ID: Sample Name: Q3dY56x3hp Cookbook: defaultlinuxfilecookbook.jbs Time: 04:08:56 Date: 21/08/2018 Version:

Size: px

Start display at page:

Download "ID: Sample Name: Q3dY56x3hp Cookbook: defaultlinuxfilecookbook.jbs Time: 04:08:56 Date: 21/08/2018 Version:"

Lorena Blankenship
5 years ago
Views:

1 ID: Sample : Q3dY56x3hp Cookbook: defaultlinuxfilecookbook.jbs Time: 04:08:56 Date: 21/08/2018 Version:

2 Table of Contents Table of Contents Analysis Report Overview General Information Detection Classification Signature Overview AV Detection: Bitcoin Miner: Networking: System Summary: Persistence and Installation Behavior: Hooking and other Techniques for Hiding and Protection: Malware Analysis System Evasion: Runtime Messages Behavior Graph Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Antivirus Detection Initial Sample Dropped Files Domains URLs Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info General Static ELF Info ELF header Sections Program Segments s Network Behavior System Behavior Analysis Process: Q3dY56x3hp PID: Parent PID: General File Activities File Deleted File Read File Written Directory Created Permission Modified Analysis Process: Q3dY56x3hp PID: Parent PID: General File Activities File Read Analysis Process: Q3dY56x3hp PID: Parent PID: General Analysis Process: touch PID: Parent PID: General File Activities File Read Copyright Joe Security LLC 2018 Page 2 of 49

3 Analysis Process: Q3dY56x3hp PID: Parent PID: General File Activities File Read Copyright Joe Security LLC 2018 Page 3 of 49

Analysis Report Overview General Information Joe Sandbox Version: 23.0.0 Analysis ID: 73304 Start date: 21.08.

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start date: Start time: 04:08:56 Joe Sandbox Product: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: CloudBasic 0h 3m 25s false light Q3dY56x3hp defaultlinuxfilecookbook.jbs Analysis system description: Ubuntu Linux x64 (Kernel , Firefox 59.0, Document Viewer , LibreOffice , OpenJDK 1.8.0_171) Detection: Classification: MAL Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Classification Copyright Joe Security LLC 2018 Page 4 of 49

Ransomware Miner Spreading malicious malicious

suspicious clean clean clean Exploiter Banker Spyware

Miner Bitcoin Networking Summary System and

for Hiding and Protection Hooking Malware Analysis

5 Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Signature Overview Detection AV Miner Bitcoin Networking Summary System and Installation Behavior Persistence and other Techniques for Hiding and Protection Hooking Malware Analysis System Evasion Click to jump to signature section Copyright Joe Security LLC 2018 Page 5 of 49

6 AV Detection: Multi AV Scanner detection for submitted file Bitcoin Miner: Reads CPU information from the proc file system indicative for miner or evasive malware Networking: Urls found in memory or binary data System Summary: Sample contains strings that are potentially command strings Sample contains symbols with suspicious names Classification label Persistence and Installation Behavior: Sample tries to persist itself using System V runlevels Executes the "touch" command used to create files or modify time stamps Reads system information from the proc file system Sample tries to set the executable flag Writes ELF files to disk Hooking and other Techniques for Hiding and Protection: Sample deletes itself Malware Analysis System Evasion: Reads CPU information from the proc file system indicative for miner or evasive malware Runtime Messages Command: /tmp/q3dy56x3hp Exit Code: 0 Exit Code Info: Killed: False Standard Output: Standard Error: Behavior Graph Copyright Joe Security LLC 2018 Page 6 of 49

ID: 73304 Sample: Behavior Graph Q3dY56x3hp Startdate: 21/08/2018 Architecture: Score: 56 LINUX Multi AV Scanner detection for submitted file started Hide Legend Legend: Process Signature Created

7 ID: Sample: Behavior Graph Q3dY56x3hp Startdate: 21/08/2018 Architecture: Score: 56 LINUX Multi AV Scanner detection for submitted file started Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped Number of created Files Is malicious Q3dY56x3hp dropped dropped /var/lib/man/database-update, ELF /etc/rc.local, ASCII started started Sample deletes itself Sample tries to persist itself using System V runlevels Q3dY56x3hp Q3dY56x3hp started Q3dY56x3hp touch Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Antivirus Detection Initial Sample Source Detection Scanner Label Link Q3dY56x3hp 55% virustotal Browse Q3dY56x3hp 45% metadefender Browse Dropped Files Source Detection Scanner Label Link /var/lib/man/database-update 55% virustotal Browse /var/lib/man/database-update 45% metadefender Browse Copyright Joe Security LLC 2018 Page 7 of 49

8 Domains No Antivirus matches URLs No Antivirus matches Startup system is lnxubuntu1 Q3dY56x3hp (PID: 14716, Parent: 14667, MD5: 982dd916fe4111f01233f8c ) Q3dY56x3hp New Fork (PID: 14729, Parent: 14716) Q3dY56x3hp New Fork (PID: 14730, Parent: 14729) touch (PID: 14730, Parent: 14729, MD5: 1f168f69957c0fffbdd62556ad215f3c) Q3dY56x3hp New Fork (PID: 14732, Parent: 14716) cleanup Created / dropped Files /etc/rc.local Process: File Type: Size (bytes): 97 /tmp/q3dy56x3hp ASCII text Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false B02EA96DC4008BED49920C3CC087DDA9 C1F72CADCEA9050ED02C8D246F641FCF825049B F5E25F5D2C79109D3BE3E28C67323BE64D27D6D8FB1DAF6C871539DE1C CCAE8C10158DE8F32BB2C3E28C83956DD22635FDBAF24259F70AEB4A8D97616DE21D9800C82D90CDC 5A4D947BE1C6B0BEE68ED00F4F0E3FF2E9E93C true low /var/lib/man/database-update Process: File Type: Size (bytes): /tmp/q3dy56x3hp Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Antivirus: Reputation: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, for GNU/Linux , BuildID[sha1]=8 4905c0a4f eb eb2e0d0, not stripped false 982DD916FE4111F01233F8C D083FB3E8BFEC8DCE0E91C1F193A7DC2CD01F837 2B227C6BC E683E FC179A4EFD9EB486F6AD65B2FA4E0552B55E 647F EB2C6ACFBFD3756C38626A6954ED98185D0294B1EADA6E88E191A1AA790365F46BD778B113065CB 76718FE85E9D7742AC90D3BEC39F49DABC24C true low Antivirus: virustotal, Detection: 55%, Browse Antivirus: metadefender, Detection: 45%, Browse Contacted Domains/Contacted IPs Contacted Domains No contacted domains info Contacted IPs Copyright Joe Security LLC 2018 Page 8 of 49

9 No contacted IP infos Static File Info General File type: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, for GNU/Linux , BuildID[sha1]=84905c0a4f eb eb2e0d0, not stripped Entropy (8bit): TrID: File name: ELF Executable and Linkable format (Linux) (4029/14) 42.26% ELF Executable and Linkable format (generic) (4004/1) 42.00% Java Script embedded in Visual Basic Script (1500/0) 15.73% Q3dY56x3hp File size: MD5: SHA1: SHA256: SHA512: 982dd916fe4111f01233f8c d083fb3e8bfec8dce0e91c1f193a7dc2cd01f837 2b227c6bc e683e fc179a4efd9eb486f6a d65b2fa4e0552b55e 647f eb2c6acfbfd3756c38626a6954ed98185d0 294b1eada6e88e191a1aa790365f46bd778b113065cb76 718fe85e9d7742ac90d3bec39f49dabc24c File Content Preview:.ELF (.+.( l...D...D D...Q.td...GNU Static ELF Info ELF header Class: ELF32 Data: 2's complement, little endian Version: 1 (current) Machine: Intel Version Number: 0x1 Type: EXEC (Executable file) OS/ABI: UNIX - Linux ABI Version: 0 Entry Point Address: 0x80481c0 Flags: 0x0 ELF Header Size: 52 Program Header Offset: 52 Program Header Size: 32 Number of Program Headers: 5 Section Header Offset: Section Header Size: 40 Number of Section Headers: 43 Header String Table Index: 40 Sections Type Address Offset Size EntSize Flags Flags Description Link Info Align NULL 0x0 0x0 0x0 0x0 0x note.ABI-tag NOTE 0x80480d4 0xd4 0x20 0x0 0x2 A note.gnu.build-id NOTE 0x80480f4 0xf4 0x24 0x0 0x2 A rel.plt REL 0x x118 0x28 0x8 0x2 A init PROGBITS 0x x140 0x30 0x0 0x6 AX plt PROGBITS 0x x170 0x50 0x0 0x6 AX text PROGBITS 0x80481c0 0x1c0 0x81c3c 0x0 0x6 AX libc_freeres_fn PROGBITS 0x80c9e00 0x81e00 0x19e8 0x0 0x6 AX libc_thread_freeres_fn PROGBITS 0x80cb7f0 0x837f0 0x1ca 0x0 0x6 AX fini PROGBITS 0x80cb9bc 0x839bc 0x1c 0x0 0x6 AX rodata PROGBITS 0x80cb9e0 0x839e0 0x16b97 0x0 0x2 A Copyright Joe Security LLC 2018 Page 9 of 49

10 Type Address Offset Size EntSize Flags Flags Description Link Info Align libc_atexit PROGBITS 0x80e2578 0x9a578 0x4 0x0 0x2 A libc_subfreeres PROGBITS 0x80e257c 0x9a57c 0x4c 0x0 0x2 A libc_thread_subfreeres PROGBITS 0x80e25c8 0x9a5c8 0x8 0x0 0x2 A stapsdt.base PROGBITS 0x80e25d0 0x9a5d0 0x1 0x0 0x2 A eh_frame PROGBITS 0x80e25d4 0x9a5d4 0xed68 0x0 0x2 A gcc_except_table PROGBITS 0x80f133c 0xa933c 0x140 0x0 0x2 A tdata PROGBITS 0x80f2000 0xaa000 0x14 0x0 0x403 WAT tbss NOBITS 0x80f2014 0xaa014 0x30 0x0 0x403 WAT ctors PROGBITS 0x80f2014 0xaa014 0xc 0x0 0x3 WA dtors PROGBITS 0x80f2020 0xaa020 0xc 0x0 0x3 WA jcr PROGBITS 0x80f202c 0xaa02c 0x4 0x0 0x3 WA data.rel.ro PROGBITS 0x80f2030 0xaa030 0x30 0x0 0x3 WA got PROGBITS 0x80f2060 0xaa060 0xc 0x4 0x3 WA got.plt PROGBITS 0x80f206c 0xaa06c 0x20 0x4 0x3 WA data PROGBITS 0x80f20a0 0xaa0a0 0x760 0x0 0x3 WA bss NOBITS 0x80f2800 0xaa800 0x1064a0 0x0 0x3 WA libc_freeres_ptrs NOBITS 0x81f8ca0 0xaa800 0x20 0x0 0x3 WA note.stapsdt NOTE 0x0 0xaa800 0x23c 0x0 0x comment PROGBITS 0x0 0xaaa3c 0x2d 0x1 0x30 MS debug_aranges PROGBITS 0x0 0xaaa69 0xc0 0x0 0x debug_pubnames PROGBITS 0x0 0xaab29 0x51e 0x0 0x debug_info PROGBITS 0x0 0xab047 0x35f7 0x0 0x debug_abbrev PROGBITS 0x0 0xae63e 0xa6d 0x0 0x debug_line PROGBITS 0x0 0xaf0ab 0xd15 0x0 0x debug_frame PROGBITS 0x0 0xafdc0 0x7e4 0x0 0x debug_str PROGBITS 0x0 0xb05a4 0xeee 0x1 0x30 MS debug_loc PROGBITS 0x0 0xb1492 0x16cc 0x0 0x debug_pubtypes PROGBITS 0x0 0xb2b5e 0x4e5 0x0 0x debug_ranges PROGBITS 0x0 0xb3043 0x2f8 0x0 0x shstrtab STRTAB 0x0 0xb333b 0x1e4 0x0 0x symtab SYMTAB 0x0 0xb3bd8 0x9080 0x10 0x strtab STRTAB 0x0 0xbcc58 0x8152 0x0 0x Program Segments Type Offset Virtual Address Physical Address File Size Memory Size Flags Flags Description Align Prog Interpreter Section Mappings LOAD 0x0 0x x xa947c 0xa947c 0x5 R E 0x1000.note.ABI-tag.note.gnu.build-id.rel.plt.init.plt.text libc_freeres_fn libc_thread_freeres_fn.fini.rodata libc_atexit libc_subfreeres libc_thread_subfreeres.stapsdt.base.eh_frame.gcc_except_table LOAD 0xaa000 0x80f2000 0x80f2000 0x800 0x106cc0 0x6 RW 0x1000.ctors.dtors.jcr.data.rel.ro.got.got.plt.data.bss libc_freeres_ptrs NOTE 0xd4 0x80480d4 0x80480d4 0x44 0x44 0x4 R 0x4.note.ABI-tag.note.gnu.build-id <unknown> 0xaa000 0x80f2000 0x80f2000 0x14 0x44 0x4 R 0x4 GNU_STACK 0x0 0x0 0x0 0x0 0x0 0x6 RW 0x4 s Section Value Size Type Bind Visibility.symtab 0x0 0 NOTYPE <unknown> DEFAULT SHN_UNDEF.symtab 0x80480d4 0 SECTION <unknown> DEFAULT 1.symtab 0x80480f4 0 SECTION <unknown> DEFAULT 2.symtab 0x SECTION <unknown> DEFAULT 3.symtab 0x SECTION <unknown> DEFAULT 4.symtab 0x SECTION <unknown> DEFAULT 5.symtab 0x80481c0 0 SECTION <unknown> DEFAULT 6.symtab 0x80c9e00 0 SECTION <unknown> DEFAULT 7.symtab 0x80cb7f0 0 SECTION <unknown> DEFAULT 8.symtab 0x80cb9bc 0 SECTION <unknown> DEFAULT 9.symtab 0x80cb9e0 0 SECTION <unknown> DEFAULT 10 Copyright Joe Security LLC 2018 Page 10 of 49

11 Section Value Size Type Bind Visibility.symtab 0x80e SECTION <unknown> DEFAULT 11.symtab 0x80e257c 0 SECTION <unknown> DEFAULT 12.symtab 0x80e25c8 0 SECTION <unknown> DEFAULT 13.symtab 0x80e25d0 0 SECTION <unknown> DEFAULT 14.symtab 0x80e25d4 0 SECTION <unknown> DEFAULT 15.symtab 0x80f133c 0 SECTION <unknown> DEFAULT 16.symtab 0x80f SECTION <unknown> DEFAULT 17.symtab 0x80f SECTION <unknown> DEFAULT 18.symtab 0x80f SECTION <unknown> DEFAULT 19.symtab 0x80f SECTION <unknown> DEFAULT 20.symtab 0x80f202c 0 SECTION <unknown> DEFAULT 21.symtab 0x80f SECTION <unknown> DEFAULT 22.symtab 0x80f SECTION <unknown> DEFAULT 23.symtab 0x80f206c 0 SECTION <unknown> DEFAULT 24.symtab 0x80f20a0 0 SECTION <unknown> DEFAULT 25.symtab 0x80f SECTION <unknown> DEFAULT 26.symtab 0x81f8ca0 0 SECTION <unknown> DEFAULT 27.symtab 0x0 0 SECTION <unknown> DEFAULT 28.symtab 0x0 0 SECTION <unknown> DEFAULT 29.symtab 0x0 0 SECTION <unknown> DEFAULT 30.symtab 0x0 0 SECTION <unknown> DEFAULT 31.symtab 0x0 0 SECTION <unknown> DEFAULT 32.symtab 0x0 0 SECTION <unknown> DEFAULT 33.symtab 0x0 0 SECTION <unknown> DEFAULT 34.symtab 0x0 0 SECTION <unknown> DEFAULT 35.symtab 0x0 0 SECTION <unknown> DEFAULT 36.symtab 0x0 0 SECTION <unknown> DEFAULT 37.symtab 0x0 0 SECTION <unknown> DEFAULT 38.symtab 0x0 0 SECTION <unknown> DEFAULT 39 CSWTCH.47.symtab 0x80dd4e0 32 OBJECT <unknown> DEFAULT 10 CSWTCH.49.symtab 0x80dd OBJECT <unknown> DEFAULT 10 CSWTCH.51.symtab 0x80dd OBJECT <unknown> DEFAULT 10 E_Table.symtab 0x80cbc20 48 OBJECT <unknown> DEFAULT 10 IPR_Table.symtab 0x80cbca0 64 OBJECT <unknown> DEFAULT 10 IP_Table.symtab 0x80cbc60 64 OBJECT <unknown> DEFAULT 10 LogFacility.symtab 0x80f253c 4 OBJECT <unknown> DEFAULT 25 LogFile.symtab 0x80f OBJECT <unknown> DEFAULT 25 LogMask.symtab 0x80f OBJECT <unknown> DEFAULT 25 LogStat.symtab 0x80f37c4 4 OBJECT <unknown> DEFAULT 26 LogTag.symtab 0x80f37c8 4 OBJECT <unknown> DEFAULT 26 LogType.symtab 0x80f OBJECT <unknown> DEFAULT 25 PC1_Table.symtab 0x80cbd40 56 OBJECT <unknown> DEFAULT 10 PC2_Table.symtab 0x80cbd00 48 OBJECT <unknown> DEFAULT 10 P_Table.symtab 0x80cba00 32 OBJECT <unknown> DEFAULT 10 S_Box.symtab 0x80cba OBJECT <unknown> DEFAULT 10 Shift_Table.symtab 0x80cbce0 16 OBJECT <unknown> DEFAULT 10 SyslogAddr.symtab 0x80f37e0 110 OBJECT <unknown> DEFAULT 26 _.stapsdt.base.symtab 0x80e25d0 1 NOTYPE <unknown> HIDDEN 14 _Exit.symtab 0x80655e4 23 FUNC <unknown> DEFAULT 6 _GLOBAL_OFFSET_TABLE_.symtab 0x80f206c 0 OBJECT <unknown> DEFAULT 24 _IO_2_1_stderr_.symtab 0x80f OBJECT <unknown> DEFAULT 25 _IO_2_1_stdin_.symtab 0x80f20e0 152 OBJECT <unknown> DEFAULT 25 _IO_2_1_stdout_.symtab 0x80f OBJECT <unknown> DEFAULT 25 _IO_adjust_column.symtab 0x8052f50 65 FUNC <unknown> DEFAULT 6 _IO_adjust_wcolumn.symtab 0x808bd30 64 FUNC <unknown> DEFAULT 6 _IO_cleanup.symtab 0x8053c FUNC <unknown> DEFAULT 6 _IO_default_doallocate.symtab 0x80543a0 151 FUNC <unknown> DEFAULT 6 _IO_default_finish.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_imbue.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_pbackfail.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_read.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_seek.symtab 0x80530e0 15 FUNC <unknown> DEFAULT 6 Copyright Joe Security LLC 2018 Page 11 of 49

12 Section Value Size Type Bind Visibility _IO_default_seekoff.symtab 0x8052ea0 15 FUNC <unknown> DEFAULT 6 _IO_default_seekpos.symtab 0x8052db0 57 FUNC <unknown> DEFAULT 6 _IO_default_setbuf.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_showmanyc.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_stat.symtab 0x80530f0 10 FUNC <unknown> DEFAULT 6 _IO_default_sync.symtab 0x8052e90 7 FUNC <unknown> DEFAULT 6 _IO_default_uflow.symtab 0x8052d50 52 FUNC <unknown> DEFAULT 6 _IO_default_underflow.symtab 0x8052d40 10 FUNC <unknown> DEFAULT 6 _IO_default_write.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_xsgetn.symtab 0x FUNC <unknown> DEFAULT 6 _IO_default_xsputn.symtab 0x FUNC <unknown> DEFAULT 6 _IO_do_write.symtab 0x8051df0 274 FUNC <unknown> DEFAULT 6 _IO_doallocbuf.symtab 0x8054d FUNC <unknown> DEFAULT 6 _IO_fclose.symtab 0x804d7d0 427 FUNC <unknown> DEFAULT 6 _IO_fgets.symtab 0x804d9c0 392 FUNC <unknown> DEFAULT 6 _IO_file_attach.symtab 0x80504d0 181 FUNC <unknown> DEFAULT 6 _IO_file_close.symtab 0x80513a0 18 FUNC <unknown> DEFAULT 6 _IO_file_close_it.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_close_mmap.symtab 0x80513c0 60 FUNC <unknown> DEFAULT 6 _IO_file_doallocate.symtab 0x808af FUNC <unknown> DEFAULT 6 _IO_file_finish.symtab 0x8051d FUNC <unknown> DEFAULT 6 _IO_file_fopen.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_init.symtab 0x8051cb0 51 FUNC <unknown> DEFAULT 6 _IO_file_jumps.symtab 0x80ccd40 84 OBJECT <unknown> DEFAULT 10 _IO_file_jumps_maybe_mmap.symtab 0x80cce00 84 OBJECT <unknown> DEFAULT 10 _IO_file_jumps_mmap.symtab 0x80ccda0 84 OBJECT <unknown> DEFAULT 10 _IO_file_open.symtab 0x8051b FUNC <unknown> DEFAULT 6 _IO_file_overflow.symtab 0x8051ff0 521 FUNC <unknown> DEFAULT 6 _IO_file_read.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_seek.symtab 0x80507e0 18 FUNC <unknown> DEFAULT 6 _IO_file_seekoff.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_seekoff_maybe_mmap.symtab 0x80506f0 80 FUNC <unknown> DEFAULT 6 _IO_file_seekoff_mmap.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_setbuf.symtab 0x8051b30 82 FUNC <unknown> DEFAULT 6 _IO_file_setbuf_mmap.symtab 0x8051cf0 119 FUNC <unknown> DEFAULT 6 _IO_file_stat.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_sync.symtab 0x8051f FUNC <unknown> DEFAULT 6 _IO_file_sync_mmap.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_underflow.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_underflow_maybe_mmap.symtab 0x8050a00 30 FUNC <unknown> DEFAULT 6 _IO_file_underflow_mmap.symtab 0x8050d60 69 FUNC <unknown> DEFAULT 6 _IO_file_write.symtab 0x FUNC <unknown> DEFAULT 6 _IO_file_xsgetn.symtab 0x8050db0 426 FUNC <unknown> DEFAULT 6 _IO_file_xsgetn_maybe_mmap.symtab 0x80509b0 67 FUNC <unknown> DEFAULT 6 _IO_file_xsgetn_mmap.symtab 0x8050c FUNC <unknown> DEFAULT 6 _IO_file_xsputn.symtab 0x FUNC <unknown> DEFAULT 6 _IO_flush_all.symtab 0x8053de0 20 FUNC <unknown> DEFAULT 6 _IO_flush_all_linebuffered.symtab 0x80537a0 472 FUNC <unknown> DEFAULT 6 _IO_flush_all_lockp.symtab 0x FUNC <unknown> DEFAULT 6 _IO_fopen.symtab 0x804dc FUNC <unknown> DEFAULT 6 _IO_fprintf.symtab 0x80843a0 33 FUNC <unknown> DEFAULT 6 _IO_fputs.symtab 0x808b FUNC <unknown> DEFAULT 6 _IO_fread.symtab 0x804dd FUNC <unknown> DEFAULT 6 _IO_free_backup_area.symtab 0x80532a0 93 FUNC <unknown> DEFAULT 6 _IO_free_wbackup_area.symtab 0x808be FUNC <unknown> DEFAULT 6 _IO_ftell.symtab 0x808b FUNC <unknown> DEFAULT 6 _IO_funlockfile.symtab 0x808a6b0 47 FUNC <unknown> DEFAULT 6 _IO_fwide.symtab 0x808ce FUNC <unknown> DEFAULT 6 _IO_fwrite.symtab 0x804de FUNC <unknown> DEFAULT 6 _IO_getdelim.symtab 0x808b3c0 604 FUNC <unknown> DEFAULT 6 _IO_getline.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_getline_info.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_helper_jumps.symtab 0x80dc OBJECT <unknown> DEFAULT 10 Copyright Joe Security LLC 2018 Page 12 of 49

13 Section Value Size Type Bind Visibility _IO_helper_jumps.symtab 0x80e1fc0 84 OBJECT <unknown> DEFAULT 10 _IO_helper_overflow.symtab 0x807aab0 173 FUNC <unknown> DEFAULT 6 _IO_helper_overflow.symtab 0x80bb FUNC <unknown> DEFAULT 6 _IO_init.symtab 0x FUNC <unknown> DEFAULT 6 _IO_init_marker.symtab 0x80547c0 185 FUNC <unknown> DEFAULT 6 _IO_init_wmarker.symtab 0x808c5e0 202 FUNC <unknown> DEFAULT 6 _IO_iter_begin.symtab 0x FUNC <unknown> DEFAULT 6 _IO_iter_end.symtab 0x FUNC <unknown> DEFAULT 6 _IO_iter_file.symtab 0x FUNC <unknown> DEFAULT 6 _IO_iter_next.symtab 0x FUNC <unknown> DEFAULT 6 _IO_least_marker.symtab 0x8052c00 40 FUNC <unknown> DEFAULT 6 _IO_least_wmarker.symtab 0x808bb40 48 FUNC <unknown> DEFAULT 6 _IO_link_in.symtab 0x8053e FUNC <unknown> DEFAULT 6 _IO_list_all.symtab 0x80f22b8 4 OBJECT <unknown> DEFAULT 25 _IO_list_all_stamp.symtab 0x80f OBJECT <unknown> DEFAULT 26 _IO_list_lock.symtab 0x FUNC <unknown> DEFAULT 6 _IO_list_resetlock.symtab 0x FUNC <unknown> DEFAULT 6 _IO_list_unlock.symtab 0x80531c0 56 FUNC <unknown> DEFAULT 6 _IO_marker_delta.symtab 0x FUNC <unknown> DEFAULT 6 _IO_marker_difference.symtab 0x8052fe0 17 FUNC <unknown> DEFAULT 6 _IO_mem_finish.symtab 0x808d FUNC <unknown> DEFAULT 6 _IO_mem_jumps.symtab 0x80dd OBJECT <unknown> DEFAULT 10 _IO_mem_sync.symtab 0x808d0d0 78 FUNC <unknown> DEFAULT 6 _IO_new_do_write.symtab 0x8051df0 274 FUNC <unknown> DEFAULT 6 _IO_new_fclose.symtab 0x804d7d0 427 FUNC <unknown> DEFAULT 6 _IO_new_file_attach.symtab 0x80504d0 181 FUNC <unknown> DEFAULT 6 _IO_new_file_close_it.symtab 0x FUNC <unknown> DEFAULT 6 _IO_new_file_finish.symtab 0x8051d FUNC <unknown> DEFAULT 6 _IO_new_file_fopen.symtab 0x FUNC <unknown> DEFAULT 6 _IO_new_file_init.symtab 0x8051cb0 51 FUNC <unknown> DEFAULT 6 _IO_new_file_overflow.symtab 0x8051ff0 521 FUNC <unknown> DEFAULT 6 _IO_new_file_seekoff.symtab 0x FUNC <unknown> DEFAULT 6 _IO_new_file_setbuf.symtab 0x8051b30 82 FUNC <unknown> DEFAULT 6 _IO_new_file_sync.symtab 0x8051f FUNC <unknown> DEFAULT 6 _IO_new_file_underflow.symtab 0x FUNC <unknown> DEFAULT 6 _IO_new_file_write.symtab 0x FUNC <unknown> DEFAULT 6 _IO_new_file_xsputn.symtab 0x FUNC <unknown> DEFAULT 6 _IO_new_fopen.symtab 0x804dc FUNC <unknown> DEFAULT 6 _IO_new_popen.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_new_proc_close.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_new_proc_open.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_no_init.symtab 0x FUNC <unknown> DEFAULT 6 _IO_old_init.symtab 0x8052df0 150 FUNC <unknown> DEFAULT 6 _IO_padn.symtab 0x808b FUNC <unknown> DEFAULT 6 _IO_popen.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_printf.symtab 0x804d FUNC <unknown> DEFAULT 6 _IO_proc_close.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_proc_jumps.symtab 0x80ccb40 84 OBJECT <unknown> DEFAULT 10 _IO_proc_open.symtab 0x804e FUNC <unknown> DEFAULT 6 _IO_puts.symtab 0x804e8d0 349 FUNC <unknown> DEFAULT 6 _IO_remove_marker.symtab 0x8052fa0 54 FUNC <unknown> DEFAULT 6 _IO_seekmark.symtab 0x FUNC <unknown> DEFAULT 6 _IO_seekoff.symtab 0x808b FUNC <unknown> DEFAULT 6 _IO_seekoff_unlocked.symtab 0x808b FUNC <unknown> DEFAULT 6 _IO_seekwmark.symtab 0x808bdb0 176 FUNC <unknown> DEFAULT 6 _IO_setb.symtab 0x FUNC <unknown> DEFAULT 6 _IO_sgetn.symtab 0x8052d90 18 FUNC <unknown> DEFAULT 6 _IO_sprintf.symtab 0x804d FUNC <unknown> DEFAULT 6 _IO_sputbackc.symtab 0x8052eb0 72 FUNC <unknown> DEFAULT 6 _IO_sputbackwc.symtab 0x808bc90 76 FUNC <unknown> DEFAULT 6 _IO_sscanf.symtab 0x808a FUNC <unknown> DEFAULT 6 _IO_stderr.symtab 0x80f OBJECT <unknown> HIDDEN 25 _IO_stdfile_0_lock.symtab 0x80f OBJECT <unknown> DEFAULT 26 Copyright Joe Security LLC 2018 Page 13 of 49

14 Section Value Size Type Bind Visibility _IO_stdfile_1_lock.symtab 0x80f326c 12 OBJECT <unknown> DEFAULT 26 _IO_stdfile_2_lock.symtab 0x80f OBJECT <unknown> DEFAULT 26 _IO_stdin.symtab 0x80f24fc 4 OBJECT <unknown> HIDDEN 25 _IO_stdin_used.symtab 0x80cb9e4 4 OBJECT <unknown> DEFAULT 10 _IO_stdout.symtab 0x80f OBJECT <unknown> HIDDEN 25 _IO_str_count.symtab 0x8054fc0 21 FUNC <unknown> DEFAULT 6 _IO_str_finish.symtab 0x8054fe0 58 FUNC <unknown> DEFAULT 6 _IO_str_init_readonly.symtab 0x FUNC <unknown> DEFAULT 6 _IO_str_init_static.symtab 0x80555a0 163 FUNC <unknown> DEFAULT 6 _IO_str_init_static_internal.symtab 0x FUNC <unknown> DEFAULT 6 _IO_str_jumps.symtab 0x80cce60 84 OBJECT <unknown> DEFAULT 10 _IO_str_overflow.symtab 0x FUNC <unknown> DEFAULT 6 _IO_str_pbackfail.symtab 0x FUNC <unknown> DEFAULT 6 _IO_str_seekoff.symtab 0x FUNC <unknown> DEFAULT 6 _IO_str_underflow.symtab 0x8054f60 95 FUNC <unknown> DEFAULT 6 _IO_strn_jumps.symtab 0x80dd5a0 84 OBJECT <unknown> DEFAULT 10 _IO_strn_overflow.symtab 0x808d2c0 99 FUNC <unknown> DEFAULT 6 _IO_sungetc.symtab 0x8052f00 71 FUNC <unknown> DEFAULT 6 _IO_sungetwc.symtab 0x808bce0 70 FUNC <unknown> DEFAULT 6 _IO_switch_to_backup_area.symtab 0x8052c60 43 FUNC <unknown> DEFAULT 6 _IO_switch_to_get_mode.symtab 0x8052c FUNC <unknown> DEFAULT 6 _IO_switch_to_main_get_area.symtab 0x8052c30 41 FUNC <unknown> DEFAULT 6 _IO_switch_to_main_wget_area.symtab 0x808bb70 43 FUNC <unknown> DEFAULT 6 _IO_switch_to_wbackup_area.symtab 0x808bba0 45 FUNC <unknown> DEFAULT 6 _IO_switch_to_wget_mode.symtab 0x808bc FUNC <unknown> DEFAULT 6 _IO_un_link.symtab 0x8053f FUNC <unknown> DEFAULT 6 _IO_unsave_markers.symtab 0x FUNC <unknown> DEFAULT 6 _IO_unsave_wmarkers.symtab 0x808c4b0 120 FUNC <unknown> DEFAULT 6 _IO_vasprintf.symtab 0x80b FUNC <unknown> DEFAULT 6 _IO_vdprintf.symtab 0x808d FUNC <unknown> DEFAULT 6 _IO_vfprintf.symtab 0x807b FUNC <unknown> DEFAULT 6 _IO_vfprintf_internal.symtab 0x807b FUNC <unknown> DEFAULT 6 _IO_vfscanf.symtab 0x FUNC <unknown> DEFAULT 6 _IO_vfscanf_internal.symtab 0x FUNC <unknown> DEFAULT 6 _IO_vfwprintf.symtab 0x80bb5f FUNC <unknown> DEFAULT 6 _IO_vsnprintf.symtab 0x808d FUNC <unknown> DEFAULT 6 _IO_vsprintf.symtab 0x804ea FUNC <unknown> DEFAULT 6 _IO_vsscanf.symtab 0x808b9e0 140 FUNC <unknown> DEFAULT 6 _IO_wdefault_doallocate.symtab 0x808c FUNC <unknown> DEFAULT 6 _IO_wdefault_finish.symtab 0x808bfa0 148 FUNC <unknown> DEFAULT 6 _IO_wdefault_pbackfail.symtab 0x808c FUNC <unknown> DEFAULT 6 _IO_wdefault_uflow.symtab 0x808bbd0 52 FUNC <unknown> DEFAULT 6 _IO_wdefault_xsgetn.symtab 0x808c FUNC <unknown> DEFAULT 6 _IO_wdefault_xsputn.symtab 0x808c3b0 252 FUNC <unknown> DEFAULT 6 _IO_wdo_write.symtab 0x804f FUNC <unknown> DEFAULT 6 _IO_wdoallocbuf.symtab 0x808caa0 175 FUNC <unknown> DEFAULT 6 _IO_wfile_doallocate.symtab 0x808b FUNC <unknown> DEFAULT 6 _IO_wfile_jumps.symtab 0x80ccba0 84 OBJECT <unknown> DEFAULT 10 _IO_wfile_jumps_maybe_mmap.symtab 0x80ccc60 84 OBJECT <unknown> DEFAULT 10 _IO_wfile_jumps_mmap.symtab 0x80ccc00 84 OBJECT <unknown> DEFAULT 10 _IO_wfile_overflow.symtab 0x804fd FUNC <unknown> DEFAULT 6 _IO_wfile_seekoff.symtab 0x804ee FUNC <unknown> DEFAULT 6 _IO_wfile_sync.symtab 0x804fc FUNC <unknown> DEFAULT 6 _IO_wfile_underflow.symtab 0x804f FUNC <unknown> DEFAULT 6 _IO_wfile_underflow_maybe_mmap.symtab 0x804ec20 54 FUNC <unknown> DEFAULT 6 _IO_wfile_underflow_mmap.symtab 0x804ed FUNC <unknown> DEFAULT 6 _IO_wfile_xsputn.symtab 0x804fa FUNC <unknown> DEFAULT 6 _IO_wide_data_0.symtab 0x80f22c0 188 OBJECT <unknown> DEFAULT 25 _IO_wide_data_1.symtab 0x80f OBJECT <unknown> DEFAULT 25 _IO_wide_data_2.symtab 0x80f OBJECT <unknown> DEFAULT 25 _IO_wmarker_delta.symtab 0x808bd70 61 FUNC <unknown> DEFAULT 6 _IO_wpadn.symtab 0x808ba FUNC <unknown> DEFAULT 6 _IO_wsetb.symtab 0x808bf FUNC <unknown> DEFAULT 6 Copyright Joe Security LLC 2018 Page 14 of 49

15 Section Value Size Type Bind Visibility _Jv_RegisterClasses.symtab 0x0 0 NOTYPE <unknown> DEFAULT SHN_UNDEF _L_lock_101.symtab 0x8082a82 16 FUNC <unknown> DEFAULT 6 _L_lock_10188.symtab 0x805bd2b 12 FUNC <unknown> DEFAULT 6 _L_lock_10290.symtab 0x805bd4f 16 FUNC <unknown> DEFAULT 6 _L_lock_10482.symtab 0x805bd8b 12 FUNC <unknown> DEFAULT 6 _L_lock_10588.symtab 0x805bdaf 16 FUNC <unknown> DEFAULT 6 _L_lock_10803.symtab 0x805bdeb 12 FUNC <unknown> DEFAULT 6 _L_lock_10876.symtab 0x805be0f 16 FUNC <unknown> DEFAULT 6 _L_lock_1092.symtab 0x808a FUNC <unknown> DEFAULT 6 _L_lock_1106.symtab 0x804ffc4 12 FUNC <unknown> DEFAULT 6 _L_lock_1163.symtab 0x805b9c3 12 FUNC <unknown> DEFAULT 6 _L_lock_11674.symtab 0x805be57 12 FUNC <unknown> DEFAULT 6 _L_lock_11709.symtab 0x805be6f 12 FUNC <unknown> DEFAULT 6 _L_lock_11835.symtab 0x805be7b 12 FUNC <unknown> DEFAULT 6 _L_lock_1193.symtab 0x805b9db 12 FUNC <unknown> DEFAULT 6 _L_lock_122.symtab 0x8067a4d 16 FUNC <unknown> DEFAULT 6 _L_lock_12231.symtab 0x805bea3 16 FUNC <unknown> DEFAULT 6 _L_lock_12490.symtab 0x805beb3 16 FUNC <unknown> DEFAULT 6 _L_lock_12619.symtab 0x805bed3 16 FUNC <unknown> DEFAULT 6 _L_lock_12772.symtab 0x805bef3 16 FUNC <unknown> DEFAULT 6 _L_lock_12811.symtab 0x805bf13 16 FUNC <unknown> DEFAULT 6 _L_lock_13184.symtab 0x805bf33 16 FUNC <unknown> DEFAULT 6 _L_lock_1322.symtab 0x805b9e7 16 FUNC <unknown> DEFAULT 6 _L_lock_13322.symtab 0x805bf53 16 FUNC <unknown> DEFAULT 6 _L_lock_13422.symtab 0x805bf73 12 FUNC <unknown> DEFAULT 6 _L_lock_1380.symtab 0x80751f9 16 FUNC <unknown> DEFAULT 6 _L_lock_14269.symtab 0x80c FUNC <unknown> DEFAULT 6 _L_lock_15.symtab 0x807936e 16 FUNC <unknown> DEFAULT 6 _L_lock_159.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_162.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_17.symtab 0x808437e 16 FUNC <unknown> DEFAULT 6 _L_lock_1722.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_185.symtab 0x807fec3 12 FUNC <unknown> DEFAULT 6 _L_lock_191.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_1913.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_193.symtab 0x808b9b6 12 FUNC <unknown> DEFAULT 6 _L_lock_1958.symtab 0x8054e33 16 FUNC <unknown> DEFAULT 6 _L_lock_20.symtab 0x8082a62 16 FUNC <unknown> DEFAULT 6 _L_lock_2027.symtab 0x8054e43 12 FUNC <unknown> DEFAULT 6 _L_lock_2060.symtab 0x805ba07 16 FUNC <unknown> DEFAULT 6 _L_lock_21.symtab 0x80785f8 16 FUNC <unknown> DEFAULT 6 _L_lock_210.symtab 0x80793ae 16 FUNC <unknown> DEFAULT 6 _L_lock_2158.symtab 0x806b8c8 16 FUNC <unknown> DEFAULT 6 _L_lock_2176.symtab 0x8052b4d 12 FUNC <unknown> DEFAULT 6 _L_lock_218.symtab 0x80cb84f 13 FUNC <unknown> DEFAULT 8 _L_lock_2188.symtab 0x8054e6b 16 FUNC <unknown> DEFAULT 6 _L_lock_2194.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_22.symtab 0x806812c 16 FUNC <unknown> DEFAULT 6 _L_lock_224.symtab 0x804d01e 16 FUNC <unknown> DEFAULT 6 _L_lock_2257.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_2269.symtab 0x8054e7b 12 FUNC <unknown> DEFAULT 6 _L_lock_2291.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_23.symtab 0x804cffe 16 FUNC <unknown> DEFAULT 6 _L_lock_232.symtab 0x804d FUNC <unknown> DEFAULT 6 _L_lock_2329.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_24.symtab 0x8064fc2 13 FUNC <unknown> DEFAULT 6 _L_lock_24.symtab 0x FUNC <unknown> DEFAULT 6 _L_lock_2447.symtab 0x805ba27 16 FUNC <unknown> DEFAULT 6 _L_lock_257.symtab 0x8096ff4 16 FUNC <unknown> DEFAULT 6 _L_lock_2817.symtab 0x8054eaf 16 FUNC <unknown> DEFAULT 6 _L_lock_2847.symtab 0x8054ebf 12 FUNC <unknown> DEFAULT 6 _L_lock_2975.symtab 0x8054ee7 16 FUNC <unknown> DEFAULT 6 _L_lock_3005.symtab 0x8054ef7 12 FUNC <unknown> DEFAULT 6 Copyright Joe Security LLC 2018 Page 15 of 49

16 Section Value Size Type Bind Visibility _L_lock_3030.symtab 0x805ba47 12 FUNC <unknown> DEFAULT 6 _L_lock_33.symtab 0x808b2e8 12 FUNC <unknown> DEFAULT 6 _L_lock_33.symtab 0x80b1a78 12 FUNC <unknown> DEFAULT 6 _L_lock_34.symtab 0x80500d2 12 FUNC <unknown> DEFAULT 6 _L_lock_3572.symtab 0x805ba5f 16 FUNC <unknown> DEFAULT 6 _L_lock_3593.symtab 0x805ba7f 12 FUNC <unknown> DEFAULT 6 _L_lock_3686.symtab 0x805ba8b 12 FUNC <unknown> DEFAULT 6 _L_lock_37.symtab 0x8067f10 12 FUNC <unknown> DEFAULT 6 _L_lock_376.symtab 0x804d FUNC <unknown> DEFAULT 6 _L_lock_38.symtab 0x804d97b 12 FUNC <unknown> DEFAULT 6 _L_lock_3871.symtab 0x805ba97 12 FUNC <unknown> DEFAULT 6 _L_lock_3876.symtab 0x805baa3 16 FUNC <unknown> DEFAULT 6 _L_lock_40.symtab 0x804ec00 12 FUNC <unknown> DEFAULT 6 _L_lock_4050.symtab 0x805bac3 12 FUNC <unknown> DEFAULT 6 _L_lock_417.symtab 0x806b8a8 16 FUNC <unknown> DEFAULT 6 _L_lock_4234.symtab 0x8054f1f 16 FUNC <unknown> DEFAULT 6 _L_lock_4264.symtab 0x8054f2f 12 FUNC <unknown> DEFAULT 6 _L_lock_43.symtab 0x804d5d7 16 FUNC <unknown> DEFAULT 6 _L_lock_4361.symtab 0x805badb 16 FUNC <unknown> DEFAULT 6 _L_lock_44.symtab 0x805b97f 12 FUNC <unknown> DEFAULT 6 _L_lock_44.symtab 0x808b12e 12 FUNC <unknown> DEFAULT 6 _L_lock_453.symtab 0x804d03e 16 FUNC <unknown> DEFAULT 6 _L_lock_46.symtab 0x804db48 12 FUNC <unknown> DEFAULT 6 _L_lock_46.symtab 0x80971c0 16 FUNC <unknown> DEFAULT 6 _L_lock_47.symtab 0x804de60 12 FUNC <unknown> DEFAULT 6 _L_lock_47.symtab 0x804ea2d 12 FUNC <unknown> DEFAULT 6 _L_lock_470.symtab 0x804e8ac 16 FUNC <unknown> DEFAULT 6 _L_lock_48.symtab 0x804dfe3 12 FUNC <unknown> DEFAULT 6 _L_lock_48.symtab 0x808b61c 12 FUNC <unknown> DEFAULT 6 _L_lock_50.symtab 0x80c9ec8 13 FUNC <unknown> DEFAULT 7 _L_lock_5092.symtab 0x805bafb 12 FUNC <unknown> DEFAULT 6 _L_lock_520.symtab 0x8066ae9 16 FUNC <unknown> DEFAULT 6 _L_lock_5510.symtab 0x805bb1f 12 FUNC <unknown> DEFAULT 6 _L_lock_5567.symtab 0x805bb37 12 FUNC <unknown> DEFAULT 6 _L_lock_5601.symtab 0x805bb43 12 FUNC <unknown> DEFAULT 6 _L_lock_5884.symtab 0x805bb67 12 FUNC <unknown> DEFAULT 6 _L_lock_5930.symtab 0x805bb7f 12 FUNC <unknown> DEFAULT 6 _L_lock_594.symtab 0x80b161c 16 FUNC <unknown> DEFAULT 6 _L_lock_61.symtab 0x8066ad9 16 FUNC <unknown> DEFAULT 6 _L_lock_6253.symtab 0x805bb8b 16 FUNC <unknown> DEFAULT 6 _L_lock_68.symtab 0x804e88c 16 FUNC <unknown> DEFAULT 6 _L_lock_696.symtab 0x8076b09 16 FUNC <unknown> DEFAULT 6 _L_lock_762.symtab 0x80c FUNC <unknown> DEFAULT 6 _L_lock_77.symtab 0x807938e 16 FUNC <unknown> DEFAULT 6 _L_lock_7721.symtab 0x805bbd7 12 FUNC <unknown> DEFAULT 6 _L_lock_781.symtab 0x80cb FUNC <unknown> DEFAULT 7 _L_lock_807.symtab 0x8066af9 16 FUNC <unknown> DEFAULT 6 _L_lock_8189.symtab 0x805bbef 12 FUNC <unknown> DEFAULT 6 _L_lock_8562.symtab 0x805bc0b 16 FUNC <unknown> DEFAULT 6 _L_lock_857.symtab 0x806c70c 16 FUNC <unknown> DEFAULT 6 _L_lock_8635.symtab 0x805bc27 12 FUNC <unknown> DEFAULT 6 _L_lock_8762.symtab 0x805bc3f 12 FUNC <unknown> DEFAULT 6 _L_lock_9167.symtab 0x805bc4b 12 FUNC <unknown> DEFAULT 6 _L_lock_93.symtab 0x805b98b 16 FUNC <unknown> DEFAULT 6 _L_lock_9380.symtab 0x805bc6f 16 FUNC <unknown> DEFAULT 6 _L_lock_9544.symtab 0x805bcab 12 FUNC <unknown> DEFAULT 6 _L_lock_9597.symtab 0x805bccf 16 FUNC <unknown> DEFAULT 6 _L_lock_96.symtab 0x804d5f7 16 FUNC <unknown> DEFAULT 6 _L_lock_9727.symtab 0x805bd0b 16 FUNC <unknown> DEFAULT 6 _L_lock_982.symtab 0x8054e13 16 FUNC <unknown> DEFAULT 6 _L_lock_99.symtab 0x804d FUNC <unknown> DEFAULT 6 _L_lock_991.symtab 0x807fedb 12 FUNC <unknown> DEFAULT 6 _L_unlock_1010.symtab 0x8054e23 16 FUNC <unknown> DEFAULT 6 Copyright Joe Security LLC 2018 Page 16 of 49

17 Section Value Size Type Bind Visibility _L_unlock_10235.symtab 0x805bd37 12 FUNC <unknown> DEFAULT 6 _L_unlock_10283.symtab 0x805bd43 12 FUNC <unknown> DEFAULT 6 _L_unlock_103.symtab 0x806813c 13 FUNC <unknown> DEFAULT 6 _L_unlock_10300.symtab 0x805bd5f 16 FUNC <unknown> DEFAULT 6 _L_unlock_10384.symtab 0x805bd6f 16 FUNC <unknown> DEFAULT 6 _L_unlock_10407.symtab 0x805bd7f 12 FUNC <unknown> DEFAULT 6 _L_unlock_10520.symtab 0x805bd97 12 FUNC <unknown> DEFAULT 6 _L_unlock_1056.symtab 0x808a FUNC <unknown> DEFAULT 6 _L_unlock_10581.symtab 0x805bda3 12 FUNC <unknown> DEFAULT 6 _L_unlock_10598.symtab 0x805bdbf 16 FUNC <unknown> DEFAULT 6 _L_unlock_10668.symtab 0x805bdcf 16 FUNC <unknown> DEFAULT 6 _L_unlock_10688.symtab 0x805bddf 12 FUNC <unknown> DEFAULT 6 _L_unlock_108.symtab 0x804d FUNC <unknown> DEFAULT 6 _L_unlock_1080.symtab 0x807fee7 12 FUNC <unknown> DEFAULT 6 _L_unlock_10822.symtab 0x805bdf7 12 FUNC <unknown> DEFAULT 6 _L_unlock_10869.symtab 0x805be03 12 FUNC <unknown> DEFAULT 6 _L_unlock_10886.symtab 0x805be1f 16 FUNC <unknown> DEFAULT 6 _L_unlock_10926.symtab 0x805be2f 16 FUNC <unknown> DEFAULT 6 _L_unlock_10947.symtab 0x805be3f 12 FUNC <unknown> DEFAULT 6 _L_unlock_110.symtab 0x808b13a 9 FUNC <unknown> DEFAULT 6 _L_unlock_1150.symtab 0x805b9b7 12 FUNC <unknown> DEFAULT 6 _L_unlock_116.symtab 0x804e89c 16 FUNC <unknown> DEFAULT 6 _L_unlock_116.symtab 0x804ea39 12 FUNC <unknown> DEFAULT 6 _L_unlock_11664.symtab 0x805be4b 12 FUNC <unknown> DEFAULT 6 _L_unlock_11697.symtab 0x805be63 12 FUNC <unknown> DEFAULT 6 _L_unlock_1179.symtab 0x805b9cf 12 FUNC <unknown> DEFAULT 6 _L_unlock_11847.symtab 0x805be87 12 FUNC <unknown> DEFAULT 6 _L_unlock_119.symtab 0x8082a92 16 FUNC <unknown> DEFAULT 6 _L_unlock_120.symtab 0x807939e 16 FUNC <unknown> DEFAULT 6 _L_unlock_12199.symtab 0x805be93 16 FUNC <unknown> DEFAULT 6 _L_unlock_122.symtab 0x804d FUNC <unknown> DEFAULT 6 _L_unlock_125.symtab 0x80500e7 9 FUNC <unknown> DEFAULT 6 _L_unlock_12507.symtab 0x805bec3 16 FUNC <unknown> DEFAULT 6 _L_unlock_12622.symtab 0x805bee3 16 FUNC <unknown> DEFAULT 6 _L_unlock_12780.symtab 0x805bf03 16 FUNC <unknown> DEFAULT 6 _L_unlock_12861.symtab 0x805bf23 16 FUNC <unknown> DEFAULT 6 _L_unlock_129.symtab 0x804d00e 16 FUNC <unknown> DEFAULT 6 _L_unlock_130.symtab 0x805b99b 12 FUNC <unknown> DEFAULT 6 _L_unlock_13202.symtab 0x805bf43 16 FUNC <unknown> DEFAULT 6 _L_unlock_13340.symtab 0x805bf63 16 FUNC <unknown> DEFAULT 6 _L_unlock_1353.symtab 0x805b9f7 16 FUNC <unknown> DEFAULT 6 _L_unlock_13595.symtab 0x805bf7f 12 FUNC <unknown> DEFAULT 6 _L_unlock_139.symtab 0x805b9a7 16 FUNC <unknown> DEFAULT 6 _L_unlock_141.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_14349.symtab 0x80c09a5 9 FUNC <unknown> DEFAULT 6 _L_unlock_144.symtab 0x804ec15 9 FUNC <unknown> DEFAULT 6 _L_unlock_145.symtab 0x8067f25 9 FUNC <unknown> DEFAULT 6 _L_unlock_1515.symtab 0x804ffd0 12 FUNC <unknown> DEFAULT 6 _L_unlock_1516.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_153.symtab 0x808b2f4 12 FUNC <unknown> DEFAULT 6 _L_unlock_153.symtab 0x80b1a84 12 FUNC <unknown> DEFAULT 6 _L_unlock_1565.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_1596.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_16.symtab 0x804e87c 16 FUNC <unknown> DEFAULT 6 _L_unlock_166.symtab 0x808b143 9 FUNC <unknown> DEFAULT 6 _L_unlock_167.symtab 0x804de78 9 FUNC <unknown> DEFAULT 6 _L_unlock_171.symtab 0x804db54 9 FUNC <unknown> DEFAULT 6 _L_unlock_1713.symtab 0x804ffdc 12 FUNC <unknown> DEFAULT 6 _L_unlock_1728.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_18.symtab 0x808a6df 9 FUNC <unknown> DEFAULT 6 _L_unlock_184.symtab 0x804d9a7 9 FUNC <unknown> DEFAULT 6 _L_unlock_188.symtab 0x804dfef 9 FUNC <unknown> DEFAULT 6 _L_unlock_190.symtab 0x FUNC <unknown> DEFAULT 6 Copyright Joe Security LLC 2018 Page 17 of 49

18 Section Value Size Type Bind Visibility _L_unlock_1923.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_195.symtab 0x804ea45 9 FUNC <unknown> DEFAULT 6 _L_unlock_2062.symtab 0x8054e4f 12 FUNC <unknown> DEFAULT 6 _L_unlock_208.symtab 0x808b300 9 FUNC <unknown> DEFAULT 6 _L_unlock_208.symtab 0x80b1a90 9 FUNC <unknown> DEFAULT 6 _L_unlock_2094.symtab 0x8054e5b 16 FUNC <unknown> DEFAULT 6 _L_unlock_213.symtab 0x804d9b0 9 FUNC <unknown> DEFAULT 6 _L_unlock_217.symtab 0x804dff8 9 FUNC <unknown> DEFAULT 6 _L_unlock_217.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_2175.symtab 0x806b8d8 16 FUNC <unknown> DEFAULT 6 _L_unlock_2202.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_2222.symtab 0x8052b59 12 FUNC <unknown> DEFAULT 6 _L_unlock_224.symtab 0x80cb85c 13 FUNC <unknown> DEFAULT 8 _L_unlock_2270.symtab 0x806b8e8 16 FUNC <unknown> DEFAULT 6 _L_unlock_2273.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_228.symtab 0x8067a5d 13 FUNC <unknown> DEFAULT 6 _L_unlock_2297.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_2307.symtab 0x806b8f8 16 FUNC <unknown> DEFAULT 6 _L_unlock_2318.symtab 0x8054e87 12 FUNC <unknown> DEFAULT 6 _L_unlock_2379.symtab 0x805ba17 16 FUNC <unknown> DEFAULT 6 _L_unlock_2381.symtab 0x8052b65 12 FUNC <unknown> DEFAULT 6 _L_unlock_2385.symtab 0x80910a6 16 FUNC <unknown> DEFAULT 6 _L_unlock_2389.symtab 0x806b FUNC <unknown> DEFAULT 6 _L_unlock_24.symtab 0x807937e 16 FUNC <unknown> DEFAULT 6 _L_unlock_244.symtab 0x804db5d 9 FUNC <unknown> DEFAULT 6 _L_unlock_245.symtab 0x808b FUNC <unknown> DEFAULT 6 _L_unlock_2469.symtab 0x8054e93 16 FUNC <unknown> DEFAULT 6 _L_unlock_26.symtab 0x8054df7 12 FUNC <unknown> DEFAULT 6 _L_unlock_2604.symtab 0x805ba37 16 FUNC <unknown> DEFAULT 6 _L_unlock_262.symtab 0x804d FUNC <unknown> DEFAULT 6 _L_unlock_2719.symtab 0x8054ea3 12 FUNC <unknown> DEFAULT 6 _L_unlock_2885.symtab 0x8054ecb 16 FUNC <unknown> DEFAULT 6 _L_unlock_2926.symtab 0x8054edb 12 FUNC <unknown> DEFAULT 6 _L_unlock_294.symtab 0x807fecf 12 FUNC <unknown> DEFAULT 6 _L_unlock_296.symtab 0x808b9c2 12 FUNC <unknown> DEFAULT 6 _L_unlock_3078.symtab 0x8054f03 16 FUNC <unknown> DEFAULT 6 _L_unlock_3136.symtab 0x8054f13 12 FUNC <unknown> DEFAULT 6 _L_unlock_3245.symtab 0x805ba53 12 FUNC <unknown> DEFAULT 6 _L_unlock_330.symtab 0x804d02e 16 FUNC <unknown> DEFAULT 6 _L_unlock_330.symtab 0x80793be 16 FUNC <unknown> DEFAULT 6 _L_unlock_341.symtab 0x804d FUNC <unknown> DEFAULT 6 _L_unlock_355.symtab 0x808b634 9 FUNC <unknown> DEFAULT 6 _L_unlock_3585.symtab 0x805ba6f 16 FUNC <unknown> DEFAULT 6 _L_unlock_38.symtab 0x8054e03 16 FUNC <unknown> DEFAULT 6 _L_unlock_38.symtab 0x8082a72 16 FUNC <unknown> DEFAULT 6 _L_unlock_3883.symtab 0x805bab3 16 FUNC <unknown> DEFAULT 6 _L_unlock_39.symtab 0x808438e 13 FUNC <unknown> DEFAULT 6 _L_unlock_4201.symtab 0x805bacf 12 FUNC <unknown> DEFAULT 6 _L_unlock_421.symtab 0x808b9ce 9 FUNC <unknown> DEFAULT 6 _L_unlock_430.symtab 0x FUNC <unknown> DEFAULT 6 _L_unlock_4337.symtab 0x8054f3b 16 FUNC <unknown> DEFAULT 6 _L_unlock_4390.symtab 0x805baeb 16 FUNC <unknown> DEFAULT 6 _L_unlock_4417.symtab 0x8054f4b 12 FUNC <unknown> DEFAULT 6 _L_unlock_487.symtab 0x804e8bc 16 FUNC <unknown> DEFAULT 6 _L_unlock_494.symtab 0x806b8b8 16 FUNC <unknown> DEFAULT 6 _L_unlock_503.symtab 0x80793ce 16 FUNC <unknown> DEFAULT 6 _L_unlock_51.symtab 0x80971d0 16 FUNC <unknown> DEFAULT 6 _L_unlock_5217.symtab 0x805bb07 12 FUNC <unknown> DEFAULT 6 _L_unlock_542.symtab 0x80793de 16 FUNC <unknown> DEFAULT 6 _L_unlock_5495.symtab 0x805bb13 12 FUNC <unknown> DEFAULT 6 _L_unlock_5554.symtab 0x805bb2b 12 FUNC <unknown> DEFAULT 6 _L_unlock_560.symtab 0x804d04e 16 FUNC <unknown> DEFAULT 6 _L_unlock_5616.symtab 0x805bb4f 12 FUNC <unknown> DEFAULT 6 Copyright Joe Security LLC 2018 Page 18 of 49

19 Section Value Size Type Bind Visibility _L_unlock_5872.symtab 0x805bb5b 12 FUNC <unknown> DEFAULT 6 _L_unlock_5915.symtab 0x805bb73 12 FUNC <unknown> DEFAULT 6 _L_unlock_61.symtab 0x80c9ed5 13 FUNC <unknown> DEFAULT 7 _L_unlock_62.symtab 0x804d5e7 16 FUNC <unknown> DEFAULT 6 _L_unlock_6274.symtab 0x805bb9b 16 FUNC <unknown> DEFAULT 6 _L_unlock_6292.symtab 0x805bbab 16 FUNC <unknown> DEFAULT 6 _L_unlock_6357.symtab 0x805bbbb 16 FUNC <unknown> DEFAULT 6 _L_unlock_643.symtab 0x80b162c 13 FUNC <unknown> DEFAULT 6 _L_unlock_7712.symtab 0x805bbcb 12 FUNC <unknown> DEFAULT 6 _L_unlock_778.symtab 0x8076b19 16 FUNC <unknown> DEFAULT 6 _L_unlock_790.symtab 0x80cb FUNC <unknown> DEFAULT 7 _L_unlock_8179.symtab 0x805bbe3 12 FUNC <unknown> DEFAULT 6 _L_unlock_83.symtab 0x80500de 9 FUNC <unknown> DEFAULT 6 _L_unlock_831.symtab 0x8066b09 16 FUNC <unknown> DEFAULT 6 _L_unlock_849.symtab 0x80c098d 12 FUNC <unknown> DEFAULT 6 _L_unlock_85.symtab 0x804ec0c 9 FUNC <unknown> DEFAULT 6 _L_unlock_8553.symtab 0x805bbfb 16 FUNC <unknown> DEFAULT 6 _L_unlock_8623.symtab 0x805bc1b 12 FUNC <unknown> DEFAULT 6 _L_unlock_867.symtab 0x806c71c 16 FUNC <unknown> DEFAULT 6 _L_unlock_8749.symtab 0x805bc33 12 FUNC <unknown> DEFAULT 6 _L_unlock_9.symtab 0x8066ac9 16 FUNC <unknown> DEFAULT 6 _L_unlock_92.symtab 0x804de6c 12 FUNC <unknown> DEFAULT 6 _L_unlock_9213.symtab 0x805bc57 12 FUNC <unknown> DEFAULT 6 _L_unlock_93.symtab 0x8064fcf 10 FUNC <unknown> DEFAULT 6 _L_unlock_9374.symtab 0x805bc63 12 FUNC <unknown> DEFAULT 6 _L_unlock_9389.symtab 0x805bc7f 16 FUNC <unknown> DEFAULT 6 _L_unlock_94.symtab 0x8067f1c 9 FUNC <unknown> DEFAULT 6 _L_unlock_9415.symtab 0x805bc8f 16 FUNC <unknown> DEFAULT 6 _L_unlock_9434.symtab 0x805bc9f 12 FUNC <unknown> DEFAULT 6 _L_unlock_95.symtab 0x809482f 10 FUNC <unknown> DEFAULT 6 _L_unlock_9563.symtab 0x805bcb7 12 FUNC <unknown> DEFAULT 6 _L_unlock_9590.symtab 0x805bcc3 12 FUNC <unknown> DEFAULT 6 _L_unlock_9606.symtab 0x805bcdf 16 FUNC <unknown> DEFAULT 6 _L_unlock_9645.symtab 0x805bcef 16 FUNC <unknown> DEFAULT 6 _L_unlock_9665.symtab 0x805bcff 12 FUNC <unknown> DEFAULT 6 _L_unlock_9809.symtab 0x805bd1b 16 FUNC <unknown> DEFAULT 6 _Unwind_Backtrace.symtab 0x80c6e FUNC <unknown> HIDDEN 6 _Unwind_DebugHook.symtab 0x80c44c0 5 FUNC <unknown> DEFAULT 6 _Unwind_DeleteException.symtab 0x80c44d0 31 FUNC <unknown> HIDDEN 6 _Unwind_FindEnclosingFunction.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_Find_FDE.symtab 0x80c8ea0 478 FUNC <unknown> HIDDEN 6 _Unwind_ForcedUnwind.symtab 0x80c6ff0 262 FUNC <unknown> HIDDEN 6 _Unwind_ForcedUnwind_Phase2.symtab 0x80c6ed0 282 FUNC <unknown> DEFAULT 6 _Unwind_GetCFA.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_GetDataRelBase.symtab 0x80c44a0 11 FUNC <unknown> HIDDEN 6 _Unwind_GetGR.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_GetIP.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_GetIPInfo.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_GetLanguageSpecificData.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_GetRegionStart.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_GetTextRelBase.symtab 0x80c44b0 11 FUNC <unknown> HIDDEN 6 _Unwind_IteratePhdrCallback.symtab 0x80c82c FUNC <unknown> DEFAULT 6 _Unwind_RaiseException.symtab 0x80c73f0 396 FUNC <unknown> HIDDEN 6 _Unwind_RaiseException_Phase2.symtab 0x80c FUNC <unknown> DEFAULT 6 _Unwind_Resume.symtab 0x80c71c0 248 FUNC <unknown> HIDDEN 6 _Unwind_Resume_or_Rethrow.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_SetGR.symtab 0x80c44f0 109 FUNC <unknown> HIDDEN 6 _Unwind_SetIP.symtab 0x80c FUNC <unknown> HIDDEN 6 _Unwind_SetSpColumn.symtab 0x80c45d0 61 FUNC <unknown> DEFAULT 6 CTOR_END.symtab 0x80f201c 0 OBJECT <unknown> DEFAULT 19 CTOR_LIST.symtab 0x80f OBJECT <unknown> DEFAULT 19 DTOR_END.symtab 0x80f OBJECT <unknown> HIDDEN 20 DTOR_LIST.symtab 0x80f OBJECT <unknown> DEFAULT 20 Copyright Joe Security LLC 2018 Page 19 of 49

20 Section Value Size Type Bind Visibility EH_FRAME_BEGIN.symtab 0x80e25d4 0 OBJECT <unknown> DEFAULT 15 FRAME_END.symtab 0x80f OBJECT <unknown> DEFAULT 15 IO_vsprintf.symtab 0x804ea FUNC <unknown> DEFAULT 6 JCR_END.symtab 0x80f202c 0 OBJECT <unknown> DEFAULT 21 JCR_LIST.symtab 0x80f202c 0 OBJECT <unknown> DEFAULT 21 strtod_l_internal.symtab 0x80a FUNC <unknown> DEFAULT 6 strtof_l_internal.symtab 0x80a6f FUNC <unknown> DEFAULT 6 strtol_l_internal.symtab 0x FUNC <unknown> DEFAULT 6 strtold_l_internal.symtab 0x80ac5e FUNC <unknown> DEFAULT 6 strtoll_l_internal.symtab 0x80a52b FUNC <unknown> DEFAULT 6 strtoul_l_internal.symtab 0x8079c FUNC <unknown> DEFAULT 6 strtoull_l_internal.symtab 0x80a5e FUNC <unknown> DEFAULT 6 asprintf.symtab 0x80b FUNC <unknown> DEFAULT 6 brk_addr.symtab 0x80f40c4 4 OBJECT <unknown> DEFAULT 26 fxstat64.symtab 0x80658d0 54 FUNC <unknown> DEFAULT 6 newselect_nocancel.symtab 0x8065fda 49 FUNC <unknown> DEFAULT 6 printf_fp.symtab 0x80802c FUNC <unknown> DEFAULT 6 vfprintf_chk.symtab 0x8067e FUNC <unknown> DEFAULT 6 vfscanf.symtab 0x808a FUNC <unknown> DEFAULT 6 xstat64.symtab 0x8094db0 54 FUNC <unknown> DEFAULT 6 abort_msg.symtab 0x80f3fc4 4 OBJECT <unknown> DEFAULT 26 access.symtab 0x8094df0 35 FUNC <unknown> DEFAULT 6 add_to_environ.symtab 0x8078ef FUNC <unknown> DEFAULT 6 after_morecore_hook.symtab 0x80f32a8 4 OBJECT <unknown> DEFAULT 26 alloc_dir.symtab 0x8064c FUNC <unknown> DEFAULT 6 argz_add_sep.symtab 0x808f1f0 165 FUNC <unknown> DEFAULT 6 argz_count.symtab 0x808f FUNC <unknown> DEFAULT 6 argz_create_sep.symtab 0x808f0c0 214 FUNC <unknown> DEFAULT 6 argz_stringify.symtab 0x808f1a0 65 FUNC <unknown> DEFAULT 6 asprintf.symtab 0x80b FUNC <unknown> DEFAULT 6 backtrace.symtab 0x8067a FUNC <unknown> DEFAULT 6 backtrace_symbols_fd.symtab 0x8067bc0 587 FUNC <unknown> DEFAULT 6 bind.symtab 0x80c1a00 34 FUNC <unknown> DEFAULT 6 brk.symtab 0x80950f0 66 FUNC <unknown> DEFAULT 6 bsd_signal.symtab 0x804c FUNC <unknown> DEFAULT 6 bss_start.symtab 0x80f NOTYPE <unknown> DEFAULT SHN_ABS btowc.symtab 0x80c FUNC <unknown> DEFAULT 6 cache_sysconf.symtab 0x FUNC <unknown> DEFAULT 6 calloc.symtab 0x FUNC <unknown> DEFAULT 6 cfree.symtab 0x805a FUNC <unknown> DEFAULT 6 chdir.symtab 0x8065c90 31 FUNC <unknown> DEFAULT 6 chmod.symtab 0x FUNC <unknown> DEFAULT 6 clearenv.symtab 0x8078d FUNC <unknown> DEFAULT 6 close.symtab 0x80659e0 88 FUNC <unknown> DEFAULT 6 close_nocancel.symtab 0x80659ea 31 FUNC <unknown> DEFAULT 6 closedir.symtab 0x8064eb0 70 FUNC <unknown> DEFAULT 6 connect.symtab 0x FUNC <unknown> DEFAULT 6 connect_internal.symtab 0x FUNC <unknown> DEFAULT 6 correctly_grouped_prefixmb.symtab 0x807a FUNC <unknown> DEFAULT 6 cpu_features.symtab 0x81f8b60 36 OBJECT <unknown> DEFAULT 26 ctype_b_loc.symtab 0x8073d80 51 FUNC <unknown> DEFAULT 6 ctype_tolower_loc.symtab 0x8073d00 51 FUNC <unknown> DEFAULT 6 ctype_toupper_loc.symtab 0x8073d40 51 FUNC <unknown> DEFAULT 6 curbrk.symtab 0x80f40c4 4 OBJECT <unknown> DEFAULT 26 current_locale_name.symtab 0x80a FUNC <unknown> DEFAULT 6 cxa_atexit.symtab 0x804cd FUNC <unknown> DEFAULT 6 data_start.symtab 0x80f20a0 0 NOTYPE <unknown> DEFAULT 25 daylight.symtab 0x80f OBJECT <unknown> DEFAULT 26 dcgettext.symtab 0x8073dc0 57 FUNC <unknown> DEFAULT 6 dcigettext.symtab 0x8074b FUNC <unknown> DEFAULT 6 default_morecore.symtab 0x805bf90 30 FUNC <unknown> DEFAULT 6 deregister_frame.symtab 0x80c FUNC <unknown> HIDDEN 6 deregister_frame_info.symtab 0x80c FUNC <unknown> HIDDEN 6 Copyright Joe Security LLC 2018 Page 20 of 49

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version:

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version: ID: 58133 Sample Name: Serial.txt Cookbook: default.jbs Time: 02:5:20 Date: 0/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence