VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:385cadb5bf47023975eba5eb7c4c93f1
file type:ELF64
Production company:
version:
Shell or compiler information:
Process behavior
Behavior description:装载新程序
details:execve: guestsession --session-id=4 --session-proto=2 --user root
execve: /tmp/bin/****.elf
Behavior description:进程结束
details:procexit status=0
procexit status=9
Behavior description:clone系统调用
details:clone: nil (PID=2105)
clone: nil (PID=2106)
clone: nil (PID=2107)
clone: nil (PID=2108)
clone: nil (PID=2111)
clone: nil (PID=2112)
clone: nil (PID=2113)
clone: nil (PID=2114)
clone: nil (PID=2115)
clone: nil (PID=2116)
clone: nil (PID=2117)
clone: nil (PID=2120)
clone: nil (PID=2121)
clone: nil (PID=2122)
clone: nil (PID=2123)
File behavior
Behavior description:修改文件
details:write: path=/dev/null, size=155
write: path=/dev/null, size=43
write: path=/dev/null, size=56
write: path=/dev/null, size=82
write: path=/dev/null, size=186
write: path=/dev/null, size=57
write: path=/dev/null, size=58
write: path=/dev/null, size=53
write: path=/dev/null, size=41
Behavior description:读取文件
details:read: path=/lib/x86_64-linux-gnu/libcrypt.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libdl.so.2, size=832
read: path=/lib/x86_64-linux-gnu/libpthread.so.0, size=832
read: path=/lib/x86_64-linux-gnu/librt.so.1, size=832
read: path=/lib/x86_64-linux-gnu/libc.so.6, size=832
read: path=/lib/x86_64-linux-gnu/libgcc_s.so.1, size=832
read: path=/etc/localtime, size=3519
read: path=/etc/localtime, size=2252
read: path=/etc/nsswitch.conf, size=475
read: path=/etc/nsswitch.conf, size=0
read: path=/lib/x86_64-linux-gnu/libnss_files.so.2, size=832
read: path=/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2, size=832
read: path=/etc/protocols, size=2932
Behavior description:打开文件
details:open: path=/etc/ld.so.cache, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libcrypt.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libdl.so.2, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libpthread.so.0, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/librt.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/lib/x86_64-linux-gnu/libc.so.6, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache, flags=O_RDONLY, mode=0
open: path=/dev/vboxuser, flags=O_RDWR, mode=0
open: path=/dev/null, flags=O_WRONLY, mode=0
open: path=/lib/x86_64-linux-gnu/libgcc_s.so.1, flags=O_RDONLY|O_CLOEXEC, mode=0
open: path=/etc/localtime, flags=O_RDONLY, mode=0
open: path=/etc/nsswitch.conf, flags=O_RDONLY, mode=0
open: path=/etc/ld.so.cache, flags=O_RDONLY, mode=0
open: path=/lib/x86_64-linux-gnu/libnss_files.so.2, flags=O_RDONLY, mode=0
open: path=/lib/x86_64-linux-gnu/libc.so.6, flags=O_RDONLY, mode=0
Network behavior
Behavior description:收发TCP数据包
details:192.168.0.** -> 11.11.11.100 TCP 76 58278 → 44344 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294951992 TSecr=0 WS=128
11.11.11.100 -> 192.168.0.** TCP 56 44344 → 58278 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Behavior description:connect
details:connect: 192.168.0.**:58278->11.11.11.100:44344
Behavior description:创建套接字
details:socket: domain=10(AF_INET6) type=2 proto=0
socket: domain=16(AF_ROUTE) type=3 proto=0
socket: domain=2(AF_INET) type=1 proto=6
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号