AI
Legitimate ALSA library package
Mal-ecule
O₃(PCEr)H₄(Cm₇Ds₂F₅Po₅)Md₂(Bi₃He₂)
Objectives
suspicious severity, 75% confident.
persistence/system/daemon
Unix daemon persistence mechanism
notable severity, 85% confident.
command-and-control/reverse-shell
POSIX shell with socket fd redirection
notable severity, 85% confident.
evasion/kernel-hide/lkm
Inline assembly with direct syscall
Micro-behaviors
notable severity, 75% confident.
communications/socket
Connect API symbol text
notable severity, 75% confident.
communications/socket/bind
Bind socket to address
notable severity, 85% confident.
dylib
Address to symbol lookup
notable severity, 90% confident.
dylib/load
Dynamic library loading via dlopen
notable severity, 66% confident.
fs
Change file ownership
notable severity, 66% confident.
fs/chmod
chmod syscall
notable severity, 80% confident.
fs/file
Read file status and metadata (legacy 64-bit)
notable severity, 66% confident.
fs/proc
Get CPU info from /proc/cpuinfo
notable severity, 95% confident.
process/create
Executes command and captures output
notable severity, 90% confident.
process/create/shell
system() function call
notable severity, 70% confident.
process/fd
Close all descriptors from limit
baseline severity, 100% confident.
fs/path
/tmp/ path component
baseline severity, 100% confident.
fs/path/device
/dev/null (legitimate discard device)
Metadata
notable severity, 100% confident.
binary/linking
Shared library binds dynamic loader
notable severity, 80% confident.
binary/section
Non-empty finalization array section
notable severity, 85% confident.
hardening
FORTIFY_SOURCE strcpy bounds check
20 of 30 traits shown
Identity
| SHA-256 | 2d2f2b3966cebd6ec75abbbdb4709a1093849207ada6624cdfe36f38d0f5c811 |
|---|---|
| Canonical SHA-256 | 00b748fe45e0cbe866fb1690e7f0b1db92f1e91f078a39d66f8ba1e8944e9893 |
| Filename | alsa-lib-1.2.16.1-1-x86_64.pkg.tar.zst |
| Package | alsa-lib |
| Version | 1.2.16.1-1 |
Origin
| Source | forager |
|---|---|
| Feed | archlinux.org |
| Ecosystem | arch |
| Domain | archlinux.org |
| URL | https://archlinux.org/packages/extra/x86_64/alsa-lib/download/ |
Timeline
| First seen | 16 Jun 2026 04:44 UTC |
|---|---|
| First analyzed | 17 Jun 2026 06:20 UTC |
| Last analyzed | 17 Jun 2026 06:20 UTC |
| Last updated | 17 Jun 2026 06:20 UTC |
Labeling
| Label | unknown |
|---|---|
| Label source | forager |
| Traits version | 27202 |
Not seeing what you expected? Let us know