| 0x0 | 7f454c46020101030000000000000000 | .ELF............ELF binary has trailing overlay data |
| 0x10 | 03003e000100000000d2080000000000 | ..>............. |
| 0x20 | 4000000000000000889ab90000000000 | @............... |
| 0x30 | 00000000400038000f00400022002100 | ....@.8...@.".!. |
| 0x40 | 060000000400 | ...... |
| 0x3a8b8 | 72544d436c6f6e655461626c65005f5f | rTMCloneTable.__ |
| 0x3a8c8 | 6378615f66696e616c697a6500676574 | cxa_finalize.getC++ standard library markers (libc++, libstdc++) |
| 0x3a8d8 | 7061676573697a6500636c6f636b5f67 | pagesize.clock_gMeasures execution time for timing attacks |
| 0x3a8e8 | 657474696d65005f5f737461636b5f63 | ettime.__stack_cStack protector/canary enabled |
| 0x3a8f8 | 686b5f6661696c006c7365656b363400 | hk_fail.lseek64. |
| 0x3a908 | 707468726561645f6f6e6365005f5f61 | pthread_once.__aCharacteristic system library export __assert_fail |
| 0x3a918 | 73736572745f6661696c006d756e6d61 | ssert_fail.munmaUnmap files from memory |
| 0x3a928 | 70006d6d617036340075736c65657000 | p.mmap64.usleep.Maps files or devices into memory |
| 0x3a938 | 5f5f69736f6332335f737472746f6c00 | __isoc23_strtol. |
| 0x3a948 | 5f5f76736e7072696e74665f63686b00 | __vsnprintf_chk. |
| 0x3a958 | 67657470696400707468726561645f67 | getpid.pthread_gGet process ID |
| 0x3a968 | 65747370656369666963007074687265 | etspecific.pthre |
| 0x3a978 | 61645f6d757465785f6c6f636b005f5f | ad_mutex_lock.__ |
| 0x3a988 | 6c6962635f73746172745f6d61696e00 | libc_start_main.Binary appears to be a libc itself (exports characteristic symbols) |
| 0x3a998 | 726563766d736700707468726561645f | recvmsg.pthread_Uses recvmsg socket call |
| 0x3a9a8 | 6b65795f637265617465007374646572 | key_create.stder |
| 0x3a9b8 | 720066636e746c36340063616c6c6f63 | r.fcntl64.calloc |
| 0x3a9c8 | 00667472756e636174653634006d656d | .ftruncate64.memTruncate file |
| 0x3a9d8 | 73657400707468726561645f73657473 | set.pthread_sets |
| 0x3a9e8 | 706563696669630070746872 | pecific.pthr |
| 0x3c187 | 6563745f6765745f7164617461005f5f | ect_get_qdata.__ |
| 0x3c197 | 6d656d6370795f63686b0071736f7274 | memcpy_chk.qsortFORTIFY_SOURCE memcpy bounds check |
| 0x3c1a7 | 00706f7369785f6d656d616c69676e00 | .posix_memalign. |
| 0x3c1b7 | 675f757466385f736b69 | g_utf8_ski |
| 0x3e6c4 | 65737569640067657472657367696400 | esuid.getresgid. |
| 0x3e6d4 | 67657475696400676574676964006765 | getuid.getgid.gePOSIX user lookup functions |
| 0x3e6e4 | 7465756964006765746567696400675f | teuid.getegid.g_Get effective group ID |
| 0x3e6f4 | 696f5f657874656e73696f6e5f706f69 | io_extension_poi |
| 0x3e704 | 6e745f72656769737465720067 | nt_register.g |
| 0x40313 | 6973655f6e657700675f71756575655f | ise_new.g_queue_ |
| 0x40323 | 756e6c696e6b00675f73657175656e63 | unlink.g_sequencRemoves artifacts before memfd execution |
| 0x40333 | 655f72656d6f766500675f7175657565 | e_remove.g_queue |
| 0x40343 | 5f707573685f | _push_ |
| 0x423bd | 5f757466385f737472646f776e005f5f | _utf8_strdown.__ |
| 0x423cd | 7374726370795f63686b00675f736571 | strcpy_chk.g_seqFORTIFY_SOURCE strcpy bounds check |
| 0x423dd | 75656e63655f736f727400675f736571 | uence_sort.g_seq |
| 0x423ed | 75656e63655f73656172 | uence_sear |
| 0x44761 | 6e5f7365745f616e6f6e796d6f757300 | n_set_anonymous. |
| 0x44771 | 675f6d6f756e745f6f7065726174696f | g_mount_operatio |
| 0x44781 | 6e5f6765745f70617373776f72645f73 | n_get_password_sStripped binary designed to deploy and control an embedded eBPF stealth rootkit |
| 0x44791 | 61766500675f737072696e7466006b69 | ave.g_sprintf.kiContains verbs for terminating processes |
| 0x447a1 | 6c6c00675f76617269616e745f6e6577 | ll.g_variant_new |
| 0x447b1 | 5f66697865645f617272617900675f61 | _fixed_array.g_a |
| 0x447c1 | 7272 | rr |
| 0x456d0 | 696e69736800675f6275735f67657400 | inish.g_bus_get. |
| 0x456e0 | 666f70656e3634006667657473006663 | fopen64.fgets.fcBinary process execution capability |
| 0x456f0 | 6c6f73650063645f636c69656e745f6e | lose.cd_client_n |
| 0x45700 | 657700675f6275735f77617463 | ew.g_bus_watc |
| 0x45822 | 466400675f736f757263655f6164645f | Fd.g_source_add_ |
| 0x45832 | 706f6c6c0069707044656c6574650068 | poll.ippDelete.hpoll() I/O multiplexing |
| 0x45842 | 747470476574486f73746e616d650063 | ttpGetHostname.c |
| 0x45852 | 75707355 | upsU |
| 0x46f4e | 6f6e0058496e69745468726561647300 | on.XInitThreads. |
| 0x46f5e | 584f70656e446973706c617900584164 | XOpenDisplay.XAdX11 screenshot or keyboard fallback |
| 0x46f6e | 64436f6e6e656374696f6e5761746368 | dConnectionWatch |
| 0x46f7e | 005852525175657279457874 | .XRRQueryExt |
| 0x4b1e7 | 646b5f737572666163655f6265657000 | dk_surface_beep. |
| 0x4b1f7 | 67746b5f6d6e656d6f6e69635f747269 | gtk_mnemonic_triTargets named crypto wallet artifacts |
| 0x4b207 | 676765725f6e65770067746b5f63656c | gger_new.gtk_cel |
| 0x4b217 | 6c5f617265615f617474726962757465 | l_area_attribute |
| 0x4b227 | 5f6765745f636f6c | _get_col |
| 0x62ef00 | 77696e646f775f7365745f6964000000 | window_set_id... |
| 0x62ef10 | 726573746f72655f66696c655f737461 | restore_file_staRansom note filename detected |
| 0x62ef20 | 7465000000000000726573746f72655f | te......restore_ |
| 0x62ef30 | 77696e646f7700000000000000 | window....... |
| 0x0 | 7f454c46020101000000000000000000 | .ELF............ELF binary has trailing overlay data |
| 0x10 | 03003e0001000000f020000000000000 | ..>...... ...... |
| 0x20 | 40000000000000007804760000000000 | @.......x.v..... |
| 0x30 | 00000000400038000f0040001e001d00 | ....@.8...@..... |
| 0x40 | 06000000040000 | ....... |
| 0xfd5 | 745f7465787400675f66726565005f5f | t_text.g_free.__ |
| 0xfe5 | 737461636b5f63686b5f6661696c0067 | stack_chk_fail.gStack protector/canary enabled |
| 0xff5 | 746b5f66696c655f6469616c6f675f6e | tk_file_dialog_n |
| 0x1005 | 657700675f6f626a6563745f7265 | ew.g_object_re |
| 0x2ff0 | 00000000000000000000000000000000 | ................ |
| 0x3000 | 010002002f6170706c69636174696f6e | ..../applicationHigh entropy content in rodata |
| 0x3010 | 5f64656d6f2f6d656e75732e75690044 | _demo/menus.ui.D |
| 0x3020 | 656d6f4170706c | emoAppl |
| 0x8c0b | 64223e313c2f70726f70657274793e0a | d">1</property>. |
| 0x8c1b | 20202020202020202020202020202020 | Targets named crypto wallet artifacts |
| 0x8c2b | 20202020202020202020202020202020 | |
| 0x8c3b | 3c70726f7065727479206e616d653d22 | <property name=" |
| 0x8c4b | 6d6e656d6f6e69632d77696467657422 | mnemonic-widget" |
| 0x8c5b | 3e7377697463683c2f70726f70657274 | >switch</propert |
| 0x8c6b | 793e | y> |
| 0x89a39 | 202020202047746b576964676574202a | GtkWidget * |
| 0x89a49 | 76626f783b0a20202020202047746b57 | vbox;. GtkWVirtualBox vendor string detection |
| 0x89a59 | 6964676574202a746f6f6c5f6261723b | idget *tool_bar; |
| 0x89a69 | 0a202020 | . |
| 0xd2bf9 | 72652c206275742069742077696c6c20 | re, but it will |
| 0xd2c09 | 636f6d6520696e0a2020202a20766572 | come in. * verItalian language detection |
| 0xd2c19 | 792075736566756c20696e2074686520 | y useful in the |
| 0xd2c29 | 666f6c6c | foll |
| 0x248620 | 732e630000000000eb41000000000000 | s.c......A...... |
| 0x248630 | 2f2a204c697374732f436c6f636b730a | /* Lists/Clocks.Russian region indicators |
| 0x248640 | 202a20234b6579776f7264733a204774 | * #Keywords: Gt |
| 0x248650 | 6b47726964566965772c2047746b4c69 | kGridView, GtkLi |
| 0x248660 | 73744974656d466163746f72792c2047 | stItemFactory, G |
| 0x248670 | 4c6973744d6f64656c0a202a0a202a20 | ListModel. *. * |
| 0x248680 | 546869732064656d6f20646973706c61 | This demo displa |
| 0x248690 | 797320 | ys |
| 0x24b292 | 5f756e7265662028636c6f636b293b0a | _unref (clock);. |
| 0x24b2a2 | 2020636c6f636b203d2067746b5f636c | clock = gtk_clCIS region timezone checks |
| 0x24b2b2 | 6f636b5f6e65772028224d6f73636f77 | ock_new ("Moscow |
| 0x24b2c2 | 222c20675f74696d655f7a6f6e655f6e | ", g_time_zone_n |
| 0x24b2d2 | 65775f6964656e746966696572202822 | ew_identifier (" |
| 0x24b2e2 | 4575726f70652f4d6f73636f77222929 | Europe/Moscow")) |
| 0x24b2f2 | 3b0a2020675f6c6973745f73746f7265 | ;. g_list_store |
| 0x24b302 | 5f617070656e642028726573756c74 | _append (result |
| 0x41c0e2 | 72293b0a0a2020617265612d3e627275 | r);.. area->bru |
| 0x41c0f2 | 73685f73697a65203d2076616c75653b | sh_size = value;Grows an ELF section |
| 0x41c102 | 0a7d0a0a73746174696320766f69640a | .}..static void. |
| 0x41c112 | 6f6e5f7061645f6469616c5f636861 | on_pad_dial_cha |
| 0x42e3ac | 37363832393538317c307c7c307c300a | 76829581|0||0|0. |
| 0x42e3bc | 3236357c736361726f6f7c736361726f | 265|scaroo|scaroDropbox URL with executable extension |
| 0x42e3cc | 6f7c52542040736361726f6f3a202353 | o|RT @scaroo: #S |
| 0x42e3dc | 6565644b697420646f65732052474241 | eedKit does RGBA |
| 0x42e3ec | 2077696e646f77207769746820637373 | window with css |
| 0x42e3fc | 20736861646f777320616e6420737475 | shadows and stu |
| 0x42e40c | 6666203a20687474703a2f2f646c2e64 | ff : http://dl.d |
| 0x42e41c | 726f70626f782e636f6d2f752f353734 | ropbox.com/u/574 |
| 0x42e42c | 363535342f736565646b69742d646f65 | 6554/seedkit-doe |
| 0x42e43c | 732d726762612e706e677c3132373637 | s-rgba.png|12767 |
| 0x42e44c | 33343038367c307c47544b746f6f6c6b | 34086|0|GTKtoolk |
| 0x4631fe | 207370203d20703b0a20207665633220 | sp = p;. vec2 |
| 0x46320e | 6370203d20703b0a20206d6f64312863 | cp = p;. mod1(cBinary process execution capability |
| 0x46321e | 702e792c2063682a362e30293b0a0a20 | p.y, ch*6.0);.. |
| 0x46322e | 2066 | f |
| 0x64a260 | 54494f4e205349474e20484541565920 | TION SIGN HEAVY |
| 0x64a270 | 4245415400000000c10f000054494245 | BEAT........TIBENative destructive task tokens |
| 0x64a280 | 54414e2043414e54494c4c4154494f4e | TAN CANTILLATION |
| 0x64a290 | 20534947 | SIG |
| 0x0 | 7f454c46020101000000000000000000 | .ELF............ELF binary has trailing overlay data |
| 0x10 | 03003e0001000000d0f2010000000000 | ..>............. |
| 0x20 | 4000000000000000000f7f0000000000 | @............... |
| 0x30 | 00000000400038000f0040001e001d00 | ....@.8...@..... |
| 0x40 | 06000000040000 | ....... |
| 0xa07b | 00675f6572726f725f66726565005f5f | .g_error_free.__ |
| 0xa08b | 737461636b5f63686b5f6661696c0067 | stack_chk_fail.gStack protector/canary enabled |
| 0xa09b | 746b5f6c6162656c5f7365745f777261 | tk_label_set_wra |
| 0xa0ab | 700067746b5f6c6162656c5f7365 | p.gtk_label_se |
| 0xb99b | 5f636f6c756d6e5f73706163696e6700 | _column_spacing. |
| 0xb9ab | 67746b5f6c6162656c5f6e65775f7769 | gtk_label_new_wiTargets named crypto wallet artifacts |
| 0xb9bb | 74685f6d6e656d6f6e69630067746b5f | th_mnemonic.gtk_ |
| 0xb9cb | 677269645f6174746163680067746b5f | grid_attach.gtk_ |
| 0xb9db | 6c6162656c5f7365745f6d6e656d6f6e | label_set_mnemon |
| 0xb9eb | 69635f77696467657400675f6d616c6c | ic_widget.g_mall |
| 0xb9fb | 6f630067746b5f77696e646f775f7365 | oc.gtk_window_se |
| 0xba0b | 745f726573697a61626c650067746b5f | t_resizable.gtk_ |
| 0xba1b | 627574746f6e5f6e65775f776974685f | button_new_with_ |
| 0xba2b | 6d6e656d6f6e69630067746b5f736570 | mnemonic.gtk_sep |
| 0xba3b | 617261746f725f6e65770067746b5f77 | arator_new.gtk_w |
| 0xba4b | 69646765745f636c | idget_cl |
| 0x6bff0 | 00000000000000000000000000000000 | ................ |
| 0x6c000 | 010002000000c03f0000003f00001644 | .......?...?...DHigh entropy content in rodata |
| 0x6c010 | 0000f0c100000743000034c30000b442 | .......C..4....B |
| 0x6c020 | 0000b4c200ff7f | ....... |
| 0x716a7 | 6e004575726f70652f4265726c696e00 | n.Europe/Berlin. |
| 0x716b7 | 4575726f70652f4d6f73636f77004173 | Europe/Moscow.AsRussian region indicators |
| 0x716c7 | 69612f4b6f6c6b617461004e65772044 | ia/Kolkata.New D |
| 0x716d7 | 656c686900417369612f536861 | elhi.Asia/Sha |
| 0x103931 | 202020202047746b576964676574202a | GtkWidget * |
| 0x103941 | 76626f783b0a20202020202047746b57 | vbox;. GtkWVirtualBox vendor string detection |
| 0x103951 | 6964676574202a746f6f6c5f6261723b | idget *tool_bar; |
| 0x103961 | 0a202020 | . |
| 0x14caf1 | 72652c206275742069742077696c6c20 | re, but it will |
| 0x14cb01 | 636f6d6520696e0a2020202a20766572 | come in. * verItalian language detection |
| 0x14cb11 | 792075736566756c20696e2074686520 | y useful in the |
| 0x14cb21 | 666f6c6c | foll |
| 0x2c2518 | 732e630000000000eb41000000000000 | s.c......A...... |
| 0x2c2528 | 2f2a204c697374732f436c6f636b730a | /* Lists/Clocks.CIS region timezone checks |
| 0x2c2538 | 202a20234b6579776f7264733a204774 | * #Keywords: Gt |
| 0x2c2548 | 6b47726964566965772c2047746b4c69 | kGridView, GtkLi |
| 0x2c2558 | 73744974656d466163746f72792c2047 | stItemFactory, G |
| 0x2c2568 | 4c6973744d6f64656c0a202a0a202a20 | ListModel. *. * |
| 0x2c2578 | 546869732064656d6f20646973706c61 | This demo displa |
| 0x2c2588 | 797320 | ys |
| 0x2c518a | 5f756e7265662028636c6f636b293b0a | _unref (clock);. |
| 0x2c519a | 2020636c6f636b203d2067746b5f636c | clock = gtk_clCIS region indicators |
| 0x2c51aa | 6f636b5f6e65772028224d6f73636f77 | ock_new ("Moscow |
| 0x2c51ba | 222c20675f74696d655f7a6f6e655f6e | ", g_time_zone_n |
| 0x2c51ca | 65775f6964656e746966696572202822 | ew_identifier (" |
| 0x2c51da | 4575726f70652f4d6f73636f77222929 | Europe/Moscow")) |
| 0x2c51ea | 3b0a2020675f6c6973745f73746f7265 | ;. g_list_store |
| 0x2c51fa | 5f617070656e642028726573756c74 | _append (result |
| 0x495fda | 72293b0a0a2020617265612d3e627275 | r);.. area->bru |
| 0x495fea | 73685f73697a65203d2076616c75653b | sh_size = value;Grows an ELF section |
| 0x495ffa | 0a7d0a0a73746174696320766f69640a | .}..static void. |
| 0x49600a | 6f6e5f7061645f6469616c5f636861 | on_pad_dial_cha |
| 0x4a82a4 | 37363832393538317c307c7c307c300a | 76829581|0||0|0. |
| 0x4a82b4 | 3236357c736361726f6f7c736361726f | 265|scaroo|scaroDropbox URL with executable extension |
| 0x4a82c4 | 6f7c52542040736361726f6f3a202353 | o|RT @scaroo: #S |
| 0x4a82d4 | 6565644b697420646f65732052474241 | eedKit does RGBA |
| 0x4a82e4 | 2077696e646f77207769746820637373 | window with css |
| 0x4a82f4 | 20736861646f777320616e6420737475 | shadows and stu |
| 0x4a8304 | 6666203a20687474703a2f2f646c2e64 | ff : http://dl.d |
| 0x4a8314 | 726f70626f782e636f6d2f752f353734 | ropbox.com/u/574 |
| 0x4a8324 | 363535342f736565646b69742d646f65 | 6554/seedkit-doe |
| 0x4a8334 | 732d726762612e706e677c3132373637 | s-rgba.png|12767 |
| 0x4a8344 | 33343038367c307c47544b746f6f6c6b | 34086|0|GTKtoolk |
| 0x6c4158 | 54494f4e205349474e20484541565920 | TION SIGN HEAVY |
| 0x6c4168 | 4245415400000000c10f000054494245 | BEAT........TIBENative destructive task tokens |
| 0x6c4178 | 54414e2043414e54494c4c4154494f4e | TAN CANTILLATION |
| 0x6c4188 | 20534947 | SIG |
| 0x0 | 7f454c46020101000000000000000000 | .ELF............ELF binary has trailing overlay data |
| 0x10 | 03003e00010000002043000000000000 | ..>..... C...... |
| 0x20 | 4000000000000000c083000000000000 | @............... |
| 0x30 | 00000000400038000f0040001d | ....@.8...@.. |
| 0x39c | 863f6340bb986f77b982de10165101ee | .?c@..ow.....Q.. |
| 0x3ac | 2f6c696236342f6c642d6c696e75782d | /lib64/ld-linux-Reference to /lib64 |
| 0x3bc | 7838362d36342e736f2e320013000000 | x86-64.so.2..... |
| 0x3cc | 9900000001000000060000008e512021 | .............Q ! |
| 0x3dc | 21750428990000009a0000 | !u.(....... |
| 0x13f0 | 72544d436c6f6e655461626c65005f5f | rTMCloneTable.__ |
| 0x1400 | 6c6962635f73746172745f6d61696e00 | libc_start_main.Benign network-capable library context |
| 0x1410 | 5f5f6378615f66696e616c697a650067 | __cxa_finalize.gC++ standard library markers (libc++, libstdc++) |
| 0x1420 | 5f66696c655f6765745f626173656e61 | _file_get_basena |
| 0x1430 | 6d6500675f7374726475705f7072 | me.g_strdup_pr |
| 0x14fe | 7374617475735f737472696e67005f5f | status_string.__ |
| 0x150e | 737461636b5f63686b5f6661696c0067 | stack_chk_fail.gStack protector/canary enabled |
| 0x151e | 5f66696c655f6c6f61645f636f6e7465 | _file_load_conte |
| 0x152e | 6e747300675f66696c655f717565 | nts.g_file_que |
| 0x2294 | 005f494f5f737464696e5f7573656400 | ._IO_stdin_used. |
| 0x22a4 | 474c4942435f4142495f44545f52454c | GLIBC_ABI_DT_RELlibc version string pattern |
| 0x22b4 | 5200474c4942435f322e333400474c49 | R.GLIBC_2.34.GLI |
| 0x22c4 | 42435f322e | BC_2. |
| 0x826c | 352e322e312032303236303230390000 | 5.2.1 20260209.. |
| 0x827c | 67746b342d7072696e742d656469746f | gtk4-print-edito.gnu_debuglink reference present |
| 0x828c | 722e646562756700167bbcae002e7368 | r.debug..{....sh |
| 0x829c | 737472746162002e6e6f74652e676e75 | strtab..note.gnu |
| 0x82ac | 2e6275696c642d6964002e696e746572 | .build-id..interELF interpreter section name |
| 0x82bc | 70002e676e752e68617368002e64796e | p..gnu.hash..dynELF dynsym section name |
| 0x82cc | 73796d002e64796e737472002e676e75 | sym..dynstr..gnuELF dynstr section name |
| 0x82dc | 2e76657273696f6e002e676e752e7665 | .version..gnu.ve |
| 0x82ec | 7273696f6e5f72002e7265 | rsion_r..re |
| 0x8378 | 6179002e646174612e72656c2e726f00 | ay..data.rel.ro. |
| 0x8388 | 2e64796e616d6963002e676f74002e64 | .dynamic..got..dELF dynamic section name |
| 0x8398 | 617461002e627373002e636f6d6d656e | ata..bss..commen |
| 0x83a8 | 74002e676e755f64 | t..gnu_d |
| 0x0 | 7f454c46020101000000000000000000 | .ELF............ELF binary has trailing overlay data |
| 0x10 | 03003e00010000003072000000000000 | ..>.....0r...... |
| 0x20 | 400000000000000040e3110000000000 | @.......@....... |
| 0x30 | 00000000400038000f0040001e001d00 | ....@.8...@..... |
| 0x40 | 0600000004 | ..... |
| 0x39c | d51470bb5a9d321e3ea5105ee15e4d90 | ..p.Z.2.>..^.^M. |
| 0x3ac | 2f6c696236342f6c642d6c696e75782d | /lib64/ld-linux-Reference to /lib64 |
| 0x3bc | 7838362d36342e736f2e320013000000 | x86-64.so.2..... |
| 0x3cc | 3a01000001000000060000008e512021 | :............Q ! |
| 0x3dc | 217504283a0100003b0100 | !u.(:...;.. |
| 0x2308 | 72544d436c6f6e655461626c65005f5f | rTMCloneTable.__ |
| 0x2318 | 6c6962635f73746172745f6d61696e00 | libc_start_main.Benign network-capable library context |
| 0x2328 | 5f5f6378615f66696e616c697a650067 | __cxa_finalize.gC++ standard library markers (libc++, libstdc++) |
| 0x2338 | 5f6f626a6563745f756e726566006774 | _object_unref.gt |
| 0x2348 | 6b5f73657474696e67735f676574 | k_settings_get |
| 0x278a | 6e675f617070656e645f6c656e005f5f | ng_append_len.__ |
| 0x279a | 737461636b5f63686b5f6661696c0067 | stack_chk_fail.gStack protector/canary enabled |
| 0x27aa | 746b5f7769646765745f616374697661 | tk_widget_activa |
| 0x27ba | 74655f616374696f6e0067746b5f | te_action.gtk_ |
| 0x34c8 | 6e736572745f61745f637572736f7200 | nsert_at_cursor. |
| 0x34d8 | 67746b5f7769646765745f6765745f63 | gtk_widget_get_cClipboard handling context |
| 0x34e8 | 6c6970626f6172640067746b5f746578 | lipboard.gtk_tex |
| 0x34f8 | 745f6275666665725f636f70795f636c | t_buffer_copy_cl |
| 0x3508 | 6970626f6172640067746b5f74657874 | ipboard.gtk_text |
| 0x3518 | 5f6275666665725f6375745f636c6970 | _buffer_cut_clip |
| 0x3528 | 626f6172640067746b5f746578745f62 | board.gtk_text_b |
| 0x3538 | 75666665725f70617374655f636c6970 | uffer_paste_clip |
| 0x3548 | 626f617264 | board |
| 0x4006 | 6374696f6e5f6765745f737461746500 | ction_get_state. |
| 0x4016 | 6578697400675f7374617469635f7265 | exit.g_static_reTerminates process immediately without cleanup |
| 0x4026 | 736f757263655f696e697400675f7374 | source_init.g_st |
| 0x4036 | 61746963 | atic |
| 0x4132 | 005f494f5f737464696e5f7573656400 | ._IO_stdin_used. |
| 0x4142 | 474c4942435f4142495f44545f52454c | GLIBC_ABI_DT_RELlibc version string pattern |
| 0x4152 | 5200474c4942435f322e333400474c49 | R.GLIBC_2.34.GLI |
| 0x4162 | 42435f322e | BC_2. |
| 0xcff0 | 00000000000000000000000000000000 | ................ |
| 0xd000 | 0100020067746b2d696e746572666163 | ....gtk-interfacHigh entropy content in rodata |
| 0xd010 | 652d636f6c6f722d736368656d650064 | e-color-scheme.d |
| 0xd020 | 656661756c7400 | efault. |
| 0xd187 | 6d6f64616c007472616e7369656e742d | modal.transient- |
| 0xd197 | 666f720073797374656d2d696e666f72 | for.system-inforEnglish language detection |
| 0xd1a7 | 6d6174696f6e0041626f75742047544b | mation.About GTK |
| 0xd1b7 | 205769 | Wi |
| 0xd20c | a9e2808931393937e280943230323420 | ....1997...2024 |
| 0xd21c | 5468652047544b205465616d00636f70 | The GTK Team.copEnglish language detection |
| 0xd22c | 7972696768740076657273696f6e004d | yright.version.M |
| 0xd23c | 61696e | ain |
| 0xd280 | 2063616e63656c65640a005361766520 | canceled..Save |
| 0xd290 | 746865207472656573210a0062656769 | the trees!..begiEnglish language detection |
| 0xd2a0 | 6e2d7072696e7400647261772d706167 | n-print.draw-pag |
| 0xd2b0 | 650064 | e.d |
| 0x29c31 | 796c653e3c636c617373206e616d653d | yle><class name= |
| 0x29c41 | 22626f6479222f3e3c2f7374796c653e | "body"/></style>I/O multiplexing on sockets |
| 0x29c51 | 3c2f6f626a6563743e3c2f6368696c64 | </object></child |
| 0x29c61 | 3e3c6368696c | ><chil |
| 0x0 | 7f454c46020101000000000000000000 | .ELF............ELF binary has trailing overlay data |
| 0x10 | 03003e0001000000f071000000000000 | ..>......q...... |
| 0x20 | 4000000000000000f8c2010000000000 | @............... |
| 0x30 | 00000000400038000f0040001e001d00 | ....@.8...@..... |
| 0x40 | 0600000004 | ..... |
| 0x39c | 54e3b69363a0dc8ef29eb2f040a04605 | T...c.......@.F. |
| 0x3ac | 2f6c696236342f6c642d6c696e75782d | /lib64/ld-linux-Reference to /lib64 |
| 0x3bc | 7838362d36342e736f2e320013000000 | x86-64.so.2..... |
| 0x3cc | 4601000001000000060000008e512021 | F............Q ! |
| 0x3dc | 2175042846010000470100 | !u.(F...G.. |
| 0x2428 | 72544d436c6f6e655461626c65005f5f | rTMCloneTable.__ |
| 0x2438 | 6c6962635f73746172745f6d61696e00 | libc_start_main.Benign network-capable library context |
| 0x2448 | 5f5f6378615f66696e616c697a650067 | __cxa_finalize.gC++ standard library markers (libc++, libstdc++) |
| 0x2458 | 646b5f7061696e7461626c655f676574 | dk_paintable_get |
| 0x2468 | 5f696e7472696e7369635f776964 | _intrinsic_wid |
| 0x2643 | 6572666163655f737461746963005f5f | erface_static.__ |
| 0x2653 | 737461636b5f63686b5f6661696c0067 | stack_chk_fail.gStack protector/canary enabled |
| 0x2663 | 5f6f6e63655f696e69745f656e746572 | _once_init_enter |
| 0x2673 | 5f706f696e74657200675f6f6e63 | _pointer.g_onc |
| 0x2c9e | 6c75655f7365745f626f6f6c65616e00 | lue_set_boolean. |
| 0x2cae | 67746b5f7769646765745f6765745f63 | gtk_widget_get_cClipboard handling context |
| 0x2cbe | 6c6970626f6172640067746b5f776964 | lipboard.gtk_wid |
| 0x2cce | 6765745f6765745f6672616d655f636c | get_get_frame_cl |
| 0x2cde | 6f636b00675f7369 | ock.g_si |
| 0x38b6 | 745f646174615f66756c6c0067736b5f | t_data_full.gsk_ |
| 0x38c6 | 76756c6b616e5f72656e64657265725f | vulkan_renderer_Graphics/OpenGL library markers |
| 0x38d6 | 6e65770067736b5f62726f6164776179 | new.gsk_broadway |
| 0x38e6 | 5f72656e6465 | _rende |
| 0x3ab2 | 670067746b5f746578745f766965775f | g.gtk_text_view_ |
| 0x3ac2 | 72656d6f76650067746b5f746578745f | remove.gtk_text_Delete files |
| 0x3ad2 | 697465725f6261636b776172645f7365 | iter_backward_se |
| 0x3ae2 | 617263680067 | arch.g |
| 0x3f03 | 616e745f646963745f6c6f6f6b757000 | ant_dict_lookup. |
| 0x3f13 | 72656e616d650067736b5f72656e6465 | rename.gsk_rendeRename files |
| 0x3f23 | 725f6e6f64655f7265660067746b5f73 | r_node_ref.gtk_s |
| 0x3f33 | 6e617073686f | napsho |
| 0x42ea | 73656400474c4942435f322e322e3500 | sed.GLIBC_2.2.5. |
| 0x42fa | 474c4942435f4142495f44545f52454c | GLIBC_ABI_DT_RELlibc version string pattern |
| 0x430a | 5200474c4942435f322e333400474c49 | R.GLIBC_2.34.GLI |
| 0x431a | 42435f322e | BC_2. |
| 0xd0b3 | 69746f724170706c69636174696f6e00 | itorApplication. |
| 0xd0c3 | 56756c6b616e004f70656e474c004361 | Vulkan.OpenGL.CaOpenGL graphics reference cluster A |
| 0xd0d3 | 69726f00556e6b6e6f776e0037663939 | iro.Unknown.7f99 |
| 0xd0e3 | 616231613236002d0047544b20 | ab1a26.-.GTK |
| 0xd1ed | 2d6e616d65007472616e7369656e742d | -name.transient- |
| 0xd1fd | 666f720073797374656d2d696e666f72 | for.system-inforEnglish language detection |
| 0xd20d | 6d6174696f6e0041626f75742047544b | mation.About GTK |
| 0xd21d | 204e6f | No |
| 0xd28d | a9e2808932303139e280943230323420 | ....2019...2024 |
| 0xd29d | 5468652047544b205465616d00636f70 | The GTK Team.copEnglish language detection |
| 0xd2ad | 79726967687400417274776f726b2062 | yright.Artwork b |
| 0xd2bd | 79004d | y.M |
| 0x0 | 28b52ffd0478844e006a5e281026004f | (./..x.N.j^(.&.OBinary is not digitally signed |
| 0x10 | 123d31262aeacbb25905a8f926d38bfb | .=1&*...Y...&... |
| 0x20 | 04027e9d3a33d8036dab3f51d8d776e9 | ..~.:3..m.?Q..v. |
| 0x30 | 1f5a2fc00701f000f300b64e5b6fe3fe | .Z/........N[o.. |
| 0x40 | d7078615ab62 | .....b |
Objectives
notable severity, 95% confident.
anti-static/obfuscation/binary-metrics
Very high overall file entropy
notable severity, 90% confident.
anti-static/obfuscation/payload
Section code size exceeds file size
notable severity, 80% confident.
impact/ransom
Ransom note filename (YOUR_FILES/RECOVER pattern)
Micro-behaviors
Metadata
20 of 26 traits shown
Identity
| SHA-256 | ee70f49402a51df4fd1bccaa114e310b0c55aabade97b4f99e3875d75a12c4b4 |
|---|---|
| Canonical SHA-256 | 04348c8feda16bb8479fdbede2c3bdba835ad0bc39ecfe2a74a1f928f818c298 |
| Filename | gtk4-demos-4.22.4-1-x86_64.pkg.tar.zst |
| Package | gtk4-demos |
| Version | 4.22.4-1 |
Origin
| Source | harvest |
|---|---|
| Feed | archlinux.org |
| Ecosystem | arch |
| Domain | archlinux.org |
Timeline
| First seen | 14 Jun 2026 16:37 UTC |
|---|---|
| First analyzed | 14 Jun 2026 16:45 UTC |
| Last analyzed | 14 Jun 2026 16:45 UTC |
| Last updated | 14 Jun 2026 16:45 UTC |
Labeling
| Label | unknown |
|---|---|
| Label source | harvest |
| Traits version | 061e3 |
Not seeing what you expected? Let us know