Strace Log shows 'Function Not Implemented'

0

I set up a VM with buildroot and its architecture is ARMv7. I also downloaded the Mirai-Source-Code and compiled it. Now I am trying to execute it in my VM, but I always get this stracelog.

I am doing this only for educational and research purposes, there are no criminal intentions behind that.

syscall_0x8094(0x7ee2cf4e, 0x7ee2ce54, 0x7ee2ce5c, 0x1ec60, 0x7ee2cc00, 0) = -1 ENOSYS (Function not implemented) syscall_0x8094(0, 0x7ee2cc00, 0, 0x8, 0x7ee2cc00, 0) = -1 ENOSYS (Function not implemented) syscall_0x8094(0x11, 0x7ee2c5b4, 0x7ee2c528, 0x8, 0x7ee2c6dc, 0x7ee2c650) = -1 ENOSYS (Function not implemented) syscall_0x8094(0x5, 0x7ee2c5b4, 0x7ee2c528, 0x8, 0x7ee2c6dc, 0x7ee2c650) = -1 ENOSYS (Function not implemented) syscall_0x8094(0x15f70, 0x2, 0, 0, 0x7ee2cc00, 0) = -1 ENOSYS (Function not implemented) syscall_0x8094(0x15f80, 0x2, 0, 0, 0xffffffff, 0) = -1 ENOSYS (Function not implemented) syscall_0x8094(0x15f20, 0x2, 0, 0x26, 0xffffffff, 0) = -1 ENOSYS (Function not implemented) syscall_0x8094(0x2, 0x2, 0, 0x26, 0x10, 0) = -1 ENOSYS (Function not implemented) --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x1f230} --- +++ killed by SIGSEGV +++ Segmentation fault

I tried executing it in a ARM-Debian VM and it works, but the loader of mirai doesn't work on the arm debian vm (the infection). Therefore I am trying to get it work on this vm.

What is also strange is that the debug version works, I believe that the mistake comes from the the release version forking processes while the debug version is not doing that. I found that out by letting the debug version fork a process and I get the same error again.

I am using the kernel version 4.19 and on buildroot I installed busybox version 1.29.

Does anybody has any idea what I could have done wrong ? Does somebody know what strace is trying to tell me ?

Thanks in advance!

security
malware
buildroot
strace
dynamic-analysis
asked on Stack Overflow Sep 3, 2018 by itsec19932010 • edited Sep 3, 2018 by itsec19932010

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0