Analysis Result
Target
File
shellcode_final.bin
File Type Analysis
/tmp/55ad8b4c9d5d41b96f203dcbc84b477ecf47c63e09276bd8404b1b5f06b2f488: data
TrID File Identification
TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello
Definitions found: 21363
Analyzing...
Collecting data from file: /tmp/55ad8b4c9d5d41b96f203dcbc84b477ecf47c63e09276bd8404b1b5f06b2f488
Unknown!
Magika File Identification
/tmp/55ad8b4c9d5d41b96f203dcbc84b477ecf47c63e09276bd8404b1b5f06b2f488: Unknown binary data (unknown)
Detect-It-Easy (DIE)
Binary
Format: plain text[LF]
Extracted Strings
USVH
NtTraceEL9
ventD9H
NtProtecL9
tVirtualL9H
USVH
_^[]
oKito~xW"
oMrionzwW"S
CJl|)n
B6Zu
Bq+6
/` *
|ce.
7Eqw/:
_># L`#
kT46
C1:;
!3(M<"
<+RE
@j$V
ly%Cllo
s4HG
V<>e
tJEu
_oOb
3" K
'Nwn
awH2
D%D
|(v6B
HNoy
-8q.
uFywu
Onc*
|`;.
VJ?6
tPat
h;x^
z@:3
d3v<9
h\V~
}s2:
z,3^
pVP
nEP!D
.wWJ6G
sGCZm
O@}q
"BPo
5eY~
J}D2
d{7Z%
i}F]
si:6U
v 4V
F&IRk
rN(tr
)*@t
6tJ%
]tf@9
Bd[R
VW*A
L}ua
t+[)O
9/VW
856h
Pa"N
d7@
eegP
K*@V
t~}m
lfxu
`<m.
!"SK
2{kG
OZTbV,
N/1E
b@b?
m)$VT
+O_[U
m5=84
~V7b
e:@|<
oXAFa
L=lZoV
$Er"
27A6
}Z:o
KYBy9
5Vv@Hj'_K
$EA]
j#be
w&%aS
Vo0;
!u5co
~4bY
Bd.$YB
gV9~~
p.bc2
DE?oX?
{<56
! \q
r|'T
L03y
q=DU$
-gFw
FOO@
6j='
o}5-NOc
g/X<C,
[fFw
8 |*
Sa*!F
' vS%
3:x2
|qd'
A%{U
{7lJ
J7u'
Uf+L
!Rlyj
f:m<1L
x-5%
vANS
~XV|pk
Y!bi
?lx1
NAE|
w`#{
#:Rb
x5<v
8fi
ov>,N
h.MR
Qv6B
&?El
/\0\
2?.3
K7z3!
.zN|
's$e
G !
pwO%
*Jp;j
N6-E
)y)
S# yY1_
l`I@
"a{H4
y$^/
wnrI(
C#B\
P\o
?RWCfMG
MH L
j|xN
B5,;U
QK$H
s"wb9
JD_K
z!g}
<XEC=1
I#m6
IIn1i
p&Y$k
Bt'sE
FSrv`
'Em
RD?z
?zK(
p>PX
x?EJ
Dc{W
sigz
)6c`%
aP;]
[N[5|
opuZ
k"ISnf
6AhiX
.M}<
UJ2u
4!@9
VpG:
P,>)7
F^/v
)K\>
=13m
(5(
4||>
o|_{!
@?'>
bTO#^4{
xA#5
qLd.0
No~uc
kb(Go
?F_]
,grR
G:V4A
Bw%r~
|@r_
v'NXs
%$tp
Ti$`j\
(z6,}
F(_*k
0K3a8>s
ebbByl
%c3a
`wMg(
#5!q
"v}WR[
;2x
MpD|Z
D.Vj
E03y&
KVa.O
1Dm}n
{[|&
IFBG
&ucEb`^d"
-0%5`n
GW,7
<Q]j
!E}uY
4l,G
<RC`#
~<`:
XyP(r
zm .Y(
& 0 ^
8TG5
,.N/C
g3}6j#
pcO
.!:p^d
qY=Z
p;ek1y
A)13@<
?(2T
BLOHdC|
DtG)
,1Dg
n=,)
Om~h
A%LC:'
BRgO
bi'K$
'wDe
Y-Nb
3kef
"}[7^
G{$K\GO
8*,ox
P?kp
po$e
h-&A
ay1'
DfLKa
"rXw
t m*
9N`|KdE
|EqZ\
=EUA
u>d^
Im6>
ETABt
ka{Hg
W]Hk
>Dh_)
qcu;
XjsH
&M?<
PE` ',*
"1m_N
Q&?
I*0oj
oMCG
VUaDu
}lb4
<8Eg`
~k^_
vK*20`
#p{[
k L$
D bc:
\ 3F
sn&h
'g}1-
nU 7
4[Se
?KvFQ
9}]f
p&!lHE
p;fM^
D,<
\:qA
v+R.4
[c]te
ZSQ~
.d2o
}pzE
mk~4J
N.pz
)k"
8p[x
S^+#I
#EM"
\4hl
WKk:*
9nC}
b}hM
/oRe
kvDAw
e7Ij
pe%x
y:}&
Bas+C/n
L?<l
Ygu[
_/l*
rX*%
$`Mi%
6EeB
7kvc
vrVP
wGAt+
y/rI
Dspi
Qg"V|
ta|4
G<RIl
z[s3
.=-d
]N/L_0X!Y
?}MA
s DA
FX{p+p9
<)%!
#(uW
{F(2Q
u};0'
"l|{s
1KT
YCL2
BL#s`l
.Evd
tgeW
2Yx-
t(J+
7bq>;M
Vc=7
_2YF's
34@v
?6KMrz|
ZA'dS
oV Gw
{qd'`P
<F`z
"4zQ
bp~G
J*l.
rj_}P
1+lz
4"|Ox5
QCH
ko`1
7q>&
5.=d
w'd|JJ
I,\<
L.u&x
!HY2i
fTr3~o
7r0Y
v{G3
J$uC
pOA6
F?=K
(]&}
+Wrf(
O7*y
J"R0>Q
]jvb4k
w^X"
PB,
&bn~
oyQ99P
>B@7
t-/h
6lhvn
*y4I*
fgO
.XbT
fP?&w
M}:CU
2v#V3&<*
50W.
$Iy5
^ynZa
k.Hyi.
Ux{}!
m-j/>m
KUPR
Qh^d
lfyx
qE8+
=;A}
DD/y
F?jH
p^B'Bo
&[4oJ%
h3/F
@bNN
{sD!
L91`
}lfg
Lnf$
y=
WnAW sJUKf
/EpV
q:S"
CUE.
e]s[j&
.l"Fc
g'0T
X1B`
5aK4
F(ZE
<i"=%y
\hXD
x]@{
Je29
v?xJ
QD6e
F"9e
'fS>L
UU_=#
Qxd%,?
j=ycwU
T\{Jc'_
e4Um
x?M(
;U)K%
*?, _F
WD9P
yT7`z
"^Y[`
5Hvi
0Hvzp
L("JF
YQ^6U
X;3D
Qg/Z
due@
)?f[X1
9H ;l
~J^`
^"#w
te_P\
:WWxT
nY>'
qYY0
5`W{\;A
cIj-
C)nc
M1):
7w4`
3GR#
A+{i
9:V,
A=VZ
N=Y
C 8"U
j</N6
/J}z
caTr
N:8Z
u'i\3+
.}`*
$lSS
)Ih!";
>S4D>&
onCZ
:/z[
-f\PCW
*|fA5
^' r
Gv6=
^8IQ
5yDJ
"CC9
2\[s
KAgW
1BMS5
,1d-
d`PX
V&s
s&3!{FF8;
B)Kt
~-W3a
1;r&
21}
dlO:*
35Af
94Ib*
}x)_
&EF#
M\QA E
*ji*
[;T7+
j|?IP
woN9
qHJ,
40n{
iA`R
mlM$znmp@
ODz^sUD
Bq*j
{KLK
9s.6yi
<|4,m3_c
"LS-
o\5]
\n-|
#^Ab
@.vG
<me9-
'29{
mO<)
6T-jp
V^/*
eF@|
Y%.i
3@H e
nste
$0{N}
.ysC
pdD%'
\;4l
/'Y`
8j[Bb
q&Z'
x!1H
:u:4
cwTWfR
$fsE
,.\^4
+lQl
G;Z x
l/?d
\?hW`
(8\&
yzvI
h="%
B^][
gvHu
$[d>{
':M:S
_i2`
|qZvh
j5iDQ
pX]h
An;6
xw);u
<z>:
hw3H6=i'("
;tsHF
K!\@V
^@sW
|+'
xhB,kKH
2(.%Q
:qG2/
Didier Stevens Strings
USVH
USVH
_^[]
B6Zu
Bq+6
/` *
|ce.
kT46
C1:;
<+RE
@j$V
s4HG
V<>e
tJEu
_oOb
3" K
'Nwn
awH2
D%D
HNoy
-8q.
Onc*
|`;.
VJ?6
tPat
h;x^
z@:3
h\V~
}s2:
z,3^
pVP
O@}q
"BPo
5eY~
i}F]
v 4V
)*@t
6tJ%
Bd[R
VW*A
L}ua
9/VW
Pa"N
d7@
eegP
K*@V
t~}m
`<m.
!"SK
2{kG
N/1E
b@b?
~V7b
$Er"
27A6
}Z:o
$EA]
j#be
Vo0;
~4bY
{<56
! \q
r|'T
L03y
-gFw
FOO@
6j='
[fFw
8 |*
3:x2
|qd'
A%{U
J7u'
Uf+L
x-5%
vANS
Y!bi
?lx1
NAE|
w`#{
#:Rb
x5<v
8fi
h.MR
Qv6B
&?El
/\0\
2?.3
.zN|
's$e
G !
pwO%
N6-E
)y)
l`I@
y$^/
C#B\
P\o
MH L
j|xN
QK$H
JD_K
z!g}
I#m6
'Em
RD?z
?zK(
p>PX
x?EJ
Dc{W
sigz
aP;]
opuZ
.M}<
UJ2u
4!@9
F^/v
)K\>
=13m
(5(
4||>
@?'>
xA#5
?F_]
,grR
|@r_
%$tp
%c3a
#5!q
;2x
D.Vj
{[|&
IFBG
GW,7
<Q]j
4l,G
~<`:
8TG5
pcO
qY=Z
?(2T
DtG)
,1Dg
n=,)
Om~h
BRgO
'wDe
Y-Nb
3kef
P?kp
po$e
h-&A
ay1'
"rXw
=EUA
u>d^
Im6>
W]Hk
qcu;
XjsH
&M?<
Q&?
oMCG
}lb4
~k^_
#p{[
k L$
\ 3F
sn&h
nU 7
4[Se
9}]f
D,<
\:qA
ZSQ~
.d2o
}pzE
N.pz
)k"
8p[x
#EM"
\4hl
9nC}
b}hM
/oRe
e7Ij
pe%x
y:}&
L?<l
Ygu[
_/l*
rX*%
6EeB
7kvc
vrVP
y/rI
Dspi
ta|4
z[s3
.=-d
?}MA
<)%!
#(uW
1KT
YCL2
.Evd
tgeW
2Yx-
t(J+
Vc=7
34@v
<F`z
"4zQ
bp~G
J*l.
1+lz
QCH
ko`1
7q>&
5.=d
I,\<
7r0Y
v{G3
J$uC
pOA6
F?=K
(]&}
O7*y
w^X"
PB,
&bn~
>B@7
t-/h
fgO
.XbT
50W.
$Iy5
KUPR
Qh^d
lfyx
qE8+
=;A}
DD/y
F?jH
h3/F
@bNN
{sD!
L91`
}lfg
/EpV
q:S"
CUE.
g'0T
X1B`
5aK4
F(ZE
\hXD
x]@{
Je29
v?xJ
QD6e
F"9e
e4Um
x?M(
WD9P
5Hvi
X;3D
Qg/Z
due@
~J^`
^"#w
nY>'
qYY0
cIj-
C)nc
M1):
7w4`
3GR#
A+{i
9:V,
A=VZ
N=Y
/J}z
caTr
N:8Z
.}`*
$lSS
onCZ
:/z[
^' r
Gv6=
^8IQ
5yDJ
"CC9
2\[s
KAgW
,1d-
d`PX
V&s
B)Kt
1;r&
21}
35Af
}x)_
&EF#
*ji*
woN9
qHJ,
40n{
iA`R
Bq*j
{KLK
"LS-
o\5]
\n-|
#^Ab
@.vG
'29{
mO<)
V^/*
eF@|
Y%.i
nste
.ysC
\;4l
/'Y`
q&Z'
x!1H
:u:4
$fsE
+lQl
l/?d
(8\&
yzvI
h="%
B^][
gvHu
_i2`
pX]h
An;6
<z>:
^@sW
|+'
|(v6B
uFywu
d3v<9
nEP!D
sGCZm
J}D2
d{7Z%
si:6U
rN(tr
]tf@9
t+[)O
856h
lfxu
m)$VT
+O_[U
m5=84
e:@|<
oXAFa
KYBy9
w&%aS
!u5co
gV9~~
p.bc2
q=DU$
Sa*!F
' vS%
{7lJ
!Rlyj
ov>,N
K7z3!
*Jp;j
"a{H4
wnrI(
B5,;U
s"wb9
IIn1i
p&Y$k
Bt'sE
FSrv`
)6c`%
[N[5|
6AhiX
VpG:
P,>)7
o|_{!
qLd.0
No~uc
kb(Go
G:V4A
Bw%r~
v'NXs
(z6,}
F(_*k
`wMg(
MpD|Z
E03y&
1Dm}n
!E}uY
<RC`#
XyP(r
& 0 ^
,.N/C
bi'K$
"}[7^
8*,ox
DfLKa
t m*
|EqZ\
ETABt
ka{Hg
>Dh_)
"1m_N
I*0oj
VUaDu
<8Eg`
D bc:
'g}1-
?KvFQ
p;fM^
v+R.4
[c]te
mk~4J
S^+#I
WKk:*
kvDAw
$`Mi%
wGAt+
Qg"V|
G<RIl
s DA
{F(2Q
u};0'
"l|{s
ZA'dS
oV Gw
rj_}P
L.u&x
!HY2i
+Wrf(
6lhvn
*y4I*
fP?&w
M}:CU
^ynZa
Ux{}!
Lnf$
y=
.l"Fc
'fS>L
UU_=#
;U)K%
yT7`z
"^Y[`
L("JF
YQ^6U
9H ;l
te_P\
:WWxT
C 8"U
j</N6
*|fA5
1BMS5
~-W3a
dlO:*
94Ib*
[;T7+
j|?IP
<me9-
6T-jp
3@H e
$0{N}
pdD%'
8j[Bb
,.\^4
G;Z x
\?hW`
$[d>{
':M:S
|qZvh
j5iDQ
xw);u
;tsHF
K!\@V
2(.%Q
:qG2/
CJl|)n
!3(M<"
.wWJ6G
F&IRk
OZTbV,
L=lZoV
Bd.$YB
DE?oX?
g/X<C,
f:m<1L
~XV|pk
<XEC=1
k"ISnf
Ti$`j\
ebbByl
"v}WR[
KVa.O
-0%5`n
zm .Y(
g3}6j#
.!:p^d
A)13@<
A%LC:'
vK*20`
p&!lHE
BL#s`l
7bq>;M
_2YF's
{qd'`P
4"|Ox5
w'd|JJ
fTr3~o
J"R0>Q
]jvb4k
oyQ99P
k.Hyi.
m-j/>m
p^B'Bo
&[4oJ%
e]s[j&
<i"=%y
Qxd%,?
j=ycwU
*?, _F
0Hvzp
)?f[X1
u'i\3+
)Ih!";
>S4D>&
-f\PCW
M\QA E
9s.6yi
cwTWfR
ventD9H
7Eqw/:
_># L`#
ly%Cllo
o}5-NOc
S# yY1_
?RWCfMG
bTO#^4{
0K3a8>s
p;ek1y
BLOHdC|
G{$K\GO
9N`|KdE
PE` ',*
FX{p+p9
?6KMrz|
T\{Jc'_
5`W{\;A
ODz^sUD
xhB,kKH
Bas+C/n
2v#V3&<*
<|4,m3_c
oKito~xW"
5Vv@Hj'_K
&ucEb`^d"
]N/L_0X!Y
s&3!{FF8;
mlM$znmp@
NtTraceEL9
NtProtecL9
WnAW sJUKf
hw3H6=i'("
tVirtualL9H
oMrionzwW"S
Authenticode Signature (osslsigncode)
Tool was not selected for this analysis.
PE Check (pecheck)
--- STDERR ---
Traceback (most recent call last):
File "/usr/local/bin/pecheck", line 1351, in <module>
Main()
~~~~^^
File "/usr/local/bin/pecheck", line 1348, in Main
SingleFile(args[0], signatures, options)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/bin/pecheck", line 1203, in SingleFile
SingleFileInfo(filename, data, signatures, options)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/bin/pecheck", line 549, in SingleFileInfo
pe = pefile.PE(data=data)
File "/usr/local/lib/python3.14/dist-packages/pefile.py", line 2941, in __init__
self.__parse__(name, data, fast_load)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.14/dist-packages/pefile.py", line 3082, in __parse__
raise PEFormatError("DOS Header magic not found.")
pefile.PEFormatError: 'DOS Header magic not found.'
Exit Code: 1
Read PE (readpe)
--- STDERR --- Error: crun: executable file `readpe` not found in $PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found Exit Code: 127
objdump DLL Imports
--- STDERR --- objdump: /tmp/55ad8b4c9d5d41b96f203dcbc84b477ecf47c63e09276bd8404b1b5f06b2f488: file format not recognized Exit Code: 1
Radare2 Imports (rabin2)
nth vaddr bind type lib name ----------------------------
Radare2 Exports (rabin2)
nth paddr vaddr bind type size lib name demangled -------------------------------------------------
YARA rules matching
No YARA rules matched the file.
PDFiD Analysis
Tool was not selected for this analysis.
PDF Parser Analysis
Tool was not selected for this analysis.
FLARE Capa
Tool was not selected for this analysis.
FLARE FLOSS Obfuscated Strings
Tool was not selected for this analysis.