offset | 0 1 2 3 4 5 6 7 8 9 a b c d e f | 0123456789abcdef
------ | -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- | ----------------
000000 | 01 00 00 00 7D 00 00 00 00 F4 01 00 00 32 00 00 | ....}........2..
000010 | 00 E8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000020 | 00 00 01 01 00 00 00 00 01 00 00 00 C0 A8 01 0D | ................
000030 | C0 A8 01 0D C0 A8 01 0D C0 A8 01 0D C0 A8 01 0D | ................
000040 | FF FF 01 00 00 00 00 00 2D 3D 3D 20 4C 6F 76 65 | ........-==.Love
000050 | 20 41 56 20 3D 3D 2D 3A 00 01 00 00 00 64 0A 00 | .AV.==-:.....d..
000060 | 00 C4 07 00 00 4C 69 6E 75 78 20 33 2E 31 33 2E | .....Linux.3.13.
000070 | 30 2D 39 33 2D 67 65 6E 65 72 69 63 00 31 3A 47 | 0-93-generic.1:G
000080 | 32 2E 34 30 00 | 2.40.
|
Offset |
Name |
Value |
|
000009 |
Hardcoded Value 1 |
0x1f4 |
|
00000d |
Hardcoded Value 2 |
0x32 |
|
000011 |
Hardcoded Value 3 |
0x3e8 |
|
00002c |
Compromised Host IP |
192.168.1.13 |
|
000030 |
Unknown IP Addresses |
- first: |
|
000048 |
Unknown Indicator |
-== Love AV ==- |
|
000059 |
Number of CPUs |
1 |
|
00005d |
CPU Mhz |
2660 |
|
000061 |
Total Memory (MB) |
1988 |
|
000065 |
Compromised System Kernel |
Linux 3.13.0-93-generic |
|
00007d |
Possible Trojan Version |
1:G2.40 |