Today I was searching for a file in my system and found a file in directory /
File Attributes:
Name: core
Size: 19MBs
Type: Unknown (I tried to cat the file)
Location: /
Permissions:
-rw------- 1 root root 19529728 Aug 30 11:41 core
I also tried to check if that file is used by any of the process using
fuser core
but that returned nothing.
Tried file command to check more about file
file core
Output:
core: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/sbin/init splash'
Tried binwalk command to check the file, Below is the output.
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 64-bit LSB core file AMD x86-64, version 1 (SYSV)
12288 0x3000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
172048 0x2A010 Unix path: /etc/selinux/targeted/contexts/files/file_contexts
185792 0x2D5C0 Unix path: /lib/systemd/system/acpid.path
188592 0x2E0B0 Unix path: /usr/lib/snapd/snapd
196634 0x3001A Unix path: /wiki/Software/systemd/APIFileSystems
205392 0x32250 Unix path: /lib/systemd/system/plymouth-quit-wait.service
205888 0x32440 Unix path: /lib/systemd/system/rc-local.service.d/debian.conf
218640 0x35610 Unix path: /sys/devices/platform/serial8250/tty/ttyS20
232096 0x38AA0 Unix path: /usr/lib/policykit-1/polkitd
285344 0x45AA0 Unix path: /sys/subsystem/bluetooth/devices/hci0
308998 0x4B706 Unix path: /0pointer.de/blog/projects/serial-console.html
317552 0x4D870 Unix path: /run/systemd/generator.late/ondemand.service
322816 0x4ED00 Unix path: /sys/devices/platform/serial8250/tty/ttyS21
335632 0x51F10 Unix path: /dev/disk/by-uuid/f9bb92ed-eebb-4b3f-92ca-568ffe4c0165
369264 0x5A270 Unix path: /lib/systemd/system/systemd-networkd-resolvconf-update.path
394992 0x606F0 Unix path: /lib/systemd/system/failsafe-graphical.target
411856 0x648D0 Unix path: /proc/sys/fs/mqueue
414960 0x654F0 Unix path: /lib/systemd/system/rescue.target
419088 0x66510 Unix path: /lib/systemd/system/getty-static.service
429568 0x68E00 Unix path: /lib/systemd/system/systemd-ask-password-wall.path
451088 0x6E210 Unix path: /run/systemd/netif/state
461072 0x70910 Unix path: /lib/systemd/system/virtlogd.service
469559 0x72A37 Unix path: /www.kernel.org/doc/Documentation/binfmt_misc.txt
469670 0x72AA6 Unix path: /www.freedesktop.org/wiki/Software/systemd/APIFileSystems
469776 0x72B10 Unix path: /lib/systemd/system/sys-kernel-config.mount
479584 0x75160 Unix path: /lib/systemd/system/syslog.socket
483472 0x76090 Unix path: /lib/systemd/system/cups.socket
500368 0x7A290 Unix path: /lib/systemd/system/systemd-udevd-control.socket
507900 0x7BFFC Unix path: /freedesktop/systemd1/unit/ssh_2eservice
520960 0x7F300 Unix path: /usr/lib/snapd/snapd.core-fixup.sh
522704 0x7F9D0 Unix path: /lib/systemd/system/openvpn.service
529008 0x81270 Unix path: /lib/systemd/system/rtkit-daemon.service
534512 0x827F0 Unix path: /run/systemd/system/user-1000.slice.d/50-After-systemd-logind\x2eservice.conf
538128 0x83610 Unix path: /run/systemd/system/user-1000.slice.d/50-After-systemd-user-sessions\x2eservice.conf
574000 0x8C230 Unix path: /lib/systemd/system/systemd-binfmt.service
583472 0x8E730 Unix path: /usr/lib/apt/apt.systemd.daily
584848 0x8EC90 Unix path: /lib/systemd/system/emergency.target
590528 0x902C0 Unix path: /run/systemd/generator.late/irqbalance.service
602384 0x93110 Unix path: /sys/devices/platform/serial8250/tty/ttyS16
630352 0x99E50 Unix path: /lib/systemd/system/lightdm.service
642656 0x9CE60 Unix path: /var/run/libvirt/virtlockd-sock
653312 0x9F800 Unix path: /usr/lib/snapd/system-shutdown
661456 0xA17D0 Unix path: /dev/disk/by-id/ata-WDC_WD5000LPLX-75ZNTT0_WXJ1A17A3A8N-part5
672336 0xA4250 Unix path: /lib/systemd/system/cgproxy.service
674608 0xA4B30 Unix path: /lib/systemd/system/snapd.autoimport.service
681680 0xA66D0 Unix path: /org/freedesktop/systemd1/unit/systemd_2dnetworkd_2dresolvconf_2dupdate_2epath
691056 0xA8B70 Unix path: /sys/devices/platform/serial8250/tty/ttyS8
702838 0xAB976 Unix path: /system.slice/libvirt-guests.service/control/cgroup.procs
704464 0xABFD0 Unix path: /lib/systemd/system/systemd-networkd.service
716400 0xAEE70 Unix path: /lib/systemd/system/whoopsie.service
719760 0xAFB90 Unix path: /lib/systemd/system/NetworkManager.service
728096 0xB1C20 Unix path: /lib/systemd/system/systemd-journal-flush.service
747552 0xB6820 Unix path: /lib/systemd/system/anacron.service
754152 0xB81E8 Unix path: /org/freedesktop/systemd1/unit/ssh_2eservice
758608 0xB9350 Unix path: /lib/systemd/system/snapd.system-shutdown.service
767632 0xBB690 Unix path: /lib/systemd/system/cups.service
780960 0xBEAA0 Unix path: /lib/systemd/system/systemd-ask-password-console.service
787952 0xC05F0 Unix path: /var/lib/systemd/timers/stamp-apt-daily.timer
805840 0xC4BD0 Unix path: /sys/devices/platform/serial8250/tty/ttyS1
824528 0xC94D0 Unix path: /lib/systemd/system/polkitd.service
829184 0xCA700 Unix path: /var/run/libvirt/virtlockd-sock
852640 0xD02A0 Unix path: /lib/systemd/system/wpa_supplicant.service
920192 0xE0A80 Unix path: /lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf
926768 0xE2430 Unix path: /lib/systemd/system/systemd-remount-fs.service
928678 0xE2BA6 Unix path: /www.freedesktop.org/wiki/Software/systemd/APIFileSystems
935698 0xE4712 Unix path: /var/run/libvirt/virtlogd-sock
941280 0xE5CE0 Unix path: /run/user/1000/gvfs
951776 0xE85E0 Unix path: /lib/systemd/system/systemd-ask-password-plymouth.path
965344 0xEBAE0 Unix path: /lib/systemd/system/network-pre.target
977232 0xEE950 Unix path: /lib/systemd/system/local-fs.target
978448 0xEEE10 Unix path: /lib/systemd/system/acpid.service
997168 0xF3730 Unix path: /org/freedesktop/systemd1/job
1000144 0xF42D0 Unix path: /org/freedesktop/DBus/Local
1009960 0xF6928 Unix path: /org/freedesktop/systemd1/unit/upstart_2eservice
1011488 0xF6F20 Unix path: /org/freedesktop/systemd1/unit
1015160 0xF7D78 Unix path: /usr/lib/snapd/system-shutdown /run/initramfs/shutdown
1023504 0xF9E10 Unix path: /lib/systemd/system/-.slice
1034922 0xFCAAA Unix path: /var/run/dbus/system_bus_socket
1038094 0xFD70E Unix path: /systemd/system.slice/virtualbox.service/control/cgroup.procs
1048768 0x1000C0 Unix path: /lib/systemd/system/alsa-state.service
1055520 0x101B20 Unix path: /lib/systemd/system/multi-user.target
1067416 0x104998 Unix path: /org/freedesktop/DBus/Lo
1072032 0x105BA0 Unix path: /lib/systemd/system/emergency.service
1112368 0x10F930 Unix path: /lib/systemd/system/final.target
1116930 0x110B02 Unix path: /var/run/avahi-daemon/socket
1125248 0x112B80 Unix path: /var/cache/cups/org.cups.cupsd
1192416 0x1231E0 Unix path: /lib/systemd/system/systemd-networkd-resolvconf-update.service
1224416 0x12AEE0 Unix path: /sys/devices/virtual/net/virbr0
1257440 0x132FE0 Unix path: /sys/devices/platform/serial8250/tty/ttyS26
1270528 0x136300 Unix path: /run/systemd/system/session-c2.scope.d/50-TasksMax.conf
1296392 0x13C808 Unix path: /org/freedesktop/systemd1/unit/systemd_2djournald_2ddev_2dlog_2esocket
1313008 0x1408F0 Unix path: /lib/systemd/system/unattended-upgrades.service
1316048 0x1414D0 Unix path: /lib/systemd/system/cgmanager.service
1329440 0x144920 Unix path: /var/run/cups/cups.sock
1333264 0x145810 Unix path: /var/lib/systemd/timers
1341872 0x1479B0 Unix path: /var/lib/systemd/random-seed
1347936 0x149160 Unix path: /var/run/avahi-daemon/socket
1355136 0x14AD80 Unix path: /lib/systemd/system/colord.service
1370976 0x14EB60 Unix path: /usr/local/lib/modules-load.d
1380098 0x150F02 Unix path: /var/run/avahi-daemon/socket
1390016 0x1535C0 Unix path: /var/lib/systemd/timers
1396056 0x154D58 Unix path: /org/freedesktop/systemd1/unit/ssh_2eservice
1397984 0x1554E0 Unix path: /dev/disk/by-path/pci-0000:00:1f.2-ata-1-part5
1403328 0x1569C0 Unix path: /lib/systemd/system/sockets.target
1403872 0x156BE0 Unix path: /dev/disk/by-path/pci-0000:00:1f.2-ata-1-part5
1418816 0x15A640 Unix path: /lib/systemd/system/systemd-fsck-root.service
1452056 0x162818 Unix path: /org/freedesktop/systemd1/unit/ssh_2eservice
1615352 0x18A5F8 Unix path: /org/freedesktop/DBus/Local
18935808 0x120F000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18948096 0x1212000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18972672 0x1218000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18984960 0x121B000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
18997248 0x121E000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (GNU/Linux)
19042304 0x1229000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19070976 0x1230000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19087360 0x1234000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19099648 0x1237000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19111936 0x123A000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19165184 0x1247000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19177472 0x124A000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19267584 0x1260000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19279872 0x1263000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19292160 0x1266000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19312640 0x126B000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19314167 0x126B5F7 mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: 8bit
19517440 0x129D000 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
19518576 0x129D470 Unix path: /build/linux-hVVhWi/linux-4.4.0/arch/x86/entry/vdso/vclock_gettime.c
I have not added this file manually. I don't know how that file was created on the system. Is my system infected or does Ubuntu write these kinds of files automatically?
How can I check how that file was created & what that file is doing there?
