Analysis of rootkit.tar

www.lugojteam.as.ro/rootkit.tar can't be downloaded anymore. rootkit.tar can be recovered from the harddisk. You need to extract fragments 39390-39944.

[[email protected] sotm29]$ tar tvf rootkit.tar > analysis_rootkit.html
-rwxr-xr-x hack3r/hack3r  2796 2001-10-10 03:55:04 rootkit/secure/patch
-rw-r--r-- hack3r/hack3r   512 2000-10-28 21:32:22 rootkit/s_r_s
-rw------- hack3r/hack3r   537 2001-07-02 22:53:53 rootkit/s_h_k
-rwxr-xr-x hack3r/hack3r 19840 2001-08-02 21:21:15 rootkit/ifconfig
-rwxrwxr-x hack3r/hack3r  8469 2003-03-15 22:50:33 rootkit/install
drwxr-xr-x hack3r/hack3r     0 2001-11-08 07:46:43 rootkit/exploits/
-rw-r--r-- hack3r/hack3r  2100 2001-05-29 19:25:55 rootkit/exploits/sendmailx.sh
-rwxr-xr-x hack3r/hack3r 19615 2001-05-29 20:30:19 rootkit/exploits/bind8x
-rwxr-xr-x hack3r/hack3r 15713 2001-05-29 20:30:27 rootkit/exploits/bindscan
-rw-r--r-- hack3r/hack3r  5073 2001-08-01 02:27:04 rootkit/exploits/epcs2.c
-rwxr-xr-x hack3r/hack3r 16337 2001-08-01 02:27:16 rootkit/exploits/epcs2
-rwxr-xr-x hack3r/hack3r  4338 2001-07-31 23:12:17 rootkit/firewall
-rwxr-xr-x hack3r/hack3r  1345 2001-08-01 01:51:25 rootkit/searchlog
-rwxr-xr-x hack3r/hack3r  2379 2001-08-03 17:37:13 rootkit/killrk
-rw------- hack3r/hack3r 307200 2001-08-03 17:41:20 rootkit/core
-rwxr-xr-x hack3r/hack3r 184023 2001-10-10 01:08:49 rootkit/ls
drwxr-xr-x hack3r/hack3r      0 2001-11-08 07:46:43 rootkit/plasa/
-rw-r--r-- hack3r/hack3r     98 2001-10-27 19:50:36 rootkit/plasa/tcp.log
-rwxr-xr-x hack3r/hack3r   4060 1983-09-26 01:45:00 rootkit/plasa/sense
-rwx------ hack3r/hack3r     73 2001-10-27 19:45:16 rootkit/plasa/logclear
-rwxr-xr-x hack3r/hack3r  29421 2001-10-27 19:43:30 rootkit/plasa/linsniffer
-rwxr-xr-x hack3r/hack3r  53588 1983-09-26 01:45:00 rootkit/top
-rw-r--r-- hack3r/hack3r   3256 2001-10-07 16:44:18 rootkit/vanish2.tgz
-rwxr-xr-x hack3r/hack3r  28696 2001-10-10 01:08:22 rootkit/syslogd
-rwxr-xr-x hack3r/hack3r  24147 2001-10-10 01:08:37 rootkit/pstree
-rwxr-xr-x hack3r/hack3r 117311 2001-10-10 01:08:55 rootkit/du
-rwxr-xr-x hack3r/hack3r  47388 2001-10-10 01:09:07 rootkit/ps
-rwxr-xr-x hack3r/hack3r 258612 2001-10-10 01:09:27 rootkit/netstat
-rwxr-xr-x hack3r/hack3r  22459 2001-10-10 01:09:37 rootkit/killall
drwxr-xr-x hack3r/hack3r      0 2001-11-08 07:46:43 rootkit/ptyxx/
-rw-r--r-- hack3r/hack3r      1 2001-10-09 18:20:18 rootkit/ptyxx/.proc
-rw-r--r-- hack3r/hack3r      1 2001-10-09 18:20:29 rootkit/ptyxx/.addr
-rw-r--r-- hack3r/hack3r      1 2001-10-09 18:20:56 rootkit/ptyxx/.log
-rw-r--r-- hack3r/hack3r      1 2001-10-09 18:21:02 rootkit/ptyxx/.file
-rw-rw-r-- hack3r/hack3r    642 2003-03-15 22:52:38 rootkit/s
drwxr-xr-x hack3r/hack3r      0 2001-11-08 07:46:54 rootkit/curatare/
-rwxr-xr-x hack3r/hack3r  84568 2001-11-03 20:04:48 rootkit/curatare/ps
-rwxr-xr-x hack3r/hack3r  53910 2001-11-03 20:05:46 rootkit/curatare/pstree
-rwxr-xr-x hack3r/hack3r   1259 2001-11-08 07:46:54 rootkit/curatare/sshd
-rwxr-xr-x hack3r/hack3r   1259 2001-11-08 07:12:43 rootkit/sshd
drwxr-xr-x hack3r/hack3r      0 2001-11-14 14:56:58 rootkit/ess-0.8.6/
-rw-r--r-- hack3r/hack3r   2731 2000-05-24 05:20:55 rootkit/ess-0.8.6/smalls.c
-rw-r--r-- hack3r/hack3r   1509 2000-06-04 06:41:39 rootkit/ess-0.8.6/Makefile
-rw-r--r-- hack3r/hack3r   5322 2000-05-12 13:40:02 rootkit/ess-0.8.6/cgi.conf
-rw-r--r-- hack3r/hack3r   1049 2000-04-14 08:14:16 rootkit/ess-0.8.6/connect.c
-rw-r--r-- hack3r/hack3r   1117 2000-01-14 11:59:46 rootkit/ess-0.8.6/confparser.c
-rw-r--r-- hack3r/hack3r   2110 2000-06-04 06:47:52 rootkit/ess-0.8.6/ess.conf
-rw-r--r-- hack3r/hack3r   1930 2000-04-09 08:21:12 rootkit/ess-0.8.6/fingerchk.c
-rw-r--r-- hack3r/hack3r   6427 2000-05-12 12:57:00 rootkit/ess-0.8.6/ftpchk.c
-rw-r--r-- hack3r/hack3r   7447 2000-05-28 10:58:15 rootkit/ess-0.8.6/httpchk.c
-rw-r--r-- hack3r/hack3r    262 2000-03-21 04:43:43 rootkit/ess-0.8.6/imapchk.c
-rw-r--r-- hack3r/hack3r  10379 2000-06-04 06:34:56 rootkit/ess-0.8.6/main.c
-rw-r--r-- hack3r/hack3r   3325 2000-05-27 18:47:45 rootkit/ess-0.8.6/portscan.c
-rw-r--r-- hack3r/hack3r   2905 2000-06-04 05:53:32 rootkit/ess-0.8.6/ess.h
-rw-r--r-- hack3r/hack3r   9631 2000-06-03 09:00:36 rootkit/ess-0.8.6/check4bug.c
-rw-r--r-- hack3r/hack3r   3592 2000-05-25 10:03:59 rootkit/ess-0.8.6/rpcscan.c
-rw-r--r-- hack3r/hack3r    914 2000-04-12 19:08:14 rootkit/ess-0.8.6/nfschk.c
-rw-r--r-- hack3r/hack3r    238 2000-03-22 13:00:15 rootkit/ess-0.8.6/pop2chk.c
-rw-r--r-- hack3r/hack3r    259 2000-03-22 13:00:23 rootkit/ess-0.8.6/pop3chk.c
-rw-r--r-- hack3r/hack3r   1605 2000-04-09 07:54:51 rootkit/ess-0.8.6/smtpchk.c
-rw-r--r-- hack3r/hack3r    926 2000-05-27 15:43:34 rootkit/ess-0.8.6/telnetchk.c
-rw-r--r-- hack3r/hack3r    653 2000-04-30 21:38:30 rootkit/ess-0.8.6/timeout.c
-rw-r--r-- hack3r/hack3r   1695 2000-04-21 06:07:15 rootkit/ess-0.8.6/rshchk.c
-rw-r--r-- hack3r/hack3r    565 2000-01-25 17:40:31 rootkit/ess-0.8.6/xwinchk.c
-rw-r--r-- hack3r/hack3r   3116 2000-04-09 07:53:31 rootkit/ess-0.8.6/recvbuff.c
-rw-r--r-- hack3r/hack3r   1182 2000-02-25 12:25:11 rootkit/ess-0.8.6/config.h.in
-rw-r--r-- hack3r/hack3r    761 2000-03-14 05:07:41 rootkit/ess-0.8.6/Makefile.in
-rw-r--r-- hack3r/hack3r   4829 2000-05-14 09:57:46 rootkit/ess-0.8.6/configure.in
-rwxr-xr-x hack3r/hack3r  84866 2000-05-25 09:58:01 rootkit/ess-0.8.6/configure
-rw-r--r-- hack3r/hack3r   1835 2000-05-30 16:19:48 rootkit/ess-0.8.6/portlist
-rw-r--r-- hack3r/hack3r   1286 2000-05-19 03:23:19 rootkit/ess-0.8.6/config.h
-rw-r--r-- hack3r/hack3r   1345 2000-05-24 06:27:02 rootkit/ess-0.8.6/devaddr.c
-rw-r--r-- hack3r/hack3r    277 2000-02-25 12:24:39 rootkit/ess-0.8.6/acconfig.h
-rw-r--r-- hack3r/hack3r   1878 2000-05-25 03:12:59 rootkit/ess-0.8.6/namedchk.c
-rw-r--r-- hack3r/hack3r   1577 2000-02-07 10:30:27 rootkit/ess-0.8.6/libicmp.h
-rw-r--r-- hack3r/hack3r   4116 2000-05-25 10:21:00 rootkit/ess-0.8.6/libicmp.c
-rw-r--r-- hack3r/hack3r   1931 2000-02-10 13:59:59 rootkit/ess-0.8.6/ip_gen.c
-rw-r--r-- hack3r/hack3r   2102 2000-05-16 06:45:53 rootkit/ess-0.8.6/ess.conf.in
-rw-r--r-- hack3r/hack3r   3087 2000-02-10 13:59:52 rootkit/ess-0.8.6/in_cksum.c
-rw-r--r-- hack3r/hack3r   1516 2000-05-24 03:37:19 rootkit/ess-0.8.6/tcp_gen.c
-rw-r--r-- hack3r/hack3r   3659 2000-06-04 06:24:12 rootkit/ess-0.8.6/tcp.c
-rw-r--r-- hack3r/hack3r   1414 2000-02-27 10:47:43 rootkit/ess-0.8.6/trans_check.c
-rw-r--r-- hack3r/hack3r    109 2000-02-10 14:12:15 rootkit/ess-0.8.6/checksum.h
-rw-r--r-- hack3r/hack3r    690 2000-02-10 14:12:15 rootkit/ess-0.8.6/rawsock_utils.h
-rw-r--r-- hack3r/hack3r   3262 2000-06-04 17:28:03 rootkit/ess-0.8.6/README
-rw-r--r-- hack3r/hack3r   1713 2000-06-04 06:12:28 rootkit/ess-0.8.6/oscheck.c
-rwxr-xr-x hack3r/hack3r  46800 2000-06-04 06:42:28 rootkit/ess-0.8.6/essbin
-rw-r--r-- hack3r/hack3r    995 2000-06-03 15:55:05 rootkit/ess-0.8.6/fingerprint
-rw-r--r-- hack3r/hack3r     64 2001-11-24 18:34:07 rootkit/ess-0.8.6/install
-rwxr-xr-x hack3r/hack3r 624753 2001-11-24 18:17:54 rootkit/udhss
tar: Skipping to next header
-rwxr-xr-x hack3r/hack3r    158 2001-11-25 00:59:35 rootkit/rula
tar: Error exit delayed from previous errors

The archive is damaged and maybe incomplete.

VirusFile
rootkit.tar
ELF_ROOTKIT40-7 rootkit/ifconfig
PERL_ROOTKIT.C rootkit/plasa/sense