{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "[Portable Executable](https://ru.wikipedia.org/wiki/Portable_Executable)"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Удобный ресурс для определения сигнатур файлов разных типов: http://www.filesignatures.net"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "В системах Linux, чтобы найти сигнатуру файла (уникальная последовательность байтов), можно использовать команду ```xxd```, которая генерирует шестнадцатеричный дамп файла, как показано ниже:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "all_hashes.txt\tmain_02.c  task-1.exe  test_01\ttest_03\n",
      "main_01.c\tmain_03.c  test        test_02\tv_01.txt\n"
     ]
    }
   ],
   "source": [
    "!ls samples"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 5,
   "metadata": {
    "scrolled": true
   },
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "00000000: 4d5a 9000 0300 0000 0400 0000 ffff 0000  MZ..............\n",
      "00000010: b800 0000 0000 0000 4000 0000 0000 0000  ........@.......\n",
      "00000020: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000030: 0000 0000 0000 0000 0000 0000 d000 0000  ................\n",
      "00000040: 0e1f ba0e 00b4 09cd 21b8 014c cd21 5468  ........!..L.!Th\n",
      "00000050: 6973 2070 726f 6772 616d 2063 616e 6e6f  is program canno\n",
      "00000060: 7420 6265 2072 756e 2069 6e20 444f 5320  t be run in DOS \n",
      "00000070: 6d6f 6465 2e0d 0d0a 2400 0000 0000 0000  mode....$.......\n",
      "00000080: b94b 04c7 fd2a 6a94 fd2a 6a94 fd2a 6a94  .K...*j..*j..*j.\n",
      "00000090: a642 6b95 fe2a 6a94 fd2a 6b94 ff2a 6a94  .Bk..*j..*k..*j.\n",
      "000000a0: fc47 6995 fc2a 6a94 fc47 6895 fc2a 6a94  .Gi..*j..Gh..*j.\n",
      "000000b0: 5269 6368 fd2a 6a94 0000 0000 0000 0000  Rich.*j.........\n",
      "000000c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000000d0: 5045 0000 4c01 0400 bbe2 835d 0000 0000  PE..L......]....\n",
      "000000e0: 0000 0000 e000 0201 0b01 0e16 0002 0000  ................\n",
      "000000f0: 0006 0000 0000 0000 0010 0000 0010 0000  ................\n",
      "00000100: 0020 0000 0000 4000 0010 0000 0002 0000  . ....@.........\n",
      "00000110: 0600 0000 0000 0000 0600 0000 0000 0000  ................\n",
      "00000120: 0050 0000 0004 0000 0000 0000 0200 4081  .P............@.\n",
      "00000130: 0000 1000 0010 0000 0000 1000 0010 0000  ................\n",
      "00000140: 0000 0000 1000 0000 0000 0000 0000 0000  ................\n",
      "00000150: e020 0000 2800 0000 0000 0000 0000 0000  . ..(...........\n",
      "00000160: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000170: 0040 0000 1000 0000 1020 0000 1c00 0000  .@....... ......\n",
      "00000180: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000190: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000001a0: 0000 0000 0000 0000 0020 0000 1000 0000  ......... ......\n",
      "000001b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000001c0: 0000 0000 0000 0000 2e74 6578 7400 0000  .........text...\n",
      "000001d0: 1f00 0000 0010 0000 0002 0000 0004 0000  ................\n",
      "000001e0: 0000 0000 0000 0000 0000 0000 2000 0060  ............ ..`\n",
      "000001f0: 2e72 6461 7461 0000 3a01 0000 0020 0000  .rdata..:.... ..\n",
      "00000200: 0002 0000 0006 0000 0000 0000 0000 0000  ................\n",
      "00000210: 0000 0000 4000 0040 2e64 6174 6100 0000  ....@..@.data...\n",
      "00000220: 0500 0000 0030 0000 0002 0000 0008 0000  .....0..........\n",
      "00000230: 0000 0000 0000 0000 0000 0000 4000 00c0  ............@...\n",
      "00000240: 2e72 656c 6f63 0000 1000 0000 0040 0000  .reloc.......@..\n",
      "00000250: 0002 0000 000a 0000 0000 0000 0000 0000  ................\n",
      "00000260: 0000 0000 4000 0042 0000 0000 0000 0000  ....@..B........\n",
      "00000270: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000280: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000290: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000300: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000310: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000320: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000330: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000340: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000350: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000360: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000370: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000380: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000390: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000003a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000003b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000003c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000003d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000003e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000003f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000400: 6a01 6800 3040 00e8 0d00 0000 6a00 e800  j.h.0@......j...\n",
      "00000410: 0000 00ff 2504 2040 00ff 2500 2040 0000  ....%. @..%. @..\n",
      "00000420: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000430: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000440: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000450: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000460: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000470: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000480: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000490: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000004a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000004b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000004c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000004d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000004e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000004f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000500: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000510: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000520: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000530: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000540: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000550: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000560: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000570: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000580: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000590: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000005a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000005b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000005c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000005d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000005e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000005f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000600: 2221 0000 1421 0000 0000 0000 0000 0000  \"!...!..........\n",
      "00000610: 0000 0000 bbe2 835d 0000 0000 0d00 0000  .......]........\n",
      "00000620: b400 0000 2c20 0000 2c06 0000 0000 0000  ...., ..,.......\n",
      "00000630: 0010 0000 1f00 0000 2e74 6578 7424 6d6e  .........text$mn\n",
      "00000640: 0000 0000 0020 0000 1000 0000 2e69 6461  ..... .......ida\n",
      "00000650: 7461 2435 0000 0000 1020 0000 1c00 0000  ta$5..... ......\n",
      "00000660: 2e72 6461 7461 0000 2c20 0000 b400 0000  .rdata.., ......\n",
      "00000670: 2e72 6461 7461 247a 7a7a 6462 6700 0000  .rdata$zzzdbg...\n",
      "00000680: e020 0000 1400 0000 2e69 6461 7461 2432  . .......idata$2\n",
      "00000690: 0000 0000 f420 0000 1400 0000 2e69 6461  ..... .......ida\n",
      "000006a0: 7461 2433 0000 0000 0821 0000 0c00 0000  ta$3.....!......\n",
      "000006b0: 2e69 6461 7461 2434 0000 0000 1421 0000  .idata$4.....!..\n",
      "000006c0: 2600 0000 2e69 6461 7461 2436 0000 0000  &....idata$6....\n",
      "000006d0: 0030 0000 0500 0000 2e64 6174 6100 0000  .0.......data...\n",
      "000006e0: 0821 0000 0000 0000 0000 0000 2c21 0000  .!..........,!..\n",
      "000006f0: 0020 0000 0000 0000 0000 0000 0000 0000  . ..............\n",
      "00000700: 0000 0000 0000 0000 2221 0000 1421 0000  ........\"!...!..\n",
      "00000710: 0000 0000 5e01 4578 6974 5072 6f63 6573  ....^.ExitProces\n",
      "00000720: 7300 ff05 5769 6e45 7865 6300 4b45 524e  s...WinExec.KERN\n",
      "00000730: 454c 3332 2e64 6c6c 0000 0000 0000 0000  EL32.dll........\n",
      "00000740: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000750: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000760: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000770: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000780: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000790: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000007a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000007b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000007c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000007d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000007e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000007f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000800: 6361 6c63 0000 0000 0000 0000 0000 0000  calc............\n",
      "00000810: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000820: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000830: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000840: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000850: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000860: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000870: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000880: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000890: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000900: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000910: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000920: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000930: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000940: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000950: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000960: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000970: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000980: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000990: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a00: 0010 0000 1000 0000 0330 1530 1b30 0000  .........0.0.0..\n",
      "00000a10: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a20: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a30: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a40: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a50: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a60: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a70: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a80: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a90: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000aa0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ab0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ac0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ad0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ae0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000af0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b00: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b10: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b20: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b30: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b40: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b50: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b60: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b70: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b80: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b90: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ba0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bd0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000be0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bf0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n"
     ]
    }
   ],
   "source": [
    "!xxd samples/task-1.exe"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Исполняемые файлы ОС Windows, также называемые PE-файлами (например, .exe, .dll, .com, .drv, .sys и т. д.), имеют подпись файла ```MZ``` или шестнадцатеричные символы ```4D 5A``` в первых двух байтах файла."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 6,
   "metadata": {
    "scrolled": true
   },
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000  .ELF............\n",
      "00000010: 0300 3e00 0100 0000 8005 0000 0000 0000  ..>.............\n",
      "00000020: 4000 0000 0000 0000 001a 0000 0000 0000  @...............\n",
      "00000030: 0000 0000 4000 3800 0900 4000 1f00 1e00  ....@.8...@.....\n",
      "00000040: 0600 0000 0500 0000 4000 0000 0000 0000  ........@.......\n",
      "00000050: 4000 0000 0000 0000 4000 0000 0000 0000  @.......@.......\n",
      "00000060: f801 0000 0000 0000 f801 0000 0000 0000  ................\n",
      "00000070: 0800 0000 0000 0000 0300 0000 0400 0000  ................\n",
      "00000080: 3802 0000 0000 0000 3802 0000 0000 0000  8.......8.......\n",
      "00000090: 3802 0000 0000 0000 1c00 0000 0000 0000  8...............\n",
      "000000a0: 1c00 0000 0000 0000 0100 0000 0000 0000  ................\n",
      "000000b0: 0100 0000 0500 0000 0000 0000 0000 0000  ................\n",
      "000000c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000000d0: ac08 0000 0000 0000 ac08 0000 0000 0000  ................\n",
      "000000e0: 0000 2000 0000 0000 0100 0000 0600 0000  .. .............\n",
      "000000f0: d80d 0000 0000 0000 d80d 2000 0000 0000  .......... .....\n",
      "00000100: d80d 2000 0000 0000 5802 0000 0000 0000  .. .....X.......\n",
      "00000110: 6002 0000 0000 0000 0000 2000 0000 0000  `......... .....\n",
      "00000120: 0200 0000 0600 0000 f00d 0000 0000 0000  ................\n",
      "00000130: f00d 2000 0000 0000 f00d 2000 0000 0000  .. ....... .....\n",
      "00000140: e001 0000 0000 0000 e001 0000 0000 0000  ................\n",
      "00000150: 0800 0000 0000 0000 0400 0000 0400 0000  ................\n",
      "00000160: 5402 0000 0000 0000 5402 0000 0000 0000  T.......T.......\n",
      "00000170: 5402 0000 0000 0000 4400 0000 0000 0000  T.......D.......\n",
      "00000180: 4400 0000 0000 0000 0400 0000 0000 0000  D...............\n",
      "00000190: 50e5 7464 0400 0000 6407 0000 0000 0000  P.td....d.......\n",
      "000001a0: 6407 0000 0000 0000 6407 0000 0000 0000  d.......d.......\n",
      "000001b0: 3c00 0000 0000 0000 3c00 0000 0000 0000  <.......<.......\n",
      "000001c0: 0400 0000 0000 0000 51e5 7464 0600 0000  ........Q.td....\n",
      "000001d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000001e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000001f0: 0000 0000 0000 0000 1000 0000 0000 0000  ................\n",
      "00000200: 52e5 7464 0400 0000 d80d 0000 0000 0000  R.td............\n",
      "00000210: d80d 2000 0000 0000 d80d 2000 0000 0000  .. ....... .....\n",
      "00000220: 2802 0000 0000 0000 2802 0000 0000 0000  (.......(.......\n",
      "00000230: 0100 0000 0000 0000 2f6c 6962 3634 2f6c  ......../lib64/l\n",
      "00000240: 642d 6c69 6e75 782d 7838 362d 3634 2e73  d-linux-x86-64.s\n",
      "00000250: 6f2e 3200 0400 0000 1000 0000 0100 0000  o.2.............\n",
      "00000260: 474e 5500 0000 0000 0200 0000 0600 0000  GNU.............\n",
      "00000270: 2000 0000 0400 0000 1400 0000 0300 0000   ...............\n",
      "00000280: 474e 5500 f2bd 5ec0 510b e9de e734 eba2  GNU...^.Q....4..\n",
      "00000290: c607 d4da b969 4d56 0100 0000 0100 0000  .....iMV........\n",
      "000002a0: 0100 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000002d0: 3100 0000 2000 0000 0000 0000 0000 0000  1... ...........\n",
      "000002e0: 0000 0000 0000 0000 0b00 0000 1200 0000  ................\n",
      "000002f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000300: 1f00 0000 1200 0000 0000 0000 0000 0000  ................\n",
      "00000310: 0000 0000 0000 0000 4d00 0000 2000 0000  ........M... ...\n",
      "00000320: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000330: 5c00 0000 2000 0000 0000 0000 0000 0000  \\... ...........\n",
      "00000340: 0000 0000 0000 0000 7000 0000 2000 0000  ........p... ...\n",
      "00000350: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000360: 1000 0000 2200 0000 0000 0000 0000 0000  ....\"...........\n",
      "00000370: 0000 0000 0000 0000 006c 6962 632e 736f  .........libc.so\n",
      "00000380: 2e36 0070 7574 7300 5f5f 6378 615f 6669  .6.puts.__cxa_fi\n",
      "00000390: 6e61 6c69 7a65 005f 5f6c 6962 635f 7374  nalize.__libc_st\n",
      "000003a0: 6172 745f 6d61 696e 005f 4954 4d5f 6465  art_main._ITM_de\n",
      "000003b0: 7265 6769 7374 6572 544d 436c 6f6e 6554  registerTMCloneT\n",
      "000003c0: 6162 6c65 005f 5f67 6d6f 6e5f 7374 6172  able.__gmon_star\n",
      "000003d0: 745f 5f00 5f4a 765f 5265 6769 7374 6572  t__._Jv_Register\n",
      "000003e0: 436c 6173 7365 7300 5f49 544d 5f72 6567  Classes._ITM_reg\n",
      "000003f0: 6973 7465 7254 4d43 6c6f 6e65 5461 626c  isterTMCloneTabl\n",
      "00000400: 6500 474c 4942 435f 322e 322e 3500 0000  e.GLIBC_2.2.5...\n",
      "00000410: 0000 0200 0200 0000 0000 0000 0200 0000  ................\n",
      "00000420: 0100 0100 0100 0000 1000 0000 0000 0000  ................\n",
      "00000430: 751a 6909 0000 0200 8a00 0000 0000 0000  u.i.............\n",
      "00000440: d80d 2000 0000 0000 0800 0000 0000 0000  .. .............\n",
      "00000450: 8006 0000 0000 0000 e00d 2000 0000 0000  .......... .....\n",
      "00000460: 0800 0000 0000 0000 4006 0000 0000 0000  ........@.......\n",
      "00000470: 2810 2000 0000 0000 0800 0000 0000 0000  (. .............\n",
      "00000480: 2810 2000 0000 0000 d00f 2000 0000 0000  (. ....... .....\n",
      "00000490: 0600 0000 0100 0000 0000 0000 0000 0000  ................\n",
      "000004a0: d80f 2000 0000 0000 0600 0000 0300 0000  .. .............\n",
      "000004b0: 0000 0000 0000 0000 e00f 2000 0000 0000  .......... .....\n",
      "000004c0: 0600 0000 0400 0000 0000 0000 0000 0000  ................\n",
      "000004d0: e80f 2000 0000 0000 0600 0000 0500 0000  .. .............\n",
      "000004e0: 0000 0000 0000 0000 f00f 2000 0000 0000  .......... .....\n",
      "000004f0: 0600 0000 0600 0000 0000 0000 0000 0000  ................\n",
      "00000500: f80f 2000 0000 0000 0600 0000 0700 0000  .. .............\n",
      "00000510: 0000 0000 0000 0000 1810 2000 0000 0000  .......... .....\n",
      "00000520: 0700 0000 0200 0000 0000 0000 0000 0000  ................\n",
      "00000530: 4883 ec08 488b 05a5 0a20 0048 85c0 7402  H...H.... .H..t.\n",
      "00000540: ffd0 4883 c408 c300 0000 0000 0000 0000  ..H.............\n",
      "00000550: ff35 b20a 2000 ff25 b40a 2000 0f1f 4000  .5.. ..%.. ...@.\n",
      "00000560: ff25 b20a 2000 6800 0000 00e9 e0ff ffff  .%.. .h.........\n",
      "00000570: ff25 820a 2000 6690 0000 0000 0000 0000  .%.. .f.........\n",
      "00000580: 31ed 4989 d15e 4889 e248 83e4 f050 544c  1.I..^H..H...PTL\n",
      "00000590: 8d05 aa01 0000 488d 0d33 0100 0048 8d3d  ......H..3...H.=\n",
      "000005a0: 0c01 0000 ff15 2e0a 2000 f40f 1f44 0000  ........ ....D..\n",
      "000005b0: 488d 3d79 0a20 0048 8d05 790a 2000 5548  H.=y. .H..y. .UH\n",
      "000005c0: 29f8 4889 e548 83f8 0e76 1548 8b05 fe09  ).H..H...v.H....\n",
      "000005d0: 2000 4885 c074 095d ffe0 660f 1f44 0000   .H..t.]..f..D..\n",
      "000005e0: 5dc3 0f1f 4000 662e 0f1f 8400 0000 0000  ]...@.f.........\n",
      "000005f0: 488d 3d39 0a20 0048 8d35 320a 2000 5548  H.=9. .H.52. .UH\n",
      "00000600: 29fe 4889 e548 c1fe 0348 89f0 48c1 e83f  ).H..H...H..H..?\n",
      "00000610: 4801 c648 d1fe 7418 488b 05d1 0920 0048  H..H..t.H.... .H\n",
      "00000620: 85c0 740c 5dff e066 0f1f 8400 0000 0000  ..t.]..f........\n",
      "00000630: 5dc3 0f1f 4000 662e 0f1f 8400 0000 0000  ]...@.f.........\n",
      "00000640: 803d e909 2000 0075 2748 833d a709 2000  .=.. ..u'H.=.. .\n",
      "00000650: 0055 4889 e574 0c48 8b3d ca09 2000 e80d  .UH..t.H.=.. ...\n",
      "00000660: ffff ffe8 48ff ffff 5dc6 05c0 0920 0001  ....H...].... ..\n",
      "00000670: f3c3 0f1f 4000 662e 0f1f 8400 0000 0000  ....@.f.........\n",
      "00000680: 488d 3d61 0720 0048 833f 0075 0be9 5eff  H.=a. .H.?.u..^.\n",
      "00000690: ffff 660f 1f44 0000 488b 0549 0920 0048  ..f..D..H..I. .H\n",
      "000006a0: 85c0 74e9 5548 89e5 ffd0 5de9 40ff ffff  ..t.UH....].@...\n",
      "000006b0: 5548 89e5 488d 3d99 0000 00e8 a0fe ffff  UH..H.=.........\n",
      "000006c0: b800 0000 005d c366 0f1f 8400 0000 0000  .....].f........\n",
      "000006d0: 4157 4156 4189 ff41 5541 544c 8d25 f606  AWAVA..AUATL.%..\n",
      "000006e0: 2000 5548 8d2d f606 2000 5349 89f6 4989   .UH.-.. .SI..I.\n",
      "000006f0: d54c 29e5 4883 ec08 48c1 fd03 e82f feff  .L).H...H..../..\n",
      "00000700: ff48 85ed 7420 31db 0f1f 8400 0000 0000  .H..t 1.........\n",
      "00000710: 4c89 ea4c 89f6 4489 ff41 ff14 dc48 83c3  L..L..D..A...H..\n",
      "00000720: 0148 39dd 75ea 4883 c408 5b5d 415c 415d  .H9.u.H...[]A\\A]\n",
      "00000730: 415e 415f c390 662e 0f1f 8400 0000 0000  A^A_..f.........\n",
      "00000740: f3c3 0000 4883 ec08 4883 c408 c300 0000  ....H...H.......\n",
      "00000750: 0100 0200 4865 6c6c 6f2c 206d 616c 7761  ....Hello, malwa\n",
      "00000760: 7265 2100 011b 033b 3800 0000 0600 0000  re!....;8.......\n",
      "00000770: ecfd ffff 8400 0000 0cfe ffff ac00 0000  ................\n",
      "00000780: 1cfe ffff 5400 0000 4cff ffff c400 0000  ....T...L.......\n",
      "00000790: 6cff ffff e400 0000 dcff ffff 2c01 0000  l...........,...\n",
      "000007a0: 1400 0000 0000 0000 017a 5200 0178 1001  .........zR..x..\n",
      "000007b0: 1b0c 0708 9001 0710 1400 0000 1c00 0000  ................\n",
      "000007c0: c0fd ffff 2b00 0000 0000 0000 0000 0000  ....+...........\n",
      "000007d0: 1400 0000 0000 0000 017a 5200 0178 1001  .........zR..x..\n",
      "000007e0: 1b0c 0708 9001 0000 2400 0000 1c00 0000  ........$.......\n",
      "000007f0: 60fd ffff 2000 0000 000e 1046 0e18 4a0f  `... ......F..J.\n",
      "00000800: 0b77 0880 003f 1a3b 2a33 2422 0000 0000  .w...?.;*3$\"....\n",
      "00000810: 1400 0000 4400 0000 58fd ffff 0800 0000  ....D...X.......\n",
      "00000820: 0000 0000 0000 0000 1c00 0000 5c00 0000  ............\\...\n",
      "00000830: 80fe ffff 1700 0000 0041 0e10 8602 430d  .........A....C.\n",
      "00000840: 0652 0c07 0800 0000 4400 0000 7c00 0000  .R......D...|...\n",
      "00000850: 80fe ffff 6500 0000 0042 0e10 8f02 420e  ....e....B....B.\n",
      "00000860: 188e 0345 0e20 8d04 420e 288c 0548 0e30  ...E. ..B.(..H.0\n",
      "00000870: 8606 480e 3883 074d 0e40 720e 3841 0e30  ..H.8..M.@r.8A.0\n",
      "00000880: 410e 2842 0e20 420e 1842 0e10 420e 0800  A.(B. B..B..B...\n",
      "00000890: 1400 0000 c400 0000 a8fe ffff 0200 0000  ................\n",
      "000008a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000008f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000900: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000910: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000920: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000930: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000940: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000950: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000960: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000970: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000980: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000990: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000009f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a00: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a10: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a20: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a30: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a40: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a50: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a60: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a70: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a80: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000a90: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000aa0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ab0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ac0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ad0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ae0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000af0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b00: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b10: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b20: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b30: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b40: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b50: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b60: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b70: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b80: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000b90: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ba0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bd0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000be0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000bf0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c00: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c10: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c20: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c30: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c40: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c50: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c60: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c70: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c80: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000c90: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ca0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000cb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000cc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000cd0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ce0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000cf0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d00: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d10: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d20: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d30: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d40: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d50: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d60: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d70: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d80: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000d90: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000da0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000db0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000dc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000dd0: 0000 0000 0000 0000 8006 0000 0000 0000  ................\n",
      "00000de0: 4006 0000 0000 0000 0000 0000 0000 0000  @...............\n",
      "00000df0: 0100 0000 0000 0000 0100 0000 0000 0000  ................\n",
      "00000e00: 0c00 0000 0000 0000 3005 0000 0000 0000  ........0.......\n",
      "00000e10: 0d00 0000 0000 0000 4407 0000 0000 0000  ........D.......\n",
      "00000e20: 1900 0000 0000 0000 d80d 2000 0000 0000  .......... .....\n",
      "00000e30: 1b00 0000 0000 0000 0800 0000 0000 0000  ................\n",
      "00000e40: 1a00 0000 0000 0000 e00d 2000 0000 0000  .......... .....\n",
      "00000e50: 1c00 0000 0000 0000 0800 0000 0000 0000  ................\n",
      "00000e60: f5fe ff6f 0000 0000 9802 0000 0000 0000  ...o............\n",
      "00000e70: 0500 0000 0000 0000 7803 0000 0000 0000  ........x.......\n",
      "00000e80: 0600 0000 0000 0000 b802 0000 0000 0000  ................\n",
      "00000e90: 0a00 0000 0000 0000 9600 0000 0000 0000  ................\n",
      "00000ea0: 0b00 0000 0000 0000 1800 0000 0000 0000  ................\n",
      "00000eb0: 1500 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ec0: 0300 0000 0000 0000 0010 2000 0000 0000  .......... .....\n",
      "00000ed0: 0200 0000 0000 0000 1800 0000 0000 0000  ................\n",
      "00000ee0: 1400 0000 0000 0000 0700 0000 0000 0000  ................\n",
      "00000ef0: 1700 0000 0000 0000 1805 0000 0000 0000  ................\n",
      "00000f00: 0700 0000 0000 0000 4004 0000 0000 0000  ........@.......\n",
      "00000f10: 0800 0000 0000 0000 d800 0000 0000 0000  ................\n",
      "00000f20: 0900 0000 0000 0000 1800 0000 0000 0000  ................\n",
      "00000f30: fbff ff6f 0000 0000 0000 0008 0000 0000  ...o............\n",
      "00000f40: feff ff6f 0000 0000 2004 0000 0000 0000  ...o.... .......\n",
      "00000f50: ffff ff6f 0000 0000 0100 0000 0000 0000  ...o............\n",
      "00000f60: f0ff ff6f 0000 0000 0e04 0000 0000 0000  ...o............\n",
      "00000f70: f9ff ff6f 0000 0000 0300 0000 0000 0000  ...o............\n",
      "00000f80: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000f90: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000fa0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000fb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000fc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000fd0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000fe0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00000ff0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001000: f00d 2000 0000 0000 0000 0000 0000 0000  .. .............\n",
      "00001010: 0000 0000 0000 0000 6605 0000 0000 0000  ........f.......\n",
      "00001020: 0000 0000 0000 0000 2810 2000 0000 0000  ........(. .....\n",
      "00001030: 4743 433a 2028 4465 6269 616e 2036 2e33  GCC: (Debian 6.3\n",
      "00001040: 2e30 2d31 382b 6465 6239 7531 2920 362e  .0-18+deb9u1) 6.\n",
      "00001050: 332e 3020 3230 3137 3035 3136 0000 0000  3.0 20170516....\n",
      "00001060: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001070: 0000 0000 0000 0000 0000 0000 0300 0100  ................\n",
      "00001080: 3802 0000 0000 0000 0000 0000 0000 0000  8...............\n",
      "00001090: 0000 0000 0300 0200 5402 0000 0000 0000  ........T.......\n",
      "000010a0: 0000 0000 0000 0000 0000 0000 0300 0300  ................\n",
      "000010b0: 7402 0000 0000 0000 0000 0000 0000 0000  t...............\n",
      "000010c0: 0000 0000 0300 0400 9802 0000 0000 0000  ................\n",
      "000010d0: 0000 0000 0000 0000 0000 0000 0300 0500  ................\n",
      "000010e0: b802 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000010f0: 0000 0000 0300 0600 7803 0000 0000 0000  ........x.......\n",
      "00001100: 0000 0000 0000 0000 0000 0000 0300 0700  ................\n",
      "00001110: 0e04 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001120: 0000 0000 0300 0800 2004 0000 0000 0000  ........ .......\n",
      "00001130: 0000 0000 0000 0000 0000 0000 0300 0900  ................\n",
      "00001140: 4004 0000 0000 0000 0000 0000 0000 0000  @...............\n",
      "00001150: 0000 0000 0300 0a00 1805 0000 0000 0000  ................\n",
      "00001160: 0000 0000 0000 0000 0000 0000 0300 0b00  ................\n",
      "00001170: 3005 0000 0000 0000 0000 0000 0000 0000  0...............\n",
      "00001180: 0000 0000 0300 0c00 5005 0000 0000 0000  ........P.......\n",
      "00001190: 0000 0000 0000 0000 0000 0000 0300 0d00  ................\n",
      "000011a0: 7005 0000 0000 0000 0000 0000 0000 0000  p...............\n",
      "000011b0: 0000 0000 0300 0e00 8005 0000 0000 0000  ................\n",
      "000011c0: 0000 0000 0000 0000 0000 0000 0300 0f00  ................\n",
      "000011d0: 4407 0000 0000 0000 0000 0000 0000 0000  D...............\n",
      "000011e0: 0000 0000 0300 1000 5007 0000 0000 0000  ........P.......\n",
      "000011f0: 0000 0000 0000 0000 0000 0000 0300 1100  ................\n",
      "00001200: 6407 0000 0000 0000 0000 0000 0000 0000  d...............\n",
      "00001210: 0000 0000 0300 1200 a007 0000 0000 0000  ................\n",
      "00001220: 0000 0000 0000 0000 0000 0000 0300 1300  ................\n",
      "00001230: d80d 2000 0000 0000 0000 0000 0000 0000  .. .............\n",
      "00001240: 0000 0000 0300 1400 e00d 2000 0000 0000  .......... .....\n",
      "00001250: 0000 0000 0000 0000 0000 0000 0300 1500  ................\n",
      "00001260: e80d 2000 0000 0000 0000 0000 0000 0000  .. .............\n",
      "00001270: 0000 0000 0300 1600 f00d 2000 0000 0000  .......... .....\n",
      "00001280: 0000 0000 0000 0000 0000 0000 0300 1700  ................\n",
      "00001290: d00f 2000 0000 0000 0000 0000 0000 0000  .. .............\n",
      "000012a0: 0000 0000 0300 1800 0010 2000 0000 0000  .......... .....\n",
      "000012b0: 0000 0000 0000 0000 0000 0000 0300 1900  ................\n",
      "000012c0: 2010 2000 0000 0000 0000 0000 0000 0000   . .............\n",
      "000012d0: 0000 0000 0300 1a00 3010 2000 0000 0000  ........0. .....\n",
      "000012e0: 0000 0000 0000 0000 0000 0000 0300 1b00  ................\n",
      "000012f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001300: 0100 0000 0400 f1ff 0000 0000 0000 0000  ................\n",
      "00001310: 0000 0000 0000 0000 0c00 0000 0100 1500  ................\n",
      "00001320: e80d 2000 0000 0000 0000 0000 0000 0000  .. .............\n",
      "00001330: 1900 0000 0200 0e00 b005 0000 0000 0000  ................\n",
      "00001340: 0000 0000 0000 0000 1b00 0000 0200 0e00  ................\n",
      "00001350: f005 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001360: 2e00 0000 0200 0e00 4006 0000 0000 0000  ........@.......\n",
      "00001370: 0000 0000 0000 0000 4400 0000 0100 1a00  ........D.......\n",
      "00001380: 3010 2000 0000 0000 0100 0000 0000 0000  0. .............\n",
      "00001390: 5300 0000 0100 1400 e00d 2000 0000 0000  S......... .....\n",
      "000013a0: 0000 0000 0000 0000 7a00 0000 0200 0e00  ........z.......\n",
      "000013b0: 8006 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000013c0: 8600 0000 0100 1300 d80d 2000 0000 0000  .......... .....\n",
      "000013d0: 0000 0000 0000 0000 a500 0000 0400 f1ff  ................\n",
      "000013e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000013f0: 0100 0000 0400 f1ff 0000 0000 0000 0000  ................\n",
      "00001400: 0000 0000 0000 0000 af00 0000 0100 1200  ................\n",
      "00001410: a808 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001420: bd00 0000 0100 1500 e80d 2000 0000 0000  .......... .....\n",
      "00001430: 0000 0000 0000 0000 0000 0000 0400 f1ff  ................\n",
      "00001440: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001450: c900 0000 0000 1300 e00d 2000 0000 0000  .......... .....\n",
      "00001460: 0000 0000 0000 0000 da00 0000 0100 1600  ................\n",
      "00001470: f00d 2000 0000 0000 0000 0000 0000 0000  .. .............\n",
      "00001480: e300 0000 0000 1300 d80d 2000 0000 0000  .......... .....\n",
      "00001490: 0000 0000 0000 0000 f600 0000 0000 1100  ................\n",
      "000014a0: 6407 0000 0000 0000 0000 0000 0000 0000  d...............\n",
      "000014b0: 0901 0000 0100 1800 0010 2000 0000 0000  .......... .....\n",
      "000014c0: 0000 0000 0000 0000 1f01 0000 1200 0e00  ................\n",
      "000014d0: 4007 0000 0000 0000 0200 0000 0000 0000  @...............\n",
      "000014e0: 2f01 0000 2000 0000 0000 0000 0000 0000  /... ...........\n",
      "000014f0: 0000 0000 0000 0000 8501 0000 2000 1900  ............ ...\n",
      "00001500: 2010 2000 0000 0000 0000 0000 0000 0000   . .............\n",
      "00001510: 4b01 0000 1200 0000 0000 0000 0000 0000  K...............\n",
      "00001520: 0000 0000 0000 0000 5d01 0000 1000 1900  ........].......\n",
      "00001530: 3010 2000 0000 0000 0000 0000 0000 0000  0. .............\n",
      "00001540: 2901 0000 1200 0f00 4407 0000 0000 0000  ).......D.......\n",
      "00001550: 0000 0000 0000 0000 6401 0000 1200 0000  ........d.......\n",
      "00001560: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001570: 8301 0000 1000 1900 2010 2000 0000 0000  ........ . .....\n",
      "00001580: 0000 0000 0000 0000 9001 0000 2000 0000  ............ ...\n",
      "00001590: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000015a0: 9f01 0000 1102 1900 2810 2000 0000 0000  ........(. .....\n",
      "000015b0: 0000 0000 0000 0000 ac01 0000 1100 1000  ................\n",
      "000015c0: 5007 0000 0000 0000 0400 0000 0000 0000  P...............\n",
      "000015d0: bb01 0000 1200 0e00 d006 0000 0000 0000  ................\n",
      "000015e0: 6500 0000 0000 0000 d500 0000 1000 1a00  e...............\n",
      "000015f0: 3810 2000 0000 0000 0000 0000 0000 0000  8. .............\n",
      "00001600: 8901 0000 1200 0e00 8005 0000 0000 0000  ................\n",
      "00001610: 2b00 0000 0000 0000 cb01 0000 1000 1a00  +...............\n",
      "00001620: 3010 2000 0000 0000 0000 0000 0000 0000  0. .............\n",
      "00001630: d701 0000 1200 0e00 b006 0000 0000 0000  ................\n",
      "00001640: 1700 0000 0000 0000 dc01 0000 2000 0000  ............ ...\n",
      "00001650: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001660: f001 0000 1102 1900 3010 2000 0000 0000  ........0. .....\n",
      "00001670: 0000 0000 0000 0000 fc01 0000 2000 0000  ............ ...\n",
      "00001680: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001690: 1602 0000 2200 0000 0000 0000 0000 0000  ....\"...........\n",
      "000016a0: 0000 0000 0000 0000 c501 0000 1200 0b00  ................\n",
      "000016b0: 3005 0000 0000 0000 0000 0000 0000 0000  0...............\n",
      "000016c0: 0063 7274 7374 7566 662e 6300 5f5f 4a43  .crtstuff.c.__JC\n",
      "000016d0: 525f 4c49 5354 5f5f 0064 6572 6567 6973  R_LIST__.deregis\n",
      "000016e0: 7465 725f 746d 5f63 6c6f 6e65 7300 5f5f  ter_tm_clones.__\n",
      "000016f0: 646f 5f67 6c6f 6261 6c5f 6474 6f72 735f  do_global_dtors_\n",
      "00001700: 6175 7800 636f 6d70 6c65 7465 642e 3639  aux.completed.69\n",
      "00001710: 3732 005f 5f64 6f5f 676c 6f62 616c 5f64  72.__do_global_d\n",
      "00001720: 746f 7273 5f61 7578 5f66 696e 695f 6172  tors_aux_fini_ar\n",
      "00001730: 7261 795f 656e 7472 7900 6672 616d 655f  ray_entry.frame_\n",
      "00001740: 6475 6d6d 7900 5f5f 6672 616d 655f 6475  dummy.__frame_du\n",
      "00001750: 6d6d 795f 696e 6974 5f61 7272 6179 5f65  mmy_init_array_e\n",
      "00001760: 6e74 7279 006d 6169 6e5f 3031 2e63 005f  ntry.main_01.c._\n",
      "00001770: 5f46 5241 4d45 5f45 4e44 5f5f 005f 5f4a  _FRAME_END__.__J\n",
      "00001780: 4352 5f45 4e44 5f5f 005f 5f69 6e69 745f  CR_END__.__init_\n",
      "00001790: 6172 7261 795f 656e 6400 5f44 594e 414d  array_end._DYNAM\n",
      "000017a0: 4943 005f 5f69 6e69 745f 6172 7261 795f  IC.__init_array_\n",
      "000017b0: 7374 6172 7400 5f5f 474e 555f 4548 5f46  start.__GNU_EH_F\n",
      "000017c0: 5241 4d45 5f48 4452 005f 474c 4f42 414c  RAME_HDR._GLOBAL\n",
      "000017d0: 5f4f 4646 5345 545f 5441 424c 455f 005f  _OFFSET_TABLE_._\n",
      "000017e0: 5f6c 6962 635f 6373 755f 6669 6e69 005f  _libc_csu_fini._\n",
      "000017f0: 4954 4d5f 6465 7265 6769 7374 6572 544d  ITM_deregisterTM\n",
      "00001800: 436c 6f6e 6554 6162 6c65 0070 7574 7340  CloneTable.puts@\n",
      "00001810: 4047 4c49 4243 5f32 2e32 2e35 005f 6564  @GLIBC_2.2.5._ed\n",
      "00001820: 6174 6100 5f5f 6c69 6263 5f73 7461 7274  ata.__libc_start\n",
      "00001830: 5f6d 6169 6e40 4047 4c49 4243 5f32 2e32  _main@@GLIBC_2.2\n",
      "00001840: 2e35 005f 5f64 6174 615f 7374 6172 7400  .5.__data_start.\n",
      "00001850: 5f5f 676d 6f6e 5f73 7461 7274 5f5f 005f  __gmon_start__._\n",
      "00001860: 5f64 736f 5f68 616e 646c 6500 5f49 4f5f  _dso_handle._IO_\n",
      "00001870: 7374 6469 6e5f 7573 6564 005f 5f6c 6962  stdin_used.__lib\n",
      "00001880: 635f 6373 755f 696e 6974 005f 5f62 7373  c_csu_init.__bss\n",
      "00001890: 5f73 7461 7274 006d 6169 6e00 5f4a 765f  _start.main._Jv_\n",
      "000018a0: 5265 6769 7374 6572 436c 6173 7365 7300  RegisterClasses.\n",
      "000018b0: 5f5f 544d 435f 454e 445f 5f00 5f49 544d  __TMC_END__._ITM\n",
      "000018c0: 5f72 6567 6973 7465 7254 4d43 6c6f 6e65  _registerTMClone\n",
      "000018d0: 5461 626c 6500 5f5f 6378 615f 6669 6e61  Table.__cxa_fina\n",
      "000018e0: 6c69 7a65 4040 474c 4942 435f 322e 322e  lize@@GLIBC_2.2.\n",
      "000018f0: 3500 002e 7379 6d74 6162 002e 7374 7274  5...symtab..strt\n",
      "00001900: 6162 002e 7368 7374 7274 6162 002e 696e  ab..shstrtab..in\n",
      "00001910: 7465 7270 002e 6e6f 7465 2e41 4249 2d74  terp..note.ABI-t\n",
      "00001920: 6167 002e 6e6f 7465 2e67 6e75 2e62 7569  ag..note.gnu.bui\n",
      "00001930: 6c64 2d69 6400 2e67 6e75 2e68 6173 6800  ld-id..gnu.hash.\n",
      "00001940: 2e64 796e 7379 6d00 2e64 796e 7374 7200  .dynsym..dynstr.\n",
      "00001950: 2e67 6e75 2e76 6572 7369 6f6e 002e 676e  .gnu.version..gn\n",
      "00001960: 752e 7665 7273 696f 6e5f 7200 2e72 656c  u.version_r..rel\n",
      "00001970: 612e 6479 6e00 2e72 656c 612e 706c 7400  a.dyn..rela.plt.\n",
      "00001980: 2e69 6e69 7400 2e70 6c74 2e67 6f74 002e  .init..plt.got..\n",
      "00001990: 7465 7874 002e 6669 6e69 002e 726f 6461  text..fini..roda\n",
      "000019a0: 7461 002e 6568 5f66 7261 6d65 5f68 6472  ta..eh_frame_hdr\n",
      "000019b0: 002e 6568 5f66 7261 6d65 002e 696e 6974  ..eh_frame..init\n",
      "000019c0: 5f61 7272 6179 002e 6669 6e69 5f61 7272  _array..fini_arr\n",
      "000019d0: 6179 002e 6a63 7200 2e64 796e 616d 6963  ay..jcr..dynamic\n",
      "000019e0: 002e 676f 742e 706c 7400 2e64 6174 6100  ..got.plt..data.\n",
      "000019f0: 2e62 7373 002e 636f 6d6d 656e 7400 0000  .bss..comment...\n",
      "00001a00: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001a10: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001a20: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001a30: 0000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001a40: 1b00 0000 0100 0000 0200 0000 0000 0000  ................\n",
      "00001a50: 3802 0000 0000 0000 3802 0000 0000 0000  8.......8.......\n",
      "00001a60: 1c00 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001a70: 0100 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001a80: 2300 0000 0700 0000 0200 0000 0000 0000  #...............\n",
      "00001a90: 5402 0000 0000 0000 5402 0000 0000 0000  T.......T.......\n",
      "00001aa0: 2000 0000 0000 0000 0000 0000 0000 0000   ...............\n",
      "00001ab0: 0400 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001ac0: 3100 0000 0700 0000 0200 0000 0000 0000  1...............\n",
      "00001ad0: 7402 0000 0000 0000 7402 0000 0000 0000  t.......t.......\n",
      "00001ae0: 2400 0000 0000 0000 0000 0000 0000 0000  $...............\n",
      "00001af0: 0400 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001b00: 4400 0000 f6ff ff6f 0200 0000 0000 0000  D......o........\n",
      "00001b10: 9802 0000 0000 0000 9802 0000 0000 0000  ................\n",
      "00001b20: 1c00 0000 0000 0000 0500 0000 0000 0000  ................\n",
      "00001b30: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001b40: 4e00 0000 0b00 0000 0200 0000 0000 0000  N...............\n",
      "00001b50: b802 0000 0000 0000 b802 0000 0000 0000  ................\n",
      "00001b60: c000 0000 0000 0000 0600 0000 0100 0000  ................\n",
      "00001b70: 0800 0000 0000 0000 1800 0000 0000 0000  ................\n",
      "00001b80: 5600 0000 0300 0000 0200 0000 0000 0000  V...............\n",
      "00001b90: 7803 0000 0000 0000 7803 0000 0000 0000  x.......x.......\n",
      "00001ba0: 9600 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001bb0: 0100 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001bc0: 5e00 0000 ffff ff6f 0200 0000 0000 0000  ^......o........\n",
      "00001bd0: 0e04 0000 0000 0000 0e04 0000 0000 0000  ................\n",
      "00001be0: 1000 0000 0000 0000 0500 0000 0000 0000  ................\n",
      "00001bf0: 0200 0000 0000 0000 0200 0000 0000 0000  ................\n",
      "00001c00: 6b00 0000 feff ff6f 0200 0000 0000 0000  k......o........\n",
      "00001c10: 2004 0000 0000 0000 2004 0000 0000 0000   ....... .......\n",
      "00001c20: 2000 0000 0000 0000 0600 0000 0100 0000   ...............\n",
      "00001c30: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001c40: 7a00 0000 0400 0000 0200 0000 0000 0000  z...............\n",
      "00001c50: 4004 0000 0000 0000 4004 0000 0000 0000  @.......@.......\n",
      "00001c60: d800 0000 0000 0000 0500 0000 0000 0000  ................\n",
      "00001c70: 0800 0000 0000 0000 1800 0000 0000 0000  ................\n",
      "00001c80: 8400 0000 0400 0000 4200 0000 0000 0000  ........B.......\n",
      "00001c90: 1805 0000 0000 0000 1805 0000 0000 0000  ................\n",
      "00001ca0: 1800 0000 0000 0000 0500 0000 1800 0000  ................\n",
      "00001cb0: 0800 0000 0000 0000 1800 0000 0000 0000  ................\n",
      "00001cc0: 8e00 0000 0100 0000 0600 0000 0000 0000  ................\n",
      "00001cd0: 3005 0000 0000 0000 3005 0000 0000 0000  0.......0.......\n",
      "00001ce0: 1700 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001cf0: 0400 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001d00: 8900 0000 0100 0000 0600 0000 0000 0000  ................\n",
      "00001d10: 5005 0000 0000 0000 5005 0000 0000 0000  P.......P.......\n",
      "00001d20: 2000 0000 0000 0000 0000 0000 0000 0000   ...............\n",
      "00001d30: 1000 0000 0000 0000 1000 0000 0000 0000  ................\n",
      "00001d40: 9400 0000 0100 0000 0600 0000 0000 0000  ................\n",
      "00001d50: 7005 0000 0000 0000 7005 0000 0000 0000  p.......p.......\n",
      "00001d60: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001d70: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001d80: 9d00 0000 0100 0000 0600 0000 0000 0000  ................\n",
      "00001d90: 8005 0000 0000 0000 8005 0000 0000 0000  ................\n",
      "00001da0: c201 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001db0: 1000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001dc0: a300 0000 0100 0000 0600 0000 0000 0000  ................\n",
      "00001dd0: 4407 0000 0000 0000 4407 0000 0000 0000  D.......D.......\n",
      "00001de0: 0900 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001df0: 0400 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001e00: a900 0000 0100 0000 0200 0000 0000 0000  ................\n",
      "00001e10: 5007 0000 0000 0000 5007 0000 0000 0000  P.......P.......\n",
      "00001e20: 1400 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001e30: 0400 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001e40: b100 0000 0100 0000 0200 0000 0000 0000  ................\n",
      "00001e50: 6407 0000 0000 0000 6407 0000 0000 0000  d.......d.......\n",
      "00001e60: 3c00 0000 0000 0000 0000 0000 0000 0000  <...............\n",
      "00001e70: 0400 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001e80: bf00 0000 0100 0000 0200 0000 0000 0000  ................\n",
      "00001e90: a007 0000 0000 0000 a007 0000 0000 0000  ................\n",
      "00001ea0: 0c01 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001eb0: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001ec0: c900 0000 0e00 0000 0300 0000 0000 0000  ................\n",
      "00001ed0: d80d 2000 0000 0000 d80d 0000 0000 0000  .. .............\n",
      "00001ee0: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001ef0: 0800 0000 0000 0000 0800 0000 0000 0000  ................\n",
      "00001f00: d500 0000 0f00 0000 0300 0000 0000 0000  ................\n",
      "00001f10: e00d 2000 0000 0000 e00d 0000 0000 0000  .. .............\n",
      "00001f20: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001f30: 0800 0000 0000 0000 0800 0000 0000 0000  ................\n",
      "00001f40: e100 0000 0100 0000 0300 0000 0000 0000  ................\n",
      "00001f50: e80d 2000 0000 0000 e80d 0000 0000 0000  .. .............\n",
      "00001f60: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001f70: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00001f80: e600 0000 0600 0000 0300 0000 0000 0000  ................\n",
      "00001f90: f00d 2000 0000 0000 f00d 0000 0000 0000  .. .............\n",
      "00001fa0: e001 0000 0000 0000 0600 0000 0000 0000  ................\n",
      "00001fb0: 0800 0000 0000 0000 1000 0000 0000 0000  ................\n",
      "00001fc0: 9800 0000 0100 0000 0300 0000 0000 0000  ................\n",
      "00001fd0: d00f 2000 0000 0000 d00f 0000 0000 0000  .. .............\n",
      "00001fe0: 3000 0000 0000 0000 0000 0000 0000 0000  0...............\n",
      "00001ff0: 0800 0000 0000 0000 0800 0000 0000 0000  ................\n",
      "00002000: ef00 0000 0100 0000 0300 0000 0000 0000  ................\n",
      "00002010: 0010 2000 0000 0000 0010 0000 0000 0000  .. .............\n",
      "00002020: 2000 0000 0000 0000 0000 0000 0000 0000   ...............\n",
      "00002030: 0800 0000 0000 0000 0800 0000 0000 0000  ................\n",
      "00002040: f800 0000 0100 0000 0300 0000 0000 0000  ................\n",
      "00002050: 2010 2000 0000 0000 2010 0000 0000 0000   . ..... .......\n",
      "00002060: 1000 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00002070: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00002080: fe00 0000 0800 0000 0300 0000 0000 0000  ................\n",
      "00002090: 3010 2000 0000 0000 3010 0000 0000 0000  0. .....0.......\n",
      "000020a0: 0800 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000020b0: 0100 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000020c0: 0301 0000 0100 0000 3000 0000 0000 0000  ........0.......\n",
      "000020d0: 0000 0000 0000 0000 3010 0000 0000 0000  ........0.......\n",
      "000020e0: 2d00 0000 0000 0000 0000 0000 0000 0000  -...............\n",
      "000020f0: 0100 0000 0000 0000 0100 0000 0000 0000  ................\n",
      "00002100: 0100 0000 0200 0000 0000 0000 0000 0000  ................\n",
      "00002110: 0000 0000 0000 0000 6010 0000 0000 0000  ........`.......\n",
      "00002120: 6006 0000 0000 0000 1d00 0000 2f00 0000  `.........../...\n",
      "00002130: 0800 0000 0000 0000 1800 0000 0000 0000  ................\n",
      "00002140: 0900 0000 0300 0000 0000 0000 0000 0000  ................\n",
      "00002150: 0000 0000 0000 0000 c016 0000 0000 0000  ................\n",
      "00002160: 3202 0000 0000 0000 0000 0000 0000 0000  2...............\n",
      "00002170: 0100 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "00002180: 1100 0000 0300 0000 0000 0000 0000 0000  ................\n",
      "00002190: 0000 0000 0000 0000 f218 0000 0000 0000  ................\n",
      "000021a0: 0c01 0000 0000 0000 0000 0000 0000 0000  ................\n",
      "000021b0: 0100 0000 0000 0000 0000 0000 0000 0000  ................\n"
     ]
    }
   ],
   "source": [
    "!xxd samples/test_01"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "В следующем примере команда ```file``` была запущена для двух разных файлов:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 7,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "samples/task-1.exe: PE32 executable (GUI) Intel 80386, for MS Windows\n"
     ]
    }
   ],
   "source": [
    "!file samples/task-1.exe"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 8,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "samples/test_01: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=f2bd5ec0510be9dee734eba2c607d4dab9694d56, not stripped\n"
     ]
    }
   ],
   "source": [
    "!file samples/test_01"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "В Python модуль [python-magic](https://github.com/ahupp/python-magic) может использоваться для определения типа файла:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "#!pip3 install python-magic"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 10,
   "metadata": {},
   "outputs": [],
   "source": [
    "import magic"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 12,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "'ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=f2bd5ec0510be9dee734eba2c607d4dab9694d56, not stripped'"
      ]
     },
     "execution_count": 12,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "magic.from_file(\"samples/test_01\")"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 14,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "'PE32 executable (GUI) Intel 80386, for MS Windows'"
      ]
     },
     "execution_count": 14,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "magic.from_file(\"samples/task-1.exe\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "В системе Linux хеш-суммы могут быть сгенерированы с использованием утилит md5sum, sha256sum и sha1sum:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 16,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "a82a243ff5dbf90677c64eae4f0b6a8e  samples/task-1.exe\n"
     ]
    }
   ],
   "source": [
    "!md5sum samples/task-1.exe"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 17,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "c4b4e76d20cfb1159cd83a65c067fe56146e86ea11aa5c6228e20e5737e700b5  samples/task-1.exe\n"
     ]
    }
   ],
   "source": [
    "!sha256sum samples/task-1.exe"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 15,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "79bcef7061fc9c79e4437871f8135498f8608b8f  samples/task-1.exe\n"
     ]
    }
   ],
   "source": [
    "!sha1sum samples/task-1.exe"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "В Python можно генерировать хеш-суммы, используя модуль [hashlib](https://docs.python.org/3/library/hashlib.html), как показано ниже:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 18,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "a82a243ff5dbf90677c64eae4f0b6a8e\n"
     ]
    }
   ],
   "source": [
    "import hashlib\n",
    "content = open(\"samples/task-1.exe\",\"rb\").read()\n",
    "print(hashlib.md5(content).hexdigest())"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 19,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "c4b4e76d20cfb1159cd83a65c067fe56146e86ea11aa5c6228e20e5737e700b5\n"
     ]
    }
   ],
   "source": [
    "print(hashlib.sha256(content).hexdigest())"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 20,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "79bcef7061fc9c79e4437871f8135498f8608b8f\n"
     ]
    }
   ],
   "source": [
    "print(hashlib.sha1(content).hexdigest())"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "[VirusTotal](https://support.virustotal.com/hc/en-us/articles/360006819798-API-Scripts-and-client-libraries) предоставляет возможности по созданию сценариев с помощью своего открытого API; он позволяет автоматизировать отправку файлов, получать отчеты о проверке файлов/URL-адресов, доменах/IP-адресах.\n",
    "\n",
    "Ниже приведен скрипт Python, который демонстрирует использование открытого API VirusTotal (см. описание [здесь](https://cryptoworld.su/rukovodstvo-polzovatelya-virustotal-api/)): "
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 30,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "{'response_code': 0, 'resource': 'a82a243ff5dbf90677c64eae4f0b6a8e', 'verbose_msg': 'The requested resource is not among the finished, queued or pending scans'}\n"
     ]
    }
   ],
   "source": [
    "import requests\n",
    "\n",
    "api_url = 'https://www.virustotal.com/vtapi/v2/file/report'\n",
    "params = dict(apikey='<key>', resource='a82a243ff5dbf90677c64eae4f0b6a8e')\n",
    "response = requests.get(api_url, params=params)\n",
    "if response.status_code == 200:\n",
    "    result=response.json()\n",
    "    print(result)"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Официальный клиент VirusTotal на Python: https://github.com/VirusTotal/vt-py"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Извлечение строк может подсказать, как функционирует программа, и рассказать об индикаторах, указывающих на подозрительный двоичный код. Например, если вредоносная программа создает файл, имя файла сохраняется в виде строки в двоичном файле. Или если вредоносная программа разрешает доменное имя, контролируемое злоумышленником, это имя\n",
    "впоследствии хранится в виде строки. \n",
    "\n",
    "Чтобы извлечь строки из подозрительного двоичного файла, вы можете использовать утилиту strings в системах Linux. Команда strings по умолчанию извлекает ASCII-строки, длина которых составляет минимум четыре символа. С помощью опции ```-a``` можно извлечь строки из целого файла. "
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 31,
   "metadata": {
    "scrolled": true
   },
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "!This program cannot be run in DOS mode.\n",
      "Rich\n",
      ".text\n",
      "`.rdata\n",
      "@.data\n",
      ".reloc\n",
      ".text$mn\n",
      ".idata$5\n",
      ".rdata\n",
      ".rdata$zzzdbg\n",
      ".idata$2\n",
      ".idata$3\n",
      ".idata$4\n",
      ".idata$6\n",
      ".data\n",
      "ExitProcess\n",
      "WinExec\n",
      "KERNEL32.dll\n",
      "calc\n"
     ]
    }
   ],
   "source": [
    "!strings -a samples/task-1.exe"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "В образцах вредоносных программ также используются Юникод-строки (2 байта на символ). Чтобы получить полезную информацию из двоичного файла, иногда нужно извлечь как ASCII-, так и Юникод-строки. Чтобы извлечь Юникод-строки с помощью команды strings, используйте опцию ```-el```:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 33,
   "metadata": {},
   "outputs": [],
   "source": [
    "!strings -a -el samples/task-1.exe"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "[FLOSS](https://github.com/fireeye/flare-floss) автоматически извлекает запутанные строки из вредоносных программ."
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Исполняемые файлы ОС Windows должны соответствовать формату PE/COFF (Portable Executable/Common Object File Format – Переносимый исполняемый/стандартный формат объектного файла).\n",
    "\n",
    "Фактическое содержимое PE-файла разделено на секции. За ними сразу же следует PE-заголовок. Эти секции представляют либо код, либо данные, они имеют ```in-memory-атрибуты```, такие как чтение/запись. Секция, представляющая код, содержит инструкции, которые будут выполняться процессором, тогда как секция, содержащая данные, может представлять различные типы данных, такие как чтение/запись данных программы (глобальные переменные), таблицы импорта/экспорта, ресурсы и т. д. У каждой секции есть свое имя, которое передает ее назначение.\n",
    "\n",
    "Например, секция с именем ```.text``` указывает на код и имеет атрибут ```read-execute```; раздел с именем ```.data``` указывает на глобальные данные и имеет атрибут ```read-write```.\n",
    "\n",
    "Следующий скрипт Python демонстрирует использование модуля [pefile](https://github.com/erocarrera/pefile) для отображения секции и её характеристик:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "#!pip3 install pefile"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 51,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      ".text\u0000\u0000\u0000     0x1000     0x1f     512\n",
      ".rdata\u0000\u0000     0x2000     0x13a     512\n",
      ".data\u0000\u0000\u0000     0x3000     0x5     512\n",
      ".reloc\u0000\u0000     0x4000     0x10     512\n"
     ]
    }
   ],
   "source": [
    "import pefile\n",
    "\n",
    "pe = pefile.PE(\"samples/task-1.exe\")\n",
    "for section in pe.sections:\n",
    "    print(f\"{section.Name.decode()} \\\n",
    "    {hex(section.VirtualAddress)} \\\n",
    "    {hex(section.Misc_VirtualSize)} \\\n",
    "    {section.SizeOfRawData}\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "[Pescanner](https://github.com/hiddenillusion/AnalyzePE/blob/master/pescanner.py) использует эвристику вместо сигнатур и может помочь идентифицировать упакованные двоичные файлы, даже если для них нет сигнатур."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": []
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.7.3"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 4
}