Open-source atomic malware analysis

Analyze another

alsa-lib-1.2.15.3-2-x86_64.pkg.tar.zst

TAR.ZST
Verdict: BENIGN
SHA256: f72ac3d448f7fe4c64142daaf40083414afff75229f4ec84c384f8d0ba09b077
Mal-ecule
O₄(Er₃AsCP)H₄(Cm₆Ds₂F₄Po₄)Md₂(Bi₃He₂)
Size 505.3 KB download
First seen 15 days ago
Analyzed 14 days ago
Ecosystem linux
Source archlinux.org

Objectives

suspicious severity, 99% confident.
evasion/kernel-hide/lkm CR0 write-protect bit manipulation
notable severity, 85% confident.
anti-static/obfuscation/payload Data file with very high entropy
notable severity, 85% confident.
command-and-control/reverse-shell POSIX shell with socket fd redirection
notable severity, 75% confident.
persistence/system/daemon Unix daemon persistence mechanism

Micro-behaviors

notable severity, 75% confident.
communications/socket/bind Bind socket to address
notable severity, 85% confident.
dylib Address to symbol lookup
notable severity, 90% confident.
dylib/load Dynamic library loading via dlopen
notable severity, 80% confident.
fs/file Read file status and metadata (legacy 64-bit)
notable severity, 95% confident.
process/create Executes command and captures output
notable severity, 90% confident.
process/create/shell system() function call
notable severity, 70% confident.
process/fd Close all descriptors from limit
baseline severity, 100% confident.
fs/path /tmp/ path component
baseline severity, 100% confident.
fs/path/device /dev/null (legitimate discard device)

Metadata

notable severity, 96% confident.
binary ELF binary has trailing overlay data
notable severity, 100% confident.
binary/linking Shared library binds dynamic loader
notable severity, 80% confident.
binary/section Non-empty finalization array section
notable severity, 85% confident.
hardening FORTIFY_SOURCE memcpy bounds check
baseline severity, 100% confident.
binary/metrics Binary has 1000 or more strings
baseline severity, 100% confident.
build ELF external debug artifact reference
baseline severity, 100% confident.
lang shell code embedded in string

20 of 103 traits shown

Identity

SHA-256 f72ac3d448f7fe4c64142daaf40083414afff75229f4ec84c384f8d0ba09b077
Canonical SHA-256 00b748fe45e0cbe866fb1690e7f0b1db92f1e91f078a39d66f8ba1e8944e9893
Filename alsa-lib-1.2.15.3-2-x86_64.pkg.tar.zst
Package alsa-lib
Version 1.2.16-1

Origin

Source forager
Feed archlinux.org
Ecosystem linux
Domain archlinux.org
URL https://archlinux.org/packages/extra/x86_64/alsa-lib/download/

Timeline

First seen 1 Jun 2026 18:08 UTC
First analyzed 3 Jun 2026 05:49 UTC
Last analyzed 3 Jun 2026 05:49 UTC
Last updated 3 Jun 2026 05:49 UTC

Labeling

Label unknown
Label source forager
Traits version 126f8