VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:40
Behavior list
Basic Information
MD5:346cc4348b737c0d97fb4d28aaec1665
file type:ELF32
Production company:
version:
Shell or compiler information:
Process behavior
Behavior description:装载新程序
details:execve: /tmp/bin/****.elf
execve:
execve: -c sed -i -e '/exit/d' /etc/rc.local
execve: -c sed -i -e '/996E.elf reboot/d' /etc/rc.local
execve: -c sed -i -e '2 i/tmp/bin/****.elf reboot' /etc/rc.local
execve: -c sed -i -e '2 i/tmp/bin/****.elf reboot start' /etc/rc.d/rc.local
execve: -c sed -i -e '2 i/tmp/bin/****.elf reboot start' /etc/init.d/boot.local
Behavior description:进程结束
details:procexit status=0
procexit status=512
Behavior description:clone系统调用
details:clone: nil (PID=2406)
clone: nil (PID=2407)
clone: nil (PID=2408)
clone: nil (PID=2410)
clone: nil (PID=2411)
clone: nil (PID=2412)
clone: nil (PID=2413)
clone: nil (PID=2414)
clone: nil (PID=2415)
clone: nil (PID=2416)
clone: nil (PID=2417)
clone: nil (PID=2418)
clone: nil (PID=2419)
clone: nil (PID=2420)
File behavior
Behavior description:修改文件
details:write: path=/etc/sedNlqQ1W, size=13
write: path=/etc/sedNlqQ1W, size=2
write: path=/etc/sedNlqQ1W, size=11
write: path=/etc/sedNlqQ1W, size=65
write: path=/etc/sedNlqQ1W, size=18
write: path=/etc/sedNlqQ1W, size=70
write: path=/etc/sedNlqQ1W, size=8
write: path=/etc/sedNlqQ1W, size=39
write: path=/etc/sedNlqQ1W, size=1
write: path=/etc/sedIK3Hs0, size=13
write: path=/etc/sedIK3Hs0, size=2
write: path=/etc/sedIK3Hs0, size=11
write: path=/etc/sedIK3Hs0, size=65
write: path=/etc/sedIK3Hs0, size=18
write: path=/etc/sedIK3Hs0, size=70
Behavior description:读取文件
details:read: path=/lib/x86_64-linux-gnu/libc.so.6, size=832
read: path=/lib/x86_64-linux-gnu/libselinux.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libpcre.so.3, size=832
read: path=/lib/x86_64-linux-gnu/libdl.so.2, size=832
read: path=/proc/filesystems, size=347
read: path=/proc/filesystems, size=0
read: path=/etc/rc.local, size=306
read: path=/etc/rc.local, size=0
read: path=/etc/rc.local, size=233
read: path=/proc/net/dev, size=569
read: path=/proc/stat, size=731
read: path=/dev/urandom, size=102400
read: path=/etc/resolv.conf, size=192
read: path=/etc/resolv.conf, size=0
Behavior description:打开文件
details:open: path=/etc/ld.so.cache, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libc.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libselinux.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libpcre.so.3, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libdl.so.2, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/proc/filesystems, flags=O_RDONLY, mode=0
open: path=/etc/rc.local, flags=O_RDONLY, mode=0
open: path=/etc/sedNlqQ1W, flags=O_EXCL|O_CREAT|O_RDWR, mode=0
open: path=/etc/sedIK3Hs0, flags=O_EXCL|O_CREAT|O_RDWR, mode=0
open: path=/etc/sedGdMhR0, flags=O_EXCL|O_CREAT|O_RDWR, mode=0
open: path=/dev/urandom, flags=O_RDONLY, mode=0
open: path=/proc/net/dev, flags=O_EXCL|O_RDONLY, mode=0
open: path=/proc/stat, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/proc/stat, flags=O_RDONLY, mode=0
open: path=/etc/resolv.conf, flags=O_RDONLY, mode=0
Network behavior
Behavior description:收发TCP数据包
details:192.168.0.** -> 114.215.149.67 TCP 76 38245 > 2017 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=11189 TSecr=0 WS=128
114.215.149.67 -> 192.168.0.** TCP 56 2017 > 38245 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
192.168.0.** -> 114.215.149.67 TCP 76 38246 > 2017 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=12439 TSecr=0 WS=128
114.215.149.67 -> 192.168.0.** TCP 56 2017 > 38246 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Behavior description:connect
details:connect: 192.168.0.**:38245->114.215.149.67:2017
connect: 192.168.0.**:38246->114.215.149.67:2017
Behavior description:创建套接字
details:socket: domain=2(AF_INET) type=2 proto=0
socket: domain=2(AF_INET) type=1 proto=0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号