Basic Information:
-------------------------------------------
Target OS: Linux
Target Arch: i386, 32bit
File Type: ELF Executable
Lang: C
Size: 18.8K
MD5SUM: aec7c1a858d07bb62bb24b15fe3054f7
Test Environment:
- Virtual machine
 \
  |--> ArchLinux 64-bit
-------------------------------------------

Abilites:
-----------------------------------------------------
- Using sockets to open port
 \
  |--> 1666 tcp/netview-aix-6

- Easy to detect
 \
  |--> Commands
   \--> ps aux | grep r0nin
   \--> netstat -antup

- It doesnt connect back to any malicious host
- While it runs it opens files
 \
  |--> /etc/ld.so.cache
  |--> /lib/i386-linux-gnu/libc.so.6
  |--> /dev/null

- While it runs it creates and terminates processes
 \
  |--> Created processes
   \--> /tmp/EB93A6/996E.elf (Executed with "execve")
   /
  |--> Terminated Processes
   \--> /tmp/EB93A6/996E.elf
   \--> /lib/systemd/systemd-udevd --daemon

-----------------------------------------------------

Functions:
--------------------------------------------
--> __register_frame_info, write, close
    perror, fork, signal, fflush, select
    htonl, execve, memchr, accept, listen
    setsid, vhangup, __deregister_frame_info 
    waitpid, chdir, strlen, setpgid
    __libc_start_main, dup2, printf, bind
    memcpy, open, bzero, exit, ioctl, htons
    kill, sprintf, socket, read, strcpy
--------------------------------------------
