\A]
[]A\A]A^
[]A\A]A^
[]A\A]A^A_
[]A\A]A^A_
unable to allocate memory
sudo_conversation
/dev/tty
putenv
unsetenv
../../src/exec.c
unable to change root to %s
getrlimit
setrlimit
unable to exec %s: %s
kill(%d, SIGTSTP)
killpg %d SIGHUP
killpg %d SIGTERM
killpg %d SIGKILL
kill %d SIGHUP
kill %d SIGTERM
kill %d SIGKILL
unable to set process priority
unable to change to runas uid (%u, %u)
unable to change directory to %s
unable to set handler for signal %d
terminate_command
sudo_execute
sudo_terminated
restore_nproc
unlimit_nproc
exec_setup
exec_cmnd
../../src/exec_common.c
LD_PRELOAD=
LD_PRELOAD
%s=%s%s%s
/bin/sh
sudo_execve
preload_dso
disable_execute
 from parent
../../src/exec_monitor.c
CONT_FG
CONT_BG
received SIG%s%s
error reading from socketpair
%s: failed to read error pipe
EOF on error pipe
errno from child: %s
waitpid
%s: command (%d) resumed
%s: command (%d) exited: %d
foreground
setsid
unable to set controlling tty
unable to create pipe
unable to fork
%s: got controlling tty
executing %s in the %s
unable to execute %s
unable to add event to queue
unable to restore tty label
%s: unable to set foreground pgrp to %d (command)
%s: unable to set foreground pgrp to %d (monitor)
window size change %dx%d -> %dx%d
unexpected reply type on backchannel: %d
sending status message to parent: [%d, %d]
%s: unable to send status to parent
%s: command (%d) stopped, SIG%s
%s: command (%d) killed, SIG%s
%s: unexpected wait status %d for command (%d)
%s: not overwriting command status %d,%d with %d,%d
unable to receive message from parent
%s: waiting for controlling tty
Command still running after event loop exit, terminating
send_status
mon_errpipe_cb
handle_winch
mon_backchannel_cb
deliver_signal
mon_handle_sigchld
mon_signal_cb
fill_exec_closure_monitor
exec_cmnd_pty
exec_monitor
../../src/exec_nopty.c
kill(%d, SIGCONT)
kill(%d, SIG%s)
executed %s, pid %d
error pipe fd %d
error in event loop
event loop exited prematurely
unable to restore handler for signal %d
%s: evbase %p, command: %d, signo %s(%d), cstat %p
policy plugin failed session initialization
free_exec_closure_nopty
errpipe_cb
handle_sigchld_nopty
signal_cb_nopty
fill_exec_closure_nopty
exec_nopty
../../src/exec_pty.c
scheduled SIG%s for command
%s: not closing fd %d (%s)
%s: closing fd %d
error writing fd %d: %s
wrote %zd bytes to fd %d
error reading fd %d: %s
read %zd bytes from fd %d
read EOF from fd %d
kill parent SIG%s
killpg(%d, SIG%s)
%s: monitor exited, status %d
command exited or was killed
errno from monitor: %s
unable to allocate pty
unable to create sockets
stdin not a tty, not logging
stdout not a tty, not logging
stderr not a tty, not logging
backchannel fd %d
%s: deleting and freeing stderr wevent %p
%s: deleting and freeing stdout wevent %p
%s: deleting and freeing devtty wevent %p
added I/O revent %p, fd %d, events %d
added I/O wevent %p, fd %d, events %d
sending SIG%s to monitor over backchannel
sending window size change to monitor over backchannelL %d x %d
sending cstat type %d, value %d to monitor over backchannel
broken pipe writing to monitor over backchannel
deleted I/O revent %p, fd %d, events %d
deleted I/O wevent %p, fd %d, events %d
%s: flushing remaining I/O buffers (nonblocking)
%s: flushing remaining write buffers (blocking)
unflushed data: wevent %p, fd %d, events %d
%s: deleting and freeing revent %p with fd %d
%s: deleting and freeing wevent %p with fd %d
unable to write %d bytes to fd %d
parent is in %s, ttymode %d -> %d
%s: evbase %p, monitor: %d, signo %s(%d), cstat %p
monitor stopped, suspending sudo
%s: monitor (%d) killed, SIG%s
%s: failed to read command status: %s
EOF on backchannel, monitor dead?
command stopped, suspending parent
%s: failed to read command status: short read
%s: no %s, not allocating a pty
%s: %s fd %d, pty master fd %d, pty slave fd %d
stdin not a tty, creating a pipe
stdout not a tty, creating a pipe
stderr not a tty, creating a pipe
%s: unable to copy terminal settings to pty
unable to send message to monitor process
free_exec_closure_pty
pty_finish
add_io_events
backchannel_cb
log_winchange
sync_ttysize
check_foreground
log_suspend
del_io_events
suspend_sudo
handle_sigchld_pty
signal_cb_pty
fwdchannel_cb
fill_exec_closure_pty
read_callback
ev_free_by_fd
safe_close
send_command_status
schedule_signal
write_callback
io_buf_new
pty_setup
log_ttyin
log_ttyout
log_stdin
log_stdout
log_stderr
exec_pty
pty_cleanup
../../src/get_pty.c
get_pty
../../src/hooks.c
deregister_hook_internal
deregister_hook
register_hook_internal
register_hook
../../src/net_ifs.c
%s%s/%s
internal error, %s overflow
get_net_ifs
unknown error
../../src/load_plugins.c
/etc/sudo.conf
%s%s: %s
%s must be owned by uid %d
unable to load %s: %s
sudoers_policy
sudoers.so
sudoers_io
error in %s, line %d while loading plugin "%s"
%s must be only be writable by owner
unable to find symbol "%s" in %s
unknown policy type %d found in %s
incompatible plugin major version %d (expected %d) found in %s
ignoring policy plugin "%s" in %s, line %d
only a single policy plugin may be specified
ignoring duplicate policy plugin "%s" in %s, line %d
ignoring duplicate I/O plugin "%s" in %s, line %d
policy plugin %s does not include a check_policy method
sudo_stat_plugin
sudo_check_plugin
sudo_load_plugin
sudo_load_plugins
../../src/parse_args.c
 -h | -K | -k | -V
sudoedit
usage: %s%s
Options:
run command in the background
display help message and exit
invalidate timestamp file
askpass
auth-type
close-from
login-class
preserve-env
set-home
remove-timestamp
reset-timestamp
non-interactive
preserve-groups
prompt
command-timeout
other-user
version
validate
bsdauth_type
login_class
preserve_environment
runas_group
set_home
run_shell
login_shell
ignore_ticket
selinux_role
selinux_type
runas_user
progname
implied_shell
preserve_groups
noninteractive
closefrom
network_addrs
max_groups
plugin_dir
remote_host
 -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...
 -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
 -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
 [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>]
Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified
the argument to -C must be a number greater than or equal to 3
invalid environment variable name: %s
you may not specify both the `-i' and `-s' options
you may not specify both the `-i' and `-E' options
you may not specify environment variables in edit mode
the `-U' option may only be used with the `-l' option
the `-A' and `-S' options may not be used together
%s - edit files as another user
%s - execute a command as another user
use a helper program for password prompting
  -A, --askpass                 %s
  -b, --background              %s
close all file descriptors >= num
  -C, --close-from=num          %s
preserve user environment when running command
  -E, --preserve-env            %s
preserve specific environment variables
      --preserve-env=list       %s
edit files instead of running a command
  -e, --edit                    %s
run command as the specified group name or ID
  -g, --group=group             %s
set HOME variable to target user's home dir
  -H, --set-home                %s
  -h, --help                    %s
run command on host (if supported by plugin)
  -h, --host=host               %s
run login shell as the target user; a command may also be specified
  -i, --login                   %s
remove timestamp file completely
  -K, --remove-timestamp        %s
  -k, --reset-timestamp         %s
list user's privileges or check a specific command; use twice for longer format
  -l, --list                    %s
non-interactive mode, no prompts are used
  -n, --non-interactive         %s
preserve group vector instead of setting to target's
  -P, --preserve-groups         %s
use the specified password prompt
  -p, --prompt=prompt           %s
create SELinux security context with specified role
  -r, --role=role               %s
read password from standard input
  -S, --stdin                   %s
run shell as the target user; a command may also be specified
  -s, --shell                   %s
create SELinux security context with specified type
  -t, --type=type               %s
terminate command after the specified time limit
  -T, --command-timeout=timeout %s
in list mode, display privileges for user
  -U, --other-user=user         %s
run command (or edit file) as specified user name or ID
  -u, --user=user               %s
display version information and exit
  -V, --version                 %s
update user's timestamp without running a command
  -v, --validate                %s
stop processing command line arguments
  --                            %s
env_insert
usage_excl
env_set
parse_env_list
parse_args
+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:SsT:t:U:u:Vv
../../src/preserve_fds.c
fd %d already preserved
preserving fd %d
closefrom(%d)
dup %d
dup %d -> %d
dup2(%d, %d): %s
dup2(%d, %d)
fcntl(%d, F_SETFD, %d): %s
fcntl(%d, F_SETFD, %d)
unable to parse fd string %s
range error parsing fd string %s
parse_preserved_fds
closefrom_except
add_preserved_fd
../../src/signal.c
SIG_IGN
SIG_DFL
unable to save handler for signal %d
restoring handler for signal %d: %s
will restore signal %d on exec
sudo_sigaction
init_signals
restore_signals
save_signals
../../src/sudo.c
%.*s/%s
plugin_path
settings: %s=%s
debug_flags=%s %s
localhost
passwd
ppid=%d
tcpgid=%d
sid=%d
euid=%u
egid=%u
unable to determine tty
lines=%d
cols=%d
umask=0%o
unable to open %s
/dev/null
/usr/share/locale
sudo_mode %d
Sudo version %s
1.8.27
Configure options: %s
policy plugin returns %d
command info from plugin:
    %d: %s
chroot=
command=
closefrom=
exec_background=
invalid boolean value for %s
execfd=
login_class=
noexec=
preserve_groups=
preserve_fds=
runas_egid=
runas_euid=
runas_gid=
runas_groups=
runas_uid=
selinux_role=
selinux_type=
set_utmp=
sudoedit=
sudoedit_checkdir=
sudoedit_follow=
timeout=
umask=
use_pty=
utmp_user=
setuid(%d)
unexpected sudo mode 0x%x
%s must be owned by uid %d and have the setuid bit set
effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?
effective uid is not %d, is sudo installed setuid root?
you do not exist in the %s database
%s: %s: unable to get %d groups via getgroups()
%s: %s: got %d groups via getgroups()
%s: %s: unable to get groups via sudo_getgrouplist2()
%s: %s: got %d groups via sudo_getgrouplist2()
unable to set supplementary group IDs
unable to set effective gid to runas gid %u
unable to set gid to runas gid %u
calling policy close with errno %d
calling I/O close with errno %d
calling policy close with wait status %d
calling I/O close with wait status %d
unexpected child termination condition: %d
--build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --libexecdir=${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode --disable-dependency-tracking -v --with-all-insults --with-pam --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-exampledir=/usr/share/doc/sudo/examples --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p:  --disable-root-mailer --with-sendmail=/usr/sbin/sendmail --with-rundir=/run/sudo --libexecdir=/usr/lib/sudo --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux --with-linux-audit --enable-tmpfiles.d=yes
fatal error, unable to load plugins
unable to initialize policy plugin
policy plugin %s does not support the -v option
policy plugin %s does not support the -k/-K options
policy plugin %s does not support listing privileges
policy plugin %s is missing the `check_policy' method
plugin did not return a command to execute
error initializing I/O plugin %s
policy_init_session
iolog_close
policy_close
run_command
set_user_groups
disable_coredump
command_info_to_details
iolog_open
free_plugin_container
iolog_unlink
policy_check
policy_list
policy_invalidate
policy_validate
iolog_show_version
policy_show_version
format_plugin_settings
policy_open
fill_group_list
get_user_groups
get_user_info
sudo_check_suid
fix_fds
../../src/sudo_edit.c
set uid:gid to %u:%u(%u)
seteuid(ROOT_UID)
setegid(%d)
setgroups
seteuid(%u)
%s/%.*sXXXXXXXX%s
%s/%s.XXXXXXXX
%s -> %s, fd %d
%s: not a regular file
%s left unmodified
%s unchanged
unable to write to %s
%s: short write
unable to read temporary file
mkstemps
/var/tmp/
/usr/tmp/
setuid(%u)
/usr/lib/sudo/sesh
sesh: unknown error %d
unable to read the clock
contents of edit session left in %s
%s: editing symbolic links is not permitted
%s: editing files in a writable directory is not permitted
no writable temporary directory found
unable to change uid to root (%u)
plugin error: missing file list for sudoedit
sesh: internal error: odd number of paths
sesh: unable to create temporary files
unable to chown(%s) to %d:%d for editing
unable to chown(%s) back to %d:%d
unable to copy temporary files back to their original location
unable to copy some of the temporary files back to their original location
sudo_edit_copy_tfiles
selinux_edit_copy_tfiles
sudo_edit_openat_nofollow
sudo_edit_open_nonwritable
sudo_edit_open
sudo_edit_create_tfiles
sudo_edit_mktemp
selinux_edit_create_tfiles
switch_user
dir_is_writable
set_tmpdir
sudo_edit
../../src/tgetpass.c
timed out reading password
no password was provided
unable to read password
SUDO_ASKPASS
DISPLAY
unable to set gid to %u
unable to set uid to %u
unable to run %s
callback major version mismatch, expected %u, got %u
no tty present and no askpass program specified
no askpass program specified, try setting SUDO_ASKPASS
suspend
tgetpass_display_error
sudo_askpass
tty_present
tgetpass
../../src/ttyname.c
%s: tty device %s: %s
unable to resolve tty via %s
get_process_ttyname
/proc/self/stat
../../src/utmp.c
utmp_logout
utmp_settime
utmp_setid
utmp_fill
utmp_login
../../src/selinux.c
unable to open audit system
unable to send audit message
unable to fgetfilecon %s
%s changed labels
failed to set new role %s
failed to set new type %s
%s is not a valid context
failed to get old_context
chr_file
unable to set new tty context
-sesh-noexec
--execfd=%d
newrole: old-context=%s new-context=%s
unable to restore context for %s
you must specify a role for type %s
unable to get default type for role %s
unable to determine enforcing mode.
unable to open %s, not relabeling tty
%s is not a character device, not relabeling tty
unable to get current tty context, not relabeling tty
unknown security class "chr_file", not relabeling tty
unable to get new tty context, not relabeling tty
unable to set tty context to %s
internal error: sesh path not set
unable to set exec context to %s
unable to set key creation context to %s
selinux_execve
audit_role_change
relabel_tty
selinux_setup
get_exec_context
selinux_restore_tty
a523fa8eca3d4163938e9c342d8d96eb205fd0.debug
.shstrtab
.interp
.note.gnu.build-id
.note.ABI-tag
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.plt.got
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.dynamic
.gnu_debuglink